info["owner"] = "postgres" info["group"] = "postgres" info["mode"] = 0640 import sys sys.path.append('/usr/scripts') import lc_ldap.shortcuts conn = lc_ldap.shortcuts.lc_ldap_readonly() # Ip des serveurs ipv4o2 = str(conn.search(u'host=o2.adm.crans.org')[0]['ipHostNumber'][0]) ipv6o2 = str(conn.search(u'host=o2.adm.crans.org')[0]['ip6HostNumber'][0]) ipv4asterisk = str(conn.search(u'host=asterisk.adm.crans.org')[0]['ipHostNumber'][0]) ipv4zamok = str(conn.search(u'host=zamok.adm.crans.org')[0]['ipHostNumber'][0]) ipv6zamok = str(conn.search(u'host=zamok.adm.crans.org')[0]['ip6HostNumber'][0]) ipv4kenobi = str(conn.search(u'host=kenobi.adm.crans.org')[0]['ipHostNumber'][0]) ipv4owl = str(conn.search(u'host=owl.adm.crans.org')[0]['ipHostNumber'][0]) ipv6owl = str(conn.search(u'host=owl.adm.crans.org')[0]['ip6HostNumber'][0]) ipv4roundcube = str(conn.search(u'host=roundcube.adm.crans.org')[0]['ipHostNumber'][0]) ipv6roundcube = str(conn.search(u'host=roundcube.adm.crans.org')[0]['ip6HostNumber'][0]) ipv4horde = str(conn.search(u'host=horde.adm.crans.org')[0]['ipHostNumber'][0]) ipv6horde = str(conn.search(u'host=horde.adm.crans.org')[0]['ip6HostNumber'][0]) ipv4mediadrop = str(conn.search(u'host=mediadrop.adm.crans.org')[0]['ipHostNumber'][0]) ipv6mediadrop = str(conn.search(u'host=mediadrop.adm.crans.org')[0]['ip6HostNumber'][0]) ipv4titanic= str(conn.search(u'host=titanic.adm.crans.org')[0]['ipHostNumber'][0]) ipv6titanic= str(conn.search(u'host=titanic.adm.crans.org')[0]['ip6HostNumber'][0]) ipv4soyouz = str(conn.search(u'host=soyouz.adm.crans.org')[0]['ipHostNumber'][0]) ipv4redisdead = str(conn.search(u'host=redisdead.adm.crans.org')[0]['ipHostNumber'][0]) ipv6redisdead = str(conn.search(u'host=redisdead.adm.crans.org')[0]['ip6HostNumber'][0]) ipv4owncloud = str(conn.search(u'host=owncloud.adm.crans.org')[0]['ipHostNumber'][0]) ipv6owncloud = str(conn.search(u'host=owncloud.adm.crans.org')[0]['ip6HostNumber'][0]) out("""#Fichier géré par Bcfg2""") out("""# PostgreSQL Client Authentication Configuration File # =================================================== # # Refer to the "Client Authentication" section in the PostgreSQL # documentation for a complete description of this file. A short # synopsis follows. # # This file controls: which hosts are allowed to connect, how clients # are authenticated, which PostgreSQL user names they can use, which # databases they can access. Records take one of these forms: # # local DATABASE USER METHOD [OPTIONS] # host DATABASE USER ADDRESS METHOD [OPTIONS] # hostssl DATABASE USER ADDRESS METHOD [OPTIONS] # hostnossl DATABASE USER ADDRESS METHOD [OPTIONS] # # (The uppercase items must be replaced by actual values.) # # The first field is the connection type: "local" is a Unix-domain # socket, "host" is either a plain or SSL-encrypted TCP/IP socket, # "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a # plain TCP/IP socket. # # DATABASE can be "all", "sameuser", "samerole", "replication", a # database name, or a comma-separated list thereof. The "all" # keyword does not match "replication". Access to replication # must be enabled in a separate record (see example below). # # USER can be "all", a user name, a group name prefixed with "+", or a # comma-separated list thereof. In both the DATABASE and USER fields # you can also write a file name prefixed with "@" to include names # from a separate file. # # ADDRESS specifies the set of hosts the record matches. It can be a # host name, or it is made up of an IP address and a CIDR mask that is # an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that # specifies the number of significant bits in the mask. A host name # that starts with a dot (.) matches a suffix of the actual host name. # Alternatively, you can write an IP address and netmask in separate # columns to specify the set of hosts. Instead of a CIDR-address, you # can write "samehost" to match any of the server's own IP addresses, # or "samenet" to match any address in any subnet that the server is # directly connected to. # # METHOD can be "trust", "reject", "md5", "password", "gss", "sspi", # "krb5", "ident", "peer", "pam", "ldap", "radius" or "cert". Note that # "password" sends passwords in clear text; "md5" is preferred since # it sends encrypted passwords. # # OPTIONS are a set of options for the authentication in the format # NAME=VALUE. The available options depend on the different # authentication methods -- refer to the "Client Authentication" # section in the documentation for a list of which options are # available for which authentication methods. # # Database and user names containing spaces, commas, quotes and other # special characters must be quoted. Quoting one of the keywords # "all", "sameuser", "samerole" or "replication" makes the name lose # its special character, and just match a database or username with # that name. # # This file is read on server startup and when the postmaster receives # a SIGHUP signal. If you edit the file on a running system, you have # to SIGHUP the postmaster for the changes to take effect. You can # use "pg_ctl reload" to do that. # TYPE DATABASE USER ADDRESS METHOD host Syslog rsyslog 127.0.0.1/32 md5 #Intranet : venant d'o2, on autorise l'ecriture""") out("""host django crans """ + ipv4o2 + """/32 ident map=django""") out("""host django crans """ + ipv6o2 + """/128 ident map=django""") out(""" # Asterisk a besoin d'écrire depuis asterisk et depuis zamok""") out("""host django crans """ + ipv4asterisk + """/32 ident map=django""") out("""host django crans """ + ipv4zamok + """/32 ident map=django""") out(""" # Tout le reste sur adm est django_ro et crans_ro, pas besoin d'écrire""") out("""host django crans_ro 10.231.136.0/24 ident map=django_ro""") out("""host django crans_ro 2a01:240:fe3d:c804::/64 ident map=django_ro""") out(""" # kenobi""") out("""host etherpad crans """ + ipv4kenobi + """/32 ident map=etherpad""") out(""" # On autorise tout pour owl TODO : à proprifier""") out("""host roundcube roundcube """ + ipv4owl + """/32 ident map=webmail""") out("""host roundcube roundcube """ + ipv6owl + """/128 ident map=webmail""") out("""host all all """ + ipv4owl + """/32 ident""") out("""host all all """ + ipv6owl + """/128 ident""") out(""" # Roundcube a accès à sa base""") out("""host roundcube roundcube """ + ipv4roundcube + """/32 ident map=webmail""") out("""host roundcube roundcube """ + ipv6roundcube + """/128 ident map=webmail""") out(""" # sql grey pour zamok""") out("""host sqlgrey sqlgrey """ + ipv4zamok + """/32 ident""") out("""host sqlgrey sqlgrey """ + ipv6zamok + """/128 ident""") out(""" #Base de horde pour root et www-data""") out("""host horde5 www-data """ + ipv4horde + """/32 ident map=horde""") out("""host horde5 www-data """ + ipv6horde + """/128 ident map=horde""") out("""host horde5 root """ + ipv4horde + """/32 ident map=horde""") out("""host horde5 root """ + ipv6horde + """/128 ident map=horde""") out(""" #mediadrop""") out("""host mediadrop mediadrop """ + ipv4mediadrop + """/32 ident map=mediadrop""") out("""host mediadrop mediadrop """ + ipv6mediadrop + """/128 ident map=mediadrop""") out(""" # SQLgrey depuis titanic""") out("""host sqlgrey sqlgrey """ + ipv4titanic + """/32 ident""") out("""host sqlgrey sqlgrey """ + ipv6titanic + """/128 ident""") out(""" # SQLgrey depuis soyouz""") out("""host sqlgrey sqlgrey """ + ipv4soyouz + """/32 ident""") out(""" # SQLgrey depuis redisdead""") out("""host sqlgrey sqlgrey """ + ipv4redisdead + """/32 ident""") out("""host sqlgrey sqlgrey """ + ipv6redisdead + """/128 ident""") out(""" # SQLgrey local""") out("""local sqlgrey sqlgrey ident map=sqlgrey""") out(""" # Base de correspondance mac_prises pour surveillance""") out("""host mac_prises crans 10.231.136.0/24 ident map=mac_prises""") out("""host mac_prises crans 2a01:240:fe3d:c804::/64 ident map=mac_prises""") out("""local mac_prises crans ident map=mac_prises""") out(""" #Base pour owncloud""") out("""host owncloud owncloud """ + ipv4owncloud + """/24 md5""") out("""host owncloud owncloud """ + ipv6owncloud + """/128 md5""")