[x509] Montage des certificats de la base ldap dans /etc/ssl/crans avec autofs

Bundler/ldapcert.xml

@@ -0,0 +1,10 @@
+<Bundle name="ldapcert">
+  <Path name="/etc/ssl/crans" type="directory" />
+  <Python name="/etc/auto.master"/>
+  <Path name="/etc/auto.ldapcert"/>
+  <Path name="/etc/auto.ldapcert" />
+  <Package name="python-fuse"/>
+  <Package name="autofs"/>
+  <Service name="autofs"/>
+</Bundle>
+

Bundler/scripts.xml

@@ -1,4 +1,5 @@
 <Bundle name="scripts">
     <Package name="python-ldap"/>
     <Package name="python-psycopg2"/>
+    <Package name="python-pyasn1"/>
 </Bundle>

Cfg/etc/auto.ldapcert/auto.ldapcert

@@ -0,0 +1 @@
+/etc/ssl/crans -fstype=fuse,allow_other,nodev,noatime :/usr/scripts/utils/ldapcertfs.py

Cfg/etc/auto.ldapcert/info.xml

@@ -0,0 +1,3 @@
+<FileInfo>
+    <Info owner='root' group='root' perms='0644'/>
+</FileInfo>

Metadata/groups.xml

@@ -375,21 +375,13 @@
     <Bundle name="feteduslip"/>
   </Group>
 
-  <Group name="jouvence"
-         profile="true">
-    <Group name="mumudvb"/>
-    <Group name="crans-squeeze"/>
-    <Group name="imprimeurs"/>
-    <Group name="bureau"/>
-  </Group>
-
   <Group name="news"
          profile="true">
     <Group name="news-server"/>
     <Group name="http-server"/>
     <Group name="news-search"/>
     <Group name="crans-vm-wheezy"/>
-
+    <Group name="apache"/>
     <Group name="https_cert"/>
   </Group>
 
@@ -511,7 +503,6 @@
   <Group name="crans">
     <!-- groupe encore plus minimal pour un serveur du Crans -->
     <Group name="secrets"/>
-
     <Bundle name="knownhosts"/>
     <Bundle name="sshfingerprint"/>
     <Bundle name="secrets"/>
@@ -740,6 +731,7 @@
   </Group>
 
   <Group name="nginx">
+    <Group name="ldapcert"/>
     <Bundle name="nginx"/>
   </Group>
 
@@ -763,6 +755,10 @@
     <Bundle name="cgi"/>
   </Group>
 
+  <Group name="ldapcert">
+    <Bundle name="ldapcert"/>
+  </Group>
+
   <Group name="git-main">
     <Group name="gitweb"/>
     <Bundle name="kgb-client"/>
@@ -916,9 +912,14 @@
   </Group>
 
   <Group name="https_cert">
+    <Group name="ldapcert"/>
     <Bundle name="check_cert"/>
   </Group>
 
+  <Group name="asterisk-server">
+    <Group name="ldapcert"/>
+  </Group>
+
   <Group name="intranet-server">
     <!-- le serveur HTTPS (port 443) gérant intranet.crans.org -->
     <Group name="intranet-server-backend"/>
@@ -1086,6 +1087,7 @@
   <Group name="ejabberd-services">
         <!-- Un autre serveur Jabber :) -->
     <Bundle name="ejabberd-services"/>
+    <Group name="ldapcert"/>
     <Group name="ejabberd"/> <!-- metagroupe pour monit -->
   </Group>
 
@@ -1213,6 +1215,7 @@
   </Group>
 
   <Group name="imap-server">
+    <Group name="ldapcert"/>
     <Group name="imap-backed"/>
     <Group name="home-permanent"/>
     <Group name="generate"/>
@@ -1411,6 +1414,7 @@
 
   <Group name="postfix"
     category="mail-backend">
+    <Group name="ldapcert"/>
    <Bundle name="postfix"/>
    <Bundle name="postfix_aliases"/>
    <Bundle name="postfix_transport"/>
@@ -1431,6 +1435,7 @@
   </Group>
 
   <Group name="bcfg2-server">
+    <Group name="ldapcert"/>
     <Bundle name="bcfg2"/>
     <Bundle name="check_cert"/>
   </Group>
@@ -1452,6 +1457,7 @@
   <Group name="apache"
      category="http-server-backend">
     <!-- TODO: a implémenter -->
+    <Group name="ldapcert"/>
   </Group>
 
   <Group name="cherrypy"

Python/etc/auto.master

@@ -8,5 +8,9 @@ def mount(mntpoint, script, timeout=None):
     else:
         print mntpoint, script
 
-if has("home"):
+if has("home") and not has("home-permanent"):
     mount("/home", "/etc/auto.home", 600)
+
+if has("ldapcert"):
+    mount("/-", "/etc/auto.ldapcert", 600)
+    

Rules/ldapcert.xml

@@ -0,0 +1,3 @@
+<Rules priority="1">
+  <Path name="/etc/ssl/crans" type="directory" owner="root" group="root" perms="0755" />
+</Rules>