TechnicalOperations/LegacyTechops
2
0
Fork 0
Code Pull Requests Packages Projects Releases Activity

finishing file cleanup

Browse Source
This commit is contained in:
Charles N Wyble 2024-11-11 18:43:05 -06:00
parent 17ed3bce46
commit 198f8633fa
66 changed files with 3558 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
CMDB/snmp/.svn/all-wcprops Normal file
View File

@ -0,0 +1,29 @@
K 25
svn:wc:ra_dav:version-url
V 57
/rg0103/pdesubversion-tpqaslack/!svn/ver/366/scripts/snmp
END
debian-default-snmpd
K 25
svn:wc:ra_dav:version-url
V 78
/rg0103/pdesubversion-tpqaslack/!svn/ver/315/scripts/snmp/debian-default-snmpd
END
centos-snmpd.options
K 25
svn:wc:ra_dav:version-url
V 78
/rg0103/pdesubversion-tpqaslack/!svn/ver/359/scripts/snmp/centos-snmpd.options
END
setup-snmp.sh
K 25
svn:wc:ra_dav:version-url
V 71
/rg0103/pdesubversion-tpqaslack/!svn/ver/366/scripts/snmp/setup-snmp.sh
END
snmpd.conf
K 25
svn:wc:ra_dav:version-url
V 68
/rg0103/pdesubversion-tpqaslack/!svn/ver/276/scripts/snmp/snmpd.conf
END

164
CMDB/snmp/.svn/entries Normal file
View File

@ -0,0 +1,164 @@
10
dir
440
https://svn01.atlanta.hp.com/rg0103/pdesubversion-tpqaslack/scripts/snmp
https://svn01.atlanta.hp.com/rg0103/pdesubversion-tpqaslack
2013-10-30T20:33:11.769859Z
366
wyble@hp.com
92b00a8e-620f-4ac7-abd2-c9ef5b6c269b
debian-default-snmpd
file
2013-12-10T21:18:03.480402Z
536542d8470261eb1971bd3bb35adf68
2013-10-02T16:57:28.319476Z
315
wyble@hp.com
723
centos-snmpd.options
file
2013-12-10T21:18:03.487402Z
40233436f1b04129a231dba3a5225762
2013-10-25T19:11:31.312453Z
359
wyble@hp.com
has-props
135
setup-snmp.sh
file
2013-12-10T21:18:03.492402Z
dde4ae53ae1e316b551dbc386ac30e9b
2013-10-30T20:33:11.769859Z
366
wyble@hp.com
1350
snmpd.conf
file
2013-12-10T21:18:03.496402Z
88b7c51014dbd12d784982d41c3ae7e7
2013-09-17T18:44:43.972099Z
276
wyble@hp.com
474

5
CMDB/snmp/.svn/prop-base/centos-snmpd.options(1).svn-base Normal file
View File

@ -0,0 +1,5 @@
K 14
svn:executable
V 1
*
END

5
CMDB/snmp/.svn/prop-base/centos-snmpd.options.svn-base Normal file
View File

@ -0,0 +1,5 @@
K 14
svn:executable
V 1
*
END

3
CMDB/snmp/.svn/text-base/centos-snmpd.options(1).svn-base Normal file
View File

@ -0,0 +1,3 @@
# snmpd command line options
OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd.pid"
#OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd.pid -a"

3
CMDB/snmp/.svn/text-base/centos-snmpd.options.svn-base Normal file
View File

@ -0,0 +1,3 @@
# snmpd command line options
OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd.pid"
#OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd.pid -a"

22
CMDB/snmp/.svn/text-base/debian-default-snmpd.svn-base Normal file
View File

@ -0,0 +1,22 @@
# This file controls the activity of snmpd and snmptrapd
# Don't load any MIBs by default.
# You might comment this lines once you have the MIBs downloaded.
export MIBS=
# snmpd control (yes means start daemon).
SNMPDRUN=yes
# snmpd options (use syslog, close stdin/out/err).
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid'
# snmptrapd control (yes means start daemon). As of net-snmp version
# 5.0, master agentx support must be enabled in snmpd before snmptrapd
# can be run. See snmpd.conf(5) for how to do this.
TRAPDRUN=no
# snmptrapd options (use syslog).
TRAPDOPTS='-Lsd -p /var/run/snmptrapd.pid'
# create symlink on Debian legacy location to official RFC path
SNMPDCOMPAT=yes

62
CMDB/snmp/.svn/text-base/setup-snmp.sh.svn-base Normal file
View File

@ -0,0 +1,62 @@
#!/bin/bash
#A script to setup snmp on redhat/debian systems
centos_snmp()
#Install SNMP on a cent box
{
#Fix yum.conf
wget -O /etc/yum/yum.conf http://slack-master.tplab.tippingpoint.com/yum.conf
#Install snmpd
yum -y install net-snmp
#Install observium bits
wget -O /usr/bin/distro http://www.observium.org/svn/observer/trunk/scripts/distro
chmod 755 /usr/bin/distro
#Pull down snmpd configuration files
wget -O /etc/snmp/snmpd.conf http://slack-master.tplab.tippingpoint.com/snmp/snmpd.conf
wget -O /etc/sysconfig/snmpd.options http://slack-master.tplab.tippingpoint.com/snmp/centos-snmpd.options
#Restart snmpd
/etc/init.d/snmpd restart
chkconfig snmpd on
}
debian_snmp()
#Install snmp on a debian box
{
#Install snmpd
apt-get -y install snmpd
#Install observium bits
wget -O /usr/bin/distro http://www.observium.org/svn/observer/trunk/scripts/distro
chmod 755 /usr/bin/distro
#Pull down snmpd configuration files
wget -O /etc/default/snmpd http://slack-master.tplab.tippingpoint.com/snmp/debian-default-snmpd.conf
wget -O /etc/snmp/snmpd.conf http://slack-master.tplab.tippingpoint.com/snmp/snmpd.conf
#Restart snmpd
/etc/init.d/snmpd restart
chkconfig snmpd on
}
DIST=$(lsb_release -d)
if [ $(echo $DIST | grep Ubuntu -c) -eq 1 ];
then
debian_snmp
fi
if [ $(echo $DIST | grep Centos -c) -eq 1 ];
then
centos_snmp
fi

10
CMDB/snmp/.svn/text-base/snmpd.conf.svn-base Normal file
View File

@ -0,0 +1,10 @@
com2sec readonly default mng-actua1
group MyROGroup v1 readonly
group MyROGroup v2c readonly
group MyROGroup usm readonly
view all included .1 80
access MyROGroup "" any noauth exact all none none
syslocation Austin TX USA
syscontact esplabsupport@hp.com
#This line allows Observium to detect the host OS if the distro script is installed
extend .1.3.6.1.4.1.2021.7890.1 distro /usr/bin/distro

3
CMDB/snmp/centos-snmpd(1).options Normal file
View File

@ -0,0 +1,3 @@
# snmpd command line options
OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd.pid"
#OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd.pid -a"

3
CMDB/snmp/centos-snmpd.options Normal file
View File

@ -0,0 +1,3 @@
# snmpd command line options
OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd.pid"
#OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd.pid -a"

22
CMDB/snmp/debian-default-snmpd Normal file
View File

@ -0,0 +1,22 @@
# This file controls the activity of snmpd and snmptrapd
# Don't load any MIBs by default.
# You might comment this lines once you have the MIBs downloaded.
export MIBS=
# snmpd control (yes means start daemon).
SNMPDRUN=yes
# snmpd options (use syslog, close stdin/out/err).
SNMPDOPTS='-LS4d -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid'
# snmptrapd control (yes means start daemon). As of net-snmp version
# 5.0, master agentx support must be enabled in snmpd before snmptrapd
# can be run. See snmpd.conf(5) for how to do this.
TRAPDRUN=no
# snmptrapd options (use syslog).
TRAPDOPTS='-Lsd -p /var/run/snmptrapd.pid'
# create symlink on Debian legacy location to official RFC path
SNMPDCOMPAT=yes

70
CMDB/snmp/distro Normal file
View File

@ -0,0 +1,70 @@
#!/bin/sh
# Detects which OS and if it is Linux then it will detect which Linux Distribution.
OS=`uname -s`
REV=`uname -r`
MACH=`uname -m`
if [ "${OS}" = "SunOS" ] ; then
OS=Solaris
ARCH=`uname -p`
OSSTR="${OS} ${REV}(${ARCH} `uname -v`)"
elif [ "${OS}" = "AIX" ] ; then
OSSTR="${OS} `oslevel` (`oslevel -r`)"
elif [ "${OS}" = "Linux" ] ; then
KERNEL=`uname -r`
if [ -f /etc/redhat-release ] ; then
DIST=$(cat /etc/redhat-release | awk '{print $1}')
if [ "${DIST}" = "CentOS" ]; then
DIST="CentOS"
elif [ "${DIST}" = "Mandriva" ]; then
DIST="Mandriva"
PSEUDONAME=`cat /etc/mandriva-release | sed s/.*\(// | sed s/\)//`
REV=`cat /etc/mandriva-release | sed s/.*release\ // | sed s/\ .*//`
elif [ "${DIST}" = "Fedora" ]; then
DIST="Fedora"
else
DIST="RedHat"
fi
PSEUDONAME=`cat /etc/redhat-release | sed s/.*\(// | sed s/\)//`
REV=`cat /etc/redhat-release | sed s/.*release\ // | sed s/\ .*//`
elif [ -f /etc/SuSE-release ] ; then
DIST=`cat /etc/SuSE-release | tr "\n" ' '| sed s/VERSION.*//`
REV=`cat /etc/SuSE-release | tr "\n" ' ' | sed s/.*=\ //`
elif [ -f /etc/mandrake-release ] ; then
DIST='Mandrake'
PSEUDONAME=`cat /etc/mandrake-release | sed s/.*\(// | sed s/\)//`
REV=`cat /etc/mandrake-release | sed s/.*release\ // | sed s/\ .*//`
elif [ -f /etc/debian_version ] ; then
if [ -f /etc/mailcleaner/etc/mailcleaner/version.def ] ; then
DIST="MailCleaner"
REV=`cat /etc/mailcleaner/etc/mailcleaner/version.def`
else
DIST="Debian `cat /etc/debian_version`"
REV=""
fi
fi
if [ -f /etc/UnitedLinux-release ] ; then
DIST="${DIST}[`cat /etc/UnitedLinux-release | tr "\n" ' ' | sed s/VERSION.*//`]"
fi
if [ -f /etc/lsb-release ] ; then
LSB_DIST="`cat /etc/lsb-release | grep DISTRIB_ID | cut -d "=" -f2`"
LSB_REV="`cat /etc/lsb-release | grep DISTRIB_RELEASE | cut -d "=" -f2`"
if [ "$LSB_DIST" != "" ] ; then
DIST=$LSB_DIST
REV=$LSB_REV
fi
fi
# OSSTR="${OS} ${DIST} ${REV}(${PSEUDONAME} ${KERNEL} ${MACH})"
OSSTR="${DIST} ${REV}"
elif [ "${OS}" = "Darwin" ] ; then
if [ -f /usr/bin/sw_vers ] ; then
OSSTR=`/usr/bin/sw_vers|grep -v Build|sed 's/^.*:.//'| tr "\n" ' '`
fi
fi
echo ${OSSTR}

32
CMDB/snmp/setup-snmp.sh Normal file
View File

@ -0,0 +1,32 @@
#!/bin/bash
#Install script for snmp on all Linux systems
if [ -f /etc/apt/sources.list ];
then
#Install observium bits
chmod 755 /usr/bin/distro
#Pull down snmpd configuration files
wget -O /etc/default/snmpd http://txn04-slack-master.tplab.tippingpoint.com/sysmgmt/snmp/debian-default-snmpd
wget -O /etc/snmp/snmpd.conf http://txn04-slack-master.tplab.tippingpoint.com/sysmgmt/snmp/snmpd.conf
#Restart snmpd
/etc/init.d/snmpd restart
elif [ -f /etc/yum.conf ];
then
#Fix yum.conf
wget -O /etc/yum/yum.conf http://fezzik.tplab.tippingpoint.com/yum.conf
#Install snmpd
yum -y install net-snmp
#Install observium bits
curl --silent http://txn04-slack-master.tplab.tippingpoint.com/sysmgmt/snmp/distro > /usr/bin/distro
chmod 755 /usr/bin/distro
#Pull down snmpd configuration files
wget -O /etc/snmp/snmpd.conf http://txn04-slack-master.tplab.tippingpoint.com/sysmgmt/snmp/snmpd.conf
wget -O /etc/sysconfig/snmpd.options http://txn04-slack-master.tplab.tippingpoint.com/sysmgmt/snmp/centos-snmpd.options
#Restart snmpd
/etc/init.d/snmpd restart
chkconfig snmpd on
fi

10
CMDB/snmp/snmpd.conf Normal file
View File

@ -0,0 +1,10 @@
com2sec readonly default mng-actua1
group MyROGroup v1 readonly
group MyROGroup v2c readonly
group MyROGroup usm readonly
view all included .1 80
access MyROGroup "" any noauth exact all none none
syslocation Austin TX USA
syscontact techops-alerts@turnsys.com
#This line allows Observium to detect the host OS if the distro script is installed
extend .1.3.6.1.4.1.2021.7890.1 distro /usr/bin/distro

35
CMDB/subnets Normal file
View File

@ -0,0 +1,35 @@
10.253.0.0/24
10.253.1.0/24
10.253.2.0/24
10.253.3.0/24
10.253.4.0/24
10.253.5.0/24
10.253.6.0/24
10.253.7.0/24
10.253.8.0/24
10.253.9.0/24
10.251.0.0/24
10.251.1.0/24
10.251.2.0/24
10.251.3.0/24
10.251.4.0/24
10.251.5.0/24
10.251.6.0/24
10.251.7.0/24
10.251.8.0/24
10.251.9.0/24
10.251.10.0/24
10.251.11.0/24
10.251.12.0/24
10.251.13.0/24
10.251.30.0/24
10.251.31.0/24
10.251.32.0/24
10.251.33.0/24
10.251.34.0/24
10.251.35.0/24
10.251.36.0/24
10.251.37.0/24
10.251.38.0/24
10.251.39.0/24
10.251.40.0/24

5
CMDB/zenossScan.sh Normal file
View File

@ -0,0 +1,5 @@
#!/bin/bash
for subnet in $(cat subnets); do
zendisc run --now --monitor localhost --deviceclass /Discovered --parallel 8 --net $subnet
done

293
bare-metal/interfaces-fnfDedi Normal file
View File

@ -0,0 +1,293 @@
#This file is fairly long and complex. Don't change it unless you know what you are doing.
#And if you aren't Charles Wyble, you don't know what your doing in this context. Trust me.
# The loopback network interface
auto lo
iface lo inet loopback
#First we create the bonded interfaces for high availabilty:
###########################################################################################
#First bond here (eth0/1 ha pair)
###########################################################################################
auto eth0
allow-bond0 eth0
iface eth0 inet manual
bond-master bond0
auto eth1
allow-bond0 eth1
iface eth1 inet manual
bond-master bond0
auto bond0
iface bond0 inet manual
post-up ifconfig $IFACE up
pre-down ifconfig $IFACE down
bond-slaves none
bond-mode active-backup
bond-miimon 100
bond-downdelay 200
bond-updelay 100
dns-nameservers 208.67.222.222 208.67.220.220
###########################################################################################
#Second bond here (eth2/3 ha pair)
###########################################################################################
auto eth2
allow-bond1 eth2
iface eth2 inet manual
bond-master bond1
auto eth3
allow-bond1 eth3
iface eth3 inet manual
bond-master bond1
auto bond1
iface bond1 inet manual
post-up ifconfig $IFACE up
pre-down ifconfig $IFACE down
bond-slaves none
bond-mode active-backup
bond-miimon 100
bond-downdelay 200
bond-updelay 100
dns-nameservers 208.67.222.222 208.67.220.220
###########################################################################################
#Interface defintions #
###########################################################################################
###########################################################################################
#Backend MGMT interface (used for overall management network, physical devices) #
###########################################################################################
auto bond0.2
iface bond0.2 inet manual
post-up ifconfig $IFACE up
pre-down ifconfig $IFACE down
vlan-raw-device bond0
auto br2
iface br2 inet static
address 10.250.2.3
netmask 255.255.255.0
gateway 10.250.2.1
bridge_ports bond0.2
bridge_stp off
bridge_fd 0
bridge_maxwait 0
###########################################################################################
#Backend FNF interface (used for FNF management network). For now all virtual machines #
###########################################################################################
auto bond0.4
iface bond0.4 inet manual
post-up ifconfig $IFACE up
pre-down ifconfig $IFACE down
vlan-raw-device bond0
auto br4
iface br4 inet static
address 10.250.4.3
netmask 255.255.255.0
gateway 10.250.4.1
bridge_ports bond0.4
bridge_stp off
bridge_fd 0
bridge_maxwait 0
###########################################################################################
#Frontend FNF interface (used for internet traffic) #
###########################################################################################
auto bond1.5
iface bond1.5 inet manual
post-up ifconfig $IFACE up
pre-down ifconfig $IFACE down
vlan-raw-device bond1
auto br5
iface br5 inet static
address 10.250.5.3
netmask 255.255.255.0
gateway 10.250.5.1
bridge_ports bond1.5
bridge_stp off
bridge_fd 0
bridge_maxwait 0
###########################################################################################
#Backend infra interface (used for shared infra services like DNS)
###########################################################################################
auto bond0.6
iface bond0.6 inet manual
post-up ifconfig $IFACE up
pre-down ifconfig $IFACE down
vlan-raw-device bond0
auto br6
iface br6 inet static
address 10.250.6.3
netmask 255.255.255.0
gateway 10.250.6.1
bridge_ports bond0.6
bridge_stp off
bridge_fd 0
bridge_maxwait 0
###########################################################################################
#Backend www interface (used for www management network) #
###########################################################################################
auto bond0.8
iface bond0.8 inet manual
post-up ifconfig $IFACE up
pre-down ifconfig $IFACE down
vlan-raw-device bond0
auto br8
iface br8 inet static
address 10.250.8.3
netmask 255.255.255.0
gateway 10.250.8.1
bridge_ports bond0.8
bridge_stp off
bridge_fd 0
bridge_maxwait 0
###########################################################################################
#Frontend www interface (used for www external network) #
###########################################################################################
auto bond1.9
iface bond1.9 inet manual
post-up ifconfig $IFACE up
pre-down ifconfig $IFACE down
vlan-raw-device bond1
auto br9
iface br9 inet static
address 10.250.9.3
netmask 255.255.255.0
gateway 10.250.9.1
bridge_ports bond1.9
bridge_stp off
bridge_fd 0
bridge_maxwait 0
###########################################################################################
#IMW backend interface #
###########################################################################################
auto bond0.54
iface bond0.54 inet manual
post-up ifconfig $IFACE up
pre-down ifconfig $IFACE down
vlan-raw-device bond1
auto br54
iface br54 inet static
address 10.250.54.3
netmask 255.255.255.0
gateway 10.250.54.1
bridge_ports bond0.54
bridge_stp off
bridge_fd 0
###########################################################################################
#AutoTunnel interfaces #
###########################################################################################
#Management
auto bond0.88
iface bond0.88 inet manual
post-up ifconfig $IFACE up
pre-down ifconfig $IFACE down
vlan-raw-device bond1
auto br88
iface br88 inet static
address 10.250.88.3
netmask 255.255.255.0
gateway 10.250.88.1
bridge_ports bond0.88
bridge_stp off
bridge_fd 0
#Inline
auto bond0.89
iface bond0.89 inet manual
post-up ifconfig $IFACE up
pre-down ifconfig $IFACE down
vlan-raw-device bond1
auto br89
iface br89 inet static
address 10.250.89.3
netmask 255.255.255.0
gateway 10.250.89.1
bridge_ports bond0.89
bridge_stp off
bridge_fd 0
#Isolation
auto bond0.90
iface bond0.90 inet manual
post-up ifconfig $IFACE up
pre-down ifconfig $IFACE down
vlan-raw-device bond1
auto br90
iface br90 inet static
address 10.250.90.3
netmask 255.255.255.0
gateway 10.250.90.1
bridge_ports bond0.90
bridge_stp off
bridge_fd 0
#Registration
auto bond0.91
iface bond0.91 inet manual
post-up ifconfig $IFACE up
pre-down ifconfig $IFACE down
vlan-raw-device bond1
auto br91
iface br91 inet static
address 10.250.91.3
netmask 255.255.255.0
gateway 10.250.91.1
bridge_ports bond0.91
bridge_stp off
bridge_fd 0
###########################################################################################
#KNEL backend interface #
###########################################################################################
auto bond0.24
iface bond0.24 inet manual
post-up ifconfig $IFACE up
pre-down ifconfig $IFACE down
vlan-raw-device bond0
auto br24
iface br24 inet static
address 10.250.24.3
netmask 255.255.255.0
gateway 10.250.24.1
bridge_ports bond0.24
bridge_stp off
bridge_fd 0
bridge_maxwait 0

169
bare-metal/interfaces-tsysDedi Normal file
View File

@ -0,0 +1,169 @@
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet manual
##########################################################################
#WAN bridge - non ovs, physical interface
##########################################################################
auto brWan
iface brWan inet static
address 158.69.225.97
netmask 255.255.255.0
network 158.69.225.0
broadcast 158.69.225.255
gateway 158.69.225.254
bridge_ports eth0
bridge_stp off
bridge_fd 0
bridge_hello 2
bridge_maxage 12
#Routing network
#10.253.0.0/24
#No VLAN1 obviously, what do you think this is? A holiday inn?
##########################################################################
#bare metal net vlan2 goes nowhere just provides isolation
##########################################################################
auto baremetal
allow-ovs baremetal
iface baremetal inet static
address 10.253.44.2
netmask 255.255.255.0
ovs_type OVSBridge
ovs_ports vlan2
allow-baremetal vlan2
iface vlan2 inet manual
ovs_bridge baremetal
ovs_type OVSIntPort
ovs_options tag=2
##########################################################################
#mgmt net vlan3
##########################################################################
auto mgmt
allow-ovs mgmt
iface mgmt inet static
address 10.253.3.2
netmask 255.255.255.0
ovs_type OVSBridge
ovs_ports vlan3
allow-mgmt vlan3
iface vlan3 inet manual
ovs_bridge mgmt
ovs_type OVSIntPort
ovs_options tag=3
##########################################################################
#asn2net net vlan4
##########################################################################
auto asn2net
allow-ovs asn2net
iface asn2net inet static
address 10.253.4.2
netmask 255.255.255.0
ovs_type OVSBridge
ovs_ports vlan4
allow-asn2net vlan4
iface vlan4 inet manual
ovs_bridge asn2net
ovs_type OVSIntPort
ovs_options tag=4
##########################################################################
#S2l net vlan5
##########################################################################
auto s2l
allow-ovs s2l
iface s2l inet static
address 10.253.5.2
netmask 255.255.255.0
ovs_type OVSBridge
ovs_ports vlan5
allow-s2l vlan5
iface vlan5 inet manual
ovs_bridge s2l
ovs_type OVSIntPort
ovs_options tag=5
##########################################################################
#rackrental net vlan6
##########################################################################
auto rackrental
allow-ovs rackrental
iface rackrental inet static
address 10.253.6.2
netmask 255.255.255.0
ovs_type OVSBridge
ovs_ports vlan6
allow-rackrental vlan6
iface vlan6 inet manual
ovs_bridge rackrental
ovs_type OVSIntPort
ovs_options tag=6
##########################################################################
#fnf net vlan7
##########################################################################
auto fnf
allow-ovs fnf
iface fnf inet static
address 10.253.7.2
netmask 255.255.255.0
ovs_type OVSBridge
ovs_ports vlan7
allow-fnf vlan7
iface vlan7 inet manual
ovs_bridge fnf
ovs_type OVSIntPort
ovs_options tag=7
##########################################################################
#knel net vlan8
##########################################################################
auto knel
allow-ovs knel
iface knel inet static
address 10.253.8.2
netmask 255.255.255.0
ovs_type OVSBridge
ovs_ports vlan8
allow-knel vlan8
iface vlan8 inet manual
ovs_bridge knel
ovs_type OVSIntPort
ovs_options tag=8
##########################################################################
#tsys net vlan9
##########################################################################
auto tsys
allow-ovs tsys
iface tsys inet static
address 10.253.9.2
netmask 255.255.255.0
ovs_type OVSBridge
ovs_ports vlan9
allow-tsys vlan9
iface vlan9 inet manual
ovs_bridge tsys
ovs_type OVSIntPort
ovs_options tag=9

674
lab/LICENSE Normal file
View File

@ -0,0 +1,674 @@
GNU GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The GNU General Public License is a free, copyleft license for
software and other kinds of works.
The licenses for most software and other practical works are designed
to take away your freedom to share and change the works. By contrast,
the GNU General Public License is intended to guarantee your freedom to
share and change all versions of a program--to make sure it remains free
software for all its users. We, the Free Software Foundation, use the
GNU General Public License for most of our software; it applies also to
any other work released this way by its authors. You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
them if you wish), that you receive source code or can get it if you
want it, that you can change the software or use pieces of it in new
free programs, and that you know you can do these things.
To protect your rights, we need to prevent others from denying you
these rights or asking you to surrender the rights. Therefore, you have
certain responsibilities if you distribute copies of the software, or if
you modify it: responsibilities to respect the freedom of others.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must pass on to the recipients the same
freedoms that you received. You must make sure that they, too, receive
or can get the source code. And you must show them these terms so they
know their rights.
Developers that use the GNU GPL protect your rights with two steps:
(1) assert copyright on the software, and (2) offer you this License
giving you legal permission to copy, distribute and/or modify it.
For the developers' and authors' protection, the GPL clearly explains
that there is no warranty for this free software. For both users' and
authors' sake, the GPL requires that modified versions be marked as
changed, so that their problems will not be attributed erroneously to
authors of previous versions.
Some devices are designed to deny users access to install or run
modified versions of the software inside them, although the manufacturer
can do so. This is fundamentally incompatible with the aim of
protecting users' freedom to change the software. The systematic
pattern of such abuse occurs in the area of products for individuals to
use, which is precisely where it is most unacceptable. Therefore, we
have designed this version of the GPL to prohibit the practice for those
products. If such problems arise substantially in other domains, we
stand ready to extend this provision to those domains in future versions
of the GPL, as needed to protect the freedom of users.
Finally, every program is threatened constantly by software patents.
States should not allow patents to restrict development and use of
software on general-purpose computers, but in those that do, we wish to
avoid the special danger that patents applied to a free program could
make it effectively proprietary. To prevent this, the GPL assures that
patents cannot be used to render the program non-free.
The precise terms and conditions for copying, distribution and
modification follow.
TERMS AND CONDITIONS
0. Definitions.
"This License" refers to version 3 of the GNU General Public License.
"Copyright" also means copyright-like laws that apply to other kinds of
works, such as semiconductor masks.
"The Program" refers to any copyrightable work licensed under this
License. Each licensee is addressed as "you". "Licensees" and
"recipients" may be individuals or organizations.
To "modify" a work means to copy from or adapt all or part of the work
in a fashion requiring copyright permission, other than the making of an
exact copy. The resulting work is called a "modified version" of the
earlier work or a work "based on" the earlier work.
A "covered work" means either the unmodified Program or a work based
on the Program.
To "propagate" a work means to do anything with it that, without
permission, would make you directly or secondarily liable for
infringement under applicable copyright law, except executing it on a
computer or modifying a private copy. Propagation includes copying,
distribution (with or without modification), making available to the
public, and in some countries other activities as well.
To "convey" a work means any kind of propagation that enables other
parties to make or receive copies. Mere interaction with a user through
a computer network, with no transfer of a copy, is not conveying.
An interactive user interface displays "Appropriate Legal Notices"
to the extent that it includes a convenient and prominently visible
feature that (1) displays an appropriate copyright notice, and (2)
tells the user that there is no warranty for the work (except to the
extent that warranties are provided), that licensees may convey the
work under this License, and how to view a copy of this License. If
the interface presents a list of user commands or options, such as a
menu, a prominent item in the list meets this criterion.
1. Source Code.
The "source code" for a work means the preferred form of the work
for making modifications to it. "Object code" means any non-source
form of a work.
A "Standard Interface" means an interface that either is an official
standard defined by a recognized standards body, or, in the case of
interfaces specified for a particular programming language, one that
is widely used among developers working in that language.
The "System Libraries" of an executable work include anything, other
than the work as a whole, that (a) is included in the normal form of
packaging a Major Component, but which is not part of that Major
Component, and (b) serves only to enable use of the work with that
Major Component, or to implement a Standard Interface for which an
implementation is available to the public in source code form. A
"Major Component", in this context, means a major essential component
(kernel, window system, and so on) of the specific operating system
(if any) on which the executable work runs, or a compiler used to
produce the work, or an object code interpreter used to run it.
The "Corresponding Source" for a work in object code form means all
the source code needed to generate, install, and (for an executable
work) run the object code and to modify the work, including scripts to
control those activities. However, it does not include the work's
System Libraries, or general-purpose tools or generally available free
programs which are used unmodified in performing those activities but
which are not part of the work. For example, Corresponding Source
includes interface definition files associated with source files for
the work, and the source code for shared libraries and dynamically
linked subprograms that the work is specifically designed to require,
such as by intimate data communication or control flow between those
subprograms and other parts of the work.
The Corresponding Source need not include anything that users
can regenerate automatically from other parts of the Corresponding
Source.
The Corresponding Source for a work in source code form is that
same work.
2. Basic Permissions.
All rights granted under this License are granted for the term of
copyright on the Program, and are irrevocable provided the stated
conditions are met. This License explicitly affirms your unlimited
permission to run the unmodified Program. The output from running a
covered work is covered by this License only if the output, given its
content, constitutes a covered work. This License acknowledges your
rights of fair use or other equivalent, as provided by copyright law.
You may make, run and propagate covered works that you do not
convey, without conditions so long as your license otherwise remains
in force. You may convey covered works to others for the sole purpose
of having them make modifications exclusively for you, or provide you
with facilities for running those works, provided that you comply with
the terms of this License in conveying all material for which you do
not control copyright. Those thus making or running the covered works
for you must do so exclusively on your behalf, under your direction
and control, on terms that prohibit them from making any copies of
your copyrighted material outside their relationship with you.
Conveying under any other circumstances is permitted solely under
the conditions stated below. Sublicensing is not allowed; section 10
makes it unnecessary.
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
No covered work shall be deemed part of an effective technological
measure under any applicable law fulfilling obligations under article
11 of the WIPO copyright treaty adopted on 20 December 1996, or
similar laws prohibiting or restricting circumvention of such
measures.
When you convey a covered work, you waive any legal power to forbid
circumvention of technological measures to the extent such circumvention
is effected by exercising rights under this License with respect to
the covered work, and you disclaim any intention to limit operation or
modification of the work as a means of enforcing, against the work's
users, your or third parties' legal rights to forbid circumvention of
technological measures.
4. Conveying Verbatim Copies.
You may convey verbatim copies of the Program's source code as you
receive it, in any medium, provided that you conspicuously and
appropriately publish on each copy an appropriate copyright notice;
keep intact all notices stating that this License and any
non-permissive terms added in accord with section 7 apply to the code;
keep intact all notices of the absence of any warranty; and give all
recipients a copy of this License along with the Program.
You may charge any price or no price for each copy that you convey,
and you may offer support or warranty protection for a fee.
5. Conveying Modified Source Versions.
You may convey a work based on the Program, or the modifications to
produce it from the Program, in the form of source code under the
terms of section 4, provided that you also meet all of these conditions:
a) The work must carry prominent notices stating that you modified
it, and giving a relevant date.
b) The work must carry prominent notices stating that it is
released under this License and any conditions added under section
7. This requirement modifies the requirement in section 4 to
"keep intact all notices".
c) You must license the entire work, as a whole, under this
License to anyone who comes into possession of a copy. This
License will therefore apply, along with any applicable section 7
additional terms, to the whole of the work, and all its parts,
regardless of how they are packaged. This License gives no
permission to license the work in any other way, but it does not
invalidate such permission if you have separately received it.
d) If the work has interactive user interfaces, each must display
Appropriate Legal Notices; however, if the Program has interactive
interfaces that do not display Appropriate Legal Notices, your
work need not make them do so.
A compilation of a covered work with other separate and independent
works, which are not by their nature extensions of the covered work,
and which are not combined with it such as to form a larger program,
in or on a volume of a storage or distribution medium, is called an
"aggregate" if the compilation and its resulting copyright are not
used to limit the access or legal rights of the compilation's users
beyond what the individual works permit. Inclusion of a covered work
in an aggregate does not cause this License to apply to the other
parts of the aggregate.
6. Conveying Non-Source Forms.
You may convey a covered work in object code form under the terms
of sections 4 and 5, provided that you also convey the
machine-readable Corresponding Source under the terms of this License,
in one of these ways:
a) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by the
Corresponding Source fixed on a durable physical medium
customarily used for software interchange.
b) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by a
written offer, valid for at least three years and valid for as
long as you offer spare parts or customer support for that product
model, to give anyone who possesses the object code either (1) a
copy of the Corresponding Source for all the software in the
product that is covered by this License, on a durable physical
medium customarily used for software interchange, for a price no
more than your reasonable cost of physically performing this
conveying of source, or (2) access to copy the
Corresponding Source from a network server at no charge.
c) Convey individual copies of the object code with a copy of the
written offer to provide the Corresponding Source. This
alternative is allowed only occasionally and noncommercially, and
only if you received the object code with such an offer, in accord
with subsection 6b.
d) Convey the object code by offering access from a designated
place (gratis or for a charge), and offer equivalent access to the
Corresponding Source in the same way through the same place at no
further charge. You need not require recipients to copy the
Corresponding Source along with the object code. If the place to
copy the object code is a network server, the Corresponding Source
may be on a different server (operated by you or a third party)
that supports equivalent copying facilities, provided you maintain
clear directions next to the object code saying where to find the
Corresponding Source. Regardless of what server hosts the
Corresponding Source, you remain obligated to ensure that it is
available for as long as needed to satisfy these requirements.
e) Convey the object code using peer-to-peer transmission, provided
you inform other peers where the object code and Corresponding
Source of the work are being offered to the general public at no
charge under subsection 6d.
A separable portion of the object code, whose source code is excluded
from the Corresponding Source as a System Library, need not be
included in conveying the object code work.
A "User Product" is either (1) a "consumer product", which means any
tangible personal property which is normally used for personal, family,
or household purposes, or (2) anything designed or sold for incorporation
into a dwelling. In determining whether a product is a consumer product,
doubtful cases shall be resolved in favor of coverage. For a particular
product received by a particular user, "normally used" refers to a
typical or common use of that class of product, regardless of the status
of the particular user or of the way in which the particular user
actually uses, or expects or is expected to use, the product. A product
is a consumer product regardless of whether the product has substantial
commercial, industrial or non-consumer uses, unless such uses represent
the only significant mode of use of the product.
"Installation Information" for a User Product means any methods,
procedures, authorization keys, or other information required to install
and execute modified versions of a covered work in that User Product from
a modified version of its Corresponding Source. The information must
suffice to ensure that the continued functioning of the modified object
code is in no case prevented or interfered with solely because
modification has been made.
If you convey an object code work under this section in, or with, or
specifically for use in, a User Product, and the conveying occurs as
part of a transaction in which the right of possession and use of the
User Product is transferred to the recipient in perpetuity or for a
fixed term (regardless of how the transaction is characterized), the
Corresponding Source conveyed under this section must be accompanied
by the Installation Information. But this requirement does not apply
if neither you nor any third party retains the ability to install
modified object code on the User Product (for example, the work has
been installed in ROM).
The requirement to provide Installation Information does not include a
requirement to continue to provide support service, warranty, or updates
for a work that has been modified or installed by the recipient, or for
the User Product in which it has been modified or installed. Access to a
network may be denied when the modification itself materially and
adversely affects the operation of the network or violates the rules and
protocols for communication across the network.
Corresponding Source conveyed, and Installation Information provided,
in accord with this section must be in a format that is publicly
documented (and with an implementation available to the public in
source code form), and must require no special password or key for
unpacking, reading or copying.
7. Additional Terms.
"Additional permissions" are terms that supplement the terms of this
License by making exceptions from one or more of its conditions.
Additional permissions that are applicable to the entire Program shall
be treated as though they were included in this License, to the extent
that they are valid under applicable law. If additional permissions
apply only to part of the Program, that part may be used separately
under those permissions, but the entire Program remains governed by
this License without regard to the additional permissions.
When you convey a copy of a covered work, you may at your option
remove any additional permissions from that copy, or from any part of
it. (Additional permissions may be written to require their own
removal in certain cases when you modify the work.) You may place
additional permissions on material, added by you to a covered work,
for which you have or can give appropriate copyright permission.
Notwithstanding any other provision of this License, for material you
add to a covered work, you may (if authorized by the copyright holders of
that material) supplement the terms of this License with terms:
a) Disclaiming warranty or limiting liability differently from the
terms of sections 15 and 16 of this License; or
b) Requiring preservation of specified reasonable legal notices or
author attributions in that material or in the Appropriate Legal
Notices displayed by works containing it; or
c) Prohibiting misrepresentation of the origin of that material, or
requiring that modified versions of such material be marked in
reasonable ways as different from the original version; or
d) Limiting the use for publicity purposes of names of licensors or
authors of the material; or
e) Declining to grant rights under trademark law for use of some
trade names, trademarks, or service marks; or
f) Requiring indemnification of licensors and authors of that
material by anyone who conveys the material (or modified versions of
it) with contractual assumptions of liability to the recipient, for
any liability that these contractual assumptions directly impose on
those licensors and authors.
All other non-permissive additional terms are considered "further
restrictions" within the meaning of section 10. If the Program as you
received it, or any part of it, contains a notice stating that it is
governed by this License along with a term that is a further
restriction, you may remove that term. If a license document contains
a further restriction but permits relicensing or conveying under this
License, you may add to a covered work material governed by the terms
of that license document, provided that the further restriction does
not survive such relicensing or conveying.
If you add terms to a covered work in accord with this section, you
must place, in the relevant source files, a statement of the
additional terms that apply to those files, or a notice indicating
where to find the applicable terms.
Additional terms, permissive or non-permissive, may be stated in the
form of a separately written license, or stated as exceptions;
the above requirements apply either way.
8. Termination.
You may not propagate or modify a covered work except as expressly
provided under this License. Any attempt otherwise to propagate or
modify it is void, and will automatically terminate your rights under
this License (including any patent licenses granted under the third
paragraph of section 11).
However, if you cease all violation of this License, then your
license from a particular copyright holder is reinstated (a)
provisionally, unless and until the copyright holder explicitly and
finally terminates your license, and (b) permanently, if the copyright
holder fails to notify you of the violation by some reasonable means
prior to 60 days after the cessation.
Moreover, your license from a particular copyright holder is
reinstated permanently if the copyright holder notifies you of the
violation by some reasonable means, this is the first time you have
received notice of violation of this License (for any work) from that
copyright holder, and you cure the violation prior to 30 days after
your receipt of the notice.
Termination of your rights under this section does not terminate the
licenses of parties who have received copies or rights from you under
this License. If your rights have been terminated and not permanently
reinstated, you do not qualify to receive new licenses for the same
material under section 10.
9. Acceptance Not Required for Having Copies.
You are not required to accept this License in order to receive or
run a copy of the Program. Ancillary propagation of a covered work
occurring solely as a consequence of using peer-to-peer transmission
to receive a copy likewise does not require acceptance. However,
nothing other than this License grants you permission to propagate or
modify any covered work. These actions infringe copyright if you do
not accept this License. Therefore, by modifying or propagating a
covered work, you indicate your acceptance of this License to do so.
10. Automatic Licensing of Downstream Recipients.
Each time you convey a covered work, the recipient automatically
receives a license from the original licensors, to run, modify and
propagate that work, subject to this License. You are not responsible
for enforcing compliance by third parties with this License.
An "entity transaction" is a transaction transferring control of an
organization, or substantially all assets of one, or subdividing an
organization, or merging organizations. If propagation of a covered
work results from an entity transaction, each party to that
transaction who receives a copy of the work also receives whatever
licenses to the work the party's predecessor in interest had or could
give under the previous paragraph, plus a right to possession of the
Corresponding Source of the work from the predecessor in interest, if
the predecessor has it or can get it with reasonable efforts.
You may not impose any further restrictions on the exercise of the
rights granted or affirmed under this License. For example, you may
not impose a license fee, royalty, or other charge for exercise of
rights granted under this License, and you may not initiate litigation
(including a cross-claim or counterclaim in a lawsuit) alleging that
any patent claim is infringed by making, using, selling, offering for
sale, or importing the Program or any portion of it.
11. Patents.
A "contributor" is a copyright holder who authorizes use under this
License of the Program or a work on which the Program is based. The
work thus licensed is called the contributor's "contributor version".
A contributor's "essential patent claims" are all patent claims
owned or controlled by the contributor, whether already acquired or
hereafter acquired, that would be infringed by some manner, permitted
by this License, of making, using, or selling its contributor version,
but do not include claims that would be infringed only as a
consequence of further modification of the contributor version. For
purposes of this definition, "control" includes the right to grant
patent sublicenses in a manner consistent with the requirements of
this License.
Each contributor grants you a non-exclusive, worldwide, royalty-free
patent license under the contributor's essential patent claims, to
make, use, sell, offer for sale, import and otherwise run, modify and
propagate the contents of its contributor version.
In the following three paragraphs, a "patent license" is any express
agreement or commitment, however denominated, not to enforce a patent
(such as an express permission to practice a patent or covenant not to
sue for patent infringement). To "grant" such a patent license to a
party means to make such an agreement or commitment not to enforce a
patent against the party.
If you convey a covered work, knowingly relying on a patent license,
and the Corresponding Source of the work is not available for anyone
to copy, free of charge and under the terms of this License, through a
publicly available network server or other readily accessible means,
then you must either (1) cause the Corresponding Source to be so
available, or (2) arrange to deprive yourself of the benefit of the
patent license for this particular work, or (3) arrange, in a manner
consistent with the requirements of this License, to extend the patent
license to downstream recipients. "Knowingly relying" means you have
actual knowledge that, but for the patent license, your conveying the
covered work in a country, or your recipient's use of the covered work
in a country, would infringe one or more identifiable patents in that
country that you have reason to believe are valid.
If, pursuant to or in connection with a single transaction or
arrangement, you convey, or propagate by procuring conveyance of, a
covered work, and grant a patent license to some of the parties
receiving the covered work authorizing them to use, propagate, modify
or convey a specific copy of the covered work, then the patent license
you grant is automatically extended to all recipients of the covered
work and works based on it.
A patent license is "discriminatory" if it does not include within
the scope of its coverage, prohibits the exercise of, or is
conditioned on the non-exercise of one or more of the rights that are
specifically granted under this License. You may not convey a covered
work if you are a party to an arrangement with a third party that is
in the business of distributing software, under which you make payment
to the third party based on the extent of your activity of conveying
the work, and under which the third party grants, to any of the
parties who would receive the covered work from you, a discriminatory
patent license (a) in connection with copies of the covered work
conveyed by you (or copies made from those copies), or (b) primarily
for and in connection with specific products or compilations that
contain the covered work, unless you entered into that arrangement,
or that patent license was granted, prior to 28 March 2007.
Nothing in this License shall be construed as excluding or limiting
any implied license or other defenses to infringement that may
otherwise be available to you under applicable patent law.
12. No Surrender of Others' Freedom.
If conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot convey a
covered work so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you may
not convey it at all. For example, if you agree to terms that obligate you
to collect a royalty for further conveying from those to whom you convey
the Program, the only way you could satisfy both those terms and this
License would be to refrain entirely from conveying the Program.
13. Use with the GNU Affero General Public License.
Notwithstanding any other provision of this License, you have
permission to link or combine any covered work with a work licensed
under version 3 of the GNU Affero General Public License into a single
combined work, and to convey the resulting work. The terms of this
License will continue to apply to the part which is the covered work,
but the special requirements of the GNU Affero General Public License,
section 13, concerning interaction through a network will apply to the
combination as such.
14. Revised Versions of this License.
The Free Software Foundation may publish revised and/or new versions of
the GNU General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the
Program specifies that a certain numbered version of the GNU General
Public License "or any later version" applies to it, you have the
option of following the terms and conditions either of that numbered
version or of any later version published by the Free Software
Foundation. If the Program does not specify a version number of the
GNU General Public License, you may choose any version ever published
by the Free Software Foundation.
If the Program specifies that a proxy can decide which future
versions of the GNU General Public License can be used, that proxy's
public statement of acceptance of a version permanently authorizes you
to choose that version for the Program.
Later license versions may give you additional or different
permissions. However, no additional obligations are imposed on any
author or copyright holder as a result of your choosing to follow a
later version.
15. Disclaimer of Warranty.
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16. Limitation of Liability.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.
17. Interpretation of Sections 15 and 16.
If the disclaimer of warranty and limitation of liability provided
above cannot be given local legal effect according to their terms,
reviewing courts shall apply local law that most closely approximates
an absolute waiver of all civil liability in connection with the
Program, unless a warranty or assumption of liability accompanies a
copy of the Program in return for a fee.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
state the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
{one line to give the program's name and a brief idea of what it does.}
Copyright (C) {year} {name of author}
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
Also add information on how to contact you by electronic and paper mail.
If the program does terminal interaction, make it output a short
notice like this when it starts in an interactive mode:
{project} Copyright (C) {year} {fullname}
This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, your program's commands
might be different; for a GUI interface, you would use an "about box".
You should also get your employer (if you work as a programmer) or school,
if any, to sign a "copyright disclaimer" for the program, if necessary.
For more information on this, and how to apply and follow the GNU GPL, see
<http://www.gnu.org/licenses/>.
The GNU General Public License does not permit incorporating your program
into proprietary programs. If your program is a subroutine library, you
may consider it more useful to permit linking proprietary applications with
the library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License. But first, please read
<http://www.gnu.org/philosophy/why-not-lgpl.html>.

0
lab/README Normal file
View File

31
lab/README.md Normal file
View File

@ -0,0 +1,31 @@
FNF Lab
=======
Introduction
------------
This repository contains
* configuration files
* hack notes etc
* helper scripts
* test suites for FreedomStack
related to the FNF R&D lab.
FNF R&D Lab overview
--------------------
The lab consists of various bits of network gear to support development of the FreedomStack and educating a new generation of "net ninjas". You can
find comprehensive documentation on the lab on the FNF wiki:
https://commons.thefnf.org/index.php/FNF_Lab
File/directory overview
-----------------------
* lab_aliases is a set of shell aliases for all the lab hosts. Add it to your shell config and have easy access to all lab systems. It needs a couple
tweaks at the top for your FNFLAB username and private SSH keypath.
* docs is for things not on the wiki. Network and rack diagrams mostly

80
lab/docs/Joes-logical Normal file
View File

@ -0,0 +1,80 @@
nwdiag {
//Upstream space (gateways,partner networks etc)
network "JoesDataCenter Upstream" {
JoesWanGateway [shape = cloud ] address = "96.43.139.113";
address = "96.43.139.113/28";
}
network "Wan edge - public" {
group wan-edge-outside {
wan01-public [shape = cloud ] [ address = "96.43.139.115"];
wan02-public [shape = cloud ] [ address = "96.43.139.116"];
}
}
// Intra network links
JoesWanGateway -- wan01-public;
wan01 -- sw01;
// Networks under our administrative control.
// Using a standardized scheme of: site name, local vlan, description
network "Joes - VLAN 2 - Physical Systems" {
address = "10.250.2.0/24";
group wan-edge-inside {
wan01 [ address = "10.250.2.x" ]
wan02 [ address = "10.250.2.x" ]
}
group switches {
sw01 [address = "10.250.2.25"];
sw02 [address = "10.250.2.75"];
}
group lxc-vm-hosts {
vm01 [address = "10.250.2.3"];
vm02 [address = "10.250.2.5"];
}
group zfs-storage-nodes {
stor01 [address = "10.250.2.70"];
stor02 [address = "10.250.2.75"];
}
}
network "Joes - VLAN 4 - Production Virtual Machines" {
address = "10.250.4.0/24";
group www {
lamplb [ address = "10.250.4.38" ];
lamppublic [ address = "10.250.4.40" ];
lampenterprise [ address = "10.250.4.37" ];
chili [ address = "10.250.4.32" ];
askbot [ address = "10.250.4.72" ];
gus [ address = "10.250.4.74" ];
}
group coreinfra {
dns [ address = "10.250.6.5" ];
ldap [ address = "10.250.4.54" ];
autonoc [ address = "10.250.4.39" ];
sql [ address = "10.250.4.53" ];
}
group comms {
mail [ address = "10.250.4.73" ];
irc [ address = "10.250.4.63" ];
}
}
//network "FNF KC - Development Virtual Machines - Management network - VLAN(x) {
//
//}
}

BIN
lab/docs/Joes-logical.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 62 KiB

126
lab/docs/Lab-physical Normal file
View File

@ -0,0 +1,126 @@
rackdiag {
//r1
rack {
42U;
description = "R1 - Fully enclosed cabinet, holds all cisco routers/switches.)";
42:
41:
40:
39:
38:
37:
36:
35:
34:
33:
32:
31:
30:
29:
28:
27:
26:
25:
24:
23:
22:
21:
20:
19:
18:
17:
16:
15:
14:
13:
12:
11:
10:
09:
08:
07:
06:
05:
04:
03:
02:
01:
}
//r2
rack {
42U;
description = "R2 - Fully enclosed cabinet, holds all the prod gear.)";
42: N/A
41: unmanaged pdu
40: pdu01
39: pdu02
38: devrtr02 mikrotik
37: devrtr01 ubiquiti edge router
36: devsw04 Cisco 3500 poe
35: devsw01 Cisco 2950
34: devsw02 Cisco 2950
33: devsw03 Cisco 3500
32: labsw01 Dell PowerConnect
31: switch patch panel
30: devrtr03 Cisco ISR 1841
29: devrtr04 Cisco ISR 1841
28: labcon01 ACS48
27: console server patch panel
26: devrtr06 Cisco 26xx
25: devsw05 Cisco 2948G
24: devsw05 Cisco 2948G
23: devrtr07 Cisco 3640
22: devrtr07 Cisco 3640
21: available slot
20: available slot
19: devrtr08 (firebox) devrtr05 (pix 501)
18: available slot
17: available slot
16: ups fsrtr01
15: devrtr09 (6500)
14: devrtr09
13: devrtr09
12: devrtr09
11: devrtr09
10: devrtr09
09: devrtr09
08: devrtr09
07: devrtr09
06: devrtr09
05: devrtr09
04: devrtr09
03: devrtr09
}
//r3
rack {
24U;
description = "R3 - Skeltek 2 post, holds client end points";
24:
23:
22:
21:
20:
19:
18:
17:
16:
15:
14:
13:
12:
11:
10:
09:
08:
07:
06:
05:
04:
03:
02:
01:
}

59
lab/docs/LabLogical-Backbone Normal file
View File

@ -0,0 +1,59 @@
nwdiag {
network OVH_TRANSIT_WAN {
address = "192.168.204.0/30"
ovh-wanrtr [ address = ".1"];
ausprod-coreap01-vpnwan [ address = ".2"];
}
group ovhtransitwan {
ovh-wanrtr
ausprod-coreap01-vpnwan
}
network ATT_UVERSE_LAN {
address = "192.168.1.0/24";
group attuverselan {
ausprod-coreap01-wan [address = ".253"];
}
}
network TURNSYS_TRANSIT_LAN {
address = "192.168.2.0/24";
ausprod-coreap01-lan [address = ".1"];
ausprod-coresw01 [address = ".22"];
auslab-labrtr-wan [address = ".21"];
group turnsystransitlan {
ausprod-coreap01-lan;
ausprod-coresw01;
auslab-labrtr-wan;
}
}
network TURNSYS_MGMT_LAN {
address = "10.251.2.0/24";
auslab-labrtr-mgmtgw [ address = ".254"];
auslab-ips [ address = ".97"];
auslab-labsw01 [ address = ".2"];
auslab-labsw02 [ address = ".4"];
auslab-labsw03 [ address = ".5"];
auslab-labcon01 [ address = ".3"];
auslab-linsrv [ address = ".99"];
auslab-winsrv [ address = ".98"];
group turnsysmgmtlan-vlan2 {
auslab-labrtr-mgmtgw;
auslab-ips
auslab-labsw01;
auslab-labsw02;
auslab-labsw03;
auslab-labcon01;
auslab-linsrv
auslab-winsrv
}
}
}

BIN
lab/docs/LabLogical-Backbone.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 36 KiB

103
lab/docs/LabLogical-Devices Normal file
View File

@ -0,0 +1,103 @@
nwdiag {
network TURNSYS_AP_LAN {
address = "10.251.3.0/24";
auslab-labrtr-apgw [ address = ".254"];
auslab-ap01 [ address = ".1"];
auslab-ap02 [ address = ".2"];
auslab-ap03 [ address = ".3"];
auslab-ap04 [ address = ".4"];
auslab-ap05 [ address = ".5"];
auslab-ap06 [ address = ".6"];
auslab-ap07 [ address = ".7"];
auslab-ap08 [ address = ".8"];
auslab-ap09 [ address = ".9"];
auslab-ap10 [ address = ".10"];
auslab-ap11 [ address = ".11"];
auslab-ap12 [ address = ".12"];
group turnsysaplan-vlan3 {
auslab-labrtr-apgw;
auslab-ap01;
auslab-ap02;
auslab-ap03;
auslab-ap04;
auslab-ap05;
auslab-ap06;
auslab-ap07;
auslab-ap08;
auslab-ap09;
auslab-ap10;
auslab-ap11;
auslab-ap12;
}
}
network TURNSYS_SWITCH_LAN {
address = "10.251.4.0/24";
auslab-labrtr-switchgw [ address = ".254"];
auslab-sw01 [ address = ".1"];
auslab-sw02 [ address = ".2"];
auslab-sw03 [ address = ".3"];
auslab-sw05 [ address = ".5"];
auslab-sw06 [ address = ".6"];
auslab-sw07 [ address = ".7"];
group turnsysswitchlan-vlan4 {
auslab-labrtr-switchgw;
auslab-sw01;
auslab-sw02;
auslab-sw03;
auslab-sw05;
auslab-sw06;
auslab-sw07;
}
}
network TURNSYS_VOIP_LAN{
address = "10.251.5.0/24";
auslab-labrtr-voipgw [ address = ".254"];
group turnsysvoip-vlan5 {
auslab-labrtr-voipgw;
}
}
network TURNSYS_ROUTER_LAN{
address = "10.251.6.0/24";
auslab-labrtr-routergw [ address = ".254"];
group turnsysrouter-vlan6 {
auslab-labrtr-routergw;
}
}
network TURNSYS_IPTV_LAN{
address = "10.251.7.0/24";
auslab-labrtr-iptvgw [ address = ".254"];
group turnsysiptv-vlan7 {
auslab-labrtr-iptvgw;
}
}
network TURNSYS_PEANUTGALLERY_LAN{
address = "10.251.8.0/24";
auslab-labrtr-pggw [ address = ".254"];
group turnsyspg-vlan8 {
auslab-labrtr-pggw;
}
}
network TURNSYS_MALZOO_LAN{
address = "10.251.12.0/24";
auslab-labrtr-malgw [ address = ".254"];
group turnsyspg-vlan12 {
auslab-labrtr-malgw;
}
}
}

BIN
lab/docs/LabLogical-Devices.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 62 KiB

88
lab/vagrant/Vagrantfile vendored Normal file
View File

@ -0,0 +1,88 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
VAGRANTFILE_API_VERSION = "2"
# Convenience function for running Postgres commands. Accesses via temporarily-linked container.
def postgres(cmd)
"docker run --rm --link postgres:postgres -u postgres postgres:9.3 #{cmd}"
end
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
# All Vagrant configuration is done here. The most common configuration
# options are documented and commented below. For a complete reference,
# please see the online documentation at vagrantup.com.
# Create a private network, which allows host-only access to the machine
# using a specific IP.
# config.vm.network "private_network", ip: "192.168.33.10"
# Create a public network, which generally matched to bridged network.
# Bridged networks make the machine appear as another physical device on
# your network.
# config.vm.network "public_network"
# If true, then any SSH connections made will enable agent forwarding.
# Default value: false
# config.ssh.forward_agent = true
# Share an additional folder to the guest VM. The first argument is
# the path on the host to the actual folder. The second argument is
# the path on the guest to mount the folder. And the optional third
# argument is a set of non-required options.
# config.vm.synced_folder "../data", "/vagrant_data"
# Provider-specific configuration so you can fine-tune various
# backing providers for Vagrant. These expose provider-specific options.
# Example for VirtualBox:
#
config.vm.provider "virtualbox" do |vb|
# # Don't boot with headless mode
# vb.gui = true
#
# # Use VBoxManage to customize the VM. For example to change memory:
# vb.customize ["modifyvm", :id, "--memory", "1024"]
vb.memory = 1024
end
#
# View the documentation for the provider you're using for more
# information on available options. # Enable provisioning with CFEngine. CFEngine Community packages are
config.vm.define :hearth do |hearth|
hearth.vm.box = "ubuntu/trusty64"
hearth.vm.hostname = "hearth"
hearth.vm.network :forwarded_port, guest: 80, host: 8080
hearth.vm.provision :docker do |d|
d.pull_images "postgres:9.3"
d.build_image "/vagrant/docker/thefnf/freeradius", args: "-t thefnf/freeradius"
d.build_image "/vagrant/docker/thefnf/odoo", args: "-t thefnf/odoo"
d.run "thefnf/freeradius", args: "--name radius -p :1813:1813 -p :1863:1863"
d.run "postgres:9.3", args: "--name postgres"
end
hearth.vm.provision :shell, inline: """
sleep 5 # Give Postgres a chance to start
#{postgres("psql -h postgres -c \"CREATE USER odoo WITH UNENCRYPTED PASSWORD 'password' CREATEDB;\"")}
"""
hearth.vm.provision :docker do |d|
d.run "thefnf/odoo", args: "--name odoo --link postgres:postgres -p :80:8069"
end
end
config.vm.define :freedomlink do |fl|
fl.vm.box = "box-cutter/debian76"
fl.vm.hostname = "freedomlink"
end
end

6
lab/vagrant/docker/thefnf/freeradius/Dockerfile Normal file
View File

@ -0,0 +1,6 @@
FROM ubuntu:14.04
EXPOSE 1813 1863
RUN apt-get update && \
apt-get upgrade -y && \
apt-get install -y freeradius
CMD freeradius -f

55
lab/vagrant/docker/thefnf/freeside/Dockerfile Normal file
View File

@ -0,0 +1,55 @@
FROM debian:7
ENV VERSION 3.3
RUN echo deb http://freeside.biz/~ivan/freeside-wheezy/ ./ >/etc/apt/sources.list.d/freeside.list && \
apt-get update && \
apt-get upgrade -y && \
apt-get install -y --force-yes --no-install-recommends adduser apache2 apache2-mpm-prefork apache2-utils curl gcc gnupg ghostscript gsfonts gzip latex-xcolor \
less libapache-dbi-perl libapache2-mod-perl2 libapache2-request-perl libapache-session-perl \
libbusiness-creditcard-perl libcache-cache-perl libcache-simple-timedexpiry-perl libchart-perl \
libclass-container-perl libclass-data-inheritable-perl libclass-returnvalue-perl libcolor-scheme-perl \
libio-compress-perl libconvert-binhex-perl libcrypt-passwdmd5-perl libcrypt-ssleay-perl libcss-squish-perl \
libdate-manip-perl libdbd-mysql-perl libdbd-pg-perl libdbi-perl libdbix-dbschema-perl libdbix-searchbuilder-perl \
libdevel-stacktrace-perl libdevel-symdump-perl liberror-perl libexception-class-perl \
libfile-counterfile-perl libfile-rsync-perl libfont-afm-perl libfreezethaw-perl libfrontier-rpc-perl \
libgd-gd2-perl libgd-graph-perl libgd2-xpm libhtml-format-perl libhtml-mason-perl libhtml-parser-perl \
libhtml-scrubber-perl libhtml-tagset-perl libhtml-tree-perl libhtml-widgets-selectlayers-perl libio-stringy-perl \
libipc-run-perl libipc-run3-perl libipc-sharelite-perl libjavascript-rpc-perl libjson-perl \
liblingua-en-inflect-perl liblingua-en-nameparse-perl liblocale-gettext-perl liblocale-maketext-fuzzy-perl \
liblocale-maketext-lexicon-perl liblocale-subcountry-perl liblog-dispatch-perl libmailtools-perl libmime-tools-perl \
libmodule-versions-report-perl libnet-daemon-perl libnet-ping-external-perl libnet-scp-perl libnet-ssh-perl \
libnet-whois-raw-perl libnetaddr-ip-perl libnumber-format-perl libpam-modules libpam-runtime libpaper-utils \
libparams-validate-perl libparse-recdescent-perl libpcre3 libpg-perl libregexp-common-perl \
libspreadsheet-writeexcel-perl libstring-approx-perl libstring-shellquote-perl libterm-readkey-perl \
libtest-inline-perl libtext-autoformat-perl libtext-charwidth-perl libtext-csv-perl libtext-csv-xs-perl libtext-iconv-perl \
libtext-quoted-perl libtext-reform-perl libtext-template-perl libtext-wrapi18n-perl libtext-wrapper-perl \
libtie-ixhash-perl libtime-duration-perl libtime-modules-perl libtimedate-perl libtree-simple-perl \
libuniversal-require-perl liburi-perl libwant-perl libwww-perl libxml-parser-perl libyaml-perl lmodern make \
perl perl-base perl-modules texlive \
texlive-latex-extra texinfo traceroute ttf-bitstream-vera ttf-dustin ucf zlib1g \
libdatetime-perl libdatetime-format-strptime-perl libfile-slurp-perl libspreadsheet-parseexcel-perl \
libauthen-passphrase-perl libnet-domain-tld-perl libbusiness-us-usps-webtools-perl libxml-simple-perl \
libemail-sender-perl libemail-sender-transport-smtp-tls-perl libemail-sender-perl \
libemail-sender-transport-smtp-tls-perl libhtml-defang-perl libdatetime-format-natural-perl libcgi-pm-perl \
libfile-sharedir-perl libmodule-versions-report-perl libtext-wikiformat-perl libnet-server-perl \
libhttp-server-simple-perl libhtml-rewriteattributes-perl libmime-types-perl libperlio-eol-perl \
libgnupg-interface-perl libdata-ical-perl libcalendar-simple-perl libdatetime-set-perl \
libhook-lexwrap-perl libhttp-server-simple-mason-perl libxml-rss-perl libipc-run-safehandles-perl libpoe-perl \
libsoap-lite-perl libhtml-tableextract-perl libhtml-element-extended-perl libcam-pdf-perl libgd-barcode-perl \
libnet-openssh-perl libgeo-coder-googlev3-perl libgeo-googleearth-pluggable-perl libnet-snmp-perl \
libcrypt-openssl-rsa-perl libpdf-webkit-perl wkhtmltopdf xvfb \
sam2p psmisc libsys-sigaction-perl liblog-dispatch-perl libconvert-color-perl libdate-simple-perl libemail-valid-perl \
libencode-perl libexcel-writer-xlsx-perl libhtml-mason-psgihandler-perl libhtml-quoted-perl libio-string-perl \
libregexp-common-net-cidr-perl libregexp-ipv6-perl libsnmp-perl libtext-password-pronounceable-perl \
libparse-fixedlength-perl && \
cd /usr/src && \
curl http://www.freeside.biz/freeside/freeside-$VERSION.tar.gz |tar xz && \
adduser freeside --system --group --shell /bin/bash && \
rm -rf /var/www/*
ADD Makefile /usr/src/freeside-$VERSION/Makefile
RUN cd /usr/src/freeside-$VERSION && \
make perl-modules && \
make install-perl-modules && \
make create-config && \
make install-docs && \
make install-apache
USER freeside

468
lab/vagrant/docker/thefnf/freeside/Makefile Normal file
View File

@ -0,0 +1,468 @@
#!/usr/bin/make
#solaris and perhaps other very weirdass /bin/sh
#SHELL="/bin/ksh"
DB_TYPE = Pg
#DB_TYPE = mysql
DB_USER = freeside
DB_PASSWORD=password
DATASOURCE = DBI:${DB_TYPE}:dbname=freeside;host=postgres
#changable now (some things which should go to the others still go to CONF)
FREESIDE_CONF = /usr/local/etc/freeside
FREESIDE_LOG = /usr/local/etc/freeside
FREESIDE_LOCK = /usr/local/etc/freeside
FREESIDE_CACHE = /usr/local/etc/freeside
FREESIDE_EXPORT = /usr/local/etc/freeside
MASON_HANDLER = ${FREESIDE_CONF}/handler.pl
MASONDATA = ${FREESIDE_CACHE}/masondata
#where to put the default configuraiton used by freeside-setup to initialize
#a new database (not used after that). primarily of interest to distro
#package maintainers
DIST_CONF = ${FREESIDE_CONF}/default_conf
#deb
FREESIDE_DOCUMENT_ROOT = /var/www
#redhat, fedora, mandrake
#FREESIDE_DOCUMENT_ROOT = /var/www/html/freeside
#freebsd
#FREESIDE_DOCUMENT_ROOT = /usr/local/www/data/freeside
#openbsd
#FREESIDE_DOCUMENT_ROOT = /var/www/htdocs/freeside
#suse
#FREESIDE_DOCUMENT_ROOT = /srv/www/htdocs/freeside
#apache
#FREESIDE_DOCUMENT_ROOT = /usr/local/apache/htdocs/freeside
#deb, redhat, fedora, mandrake, suse, others?
INIT_FILE = /etc/init.d/freeside
#freebsd
#INIT_FILE = /usr/local/etc/rc.d/011.freeside.sh
#deb
INIT_INSTALL = PATH=$PATH:/sbin /usr/sbin/update-rc.d freeside defaults 23 01
#redhat, fedora
#INIT_INSTALL = /sbin/chkconfig freeside on
#not necessary (freebsd)
#INIT_INSTALL = /usr/bin/true
#deb, suse
#HTTPD_RESTART = /etc/init.d/apache restart
#deb w/apache2
HTTPD_RESTART = /etc/init.d/apache2 restart
#redhat, fedora, mandrake
#HTTPD_RESTART = /etc/init.d/httpd restart
#freebsd
#HTTPD_RESTART = /usr/local/etc/rc.d/apache.sh stop || true; sleep 10; /usr/local/etc/rc.d/apache.sh start
#openbsd
#HTTPD_RESTART = kill -TERM `cat /var/www/logs/httpd.pid`; sleep 10; /usr/sbin/httpd -u -DSSL
#apache
#HTTPD_RESTART = /usr/local/apache/bin/apachectl stop; sleep 10; /usr/local/apache/bin/apachectl startssl
#(an include directory, not a file, "Include /etc/apache/conf.d" in httpd.conf)
#deb (3.1+), apache2
APACHE_CONF = /etc/apache2/conf.d
INSSERV_OVERRIDE = /etc/insserv/overrides
FREESIDE_RESTART = ${INIT_FILE} restart
#deb, redhat, fedora, mandrake, suse, others?
INSTALLGROUP = root
#freebsd, openbsd
#INSTALLGROUP = wheel
#edit the stuff below to have the daemons start
QUEUED_USER=fs_queue
API_USER = fs_api
SELFSERVICE_USER = fs_selfservice
#never run on the same machine in production!!!
SELFSERVICE_MACHINES =
# SELFSERVICE_MACHINES = www.example.com
# SELFSERVICE_MACHINES = web1.example.com web2.example.com
#user with sudo access on SELFSERVICE_MACHINES for automated self-service
#installation.
SELFSERVICE_INSTALL_USER = ivan
SELFSERVICE_INSTALL_USERADD = /usr/sbin/useradd
#SELFSERVICE_INSTALL_USERADD = "/usr/sbin/pw useradd"
#RT_ENABLED = 0
RT_ENABLED = 1
RT_DOMAIN = example.com
RT_TIMEZONE = US/Pacific
#RT_TIMEZONE = US/Eastern
FREESIDE_URL = "http://localhost/freeside/"
#for now, same db as specified in DATASOURCE... eventually, otherwise?
RT_DB_DATABASE = freeside
TORRUS_ENABLED = 0
# for auto-version updates, so we can "make release" more things automatically
RPM_SPECFILE = rpm/freeside.spec
#---
#rt/config.layout.in
RT_PATH = /opt/rt3
#only used for dev kludge now, not a big deal
FREESIDE_PATH = `pwd`
PERL_INC_DEV_KLUDGE = /usr/local/share/perl/5.14.2/
VERSION := `grep '^$$VERSION' FS/FS.pm | cut -d\' -f2`
TAG := freeside_`grep '^$$VERSION' FS/FS.pm | cut -d\' -f2 | perl -pe 's/\./_/g'`
#DEBVERSION = `echo ${VERSION} | perl -pe 's/(\d)([a-z])/\1~\2/'`-1
TEXMFHOME := "\$$TEXMFHOME"
ver:
@echo "${VERSION}"
tag:
@echo "${TAG}"
help:
@echo "supported targets:"
@echo " create-database create-config"
@echo " install deploy"
@echo " configure-rt create-rt"
@echo " clean help"
@echo
@echo " install-docs install-perl-modules"
@echo " install-init install-apache"
@echo " install-rt install-texmf"
@echo " install-selfservice update-selfservice"
@echo
@echo " dev dev-docs dev-perl-modules"
@echo
@echo " masondocs alldocs docs"
@echo " wikiman"
@echo " perl-modules"
#@echo
#@echo " upload-docs release"
masondocs: httemplate/* httemplate/*/* httemplate/*/*/* httemplate/*/*/*/*
rm -rf masondocs
cp -pr httemplate masondocs
touch masondocs
alldocs: masondocs
docs:
make masondocs
wikiman:
chmod a+rx ./bin/pod2x
./bin/pod2x
install-docs: docs
#ancient attempt to avoid overwriting customer modifications directly to production web files that's overlived its usefulness
#[ -e ${FREESIDE_DOCUMENT_ROOT} ] && mv ${FREESIDE_DOCUMENT_ROOT} ${FREESIDE_DOCUMENT_ROOT}.`date +%Y%m%d%H%M%S` || true
#cp -r masondocs ${FREESIDE_DOCUMENT_ROOT}
[ -h ${FREESIDE_DOCUMENT_ROOT} ] && rm ${FREESIDE_DOCUMENT_ROOT} || true
mkdir -p ${FREESIDE_DOCUMENT_ROOT}
cp -r masondocs/* masondocs/.htaccess ${FREESIDE_DOCUMENT_ROOT}
chown -R freeside:freeside ${FREESIDE_DOCUMENT_ROOT}
install -D htetc/handler.pl ${MASON_HANDLER}
perl -p -i -e "\
s|%%%FREESIDE_EXPORT%%%|${FREESIDE_EXPORT}|g;\
s'%%%RT_ENABLED%%%'${RT_ENABLED}'g; \
" ${MASON_HANDLER} || true
mkdir -p ${FREESIDE_EXPORT}/profile
chown freeside ${FREESIDE_EXPORT}/profile
cp htetc/htpasswd.logout ${FREESIDE_CONF}
[ ! -e ${MASONDATA} ] && mkdir ${MASONDATA} || true
chown -R freeside ${MASONDATA}
dev-docs:
[ -e ${FREESIDE_DOCUMENT_ROOT} ] && mv ${FREESIDE_DOCUMENT_ROOT} ${FREESIDE_DOCUMENT_ROOT}.`date +%Y%m%d%H%M%S` || true
ln -s ${FREESIDE_PATH}/httemplate ${FREESIDE_DOCUMENT_ROOT}
cp htetc/handler.pl ${MASON_HANDLER}
perl -p -i -e "\
s'###use Module::Refresh;###'use Module::Refresh;'; \
s'###Module::Refresh->refresh;###'Module::Refresh->refresh;'; \
s|%%%FREESIDE_EXPORT%%%|${FREESIDE_EXPORT}|g;\
s'%%%RT_ENABLED%%%'${RT_ENABLED}'g; \
" ${MASON_HANDLER} || true
perl-modules:
cd FS; \
[ -e Makefile ] || perl Makefile.PL; \
make; \
perl -p -i -e "\
s|%%%FREESIDE_CONF%%%|${FREESIDE_CONF}|g;\
s|%%%FREESIDE_CACHE%%%|${FREESIDE_CACHE}|g;\
s'%%%FREESIDE_DOCUMENT_ROOT%%%'${FREESIDE_DOCUMENT_ROOT}'g; \
s'%%%RT_ENABLED%%%'${RT_ENABLED}'g; \
s'%%%RT_PATH%%%'${RT_PATH}'g; \
s'%%%MASONDATA%%%'${MASONDATA}'g;\
s/%%%SELFSERVICE_USER%%%/${SELFSERVICE_USER}/g;\
" blib/lib/FS/*.pm;\
perl -p -i -e "\
s/%%%SELFSERVICE_USER%%%/${SELFSERVICE_USER}/g;\
s/%%%SELFSERVICE_MACHINES%%%/${SELFSERVICE_MACHINES}/g;\
s|%%%FREESIDE_EXPORT%%%|${FREESIDE_EXPORT}|g;\
" blib/lib/FS/Cron/*.pm;\
perl -p -i -e "\
s|%%%FREESIDE_CONF%%%|${FREESIDE_CONF}|g;\
s|%%%FREESIDE_EXPORT%%%|${FREESIDE_EXPORT}|g;\
s|%%%FREESIDE_LOG%%%|${FREESIDE_LOG}|g;\
" blib/lib/FS/part_export/*.pm;\
perl -p -i -e "\
s|%%%FREESIDE_CACHE%%%|${FREESIDE_CACHE}|g;\
" blib/lib/FS/cust_main/*.pm blib/lib/FS/cust_pkg/*.pm;\
perl -p -i -e "\
s|%%%FREESIDE_LOG%%%|${FREESIDE_LOG}|g;\
" blib/lib/FS/Daemon/*.pm;\
perl -p -i -e "\
s|%%%FREESIDE_CONF%%%|${FREESIDE_CONF}|g;\
s|%%%FREESIDE_LOG%%%|${FREESIDE_LOG}|g;\
s|%%%FREESIDE_LOCK%%%|${FREESIDE_LOCK}|g;\
s|%%%FREESIDE_CACHE%%%|${FREESIDE_CACHE}|g;\
s|%%%FREESIDE_EXPORT%%%|${FREESIDE_EXPORT}|g;\
s|%%%DIST_CONF%%%|${DIST_CONF}|g;\
" blib/script/*
install-perl-modules: perl-modules install-rt-initialdata
[ -L ${PERL_INC_DEV_KLUDGE}/FS ] \
&& rm ${PERL_INC_DEV_KLUDGE}/FS \
&& mv ${PERL_INC_DEV_KLUDGE}/FS.old ${PERL_INC_DEV_KLUDGE}/FS \
|| true
cd FS; \
make install UNINST=1
#install this for freeside-setup
install -d $(DIST_CONF)
#install conf/[a-z]* $(DEFAULT_CONF)
#CVS is not [a-z]
install `ls -d conf/[a-z]* | grep -v CVS | grep -v '^conf/registries'` $(DIST_CONF)
dev-perl-modules: perl-modules
[ -d ${PERL_INC_DEV_KLUDGE}/FS -a ! -L ${PERL_INC_DEV_KLUDGE}/FS ] \
&& mv ${PERL_INC_DEV_KLUDGE}/FS ${PERL_INC_DEV_KLUDGE}/FS.old \
|| true
rm -rf ${PERL_INC_DEV_KLUDGE}/FS
ln -sf ${FREESIDE_PATH}/FS/blib/lib/FS ${PERL_INC_DEV_KLUDGE}/FS
install-texmf:
install -D -o freeside -m 444 etc/longtable.sty \
/usr/local/share/texmf/tex/latex/longtable.sty
texhash /usr/local/share/texmf
install-init:
#[ -e ${INIT_FILE} ] || install -o root -g ${INSTALLGROUP} -m 711 init.d/freeside-init ${INIT_FILE}
install -o root -g ${INSTALLGROUP} -m 711 init.d/freeside-init ${INIT_FILE}
perl -p -i -e "\
s/%%%QUEUED_USER%%%/${QUEUED_USER}/g;\
s/%%%API_USER%%%/${API_USER}/g;\
s/%%%SELFSERVICE_USER%%%/${SELFSERVICE_USER}/g;\
s/%%%SELFSERVICE_MACHINES%%%/${SELFSERVICE_MACHINES}/g;\
" ${INIT_FILE}
${INIT_INSTALL}
install-apache:
[ -e ${APACHE_CONF}/freeside-base.conf ] && rm ${APACHE_CONF}/freeside-base.conf || true
[ -d ${APACHE_CONF} ] && \
( install -o root -m 755 htetc/freeside-base2.conf ${APACHE_CONF} && \
( [ ${RT_ENABLED} -eq 1 ] && install -o root -m 755 htetc/freeside-rt.conf ${APACHE_CONF} || true ) && \
( [ ${TORRUS_ENABLED} -eq 1 ] && install -o root -m 755 htetc/freeside-torrus.conf ${APACHE_CONF} || true ) && \
perl -p -i -e "\
s'%%%FREESIDE_DOCUMENT_ROOT%%%'${FREESIDE_DOCUMENT_ROOT}'g; \
s'%%%FREESIDE_CONF%%%'${FREESIDE_CONF}'g; \
s'%%%MASON_HANDLER%%%'${MASON_HANDLER}'g; \
" ${APACHE_CONF}/freeside-*.conf \
) || true
[ -d ${INSSERV_OVERRIDE} ] && [ -x /sbin/insserv ] && ( install -o root -m 755 init.d/insserv-override-apache2 ${INSSERV_OVERRIDE}/apache2 && insserv -d ) || true
install-selfservice:
[ -e ~freeside ] || cp -pr /etc/skel ~freeside && chown -R freeside ~freeside
[ -e ~freeside/.ssh/id_dsa.pub ] || [ -e ~freeside/.ssh/id_rsa.pub ] || su - freeside -c 'ssh-keygen -t dsa'
for MACHINE in ${SELFSERVICE_MACHINES}; do \
scp -r fs_selfservice/FS-SelfService ${SELFSERVICE_INSTALL_USER}@$$MACHINE:. ;\
ssh ${SELFSERVICE_INSTALL_USER}@$$MACHINE "cd FS-SelfService; perl Makefile.PL && make" ;\
ssh ${SELFSERVICE_INSTALL_USER}@$$MACHINE "cd FS-SelfService; sudo make install" ;\
scp ~freeside/.ssh/id_dsa.pub ${SELFSERVICE_INSTALL_USER}@$$MACHINE:. ;\
ssh ${SELFSERVICE_INSTALL_USER}@$$MACHINE "sudo ${SELFSERVICE_INSTALL_USERADD} freeside; sudo install -d -o freeside -m 755 ~freeside/.ssh/; sudo install -o freeside -m 600 ./id_dsa.pub ~freeside/.ssh/authorized_keys" ;\
ssh ${SELFSERVICE_INSTALL_USER}@$$MACHINE "sudo install -o freeside -d /usr/local/freeside" ;\
done
update-selfservice:
for MACHINE in ${SELFSERVICE_MACHINES}; do \
RSYNC_RSH=ssh rsync -rlptz fs_selfservice/FS-SelfService/ ${SELFSERVICE_INSTALL_USER}@$$MACHINE:FS-SelfService ;\
ssh ${SELFSERVICE_INSTALL_USER}@$$MACHINE "cd FS-SelfService; make clean; perl Makefile.PL && make" ;\
ssh ${SELFSERVICE_INSTALL_USER}@$$MACHINE "cd FS-SelfService; sudo make install" ;\
done
install-chown:
chown freeside "${FREESIDE_CACHE}/counters.${DATASOURCE}"
chown freeside "${FREESIDE_CACHE}/cache.${DATASOURCE}"
chown freeside "${FREESIDE_EXPORT}/export.${DATASOURCE}"
install: install-perl-modules install-docs install-init install-apache install-rt install-torrus install-texmf install-chown
deploy: install
${HTTPD_RESTART}
${FREESIDE_RESTART}
dev: dev-perl-modules dev-docs
create-database:
perl -e 'use DBIx::DataSource qw( create_database ); create_database( "${DATASOURCE}", "${DB_USER}", "${DB_PASSWORD}" ) or die $$DBIx::DataSource::errstr;'
create-config: install-perl-modules
[ -e ${FREESIDE_CONF} ] && mv ${FREESIDE_CONF} ${FREESIDE_CONF}.`date +%Y%m%d%H%M%S` || true
install -d -o freeside ${FREESIDE_CONF}
touch ${FREESIDE_CONF}/secrets
chown freeside ${FREESIDE_CONF}/secrets
chmod 600 ${FREESIDE_CONF}/secrets
/bin/echo -e "${DATASOURCE}\n${DB_USER}\n${DB_PASSWORD}" >${FREESIDE_CONF}/secrets
chmod 600 ${FREESIDE_CONF}/secrets
chown freeside ${FREESIDE_CONF}/secrets
mkdir "${FREESIDE_CACHE}/counters.${DATASOURCE}"
chown freeside "${FREESIDE_CACHE}/counters.${DATASOURCE}"
mkdir "${FREESIDE_CACHE}/cache.${DATASOURCE}"
chown freeside "${FREESIDE_CACHE}/cache.${DATASOURCE}"
mkdir "${FREESIDE_EXPORT}/export.${DATASOURCE}"
chown freeside "${FREESIDE_EXPORT}/export.${DATASOURCE}"
#install this for freeside-setup
install -d $(DIST_CONF)
#install conf/[a-z]* $(DEFAULT_CONF)
#CVS is not [a-z]
install `ls -d conf/[a-z]* | grep -v CVS | grep -v '^conf/registries'` $(DIST_CONF)
configure-rt:
cd rt; \
cp config.layout.in config.layout; \
perl -p -i -e "\
s'%%%FREESIDE_DOCUMENT_ROOT%%%'${FREESIDE_DOCUMENT_ROOT}'g;\
s'%%%MASONDATA%%%'${MASONDATA}'g;\
" config.layout; \
./configure --enable-layout=Freeside\
--with-db-type=${DB_TYPE} \
--with-db-dba=${DB_USER} \
--with-db-database=${RT_DB_DATABASE} \
--with-db-rt-user=${DB_USER} \
--with-db-rt-pass="${DB_PASSWORD}" \
--with-web-user=freeside \
--with-web-group=freeside \
--with-rt-group=freeside \
--with-web-handler=modperl2
create-rt: configure-rt
[ -d /opt ] || mkdir /opt #doh
[ -d /opt/rt3 ] || mkdir /opt/rt3 #
[ -d /opt/rt3/share ] || mkdir /opt/rt3/share #
cd rt; make install
rt/sbin/rt-setup-database --dba '${DB_USER}' \
--dba-password '${DB_PASSWORD}' \
--action schema \
|| true
rt/sbin/rt-setup-database --dba-password '${DB_PASSWORD}' \
--action coredata \
&& rt/sbin/rt-setup-database --dba-password '${DB_PASSWORD}' \
--action insert \
--datafile ${RT_PATH}/etc/initialdata \
|| true
install-rt:
if [ ${RT_ENABLED} -eq 1 ]; then ( cd rt; make install ); fi
if [ ${RT_ENABLED} -eq 1 ]; then perl -p -i -e "\
s'%%%RT_DOMAIN%%%'${RT_DOMAIN}'g;\
s'%%%RT_TIMEZONE%%%'${RT_TIMEZONE}'g;\
s'%%%FREESIDE_URL%%%'${FREESIDE_URL}'g;\
" ${RT_PATH}/etc/RT_SiteConfig.pm; fi
if [ ${RT_ENABLED} -eq 1 ]; then \
chown -R freeside:freeside ${RT_PATH}/etc; fi
install-rt-initialdata:
if [ ${RT_ENABLED} -eq 1 ] && [ -d ${RT_PATH} ]; then \
chown -R freeside:freeside ${RT_PATH}/etc; \
install -D -o freeside -g freeside -m 0440 rt/etc/initialdata \
${RT_PATH}/etc/initialdata; fi
configure-torrus:
cd torrus; \
torrus_user=freeside var_user=freeside var_group=freeside ./configure
install-torrus:
if [ ${TORRUS_ENABLED} -eq 1 ]; then ( cd torrus; \
make; \
make install; \
perl -p -i -e "\
s'%%%FREESIDE_URL%%%'${FREESIDE_URL}'g;\
" /usr/local/etc/torrus/conf/torrus-siteconfig.pl; \
torrus clearcache \
);fi
clean:
rm -rf masondocs
rm -rf httemplate/docs/man
rm -rf pod2htmi.tmp
rm -rf pod2htmd.tmp
-cd FS; \
make clean
-cd fs_selfservice/FS-SelfService; \
make clean
#these are probably only useful if you're me...
#release: upload-docs
.PHONY: release
release:
# Update the changelog
#./bin/cvs2cl
#cvs commit -m "Updated for ${VERSION}" ChangeLog
# Update the RPM specfile
#cvs edit ${RPM_SPECFILE}
#perl -p -i -e "s/\d+[^\}]+/${VERSION}/ if /%define\s+version\s+(\d+[^\}]+)\}/;" ${RPM_SPECFILE}
#perl -p -i -e "s/\d+[^\}]+/1/ if /%define\s+release\s+(\d+[^\}]+)\}/;" ${RPM_SPECFILE}
#cvs commit -m "Updated for ${VERSION}" ${RPM_SPECFILE}
# Update the Debian changelog
#cvs edit debian/changelog
#dch -v ${DEBVERSION} -p "New upstream release"
#cvs commit -m "Updated for ${VERSION}" debian/changelog
# Make sure other people's changes are pulled in!
git pull
# Tag the release
git tag -f ${TAG}
#cd /home/ivan
git archive --prefix=freeside-${VERSION}/ ${TAG} | gzip -9 >freeside-${VERSION}.tar.gz
scp freeside-${VERSION}.tar.gz ivan@420.am:/var/www/www.sisd.com/freeside/
mv freeside-${VERSION}.tar.gz ..
#these things failing should not make release target fail, so: "|| true"
#kick off vmware update
#./BUILD_VMWARE_APPLIANCE ${$TAG} || true
#kick off deb package update
#kick off rpm package update too?
#update web demo?
#update web demo self-service?

13
lab/vagrant/docker/thefnf/odoo/Dockerfile Normal file
View File

@ -0,0 +1,13 @@
FROM python:2.7
RUN apt-get install -y libldap2-dev libsasl2-dev && \
adduser odoo --system --group --shell /bin/bash
USER odoo
ENV HOME /home/odoo
ENV PATH $HOME/.local/bin:$PATH
WORKDIR /home/odoo
RUN curl http://nightly.odoo.com/8.0/nightly/src/odoo_8.0-latest.tar.gz |tar xz --strip-components 1 && \
python setup.py install --user && \
python setup.py install --user --single-version-externally-managed --root / # Strips version hash from module directories
ADD openerp_serverrc /home/odoo/.openerp_serverrc
EXPOSE 8069 8072
CMD openerp-server

62
lab/vagrant/docker/thefnf/odoo/openerp_serverrc Normal file
View File

@ -0,0 +1,62 @@
[options]
addons_path = /home/odoo/.local/lib/python2.7/site-packages/openerp/addons
admin_passwd = admin
auto_reload = False
csv_internal_sep = ,
data_dir = /home/odoo/.local/share/Odoo
db_host = postgres
db_maxconn = 64
db_name = False
db_password = odoo
db_port = 5432
db_template = template1
db_user = odoo
dbfilter = .*
debug_mode = False
demo = {}
email_from = False
import_partial =
limit_memory_hard = 2684354560
limit_memory_soft = 2147483648
limit_request = 8192
limit_time_cpu = 60
limit_time_real = 120
list_db = True
log_db = False
log_handler = [':INFO']
log_level = info
logfile = None
logrotate = False
longpolling_port = 8072
max_cron_threads = 2
osv_memory_age_limit = 1.0
osv_memory_count_limit = False
pg_path = None
pidfile = None
proxy_mode = False
reportgz = False
secure_cert_file = server.cert
secure_pkey_file = server.pkey
server_wide_modules = None
smtp_password = False
smtp_port = 25
smtp_server = localhost
smtp_ssl = False
smtp_user = False
syslog = False
test_commit = False
test_enable = False
test_file = False
test_report_directory = False
timezone = False
translate_modules = ['all']
unaccent = False
without_demo = False
workers = 0
xmlrpc = True
xmlrpc_interface =
xmlrpc_port = 8069
xmlrpcs = True
xmlrpcs_interface =
xmlrpcs_port = 8071

230
rubix/Monitoring/mibs/LM-SENSORS-MIB Normal file
View File

@ -0,0 +1,230 @@
LM-SENSORS-MIB DEFINITIONS ::= BEGIN
--
-- Derived from the original VEST-INTERNETT-MIB. Open issues:
--
-- (a) where to register this MIB?
-- (b) use not-accessible for diskIOIndex?
--
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, Integer32, Gauge32
FROM SNMPv2-SMI
DisplayString
FROM SNMPv2-TC
ucdExperimental
FROM UCD-SNMP-MIB;
lmSensorsMIB MODULE-IDENTITY
LAST-UPDATED "200011050000Z"
ORGANIZATION "AdamsNames Ltd"
CONTACT-INFO
"Primary Contact: M J Oldfield
email: m@mail.tc"
DESCRIPTION
"This MIB module defines objects for lm_sensor derived data."
REVISION "200011050000Z"
DESCRIPTION
"Derived from DISKIO-MIB ex UCD."
::= { lmSensors 1 }
lmSensors OBJECT IDENTIFIER ::= { ucdExperimental 16 }
--
lmTempSensorsTable OBJECT-TYPE
SYNTAX SEQUENCE OF LMTempSensorsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table of temperature sensors and their values."
::= { lmSensors 2 }
lmTempSensorsEntry OBJECT-TYPE
SYNTAX LMTempSensorsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry containing a device and its statistics."
INDEX { lmTempSensorsIndex }
::= { lmTempSensorsTable 1 }
LMTempSensorsEntry ::= SEQUENCE {
lmTempSensorsIndex Integer32,
lmTempSensorsDevice DisplayString,
lmTempSensorsValue Gauge32
}
lmTempSensorsIndex OBJECT-TYPE
SYNTAX Integer32 (0..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Reference index for each observed device."
::= { lmTempSensorsEntry 1 }
lmTempSensorsDevice OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The name of the temperature sensor we are reading."
::= { lmTempSensorsEntry 2 }
lmTempSensorsValue OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The temperature of this sensor in mC."
::= { lmTempSensorsEntry 3 }
--
lmFanSensorsTable OBJECT-TYPE
SYNTAX SEQUENCE OF LMFanSensorsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table of fan sensors and their values."
::= { lmSensors 3 }
lmFanSensorsEntry OBJECT-TYPE
SYNTAX LMFanSensorsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry containing a device and its statistics."
INDEX { lmFanSensorsIndex }
::= { lmFanSensorsTable 1 }
LMFanSensorsEntry ::= SEQUENCE {
lmFanSensorsIndex Integer32,
lmFanSensorsDevice DisplayString,
lmFanSensorsValue Gauge32
}
lmFanSensorsIndex OBJECT-TYPE
SYNTAX Integer32 (0..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Reference index for each observed device."
::= { lmFanSensorsEntry 1 }
lmFanSensorsDevice OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The name of the fan sensor we are reading."
::= { lmFanSensorsEntry 2 }
lmFanSensorsValue OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The rotation speed of the fan in RPM."
::= { lmFanSensorsEntry 3 }
--
lmVoltSensorsTable OBJECT-TYPE
SYNTAX SEQUENCE OF LMVoltSensorsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table of voltage sensors and their values."
::= { lmSensors 4 }
lmVoltSensorsEntry OBJECT-TYPE
SYNTAX LMVoltSensorsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry containing a device and its statistics."
INDEX { lmVoltSensorsIndex }
::= { lmVoltSensorsTable 1 }
LMVoltSensorsEntry ::= SEQUENCE {
lmVoltSensorsIndex Integer32,
lmVoltSensorsDevice DisplayString,
lmVoltSensorsValue Gauge32
}
lmVoltSensorsIndex OBJECT-TYPE
SYNTAX Integer32 (0..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Reference index for each observed device."
::= { lmVoltSensorsEntry 1 }
lmVoltSensorsDevice OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The name of the device we are reading."
::= { lmVoltSensorsEntry 2 }
lmVoltSensorsValue OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The voltage in mV."
::= { lmVoltSensorsEntry 3 }
--
lmMiscSensorsTable OBJECT-TYPE
SYNTAX SEQUENCE OF LMMiscSensorsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table of miscellaneous sensor devices and their values."
::= { lmSensors 5 }
lmMiscSensorsEntry OBJECT-TYPE
SYNTAX LMMiscSensorsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry containing a device and its statistics."
INDEX { lmMiscSensorsIndex }
::= { lmMiscSensorsTable 1 }
LMMiscSensorsEntry ::= SEQUENCE {
lmMiscSensorsIndex Integer32,
lmMiscSensorsDevice DisplayString,
lmMiscSensorsValue Gauge32
}
lmMiscSensorsIndex OBJECT-TYPE
SYNTAX Integer32 (0..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Reference index for each observed device."
::= { lmMiscSensorsEntry 1 }
lmMiscSensorsDevice OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The name of the device we are reading."
::= { lmMiscSensorsEntry 2 }
lmMiscSensorsValue OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this sensor."
::= { lmMiscSensorsEntry 3 }
END

15
slack/TODO Normal file
View File

@ -0,0 +1,15 @@
ELG
OSSEC (with mass reg)
NTP
SSH config (banner,restrictions)
SNMP configuration fixed
OSSEC
agent install
registration with server
Central syslog
Add to zenoss
Create /root/builtON(date)AT(time)

3
slack/ts-base-ovh/files/etc/aliases Normal file
View File

@ -0,0 +1,3 @@
root: prodtechopsalerts@turnsys.com
postmaster: root
clamav: root

3
slack/ts-base-ovh/files/etc/aliases(1) Normal file
View File

@ -0,0 +1,3 @@
root: prodtechopsalerts@turnsys.com
postmaster: root
clamav: root

9
slack/ts-base-ovh/files/etc/cron.d/sysstat Normal file
View File

@ -0,0 +1,9 @@
# The first element of the path is a directory where the debian-sa1
# script is located
PATH=/usr/lib/sysstat:/usr/sbin:/usr/sbin:/usr/bin:/sbin:/bin
# Activity reports every 10 minutes everyday
*/2 * * * * root command -v debian-sa1 > /dev/null && debian-sa1 1 1
# Additional run at 23:59 to rotate the statistics file
59 23 * * * root command -v debian-sa1 > /dev/null && debian-sa1 60 2

9
slack/ts-base-ovh/files/etc/cron.d/sysstat(1) Normal file
View File

@ -0,0 +1,9 @@
# The first element of the path is a directory where the debian-sa1
# script is located
PATH=/usr/lib/sysstat:/usr/sbin:/usr/sbin:/usr/bin:/sbin:/bin
# Activity reports every 10 minutes everyday
*/2 * * * * root command -v debian-sa1 > /dev/null && debian-sa1 1 1
# Additional run at 23:59 to rotate the statistics file
59 23 * * * root command -v debian-sa1 > /dev/null && debian-sa1 60 2

14
slack/ts-base-ovh/files/etc/cron.daily/clamscan Normal file
View File

@ -0,0 +1,14 @@
#!/bin/bash
#A script to scan build systems
#Execute the scan
#-i print only infected files
#-r scan recursively
#-stdout force everything to stdout
#-cross-fs=no don't cross filesystems
#--follow-dir-symlinks/--follow-file-symlinks=2 force clamav to follow all symbolic links
#--detect-pua[=yes/no(*)] Detect Possibly Unwanted Applications. See http://www.clamav.net/support/pua for the complete list of PUA
clamscan -i -r --quiet --stdout --exclude-pua=packed --cross-fs=no --follow-dir-symlinks=2 --follow-file-symlinks=2 \
--detect-pua=yes --exclude-dir=/usr/share/doc/clamav-0.97.6/test --exclude=".svn-base$|.py$|.xml$|.pcap$|.iso$|.txt$|.log$|pcap.|.flow$|.flow2$|.dat$|.rb$" /

22
slack/ts-base-ovh/files/etc/default/snmpd Normal file
View File

@ -0,0 +1,22 @@
# This file controls the activity of snmpd and snmptrapd
# Don't load any MIBs by default.
# You might comment this lines once you have the MIBs downloaded.
export MIBS=
# snmpd control (yes means start daemon).
SNMPDRUN=yes
# snmpd options (use syslog, close stdin/out/err).
SNMPDOPTS='-LS4d -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid -c /etc/snmp/snmpd.conf'
# snmptrapd control (yes means start daemon). As of net-snmp version
# 5.0, master agentx support must be enabled in snmpd before snmptrapd
# can be run. See snmpd.conf(5) for how to do this.
TRAPDRUN=no
# snmptrapd options (use syslog).
TRAPDOPTS='-Lsd -p /var/run/snmptrapd.pid'
# create symlink on Debian legacy location to official RFC path
SNMPDCOMPAT=yes

9
slack/ts-base-ovh/files/etc/default/sysstat Normal file
View File

@ -0,0 +1,9 @@
#
# Default settings for /etc/init.d/sysstat, /etc/cron.d/sysstat
# and /etc/cron.daily/sysstat files
#
# Should sadc collect system activity informations? Valid values
# are "true" and "false". Please do not put other values, they
# will be overwritten by debconf!
ENABLED="true"

8
slack/ts-base-ovh/files/etc/ntp.conf Normal file
View File

@ -0,0 +1,8 @@
restrict 127.0.0.1
restrict ::1
driftfile /var/lib/ntp/drift
server tsys-winsrv.turnsys.net
server tplab-dc02.tplab.tippingpoint.com
restrict default limited kod nomodify notrap nopeer noquery
restrict -6 default limited kod nomodify notrap nopeer noquery

33
slack/ts-base-ovh/files/etc/pki/ca-trust/source/anchors/TippingPointCARootCert.crt Normal file
View File

@ -0,0 +1,33 @@
-----BEGIN CERTIFICATE-----
MIIFsTCCA5mgAwIBAgIQPScq9qCwUrtAEaVlK2jqwzANBgkqhkiG9w0BAQsFADBr
MRMwEQYKCZImiZPyLGQBGRYDY29tMRwwGgYKCZImiZPyLGQBGRYMdGlwcGluZ3Bv
aW50MRUwEwYKCZImiZPyLGQBGRYFdHBsYWIxHzAdBgNVBAMTFlRpcHBpbmdQb2lu
dENBUm9vdENlcnQwHhcNMTYwMTA2MDA0MjIxWhcNMjYwMTA2MDA1MjE4WjBrMRMw
EQYKCZImiZPyLGQBGRYDY29tMRwwGgYKCZImiZPyLGQBGRYMdGlwcGluZ3BvaW50
MRUwEwYKCZImiZPyLGQBGRYFdHBsYWIxHzAdBgNVBAMTFlRpcHBpbmdQb2ludENB
Um9vdENlcnQwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCgbaS0izbY
qSNT6fMB+bOgTK3w++1p5IlGboQXKY2pQqZJ/JukO+WiLUn7+Owl8Nfqk6ihd9Xz
zTcSJiZTI8ENUBfGLfEKxdHgOlgxU6+Tk6PNfEWw3wmVkhRd0noty1xfOVOr4kH7
8iPwT8uCBxzpU206bjVKowhsnRrqTXj6N0UiQP1EzSz3m/2aSNMT1E4kQqkYoaHL
mA68ODGXWtIfAVpc7qnwKEQ3amfBtZ8dv2xz75O9ks/Q7PICIz3s22LsUhpiy7Au
4ZATNYyD/NDUMKl+YmkM9CHdL4izof7Kb8uQ46TLdC0ww6SaN+suDGY99RMgzKxJ
vbPR7Zgmj8Frao5Bp8S25eZ8vCWNWAQ9MHt6H4PbzPN9tCoTTn3IEdBw6V+hR187
Eqzg+3ZTK+3sfsYrjRfV2dcTjCfHJFkmmEDIQ/0F9RwhWvUSG7sfkYEHmGAQBQqu
XSJjssGrVK37QBQ4RdDhkE1eCc/s7R8/0j3KOH/pfiEoFqH6etaBHci6N2zA6yjV
t4mnVjVj/dk19GKWTH5+nHAM4TH0Jo68fpyarxktnMWXgtKbgxnPIQHAJbr3oP3q
2xZrm7eZflzjlSdrqTnAr8OxcjF0Ayima5Ru6BAAjG6MH4+N5BIfXLbeDU5Au1IN
vRuIAtwL1Gf96xRtSMdBjxV1LvZ+3ULQdQIDAQABo1EwTzALBgNVHQ8EBAMCAYYw
DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUhFFfhb8mfpDmyU6pLPhr66/bS1ow
EAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZIhvcNAQELBQADggIBABGI6lL8WZpWvDJa
MZkHQ3bNNxCsWAJYl8tQInE4H4dcxkJoQ25HtNTYG/q5+biNuNX1FnS4b5hrjwJt
eXKX69+iK8ZIw4ZHF2dju11neGWA+erOicfm9U/dR3yr3C4qreLRJUKy4gnzNw7Y
ZELZYnzBJU1UkqIjBpV6Zc96YcxS90G43G/3X8A05wrcVqdlSbCOTiss3uhBPSK3
2muXsb7X7le6dMPDdRWuGrxDg273nydpA8kJKVjYX+iQ6Sb2xCFZOysddT0GE+GP
MR9WrPQXy8vc/p6Pdxh63Re573uvFSw1bZlFg8HnPm/zOfgJGRKL9MlxVuwXayuD
mwC6VpZQEM9hTQGlvYgoDXKLNlYubHCsjMMVsd04duAe3zGnJTTG/Cx2s0d47W85
XSILHoSFFCzLZKyJLP+YIyPmwn8AvP60BOhZ3/8qG0CHKZLFE12y+zdcMkC9zvPZ
LJjbQj/b+3FV2R62qCQ9sv+VvYVNOzPt739HhEj0vRjE6P3rziEKLti+2/yU7nmg
yJ2yzThkVDxlyGApK4v+5zmXFcW4Gx8B9S/xfAjNbg3G+suPZk7BZimwb525DS+h
qUVykOjMjc032vdmxDG8otD5sI7VGo9SpY/rmiopgCIjhyyf6nIjw7zWK0rYyVY/
woFdFg8zctyGe5NDFFENaWUjtXtE
-----END CERTIFICATE-----

26
slack/ts-base-ovh/files/etc/pki/ca-trust/source/anchors/hpca2ssG2_ns.crt Normal file
View File

@ -0,0 +1,26 @@
-----BEGIN CERTIFICATE-----
MIIEWzCCA0OgAwIBAgIQVbqNi0d6mBqn4MEPf0l2vTANBgkqhkiG9w0BAQUFADCB
njEPMA0GA1UEChMGaHAuY29tMRowGAYDVQQLExFJVCBJbmZyYXN0cnVjdHVyZTEL
MAkGA1UEBhMCVVMxIDAeBgNVBAoTF0hld2xldHQtUGFja2FyZCBDb21wYW55MUAw
PgYDVQQDEzdIZXdsZXR0LVBhY2thcmQgUHJpdmF0ZSBDbGFzcyAyIENlcnRpZmlj
YXRpb24gQXV0aG9yaXR5MB4XDTExMDgyMzAwMDAwMFoXDTIxMDgyMjIzNTk1OVow
gZ4xDzANBgNVBAoTBmhwLmNvbTEaMBgGA1UECxMRSVQgSW5mcmFzdHJ1Y3R1cmUx
CzAJBgNVBAYTAlVTMSAwHgYDVQQKExdIZXdsZXR0LVBhY2thcmQgQ29tcGFueTFA
MD4GA1UEAxM3SGV3bGV0dC1QYWNrYXJkIFByaXZhdGUgQ2xhc3MgMiBDZXJ0aWZp
Y2F0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AKfXIcPOZT2dpt6b8WzjBl0gSrRfM30xMHxJG0xlEuM8WGevR0vNFNTw4i+tVafB
CpLLUWliRlj9AWjsIRLRsuMp1goMci1yhs/4wzcGDOI4Ax+xp9/pkjomKmC1b1cB
KVzqgwtfjBwfynDfss1mWe7NJaYEvpFYTBoAgJu2eBdI2r5JWQDITKNk1suB2tUP
+K+x2i0R/BTMSm1tmGOwIN3q8yKD3gI9UEp9iTWisTY6P84rDd7mu6DLpuGj+M7y
OAssk487zA0NHJgQiObnaeLZlGhlrVHNNP8pfCYy5J0rL8nclsN71Tp4KwvBOKj1
/DWXTj1KOOH8o7mpQ1vJKBUCAwEAAaOBkjCBjzAOBgNVHQ8BAf8EBAMCAQYwEgYD
VR0TAQH/BAgwBgEB/wIBATApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRVmVyaVNp
Z25NUEtJLTItOTMwHQYDVR0OBBYEFDft9xV5LTClmJp1tlw344jqEWrVMB8GA1Ud
IwQYMBaAFDft9xV5LTClmJp1tlw344jqEWrVMA0GCSqGSIb3DQEBBQUAA4IBAQCb
N8G+cyzWazSAWPdVXNwM+KczUorjHK4XWSvwtR3YM7Iiwhoe+IQOxgvawwV1nxaf
DujY8Dw2HbnoNXAsliBJL5cQ3g9DOX2KMa5AgZUawW6EWsPJXKxf1oIV3VHgyESp
nJXUoLhCzUoz1Av7SFg2Fh6BqLTgslJ0c0kpm+IVl2CCN9Aqh01iKEctpafrnAcN
IEdkvKsT5GaxMidQuZjlrlRpX5Gu9t4yRdBNX3A5pTfQIa0uqRmhEAPLcFucD9BS
qqtehrPH+B+fGCyZIjD/JQpl6jQ0uDtAygXiIDIILKOg2wVd7SBB7Wru9RxiZmCj
JjMDuDgcbh+4mXM7fWWq
-----END CERTIFICATE-----

38
slack/ts-base-ovh/files/etc/postfix/main.cf Normal file
View File

@ -0,0 +1,38 @@
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h
readme_directory = no
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = txn04-server-template
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = txn04-server-template, localhost.localdomain, localhost
relayhost = qarelay.tplab.tippingpoint.com
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all

34
slack/ts-base-ovh/files/etc/profile Normal file
View File

@ -0,0 +1,34 @@
# /etc/profile: system-wide .profile file for the Bourne shell (sh(1))
# and Bourne compatible shells (bash(1), ksh(1), ash(1), ...).
if [ "$PS1" ]; then
if [ "$BASH" ] && [ "$BASH" != "/bin/sh" ]; then
# The file bash.bashrc already sets the default PS1.
# PS1='\h:\w\$ '
if [ -f /etc/bash.bashrc ]; then
. /etc/bash.bashrc
fi
else
if [ "`id -u`" -eq 0 ]; then
PS1='# '
else
PS1='$ '
fi
fi
fi
# The default umask is now handled by pam_umask.
# See pam_umask(8) and /etc/login.defs.
if [ -d /etc/profile.d ]; then
for i in /etc/profile.d/*.sh; do
if [ -r $i ]; then
. $i
fi
done
unset i
fi
export HISTTIMEFORMAT="%Y-%m-%d %T "
set -o vi

4
slack/ts-base-ovh/files/etc/resolv(1).conf Normal file
View File

@ -0,0 +1,4 @@
nameserver 10.253.3.86
domain turnsys.net
search turnsys.net
options timeout:1 attempts:2 rotate

4
slack/ts-base-ovh/files/etc/resolv.conf Normal file
View File

@ -0,0 +1,4 @@
nameserver 10.253.3.86
domain turnsys.net
search turnsys.net
options timeout:1 attempts:2 rotate

11
slack/ts-base-ovh/files/etc/snmp/snmpd.conf Normal file
View File

@ -0,0 +1,11 @@
com2sec readonly default kn3l
group MyROGroup v1 readonly
group MyROGroup v2c readonly
group MyROGroup usm readonly
view all included .1 80
access MyROGroup "" any noauth exact all none none
includeAllDisks 20%
syslocation OVH Montreal CA
syscontact techops-alerts@turnsys.com
#This line allows Observium to detect the host OS if the distro script is installed
extend .1.3.6.1.4.1.2021.7890.1 distro /usr/bin/distro

11
slack/ts-base-ovh/files/etc/ssh/sshd-banner Normal file
View File

@ -0,0 +1,11 @@
Welcome Human.
This is a private system operated for Turn Net Systems LLC official company business
only. Prior authorization is required to use this system.
The Turn Net Systems LLC Standards of Business Conduct and all Turn Net Systems LLC
Information Security policies and standards must be strictly followed
at all times. Use by unauthorized persons is prohibited and may
result in civil and/or criminal liability and prosecution.
Please contact techops-discuss@turnsys.com for any issues with this system.

99
slack/ts-base-ovh/files/etc/ssh/sshd_config Normal file
View File

@ -0,0 +1,99 @@
# Package generated configuration file
# See the sshd_config(5) manpage for details
# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 1024
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 120
PermitRootLogin without-password
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
#MaxStartups 10:30:60
#Banner /etc/issue.net
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
DenyUsers labuser
#AllowUsers localuser
#DenyGroups
#AllowGroups esplabadmins
Banner /etc/ssh/sshd-banner
Match user localuser
PasswordAuthentication no

98
slack/ts-base-ovh/files/etc/ssh/sshd_config.ubuntu Normal file
View File

@ -0,0 +1,98 @@
# Package generated configuration file
# See the sshd_config(5) manpage for details
# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no
# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes
# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
# GSSAPI options
#GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no
#MaxStartups 10:30:60
# Allow client to pass locale environment variables
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes
#Deny access to labuser on linux virtual machines. Per Rick Fangman 12/16/2013 weekly meeting
DenyUsers labuser
#AllowUsers localuser
#DenyGroups
#AllowGroups esplabadmins
Banner /etc/ssh/sshd-banner
Match user localuser
PasswordAuthentication no

12
slack/ts-base-ovh/files/etc/ssh/welcome-banner Normal file
View File

@ -0,0 +1,12 @@
Hello Trender.
IMPORTANT INFO ABOUT THIS VIRTUAL MACHINE!!
This virtual machine is considered expendable therefore
it is not backed up. Your home directory (/home) however,
is backed up so please store data you do not wish to lose
there. The lab team will make a best effort attempt to
troubleshoot virtual machine issues and will re-deploy
the VM if issues are not easily resolved. Any questions
should be directed to tplabsupport@trendmicro.com

28
slack/ts-base-ovh/files/etc/sssd/sssd.conf Normal file
View File

@ -0,0 +1,28 @@
[sssd]
services = nss, pam
config_file_version = 2
domains = TURNSYS.NET
filter_users = rackrental,rundeck
filter_groups = rackrental,rundeck
[domain/TURNSYS.NET]
id_provider = ad
access_provider = ad
# Use this if users are being logged in at /.
# This example specifies /home/DOMAIN-FQDN/user as $HOME. Use with pam_mkhomedir.so
override_homedir = /local/%u
# Uncomment if the client machine hostname doesn't match the computer object on the DC.
# ad_hostname = mymachine.myubuntu.example.com
# Uncomment if DNS SRV resolution is not working
# ad_server = dc.mydomain.example.com
# Uncomment if the AD domain is named differently than the Samba domain
# ad_domain = MYUBUNTU.EXAMPLE.COM
# Enumeration is discouraged for performance reasons.
enumerate = true

34
slack/ts-base-ovh/files/etc/sudoers Normal file
View File

@ -0,0 +1,34 @@
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
Defaults mail_badpass
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL:ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
%adm ALL=(ALL) ALL
# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
# See sudoers(5) for more information on "#include" directives:
#includedir /etc/sudoers.d
%pelanelikeslilboyz ALL=(ALL) NOPASSWD: ALL
localuser ALL=(ALL) NOPASSWD: ALL

6
slack/ts-base-ovh/files/local/localuser/.ssh/authorized_keys Normal file
View File

@ -0,0 +1,6 @@
#Brendan's key
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCv0uQyWWp758LhpmCP2CDUl/6jO1Fp4gp0/OW3Od1LSl2/Rv1LWMMejcM/K0URdBymZvcxzuaz1DQ63ufGvzp7NpVe2+iQfN08yZCdzcYMZkugj4ZKaGcQzpjP4gaEZRJuq5I7YY6mI6i6+IyxgV6egWYy3hllYc+J40WS2lyNGZ1T8KKrFjDzqqgJQ83b2meYrlXCojx1V8gJ4hvgOrPMh4FwkeQgpu0nDf5EXAFLFgGOSAUew8G/3czxvpxSg+B9I33PIb8uJtjzh0b+qnIGQJjY5y58MoqZZIoMIiYEPjzLF116VHOft7Eo2CqOoHPZZ68XBCGaRY9OJus07ES2V+dBjEXFezXULnw0fCClf/Phke2e5yBHUuFZaL9ARmrnHRK9aZ+eTMvBtVrQ2OJVFDt8dhO2C5KNzXVkVHsLJ3rFK5a76Jd3y40aIvdaS/8MhX6dkD+r4+xzVUYnY8MDHkLGEnF6kG+Wolx/fVLHrgR7o3lTDm8A/5g6Vl6cglEg8ojH5i2KY4tcaGEyFIxkgAL/PFTcWcLvTCusqQ+4bewaxvRa099HIu7BT6u8BpVa+Xojub5R1/7lvRUlf8y3kzmLOEvzWGSr/npbJavomRs12xOVDlEKJfRU7eSys/wLZO7G/yyky4sltqyu+qMho3sM1Xcan86viwvDD2NcOw== 17:3d:ee:52:6c:19:90:66:8c:47:c0:60:04:1b:d1:bf brendan-key
#Charles' key
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCo5T0FEUKoYaxRhjs9yWzKtEyXuKJvTWolryD395eqyBJ0xOxbkXJ+8EMwKtWM6NW5qaqWbT2JJ/VzOIcoYmxAu++qwSWOeskVr+FxPr2ypaWD98nJy+CpZ9RN6Pw6KikHakyqzSUWKXdovWiTpdzqRO+j0LmJmgUiT3Nsh42eybvt/T7JMkVG4W+joRX+DCS4UIRRQgMRD4TqBQ/jr9m7Vs0aJn1lflgsprsacgog+sHlEzitwwcRqMNpp5Jm0Dfhj6PqAvsgKJYWOOMFVowvGsqnQ9wqJo5AlllbTGV1RHeIBO3fRRU8Ud9TPA3Afx16/apf1nkLhV8QX9mIxEWp id_rsa
#Rundeck key
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1dPKaThs0gabBi3fyTqcSMm0yznf9gKD4/LeTGaYdeKKebWTsxLgFjoi6pNm/QrhUTwc86+K55LT5L8MLN05Vtgs2L5VL5gEAjRMdZABujrqnsLbsHs/EwOhr1Jtq7YhyWeeh8zs4dApq3xWUepgOrBHrjMjkKo4ygerQuNgDYZsnul0U+tqTdnt1S3G8kwRaycBzJAnAAFShbBNJtj4s1dDhcQl8FAwcdFkV4YmyyTT91m9XGAAUvqZvYaNjCPa2s2InnR9adSEss4BfU/xwoVMMZ7rO0juwwzqDlklNcH22pId8I3Ljp7OxMi0Q5O1GXVa63ocb+j4/cz+r/u37 root@toolbox

2
slack/ts-base-ovh/files/root/.ssh/authorized_keys Normal file
View File

@ -0,0 +1,2 @@
#Rundeck key
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1dPKaThs0gabBi3fyTqcSMm0yznf9gKD4/LeTGaYdeKKebWTsxLgFjoi6pNm/QrhUTwc86+K55LT5L8MLN05Vtgs2L5VL5gEAjRMdZABujrqnsLbsHs/EwOhr1Jtq7YhyWeeh8zs4dApq3xWUepgOrBHrjMjkKo4ygerQuNgDYZsnul0U+tqTdnt1S3G8kwRaycBzJAnAAFShbBNJtj4s1dDhcQl8FAwcdFkV4YmyyTT91m9XGAAUvqZvYaNjCPa2s2InnR9adSEss4BfU/xwoVMMZ7rO0juwwzqDlklNcH22pId8I3Ljp7OxMi0Q5O1GXVa63ocb+j4/cz+r/u37 root@toolbox

2
slack/ts-base-ovh/files/root/.ssh/authorized_keys(1) Normal file
View File

@ -0,0 +1,2 @@
#Rundeck key
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1dPKaThs0gabBi3fyTqcSMm0yznf9gKD4/LeTGaYdeKKebWTsxLgFjoi6pNm/QrhUTwc86+K55LT5L8MLN05Vtgs2L5VL5gEAjRMdZABujrqnsLbsHs/EwOhr1Jtq7YhyWeeh8zs4dApq3xWUepgOrBHrjMjkKo4ygerQuNgDYZsnul0U+tqTdnt1S3G8kwRaycBzJAnAAFShbBNJtj4s1dDhcQl8FAwcdFkV4YmyyTT91m9XGAAUvqZvYaNjCPa2s2InnR9adSEss4BfU/xwoVMMZ7rO0juwwzqDlklNcH22pId8I3Ljp7OxMi0Q5O1GXVa63ocb+j4/cz+r/u37 root@toolbox

9
slack/ts-base-ovh/files/usr/local/bin/upAndRoll.sh Normal file
View File

@ -0,0 +1,9 @@
#!/bin/bash
apt-get update
apt-get -y --purge autoremove
apt-get -y upgrade
apt-get -y dist-upgrade
apt-get -y --purge autoremove
/sbin/reboot

0
slack/ts-base-ovh/files/usr/local/share/ca-certificates/EMPTY-TOFIX-TurnNetSystemsIntermediateCARootCert.crt Normal file
View File

4
slack/ts-base-ovh/scripts/fixfiles Normal file
View File

@ -0,0 +1,4 @@
chown -R localuser /var/lib/slack/stage/roles/txn04-base/files/local/localuser/
chgrp -R localuser /var/lib/slack/stage/roles/txn04-base/files/local/localuser/
chown -R localuser /var/lib/slack/stage/roles/txn04-base/files/local/localuser/.ssh/*
chgrp -R localuser /var/lib/slack/stage/roles/txn04-base/files/local/localuser/.ssh/*

71
slack/ts-base-ovh/scripts/postinstall Normal file
View File

@ -0,0 +1,71 @@
#!/bin/bash -l
#
set -o nounset
#ovhbase slack postinstall script
#This contains code that is run across 100% of the Linux systems built at Turn Net Systems LLC for subscribing series managed by Charles/Brendan
#Author: Charles N Wyble
#Copyright ALL RIGHTS RESERVED BY TURN NET SYSTEMS
#Boilerplate function
#Code for error handling
error-out()
{
echo "Errors!!!"
exit 1
}
#####################################################################################################################################
#Called from main
#Takes two arguments, both are environment variables setup in the main function
#####################################################################################################################################
main()
{
#Step 1: Update the cache and apply all vendor patches
export DEBIAN_FRONTEND="noninteractive" && apt-get -y update
export DEBIAN_FRONTEND="noninteractive" && apt-get -y dist-upgrade
#Step 2: Cleanup default cruft
export DEBIAN_FRONTEND="noninteractive" && apt-get -qq --yes --force-yes --purge remove nano resolvconf
#Step 3: Creature comforts
DEBIAN_FRONTEND="noninteractive" && apt-get -qq --yes --force-yes -o Dpkg::Options::="--force-confold" install snmpd sssd-ad sysv-rc-conf ncdu iftop nethogs screen open-vm-tools acct tshark tcpdump glances dstat htop sysdig sysstat ntp rsync ngrep ufw clamav logwatch zsh sl postfix krb5-user samba autofs adcli molly-guard git
#Turn on process accounting
accton on
#Set services to start on startup
#sysv-rc-conf on snmpd
#Firewall
ufw --force enable
ufw allow ssh/tcp
ufw allow proto udp from 15.226.142.38 to any port 161
#SSL bits
update-ca-certificates
echo "Server type is $1"
#Join active directory only if we are a cvm or prod system
/etc/init.d/ntp stop
ntpdate tsys-winsrv.turnsys.net
/etc/init.d/ntp start
echo -n 'adjoin123' | adcli join -U addcomputer -D turnsys.net -S tsys-winsrv.turnsys.net --stdin-password -v
chmod 600 /etc/sssd/sssd.conf
chown root:root /etc/sssd/sssd.conf
service sssd start
}
#####################################################################################################################################
#Execution starts main() #
#####################################################################################################################################
main

BIN
tsys-ca/admin-code/live-build-pki.tar.gz Normal file
View File

Binary file not shown.