crans/crans_bcfg2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Ajout de 2 configuration : test(vo) ou prod, acl différents, ainsi que soit postgres 9.1 ou 9.4

Browse source
This commit is contained in:
Gabriel Detraz 2015-06-30 20:44:39 +02:00
parent 616e7d96eb
commit aa8eddfce7
7 changed files with 440 additions and 80 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Bundler/ident-mapping.xml → Bundler/postgresql-9.1.xml
View file

@ -1,4 +1,4 @@
<Bundle name="ident-mapping"> <Bundle name="postgresql-9.1">
<Python name="/etc/postgresql/9.1/main/pg_hba.conf"/> <Python name="/etc/postgresql/9.1/main/pg_hba.conf"/>
<Python name="/etc/postgresql/9.1/main/pg_ident.conf"/> <Python name="/etc/postgresql/9.1/main/pg_ident.conf"/>
<Package name="postgresql"/> <Package name="postgresql"/>

5
Bundler/postgresql-9.4.xml Normal file
View file

@ -0,0 +1,5 @@
<Bundle name="postgresql-9.4">
<Python name="/etc/postgresql/9.4/main/pg_hba.conf"/>
<Python name="/etc/postgresql/9.4/main/pg_ident.conf"/>
<Package name="postgresql"/>
</Bundle>

17
Metadata/groups.xml
View file

@ -222,6 +222,8 @@
<Group name="db-replicat-test"/> <Group name="db-replicat-test"/>
<Group name="secrets-acl" /> <Group name="secrets-acl" />
<Group name="intranet2-dev" /> <Group name="intranet2-dev" />
<Group name="pgsql-server-jessie"/>
<Group name="pgsql-server-test"/>
<Bundle name="fortunes"/> <Bundle name="fortunes"/>
</Group> </Group>
@ -270,6 +272,7 @@
<Group name="crans-wheezy"/> <Group name="crans-wheezy"/>
<Group name="rsyslog-server"/> <Group name="rsyslog-server"/>
<Group name="pgsql-server"/> <Group name="pgsql-server"/>
<Group name="pgsql-server-wheezy"/>
<Group name="sqlgrey-localdb"/> <Group name="sqlgrey-localdb"/>
<Group name="db-replicat"/> <Group name="db-replicat"/>
<Group name="generate"/> <Group name="generate"/>
@ -1371,7 +1374,19 @@
</Group> </Group>
<Group name="pgsql-server"> <Group name="pgsql-server">
<Bundle name="ident-mapping"/> <!-- Autres serveurs que thot et vo-->
</Group>
<Group name="pgsql-server-wheezy">
<Bundle name="postgresql-9.1"/>
</Group>
<Group name="pgsql-server-jessie">
<Bundle name="postgresql-9.4"/>
</Group>
<Group name="pgsql-server-test">
<!-- Acl différents : vo-->
</Group> </Group>
<Group name="postfix" <Group name="postfix"

101
Python/etc/postgresql/9.1/main/pg_hba.conf
View file

@ -93,90 +93,95 @@ out("""# PostgreSQL Client Authentication Configuration File
#Attention; do not REMOVE this line #Attention; do not REMOVE this line
# Database administrative login by Unix domain socket # Database administrative login by Unix domain socket
local all postgres peer local all postgres peer
""")
# TYPE DATABASE USER ADDRESS METHOD if has("pgsql-server-test"):
out("""host all all 127.0.0.1/32 trust
host django all 127.0.0.1/32 ident map=intranet""")
else:
out("""# TYPE DATABASE USER ADDRESS METHOD
host Syslog rsyslog 127.0.0.1/32 md5 host Syslog rsyslog 127.0.0.1/32 md5
#Intranet : venant d'o2, on autorise l'ecriture""") #Intranet : venant d'o2, on autorise l'ecriture""")
out("""host django crans """ + ip_serveurs['ipv4o2'] + """/32 ident map=django""") out("""host django crans """ + ip_serveurs['ipv4o2'] + """/32 ident map=django""")
out("""host django crans """ + ip_serveurs['ipv6o2'] + """/128 ident map=django""") out("""host django crans """ + ip_serveurs['ipv6o2'] + """/128 ident map=django""")
out(""" out("""
# Asterisk a besoin d'écrire depuis asterisk et depuis zamok""") # Asterisk a besoin d'écrire depuis asterisk et depuis zamok""")
out("""host django crans """ + ip_serveurs['ipv4asterisk'] + """/32 ident map=django""") out("""host django crans """ + ip_serveurs['ipv4asterisk'] + """/32 ident map=django""")
out("""host django crans """ + ip_serveurs['ipv4zamok'] + """/32 ident map=django""") out("""host django crans """ + ip_serveurs['ipv4zamok'] + """/32 ident map=django""")
out(""" out("""
# Tout le reste sur adm est django_ro et crans_ro, pas besoin d'écrire""") # Tout le reste sur adm est django_ro et crans_ro, pas besoin d'écrire""")
out("""host django crans_ro 10.231.136.0/24 ident map=django_ro""") out("""host django crans_ro 10.231.136.0/24 ident map=django_ro""")
out("""host django crans_ro 2a01:240:fe3d:c804::/64 ident map=django_ro""") out("""host django crans_ro 2a01:240:fe3d:c804::/64 ident map=django_ro""")
out(""" out("""
# kenobi""") # kenobi""")
out("""host etherpad crans """ + ip_serveurs['ipv4kenobi'] + """/32 ident map=etherpad""") out("""host etherpad crans """ + ip_serveurs['ipv4kenobi'] + """/32 ident map=etherpad""")
out(""" out("""
# On autorise tout pour owl TODO : à proprifier""") # On autorise tout pour owl TODO : à proprifier""")
out("""host roundcube roundcube """ + ip_serveurs['ipv4owl'] + """/32 ident map=webmail""") out("""host roundcube roundcube """ + ip_serveurs['ipv4owl'] + """/32 ident map=webmail""")
out("""host roundcube roundcube """ + ip_serveurs['ipv6owl'] + """/128 ident map=webmail""") out("""host roundcube roundcube """ + ip_serveurs['ipv6owl'] + """/128 ident map=webmail""")
out("""host all all """ + ip_serveurs['ipv4owl'] + """/32 ident""") out("""host all all """ + ip_serveurs['ipv4owl'] + """/32 ident""")
out("""host all all """ + ip_serveurs['ipv6owl'] + """/128 ident""") out("""host all all """ + ip_serveurs['ipv6owl'] + """/128 ident""")
out(""" out("""
# Roundcube a accès à sa base""") # Roundcube a accès à sa base""")
out("""host roundcube roundcube """ + ip_serveurs['ipv4roundcube'] + """/32 ident map=webmail""") out("""host roundcube roundcube """ + ip_serveurs['ipv4roundcube'] + """/32 ident map=webmail""")
out("""host roundcube roundcube """ + ip_serveurs['ipv6roundcube'] + """/128 ident map=webmail""") out("""host roundcube roundcube """ + ip_serveurs['ipv6roundcube'] + """/128 ident map=webmail""")
out(""" out("""
# sql grey pour zamok""") # sql grey pour zamok""")
out("""host sqlgrey sqlgrey """ + ip_serveurs['ipv4zamok'] + """/32 ident""") out("""host sqlgrey sqlgrey """ + ip_serveurs['ipv4zamok'] + """/32 ident""")
out("""host sqlgrey sqlgrey """ + ip_serveurs['ipv6zamok'] + """/128 ident""") out("""host sqlgrey sqlgrey """ + ip_serveurs['ipv6zamok'] + """/128 ident""")
out(""" out("""
#Base de horde pour root et www-data""") #Base de horde pour root et www-data""")
out("""host horde5 www-data """ + ip_serveurs['ipv4horde'] + """/32 ident map=horde""") out("""host horde5 www-data """ + ip_serveurs['ipv4horde'] + """/32 ident map=horde""")
out("""host horde5 www-data """ + ip_serveurs['ipv6horde'] + """/128 ident map=horde""") out("""host horde5 www-data """ + ip_serveurs['ipv6horde'] + """/128 ident map=horde""")
out("""host horde5 root """ + ip_serveurs['ipv4horde'] + """/32 ident map=horde""") out("""host horde5 root """ + ip_serveurs['ipv4horde'] + """/32 ident map=horde""")
out("""host horde5 root """ + ip_serveurs['ipv6horde'] + """/128 ident map=horde""") out("""host horde5 root """ + ip_serveurs['ipv6horde'] + """/128 ident map=horde""")
out(""" out("""
#mediadrop""") #mediadrop""")
out("""host mediadrop mediadrop """ + ip_serveurs['ipv4mediadrop'] + """/32 ident map=mediadrop""") out("""host mediadrop mediadrop """ + ip_serveurs['ipv4mediadrop'] + """/32 ident map=mediadrop""")
out("""host mediadrop mediadrop """ + ip_serveurs['ipv6mediadrop'] + """/128 ident map=mediadrop""") out("""host mediadrop mediadrop """ + ip_serveurs['ipv6mediadrop'] + """/128 ident map=mediadrop""")
out(""" out("""
# SQLgrey depuis titanic""") # SQLgrey depuis titanic""")
out("""host sqlgrey sqlgrey """ + ip_serveurs['ipv4titanic'] + """/32 ident""") out("""host sqlgrey sqlgrey """ + ip_serveurs['ipv4titanic'] + """/32 ident""")
out("""host sqlgrey sqlgrey """ + ip_serveurs['ipv6titanic'] + """/128 ident""") out("""host sqlgrey sqlgrey """ + ip_serveurs['ipv6titanic'] + """/128 ident""")
out(""" out("""
# SQLgrey depuis soyouz""") # SQLgrey depuis soyouz""")
out("""host sqlgrey sqlgrey """ + ip_serveurs['ipv4soyouz'] + """/32 ident""") out("""host sqlgrey sqlgrey """ + ip_serveurs['ipv4soyouz'] + """/32 ident""")
out(""" out("""
# SQLgrey depuis redisdead""") # SQLgrey depuis redisdead""")
out("""host sqlgrey sqlgrey """ + ip_serveurs['ipv4redisdead'] + """/32 ident""") out("""host sqlgrey sqlgrey """ + ip_serveurs['ipv4redisdead'] + """/32 ident""")
out("""host sqlgrey sqlgrey """ + ip_serveurs['ipv6redisdead'] + """/128 ident""") out("""host sqlgrey sqlgrey """ + ip_serveurs['ipv6redisdead'] + """/128 ident""")
out(""" out("""
# SQLgrey local""") # SQLgrey local""")
out("""local sqlgrey sqlgrey ident map=sqlgrey""") out("""local sqlgrey sqlgrey ident map=sqlgrey""")
out(""" out("""
# Base de correspondance mac_prises pour surveillance""") # Base de correspondance mac_prises pour surveillance""")
out("""host mac_prises crans 10.231.136.0/24 ident map=mac_prises""") out("""host mac_prises crans 10.231.136.0/24 ident map=mac_prises""")
out("""host mac_prises crans 2a01:240:fe3d:c804::/64 ident map=mac_prises""") out("""host mac_prises crans 2a01:240:fe3d:c804::/64 ident map=mac_prises""")
out("""local mac_prises crans ident map=mac_prises""") out("""local mac_prises crans ident map=mac_prises""")
out(""" out("""
#Base pour owncloud""") #Base pour owncloud""")
out("""host owncloud owncloud """ + ip_serveurs['ipv4owncloud'] + """/24 md5""") out("""host owncloud owncloud """ + ip_serveurs['ipv4owncloud'] + """/24 md5""")
out("""host owncloud owncloud """ + ip_serveurs['ipv6owncloud'] + """/128 md5""") out("""host owncloud owncloud """ + ip_serveurs['ipv6owncloud'] + """/128 md5""")

74
Python/etc/postgresql/9.1/main/pg_ident.conf
View file

@ -12,9 +12,11 @@ conn = lc_ldap.shortcuts.lc_ldap_readonly()
comment_start = "#" comment_start = "#"
header("Gestion des acces ident pour les utilisateurs") header("Gestion des acces ident pour les utilisateurs")
# Liste des nounous # Liste des nounous/apprentis
adm_objects = conn.search(u'droits=nounou') adm_objects = conn.search(u'droits=nounou')
nounous = [adm['uid'][0] for adm in adm_objects] nounous = [adm['uid'][0] for adm in adm_objects]
apprentis_objects = conn.search(u'droits=apprenti')
apprentis = [appr['uid'][0] for appr in apprentis_objects]
out("""# PostgreSQL User Name Maps out("""# PostgreSQL User Name Maps
# ========================= # =========================
@ -56,65 +58,77 @@ out("""# PostgreSQL User Name Maps
# Put your actual configuration here""") # Put your actual configuration here""")
#Syslog if has("pgsql-server-test"):
out("""# MAPNAME SYSTEM-USERNAME PG-USERNAME out("""# MAPNAME SYSTEM-USERNAME PG-USERNAME
intranet www-data crans_ro
intranet www-data crans""")
for nounou in nounous:
out("""intranet """ + str(nounou) + """ crans""")
for apprenti in apprentis:
out("""intranet """ + str(apprenti) + """ crans""")
else:
#Syslog
out("""# MAPNAME SYSTEM-USERNAME PG-USERNAME
syslog postgres rsyslog syslog postgres rsyslog
syslog root rsyslog""") syslog root rsyslog""")
#Ensuite les nounous #Ensuite les nounous
for nounou in nounous: for nounou in nounous:
out("""syslog """ + str(nounou) + """ crans""") out("""syslog """ + str(nounou) + """ crans""")
#Db django rw #Db django rw
out(""" out("""
django www-data crans django www-data crans
django asterisk crans django asterisk crans
django respbats crans django respbats crans
django root crans""") django root crans""")
# Etherpad # Etherpad
out(""" out("""
etherpad etherpad crans""") etherpad etherpad crans""")
# mac_prises # mac_prises
out(""" out("""
mac_prises root crans""") mac_prises root crans""")
for nounou in nounous: for nounou in nounous:
out("""mac_prises """ + str(nounou) + """ crans""") out("""mac_prises """ + str(nounou) + """ crans""")
#Filtrage #Filtrage
out("""filtrage root crans""") out("""filtrage root crans""")
#Sqlgrey #Sqlgrey
out("""sqlgrey postgres sqlgrey""") out("""sqlgrey postgres sqlgrey""")
# cluebringer # cluebringer
out("""cluebringer www-data cluebringer out("""cluebringer www-data cluebringer
cluebringer cluebringer cluebringer""") cluebringer cluebringer cluebringer""")
#Webmail #Webmail
out("""webmail www-data roundcube""") out("""webmail www-data roundcube""")
#horde #horde
out("""horde www-data www-data""") out("""horde www-data www-data""")
#Mediadrop #Mediadrop
out("""mediadrop root mediadrop out("""mediadrop root mediadrop
mediadrop www-data mediadrop""") mediadrop www-data mediadrop""")
#Db django ro #Db django ro
out(""" out("""
django_ro respbats crans_ro django_ro respbats crans_ro
django_ro freerad crans_ro django_ro freerad crans_ro
django_ro arpwatch crans_ro django_ro arpwatch crans_ro
django_ro munin crans_ro django_ro munin crans_ro
django_ro asterisk crans_ro django_ro asterisk crans_ro
django_ro www-data crans_ro""") django_ro www-data crans_ro
django_ro root crans_ro""")
for nounou in nounous: for nounou in nounous:
out("""django_ro """ + str(nounou) + """ crans""") out("""django_ro """ + str(nounou) + """ crans_ro""")

187
Python/etc/postgresql/9.4/main/pg_hba.conf Normal file
View file

@ -0,0 +1,187 @@
info["owner"] = "postgres"
info["group"] = "postgres"
info["mode"] = 0640
import sys
sys.path.append('/usr/scripts')
import lc_ldap.shortcuts
conn = lc_ldap.shortcuts.lc_ldap_readonly()
comment_start = "#"
header("Gestion du mapping avec les base de données")
# Ip des serveurs
def ipv4(serveur):
return str(conn.search(u'host=%s.adm.crans.org' % serveur)[0]['ipHostNumber'][0])
def ipv6(serveur):
return str(conn.search(u'host=%s.adm.crans.org' % serveur)[0]['ip6HostNumber'][0])
serveurs = ['o2','zamok','asterisk','kenobi','owl','roundcube','horde','mediadrop','titanic','soyouz','redisdead','owncloud']
ip_serveurs = dict()
for serv in serveurs:
ip_serveurs['ipv4'+serv] = ipv4(serv)
ip_serveurs['ipv6'+serv] = ipv6(serv)
out("""# PostgreSQL Client Authentication Configuration File
# ===================================================
#
# Refer to the "Client Authentication" section in the PostgreSQL
# documentation for a complete description of this file. A short
# synopsis follows.
#
# This file controls: which hosts are allowed to connect, how clients
# are authenticated, which PostgreSQL user names they can use, which
# databases they can access. Records take one of these forms:
#
# local DATABASE USER METHOD [OPTIONS]
# host DATABASE USER ADDRESS METHOD [OPTIONS]
# hostssl DATABASE USER ADDRESS METHOD [OPTIONS]
# hostnossl DATABASE USER ADDRESS METHOD [OPTIONS]
#
# (The uppercase items must be replaced by actual values.)
#
# The first field is the connection type: "local" is a Unix-domain
# socket, "host" is either a plain or SSL-encrypted TCP/IP socket,
# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a
# plain TCP/IP socket.
#
# DATABASE can be "all", "sameuser", "samerole", "replication", a
# database name, or a comma-separated list thereof. The "all"
# keyword does not match "replication". Access to replication
# must be enabled in a separate record (see example below).
#
# USER can be "all", a user name, a group name prefixed with "+", or a
# comma-separated list thereof. In both the DATABASE and USER fields
# you can also write a file name prefixed with "@" to include names
# from a separate file.
#
# ADDRESS specifies the set of hosts the record matches. It can be a
# host name, or it is made up of an IP address and a CIDR mask that is
# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that
# specifies the number of significant bits in the mask. A host name
# that starts with a dot (.) matches a suffix of the actual host name.
# Alternatively, you can write an IP address and netmask in separate
# columns to specify the set of hosts. Instead of a CIDR-address, you
# can write "samehost" to match any of the server's own IP addresses,
# or "samenet" to match any address in any subnet that the server is
# directly connected to.
#
# METHOD can be "trust", "reject", "md5", "password", "gss", "sspi",
# "krb5", "ident", "peer", "pam", "ldap", "radius" or "cert". Note that
# "password" sends passwords in clear text; "md5" is preferred since
# it sends encrypted passwords.
#
# OPTIONS are a set of options for the authentication in the format
# NAME=VALUE. The available options depend on the different
# authentication methods -- refer to the "Client Authentication"
# section in the documentation for a list of which options are
# available for which authentication methods.
#
# Database and user names containing spaces, commas, quotes and other
# special characters must be quoted. Quoting one of the keywords
# "all", "sameuser", "samerole" or "replication" makes the name lose
# its special character, and just match a database or username with
# that name.
#
# This file is read on server startup and when the postmaster receives
# a SIGHUP signal. If you edit the file on a running system, you have
# to SIGHUP the postmaster for the changes to take effect. You can
# use "pg_ctl reload" to do that.
#Attention; do not REMOVE this line
# Database administrative login by Unix domain socket
local all postgres peer
""")
if has("pgsql-server-test"):
out("""host all all 127.0.0.1/32 trust
host django all 127.0.0.1/32 ident map=intranet""")
else:
out("""# TYPE DATABASE USER ADDRESS METHOD
host Syslog rsyslog 127.0.0.1/32 md5
#Intranet : venant d'o2, on autorise l'ecriture""")
out("""host django crans """ + ip_serveurs['ipv4o2'] + """/32 ident map=django""")
out("""host django crans """ + ip_serveurs['ipv6o2'] + """/128 ident map=django""")
out("""
# Asterisk a besoin d'écrire depuis asterisk et depuis zamok""")
out("""host django crans """ + ip_serveurs['ipv4asterisk'] + """/32 ident map=django""")
out("""host django crans """ + ip_serveurs['ipv4zamok'] + """/32 ident map=django""")
out("""
# Tout le reste sur adm est django_ro et crans_ro, pas besoin d'écrire""")
out("""host django crans_ro 10.231.136.0/24 ident map=django_ro""")
out("""host django crans_ro 2a01:240:fe3d:c804::/64 ident map=django_ro""")
out("""
# kenobi""")
out("""host etherpad crans """ + ip_serveurs['ipv4kenobi'] + """/32 ident map=etherpad""")
out("""
# On autorise tout pour owl TODO : à proprifier""")
out("""host roundcube roundcube """ + ip_serveurs['ipv4owl'] + """/32 ident map=webmail""")
out("""host roundcube roundcube """ + ip_serveurs['ipv6owl'] + """/128 ident map=webmail""")
out("""host all all """ + ip_serveurs['ipv4owl'] + """/32 ident""")
out("""host all all """ + ip_serveurs['ipv6owl'] + """/128 ident""")
out("""
# Roundcube a accès à sa base""")
out("""host roundcube roundcube """ + ip_serveurs['ipv4roundcube'] + """/32 ident map=webmail""")
out("""host roundcube roundcube """ + ip_serveurs['ipv6roundcube'] + """/128 ident map=webmail""")
out("""
# sql grey pour zamok""")
out("""host sqlgrey sqlgrey """ + ip_serveurs['ipv4zamok'] + """/32 ident""")
out("""host sqlgrey sqlgrey """ + ip_serveurs['ipv6zamok'] + """/128 ident""")
out("""
#Base de horde pour root et www-data""")
out("""host horde5 www-data """ + ip_serveurs['ipv4horde'] + """/32 ident map=horde""")
out("""host horde5 www-data """ + ip_serveurs['ipv6horde'] + """/128 ident map=horde""")
out("""host horde5 root """ + ip_serveurs['ipv4horde'] + """/32 ident map=horde""")
out("""host horde5 root """ + ip_serveurs['ipv6horde'] + """/128 ident map=horde""")
out("""
#mediadrop""")
out("""host mediadrop mediadrop """ + ip_serveurs['ipv4mediadrop'] + """/32 ident map=mediadrop""")
out("""host mediadrop mediadrop """ + ip_serveurs['ipv6mediadrop'] + """/128 ident map=mediadrop""")
out("""
# SQLgrey depuis titanic""")
out("""host sqlgrey sqlgrey """ + ip_serveurs['ipv4titanic'] + """/32 ident""")
out("""host sqlgrey sqlgrey """ + ip_serveurs['ipv6titanic'] + """/128 ident""")
out("""
# SQLgrey depuis soyouz""")
out("""host sqlgrey sqlgrey """ + ip_serveurs['ipv4soyouz'] + """/32 ident""")
out("""
# SQLgrey depuis redisdead""")
out("""host sqlgrey sqlgrey """ + ip_serveurs['ipv4redisdead'] + """/32 ident""")
out("""host sqlgrey sqlgrey """ + ip_serveurs['ipv6redisdead'] + """/128 ident""")
out("""
# SQLgrey local""")
out("""local sqlgrey sqlgrey ident map=sqlgrey""")
out("""
# Base de correspondance mac_prises pour surveillance""")
out("""host mac_prises crans 10.231.136.0/24 ident map=mac_prises""")
out("""host mac_prises crans 2a01:240:fe3d:c804::/64 ident map=mac_prises""")
out("""local mac_prises crans ident map=mac_prises""")
out("""
#Base pour owncloud""")
out("""host owncloud owncloud """ + ip_serveurs['ipv4owncloud'] + """/24 md5""")
out("""host owncloud owncloud """ + ip_serveurs['ipv6owncloud'] + """/128 md5""")

134
Python/etc/postgresql/9.4/main/pg_ident.conf Normal file
View file

@ -0,0 +1,134 @@
info["owner"] = "postgres"
info["group"] = "postgres"
info["mode"] = 0640
import sys
sys.path.append('/usr/scripts')
import lc_ldap.shortcuts
conn = lc_ldap.shortcuts.lc_ldap_readonly()
comment_start = "#"
header("Gestion des acces ident pour les utilisateurs")
# Liste des nounous/apprentis
adm_objects = conn.search(u'droits=nounou')
nounous = [adm['uid'][0] for adm in adm_objects]
apprentis_objects = conn.search(u'droits=apprenti')
apprentis = [appr['uid'][0] for appr in apprentis_objects]
out("""# PostgreSQL User Name Maps
# =========================
#
# Refer to the PostgreSQL documentation, chapter "Client
# Authentication" for a complete description. A short synopsis
# follows.
#
# This file controls PostgreSQL user name mapping. It maps external
# user names to their corresponding PostgreSQL user names. Records
# are of the form:
#
# MAPNAME SYSTEM-USERNAME PG-USERNAME
#
# (The uppercase quantities must be replaced by actual values.)
#
# MAPNAME is the (otherwise freely chosen) map name that was used in
# pg_hba.conf. SYSTEM-USERNAME is the detected user name of the
# client. PG-USERNAME is the requested PostgreSQL user name. The
# existence of a record specifies that SYSTEM-USERNAME may connect as
# PG-USERNAME.
#
# If SYSTEM-USERNAME starts with a slash (/), it will be treated as a
# regular expression. Optionally this can contain a capture (a
# parenthesized subexpression). The substring matching the capture
# will be substituted for 1 (backslash-one) if present in
# PG-USERNAME.
#
# Multiple maps may be specified in this file and used by pg_hba.conf.
#
# No map names are defined in the default configuration. If all
# system user names and PostgreSQL user names are the same, you don't
# need anything in this file.
#
# This file is read on server startup and when the postmaster receives
# a SIGHUP signal. If you edit the file on a running system, you have
# to SIGHUP the postmaster for the changes to take effect. You can
# use "pg_ctl reload" to do that.
# Put your actual configuration here""")
if has("pgsql-server-test"):
out("""# MAPNAME SYSTEM-USERNAME PG-USERNAME
intranet www-data crans_ro
intranet www-data crans""")
for nounou in nounous:
out("""intranet """ + str(nounou) + """ crans""")
for apprenti in apprentis:
out("""intranet """ + str(apprenti) + """ crans""")
else:
#Syslog
out("""# MAPNAME SYSTEM-USERNAME PG-USERNAME
syslog postgres rsyslog
syslog root rsyslog""")
#Ensuite les nounous
for nounou in nounous:
out("""syslog """ + str(nounou) + """ crans""")
#Db django rw
out("""
django www-data crans
django asterisk crans
django respbats crans
django root crans""")
# Etherpad
out("""
etherpad etherpad crans""")
# mac_prises
out("""
mac_prises root crans""")
for nounou in nounous:
out("""mac_prises """ + str(nounou) + """ crans""")
#Filtrage
out("""filtrage root crans""")
#Sqlgrey
out("""sqlgrey postgres sqlgrey""")
# cluebringer
out("""cluebringer www-data cluebringer
cluebringer cluebringer cluebringer""")
#Webmail
out("""webmail www-data roundcube""")
#horde
out("""horde www-data www-data""")
#Mediadrop
out("""mediadrop root mediadrop
mediadrop www-data mediadrop""")
#Db django ro
out("""
django_ro respbats crans_ro
django_ro freerad crans_ro
django_ro arpwatch crans_ro
django_ro munin crans_ro
django_ro asterisk crans_ro
django_ro www-data crans_ro
django_ro root crans_ro""")
for nounou in nounous:
out("""django_ro """ + str(nounou) + """ crans_ro""")