crans/crans_bcfg2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Config de cups sur bcfg2 pour les serveurs cups et o2

Browse source
This commit is contained in:
Gabriel Detraz 2015-07-07 16:20:03 +02:00
parent 9de9049f22
commit da8e096b9d
5 changed files with 237 additions and 18 deletions
Download patch file Download diff file Expand all files Collapse all files

5
Bundler/cups-service.xml Normal file
View file

@ -0,0 +1,5 @@
<Bundle name="cups-service">
<Python name="/etc/cups/cupsd.conf"/>
<Service name="cups" />
<Package name="cups"/>
</Bundle>

32
Metadata/groups.xml
View file

@ -58,6 +58,7 @@
<Group name="cups" <Group name="cups"
profile="true"> profile="true">
<Group name="crans-vm-jessie"/> <Group name="crans-vm-jessie"/>
<Group name="cups-service-server"/>
</Group> </Group>
<Group name="discourse" <Group name="discourse"
@ -145,10 +146,10 @@
<Group name="users"/> <Group name="users"/>
<Group name="http-server"/> <Group name="http-server"/>
<Group name="intranet-server"/> <Group name="intranet-server"/>
<Group name="print-server"/>
<Group name="adh-sql-server"/> <Group name="adh-sql-server"/>
<Group name="adh-antispam-filter"/> <Group name="adh-antispam-filter"/>
<Group name="service-sms"/> <Group name="service-sms"/>
<Group name="cups-service"/>
<Bundle name="quota"/> <Bundle name="quota"/>
<!-- <Group name="ups-monitor"/> --> <!-- <Group name="ups-monitor"/> -->
@ -391,7 +392,7 @@
<Group name="crans-vm-jessie"/> <Group name="crans-vm-jessie"/>
<Group name="intranet2-server"/> <Group name="intranet2-server"/>
<Group name="https_cert"/> <Group name="https_cert"/>
<Group name="print-server"/> <Group name="cups-service-client"/>
</Group> </Group>
<Group name="radius" <Group name="radius"
@ -1013,11 +1014,6 @@
<Group name="backup-client-backend"/> <Group name="backup-client-backend"/>
</Group> </Group>
<Group name="print-server">
<!-- Serveur d'impression de l'association -->
<Group name="print-server-backend"/>
</Group>
<Group name="firewall"> <Group name="firewall">
<!-- Le firewall de l'association --> <!-- Le firewall de l'association -->
<Group name="generate"/> <Group name="generate"/>
@ -1103,6 +1099,18 @@
<!--TODO: initscript, conf, monitoring, etc--> <!--TODO: initscript, conf, monitoring, etc-->
</Group> </Group>
<!-- *** CUPS *** -->
<Group name="cups-service-client">
<Group name="cups-service"/>
<Bundle name="cups-service"/>
</Group>
<Group name="cups-service-server">
<Group name="cups-service"/>
<Bundle name="cups-service"/>
</Group>
<!-- +=================================+ --> <!-- +=================================+ -->
<!-- | Tous les groupes intermediaires | --> <!-- | Tous les groupes intermediaires | -->
@ -1305,11 +1313,6 @@
<Group name="rsync"/> <Group name="rsync"/>
</Group> </Group>
<Group name="print-server-backend">
<Group name="cups-service"/>
<Group name="non-free"/>
</Group>
<Group name="radius-server-backend"> <Group name="radius-server-backend">
<Group name="freeradius"/> <Group name="freeradius"/>
</Group> </Group>
@ -1462,11 +1465,6 @@
<Bundle name="rsync-client"/> <Bundle name="rsync-client"/>
</Group> </Group>
<Group name="cups-service"
category="print-server-backend">
<!-- TODO: a implementer -->
</Group>
<Group name="freeradius" <Group name="freeradius"
category="radius-server-backend"> category="radius-server-backend">
<Bundle name="freeradius"/> <Bundle name="freeradius"/>

109
Python/etc/cups/cupsd.conf Normal file
View file

@ -0,0 +1,109 @@
# -*- coding: utf-8 -*-
info["owner"] = "root"
info["group"] = "lp"
info["mode"] = 0644
include("ldap_conn")
comment_start = "#"
header("Configuration pour cups entre le serveur cups et l'intranet")
conn = ldap_conn
def ipv4(serveur):
return str(conn.search(u'host=%s.adm.crans.org' % serveur)[0]['ipHostNumber'][0])
out("""LogLevel info
MaxLogSize 0
# Allow remote access""")
if has ("cups"):
out("""Listen """ + ipv4('cups') + ":631")
if has ("o2"):
out("""Listen """ + ipv4('o2') + ":631")
out("""Listen /var/run/cups/cups.sock
# Share local printers on the local network.
Browsing On
BrowseLocalProtocols dnssd
DefaultAuthType Basic
<Location />
# Allow shared printing...
Order allow,deny
Allow @LOCAL
</Location>
<Location /admin>
Order allow,deny
Allow @LOCAL
</Location>
<Location /admin/conf>
AuthType Default
Require user @SYSTEM
Order allow,deny
</Location>
<Policy default>
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
<Limit Create-Job Print-Job Print-URI Validate-Job>
Order deny,allow
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit Cancel-Job CUPS-Authenticate-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
<Policy authenticated>
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
<Limit Create-Job Print-Job Print-URI Validate-Job>
AuthType Default
Order deny,allow
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit Cancel-Job CUPS-Authenticate-Job>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>""")

104
Python/etc/cups/cupsd.conf.old Normal file
View file

@ -0,0 +1,104 @@
# -*- coding: utf-8 -*-
info["owner"] = "root"
info["group"] = "lp"
info["mode"] = 0644
include("ldap_conn")
comment_start = "#"
header("Configuration pour cups entre le serveur cups et l'intranet")
def ipv4(serveur):
return str(conn.search(u'host=%s.adm.crans.org' % serveur)[0]['ipHostNumber'][0])
out("""LogLevel info
MaxLogSize 0
# Allow remote access""")
out("""Listen """ + ipv4('o2'))
out("""Listen /var/run/cups/cups.sock
# Share local printers on the local network.
Browsing On
BrowseLocalProtocols dnssd
DefaultAuthType Basic
<Location />
# Allow shared printing...
Order allow,deny
Allow @LOCAL
</Location>
<Location /admin>
Order allow,deny
Allow @LOCAL
</Location>
<Location /admin/conf>
AuthType Default
Require user @SYSTEM
Order allow,deny
</Location>
<Policy default>
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
<Limit Create-Job Print-Job Print-URI Validate-Job>
Order deny,allow
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel- Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate- Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit Cancel-Job CUPS-Authenticate-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
<Policy authenticated>
JobPrivateAccess default
JobPrivateValues default
SubscriptionPrivateAccess default
SubscriptionPrivateValues default
<Limit Create-Job Print-Job Print-URI Validate-Job>
AuthType Default
Order deny,allow
</Limit>
</Limit>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel- Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate- Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit Cancel-Job CUPS-Authenticate-Job>
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>""")

3
Rules/cups.xml Normal file
View file

@ -0,0 +1,3 @@
<Rules priority="1">
<Service type="deb" name="cups" status="on"/>
</Rules>