crans/crans_bcfg2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[secret, dhcp] La configuration d'un dhcp est entièrement automatisé

Browse source 
En particulier grâce à la génération des clefs omapi directement sur bcfg2
This commit is contained in:
Valentin Samir 2013-06-21 14:52:42 +02:00
parent 0b37a791f7
commit 49dd2f9c4d
5 changed files with 19 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

3
Bundler/isc-dhcp-server.xml
View file

@ -1,13 +1,10 @@
<Bundle name="isc-dhcp-server"> <Bundle name="isc-dhcp-server">
<Package name="isc-dhcp-server"/> <Package name="isc-dhcp-server"/>
<Package name="bind9utils"/>
<Service name="isc-dhcp-server"/> <Service name="isc-dhcp-server"/>
<Path type="directory" name="/etc/dhcp3/generated"/> <Path type="directory" name="/etc/dhcp3/generated"/>
<Path type="symlink" name="/etc/dhcp"/> <Path type="symlink" name="/etc/dhcp"/>
<Python name="/etc/dhcp3/dhcpd.conf"/> <Python name="/etc/dhcp3/dhcpd.conf"/>
<Python name="/etc/dhcp3/omapi.conf"/> <Python name="/etc/dhcp3/omapi.conf"/>
<Python name="/etc/dhcp3/dhcp-failover.conf"/> <Python name="/etc/dhcp3/dhcp-failover.conf"/>
<Path name="/etc/dhcp3/omapi_generate"/>
<Action name="omapi_key"/>
<!-- Conf générée par generate --> <!-- Conf générée par generate -->
</Bundle> </Bundle>

1
Bundler/secrets.xml
View file

@ -10,6 +10,7 @@
</Group> </Group>
<Python name="/etc/crans/secrets/slon.py"/> <Python name="/etc/crans/secrets/slon.py"/>
<Python name="/etc/crans/secrets/nols.py"/> <Python name="/etc/crans/secrets/nols.py"/>
<Python name="/etc/crans/secrets/dhcp.py"/>
<Python name="/etc/crans/secrets/README"/> <Python name="/etc/crans/secrets/README"/>
<!-- Il faut penser au setfacl sur le serveur de l'intranet2 (o2) --> <!-- Il faut penser au setfacl sur le serveur de l'intranet2 (o2) -->
<Group name="intranet2-server"> <Group name="intranet2-server">

6
Python/etc/crans/secrets/dhcp.py Normal file
View file

@ -0,0 +1,6 @@
info["perms"] = 0440
info["group"] = "adm"
import dhcp
print "dhcp_omapi_keyname = '%s'" % dhcp.dhcp_omapi_keyname
print "dhcp_omapi_keys = %s" % dhcp.dhcp_omapi_keys

14
Python/etc/dhcp3/omapi.conf
View file

@ -8,7 +8,17 @@ comment_start = "#"
header("Configuration pour omapi pour %s" % admhostname) header("Configuration pour omapi pour %s" % admhostname)
include("secrets") import dhcp
import os
import base64
if not dhcp.dhcp_omapi_keys.get(admhostname, False):
host = admhostname
key = base64.encodestring(os.urandom(64)).replace('\n','')
with open('/etc/crans/secrets/dhcp/dhcp.key', 'a+') as f:
f.write("%s %s\n" % (host, key))
f.close()
reload(dhcp)
print """ print """
omapi-port 9991; omapi-port 9991;
@ -18,4 +28,4 @@ key omapi_key {
}; };
omapi-key omapi_key; omapi-key omapi_key;
""" % secrets.dhcp_omapi_keys.get(admhostname, '') """ % dhcp.dhcp_omapi_keys.get(admhostname, '')

1
Rules/isc-dhcp-server.xml
View file

@ -6,6 +6,5 @@
<Path type="directory" name="/etc/dhcp3/dhclient-enter-hooks.d/" perms="0755" owner="root" group="root"/> <Path type="directory" name="/etc/dhcp3/dhclient-enter-hooks.d/" perms="0755" owner="root" group="root"/>
<Path type="directory" name="/etc/dhcp3/dhclient-exit-hooks.d/" perms="0755" owner="root" group="root"/> <Path type="directory" name="/etc/dhcp3/dhclient-exit-hooks.d/" perms="0755" owner="root" group="root"/>
<Path type="symlink" name="/etc/dhcp" to="/etc/dhcp3"/> <Path type="symlink" name="/etc/dhcp" to="/etc/dhcp3"/>
<Action name="omapi_key" timing="post" status="check" when="always" command="/etc/dhcp3/omapi_generate"/>
</Group> </Group>
</Rules> </Rules>