crans/crans_bcfg2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

On stabilise le plugin Python en virant toute occurrence de print.

Browse source 
* Désolé. \o/
This commit is contained in:
Pierre-Elliott Bécue 2015-05-14 07:19:56 +02:00
parent 2c27a030ee
commit 4b36a51d99
102 changed files with 513 additions and 703 deletions
Download patch file Download diff file Expand all files Collapse all files

14
Python/etc/apt/sources.list
View file

@ -13,15 +13,15 @@ distro = metadata.categories["debian-version"]
repo = "ftp://mirror.adm.crans.org"
def source(args):
print "deb " + args
print "deb-src " + args
print
out("deb %s" % (args,))
out("deb-src %s" % (args,))
out()
components = "main"
customcomponents = "main"
if has("non-free"):
components = "main contrib non-free"
if has("ovh") or has("soyouz"):
@# Dépôt classique
source("ftp://mir1.ovh.net/debian/ %s %s" % (distro, components))
@ -29,13 +29,13 @@ if has("ovh") or has("soyouz"):
source("ftp://mir1.ovh.net/debian/ %s-updates %s" % (distro, components))
@# Mises à jour de sécurité
source("ftp://security.debian.org/debian-security %s/updates %s" % (distro, components))
@# Paquets construits à la main
source("%s/custom %s %s" % (repo, distro, customcomponents))
else:
source("%s/debian-security %s/updates %s" % (repo, distro, components))
@# Dépôt classique
source("%s/debian %s %s" % (repo, distro, components))
@# Dépôt pour mises à jour fréquentes (volatile)

2
Python/etc/arpwatch.conf
View file

@ -22,4 +22,4 @@ info["mode"] = 0644
include("arpwatch")
for vlan in watched_vlans:
iface = 'eth0.%d' % vlan
print("%s -m root@crans.org" % iface)
out("%s -m root@crans.org" % (iface,))

4
Python/etc/auto.master
View file

@ -4,9 +4,9 @@ header("Définition des points de montage pour autofs.")
def mount(mntpoint, script, timeout=None):
if timeout is not None:
print mntpoint, script, '-t%s' % timeout
out("%s %s -t%s" % (mntpoint, script, timeout))
else:
print mntpoint, script
out("%s %s" % (mntpoint, script))
if has("home") and not has("home-permanent"):
mount("/home", "/etc/auto.home", 600)

2
Python/etc/backuppc/config.pl
View file

@ -1257,7 +1257,7 @@ info["mode"] = 0600
@#
@#$Conf{RsyncdPasswd} = '';
@
print "$Conf{RsyncdPasswd} = '%s';" % secrets.backuppc_RsyncdPasswd
out("$Conf{RsyncdPasswd} = '%s';" % (secrets.backuppc_RsyncdPasswd,))
@
@#
@# Whether authentication is mandatory when connecting to the client's

8
Python/etc/backuppc/hosts
View file

@ -6,11 +6,11 @@ info["owner"] = "backuppc"
info["group"] = "adm"
info["mode"] = 0640
def backuppc_hosts(comment, hostslist):
print "# %s" % comment
def backuppc_hosts(commentaire, hostslist):
comment(commentaire)
for host in hostslist:
print '%s 0 backuppc' % host
print ''
out('%s 0 backuppc' % (host,))
out()
@#============================================================= -*-perl-*-
@#

2
Python/etc/bind/db.fake
View file

@ -29,4 +29,4 @@ header("Zone du dns menteur pour accueil")
for ip in config.accueil_route.keys():
if 'hosts' in config.accueil_route[ip].keys():
for host in config.accueil_route[ip]['hosts']:
print "%s IN A %s" % (host,ip)
out("%s IN A %s" % (host, ip))

22
Python/etc/bind/db.loppsi.crans.org
View file

@ -12,16 +12,16 @@ header("Zone du dns menteur")
@$TTL 3600 ; 1 hour
@@ IN SOA sable.crans.org. root.crans.org. (
print """ 2386410401 ; serial
21600 ; refresh (6 hours)
3600 ; retry (1 hour)
1209600 ; expire (2 weeks)
3600 ; minimum (1 hour)
)
NS sable.crans.org.
"""
@ 2386410401 ; serial
@ 21600 ; refresh (6 hours)
@ 3600 ; retry (1 hour)
@ 1209600 ; expire (2 weeks)
@ 3600 ; minimum (1 hour)
@ )
@ NS sable.crans.org.
@
print "archive.ubuntu.com CNAME charybde.crans.org."
print "*.archive.ubuntu.com CNAME charybde.crans.org."
@archive.ubuntu.com CNAME charybde.crans.org.
@*.archive.ubuntu.com CNAME charybde.crans.org.
print "teredo.ipv6.microsoft.com CNAME ."
@teredo.ipv6.microsoft.com CNAME .

18
Python/etc/bind/db.rpz.crans.org
View file

@ -12,13 +12,13 @@ header("Zone pour la response policy pour les utilisateur courant")
@$TTL 3600 ; 1 hour
@@ IN SOA sable.crans.org. root.crans.org. (
print """ 2386410401 ; serial
21600 ; refresh (6 hours)
3600 ; retry (1 hour)
1209600 ; expire (2 weeks)
3600 ; minimum (1 hour)
)
NS sable.crans.org.
"""
@ 2386410401 ; serial
@ 21600 ; refresh (6 hours)
@ 3600 ; retry (1 hour)
@ 1209600 ; expire (2 weeks)
@ 3600 ; minimum (1 hour)
@ )
@ NS sable.crans.org.
@
print "teredo.ipv6.microsoft.com CNAME ."
@teredo.ipv6.microsoft.com CNAME .

6
Python/etc/bind/named.conf.local
View file

@ -17,7 +17,7 @@ class print_idented(object):
def __init(self):
pass
def p(self, str):
print '%s%s' % (' '*ident, str)
out('%s%s' % (' '*ident, str))
class view(print_idented):
def __init__(self, name, match_client=None):
@ -121,11 +121,11 @@ with view("default-view", "any") as v:
z.p(' %s;' % f)
z.p('};')
print """
out("""
// bricoles de config en plus
include "/etc/bind/rndc.key";
controls {
inet 127.0.0.1 allow { 127.0.0.1; } keys { "key"; };
};
"""
""")

2
Python/etc/bind/named.conf.notify
View file

@ -11,7 +11,7 @@ header("Options de Bind9")
import config.dns
def notify(ips):
print " also-notify { \n %s;\n };" % ';\n '.join(ips)
out(" also-notify { \n %s;\n };" % (';\n '.join(ips),))
allowed = set()

22
Python/etc/bind/named.conf.options
View file

@ -13,16 +13,16 @@ import config.dns
comment("Listes d'acces")
if has("vlan-isolement"):
print 'acl "isolement" { %s; };' % '; '.join(config.NETs['isolement'])
out('acl "isolement" { %s; };' % ('; '.join(config.NETs['isolement']),))
if has("vlan-radin"):
print 'acl "radins" { %s; };' % '; '.join(config.NETs['gratuit'])
out('acl "radins" { %s; };' % ('; '.join(config.NETs['gratuit']),))
if has("vlan-accueil"):
print 'acl "accueil" { %s; };' % '; '.join(config.NETs['accueil'])
out('acl "accueil" { %s; };' % ('; '.join(config.NETs['accueil']),))
if has("vlan-ens"):
print 'acl "appartement" { %s; };' % '; '.join(config.NETs['personnel-ens'] + config.prefix['personnel-ens'])
print 'acl "crans" { %s; };' % '; '.join(config.prefix['fil'] + config.prefix['wifi'] + config.NETs['all'])
print 'acl "cransadm" { %s; };' % '; '.join(config.prefix['adm'] + config.NETs['adm'])
print 'acl "menteur" { %s; };' % '; '.join(config.dns.menteur_clients)
out('acl "appartement" { %s; };' % ('; '.join(config.NETs['personnel-ens'] + config.prefix['personnel-ens']),))
out('acl "crans" { %s; };' % ('; '.join(config.prefix['fil'] + config.prefix['wifi'] + config.NETs['all']),))
out('acl "cransadm" { %s; };' % ('; '.join(config.prefix['adm'] + config.NETs['adm']),))
out('acl "menteur" { %s; };' % ('; '.join(config.dns.menteur_clients),))
@options {
@ -40,8 +40,8 @@ if has("dns-recursif") or has("dns-forward-only"):
zones.append("accueil")
if has("vlan-isolement"):
zones.append("isolement")
print " allow-query-cache { %s; };" % '; '.join(zones)
print " allow-recursion { %s; };" % '; '.join(zones)
out(" allow-query-cache { %s; };" % ('; '.join(zones),))
out(" allow-recursion { %s; };" % ('; '.join(zones),))
@ recursive-clients 5000;
else:
@ -62,7 +62,7 @@ if has("dns-primary") or has("dns-tv"):
if allowed:
allowed = list(allowed)
allowed.sort()
print " %s;" % ';\n '.join(allowed)
out(" %s;" % (';\n '.join(allowed),))
@ };
@ allow-query { any; };
@ auth-nxdomain no; # conform to RFC1035
@ -75,7 +75,7 @@ if not has("dns-secondary-no-forward") and not has("dns-forward-only"):
@ // Ne pas modifier le commentaire de fin de ligne suivant,
@ // traitement automatique pour la connexion de secours
@ // (ligne decommentee automatiquement en mode secours)
print"// forwarders { %s; } ; #POUR SECOURS" % config.dns.secours_relay
out("// forwarders { %s; } ; #POUR SECOURS" % (config.dns.secours_relay,))
if has("dnssec-validation"):
@ dnssec-enable yes;

2
Python/etc/bind/rndc.key
View file

@ -11,6 +11,6 @@ info["mode"] = 0640
@
@key "key" {
@ algorithm hmac-md5;
print ' secret "%s";' % secrets.rndc_key
out(' secret "%s";' % (secrets.rndc_key,))
@};

2
Python/etc/crans/secrets/README
View file

@ -1,2 +1,2 @@
info["mode"] = 0640
print file("/etc/crans/secrets/README").read()
_out(open("/etc/crans/secrets/README", "r").read())

4
Python/etc/crans/secrets/dhcp.py
View file

@ -6,5 +6,5 @@ else:
info["group"] = "adm"
import dhcp
print "dhcp_omapi_keyname = '%s'" % dhcp.dhcp_omapi_keyname
print "dhcp_omapi_keys = %s" % dhcp.dhcp_omapi_keys
out("dhcp_omapi_keyname = '%s'" % (dhcp.dhcp_omapi_keyname,))
out("dhcp_omapi_keys = %s" % (dhcp.dhcp_omapi_keys,))

2
Python/etc/crans/secrets/icecast-token
View file

@ -2,4 +2,4 @@ info["mode"] = 0440
info["owner"] = "root"
info["group"] = "adm"
print file("/etc/crans/secrets/icecast-token").read()
_out(open("/etc/crans/secrets/icecast-token", "r").read())

2
Python/etc/crans/secrets/nols.py
View file

@ -1,3 +1,3 @@
info["mode"] = 0440
info["group"] = "adm"
print file("/etc/crans/secrets/nols.py").read()
_out(open("/etc/crans/secrets/nols.py", "r").read())

2
Python/etc/crans/secrets/privatekey_passphrase
View file

@ -4,4 +4,4 @@ if has("users") or has("2B"):
else:
info["owner"] = "root"
info["group"] = "adm"
print file("/etc/crans/secrets/privatekey_passphrase").read()
_out(open("/etc/crans/secrets/privatekey_passphrase", "r").read())

2
Python/etc/crans/secrets/rabbitmq_trigger_password
View file

@ -2,4 +2,4 @@ info["mode"] = 0440
info["owner"] = "root"
info["group"] = "adm"
print file("/etc/crans/secrets/rabbitmq_trigger_password").read()
_out(open("/etc/crans/secrets/rabbitmq_trigger_password", "r").read())

2
Python/etc/crans/secrets/rsyncd.secrets
View file

@ -1,4 +1,4 @@
# -*- coding: utf-8 -*-
info["mode"] = 0600
print file("/etc/crans/secrets/rsyncd.secrets").read()
_out(open("/etc/crans/secrets/rsyncd.secrets", "r").read())

2
Python/etc/crans/secrets/secrets.py
View file

@ -5,4 +5,4 @@ else:
info["owner"] = "root"
info["group"] = "adm"
print file("/etc/crans/secrets/secrets.py").read()
_out(open("/etc/crans/secrets/secrets.py", "r").read())

3
Python/etc/crans/secrets/slon.py
View file

@ -1,3 +1,4 @@
info["mode"] = 0440
info["group"] = "adm"
print file("/etc/crans/secrets/slon.py").read()
_out(open("/etc/crans/secrets/slon.py", "r").read())

2
Python/etc/crans/secrets/trigger-generate
View file

@ -2,4 +2,4 @@ info["mode"] = 0440
info["owner"] = "root"
info["group"] = "adm"
print file("/etc/crans/secrets/trigger-generate").read()
_out(open("/etc/crans/secrets/trigger-generate", "r").read())

2
Python/etc/crans/secrets/trigger-generate.pub
View file

@ -1,4 +1,4 @@
info["mode"] = 0444
info["owner"] = "root"
info["group"] = "adm"
print file("/etc/crans/secrets/trigger-generate.pub").read()
_out(open("/etc/crans/secrets/trigger-generate.pub", "r").read())

6
Python/etc/crans/services.py
View file

@ -15,8 +15,8 @@ for client in clients:
for group in client.groups:
groups_dict.setdefault(group, []).append(client.hostname.split('.', 1)[0])
print "services = {"
out("services = {")
for (group_name, clients) in groups_dict.iteritems():
clients.sort()
print " '%s': %s," % (group_name, clients)
print "}"
out(" '%s': %s," % (group_name, clients))
out("}")

8
Python/etc/crans/wgetrc_monit
View file

@ -8,8 +8,8 @@ include("secrets")
header("Config de wget pour récupérer le status des serveurs")
print """quiet=1
timeout=10
http-user=monit"""
print "http-password=" + secrets_new.get('monit_password')
@quiet=1
@timeout=10
@http-user=monit
out("http-password=%s" % (secrets_new.get('monit_password'),))

6
Python/etc/cron.d/check_cert
View file

@ -14,11 +14,9 @@ def check_cert(host='localhost', port=443, user="www-data", filename=None):
'filename': filename,
}
if filename:
print "43 7 * * * %(user)s /usr/scripts/utils/check_cert.py --filename %(filename)s" %\
params
out("43 7 * * * %(user)s /usr/scripts/utils/check_cert.py --filename %(filename)s" % params)
else:
print "42 7 * * * %(user)s /usr/scripts/utils/check_cert.py %(host)s %(port)s" %\
params
out("42 7 * * * %(user)s /usr/scripts/utils/check_cert.py %(host)s %(port)s" % params)
# Host specific
if has('https-server') or has('https_cert'):

12
Python/etc/cron.d/firewall
View file

@ -12,12 +12,12 @@ random.seed(admip())
header("Régénération du pare-feu")
min=random.randint(0,59)
print "# Regénération des règles MAC-IP du firewall"
print "%s 1 * * * root /usr/scripts/gestion/gen_confs/firewall4/firewall4.py test_mac_ip > /dev/null" % min
@# Regénération des règles MAC-IP du firewall
out("%s 1 * * * root /usr/scripts/gestion/gen_confs/firewall4/firewall4.py test_mac_ip > /dev/null" % (min,))
print "# Régénération des blacklists du firewall"
print "%s 2 * * * root /usr/scripts/gestion/gen_confs/firewall4/firewall4.py blacklists > /dev/null" % min
@# Régénération des blacklists du firewall
out("%s 2 * * * root /usr/scripts/gestion/gen_confs/firewall4/firewall4.py blacklists > /dev/null" % (min,))
if has("odlyd"):
print "# Base pour redonner un accès temporairement aux non réadhérents"
print "30 * * * * root /usr/sbin/ipset flush CONFIRMATION"
@# Base pour redonner un accès temporairement aux non réadhérents
@30 * * * * root /usr/sbin/ipset flush CONFIRMATION

2
Python/etc/cron.d/generate
View file

@ -12,4 +12,4 @@ random.seed(admip())
header("Régénération de la configuration des services")
min=random.randint(0,9)
print "%s-%s/10 * * * * root /usr/scripts/gestion/gen_confs/generate.py > /dev/null" % (min, 50+min)
out("%s-%s/10 * * * * root /usr/scripts/gestion/gen_confs/generate.py > /dev/null" % (min, 50+min))

4
Python/etc/cron.d/monit
View file

@ -33,7 +33,7 @@ data = {
# Si ce serveur possède un nfs, on génère le cron qui écrit dedans
if has_shared_scripts(metadata):
comment("Copie de `monit status` sur le nfs")
print cron_tpl_nfs % data
out(cron_tpl_nfs % data)
# Pour les autres serveurs, c'est le serveur autostatus qui récupère
if has('autostatus'):
@ -41,4 +41,4 @@ if has('autostatus'):
for client in metadata.query.all():
if not has_shared_scripts(client):
data['host'] = client.hostname.split('.', 1)[0]
print cron_tpl_nonfs % data
out(cron_tpl_nonfs % data)

4
Python/etc/cron.d/munin-crans
View file

@ -18,6 +18,6 @@ for group in metadata.groups:
header("""Commandes cron pour les plugins munin custom Cr@ns""")
if cron_lines:
print '\n\n'.join(cron_lines)
out('\n\n'.join(cron_lines))
else:
print '# Rien à voir ici...'
out('# Rien à voir ici...')

13
Python/etc/cron.d/munin-node
View file

@ -5,7 +5,8 @@ info["group"] = "root"
info["mode"] = 0644
header("Cronjob munin-node")
print """
out("""
MAILTO=root
# If the APT plugin is enabled, update packages databases approx. once
@ -13,21 +14,15 @@ MAILTO=root
# happen), but ensure that there will never be more than two hour (7200
# seconds) interval between updates..
"""
print """# J'ai trouve ce workaround sur :
# J'ai trouve ce workaround sur :
# http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687912
# le bugreport pretend que la derniere version de munin fix le probleme, mais non
# --
# 20-100, le 20/01/2013
MUNIN_PLUGSTATE=/var/lib/munin-node/plugin-state/root
"""
print """
# Quand on le fait trop vite, parfois la tache precedente n'a pas eu le temps
# de finir et donc la suivante crashe parce qu'elle n'arrive pas a prendre
# le lock
*/10 * * * * root if [ -x /etc/munin/plugins/apt_all ]; then /etc/munin/plugins/apt_all update 7200 12 >/dev/null; elif [ -x /etc/munin/plugins/apt ]; then /etc/munin/plugins/apt update 7200 12 >/dev/null; fi
"""
""")

4
Python/etc/cron.d/secours
View file

@ -6,8 +6,8 @@ info["mode"] = 0644
if has('connexion-secours-test'):
header("Teste la disponibilité de la connexion normale et passe en secours si besoin")
print "* * * * * root /usr/scripts/secours/secours.py test > /dev/null"
@* * * * * root /usr/scripts/secours/secours.py test > /dev/null
else:
header("Mise en place de la connexion de secours suivant l'état du maitre")
print "* * * * * root /usr/scripts/secours/secours.py > /dev/null"
@* * * * * root /usr/scripts/secours/secours.py > /dev/null

4
Python/etc/cron.d/sshFingerprint
View file

@ -12,6 +12,6 @@ include("ip")
@# On vérifie si les clef ssh de la machine ont changés. Si oui, on les mets à jours dans ldap
min=int(admip().split('.')[3])%60
print "%s 9 * * * root /usr/scripts/gestion/gen_confs/populate_sshFingerprint.py" % min
out("%s 9 * * * root /usr/scripts/gestion/gen_confs/populate_sshFingerprint.py" % (min,))
@# On met à jour le known_hosts global
print "%s 10 * * * root /usr/sbin/bcfg2 -b knownhosts -q" % min
out("%s 10 * * * root /usr/sbin/bcfg2 -b knownhosts -q" % (min,))

20
Python/etc/cron.daily/git_dirty_repo
View file

@ -12,21 +12,21 @@ default_from = "roots@crans.org"
default_to = "roots@crans.org"
if has("crans-nfs"):
print '%s --untracked-weekly --repository=/usr/scripts --from="%s" --to="%s"' % (notifier_path, default_from, default_to)
print '%s --untracked-weekly --repository=/usr/scripts/lc_ldap --from="%s" --to="%s"' % (notifier_path, default_from, default_to)
print '%s --untracked-weekly --repository=/usr/scripts/intranet --from="%s" --to="%s"' % (notifier_path, default_from, default_to)
print '%s --untracked-weekly --repository=/usr/scripts/wifi_new --from="%s" --to="%s"' % (notifier_path, default_from, default_to)
print '%s --untracked-weekly --repository=/usr/scripts/src/mac_ip --from="%s" --to="%s"' % (notifier_path, default_from, default_to)
print '%s --untracked-weekly --repository=/home/respbats/www/config --from="%s" --to="%s"' % (notifier_path, default_from, default_to)
out('%s --untracked-weekly --repository=/usr/scripts --from="%s" --to="%s"' % (notifier_path, default_from, default_to))
out('%s --untracked-weekly --repository=/usr/scripts/lc_ldap --from="%s" --to="%s"' % (notifier_path, default_from, default_to))
out('%s --untracked-weekly --repository=/usr/scripts/intranet --from="%s" --to="%s"' % (notifier_path, default_from, default_to))
out('%s --untracked-weekly --repository=/usr/scripts/wifi_new --from="%s" --to="%s"' % (notifier_path, default_from, default_to))
out('%s --untracked-weekly --repository=/usr/scripts/src/mac_ip --from="%s" --to="%s"' % (notifier_path, default_from, default_to))
out('%s --untracked-weekly --repository=/home/respbats/www/config --from="%s" --to="%s"' % (notifier_path, default_from, default_to))
if has("bcfg2"):
print '%s --untracked-weekly --repository=/var/lib/bcfg2 --from="%s" --to="%s"' % (notifier_path, default_from, default_to)
out('%s --untracked-weekly --repository=/var/lib/bcfg2 --from="%s" --to="%s"' % (notifier_path, default_from, default_to))
if has("vert"):
print '%s --untracked-weekly --repository=/root/cranspasswords --from="%s" --to="%s"' % (notifier_path, default_from, default_to)
out('%s --untracked-weekly --repository=/root/cranspasswords --from="%s" --to="%s"' % (notifier_path, default_from, default_to))
if has("news-server"):
print '%s --untracked-weekly --repository=/var/www --from="%s" --to="%s"' % (notifier_path, default_from, default_to)
out('%s --untracked-weekly --repository=/var/www --from="%s" --to="%s"' % (notifier_path, default_from, default_to))
if has("intranet2-server"):
print '%s --untracked-weekly --repository=/usr/local/django/intranet --from="%s" --to="%s"' % (notifier_path, default_from, default_to)
out('%s --untracked-weekly --repository=/usr/local/django/intranet --from="%s" --to="%s"' % (notifier_path, default_from, default_to))

2
Python/etc/cron.weekly/git_dirty_repo
View file

@ -12,4 +12,4 @@ default_from = "roots@crans.org"
default_to = "roots@crans.org"
if has("crans-nfs"):
print '%s --repository=/home/ca --from="%s" --to="%s"' % (notifier_path, default_from, "bureau@lists.crans.org")
out('%s --repository=/home/ca --from="%s" --to="%s"' % (notifier_path, default_from, "bureau@lists.crans.org"))

14
Python/etc/default/monit
View file

@ -7,11 +7,9 @@ info["mode"] = 0644
header('Demarrage de monit')
print """
# On lance monit automatiquement
START="yes"
MONIT_OPTS="-d 60"
"""
@
@# On lance monit automatiquement
@START="yes"
@
@MONIT_OPTS="-d 60"
@

4
Python/etc/default/mumudvb
View file

@ -36,10 +36,10 @@ for i in range(0,dernierecarte):
adapters=adapters[:-1]
print 'ADAPTERS="%s"' % adapters
out('ADAPTERS="%s"' % (adapters,))
@
@#Location of the config files
@#Ex : MUMUDVB_CONF_1="/etc/mumudvb/card1.conf"
for i in range(0,dernierecarte):
print 'MUMUDVB_CONF_%d="/etc/sat/carte%d.conf"' % (i,i)
out('MUMUDVB_CONF_%d="/etc/sat/carte%d.conf"' % (i, i))

2
Python/etc/default/slapd
View file

@ -40,7 +40,7 @@ slapd_services += ["ldap://%s/" % admip()]
if has("sable"):
slapd_services += ["ldaps://%s/" % pubip()]
print 'SLAPD_SERVICES="%s"' % ' '.join(slapd_services)
out('SLAPD_SERVICES="%s"' % (' '.join(slapd_services),))
@
@# Additional options to pass to slapd and slurpd
@SLAPD_OPTIONS=""

21
Python/etc/dhcp3/dhcp-failover.conf
View file

@ -12,21 +12,22 @@ include("ip")
import config
if len(config.dhcp_servers) > 2:
print "####################################################################"
print "## ATTENTION LA CONFIGURATION NE PEUT PAS GÉRER PLUS DE DEUX DHCP ##"
print "####################################################################"
@"####################################################################"
@"## ATTENTION LA CONFIGURATION NE PEUT PAS GÉRER PLUS DE DEUX DHCP ##"
@"####################################################################"
myip = admip()
herip = admipof([name for name in config.dhcp_servers if name != admhostname][0].split('.',1)[0])
print 'failover peer "dhcp-failover" {'
@failover peer "dhcp-failover" {
if has("dhcp-server-primary"):
print """ primary;
split 128;
mclt 3600;"""
@ primary;
@ split 128;
@ mclt 3600;
elif has("dhcp-server-secondary"):
print " secondary;"
print """ address %s;
@ secondary;
out(""" address %s;
port 647;
peer address %s;
peer port 647;
@ -34,4 +35,4 @@ print """ address %s;
max-unacked-updates 10;
load balance max seconds 3;
}
""" % (myip, herip)
""" % (myip, herip))

95
Python/etc/dhcp3/dhcpd.conf
View file

@ -13,51 +13,46 @@ import config.dns
instpar = has('ytrap-llatsni')
print """
#
# Sample configuration file for ISC dhcpd for Debian
#
# $Id: dhcpd.conf,v 1.1.1.1 2002/05/21 00:07:44 peloy Exp $
#
# The ddns-updates-style parameter controls whether or not the server will
# attempt to do a DNS update when a lease is confirmed. We default to the
# behavior of the version 2 packages ('none', since DHCP v2 didn't
# have support for DDNS.)
ddns-update-style none;"""
@#
@# Sample configuration file for ISC dhcpd for Debian
@#
@# $Id: dhcpd.conf,v 1.1.1.1 2002/05/21 00:07:44 peloy Exp $
@#
@
@# The ddns-updates-style parameter controls whether or not the server will
@# attempt to do a DNS update when a lease is confirmed. We default to the
@# behavior of the version 2 packages ('none', since DHCP v2 didn't
@# have support for DDNS.)
@ddns-update-style none;
@
if not instpar:
print """
include "/etc/dhcp3/omapi.conf";"""
@include "/etc/dhcp3/omapi.conf";
@
print """
# option definitions common to all supported networks...
option option-252 code 252 = text ;
option domain-search code 119 = text ;
option option-119 code 119 = text ;
# La pluspart de nos réseaux sont taggués, on utilise donc une mtu de 1500-4 octets
option interface-mtu 1496;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
"""
@# option definitions common to all supported networks...
@option option-252 code 252 = text ;
@option domain-search code 119 = text ;
@option option-119 code 119 = text ;
@# La pluspart de nos réseaux sont taggués, on utilise donc une mtu de 1500-4 octets
@option interface-mtu 1496;
@
@# If this DHCP server is the official DHCP server for the local
@# network, the authoritative directive should be uncommented.
if instpar:
print "authoritative;"
@authoritative;
else:
print "#authoritative;"
@#authoritative;
print """
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;"""
@# Use this to send dhcp log messages to a different log file (you also
@# have to hack syslog.conf to complete the redirection).
@log-facility local7;
if not instpar:
print """
include "/etc/dhcp3/dhcp-failover.conf";"""
@include "/etc/dhcp3/dhcp-failover.conf";
if has("vlan-radin"):
print """
out("""
# VLan gratuit
subnet 10.42.0.0 netmask 255.255.0.0 {
interface eth3;
@ -68,10 +63,10 @@ subnet 10.42.0.0 netmask 255.255.0.0 {
range 10.42.1.1 10.42.255.200;
failover peer "dhcp-failover";
}
}""" % ', '.join(config.dns.recursiv['gratuit'])
}""" % (', '.join(config.dns.recursiv['gratuit']),))
if has("vlan-accueil"):
print """
out("""
# VLan accueil
subnet 10.51.0.0 netmask 255.255.0.0 {
interface eth4;
@ -91,10 +86,10 @@ subnet 10.51.0.0 netmask 255.255.0.0 {
failover peer "dhcp-failover";
range 10.51.1.1 10.51.255.200;
}
}""" % ', '.join(config.dns.recursiv['accueil'])
}""" % (', '.join(config.dns.recursiv['accueil']),))
if has("vlan-isolement"):
print """
out("""
# VLan isolement
subnet 10.52.0.0 netmask 255.255.0.0 {
interface eth5;
@ -111,10 +106,10 @@ subnet 10.52.0.0 netmask 255.255.0.0 {
range 10.52.1.1 10.52.255.200;
}
}
""" % ', '.join(config.dns.recursiv['isolement'])
""" % (', '.join(config.dns.recursiv['isolement']),))
if not has("non-vlan-adherent") and not instpar:
print """
out("""
# Vlan des adhérents
subnet 138.231.136.0 netmask 255.255.248.0 {
interface eth0;
@ -137,10 +132,10 @@ subnet 138.231.136.0 netmask 255.255.248.0 {
include "/etc/dhcp3/generated/adherents.liste";
}
""" % ', '.join(config.dns.recursiv['fil'])
""" % (', '.join(config.dns.recursiv['fil']),))
if has("vlan-wifi"):
print """
out("""
# Vlan des wifi
subnet 138.231.144.0 netmask 255.255.248.0 {
interface eth2;
@ -160,10 +155,10 @@ subnet 138.231.144.0 netmask 255.255.248.0 {
deny unknown-clients;
include "/etc/dhcp3/generated/wifi.liste";
}""" % ', '.join(config.dns.recursiv['wifi'])
}""" % (', '.join(config.dns.recursiv['wifi']),))
if has("vlan-ens"):
print """
out("""
#Vlan appartement
subnet 10.2.9.0 netmask 255.255.255.0 {
interface eth6;
@ -181,10 +176,10 @@ subnet 10.2.9.0 netmask 255.255.255.0 {
include "/etc/dhcp3/generated/appartements.liste";
}
""" % ', '.join(config.dns.recursiv['personnel-ens'])
""" % (', '.join(config.dns.recursiv['personnel-ens']),))
if has("vlan-evenementiel"):
print """
out("""
subnet 10.231.137.0 netmask 255.255.255.0 {
range 10.231.137.20 10.231.137.254;
next-server 10.231.137.1;
@ -197,10 +192,10 @@ subnet 10.231.137.0 netmask 255.255.255.0 {
# Fichier a charger pour le boot par le reseau
filename "pxelinux.0";
}
""" % ', '.join(config.dns.recursiv['evenementiel'])
""" % (', '.join(config.dns.recursiv['evenementiel']),))
if has("vlan-federez"):
print """
out("""
# Vlan wifi federez
subnet 10.53.0.0 netmask 255.255.0.0 {
interface eth7;
@ -219,4 +214,4 @@ subnet 10.53.0.0 netmask 255.255.0.0 {
# Fichier a charger pour le boot par le reseau
filename "pxelinux.0";
}
""" % ', '.join(config.dns.recursiv['fil'])
""" % (', '.join(config.dns.recursiv['fil']),))

4
Python/etc/dhcp3/omapi.conf
View file

@ -20,7 +20,7 @@ if not dhcp.dhcp_omapi_keys.get(admhostname, False):
f.close()
reload(dhcp)
print """
out("""
omapi-port 9991;
key omapi_key {
algorithm HMAC-MD5;
@ -28,4 +28,4 @@ key omapi_key {
};
omapi-key omapi_key;
""" % dhcp.dhcp_omapi_keys.get(admhostname, '')
""" % (dhcp.dhcp_omapi_keys.get(admhostname, ''),))

4
Python/etc/ejabberd/ejabberd.cfg
View file

@ -299,10 +299,10 @@ header("Configuration du serveur xmpp du crans")
@%%{ldap_port, 636}.
@%%
@%% LDAP manager:
print """{ldap_rootdn, "%s"}.""" % secrets.ldap_readonly_auth_dn
out("""{ldap_rootdn, "%s"}.""" % (secrets.ldap_readonly_auth_dn,))
@%%
@%% Password to LDAP manager:
print """{ldap_password, "%s"}.""" % secrets.ldap_readonly_password
out("""{ldap_password, "%s"}.""" % (secrets.ldap_readonly_password,))
@%%
@%% Search base of LDAP directory:
@{ldap_base, "dc=crans,dc=org"}.

4
Python/etc/exports
View file

@ -9,10 +9,10 @@ import os
home_adh = list(string.ascii_lowercase) + ['logs', 'mail']
dirs = map(lambda x: os.path.join('/home-adh', x), home_adh)
dirs += ['/usr/scripts', '/home-adh']
allowed = config.NETs['adm'] + config.prefix['adm']
allowed = config.NETs['adm']
tpl = "%s %s(rw,async,nohide,no_subtree_check,no_root_squash)"
for dir in dirs:
for cidr in allowed:
print tpl % (dir, cidr)
out(tpl % (dir, cidr))

4
Python/etc/freeradius/proxy.conf
View file

@ -4,7 +4,7 @@ info["perms"] = 0644
include("secrets")
print """realm FEDEREZ {
out("""realm FEDEREZ {
auth_pool = federez_radius_servers
nostrip
}
@ -27,4 +27,4 @@ home_server baldrick {
check_interval = 30
num_answers_to_alive = 3
}
"""
""")

4
Python/etc/fstab
View file

@ -5,7 +5,7 @@ header("Les modifications locales sont a placer dans le fichier /etc/fstab.local
import string
def mnt(fs, mntpoint, type, options=[], dump=0, pass_=0):
print ("%s %s %s %s %d %d" %
out("%s %s %s %s %d %d" %
(fs, mntpoint, type,
(options and ",".join(options)) or "defaults",
dump, pass_))
@ -15,7 +15,7 @@ mnt("proc", "/proc", "proc")
mnt("shm", "/dev/shm", "tmpfs")
@# Les definitions locales
print metadata.Probes["fstab_local"]
out(metadata.Probes["fstab_local"])
if has("nfs"):
@# Le nfs

18
Python/etc/hosts
View file

@ -5,23 +5,23 @@ include("ip")
@127.0.0.1 localhost.crans.org localhost
if has("crans-proxmox-wheezy"):
print pubip(), pubhostname
print admip(), admhostname, hostname+".adm", hostname
out("%s %s" % (pubip(), pubhostname))
out("%s %s %s %s" % (admip(), admhostname, hostname+".adm", hostname))
elif not has("non-vlan-adherent"):
print pubip(), pubhostname, hostname
print admip(), admhostname, hostname+".adm"
out("%s %s %s" % (pubip(), pubhostname, hostname))
out("%s %s %s" % (admip(), admhostname, hostname+".adm"))
else:
print admip(), admhostname, hostname+".adm", hostname
out("%s %s %s %s" % (admip(), admhostname, hostname+".adm", hostname))
if has("vlan-wifi"):
print wifiip(), wifihostname, hostname+".wifi"
out("%s %s %s" % (wifiip(), wifihostname, hostname+".wifi"))
@10.231.136.7 zbee.adm.crans.org zbee.adm zbee nfs.adm.crans.org nfs.adm nfs
if(has("odlyd")):
print "138.231.136.9 sable.crans.org sable"
print "138.231.136.98 charybde.crans.org charybde"
@138.231.136.9 sable.crans.org sable
@138.231.136.98 charybde.crans.org charybde
if(has("iscsi")):
print "10.231.136.36 nols.adm.crans.org nols.adm nols"
@10.231.136.36 nols.adm.crans.org nols.adm nols
@# The following lines are desirable for IPv6 capable hosts
@::1 ip6-localhost ip6-loopback

10
Python/etc/icecast2/radio.xml
View file

@ -9,7 +9,7 @@ import tv.radio.config as tv_config
tv_config = reload(tv_config)
print """<![CDATA[
out("""<![CDATA[
Fichier générer par BCfg2
Ne pas modifier à la main
Ne pas faire service icecast2 reload mais service icecast2 restart
@ -24,7 +24,7 @@ dans l'entête de icecast.xml puis
&radio;
là où l'on souhaite effectivement include le fichier
(quelque part dans <icecast></icecast>)
]]>"""
]]>""")
auth_template = """<mount>
<mount-name>/%s</mount-name>
<authentication type="url">
@ -48,7 +48,7 @@ for group in tv_config.multicast.keys():
else:
host=p.netloc
port = 80
print """
out("""
<relay>
<server>%s</server>
<port>%s</port>
@ -56,6 +56,6 @@ for group in tv_config.multicast.keys():
<local-mount>/%s</local-mount>
<relay-shoutcast-metadata>1</relay-shoutcast-metadata>
<on-demand>1</on-demand>
</relay>""" % (host, port, p.path, name)
print auth_template % name
</relay>""" % (host, port, p.path, name))
out(auth_template % (name,))

2
Python/etc/jabber/key.pem
View file

@ -1,3 +1,3 @@
info["owner"] = "jabber"
info["mode"] = 0600
print file("/etc/crans/secrets/jabber-key.pem").read()
_out(open("/etc/crans/secrets/jabber-key.pem", "r").read())

6
Python/etc/kgb-bot/kgb.conf
View file

@ -22,14 +22,14 @@ header("Configuration du bot KGB\nIl annonce les commits git sur les channels IR
@ crans:
@ # needs to be the same on the client
print " password: %s" % secrets.kgb_passwords["crans"]
out(" password: %s" % (secrets.kgb_passwords["crans"],))
@ # private repositories aren't announced to broadcast channels
@ # private: yes
for depot in ["ca", "note", "bots", "bde", "fortunes"]:
print " %s:" % (depot,)
print " password: %s" % (secrets.kgb_passwords[depot],)
out(" %s:" % (depot,))
out(" password: %s" % (secrets.kgb_passwords[depot],))
@# Some witty answer for people that talk to the bot
@smart_answers:

10
Python/etc/kgb-ca.conf
View file

@ -8,8 +8,8 @@ info["mode"] = 0660
header("Pour parler à KGB dans un hook git\nUn membre du CA n'est pas forcément apprenti.")
print "---"
print "repo-id: ca"
print "servers:"
print " - uri: http://irc.crans.org:5391/"
print " password: %s" % (secrets.kgb_passwords['ca'])
@---
@repo-id: ca
@servers:
@ - uri: http://irc.crans.org:5391/
out(" password: %s" % (secrets.kgb_passwords['ca'],))

10
Python/etc/kgb-client.conf
View file

@ -8,8 +8,8 @@ info["mode"] = 0660
header("Pour parler à KGB dans un hook git")
print "---"
print "repo-id: crans"
print "servers:"
print " - uri: http://irc.crans.org:5391/"
print " password: %s" % (secrets.kgb_passwords['crans'])
@---
@repo-id: crans
@servers:
@ - uri: http://irc.crans.org:5391/
out(" password: %s" % (secrets.kgb_passwords['crans'],))

10
Python/etc/kgb-fortunes.conf
View file

@ -8,8 +8,8 @@ info["mode"] = 0660
header("Pour parler à KGB dans un hook git\n")
print "---"
print "repo-id: fortunes"
print "servers:"
print " - uri: http://irc.crans.org:5391/"
print " password: %s" % (secrets.kgb_passwords['fortunes'])
@---
@repo-id: fortunes
@servers:
@ - uri: http://irc.crans.org:5391/
out(" password: %s" % (secrets.kgb_passwords['fortunes']))

8
Python/etc/ldap.secret
View file

@ -1,8 +0,0 @@
# -*- mode: python; coding: utf-8 -*-
include("secrets")
if has("db-main"):
print secrets.ldap_password
else:
print secrets.ldap_readonly_password

2
Python/etc/ldap/ldap.conf
View file

@ -9,5 +9,5 @@ header("Acces a la base ldap")
@# This file should be world readable but not world writable.
@BASE dc=crans, dc=org
print "URI %s" % ldap_socket
out("URI %s" % (ldap_socket,))
@#TLS_CACERT /etc/ssl/certs/CAcrans.pem

6
Python/etc/ldap/slapd.conf
View file

@ -90,13 +90,13 @@ else:
@rootdn "cn=admin,dc=crans,dc=org"
@
@# SyncRepl
print "syncrepl rid=%s" % rid
out("syncrepl rid=%s" % (rid,))
@ provider=ldap://vert.adm.crans.org
@ searchbase="dc=crans,dc=org"
@ type=refreshAndPersist
print ' binddn="%s"' % secrets.ldap_replica_auth_dn
out(' binddn="%s"' % (secrets.ldap_replica_auth_dn,))
@ bindmethod=simple
print ' credentials=%s' % secrets.ldap_replica_password
out(' credentials=%s' % (secrets.ldap_replica_password,))
@ retry="30 20 300 3"
@
@# Redirection des requêtes en écriture, ...

10
Python/etc/ldap/templatedir/cn=config/olcDatabase={0}config.ldif
View file

@ -20,11 +20,11 @@ rid = rid[rid.rfind(".")+1:]
@olcRootDN: cn=admin,dc=crans,dc=org
@olcSyncUseSubentry: FALSE
@olcMonitoring: FALSE
print 'olcSyncrepl: {0}rid=%s provider=ldap://vert.adm.crans.org bindmethod=simple t' % (rid)
print ' imeout=0 network-timeout=0 binddn=%s ' % (secrets.ldap_replica_auth_dn)
print ' credentials=%s filter="(objectClass=olcS' % (secrets.ldap_replica_password)
print ' chemaConfig)" searchbase="cn=schema,cn=config" scope=sub type=refreshAndPersi'
print ' st retry="30 20 300 +"'
out('olcSyncrepl: {0}rid=%s provider=ldap://vert.adm.crans.org bindmethod=simple t' % (rid))
out(' imeout=0 network-timeout=0 binddn=%s ' % (secrets.ldap_replica_auth_dn))
out(' credentials=%s filter="(objectClass=olcS' % (secrets.ldap_replica_password))
out(' chemaConfig)" searchbase="cn=schema,cn=config" scope=sub type=refreshAndPersi')
out(' st retry="30 20 300 +"')
@structuralObjectClass: olcDatabaseConfig
@entryUUID: 55f5a71a-59fb-102f-9686-112b7bde9a51
@creatorsName: cn=config

8
Python/etc/ldap/templatedir/cn=config/olcDatabase={1}bdb.ldif
View file

@ -87,10 +87,10 @@ rid = str(int(rid[rid.rfind(".")+1:])+255)
@entryUUID: 55f5acc4-59fb-102f-9687-112b7bde9a51
@creatorsName: cn=config
@createTimestamp: 20100921183939Z
print 'olcSyncrepl: {0}rid=%s provider=ldap://vert.adm.crans.org bindmethod=simple tim' % (rid)
print ' eout=0 network-timeout=0 binddn=%s ' % (secrets.ldap_replica_auth_dn)
print ' credentials=%s filter="(objectclass=*)" ' % (secrets.ldap_replica_password)
print ' searchbase="dc=crans,dc=org" scope=sub type=refreshAndPersist retry="30 20 300 +"'
out('olcSyncrepl: {0}rid=%s provider=ldap://vert.adm.crans.org bindmethod=simple tim' % (rid))
out(' eout=0 network-timeout=0 binddn=%s ' % (secrets.ldap_replica_auth_dn))
out(' credentials=%s filter="(objectclass=*)" ' % (secrets.ldap_replica_password))
out(' searchbase="dc=crans,dc=org" scope=sub type=refreshAndPersist retry="30 20 300 +"')
@entryCSN: 20110227094521.639316Z#000000#000#000000
@modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
@modifyTimestamp: 20110227094521Z

67
Python/etc/libnss-ldap.conf
View file

@ -1,67 +0,0 @@
# -*- mode: python; coding: utf-8 -*-
include("mode/space")
include("secrets")
include("ldap")
header("""
Fichier de configuration pour libnss-ldap.
Pour des informations détaillées voir libnss-ldap.conf(5)
ainsi que /usr/share/libnss-ldap/ldap.conf
""")
info["mode"] = 0644
@# +---------------------------------------------------+
@# | Configuration de la communication avec le serveur |
@# +---------------------------------------------------+
@# Base LDAP
%uri "%s" % ldap_socket
@# The distinguished name of the search base.
%base "dc=crans,dc=org"
@# The distinguished name to bind to the server with.
@# Optional: default is to bind anonymously.
@# Please do not put double quotes around it as they
@# would be included literally.
%binddn secrets.ldap_readonly_auth_dn
@# The credentials to bind with.
@# Optional: default is no credential.
#%bindpw secrets.ldap_readonly_password
@# The distinguished name to bind to the server with
@# if the effective user ID is root. Password is
@# stored in /etc/libnss-ldap.secret (mode 600)
@# Use 'echo -n "mypassword" > /etc/libnss-ldap.secret' instead
@# of an editor to create the file.
%rootbinddn secrets.ldap_readonly_auth_dn
@# The LDAP version to use (defaults to 3
@# if supported by client library)
%ldap_version 3
@# Search timelimit
%timelimit 5
@# Bind/connect timelimit
%bind_timelimit 5
@# +------------------+
@# | Bases de données |
@# +------------------+
# On n'utilise ldap pour résoudre les bases de données
# passwd, group et shadow
if ldap_filter:
passwd_filter = "?%s" % ldap_filter
else:
passwd_filter = ""
%nss_base_passwd "ou=data,dc=crans,dc=org?one%s" % passwd_filter
%nss_base_shadow "ou=data,dc=crans,dc=org?one"
%nss_base_group "ou=Group,dc=crans,dc=org?one"

5
Python/etc/libnss-ldap.secret
View file

@ -1,5 +0,0 @@
# -*- mode: python; coding: utf-8 -*-
include("secrets")
print secrets.ldap_readonly_password

4
Python/etc/monit/monitrc
View file

@ -18,8 +18,8 @@ header()
@set alert roots@crans.org { uid gid size nonexist data icmp invalid exec timeout resource checksum timestamp connection permission }
@
@set httpd port 2812 and
print " use address %s" % metadata.hostname
print " allow monit:%s" % (secrets.monit_password)
out(" use address %s" % (metadata.hostname,))
out(" allow monit:%s" % (secrets.monit_password,))
@
@set mail-format {
@from: roots@crans.org

44
Python/etc/monit/services
View file

@ -36,21 +36,21 @@ def service(group=None, **kw):
matchingp = ''
start_cmd = kw.get('start_cmd', '/etc/init.d/%s start' % init)
stop_cmd = kw.get('stop_cmd', '/etc/init.d/%s stop' % init)
print ("""# %(name)s
out("""# %(name)s
check process %(name)s %(pidp)s""" % locals())
if matchingp:
print " %s" % (matchingp,)
print (''' start program = "%(start_cmd)s"
out(" %s" % (matchingp,))
out(''' start program = "%(start_cmd)s"
stop program = "%(stop_cmd)s"''' % locals())
max_restart = kw.get('max_restart', 5)
for line in kw.get('extra', []):
if line:
print " ", line
print " if %d restarts within 5 cycles then timeout" % max_restart
out(" %s" % (line,))
out(" if %d restarts within 5 cycles then timeout" % (max_restart,))
if kw.has_key('depends_on'):
print " depends on " + ', '.join(kw['depends_on'])
print
out(" depends on %s" % (', '.join(kw['depends_on']),))
out()
service("apache",
name="apache2",
@ -146,10 +146,6 @@ service(group="cups-service",
name="cups",
pidf="cups/cupsd")
service("openntpd",
name="openntpd",
pidf="openntpd/ntpd")
service("cron",
pidf="crond")
@ -291,9 +287,9 @@ service("ups-server",
pidf="nut/upsd")
if not has("nfs"):
print """check program git_repos with path "/usr/scripts/utils/check_repos.sh"
out("""check program git_repos with path "/usr/scripts/utils/check_repos.sh"
if status != 0 then alert
"""
""")
if has('non-vlan-adherent'):
vsftpd_ip = admip()
@ -313,7 +309,7 @@ except:
cartesdesactivees=[]
if dernierecarte:
print "# Il y a %d carte(s) DVB sur ce serveur dont %d cartes desactivee(s)\n" % (dernierecarte,len(cartesdesactivees))
out("# Il y a %d carte(s) DVB sur ce serveur dont %d cartes desactivee(s)\n" % (dernierecarte,len(cartesdesactivees)))
for i in range(0,dernierecarte):
if not i in cartesdesactivees:
service("mumudvb",
@ -324,9 +320,9 @@ for i in range(0,dernierecarte):
stop_cmd = """/sbin/start-stop-daemon --stop --pidfile /var/run/mumudvb/mumudvb_adapter%d_tuner0.pid""" % i
)
print """check file file/var/log/syslog with path /var/log/syslog
out("""check file file/var/log/syslog with path /var/log/syslog
if timestamp > 15 minutes then alert
"""
""")
service('igmpproxy')
@ -371,11 +367,11 @@ for line in metadata.Probes["fstab_local"].splitlines():
# on vérifie le filesystem directement pour les volumes lvm
if fs.startswith('/dev/mapper'):
print 'check filesystem fs%s with path %s' % (mntpoint, mntpoint)
out('check filesystem fs%s with path %s' % (mntpoint, mntpoint))
else:
print 'check device fs%s with path %s' % (mntpoint, fs)
print ' if failed permission %s then alert' % perm
print ' if failed uid root then alert'
out('check device fs%s with path %s' % (mntpoint, fs))
out(' if failed permission %s then alert' % (perm,))
out(' if failed uid root then alert')
# place sur les disques
alert_level = {
@ -393,12 +389,12 @@ for line in metadata.Probes["fstab_local"].splitlines():
alert_level = 80
if alert_level:
print ' if space usage > %d%% for 3 cycles then alert' % alert_level
out(' if space usage > %d%% for 3 cycles then alert' % (alert_level,))
# inodes pour les disques
if type != 'reiserfs' :
print ' if inode usage > 80% then alert'
out(' if inode usage > 80% then alert')
print ' mode passive'
print
out(' mode passive')
out()

6
Python/etc/munin/munin-node.conf
View file

@ -40,7 +40,7 @@ munin_hostname = pubhostname
@ignore_file \.dpkg-(tmp|new|old|dist)$
@
@# Nom d'hôte reporté au serveur munin
print "host_name %s" % munin_hostname
out("host_name %s" % (munin_hostname,))
@
@# Attention: allow_cidr ne peut être utilisé à la fois avec des IPv4 et IPv6
@# (merci munin et debian). Comme c'est vachement mieux d'utiliser des cidr
@ -52,9 +52,9 @@ def allow(cidr):
quand cidr_allow sera supporté pour les deux types d'IPs.
Cf https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=20;bug=645292"""
if ':' in cidr:
print "cidr_allow " + cidr
out("cidr_allow %s" % (cidr,))
else:
print "allow " + cidr_to_regex(cidr)
out("allow %s" % (cidr_to_regex(cidr),))
if not has("users"):
@# On autorise tout adm et localhost

33
Python/etc/munin/munin.conf
View file

@ -16,7 +16,7 @@ info['group'] = 'adm'
include("ldap_conn")
import annuaires_pg
print """
out("""
# The next three variables specifies where the location of the RRD
# databases, the HTML output, and the logs, severally. They all
# must be writable by the user running munin-cron.
@ -52,17 +52,17 @@ munin_cgi_graph_jobs 6
#============================== Les switchs ================================
#Il ne s'agit pas de clients bcfg2 et ne sont par ailleurs pas des nœuds munin
"""
""")
switchs = [ x[:x.rindex('.crans.org')] for x in annuaires_pg.all_switchs(hide=[]) ]
for host in switchs:
print '[switchs.crans.org;%s]' % host
print ' address localhost\n'
out('[switchs.crans.org;%s]' % (host,))
out(' address localhost\n')
print """
out("""
#============================== Les bornes wifi ============================
#On emprunte des données venant du graphe multistacké wifi_clients
# """
# """)
for ap in ldap_conn.search(u'objectClass=borneWifi'):
# skip fake ap
@ -76,7 +76,7 @@ for ap in ldap_conn.search(u'objectClass=borneWifi'):
fqdn = ap['host'][0].value.encode('utf-8')
profile = fqdn.split('.',1)[0]
print """[wifi.crans.org;%(profile)s]
out("""[wifi.crans.org;%(profile)s]
address localhost
update no
@ -101,14 +101,14 @@ for ap in ldap_conn.search(u'objectClass=borneWifi'):
""" % { 'hostname': fqdn,
'profile': profile,
'master': metadata.profile + '.crans.org',
}
})
#@[switchs.crans.org;supervision.switchs.crans.org]
#@update no
print """
out("""
#===================== Divers ==============================================
# Les adherents
[association.crans.org;adherents]
@ -145,7 +145,7 @@ print """
[pulsar.crans.org]
address localhost
notify_alias pulsar.adm.crans.org
"""
""")
# TODO agrégation de graphes
# load_all (load.load sur tous les serveurs)
@ -156,23 +156,22 @@ print """
# postfix_all_maildrop(postfix_mailqueue.maildrop)
#
print """
out("""
#===================== Serveurs réguliers ==================================
# """
# """)
all_servers = metadata.query.all()
all_servers.sort(key=lambda x: x.hostname)
for client in all_servers:
if "no-munin" in client.groups:
continue
#print """[crans.org;%(profile)s] # enlever crans.org change qqchose ?
print """[%(profile)s]
out("""[%(profile)s]
address %(hostname)s
apt.graph yes
postfix_mailqueue.deferred.warning 1000
""" % { 'hostname': client.hostname,
'profile': client.profile + '.crans.org',
}
})
print "[crans.org;]"
print " node_order " + " \\\n ".join([c.profile for c in all_servers])
out("[crans.org;]")
out(" node_order " + " \\\n ".join([c.profile for c in all_servers]))

94
Python/etc/network/interfaces
View file

@ -24,7 +24,7 @@ def dev(interface, mode, additionnals=[]):
configured_ifaces.append(interface)
if mode == "pub":
print """auto %(interface)s
out("""auto %(interface)s
iface %(interface)s inet static
address %(ip)s
network 138.231.136.0
@ -33,16 +33,16 @@ iface %(interface)s inet static
mtu 1496
gateway 138.231.136.4
dns-nameservers %(nameservers)s
dns-search crans.org""" % { 'interface': interface, 'ip': pubip(), 'nameservers': ' '.join(config.dns.recursiv['fil']) }
dns-search crans.org""" % { 'interface': interface, 'ip': pubip(), 'nameservers': ' '.join(config.dns.recursiv['fil']) })
for line in additionnals:
print " ", line
print
out(" %s" % (line,))
out()
pub6(interface)
elif mode == "wifi":
print """auto %(interface)s
out("""auto %(interface)s
iface %(interface)s inet static
address %(ip)s
network 138.231.144.0
@ -50,14 +50,14 @@ iface %(interface)s inet static
broadcast 138.231.151.255
mtu 1496
dns-nameservers %(nameservers)s
dns-search wifi.crans.org""" % { 'interface': interface, 'ip': wifiip(), 'nameservers': ' '.join(config.dns.recursiv['wifi']) }
dns-search wifi.crans.org""" % { 'interface': interface, 'ip': wifiip(), 'nameservers': ' '.join(config.dns.recursiv['wifi']) })
for line in additionnals:
print " ", line
print
out(" %s" % (line,))
out()
elif mode == "adm":
print """auto %(interface)s
out("""auto %(interface)s
iface %(interface)s inet static
address %(ip)s
network 10.231.136.0
@ -65,64 +65,64 @@ iface %(interface)s inet static
broadcast 10.231.136.255
mtu 1496
dns-nameservers %(nameservers)s
dns-search adm.crans.org""" % { 'interface': interface, 'ip': admip(), 'nameservers': ' '.join(config.dns.recursiv['adm']) }
dns-search adm.crans.org""" % { 'interface': interface, 'ip': admip(), 'nameservers': ' '.join(config.dns.recursiv['adm']) })
for line in additionnals:
print " ", line
print
out(" %s" % (line,))
out()
adm6(interface)
elif mode == "radin":
print """auto %(interface)s
out("""auto %(interface)s
iface %(interface)s inet static
address %(ip)s
network 10.42.0.0
netmask 255.255.0.0
broadcast 10.42.255.255
mtu 1496""" % { 'interface': interface, 'ip': radinip() }
print
mtu 1496""" % { 'interface': interface, 'ip': radinip() })
out()
radin6(interface)
elif mode == "accueil":
print """auto %(interface)s
out("""auto %(interface)s
iface %(interface)s inet static
address %(ip)s
network 10.51.0.0
netmask 255.255.0.0
broadcast 10.51.255.255
mtu 1496""" % { 'interface': interface, 'ip': accueilip() }
mtu 1496""" % { 'interface': interface, 'ip': accueilip() })
elif mode == "ens":
print """auto %(interface)s
out("""auto %(interface)s
iface %(interface)s inet static
address %(ip)s
network 10.2.9.0
netmask 255.255.255.0
broadcast 10.2.9.255
mtu 1496""" % { 'interface': interface, 'ip': appt_ens_ip() }
mtu 1496""" % { 'interface': interface, 'ip': appt_ens_ip() })
elif mode == "isolement":
print """auto %(interface)s
out("""auto %(interface)s
iface %(interface)s inet static
address %(ip)s
network 10.52.0.0
netmask 255.255.0.0
broadcast 10.52.255.255
mtu 1496""" % { 'interface': interface, 'ip': isolementip() }
mtu 1496""" % { 'interface': interface, 'ip': isolementip() })
elif mode == "federez":
print """auto %(interface)s
out("""auto %(interface)s
iface %(interface)s inet static
address %(ip)s
network 10.53.0.0
netmask 255.255.0.0
broadcast 10.53.255.255
mtu 1496""" % { 'interface': interface, 'ip': federezip() }
mtu 1496""" % { 'interface': interface, 'ip': federezip() })
elif mode == "manuel":
print """auto %(interface)s
iface %(interface)s inet static""" % { 'interface': interface }
out("""auto %(interface)s
iface %(interface)s inet static""" % { 'interface': interface })
elif mode == "vide":
try:
@ -130,34 +130,34 @@ iface %(interface)s inet static""" % { 'interface': interface }
except ValueError:
vlan = None
if vlan:
print """auto %(interface)s
out("""auto %(interface)s
iface %(interface)s inet manual
pre-up vconfig add %(iface)s %(vlan)s
post-down vconfig rem %(iface)s.%(vlan)s
up ip l set %(interface)s up
down ip l set %(interface)s down""" % { 'interface': interface, 'iface':iface,'vlan':vlan }
down ip l set %(interface)s down""" % { 'interface': interface, 'iface':iface,'vlan':vlan })
else:
print """auto %(interface)s
out("""auto %(interface)s
iface %(interface)s inet manual
up ip l set %(interface)s up
down ip l set %(interface)s down""" % { 'interface': interface }
down ip l set %(interface)s down""" % { 'interface': interface })
else:
raise NotImplementedError, "Mode de reseau inconnu : %s" % mode
if mode != "pub" and mode != "adm" and mode != "wifi" :
for line in additionnals:
print " ", line
print
out(" %s" % (line,))
out()
# Definitions communes
print """auto lo
out("""auto lo
iface lo inet loopback
"""
""")
# Pour arpwatch, on surveille nos réseaux
def otherlisteners():
print "#Interfaces d'ecoute restantes pour arpwatch "
out("#Interfaces d'ecoute restantes pour arpwatch")
for vlan in watched_vlans:
if vlan == 1:
iface = 'eth0'
@ -218,21 +218,21 @@ def interface6(interface, list_ip, mode = 'serveur'):
main_ip = list_ip[0]
list_ip = list_ip[1:]
print """iface %(interface)s inet6 static
out("""iface %(interface)s inet6 static
address %(ip6)s
netmask %(netmask)s""" % {
'interface': interface,
'ip6': main_ip.split('/')[0],
'netmask': (main_ip.split('/') + ['64'])[1],
}
})
# Avoid loops
if mode != 'routeur':
print ' gateway fe80::1'
out(' gateway fe80::1')
for ip in list_ip:
print ' up ip a add %s dev $IFACE' % ip
print ' down ip a delete %s dev $IFACE' % ip
print ' up /sbin/sysctl net/ipv6/conf/$IFACE/autoconf=0'
print
out(' up ip a add %s dev $IFACE' % (ip,))
out(' down ip a delete %s dev $IFACE' % (ip,))
out(' up /sbin/sysctl net/ipv6/conf/$IFACE/autoconf=0')
out()
def pub6(interface, mode='serveur', list_ip=[]):
list_ip = [pubip6(interface) + '/64'] + list_ip
@ -249,16 +249,16 @@ def wifi6(interface, list_ip=[], name=None):
interface6(interface, list_ip)
def adm6(interface):
print """iface %(interface)s inet6 static
out("""iface %(interface)s inet6 static
address %(ip6)s
netmask 64""" % { 'interface': interface, 'ip6': admip6(interface) }
print
netmask 64""" % { 'interface': interface, 'ip6': admip6(interface) })
out()
def radin6(interface):
print """iface %(interface)s inet6 static
out("""iface %(interface)s inet6 static
address %(ip6)s
netmask 64""" % { 'interface': interface, 'ip6': radinip6(interface) }
print
netmask 64""" % { 'interface': interface, 'ip6': radinip6(interface) })
out()
Probe_Mac = metadata.Probes["mac"].split('\n')
If_Mac = dict(zip(Probe_Mac[:-1:2], Probe_Mac[1::2]))

8
Python/etc/nginx/sites-available/status
View file

@ -6,7 +6,7 @@ info["mode"] = 0644
comment_start = "#"
print """server {
out("""server {
listen 127.0.0.1;
server_name localhost;
location /nginx_status {
@ -14,7 +14,7 @@ print """server {
access_log off;
allow 127.0.0.1;
deny all;
}"""
}""")
if has("php"):
print ' include "snippets/php.conf";'
print "}"
@ include "snippets/php.conf";
@}

8
Python/etc/nginx/sites-available/tv
View file

@ -40,14 +40,14 @@ if has("icecast"):
else:
body = base
print """server {
out("""server {
listen 80; ## listen for ipv4; this line is default and implied
listen [::]:80 default_server ipv6only=on; ## listen for ipv6%s
}""" % body
}""" % (body,))
print """# HTTPS server
out("""# HTTPS server
#
server {
listen 443;
@ -58,4 +58,4 @@ server {
ssl_certificate_key /etc/ssl/crans/cochon.ferme.crans.org/xid=33/key.pem;
ssl_session_timeout 5m;%s
}""" % body
}""" % (body,))

2
Python/etc/nslcd.conf
View file

@ -61,4 +61,4 @@ info["mode"] = 0600
if ldap_filter:
@
@# Filtre de recherche
print "filter shadow (%s)" % ldap_filter
out("filter shadow (%s)" % (ldap_filter,))

2
Python/etc/nsswitch.conf
View file

@ -11,7 +11,7 @@ else:
db=""
def database(name, res):
print name + ": " + " ".join(res)
out("%s: %s" % (name, " ".join(res)))
@# On utilise la base de donnee du crans pour tout ce qui est
@# compte unix

136
Python/etc/ntp.conf
View file

@ -8,80 +8,76 @@ comment_start = "#"
header("Conf de ntpd")
print """
# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
@# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
@
@driftfile /var/lib/ntp/ntp.drift
@
@
@# Enable this if you want statistics to be logged.
@#statsdir /var/log/ntpstats/
@
@statistics loopstats peerstats clockstats
@filegen loopstats file loopstats type day enable
@filegen peerstats file peerstats type day enable
@filegen clockstats file clockstats type day enable
@
driftfile /var/lib/ntp/ntp.drift
# Enable this if you want statistics to be logged.
#statsdir /var/log/ntpstats/
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
"""
if has("ntp-server"):
print """# pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will
# pick a different set every time it starts up. Please consider joining the
# pool: <http://www.pool.ntp.org/join.html>
server ntp.ovh.net iburst
server 0.debian.pool.ntp.org iburst
server 1.debian.pool.ntp.org iburst
server 2.debian.pool.ntp.org iburst
server 3.debian.pool.ntp.org iburst
"""
@# pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will
@# pick a different set every time it starts up. Please consider joining the
@# pool: <http://www.pool.ntp.org/join.html>
@server ntp.ovh.net iburst
@server 0.debian.pool.ntp.org iburst
@server 1.debian.pool.ntp.org iburst
@server 2.debian.pool.ntp.org iburst
@server 3.debian.pool.ntp.org iburst
@
elif has("secondary-ntp-server"):
print """# You do need to talk to an NTP server or two (or three).
server ntp.crans.org
"""
@# You do need to talk to an NTP server or two (or three).
@server ntp.crans.org
@
else:
print """# You do need to talk to an NTP server or two (or three).
server ntp.adm.crans.org
"""
@# You do need to talk to an NTP server or two (or three).
@server ntp.adm.crans.org
@
print """
# pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will
# pick a different set every time it starts up. Please consider joining the
# pool: <http://www.pool.ntp.org/join.html>
#server 0.debian.pool.ntp.org iburst
#server 1.debian.pool.ntp.org iburst
#server 2.debian.pool.ntp.org iburst
#server 3.debian.pool.ntp.org iburst
@# pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will
@# pick a different set every time it starts up. Please consider joining the
@# pool: <http://www.pool.ntp.org/join.html>
@#server 0.debian.pool.ntp.org iburst
@#server 1.debian.pool.ntp.org iburst
@#server 2.debian.pool.ntp.org iburst
@#server 3.debian.pool.ntp.org iburst
@
@
@# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
@# details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
@# might also be helpful.
@#
@# Note that "restrict" applies to both servers and clients, so a configuration
@# that might be intended to block requests from certain clients could also end
@# up blocking replies from your own upstream servers.
@
@# By default, exchange time with everybody, but don't allow configuration.
@restrict -4 default kod notrap nomodify nopeer noquery
@restrict -6 default kod notrap nomodify nopeer noquery
# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
# details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
# might also be helpful.
#
# Note that "restrict" applies to both servers and clients, so a configuration
# that might be intended to block requests from certain clients could also end
# up blocking replies from your own upstream servers.
# By default, exchange time with everybody, but don't allow configuration."""
print """restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery"""
print """
# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1
# Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated.
#restrict 192.168.123.0 mask 255.255.255.0 notrust
# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)
#broadcast 192.168.123.255
# If you want to listen to time broadcasts on your local subnet, de-comment the
# next lines. Please do this only if you trust everybody on the network!
#disable auth
#broadcastclient
"""
@
@# Local users may interrogate the ntp server more closely.
@restrict 127.0.0.1
@restrict ::1
@
@# Clients from this (example!) subnet have unlimited access, but only if
@# cryptographically authenticated.
@#restrict 192.168.123.0 mask 255.255.255.0 notrust
@
@
@# If you want to provide time to your local subnet, change the next line.
@# (Again, the address is an example only.)
@#broadcast 192.168.123.255
@
@# If you want to listen to time broadcasts on your local subnet, de-comment the
@# next lines. Please do this only if you trust everybody on the network!
@#disable auth
@#broadcastclient

4
Python/etc/openntpd/ntpd.conf
View file

@ -2,8 +2,8 @@ include("ip")
if has("ntp-server"):
@# Addresses to listen on (ntpd does not listen by default)
print "listen on %s" % admip()
print "listen on %s" % pubip()
out("listen on %s" % (admip(),))
out("listen on %s" % (pubip(),))
@listen on 127.0.0.1
@#listen on ::1
@

2
Python/etc/pam.d/common-account
View file

@ -30,5 +30,5 @@ if True: # TODO retirer les @
@account required pam_permit.so
@# and here are more per-package modules (the "Additional" block)
if has("ldap"):
print "account [success=ok new_authtok_reqd=done ignore=ignore user_unknown=ignore authinfo_unavail=ignore default=bad] %s minimum_uid=500" % pam_module
out("account [success=ok new_authtok_reqd=done ignore=ignore user_unknown=ignore authinfo_unavail=ignore default=bad] %s minimum_uid=500" % (pam_module,))
@# end of pam-auth-update config

6
Python/etc/pam.d/common-auth
View file

@ -21,10 +21,10 @@ pam-auth-update(8) for details.
if True: # TODO get rid of @
@# here are the per-package modules (the "Primary" block)
if has('ldap'):
print "auth [success=2 default=ignore] pam_unix.so nullok_secure"
print "auth [success=1 default=ignore] %s minimum_uid=500 use_first_pass" % pam_module
@auth [success=2 default=ignore] pam_unix.so nullok_secure
out("auth [success=1 default=ignore] %s minimum_uid=500 use_first_pass" % pam_module)
else:
print "auth [success=1 default=ignore] pam_unix.so nullok_secure"
@auth [success=1 default=ignore] pam_unix.so nullok_secure
@# here's the fallback if no module succeeds
@auth requisite pam_deny.so
@# prime the stack with a positive return value if there isn't one already;

2
Python/etc/pam.d/common-password
View file

@ -45,7 +45,7 @@ pam-auth-update(8) for details.
if has('ldap'):
@password requisite pam_cracklib.so retry=3 minlen=9 dcredit=-1 ucredit=-1 lcredit=-1 ocredit=1 reject_username gecoscheck enforce_for_root difok=0
@password [success=2 default=ignore] pam_unix.so nullok obscure sha512 min=4 max=8 md5 try_first_pass
print "password [success=1 default=ignore] %s minimum_uid=500 ignore_unkown_user md5 try_first_pass" % pam_module
out("password [success=1 default=ignore] %s minimum_uid=500 ignore_unkown_user md5 try_first_pass" % (pam_module,))
else:
@password [success=1 default=ignore] pam_unix.so nullok obscure sha512 min=4 max=8 md5 try_first_pass
@# here's the fallback if no module succeeds

2
Python/etc/pam.d/common-session
View file

@ -29,5 +29,5 @@ if True: # TODO get rid of @
@# and here are more per-package modules (the "Additional" block)
@session required pam_unix.so
if has('ldap'):
print "session [success=ok default=ignore] %s minimum_uid=500" % pam_module
out("session [success=ok default=ignore] %s minimum_uid=500" % (pam_module,))
@# end of pam-auth-update config

2
Python/etc/postfix/aliases
View file

@ -22,7 +22,7 @@ for dest in ["abuse", "amavis", "backup", "bind", "bin", "clamav", "daemon",
"irc", "list", "logcheck", "lp", "mail", "majordom", "man", "msql",
"munin", "nagios", "news", "operator", "postgres", "proxy", "sync",
"sys", "usenet", "uucp", "webmaster", "www-clubs", "www-data", "www-perso"]:
print "%s: root" % dest
out("%s: root" % (dest,))
if not has("users") and not has('mail-mx'):
@root: root@crans.org

8
Python/etc/postfix/canonical
View file

@ -2,13 +2,13 @@
include("ip")
print "# Fichier Gere par Bcfg2, tout changement local sera ecrase !"
header("Fichier fournissant des méthodes pour traduire certaines adresses")
if has("bug-tracker"):
# On ne sait jamais
@/^(.*)@bugs.crans.org$/ ${1}@bugs.crans.org
print "/^(.*)@localhost(\.crans\.org)?$/ ${1}@crans.org"
print "/^(.*)@%s$/ ${1}@crans.org" % admhostname
out("/^(.*)@localhost(\.crans\.org)?$/ ${1}@crans.org")
out("/^(.*)@%s$/ ${1}@crans.org" % (admhostname,))
if not has("non-vlan-adherent"):
print "/^(.*)@%s$/ ${1}@crans.org" % pubhostname
out("/^(.*)@%s$/ ${1}@crans.org" % (pubhostname,))

22
Python/etc/postfix/main.cf
View file

@ -65,11 +65,11 @@ else:
@# Reseaux locaux
%mynetworks local_networks
if mx and not users:
out(" " + tostring(client_networks + adm_networks) + "\n")
out(" " + tostring(client_networks + adm_networks))
elif users:
out(" " + tostring(adm_networks) + "\n")
out(" " + tostring(adm_networks))
elif tracker:
out(" " + tostring(adm_networks) + "\n")
out(" " + tostring(adm_networks))
if not mx:
if tracker or corbeau:
@ -83,16 +83,16 @@ if mx:
@# Destinations acceptees
%mydestination [hostname, "$myhostname", "localhost", "localhost.$mydomain"]
if main or users:
out(" " + tostring(["$mydomain", "crans.ens-cachan.fr", "clubs.ens-cachan.fr", "install-party.ens-cachan.fr"]) + "\n")
out(" " + tostring(["$mydomain", "crans.ens-cachan.fr", "clubs.ens-cachan.fr", "install-party.ens-cachan.fr"]))
if manage_ml:
out(" " + tostring(["lists.$mydomain"]) + "\n")
out(" " + tostring(["lists.$mydomain"]))
@# Domaine relaye par ce MX
@relay_domains = $mydestination
if secondary:
out(" " + tostring(["$mydomain", "crans.ens-cachan.fr", "clubs.ens-cachan.fr", "install-party.ens-cachan.fr"]) + "\n")
out(" " + tostring(["$mydomain", "crans.ens-cachan.fr", "clubs.ens-cachan.fr", "install-party.ens-cachan.fr"]))
if public and not manage_ml:
out(" " + tostring(["lists.$mydomain"]) + "\n")
out(" " + tostring(["lists.$mydomain"]))
if not mx:
if tracker:
@ -154,7 +154,7 @@ if manage_ml:
# Pour les non-mx il n'y a plus rien d'interessant
if mx:
@# Plus les alias dans la base de donnees
out(" " + tostring(db_file("search")) + "\n")
out(" " + tostring(db_file("search")))
@# On prend aussi en compte les utilisateurs de /etc/passwd
@local_recipient_maps = $alias_maps unix:passwd.byname
@# Les anciennes ML @crans.org, @crans.ens-cachan.fr -> @lists.crans.org
@ -213,7 +213,7 @@ if mx:
@# On n'ignore que les messages venant d'adresses "protégées"
@smtpd_client_event_limit_exceptions = local_networks
if mx:
out(" " + tostring(adm_networks) + "\n")
out(" " + tostring(adm_networks))
@
@# On limite à 10 messages par minute
@smtpd_client_message_rate_limit = 10
@ -241,7 +241,7 @@ if mx:
if public:
@# accepte si le champ contourneGreylist de la base est a OK
@ permit_sasl_authenticated
out(" check_recipient_access " + tostring(db_file("sqlgrey")) + "\n")
out(" check_recipient_access " + tostring(db_file("sqlgrey")))
@# accepte si la greylist est d'accord
@ check_policy_service inet:127.0.0.1:2501
@# jette le reste
@ -273,7 +273,7 @@ if mx:
@# +----------------------+
@#POUR SECOURS
if not has("rescue-mode"):
out("#")
_out("#")
@relayhost = [ovh.adm.crans.org]:25
if has("titanic"):

2
Python/etc/postfix/master.cf
View file

@ -115,7 +115,7 @@ if main:
@ -o smtpd_sasl_auth_enable=yes
@ -o smtpd_client_restrictions=permit_sasl_authenticated,reject
if not public:
print " -o content_filter=lmtp:[amavis.adm.crans.org]:10024"
@ -o content_filter=lmtp:[amavis.adm.crans.org]:10024
@#628 inet n - - - - qmqpd
@pickup fifo n - - 60 1 pickup
@cleanup unix n - - - 0 cleanup

2
Python/etc/proftpd/proftpd.conf
View file

@ -9,7 +9,7 @@ include("ip")
@# To really apply changes reload proftpd after modifications.
@#
@
print 'ServerName "%s"' % hostname
out('ServerName "%s"' % (hostname,))
@ServerType standalone
@DeferWelcome off
@

4
Python/etc/radvd.conf
View file

@ -46,7 +46,7 @@ def router_adv(**kw):
};""" % pref
kw['other_prefixes'] = '\n'.join(map(prefix_section, kw['other_prefixes']))
print """
out("""
interface %(iface)s
{
AdvSendAdvert on;
@ -62,7 +62,7 @@ interface %(iface)s
# Les récursifs:\n %(rec)s
};
""" % kw
""" % kw)
# NOTE: Je met \n parce qu'un "%" en début de ligne est remplacé par bcfg2 …
router_adv(iface='crans', prefix='2a01:240:fe3d:4::/64')

21
Python/etc/ramond.conf
View file

@ -11,28 +11,27 @@ from gestion.config import mac_du_routeur
from gestion.config import prefix
from gestion.config import int_prefix
print """<?xml version="1.0" encoding="ISO-8859-15"?>
out("""<?xml version="1.0" encoding="ISO-8859-15"?>
<!DOCTYPE ramond SYSTEM "ramond.conf.dtd">
<ramond logfile="/var/log/ramond.log">
<mac-list name="router">"""
<mac-list name="router">""")
def printmac(mac):
print """
<entry>""" + mac + """</entry>"""
out(" <entry>%s</entry>" % (mac,))
printmac(mac_du_routeur)
printmac(mac_komaz)
printmac(mac_titanic)
print """
out("""
</mac-list>
"""
""")
def prefi(pref):
print """
<rule mac="router" prefix=\"""" + pref + """\">
out("""
<rule mac="router" prefix="%s">
<!-- do nothing -->
</rule>
"""
""" % (pref,))
prefi(prefix['fil'][0])
@ -44,7 +43,7 @@ prefi(prefix['v6only'][0])
prefi(int_prefix['manage_ap'])
print """
out("""
<!-- UNKNOWN PREFIX -->
<!-- this matches every advertised _prefix_-->
<rule prefix="::/0">
@ -56,4 +55,4 @@ print """
</rule>
</ramond>"""
</ramond>""")

4
Python/etc/rsyncd.conf
View file

@ -43,11 +43,11 @@ for excluded in RsyncHostsToExclude[hostname]:
ip = admipof("babar")
for (name, path) in backup_folders.iteritems():
print """
out("""
[%(name)s]
path = %(path)s
auth users = backupcrans
secrets file = /etc/crans/secrets/rsyncd.secrets
hosts allow = babar.adm.crans.org %(ip)s""" % { 'name' : name,
'path' : path,
'ip' : ip }
'ip' : ip })

5
Python/etc/rsyslog.conf
View file

@ -1,5 +1,6 @@
header("Fichier de configuration de rsyslog")
print """
out("""
# /etc/rsyslog.conf Configuration file for rsyslog.
#
# For more information see
@ -121,4 +122,4 @@ daemon.*;mail.*;\\
news.err;\\
*.=debug;*.=info;\\
*.=notice;*.=warn |/dev/xconsole
"""
""")

2
Python/etc/rsyslog.d/51-pgsql.conf
View file

@ -25,7 +25,7 @@ if False:
@$ActionResumeRetryCount -1 # infinite retries on insert failure
@$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down
print '*.* :ompgsql:localhost,Syslog,rsyslog,%s;'%(secrets.rsyslog_pgsql_password)
out('*.* :ompgsql:localhost,Syslog,rsyslog,%s;' % (secrets.rsyslog_pgsql_password))
@
@#On ne loggue plus dans les fichiers ce qui n'est pas à nous
@:fromhost, !isequal, "thot" ~

56
Python/etc/sudoers
View file

@ -40,63 +40,63 @@ elif has("2B"):
@# Cmnd alias specification
@# User privilege specification
print "root ALL=(ALL:ALL) ALL"
print "NOUNOUS ALL=(ALL:ALL) ALL"
@root ALL=(ALL:ALL) ALL
@NOUNOUS ALL=(ALL:ALL) ALL
if has("2B"):
print "RESPBATS ALL=(root:ALL) NOPASSWD: /usr/scripts/gestion/tools/who2b.py"
@RESPBATS ALL=(root:ALL) NOPASSWD: /usr/scripts/gestion/tools/who2b.py
if has("users"):
@# Les modérateurs ont le whos
print "MODEROS ALL=(respbats:ALL) /usr/scripts/gestion/whos.py,/usr/scripts/gestion/whos_lc.py"
@MODEROS ALL=(respbats:ALL) /usr/scripts/gestion/whos.py,/usr/scripts/gestion/whos_lc.py
@# Câbleurs
print "RESPBATS ALL=(respbats:ALL) /usr/scripts/gestion/gest_crans.py,/usr/scripts/gestion/chgpass.py,/usr/scripts/gestion/gest_crans_lc.py"
print "RESPBATS ALL=(respbats:ALL) /usr/scripts/gestion/ldap_crans.py --zombielock"
print "RESPBATS ALL=(respbats:ALL) /usr/scripts/gestion/ldap_crans.py --purgelock"
print "RESPBATS ALL=(respbats:ALL) /usr/scripts/admin/mail_invalide/mail_invalide.py, /usr/scripts/admin/controle_tresorier.py, /usr/scripts/admin/controle_tresorier2.py, /usr/scripts/admin/controle_tresorier3.py"
print "RESPBATS ALL=(respbats:ALL) NOPASSWD: /usr/scripts/gestion/whos.py,/usr/scripts/gestion/whos_lc.py,/usr/scripts/utils/chambre.py,/usr/scripts/utils/stats_cableurs.py,/usr/scripts/gestion/tools/whokfet.py"
print "RESPBATS ALL=(respbats:ALL) NOPASSWD: /usr/scripts/gestion/tools/whosthere.py dalembert"
print "RESPBATS ALL=(respbats:ALL) /usr/scripts/gestion/ressuscite.py"
print "RESPBATS ALL=(respbats:ALL) /usr/scripts/cransticket/dump_creds.py"
@RESPBATS ALL=(respbats:ALL) /usr/scripts/gestion/gest_crans.py,/usr/scripts/gestion/chgpass.py,/usr/scripts/gestion/gest_crans_lc.py
@RESPBATS ALL=(respbats:ALL) /usr/scripts/gestion/ldap_crans.py --zombielock
@RESPBATS ALL=(respbats:ALL) /usr/scripts/gestion/ldap_crans.py --purgelock
@RESPBATS ALL=(respbats:ALL) /usr/scripts/admin/mail_invalide/mail_invalide.py, /usr/scripts/admin/controle_tresorier.py, /usr/scripts/admin/controle_tresorier2.py, /usr/scripts/admin/controle_tresorier3.py
@RESPBATS ALL=(respbats:ALL) NOPASSWD: /usr/scripts/gestion/whos.py,/usr/scripts/gestion/whos_lc.py,/usr/scripts/utils/chambre.py,/usr/scripts/utils/stats_cableurs.py,/usr/scripts/gestion/tools/whokfet.py
@RESPBATS ALL=(respbats:ALL) NOPASSWD: /usr/scripts/gestion/tools/whosthere.py dalembert
@RESPBATS ALL=(respbats:ALL) /usr/scripts/gestion/ressuscite.py
@RESPBATS ALL=(respbats:ALL) /usr/scripts/cransticket/dump_creds.py
@# Pour ne pas louper des .forward pour des questions de droits de lecture
print "RESPBATS ALL=(root:ALL) NOPASSWD: /usr/scripts/admin/mail_invalide/mail_invalide.py"
@RESPBATS ALL=(root:ALL) NOPASSWD: /usr/scripts/admin/mail_invalide/mail_invalide.py
@# Bureau
print "BUREAU ALL=(respbats:ALL) /usr/scripts/admin/controle_charte_MA.py, /usr/scripts/admin/menage_cableurs.py"
@BUREAU ALL=(respbats:ALL) /usr/scripts/admin/controle_charte_MA.py, /usr/scripts/admin/menage_cableurs.py
@# intranet
print "respbats ALL=(USERS:ALL) NOPASSWD: /usr/scripts/gestion/config_mail.py"
print "respbats ALL=(root:ALL) NOPASSWD: /usr/local/bin/quota"
@respbats ALL=(USERS:ALL) NOPASSWD: /usr/scripts/gestion/config_mail.py
@respbats ALL=(root:ALL) NOPASSWD: /usr/local/bin/quota
@# Génération de codes impression pour les imprimeurs
print "IMPRIMEURS ALL=(root:ALL) /usr/scripts/impression/gen_code.py"
@IMPRIMEURS ALL=(root:ALL) /usr/scripts/impression/gen_code.py
@# Les imprimeurs peuvent recréditer en masse
print "IMPRIMEURS ALL=(respbats:ALL) /usr/scripts/impression/recredit_masse.py"
print "IMPRIMEURS ALL=(respbats:ALL) /usr/scripts/impression/recredit.py"
@IMPRIMEURS ALL=(respbats:ALL) /usr/scripts/impression/recredit_masse.py
@IMPRIMEURS ALL=(respbats:ALL) /usr/scripts/impression/recredit.py
@# Redémarrage de l'intranet pour les imprimeurs
print "IMPRIMEURS ALL=(root:ALL) /usr/scripts/impression/redemarre_intranet.sh"
@IMPRIMEURS ALL=(root:ALL) /usr/scripts/impression/redemarre_intranet.sh
@# Un chsh pour tout le monde
print "ALL ALL=(respbats:ALL) /usr/scripts/gestion/chsh.py, NOPASSWD:/usr/local/bin/ldap_whoami"
@ALL ALL=(respbats:ALL) /usr/scripts/gestion/chsh.py, NOPASSWD:/usr/local/bin/ldap_whoami
@# Quotas
print "ALL ALL=(respbats:ALL) NOPASSWD:/usr/local/bin/quota.sh"
@ALL ALL=(respbats:ALL) NOPASSWD:/usr/local/bin/quota.sh
@# Envoi de message SIP
print "ALL ALL=(respbats:ALL) NOPASSWD:/usr/scripts/sip/send_sms.py"
@ALL ALL=(respbats:ALL) NOPASSWD:/usr/scripts/sip/send_sms.py
print "%respbats ALL=(ALL) NOPASSWD: /usr/bin/monit summary, /usr/bin/monit status"
@%respbats ALL=(ALL) NOPASSWD: /usr/bin/monit summary, /usr/bin/monit status
if has('generate'):
print "rpcssh ALL=(ALL) NOPASSWD: /usr/scripts/gestion/gen_confs/generate.py"
@rpcssh ALL=(ALL) NOPASSWD: /usr/scripts/gestion/gen_confs/generate.py
if has('arpwatch'):
@# arpwatch
print "arpwatch ALL=(arpwatch:ALL) NOPASSWD:/usr/scripts/surveillance/arpwatch_sendmail.py"
@arpwatch ALL=(arpwatch:ALL) NOPASSWD:/usr/scripts/surveillance/arpwatch_sendmail.py
if has('intranet2-server'):
print "www-data ALL=(root:ALL) NOPASSWD: /usr/local/bin/quota"
print "www-data ALL=(root) NOPASSWD: /usr/scripts/utils/chown_impressions.sh"
@www-data ALL=(root:ALL) NOPASSWD: /usr/local/bin/quota
@www-data ALL=(root) NOPASSWD: /usr/scripts/utils/chown_impressions.sh
# Inclusion de fichier locaux
@

8
Python/etc/sysctl.conf
View file

@ -21,7 +21,7 @@ Voir http://wiki.crans.org/CransTechnique/Bcfg2/... pour plus d'explications.
""")
# Définitions communes
print """
out("""
net.ipv6.conf.default.autoconf = 0
net.ipv6.conf.default.accept_ra = 0
net.ipv6.conf.default.accept_ra_defrtr = 0
@ -37,7 +37,7 @@ net.ipv6.conf.all.accept_ra_pinfo = 0
net.ipv6.conf.all.accept_source_route = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.all.use_tempaddr = 0
"""
""")
Probe_Ifs = metadata.Probes["mac"].strip().split('\n')
@ -45,6 +45,6 @@ Ifs = [Probe_Ifs[i] for i in range(len(Probe_Ifs)) if i % 2 == 0]
# Un '.' supplémentaire dans une clé sysctl, c'est mal.
for i in Ifs:
print template_ra % { 'If' : i.replace('.','/') }
out(template_ra % { 'If' : i.replace('.','/') })
print metadata.Probes["sysctl"]
out(metadata.Probes["sysctl"])

2
Python/var/local/rpcssh/.ssh/authorized_keys
View file

@ -9,4 +9,4 @@ comment_start = "#"
header("Clef pour lancer des commandes en temps réel sur les serveurs")
if has("generate"):
print 'command="sudo /usr/scripts/gestion/gen_confs/generate.py",from="10.231.136.0/24,2a01:240:fe3d:c804::/64",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding %s' % open('/etc/crans/secrets/trigger-generate.pub').read()
_out('command="sudo /usr/scripts/gestion/gen_confs/generate.py",from="10.231.136.0/24,2a01:240:fe3d:c804::/64",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding %s' % open('/etc/crans/secrets/trigger-generate.pub').read())