crans/scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[gen_confs/bind] Récupération des certificats pour le TLSA de façon plus paresseuse

Browse source
This commit is contained in:
Valentin Samir 2014-02-14 00:58:53 +01:00
parent e6eb09b116
commit 7c7085efea
1 changed files with 32 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

45
gestion/gen_confs/bind.py
View file

@ -445,19 +445,6 @@ class dns(gen_config) :
} }
EXTRAS = {
'crans.org' : [
TLSA('cas.crans.org.', 443, 'tcp', None, 3, 2),
TLSA('wiki.crans.org.', 443, 'tcp', None, 3, 2),
TLSA('perso.crans.org.', 443, 'tcp', None, 3, 2),
TLSA('intranet.crans.org.', 443, 'tcp', None, 3, 2),
TLSA('webmail.crans.org.', 443, 'tcp', None, 3, 2),
TLSA('horde.crans.org.', 443, 'tcp', None, 3, 2),
TLSA('roundcube.crans.org.', 443, 'tcp', None, 3, 2),
TLSA('sogo.crans.org.', 443, 'tcp', None, 3, 2),
]
}
hostname = short_name(gethostname()) hostname = short_name(gethostname())
serial = int(time.time()) + 1000000000 serial = int(time.time()) + 1000000000
TTL = 3600 TTL = 3600
@ -467,6 +454,38 @@ class dns(gen_config) :
else: else:
restart_cmd = '/etc/init.d/bind9 reload' restart_cmd = '/etc/init.d/bind9 reload'
def __init__(self, *args, **kwargs):
xmpp_cert = ssl.get_server_certificate(('xmpp.crans.org', 443), ca_certs='/etc/ssl/certs/ca-certificates.crt')
self.EXTRAS = {
'crans.org' : [
TLSA('crans.org.', 443, 'tcp', None, 3, 2),
TLSA('www.crans.org.', 443, 'tcp', None, 3, 2),
TLSA('cas.crans.org.', 443, 'tcp', None, 3, 2),
TLSA('wiki.crans.org.', 443, 'tcp', None, 3, 2),
TLSA('perso.crans.org.', 443, 'tcp', None, 3, 2),
TLSA('intranet.crans.org.', 443, 'tcp', None, 3, 2),
TLSA('intranet2.crans.org.', 443, 'tcp', None, 3, 2),
TLSA('webmail.crans.org.', 443, 'tcp', None, 3, 2),
TLSA('horde.crans.org.', 443, 'tcp', None, 3, 2),
TLSA('roundcube.crans.org.', 443, 'tcp', None, 3, 2),
TLSA('sogo.crans.org.', 443, 'tcp', None, 3, 2),
TLSA('git.crans.org.', 443, 'tcp', None, 3, 2),
TLSA('nagios.crans.org.', 443, 'tcp', None, 3, 2),
TLSA('pad.crans.org.', 443, 'tcp', None, 3, 2),
TLSA('news.crans.org.', 443, 'tcp', None, 3, 2),
TLSA('asterisk.crans.org.', 5061, 'tcp', None, 3, 2),
TLSA('smtp.crans.org.', 465, 'tcp', None, 3, 2),
TLSA('imap.crans.org.', 993, 'tcp', None, 3, 2),
TLSA('xmpp', 5222, 'tcp', xmpp_cert, 3, 2),
TLSA('xmpp', 5269, 'tcp', xmpp_cert, 3, 2),
TLSA('xmpp', 443, 'tcp', xmpp_cert, 3, 2),
TLSA('jabber', 443, 'tcp', xmpp_cert, 3, 2),
],
'wifi.crans.org' : [
TLSA('wifi.crans.org.', 443, 'tcp', None, 3, 2),
],
}
super(dns, self).__init__(*args, **kwargs)
def gen_soa(self, ns_list, serial, ttl): def gen_soa(self, ns_list, serial, ttl):
return SOA(ns_list[0], 'root.crans.org', serial, 21600, 3600, 1209600, ttl) return SOA(ns_list[0], 'root.crans.org', serial, 21600, 3600, 1209600, ttl)