On stabilise le plugin Python en virant toute occurrence de print.

* Désolé. \o/
2015-05-14 07:19:56 +02:00 · 2015-05-14 07:19:56 +02:00 · 4b36a51d99
commit 4b36a51d99
parent 2c27a030ee
102 changed files with 513 additions and 703 deletions
--- a/Bundler/feteduslip.xml
+++ b/Bundler/feteduslip.xml
@ -1,3 +1,3 @@
 <Bundle name="feteduslip" version="2.0">
-  <Path name="/root/fete-du-slip" type="symlink" to="/usr/scripts/utils/install-party/fete-du-slip"/>
+    <Path name="/root/fete-du-slip"/>
 </Bundle>
--- a/Bundler/isc-dhcp-client.xml
+++ b/Bundler/isc-dhcp-client.xml
@ -1,6 +1,6 @@
 <Bundle name="isc-dhcp-client">
    <Package name="isc-dhcp-client"/>
    <Path name="/etc/dhcp3/dhclient.conf"/>
-    <Path type="directory" name="/etc/dhcp3/dhclient-enter-hooks.d/"/>
+    <Path name="/etc/dhcp3/dhclient-enter-hooks.d/"/>
-    <Path type="directory" name="/etc/dhcp3/dhclient-exit-hooks.d/"/>
+    <Path name="/etc/dhcp3/dhclient-exit-hooks.d/"/>
 </Bundle>
--- a/Bundler/isc-dhcp-server.xml
+++ b/Bundler/isc-dhcp-server.xml
@ -1,7 +1,7 @@
 <Bundle name="isc-dhcp-server">
    <Package name="isc-dhcp-server"/>
    <Service name="isc-dhcp-server"/>
-    <Path type="symlink" name="/etc/dhcp" to="/etc/dhcp3"/>
+    <Path name="/etc/dhcp"/>
    <Python name="/etc/dhcp3/dhcpd.conf"/>
    <Group name="dhcp-dynamique" negate="true">
        <Path type="directory" name="/etc/dhcp3/generated"/>
--- a/Bundler/iscsi.xml
+++ b/Bundler/iscsi.xml
@ -15,41 +15,41 @@
  <Path name="/etc/iscsi/nodes/iqn.1986-03.com.hp:storage.msa2012i.0831d5e399.a/10.0.0.30,3260,1/default"/>
  <Path name="/etc/iscsi/nodes/iqn.1986-03.com.hp:storage.msa2012i.0831d5e399.a/10.0.0.31,3260,2/default"/>
-  <Path type="symlink" name="/etc/iscsi/send_targets/10.0.0.93,3260/iqn.1986-03.com.hp:storage.p2000g3.114213a1f2,10.0.0.93,3260,1,default"/>
+  <Path name="/etc/iscsi/send_targets/10.0.0.93,3260/iqn.1986-03.com.hp:storage.p2000g3.114213a1f2,10.0.0.93,3260,1,default"/>
-  <Path type="symlink" name="/etc/iscsi/send_targets/10.0.0.93,3260/iqn.1986-03.com.hp:storage.p2000g3.114213a1f2,10.0.0.94,3260,3,default"/>
+  <Path name="/etc/iscsi/send_targets/10.0.0.93,3260/iqn.1986-03.com.hp:storage.p2000g3.114213a1f2,10.0.0.94,3260,3,default"/>
-  <Path type="symlink" name="/etc/iscsi/send_targets/10.0.0.93,3260/iqn.1986-03.com.hp:storage.p2000g3.114213a1f2,10.0.0.95,3260,5,default"/>
+  <Path name="/etc/iscsi/send_targets/10.0.0.93,3260/iqn.1986-03.com.hp:storage.p2000g3.114213a1f2,10.0.0.95,3260,5,default"/>
-  <Path type="symlink" name="/etc/iscsi/send_targets/10.0.0.93,3260/iqn.1986-03.com.hp:storage.p2000g3.114213a1f2,10.0.0.96,3260,7,default"/>
+  <Path name="/etc/iscsi/send_targets/10.0.0.93,3260/iqn.1986-03.com.hp:storage.p2000g3.114213a1f2,10.0.0.96,3260,7,default"/>
-  <Path type="symlink" name="/etc/iscsi/send_targets/10.0.0.93,3260/iqn.1986-03.com.hp:storage.p2000g3.114213a1f2,10.0.0.97,3260,2,default"/>
+  <Path name="/etc/iscsi/send_targets/10.0.0.93,3260/iqn.1986-03.com.hp:storage.p2000g3.114213a1f2,10.0.0.97,3260,2,default"/>
-  <Path type="symlink" name="/etc/iscsi/send_targets/10.0.0.93,3260/iqn.1986-03.com.hp:storage.p2000g3.114213a1f2,10.0.0.98,3260,4,default"/>
+  <Path name="/etc/iscsi/send_targets/10.0.0.93,3260/iqn.1986-03.com.hp:storage.p2000g3.114213a1f2,10.0.0.98,3260,4,default"/>
-  <Path type="symlink" name="/etc/iscsi/send_targets/10.0.0.93,3260/iqn.1986-03.com.hp:storage.p2000g3.114213a1f2,10.0.0.99,3260,6,default"/>
+  <Path name="/etc/iscsi/send_targets/10.0.0.93,3260/iqn.1986-03.com.hp:storage.p2000g3.114213a1f2,10.0.0.99,3260,6,default"/>
-  <Path type="symlink" name="/etc/iscsi/send_targets/10.0.0.93,3260/iqn.1986-03.com.hp:storage.p2000g3.114213a1f2,10.0.0.100,3260,8,default"/>
+  <Path name="/etc/iscsi/send_targets/10.0.0.93,3260/iqn.1986-03.com.hp:storage.p2000g3.114213a1f2,10.0.0.100,3260,8,default"/>
  <Path name="/etc/iscsi/send_targets/10.0.0.93,3260/st_config"/>
-  <Path type="symlink" name="/etc/iscsi/send_targets/10.0.0.31,3260/iqn.1986-03.com.hp:storage.msa2012i.0831d5e399.a,10.0.0.30,3260,1,default"/>
+  <Path name="/etc/iscsi/send_targets/10.0.0.31,3260/iqn.1986-03.com.hp:storage.msa2012i.0831d5e399.a,10.0.0.30,3260,1,default"/>
-  <Path type="symlink" name="/etc/iscsi/send_targets/10.0.0.31,3260/iqn.1986-03.com.hp:storage.msa2012i.0831d5e399.a,10.0.0.31,3260,2,default"/>
+  <Path name="/etc/iscsi/send_targets/10.0.0.31,3260/iqn.1986-03.com.hp:storage.msa2012i.0831d5e399.a,10.0.0.31,3260,2,default"/>
  <Path name="/etc/iscsi/send_targets/10.0.0.31,3260/st_config"/>
  <!-- Droits sur les dossiers send_targets -->
-  <Path type="directory" name="/etc/iscsi/send_targets"/>
+  <Path name="/etc/iscsi/send_targets"/>
-  <Path type="directory" name="/etc/iscsi/send_targets/10.0.0.31,3260"/>
+  <Path name="/etc/iscsi/send_targets/10.0.0.31,3260"/>
-  <Path type="directory" name="/etc/iscsi/send_targets/10.0.0.93,3260"/>
+  <Path name="/etc/iscsi/send_targets/10.0.0.93,3260"/>
  <!-- Droits sur les dossiers nodes -->
-  <Path type="directory" name="/etc/iscsi/nodes"/>
+  <Path name="/etc/iscsi/nodes"/>
  <!-- slon -->
-  <Path type="directory" name="/etc/iscsi/nodes/iqn.1986-03.com.hp:storage.msa2012i.0831d5e399.a"/>
+  <Path name="/etc/iscsi/nodes/iqn.1986-03.com.hp:storage.msa2012i.0831d5e399.a"/>
-  <Path type="directory" name="/etc/iscsi/nodes/iqn.1986-03.com.hp:storage.msa2012i.0831d5e399.a/10.0.0.30,3260,1"/>
+  <Path name="/etc/iscsi/nodes/iqn.1986-03.com.hp:storage.msa2012i.0831d5e399.a/10.0.0.30,3260,1"/>
-  <Path type="directory" name="/etc/iscsi/nodes/iqn.1986-03.com.hp:storage.msa2012i.0831d5e399.a/10.0.0.31,3260,2"/>
+  <Path name="/etc/iscsi/nodes/iqn.1986-03.com.hp:storage.msa2012i.0831d5e399.a/10.0.0.31,3260,2"/>
  <!-- nols -->
-  <Path type="directory" name="/etc/iscsi/nodes/iqn.1986-03.com.hp:storage.p2000g3.114213a1f2"/>
+  <Path name="/etc/iscsi/nodes/iqn.1986-03.com.hp:storage.p2000g3.114213a1f2"/>
-  <Path type="directory" name="/etc/iscsi/nodes/iqn.1986-03.com.hp:storage.p2000g3.114213a1f2/10.0.0.93,3260,1"/>
+  <Path name="/etc/iscsi/nodes/iqn.1986-03.com.hp:storage.p2000g3.114213a1f2/10.0.0.93,3260,1"/>
-  <Path type="directory" name="/etc/iscsi/nodes/iqn.1986-03.com.hp:storage.p2000g3.114213a1f2/10.0.0.94,3260,3"/>
+  <Path name="/etc/iscsi/nodes/iqn.1986-03.com.hp:storage.p2000g3.114213a1f2/10.0.0.94,3260,3"/>
-  <Path type="directory" name="/etc/iscsi/nodes/iqn.1986-03.com.hp:storage.p2000g3.114213a1f2/10.0.0.95,3260,5"/>
+  <Path name="/etc/iscsi/nodes/iqn.1986-03.com.hp:storage.p2000g3.114213a1f2/10.0.0.95,3260,5"/>
-  <Path type="directory" name="/etc/iscsi/nodes/iqn.1986-03.com.hp:storage.p2000g3.114213a1f2/10.0.0.96,3260,7"/>
+  <Path name="/etc/iscsi/nodes/iqn.1986-03.com.hp:storage.p2000g3.114213a1f2/10.0.0.96,3260,7"/>
-  <Path type="directory" name="/etc/iscsi/nodes/iqn.1986-03.com.hp:storage.p2000g3.114213a1f2/10.0.0.97,3260,2"/>
+  <Path name="/etc/iscsi/nodes/iqn.1986-03.com.hp:storage.p2000g3.114213a1f2/10.0.0.97,3260,2"/>
-  <Path type="directory" name="/etc/iscsi/nodes/iqn.1986-03.com.hp:storage.p2000g3.114213a1f2/10.0.0.98,3260,4"/>
+  <Path name="/etc/iscsi/nodes/iqn.1986-03.com.hp:storage.p2000g3.114213a1f2/10.0.0.98,3260,4"/>
-  <Path type="directory" name="/etc/iscsi/nodes/iqn.1986-03.com.hp:storage.p2000g3.114213a1f2/10.0.0.99,3260,6"/>
+  <Path name="/etc/iscsi/nodes/iqn.1986-03.com.hp:storage.p2000g3.114213a1f2/10.0.0.99,3260,6"/>
-  <Path type="directory" name="/etc/iscsi/nodes/iqn.1986-03.com.hp:storage.p2000g3.114213a1f2/10.0.0.100,3260,8"/>
+  <Path name="/etc/iscsi/nodes/iqn.1986-03.com.hp:storage.p2000g3.114213a1f2/10.0.0.100,3260,8"/>
 </Bundle>
--- a/Bundler/openntpd.xml
+++ b/Bundler/openntpd.xml
@ -1,6 +0,0 @@
 <Bundle name="openntpd">
  <Path name="/etc/init.d/openntpd"/>
  <Python name="/etc/openntpd/ntpd.conf"/>
  <Package name="openntpd"/>
  <Service name="openntpd"/>
 </Bundle>
--- a/Bundler/secrets.xml
+++ b/Bundler/secrets.xml
@ -3,7 +3,7 @@
   <Group name="bcfg2-server" negate="true">
     <!-- Sur le serveur les fichiers suivant sont utilises comme
          sources pour les clients -->
-     <Path name="/etc/crans/secrets" type="directory"/>
+     <Path name="/etc/crans/secrets"/>
     <Python name="/etc/crans/secrets/secrets.py"/>
     <Python name="/etc/crans/secrets/privatekey_passphrase"/>
     <Group name="rsync">
--- a/Cfg/etc/init.d/openntpd/info.xml
+++ b/Cfg/etc/init.d/openntpd/info.xml
@ -1,3 +0,0 @@
 <FileInfo>
    <Info owner='root' group='root' mode='0755'/>
 </FileInfo>
--- a/Cfg/etc/init.d/openntpd/openntpd
+++ b/Cfg/etc/init.d/openntpd/openntpd
@ -1,74 +0,0 @@
 #!/bin/sh
 ### BEGIN INIT INFO
 # Provides:        openntpd
 # Required-Start:    $remote_fs $syslog
 # Required-Stop:    $remote_fs $syslog
 # Default-Start:    2 3 4 5
 # Default-Stop:        0 1 6
 # Short-Description:    Start openntpd at boot time
 # Description:        NTP, the Network Time Protocol, is used to keep the
 #            computer clocks synchronized.
 ### END INIT INFO
 PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
 DAEMON=/usr/sbin/ntpd
 NAME=ntpd
 DESC=openntpd
 PIDFILE=/var/run/openntpd/ntpd.pid
 test -e $DAEMON || exit 0
 # Include openntpd defaults if available
 if [ -f /etc/default/openntpd ]
 then
    . /etc/default/openntpd
 fi
 set -e
 check_privsep_dir()
 {
    # check that the privsep dir exists
    if [ ! -d /var/run/openntpd ]
    then
        mkdir /var/run/openntpd
        chmod 0755 /var/run/openntpd
    fi
 }
 case "$1" in
    start)
        check_privsep_dir
        echo -n "Starting $DESC: "
        start-stop-daemon --start --quiet --exec $DAEMON -- $DAEMON_OPTS
        echo "$NAME."
        ps aux | egrep "^root .* /usr/sbin/ntpd$" | awk '{print $2}' > $PIDFILE
        ;;
    stop)
        echo -n "Stopping $DESC: "
        start-stop-daemon --stop --oknodo --quiet \
                --pidfile /var/run/openntpd/ntpd.pid --exec $DAEMON
        echo "$NAME."
        ;;
    restart|force-reload)
        echo -n "Restarting $DESC: "
        start-stop-daemon --stop --oknodo --quiet \
                --pidfile /var/run/openntpd/ntpd.pid --exec $DAEMON
        sleep 1
        check_privsep_dir
        start-stop-daemon --start --quiet --exec $DAEMON -- $DAEMON_OPTS
        echo "$NAME."
        ps aux | egrep "^root .* /usr/sbin/ntpd$" | awk '{print $2}' > $PIDFILE
        ;;
    *)
        N=/etc/init.d/$NAME
        echo "Usage: $N {start|stop|restart|force-reload}" >&2
        exit 1
        ;;
 esac
 exit 0
--- a/Metadata/clients.xml
+++ b/Metadata/clients.xml
@ -11,7 +11,7 @@
  <Client name="vo.adm.crans.org" profile="vo" pingable="Y" pingtime="1423227886.91" version="1.3.5"/>
  <Client name="malloc.adm.crans.org" profile="malloc" pingable="N" pingtime="1342471851.07"/>
  <Client name="thot.adm.crans.org" profile="thot" pingable="Y" pingtime="1423227886.91" version="1.3.5"/>
-  <Client name="zbee.adm.crans.org" profile="zbee" pingable="Y" pingtime="1423227886.91"/>
+  <Client name="zbee.adm.crans.org" profile="zbee" pingable="Y" pingtime="1423227886.91" version="1.3.5"/>
  <Client name="cochon.adm.crans.org" profile="cochon" pingable="Y" pingtime="1423227886.91" version="1.3.5"/>
  <Client name="odlyd.adm.crans.org" profile="odlyd" pingable="Y" pingtime="1423227886.89" version="1.3.5"/>
  <Client name="fy.adm.crans.org" profile="fy" pingable="Y" pingtime="1423227886.88" version="1.3.5"/>
--- a/Metadata/groups.xml
+++ b/Metadata/groups.xml
@ -972,7 +972,7 @@
    <!--TODO créer un nouveau groupe pour zamok pour placer toutes
    les dépendances de gest_crans, whos et cie -->
-    <Bundle name="snmp-utils" comment="Pour whos verbeux (switchs etc)"/>
+    <Bundle name="snmp-utils"/>
  </Group>
  <Group name="news-server">
@ -1093,12 +1093,12 @@
    <Group name="generate"/>
  </Group>
-  <Group name="infinoted" comment="Editeur collaboratif">
+  <Group name="infinoted">
    <!--TODO: initscript, conf, monitoring etc-->
    <Bundle name="check_cert"/><!-- Port 6523 -->
  </Group>
-  <Group name="pad" comment="Editeur collaboratif">
+  <Group name="pad">
    <!--TODO: initscript, conf, monitoring, etc-->
  </Group>
@ -1243,11 +1243,6 @@
     <Bundle name="ntpdate"/>
  </Group>
  <Group name="openntpd">
    <!-- Client OpenNTPd en daemon -->
     <Bundle name="openntpd"/>
  </Group>
  <!-- +===================================================+ -->
  <!-- | Configuration des backends utilises en production | -->
  <!-- +===================================================+ -->
@ -1312,7 +1307,7 @@
  <Group name="print-server-backend">
    <Group name="cups-service"/>
    <Group name="non-free"/>
-    <Bundle name="snmp-utils" comment="Status imprimante avant impression"/>
+    <Bundle name="snmp-utils"/>
  </Group>
  <Group name="radius-server-backend">
@ -1551,7 +1546,7 @@
  <Group name="munin-server"
    category="supervisor-server">
    <Bundle name="munin-server"/>
-    <Bundle name="snmp-utils" comment="Pour plugins locaux"/>
+    <Bundle name="snmp-utils"/>
    <Group name="nginx"/>
    <!-- <Bundle name="munin"/> -->
  </Group>
@ -1583,7 +1578,7 @@
 <Group name="arpwatch" > <!-- arpwatch special crans avec traçage des macs -->
    <Group name="non-free"/><!-- Pour snmp-mibs-downloader, pour interrogation switch -->
    <Bundle name="arpwatch"/>
-    <Bundle name="snmp-utils" comment="Pour traçage macs"/>
+    <Bundle name="snmp-utils"/>
 </Group>
 <Group name="ramond">
--- a/Python/etc/apt/sources.list
+++ b/Python/etc/apt/sources.list
@ -13,9 +13,9 @@ distro = metadata.categories["debian-version"]
 repo = "ftp://mirror.adm.crans.org"
 def source(args):
-    print "deb     " + args
+    out("deb     %s" % (args,))
-    print "deb-src " + args
+    out("deb-src %s" % (args,))
-    print
+    out()
 components = "main"
 customcomponents = "main"
--- a/Python/etc/arpwatch.conf
+++ b/Python/etc/arpwatch.conf
@ -22,4 +22,4 @@ info["mode"] = 0644
 include("arpwatch")
 for vlan in watched_vlans:
 	iface = 'eth0.%d' % vlan
-	print("%s    -m root@crans.org" % iface)
+	out("%s    -m root@crans.org" % (iface,))
--- a/Python/etc/auto.master
+++ b/Python/etc/auto.master
@ -4,9 +4,9 @@ header("Définition des points de montage pour autofs.")
 def mount(mntpoint, script, timeout=None):
    if timeout is not None:
-        print mntpoint, script, '-t%s' % timeout
+        out("%s %s -t%s" % (mntpoint, script, timeout))
    else:
-        print mntpoint, script
+        out("%s %s" % (mntpoint, script))
 if has("home") and not has("home-permanent"):
    mount("/home", "/etc/auto.home", 600)
--- a/Python/etc/backuppc/config.pl
+++ b/Python/etc/backuppc/config.pl
@ -1257,7 +1257,7 @@ info["mode"] = 0600
@#
@#$Conf{RsyncdPasswd} = '';
@
-print "$Conf{RsyncdPasswd} = '%s';" % secrets.backuppc_RsyncdPasswd
+out("$Conf{RsyncdPasswd} = '%s';" % (secrets.backuppc_RsyncdPasswd,))
@
@#
@# Whether authentication is mandatory when connecting to the client's
--- a/Python/etc/backuppc/hosts
+++ b/Python/etc/backuppc/hosts
@ -6,11 +6,11 @@ info["owner"] = "backuppc"
 info["group"] = "adm"
 info["mode"] = 0640
-def backuppc_hosts(comment, hostslist):
+def backuppc_hosts(commentaire, hostslist):
-    print "# %s" % comment
+    comment(commentaire)
    for host in hostslist:
-        print '%s 0 backuppc' % host
+        out('%s 0 backuppc' % (host,))
-    print ''
+    out()
@#============================================================= -*-perl-*-
@#
--- a/Python/etc/bind/db.fake
+++ b/Python/etc/bind/db.fake
@ -29,4 +29,4 @@ header("Zone du dns menteur pour accueil")
 for ip in config.accueil_route.keys():
    if 'hosts' in config.accueil_route[ip].keys():
        for host in config.accueil_route[ip]['hosts']:
-            print "%s IN A %s" % (host,ip)
+            out("%s IN A %s" % (host, ip))
--- a/Python/etc/bind/db.loppsi.crans.org
+++ b/Python/etc/bind/db.loppsi.crans.org
@ -12,16 +12,16 @@ header("Zone du dns menteur")
@$TTL 3600       ; 1 hour
@@        IN SOA  sable.crans.org. root.crans.org. (
-print """                                2386410401 ; serial
+@                                2386410401 ; serial
-                                21600      ; refresh (6 hours)
+@                                21600      ; refresh (6 hours)
-                                3600       ; retry (1 hour)
+@                                3600       ; retry (1 hour)
-                                1209600    ; expire (2 weeks)
+@                                1209600    ; expire (2 weeks)
-                                3600       ; minimum (1 hour)
+@                                3600       ; minimum (1 hour)
-                                )
+@                                )
-                        NS      sable.crans.org.
+@                        NS      sable.crans.org.
-"""
+@
-print "archive.ubuntu.com    CNAME charybde.crans.org."
+@archive.ubuntu.com    CNAME charybde.crans.org.
-print "*.archive.ubuntu.com    CNAME charybde.crans.org."
+@*.archive.ubuntu.com    CNAME charybde.crans.org.
-print "teredo.ipv6.microsoft.com CNAME ."
+@teredo.ipv6.microsoft.com CNAME .
--- a/Python/etc/bind/db.rpz.crans.org
+++ b/Python/etc/bind/db.rpz.crans.org
@ -12,13 +12,13 @@ header("Zone pour la response policy pour les utilisateur courant")
@$TTL 3600       ; 1 hour
@@        IN SOA  sable.crans.org. root.crans.org. (
-print """                                2386410401 ; serial
+@                                2386410401 ; serial
-                                21600      ; refresh (6 hours)
+@                                21600      ; refresh (6 hours)
-                                3600       ; retry (1 hour)
+@                                3600       ; retry (1 hour)
-                                1209600    ; expire (2 weeks)
+@                                1209600    ; expire (2 weeks)
-                                3600       ; minimum (1 hour)
+@                                3600       ; minimum (1 hour)
-                                )
+@                                )
-                        NS      sable.crans.org.
+@                        NS      sable.crans.org.
-"""
+@
-print "teredo.ipv6.microsoft.com CNAME ."
+@teredo.ipv6.microsoft.com CNAME .
--- a/Python/etc/bind/named.conf.local
+++ b/Python/etc/bind/named.conf.local
@ -17,7 +17,7 @@ class print_idented(object):
    def __init(self):
        pass
    def p(self, str):
-        print '%s%s' % ('    '*ident, str)
+        out('%s%s' % ('    '*ident, str))
 class view(print_idented):
    def __init__(self, name, match_client=None):
@ -121,11 +121,11 @@ with view("default-view", "any") as v:
            z.p('    %s;' % f)
        z.p('};')
-print """
+out("""
 // bricoles de config en plus
 include "/etc/bind/rndc.key";
 controls {
    inet 127.0.0.1 allow { 127.0.0.1; } keys { "key"; };
 };
-"""
+""")
--- a/Python/etc/bind/named.conf.notify
+++ b/Python/etc/bind/named.conf.notify
@ -11,7 +11,7 @@ header("Options de Bind9")
 import config.dns
 def notify(ips):
-    print "	also-notify { \n		%s;\n	};" % ';\n		'.join(ips)
+    out("	also-notify { \n		%s;\n	};" % (';\n		'.join(ips),))
 allowed = set()
--- a/Python/etc/bind/named.conf.options
+++ b/Python/etc/bind/named.conf.options
@ -13,16 +13,16 @@ import config.dns
 comment("Listes d'acces")
 if has("vlan-isolement"):
-    print 'acl "isolement" { %s; };' % '; '.join(config.NETs['isolement'])
+    out('acl "isolement" { %s; };' % ('; '.join(config.NETs['isolement']),))
 if has("vlan-radin"):
-    print 'acl "radins" { %s; };' % '; '.join(config.NETs['gratuit'])
+    out('acl "radins" { %s; };' % ('; '.join(config.NETs['gratuit']),))
 if has("vlan-accueil"):
-    print 'acl "accueil" { %s; };' % '; '.join(config.NETs['accueil'])
+    out('acl "accueil" { %s; };' % ('; '.join(config.NETs['accueil']),))
 if has("vlan-ens"):
-     print 'acl "appartement" { %s; };' % '; '.join(config.NETs['personnel-ens'] + config.prefix['personnel-ens'])
+     out('acl "appartement" { %s; };' % ('; '.join(config.NETs['personnel-ens'] + config.prefix['personnel-ens']),))
-print 'acl "crans" { %s; };' % '; '.join(config.prefix['fil'] + config.prefix['wifi'] + config.NETs['all'])
+out('acl "crans" { %s; };' % ('; '.join(config.prefix['fil'] + config.prefix['wifi'] + config.NETs['all']),))
-print 'acl "cransadm" { %s; };' % '; '.join(config.prefix['adm'] + config.NETs['adm'])
+out('acl "cransadm" { %s; };' % ('; '.join(config.prefix['adm'] + config.NETs['adm']),))
-print 'acl "menteur" { %s; };' % '; '.join(config.dns.menteur_clients) 
+out('acl "menteur" { %s; };' % ('; '.join(config.dns.menteur_clients),))
@options {
@ -40,8 +40,8 @@ if has("dns-recursif") or has("dns-forward-only"):
        zones.append("accueil")
    if has("vlan-isolement"):
        zones.append("isolement")
-    print "    allow-query-cache { %s; };" % '; '.join(zones)
+    out("    allow-query-cache { %s; };" % ('; '.join(zones),))
-    print "    allow-recursion { %s; };" % '; '.join(zones)
+    out("    allow-recursion { %s; };" % ('; '.join(zones),))
    @    recursive-clients 5000;
 else:
@ -62,7 +62,7 @@ if has("dns-primary") or has("dns-tv"):
    if allowed:
        allowed = list(allowed)
        allowed.sort()
-        print "         %s;" % ';\n         '.join(allowed)
+        out("         %s;" % (';\n         '.join(allowed),))
    @    };
@    allow-query { any; };
@    auth-nxdomain no; # conform to RFC1035
@ -75,7 +75,7 @@ if not has("dns-secondary-no-forward") and not has("dns-forward-only"):
    @    // Ne pas modifier le commentaire de fin de ligne suivant,
    @    // traitement automatique pour la connexion de secours
    @    // (ligne decommentee automatiquement en mode secours)
-    print"//  forwarders { %s; } ; #POUR SECOURS" % config.dns.secours_relay
+    out("//  forwarders { %s; } ; #POUR SECOURS" % (config.dns.secours_relay,))
 if has("dnssec-validation"):
    @    dnssec-enable yes;
--- a/Python/etc/bind/rndc.key
+++ b/Python/etc/bind/rndc.key
@ -11,6 +11,6 @@ info["mode"] = 0640
@
@key "key" {
@    algorithm hmac-md5;
-print '    secret "%s";' % secrets.rndc_key
+out('    secret "%s";' % (secrets.rndc_key,))
@};
--- a/Python/etc/crans/secrets/README
+++ b/Python/etc/crans/secrets/README
@ -1,2 +1,2 @@
 info["mode"] = 0640
-print file("/etc/crans/secrets/README").read()
+_out(open("/etc/crans/secrets/README", "r").read())
--- a/Python/etc/crans/secrets/dhcp.py
+++ b/Python/etc/crans/secrets/dhcp.py
@ -6,5 +6,5 @@ else:
 info["group"] = "adm"
 import dhcp
-print "dhcp_omapi_keyname = '%s'" % dhcp.dhcp_omapi_keyname
+out("dhcp_omapi_keyname = '%s'" % (dhcp.dhcp_omapi_keyname,))
-print "dhcp_omapi_keys = %s" % dhcp.dhcp_omapi_keys
+out("dhcp_omapi_keys = %s" % (dhcp.dhcp_omapi_keys,))
--- a/Python/etc/crans/secrets/icecast-token
+++ b/Python/etc/crans/secrets/icecast-token
@ -2,4 +2,4 @@ info["mode"] = 0440
 info["owner"] = "root"
 info["group"] = "adm"
-print file("/etc/crans/secrets/icecast-token").read()
+_out(open("/etc/crans/secrets/icecast-token", "r").read())
--- a/Python/etc/crans/secrets/nols.py
+++ b/Python/etc/crans/secrets/nols.py
@ -1,3 +1,3 @@
 info["mode"] = 0440
 info["group"] = "adm"
-print file("/etc/crans/secrets/nols.py").read()
+_out(open("/etc/crans/secrets/nols.py", "r").read())
--- a/Python/etc/crans/secrets/privatekey_passphrase
+++ b/Python/etc/crans/secrets/privatekey_passphrase
@ -4,4 +4,4 @@ if has("users") or has("2B"):
 else:
    info["owner"] = "root"
 info["group"] = "adm"
-print file("/etc/crans/secrets/privatekey_passphrase").read()
+_out(open("/etc/crans/secrets/privatekey_passphrase", "r").read())
--- a/Python/etc/crans/secrets/rabbitmq_trigger_password
+++ b/Python/etc/crans/secrets/rabbitmq_trigger_password
@ -2,4 +2,4 @@ info["mode"] = 0440
 info["owner"] = "root"
 info["group"] = "adm"
-print file("/etc/crans/secrets/rabbitmq_trigger_password").read()
+_out(open("/etc/crans/secrets/rabbitmq_trigger_password", "r").read())
--- a/Python/etc/crans/secrets/rsyncd.secrets
+++ b/Python/etc/crans/secrets/rsyncd.secrets
@ -1,4 +1,4 @@
 # -*- coding: utf-8 -*-
 info["mode"] = 0600
-print file("/etc/crans/secrets/rsyncd.secrets").read()
+_out(open("/etc/crans/secrets/rsyncd.secrets", "r").read())
--- a/Python/etc/crans/secrets/secrets.py
+++ b/Python/etc/crans/secrets/secrets.py
@ -5,4 +5,4 @@ else:
    info["owner"] = "root"
 info["group"] = "adm"
-print file("/etc/crans/secrets/secrets.py").read()
+_out(open("/etc/crans/secrets/secrets.py", "r").read())
--- a/Python/etc/crans/secrets/slon.py
+++ b/Python/etc/crans/secrets/slon.py
@ -1,3 +1,4 @@
 info["mode"] = 0440
 info["group"] = "adm"
-print file("/etc/crans/secrets/slon.py").read()
+
 _out(open("/etc/crans/secrets/slon.py", "r").read())
--- a/Python/etc/crans/secrets/trigger-generate
+++ b/Python/etc/crans/secrets/trigger-generate
@ -2,4 +2,4 @@ info["mode"] = 0440
 info["owner"] = "root"
 info["group"] = "adm"
-print file("/etc/crans/secrets/trigger-generate").read()
+_out(open("/etc/crans/secrets/trigger-generate", "r").read())
--- a/Python/etc/crans/secrets/trigger-generate.pub
+++ b/Python/etc/crans/secrets/trigger-generate.pub
@ -1,4 +1,4 @@
 info["mode"] = 0444
 info["owner"] = "root"
 info["group"] = "adm"
-print file("/etc/crans/secrets/trigger-generate.pub").read()
+_out(open("/etc/crans/secrets/trigger-generate.pub", "r").read())
--- a/Python/etc/crans/services.py
+++ b/Python/etc/crans/services.py
@ -15,8 +15,8 @@ for client in clients:
    for group in client.groups:
        groups_dict.setdefault(group, []).append(client.hostname.split('.', 1)[0])
-print "services = {"
+out("services = {")
 for (group_name, clients) in groups_dict.iteritems():
    clients.sort()
-    print "    '%s': %s," % (group_name, clients)
+    out("    '%s': %s," % (group_name, clients))
-print "}"
+out("}")
--- a/Python/etc/crans/wgetrc_monit
+++ b/Python/etc/crans/wgetrc_monit
@ -8,8 +8,8 @@ include("secrets")
 header("Config de wget pour récupérer le status des serveurs")
-print """quiet=1
+@quiet=1
-timeout=10
+@timeout=10
-http-user=monit"""
+@http-user=monit
-print "http-password=" + secrets_new.get('monit_password')
+out("http-password=%s" % (secrets_new.get('monit_password'),))
--- a/Python/etc/cron.d/check_cert
+++ b/Python/etc/cron.d/check_cert
@ -14,11 +14,9 @@ def check_cert(host='localhost', port=443, user="www-data", filename=None):
          'filename': filename,
        }
    if filename:
-        print "43 7 * * * %(user)s /usr/scripts/utils/check_cert.py --filename %(filename)s" %\
+        out("43 7 * * * %(user)s /usr/scripts/utils/check_cert.py --filename %(filename)s" % params)
            params
    else:
-        print "42 7 * * * %(user)s /usr/scripts/utils/check_cert.py %(host)s %(port)s" %\
+        out("42 7 * * * %(user)s /usr/scripts/utils/check_cert.py %(host)s %(port)s" % params)
            params
 # Host specific
 if has('https-server') or has('https_cert'):
--- a/Python/etc/cron.d/firewall
+++ b/Python/etc/cron.d/firewall
@ -12,12 +12,12 @@ random.seed(admip())
 header("Régénération du pare-feu")
 min=random.randint(0,59)
-print "# Regénération des règles MAC-IP du firewall"
+@# Regénération des règles MAC-IP du firewall
-print "%s 1 * * * root /usr/scripts/gestion/gen_confs/firewall4/firewall4.py test_mac_ip > /dev/null" % min
+out("%s 1 * * * root /usr/scripts/gestion/gen_confs/firewall4/firewall4.py test_mac_ip > /dev/null" % (min,))
-print "# Régénération des blacklists du firewall"
+@# Régénération des blacklists du firewall
-print "%s 2 * * * root /usr/scripts/gestion/gen_confs/firewall4/firewall4.py blacklists > /dev/null" % min
+out("%s 2 * * * root /usr/scripts/gestion/gen_confs/firewall4/firewall4.py blacklists > /dev/null" % (min,))
 if has("odlyd"):
-    print "# Base pour redonner un accès temporairement aux non réadhérents"
+    @# Base pour redonner un accès temporairement aux non réadhérents
-    print "30 * * * * root /usr/sbin/ipset flush CONFIRMATION"
+    @30 * * * * root /usr/sbin/ipset flush CONFIRMATION
--- a/Python/etc/cron.d/generate
+++ b/Python/etc/cron.d/generate
@ -12,4 +12,4 @@ random.seed(admip())
 header("Régénération de la configuration des services")
 min=random.randint(0,9)
-print "%s-%s/10 * * * * root /usr/scripts/gestion/gen_confs/generate.py > /dev/null" % (min, 50+min)
+out("%s-%s/10 * * * * root /usr/scripts/gestion/gen_confs/generate.py > /dev/null" % (min, 50+min))
--- a/Python/etc/cron.d/monit
+++ b/Python/etc/cron.d/monit
@ -33,7 +33,7 @@ data = {
 # Si ce serveur possède un nfs, on génère le cron qui écrit dedans
 if has_shared_scripts(metadata):
    comment("Copie de `monit status` sur le nfs")
-    print cron_tpl_nfs % data
+    out(cron_tpl_nfs % data)
 # Pour les autres serveurs, c'est le serveur autostatus qui récupère
 if has('autostatus'):
@ -41,4 +41,4 @@ if has('autostatus'):
    for client in metadata.query.all():
        if not has_shared_scripts(client):
            data['host'] = client.hostname.split('.', 1)[0]
-            print cron_tpl_nonfs % data
+            out(cron_tpl_nonfs % data)
--- a/Python/etc/cron.d/munin-crans
+++ b/Python/etc/cron.d/munin-crans
@ -18,6 +18,6 @@ for group in metadata.groups:
 header("""Commandes cron pour les plugins munin custom Cr@ns""")
 if cron_lines:
-    print '\n\n'.join(cron_lines)
+    out('\n\n'.join(cron_lines))
 else:
-    print '# Rien à voir ici...'
+    out('# Rien à voir ici...')
--- a/Python/etc/cron.d/munin-node
+++ b/Python/etc/cron.d/munin-node
@ -5,7 +5,8 @@ info["group"] = "root"
 info["mode"] = 0644
 header("Cronjob munin-node")
-print """
+
 out("""
 MAILTO=root
 # If the APT plugin is enabled, update packages databases approx. once
@ -13,21 +14,15 @@ MAILTO=root
 # happen), but ensure that there will never be more than two hour (7200
 # seconds) interval between updates..
-"""
+# J'ai trouve ce workaround sur :
 print """# J'ai trouve ce workaround sur :
 # http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687912
 # le bugreport pretend que la derniere version de munin fix le probleme, mais non
 # -- 
 # 20-100, le 20/01/2013
 MUNIN_PLUGSTATE=/var/lib/munin-node/plugin-state/root
 """
 print """
 # Quand on le fait trop vite, parfois la tache precedente n'a pas eu le temps
 #  de finir et donc la suivante crashe parce qu'elle n'arrive pas a prendre
 #  le lock
 */10 * * * *    root if [ -x /etc/munin/plugins/apt_all ]; then /etc/munin/plugins/apt_all update 7200 12 >/dev/null; elif [ -x /etc/munin/plugins/apt ]; then /etc/munin/plugins/apt update 7200 12 >/dev/null; fi
-"""
+""")
--- a/Python/etc/cron.d/secours
+++ b/Python/etc/cron.d/secours
@ -6,8 +6,8 @@ info["mode"] = 0644
 if has('connexion-secours-test'):
    header("Teste la disponibilité de la connexion normale et passe en secours si besoin")
-    print "* * * * * root /usr/scripts/secours/secours.py test > /dev/null"
+    @* * * * * root /usr/scripts/secours/secours.py test > /dev/null
 else:
    header("Mise en place de la connexion de secours suivant l'état du maitre")
-    print "* * * * * root /usr/scripts/secours/secours.py > /dev/null"
+    @* * * * * root /usr/scripts/secours/secours.py > /dev/null
--- a/Python/etc/cron.d/sshFingerprint
+++ b/Python/etc/cron.d/sshFingerprint
@ -12,6 +12,6 @@ include("ip")
@# On vérifie si les clef ssh de la machine ont changés. Si oui, on les mets à jours dans ldap
 min=int(admip().split('.')[3])%60
-print "%s 9 * * * root /usr/scripts/gestion/gen_confs/populate_sshFingerprint.py" % min
+out("%s 9 * * * root /usr/scripts/gestion/gen_confs/populate_sshFingerprint.py" % (min,))
@# On met à jour le known_hosts global
-print "%s 10 * * * root /usr/sbin/bcfg2 -b knownhosts -q" % min
+out("%s 10 * * * root /usr/sbin/bcfg2 -b knownhosts -q" % (min,))
--- a/Python/etc/cron.daily/git_dirty_repo
+++ b/Python/etc/cron.daily/git_dirty_repo
@ -12,21 +12,21 @@ default_from = "roots@crans.org"
 default_to = "roots@crans.org"
 if has("crans-nfs"):
-    print '%s --untracked-weekly --repository=/usr/scripts --from="%s" --to="%s"' % (notifier_path, default_from, default_to)
+    out('%s --untracked-weekly --repository=/usr/scripts --from="%s" --to="%s"' % (notifier_path, default_from, default_to))
-    print '%s --untracked-weekly --repository=/usr/scripts/lc_ldap --from="%s" --to="%s"' % (notifier_path, default_from, default_to)
+    out('%s --untracked-weekly --repository=/usr/scripts/lc_ldap --from="%s" --to="%s"' % (notifier_path, default_from, default_to))
-    print '%s --untracked-weekly --repository=/usr/scripts/intranet --from="%s" --to="%s"' % (notifier_path, default_from, default_to)
+    out('%s --untracked-weekly --repository=/usr/scripts/intranet --from="%s" --to="%s"' % (notifier_path, default_from, default_to))
-    print '%s --untracked-weekly --repository=/usr/scripts/wifi_new --from="%s" --to="%s"' % (notifier_path, default_from, default_to)
+    out('%s --untracked-weekly --repository=/usr/scripts/wifi_new --from="%s" --to="%s"' % (notifier_path, default_from, default_to))
-    print '%s --untracked-weekly --repository=/usr/scripts/src/mac_ip --from="%s" --to="%s"' % (notifier_path, default_from, default_to)
+    out('%s --untracked-weekly --repository=/usr/scripts/src/mac_ip --from="%s" --to="%s"' % (notifier_path, default_from, default_to))
-    print '%s --untracked-weekly --repository=/home/respbats/www/config --from="%s" --to="%s"' % (notifier_path, default_from, default_to)
+    out('%s --untracked-weekly --repository=/home/respbats/www/config --from="%s" --to="%s"' % (notifier_path, default_from, default_to))
 if has("bcfg2"):
-    print '%s --untracked-weekly --repository=/var/lib/bcfg2 --from="%s" --to="%s"' % (notifier_path, default_from, default_to)
+    out('%s --untracked-weekly --repository=/var/lib/bcfg2 --from="%s" --to="%s"' % (notifier_path, default_from, default_to))
 if has("vert"):
-    print '%s --untracked-weekly --repository=/root/cranspasswords --from="%s" --to="%s"' % (notifier_path, default_from, default_to)
+    out('%s --untracked-weekly --repository=/root/cranspasswords --from="%s" --to="%s"' % (notifier_path, default_from, default_to))
 if has("news-server"):
-    print '%s --untracked-weekly --repository=/var/www --from="%s" --to="%s"' % (notifier_path, default_from, default_to)
+    out('%s --untracked-weekly --repository=/var/www --from="%s" --to="%s"' % (notifier_path, default_from, default_to))
 if has("intranet2-server"):
-    print '%s --untracked-weekly --repository=/usr/local/django/intranet --from="%s" --to="%s"' % (notifier_path, default_from, default_to)
+    out('%s --untracked-weekly --repository=/usr/local/django/intranet --from="%s" --to="%s"' % (notifier_path, default_from, default_to))
--- a/Python/etc/cron.weekly/git_dirty_repo
+++ b/Python/etc/cron.weekly/git_dirty_repo
@ -12,4 +12,4 @@ default_from = "roots@crans.org"
 default_to = "roots@crans.org"
 if has("crans-nfs"):
-    print '%s --repository=/home/ca --from="%s" --to="%s"' % (notifier_path, default_from, "bureau@lists.crans.org")
+    out('%s --repository=/home/ca --from="%s" --to="%s"' % (notifier_path, default_from, "bureau@lists.crans.org"))
--- a/Python/etc/default/monit
+++ b/Python/etc/default/monit
@ -7,11 +7,9 @@ info["mode"] = 0644
 header('Demarrage de monit')
-print """
+@
-
+@# On lance monit automatiquement
-# On lance monit automatiquement
+@START="yes"
-START="yes"
+@
-
+@MONIT_OPTS="-d 60"
-MONIT_OPTS="-d 60"
+@
 """
--- a/Python/etc/default/mumudvb
+++ b/Python/etc/default/mumudvb
@ -36,10 +36,10 @@ for i in range(0,dernierecarte):
 adapters=adapters[:-1]
-print 'ADAPTERS="%s"' % adapters
+out('ADAPTERS="%s"' % (adapters,))
@
@#Location of the config files
@#Ex : MUMUDVB_CONF_1="/etc/mumudvb/card1.conf"
 for i in range(0,dernierecarte):
-    print 'MUMUDVB_CONF_%d="/etc/sat/carte%d.conf"' % (i,i)
+    out('MUMUDVB_CONF_%d="/etc/sat/carte%d.conf"' % (i, i))
--- a/Python/etc/default/slapd
+++ b/Python/etc/default/slapd
@ -40,7 +40,7 @@ slapd_services += ["ldap://%s/" % admip()]
 if has("sable"):
    slapd_services += ["ldaps://%s/" % pubip()]
-print 'SLAPD_SERVICES="%s"' % ' '.join(slapd_services)
+out('SLAPD_SERVICES="%s"' % (' '.join(slapd_services),))
@
@# Additional options to pass to slapd and slurpd
@SLAPD_OPTIONS=""
--- a/Python/etc/dhcp3/dhcp-failover.conf
+++ b/Python/etc/dhcp3/dhcp-failover.conf
@ -12,21 +12,22 @@ include("ip")
 import config
 if len(config.dhcp_servers) > 2:
-    print "####################################################################"
+    @"####################################################################"
-    print "## ATTENTION LA CONFIGURATION NE PEUT PAS GÉRER PLUS DE DEUX DHCP ##"
+    @"## ATTENTION LA CONFIGURATION NE PEUT PAS GÉRER PLUS DE DEUX DHCP ##"
-    print "####################################################################"
+    @"####################################################################"
 myip = admip()
 herip = admipof([name for name in config.dhcp_servers if name != admhostname][0].split('.',1)[0])
-print 'failover peer "dhcp-failover" {'
+@failover peer "dhcp-failover" {
 if has("dhcp-server-primary"):
-    print """        primary;
+    @        primary;
-        split 128;
+    @        split 128;
-        mclt 3600;"""
+    @        mclt 3600;
 elif has("dhcp-server-secondary"):
-    print "        secondary;"
+    @        secondary;
-print """        address %s;
+
 out("""        address %s;
        port 647;
        peer address %s;
        peer port 647;
@ -34,4 +35,4 @@ print """        address %s;
        max-unacked-updates 10;
        load balance max seconds 3;
 }
-""" % (myip, herip)
+""" % (myip, herip))
--- a/Python/etc/dhcp3/dhcpd.conf
+++ b/Python/etc/dhcp3/dhcpd.conf
@ -13,51 +13,46 @@ import config.dns
 instpar = has('ytrap-llatsni')
-print """
+@#
-#
+@# Sample configuration file for ISC dhcpd for Debian
-# Sample configuration file for ISC dhcpd for Debian
+@#
-#
+@# $Id: dhcpd.conf,v 1.1.1.1 2002/05/21 00:07:44 peloy Exp $
-# $Id: dhcpd.conf,v 1.1.1.1 2002/05/21 00:07:44 peloy Exp $
+@#
-#
+@
-
+@# The ddns-updates-style parameter controls whether or not the server will
-# The ddns-updates-style parameter controls whether or not the server will
+@# attempt to do a DNS update when a lease is confirmed. We default to the
-# attempt to do a DNS update when a lease is confirmed. We default to the
+@# behavior of the version 2 packages ('none', since DHCP v2 didn't
-# behavior of the version 2 packages ('none', since DHCP v2 didn't
+@# have support for DDNS.)
-# have support for DDNS.)
+@ddns-update-style none;
-ddns-update-style none;"""
+@
 if not instpar:
-    print """
+    @include "/etc/dhcp3/omapi.conf";
-include "/etc/dhcp3/omapi.conf";"""
+    @
-print """
+@# option definitions common to all supported networks...
-# option definitions common to all supported networks...
+@option option-252 code 252 = text ;
-option option-252 code 252 = text ;
+@option domain-search code 119 = text ;
-option domain-search code 119 = text ;
+@option option-119 code  119 = text ;
-option option-119 code  119 = text ;
+@# La pluspart de nos réseaux sont taggués, on utilise donc une mtu de 1500-4 octets
-# La pluspart de nos réseaux sont taggués, on utilise donc une mtu de 1500-4 octets
+@option interface-mtu 1496;
-option interface-mtu 1496;
+@
-
+@# If this DHCP server is the official DHCP server for the local
-# If this DHCP server is the official DHCP server for the local
+@# network, the authoritative directive should be uncommented.
 # network, the authoritative directive should be uncommented.
 """
 if instpar:
-    print "authoritative;"
+    @authoritative;
 else:
-    print "#authoritative;"
+    @#authoritative;
-print """
+@# Use this to send dhcp log messages to a different log file (you also
-# Use this to send dhcp log messages to a different log file (you also
+@# have to hack syslog.conf to complete the redirection).
-# have to hack syslog.conf to complete the redirection).
+@log-facility local7;
 log-facility local7;"""
 if not instpar:
-    print """
+    @include "/etc/dhcp3/dhcp-failover.conf";
 include "/etc/dhcp3/dhcp-failover.conf";"""
 if has("vlan-radin"):
-    print """
+    out("""
 # VLan gratuit
 subnet 10.42.0.0 netmask 255.255.0.0 {
 	interface eth3;
@ -68,10 +63,10 @@ subnet 10.42.0.0 netmask 255.255.0.0 {
            range 10.42.1.1 10.42.255.200;
            failover peer "dhcp-failover";
 	}
-}""" % ', '.join(config.dns.recursiv['gratuit'])
+}""" % (', '.join(config.dns.recursiv['gratuit']),))
 if has("vlan-accueil"):
-    print """
+    out("""
 # VLan accueil
 subnet 10.51.0.0 netmask 255.255.0.0 {
 	interface eth4;
@ -91,10 +86,10 @@ subnet 10.51.0.0 netmask 255.255.0.0 {
 	    failover peer "dhcp-failover";
 	    range 10.51.1.1 10.51.255.200;
 	}
-}""" % ', '.join(config.dns.recursiv['accueil'])
+}""" % (', '.join(config.dns.recursiv['accueil']),))
 if has("vlan-isolement"):
-    print """
+    out("""
 # VLan isolement
 subnet 10.52.0.0 netmask 255.255.0.0 {
 	interface eth5;
@ -111,10 +106,10 @@ subnet 10.52.0.0 netmask 255.255.0.0 {
 	    range 10.52.1.1 10.52.255.200;
 	}
 }
-""" % ', '.join(config.dns.recursiv['isolement'])
+""" % (', '.join(config.dns.recursiv['isolement']),))
 if not has("non-vlan-adherent") and not instpar:
-    print """
+    out("""
 # Vlan des adhérents
 subnet 138.231.136.0 netmask 255.255.248.0 {
    interface eth0;
@ -137,10 +132,10 @@ subnet 138.231.136.0 netmask 255.255.248.0 {
        include "/etc/dhcp3/generated/adherents.liste";
 }
-""" % ', '.join(config.dns.recursiv['fil'])
+""" % (', '.join(config.dns.recursiv['fil']),))
 if has("vlan-wifi"):
-    print """
+    out("""
 # Vlan des wifi
 subnet 138.231.144.0 netmask 255.255.248.0 {
    interface eth2;
@ -160,10 +155,10 @@ subnet 138.231.144.0 netmask 255.255.248.0 {
    deny unknown-clients;
        include "/etc/dhcp3/generated/wifi.liste";
-}""" % ', '.join(config.dns.recursiv['wifi'])
+}""" % (', '.join(config.dns.recursiv['wifi']),))
 if has("vlan-ens"):
-    print """
+    out("""
 #Vlan appartement
 subnet 10.2.9.0 netmask 255.255.255.0 {
    interface eth6;
@ -181,10 +176,10 @@ subnet 10.2.9.0 netmask 255.255.255.0 {
        include "/etc/dhcp3/generated/appartements.liste";
 }
-""" % ', '.join(config.dns.recursiv['personnel-ens'])
+""" % (', '.join(config.dns.recursiv['personnel-ens']),))
 if has("vlan-evenementiel"):
-    print """
+    out("""
 subnet 10.231.137.0 netmask 255.255.255.0 {
  range 10.231.137.20 10.231.137.254;
  next-server 10.231.137.1;
@ -197,10 +192,10 @@ subnet 10.231.137.0 netmask 255.255.255.0 {
  # Fichier a charger pour le boot par le reseau
  filename "pxelinux.0";
 }
-""" % ', '.join(config.dns.recursiv['evenementiel'])
+""" % (', '.join(config.dns.recursiv['evenementiel']),))
 if has("vlan-federez"):
-    print """
+    out("""
 # Vlan wifi federez
 subnet 10.53.0.0 netmask 255.255.0.0 {
  interface eth7;
@ -219,4 +214,4 @@ subnet 10.53.0.0 netmask 255.255.0.0 {
  # Fichier a charger pour le boot par le reseau
  filename "pxelinux.0";
 }
-""" % ', '.join(config.dns.recursiv['fil'])
+""" % (', '.join(config.dns.recursiv['fil']),))
--- a/Python/etc/dhcp3/omapi.conf
+++ b/Python/etc/dhcp3/omapi.conf
@ -20,7 +20,7 @@ if not dhcp.dhcp_omapi_keys.get(admhostname, False):
        f.close()
    reload(dhcp)
-print """
+out("""
 omapi-port 9991;
 key omapi_key {
        algorithm HMAC-MD5;
@ -28,4 +28,4 @@ key omapi_key {
 };
 omapi-key omapi_key;
-""" % dhcp.dhcp_omapi_keys.get(admhostname, '')
+""" % (dhcp.dhcp_omapi_keys.get(admhostname, ''),))
--- a/Python/etc/ejabberd/ejabberd.cfg
+++ b/Python/etc/ejabberd/ejabberd.cfg
@ -299,10 +299,10 @@ header("Configuration du serveur xmpp du crans")
@%%{ldap_port, 636}.
@%%
@%% LDAP manager:
-print """{ldap_rootdn, "%s"}.""" % secrets.ldap_readonly_auth_dn
+out("""{ldap_rootdn, "%s"}.""" % (secrets.ldap_readonly_auth_dn,))
@%%
@%% Password to LDAP manager:
-print """{ldap_password, "%s"}.""" % secrets.ldap_readonly_password
+out("""{ldap_password, "%s"}.""" % (secrets.ldap_readonly_password,))
@%%
@%% Search base of LDAP directory:
@{ldap_base, "dc=crans,dc=org"}.
--- a/Python/etc/exports
+++ b/Python/etc/exports
@ -9,10 +9,10 @@ import os
 home_adh = list(string.ascii_lowercase) + ['logs', 'mail']
 dirs = map(lambda x: os.path.join('/home-adh', x), home_adh)
 dirs += ['/usr/scripts', '/home-adh']
-allowed = config.NETs['adm'] + config.prefix['adm']
+allowed = config.NETs['adm']
 tpl = "%s     %s(rw,async,nohide,no_subtree_check,no_root_squash)"
 for dir in dirs:
    for cidr in allowed:
-        print tpl % (dir, cidr)
+        out(tpl % (dir, cidr))
--- a/Python/etc/freeradius/proxy.conf
+++ b/Python/etc/freeradius/proxy.conf
@ -4,7 +4,7 @@ info["perms"] = 0644
 include("secrets")
-print """realm FEDEREZ {
+out("""realm FEDEREZ {
      auth_pool = federez_radius_servers
      nostrip
 }
@ -27,4 +27,4 @@ home_server baldrick {
      check_interval = 30
      num_answers_to_alive = 3
 }
-"""
+""")
--- a/Python/etc/fstab
+++ b/Python/etc/fstab
@ -5,7 +5,7 @@ header("Les modifications locales sont a placer dans le fichier /etc/fstab.local
 import string
 def mnt(fs, mntpoint, type, options=[], dump=0, pass_=0):
-    print ("%s %s %s %s %d %d" %
+    out("%s %s %s %s %d %d" %
           (fs, mntpoint, type,
            (options and ",".join(options)) or "defaults",
            dump, pass_))
@ -15,7 +15,7 @@ mnt("proc", "/proc", "proc")
 mnt("shm", "/dev/shm", "tmpfs")
@# Les definitions locales
-print metadata.Probes["fstab_local"]
+out(metadata.Probes["fstab_local"])
 if has("nfs"):
    @# Le nfs
--- a/Python/etc/hosts
+++ b/Python/etc/hosts
@ -5,23 +5,23 @@ include("ip")
@127.0.0.1 localhost.crans.org localhost
 if has("crans-proxmox-wheezy"):
-    print pubip(), pubhostname
+    out("%s %s" % (pubip(), pubhostname))
-    print admip(), admhostname, hostname+".adm", hostname
+    out("%s %s %s %s" % (admip(), admhostname, hostname+".adm", hostname))
 elif not has("non-vlan-adherent"):
-    print pubip(), pubhostname, hostname
+    out("%s %s %s" % (pubip(), pubhostname, hostname))
-    print admip(), admhostname, hostname+".adm"
+    out("%s %s %s" % (admip(), admhostname, hostname+".adm"))
 else:
-    print admip(), admhostname, hostname+".adm", hostname
+    out("%s %s %s %s" % (admip(), admhostname, hostname+".adm", hostname))
 if has("vlan-wifi"):
-    print wifiip(), wifihostname, hostname+".wifi"
+    out("%s %s %s" % (wifiip(), wifihostname, hostname+".wifi"))
@10.231.136.7 zbee.adm.crans.org zbee.adm zbee nfs.adm.crans.org nfs.adm nfs
 if(has("odlyd")):
-	print "138.231.136.9 sable.crans.org sable"
+	@138.231.136.9 sable.crans.org sable
-	print "138.231.136.98 charybde.crans.org charybde"
+	@138.231.136.98 charybde.crans.org charybde
 if(has("iscsi")):
-	print "10.231.136.36 nols.adm.crans.org nols.adm nols"
+	@10.231.136.36 nols.adm.crans.org nols.adm nols
@# The following lines are desirable for IPv6 capable hosts
@::1     ip6-localhost ip6-loopback
--- a/Python/etc/icecast2/radio.xml
+++ b/Python/etc/icecast2/radio.xml
@ -9,7 +9,7 @@ import tv.radio.config as tv_config
 tv_config = reload(tv_config)
-print """<![CDATA[
+out("""<![CDATA[
 Fichier générer par BCfg2
 Ne pas modifier à la main
 Ne pas faire service icecast2 reload mais service icecast2 restart
@ -24,7 +24,7 @@ dans l'entête de icecast.xml puis
 &radio;
 là où l'on souhaite effectivement include le fichier
 (quelque part dans <icecast></icecast>)
-]]>"""
+]]>""")
 auth_template = """<mount>
        <mount-name>/%s</mount-name>
        <authentication type="url">
@ -48,7 +48,7 @@ for group in tv_config.multicast.keys():
                else:
                        host=p.netloc
                        port = 80
-                print """
+                out("""
 <relay>
        <server>%s</server>
        <port>%s</port>
@ -56,6 +56,6 @@ for group in tv_config.multicast.keys():
        <local-mount>/%s</local-mount>
        <relay-shoutcast-metadata>1</relay-shoutcast-metadata>
        <on-demand>1</on-demand>
-</relay>""" % (host, port, p.path, name)
+</relay>""" % (host, port, p.path, name))
-                print auth_template % name
+                out(auth_template % (name,))
--- a/Python/etc/jabber/key.pem
+++ b/Python/etc/jabber/key.pem
@ -1,3 +1,3 @@
 info["owner"] = "jabber"
 info["mode"] = 0600
-print file("/etc/crans/secrets/jabber-key.pem").read()
+_out(open("/etc/crans/secrets/jabber-key.pem", "r").read())
--- a/Python/etc/kgb-bot/kgb.conf
+++ b/Python/etc/kgb-bot/kgb.conf
@ -22,14 +22,14 @@ header("Configuration du bot KGB\nIl annonce les commits git sur les channels IR
@  crans:
@    # needs to be the same on the client
-print "    password: %s" % secrets.kgb_passwords["crans"]
+out("    password: %s" % (secrets.kgb_passwords["crans"],))
@    # private repositories aren't announced to broadcast channels
@    # private: yes
 for depot in ["ca", "note", "bots", "bde", "fortunes"]:
-    print "  %s:" % (depot,)
+    out("  %s:" % (depot,))
-    print "    password: %s" % (secrets.kgb_passwords[depot],)
+    out("    password: %s" % (secrets.kgb_passwords[depot],))
@# Some witty answer for people that talk to the bot
@smart_answers:
--- a/Python/etc/kgb-ca.conf
+++ b/Python/etc/kgb-ca.conf
@ -8,8 +8,8 @@ info["mode"] = 0660
 header("Pour parler à KGB dans un hook git\nUn membre du CA n'est pas forcément apprenti.")
-print "---"
+@---
-print "repo-id: ca"
+@repo-id: ca
-print "servers:"
+@servers:
-print " - uri: http://irc.crans.org:5391/"
+@ - uri: http://irc.crans.org:5391/
-print "   password: %s" % (secrets.kgb_passwords['ca'])
+out("   password: %s" % (secrets.kgb_passwords['ca'],))
--- a/Python/etc/kgb-client.conf
+++ b/Python/etc/kgb-client.conf
@ -8,8 +8,8 @@ info["mode"] = 0660
 header("Pour parler à KGB dans un hook git")
-print "---"
+@---
-print "repo-id: crans"
+@repo-id: crans
-print "servers:"
+@servers:
-print " - uri: http://irc.crans.org:5391/"
+@ - uri: http://irc.crans.org:5391/
-print "   password: %s" % (secrets.kgb_passwords['crans'])
+out("   password: %s" % (secrets.kgb_passwords['crans'],))
--- a/Python/etc/kgb-fortunes.conf
+++ b/Python/etc/kgb-fortunes.conf
@ -8,8 +8,8 @@ info["mode"] = 0660
 header("Pour parler à KGB dans un hook git\n")
-print "---"
+@---
-print "repo-id: fortunes"
+@repo-id: fortunes
-print "servers:"
+@servers:
-print " - uri: http://irc.crans.org:5391/"
+@ - uri: http://irc.crans.org:5391/
-print "   password: %s" % (secrets.kgb_passwords['fortunes'])
+out("   password: %s" % (secrets.kgb_passwords['fortunes']))
--- a/Python/etc/ldap.secret
+++ b/Python/etc/ldap.secret
@ -1,8 +0,0 @@
 # -*- mode: python; coding: utf-8 -*-
 include("secrets")
 if has("db-main"):
    print secrets.ldap_password
 else:
    print secrets.ldap_readonly_password
--- a/Python/etc/ldap/ldap.conf
+++ b/Python/etc/ldap/ldap.conf
@ -9,5 +9,5 @@ header("Acces a la base ldap")
@# This file should be world readable but not world writable.
@BASE       dc=crans, dc=org
-print "URI        %s" % ldap_socket
+out("URI        %s" % (ldap_socket,))
@#TLS_CACERT /etc/ssl/certs/CAcrans.pem
--- a/Python/etc/ldap/slapd.conf
+++ b/Python/etc/ldap/slapd.conf
@ -90,13 +90,13 @@ else:
    @rootdn "cn=admin,dc=crans,dc=org"
    @
    @# SyncRepl
-    print "syncrepl rid=%s" % rid
+    out("syncrepl rid=%s" % (rid,))
    @         provider=ldap://vert.adm.crans.org
    @         searchbase="dc=crans,dc=org"
    @         type=refreshAndPersist
-    print '         binddn="%s"' % secrets.ldap_replica_auth_dn
+    out('         binddn="%s"' % (secrets.ldap_replica_auth_dn,))
    @         bindmethod=simple
-    print '         credentials=%s' % secrets.ldap_replica_password
+    out('         credentials=%s' % (secrets.ldap_replica_password,))
    @         retry="30 20 300 3"
    @
    @# Redirection des requêtes en écriture, ...
--- a/Python/etc/ldap/templatedir/cn=config/olcDatabase={0}config.ldif
+++ b/Python/etc/ldap/templatedir/cn=config/olcDatabase={0}config.ldif
@ -20,11 +20,11 @@ rid = rid[rid.rfind(".")+1:]
@olcRootDN: cn=admin,dc=crans,dc=org
@olcSyncUseSubentry: FALSE
@olcMonitoring: FALSE
-print 'olcSyncrepl: {0}rid=%s provider=ldap://vert.adm.crans.org bindmethod=simple t' % (rid)
+out('olcSyncrepl: {0}rid=%s provider=ldap://vert.adm.crans.org bindmethod=simple t' % (rid))
-print ' imeout=0 network-timeout=0 binddn=%s ' % (secrets.ldap_replica_auth_dn)
+out(' imeout=0 network-timeout=0 binddn=%s ' % (secrets.ldap_replica_auth_dn))
-print ' credentials=%s filter="(objectClass=olcS' % (secrets.ldap_replica_password)
+out(' credentials=%s filter="(objectClass=olcS' % (secrets.ldap_replica_password))
-print ' chemaConfig)" searchbase="cn=schema,cn=config" scope=sub type=refreshAndPersi'
+out(' chemaConfig)" searchbase="cn=schema,cn=config" scope=sub type=refreshAndPersi')
-print ' st retry="30 20 300 +"'
+out(' st retry="30 20 300 +"')
@structuralObjectClass: olcDatabaseConfig
@entryUUID: 55f5a71a-59fb-102f-9686-112b7bde9a51
@creatorsName: cn=config
--- a/Python/etc/ldap/templatedir/cn=config/olcDatabase={1}bdb.ldif
+++ b/Python/etc/ldap/templatedir/cn=config/olcDatabase={1}bdb.ldif
@ -87,10 +87,10 @@ rid = str(int(rid[rid.rfind(".")+1:])+255)
@entryUUID: 55f5acc4-59fb-102f-9687-112b7bde9a51
@creatorsName: cn=config
@createTimestamp: 20100921183939Z
-print 'olcSyncrepl: {0}rid=%s provider=ldap://vert.adm.crans.org bindmethod=simple tim' % (rid)
+out('olcSyncrepl: {0}rid=%s provider=ldap://vert.adm.crans.org bindmethod=simple tim' % (rid))
-print ' eout=0 network-timeout=0 binddn=%s ' % (secrets.ldap_replica_auth_dn)
+out(' eout=0 network-timeout=0 binddn=%s ' % (secrets.ldap_replica_auth_dn))
-print ' credentials=%s filter="(objectclass=*)" ' % (secrets.ldap_replica_password)
+out(' credentials=%s filter="(objectclass=*)" ' % (secrets.ldap_replica_password))
-print ' searchbase="dc=crans,dc=org" scope=sub type=refreshAndPersist retry="30 20 300 +"'
+out(' searchbase="dc=crans,dc=org" scope=sub type=refreshAndPersist retry="30 20 300 +"')
@entryCSN: 20110227094521.639316Z#000000#000#000000
@modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
@modifyTimestamp: 20110227094521Z
--- a/Python/etc/libnss-ldap.conf
+++ b/Python/etc/libnss-ldap.conf
@ -1,67 +0,0 @@
 # -*- mode: python; coding: utf-8 -*-
 include("mode/space")
 include("secrets")
 include("ldap")
 header("""
 Fichier de configuration pour libnss-ldap.
 Pour des informations détaillées voir libnss-ldap.conf(5)
 ainsi que /usr/share/libnss-ldap/ldap.conf
 """)
 info["mode"] = 0644
@# +---------------------------------------------------+
@# | Configuration de la communication avec le serveur |
@# +---------------------------------------------------+
@# Base LDAP
 %uri "%s" % ldap_socket
@# The distinguished name of the search base.
 %base "dc=crans,dc=org"
@# The distinguished name to bind to the server with.
@# Optional: default is to bind anonymously.
@# Please do not put double quotes around it as they
@# would be included literally.
 %binddn secrets.ldap_readonly_auth_dn
@# The credentials to bind with.
@# Optional: default is no credential.
 #%bindpw secrets.ldap_readonly_password
@# The distinguished name to bind to the server with
@# if the effective user ID is root. Password is
@# stored in /etc/libnss-ldap.secret (mode 600)
@# Use 'echo -n "mypassword" > /etc/libnss-ldap.secret' instead
@# of an editor to create the file.
 %rootbinddn secrets.ldap_readonly_auth_dn
@# The LDAP version to use (defaults to 3
@# if supported by client library)
 %ldap_version 3
@# Search timelimit
 %timelimit 5
@# Bind/connect timelimit
 %bind_timelimit 5
@# +------------------+
@# | Bases de données |
@# +------------------+
 # On n'utilise ldap pour résoudre les bases de données
 # passwd, group et shadow
 if ldap_filter:
    passwd_filter = "?%s" % ldap_filter
 else:
    passwd_filter = ""
 %nss_base_passwd "ou=data,dc=crans,dc=org?one%s" % passwd_filter
 %nss_base_shadow "ou=data,dc=crans,dc=org?one"
 %nss_base_group "ou=Group,dc=crans,dc=org?one"
--- a/Python/etc/libnss-ldap.secret
+++ b/Python/etc/libnss-ldap.secret
@ -1,5 +0,0 @@
 # -*- mode: python; coding: utf-8 -*-
 include("secrets")
 print secrets.ldap_readonly_password
--- a/Python/etc/monit/monitrc
+++ b/Python/etc/monit/monitrc
@ -18,8 +18,8 @@ header()
@set alert roots@crans.org { uid gid size nonexist data icmp invalid exec timeout resource checksum timestamp connection permission }
@
@set httpd port 2812 and
-print "  use address %s" % metadata.hostname
+out("  use address %s" % (metadata.hostname,))
-print "  allow monit:%s" % (secrets.monit_password)
+out("  allow monit:%s" % (secrets.monit_password,))
@
@set mail-format {
@from: roots@crans.org
--- a/Python/etc/monit/services
+++ b/Python/etc/monit/services
@ -36,21 +36,21 @@ def service(group=None, **kw):
            matchingp = ''
        start_cmd = kw.get('start_cmd', '/etc/init.d/%s start' % init)
        stop_cmd = kw.get('stop_cmd', '/etc/init.d/%s stop' % init)
-        print ("""# %(name)s
+        out("""# %(name)s
 check process %(name)s %(pidp)s""" % locals())
        if matchingp:
-            print "    %s" % (matchingp,)
+            out("    %s" % (matchingp,))
-        print ('''    start program = "%(start_cmd)s"
+        out('''    start program = "%(start_cmd)s"
    stop program = "%(stop_cmd)s"''' % locals())
        max_restart = kw.get('max_restart', 5)
        for line in kw.get('extra', []):
            if line:
-                print "   ", line
+                out("    %s" % (line,))
-        print "    if %d restarts within 5 cycles then timeout" % max_restart
+        out("    if %d restarts within 5 cycles then timeout" % (max_restart,))
        if kw.has_key('depends_on'):
-            print "    depends on " + ', '.join(kw['depends_on'])
+            out("     depends on %s" % (', '.join(kw['depends_on']),))
-        print
+        out()
 service("apache",
        name="apache2",
@ -146,10 +146,6 @@ service(group="cups-service",
        name="cups",
        pidf="cups/cupsd")
 service("openntpd",
        name="openntpd",
        pidf="openntpd/ntpd")
 service("cron",
        pidf="crond")
@ -291,9 +287,9 @@ service("ups-server",
        pidf="nut/upsd")
 if not has("nfs"):
-    print """check program git_repos with path "/usr/scripts/utils/check_repos.sh"
+    out("""check program git_repos with path "/usr/scripts/utils/check_repos.sh"
    if status != 0 then alert
-"""
+""")
 if has('non-vlan-adherent'):
    vsftpd_ip = admip()
@ -313,7 +309,7 @@ except:
    cartesdesactivees=[]
 if dernierecarte:
-    print "# Il y a %d carte(s) DVB sur ce serveur dont %d cartes desactivee(s)\n" % (dernierecarte,len(cartesdesactivees))
+    out("# Il y a %d carte(s) DVB sur ce serveur dont %d cartes desactivee(s)\n" % (dernierecarte,len(cartesdesactivees)))
 for i in range(0,dernierecarte):
    if not i in cartesdesactivees:
        service("mumudvb",
@ -324,9 +320,9 @@ for i in range(0,dernierecarte):
                stop_cmd = """/sbin/start-stop-daemon --stop --pidfile /var/run/mumudvb/mumudvb_adapter%d_tuner0.pid""" % i
                )
-print """check file file/var/log/syslog with path /var/log/syslog
+out("""check file file/var/log/syslog with path /var/log/syslog
    if timestamp > 15 minutes then alert
-"""
+""")
 service('igmpproxy')
@ -371,11 +367,11 @@ for line in metadata.Probes["fstab_local"].splitlines():
    # on vérifie le filesystem directement pour les volumes lvm
    if fs.startswith('/dev/mapper'):
-        print 'check filesystem fs%s with path %s' % (mntpoint, mntpoint)
+        out('check filesystem fs%s with path %s' % (mntpoint, mntpoint))
    else:
-        print 'check device fs%s with path %s' % (mntpoint, fs)
+        out('check device fs%s with path %s' % (mntpoint, fs))
-        print '  if failed permission %s then alert' % perm
+        out('  if failed permission %s then alert' % (perm,))
-        print '  if failed uid root then alert'
+        out('  if failed uid root then alert')
    # place sur les disques
    alert_level = {
@ -393,12 +389,12 @@ for line in metadata.Probes["fstab_local"].splitlines():
            alert_level = 80
    if alert_level:
-        print '  if space usage > %d%% for 3 cycles then alert' % alert_level
+        out('  if space usage > %d%% for 3 cycles then alert' % (alert_level,))
    # inodes pour les disques
    if type != 'reiserfs' :
-        print '  if inode usage > 80% then alert'
+        out('  if inode usage > 80% then alert')
-    print '  mode passive'
+    out('  mode passive')
-    print
+    out()
--- a/Python/etc/munin/munin-node.conf
+++ b/Python/etc/munin/munin-node.conf
@ -40,7 +40,7 @@ munin_hostname = pubhostname
@ignore_file \.dpkg-(tmp|new|old|dist)$
@
@# Nom d'hôte reporté au serveur munin
-print "host_name %s" % munin_hostname
+out("host_name %s" % (munin_hostname,))
@
@# Attention: allow_cidr ne peut être utilisé à la fois avec des IPv4 et IPv6
@# (merci munin et debian). Comme c'est vachement mieux d'utiliser des cidr
@ -52,9 +52,9 @@ def allow(cidr):
    quand cidr_allow sera supporté pour les deux types d'IPs.
    Cf https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=20;bug=645292"""
    if ':' in cidr:
-        print "cidr_allow " + cidr
+        out("cidr_allow %s" % (cidr,))
    else:
-        print "allow " + cidr_to_regex(cidr)
+        out("allow %s" % (cidr_to_regex(cidr),))
 if not has("users"):
    @# On autorise tout adm et localhost
--- a/Python/etc/munin/munin.conf
+++ b/Python/etc/munin/munin.conf
@ -16,7 +16,7 @@ info['group'] = 'adm'
 include("ldap_conn")
 import annuaires_pg
-print """
+out("""
 # The next three variables specifies where the location of the RRD
 # databases, the HTML output, and the logs, severally.  They all
 # must be writable by the user running munin-cron.
@ -52,17 +52,17 @@ munin_cgi_graph_jobs 6
 #==============================  Les switchs  ================================
 #Il ne s'agit pas de clients bcfg2 et ne sont par ailleurs pas des nœuds munin
-"""
+""")
 switchs = [ x[:x.rindex('.crans.org')] for x in annuaires_pg.all_switchs(hide=[]) ]
 for host in switchs:
-    print '[switchs.crans.org;%s]' % host
+    out('[switchs.crans.org;%s]' % (host,))
-    print '    address localhost\n'
+    out('    address localhost\n')
-print """
+out("""
 #==============================  Les bornes wifi  ============================
 #On emprunte des données venant du graphe multistacké wifi_clients
-# """
+# """)
 for ap in ldap_conn.search(u'objectClass=borneWifi'):
    # skip fake ap
@ -76,7 +76,7 @@ for ap in ldap_conn.search(u'objectClass=borneWifi'):
    fqdn = ap['host'][0].value.encode('utf-8')
    profile = fqdn.split('.',1)[0]
-    print """[wifi.crans.org;%(profile)s]
+    out("""[wifi.crans.org;%(profile)s]
    address localhost
    update no
@ -101,14 +101,14 @@ for ap in ldap_conn.search(u'objectClass=borneWifi'):
 """ % { 'hostname': fqdn,
        'profile': profile,
        'master': metadata.profile + '.crans.org',
-      }
+      })
 #@[switchs.crans.org;supervision.switchs.crans.org]
 #@update no
-print """
+out("""
 #=====================  Divers  ==============================================
 # Les adherents
 [association.crans.org;adherents]
@ -145,7 +145,7 @@ print """
 [pulsar.crans.org]
    address localhost
    notify_alias pulsar.adm.crans.org
-"""
+""")
 # TODO agrégation de graphes
 # load_all (load.load sur tous les serveurs)
@ -156,23 +156,22 @@ print """
 # postfix_all_maildrop(postfix_mailqueue.maildrop)
 # 
-print """
+out("""
 #=====================  Serveurs réguliers  ==================================
-# """
+# """)
 all_servers = metadata.query.all()
 all_servers.sort(key=lambda x: x.hostname)
 for client in all_servers:
    if "no-munin" in client.groups:
        continue
-    #print """[crans.org;%(profile)s] # enlever crans.org change qqchose ?
+    out("""[%(profile)s]
    print """[%(profile)s]
    address %(hostname)s
    apt.graph yes
    postfix_mailqueue.deferred.warning 1000
 """ % { 'hostname': client.hostname,
        'profile': client.profile + '.crans.org',
-      }
+      })
-print "[crans.org;]"
+out("[crans.org;]")
-print "   node_order " + " \\\n    ".join([c.profile for c in all_servers])
+out("   node_order " + " \\\n    ".join([c.profile for c in all_servers]))
--- a/Python/etc/network/interfaces
+++ b/Python/etc/network/interfaces
@ -24,7 +24,7 @@ def dev(interface, mode, additionnals=[]):
    configured_ifaces.append(interface)
    if mode == "pub":
-        print """auto %(interface)s
+        out("""auto %(interface)s
 iface %(interface)s inet static
    address %(ip)s
    network 138.231.136.0
@ -33,16 +33,16 @@ iface %(interface)s inet static
    mtu 1496
    gateway 138.231.136.4
    dns-nameservers %(nameservers)s
-    dns-search crans.org""" % { 'interface': interface, 'ip': pubip(), 'nameservers': ' '.join(config.dns.recursiv['fil']) }
+    dns-search crans.org""" % { 'interface': interface, 'ip': pubip(), 'nameservers': ' '.join(config.dns.recursiv['fil']) })
        for line in additionnals:
-            print "   ", line
+            out("    %s" % (line,))
-        print
+        out()
        pub6(interface)
    elif mode == "wifi":
-        print """auto %(interface)s
+        out("""auto %(interface)s
 iface %(interface)s inet static
    address %(ip)s
    network 138.231.144.0
@ -50,14 +50,14 @@ iface %(interface)s inet static
    broadcast 138.231.151.255
    mtu 1496
    dns-nameservers %(nameservers)s
-    dns-search wifi.crans.org""" % { 'interface': interface, 'ip': wifiip(), 'nameservers': ' '.join(config.dns.recursiv['wifi']) }
+    dns-search wifi.crans.org""" % { 'interface': interface, 'ip': wifiip(), 'nameservers': ' '.join(config.dns.recursiv['wifi']) })
        for line in additionnals:
-            print "   ", line
+            out("    %s" % (line,))
-        print
+        out()
    elif mode == "adm":
-        print """auto %(interface)s
+        out("""auto %(interface)s
 iface %(interface)s inet static
    address %(ip)s
    network 10.231.136.0
@ -65,64 +65,64 @@ iface %(interface)s inet static
    broadcast 10.231.136.255
    mtu 1496
    dns-nameservers %(nameservers)s
-    dns-search adm.crans.org""" % { 'interface': interface, 'ip': admip(), 'nameservers': ' '.join(config.dns.recursiv['adm']) }
+    dns-search adm.crans.org""" % { 'interface': interface, 'ip': admip(), 'nameservers': ' '.join(config.dns.recursiv['adm']) })
        for line in additionnals:
-            print "   ", line
+            out("    %s" % (line,))
-        print
+        out()
        adm6(interface)
    elif mode == "radin":
-        print """auto %(interface)s
+        out("""auto %(interface)s
 iface %(interface)s inet static
    address %(ip)s
    network 10.42.0.0
    netmask 255.255.0.0
    broadcast 10.42.255.255
-    mtu 1496""" % { 'interface': interface, 'ip': radinip() }
+    mtu 1496""" % { 'interface': interface, 'ip': radinip() })
-        print
+        out()
        radin6(interface)
    elif mode == "accueil":
-        print """auto %(interface)s
+        out("""auto %(interface)s
 iface %(interface)s inet static
    address %(ip)s
    network 10.51.0.0
    netmask 255.255.0.0
    broadcast 10.51.255.255
-    mtu 1496""" % { 'interface': interface, 'ip': accueilip() }
+    mtu 1496""" % { 'interface': interface, 'ip': accueilip() })
    elif mode == "ens":
-        print """auto %(interface)s
+        out("""auto %(interface)s
 iface %(interface)s inet static
    address %(ip)s
    network 10.2.9.0
    netmask 255.255.255.0
    broadcast 10.2.9.255
-    mtu 1496""" % { 'interface': interface, 'ip': appt_ens_ip() }
+    mtu 1496""" % { 'interface': interface, 'ip': appt_ens_ip() })
    elif mode == "isolement":
-        print """auto %(interface)s
+        out("""auto %(interface)s
 iface %(interface)s inet static
    address %(ip)s
    network 10.52.0.0
    netmask 255.255.0.0
    broadcast 10.52.255.255
-    mtu 1496""" % { 'interface': interface, 'ip': isolementip() }
+    mtu 1496""" % { 'interface': interface, 'ip': isolementip() })
    elif mode == "federez":
-        print """auto %(interface)s
+        out("""auto %(interface)s
 iface %(interface)s inet static
    address %(ip)s
    network 10.53.0.0
    netmask 255.255.0.0
    broadcast 10.53.255.255
-    mtu 1496""" % { 'interface': interface, 'ip': federezip() }
+    mtu 1496""" % { 'interface': interface, 'ip': federezip() })
    elif mode == "manuel":
-        print """auto %(interface)s
+        out("""auto %(interface)s
-iface %(interface)s inet static""" % { 'interface': interface }
+iface %(interface)s inet static""" % { 'interface': interface })
    elif mode == "vide":
        try:
@ -130,34 +130,34 @@ iface %(interface)s inet static""" % { 'interface': interface }
        except ValueError:
            vlan = None
        if vlan:
-            print """auto %(interface)s
+            out("""auto %(interface)s
 iface %(interface)s inet manual
    pre-up vconfig add %(iface)s %(vlan)s
    post-down vconfig rem %(iface)s.%(vlan)s
    up ip l set %(interface)s up
-    down ip l set %(interface)s down""" % { 'interface': interface, 'iface':iface,'vlan':vlan }
+    down ip l set %(interface)s down""" % { 'interface': interface, 'iface':iface,'vlan':vlan })
        else:
-            print """auto %(interface)s
+            out("""auto %(interface)s
 iface %(interface)s inet manual
    up ip l set %(interface)s up
-    down ip l set %(interface)s down""" % { 'interface': interface }
+    down ip l set %(interface)s down""" % { 'interface': interface })
    else:
        raise NotImplementedError, "Mode de reseau inconnu : %s" % mode
    if mode != "pub" and mode != "adm" and mode != "wifi" :
        for line in additionnals:
-            print "   ", line
+            out("    %s" % (line,))
-        print
+        out()
 # Definitions communes
-print """auto lo
+out("""auto lo
 iface lo inet loopback
-"""
+""")
 # Pour arpwatch, on surveille nos réseaux
 def otherlisteners():
-    print "#Interfaces d'ecoute restantes pour arpwatch "
+    out("#Interfaces d'ecoute restantes pour arpwatch")
    for vlan in watched_vlans:
        if vlan == 1:
            iface = 'eth0'
@ -218,21 +218,21 @@ def interface6(interface, list_ip, mode = 'serveur'):
    main_ip = list_ip[0]
    list_ip = list_ip[1:]
-    print """iface %(interface)s inet6 static
+    out("""iface %(interface)s inet6 static
    address %(ip6)s
    netmask %(netmask)s""" % {
        'interface': interface,
        'ip6': main_ip.split('/')[0],
        'netmask': (main_ip.split('/') + ['64'])[1],
-    }
+    })
    # Avoid loops
    if mode != 'routeur':
-        print '    gateway fe80::1'
+        out('    gateway fe80::1')
    for ip in list_ip:
-        print '    up ip a add %s dev $IFACE' % ip
+        out('    up ip a add %s dev $IFACE' % (ip,))
-        print '    down ip a delete %s dev $IFACE' % ip
+        out('    down ip a delete %s dev $IFACE' % (ip,))
-    print '    up /sbin/sysctl net/ipv6/conf/$IFACE/autoconf=0'
+    out('    up /sbin/sysctl net/ipv6/conf/$IFACE/autoconf=0')
-    print
+    out()
 def pub6(interface, mode='serveur', list_ip=[]):
    list_ip = [pubip6(interface) + '/64'] + list_ip
@ -249,16 +249,16 @@ def wifi6(interface, list_ip=[], name=None):
    interface6(interface, list_ip)
 def adm6(interface):
-    print """iface %(interface)s inet6 static
+    out("""iface %(interface)s inet6 static
    address %(ip6)s
-    netmask 64""" % { 'interface': interface, 'ip6': admip6(interface) }
+    netmask 64""" % { 'interface': interface, 'ip6': admip6(interface) })
-    print
+    out()
 def radin6(interface):
-    print """iface %(interface)s inet6 static
+    out("""iface %(interface)s inet6 static
    address %(ip6)s
-    netmask 64""" % { 'interface': interface, 'ip6': radinip6(interface) }
+    netmask 64""" % { 'interface': interface, 'ip6': radinip6(interface) })
-    print
+    out()
 Probe_Mac = metadata.Probes["mac"].split('\n')
 If_Mac = dict(zip(Probe_Mac[:-1:2], Probe_Mac[1::2]))
--- a/Python/etc/nginx/sites-available/status
+++ b/Python/etc/nginx/sites-available/status
@ -6,7 +6,7 @@ info["mode"] = 0644
 comment_start = "#"
-print """server {
+out("""server {
 	listen 127.0.0.1;
 	server_name localhost;
 	location /nginx_status {
@ -14,7 +14,7 @@ print """server {
 		access_log off;
 		allow 127.0.0.1;
 		deny all;
-	}"""
+	}""")
 if has("php"):
-    print '	include "snippets/php.conf";'
+    @	include "snippets/php.conf";
-print "}"
+@}
--- a/Python/etc/nginx/sites-available/tv
+++ b/Python/etc/nginx/sites-available/tv
@ -40,14 +40,14 @@ if has("icecast"):
 else:
    body = base
-print """server {
+out("""server {
        listen   80; ## listen for ipv4; this line is default and implied
        listen   [::]:80 default_server ipv6only=on; ## listen for ipv6%s
-}""" % body
+}""" % (body,))
-print """# HTTPS server
+out("""# HTTPS server
 #
 server {
        listen 443;
@ -58,4 +58,4 @@ server {
        ssl_certificate_key /etc/ssl/crans/cochon.ferme.crans.org/xid=33/key.pem;
        ssl_session_timeout 5m;%s
-}""" % body
+}""" % (body,))
--- a/Python/etc/nslcd.conf
+++ b/Python/etc/nslcd.conf
@ -61,4 +61,4 @@ info["mode"] = 0600
 if ldap_filter:
    @
    @# Filtre de recherche
-    print "filter shadow (%s)" % ldap_filter
+    out("filter shadow (%s)" % (ldap_filter,))
--- a/Python/etc/nsswitch.conf
+++ b/Python/etc/nsswitch.conf
@ -11,7 +11,7 @@ else:
    db=""
 def database(name, res):
-    print name + ": " + " ".join(res)
+    out("%s: %s" % (name, " ".join(res)))
@# On utilise la base de donnee du crans pour tout ce qui est
@# compte unix
--- a/Python/etc/ntp.conf
+++ b/Python/etc/ntp.conf
@ -8,80 +8,76 @@ comment_start = "#"
 header("Conf de ntpd")
-print """
+@# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
-# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
+@
@driftfile /var/lib/ntp/ntp.drift
@
@
@# Enable this if you want statistics to be logged.
@#statsdir /var/log/ntpstats/
@
@statistics loopstats peerstats clockstats
@filegen loopstats file loopstats type day enable
@filegen peerstats file peerstats type day enable
@filegen clockstats file clockstats type day enable
@
 driftfile /var/lib/ntp/ntp.drift
 # Enable this if you want statistics to be logged.
 #statsdir /var/log/ntpstats/
 statistics loopstats peerstats clockstats
 filegen loopstats file loopstats type day enable
 filegen peerstats file peerstats type day enable
 filegen clockstats file clockstats type day enable
 """
 if has("ntp-server"):
-        print """# pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
+    @# pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
-# pick a different set every time it starts up.  Please consider joining the
+    @# pick a different set every time it starts up.  Please consider joining the
-# pool: <http://www.pool.ntp.org/join.html>
+    @# pool: <http://www.pool.ntp.org/join.html>
-server ntp.ovh.net iburst
+    @server ntp.ovh.net iburst
-server 0.debian.pool.ntp.org iburst
+    @server 0.debian.pool.ntp.org iburst
-server 1.debian.pool.ntp.org iburst
+    @server 1.debian.pool.ntp.org iburst
-server 2.debian.pool.ntp.org iburst
+    @server 2.debian.pool.ntp.org iburst
-server 3.debian.pool.ntp.org iburst
+    @server 3.debian.pool.ntp.org iburst
-"""
+    @
 elif has("secondary-ntp-server"):
-        print """# You do need to talk to an NTP server or two (or three).
+    @# You do need to talk to an NTP server or two (or three).
-server ntp.crans.org
+    @server ntp.crans.org
-"""
+    @
 else:
-	print """# You do need to talk to an NTP server or two (or three).
+    @# You do need to talk to an NTP server or two (or three).
-server ntp.adm.crans.org
+    @server ntp.adm.crans.org
-"""
+    @
-print """
+@# pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
-# pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
+@# pick a different set every time it starts up.  Please consider joining the
-# pick a different set every time it starts up.  Please consider joining the
+@# pool: <http://www.pool.ntp.org/join.html>
-# pool: <http://www.pool.ntp.org/join.html>
+@#server 0.debian.pool.ntp.org iburst
-#server 0.debian.pool.ntp.org iburst
+@#server 1.debian.pool.ntp.org iburst
-#server 1.debian.pool.ntp.org iburst
+@#server 2.debian.pool.ntp.org iburst
-#server 2.debian.pool.ntp.org iburst
+@#server 3.debian.pool.ntp.org iburst
-#server 3.debian.pool.ntp.org iburst
+@
@
@# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
@# details.  The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
@# might also be helpful.
@#
@# Note that "restrict" applies to both servers and clients, so a configuration
@# that might be intended to block requests from certain clients could also end
@# up blocking replies from your own upstream servers.
@
@# By default, exchange time with everybody, but don't allow configuration.
@restrict -4 default kod notrap nomodify nopeer noquery
@restrict -6 default kod notrap nomodify nopeer noquery
-
+@
-# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
+@# Local users may interrogate the ntp server more closely.
-# details.  The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
+@restrict 127.0.0.1
-# might also be helpful.
+@restrict ::1
-#
+@
-# Note that "restrict" applies to both servers and clients, so a configuration
+@# Clients from this (example!) subnet have unlimited access, but only if
-# that might be intended to block requests from certain clients could also end
+@# cryptographically authenticated.
-# up blocking replies from your own upstream servers.
+@#restrict 192.168.123.0 mask 255.255.255.0 notrust
-
+@
-# By default, exchange time with everybody, but don't allow configuration."""
+@
-print """restrict -4 default kod notrap nomodify nopeer noquery
+@# If you want to provide time to your local subnet, change the next line.
-restrict -6 default kod notrap nomodify nopeer noquery"""
+@# (Again, the address is an example only.)
-
+@#broadcast 192.168.123.255
-print """
+@
-
+@# If you want to listen to time broadcasts on your local subnet, de-comment the
-# Local users may interrogate the ntp server more closely.
+@# next lines.  Please do this only if you trust everybody on the network!
-restrict 127.0.0.1
+@#disable auth
-restrict ::1
+@#broadcastclient
 # Clients from this (example!) subnet have unlimited access, but only if
 # cryptographically authenticated.
 #restrict 192.168.123.0 mask 255.255.255.0 notrust
 # If you want to provide time to your local subnet, change the next line.
 # (Again, the address is an example only.)
 #broadcast 192.168.123.255
 # If you want to listen to time broadcasts on your local subnet, de-comment the
 # next lines.  Please do this only if you trust everybody on the network!
 #disable auth
 #broadcastclient
 """
--- a/Python/etc/openntpd/ntpd.conf
+++ b/Python/etc/openntpd/ntpd.conf
@ -2,8 +2,8 @@ include("ip")
 if has("ntp-server"):
 	@# Addresses to listen on (ntpd does not listen by default)
-	print "listen on %s" % admip()
+	out("listen on %s" % (admip(),))
-	print "listen on %s" % pubip()
+	out("listen on %s" % (pubip(),))
 	@listen on 127.0.0.1
 	@#listen on ::1
 	@
--- a/Python/etc/pam.d/common-account
+++ b/Python/etc/pam.d/common-account
@ -30,5 +30,5 @@ if True: # TODO retirer les @
    @account required                        pam_permit.so
    @# and here are more per-package modules (the "Additional" block)
    if has("ldap"):
-        print "account        [success=ok new_authtok_reqd=done ignore=ignore user_unknown=ignore authinfo_unavail=ignore default=bad]        %s minimum_uid=500" % pam_module
+        out("account        [success=ok new_authtok_reqd=done ignore=ignore user_unknown=ignore authinfo_unavail=ignore default=bad]        %s minimum_uid=500" % (pam_module,))
    @# end of pam-auth-update config
--- a/Python/etc/pam.d/common-auth
+++ b/Python/etc/pam.d/common-auth
@ -21,10 +21,10 @@ pam-auth-update(8) for details.
 if True: # TODO get rid of @
    @# here are the per-package modules (the "Primary" block)
    if has('ldap'):
-        print "auth   [success=2 default=ignore]      pam_unix.so nullok_secure"
+        @auth   [success=2 default=ignore]      pam_unix.so nullok_secure
-        print "auth   [success=1 default=ignore]      %s minimum_uid=500 use_first_pass" % pam_module
+        out("auth   [success=1 default=ignore]      %s minimum_uid=500 use_first_pass" % pam_module)
    else:
-        print "auth   [success=1 default=ignore]      pam_unix.so nullok_secure"
+        @auth   [success=1 default=ignore]      pam_unix.so nullok_secure
    @# here's the fallback if no module succeeds
    @auth    requisite                       pam_deny.so
    @# prime the stack with a positive return value if there isn't one already;
--- a/Python/etc/pam.d/common-password
+++ b/Python/etc/pam.d/common-password
@ -45,7 +45,7 @@ pam-auth-update(8) for details.
 if has('ldap'):
    @password       requisite                       pam_cracklib.so retry=3 minlen=9 dcredit=-1 ucredit=-1 lcredit=-1 ocredit=1 reject_username gecoscheck enforce_for_root difok=0
    @password       [success=2 default=ignore]      pam_unix.so  nullok obscure sha512 min=4 max=8 md5 try_first_pass
-    print "password       [success=1 default=ignore]      %s minimum_uid=500 ignore_unkown_user md5 try_first_pass" % pam_module
+    out("password       [success=1 default=ignore]      %s minimum_uid=500 ignore_unkown_user md5 try_first_pass" % (pam_module,))
 else:
    @password       [success=1 default=ignore]      pam_unix.so  nullok obscure sha512 min=4 max=8 md5 try_first_pass
@# here's the fallback if no module succeeds
--- a/Python/etc/pam.d/common-session
+++ b/Python/etc/pam.d/common-session
@ -29,5 +29,5 @@ if True: # TODO get rid of @
    @# and here are more per-package modules (the "Additional" block)
    @session        required                        pam_unix.so 
    if has('ldap'):
-        print "session        [success=ok default=ignore]     %s minimum_uid=500" % pam_module
+        out("session        [success=ok default=ignore]     %s minimum_uid=500" % (pam_module,))
    @# end of pam-auth-update config
--- a/Python/etc/postfix/aliases
+++ b/Python/etc/postfix/aliases
@ -22,7 +22,7 @@ for dest in ["abuse", "amavis", "backup", "bind", "bin", "clamav", "daemon",
            "irc", "list", "logcheck", "lp", "mail", "majordom", "man", "msql",
            "munin", "nagios", "news", "operator", "postgres", "proxy", "sync",
            "sys", "usenet", "uucp", "webmaster", "www-clubs", "www-data", "www-perso"]:
-    print "%s: root" % dest
+    out("%s: root" % (dest,))
 if not has("users") and not has('mail-mx'):
    @root: root@crans.org
--- a/Python/etc/postfix/canonical
+++ b/Python/etc/postfix/canonical
@ -2,13 +2,13 @@
 include("ip")
-print "# Fichier Gere par Bcfg2, tout changement local sera ecrase !"
+header("Fichier fournissant des méthodes pour traduire certaines adresses")
 if has("bug-tracker"):
    # On ne sait jamais
    @/^(.*)@bugs.crans.org$/  ${1}@bugs.crans.org
-print "/^(.*)@localhost(\.crans\.org)?$/   ${1}@crans.org"
+out("/^(.*)@localhost(\.crans\.org)?$/   ${1}@crans.org")
-print "/^(.*)@%s$/   ${1}@crans.org" % admhostname
+out("/^(.*)@%s$/   ${1}@crans.org" % (admhostname,))
 if not has("non-vlan-adherent"):
-    print "/^(.*)@%s$/   ${1}@crans.org" % pubhostname
+    out("/^(.*)@%s$/   ${1}@crans.org" % (pubhostname,))
--- a/Python/etc/postfix/main.cf
+++ b/Python/etc/postfix/main.cf
@ -65,11 +65,11 @@ else:
@# Reseaux locaux
 %mynetworks local_networks
 if mx and not users:
-    out("             " + tostring(client_networks + adm_networks) + "\n")
+    out("             " + tostring(client_networks + adm_networks))
 elif users:
-    out("             " + tostring(adm_networks) + "\n")
+    out("             " + tostring(adm_networks))
 elif tracker:
-    out("             " + tostring(adm_networks) + "\n")
+    out("             " + tostring(adm_networks))
 if not mx:
    if tracker or corbeau:
@ -83,16 +83,16 @@ if mx:
    @# Destinations acceptees
    %mydestination [hostname, "$myhostname", "localhost", "localhost.$mydomain"]
    if main or users:
-        out("                " + tostring(["$mydomain", "crans.ens-cachan.fr", "clubs.ens-cachan.fr", "install-party.ens-cachan.fr"]) + "\n")
+        out("                " + tostring(["$mydomain", "crans.ens-cachan.fr", "clubs.ens-cachan.fr", "install-party.ens-cachan.fr"]))
    if manage_ml:
-        out("                " + tostring(["lists.$mydomain"]) + "\n")
+        out("                " + tostring(["lists.$mydomain"]))
    @# Domaine relaye par ce MX
    @relay_domains = $mydestination
    if secondary:
-        out("                " + tostring(["$mydomain", "crans.ens-cachan.fr", "clubs.ens-cachan.fr", "install-party.ens-cachan.fr"]) + "\n")
+        out("                " + tostring(["$mydomain", "crans.ens-cachan.fr", "clubs.ens-cachan.fr", "install-party.ens-cachan.fr"]))
    if public and not manage_ml:
-        out("                " + tostring(["lists.$mydomain"]) + "\n")
+        out("                " + tostring(["lists.$mydomain"]))
 if not mx:
    if tracker:
@ -154,7 +154,7 @@ if manage_ml:
 # Pour les non-mx il n'y a plus rien d'interessant
 if mx:
    @# Plus les alias dans la base de donnees
-    out("             " + tostring(db_file("search")) + "\n")
+    out("             " + tostring(db_file("search")))
    @# On prend aussi en compte les utilisateurs de /etc/passwd
    @local_recipient_maps = $alias_maps unix:passwd.byname
    @# Les anciennes ML @crans.org, @crans.ens-cachan.fr -> @lists.crans.org
@ -213,7 +213,7 @@ if mx:
    @# On n'ignore que les messages venant d'adresses "protégées"
    @smtpd_client_event_limit_exceptions = local_networks
    if mx:
-        out("                                      " + tostring(adm_networks) + "\n")
+        out("                                      " + tostring(adm_networks))
    @
    @# On limite à 10 messages par minute
    @smtpd_client_message_rate_limit = 10
@ -241,7 +241,7 @@ if mx:
    if public:
        @# accepte si le champ contourneGreylist de la base est a OK
        @                               permit_sasl_authenticated
-        out("                               check_recipient_access " + tostring(db_file("sqlgrey")) + "\n")
+        out("                               check_recipient_access " + tostring(db_file("sqlgrey")))
        @# accepte si la greylist est d'accord
        @                               check_policy_service inet:127.0.0.1:2501
    @# jette le reste
@ -273,7 +273,7 @@ if mx:
        @# +----------------------+
        @#POUR SECOURS
        if not has("rescue-mode"):
-            out("#")
+            _out("#")
        @relayhost = [ovh.adm.crans.org]:25
    if has("titanic"):
--- a/Python/etc/postfix/master.cf
+++ b/Python/etc/postfix/master.cf
@ -115,7 +115,7 @@ if main:
    @  -o smtpd_sasl_auth_enable=yes
    @  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
    if not public:
-        print "  -o content_filter=lmtp:[amavis.adm.crans.org]:10024"
+        @  -o content_filter=lmtp:[amavis.adm.crans.org]:10024
@#628	  inet	n	-	-	-	-	qmqpd
@pickup   fifo	n	-	-	60	1	pickup
@cleanup  unix	n	-	-	-	0	cleanup
--- a/Python/etc/proftpd/proftpd.conf
+++ b/Python/etc/proftpd/proftpd.conf
@ -9,7 +9,7 @@ include("ip")
@# To really apply changes reload proftpd after modifications.
@# 
@
-print 'ServerName         "%s"' % hostname
+out('ServerName         "%s"' % (hostname,))
@ServerType			standalone
@DeferWelcome			off
@
--- a/Python/etc/radvd.conf
+++ b/Python/etc/radvd.conf
@ -46,7 +46,7 @@ def router_adv(**kw):
  };""" % pref
    kw['other_prefixes'] = '\n'.join(map(prefix_section, kw['other_prefixes']))
-    print """
+    out("""
 interface %(iface)s
 {
  AdvSendAdvert on;
@ -62,7 +62,7 @@ interface %(iface)s
  # Les récursifs:\n  %(rec)s
 };
-""" % kw
+""" % kw)
    # NOTE: Je met \n parce qu'un "%" en début de ligne est remplacé par bcfg2 …
 router_adv(iface='crans', prefix='2a01:240:fe3d:4::/64')
--- a/Python/etc/ramond.conf
+++ b/Python/etc/ramond.conf
@ -11,28 +11,27 @@ from gestion.config import mac_du_routeur
 from gestion.config import prefix
 from gestion.config import int_prefix
-print """<?xml version="1.0" encoding="ISO-8859-15"?>
+out("""<?xml version="1.0" encoding="ISO-8859-15"?>
 <!DOCTYPE ramond SYSTEM "ramond.conf.dtd">
 <ramond logfile="/var/log/ramond.log">
-  <mac-list name="router">"""
+  <mac-list name="router">""")
 def printmac(mac):
-   print  """
+   out("   <entry>%s</entry>" % (mac,))
   <entry>""" + mac + """</entry>"""
 printmac(mac_du_routeur)
 printmac(mac_komaz)
 printmac(mac_titanic)
-print """
+out("""
  </mac-list>
-"""
+""")
 def prefi(pref):
-    print """
+    out("""
-  <rule mac="router" prefix=\"""" + pref + """\">
+  <rule mac="router" prefix="%s">
   <!-- do nothing -->
  </rule>
-"""
+""" % (pref,))
 prefi(prefix['fil'][0])
@ -44,7 +43,7 @@ prefi(prefix['v6only'][0])
 prefi(int_prefix['manage_ap'])
-print """
+out("""
  <!-- UNKNOWN PREFIX -->
  <!-- this matches every advertised _prefix_-->
  <rule prefix="::/0">
@ -56,4 +55,4 @@ print """
  </rule>
-</ramond>"""
+</ramond>""")
--- a/Python/etc/rsyncd.conf
+++ b/Python/etc/rsyncd.conf
@ -43,11 +43,11 @@ for excluded in RsyncHostsToExclude[hostname]:
 ip = admipof("babar")
 for (name, path) in backup_folders.iteritems():
-        print """
+        out("""
 [%(name)s]
 path = %(path)s
 auth users = backupcrans
 secrets file = /etc/crans/secrets/rsyncd.secrets
 hosts allow = babar.adm.crans.org %(ip)s""" % { 'name' : name,
                                                'path' : path,
-                                                'ip' : ip }
+                                                'ip' : ip })
--- a/Python/etc/rsyslog.conf
+++ b/Python/etc/rsyslog.conf
@ -1,5 +1,6 @@
 header("Fichier de configuration de rsyslog")
-print """
+
 out("""
 #  /etc/rsyslog.conf	Configuration file for rsyslog.
 #
 #			For more information see
@ -121,4 +122,4 @@ daemon.*;mail.*;\\
 	news.err;\\
 	*.=debug;*.=info;\\
 	*.=notice;*.=warn	|/dev/xconsole
-"""
+""")
--- a/Python/etc/rsyslog.d/51-pgsql.conf
+++ b/Python/etc/rsyslog.d/51-pgsql.conf
@ -25,7 +25,7 @@ if False:
    @$ActionResumeRetryCount -1    # infinite retries on insert failure
    @$ActionQueueSaveOnShutdown on # save in-memory data if rsyslog shuts down
-    print '*.* :ompgsql:localhost,Syslog,rsyslog,%s;'%(secrets.rsyslog_pgsql_password)
+    out('*.* :ompgsql:localhost,Syslog,rsyslog,%s;' % (secrets.rsyslog_pgsql_password))
@
@#On ne loggue plus dans les fichiers ce qui n'est pas à nous
@:fromhost, !isequal, "thot"     ~
--- a/Python/etc/sudoers
+++ b/Python/etc/sudoers
@ -40,63 +40,63 @@ elif has("2B"):
@# Cmnd alias specification
@# User privilege specification
-print "root       ALL=(ALL:ALL) ALL"
+@root       ALL=(ALL:ALL) ALL
-print "NOUNOUS    ALL=(ALL:ALL) ALL"
+@NOUNOUS    ALL=(ALL:ALL) ALL
 if has("2B"):
-    print "RESPBATS   ALL=(root:ALL) NOPASSWD: /usr/scripts/gestion/tools/who2b.py"
+    @RESPBATS   ALL=(root:ALL) NOPASSWD: /usr/scripts/gestion/tools/who2b.py
 if has("users"):
    @# Les modérateurs ont le whos
-    print "MODEROS    ALL=(respbats:ALL) /usr/scripts/gestion/whos.py,/usr/scripts/gestion/whos_lc.py"
+    @MODEROS    ALL=(respbats:ALL) /usr/scripts/gestion/whos.py,/usr/scripts/gestion/whos_lc.py
    @# Câbleurs
-    print "RESPBATS   ALL=(respbats:ALL) /usr/scripts/gestion/gest_crans.py,/usr/scripts/gestion/chgpass.py,/usr/scripts/gestion/gest_crans_lc.py"
+    @RESPBATS   ALL=(respbats:ALL) /usr/scripts/gestion/gest_crans.py,/usr/scripts/gestion/chgpass.py,/usr/scripts/gestion/gest_crans_lc.py
-    print "RESPBATS   ALL=(respbats:ALL) /usr/scripts/gestion/ldap_crans.py --zombielock"
+    @RESPBATS   ALL=(respbats:ALL) /usr/scripts/gestion/ldap_crans.py --zombielock
-    print "RESPBATS   ALL=(respbats:ALL) /usr/scripts/gestion/ldap_crans.py --purgelock"
+    @RESPBATS   ALL=(respbats:ALL) /usr/scripts/gestion/ldap_crans.py --purgelock
-    print "RESPBATS   ALL=(respbats:ALL) /usr/scripts/admin/mail_invalide/mail_invalide.py, /usr/scripts/admin/controle_tresorier.py, /usr/scripts/admin/controle_tresorier2.py, /usr/scripts/admin/controle_tresorier3.py"
+    @RESPBATS   ALL=(respbats:ALL) /usr/scripts/admin/mail_invalide/mail_invalide.py, /usr/scripts/admin/controle_tresorier.py, /usr/scripts/admin/controle_tresorier2.py, /usr/scripts/admin/controle_tresorier3.py
-    print "RESPBATS   ALL=(respbats:ALL) NOPASSWD: /usr/scripts/gestion/whos.py,/usr/scripts/gestion/whos_lc.py,/usr/scripts/utils/chambre.py,/usr/scripts/utils/stats_cableurs.py,/usr/scripts/gestion/tools/whokfet.py"
+    @RESPBATS   ALL=(respbats:ALL) NOPASSWD: /usr/scripts/gestion/whos.py,/usr/scripts/gestion/whos_lc.py,/usr/scripts/utils/chambre.py,/usr/scripts/utils/stats_cableurs.py,/usr/scripts/gestion/tools/whokfet.py
-    print "RESPBATS   ALL=(respbats:ALL) NOPASSWD: /usr/scripts/gestion/tools/whosthere.py dalembert"
+    @RESPBATS   ALL=(respbats:ALL) NOPASSWD: /usr/scripts/gestion/tools/whosthere.py dalembert
-    print "RESPBATS   ALL=(respbats:ALL) /usr/scripts/gestion/ressuscite.py"
+    @RESPBATS   ALL=(respbats:ALL) /usr/scripts/gestion/ressuscite.py
-    print "RESPBATS   ALL=(respbats:ALL) /usr/scripts/cransticket/dump_creds.py"
+    @RESPBATS   ALL=(respbats:ALL) /usr/scripts/cransticket/dump_creds.py
    @# Pour ne pas louper des .forward pour des questions de droits de lecture
-    print "RESPBATS   ALL=(root:ALL) NOPASSWD: /usr/scripts/admin/mail_invalide/mail_invalide.py"
+    @RESPBATS   ALL=(root:ALL) NOPASSWD: /usr/scripts/admin/mail_invalide/mail_invalide.py
    @# Bureau
-    print "BUREAU     ALL=(respbats:ALL) /usr/scripts/admin/controle_charte_MA.py, /usr/scripts/admin/menage_cableurs.py"
+    @BUREAU     ALL=(respbats:ALL) /usr/scripts/admin/controle_charte_MA.py, /usr/scripts/admin/menage_cableurs.py
    @# intranet
-    print "respbats   ALL=(USERS:ALL) NOPASSWD: /usr/scripts/gestion/config_mail.py"
+    @respbats   ALL=(USERS:ALL) NOPASSWD: /usr/scripts/gestion/config_mail.py
-    print "respbats   ALL=(root:ALL) NOPASSWD: /usr/local/bin/quota"
+    @respbats   ALL=(root:ALL) NOPASSWD: /usr/local/bin/quota
    @# Génération de codes impression pour les imprimeurs
-    print "IMPRIMEURS   ALL=(root:ALL) /usr/scripts/impression/gen_code.py"
+    @IMPRIMEURS   ALL=(root:ALL) /usr/scripts/impression/gen_code.py
    @# Les imprimeurs peuvent recréditer en masse
-    print "IMPRIMEURS   ALL=(respbats:ALL) /usr/scripts/impression/recredit_masse.py"
+    @IMPRIMEURS   ALL=(respbats:ALL) /usr/scripts/impression/recredit_masse.py
-    print "IMPRIMEURS   ALL=(respbats:ALL) /usr/scripts/impression/recredit.py"
+    @IMPRIMEURS   ALL=(respbats:ALL) /usr/scripts/impression/recredit.py
    @# Redémarrage de l'intranet pour les imprimeurs
-    print "IMPRIMEURS   ALL=(root:ALL) /usr/scripts/impression/redemarre_intranet.sh"
+    @IMPRIMEURS   ALL=(root:ALL) /usr/scripts/impression/redemarre_intranet.sh
    @# Un chsh pour tout le monde
-    print "ALL        ALL=(respbats:ALL) /usr/scripts/gestion/chsh.py, NOPASSWD:/usr/local/bin/ldap_whoami"
+    @ALL        ALL=(respbats:ALL) /usr/scripts/gestion/chsh.py, NOPASSWD:/usr/local/bin/ldap_whoami
    @# Quotas
-    print "ALL        ALL=(respbats:ALL) NOPASSWD:/usr/local/bin/quota.sh"
+    @ALL        ALL=(respbats:ALL) NOPASSWD:/usr/local/bin/quota.sh
    @# Envoi de message SIP
-    print "ALL        ALL=(respbats:ALL) NOPASSWD:/usr/scripts/sip/send_sms.py"
+    @ALL        ALL=(respbats:ALL) NOPASSWD:/usr/scripts/sip/send_sms.py
-print "%respbats   ALL=(ALL) NOPASSWD: /usr/bin/monit summary, /usr/bin/monit status"
+@%respbats   ALL=(ALL) NOPASSWD: /usr/bin/monit summary, /usr/bin/monit status
 if has('generate'):
-    print "rpcssh ALL=(ALL) NOPASSWD: /usr/scripts/gestion/gen_confs/generate.py"
+    @rpcssh ALL=(ALL) NOPASSWD: /usr/scripts/gestion/gen_confs/generate.py
 if has('arpwatch'):
    @# arpwatch
-    print "arpwatch   ALL=(arpwatch:ALL) NOPASSWD:/usr/scripts/surveillance/arpwatch_sendmail.py"
+    @arpwatch   ALL=(arpwatch:ALL) NOPASSWD:/usr/scripts/surveillance/arpwatch_sendmail.py
 if has('intranet2-server'):
-    print "www-data   ALL=(root:ALL) NOPASSWD: /usr/local/bin/quota"
+    @www-data   ALL=(root:ALL) NOPASSWD: /usr/local/bin/quota
-    print "www-data   ALL=(root) NOPASSWD: /usr/scripts/utils/chown_impressions.sh"
+    @www-data   ALL=(root) NOPASSWD: /usr/scripts/utils/chown_impressions.sh
 # Inclusion de fichier locaux
@
--- a/Python/etc/sysctl.conf
+++ b/Python/etc/sysctl.conf
@ -21,7 +21,7 @@ Voir http://wiki.crans.org/CransTechnique/Bcfg2/... pour plus d'explications.
 """)
 # Définitions communes
-print """
+out("""
 net.ipv6.conf.default.autoconf = 0
 net.ipv6.conf.default.accept_ra = 0
 net.ipv6.conf.default.accept_ra_defrtr = 0
@ -37,7 +37,7 @@ net.ipv6.conf.all.accept_ra_pinfo = 0
 net.ipv6.conf.all.accept_source_route = 0
 net.ipv6.conf.all.accept_redirects = 0
 net.ipv6.conf.all.use_tempaddr = 0
-"""
+""")
 Probe_Ifs = metadata.Probes["mac"].strip().split('\n')
@ -45,6 +45,6 @@ Ifs = [Probe_Ifs[i] for i in range(len(Probe_Ifs)) if i % 2 == 0]
 # Un '.' supplémentaire dans une clé sysctl, c'est mal.
 for i in Ifs:
-    print template_ra % { 'If' : i.replace('.','/') }
+    out(template_ra % { 'If' : i.replace('.','/') })
-print metadata.Probes["sysctl"]
+out(metadata.Probes["sysctl"])
--- a/Python/var/local/rpcssh/.ssh/authorized_keys
+++ b/Python/var/local/rpcssh/.ssh/authorized_keys
@ -9,4 +9,4 @@ comment_start = "#"
 header("Clef pour lancer des commandes en temps réel sur les serveurs")
 if has("generate"):
-    print 'command="sudo /usr/scripts/gestion/gen_confs/generate.py",from="10.231.136.0/24,2a01:240:fe3d:c804::/64",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding %s' % open('/etc/crans/secrets/trigger-generate.pub').read()
+    _out('command="sudo /usr/scripts/gestion/gen_confs/generate.py",from="10.231.136.0/24,2a01:240:fe3d:c804::/64",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding %s' % open('/etc/crans/secrets/trigger-generate.pub').read())
--- a/Rules/freeradius.xml
+++ b/Rules/freeradius.xml
@ -1,4 +1,4 @@
 <!-- Règles concernant freeradius //-->
 <Rules priority="1">
-  <Service type="deb" name="freeradius" status="on"/>
+  <Service type="deb" name="freeradius" status="ignore"/>
 </Rules>
--- a/Rules/isc-dhcp-client.xml
+++ b/Rules/isc-dhcp-client.xml
@ -0,0 +1,4 @@
 <Rules priority='1'>
    <Path type="directory" name="/etc/dhcp3/dhclient-enter-hooks.d/"/>
    <Path type="directory" name="/etc/dhcp3/dhclient-exit-hooks.d/"/>
 </Rules>
--- a/Rules/munin-node.xml
+++ b/Rules/munin-node.xml
@ -1,7 +1,7 @@
 <!-- Règles pour munin-node //-->
 <Rules priority="1">
  <Action name="link-munin-plugins" timing="post" when="modified" status="check"
-	  command="python /usr/scripts/munin/scripts/link_plugins.py -f" />
+	  command="bash -c '/usr/scripts/munin/scripts/link_plugins.py' -f" />
  <Service type="deb" name="munin-node" status="on"/>
  <Action name="munin-node-restart" timing="post"
        when="modified" status="check"
--- a/Show more
+++ b/Show more
`@ -1,2 +1,2 @@`
	`info["mode"] = 0640`	`info["mode"] = 0640`
	`print file("/etc/crans/secrets/README").read()`	`_out(open("/etc/crans/secrets/README", "r").read())`