crans/crans_bcfg2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Ajout de 2 configuration : test(vo) ou prod, acl différents, ainsi que soit postgres 9.1 ou 9.4

Browse source
This commit is contained in:
Gabriel Detraz 2015-06-30 20:44:39 +02:00
parent 616e7d96eb
commit aa8eddfce7
7 changed files with 440 additions and 80 deletions
Download patch file Download diff file Expand all files Collapse all files

101
Python/etc/postgresql/9.1/main/pg_hba.conf
View file

@ -93,90 +93,95 @@ out("""# PostgreSQL Client Authentication Configuration File
#Attention; do not REMOVE this line
# Database administrative login by Unix domain socket
local all postgres peer
""")
# TYPE DATABASE USER ADDRESS METHOD
if has("pgsql-server-test"):
out("""host all all 127.0.0.1/32 trust
host django all 127.0.0.1/32 ident map=intranet""")
else:
out("""# TYPE DATABASE USER ADDRESS METHOD
host Syslog rsyslog 127.0.0.1/32 md5
#Intranet : venant d'o2, on autorise l'ecriture""")
out("""host django crans """ + ip_serveurs['ipv4o2'] + """/32 ident map=django""")
out("""host django crans """ + ip_serveurs['ipv6o2'] + """/128 ident map=django""")
out("""host django crans """ + ip_serveurs['ipv4o2'] + """/32 ident map=django""")
out("""host django crans """ + ip_serveurs['ipv6o2'] + """/128 ident map=django""")
out("""
out("""
# Asterisk a besoin d'écrire depuis asterisk et depuis zamok""")
out("""host django crans """ + ip_serveurs['ipv4asterisk'] + """/32 ident map=django""")
out("""host django crans """ + ip_serveurs['ipv4zamok'] + """/32 ident map=django""")
out("""host django crans """ + ip_serveurs['ipv4asterisk'] + """/32 ident map=django""")
out("""host django crans """ + ip_serveurs['ipv4zamok'] + """/32 ident map=django""")
out("""
out("""
# Tout le reste sur adm est django_ro et crans_ro, pas besoin d'écrire""")
out("""host django crans_ro 10.231.136.0/24 ident map=django_ro""")
out("""host django crans_ro 2a01:240:fe3d:c804::/64 ident map=django_ro""")
out("""host django crans_ro 10.231.136.0/24 ident map=django_ro""")
out("""host django crans_ro 2a01:240:fe3d:c804::/64 ident map=django_ro""")
out("""
out("""
# kenobi""")
out("""host etherpad crans """ + ip_serveurs['ipv4kenobi'] + """/32 ident map=etherpad""")
out("""host etherpad crans """ + ip_serveurs['ipv4kenobi'] + """/32 ident map=etherpad""")
out("""
out("""
# On autorise tout pour owl TODO : à proprifier""")
out("""host roundcube roundcube """ + ip_serveurs['ipv4owl'] + """/32 ident map=webmail""")
out("""host roundcube roundcube """ + ip_serveurs['ipv6owl'] + """/128 ident map=webmail""")
out("""host all all """ + ip_serveurs['ipv4owl'] + """/32 ident""")
out("""host all all """ + ip_serveurs['ipv6owl'] + """/128 ident""")
out("""host roundcube roundcube """ + ip_serveurs['ipv4owl'] + """/32 ident map=webmail""")
out("""host roundcube roundcube """ + ip_serveurs['ipv6owl'] + """/128 ident map=webmail""")
out("""host all all """ + ip_serveurs['ipv4owl'] + """/32 ident""")
out("""host all all """ + ip_serveurs['ipv6owl'] + """/128 ident""")
out("""
out("""
# Roundcube a accès à sa base""")
out("""host roundcube roundcube """ + ip_serveurs['ipv4roundcube'] + """/32 ident map=webmail""")
out("""host roundcube roundcube """ + ip_serveurs['ipv6roundcube'] + """/128 ident map=webmail""")
out("""host roundcube roundcube """ + ip_serveurs['ipv4roundcube'] + """/32 ident map=webmail""")
out("""host roundcube roundcube """ + ip_serveurs['ipv6roundcube'] + """/128 ident map=webmail""")
out("""
out("""
# sql grey pour zamok""")
out("""host sqlgrey sqlgrey """ + ip_serveurs['ipv4zamok'] + """/32 ident""")
out("""host sqlgrey sqlgrey """ + ip_serveurs['ipv6zamok'] + """/128 ident""")
out("""host sqlgrey sqlgrey """ + ip_serveurs['ipv4zamok'] + """/32 ident""")
out("""host sqlgrey sqlgrey """ + ip_serveurs['ipv6zamok'] + """/128 ident""")
out("""
out("""
#Base de horde pour root et www-data""")
out("""host horde5 www-data """ + ip_serveurs['ipv4horde'] + """/32 ident map=horde""")
out("""host horde5 www-data """ + ip_serveurs['ipv6horde'] + """/128 ident map=horde""")
out("""host horde5 root """ + ip_serveurs['ipv4horde'] + """/32 ident map=horde""")
out("""host horde5 root """ + ip_serveurs['ipv6horde'] + """/128 ident map=horde""")
out("""host horde5 www-data """ + ip_serveurs['ipv4horde'] + """/32 ident map=horde""")
out("""host horde5 www-data """ + ip_serveurs['ipv6horde'] + """/128 ident map=horde""")
out("""host horde5 root """ + ip_serveurs['ipv4horde'] + """/32 ident map=horde""")
out("""host horde5 root """ + ip_serveurs['ipv6horde'] + """/128 ident map=horde""")
out("""
out("""
#mediadrop""")
out("""host mediadrop mediadrop """ + ip_serveurs['ipv4mediadrop'] + """/32 ident map=mediadrop""")
out("""host mediadrop mediadrop """ + ip_serveurs['ipv6mediadrop'] + """/128 ident map=mediadrop""")
out("""host mediadrop mediadrop """ + ip_serveurs['ipv4mediadrop'] + """/32 ident map=mediadrop""")
out("""host mediadrop mediadrop """ + ip_serveurs['ipv6mediadrop'] + """/128 ident map=mediadrop""")
out("""
out("""
# SQLgrey depuis titanic""")
out("""host sqlgrey sqlgrey """ + ip_serveurs['ipv4titanic'] + """/32 ident""")
out("""host sqlgrey sqlgrey """ + ip_serveurs['ipv6titanic'] + """/128 ident""")
out("""host sqlgrey sqlgrey """ + ip_serveurs['ipv4titanic'] + """/32 ident""")
out("""host sqlgrey sqlgrey """ + ip_serveurs['ipv6titanic'] + """/128 ident""")
out("""
out("""
# SQLgrey depuis soyouz""")
out("""host sqlgrey sqlgrey """ + ip_serveurs['ipv4soyouz'] + """/32 ident""")
out("""host sqlgrey sqlgrey """ + ip_serveurs['ipv4soyouz'] + """/32 ident""")
out("""
out("""
# SQLgrey depuis redisdead""")
out("""host sqlgrey sqlgrey """ + ip_serveurs['ipv4redisdead'] + """/32 ident""")
out("""host sqlgrey sqlgrey """ + ip_serveurs['ipv6redisdead'] + """/128 ident""")
out("""host sqlgrey sqlgrey """ + ip_serveurs['ipv4redisdead'] + """/32 ident""")
out("""host sqlgrey sqlgrey """ + ip_serveurs['ipv6redisdead'] + """/128 ident""")
out("""
out("""
# SQLgrey local""")
out("""local sqlgrey sqlgrey ident map=sqlgrey""")
out("""local sqlgrey sqlgrey ident map=sqlgrey""")
out("""
out("""
# Base de correspondance mac_prises pour surveillance""")
out("""host mac_prises crans 10.231.136.0/24 ident map=mac_prises""")
out("""host mac_prises crans 2a01:240:fe3d:c804::/64 ident map=mac_prises""")
out("""local mac_prises crans ident map=mac_prises""")
out("""host mac_prises crans 10.231.136.0/24 ident map=mac_prises""")
out("""host mac_prises crans 2a01:240:fe3d:c804::/64 ident map=mac_prises""")
out("""local mac_prises crans ident map=mac_prises""")
out("""
out("""
#Base pour owncloud""")
out("""host owncloud owncloud """ + ip_serveurs['ipv4owncloud'] + """/24 md5""")
out("""host owncloud owncloud """ + ip_serveurs['ipv6owncloud'] + """/128 md5""")
out("""host owncloud owncloud """ + ip_serveurs['ipv4owncloud'] + """/24 md5""")
out("""host owncloud owncloud """ + ip_serveurs['ipv6owncloud'] + """/128 md5""")

74
Python/etc/postgresql/9.1/main/pg_ident.conf
View file

@ -12,9 +12,11 @@ conn = lc_ldap.shortcuts.lc_ldap_readonly()
comment_start = "#"
header("Gestion des acces ident pour les utilisateurs")
# Liste des nounous
# Liste des nounous/apprentis
adm_objects = conn.search(u'droits=nounou')
nounous = [adm['uid'][0] for adm in adm_objects]
apprentis_objects = conn.search(u'droits=apprenti')
apprentis = [appr['uid'][0] for appr in apprentis_objects]
out("""# PostgreSQL User Name Maps
# =========================
@ -56,65 +58,77 @@ out("""# PostgreSQL User Name Maps
# Put your actual configuration here""")
#Syslog
out("""# MAPNAME SYSTEM-USERNAME PG-USERNAME
if has("pgsql-server-test"):
out("""# MAPNAME SYSTEM-USERNAME PG-USERNAME
intranet www-data crans_ro
intranet www-data crans""")
for nounou in nounous:
out("""intranet """ + str(nounou) + """ crans""")
for apprenti in apprentis:
out("""intranet """ + str(apprenti) + """ crans""")
else:
#Syslog
out("""# MAPNAME SYSTEM-USERNAME PG-USERNAME
syslog postgres rsyslog
syslog root rsyslog""")
#Ensuite les nounous
#Ensuite les nounous
for nounou in nounous:
out("""syslog """ + str(nounou) + """ crans""")
for nounou in nounous:
out("""syslog """ + str(nounou) + """ crans""")
#Db django rw
out("""
#Db django rw
out("""
django www-data crans
django asterisk crans
django respbats crans
django root crans""")
# Etherpad
out("""
# Etherpad
out("""
etherpad etherpad crans""")
# mac_prises
out("""
# mac_prises
out("""
mac_prises root crans""")
for nounou in nounous:
for nounou in nounous:
out("""mac_prises """ + str(nounou) + """ crans""")
#Filtrage
out("""filtrage root crans""")
#Filtrage
out("""filtrage root crans""")
#Sqlgrey
out("""sqlgrey postgres sqlgrey""")
#Sqlgrey
out("""sqlgrey postgres sqlgrey""")
# cluebringer
out("""cluebringer www-data cluebringer
# cluebringer
out("""cluebringer www-data cluebringer
cluebringer cluebringer cluebringer""")
#Webmail
out("""webmail www-data roundcube""")
#Webmail
out("""webmail www-data roundcube""")
#horde
out("""horde www-data www-data""")
#horde
out("""horde www-data www-data""")
#Mediadrop
#Mediadrop
out("""mediadrop root mediadrop
out("""mediadrop root mediadrop
mediadrop www-data mediadrop""")
#Db django ro
out("""
#Db django ro
out("""
django_ro respbats crans_ro
django_ro freerad crans_ro
django_ro arpwatch crans_ro
django_ro munin crans_ro
django_ro asterisk crans_ro
django_ro www-data crans_ro""")
django_ro www-data crans_ro
django_ro root crans_ro""")
for nounou in nounous:
out("""django_ro """ + str(nounou) + """ crans""")
for nounou in nounous:
out("""django_ro """ + str(nounou) + """ crans_ro""")