KNEL/LegacyTechops
2
0
Fork 0
Code Pull Requests Actions Packages Projects Releases Activity

rollup from old

Browse Source
This commit is contained in:
Charles N Wyble - admin
2024-04-21 14:46:15 -05:00
parent 119169009f
commit 17ed3bce46
131 changed files with 3 additions and 41809 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
archive/CMDB/snmp/.svn/text-base/setup-snmp.sh.svn-base Executable file → Normal file
View File

0
archive/CMDB/snmp/distro Executable file → Normal file
View File

0
archive/CMDB/snmp/setup-snmp.sh Executable file → Normal file
View File

0
archive/CMDB/zenossScan.sh Executable file → Normal file
View File

0
archive/lab/vagrant/docker/thefnf/freeside/Makefile Executable file → Normal file
View File

53
archive/mtpconfigs/ovh/shared-router/shorewall/conntrack
View File

@@ -1,53 +0,0 @@
#
# Shorewall version 4 - conntrack File
#
# For information about entries in this file, type "man shorewall-conntrack"
#
##############################################################################################################
?FORMAT 3
#ACTION SOURCE DESTINATION PROTO DEST SOURCE USER/ SWITCH
# PORT(S) PORT(S) GROUP
?if $AUTOHELPERS && __CT_TARGET
?if __AMANDA_HELPER
CT:helper:amanda:PO - - udp 10080
?endif
?if __FTP_HELPER
CT:helper:ftp:PO - - tcp 21
?endif
?if __H323_HELPER
CT:helper:RAS:PO - - udp 1719
CT:helper:Q.931:PO - - tcp 1720
?endif
?if __IRC_HELPER
CT:helper:irc:PO - - tcp 6667
?endif
?if __NETBIOS_NS_HELPER
CT:helper:netbios-ns:PO - - udp 137
?endif
?if __PPTP_HELPER
CT:helper:pptp:PO - - tcp 1723
?endif
?if __SANE_HELPER
CT:helper:sane:PO - - tcp 6566
?endif
?if __SIP_HELPER
CT:helper:sip:PO - - udp 5060
?endif
?if __SNMP_HELPER
CT:helper:snmp:PO - - udp 161
?endif
?if __TFTP_HELPER
CT:helper:tftp:PO - - udp 69
?endif
?endif

13
archive/mtpconfigs/ovh/shared-router/shorewall/interfaces
View File

@@ -1,13 +0,0 @@
#ZONE INTERFACE OPTIONS
rr eth0 detect tcpflags,nosmurfs,routefilter,logmartians
wan eth1 detect tcpflags,nosmurfs,routefilter,logmartians,sourceroute=0
barm eth2 detect tcpflags,nosmurfs,routefilter,logmartians
mgmt eth3 detect tcpflags,nosmurfs,routefilter,logmartians
asn eth4 detect tcpflags,nosmurfs,routefilter,logmartians
s2l eth5 detect tcpflags,nosmurfs,routefilter,logmartians
fnf eth6 detect tcpflags,nosmurfs,routefilter,logmartians
knel eth7 detect tcpflags,nosmurfs,routefilter,logmartians
tsys eth8 detect tcpflags,nosmurfs,routefilter,logmartians
vpnrwr tun0 detect dhcp
vpnauslab tun1 detect dhcp
vpnasn2net tun2 detect dhcp

19
archive/mtpconfigs/ovh/shared-router/shorewall/masq
View File

@@ -1,19 +0,0 @@
#
# Shorewall version 4.0 - Sample Masq file for two-interface configuration.
# Copyright (C) 2006 by the Shorewall Team
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# See the file README.txt for further details.
#------------------------------------------------------------------------------
# For information about entries in this file, type "man shorewall-masq"
################################################################################################################
#INTERFACE:DEST SOURCE ADDRESS PROTO PORT(S) IPSEC MARK USER/ SWITCH ORIGINAL
# GROUP DEST
eth1 10.0.0.0/8,\
169.254.0.0/16,\
172.16.0.0/12,\
192.168.0.0/16

28
archive/mtpconfigs/ovh/shared-router/shorewall/params
View File

@@ -1,28 +0,0 @@
#
# Shorewall version 4 - Params File
#
# /etc/shorewall/params
#
# Assign any variables that you need here.
#
# It is suggested that variable names begin with an upper case letter
# to distinguish them from variables used internally within the
# Shorewall programs
#
# Example:
#
# NET_IF=eth0
# NET_BCAST=130.252.100.255
# NET_OPTIONS=routefilter,norfc1918
#
# Example (/etc/shorewall/interfaces record):
#
# net $NET_IF $NET_BCAST $NET_OPTIONS
#
# The result will be the same as if the record had been written
#
# net eth0 130.252.100.255 routefilter,norfc1918
#
###############################################################################
#LAST LINE -- DO NOT REMOVE

20
archive/mtpconfigs/ovh/shared-router/shorewall/policy
View File

@@ -1,20 +0,0 @@
#SOURCE ZONE DESTINATION ZONE POLICY LOG LIMIT:BURST
# LEVEL
#Allow the firewall to get out to the net. Updates/e-mail alerts etc. I could pinhole this, but meh COME AT ME NSA
$FW wan ACCEPT
#Road warrior is trusted. It serves as an extension of the mgmt net.
vpnrwr all ACCEPT
#Anything transisting the vpn link between ausprod-core-rtr01 and tsys-rtr has already been passed firewall rules and IPS inspection.
#Otherwise I wouldn't allow this
vpnauslab all ACCEPT
#Drop everything inbound from the big bad world that isn't explicitly allowed.
#Cause the net is where the NSA lives
wan all DROP
#Drop everything that isn't explicitly allowed.
#Make explicit rules for everything yo. The NSA says you should. Duh.
# #state-sponsored-malware #stuxnet-was-an-inside-job
all all REJECT info

113
archive/mtpconfigs/ovh/shared-router/shorewall/rules
View File

@@ -1,113 +0,0 @@
#ACTION SOURCE DEST PROTO DEST PORT(S) SOURCE ORIGINAL
###########################################################################################################################################################################################################
#Inbound DNAT forwarding from WAN to various zone/ip pinholes
###########################################################################################################################################################################################################
#########################################################
#KNEL rules
#158.69.183.165/29 eth1:2
#########################################################
DNAT wan knel:10.253.8.72 tcp 443 - 158.69.183.165
DNAT wan knel:10.253.8.72 tcp 80 - 158.69.183.165
DNAT wan knel:10.253.8.72 tcp 993 - 158.69.183.165
DNAT wan knel:10.253.8.72 tcp 25 - 158.69.183.165
DNAT wan knel:10.253.8.72 tcp 465 - 158.69.183.165
DNAT wan knel:10.253.8.72 tcp 5222 - 158.69.183.165
#########################################################
#TSYS rules
#158.69.183.161/29 eth1
#########################################################
DNAT wan tsys:10.253.9.78 tcp 443 - 158.69.183.161
DNAT wan tsys:10.253.9.78 tcp 80 - 158.69.183.161
DNAT wan tsys:10.253.9.78 tcp 25 - 158.69.183.161
DNAT wan tsys:10.253.9.78 tcp 465 - 158.69.183.161
DNAT wan tsys:10.253.9.78 tcp 5222 - 158.69.183.161
#########################################################
#RackRental WAN rules
#158.69.183.164/29 eth1:1
#########################################################
#158.69.183.164/29
DNAT wan rr:10.253.6.81 tcp 443 - 158.69.183.164
DNAT wan rr:10.253.6.81 tcp 80 - 158.69.183.164
############################################################
#S2l/asn WAN rules handled by their upstream routers/admins
############################################################
###########################################################################################################################################################################################################
#site to site and road warrior VPN rules
###########################################################################################################################################################################################################
#Allow road warrior connectivity from anywhere
ACCEPT wan fw udp 443
#Allow auslab site to site vpn
ACCEPT wan fw tcp 1195
ACCEPT wan fw udp 1195
############################################################
#FW rules for RoadWarrior VPN
############################################################
ACCEPT all vpnrwr all
############################################################
#FW rules for STS VPN - AUSLAB
#ACCEPT loc vpnauslab all
############################################################
ACCEPT vpnauslab all all
ACCEPT $FW vpnauslab all
############################################################
#FW rules for STS VPN - client - asn2net
#Lock this down soon
############################################################
ACCEPT $FW vpnasn2net all
ACCEPT vpnasn2net $FW all
###########################################################################################################################################################################################################
#outbound from various local nets and the firewall to WAN
###########################################################################################################################################################################################################
ACCEPT rr wan all #Lock this down soon
ACCEPT rr tsys all #Lock this down soon
ACCEPT knel,tsys,mgmt wan all
#Temp rules to get stuff working..
ACCEPT $FW all all #Fw can access everything for now, Lock this down later
ACCEPT mgmt $FW
ACCEPT vpnauslab mgmt all
ACCEPT vpnauslab all all
###########################################################################################################################################################################################################
#intra zone pinhole rules
###########################################################################################################################################################################################################
ACCEPT vpnrwr,rr,barm,tsys,knel,fnf mgmt:10.253.3.86 udp 53
ACCEPT vpnrwr,rr,barm,tsys,knel,fnf mgmt:10.253.3.86 tcp 53
###########################################################################################################################################################################################################
#intra zone wide rules
###########################################################################################################################################################################################################
#Mgmt can hit everything yo, cause it's fucking management with a capital M
ACCEPT mgmt barm,tsys,knel,fnf,vpnrwr,asn,s2l,vpnauslab all
#Ad replication rule
ACCEPT mgmt:10.253.3.86 vpnauslab:10.251.2.98 all
ACCEPT vpnauslab:10.251.2.98 mgmt:10.253.3.86 all
#Zenoss rule
ACCEPT mgmt:10.253.3.77 all all
#Brendan mgmt access
ACCEPT vpnasn2net:10.30.1.2 mgmt:10.253.3.86 udp 53
ACCEPT vpnasn2net:10.30.1.2 mgmt:10.253.3.86 tcp 53
ACCEPT vpnasn2net:10.30.3.0/24 $FW
ACCEPT vpnasn2net:10.30.2.0/24 $FW
ACCEPT vpnasn2net:10.30.2.0/24 mgmt
ACCEPT vpnasn2net:10.30.3.0/24 mgmt

274
archive/mtpconfigs/ovh/shared-router/shorewall/shorewall.conf
View File

@@ -1,274 +0,0 @@
###############################################################################
#
# Shorewall Version 4 -- /etc/shorewall/shorewall.conf
#
# For information about the settings in this file, type "man shorewall.conf"
#
# Manpage also online at http://www.shorewall.net/manpages/shorewall.conf.html
###############################################################################
# S T A R T U P E N A B L E D
###############################################################################
STARTUP_ENABLED=Yes
###############################################################################
# V E R B O S I T Y
###############################################################################
VERBOSITY=1
###############################################################################
# L O G G I N G
###############################################################################
BLACKLIST_LOG_LEVEL=
INVALID_LOG_LEVEL=
LOG_MARTIANS=Yes
LOG_VERBOSITY=2
LOGALLNEW=
LOGFILE="/var/log/firewall.log"
LOGFORMAT="%s:%s:"
LOGTAGONLY=No
LOGLIMIT=
MACLIST_LOG_LEVEL=info
RELATED_LOG_LEVEL=
RPFILTER_LOG_LEVEL=info
SFILTER_LOG_LEVEL=info
SMURF_LOG_LEVEL=info
STARTUP_LOG=/var/log/shorewall-init.log
TCP_FLAGS_LOG_LEVEL=info
UNTRACKED_LOG_LEVEL=
###############################################################################
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
###############################################################################
ARPTABLES=
CONFIG_PATH="${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
GEOIPDIR=/usr/share/xt_geoip/LE
IPTABLES=
IP=
IPSET=
LOCKFILE=
MODULESDIR=
NFACCT=
PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin"
PERL=/usr/bin/perl
RESTOREFILE=restore
SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK=""
TC=
###############################################################################
# D E F A U L T A C T I O N S / M A C R O S
###############################################################################
ACCEPT_DEFAULT=none
DROP_DEFAULT=Drop
NFQUEUE_DEFAULT=none
QUEUE_DEFAULT=none
REJECT_DEFAULT=Reject
###############################################################################
# R S H / R C P C O M M A N D S
###############################################################################
RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
RSH_COMMAND='ssh ${root}@${system} ${command}'
###############################################################################
# F I R E W A L L O P T I O N S
###############################################################################
ACCOUNTING=Yes
ACCOUNTING_TABLE=filter
ADD_IP_ALIASES=No
ADD_SNAT_ALIASES=No
ADMINISABSENTMINDED=Yes
IGNOREUNKNOWNVARIABLES=No
AUTOCOMMENT=Yes
AUTOHELPERS=Yes
AUTOMAKE=No
BLACKLIST="NEW,INVALID,UNTRACKED"
CHAIN_SCRIPTS=Yes
CLAMPMSS=No
CLEAR_TC=Yes
COMPLETE=No
DEFER_DNS_RESOLUTION=Yes
DELETE_THEN_ADD=Yes
DETECT_DNAT_IPADDRS=No
DISABLE_IPV6=No
DONT_LOAD=
DYNAMIC_BLACKLIST=Yes
EXPAND_POLICIES=Yes
EXPORTMODULES=Yes
FASTACCEPT=No
FORWARD_CLEAR_MARK=
HELPERS=
IMPLICIT_CONTINUE=No
IPSET_WARNINGS=Yes
IP_FORWARDING=On
KEEP_RT_TABLES=No
LEGACY_FASTSTART=Yes
LOAD_HELPERS_ONLY=No
MACLIST_TABLE=filter
MACLIST_TTL=
MANGLE_ENABLED=Yes
MAPOLDACTIONS=No
MARK_IN_FORWARD_CHAIN=No
MODULE_SUFFIX=ko
MULTICAST=Yes
MUTEX_TIMEOUT=60
NULL_ROUTE_RFC1918=No
OPTIMIZE=0
OPTIMIZE_ACCOUNTING=No
REJECT_ACTION=
REQUIRE_INTERFACE=No
RESTORE_DEFAULT_ROUTE=Yes
RESTORE_ROUTEMARKS=Yes
RETAIN_ALIASES=No
ROUTE_FILTER=Yes
SAVE_ARPTABLES=No
SAVE_IPSETS=No
TC_ENABLED=Internal
TC_EXPERT=No
TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2"
TRACK_PROVIDERS=No
TRACK_RULES=No
USE_DEFAULT_RT=No
USE_PHYSICAL_NAMES=No
USE_RT_NAMES=No
WARNOLDCAPVERSION=Yes
ZONE2ZONE=2
###############################################################################
# P A C K E T D I S P O S I T I O N
###############################################################################
BLACKLIST_DISPOSITION=DROP
INVALID_DISPOSITION=CONTINUE
MACLIST_DISPOSITION=REJECT
RELATED_DISPOSITION=ACCEPT
RPFILTER_DISPOSITION=DROP
SMURF_DISPOSITION=DROP
SFILTER_DISPOSITION=DROP
TCP_FLAGS_DISPOSITION=DROP
UNTRACKED_DISPOSITION=CONTINUE
################################################################################
# P A C K E T M A R K L A Y O U T
################################################################################
TC_BITS=
PROVIDER_BITS=
PROVIDER_OFFSET=
MASK_BITS=
ZONE_BITS=0
################################################################################
# L E G A C Y O P T I O N
# D O N O T D E L E T E O R A L T E R
################################################################################
IPSECFILE=zones

14
archive/mtpconfigs/ovh/shared-router/shorewall/zones
View File

@@ -1,14 +0,0 @@
#ZONE TYPE OPTIONS
fw firewall
rr ipv4
wan ipv4
barm ipv4
mgmt ipv4
asn ipv4
s2l ipv4
fnf ipv4
knel ipv4
tsys ipv4
vpnrwr ipv4
vpnauslab ipv4
vpnasn2net ipv4

30
archive/rundeck/auslab
View File

@@ -1,30 +0,0 @@
ausprod-core-rtr01-vlmgmt.turnsys.net:
hostname: ausprod-core-rtr01-vlmgmt.turnsys.net
username: root
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
tags: 'prod,auslab,physical,infra'
ausprod-labsvr.turnsys.net:
hostname: ausprod-labsvr.turnsys.net
username: root
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
tags: 'prod,auslab,physical,subo'
fsky2-rpi3.turnsys.net:
hostname: fsky2-rpi3.turnsys.net
username: root
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
tags: 'prod,auslab,physical,subo'
subo-logtest.turnsys.net:
hostname: subo-logtest.turnsys.net
username: root
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
tags: 'prod,auslab,physical,subo'
fground01.turnsys.net:
hostname: fground01.turnsys.net
username: root
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
tags: 'prod,auslab,physical,subo'
fground-flink.turnsys.net:
hostname: fground-flink.turnsys.net
username: root
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
tags: 'prod,auslab,physical,subo'

35
archive/rundeck/ovh
View File

@@ -1,35 +0,0 @@
shared-router.turnsys.net:
hostname: shared-router.turnsys.net
username: root
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
tags: 'prod,ovh,virtual,infra'
tsys-cloud.turnsys.net:
hostname: tsys-cloud.turnsys.net
username: root
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
tags: 'prod,ovh,virtual,tsys'
tsys-rr-shell.turnsys.net:
hostname: tsys-rr-shell.turnsys.net
username: root
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
tags: 'prod,ovh,virtual,rr'
tsys-rr-app.turnsys.net:
hostname: tsys-rr-app.turnsys.net
username: root
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
tags: 'prod,ovh,virtual,rr'
toolbox.turnsys.net:
hostname: toolbox.turnsys.net
username: root
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
tags: 'prod,ovh,virtual,infra'
shared-build.turnsys.net:
hostname: shared-build.turnsys.net
username: root
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
tags: 'prod,ovh,virtual,infra'
shared-zenoss.turnsys.net:
hostname: shared-zenoss.turnsys.net
username: root
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
tags: 'prod,ovh,virtual,infra'

20
archive/rundeck/satx
View File

@@ -1,20 +0,0 @@
ausprod-linsrv.turnsys.net:
hostname: ausprod-linsrv.turnsys.net
username: root
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
tags: 'prod,satx,physical,infra'
tsyscn4.turnsys.net:
hostname: tsyscn4.turnsys.net
username: root
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
tags: 'satx,physical,infra,tsys'
satxtimeserver.turnsys.net:
hostname: satxtimeserver.turnsys.net
username: root
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
tags: 'prod,satx,physical,infra'
octoprint.turnsys.net:
hostname: octoprint.turnsys.net
username: root
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
tags: 'prod,satx,physical,infra'

99
archive/rundeck/sshConfig
View File

@@ -1,99 +0,0 @@
StrictHostKeyChecking no
#IdentityFile /home/cwyble/.ssh/id_rsa
#Production systems
Host asn2net-linsrv
User asn2net
Hostname asn2net-linsrv.turnsys.net
Host asn2net-router
User admin
Hostname asn2net-router.turnsys.net
Host ausprod-core-ap01
Hostname ausprod-core-ap01.turnsys.net
User cisco
Host ausprod-core-rtr01
User localuser
Hostname ausprod-core-rtr01-vlmgmt.turnsys.net
Host ausprod-lab-sw01
Hostname ausprod-labsw01.turnsys.net
Host ausprod-lab-sw02
Hostname ausprod-labsw02.turnsys.net
Host ausprod-consrv
User root
ForwardX11 no
Hostname ausprod-consrv.turnsys.net
Host auslab-power
User root:7048
Hostname ausprod-consrv.turnsys.net
ForwardX11 no
Host ausprod-labsvr
User root
Hostname ausprod-labsvr.turnsys.net
Host ausprod-linsrv
User localuser
Hostname ausprod-linsrv.turnsys.net
Host dedi
User root
Hostname dedi.turnsys.com
ForwardX11 yes
Host shared-boss
User localuser
Hostname shared-boss.turnsys.net
Host shared-build
User localuser
Hostname shared-build.turnsys.net
Host shared-router
User root
Hostname shared-router.turnsys.net
Host toolbox
User localuser
Hostname toolbox.turnsys.net
Host shared-voip
User localuser
Hostname shared-voip.turnsys.net
Host shared-zenoss
User root
Hostname shared-zenoss.turnsys.net
Host tsys-rr-app
User root
Hostname tsys-rr-app.turnsys.net
Host tsys-rr-shell
User localuser
Hostname tsys-rr-shell.turnsys.net
Host tsys-cloud
User root
Hostname tsys-cloud.turnsys.net
Host tsyscn4
User localuser
Hostname tsyscn4.turnsys.net
Host shallowblue
User localuser
Hostname shallowblue.turnsys.net
Host tsys-taiga
User localuser
Hostname tsys-taiga.turnsys.net
Host subo-fground
User fground
Hostname fground01.turnsys.net
Host subo-fground-flink
User pi
Hostname fground-flink.turnsys.net
Host subo-fsky
User pi
Hostname fsky2-rpi3.turnsys.net
Host subo-logtest
User fground
Hostname subo-logtest.turnsys.net
Host satxtimeserver
User pi
Hostname satxtimeserver.turnsys.net
#Host ausprod-oob-sw01
#Host ausprod-oob-sw02
Host *
ForwardAgent yes

257
archive/slack-runtime/bin/distro
View File

@@ -1,257 +0,0 @@
#!/bin/sh
# Observium License Version 1.0
#
# Copyright (c) 2013 Joe Holden
#
# The intent of this license is to establish the freedom to use, share and contribute to
# the software regulated by this license.
#
# This license applies to any software containing a notice placed by the copyright holder
# saying that it may be distributed under the terms of this license. Such software is herein
# referred to as the Software. This license covers modification and distribution of the
# Software.
#
# Granted Rights
#
# 1. You are granted the non-exclusive rights set forth in this license provided you agree to
# and comply with any and all conditions in this license. Whole or partial distribution of the
# Software, or software items that link with the Software, in any form signifies acceptance of
# this license.
#
# 2. You may copy and distribute the Software in unmodified form provided that the entire package,
# including - but not restricted to - copyright, trademark notices and disclaimers, as released
# by the initial developer of the Software, is distributed.
#
# 3. You may make modifications to the Software and distribute your modifications, in a form that
# is separate from the Software, such as patches. The following restrictions apply to modifications:
#
# a. Modifications must not alter or remove any copyright notices in the Software.
# b. When modifications to the Software are released under this license, a non-exclusive royalty-free
# right is granted to the initial developer of the Software to distribute your modification in
# future versions of the Software provided such versions remain available under these terms in
# addition to any other license(s) of the initial developer.
#
# Limitations of Liability
#
# In no event shall the initial developers or copyright holders be liable for any damages whatsoever,
# including - but not restricted to - lost revenue or profits or other direct, indirect, special,
# incidental or consequential damages, even if they have been advised of the possibility of such damages,
# except to the extent invariable law, if any, provides otherwise.
#
# No Warranty
#
# The Software and this license document are provided AS IS with NO WARRANTY OF ANY KIND, INCLUDING THE
# WARRANTY OF DESIGN, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
#
# URL: https://github.com/joeholden/distroscript/
# README: https://raw.github.com/joeholden/distroscript/master/README.md
# Shells are made of dicks.
DISTROSCRIPT="1.0.15"
if [ -z ${DISTROFORMAT} ]; then
DISTROFORMAT="pipe"
fi
if [ -n "${AGENT_LIBDIR}" -o -n "${MK_LIBDIR}" ]; then
# Set output for check_mk/observium agent
DISTROFORMAT="export"
fi
getos() {
OS=`uname -s`
if [ "${OS}" = "SunOS" ]; then
OS="Solaris"
elif [ "${OS}" = "DragonFly" ]; then
OS="DragonFlyBSD"
fi
export OS
return 0
}
getkernel() {
KERNEL=`uname -r`
export KERNEL
return 0
}
getdistro() {
if [ "${OS}" = "Linux" ]; then
if [ -f /etc/os-release ]; then
. /etc/os-release
DISTRO=`echo ${NAME} | awk '{print $1}'`
elif [ -x /usr/bin/lsb_release ]; then
DISTRO=`/usr/bin/lsb_release -si 2>/dev/null`
elif [ -f /etc/redhat-release ]; then
DISTRO=`cat /etc/redhat-release | awk '{print $1}'`
elif [ -f /etc/fedora-release ]; then
DISTRO="Fedora"
elif [ -f /etc/mandriva-release ]; then
DISTRO="Mandriva"
elif [ -f /etc/arch-release ]; then
DISTRO="ArchLinux"
elif [ -f /etc/gentoo-release ]; then
DISTRO="Gentoo"
elif [ -f /etc/SuSE-release ]; then
DISTRO="SuSE"
elif [ -f /etc/mandrake-release ]; then
DISTRO="Mandrake"
elif [ -f /etc/debian_version ]; then
# shit based on debian
if [ -f /etc/mailcleaner/etc/mailcleaner/version.def ]; then
DISTRO="MailCleaner"
else
DISTRO="Debian"
fi
elif [ -f /etc/UnitedLinux-release ]; then
DISTRO="UnitedLinux"
elif [ -f /etc/openwrt_version ]; then
DISTRO="OpenWRT"
elif [ -f /etc/slackware-version ]; then
DISTRO="Slackware"
else
DISTRO="Unknown"
fi
# Fixing some Distro names
if [ "${DISTRO}" = "Debian GNU/Linux" ]; then
DISTRO="Debian"
elif [ "${DISTRO}" = "Red" -o "${DISTRO}" = "RedHatEnterpriseServer" ]; then
DISTRO="RedHat"
elif [ "${DISTRO}" = "Arch" ]; then
DISTRO="ArchLinux"
fi
elif [ "${OS}" = "FreeBSD" ]; then
if [ -f /etc/platform -a -f /etc/version ]; then
DISTRO="pfSense"
elif [ -f /etc/platform -a -f /etc/prd.name ]; then
DISTRO=`cat /etc/prd.name`
elif [ -f /usr/local/bin/pbreg ]; then
DISTRO="PC-BSD"
elif [ -f /tmp/freenas_config.md5 ]; then
DISTRO="FreeNAS"
else
DISTRO=
fi
elif [ "${OS}" = "Solaris" ]; then
DISTRO=`head -n 1 /etc/release | awk '{print $1}'`
if [ "${DISTRO}" = "Solaris" -o "${DISTRO}" = "Oracle" ]; then
DISTRO=
fi
elif [ "${OS}" = "Darwin" ]; then
case `uname -m` in
AppleTV2*)
DISTRO="AppleTV2"
;;
AppleTV3*)
DISTRO="AppleTV3"
;;
iPhone*)
DISTRO="iPhone"
;;
iPod*)
DISTRO="iPOD"
;;
*)
DISTRO="OSX"
;;
esac
else
DISTRO=
fi
export DISTRO
return 0
}
getarch() {
if [ "${OS}" = "Solaris" ]; then
ARCH=`isainfo -k`
elif [ "${OS}" = "Darwin" ]; then
ARCH=`uname -p`
else
ARCH=`uname -m`
fi
if [ "${OS}" = "Linux" ]; then
if [ "${ARCH}" = "x86_64" ]; then
ARCH="amd64"
elif [ "${ARCH}" = "i486" -o "${ARCH}" = "i586" -o "${ARCH}" = "i686" ]; then
ARCH="i386"
fi
fi
export ARCH
return 0
}
getversion() {
if [ "${OS}" = "FreeBSD" -o "${OS}" = "DragonFlyBSD" ]; then
if [ "${DISTRO}" = "pfSense" ]; then
VERSION=`cat /etc/version`
elif [ "${DISTRO}" = "PC-BSD" ]; then
VERSION=`pbreg get /PC-BSD/Version`
elif [ -f /etc/prd.version ]; then
VERSION=`cat /etc/prd.version`
else
VERSION=`uname -i`
fi
elif [ "${OS}" = "OpenBSD" -o "${OS}" = "NetBSD" ]; then
VERSION=`uname -v`
elif [ "${OS}" = "Linux" ]; then
if [ "${DISTRO}" = "OpenWRT" ]; then
VERSION=`cat /etc/openwrt_version`
elif [ "${DISTRO}" = "Slackware" ]; then
VERSION=`cat /etc/slackware-version | cut -d" " -f2`
elif [ -f /etc/redhat-release ]; then
VERSION=`cat /etc/redhat-release | sed 's/.*release\ //' | sed 's/\ .*//'`
elif [ -x /usr/bin/lsb_release ]; then
VERSION=`lsb_release -sr 2>/dev/null`
elif [ -f /etc/os-release ]; then
. /etc/os-release
VERSION=${VERSION_ID}
else
VERSION=
fi
elif [ "${OS}" = "Darwin" ]; then
VERSION=`sw_vers -productVersion`
elif [ "${OS}" = "Solaris" ]; then
VERSION=`uname -v`
fi
export VERSION
return 0
}
if [ -z ${DISTROEXEC} ]; then
getos
getkernel
getarch
getdistro
getversion
if [ "${AGENT_LIBDIR}" -o "${MK_LIBDIR}" ]; then
echo "<<<distro>>>"
fi
if [ "${DISTROFORMAT}" = "pipe" ]; then
echo "${OS}|${KERNEL}|${ARCH}|${DISTRO}|${VERSION}"
elif [ "${DISTROFORMAT}" = "twopipe" ]; then
echo "${OS}||${KERNEL}||${ARCH}||${DISTRO}||${VERSION}"
elif [ "${DISTROFORMAT}" = "ini" ]; then
echo "[distroscript]"
echo " OS = ${OS}"
echo " KERNEL = ${KERNEL}"
echo " ARCH = ${ARCH}"
echo " DISTRO = ${DISTRO}"
echo " DISTROVER = ${VERSION}"
echo " SCRIPTVER = ${DISTROSCRIPT}"
elif [ "${DISTROFORMAT}" = "export" ]; then
echo "OS=${OS}"
echo "KERNEL=${KERNEL}"
echo "ARCH=${ARCH}"
echo "DISTRO=${DISTRO}"
echo "DISTROVER=${VERSION}"
echo "SCRIPTVER=${DISTROSCRIPT}"
else
echo "Unsupported output format."
exit 1
fi
exit 0
fi

60
archive/slack-runtime/bin/slackInstall.sh
View File

@@ -1,60 +0,0 @@
#!/bin/bash
#A script to bootstrap slack onto any TURNSYS managed system in any environment.
#Use this as a template for writing TURNSYS shell scripts
slack-install()
{
wget http://toolbox.turnsys.net/sysinfra/slack/bin/distro -O /usr/bin/distro
chmod +x /usr/bin/distro
apt-get -y install make perl rsync
mkdir /tmp/slackDist
wget http://toolbox.turnsys.net/sysinfra/slack/slackDist.tar.gz -O /tmp/slackDist/slackDist.tar.gz
cd /tmp/slackDist
tar xvfz slackDist.tar.gz
make install
cd /tmp
rm -rf slackDist
mkdir /root/.ssh
chmod 700 /root/.ssh
chown -R root:root /root/.ssh
wget http://toolbox.turnsys.net/sysinfra/slack/env/SlackConfig-$SERVER_TYPE.config -O /etc/slack.conf
wget http://toolbox.turnsys.net/sysinfra/slack/env/SlackSSH-$SERVER_TYPE.config -O /root/.ssh/config
chmod 400 /root/.ssh/config
wget http://toolbox.turnsys.net/sysinfra/slack/env/SlackSSH-$SERVER_TYPE.key -O /root/.ssh/SlackSSH-$SERVER_TYPE.key
chmod 400 /root/.ssh/SlackSSH-$SERVER_TYPE.key
}
#######################################################################################################################################################
#main() #For ease of searching
# Script starts here
# This code serves as a generic template for entrypoint code which is able to handle multi distro, multi environment execution.
# !!!!! DO NOT WRAP IN A FUNCTION. THESE ARE GLOBAL VARIABLES !!!!!
#######################################################################################################################################################
#If we have a fleet later, we can use this code to do fleet stuff
#if [ $(hostname -s|egrep -i -c -E 'ts|ts[0-9]|ts[0-9][0-9]|ts[0-9][0-9][0-9]|linux') -eq 1 ]; then
#export server_type=ts
#fi
case $server_type in
ts)
export SERVER_TYPE="ts"
;;
*)
export SERVER_TYPE="prod"
;;
esac
#######################################################################################################################################################
#Kick everything off
#
slack-install

39
archive/slack-runtime/dist/Makefile vendored
View File

@@ -1,39 +0,0 @@
# Makefile for slack/src
# $Id: Makefile 187 2008-03-03 02:00:18Z alan $
include Makefile.common
BACKENDS = slack-getroles slack-installfiles slack-runscript slack-sync slack-stage slack-rolediff
all:
install: install-bin install-conf install-lib install-man
install-bin: all
$(MKDIR) $(DESTDIR)$(sbindir)
$(INSTALL) slack $(DESTDIR)$(sbindir)
$(MKDIR) $(DESTDIR)$(bindir)
$(INSTALL) slack-diff $(DESTDIR)$(bindir)
$(MKDIR) $(DESTDIR)$(slack_libexecdir)
@set -ex;\
for i in $(BACKENDS); do \
$(INSTALL) $$i $(DESTDIR)$(slack_libexecdir); done
$(INSTALL) -d -m $(PRIVDIRMODE) $(DESTDIR)$(slack_localstatedir)
$(INSTALL) -d -m $(PRIVDIRMODE) $(DESTDIR)$(slack_localcachedir)
install-conf: all
$(MKDIR) $(DESTDIR)$(sysconfdir)
$(INSTALL) -m 0644 slack.conf $(DESTDIR)$(sysconfdir)
install-lib: all
$(MKDIR) $(DESTDIR)$(slack_libdir)
$(INSTALL) -m 0644 Slack.pm $(DESTDIR)$(slack_libdir)
install-man: all
clean:
realclean: clean
distclean: clean
test:

27
archive/slack-runtime/dist/Makefile.common vendored
View File

@@ -1,27 +0,0 @@
# Common code included in every Makefile
# $Id: Makefile.common 189 2008-04-21 00:52:56Z sundell $
PACKAGE=slack
VERSION=0.15.2
DESTDIR =
prefix = /
exec_prefix = /usr
sysconfdir = ${prefix}/etc
mandir = ${exec_prefix}/share/man
bindir = ${exec_prefix}/bin
sbindir = ${exec_prefix}/sbin
libdir = ${exec_prefix}/lib
libexecdir = ${exec_prefix}/lib
localstatedir = ${prefix}/var
slack_libdir = ${libdir}/slack
slack_libexecdir = ${libexecdir}/slack
slack_localstatedir = ${localstatedir}/lib/slack
slack_localcachedir = ${localstatedir}/cache/slack
INSTALL = install
MKDIR = mkdir -p
PRIVDIRMODE = 0700

371
archive/slack-runtime/dist/Slack.pm vendored
View File

@@ -1,371 +0,0 @@
# $Id: Slack.pm 189 2008-04-21 00:52:56Z sundell $
# vim:sw=2
# vim600:fdm=marker
# Copyright (C) 2004-2008 Alan Sundell <alan@sundell.net>
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
# See the file COPYING for details.
package Slack;
require 5.006;
use strict;
use Carp qw(cluck confess croak);
use File::Find;
use POSIX qw(WIFEXITED WEXITSTATUS WIFSIGNALED WTERMSIG);
use base qw(Exporter);
use vars qw($VERSION @EXPORT @EXPORT_OK $DEFAULT_CONFIG_FILE);
$VERSION = '0.15.2';
@EXPORT = qw();
@EXPORT_OK = qw();
$DEFAULT_CONFIG_FILE = '/etc/slack.conf';
my $term;
my @default_options = (
'help|h|?',
'version',
'verbose|v+',
'quiet',
'config|C=s',
'source|s=s',
'rsh|e=s',
'cache|c=s',
'stage|t=s',
'root|r=s',
'dry-run|n',
'backup|b',
'backup-dir=s',
'hostname|H=s',
);
sub default_usage ($) {
my ($synopsis) = @_;
return <<EOF;
Usage: $synopsis
Options:
-h, -?, --help
Print this help message and exit.
--version
Print the version number and exit.
-v, --verbose
Be verbose.
--quiet
Don't be verbose (Overrides previous uses of --verbose)
-C, --config FILE
Use this config file instead of '$DEFAULT_CONFIG_FILE'.
-s, --source DIR
Source for slack files
-e, --rsh COMMAND
Remote shell for rsync
-c, --cache DIR
Local cache directory for slack files
-t, --stage DIR
Local staging directory for slack files
-r, --root DIR
Root destination for slack files
-n, --dry-run
Don't write any files to disk -- just report what would have been done.
-b, --backup
Make backups of existing files in ROOT that are overwritten.
--backup-dir DIR
Put backups into this directory.
-H, --hostname HOST
Pretend to be running on HOST, instead of the name given by
gethostname(2).
EOF
}
# Read options from a config file. Arguments:
# file => config file to read
# opthash => hashref in which to store the options
# verbose => whether to be verbose
sub read_config (%) {
my %arg = @_;
my ($config_fh);
local $_;
confess "Slack::read_config: no config file given"
if not defined $arg{file};
$arg{opthash} = {}
if not defined $arg{opthash};
open($config_fh, '<', $arg{file})
or confess "Could not open config file '$arg{file}': $!";
# Make this into a hash so we can quickly see if we're looking
# for a particular option
my %looking_for;
if (ref $arg{options} eq 'ARRAY') {
%looking_for = map { $_ => 1 } @{$arg{options}};
}
while(<$config_fh>) {
chomp;
s/#.*//; # delete comments
s/\s+$//; # delete trailing spaces
next if m/^$/; # skip empty lines
if (m/^[A-Z_]+=\S+/) {
my ($key, $value) = split(/=/, $_, 2);
$key =~ tr/A-Z_/a-z-/;
# Only set options we're looking for
next if (%looking_for and not $looking_for{$key});
# Don't set options that are already set
next if defined $arg{opthash}->{$key};
$arg{verbose} and print STDERR "Slack::read_config: Setting '$key' to '$value'\n";
$arg{opthash}->{$key} = $value;
} else {
cluck "Slack::read_config: Garbage line '$_' in '$arg{file}' line $. ignored";
}
}
close($config_fh)
or confess "Slack::read_config: Could not close config file: $!";
# The verbose option is treated specially in so many places that
# we need to make sure it's defined.
$arg{opthash}->{verbose} ||= 0;
return $arg{opthash};
}
# Just get the exit code from a command that failed.
# croaks if anything weird happened.
sub get_system_exit (@) {
my @command = @_;
if (WIFEXITED($?)) {
my $exit = WEXITSTATUS($?);
return $exit if $exit;
}
if (WIFSIGNALED($?)) {
my $sig = WTERMSIG($?);
croak "'@command' caught sig $sig";
}
if ($!) {
croak "Syserr on system '@command': $!";
}
croak "Unknown error on '@command'";
}
sub check_system_exit (@) {
my @command = @_;
my $exit = get_system_exit(@command);
# Exit is non-zero if get_system_exit() didn't croak.
croak "'@command' exited $exit";
}
# get options from the command line and the config file
# Arguments
# opthash => hashref in which to store options
# usage => usage statement
# required_options => arrayref of options to require -- an exception
# will be thrown if these options are not defined
# command_line_hash => store options specified on the command line here
sub get_options {
my %arg = @_;
use Getopt::Long;
Getopt::Long::Configure('bundling');
if (not defined $arg{opthash}) {
$arg{opthash} = {};
}
if (not defined $arg{usage}) {
$arg{usage} = default_usage($0);
}
my @extra_options = (); # extra arguments to getoptions
if (defined $arg{command_line_options}) {
@extra_options = @{$arg{command_line_options}};
}
# Make a --quiet function that turns off verbosity
$arg{opthash}->{quiet} = sub { $arg{opthash}->{verbose} = 0; };
unless (GetOptions($arg{opthash},
@default_options,
@extra_options,
)) {
print STDERR $arg{usage};
exit 1;
}
if ($arg{opthash}->{help}) {
print $arg{usage};
exit 0;
}
if ($arg{opthash}->{version}) {
print "slack version $VERSION\n";
exit 0;
}
# Get rid of the quiet handler
delete $arg{opthash}->{quiet};
# If we've been given a hashref, save our options there at this
# stage, so the caller can see what was passed on the command line.
# Unfortunately, perl has no .replace function, so we iterate.
if (ref $arg{command_line_hash} eq 'HASH') {
while (my ($k, $v) = each %{$arg{opthash}}) {
$arg{command_line_hash}->{$k} = $v;
}
}
# Use the default config file
if (not defined $arg{opthash}->{config}) {
$arg{opthash}->{config} = $DEFAULT_CONFIG_FILE;
}
# We need to decide whether to be verbose about reading the config file
# Currently we just do it if global verbosity > 2
my $verbose_config = 0;
if (defined $arg{opthash}->{verbose}
and $arg{opthash}->{verbose} > 2) {
$verbose_config = 1;
}
# Read options from the config file, passing along the options we've
# gotten so far
read_config(
file => $arg{opthash}->{config},
opthash => $arg{opthash},
verbose => $verbose_config,
);
# The "verbose" option gets compared a lot and needs to be defined
$arg{opthash}->{verbose} ||= 0;
# The "hostname" option is set specially if it's not defined
if (not defined $arg{opthash}->{hostname}) {
use Sys::Hostname;
$arg{opthash}->{hostname} = hostname;
}
# We can require some options to be set
if (ref $arg{required_options} eq 'ARRAY') {
for my $option (@{$arg{required_options}}) {
if (not defined $arg{opthash}->{$option}) {
croak "Required option '$option' not given on command line or specified in config file!\n";
}
}
}
return $arg{opthash};
}
sub prompt ($) {
my ($prompt) = @_;
if (not defined $term) {
require Term::ReadLine;
$term = new Term::ReadLine 'slack'
}
$term->readline($prompt);
}
# Calls the callback on absolute pathnames of files in the source directory,
# and also on names of directories that don't exist in the destination
# directory (i.e. where $source/foo exists but $destination/foo does not).
sub find_files_to_install ($$$) {
my ($source, $destination, $callback) = @_;
return find ({
wanted => sub {
if (-l or not -d _) {
# Copy all files, links, etc
my $file = $File::Find::name;
&$callback($file);
} elsif (-d _) {
# For directories, we only want to copy it if it doesn't
# exist in the destination yet.
my $dir = $File::Find::name;
# We know the root directory will exist (we make it above),
# so skip the base of the source
(my $short_source = $source) =~ s#/$##;
return if $dir eq $short_source;
# Strip the $source from the path,
# so we can build the destination dir from it.
my $subdir = $dir;
($subdir =~ s#^$source##)
or croak "sub failed: $source|$subdir";
if (not -d "$destination/$subdir") {
&$callback($dir);
}
}
}
},
$source,
);
}
# Runs rsync with the necessary redirection to its filehandles
sub wrap_rsync (@) {
my @command = @_;
my ($pid);
if ($pid = fork) {
# Parent
} elsif (defined $pid) {
# Child
open(STDIN, "<", "/dev/null")
or die "Could not redirect STDIN from /dev/null\n";
# This redirection is necessary because rsync sends
# verbose output to STDOUT
open(STDOUT, ">&STDERR")
or die "Could not redirect STDOUT to STDERR\n";
exec(@command);
die "Could not exec '@command': $!\n";
} else {
die "Could not fork: $!\n";
}
my $kid = waitpid($pid, 0);
if ($kid != $pid) {
die "waitpid returned $kid\n";
} elsif ($?) {
Slack::check_system_exit(@command);
}
}
# Runs rsync with the necessary redirection to its filehandles, but also
# returns an FH to stdin and a PID.
sub wrap_rsync_fh (@) {
my @command = @_;
my ($fh, $pid);
if ($pid = open($fh, "|-")) {
# Parent
} elsif (defined $pid) {
# Child
# This redirection is necessary because rsync sends
# verbose output to STDOUT
open(STDOUT, ">&STDERR")
or die "Could not redirect STDOUT to STDERR\n";
exec(@command);
die "Could not exec '@command': $!\n";
} else {
die "Could not fork: $!\n";
}
return($fh, $pid);
}
1;

329
archive/slack-runtime/dist/slack vendored
View File

@@ -1,329 +0,0 @@
#!/usr/bin/perl -w
# $Id: slack 180 2008-01-19 08:26:19Z alan $
# vim:sw=2
# vim600:fdm=marker
# Copyright (C) 2004-2008 Alan Sundell <alan@sundell.net>
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
# See the file COPYING for details.
# This script is in charge of copying files from the (possibly remote)
# master directory to a local cache, using rsync
require 5.006;
use warnings FATAL => qw(all);
use strict;
use sigtrap qw(die untrapped normal-signals
stack-trace any error-signals);
use File::Path;
use File::Find;
use POSIX; # for strftime
use constant LIBEXEC_DIR => '/usr/lib/slack';
use constant LIB_DIR => '/usr/lib/slack';
use lib LIB_DIR;
use Slack;
sub run_backend(@);
sub run_conditional_backend($@);
(my $PROG = $0) =~ s#.*/##;
# Arguments to pass to each backends (initialized to a hash of empty arrays)
my %backend_flags = ( map { $_ => [] }
qw(getroles sync stage preview preinstall fixfiles installfiles postinstall)
);
my @roles;
########################################
# Environment
# Helpful prefix to die messages
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
# Set a reasonable umask
umask 077;
# Get out of wherever (possibly NFS-mounted) we were
chdir("/")
or die "Could not chdir /: $!";
# Autoflush on STDERR
select((select(STDERR), $|=1)[0]);
########################################
# Config and option parsing {{{
my $usage = Slack::default_usage("$PROG [options] [<role>...]");
$usage .= <<EOF;
--preview MODE
Do a diff of scripts and files before running them.
MODE can be one of 'simple' or 'prompt'.
--no-files
Don't install any files in ROOT, but tell rsync to print what
it would do.
--no-scripts
Don't run scripts.
--no-sync
Skip the slack-sync step. (useful if you're pushing stuff into
the CACHE outside of slack)
--role-list
Role list for slack-getroles
--libexec-dir DIR
Look for backend scripts in this directory.
--diff PROG
Use this diff program for previews
--sleep TIME
Randomly sleep between 1 and TIME seconds before starting
operations
EOF
# Options
my %opt = ();
# So we can distinguish stuff on the command line from config file stuff
my %command_line_opt = ();
Slack::get_options(
opthash => \%opt,
command_line_options => [
'preview=s',
'role-list=s',
'no-scripts|noscripts',
'no-files|nofiles',
'no-sync|nosync',
'libexec-dir=s',
'diff=s',
'sleep=i',
],
required_options => [ qw(source cache stage root) ],
command_line_hash => \%command_line_opt,
usage => $usage,
);
# Special options
if ($opt{'dry-run'}) {
$opt{'no-scripts'} = 1;
$opt{'no-files'} = 1;
}
if ($opt{'no-scripts'}) {
for my $action (qw(fixfiles preinstall postinstall)) {
push @{$backend_flags{$action}},
'--dry-run';
}
}
if ($opt{'no-files'}) {
push @{$backend_flags{installfiles}},
'--dry-run';
}
# propagate verbosity - 1 to all backends
if (defined $command_line_opt{'verbose'} and
$command_line_opt{'verbose'} > 1) {
for my $action (keys %backend_flags) {
push @{$backend_flags{$action}},
('--verbose') x ($command_line_opt{'verbose'} - 1);
}
}
# propagate these flags to all the backends
for my $option (qw(config root cache stage source hostname rsh)) {
if ($command_line_opt{$option}) {
for my $action (keys %backend_flags) {
push @{$backend_flags{$action}},
"--$option=$command_line_opt{$option}";
}
}
}
# getroles also can take 'role-list'
if ($command_line_opt{'role-list'}) {
push @{$backend_flags{'getroles'}},
"--role-list=$command_line_opt{'role-list'}";
}
# The libexec dir defaults to this if it wasn't specified
# on the command line or in a config file.
if (not defined $opt{'libexec-dir'}) {
$opt{'libexec-dir'} = LIBEXEC_DIR;
}
# Pass diff option along to slack-rolediff
if ($opt{'diff'}) {
push @{$backend_flags{preview}},
"--diff=$opt{'diff'}";
}
# Preview takes an optional argument. If no argument is given,
# it gets "" from getopt.
if (defined $opt{'preview'}) {
if (not grep /^$opt{'preview'}$/, qw(simple prompt)) {
die "Unknown preview mode '$opt{'preview'}'!";
}
}
# The backup option defaults to on if it wasn't specified
# on the command line or in a config file
if (not defined $opt{backup}) {
$opt{backup} = 1;
}
# Figure out a place to put backups
if ($opt{backup} and $opt{'backup-dir'}) {
push @{$backend_flags{installfiles}},
'--backup',
'--backup-dir='.
$opt{'backup-dir'}.
"/".
strftime('%F-%T', localtime(time))
;
}
# }}}
# Random sleep, helpful when called from cron.
if ($opt{sleep}) {
my $secs = int(rand($opt{sleep})) + 1;
$opt{verbose} and print STDERR "$PROG: sleep $secs\n";
sleep($secs);
}
# Get a list of roles to install from slack-getroles {{{
if (not @ARGV) {
my @command = ($opt{'libexec-dir'}.'/slack-getroles',
@{$backend_flags{'getroles'}});
$opt{verbose} and print STDERR "$PROG: getroles\n";
($opt{verbose} > 2) and print STDERR "$PROG: Calling '@command' to get a list of roles for this host.\n";
my ($roles_pid, $roles_fh);
if ($roles_pid = open($roles_fh, "-|")) {
# Parent
} elsif (defined $roles_pid) {
# Child
exec(@command);
die "Could not exec '@command': $!\n";
} else {
die "Could not fork to run '@command': $!\n";
}
@roles = split(/\s+/, join(" ", <$roles_fh>));
unless (close($roles_fh)) {
Slack::check_system_exit(@command);
}
} else {
@roles = @ARGV;
}
# }}}
# Check role name syntax {{{
for my $role (@roles) {
# Roles MUST begin with a letter. All else is reserved.
if ($role !~ m/^[a-zA-Z]/) {
die "Role '$role' does not begin with a letter!";
}
}
# }}}
$opt{verbose} and print STDERR "$PROG: installing roles: @roles\n";
unless ($opt{'no-sync'}) {
# sync all the roles down at once
$opt{verbose} and print STDERR "$PROG: sync @roles\n";
run_backend('slack-sync',
@{$backend_flags{sync}}, @roles);
}
ROLE: for my $role (@roles) {
# stage
$opt{verbose} and print STDERR "$PROG: stage files $role\n";
run_backend('slack-stage',
@{$backend_flags{stage}}, '--subdir=files', $role);
if ($opt{preview}) {
if ($opt{preview} eq 'simple') {
$opt{verbose} and print STDERR "$PROG: preview $role\n";
# Here, we run the backend in no-prompt mode.
run_conditional_backend(0, 'slack-rolediff',
@{$backend_flags{preview}}, $role);
# ...and we skip further action in the ROLE after showing the diff.
next ROLE;
} elsif ($opt{preview} eq 'prompt') {
$opt{verbose} and print STDERR "$PROG: preview scripts $role\n";
# Here, we want to prompt and just do the scripts, since
# we need to run preinstall and fixfiles before doing the files.
run_conditional_backend(1, 'slack-rolediff',
@{$backend_flags{preview}}, '--subdir=scripts', $role);
} else {
# Should get caught in option processing, above
die "Unknown preview mode!\n";
}
}
$opt{verbose} and print STDERR "$PROG: stage scripts $role\n";
run_backend('slack-stage',
@{$backend_flags{stage}}, '--subdir=scripts', $role);
# preinstall
$opt{verbose} and print STDERR "$PROG: preinstall $role\n";
run_backend('slack-runscript',
@{$backend_flags{preinstall}}, 'preinstall', $role);
# fixfiles
$opt{verbose} and print STDERR "$PROG: fixfiles $role\n";
run_backend('slack-runscript',
@{$backend_flags{fixfiles}}, 'fixfiles', $role);
# preview files
if ($opt{preview} and $opt{preview} eq 'prompt') {
$opt{verbose} and print STDERR "$PROG: preview files $role\n";
run_conditional_backend(1, 'slack-rolediff',
@{$backend_flags{preview}}, '--subdir=files', $role);
}
# installfiles
$opt{verbose} and print STDERR "$PROG: install $role\n";
run_backend('slack-installfiles',
@{$backend_flags{installfiles}}, $role);
# postinstall
$opt{verbose} and print STDERR "$PROG: postinstall $role\n";
run_backend('slack-runscript',
@{$backend_flags{postinstall}}, 'postinstall', $role);
}
exit 0;
sub run_backend (@) {
my ($backend, @args) = @_;
# If we weren't given an explicit path, prepend the libexec dir
unless ($backend =~ m#^/#) {
$backend = $opt{'libexec-dir'} . '/' . $backend;
}
# Assemble our command line
my (@command) = ($backend, @args);
($opt{verbose} > 2) and print STDERR "$PROG: Calling '@command'\n";
unless (system(@command) == 0) {
Slack::check_system_exit(@command);
}
}
sub run_conditional_backend ($@) {
my ($prompt, $backend, @args) = @_;
# If we weren't given an explicit path, prepend the libexec dir
unless ($backend =~ m#^/#) {
$backend = $opt{'libexec-dir'} . '/' . $backend;
}
# Assemble our command line
my (@command) = ($backend, @args);
($opt{verbose} > 2) and print STDERR "$PROG: Calling '@command'\n";
unless (system(@command) == 0) {
my $exit = Slack::get_system_exit(@command);
if ($exit == 1) {
# exit 1 means a difference found or something normal that requires
# a prompt before continuing.
if ($prompt) {
exit 1 unless Slack::prompt("Continue? [yN] ") eq 'y';
}
} else {
# any other non-successful exit is a serious error.
die "'@command' exited $exit";
}
}
}

514
archive/slack-runtime/dist/slack-diff vendored
View File

@@ -1,514 +0,0 @@
#!/usr/bin/perl -w
# $Id: slack-diff 122 2006-09-27 07:34:32Z alan $
# vim:sw=2
# vim600:fdm=marker
# Copyright (C) 2004-2006 Alan Sundell <alan@sundell.net>
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
# See the file COPYING for details.
#
# This script is a wrapper for diff that gives output about special files
# and file modes. (diff can only compare regular files)
require 5.006;
use warnings FATAL => qw(all);
use strict;
use sigtrap qw(die untrapped normal-signals
stack-trace any error-signals);
use Errno;
use File::stat;
use File::Basename;
use File::Find;
use Getopt::Long;
use POSIX qw(SIGPIPE strftime);
use Fcntl qw(:mode); # provides things like S_IFMT that POSIX does not
my $VERSION = '0.1';
(my $PROG = $0) =~ s#.*/##;
my @diff; # diff program to use
my $exit = 0; # our exit code
sub compare ($$);
sub recursive_compare ($$);
sub filetype_to_string ($;$);
sub compare_files ($$);
sub diff ($$);
########################################
# Environment
# Helpful prefix to die messages
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
# Set a reasonable umask
umask 077;
# Autoflush on STDOUT
$|=1;
# Autoflush on STDERR
select((select(STDERR), $|=1)[0]);
# Default options
my %opt = (
fakediff => 1,
perms => 1,
'new-file' => 1,
diff => 'diff',
);
# Config and option parsing
my $usage = <<EOF;
Usage: $PROG [options] <file1> <file2>
$PROG -r <dir1> <dir2>
Options:
-u, -U NUM, --unified=NUM
Tell diff to use unified output format.
--diff PROG
Use this program for diffing, instead of "$opt{diff}"
--fakediff
Make a fake diff for file modes and other things that are not file
contents. Default is on, can be disabled with --nofakediff.
--perms
Care about owner, group, and permissions when doing fakediff.
Default is on, can be disabled with --noperms.
-r, --recursive
Recursively compare directories.
-N, --new-file
Treat missing files as empty. Default is on, can be disabled with
--nonew-file.
--unidirectional-new-file
Treat only missing files in the first directory as empty.
--from-file
Treat arguments as a list of files from which to read filenames to
compare, two lines at a time.
-0, --null
Use NULLs instead of newlines as the separator in --from-file mode
--devnullhack
You have a version of diff that can't deal with -N when not in
recursive mode, so we need to feed it /dev/null instead of the
missing file. Default is on, can be disabled with --nodevnullhack.
--version
Output version info
--help
Output this help text
Exit codes:
0 Found no differences
1 Found a difference
2 Had a serious error
3 Found a difference and had a serious error
EOF
{
Getopt::Long::Configure ("bundling");
GetOptions(\%opt,
'help|h|?',
'version',
'null|0',
'devnullhack',
'new-file|N',
'u',
'unified|U=i',
'recursive|r',
'from-file',
'unidirectional-new-file',
'fakediff!',
'perms!',
'diff=s',
) or die $usage;
if ($opt{help}) {
print $usage;
exit 0;
}
if ($opt{version}) {
print "$PROG version $VERSION\n";
exit 0;
}
}
if ($opt{diff}) {
# We split on spaces here to be useful -- so that people can give
# their diff options.
@diff = split(/\s+/, $opt{diff});
} else {
die "$PROG: No diff program!\n";
}
if ($opt{'u'}) {
push @diff, '-u';
} elsif ($opt{'unified'}) {
$opt{'u'} = 1; # We use this value later
push @diff, "--unified=$opt{'unified'}";
}
if (not $opt{'devnullhack'}) {
push @diff, '-N';
}
# usually, sigpipe would be someone quitting their pager, so don't sweat it
$SIG{PIPE} = sub { exit $exit };
if ($opt{'from-file'}) {
local $/ = "\0" if $opt{'null'};
while (my $old = <>) {
my $new = <>;
die "Uneven number of lines in --from-file mode!\n"
if not defined $new;
chomp($old);
chomp($new);
$exit |= compare($old, $new);
}
} else {
die $usage unless $#ARGV == 1;
$exit |= compare($ARGV[0], $ARGV[1]);
}
exit $exit;
##
# Subroutines
sub compare ($$) {
my ($old, $new) = @_;
if ($opt{recursive}) {
return recursive_compare($old, $new);
} else {
return compare_files($old, $new);
}
}
# compare two directories. We do this by walking down the *new*
# directory, and comparing everything that's there to the stuff in
# the old directory
sub recursive_compare ($$) {
my ($olddir, $newdir) = @_;
my ($retval, $basere, $wanted);
my (%seen);
$retval = 0;
if (-d $newdir) {
$basere = qr(^$newdir);
$wanted = sub {
my ($newfile) = $_;
my $oldfile = $newfile;
$oldfile =~ s#$basere#$olddir#;
$seen{$oldfile} = 1;
$retval |= compare_files($oldfile, $newfile);
};
eval { find({ wanted => $wanted , no_chdir => 1}, $newdir) };
if ($@) {
warn "$PROG: error during find: $@\n";
$retval |= 2;
}
}
return $retval
if $opt{'unidirectional-new-file'};
# If we're not unidirectional, we want to go through the old directory
# and diff any files we didn't see in the newdir.
if (-d $olddir) {
$basere = qr(^$olddir);
$wanted = sub {
my ($oldfile) = $_;
my $newfile;
return if $seen{$oldfile};
$newfile = $oldfile;
$newfile =~ s#$basere#$newdir#;
$retval |= compare_files($oldfile, $newfile);
};
eval { find({ wanted => $wanted , no_chdir => 1}, $olddir) };
if ($@) {
warn "$PROG: error during find: $@\n";
$retval |= 2;
}
}
return $retval;
}
# filetype_to_string(mode)
# filetype_to_string(mode, plural)
#
# Takes a mode returned from stat(), returns a noune describing the filetype,
# e.g. "directory", "symlink".
# If the "plural" argument is provided and true, returns the plural form of
# the noun, e.g. "directories", "symlinks".
sub filetype_to_string ($;$) {
my ($mode, $plural) = @_;
if (S_ISREG($mode)) {
return "regular file".($plural ? "s" : "");
} elsif (S_ISDIR($mode)) {
return "director".($plural ? "ies" : "y");
} elsif (S_ISLNK($mode)) {
return "symlink".($plural ? "s" : "");
} elsif (S_ISBLK($mode)) {
return "block device".($plural ? "s" : "");
} elsif (S_ISCHR($mode)) {
return "character device".($plural ? "s" : "");
} elsif (S_ISFIFO($mode)) {
return "fifo".($plural ? "s" : "");
} elsif (S_ISSOCK($mode)) {
return "socket".($plural ? "s" : "");
} else {
return "unknown filetype".($plural ? "s" : "");
}
}
# compare_files(oldfile, newfile)
# This is the actual diffing routine. It's quite long because we need to
# deal with all sorts of special cases. It will print to STDOUT a
# description of the differences between the two files. For regular files,
# diff(1) will be run to show the differences.
#
# return codes:
# 1 found a difference
# 2 had an error
# 3 found a difference and had an error
sub compare_files ($$) {
my ($oldname, $newname) = @_;
my ($old, $new); # stat buffers
my $return = 0;
# Get rid of unsightly double slashes
$oldname =~ s#//#/#g;
$newname =~ s#//#/#g;
eval { $old = lstat($oldname); };
if (not defined $old and not $!{ENOENT}) {
warn "$PROG: Could not stat $oldname: $!\n";
return 2;
}
eval { $new = lstat($newname); };
if (not defined $new and not $!{ENOENT}) {
warn "$PROG: Could not stat $newname: $!\n";
return 2;
}
# At this point, $old or $new should only be undefined if the
# file does not exist.
if (defined $old and defined $new) {
if (S_IFMT($old->mode) != S_IFMT($new->mode)) {
if ($opt{fakediff}) {
fakediff('filetype',
$oldname => filetype_to_string($old->mode),
$newname => filetype_to_string($new->mode),
);
} else {
print "File types differ between ".
filetype_to_string($old->mode)." $oldname and ".
filetype_to_string($new->mode)." $newname\n";
}
return 1;
}
if ($old->nlink != $new->nlink) {
# In recursive mode, we don't care about link counts in directories,
# as we'll pick that up with what files do and don't exist.
unless ($opt{recursive} and S_ISDIR($old->mode)) {
if ($opt{fakediff}) {
fakediff('nlink',
$oldname => $old->nlink,
$newname => $new->nlink,
);
} else {
print "Link counts differ between ".
filetype_to_string($old->mode, 1).
" $oldname and $newname\n";
}
$return = 1;
}
}
if ($old->uid != $new->uid and $opt{perms}) {
if ($opt{fakediff}) {
fakediff('uid',
$oldname => $old->uid,
$newname => $new->uid,
);
} else {
print "Owner differs between ".
filetype_to_string($old->mode, 1).
" $oldname and $newname\n";
}
$return = 1;
}
if ($old->gid != $new->gid and $opt{perms}) {
if ($opt{fakediff}) {
fakediff('gid',
$oldname => $old->gid,
$newname => $new->gid,
);
} else {
print "Group differs between ".
filetype_to_string($old->mode, 1).
" $oldname and $newname\n";
}
$return = 1;
}
if (S_IMODE($old->mode) != S_IMODE($new->mode) and $opt{perms}) {
if ($opt{fakediff}) {
fakediff('mode',
$oldname => sprintf('%04o', S_IMODE($old->mode)),
$newname => sprintf('%04o', S_IMODE($new->mode)),
);
} else {
print "Modes differ between ".
filetype_to_string($old->mode, 1).
" $oldname and $newname\n";
}
$return = 1;
}
# We don't want to compare anything more about sockets, fifos, or
# directories, once we've checked the permissions and link counts
if (S_ISSOCK($old->mode) or
S_ISFIFO($old->mode) or
S_ISDIR($old->mode)) {
return $return;
}
# Check device file devs, and that's it for them
if (S_ISCHR($old->mode) or
S_ISBLK($old->mode)) {
if ($old->rdev != $new->rdev) {
if ($opt{fakediff}) {
fakediff('rdev',
$oldname => $old->rdev,
$newname => $new->rdev,
);
} else {
print "Device numbers differ between ".
filetype_to_string($old->mode, 1).
" $oldname and $newname\n";
}
$return = 1;
}
return $return;
}
# Compare the targets of symlinks
if (S_ISLNK($old->mode)) {
my $oldtarget = readlink $oldname
or (warn("$PROG: Could not readlink($oldname): $!\n"),
return $return | 2);
my $newtarget = readlink $newname
or (warn("$PROG: Could not readlink($newname): $!\n"),
return $return | 2);
if ($oldtarget ne $newtarget) {
if ($opt{fakediff}) {
fakediff('target',
$oldname => $oldtarget,
$newname => $newtarget,
);
} else {
print "Symlink targets differ between $oldname and $newname\n";
}
$return = 1;
}
return $return;
}
if (not S_ISREG($old->mode)) {
warn "$PROG: Don't know what to do with file mode $old->mode!\n";
return 2;
}
} elsif (not defined $old and not defined $new) {
print "Neither $oldname nor $newname exists\n";
return $return;
} elsif (not defined $old) {
if (not S_ISREG($new->mode) or not $opt{'new-file'}) {
print "Only in ".dirname($newname).": ".
filetype_to_string($new->mode)." ".basename($newname)."\n";
return 1;
} elsif ($opt{'devnullhack'}) {
$oldname = '/dev/null';
}
} elsif (not defined $new) {
if (not S_ISREG($old->mode) or not $opt{'new-file'}) {
print "Only in ".dirname($oldname).": ".
filetype_to_string($old->mode)." ".basename($oldname)."\n";
return 1;
} elsif ($opt{'devnullhack'}) {
$newname = '/dev/null';
}
}
# They are regular files! We can actually run diff!
return diff($oldname, $newname) | $return;
}
sub diff ($$) {
my ($oldname, $newname) = @_;
my @command = (@diff, $oldname, $newname);
my $status;
# If we're not specifying unified diff, we need to print a header
# to indicate what's being diffed. (I'm not sure if this actually would
# work for patch, but it does tell our user what's going on).
# FIXME: We only need to specify this if the files are different
print "@command\n"
if not $opt{u};
{
# There is a bug in perl with use warnings FATAL => qw(all)
# that will cause the child process from system() to stick
# around if there is a warning generated.
# Shut off warnings -- we'll catch the error below.
no warnings;
$status = system(@command);
}
return 0 if ($status == 0);
if ($? == -1) {
die "$PROG: failed to execute '@command': $!\n";
}
if ($? & 128) {
die "$PROG: '@command' dumped core\n";
}
if (my $sig = $? & 127) {
die "$PROG: '@command' caught sig $sig\n"
unless ($sig == SIGPIPE);
}
if (my $exit = $? >> 8) {
if ($exit == 1) {
return 1;
} else {
die "$PROG: '@command' returned $exit\n";
}
}
return 0;
}
sub fakediff ($$) {
my ($type, $oldname, $oldvalue, $newname, $newvalue) = @_;
return unless $opt{fakediff};
my $time = strftime('%F %T.000000000 %z', localtime(0));
# We add a suffix onto the filenames to show we're not actually looking
# at file contents. There's no good way to indicate this that's compatible
# with patch, and this is simple enough.
$oldname .= '#~~' . $type;
$newname .= '#~~' . $type;
if ($opt{u}) {
# fake up a unified diff
print <<EOF;
--- $oldname\t$time
+++ $newname\t$time
@@ -1 +1 @@
-$oldvalue
+$newvalue
EOF
} else {
print <<EOF;
diff $oldname $newname
1c1
< $oldvalue
---
> $newvalue
EOF
}
}

161
archive/slack-runtime/dist/slack-getroles vendored
View File

@@ -1,161 +0,0 @@
#!/usr/bin/perl -w
# $Id: slack-getroles 180 2008-01-19 08:26:19Z alan $
# vim:sw=2
# vim600:fdm=marker
# Copyright (C) 2004-2008 Alan Sundell <alan@sundell.net>
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
# See the file COPYING for details.
# This script is in charge of copying files from the (possibly remote)
# master directory to a local cache, using rsync
require 5.006;
use warnings FATAL => qw(all);
use strict;
use sigtrap qw(die untrapped normal-signals
stack-trace any error-signals);
use File::Path;
use constant LIB_DIR => '/usr/lib/slack';
use lib LIB_DIR;
use Slack;
my @rsync = ('rsync',
'--links',
'--times',
);
(my $PROG = $0) =~ s#.*/##;
sub sync_list ();
########################################
# Environment
# Helpful prefix to die messages
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
# Set a reasonable umask
umask 077;
# Get out of wherever (possibly NFS-mounted) we were
chdir("/")
or die "Could not chdir /: $!";
# Autoflush on STDERR
select((select(STDERR), $|=1)[0]);
########################################
# Config and option parsing {{{
my $usage = Slack::default_usage("$PROG [options]");
$usage .= <<EOF;
--role-list
Role list location (can be relative to SOURCE)
--remote-role-list
Role list is remote and should be copied down with rsync
(implied by certain forms of role list or SOURCE)
EOF
# Option defaults
my %opt = ();
Slack::get_options(
opthash => \%opt,
command_line_options => [
'role-list=s',
'remote-role-list',
],
required_options => [ qw(role-list hostname) ],
usage => $usage,
);
# Prepare for backups
if ($opt{backup} and $opt{'backup-dir'}) {
# Make sure backup directory exists
unless (-d $opt{'backup-dir'}) {
($opt{verbose} > 0) and print STDERR "Creating backup directory '$opt{'backup-dir'}'\n";
if (not $opt{'dry-run'}) {
eval { mkpath($opt{'backup-dir'}); };
die "Could not mkpath backup dir '$opt{'backup-dir'}': $@\n" if $@;
}
}
push(@rsync, "--backup", "--backup-dir=$opt{'backup-dir'}");
}
# Pass options along to rsync
if ($opt{'dry-run'}) {
push @rsync, '--dry-run';
}
# Pass options along to rsync
if ($opt{'verbose'} > 1) {
push @rsync, '--verbose';
}
# }}}
# See if role-list is actually relative to source, and pre-pend source
# if need be.
unless ($opt{'role-list'} =~ m#^/# or
$opt{'role-list'} =~ m#^\./# or
$opt{'role-list'} =~ m#^[\w@\.-]+:#) {
if (not defined $opt{source}) {
die "Relative path to role-list given, but source not defined!\n\n$usage\n";
}
$opt{'role-list'} = $opt{source} . '/' . $opt{'role-list'};
}
# auto-detect remote role list
if ($opt{'role-list'} =~ m#^[\w@\.-]+:#) {
$opt{'remote-role-list'} = 1;
}
# Copy a remote list locally
if ($opt{'remote-role-list'}) {
# We need a cache directory if the role list is not local
if (not defined $opt{cache}) {
die "Remote path to role-list given, but cache not defined!\n\n$usage\n";
}
# Look at source type, and add options if necessary
if ($opt{'rsh'} or $opt{'role-list'} =~ m/^[\w@\.-]+::/) {
# This is tunnelled rsync, and so needs an extra option
if ($opt{'rsh'}) {
push @rsync, '-e', $opt{'rsh'};
} else {
push @rsync, '-e', 'ssh';
}
}
sync_list();
}
# Read in the roles list
my @roles = ();
my $host_found = 0;
($opt{verbose} > 0) and print STDERR "$PROG: Reading '$opt{'role-list'}'\n";
open(ROLES, "<", $opt{'role-list'})
or die "Could not open '$opt{'role-list'}' for reading: $!\n";
while(<ROLES>) {
s/#.*//; # Strip comments
chomp;
if (s/^$opt{hostname}:\s*//) {
$host_found++;
push @roles, split();
}
}
close(ROLES)
or die "Could not close '$opt{'role-list'}': $!\n";
if (not $host_found) {
die "Host '$opt{hostname}' not found in '$opt{'role-list'}'!\n";
}
print join("\n", @roles), "\n";
exit 0;
sub sync_list () {
my $source = $opt{'role-list'};
my $destination = $opt{cache} . "/_role_list";
unless (-d $opt{cache}) {
eval { mkpath($opt{cache}); };
die "Could not mkpath '$opt{cache}': $@\n" if $@;
}
# All this to run an rsync command
my @command = (@rsync, $source, $destination);
($opt{verbose} > 0) and print STDERR "$PROG: Calling '@command'\n";
Slack::wrap_rsync(@command);
$opt{'role-list'} = $destination;
}

149
archive/slack-runtime/dist/slack-installfiles vendored
View File

@@ -1,149 +0,0 @@
#!/usr/bin/perl -w
# $Id: slack-installfiles 180 2008-01-19 08:26:19Z alan $
# vim:sw=2
# vim600:fdm=marker
# Copyright (C) 2004-2008 Alan Sundell <alan@sundell.net>
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
# See the file COPYING for details.
#
# This script is in charge of copying files from the local stage to the root
# of the local filesystem
require 5.006;
use warnings FATAL => qw(all);
use strict;
use sigtrap qw(die untrapped normal-signals
stack-trace any error-signals);
use File::Path;
use constant LIB_DIR => '/usr/lib/slack';
use lib LIB_DIR;
use Slack;
my @rsync = ('rsync',
'--relative',
'--times',
'--perms',
'--group',
'--owner',
'--links',
'--devices',
'--sparse',
'--no-implied-dirs', # SO GOOD!
'--files-from=-',
'--from0',
);
(my $PROG = $0) =~ s#.*/##;
sub install_files ($);
########################################
# Environment
# Helpful prefix to die messages
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
# Set a reasonable umask
umask 077;
# Get out of wherever (possibly NFS-mounted) we were
chdir("/")
or die "Could not chdir /: $!";
# Autoflush on STDERR
select((select(STDERR), $|=1)[0]);
########################################
# Config and option parsing {{{
my $usage = Slack::default_usage("$PROG [options] <role> [<role>...]");
# Option defaults
my %opt = ();
Slack::get_options(
opthash => \%opt,
usage => $usage,
required_options => [ qw(root stage) ],
);
# }}}
# Arguments are required
die "No roles given!\n\n$usage" unless @ARGV;
unless (-d $opt{root}) {
if (not $opt{'dry-run'}) {
eval {
mkpath($opt{root});
# We have a tight umask, and a root of mode 0700 would be undesirable
# in most cases.
chmod(0755, $opt{root});
};
die "Could not mkpath destination directory '$opt{root}': $@\n" if $@;
}
warn "WARNING[$PROG]: Created destination directory '".$opt{root}."'\n";
}
# Prepare for backups
if ($opt{backup} and $opt{'backup-dir'}) {
# Make sure backup directory exists
unless (-d $opt{'backup-dir'}) {
($opt{verbose} > 0) and print STDERR "$PROG: Creating backup directory '$opt{'backup-dir'}'\n";
if (not $opt{'dry-run'}) {
eval { mkpath($opt{'backup-dir'}); };
die "Could not mkpath backup dir '$opt{'backup-dir'}': $@\n" if $@;
}
}
push(@rsync, "--backup", "--backup-dir=$opt{'backup-dir'}");
}
# Pass options along to rsync
if ($opt{'dry-run'}) {
push @rsync, '--dry-run';
}
if ($opt{'verbose'} > 1) {
push @rsync, '--verbose';
}
# copy over the new files
for my $role (@ARGV) {
install_files($role);
}
exit 0;
# This subroutine takes care of actually installing the files for a role
sub install_files ($) {
my ($role) = @_;
# final / is important for rsync
my $source = $opt{stage} . "/roles/" . $role . "/files/";
my $destination = $opt{root} . "/";
my @command = (@rsync, $source, $destination);
if (not -d $source) {
($opt{verbose} > 0) and
print STDERR "$PROG: No files to install -- '$source' does not exist\n";
return;
}
# Try to give some sensible message here
if ($opt{verbose} > 0) {
if ($opt{'dry-run'}) {
print STDERR "$PROG: Dry-run syncing '$source' to '$destination'\n";
} else {
print STDERR "$PROG: Syncing '$source' to '$destination'\n";
}
}
my ($fh) = Slack::wrap_rsync_fh(@command);
select((select($fh), $|=1)[0]); # Turn on autoflush
my $callback = sub {
my ($file) = @_;
($file =~ s#^$source##)
or die "sub failed: $source|$file";
print $fh "$file\0";
};
# This will print files to be synced to the $fh
Slack::find_files_to_install($source, $destination, $callback);
# Close fh, waitpid, and check return value
unless (close($fh)) {
Slack::check_system_exit(@command);
}
}

146
archive/slack-runtime/dist/slack-rolediff vendored
View File

@@ -1,146 +0,0 @@
#!/usr/bin/perl -w
# $Id: slack-rolediff 125 2006-09-27 07:50:07Z alan $
# vim:sw=2
# vim600:fdm=marker
# Copyright (C) 2004-2006 Alan Sundell <alan@sundell.net>
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
# See the file COPYING for details.
#
# This script provides a preview of scripts or files about to be installed.
# Basically, it calls diff -- its smarts are in knowing where things are.
require 5.006;
use warnings FATAL => qw(all);
use strict;
use sigtrap qw(die untrapped normal-signals
stack-trace any error-signals);
use File::Path;
use File::Find;
use constant LIB_DIR => '/usr/lib/slack';
use lib LIB_DIR;
use Slack;
my @diff = ('slack-diff',
'-uN',
);
# directories to compare
my %subdir = (
files => 1,
scripts => 1,
);
(my $PROG = $0) =~ s#.*/##;
sub diff ($$;@);
########################################
# Environment
# Helpful prefix to die messages
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
# Set a reasonable umask
umask 077;
# Get out of wherever (possibly NFS-mounted) we were
chdir("/")
or die "Could not chdir /: $!";
# Autoflush on STDERR
select((select(STDERR), $|=1)[0]);
########################################
# Config and option parsing {{{
my $usage = Slack::default_usage("$PROG [options] <role> [<role>...]");
$usage .= <<EOF;
--subdir DIR
Check this subdir only. Possible values for DIR are 'files' and
'scripts'.
--diff PROG
Use this program to do diffs. [@diff]
EOF
# Option defaults
my %opt = ();
Slack::get_options(
opthash => \%opt,
command_line_options => [
'subdir=s',
'diff=s',
],
usage => $usage,
required_options => [ qw(cache stage root) ],
);
# Arguments are required
die "No roles given!\n\n$usage" unless @ARGV;
# We only allow certain values for this option
if ($opt{subdir}) {
unless ($opt{subdir} eq 'files' or $opt{subdir} eq 'scripts') {
die "--subdir option must be 'files' or 'scripts'\n\n$usage";
}
# Only do this subdir
%subdir = ( $opt{subdir} => 1 );
}
# Let people override our diff. Split on spaces so they can pass args.
if ($opt{diff}) {
@diff = split(/\s+/, $opt{diff});
}
# }}}
my $exit = 0;
# Do the diffs
for my $full_role (@ARGV) {
# Split the full role (e.g. google.foogle.woogle) into components
my @role = split(/\./, $full_role);
if ($subdir{scripts}) {
# Then we compare the cache vs the stage
my $old = $opt{stage} . "/roles/" . $full_role . "/scripts";
my $new = $opt{cache} . "/roles/" . $role[0] . "/scripts";
# For scripts, we don't care so much about mode and owner (since those are
# inherited in the CACHE from the SOURCE), so --noperms.
$exit |= diff($old, $new, '--noperms');
}
if ($subdir{files}) {
# Then we compare the stage vs the root
my $old = $opt{root};
my $new = $opt{stage} . "/roles/" . $full_role . "/files";
# For files, we don't care about files that exist in $old but not $new
$exit |= diff($old, $new, '--unidirectional-new-file');
}
}
exit $exit;
sub diff ($$;@) {
my ($old, $new, @options) = @_;
my @command = (@diff, @options);
# return if there's nothing to do
return 0 if (not -d $old and not -d $new);
($opt{verbose} > 0) and print STDERR "$PROG: Previewing with '@command'\n";
my $return = 0;
my $callback = sub {
my ($new_file) = @_;
my $old_file = $new_file;
($old_file =~ s#^$new#$old#)
or die "sub failed: $new|$new_file";
if (system(@command, $old_file, $new_file) != 0) {
$return |= Slack::get_system_exit(@command);
}
};
# We have to use this function, rather than recursive mode for slack-diff,
# because otherwise we'll print a bunch of bogus stuff about directories
# that exist in $ROOT and therefore aren't being synced.
Slack::find_files_to_install($new, $old, $callback);
return $return;
}

111
archive/slack-runtime/dist/slack-runscript vendored
View File

@@ -1,111 +0,0 @@
#!/usr/bin/perl -w
# $Id: slack-runscript 118 2006-09-25 18:35:17Z alan $
# vim:sw=2
# vim600:fdm=marker
# Copyright (C) 2004-2006 Alan Sundell <alan@sundell.net>
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
# See the file COPYING for details.
#
# This script is in charge of running scripts out of the local stage
require 5.006;
use warnings FATAL => qw(all);
use strict;
use sigtrap qw(die untrapped normal-signals
stack-trace any error-signals);
use File::Path;
use File::Find;
use constant LIB_DIR => '/usr/lib/slack';
use lib LIB_DIR;
use Slack;
# Export these options to the environment of the script
my @export_options = qw(root stage hostname verbose);
(my $PROG = $0) =~ s#.*/##;
########################################
# Environment
# Helpful prefix to die messages
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
# Set a reasonable umask
umask 077;
# Autoflush on STDERR
select((select(STDERR), $|=1)[0]);
# Get out of wherever (possibly NFS-mounted) we were
chdir('/')
or die "Could not chdir '/': $!";
########################################
# Config and option parsing {{{
my $usage = Slack::default_usage("$PROG [options] <action> <role> [<role>...]");
# Option defaults
my %opt = ();
Slack::get_options(
opthash => \%opt,
usage => $usage,
required_options => \@export_options,
);
my $action = shift || die "No script to run!\n\n$usage";
# Arguments are required
die "No roles given!\n\n$usage" unless @ARGV;
# }}}
# Start with a clean environment
%ENV = (
PATH => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
);
# Export certain variables to the environment. These are guaranteed to
# be set because we require them in get_options above.
for my $option (@export_options) {
my $env_var = $option;
$env_var =~ tr/a-z-/A-Z_/;
$ENV{$env_var} = $opt{$option};
}
# We want to decrement the verbose value for the child if it's set.
$ENV{VERBOSE}-- if $ENV{VERBOSE};
# Run the script for each role given, if it exists and is executable
for my $role (@ARGV) {
my $script_to_run = "$opt{stage}/roles/$role/scripts/$action";
unless (-x $script_to_run) {
if (-e _) {
# A helpful warning
warn "WARNING[$PROG]: Skipping '$script_to_run' because it's not executable\n";
} elsif ($opt{verbose} > 0) {
print STDERR "$PROG: Skipping '$script_to_run' because it doesn't exist\n";
}
next;
}
my $dir;
if ($action eq 'fixfiles') {
$dir = "$opt{stage}/roles/$role/files";
} else {
$dir = "$opt{stage}/roles/$role/scripts";
}
my @command = ($script_to_run , $role);
# It's OK to chdir even if we're not going to run the script.
# Might as well see if it works.
chdir($dir)
or die "Could not chdir '$dir': $!\n";
if ($opt{'dry-run'}) {
($opt{verbose} > 0)
and print STDERR "$PROG: Not calling '@command' in '$dir' ".
"because --dry-run specified.\n";
} else {
($opt{verbose} > 0)
and print STDERR "$PROG: Calling '@command' in '$dir'.\n";
unless (system("script /root/slackLog -a -f -c @command") == 0) {
Slack::check_system_exit(@command);
}
}
chdir('/')
or die "Could not chdir '/': $!\n"
}
exit 0;

111
archive/slack-runtime/dist/slack-runscript.orig vendored
View File

@@ -1,111 +0,0 @@
#!/usr/bin/perl -w
# $Id: slack-runscript 118 2006-09-25 18:35:17Z alan $
# vim:sw=2
# vim600:fdm=marker
# Copyright (C) 2004-2006 Alan Sundell <alan@sundell.net>
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
# See the file COPYING for details.
#
# This script is in charge of running scripts out of the local stage
require 5.006;
use warnings FATAL => qw(all);
use strict;
use sigtrap qw(die untrapped normal-signals
stack-trace any error-signals);
use File::Path;
use File::Find;
use constant LIB_DIR => '/usr/lib/slack';
use lib LIB_DIR;
use Slack;
# Export these options to the environment of the script
my @export_options = qw(root stage hostname verbose);
(my $PROG = $0) =~ s#.*/##;
########################################
# Environment
# Helpful prefix to die messages
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
# Set a reasonable umask
umask 077;
# Autoflush on STDERR
select((select(STDERR), $|=1)[0]);
# Get out of wherever (possibly NFS-mounted) we were
chdir('/')
or die "Could not chdir '/': $!";
########################################
# Config and option parsing {{{
my $usage = Slack::default_usage("$PROG [options] <action> <role> [<role>...]");
# Option defaults
my %opt = ();
Slack::get_options(
opthash => \%opt,
usage => $usage,
required_options => \@export_options,
);
my $action = shift || die "No script to run!\n\n$usage";
# Arguments are required
die "No roles given!\n\n$usage" unless @ARGV;
# }}}
# Start with a clean environment
%ENV = (
PATH => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
);
# Export certain variables to the environment. These are guaranteed to
# be set because we require them in get_options above.
for my $option (@export_options) {
my $env_var = $option;
$env_var =~ tr/a-z-/A-Z_/;
$ENV{$env_var} = $opt{$option};
}
# We want to decrement the verbose value for the child if it's set.
$ENV{VERBOSE}-- if $ENV{VERBOSE};
# Run the script for each role given, if it exists and is executable
for my $role (@ARGV) {
my $script_to_run = "$opt{stage}/roles/$role/scripts/$action";
unless (-x $script_to_run) {
if (-e _) {
# A helpful warning
warn "WARNING[$PROG]: Skipping '$script_to_run' because it's not executable\n";
} elsif ($opt{verbose} > 0) {
print STDERR "$PROG: Skipping '$script_to_run' because it doesn't exist\n";
}
next;
}
my $dir;
if ($action eq 'fixfiles') {
$dir = "$opt{stage}/roles/$role/files";
} else {
$dir = "$opt{stage}/roles/$role/scripts";
}
my @command = ($script_to_run, $role);
# It's OK to chdir even if we're not going to run the script.
# Might as well see if it works.
chdir($dir)
or die "Could not chdir '$dir': $!\n";
if ($opt{'dry-run'}) {
($opt{verbose} > 0)
and print STDERR "$PROG: Not calling '@command' in '$dir' ".
"because --dry-run specified.\n";
} else {
($opt{verbose} > 0)
and print STDERR "$PROG: Calling '@command' in '$dir'.\n";
unless (system(@command) == 0) {
Slack::check_system_exit(@command);
}
}
chdir('/')
or die "Could not chdir '/': $!\n"
}
exit 0;

278
archive/slack-runtime/dist/slack-stage vendored
View File

@@ -1,278 +0,0 @@
#!/usr/bin/perl -w
# $Id: slack-stage 180 2008-01-19 08:26:19Z alan $
# vim:sw=2
# vim600:fdm=marker
# Copyright (C) 2004-2008 Alan Sundell <alan@sundell.net>
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
# See the file COPYING for details.
#
# This script is in charge of copying files from the local cache
# directory to the local stage, building a unified single tree onstage
# from the multiple trees that are the role + subroles in the cache
require 5.006;
use warnings FATAL => qw(all);
use strict;
use sigtrap qw(die untrapped normal-signals
stack-trace any error-signals);
use File::Path;
use File::Find;
use constant LIB_DIR => '/usr/lib/slack';
use lib LIB_DIR;
use Slack;
my @rsync = ('rsync',
'--recursive',
'--times',
'--ignore-times',
'--perms',
'--sparse',
);
(my $PROG = $0) =~ s#.*/##;
sub check_stage ();
sub sync_role ($$@);
sub apply_default_perms_to_role ($$);
########################################
# Environment
# Helpful prefix to die messages
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
# Set a reasonable umask
umask 077;
# Get out of wherever (possibly NFS-mounted) we were
chdir("/")
or die "Could not chdir /: $!";
# Autoflush on STDERR
select((select(STDERR), $|=1)[0]);
########################################
# Config and option parsing {{{
my $usage = Slack::default_usage("$PROG [options] <role> [<role>...]");
$usage .= <<EOF;
--subdir DIR
Sync this subdir only. Possible values for DIR are 'files' and
'scripts'.
EOF
# Option defaults
my %opt = ();
Slack::get_options(
opthash => \%opt,
command_line_options => [
'subdir=s',
],
usage => $usage,
required_options => [ qw(cache stage) ],
);
# Arguments are required
die "No roles given!\n\n$usage" unless @ARGV;
# We only allow certain values for this option
if ($opt{subdir}) {
unless ($opt{subdir} eq 'files' or $opt{subdir} eq 'scripts') {
die "--subdir option must be 'files' or 'scripts'\n\n$usage";
}
} else {
$opt{subdir} = '';
}
# Prepare for backups
if ($opt{backup} and $opt{'backup-dir'}) {
# Make sure backup directory exists
unless (-d $opt{'backup-dir'}) {
($opt{verbose} > 0) and print STDERR "Creating backup directory '$opt{'backup-dir'}'\n";
if (not $opt{'dry-run'}) {
eval { mkpath($opt{'backup-dir'}); };
die "Could not mkpath backup dir '$opt{'backup-dir'}': $@\n" if $@;
}
}
push(@rsync, "--backup", "--backup-dir=$opt{'backup-dir'}");
}
# Pass options along to rsync
if ($opt{'dry-run'}) {
push @rsync, '--dry-run';
}
# Pass options along to rsync
if ($opt{'verbose'} > 1) {
push @rsync, '--verbose';
}
# }}}
# copy over the new files
for my $full_role (@ARGV) {
# Split the full role (e.g. google.foogle.woogle) into components
my @role_parts = split(/\./, $full_role);
die "Internal error: Expect at least one role part" if not @role_parts;
# Reassemble parts one at a time onto @role and sync as we go,
# so we do "google", then "google.foogle", then "google.foogle.woogle"
my @role = ();
# Make sure we've got the right perms before we copy stuff down
check_stage();
# For the base role, do both files and scripts.
push @role, shift @role_parts;
for my $subdir(qw(files scripts)) {
if (not $opt{subdir} or $opt{subdir} eq $subdir) {
($opt{verbose} > 1)
and print STDERR "$PROG: Calling sync_role for $full_role, @role\n";
# @role here will have one element, so sync_role will use --delete
sync_role($full_role, $subdir, @role)
}
}
# For all subroles, just do the files.
# (If we wanted script subroles to work like files, we'd get rid of this
# distinction and simplify the code.)
if (not $opt{subdir} or $opt{subdir} eq 'files') {
while (@role_parts) {
push @role, shift @role_parts;
($opt{verbose} > 1)
and print STDERR "$PROG: Calling sync_role for $full_role, @role\n";
sync_role($full_role, 'files', @role);
}
}
for my $subdir (qw(files scripts)) {
apply_default_perms_to_role($full_role, $subdir)
if (not $opt{subdir} or $opt{subdir} eq $subdir);
}
}
exit 0;
# Make sure the stage directory exists and is mode 0700, to protect files
# underneath in transit
sub check_stage () {
my $stage = $opt{stage} . "/roles";
if (not $opt{'dry-run'}) {
if (not -d $stage) {
($opt{verbose} > 0) and print STDERR "$PROG: Creating '$stage'\n";
eval { mkpath($stage); };
die "Could not mkpath cache dir '$stage': $@\n" if $@;
}
($opt{verbose} > 0) and print STDERR "$PROG: Checking perms on '$stage'\n";
if ($> != 0) {
warn "WARNING[$PROG]: Not superuser; unable to chown files\n";
} else {
chown(0, 0, $stage)
or die "Could not chown 0:0 '$stage': $!\n";
}
chmod(0700, $stage)
or die "Could not chmod 0700 '$stage': $!\n";
}
}
# Copy the files for a role from CACHE to STAGE
sub sync_role ($$@) {
my ($full_role, $subdir, @role) = @_;
my @this_rsync = @rsync;
# If we were only given one role part, we're in the base role
my $in_base_role = (scalar @role == 1);
# For the base role, delete any files that don't exist in the cache.
# Not for the subrole (otherwise we'll delete all files not in
# the subrole, which may be most of them!)
if ($in_base_role) {
push @this_rsync, "--delete";
}
# (a) => a/files
# (a,b,c) => a/files.b.c
my $src_path = $role[0].'/'.join(".", $subdir, @role[1 .. $#role]);
# This one's a little simpler:
my $dst_path = $full_role.'/'.$subdir;
# final / is important for rsync
my $source = $opt{cache} . "/roles/" . $src_path . "/";
my $destination = $opt{stage} . "/roles/" . $dst_path . "/";
if (not -d $destination and -d $source) {
($opt{verbose} > 0) and print STDERR "$PROG: Creating '$destination'\n";
if (not $opt{'dry-run'}) {
eval { mkpath($destination); };
die "Could not mkpath stage dir '$destination': $@\n" if $@;
}
}
# We no longer require the source to exist
if (not -d $source) {
# but we need to remove the destination if the source
# doesn't exist and we're in the base role
if ($in_base_role) {
rmtree($destination);
# rmtree() doesn't throw exceptions or give a return value useful
# for detecting failure, so we just check after the fact.
die "Could not rmtree '$destination' when '$source' missing\n"
if -e $destination;
}
# if we continue, rsync will fail because source is missing,
# so we don't.
return;
}
# All this to run an rsync command
my @command = (@this_rsync, $source, $destination);
($opt{verbose} > 0) and print STDERR "$PROG: Syncing $src_path with '@command'\n";
Slack::wrap_rsync(@command);
}
# This just takes the base role, and chowns/chmods everything under it to
# give it some sensible permissions. Basically, the only thing we preserve
# about the original permissions is the executable bit, since that's the
# only thing source code controls systems like CVS, RCS, Perforce seem to
# preserve.
sub apply_default_perms_to_role ($$) {
my ($role, $subdir) = @_;
my $destination = $opt{stage} . "/roles/" . $role;
if ($subdir) {
$destination .= '/' . $subdir;
}
# If the destination doesn't exist, it's probably because the source didn't
return if not -d $destination;
($opt{verbose} > 0) and print STDERR "$PROG: Setting default perms on $destination\n";
if ($> != 0) {
warn "WARNING[$PROG]: Not superuser; won't be able to chown files\n";
}
# Use File::Find to recurse the directory
find({
# The "wanted" subroutine is called for every directory entry
wanted => sub {
return if $opt{'dry-run'};
($opt{verbose} > 2) and print STDERR "$File::Find::name\n";
if (-l) {
# symlinks shouldn't be in here,
# since we dereference when copying
warn "WARNING[$PROG]: Skipping symlink at $File::Find::name: $!\n";
return;
} elsif (-f _) { # results of last stat saved in the "_"
if (-x _) {
chmod 0555, $_
or die "Could not chmod 0555 $File::Find::name: $!";
} else {
chmod 0444, $_
or die "Could not chmod 0444 $File::Find::name: $!";
}
} elsif (-d _) {
chmod 0755, $_
or die "Could not chmod 0755 $File::Find::name: $!";
} else {
warn "WARNING[$PROG]: Unknown file type at $File::Find::name: $!\n";
}
return if $> != 0; # skip chowning if not superuser
chown 0, 0, $_
or die "Could not chown 0:0 $File::Find::name: $!";
},
# end of wanted function
},
# way down here, we have the directory to traverse with File::Find
$destination,
);
}

169
archive/slack-runtime/dist/slack-sync vendored
View File

@@ -1,169 +0,0 @@
#!/usr/bin/perl -w
# $Id: slack-sync 180 2008-01-19 08:26:19Z alan $
# vim:sw=2
# vim600:fdm=marker
# Copyright (C) 2004-2008 Alan Sundell <alan@sundell.net>
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
# See the file COPYING for details.
#
# This script is in charge of copying files from the (possibly remote)
# master directory to a local cache, using rsync
require 5.006;
use warnings FATAL => qw(all);
use strict;
use sigtrap qw(die untrapped normal-signals
stack-trace any error-signals);
use File::Path;
use constant LIB_DIR => '/usr/lib/slack';
use lib LIB_DIR;
use Slack;
my @rsync = ('rsync',
'--cvs-exclude',
'--recursive',
'--links',
'--copy-links',
'--times',
'--perms',
'--sparse',
'--delete',
'--files-from=-',
'--from0',
);
(my $PROG = $0) =~ s#.*/##;
sub check_cache ($);
sub rsync_source ($$@);
########################################
# Environment
# Helpful prefix to die messages
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
# Set a reasonable umask
umask 077;
# Get out of wherever (possibly NFS-mounted) we were
chdir("/")
or die "Could not chdir /: $!";
# Autoflush on STDERR
select((select(STDERR), $|=1)[0]);
########################################
# Config and option parsing {{{
my $usage = Slack::default_usage("$PROG [options] <role> [<role>...]");
# Option defaults
my %opt = ();
Slack::get_options(
opthash => \%opt,
usage => $usage,
required_options => [ qw(source cache) ],
);
# Arguments are required
die "No roles given!\n\n$usage" unless @ARGV;
# Prepare for backups
if ($opt{backup} and $opt{'backup-dir'}) {
# Make sure backup directory exists
unless (-d $opt{'backup-dir'}) {
($opt{verbose} > 0) and print STDERR "Creating backup directory '$opt{'backup-dir'}'\n";
if (not $opt{'dry-run'}) {
eval { mkpath($opt{'backup-dir'}); };
die "Could not mkpath backup dir '$opt{'backup-dir'}': $@\n" if $@;
}
}
push(@rsync, "--backup", "--backup-dir=$opt{'backup-dir'}");
}
# Look at source type, and add options if necessary
if ($opt{'rsh'} or $opt{source} =~ m/^[\w@\.-]+::/) {
# This is tunnelled rsync, and so needs an extra option
if ($opt{'rsh'}) {
push @rsync, '-e', $opt{'rsh'};
} else {
push @rsync, '-e', 'ssh';
}
}
# Pass options along to rsync
if ($opt{'dry-run'}) {
push @rsync, '--dry-run';
}
# Pass options along to rsync
if ($opt{'verbose'} > 1) {
push @rsync, '--verbose';
}
# }}}
my @roles = ();
{
# This hash is just to avoid calling rsync twice if two subroles are
# installed. We only care since it's remote, and therefore slow.
my %roles_to_sync = ();
# copy over the new files
for my $full_role (@ARGV) {
# Get the first element of the role name (the base role)
# e.g., from "google.foogle.woogle", get "google"
my $base_role = (split /\./, $full_role, 2)[0];
$roles_to_sync{$base_role} = 1;
}
@roles = keys %roles_to_sync;
}
my $cache = $opt{cache} . "/roles/";
# Make sure we've got the right perms before we copy stuff down
check_cache($cache);
rsync_source(
$opt{source} . '/roles/',
$cache,
@roles,
);
exit 0;
# Make sure the cache directory exists and is mode 0700, to protect files
# underneath in transit
sub check_cache ($) {
my ($cache) = @_;
if (not $opt{'dry-run'}) {
if (not -d $cache) {
($opt{verbose} > 0) and print STDERR "$PROG: Creating '$cache'\n";
eval { mkpath($cache); };
die "Could not mkpath cache dir '$cache': $@\n" if $@;
}
($opt{verbose} > 0) and print STDERR "$PROG: Checking perms on '$cache'\n";
if ($> != 0) {
warn "WARNING[$PROG]: Not superuser; unable to chown files\n";
} else {
chown(0, 0, $cache)
or die "Could not chown 0:0 '$cache': $!\n";
}
chmod(0700, $cache)
or die "Could not chmod 0700 '$cache': $!\n";
}
}
# Pull down roles from an rsync source
sub rsync_source($$@) {
my ($source, $destination, @roles) = @_;
my @command = (@rsync, $source, $destination);
($opt{verbose} > 0)
and print STDERR "$PROG: Syncing cache with '@command'\n";
my ($fh) = Slack::wrap_rsync_fh(@command);
# Shove the roles down its throat
print $fh join("\0", @roles), "\0";
# Close fh, waitpid, and check return value
unless (close($fh)) {
Slack::check_system_exit(@command);
}
}

0
archive/slack-runtime/dist/slack.conf vendored
View File

6
archive/slack-runtime/env/SlackConfig-prod.config vendored
View File

@@ -1,6 +0,0 @@
ROLE_LIST=toolbox.turnsys.net:/local/slack-prod/etc/roles.conf
SOURCE=toolbox.turnsys.net:/local/slack-prod/
CACHE=/var/cache/slack
STAGE=/var/lib/slack/stage
ROOT=/
BACKUP_DIR=/var/lib/slack/backups

4
archive/slack-runtime/env/SlackSSH-prod.config vendored
View File

@@ -1,4 +0,0 @@
Host toolbox.turnsys.net
User slack-prod
IdentityFile /root/.ssh/SlackSSH-prod.key
StrictHostKeyChecking no

27
archive/slack-runtime/env/SlackSSH-prod.key vendored
View File

@@ -1,27 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAycZwe0FuYISsFaHvaplNhb9uplG8YeMkffIKXp633MwihACm
oNoKEQHlqSKD1urZfLYjwf1YBKAPt9QRdIguwsQ3hl3xKpsO+gsmaOpF3eJMVWHZ
dS/T7lplIOcXr0tbUeibQ9p+c+MgICfpdAJvUnuD8grDmaTuvasBat4Ow6rXIzsQ
WKzSrP3iQJ0xeq+mqRIlPP5dwl66RF+dlaloVxlvG95i3u512EkNg+sMt1X5KbhH
ecQSicpA8K2qK4G71CqRIm7DmXCheSlDzqLACwJAFOU4xN3eqTO3B4Bm5Wri9Oip
hkwzMgWrDNFx/69ZnGF69g0VP8Qyl4R7d3FZDQIDAQABAoIBAQCzCDYpxybO0Sl3
kFXEuf3FHNRrEr8aA9cPQUHeLuppKV++zG0M8CpaaNqENjHQ8lTDiUE1ETuV7wfD
TpGmWmdTPZMe0B/6c9bYGiickrInbHHamJXAmw1qwh5VEXc8fJqslL2feTEWVoLc
xU0pODfacenjS5W+sE99T0xUrG9hQJMRtNOorMQiUraLl670yIZnzMszDIdd1xdv
4XCuQ5Phnup22/kvByIdiNXPaSY/gOooBTZDUzka+FV3Nn9XXhZoNBnNfk6XgHZw
x9vQvnN+tuDr6RX4g1RPq/u6IhsQO2/OT9wwu74KLdkLFTssGold73uys2WvC0NW
zNFVBuBBAoGBAO6lhTWE2hvt5h7btEY36XgoJbu0k/E7fVgEud2yCdRdQ5ApAHVs
xvol1D3waVKUrRePKq2BhaylwtYACYAow3geMsGrlf4ndlLOQ1z6ByNncJPF3Tr1
lFp025QLijoKmnCq3CdIVPrdhTm44go2usXytobpxS2nB5hZwZfyDju5AoGBANhy
i9vOlRXcLiHpmzAKwFs/jR9D09DUZ6ALm22HvDOsISJS+nR2neun+7HXXHm1Kqyu
w1GA8xaqBnuFfuHP09ZYTNammEROS8dL/5muGCwrfwIrd/H4ELsE0spWOrTlfgY/
GN5WeoXZGAwjiu67AoRkpKIQxnsjEKSNKZQntjn1AoGAOyAdIcZZd2P4iJqsTl1Z
5aAkwR2bLcAsbNs25XtPviKhM51E9NLPdXhb3kCrB3+4ZsbcrwIRCVZEMFrv/6WZ
0C/DKYKGdeJ3CUr7G5UCob3mAWabShk/+S1MnaBCTeEEpHdgdgcQrtqlQEjTD+7B
VXutxz0x0f64/gD22ttotVkCgYAma4a52JyMCc5ChMXgLDhiuhAhuZdynRFbzlOj
iJF2lpo3DoWYgKmdd+7sbW7jx62wg0D2Sa5cmoeWC2cvTAWtKXVSMLYcgc1frfTL
4aQ2yu27g93BnKfTmpKUCeRX0dih4TdX1//dnGBxXym9IILc30R94/5nQx0kKE52
Fup4tQKBgHrDPBIJG3MkA5UIkBPnxE9Ei8V4g/TpYjmC+6JiWkBTQCNZ4A2KKl7S
pwGQwdcqA5OsPbw0T54HwMtDm0ao0b3krb70vBw/xdIAHNe3DCmeOuKelvjDyzr1
ZL6gF557VfKFjz23Hp2PbOYo88BAdX1H1zy0FUZJ7Zh4GbOjgVFQ
-----END RSA PRIVATE KEY-----

1
archive/slack-runtime/env/SlackSSH-prod.key.pub vendored
View File

@@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJxnB7QW5ghKwVoe9qmU2Fv26mUbxh4yR98gpenrfczCKEAKag2goRAeWpIoPW6tl8tiPB/VgEoA+31BF0iC7CxDeGXfEqmw76CyZo6kXd4kxVYdl1L9PuWmUg5xevS1tR6JtD2n5z4yAgJ+l0Am9Se4PyCsOZpO69qwFq3g7DqtcjOxBYrNKs/eJAnTF6r6apEiU8/l3CXrpEX52VqWhXGW8b3mLe7nXYSQ2D6wy3VfkpuEd5xBKJykDwraorgbvUKpEibsOZcKF5KUPOosALAkAU5TjE3d6pM7cHgGblauL06KmGTDMyBasM0XH/r1mcYXr2DRU/xDKXhHt3cVkN charles@ultix-mini

BIN
archive/slack-runtime/slackDist.tar.gz
View File

Binary file not shown.

0
archive/slack/ts-base-ovh/files/etc/cron.daily/clamscan Executable file → Normal file
View File

0
archive/slack/ts-base-ovh/files/usr/local/bin/upAndRoll.sh Executable file → Normal file
View File

0
archive/slack/ts-base-ovh/scripts/postinstall Executable file → Normal file
View File

25
docs/network/lan/pfv-lan.diag
View File

@@ -1,25 +0,0 @@
{
ATTWAN [shape = cloud];
ATTWAN -- ATTDSLModem
network untrusted {
address = "192.168.1.x/24"
ATTDSLModem [address = ".254"];
pfv-core-rtr02 [address = ".70"];
pfv-core-rtr01 [address = ".71"];
}
network LAN-VLAN100 {
address = "10.251.100.x/24"
LANGW-RTR01 [address = ".252"];
LANGW-RTR02 [address = ".253"];
LANGW-FLOAT [address = ".254"];
}
network NERDBONE-VLAN200 {
address = "10.251.200.x/24"
NERDBONEGW-RTR01 [address = ".252"];
NERDBONEGW-RTR02 [address = ".253"];
NERDBONEGW-FLOAT [address = ".254"];
}
}

BIN
docs/network/lan/pfv-lan.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 19 KiB

3
doorman/README.md Normal file
View File

@@ -0,0 +1,3 @@
# doorman
All things related to badge management for TSYS

0
doorman/doorman.pl Executable file → Normal file
View File

0
doorman/test.pl Executable file → Normal file
View File

0
fixHosts.sh Executable file → Normal file
View File

0
libre-work/librenms/distro Executable file → Normal file
View File

0
libre-work/librenms/ntp-client.sh Executable file → Normal file
View File

0
libre-work/librenms/ntp-server.sh Executable file → Normal file
View File

0
libre-work/librenms/os-updates.sh Executable file → Normal file
View File

0
libre-work/librenms/postfix-queues Executable file → Normal file
View File

0
libre-work/librenms/postfixdetailed Executable file → Normal file
View File

0
libre-work/librenms/smart Executable file → Normal file
View File

1726
mtp-configs/asn2net-vpnrtr.turnsys.net
View File

File diff suppressed because it is too large Load Diff

280
mtp-configs/labsw01.pfv.turnsys.net
View File

@@ -1,280 +0,0 @@
interface ethernet 1/e1
description sw1-mgmt
exit
interface ethernet 1/e2
description sw2-mgmt
exit
interface ethernet 1/e3
description sw3-mgmt
exit
interface ethernet 1/e4
description sw4-mgmt
exit
interface ethernet 1/e5
description sw5-mgmt
exit
interface ethernet 1/e6
description sw6-mgmt
exit
interface range ethernet 1/e(7,19)
description r7-mgmt
exit
interface range ethernet 1/e(8,20)
description r8-mgmt
exit
interface ethernet 1/e9
description fw1-mgmt
exit
interface ethernet 1/e10
description fw2-mgmt
exit
interface ethernet 1/e11
description r3-mgmt
exit
interface ethernet 1/e12
description r2-mgmt
exit
interface ethernet 1/e13
description r1-mgmt
exit
interface ethernet 1/e14
description r4-mgmt
exit
interface ethernet 1/e15
description r5-mgmt
exit
interface ethernet 1/e16
description r6-mgmt
exit
interface ethernet 1/e17
description sw7
exit
interface ethernet 1/e18
description sw8-mgmt
exit
interface ethernet 1/e21
description sw9-mgmt
exit
interface ethernet 1/e22
description r4(wan)
exit
interface ethernet 1/e23
description r5(wan)
exit
interface ethernet 1/e24
description fw2(wan)
exit
interface ethernet 1/e25
description auslab-con01
exit
interface ethernet 1/e26
description r10(mgmt)
exit
interface ethernet 1/e27
description r11(mgmt)
exit
interface ethernet 1/e28
description r10(wan)
exit
interface ethernet 1/e29
description r11(wan)
exit
interface ethernet 1/e42
description ikeabench-sw
exit
interface ethernet 1/e45
description LabPC
exit
interface ethernet 1/e46
description Uplink-From-labsw02
exit
interface ethernet 1/e46
duplex full
exit
interface ethernet 1/e47
description GroundStation-Switch
exit
interface ethernet 1/e48
description Uplink-To-labrtr01
exit
interface range ethernet 1/e(46,48)
switchport mode trunk
exit
vlan database
vlan 2-8,12,19-20,22,101,300-320,400-420
exit
interface range ethernet 1/e(46,48)
switchport trunk allowed vlan add 2
exit
interface range ethernet 1/e(46,48)
switchport trunk allowed vlan add 3
exit
interface ethernet 1/e4
switchport access vlan 4
exit
interface range ethernet 1/e(46,48)
switchport trunk allowed vlan add 4
exit
interface range ethernet 1/e(46,48)
switchport trunk allowed vlan add 5
exit
interface ethernet 1/e20
switchport access vlan 6
exit
interface range ethernet 1/e(46,48)
switchport trunk allowed vlan add 6
exit
interface range ethernet 1/e(46,48)
switchport trunk allowed vlan add 7
exit
interface range ethernet 1/e(46,48)
switchport trunk allowed vlan add 8
exit
interface ethernet 1/e29
switchport access vlan 20
exit
interface range ethernet 1/e(25,42-43,45,47)
switchport access vlan 22
exit
interface ethernet 1/e46
switchport trunk native vlan 22
exit
interface ethernet 1/e48
switchport trunk allowed vlan add 22
exit
interface ethernet 1/e1
switchport access vlan 300
exit
interface ethernet 1/e2
switchport access vlan 301
exit
interface ethernet 1/e3
switchport access vlan 302
exit
interface ethernet 1/e5
switchport access vlan 304
exit
interface ethernet 1/e6
switchport access vlan 305
exit
interface ethernet 1/e44
switchport access vlan 306
exit
interface ethernet 1/e7
switchport access vlan 307
exit
interface ethernet 1/e9
switchport access vlan 308
exit
interface ethernet 1/e11
switchport access vlan 309
exit
interface ethernet 1/e13
switchport access vlan 310
exit
interface ethernet 1/e14
switchport access vlan 311
exit
interface ethernet 1/e15
switchport access vlan 312
exit
interface ethernet 1/e21
switchport access vlan 313
exit
interface ethernet 1/e23
switchport access vlan 314
exit
interface ethernet 1/e17
switchport access vlan 315
exit
interface ethernet 1/e18
switchport access vlan 316
exit
interface ethernet 1/e26
switchport access vlan 317
exit
interface ethernet 1/e19
switchport access vlan 318
exit
interface ethernet 1/e28
switchport access vlan 319
exit
interface ethernet 1/e16
switchport access vlan 400
exit
interface ethernet 1/e8
switchport access vlan 401
exit
interface ethernet 1/e10
switchport access vlan 402
exit
interface ethernet 1/e12
switchport access vlan 403
exit
interface ethernet 1/e22
switchport access vlan 407
exit
interface ethernet 1/e24
switchport access vlan 408
exit
interface ethernet 1/e27
switchport access vlan 409
exit
interface vlan 2
name management-network
exit
interface vlan 3
name ap
exit
interface vlan 4
name switch
exit
interface vlan 5
name voip
exit
interface vlan 6
name router
exit
interface vlan 7
name iptv
exit
interface vlan 8
name client
exit
interface vlan 19
name storage
exit
interface vlan 20
name router-wan
exit
interface vlan 101
name fstack1
exit
interface vlan 22
ip address 10.251.22.2 255.255.255.0
exit
ip default-gateway 10.251.22.254
hostname labsw01.pfv.turnsys.net
line ssh
exec-timeout 0
exit
logging 10.253.3.99
aaa authentication enable default enable
aaa authentication enable radius enable
ip http authentication none
aaa authentication login default line
aaa authentication login radius local
line ssh
password d4d78a126ab5aa766f1c716b3fbcd230 encrypted
exit
line console
password d4d78a126ab5aa766f1c716b3fbcd230 encrypted
exit
enable password level 15 6a3299495f48d92cd5541197dacfcf20 encrypted
username admin password 6a3299495f48d92cd5541197dacfcf20 level 15 encrypted
snmp-server host 10.253.3.99 kn3lmgmt
snmp-server location PFV
snmp-server contact prodtechops@turnsys.com
snmp-server community kn3lmgmt 10.253.3.99
ip https server

896
mtp-configs/ovh-core-rtr01.turnsys.net
View File

@@ -1,896 +0,0 @@
<?xml version="1.0"?>
<opnsense>
<theme>opnsense</theme>
<sysctl>
<item>
<descr>Disable the pf ftp proxy handler.</descr>
<tunable>debug.pfftpproxy</tunable>
<value>default</value>
</item>
<item>
<descr>Increase UFS read-ahead speeds to match current state of hard drives and NCQ. More information here: http://ivoras.sharanet.org/blog/tree/2010-11-19.ufs-read-ahead.html</descr>
<tunable>vfs.read_max</tunable>
<value>default</value>
</item>
<item>
<descr>Set the ephemeral port range to be lower.</descr>
<tunable>net.inet.ip.portrange.first</tunable>
<value>default</value>
</item>
<item>
<descr>Drop packets to closed TCP ports without returning a RST</descr>
<tunable>net.inet.tcp.blackhole</tunable>
<value>default</value>
</item>
<item>
<descr>Do not send ICMP port unreachable messages for closed UDP ports</descr>
<tunable>net.inet.udp.blackhole</tunable>
<value>default</value>
</item>
<item>
<descr>Randomize the ID field in IP packets (default is 0: sequential IP IDs)</descr>
<tunable>net.inet.ip.random_id</tunable>
<value>default</value>
</item>
<item>
<descr>
Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
It can also be used to probe for information about your internal networks. These functions come enabled
as part of the standard FreeBSD core system.
</descr>
<tunable>net.inet.ip.sourceroute</tunable>
<value>default</value>
</item>
<item>
<descr>
Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
It can also be used to probe for information about your internal networks. These functions come enabled
as part of the standard FreeBSD core system.
</descr>
<tunable>net.inet.ip.accept_sourceroute</tunable>
<value>default</value>
</item>
<item>
<descr>
Redirect attacks are the purposeful mass-issuing of ICMP type 5 packets. In a normal network, redirects
to the end stations should not be required. This option enables the NIC to drop all inbound ICMP redirect
packets without returning a response.
</descr>
<tunable>net.inet.icmp.drop_redirect</tunable>
<value>default</value>
</item>
<item>
<descr>
This option turns off the logging of redirect packets because there is no limit and this could fill
up your logs consuming your whole hard drive.
</descr>
<tunable>net.inet.icmp.log_redirect</tunable>
<value>default</value>
</item>
<item>
<descr>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</descr>
<tunable>net.inet.tcp.drop_synfin</tunable>
<value>default</value>
</item>
<item>
<descr>Enable sending IPv4 redirects</descr>
<tunable>net.inet.ip.redirect</tunable>
<value>default</value>
</item>
<item>
<descr>Enable sending IPv6 redirects</descr>
<tunable>net.inet6.ip6.redirect</tunable>
<value>default</value>
</item>
<item>
<descr>Enable privacy settings for IPv6 (RFC 4941)</descr>
<tunable>net.inet6.ip6.use_tempaddr</tunable>
<value>default</value>
</item>
<item>
<descr>Prefer privacy addresses and use them over the normal addresses</descr>
<tunable>net.inet6.ip6.prefer_tempaddr</tunable>
<value>default</value>
</item>
<item>
<descr>Generate SYN cookies for outbound SYN-ACK packets</descr>
<tunable>net.inet.tcp.syncookies</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum incoming/outgoing TCP datagram size (receive)</descr>
<tunable>net.inet.tcp.recvspace</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum incoming/outgoing TCP datagram size (send)</descr>
<tunable>net.inet.tcp.sendspace</tunable>
<value>default</value>
</item>
<item>
<descr>Do not delay ACK to try and piggyback it onto a data packet</descr>
<tunable>net.inet.tcp.delayed_ack</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum outgoing UDP datagram size</descr>
<tunable>net.inet.udp.maxdgram</tunable>
<value>default</value>
</item>
<item>
<descr>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</descr>
<tunable>net.link.bridge.pfil_onlyip</tunable>
<value>default</value>
</item>
<item>
<descr>Set to 1 to additionally filter on the physical interface for locally destined packets</descr>
<tunable>net.link.bridge.pfil_local_phys</tunable>
<value>default</value>
</item>
<item>
<descr>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</descr>
<tunable>net.link.bridge.pfil_member</tunable>
<value>default</value>
</item>
<item>
<descr>Set to 1 to enable filtering on the bridge interface</descr>
<tunable>net.link.bridge.pfil_bridge</tunable>
<value>default</value>
</item>
<item>
<descr>Allow unprivileged access to tap(4) device nodes</descr>
<tunable>net.link.tap.user_open</tunable>
<value>default</value>
</item>
<item>
<descr>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</descr>
<tunable>kern.randompid</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum size of the IP input queue</descr>
<tunable>net.inet.ip.intr_queue_maxlen</tunable>
<value>default</value>
</item>
<item>
<descr>Disable CTRL+ALT+Delete reboot from keyboard.</descr>
<tunable>hw.syscons.kbd_reboot</tunable>
<value>default</value>
</item>
<item>
<descr>Enable TCP extended debugging</descr>
<tunable>net.inet.tcp.log_debug</tunable>
<value>default</value>
</item>
<item>
<descr>Set ICMP Limits</descr>
<tunable>net.inet.icmp.icmplim</tunable>
<value>default</value>
</item>
<item>
<descr>TCP Offload Engine</descr>
<tunable>net.inet.tcp.tso</tunable>
<value>default</value>
</item>
<item>
<descr>UDP Checksums</descr>
<tunable>net.inet.udp.checksum</tunable>
<value>default</value>
</item>
<item>
<descr>Maximum socket buffer size</descr>
<tunable>kern.ipc.maxsockbuf</tunable>
<value>default</value>
</item>
</sysctl>
<system>
<optimization>normal</optimization>
<hostname>ovh-core-rtr01</hostname>
<domain>turnsys.net</domain>
<group>
<name>admins</name>
<description>System Administrators</description>
<scope>system</scope>
<gid>1999</gid>
<member>0</member>
<priv>user-shell-access</priv>
<priv>page-all</priv>
</group>
<user>
<name>root</name>
<descr>System Administrator</descr>
<scope>system</scope>
<groupname>admins</groupname>
<password>$2b$10$k7UpLMTFYZHVQqDpnlXr1.tMDVslyuzDVWfvMg9.MNwC1SydPyxoy</password>
<uid>0</uid>
<expires/>
<authorizedkeys>c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCQVFDL0xZSGo0TTh2UGJncmlDaXhnRXBiMFFwdUpNT2Z5c29VOEc2U1ZyWUQ2b21oYWFkam1ITUY1YStRNTdYRVUyQU8vTlNQWnI2TFRrdTNuUlY4anV5OFhVS1U4MzYrRVhaMkhJQnBMNVVmS3ptd2pyMERPdGFMTngva0lFa1ZEL21CeGhGSDRBWGlVVXZkZmpCZDZOdlNPcGJVWllocFo4RGRFTTdCeFZpT3YzV0FxZjd5Q1FJZGcxNWI4bUdkbmduemNzK2l6VWllKytzL09IMUpxZ21MVUhQM0F4VHE0WUVSS045azJCeU50UjdPNlBHZytHdlR1a1U3Z25tbE1abXFLb3dFWUVFMkREZGRtU2t2ZVpqUkdlbTRaVHFFdTkwNHBETWR2cXRPNVNiZUNMdSs2aUFsUy9hOThhVlBiaWMwaU90TXBFd3Y5dnpUaXBUbWE1NGwgam9zZWZjdWJAc2xlaXBuaXINCnNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ281VDBGRVVLb1lheFJoanM5eVd6S3RFeVh1S0p2VFdvbHJ5RDM5NWVxeUJKMHhPeGJrWEorOEVNd0t0V002Tlc1cWFxV2JUMkpKL1Z6T0ljb1lteEF1Kytxd1NXT2Vza1ZyK0Z4UHIyeXBhV0Q5OG5KeStDcFo5Uk42UHc2S2lrSGFreXF6U1VXS1hkb3ZXaVRwZHpxUk8rajBMbUptZ1VpVDNOc2g0MmV5YnZ0L1Q3Sk1rVkc0Vytqb1JYK0RDUzRVSVJSUWdNUkQ0VHFCUS9qcjltN1ZzMGFKbjFsZmxnc3Byc2FjZ29nK3NIbEV6aXR3d2NScU1OcHA1Sm0wRGZoajZQcUF2c2dLSllXT09NRlZvd3ZHc3FuUTl3cUpvNUFsbGxiVEdWMVJIZUlCTzNmUlJVOFVkOVRQQTNBZngxNi9hcGYxbmtMaFY4UVg5bUl4RVdwIGNoYXJsZXNAbGl2aW5ncm9vbQ==</authorizedkeys>
<ipsecpsk/>
<otp_seed/>
</user>
<nextuid>2000</nextuid>
<nextgid>2000</nextgid>
<timezone>America/Chicago</timezone>
<timeservers>0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org</timeservers>
<webgui>
<protocol>http</protocol>
<ssl-certref>5acd29581b4ba</ssl-certref>
<port/>
<ssl-ciphers/>
<interfaces/>
<compression/>
</webgui>
<disablenatreflection>yes</disablenatreflection>
<usevirtualterminal>1</usevirtualterminal>
<disableconsolemenu>1</disableconsolemenu>
<disablechecksumoffloading>1</disablechecksumoffloading>
<disablesegmentationoffloading>1</disablesegmentationoffloading>
<disablelargereceiveoffloading>1</disablelargereceiveoffloading>
<ipv6allow>1</ipv6allow>
<powerd_ac_mode>hadp</powerd_ac_mode>
<powerd_battery_mode>hadp</powerd_battery_mode>
<powerd_normal_mode>hadp</powerd_normal_mode>
<bogons>
<interval>monthly</interval>
</bogons>
<kill_states>1</kill_states>
<backupcount>60</backupcount>
<crypto_hardware>aesni</crypto_hardware>
<pf_share_forward>1</pf_share_forward>
<lb_use_sticky>1</lb_use_sticky>
<language>en_US</language>
<dnsserver>10.253.3.201</dnsserver>
<dnsserver>8.8.8.8</dnsserver>
<dnsserver>8.8.4.4</dnsserver>
<serialspeed>115200</serialspeed>
<primaryconsole>video</primaryconsole>
<ssh>
<noauto>1</noauto>
<interfaces>lan,opt1</interfaces>
<enabled>enabled</enabled>
<permitrootlogin>1</permitrootlogin>
</ssh>
<rulesetoptimization>basic</rulesetoptimization>
<maximumstates/>
<maximumfrags/>
<aliasesresolveinterval/>
<maximumtableentries/>
<dns1gw>none</dns1gw>
<dns2gw>none</dns2gw>
<dns3gw>none</dns3gw>
<dns4gw>none</dns4gw>
<dns5gw>none</dns5gw>
<dns6gw>none</dns6gw>
<dns7gw>none</dns7gw>
<dns8gw>none</dns8gw>
</system>
<interfaces>
<wan>
<if>em0</if>
<descr>WAN</descr>
<enable>1</enable>
<spoofmac/>
<blockpriv>1</blockpriv>
<blockbogons>1</blockbogons>
<ipaddr>158.69.183.161</ipaddr>
<subnet>29</subnet>
<gateway>GW_WAN</gateway>
<ipaddrv6/>
<subnetv6/>
<gatewayv6/>
</wan>
<lan>
<if>vtnet0</if>
<descr>TSYS</descr>
<enable>1</enable>
<spoofmac/>
<ipaddr>10.253.9.252</ipaddr>
<subnet>24</subnet>
<gateway/>
<ipaddrv6/>
<subnetv6/>
<gatewayv6/>
</lan>
<opt1>
<if>vtnet1</if>
<descr>mgmt</descr>
<enable>1</enable>
<spoofmac/>
<ipaddr>10.253.3.252</ipaddr>
<subnet>24</subnet>
<gateway/>
<ipaddrv6/>
<subnetv6/>
<gatewayv6/>
</opt1>
<openvpn>
<internal_dynamic>1</internal_dynamic>
<enable>1</enable>
<if>openvpn</if>
<descr>OpenVPN</descr>
<type>group</type>
<virtual>1</virtual>
</openvpn>
</interfaces>
<dhcpd>
<lan>
<numberoptions/>
<range>
<from>10.253.9.10</from>
<to>10.253.9.244</to>
</range>
</lan>
</dhcpd>
<unbound>
<enable>on</enable>
</unbound>
<snmpd>
<syslocation/>
<syscontact/>
<rocommunity>public</rocommunity>
</snmpd>
<syslog>
<reverse/>
</syslog>
<nat>
<outbound>
<mode>automatic</mode>
</outbound>
<rule>
<protocol>tcp</protocol>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<descr>Allow HTTP to tsys-cloud-www</descr>
<tag/>
<tagged/>
<poolopts/>
<associated-rule-id>pass</associated-rule-id>
<target>10.253.9.80</target>
<local-port>80</local-port>
<source>
<any>1</any>
</source>
<destination>
<address>158.69.183.163</address>
<port>80</port>
</destination>
<updated>
<username>root@10.251.100.101</username>
<time>1523418308.4677</time>
<description>/firewall_nat_edit.php made changes</description>
</updated>
<created>
<username>root@10.40.50.77</username>
<time>1523415475.9344</time>
<description>/firewall_nat_edit.php made changes</description>
</created>
</rule>
<rule>
<protocol>tcp</protocol>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<descr>Allow HTTPS to tsys-cloud-www</descr>
<tag/>
<tagged/>
<poolopts/>
<associated-rule-id>pass</associated-rule-id>
<target>10.253.9.80</target>
<local-port>443</local-port>
<source>
<any>1</any>
</source>
<destination>
<address>158.69.183.163</address>
<port>443</port>
</destination>
<updated>
<username>root@10.251.100.101</username>
<time>1523418287.4024</time>
<description>/firewall_nat_edit.php made changes</description>
</updated>
<created>
<username>root@10.40.50.77</username>
<time>1523415559.6905</time>
<description>/firewall_nat_edit.php made changes</description>
</created>
</rule>
</nat>
<filter>
<rule>
<type>pass</type>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<protocol>tcp</protocol>
<source>
<any>1</any>
</source>
<destination>
<address>158.69.183.163</address>
<port>443</port>
</destination>
<updated>
<username>root@10.251.100.101</username>
<time>1523416403.3059</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@10.251.100.101</username>
<time>1523416403.3059</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule>
<type>pass</type>
<interface>wan</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<protocol>tcp</protocol>
<source>
<any>1</any>
</source>
<destination>
<address>158.69.183.163</address>
<port>80</port>
</destination>
<updated>
<username>root@10.251.100.101</username>
<time>1523416435.3134</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@10.251.100.101</username>
<time>1523416435.3134</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule>
<type>pass</type>
<ipprotocol>inet</ipprotocol>
<descr>Default allow LAN to any rule</descr>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
</rule>
<rule>
<type>pass</type>
<ipprotocol>inet6</ipprotocol>
<descr>Default allow LAN IPv6 to any rule</descr>
<interface>lan</interface>
<source>
<network>lan</network>
</source>
<destination>
<any/>
</destination>
</rule>
<rule>
<type>pass</type>
<interface>openvpn</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<source>
<any>1</any>
</source>
<destination>
<any>1</any>
</destination>
<updated>
<username>root@10.253.9.2</username>
<time>1523403486.057</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@10.253.9.2</username>
<time>1523403486.057</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<ipprotocol>inet6</ipprotocol>
<statetype>keep state</statetype>
<descr>Default allow LAN IPv6 to any rule</descr>
<source>
<network>opt1</network>
</source>
<destination>
<any>1</any>
</destination>
<updated>
<username>root@10.40.50.77</username>
<time>1523484939.8032</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@10.40.50.77</username>
<time>1523484939.8032</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<descr>Default allow LAN to any rule</descr>
<source>
<network>opt1</network>
</source>
<destination>
<any>1</any>
</destination>
<updated>
<username>root@10.40.50.77</username>
<time>1523484915.9788</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@10.40.50.77</username>
<time>1523484915.9788</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
<rule>
<type>pass</type>
<interface>opt1</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<descr>Allow traffic to management VLAN</descr>
<source>
<any>1</any>
</source>
<destination>
<any>1</any>
</destination>
<updated>
<username>root@10.40.50.77</username>
<time>1523479299.9205</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@10.40.50.77</username>
<time>1523478607.6733</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>
</filter>
<rrd>
<enable/>
</rrd>
<load_balancer>
<monitor_type>
<name>ICMP</name>
<type>icmp</type>
<descr>ICMP</descr>
<options/>
</monitor_type>
<monitor_type>
<name>TCP</name>
<type>tcp</type>
<descr>Generic TCP</descr>
<options/>
</monitor_type>
<monitor_type>
<name>HTTP</name>
<type>http</type>
<descr>Generic HTTP</descr>
<options>
<path>/</path>
<host/>
<code>200</code>
</options>
</monitor_type>
<monitor_type>
<name>HTTPS</name>
<type>https</type>
<descr>Generic HTTPS</descr>
<options>
<path>/</path>
<host/>
<code>200</code>
</options>
</monitor_type>
<monitor_type>
<name>SMTP</name>
<type>send</type>
<descr>Generic SMTP</descr>
<options>
<send/>
<expect>220 *</expect>
</options>
</monitor_type>
</load_balancer>
<ntpd>
<prefer>0.opnsense.pool.ntp.org</prefer>
</ntpd>
<widgets>
<sequence>system_information-container:00000000-col3:show,services_status-container:00000001-col4:show,gateways-container:00000002-col4:show,interface_list-container:00000003-col4:show</sequence>
<column_count>2</column_count>
</widgets>
<revision>
<username>root@10.40.50.77</username>
<time>1523486151.3622</time>
<description>/firewall_virtual_ip_edit.php made changes</description>
</revision>
<OPNsense>
<captiveportal version="1.0.0">
<zones/>
<templates/>
</captiveportal>
<cron version="1.0.0">
<jobs/>
</cron>
<Netflow version="1.0.0">
<capture>
<interfaces/>
<egress_only>wan</egress_only>
<version>v9</version>
<targets/>
</capture>
<collect>
<enable>0</enable>
</collect>
</Netflow>
<IDS version="1.0.1">
<rules/>
<userDefinedRules/>
<files/>
<fileTags/>
<general>
<enabled>0</enabled>
<ips>0</ips>
<promisc>0</promisc>
<interfaces>wan</interfaces>
<homenet>192.168.0.0/16,10.0.0.0/8,172.16.0.0/12</homenet>
<defaultPacketSize/>
<UpdateCron/>
<AlertLogrotate>W0D23</AlertLogrotate>
<AlertSaveLogs>4</AlertSaveLogs>
<MPMAlgo>ac</MPMAlgo>
<syslog>0</syslog>
<LogPayload>0</LogPayload>
</general>
</IDS>
<proxy version="1.0.0">
<general>
<enabled>0</enabled>
<icpPort/>
<logging>
<enable>
<accessLog>1</accessLog>
<storeLog>1</storeLog>
</enable>
<ignoreLogACL/>
<target/>
</logging>
<alternateDNSservers/>
<dnsV4First>0</dnsV4First>
<forwardedForHandling>on</forwardedForHandling>
<uriWhitespaceHandling>strip</uriWhitespaceHandling>
<useViaHeader>1</useViaHeader>
<suppressVersion>0</suppressVersion>
<VisibleEmail>admin@localhost.local</VisibleEmail>
<VisibleHostname/>
<cache>
<local>
<enabled>0</enabled>
<directory>/var/squid/cache</directory>
<cache_mem>256</cache_mem>
<maximum_object_size/>
<size>100</size>
<l1>16</l1>
<l2>256</l2>
<cache_linux_packages>0</cache_linux_packages>
<cache_windows_updates>0</cache_windows_updates>
</local>
</cache>
<traffic>
<enabled>0</enabled>
<maxDownloadSize>2048</maxDownloadSize>
<maxUploadSize>1024</maxUploadSize>
<OverallBandwidthTrotteling>1024</OverallBandwidthTrotteling>
<perHostTrotteling>256</perHostTrotteling>
</traffic>
</general>
<forward>
<interfaces>lan</interfaces>
<port>3128</port>
<sslbumpport>3129</sslbumpport>
<sslbump>0</sslbump>
<sslurlonly>0</sslurlonly>
<sslcertificate/>
<sslnobumpsites/>
<ssl_crtd_storage_max_size>4</ssl_crtd_storage_max_size>
<sslcrtd_children>5</sslcrtd_children>
<ftpInterfaces/>
<ftpPort>2121</ftpPort>
<ftpTransparentMode>0</ftpTransparentMode>
<addACLforInterfaceSubnets>1</addACLforInterfaceSubnets>
<transparentMode>0</transparentMode>
<acl>
<allowedSubnets/>
<unrestricted/>
<bannedHosts/>
<whiteList/>
<blackList/>
<browser/>
<mimeType/>
<safePorts>80:http,21:ftp,443:https,70:gopher,210:wais,1025-65535:unregistered ports,280:http-mgmt,488:gss-http,591:filemaker,777:multiling http</safePorts>
<sslPorts>443:https</sslPorts>
<remoteACLs>
<blacklists/>
<UpdateCron/>
</remoteACLs>
</acl>
<icap>
<enable>0</enable>
<RequestURL>icap://[::1]:1344/avscan</RequestURL>
<ResponseURL>icap://[::1]:1344/avscan</ResponseURL>
<SendClientIP>1</SendClientIP>
<SendUsername>0</SendUsername>
<EncodeUsername>0</EncodeUsername>
<UsernameHeader>X-Username</UsernameHeader>
<EnablePreview>1</EnablePreview>
<PreviewSize>1024</PreviewSize>
<OptionsTTL>60</OptionsTTL>
<exclude/>
</icap>
<authentication>
<method/>
<realm>OPNsense proxy authentication</realm>
<credentialsttl>2</credentialsttl>
<children>5</children>
</authentication>
</forward>
</proxy>
<TrafficShaper version="1.0.1">
<pipes/>
<queues/>
<rules/>
</TrafficShaper>
<quagga>
<bgp version="0.0.0">
<enabled>1</enabled>
<asnumber>64522</asnumber>
<networks>10.253.9.0/24,10.253.3.0/24,192.168.194.0/30</networks>
<redistribute/>
<neighbors>
<neighbor uuid="e56fc4ba-e5c4-48d6-8219-69250f2b8222">
<enabled>1</enabled>
<address>192.168.194.1</address>
<remoteas>64517</remoteas>
<updatesource>openvpn</updatesource>
<nexthopself>0</nexthopself>
<defaultoriginate>0</defaultoriginate>
<linkedPrefixlistIn/>
<linkedPrefixlistOut/>
<linkedRoutemapIn/>
<linkedRoutemapOut/>
</neighbor>
</neighbors>
<aspaths/>
<prefixlists/>
<routemaps/>
</bgp>
<general version="0.0.0">
<enabled>1</enabled>
<enablelogfile>0</enablelogfile>
<logfilelevel>notifications</logfilelevel>
<enablesyslog>0</enablesyslog>
<sysloglevel>notifications</sysloglevel>
</general>
</quagga>
</OPNsense>
<cert>
<refid>5acd29581b4ba</refid>
<descr>Web GUI SSL certificate</descr>
<crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZiekNDQTFlZ0F3SUJBZ0lKQUlNTlZ4N1QzSWM3TUEwR0NTcUdTSWIzRFFFQkN3VUFNRTR4Q3pBSkJnTlYKQkFZVEFrNU1NUlV3RXdZRFZRUUlEQXhhZFdsa0xVaHZiR3hoYm1ReEZUQVRCZ05WQkFjTURFMXBaR1JsYkdoaApjbTVwY3pFUk1BOEdBMVVFQ2d3SVQxQk9jMlZ1YzJVd0hoY05NVGd3TkRFd01qRXhOVEEwV2hjTk1Ua3dOREV3Ck1qRXhOVEEwV2pCT01Rc3dDUVlEVlFRR0V3Sk9UREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXcKRXdZRFZRUUhEQXhOYVdSa1pXeG9ZWEp1YVhNeEVUQVBCZ05WQkFvTUNFOVFUbk5sYm5ObE1JSUNJakFOQmdrcQpoa2lHOXcwQkFRRUZBQU9DQWc4QU1JSUNDZ0tDQWdFQTFiaDZkSEdTZkRSZU55YzhGbis2b0dEa3ltbmp6YWhCCkM4Z1JpWDMwWWR3SVBYcWhpYllLQmdkWVFZZDRoNGgzWERPelllMmxZZVRVYUVaZkRsVkxqV2FyL0hMYW5HODMKQW04eE9MdXdwQmdGc0lNTGZUR0FEcUJDd1BaMDlnU0UwT0t1dkdFUGoyNkg4eWhNeDNXT2VvVGJ2RENKMVdCYgpvQjFSTDJmVG1GbkdxMTZTSTJpVDc2VndBM3BUQXlFb1pmRllmeGRMSTBpbmp5dnU3aWNCQVBNU09pWXowbVJXClVZZDNHKzUrcmI0QkVkSXl3TGpDRzd2SjdYQTJlWXJlZTY3YlpTeTVqNVc0eXpjTFJNbkZzZGMrb1EwR3dJanIKVFowQzYvZWowUWpWbE5ERFNQaGM0dkJaZ2xWMTJlL3FtekN0MnNPYzVxS3Zyc1JtckNGL3RSelV5cU9ZaGt2eAp2c0huODVnTmswS05YbEkwUGNWM2NhTWo0RlJVNXI3clpEb0hnTi9UTFpFaUVmVUJXMFlJM25FSUZrY3VyVngyCm5KNWNxWjBZK1NiSk1BZzVPYUhWcTZxRWhsdEExa1BvQWllcXBhQjdzb2lDT0hQZ08rQ09YNUlCK1FMM2h2dmMKMHc0YUplNEErS0ROS21ReVRpQ21JYXdrU0l0V2Fka1lUMFNnVjVnMUJKYnRQdnJKZytOM1dpN3dKdkxqOXVnZQovVWx0V3VPeXM3eXQyWDRIbFdWQXdUSC9XMEN3enVaUXpsbk02ODJHdThacGxMWGt6OU1DVFRkbm5oQnErRXllCnJrM3lONk4zRWZSMTN2T2lyM1VWcEVVVkVvSm9sRERGNERpMDQxR3BWU25xVFVBeUs2aGQxQVpFYXVVd1RyeUkKSDZtMWwrVUIvdHNDQXdFQUFhTlFNRTR3SFFZRFZSME9CQllFRlA3OWZLUU5sM0VWaGdLdm8xOFNqd3NGWDBjcgpNQjhHQTFVZEl3UVlNQmFBRlA3OWZLUU5sM0VWaGdLdm8xOFNqd3NGWDBjck1Bd0dBMVVkRXdRRk1BTUJBZjh3CkRRWUpLb1pJaHZjTkFRRUxCUUFEZ2dJQkFGZ245NlYrMEhqRlFtaEd5RDZBM1lXenByaitiZkd1RWZCcmZhcUMKbVd2NTM4TVlTOEE2MWswMEhOZjZoZUZISUpWSzI1akN6dXZDMC8rZmJGRForZmtkcllNUFNjNzBOQm9oOFJnaApxTDNoOW9KenR4bEVCbkc2Z3lQdG1ISDVYbW1mZmYzWTU0U0ljT0x0c3BTWlNUVDlMbUpNcm4wNmhRbE5Cd3Z3Cm1XWXBqTklMRWJSN1BWN3ZtZjQ3MW1OTmVqczZSK2Y2Z2RpMDdCcVl6YVppWldsdGZFb2FsNk5qRFRUUUhTdEUKcVlVSGpXWHZGU0g5SVRjdzN3QVRjdGVZVW8rOFI1dWEvNmhMUEViMERUeUo3Y0FuZDFjNVpwK1lEUzRDcDd2dgowdVFybDliNWtKdWYrWDUzL3lMMmNMK1dDdFJsU0tKOW9kV1NzRlRqLzhLUTBWNUJOcGFqcnE2dnp2c2FVaTNqCkk2Z0dFVlphak9YQVdYdmxhWDdLQXduSi9EZzVmUmFXT0oxTmpuSFZibFNsbWRPdWh3cHVJM0cyc3hsaDIxa28KQkZiOVo0V3ZoODBEWXBxQnRScEFpRDRaMGVkOCtLelkzQ0NyQzBOS1pUVjhPbFRmRWZlSzdxNzRDbmMyQmJhSwp5UUI2SlVlRVU1VVd5K1paQkNrM2kzN3dBcmhyc0UwU1B4N2ZKUXJQZlNpbUQxZE0wcHcrdExZMDFQaUxudlZTCk9SaEw0S09NMDAydVhBUW1CbDZBMXlGRjBsMzhwR1cvbFNDNktId3lnQ0Znb2hHYnFsQmw3eDM1czR0Vkoyak4KdEpXRFdWYmt4eFZEbFFGbW5DTURzbzBEaFBBbGJNbVJ0OC8yeEx5cVRsV2F1SGpvZ3B5dStpdmhrOXcvc3VGUQpkSndXCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
<prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRRFZ1SHAwY1pKOE5GNDMKSnp3V2Y3cWdZT1RLYWVQTnFFRUx5QkdKZmZSaDNBZzllcUdKdGdvR0IxaEJoM2lIaUhkY003Tmg3YVZoNU5SbwpSbDhPVlV1TlpxdjhjdHFjYnpjQ2J6RTR1N0NrR0FXd2d3dDlNWUFPb0VMQTluVDJCSVRRNHE2OFlRK1Bib2Z6CktFekhkWTU2aE51OE1JblZZRnVnSFZFdlo5T1lXY2FyWHBJamFKUHZwWEFEZWxNRElTaGw4VmgvRjBzalNLZVAKSys3dUp3RUE4eEk2SmpQU1pGWlJoM2NiN242dHZnRVIwakxBdU1JYnU4bnRjRFo1aXQ1N3J0dGxMTG1QbGJqTApOd3RFeWNXeDF6NmhEUWJBaU90Tm5RTHI5NlBSQ05XVTBNTkkrRnppOEZtQ1ZYWFo3K3FiTUszYXc1em1vcSt1CnhHYXNJWCsxSE5US281aUdTL0crd2Vmem1BMlRRbzFlVWpROXhYZHhveVBnVkZUbXZ1dGtPZ2VBMzlNdGtTSVIKOVFGYlJnamVjUWdXUnk2dFhIYWNubHlwblJqNUpza3dDRGs1b2RXcnFvU0dXMERXUStnQ0o2cWxvSHV5aUlJNApjK0E3NEk1ZmtnSDVBdmVHKzl6VERob2w3Z0Q0b00wcVpESk9JS1lockNSSWkxWnAyUmhQUktCWG1EVUVsdTArCitzbUQ0M2RhTHZBbTh1UDI2Qjc5U1cxYTQ3S3p2SzNaZmdlVlpVREJNZjliUUxETzVsRE9XY3pyellhN3htbVUKdGVUUDB3Sk5OMmVlRUdyNFRKNnVUZkkzbzNjUjlIWGU4Nkt2ZFJXa1JSVVNnbWlVTU1YZ09MVGpVYWxWS2VwTgpRRElycUYzVUJrUnE1VEJPdklnZnFiV1g1UUgrMndJREFRQUJBb0lDQUJBdzhxNEJzS3hTTjFVTVZ1UUpkelVSClFpUUhrNmVQK0tXUTJhdEY3STdCWWFwdXNQQkM1MDEvbnZNUDlWU25SUXVxS3d2Zk9pbEpjY0lZbXJqMlEwd0sKSER0NjVBNzM2ZjM0T0kxb3dzQWJ4Y3FTa3Z0QUZjaUY0YWpHd3lPa1FmK2xQTUd1eE1RRUJxNm9QZkRhZWhuVQpHT1dQODlGRGhJMkR5eFBCVk9sMDI3VTk2K3BjME9CVjh6K0FNK3ZIeGt5NjFRNkQwRUJ6RDZhc0dHVFlkWjRCCnpENjFpRFdIUG5iY3dXeFBUQytUZG5kSUttb3BWU05PdmNTTVBNUkdmZ1oydjg1UmJobHZxVmxUNlRtajQ2Tk8KZ0VNcFBucTFwTVh6Z0RZcVE3SGhiblRndi9xMlBpcy9ORGpJaXE0aEcrLzM1eVBzcitWVksrUWNvdjZsWnd4SgpDRG9oRnFvQlZzNlBiK2YvSGZjUlBCRnBmY1FjeDNnQ2ZWTWh5a3dPN3dBak56cGh1SDNZSlZucGN0Lytnc2p3CkUzMVVLbkZ0eEhmM0NCemNhVDFiR21idzMxekFLalZRTUdOcjFJd2x5Q2o5RmdLdERURzFqcWVKS3pFZy9qMUQKakl6TUo2QUVJMVR1cjlxTi8rZmxQVE53YXVjRmpUMWRRMzVpeG92RFpyY3ZKMEhlTStkSUdTVnNqKzl1K0NTdApzb3ZvdGprWGpsWmdIUngvY1hId1dEbUQ3SFp3MlRuNnBBeGE0aEplRFc0MlJOQURrODRSM3dpSzZzVEl1VHZZClFGUGJJN0I3a3BlMWlzVTduamVjbkcweS8wcjJkbUZNUFpncUNPYXFtSTYwMTl4N09zVjFUNkxHSXBkMDRHY1YKUlYrN1ZuWmcrS0NHenhHaTEvWlJBb0lCQVFENVlhY1NCTGlmYnoxeHpjWEM2bEJ3cE5KNW5wT1M2SG16QlJocQpJcHI4WlVWcDBHTkw3SnBJYzE0cDY4RzRlWDB0NTh5eDRKMDRTdVZDVDMvOFMwamtaV01RckVmbTg0ZmM3RitsCk1vakxEcS9uWmQ2a1ZnUjdCSU5DZjJpaXc2ZEpkOFVTWWc3K2pLakpYK2J2cGsvbWdoYW9yRE1FYVZaN2UvQUoKM0VNenV5TVMrSWgvRGJRYTEyNUV2QkZzdm1CR3NveWNGYmJMMHFDc3BBNjBzcTd2UHNCdlIvVVN3d1ZyVGhmagoxV0ltSmtNdHlwVVNLSVBSZXJUaHZjMlhCL1R0Zk9ieXJnc0l6RnRMOTFtOWRDNXNRTzhSUzZWYTloc3hhMTZZCkVlSGZ2N3NuTTY3M2w1YVgzd2ZrclpWN3g5ZEJCNU5sek9Wa2lkNzZKSmlvb1JYREFvSUJBUURiWklueno4T1IKV013cXNsQWVqLzVXTk8wYzE1U0RoOTB1RkVneFJ1Qmw2dDNqRVZlV0g5U1VLRlRoUkQxWGxsRkpGY3k0YmdBTApIaEQvakE5QTVSdnowczhlVHduODcxM0o1YmdNMWFOb092MVJTS2dZeFN1UWwzdkRYSHFNQ3Rrd3JUOFhsL3lEClo3bU9LVXU4bHhnS1Q1UllXc1dtZ3FuQXJMSG1Ca1FKMU4zdVpiVHU0cWx0WGtoelhaL2swN1B5ZlZvOFMrb2UKU1hwVy85RkpDcEd0Z21PT05WSXcvbU1MNy9ZZ3hFTFRRUS9udmIrSkFKb2xQWWp6ZkVFYy9TYkQ1ckFob09XcwpCYmRKYXkyWGRmWC83ZVZZQnptblllZ2Zod2h4WDVTWGZ3b2lCc2c1VUtvekhaSVhpckVkeTQrdk1wUzl0eWs3Cks1bkN0Mk1QOUNrSkFvSUJBUURLRml4QkdicFMyTjQ5L3JZbmdhRzE1cHI1RzF3VFRIaHliY3FmRjNQbzNGZ24KcTBzTUY2dmUwajZZVWdnbDZhMWJLZUJpdE5ZeTY5NWtvZS9oRDFEK1pIcW01RFZRSGtFVzhpVi94VGU4OVNYdQpxa3FGZVg4Z0FVUXMrdnBjQzVqZ25FSUM1NXVuQTIwejRwZE4xTVFpMDRCeEp6b2dkUXd6L1BkRHhrNWUrV011CjJHQWtOWUtoemJuNTBUMTlsYmlIRWVHSUNzQ2E0eEI1Vm1qa1hYZ05RQmpKRk5Ld1pZRmF0Mm44b3NwcWg4OGcKcUcyc3pWQWt6UDhQZjdPK2xDQVM0NGh6V0Q1dzNzbU5BZUNpK2ljMGFscFE5YkFGeWpHM0ZuOE5WRkJwOVFGQQpmMDFtTGwxR3JPSEVtalhzbk1EK1habEFnWTNTcnpjV0ZkbnZyTG5wQW9JQkFERXlVbDBCOGZEZDRLcVNZYlQ0CnhTZS9wb3daSzR4ekl2MzZQbFlPZHJOai8yMnpyZGhVT3U4ZVBDcG5pdm5oRTBrNFFqZjVNcmxMZkxSUlMvcFoKWmZNL0NvTFpabnY1a1NaOUJOQ2I5NUNmNmI0WWRObFpIWFBIQkZIQ294aFVObS9iNlpINDJ2NzhlM2VOZXhaSApLM1RrYzNkOG8yVzdWeVdGbEQ3b21NazdtcWlpMWZmYmkvS2llY3lrNmYzK0d4UDlXQWE5WHpwN2I1dWlzZU9YCkl5T3RZWFc2THp3ZFQwaVYvck5LVDFIZi9Sa1NTNmtGSVl2SVNMV1EzMmtJdTNDaWdreUlML2hyTDdhZStoSkUKdVcweWc0TkIyNFBWU0tBSlA3TnNvMzExVjJoWjdQd3RRbjFEM0VhN0t3eHJZVVVBS3FxQU1CYThxRFlwdVdVUwpjMEVDZ2dFQWRudXFjWENTeFNicXFQbEc3VU5VZ0dyS28zMHJyWDJaSFlxVkNPc0c4TmZBZC9Id3dRc3pmMEpmCmJqc1JGQlVEYzFLdTk1dFRpWU5VWnArd211S2pxcEZIcjFhNmtQOEgxNWFTUllSTTNITHYwUDYxSGVqa29NeUMKZ3A4QlJibDRuUzh1N3o5YjNWV3FuOVJKOEIrWFRDTGh5Qy9DVTZRZEZCZC9ZUXpOTGNNQktEckppd0pNN3U4YgpFSUZ5MWpRZVlOTC9WcWNuSDY0dm9INEdDZzc5eFJLdlBmWnhBaUZTckhIUVdQWWVJRllDRnlVTUhwMmpTdE43CjVOZ01RWXArbkZZL2d5cWJId2JHQ0JtYWp0bWVYRU1WcnR5SzZ2QXE1RUM2djFrWS9tVFRDb1Jtdmk1djE2ZWoKbWx4azdLanhCWTAvd2tHREY5bkhEMGNEVHpYaHdBPT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=</prv>
</cert>
<ppps/>
<vlans>
<vlan>
<if>vtnet0</if>
<tag>9</tag>
<pcp>0</pcp>
<descr>tsys</descr>
<vlanif>vtnet0_vlan9</vlanif>
</vlan>
<vlan>
<if>vtnet1</if>
<tag>3</tag>
<pcp>0</pcp>
<descr>mgmt</descr>
<vlanif>vtnet1_vlan3</vlanif>
</vlan>
</vlans>
<gateways>
<gateway_item>
<descr>Interface WAN Gateway</descr>
<defaultgw>1</defaultgw>
<ipprotocol>inet</ipprotocol>
<interface>wan</interface>
<gateway>158.69.183.166</gateway>
<monitor_disable>1</monitor_disable>
<name>GW_WAN</name>
<interval>1</interval>
<weight>1</weight>
</gateway_item>
<gateway_item>
<descr>Interface WAN Gateway</descr>
<defaultgw>1</defaultgw>
<ipprotocol>inet</ipprotocol>
<interface>wan</interface>
<gateway>158.69.183.166</gateway>
<monitor_disable>1</monitor_disable>
<name>GW_WAN</name>
<interval>1</interval>
<weight>1</weight>
</gateway_item>
</gateways>
<openvpn>
<openvpn-client>
<protocol>UDP</protocol>
<dev_mode>tun</dev_mode>
<server_addr>158.69.183.162</server_addr>
<server_port>1194</server_port>
<proxy_authtype>none</proxy_authtype>
<description>ASN2NET Backbone</description>
<mode>p2p_shared_key</mode>
<crypto>AES-128-CBC</crypto>
<digest>SHA1</digest>
<engine>none</engine>
<tunnel_network>192.168.194.0/30</tunnel_network>
<verbosity_level>1</verbosity_level>
<interface>wan</interface>
<vpnid>1</vpnid>
<custom_options/>
<shared_key>Iw0KIyAyMDQ4IGJpdCBPcGVuVlBOIHN0YXRpYyBrZXkNCiMNCi0tLS0tQkVHSU4gT3BlblZQTiBTdGF0aWMga2V5IFYxLS0tLS0NCjRhYjBlYzc3NGNlZmFjNDk0ZDkxMmRlOGRkMzkyN2JhDQowZGZjMzI2MGMwZmQwOGE2ZmI0NjVjMGNmZjQ1MzU1YQ0KMDBmODc5MzQwMDI0YjU1OTQ2MDAzNmUyOTJjNDhiNWQNCjkzMjg3ZjY3ZTIwOTI4ZDA2MzczMjM2NjliMjNmZjNiDQoxZjY3MDJlYzkwZWEzOGU3MWZjN2JjMDA5ZTI1YzdiYw0KZjVmNGE4YTNlMzdhMDUyOTkxMGEzNDVjMTQ4Mjk5OTkNCjU0OWE4NGIzYTAyZTg4M2Y1M2ZkZWYzNGZlYzlhNTg3DQpiMDBjMWM3ZjU4YjFlOTYyZTQ1ZjEyMjI0MGI0YTBlMQ0KMTgxZTU3NjY0Y2UwZmIxNTg5YTA1NmZjYWYyNDYwNGYNCmU3M2I4OTJmN2JmNzRlZjMxODEzYzc5ODJhZjkwNmNhDQo4YzAwYTY1OWEwMzI3MGQ3ZGFiNjE0YzkwM2RjYWRlZQ0KNmEwZjQ2MDFhMWE4ODAzMjQxZjY4MTY5M2UyZWFjN2ENCmUyZWNkMDBkYmU4Mjc1MDY2OWQ0MTkwNTZmYjE4OWE0DQpiYzY1YzAyOWY1ZjM2YzI1MTM0MzkzM2M3OTRkZjdhMg0KY2E3OWUyN2E1ZDNjNDhiNjgwNjg2Yjc5MmQ3ZGZiOGUNCmIwODZkMzAyNzNiN2U0ZmNjNTdiNGVjZTQyOTgyMjg2DQotLS0tLUVORCBPcGVuVlBOIFN0YXRpYyBrZXkgVjEtLS0tLQ==</shared_key>
</openvpn-client>
</openvpn>
<staticroutes/>
<virtualip>
<vip>
<type>single</type>
<subnet_bits>29</subnet_bits>
<mode>carp</mode>
<interface>wan</interface>
<descr>tsys-cloud-www</descr>
<subnet>158.69.183.163</subnet>
<vhid>1</vhid>
<advskew>0</advskew>
<advbase>1</advbase>
<password>123</password>
</vip>
<vip>
<type>single</type>
<subnet_bits>24</subnet_bits>
<mode>carp</mode>
<interface>lan</interface>
<descr>floating gw tsys </descr>
<subnet>10.253.9.254</subnet>
<vhid>2</vhid>
<advskew>0</advskew>
<advbase>1</advbase>
<password>vip123</password>
</vip>
<vip>
<type>single</type>
<subnet_bits>24</subnet_bits>
<mode>carp</mode>
<interface>opt1</interface>
<descr>toolbox/ucs</descr>
<subnet>10.253.3.254</subnet>
<vhid>3</vhid>
<advskew>0</advskew>
<advbase>1</advbase>
<password>c0l0rad0</password>
</vip>
</virtualip>
</opnsense>

232
mtp-configs/pfv-core-ap01.pfv.turnsys.net
View File

@@ -1,232 +0,0 @@
!
! Last configuration change at 14:50:15 CST Fri Feb 9 2018 by cisco
! NVRAM config last updated at 14:50:18 CST Fri Feb 9 2018 by cisco
! NVRAM config last updated at 14:50:18 CST Fri Feb 9 2018 by cisco
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname pfv-core-ap01
!
logging rate-limit console 9
no logging console
no logging monitor
enable secret 5 $1$lB96$.3rp3EmJ9p2KjpJh7h0.T.
!
no aaa new-model
clock timezone CST -6 0
no ip domain lookup
ip name-server 10.253.3.86
!
!
dot11 syslog
dot11 vlan-name Nerdbone vlan 200
dot11 vlan-name TheNerdery vlan 100
!
dot11 ssid Nerdbone
vlan 200
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 7 08714E1E041831051302180B386A
!
dot11 ssid TheNerdery
vlan 100
authentication open
authentication key-management wpa
mbssid guest-mode
wpa-psk ascii 7 132B47021800572E6A
!
dot11 network-map
power inline negotiation injector override
crypto pki token default removal timeout 0
!
crypto pki trustpoint TP-self-signed-3632941680
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3632941680
revocation-check none
rsakeypair TP-self-signed-3632941680
!
!
crypto pki certificate chain TP-self-signed-3632941680
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33363332 39343136 3830301E 170D3933 30333031 30303032
31385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 36333239
34313638 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100BDC3 965C98A2 EB69E593 4AEAB184 675EC9C6 8518857D B366DDF8 F4E666C8
6C08CF6A 7563828E 607931DA EB0AD984 142ECB95 1618F2A9 A9624D61 07FCE76F
0C0A8696 E178A8B1 FB966206 8A0769BC B7FA8881 AE34443C 3800B61F B97E9FA1
66E0675F 7B494A0C AD657CD9 847C6755 A65A7E59 B625E45D 89C0AFDE 2B646015
5CFF0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 14715BA0 DC1E3390 78A05B38 1C6B64C8 52A67D60 9B301D06
03551D0E 04160414 715BA0DC 1E339078 A05B381C 6B64C852 A67D609B 300D0609
2A864886 F70D0101 05050003 8181000B 52E38067 C0AB47F9 08AA49B5 5D4EEA01
6E94406F 1579D75C 6888DFB0 D93BF95A 719F2884 7EEF5101 03A5FF8A D5D88568
E48F6F15 7337BF48 B5D8A329 579F9287 DBD9539A 9B084568 BD20BD94 A778A0DE
6DCE2368 1EF9AC86 6271A1C1 1072FCC1 F5B0DAFB 9FA3200A 967A8F03 E3D37ADC
3C25EE36 671237BC 3A7A9049 B027B0
quit
username cisco privilege 15 password 7 0313591B553C131862043D012F4A381B3C09
!
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm
!
encryption vlan 100 mode ciphers aes-ccm tkip
!
encryption vlan 200 mode ciphers aes-ccm tkip
!
ssid Nerdbone
!
ssid TheNerdery
!
antenna gain 0
mbssid
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
channel 2422
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio0.100
encapsulation dot1Q 100
no ip route-cache
bridge-group 100
bridge-group 100 subscriber-loop-control
bridge-group 100 spanning-disabled
bridge-group 100 port-protected
bridge-group 100 block-unknown-source
no bridge-group 100 source-learning
no bridge-group 100 unicast-flooding
!
interface Dot11Radio0.200
encapsulation dot1Q 200
no ip route-cache
bridge-group 200
bridge-group 200 subscriber-loop-control
bridge-group 200 spanning-disabled
bridge-group 200 block-unknown-source
no bridge-group 200 source-learning
no bridge-group 200 unicast-flooding
!
interface Dot11Radio1
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm
!
encryption vlan 100 mode ciphers aes-ccm tkip
!
encryption vlan 200 mode ciphers aes-ccm tkip
antenna gain 0
dfs band 3 block
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
channel dfs
station-role root
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 spanning-disabled
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
!
interface Dot11Radio1.100
encapsulation dot1Q 100
no ip route-cache
bridge-group 100
bridge-group 100 subscriber-loop-control
bridge-group 100 spanning-disabled
bridge-group 100 port-protected
bridge-group 100 block-unknown-source
no bridge-group 100 source-learning
no bridge-group 100 unicast-flooding
!
interface Dot11Radio1.200
encapsulation dot1Q 200
no ip route-cache
bridge-group 200
bridge-group 200 subscriber-loop-control
bridge-group 200 spanning-disabled
bridge-group 200 block-unknown-source
no bridge-group 200 source-learning
no bridge-group 200 unicast-flooding
!
interface GigabitEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
bridge-group 1 spanning-disabled
no bridge-group 1 source-learning
!
interface GigabitEthernet0.100
encapsulation dot1Q 100
no ip route-cache
bridge-group 100
bridge-group 100 spanning-disabled
no bridge-group 100 source-learning
!
interface GigabitEthernet0.200
encapsulation dot1Q 200
no ip route-cache
bridge-group 200
bridge-group 200 spanning-disabled
no bridge-group 200 source-learning
!
interface BVI1
ip address 10.251.30.251 255.255.255.0
no ip route-cache
!
ip default-gateway 10.251.30.254
no ip http server
ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
logging 10.253.3.99
access-list 3 permit 10.253.3.99
access-list 3 remark For SNMP - Only Monitoring Servers can access.
access-list 3 permit 10.243.3.33
access-list 3 deny any log
snmp-server community kn3l-mgmt RO 3
snmp-server community kn3lmgmt RO
snmp-server host 10.253.3.33 kn3l-mgmt
bridge 1 route ip
!
!
banner login ^C5
===============================================================================
-------------------------------------------------------------------------------
TURN NET SYSTEMS - PRODUCTION SYSTEM - GO AWAY
-------------------------------------------------------------------------------
This is a private computer system. These resources, including all
related equipmentURN NET SYSTEMS - PRODUCTION SYSTEM - GO AWAY
===============================================================================
^C
!
line con 0
line vty 0 4
login local
transport input all
!
no exception crashinfo
sntp server 10.40.100.200
sntp server 10.251.30.71
sntp server 10.253.3.201
end

1040
mtp-configs/pfv-core-rtr01.pfv.turnsys.net
View File

File diff suppressed because it is too large Load Diff

1011
mtp-configs/pfv-core-rtr02.pfv.turnsys.net
View File

File diff suppressed because it is too large Load Diff

283
mtp-configs/pfv-core-sw01.pfv.turnsys.net
View File

@@ -1,283 +0,0 @@
!
! Last configuration change at 14:54:50 CST Fri Feb 9 2018 by cisco
! NVRAM config last updated at 14:54:52 CST Fri Feb 9 2018 by cisco
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname pfv-core-sw01
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$.DDG$avbJ/Ba3mTZaUZj0DGbyr0
enable password 7 13061E010803
!
username cisco privilege 15 password 7 1505091C57191970043E11262B5F25143975
aaa new-model
!
!
aaa authentication login default group NPS_RADIUS_SERVERS local
aaa authorization exec default group NPS_RADIUS_SERVERS local if-authenticated
!
!
!
aaa session-id common
clock timezone CST -6
system mtu routing 1500
ip subnet-zero
ip routing
ip domain-name turnsys.net
ip name-server 10.251.30.71
!
!
!
crypto pki trustpoint TP-self-signed-1485245952
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1485245952
revocation-check none
rsakeypair TP-self-signed-1485245952
!
!
crypto pki certificate chain TP-self-signed-1485245952
certificate self-signed 01
30820250 308201B9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31343835 32343539 3532301E 170D3933 30333031 30303030
35335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 34383532
34353935 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100B3BC 70D69DBD 98EF4C19 8B98D8D6 FA1EEA8F 89C99567 38DAEDEE E481EB4B
5FE96885 1E2E4CF6 7282D474 3C0F9711 FD94A661 DF3FCADA FCD801B3 BAC0F907
A167C100 68E8B2C8 EC191A61 07EAEE1B 9A27C508 5BDE75D4 8E027D98 979AB506
35AEF3AF ED6AB97B AF2137DD 1C28EB7F 9DDC88B0 AECA1529 8E252DAD D0AF0CD9
14D50203 010001A3 78307630 0F060355 1D130101 FF040530 030101FF 30230603
551D1104 1C301A82 18617573 2D636F72 65737730 312E7475 726E7379 732E6E65
74301F06 03551D23 04183016 801437DF 64CC8992 2CD93FAC 0829D8DA E56280E2
0374301D 0603551D 0E041604 1437DF64 CC89922C D93FAC08 29D8DAE5 6280E203
74300D06 092A8648 86F70D01 01040500 03818100 6090B1E0 D07F081C 273982E5
DA52C1A9 FF9D381B 6A9A6A65 A8315696 F7E1483C A8AE9C6A 74635CFE 03D8F845
46188168 8E5CBF98 C4450FAC 95628D2E 3EB3D16F F8461D75 114A8F6F D40098E3
C50F9AA7 6568273C 73436B35 B57CCF52 D152EBE0 84EE5684 F3D027B0 AEBDD7A0
ECB58FD2 D717CADE 12CE7A53 C80E6BC4 3235D6FF
quit
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
ip ssh time-out 60
ip ssh authentication-retries 5
!
!
!
interface FastEthernet0/1
description labsw01
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/2
description unknown
spanning-tree portfast
!
interface FastEthernet0/3
description printer-pi
switchport access vlan 22
spanning-tree portfast
!
interface FastEthernet0/4
description pfv-ucs
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/5
description extcam-left
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/6
description extcam-right
switchport access vlan 200
spanning-tree portfast
!
interface FastEthernet0/7
description ap1
switchport access vlan 22
spanning-tree portfast
!
interface FastEthernet0/8
description ap2
switchport access vlan 22
!
interface FastEthernet0/9
description ap3
switchport access vlan 22
!
interface FastEthernet0/10
description ap4
switchport access vlan 100
!
interface FastEthernet0/11
description gallileo
switchport access vlan 22
switchport mode access
!
interface FastEthernet0/12
description ausprod-coreap01
power inline never
switchport trunk encapsulation dot1q
switchport trunk native vlan 30
switchport mode trunk
!
interface FastEthernet0/13
description inkjet
switchport access vlan 22
!
interface FastEthernet0/14
description color laser
switchport access vlan 22
switchport mode access
!
interface FastEthernet0/15
description bwlaser
switchport access vlan 22
switchport mode access
!
interface FastEthernet0/16
description octopi
switchport access vlan 22
switchport mode access
!
interface FastEthernet0/17
description workbench switch
switchport access vlan 100
switchport mode access
!
interface FastEthernet0/18
!
interface FastEthernet0/19
description parallela
switchport access vlan 22
switchport mode access
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
description temp-port
switchport access vlan 30
switchport mode access
!
interface FastEthernet0/23
description pfv-corertr01
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/24
description pfv-corertr02
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
!
interface Vlan30
description Mgmt net
ip address 10.251.30.100 255.255.255.0
!
interface Vlan31
description AP net
no ip address
!
interface Vlan32
description Switch net
no ip address
!
interface Vlan33
description VOIP net
no ip address
!
interface Vlan34
description Router net
no ip address
!
interface Vlan35
description IPTV
no ip address
!
interface Vlan36
description PeanutGallery
no ip address
!
interface Vlan37
description MALZOO (RED) net
no ip address
!
interface Vlan38
description Fstack1
no ip address
!
interface Vlan39
description Fstack2
no ip address
!
interface Vlan40
description Storage
no ip address
!
interface Vlan100
description Desknet
no ip address
!
interface Vlan200
description nerdbone
no ip address
!
ip default-gateway 10.251.30.254
ip classless
ip route 0.0.0.0 0.0.0.0 10.251.30.254
no ip http server
no ip http secure-server
!
!
logging 10.253.3.99
access-list 93 remark NTP access
access-list 93 deny any log
snmp-server user kn3lmgmt kn3lmgmt v1
snmp-server user kn3lmgmt kn3lmgmt v2c
snmp-server community kn3lmgmt RO
snmp-server user kn3lmgmt kn3lmgmt v1
snmp-server user kn3lmgmt kn3lmgmt v2c
snmp-server location PFV
snmp-server chassis-id pfv-core-sw01
!
control-plane
!
!
line con 0
line vty 0 4
transport input all
line vty 5 15
!
ntp clock-period 36029657
ntp access-group peer 93
ntp access-group serve 93
ntp access-group serve-only 93
ntp server 10.253.3.201
ntp server 10.40.100.200
ntp server 10.251.30.71
end

436
mtp-configs/satx-ap-satxinternet.satx.turnsys.net
View File

@@ -1,436 +0,0 @@
!
! Last configuration change at 13:44:44 CST Fri Feb 9 2018 by cisco
! NVRAM config last updated at 13:44:45 CST Fri Feb 9 2018 by cisco
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname outap-front
!
logging rate-limit console 9
no logging console
no logging monitor
enable secret 5 $1$lB96$.3rp3EmJ9p2KjpJh7h0.T.
!
clock timezone CST -6
ip subnet-zero
no ip domain lookup
ip domain name turnsys.net
ip name-server 10.40.50.254
!
!
no aaa new-model
dot11 syslog
dot11 vlan-name Public vlan 2
dot11 vlan-name Video vlan 201
dot11 vlan-name Voice vlan 200
dot11 vlan-name Workstations vlan 50
!
dot11 ssid SATX-Internet
vlan 50
authentication open
authentication key-management wpa
guest-mode
mbssid guest-mode dtim-period 75
wpa-psk ascii 7 070D2E43410E1C1704
!
dot11 network-map
!
crypto pki trustpoint TP-self-signed-4066931324
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4066931324
revocation-check none
rsakeypair TP-self-signed-4066931324
!
!
crypto ca certificate chain TP-self-signed-4066931324
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34303636 39333133 3234301E 170D3132 30313038 31363333
32325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 30363639
33313332 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C811 9A785118 E4DAF6E4 1F1AA2BF 443A6F35 EA8A65EA 6A4768D9 C0998DD4
335F80D8 69A45641 72E6AA4F 05260247 7FCF755F C13336C0 8071A2C5 4AB23C96
BF57D1BB CD52B4F1 E7423EB8 C9482C26 3742EAFC 730A0DFF 02CEAC28 9B08F072
04960164 01CE5182 BA8898A2 AF23160D 299B87B8 E53AADB3 9233EC21 D973F636
01990203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 1444BE0D D2F9A64D 600430DB 70E4DB6E F890968D 74301D06
03551D0E 04160414 44BE0DD2 F9A64D60 0430DB70 E4DB6EF8 90968D74 300D0609
2A864886 F70D0101 04050003 81810006 C0FD3D8F 1D87A0D4 1BCD3561 BDA8713D
A72756CA 65E67BB8 6BE0F3EE 17863E60 512A1B52 900F99D1 D4A66158 4B4D04C4
33FE9E09 C82A76CD F63B13CC 0901AB8A 60D739DA 9B0FF35A 0A71529F 70B75C0F
8F012B28 F979C9E6 66FDD951 97478D5B ACFCF8E6 B7786CDD 0593B48A FC551254
F3452830 685FB60B 7BDEF67B C689FA
quit
username Cisco privilege 15 password 7 02050D480809
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm
!
encryption vlan 2 mode ciphers aes-ccm tkip
!
encryption vlan 50 mode ciphers aes-ccm tkip
!
encryption vlan 200 mode ciphers aes-ccm tkip
!
encryption vlan 201 mode ciphers aes-ccm tkip
!
ssid SATX-Internet
!
mbssid
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
antenna gain 0
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 port-protected
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
bridge-group 2 spanning-disabled
!
interface Dot11Radio0.50
encapsulation dot1Q 50
no ip route-cache
bridge-group 50
bridge-group 50 subscriber-loop-control
bridge-group 50 block-unknown-source
no bridge-group 50 source-learning
no bridge-group 50 unicast-flooding
bridge-group 50 spanning-disabled
!
interface Dot11Radio0.200
encapsulation dot1Q 200
no ip route-cache
bridge-group 200
bridge-group 200 subscriber-loop-control
bridge-group 200 block-unknown-source
no bridge-group 200 source-learning
no bridge-group 200 unicast-flooding
bridge-group 200 spanning-disabled
!
interface Dot11Radio0.201
encapsulation dot1Q 201
no ip route-cache
bridge-group 201
bridge-group 201 subscriber-loop-control
bridge-group 201 block-unknown-source
no bridge-group 201 source-learning
no bridge-group 201 unicast-flooding
bridge-group 201 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
!
interface FastEthernet0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
no bridge-group 2 source-learning
bridge-group 2 spanning-disabled
!
interface FastEthernet0.50
encapsulation dot1Q 50
no ip route-cache
bridge-group 50
no bridge-group 50 source-learning
bridge-group 50 spanning-disabled
!
interface FastEthernet0.200
encapsulation dot1Q 200
no ip route-cache
bridge-group 200
no bridge-group 200 source-learning
bridge-group 200 spanning-disabled
!
interface FastEthernet0.201
encapsulation dot1Q 201
no ip route-cache
bridge-group 201
no bridge-group 201 source-learning
bridge-group 201 spanning-disabled
!
interface BVI1
ip address 10.40.100.201 255.255.255.0
no ip route-cache
!
ip default-gateway 10.40.100.254
no ip http server
ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
snmp-server community kn3lmgmt RO
snmp-server location SATX
snmp-server contact prodtechopsalerts@turnsys.com
bridge 1 route ip
!
!
banner login ^CC5
===============================================================================
-------------------------------------------------------------------------------
RT - PRODUCTION SYSTEM - GO AWAY
-------------------------------------------------------------------------------
This is a private computer system.
===============================================================================
^C
!
line con 0
line vty 0 4
login local
!
no exception crashinfo
sntp server 10.251.30.253
sntp server 10.40.100.200
end
outap-front#conf t
Enter configuration commands, one per line. End with CNTL/Z.
outap-front(config)#no sntp server 10.251.30.253
outap-front(config)#end
outap-front#write mem
Building configuration...
[OK]
outap-front#show run
Building configuration...
Current configuration : 5971 bytes
!
! Last configuration change at 13:46:16 CST Fri Feb 9 2018 by cisco
! NVRAM config last updated at 13:46:19 CST Fri Feb 9 2018 by cisco
!
version 12.3
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname outap-front
!
logging rate-limit console 9
no logging console
no logging monitor
enable secret 5 $1$lB96$.3rp3EmJ9p2KjpJh7h0.T.
!
clock timezone CST -6
ip subnet-zero
no ip domain lookup
ip domain name turnsys.net
ip name-server 10.40.50.254
!
!
no aaa new-model
dot11 syslog
dot11 vlan-name Public vlan 2
dot11 vlan-name Video vlan 201
dot11 vlan-name Voice vlan 200
dot11 vlan-name Workstations vlan 50
!
dot11 ssid SATX-Internet
vlan 50
authentication open
authentication key-management wpa
guest-mode
mbssid guest-mode dtim-period 75
wpa-psk ascii 7 070D2E43410E1C1704
!
dot11 network-map
!
crypto pki trustpoint TP-self-signed-4066931324
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-4066931324
revocation-check none
rsakeypair TP-self-signed-4066931324
!
!
crypto ca certificate chain TP-self-signed-4066931324
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 34303636 39333133 3234301E 170D3132 30313038 31363333
32325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 30363639
33313332 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100C811 9A785118 E4DAF6E4 1F1AA2BF 443A6F35 EA8A65EA 6A4768D9 C0998DD4
335F80D8 69A45641 72E6AA4F 05260247 7FCF755F C13336C0 8071A2C5 4AB23C96
BF57D1BB CD52B4F1 E7423EB8 C9482C26 3742EAFC 730A0DFF 02CEAC28 9B08F072
04960164 01CE5182 BA8898A2 AF23160D 299B87B8 E53AADB3 9233EC21 D973F636
01990203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 1444BE0D D2F9A64D 600430DB 70E4DB6E F890968D 74301D06
03551D0E 04160414 44BE0DD2 F9A64D60 0430DB70 E4DB6EF8 90968D74 300D0609
2A864886 F70D0101 04050003 81810006 C0FD3D8F 1D87A0D4 1BCD3561 BDA8713D
A72756CA 65E67BB8 6BE0F3EE 17863E60 512A1B52 900F99D1 D4A66158 4B4D04C4
33FE9E09 C82A76CD F63B13CC 0901AB8A 60D739DA 9B0FF35A 0A71529F 70B75C0F
8F012B28 F979C9E6 66FDD951 97478D5B ACFCF8E6 B7786CDD 0593B48A FC551254
F3452830 685FB60B 7BDEF67B C689FA
quit
username Cisco privilege 15 password 7 02050D480809
!
bridge irb
!
!
interface Dot11Radio0
no ip address
no ip route-cache
!
encryption mode ciphers aes-ccm
!
encryption vlan 2 mode ciphers aes-ccm tkip
!
encryption vlan 50 mode ciphers aes-ccm tkip
!
encryption vlan 200 mode ciphers aes-ccm tkip
!
encryption vlan 201 mode ciphers aes-ccm tkip
!
ssid SATX-Internet
!
mbssid
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
station-role root
antenna gain 0
bridge-group 1
bridge-group 1 subscriber-loop-control
bridge-group 1 block-unknown-source
no bridge-group 1 source-learning
no bridge-group 1 unicast-flooding
bridge-group 1 spanning-disabled
!
interface Dot11Radio0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
bridge-group 2 subscriber-loop-control
bridge-group 2 port-protected
bridge-group 2 block-unknown-source
no bridge-group 2 source-learning
no bridge-group 2 unicast-flooding
bridge-group 2 spanning-disabled
!
interface Dot11Radio0.50
encapsulation dot1Q 50
no ip route-cache
bridge-group 50
bridge-group 50 subscriber-loop-control
bridge-group 50 block-unknown-source
no bridge-group 50 source-learning
no bridge-group 50 unicast-flooding
bridge-group 50 spanning-disabled
!
interface Dot11Radio0.200
encapsulation dot1Q 200
no ip route-cache
bridge-group 200
bridge-group 200 subscriber-loop-control
bridge-group 200 block-unknown-source
no bridge-group 200 source-learning
no bridge-group 200 unicast-flooding
bridge-group 200 spanning-disabled
!
interface Dot11Radio0.201
encapsulation dot1Q 201
no ip route-cache
bridge-group 201
bridge-group 201 subscriber-loop-control
bridge-group 201 block-unknown-source
no bridge-group 201 source-learning
no bridge-group 201 unicast-flooding
bridge-group 201 spanning-disabled
!
interface FastEthernet0
no ip address
no ip route-cache
duplex auto
speed auto
bridge-group 1
no bridge-group 1 source-learning
!
interface FastEthernet0.2
encapsulation dot1Q 2
no ip route-cache
bridge-group 2
no bridge-group 2 source-learning
bridge-group 2 spanning-disabled
!
interface FastEthernet0.50
encapsulation dot1Q 50
no ip route-cache
bridge-group 50
no bridge-group 50 source-learning
bridge-group 50 spanning-disabled
!
interface FastEthernet0.200
encapsulation dot1Q 200
no ip route-cache
bridge-group 200
no bridge-group 200 source-learning
bridge-group 200 spanning-disabled
!
interface FastEthernet0.201
encapsulation dot1Q 201
no ip route-cache
bridge-group 201
no bridge-group 201 source-learning
bridge-group 201 spanning-disabled
!
interface BVI1
ip address 10.40.100.201 255.255.255.0
no ip route-cache
!
ip default-gateway 10.40.100.254
no ip http server
ip http secure-server
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
!
snmp-server community kn3lmgmt RO
snmp-server location SATX
snmp-server contact prodtechopsalerts@turnsys.com
bridge 1 route ip
!
!
banner login ^CC5
===============================================================================
-------------------------------------------------------------------------------
RT - PRODUCTION SYSTEM - GO AWAY
-------------------------------------------------------------------------------
This is a private computer system.
===============================================================================
^C
!
line con 0
line vty 0 4
login local
!
no exception crashinfo
sntp server 10.40.100.200
sntp server 10.253.3.201
sntp server 10.251.30.71
end

1635
mtp-configs/satx-corertr01.satx.turnsys.net
View File

File diff suppressed because it is too large Load Diff

1685
mtp-configs/satx-corertr01.turnsys.net
View File

File diff suppressed because it is too large Load Diff

160
mtp-configs/satx-prodsw1.satx.turnsys.net
View File

@@ -1,160 +0,0 @@
interface ethernet g1
description satx-prodsw2
exit
interface ethernet g2
description satx-prodsw3
exit
interface ethernet g3
description satx-tsyssw1
exit
interface ethernet g4
description unknown
exit
interface ethernet g5
description SW03
exit
interface ethernet g6
description joesWorkstation-sw05
exit
interface ethernet g7
description NWU01
exit
interface range ethernet g(19-22)
description rrkvm
exit
interface ethernet g23
description pfvsvr01
exit
port jumbo-frame
interface range ethernet g(1-3,23-24)
switchport mode trunk
exit
vlan database
vlan 2-12,22,30,50,100,170-171,200-201
exit
interface range ethernet g(1-3,23-24)
switchport trunk allowed vlan add 2
exit
interface range ethernet g(1-3,23-24)
switchport trunk allowed vlan add 3
exit
interface range ethernet g(1-3,23-24)
switchport trunk allowed vlan add 4
exit
interface range ethernet g(1-3,23-24)
switchport trunk allowed vlan add 5
exit
interface range ethernet g(1-3,23-24)
switchport trunk allowed vlan add 6
exit
interface range ethernet g(1-3,23-24)
switchport trunk allowed vlan add 7
exit
interface ethernet g8
switchport access vlan 8
exit
interface range ethernet g(1-3,23-24)
switchport trunk allowed vlan add 8
exit
interface range ethernet g(1-3,23-24)
switchport trunk allowed vlan add 9
exit
interface range ethernet g(1-3,23-24)
switchport trunk allowed vlan add 10
exit
interface range ethernet g(1-3,23-24)
switchport trunk allowed vlan add 11
exit
interface range ethernet g(1-3,23-24)
switchport trunk allowed vlan add 12
exit
interface range ethernet g(1-3,23-24)
switchport trunk allowed vlan add 22
exit
interface range ethernet g(1-3,23-24)
switchport trunk allowed vlan add 30
exit
interface range ethernet g(4-7)
switchport access vlan 50
exit
interface range ethernet g(1-3,23-24)
switchport trunk allowed vlan add 50
exit
interface range ethernet g(1-3,23-24)
switchport trunk allowed vlan add 100
exit
interface range ethernet g(1-3,23-24)
switchport trunk allowed vlan add 170
exit
interface range ethernet g(1-3,23-24)
switchport trunk allowed vlan add 171
exit
interface range ethernet g(1-3,23-24)
switchport trunk allowed vlan add 200
exit
interface range ethernet g(1-3,23-24)
switchport trunk allowed vlan add 201
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
interface range ethernet g(4-5)
negotiation 100f
exit
interface ethernet g6
negotiation 1000f
exit
iscsi target port 860 address 0.0.0.0
iscsi target port 3260 address 0.0.0.0
interface vlan 100
ip address 10.40.100.250 255.255.255.0
exit
ip default-gateway 10.40.100.254
hostname satx-prodsw1
logging 10.253.3.99
username admin password a9166ce242b34acf0afb80b1092536bd level 15 encrypted
snmp-server location satx
snmp-server community kn3l rw 10.253.3.77 view DefaultSuper
snmp-server community kn3lmgmt ro view Default
clock timezone -6
sntp client poll timer 120
sntp unicast client enable
sntp server 10.40.100.200
sntp server 10.251.30.71
sntp server 10.253.3.201
ip domain-name turnsys.net
Default settings:
Service tag: CBRWFH1
SW version 2.0.0.35 (date 27-Jan-2009 time 18:13:34)
Gigabit Ethernet Ports
=============================
no shutdown
speed 1000
duplex full
negotiation
flow-control off
mdix auto
no back-pressure
interface vlan 1
interface port-channel 1 - 8
spanning-tree
spanning-tree mode STP
qos basic
qos trust cos

166
mtp-configs/satx-prodsw3.satx.turnsys.net
View File

@@ -1,166 +0,0 @@
!
! Last configuration change at 20:06:32 UTC Fri Feb 9 2018 by cisco
! NVRAM config last updated at 20:06:34 UTC Fri Feb 9 2018 by cisco
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname satx-prodsw3
!
aaa new-model
enable secret 5 $1$QKJ2$YHSuwlCO4m1NkQwYYXVza.
enable password 7 13061E010803
!
username cisco privilege 15 password 7 02050D480809
!
!
!
!
!
ip subnet-zero
ip name-server 10.40.100.200
!
!
!
interface FastEthernet0/1
description UPLINK TO SATXLANSW01-0/18
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/2
description nwu03
switchport trunk encapsulation dot1q
switchport trunk native vlan 100
switchport mode trunk
!
interface FastEthernet0/3
description vaultcam
switchport access vlan 201
switchport trunk encapsulation dot1q
switchport trunk native vlan 100
!
interface FastEthernet0/4
description gpspi
switchport access vlan 100
!
interface FastEthernet0/5
description trendnet-poe-camsw
switchport access vlan 201
spanning-tree portfast
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
description satx-house
switchport access vlan 2
spanning-tree portfast
!
interface FastEthernet0/23
description labcam
switchport access vlan 201
spanning-tree portfast
!
interface FastEthernet0/24
description satx-infrabox
switchport access vlan 100
switchport trunk encapsulation dot1q
spanning-tree portfast
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface VLAN1
no ip directed-broadcast
no ip route-cache
shutdown
!
interface VLAN2
description public
no ip directed-broadcast
no ip route-cache
shutdown
!
interface VLAN50
description workstations
no ip directed-broadcast
no ip route-cache
shutdown
!
interface VLAN100
description mgmt
ip address 10.40.100.252 255.255.255.0
no ip directed-broadcast
no ip route-cache
!
interface VLAN200
description voip
no ip directed-broadcast
no ip route-cache
shutdown
!
interface VLAN201
description video
no ip directed-broadcast
no ip route-cache
shutdown
!
ip default-gateway 10.40.100.254
logging 10.253.3.99
access-list 93 remark NTP access
access-list 93 deny any log
snmp-server engineID local 00000009020000053274C2C0
snmp-server community kn3lmgmt RO
snmp-server location SATX
snmp-server enable traps snmp authentication linkdown linkup coldstart
snmp-server host 10.253.3.99 trap kn3lmgmt
!
line con 0
transport input none
stopbits 1
line vty 0 4
password 7 01100F175804
line vty 5 15
!
ntp clock-period 11258997
ntp access-group peer 93
ntp access-group serve 93
ntp access-group serve-only 93
ntp server 10.253.3.201
ntp server 10.40.100.200
ntp server 10.251.30.71
end

160
mtp-configs/satx-rr-rtr.satx.turnsys.net
View File

@@ -1,160 +0,0 @@
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname satx-rr-rtr
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 $1$4vT2$7i6iJRSZXXci8rhRQ3Pn40
enable password c0l0rad0
!
no aaa new-model
!
!
!
dot11 syslog
!
flow exporter toolbox9995
description Exports to Toolbox/nfsen
destination 10.253.3.99
template data timeout 300
!
!
flow monitor toolbox
record netflow ipv4 original-input
exporter toolbox9995
cache timeout active 300
!
ip source-route
no ip routing
!
!
no ip cef
!
!
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
!
!
!
!
!
archive
log config
hidekeys
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.40.100.210 255.255.255.0
ip flow monitor toolbox input
ip flow monitor toolbox output
no ip route-cache
duplex full
speed auto
no mop enabled
!
interface FastEthernet0/1
no ip address
ip flow monitor toolbox input
ip flow monitor toolbox output
no ip route-cache
shutdown
duplex auto
speed auto
!
interface Serial0/1/0
no ip address
no ip route-cache
shutdown
no fair-queue
clock rate 2000000
!
interface Serial0/1/1
no ip address
no ip route-cache
shutdown
clock rate 2000000
!
ip default-gateway 10.40.100.254
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
logging 10.253.3.99
access-list 93 remark NTP access
access-list 93 deny any log
!
!
!
!
!
snmp-server community kn3lmgmt RO
snmp-server location satx
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
exec-timeout 15 0
password c0l0rad0
login
line vty 5 15
exec-timeout 15 0
login
!
scheduler allocate 20000 1000
ntp access-group peer 93
ntp access-group serve 93
ntp access-group serve-only 93
ntp server 10.251.30.71
ntp server 10.40.100.200
ntp server 10.253.3.201
end

163
mtp-configs/satx-tsyscoresw1.satx.turnsys.net
View File

@@ -1,163 +0,0 @@
interface ethernet g1
description unused
exit
interface range ethernet g(2-3)
description tsys-cn2
exit
interface ethernet g4
description tsys-cn4
exit
interface ethernet g5
description satx-consrv1
exit
interface ethernet g6
description rr-zeroinstrtr
exit
interface range ethernet g(7,12)
description PGSLED
exit
interface ethernet g8
description shallowblue
exit
interface ethernet g9
description galielo
exit
interface ethernet g10
description ap1
exit
interface ethernet g11
description ap2
exit
interface ethernet g13
description ap4
exit
interface ethernet g14
description ap5
exit
interface ethernet g15
description ap6
exit
interface ethernet g16
description ap7
exit
interface ethernet g17
description ap8
exit
interface ethernet g18
description ap9
exit
interface ethernet g19
description ap10
exit
interface ethernet g20
description octopi
exit
interface ethernet g21
description available
exit
interface ethernet g22
description auslab-ips(mgmt)
exit
interface ethernet g23
description ps3(mgmt)
exit
interface ethernet g24
description "satx-rtr01 fe0/0"
exit
interface range ethernet g(1-4,8,17-18,24)
switchport mode trunk
exit
vlan database
vlan 2-8,60-70,100
exit
interface range ethernet g(7,9,11,20-21,23)
switchport access vlan 2
exit
interface range ethernet g(1,3-4,8,17-18,24)
switchport trunk allowed vlan add 2
exit
interface range ethernet g(13-14,16)
switchport access vlan 3
exit
interface range ethernet g(1,3-4,8,17-18,24)
switchport trunk allowed vlan add 3
exit
interface range ethernet g(1,3-4,8,17-18,24)
switchport trunk allowed vlan add 4
exit
interface range ethernet g(1,3-4,8,17-18,24)
switchport trunk allowed vlan add 5
exit
interface range ethernet g(1,3-4,8,17-18,24)
switchport trunk allowed vlan add 6
exit
interface range ethernet g(1,3-4,8,17-18,24)
switchport trunk allowed vlan add 7
exit
interface range ethernet g(1,3-4,8,17-18,24)
switchport trunk allowed vlan add 8
exit
interface range ethernet g(1,3-4,8,24)
switchport trunk allowed vlan add 60
exit
interface range ethernet g(1,3-4,8,24)
switchport trunk allowed vlan add 61
exit
interface range ethernet g(1,3-4,8,24)
switchport trunk allowed vlan add 62
exit
interface range ethernet g(1,3-4,8,24)
switchport trunk allowed vlan add 63
exit
interface range ethernet g(1,3-4,8,24)
switchport trunk allowed vlan add 64
exit
interface range ethernet g(1,3-4,8,24)
switchport trunk allowed vlan add 65
exit
interface range ethernet g(1,3-4,8,24)
switchport trunk allowed vlan add 66
exit
interface range ethernet g(1,3-4,8,24)
switchport trunk allowed vlan add 67
exit
interface range ethernet g(1,3-4,8,24)
switchport trunk allowed vlan add 68
exit
interface range ethernet g(1,3-4,8,24)
switchport trunk allowed vlan add 69
exit
interface range ethernet g(1,3-4,8,24)
switchport trunk allowed vlan add 70
exit
interface range ethernet g(5-6,15,22)
switchport access vlan 100
exit
interface range ethernet g(1-4,24)
switchport trunk allowed vlan add 100
exit
interface vlan 70
name Storage
exit
interface vlan 100
ip address 10.40.100.249 255.255.255.0
exit
ip default-gateway 10.40.100.254
hostname satx-tsyscoresw1
line ssh
exec-timeout 0
exit
username admin password c5446cf68968ea534bceadd492e0477a level 15 encrypted
ip ssh server
snmp-server community kn3lmgmt ro
snmp-server location SATX
snmp-server contact prodtechopsalerts@turnsys.com
clock timezone -6 zone utc
clock source sntp
sntp client poll timer 60
sntp unicast client enable
sntp unicast client poll
sntp server 10.40.100.200
sntp server 10.251.30.71
sntp server 10.253.3.201

0
scripts/auto-netdata-install.sh Executable file → Normal file
View File

114
slack-dist/bin/distro
View File

@@ -1,114 +0,0 @@
#!/bin/bash
# Detects which OS and if it is Linux then it will detect which Linux Distribution.
OS=`uname -s`
REV=`uname -r`
MACH=`uname -m`
if [ "${OS}" = "SunOS" ] ; then
OS=Solaris
ARCH=`uname -p`
OSSTR="${OS} ${REV}(${ARCH} `uname -v`)"
elif [ "${OS}" = "AIX" ] ; then
OSSTR="${OS} `oslevel` (`oslevel -r`)"
elif [ "${OS}" = "Linux" ] ; then
KERNEL=`uname -r`
if [ -f /etc/fedora-release ]; then
DIST=$(cat /etc/fedora-release | awk '{print $1}')
REV=`cat /etc/fedora-release | sed s/.*release\ // | sed s/\ .*//`
elif [ -f /etc/redhat-release ] ; then
DIST=$(cat /etc/redhat-release | awk '{print $1}')
if [ "${DIST}" = "CentOS" ]; then
DIST="CentOS"
elif [ "${DIST}" = "Mandriva" ]; then
DIST="Mandriva"
PSEUDONAME=`cat /etc/mandriva-release | sed s/.*\(// | sed s/\)//`
REV=`cat /etc/mandriva-release | sed s/.*release\ // | sed s/\ .*//`
elif [ -f /etc/oracle-release ]; then
DIST="Oracle"
else
DIST="RedHat"
fi
PSEUDONAME=`cat /etc/redhat-release | sed s/.*\(// | sed s/\)//`
REV=`cat /etc/redhat-release | sed s/.*release\ // | sed s/\ .*//`
elif [ -f /etc/mandrake-release ] ; then
DIST='Mandrake'
PSEUDONAME=`cat /etc/mandrake-release | sed s/.*\(// | sed s/\)//`
REV=`cat /etc/mandrake-release | sed s/.*release\ // | sed s/\ .*//`
elif [ -f /etc/devuan_version ] ; then
DIST="Devuan `cat /etc/devuan_version`"
REV=""
elif [ -f /etc/debian_version ] ; then
DIST="Debian `cat /etc/debian_version`"
REV=""
ID=`lsb_release -i | awk -F ':' '{print $2}' | sed 's/ //g'`
if [ "${ID}" = "Raspbian" ] ; then
DIST="Raspbian `cat /etc/debian_version`"
fi
elif [ -f /etc/gentoo-release ] ; then
DIST="Gentoo"
REV=$(tr -d '[[:alpha:]]' </etc/gentoo-release | tr -d " ")
elif [ -f /etc/arch-release ] ; then
DIST="Arch Linux"
REV="" # Omit version since Arch Linux uses rolling releases
IGNORE_LSB=1 # /etc/lsb-release would overwrite $REV with "rolling"
elif [ -f /etc/os-release ] ; then
DIST=$(grep '^NAME=' /etc/os-release | cut -d= -f2- | tr -d '"')
REV=$(grep '^VERSION_ID=' /etc/os-release | cut -d= -f2- | tr -d '"')
elif [ -f /etc/openwrt_version ] ; then
DIST="OpenWrt"
REV=$(cat /etc/openwrt_version)
elif [ -f /etc/pld-release ] ; then
DIST=$(cat /etc/pld-release)
REV=""
elif [ -f /etc/SuSE-release ] ; then
DIST=$(echo SLES $(grep VERSION /etc/SuSE-release | cut -d = -f 2 | tr -d " "))
REV=$(echo SP$(grep PATCHLEVEL /etc/SuSE-release | cut -d = -f 2 | tr -d " "))
fi
if [ -f /etc/lsb-release -a "${IGNORE_LSB}" != 1 ] ; then
LSB_DIST=$(lsb_release -si)
LSB_REV=$(lsb_release -sr)
if [ "$LSB_DIST" != "" ] ; then
DIST=$LSB_DIST
fi
if [ "$LSB_REV" != "" ] ; then
REV=$LSB_REV
fi
fi
if [ "`uname -a | awk '{print $(NF)}'`" = "DD-WRT" ] ; then
DIST="dd-wrt"
fi
if [ -n "${REV}" ]
then
OSSTR="${DIST} ${REV}"
else
OSSTR="${DIST}"
fi
elif [ "${OS}" = "Darwin" ] ; then
if [ -f /usr/bin/sw_vers ] ; then
OSSTR=`/usr/bin/sw_vers|grep -v Build|sed 's/^.*:.//'| tr "\n" ' '`
fi
elif [ "${OS}" = "FreeBSD" ] ; then
OSSTR=`/usr/bin/uname -mior`
fi
echo ${OSSTR}

95
slack-dist/bin/slackInstall.sh
View File

@@ -1,95 +0,0 @@
#!/bin/bash
#TSYS Slack installer
#Use as a reference for other TSYS scripts
#######################################################################################################################################################
#Global variables
#######################################################################################################################################################
export MGMT_INT="$(netstat -rn |grep 0.0.0.0|awk '{print $NF}' |head -n1 )"
export MGMT_IP="$(ifconfig $MGMT_INT |grep inet|awk '{print $2}'|head -n1)"
export DIST_SERVER="https://techops.turnsys.net/"
export DIST_ROOT_PATH="slack-dist"
#######################################################################################################################################################
#Execution begins
#######################################################################################################################################################
#######################################################################################################################################################
#Step 1. determine server type and site
#######################################################################################################################################################
#Will be useful later when we have fleets of kvm/lxc etc machines, commented out for now.
#if [ $(hostname -s|egrep -i -c -E 'ts|ts[0-9]|ts[0-9][0-9]|ts[0-9][0-9][0-9]|linux') -eq 1 ]; then
#export server_type=ts
#fi
#if [ $(hostname -s|egrep -c -E 'cvm') -eq 1 ]; then
#export server_type=cvm
#fi
#case $server_type in
# abc)
# export SERVER_TYPE="abc"
# ;;
# xxx)
# export SERVER_TYPE="xxx"
# ;;
# yyy)
# export SERVER_TYPE="yyy"
# ;;
# *)
# export SERVER_TYPE="prod"
# ;;
#esac
export SERVER_TYPE="prod"
#######################################################################################################################################################
#Step 2: Fixup the /etc/hosts file
#######################################################################################################################################################
#Static /etc/hosts bits
#cat > /etc/hosts << HOSTFILESTATIC
#127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
#::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
#HOSTFILESTATIC
#Dynamic /etc/hosts bits
#cat >> /etc/hosts <<HOSTFILEDYNAMIC
#127.0.1.1 $(hostname) $(hostname -s)
#$MGMT_IP $(hostname) $(hostname -s)
#HOSTFILEDYNAMIC
#######################################################################################################################################################
#Step 3: Grab slack runtime bits and deploy slack
#######################################################################################################################################################
curl --insecure -q $DIST_SERVER/$DIST_ROOT_PATH/bin/distro > /usr/bin/distro
chmod +x /usr/bin/distro
apt-get -y install make perl rsync
mkdir /tmp/slackDist
wget --quiet --no-check-certificate $DIST_SERVER/$DIST_ROOT_PATH/slackDist.tar.gz -O /tmp/slackDist/slackDist.tar.gz
cd /tmp/slackDist
tar xvfz slackDist.tar.gz
make install
cd /tmp
rm -rf slackDist
mkdir /root/.ssh
chmod 700 /root/.ssh
chown -R root:root /root/.ssh
echo "Server type:" $SERVER_TYPE
wget --quiet --no-check-certificate $DIST_SERVER/$DIST_ROOT_PATH/env/$SERVER_TYPE/SlackConfig-$SERVER_TYPE.config -O /etc/slack.conf
wget --quiet --no-check-certificate $DIST_SERVER/$DIST_ROOT_PATH/env/$SERVER_TYPE/SlackSSH-$SERVER_TYPE.config -O /root/.ssh/config
wget --quiet --no-check-certificate $DIST_SERVER/$DIST_ROOT_PATH/env/$SERVER_TYPE/SlackSSH-$SERVER_TYPE.key -O /root/.ssh/SlackSSH-$SERVER_TYPE.key
chmod 400 /root/.ssh/SlackSSH-$SERVER_TYPE.key
chmod 400 /root/.ssh/config

39
slack-dist/dist/Makefile vendored
View File

@@ -1,39 +0,0 @@
# Makefile for slack/src
# $Id: Makefile 187 2008-03-03 02:00:18Z alan $
include Makefile.common
BACKENDS = slack-getroles slack-installfiles slack-runscript slack-sync slack-stage slack-rolediff
all:
install: install-bin install-conf install-lib install-man
install-bin: all
$(MKDIR) $(DESTDIR)$(sbindir)
$(INSTALL) slack $(DESTDIR)$(sbindir)
$(MKDIR) $(DESTDIR)$(bindir)
$(INSTALL) slack-diff $(DESTDIR)$(bindir)
$(MKDIR) $(DESTDIR)$(slack_libexecdir)
@set -ex;\
for i in $(BACKENDS); do \
$(INSTALL) $$i $(DESTDIR)$(slack_libexecdir); done
$(INSTALL) -d -m $(PRIVDIRMODE) $(DESTDIR)$(slack_localstatedir)
$(INSTALL) -d -m $(PRIVDIRMODE) $(DESTDIR)$(slack_localcachedir)
install-conf: all
$(MKDIR) $(DESTDIR)$(sysconfdir)
$(INSTALL) -m 0644 slack.conf $(DESTDIR)$(sysconfdir)
install-lib: all
$(MKDIR) $(DESTDIR)$(slack_libdir)
$(INSTALL) -m 0644 Slack.pm $(DESTDIR)$(slack_libdir)
install-man: all
clean:
realclean: clean
distclean: clean
test:

27
slack-dist/dist/Makefile.common vendored
View File

@@ -1,27 +0,0 @@
# Common code included in every Makefile
# $Id: Makefile.common 189 2008-04-21 00:52:56Z sundell $
PACKAGE=slack
VERSION=0.15.2
DESTDIR =
prefix = /
exec_prefix = /usr
sysconfdir = ${prefix}/etc
mandir = ${exec_prefix}/share/man
bindir = ${exec_prefix}/bin
sbindir = ${exec_prefix}/sbin
libdir = ${exec_prefix}/lib
libexecdir = ${exec_prefix}/lib
localstatedir = ${prefix}/var
slack_libdir = ${libdir}/slack
slack_libexecdir = ${libexecdir}/slack
slack_localstatedir = ${localstatedir}/lib/slack
slack_localcachedir = ${localstatedir}/cache/slack
INSTALL = install
MKDIR = mkdir -p
PRIVDIRMODE = 0700

371
slack-dist/dist/Slack.pm vendored
View File

@@ -1,371 +0,0 @@
# $Id: Slack.pm 189 2008-04-21 00:52:56Z sundell $
# vim:sw=2
# vim600:fdm=marker
# Copyright (C) 2004-2008 Alan Sundell <alan@sundell.net>
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
# See the file COPYING for details.
package Slack;
require 5.006;
use strict;
use Carp qw(cluck confess croak);
use File::Find;
use POSIX qw(WIFEXITED WEXITSTATUS WIFSIGNALED WTERMSIG);
use base qw(Exporter);
use vars qw($VERSION @EXPORT @EXPORT_OK $DEFAULT_CONFIG_FILE);
$VERSION = '0.15.2';
@EXPORT = qw();
@EXPORT_OK = qw();
$DEFAULT_CONFIG_FILE = '/etc/slack.conf';
my $term;
my @default_options = (
'help|h|?',
'version',
'verbose|v+',
'quiet',
'config|C=s',
'source|s=s',
'rsh|e=s',
'cache|c=s',
'stage|t=s',
'root|r=s',
'dry-run|n',
'backup|b',
'backup-dir=s',
'hostname|H=s',
);
sub default_usage ($) {
my ($synopsis) = @_;
return <<EOF;
Usage: $synopsis
Options:
-h, -?, --help
Print this help message and exit.
--version
Print the version number and exit.
-v, --verbose
Be verbose.
--quiet
Don't be verbose (Overrides previous uses of --verbose)
-C, --config FILE
Use this config file instead of '$DEFAULT_CONFIG_FILE'.
-s, --source DIR
Source for slack files
-e, --rsh COMMAND
Remote shell for rsync
-c, --cache DIR
Local cache directory for slack files
-t, --stage DIR
Local staging directory for slack files
-r, --root DIR
Root destination for slack files
-n, --dry-run
Don't write any files to disk -- just report what would have been done.
-b, --backup
Make backups of existing files in ROOT that are overwritten.
--backup-dir DIR
Put backups into this directory.
-H, --hostname HOST
Pretend to be running on HOST, instead of the name given by
gethostname(2).
EOF
}
# Read options from a config file. Arguments:
# file => config file to read
# opthash => hashref in which to store the options
# verbose => whether to be verbose
sub read_config (%) {
my %arg = @_;
my ($config_fh);
local $_;
confess "Slack::read_config: no config file given"
if not defined $arg{file};
$arg{opthash} = {}
if not defined $arg{opthash};
open($config_fh, '<', $arg{file})
or confess "Could not open config file '$arg{file}': $!";
# Make this into a hash so we can quickly see if we're looking
# for a particular option
my %looking_for;
if (ref $arg{options} eq 'ARRAY') {
%looking_for = map { $_ => 1 } @{$arg{options}};
}
while(<$config_fh>) {
chomp;
s/#.*//; # delete comments
s/\s+$//; # delete trailing spaces
next if m/^$/; # skip empty lines
if (m/^[A-Z_]+=\S+/) {
my ($key, $value) = split(/=/, $_, 2);
$key =~ tr/A-Z_/a-z-/;
# Only set options we're looking for
next if (%looking_for and not $looking_for{$key});
# Don't set options that are already set
next if defined $arg{opthash}->{$key};
$arg{verbose} and print STDERR "Slack::read_config: Setting '$key' to '$value'\n";
$arg{opthash}->{$key} = $value;
} else {
cluck "Slack::read_config: Garbage line '$_' in '$arg{file}' line $. ignored";
}
}
close($config_fh)
or confess "Slack::read_config: Could not close config file: $!";
# The verbose option is treated specially in so many places that
# we need to make sure it's defined.
$arg{opthash}->{verbose} ||= 0;
return $arg{opthash};
}
# Just get the exit code from a command that failed.
# croaks if anything weird happened.
sub get_system_exit (@) {
my @command = @_;
if (WIFEXITED($?)) {
my $exit = WEXITSTATUS($?);
return $exit if $exit;
}
if (WIFSIGNALED($?)) {
my $sig = WTERMSIG($?);
croak "'@command' caught sig $sig";
}
if ($!) {
croak "Syserr on system '@command': $!";
}
croak "Unknown error on '@command'";
}
sub check_system_exit (@) {
my @command = @_;
my $exit = get_system_exit(@command);
# Exit is non-zero if get_system_exit() didn't croak.
croak "'@command' exited $exit";
}
# get options from the command line and the config file
# Arguments
# opthash => hashref in which to store options
# usage => usage statement
# required_options => arrayref of options to require -- an exception
# will be thrown if these options are not defined
# command_line_hash => store options specified on the command line here
sub get_options {
my %arg = @_;
use Getopt::Long;
Getopt::Long::Configure('bundling');
if (not defined $arg{opthash}) {
$arg{opthash} = {};
}
if (not defined $arg{usage}) {
$arg{usage} = default_usage($0);
}
my @extra_options = (); # extra arguments to getoptions
if (defined $arg{command_line_options}) {
@extra_options = @{$arg{command_line_options}};
}
# Make a --quiet function that turns off verbosity
$arg{opthash}->{quiet} = sub { $arg{opthash}->{verbose} = 0; };
unless (GetOptions($arg{opthash},
@default_options,
@extra_options,
)) {
print STDERR $arg{usage};
exit 1;
}
if ($arg{opthash}->{help}) {
print $arg{usage};
exit 0;
}
if ($arg{opthash}->{version}) {
print "slack version $VERSION\n";
exit 0;
}
# Get rid of the quiet handler
delete $arg{opthash}->{quiet};
# If we've been given a hashref, save our options there at this
# stage, so the caller can see what was passed on the command line.
# Unfortunately, perl has no .replace function, so we iterate.
if (ref $arg{command_line_hash} eq 'HASH') {
while (my ($k, $v) = each %{$arg{opthash}}) {
$arg{command_line_hash}->{$k} = $v;
}
}
# Use the default config file
if (not defined $arg{opthash}->{config}) {
$arg{opthash}->{config} = $DEFAULT_CONFIG_FILE;
}
# We need to decide whether to be verbose about reading the config file
# Currently we just do it if global verbosity > 2
my $verbose_config = 0;
if (defined $arg{opthash}->{verbose}
and $arg{opthash}->{verbose} > 2) {
$verbose_config = 1;
}
# Read options from the config file, passing along the options we've
# gotten so far
read_config(
file => $arg{opthash}->{config},
opthash => $arg{opthash},
verbose => $verbose_config,
);
# The "verbose" option gets compared a lot and needs to be defined
$arg{opthash}->{verbose} ||= 0;
# The "hostname" option is set specially if it's not defined
if (not defined $arg{opthash}->{hostname}) {
use Sys::Hostname;
$arg{opthash}->{hostname} = hostname;
}
# We can require some options to be set
if (ref $arg{required_options} eq 'ARRAY') {
for my $option (@{$arg{required_options}}) {
if (not defined $arg{opthash}->{$option}) {
croak "Required option '$option' not given on command line or specified in config file!\n";
}
}
}
return $arg{opthash};
}
sub prompt ($) {
my ($prompt) = @_;
if (not defined $term) {
require Term::ReadLine;
$term = new Term::ReadLine 'slack'
}
$term->readline($prompt);
}
# Calls the callback on absolute pathnames of files in the source directory,
# and also on names of directories that don't exist in the destination
# directory (i.e. where $source/foo exists but $destination/foo does not).
sub find_files_to_install ($$$) {
my ($source, $destination, $callback) = @_;
return find ({
wanted => sub {
if (-l or not -d _) {
# Copy all files, links, etc
my $file = $File::Find::name;
&$callback($file);
} elsif (-d _) {
# For directories, we only want to copy it if it doesn't
# exist in the destination yet.
my $dir = $File::Find::name;
# We know the root directory will exist (we make it above),
# so skip the base of the source
(my $short_source = $source) =~ s#/$##;
return if $dir eq $short_source;
# Strip the $source from the path,
# so we can build the destination dir from it.
my $subdir = $dir;
($subdir =~ s#^$source##)
or croak "sub failed: $source|$subdir";
if (not -d "$destination/$subdir") {
&$callback($dir);
}
}
}
},
$source,
);
}
# Runs rsync with the necessary redirection to its filehandles
sub wrap_rsync (@) {
my @command = @_;
my ($pid);
if ($pid = fork) {
# Parent
} elsif (defined $pid) {
# Child
open(STDIN, "<", "/dev/null")
or die "Could not redirect STDIN from /dev/null\n";
# This redirection is necessary because rsync sends
# verbose output to STDOUT
open(STDOUT, ">&STDERR")
or die "Could not redirect STDOUT to STDERR\n";
exec(@command);
die "Could not exec '@command': $!\n";
} else {
die "Could not fork: $!\n";
}
my $kid = waitpid($pid, 0);
if ($kid != $pid) {
die "waitpid returned $kid\n";
} elsif ($?) {
Slack::check_system_exit(@command);
}
}
# Runs rsync with the necessary redirection to its filehandles, but also
# returns an FH to stdin and a PID.
sub wrap_rsync_fh (@) {
my @command = @_;
my ($fh, $pid);
if ($pid = open($fh, "|-")) {
# Parent
} elsif (defined $pid) {
# Child
# This redirection is necessary because rsync sends
# verbose output to STDOUT
open(STDOUT, ">&STDERR")
or die "Could not redirect STDOUT to STDERR\n";
exec(@command);
die "Could not exec '@command': $!\n";
} else {
die "Could not fork: $!\n";
}
return($fh, $pid);
}
1;

329
slack-dist/dist/slack vendored
View File

@@ -1,329 +0,0 @@
#!/usr/bin/perl -w
# $Id: slack 180 2008-01-19 08:26:19Z alan $
# vim:sw=2
# vim600:fdm=marker
# Copyright (C) 2004-2008 Alan Sundell <alan@sundell.net>
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
# See the file COPYING for details.
# This script is in charge of copying files from the (possibly remote)
# master directory to a local cache, using rsync
require 5.006;
use warnings FATAL => qw(all);
use strict;
use sigtrap qw(die untrapped normal-signals
stack-trace any error-signals);
use File::Path;
use File::Find;
use POSIX; # for strftime
use constant LIBEXEC_DIR => '/usr/lib/slack';
use constant LIB_DIR => '/usr/lib/slack';
use lib LIB_DIR;
use Slack;
sub run_backend(@);
sub run_conditional_backend($@);
(my $PROG = $0) =~ s#.*/##;
# Arguments to pass to each backends (initialized to a hash of empty arrays)
my %backend_flags = ( map { $_ => [] }
qw(getroles sync stage preview preinstall fixfiles installfiles postinstall)
);
my @roles;
########################################
# Environment
# Helpful prefix to die messages
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
# Set a reasonable umask
umask 077;
# Get out of wherever (possibly NFS-mounted) we were
chdir("/")
or die "Could not chdir /: $!";
# Autoflush on STDERR
select((select(STDERR), $|=1)[0]);
########################################
# Config and option parsing {{{
my $usage = Slack::default_usage("$PROG [options] [<role>...]");
$usage .= <<EOF;
--preview MODE
Do a diff of scripts and files before running them.
MODE can be one of 'simple' or 'prompt'.
--no-files
Don't install any files in ROOT, but tell rsync to print what
it would do.
--no-scripts
Don't run scripts.
--no-sync
Skip the slack-sync step. (useful if you're pushing stuff into
the CACHE outside of slack)
--role-list
Role list for slack-getroles
--libexec-dir DIR
Look for backend scripts in this directory.
--diff PROG
Use this diff program for previews
--sleep TIME
Randomly sleep between 1 and TIME seconds before starting
operations
EOF
# Options
my %opt = ();
# So we can distinguish stuff on the command line from config file stuff
my %command_line_opt = ();
Slack::get_options(
opthash => \%opt,
command_line_options => [
'preview=s',
'role-list=s',
'no-scripts|noscripts',
'no-files|nofiles',
'no-sync|nosync',
'libexec-dir=s',
'diff=s',
'sleep=i',
],
required_options => [ qw(source cache stage root) ],
command_line_hash => \%command_line_opt,
usage => $usage,
);
# Special options
if ($opt{'dry-run'}) {
$opt{'no-scripts'} = 1;
$opt{'no-files'} = 1;
}
if ($opt{'no-scripts'}) {
for my $action (qw(fixfiles preinstall postinstall)) {
push @{$backend_flags{$action}},
'--dry-run';
}
}
if ($opt{'no-files'}) {
push @{$backend_flags{installfiles}},
'--dry-run';
}
# propagate verbosity - 1 to all backends
if (defined $command_line_opt{'verbose'} and
$command_line_opt{'verbose'} > 1) {
for my $action (keys %backend_flags) {
push @{$backend_flags{$action}},
('--verbose') x ($command_line_opt{'verbose'} - 1);
}
}
# propagate these flags to all the backends
for my $option (qw(config root cache stage source hostname rsh)) {
if ($command_line_opt{$option}) {
for my $action (keys %backend_flags) {
push @{$backend_flags{$action}},
"--$option=$command_line_opt{$option}";
}
}
}
# getroles also can take 'role-list'
if ($command_line_opt{'role-list'}) {
push @{$backend_flags{'getroles'}},
"--role-list=$command_line_opt{'role-list'}";
}
# The libexec dir defaults to this if it wasn't specified
# on the command line or in a config file.
if (not defined $opt{'libexec-dir'}) {
$opt{'libexec-dir'} = LIBEXEC_DIR;
}
# Pass diff option along to slack-rolediff
if ($opt{'diff'}) {
push @{$backend_flags{preview}},
"--diff=$opt{'diff'}";
}
# Preview takes an optional argument. If no argument is given,
# it gets "" from getopt.
if (defined $opt{'preview'}) {
if (not grep /^$opt{'preview'}$/, qw(simple prompt)) {
die "Unknown preview mode '$opt{'preview'}'!";
}
}
# The backup option defaults to on if it wasn't specified
# on the command line or in a config file
if (not defined $opt{backup}) {
$opt{backup} = 1;
}
# Figure out a place to put backups
if ($opt{backup} and $opt{'backup-dir'}) {
push @{$backend_flags{installfiles}},
'--backup',
'--backup-dir='.
$opt{'backup-dir'}.
"/".
strftime('%F-%T', localtime(time))
;
}
# }}}
# Random sleep, helpful when called from cron.
if ($opt{sleep}) {
my $secs = int(rand($opt{sleep})) + 1;
$opt{verbose} and print STDERR "$PROG: sleep $secs\n";
sleep($secs);
}
# Get a list of roles to install from slack-getroles {{{
if (not @ARGV) {
my @command = ($opt{'libexec-dir'}.'/slack-getroles',
@{$backend_flags{'getroles'}});
$opt{verbose} and print STDERR "$PROG: getroles\n";
($opt{verbose} > 2) and print STDERR "$PROG: Calling '@command' to get a list of roles for this host.\n";
my ($roles_pid, $roles_fh);
if ($roles_pid = open($roles_fh, "-|")) {
# Parent
} elsif (defined $roles_pid) {
# Child
exec(@command);
die "Could not exec '@command': $!\n";
} else {
die "Could not fork to run '@command': $!\n";
}
@roles = split(/\s+/, join(" ", <$roles_fh>));
unless (close($roles_fh)) {
Slack::check_system_exit(@command);
}
} else {
@roles = @ARGV;
}
# }}}
# Check role name syntax {{{
for my $role (@roles) {
# Roles MUST begin with a letter. All else is reserved.
if ($role !~ m/^[a-zA-Z]/) {
die "Role '$role' does not begin with a letter!";
}
}
# }}}
$opt{verbose} and print STDERR "$PROG: installing roles: @roles\n";
unless ($opt{'no-sync'}) {
# sync all the roles down at once
$opt{verbose} and print STDERR "$PROG: sync @roles\n";
run_backend('slack-sync',
@{$backend_flags{sync}}, @roles);
}
ROLE: for my $role (@roles) {
# stage
$opt{verbose} and print STDERR "$PROG: stage files $role\n";
run_backend('slack-stage',
@{$backend_flags{stage}}, '--subdir=files', $role);
if ($opt{preview}) {
if ($opt{preview} eq 'simple') {
$opt{verbose} and print STDERR "$PROG: preview $role\n";
# Here, we run the backend in no-prompt mode.
run_conditional_backend(0, 'slack-rolediff',
@{$backend_flags{preview}}, $role);
# ...and we skip further action in the ROLE after showing the diff.
next ROLE;
} elsif ($opt{preview} eq 'prompt') {
$opt{verbose} and print STDERR "$PROG: preview scripts $role\n";
# Here, we want to prompt and just do the scripts, since
# we need to run preinstall and fixfiles before doing the files.
run_conditional_backend(1, 'slack-rolediff',
@{$backend_flags{preview}}, '--subdir=scripts', $role);
} else {
# Should get caught in option processing, above
die "Unknown preview mode!\n";
}
}
$opt{verbose} and print STDERR "$PROG: stage scripts $role\n";
run_backend('slack-stage',
@{$backend_flags{stage}}, '--subdir=scripts', $role);
# preinstall
$opt{verbose} and print STDERR "$PROG: preinstall $role\n";
run_backend('slack-runscript',
@{$backend_flags{preinstall}}, 'preinstall', $role);
# fixfiles
$opt{verbose} and print STDERR "$PROG: fixfiles $role\n";
run_backend('slack-runscript',
@{$backend_flags{fixfiles}}, 'fixfiles', $role);
# preview files
if ($opt{preview} and $opt{preview} eq 'prompt') {
$opt{verbose} and print STDERR "$PROG: preview files $role\n";
run_conditional_backend(1, 'slack-rolediff',
@{$backend_flags{preview}}, '--subdir=files', $role);
}
# installfiles
$opt{verbose} and print STDERR "$PROG: install $role\n";
run_backend('slack-installfiles',
@{$backend_flags{installfiles}}, $role);
# postinstall
$opt{verbose} and print STDERR "$PROG: postinstall $role\n";
run_backend('slack-runscript',
@{$backend_flags{postinstall}}, 'postinstall', $role);
}
exit 0;
sub run_backend (@) {
my ($backend, @args) = @_;
# If we weren't given an explicit path, prepend the libexec dir
unless ($backend =~ m#^/#) {
$backend = $opt{'libexec-dir'} . '/' . $backend;
}
# Assemble our command line
my (@command) = ($backend, @args);
($opt{verbose} > 2) and print STDERR "$PROG: Calling '@command'\n";
unless (system(@command) == 0) {
Slack::check_system_exit(@command);
}
}
sub run_conditional_backend ($@) {
my ($prompt, $backend, @args) = @_;
# If we weren't given an explicit path, prepend the libexec dir
unless ($backend =~ m#^/#) {
$backend = $opt{'libexec-dir'} . '/' . $backend;
}
# Assemble our command line
my (@command) = ($backend, @args);
($opt{verbose} > 2) and print STDERR "$PROG: Calling '@command'\n";
unless (system(@command) == 0) {
my $exit = Slack::get_system_exit(@command);
if ($exit == 1) {
# exit 1 means a difference found or something normal that requires
# a prompt before continuing.
if ($prompt) {
exit 1 unless Slack::prompt("Continue? [yN] ") eq 'y';
}
} else {
# any other non-successful exit is a serious error.
die "'@command' exited $exit";
}
}
}

514
slack-dist/dist/slack-diff vendored
View File

@@ -1,514 +0,0 @@
#!/usr/bin/perl -w
# $Id: slack-diff 122 2006-09-27 07:34:32Z alan $
# vim:sw=2
# vim600:fdm=marker
# Copyright (C) 2004-2006 Alan Sundell <alan@sundell.net>
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
# See the file COPYING for details.
#
# This script is a wrapper for diff that gives output about special files
# and file modes. (diff can only compare regular files)
require 5.006;
use warnings FATAL => qw(all);
use strict;
use sigtrap qw(die untrapped normal-signals
stack-trace any error-signals);
use Errno;
use File::stat;
use File::Basename;
use File::Find;
use Getopt::Long;
use POSIX qw(SIGPIPE strftime);
use Fcntl qw(:mode); # provides things like S_IFMT that POSIX does not
my $VERSION = '0.1';
(my $PROG = $0) =~ s#.*/##;
my @diff; # diff program to use
my $exit = 0; # our exit code
sub compare ($$);
sub recursive_compare ($$);
sub filetype_to_string ($;$);
sub compare_files ($$);
sub diff ($$);
########################################
# Environment
# Helpful prefix to die messages
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
# Set a reasonable umask
umask 077;
# Autoflush on STDOUT
$|=1;
# Autoflush on STDERR
select((select(STDERR), $|=1)[0]);
# Default options
my %opt = (
fakediff => 1,
perms => 1,
'new-file' => 1,
diff => 'diff',
);
# Config and option parsing
my $usage = <<EOF;
Usage: $PROG [options] <file1> <file2>
$PROG -r <dir1> <dir2>
Options:
-u, -U NUM, --unified=NUM
Tell diff to use unified output format.
--diff PROG
Use this program for diffing, instead of "$opt{diff}"
--fakediff
Make a fake diff for file modes and other things that are not file
contents. Default is on, can be disabled with --nofakediff.
--perms
Care about owner, group, and permissions when doing fakediff.
Default is on, can be disabled with --noperms.
-r, --recursive
Recursively compare directories.
-N, --new-file
Treat missing files as empty. Default is on, can be disabled with
--nonew-file.
--unidirectional-new-file
Treat only missing files in the first directory as empty.
--from-file
Treat arguments as a list of files from which to read filenames to
compare, two lines at a time.
-0, --null
Use NULLs instead of newlines as the separator in --from-file mode
--devnullhack
You have a version of diff that can't deal with -N when not in
recursive mode, so we need to feed it /dev/null instead of the
missing file. Default is on, can be disabled with --nodevnullhack.
--version
Output version info
--help
Output this help text
Exit codes:
0 Found no differences
1 Found a difference
2 Had a serious error
3 Found a difference and had a serious error
EOF
{
Getopt::Long::Configure ("bundling");
GetOptions(\%opt,
'help|h|?',
'version',
'null|0',
'devnullhack',
'new-file|N',
'u',
'unified|U=i',
'recursive|r',
'from-file',
'unidirectional-new-file',
'fakediff!',
'perms!',
'diff=s',
) or die $usage;
if ($opt{help}) {
print $usage;
exit 0;
}
if ($opt{version}) {
print "$PROG version $VERSION\n";
exit 0;
}
}
if ($opt{diff}) {
# We split on spaces here to be useful -- so that people can give
# their diff options.
@diff = split(/\s+/, $opt{diff});
} else {
die "$PROG: No diff program!\n";
}
if ($opt{'u'}) {
push @diff, '-u';
} elsif ($opt{'unified'}) {
$opt{'u'} = 1; # We use this value later
push @diff, "--unified=$opt{'unified'}";
}
if (not $opt{'devnullhack'}) {
push @diff, '-N';
}
# usually, sigpipe would be someone quitting their pager, so don't sweat it
$SIG{PIPE} = sub { exit $exit };
if ($opt{'from-file'}) {
local $/ = "\0" if $opt{'null'};
while (my $old = <>) {
my $new = <>;
die "Uneven number of lines in --from-file mode!\n"
if not defined $new;
chomp($old);
chomp($new);
$exit |= compare($old, $new);
}
} else {
die $usage unless $#ARGV == 1;
$exit |= compare($ARGV[0], $ARGV[1]);
}
exit $exit;
##
# Subroutines
sub compare ($$) {
my ($old, $new) = @_;
if ($opt{recursive}) {
return recursive_compare($old, $new);
} else {
return compare_files($old, $new);
}
}
# compare two directories. We do this by walking down the *new*
# directory, and comparing everything that's there to the stuff in
# the old directory
sub recursive_compare ($$) {
my ($olddir, $newdir) = @_;
my ($retval, $basere, $wanted);
my (%seen);
$retval = 0;
if (-d $newdir) {
$basere = qr(^$newdir);
$wanted = sub {
my ($newfile) = $_;
my $oldfile = $newfile;
$oldfile =~ s#$basere#$olddir#;
$seen{$oldfile} = 1;
$retval |= compare_files($oldfile, $newfile);
};
eval { find({ wanted => $wanted , no_chdir => 1}, $newdir) };
if ($@) {
warn "$PROG: error during find: $@\n";
$retval |= 2;
}
}
return $retval
if $opt{'unidirectional-new-file'};
# If we're not unidirectional, we want to go through the old directory
# and diff any files we didn't see in the newdir.
if (-d $olddir) {
$basere = qr(^$olddir);
$wanted = sub {
my ($oldfile) = $_;
my $newfile;
return if $seen{$oldfile};
$newfile = $oldfile;
$newfile =~ s#$basere#$newdir#;
$retval |= compare_files($oldfile, $newfile);
};
eval { find({ wanted => $wanted , no_chdir => 1}, $olddir) };
if ($@) {
warn "$PROG: error during find: $@\n";
$retval |= 2;
}
}
return $retval;
}
# filetype_to_string(mode)
# filetype_to_string(mode, plural)
#
# Takes a mode returned from stat(), returns a noune describing the filetype,
# e.g. "directory", "symlink".
# If the "plural" argument is provided and true, returns the plural form of
# the noun, e.g. "directories", "symlinks".
sub filetype_to_string ($;$) {
my ($mode, $plural) = @_;
if (S_ISREG($mode)) {
return "regular file".($plural ? "s" : "");
} elsif (S_ISDIR($mode)) {
return "director".($plural ? "ies" : "y");
} elsif (S_ISLNK($mode)) {
return "symlink".($plural ? "s" : "");
} elsif (S_ISBLK($mode)) {
return "block device".($plural ? "s" : "");
} elsif (S_ISCHR($mode)) {
return "character device".($plural ? "s" : "");
} elsif (S_ISFIFO($mode)) {
return "fifo".($plural ? "s" : "");
} elsif (S_ISSOCK($mode)) {
return "socket".($plural ? "s" : "");
} else {
return "unknown filetype".($plural ? "s" : "");
}
}
# compare_files(oldfile, newfile)
# This is the actual diffing routine. It's quite long because we need to
# deal with all sorts of special cases. It will print to STDOUT a
# description of the differences between the two files. For regular files,
# diff(1) will be run to show the differences.
#
# return codes:
# 1 found a difference
# 2 had an error
# 3 found a difference and had an error
sub compare_files ($$) {
my ($oldname, $newname) = @_;
my ($old, $new); # stat buffers
my $return = 0;
# Get rid of unsightly double slashes
$oldname =~ s#//#/#g;
$newname =~ s#//#/#g;
eval { $old = lstat($oldname); };
if (not defined $old and not $!{ENOENT}) {
warn "$PROG: Could not stat $oldname: $!\n";
return 2;
}
eval { $new = lstat($newname); };
if (not defined $new and not $!{ENOENT}) {
warn "$PROG: Could not stat $newname: $!\n";
return 2;
}
# At this point, $old or $new should only be undefined if the
# file does not exist.
if (defined $old and defined $new) {
if (S_IFMT($old->mode) != S_IFMT($new->mode)) {
if ($opt{fakediff}) {
fakediff('filetype',
$oldname => filetype_to_string($old->mode),
$newname => filetype_to_string($new->mode),
);
} else {
print "File types differ between ".
filetype_to_string($old->mode)." $oldname and ".
filetype_to_string($new->mode)." $newname\n";
}
return 1;
}
if ($old->nlink != $new->nlink) {
# In recursive mode, we don't care about link counts in directories,
# as we'll pick that up with what files do and don't exist.
unless ($opt{recursive} and S_ISDIR($old->mode)) {
if ($opt{fakediff}) {
fakediff('nlink',
$oldname => $old->nlink,
$newname => $new->nlink,
);
} else {
print "Link counts differ between ".
filetype_to_string($old->mode, 1).
" $oldname and $newname\n";
}
$return = 1;
}
}
if ($old->uid != $new->uid and $opt{perms}) {
if ($opt{fakediff}) {
fakediff('uid',
$oldname => $old->uid,
$newname => $new->uid,
);
} else {
print "Owner differs between ".
filetype_to_string($old->mode, 1).
" $oldname and $newname\n";
}
$return = 1;
}
if ($old->gid != $new->gid and $opt{perms}) {
if ($opt{fakediff}) {
fakediff('gid',
$oldname => $old->gid,
$newname => $new->gid,
);
} else {
print "Group differs between ".
filetype_to_string($old->mode, 1).
" $oldname and $newname\n";
}
$return = 1;
}
if (S_IMODE($old->mode) != S_IMODE($new->mode) and $opt{perms}) {
if ($opt{fakediff}) {
fakediff('mode',
$oldname => sprintf('%04o', S_IMODE($old->mode)),
$newname => sprintf('%04o', S_IMODE($new->mode)),
);
} else {
print "Modes differ between ".
filetype_to_string($old->mode, 1).
" $oldname and $newname\n";
}
$return = 1;
}
# We don't want to compare anything more about sockets, fifos, or
# directories, once we've checked the permissions and link counts
if (S_ISSOCK($old->mode) or
S_ISFIFO($old->mode) or
S_ISDIR($old->mode)) {
return $return;
}
# Check device file devs, and that's it for them
if (S_ISCHR($old->mode) or
S_ISBLK($old->mode)) {
if ($old->rdev != $new->rdev) {
if ($opt{fakediff}) {
fakediff('rdev',
$oldname => $old->rdev,
$newname => $new->rdev,
);
} else {
print "Device numbers differ between ".
filetype_to_string($old->mode, 1).
" $oldname and $newname\n";
}
$return = 1;
}
return $return;
}
# Compare the targets of symlinks
if (S_ISLNK($old->mode)) {
my $oldtarget = readlink $oldname
or (warn("$PROG: Could not readlink($oldname): $!\n"),
return $return | 2);
my $newtarget = readlink $newname
or (warn("$PROG: Could not readlink($newname): $!\n"),
return $return | 2);
if ($oldtarget ne $newtarget) {
if ($opt{fakediff}) {
fakediff('target',
$oldname => $oldtarget,
$newname => $newtarget,
);
} else {
print "Symlink targets differ between $oldname and $newname\n";
}
$return = 1;
}
return $return;
}
if (not S_ISREG($old->mode)) {
warn "$PROG: Don't know what to do with file mode $old->mode!\n";
return 2;
}
} elsif (not defined $old and not defined $new) {
print "Neither $oldname nor $newname exists\n";
return $return;
} elsif (not defined $old) {
if (not S_ISREG($new->mode) or not $opt{'new-file'}) {
print "Only in ".dirname($newname).": ".
filetype_to_string($new->mode)." ".basename($newname)."\n";
return 1;
} elsif ($opt{'devnullhack'}) {
$oldname = '/dev/null';
}
} elsif (not defined $new) {
if (not S_ISREG($old->mode) or not $opt{'new-file'}) {
print "Only in ".dirname($oldname).": ".
filetype_to_string($old->mode)." ".basename($oldname)."\n";
return 1;
} elsif ($opt{'devnullhack'}) {
$newname = '/dev/null';
}
}
# They are regular files! We can actually run diff!
return diff($oldname, $newname) | $return;
}
sub diff ($$) {
my ($oldname, $newname) = @_;
my @command = (@diff, $oldname, $newname);
my $status;
# If we're not specifying unified diff, we need to print a header
# to indicate what's being diffed. (I'm not sure if this actually would
# work for patch, but it does tell our user what's going on).
# FIXME: We only need to specify this if the files are different
print "@command\n"
if not $opt{u};
{
# There is a bug in perl with use warnings FATAL => qw(all)
# that will cause the child process from system() to stick
# around if there is a warning generated.
# Shut off warnings -- we'll catch the error below.
no warnings;
$status = system(@command);
}
return 0 if ($status == 0);
if ($? == -1) {
die "$PROG: failed to execute '@command': $!\n";
}
if ($? & 128) {
die "$PROG: '@command' dumped core\n";
}
if (my $sig = $? & 127) {
die "$PROG: '@command' caught sig $sig\n"
unless ($sig == SIGPIPE);
}
if (my $exit = $? >> 8) {
if ($exit == 1) {
return 1;
} else {
die "$PROG: '@command' returned $exit\n";
}
}
return 0;
}
sub fakediff ($$) {
my ($type, $oldname, $oldvalue, $newname, $newvalue) = @_;
return unless $opt{fakediff};
my $time = strftime('%F %T.000000000 %z', localtime(0));
# We add a suffix onto the filenames to show we're not actually looking
# at file contents. There's no good way to indicate this that's compatible
# with patch, and this is simple enough.
$oldname .= '#~~' . $type;
$newname .= '#~~' . $type;
if ($opt{u}) {
# fake up a unified diff
print <<EOF;
--- $oldname\t$time
+++ $newname\t$time
@@ -1 +1 @@
-$oldvalue
+$newvalue
EOF
} else {
print <<EOF;
diff $oldname $newname
1c1
< $oldvalue
---
> $newvalue
EOF
}
}

161
slack-dist/dist/slack-getroles vendored
View File

@@ -1,161 +0,0 @@
#!/usr/bin/perl -w
# $Id: slack-getroles 180 2008-01-19 08:26:19Z alan $
# vim:sw=2
# vim600:fdm=marker
# Copyright (C) 2004-2008 Alan Sundell <alan@sundell.net>
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
# See the file COPYING for details.
# This script is in charge of copying files from the (possibly remote)
# master directory to a local cache, using rsync
require 5.006;
use warnings FATAL => qw(all);
use strict;
use sigtrap qw(die untrapped normal-signals
stack-trace any error-signals);
use File::Path;
use constant LIB_DIR => '/usr/lib/slack';
use lib LIB_DIR;
use Slack;
my @rsync = ('rsync',
'--links',
'--times',
);
(my $PROG = $0) =~ s#.*/##;
sub sync_list ();
########################################
# Environment
# Helpful prefix to die messages
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
# Set a reasonable umask
umask 077;
# Get out of wherever (possibly NFS-mounted) we were
chdir("/")
or die "Could not chdir /: $!";
# Autoflush on STDERR
select((select(STDERR), $|=1)[0]);
########################################
# Config and option parsing {{{
my $usage = Slack::default_usage("$PROG [options]");
$usage .= <<EOF;
--role-list
Role list location (can be relative to SOURCE)
--remote-role-list
Role list is remote and should be copied down with rsync
(implied by certain forms of role list or SOURCE)
EOF
# Option defaults
my %opt = ();
Slack::get_options(
opthash => \%opt,
command_line_options => [
'role-list=s',
'remote-role-list',
],
required_options => [ qw(role-list hostname) ],
usage => $usage,
);
# Prepare for backups
if ($opt{backup} and $opt{'backup-dir'}) {
# Make sure backup directory exists
unless (-d $opt{'backup-dir'}) {
($opt{verbose} > 0) and print STDERR "Creating backup directory '$opt{'backup-dir'}'\n";
if (not $opt{'dry-run'}) {
eval { mkpath($opt{'backup-dir'}); };
die "Could not mkpath backup dir '$opt{'backup-dir'}': $@\n" if $@;
}
}
push(@rsync, "--backup", "--backup-dir=$opt{'backup-dir'}");
}
# Pass options along to rsync
if ($opt{'dry-run'}) {
push @rsync, '--dry-run';
}
# Pass options along to rsync
if ($opt{'verbose'} > 1) {
push @rsync, '--verbose';
}
# }}}
# See if role-list is actually relative to source, and pre-pend source
# if need be.
unless ($opt{'role-list'} =~ m#^/# or
$opt{'role-list'} =~ m#^\./# or
$opt{'role-list'} =~ m#^[\w@\.-]+:#) {
if (not defined $opt{source}) {
die "Relative path to role-list given, but source not defined!\n\n$usage\n";
}
$opt{'role-list'} = $opt{source} . '/' . $opt{'role-list'};
}
# auto-detect remote role list
if ($opt{'role-list'} =~ m#^[\w@\.-]+:#) {
$opt{'remote-role-list'} = 1;
}
# Copy a remote list locally
if ($opt{'remote-role-list'}) {
# We need a cache directory if the role list is not local
if (not defined $opt{cache}) {
die "Remote path to role-list given, but cache not defined!\n\n$usage\n";
}
# Look at source type, and add options if necessary
if ($opt{'rsh'} or $opt{'role-list'} =~ m/^[\w@\.-]+::/) {
# This is tunnelled rsync, and so needs an extra option
if ($opt{'rsh'}) {
push @rsync, '-e', $opt{'rsh'};
} else {
push @rsync, '-e', 'ssh';
}
}
sync_list();
}
# Read in the roles list
my @roles = ();
my $host_found = 0;
($opt{verbose} > 0) and print STDERR "$PROG: Reading '$opt{'role-list'}'\n";
open(ROLES, "<", $opt{'role-list'})
or die "Could not open '$opt{'role-list'}' for reading: $!\n";
while(<ROLES>) {
s/#.*//; # Strip comments
chomp;
if (s/^$opt{hostname}:\s*//) {
$host_found++;
push @roles, split();
}
}
close(ROLES)
or die "Could not close '$opt{'role-list'}': $!\n";
if (not $host_found) {
die "Host '$opt{hostname}' not found in '$opt{'role-list'}'!\n";
}
print join("\n", @roles), "\n";
exit 0;
sub sync_list () {
my $source = $opt{'role-list'};
my $destination = $opt{cache} . "/_role_list";
unless (-d $opt{cache}) {
eval { mkpath($opt{cache}); };
die "Could not mkpath '$opt{cache}': $@\n" if $@;
}
# All this to run an rsync command
my @command = (@rsync, $source, $destination);
($opt{verbose} > 0) and print STDERR "$PROG: Calling '@command'\n";
Slack::wrap_rsync(@command);
$opt{'role-list'} = $destination;
}

149
slack-dist/dist/slack-installfiles vendored
View File

@@ -1,149 +0,0 @@
#!/usr/bin/perl -w
# $Id: slack-installfiles 180 2008-01-19 08:26:19Z alan $
# vim:sw=2
# vim600:fdm=marker
# Copyright (C) 2004-2008 Alan Sundell <alan@sundell.net>
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
# See the file COPYING for details.
#
# This script is in charge of copying files from the local stage to the root
# of the local filesystem
require 5.006;
use warnings FATAL => qw(all);
use strict;
use sigtrap qw(die untrapped normal-signals
stack-trace any error-signals);
use File::Path;
use constant LIB_DIR => '/usr/lib/slack';
use lib LIB_DIR;
use Slack;
my @rsync = ('rsync',
'--relative',
'--times',
'--perms',
'--group',
'--owner',
'--links',
'--devices',
'--sparse',
'--no-implied-dirs', # SO GOOD!
'--files-from=-',
'--from0',
);
(my $PROG = $0) =~ s#.*/##;
sub install_files ($);
########################################
# Environment
# Helpful prefix to die messages
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
# Set a reasonable umask
umask 077;
# Get out of wherever (possibly NFS-mounted) we were
chdir("/")
or die "Could not chdir /: $!";
# Autoflush on STDERR
select((select(STDERR), $|=1)[0]);
########################################
# Config and option parsing {{{
my $usage = Slack::default_usage("$PROG [options] <role> [<role>...]");
# Option defaults
my %opt = ();
Slack::get_options(
opthash => \%opt,
usage => $usage,
required_options => [ qw(root stage) ],
);
# }}}
# Arguments are required
die "No roles given!\n\n$usage" unless @ARGV;
unless (-d $opt{root}) {
if (not $opt{'dry-run'}) {
eval {
mkpath($opt{root});
# We have a tight umask, and a root of mode 0700 would be undesirable
# in most cases.
chmod(0755, $opt{root});
};
die "Could not mkpath destination directory '$opt{root}': $@\n" if $@;
}
warn "WARNING[$PROG]: Created destination directory '".$opt{root}."'\n";
}
# Prepare for backups
if ($opt{backup} and $opt{'backup-dir'}) {
# Make sure backup directory exists
unless (-d $opt{'backup-dir'}) {
($opt{verbose} > 0) and print STDERR "$PROG: Creating backup directory '$opt{'backup-dir'}'\n";
if (not $opt{'dry-run'}) {
eval { mkpath($opt{'backup-dir'}); };
die "Could not mkpath backup dir '$opt{'backup-dir'}': $@\n" if $@;
}
}
push(@rsync, "--backup", "--backup-dir=$opt{'backup-dir'}");
}
# Pass options along to rsync
if ($opt{'dry-run'}) {
push @rsync, '--dry-run';
}
if ($opt{'verbose'} > 1) {
push @rsync, '--verbose';
}
# copy over the new files
for my $role (@ARGV) {
install_files($role);
}
exit 0;
# This subroutine takes care of actually installing the files for a role
sub install_files ($) {
my ($role) = @_;
# final / is important for rsync
my $source = $opt{stage} . "/roles/" . $role . "/files/";
my $destination = $opt{root} . "/";
my @command = (@rsync, $source, $destination);
if (not -d $source) {
($opt{verbose} > 0) and
print STDERR "$PROG: No files to install -- '$source' does not exist\n";
return;
}
# Try to give some sensible message here
if ($opt{verbose} > 0) {
if ($opt{'dry-run'}) {
print STDERR "$PROG: Dry-run syncing '$source' to '$destination'\n";
} else {
print STDERR "$PROG: Syncing '$source' to '$destination'\n";
}
}
my ($fh) = Slack::wrap_rsync_fh(@command);
select((select($fh), $|=1)[0]); # Turn on autoflush
my $callback = sub {
my ($file) = @_;
($file =~ s#^$source##)
or die "sub failed: $source|$file";
print $fh "$file\0";
};
# This will print files to be synced to the $fh
Slack::find_files_to_install($source, $destination, $callback);
# Close fh, waitpid, and check return value
unless (close($fh)) {
Slack::check_system_exit(@command);
}
}

146
slack-dist/dist/slack-rolediff vendored
View File

@@ -1,146 +0,0 @@
#!/usr/bin/perl -w
# $Id: slack-rolediff 125 2006-09-27 07:50:07Z alan $
# vim:sw=2
# vim600:fdm=marker
# Copyright (C) 2004-2006 Alan Sundell <alan@sundell.net>
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
# See the file COPYING for details.
#
# This script provides a preview of scripts or files about to be installed.
# Basically, it calls diff -- its smarts are in knowing where things are.
require 5.006;
use warnings FATAL => qw(all);
use strict;
use sigtrap qw(die untrapped normal-signals
stack-trace any error-signals);
use File::Path;
use File::Find;
use constant LIB_DIR => '/usr/lib/slack';
use lib LIB_DIR;
use Slack;
my @diff = ('slack-diff',
'-uN',
);
# directories to compare
my %subdir = (
files => 1,
scripts => 1,
);
(my $PROG = $0) =~ s#.*/##;
sub diff ($$;@);
########################################
# Environment
# Helpful prefix to die messages
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
# Set a reasonable umask
umask 077;
# Get out of wherever (possibly NFS-mounted) we were
chdir("/")
or die "Could not chdir /: $!";
# Autoflush on STDERR
select((select(STDERR), $|=1)[0]);
########################################
# Config and option parsing {{{
my $usage = Slack::default_usage("$PROG [options] <role> [<role>...]");
$usage .= <<EOF;
--subdir DIR
Check this subdir only. Possible values for DIR are 'files' and
'scripts'.
--diff PROG
Use this program to do diffs. [@diff]
EOF
# Option defaults
my %opt = ();
Slack::get_options(
opthash => \%opt,
command_line_options => [
'subdir=s',
'diff=s',
],
usage => $usage,
required_options => [ qw(cache stage root) ],
);
# Arguments are required
die "No roles given!\n\n$usage" unless @ARGV;
# We only allow certain values for this option
if ($opt{subdir}) {
unless ($opt{subdir} eq 'files' or $opt{subdir} eq 'scripts') {
die "--subdir option must be 'files' or 'scripts'\n\n$usage";
}
# Only do this subdir
%subdir = ( $opt{subdir} => 1 );
}
# Let people override our diff. Split on spaces so they can pass args.
if ($opt{diff}) {
@diff = split(/\s+/, $opt{diff});
}
# }}}
my $exit = 0;
# Do the diffs
for my $full_role (@ARGV) {
# Split the full role (e.g. google.foogle.woogle) into components
my @role = split(/\./, $full_role);
if ($subdir{scripts}) {
# Then we compare the cache vs the stage
my $old = $opt{stage} . "/roles/" . $full_role . "/scripts";
my $new = $opt{cache} . "/roles/" . $role[0] . "/scripts";
# For scripts, we don't care so much about mode and owner (since those are
# inherited in the CACHE from the SOURCE), so --noperms.
$exit |= diff($old, $new, '--noperms');
}
if ($subdir{files}) {
# Then we compare the stage vs the root
my $old = $opt{root};
my $new = $opt{stage} . "/roles/" . $full_role . "/files";
# For files, we don't care about files that exist in $old but not $new
$exit |= diff($old, $new, '--unidirectional-new-file');
}
}
exit $exit;
sub diff ($$;@) {
my ($old, $new, @options) = @_;
my @command = (@diff, @options);
# return if there's nothing to do
return 0 if (not -d $old and not -d $new);
($opt{verbose} > 0) and print STDERR "$PROG: Previewing with '@command'\n";
my $return = 0;
my $callback = sub {
my ($new_file) = @_;
my $old_file = $new_file;
($old_file =~ s#^$new#$old#)
or die "sub failed: $new|$new_file";
if (system(@command, $old_file, $new_file) != 0) {
$return |= Slack::get_system_exit(@command);
}
};
# We have to use this function, rather than recursive mode for slack-diff,
# because otherwise we'll print a bunch of bogus stuff about directories
# that exist in $ROOT and therefore aren't being synced.
Slack::find_files_to_install($new, $old, $callback);
return $return;
}

111
slack-dist/dist/slack-runscript vendored
View File

@@ -1,111 +0,0 @@
#!/usr/bin/perl -w
# $Id: slack-runscript 118 2006-09-25 18:35:17Z alan $
# vim:sw=2
# vim600:fdm=marker
# Copyright (C) 2004-2006 Alan Sundell <alan@sundell.net>
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
# See the file COPYING for details.
#
# This script is in charge of running scripts out of the local stage
require 5.006;
use warnings FATAL => qw(all);
use strict;
use sigtrap qw(die untrapped normal-signals
stack-trace any error-signals);
use File::Path;
use File::Find;
use constant LIB_DIR => '/usr/lib/slack';
use lib LIB_DIR;
use Slack;
# Export these options to the environment of the script
my @export_options = qw(root stage hostname verbose);
(my $PROG = $0) =~ s#.*/##;
########################################
# Environment
# Helpful prefix to die messages
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
# Set a reasonable umask
umask 077;
# Autoflush on STDERR
select((select(STDERR), $|=1)[0]);
# Get out of wherever (possibly NFS-mounted) we were
chdir('/')
or die "Could not chdir '/': $!";
########################################
# Config and option parsing {{{
my $usage = Slack::default_usage("$PROG [options] <action> <role> [<role>...]");
# Option defaults
my %opt = ();
Slack::get_options(
opthash => \%opt,
usage => $usage,
required_options => \@export_options,
);
my $action = shift || die "No script to run!\n\n$usage";
# Arguments are required
die "No roles given!\n\n$usage" unless @ARGV;
# }}}
# Start with a clean environment
%ENV = (
PATH => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
);
# Export certain variables to the environment. These are guaranteed to
# be set because we require them in get_options above.
for my $option (@export_options) {
my $env_var = $option;
$env_var =~ tr/a-z-/A-Z_/;
$ENV{$env_var} = $opt{$option};
}
# We want to decrement the verbose value for the child if it's set.
$ENV{VERBOSE}-- if $ENV{VERBOSE};
# Run the script for each role given, if it exists and is executable
for my $role (@ARGV) {
my $script_to_run = "$opt{stage}/roles/$role/scripts/$action";
unless (-x $script_to_run) {
if (-e _) {
# A helpful warning
warn "WARNING[$PROG]: Skipping '$script_to_run' because it's not executable\n";
} elsif ($opt{verbose} > 0) {
print STDERR "$PROG: Skipping '$script_to_run' because it doesn't exist\n";
}
next;
}
my $dir;
if ($action eq 'fixfiles') {
$dir = "$opt{stage}/roles/$role/files";
} else {
$dir = "$opt{stage}/roles/$role/scripts";
}
my @command = ($script_to_run , $role);
# It's OK to chdir even if we're not going to run the script.
# Might as well see if it works.
chdir($dir)
or die "Could not chdir '$dir': $!\n";
if ($opt{'dry-run'}) {
($opt{verbose} > 0)
and print STDERR "$PROG: Not calling '@command' in '$dir' ".
"because --dry-run specified.\n";
} else {
($opt{verbose} > 0)
and print STDERR "$PROG: Calling '@command' in '$dir'.\n";
unless (system("script /root/slackLog -a -f -c @command") == 0) {
Slack::check_system_exit(@command);
}
}
chdir('/')
or die "Could not chdir '/': $!\n"
}
exit 0;

111
slack-dist/dist/slack-runscript.orig vendored
View File

@@ -1,111 +0,0 @@
#!/usr/bin/perl -w
# $Id: slack-runscript 118 2006-09-25 18:35:17Z alan $
# vim:sw=2
# vim600:fdm=marker
# Copyright (C) 2004-2006 Alan Sundell <alan@sundell.net>
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
# See the file COPYING for details.
#
# This script is in charge of running scripts out of the local stage
require 5.006;
use warnings FATAL => qw(all);
use strict;
use sigtrap qw(die untrapped normal-signals
stack-trace any error-signals);
use File::Path;
use File::Find;
use constant LIB_DIR => '/usr/lib/slack';
use lib LIB_DIR;
use Slack;
# Export these options to the environment of the script
my @export_options = qw(root stage hostname verbose);
(my $PROG = $0) =~ s#.*/##;
########################################
# Environment
# Helpful prefix to die messages
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
# Set a reasonable umask
umask 077;
# Autoflush on STDERR
select((select(STDERR), $|=1)[0]);
# Get out of wherever (possibly NFS-mounted) we were
chdir('/')
or die "Could not chdir '/': $!";
########################################
# Config and option parsing {{{
my $usage = Slack::default_usage("$PROG [options] <action> <role> [<role>...]");
# Option defaults
my %opt = ();
Slack::get_options(
opthash => \%opt,
usage => $usage,
required_options => \@export_options,
);
my $action = shift || die "No script to run!\n\n$usage";
# Arguments are required
die "No roles given!\n\n$usage" unless @ARGV;
# }}}
# Start with a clean environment
%ENV = (
PATH => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
);
# Export certain variables to the environment. These are guaranteed to
# be set because we require them in get_options above.
for my $option (@export_options) {
my $env_var = $option;
$env_var =~ tr/a-z-/A-Z_/;
$ENV{$env_var} = $opt{$option};
}
# We want to decrement the verbose value for the child if it's set.
$ENV{VERBOSE}-- if $ENV{VERBOSE};
# Run the script for each role given, if it exists and is executable
for my $role (@ARGV) {
my $script_to_run = "$opt{stage}/roles/$role/scripts/$action";
unless (-x $script_to_run) {
if (-e _) {
# A helpful warning
warn "WARNING[$PROG]: Skipping '$script_to_run' because it's not executable\n";
} elsif ($opt{verbose} > 0) {
print STDERR "$PROG: Skipping '$script_to_run' because it doesn't exist\n";
}
next;
}
my $dir;
if ($action eq 'fixfiles') {
$dir = "$opt{stage}/roles/$role/files";
} else {
$dir = "$opt{stage}/roles/$role/scripts";
}
my @command = ($script_to_run, $role);
# It's OK to chdir even if we're not going to run the script.
# Might as well see if it works.
chdir($dir)
or die "Could not chdir '$dir': $!\n";
if ($opt{'dry-run'}) {
($opt{verbose} > 0)
and print STDERR "$PROG: Not calling '@command' in '$dir' ".
"because --dry-run specified.\n";
} else {
($opt{verbose} > 0)
and print STDERR "$PROG: Calling '@command' in '$dir'.\n";
unless (system(@command) == 0) {
Slack::check_system_exit(@command);
}
}
chdir('/')
or die "Could not chdir '/': $!\n"
}
exit 0;

278
slack-dist/dist/slack-stage vendored
View File

@@ -1,278 +0,0 @@
#!/usr/bin/perl -w
# $Id: slack-stage 180 2008-01-19 08:26:19Z alan $
# vim:sw=2
# vim600:fdm=marker
# Copyright (C) 2004-2008 Alan Sundell <alan@sundell.net>
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
# See the file COPYING for details.
#
# This script is in charge of copying files from the local cache
# directory to the local stage, building a unified single tree onstage
# from the multiple trees that are the role + subroles in the cache
require 5.006;
use warnings FATAL => qw(all);
use strict;
use sigtrap qw(die untrapped normal-signals
stack-trace any error-signals);
use File::Path;
use File::Find;
use constant LIB_DIR => '/usr/lib/slack';
use lib LIB_DIR;
use Slack;
my @rsync = ('rsync',
'--recursive',
'--times',
'--ignore-times',
'--perms',
'--sparse',
);
(my $PROG = $0) =~ s#.*/##;
sub check_stage ();
sub sync_role ($$@);
sub apply_default_perms_to_role ($$);
########################################
# Environment
# Helpful prefix to die messages
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
# Set a reasonable umask
umask 077;
# Get out of wherever (possibly NFS-mounted) we were
chdir("/")
or die "Could not chdir /: $!";
# Autoflush on STDERR
select((select(STDERR), $|=1)[0]);
########################################
# Config and option parsing {{{
my $usage = Slack::default_usage("$PROG [options] <role> [<role>...]");
$usage .= <<EOF;
--subdir DIR
Sync this subdir only. Possible values for DIR are 'files' and
'scripts'.
EOF
# Option defaults
my %opt = ();
Slack::get_options(
opthash => \%opt,
command_line_options => [
'subdir=s',
],
usage => $usage,
required_options => [ qw(cache stage) ],
);
# Arguments are required
die "No roles given!\n\n$usage" unless @ARGV;
# We only allow certain values for this option
if ($opt{subdir}) {
unless ($opt{subdir} eq 'files' or $opt{subdir} eq 'scripts') {
die "--subdir option must be 'files' or 'scripts'\n\n$usage";
}
} else {
$opt{subdir} = '';
}
# Prepare for backups
if ($opt{backup} and $opt{'backup-dir'}) {
# Make sure backup directory exists
unless (-d $opt{'backup-dir'}) {
($opt{verbose} > 0) and print STDERR "Creating backup directory '$opt{'backup-dir'}'\n";
if (not $opt{'dry-run'}) {
eval { mkpath($opt{'backup-dir'}); };
die "Could not mkpath backup dir '$opt{'backup-dir'}': $@\n" if $@;
}
}
push(@rsync, "--backup", "--backup-dir=$opt{'backup-dir'}");
}
# Pass options along to rsync
if ($opt{'dry-run'}) {
push @rsync, '--dry-run';
}
# Pass options along to rsync
if ($opt{'verbose'} > 1) {
push @rsync, '--verbose';
}
# }}}
# copy over the new files
for my $full_role (@ARGV) {
# Split the full role (e.g. google.foogle.woogle) into components
my @role_parts = split(/\./, $full_role);
die "Internal error: Expect at least one role part" if not @role_parts;
# Reassemble parts one at a time onto @role and sync as we go,
# so we do "google", then "google.foogle", then "google.foogle.woogle"
my @role = ();
# Make sure we've got the right perms before we copy stuff down
check_stage();
# For the base role, do both files and scripts.
push @role, shift @role_parts;
for my $subdir(qw(files scripts)) {
if (not $opt{subdir} or $opt{subdir} eq $subdir) {
($opt{verbose} > 1)
and print STDERR "$PROG: Calling sync_role for $full_role, @role\n";
# @role here will have one element, so sync_role will use --delete
sync_role($full_role, $subdir, @role)
}
}
# For all subroles, just do the files.
# (If we wanted script subroles to work like files, we'd get rid of this
# distinction and simplify the code.)
if (not $opt{subdir} or $opt{subdir} eq 'files') {
while (@role_parts) {
push @role, shift @role_parts;
($opt{verbose} > 1)
and print STDERR "$PROG: Calling sync_role for $full_role, @role\n";
sync_role($full_role, 'files', @role);
}
}
for my $subdir (qw(files scripts)) {
apply_default_perms_to_role($full_role, $subdir)
if (not $opt{subdir} or $opt{subdir} eq $subdir);
}
}
exit 0;
# Make sure the stage directory exists and is mode 0700, to protect files
# underneath in transit
sub check_stage () {
my $stage = $opt{stage} . "/roles";
if (not $opt{'dry-run'}) {
if (not -d $stage) {
($opt{verbose} > 0) and print STDERR "$PROG: Creating '$stage'\n";
eval { mkpath($stage); };
die "Could not mkpath cache dir '$stage': $@\n" if $@;
}
($opt{verbose} > 0) and print STDERR "$PROG: Checking perms on '$stage'\n";
if ($> != 0) {
warn "WARNING[$PROG]: Not superuser; unable to chown files\n";
} else {
chown(0, 0, $stage)
or die "Could not chown 0:0 '$stage': $!\n";
}
chmod(0700, $stage)
or die "Could not chmod 0700 '$stage': $!\n";
}
}
# Copy the files for a role from CACHE to STAGE
sub sync_role ($$@) {
my ($full_role, $subdir, @role) = @_;
my @this_rsync = @rsync;
# If we were only given one role part, we're in the base role
my $in_base_role = (scalar @role == 1);
# For the base role, delete any files that don't exist in the cache.
# Not for the subrole (otherwise we'll delete all files not in
# the subrole, which may be most of them!)
if ($in_base_role) {
push @this_rsync, "--delete";
}
# (a) => a/files
# (a,b,c) => a/files.b.c
my $src_path = $role[0].'/'.join(".", $subdir, @role[1 .. $#role]);
# This one's a little simpler:
my $dst_path = $full_role.'/'.$subdir;
# final / is important for rsync
my $source = $opt{cache} . "/roles/" . $src_path . "/";
my $destination = $opt{stage} . "/roles/" . $dst_path . "/";
if (not -d $destination and -d $source) {
($opt{verbose} > 0) and print STDERR "$PROG: Creating '$destination'\n";
if (not $opt{'dry-run'}) {
eval { mkpath($destination); };
die "Could not mkpath stage dir '$destination': $@\n" if $@;
}
}
# We no longer require the source to exist
if (not -d $source) {
# but we need to remove the destination if the source
# doesn't exist and we're in the base role
if ($in_base_role) {
rmtree($destination);
# rmtree() doesn't throw exceptions or give a return value useful
# for detecting failure, so we just check after the fact.
die "Could not rmtree '$destination' when '$source' missing\n"
if -e $destination;
}
# if we continue, rsync will fail because source is missing,
# so we don't.
return;
}
# All this to run an rsync command
my @command = (@this_rsync, $source, $destination);
($opt{verbose} > 0) and print STDERR "$PROG: Syncing $src_path with '@command'\n";
Slack::wrap_rsync(@command);
}
# This just takes the base role, and chowns/chmods everything under it to
# give it some sensible permissions. Basically, the only thing we preserve
# about the original permissions is the executable bit, since that's the
# only thing source code controls systems like CVS, RCS, Perforce seem to
# preserve.
sub apply_default_perms_to_role ($$) {
my ($role, $subdir) = @_;
my $destination = $opt{stage} . "/roles/" . $role;
if ($subdir) {
$destination .= '/' . $subdir;
}
# If the destination doesn't exist, it's probably because the source didn't
return if not -d $destination;
($opt{verbose} > 0) and print STDERR "$PROG: Setting default perms on $destination\n";
if ($> != 0) {
warn "WARNING[$PROG]: Not superuser; won't be able to chown files\n";
}
# Use File::Find to recurse the directory
find({
# The "wanted" subroutine is called for every directory entry
wanted => sub {
return if $opt{'dry-run'};
($opt{verbose} > 2) and print STDERR "$File::Find::name\n";
if (-l) {
# symlinks shouldn't be in here,
# since we dereference when copying
warn "WARNING[$PROG]: Skipping symlink at $File::Find::name: $!\n";
return;
} elsif (-f _) { # results of last stat saved in the "_"
if (-x _) {
chmod 0555, $_
or die "Could not chmod 0555 $File::Find::name: $!";
} else {
chmod 0444, $_
or die "Could not chmod 0444 $File::Find::name: $!";
}
} elsif (-d _) {
chmod 0755, $_
or die "Could not chmod 0755 $File::Find::name: $!";
} else {
warn "WARNING[$PROG]: Unknown file type at $File::Find::name: $!\n";
}
return if $> != 0; # skip chowning if not superuser
chown 0, 0, $_
or die "Could not chown 0:0 $File::Find::name: $!";
},
# end of wanted function
},
# way down here, we have the directory to traverse with File::Find
$destination,
);
}

169
slack-dist/dist/slack-sync vendored
View File

@@ -1,169 +0,0 @@
#!/usr/bin/perl -w
# $Id: slack-sync 180 2008-01-19 08:26:19Z alan $
# vim:sw=2
# vim600:fdm=marker
# Copyright (C) 2004-2008 Alan Sundell <alan@sundell.net>
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
# See the file COPYING for details.
#
# This script is in charge of copying files from the (possibly remote)
# master directory to a local cache, using rsync
require 5.006;
use warnings FATAL => qw(all);
use strict;
use sigtrap qw(die untrapped normal-signals
stack-trace any error-signals);
use File::Path;
use constant LIB_DIR => '/usr/lib/slack';
use lib LIB_DIR;
use Slack;
my @rsync = ('rsync',
'--cvs-exclude',
'--recursive',
'--links',
'--copy-links',
'--times',
'--perms',
'--sparse',
'--delete',
'--files-from=-',
'--from0',
);
(my $PROG = $0) =~ s#.*/##;
sub check_cache ($);
sub rsync_source ($$@);
########################################
# Environment
# Helpful prefix to die messages
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
# Set a reasonable umask
umask 077;
# Get out of wherever (possibly NFS-mounted) we were
chdir("/")
or die "Could not chdir /: $!";
# Autoflush on STDERR
select((select(STDERR), $|=1)[0]);
########################################
# Config and option parsing {{{
my $usage = Slack::default_usage("$PROG [options] <role> [<role>...]");
# Option defaults
my %opt = ();
Slack::get_options(
opthash => \%opt,
usage => $usage,
required_options => [ qw(source cache) ],
);
# Arguments are required
die "No roles given!\n\n$usage" unless @ARGV;
# Prepare for backups
if ($opt{backup} and $opt{'backup-dir'}) {
# Make sure backup directory exists
unless (-d $opt{'backup-dir'}) {
($opt{verbose} > 0) and print STDERR "Creating backup directory '$opt{'backup-dir'}'\n";
if (not $opt{'dry-run'}) {
eval { mkpath($opt{'backup-dir'}); };
die "Could not mkpath backup dir '$opt{'backup-dir'}': $@\n" if $@;
}
}
push(@rsync, "--backup", "--backup-dir=$opt{'backup-dir'}");
}
# Look at source type, and add options if necessary
if ($opt{'rsh'} or $opt{source} =~ m/^[\w@\.-]+::/) {
# This is tunnelled rsync, and so needs an extra option
if ($opt{'rsh'}) {
push @rsync, '-e', $opt{'rsh'};
} else {
push @rsync, '-e', 'ssh';
}
}
# Pass options along to rsync
if ($opt{'dry-run'}) {
push @rsync, '--dry-run';
}
# Pass options along to rsync
if ($opt{'verbose'} > 1) {
push @rsync, '--verbose';
}
# }}}
my @roles = ();
{
# This hash is just to avoid calling rsync twice if two subroles are
# installed. We only care since it's remote, and therefore slow.
my %roles_to_sync = ();
# copy over the new files
for my $full_role (@ARGV) {
# Get the first element of the role name (the base role)
# e.g., from "google.foogle.woogle", get "google"
my $base_role = (split /\./, $full_role, 2)[0];
$roles_to_sync{$base_role} = 1;
}
@roles = keys %roles_to_sync;
}
my $cache = $opt{cache} . "/roles/";
# Make sure we've got the right perms before we copy stuff down
check_cache($cache);
rsync_source(
$opt{source} . '/roles/',
$cache,
@roles,
);
exit 0;
# Make sure the cache directory exists and is mode 0700, to protect files
# underneath in transit
sub check_cache ($) {
my ($cache) = @_;
if (not $opt{'dry-run'}) {
if (not -d $cache) {
($opt{verbose} > 0) and print STDERR "$PROG: Creating '$cache'\n";
eval { mkpath($cache); };
die "Could not mkpath cache dir '$cache': $@\n" if $@;
}
($opt{verbose} > 0) and print STDERR "$PROG: Checking perms on '$cache'\n";
if ($> != 0) {
warn "WARNING[$PROG]: Not superuser; unable to chown files\n";
} else {
chown(0, 0, $cache)
or die "Could not chown 0:0 '$cache': $!\n";
}
chmod(0700, $cache)
or die "Could not chmod 0700 '$cache': $!\n";
}
}
# Pull down roles from an rsync source
sub rsync_source($$@) {
my ($source, $destination, @roles) = @_;
my @command = (@rsync, $source, $destination);
($opt{verbose} > 0)
and print STDERR "$PROG: Syncing cache with '@command'\n";
my ($fh) = Slack::wrap_rsync_fh(@command);
# Shove the roles down its throat
print $fh join("\0", @roles), "\0";
# Close fh, waitpid, and check return value
unless (close($fh)) {
Slack::check_system_exit(@command);
}
}

0
slack-dist/dist/slack.conf vendored
View File

6
slack-dist/env/prod/SlackConfig-prod.config vendored
View File

@@ -1,6 +0,0 @@
ROLE_LIST=techops.turnsys.net:/var/www/html/tsys-techops/slack/prod/etc/roles.conf
SOURCE=techops.turnsys.net:/var/www/html/tsys-techops
CACHE=/var/cache/slack
STAGE=/var/lib/slack/stage
ROOT=/
BACKUP_DIR=/var/lib/slack/backups

4
slack-dist/env/prod/SlackSSH-prod.config vendored
View File

@@ -1,4 +0,0 @@
Host techops.turnsys.net
User tsys-techops
IdentityFile /root/.ssh/SlackSSH-prod.key
StrictHostKeyChecking no

27
slack-dist/env/prod/SlackSSH-prod.key vendored
View File

@@ -1,27 +0,0 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAs7Ndaskoh0HVk4NSc8eR3PNBilv9DuWw8tjquo/7VEappkg3
F8IlvxitVIxGoZEf2bkEigcYgB+l/6j5ubIKZ8R2vUzY3sSZpl5KGl/2yl+TtO/9
F7ZyhYbR348gEDZMFCKUXdFsdCArf6u6nmbWaYGrunRRl/fPwNbmO7c0WF/UEqvB
cmJGY7772SJuuQUl/rhy9y4PJr8dmj7K04XU7tLJKqz83PLCiXis+g255vBJPjqA
MJG9hRo/8kQmNTbDR4dEwBRjce2Lo6iBaw4NHQ4mjYhZDprH6kZdfvDd6fs6+hJR
NIsUX3Q9g8wAReBqdtFED32QenoBKvshoZD78wIDAQABAoIBAGcw/toNfcp+EalN
5hE6bxaUUfSj8mOVntE1o0VS3R5+HXmxSoHIKWjdQNumWgD5l3Ktfl/Mx1L72ZVA
cXcjODpyZUU7VeZGu3z/9EnFBbEcxXNHxOzTBlyLGQXp6J2msHV3jf95/W+J8bC0
6st/fmzD29uMZDaCRbkVLszn3ZVJKzO4EMNg5nfzf0ET9I77/fIgJE7whnCS9lE3
0ELH4G/gCD/Rbjp9c6J+E55RvUNMoGECKy5NOKbFYNSEYQiIHpqceYzn82xHtErQ
rOz1MtikJHw6ACObsmsifobeGhHcuGqO99iHMmTIpBfLms0Dozr5oz1CODMwSkOP
j59RL7ECgYEA505s5NkBc7/aqQTLYdkdhcwi8ttbbPFYSMEuSvKV3GcuOA9S2pVZ
RdOE+u2ieEoJuvxbo02xhPSPz4w1VeqBjEoW1jFv1yaRDQG5h8f4Ya8aRCoBg/4c
V98cnUbtRym1YrXRSZ8TQVPpFA31A3SAgJSEojQRV09AMpjAHEJvBFcCgYEAxuKP
1W7oFPwQdnFUjKvEi+YHli6Jhq3ERrRfI2q9GDCRxyHX/agEtIELjrNk4OdKvjdn
oTnxfhI4g59yrOLa7tbV06T8L/ifk1zUG4rhiaZrTIRFGvtTeUoGN7ag/TVc/4Vp
RQa05z+MIrIf1jeSAShRIksNmy5n7j53rScTY8UCgYEApHS6L6uqwKVzziA+in9X
4j1Vy93yju65mmDfjSIVMvOZhPpAKnFtW5wcPFyg222opW2vqdgfkyxe424IreFh
4mD7A6d6oTomf1zukH+5NZrNzhEfqr0NYdyb96bqJWKeOGSVPQcBJb2HRl72CVLX
2pO+CaWDftQ2DMNWM8F4NVkCgYBZhUNOw7QNNgRG++4dv3chrXG+xMW8bFzLooas
T3A8Aiir5GzvTQCJKwjDu7Xtkc5P3mpz5LvxjkwH2u5oKVh4ZxUqRboJ8bQKRZ9n
olSwe8sSTvs4EOZa0toHm9nM/4cTsL5YhpNI/46ZU2oHJ0493SLf975xGitHzrBZ
rRwKLQKBgQCIKEi7Vjl7noNc6O2lIJG6GLAmpLsemcweP90wcpotV/qafsChZMt2
LSai+iSdguFFu/J0KpfTkxuEeH5aT0D28zRUy3kP7WlP3wOTcDM/6iYsjLNIqeHf
X5AL3SFCbMemCZsvBVtPwfli7rsJNft/98VDlhkOaCyMa+sRjEEhlg==
-----END RSA PRIVATE KEY-----

1
slack-dist/env/prod/SlackSSH-prod.key.pub vendored
View File

@@ -1 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzs11qySiHQdWTg1Jzx5Hc80GKW/0O5bDy2Oq6j/tURqmmSDcXwiW/GK1UjEahkR/ZuQSKBxiAH6X/qPm5sgpnxHa9TNjexJmmXkoaX/bKX5O07/0XtnKFhtHfjyAQNkwUIpRd0Wx0ICt/q7qeZtZpgau6dFGX98/A1uY7tzRYX9QSq8FyYkZjvvvZIm65BSX+uHL3Lg8mvx2aPsrThdTu0skqrPzc8sKJeKz6Dbnm8Ek+OoAwkb2FGj/yRCY1NsNHh0TAFGNx7YujqIFrDg0dDiaNiFkOmsfqRl1+8N3p+zr6ElE0ixRfdD2DzABF4Gp20UQPfZB6egEq+yGhkPvz charles@ultix

BIN
slack-dist/slackDist.tar.gz
View File

Binary file not shown.

0
slack/prod/netdata/files/etc/netdata/.opt-out-from-anonymous-statistics
View File

12211
slack/prod/netdata/files/etc/netdata/netdata.conf
View File

File diff suppressed because it is too large Load Diff

9
slack/prod/netdata/files/etc/netdata/stream.conf
View File

@@ -1,9 +0,0 @@
[stream]
# Enable this on slaves, to have them send metrics.
enabled = yes
destination = tcp:toolbox.turnsys.net:19999
api key = 6ed9e20a-c819-4ebc-b894-322eb0710d03
timeout seconds = 60
buffer size bytes = 1048576
reconnect delay seconds = 5
initial clock resync iterations = 60

9
slack/prod/netdata/scripts/postinstall
View File

@@ -1,9 +0,0 @@
#!/bin/bash
echo "stopping netdata..."
service netdata stop
echo "starting netdata..."
service netdata start
echo "netdata file refresh"

0
slack/prod/ossec/files/etc/netdata/.opt-out-from-anonymous-statistics
View File

12211
slack/prod/ossec/files/etc/netdata/netdata.conf
View File

File diff suppressed because it is too large Load Diff

9
slack/prod/ossec/files/etc/netdata/stream.conf
View File

@@ -1,9 +0,0 @@
[stream]
# Enable this on slaves, to have them send metrics.
enabled = yes
destination = tcp:toolbox.turnsys.net:19999
api key = 6ed9e20a-c819-4ebc-b894-322eb0710d03
timeout seconds = 60
buffer size bytes = 1048576
reconnect delay seconds = 5
initial clock resync iterations = 60

8
slack/prod/ossec/scripts/postinstall
View File

@@ -1,8 +0,0 @@
#!/bin/bash
echo "stopping ossec..."
/var/ossec/bin/ossec-control stop
echo "starting ossec..."
/var/ossec/bin/ossec-control start

3
slack/prod/tsys-base/files/etc/aliases
View File

@@ -1,3 +0,0 @@
postmaster: root
root: prodtechopsalerts@turnsys.com

11
slack/prod/tsys-base/files/etc/cron.d/sysstat
View File

@@ -1,11 +0,0 @@
The first element of the path is a directory where the debian-sa1
# script is located
PATH=/usr/lib/sysstat:/usr/sbin:/usr/sbin:/usr/bin:/sbin:/bin
# Activity reports every 10 minutes everyday
*/2 * * * * root command -v debian-sa1 > /dev/null && debian-sa1 1 1
# Additional run at 23:59 to rotate the statistics file
59 23 * * * root command -v debian-sa1 > /dev/null && debian-sa1 60 2

11
slack/prod/tsys-base/files/etc/default/snmpd
View File

@@ -1,11 +0,0 @@
# This file controls the activity of snmpd
# Don't load any MIBs by default.
# You might comment this lines once you have the MIBs downloaded.
export MIBS=
# snmpd control (yes means start daemon).
SNMPDRUN=yes
# snmpd options (use syslog, close stdin/out/err).
SNMPDOPTS='-LS0-5d -Lf /dev/null -u snmp -g snmp -p /run/snmpd.pid'

10
slack/prod/tsys-base/files/etc/issue
View File

@@ -1,10 +0,0 @@
===============================================================================
This is a private computer system. These resources, including all
related equipment, networks, and devices, are provided for authorized
use only. The system may be monitored for all lawful purposes. Evidence
of unauthorized use collected during monitoring may be used for criminal
prosecution by staff, legal counsel, and law enforcement agencies.
===============================================================================

Some files were not shown because too many files have changed in this diff Show More