diff --git a/CMDB/snmp/.svn/all-wcprops b/CMDB/snmp/.svn/all-wcprops new file mode 100755 index 0000000..1b48647 --- /dev/null +++ b/CMDB/snmp/.svn/all-wcprops @@ -0,0 +1,29 @@ +K 25 +svn:wc:ra_dav:version-url +V 57 +/rg0103/pdesubversion-tpqaslack/!svn/ver/366/scripts/snmp +END +debian-default-snmpd +K 25 +svn:wc:ra_dav:version-url +V 78 +/rg0103/pdesubversion-tpqaslack/!svn/ver/315/scripts/snmp/debian-default-snmpd +END +centos-snmpd.options +K 25 +svn:wc:ra_dav:version-url +V 78 +/rg0103/pdesubversion-tpqaslack/!svn/ver/359/scripts/snmp/centos-snmpd.options +END +setup-snmp.sh +K 25 +svn:wc:ra_dav:version-url +V 71 +/rg0103/pdesubversion-tpqaslack/!svn/ver/366/scripts/snmp/setup-snmp.sh +END +snmpd.conf +K 25 +svn:wc:ra_dav:version-url +V 68 +/rg0103/pdesubversion-tpqaslack/!svn/ver/276/scripts/snmp/snmpd.conf +END diff --git a/CMDB/snmp/.svn/entries b/CMDB/snmp/.svn/entries new file mode 100755 index 0000000..a657701 --- /dev/null +++ b/CMDB/snmp/.svn/entries @@ -0,0 +1,164 @@ +10 + +dir +440 +https://svn01.atlanta.hp.com/rg0103/pdesubversion-tpqaslack/scripts/snmp +https://svn01.atlanta.hp.com/rg0103/pdesubversion-tpqaslack + + + +2013-10-30T20:33:11.769859Z +366 +wyble@hp.com + + + + + + + + + + + + + + +92b00a8e-620f-4ac7-abd2-c9ef5b6c269b + +debian-default-snmpd +file + + + + +2013-12-10T21:18:03.480402Z +536542d8470261eb1971bd3bb35adf68 +2013-10-02T16:57:28.319476Z +315 +wyble@hp.com + + + + + + + + + + + + + + + + + + + + + +723 + +centos-snmpd.options +file + + + + +2013-12-10T21:18:03.487402Z +40233436f1b04129a231dba3a5225762 +2013-10-25T19:11:31.312453Z +359 +wyble@hp.com +has-props + + + + + + + + + + + + + + + + + + + + +135 + +setup-snmp.sh +file + + + + +2013-12-10T21:18:03.492402Z +dde4ae53ae1e316b551dbc386ac30e9b +2013-10-30T20:33:11.769859Z +366 +wyble@hp.com + + + + + + + + + + + + + + + + + + + + + +1350 + +snmpd.conf +file + + + + +2013-12-10T21:18:03.496402Z +88b7c51014dbd12d784982d41c3ae7e7 +2013-09-17T18:44:43.972099Z +276 +wyble@hp.com + + + + + + + + + + + + + + + + + + + + + +474 + diff --git a/CMDB/snmp/.svn/prop-base/centos-snmpd.options.svn-base b/CMDB/snmp/.svn/prop-base/centos-snmpd.options.svn-base new file mode 100755 index 0000000..869ac71 --- /dev/null +++ b/CMDB/snmp/.svn/prop-base/centos-snmpd.options.svn-base @@ -0,0 +1,5 @@ +K 14 +svn:executable +V 1 +* +END diff --git a/CMDB/snmp/.svn/text-base/centos-snmpd.options.svn-base b/CMDB/snmp/.svn/text-base/centos-snmpd.options.svn-base new file mode 100755 index 0000000..58fd07c --- /dev/null +++ b/CMDB/snmp/.svn/text-base/centos-snmpd.options.svn-base @@ -0,0 +1,3 @@ +# snmpd command line options +OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd.pid" +#OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd.pid -a" diff --git a/CMDB/snmp/.svn/text-base/debian-default-snmpd.svn-base b/CMDB/snmp/.svn/text-base/debian-default-snmpd.svn-base new file mode 100755 index 0000000..14f2b86 --- /dev/null +++ b/CMDB/snmp/.svn/text-base/debian-default-snmpd.svn-base @@ -0,0 +1,22 @@ +# This file controls the activity of snmpd and snmptrapd + +# Don't load any MIBs by default. +# You might comment this lines once you have the MIBs downloaded. +export MIBS= + +# snmpd control (yes means start daemon). +SNMPDRUN=yes + +# snmpd options (use syslog, close stdin/out/err). +SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid' + +# snmptrapd control (yes means start daemon). As of net-snmp version +# 5.0, master agentx support must be enabled in snmpd before snmptrapd +# can be run. See snmpd.conf(5) for how to do this. +TRAPDRUN=no + +# snmptrapd options (use syslog). +TRAPDOPTS='-Lsd -p /var/run/snmptrapd.pid' + +# create symlink on Debian legacy location to official RFC path +SNMPDCOMPAT=yes diff --git a/CMDB/snmp/.svn/text-base/setup-snmp.sh.svn-base b/CMDB/snmp/.svn/text-base/setup-snmp.sh.svn-base new file mode 100755 index 0000000..508d1ab --- /dev/null +++ b/CMDB/snmp/.svn/text-base/setup-snmp.sh.svn-base @@ -0,0 +1,62 @@ +#!/bin/bash +#A script to setup snmp on redhat/debian systems + + + +centos_snmp() +#Install SNMP on a cent box +{ +#Fix yum.conf +wget -O /etc/yum/yum.conf http://slack-master.tplab.tippingpoint.com/yum.conf + + +#Install snmpd +yum -y install net-snmp + +#Install observium bits +wget -O /usr/bin/distro http://www.observium.org/svn/observer/trunk/scripts/distro +chmod 755 /usr/bin/distro + +#Pull down snmpd configuration files +wget -O /etc/snmp/snmpd.conf http://slack-master.tplab.tippingpoint.com/snmp/snmpd.conf +wget -O /etc/sysconfig/snmpd.options http://slack-master.tplab.tippingpoint.com/snmp/centos-snmpd.options + +#Restart snmpd +/etc/init.d/snmpd restart + +chkconfig snmpd on +} + + +debian_snmp() +#Install snmp on a debian box +{ +#Install snmpd +apt-get -y install snmpd + +#Install observium bits +wget -O /usr/bin/distro http://www.observium.org/svn/observer/trunk/scripts/distro +chmod 755 /usr/bin/distro + +#Pull down snmpd configuration files +wget -O /etc/default/snmpd http://slack-master.tplab.tippingpoint.com/snmp/debian-default-snmpd.conf +wget -O /etc/snmp/snmpd.conf http://slack-master.tplab.tippingpoint.com/snmp/snmpd.conf + +#Restart snmpd +/etc/init.d/snmpd restart + +chkconfig snmpd on +} + + +DIST=$(lsb_release -d) + +if [ $(echo $DIST | grep Ubuntu -c) -eq 1 ]; +then +debian_snmp +fi + +if [ $(echo $DIST | grep Centos -c) -eq 1 ]; +then +centos_snmp +fi diff --git a/CMDB/snmp/.svn/text-base/snmpd.conf.svn-base b/CMDB/snmp/.svn/text-base/snmpd.conf.svn-base new file mode 100755 index 0000000..41b2cf3 --- /dev/null +++ b/CMDB/snmp/.svn/text-base/snmpd.conf.svn-base @@ -0,0 +1,10 @@ +com2sec readonly default mng-actua1 +group MyROGroup v1 readonly +group MyROGroup v2c readonly +group MyROGroup usm readonly +view all included .1 80 +access MyROGroup "" any noauth exact all none none +syslocation Austin TX USA +syscontact esplabsupport@hp.com +#This line allows Observium to detect the host OS if the distro script is installed +extend .1.3.6.1.4.1.2021.7890.1 distro /usr/bin/distro diff --git a/CMDB/snmp/centos-snmpd.options b/CMDB/snmp/centos-snmpd.options new file mode 100755 index 0000000..58fd07c --- /dev/null +++ b/CMDB/snmp/centos-snmpd.options @@ -0,0 +1,3 @@ +# snmpd command line options +OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd.pid" +#OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd.pid -a" diff --git a/CMDB/snmp/debian-default-snmpd b/CMDB/snmp/debian-default-snmpd new file mode 100755 index 0000000..d20bb04 --- /dev/null +++ b/CMDB/snmp/debian-default-snmpd @@ -0,0 +1,22 @@ +# This file controls the activity of snmpd and snmptrapd + +# Don't load any MIBs by default. +# You might comment this lines once you have the MIBs downloaded. +export MIBS= + +# snmpd control (yes means start daemon). +SNMPDRUN=yes + +# snmpd options (use syslog, close stdin/out/err). +SNMPDOPTS='-LS4d -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid' + +# snmptrapd control (yes means start daemon). As of net-snmp version +# 5.0, master agentx support must be enabled in snmpd before snmptrapd +# can be run. See snmpd.conf(5) for how to do this. +TRAPDRUN=no + +# snmptrapd options (use syslog). +TRAPDOPTS='-Lsd -p /var/run/snmptrapd.pid' + +# create symlink on Debian legacy location to official RFC path +SNMPDCOMPAT=yes diff --git a/CMDB/snmp/distro b/CMDB/snmp/distro new file mode 100755 index 0000000..f4bed4b --- /dev/null +++ b/CMDB/snmp/distro @@ -0,0 +1,70 @@ +#!/bin/sh +# Detects which OS and if it is Linux then it will detect which Linux Distribution. + +OS=`uname -s` +REV=`uname -r` +MACH=`uname -m` + +if [ "${OS}" = "SunOS" ] ; then + OS=Solaris + ARCH=`uname -p` + OSSTR="${OS} ${REV}(${ARCH} `uname -v`)" +elif [ "${OS}" = "AIX" ] ; then + OSSTR="${OS} `oslevel` (`oslevel -r`)" +elif [ "${OS}" = "Linux" ] ; then + KERNEL=`uname -r` + if [ -f /etc/redhat-release ] ; then + DIST=$(cat /etc/redhat-release | awk '{print $1}') + if [ "${DIST}" = "CentOS" ]; then + DIST="CentOS" + elif [ "${DIST}" = "Mandriva" ]; then + DIST="Mandriva" + PSEUDONAME=`cat /etc/mandriva-release | sed s/.*\(// | sed s/\)//` + REV=`cat /etc/mandriva-release | sed s/.*release\ // | sed s/\ .*//` + elif [ "${DIST}" = "Fedora" ]; then + DIST="Fedora" + else + DIST="RedHat" + fi + + PSEUDONAME=`cat /etc/redhat-release | sed s/.*\(// | sed s/\)//` + REV=`cat /etc/redhat-release | sed s/.*release\ // | sed s/\ .*//` + elif [ -f /etc/SuSE-release ] ; then + DIST=`cat /etc/SuSE-release | tr "\n" ' '| sed s/VERSION.*//` + REV=`cat /etc/SuSE-release | tr "\n" ' ' | sed s/.*=\ //` + elif [ -f /etc/mandrake-release ] ; then + DIST='Mandrake' + PSEUDONAME=`cat /etc/mandrake-release | sed s/.*\(// | sed s/\)//` + REV=`cat /etc/mandrake-release | sed s/.*release\ // | sed s/\ .*//` + elif [ -f /etc/debian_version ] ; then + if [ -f /etc/mailcleaner/etc/mailcleaner/version.def ] ; then + DIST="MailCleaner" + REV=`cat /etc/mailcleaner/etc/mailcleaner/version.def` + else + DIST="Debian `cat /etc/debian_version`" + REV="" + fi + fi + + if [ -f /etc/UnitedLinux-release ] ; then + DIST="${DIST}[`cat /etc/UnitedLinux-release | tr "\n" ' ' | sed s/VERSION.*//`]" + fi + + if [ -f /etc/lsb-release ] ; then + LSB_DIST="`cat /etc/lsb-release | grep DISTRIB_ID | cut -d "=" -f2`" + LSB_REV="`cat /etc/lsb-release | grep DISTRIB_RELEASE | cut -d "=" -f2`" + if [ "$LSB_DIST" != "" ] ; then + DIST=$LSB_DIST + REV=$LSB_REV + fi + fi + +# OSSTR="${OS} ${DIST} ${REV}(${PSEUDONAME} ${KERNEL} ${MACH})" + OSSTR="${DIST} ${REV}" +elif [ "${OS}" = "Darwin" ] ; then + if [ -f /usr/bin/sw_vers ] ; then + OSSTR=`/usr/bin/sw_vers|grep -v Build|sed 's/^.*:.//'| tr "\n" ' '` + fi +fi + +echo ${OSSTR} diff --git a/CMDB/snmp/setup-snmp.sh b/CMDB/snmp/setup-snmp.sh new file mode 100755 index 0000000..48b55eb --- /dev/null +++ b/CMDB/snmp/setup-snmp.sh @@ -0,0 +1,32 @@ +#!/bin/bash +#Install script for snmp on all Linux systems + +if [ -f /etc/apt/sources.list ]; +then +#Install observium bits +chmod 755 /usr/bin/distro +#Pull down snmpd configuration files +wget -O /etc/default/snmpd http://txn04-slack-master.tplab.tippingpoint.com/sysmgmt/snmp/debian-default-snmpd +wget -O /etc/snmp/snmpd.conf http://txn04-slack-master.tplab.tippingpoint.com/sysmgmt/snmp/snmpd.conf +#Restart snmpd +/etc/init.d/snmpd restart + + + + +elif [ -f /etc/yum.conf ]; +then +#Fix yum.conf +wget -O /etc/yum/yum.conf http://fezzik.tplab.tippingpoint.com/yum.conf +#Install snmpd +yum -y install net-snmp +#Install observium bits +curl --silent http://txn04-slack-master.tplab.tippingpoint.com/sysmgmt/snmp/distro > /usr/bin/distro +chmod 755 /usr/bin/distro +#Pull down snmpd configuration files +wget -O /etc/snmp/snmpd.conf http://txn04-slack-master.tplab.tippingpoint.com/sysmgmt/snmp/snmpd.conf +wget -O /etc/sysconfig/snmpd.options http://txn04-slack-master.tplab.tippingpoint.com/sysmgmt/snmp/centos-snmpd.options +#Restart snmpd +/etc/init.d/snmpd restart +chkconfig snmpd on +fi diff --git a/CMDB/snmp/snmpd.conf b/CMDB/snmp/snmpd.conf new file mode 100755 index 0000000..ec1c8b3 --- /dev/null +++ b/CMDB/snmp/snmpd.conf @@ -0,0 +1,10 @@ +com2sec readonly default mng-actua1 +group MyROGroup v1 readonly +group MyROGroup v2c readonly +group MyROGroup usm readonly +view all included .1 80 +access MyROGroup "" any noauth exact all none none +syslocation Austin TX USA +syscontact techops-alerts@turnsys.com +#This line allows Observium to detect the host OS if the distro script is installed +extend .1.3.6.1.4.1.2021.7890.1 distro /usr/bin/distro diff --git a/CMDB/subnets b/CMDB/subnets new file mode 100755 index 0000000..3077989 --- /dev/null +++ b/CMDB/subnets @@ -0,0 +1,35 @@ +10.253.0.0/24 +10.253.1.0/24 +10.253.2.0/24 +10.253.3.0/24 +10.253.4.0/24 +10.253.5.0/24 +10.253.6.0/24 +10.253.7.0/24 +10.253.8.0/24 +10.253.9.0/24 +10.251.0.0/24 +10.251.1.0/24 +10.251.2.0/24 +10.251.3.0/24 +10.251.4.0/24 +10.251.5.0/24 +10.251.6.0/24 +10.251.7.0/24 +10.251.8.0/24 +10.251.9.0/24 +10.251.10.0/24 +10.251.11.0/24 +10.251.12.0/24 +10.251.13.0/24 +10.251.30.0/24 +10.251.31.0/24 +10.251.32.0/24 +10.251.33.0/24 +10.251.34.0/24 +10.251.35.0/24 +10.251.36.0/24 +10.251.37.0/24 +10.251.38.0/24 +10.251.39.0/24 +10.251.40.0/24 diff --git a/CMDB/zenossScan.sh b/CMDB/zenossScan.sh new file mode 100755 index 0000000..5b87ff7 --- /dev/null +++ b/CMDB/zenossScan.sh @@ -0,0 +1,5 @@ +#!/bin/bash +for subnet in $(cat subnets); do +zendisc run --now --monitor localhost --deviceclass /Discovered --parallel 8 --net $subnet +done + diff --git a/README b/README old mode 100644 new mode 100755 index 802992c..7e19a31 --- a/README +++ b/README @@ -1 +1,4 @@ -Hello world + +System stuff. + +More details added later, till then figure it the fuck out yourself! diff --git a/TODO.TXT b/TODO.TXT new file mode 100755 index 0000000..c5e97e9 --- /dev/null +++ b/TODO.TXT @@ -0,0 +1,70 @@ +############################################################# +Core services (BLM/S backups, logging, monitoring, security) +############################################################# + + + +#### +1) Logging backend +#### + +Setup stratum 1/2 NTP at SATX +Setup stratum 2 NTP at OVH +Fix time zones everywhere to CST +Setup security onion + + +6) Backups and storage +* Audit overall backup strategy + + Finish setup of ZFS at satx + ZFS caching +Before cache usb: +root@ausprod-linsrv:~/envmon/temper-python# ls /dev/disk/by-id/ +ata-HL-DT-ST_DVD+_-RW_GSA-H73N ata-WDC_WD10JMVW-11AJGS3_WD-WX51AB339130 ata-WDC_WD10JMVW-11AJGS3_WD-WX61A759LES4-part1 wwn-0x50014ee65b4b1bfd +ata-PLDS_DVD-ROM_DH-16D2S ata-WDC_WD10JMVW-11AJGS3_WD-WX51AB339130-part1 wwn-0x50014ee65979b8c3 wwn-0x50014ee65b4b1bfd-part1 +ata-SanDisk_SDSSDRC032G_151115401425 ata-WDC_WD10JMVW-11AJGS3_WD-WX51AB339130-part9 wwn-0x50014ee65979b8c3-part1 wwn-0x5001b44e3ac304d1 +ata-SanDisk_SDSSDRC032G_151115401425-part1 ata-WDC_WD10JMVW-11AJGS3_WD-WX61A759LES4 wwn-0x50014ee65979b8c3-part9 wwn-0x5001b44e3ac304d1-part1 +root@ausprod-linsrv:~/envmon/temper-python# + +After cache usb: +root@ausprod-linsrv:~/envmon/temper-python# ls /dev/disk/by-id +ata-HL-DT-ST_DVD+_-RW_GSA-H73N ata-WDC_WD10JMVW-11AJGS3_WD-WX51AB339130-part1 usb-MONSTER_USB_2.0_621AE5C7-0:0-part1 wwn-0x50014ee65979b8c3-part1 wwn-0x5001b44e3ac304d1-part1 +ata-PLDS_DVD-ROM_DH-16D2S ata-WDC_WD10JMVW-11AJGS3_WD-WX51AB339130-part9 usb-MONSTER_USB_2.0_FBZXXXXXXQJBR-0:0 wwn-0x50014ee65979b8c3-part9 +ata-SanDisk_SDSSDRC032G_151115401425 ata-WDC_WD10JMVW-11AJGS3_WD-WX61A759LES4 usb-MONSTER_USB_2.0_FBZXXXXXXQJBR-0:0-part1 wwn-0x50014ee65b4b1bfd +ata-SanDisk_SDSSDRC032G_151115401425-part1 ata-WDC_WD10JMVW-11AJGS3_WD-WX61A759LES4-part1 usb-MONSTER_USB_2.0_FBZXXXXXXQJBR-0:0-part2 wwn-0x50014ee65b4b1bfd-part1 +ata-WDC_WD10JMVW-11AJGS3_WD-WX51AB339130 usb-MONSTER_USB_2.0_621AE5C7-0:0 wwn-0x50014ee65979b8c3 wwn-0x5001b44e3ac304d1 +r----------------------- + + +Finish technical infrastructure: +Finish backup setup + ovh replication automation to rsync.net + linux lab server + zfs on usb drive + snapshot/replicate to rsync.net + Finalize laptop data cleanup/backup + +Finish monitoring setup + Zenoss + OVH + +Security - full lockdown / baseline +===Pen test=== +http://resources.infosecinstitute.com/pentesting-distributions-and-installer-kits-for-your-raspberry-pi/ + Setup all jimmyraypurser blog post security tools + Setup metasploit/armitage/openvas + Setup warvox + +===Setup PIV using CA=== +https://technet.microsoft.com/en-us/library/ff829847(v=ws.10).aspx +https://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml +http://sourceforge.net/projects/opensc/files/OpenSC/opensc-0.14.0/ +https://technet.microsoft.com/en-us/library/ +http://blogs.technet.com/b/pki/archive/2012/03/14/hspd-12-logical-access-authentication-and-2008-active-directory-domains-on-download-center.aspx + +https://github.com/dejavusecurity/OutlookPrivacyPlugin +https://blog.josefsson.org/2014/06/23/offline-gnupg-master-key-and-subkeys-on-yubikey-neo-smartcard/ +http://blog.mailgun.com/security-guide-basic-infrastructure-security/ +http://viccuad.me/blog/secure-yourself-part-1-airgapped-computer-and-GPG-smartcards +https://trmm.net/Yubikey \ No newline at end of file diff --git a/bare-metal/interfaces-fnfDedi b/bare-metal/interfaces-fnfDedi new file mode 100755 index 0000000..017978d --- /dev/null +++ b/bare-metal/interfaces-fnfDedi @@ -0,0 +1,293 @@ +#This file is fairly long and complex. Don't change it unless you know what you are doing. +#And if you aren't Charles Wyble, you don't know what your doing in this context. Trust me. + + +# The loopback network interface +auto lo +iface lo inet loopback + + +#First we create the bonded interfaces for high availabilty: + + +########################################################################################### +#First bond here (eth0/1 ha pair) +########################################################################################### + +auto eth0 + allow-bond0 eth0 + +iface eth0 inet manual + bond-master bond0 + +auto eth1 + allow-bond0 eth1 + +iface eth1 inet manual + bond-master bond0 + +auto bond0 +iface bond0 inet manual + post-up ifconfig $IFACE up + pre-down ifconfig $IFACE down + bond-slaves none + bond-mode active-backup + bond-miimon 100 + bond-downdelay 200 + bond-updelay 100 + dns-nameservers 208.67.222.222 208.67.220.220 + +########################################################################################### +#Second bond here (eth2/3 ha pair) +########################################################################################### + +auto eth2 + allow-bond1 eth2 + +iface eth2 inet manual + bond-master bond1 + +auto eth3 + allow-bond1 eth3 + +iface eth3 inet manual + bond-master bond1 + +auto bond1 + +iface bond1 inet manual + post-up ifconfig $IFACE up + pre-down ifconfig $IFACE down + bond-slaves none + bond-mode active-backup + bond-miimon 100 + bond-downdelay 200 + bond-updelay 100 + dns-nameservers 208.67.222.222 208.67.220.220 + +########################################################################################### +#Interface defintions # +########################################################################################### + +########################################################################################### +#Backend MGMT interface (used for overall management network, physical devices) # +########################################################################################### +auto bond0.2 + iface bond0.2 inet manual + post-up ifconfig $IFACE up + pre-down ifconfig $IFACE down + vlan-raw-device bond0 + +auto br2 +iface br2 inet static + address 10.250.2.3 + netmask 255.255.255.0 + gateway 10.250.2.1 + bridge_ports bond0.2 + bridge_stp off + bridge_fd 0 + bridge_maxwait 0 + +########################################################################################### +#Backend FNF interface (used for FNF management network). For now all virtual machines # +########################################################################################### +auto bond0.4 + iface bond0.4 inet manual + post-up ifconfig $IFACE up + pre-down ifconfig $IFACE down + vlan-raw-device bond0 + +auto br4 +iface br4 inet static + address 10.250.4.3 + netmask 255.255.255.0 + gateway 10.250.4.1 + bridge_ports bond0.4 + bridge_stp off + bridge_fd 0 + bridge_maxwait 0 + +########################################################################################### +#Frontend FNF interface (used for internet traffic) # +########################################################################################### +auto bond1.5 + iface bond1.5 inet manual + post-up ifconfig $IFACE up + pre-down ifconfig $IFACE down + vlan-raw-device bond1 + +auto br5 +iface br5 inet static + address 10.250.5.3 + netmask 255.255.255.0 + gateway 10.250.5.1 + bridge_ports bond1.5 + bridge_stp off + bridge_fd 0 + bridge_maxwait 0 + + +########################################################################################### +#Backend infra interface (used for shared infra services like DNS) +########################################################################################### +auto bond0.6 + iface bond0.6 inet manual + post-up ifconfig $IFACE up + pre-down ifconfig $IFACE down + vlan-raw-device bond0 + +auto br6 +iface br6 inet static + address 10.250.6.3 + netmask 255.255.255.0 + gateway 10.250.6.1 + bridge_ports bond0.6 + bridge_stp off + bridge_fd 0 + bridge_maxwait 0 + +########################################################################################### +#Backend www interface (used for www management network) # +########################################################################################### +auto bond0.8 + iface bond0.8 inet manual + post-up ifconfig $IFACE up + pre-down ifconfig $IFACE down + vlan-raw-device bond0 + +auto br8 +iface br8 inet static + address 10.250.8.3 + netmask 255.255.255.0 + gateway 10.250.8.1 + bridge_ports bond0.8 + bridge_stp off + bridge_fd 0 + bridge_maxwait 0 + +########################################################################################### +#Frontend www interface (used for www external network) # +########################################################################################### + +auto bond1.9 + iface bond1.9 inet manual + post-up ifconfig $IFACE up + pre-down ifconfig $IFACE down + vlan-raw-device bond1 + +auto br9 +iface br9 inet static + address 10.250.9.3 + netmask 255.255.255.0 + gateway 10.250.9.1 + bridge_ports bond1.9 + bridge_stp off + bridge_fd 0 + bridge_maxwait 0 + +########################################################################################### +#IMW backend interface # +########################################################################################### + +auto bond0.54 + iface bond0.54 inet manual + post-up ifconfig $IFACE up + pre-down ifconfig $IFACE down + vlan-raw-device bond1 + +auto br54 +iface br54 inet static + address 10.250.54.3 + netmask 255.255.255.0 + gateway 10.250.54.1 + bridge_ports bond0.54 + bridge_stp off + bridge_fd 0 + +########################################################################################### +#AutoTunnel interfaces # +########################################################################################### + +#Management +auto bond0.88 + iface bond0.88 inet manual + post-up ifconfig $IFACE up + pre-down ifconfig $IFACE down + vlan-raw-device bond1 + +auto br88 +iface br88 inet static + address 10.250.88.3 + netmask 255.255.255.0 + gateway 10.250.88.1 + bridge_ports bond0.88 + bridge_stp off + bridge_fd 0 + +#Inline +auto bond0.89 + iface bond0.89 inet manual + post-up ifconfig $IFACE up + pre-down ifconfig $IFACE down + vlan-raw-device bond1 + +auto br89 +iface br89 inet static + address 10.250.89.3 + netmask 255.255.255.0 + gateway 10.250.89.1 + bridge_ports bond0.89 + bridge_stp off + bridge_fd 0 + +#Isolation +auto bond0.90 + iface bond0.90 inet manual + post-up ifconfig $IFACE up + pre-down ifconfig $IFACE down + vlan-raw-device bond1 + +auto br90 +iface br90 inet static + address 10.250.90.3 + netmask 255.255.255.0 + gateway 10.250.90.1 + bridge_ports bond0.90 + bridge_stp off + bridge_fd 0 + +#Registration +auto bond0.91 + iface bond0.91 inet manual + post-up ifconfig $IFACE up + pre-down ifconfig $IFACE down + vlan-raw-device bond1 + +auto br91 +iface br91 inet static + address 10.250.91.3 + netmask 255.255.255.0 + gateway 10.250.91.1 + bridge_ports bond0.91 + bridge_stp off + bridge_fd 0 + +########################################################################################### +#KNEL backend interface # +########################################################################################### + +auto bond0.24 + iface bond0.24 inet manual + post-up ifconfig $IFACE up + pre-down ifconfig $IFACE down + vlan-raw-device bond0 + +auto br24 +iface br24 inet static + address 10.250.24.3 + netmask 255.255.255.0 + gateway 10.250.24.1 + bridge_ports bond0.24 + bridge_stp off + bridge_fd 0 + bridge_maxwait 0 diff --git a/bare-metal/interfaces-tsysDedi b/bare-metal/interfaces-tsysDedi new file mode 100644 index 0000000..d8ff37c --- /dev/null +++ b/bare-metal/interfaces-tsysDedi @@ -0,0 +1,169 @@ +# This file describes the network interfaces available on your system +# and how to activate them. For more information, see interfaces(5). + +# The loopback network interface +auto lo +iface lo inet loopback + +auto eth0 +iface eth0 inet manual + + +########################################################################## +#WAN bridge - non ovs, physical interface +########################################################################## +auto brWan +iface brWan inet static + address 158.69.225.97 + netmask 255.255.255.0 + network 158.69.225.0 + broadcast 158.69.225.255 + gateway 158.69.225.254 + bridge_ports eth0 + bridge_stp off + bridge_fd 0 + bridge_hello 2 + bridge_maxage 12 + +#Routing network +#10.253.0.0/24 + +#No VLAN1 obviously, what do you think this is? A holiday inn? + +########################################################################## +#bare metal net vlan2 goes nowhere just provides isolation +########################################################################## +auto baremetal +allow-ovs baremetal +iface baremetal inet static + address 10.253.44.2 + netmask 255.255.255.0 + ovs_type OVSBridge + ovs_ports vlan2 + +allow-baremetal vlan2 +iface vlan2 inet manual + ovs_bridge baremetal + ovs_type OVSIntPort + ovs_options tag=2 + +########################################################################## +#mgmt net vlan3 +########################################################################## +auto mgmt +allow-ovs mgmt +iface mgmt inet static + address 10.253.3.2 + netmask 255.255.255.0 + ovs_type OVSBridge + ovs_ports vlan3 + +allow-mgmt vlan3 +iface vlan3 inet manual + ovs_bridge mgmt + ovs_type OVSIntPort + ovs_options tag=3 + +########################################################################## +#asn2net net vlan4 +########################################################################## +auto asn2net +allow-ovs asn2net +iface asn2net inet static + address 10.253.4.2 + netmask 255.255.255.0 + ovs_type OVSBridge + ovs_ports vlan4 + +allow-asn2net vlan4 +iface vlan4 inet manual + ovs_bridge asn2net + ovs_type OVSIntPort + ovs_options tag=4 + +########################################################################## +#S2l net vlan5 +########################################################################## +auto s2l +allow-ovs s2l +iface s2l inet static + address 10.253.5.2 + netmask 255.255.255.0 + ovs_type OVSBridge + ovs_ports vlan5 + +allow-s2l vlan5 +iface vlan5 inet manual + ovs_bridge s2l + ovs_type OVSIntPort + ovs_options tag=5 + + +########################################################################## +#rackrental net vlan6 +########################################################################## +auto rackrental +allow-ovs rackrental +iface rackrental inet static + address 10.253.6.2 + netmask 255.255.255.0 + ovs_type OVSBridge + ovs_ports vlan6 + +allow-rackrental vlan6 +iface vlan6 inet manual + ovs_bridge rackrental + ovs_type OVSIntPort + ovs_options tag=6 + + +########################################################################## +#fnf net vlan7 +########################################################################## +auto fnf +allow-ovs fnf +iface fnf inet static + address 10.253.7.2 + netmask 255.255.255.0 + ovs_type OVSBridge + ovs_ports vlan7 + +allow-fnf vlan7 +iface vlan7 inet manual + ovs_bridge fnf + ovs_type OVSIntPort + ovs_options tag=7 + +########################################################################## +#knel net vlan8 +########################################################################## +auto knel +allow-ovs knel +iface knel inet static + address 10.253.8.2 + netmask 255.255.255.0 + ovs_type OVSBridge + ovs_ports vlan8 + +allow-knel vlan8 +iface vlan8 inet manual + ovs_bridge knel + ovs_type OVSIntPort + ovs_options tag=8 + +########################################################################## +#tsys net vlan9 +########################################################################## +auto tsys +allow-ovs tsys +iface tsys inet static + address 10.253.9.2 + netmask 255.255.255.0 + ovs_type OVSBridge + ovs_ports vlan9 + +allow-tsys vlan9 +iface vlan9 inet manual + ovs_bridge tsys + ovs_type OVSIntPort + ovs_options tag=9 diff --git a/lab/LICENSE b/lab/LICENSE new file mode 100755 index 0000000..ef7e7ef --- /dev/null +++ b/lab/LICENSE @@ -0,0 +1,674 @@ +GNU GENERAL PUBLIC LICENSE + Version 3, 29 June 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU General Public License is a free, copyleft license for +software and other kinds of works. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +the GNU General Public License is intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. We, the Free Software Foundation, use the +GNU General Public License for most of our software; it applies also to +any other work released this way by its authors. You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + To protect your rights, we need to prevent others from denying you +these rights or asking you to surrender the rights. Therefore, you have +certain responsibilities if you distribute copies of the software, or if +you modify it: responsibilities to respect the freedom of others. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must pass on to the recipients the same +freedoms that you received. You must make sure that they, too, receive +or can get the source code. And you must show them these terms so they +know their rights. + + Developers that use the GNU GPL protect your rights with two steps: +(1) assert copyright on the software, and (2) offer you this License +giving you legal permission to copy, distribute and/or modify it. + + For the developers' and authors' protection, the GPL clearly explains +that there is no warranty for this free software. For both users' and +authors' sake, the GPL requires that modified versions be marked as +changed, so that their problems will not be attributed erroneously to +authors of previous versions. + + Some devices are designed to deny users access to install or run +modified versions of the software inside them, although the manufacturer +can do so. This is fundamentally incompatible with the aim of +protecting users' freedom to change the software. The systematic +pattern of such abuse occurs in the area of products for individuals to +use, which is precisely where it is most unacceptable. Therefore, we +have designed this version of the GPL to prohibit the practice for those +products. If such problems arise substantially in other domains, we +stand ready to extend this provision to those domains in future versions +of the GPL, as needed to protect the freedom of users. + + Finally, every program is threatened constantly by software patents. +States should not allow patents to restrict development and use of +software on general-purpose computers, but in those that do, we wish to +avoid the special danger that patents applied to a free program could +make it effectively proprietary. To prevent this, the GPL assures that +patents cannot be used to render the program non-free. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Use with the GNU Affero General Public License. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU Affero General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the special requirements of the GNU Affero General Public License, +section 13, concerning interaction through a network will apply to the +combination as such. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + {one line to give the program's name and a brief idea of what it does.} + Copyright (C) {year} {name of author} + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + + If the program does terminal interaction, make it output a short +notice like this when it starts in an interactive mode: + + {project} Copyright (C) {year} {fullname} + This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, your program's commands +might be different; for a GUI interface, you would use an "about box". + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU GPL, see +. + + The GNU General Public License does not permit incorporating your program +into proprietary programs. If your program is a subroutine library, you +may consider it more useful to permit linking proprietary applications with +the library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. But first, please read +. diff --git a/lab/README b/lab/README new file mode 100755 index 0000000..e69de29 diff --git a/lab/README.md b/lab/README.md new file mode 100755 index 0000000..630f72f --- /dev/null +++ b/lab/README.md @@ -0,0 +1,31 @@ +FNF Lab +======= + + +Introduction +------------ + +This repository contains +* configuration files +* hack notes etc +* helper scripts +* test suites for FreedomStack + +related to the FNF R&D lab. + +FNF R&D Lab overview +-------------------- + +The lab consists of various bits of network gear to support development of the FreedomStack and educating a new generation of "net ninjas". You can +find comprehensive documentation on the lab on the FNF wiki: + +https://commons.thefnf.org/index.php/FNF_Lab + + +File/directory overview +----------------------- + +* lab_aliases is a set of shell aliases for all the lab hosts. Add it to your shell config and have easy access to all lab systems. It needs a couple + tweaks at the top for your FNFLAB username and private SSH keypath. + +* docs is for things not on the wiki. Network and rack diagrams mostly diff --git a/lab/docs/Joes-logical b/lab/docs/Joes-logical new file mode 100755 index 0000000..ec09e18 --- /dev/null +++ b/lab/docs/Joes-logical @@ -0,0 +1,80 @@ +nwdiag { + +//Upstream space (gateways,partner networks etc) + +network "JoesDataCenter Upstream" { + JoesWanGateway [shape = cloud ] address = "96.43.139.113"; + address = "96.43.139.113/28"; +} + +network "Wan edge - public" { + group wan-edge-outside { + wan01-public [shape = cloud ] [ address = "96.43.139.115"]; + wan02-public [shape = cloud ] [ address = "96.43.139.116"]; + } +} + +// Intra network links +JoesWanGateway -- wan01-public; +wan01 -- sw01; + +// Networks under our administrative control. +// Using a standardized scheme of: site name, local vlan, description + +network "Joes - VLAN 2 - Physical Systems" { + address = "10.250.2.0/24"; + + group wan-edge-inside { + wan01 [ address = "10.250.2.x" ] + wan02 [ address = "10.250.2.x" ] + } + + group switches { + sw01 [address = "10.250.2.25"]; + sw02 [address = "10.250.2.75"]; + } + + group lxc-vm-hosts { + vm01 [address = "10.250.2.3"]; + vm02 [address = "10.250.2.5"]; + } + + group zfs-storage-nodes { + stor01 [address = "10.250.2.70"]; + stor02 [address = "10.250.2.75"]; + } + + } + +network "Joes - VLAN 4 - Production Virtual Machines" { + address = "10.250.4.0/24"; + + group www { + lamplb [ address = "10.250.4.38" ]; + lamppublic [ address = "10.250.4.40" ]; + lampenterprise [ address = "10.250.4.37" ]; + chili [ address = "10.250.4.32" ]; + askbot [ address = "10.250.4.72" ]; + gus [ address = "10.250.4.74" ]; + } + + group coreinfra { + dns [ address = "10.250.6.5" ]; + ldap [ address = "10.250.4.54" ]; + autonoc [ address = "10.250.4.39" ]; + sql [ address = "10.250.4.53" ]; + } + + group comms { + mail [ address = "10.250.4.73" ]; + irc [ address = "10.250.4.63" ]; + } + + + } + +//network "FNF KC - Development Virtual Machines - Management network - VLAN(x) { +// +//} + +} diff --git a/lab/docs/Joes-logical.png b/lab/docs/Joes-logical.png new file mode 100755 index 0000000..428ce4d Binary files /dev/null and b/lab/docs/Joes-logical.png differ diff --git a/lab/docs/Lab-physical b/lab/docs/Lab-physical new file mode 100755 index 0000000..6bf85dd --- /dev/null +++ b/lab/docs/Lab-physical @@ -0,0 +1,126 @@ +rackdiag { + +//r1 + rack { + 42U; + description = "R1 - Fully enclosed cabinet, holds all cisco routers/switches.)"; + 42: + 41: + 40: + 39: + 38: + 37: + 36: + 35: + 34: + 33: + 32: + 31: + 30: + 29: + 28: + 27: + 26: + 25: + 24: + 23: + 22: + 21: + 20: + 19: + 18: + 17: + 16: + 15: + 14: + 13: + 12: + 11: + 10: + 09: + 08: + 07: + 06: + 05: + 04: + 03: + 02: + 01: + } + +//r2 + rack { + 42U; + description = "R2 - Fully enclosed cabinet, holds all the prod gear.)"; + 42: N/A + 41: unmanaged pdu + 40: pdu01 + 39: pdu02 + 38: devrtr02 mikrotik + 37: devrtr01 ubiquiti edge router + 36: devsw04 Cisco 3500 poe + 35: devsw01 Cisco 2950 + 34: devsw02 Cisco 2950 + 33: devsw03 Cisco 3500 + 32: labsw01 Dell PowerConnect + 31: switch patch panel + 30: devrtr03 Cisco ISR 1841 + 29: devrtr04 Cisco ISR 1841 + 28: labcon01 ACS48 + 27: console server patch panel + 26: devrtr06 Cisco 26xx + 25: devsw05 Cisco 2948G + 24: devsw05 Cisco 2948G + 23: devrtr07 Cisco 3640 + 22: devrtr07 Cisco 3640 + 21: available slot + 20: available slot + 19: devrtr08 (firebox) devrtr05 (pix 501) + 18: available slot + 17: available slot + 16: ups fsrtr01 + 15: devrtr09 (6500) + 14: devrtr09 + 13: devrtr09 + 12: devrtr09 + 11: devrtr09 + 10: devrtr09 + 09: devrtr09 + 08: devrtr09 + 07: devrtr09 + 06: devrtr09 + 05: devrtr09 + 04: devrtr09 + 03: devrtr09 + } + + +//r3 + rack { + 24U; + description = "R3 - Skeltek 2 post, holds client end points"; + 24: + 23: + 22: + 21: + 20: + 19: + 18: + 17: + 16: + 15: + 14: + 13: + 12: + 11: + 10: + 09: + 08: + 07: + 06: + 05: + 04: + 03: + 02: + 01: + } diff --git a/lab/docs/LabLogical-Backbone b/lab/docs/LabLogical-Backbone new file mode 100755 index 0000000..2c0227c --- /dev/null +++ b/lab/docs/LabLogical-Backbone @@ -0,0 +1,59 @@ +nwdiag { + network OVH_TRANSIT_WAN { + address = "192.168.204.0/30" + ovh-wanrtr [ address = ".1"]; + ausprod-coreap01-vpnwan [ address = ".2"]; + } + + group ovhtransitwan { + ovh-wanrtr + ausprod-coreap01-vpnwan + } + + + network ATT_UVERSE_LAN { + address = "192.168.1.0/24"; + + group attuverselan { + ausprod-coreap01-wan [address = ".253"]; + } + } + + network TURNSYS_TRANSIT_LAN { + address = "192.168.2.0/24"; + ausprod-coreap01-lan [address = ".1"]; + ausprod-coresw01 [address = ".22"]; + auslab-labrtr-wan [address = ".21"]; + + group turnsystransitlan { + ausprod-coreap01-lan; + ausprod-coresw01; + auslab-labrtr-wan; + } + } + + network TURNSYS_MGMT_LAN { + address = "10.251.2.0/24"; + auslab-labrtr-mgmtgw [ address = ".254"]; + auslab-ips [ address = ".97"]; + auslab-labsw01 [ address = ".2"]; + auslab-labsw02 [ address = ".4"]; + auslab-labsw03 [ address = ".5"]; + auslab-labcon01 [ address = ".3"]; + auslab-linsrv [ address = ".99"]; + auslab-winsrv [ address = ".98"]; + + group turnsysmgmtlan-vlan2 { + auslab-labrtr-mgmtgw; + auslab-ips + auslab-labsw01; + auslab-labsw02; + auslab-labsw03; + auslab-labcon01; + auslab-linsrv + auslab-winsrv + } + } + +} + diff --git a/lab/docs/LabLogical-Backbone.png b/lab/docs/LabLogical-Backbone.png new file mode 100755 index 0000000..a92ca94 Binary files /dev/null and b/lab/docs/LabLogical-Backbone.png differ diff --git a/lab/docs/LabLogical-Devices b/lab/docs/LabLogical-Devices new file mode 100755 index 0000000..50ce7a0 --- /dev/null +++ b/lab/docs/LabLogical-Devices @@ -0,0 +1,103 @@ +nwdiag { + + network TURNSYS_AP_LAN { + address = "10.251.3.0/24"; + auslab-labrtr-apgw [ address = ".254"]; + auslab-ap01 [ address = ".1"]; + auslab-ap02 [ address = ".2"]; + auslab-ap03 [ address = ".3"]; + auslab-ap04 [ address = ".4"]; + auslab-ap05 [ address = ".5"]; + auslab-ap06 [ address = ".6"]; + auslab-ap07 [ address = ".7"]; + auslab-ap08 [ address = ".8"]; + auslab-ap09 [ address = ".9"]; + auslab-ap10 [ address = ".10"]; + auslab-ap11 [ address = ".11"]; + auslab-ap12 [ address = ".12"]; + + group turnsysaplan-vlan3 { + auslab-labrtr-apgw; + auslab-ap01; + auslab-ap02; + auslab-ap03; + auslab-ap04; + auslab-ap05; + auslab-ap06; + auslab-ap07; + auslab-ap08; + auslab-ap09; + auslab-ap10; + auslab-ap11; + auslab-ap12; + } + } + + network TURNSYS_SWITCH_LAN { + address = "10.251.4.0/24"; + auslab-labrtr-switchgw [ address = ".254"]; + auslab-sw01 [ address = ".1"]; + auslab-sw02 [ address = ".2"]; + auslab-sw03 [ address = ".3"]; + auslab-sw05 [ address = ".5"]; + auslab-sw06 [ address = ".6"]; + auslab-sw07 [ address = ".7"]; + + group turnsysswitchlan-vlan4 { + auslab-labrtr-switchgw; + auslab-sw01; + auslab-sw02; + auslab-sw03; + auslab-sw05; + auslab-sw06; + auslab-sw07; + } + } + + network TURNSYS_VOIP_LAN{ + address = "10.251.5.0/24"; + auslab-labrtr-voipgw [ address = ".254"]; + + group turnsysvoip-vlan5 { + auslab-labrtr-voipgw; + } + } + + network TURNSYS_ROUTER_LAN{ + address = "10.251.6.0/24"; + auslab-labrtr-routergw [ address = ".254"]; + + group turnsysrouter-vlan6 { + auslab-labrtr-routergw; + } + } + + network TURNSYS_IPTV_LAN{ + address = "10.251.7.0/24"; + auslab-labrtr-iptvgw [ address = ".254"]; + + group turnsysiptv-vlan7 { + auslab-labrtr-iptvgw; + } + } + + network TURNSYS_PEANUTGALLERY_LAN{ + address = "10.251.8.0/24"; + auslab-labrtr-pggw [ address = ".254"]; + + group turnsyspg-vlan8 { + auslab-labrtr-pggw; + } + } + + network TURNSYS_MALZOO_LAN{ + address = "10.251.12.0/24"; + auslab-labrtr-malgw [ address = ".254"]; + + group turnsyspg-vlan12 { + auslab-labrtr-malgw; + } + } + +} + diff --git a/lab/docs/LabLogical-Devices.png b/lab/docs/LabLogical-Devices.png new file mode 100755 index 0000000..9b84123 Binary files /dev/null and b/lab/docs/LabLogical-Devices.png differ diff --git a/lab/vagrant/Vagrantfile b/lab/vagrant/Vagrantfile new file mode 100755 index 0000000..d427347 --- /dev/null +++ b/lab/vagrant/Vagrantfile @@ -0,0 +1,88 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +# Vagrantfile API/syntax version. Don't touch unless you know what you're doing! +VAGRANTFILE_API_VERSION = "2" + +# Convenience function for running Postgres commands. Accesses via temporarily-linked container. +def postgres(cmd) + "docker run --rm --link postgres:postgres -u postgres postgres:9.3 #{cmd}" +end + +Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| + + # All Vagrant configuration is done here. The most common configuration + # options are documented and commented below. For a complete reference, + # please see the online documentation at vagrantup.com. + + # Create a private network, which allows host-only access to the machine + # using a specific IP. + # config.vm.network "private_network", ip: "192.168.33.10" + + # Create a public network, which generally matched to bridged network. + # Bridged networks make the machine appear as another physical device on + # your network. + # config.vm.network "public_network" + + # If true, then any SSH connections made will enable agent forwarding. + # Default value: false + # config.ssh.forward_agent = true + + # Share an additional folder to the guest VM. The first argument is + # the path on the host to the actual folder. The second argument is + # the path on the guest to mount the folder. And the optional third + # argument is a set of non-required options. + # config.vm.synced_folder "../data", "/vagrant_data" + + # Provider-specific configuration so you can fine-tune various + # backing providers for Vagrant. These expose provider-specific options. + # Example for VirtualBox: + # + config.vm.provider "virtualbox" do |vb| + # # Don't boot with headless mode + # vb.gui = true + # + # # Use VBoxManage to customize the VM. For example to change memory: + # vb.customize ["modifyvm", :id, "--memory", "1024"] + vb.memory = 1024 + end + # + # View the documentation for the provider you're using for more + # information on available options. # Enable provisioning with CFEngine. CFEngine Community packages are + + config.vm.define :hearth do |hearth| + + hearth.vm.box = "ubuntu/trusty64" + + hearth.vm.hostname = "hearth" + + hearth.vm.network :forwarded_port, guest: 80, host: 8080 + + hearth.vm.provision :docker do |d| + d.pull_images "postgres:9.3" + d.build_image "/vagrant/docker/thefnf/freeradius", args: "-t thefnf/freeradius" + d.build_image "/vagrant/docker/thefnf/odoo", args: "-t thefnf/odoo" + d.run "thefnf/freeradius", args: "--name radius -p :1813:1813 -p :1863:1863" + d.run "postgres:9.3", args: "--name postgres" + end + + hearth.vm.provision :shell, inline: """ + sleep 5 # Give Postgres a chance to start + #{postgres("psql -h postgres -c \"CREATE USER odoo WITH UNENCRYPTED PASSWORD 'password' CREATEDB;\"")} + """ + + hearth.vm.provision :docker do |d| + d.run "thefnf/odoo", args: "--name odoo --link postgres:postgres -p :80:8069" + end + + end + + config.vm.define :freedomlink do |fl| + + fl.vm.box = "box-cutter/debian76" + + fl.vm.hostname = "freedomlink" + + end + +end \ No newline at end of file diff --git a/lab/vagrant/docker/thefnf/freeradius/Dockerfile b/lab/vagrant/docker/thefnf/freeradius/Dockerfile new file mode 100755 index 0000000..f3a1430 --- /dev/null +++ b/lab/vagrant/docker/thefnf/freeradius/Dockerfile @@ -0,0 +1,6 @@ +FROM ubuntu:14.04 +EXPOSE 1813 1863 +RUN apt-get update && \ + apt-get upgrade -y && \ + apt-get install -y freeradius +CMD freeradius -f \ No newline at end of file diff --git a/lab/vagrant/docker/thefnf/freeside/Dockerfile b/lab/vagrant/docker/thefnf/freeside/Dockerfile new file mode 100755 index 0000000..7828ad9 --- /dev/null +++ b/lab/vagrant/docker/thefnf/freeside/Dockerfile @@ -0,0 +1,55 @@ +FROM debian:7 +ENV VERSION 3.3 +RUN echo deb http://freeside.biz/~ivan/freeside-wheezy/ ./ >/etc/apt/sources.list.d/freeside.list && \ + apt-get update && \ + apt-get upgrade -y && \ + apt-get install -y --force-yes --no-install-recommends adduser apache2 apache2-mpm-prefork apache2-utils curl gcc gnupg ghostscript gsfonts gzip latex-xcolor \ + less libapache-dbi-perl libapache2-mod-perl2 libapache2-request-perl libapache-session-perl \ + libbusiness-creditcard-perl libcache-cache-perl libcache-simple-timedexpiry-perl libchart-perl \ + libclass-container-perl libclass-data-inheritable-perl libclass-returnvalue-perl libcolor-scheme-perl \ + libio-compress-perl libconvert-binhex-perl libcrypt-passwdmd5-perl libcrypt-ssleay-perl libcss-squish-perl \ + libdate-manip-perl libdbd-mysql-perl libdbd-pg-perl libdbi-perl libdbix-dbschema-perl libdbix-searchbuilder-perl \ + libdevel-stacktrace-perl libdevel-symdump-perl liberror-perl libexception-class-perl \ + libfile-counterfile-perl libfile-rsync-perl libfont-afm-perl libfreezethaw-perl libfrontier-rpc-perl \ + libgd-gd2-perl libgd-graph-perl libgd2-xpm libhtml-format-perl libhtml-mason-perl libhtml-parser-perl \ + libhtml-scrubber-perl libhtml-tagset-perl libhtml-tree-perl libhtml-widgets-selectlayers-perl libio-stringy-perl \ + libipc-run-perl libipc-run3-perl libipc-sharelite-perl libjavascript-rpc-perl libjson-perl \ + liblingua-en-inflect-perl liblingua-en-nameparse-perl liblocale-gettext-perl liblocale-maketext-fuzzy-perl \ + liblocale-maketext-lexicon-perl liblocale-subcountry-perl liblog-dispatch-perl libmailtools-perl libmime-tools-perl \ + libmodule-versions-report-perl libnet-daemon-perl libnet-ping-external-perl libnet-scp-perl libnet-ssh-perl \ + libnet-whois-raw-perl libnetaddr-ip-perl libnumber-format-perl libpam-modules libpam-runtime libpaper-utils \ + libparams-validate-perl libparse-recdescent-perl libpcre3 libpg-perl libregexp-common-perl \ + libspreadsheet-writeexcel-perl libstring-approx-perl libstring-shellquote-perl libterm-readkey-perl \ + libtest-inline-perl libtext-autoformat-perl libtext-charwidth-perl libtext-csv-perl libtext-csv-xs-perl libtext-iconv-perl \ + libtext-quoted-perl libtext-reform-perl libtext-template-perl libtext-wrapi18n-perl libtext-wrapper-perl \ + libtie-ixhash-perl libtime-duration-perl libtime-modules-perl libtimedate-perl libtree-simple-perl \ + libuniversal-require-perl liburi-perl libwant-perl libwww-perl libxml-parser-perl libyaml-perl lmodern make \ + perl perl-base perl-modules texlive \ + texlive-latex-extra texinfo traceroute ttf-bitstream-vera ttf-dustin ucf zlib1g \ + libdatetime-perl libdatetime-format-strptime-perl libfile-slurp-perl libspreadsheet-parseexcel-perl \ + libauthen-passphrase-perl libnet-domain-tld-perl libbusiness-us-usps-webtools-perl libxml-simple-perl \ + libemail-sender-perl libemail-sender-transport-smtp-tls-perl libemail-sender-perl \ + libemail-sender-transport-smtp-tls-perl libhtml-defang-perl libdatetime-format-natural-perl libcgi-pm-perl \ + libfile-sharedir-perl libmodule-versions-report-perl libtext-wikiformat-perl libnet-server-perl \ + libhttp-server-simple-perl libhtml-rewriteattributes-perl libmime-types-perl libperlio-eol-perl \ + libgnupg-interface-perl libdata-ical-perl libcalendar-simple-perl libdatetime-set-perl \ + libhook-lexwrap-perl libhttp-server-simple-mason-perl libxml-rss-perl libipc-run-safehandles-perl libpoe-perl \ + libsoap-lite-perl libhtml-tableextract-perl libhtml-element-extended-perl libcam-pdf-perl libgd-barcode-perl \ + libnet-openssh-perl libgeo-coder-googlev3-perl libgeo-googleearth-pluggable-perl libnet-snmp-perl \ + libcrypt-openssl-rsa-perl libpdf-webkit-perl wkhtmltopdf xvfb \ + sam2p psmisc libsys-sigaction-perl liblog-dispatch-perl libconvert-color-perl libdate-simple-perl libemail-valid-perl \ + libencode-perl libexcel-writer-xlsx-perl libhtml-mason-psgihandler-perl libhtml-quoted-perl libio-string-perl \ + libregexp-common-net-cidr-perl libregexp-ipv6-perl libsnmp-perl libtext-password-pronounceable-perl \ + libparse-fixedlength-perl && \ + cd /usr/src && \ + curl http://www.freeside.biz/freeside/freeside-$VERSION.tar.gz |tar xz && \ + adduser freeside --system --group --shell /bin/bash && \ + rm -rf /var/www/* +ADD Makefile /usr/src/freeside-$VERSION/Makefile +RUN cd /usr/src/freeside-$VERSION && \ + make perl-modules && \ + make install-perl-modules && \ + make create-config && \ + make install-docs && \ + make install-apache +USER freeside \ No newline at end of file diff --git a/lab/vagrant/docker/thefnf/freeside/Makefile b/lab/vagrant/docker/thefnf/freeside/Makefile new file mode 100755 index 0000000..5d7dec7 --- /dev/null +++ b/lab/vagrant/docker/thefnf/freeside/Makefile @@ -0,0 +1,468 @@ +#!/usr/bin/make + +#solaris and perhaps other very weirdass /bin/sh +#SHELL="/bin/ksh" + +DB_TYPE = Pg +#DB_TYPE = mysql + +DB_USER = freeside +DB_PASSWORD=password + +DATASOURCE = DBI:${DB_TYPE}:dbname=freeside;host=postgres + +#changable now (some things which should go to the others still go to CONF) +FREESIDE_CONF = /usr/local/etc/freeside +FREESIDE_LOG = /usr/local/etc/freeside +FREESIDE_LOCK = /usr/local/etc/freeside +FREESIDE_CACHE = /usr/local/etc/freeside +FREESIDE_EXPORT = /usr/local/etc/freeside + +MASON_HANDLER = ${FREESIDE_CONF}/handler.pl +MASONDATA = ${FREESIDE_CACHE}/masondata + +#where to put the default configuraiton used by freeside-setup to initialize +#a new database (not used after that). primarily of interest to distro +#package maintainers +DIST_CONF = ${FREESIDE_CONF}/default_conf + +#deb +FREESIDE_DOCUMENT_ROOT = /var/www +#redhat, fedora, mandrake +#FREESIDE_DOCUMENT_ROOT = /var/www/html/freeside +#freebsd +#FREESIDE_DOCUMENT_ROOT = /usr/local/www/data/freeside +#openbsd +#FREESIDE_DOCUMENT_ROOT = /var/www/htdocs/freeside +#suse +#FREESIDE_DOCUMENT_ROOT = /srv/www/htdocs/freeside +#apache +#FREESIDE_DOCUMENT_ROOT = /usr/local/apache/htdocs/freeside + +#deb, redhat, fedora, mandrake, suse, others? +INIT_FILE = /etc/init.d/freeside +#freebsd +#INIT_FILE = /usr/local/etc/rc.d/011.freeside.sh + +#deb +INIT_INSTALL = PATH=$PATH:/sbin /usr/sbin/update-rc.d freeside defaults 23 01 +#redhat, fedora +#INIT_INSTALL = /sbin/chkconfig freeside on +#not necessary (freebsd) +#INIT_INSTALL = /usr/bin/true + +#deb, suse +#HTTPD_RESTART = /etc/init.d/apache restart +#deb w/apache2 +HTTPD_RESTART = /etc/init.d/apache2 restart +#redhat, fedora, mandrake +#HTTPD_RESTART = /etc/init.d/httpd restart +#freebsd +#HTTPD_RESTART = /usr/local/etc/rc.d/apache.sh stop || true; sleep 10; /usr/local/etc/rc.d/apache.sh start +#openbsd +#HTTPD_RESTART = kill -TERM `cat /var/www/logs/httpd.pid`; sleep 10; /usr/sbin/httpd -u -DSSL +#apache +#HTTPD_RESTART = /usr/local/apache/bin/apachectl stop; sleep 10; /usr/local/apache/bin/apachectl startssl + +#(an include directory, not a file, "Include /etc/apache/conf.d" in httpd.conf) +#deb (3.1+), apache2 +APACHE_CONF = /etc/apache2/conf.d +INSSERV_OVERRIDE = /etc/insserv/overrides + +FREESIDE_RESTART = ${INIT_FILE} restart + +#deb, redhat, fedora, mandrake, suse, others? +INSTALLGROUP = root +#freebsd, openbsd +#INSTALLGROUP = wheel + +#edit the stuff below to have the daemons start + +QUEUED_USER=fs_queue +API_USER = fs_api + +SELFSERVICE_USER = fs_selfservice +#never run on the same machine in production!!! +SELFSERVICE_MACHINES = +# SELFSERVICE_MACHINES = www.example.com +# SELFSERVICE_MACHINES = web1.example.com web2.example.com + +#user with sudo access on SELFSERVICE_MACHINES for automated self-service +#installation. +SELFSERVICE_INSTALL_USER = ivan +SELFSERVICE_INSTALL_USERADD = /usr/sbin/useradd +#SELFSERVICE_INSTALL_USERADD = "/usr/sbin/pw useradd" + +#RT_ENABLED = 0 +RT_ENABLED = 1 +RT_DOMAIN = example.com +RT_TIMEZONE = US/Pacific +#RT_TIMEZONE = US/Eastern +FREESIDE_URL = "http://localhost/freeside/" + +#for now, same db as specified in DATASOURCE... eventually, otherwise? +RT_DB_DATABASE = freeside + +TORRUS_ENABLED = 0 + +# for auto-version updates, so we can "make release" more things automatically +RPM_SPECFILE = rpm/freeside.spec + +#--- + +#rt/config.layout.in +RT_PATH = /opt/rt3 + +#only used for dev kludge now, not a big deal +FREESIDE_PATH = `pwd` +PERL_INC_DEV_KLUDGE = /usr/local/share/perl/5.14.2/ + +VERSION := `grep '^$$VERSION' FS/FS.pm | cut -d\' -f2` +TAG := freeside_`grep '^$$VERSION' FS/FS.pm | cut -d\' -f2 | perl -pe 's/\./_/g'` + +#DEBVERSION = `echo ${VERSION} | perl -pe 's/(\d)([a-z])/\1~\2/'`-1 + +TEXMFHOME := "\$$TEXMFHOME" + +ver: + @echo "${VERSION}" + +tag: + @echo "${TAG}" + +help: + @echo "supported targets:" + @echo " create-database create-config" + @echo " install deploy" + @echo " configure-rt create-rt" + @echo " clean help" + @echo + @echo " install-docs install-perl-modules" + @echo " install-init install-apache" + @echo " install-rt install-texmf" + @echo " install-selfservice update-selfservice" + @echo + @echo " dev dev-docs dev-perl-modules" + @echo + @echo " masondocs alldocs docs" + @echo " wikiman" + @echo " perl-modules" + #@echo + #@echo " upload-docs release" + + +masondocs: httemplate/* httemplate/*/* httemplate/*/*/* httemplate/*/*/*/* + rm -rf masondocs + cp -pr httemplate masondocs + touch masondocs + +alldocs: masondocs + +docs: + make masondocs + +wikiman: + chmod a+rx ./bin/pod2x + ./bin/pod2x + +install-docs: docs + #ancient attempt to avoid overwriting customer modifications directly to production web files that's overlived its usefulness + #[ -e ${FREESIDE_DOCUMENT_ROOT} ] && mv ${FREESIDE_DOCUMENT_ROOT} ${FREESIDE_DOCUMENT_ROOT}.`date +%Y%m%d%H%M%S` || true + #cp -r masondocs ${FREESIDE_DOCUMENT_ROOT} + [ -h ${FREESIDE_DOCUMENT_ROOT} ] && rm ${FREESIDE_DOCUMENT_ROOT} || true + mkdir -p ${FREESIDE_DOCUMENT_ROOT} + cp -r masondocs/* masondocs/.htaccess ${FREESIDE_DOCUMENT_ROOT} + chown -R freeside:freeside ${FREESIDE_DOCUMENT_ROOT} + install -D htetc/handler.pl ${MASON_HANDLER} + perl -p -i -e "\ + s|%%%FREESIDE_EXPORT%%%|${FREESIDE_EXPORT}|g;\ + s'%%%RT_ENABLED%%%'${RT_ENABLED}'g; \ + " ${MASON_HANDLER} || true + mkdir -p ${FREESIDE_EXPORT}/profile + chown freeside ${FREESIDE_EXPORT}/profile + cp htetc/htpasswd.logout ${FREESIDE_CONF} + [ ! -e ${MASONDATA} ] && mkdir ${MASONDATA} || true + chown -R freeside ${MASONDATA} + +dev-docs: + [ -e ${FREESIDE_DOCUMENT_ROOT} ] && mv ${FREESIDE_DOCUMENT_ROOT} ${FREESIDE_DOCUMENT_ROOT}.`date +%Y%m%d%H%M%S` || true + ln -s ${FREESIDE_PATH}/httemplate ${FREESIDE_DOCUMENT_ROOT} + cp htetc/handler.pl ${MASON_HANDLER} + perl -p -i -e "\ + s'###use Module::Refresh;###'use Module::Refresh;'; \ + s'###Module::Refresh->refresh;###'Module::Refresh->refresh;'; \ + s|%%%FREESIDE_EXPORT%%%|${FREESIDE_EXPORT}|g;\ + s'%%%RT_ENABLED%%%'${RT_ENABLED}'g; \ + " ${MASON_HANDLER} || true + +perl-modules: + cd FS; \ + [ -e Makefile ] || perl Makefile.PL; \ + make; \ + perl -p -i -e "\ + s|%%%FREESIDE_CONF%%%|${FREESIDE_CONF}|g;\ + s|%%%FREESIDE_CACHE%%%|${FREESIDE_CACHE}|g;\ + s'%%%FREESIDE_DOCUMENT_ROOT%%%'${FREESIDE_DOCUMENT_ROOT}'g; \ + s'%%%RT_ENABLED%%%'${RT_ENABLED}'g; \ + s'%%%RT_PATH%%%'${RT_PATH}'g; \ + s'%%%MASONDATA%%%'${MASONDATA}'g;\ + s/%%%SELFSERVICE_USER%%%/${SELFSERVICE_USER}/g;\ + " blib/lib/FS/*.pm;\ + perl -p -i -e "\ + s/%%%SELFSERVICE_USER%%%/${SELFSERVICE_USER}/g;\ + s/%%%SELFSERVICE_MACHINES%%%/${SELFSERVICE_MACHINES}/g;\ + s|%%%FREESIDE_EXPORT%%%|${FREESIDE_EXPORT}|g;\ + " blib/lib/FS/Cron/*.pm;\ + perl -p -i -e "\ + s|%%%FREESIDE_CONF%%%|${FREESIDE_CONF}|g;\ + s|%%%FREESIDE_EXPORT%%%|${FREESIDE_EXPORT}|g;\ + s|%%%FREESIDE_LOG%%%|${FREESIDE_LOG}|g;\ + " blib/lib/FS/part_export/*.pm;\ + perl -p -i -e "\ + s|%%%FREESIDE_CACHE%%%|${FREESIDE_CACHE}|g;\ + " blib/lib/FS/cust_main/*.pm blib/lib/FS/cust_pkg/*.pm;\ + perl -p -i -e "\ + s|%%%FREESIDE_LOG%%%|${FREESIDE_LOG}|g;\ + " blib/lib/FS/Daemon/*.pm;\ + perl -p -i -e "\ + s|%%%FREESIDE_CONF%%%|${FREESIDE_CONF}|g;\ + s|%%%FREESIDE_LOG%%%|${FREESIDE_LOG}|g;\ + s|%%%FREESIDE_LOCK%%%|${FREESIDE_LOCK}|g;\ + s|%%%FREESIDE_CACHE%%%|${FREESIDE_CACHE}|g;\ + s|%%%FREESIDE_EXPORT%%%|${FREESIDE_EXPORT}|g;\ + s|%%%DIST_CONF%%%|${DIST_CONF}|g;\ + " blib/script/* + +install-perl-modules: perl-modules install-rt-initialdata + [ -L ${PERL_INC_DEV_KLUDGE}/FS ] \ + && rm ${PERL_INC_DEV_KLUDGE}/FS \ + && mv ${PERL_INC_DEV_KLUDGE}/FS.old ${PERL_INC_DEV_KLUDGE}/FS \ + || true + cd FS; \ + make install UNINST=1 + #install this for freeside-setup + install -d $(DIST_CONF) + #install conf/[a-z]* $(DEFAULT_CONF) + #CVS is not [a-z] + install `ls -d conf/[a-z]* | grep -v CVS | grep -v '^conf/registries'` $(DIST_CONF) + +dev-perl-modules: perl-modules + [ -d ${PERL_INC_DEV_KLUDGE}/FS -a ! -L ${PERL_INC_DEV_KLUDGE}/FS ] \ + && mv ${PERL_INC_DEV_KLUDGE}/FS ${PERL_INC_DEV_KLUDGE}/FS.old \ + || true + + rm -rf ${PERL_INC_DEV_KLUDGE}/FS + ln -sf ${FREESIDE_PATH}/FS/blib/lib/FS ${PERL_INC_DEV_KLUDGE}/FS + +install-texmf: + install -D -o freeside -m 444 etc/longtable.sty \ + /usr/local/share/texmf/tex/latex/longtable.sty + texhash /usr/local/share/texmf + +install-init: + #[ -e ${INIT_FILE} ] || install -o root -g ${INSTALLGROUP} -m 711 init.d/freeside-init ${INIT_FILE} + install -o root -g ${INSTALLGROUP} -m 711 init.d/freeside-init ${INIT_FILE} + perl -p -i -e "\ + s/%%%QUEUED_USER%%%/${QUEUED_USER}/g;\ + s/%%%API_USER%%%/${API_USER}/g;\ + s/%%%SELFSERVICE_USER%%%/${SELFSERVICE_USER}/g;\ + s/%%%SELFSERVICE_MACHINES%%%/${SELFSERVICE_MACHINES}/g;\ + " ${INIT_FILE} + ${INIT_INSTALL} + +install-apache: + [ -e ${APACHE_CONF}/freeside-base.conf ] && rm ${APACHE_CONF}/freeside-base.conf || true + [ -d ${APACHE_CONF} ] && \ + ( install -o root -m 755 htetc/freeside-base2.conf ${APACHE_CONF} && \ + ( [ ${RT_ENABLED} -eq 1 ] && install -o root -m 755 htetc/freeside-rt.conf ${APACHE_CONF} || true ) && \ + ( [ ${TORRUS_ENABLED} -eq 1 ] && install -o root -m 755 htetc/freeside-torrus.conf ${APACHE_CONF} || true ) && \ + perl -p -i -e "\ + s'%%%FREESIDE_DOCUMENT_ROOT%%%'${FREESIDE_DOCUMENT_ROOT}'g; \ + s'%%%FREESIDE_CONF%%%'${FREESIDE_CONF}'g; \ + s'%%%MASON_HANDLER%%%'${MASON_HANDLER}'g; \ + " ${APACHE_CONF}/freeside-*.conf \ + ) || true + [ -d ${INSSERV_OVERRIDE} ] && [ -x /sbin/insserv ] && ( install -o root -m 755 init.d/insserv-override-apache2 ${INSSERV_OVERRIDE}/apache2 && insserv -d ) || true + +install-selfservice: + [ -e ~freeside ] || cp -pr /etc/skel ~freeside && chown -R freeside ~freeside + [ -e ~freeside/.ssh/id_dsa.pub ] || [ -e ~freeside/.ssh/id_rsa.pub ] || su - freeside -c 'ssh-keygen -t dsa' + for MACHINE in ${SELFSERVICE_MACHINES}; do \ + scp -r fs_selfservice/FS-SelfService ${SELFSERVICE_INSTALL_USER}@$$MACHINE:. ;\ + ssh ${SELFSERVICE_INSTALL_USER}@$$MACHINE "cd FS-SelfService; perl Makefile.PL && make" ;\ + ssh ${SELFSERVICE_INSTALL_USER}@$$MACHINE "cd FS-SelfService; sudo make install" ;\ + scp ~freeside/.ssh/id_dsa.pub ${SELFSERVICE_INSTALL_USER}@$$MACHINE:. ;\ + ssh ${SELFSERVICE_INSTALL_USER}@$$MACHINE "sudo ${SELFSERVICE_INSTALL_USERADD} freeside; sudo install -d -o freeside -m 755 ~freeside/.ssh/; sudo install -o freeside -m 600 ./id_dsa.pub ~freeside/.ssh/authorized_keys" ;\ + ssh ${SELFSERVICE_INSTALL_USER}@$$MACHINE "sudo install -o freeside -d /usr/local/freeside" ;\ + done + +update-selfservice: + for MACHINE in ${SELFSERVICE_MACHINES}; do \ + RSYNC_RSH=ssh rsync -rlptz fs_selfservice/FS-SelfService/ ${SELFSERVICE_INSTALL_USER}@$$MACHINE:FS-SelfService ;\ + ssh ${SELFSERVICE_INSTALL_USER}@$$MACHINE "cd FS-SelfService; make clean; perl Makefile.PL && make" ;\ + ssh ${SELFSERVICE_INSTALL_USER}@$$MACHINE "cd FS-SelfService; sudo make install" ;\ + done + +install-chown: + chown freeside "${FREESIDE_CACHE}/counters.${DATASOURCE}" + chown freeside "${FREESIDE_CACHE}/cache.${DATASOURCE}" + chown freeside "${FREESIDE_EXPORT}/export.${DATASOURCE}" + +install: install-perl-modules install-docs install-init install-apache install-rt install-torrus install-texmf install-chown + +deploy: install + ${HTTPD_RESTART} + ${FREESIDE_RESTART} + +dev: dev-perl-modules dev-docs + +create-database: + perl -e 'use DBIx::DataSource qw( create_database ); create_database( "${DATASOURCE}", "${DB_USER}", "${DB_PASSWORD}" ) or die $$DBIx::DataSource::errstr;' + +create-config: install-perl-modules + [ -e ${FREESIDE_CONF} ] && mv ${FREESIDE_CONF} ${FREESIDE_CONF}.`date +%Y%m%d%H%M%S` || true + install -d -o freeside ${FREESIDE_CONF} + + touch ${FREESIDE_CONF}/secrets + chown freeside ${FREESIDE_CONF}/secrets + chmod 600 ${FREESIDE_CONF}/secrets + + /bin/echo -e "${DATASOURCE}\n${DB_USER}\n${DB_PASSWORD}" >${FREESIDE_CONF}/secrets + chmod 600 ${FREESIDE_CONF}/secrets + chown freeside ${FREESIDE_CONF}/secrets + + mkdir "${FREESIDE_CACHE}/counters.${DATASOURCE}" + chown freeside "${FREESIDE_CACHE}/counters.${DATASOURCE}" + + mkdir "${FREESIDE_CACHE}/cache.${DATASOURCE}" + chown freeside "${FREESIDE_CACHE}/cache.${DATASOURCE}" + + mkdir "${FREESIDE_EXPORT}/export.${DATASOURCE}" + chown freeside "${FREESIDE_EXPORT}/export.${DATASOURCE}" + + #install this for freeside-setup + install -d $(DIST_CONF) + #install conf/[a-z]* $(DEFAULT_CONF) + #CVS is not [a-z] + install `ls -d conf/[a-z]* | grep -v CVS | grep -v '^conf/registries'` $(DIST_CONF) + + +configure-rt: + cd rt; \ + cp config.layout.in config.layout; \ + perl -p -i -e "\ + s'%%%FREESIDE_DOCUMENT_ROOT%%%'${FREESIDE_DOCUMENT_ROOT}'g;\ + s'%%%MASONDATA%%%'${MASONDATA}'g;\ + " config.layout; \ + ./configure --enable-layout=Freeside\ + --with-db-type=${DB_TYPE} \ + --with-db-dba=${DB_USER} \ + --with-db-database=${RT_DB_DATABASE} \ + --with-db-rt-user=${DB_USER} \ + --with-db-rt-pass="${DB_PASSWORD}" \ + --with-web-user=freeside \ + --with-web-group=freeside \ + --with-rt-group=freeside \ + --with-web-handler=modperl2 + +create-rt: configure-rt + [ -d /opt ] || mkdir /opt #doh + [ -d /opt/rt3 ] || mkdir /opt/rt3 # + [ -d /opt/rt3/share ] || mkdir /opt/rt3/share # + cd rt; make install + rt/sbin/rt-setup-database --dba '${DB_USER}' \ + --dba-password '${DB_PASSWORD}' \ + --action schema \ + || true + rt/sbin/rt-setup-database --dba-password '${DB_PASSWORD}' \ + --action coredata \ + && rt/sbin/rt-setup-database --dba-password '${DB_PASSWORD}' \ + --action insert \ + --datafile ${RT_PATH}/etc/initialdata \ + || true + +install-rt: + if [ ${RT_ENABLED} -eq 1 ]; then ( cd rt; make install ); fi + if [ ${RT_ENABLED} -eq 1 ]; then perl -p -i -e "\ + s'%%%RT_DOMAIN%%%'${RT_DOMAIN}'g;\ + s'%%%RT_TIMEZONE%%%'${RT_TIMEZONE}'g;\ + s'%%%FREESIDE_URL%%%'${FREESIDE_URL}'g;\ + " ${RT_PATH}/etc/RT_SiteConfig.pm; fi + if [ ${RT_ENABLED} -eq 1 ]; then \ + chown -R freeside:freeside ${RT_PATH}/etc; fi + +install-rt-initialdata: + if [ ${RT_ENABLED} -eq 1 ] && [ -d ${RT_PATH} ]; then \ + chown -R freeside:freeside ${RT_PATH}/etc; \ + install -D -o freeside -g freeside -m 0440 rt/etc/initialdata \ + ${RT_PATH}/etc/initialdata; fi + +configure-torrus: + cd torrus; \ + torrus_user=freeside var_user=freeside var_group=freeside ./configure + +install-torrus: + if [ ${TORRUS_ENABLED} -eq 1 ]; then ( cd torrus; \ + make; \ + make install; \ + perl -p -i -e "\ + s'%%%FREESIDE_URL%%%'${FREESIDE_URL}'g;\ + " /usr/local/etc/torrus/conf/torrus-siteconfig.pl; \ + torrus clearcache \ + );fi + +clean: + rm -rf masondocs + rm -rf httemplate/docs/man + rm -rf pod2htmi.tmp + rm -rf pod2htmd.tmp + -cd FS; \ + make clean + -cd fs_selfservice/FS-SelfService; \ + make clean + +#these are probably only useful if you're me... + +#release: upload-docs +.PHONY: release +release: + # Update the changelog + #./bin/cvs2cl + #cvs commit -m "Updated for ${VERSION}" ChangeLog + + # Update the RPM specfile + #cvs edit ${RPM_SPECFILE} + #perl -p -i -e "s/\d+[^\}]+/${VERSION}/ if /%define\s+version\s+(\d+[^\}]+)\}/;" ${RPM_SPECFILE} + #perl -p -i -e "s/\d+[^\}]+/1/ if /%define\s+release\s+(\d+[^\}]+)\}/;" ${RPM_SPECFILE} + #cvs commit -m "Updated for ${VERSION}" ${RPM_SPECFILE} + + # Update the Debian changelog + #cvs edit debian/changelog + #dch -v ${DEBVERSION} -p "New upstream release" + #cvs commit -m "Updated for ${VERSION}" debian/changelog + + # Make sure other people's changes are pulled in! + git pull + + # Tag the release + git tag -f ${TAG} + + #cd /home/ivan + git archive --prefix=freeside-${VERSION}/ ${TAG} | gzip -9 >freeside-${VERSION}.tar.gz + + scp freeside-${VERSION}.tar.gz ivan@420.am:/var/www/www.sisd.com/freeside/ + mv freeside-${VERSION}.tar.gz .. + + #these things failing should not make release target fail, so: "|| true" + + #kick off vmware update + #./BUILD_VMWARE_APPLIANCE ${$TAG} || true + + #kick off deb package update + + #kick off rpm package update too? + + #update web demo? + + #update web demo self-service? + diff --git a/lab/vagrant/docker/thefnf/odoo/Dockerfile b/lab/vagrant/docker/thefnf/odoo/Dockerfile new file mode 100755 index 0000000..c8c4d31 --- /dev/null +++ b/lab/vagrant/docker/thefnf/odoo/Dockerfile @@ -0,0 +1,13 @@ +FROM python:2.7 +RUN apt-get install -y libldap2-dev libsasl2-dev && \ + adduser odoo --system --group --shell /bin/bash +USER odoo +ENV HOME /home/odoo +ENV PATH $HOME/.local/bin:$PATH +WORKDIR /home/odoo +RUN curl http://nightly.odoo.com/8.0/nightly/src/odoo_8.0-latest.tar.gz |tar xz --strip-components 1 && \ + python setup.py install --user && \ + python setup.py install --user --single-version-externally-managed --root / # Strips version hash from module directories +ADD openerp_serverrc /home/odoo/.openerp_serverrc +EXPOSE 8069 8072 +CMD openerp-server \ No newline at end of file diff --git a/lab/vagrant/docker/thefnf/odoo/openerp_serverrc b/lab/vagrant/docker/thefnf/odoo/openerp_serverrc new file mode 100755 index 0000000..7a17b45 --- /dev/null +++ b/lab/vagrant/docker/thefnf/odoo/openerp_serverrc @@ -0,0 +1,62 @@ +[options] +addons_path = /home/odoo/.local/lib/python2.7/site-packages/openerp/addons +admin_passwd = admin +auto_reload = False +csv_internal_sep = , +data_dir = /home/odoo/.local/share/Odoo +db_host = postgres +db_maxconn = 64 +db_name = False +db_password = odoo +db_port = 5432 +db_template = template1 +db_user = odoo +dbfilter = .* +debug_mode = False +demo = {} +email_from = False +import_partial = +limit_memory_hard = 2684354560 +limit_memory_soft = 2147483648 +limit_request = 8192 +limit_time_cpu = 60 +limit_time_real = 120 +list_db = True +log_db = False +log_handler = [':INFO'] +log_level = info +logfile = None +logrotate = False +longpolling_port = 8072 +max_cron_threads = 2 +osv_memory_age_limit = 1.0 +osv_memory_count_limit = False +pg_path = None +pidfile = None +proxy_mode = False +reportgz = False +secure_cert_file = server.cert +secure_pkey_file = server.pkey +server_wide_modules = None +smtp_password = False +smtp_port = 25 +smtp_server = localhost +smtp_ssl = False +smtp_user = False +syslog = False +test_commit = False +test_enable = False +test_file = False +test_report_directory = False +timezone = False +translate_modules = ['all'] +unaccent = False +without_demo = False +workers = 0 +xmlrpc = True +xmlrpc_interface = +xmlrpc_port = 8069 +xmlrpcs = True +xmlrpcs_interface = +xmlrpcs_port = 8071 + diff --git a/mtpconfigs/ovh/shared-router/shorewall/conntrack b/mtpconfigs/ovh/shared-router/shorewall/conntrack new file mode 100755 index 0000000..963696e --- /dev/null +++ b/mtpconfigs/ovh/shared-router/shorewall/conntrack @@ -0,0 +1,53 @@ +# +# Shorewall version 4 - conntrack File +# +# For information about entries in this file, type "man shorewall-conntrack" +# +############################################################################################################## +?FORMAT 3 +#ACTION SOURCE DESTINATION PROTO DEST SOURCE USER/ SWITCH +# PORT(S) PORT(S) GROUP +?if $AUTOHELPERS && __CT_TARGET + +?if __AMANDA_HELPER +CT:helper:amanda:PO - - udp 10080 +?endif + +?if __FTP_HELPER +CT:helper:ftp:PO - - tcp 21 +?endif + +?if __H323_HELPER +CT:helper:RAS:PO - - udp 1719 +CT:helper:Q.931:PO - - tcp 1720 +?endif + +?if __IRC_HELPER +CT:helper:irc:PO - - tcp 6667 +?endif + +?if __NETBIOS_NS_HELPER +CT:helper:netbios-ns:PO - - udp 137 +?endif + +?if __PPTP_HELPER +CT:helper:pptp:PO - - tcp 1723 +?endif + +?if __SANE_HELPER +CT:helper:sane:PO - - tcp 6566 +?endif + +?if __SIP_HELPER +CT:helper:sip:PO - - udp 5060 +?endif + +?if __SNMP_HELPER +CT:helper:snmp:PO - - udp 161 +?endif + +?if __TFTP_HELPER +CT:helper:tftp:PO - - udp 69 +?endif + +?endif diff --git a/mtpconfigs/ovh/shared-router/shorewall/interfaces b/mtpconfigs/ovh/shared-router/shorewall/interfaces new file mode 100755 index 0000000..6ae8037 --- /dev/null +++ b/mtpconfigs/ovh/shared-router/shorewall/interfaces @@ -0,0 +1,13 @@ +#ZONE INTERFACE OPTIONS +rr eth0 detect tcpflags,nosmurfs,routefilter,logmartians +wan eth1 detect tcpflags,nosmurfs,routefilter,logmartians,sourceroute=0 +barm eth2 detect tcpflags,nosmurfs,routefilter,logmartians +mgmt eth3 detect tcpflags,nosmurfs,routefilter,logmartians +asn eth4 detect tcpflags,nosmurfs,routefilter,logmartians +s2l eth5 detect tcpflags,nosmurfs,routefilter,logmartians +fnf eth6 detect tcpflags,nosmurfs,routefilter,logmartians +knel eth7 detect tcpflags,nosmurfs,routefilter,logmartians +tsys eth8 detect tcpflags,nosmurfs,routefilter,logmartians +vpnrwr tun0 detect dhcp +vpnauslab tun1 detect dhcp +vpnasn2net tun2 detect dhcp diff --git a/mtpconfigs/ovh/shared-router/shorewall/masq b/mtpconfigs/ovh/shared-router/shorewall/masq new file mode 100755 index 0000000..6f7067f --- /dev/null +++ b/mtpconfigs/ovh/shared-router/shorewall/masq @@ -0,0 +1,19 @@ +# +# Shorewall version 4.0 - Sample Masq file for two-interface configuration. +# Copyright (C) 2006 by the Shorewall Team +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# See the file README.txt for further details. +#------------------------------------------------------------------------------ +# For information about entries in this file, type "man shorewall-masq" +################################################################################################################ +#INTERFACE:DEST SOURCE ADDRESS PROTO PORT(S) IPSEC MARK USER/ SWITCH ORIGINAL +# GROUP DEST +eth1 10.0.0.0/8,\ + 169.254.0.0/16,\ + 172.16.0.0/12,\ + 192.168.0.0/16 diff --git a/mtpconfigs/ovh/shared-router/shorewall/params b/mtpconfigs/ovh/shared-router/shorewall/params new file mode 100755 index 0000000..a60512b --- /dev/null +++ b/mtpconfigs/ovh/shared-router/shorewall/params @@ -0,0 +1,28 @@ +# +# Shorewall version 4 - Params File +# +# /etc/shorewall/params +# +# Assign any variables that you need here. +# +# It is suggested that variable names begin with an upper case letter +# to distinguish them from variables used internally within the +# Shorewall programs +# +# Example: +# +# NET_IF=eth0 +# NET_BCAST=130.252.100.255 +# NET_OPTIONS=routefilter,norfc1918 +# +# Example (/etc/shorewall/interfaces record): +# +# net $NET_IF $NET_BCAST $NET_OPTIONS +# +# The result will be the same as if the record had been written +# +# net eth0 130.252.100.255 routefilter,norfc1918 +# +############################################################################### + +#LAST LINE -- DO NOT REMOVE diff --git a/mtpconfigs/ovh/shared-router/shorewall/policy b/mtpconfigs/ovh/shared-router/shorewall/policy new file mode 100755 index 0000000..285d387 --- /dev/null +++ b/mtpconfigs/ovh/shared-router/shorewall/policy @@ -0,0 +1,20 @@ +#SOURCE ZONE DESTINATION ZONE POLICY LOG LIMIT:BURST +# LEVEL +#Allow the firewall to get out to the net. Updates/e-mail alerts etc. I could pinhole this, but meh COME AT ME NSA +$FW wan ACCEPT + +#Road warrior is trusted. It serves as an extension of the mgmt net. +vpnrwr all ACCEPT + +#Anything transisting the vpn link between ausprod-core-rtr01 and tsys-rtr has already been passed firewall rules and IPS inspection. +#Otherwise I wouldn't allow this +vpnauslab all ACCEPT + +#Drop everything inbound from the big bad world that isn't explicitly allowed. +#Cause the net is where the NSA lives +wan all DROP + +#Drop everything that isn't explicitly allowed. +#Make explicit rules for everything yo. The NSA says you should. Duh. +# #state-sponsored-malware #stuxnet-was-an-inside-job +all all REJECT info diff --git a/mtpconfigs/ovh/shared-router/shorewall/rules b/mtpconfigs/ovh/shared-router/shorewall/rules new file mode 100755 index 0000000..574c436 --- /dev/null +++ b/mtpconfigs/ovh/shared-router/shorewall/rules @@ -0,0 +1,113 @@ +#ACTION SOURCE DEST PROTO DEST PORT(S) SOURCE ORIGINAL +########################################################################################################################################################################################################### +#Inbound DNAT forwarding from WAN to various zone/ip pinholes +########################################################################################################################################################################################################### +######################################################### +#KNEL rules +#158.69.183.165/29 eth1:2 +######################################################### +DNAT wan knel:10.253.8.72 tcp 443 - 158.69.183.165 +DNAT wan knel:10.253.8.72 tcp 80 - 158.69.183.165 +DNAT wan knel:10.253.8.72 tcp 993 - 158.69.183.165 +DNAT wan knel:10.253.8.72 tcp 25 - 158.69.183.165 +DNAT wan knel:10.253.8.72 tcp 465 - 158.69.183.165 +DNAT wan knel:10.253.8.72 tcp 5222 - 158.69.183.165 + +######################################################### +#TSYS rules +#158.69.183.161/29 eth1 +######################################################### +DNAT wan tsys:10.253.9.78 tcp 443 - 158.69.183.161 +DNAT wan tsys:10.253.9.78 tcp 80 - 158.69.183.161 +DNAT wan tsys:10.253.9.78 tcp 25 - 158.69.183.161 +DNAT wan tsys:10.253.9.78 tcp 465 - 158.69.183.161 +DNAT wan tsys:10.253.9.78 tcp 5222 - 158.69.183.161 + +######################################################### +#RackRental WAN rules +#158.69.183.164/29 eth1:1 +######################################################### +#158.69.183.164/29 +DNAT wan rr:10.253.6.81 tcp 443 - 158.69.183.164 +DNAT wan rr:10.253.6.81 tcp 80 - 158.69.183.164 + +############################################################ +#S2l/asn WAN rules handled by their upstream routers/admins +############################################################ + +########################################################################################################################################################################################################### +#site to site and road warrior VPN rules +########################################################################################################################################################################################################### + +#Allow road warrior connectivity from anywhere +ACCEPT wan fw udp 443 + +#Allow auslab site to site vpn +ACCEPT wan fw tcp 1195 +ACCEPT wan fw udp 1195 + + +############################################################ +#FW rules for RoadWarrior VPN +############################################################ +ACCEPT all vpnrwr all + +############################################################ +#FW rules for STS VPN - AUSLAB +#ACCEPT loc vpnauslab all +############################################################ +ACCEPT vpnauslab all all +ACCEPT $FW vpnauslab all + +############################################################ +#FW rules for STS VPN - client - asn2net +#Lock this down soon +############################################################ +ACCEPT $FW vpnasn2net all +ACCEPT vpnasn2net $FW all + + +########################################################################################################################################################################################################### +#outbound from various local nets and the firewall to WAN +########################################################################################################################################################################################################### +ACCEPT rr wan all #Lock this down soon +ACCEPT rr tsys all #Lock this down soon +ACCEPT knel,tsys,mgmt wan all + + +#Temp rules to get stuff working.. +ACCEPT $FW all all #Fw can access everything for now, Lock this down later +ACCEPT mgmt $FW + +ACCEPT vpnauslab mgmt all +ACCEPT vpnauslab all all + +########################################################################################################################################################################################################### +#intra zone pinhole rules +########################################################################################################################################################################################################### +ACCEPT vpnrwr,rr,barm,tsys,knel,fnf mgmt:10.253.3.86 udp 53 +ACCEPT vpnrwr,rr,barm,tsys,knel,fnf mgmt:10.253.3.86 tcp 53 + +########################################################################################################################################################################################################### +#intra zone wide rules +########################################################################################################################################################################################################### +#Mgmt can hit everything yo, cause it's fucking management with a capital M +ACCEPT mgmt barm,tsys,knel,fnf,vpnrwr,asn,s2l,vpnauslab all + +#Ad replication rule +ACCEPT mgmt:10.253.3.86 vpnauslab:10.251.2.98 all +ACCEPT vpnauslab:10.251.2.98 mgmt:10.253.3.86 all + +#Zenoss rule +ACCEPT mgmt:10.253.3.77 all all + + + + +#Brendan mgmt access +ACCEPT vpnasn2net:10.30.1.2 mgmt:10.253.3.86 udp 53 +ACCEPT vpnasn2net:10.30.1.2 mgmt:10.253.3.86 tcp 53 +ACCEPT vpnasn2net:10.30.3.0/24 $FW +ACCEPT vpnasn2net:10.30.2.0/24 $FW +ACCEPT vpnasn2net:10.30.2.0/24 mgmt +ACCEPT vpnasn2net:10.30.3.0/24 mgmt diff --git a/mtpconfigs/ovh/shared-router/shorewall/shorewall.conf b/mtpconfigs/ovh/shared-router/shorewall/shorewall.conf new file mode 100755 index 0000000..886f4f4 --- /dev/null +++ b/mtpconfigs/ovh/shared-router/shorewall/shorewall.conf @@ -0,0 +1,274 @@ +############################################################################### +# +# Shorewall Version 4 -- /etc/shorewall/shorewall.conf +# +# For information about the settings in this file, type "man shorewall.conf" +# +# Manpage also online at http://www.shorewall.net/manpages/shorewall.conf.html +############################################################################### +# S T A R T U P E N A B L E D +############################################################################### + +STARTUP_ENABLED=Yes + +############################################################################### +# V E R B O S I T Y +############################################################################### + +VERBOSITY=1 + +############################################################################### +# L O G G I N G +############################################################################### + +BLACKLIST_LOG_LEVEL= + +INVALID_LOG_LEVEL= + +LOG_MARTIANS=Yes + +LOG_VERBOSITY=2 + +LOGALLNEW= + +LOGFILE="/var/log/firewall.log" + +LOGFORMAT="%s:%s:" + +LOGTAGONLY=No + +LOGLIMIT= + +MACLIST_LOG_LEVEL=info + +RELATED_LOG_LEVEL= + +RPFILTER_LOG_LEVEL=info + +SFILTER_LOG_LEVEL=info + +SMURF_LOG_LEVEL=info + +STARTUP_LOG=/var/log/shorewall-init.log + +TCP_FLAGS_LOG_LEVEL=info + +UNTRACKED_LOG_LEVEL= + +############################################################################### +# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S +############################################################################### + +ARPTABLES= + +CONFIG_PATH="${CONFDIR}/shorewall:${SHAREDIR}/shorewall" + +GEOIPDIR=/usr/share/xt_geoip/LE + +IPTABLES= + +IP= + +IPSET= + +LOCKFILE= + +MODULESDIR= + +NFACCT= + +PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin" + +PERL=/usr/bin/perl + +RESTOREFILE=restore + +SHOREWALL_SHELL=/bin/sh + +SUBSYSLOCK="" + +TC= + +############################################################################### +# D E F A U L T A C T I O N S / M A C R O S +############################################################################### + +ACCEPT_DEFAULT=none +DROP_DEFAULT=Drop +NFQUEUE_DEFAULT=none +QUEUE_DEFAULT=none +REJECT_DEFAULT=Reject + +############################################################################### +# R S H / R C P C O M M A N D S +############################################################################### + +RCP_COMMAND='scp ${files} ${root}@${system}:${destination}' +RSH_COMMAND='ssh ${root}@${system} ${command}' + +############################################################################### +# F I R E W A L L O P T I O N S +############################################################################### + +ACCOUNTING=Yes + +ACCOUNTING_TABLE=filter + +ADD_IP_ALIASES=No + +ADD_SNAT_ALIASES=No + +ADMINISABSENTMINDED=Yes + +IGNOREUNKNOWNVARIABLES=No + +AUTOCOMMENT=Yes + +AUTOHELPERS=Yes + +AUTOMAKE=No + +BLACKLIST="NEW,INVALID,UNTRACKED" + +CHAIN_SCRIPTS=Yes + +CLAMPMSS=No + +CLEAR_TC=Yes + +COMPLETE=No + +DEFER_DNS_RESOLUTION=Yes + +DELETE_THEN_ADD=Yes + +DETECT_DNAT_IPADDRS=No + +DISABLE_IPV6=No + +DONT_LOAD= + +DYNAMIC_BLACKLIST=Yes + +EXPAND_POLICIES=Yes + +EXPORTMODULES=Yes + +FASTACCEPT=No + +FORWARD_CLEAR_MARK= + +HELPERS= + +IMPLICIT_CONTINUE=No + +IPSET_WARNINGS=Yes + +IP_FORWARDING=On + +KEEP_RT_TABLES=No + +LEGACY_FASTSTART=Yes + +LOAD_HELPERS_ONLY=No + +MACLIST_TABLE=filter + +MACLIST_TTL= + +MANGLE_ENABLED=Yes + +MAPOLDACTIONS=No + +MARK_IN_FORWARD_CHAIN=No + +MODULE_SUFFIX=ko + +MULTICAST=Yes + +MUTEX_TIMEOUT=60 + +NULL_ROUTE_RFC1918=No + +OPTIMIZE=0 + +OPTIMIZE_ACCOUNTING=No + +REJECT_ACTION= + +REQUIRE_INTERFACE=No + +RESTORE_DEFAULT_ROUTE=Yes + +RESTORE_ROUTEMARKS=Yes + +RETAIN_ALIASES=No + +ROUTE_FILTER=Yes + +SAVE_ARPTABLES=No + +SAVE_IPSETS=No + +TC_ENABLED=Internal + +TC_EXPERT=No + +TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2" + +TRACK_PROVIDERS=No + +TRACK_RULES=No + +USE_DEFAULT_RT=No + +USE_PHYSICAL_NAMES=No + +USE_RT_NAMES=No + +WARNOLDCAPVERSION=Yes + +ZONE2ZONE=2 + +############################################################################### +# P A C K E T D I S P O S I T I O N +############################################################################### + +BLACKLIST_DISPOSITION=DROP + +INVALID_DISPOSITION=CONTINUE + +MACLIST_DISPOSITION=REJECT + +RELATED_DISPOSITION=ACCEPT + +RPFILTER_DISPOSITION=DROP + +SMURF_DISPOSITION=DROP + +SFILTER_DISPOSITION=DROP + +TCP_FLAGS_DISPOSITION=DROP + +UNTRACKED_DISPOSITION=CONTINUE + +################################################################################ +# P A C K E T M A R K L A Y O U T +################################################################################ + +TC_BITS= + +PROVIDER_BITS= + +PROVIDER_OFFSET= + +MASK_BITS= + +ZONE_BITS=0 + +################################################################################ +# L E G A C Y O P T I O N +# D O N O T D E L E T E O R A L T E R +################################################################################ + +IPSECFILE=zones diff --git a/mtpconfigs/ovh/shared-router/shorewall/zones b/mtpconfigs/ovh/shared-router/shorewall/zones new file mode 100755 index 0000000..e585906 --- /dev/null +++ b/mtpconfigs/ovh/shared-router/shorewall/zones @@ -0,0 +1,14 @@ +#ZONE TYPE OPTIONS +fw firewall +rr ipv4 +wan ipv4 +barm ipv4 +mgmt ipv4 +asn ipv4 +s2l ipv4 +fnf ipv4 +knel ipv4 +tsys ipv4 +vpnrwr ipv4 +vpnauslab ipv4 +vpnasn2net ipv4 diff --git a/rubix/Monitoring/mibs/LM-SENSORS-MIB b/rubix/Monitoring/mibs/LM-SENSORS-MIB new file mode 100755 index 0000000..d0734b3 --- /dev/null +++ b/rubix/Monitoring/mibs/LM-SENSORS-MIB @@ -0,0 +1,230 @@ +LM-SENSORS-MIB DEFINITIONS ::= BEGIN + +-- +-- Derived from the original VEST-INTERNETT-MIB. Open issues: +-- +-- (a) where to register this MIB? +-- (b) use not-accessible for diskIOIndex? +-- + + +IMPORTS + MODULE-IDENTITY, OBJECT-TYPE, Integer32, Gauge32 + FROM SNMPv2-SMI + DisplayString + FROM SNMPv2-TC + ucdExperimental + FROM UCD-SNMP-MIB; + +lmSensorsMIB MODULE-IDENTITY + LAST-UPDATED "200011050000Z" + ORGANIZATION "AdamsNames Ltd" + CONTACT-INFO + "Primary Contact: M J Oldfield + email: m@mail.tc" + DESCRIPTION + "This MIB module defines objects for lm_sensor derived data." + REVISION "200011050000Z" + DESCRIPTION + "Derived from DISKIO-MIB ex UCD." + ::= { lmSensors 1 } + +lmSensors OBJECT IDENTIFIER ::= { ucdExperimental 16 } + +-- + +lmTempSensorsTable OBJECT-TYPE + SYNTAX SEQUENCE OF LMTempSensorsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Table of temperature sensors and their values." + ::= { lmSensors 2 } + +lmTempSensorsEntry OBJECT-TYPE + SYNTAX LMTempSensorsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry containing a device and its statistics." + INDEX { lmTempSensorsIndex } + ::= { lmTempSensorsTable 1 } + +LMTempSensorsEntry ::= SEQUENCE { + lmTempSensorsIndex Integer32, + lmTempSensorsDevice DisplayString, + lmTempSensorsValue Gauge32 +} + +lmTempSensorsIndex OBJECT-TYPE + SYNTAX Integer32 (0..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Reference index for each observed device." + ::= { lmTempSensorsEntry 1 } + +lmTempSensorsDevice OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The name of the temperature sensor we are reading." + ::= { lmTempSensorsEntry 2 } + +lmTempSensorsValue OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The temperature of this sensor in mC." + ::= { lmTempSensorsEntry 3 } +-- + +lmFanSensorsTable OBJECT-TYPE + SYNTAX SEQUENCE OF LMFanSensorsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Table of fan sensors and their values." + ::= { lmSensors 3 } + +lmFanSensorsEntry OBJECT-TYPE + SYNTAX LMFanSensorsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry containing a device and its statistics." + INDEX { lmFanSensorsIndex } + ::= { lmFanSensorsTable 1 } + +LMFanSensorsEntry ::= SEQUENCE { + lmFanSensorsIndex Integer32, + lmFanSensorsDevice DisplayString, + lmFanSensorsValue Gauge32 +} + +lmFanSensorsIndex OBJECT-TYPE + SYNTAX Integer32 (0..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Reference index for each observed device." + ::= { lmFanSensorsEntry 1 } + +lmFanSensorsDevice OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The name of the fan sensor we are reading." + ::= { lmFanSensorsEntry 2 } + +lmFanSensorsValue OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The rotation speed of the fan in RPM." + ::= { lmFanSensorsEntry 3 } + +-- + +lmVoltSensorsTable OBJECT-TYPE + SYNTAX SEQUENCE OF LMVoltSensorsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Table of voltage sensors and their values." + ::= { lmSensors 4 } + +lmVoltSensorsEntry OBJECT-TYPE + SYNTAX LMVoltSensorsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry containing a device and its statistics." + INDEX { lmVoltSensorsIndex } + ::= { lmVoltSensorsTable 1 } + +LMVoltSensorsEntry ::= SEQUENCE { + lmVoltSensorsIndex Integer32, + lmVoltSensorsDevice DisplayString, + lmVoltSensorsValue Gauge32 +} + +lmVoltSensorsIndex OBJECT-TYPE + SYNTAX Integer32 (0..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Reference index for each observed device." + ::= { lmVoltSensorsEntry 1 } + +lmVoltSensorsDevice OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The name of the device we are reading." + ::= { lmVoltSensorsEntry 2 } + +lmVoltSensorsValue OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The voltage in mV." + ::= { lmVoltSensorsEntry 3 } + +-- + +lmMiscSensorsTable OBJECT-TYPE + SYNTAX SEQUENCE OF LMMiscSensorsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Table of miscellaneous sensor devices and their values." + ::= { lmSensors 5 } + +lmMiscSensorsEntry OBJECT-TYPE + SYNTAX LMMiscSensorsEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "An entry containing a device and its statistics." + INDEX { lmMiscSensorsIndex } + ::= { lmMiscSensorsTable 1 } + +LMMiscSensorsEntry ::= SEQUENCE { + lmMiscSensorsIndex Integer32, + lmMiscSensorsDevice DisplayString, + lmMiscSensorsValue Gauge32 +} + +lmMiscSensorsIndex OBJECT-TYPE + SYNTAX Integer32 (0..65535) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Reference index for each observed device." + ::= { lmMiscSensorsEntry 1 } + +lmMiscSensorsDevice OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The name of the device we are reading." + ::= { lmMiscSensorsEntry 2 } + +lmMiscSensorsValue OBJECT-TYPE + SYNTAX Gauge32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "The value of this sensor." + ::= { lmMiscSensorsEntry 3 } + + +END diff --git a/rundeck/auslab b/rundeck/auslab new file mode 100644 index 0000000..547c7cd --- /dev/null +++ b/rundeck/auslab @@ -0,0 +1,30 @@ +ausprod-core-rtr01-vlmgmt.turnsys.net: + hostname: ausprod-core-rtr01-vlmgmt.turnsys.net + username: root + ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key + tags: 'prod,auslab,physical,infra' +ausprod-labsvr.turnsys.net: + hostname: ausprod-labsvr.turnsys.net + username: root + ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key + tags: 'prod,auslab,physical,subo' +fsky2-rpi3.turnsys.net: + hostname: fsky2-rpi3.turnsys.net + username: root + ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key + tags: 'prod,auslab,physical,subo' +subo-logtest.turnsys.net: + hostname: subo-logtest.turnsys.net + username: root + ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key + tags: 'prod,auslab,physical,subo' +fground01.turnsys.net: + hostname: fground01.turnsys.net + username: root + ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key + tags: 'prod,auslab,physical,subo' +fground-flink.turnsys.net: + hostname: fground-flink.turnsys.net + username: root + ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key + tags: 'prod,auslab,physical,subo' diff --git a/rundeck/ovh b/rundeck/ovh new file mode 100644 index 0000000..b9ed7c1 --- /dev/null +++ b/rundeck/ovh @@ -0,0 +1,35 @@ +shared-router.turnsys.net: + hostname: shared-router.turnsys.net + username: root + ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key + tags: 'prod,ovh,virtual,infra' +tsys-cloud.turnsys.net: + hostname: tsys-cloud.turnsys.net + username: root + ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key + tags: 'prod,ovh,virtual,tsys' +tsys-rr-shell.turnsys.net: + hostname: tsys-rr-shell.turnsys.net + username: root + ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key + tags: 'prod,ovh,virtual,rr' +tsys-rr-app.turnsys.net: + hostname: tsys-rr-app.turnsys.net + username: root + ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key + tags: 'prod,ovh,virtual,rr' +toolbox.turnsys.net: + hostname: toolbox.turnsys.net + username: root + ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key + tags: 'prod,ovh,virtual,infra' +shared-build.turnsys.net: + hostname: shared-build.turnsys.net + username: root + ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key + tags: 'prod,ovh,virtual,infra' +shared-zenoss.turnsys.net: + hostname: shared-zenoss.turnsys.net + username: root + ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key + tags: 'prod,ovh,virtual,infra' diff --git a/rundeck/satx b/rundeck/satx new file mode 100644 index 0000000..29680ff --- /dev/null +++ b/rundeck/satx @@ -0,0 +1,20 @@ +ausprod-linsrv.turnsys.net: + hostname: ausprod-linsrv.turnsys.net + username: root + ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key + tags: 'prod,satx,physical,infra' +tsyscn4.turnsys.net: + hostname: tsyscn4.turnsys.net + username: root + ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key + tags: 'satx,physical,infra,tsys' +satxtimeserver.turnsys.net: + hostname: satxtimeserver.turnsys.net + username: root + ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key + tags: 'prod,satx,physical,infra' +octoprint.turnsys.net: + hostname: octoprint.turnsys.net + username: root + ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key + tags: 'prod,satx,physical,infra' diff --git a/rundeck/sshConfig b/rundeck/sshConfig new file mode 100755 index 0000000..3603328 --- /dev/null +++ b/rundeck/sshConfig @@ -0,0 +1,99 @@ +StrictHostKeyChecking no + + +#IdentityFile /home/cwyble/.ssh/id_rsa + +#Production systems + +Host asn2net-linsrv + User asn2net + Hostname asn2net-linsrv.turnsys.net +Host asn2net-router + User admin + Hostname asn2net-router.turnsys.net +Host ausprod-core-ap01 + Hostname ausprod-core-ap01.turnsys.net + User cisco +Host ausprod-core-rtr01 + User localuser + Hostname ausprod-core-rtr01-vlmgmt.turnsys.net +Host ausprod-lab-sw01 + Hostname ausprod-labsw01.turnsys.net +Host ausprod-lab-sw02 + Hostname ausprod-labsw02.turnsys.net +Host ausprod-consrv + User root + ForwardX11 no + Hostname ausprod-consrv.turnsys.net +Host auslab-power + User root:7048 + Hostname ausprod-consrv.turnsys.net + ForwardX11 no +Host ausprod-labsvr + User root + Hostname ausprod-labsvr.turnsys.net +Host ausprod-linsrv + User localuser + Hostname ausprod-linsrv.turnsys.net +Host dedi + User root + Hostname dedi.turnsys.com + ForwardX11 yes +Host shared-boss + User localuser + Hostname shared-boss.turnsys.net +Host shared-build + User localuser + Hostname shared-build.turnsys.net +Host shared-router + User root + Hostname shared-router.turnsys.net +Host toolbox + User localuser + Hostname toolbox.turnsys.net +Host shared-voip + User localuser + Hostname shared-voip.turnsys.net +Host shared-zenoss + User root + Hostname shared-zenoss.turnsys.net +Host tsys-rr-app + User root + Hostname tsys-rr-app.turnsys.net +Host tsys-rr-shell + User localuser + Hostname tsys-rr-shell.turnsys.net +Host tsys-cloud + User root + Hostname tsys-cloud.turnsys.net +Host tsyscn4 + User localuser + Hostname tsyscn4.turnsys.net +Host shallowblue + User localuser + Hostname shallowblue.turnsys.net +Host tsys-taiga + User localuser + Hostname tsys-taiga.turnsys.net +Host subo-fground + User fground + Hostname fground01.turnsys.net +Host subo-fground-flink + User pi + Hostname fground-flink.turnsys.net +Host subo-fsky + User pi + Hostname fsky2-rpi3.turnsys.net +Host subo-logtest + User fground + Hostname subo-logtest.turnsys.net +Host satxtimeserver + User pi + Hostname satxtimeserver.turnsys.net + +#Host ausprod-oob-sw01 +#Host ausprod-oob-sw02 + + +Host * + ForwardAgent yes diff --git a/slack/bin/distro b/slack/bin/distro new file mode 100755 index 0000000..a1eae12 --- /dev/null +++ b/slack/bin/distro @@ -0,0 +1,257 @@ +#!/bin/sh +# Observium License Version 1.0 +# +# Copyright (c) 2013 Joe Holden +# +# The intent of this license is to establish the freedom to use, share and contribute to +# the software regulated by this license. +# +# This license applies to any software containing a notice placed by the copyright holder +# saying that it may be distributed under the terms of this license. Such software is herein +# referred to as the Software. This license covers modification and distribution of the +# Software. +# +# Granted Rights +# +# 1. You are granted the non-exclusive rights set forth in this license provided you agree to +# and comply with any and all conditions in this license. Whole or partial distribution of the +# Software, or software items that link with the Software, in any form signifies acceptance of +# this license. +# +# 2. You may copy and distribute the Software in unmodified form provided that the entire package, +# including - but not restricted to - copyright, trademark notices and disclaimers, as released +# by the initial developer of the Software, is distributed. +# +# 3. You may make modifications to the Software and distribute your modifications, in a form that +# is separate from the Software, such as patches. The following restrictions apply to modifications: +# +# a. Modifications must not alter or remove any copyright notices in the Software. +# b. When modifications to the Software are released under this license, a non-exclusive royalty-free +# right is granted to the initial developer of the Software to distribute your modification in +# future versions of the Software provided such versions remain available under these terms in +# addition to any other license(s) of the initial developer. +# +# Limitations of Liability +# +# In no event shall the initial developers or copyright holders be liable for any damages whatsoever, +# including - but not restricted to - lost revenue or profits or other direct, indirect, special, +# incidental or consequential damages, even if they have been advised of the possibility of such damages, +# except to the extent invariable law, if any, provides otherwise. +# +# No Warranty +# +# The Software and this license document are provided AS IS with NO WARRANTY OF ANY KIND, INCLUDING THE +# WARRANTY OF DESIGN, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. +# +# URL: https://github.com/joeholden/distroscript/ +# README: https://raw.github.com/joeholden/distroscript/master/README.md + +# Shells are made of dicks. +DISTROSCRIPT="1.0.15" + +if [ -z ${DISTROFORMAT} ]; then + DISTROFORMAT="pipe" +fi + +if [ -n "${AGENT_LIBDIR}" -o -n "${MK_LIBDIR}" ]; then + # Set output for check_mk/observium agent + DISTROFORMAT="export" +fi + +getos() { + OS=`uname -s` + if [ "${OS}" = "SunOS" ]; then + OS="Solaris" + elif [ "${OS}" = "DragonFly" ]; then + OS="DragonFlyBSD" + fi + export OS + return 0 +} + +getkernel() { + KERNEL=`uname -r` + export KERNEL + return 0 +} + +getdistro() { + if [ "${OS}" = "Linux" ]; then + if [ -f /etc/os-release ]; then + . /etc/os-release + DISTRO=`echo ${NAME} | awk '{print $1}'` + elif [ -x /usr/bin/lsb_release ]; then + DISTRO=`/usr/bin/lsb_release -si 2>/dev/null` + elif [ -f /etc/redhat-release ]; then + DISTRO=`cat /etc/redhat-release | awk '{print $1}'` + elif [ -f /etc/fedora-release ]; then + DISTRO="Fedora" + elif [ -f /etc/mandriva-release ]; then + DISTRO="Mandriva" + elif [ -f /etc/arch-release ]; then + DISTRO="ArchLinux" + elif [ -f /etc/gentoo-release ]; then + DISTRO="Gentoo" + elif [ -f /etc/SuSE-release ]; then + DISTRO="SuSE" + elif [ -f /etc/mandrake-release ]; then + DISTRO="Mandrake" + elif [ -f /etc/debian_version ]; then + # shit based on debian + if [ -f /etc/mailcleaner/etc/mailcleaner/version.def ]; then + DISTRO="MailCleaner" + else + DISTRO="Debian" + fi + elif [ -f /etc/UnitedLinux-release ]; then + DISTRO="UnitedLinux" + elif [ -f /etc/openwrt_version ]; then + DISTRO="OpenWRT" + elif [ -f /etc/slackware-version ]; then + DISTRO="Slackware" + else + DISTRO="Unknown" + fi + + # Fixing some Distro names + if [ "${DISTRO}" = "Debian GNU/Linux" ]; then + DISTRO="Debian" + elif [ "${DISTRO}" = "Red" -o "${DISTRO}" = "RedHatEnterpriseServer" ]; then + DISTRO="RedHat" + elif [ "${DISTRO}" = "Arch" ]; then + DISTRO="ArchLinux" + fi + + elif [ "${OS}" = "FreeBSD" ]; then + if [ -f /etc/platform -a -f /etc/version ]; then + DISTRO="pfSense" + elif [ -f /etc/platform -a -f /etc/prd.name ]; then + DISTRO=`cat /etc/prd.name` + elif [ -f /usr/local/bin/pbreg ]; then + DISTRO="PC-BSD" + elif [ -f /tmp/freenas_config.md5 ]; then + DISTRO="FreeNAS" + else + DISTRO= + fi + elif [ "${OS}" = "Solaris" ]; then + DISTRO=`head -n 1 /etc/release | awk '{print $1}'` + if [ "${DISTRO}" = "Solaris" -o "${DISTRO}" = "Oracle" ]; then + DISTRO= + fi + elif [ "${OS}" = "Darwin" ]; then + case `uname -m` in + AppleTV2*) + DISTRO="AppleTV2" + ;; + AppleTV3*) + DISTRO="AppleTV3" + ;; + iPhone*) + DISTRO="iPhone" + ;; + iPod*) + DISTRO="iPOD" + ;; + *) + DISTRO="OSX" + ;; + esac + else + DISTRO= + fi + export DISTRO + return 0 +} + +getarch() { + if [ "${OS}" = "Solaris" ]; then + ARCH=`isainfo -k` + elif [ "${OS}" = "Darwin" ]; then + ARCH=`uname -p` + else + ARCH=`uname -m` + fi + if [ "${OS}" = "Linux" ]; then + if [ "${ARCH}" = "x86_64" ]; then + ARCH="amd64" + elif [ "${ARCH}" = "i486" -o "${ARCH}" = "i586" -o "${ARCH}" = "i686" ]; then + ARCH="i386" + fi + fi + export ARCH + return 0 +} + +getversion() { + if [ "${OS}" = "FreeBSD" -o "${OS}" = "DragonFlyBSD" ]; then + if [ "${DISTRO}" = "pfSense" ]; then + VERSION=`cat /etc/version` + elif [ "${DISTRO}" = "PC-BSD" ]; then + VERSION=`pbreg get /PC-BSD/Version` + elif [ -f /etc/prd.version ]; then + VERSION=`cat /etc/prd.version` + else + VERSION=`uname -i` + fi + elif [ "${OS}" = "OpenBSD" -o "${OS}" = "NetBSD" ]; then + VERSION=`uname -v` + elif [ "${OS}" = "Linux" ]; then + if [ "${DISTRO}" = "OpenWRT" ]; then + VERSION=`cat /etc/openwrt_version` + elif [ "${DISTRO}" = "Slackware" ]; then + VERSION=`cat /etc/slackware-version | cut -d" " -f2` + elif [ -f /etc/redhat-release ]; then + VERSION=`cat /etc/redhat-release | sed 's/.*release\ //' | sed 's/\ .*//'` + elif [ -x /usr/bin/lsb_release ]; then + VERSION=`lsb_release -sr 2>/dev/null` + elif [ -f /etc/os-release ]; then + . /etc/os-release + VERSION=${VERSION_ID} + else + VERSION= + fi + elif [ "${OS}" = "Darwin" ]; then + VERSION=`sw_vers -productVersion` + elif [ "${OS}" = "Solaris" ]; then + VERSION=`uname -v` + fi + export VERSION + return 0 +} + + +if [ -z ${DISTROEXEC} ]; then + getos + getkernel + getarch + getdistro + getversion + if [ "${AGENT_LIBDIR}" -o "${MK_LIBDIR}" ]; then + echo "<<>>" + fi + if [ "${DISTROFORMAT}" = "pipe" ]; then + echo "${OS}|${KERNEL}|${ARCH}|${DISTRO}|${VERSION}" + elif [ "${DISTROFORMAT}" = "twopipe" ]; then + echo "${OS}||${KERNEL}||${ARCH}||${DISTRO}||${VERSION}" + elif [ "${DISTROFORMAT}" = "ini" ]; then + echo "[distroscript]" + echo " OS = ${OS}" + echo " KERNEL = ${KERNEL}" + echo " ARCH = ${ARCH}" + echo " DISTRO = ${DISTRO}" + echo " DISTROVER = ${VERSION}" + echo " SCRIPTVER = ${DISTROSCRIPT}" + elif [ "${DISTROFORMAT}" = "export" ]; then + echo "OS=${OS}" + echo "KERNEL=${KERNEL}" + echo "ARCH=${ARCH}" + echo "DISTRO=${DISTRO}" + echo "DISTROVER=${VERSION}" + echo "SCRIPTVER=${DISTROSCRIPT}" + else + echo "Unsupported output format." + exit 1 + fi + exit 0 +fi diff --git a/slack/bin/slackInstall.sh b/slack/bin/slackInstall.sh new file mode 100755 index 0000000..9cd6e81 --- /dev/null +++ b/slack/bin/slackInstall.sh @@ -0,0 +1,60 @@ +#!/bin/bash +#A script to bootstrap slack onto any TURNSYS managed system in any environment. +#Use this as a template for writing TURNSYS shell scripts + +slack-install() +{ + +wget http://toolbox.turnsys.net/sysinfra/slack/bin/distro -O /usr/bin/distro +chmod +x /usr/bin/distro + +apt-get -y install make perl rsync + +mkdir /tmp/slackDist +wget http://toolbox.turnsys.net/sysinfra/slack/slackDist.tar.gz -O /tmp/slackDist/slackDist.tar.gz +cd /tmp/slackDist +tar xvfz slackDist.tar.gz +make install +cd /tmp +rm -rf slackDist + +mkdir /root/.ssh +chmod 700 /root/.ssh +chown -R root:root /root/.ssh + +wget http://toolbox.turnsys.net/sysinfra/slack/env/SlackConfig-$SERVER_TYPE.config -O /etc/slack.conf + +wget http://toolbox.turnsys.net/sysinfra/slack/env/SlackSSH-$SERVER_TYPE.config -O /root/.ssh/config +chmod 400 /root/.ssh/config + +wget http://toolbox.turnsys.net/sysinfra/slack/env/SlackSSH-$SERVER_TYPE.key -O /root/.ssh/SlackSSH-$SERVER_TYPE.key +chmod 400 /root/.ssh/SlackSSH-$SERVER_TYPE.key +} + + +####################################################################################################################################################### +#main() #For ease of searching +# Script starts here +# This code serves as a generic template for entrypoint code which is able to handle multi distro, multi environment execution. +# !!!!! DO NOT WRAP IN A FUNCTION. THESE ARE GLOBAL VARIABLES !!!!! +####################################################################################################################################################### + +#If we have a fleet later, we can use this code to do fleet stuff +#if [ $(hostname -s|egrep -i -c -E 'ts|ts[0-9]|ts[0-9][0-9]|ts[0-9][0-9][0-9]|linux') -eq 1 ]; then +#export server_type=ts +#fi + + +case $server_type in + ts) + export SERVER_TYPE="ts" + ;; + *) + export SERVER_TYPE="prod" + ;; +esac + +####################################################################################################################################################### +#Kick everything off +# +slack-install diff --git a/slack/dist/Makefile b/slack/dist/Makefile new file mode 100755 index 0000000..0f62449 --- /dev/null +++ b/slack/dist/Makefile @@ -0,0 +1,39 @@ +# Makefile for slack/src +# $Id: Makefile 187 2008-03-03 02:00:18Z alan $ +include Makefile.common + +BACKENDS = slack-getroles slack-installfiles slack-runscript slack-sync slack-stage slack-rolediff + +all: + +install: install-bin install-conf install-lib install-man + +install-bin: all + $(MKDIR) $(DESTDIR)$(sbindir) + $(INSTALL) slack $(DESTDIR)$(sbindir) + $(MKDIR) $(DESTDIR)$(bindir) + $(INSTALL) slack-diff $(DESTDIR)$(bindir) + $(MKDIR) $(DESTDIR)$(slack_libexecdir) + @set -ex;\ + for i in $(BACKENDS); do \ + $(INSTALL) $$i $(DESTDIR)$(slack_libexecdir); done + $(INSTALL) -d -m $(PRIVDIRMODE) $(DESTDIR)$(slack_localstatedir) + $(INSTALL) -d -m $(PRIVDIRMODE) $(DESTDIR)$(slack_localcachedir) + +install-conf: all + $(MKDIR) $(DESTDIR)$(sysconfdir) + $(INSTALL) -m 0644 slack.conf $(DESTDIR)$(sysconfdir) + +install-lib: all + $(MKDIR) $(DESTDIR)$(slack_libdir) + $(INSTALL) -m 0644 Slack.pm $(DESTDIR)$(slack_libdir) + +install-man: all + +clean: + +realclean: clean + +distclean: clean + +test: diff --git a/slack/dist/Makefile.common b/slack/dist/Makefile.common new file mode 100755 index 0000000..198f557 --- /dev/null +++ b/slack/dist/Makefile.common @@ -0,0 +1,27 @@ +# Common code included in every Makefile +# $Id: Makefile.common 189 2008-04-21 00:52:56Z sundell $ + +PACKAGE=slack +VERSION=0.15.2 + +DESTDIR = + +prefix = / +exec_prefix = /usr +sysconfdir = ${prefix}/etc +mandir = ${exec_prefix}/share/man +bindir = ${exec_prefix}/bin +sbindir = ${exec_prefix}/sbin +libdir = ${exec_prefix}/lib +libexecdir = ${exec_prefix}/lib +localstatedir = ${prefix}/var + +slack_libdir = ${libdir}/slack +slack_libexecdir = ${libexecdir}/slack +slack_localstatedir = ${localstatedir}/lib/slack +slack_localcachedir = ${localstatedir}/cache/slack + +INSTALL = install +MKDIR = mkdir -p + +PRIVDIRMODE = 0700 diff --git a/slack/dist/Slack.pm b/slack/dist/Slack.pm new file mode 100755 index 0000000..9f0a57d --- /dev/null +++ b/slack/dist/Slack.pm @@ -0,0 +1,371 @@ +# $Id: Slack.pm 189 2008-04-21 00:52:56Z sundell $ +# vim:sw=2 +# vim600:fdm=marker +# Copyright (C) 2004-2008 Alan Sundell +# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY. +# See the file COPYING for details. + +package Slack; + +require 5.006; +use strict; +use Carp qw(cluck confess croak); +use File::Find; +use POSIX qw(WIFEXITED WEXITSTATUS WIFSIGNALED WTERMSIG); + +use base qw(Exporter); +use vars qw($VERSION @EXPORT @EXPORT_OK $DEFAULT_CONFIG_FILE); +$VERSION = '0.15.2'; +@EXPORT = qw(); +@EXPORT_OK = qw(); + +$DEFAULT_CONFIG_FILE = '/etc/slack.conf'; + +my $term; + +my @default_options = ( + 'help|h|?', + 'version', + 'verbose|v+', + 'quiet', + 'config|C=s', + 'source|s=s', + 'rsh|e=s', + 'cache|c=s', + 'stage|t=s', + 'root|r=s', + 'dry-run|n', + 'backup|b', + 'backup-dir=s', + 'hostname|H=s', +); + +sub default_usage ($) { + my ($synopsis) = @_; + return < config file to read +# opthash => hashref in which to store the options +# verbose => whether to be verbose +sub read_config (%) { + my %arg = @_; + my ($config_fh); + local $_; + + confess "Slack::read_config: no config file given" + if not defined $arg{file}; + $arg{opthash} = {} + if not defined $arg{opthash}; + + open($config_fh, '<', $arg{file}) + or confess "Could not open config file '$arg{file}': $!"; + + # Make this into a hash so we can quickly see if we're looking + # for a particular option + my %looking_for; + if (ref $arg{options} eq 'ARRAY') { + %looking_for = map { $_ => 1 } @{$arg{options}}; + } + + while(<$config_fh>) { + chomp; + s/#.*//; # delete comments + s/\s+$//; # delete trailing spaces + next if m/^$/; # skip empty lines + + if (m/^[A-Z_]+=\S+/) { + my ($key, $value) = split(/=/, $_, 2); + $key =~ tr/A-Z_/a-z-/; + # Only set options we're looking for + next if (%looking_for and not $looking_for{$key}); + # Don't set options that are already set + next if defined $arg{opthash}->{$key}; + + $arg{verbose} and print STDERR "Slack::read_config: Setting '$key' to '$value'\n"; + $arg{opthash}->{$key} = $value; + } else { + cluck "Slack::read_config: Garbage line '$_' in '$arg{file}' line $. ignored"; + } + } + + close($config_fh) + or confess "Slack::read_config: Could not close config file: $!"; + + # The verbose option is treated specially in so many places that + # we need to make sure it's defined. + $arg{opthash}->{verbose} ||= 0; + + return $arg{opthash}; +} + +# Just get the exit code from a command that failed. +# croaks if anything weird happened. +sub get_system_exit (@) { + my @command = @_; + + if (WIFEXITED($?)) { + my $exit = WEXITSTATUS($?); + return $exit if $exit; + } + if (WIFSIGNALED($?)) { + my $sig = WTERMSIG($?); + croak "'@command' caught sig $sig"; + } + if ($!) { + croak "Syserr on system '@command': $!"; + } + croak "Unknown error on '@command'"; +} + +sub check_system_exit (@) { + my @command = @_; + my $exit = get_system_exit(@command); + # Exit is non-zero if get_system_exit() didn't croak. + croak "'@command' exited $exit"; +} + +# get options from the command line and the config file +# Arguments +# opthash => hashref in which to store options +# usage => usage statement +# required_options => arrayref of options to require -- an exception +# will be thrown if these options are not defined +# command_line_hash => store options specified on the command line here +sub get_options { + my %arg = @_; + use Getopt::Long; + Getopt::Long::Configure('bundling'); + + if (not defined $arg{opthash}) { + $arg{opthash} = {}; + } + + if (not defined $arg{usage}) { + $arg{usage} = default_usage($0); + } + + my @extra_options = (); # extra arguments to getoptions + if (defined $arg{command_line_options}) { + @extra_options = @{$arg{command_line_options}}; + } + + # Make a --quiet function that turns off verbosity + $arg{opthash}->{quiet} = sub { $arg{opthash}->{verbose} = 0; }; + + unless (GetOptions($arg{opthash}, + @default_options, + @extra_options, + )) { + print STDERR $arg{usage}; + exit 1; + } + if ($arg{opthash}->{help}) { + print $arg{usage}; + exit 0; + } + + if ($arg{opthash}->{version}) { + print "slack version $VERSION\n"; + exit 0; + } + + # Get rid of the quiet handler + delete $arg{opthash}->{quiet}; + + # If we've been given a hashref, save our options there at this + # stage, so the caller can see what was passed on the command line. + # Unfortunately, perl has no .replace function, so we iterate. + if (ref $arg{command_line_hash} eq 'HASH') { + while (my ($k, $v) = each %{$arg{opthash}}) { + $arg{command_line_hash}->{$k} = $v; + } + } + + # Use the default config file + if (not defined $arg{opthash}->{config}) { + $arg{opthash}->{config} = $DEFAULT_CONFIG_FILE; + } + + # We need to decide whether to be verbose about reading the config file + # Currently we just do it if global verbosity > 2 + my $verbose_config = 0; + if (defined $arg{opthash}->{verbose} + and $arg{opthash}->{verbose} > 2) { + $verbose_config = 1; + } + + # Read options from the config file, passing along the options we've + # gotten so far + read_config( + file => $arg{opthash}->{config}, + opthash => $arg{opthash}, + verbose => $verbose_config, + ); + + # The "verbose" option gets compared a lot and needs to be defined + $arg{opthash}->{verbose} ||= 0; + + # The "hostname" option is set specially if it's not defined + if (not defined $arg{opthash}->{hostname}) { + use Sys::Hostname; + $arg{opthash}->{hostname} = hostname; + } + + # We can require some options to be set + if (ref $arg{required_options} eq 'ARRAY') { + for my $option (@{$arg{required_options}}) { + if (not defined $arg{opthash}->{$option}) { + croak "Required option '$option' not given on command line or specified in config file!\n"; + } + } + } + + return $arg{opthash}; +} + +sub prompt ($) { + my ($prompt) = @_; + if (not defined $term) { + require Term::ReadLine; + $term = new Term::ReadLine 'slack' + } + + $term->readline($prompt); +} + + +# Calls the callback on absolute pathnames of files in the source directory, +# and also on names of directories that don't exist in the destination +# directory (i.e. where $source/foo exists but $destination/foo does not). +sub find_files_to_install ($$$) { + my ($source, $destination, $callback) = @_; + return find ({ + wanted => sub { + if (-l or not -d _) { + # Copy all files, links, etc + my $file = $File::Find::name; + &$callback($file); + } elsif (-d _) { + # For directories, we only want to copy it if it doesn't + # exist in the destination yet. + my $dir = $File::Find::name; + # We know the root directory will exist (we make it above), + # so skip the base of the source + (my $short_source = $source) =~ s#/$##; + return if $dir eq $short_source; + + # Strip the $source from the path, + # so we can build the destination dir from it. + my $subdir = $dir; + ($subdir =~ s#^$source##) + or croak "sub failed: $source|$subdir"; + + if (not -d "$destination/$subdir") { + &$callback($dir); + } + } + } + }, + $source, + ); +} + +# Runs rsync with the necessary redirection to its filehandles +sub wrap_rsync (@) { + my @command = @_; + my ($pid); + + if ($pid = fork) { + # Parent + } elsif (defined $pid) { + # Child + open(STDIN, "<", "/dev/null") + or die "Could not redirect STDIN from /dev/null\n"; + # This redirection is necessary because rsync sends + # verbose output to STDOUT + open(STDOUT, ">&STDERR") + or die "Could not redirect STDOUT to STDERR\n"; + exec(@command); + die "Could not exec '@command': $!\n"; + } else { + die "Could not fork: $!\n"; + } + + my $kid = waitpid($pid, 0); + if ($kid != $pid) { + die "waitpid returned $kid\n"; + } elsif ($?) { + Slack::check_system_exit(@command); + } +} + +# Runs rsync with the necessary redirection to its filehandles, but also +# returns an FH to stdin and a PID. +sub wrap_rsync_fh (@) { + my @command = @_; + my ($fh, $pid); + + if ($pid = open($fh, "|-")) { + # Parent + } elsif (defined $pid) { + # Child + # This redirection is necessary because rsync sends + # verbose output to STDOUT + open(STDOUT, ">&STDERR") + or die "Could not redirect STDOUT to STDERR\n"; + exec(@command); + die "Could not exec '@command': $!\n"; + } else { + die "Could not fork: $!\n"; + } + return($fh, $pid); +} + +1; diff --git a/slack/dist/slack b/slack/dist/slack new file mode 100755 index 0000000..d8e9fbb --- /dev/null +++ b/slack/dist/slack @@ -0,0 +1,329 @@ +#!/usr/bin/perl -w +# $Id: slack 180 2008-01-19 08:26:19Z alan $ +# vim:sw=2 +# vim600:fdm=marker +# Copyright (C) 2004-2008 Alan Sundell +# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY. +# See the file COPYING for details. + +# This script is in charge of copying files from the (possibly remote) +# master directory to a local cache, using rsync + +require 5.006; +use warnings FATAL => qw(all); +use strict; +use sigtrap qw(die untrapped normal-signals + stack-trace any error-signals); + +use File::Path; +use File::Find; +use POSIX; # for strftime + +use constant LIBEXEC_DIR => '/usr/lib/slack'; +use constant LIB_DIR => '/usr/lib/slack'; +use lib LIB_DIR; +use Slack; + +sub run_backend(@); +sub run_conditional_backend($@); + +(my $PROG = $0) =~ s#.*/##; + +# Arguments to pass to each backends (initialized to a hash of empty arrays) +my %backend_flags = ( map { $_ => [] } + qw(getroles sync stage preview preinstall fixfiles installfiles postinstall) +); + +my @roles; + +######################################## +# Environment +# Helpful prefix to die messages +$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; }; +# Set a reasonable umask +umask 077; +# Get out of wherever (possibly NFS-mounted) we were +chdir("/") + or die "Could not chdir /: $!"; +# Autoflush on STDERR +select((select(STDERR), $|=1)[0]); + +######################################## +# Config and option parsing {{{ +my $usage = Slack::default_usage("$PROG [options] [...]"); +$usage .= < \%opt, + command_line_options => [ + 'preview=s', + 'role-list=s', + 'no-scripts|noscripts', + 'no-files|nofiles', + 'no-sync|nosync', + 'libexec-dir=s', + 'diff=s', + 'sleep=i', + ], + required_options => [ qw(source cache stage root) ], + command_line_hash => \%command_line_opt, + usage => $usage, +); + +# Special options +if ($opt{'dry-run'}) { + $opt{'no-scripts'} = 1; + $opt{'no-files'} = 1; +} +if ($opt{'no-scripts'}) { + for my $action (qw(fixfiles preinstall postinstall)) { + push @{$backend_flags{$action}}, + '--dry-run'; + } +} +if ($opt{'no-files'}) { + push @{$backend_flags{installfiles}}, + '--dry-run'; +} +# propagate verbosity - 1 to all backends +if (defined $command_line_opt{'verbose'} and + $command_line_opt{'verbose'} > 1) { + for my $action (keys %backend_flags) { + push @{$backend_flags{$action}}, + ('--verbose') x ($command_line_opt{'verbose'} - 1); + } +} +# propagate these flags to all the backends +for my $option (qw(config root cache stage source hostname rsh)) { + if ($command_line_opt{$option}) { + for my $action (keys %backend_flags) { + push @{$backend_flags{$action}}, + "--$option=$command_line_opt{$option}"; + } + } +} +# getroles also can take 'role-list' +if ($command_line_opt{'role-list'}) { + push @{$backend_flags{'getroles'}}, + "--role-list=$command_line_opt{'role-list'}"; +} + +# The libexec dir defaults to this if it wasn't specified +# on the command line or in a config file. +if (not defined $opt{'libexec-dir'}) { + $opt{'libexec-dir'} = LIBEXEC_DIR; +} + +# Pass diff option along to slack-rolediff +if ($opt{'diff'}) { + push @{$backend_flags{preview}}, + "--diff=$opt{'diff'}"; +} + +# Preview takes an optional argument. If no argument is given, +# it gets "" from getopt. +if (defined $opt{'preview'}) { + if (not grep /^$opt{'preview'}$/, qw(simple prompt)) { + die "Unknown preview mode '$opt{'preview'}'!"; + } +} + +# The backup option defaults to on if it wasn't specified +# on the command line or in a config file +if (not defined $opt{backup}) { + $opt{backup} = 1; +} +# Figure out a place to put backups +if ($opt{backup} and $opt{'backup-dir'}) { + push @{$backend_flags{installfiles}}, + '--backup', + '--backup-dir='. + $opt{'backup-dir'}. + "/". + strftime('%F-%T', localtime(time)) + ; +} +# }}} + +# Random sleep, helpful when called from cron. +if ($opt{sleep}) { + my $secs = int(rand($opt{sleep})) + 1; + $opt{verbose} and print STDERR "$PROG: sleep $secs\n"; + sleep($secs); +} + +# Get a list of roles to install from slack-getroles {{{ +if (not @ARGV) { + my @command = ($opt{'libexec-dir'}.'/slack-getroles', + @{$backend_flags{'getroles'}}); + $opt{verbose} and print STDERR "$PROG: getroles\n"; + ($opt{verbose} > 2) and print STDERR "$PROG: Calling '@command' to get a list of roles for this host.\n"; + my ($roles_pid, $roles_fh); + if ($roles_pid = open($roles_fh, "-|")) { + # Parent + } elsif (defined $roles_pid) { + # Child + exec(@command); + die "Could not exec '@command': $!\n"; + } else { + die "Could not fork to run '@command': $!\n"; + } + @roles = split(/\s+/, join(" ", <$roles_fh>)); + unless (close($roles_fh)) { + Slack::check_system_exit(@command); + } +} else { + @roles = @ARGV; +} +# }}} + +# Check role name syntax {{{ +for my $role (@roles) { + # Roles MUST begin with a letter. All else is reserved. + if ($role !~ m/^[a-zA-Z]/) { + die "Role '$role' does not begin with a letter!"; + } +} +# }}} + +$opt{verbose} and print STDERR "$PROG: installing roles: @roles\n"; + +unless ($opt{'no-sync'}) { + # sync all the roles down at once + $opt{verbose} and print STDERR "$PROG: sync @roles\n"; + run_backend('slack-sync', + @{$backend_flags{sync}}, @roles); +} + +ROLE: for my $role (@roles) { + # stage + $opt{verbose} and print STDERR "$PROG: stage files $role\n"; + run_backend('slack-stage', + @{$backend_flags{stage}}, '--subdir=files', $role); + + if ($opt{preview}) { + if ($opt{preview} eq 'simple') { + $opt{verbose} and print STDERR "$PROG: preview $role\n"; + # Here, we run the backend in no-prompt mode. + run_conditional_backend(0, 'slack-rolediff', + @{$backend_flags{preview}}, $role); + # ...and we skip further action in the ROLE after showing the diff. + next ROLE; + } elsif ($opt{preview} eq 'prompt') { + $opt{verbose} and print STDERR "$PROG: preview scripts $role\n"; + # Here, we want to prompt and just do the scripts, since + # we need to run preinstall and fixfiles before doing the files. + run_conditional_backend(1, 'slack-rolediff', + @{$backend_flags{preview}}, '--subdir=scripts', $role); + } else { + # Should get caught in option processing, above + die "Unknown preview mode!\n"; + } + } + + $opt{verbose} and print STDERR "$PROG: stage scripts $role\n"; + run_backend('slack-stage', + @{$backend_flags{stage}}, '--subdir=scripts', $role); + + # preinstall + $opt{verbose} and print STDERR "$PROG: preinstall $role\n"; + run_backend('slack-runscript', + @{$backend_flags{preinstall}}, 'preinstall', $role); + + # fixfiles + $opt{verbose} and print STDERR "$PROG: fixfiles $role\n"; + run_backend('slack-runscript', + @{$backend_flags{fixfiles}}, 'fixfiles', $role); + + # preview files + if ($opt{preview} and $opt{preview} eq 'prompt') { + $opt{verbose} and print STDERR "$PROG: preview files $role\n"; + run_conditional_backend(1, 'slack-rolediff', + @{$backend_flags{preview}}, '--subdir=files', $role); + } + + # installfiles + $opt{verbose} and print STDERR "$PROG: install $role\n"; + run_backend('slack-installfiles', + @{$backend_flags{installfiles}}, $role); + + # postinstall + $opt{verbose} and print STDERR "$PROG: postinstall $role\n"; + run_backend('slack-runscript', + @{$backend_flags{postinstall}}, 'postinstall', $role); +} +exit 0; + +sub run_backend (@) { + my ($backend, @args) = @_; + # If we weren't given an explicit path, prepend the libexec dir + unless ($backend =~ m#^/#) { + $backend = $opt{'libexec-dir'} . '/' . $backend; + } + + # Assemble our command line + my (@command) = ($backend, @args); + ($opt{verbose} > 2) and print STDERR "$PROG: Calling '@command'\n"; + unless (system(@command) == 0) { + Slack::check_system_exit(@command); + } +} + +sub run_conditional_backend ($@) { + my ($prompt, $backend, @args) = @_; + # If we weren't given an explicit path, prepend the libexec dir + unless ($backend =~ m#^/#) { + $backend = $opt{'libexec-dir'} . '/' . $backend; + } + + # Assemble our command line + my (@command) = ($backend, @args); + ($opt{verbose} > 2) and print STDERR "$PROG: Calling '@command'\n"; + unless (system(@command) == 0) { + my $exit = Slack::get_system_exit(@command); + + if ($exit == 1) { + # exit 1 means a difference found or something normal that requires + # a prompt before continuing. + if ($prompt) { + exit 1 unless Slack::prompt("Continue? [yN] ") eq 'y'; + } + } else { + # any other non-successful exit is a serious error. + die "'@command' exited $exit"; + } + } +} diff --git a/slack/dist/slack-diff b/slack/dist/slack-diff new file mode 100755 index 0000000..dde4f16 --- /dev/null +++ b/slack/dist/slack-diff @@ -0,0 +1,514 @@ +#!/usr/bin/perl -w +# $Id: slack-diff 122 2006-09-27 07:34:32Z alan $ +# vim:sw=2 +# vim600:fdm=marker +# Copyright (C) 2004-2006 Alan Sundell +# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY. +# See the file COPYING for details. +# +# This script is a wrapper for diff that gives output about special files +# and file modes. (diff can only compare regular files) + +require 5.006; +use warnings FATAL => qw(all); +use strict; +use sigtrap qw(die untrapped normal-signals + stack-trace any error-signals); + +use Errno; +use File::stat; +use File::Basename; +use File::Find; +use Getopt::Long; +use POSIX qw(SIGPIPE strftime); +use Fcntl qw(:mode); # provides things like S_IFMT that POSIX does not + + +my $VERSION = '0.1'; +(my $PROG = $0) =~ s#.*/##; +my @diff; # diff program to use +my $exit = 0; # our exit code + +sub compare ($$); +sub recursive_compare ($$); +sub filetype_to_string ($;$); +sub compare_files ($$); +sub diff ($$); + +######################################## +# Environment +# Helpful prefix to die messages +$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; }; +# Set a reasonable umask +umask 077; +# Autoflush on STDOUT +$|=1; +# Autoflush on STDERR +select((select(STDERR), $|=1)[0]); + +# Default options +my %opt = ( + fakediff => 1, + perms => 1, + 'new-file' => 1, + diff => 'diff', +); + +# Config and option parsing +my $usage = < + $PROG -r + +Options: + -u, -U NUM, --unified=NUM + Tell diff to use unified output format. + --diff PROG + Use this program for diffing, instead of "$opt{diff}" + --fakediff + Make a fake diff for file modes and other things that are not file + contents. Default is on, can be disabled with --nofakediff. + --perms + Care about owner, group, and permissions when doing fakediff. + Default is on, can be disabled with --noperms. + -r, --recursive + Recursively compare directories. + -N, --new-file + Treat missing files as empty. Default is on, can be disabled with + --nonew-file. + --unidirectional-new-file + Treat only missing files in the first directory as empty. + --from-file + Treat arguments as a list of files from which to read filenames to + compare, two lines at a time. + -0, --null + Use NULLs instead of newlines as the separator in --from-file mode + --devnullhack + You have a version of diff that can't deal with -N when not in + recursive mode, so we need to feed it /dev/null instead of the + missing file. Default is on, can be disabled with --nodevnullhack. + --version + Output version info + --help + Output this help text + +Exit codes: + 0 Found no differences + 1 Found a difference + 2 Had a serious error + 3 Found a difference and had a serious error +EOF + +{ + Getopt::Long::Configure ("bundling"); + GetOptions(\%opt, + 'help|h|?', + 'version', + 'null|0', + 'devnullhack', + 'new-file|N', + 'u', + 'unified|U=i', + 'recursive|r', + 'from-file', + 'unidirectional-new-file', + 'fakediff!', + 'perms!', + 'diff=s', + ) or die $usage; + if ($opt{help}) { + print $usage; + exit 0; + } + if ($opt{version}) { + print "$PROG version $VERSION\n"; + exit 0; + } +} + +if ($opt{diff}) { + # We split on spaces here to be useful -- so that people can give + # their diff options. + @diff = split(/\s+/, $opt{diff}); +} else { + die "$PROG: No diff program!\n"; +} + +if ($opt{'u'}) { + push @diff, '-u'; +} elsif ($opt{'unified'}) { + $opt{'u'} = 1; # We use this value later + push @diff, "--unified=$opt{'unified'}"; +} + +if (not $opt{'devnullhack'}) { + push @diff, '-N'; +} + +# usually, sigpipe would be someone quitting their pager, so don't sweat it +$SIG{PIPE} = sub { exit $exit }; + +if ($opt{'from-file'}) { + local $/ = "\0" if $opt{'null'}; + while (my $old = <>) { + my $new = <>; + die "Uneven number of lines in --from-file mode!\n" + if not defined $new; + chomp($old); + chomp($new); + $exit |= compare($old, $new); + } +} else { + die $usage unless $#ARGV == 1; + $exit |= compare($ARGV[0], $ARGV[1]); +} +exit $exit; + +## +# Subroutines + +sub compare ($$) { + my ($old, $new) = @_; + + if ($opt{recursive}) { + return recursive_compare($old, $new); + } else { + return compare_files($old, $new); + } +} + +# compare two directories. We do this by walking down the *new* +# directory, and comparing everything that's there to the stuff in +# the old directory +sub recursive_compare ($$) { + my ($olddir, $newdir) = @_; + my ($retval, $basere, $wanted); + my (%seen); + + $retval = 0; + + if (-d $newdir) { + $basere = qr(^$newdir); + $wanted = sub { + my ($newfile) = $_; + my $oldfile = $newfile; + + $oldfile =~ s#$basere#$olddir#; + $seen{$oldfile} = 1; + $retval |= compare_files($oldfile, $newfile); + }; + + eval { find({ wanted => $wanted , no_chdir => 1}, $newdir) }; + if ($@) { + warn "$PROG: error during find: $@\n"; + $retval |= 2; + } + } + return $retval + if $opt{'unidirectional-new-file'}; + + # If we're not unidirectional, we want to go through the old directory + # and diff any files we didn't see in the newdir. + if (-d $olddir) { + $basere = qr(^$olddir); + $wanted = sub { + my ($oldfile) = $_; + my $newfile; + + return if $seen{$oldfile}; + $newfile = $oldfile; + + $newfile =~ s#$basere#$newdir#; + $retval |= compare_files($oldfile, $newfile); + }; + + eval { find({ wanted => $wanted , no_chdir => 1}, $olddir) }; + if ($@) { + warn "$PROG: error during find: $@\n"; + $retval |= 2; + } + } + return $retval; +} + +# filetype_to_string(mode) +# filetype_to_string(mode, plural) +# +# Takes a mode returned from stat(), returns a noune describing the filetype, +# e.g. "directory", "symlink". +# If the "plural" argument is provided and true, returns the plural form of +# the noun, e.g. "directories", "symlinks". +sub filetype_to_string ($;$) { + my ($mode, $plural) = @_; + + if (S_ISREG($mode)) { + return "regular file".($plural ? "s" : ""); + } elsif (S_ISDIR($mode)) { + return "director".($plural ? "ies" : "y"); + } elsif (S_ISLNK($mode)) { + return "symlink".($plural ? "s" : ""); + } elsif (S_ISBLK($mode)) { + return "block device".($plural ? "s" : ""); + } elsif (S_ISCHR($mode)) { + return "character device".($plural ? "s" : ""); + } elsif (S_ISFIFO($mode)) { + return "fifo".($plural ? "s" : ""); + } elsif (S_ISSOCK($mode)) { + return "socket".($plural ? "s" : ""); + } else { + return "unknown filetype".($plural ? "s" : ""); + } +} + +# compare_files(oldfile, newfile) +# This is the actual diffing routine. It's quite long because we need to +# deal with all sorts of special cases. It will print to STDOUT a +# description of the differences between the two files. For regular files, +# diff(1) will be run to show the differences. +# +# return codes: +# 1 found a difference +# 2 had an error +# 3 found a difference and had an error +sub compare_files ($$) { + my ($oldname, $newname) = @_; + my ($old, $new); # stat buffers + my $return = 0; + + # Get rid of unsightly double slashes + $oldname =~ s#//#/#g; + $newname =~ s#//#/#g; + + eval { $old = lstat($oldname); }; + if (not defined $old and not $!{ENOENT}) { + warn "$PROG: Could not stat $oldname: $!\n"; + return 2; + } + eval { $new = lstat($newname); }; + if (not defined $new and not $!{ENOENT}) { + warn "$PROG: Could not stat $newname: $!\n"; + return 2; + } + # At this point, $old or $new should only be undefined if the + # file does not exist. + + if (defined $old and defined $new) { + if (S_IFMT($old->mode) != S_IFMT($new->mode)) { + if ($opt{fakediff}) { + fakediff('filetype', + $oldname => filetype_to_string($old->mode), + $newname => filetype_to_string($new->mode), + ); + } else { + print "File types differ between ". + filetype_to_string($old->mode)." $oldname and ". + filetype_to_string($new->mode)." $newname\n"; + } + return 1; + } + if ($old->nlink != $new->nlink) { + # In recursive mode, we don't care about link counts in directories, + # as we'll pick that up with what files do and don't exist. + unless ($opt{recursive} and S_ISDIR($old->mode)) { + if ($opt{fakediff}) { + fakediff('nlink', + $oldname => $old->nlink, + $newname => $new->nlink, + ); + } else { + print "Link counts differ between ". + filetype_to_string($old->mode, 1). + " $oldname and $newname\n"; + } + $return = 1; + } + } + if ($old->uid != $new->uid and $opt{perms}) { + if ($opt{fakediff}) { + fakediff('uid', + $oldname => $old->uid, + $newname => $new->uid, + ); + } else { + print "Owner differs between ". + filetype_to_string($old->mode, 1). + " $oldname and $newname\n"; + } + $return = 1; + } + if ($old->gid != $new->gid and $opt{perms}) { + if ($opt{fakediff}) { + fakediff('gid', + $oldname => $old->gid, + $newname => $new->gid, + ); + } else { + print "Group differs between ". + filetype_to_string($old->mode, 1). + " $oldname and $newname\n"; + } + $return = 1; + } + if (S_IMODE($old->mode) != S_IMODE($new->mode) and $opt{perms}) { + if ($opt{fakediff}) { + fakediff('mode', + $oldname => sprintf('%04o', S_IMODE($old->mode)), + $newname => sprintf('%04o', S_IMODE($new->mode)), + ); + } else { + print "Modes differ between ". + filetype_to_string($old->mode, 1). + " $oldname and $newname\n"; + } + $return = 1; + } + + # We don't want to compare anything more about sockets, fifos, or + # directories, once we've checked the permissions and link counts + if (S_ISSOCK($old->mode) or + S_ISFIFO($old->mode) or + S_ISDIR($old->mode)) { + return $return; + } + + # Check device file devs, and that's it for them + if (S_ISCHR($old->mode) or + S_ISBLK($old->mode)) { + if ($old->rdev != $new->rdev) { + if ($opt{fakediff}) { + fakediff('rdev', + $oldname => $old->rdev, + $newname => $new->rdev, + ); + } else { + print "Device numbers differ between ". + filetype_to_string($old->mode, 1). + " $oldname and $newname\n"; + } + $return = 1; + } + return $return; + } + + # Compare the targets of symlinks + if (S_ISLNK($old->mode)) { + my $oldtarget = readlink $oldname + or (warn("$PROG: Could not readlink($oldname): $!\n"), + return $return | 2); + my $newtarget = readlink $newname + or (warn("$PROG: Could not readlink($newname): $!\n"), + return $return | 2); + if ($oldtarget ne $newtarget) { + if ($opt{fakediff}) { + fakediff('target', + $oldname => $oldtarget, + $newname => $newtarget, + ); + } else { + print "Symlink targets differ between $oldname and $newname\n"; + } + $return = 1; + } + return $return; + } + + if (not S_ISREG($old->mode)) { + warn "$PROG: Don't know what to do with file mode $old->mode!\n"; + return 2; + } + } elsif (not defined $old and not defined $new) { + print "Neither $oldname nor $newname exists\n"; + return $return; + } elsif (not defined $old) { + if (not S_ISREG($new->mode) or not $opt{'new-file'}) { + print "Only in ".dirname($newname).": ". + filetype_to_string($new->mode)." ".basename($newname)."\n"; + return 1; + } elsif ($opt{'devnullhack'}) { + $oldname = '/dev/null'; + } + } elsif (not defined $new) { + if (not S_ISREG($old->mode) or not $opt{'new-file'}) { + print "Only in ".dirname($oldname).": ". + filetype_to_string($old->mode)." ".basename($oldname)."\n"; + return 1; + } elsif ($opt{'devnullhack'}) { + $newname = '/dev/null'; + } + } + # They are regular files! We can actually run diff! + return diff($oldname, $newname) | $return; +} + +sub diff ($$) { + my ($oldname, $newname) = @_; + my @command = (@diff, $oldname, $newname); + my $status; + + # If we're not specifying unified diff, we need to print a header + # to indicate what's being diffed. (I'm not sure if this actually would + # work for patch, but it does tell our user what's going on). + # FIXME: We only need to specify this if the files are different + print "@command\n" + if not $opt{u}; + + { + # There is a bug in perl with use warnings FATAL => qw(all) + # that will cause the child process from system() to stick + # around if there is a warning generated. + # Shut off warnings -- we'll catch the error below. + no warnings; + $status = system(@command); + } + return 0 if ($status == 0); + if ($? == -1) { + die "$PROG: failed to execute '@command': $!\n"; + } + if ($? & 128) { + die "$PROG: '@command' dumped core\n"; + } + if (my $sig = $? & 127) { + die "$PROG: '@command' caught sig $sig\n" + unless ($sig == SIGPIPE); + } + if (my $exit = $? >> 8) { + if ($exit == 1) { + return 1; + } else { + die "$PROG: '@command' returned $exit\n"; + } + } + return 0; +} + + +sub fakediff ($$) { + my ($type, $oldname, $oldvalue, $newname, $newvalue) = @_; + + return unless $opt{fakediff}; + my $time = strftime('%F %T.000000000 %z', localtime(0)); + + # We add a suffix onto the filenames to show we're not actually looking + # at file contents. There's no good way to indicate this that's compatible + # with patch, and this is simple enough. + $oldname .= '#~~' . $type; + $newname .= '#~~' . $type; + + if ($opt{u}) { + # fake up a unified diff + print < $newvalue +EOF + } +} diff --git a/slack/dist/slack-getroles b/slack/dist/slack-getroles new file mode 100755 index 0000000..77eba20 --- /dev/null +++ b/slack/dist/slack-getroles @@ -0,0 +1,161 @@ +#!/usr/bin/perl -w +# $Id: slack-getroles 180 2008-01-19 08:26:19Z alan $ +# vim:sw=2 +# vim600:fdm=marker +# Copyright (C) 2004-2008 Alan Sundell +# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY. +# See the file COPYING for details. + +# This script is in charge of copying files from the (possibly remote) +# master directory to a local cache, using rsync + +require 5.006; +use warnings FATAL => qw(all); +use strict; +use sigtrap qw(die untrapped normal-signals + stack-trace any error-signals); + +use File::Path; + +use constant LIB_DIR => '/usr/lib/slack'; +use lib LIB_DIR; +use Slack; + +my @rsync = ('rsync', + '--links', + '--times', + ); + +(my $PROG = $0) =~ s#.*/##; + +sub sync_list (); + +######################################## +# Environment +# Helpful prefix to die messages +$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; }; +# Set a reasonable umask +umask 077; +# Get out of wherever (possibly NFS-mounted) we were +chdir("/") + or die "Could not chdir /: $!"; +# Autoflush on STDERR +select((select(STDERR), $|=1)[0]); + +######################################## +# Config and option parsing {{{ +my $usage = Slack::default_usage("$PROG [options]"); +$usage .= < \%opt, + command_line_options => [ + 'role-list=s', + 'remote-role-list', + ], + required_options => [ qw(role-list hostname) ], + usage => $usage, +); + +# Prepare for backups +if ($opt{backup} and $opt{'backup-dir'}) { + # Make sure backup directory exists + unless (-d $opt{'backup-dir'}) { + ($opt{verbose} > 0) and print STDERR "Creating backup directory '$opt{'backup-dir'}'\n"; + if (not $opt{'dry-run'}) { + eval { mkpath($opt{'backup-dir'}); }; + die "Could not mkpath backup dir '$opt{'backup-dir'}': $@\n" if $@; + } + } + push(@rsync, "--backup", "--backup-dir=$opt{'backup-dir'}"); +} +# Pass options along to rsync +if ($opt{'dry-run'}) { + push @rsync, '--dry-run'; +} +# Pass options along to rsync +if ($opt{'verbose'} > 1) { + push @rsync, '--verbose'; +} +# }}} + +# See if role-list is actually relative to source, and pre-pend source +# if need be. +unless ($opt{'role-list'} =~ m#^/# or + $opt{'role-list'} =~ m#^\./# or + $opt{'role-list'} =~ m#^[\w@\.-]+:#) { + if (not defined $opt{source}) { + die "Relative path to role-list given, but source not defined!\n\n$usage\n"; + } + $opt{'role-list'} = $opt{source} . '/' . $opt{'role-list'}; +} + +# auto-detect remote role list +if ($opt{'role-list'} =~ m#^[\w@\.-]+:#) { + $opt{'remote-role-list'} = 1; +} + +# Copy a remote list locally +if ($opt{'remote-role-list'}) { + # We need a cache directory if the role list is not local + if (not defined $opt{cache}) { + die "Remote path to role-list given, but cache not defined!\n\n$usage\n"; + } + # Look at source type, and add options if necessary + if ($opt{'rsh'} or $opt{'role-list'} =~ m/^[\w@\.-]+::/) { + # This is tunnelled rsync, and so needs an extra option + if ($opt{'rsh'}) { + push @rsync, '-e', $opt{'rsh'}; + } else { + push @rsync, '-e', 'ssh'; + } + } + sync_list(); +} + +# Read in the roles list +my @roles = (); +my $host_found = 0; +($opt{verbose} > 0) and print STDERR "$PROG: Reading '$opt{'role-list'}'\n"; +open(ROLES, "<", $opt{'role-list'}) + or die "Could not open '$opt{'role-list'}' for reading: $!\n"; +while() { + s/#.*//; # Strip comments + chomp; + if (s/^$opt{hostname}:\s*//) { + $host_found++; + push @roles, split(); + } +} +close(ROLES) + or die "Could not close '$opt{'role-list'}': $!\n"; +if (not $host_found) { + die "Host '$opt{hostname}' not found in '$opt{'role-list'}'!\n"; +} +print join("\n", @roles), "\n"; +exit 0; + +sub sync_list () { + my $source = $opt{'role-list'}; + my $destination = $opt{cache} . "/_role_list"; + unless (-d $opt{cache}) { + eval { mkpath($opt{cache}); }; + die "Could not mkpath '$opt{cache}': $@\n" if $@; + } + # All this to run an rsync command + my @command = (@rsync, $source, $destination); + ($opt{verbose} > 0) and print STDERR "$PROG: Calling '@command'\n"; + Slack::wrap_rsync(@command); + $opt{'role-list'} = $destination; +} + diff --git a/slack/dist/slack-installfiles b/slack/dist/slack-installfiles new file mode 100755 index 0000000..65d1e22 --- /dev/null +++ b/slack/dist/slack-installfiles @@ -0,0 +1,149 @@ +#!/usr/bin/perl -w +# $Id: slack-installfiles 180 2008-01-19 08:26:19Z alan $ +# vim:sw=2 +# vim600:fdm=marker +# Copyright (C) 2004-2008 Alan Sundell +# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY. +# See the file COPYING for details. +# +# This script is in charge of copying files from the local stage to the root +# of the local filesystem + +require 5.006; +use warnings FATAL => qw(all); +use strict; +use sigtrap qw(die untrapped normal-signals + stack-trace any error-signals); + +use File::Path; + +use constant LIB_DIR => '/usr/lib/slack'; +use lib LIB_DIR; +use Slack; + +my @rsync = ('rsync', + '--relative', + '--times', + '--perms', + '--group', + '--owner', + '--links', + '--devices', + '--sparse', + '--no-implied-dirs', # SO GOOD! + '--files-from=-', + '--from0', + ); + +(my $PROG = $0) =~ s#.*/##; + +sub install_files ($); + +######################################## +# Environment +# Helpful prefix to die messages +$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; }; +# Set a reasonable umask +umask 077; +# Get out of wherever (possibly NFS-mounted) we were +chdir("/") + or die "Could not chdir /: $!"; +# Autoflush on STDERR +select((select(STDERR), $|=1)[0]); + +######################################## +# Config and option parsing {{{ +my $usage = Slack::default_usage("$PROG [options] [...]"); +# Option defaults +my %opt = (); +Slack::get_options( + opthash => \%opt, + usage => $usage, + required_options => [ qw(root stage) ], +); +# }}} + +# Arguments are required +die "No roles given!\n\n$usage" unless @ARGV; + +unless (-d $opt{root}) { + if (not $opt{'dry-run'}) { + eval { + mkpath($opt{root}); + # We have a tight umask, and a root of mode 0700 would be undesirable + # in most cases. + chmod(0755, $opt{root}); + }; + die "Could not mkpath destination directory '$opt{root}': $@\n" if $@; + } + warn "WARNING[$PROG]: Created destination directory '".$opt{root}."'\n"; +} + +# Prepare for backups +if ($opt{backup} and $opt{'backup-dir'}) { + # Make sure backup directory exists + unless (-d $opt{'backup-dir'}) { + ($opt{verbose} > 0) and print STDERR "$PROG: Creating backup directory '$opt{'backup-dir'}'\n"; + if (not $opt{'dry-run'}) { + eval { mkpath($opt{'backup-dir'}); }; + die "Could not mkpath backup dir '$opt{'backup-dir'}': $@\n" if $@; + } + } + push(@rsync, "--backup", "--backup-dir=$opt{'backup-dir'}"); +} +# Pass options along to rsync +if ($opt{'dry-run'}) { + push @rsync, '--dry-run'; +} +if ($opt{'verbose'} > 1) { + push @rsync, '--verbose'; +} + +# copy over the new files +for my $role (@ARGV) { + install_files($role); +} +exit 0; + +# This subroutine takes care of actually installing the files for a role +sub install_files ($) { + my ($role) = @_; + # final / is important for rsync + my $source = $opt{stage} . "/roles/" . $role . "/files/"; + my $destination = $opt{root} . "/"; + my @command = (@rsync, $source, $destination); + + if (not -d $source) { + ($opt{verbose} > 0) and + print STDERR "$PROG: No files to install -- '$source' does not exist\n"; + return; + } + + # Try to give some sensible message here + if ($opt{verbose} > 0) { + if ($opt{'dry-run'}) { + print STDERR "$PROG: Dry-run syncing '$source' to '$destination'\n"; + } else { + print STDERR "$PROG: Syncing '$source' to '$destination'\n"; + } + } + + my ($fh) = Slack::wrap_rsync_fh(@command); + + select((select($fh), $|=1)[0]); # Turn on autoflush + + my $callback = sub { + my ($file) = @_; + ($file =~ s#^$source##) + or die "sub failed: $source|$file"; + print $fh "$file\0"; + }; + + # This will print files to be synced to the $fh + Slack::find_files_to_install($source, $destination, $callback); + + # Close fh, waitpid, and check return value + unless (close($fh)) { + Slack::check_system_exit(@command); + } +} diff --git a/slack/dist/slack-rolediff b/slack/dist/slack-rolediff new file mode 100755 index 0000000..92def93 --- /dev/null +++ b/slack/dist/slack-rolediff @@ -0,0 +1,146 @@ +#!/usr/bin/perl -w +# $Id: slack-rolediff 125 2006-09-27 07:50:07Z alan $ +# vim:sw=2 +# vim600:fdm=marker +# Copyright (C) 2004-2006 Alan Sundell +# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY. +# See the file COPYING for details. +# +# This script provides a preview of scripts or files about to be installed. +# Basically, it calls diff -- its smarts are in knowing where things are. + +require 5.006; +use warnings FATAL => qw(all); +use strict; +use sigtrap qw(die untrapped normal-signals + stack-trace any error-signals); + +use File::Path; +use File::Find; + +use constant LIB_DIR => '/usr/lib/slack'; +use lib LIB_DIR; +use Slack; + +my @diff = ('slack-diff', + '-uN', + ); + +# directories to compare +my %subdir = ( + files => 1, + scripts => 1, +); + +(my $PROG = $0) =~ s#.*/##; + +sub diff ($$;@); + +######################################## +# Environment +# Helpful prefix to die messages +$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; }; +# Set a reasonable umask +umask 077; +# Get out of wherever (possibly NFS-mounted) we were +chdir("/") + or die "Could not chdir /: $!"; +# Autoflush on STDERR +select((select(STDERR), $|=1)[0]); + +######################################## +# Config and option parsing {{{ +my $usage = Slack::default_usage("$PROG [options] [...]"); +$usage .= < \%opt, + command_line_options => [ + 'subdir=s', + 'diff=s', + ], + usage => $usage, + required_options => [ qw(cache stage root) ], +); + +# Arguments are required +die "No roles given!\n\n$usage" unless @ARGV; + +# We only allow certain values for this option +if ($opt{subdir}) { + unless ($opt{subdir} eq 'files' or $opt{subdir} eq 'scripts') { + die "--subdir option must be 'files' or 'scripts'\n\n$usage"; + } + # Only do this subdir + %subdir = ( $opt{subdir} => 1 ); +} + +# Let people override our diff. Split on spaces so they can pass args. +if ($opt{diff}) { + @diff = split(/\s+/, $opt{diff}); +} + +# }}} + +my $exit = 0; +# Do the diffs +for my $full_role (@ARGV) { + # Split the full role (e.g. google.foogle.woogle) into components + my @role = split(/\./, $full_role); + + if ($subdir{scripts}) { + # Then we compare the cache vs the stage + my $old = $opt{stage} . "/roles/" . $full_role . "/scripts"; + my $new = $opt{cache} . "/roles/" . $role[0] . "/scripts"; + # For scripts, we don't care so much about mode and owner (since those are + # inherited in the CACHE from the SOURCE), so --noperms. + $exit |= diff($old, $new, '--noperms'); + } + + if ($subdir{files}) { + # Then we compare the stage vs the root + my $old = $opt{root}; + my $new = $opt{stage} . "/roles/" . $full_role . "/files"; + # For files, we don't care about files that exist in $old but not $new + $exit |= diff($old, $new, '--unidirectional-new-file'); + } +} +exit $exit; + +sub diff ($$;@) { + my ($old, $new, @options) = @_; + + my @command = (@diff, @options); + + # return if there's nothing to do + return 0 if (not -d $old and not -d $new); + + ($opt{verbose} > 0) and print STDERR "$PROG: Previewing with '@command'\n"; + + my $return = 0; + my $callback = sub { + my ($new_file) = @_; + my $old_file = $new_file; + ($old_file =~ s#^$new#$old#) + or die "sub failed: $new|$new_file"; + if (system(@command, $old_file, $new_file) != 0) { + $return |= Slack::get_system_exit(@command); + } + }; + + # We have to use this function, rather than recursive mode for slack-diff, + # because otherwise we'll print a bunch of bogus stuff about directories + # that exist in $ROOT and therefore aren't being synced. + Slack::find_files_to_install($new, $old, $callback); + + return $return; +} diff --git a/slack/dist/slack-runscript b/slack/dist/slack-runscript new file mode 100755 index 0000000..05790c4 --- /dev/null +++ b/slack/dist/slack-runscript @@ -0,0 +1,111 @@ +#!/usr/bin/perl -w +# $Id: slack-runscript 118 2006-09-25 18:35:17Z alan $ +# vim:sw=2 +# vim600:fdm=marker +# Copyright (C) 2004-2006 Alan Sundell +# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY. +# See the file COPYING for details. +# +# This script is in charge of running scripts out of the local stage + +require 5.006; +use warnings FATAL => qw(all); +use strict; +use sigtrap qw(die untrapped normal-signals + stack-trace any error-signals); + +use File::Path; +use File::Find; + +use constant LIB_DIR => '/usr/lib/slack'; +use lib LIB_DIR; +use Slack; + +# Export these options to the environment of the script +my @export_options = qw(root stage hostname verbose); + +(my $PROG = $0) =~ s#.*/##; + +######################################## +# Environment +# Helpful prefix to die messages +$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; }; +# Set a reasonable umask +umask 077; +# Autoflush on STDERR +select((select(STDERR), $|=1)[0]); +# Get out of wherever (possibly NFS-mounted) we were +chdir('/') + or die "Could not chdir '/': $!"; + +######################################## +# Config and option parsing {{{ +my $usage = Slack::default_usage("$PROG [options] [...]"); +# Option defaults +my %opt = (); +Slack::get_options( + opthash => \%opt, + usage => $usage, + required_options => \@export_options, +); + +my $action = shift || die "No script to run!\n\n$usage"; +# Arguments are required +die "No roles given!\n\n$usage" unless @ARGV; + +# }}} + +# Start with a clean environment +%ENV = ( + PATH => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', +); +# Export certain variables to the environment. These are guaranteed to +# be set because we require them in get_options above. +for my $option (@export_options) { + my $env_var = $option; + $env_var =~ tr/a-z-/A-Z_/; + $ENV{$env_var} = $opt{$option}; +} +# We want to decrement the verbose value for the child if it's set. +$ENV{VERBOSE}-- if $ENV{VERBOSE}; + +# Run the script for each role given, if it exists and is executable +for my $role (@ARGV) { + my $script_to_run = "$opt{stage}/roles/$role/scripts/$action"; + unless (-x $script_to_run) { + if (-e _) { + # A helpful warning + warn "WARNING[$PROG]: Skipping '$script_to_run' because it's not executable\n"; + } elsif ($opt{verbose} > 0) { + print STDERR "$PROG: Skipping '$script_to_run' because it doesn't exist\n"; + } + next; + } + my $dir; + if ($action eq 'fixfiles') { + $dir = "$opt{stage}/roles/$role/files"; + } else { + $dir = "$opt{stage}/roles/$role/scripts"; + } + my @command = ($script_to_run , $role); + + # It's OK to chdir even if we're not going to run the script. + # Might as well see if it works. + chdir($dir) + or die "Could not chdir '$dir': $!\n"; + if ($opt{'dry-run'}) { + ($opt{verbose} > 0) + and print STDERR "$PROG: Not calling '@command' in '$dir' ". + "because --dry-run specified.\n"; + } else { + ($opt{verbose} > 0) + and print STDERR "$PROG: Calling '@command' in '$dir'.\n"; + unless (system("script /root/slackLog -a -f -c @command") == 0) { + Slack::check_system_exit(@command); + } + } + chdir('/') + or die "Could not chdir '/': $!\n" +} +exit 0; + diff --git a/slack/dist/slack-runscript.orig b/slack/dist/slack-runscript.orig new file mode 100755 index 0000000..5125a83 --- /dev/null +++ b/slack/dist/slack-runscript.orig @@ -0,0 +1,111 @@ +#!/usr/bin/perl -w +# $Id: slack-runscript 118 2006-09-25 18:35:17Z alan $ +# vim:sw=2 +# vim600:fdm=marker +# Copyright (C) 2004-2006 Alan Sundell +# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY. +# See the file COPYING for details. +# +# This script is in charge of running scripts out of the local stage + +require 5.006; +use warnings FATAL => qw(all); +use strict; +use sigtrap qw(die untrapped normal-signals + stack-trace any error-signals); + +use File::Path; +use File::Find; + +use constant LIB_DIR => '/usr/lib/slack'; +use lib LIB_DIR; +use Slack; + +# Export these options to the environment of the script +my @export_options = qw(root stage hostname verbose); + +(my $PROG = $0) =~ s#.*/##; + +######################################## +# Environment +# Helpful prefix to die messages +$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; }; +# Set a reasonable umask +umask 077; +# Autoflush on STDERR +select((select(STDERR), $|=1)[0]); +# Get out of wherever (possibly NFS-mounted) we were +chdir('/') + or die "Could not chdir '/': $!"; + +######################################## +# Config and option parsing {{{ +my $usage = Slack::default_usage("$PROG [options] [...]"); +# Option defaults +my %opt = (); +Slack::get_options( + opthash => \%opt, + usage => $usage, + required_options => \@export_options, +); + +my $action = shift || die "No script to run!\n\n$usage"; +# Arguments are required +die "No roles given!\n\n$usage" unless @ARGV; + +# }}} + +# Start with a clean environment +%ENV = ( + PATH => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', +); +# Export certain variables to the environment. These are guaranteed to +# be set because we require them in get_options above. +for my $option (@export_options) { + my $env_var = $option; + $env_var =~ tr/a-z-/A-Z_/; + $ENV{$env_var} = $opt{$option}; +} +# We want to decrement the verbose value for the child if it's set. +$ENV{VERBOSE}-- if $ENV{VERBOSE}; + +# Run the script for each role given, if it exists and is executable +for my $role (@ARGV) { + my $script_to_run = "$opt{stage}/roles/$role/scripts/$action"; + unless (-x $script_to_run) { + if (-e _) { + # A helpful warning + warn "WARNING[$PROG]: Skipping '$script_to_run' because it's not executable\n"; + } elsif ($opt{verbose} > 0) { + print STDERR "$PROG: Skipping '$script_to_run' because it doesn't exist\n"; + } + next; + } + my $dir; + if ($action eq 'fixfiles') { + $dir = "$opt{stage}/roles/$role/files"; + } else { + $dir = "$opt{stage}/roles/$role/scripts"; + } + my @command = ($script_to_run, $role); + + # It's OK to chdir even if we're not going to run the script. + # Might as well see if it works. + chdir($dir) + or die "Could not chdir '$dir': $!\n"; + if ($opt{'dry-run'}) { + ($opt{verbose} > 0) + and print STDERR "$PROG: Not calling '@command' in '$dir' ". + "because --dry-run specified.\n"; + } else { + ($opt{verbose} > 0) + and print STDERR "$PROG: Calling '@command' in '$dir'.\n"; + unless (system(@command) == 0) { + Slack::check_system_exit(@command); + } + } + chdir('/') + or die "Could not chdir '/': $!\n" +} +exit 0; + diff --git a/slack/dist/slack-stage b/slack/dist/slack-stage new file mode 100755 index 0000000..3833736 --- /dev/null +++ b/slack/dist/slack-stage @@ -0,0 +1,278 @@ +#!/usr/bin/perl -w +# $Id: slack-stage 180 2008-01-19 08:26:19Z alan $ +# vim:sw=2 +# vim600:fdm=marker +# Copyright (C) 2004-2008 Alan Sundell +# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY. +# See the file COPYING for details. +# +# This script is in charge of copying files from the local cache +# directory to the local stage, building a unified single tree onstage +# from the multiple trees that are the role + subroles in the cache + +require 5.006; +use warnings FATAL => qw(all); +use strict; +use sigtrap qw(die untrapped normal-signals + stack-trace any error-signals); + +use File::Path; +use File::Find; + +use constant LIB_DIR => '/usr/lib/slack'; +use lib LIB_DIR; +use Slack; + +my @rsync = ('rsync', + '--recursive', + '--times', + '--ignore-times', + '--perms', + '--sparse', + ); + +(my $PROG = $0) =~ s#.*/##; + +sub check_stage (); +sub sync_role ($$@); +sub apply_default_perms_to_role ($$); + +######################################## +# Environment +# Helpful prefix to die messages +$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; }; +# Set a reasonable umask +umask 077; +# Get out of wherever (possibly NFS-mounted) we were +chdir("/") + or die "Could not chdir /: $!"; +# Autoflush on STDERR +select((select(STDERR), $|=1)[0]); + +######################################## +# Config and option parsing {{{ +my $usage = Slack::default_usage("$PROG [options] [...]"); +$usage .= < \%opt, + command_line_options => [ + 'subdir=s', + ], + usage => $usage, + required_options => [ qw(cache stage) ], +); + +# Arguments are required +die "No roles given!\n\n$usage" unless @ARGV; + +# We only allow certain values for this option +if ($opt{subdir}) { + unless ($opt{subdir} eq 'files' or $opt{subdir} eq 'scripts') { + die "--subdir option must be 'files' or 'scripts'\n\n$usage"; + } +} else { + $opt{subdir} = ''; +} + +# Prepare for backups +if ($opt{backup} and $opt{'backup-dir'}) { + # Make sure backup directory exists + unless (-d $opt{'backup-dir'}) { + ($opt{verbose} > 0) and print STDERR "Creating backup directory '$opt{'backup-dir'}'\n"; + if (not $opt{'dry-run'}) { + eval { mkpath($opt{'backup-dir'}); }; + die "Could not mkpath backup dir '$opt{'backup-dir'}': $@\n" if $@; + } + } + push(@rsync, "--backup", "--backup-dir=$opt{'backup-dir'}"); +} + +# Pass options along to rsync +if ($opt{'dry-run'}) { + push @rsync, '--dry-run'; +} +# Pass options along to rsync +if ($opt{'verbose'} > 1) { + push @rsync, '--verbose'; +} +# }}} + +# copy over the new files +for my $full_role (@ARGV) { + # Split the full role (e.g. google.foogle.woogle) into components + my @role_parts = split(/\./, $full_role); + die "Internal error: Expect at least one role part" if not @role_parts; + # Reassemble parts one at a time onto @role and sync as we go, + # so we do "google", then "google.foogle", then "google.foogle.woogle" + my @role = (); + # Make sure we've got the right perms before we copy stuff down + check_stage(); + + # For the base role, do both files and scripts. + push @role, shift @role_parts; + for my $subdir(qw(files scripts)) { + if (not $opt{subdir} or $opt{subdir} eq $subdir) { + ($opt{verbose} > 1) + and print STDERR "$PROG: Calling sync_role for $full_role, @role\n"; + # @role here will have one element, so sync_role will use --delete + sync_role($full_role, $subdir, @role) + } + } + + # For all subroles, just do the files. + # (If we wanted script subroles to work like files, we'd get rid of this + # distinction and simplify the code.) + if (not $opt{subdir} or $opt{subdir} eq 'files') { + while (@role_parts) { + push @role, shift @role_parts; + ($opt{verbose} > 1) + and print STDERR "$PROG: Calling sync_role for $full_role, @role\n"; + sync_role($full_role, 'files', @role); + } + } + + for my $subdir (qw(files scripts)) { + apply_default_perms_to_role($full_role, $subdir) + if (not $opt{subdir} or $opt{subdir} eq $subdir); + } +} +exit 0; + +# Make sure the stage directory exists and is mode 0700, to protect files +# underneath in transit +sub check_stage () { + my $stage = $opt{stage} . "/roles"; + if (not $opt{'dry-run'}) { + if (not -d $stage) { + ($opt{verbose} > 0) and print STDERR "$PROG: Creating '$stage'\n"; + eval { mkpath($stage); }; + die "Could not mkpath cache dir '$stage': $@\n" if $@; + } + ($opt{verbose} > 0) and print STDERR "$PROG: Checking perms on '$stage'\n"; + if ($> != 0) { + warn "WARNING[$PROG]: Not superuser; unable to chown files\n"; + } else { + chown(0, 0, $stage) + or die "Could not chown 0:0 '$stage': $!\n"; + } + chmod(0700, $stage) + or die "Could not chmod 0700 '$stage': $!\n"; + } +} + +# Copy the files for a role from CACHE to STAGE +sub sync_role ($$@) { + my ($full_role, $subdir, @role) = @_; + my @this_rsync = @rsync; + + # If we were only given one role part, we're in the base role + my $in_base_role = (scalar @role == 1); + + # For the base role, delete any files that don't exist in the cache. + # Not for the subrole (otherwise we'll delete all files not in + # the subrole, which may be most of them!) + if ($in_base_role) { + push @this_rsync, "--delete"; + } + + # (a) => a/files + # (a,b,c) => a/files.b.c + my $src_path = $role[0].'/'.join(".", $subdir, @role[1 .. $#role]); + # This one's a little simpler: + my $dst_path = $full_role.'/'.$subdir; + + # final / is important for rsync + my $source = $opt{cache} . "/roles/" . $src_path . "/"; + my $destination = $opt{stage} . "/roles/" . $dst_path . "/"; + if (not -d $destination and -d $source) { + ($opt{verbose} > 0) and print STDERR "$PROG: Creating '$destination'\n"; + if (not $opt{'dry-run'}) { + eval { mkpath($destination); }; + die "Could not mkpath stage dir '$destination': $@\n" if $@; + } + } + + # We no longer require the source to exist + if (not -d $source) { + # but we need to remove the destination if the source + # doesn't exist and we're in the base role + if ($in_base_role) { + rmtree($destination); + # rmtree() doesn't throw exceptions or give a return value useful + # for detecting failure, so we just check after the fact. + die "Could not rmtree '$destination' when '$source' missing\n" + if -e $destination; + } + # if we continue, rsync will fail because source is missing, + # so we don't. + return; + } + + # All this to run an rsync command + my @command = (@this_rsync, $source, $destination); + ($opt{verbose} > 0) and print STDERR "$PROG: Syncing $src_path with '@command'\n"; + Slack::wrap_rsync(@command); +} + +# This just takes the base role, and chowns/chmods everything under it to +# give it some sensible permissions. Basically, the only thing we preserve +# about the original permissions is the executable bit, since that's the +# only thing source code controls systems like CVS, RCS, Perforce seem to +# preserve. +sub apply_default_perms_to_role ($$) { + my ($role, $subdir) = @_; + my $destination = $opt{stage} . "/roles/" . $role; + + if ($subdir) { + $destination .= '/' . $subdir; + } + + # If the destination doesn't exist, it's probably because the source didn't + return if not -d $destination; + + ($opt{verbose} > 0) and print STDERR "$PROG: Setting default perms on $destination\n"; + if ($> != 0) { + warn "WARNING[$PROG]: Not superuser; won't be able to chown files\n"; + } + # Use File::Find to recurse the directory + find({ + # The "wanted" subroutine is called for every directory entry + wanted => sub { + return if $opt{'dry-run'}; + ($opt{verbose} > 2) and print STDERR "$File::Find::name\n"; + if (-l) { + # symlinks shouldn't be in here, + # since we dereference when copying + warn "WARNING[$PROG]: Skipping symlink at $File::Find::name: $!\n"; + return; + } elsif (-f _) { # results of last stat saved in the "_" + if (-x _) { + chmod 0555, $_ + or die "Could not chmod 0555 $File::Find::name: $!"; + } else { + chmod 0444, $_ + or die "Could not chmod 0444 $File::Find::name: $!"; + } + } elsif (-d _) { + chmod 0755, $_ + or die "Could not chmod 0755 $File::Find::name: $!"; + } else { + warn "WARNING[$PROG]: Unknown file type at $File::Find::name: $!\n"; + } + return if $> != 0; # skip chowning if not superuser + chown 0, 0, $_ + or die "Could not chown 0:0 $File::Find::name: $!"; + }, + # end of wanted function + }, + # way down here, we have the directory to traverse with File::Find + $destination, + ); +} diff --git a/slack/dist/slack-sync b/slack/dist/slack-sync new file mode 100755 index 0000000..e334ef4 --- /dev/null +++ b/slack/dist/slack-sync @@ -0,0 +1,169 @@ +#!/usr/bin/perl -w +# $Id: slack-sync 180 2008-01-19 08:26:19Z alan $ +# vim:sw=2 +# vim600:fdm=marker +# Copyright (C) 2004-2008 Alan Sundell +# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY. +# See the file COPYING for details. +# +# This script is in charge of copying files from the (possibly remote) +# master directory to a local cache, using rsync + +require 5.006; +use warnings FATAL => qw(all); +use strict; +use sigtrap qw(die untrapped normal-signals + stack-trace any error-signals); + +use File::Path; + +use constant LIB_DIR => '/usr/lib/slack'; +use lib LIB_DIR; +use Slack; + +my @rsync = ('rsync', + '--cvs-exclude', + '--recursive', + '--links', + '--copy-links', + '--times', + '--perms', + '--sparse', + '--delete', + '--files-from=-', + '--from0', + ); + +(my $PROG = $0) =~ s#.*/##; + +sub check_cache ($); +sub rsync_source ($$@); + +######################################## +# Environment +# Helpful prefix to die messages +$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; }; +# Set a reasonable umask +umask 077; +# Get out of wherever (possibly NFS-mounted) we were +chdir("/") + or die "Could not chdir /: $!"; +# Autoflush on STDERR +select((select(STDERR), $|=1)[0]); + +######################################## +# Config and option parsing {{{ +my $usage = Slack::default_usage("$PROG [options] [...]"); +# Option defaults +my %opt = (); +Slack::get_options( + opthash => \%opt, + usage => $usage, + required_options => [ qw(source cache) ], +); + +# Arguments are required +die "No roles given!\n\n$usage" unless @ARGV; + +# Prepare for backups +if ($opt{backup} and $opt{'backup-dir'}) { + # Make sure backup directory exists + unless (-d $opt{'backup-dir'}) { + ($opt{verbose} > 0) and print STDERR "Creating backup directory '$opt{'backup-dir'}'\n"; + if (not $opt{'dry-run'}) { + eval { mkpath($opt{'backup-dir'}); }; + die "Could not mkpath backup dir '$opt{'backup-dir'}': $@\n" if $@; + } + } + push(@rsync, "--backup", "--backup-dir=$opt{'backup-dir'}"); +} +# Look at source type, and add options if necessary +if ($opt{'rsh'} or $opt{source} =~ m/^[\w@\.-]+::/) { + # This is tunnelled rsync, and so needs an extra option + if ($opt{'rsh'}) { + push @rsync, '-e', $opt{'rsh'}; + } else { + push @rsync, '-e', 'ssh'; + } +} + +# Pass options along to rsync +if ($opt{'dry-run'}) { + push @rsync, '--dry-run'; +} +# Pass options along to rsync +if ($opt{'verbose'} > 1) { + push @rsync, '--verbose'; +} +# }}} + +my @roles = (); + +{ + # This hash is just to avoid calling rsync twice if two subroles are + # installed. We only care since it's remote, and therefore slow. + my %roles_to_sync = (); + + # copy over the new files + for my $full_role (@ARGV) { + # Get the first element of the role name (the base role) + # e.g., from "google.foogle.woogle", get "google" + my $base_role = (split /\./, $full_role, 2)[0]; + + $roles_to_sync{$base_role} = 1; + } + @roles = keys %roles_to_sync; +} + +my $cache = $opt{cache} . "/roles/"; +# Make sure we've got the right perms before we copy stuff down +check_cache($cache); + +rsync_source( + $opt{source} . '/roles/', + $cache, + @roles, +); + +exit 0; + +# Make sure the cache directory exists and is mode 0700, to protect files +# underneath in transit +sub check_cache ($) { + my ($cache) = @_; + if (not $opt{'dry-run'}) { + if (not -d $cache) { + ($opt{verbose} > 0) and print STDERR "$PROG: Creating '$cache'\n"; + eval { mkpath($cache); }; + die "Could not mkpath cache dir '$cache': $@\n" if $@; + } + ($opt{verbose} > 0) and print STDERR "$PROG: Checking perms on '$cache'\n"; + if ($> != 0) { + warn "WARNING[$PROG]: Not superuser; unable to chown files\n"; + } else { + chown(0, 0, $cache) + or die "Could not chown 0:0 '$cache': $!\n"; + } + chmod(0700, $cache) + or die "Could not chmod 0700 '$cache': $!\n"; + } +} + +# Pull down roles from an rsync source +sub rsync_source($$@) { + my ($source, $destination, @roles) = @_; + my @command = (@rsync, $source, $destination); + + ($opt{verbose} > 0) + and print STDERR "$PROG: Syncing cache with '@command'\n"; + + my ($fh) = Slack::wrap_rsync_fh(@command); + + # Shove the roles down its throat + print $fh join("\0", @roles), "\0"; + + # Close fh, waitpid, and check return value + unless (close($fh)) { + Slack::check_system_exit(@command); + } +} diff --git a/slack/dist/slack.conf b/slack/dist/slack.conf new file mode 100755 index 0000000..e69de29 diff --git a/slack/env/SlackConfig-prod.config b/slack/env/SlackConfig-prod.config new file mode 100644 index 0000000..5ebdd6d --- /dev/null +++ b/slack/env/SlackConfig-prod.config @@ -0,0 +1,6 @@ +ROLE_LIST=toolbox.turnsys.net:/local/slack-prod/etc/roles.conf +SOURCE=toolbox.turnsys.net:/local/slack-prod/ +CACHE=/var/cache/slack +STAGE=/var/lib/slack/stage +ROOT=/ +BACKUP_DIR=/var/lib/slack/backups diff --git a/slack/env/SlackSSH-prod.config b/slack/env/SlackSSH-prod.config new file mode 100644 index 0000000..af12fda --- /dev/null +++ b/slack/env/SlackSSH-prod.config @@ -0,0 +1,4 @@ +Host toolbox.turnsys.net + User slack-prod + IdentityFile /root/.ssh/SlackSSH-prod.key + StrictHostKeyChecking no diff --git a/slack/env/SlackSSH-prod.key b/slack/env/SlackSSH-prod.key new file mode 100644 index 0000000..447e4bd --- /dev/null +++ b/slack/env/SlackSSH-prod.key @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEowIBAAKCAQEAycZwe0FuYISsFaHvaplNhb9uplG8YeMkffIKXp633MwihACm +oNoKEQHlqSKD1urZfLYjwf1YBKAPt9QRdIguwsQ3hl3xKpsO+gsmaOpF3eJMVWHZ +dS/T7lplIOcXr0tbUeibQ9p+c+MgICfpdAJvUnuD8grDmaTuvasBat4Ow6rXIzsQ +WKzSrP3iQJ0xeq+mqRIlPP5dwl66RF+dlaloVxlvG95i3u512EkNg+sMt1X5KbhH +ecQSicpA8K2qK4G71CqRIm7DmXCheSlDzqLACwJAFOU4xN3eqTO3B4Bm5Wri9Oip +hkwzMgWrDNFx/69ZnGF69g0VP8Qyl4R7d3FZDQIDAQABAoIBAQCzCDYpxybO0Sl3 +kFXEuf3FHNRrEr8aA9cPQUHeLuppKV++zG0M8CpaaNqENjHQ8lTDiUE1ETuV7wfD +TpGmWmdTPZMe0B/6c9bYGiickrInbHHamJXAmw1qwh5VEXc8fJqslL2feTEWVoLc +xU0pODfacenjS5W+sE99T0xUrG9hQJMRtNOorMQiUraLl670yIZnzMszDIdd1xdv +4XCuQ5Phnup22/kvByIdiNXPaSY/gOooBTZDUzka+FV3Nn9XXhZoNBnNfk6XgHZw +x9vQvnN+tuDr6RX4g1RPq/u6IhsQO2/OT9wwu74KLdkLFTssGold73uys2WvC0NW +zNFVBuBBAoGBAO6lhTWE2hvt5h7btEY36XgoJbu0k/E7fVgEud2yCdRdQ5ApAHVs +xvol1D3waVKUrRePKq2BhaylwtYACYAow3geMsGrlf4ndlLOQ1z6ByNncJPF3Tr1 +lFp025QLijoKmnCq3CdIVPrdhTm44go2usXytobpxS2nB5hZwZfyDju5AoGBANhy +i9vOlRXcLiHpmzAKwFs/jR9D09DUZ6ALm22HvDOsISJS+nR2neun+7HXXHm1Kqyu +w1GA8xaqBnuFfuHP09ZYTNammEROS8dL/5muGCwrfwIrd/H4ELsE0spWOrTlfgY/ +GN5WeoXZGAwjiu67AoRkpKIQxnsjEKSNKZQntjn1AoGAOyAdIcZZd2P4iJqsTl1Z +5aAkwR2bLcAsbNs25XtPviKhM51E9NLPdXhb3kCrB3+4ZsbcrwIRCVZEMFrv/6WZ +0C/DKYKGdeJ3CUr7G5UCob3mAWabShk/+S1MnaBCTeEEpHdgdgcQrtqlQEjTD+7B +VXutxz0x0f64/gD22ttotVkCgYAma4a52JyMCc5ChMXgLDhiuhAhuZdynRFbzlOj +iJF2lpo3DoWYgKmdd+7sbW7jx62wg0D2Sa5cmoeWC2cvTAWtKXVSMLYcgc1frfTL +4aQ2yu27g93BnKfTmpKUCeRX0dih4TdX1//dnGBxXym9IILc30R94/5nQx0kKE52 +Fup4tQKBgHrDPBIJG3MkA5UIkBPnxE9Ei8V4g/TpYjmC+6JiWkBTQCNZ4A2KKl7S +pwGQwdcqA5OsPbw0T54HwMtDm0ao0b3krb70vBw/xdIAHNe3DCmeOuKelvjDyzr1 +ZL6gF557VfKFjz23Hp2PbOYo88BAdX1H1zy0FUZJ7Zh4GbOjgVFQ +-----END RSA PRIVATE KEY----- diff --git a/slack/env/SlackSSH-prod.key.pub b/slack/env/SlackSSH-prod.key.pub new file mode 100644 index 0000000..6ae1fb0 --- /dev/null +++ b/slack/env/SlackSSH-prod.key.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJxnB7QW5ghKwVoe9qmU2Fv26mUbxh4yR98gpenrfczCKEAKag2goRAeWpIoPW6tl8tiPB/VgEoA+31BF0iC7CxDeGXfEqmw76CyZo6kXd4kxVYdl1L9PuWmUg5xevS1tR6JtD2n5z4yAgJ+l0Am9Se4PyCsOZpO69qwFq3g7DqtcjOxBYrNKs/eJAnTF6r6apEiU8/l3CXrpEX52VqWhXGW8b3mLe7nXYSQ2D6wy3VfkpuEd5xBKJykDwraorgbvUKpEibsOZcKF5KUPOosALAkAU5TjE3d6pM7cHgGblauL06KmGTDMyBasM0XH/r1mcYXr2DRU/xDKXhHt3cVkN charles@ultix-mini diff --git a/slack/slackDist.tar.gz b/slack/slackDist.tar.gz new file mode 100755 index 0000000..2b7969a Binary files /dev/null and b/slack/slackDist.tar.gz differ