Version information
This version is compatible with:
- Puppet Enterprise 2023.8.x, 2023.7.x, 2023.6.x, 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x
- Puppet >= 7.0.0 < 9.0.0
- , , , ,
Start using this module
Add this module to your Puppetfile:
mod 'simp-simp_options', '1.10.0'Learn more about managing modules with a PuppetfileDocumentation
Table of Contents
- Overview
- Module Description - What the module does and why it is useful
- Setup - The basics of getting started with simp_options
- Usage - Configuration options and additional functionality
- Reference - An under-the-hood peek at what the module is doing and how
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
Overview
This module provides variables needed by one or more SIMP module.
This is a SIMP module
This module is a component of the System Integrity Management Platform, a compliance-management framework built on Puppet.
Most SIMP modules actively take advantage of this module when used within the SIMP ecosystem.
THIS MODULE IS ONLY DATA AND WILL NOT CHANGE YOUR SYSTEM
Module Description
The simp_options module primarily provides variables that are
- Enablers of capabilities provided or used by SIMP modules.
- Data that describes the configuration of a site.
- The scope of the data is larger than the scope of a single module.
0..nunrelated profiles might make use of this data.
Some of these variables support SIMP's security compliance reporting.
Setup
What simp_options affects
The variables provided by simp_options are used by SIMP modules to
enable and/or configure capabilities.
Beginning with simp_options
simp_options is configured for you when you run simp config on your SIMP
system. Otherwise, setup is simple: include the class as the first class in your
site.pp and select the desired capabilities through Hiera or your ENC.
NOTE
The environments/simp/hieradata/simp_defs.yaml file delivered with the
simp puppet module is an example file that can be used to create the
appropriate hieradata for your site.
Reference
See REFERENCE.md
Limitations
This module is applicable to SIMP systems or systems containing SIMP components.
Development
Please read our Contribution Guide.
Reference
Table of Contents
Classes
simp_options: Sets up variables that enable core SIMP capabilities or provide site configuration larger than the scope of a single modulesimp_options::dns: Sets up DNS configuration variablessimp_options::gid: Provides system-wide defaults for GID settingssimp_options::ldap: Sets up LDAP configuration variablessimp_options::ntp: Sets up NTP configuration variablessimp_options::ntpd: Sets up NTP configuration variablessimp_options::openssl: Sets up OpenSSL configuration variablessimp_options::openssl::params: Sets appropriate openssl cipher suite based on whether FIPS-mode issimp_options::pki: Sets up global PKI configuration variablessimp_options::puppet: Sets up Puppet configuration variablessimp_options::rsync: Sets uprsyncconfiguration variablessimp_options::syslog: Sets upsyslogconfiguration variablessimp_options::uid: Provides system-wide defaults for UID settings
Classes
simp_options
Sets up variables that enable core SIMP capabilities or provide site configuration larger than the scope of a single module
Parameters
The following parameters are available in the simp_options class:
auditdclamavfipsfirewallhavegedipseckerberosldaplogrotatepamauthselectpkisssdstunnelsyslogtcpwrapperstrusted_netspackage_ensurelibkv
auditd
Data type: Boolean
Include SIMP's auditd class and add audit rules pertinent to each
application
Default value: false
clamav
Data type: Boolean
Deprecated - DO NOT USE
Default value: false
fips
Data type: Boolean
Enable FIPS mode for the system
This parameter enforces strict compliance with FIPS-140-2.
All core SIMP modules can support this configuration. It is important that
you know the security tradeoffs of FIPS-140-2 compliance.
FIPS mode disables the use of MD5 and may require weaker ciphers or
key lengths than your security policies allow.
@see http://simp.readthedocs.io/en/stable/security_mapping/components/simp/cryptographic_protection/control.html SIMP - Security Control Mapping Cryptographic Protection
Default value: false
firewall
Data type: Boolean
Indicate that you want to load the native SIMP firewall management subsystem
Default value: false
haveged
Data type: Boolean
Include the haveged class to ensure adequate entropy for key
generation
@see http://simp.readthedocs.io/en/stable/getting_started_guide/Installation_Options/ISO/ISO_Build/Environment_Preparation.html?highlight=haveged SIMP - Getting Started Environment Preparation
Default value: false
ipsec
Data type: Boolean
Include SIMP's ipsec class, libreswan, and add rules pertinent to
each application
Default value: false
kerberos
Data type: Boolean
Include the SIMP's Kerberos class, krb5, and to use Kerberos in
applicable modules
Default value: false
ldap
Data type: Boolean
Encourage modules to use LDAP support where possible
Default value: false
logrotate
Data type: Boolean
Include SIMP's logrotate class and add rules pertinent to each
application
Default value: false
pam
Data type: Boolean
Include SIMP's pam class SIMP to manage PAM
Default value: false
authselect
Data type: Boolean
The dconf, pam, and nsswitch modules will be configured to work with a system leveraging authselect
Default value: false
pki
Data type: Variant[Boolean,Enum['simp']]
Include SIMP's pki class and use pki::copy to distribute PKI
certificates to the correct locations
- If
false, don't include SIMP'spkiclass, and don't usepki::copy - If
true, don't include SIMP'spkiclass, but do usepki::copy - If
simp, include SIMP'spkiclass, and usepki::copy
Default value: false
sssd
Data type: Boolean
Enable SSSD support where possible
Default value: false
stunnel
Data type: Boolean
Include SIMP's stunnel class and use it to secure server-to-server
communications in applicable modules
Default value: false
syslog
Data type: Boolean
Include SIMP's rsyslog class and configure RSyslog application hooks
Default value: false
tcpwrappers
Data type: Boolean
Whether to include SIMP's tcpwrappers class and use
tcpwrappers::allow to permit the application to the subnets in
$simp_options::trusted_nets
Default value: false
trusted_nets
Data type: Simplib::Netlist
Subnets to permit, in CIDR notation
- If you need this to be more (or less) restrictive for a given class, you can override it for the specific class via that class' parameters.
Default value: ['127.0.0.1', '::1']
package_ensure
Data type: String
The default ensure parameter for packages
- Can be either
latestorinstalled
Default value: 'latest'
libkv
Data type: Boolean
Enable the libkv backend for some functions
Default value: false
simp_options::dns
Sets up DNS configuration variables
Parameters
The following parameters are available in the simp_options::dns class:
search
Data type: Array[String]
The DNS search list. Remember to put these in the appropriate order for your environment.
Default value: []
servers
Data type: Array[Simplib::Host]
The list of DNS servers for the managed hosts.
If the first entry of this list is set to 127.0.0.1, then all clients
will configure themselves as caching DNS servers pointing to the other
entries in the list.
If you are using the SIMP resolv module, and the system is a DNS server
using the SIMP named module but you wish to have your node point to a
different DNS server for primary DNS resolution, then you MUST set
resolv::named_server to true via Hiera.
This will get around the convenience logic that was put in place to handle the caching entries and will not attempt to convert your system to a caching DNS server.
Default value: []
simp_options::gid
Provides system-wide defaults for GID settings
Parameters
The following parameters are available in the simp_options::gid class:
min
Data type: Integer[0]
The lowest allowed regular user GID for the system
Default value: pick(fact('login_defs.gid_min'), 1000)
max
Data type: Optional[Integer[1]]
The highest allowed regular user GID for the system
- If not defined, applications should simply do what makes sense for them internally
Default value: fact('login_defs.gid_max')
simp_options::ldap
Some parameters have default values in simp_options/data/ldap.yaml, all
others must have a value specified via Hiera or your ENC.
Parameters
The following parameters are available in the simp_options::ldap class:
base_dn
Data type: String
The Base Distinguished Name of the LDAP server
Default value: simplib::ldap::domain_to_dn()
bind_dn
Data type: String
The LDAP Bind Distinguished Name
Default value: "cn=hostAuth,ou=Hosts,${base_dn}"
bind_pw
Data type: String
The LDAP Bind password
bind_hash
Data type: String
The salted LDAP Bind password hash
sync_dn
Data type: String
The LDAP Sync Distinguished Name
Default value: "cn=LDAPSync,ou=Hosts,${base_dn}"
sync_pw
Data type: String
The LDAP Sync password
sync_hash
Data type: String
The LDAP Sync password hash
root_dn
Data type: String
The LDAP Root Distinguished Name
Default value: "cn=LDAPAdmin,ou=People,${base_dn}"
master
Data type: Simplib::URI
The LDAP master in URI form (ldap://server)
Default value: $simp_options::puppet::server ? { undef => undef, default => "ldap://${simp_options::puppet::server}"
uri
Data type: Array[Simplib::URI]
The list of OpenLDAP servers in URI form (ldap://server)
Default value: $master ? { undef => undef, default => [$master]
simp_options::ntp
@example A hash of servers { 'ntp1.example.com' => [ 'minpoll 3', 'maxpoll 6', ], 'ntp2.example.com' => [ 'iburst', 'minpoll 4', 'maxpoll 8', ] }
Examples
An array of servers
[
'ntp1.example.com',
'ntp2.example.com',
]
Parameters
The following parameters are available in the simp_options::ntp class:
servers
Data type: Variant[Hash[Simplib::Host, Array[String[1]]], Array[Simplib::Host]]
The NTP time servers for the network and, optionally, configuration for the daemons that communicate with them.
A consistent time source is critical to your systems' security. DO NOT run multiple production systems using individual hardware clocks!
Default value: []
simp_options::ntpd
Sets up NTP configuration variables
Parameters
The following parameters are available in the simp_options::ntpd class:
servers
Data type: Array[Simplib::Host]
DEPRECATED Use simp_options::ntp instead. The list of NTP time servers for the network. A consistent time source is critical to your systems' security. DO NOT run multiple production systems using individual hardware clocks!
Default value: []
simp_options::openssl
Sets up OpenSSL configuration variables
- See also
- https://wiki.openssl.org/index.php/Command_Line_Utilities#ciphers
- OpenSSL Ciphers Command
- https://wiki.openssl.org/index.php/Command_Line_Utilities#ciphers
Parameters
The following parameters are available in the simp_options::openssl class:
cipher_suite
Data type: Array[String]
The default ciphers to use in openssl.
Default value: $::simp_options::openssl::params::cipher_suite
simp_options::openssl::params
desired or the system is already in FIPS mode.
simp_options::pki
Sets up global PKI configuration variables
Parameters
The following parameters are available in the simp_options::pki class:
source
Data type: Stdlib::Absolutepath
The source location for PKI certificates. This is the source directory for pki::copy.
Default value: '/etc/pki/simp/x509'
simp_options::puppet
Sets up Puppet configuration variables
Parameters
The following parameters are available in the simp_options::puppet class:
server
Data type: Optional[Simplib::Host]
The Hostname or FQDN of the Puppet server
Default value: undef
ca
Data type: Optional[Simplib::Host]
The Puppet Certificate Authority
Default value: undef
ca_port
Data type: Simplib::Port
The port on which the Puppet Certificate Authority will listen
Default value: $server_distribution ? { 'PE' => $facts['puppet_settings']['agent']['ca_port'], default => 8141
server_distribution
Data type: Simplib::Serverdistribution
The server distribution being used, PC1 or PE.
Default value: (('pe_build' in $facts) or $facts['is_pe']) ? { true => 'PE', default => 'PC1'
simp_options::rsync
Sets up rsync configuration variables
Parameters
The following parameters are available in the simp_options::rsync class:
server
Data type: Simplib::Host
Server to use for the simp::rsync_server class.
This class is used by several SIMP modules to efficiently synchronize large
data files using rsync over stunnel.
The default value of 127.0.0.1 is appropriate for rsync over stunnel.
Default value: '127.0.0.1'
timeout
Data type: Integer
rsync connection timeout in seconds
Default value: 1
simp_options::syslog
Sets up syslog configuration variables
Parameters
The following parameters are available in the simp_options::syslog class:
log_servers
Data type: Array[Simplib::Host]
The log servers to receive forwarded logs
Default value: []
failover_log_servers
Data type: Array[Simplib::Host]
Failover log servers in case your log servers fail
Default value: []
simp_options::uid
Provides system-wide defaults for UID settings
Parameters
The following parameters are available in the simp_options::uid class:
min
Data type: Integer[0]
The lowest allowed regular user UID for the system
Default value: pick(fact('login_defs.uid_min'), 1000)
max
Data type: Optional[Integer[1]]
The highest allowed regular user UID for the system
- If not defined, applications should simply do what makes sense for them internally
Default value: fact('login_defs.uid_max')
- Mon Oct 23 2023 Steven Pritchard steve@sicura.us - 1.10.0
- [puppetsync] Add EL9 support
- Wed Oct 11 2023 Steven Pritchard steve@sicura.us - 1.9.0
- [puppetsync] Updates for Puppet 8
- These updates may include the following:
- Update Gemfile
- Add support for Puppet 8
- Drop support for Puppet 6
- Update module dependencies
- These updates may include the following:
- Wed Aug 23 2023 Steven Pritchard steve@sicura.us - 1.8.0
- Add AlmaLinux 8 support
- Mon Jun 12 2023 Chris Tessmer chris.tessmer@onyxpoint.com - 1.7.0
- Add RockyLinux 8 support
- Tue May 16 2023 Mike Riddle mike@sicura.us - 1.6.1
- Added the authselect parameter
- Thu Jun 17 2021 Chris Tessmer chris.tessmer@onyxpoint.com - 1.6.0
- Removed support for Puppet 5
- Ensured support for Puppet 7 in requirements and stdlib
- Tue Feb 02 2021 Liz Nemsick lnemsick.simp@gmail.com - 1.5.0
- Added simp_options::ntp for more generalized configuration of ntpd and chronyd
- Deprecated simp_options::ntpd
- Sat Dec 19 2020 Chris Tessmer chris.tessmer@onyxpoint.com - 1.5.0
- Removed EL6 support
- Wed Sep 16 2020 Liz Nemsick lnemsick.simp@gmail.com - 1.4.1-0
- Advertise OEL8 support in the metadata.json.
- Tue Oct 29 2019 Jeanne Greulich jeannegreulich@onyxpoint.com - 1.4.0-0
- This change marks the clamav catalyst as deprecated.
- As of SIMP 6.5, SIMP's
clamavclass is no longer included in the class list of the SIMP scenarios. So, this catalyst is not needed to disable it. - To have SIMP manage
ClamAVon your system, add theclamavclass to your system's class list. - See the SIMP
clamavmodule README for information on managingClamAV.
- As of SIMP 6.5, SIMP's
- Tue Sep 03 2019 Trevor Vaughan tvaughan@onyxpoint.com - 1.4.0-0
- Reformatted some documentation
- The following are now optional:
- simp_options::puppet::server
- simp_options::puppet::ca
- These are no longer required at all times due to support for Bolt. Code that used these parameters will correctly fail and require users to add them to their configuration.
- Updated simp_options::ldap to require the 'master' and 'uri' parameters if simp_options::puppet::server is not defined.
- Fixed PE detection in simp_options::puppet::server_distribution
- Add support for simplib < 5
- Thu Jun 06 2019 Steven Pritchard steven.pritchard@onypoint.com - 1.3.0-0
- Add v2 compliance_markup data
- Drop Puppet 4 support
- Add Puppet 6 support
- Add support for puppetlabs-stdlib 6
- Wed May 29 2019 Trevor Vaughan tvaughan@onyxpoint.com - 1.2.4-0
- Clarify the note in
simp_options::dns
- Tue Mar 19 2019 Liz Nemsick lnemsick.simp@gmail.com - 1.2.3-0
- Use simplib::validate_net_list in lieu of deprecated Puppet 3 validate_net_list
- Use simplib::validate_uri_list in lieu of deprecated Puppet 3 validate_uri_list
- Thu Mar 07 2019 Liz Nemsick lnemsick.simp@gmail.com - 1.2.2-0
- Update the upper bound of stdlib to < 6.0.0
- Update a URL in the README.md
- Wed Nov 07 2018 Liz Nemsick lnemsick.simp@gmail.com - 1.2.1-0
- Update badges and contribution guide URL in README.md
- Fri Aug 24 2018 Nick Miller nick.miller@onyxpoint.com - 1.2.1-0
- Add Puppet 5 and OEL Support
- Mon Apr 23 2018 Jeanne Greulich jeanne.greulich@onyxpoint.com - 1.2.0-0
- Removed simp_options::selinux. Conflicts between this setting and what was in the scenario class lists was causing unexpected results.
- Wed Dec 13 2017 Trevor Vaughan tvaughan@onyxpoint.com - 1.1.0-0
- Added simp_options::uid and simp_options::gid classes for ID limit consistency across the entire infrastructure
- Fri Nov 03 2017 Trevor Vaughan tvaughan@onyxpoint.com - 1.0.4-0
- Fix parameter issues in simp_options::ldap
- Fix PE support in simp_options::puppet
- Sat Apr 15 2017 Dylan Cochran dylan.cochran@onyxpoint.com - 1.0.3-0
- Add simp_options::libkv
- Update puppet requirement in metadata.json
- Wed Apr 12 2017 Dylan Cochran dylan.cochran@onyxpoint.com - 1.0.2-0
- Add simp_options::package_ensure
- Tue Feb 07 2017 Liz Nemsick lnemsick.simp@gmail.com - 1.0.1-0
- Removed simp_options::ldap::root_hash as this is not a global catalyst
- Wed Feb 01 2017 Nick Markowski nmarkowski@keywcorp.com - 1.0.1-0
- Updated ldap *_dn defaults to use simplib::domain_to_dn()
- Mon Jan 30 2017 Nick Miller nick.miller@onyxpoint.com - 1.0.1-0
- Added more strict Puppet and PE requirements, pinning to Puppet 4.7+ and PE 2016.4.0+
- Updated openssl::cipher_suite to be set to the fips_ciphers fact if it's available to expand the 'FIPS' shortcut, which causes issues with some applications (openldap)
- Fri Dec 30 2016 Dylan Cochran dylan.cochran@onyxpoint.com - 1.0.1-0
- Add simp_options::puppet::server_distribution
- Fri Dec 02 2016 Liz Nemsick lnemsick.simp@gmail.com - 1.0.0-0
- Initial version
Dependencies
- puppetlabs/stdlib (>= 8.0.0 < 10.0.0)
- simp/simplib (>= 4.9.0 < 5.0.0)
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright {yyyy} {name of copyright owner}
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.