Ajout de la possibilité de trigger le déclenchement de generate par ssh depuis le réseau adm par le groupe adm

Python/etc/crans/secrets/trigger-generate

@@ -0,0 +1,4 @@
+info["perms"] = 0440
+info["owner"] = "root"
+info["group"] = "adm"
+print file("/etc/crans/secrets/trigger-generate").read()

Python/etc/crans/secrets/trigger-generate.pub

@@ -0,0 +1,4 @@
+info["perms"] = 0444
+info["owner"] = "root"
+info["group"] = "adm"
+print file("/etc/crans/secrets/trigger-generate.pub").read()

Python/etc/sudoers

@@ -90,6 +90,8 @@ if has("users"):
 monit_path = '/usr/%sbin/monit' % ('' if has('wheezy') else 's')
 print "%%respbats   ALL=(ALL) NOPASSWD: %s summary, %s status" % (monit_path, monit_path)
 
+if has('generate'):
+    print "rpcssh ALL=(ALL) NOPASSWD: /usr/scripts/gestion/gen_confs/generate.py"
 if has('arpwatch'):
     @# arpwatch
     print "arpwatch   ALL=(arpwatch%s) NOPASSWD:/usr/scripts/surveillance/arpwatch_sendmail.py" % (addit)

Python/var/local/rpcssh/.ssh/authorized_keys

@@ -0,0 +1,12 @@
+# -*- mode: python; encoding: utf-8 -*-
+
+info["owner"] = "rpcssh"
+info["group"] = "users"
+info["perms"] = 0644
+
+comment_start = "#"
+
+header("Clef pour lancer des commandes en temps réel sur les serveurs")
+
+if has("generate"):
+    print 'command="sudo /usr/scripts/gestion/gen_confs/generate.py",from="10.231.136.0/24,2a01:240:fe3d:c804::/64",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding %s' % open('/etc/crans/secrets/trigger-generate.pub').read()