rollup from old
This commit is contained in:
parent
119169009f
commit
17ed3bce46
0
archive/CMDB/snmp/.svn/text-base/setup-snmp.sh.svn-base
Executable file → Normal file
0
archive/CMDB/snmp/.svn/text-base/setup-snmp.sh.svn-base
Executable file → Normal file
0
archive/CMDB/snmp/distro
Executable file → Normal file
0
archive/CMDB/snmp/distro
Executable file → Normal file
0
archive/CMDB/snmp/setup-snmp.sh
Executable file → Normal file
0
archive/CMDB/snmp/setup-snmp.sh
Executable file → Normal file
0
archive/CMDB/zenossScan.sh
Executable file → Normal file
0
archive/CMDB/zenossScan.sh
Executable file → Normal file
0
archive/lab/vagrant/docker/thefnf/freeside/Makefile
Executable file → Normal file
0
archive/lab/vagrant/docker/thefnf/freeside/Makefile
Executable file → Normal file
@ -1,53 +0,0 @@
|
|||||||
#
|
|
||||||
# Shorewall version 4 - conntrack File
|
|
||||||
#
|
|
||||||
# For information about entries in this file, type "man shorewall-conntrack"
|
|
||||||
#
|
|
||||||
##############################################################################################################
|
|
||||||
?FORMAT 3
|
|
||||||
#ACTION SOURCE DESTINATION PROTO DEST SOURCE USER/ SWITCH
|
|
||||||
# PORT(S) PORT(S) GROUP
|
|
||||||
?if $AUTOHELPERS && __CT_TARGET
|
|
||||||
|
|
||||||
?if __AMANDA_HELPER
|
|
||||||
CT:helper:amanda:PO - - udp 10080
|
|
||||||
?endif
|
|
||||||
|
|
||||||
?if __FTP_HELPER
|
|
||||||
CT:helper:ftp:PO - - tcp 21
|
|
||||||
?endif
|
|
||||||
|
|
||||||
?if __H323_HELPER
|
|
||||||
CT:helper:RAS:PO - - udp 1719
|
|
||||||
CT:helper:Q.931:PO - - tcp 1720
|
|
||||||
?endif
|
|
||||||
|
|
||||||
?if __IRC_HELPER
|
|
||||||
CT:helper:irc:PO - - tcp 6667
|
|
||||||
?endif
|
|
||||||
|
|
||||||
?if __NETBIOS_NS_HELPER
|
|
||||||
CT:helper:netbios-ns:PO - - udp 137
|
|
||||||
?endif
|
|
||||||
|
|
||||||
?if __PPTP_HELPER
|
|
||||||
CT:helper:pptp:PO - - tcp 1723
|
|
||||||
?endif
|
|
||||||
|
|
||||||
?if __SANE_HELPER
|
|
||||||
CT:helper:sane:PO - - tcp 6566
|
|
||||||
?endif
|
|
||||||
|
|
||||||
?if __SIP_HELPER
|
|
||||||
CT:helper:sip:PO - - udp 5060
|
|
||||||
?endif
|
|
||||||
|
|
||||||
?if __SNMP_HELPER
|
|
||||||
CT:helper:snmp:PO - - udp 161
|
|
||||||
?endif
|
|
||||||
|
|
||||||
?if __TFTP_HELPER
|
|
||||||
CT:helper:tftp:PO - - udp 69
|
|
||||||
?endif
|
|
||||||
|
|
||||||
?endif
|
|
@ -1,13 +0,0 @@
|
|||||||
#ZONE INTERFACE OPTIONS
|
|
||||||
rr eth0 detect tcpflags,nosmurfs,routefilter,logmartians
|
|
||||||
wan eth1 detect tcpflags,nosmurfs,routefilter,logmartians,sourceroute=0
|
|
||||||
barm eth2 detect tcpflags,nosmurfs,routefilter,logmartians
|
|
||||||
mgmt eth3 detect tcpflags,nosmurfs,routefilter,logmartians
|
|
||||||
asn eth4 detect tcpflags,nosmurfs,routefilter,logmartians
|
|
||||||
s2l eth5 detect tcpflags,nosmurfs,routefilter,logmartians
|
|
||||||
fnf eth6 detect tcpflags,nosmurfs,routefilter,logmartians
|
|
||||||
knel eth7 detect tcpflags,nosmurfs,routefilter,logmartians
|
|
||||||
tsys eth8 detect tcpflags,nosmurfs,routefilter,logmartians
|
|
||||||
vpnrwr tun0 detect dhcp
|
|
||||||
vpnauslab tun1 detect dhcp
|
|
||||||
vpnasn2net tun2 detect dhcp
|
|
@ -1,19 +0,0 @@
|
|||||||
#
|
|
||||||
# Shorewall version 4.0 - Sample Masq file for two-interface configuration.
|
|
||||||
# Copyright (C) 2006 by the Shorewall Team
|
|
||||||
#
|
|
||||||
# This library is free software; you can redistribute it and/or
|
|
||||||
# modify it under the terms of the GNU Lesser General Public
|
|
||||||
# License as published by the Free Software Foundation; either
|
|
||||||
# version 2.1 of the License, or (at your option) any later version.
|
|
||||||
#
|
|
||||||
# See the file README.txt for further details.
|
|
||||||
#------------------------------------------------------------------------------
|
|
||||||
# For information about entries in this file, type "man shorewall-masq"
|
|
||||||
################################################################################################################
|
|
||||||
#INTERFACE:DEST SOURCE ADDRESS PROTO PORT(S) IPSEC MARK USER/ SWITCH ORIGINAL
|
|
||||||
# GROUP DEST
|
|
||||||
eth1 10.0.0.0/8,\
|
|
||||||
169.254.0.0/16,\
|
|
||||||
172.16.0.0/12,\
|
|
||||||
192.168.0.0/16
|
|
@ -1,28 +0,0 @@
|
|||||||
#
|
|
||||||
# Shorewall version 4 - Params File
|
|
||||||
#
|
|
||||||
# /etc/shorewall/params
|
|
||||||
#
|
|
||||||
# Assign any variables that you need here.
|
|
||||||
#
|
|
||||||
# It is suggested that variable names begin with an upper case letter
|
|
||||||
# to distinguish them from variables used internally within the
|
|
||||||
# Shorewall programs
|
|
||||||
#
|
|
||||||
# Example:
|
|
||||||
#
|
|
||||||
# NET_IF=eth0
|
|
||||||
# NET_BCAST=130.252.100.255
|
|
||||||
# NET_OPTIONS=routefilter,norfc1918
|
|
||||||
#
|
|
||||||
# Example (/etc/shorewall/interfaces record):
|
|
||||||
#
|
|
||||||
# net $NET_IF $NET_BCAST $NET_OPTIONS
|
|
||||||
#
|
|
||||||
# The result will be the same as if the record had been written
|
|
||||||
#
|
|
||||||
# net eth0 130.252.100.255 routefilter,norfc1918
|
|
||||||
#
|
|
||||||
###############################################################################
|
|
||||||
|
|
||||||
#LAST LINE -- DO NOT REMOVE
|
|
@ -1,20 +0,0 @@
|
|||||||
#SOURCE ZONE DESTINATION ZONE POLICY LOG LIMIT:BURST
|
|
||||||
# LEVEL
|
|
||||||
#Allow the firewall to get out to the net. Updates/e-mail alerts etc. I could pinhole this, but meh COME AT ME NSA
|
|
||||||
$FW wan ACCEPT
|
|
||||||
|
|
||||||
#Road warrior is trusted. It serves as an extension of the mgmt net.
|
|
||||||
vpnrwr all ACCEPT
|
|
||||||
|
|
||||||
#Anything transisting the vpn link between ausprod-core-rtr01 and tsys-rtr has already been passed firewall rules and IPS inspection.
|
|
||||||
#Otherwise I wouldn't allow this
|
|
||||||
vpnauslab all ACCEPT
|
|
||||||
|
|
||||||
#Drop everything inbound from the big bad world that isn't explicitly allowed.
|
|
||||||
#Cause the net is where the NSA lives
|
|
||||||
wan all DROP
|
|
||||||
|
|
||||||
#Drop everything that isn't explicitly allowed.
|
|
||||||
#Make explicit rules for everything yo. The NSA says you should. Duh.
|
|
||||||
# #state-sponsored-malware #stuxnet-was-an-inside-job
|
|
||||||
all all REJECT info
|
|
@ -1,113 +0,0 @@
|
|||||||
#ACTION SOURCE DEST PROTO DEST PORT(S) SOURCE ORIGINAL
|
|
||||||
###########################################################################################################################################################################################################
|
|
||||||
#Inbound DNAT forwarding from WAN to various zone/ip pinholes
|
|
||||||
###########################################################################################################################################################################################################
|
|
||||||
#########################################################
|
|
||||||
#KNEL rules
|
|
||||||
#158.69.183.165/29 eth1:2
|
|
||||||
#########################################################
|
|
||||||
DNAT wan knel:10.253.8.72 tcp 443 - 158.69.183.165
|
|
||||||
DNAT wan knel:10.253.8.72 tcp 80 - 158.69.183.165
|
|
||||||
DNAT wan knel:10.253.8.72 tcp 993 - 158.69.183.165
|
|
||||||
DNAT wan knel:10.253.8.72 tcp 25 - 158.69.183.165
|
|
||||||
DNAT wan knel:10.253.8.72 tcp 465 - 158.69.183.165
|
|
||||||
DNAT wan knel:10.253.8.72 tcp 5222 - 158.69.183.165
|
|
||||||
|
|
||||||
#########################################################
|
|
||||||
#TSYS rules
|
|
||||||
#158.69.183.161/29 eth1
|
|
||||||
#########################################################
|
|
||||||
DNAT wan tsys:10.253.9.78 tcp 443 - 158.69.183.161
|
|
||||||
DNAT wan tsys:10.253.9.78 tcp 80 - 158.69.183.161
|
|
||||||
DNAT wan tsys:10.253.9.78 tcp 25 - 158.69.183.161
|
|
||||||
DNAT wan tsys:10.253.9.78 tcp 465 - 158.69.183.161
|
|
||||||
DNAT wan tsys:10.253.9.78 tcp 5222 - 158.69.183.161
|
|
||||||
|
|
||||||
#########################################################
|
|
||||||
#RackRental WAN rules
|
|
||||||
#158.69.183.164/29 eth1:1
|
|
||||||
#########################################################
|
|
||||||
#158.69.183.164/29
|
|
||||||
DNAT wan rr:10.253.6.81 tcp 443 - 158.69.183.164
|
|
||||||
DNAT wan rr:10.253.6.81 tcp 80 - 158.69.183.164
|
|
||||||
|
|
||||||
############################################################
|
|
||||||
#S2l/asn WAN rules handled by their upstream routers/admins
|
|
||||||
############################################################
|
|
||||||
|
|
||||||
###########################################################################################################################################################################################################
|
|
||||||
#site to site and road warrior VPN rules
|
|
||||||
###########################################################################################################################################################################################################
|
|
||||||
|
|
||||||
#Allow road warrior connectivity from anywhere
|
|
||||||
ACCEPT wan fw udp 443
|
|
||||||
|
|
||||||
#Allow auslab site to site vpn
|
|
||||||
ACCEPT wan fw tcp 1195
|
|
||||||
ACCEPT wan fw udp 1195
|
|
||||||
|
|
||||||
|
|
||||||
############################################################
|
|
||||||
#FW rules for RoadWarrior VPN
|
|
||||||
############################################################
|
|
||||||
ACCEPT all vpnrwr all
|
|
||||||
|
|
||||||
############################################################
|
|
||||||
#FW rules for STS VPN - AUSLAB
|
|
||||||
#ACCEPT loc vpnauslab all
|
|
||||||
############################################################
|
|
||||||
ACCEPT vpnauslab all all
|
|
||||||
ACCEPT $FW vpnauslab all
|
|
||||||
|
|
||||||
############################################################
|
|
||||||
#FW rules for STS VPN - client - asn2net
|
|
||||||
#Lock this down soon
|
|
||||||
############################################################
|
|
||||||
ACCEPT $FW vpnasn2net all
|
|
||||||
ACCEPT vpnasn2net $FW all
|
|
||||||
|
|
||||||
|
|
||||||
###########################################################################################################################################################################################################
|
|
||||||
#outbound from various local nets and the firewall to WAN
|
|
||||||
###########################################################################################################################################################################################################
|
|
||||||
ACCEPT rr wan all #Lock this down soon
|
|
||||||
ACCEPT rr tsys all #Lock this down soon
|
|
||||||
ACCEPT knel,tsys,mgmt wan all
|
|
||||||
|
|
||||||
|
|
||||||
#Temp rules to get stuff working..
|
|
||||||
ACCEPT $FW all all #Fw can access everything for now, Lock this down later
|
|
||||||
ACCEPT mgmt $FW
|
|
||||||
|
|
||||||
ACCEPT vpnauslab mgmt all
|
|
||||||
ACCEPT vpnauslab all all
|
|
||||||
|
|
||||||
###########################################################################################################################################################################################################
|
|
||||||
#intra zone pinhole rules
|
|
||||||
###########################################################################################################################################################################################################
|
|
||||||
ACCEPT vpnrwr,rr,barm,tsys,knel,fnf mgmt:10.253.3.86 udp 53
|
|
||||||
ACCEPT vpnrwr,rr,barm,tsys,knel,fnf mgmt:10.253.3.86 tcp 53
|
|
||||||
|
|
||||||
###########################################################################################################################################################################################################
|
|
||||||
#intra zone wide rules
|
|
||||||
###########################################################################################################################################################################################################
|
|
||||||
#Mgmt can hit everything yo, cause it's fucking management with a capital M
|
|
||||||
ACCEPT mgmt barm,tsys,knel,fnf,vpnrwr,asn,s2l,vpnauslab all
|
|
||||||
|
|
||||||
#Ad replication rule
|
|
||||||
ACCEPT mgmt:10.253.3.86 vpnauslab:10.251.2.98 all
|
|
||||||
ACCEPT vpnauslab:10.251.2.98 mgmt:10.253.3.86 all
|
|
||||||
|
|
||||||
#Zenoss rule
|
|
||||||
ACCEPT mgmt:10.253.3.77 all all
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
#Brendan mgmt access
|
|
||||||
ACCEPT vpnasn2net:10.30.1.2 mgmt:10.253.3.86 udp 53
|
|
||||||
ACCEPT vpnasn2net:10.30.1.2 mgmt:10.253.3.86 tcp 53
|
|
||||||
ACCEPT vpnasn2net:10.30.3.0/24 $FW
|
|
||||||
ACCEPT vpnasn2net:10.30.2.0/24 $FW
|
|
||||||
ACCEPT vpnasn2net:10.30.2.0/24 mgmt
|
|
||||||
ACCEPT vpnasn2net:10.30.3.0/24 mgmt
|
|
@ -1,274 +0,0 @@
|
|||||||
###############################################################################
|
|
||||||
#
|
|
||||||
# Shorewall Version 4 -- /etc/shorewall/shorewall.conf
|
|
||||||
#
|
|
||||||
# For information about the settings in this file, type "man shorewall.conf"
|
|
||||||
#
|
|
||||||
# Manpage also online at http://www.shorewall.net/manpages/shorewall.conf.html
|
|
||||||
###############################################################################
|
|
||||||
# S T A R T U P E N A B L E D
|
|
||||||
###############################################################################
|
|
||||||
|
|
||||||
STARTUP_ENABLED=Yes
|
|
||||||
|
|
||||||
###############################################################################
|
|
||||||
# V E R B O S I T Y
|
|
||||||
###############################################################################
|
|
||||||
|
|
||||||
VERBOSITY=1
|
|
||||||
|
|
||||||
###############################################################################
|
|
||||||
# L O G G I N G
|
|
||||||
###############################################################################
|
|
||||||
|
|
||||||
BLACKLIST_LOG_LEVEL=
|
|
||||||
|
|
||||||
INVALID_LOG_LEVEL=
|
|
||||||
|
|
||||||
LOG_MARTIANS=Yes
|
|
||||||
|
|
||||||
LOG_VERBOSITY=2
|
|
||||||
|
|
||||||
LOGALLNEW=
|
|
||||||
|
|
||||||
LOGFILE="/var/log/firewall.log"
|
|
||||||
|
|
||||||
LOGFORMAT="%s:%s:"
|
|
||||||
|
|
||||||
LOGTAGONLY=No
|
|
||||||
|
|
||||||
LOGLIMIT=
|
|
||||||
|
|
||||||
MACLIST_LOG_LEVEL=info
|
|
||||||
|
|
||||||
RELATED_LOG_LEVEL=
|
|
||||||
|
|
||||||
RPFILTER_LOG_LEVEL=info
|
|
||||||
|
|
||||||
SFILTER_LOG_LEVEL=info
|
|
||||||
|
|
||||||
SMURF_LOG_LEVEL=info
|
|
||||||
|
|
||||||
STARTUP_LOG=/var/log/shorewall-init.log
|
|
||||||
|
|
||||||
TCP_FLAGS_LOG_LEVEL=info
|
|
||||||
|
|
||||||
UNTRACKED_LOG_LEVEL=
|
|
||||||
|
|
||||||
###############################################################################
|
|
||||||
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
|
|
||||||
###############################################################################
|
|
||||||
|
|
||||||
ARPTABLES=
|
|
||||||
|
|
||||||
CONFIG_PATH="${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
|
|
||||||
|
|
||||||
GEOIPDIR=/usr/share/xt_geoip/LE
|
|
||||||
|
|
||||||
IPTABLES=
|
|
||||||
|
|
||||||
IP=
|
|
||||||
|
|
||||||
IPSET=
|
|
||||||
|
|
||||||
LOCKFILE=
|
|
||||||
|
|
||||||
MODULESDIR=
|
|
||||||
|
|
||||||
NFACCT=
|
|
||||||
|
|
||||||
PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin"
|
|
||||||
|
|
||||||
PERL=/usr/bin/perl
|
|
||||||
|
|
||||||
RESTOREFILE=restore
|
|
||||||
|
|
||||||
SHOREWALL_SHELL=/bin/sh
|
|
||||||
|
|
||||||
SUBSYSLOCK=""
|
|
||||||
|
|
||||||
TC=
|
|
||||||
|
|
||||||
###############################################################################
|
|
||||||
# D E F A U L T A C T I O N S / M A C R O S
|
|
||||||
###############################################################################
|
|
||||||
|
|
||||||
ACCEPT_DEFAULT=none
|
|
||||||
DROP_DEFAULT=Drop
|
|
||||||
NFQUEUE_DEFAULT=none
|
|
||||||
QUEUE_DEFAULT=none
|
|
||||||
REJECT_DEFAULT=Reject
|
|
||||||
|
|
||||||
###############################################################################
|
|
||||||
# R S H / R C P C O M M A N D S
|
|
||||||
###############################################################################
|
|
||||||
|
|
||||||
RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
|
|
||||||
RSH_COMMAND='ssh ${root}@${system} ${command}'
|
|
||||||
|
|
||||||
###############################################################################
|
|
||||||
# F I R E W A L L O P T I O N S
|
|
||||||
###############################################################################
|
|
||||||
|
|
||||||
ACCOUNTING=Yes
|
|
||||||
|
|
||||||
ACCOUNTING_TABLE=filter
|
|
||||||
|
|
||||||
ADD_IP_ALIASES=No
|
|
||||||
|
|
||||||
ADD_SNAT_ALIASES=No
|
|
||||||
|
|
||||||
ADMINISABSENTMINDED=Yes
|
|
||||||
|
|
||||||
IGNOREUNKNOWNVARIABLES=No
|
|
||||||
|
|
||||||
AUTOCOMMENT=Yes
|
|
||||||
|
|
||||||
AUTOHELPERS=Yes
|
|
||||||
|
|
||||||
AUTOMAKE=No
|
|
||||||
|
|
||||||
BLACKLIST="NEW,INVALID,UNTRACKED"
|
|
||||||
|
|
||||||
CHAIN_SCRIPTS=Yes
|
|
||||||
|
|
||||||
CLAMPMSS=No
|
|
||||||
|
|
||||||
CLEAR_TC=Yes
|
|
||||||
|
|
||||||
COMPLETE=No
|
|
||||||
|
|
||||||
DEFER_DNS_RESOLUTION=Yes
|
|
||||||
|
|
||||||
DELETE_THEN_ADD=Yes
|
|
||||||
|
|
||||||
DETECT_DNAT_IPADDRS=No
|
|
||||||
|
|
||||||
DISABLE_IPV6=No
|
|
||||||
|
|
||||||
DONT_LOAD=
|
|
||||||
|
|
||||||
DYNAMIC_BLACKLIST=Yes
|
|
||||||
|
|
||||||
EXPAND_POLICIES=Yes
|
|
||||||
|
|
||||||
EXPORTMODULES=Yes
|
|
||||||
|
|
||||||
FASTACCEPT=No
|
|
||||||
|
|
||||||
FORWARD_CLEAR_MARK=
|
|
||||||
|
|
||||||
HELPERS=
|
|
||||||
|
|
||||||
IMPLICIT_CONTINUE=No
|
|
||||||
|
|
||||||
IPSET_WARNINGS=Yes
|
|
||||||
|
|
||||||
IP_FORWARDING=On
|
|
||||||
|
|
||||||
KEEP_RT_TABLES=No
|
|
||||||
|
|
||||||
LEGACY_FASTSTART=Yes
|
|
||||||
|
|
||||||
LOAD_HELPERS_ONLY=No
|
|
||||||
|
|
||||||
MACLIST_TABLE=filter
|
|
||||||
|
|
||||||
MACLIST_TTL=
|
|
||||||
|
|
||||||
MANGLE_ENABLED=Yes
|
|
||||||
|
|
||||||
MAPOLDACTIONS=No
|
|
||||||
|
|
||||||
MARK_IN_FORWARD_CHAIN=No
|
|
||||||
|
|
||||||
MODULE_SUFFIX=ko
|
|
||||||
|
|
||||||
MULTICAST=Yes
|
|
||||||
|
|
||||||
MUTEX_TIMEOUT=60
|
|
||||||
|
|
||||||
NULL_ROUTE_RFC1918=No
|
|
||||||
|
|
||||||
OPTIMIZE=0
|
|
||||||
|
|
||||||
OPTIMIZE_ACCOUNTING=No
|
|
||||||
|
|
||||||
REJECT_ACTION=
|
|
||||||
|
|
||||||
REQUIRE_INTERFACE=No
|
|
||||||
|
|
||||||
RESTORE_DEFAULT_ROUTE=Yes
|
|
||||||
|
|
||||||
RESTORE_ROUTEMARKS=Yes
|
|
||||||
|
|
||||||
RETAIN_ALIASES=No
|
|
||||||
|
|
||||||
ROUTE_FILTER=Yes
|
|
||||||
|
|
||||||
SAVE_ARPTABLES=No
|
|
||||||
|
|
||||||
SAVE_IPSETS=No
|
|
||||||
|
|
||||||
TC_ENABLED=Internal
|
|
||||||
|
|
||||||
TC_EXPERT=No
|
|
||||||
|
|
||||||
TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2"
|
|
||||||
|
|
||||||
TRACK_PROVIDERS=No
|
|
||||||
|
|
||||||
TRACK_RULES=No
|
|
||||||
|
|
||||||
USE_DEFAULT_RT=No
|
|
||||||
|
|
||||||
USE_PHYSICAL_NAMES=No
|
|
||||||
|
|
||||||
USE_RT_NAMES=No
|
|
||||||
|
|
||||||
WARNOLDCAPVERSION=Yes
|
|
||||||
|
|
||||||
ZONE2ZONE=2
|
|
||||||
|
|
||||||
###############################################################################
|
|
||||||
# P A C K E T D I S P O S I T I O N
|
|
||||||
###############################################################################
|
|
||||||
|
|
||||||
BLACKLIST_DISPOSITION=DROP
|
|
||||||
|
|
||||||
INVALID_DISPOSITION=CONTINUE
|
|
||||||
|
|
||||||
MACLIST_DISPOSITION=REJECT
|
|
||||||
|
|
||||||
RELATED_DISPOSITION=ACCEPT
|
|
||||||
|
|
||||||
RPFILTER_DISPOSITION=DROP
|
|
||||||
|
|
||||||
SMURF_DISPOSITION=DROP
|
|
||||||
|
|
||||||
SFILTER_DISPOSITION=DROP
|
|
||||||
|
|
||||||
TCP_FLAGS_DISPOSITION=DROP
|
|
||||||
|
|
||||||
UNTRACKED_DISPOSITION=CONTINUE
|
|
||||||
|
|
||||||
################################################################################
|
|
||||||
# P A C K E T M A R K L A Y O U T
|
|
||||||
################################################################################
|
|
||||||
|
|
||||||
TC_BITS=
|
|
||||||
|
|
||||||
PROVIDER_BITS=
|
|
||||||
|
|
||||||
PROVIDER_OFFSET=
|
|
||||||
|
|
||||||
MASK_BITS=
|
|
||||||
|
|
||||||
ZONE_BITS=0
|
|
||||||
|
|
||||||
################################################################################
|
|
||||||
# L E G A C Y O P T I O N
|
|
||||||
# D O N O T D E L E T E O R A L T E R
|
|
||||||
################################################################################
|
|
||||||
|
|
||||||
IPSECFILE=zones
|
|
@ -1,14 +0,0 @@
|
|||||||
#ZONE TYPE OPTIONS
|
|
||||||
fw firewall
|
|
||||||
rr ipv4
|
|
||||||
wan ipv4
|
|
||||||
barm ipv4
|
|
||||||
mgmt ipv4
|
|
||||||
asn ipv4
|
|
||||||
s2l ipv4
|
|
||||||
fnf ipv4
|
|
||||||
knel ipv4
|
|
||||||
tsys ipv4
|
|
||||||
vpnrwr ipv4
|
|
||||||
vpnauslab ipv4
|
|
||||||
vpnasn2net ipv4
|
|
@ -1,30 +0,0 @@
|
|||||||
ausprod-core-rtr01-vlmgmt.turnsys.net:
|
|
||||||
hostname: ausprod-core-rtr01-vlmgmt.turnsys.net
|
|
||||||
username: root
|
|
||||||
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
|
|
||||||
tags: 'prod,auslab,physical,infra'
|
|
||||||
ausprod-labsvr.turnsys.net:
|
|
||||||
hostname: ausprod-labsvr.turnsys.net
|
|
||||||
username: root
|
|
||||||
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
|
|
||||||
tags: 'prod,auslab,physical,subo'
|
|
||||||
fsky2-rpi3.turnsys.net:
|
|
||||||
hostname: fsky2-rpi3.turnsys.net
|
|
||||||
username: root
|
|
||||||
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
|
|
||||||
tags: 'prod,auslab,physical,subo'
|
|
||||||
subo-logtest.turnsys.net:
|
|
||||||
hostname: subo-logtest.turnsys.net
|
|
||||||
username: root
|
|
||||||
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
|
|
||||||
tags: 'prod,auslab,physical,subo'
|
|
||||||
fground01.turnsys.net:
|
|
||||||
hostname: fground01.turnsys.net
|
|
||||||
username: root
|
|
||||||
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
|
|
||||||
tags: 'prod,auslab,physical,subo'
|
|
||||||
fground-flink.turnsys.net:
|
|
||||||
hostname: fground-flink.turnsys.net
|
|
||||||
username: root
|
|
||||||
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
|
|
||||||
tags: 'prod,auslab,physical,subo'
|
|
@ -1,35 +0,0 @@
|
|||||||
shared-router.turnsys.net:
|
|
||||||
hostname: shared-router.turnsys.net
|
|
||||||
username: root
|
|
||||||
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
|
|
||||||
tags: 'prod,ovh,virtual,infra'
|
|
||||||
tsys-cloud.turnsys.net:
|
|
||||||
hostname: tsys-cloud.turnsys.net
|
|
||||||
username: root
|
|
||||||
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
|
|
||||||
tags: 'prod,ovh,virtual,tsys'
|
|
||||||
tsys-rr-shell.turnsys.net:
|
|
||||||
hostname: tsys-rr-shell.turnsys.net
|
|
||||||
username: root
|
|
||||||
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
|
|
||||||
tags: 'prod,ovh,virtual,rr'
|
|
||||||
tsys-rr-app.turnsys.net:
|
|
||||||
hostname: tsys-rr-app.turnsys.net
|
|
||||||
username: root
|
|
||||||
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
|
|
||||||
tags: 'prod,ovh,virtual,rr'
|
|
||||||
toolbox.turnsys.net:
|
|
||||||
hostname: toolbox.turnsys.net
|
|
||||||
username: root
|
|
||||||
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
|
|
||||||
tags: 'prod,ovh,virtual,infra'
|
|
||||||
shared-build.turnsys.net:
|
|
||||||
hostname: shared-build.turnsys.net
|
|
||||||
username: root
|
|
||||||
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
|
|
||||||
tags: 'prod,ovh,virtual,infra'
|
|
||||||
shared-zenoss.turnsys.net:
|
|
||||||
hostname: shared-zenoss.turnsys.net
|
|
||||||
username: root
|
|
||||||
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
|
|
||||||
tags: 'prod,ovh,virtual,infra'
|
|
@ -1,20 +0,0 @@
|
|||||||
ausprod-linsrv.turnsys.net:
|
|
||||||
hostname: ausprod-linsrv.turnsys.net
|
|
||||||
username: root
|
|
||||||
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
|
|
||||||
tags: 'prod,satx,physical,infra'
|
|
||||||
tsyscn4.turnsys.net:
|
|
||||||
hostname: tsyscn4.turnsys.net
|
|
||||||
username: root
|
|
||||||
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
|
|
||||||
tags: 'satx,physical,infra,tsys'
|
|
||||||
satxtimeserver.turnsys.net:
|
|
||||||
hostname: satxtimeserver.turnsys.net
|
|
||||||
username: root
|
|
||||||
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
|
|
||||||
tags: 'prod,satx,physical,infra'
|
|
||||||
octoprint.turnsys.net:
|
|
||||||
hostname: octoprint.turnsys.net
|
|
||||||
username: root
|
|
||||||
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
|
|
||||||
tags: 'prod,satx,physical,infra'
|
|
@ -1,99 +0,0 @@
|
|||||||
StrictHostKeyChecking no
|
|
||||||
|
|
||||||
|
|
||||||
#IdentityFile /home/cwyble/.ssh/id_rsa
|
|
||||||
|
|
||||||
#Production systems
|
|
||||||
|
|
||||||
Host asn2net-linsrv
|
|
||||||
User asn2net
|
|
||||||
Hostname asn2net-linsrv.turnsys.net
|
|
||||||
Host asn2net-router
|
|
||||||
User admin
|
|
||||||
Hostname asn2net-router.turnsys.net
|
|
||||||
Host ausprod-core-ap01
|
|
||||||
Hostname ausprod-core-ap01.turnsys.net
|
|
||||||
User cisco
|
|
||||||
Host ausprod-core-rtr01
|
|
||||||
User localuser
|
|
||||||
Hostname ausprod-core-rtr01-vlmgmt.turnsys.net
|
|
||||||
Host ausprod-lab-sw01
|
|
||||||
Hostname ausprod-labsw01.turnsys.net
|
|
||||||
Host ausprod-lab-sw02
|
|
||||||
Hostname ausprod-labsw02.turnsys.net
|
|
||||||
Host ausprod-consrv
|
|
||||||
User root
|
|
||||||
ForwardX11 no
|
|
||||||
Hostname ausprod-consrv.turnsys.net
|
|
||||||
Host auslab-power
|
|
||||||
User root:7048
|
|
||||||
Hostname ausprod-consrv.turnsys.net
|
|
||||||
ForwardX11 no
|
|
||||||
Host ausprod-labsvr
|
|
||||||
User root
|
|
||||||
Hostname ausprod-labsvr.turnsys.net
|
|
||||||
Host ausprod-linsrv
|
|
||||||
User localuser
|
|
||||||
Hostname ausprod-linsrv.turnsys.net
|
|
||||||
Host dedi
|
|
||||||
User root
|
|
||||||
Hostname dedi.turnsys.com
|
|
||||||
ForwardX11 yes
|
|
||||||
Host shared-boss
|
|
||||||
User localuser
|
|
||||||
Hostname shared-boss.turnsys.net
|
|
||||||
Host shared-build
|
|
||||||
User localuser
|
|
||||||
Hostname shared-build.turnsys.net
|
|
||||||
Host shared-router
|
|
||||||
User root
|
|
||||||
Hostname shared-router.turnsys.net
|
|
||||||
Host toolbox
|
|
||||||
User localuser
|
|
||||||
Hostname toolbox.turnsys.net
|
|
||||||
Host shared-voip
|
|
||||||
User localuser
|
|
||||||
Hostname shared-voip.turnsys.net
|
|
||||||
Host shared-zenoss
|
|
||||||
User root
|
|
||||||
Hostname shared-zenoss.turnsys.net
|
|
||||||
Host tsys-rr-app
|
|
||||||
User root
|
|
||||||
Hostname tsys-rr-app.turnsys.net
|
|
||||||
Host tsys-rr-shell
|
|
||||||
User localuser
|
|
||||||
Hostname tsys-rr-shell.turnsys.net
|
|
||||||
Host tsys-cloud
|
|
||||||
User root
|
|
||||||
Hostname tsys-cloud.turnsys.net
|
|
||||||
Host tsyscn4
|
|
||||||
User localuser
|
|
||||||
Hostname tsyscn4.turnsys.net
|
|
||||||
Host shallowblue
|
|
||||||
User localuser
|
|
||||||
Hostname shallowblue.turnsys.net
|
|
||||||
Host tsys-taiga
|
|
||||||
User localuser
|
|
||||||
Hostname tsys-taiga.turnsys.net
|
|
||||||
Host subo-fground
|
|
||||||
User fground
|
|
||||||
Hostname fground01.turnsys.net
|
|
||||||
Host subo-fground-flink
|
|
||||||
User pi
|
|
||||||
Hostname fground-flink.turnsys.net
|
|
||||||
Host subo-fsky
|
|
||||||
User pi
|
|
||||||
Hostname fsky2-rpi3.turnsys.net
|
|
||||||
Host subo-logtest
|
|
||||||
User fground
|
|
||||||
Hostname subo-logtest.turnsys.net
|
|
||||||
Host satxtimeserver
|
|
||||||
User pi
|
|
||||||
Hostname satxtimeserver.turnsys.net
|
|
||||||
|
|
||||||
#Host ausprod-oob-sw01
|
|
||||||
#Host ausprod-oob-sw02
|
|
||||||
|
|
||||||
|
|
||||||
Host *
|
|
||||||
ForwardAgent yes
|
|
@ -1,257 +0,0 @@
|
|||||||
#!/bin/sh
|
|
||||||
# Observium License Version 1.0
|
|
||||||
#
|
|
||||||
# Copyright (c) 2013 Joe Holden
|
|
||||||
#
|
|
||||||
# The intent of this license is to establish the freedom to use, share and contribute to
|
|
||||||
# the software regulated by this license.
|
|
||||||
#
|
|
||||||
# This license applies to any software containing a notice placed by the copyright holder
|
|
||||||
# saying that it may be distributed under the terms of this license. Such software is herein
|
|
||||||
# referred to as the Software. This license covers modification and distribution of the
|
|
||||||
# Software.
|
|
||||||
#
|
|
||||||
# Granted Rights
|
|
||||||
#
|
|
||||||
# 1. You are granted the non-exclusive rights set forth in this license provided you agree to
|
|
||||||
# and comply with any and all conditions in this license. Whole or partial distribution of the
|
|
||||||
# Software, or software items that link with the Software, in any form signifies acceptance of
|
|
||||||
# this license.
|
|
||||||
#
|
|
||||||
# 2. You may copy and distribute the Software in unmodified form provided that the entire package,
|
|
||||||
# including - but not restricted to - copyright, trademark notices and disclaimers, as released
|
|
||||||
# by the initial developer of the Software, is distributed.
|
|
||||||
#
|
|
||||||
# 3. You may make modifications to the Software and distribute your modifications, in a form that
|
|
||||||
# is separate from the Software, such as patches. The following restrictions apply to modifications:
|
|
||||||
#
|
|
||||||
# a. Modifications must not alter or remove any copyright notices in the Software.
|
|
||||||
# b. When modifications to the Software are released under this license, a non-exclusive royalty-free
|
|
||||||
# right is granted to the initial developer of the Software to distribute your modification in
|
|
||||||
# future versions of the Software provided such versions remain available under these terms in
|
|
||||||
# addition to any other license(s) of the initial developer.
|
|
||||||
#
|
|
||||||
# Limitations of Liability
|
|
||||||
#
|
|
||||||
# In no event shall the initial developers or copyright holders be liable for any damages whatsoever,
|
|
||||||
# including - but not restricted to - lost revenue or profits or other direct, indirect, special,
|
|
||||||
# incidental or consequential damages, even if they have been advised of the possibility of such damages,
|
|
||||||
# except to the extent invariable law, if any, provides otherwise.
|
|
||||||
#
|
|
||||||
# No Warranty
|
|
||||||
#
|
|
||||||
# The Software and this license document are provided AS IS with NO WARRANTY OF ANY KIND, INCLUDING THE
|
|
||||||
# WARRANTY OF DESIGN, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
|
||||||
#
|
|
||||||
# URL: https://github.com/joeholden/distroscript/
|
|
||||||
# README: https://raw.github.com/joeholden/distroscript/master/README.md
|
|
||||||
|
|
||||||
# Shells are made of dicks.
|
|
||||||
DISTROSCRIPT="1.0.15"
|
|
||||||
|
|
||||||
if [ -z ${DISTROFORMAT} ]; then
|
|
||||||
DISTROFORMAT="pipe"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -n "${AGENT_LIBDIR}" -o -n "${MK_LIBDIR}" ]; then
|
|
||||||
# Set output for check_mk/observium agent
|
|
||||||
DISTROFORMAT="export"
|
|
||||||
fi
|
|
||||||
|
|
||||||
getos() {
|
|
||||||
OS=`uname -s`
|
|
||||||
if [ "${OS}" = "SunOS" ]; then
|
|
||||||
OS="Solaris"
|
|
||||||
elif [ "${OS}" = "DragonFly" ]; then
|
|
||||||
OS="DragonFlyBSD"
|
|
||||||
fi
|
|
||||||
export OS
|
|
||||||
return 0
|
|
||||||
}
|
|
||||||
|
|
||||||
getkernel() {
|
|
||||||
KERNEL=`uname -r`
|
|
||||||
export KERNEL
|
|
||||||
return 0
|
|
||||||
}
|
|
||||||
|
|
||||||
getdistro() {
|
|
||||||
if [ "${OS}" = "Linux" ]; then
|
|
||||||
if [ -f /etc/os-release ]; then
|
|
||||||
. /etc/os-release
|
|
||||||
DISTRO=`echo ${NAME} | awk '{print $1}'`
|
|
||||||
elif [ -x /usr/bin/lsb_release ]; then
|
|
||||||
DISTRO=`/usr/bin/lsb_release -si 2>/dev/null`
|
|
||||||
elif [ -f /etc/redhat-release ]; then
|
|
||||||
DISTRO=`cat /etc/redhat-release | awk '{print $1}'`
|
|
||||||
elif [ -f /etc/fedora-release ]; then
|
|
||||||
DISTRO="Fedora"
|
|
||||||
elif [ -f /etc/mandriva-release ]; then
|
|
||||||
DISTRO="Mandriva"
|
|
||||||
elif [ -f /etc/arch-release ]; then
|
|
||||||
DISTRO="ArchLinux"
|
|
||||||
elif [ -f /etc/gentoo-release ]; then
|
|
||||||
DISTRO="Gentoo"
|
|
||||||
elif [ -f /etc/SuSE-release ]; then
|
|
||||||
DISTRO="SuSE"
|
|
||||||
elif [ -f /etc/mandrake-release ]; then
|
|
||||||
DISTRO="Mandrake"
|
|
||||||
elif [ -f /etc/debian_version ]; then
|
|
||||||
# shit based on debian
|
|
||||||
if [ -f /etc/mailcleaner/etc/mailcleaner/version.def ]; then
|
|
||||||
DISTRO="MailCleaner"
|
|
||||||
else
|
|
||||||
DISTRO="Debian"
|
|
||||||
fi
|
|
||||||
elif [ -f /etc/UnitedLinux-release ]; then
|
|
||||||
DISTRO="UnitedLinux"
|
|
||||||
elif [ -f /etc/openwrt_version ]; then
|
|
||||||
DISTRO="OpenWRT"
|
|
||||||
elif [ -f /etc/slackware-version ]; then
|
|
||||||
DISTRO="Slackware"
|
|
||||||
else
|
|
||||||
DISTRO="Unknown"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Fixing some Distro names
|
|
||||||
if [ "${DISTRO}" = "Debian GNU/Linux" ]; then
|
|
||||||
DISTRO="Debian"
|
|
||||||
elif [ "${DISTRO}" = "Red" -o "${DISTRO}" = "RedHatEnterpriseServer" ]; then
|
|
||||||
DISTRO="RedHat"
|
|
||||||
elif [ "${DISTRO}" = "Arch" ]; then
|
|
||||||
DISTRO="ArchLinux"
|
|
||||||
fi
|
|
||||||
|
|
||||||
elif [ "${OS}" = "FreeBSD" ]; then
|
|
||||||
if [ -f /etc/platform -a -f /etc/version ]; then
|
|
||||||
DISTRO="pfSense"
|
|
||||||
elif [ -f /etc/platform -a -f /etc/prd.name ]; then
|
|
||||||
DISTRO=`cat /etc/prd.name`
|
|
||||||
elif [ -f /usr/local/bin/pbreg ]; then
|
|
||||||
DISTRO="PC-BSD"
|
|
||||||
elif [ -f /tmp/freenas_config.md5 ]; then
|
|
||||||
DISTRO="FreeNAS"
|
|
||||||
else
|
|
||||||
DISTRO=
|
|
||||||
fi
|
|
||||||
elif [ "${OS}" = "Solaris" ]; then
|
|
||||||
DISTRO=`head -n 1 /etc/release | awk '{print $1}'`
|
|
||||||
if [ "${DISTRO}" = "Solaris" -o "${DISTRO}" = "Oracle" ]; then
|
|
||||||
DISTRO=
|
|
||||||
fi
|
|
||||||
elif [ "${OS}" = "Darwin" ]; then
|
|
||||||
case `uname -m` in
|
|
||||||
AppleTV2*)
|
|
||||||
DISTRO="AppleTV2"
|
|
||||||
;;
|
|
||||||
AppleTV3*)
|
|
||||||
DISTRO="AppleTV3"
|
|
||||||
;;
|
|
||||||
iPhone*)
|
|
||||||
DISTRO="iPhone"
|
|
||||||
;;
|
|
||||||
iPod*)
|
|
||||||
DISTRO="iPOD"
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
DISTRO="OSX"
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
else
|
|
||||||
DISTRO=
|
|
||||||
fi
|
|
||||||
export DISTRO
|
|
||||||
return 0
|
|
||||||
}
|
|
||||||
|
|
||||||
getarch() {
|
|
||||||
if [ "${OS}" = "Solaris" ]; then
|
|
||||||
ARCH=`isainfo -k`
|
|
||||||
elif [ "${OS}" = "Darwin" ]; then
|
|
||||||
ARCH=`uname -p`
|
|
||||||
else
|
|
||||||
ARCH=`uname -m`
|
|
||||||
fi
|
|
||||||
if [ "${OS}" = "Linux" ]; then
|
|
||||||
if [ "${ARCH}" = "x86_64" ]; then
|
|
||||||
ARCH="amd64"
|
|
||||||
elif [ "${ARCH}" = "i486" -o "${ARCH}" = "i586" -o "${ARCH}" = "i686" ]; then
|
|
||||||
ARCH="i386"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
export ARCH
|
|
||||||
return 0
|
|
||||||
}
|
|
||||||
|
|
||||||
getversion() {
|
|
||||||
if [ "${OS}" = "FreeBSD" -o "${OS}" = "DragonFlyBSD" ]; then
|
|
||||||
if [ "${DISTRO}" = "pfSense" ]; then
|
|
||||||
VERSION=`cat /etc/version`
|
|
||||||
elif [ "${DISTRO}" = "PC-BSD" ]; then
|
|
||||||
VERSION=`pbreg get /PC-BSD/Version`
|
|
||||||
elif [ -f /etc/prd.version ]; then
|
|
||||||
VERSION=`cat /etc/prd.version`
|
|
||||||
else
|
|
||||||
VERSION=`uname -i`
|
|
||||||
fi
|
|
||||||
elif [ "${OS}" = "OpenBSD" -o "${OS}" = "NetBSD" ]; then
|
|
||||||
VERSION=`uname -v`
|
|
||||||
elif [ "${OS}" = "Linux" ]; then
|
|
||||||
if [ "${DISTRO}" = "OpenWRT" ]; then
|
|
||||||
VERSION=`cat /etc/openwrt_version`
|
|
||||||
elif [ "${DISTRO}" = "Slackware" ]; then
|
|
||||||
VERSION=`cat /etc/slackware-version | cut -d" " -f2`
|
|
||||||
elif [ -f /etc/redhat-release ]; then
|
|
||||||
VERSION=`cat /etc/redhat-release | sed 's/.*release\ //' | sed 's/\ .*//'`
|
|
||||||
elif [ -x /usr/bin/lsb_release ]; then
|
|
||||||
VERSION=`lsb_release -sr 2>/dev/null`
|
|
||||||
elif [ -f /etc/os-release ]; then
|
|
||||||
. /etc/os-release
|
|
||||||
VERSION=${VERSION_ID}
|
|
||||||
else
|
|
||||||
VERSION=
|
|
||||||
fi
|
|
||||||
elif [ "${OS}" = "Darwin" ]; then
|
|
||||||
VERSION=`sw_vers -productVersion`
|
|
||||||
elif [ "${OS}" = "Solaris" ]; then
|
|
||||||
VERSION=`uname -v`
|
|
||||||
fi
|
|
||||||
export VERSION
|
|
||||||
return 0
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
if [ -z ${DISTROEXEC} ]; then
|
|
||||||
getos
|
|
||||||
getkernel
|
|
||||||
getarch
|
|
||||||
getdistro
|
|
||||||
getversion
|
|
||||||
if [ "${AGENT_LIBDIR}" -o "${MK_LIBDIR}" ]; then
|
|
||||||
echo "<<<distro>>>"
|
|
||||||
fi
|
|
||||||
if [ "${DISTROFORMAT}" = "pipe" ]; then
|
|
||||||
echo "${OS}|${KERNEL}|${ARCH}|${DISTRO}|${VERSION}"
|
|
||||||
elif [ "${DISTROFORMAT}" = "twopipe" ]; then
|
|
||||||
echo "${OS}||${KERNEL}||${ARCH}||${DISTRO}||${VERSION}"
|
|
||||||
elif [ "${DISTROFORMAT}" = "ini" ]; then
|
|
||||||
echo "[distroscript]"
|
|
||||||
echo " OS = ${OS}"
|
|
||||||
echo " KERNEL = ${KERNEL}"
|
|
||||||
echo " ARCH = ${ARCH}"
|
|
||||||
echo " DISTRO = ${DISTRO}"
|
|
||||||
echo " DISTROVER = ${VERSION}"
|
|
||||||
echo " SCRIPTVER = ${DISTROSCRIPT}"
|
|
||||||
elif [ "${DISTROFORMAT}" = "export" ]; then
|
|
||||||
echo "OS=${OS}"
|
|
||||||
echo "KERNEL=${KERNEL}"
|
|
||||||
echo "ARCH=${ARCH}"
|
|
||||||
echo "DISTRO=${DISTRO}"
|
|
||||||
echo "DISTROVER=${VERSION}"
|
|
||||||
echo "SCRIPTVER=${DISTROSCRIPT}"
|
|
||||||
else
|
|
||||||
echo "Unsupported output format."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
exit 0
|
|
||||||
fi
|
|
@ -1,60 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
#A script to bootstrap slack onto any TURNSYS managed system in any environment.
|
|
||||||
#Use this as a template for writing TURNSYS shell scripts
|
|
||||||
|
|
||||||
slack-install()
|
|
||||||
{
|
|
||||||
|
|
||||||
wget http://toolbox.turnsys.net/sysinfra/slack/bin/distro -O /usr/bin/distro
|
|
||||||
chmod +x /usr/bin/distro
|
|
||||||
|
|
||||||
apt-get -y install make perl rsync
|
|
||||||
|
|
||||||
mkdir /tmp/slackDist
|
|
||||||
wget http://toolbox.turnsys.net/sysinfra/slack/slackDist.tar.gz -O /tmp/slackDist/slackDist.tar.gz
|
|
||||||
cd /tmp/slackDist
|
|
||||||
tar xvfz slackDist.tar.gz
|
|
||||||
make install
|
|
||||||
cd /tmp
|
|
||||||
rm -rf slackDist
|
|
||||||
|
|
||||||
mkdir /root/.ssh
|
|
||||||
chmod 700 /root/.ssh
|
|
||||||
chown -R root:root /root/.ssh
|
|
||||||
|
|
||||||
wget http://toolbox.turnsys.net/sysinfra/slack/env/SlackConfig-$SERVER_TYPE.config -O /etc/slack.conf
|
|
||||||
|
|
||||||
wget http://toolbox.turnsys.net/sysinfra/slack/env/SlackSSH-$SERVER_TYPE.config -O /root/.ssh/config
|
|
||||||
chmod 400 /root/.ssh/config
|
|
||||||
|
|
||||||
wget http://toolbox.turnsys.net/sysinfra/slack/env/SlackSSH-$SERVER_TYPE.key -O /root/.ssh/SlackSSH-$SERVER_TYPE.key
|
|
||||||
chmod 400 /root/.ssh/SlackSSH-$SERVER_TYPE.key
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
#######################################################################################################################################################
|
|
||||||
#main() #For ease of searching
|
|
||||||
# Script starts here
|
|
||||||
# This code serves as a generic template for entrypoint code which is able to handle multi distro, multi environment execution.
|
|
||||||
# !!!!! DO NOT WRAP IN A FUNCTION. THESE ARE GLOBAL VARIABLES !!!!!
|
|
||||||
#######################################################################################################################################################
|
|
||||||
|
|
||||||
#If we have a fleet later, we can use this code to do fleet stuff
|
|
||||||
#if [ $(hostname -s|egrep -i -c -E 'ts|ts[0-9]|ts[0-9][0-9]|ts[0-9][0-9][0-9]|linux') -eq 1 ]; then
|
|
||||||
#export server_type=ts
|
|
||||||
#fi
|
|
||||||
|
|
||||||
|
|
||||||
case $server_type in
|
|
||||||
ts)
|
|
||||||
export SERVER_TYPE="ts"
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
export SERVER_TYPE="prod"
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
|
|
||||||
#######################################################################################################################################################
|
|
||||||
#Kick everything off
|
|
||||||
#
|
|
||||||
slack-install
|
|
39
archive/slack-runtime/dist/Makefile
vendored
39
archive/slack-runtime/dist/Makefile
vendored
@ -1,39 +0,0 @@
|
|||||||
# Makefile for slack/src
|
|
||||||
# $Id: Makefile 187 2008-03-03 02:00:18Z alan $
|
|
||||||
include Makefile.common
|
|
||||||
|
|
||||||
BACKENDS = slack-getroles slack-installfiles slack-runscript slack-sync slack-stage slack-rolediff
|
|
||||||
|
|
||||||
all:
|
|
||||||
|
|
||||||
install: install-bin install-conf install-lib install-man
|
|
||||||
|
|
||||||
install-bin: all
|
|
||||||
$(MKDIR) $(DESTDIR)$(sbindir)
|
|
||||||
$(INSTALL) slack $(DESTDIR)$(sbindir)
|
|
||||||
$(MKDIR) $(DESTDIR)$(bindir)
|
|
||||||
$(INSTALL) slack-diff $(DESTDIR)$(bindir)
|
|
||||||
$(MKDIR) $(DESTDIR)$(slack_libexecdir)
|
|
||||||
@set -ex;\
|
|
||||||
for i in $(BACKENDS); do \
|
|
||||||
$(INSTALL) $$i $(DESTDIR)$(slack_libexecdir); done
|
|
||||||
$(INSTALL) -d -m $(PRIVDIRMODE) $(DESTDIR)$(slack_localstatedir)
|
|
||||||
$(INSTALL) -d -m $(PRIVDIRMODE) $(DESTDIR)$(slack_localcachedir)
|
|
||||||
|
|
||||||
install-conf: all
|
|
||||||
$(MKDIR) $(DESTDIR)$(sysconfdir)
|
|
||||||
$(INSTALL) -m 0644 slack.conf $(DESTDIR)$(sysconfdir)
|
|
||||||
|
|
||||||
install-lib: all
|
|
||||||
$(MKDIR) $(DESTDIR)$(slack_libdir)
|
|
||||||
$(INSTALL) -m 0644 Slack.pm $(DESTDIR)$(slack_libdir)
|
|
||||||
|
|
||||||
install-man: all
|
|
||||||
|
|
||||||
clean:
|
|
||||||
|
|
||||||
realclean: clean
|
|
||||||
|
|
||||||
distclean: clean
|
|
||||||
|
|
||||||
test:
|
|
27
archive/slack-runtime/dist/Makefile.common
vendored
27
archive/slack-runtime/dist/Makefile.common
vendored
@ -1,27 +0,0 @@
|
|||||||
# Common code included in every Makefile
|
|
||||||
# $Id: Makefile.common 189 2008-04-21 00:52:56Z sundell $
|
|
||||||
|
|
||||||
PACKAGE=slack
|
|
||||||
VERSION=0.15.2
|
|
||||||
|
|
||||||
DESTDIR =
|
|
||||||
|
|
||||||
prefix = /
|
|
||||||
exec_prefix = /usr
|
|
||||||
sysconfdir = ${prefix}/etc
|
|
||||||
mandir = ${exec_prefix}/share/man
|
|
||||||
bindir = ${exec_prefix}/bin
|
|
||||||
sbindir = ${exec_prefix}/sbin
|
|
||||||
libdir = ${exec_prefix}/lib
|
|
||||||
libexecdir = ${exec_prefix}/lib
|
|
||||||
localstatedir = ${prefix}/var
|
|
||||||
|
|
||||||
slack_libdir = ${libdir}/slack
|
|
||||||
slack_libexecdir = ${libexecdir}/slack
|
|
||||||
slack_localstatedir = ${localstatedir}/lib/slack
|
|
||||||
slack_localcachedir = ${localstatedir}/cache/slack
|
|
||||||
|
|
||||||
INSTALL = install
|
|
||||||
MKDIR = mkdir -p
|
|
||||||
|
|
||||||
PRIVDIRMODE = 0700
|
|
371
archive/slack-runtime/dist/Slack.pm
vendored
371
archive/slack-runtime/dist/Slack.pm
vendored
@ -1,371 +0,0 @@
|
|||||||
# $Id: Slack.pm 189 2008-04-21 00:52:56Z sundell $
|
|
||||||
# vim:sw=2
|
|
||||||
# vim600:fdm=marker
|
|
||||||
# Copyright (C) 2004-2008 Alan Sundell <alan@sundell.net>
|
|
||||||
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
|
|
||||||
# See the file COPYING for details.
|
|
||||||
|
|
||||||
package Slack;
|
|
||||||
|
|
||||||
require 5.006;
|
|
||||||
use strict;
|
|
||||||
use Carp qw(cluck confess croak);
|
|
||||||
use File::Find;
|
|
||||||
use POSIX qw(WIFEXITED WEXITSTATUS WIFSIGNALED WTERMSIG);
|
|
||||||
|
|
||||||
use base qw(Exporter);
|
|
||||||
use vars qw($VERSION @EXPORT @EXPORT_OK $DEFAULT_CONFIG_FILE);
|
|
||||||
$VERSION = '0.15.2';
|
|
||||||
@EXPORT = qw();
|
|
||||||
@EXPORT_OK = qw();
|
|
||||||
|
|
||||||
$DEFAULT_CONFIG_FILE = '/etc/slack.conf';
|
|
||||||
|
|
||||||
my $term;
|
|
||||||
|
|
||||||
my @default_options = (
|
|
||||||
'help|h|?',
|
|
||||||
'version',
|
|
||||||
'verbose|v+',
|
|
||||||
'quiet',
|
|
||||||
'config|C=s',
|
|
||||||
'source|s=s',
|
|
||||||
'rsh|e=s',
|
|
||||||
'cache|c=s',
|
|
||||||
'stage|t=s',
|
|
||||||
'root|r=s',
|
|
||||||
'dry-run|n',
|
|
||||||
'backup|b',
|
|
||||||
'backup-dir=s',
|
|
||||||
'hostname|H=s',
|
|
||||||
);
|
|
||||||
|
|
||||||
sub default_usage ($) {
|
|
||||||
my ($synopsis) = @_;
|
|
||||||
return <<EOF;
|
|
||||||
Usage: $synopsis
|
|
||||||
|
|
||||||
Options:
|
|
||||||
-h, -?, --help
|
|
||||||
Print this help message and exit.
|
|
||||||
|
|
||||||
--version
|
|
||||||
Print the version number and exit.
|
|
||||||
|
|
||||||
-v, --verbose
|
|
||||||
Be verbose.
|
|
||||||
|
|
||||||
--quiet
|
|
||||||
Don't be verbose (Overrides previous uses of --verbose)
|
|
||||||
|
|
||||||
-C, --config FILE
|
|
||||||
Use this config file instead of '$DEFAULT_CONFIG_FILE'.
|
|
||||||
|
|
||||||
-s, --source DIR
|
|
||||||
Source for slack files
|
|
||||||
|
|
||||||
-e, --rsh COMMAND
|
|
||||||
Remote shell for rsync
|
|
||||||
|
|
||||||
-c, --cache DIR
|
|
||||||
Local cache directory for slack files
|
|
||||||
|
|
||||||
-t, --stage DIR
|
|
||||||
Local staging directory for slack files
|
|
||||||
|
|
||||||
-r, --root DIR
|
|
||||||
Root destination for slack files
|
|
||||||
|
|
||||||
-n, --dry-run
|
|
||||||
Don't write any files to disk -- just report what would have been done.
|
|
||||||
|
|
||||||
-b, --backup
|
|
||||||
Make backups of existing files in ROOT that are overwritten.
|
|
||||||
|
|
||||||
--backup-dir DIR
|
|
||||||
Put backups into this directory.
|
|
||||||
|
|
||||||
-H, --hostname HOST
|
|
||||||
Pretend to be running on HOST, instead of the name given by
|
|
||||||
gethostname(2).
|
|
||||||
EOF
|
|
||||||
}
|
|
||||||
# Read options from a config file. Arguments:
|
|
||||||
# file => config file to read
|
|
||||||
# opthash => hashref in which to store the options
|
|
||||||
# verbose => whether to be verbose
|
|
||||||
sub read_config (%) {
|
|
||||||
my %arg = @_;
|
|
||||||
my ($config_fh);
|
|
||||||
local $_;
|
|
||||||
|
|
||||||
confess "Slack::read_config: no config file given"
|
|
||||||
if not defined $arg{file};
|
|
||||||
$arg{opthash} = {}
|
|
||||||
if not defined $arg{opthash};
|
|
||||||
|
|
||||||
open($config_fh, '<', $arg{file})
|
|
||||||
or confess "Could not open config file '$arg{file}': $!";
|
|
||||||
|
|
||||||
# Make this into a hash so we can quickly see if we're looking
|
|
||||||
# for a particular option
|
|
||||||
my %looking_for;
|
|
||||||
if (ref $arg{options} eq 'ARRAY') {
|
|
||||||
%looking_for = map { $_ => 1 } @{$arg{options}};
|
|
||||||
}
|
|
||||||
|
|
||||||
while(<$config_fh>) {
|
|
||||||
chomp;
|
|
||||||
s/#.*//; # delete comments
|
|
||||||
s/\s+$//; # delete trailing spaces
|
|
||||||
next if m/^$/; # skip empty lines
|
|
||||||
|
|
||||||
if (m/^[A-Z_]+=\S+/) {
|
|
||||||
my ($key, $value) = split(/=/, $_, 2);
|
|
||||||
$key =~ tr/A-Z_/a-z-/;
|
|
||||||
# Only set options we're looking for
|
|
||||||
next if (%looking_for and not $looking_for{$key});
|
|
||||||
# Don't set options that are already set
|
|
||||||
next if defined $arg{opthash}->{$key};
|
|
||||||
|
|
||||||
$arg{verbose} and print STDERR "Slack::read_config: Setting '$key' to '$value'\n";
|
|
||||||
$arg{opthash}->{$key} = $value;
|
|
||||||
} else {
|
|
||||||
cluck "Slack::read_config: Garbage line '$_' in '$arg{file}' line $. ignored";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
close($config_fh)
|
|
||||||
or confess "Slack::read_config: Could not close config file: $!";
|
|
||||||
|
|
||||||
# The verbose option is treated specially in so many places that
|
|
||||||
# we need to make sure it's defined.
|
|
||||||
$arg{opthash}->{verbose} ||= 0;
|
|
||||||
|
|
||||||
return $arg{opthash};
|
|
||||||
}
|
|
||||||
|
|
||||||
# Just get the exit code from a command that failed.
|
|
||||||
# croaks if anything weird happened.
|
|
||||||
sub get_system_exit (@) {
|
|
||||||
my @command = @_;
|
|
||||||
|
|
||||||
if (WIFEXITED($?)) {
|
|
||||||
my $exit = WEXITSTATUS($?);
|
|
||||||
return $exit if $exit;
|
|
||||||
}
|
|
||||||
if (WIFSIGNALED($?)) {
|
|
||||||
my $sig = WTERMSIG($?);
|
|
||||||
croak "'@command' caught sig $sig";
|
|
||||||
}
|
|
||||||
if ($!) {
|
|
||||||
croak "Syserr on system '@command': $!";
|
|
||||||
}
|
|
||||||
croak "Unknown error on '@command'";
|
|
||||||
}
|
|
||||||
|
|
||||||
sub check_system_exit (@) {
|
|
||||||
my @command = @_;
|
|
||||||
my $exit = get_system_exit(@command);
|
|
||||||
# Exit is non-zero if get_system_exit() didn't croak.
|
|
||||||
croak "'@command' exited $exit";
|
|
||||||
}
|
|
||||||
|
|
||||||
# get options from the command line and the config file
|
|
||||||
# Arguments
|
|
||||||
# opthash => hashref in which to store options
|
|
||||||
# usage => usage statement
|
|
||||||
# required_options => arrayref of options to require -- an exception
|
|
||||||
# will be thrown if these options are not defined
|
|
||||||
# command_line_hash => store options specified on the command line here
|
|
||||||
sub get_options {
|
|
||||||
my %arg = @_;
|
|
||||||
use Getopt::Long;
|
|
||||||
Getopt::Long::Configure('bundling');
|
|
||||||
|
|
||||||
if (not defined $arg{opthash}) {
|
|
||||||
$arg{opthash} = {};
|
|
||||||
}
|
|
||||||
|
|
||||||
if (not defined $arg{usage}) {
|
|
||||||
$arg{usage} = default_usage($0);
|
|
||||||
}
|
|
||||||
|
|
||||||
my @extra_options = (); # extra arguments to getoptions
|
|
||||||
if (defined $arg{command_line_options}) {
|
|
||||||
@extra_options = @{$arg{command_line_options}};
|
|
||||||
}
|
|
||||||
|
|
||||||
# Make a --quiet function that turns off verbosity
|
|
||||||
$arg{opthash}->{quiet} = sub { $arg{opthash}->{verbose} = 0; };
|
|
||||||
|
|
||||||
unless (GetOptions($arg{opthash},
|
|
||||||
@default_options,
|
|
||||||
@extra_options,
|
|
||||||
)) {
|
|
||||||
print STDERR $arg{usage};
|
|
||||||
exit 1;
|
|
||||||
}
|
|
||||||
if ($arg{opthash}->{help}) {
|
|
||||||
print $arg{usage};
|
|
||||||
exit 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($arg{opthash}->{version}) {
|
|
||||||
print "slack version $VERSION\n";
|
|
||||||
exit 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Get rid of the quiet handler
|
|
||||||
delete $arg{opthash}->{quiet};
|
|
||||||
|
|
||||||
# If we've been given a hashref, save our options there at this
|
|
||||||
# stage, so the caller can see what was passed on the command line.
|
|
||||||
# Unfortunately, perl has no .replace function, so we iterate.
|
|
||||||
if (ref $arg{command_line_hash} eq 'HASH') {
|
|
||||||
while (my ($k, $v) = each %{$arg{opthash}}) {
|
|
||||||
$arg{command_line_hash}->{$k} = $v;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# Use the default config file
|
|
||||||
if (not defined $arg{opthash}->{config}) {
|
|
||||||
$arg{opthash}->{config} = $DEFAULT_CONFIG_FILE;
|
|
||||||
}
|
|
||||||
|
|
||||||
# We need to decide whether to be verbose about reading the config file
|
|
||||||
# Currently we just do it if global verbosity > 2
|
|
||||||
my $verbose_config = 0;
|
|
||||||
if (defined $arg{opthash}->{verbose}
|
|
||||||
and $arg{opthash}->{verbose} > 2) {
|
|
||||||
$verbose_config = 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Read options from the config file, passing along the options we've
|
|
||||||
# gotten so far
|
|
||||||
read_config(
|
|
||||||
file => $arg{opthash}->{config},
|
|
||||||
opthash => $arg{opthash},
|
|
||||||
verbose => $verbose_config,
|
|
||||||
);
|
|
||||||
|
|
||||||
# The "verbose" option gets compared a lot and needs to be defined
|
|
||||||
$arg{opthash}->{verbose} ||= 0;
|
|
||||||
|
|
||||||
# The "hostname" option is set specially if it's not defined
|
|
||||||
if (not defined $arg{opthash}->{hostname}) {
|
|
||||||
use Sys::Hostname;
|
|
||||||
$arg{opthash}->{hostname} = hostname;
|
|
||||||
}
|
|
||||||
|
|
||||||
# We can require some options to be set
|
|
||||||
if (ref $arg{required_options} eq 'ARRAY') {
|
|
||||||
for my $option (@{$arg{required_options}}) {
|
|
||||||
if (not defined $arg{opthash}->{$option}) {
|
|
||||||
croak "Required option '$option' not given on command line or specified in config file!\n";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return $arg{opthash};
|
|
||||||
}
|
|
||||||
|
|
||||||
sub prompt ($) {
|
|
||||||
my ($prompt) = @_;
|
|
||||||
if (not defined $term) {
|
|
||||||
require Term::ReadLine;
|
|
||||||
$term = new Term::ReadLine 'slack'
|
|
||||||
}
|
|
||||||
|
|
||||||
$term->readline($prompt);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
# Calls the callback on absolute pathnames of files in the source directory,
|
|
||||||
# and also on names of directories that don't exist in the destination
|
|
||||||
# directory (i.e. where $source/foo exists but $destination/foo does not).
|
|
||||||
sub find_files_to_install ($$$) {
|
|
||||||
my ($source, $destination, $callback) = @_;
|
|
||||||
return find ({
|
|
||||||
wanted => sub {
|
|
||||||
if (-l or not -d _) {
|
|
||||||
# Copy all files, links, etc
|
|
||||||
my $file = $File::Find::name;
|
|
||||||
&$callback($file);
|
|
||||||
} elsif (-d _) {
|
|
||||||
# For directories, we only want to copy it if it doesn't
|
|
||||||
# exist in the destination yet.
|
|
||||||
my $dir = $File::Find::name;
|
|
||||||
# We know the root directory will exist (we make it above),
|
|
||||||
# so skip the base of the source
|
|
||||||
(my $short_source = $source) =~ s#/$##;
|
|
||||||
return if $dir eq $short_source;
|
|
||||||
|
|
||||||
# Strip the $source from the path,
|
|
||||||
# so we can build the destination dir from it.
|
|
||||||
my $subdir = $dir;
|
|
||||||
($subdir =~ s#^$source##)
|
|
||||||
or croak "sub failed: $source|$subdir";
|
|
||||||
|
|
||||||
if (not -d "$destination/$subdir") {
|
|
||||||
&$callback($dir);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
$source,
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
# Runs rsync with the necessary redirection to its filehandles
|
|
||||||
sub wrap_rsync (@) {
|
|
||||||
my @command = @_;
|
|
||||||
my ($pid);
|
|
||||||
|
|
||||||
if ($pid = fork) {
|
|
||||||
# Parent
|
|
||||||
} elsif (defined $pid) {
|
|
||||||
# Child
|
|
||||||
open(STDIN, "<", "/dev/null")
|
|
||||||
or die "Could not redirect STDIN from /dev/null\n";
|
|
||||||
# This redirection is necessary because rsync sends
|
|
||||||
# verbose output to STDOUT
|
|
||||||
open(STDOUT, ">&STDERR")
|
|
||||||
or die "Could not redirect STDOUT to STDERR\n";
|
|
||||||
exec(@command);
|
|
||||||
die "Could not exec '@command': $!\n";
|
|
||||||
} else {
|
|
||||||
die "Could not fork: $!\n";
|
|
||||||
}
|
|
||||||
|
|
||||||
my $kid = waitpid($pid, 0);
|
|
||||||
if ($kid != $pid) {
|
|
||||||
die "waitpid returned $kid\n";
|
|
||||||
} elsif ($?) {
|
|
||||||
Slack::check_system_exit(@command);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# Runs rsync with the necessary redirection to its filehandles, but also
|
|
||||||
# returns an FH to stdin and a PID.
|
|
||||||
sub wrap_rsync_fh (@) {
|
|
||||||
my @command = @_;
|
|
||||||
my ($fh, $pid);
|
|
||||||
|
|
||||||
if ($pid = open($fh, "|-")) {
|
|
||||||
# Parent
|
|
||||||
} elsif (defined $pid) {
|
|
||||||
# Child
|
|
||||||
# This redirection is necessary because rsync sends
|
|
||||||
# verbose output to STDOUT
|
|
||||||
open(STDOUT, ">&STDERR")
|
|
||||||
or die "Could not redirect STDOUT to STDERR\n";
|
|
||||||
exec(@command);
|
|
||||||
die "Could not exec '@command': $!\n";
|
|
||||||
} else {
|
|
||||||
die "Could not fork: $!\n";
|
|
||||||
}
|
|
||||||
return($fh, $pid);
|
|
||||||
}
|
|
||||||
|
|
||||||
1;
|
|
329
archive/slack-runtime/dist/slack
vendored
329
archive/slack-runtime/dist/slack
vendored
@ -1,329 +0,0 @@
|
|||||||
#!/usr/bin/perl -w
|
|
||||||
# $Id: slack 180 2008-01-19 08:26:19Z alan $
|
|
||||||
# vim:sw=2
|
|
||||||
# vim600:fdm=marker
|
|
||||||
# Copyright (C) 2004-2008 Alan Sundell <alan@sundell.net>
|
|
||||||
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
|
|
||||||
# See the file COPYING for details.
|
|
||||||
|
|
||||||
# This script is in charge of copying files from the (possibly remote)
|
|
||||||
# master directory to a local cache, using rsync
|
|
||||||
|
|
||||||
require 5.006;
|
|
||||||
use warnings FATAL => qw(all);
|
|
||||||
use strict;
|
|
||||||
use sigtrap qw(die untrapped normal-signals
|
|
||||||
stack-trace any error-signals);
|
|
||||||
|
|
||||||
use File::Path;
|
|
||||||
use File::Find;
|
|
||||||
use POSIX; # for strftime
|
|
||||||
|
|
||||||
use constant LIBEXEC_DIR => '/usr/lib/slack';
|
|
||||||
use constant LIB_DIR => '/usr/lib/slack';
|
|
||||||
use lib LIB_DIR;
|
|
||||||
use Slack;
|
|
||||||
|
|
||||||
sub run_backend(@);
|
|
||||||
sub run_conditional_backend($@);
|
|
||||||
|
|
||||||
(my $PROG = $0) =~ s#.*/##;
|
|
||||||
|
|
||||||
# Arguments to pass to each backends (initialized to a hash of empty arrays)
|
|
||||||
my %backend_flags = ( map { $_ => [] }
|
|
||||||
qw(getroles sync stage preview preinstall fixfiles installfiles postinstall)
|
|
||||||
);
|
|
||||||
|
|
||||||
my @roles;
|
|
||||||
|
|
||||||
########################################
|
|
||||||
# Environment
|
|
||||||
# Helpful prefix to die messages
|
|
||||||
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
|
|
||||||
# Set a reasonable umask
|
|
||||||
umask 077;
|
|
||||||
# Get out of wherever (possibly NFS-mounted) we were
|
|
||||||
chdir("/")
|
|
||||||
or die "Could not chdir /: $!";
|
|
||||||
# Autoflush on STDERR
|
|
||||||
select((select(STDERR), $|=1)[0]);
|
|
||||||
|
|
||||||
########################################
|
|
||||||
# Config and option parsing {{{
|
|
||||||
my $usage = Slack::default_usage("$PROG [options] [<role>...]");
|
|
||||||
$usage .= <<EOF;
|
|
||||||
|
|
||||||
--preview MODE
|
|
||||||
Do a diff of scripts and files before running them.
|
|
||||||
MODE can be one of 'simple' or 'prompt'.
|
|
||||||
|
|
||||||
--no-files
|
|
||||||
Don't install any files in ROOT, but tell rsync to print what
|
|
||||||
it would do.
|
|
||||||
|
|
||||||
--no-scripts
|
|
||||||
Don't run scripts.
|
|
||||||
|
|
||||||
--no-sync
|
|
||||||
Skip the slack-sync step. (useful if you're pushing stuff into
|
|
||||||
the CACHE outside of slack)
|
|
||||||
|
|
||||||
--role-list
|
|
||||||
Role list for slack-getroles
|
|
||||||
|
|
||||||
--libexec-dir DIR
|
|
||||||
Look for backend scripts in this directory.
|
|
||||||
|
|
||||||
--diff PROG
|
|
||||||
Use this diff program for previews
|
|
||||||
|
|
||||||
--sleep TIME
|
|
||||||
Randomly sleep between 1 and TIME seconds before starting
|
|
||||||
operations
|
|
||||||
EOF
|
|
||||||
|
|
||||||
# Options
|
|
||||||
my %opt = ();
|
|
||||||
# So we can distinguish stuff on the command line from config file stuff
|
|
||||||
my %command_line_opt = ();
|
|
||||||
Slack::get_options(
|
|
||||||
opthash => \%opt,
|
|
||||||
command_line_options => [
|
|
||||||
'preview=s',
|
|
||||||
'role-list=s',
|
|
||||||
'no-scripts|noscripts',
|
|
||||||
'no-files|nofiles',
|
|
||||||
'no-sync|nosync',
|
|
||||||
'libexec-dir=s',
|
|
||||||
'diff=s',
|
|
||||||
'sleep=i',
|
|
||||||
],
|
|
||||||
required_options => [ qw(source cache stage root) ],
|
|
||||||
command_line_hash => \%command_line_opt,
|
|
||||||
usage => $usage,
|
|
||||||
);
|
|
||||||
|
|
||||||
# Special options
|
|
||||||
if ($opt{'dry-run'}) {
|
|
||||||
$opt{'no-scripts'} = 1;
|
|
||||||
$opt{'no-files'} = 1;
|
|
||||||
}
|
|
||||||
if ($opt{'no-scripts'}) {
|
|
||||||
for my $action (qw(fixfiles preinstall postinstall)) {
|
|
||||||
push @{$backend_flags{$action}},
|
|
||||||
'--dry-run';
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if ($opt{'no-files'}) {
|
|
||||||
push @{$backend_flags{installfiles}},
|
|
||||||
'--dry-run';
|
|
||||||
}
|
|
||||||
# propagate verbosity - 1 to all backends
|
|
||||||
if (defined $command_line_opt{'verbose'} and
|
|
||||||
$command_line_opt{'verbose'} > 1) {
|
|
||||||
for my $action (keys %backend_flags) {
|
|
||||||
push @{$backend_flags{$action}},
|
|
||||||
('--verbose') x ($command_line_opt{'verbose'} - 1);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
# propagate these flags to all the backends
|
|
||||||
for my $option (qw(config root cache stage source hostname rsh)) {
|
|
||||||
if ($command_line_opt{$option}) {
|
|
||||||
for my $action (keys %backend_flags) {
|
|
||||||
push @{$backend_flags{$action}},
|
|
||||||
"--$option=$command_line_opt{$option}";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
# getroles also can take 'role-list'
|
|
||||||
if ($command_line_opt{'role-list'}) {
|
|
||||||
push @{$backend_flags{'getroles'}},
|
|
||||||
"--role-list=$command_line_opt{'role-list'}";
|
|
||||||
}
|
|
||||||
|
|
||||||
# The libexec dir defaults to this if it wasn't specified
|
|
||||||
# on the command line or in a config file.
|
|
||||||
if (not defined $opt{'libexec-dir'}) {
|
|
||||||
$opt{'libexec-dir'} = LIBEXEC_DIR;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Pass diff option along to slack-rolediff
|
|
||||||
if ($opt{'diff'}) {
|
|
||||||
push @{$backend_flags{preview}},
|
|
||||||
"--diff=$opt{'diff'}";
|
|
||||||
}
|
|
||||||
|
|
||||||
# Preview takes an optional argument. If no argument is given,
|
|
||||||
# it gets "" from getopt.
|
|
||||||
if (defined $opt{'preview'}) {
|
|
||||||
if (not grep /^$opt{'preview'}$/, qw(simple prompt)) {
|
|
||||||
die "Unknown preview mode '$opt{'preview'}'!";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# The backup option defaults to on if it wasn't specified
|
|
||||||
# on the command line or in a config file
|
|
||||||
if (not defined $opt{backup}) {
|
|
||||||
$opt{backup} = 1;
|
|
||||||
}
|
|
||||||
# Figure out a place to put backups
|
|
||||||
if ($opt{backup} and $opt{'backup-dir'}) {
|
|
||||||
push @{$backend_flags{installfiles}},
|
|
||||||
'--backup',
|
|
||||||
'--backup-dir='.
|
|
||||||
$opt{'backup-dir'}.
|
|
||||||
"/".
|
|
||||||
strftime('%F-%T', localtime(time))
|
|
||||||
;
|
|
||||||
}
|
|
||||||
# }}}
|
|
||||||
|
|
||||||
# Random sleep, helpful when called from cron.
|
|
||||||
if ($opt{sleep}) {
|
|
||||||
my $secs = int(rand($opt{sleep})) + 1;
|
|
||||||
$opt{verbose} and print STDERR "$PROG: sleep $secs\n";
|
|
||||||
sleep($secs);
|
|
||||||
}
|
|
||||||
|
|
||||||
# Get a list of roles to install from slack-getroles {{{
|
|
||||||
if (not @ARGV) {
|
|
||||||
my @command = ($opt{'libexec-dir'}.'/slack-getroles',
|
|
||||||
@{$backend_flags{'getroles'}});
|
|
||||||
$opt{verbose} and print STDERR "$PROG: getroles\n";
|
|
||||||
($opt{verbose} > 2) and print STDERR "$PROG: Calling '@command' to get a list of roles for this host.\n";
|
|
||||||
my ($roles_pid, $roles_fh);
|
|
||||||
if ($roles_pid = open($roles_fh, "-|")) {
|
|
||||||
# Parent
|
|
||||||
} elsif (defined $roles_pid) {
|
|
||||||
# Child
|
|
||||||
exec(@command);
|
|
||||||
die "Could not exec '@command': $!\n";
|
|
||||||
} else {
|
|
||||||
die "Could not fork to run '@command': $!\n";
|
|
||||||
}
|
|
||||||
@roles = split(/\s+/, join(" ", <$roles_fh>));
|
|
||||||
unless (close($roles_fh)) {
|
|
||||||
Slack::check_system_exit(@command);
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
@roles = @ARGV;
|
|
||||||
}
|
|
||||||
# }}}
|
|
||||||
|
|
||||||
# Check role name syntax {{{
|
|
||||||
for my $role (@roles) {
|
|
||||||
# Roles MUST begin with a letter. All else is reserved.
|
|
||||||
if ($role !~ m/^[a-zA-Z]/) {
|
|
||||||
die "Role '$role' does not begin with a letter!";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
# }}}
|
|
||||||
|
|
||||||
$opt{verbose} and print STDERR "$PROG: installing roles: @roles\n";
|
|
||||||
|
|
||||||
unless ($opt{'no-sync'}) {
|
|
||||||
# sync all the roles down at once
|
|
||||||
$opt{verbose} and print STDERR "$PROG: sync @roles\n";
|
|
||||||
run_backend('slack-sync',
|
|
||||||
@{$backend_flags{sync}}, @roles);
|
|
||||||
}
|
|
||||||
|
|
||||||
ROLE: for my $role (@roles) {
|
|
||||||
# stage
|
|
||||||
$opt{verbose} and print STDERR "$PROG: stage files $role\n";
|
|
||||||
run_backend('slack-stage',
|
|
||||||
@{$backend_flags{stage}}, '--subdir=files', $role);
|
|
||||||
|
|
||||||
if ($opt{preview}) {
|
|
||||||
if ($opt{preview} eq 'simple') {
|
|
||||||
$opt{verbose} and print STDERR "$PROG: preview $role\n";
|
|
||||||
# Here, we run the backend in no-prompt mode.
|
|
||||||
run_conditional_backend(0, 'slack-rolediff',
|
|
||||||
@{$backend_flags{preview}}, $role);
|
|
||||||
# ...and we skip further action in the ROLE after showing the diff.
|
|
||||||
next ROLE;
|
|
||||||
} elsif ($opt{preview} eq 'prompt') {
|
|
||||||
$opt{verbose} and print STDERR "$PROG: preview scripts $role\n";
|
|
||||||
# Here, we want to prompt and just do the scripts, since
|
|
||||||
# we need to run preinstall and fixfiles before doing the files.
|
|
||||||
run_conditional_backend(1, 'slack-rolediff',
|
|
||||||
@{$backend_flags{preview}}, '--subdir=scripts', $role);
|
|
||||||
} else {
|
|
||||||
# Should get caught in option processing, above
|
|
||||||
die "Unknown preview mode!\n";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
$opt{verbose} and print STDERR "$PROG: stage scripts $role\n";
|
|
||||||
run_backend('slack-stage',
|
|
||||||
@{$backend_flags{stage}}, '--subdir=scripts', $role);
|
|
||||||
|
|
||||||
# preinstall
|
|
||||||
$opt{verbose} and print STDERR "$PROG: preinstall $role\n";
|
|
||||||
run_backend('slack-runscript',
|
|
||||||
@{$backend_flags{preinstall}}, 'preinstall', $role);
|
|
||||||
|
|
||||||
# fixfiles
|
|
||||||
$opt{verbose} and print STDERR "$PROG: fixfiles $role\n";
|
|
||||||
run_backend('slack-runscript',
|
|
||||||
@{$backend_flags{fixfiles}}, 'fixfiles', $role);
|
|
||||||
|
|
||||||
# preview files
|
|
||||||
if ($opt{preview} and $opt{preview} eq 'prompt') {
|
|
||||||
$opt{verbose} and print STDERR "$PROG: preview files $role\n";
|
|
||||||
run_conditional_backend(1, 'slack-rolediff',
|
|
||||||
@{$backend_flags{preview}}, '--subdir=files', $role);
|
|
||||||
}
|
|
||||||
|
|
||||||
# installfiles
|
|
||||||
$opt{verbose} and print STDERR "$PROG: install $role\n";
|
|
||||||
run_backend('slack-installfiles',
|
|
||||||
@{$backend_flags{installfiles}}, $role);
|
|
||||||
|
|
||||||
# postinstall
|
|
||||||
$opt{verbose} and print STDERR "$PROG: postinstall $role\n";
|
|
||||||
run_backend('slack-runscript',
|
|
||||||
@{$backend_flags{postinstall}}, 'postinstall', $role);
|
|
||||||
}
|
|
||||||
exit 0;
|
|
||||||
|
|
||||||
sub run_backend (@) {
|
|
||||||
my ($backend, @args) = @_;
|
|
||||||
# If we weren't given an explicit path, prepend the libexec dir
|
|
||||||
unless ($backend =~ m#^/#) {
|
|
||||||
$backend = $opt{'libexec-dir'} . '/' . $backend;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Assemble our command line
|
|
||||||
my (@command) = ($backend, @args);
|
|
||||||
($opt{verbose} > 2) and print STDERR "$PROG: Calling '@command'\n";
|
|
||||||
unless (system(@command) == 0) {
|
|
||||||
Slack::check_system_exit(@command);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
sub run_conditional_backend ($@) {
|
|
||||||
my ($prompt, $backend, @args) = @_;
|
|
||||||
# If we weren't given an explicit path, prepend the libexec dir
|
|
||||||
unless ($backend =~ m#^/#) {
|
|
||||||
$backend = $opt{'libexec-dir'} . '/' . $backend;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Assemble our command line
|
|
||||||
my (@command) = ($backend, @args);
|
|
||||||
($opt{verbose} > 2) and print STDERR "$PROG: Calling '@command'\n";
|
|
||||||
unless (system(@command) == 0) {
|
|
||||||
my $exit = Slack::get_system_exit(@command);
|
|
||||||
|
|
||||||
if ($exit == 1) {
|
|
||||||
# exit 1 means a difference found or something normal that requires
|
|
||||||
# a prompt before continuing.
|
|
||||||
if ($prompt) {
|
|
||||||
exit 1 unless Slack::prompt("Continue? [yN] ") eq 'y';
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
# any other non-successful exit is a serious error.
|
|
||||||
die "'@command' exited $exit";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
514
archive/slack-runtime/dist/slack-diff
vendored
514
archive/slack-runtime/dist/slack-diff
vendored
@ -1,514 +0,0 @@
|
|||||||
#!/usr/bin/perl -w
|
|
||||||
# $Id: slack-diff 122 2006-09-27 07:34:32Z alan $
|
|
||||||
# vim:sw=2
|
|
||||||
# vim600:fdm=marker
|
|
||||||
# Copyright (C) 2004-2006 Alan Sundell <alan@sundell.net>
|
|
||||||
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
|
|
||||||
# See the file COPYING for details.
|
|
||||||
#
|
|
||||||
# This script is a wrapper for diff that gives output about special files
|
|
||||||
# and file modes. (diff can only compare regular files)
|
|
||||||
|
|
||||||
require 5.006;
|
|
||||||
use warnings FATAL => qw(all);
|
|
||||||
use strict;
|
|
||||||
use sigtrap qw(die untrapped normal-signals
|
|
||||||
stack-trace any error-signals);
|
|
||||||
|
|
||||||
use Errno;
|
|
||||||
use File::stat;
|
|
||||||
use File::Basename;
|
|
||||||
use File::Find;
|
|
||||||
use Getopt::Long;
|
|
||||||
use POSIX qw(SIGPIPE strftime);
|
|
||||||
use Fcntl qw(:mode); # provides things like S_IFMT that POSIX does not
|
|
||||||
|
|
||||||
|
|
||||||
my $VERSION = '0.1';
|
|
||||||
(my $PROG = $0) =~ s#.*/##;
|
|
||||||
my @diff; # diff program to use
|
|
||||||
my $exit = 0; # our exit code
|
|
||||||
|
|
||||||
sub compare ($$);
|
|
||||||
sub recursive_compare ($$);
|
|
||||||
sub filetype_to_string ($;$);
|
|
||||||
sub compare_files ($$);
|
|
||||||
sub diff ($$);
|
|
||||||
|
|
||||||
########################################
|
|
||||||
# Environment
|
|
||||||
# Helpful prefix to die messages
|
|
||||||
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
|
|
||||||
# Set a reasonable umask
|
|
||||||
umask 077;
|
|
||||||
# Autoflush on STDOUT
|
|
||||||
$|=1;
|
|
||||||
# Autoflush on STDERR
|
|
||||||
select((select(STDERR), $|=1)[0]);
|
|
||||||
|
|
||||||
# Default options
|
|
||||||
my %opt = (
|
|
||||||
fakediff => 1,
|
|
||||||
perms => 1,
|
|
||||||
'new-file' => 1,
|
|
||||||
diff => 'diff',
|
|
||||||
);
|
|
||||||
|
|
||||||
# Config and option parsing
|
|
||||||
my $usage = <<EOF;
|
|
||||||
Usage: $PROG [options] <file1> <file2>
|
|
||||||
$PROG -r <dir1> <dir2>
|
|
||||||
|
|
||||||
Options:
|
|
||||||
-u, -U NUM, --unified=NUM
|
|
||||||
Tell diff to use unified output format.
|
|
||||||
--diff PROG
|
|
||||||
Use this program for diffing, instead of "$opt{diff}"
|
|
||||||
--fakediff
|
|
||||||
Make a fake diff for file modes and other things that are not file
|
|
||||||
contents. Default is on, can be disabled with --nofakediff.
|
|
||||||
--perms
|
|
||||||
Care about owner, group, and permissions when doing fakediff.
|
|
||||||
Default is on, can be disabled with --noperms.
|
|
||||||
-r, --recursive
|
|
||||||
Recursively compare directories.
|
|
||||||
-N, --new-file
|
|
||||||
Treat missing files as empty. Default is on, can be disabled with
|
|
||||||
--nonew-file.
|
|
||||||
--unidirectional-new-file
|
|
||||||
Treat only missing files in the first directory as empty.
|
|
||||||
--from-file
|
|
||||||
Treat arguments as a list of files from which to read filenames to
|
|
||||||
compare, two lines at a time.
|
|
||||||
-0, --null
|
|
||||||
Use NULLs instead of newlines as the separator in --from-file mode
|
|
||||||
--devnullhack
|
|
||||||
You have a version of diff that can't deal with -N when not in
|
|
||||||
recursive mode, so we need to feed it /dev/null instead of the
|
|
||||||
missing file. Default is on, can be disabled with --nodevnullhack.
|
|
||||||
--version
|
|
||||||
Output version info
|
|
||||||
--help
|
|
||||||
Output this help text
|
|
||||||
|
|
||||||
Exit codes:
|
|
||||||
0 Found no differences
|
|
||||||
1 Found a difference
|
|
||||||
2 Had a serious error
|
|
||||||
3 Found a difference and had a serious error
|
|
||||||
EOF
|
|
||||||
|
|
||||||
{
|
|
||||||
Getopt::Long::Configure ("bundling");
|
|
||||||
GetOptions(\%opt,
|
|
||||||
'help|h|?',
|
|
||||||
'version',
|
|
||||||
'null|0',
|
|
||||||
'devnullhack',
|
|
||||||
'new-file|N',
|
|
||||||
'u',
|
|
||||||
'unified|U=i',
|
|
||||||
'recursive|r',
|
|
||||||
'from-file',
|
|
||||||
'unidirectional-new-file',
|
|
||||||
'fakediff!',
|
|
||||||
'perms!',
|
|
||||||
'diff=s',
|
|
||||||
) or die $usage;
|
|
||||||
if ($opt{help}) {
|
|
||||||
print $usage;
|
|
||||||
exit 0;
|
|
||||||
}
|
|
||||||
if ($opt{version}) {
|
|
||||||
print "$PROG version $VERSION\n";
|
|
||||||
exit 0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($opt{diff}) {
|
|
||||||
# We split on spaces here to be useful -- so that people can give
|
|
||||||
# their diff options.
|
|
||||||
@diff = split(/\s+/, $opt{diff});
|
|
||||||
} else {
|
|
||||||
die "$PROG: No diff program!\n";
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($opt{'u'}) {
|
|
||||||
push @diff, '-u';
|
|
||||||
} elsif ($opt{'unified'}) {
|
|
||||||
$opt{'u'} = 1; # We use this value later
|
|
||||||
push @diff, "--unified=$opt{'unified'}";
|
|
||||||
}
|
|
||||||
|
|
||||||
if (not $opt{'devnullhack'}) {
|
|
||||||
push @diff, '-N';
|
|
||||||
}
|
|
||||||
|
|
||||||
# usually, sigpipe would be someone quitting their pager, so don't sweat it
|
|
||||||
$SIG{PIPE} = sub { exit $exit };
|
|
||||||
|
|
||||||
if ($opt{'from-file'}) {
|
|
||||||
local $/ = "\0" if $opt{'null'};
|
|
||||||
while (my $old = <>) {
|
|
||||||
my $new = <>;
|
|
||||||
die "Uneven number of lines in --from-file mode!\n"
|
|
||||||
if not defined $new;
|
|
||||||
chomp($old);
|
|
||||||
chomp($new);
|
|
||||||
$exit |= compare($old, $new);
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
die $usage unless $#ARGV == 1;
|
|
||||||
$exit |= compare($ARGV[0], $ARGV[1]);
|
|
||||||
}
|
|
||||||
exit $exit;
|
|
||||||
|
|
||||||
##
|
|
||||||
# Subroutines
|
|
||||||
|
|
||||||
sub compare ($$) {
|
|
||||||
my ($old, $new) = @_;
|
|
||||||
|
|
||||||
if ($opt{recursive}) {
|
|
||||||
return recursive_compare($old, $new);
|
|
||||||
} else {
|
|
||||||
return compare_files($old, $new);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# compare two directories. We do this by walking down the *new*
|
|
||||||
# directory, and comparing everything that's there to the stuff in
|
|
||||||
# the old directory
|
|
||||||
sub recursive_compare ($$) {
|
|
||||||
my ($olddir, $newdir) = @_;
|
|
||||||
my ($retval, $basere, $wanted);
|
|
||||||
my (%seen);
|
|
||||||
|
|
||||||
$retval = 0;
|
|
||||||
|
|
||||||
if (-d $newdir) {
|
|
||||||
$basere = qr(^$newdir);
|
|
||||||
$wanted = sub {
|
|
||||||
my ($newfile) = $_;
|
|
||||||
my $oldfile = $newfile;
|
|
||||||
|
|
||||||
$oldfile =~ s#$basere#$olddir#;
|
|
||||||
$seen{$oldfile} = 1;
|
|
||||||
$retval |= compare_files($oldfile, $newfile);
|
|
||||||
};
|
|
||||||
|
|
||||||
eval { find({ wanted => $wanted , no_chdir => 1}, $newdir) };
|
|
||||||
if ($@) {
|
|
||||||
warn "$PROG: error during find: $@\n";
|
|
||||||
$retval |= 2;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return $retval
|
|
||||||
if $opt{'unidirectional-new-file'};
|
|
||||||
|
|
||||||
# If we're not unidirectional, we want to go through the old directory
|
|
||||||
# and diff any files we didn't see in the newdir.
|
|
||||||
if (-d $olddir) {
|
|
||||||
$basere = qr(^$olddir);
|
|
||||||
$wanted = sub {
|
|
||||||
my ($oldfile) = $_;
|
|
||||||
my $newfile;
|
|
||||||
|
|
||||||
return if $seen{$oldfile};
|
|
||||||
$newfile = $oldfile;
|
|
||||||
|
|
||||||
$newfile =~ s#$basere#$newdir#;
|
|
||||||
$retval |= compare_files($oldfile, $newfile);
|
|
||||||
};
|
|
||||||
|
|
||||||
eval { find({ wanted => $wanted , no_chdir => 1}, $olddir) };
|
|
||||||
if ($@) {
|
|
||||||
warn "$PROG: error during find: $@\n";
|
|
||||||
$retval |= 2;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return $retval;
|
|
||||||
}
|
|
||||||
|
|
||||||
# filetype_to_string(mode)
|
|
||||||
# filetype_to_string(mode, plural)
|
|
||||||
#
|
|
||||||
# Takes a mode returned from stat(), returns a noune describing the filetype,
|
|
||||||
# e.g. "directory", "symlink".
|
|
||||||
# If the "plural" argument is provided and true, returns the plural form of
|
|
||||||
# the noun, e.g. "directories", "symlinks".
|
|
||||||
sub filetype_to_string ($;$) {
|
|
||||||
my ($mode, $plural) = @_;
|
|
||||||
|
|
||||||
if (S_ISREG($mode)) {
|
|
||||||
return "regular file".($plural ? "s" : "");
|
|
||||||
} elsif (S_ISDIR($mode)) {
|
|
||||||
return "director".($plural ? "ies" : "y");
|
|
||||||
} elsif (S_ISLNK($mode)) {
|
|
||||||
return "symlink".($plural ? "s" : "");
|
|
||||||
} elsif (S_ISBLK($mode)) {
|
|
||||||
return "block device".($plural ? "s" : "");
|
|
||||||
} elsif (S_ISCHR($mode)) {
|
|
||||||
return "character device".($plural ? "s" : "");
|
|
||||||
} elsif (S_ISFIFO($mode)) {
|
|
||||||
return "fifo".($plural ? "s" : "");
|
|
||||||
} elsif (S_ISSOCK($mode)) {
|
|
||||||
return "socket".($plural ? "s" : "");
|
|
||||||
} else {
|
|
||||||
return "unknown filetype".($plural ? "s" : "");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# compare_files(oldfile, newfile)
|
|
||||||
# This is the actual diffing routine. It's quite long because we need to
|
|
||||||
# deal with all sorts of special cases. It will print to STDOUT a
|
|
||||||
# description of the differences between the two files. For regular files,
|
|
||||||
# diff(1) will be run to show the differences.
|
|
||||||
#
|
|
||||||
# return codes:
|
|
||||||
# 1 found a difference
|
|
||||||
# 2 had an error
|
|
||||||
# 3 found a difference and had an error
|
|
||||||
sub compare_files ($$) {
|
|
||||||
my ($oldname, $newname) = @_;
|
|
||||||
my ($old, $new); # stat buffers
|
|
||||||
my $return = 0;
|
|
||||||
|
|
||||||
# Get rid of unsightly double slashes
|
|
||||||
$oldname =~ s#//#/#g;
|
|
||||||
$newname =~ s#//#/#g;
|
|
||||||
|
|
||||||
eval { $old = lstat($oldname); };
|
|
||||||
if (not defined $old and not $!{ENOENT}) {
|
|
||||||
warn "$PROG: Could not stat $oldname: $!\n";
|
|
||||||
return 2;
|
|
||||||
}
|
|
||||||
eval { $new = lstat($newname); };
|
|
||||||
if (not defined $new and not $!{ENOENT}) {
|
|
||||||
warn "$PROG: Could not stat $newname: $!\n";
|
|
||||||
return 2;
|
|
||||||
}
|
|
||||||
# At this point, $old or $new should only be undefined if the
|
|
||||||
# file does not exist.
|
|
||||||
|
|
||||||
if (defined $old and defined $new) {
|
|
||||||
if (S_IFMT($old->mode) != S_IFMT($new->mode)) {
|
|
||||||
if ($opt{fakediff}) {
|
|
||||||
fakediff('filetype',
|
|
||||||
$oldname => filetype_to_string($old->mode),
|
|
||||||
$newname => filetype_to_string($new->mode),
|
|
||||||
);
|
|
||||||
} else {
|
|
||||||
print "File types differ between ".
|
|
||||||
filetype_to_string($old->mode)." $oldname and ".
|
|
||||||
filetype_to_string($new->mode)." $newname\n";
|
|
||||||
}
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
if ($old->nlink != $new->nlink) {
|
|
||||||
# In recursive mode, we don't care about link counts in directories,
|
|
||||||
# as we'll pick that up with what files do and don't exist.
|
|
||||||
unless ($opt{recursive} and S_ISDIR($old->mode)) {
|
|
||||||
if ($opt{fakediff}) {
|
|
||||||
fakediff('nlink',
|
|
||||||
$oldname => $old->nlink,
|
|
||||||
$newname => $new->nlink,
|
|
||||||
);
|
|
||||||
} else {
|
|
||||||
print "Link counts differ between ".
|
|
||||||
filetype_to_string($old->mode, 1).
|
|
||||||
" $oldname and $newname\n";
|
|
||||||
}
|
|
||||||
$return = 1;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if ($old->uid != $new->uid and $opt{perms}) {
|
|
||||||
if ($opt{fakediff}) {
|
|
||||||
fakediff('uid',
|
|
||||||
$oldname => $old->uid,
|
|
||||||
$newname => $new->uid,
|
|
||||||
);
|
|
||||||
} else {
|
|
||||||
print "Owner differs between ".
|
|
||||||
filetype_to_string($old->mode, 1).
|
|
||||||
" $oldname and $newname\n";
|
|
||||||
}
|
|
||||||
$return = 1;
|
|
||||||
}
|
|
||||||
if ($old->gid != $new->gid and $opt{perms}) {
|
|
||||||
if ($opt{fakediff}) {
|
|
||||||
fakediff('gid',
|
|
||||||
$oldname => $old->gid,
|
|
||||||
$newname => $new->gid,
|
|
||||||
);
|
|
||||||
} else {
|
|
||||||
print "Group differs between ".
|
|
||||||
filetype_to_string($old->mode, 1).
|
|
||||||
" $oldname and $newname\n";
|
|
||||||
}
|
|
||||||
$return = 1;
|
|
||||||
}
|
|
||||||
if (S_IMODE($old->mode) != S_IMODE($new->mode) and $opt{perms}) {
|
|
||||||
if ($opt{fakediff}) {
|
|
||||||
fakediff('mode',
|
|
||||||
$oldname => sprintf('%04o', S_IMODE($old->mode)),
|
|
||||||
$newname => sprintf('%04o', S_IMODE($new->mode)),
|
|
||||||
);
|
|
||||||
} else {
|
|
||||||
print "Modes differ between ".
|
|
||||||
filetype_to_string($old->mode, 1).
|
|
||||||
" $oldname and $newname\n";
|
|
||||||
}
|
|
||||||
$return = 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
# We don't want to compare anything more about sockets, fifos, or
|
|
||||||
# directories, once we've checked the permissions and link counts
|
|
||||||
if (S_ISSOCK($old->mode) or
|
|
||||||
S_ISFIFO($old->mode) or
|
|
||||||
S_ISDIR($old->mode)) {
|
|
||||||
return $return;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Check device file devs, and that's it for them
|
|
||||||
if (S_ISCHR($old->mode) or
|
|
||||||
S_ISBLK($old->mode)) {
|
|
||||||
if ($old->rdev != $new->rdev) {
|
|
||||||
if ($opt{fakediff}) {
|
|
||||||
fakediff('rdev',
|
|
||||||
$oldname => $old->rdev,
|
|
||||||
$newname => $new->rdev,
|
|
||||||
);
|
|
||||||
} else {
|
|
||||||
print "Device numbers differ between ".
|
|
||||||
filetype_to_string($old->mode, 1).
|
|
||||||
" $oldname and $newname\n";
|
|
||||||
}
|
|
||||||
$return = 1;
|
|
||||||
}
|
|
||||||
return $return;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Compare the targets of symlinks
|
|
||||||
if (S_ISLNK($old->mode)) {
|
|
||||||
my $oldtarget = readlink $oldname
|
|
||||||
or (warn("$PROG: Could not readlink($oldname): $!\n"),
|
|
||||||
return $return | 2);
|
|
||||||
my $newtarget = readlink $newname
|
|
||||||
or (warn("$PROG: Could not readlink($newname): $!\n"),
|
|
||||||
return $return | 2);
|
|
||||||
if ($oldtarget ne $newtarget) {
|
|
||||||
if ($opt{fakediff}) {
|
|
||||||
fakediff('target',
|
|
||||||
$oldname => $oldtarget,
|
|
||||||
$newname => $newtarget,
|
|
||||||
);
|
|
||||||
} else {
|
|
||||||
print "Symlink targets differ between $oldname and $newname\n";
|
|
||||||
}
|
|
||||||
$return = 1;
|
|
||||||
}
|
|
||||||
return $return;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (not S_ISREG($old->mode)) {
|
|
||||||
warn "$PROG: Don't know what to do with file mode $old->mode!\n";
|
|
||||||
return 2;
|
|
||||||
}
|
|
||||||
} elsif (not defined $old and not defined $new) {
|
|
||||||
print "Neither $oldname nor $newname exists\n";
|
|
||||||
return $return;
|
|
||||||
} elsif (not defined $old) {
|
|
||||||
if (not S_ISREG($new->mode) or not $opt{'new-file'}) {
|
|
||||||
print "Only in ".dirname($newname).": ".
|
|
||||||
filetype_to_string($new->mode)." ".basename($newname)."\n";
|
|
||||||
return 1;
|
|
||||||
} elsif ($opt{'devnullhack'}) {
|
|
||||||
$oldname = '/dev/null';
|
|
||||||
}
|
|
||||||
} elsif (not defined $new) {
|
|
||||||
if (not S_ISREG($old->mode) or not $opt{'new-file'}) {
|
|
||||||
print "Only in ".dirname($oldname).": ".
|
|
||||||
filetype_to_string($old->mode)." ".basename($oldname)."\n";
|
|
||||||
return 1;
|
|
||||||
} elsif ($opt{'devnullhack'}) {
|
|
||||||
$newname = '/dev/null';
|
|
||||||
}
|
|
||||||
}
|
|
||||||
# They are regular files! We can actually run diff!
|
|
||||||
return diff($oldname, $newname) | $return;
|
|
||||||
}
|
|
||||||
|
|
||||||
sub diff ($$) {
|
|
||||||
my ($oldname, $newname) = @_;
|
|
||||||
my @command = (@diff, $oldname, $newname);
|
|
||||||
my $status;
|
|
||||||
|
|
||||||
# If we're not specifying unified diff, we need to print a header
|
|
||||||
# to indicate what's being diffed. (I'm not sure if this actually would
|
|
||||||
# work for patch, but it does tell our user what's going on).
|
|
||||||
# FIXME: We only need to specify this if the files are different
|
|
||||||
print "@command\n"
|
|
||||||
if not $opt{u};
|
|
||||||
|
|
||||||
{
|
|
||||||
# There is a bug in perl with use warnings FATAL => qw(all)
|
|
||||||
# that will cause the child process from system() to stick
|
|
||||||
# around if there is a warning generated.
|
|
||||||
# Shut off warnings -- we'll catch the error below.
|
|
||||||
no warnings;
|
|
||||||
$status = system(@command);
|
|
||||||
}
|
|
||||||
return 0 if ($status == 0);
|
|
||||||
if ($? == -1) {
|
|
||||||
die "$PROG: failed to execute '@command': $!\n";
|
|
||||||
}
|
|
||||||
if ($? & 128) {
|
|
||||||
die "$PROG: '@command' dumped core\n";
|
|
||||||
}
|
|
||||||
if (my $sig = $? & 127) {
|
|
||||||
die "$PROG: '@command' caught sig $sig\n"
|
|
||||||
unless ($sig == SIGPIPE);
|
|
||||||
}
|
|
||||||
if (my $exit = $? >> 8) {
|
|
||||||
if ($exit == 1) {
|
|
||||||
return 1;
|
|
||||||
} else {
|
|
||||||
die "$PROG: '@command' returned $exit\n";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
sub fakediff ($$) {
|
|
||||||
my ($type, $oldname, $oldvalue, $newname, $newvalue) = @_;
|
|
||||||
|
|
||||||
return unless $opt{fakediff};
|
|
||||||
my $time = strftime('%F %T.000000000 %z', localtime(0));
|
|
||||||
|
|
||||||
# We add a suffix onto the filenames to show we're not actually looking
|
|
||||||
# at file contents. There's no good way to indicate this that's compatible
|
|
||||||
# with patch, and this is simple enough.
|
|
||||||
$oldname .= '#~~' . $type;
|
|
||||||
$newname .= '#~~' . $type;
|
|
||||||
|
|
||||||
if ($opt{u}) {
|
|
||||||
# fake up a unified diff
|
|
||||||
print <<EOF;
|
|
||||||
--- $oldname\t$time
|
|
||||||
+++ $newname\t$time
|
|
||||||
@@ -1 +1 @@
|
|
||||||
-$oldvalue
|
|
||||||
+$newvalue
|
|
||||||
EOF
|
|
||||||
} else {
|
|
||||||
print <<EOF;
|
|
||||||
diff $oldname $newname
|
|
||||||
1c1
|
|
||||||
< $oldvalue
|
|
||||||
---
|
|
||||||
> $newvalue
|
|
||||||
EOF
|
|
||||||
}
|
|
||||||
}
|
|
161
archive/slack-runtime/dist/slack-getroles
vendored
161
archive/slack-runtime/dist/slack-getroles
vendored
@ -1,161 +0,0 @@
|
|||||||
#!/usr/bin/perl -w
|
|
||||||
# $Id: slack-getroles 180 2008-01-19 08:26:19Z alan $
|
|
||||||
# vim:sw=2
|
|
||||||
# vim600:fdm=marker
|
|
||||||
# Copyright (C) 2004-2008 Alan Sundell <alan@sundell.net>
|
|
||||||
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
|
|
||||||
# See the file COPYING for details.
|
|
||||||
|
|
||||||
# This script is in charge of copying files from the (possibly remote)
|
|
||||||
# master directory to a local cache, using rsync
|
|
||||||
|
|
||||||
require 5.006;
|
|
||||||
use warnings FATAL => qw(all);
|
|
||||||
use strict;
|
|
||||||
use sigtrap qw(die untrapped normal-signals
|
|
||||||
stack-trace any error-signals);
|
|
||||||
|
|
||||||
use File::Path;
|
|
||||||
|
|
||||||
use constant LIB_DIR => '/usr/lib/slack';
|
|
||||||
use lib LIB_DIR;
|
|
||||||
use Slack;
|
|
||||||
|
|
||||||
my @rsync = ('rsync',
|
|
||||||
'--links',
|
|
||||||
'--times',
|
|
||||||
);
|
|
||||||
|
|
||||||
(my $PROG = $0) =~ s#.*/##;
|
|
||||||
|
|
||||||
sub sync_list ();
|
|
||||||
|
|
||||||
########################################
|
|
||||||
# Environment
|
|
||||||
# Helpful prefix to die messages
|
|
||||||
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
|
|
||||||
# Set a reasonable umask
|
|
||||||
umask 077;
|
|
||||||
# Get out of wherever (possibly NFS-mounted) we were
|
|
||||||
chdir("/")
|
|
||||||
or die "Could not chdir /: $!";
|
|
||||||
# Autoflush on STDERR
|
|
||||||
select((select(STDERR), $|=1)[0]);
|
|
||||||
|
|
||||||
########################################
|
|
||||||
# Config and option parsing {{{
|
|
||||||
my $usage = Slack::default_usage("$PROG [options]");
|
|
||||||
$usage .= <<EOF;
|
|
||||||
|
|
||||||
--role-list
|
|
||||||
Role list location (can be relative to SOURCE)
|
|
||||||
|
|
||||||
--remote-role-list
|
|
||||||
Role list is remote and should be copied down with rsync
|
|
||||||
(implied by certain forms of role list or SOURCE)
|
|
||||||
EOF
|
|
||||||
|
|
||||||
# Option defaults
|
|
||||||
my %opt = ();
|
|
||||||
Slack::get_options(
|
|
||||||
opthash => \%opt,
|
|
||||||
command_line_options => [
|
|
||||||
'role-list=s',
|
|
||||||
'remote-role-list',
|
|
||||||
],
|
|
||||||
required_options => [ qw(role-list hostname) ],
|
|
||||||
usage => $usage,
|
|
||||||
);
|
|
||||||
|
|
||||||
# Prepare for backups
|
|
||||||
if ($opt{backup} and $opt{'backup-dir'}) {
|
|
||||||
# Make sure backup directory exists
|
|
||||||
unless (-d $opt{'backup-dir'}) {
|
|
||||||
($opt{verbose} > 0) and print STDERR "Creating backup directory '$opt{'backup-dir'}'\n";
|
|
||||||
if (not $opt{'dry-run'}) {
|
|
||||||
eval { mkpath($opt{'backup-dir'}); };
|
|
||||||
die "Could not mkpath backup dir '$opt{'backup-dir'}': $@\n" if $@;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
push(@rsync, "--backup", "--backup-dir=$opt{'backup-dir'}");
|
|
||||||
}
|
|
||||||
# Pass options along to rsync
|
|
||||||
if ($opt{'dry-run'}) {
|
|
||||||
push @rsync, '--dry-run';
|
|
||||||
}
|
|
||||||
# Pass options along to rsync
|
|
||||||
if ($opt{'verbose'} > 1) {
|
|
||||||
push @rsync, '--verbose';
|
|
||||||
}
|
|
||||||
# }}}
|
|
||||||
|
|
||||||
# See if role-list is actually relative to source, and pre-pend source
|
|
||||||
# if need be.
|
|
||||||
unless ($opt{'role-list'} =~ m#^/# or
|
|
||||||
$opt{'role-list'} =~ m#^\./# or
|
|
||||||
$opt{'role-list'} =~ m#^[\w@\.-]+:#) {
|
|
||||||
if (not defined $opt{source}) {
|
|
||||||
die "Relative path to role-list given, but source not defined!\n\n$usage\n";
|
|
||||||
}
|
|
||||||
$opt{'role-list'} = $opt{source} . '/' . $opt{'role-list'};
|
|
||||||
}
|
|
||||||
|
|
||||||
# auto-detect remote role list
|
|
||||||
if ($opt{'role-list'} =~ m#^[\w@\.-]+:#) {
|
|
||||||
$opt{'remote-role-list'} = 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Copy a remote list locally
|
|
||||||
if ($opt{'remote-role-list'}) {
|
|
||||||
# We need a cache directory if the role list is not local
|
|
||||||
if (not defined $opt{cache}) {
|
|
||||||
die "Remote path to role-list given, but cache not defined!\n\n$usage\n";
|
|
||||||
}
|
|
||||||
# Look at source type, and add options if necessary
|
|
||||||
if ($opt{'rsh'} or $opt{'role-list'} =~ m/^[\w@\.-]+::/) {
|
|
||||||
# This is tunnelled rsync, and so needs an extra option
|
|
||||||
if ($opt{'rsh'}) {
|
|
||||||
push @rsync, '-e', $opt{'rsh'};
|
|
||||||
} else {
|
|
||||||
push @rsync, '-e', 'ssh';
|
|
||||||
}
|
|
||||||
}
|
|
||||||
sync_list();
|
|
||||||
}
|
|
||||||
|
|
||||||
# Read in the roles list
|
|
||||||
my @roles = ();
|
|
||||||
my $host_found = 0;
|
|
||||||
($opt{verbose} > 0) and print STDERR "$PROG: Reading '$opt{'role-list'}'\n";
|
|
||||||
open(ROLES, "<", $opt{'role-list'})
|
|
||||||
or die "Could not open '$opt{'role-list'}' for reading: $!\n";
|
|
||||||
while(<ROLES>) {
|
|
||||||
s/#.*//; # Strip comments
|
|
||||||
chomp;
|
|
||||||
if (s/^$opt{hostname}:\s*//) {
|
|
||||||
$host_found++;
|
|
||||||
push @roles, split();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
close(ROLES)
|
|
||||||
or die "Could not close '$opt{'role-list'}': $!\n";
|
|
||||||
if (not $host_found) {
|
|
||||||
die "Host '$opt{hostname}' not found in '$opt{'role-list'}'!\n";
|
|
||||||
}
|
|
||||||
print join("\n", @roles), "\n";
|
|
||||||
exit 0;
|
|
||||||
|
|
||||||
sub sync_list () {
|
|
||||||
my $source = $opt{'role-list'};
|
|
||||||
my $destination = $opt{cache} . "/_role_list";
|
|
||||||
unless (-d $opt{cache}) {
|
|
||||||
eval { mkpath($opt{cache}); };
|
|
||||||
die "Could not mkpath '$opt{cache}': $@\n" if $@;
|
|
||||||
}
|
|
||||||
# All this to run an rsync command
|
|
||||||
my @command = (@rsync, $source, $destination);
|
|
||||||
($opt{verbose} > 0) and print STDERR "$PROG: Calling '@command'\n";
|
|
||||||
Slack::wrap_rsync(@command);
|
|
||||||
$opt{'role-list'} = $destination;
|
|
||||||
}
|
|
||||||
|
|
149
archive/slack-runtime/dist/slack-installfiles
vendored
149
archive/slack-runtime/dist/slack-installfiles
vendored
@ -1,149 +0,0 @@
|
|||||||
#!/usr/bin/perl -w
|
|
||||||
# $Id: slack-installfiles 180 2008-01-19 08:26:19Z alan $
|
|
||||||
# vim:sw=2
|
|
||||||
# vim600:fdm=marker
|
|
||||||
# Copyright (C) 2004-2008 Alan Sundell <alan@sundell.net>
|
|
||||||
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
|
|
||||||
# See the file COPYING for details.
|
|
||||||
#
|
|
||||||
# This script is in charge of copying files from the local stage to the root
|
|
||||||
# of the local filesystem
|
|
||||||
|
|
||||||
require 5.006;
|
|
||||||
use warnings FATAL => qw(all);
|
|
||||||
use strict;
|
|
||||||
use sigtrap qw(die untrapped normal-signals
|
|
||||||
stack-trace any error-signals);
|
|
||||||
|
|
||||||
use File::Path;
|
|
||||||
|
|
||||||
use constant LIB_DIR => '/usr/lib/slack';
|
|
||||||
use lib LIB_DIR;
|
|
||||||
use Slack;
|
|
||||||
|
|
||||||
my @rsync = ('rsync',
|
|
||||||
'--relative',
|
|
||||||
'--times',
|
|
||||||
'--perms',
|
|
||||||
'--group',
|
|
||||||
'--owner',
|
|
||||||
'--links',
|
|
||||||
'--devices',
|
|
||||||
'--sparse',
|
|
||||||
'--no-implied-dirs', # SO GOOD!
|
|
||||||
'--files-from=-',
|
|
||||||
'--from0',
|
|
||||||
);
|
|
||||||
|
|
||||||
(my $PROG = $0) =~ s#.*/##;
|
|
||||||
|
|
||||||
sub install_files ($);
|
|
||||||
|
|
||||||
########################################
|
|
||||||
# Environment
|
|
||||||
# Helpful prefix to die messages
|
|
||||||
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
|
|
||||||
# Set a reasonable umask
|
|
||||||
umask 077;
|
|
||||||
# Get out of wherever (possibly NFS-mounted) we were
|
|
||||||
chdir("/")
|
|
||||||
or die "Could not chdir /: $!";
|
|
||||||
# Autoflush on STDERR
|
|
||||||
select((select(STDERR), $|=1)[0]);
|
|
||||||
|
|
||||||
########################################
|
|
||||||
# Config and option parsing {{{
|
|
||||||
my $usage = Slack::default_usage("$PROG [options] <role> [<role>...]");
|
|
||||||
# Option defaults
|
|
||||||
my %opt = ();
|
|
||||||
Slack::get_options(
|
|
||||||
opthash => \%opt,
|
|
||||||
usage => $usage,
|
|
||||||
required_options => [ qw(root stage) ],
|
|
||||||
);
|
|
||||||
# }}}
|
|
||||||
|
|
||||||
# Arguments are required
|
|
||||||
die "No roles given!\n\n$usage" unless @ARGV;
|
|
||||||
|
|
||||||
unless (-d $opt{root}) {
|
|
||||||
if (not $opt{'dry-run'}) {
|
|
||||||
eval {
|
|
||||||
mkpath($opt{root});
|
|
||||||
# We have a tight umask, and a root of mode 0700 would be undesirable
|
|
||||||
# in most cases.
|
|
||||||
chmod(0755, $opt{root});
|
|
||||||
};
|
|
||||||
die "Could not mkpath destination directory '$opt{root}': $@\n" if $@;
|
|
||||||
}
|
|
||||||
warn "WARNING[$PROG]: Created destination directory '".$opt{root}."'\n";
|
|
||||||
}
|
|
||||||
|
|
||||||
# Prepare for backups
|
|
||||||
if ($opt{backup} and $opt{'backup-dir'}) {
|
|
||||||
# Make sure backup directory exists
|
|
||||||
unless (-d $opt{'backup-dir'}) {
|
|
||||||
($opt{verbose} > 0) and print STDERR "$PROG: Creating backup directory '$opt{'backup-dir'}'\n";
|
|
||||||
if (not $opt{'dry-run'}) {
|
|
||||||
eval { mkpath($opt{'backup-dir'}); };
|
|
||||||
die "Could not mkpath backup dir '$opt{'backup-dir'}': $@\n" if $@;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
push(@rsync, "--backup", "--backup-dir=$opt{'backup-dir'}");
|
|
||||||
}
|
|
||||||
# Pass options along to rsync
|
|
||||||
if ($opt{'dry-run'}) {
|
|
||||||
push @rsync, '--dry-run';
|
|
||||||
}
|
|
||||||
if ($opt{'verbose'} > 1) {
|
|
||||||
push @rsync, '--verbose';
|
|
||||||
}
|
|
||||||
|
|
||||||
# copy over the new files
|
|
||||||
for my $role (@ARGV) {
|
|
||||||
install_files($role);
|
|
||||||
}
|
|
||||||
exit 0;
|
|
||||||
|
|
||||||
# This subroutine takes care of actually installing the files for a role
|
|
||||||
sub install_files ($) {
|
|
||||||
my ($role) = @_;
|
|
||||||
# final / is important for rsync
|
|
||||||
my $source = $opt{stage} . "/roles/" . $role . "/files/";
|
|
||||||
my $destination = $opt{root} . "/";
|
|
||||||
my @command = (@rsync, $source, $destination);
|
|
||||||
|
|
||||||
if (not -d $source) {
|
|
||||||
($opt{verbose} > 0) and
|
|
||||||
print STDERR "$PROG: No files to install -- '$source' does not exist\n";
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Try to give some sensible message here
|
|
||||||
if ($opt{verbose} > 0) {
|
|
||||||
if ($opt{'dry-run'}) {
|
|
||||||
print STDERR "$PROG: Dry-run syncing '$source' to '$destination'\n";
|
|
||||||
} else {
|
|
||||||
print STDERR "$PROG: Syncing '$source' to '$destination'\n";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
my ($fh) = Slack::wrap_rsync_fh(@command);
|
|
||||||
|
|
||||||
select((select($fh), $|=1)[0]); # Turn on autoflush
|
|
||||||
|
|
||||||
my $callback = sub {
|
|
||||||
my ($file) = @_;
|
|
||||||
($file =~ s#^$source##)
|
|
||||||
or die "sub failed: $source|$file";
|
|
||||||
print $fh "$file\0";
|
|
||||||
};
|
|
||||||
|
|
||||||
# This will print files to be synced to the $fh
|
|
||||||
Slack::find_files_to_install($source, $destination, $callback);
|
|
||||||
|
|
||||||
# Close fh, waitpid, and check return value
|
|
||||||
unless (close($fh)) {
|
|
||||||
Slack::check_system_exit(@command);
|
|
||||||
}
|
|
||||||
}
|
|
146
archive/slack-runtime/dist/slack-rolediff
vendored
146
archive/slack-runtime/dist/slack-rolediff
vendored
@ -1,146 +0,0 @@
|
|||||||
#!/usr/bin/perl -w
|
|
||||||
# $Id: slack-rolediff 125 2006-09-27 07:50:07Z alan $
|
|
||||||
# vim:sw=2
|
|
||||||
# vim600:fdm=marker
|
|
||||||
# Copyright (C) 2004-2006 Alan Sundell <alan@sundell.net>
|
|
||||||
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
|
|
||||||
# See the file COPYING for details.
|
|
||||||
#
|
|
||||||
# This script provides a preview of scripts or files about to be installed.
|
|
||||||
# Basically, it calls diff -- its smarts are in knowing where things are.
|
|
||||||
|
|
||||||
require 5.006;
|
|
||||||
use warnings FATAL => qw(all);
|
|
||||||
use strict;
|
|
||||||
use sigtrap qw(die untrapped normal-signals
|
|
||||||
stack-trace any error-signals);
|
|
||||||
|
|
||||||
use File::Path;
|
|
||||||
use File::Find;
|
|
||||||
|
|
||||||
use constant LIB_DIR => '/usr/lib/slack';
|
|
||||||
use lib LIB_DIR;
|
|
||||||
use Slack;
|
|
||||||
|
|
||||||
my @diff = ('slack-diff',
|
|
||||||
'-uN',
|
|
||||||
);
|
|
||||||
|
|
||||||
# directories to compare
|
|
||||||
my %subdir = (
|
|
||||||
files => 1,
|
|
||||||
scripts => 1,
|
|
||||||
);
|
|
||||||
|
|
||||||
(my $PROG = $0) =~ s#.*/##;
|
|
||||||
|
|
||||||
sub diff ($$;@);
|
|
||||||
|
|
||||||
########################################
|
|
||||||
# Environment
|
|
||||||
# Helpful prefix to die messages
|
|
||||||
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
|
|
||||||
# Set a reasonable umask
|
|
||||||
umask 077;
|
|
||||||
# Get out of wherever (possibly NFS-mounted) we were
|
|
||||||
chdir("/")
|
|
||||||
or die "Could not chdir /: $!";
|
|
||||||
# Autoflush on STDERR
|
|
||||||
select((select(STDERR), $|=1)[0]);
|
|
||||||
|
|
||||||
########################################
|
|
||||||
# Config and option parsing {{{
|
|
||||||
my $usage = Slack::default_usage("$PROG [options] <role> [<role>...]");
|
|
||||||
$usage .= <<EOF;
|
|
||||||
|
|
||||||
--subdir DIR
|
|
||||||
Check this subdir only. Possible values for DIR are 'files' and
|
|
||||||
'scripts'.
|
|
||||||
|
|
||||||
--diff PROG
|
|
||||||
Use this program to do diffs. [@diff]
|
|
||||||
EOF
|
|
||||||
# Option defaults
|
|
||||||
my %opt = ();
|
|
||||||
Slack::get_options(
|
|
||||||
opthash => \%opt,
|
|
||||||
command_line_options => [
|
|
||||||
'subdir=s',
|
|
||||||
'diff=s',
|
|
||||||
],
|
|
||||||
usage => $usage,
|
|
||||||
required_options => [ qw(cache stage root) ],
|
|
||||||
);
|
|
||||||
|
|
||||||
# Arguments are required
|
|
||||||
die "No roles given!\n\n$usage" unless @ARGV;
|
|
||||||
|
|
||||||
# We only allow certain values for this option
|
|
||||||
if ($opt{subdir}) {
|
|
||||||
unless ($opt{subdir} eq 'files' or $opt{subdir} eq 'scripts') {
|
|
||||||
die "--subdir option must be 'files' or 'scripts'\n\n$usage";
|
|
||||||
}
|
|
||||||
# Only do this subdir
|
|
||||||
%subdir = ( $opt{subdir} => 1 );
|
|
||||||
}
|
|
||||||
|
|
||||||
# Let people override our diff. Split on spaces so they can pass args.
|
|
||||||
if ($opt{diff}) {
|
|
||||||
@diff = split(/\s+/, $opt{diff});
|
|
||||||
}
|
|
||||||
|
|
||||||
# }}}
|
|
||||||
|
|
||||||
my $exit = 0;
|
|
||||||
# Do the diffs
|
|
||||||
for my $full_role (@ARGV) {
|
|
||||||
# Split the full role (e.g. google.foogle.woogle) into components
|
|
||||||
my @role = split(/\./, $full_role);
|
|
||||||
|
|
||||||
if ($subdir{scripts}) {
|
|
||||||
# Then we compare the cache vs the stage
|
|
||||||
my $old = $opt{stage} . "/roles/" . $full_role . "/scripts";
|
|
||||||
my $new = $opt{cache} . "/roles/" . $role[0] . "/scripts";
|
|
||||||
# For scripts, we don't care so much about mode and owner (since those are
|
|
||||||
# inherited in the CACHE from the SOURCE), so --noperms.
|
|
||||||
$exit |= diff($old, $new, '--noperms');
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($subdir{files}) {
|
|
||||||
# Then we compare the stage vs the root
|
|
||||||
my $old = $opt{root};
|
|
||||||
my $new = $opt{stage} . "/roles/" . $full_role . "/files";
|
|
||||||
# For files, we don't care about files that exist in $old but not $new
|
|
||||||
$exit |= diff($old, $new, '--unidirectional-new-file');
|
|
||||||
}
|
|
||||||
}
|
|
||||||
exit $exit;
|
|
||||||
|
|
||||||
sub diff ($$;@) {
|
|
||||||
my ($old, $new, @options) = @_;
|
|
||||||
|
|
||||||
my @command = (@diff, @options);
|
|
||||||
|
|
||||||
# return if there's nothing to do
|
|
||||||
return 0 if (not -d $old and not -d $new);
|
|
||||||
|
|
||||||
($opt{verbose} > 0) and print STDERR "$PROG: Previewing with '@command'\n";
|
|
||||||
|
|
||||||
my $return = 0;
|
|
||||||
my $callback = sub {
|
|
||||||
my ($new_file) = @_;
|
|
||||||
my $old_file = $new_file;
|
|
||||||
($old_file =~ s#^$new#$old#)
|
|
||||||
or die "sub failed: $new|$new_file";
|
|
||||||
if (system(@command, $old_file, $new_file) != 0) {
|
|
||||||
$return |= Slack::get_system_exit(@command);
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
# We have to use this function, rather than recursive mode for slack-diff,
|
|
||||||
# because otherwise we'll print a bunch of bogus stuff about directories
|
|
||||||
# that exist in $ROOT and therefore aren't being synced.
|
|
||||||
Slack::find_files_to_install($new, $old, $callback);
|
|
||||||
|
|
||||||
return $return;
|
|
||||||
}
|
|
111
archive/slack-runtime/dist/slack-runscript
vendored
111
archive/slack-runtime/dist/slack-runscript
vendored
@ -1,111 +0,0 @@
|
|||||||
#!/usr/bin/perl -w
|
|
||||||
# $Id: slack-runscript 118 2006-09-25 18:35:17Z alan $
|
|
||||||
# vim:sw=2
|
|
||||||
# vim600:fdm=marker
|
|
||||||
# Copyright (C) 2004-2006 Alan Sundell <alan@sundell.net>
|
|
||||||
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
|
|
||||||
# See the file COPYING for details.
|
|
||||||
#
|
|
||||||
# This script is in charge of running scripts out of the local stage
|
|
||||||
|
|
||||||
require 5.006;
|
|
||||||
use warnings FATAL => qw(all);
|
|
||||||
use strict;
|
|
||||||
use sigtrap qw(die untrapped normal-signals
|
|
||||||
stack-trace any error-signals);
|
|
||||||
|
|
||||||
use File::Path;
|
|
||||||
use File::Find;
|
|
||||||
|
|
||||||
use constant LIB_DIR => '/usr/lib/slack';
|
|
||||||
use lib LIB_DIR;
|
|
||||||
use Slack;
|
|
||||||
|
|
||||||
# Export these options to the environment of the script
|
|
||||||
my @export_options = qw(root stage hostname verbose);
|
|
||||||
|
|
||||||
(my $PROG = $0) =~ s#.*/##;
|
|
||||||
|
|
||||||
########################################
|
|
||||||
# Environment
|
|
||||||
# Helpful prefix to die messages
|
|
||||||
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
|
|
||||||
# Set a reasonable umask
|
|
||||||
umask 077;
|
|
||||||
# Autoflush on STDERR
|
|
||||||
select((select(STDERR), $|=1)[0]);
|
|
||||||
# Get out of wherever (possibly NFS-mounted) we were
|
|
||||||
chdir('/')
|
|
||||||
or die "Could not chdir '/': $!";
|
|
||||||
|
|
||||||
########################################
|
|
||||||
# Config and option parsing {{{
|
|
||||||
my $usage = Slack::default_usage("$PROG [options] <action> <role> [<role>...]");
|
|
||||||
# Option defaults
|
|
||||||
my %opt = ();
|
|
||||||
Slack::get_options(
|
|
||||||
opthash => \%opt,
|
|
||||||
usage => $usage,
|
|
||||||
required_options => \@export_options,
|
|
||||||
);
|
|
||||||
|
|
||||||
my $action = shift || die "No script to run!\n\n$usage";
|
|
||||||
# Arguments are required
|
|
||||||
die "No roles given!\n\n$usage" unless @ARGV;
|
|
||||||
|
|
||||||
# }}}
|
|
||||||
|
|
||||||
# Start with a clean environment
|
|
||||||
%ENV = (
|
|
||||||
PATH => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
|
|
||||||
);
|
|
||||||
# Export certain variables to the environment. These are guaranteed to
|
|
||||||
# be set because we require them in get_options above.
|
|
||||||
for my $option (@export_options) {
|
|
||||||
my $env_var = $option;
|
|
||||||
$env_var =~ tr/a-z-/A-Z_/;
|
|
||||||
$ENV{$env_var} = $opt{$option};
|
|
||||||
}
|
|
||||||
# We want to decrement the verbose value for the child if it's set.
|
|
||||||
$ENV{VERBOSE}-- if $ENV{VERBOSE};
|
|
||||||
|
|
||||||
# Run the script for each role given, if it exists and is executable
|
|
||||||
for my $role (@ARGV) {
|
|
||||||
my $script_to_run = "$opt{stage}/roles/$role/scripts/$action";
|
|
||||||
unless (-x $script_to_run) {
|
|
||||||
if (-e _) {
|
|
||||||
# A helpful warning
|
|
||||||
warn "WARNING[$PROG]: Skipping '$script_to_run' because it's not executable\n";
|
|
||||||
} elsif ($opt{verbose} > 0) {
|
|
||||||
print STDERR "$PROG: Skipping '$script_to_run' because it doesn't exist\n";
|
|
||||||
}
|
|
||||||
next;
|
|
||||||
}
|
|
||||||
my $dir;
|
|
||||||
if ($action eq 'fixfiles') {
|
|
||||||
$dir = "$opt{stage}/roles/$role/files";
|
|
||||||
} else {
|
|
||||||
$dir = "$opt{stage}/roles/$role/scripts";
|
|
||||||
}
|
|
||||||
my @command = ($script_to_run , $role);
|
|
||||||
|
|
||||||
# It's OK to chdir even if we're not going to run the script.
|
|
||||||
# Might as well see if it works.
|
|
||||||
chdir($dir)
|
|
||||||
or die "Could not chdir '$dir': $!\n";
|
|
||||||
if ($opt{'dry-run'}) {
|
|
||||||
($opt{verbose} > 0)
|
|
||||||
and print STDERR "$PROG: Not calling '@command' in '$dir' ".
|
|
||||||
"because --dry-run specified.\n";
|
|
||||||
} else {
|
|
||||||
($opt{verbose} > 0)
|
|
||||||
and print STDERR "$PROG: Calling '@command' in '$dir'.\n";
|
|
||||||
unless (system("script /root/slackLog -a -f -c @command") == 0) {
|
|
||||||
Slack::check_system_exit(@command);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
chdir('/')
|
|
||||||
or die "Could not chdir '/': $!\n"
|
|
||||||
}
|
|
||||||
exit 0;
|
|
||||||
|
|
111
archive/slack-runtime/dist/slack-runscript.orig
vendored
111
archive/slack-runtime/dist/slack-runscript.orig
vendored
@ -1,111 +0,0 @@
|
|||||||
#!/usr/bin/perl -w
|
|
||||||
# $Id: slack-runscript 118 2006-09-25 18:35:17Z alan $
|
|
||||||
# vim:sw=2
|
|
||||||
# vim600:fdm=marker
|
|
||||||
# Copyright (C) 2004-2006 Alan Sundell <alan@sundell.net>
|
|
||||||
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
|
|
||||||
# See the file COPYING for details.
|
|
||||||
#
|
|
||||||
# This script is in charge of running scripts out of the local stage
|
|
||||||
|
|
||||||
require 5.006;
|
|
||||||
use warnings FATAL => qw(all);
|
|
||||||
use strict;
|
|
||||||
use sigtrap qw(die untrapped normal-signals
|
|
||||||
stack-trace any error-signals);
|
|
||||||
|
|
||||||
use File::Path;
|
|
||||||
use File::Find;
|
|
||||||
|
|
||||||
use constant LIB_DIR => '/usr/lib/slack';
|
|
||||||
use lib LIB_DIR;
|
|
||||||
use Slack;
|
|
||||||
|
|
||||||
# Export these options to the environment of the script
|
|
||||||
my @export_options = qw(root stage hostname verbose);
|
|
||||||
|
|
||||||
(my $PROG = $0) =~ s#.*/##;
|
|
||||||
|
|
||||||
########################################
|
|
||||||
# Environment
|
|
||||||
# Helpful prefix to die messages
|
|
||||||
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
|
|
||||||
# Set a reasonable umask
|
|
||||||
umask 077;
|
|
||||||
# Autoflush on STDERR
|
|
||||||
select((select(STDERR), $|=1)[0]);
|
|
||||||
# Get out of wherever (possibly NFS-mounted) we were
|
|
||||||
chdir('/')
|
|
||||||
or die "Could not chdir '/': $!";
|
|
||||||
|
|
||||||
########################################
|
|
||||||
# Config and option parsing {{{
|
|
||||||
my $usage = Slack::default_usage("$PROG [options] <action> <role> [<role>...]");
|
|
||||||
# Option defaults
|
|
||||||
my %opt = ();
|
|
||||||
Slack::get_options(
|
|
||||||
opthash => \%opt,
|
|
||||||
usage => $usage,
|
|
||||||
required_options => \@export_options,
|
|
||||||
);
|
|
||||||
|
|
||||||
my $action = shift || die "No script to run!\n\n$usage";
|
|
||||||
# Arguments are required
|
|
||||||
die "No roles given!\n\n$usage" unless @ARGV;
|
|
||||||
|
|
||||||
# }}}
|
|
||||||
|
|
||||||
# Start with a clean environment
|
|
||||||
%ENV = (
|
|
||||||
PATH => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
|
|
||||||
);
|
|
||||||
# Export certain variables to the environment. These are guaranteed to
|
|
||||||
# be set because we require them in get_options above.
|
|
||||||
for my $option (@export_options) {
|
|
||||||
my $env_var = $option;
|
|
||||||
$env_var =~ tr/a-z-/A-Z_/;
|
|
||||||
$ENV{$env_var} = $opt{$option};
|
|
||||||
}
|
|
||||||
# We want to decrement the verbose value for the child if it's set.
|
|
||||||
$ENV{VERBOSE}-- if $ENV{VERBOSE};
|
|
||||||
|
|
||||||
# Run the script for each role given, if it exists and is executable
|
|
||||||
for my $role (@ARGV) {
|
|
||||||
my $script_to_run = "$opt{stage}/roles/$role/scripts/$action";
|
|
||||||
unless (-x $script_to_run) {
|
|
||||||
if (-e _) {
|
|
||||||
# A helpful warning
|
|
||||||
warn "WARNING[$PROG]: Skipping '$script_to_run' because it's not executable\n";
|
|
||||||
} elsif ($opt{verbose} > 0) {
|
|
||||||
print STDERR "$PROG: Skipping '$script_to_run' because it doesn't exist\n";
|
|
||||||
}
|
|
||||||
next;
|
|
||||||
}
|
|
||||||
my $dir;
|
|
||||||
if ($action eq 'fixfiles') {
|
|
||||||
$dir = "$opt{stage}/roles/$role/files";
|
|
||||||
} else {
|
|
||||||
$dir = "$opt{stage}/roles/$role/scripts";
|
|
||||||
}
|
|
||||||
my @command = ($script_to_run, $role);
|
|
||||||
|
|
||||||
# It's OK to chdir even if we're not going to run the script.
|
|
||||||
# Might as well see if it works.
|
|
||||||
chdir($dir)
|
|
||||||
or die "Could not chdir '$dir': $!\n";
|
|
||||||
if ($opt{'dry-run'}) {
|
|
||||||
($opt{verbose} > 0)
|
|
||||||
and print STDERR "$PROG: Not calling '@command' in '$dir' ".
|
|
||||||
"because --dry-run specified.\n";
|
|
||||||
} else {
|
|
||||||
($opt{verbose} > 0)
|
|
||||||
and print STDERR "$PROG: Calling '@command' in '$dir'.\n";
|
|
||||||
unless (system(@command) == 0) {
|
|
||||||
Slack::check_system_exit(@command);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
chdir('/')
|
|
||||||
or die "Could not chdir '/': $!\n"
|
|
||||||
}
|
|
||||||
exit 0;
|
|
||||||
|
|
278
archive/slack-runtime/dist/slack-stage
vendored
278
archive/slack-runtime/dist/slack-stage
vendored
@ -1,278 +0,0 @@
|
|||||||
#!/usr/bin/perl -w
|
|
||||||
# $Id: slack-stage 180 2008-01-19 08:26:19Z alan $
|
|
||||||
# vim:sw=2
|
|
||||||
# vim600:fdm=marker
|
|
||||||
# Copyright (C) 2004-2008 Alan Sundell <alan@sundell.net>
|
|
||||||
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
|
|
||||||
# See the file COPYING for details.
|
|
||||||
#
|
|
||||||
# This script is in charge of copying files from the local cache
|
|
||||||
# directory to the local stage, building a unified single tree onstage
|
|
||||||
# from the multiple trees that are the role + subroles in the cache
|
|
||||||
|
|
||||||
require 5.006;
|
|
||||||
use warnings FATAL => qw(all);
|
|
||||||
use strict;
|
|
||||||
use sigtrap qw(die untrapped normal-signals
|
|
||||||
stack-trace any error-signals);
|
|
||||||
|
|
||||||
use File::Path;
|
|
||||||
use File::Find;
|
|
||||||
|
|
||||||
use constant LIB_DIR => '/usr/lib/slack';
|
|
||||||
use lib LIB_DIR;
|
|
||||||
use Slack;
|
|
||||||
|
|
||||||
my @rsync = ('rsync',
|
|
||||||
'--recursive',
|
|
||||||
'--times',
|
|
||||||
'--ignore-times',
|
|
||||||
'--perms',
|
|
||||||
'--sparse',
|
|
||||||
);
|
|
||||||
|
|
||||||
(my $PROG = $0) =~ s#.*/##;
|
|
||||||
|
|
||||||
sub check_stage ();
|
|
||||||
sub sync_role ($$@);
|
|
||||||
sub apply_default_perms_to_role ($$);
|
|
||||||
|
|
||||||
########################################
|
|
||||||
# Environment
|
|
||||||
# Helpful prefix to die messages
|
|
||||||
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
|
|
||||||
# Set a reasonable umask
|
|
||||||
umask 077;
|
|
||||||
# Get out of wherever (possibly NFS-mounted) we were
|
|
||||||
chdir("/")
|
|
||||||
or die "Could not chdir /: $!";
|
|
||||||
# Autoflush on STDERR
|
|
||||||
select((select(STDERR), $|=1)[0]);
|
|
||||||
|
|
||||||
########################################
|
|
||||||
# Config and option parsing {{{
|
|
||||||
my $usage = Slack::default_usage("$PROG [options] <role> [<role>...]");
|
|
||||||
$usage .= <<EOF;
|
|
||||||
|
|
||||||
--subdir DIR
|
|
||||||
Sync this subdir only. Possible values for DIR are 'files' and
|
|
||||||
'scripts'.
|
|
||||||
EOF
|
|
||||||
# Option defaults
|
|
||||||
my %opt = ();
|
|
||||||
Slack::get_options(
|
|
||||||
opthash => \%opt,
|
|
||||||
command_line_options => [
|
|
||||||
'subdir=s',
|
|
||||||
],
|
|
||||||
usage => $usage,
|
|
||||||
required_options => [ qw(cache stage) ],
|
|
||||||
);
|
|
||||||
|
|
||||||
# Arguments are required
|
|
||||||
die "No roles given!\n\n$usage" unless @ARGV;
|
|
||||||
|
|
||||||
# We only allow certain values for this option
|
|
||||||
if ($opt{subdir}) {
|
|
||||||
unless ($opt{subdir} eq 'files' or $opt{subdir} eq 'scripts') {
|
|
||||||
die "--subdir option must be 'files' or 'scripts'\n\n$usage";
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
$opt{subdir} = '';
|
|
||||||
}
|
|
||||||
|
|
||||||
# Prepare for backups
|
|
||||||
if ($opt{backup} and $opt{'backup-dir'}) {
|
|
||||||
# Make sure backup directory exists
|
|
||||||
unless (-d $opt{'backup-dir'}) {
|
|
||||||
($opt{verbose} > 0) and print STDERR "Creating backup directory '$opt{'backup-dir'}'\n";
|
|
||||||
if (not $opt{'dry-run'}) {
|
|
||||||
eval { mkpath($opt{'backup-dir'}); };
|
|
||||||
die "Could not mkpath backup dir '$opt{'backup-dir'}': $@\n" if $@;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
push(@rsync, "--backup", "--backup-dir=$opt{'backup-dir'}");
|
|
||||||
}
|
|
||||||
|
|
||||||
# Pass options along to rsync
|
|
||||||
if ($opt{'dry-run'}) {
|
|
||||||
push @rsync, '--dry-run';
|
|
||||||
}
|
|
||||||
# Pass options along to rsync
|
|
||||||
if ($opt{'verbose'} > 1) {
|
|
||||||
push @rsync, '--verbose';
|
|
||||||
}
|
|
||||||
# }}}
|
|
||||||
|
|
||||||
# copy over the new files
|
|
||||||
for my $full_role (@ARGV) {
|
|
||||||
# Split the full role (e.g. google.foogle.woogle) into components
|
|
||||||
my @role_parts = split(/\./, $full_role);
|
|
||||||
die "Internal error: Expect at least one role part" if not @role_parts;
|
|
||||||
# Reassemble parts one at a time onto @role and sync as we go,
|
|
||||||
# so we do "google", then "google.foogle", then "google.foogle.woogle"
|
|
||||||
my @role = ();
|
|
||||||
# Make sure we've got the right perms before we copy stuff down
|
|
||||||
check_stage();
|
|
||||||
|
|
||||||
# For the base role, do both files and scripts.
|
|
||||||
push @role, shift @role_parts;
|
|
||||||
for my $subdir(qw(files scripts)) {
|
|
||||||
if (not $opt{subdir} or $opt{subdir} eq $subdir) {
|
|
||||||
($opt{verbose} > 1)
|
|
||||||
and print STDERR "$PROG: Calling sync_role for $full_role, @role\n";
|
|
||||||
# @role here will have one element, so sync_role will use --delete
|
|
||||||
sync_role($full_role, $subdir, @role)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# For all subroles, just do the files.
|
|
||||||
# (If we wanted script subroles to work like files, we'd get rid of this
|
|
||||||
# distinction and simplify the code.)
|
|
||||||
if (not $opt{subdir} or $opt{subdir} eq 'files') {
|
|
||||||
while (@role_parts) {
|
|
||||||
push @role, shift @role_parts;
|
|
||||||
($opt{verbose} > 1)
|
|
||||||
and print STDERR "$PROG: Calling sync_role for $full_role, @role\n";
|
|
||||||
sync_role($full_role, 'files', @role);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
for my $subdir (qw(files scripts)) {
|
|
||||||
apply_default_perms_to_role($full_role, $subdir)
|
|
||||||
if (not $opt{subdir} or $opt{subdir} eq $subdir);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
exit 0;
|
|
||||||
|
|
||||||
# Make sure the stage directory exists and is mode 0700, to protect files
|
|
||||||
# underneath in transit
|
|
||||||
sub check_stage () {
|
|
||||||
my $stage = $opt{stage} . "/roles";
|
|
||||||
if (not $opt{'dry-run'}) {
|
|
||||||
if (not -d $stage) {
|
|
||||||
($opt{verbose} > 0) and print STDERR "$PROG: Creating '$stage'\n";
|
|
||||||
eval { mkpath($stage); };
|
|
||||||
die "Could not mkpath cache dir '$stage': $@\n" if $@;
|
|
||||||
}
|
|
||||||
($opt{verbose} > 0) and print STDERR "$PROG: Checking perms on '$stage'\n";
|
|
||||||
if ($> != 0) {
|
|
||||||
warn "WARNING[$PROG]: Not superuser; unable to chown files\n";
|
|
||||||
} else {
|
|
||||||
chown(0, 0, $stage)
|
|
||||||
or die "Could not chown 0:0 '$stage': $!\n";
|
|
||||||
}
|
|
||||||
chmod(0700, $stage)
|
|
||||||
or die "Could not chmod 0700 '$stage': $!\n";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# Copy the files for a role from CACHE to STAGE
|
|
||||||
sub sync_role ($$@) {
|
|
||||||
my ($full_role, $subdir, @role) = @_;
|
|
||||||
my @this_rsync = @rsync;
|
|
||||||
|
|
||||||
# If we were only given one role part, we're in the base role
|
|
||||||
my $in_base_role = (scalar @role == 1);
|
|
||||||
|
|
||||||
# For the base role, delete any files that don't exist in the cache.
|
|
||||||
# Not for the subrole (otherwise we'll delete all files not in
|
|
||||||
# the subrole, which may be most of them!)
|
|
||||||
if ($in_base_role) {
|
|
||||||
push @this_rsync, "--delete";
|
|
||||||
}
|
|
||||||
|
|
||||||
# (a) => a/files
|
|
||||||
# (a,b,c) => a/files.b.c
|
|
||||||
my $src_path = $role[0].'/'.join(".", $subdir, @role[1 .. $#role]);
|
|
||||||
# This one's a little simpler:
|
|
||||||
my $dst_path = $full_role.'/'.$subdir;
|
|
||||||
|
|
||||||
# final / is important for rsync
|
|
||||||
my $source = $opt{cache} . "/roles/" . $src_path . "/";
|
|
||||||
my $destination = $opt{stage} . "/roles/" . $dst_path . "/";
|
|
||||||
if (not -d $destination and -d $source) {
|
|
||||||
($opt{verbose} > 0) and print STDERR "$PROG: Creating '$destination'\n";
|
|
||||||
if (not $opt{'dry-run'}) {
|
|
||||||
eval { mkpath($destination); };
|
|
||||||
die "Could not mkpath stage dir '$destination': $@\n" if $@;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# We no longer require the source to exist
|
|
||||||
if (not -d $source) {
|
|
||||||
# but we need to remove the destination if the source
|
|
||||||
# doesn't exist and we're in the base role
|
|
||||||
if ($in_base_role) {
|
|
||||||
rmtree($destination);
|
|
||||||
# rmtree() doesn't throw exceptions or give a return value useful
|
|
||||||
# for detecting failure, so we just check after the fact.
|
|
||||||
die "Could not rmtree '$destination' when '$source' missing\n"
|
|
||||||
if -e $destination;
|
|
||||||
}
|
|
||||||
# if we continue, rsync will fail because source is missing,
|
|
||||||
# so we don't.
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
# All this to run an rsync command
|
|
||||||
my @command = (@this_rsync, $source, $destination);
|
|
||||||
($opt{verbose} > 0) and print STDERR "$PROG: Syncing $src_path with '@command'\n";
|
|
||||||
Slack::wrap_rsync(@command);
|
|
||||||
}
|
|
||||||
|
|
||||||
# This just takes the base role, and chowns/chmods everything under it to
|
|
||||||
# give it some sensible permissions. Basically, the only thing we preserve
|
|
||||||
# about the original permissions is the executable bit, since that's the
|
|
||||||
# only thing source code controls systems like CVS, RCS, Perforce seem to
|
|
||||||
# preserve.
|
|
||||||
sub apply_default_perms_to_role ($$) {
|
|
||||||
my ($role, $subdir) = @_;
|
|
||||||
my $destination = $opt{stage} . "/roles/" . $role;
|
|
||||||
|
|
||||||
if ($subdir) {
|
|
||||||
$destination .= '/' . $subdir;
|
|
||||||
}
|
|
||||||
|
|
||||||
# If the destination doesn't exist, it's probably because the source didn't
|
|
||||||
return if not -d $destination;
|
|
||||||
|
|
||||||
($opt{verbose} > 0) and print STDERR "$PROG: Setting default perms on $destination\n";
|
|
||||||
if ($> != 0) {
|
|
||||||
warn "WARNING[$PROG]: Not superuser; won't be able to chown files\n";
|
|
||||||
}
|
|
||||||
# Use File::Find to recurse the directory
|
|
||||||
find({
|
|
||||||
# The "wanted" subroutine is called for every directory entry
|
|
||||||
wanted => sub {
|
|
||||||
return if $opt{'dry-run'};
|
|
||||||
($opt{verbose} > 2) and print STDERR "$File::Find::name\n";
|
|
||||||
if (-l) {
|
|
||||||
# symlinks shouldn't be in here,
|
|
||||||
# since we dereference when copying
|
|
||||||
warn "WARNING[$PROG]: Skipping symlink at $File::Find::name: $!\n";
|
|
||||||
return;
|
|
||||||
} elsif (-f _) { # results of last stat saved in the "_"
|
|
||||||
if (-x _) {
|
|
||||||
chmod 0555, $_
|
|
||||||
or die "Could not chmod 0555 $File::Find::name: $!";
|
|
||||||
} else {
|
|
||||||
chmod 0444, $_
|
|
||||||
or die "Could not chmod 0444 $File::Find::name: $!";
|
|
||||||
}
|
|
||||||
} elsif (-d _) {
|
|
||||||
chmod 0755, $_
|
|
||||||
or die "Could not chmod 0755 $File::Find::name: $!";
|
|
||||||
} else {
|
|
||||||
warn "WARNING[$PROG]: Unknown file type at $File::Find::name: $!\n";
|
|
||||||
}
|
|
||||||
return if $> != 0; # skip chowning if not superuser
|
|
||||||
chown 0, 0, $_
|
|
||||||
or die "Could not chown 0:0 $File::Find::name: $!";
|
|
||||||
},
|
|
||||||
# end of wanted function
|
|
||||||
},
|
|
||||||
# way down here, we have the directory to traverse with File::Find
|
|
||||||
$destination,
|
|
||||||
);
|
|
||||||
}
|
|
169
archive/slack-runtime/dist/slack-sync
vendored
169
archive/slack-runtime/dist/slack-sync
vendored
@ -1,169 +0,0 @@
|
|||||||
#!/usr/bin/perl -w
|
|
||||||
# $Id: slack-sync 180 2008-01-19 08:26:19Z alan $
|
|
||||||
# vim:sw=2
|
|
||||||
# vim600:fdm=marker
|
|
||||||
# Copyright (C) 2004-2008 Alan Sundell <alan@sundell.net>
|
|
||||||
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
|
|
||||||
# See the file COPYING for details.
|
|
||||||
#
|
|
||||||
# This script is in charge of copying files from the (possibly remote)
|
|
||||||
# master directory to a local cache, using rsync
|
|
||||||
|
|
||||||
require 5.006;
|
|
||||||
use warnings FATAL => qw(all);
|
|
||||||
use strict;
|
|
||||||
use sigtrap qw(die untrapped normal-signals
|
|
||||||
stack-trace any error-signals);
|
|
||||||
|
|
||||||
use File::Path;
|
|
||||||
|
|
||||||
use constant LIB_DIR => '/usr/lib/slack';
|
|
||||||
use lib LIB_DIR;
|
|
||||||
use Slack;
|
|
||||||
|
|
||||||
my @rsync = ('rsync',
|
|
||||||
'--cvs-exclude',
|
|
||||||
'--recursive',
|
|
||||||
'--links',
|
|
||||||
'--copy-links',
|
|
||||||
'--times',
|
|
||||||
'--perms',
|
|
||||||
'--sparse',
|
|
||||||
'--delete',
|
|
||||||
'--files-from=-',
|
|
||||||
'--from0',
|
|
||||||
);
|
|
||||||
|
|
||||||
(my $PROG = $0) =~ s#.*/##;
|
|
||||||
|
|
||||||
sub check_cache ($);
|
|
||||||
sub rsync_source ($$@);
|
|
||||||
|
|
||||||
########################################
|
|
||||||
# Environment
|
|
||||||
# Helpful prefix to die messages
|
|
||||||
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
|
|
||||||
# Set a reasonable umask
|
|
||||||
umask 077;
|
|
||||||
# Get out of wherever (possibly NFS-mounted) we were
|
|
||||||
chdir("/")
|
|
||||||
or die "Could not chdir /: $!";
|
|
||||||
# Autoflush on STDERR
|
|
||||||
select((select(STDERR), $|=1)[0]);
|
|
||||||
|
|
||||||
########################################
|
|
||||||
# Config and option parsing {{{
|
|
||||||
my $usage = Slack::default_usage("$PROG [options] <role> [<role>...]");
|
|
||||||
# Option defaults
|
|
||||||
my %opt = ();
|
|
||||||
Slack::get_options(
|
|
||||||
opthash => \%opt,
|
|
||||||
usage => $usage,
|
|
||||||
required_options => [ qw(source cache) ],
|
|
||||||
);
|
|
||||||
|
|
||||||
# Arguments are required
|
|
||||||
die "No roles given!\n\n$usage" unless @ARGV;
|
|
||||||
|
|
||||||
# Prepare for backups
|
|
||||||
if ($opt{backup} and $opt{'backup-dir'}) {
|
|
||||||
# Make sure backup directory exists
|
|
||||||
unless (-d $opt{'backup-dir'}) {
|
|
||||||
($opt{verbose} > 0) and print STDERR "Creating backup directory '$opt{'backup-dir'}'\n";
|
|
||||||
if (not $opt{'dry-run'}) {
|
|
||||||
eval { mkpath($opt{'backup-dir'}); };
|
|
||||||
die "Could not mkpath backup dir '$opt{'backup-dir'}': $@\n" if $@;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
push(@rsync, "--backup", "--backup-dir=$opt{'backup-dir'}");
|
|
||||||
}
|
|
||||||
# Look at source type, and add options if necessary
|
|
||||||
if ($opt{'rsh'} or $opt{source} =~ m/^[\w@\.-]+::/) {
|
|
||||||
# This is tunnelled rsync, and so needs an extra option
|
|
||||||
if ($opt{'rsh'}) {
|
|
||||||
push @rsync, '-e', $opt{'rsh'};
|
|
||||||
} else {
|
|
||||||
push @rsync, '-e', 'ssh';
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# Pass options along to rsync
|
|
||||||
if ($opt{'dry-run'}) {
|
|
||||||
push @rsync, '--dry-run';
|
|
||||||
}
|
|
||||||
# Pass options along to rsync
|
|
||||||
if ($opt{'verbose'} > 1) {
|
|
||||||
push @rsync, '--verbose';
|
|
||||||
}
|
|
||||||
# }}}
|
|
||||||
|
|
||||||
my @roles = ();
|
|
||||||
|
|
||||||
{
|
|
||||||
# This hash is just to avoid calling rsync twice if two subroles are
|
|
||||||
# installed. We only care since it's remote, and therefore slow.
|
|
||||||
my %roles_to_sync = ();
|
|
||||||
|
|
||||||
# copy over the new files
|
|
||||||
for my $full_role (@ARGV) {
|
|
||||||
# Get the first element of the role name (the base role)
|
|
||||||
# e.g., from "google.foogle.woogle", get "google"
|
|
||||||
my $base_role = (split /\./, $full_role, 2)[0];
|
|
||||||
|
|
||||||
$roles_to_sync{$base_role} = 1;
|
|
||||||
}
|
|
||||||
@roles = keys %roles_to_sync;
|
|
||||||
}
|
|
||||||
|
|
||||||
my $cache = $opt{cache} . "/roles/";
|
|
||||||
# Make sure we've got the right perms before we copy stuff down
|
|
||||||
check_cache($cache);
|
|
||||||
|
|
||||||
rsync_source(
|
|
||||||
$opt{source} . '/roles/',
|
|
||||||
$cache,
|
|
||||||
@roles,
|
|
||||||
);
|
|
||||||
|
|
||||||
exit 0;
|
|
||||||
|
|
||||||
# Make sure the cache directory exists and is mode 0700, to protect files
|
|
||||||
# underneath in transit
|
|
||||||
sub check_cache ($) {
|
|
||||||
my ($cache) = @_;
|
|
||||||
if (not $opt{'dry-run'}) {
|
|
||||||
if (not -d $cache) {
|
|
||||||
($opt{verbose} > 0) and print STDERR "$PROG: Creating '$cache'\n";
|
|
||||||
eval { mkpath($cache); };
|
|
||||||
die "Could not mkpath cache dir '$cache': $@\n" if $@;
|
|
||||||
}
|
|
||||||
($opt{verbose} > 0) and print STDERR "$PROG: Checking perms on '$cache'\n";
|
|
||||||
if ($> != 0) {
|
|
||||||
warn "WARNING[$PROG]: Not superuser; unable to chown files\n";
|
|
||||||
} else {
|
|
||||||
chown(0, 0, $cache)
|
|
||||||
or die "Could not chown 0:0 '$cache': $!\n";
|
|
||||||
}
|
|
||||||
chmod(0700, $cache)
|
|
||||||
or die "Could not chmod 0700 '$cache': $!\n";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# Pull down roles from an rsync source
|
|
||||||
sub rsync_source($$@) {
|
|
||||||
my ($source, $destination, @roles) = @_;
|
|
||||||
my @command = (@rsync, $source, $destination);
|
|
||||||
|
|
||||||
($opt{verbose} > 0)
|
|
||||||
and print STDERR "$PROG: Syncing cache with '@command'\n";
|
|
||||||
|
|
||||||
my ($fh) = Slack::wrap_rsync_fh(@command);
|
|
||||||
|
|
||||||
# Shove the roles down its throat
|
|
||||||
print $fh join("\0", @roles), "\0";
|
|
||||||
|
|
||||||
# Close fh, waitpid, and check return value
|
|
||||||
unless (close($fh)) {
|
|
||||||
Slack::check_system_exit(@command);
|
|
||||||
}
|
|
||||||
}
|
|
0
archive/slack-runtime/dist/slack.conf
vendored
0
archive/slack-runtime/dist/slack.conf
vendored
@ -1,6 +0,0 @@
|
|||||||
ROLE_LIST=toolbox.turnsys.net:/local/slack-prod/etc/roles.conf
|
|
||||||
SOURCE=toolbox.turnsys.net:/local/slack-prod/
|
|
||||||
CACHE=/var/cache/slack
|
|
||||||
STAGE=/var/lib/slack/stage
|
|
||||||
ROOT=/
|
|
||||||
BACKUP_DIR=/var/lib/slack/backups
|
|
@ -1,4 +0,0 @@
|
|||||||
Host toolbox.turnsys.net
|
|
||||||
User slack-prod
|
|
||||||
IdentityFile /root/.ssh/SlackSSH-prod.key
|
|
||||||
StrictHostKeyChecking no
|
|
27
archive/slack-runtime/env/SlackSSH-prod.key
vendored
27
archive/slack-runtime/env/SlackSSH-prod.key
vendored
@ -1,27 +0,0 @@
|
|||||||
-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
MIIEowIBAAKCAQEAycZwe0FuYISsFaHvaplNhb9uplG8YeMkffIKXp633MwihACm
|
|
||||||
oNoKEQHlqSKD1urZfLYjwf1YBKAPt9QRdIguwsQ3hl3xKpsO+gsmaOpF3eJMVWHZ
|
|
||||||
dS/T7lplIOcXr0tbUeibQ9p+c+MgICfpdAJvUnuD8grDmaTuvasBat4Ow6rXIzsQ
|
|
||||||
WKzSrP3iQJ0xeq+mqRIlPP5dwl66RF+dlaloVxlvG95i3u512EkNg+sMt1X5KbhH
|
|
||||||
ecQSicpA8K2qK4G71CqRIm7DmXCheSlDzqLACwJAFOU4xN3eqTO3B4Bm5Wri9Oip
|
|
||||||
hkwzMgWrDNFx/69ZnGF69g0VP8Qyl4R7d3FZDQIDAQABAoIBAQCzCDYpxybO0Sl3
|
|
||||||
kFXEuf3FHNRrEr8aA9cPQUHeLuppKV++zG0M8CpaaNqENjHQ8lTDiUE1ETuV7wfD
|
|
||||||
TpGmWmdTPZMe0B/6c9bYGiickrInbHHamJXAmw1qwh5VEXc8fJqslL2feTEWVoLc
|
|
||||||
xU0pODfacenjS5W+sE99T0xUrG9hQJMRtNOorMQiUraLl670yIZnzMszDIdd1xdv
|
|
||||||
4XCuQ5Phnup22/kvByIdiNXPaSY/gOooBTZDUzka+FV3Nn9XXhZoNBnNfk6XgHZw
|
|
||||||
x9vQvnN+tuDr6RX4g1RPq/u6IhsQO2/OT9wwu74KLdkLFTssGold73uys2WvC0NW
|
|
||||||
zNFVBuBBAoGBAO6lhTWE2hvt5h7btEY36XgoJbu0k/E7fVgEud2yCdRdQ5ApAHVs
|
|
||||||
xvol1D3waVKUrRePKq2BhaylwtYACYAow3geMsGrlf4ndlLOQ1z6ByNncJPF3Tr1
|
|
||||||
lFp025QLijoKmnCq3CdIVPrdhTm44go2usXytobpxS2nB5hZwZfyDju5AoGBANhy
|
|
||||||
i9vOlRXcLiHpmzAKwFs/jR9D09DUZ6ALm22HvDOsISJS+nR2neun+7HXXHm1Kqyu
|
|
||||||
w1GA8xaqBnuFfuHP09ZYTNammEROS8dL/5muGCwrfwIrd/H4ELsE0spWOrTlfgY/
|
|
||||||
GN5WeoXZGAwjiu67AoRkpKIQxnsjEKSNKZQntjn1AoGAOyAdIcZZd2P4iJqsTl1Z
|
|
||||||
5aAkwR2bLcAsbNs25XtPviKhM51E9NLPdXhb3kCrB3+4ZsbcrwIRCVZEMFrv/6WZ
|
|
||||||
0C/DKYKGdeJ3CUr7G5UCob3mAWabShk/+S1MnaBCTeEEpHdgdgcQrtqlQEjTD+7B
|
|
||||||
VXutxz0x0f64/gD22ttotVkCgYAma4a52JyMCc5ChMXgLDhiuhAhuZdynRFbzlOj
|
|
||||||
iJF2lpo3DoWYgKmdd+7sbW7jx62wg0D2Sa5cmoeWC2cvTAWtKXVSMLYcgc1frfTL
|
|
||||||
4aQ2yu27g93BnKfTmpKUCeRX0dih4TdX1//dnGBxXym9IILc30R94/5nQx0kKE52
|
|
||||||
Fup4tQKBgHrDPBIJG3MkA5UIkBPnxE9Ei8V4g/TpYjmC+6JiWkBTQCNZ4A2KKl7S
|
|
||||||
pwGQwdcqA5OsPbw0T54HwMtDm0ao0b3krb70vBw/xdIAHNe3DCmeOuKelvjDyzr1
|
|
||||||
ZL6gF557VfKFjz23Hp2PbOYo88BAdX1H1zy0FUZJ7Zh4GbOjgVFQ
|
|
||||||
-----END RSA PRIVATE KEY-----
|
|
@ -1 +0,0 @@
|
|||||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJxnB7QW5ghKwVoe9qmU2Fv26mUbxh4yR98gpenrfczCKEAKag2goRAeWpIoPW6tl8tiPB/VgEoA+31BF0iC7CxDeGXfEqmw76CyZo6kXd4kxVYdl1L9PuWmUg5xevS1tR6JtD2n5z4yAgJ+l0Am9Se4PyCsOZpO69qwFq3g7DqtcjOxBYrNKs/eJAnTF6r6apEiU8/l3CXrpEX52VqWhXGW8b3mLe7nXYSQ2D6wy3VfkpuEd5xBKJykDwraorgbvUKpEibsOZcKF5KUPOosALAkAU5TjE3d6pM7cHgGblauL06KmGTDMyBasM0XH/r1mcYXr2DRU/xDKXhHt3cVkN charles@ultix-mini
|
|
Binary file not shown.
0
archive/slack/ts-base-ovh/files/etc/cron.daily/clamscan
Executable file → Normal file
0
archive/slack/ts-base-ovh/files/etc/cron.daily/clamscan
Executable file → Normal file
0
archive/slack/ts-base-ovh/files/usr/local/bin/upAndRoll.sh
Executable file → Normal file
0
archive/slack/ts-base-ovh/files/usr/local/bin/upAndRoll.sh
Executable file → Normal file
0
archive/slack/ts-base-ovh/scripts/postinstall
Executable file → Normal file
0
archive/slack/ts-base-ovh/scripts/postinstall
Executable file → Normal file
@ -1,25 +0,0 @@
|
|||||||
{
|
|
||||||
ATTWAN [shape = cloud];
|
|
||||||
ATTWAN -- ATTDSLModem
|
|
||||||
|
|
||||||
network untrusted {
|
|
||||||
address = "192.168.1.x/24"
|
|
||||||
|
|
||||||
ATTDSLModem [address = ".254"];
|
|
||||||
pfv-core-rtr02 [address = ".70"];
|
|
||||||
pfv-core-rtr01 [address = ".71"];
|
|
||||||
}
|
|
||||||
|
|
||||||
network LAN-VLAN100 {
|
|
||||||
address = "10.251.100.x/24"
|
|
||||||
LANGW-RTR01 [address = ".252"];
|
|
||||||
LANGW-RTR02 [address = ".253"];
|
|
||||||
LANGW-FLOAT [address = ".254"];
|
|
||||||
}
|
|
||||||
network NERDBONE-VLAN200 {
|
|
||||||
address = "10.251.200.x/24"
|
|
||||||
NERDBONEGW-RTR01 [address = ".252"];
|
|
||||||
NERDBONEGW-RTR02 [address = ".253"];
|
|
||||||
NERDBONEGW-FLOAT [address = ".254"];
|
|
||||||
}
|
|
||||||
}
|
|
Binary file not shown.
Before Width: | Height: | Size: 19 KiB |
3
doorman/README.md
Normal file
3
doorman/README.md
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
# doorman
|
||||||
|
|
||||||
|
All things related to badge management for TSYS
|
0
doorman/doorman.pl
Executable file → Normal file
0
doorman/doorman.pl
Executable file → Normal file
0
doorman/test.pl
Executable file → Normal file
0
doorman/test.pl
Executable file → Normal file
0
fixHosts.sh
Executable file → Normal file
0
fixHosts.sh
Executable file → Normal file
0
libre-work/librenms/distro
Executable file → Normal file
0
libre-work/librenms/distro
Executable file → Normal file
0
libre-work/librenms/ntp-client.sh
Executable file → Normal file
0
libre-work/librenms/ntp-client.sh
Executable file → Normal file
0
libre-work/librenms/ntp-server.sh
Executable file → Normal file
0
libre-work/librenms/ntp-server.sh
Executable file → Normal file
0
libre-work/librenms/os-updates.sh
Executable file → Normal file
0
libre-work/librenms/os-updates.sh
Executable file → Normal file
0
libre-work/librenms/postfix-queues
Executable file → Normal file
0
libre-work/librenms/postfix-queues
Executable file → Normal file
0
libre-work/librenms/postfixdetailed
Executable file → Normal file
0
libre-work/librenms/postfixdetailed
Executable file → Normal file
0
libre-work/librenms/smart
Executable file → Normal file
0
libre-work/librenms/smart
Executable file → Normal file
File diff suppressed because it is too large
Load Diff
@ -1,280 +0,0 @@
|
|||||||
interface ethernet 1/e1
|
|
||||||
description sw1-mgmt
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e2
|
|
||||||
description sw2-mgmt
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e3
|
|
||||||
description sw3-mgmt
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e4
|
|
||||||
description sw4-mgmt
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e5
|
|
||||||
description sw5-mgmt
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e6
|
|
||||||
description sw6-mgmt
|
|
||||||
exit
|
|
||||||
interface range ethernet 1/e(7,19)
|
|
||||||
description r7-mgmt
|
|
||||||
exit
|
|
||||||
interface range ethernet 1/e(8,20)
|
|
||||||
description r8-mgmt
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e9
|
|
||||||
description fw1-mgmt
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e10
|
|
||||||
description fw2-mgmt
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e11
|
|
||||||
description r3-mgmt
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e12
|
|
||||||
description r2-mgmt
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e13
|
|
||||||
description r1-mgmt
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e14
|
|
||||||
description r4-mgmt
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e15
|
|
||||||
description r5-mgmt
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e16
|
|
||||||
description r6-mgmt
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e17
|
|
||||||
description sw7
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e18
|
|
||||||
description sw8-mgmt
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e21
|
|
||||||
description sw9-mgmt
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e22
|
|
||||||
description r4(wan)
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e23
|
|
||||||
description r5(wan)
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e24
|
|
||||||
description fw2(wan)
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e25
|
|
||||||
description auslab-con01
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e26
|
|
||||||
description r10(mgmt)
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e27
|
|
||||||
description r11(mgmt)
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e28
|
|
||||||
description r10(wan)
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e29
|
|
||||||
description r11(wan)
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e42
|
|
||||||
description ikeabench-sw
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e45
|
|
||||||
description LabPC
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e46
|
|
||||||
description Uplink-From-labsw02
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e46
|
|
||||||
duplex full
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e47
|
|
||||||
description GroundStation-Switch
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e48
|
|
||||||
description Uplink-To-labrtr01
|
|
||||||
exit
|
|
||||||
interface range ethernet 1/e(46,48)
|
|
||||||
switchport mode trunk
|
|
||||||
exit
|
|
||||||
vlan database
|
|
||||||
vlan 2-8,12,19-20,22,101,300-320,400-420
|
|
||||||
exit
|
|
||||||
interface range ethernet 1/e(46,48)
|
|
||||||
switchport trunk allowed vlan add 2
|
|
||||||
exit
|
|
||||||
interface range ethernet 1/e(46,48)
|
|
||||||
switchport trunk allowed vlan add 3
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e4
|
|
||||||
switchport access vlan 4
|
|
||||||
exit
|
|
||||||
interface range ethernet 1/e(46,48)
|
|
||||||
switchport trunk allowed vlan add 4
|
|
||||||
exit
|
|
||||||
interface range ethernet 1/e(46,48)
|
|
||||||
switchport trunk allowed vlan add 5
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e20
|
|
||||||
switchport access vlan 6
|
|
||||||
exit
|
|
||||||
interface range ethernet 1/e(46,48)
|
|
||||||
switchport trunk allowed vlan add 6
|
|
||||||
exit
|
|
||||||
interface range ethernet 1/e(46,48)
|
|
||||||
switchport trunk allowed vlan add 7
|
|
||||||
exit
|
|
||||||
interface range ethernet 1/e(46,48)
|
|
||||||
switchport trunk allowed vlan add 8
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e29
|
|
||||||
switchport access vlan 20
|
|
||||||
exit
|
|
||||||
interface range ethernet 1/e(25,42-43,45,47)
|
|
||||||
switchport access vlan 22
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e46
|
|
||||||
switchport trunk native vlan 22
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e48
|
|
||||||
switchport trunk allowed vlan add 22
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e1
|
|
||||||
switchport access vlan 300
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e2
|
|
||||||
switchport access vlan 301
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e3
|
|
||||||
switchport access vlan 302
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e5
|
|
||||||
switchport access vlan 304
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e6
|
|
||||||
switchport access vlan 305
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e44
|
|
||||||
switchport access vlan 306
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e7
|
|
||||||
switchport access vlan 307
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e9
|
|
||||||
switchport access vlan 308
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e11
|
|
||||||
switchport access vlan 309
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e13
|
|
||||||
switchport access vlan 310
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e14
|
|
||||||
switchport access vlan 311
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e15
|
|
||||||
switchport access vlan 312
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e21
|
|
||||||
switchport access vlan 313
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e23
|
|
||||||
switchport access vlan 314
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e17
|
|
||||||
switchport access vlan 315
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e18
|
|
||||||
switchport access vlan 316
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e26
|
|
||||||
switchport access vlan 317
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e19
|
|
||||||
switchport access vlan 318
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e28
|
|
||||||
switchport access vlan 319
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e16
|
|
||||||
switchport access vlan 400
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e8
|
|
||||||
switchport access vlan 401
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e10
|
|
||||||
switchport access vlan 402
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e12
|
|
||||||
switchport access vlan 403
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e22
|
|
||||||
switchport access vlan 407
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e24
|
|
||||||
switchport access vlan 408
|
|
||||||
exit
|
|
||||||
interface ethernet 1/e27
|
|
||||||
switchport access vlan 409
|
|
||||||
exit
|
|
||||||
interface vlan 2
|
|
||||||
name management-network
|
|
||||||
exit
|
|
||||||
interface vlan 3
|
|
||||||
name ap
|
|
||||||
exit
|
|
||||||
interface vlan 4
|
|
||||||
name switch
|
|
||||||
exit
|
|
||||||
interface vlan 5
|
|
||||||
name voip
|
|
||||||
exit
|
|
||||||
interface vlan 6
|
|
||||||
name router
|
|
||||||
exit
|
|
||||||
interface vlan 7
|
|
||||||
name iptv
|
|
||||||
exit
|
|
||||||
interface vlan 8
|
|
||||||
name client
|
|
||||||
exit
|
|
||||||
interface vlan 19
|
|
||||||
name storage
|
|
||||||
exit
|
|
||||||
interface vlan 20
|
|
||||||
name router-wan
|
|
||||||
exit
|
|
||||||
interface vlan 101
|
|
||||||
name fstack1
|
|
||||||
exit
|
|
||||||
interface vlan 22
|
|
||||||
ip address 10.251.22.2 255.255.255.0
|
|
||||||
exit
|
|
||||||
ip default-gateway 10.251.22.254
|
|
||||||
hostname labsw01.pfv.turnsys.net
|
|
||||||
line ssh
|
|
||||||
exec-timeout 0
|
|
||||||
exit
|
|
||||||
logging 10.253.3.99
|
|
||||||
aaa authentication enable default enable
|
|
||||||
aaa authentication enable radius enable
|
|
||||||
ip http authentication none
|
|
||||||
aaa authentication login default line
|
|
||||||
aaa authentication login radius local
|
|
||||||
line ssh
|
|
||||||
password d4d78a126ab5aa766f1c716b3fbcd230 encrypted
|
|
||||||
exit
|
|
||||||
line console
|
|
||||||
password d4d78a126ab5aa766f1c716b3fbcd230 encrypted
|
|
||||||
exit
|
|
||||||
enable password level 15 6a3299495f48d92cd5541197dacfcf20 encrypted
|
|
||||||
username admin password 6a3299495f48d92cd5541197dacfcf20 level 15 encrypted
|
|
||||||
snmp-server host 10.253.3.99 kn3lmgmt
|
|
||||||
snmp-server location PFV
|
|
||||||
snmp-server contact prodtechops@turnsys.com
|
|
||||||
snmp-server community kn3lmgmt 10.253.3.99
|
|
||||||
ip https server
|
|
||||||
|
|
@ -1,896 +0,0 @@
|
|||||||
<?xml version="1.0"?>
|
|
||||||
<opnsense>
|
|
||||||
<theme>opnsense</theme>
|
|
||||||
<sysctl>
|
|
||||||
<item>
|
|
||||||
<descr>Disable the pf ftp proxy handler.</descr>
|
|
||||||
<tunable>debug.pfftpproxy</tunable>
|
|
||||||
<value>default</value>
|
|
||||||
</item>
|
|
||||||
<item>
|
|
||||||
<descr>Increase UFS read-ahead speeds to match current state of hard drives and NCQ. More information here: http://ivoras.sharanet.org/blog/tree/2010-11-19.ufs-read-ahead.html</descr>
|
|
||||||
<tunable>vfs.read_max</tunable>
|
|
||||||
<value>default</value>
|
|
||||||
</item>
|
|
||||||
<item>
|
|
||||||
<descr>Set the ephemeral port range to be lower.</descr>
|
|
||||||
<tunable>net.inet.ip.portrange.first</tunable>
|
|
||||||
<value>default</value>
|
|
||||||
</item>
|
|
||||||
<item>
|
|
||||||
<descr>Drop packets to closed TCP ports without returning a RST</descr>
|
|
||||||
<tunable>net.inet.tcp.blackhole</tunable>
|
|
||||||
<value>default</value>
|
|
||||||
</item>
|
|
||||||
<item>
|
|
||||||
<descr>Do not send ICMP port unreachable messages for closed UDP ports</descr>
|
|
||||||
<tunable>net.inet.udp.blackhole</tunable>
|
|
||||||
<value>default</value>
|
|
||||||
</item>
|
|
||||||
<item>
|
|
||||||
<descr>Randomize the ID field in IP packets (default is 0: sequential IP IDs)</descr>
|
|
||||||
<tunable>net.inet.ip.random_id</tunable>
|
|
||||||
<value>default</value>
|
|
||||||
</item>
|
|
||||||
<item>
|
|
||||||
<descr>
|
|
||||||
Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
|
|
||||||
It can also be used to probe for information about your internal networks. These functions come enabled
|
|
||||||
as part of the standard FreeBSD core system.
|
|
||||||
</descr>
|
|
||||||
<tunable>net.inet.ip.sourceroute</tunable>
|
|
||||||
<value>default</value>
|
|
||||||
</item>
|
|
||||||
<item>
|
|
||||||
<descr>
|
|
||||||
Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
|
|
||||||
It can also be used to probe for information about your internal networks. These functions come enabled
|
|
||||||
as part of the standard FreeBSD core system.
|
|
||||||
</descr>
|
|
||||||
<tunable>net.inet.ip.accept_sourceroute</tunable>
|
|
||||||
<value>default</value>
|
|
||||||
</item>
|
|
||||||
<item>
|
|
||||||
<descr>
|
|
||||||
Redirect attacks are the purposeful mass-issuing of ICMP type 5 packets. In a normal network, redirects
|
|
||||||
to the end stations should not be required. This option enables the NIC to drop all inbound ICMP redirect
|
|
||||||
packets without returning a response.
|
|
||||||
</descr>
|
|
||||||
<tunable>net.inet.icmp.drop_redirect</tunable>
|
|
||||||
<value>default</value>
|
|
||||||
</item>
|
|
||||||
<item>
|
|
||||||
<descr>
|
|
||||||
This option turns off the logging of redirect packets because there is no limit and this could fill
|
|
||||||
up your logs consuming your whole hard drive.
|
|
||||||
</descr>
|
|
||||||
<tunable>net.inet.icmp.log_redirect</tunable>
|
|
||||||
<value>default</value>
|
|
||||||
</item>
|
|
||||||
<item>
|
|
||||||
<descr>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</descr>
|
|
||||||
<tunable>net.inet.tcp.drop_synfin</tunable>
|
|
||||||
<value>default</value>
|
|
||||||
</item>
|
|
||||||
<item>
|
|
||||||
<descr>Enable sending IPv4 redirects</descr>
|
|
||||||
<tunable>net.inet.ip.redirect</tunable>
|
|
||||||
<value>default</value>
|
|
||||||
</item>
|
|
||||||
<item>
|
|
||||||
<descr>Enable sending IPv6 redirects</descr>
|
|
||||||
<tunable>net.inet6.ip6.redirect</tunable>
|
|
||||||
<value>default</value>
|
|
||||||
</item>
|
|
||||||
<item>
|
|
||||||
<descr>Enable privacy settings for IPv6 (RFC 4941)</descr>
|
|
||||||
<tunable>net.inet6.ip6.use_tempaddr</tunable>
|
|
||||||
<value>default</value>
|
|
||||||
</item>
|
|
||||||
<item>
|
|
||||||
<descr>Prefer privacy addresses and use them over the normal addresses</descr>
|
|
||||||
<tunable>net.inet6.ip6.prefer_tempaddr</tunable>
|
|
||||||
<value>default</value>
|
|
||||||
</item>
|
|
||||||
<item>
|
|
||||||
<descr>Generate SYN cookies for outbound SYN-ACK packets</descr>
|
|
||||||
<tunable>net.inet.tcp.syncookies</tunable>
|
|
||||||
<value>default</value>
|
|
||||||
</item>
|
|
||||||
<item>
|
|
||||||
<descr>Maximum incoming/outgoing TCP datagram size (receive)</descr>
|
|
||||||
<tunable>net.inet.tcp.recvspace</tunable>
|
|
||||||
<value>default</value>
|
|
||||||
</item>
|
|
||||||
<item>
|
|
||||||
<descr>Maximum incoming/outgoing TCP datagram size (send)</descr>
|
|
||||||
<tunable>net.inet.tcp.sendspace</tunable>
|
|
||||||
<value>default</value>
|
|
||||||
</item>
|
|
||||||
<item>
|
|
||||||
<descr>Do not delay ACK to try and piggyback it onto a data packet</descr>
|
|
||||||
<tunable>net.inet.tcp.delayed_ack</tunable>
|
|
||||||
<value>default</value>
|
|
||||||
</item>
|
|
||||||
<item>
|
|
||||||
<descr>Maximum outgoing UDP datagram size</descr>
|
|
||||||
<tunable>net.inet.udp.maxdgram</tunable>
|
|
||||||
<value>default</value>
|
|
||||||
</item>
|
|
||||||
<item>
|
|
||||||
<descr>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</descr>
|
|
||||||
<tunable>net.link.bridge.pfil_onlyip</tunable>
|
|
||||||
<value>default</value>
|
|
||||||
</item>
|
|
||||||
<item>
|
|
||||||
<descr>Set to 1 to additionally filter on the physical interface for locally destined packets</descr>
|
|
||||||
<tunable>net.link.bridge.pfil_local_phys</tunable>
|
|
||||||
<value>default</value>
|
|
||||||
</item>
|
|
||||||
<item>
|
|
||||||
<descr>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</descr>
|
|
||||||
<tunable>net.link.bridge.pfil_member</tunable>
|
|
||||||
<value>default</value>
|
|
||||||
</item>
|
|
||||||
<item>
|
|
||||||
<descr>Set to 1 to enable filtering on the bridge interface</descr>
|
|
||||||
<tunable>net.link.bridge.pfil_bridge</tunable>
|
|
||||||
<value>default</value>
|
|
||||||
</item>
|
|
||||||
<item>
|
|
||||||
<descr>Allow unprivileged access to tap(4) device nodes</descr>
|
|
||||||
<tunable>net.link.tap.user_open</tunable>
|
|
||||||
<value>default</value>
|
|
||||||
</item>
|
|
||||||
<item>
|
|
||||||
<descr>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</descr>
|
|
||||||
<tunable>kern.randompid</tunable>
|
|
||||||
<value>default</value>
|
|
||||||
</item>
|
|
||||||
<item>
|
|
||||||
<descr>Maximum size of the IP input queue</descr>
|
|
||||||
<tunable>net.inet.ip.intr_queue_maxlen</tunable>
|
|
||||||
<value>default</value>
|
|
||||||
</item>
|
|
||||||
<item>
|
|
||||||
<descr>Disable CTRL+ALT+Delete reboot from keyboard.</descr>
|
|
||||||
<tunable>hw.syscons.kbd_reboot</tunable>
|
|
||||||
<value>default</value>
|
|
||||||
</item>
|
|
||||||
<item>
|
|
||||||
<descr>Enable TCP extended debugging</descr>
|
|
||||||
<tunable>net.inet.tcp.log_debug</tunable>
|
|
||||||
<value>default</value>
|
|
||||||
</item>
|
|
||||||
<item>
|
|
||||||
<descr>Set ICMP Limits</descr>
|
|
||||||
<tunable>net.inet.icmp.icmplim</tunable>
|
|
||||||
<value>default</value>
|
|
||||||
</item>
|
|
||||||
<item>
|
|
||||||
<descr>TCP Offload Engine</descr>
|
|
||||||
<tunable>net.inet.tcp.tso</tunable>
|
|
||||||
<value>default</value>
|
|
||||||
</item>
|
|
||||||
<item>
|
|
||||||
<descr>UDP Checksums</descr>
|
|
||||||
<tunable>net.inet.udp.checksum</tunable>
|
|
||||||
<value>default</value>
|
|
||||||
</item>
|
|
||||||
<item>
|
|
||||||
<descr>Maximum socket buffer size</descr>
|
|
||||||
<tunable>kern.ipc.maxsockbuf</tunable>
|
|
||||||
<value>default</value>
|
|
||||||
</item>
|
|
||||||
</sysctl>
|
|
||||||
<system>
|
|
||||||
<optimization>normal</optimization>
|
|
||||||
<hostname>ovh-core-rtr01</hostname>
|
|
||||||
<domain>turnsys.net</domain>
|
|
||||||
<group>
|
|
||||||
<name>admins</name>
|
|
||||||
<description>System Administrators</description>
|
|
||||||
<scope>system</scope>
|
|
||||||
<gid>1999</gid>
|
|
||||||
<member>0</member>
|
|
||||||
<priv>user-shell-access</priv>
|
|
||||||
<priv>page-all</priv>
|
|
||||||
</group>
|
|
||||||
<user>
|
|
||||||
<name>root</name>
|
|
||||||
<descr>System Administrator</descr>
|
|
||||||
<scope>system</scope>
|
|
||||||
<groupname>admins</groupname>
|
|
||||||
<password>$2b$10$k7UpLMTFYZHVQqDpnlXr1.tMDVslyuzDVWfvMg9.MNwC1SydPyxoy</password>
|
|
||||||
<uid>0</uid>
|
|
||||||
<expires/>
|
|
||||||
<authorizedkeys>c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCQVFDL0xZSGo0TTh2UGJncmlDaXhnRXBiMFFwdUpNT2Z5c29VOEc2U1ZyWUQ2b21oYWFkam1ITUY1YStRNTdYRVUyQU8vTlNQWnI2TFRrdTNuUlY4anV5OFhVS1U4MzYrRVhaMkhJQnBMNVVmS3ptd2pyMERPdGFMTngva0lFa1ZEL21CeGhGSDRBWGlVVXZkZmpCZDZOdlNPcGJVWllocFo4RGRFTTdCeFZpT3YzV0FxZjd5Q1FJZGcxNWI4bUdkbmduemNzK2l6VWllKytzL09IMUpxZ21MVUhQM0F4VHE0WUVSS045azJCeU50UjdPNlBHZytHdlR1a1U3Z25tbE1abXFLb3dFWUVFMkREZGRtU2t2ZVpqUkdlbTRaVHFFdTkwNHBETWR2cXRPNVNiZUNMdSs2aUFsUy9hOThhVlBiaWMwaU90TXBFd3Y5dnpUaXBUbWE1NGwgam9zZWZjdWJAc2xlaXBuaXINCnNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ281VDBGRVVLb1lheFJoanM5eVd6S3RFeVh1S0p2VFdvbHJ5RDM5NWVxeUJKMHhPeGJrWEorOEVNd0t0V002Tlc1cWFxV2JUMkpKL1Z6T0ljb1lteEF1Kytxd1NXT2Vza1ZyK0Z4UHIyeXBhV0Q5OG5KeStDcFo5Uk42UHc2S2lrSGFreXF6U1VXS1hkb3ZXaVRwZHpxUk8rajBMbUptZ1VpVDNOc2g0MmV5YnZ0L1Q3Sk1rVkc0Vytqb1JYK0RDUzRVSVJSUWdNUkQ0VHFCUS9qcjltN1ZzMGFKbjFsZmxnc3Byc2FjZ29nK3NIbEV6aXR3d2NScU1OcHA1Sm0wRGZoajZQcUF2c2dLSllXT09NRlZvd3ZHc3FuUTl3cUpvNUFsbGxiVEdWMVJIZUlCTzNmUlJVOFVkOVRQQTNBZngxNi9hcGYxbmtMaFY4UVg5bUl4RVdwIGNoYXJsZXNAbGl2aW5ncm9vbQ==</authorizedkeys>
|
|
||||||
<ipsecpsk/>
|
|
||||||
<otp_seed/>
|
|
||||||
</user>
|
|
||||||
<nextuid>2000</nextuid>
|
|
||||||
<nextgid>2000</nextgid>
|
|
||||||
<timezone>America/Chicago</timezone>
|
|
||||||
<timeservers>0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org</timeservers>
|
|
||||||
<webgui>
|
|
||||||
<protocol>http</protocol>
|
|
||||||
<ssl-certref>5acd29581b4ba</ssl-certref>
|
|
||||||
<port/>
|
|
||||||
<ssl-ciphers/>
|
|
||||||
<interfaces/>
|
|
||||||
<compression/>
|
|
||||||
</webgui>
|
|
||||||
<disablenatreflection>yes</disablenatreflection>
|
|
||||||
<usevirtualterminal>1</usevirtualterminal>
|
|
||||||
<disableconsolemenu>1</disableconsolemenu>
|
|
||||||
<disablechecksumoffloading>1</disablechecksumoffloading>
|
|
||||||
<disablesegmentationoffloading>1</disablesegmentationoffloading>
|
|
||||||
<disablelargereceiveoffloading>1</disablelargereceiveoffloading>
|
|
||||||
<ipv6allow>1</ipv6allow>
|
|
||||||
<powerd_ac_mode>hadp</powerd_ac_mode>
|
|
||||||
<powerd_battery_mode>hadp</powerd_battery_mode>
|
|
||||||
<powerd_normal_mode>hadp</powerd_normal_mode>
|
|
||||||
<bogons>
|
|
||||||
<interval>monthly</interval>
|
|
||||||
</bogons>
|
|
||||||
<kill_states>1</kill_states>
|
|
||||||
<backupcount>60</backupcount>
|
|
||||||
<crypto_hardware>aesni</crypto_hardware>
|
|
||||||
<pf_share_forward>1</pf_share_forward>
|
|
||||||
<lb_use_sticky>1</lb_use_sticky>
|
|
||||||
<language>en_US</language>
|
|
||||||
<dnsserver>10.253.3.201</dnsserver>
|
|
||||||
<dnsserver>8.8.8.8</dnsserver>
|
|
||||||
<dnsserver>8.8.4.4</dnsserver>
|
|
||||||
<serialspeed>115200</serialspeed>
|
|
||||||
<primaryconsole>video</primaryconsole>
|
|
||||||
<ssh>
|
|
||||||
<noauto>1</noauto>
|
|
||||||
<interfaces>lan,opt1</interfaces>
|
|
||||||
<enabled>enabled</enabled>
|
|
||||||
<permitrootlogin>1</permitrootlogin>
|
|
||||||
</ssh>
|
|
||||||
<rulesetoptimization>basic</rulesetoptimization>
|
|
||||||
<maximumstates/>
|
|
||||||
<maximumfrags/>
|
|
||||||
<aliasesresolveinterval/>
|
|
||||||
<maximumtableentries/>
|
|
||||||
<dns1gw>none</dns1gw>
|
|
||||||
<dns2gw>none</dns2gw>
|
|
||||||
<dns3gw>none</dns3gw>
|
|
||||||
<dns4gw>none</dns4gw>
|
|
||||||
<dns5gw>none</dns5gw>
|
|
||||||
<dns6gw>none</dns6gw>
|
|
||||||
<dns7gw>none</dns7gw>
|
|
||||||
<dns8gw>none</dns8gw>
|
|
||||||
</system>
|
|
||||||
<interfaces>
|
|
||||||
<wan>
|
|
||||||
<if>em0</if>
|
|
||||||
<descr>WAN</descr>
|
|
||||||
<enable>1</enable>
|
|
||||||
<spoofmac/>
|
|
||||||
<blockpriv>1</blockpriv>
|
|
||||||
<blockbogons>1</blockbogons>
|
|
||||||
<ipaddr>158.69.183.161</ipaddr>
|
|
||||||
<subnet>29</subnet>
|
|
||||||
<gateway>GW_WAN</gateway>
|
|
||||||
<ipaddrv6/>
|
|
||||||
<subnetv6/>
|
|
||||||
<gatewayv6/>
|
|
||||||
</wan>
|
|
||||||
<lan>
|
|
||||||
<if>vtnet0</if>
|
|
||||||
<descr>TSYS</descr>
|
|
||||||
<enable>1</enable>
|
|
||||||
<spoofmac/>
|
|
||||||
<ipaddr>10.253.9.252</ipaddr>
|
|
||||||
<subnet>24</subnet>
|
|
||||||
<gateway/>
|
|
||||||
<ipaddrv6/>
|
|
||||||
<subnetv6/>
|
|
||||||
<gatewayv6/>
|
|
||||||
</lan>
|
|
||||||
<opt1>
|
|
||||||
<if>vtnet1</if>
|
|
||||||
<descr>mgmt</descr>
|
|
||||||
<enable>1</enable>
|
|
||||||
<spoofmac/>
|
|
||||||
<ipaddr>10.253.3.252</ipaddr>
|
|
||||||
<subnet>24</subnet>
|
|
||||||
<gateway/>
|
|
||||||
<ipaddrv6/>
|
|
||||||
<subnetv6/>
|
|
||||||
<gatewayv6/>
|
|
||||||
</opt1>
|
|
||||||
<openvpn>
|
|
||||||
<internal_dynamic>1</internal_dynamic>
|
|
||||||
<enable>1</enable>
|
|
||||||
<if>openvpn</if>
|
|
||||||
<descr>OpenVPN</descr>
|
|
||||||
<type>group</type>
|
|
||||||
<virtual>1</virtual>
|
|
||||||
</openvpn>
|
|
||||||
</interfaces>
|
|
||||||
<dhcpd>
|
|
||||||
<lan>
|
|
||||||
<numberoptions/>
|
|
||||||
<range>
|
|
||||||
<from>10.253.9.10</from>
|
|
||||||
<to>10.253.9.244</to>
|
|
||||||
</range>
|
|
||||||
</lan>
|
|
||||||
</dhcpd>
|
|
||||||
<unbound>
|
|
||||||
<enable>on</enable>
|
|
||||||
</unbound>
|
|
||||||
<snmpd>
|
|
||||||
<syslocation/>
|
|
||||||
<syscontact/>
|
|
||||||
<rocommunity>public</rocommunity>
|
|
||||||
</snmpd>
|
|
||||||
<syslog>
|
|
||||||
<reverse/>
|
|
||||||
</syslog>
|
|
||||||
<nat>
|
|
||||||
<outbound>
|
|
||||||
<mode>automatic</mode>
|
|
||||||
</outbound>
|
|
||||||
<rule>
|
|
||||||
<protocol>tcp</protocol>
|
|
||||||
<interface>wan</interface>
|
|
||||||
<ipprotocol>inet</ipprotocol>
|
|
||||||
<descr>Allow HTTP to tsys-cloud-www</descr>
|
|
||||||
<tag/>
|
|
||||||
<tagged/>
|
|
||||||
<poolopts/>
|
|
||||||
<associated-rule-id>pass</associated-rule-id>
|
|
||||||
<target>10.253.9.80</target>
|
|
||||||
<local-port>80</local-port>
|
|
||||||
<source>
|
|
||||||
<any>1</any>
|
|
||||||
</source>
|
|
||||||
<destination>
|
|
||||||
<address>158.69.183.163</address>
|
|
||||||
<port>80</port>
|
|
||||||
</destination>
|
|
||||||
<updated>
|
|
||||||
<username>root@10.251.100.101</username>
|
|
||||||
<time>1523418308.4677</time>
|
|
||||||
<description>/firewall_nat_edit.php made changes</description>
|
|
||||||
</updated>
|
|
||||||
<created>
|
|
||||||
<username>root@10.40.50.77</username>
|
|
||||||
<time>1523415475.9344</time>
|
|
||||||
<description>/firewall_nat_edit.php made changes</description>
|
|
||||||
</created>
|
|
||||||
</rule>
|
|
||||||
<rule>
|
|
||||||
<protocol>tcp</protocol>
|
|
||||||
<interface>wan</interface>
|
|
||||||
<ipprotocol>inet</ipprotocol>
|
|
||||||
<descr>Allow HTTPS to tsys-cloud-www</descr>
|
|
||||||
<tag/>
|
|
||||||
<tagged/>
|
|
||||||
<poolopts/>
|
|
||||||
<associated-rule-id>pass</associated-rule-id>
|
|
||||||
<target>10.253.9.80</target>
|
|
||||||
<local-port>443</local-port>
|
|
||||||
<source>
|
|
||||||
<any>1</any>
|
|
||||||
</source>
|
|
||||||
<destination>
|
|
||||||
<address>158.69.183.163</address>
|
|
||||||
<port>443</port>
|
|
||||||
</destination>
|
|
||||||
<updated>
|
|
||||||
<username>root@10.251.100.101</username>
|
|
||||||
<time>1523418287.4024</time>
|
|
||||||
<description>/firewall_nat_edit.php made changes</description>
|
|
||||||
</updated>
|
|
||||||
<created>
|
|
||||||
<username>root@10.40.50.77</username>
|
|
||||||
<time>1523415559.6905</time>
|
|
||||||
<description>/firewall_nat_edit.php made changes</description>
|
|
||||||
</created>
|
|
||||||
</rule>
|
|
||||||
</nat>
|
|
||||||
<filter>
|
|
||||||
<rule>
|
|
||||||
<type>pass</type>
|
|
||||||
<interface>wan</interface>
|
|
||||||
<ipprotocol>inet</ipprotocol>
|
|
||||||
<statetype>keep state</statetype>
|
|
||||||
<protocol>tcp</protocol>
|
|
||||||
<source>
|
|
||||||
<any>1</any>
|
|
||||||
</source>
|
|
||||||
<destination>
|
|
||||||
<address>158.69.183.163</address>
|
|
||||||
<port>443</port>
|
|
||||||
</destination>
|
|
||||||
<updated>
|
|
||||||
<username>root@10.251.100.101</username>
|
|
||||||
<time>1523416403.3059</time>
|
|
||||||
<description>/firewall_rules_edit.php made changes</description>
|
|
||||||
</updated>
|
|
||||||
<created>
|
|
||||||
<username>root@10.251.100.101</username>
|
|
||||||
<time>1523416403.3059</time>
|
|
||||||
<description>/firewall_rules_edit.php made changes</description>
|
|
||||||
</created>
|
|
||||||
</rule>
|
|
||||||
<rule>
|
|
||||||
<type>pass</type>
|
|
||||||
<interface>wan</interface>
|
|
||||||
<ipprotocol>inet</ipprotocol>
|
|
||||||
<statetype>keep state</statetype>
|
|
||||||
<protocol>tcp</protocol>
|
|
||||||
<source>
|
|
||||||
<any>1</any>
|
|
||||||
</source>
|
|
||||||
<destination>
|
|
||||||
<address>158.69.183.163</address>
|
|
||||||
<port>80</port>
|
|
||||||
</destination>
|
|
||||||
<updated>
|
|
||||||
<username>root@10.251.100.101</username>
|
|
||||||
<time>1523416435.3134</time>
|
|
||||||
<description>/firewall_rules_edit.php made changes</description>
|
|
||||||
</updated>
|
|
||||||
<created>
|
|
||||||
<username>root@10.251.100.101</username>
|
|
||||||
<time>1523416435.3134</time>
|
|
||||||
<description>/firewall_rules_edit.php made changes</description>
|
|
||||||
</created>
|
|
||||||
</rule>
|
|
||||||
<rule>
|
|
||||||
<type>pass</type>
|
|
||||||
<ipprotocol>inet</ipprotocol>
|
|
||||||
<descr>Default allow LAN to any rule</descr>
|
|
||||||
<interface>lan</interface>
|
|
||||||
<source>
|
|
||||||
<network>lan</network>
|
|
||||||
</source>
|
|
||||||
<destination>
|
|
||||||
<any/>
|
|
||||||
</destination>
|
|
||||||
</rule>
|
|
||||||
<rule>
|
|
||||||
<type>pass</type>
|
|
||||||
<ipprotocol>inet6</ipprotocol>
|
|
||||||
<descr>Default allow LAN IPv6 to any rule</descr>
|
|
||||||
<interface>lan</interface>
|
|
||||||
<source>
|
|
||||||
<network>lan</network>
|
|
||||||
</source>
|
|
||||||
<destination>
|
|
||||||
<any/>
|
|
||||||
</destination>
|
|
||||||
</rule>
|
|
||||||
<rule>
|
|
||||||
<type>pass</type>
|
|
||||||
<interface>openvpn</interface>
|
|
||||||
<ipprotocol>inet</ipprotocol>
|
|
||||||
<statetype>keep state</statetype>
|
|
||||||
<source>
|
|
||||||
<any>1</any>
|
|
||||||
</source>
|
|
||||||
<destination>
|
|
||||||
<any>1</any>
|
|
||||||
</destination>
|
|
||||||
<updated>
|
|
||||||
<username>root@10.253.9.2</username>
|
|
||||||
<time>1523403486.057</time>
|
|
||||||
<description>/firewall_rules_edit.php made changes</description>
|
|
||||||
</updated>
|
|
||||||
<created>
|
|
||||||
<username>root@10.253.9.2</username>
|
|
||||||
<time>1523403486.057</time>
|
|
||||||
<description>/firewall_rules_edit.php made changes</description>
|
|
||||||
</created>
|
|
||||||
</rule>
|
|
||||||
<rule>
|
|
||||||
<type>pass</type>
|
|
||||||
<interface>opt1</interface>
|
|
||||||
<ipprotocol>inet6</ipprotocol>
|
|
||||||
<statetype>keep state</statetype>
|
|
||||||
<descr>Default allow LAN IPv6 to any rule</descr>
|
|
||||||
<source>
|
|
||||||
<network>opt1</network>
|
|
||||||
</source>
|
|
||||||
<destination>
|
|
||||||
<any>1</any>
|
|
||||||
</destination>
|
|
||||||
<updated>
|
|
||||||
<username>root@10.40.50.77</username>
|
|
||||||
<time>1523484939.8032</time>
|
|
||||||
<description>/firewall_rules_edit.php made changes</description>
|
|
||||||
</updated>
|
|
||||||
<created>
|
|
||||||
<username>root@10.40.50.77</username>
|
|
||||||
<time>1523484939.8032</time>
|
|
||||||
<description>/firewall_rules_edit.php made changes</description>
|
|
||||||
</created>
|
|
||||||
</rule>
|
|
||||||
<rule>
|
|
||||||
<type>pass</type>
|
|
||||||
<interface>opt1</interface>
|
|
||||||
<ipprotocol>inet</ipprotocol>
|
|
||||||
<statetype>keep state</statetype>
|
|
||||||
<descr>Default allow LAN to any rule</descr>
|
|
||||||
<source>
|
|
||||||
<network>opt1</network>
|
|
||||||
</source>
|
|
||||||
<destination>
|
|
||||||
<any>1</any>
|
|
||||||
</destination>
|
|
||||||
<updated>
|
|
||||||
<username>root@10.40.50.77</username>
|
|
||||||
<time>1523484915.9788</time>
|
|
||||||
<description>/firewall_rules_edit.php made changes</description>
|
|
||||||
</updated>
|
|
||||||
<created>
|
|
||||||
<username>root@10.40.50.77</username>
|
|
||||||
<time>1523484915.9788</time>
|
|
||||||
<description>/firewall_rules_edit.php made changes</description>
|
|
||||||
</created>
|
|
||||||
</rule>
|
|
||||||
<rule>
|
|
||||||
<type>pass</type>
|
|
||||||
<interface>opt1</interface>
|
|
||||||
<ipprotocol>inet</ipprotocol>
|
|
||||||
<statetype>keep state</statetype>
|
|
||||||
<descr>Allow traffic to management VLAN</descr>
|
|
||||||
<source>
|
|
||||||
<any>1</any>
|
|
||||||
</source>
|
|
||||||
<destination>
|
|
||||||
<any>1</any>
|
|
||||||
</destination>
|
|
||||||
<updated>
|
|
||||||
<username>root@10.40.50.77</username>
|
|
||||||
<time>1523479299.9205</time>
|
|
||||||
<description>/firewall_rules_edit.php made changes</description>
|
|
||||||
</updated>
|
|
||||||
<created>
|
|
||||||
<username>root@10.40.50.77</username>
|
|
||||||
<time>1523478607.6733</time>
|
|
||||||
<description>/firewall_rules_edit.php made changes</description>
|
|
||||||
</created>
|
|
||||||
</rule>
|
|
||||||
</filter>
|
|
||||||
<rrd>
|
|
||||||
<enable/>
|
|
||||||
</rrd>
|
|
||||||
<load_balancer>
|
|
||||||
<monitor_type>
|
|
||||||
<name>ICMP</name>
|
|
||||||
<type>icmp</type>
|
|
||||||
<descr>ICMP</descr>
|
|
||||||
<options/>
|
|
||||||
</monitor_type>
|
|
||||||
<monitor_type>
|
|
||||||
<name>TCP</name>
|
|
||||||
<type>tcp</type>
|
|
||||||
<descr>Generic TCP</descr>
|
|
||||||
<options/>
|
|
||||||
</monitor_type>
|
|
||||||
<monitor_type>
|
|
||||||
<name>HTTP</name>
|
|
||||||
<type>http</type>
|
|
||||||
<descr>Generic HTTP</descr>
|
|
||||||
<options>
|
|
||||||
<path>/</path>
|
|
||||||
<host/>
|
|
||||||
<code>200</code>
|
|
||||||
</options>
|
|
||||||
</monitor_type>
|
|
||||||
<monitor_type>
|
|
||||||
<name>HTTPS</name>
|
|
||||||
<type>https</type>
|
|
||||||
<descr>Generic HTTPS</descr>
|
|
||||||
<options>
|
|
||||||
<path>/</path>
|
|
||||||
<host/>
|
|
||||||
<code>200</code>
|
|
||||||
</options>
|
|
||||||
</monitor_type>
|
|
||||||
<monitor_type>
|
|
||||||
<name>SMTP</name>
|
|
||||||
<type>send</type>
|
|
||||||
<descr>Generic SMTP</descr>
|
|
||||||
<options>
|
|
||||||
<send/>
|
|
||||||
<expect>220 *</expect>
|
|
||||||
</options>
|
|
||||||
</monitor_type>
|
|
||||||
</load_balancer>
|
|
||||||
<ntpd>
|
|
||||||
<prefer>0.opnsense.pool.ntp.org</prefer>
|
|
||||||
</ntpd>
|
|
||||||
<widgets>
|
|
||||||
<sequence>system_information-container:00000000-col3:show,services_status-container:00000001-col4:show,gateways-container:00000002-col4:show,interface_list-container:00000003-col4:show</sequence>
|
|
||||||
<column_count>2</column_count>
|
|
||||||
</widgets>
|
|
||||||
<revision>
|
|
||||||
<username>root@10.40.50.77</username>
|
|
||||||
<time>1523486151.3622</time>
|
|
||||||
<description>/firewall_virtual_ip_edit.php made changes</description>
|
|
||||||
</revision>
|
|
||||||
<OPNsense>
|
|
||||||
<captiveportal version="1.0.0">
|
|
||||||
<zones/>
|
|
||||||
<templates/>
|
|
||||||
</captiveportal>
|
|
||||||
<cron version="1.0.0">
|
|
||||||
<jobs/>
|
|
||||||
</cron>
|
|
||||||
<Netflow version="1.0.0">
|
|
||||||
<capture>
|
|
||||||
<interfaces/>
|
|
||||||
<egress_only>wan</egress_only>
|
|
||||||
<version>v9</version>
|
|
||||||
<targets/>
|
|
||||||
</capture>
|
|
||||||
<collect>
|
|
||||||
<enable>0</enable>
|
|
||||||
</collect>
|
|
||||||
</Netflow>
|
|
||||||
<IDS version="1.0.1">
|
|
||||||
<rules/>
|
|
||||||
<userDefinedRules/>
|
|
||||||
<files/>
|
|
||||||
<fileTags/>
|
|
||||||
<general>
|
|
||||||
<enabled>0</enabled>
|
|
||||||
<ips>0</ips>
|
|
||||||
<promisc>0</promisc>
|
|
||||||
<interfaces>wan</interfaces>
|
|
||||||
<homenet>192.168.0.0/16,10.0.0.0/8,172.16.0.0/12</homenet>
|
|
||||||
<defaultPacketSize/>
|
|
||||||
<UpdateCron/>
|
|
||||||
<AlertLogrotate>W0D23</AlertLogrotate>
|
|
||||||
<AlertSaveLogs>4</AlertSaveLogs>
|
|
||||||
<MPMAlgo>ac</MPMAlgo>
|
|
||||||
<syslog>0</syslog>
|
|
||||||
<LogPayload>0</LogPayload>
|
|
||||||
</general>
|
|
||||||
</IDS>
|
|
||||||
<proxy version="1.0.0">
|
|
||||||
<general>
|
|
||||||
<enabled>0</enabled>
|
|
||||||
<icpPort/>
|
|
||||||
<logging>
|
|
||||||
<enable>
|
|
||||||
<accessLog>1</accessLog>
|
|
||||||
<storeLog>1</storeLog>
|
|
||||||
</enable>
|
|
||||||
<ignoreLogACL/>
|
|
||||||
<target/>
|
|
||||||
</logging>
|
|
||||||
<alternateDNSservers/>
|
|
||||||
<dnsV4First>0</dnsV4First>
|
|
||||||
<forwardedForHandling>on</forwardedForHandling>
|
|
||||||
<uriWhitespaceHandling>strip</uriWhitespaceHandling>
|
|
||||||
<useViaHeader>1</useViaHeader>
|
|
||||||
<suppressVersion>0</suppressVersion>
|
|
||||||
<VisibleEmail>admin@localhost.local</VisibleEmail>
|
|
||||||
<VisibleHostname/>
|
|
||||||
<cache>
|
|
||||||
<local>
|
|
||||||
<enabled>0</enabled>
|
|
||||||
<directory>/var/squid/cache</directory>
|
|
||||||
<cache_mem>256</cache_mem>
|
|
||||||
<maximum_object_size/>
|
|
||||||
<size>100</size>
|
|
||||||
<l1>16</l1>
|
|
||||||
<l2>256</l2>
|
|
||||||
<cache_linux_packages>0</cache_linux_packages>
|
|
||||||
<cache_windows_updates>0</cache_windows_updates>
|
|
||||||
</local>
|
|
||||||
</cache>
|
|
||||||
<traffic>
|
|
||||||
<enabled>0</enabled>
|
|
||||||
<maxDownloadSize>2048</maxDownloadSize>
|
|
||||||
<maxUploadSize>1024</maxUploadSize>
|
|
||||||
<OverallBandwidthTrotteling>1024</OverallBandwidthTrotteling>
|
|
||||||
<perHostTrotteling>256</perHostTrotteling>
|
|
||||||
</traffic>
|
|
||||||
</general>
|
|
||||||
<forward>
|
|
||||||
<interfaces>lan</interfaces>
|
|
||||||
<port>3128</port>
|
|
||||||
<sslbumpport>3129</sslbumpport>
|
|
||||||
<sslbump>0</sslbump>
|
|
||||||
<sslurlonly>0</sslurlonly>
|
|
||||||
<sslcertificate/>
|
|
||||||
<sslnobumpsites/>
|
|
||||||
<ssl_crtd_storage_max_size>4</ssl_crtd_storage_max_size>
|
|
||||||
<sslcrtd_children>5</sslcrtd_children>
|
|
||||||
<ftpInterfaces/>
|
|
||||||
<ftpPort>2121</ftpPort>
|
|
||||||
<ftpTransparentMode>0</ftpTransparentMode>
|
|
||||||
<addACLforInterfaceSubnets>1</addACLforInterfaceSubnets>
|
|
||||||
<transparentMode>0</transparentMode>
|
|
||||||
<acl>
|
|
||||||
<allowedSubnets/>
|
|
||||||
<unrestricted/>
|
|
||||||
<bannedHosts/>
|
|
||||||
<whiteList/>
|
|
||||||
<blackList/>
|
|
||||||
<browser/>
|
|
||||||
<mimeType/>
|
|
||||||
<safePorts>80:http,21:ftp,443:https,70:gopher,210:wais,1025-65535:unregistered ports,280:http-mgmt,488:gss-http,591:filemaker,777:multiling http</safePorts>
|
|
||||||
<sslPorts>443:https</sslPorts>
|
|
||||||
<remoteACLs>
|
|
||||||
<blacklists/>
|
|
||||||
<UpdateCron/>
|
|
||||||
</remoteACLs>
|
|
||||||
</acl>
|
|
||||||
<icap>
|
|
||||||
<enable>0</enable>
|
|
||||||
<RequestURL>icap://[::1]:1344/avscan</RequestURL>
|
|
||||||
<ResponseURL>icap://[::1]:1344/avscan</ResponseURL>
|
|
||||||
<SendClientIP>1</SendClientIP>
|
|
||||||
<SendUsername>0</SendUsername>
|
|
||||||
<EncodeUsername>0</EncodeUsername>
|
|
||||||
<UsernameHeader>X-Username</UsernameHeader>
|
|
||||||
<EnablePreview>1</EnablePreview>
|
|
||||||
<PreviewSize>1024</PreviewSize>
|
|
||||||
<OptionsTTL>60</OptionsTTL>
|
|
||||||
<exclude/>
|
|
||||||
</icap>
|
|
||||||
<authentication>
|
|
||||||
<method/>
|
|
||||||
<realm>OPNsense proxy authentication</realm>
|
|
||||||
<credentialsttl>2</credentialsttl>
|
|
||||||
<children>5</children>
|
|
||||||
</authentication>
|
|
||||||
</forward>
|
|
||||||
</proxy>
|
|
||||||
<TrafficShaper version="1.0.1">
|
|
||||||
<pipes/>
|
|
||||||
<queues/>
|
|
||||||
<rules/>
|
|
||||||
</TrafficShaper>
|
|
||||||
<quagga>
|
|
||||||
<bgp version="0.0.0">
|
|
||||||
<enabled>1</enabled>
|
|
||||||
<asnumber>64522</asnumber>
|
|
||||||
<networks>10.253.9.0/24,10.253.3.0/24,192.168.194.0/30</networks>
|
|
||||||
<redistribute/>
|
|
||||||
<neighbors>
|
|
||||||
<neighbor uuid="e56fc4ba-e5c4-48d6-8219-69250f2b8222">
|
|
||||||
<enabled>1</enabled>
|
|
||||||
<address>192.168.194.1</address>
|
|
||||||
<remoteas>64517</remoteas>
|
|
||||||
<updatesource>openvpn</updatesource>
|
|
||||||
<nexthopself>0</nexthopself>
|
|
||||||
<defaultoriginate>0</defaultoriginate>
|
|
||||||
<linkedPrefixlistIn/>
|
|
||||||
<linkedPrefixlistOut/>
|
|
||||||
<linkedRoutemapIn/>
|
|
||||||
<linkedRoutemapOut/>
|
|
||||||
</neighbor>
|
|
||||||
</neighbors>
|
|
||||||
<aspaths/>
|
|
||||||
<prefixlists/>
|
|
||||||
<routemaps/>
|
|
||||||
</bgp>
|
|
||||||
<general version="0.0.0">
|
|
||||||
<enabled>1</enabled>
|
|
||||||
<enablelogfile>0</enablelogfile>
|
|
||||||
<logfilelevel>notifications</logfilelevel>
|
|
||||||
<enablesyslog>0</enablesyslog>
|
|
||||||
<sysloglevel>notifications</sysloglevel>
|
|
||||||
</general>
|
|
||||||
</quagga>
|
|
||||||
</OPNsense>
|
|
||||||
<cert>
|
|
||||||
<refid>5acd29581b4ba</refid>
|
|
||||||
<descr>Web GUI SSL certificate</descr>
|
|
||||||
<crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZiekNDQTFlZ0F3SUJBZ0lKQUlNTlZ4N1QzSWM3TUEwR0NTcUdTSWIzRFFFQkN3VUFNRTR4Q3pBSkJnTlYKQkFZVEFrNU1NUlV3RXdZRFZRUUlEQXhhZFdsa0xVaHZiR3hoYm1ReEZUQVRCZ05WQkFjTURFMXBaR1JsYkdoaApjbTVwY3pFUk1BOEdBMVVFQ2d3SVQxQk9jMlZ1YzJVd0hoY05NVGd3TkRFd01qRXhOVEEwV2hjTk1Ua3dOREV3Ck1qRXhOVEEwV2pCT01Rc3dDUVlEVlFRR0V3Sk9UREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXcKRXdZRFZRUUhEQXhOYVdSa1pXeG9ZWEp1YVhNeEVUQVBCZ05WQkFvTUNFOVFUbk5sYm5ObE1JSUNJakFOQmdrcQpoa2lHOXcwQkFRRUZBQU9DQWc4QU1JSUNDZ0tDQWdFQTFiaDZkSEdTZkRSZU55YzhGbis2b0dEa3ltbmp6YWhCCkM4Z1JpWDMwWWR3SVBYcWhpYllLQmdkWVFZZDRoNGgzWERPelllMmxZZVRVYUVaZkRsVkxqV2FyL0hMYW5HODMKQW04eE9MdXdwQmdGc0lNTGZUR0FEcUJDd1BaMDlnU0UwT0t1dkdFUGoyNkg4eWhNeDNXT2VvVGJ2RENKMVdCYgpvQjFSTDJmVG1GbkdxMTZTSTJpVDc2VndBM3BUQXlFb1pmRllmeGRMSTBpbmp5dnU3aWNCQVBNU09pWXowbVJXClVZZDNHKzUrcmI0QkVkSXl3TGpDRzd2SjdYQTJlWXJlZTY3YlpTeTVqNVc0eXpjTFJNbkZzZGMrb1EwR3dJanIKVFowQzYvZWowUWpWbE5ERFNQaGM0dkJaZ2xWMTJlL3FtekN0MnNPYzVxS3Zyc1JtckNGL3RSelV5cU9ZaGt2eAp2c0huODVnTmswS05YbEkwUGNWM2NhTWo0RlJVNXI3clpEb0hnTi9UTFpFaUVmVUJXMFlJM25FSUZrY3VyVngyCm5KNWNxWjBZK1NiSk1BZzVPYUhWcTZxRWhsdEExa1BvQWllcXBhQjdzb2lDT0hQZ08rQ09YNUlCK1FMM2h2dmMKMHc0YUplNEErS0ROS21ReVRpQ21JYXdrU0l0V2Fka1lUMFNnVjVnMUJKYnRQdnJKZytOM1dpN3dKdkxqOXVnZQovVWx0V3VPeXM3eXQyWDRIbFdWQXdUSC9XMEN3enVaUXpsbk02ODJHdThacGxMWGt6OU1DVFRkbm5oQnErRXllCnJrM3lONk4zRWZSMTN2T2lyM1VWcEVVVkVvSm9sRERGNERpMDQxR3BWU25xVFVBeUs2aGQxQVpFYXVVd1RyeUkKSDZtMWwrVUIvdHNDQXdFQUFhTlFNRTR3SFFZRFZSME9CQllFRlA3OWZLUU5sM0VWaGdLdm8xOFNqd3NGWDBjcgpNQjhHQTFVZEl3UVlNQmFBRlA3OWZLUU5sM0VWaGdLdm8xOFNqd3NGWDBjck1Bd0dBMVVkRXdRRk1BTUJBZjh3CkRRWUpLb1pJaHZjTkFRRUxCUUFEZ2dJQkFGZ245NlYrMEhqRlFtaEd5RDZBM1lXenByaitiZkd1RWZCcmZhcUMKbVd2NTM4TVlTOEE2MWswMEhOZjZoZUZISUpWSzI1akN6dXZDMC8rZmJGRForZmtkcllNUFNjNzBOQm9oOFJnaApxTDNoOW9KenR4bEVCbkc2Z3lQdG1ISDVYbW1mZmYzWTU0U0ljT0x0c3BTWlNUVDlMbUpNcm4wNmhRbE5Cd3Z3Cm1XWXBqTklMRWJSN1BWN3ZtZjQ3MW1OTmVqczZSK2Y2Z2RpMDdCcVl6YVppWldsdGZFb2FsNk5qRFRUUUhTdEUKcVlVSGpXWHZGU0g5SVRjdzN3QVRjdGVZVW8rOFI1dWEvNmhMUEViMERUeUo3Y0FuZDFjNVpwK1lEUzRDcDd2dgowdVFybDliNWtKdWYrWDUzL3lMMmNMK1dDdFJsU0tKOW9kV1NzRlRqLzhLUTBWNUJOcGFqcnE2dnp2c2FVaTNqCkk2Z0dFVlphak9YQVdYdmxhWDdLQXduSi9EZzVmUmFXT0oxTmpuSFZibFNsbWRPdWh3cHVJM0cyc3hsaDIxa28KQkZiOVo0V3ZoODBEWXBxQnRScEFpRDRaMGVkOCtLelkzQ0NyQzBOS1pUVjhPbFRmRWZlSzdxNzRDbmMyQmJhSwp5UUI2SlVlRVU1VVd5K1paQkNrM2kzN3dBcmhyc0UwU1B4N2ZKUXJQZlNpbUQxZE0wcHcrdExZMDFQaUxudlZTCk9SaEw0S09NMDAydVhBUW1CbDZBMXlGRjBsMzhwR1cvbFNDNktId3lnQ0Znb2hHYnFsQmw3eDM1czR0Vkoyak4KdEpXRFdWYmt4eFZEbFFGbW5DTURzbzBEaFBBbGJNbVJ0OC8yeEx5cVRsV2F1SGpvZ3B5dStpdmhrOXcvc3VGUQpkSndXCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
|
|
||||||
<prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRRFZ1SHAwY1pKOE5GNDMKSnp3V2Y3cWdZT1RLYWVQTnFFRUx5QkdKZmZSaDNBZzllcUdKdGdvR0IxaEJoM2lIaUhkY003Tmg3YVZoNU5SbwpSbDhPVlV1TlpxdjhjdHFjYnpjQ2J6RTR1N0NrR0FXd2d3dDlNWUFPb0VMQTluVDJCSVRRNHE2OFlRK1Bib2Z6CktFekhkWTU2aE51OE1JblZZRnVnSFZFdlo5T1lXY2FyWHBJamFKUHZwWEFEZWxNRElTaGw4VmgvRjBzalNLZVAKSys3dUp3RUE4eEk2SmpQU1pGWlJoM2NiN242dHZnRVIwakxBdU1JYnU4bnRjRFo1aXQ1N3J0dGxMTG1QbGJqTApOd3RFeWNXeDF6NmhEUWJBaU90Tm5RTHI5NlBSQ05XVTBNTkkrRnppOEZtQ1ZYWFo3K3FiTUszYXc1em1vcSt1CnhHYXNJWCsxSE5US281aUdTL0crd2Vmem1BMlRRbzFlVWpROXhYZHhveVBnVkZUbXZ1dGtPZ2VBMzlNdGtTSVIKOVFGYlJnamVjUWdXUnk2dFhIYWNubHlwblJqNUpza3dDRGs1b2RXcnFvU0dXMERXUStnQ0o2cWxvSHV5aUlJNApjK0E3NEk1ZmtnSDVBdmVHKzl6VERob2w3Z0Q0b00wcVpESk9JS1lockNSSWkxWnAyUmhQUktCWG1EVUVsdTArCitzbUQ0M2RhTHZBbTh1UDI2Qjc5U1cxYTQ3S3p2SzNaZmdlVlpVREJNZjliUUxETzVsRE9XY3pyellhN3htbVUKdGVUUDB3Sk5OMmVlRUdyNFRKNnVUZkkzbzNjUjlIWGU4Nkt2ZFJXa1JSVVNnbWlVTU1YZ09MVGpVYWxWS2VwTgpRRElycUYzVUJrUnE1VEJPdklnZnFiV1g1UUgrMndJREFRQUJBb0lDQUJBdzhxNEJzS3hTTjFVTVZ1UUpkelVSClFpUUhrNmVQK0tXUTJhdEY3STdCWWFwdXNQQkM1MDEvbnZNUDlWU25SUXVxS3d2Zk9pbEpjY0lZbXJqMlEwd0sKSER0NjVBNzM2ZjM0T0kxb3dzQWJ4Y3FTa3Z0QUZjaUY0YWpHd3lPa1FmK2xQTUd1eE1RRUJxNm9QZkRhZWhuVQpHT1dQODlGRGhJMkR5eFBCVk9sMDI3VTk2K3BjME9CVjh6K0FNK3ZIeGt5NjFRNkQwRUJ6RDZhc0dHVFlkWjRCCnpENjFpRFdIUG5iY3dXeFBUQytUZG5kSUttb3BWU05PdmNTTVBNUkdmZ1oydjg1UmJobHZxVmxUNlRtajQ2Tk8KZ0VNcFBucTFwTVh6Z0RZcVE3SGhiblRndi9xMlBpcy9ORGpJaXE0aEcrLzM1eVBzcitWVksrUWNvdjZsWnd4SgpDRG9oRnFvQlZzNlBiK2YvSGZjUlBCRnBmY1FjeDNnQ2ZWTWh5a3dPN3dBak56cGh1SDNZSlZucGN0Lytnc2p3CkUzMVVLbkZ0eEhmM0NCemNhVDFiR21idzMxekFLalZRTUdOcjFJd2x5Q2o5RmdLdERURzFqcWVKS3pFZy9qMUQKakl6TUo2QUVJMVR1cjlxTi8rZmxQVE53YXVjRmpUMWRRMzVpeG92RFpyY3ZKMEhlTStkSUdTVnNqKzl1K0NTdApzb3ZvdGprWGpsWmdIUngvY1hId1dEbUQ3SFp3MlRuNnBBeGE0aEplRFc0MlJOQURrODRSM3dpSzZzVEl1VHZZClFGUGJJN0I3a3BlMWlzVTduamVjbkcweS8wcjJkbUZNUFpncUNPYXFtSTYwMTl4N09zVjFUNkxHSXBkMDRHY1YKUlYrN1ZuWmcrS0NHenhHaTEvWlJBb0lCQVFENVlhY1NCTGlmYnoxeHpjWEM2bEJ3cE5KNW5wT1M2SG16QlJocQpJcHI4WlVWcDBHTkw3SnBJYzE0cDY4RzRlWDB0NTh5eDRKMDRTdVZDVDMvOFMwamtaV01RckVmbTg0ZmM3RitsCk1vakxEcS9uWmQ2a1ZnUjdCSU5DZjJpaXc2ZEpkOFVTWWc3K2pLakpYK2J2cGsvbWdoYW9yRE1FYVZaN2UvQUoKM0VNenV5TVMrSWgvRGJRYTEyNUV2QkZzdm1CR3NveWNGYmJMMHFDc3BBNjBzcTd2UHNCdlIvVVN3d1ZyVGhmagoxV0ltSmtNdHlwVVNLSVBSZXJUaHZjMlhCL1R0Zk9ieXJnc0l6RnRMOTFtOWRDNXNRTzhSUzZWYTloc3hhMTZZCkVlSGZ2N3NuTTY3M2w1YVgzd2ZrclpWN3g5ZEJCNU5sek9Wa2lkNzZKSmlvb1JYREFvSUJBUURiWklueno4T1IKV013cXNsQWVqLzVXTk8wYzE1U0RoOTB1RkVneFJ1Qmw2dDNqRVZlV0g5U1VLRlRoUkQxWGxsRkpGY3k0YmdBTApIaEQvakE5QTVSdnowczhlVHduODcxM0o1YmdNMWFOb092MVJTS2dZeFN1UWwzdkRYSHFNQ3Rrd3JUOFhsL3lEClo3bU9LVXU4bHhnS1Q1UllXc1dtZ3FuQXJMSG1Ca1FKMU4zdVpiVHU0cWx0WGtoelhaL2swN1B5ZlZvOFMrb2UKU1hwVy85RkpDcEd0Z21PT05WSXcvbU1MNy9ZZ3hFTFRRUS9udmIrSkFKb2xQWWp6ZkVFYy9TYkQ1ckFob09XcwpCYmRKYXkyWGRmWC83ZVZZQnptblllZ2Zod2h4WDVTWGZ3b2lCc2c1VUtvekhaSVhpckVkeTQrdk1wUzl0eWs3Cks1bkN0Mk1QOUNrSkFvSUJBUURLRml4QkdicFMyTjQ5L3JZbmdhRzE1cHI1RzF3VFRIaHliY3FmRjNQbzNGZ24KcTBzTUY2dmUwajZZVWdnbDZhMWJLZUJpdE5ZeTY5NWtvZS9oRDFEK1pIcW01RFZRSGtFVzhpVi94VGU4OVNYdQpxa3FGZVg4Z0FVUXMrdnBjQzVqZ25FSUM1NXVuQTIwejRwZE4xTVFpMDRCeEp6b2dkUXd6L1BkRHhrNWUrV011CjJHQWtOWUtoemJuNTBUMTlsYmlIRWVHSUNzQ2E0eEI1Vm1qa1hYZ05RQmpKRk5Ld1pZRmF0Mm44b3NwcWg4OGcKcUcyc3pWQWt6UDhQZjdPK2xDQVM0NGh6V0Q1dzNzbU5BZUNpK2ljMGFscFE5YkFGeWpHM0ZuOE5WRkJwOVFGQQpmMDFtTGwxR3JPSEVtalhzbk1EK1habEFnWTNTcnpjV0ZkbnZyTG5wQW9JQkFERXlVbDBCOGZEZDRLcVNZYlQ0CnhTZS9wb3daSzR4ekl2MzZQbFlPZHJOai8yMnpyZGhVT3U4ZVBDcG5pdm5oRTBrNFFqZjVNcmxMZkxSUlMvcFoKWmZNL0NvTFpabnY1a1NaOUJOQ2I5NUNmNmI0WWRObFpIWFBIQkZIQ294aFVObS9iNlpINDJ2NzhlM2VOZXhaSApLM1RrYzNkOG8yVzdWeVdGbEQ3b21NazdtcWlpMWZmYmkvS2llY3lrNmYzK0d4UDlXQWE5WHpwN2I1dWlzZU9YCkl5T3RZWFc2THp3ZFQwaVYvck5LVDFIZi9Sa1NTNmtGSVl2SVNMV1EzMmtJdTNDaWdreUlML2hyTDdhZStoSkUKdVcweWc0TkIyNFBWU0tBSlA3TnNvMzExVjJoWjdQd3RRbjFEM0VhN0t3eHJZVVVBS3FxQU1CYThxRFlwdVdVUwpjMEVDZ2dFQWRudXFjWENTeFNicXFQbEc3VU5VZ0dyS28zMHJyWDJaSFlxVkNPc0c4TmZBZC9Id3dRc3pmMEpmCmJqc1JGQlVEYzFLdTk1dFRpWU5VWnArd211S2pxcEZIcjFhNmtQOEgxNWFTUllSTTNITHYwUDYxSGVqa29NeUMKZ3A4QlJibDRuUzh1N3o5YjNWV3FuOVJKOEIrWFRDTGh5Qy9DVTZRZEZCZC9ZUXpOTGNNQktEckppd0pNN3U4YgpFSUZ5MWpRZVlOTC9WcWNuSDY0dm9INEdDZzc5eFJLdlBmWnhBaUZTckhIUVdQWWVJRllDRnlVTUhwMmpTdE43CjVOZ01RWXArbkZZL2d5cWJId2JHQ0JtYWp0bWVYRU1WcnR5SzZ2QXE1RUM2djFrWS9tVFRDb1Jtdmk1djE2ZWoKbWx4azdLanhCWTAvd2tHREY5bkhEMGNEVHpYaHdBPT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=</prv>
|
|
||||||
</cert>
|
|
||||||
<ppps/>
|
|
||||||
<vlans>
|
|
||||||
<vlan>
|
|
||||||
<if>vtnet0</if>
|
|
||||||
<tag>9</tag>
|
|
||||||
<pcp>0</pcp>
|
|
||||||
<descr>tsys</descr>
|
|
||||||
<vlanif>vtnet0_vlan9</vlanif>
|
|
||||||
</vlan>
|
|
||||||
<vlan>
|
|
||||||
<if>vtnet1</if>
|
|
||||||
<tag>3</tag>
|
|
||||||
<pcp>0</pcp>
|
|
||||||
<descr>mgmt</descr>
|
|
||||||
<vlanif>vtnet1_vlan3</vlanif>
|
|
||||||
</vlan>
|
|
||||||
</vlans>
|
|
||||||
<gateways>
|
|
||||||
<gateway_item>
|
|
||||||
<descr>Interface WAN Gateway</descr>
|
|
||||||
<defaultgw>1</defaultgw>
|
|
||||||
<ipprotocol>inet</ipprotocol>
|
|
||||||
<interface>wan</interface>
|
|
||||||
<gateway>158.69.183.166</gateway>
|
|
||||||
<monitor_disable>1</monitor_disable>
|
|
||||||
<name>GW_WAN</name>
|
|
||||||
<interval>1</interval>
|
|
||||||
<weight>1</weight>
|
|
||||||
</gateway_item>
|
|
||||||
<gateway_item>
|
|
||||||
<descr>Interface WAN Gateway</descr>
|
|
||||||
<defaultgw>1</defaultgw>
|
|
||||||
<ipprotocol>inet</ipprotocol>
|
|
||||||
<interface>wan</interface>
|
|
||||||
<gateway>158.69.183.166</gateway>
|
|
||||||
<monitor_disable>1</monitor_disable>
|
|
||||||
<name>GW_WAN</name>
|
|
||||||
<interval>1</interval>
|
|
||||||
<weight>1</weight>
|
|
||||||
</gateway_item>
|
|
||||||
</gateways>
|
|
||||||
<openvpn>
|
|
||||||
<openvpn-client>
|
|
||||||
<protocol>UDP</protocol>
|
|
||||||
<dev_mode>tun</dev_mode>
|
|
||||||
<server_addr>158.69.183.162</server_addr>
|
|
||||||
<server_port>1194</server_port>
|
|
||||||
<proxy_authtype>none</proxy_authtype>
|
|
||||||
<description>ASN2NET Backbone</description>
|
|
||||||
<mode>p2p_shared_key</mode>
|
|
||||||
<crypto>AES-128-CBC</crypto>
|
|
||||||
<digest>SHA1</digest>
|
|
||||||
<engine>none</engine>
|
|
||||||
<tunnel_network>192.168.194.0/30</tunnel_network>
|
|
||||||
<verbosity_level>1</verbosity_level>
|
|
||||||
<interface>wan</interface>
|
|
||||||
<vpnid>1</vpnid>
|
|
||||||
<custom_options/>
|
|
||||||
<shared_key>Iw0KIyAyMDQ4IGJpdCBPcGVuVlBOIHN0YXRpYyBrZXkNCiMNCi0tLS0tQkVHSU4gT3BlblZQTiBTdGF0aWMga2V5IFYxLS0tLS0NCjRhYjBlYzc3NGNlZmFjNDk0ZDkxMmRlOGRkMzkyN2JhDQowZGZjMzI2MGMwZmQwOGE2ZmI0NjVjMGNmZjQ1MzU1YQ0KMDBmODc5MzQwMDI0YjU1OTQ2MDAzNmUyOTJjNDhiNWQNCjkzMjg3ZjY3ZTIwOTI4ZDA2MzczMjM2NjliMjNmZjNiDQoxZjY3MDJlYzkwZWEzOGU3MWZjN2JjMDA5ZTI1YzdiYw0KZjVmNGE4YTNlMzdhMDUyOTkxMGEzNDVjMTQ4Mjk5OTkNCjU0OWE4NGIzYTAyZTg4M2Y1M2ZkZWYzNGZlYzlhNTg3DQpiMDBjMWM3ZjU4YjFlOTYyZTQ1ZjEyMjI0MGI0YTBlMQ0KMTgxZTU3NjY0Y2UwZmIxNTg5YTA1NmZjYWYyNDYwNGYNCmU3M2I4OTJmN2JmNzRlZjMxODEzYzc5ODJhZjkwNmNhDQo4YzAwYTY1OWEwMzI3MGQ3ZGFiNjE0YzkwM2RjYWRlZQ0KNmEwZjQ2MDFhMWE4ODAzMjQxZjY4MTY5M2UyZWFjN2ENCmUyZWNkMDBkYmU4Mjc1MDY2OWQ0MTkwNTZmYjE4OWE0DQpiYzY1YzAyOWY1ZjM2YzI1MTM0MzkzM2M3OTRkZjdhMg0KY2E3OWUyN2E1ZDNjNDhiNjgwNjg2Yjc5MmQ3ZGZiOGUNCmIwODZkMzAyNzNiN2U0ZmNjNTdiNGVjZTQyOTgyMjg2DQotLS0tLUVORCBPcGVuVlBOIFN0YXRpYyBrZXkgVjEtLS0tLQ==</shared_key>
|
|
||||||
</openvpn-client>
|
|
||||||
</openvpn>
|
|
||||||
<staticroutes/>
|
|
||||||
<virtualip>
|
|
||||||
<vip>
|
|
||||||
<type>single</type>
|
|
||||||
<subnet_bits>29</subnet_bits>
|
|
||||||
<mode>carp</mode>
|
|
||||||
<interface>wan</interface>
|
|
||||||
<descr>tsys-cloud-www</descr>
|
|
||||||
<subnet>158.69.183.163</subnet>
|
|
||||||
<vhid>1</vhid>
|
|
||||||
<advskew>0</advskew>
|
|
||||||
<advbase>1</advbase>
|
|
||||||
<password>123</password>
|
|
||||||
</vip>
|
|
||||||
<vip>
|
|
||||||
<type>single</type>
|
|
||||||
<subnet_bits>24</subnet_bits>
|
|
||||||
<mode>carp</mode>
|
|
||||||
<interface>lan</interface>
|
|
||||||
<descr>floating gw tsys </descr>
|
|
||||||
<subnet>10.253.9.254</subnet>
|
|
||||||
<vhid>2</vhid>
|
|
||||||
<advskew>0</advskew>
|
|
||||||
<advbase>1</advbase>
|
|
||||||
<password>vip123</password>
|
|
||||||
</vip>
|
|
||||||
<vip>
|
|
||||||
<type>single</type>
|
|
||||||
<subnet_bits>24</subnet_bits>
|
|
||||||
<mode>carp</mode>
|
|
||||||
<interface>opt1</interface>
|
|
||||||
<descr>toolbox/ucs</descr>
|
|
||||||
<subnet>10.253.3.254</subnet>
|
|
||||||
<vhid>3</vhid>
|
|
||||||
<advskew>0</advskew>
|
|
||||||
<advbase>1</advbase>
|
|
||||||
<password>c0l0rad0</password>
|
|
||||||
</vip>
|
|
||||||
</virtualip>
|
|
||||||
</opnsense>
|
|
@ -1,232 +0,0 @@
|
|||||||
!
|
|
||||||
! Last configuration change at 14:50:15 CST Fri Feb 9 2018 by cisco
|
|
||||||
! NVRAM config last updated at 14:50:18 CST Fri Feb 9 2018 by cisco
|
|
||||||
! NVRAM config last updated at 14:50:18 CST Fri Feb 9 2018 by cisco
|
|
||||||
version 15.2
|
|
||||||
no service pad
|
|
||||||
service timestamps debug datetime msec
|
|
||||||
service timestamps log datetime msec
|
|
||||||
service password-encryption
|
|
||||||
!
|
|
||||||
hostname pfv-core-ap01
|
|
||||||
!
|
|
||||||
logging rate-limit console 9
|
|
||||||
no logging console
|
|
||||||
no logging monitor
|
|
||||||
enable secret 5 $1$lB96$.3rp3EmJ9p2KjpJh7h0.T.
|
|
||||||
!
|
|
||||||
no aaa new-model
|
|
||||||
clock timezone CST -6 0
|
|
||||||
no ip domain lookup
|
|
||||||
ip name-server 10.253.3.86
|
|
||||||
!
|
|
||||||
!
|
|
||||||
dot11 syslog
|
|
||||||
dot11 vlan-name Nerdbone vlan 200
|
|
||||||
dot11 vlan-name TheNerdery vlan 100
|
|
||||||
!
|
|
||||||
dot11 ssid Nerdbone
|
|
||||||
vlan 200
|
|
||||||
authentication open
|
|
||||||
authentication key-management wpa
|
|
||||||
mbssid guest-mode
|
|
||||||
wpa-psk ascii 7 08714E1E041831051302180B386A
|
|
||||||
!
|
|
||||||
dot11 ssid TheNerdery
|
|
||||||
vlan 100
|
|
||||||
authentication open
|
|
||||||
authentication key-management wpa
|
|
||||||
mbssid guest-mode
|
|
||||||
wpa-psk ascii 7 132B47021800572E6A
|
|
||||||
!
|
|
||||||
dot11 network-map
|
|
||||||
power inline negotiation injector override
|
|
||||||
crypto pki token default removal timeout 0
|
|
||||||
!
|
|
||||||
crypto pki trustpoint TP-self-signed-3632941680
|
|
||||||
enrollment selfsigned
|
|
||||||
subject-name cn=IOS-Self-Signed-Certificate-3632941680
|
|
||||||
revocation-check none
|
|
||||||
rsakeypair TP-self-signed-3632941680
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki certificate chain TP-self-signed-3632941680
|
|
||||||
certificate self-signed 01
|
|
||||||
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
|
|
||||||
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
|
|
||||||
69666963 6174652D 33363332 39343136 3830301E 170D3933 30333031 30303032
|
|
||||||
31385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
|
|
||||||
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 36333239
|
|
||||||
34313638 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
|
|
||||||
8100BDC3 965C98A2 EB69E593 4AEAB184 675EC9C6 8518857D B366DDF8 F4E666C8
|
|
||||||
6C08CF6A 7563828E 607931DA EB0AD984 142ECB95 1618F2A9 A9624D61 07FCE76F
|
|
||||||
0C0A8696 E178A8B1 FB966206 8A0769BC B7FA8881 AE34443C 3800B61F B97E9FA1
|
|
||||||
66E0675F 7B494A0C AD657CD9 847C6755 A65A7E59 B625E45D 89C0AFDE 2B646015
|
|
||||||
5CFF0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
|
|
||||||
551D2304 18301680 14715BA0 DC1E3390 78A05B38 1C6B64C8 52A67D60 9B301D06
|
|
||||||
03551D0E 04160414 715BA0DC 1E339078 A05B381C 6B64C852 A67D609B 300D0609
|
|
||||||
2A864886 F70D0101 05050003 8181000B 52E38067 C0AB47F9 08AA49B5 5D4EEA01
|
|
||||||
6E94406F 1579D75C 6888DFB0 D93BF95A 719F2884 7EEF5101 03A5FF8A D5D88568
|
|
||||||
E48F6F15 7337BF48 B5D8A329 579F9287 DBD9539A 9B084568 BD20BD94 A778A0DE
|
|
||||||
6DCE2368 1EF9AC86 6271A1C1 1072FCC1 F5B0DAFB 9FA3200A 967A8F03 E3D37ADC
|
|
||||||
3C25EE36 671237BC 3A7A9049 B027B0
|
|
||||||
quit
|
|
||||||
username cisco privilege 15 password 7 0313591B553C131862043D012F4A381B3C09
|
|
||||||
!
|
|
||||||
!
|
|
||||||
bridge irb
|
|
||||||
!
|
|
||||||
!
|
|
||||||
interface Dot11Radio0
|
|
||||||
no ip address
|
|
||||||
no ip route-cache
|
|
||||||
!
|
|
||||||
encryption mode ciphers aes-ccm
|
|
||||||
!
|
|
||||||
encryption vlan 100 mode ciphers aes-ccm tkip
|
|
||||||
!
|
|
||||||
encryption vlan 200 mode ciphers aes-ccm tkip
|
|
||||||
!
|
|
||||||
ssid Nerdbone
|
|
||||||
!
|
|
||||||
ssid TheNerdery
|
|
||||||
!
|
|
||||||
antenna gain 0
|
|
||||||
mbssid
|
|
||||||
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
|
|
||||||
channel 2422
|
|
||||||
station-role root
|
|
||||||
bridge-group 1
|
|
||||||
bridge-group 1 subscriber-loop-control
|
|
||||||
bridge-group 1 spanning-disabled
|
|
||||||
bridge-group 1 block-unknown-source
|
|
||||||
no bridge-group 1 source-learning
|
|
||||||
no bridge-group 1 unicast-flooding
|
|
||||||
!
|
|
||||||
interface Dot11Radio0.100
|
|
||||||
encapsulation dot1Q 100
|
|
||||||
no ip route-cache
|
|
||||||
bridge-group 100
|
|
||||||
bridge-group 100 subscriber-loop-control
|
|
||||||
bridge-group 100 spanning-disabled
|
|
||||||
bridge-group 100 port-protected
|
|
||||||
bridge-group 100 block-unknown-source
|
|
||||||
no bridge-group 100 source-learning
|
|
||||||
no bridge-group 100 unicast-flooding
|
|
||||||
!
|
|
||||||
interface Dot11Radio0.200
|
|
||||||
encapsulation dot1Q 200
|
|
||||||
no ip route-cache
|
|
||||||
bridge-group 200
|
|
||||||
bridge-group 200 subscriber-loop-control
|
|
||||||
bridge-group 200 spanning-disabled
|
|
||||||
bridge-group 200 block-unknown-source
|
|
||||||
no bridge-group 200 source-learning
|
|
||||||
no bridge-group 200 unicast-flooding
|
|
||||||
!
|
|
||||||
interface Dot11Radio1
|
|
||||||
no ip address
|
|
||||||
no ip route-cache
|
|
||||||
!
|
|
||||||
encryption mode ciphers aes-ccm
|
|
||||||
!
|
|
||||||
encryption vlan 100 mode ciphers aes-ccm tkip
|
|
||||||
!
|
|
||||||
encryption vlan 200 mode ciphers aes-ccm tkip
|
|
||||||
antenna gain 0
|
|
||||||
dfs band 3 block
|
|
||||||
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
|
|
||||||
channel dfs
|
|
||||||
station-role root
|
|
||||||
bridge-group 1
|
|
||||||
bridge-group 1 subscriber-loop-control
|
|
||||||
bridge-group 1 spanning-disabled
|
|
||||||
bridge-group 1 block-unknown-source
|
|
||||||
no bridge-group 1 source-learning
|
|
||||||
no bridge-group 1 unicast-flooding
|
|
||||||
!
|
|
||||||
interface Dot11Radio1.100
|
|
||||||
encapsulation dot1Q 100
|
|
||||||
no ip route-cache
|
|
||||||
bridge-group 100
|
|
||||||
bridge-group 100 subscriber-loop-control
|
|
||||||
bridge-group 100 spanning-disabled
|
|
||||||
bridge-group 100 port-protected
|
|
||||||
bridge-group 100 block-unknown-source
|
|
||||||
no bridge-group 100 source-learning
|
|
||||||
no bridge-group 100 unicast-flooding
|
|
||||||
!
|
|
||||||
interface Dot11Radio1.200
|
|
||||||
encapsulation dot1Q 200
|
|
||||||
no ip route-cache
|
|
||||||
bridge-group 200
|
|
||||||
bridge-group 200 subscriber-loop-control
|
|
||||||
bridge-group 200 spanning-disabled
|
|
||||||
bridge-group 200 block-unknown-source
|
|
||||||
no bridge-group 200 source-learning
|
|
||||||
no bridge-group 200 unicast-flooding
|
|
||||||
!
|
|
||||||
interface GigabitEthernet0
|
|
||||||
no ip address
|
|
||||||
no ip route-cache
|
|
||||||
duplex auto
|
|
||||||
speed auto
|
|
||||||
bridge-group 1
|
|
||||||
bridge-group 1 spanning-disabled
|
|
||||||
no bridge-group 1 source-learning
|
|
||||||
!
|
|
||||||
interface GigabitEthernet0.100
|
|
||||||
encapsulation dot1Q 100
|
|
||||||
no ip route-cache
|
|
||||||
bridge-group 100
|
|
||||||
bridge-group 100 spanning-disabled
|
|
||||||
no bridge-group 100 source-learning
|
|
||||||
!
|
|
||||||
interface GigabitEthernet0.200
|
|
||||||
encapsulation dot1Q 200
|
|
||||||
no ip route-cache
|
|
||||||
bridge-group 200
|
|
||||||
bridge-group 200 spanning-disabled
|
|
||||||
no bridge-group 200 source-learning
|
|
||||||
!
|
|
||||||
interface BVI1
|
|
||||||
ip address 10.251.30.251 255.255.255.0
|
|
||||||
no ip route-cache
|
|
||||||
!
|
|
||||||
ip default-gateway 10.251.30.254
|
|
||||||
no ip http server
|
|
||||||
ip http secure-server
|
|
||||||
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
|
|
||||||
logging 10.253.3.99
|
|
||||||
access-list 3 permit 10.253.3.99
|
|
||||||
access-list 3 remark For SNMP - Only Monitoring Servers can access.
|
|
||||||
access-list 3 permit 10.243.3.33
|
|
||||||
access-list 3 deny any log
|
|
||||||
snmp-server community kn3l-mgmt RO 3
|
|
||||||
snmp-server community kn3lmgmt RO
|
|
||||||
snmp-server host 10.253.3.33 kn3l-mgmt
|
|
||||||
bridge 1 route ip
|
|
||||||
!
|
|
||||||
!
|
|
||||||
banner login ^C5
|
|
||||||
===============================================================================
|
|
||||||
-------------------------------------------------------------------------------
|
|
||||||
TURN NET SYSTEMS - PRODUCTION SYSTEM - GO AWAY
|
|
||||||
-------------------------------------------------------------------------------
|
|
||||||
|
|
||||||
This is a private computer system. These resources, including all
|
|
||||||
related equipmentURN NET SYSTEMS - PRODUCTION SYSTEM - GO AWAY
|
|
||||||
===============================================================================
|
|
||||||
^C
|
|
||||||
!
|
|
||||||
line con 0
|
|
||||||
line vty 0 4
|
|
||||||
login local
|
|
||||||
transport input all
|
|
||||||
!
|
|
||||||
no exception crashinfo
|
|
||||||
sntp server 10.40.100.200
|
|
||||||
sntp server 10.251.30.71
|
|
||||||
sntp server 10.253.3.201
|
|
||||||
end
|
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -1,283 +0,0 @@
|
|||||||
!
|
|
||||||
! Last configuration change at 14:54:50 CST Fri Feb 9 2018 by cisco
|
|
||||||
! NVRAM config last updated at 14:54:52 CST Fri Feb 9 2018 by cisco
|
|
||||||
!
|
|
||||||
version 12.2
|
|
||||||
no service pad
|
|
||||||
service timestamps debug datetime msec
|
|
||||||
service timestamps log datetime msec
|
|
||||||
service password-encryption
|
|
||||||
!
|
|
||||||
hostname pfv-core-sw01
|
|
||||||
!
|
|
||||||
boot-start-marker
|
|
||||||
boot-end-marker
|
|
||||||
!
|
|
||||||
enable secret 5 $1$.DDG$avbJ/Ba3mTZaUZj0DGbyr0
|
|
||||||
enable password 7 13061E010803
|
|
||||||
!
|
|
||||||
username cisco privilege 15 password 7 1505091C57191970043E11262B5F25143975
|
|
||||||
aaa new-model
|
|
||||||
!
|
|
||||||
!
|
|
||||||
aaa authentication login default group NPS_RADIUS_SERVERS local
|
|
||||||
aaa authorization exec default group NPS_RADIUS_SERVERS local if-authenticated
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
aaa session-id common
|
|
||||||
clock timezone CST -6
|
|
||||||
system mtu routing 1500
|
|
||||||
ip subnet-zero
|
|
||||||
ip routing
|
|
||||||
ip domain-name turnsys.net
|
|
||||||
ip name-server 10.251.30.71
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki trustpoint TP-self-signed-1485245952
|
|
||||||
enrollment selfsigned
|
|
||||||
subject-name cn=IOS-Self-Signed-Certificate-1485245952
|
|
||||||
revocation-check none
|
|
||||||
rsakeypair TP-self-signed-1485245952
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto pki certificate chain TP-self-signed-1485245952
|
|
||||||
certificate self-signed 01
|
|
||||||
30820250 308201B9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
|
|
||||||
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
|
|
||||||
69666963 6174652D 31343835 32343539 3532301E 170D3933 30333031 30303030
|
|
||||||
35335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
|
|
||||||
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 34383532
|
|
||||||
34353935 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
|
|
||||||
8100B3BC 70D69DBD 98EF4C19 8B98D8D6 FA1EEA8F 89C99567 38DAEDEE E481EB4B
|
|
||||||
5FE96885 1E2E4CF6 7282D474 3C0F9711 FD94A661 DF3FCADA FCD801B3 BAC0F907
|
|
||||||
A167C100 68E8B2C8 EC191A61 07EAEE1B 9A27C508 5BDE75D4 8E027D98 979AB506
|
|
||||||
35AEF3AF ED6AB97B AF2137DD 1C28EB7F 9DDC88B0 AECA1529 8E252DAD D0AF0CD9
|
|
||||||
14D50203 010001A3 78307630 0F060355 1D130101 FF040530 030101FF 30230603
|
|
||||||
551D1104 1C301A82 18617573 2D636F72 65737730 312E7475 726E7379 732E6E65
|
|
||||||
74301F06 03551D23 04183016 801437DF 64CC8992 2CD93FAC 0829D8DA E56280E2
|
|
||||||
0374301D 0603551D 0E041604 1437DF64 CC89922C D93FAC08 29D8DAE5 6280E203
|
|
||||||
74300D06 092A8648 86F70D01 01040500 03818100 6090B1E0 D07F081C 273982E5
|
|
||||||
DA52C1A9 FF9D381B 6A9A6A65 A8315696 F7E1483C A8AE9C6A 74635CFE 03D8F845
|
|
||||||
46188168 8E5CBF98 C4450FAC 95628D2E 3EB3D16F F8461D75 114A8F6F D40098E3
|
|
||||||
C50F9AA7 6568273C 73436B35 B57CCF52 D152EBE0 84EE5684 F3D027B0 AEBDD7A0
|
|
||||||
ECB58FD2 D717CADE 12CE7A53 C80E6BC4 3235D6FF
|
|
||||||
quit
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
spanning-tree mode pvst
|
|
||||||
spanning-tree extend system-id
|
|
||||||
!
|
|
||||||
vlan internal allocation policy ascending
|
|
||||||
!
|
|
||||||
ip ssh time-out 60
|
|
||||||
ip ssh authentication-retries 5
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
interface FastEthernet0/1
|
|
||||||
description labsw01
|
|
||||||
switchport trunk encapsulation dot1q
|
|
||||||
switchport mode trunk
|
|
||||||
!
|
|
||||||
interface FastEthernet0/2
|
|
||||||
description unknown
|
|
||||||
spanning-tree portfast
|
|
||||||
!
|
|
||||||
interface FastEthernet0/3
|
|
||||||
description printer-pi
|
|
||||||
switchport access vlan 22
|
|
||||||
spanning-tree portfast
|
|
||||||
!
|
|
||||||
interface FastEthernet0/4
|
|
||||||
description pfv-ucs
|
|
||||||
switchport trunk encapsulation dot1q
|
|
||||||
switchport mode trunk
|
|
||||||
!
|
|
||||||
interface FastEthernet0/5
|
|
||||||
description extcam-left
|
|
||||||
switchport access vlan 200
|
|
||||||
spanning-tree portfast
|
|
||||||
!
|
|
||||||
interface FastEthernet0/6
|
|
||||||
description extcam-right
|
|
||||||
switchport access vlan 200
|
|
||||||
spanning-tree portfast
|
|
||||||
!
|
|
||||||
interface FastEthernet0/7
|
|
||||||
description ap1
|
|
||||||
switchport access vlan 22
|
|
||||||
spanning-tree portfast
|
|
||||||
!
|
|
||||||
interface FastEthernet0/8
|
|
||||||
description ap2
|
|
||||||
switchport access vlan 22
|
|
||||||
!
|
|
||||||
interface FastEthernet0/9
|
|
||||||
description ap3
|
|
||||||
switchport access vlan 22
|
|
||||||
!
|
|
||||||
interface FastEthernet0/10
|
|
||||||
description ap4
|
|
||||||
switchport access vlan 100
|
|
||||||
!
|
|
||||||
interface FastEthernet0/11
|
|
||||||
description gallileo
|
|
||||||
switchport access vlan 22
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface FastEthernet0/12
|
|
||||||
description ausprod-coreap01
|
|
||||||
power inline never
|
|
||||||
switchport trunk encapsulation dot1q
|
|
||||||
switchport trunk native vlan 30
|
|
||||||
switchport mode trunk
|
|
||||||
!
|
|
||||||
interface FastEthernet0/13
|
|
||||||
description inkjet
|
|
||||||
switchport access vlan 22
|
|
||||||
!
|
|
||||||
interface FastEthernet0/14
|
|
||||||
description color laser
|
|
||||||
switchport access vlan 22
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface FastEthernet0/15
|
|
||||||
description bwlaser
|
|
||||||
switchport access vlan 22
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface FastEthernet0/16
|
|
||||||
description octopi
|
|
||||||
switchport access vlan 22
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface FastEthernet0/17
|
|
||||||
description workbench switch
|
|
||||||
switchport access vlan 100
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface FastEthernet0/18
|
|
||||||
!
|
|
||||||
interface FastEthernet0/19
|
|
||||||
description parallela
|
|
||||||
switchport access vlan 22
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface FastEthernet0/20
|
|
||||||
!
|
|
||||||
interface FastEthernet0/21
|
|
||||||
!
|
|
||||||
interface FastEthernet0/22
|
|
||||||
description temp-port
|
|
||||||
switchport access vlan 30
|
|
||||||
switchport mode access
|
|
||||||
!
|
|
||||||
interface FastEthernet0/23
|
|
||||||
description pfv-corertr01
|
|
||||||
switchport trunk encapsulation dot1q
|
|
||||||
switchport mode trunk
|
|
||||||
!
|
|
||||||
interface FastEthernet0/24
|
|
||||||
description pfv-corertr02
|
|
||||||
switchport trunk encapsulation dot1q
|
|
||||||
switchport mode trunk
|
|
||||||
!
|
|
||||||
interface GigabitEthernet0/1
|
|
||||||
!
|
|
||||||
interface GigabitEthernet0/2
|
|
||||||
!
|
|
||||||
interface Vlan1
|
|
||||||
no ip address
|
|
||||||
!
|
|
||||||
interface Vlan30
|
|
||||||
description Mgmt net
|
|
||||||
ip address 10.251.30.100 255.255.255.0
|
|
||||||
!
|
|
||||||
interface Vlan31
|
|
||||||
description AP net
|
|
||||||
no ip address
|
|
||||||
!
|
|
||||||
interface Vlan32
|
|
||||||
description Switch net
|
|
||||||
no ip address
|
|
||||||
!
|
|
||||||
interface Vlan33
|
|
||||||
description VOIP net
|
|
||||||
no ip address
|
|
||||||
!
|
|
||||||
interface Vlan34
|
|
||||||
description Router net
|
|
||||||
no ip address
|
|
||||||
!
|
|
||||||
interface Vlan35
|
|
||||||
description IPTV
|
|
||||||
no ip address
|
|
||||||
!
|
|
||||||
interface Vlan36
|
|
||||||
description PeanutGallery
|
|
||||||
no ip address
|
|
||||||
!
|
|
||||||
interface Vlan37
|
|
||||||
description MALZOO (RED) net
|
|
||||||
no ip address
|
|
||||||
!
|
|
||||||
interface Vlan38
|
|
||||||
description Fstack1
|
|
||||||
no ip address
|
|
||||||
!
|
|
||||||
interface Vlan39
|
|
||||||
description Fstack2
|
|
||||||
no ip address
|
|
||||||
!
|
|
||||||
interface Vlan40
|
|
||||||
description Storage
|
|
||||||
no ip address
|
|
||||||
!
|
|
||||||
interface Vlan100
|
|
||||||
description Desknet
|
|
||||||
no ip address
|
|
||||||
!
|
|
||||||
interface Vlan200
|
|
||||||
description nerdbone
|
|
||||||
no ip address
|
|
||||||
!
|
|
||||||
ip default-gateway 10.251.30.254
|
|
||||||
ip classless
|
|
||||||
ip route 0.0.0.0 0.0.0.0 10.251.30.254
|
|
||||||
no ip http server
|
|
||||||
no ip http secure-server
|
|
||||||
!
|
|
||||||
!
|
|
||||||
logging 10.253.3.99
|
|
||||||
access-list 93 remark NTP access
|
|
||||||
access-list 93 deny any log
|
|
||||||
snmp-server user kn3lmgmt kn3lmgmt v1
|
|
||||||
snmp-server user kn3lmgmt kn3lmgmt v2c
|
|
||||||
snmp-server community kn3lmgmt RO
|
|
||||||
snmp-server user kn3lmgmt kn3lmgmt v1
|
|
||||||
snmp-server user kn3lmgmt kn3lmgmt v2c
|
|
||||||
snmp-server location PFV
|
|
||||||
snmp-server chassis-id pfv-core-sw01
|
|
||||||
!
|
|
||||||
control-plane
|
|
||||||
!
|
|
||||||
!
|
|
||||||
line con 0
|
|
||||||
line vty 0 4
|
|
||||||
transport input all
|
|
||||||
line vty 5 15
|
|
||||||
!
|
|
||||||
ntp clock-period 36029657
|
|
||||||
ntp access-group peer 93
|
|
||||||
ntp access-group serve 93
|
|
||||||
ntp access-group serve-only 93
|
|
||||||
ntp server 10.253.3.201
|
|
||||||
ntp server 10.40.100.200
|
|
||||||
ntp server 10.251.30.71
|
|
||||||
end
|
|
||||||
|
|
@ -1,436 +0,0 @@
|
|||||||
!
|
|
||||||
! Last configuration change at 13:44:44 CST Fri Feb 9 2018 by cisco
|
|
||||||
! NVRAM config last updated at 13:44:45 CST Fri Feb 9 2018 by cisco
|
|
||||||
!
|
|
||||||
version 12.3
|
|
||||||
no service pad
|
|
||||||
service timestamps debug datetime msec
|
|
||||||
service timestamps log datetime msec
|
|
||||||
service password-encryption
|
|
||||||
!
|
|
||||||
hostname outap-front
|
|
||||||
!
|
|
||||||
logging rate-limit console 9
|
|
||||||
no logging console
|
|
||||||
no logging monitor
|
|
||||||
enable secret 5 $1$lB96$.3rp3EmJ9p2KjpJh7h0.T.
|
|
||||||
!
|
|
||||||
clock timezone CST -6
|
|
||||||
ip subnet-zero
|
|
||||||
no ip domain lookup
|
|
||||||
ip domain name turnsys.net
|
|
||||||
ip name-server 10.40.50.254
|
|
||||||
!
|
|
||||||
!
|
|
||||||
no aaa new-model
|
|
||||||
dot11 syslog
|
|
||||||
dot11 vlan-name Public vlan 2
|
|
||||||
dot11 vlan-name Video vlan 201
|
|
||||||
dot11 vlan-name Voice vlan 200
|
|
||||||
dot11 vlan-name Workstations vlan 50
|
|
||||||
!
|
|
||||||
dot11 ssid SATX-Internet
|
|
||||||
vlan 50
|
|
||||||
authentication open
|
|
||||||
authentication key-management wpa
|
|
||||||
guest-mode
|
|
||||||
mbssid guest-mode dtim-period 75
|
|
||||||
wpa-psk ascii 7 070D2E43410E1C1704
|
|
||||||
!
|
|
||||||
dot11 network-map
|
|
||||||
!
|
|
||||||
crypto pki trustpoint TP-self-signed-4066931324
|
|
||||||
enrollment selfsigned
|
|
||||||
subject-name cn=IOS-Self-Signed-Certificate-4066931324
|
|
||||||
revocation-check none
|
|
||||||
rsakeypair TP-self-signed-4066931324
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto ca certificate chain TP-self-signed-4066931324
|
|
||||||
certificate self-signed 01
|
|
||||||
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
|
|
||||||
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
|
|
||||||
69666963 6174652D 34303636 39333133 3234301E 170D3132 30313038 31363333
|
|
||||||
32325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
|
|
||||||
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 30363639
|
|
||||||
33313332 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
|
|
||||||
8100C811 9A785118 E4DAF6E4 1F1AA2BF 443A6F35 EA8A65EA 6A4768D9 C0998DD4
|
|
||||||
335F80D8 69A45641 72E6AA4F 05260247 7FCF755F C13336C0 8071A2C5 4AB23C96
|
|
||||||
BF57D1BB CD52B4F1 E7423EB8 C9482C26 3742EAFC 730A0DFF 02CEAC28 9B08F072
|
|
||||||
04960164 01CE5182 BA8898A2 AF23160D 299B87B8 E53AADB3 9233EC21 D973F636
|
|
||||||
01990203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
|
|
||||||
551D2304 18301680 1444BE0D D2F9A64D 600430DB 70E4DB6E F890968D 74301D06
|
|
||||||
03551D0E 04160414 44BE0DD2 F9A64D60 0430DB70 E4DB6EF8 90968D74 300D0609
|
|
||||||
2A864886 F70D0101 04050003 81810006 C0FD3D8F 1D87A0D4 1BCD3561 BDA8713D
|
|
||||||
A72756CA 65E67BB8 6BE0F3EE 17863E60 512A1B52 900F99D1 D4A66158 4B4D04C4
|
|
||||||
33FE9E09 C82A76CD F63B13CC 0901AB8A 60D739DA 9B0FF35A 0A71529F 70B75C0F
|
|
||||||
8F012B28 F979C9E6 66FDD951 97478D5B ACFCF8E6 B7786CDD 0593B48A FC551254
|
|
||||||
F3452830 685FB60B 7BDEF67B C689FA
|
|
||||||
quit
|
|
||||||
username Cisco privilege 15 password 7 02050D480809
|
|
||||||
!
|
|
||||||
bridge irb
|
|
||||||
!
|
|
||||||
!
|
|
||||||
interface Dot11Radio0
|
|
||||||
no ip address
|
|
||||||
no ip route-cache
|
|
||||||
!
|
|
||||||
encryption mode ciphers aes-ccm
|
|
||||||
!
|
|
||||||
encryption vlan 2 mode ciphers aes-ccm tkip
|
|
||||||
!
|
|
||||||
encryption vlan 50 mode ciphers aes-ccm tkip
|
|
||||||
!
|
|
||||||
encryption vlan 200 mode ciphers aes-ccm tkip
|
|
||||||
!
|
|
||||||
encryption vlan 201 mode ciphers aes-ccm tkip
|
|
||||||
!
|
|
||||||
ssid SATX-Internet
|
|
||||||
!
|
|
||||||
mbssid
|
|
||||||
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
|
|
||||||
station-role root
|
|
||||||
antenna gain 0
|
|
||||||
bridge-group 1
|
|
||||||
bridge-group 1 subscriber-loop-control
|
|
||||||
bridge-group 1 block-unknown-source
|
|
||||||
no bridge-group 1 source-learning
|
|
||||||
no bridge-group 1 unicast-flooding
|
|
||||||
bridge-group 1 spanning-disabled
|
|
||||||
!
|
|
||||||
interface Dot11Radio0.2
|
|
||||||
encapsulation dot1Q 2
|
|
||||||
no ip route-cache
|
|
||||||
bridge-group 2
|
|
||||||
bridge-group 2 subscriber-loop-control
|
|
||||||
bridge-group 2 port-protected
|
|
||||||
bridge-group 2 block-unknown-source
|
|
||||||
no bridge-group 2 source-learning
|
|
||||||
no bridge-group 2 unicast-flooding
|
|
||||||
bridge-group 2 spanning-disabled
|
|
||||||
!
|
|
||||||
interface Dot11Radio0.50
|
|
||||||
encapsulation dot1Q 50
|
|
||||||
no ip route-cache
|
|
||||||
bridge-group 50
|
|
||||||
bridge-group 50 subscriber-loop-control
|
|
||||||
bridge-group 50 block-unknown-source
|
|
||||||
no bridge-group 50 source-learning
|
|
||||||
no bridge-group 50 unicast-flooding
|
|
||||||
bridge-group 50 spanning-disabled
|
|
||||||
!
|
|
||||||
interface Dot11Radio0.200
|
|
||||||
encapsulation dot1Q 200
|
|
||||||
no ip route-cache
|
|
||||||
bridge-group 200
|
|
||||||
bridge-group 200 subscriber-loop-control
|
|
||||||
bridge-group 200 block-unknown-source
|
|
||||||
no bridge-group 200 source-learning
|
|
||||||
no bridge-group 200 unicast-flooding
|
|
||||||
bridge-group 200 spanning-disabled
|
|
||||||
!
|
|
||||||
interface Dot11Radio0.201
|
|
||||||
encapsulation dot1Q 201
|
|
||||||
no ip route-cache
|
|
||||||
bridge-group 201
|
|
||||||
bridge-group 201 subscriber-loop-control
|
|
||||||
bridge-group 201 block-unknown-source
|
|
||||||
no bridge-group 201 source-learning
|
|
||||||
no bridge-group 201 unicast-flooding
|
|
||||||
bridge-group 201 spanning-disabled
|
|
||||||
!
|
|
||||||
interface FastEthernet0
|
|
||||||
no ip address
|
|
||||||
no ip route-cache
|
|
||||||
duplex auto
|
|
||||||
speed auto
|
|
||||||
bridge-group 1
|
|
||||||
no bridge-group 1 source-learning
|
|
||||||
!
|
|
||||||
interface FastEthernet0.2
|
|
||||||
encapsulation dot1Q 2
|
|
||||||
no ip route-cache
|
|
||||||
bridge-group 2
|
|
||||||
no bridge-group 2 source-learning
|
|
||||||
bridge-group 2 spanning-disabled
|
|
||||||
!
|
|
||||||
interface FastEthernet0.50
|
|
||||||
encapsulation dot1Q 50
|
|
||||||
no ip route-cache
|
|
||||||
bridge-group 50
|
|
||||||
no bridge-group 50 source-learning
|
|
||||||
bridge-group 50 spanning-disabled
|
|
||||||
!
|
|
||||||
interface FastEthernet0.200
|
|
||||||
encapsulation dot1Q 200
|
|
||||||
no ip route-cache
|
|
||||||
bridge-group 200
|
|
||||||
no bridge-group 200 source-learning
|
|
||||||
bridge-group 200 spanning-disabled
|
|
||||||
!
|
|
||||||
interface FastEthernet0.201
|
|
||||||
encapsulation dot1Q 201
|
|
||||||
no ip route-cache
|
|
||||||
bridge-group 201
|
|
||||||
no bridge-group 201 source-learning
|
|
||||||
bridge-group 201 spanning-disabled
|
|
||||||
!
|
|
||||||
interface BVI1
|
|
||||||
ip address 10.40.100.201 255.255.255.0
|
|
||||||
no ip route-cache
|
|
||||||
!
|
|
||||||
ip default-gateway 10.40.100.254
|
|
||||||
no ip http server
|
|
||||||
ip http secure-server
|
|
||||||
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
|
|
||||||
!
|
|
||||||
snmp-server community kn3lmgmt RO
|
|
||||||
snmp-server location SATX
|
|
||||||
snmp-server contact prodtechopsalerts@turnsys.com
|
|
||||||
bridge 1 route ip
|
|
||||||
!
|
|
||||||
!
|
|
||||||
banner login ^CC5
|
|
||||||
===============================================================================
|
|
||||||
-------------------------------------------------------------------------------
|
|
||||||
RT - PRODUCTION SYSTEM - GO AWAY
|
|
||||||
-------------------------------------------------------------------------------
|
|
||||||
|
|
||||||
This is a private computer system.
|
|
||||||
===============================================================================
|
|
||||||
^C
|
|
||||||
!
|
|
||||||
line con 0
|
|
||||||
line vty 0 4
|
|
||||||
login local
|
|
||||||
!
|
|
||||||
no exception crashinfo
|
|
||||||
sntp server 10.251.30.253
|
|
||||||
sntp server 10.40.100.200
|
|
||||||
end
|
|
||||||
|
|
||||||
outap-front#conf t
|
|
||||||
Enter configuration commands, one per line. End with CNTL/Z.
|
|
||||||
outap-front(config)#no sntp server 10.251.30.253
|
|
||||||
outap-front(config)#end
|
|
||||||
outap-front#write mem
|
|
||||||
Building configuration...
|
|
||||||
[OK]
|
|
||||||
outap-front#show run
|
|
||||||
Building configuration...
|
|
||||||
|
|
||||||
Current configuration : 5971 bytes
|
|
||||||
!
|
|
||||||
! Last configuration change at 13:46:16 CST Fri Feb 9 2018 by cisco
|
|
||||||
! NVRAM config last updated at 13:46:19 CST Fri Feb 9 2018 by cisco
|
|
||||||
!
|
|
||||||
version 12.3
|
|
||||||
no service pad
|
|
||||||
service timestamps debug datetime msec
|
|
||||||
service timestamps log datetime msec
|
|
||||||
service password-encryption
|
|
||||||
!
|
|
||||||
hostname outap-front
|
|
||||||
!
|
|
||||||
logging rate-limit console 9
|
|
||||||
no logging console
|
|
||||||
no logging monitor
|
|
||||||
enable secret 5 $1$lB96$.3rp3EmJ9p2KjpJh7h0.T.
|
|
||||||
!
|
|
||||||
clock timezone CST -6
|
|
||||||
ip subnet-zero
|
|
||||||
no ip domain lookup
|
|
||||||
ip domain name turnsys.net
|
|
||||||
ip name-server 10.40.50.254
|
|
||||||
!
|
|
||||||
!
|
|
||||||
no aaa new-model
|
|
||||||
dot11 syslog
|
|
||||||
dot11 vlan-name Public vlan 2
|
|
||||||
dot11 vlan-name Video vlan 201
|
|
||||||
dot11 vlan-name Voice vlan 200
|
|
||||||
dot11 vlan-name Workstations vlan 50
|
|
||||||
!
|
|
||||||
dot11 ssid SATX-Internet
|
|
||||||
vlan 50
|
|
||||||
authentication open
|
|
||||||
authentication key-management wpa
|
|
||||||
guest-mode
|
|
||||||
mbssid guest-mode dtim-period 75
|
|
||||||
wpa-psk ascii 7 070D2E43410E1C1704
|
|
||||||
!
|
|
||||||
dot11 network-map
|
|
||||||
!
|
|
||||||
crypto pki trustpoint TP-self-signed-4066931324
|
|
||||||
enrollment selfsigned
|
|
||||||
subject-name cn=IOS-Self-Signed-Certificate-4066931324
|
|
||||||
revocation-check none
|
|
||||||
rsakeypair TP-self-signed-4066931324
|
|
||||||
!
|
|
||||||
!
|
|
||||||
crypto ca certificate chain TP-self-signed-4066931324
|
|
||||||
certificate self-signed 01
|
|
||||||
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
|
|
||||||
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
|
|
||||||
69666963 6174652D 34303636 39333133 3234301E 170D3132 30313038 31363333
|
|
||||||
32325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
|
|
||||||
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 30363639
|
|
||||||
33313332 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
|
|
||||||
8100C811 9A785118 E4DAF6E4 1F1AA2BF 443A6F35 EA8A65EA 6A4768D9 C0998DD4
|
|
||||||
335F80D8 69A45641 72E6AA4F 05260247 7FCF755F C13336C0 8071A2C5 4AB23C96
|
|
||||||
BF57D1BB CD52B4F1 E7423EB8 C9482C26 3742EAFC 730A0DFF 02CEAC28 9B08F072
|
|
||||||
04960164 01CE5182 BA8898A2 AF23160D 299B87B8 E53AADB3 9233EC21 D973F636
|
|
||||||
01990203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
|
|
||||||
551D2304 18301680 1444BE0D D2F9A64D 600430DB 70E4DB6E F890968D 74301D06
|
|
||||||
03551D0E 04160414 44BE0DD2 F9A64D60 0430DB70 E4DB6EF8 90968D74 300D0609
|
|
||||||
2A864886 F70D0101 04050003 81810006 C0FD3D8F 1D87A0D4 1BCD3561 BDA8713D
|
|
||||||
A72756CA 65E67BB8 6BE0F3EE 17863E60 512A1B52 900F99D1 D4A66158 4B4D04C4
|
|
||||||
33FE9E09 C82A76CD F63B13CC 0901AB8A 60D739DA 9B0FF35A 0A71529F 70B75C0F
|
|
||||||
8F012B28 F979C9E6 66FDD951 97478D5B ACFCF8E6 B7786CDD 0593B48A FC551254
|
|
||||||
F3452830 685FB60B 7BDEF67B C689FA
|
|
||||||
quit
|
|
||||||
username Cisco privilege 15 password 7 02050D480809
|
|
||||||
!
|
|
||||||
bridge irb
|
|
||||||
!
|
|
||||||
!
|
|
||||||
interface Dot11Radio0
|
|
||||||
no ip address
|
|
||||||
no ip route-cache
|
|
||||||
!
|
|
||||||
encryption mode ciphers aes-ccm
|
|
||||||
!
|
|
||||||
encryption vlan 2 mode ciphers aes-ccm tkip
|
|
||||||
!
|
|
||||||
encryption vlan 50 mode ciphers aes-ccm tkip
|
|
||||||
!
|
|
||||||
encryption vlan 200 mode ciphers aes-ccm tkip
|
|
||||||
!
|
|
||||||
encryption vlan 201 mode ciphers aes-ccm tkip
|
|
||||||
!
|
|
||||||
ssid SATX-Internet
|
|
||||||
!
|
|
||||||
mbssid
|
|
||||||
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
|
|
||||||
station-role root
|
|
||||||
antenna gain 0
|
|
||||||
bridge-group 1
|
|
||||||
bridge-group 1 subscriber-loop-control
|
|
||||||
bridge-group 1 block-unknown-source
|
|
||||||
no bridge-group 1 source-learning
|
|
||||||
no bridge-group 1 unicast-flooding
|
|
||||||
bridge-group 1 spanning-disabled
|
|
||||||
!
|
|
||||||
interface Dot11Radio0.2
|
|
||||||
encapsulation dot1Q 2
|
|
||||||
no ip route-cache
|
|
||||||
bridge-group 2
|
|
||||||
bridge-group 2 subscriber-loop-control
|
|
||||||
bridge-group 2 port-protected
|
|
||||||
bridge-group 2 block-unknown-source
|
|
||||||
no bridge-group 2 source-learning
|
|
||||||
no bridge-group 2 unicast-flooding
|
|
||||||
bridge-group 2 spanning-disabled
|
|
||||||
!
|
|
||||||
interface Dot11Radio0.50
|
|
||||||
encapsulation dot1Q 50
|
|
||||||
no ip route-cache
|
|
||||||
bridge-group 50
|
|
||||||
bridge-group 50 subscriber-loop-control
|
|
||||||
bridge-group 50 block-unknown-source
|
|
||||||
no bridge-group 50 source-learning
|
|
||||||
no bridge-group 50 unicast-flooding
|
|
||||||
bridge-group 50 spanning-disabled
|
|
||||||
!
|
|
||||||
interface Dot11Radio0.200
|
|
||||||
encapsulation dot1Q 200
|
|
||||||
no ip route-cache
|
|
||||||
bridge-group 200
|
|
||||||
bridge-group 200 subscriber-loop-control
|
|
||||||
bridge-group 200 block-unknown-source
|
|
||||||
no bridge-group 200 source-learning
|
|
||||||
no bridge-group 200 unicast-flooding
|
|
||||||
bridge-group 200 spanning-disabled
|
|
||||||
!
|
|
||||||
interface Dot11Radio0.201
|
|
||||||
encapsulation dot1Q 201
|
|
||||||
no ip route-cache
|
|
||||||
bridge-group 201
|
|
||||||
bridge-group 201 subscriber-loop-control
|
|
||||||
bridge-group 201 block-unknown-source
|
|
||||||
no bridge-group 201 source-learning
|
|
||||||
no bridge-group 201 unicast-flooding
|
|
||||||
bridge-group 201 spanning-disabled
|
|
||||||
!
|
|
||||||
interface FastEthernet0
|
|
||||||
no ip address
|
|
||||||
no ip route-cache
|
|
||||||
duplex auto
|
|
||||||
speed auto
|
|
||||||
bridge-group 1
|
|
||||||
no bridge-group 1 source-learning
|
|
||||||
!
|
|
||||||
interface FastEthernet0.2
|
|
||||||
encapsulation dot1Q 2
|
|
||||||
no ip route-cache
|
|
||||||
bridge-group 2
|
|
||||||
no bridge-group 2 source-learning
|
|
||||||
bridge-group 2 spanning-disabled
|
|
||||||
!
|
|
||||||
interface FastEthernet0.50
|
|
||||||
encapsulation dot1Q 50
|
|
||||||
no ip route-cache
|
|
||||||
bridge-group 50
|
|
||||||
no bridge-group 50 source-learning
|
|
||||||
bridge-group 50 spanning-disabled
|
|
||||||
!
|
|
||||||
interface FastEthernet0.200
|
|
||||||
encapsulation dot1Q 200
|
|
||||||
no ip route-cache
|
|
||||||
bridge-group 200
|
|
||||||
no bridge-group 200 source-learning
|
|
||||||
bridge-group 200 spanning-disabled
|
|
||||||
!
|
|
||||||
interface FastEthernet0.201
|
|
||||||
encapsulation dot1Q 201
|
|
||||||
no ip route-cache
|
|
||||||
bridge-group 201
|
|
||||||
no bridge-group 201 source-learning
|
|
||||||
bridge-group 201 spanning-disabled
|
|
||||||
!
|
|
||||||
interface BVI1
|
|
||||||
ip address 10.40.100.201 255.255.255.0
|
|
||||||
no ip route-cache
|
|
||||||
!
|
|
||||||
ip default-gateway 10.40.100.254
|
|
||||||
no ip http server
|
|
||||||
ip http secure-server
|
|
||||||
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
|
|
||||||
!
|
|
||||||
snmp-server community kn3lmgmt RO
|
|
||||||
snmp-server location SATX
|
|
||||||
snmp-server contact prodtechopsalerts@turnsys.com
|
|
||||||
bridge 1 route ip
|
|
||||||
!
|
|
||||||
!
|
|
||||||
banner login ^CC5
|
|
||||||
===============================================================================
|
|
||||||
-------------------------------------------------------------------------------
|
|
||||||
RT - PRODUCTION SYSTEM - GO AWAY
|
|
||||||
-------------------------------------------------------------------------------
|
|
||||||
|
|
||||||
This is a private computer system.
|
|
||||||
===============================================================================
|
|
||||||
^C
|
|
||||||
!
|
|
||||||
line con 0
|
|
||||||
line vty 0 4
|
|
||||||
login local
|
|
||||||
!
|
|
||||||
no exception crashinfo
|
|
||||||
sntp server 10.40.100.200
|
|
||||||
sntp server 10.253.3.201
|
|
||||||
sntp server 10.251.30.71
|
|
||||||
end
|
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -1,160 +0,0 @@
|
|||||||
interface ethernet g1
|
|
||||||
description satx-prodsw2
|
|
||||||
exit
|
|
||||||
interface ethernet g2
|
|
||||||
description satx-prodsw3
|
|
||||||
exit
|
|
||||||
interface ethernet g3
|
|
||||||
description satx-tsyssw1
|
|
||||||
exit
|
|
||||||
interface ethernet g4
|
|
||||||
description unknown
|
|
||||||
exit
|
|
||||||
interface ethernet g5
|
|
||||||
description SW03
|
|
||||||
exit
|
|
||||||
interface ethernet g6
|
|
||||||
description joesWorkstation-sw05
|
|
||||||
exit
|
|
||||||
interface ethernet g7
|
|
||||||
description NWU01
|
|
||||||
exit
|
|
||||||
interface range ethernet g(19-22)
|
|
||||||
description rrkvm
|
|
||||||
exit
|
|
||||||
interface ethernet g23
|
|
||||||
description pfvsvr01
|
|
||||||
exit
|
|
||||||
port jumbo-frame
|
|
||||||
interface range ethernet g(1-3,23-24)
|
|
||||||
switchport mode trunk
|
|
||||||
exit
|
|
||||||
vlan database
|
|
||||||
vlan 2-12,22,30,50,100,170-171,200-201
|
|
||||||
exit
|
|
||||||
interface range ethernet g(1-3,23-24)
|
|
||||||
switchport trunk allowed vlan add 2
|
|
||||||
exit
|
|
||||||
interface range ethernet g(1-3,23-24)
|
|
||||||
switchport trunk allowed vlan add 3
|
|
||||||
exit
|
|
||||||
interface range ethernet g(1-3,23-24)
|
|
||||||
switchport trunk allowed vlan add 4
|
|
||||||
exit
|
|
||||||
interface range ethernet g(1-3,23-24)
|
|
||||||
switchport trunk allowed vlan add 5
|
|
||||||
exit
|
|
||||||
interface range ethernet g(1-3,23-24)
|
|
||||||
switchport trunk allowed vlan add 6
|
|
||||||
exit
|
|
||||||
interface range ethernet g(1-3,23-24)
|
|
||||||
switchport trunk allowed vlan add 7
|
|
||||||
exit
|
|
||||||
interface ethernet g8
|
|
||||||
switchport access vlan 8
|
|
||||||
exit
|
|
||||||
interface range ethernet g(1-3,23-24)
|
|
||||||
switchport trunk allowed vlan add 8
|
|
||||||
exit
|
|
||||||
interface range ethernet g(1-3,23-24)
|
|
||||||
switchport trunk allowed vlan add 9
|
|
||||||
exit
|
|
||||||
interface range ethernet g(1-3,23-24)
|
|
||||||
switchport trunk allowed vlan add 10
|
|
||||||
exit
|
|
||||||
interface range ethernet g(1-3,23-24)
|
|
||||||
switchport trunk allowed vlan add 11
|
|
||||||
exit
|
|
||||||
interface range ethernet g(1-3,23-24)
|
|
||||||
switchport trunk allowed vlan add 12
|
|
||||||
exit
|
|
||||||
interface range ethernet g(1-3,23-24)
|
|
||||||
switchport trunk allowed vlan add 22
|
|
||||||
exit
|
|
||||||
interface range ethernet g(1-3,23-24)
|
|
||||||
switchport trunk allowed vlan add 30
|
|
||||||
exit
|
|
||||||
interface range ethernet g(4-7)
|
|
||||||
switchport access vlan 50
|
|
||||||
exit
|
|
||||||
interface range ethernet g(1-3,23-24)
|
|
||||||
switchport trunk allowed vlan add 50
|
|
||||||
exit
|
|
||||||
interface range ethernet g(1-3,23-24)
|
|
||||||
switchport trunk allowed vlan add 100
|
|
||||||
exit
|
|
||||||
interface range ethernet g(1-3,23-24)
|
|
||||||
switchport trunk allowed vlan add 170
|
|
||||||
exit
|
|
||||||
interface range ethernet g(1-3,23-24)
|
|
||||||
switchport trunk allowed vlan add 171
|
|
||||||
exit
|
|
||||||
interface range ethernet g(1-3,23-24)
|
|
||||||
switchport trunk allowed vlan add 200
|
|
||||||
exit
|
|
||||||
interface range ethernet g(1-3,23-24)
|
|
||||||
switchport trunk allowed vlan add 201
|
|
||||||
exit
|
|
||||||
voice vlan oui-table add 0001e3 Siemens_AG_phone________
|
|
||||||
voice vlan oui-table add 00036b Cisco_phone_____________
|
|
||||||
voice vlan oui-table add 00096e Avaya___________________
|
|
||||||
voice vlan oui-table add 000fe2 H3C_Aolynk______________
|
|
||||||
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
|
|
||||||
voice vlan oui-table add 00d01e Pingtel_phone___________
|
|
||||||
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
|
|
||||||
voice vlan oui-table add 00e0bb 3Com_phone______________
|
|
||||||
interface range ethernet g(4-5)
|
|
||||||
negotiation 100f
|
|
||||||
exit
|
|
||||||
interface ethernet g6
|
|
||||||
negotiation 1000f
|
|
||||||
exit
|
|
||||||
iscsi target port 860 address 0.0.0.0
|
|
||||||
iscsi target port 3260 address 0.0.0.0
|
|
||||||
interface vlan 100
|
|
||||||
ip address 10.40.100.250 255.255.255.0
|
|
||||||
exit
|
|
||||||
ip default-gateway 10.40.100.254
|
|
||||||
hostname satx-prodsw1
|
|
||||||
logging 10.253.3.99
|
|
||||||
username admin password a9166ce242b34acf0afb80b1092536bd level 15 encrypted
|
|
||||||
snmp-server location satx
|
|
||||||
snmp-server community kn3l rw 10.253.3.77 view DefaultSuper
|
|
||||||
snmp-server community kn3lmgmt ro view Default
|
|
||||||
clock timezone -6
|
|
||||||
sntp client poll timer 120
|
|
||||||
sntp unicast client enable
|
|
||||||
sntp server 10.40.100.200
|
|
||||||
sntp server 10.251.30.71
|
|
||||||
sntp server 10.253.3.201
|
|
||||||
ip domain-name turnsys.net
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Default settings:
|
|
||||||
Service tag: CBRWFH1
|
|
||||||
|
|
||||||
SW version 2.0.0.35 (date 27-Jan-2009 time 18:13:34)
|
|
||||||
|
|
||||||
Gigabit Ethernet Ports
|
|
||||||
=============================
|
|
||||||
no shutdown
|
|
||||||
speed 1000
|
|
||||||
duplex full
|
|
||||||
negotiation
|
|
||||||
flow-control off
|
|
||||||
mdix auto
|
|
||||||
no back-pressure
|
|
||||||
|
|
||||||
interface vlan 1
|
|
||||||
interface port-channel 1 - 8
|
|
||||||
|
|
||||||
spanning-tree
|
|
||||||
spanning-tree mode STP
|
|
||||||
|
|
||||||
qos basic
|
|
||||||
qos trust cos
|
|
||||||
|
|
@ -1,166 +0,0 @@
|
|||||||
!
|
|
||||||
! Last configuration change at 20:06:32 UTC Fri Feb 9 2018 by cisco
|
|
||||||
! NVRAM config last updated at 20:06:34 UTC Fri Feb 9 2018 by cisco
|
|
||||||
!
|
|
||||||
version 12.0
|
|
||||||
no service pad
|
|
||||||
service timestamps debug uptime
|
|
||||||
service timestamps log uptime
|
|
||||||
service password-encryption
|
|
||||||
!
|
|
||||||
hostname satx-prodsw3
|
|
||||||
!
|
|
||||||
aaa new-model
|
|
||||||
enable secret 5 $1$QKJ2$YHSuwlCO4m1NkQwYYXVza.
|
|
||||||
enable password 7 13061E010803
|
|
||||||
!
|
|
||||||
username cisco privilege 15 password 7 02050D480809
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
ip subnet-zero
|
|
||||||
ip name-server 10.40.100.200
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
interface FastEthernet0/1
|
|
||||||
description UPLINK TO SATXLANSW01-0/18
|
|
||||||
switchport trunk encapsulation dot1q
|
|
||||||
switchport mode trunk
|
|
||||||
!
|
|
||||||
interface FastEthernet0/2
|
|
||||||
description nwu03
|
|
||||||
switchport trunk encapsulation dot1q
|
|
||||||
switchport trunk native vlan 100
|
|
||||||
switchport mode trunk
|
|
||||||
!
|
|
||||||
interface FastEthernet0/3
|
|
||||||
description vaultcam
|
|
||||||
switchport access vlan 201
|
|
||||||
switchport trunk encapsulation dot1q
|
|
||||||
switchport trunk native vlan 100
|
|
||||||
!
|
|
||||||
interface FastEthernet0/4
|
|
||||||
description gpspi
|
|
||||||
switchport access vlan 100
|
|
||||||
!
|
|
||||||
interface FastEthernet0/5
|
|
||||||
description trendnet-poe-camsw
|
|
||||||
switchport access vlan 201
|
|
||||||
spanning-tree portfast
|
|
||||||
!
|
|
||||||
interface FastEthernet0/6
|
|
||||||
!
|
|
||||||
interface FastEthernet0/7
|
|
||||||
!
|
|
||||||
interface FastEthernet0/8
|
|
||||||
!
|
|
||||||
interface FastEthernet0/9
|
|
||||||
!
|
|
||||||
interface FastEthernet0/10
|
|
||||||
!
|
|
||||||
interface FastEthernet0/11
|
|
||||||
!
|
|
||||||
interface FastEthernet0/12
|
|
||||||
!
|
|
||||||
interface FastEthernet0/13
|
|
||||||
!
|
|
||||||
interface FastEthernet0/14
|
|
||||||
!
|
|
||||||
interface FastEthernet0/15
|
|
||||||
!
|
|
||||||
interface FastEthernet0/16
|
|
||||||
!
|
|
||||||
interface FastEthernet0/17
|
|
||||||
!
|
|
||||||
interface FastEthernet0/18
|
|
||||||
!
|
|
||||||
interface FastEthernet0/19
|
|
||||||
!
|
|
||||||
interface FastEthernet0/20
|
|
||||||
!
|
|
||||||
interface FastEthernet0/21
|
|
||||||
!
|
|
||||||
interface FastEthernet0/22
|
|
||||||
description satx-house
|
|
||||||
switchport access vlan 2
|
|
||||||
spanning-tree portfast
|
|
||||||
!
|
|
||||||
interface FastEthernet0/23
|
|
||||||
description labcam
|
|
||||||
switchport access vlan 201
|
|
||||||
spanning-tree portfast
|
|
||||||
!
|
|
||||||
interface FastEthernet0/24
|
|
||||||
description satx-infrabox
|
|
||||||
switchport access vlan 100
|
|
||||||
switchport trunk encapsulation dot1q
|
|
||||||
spanning-tree portfast
|
|
||||||
!
|
|
||||||
interface GigabitEthernet0/1
|
|
||||||
!
|
|
||||||
interface GigabitEthernet0/2
|
|
||||||
!
|
|
||||||
interface VLAN1
|
|
||||||
no ip directed-broadcast
|
|
||||||
no ip route-cache
|
|
||||||
shutdown
|
|
||||||
!
|
|
||||||
interface VLAN2
|
|
||||||
description public
|
|
||||||
no ip directed-broadcast
|
|
||||||
no ip route-cache
|
|
||||||
shutdown
|
|
||||||
!
|
|
||||||
interface VLAN50
|
|
||||||
description workstations
|
|
||||||
no ip directed-broadcast
|
|
||||||
no ip route-cache
|
|
||||||
shutdown
|
|
||||||
!
|
|
||||||
interface VLAN100
|
|
||||||
description mgmt
|
|
||||||
ip address 10.40.100.252 255.255.255.0
|
|
||||||
no ip directed-broadcast
|
|
||||||
no ip route-cache
|
|
||||||
!
|
|
||||||
interface VLAN200
|
|
||||||
description voip
|
|
||||||
no ip directed-broadcast
|
|
||||||
no ip route-cache
|
|
||||||
shutdown
|
|
||||||
!
|
|
||||||
interface VLAN201
|
|
||||||
description video
|
|
||||||
no ip directed-broadcast
|
|
||||||
no ip route-cache
|
|
||||||
shutdown
|
|
||||||
!
|
|
||||||
ip default-gateway 10.40.100.254
|
|
||||||
logging 10.253.3.99
|
|
||||||
access-list 93 remark NTP access
|
|
||||||
access-list 93 deny any log
|
|
||||||
snmp-server engineID local 00000009020000053274C2C0
|
|
||||||
snmp-server community kn3lmgmt RO
|
|
||||||
snmp-server location SATX
|
|
||||||
snmp-server enable traps snmp authentication linkdown linkup coldstart
|
|
||||||
snmp-server host 10.253.3.99 trap kn3lmgmt
|
|
||||||
!
|
|
||||||
line con 0
|
|
||||||
transport input none
|
|
||||||
stopbits 1
|
|
||||||
line vty 0 4
|
|
||||||
password 7 01100F175804
|
|
||||||
line vty 5 15
|
|
||||||
!
|
|
||||||
ntp clock-period 11258997
|
|
||||||
ntp access-group peer 93
|
|
||||||
ntp access-group serve 93
|
|
||||||
ntp access-group serve-only 93
|
|
||||||
ntp server 10.253.3.201
|
|
||||||
ntp server 10.40.100.200
|
|
||||||
ntp server 10.251.30.71
|
|
||||||
end
|
|
||||||
|
|
@ -1,160 +0,0 @@
|
|||||||
!
|
|
||||||
version 12.4
|
|
||||||
service timestamps debug datetime msec
|
|
||||||
service timestamps log datetime msec
|
|
||||||
no service password-encryption
|
|
||||||
!
|
|
||||||
hostname satx-rr-rtr
|
|
||||||
!
|
|
||||||
boot-start-marker
|
|
||||||
boot-end-marker
|
|
||||||
!
|
|
||||||
logging message-counter syslog
|
|
||||||
enable secret 5 $1$4vT2$7i6iJRSZXXci8rhRQ3Pn40
|
|
||||||
enable password c0l0rad0
|
|
||||||
!
|
|
||||||
no aaa new-model
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
dot11 syslog
|
|
||||||
!
|
|
||||||
flow exporter toolbox9995
|
|
||||||
description Exports to Toolbox/nfsen
|
|
||||||
destination 10.253.3.99
|
|
||||||
template data timeout 300
|
|
||||||
!
|
|
||||||
!
|
|
||||||
flow monitor toolbox
|
|
||||||
record netflow ipv4 original-input
|
|
||||||
exporter toolbox9995
|
|
||||||
cache timeout active 300
|
|
||||||
!
|
|
||||||
ip source-route
|
|
||||||
no ip routing
|
|
||||||
!
|
|
||||||
!
|
|
||||||
no ip cef
|
|
||||||
!
|
|
||||||
!
|
|
||||||
no ipv6 cef
|
|
||||||
!
|
|
||||||
multilink bundle-name authenticated
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
voice-card 0
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
archive
|
|
||||||
log config
|
|
||||||
hidekeys
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
interface FastEthernet0/0
|
|
||||||
ip address 10.40.100.210 255.255.255.0
|
|
||||||
ip flow monitor toolbox input
|
|
||||||
ip flow monitor toolbox output
|
|
||||||
no ip route-cache
|
|
||||||
duplex full
|
|
||||||
speed auto
|
|
||||||
no mop enabled
|
|
||||||
!
|
|
||||||
interface FastEthernet0/1
|
|
||||||
no ip address
|
|
||||||
ip flow monitor toolbox input
|
|
||||||
ip flow monitor toolbox output
|
|
||||||
no ip route-cache
|
|
||||||
shutdown
|
|
||||||
duplex auto
|
|
||||||
speed auto
|
|
||||||
!
|
|
||||||
interface Serial0/1/0
|
|
||||||
no ip address
|
|
||||||
no ip route-cache
|
|
||||||
shutdown
|
|
||||||
no fair-queue
|
|
||||||
clock rate 2000000
|
|
||||||
!
|
|
||||||
interface Serial0/1/1
|
|
||||||
no ip address
|
|
||||||
no ip route-cache
|
|
||||||
shutdown
|
|
||||||
clock rate 2000000
|
|
||||||
!
|
|
||||||
ip default-gateway 10.40.100.254
|
|
||||||
ip forward-protocol nd
|
|
||||||
no ip http server
|
|
||||||
no ip http secure-server
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
logging 10.253.3.99
|
|
||||||
access-list 93 remark NTP access
|
|
||||||
access-list 93 deny any log
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
snmp-server community kn3lmgmt RO
|
|
||||||
snmp-server location satx
|
|
||||||
!
|
|
||||||
control-plane
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
!
|
|
||||||
line con 0
|
|
||||||
line aux 0
|
|
||||||
line vty 0 4
|
|
||||||
exec-timeout 15 0
|
|
||||||
password c0l0rad0
|
|
||||||
login
|
|
||||||
line vty 5 15
|
|
||||||
exec-timeout 15 0
|
|
||||||
login
|
|
||||||
!
|
|
||||||
scheduler allocate 20000 1000
|
|
||||||
ntp access-group peer 93
|
|
||||||
ntp access-group serve 93
|
|
||||||
ntp access-group serve-only 93
|
|
||||||
ntp server 10.251.30.71
|
|
||||||
ntp server 10.40.100.200
|
|
||||||
ntp server 10.253.3.201
|
|
||||||
end
|
|
||||||
|
|
@ -1,163 +0,0 @@
|
|||||||
interface ethernet g1
|
|
||||||
description unused
|
|
||||||
exit
|
|
||||||
interface range ethernet g(2-3)
|
|
||||||
description tsys-cn2
|
|
||||||
exit
|
|
||||||
interface ethernet g4
|
|
||||||
description tsys-cn4
|
|
||||||
exit
|
|
||||||
interface ethernet g5
|
|
||||||
description satx-consrv1
|
|
||||||
exit
|
|
||||||
interface ethernet g6
|
|
||||||
description rr-zeroinstrtr
|
|
||||||
exit
|
|
||||||
interface range ethernet g(7,12)
|
|
||||||
description PGSLED
|
|
||||||
exit
|
|
||||||
interface ethernet g8
|
|
||||||
description shallowblue
|
|
||||||
exit
|
|
||||||
interface ethernet g9
|
|
||||||
description galielo
|
|
||||||
exit
|
|
||||||
interface ethernet g10
|
|
||||||
description ap1
|
|
||||||
exit
|
|
||||||
interface ethernet g11
|
|
||||||
description ap2
|
|
||||||
exit
|
|
||||||
interface ethernet g13
|
|
||||||
description ap4
|
|
||||||
exit
|
|
||||||
interface ethernet g14
|
|
||||||
description ap5
|
|
||||||
exit
|
|
||||||
interface ethernet g15
|
|
||||||
description ap6
|
|
||||||
exit
|
|
||||||
interface ethernet g16
|
|
||||||
description ap7
|
|
||||||
exit
|
|
||||||
interface ethernet g17
|
|
||||||
description ap8
|
|
||||||
exit
|
|
||||||
interface ethernet g18
|
|
||||||
description ap9
|
|
||||||
exit
|
|
||||||
interface ethernet g19
|
|
||||||
description ap10
|
|
||||||
exit
|
|
||||||
interface ethernet g20
|
|
||||||
description octopi
|
|
||||||
exit
|
|
||||||
interface ethernet g21
|
|
||||||
description available
|
|
||||||
exit
|
|
||||||
interface ethernet g22
|
|
||||||
description auslab-ips(mgmt)
|
|
||||||
exit
|
|
||||||
interface ethernet g23
|
|
||||||
description ps3(mgmt)
|
|
||||||
exit
|
|
||||||
interface ethernet g24
|
|
||||||
description "satx-rtr01 fe0/0"
|
|
||||||
exit
|
|
||||||
interface range ethernet g(1-4,8,17-18,24)
|
|
||||||
switchport mode trunk
|
|
||||||
exit
|
|
||||||
vlan database
|
|
||||||
vlan 2-8,60-70,100
|
|
||||||
exit
|
|
||||||
interface range ethernet g(7,9,11,20-21,23)
|
|
||||||
switchport access vlan 2
|
|
||||||
exit
|
|
||||||
interface range ethernet g(1,3-4,8,17-18,24)
|
|
||||||
switchport trunk allowed vlan add 2
|
|
||||||
exit
|
|
||||||
interface range ethernet g(13-14,16)
|
|
||||||
switchport access vlan 3
|
|
||||||
exit
|
|
||||||
interface range ethernet g(1,3-4,8,17-18,24)
|
|
||||||
switchport trunk allowed vlan add 3
|
|
||||||
exit
|
|
||||||
interface range ethernet g(1,3-4,8,17-18,24)
|
|
||||||
switchport trunk allowed vlan add 4
|
|
||||||
exit
|
|
||||||
interface range ethernet g(1,3-4,8,17-18,24)
|
|
||||||
switchport trunk allowed vlan add 5
|
|
||||||
exit
|
|
||||||
interface range ethernet g(1,3-4,8,17-18,24)
|
|
||||||
switchport trunk allowed vlan add 6
|
|
||||||
exit
|
|
||||||
interface range ethernet g(1,3-4,8,17-18,24)
|
|
||||||
switchport trunk allowed vlan add 7
|
|
||||||
exit
|
|
||||||
interface range ethernet g(1,3-4,8,17-18,24)
|
|
||||||
switchport trunk allowed vlan add 8
|
|
||||||
exit
|
|
||||||
interface range ethernet g(1,3-4,8,24)
|
|
||||||
switchport trunk allowed vlan add 60
|
|
||||||
exit
|
|
||||||
interface range ethernet g(1,3-4,8,24)
|
|
||||||
switchport trunk allowed vlan add 61
|
|
||||||
exit
|
|
||||||
interface range ethernet g(1,3-4,8,24)
|
|
||||||
switchport trunk allowed vlan add 62
|
|
||||||
exit
|
|
||||||
interface range ethernet g(1,3-4,8,24)
|
|
||||||
switchport trunk allowed vlan add 63
|
|
||||||
exit
|
|
||||||
interface range ethernet g(1,3-4,8,24)
|
|
||||||
switchport trunk allowed vlan add 64
|
|
||||||
exit
|
|
||||||
interface range ethernet g(1,3-4,8,24)
|
|
||||||
switchport trunk allowed vlan add 65
|
|
||||||
exit
|
|
||||||
interface range ethernet g(1,3-4,8,24)
|
|
||||||
switchport trunk allowed vlan add 66
|
|
||||||
exit
|
|
||||||
interface range ethernet g(1,3-4,8,24)
|
|
||||||
switchport trunk allowed vlan add 67
|
|
||||||
exit
|
|
||||||
interface range ethernet g(1,3-4,8,24)
|
|
||||||
switchport trunk allowed vlan add 68
|
|
||||||
exit
|
|
||||||
interface range ethernet g(1,3-4,8,24)
|
|
||||||
switchport trunk allowed vlan add 69
|
|
||||||
exit
|
|
||||||
interface range ethernet g(1,3-4,8,24)
|
|
||||||
switchport trunk allowed vlan add 70
|
|
||||||
exit
|
|
||||||
interface range ethernet g(5-6,15,22)
|
|
||||||
switchport access vlan 100
|
|
||||||
exit
|
|
||||||
interface range ethernet g(1-4,24)
|
|
||||||
switchport trunk allowed vlan add 100
|
|
||||||
exit
|
|
||||||
interface vlan 70
|
|
||||||
name Storage
|
|
||||||
exit
|
|
||||||
interface vlan 100
|
|
||||||
ip address 10.40.100.249 255.255.255.0
|
|
||||||
exit
|
|
||||||
ip default-gateway 10.40.100.254
|
|
||||||
hostname satx-tsyscoresw1
|
|
||||||
line ssh
|
|
||||||
exec-timeout 0
|
|
||||||
exit
|
|
||||||
username admin password c5446cf68968ea534bceadd492e0477a level 15 encrypted
|
|
||||||
ip ssh server
|
|
||||||
snmp-server community kn3lmgmt ro
|
|
||||||
snmp-server location SATX
|
|
||||||
snmp-server contact prodtechopsalerts@turnsys.com
|
|
||||||
clock timezone -6 zone utc
|
|
||||||
clock source sntp
|
|
||||||
sntp client poll timer 60
|
|
||||||
sntp unicast client enable
|
|
||||||
sntp unicast client poll
|
|
||||||
sntp server 10.40.100.200
|
|
||||||
sntp server 10.251.30.71
|
|
||||||
sntp server 10.253.3.201
|
|
||||||
|
|
0
scripts/auto-netdata-install.sh
Executable file → Normal file
0
scripts/auto-netdata-install.sh
Executable file → Normal file
@ -1,114 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
# Detects which OS and if it is Linux then it will detect which Linux Distribution.
|
|
||||||
|
|
||||||
OS=`uname -s`
|
|
||||||
REV=`uname -r`
|
|
||||||
MACH=`uname -m`
|
|
||||||
|
|
||||||
if [ "${OS}" = "SunOS" ] ; then
|
|
||||||
OS=Solaris
|
|
||||||
ARCH=`uname -p`
|
|
||||||
OSSTR="${OS} ${REV}(${ARCH} `uname -v`)"
|
|
||||||
|
|
||||||
elif [ "${OS}" = "AIX" ] ; then
|
|
||||||
OSSTR="${OS} `oslevel` (`oslevel -r`)"
|
|
||||||
|
|
||||||
elif [ "${OS}" = "Linux" ] ; then
|
|
||||||
KERNEL=`uname -r`
|
|
||||||
|
|
||||||
if [ -f /etc/fedora-release ]; then
|
|
||||||
DIST=$(cat /etc/fedora-release | awk '{print $1}')
|
|
||||||
REV=`cat /etc/fedora-release | sed s/.*release\ // | sed s/\ .*//`
|
|
||||||
|
|
||||||
elif [ -f /etc/redhat-release ] ; then
|
|
||||||
DIST=$(cat /etc/redhat-release | awk '{print $1}')
|
|
||||||
if [ "${DIST}" = "CentOS" ]; then
|
|
||||||
DIST="CentOS"
|
|
||||||
elif [ "${DIST}" = "Mandriva" ]; then
|
|
||||||
DIST="Mandriva"
|
|
||||||
PSEUDONAME=`cat /etc/mandriva-release | sed s/.*\(// | sed s/\)//`
|
|
||||||
REV=`cat /etc/mandriva-release | sed s/.*release\ // | sed s/\ .*//`
|
|
||||||
elif [ -f /etc/oracle-release ]; then
|
|
||||||
DIST="Oracle"
|
|
||||||
else
|
|
||||||
DIST="RedHat"
|
|
||||||
fi
|
|
||||||
|
|
||||||
PSEUDONAME=`cat /etc/redhat-release | sed s/.*\(// | sed s/\)//`
|
|
||||||
REV=`cat /etc/redhat-release | sed s/.*release\ // | sed s/\ .*//`
|
|
||||||
|
|
||||||
elif [ -f /etc/mandrake-release ] ; then
|
|
||||||
DIST='Mandrake'
|
|
||||||
PSEUDONAME=`cat /etc/mandrake-release | sed s/.*\(// | sed s/\)//`
|
|
||||||
REV=`cat /etc/mandrake-release | sed s/.*release\ // | sed s/\ .*//`
|
|
||||||
|
|
||||||
elif [ -f /etc/devuan_version ] ; then
|
|
||||||
DIST="Devuan `cat /etc/devuan_version`"
|
|
||||||
REV=""
|
|
||||||
|
|
||||||
elif [ -f /etc/debian_version ] ; then
|
|
||||||
DIST="Debian `cat /etc/debian_version`"
|
|
||||||
REV=""
|
|
||||||
ID=`lsb_release -i | awk -F ':' '{print $2}' | sed 's/ //g'`
|
|
||||||
if [ "${ID}" = "Raspbian" ] ; then
|
|
||||||
DIST="Raspbian `cat /etc/debian_version`"
|
|
||||||
fi
|
|
||||||
|
|
||||||
elif [ -f /etc/gentoo-release ] ; then
|
|
||||||
DIST="Gentoo"
|
|
||||||
REV=$(tr -d '[[:alpha:]]' </etc/gentoo-release | tr -d " ")
|
|
||||||
|
|
||||||
elif [ -f /etc/arch-release ] ; then
|
|
||||||
DIST="Arch Linux"
|
|
||||||
REV="" # Omit version since Arch Linux uses rolling releases
|
|
||||||
IGNORE_LSB=1 # /etc/lsb-release would overwrite $REV with "rolling"
|
|
||||||
|
|
||||||
elif [ -f /etc/os-release ] ; then
|
|
||||||
DIST=$(grep '^NAME=' /etc/os-release | cut -d= -f2- | tr -d '"')
|
|
||||||
REV=$(grep '^VERSION_ID=' /etc/os-release | cut -d= -f2- | tr -d '"')
|
|
||||||
|
|
||||||
elif [ -f /etc/openwrt_version ] ; then
|
|
||||||
DIST="OpenWrt"
|
|
||||||
REV=$(cat /etc/openwrt_version)
|
|
||||||
|
|
||||||
elif [ -f /etc/pld-release ] ; then
|
|
||||||
DIST=$(cat /etc/pld-release)
|
|
||||||
REV=""
|
|
||||||
|
|
||||||
elif [ -f /etc/SuSE-release ] ; then
|
|
||||||
DIST=$(echo SLES $(grep VERSION /etc/SuSE-release | cut -d = -f 2 | tr -d " "))
|
|
||||||
REV=$(echo SP$(grep PATCHLEVEL /etc/SuSE-release | cut -d = -f 2 | tr -d " "))
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -f /etc/lsb-release -a "${IGNORE_LSB}" != 1 ] ; then
|
|
||||||
LSB_DIST=$(lsb_release -si)
|
|
||||||
LSB_REV=$(lsb_release -sr)
|
|
||||||
if [ "$LSB_DIST" != "" ] ; then
|
|
||||||
DIST=$LSB_DIST
|
|
||||||
fi
|
|
||||||
if [ "$LSB_REV" != "" ] ; then
|
|
||||||
REV=$LSB_REV
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ "`uname -a | awk '{print $(NF)}'`" = "DD-WRT" ] ; then
|
|
||||||
DIST="dd-wrt"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -n "${REV}" ]
|
|
||||||
then
|
|
||||||
OSSTR="${DIST} ${REV}"
|
|
||||||
else
|
|
||||||
OSSTR="${DIST}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
elif [ "${OS}" = "Darwin" ] ; then
|
|
||||||
if [ -f /usr/bin/sw_vers ] ; then
|
|
||||||
OSSTR=`/usr/bin/sw_vers|grep -v Build|sed 's/^.*:.//'| tr "\n" ' '`
|
|
||||||
fi
|
|
||||||
|
|
||||||
elif [ "${OS}" = "FreeBSD" ] ; then
|
|
||||||
OSSTR=`/usr/bin/uname -mior`
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo ${OSSTR}
|
|
@ -1,95 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
#TSYS Slack installer
|
|
||||||
#Use as a reference for other TSYS scripts
|
|
||||||
|
|
||||||
#######################################################################################################################################################
|
|
||||||
#Global variables
|
|
||||||
#######################################################################################################################################################
|
|
||||||
|
|
||||||
|
|
||||||
export MGMT_INT="$(netstat -rn |grep 0.0.0.0|awk '{print $NF}' |head -n1 )"
|
|
||||||
export MGMT_IP="$(ifconfig $MGMT_INT |grep inet|awk '{print $2}'|head -n1)"
|
|
||||||
|
|
||||||
export DIST_SERVER="https://techops.turnsys.net/"
|
|
||||||
export DIST_ROOT_PATH="slack-dist"
|
|
||||||
|
|
||||||
#######################################################################################################################################################
|
|
||||||
#Execution begins
|
|
||||||
#######################################################################################################################################################
|
|
||||||
|
|
||||||
#######################################################################################################################################################
|
|
||||||
#Step 1. determine server type and site
|
|
||||||
#######################################################################################################################################################
|
|
||||||
|
|
||||||
#Will be useful later when we have fleets of kvm/lxc etc machines, commented out for now.
|
|
||||||
|
|
||||||
#if [ $(hostname -s|egrep -i -c -E 'ts|ts[0-9]|ts[0-9][0-9]|ts[0-9][0-9][0-9]|linux') -eq 1 ]; then
|
|
||||||
#export server_type=ts
|
|
||||||
#fi
|
|
||||||
|
|
||||||
#if [ $(hostname -s|egrep -c -E 'cvm') -eq 1 ]; then
|
|
||||||
#export server_type=cvm
|
|
||||||
#fi
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
#case $server_type in
|
|
||||||
# abc)
|
|
||||||
# export SERVER_TYPE="abc"
|
|
||||||
# ;;
|
|
||||||
# xxx)
|
|
||||||
# export SERVER_TYPE="xxx"
|
|
||||||
# ;;
|
|
||||||
# yyy)
|
|
||||||
# export SERVER_TYPE="yyy"
|
|
||||||
# ;;
|
|
||||||
# *)
|
|
||||||
# export SERVER_TYPE="prod"
|
|
||||||
# ;;
|
|
||||||
#esac
|
|
||||||
|
|
||||||
export SERVER_TYPE="prod"
|
|
||||||
|
|
||||||
|
|
||||||
#######################################################################################################################################################
|
|
||||||
#Step 2: Fixup the /etc/hosts file
|
|
||||||
#######################################################################################################################################################
|
|
||||||
#Static /etc/hosts bits
|
|
||||||
#cat > /etc/hosts << HOSTFILESTATIC
|
|
||||||
#127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
|
|
||||||
#::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
|
|
||||||
#HOSTFILESTATIC
|
|
||||||
|
|
||||||
#Dynamic /etc/hosts bits
|
|
||||||
#cat >> /etc/hosts <<HOSTFILEDYNAMIC
|
|
||||||
#127.0.1.1 $(hostname) $(hostname -s)
|
|
||||||
#$MGMT_IP $(hostname) $(hostname -s)
|
|
||||||
#HOSTFILEDYNAMIC
|
|
||||||
|
|
||||||
#######################################################################################################################################################
|
|
||||||
#Step 3: Grab slack runtime bits and deploy slack
|
|
||||||
#######################################################################################################################################################
|
|
||||||
curl --insecure -q $DIST_SERVER/$DIST_ROOT_PATH/bin/distro > /usr/bin/distro
|
|
||||||
chmod +x /usr/bin/distro
|
|
||||||
|
|
||||||
apt-get -y install make perl rsync
|
|
||||||
|
|
||||||
mkdir /tmp/slackDist
|
|
||||||
wget --quiet --no-check-certificate $DIST_SERVER/$DIST_ROOT_PATH/slackDist.tar.gz -O /tmp/slackDist/slackDist.tar.gz
|
|
||||||
cd /tmp/slackDist
|
|
||||||
tar xvfz slackDist.tar.gz
|
|
||||||
make install
|
|
||||||
cd /tmp
|
|
||||||
rm -rf slackDist
|
|
||||||
|
|
||||||
mkdir /root/.ssh
|
|
||||||
chmod 700 /root/.ssh
|
|
||||||
chown -R root:root /root/.ssh
|
|
||||||
|
|
||||||
echo "Server type:" $SERVER_TYPE
|
|
||||||
|
|
||||||
wget --quiet --no-check-certificate $DIST_SERVER/$DIST_ROOT_PATH/env/$SERVER_TYPE/SlackConfig-$SERVER_TYPE.config -O /etc/slack.conf
|
|
||||||
wget --quiet --no-check-certificate $DIST_SERVER/$DIST_ROOT_PATH/env/$SERVER_TYPE/SlackSSH-$SERVER_TYPE.config -O /root/.ssh/config
|
|
||||||
wget --quiet --no-check-certificate $DIST_SERVER/$DIST_ROOT_PATH/env/$SERVER_TYPE/SlackSSH-$SERVER_TYPE.key -O /root/.ssh/SlackSSH-$SERVER_TYPE.key
|
|
||||||
chmod 400 /root/.ssh/SlackSSH-$SERVER_TYPE.key
|
|
||||||
chmod 400 /root/.ssh/config
|
|
39
slack-dist/dist/Makefile
vendored
39
slack-dist/dist/Makefile
vendored
@ -1,39 +0,0 @@
|
|||||||
# Makefile for slack/src
|
|
||||||
# $Id: Makefile 187 2008-03-03 02:00:18Z alan $
|
|
||||||
include Makefile.common
|
|
||||||
|
|
||||||
BACKENDS = slack-getroles slack-installfiles slack-runscript slack-sync slack-stage slack-rolediff
|
|
||||||
|
|
||||||
all:
|
|
||||||
|
|
||||||
install: install-bin install-conf install-lib install-man
|
|
||||||
|
|
||||||
install-bin: all
|
|
||||||
$(MKDIR) $(DESTDIR)$(sbindir)
|
|
||||||
$(INSTALL) slack $(DESTDIR)$(sbindir)
|
|
||||||
$(MKDIR) $(DESTDIR)$(bindir)
|
|
||||||
$(INSTALL) slack-diff $(DESTDIR)$(bindir)
|
|
||||||
$(MKDIR) $(DESTDIR)$(slack_libexecdir)
|
|
||||||
@set -ex;\
|
|
||||||
for i in $(BACKENDS); do \
|
|
||||||
$(INSTALL) $$i $(DESTDIR)$(slack_libexecdir); done
|
|
||||||
$(INSTALL) -d -m $(PRIVDIRMODE) $(DESTDIR)$(slack_localstatedir)
|
|
||||||
$(INSTALL) -d -m $(PRIVDIRMODE) $(DESTDIR)$(slack_localcachedir)
|
|
||||||
|
|
||||||
install-conf: all
|
|
||||||
$(MKDIR) $(DESTDIR)$(sysconfdir)
|
|
||||||
$(INSTALL) -m 0644 slack.conf $(DESTDIR)$(sysconfdir)
|
|
||||||
|
|
||||||
install-lib: all
|
|
||||||
$(MKDIR) $(DESTDIR)$(slack_libdir)
|
|
||||||
$(INSTALL) -m 0644 Slack.pm $(DESTDIR)$(slack_libdir)
|
|
||||||
|
|
||||||
install-man: all
|
|
||||||
|
|
||||||
clean:
|
|
||||||
|
|
||||||
realclean: clean
|
|
||||||
|
|
||||||
distclean: clean
|
|
||||||
|
|
||||||
test:
|
|
27
slack-dist/dist/Makefile.common
vendored
27
slack-dist/dist/Makefile.common
vendored
@ -1,27 +0,0 @@
|
|||||||
# Common code included in every Makefile
|
|
||||||
# $Id: Makefile.common 189 2008-04-21 00:52:56Z sundell $
|
|
||||||
|
|
||||||
PACKAGE=slack
|
|
||||||
VERSION=0.15.2
|
|
||||||
|
|
||||||
DESTDIR =
|
|
||||||
|
|
||||||
prefix = /
|
|
||||||
exec_prefix = /usr
|
|
||||||
sysconfdir = ${prefix}/etc
|
|
||||||
mandir = ${exec_prefix}/share/man
|
|
||||||
bindir = ${exec_prefix}/bin
|
|
||||||
sbindir = ${exec_prefix}/sbin
|
|
||||||
libdir = ${exec_prefix}/lib
|
|
||||||
libexecdir = ${exec_prefix}/lib
|
|
||||||
localstatedir = ${prefix}/var
|
|
||||||
|
|
||||||
slack_libdir = ${libdir}/slack
|
|
||||||
slack_libexecdir = ${libexecdir}/slack
|
|
||||||
slack_localstatedir = ${localstatedir}/lib/slack
|
|
||||||
slack_localcachedir = ${localstatedir}/cache/slack
|
|
||||||
|
|
||||||
INSTALL = install
|
|
||||||
MKDIR = mkdir -p
|
|
||||||
|
|
||||||
PRIVDIRMODE = 0700
|
|
371
slack-dist/dist/Slack.pm
vendored
371
slack-dist/dist/Slack.pm
vendored
@ -1,371 +0,0 @@
|
|||||||
# $Id: Slack.pm 189 2008-04-21 00:52:56Z sundell $
|
|
||||||
# vim:sw=2
|
|
||||||
# vim600:fdm=marker
|
|
||||||
# Copyright (C) 2004-2008 Alan Sundell <alan@sundell.net>
|
|
||||||
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
|
|
||||||
# See the file COPYING for details.
|
|
||||||
|
|
||||||
package Slack;
|
|
||||||
|
|
||||||
require 5.006;
|
|
||||||
use strict;
|
|
||||||
use Carp qw(cluck confess croak);
|
|
||||||
use File::Find;
|
|
||||||
use POSIX qw(WIFEXITED WEXITSTATUS WIFSIGNALED WTERMSIG);
|
|
||||||
|
|
||||||
use base qw(Exporter);
|
|
||||||
use vars qw($VERSION @EXPORT @EXPORT_OK $DEFAULT_CONFIG_FILE);
|
|
||||||
$VERSION = '0.15.2';
|
|
||||||
@EXPORT = qw();
|
|
||||||
@EXPORT_OK = qw();
|
|
||||||
|
|
||||||
$DEFAULT_CONFIG_FILE = '/etc/slack.conf';
|
|
||||||
|
|
||||||
my $term;
|
|
||||||
|
|
||||||
my @default_options = (
|
|
||||||
'help|h|?',
|
|
||||||
'version',
|
|
||||||
'verbose|v+',
|
|
||||||
'quiet',
|
|
||||||
'config|C=s',
|
|
||||||
'source|s=s',
|
|
||||||
'rsh|e=s',
|
|
||||||
'cache|c=s',
|
|
||||||
'stage|t=s',
|
|
||||||
'root|r=s',
|
|
||||||
'dry-run|n',
|
|
||||||
'backup|b',
|
|
||||||
'backup-dir=s',
|
|
||||||
'hostname|H=s',
|
|
||||||
);
|
|
||||||
|
|
||||||
sub default_usage ($) {
|
|
||||||
my ($synopsis) = @_;
|
|
||||||
return <<EOF;
|
|
||||||
Usage: $synopsis
|
|
||||||
|
|
||||||
Options:
|
|
||||||
-h, -?, --help
|
|
||||||
Print this help message and exit.
|
|
||||||
|
|
||||||
--version
|
|
||||||
Print the version number and exit.
|
|
||||||
|
|
||||||
-v, --verbose
|
|
||||||
Be verbose.
|
|
||||||
|
|
||||||
--quiet
|
|
||||||
Don't be verbose (Overrides previous uses of --verbose)
|
|
||||||
|
|
||||||
-C, --config FILE
|
|
||||||
Use this config file instead of '$DEFAULT_CONFIG_FILE'.
|
|
||||||
|
|
||||||
-s, --source DIR
|
|
||||||
Source for slack files
|
|
||||||
|
|
||||||
-e, --rsh COMMAND
|
|
||||||
Remote shell for rsync
|
|
||||||
|
|
||||||
-c, --cache DIR
|
|
||||||
Local cache directory for slack files
|
|
||||||
|
|
||||||
-t, --stage DIR
|
|
||||||
Local staging directory for slack files
|
|
||||||
|
|
||||||
-r, --root DIR
|
|
||||||
Root destination for slack files
|
|
||||||
|
|
||||||
-n, --dry-run
|
|
||||||
Don't write any files to disk -- just report what would have been done.
|
|
||||||
|
|
||||||
-b, --backup
|
|
||||||
Make backups of existing files in ROOT that are overwritten.
|
|
||||||
|
|
||||||
--backup-dir DIR
|
|
||||||
Put backups into this directory.
|
|
||||||
|
|
||||||
-H, --hostname HOST
|
|
||||||
Pretend to be running on HOST, instead of the name given by
|
|
||||||
gethostname(2).
|
|
||||||
EOF
|
|
||||||
}
|
|
||||||
# Read options from a config file. Arguments:
|
|
||||||
# file => config file to read
|
|
||||||
# opthash => hashref in which to store the options
|
|
||||||
# verbose => whether to be verbose
|
|
||||||
sub read_config (%) {
|
|
||||||
my %arg = @_;
|
|
||||||
my ($config_fh);
|
|
||||||
local $_;
|
|
||||||
|
|
||||||
confess "Slack::read_config: no config file given"
|
|
||||||
if not defined $arg{file};
|
|
||||||
$arg{opthash} = {}
|
|
||||||
if not defined $arg{opthash};
|
|
||||||
|
|
||||||
open($config_fh, '<', $arg{file})
|
|
||||||
or confess "Could not open config file '$arg{file}': $!";
|
|
||||||
|
|
||||||
# Make this into a hash so we can quickly see if we're looking
|
|
||||||
# for a particular option
|
|
||||||
my %looking_for;
|
|
||||||
if (ref $arg{options} eq 'ARRAY') {
|
|
||||||
%looking_for = map { $_ => 1 } @{$arg{options}};
|
|
||||||
}
|
|
||||||
|
|
||||||
while(<$config_fh>) {
|
|
||||||
chomp;
|
|
||||||
s/#.*//; # delete comments
|
|
||||||
s/\s+$//; # delete trailing spaces
|
|
||||||
next if m/^$/; # skip empty lines
|
|
||||||
|
|
||||||
if (m/^[A-Z_]+=\S+/) {
|
|
||||||
my ($key, $value) = split(/=/, $_, 2);
|
|
||||||
$key =~ tr/A-Z_/a-z-/;
|
|
||||||
# Only set options we're looking for
|
|
||||||
next if (%looking_for and not $looking_for{$key});
|
|
||||||
# Don't set options that are already set
|
|
||||||
next if defined $arg{opthash}->{$key};
|
|
||||||
|
|
||||||
$arg{verbose} and print STDERR "Slack::read_config: Setting '$key' to '$value'\n";
|
|
||||||
$arg{opthash}->{$key} = $value;
|
|
||||||
} else {
|
|
||||||
cluck "Slack::read_config: Garbage line '$_' in '$arg{file}' line $. ignored";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
close($config_fh)
|
|
||||||
or confess "Slack::read_config: Could not close config file: $!";
|
|
||||||
|
|
||||||
# The verbose option is treated specially in so many places that
|
|
||||||
# we need to make sure it's defined.
|
|
||||||
$arg{opthash}->{verbose} ||= 0;
|
|
||||||
|
|
||||||
return $arg{opthash};
|
|
||||||
}
|
|
||||||
|
|
||||||
# Just get the exit code from a command that failed.
|
|
||||||
# croaks if anything weird happened.
|
|
||||||
sub get_system_exit (@) {
|
|
||||||
my @command = @_;
|
|
||||||
|
|
||||||
if (WIFEXITED($?)) {
|
|
||||||
my $exit = WEXITSTATUS($?);
|
|
||||||
return $exit if $exit;
|
|
||||||
}
|
|
||||||
if (WIFSIGNALED($?)) {
|
|
||||||
my $sig = WTERMSIG($?);
|
|
||||||
croak "'@command' caught sig $sig";
|
|
||||||
}
|
|
||||||
if ($!) {
|
|
||||||
croak "Syserr on system '@command': $!";
|
|
||||||
}
|
|
||||||
croak "Unknown error on '@command'";
|
|
||||||
}
|
|
||||||
|
|
||||||
sub check_system_exit (@) {
|
|
||||||
my @command = @_;
|
|
||||||
my $exit = get_system_exit(@command);
|
|
||||||
# Exit is non-zero if get_system_exit() didn't croak.
|
|
||||||
croak "'@command' exited $exit";
|
|
||||||
}
|
|
||||||
|
|
||||||
# get options from the command line and the config file
|
|
||||||
# Arguments
|
|
||||||
# opthash => hashref in which to store options
|
|
||||||
# usage => usage statement
|
|
||||||
# required_options => arrayref of options to require -- an exception
|
|
||||||
# will be thrown if these options are not defined
|
|
||||||
# command_line_hash => store options specified on the command line here
|
|
||||||
sub get_options {
|
|
||||||
my %arg = @_;
|
|
||||||
use Getopt::Long;
|
|
||||||
Getopt::Long::Configure('bundling');
|
|
||||||
|
|
||||||
if (not defined $arg{opthash}) {
|
|
||||||
$arg{opthash} = {};
|
|
||||||
}
|
|
||||||
|
|
||||||
if (not defined $arg{usage}) {
|
|
||||||
$arg{usage} = default_usage($0);
|
|
||||||
}
|
|
||||||
|
|
||||||
my @extra_options = (); # extra arguments to getoptions
|
|
||||||
if (defined $arg{command_line_options}) {
|
|
||||||
@extra_options = @{$arg{command_line_options}};
|
|
||||||
}
|
|
||||||
|
|
||||||
# Make a --quiet function that turns off verbosity
|
|
||||||
$arg{opthash}->{quiet} = sub { $arg{opthash}->{verbose} = 0; };
|
|
||||||
|
|
||||||
unless (GetOptions($arg{opthash},
|
|
||||||
@default_options,
|
|
||||||
@extra_options,
|
|
||||||
)) {
|
|
||||||
print STDERR $arg{usage};
|
|
||||||
exit 1;
|
|
||||||
}
|
|
||||||
if ($arg{opthash}->{help}) {
|
|
||||||
print $arg{usage};
|
|
||||||
exit 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($arg{opthash}->{version}) {
|
|
||||||
print "slack version $VERSION\n";
|
|
||||||
exit 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Get rid of the quiet handler
|
|
||||||
delete $arg{opthash}->{quiet};
|
|
||||||
|
|
||||||
# If we've been given a hashref, save our options there at this
|
|
||||||
# stage, so the caller can see what was passed on the command line.
|
|
||||||
# Unfortunately, perl has no .replace function, so we iterate.
|
|
||||||
if (ref $arg{command_line_hash} eq 'HASH') {
|
|
||||||
while (my ($k, $v) = each %{$arg{opthash}}) {
|
|
||||||
$arg{command_line_hash}->{$k} = $v;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# Use the default config file
|
|
||||||
if (not defined $arg{opthash}->{config}) {
|
|
||||||
$arg{opthash}->{config} = $DEFAULT_CONFIG_FILE;
|
|
||||||
}
|
|
||||||
|
|
||||||
# We need to decide whether to be verbose about reading the config file
|
|
||||||
# Currently we just do it if global verbosity > 2
|
|
||||||
my $verbose_config = 0;
|
|
||||||
if (defined $arg{opthash}->{verbose}
|
|
||||||
and $arg{opthash}->{verbose} > 2) {
|
|
||||||
$verbose_config = 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Read options from the config file, passing along the options we've
|
|
||||||
# gotten so far
|
|
||||||
read_config(
|
|
||||||
file => $arg{opthash}->{config},
|
|
||||||
opthash => $arg{opthash},
|
|
||||||
verbose => $verbose_config,
|
|
||||||
);
|
|
||||||
|
|
||||||
# The "verbose" option gets compared a lot and needs to be defined
|
|
||||||
$arg{opthash}->{verbose} ||= 0;
|
|
||||||
|
|
||||||
# The "hostname" option is set specially if it's not defined
|
|
||||||
if (not defined $arg{opthash}->{hostname}) {
|
|
||||||
use Sys::Hostname;
|
|
||||||
$arg{opthash}->{hostname} = hostname;
|
|
||||||
}
|
|
||||||
|
|
||||||
# We can require some options to be set
|
|
||||||
if (ref $arg{required_options} eq 'ARRAY') {
|
|
||||||
for my $option (@{$arg{required_options}}) {
|
|
||||||
if (not defined $arg{opthash}->{$option}) {
|
|
||||||
croak "Required option '$option' not given on command line or specified in config file!\n";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return $arg{opthash};
|
|
||||||
}
|
|
||||||
|
|
||||||
sub prompt ($) {
|
|
||||||
my ($prompt) = @_;
|
|
||||||
if (not defined $term) {
|
|
||||||
require Term::ReadLine;
|
|
||||||
$term = new Term::ReadLine 'slack'
|
|
||||||
}
|
|
||||||
|
|
||||||
$term->readline($prompt);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
# Calls the callback on absolute pathnames of files in the source directory,
|
|
||||||
# and also on names of directories that don't exist in the destination
|
|
||||||
# directory (i.e. where $source/foo exists but $destination/foo does not).
|
|
||||||
sub find_files_to_install ($$$) {
|
|
||||||
my ($source, $destination, $callback) = @_;
|
|
||||||
return find ({
|
|
||||||
wanted => sub {
|
|
||||||
if (-l or not -d _) {
|
|
||||||
# Copy all files, links, etc
|
|
||||||
my $file = $File::Find::name;
|
|
||||||
&$callback($file);
|
|
||||||
} elsif (-d _) {
|
|
||||||
# For directories, we only want to copy it if it doesn't
|
|
||||||
# exist in the destination yet.
|
|
||||||
my $dir = $File::Find::name;
|
|
||||||
# We know the root directory will exist (we make it above),
|
|
||||||
# so skip the base of the source
|
|
||||||
(my $short_source = $source) =~ s#/$##;
|
|
||||||
return if $dir eq $short_source;
|
|
||||||
|
|
||||||
# Strip the $source from the path,
|
|
||||||
# so we can build the destination dir from it.
|
|
||||||
my $subdir = $dir;
|
|
||||||
($subdir =~ s#^$source##)
|
|
||||||
or croak "sub failed: $source|$subdir";
|
|
||||||
|
|
||||||
if (not -d "$destination/$subdir") {
|
|
||||||
&$callback($dir);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
},
|
|
||||||
$source,
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
# Runs rsync with the necessary redirection to its filehandles
|
|
||||||
sub wrap_rsync (@) {
|
|
||||||
my @command = @_;
|
|
||||||
my ($pid);
|
|
||||||
|
|
||||||
if ($pid = fork) {
|
|
||||||
# Parent
|
|
||||||
} elsif (defined $pid) {
|
|
||||||
# Child
|
|
||||||
open(STDIN, "<", "/dev/null")
|
|
||||||
or die "Could not redirect STDIN from /dev/null\n";
|
|
||||||
# This redirection is necessary because rsync sends
|
|
||||||
# verbose output to STDOUT
|
|
||||||
open(STDOUT, ">&STDERR")
|
|
||||||
or die "Could not redirect STDOUT to STDERR\n";
|
|
||||||
exec(@command);
|
|
||||||
die "Could not exec '@command': $!\n";
|
|
||||||
} else {
|
|
||||||
die "Could not fork: $!\n";
|
|
||||||
}
|
|
||||||
|
|
||||||
my $kid = waitpid($pid, 0);
|
|
||||||
if ($kid != $pid) {
|
|
||||||
die "waitpid returned $kid\n";
|
|
||||||
} elsif ($?) {
|
|
||||||
Slack::check_system_exit(@command);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# Runs rsync with the necessary redirection to its filehandles, but also
|
|
||||||
# returns an FH to stdin and a PID.
|
|
||||||
sub wrap_rsync_fh (@) {
|
|
||||||
my @command = @_;
|
|
||||||
my ($fh, $pid);
|
|
||||||
|
|
||||||
if ($pid = open($fh, "|-")) {
|
|
||||||
# Parent
|
|
||||||
} elsif (defined $pid) {
|
|
||||||
# Child
|
|
||||||
# This redirection is necessary because rsync sends
|
|
||||||
# verbose output to STDOUT
|
|
||||||
open(STDOUT, ">&STDERR")
|
|
||||||
or die "Could not redirect STDOUT to STDERR\n";
|
|
||||||
exec(@command);
|
|
||||||
die "Could not exec '@command': $!\n";
|
|
||||||
} else {
|
|
||||||
die "Could not fork: $!\n";
|
|
||||||
}
|
|
||||||
return($fh, $pid);
|
|
||||||
}
|
|
||||||
|
|
||||||
1;
|
|
329
slack-dist/dist/slack
vendored
329
slack-dist/dist/slack
vendored
@ -1,329 +0,0 @@
|
|||||||
#!/usr/bin/perl -w
|
|
||||||
# $Id: slack 180 2008-01-19 08:26:19Z alan $
|
|
||||||
# vim:sw=2
|
|
||||||
# vim600:fdm=marker
|
|
||||||
# Copyright (C) 2004-2008 Alan Sundell <alan@sundell.net>
|
|
||||||
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
|
|
||||||
# See the file COPYING for details.
|
|
||||||
|
|
||||||
# This script is in charge of copying files from the (possibly remote)
|
|
||||||
# master directory to a local cache, using rsync
|
|
||||||
|
|
||||||
require 5.006;
|
|
||||||
use warnings FATAL => qw(all);
|
|
||||||
use strict;
|
|
||||||
use sigtrap qw(die untrapped normal-signals
|
|
||||||
stack-trace any error-signals);
|
|
||||||
|
|
||||||
use File::Path;
|
|
||||||
use File::Find;
|
|
||||||
use POSIX; # for strftime
|
|
||||||
|
|
||||||
use constant LIBEXEC_DIR => '/usr/lib/slack';
|
|
||||||
use constant LIB_DIR => '/usr/lib/slack';
|
|
||||||
use lib LIB_DIR;
|
|
||||||
use Slack;
|
|
||||||
|
|
||||||
sub run_backend(@);
|
|
||||||
sub run_conditional_backend($@);
|
|
||||||
|
|
||||||
(my $PROG = $0) =~ s#.*/##;
|
|
||||||
|
|
||||||
# Arguments to pass to each backends (initialized to a hash of empty arrays)
|
|
||||||
my %backend_flags = ( map { $_ => [] }
|
|
||||||
qw(getroles sync stage preview preinstall fixfiles installfiles postinstall)
|
|
||||||
);
|
|
||||||
|
|
||||||
my @roles;
|
|
||||||
|
|
||||||
########################################
|
|
||||||
# Environment
|
|
||||||
# Helpful prefix to die messages
|
|
||||||
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
|
|
||||||
# Set a reasonable umask
|
|
||||||
umask 077;
|
|
||||||
# Get out of wherever (possibly NFS-mounted) we were
|
|
||||||
chdir("/")
|
|
||||||
or die "Could not chdir /: $!";
|
|
||||||
# Autoflush on STDERR
|
|
||||||
select((select(STDERR), $|=1)[0]);
|
|
||||||
|
|
||||||
########################################
|
|
||||||
# Config and option parsing {{{
|
|
||||||
my $usage = Slack::default_usage("$PROG [options] [<role>...]");
|
|
||||||
$usage .= <<EOF;
|
|
||||||
|
|
||||||
--preview MODE
|
|
||||||
Do a diff of scripts and files before running them.
|
|
||||||
MODE can be one of 'simple' or 'prompt'.
|
|
||||||
|
|
||||||
--no-files
|
|
||||||
Don't install any files in ROOT, but tell rsync to print what
|
|
||||||
it would do.
|
|
||||||
|
|
||||||
--no-scripts
|
|
||||||
Don't run scripts.
|
|
||||||
|
|
||||||
--no-sync
|
|
||||||
Skip the slack-sync step. (useful if you're pushing stuff into
|
|
||||||
the CACHE outside of slack)
|
|
||||||
|
|
||||||
--role-list
|
|
||||||
Role list for slack-getroles
|
|
||||||
|
|
||||||
--libexec-dir DIR
|
|
||||||
Look for backend scripts in this directory.
|
|
||||||
|
|
||||||
--diff PROG
|
|
||||||
Use this diff program for previews
|
|
||||||
|
|
||||||
--sleep TIME
|
|
||||||
Randomly sleep between 1 and TIME seconds before starting
|
|
||||||
operations
|
|
||||||
EOF
|
|
||||||
|
|
||||||
# Options
|
|
||||||
my %opt = ();
|
|
||||||
# So we can distinguish stuff on the command line from config file stuff
|
|
||||||
my %command_line_opt = ();
|
|
||||||
Slack::get_options(
|
|
||||||
opthash => \%opt,
|
|
||||||
command_line_options => [
|
|
||||||
'preview=s',
|
|
||||||
'role-list=s',
|
|
||||||
'no-scripts|noscripts',
|
|
||||||
'no-files|nofiles',
|
|
||||||
'no-sync|nosync',
|
|
||||||
'libexec-dir=s',
|
|
||||||
'diff=s',
|
|
||||||
'sleep=i',
|
|
||||||
],
|
|
||||||
required_options => [ qw(source cache stage root) ],
|
|
||||||
command_line_hash => \%command_line_opt,
|
|
||||||
usage => $usage,
|
|
||||||
);
|
|
||||||
|
|
||||||
# Special options
|
|
||||||
if ($opt{'dry-run'}) {
|
|
||||||
$opt{'no-scripts'} = 1;
|
|
||||||
$opt{'no-files'} = 1;
|
|
||||||
}
|
|
||||||
if ($opt{'no-scripts'}) {
|
|
||||||
for my $action (qw(fixfiles preinstall postinstall)) {
|
|
||||||
push @{$backend_flags{$action}},
|
|
||||||
'--dry-run';
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if ($opt{'no-files'}) {
|
|
||||||
push @{$backend_flags{installfiles}},
|
|
||||||
'--dry-run';
|
|
||||||
}
|
|
||||||
# propagate verbosity - 1 to all backends
|
|
||||||
if (defined $command_line_opt{'verbose'} and
|
|
||||||
$command_line_opt{'verbose'} > 1) {
|
|
||||||
for my $action (keys %backend_flags) {
|
|
||||||
push @{$backend_flags{$action}},
|
|
||||||
('--verbose') x ($command_line_opt{'verbose'} - 1);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
# propagate these flags to all the backends
|
|
||||||
for my $option (qw(config root cache stage source hostname rsh)) {
|
|
||||||
if ($command_line_opt{$option}) {
|
|
||||||
for my $action (keys %backend_flags) {
|
|
||||||
push @{$backend_flags{$action}},
|
|
||||||
"--$option=$command_line_opt{$option}";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
# getroles also can take 'role-list'
|
|
||||||
if ($command_line_opt{'role-list'}) {
|
|
||||||
push @{$backend_flags{'getroles'}},
|
|
||||||
"--role-list=$command_line_opt{'role-list'}";
|
|
||||||
}
|
|
||||||
|
|
||||||
# The libexec dir defaults to this if it wasn't specified
|
|
||||||
# on the command line or in a config file.
|
|
||||||
if (not defined $opt{'libexec-dir'}) {
|
|
||||||
$opt{'libexec-dir'} = LIBEXEC_DIR;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Pass diff option along to slack-rolediff
|
|
||||||
if ($opt{'diff'}) {
|
|
||||||
push @{$backend_flags{preview}},
|
|
||||||
"--diff=$opt{'diff'}";
|
|
||||||
}
|
|
||||||
|
|
||||||
# Preview takes an optional argument. If no argument is given,
|
|
||||||
# it gets "" from getopt.
|
|
||||||
if (defined $opt{'preview'}) {
|
|
||||||
if (not grep /^$opt{'preview'}$/, qw(simple prompt)) {
|
|
||||||
die "Unknown preview mode '$opt{'preview'}'!";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# The backup option defaults to on if it wasn't specified
|
|
||||||
# on the command line or in a config file
|
|
||||||
if (not defined $opt{backup}) {
|
|
||||||
$opt{backup} = 1;
|
|
||||||
}
|
|
||||||
# Figure out a place to put backups
|
|
||||||
if ($opt{backup} and $opt{'backup-dir'}) {
|
|
||||||
push @{$backend_flags{installfiles}},
|
|
||||||
'--backup',
|
|
||||||
'--backup-dir='.
|
|
||||||
$opt{'backup-dir'}.
|
|
||||||
"/".
|
|
||||||
strftime('%F-%T', localtime(time))
|
|
||||||
;
|
|
||||||
}
|
|
||||||
# }}}
|
|
||||||
|
|
||||||
# Random sleep, helpful when called from cron.
|
|
||||||
if ($opt{sleep}) {
|
|
||||||
my $secs = int(rand($opt{sleep})) + 1;
|
|
||||||
$opt{verbose} and print STDERR "$PROG: sleep $secs\n";
|
|
||||||
sleep($secs);
|
|
||||||
}
|
|
||||||
|
|
||||||
# Get a list of roles to install from slack-getroles {{{
|
|
||||||
if (not @ARGV) {
|
|
||||||
my @command = ($opt{'libexec-dir'}.'/slack-getroles',
|
|
||||||
@{$backend_flags{'getroles'}});
|
|
||||||
$opt{verbose} and print STDERR "$PROG: getroles\n";
|
|
||||||
($opt{verbose} > 2) and print STDERR "$PROG: Calling '@command' to get a list of roles for this host.\n";
|
|
||||||
my ($roles_pid, $roles_fh);
|
|
||||||
if ($roles_pid = open($roles_fh, "-|")) {
|
|
||||||
# Parent
|
|
||||||
} elsif (defined $roles_pid) {
|
|
||||||
# Child
|
|
||||||
exec(@command);
|
|
||||||
die "Could not exec '@command': $!\n";
|
|
||||||
} else {
|
|
||||||
die "Could not fork to run '@command': $!\n";
|
|
||||||
}
|
|
||||||
@roles = split(/\s+/, join(" ", <$roles_fh>));
|
|
||||||
unless (close($roles_fh)) {
|
|
||||||
Slack::check_system_exit(@command);
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
@roles = @ARGV;
|
|
||||||
}
|
|
||||||
# }}}
|
|
||||||
|
|
||||||
# Check role name syntax {{{
|
|
||||||
for my $role (@roles) {
|
|
||||||
# Roles MUST begin with a letter. All else is reserved.
|
|
||||||
if ($role !~ m/^[a-zA-Z]/) {
|
|
||||||
die "Role '$role' does not begin with a letter!";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
# }}}
|
|
||||||
|
|
||||||
$opt{verbose} and print STDERR "$PROG: installing roles: @roles\n";
|
|
||||||
|
|
||||||
unless ($opt{'no-sync'}) {
|
|
||||||
# sync all the roles down at once
|
|
||||||
$opt{verbose} and print STDERR "$PROG: sync @roles\n";
|
|
||||||
run_backend('slack-sync',
|
|
||||||
@{$backend_flags{sync}}, @roles);
|
|
||||||
}
|
|
||||||
|
|
||||||
ROLE: for my $role (@roles) {
|
|
||||||
# stage
|
|
||||||
$opt{verbose} and print STDERR "$PROG: stage files $role\n";
|
|
||||||
run_backend('slack-stage',
|
|
||||||
@{$backend_flags{stage}}, '--subdir=files', $role);
|
|
||||||
|
|
||||||
if ($opt{preview}) {
|
|
||||||
if ($opt{preview} eq 'simple') {
|
|
||||||
$opt{verbose} and print STDERR "$PROG: preview $role\n";
|
|
||||||
# Here, we run the backend in no-prompt mode.
|
|
||||||
run_conditional_backend(0, 'slack-rolediff',
|
|
||||||
@{$backend_flags{preview}}, $role);
|
|
||||||
# ...and we skip further action in the ROLE after showing the diff.
|
|
||||||
next ROLE;
|
|
||||||
} elsif ($opt{preview} eq 'prompt') {
|
|
||||||
$opt{verbose} and print STDERR "$PROG: preview scripts $role\n";
|
|
||||||
# Here, we want to prompt and just do the scripts, since
|
|
||||||
# we need to run preinstall and fixfiles before doing the files.
|
|
||||||
run_conditional_backend(1, 'slack-rolediff',
|
|
||||||
@{$backend_flags{preview}}, '--subdir=scripts', $role);
|
|
||||||
} else {
|
|
||||||
# Should get caught in option processing, above
|
|
||||||
die "Unknown preview mode!\n";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
$opt{verbose} and print STDERR "$PROG: stage scripts $role\n";
|
|
||||||
run_backend('slack-stage',
|
|
||||||
@{$backend_flags{stage}}, '--subdir=scripts', $role);
|
|
||||||
|
|
||||||
# preinstall
|
|
||||||
$opt{verbose} and print STDERR "$PROG: preinstall $role\n";
|
|
||||||
run_backend('slack-runscript',
|
|
||||||
@{$backend_flags{preinstall}}, 'preinstall', $role);
|
|
||||||
|
|
||||||
# fixfiles
|
|
||||||
$opt{verbose} and print STDERR "$PROG: fixfiles $role\n";
|
|
||||||
run_backend('slack-runscript',
|
|
||||||
@{$backend_flags{fixfiles}}, 'fixfiles', $role);
|
|
||||||
|
|
||||||
# preview files
|
|
||||||
if ($opt{preview} and $opt{preview} eq 'prompt') {
|
|
||||||
$opt{verbose} and print STDERR "$PROG: preview files $role\n";
|
|
||||||
run_conditional_backend(1, 'slack-rolediff',
|
|
||||||
@{$backend_flags{preview}}, '--subdir=files', $role);
|
|
||||||
}
|
|
||||||
|
|
||||||
# installfiles
|
|
||||||
$opt{verbose} and print STDERR "$PROG: install $role\n";
|
|
||||||
run_backend('slack-installfiles',
|
|
||||||
@{$backend_flags{installfiles}}, $role);
|
|
||||||
|
|
||||||
# postinstall
|
|
||||||
$opt{verbose} and print STDERR "$PROG: postinstall $role\n";
|
|
||||||
run_backend('slack-runscript',
|
|
||||||
@{$backend_flags{postinstall}}, 'postinstall', $role);
|
|
||||||
}
|
|
||||||
exit 0;
|
|
||||||
|
|
||||||
sub run_backend (@) {
|
|
||||||
my ($backend, @args) = @_;
|
|
||||||
# If we weren't given an explicit path, prepend the libexec dir
|
|
||||||
unless ($backend =~ m#^/#) {
|
|
||||||
$backend = $opt{'libexec-dir'} . '/' . $backend;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Assemble our command line
|
|
||||||
my (@command) = ($backend, @args);
|
|
||||||
($opt{verbose} > 2) and print STDERR "$PROG: Calling '@command'\n";
|
|
||||||
unless (system(@command) == 0) {
|
|
||||||
Slack::check_system_exit(@command);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
sub run_conditional_backend ($@) {
|
|
||||||
my ($prompt, $backend, @args) = @_;
|
|
||||||
# If we weren't given an explicit path, prepend the libexec dir
|
|
||||||
unless ($backend =~ m#^/#) {
|
|
||||||
$backend = $opt{'libexec-dir'} . '/' . $backend;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Assemble our command line
|
|
||||||
my (@command) = ($backend, @args);
|
|
||||||
($opt{verbose} > 2) and print STDERR "$PROG: Calling '@command'\n";
|
|
||||||
unless (system(@command) == 0) {
|
|
||||||
my $exit = Slack::get_system_exit(@command);
|
|
||||||
|
|
||||||
if ($exit == 1) {
|
|
||||||
# exit 1 means a difference found or something normal that requires
|
|
||||||
# a prompt before continuing.
|
|
||||||
if ($prompt) {
|
|
||||||
exit 1 unless Slack::prompt("Continue? [yN] ") eq 'y';
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
# any other non-successful exit is a serious error.
|
|
||||||
die "'@command' exited $exit";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
514
slack-dist/dist/slack-diff
vendored
514
slack-dist/dist/slack-diff
vendored
@ -1,514 +0,0 @@
|
|||||||
#!/usr/bin/perl -w
|
|
||||||
# $Id: slack-diff 122 2006-09-27 07:34:32Z alan $
|
|
||||||
# vim:sw=2
|
|
||||||
# vim600:fdm=marker
|
|
||||||
# Copyright (C) 2004-2006 Alan Sundell <alan@sundell.net>
|
|
||||||
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
|
|
||||||
# See the file COPYING for details.
|
|
||||||
#
|
|
||||||
# This script is a wrapper for diff that gives output about special files
|
|
||||||
# and file modes. (diff can only compare regular files)
|
|
||||||
|
|
||||||
require 5.006;
|
|
||||||
use warnings FATAL => qw(all);
|
|
||||||
use strict;
|
|
||||||
use sigtrap qw(die untrapped normal-signals
|
|
||||||
stack-trace any error-signals);
|
|
||||||
|
|
||||||
use Errno;
|
|
||||||
use File::stat;
|
|
||||||
use File::Basename;
|
|
||||||
use File::Find;
|
|
||||||
use Getopt::Long;
|
|
||||||
use POSIX qw(SIGPIPE strftime);
|
|
||||||
use Fcntl qw(:mode); # provides things like S_IFMT that POSIX does not
|
|
||||||
|
|
||||||
|
|
||||||
my $VERSION = '0.1';
|
|
||||||
(my $PROG = $0) =~ s#.*/##;
|
|
||||||
my @diff; # diff program to use
|
|
||||||
my $exit = 0; # our exit code
|
|
||||||
|
|
||||||
sub compare ($$);
|
|
||||||
sub recursive_compare ($$);
|
|
||||||
sub filetype_to_string ($;$);
|
|
||||||
sub compare_files ($$);
|
|
||||||
sub diff ($$);
|
|
||||||
|
|
||||||
########################################
|
|
||||||
# Environment
|
|
||||||
# Helpful prefix to die messages
|
|
||||||
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
|
|
||||||
# Set a reasonable umask
|
|
||||||
umask 077;
|
|
||||||
# Autoflush on STDOUT
|
|
||||||
$|=1;
|
|
||||||
# Autoflush on STDERR
|
|
||||||
select((select(STDERR), $|=1)[0]);
|
|
||||||
|
|
||||||
# Default options
|
|
||||||
my %opt = (
|
|
||||||
fakediff => 1,
|
|
||||||
perms => 1,
|
|
||||||
'new-file' => 1,
|
|
||||||
diff => 'diff',
|
|
||||||
);
|
|
||||||
|
|
||||||
# Config and option parsing
|
|
||||||
my $usage = <<EOF;
|
|
||||||
Usage: $PROG [options] <file1> <file2>
|
|
||||||
$PROG -r <dir1> <dir2>
|
|
||||||
|
|
||||||
Options:
|
|
||||||
-u, -U NUM, --unified=NUM
|
|
||||||
Tell diff to use unified output format.
|
|
||||||
--diff PROG
|
|
||||||
Use this program for diffing, instead of "$opt{diff}"
|
|
||||||
--fakediff
|
|
||||||
Make a fake diff for file modes and other things that are not file
|
|
||||||
contents. Default is on, can be disabled with --nofakediff.
|
|
||||||
--perms
|
|
||||||
Care about owner, group, and permissions when doing fakediff.
|
|
||||||
Default is on, can be disabled with --noperms.
|
|
||||||
-r, --recursive
|
|
||||||
Recursively compare directories.
|
|
||||||
-N, --new-file
|
|
||||||
Treat missing files as empty. Default is on, can be disabled with
|
|
||||||
--nonew-file.
|
|
||||||
--unidirectional-new-file
|
|
||||||
Treat only missing files in the first directory as empty.
|
|
||||||
--from-file
|
|
||||||
Treat arguments as a list of files from which to read filenames to
|
|
||||||
compare, two lines at a time.
|
|
||||||
-0, --null
|
|
||||||
Use NULLs instead of newlines as the separator in --from-file mode
|
|
||||||
--devnullhack
|
|
||||||
You have a version of diff that can't deal with -N when not in
|
|
||||||
recursive mode, so we need to feed it /dev/null instead of the
|
|
||||||
missing file. Default is on, can be disabled with --nodevnullhack.
|
|
||||||
--version
|
|
||||||
Output version info
|
|
||||||
--help
|
|
||||||
Output this help text
|
|
||||||
|
|
||||||
Exit codes:
|
|
||||||
0 Found no differences
|
|
||||||
1 Found a difference
|
|
||||||
2 Had a serious error
|
|
||||||
3 Found a difference and had a serious error
|
|
||||||
EOF
|
|
||||||
|
|
||||||
{
|
|
||||||
Getopt::Long::Configure ("bundling");
|
|
||||||
GetOptions(\%opt,
|
|
||||||
'help|h|?',
|
|
||||||
'version',
|
|
||||||
'null|0',
|
|
||||||
'devnullhack',
|
|
||||||
'new-file|N',
|
|
||||||
'u',
|
|
||||||
'unified|U=i',
|
|
||||||
'recursive|r',
|
|
||||||
'from-file',
|
|
||||||
'unidirectional-new-file',
|
|
||||||
'fakediff!',
|
|
||||||
'perms!',
|
|
||||||
'diff=s',
|
|
||||||
) or die $usage;
|
|
||||||
if ($opt{help}) {
|
|
||||||
print $usage;
|
|
||||||
exit 0;
|
|
||||||
}
|
|
||||||
if ($opt{version}) {
|
|
||||||
print "$PROG version $VERSION\n";
|
|
||||||
exit 0;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($opt{diff}) {
|
|
||||||
# We split on spaces here to be useful -- so that people can give
|
|
||||||
# their diff options.
|
|
||||||
@diff = split(/\s+/, $opt{diff});
|
|
||||||
} else {
|
|
||||||
die "$PROG: No diff program!\n";
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($opt{'u'}) {
|
|
||||||
push @diff, '-u';
|
|
||||||
} elsif ($opt{'unified'}) {
|
|
||||||
$opt{'u'} = 1; # We use this value later
|
|
||||||
push @diff, "--unified=$opt{'unified'}";
|
|
||||||
}
|
|
||||||
|
|
||||||
if (not $opt{'devnullhack'}) {
|
|
||||||
push @diff, '-N';
|
|
||||||
}
|
|
||||||
|
|
||||||
# usually, sigpipe would be someone quitting their pager, so don't sweat it
|
|
||||||
$SIG{PIPE} = sub { exit $exit };
|
|
||||||
|
|
||||||
if ($opt{'from-file'}) {
|
|
||||||
local $/ = "\0" if $opt{'null'};
|
|
||||||
while (my $old = <>) {
|
|
||||||
my $new = <>;
|
|
||||||
die "Uneven number of lines in --from-file mode!\n"
|
|
||||||
if not defined $new;
|
|
||||||
chomp($old);
|
|
||||||
chomp($new);
|
|
||||||
$exit |= compare($old, $new);
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
die $usage unless $#ARGV == 1;
|
|
||||||
$exit |= compare($ARGV[0], $ARGV[1]);
|
|
||||||
}
|
|
||||||
exit $exit;
|
|
||||||
|
|
||||||
##
|
|
||||||
# Subroutines
|
|
||||||
|
|
||||||
sub compare ($$) {
|
|
||||||
my ($old, $new) = @_;
|
|
||||||
|
|
||||||
if ($opt{recursive}) {
|
|
||||||
return recursive_compare($old, $new);
|
|
||||||
} else {
|
|
||||||
return compare_files($old, $new);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# compare two directories. We do this by walking down the *new*
|
|
||||||
# directory, and comparing everything that's there to the stuff in
|
|
||||||
# the old directory
|
|
||||||
sub recursive_compare ($$) {
|
|
||||||
my ($olddir, $newdir) = @_;
|
|
||||||
my ($retval, $basere, $wanted);
|
|
||||||
my (%seen);
|
|
||||||
|
|
||||||
$retval = 0;
|
|
||||||
|
|
||||||
if (-d $newdir) {
|
|
||||||
$basere = qr(^$newdir);
|
|
||||||
$wanted = sub {
|
|
||||||
my ($newfile) = $_;
|
|
||||||
my $oldfile = $newfile;
|
|
||||||
|
|
||||||
$oldfile =~ s#$basere#$olddir#;
|
|
||||||
$seen{$oldfile} = 1;
|
|
||||||
$retval |= compare_files($oldfile, $newfile);
|
|
||||||
};
|
|
||||||
|
|
||||||
eval { find({ wanted => $wanted , no_chdir => 1}, $newdir) };
|
|
||||||
if ($@) {
|
|
||||||
warn "$PROG: error during find: $@\n";
|
|
||||||
$retval |= 2;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return $retval
|
|
||||||
if $opt{'unidirectional-new-file'};
|
|
||||||
|
|
||||||
# If we're not unidirectional, we want to go through the old directory
|
|
||||||
# and diff any files we didn't see in the newdir.
|
|
||||||
if (-d $olddir) {
|
|
||||||
$basere = qr(^$olddir);
|
|
||||||
$wanted = sub {
|
|
||||||
my ($oldfile) = $_;
|
|
||||||
my $newfile;
|
|
||||||
|
|
||||||
return if $seen{$oldfile};
|
|
||||||
$newfile = $oldfile;
|
|
||||||
|
|
||||||
$newfile =~ s#$basere#$newdir#;
|
|
||||||
$retval |= compare_files($oldfile, $newfile);
|
|
||||||
};
|
|
||||||
|
|
||||||
eval { find({ wanted => $wanted , no_chdir => 1}, $olddir) };
|
|
||||||
if ($@) {
|
|
||||||
warn "$PROG: error during find: $@\n";
|
|
||||||
$retval |= 2;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return $retval;
|
|
||||||
}
|
|
||||||
|
|
||||||
# filetype_to_string(mode)
|
|
||||||
# filetype_to_string(mode, plural)
|
|
||||||
#
|
|
||||||
# Takes a mode returned from stat(), returns a noune describing the filetype,
|
|
||||||
# e.g. "directory", "symlink".
|
|
||||||
# If the "plural" argument is provided and true, returns the plural form of
|
|
||||||
# the noun, e.g. "directories", "symlinks".
|
|
||||||
sub filetype_to_string ($;$) {
|
|
||||||
my ($mode, $plural) = @_;
|
|
||||||
|
|
||||||
if (S_ISREG($mode)) {
|
|
||||||
return "regular file".($plural ? "s" : "");
|
|
||||||
} elsif (S_ISDIR($mode)) {
|
|
||||||
return "director".($plural ? "ies" : "y");
|
|
||||||
} elsif (S_ISLNK($mode)) {
|
|
||||||
return "symlink".($plural ? "s" : "");
|
|
||||||
} elsif (S_ISBLK($mode)) {
|
|
||||||
return "block device".($plural ? "s" : "");
|
|
||||||
} elsif (S_ISCHR($mode)) {
|
|
||||||
return "character device".($plural ? "s" : "");
|
|
||||||
} elsif (S_ISFIFO($mode)) {
|
|
||||||
return "fifo".($plural ? "s" : "");
|
|
||||||
} elsif (S_ISSOCK($mode)) {
|
|
||||||
return "socket".($plural ? "s" : "");
|
|
||||||
} else {
|
|
||||||
return "unknown filetype".($plural ? "s" : "");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# compare_files(oldfile, newfile)
|
|
||||||
# This is the actual diffing routine. It's quite long because we need to
|
|
||||||
# deal with all sorts of special cases. It will print to STDOUT a
|
|
||||||
# description of the differences between the two files. For regular files,
|
|
||||||
# diff(1) will be run to show the differences.
|
|
||||||
#
|
|
||||||
# return codes:
|
|
||||||
# 1 found a difference
|
|
||||||
# 2 had an error
|
|
||||||
# 3 found a difference and had an error
|
|
||||||
sub compare_files ($$) {
|
|
||||||
my ($oldname, $newname) = @_;
|
|
||||||
my ($old, $new); # stat buffers
|
|
||||||
my $return = 0;
|
|
||||||
|
|
||||||
# Get rid of unsightly double slashes
|
|
||||||
$oldname =~ s#//#/#g;
|
|
||||||
$newname =~ s#//#/#g;
|
|
||||||
|
|
||||||
eval { $old = lstat($oldname); };
|
|
||||||
if (not defined $old and not $!{ENOENT}) {
|
|
||||||
warn "$PROG: Could not stat $oldname: $!\n";
|
|
||||||
return 2;
|
|
||||||
}
|
|
||||||
eval { $new = lstat($newname); };
|
|
||||||
if (not defined $new and not $!{ENOENT}) {
|
|
||||||
warn "$PROG: Could not stat $newname: $!\n";
|
|
||||||
return 2;
|
|
||||||
}
|
|
||||||
# At this point, $old or $new should only be undefined if the
|
|
||||||
# file does not exist.
|
|
||||||
|
|
||||||
if (defined $old and defined $new) {
|
|
||||||
if (S_IFMT($old->mode) != S_IFMT($new->mode)) {
|
|
||||||
if ($opt{fakediff}) {
|
|
||||||
fakediff('filetype',
|
|
||||||
$oldname => filetype_to_string($old->mode),
|
|
||||||
$newname => filetype_to_string($new->mode),
|
|
||||||
);
|
|
||||||
} else {
|
|
||||||
print "File types differ between ".
|
|
||||||
filetype_to_string($old->mode)." $oldname and ".
|
|
||||||
filetype_to_string($new->mode)." $newname\n";
|
|
||||||
}
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
if ($old->nlink != $new->nlink) {
|
|
||||||
# In recursive mode, we don't care about link counts in directories,
|
|
||||||
# as we'll pick that up with what files do and don't exist.
|
|
||||||
unless ($opt{recursive} and S_ISDIR($old->mode)) {
|
|
||||||
if ($opt{fakediff}) {
|
|
||||||
fakediff('nlink',
|
|
||||||
$oldname => $old->nlink,
|
|
||||||
$newname => $new->nlink,
|
|
||||||
);
|
|
||||||
} else {
|
|
||||||
print "Link counts differ between ".
|
|
||||||
filetype_to_string($old->mode, 1).
|
|
||||||
" $oldname and $newname\n";
|
|
||||||
}
|
|
||||||
$return = 1;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
if ($old->uid != $new->uid and $opt{perms}) {
|
|
||||||
if ($opt{fakediff}) {
|
|
||||||
fakediff('uid',
|
|
||||||
$oldname => $old->uid,
|
|
||||||
$newname => $new->uid,
|
|
||||||
);
|
|
||||||
} else {
|
|
||||||
print "Owner differs between ".
|
|
||||||
filetype_to_string($old->mode, 1).
|
|
||||||
" $oldname and $newname\n";
|
|
||||||
}
|
|
||||||
$return = 1;
|
|
||||||
}
|
|
||||||
if ($old->gid != $new->gid and $opt{perms}) {
|
|
||||||
if ($opt{fakediff}) {
|
|
||||||
fakediff('gid',
|
|
||||||
$oldname => $old->gid,
|
|
||||||
$newname => $new->gid,
|
|
||||||
);
|
|
||||||
} else {
|
|
||||||
print "Group differs between ".
|
|
||||||
filetype_to_string($old->mode, 1).
|
|
||||||
" $oldname and $newname\n";
|
|
||||||
}
|
|
||||||
$return = 1;
|
|
||||||
}
|
|
||||||
if (S_IMODE($old->mode) != S_IMODE($new->mode) and $opt{perms}) {
|
|
||||||
if ($opt{fakediff}) {
|
|
||||||
fakediff('mode',
|
|
||||||
$oldname => sprintf('%04o', S_IMODE($old->mode)),
|
|
||||||
$newname => sprintf('%04o', S_IMODE($new->mode)),
|
|
||||||
);
|
|
||||||
} else {
|
|
||||||
print "Modes differ between ".
|
|
||||||
filetype_to_string($old->mode, 1).
|
|
||||||
" $oldname and $newname\n";
|
|
||||||
}
|
|
||||||
$return = 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
# We don't want to compare anything more about sockets, fifos, or
|
|
||||||
# directories, once we've checked the permissions and link counts
|
|
||||||
if (S_ISSOCK($old->mode) or
|
|
||||||
S_ISFIFO($old->mode) or
|
|
||||||
S_ISDIR($old->mode)) {
|
|
||||||
return $return;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Check device file devs, and that's it for them
|
|
||||||
if (S_ISCHR($old->mode) or
|
|
||||||
S_ISBLK($old->mode)) {
|
|
||||||
if ($old->rdev != $new->rdev) {
|
|
||||||
if ($opt{fakediff}) {
|
|
||||||
fakediff('rdev',
|
|
||||||
$oldname => $old->rdev,
|
|
||||||
$newname => $new->rdev,
|
|
||||||
);
|
|
||||||
} else {
|
|
||||||
print "Device numbers differ between ".
|
|
||||||
filetype_to_string($old->mode, 1).
|
|
||||||
" $oldname and $newname\n";
|
|
||||||
}
|
|
||||||
$return = 1;
|
|
||||||
}
|
|
||||||
return $return;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Compare the targets of symlinks
|
|
||||||
if (S_ISLNK($old->mode)) {
|
|
||||||
my $oldtarget = readlink $oldname
|
|
||||||
or (warn("$PROG: Could not readlink($oldname): $!\n"),
|
|
||||||
return $return | 2);
|
|
||||||
my $newtarget = readlink $newname
|
|
||||||
or (warn("$PROG: Could not readlink($newname): $!\n"),
|
|
||||||
return $return | 2);
|
|
||||||
if ($oldtarget ne $newtarget) {
|
|
||||||
if ($opt{fakediff}) {
|
|
||||||
fakediff('target',
|
|
||||||
$oldname => $oldtarget,
|
|
||||||
$newname => $newtarget,
|
|
||||||
);
|
|
||||||
} else {
|
|
||||||
print "Symlink targets differ between $oldname and $newname\n";
|
|
||||||
}
|
|
||||||
$return = 1;
|
|
||||||
}
|
|
||||||
return $return;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (not S_ISREG($old->mode)) {
|
|
||||||
warn "$PROG: Don't know what to do with file mode $old->mode!\n";
|
|
||||||
return 2;
|
|
||||||
}
|
|
||||||
} elsif (not defined $old and not defined $new) {
|
|
||||||
print "Neither $oldname nor $newname exists\n";
|
|
||||||
return $return;
|
|
||||||
} elsif (not defined $old) {
|
|
||||||
if (not S_ISREG($new->mode) or not $opt{'new-file'}) {
|
|
||||||
print "Only in ".dirname($newname).": ".
|
|
||||||
filetype_to_string($new->mode)." ".basename($newname)."\n";
|
|
||||||
return 1;
|
|
||||||
} elsif ($opt{'devnullhack'}) {
|
|
||||||
$oldname = '/dev/null';
|
|
||||||
}
|
|
||||||
} elsif (not defined $new) {
|
|
||||||
if (not S_ISREG($old->mode) or not $opt{'new-file'}) {
|
|
||||||
print "Only in ".dirname($oldname).": ".
|
|
||||||
filetype_to_string($old->mode)." ".basename($oldname)."\n";
|
|
||||||
return 1;
|
|
||||||
} elsif ($opt{'devnullhack'}) {
|
|
||||||
$newname = '/dev/null';
|
|
||||||
}
|
|
||||||
}
|
|
||||||
# They are regular files! We can actually run diff!
|
|
||||||
return diff($oldname, $newname) | $return;
|
|
||||||
}
|
|
||||||
|
|
||||||
sub diff ($$) {
|
|
||||||
my ($oldname, $newname) = @_;
|
|
||||||
my @command = (@diff, $oldname, $newname);
|
|
||||||
my $status;
|
|
||||||
|
|
||||||
# If we're not specifying unified diff, we need to print a header
|
|
||||||
# to indicate what's being diffed. (I'm not sure if this actually would
|
|
||||||
# work for patch, but it does tell our user what's going on).
|
|
||||||
# FIXME: We only need to specify this if the files are different
|
|
||||||
print "@command\n"
|
|
||||||
if not $opt{u};
|
|
||||||
|
|
||||||
{
|
|
||||||
# There is a bug in perl with use warnings FATAL => qw(all)
|
|
||||||
# that will cause the child process from system() to stick
|
|
||||||
# around if there is a warning generated.
|
|
||||||
# Shut off warnings -- we'll catch the error below.
|
|
||||||
no warnings;
|
|
||||||
$status = system(@command);
|
|
||||||
}
|
|
||||||
return 0 if ($status == 0);
|
|
||||||
if ($? == -1) {
|
|
||||||
die "$PROG: failed to execute '@command': $!\n";
|
|
||||||
}
|
|
||||||
if ($? & 128) {
|
|
||||||
die "$PROG: '@command' dumped core\n";
|
|
||||||
}
|
|
||||||
if (my $sig = $? & 127) {
|
|
||||||
die "$PROG: '@command' caught sig $sig\n"
|
|
||||||
unless ($sig == SIGPIPE);
|
|
||||||
}
|
|
||||||
if (my $exit = $? >> 8) {
|
|
||||||
if ($exit == 1) {
|
|
||||||
return 1;
|
|
||||||
} else {
|
|
||||||
die "$PROG: '@command' returned $exit\n";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
sub fakediff ($$) {
|
|
||||||
my ($type, $oldname, $oldvalue, $newname, $newvalue) = @_;
|
|
||||||
|
|
||||||
return unless $opt{fakediff};
|
|
||||||
my $time = strftime('%F %T.000000000 %z', localtime(0));
|
|
||||||
|
|
||||||
# We add a suffix onto the filenames to show we're not actually looking
|
|
||||||
# at file contents. There's no good way to indicate this that's compatible
|
|
||||||
# with patch, and this is simple enough.
|
|
||||||
$oldname .= '#~~' . $type;
|
|
||||||
$newname .= '#~~' . $type;
|
|
||||||
|
|
||||||
if ($opt{u}) {
|
|
||||||
# fake up a unified diff
|
|
||||||
print <<EOF;
|
|
||||||
--- $oldname\t$time
|
|
||||||
+++ $newname\t$time
|
|
||||||
@@ -1 +1 @@
|
|
||||||
-$oldvalue
|
|
||||||
+$newvalue
|
|
||||||
EOF
|
|
||||||
} else {
|
|
||||||
print <<EOF;
|
|
||||||
diff $oldname $newname
|
|
||||||
1c1
|
|
||||||
< $oldvalue
|
|
||||||
---
|
|
||||||
> $newvalue
|
|
||||||
EOF
|
|
||||||
}
|
|
||||||
}
|
|
161
slack-dist/dist/slack-getroles
vendored
161
slack-dist/dist/slack-getroles
vendored
@ -1,161 +0,0 @@
|
|||||||
#!/usr/bin/perl -w
|
|
||||||
# $Id: slack-getroles 180 2008-01-19 08:26:19Z alan $
|
|
||||||
# vim:sw=2
|
|
||||||
# vim600:fdm=marker
|
|
||||||
# Copyright (C) 2004-2008 Alan Sundell <alan@sundell.net>
|
|
||||||
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
|
|
||||||
# See the file COPYING for details.
|
|
||||||
|
|
||||||
# This script is in charge of copying files from the (possibly remote)
|
|
||||||
# master directory to a local cache, using rsync
|
|
||||||
|
|
||||||
require 5.006;
|
|
||||||
use warnings FATAL => qw(all);
|
|
||||||
use strict;
|
|
||||||
use sigtrap qw(die untrapped normal-signals
|
|
||||||
stack-trace any error-signals);
|
|
||||||
|
|
||||||
use File::Path;
|
|
||||||
|
|
||||||
use constant LIB_DIR => '/usr/lib/slack';
|
|
||||||
use lib LIB_DIR;
|
|
||||||
use Slack;
|
|
||||||
|
|
||||||
my @rsync = ('rsync',
|
|
||||||
'--links',
|
|
||||||
'--times',
|
|
||||||
);
|
|
||||||
|
|
||||||
(my $PROG = $0) =~ s#.*/##;
|
|
||||||
|
|
||||||
sub sync_list ();
|
|
||||||
|
|
||||||
########################################
|
|
||||||
# Environment
|
|
||||||
# Helpful prefix to die messages
|
|
||||||
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
|
|
||||||
# Set a reasonable umask
|
|
||||||
umask 077;
|
|
||||||
# Get out of wherever (possibly NFS-mounted) we were
|
|
||||||
chdir("/")
|
|
||||||
or die "Could not chdir /: $!";
|
|
||||||
# Autoflush on STDERR
|
|
||||||
select((select(STDERR), $|=1)[0]);
|
|
||||||
|
|
||||||
########################################
|
|
||||||
# Config and option parsing {{{
|
|
||||||
my $usage = Slack::default_usage("$PROG [options]");
|
|
||||||
$usage .= <<EOF;
|
|
||||||
|
|
||||||
--role-list
|
|
||||||
Role list location (can be relative to SOURCE)
|
|
||||||
|
|
||||||
--remote-role-list
|
|
||||||
Role list is remote and should be copied down with rsync
|
|
||||||
(implied by certain forms of role list or SOURCE)
|
|
||||||
EOF
|
|
||||||
|
|
||||||
# Option defaults
|
|
||||||
my %opt = ();
|
|
||||||
Slack::get_options(
|
|
||||||
opthash => \%opt,
|
|
||||||
command_line_options => [
|
|
||||||
'role-list=s',
|
|
||||||
'remote-role-list',
|
|
||||||
],
|
|
||||||
required_options => [ qw(role-list hostname) ],
|
|
||||||
usage => $usage,
|
|
||||||
);
|
|
||||||
|
|
||||||
# Prepare for backups
|
|
||||||
if ($opt{backup} and $opt{'backup-dir'}) {
|
|
||||||
# Make sure backup directory exists
|
|
||||||
unless (-d $opt{'backup-dir'}) {
|
|
||||||
($opt{verbose} > 0) and print STDERR "Creating backup directory '$opt{'backup-dir'}'\n";
|
|
||||||
if (not $opt{'dry-run'}) {
|
|
||||||
eval { mkpath($opt{'backup-dir'}); };
|
|
||||||
die "Could not mkpath backup dir '$opt{'backup-dir'}': $@\n" if $@;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
push(@rsync, "--backup", "--backup-dir=$opt{'backup-dir'}");
|
|
||||||
}
|
|
||||||
# Pass options along to rsync
|
|
||||||
if ($opt{'dry-run'}) {
|
|
||||||
push @rsync, '--dry-run';
|
|
||||||
}
|
|
||||||
# Pass options along to rsync
|
|
||||||
if ($opt{'verbose'} > 1) {
|
|
||||||
push @rsync, '--verbose';
|
|
||||||
}
|
|
||||||
# }}}
|
|
||||||
|
|
||||||
# See if role-list is actually relative to source, and pre-pend source
|
|
||||||
# if need be.
|
|
||||||
unless ($opt{'role-list'} =~ m#^/# or
|
|
||||||
$opt{'role-list'} =~ m#^\./# or
|
|
||||||
$opt{'role-list'} =~ m#^[\w@\.-]+:#) {
|
|
||||||
if (not defined $opt{source}) {
|
|
||||||
die "Relative path to role-list given, but source not defined!\n\n$usage\n";
|
|
||||||
}
|
|
||||||
$opt{'role-list'} = $opt{source} . '/' . $opt{'role-list'};
|
|
||||||
}
|
|
||||||
|
|
||||||
# auto-detect remote role list
|
|
||||||
if ($opt{'role-list'} =~ m#^[\w@\.-]+:#) {
|
|
||||||
$opt{'remote-role-list'} = 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Copy a remote list locally
|
|
||||||
if ($opt{'remote-role-list'}) {
|
|
||||||
# We need a cache directory if the role list is not local
|
|
||||||
if (not defined $opt{cache}) {
|
|
||||||
die "Remote path to role-list given, but cache not defined!\n\n$usage\n";
|
|
||||||
}
|
|
||||||
# Look at source type, and add options if necessary
|
|
||||||
if ($opt{'rsh'} or $opt{'role-list'} =~ m/^[\w@\.-]+::/) {
|
|
||||||
# This is tunnelled rsync, and so needs an extra option
|
|
||||||
if ($opt{'rsh'}) {
|
|
||||||
push @rsync, '-e', $opt{'rsh'};
|
|
||||||
} else {
|
|
||||||
push @rsync, '-e', 'ssh';
|
|
||||||
}
|
|
||||||
}
|
|
||||||
sync_list();
|
|
||||||
}
|
|
||||||
|
|
||||||
# Read in the roles list
|
|
||||||
my @roles = ();
|
|
||||||
my $host_found = 0;
|
|
||||||
($opt{verbose} > 0) and print STDERR "$PROG: Reading '$opt{'role-list'}'\n";
|
|
||||||
open(ROLES, "<", $opt{'role-list'})
|
|
||||||
or die "Could not open '$opt{'role-list'}' for reading: $!\n";
|
|
||||||
while(<ROLES>) {
|
|
||||||
s/#.*//; # Strip comments
|
|
||||||
chomp;
|
|
||||||
if (s/^$opt{hostname}:\s*//) {
|
|
||||||
$host_found++;
|
|
||||||
push @roles, split();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
close(ROLES)
|
|
||||||
or die "Could not close '$opt{'role-list'}': $!\n";
|
|
||||||
if (not $host_found) {
|
|
||||||
die "Host '$opt{hostname}' not found in '$opt{'role-list'}'!\n";
|
|
||||||
}
|
|
||||||
print join("\n", @roles), "\n";
|
|
||||||
exit 0;
|
|
||||||
|
|
||||||
sub sync_list () {
|
|
||||||
my $source = $opt{'role-list'};
|
|
||||||
my $destination = $opt{cache} . "/_role_list";
|
|
||||||
unless (-d $opt{cache}) {
|
|
||||||
eval { mkpath($opt{cache}); };
|
|
||||||
die "Could not mkpath '$opt{cache}': $@\n" if $@;
|
|
||||||
}
|
|
||||||
# All this to run an rsync command
|
|
||||||
my @command = (@rsync, $source, $destination);
|
|
||||||
($opt{verbose} > 0) and print STDERR "$PROG: Calling '@command'\n";
|
|
||||||
Slack::wrap_rsync(@command);
|
|
||||||
$opt{'role-list'} = $destination;
|
|
||||||
}
|
|
||||||
|
|
149
slack-dist/dist/slack-installfiles
vendored
149
slack-dist/dist/slack-installfiles
vendored
@ -1,149 +0,0 @@
|
|||||||
#!/usr/bin/perl -w
|
|
||||||
# $Id: slack-installfiles 180 2008-01-19 08:26:19Z alan $
|
|
||||||
# vim:sw=2
|
|
||||||
# vim600:fdm=marker
|
|
||||||
# Copyright (C) 2004-2008 Alan Sundell <alan@sundell.net>
|
|
||||||
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
|
|
||||||
# See the file COPYING for details.
|
|
||||||
#
|
|
||||||
# This script is in charge of copying files from the local stage to the root
|
|
||||||
# of the local filesystem
|
|
||||||
|
|
||||||
require 5.006;
|
|
||||||
use warnings FATAL => qw(all);
|
|
||||||
use strict;
|
|
||||||
use sigtrap qw(die untrapped normal-signals
|
|
||||||
stack-trace any error-signals);
|
|
||||||
|
|
||||||
use File::Path;
|
|
||||||
|
|
||||||
use constant LIB_DIR => '/usr/lib/slack';
|
|
||||||
use lib LIB_DIR;
|
|
||||||
use Slack;
|
|
||||||
|
|
||||||
my @rsync = ('rsync',
|
|
||||||
'--relative',
|
|
||||||
'--times',
|
|
||||||
'--perms',
|
|
||||||
'--group',
|
|
||||||
'--owner',
|
|
||||||
'--links',
|
|
||||||
'--devices',
|
|
||||||
'--sparse',
|
|
||||||
'--no-implied-dirs', # SO GOOD!
|
|
||||||
'--files-from=-',
|
|
||||||
'--from0',
|
|
||||||
);
|
|
||||||
|
|
||||||
(my $PROG = $0) =~ s#.*/##;
|
|
||||||
|
|
||||||
sub install_files ($);
|
|
||||||
|
|
||||||
########################################
|
|
||||||
# Environment
|
|
||||||
# Helpful prefix to die messages
|
|
||||||
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
|
|
||||||
# Set a reasonable umask
|
|
||||||
umask 077;
|
|
||||||
# Get out of wherever (possibly NFS-mounted) we were
|
|
||||||
chdir("/")
|
|
||||||
or die "Could not chdir /: $!";
|
|
||||||
# Autoflush on STDERR
|
|
||||||
select((select(STDERR), $|=1)[0]);
|
|
||||||
|
|
||||||
########################################
|
|
||||||
# Config and option parsing {{{
|
|
||||||
my $usage = Slack::default_usage("$PROG [options] <role> [<role>...]");
|
|
||||||
# Option defaults
|
|
||||||
my %opt = ();
|
|
||||||
Slack::get_options(
|
|
||||||
opthash => \%opt,
|
|
||||||
usage => $usage,
|
|
||||||
required_options => [ qw(root stage) ],
|
|
||||||
);
|
|
||||||
# }}}
|
|
||||||
|
|
||||||
# Arguments are required
|
|
||||||
die "No roles given!\n\n$usage" unless @ARGV;
|
|
||||||
|
|
||||||
unless (-d $opt{root}) {
|
|
||||||
if (not $opt{'dry-run'}) {
|
|
||||||
eval {
|
|
||||||
mkpath($opt{root});
|
|
||||||
# We have a tight umask, and a root of mode 0700 would be undesirable
|
|
||||||
# in most cases.
|
|
||||||
chmod(0755, $opt{root});
|
|
||||||
};
|
|
||||||
die "Could not mkpath destination directory '$opt{root}': $@\n" if $@;
|
|
||||||
}
|
|
||||||
warn "WARNING[$PROG]: Created destination directory '".$opt{root}."'\n";
|
|
||||||
}
|
|
||||||
|
|
||||||
# Prepare for backups
|
|
||||||
if ($opt{backup} and $opt{'backup-dir'}) {
|
|
||||||
# Make sure backup directory exists
|
|
||||||
unless (-d $opt{'backup-dir'}) {
|
|
||||||
($opt{verbose} > 0) and print STDERR "$PROG: Creating backup directory '$opt{'backup-dir'}'\n";
|
|
||||||
if (not $opt{'dry-run'}) {
|
|
||||||
eval { mkpath($opt{'backup-dir'}); };
|
|
||||||
die "Could not mkpath backup dir '$opt{'backup-dir'}': $@\n" if $@;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
push(@rsync, "--backup", "--backup-dir=$opt{'backup-dir'}");
|
|
||||||
}
|
|
||||||
# Pass options along to rsync
|
|
||||||
if ($opt{'dry-run'}) {
|
|
||||||
push @rsync, '--dry-run';
|
|
||||||
}
|
|
||||||
if ($opt{'verbose'} > 1) {
|
|
||||||
push @rsync, '--verbose';
|
|
||||||
}
|
|
||||||
|
|
||||||
# copy over the new files
|
|
||||||
for my $role (@ARGV) {
|
|
||||||
install_files($role);
|
|
||||||
}
|
|
||||||
exit 0;
|
|
||||||
|
|
||||||
# This subroutine takes care of actually installing the files for a role
|
|
||||||
sub install_files ($) {
|
|
||||||
my ($role) = @_;
|
|
||||||
# final / is important for rsync
|
|
||||||
my $source = $opt{stage} . "/roles/" . $role . "/files/";
|
|
||||||
my $destination = $opt{root} . "/";
|
|
||||||
my @command = (@rsync, $source, $destination);
|
|
||||||
|
|
||||||
if (not -d $source) {
|
|
||||||
($opt{verbose} > 0) and
|
|
||||||
print STDERR "$PROG: No files to install -- '$source' does not exist\n";
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Try to give some sensible message here
|
|
||||||
if ($opt{verbose} > 0) {
|
|
||||||
if ($opt{'dry-run'}) {
|
|
||||||
print STDERR "$PROG: Dry-run syncing '$source' to '$destination'\n";
|
|
||||||
} else {
|
|
||||||
print STDERR "$PROG: Syncing '$source' to '$destination'\n";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
my ($fh) = Slack::wrap_rsync_fh(@command);
|
|
||||||
|
|
||||||
select((select($fh), $|=1)[0]); # Turn on autoflush
|
|
||||||
|
|
||||||
my $callback = sub {
|
|
||||||
my ($file) = @_;
|
|
||||||
($file =~ s#^$source##)
|
|
||||||
or die "sub failed: $source|$file";
|
|
||||||
print $fh "$file\0";
|
|
||||||
};
|
|
||||||
|
|
||||||
# This will print files to be synced to the $fh
|
|
||||||
Slack::find_files_to_install($source, $destination, $callback);
|
|
||||||
|
|
||||||
# Close fh, waitpid, and check return value
|
|
||||||
unless (close($fh)) {
|
|
||||||
Slack::check_system_exit(@command);
|
|
||||||
}
|
|
||||||
}
|
|
146
slack-dist/dist/slack-rolediff
vendored
146
slack-dist/dist/slack-rolediff
vendored
@ -1,146 +0,0 @@
|
|||||||
#!/usr/bin/perl -w
|
|
||||||
# $Id: slack-rolediff 125 2006-09-27 07:50:07Z alan $
|
|
||||||
# vim:sw=2
|
|
||||||
# vim600:fdm=marker
|
|
||||||
# Copyright (C) 2004-2006 Alan Sundell <alan@sundell.net>
|
|
||||||
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
|
|
||||||
# See the file COPYING for details.
|
|
||||||
#
|
|
||||||
# This script provides a preview of scripts or files about to be installed.
|
|
||||||
# Basically, it calls diff -- its smarts are in knowing where things are.
|
|
||||||
|
|
||||||
require 5.006;
|
|
||||||
use warnings FATAL => qw(all);
|
|
||||||
use strict;
|
|
||||||
use sigtrap qw(die untrapped normal-signals
|
|
||||||
stack-trace any error-signals);
|
|
||||||
|
|
||||||
use File::Path;
|
|
||||||
use File::Find;
|
|
||||||
|
|
||||||
use constant LIB_DIR => '/usr/lib/slack';
|
|
||||||
use lib LIB_DIR;
|
|
||||||
use Slack;
|
|
||||||
|
|
||||||
my @diff = ('slack-diff',
|
|
||||||
'-uN',
|
|
||||||
);
|
|
||||||
|
|
||||||
# directories to compare
|
|
||||||
my %subdir = (
|
|
||||||
files => 1,
|
|
||||||
scripts => 1,
|
|
||||||
);
|
|
||||||
|
|
||||||
(my $PROG = $0) =~ s#.*/##;
|
|
||||||
|
|
||||||
sub diff ($$;@);
|
|
||||||
|
|
||||||
########################################
|
|
||||||
# Environment
|
|
||||||
# Helpful prefix to die messages
|
|
||||||
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
|
|
||||||
# Set a reasonable umask
|
|
||||||
umask 077;
|
|
||||||
# Get out of wherever (possibly NFS-mounted) we were
|
|
||||||
chdir("/")
|
|
||||||
or die "Could not chdir /: $!";
|
|
||||||
# Autoflush on STDERR
|
|
||||||
select((select(STDERR), $|=1)[0]);
|
|
||||||
|
|
||||||
########################################
|
|
||||||
# Config and option parsing {{{
|
|
||||||
my $usage = Slack::default_usage("$PROG [options] <role> [<role>...]");
|
|
||||||
$usage .= <<EOF;
|
|
||||||
|
|
||||||
--subdir DIR
|
|
||||||
Check this subdir only. Possible values for DIR are 'files' and
|
|
||||||
'scripts'.
|
|
||||||
|
|
||||||
--diff PROG
|
|
||||||
Use this program to do diffs. [@diff]
|
|
||||||
EOF
|
|
||||||
# Option defaults
|
|
||||||
my %opt = ();
|
|
||||||
Slack::get_options(
|
|
||||||
opthash => \%opt,
|
|
||||||
command_line_options => [
|
|
||||||
'subdir=s',
|
|
||||||
'diff=s',
|
|
||||||
],
|
|
||||||
usage => $usage,
|
|
||||||
required_options => [ qw(cache stage root) ],
|
|
||||||
);
|
|
||||||
|
|
||||||
# Arguments are required
|
|
||||||
die "No roles given!\n\n$usage" unless @ARGV;
|
|
||||||
|
|
||||||
# We only allow certain values for this option
|
|
||||||
if ($opt{subdir}) {
|
|
||||||
unless ($opt{subdir} eq 'files' or $opt{subdir} eq 'scripts') {
|
|
||||||
die "--subdir option must be 'files' or 'scripts'\n\n$usage";
|
|
||||||
}
|
|
||||||
# Only do this subdir
|
|
||||||
%subdir = ( $opt{subdir} => 1 );
|
|
||||||
}
|
|
||||||
|
|
||||||
# Let people override our diff. Split on spaces so they can pass args.
|
|
||||||
if ($opt{diff}) {
|
|
||||||
@diff = split(/\s+/, $opt{diff});
|
|
||||||
}
|
|
||||||
|
|
||||||
# }}}
|
|
||||||
|
|
||||||
my $exit = 0;
|
|
||||||
# Do the diffs
|
|
||||||
for my $full_role (@ARGV) {
|
|
||||||
# Split the full role (e.g. google.foogle.woogle) into components
|
|
||||||
my @role = split(/\./, $full_role);
|
|
||||||
|
|
||||||
if ($subdir{scripts}) {
|
|
||||||
# Then we compare the cache vs the stage
|
|
||||||
my $old = $opt{stage} . "/roles/" . $full_role . "/scripts";
|
|
||||||
my $new = $opt{cache} . "/roles/" . $role[0] . "/scripts";
|
|
||||||
# For scripts, we don't care so much about mode and owner (since those are
|
|
||||||
# inherited in the CACHE from the SOURCE), so --noperms.
|
|
||||||
$exit |= diff($old, $new, '--noperms');
|
|
||||||
}
|
|
||||||
|
|
||||||
if ($subdir{files}) {
|
|
||||||
# Then we compare the stage vs the root
|
|
||||||
my $old = $opt{root};
|
|
||||||
my $new = $opt{stage} . "/roles/" . $full_role . "/files";
|
|
||||||
# For files, we don't care about files that exist in $old but not $new
|
|
||||||
$exit |= diff($old, $new, '--unidirectional-new-file');
|
|
||||||
}
|
|
||||||
}
|
|
||||||
exit $exit;
|
|
||||||
|
|
||||||
sub diff ($$;@) {
|
|
||||||
my ($old, $new, @options) = @_;
|
|
||||||
|
|
||||||
my @command = (@diff, @options);
|
|
||||||
|
|
||||||
# return if there's nothing to do
|
|
||||||
return 0 if (not -d $old and not -d $new);
|
|
||||||
|
|
||||||
($opt{verbose} > 0) and print STDERR "$PROG: Previewing with '@command'\n";
|
|
||||||
|
|
||||||
my $return = 0;
|
|
||||||
my $callback = sub {
|
|
||||||
my ($new_file) = @_;
|
|
||||||
my $old_file = $new_file;
|
|
||||||
($old_file =~ s#^$new#$old#)
|
|
||||||
or die "sub failed: $new|$new_file";
|
|
||||||
if (system(@command, $old_file, $new_file) != 0) {
|
|
||||||
$return |= Slack::get_system_exit(@command);
|
|
||||||
}
|
|
||||||
};
|
|
||||||
|
|
||||||
# We have to use this function, rather than recursive mode for slack-diff,
|
|
||||||
# because otherwise we'll print a bunch of bogus stuff about directories
|
|
||||||
# that exist in $ROOT and therefore aren't being synced.
|
|
||||||
Slack::find_files_to_install($new, $old, $callback);
|
|
||||||
|
|
||||||
return $return;
|
|
||||||
}
|
|
111
slack-dist/dist/slack-runscript
vendored
111
slack-dist/dist/slack-runscript
vendored
@ -1,111 +0,0 @@
|
|||||||
#!/usr/bin/perl -w
|
|
||||||
# $Id: slack-runscript 118 2006-09-25 18:35:17Z alan $
|
|
||||||
# vim:sw=2
|
|
||||||
# vim600:fdm=marker
|
|
||||||
# Copyright (C) 2004-2006 Alan Sundell <alan@sundell.net>
|
|
||||||
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
|
|
||||||
# See the file COPYING for details.
|
|
||||||
#
|
|
||||||
# This script is in charge of running scripts out of the local stage
|
|
||||||
|
|
||||||
require 5.006;
|
|
||||||
use warnings FATAL => qw(all);
|
|
||||||
use strict;
|
|
||||||
use sigtrap qw(die untrapped normal-signals
|
|
||||||
stack-trace any error-signals);
|
|
||||||
|
|
||||||
use File::Path;
|
|
||||||
use File::Find;
|
|
||||||
|
|
||||||
use constant LIB_DIR => '/usr/lib/slack';
|
|
||||||
use lib LIB_DIR;
|
|
||||||
use Slack;
|
|
||||||
|
|
||||||
# Export these options to the environment of the script
|
|
||||||
my @export_options = qw(root stage hostname verbose);
|
|
||||||
|
|
||||||
(my $PROG = $0) =~ s#.*/##;
|
|
||||||
|
|
||||||
########################################
|
|
||||||
# Environment
|
|
||||||
# Helpful prefix to die messages
|
|
||||||
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
|
|
||||||
# Set a reasonable umask
|
|
||||||
umask 077;
|
|
||||||
# Autoflush on STDERR
|
|
||||||
select((select(STDERR), $|=1)[0]);
|
|
||||||
# Get out of wherever (possibly NFS-mounted) we were
|
|
||||||
chdir('/')
|
|
||||||
or die "Could not chdir '/': $!";
|
|
||||||
|
|
||||||
########################################
|
|
||||||
# Config and option parsing {{{
|
|
||||||
my $usage = Slack::default_usage("$PROG [options] <action> <role> [<role>...]");
|
|
||||||
# Option defaults
|
|
||||||
my %opt = ();
|
|
||||||
Slack::get_options(
|
|
||||||
opthash => \%opt,
|
|
||||||
usage => $usage,
|
|
||||||
required_options => \@export_options,
|
|
||||||
);
|
|
||||||
|
|
||||||
my $action = shift || die "No script to run!\n\n$usage";
|
|
||||||
# Arguments are required
|
|
||||||
die "No roles given!\n\n$usage" unless @ARGV;
|
|
||||||
|
|
||||||
# }}}
|
|
||||||
|
|
||||||
# Start with a clean environment
|
|
||||||
%ENV = (
|
|
||||||
PATH => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
|
|
||||||
);
|
|
||||||
# Export certain variables to the environment. These are guaranteed to
|
|
||||||
# be set because we require them in get_options above.
|
|
||||||
for my $option (@export_options) {
|
|
||||||
my $env_var = $option;
|
|
||||||
$env_var =~ tr/a-z-/A-Z_/;
|
|
||||||
$ENV{$env_var} = $opt{$option};
|
|
||||||
}
|
|
||||||
# We want to decrement the verbose value for the child if it's set.
|
|
||||||
$ENV{VERBOSE}-- if $ENV{VERBOSE};
|
|
||||||
|
|
||||||
# Run the script for each role given, if it exists and is executable
|
|
||||||
for my $role (@ARGV) {
|
|
||||||
my $script_to_run = "$opt{stage}/roles/$role/scripts/$action";
|
|
||||||
unless (-x $script_to_run) {
|
|
||||||
if (-e _) {
|
|
||||||
# A helpful warning
|
|
||||||
warn "WARNING[$PROG]: Skipping '$script_to_run' because it's not executable\n";
|
|
||||||
} elsif ($opt{verbose} > 0) {
|
|
||||||
print STDERR "$PROG: Skipping '$script_to_run' because it doesn't exist\n";
|
|
||||||
}
|
|
||||||
next;
|
|
||||||
}
|
|
||||||
my $dir;
|
|
||||||
if ($action eq 'fixfiles') {
|
|
||||||
$dir = "$opt{stage}/roles/$role/files";
|
|
||||||
} else {
|
|
||||||
$dir = "$opt{stage}/roles/$role/scripts";
|
|
||||||
}
|
|
||||||
my @command = ($script_to_run , $role);
|
|
||||||
|
|
||||||
# It's OK to chdir even if we're not going to run the script.
|
|
||||||
# Might as well see if it works.
|
|
||||||
chdir($dir)
|
|
||||||
or die "Could not chdir '$dir': $!\n";
|
|
||||||
if ($opt{'dry-run'}) {
|
|
||||||
($opt{verbose} > 0)
|
|
||||||
and print STDERR "$PROG: Not calling '@command' in '$dir' ".
|
|
||||||
"because --dry-run specified.\n";
|
|
||||||
} else {
|
|
||||||
($opt{verbose} > 0)
|
|
||||||
and print STDERR "$PROG: Calling '@command' in '$dir'.\n";
|
|
||||||
unless (system("script /root/slackLog -a -f -c @command") == 0) {
|
|
||||||
Slack::check_system_exit(@command);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
chdir('/')
|
|
||||||
or die "Could not chdir '/': $!\n"
|
|
||||||
}
|
|
||||||
exit 0;
|
|
||||||
|
|
111
slack-dist/dist/slack-runscript.orig
vendored
111
slack-dist/dist/slack-runscript.orig
vendored
@ -1,111 +0,0 @@
|
|||||||
#!/usr/bin/perl -w
|
|
||||||
# $Id: slack-runscript 118 2006-09-25 18:35:17Z alan $
|
|
||||||
# vim:sw=2
|
|
||||||
# vim600:fdm=marker
|
|
||||||
# Copyright (C) 2004-2006 Alan Sundell <alan@sundell.net>
|
|
||||||
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
|
|
||||||
# See the file COPYING for details.
|
|
||||||
#
|
|
||||||
# This script is in charge of running scripts out of the local stage
|
|
||||||
|
|
||||||
require 5.006;
|
|
||||||
use warnings FATAL => qw(all);
|
|
||||||
use strict;
|
|
||||||
use sigtrap qw(die untrapped normal-signals
|
|
||||||
stack-trace any error-signals);
|
|
||||||
|
|
||||||
use File::Path;
|
|
||||||
use File::Find;
|
|
||||||
|
|
||||||
use constant LIB_DIR => '/usr/lib/slack';
|
|
||||||
use lib LIB_DIR;
|
|
||||||
use Slack;
|
|
||||||
|
|
||||||
# Export these options to the environment of the script
|
|
||||||
my @export_options = qw(root stage hostname verbose);
|
|
||||||
|
|
||||||
(my $PROG = $0) =~ s#.*/##;
|
|
||||||
|
|
||||||
########################################
|
|
||||||
# Environment
|
|
||||||
# Helpful prefix to die messages
|
|
||||||
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
|
|
||||||
# Set a reasonable umask
|
|
||||||
umask 077;
|
|
||||||
# Autoflush on STDERR
|
|
||||||
select((select(STDERR), $|=1)[0]);
|
|
||||||
# Get out of wherever (possibly NFS-mounted) we were
|
|
||||||
chdir('/')
|
|
||||||
or die "Could not chdir '/': $!";
|
|
||||||
|
|
||||||
########################################
|
|
||||||
# Config and option parsing {{{
|
|
||||||
my $usage = Slack::default_usage("$PROG [options] <action> <role> [<role>...]");
|
|
||||||
# Option defaults
|
|
||||||
my %opt = ();
|
|
||||||
Slack::get_options(
|
|
||||||
opthash => \%opt,
|
|
||||||
usage => $usage,
|
|
||||||
required_options => \@export_options,
|
|
||||||
);
|
|
||||||
|
|
||||||
my $action = shift || die "No script to run!\n\n$usage";
|
|
||||||
# Arguments are required
|
|
||||||
die "No roles given!\n\n$usage" unless @ARGV;
|
|
||||||
|
|
||||||
# }}}
|
|
||||||
|
|
||||||
# Start with a clean environment
|
|
||||||
%ENV = (
|
|
||||||
PATH => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
|
|
||||||
);
|
|
||||||
# Export certain variables to the environment. These are guaranteed to
|
|
||||||
# be set because we require them in get_options above.
|
|
||||||
for my $option (@export_options) {
|
|
||||||
my $env_var = $option;
|
|
||||||
$env_var =~ tr/a-z-/A-Z_/;
|
|
||||||
$ENV{$env_var} = $opt{$option};
|
|
||||||
}
|
|
||||||
# We want to decrement the verbose value for the child if it's set.
|
|
||||||
$ENV{VERBOSE}-- if $ENV{VERBOSE};
|
|
||||||
|
|
||||||
# Run the script for each role given, if it exists and is executable
|
|
||||||
for my $role (@ARGV) {
|
|
||||||
my $script_to_run = "$opt{stage}/roles/$role/scripts/$action";
|
|
||||||
unless (-x $script_to_run) {
|
|
||||||
if (-e _) {
|
|
||||||
# A helpful warning
|
|
||||||
warn "WARNING[$PROG]: Skipping '$script_to_run' because it's not executable\n";
|
|
||||||
} elsif ($opt{verbose} > 0) {
|
|
||||||
print STDERR "$PROG: Skipping '$script_to_run' because it doesn't exist\n";
|
|
||||||
}
|
|
||||||
next;
|
|
||||||
}
|
|
||||||
my $dir;
|
|
||||||
if ($action eq 'fixfiles') {
|
|
||||||
$dir = "$opt{stage}/roles/$role/files";
|
|
||||||
} else {
|
|
||||||
$dir = "$opt{stage}/roles/$role/scripts";
|
|
||||||
}
|
|
||||||
my @command = ($script_to_run, $role);
|
|
||||||
|
|
||||||
# It's OK to chdir even if we're not going to run the script.
|
|
||||||
# Might as well see if it works.
|
|
||||||
chdir($dir)
|
|
||||||
or die "Could not chdir '$dir': $!\n";
|
|
||||||
if ($opt{'dry-run'}) {
|
|
||||||
($opt{verbose} > 0)
|
|
||||||
and print STDERR "$PROG: Not calling '@command' in '$dir' ".
|
|
||||||
"because --dry-run specified.\n";
|
|
||||||
} else {
|
|
||||||
($opt{verbose} > 0)
|
|
||||||
and print STDERR "$PROG: Calling '@command' in '$dir'.\n";
|
|
||||||
unless (system(@command) == 0) {
|
|
||||||
Slack::check_system_exit(@command);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
chdir('/')
|
|
||||||
or die "Could not chdir '/': $!\n"
|
|
||||||
}
|
|
||||||
exit 0;
|
|
||||||
|
|
278
slack-dist/dist/slack-stage
vendored
278
slack-dist/dist/slack-stage
vendored
@ -1,278 +0,0 @@
|
|||||||
#!/usr/bin/perl -w
|
|
||||||
# $Id: slack-stage 180 2008-01-19 08:26:19Z alan $
|
|
||||||
# vim:sw=2
|
|
||||||
# vim600:fdm=marker
|
|
||||||
# Copyright (C) 2004-2008 Alan Sundell <alan@sundell.net>
|
|
||||||
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
|
|
||||||
# See the file COPYING for details.
|
|
||||||
#
|
|
||||||
# This script is in charge of copying files from the local cache
|
|
||||||
# directory to the local stage, building a unified single tree onstage
|
|
||||||
# from the multiple trees that are the role + subroles in the cache
|
|
||||||
|
|
||||||
require 5.006;
|
|
||||||
use warnings FATAL => qw(all);
|
|
||||||
use strict;
|
|
||||||
use sigtrap qw(die untrapped normal-signals
|
|
||||||
stack-trace any error-signals);
|
|
||||||
|
|
||||||
use File::Path;
|
|
||||||
use File::Find;
|
|
||||||
|
|
||||||
use constant LIB_DIR => '/usr/lib/slack';
|
|
||||||
use lib LIB_DIR;
|
|
||||||
use Slack;
|
|
||||||
|
|
||||||
my @rsync = ('rsync',
|
|
||||||
'--recursive',
|
|
||||||
'--times',
|
|
||||||
'--ignore-times',
|
|
||||||
'--perms',
|
|
||||||
'--sparse',
|
|
||||||
);
|
|
||||||
|
|
||||||
(my $PROG = $0) =~ s#.*/##;
|
|
||||||
|
|
||||||
sub check_stage ();
|
|
||||||
sub sync_role ($$@);
|
|
||||||
sub apply_default_perms_to_role ($$);
|
|
||||||
|
|
||||||
########################################
|
|
||||||
# Environment
|
|
||||||
# Helpful prefix to die messages
|
|
||||||
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
|
|
||||||
# Set a reasonable umask
|
|
||||||
umask 077;
|
|
||||||
# Get out of wherever (possibly NFS-mounted) we were
|
|
||||||
chdir("/")
|
|
||||||
or die "Could not chdir /: $!";
|
|
||||||
# Autoflush on STDERR
|
|
||||||
select((select(STDERR), $|=1)[0]);
|
|
||||||
|
|
||||||
########################################
|
|
||||||
# Config and option parsing {{{
|
|
||||||
my $usage = Slack::default_usage("$PROG [options] <role> [<role>...]");
|
|
||||||
$usage .= <<EOF;
|
|
||||||
|
|
||||||
--subdir DIR
|
|
||||||
Sync this subdir only. Possible values for DIR are 'files' and
|
|
||||||
'scripts'.
|
|
||||||
EOF
|
|
||||||
# Option defaults
|
|
||||||
my %opt = ();
|
|
||||||
Slack::get_options(
|
|
||||||
opthash => \%opt,
|
|
||||||
command_line_options => [
|
|
||||||
'subdir=s',
|
|
||||||
],
|
|
||||||
usage => $usage,
|
|
||||||
required_options => [ qw(cache stage) ],
|
|
||||||
);
|
|
||||||
|
|
||||||
# Arguments are required
|
|
||||||
die "No roles given!\n\n$usage" unless @ARGV;
|
|
||||||
|
|
||||||
# We only allow certain values for this option
|
|
||||||
if ($opt{subdir}) {
|
|
||||||
unless ($opt{subdir} eq 'files' or $opt{subdir} eq 'scripts') {
|
|
||||||
die "--subdir option must be 'files' or 'scripts'\n\n$usage";
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
$opt{subdir} = '';
|
|
||||||
}
|
|
||||||
|
|
||||||
# Prepare for backups
|
|
||||||
if ($opt{backup} and $opt{'backup-dir'}) {
|
|
||||||
# Make sure backup directory exists
|
|
||||||
unless (-d $opt{'backup-dir'}) {
|
|
||||||
($opt{verbose} > 0) and print STDERR "Creating backup directory '$opt{'backup-dir'}'\n";
|
|
||||||
if (not $opt{'dry-run'}) {
|
|
||||||
eval { mkpath($opt{'backup-dir'}); };
|
|
||||||
die "Could not mkpath backup dir '$opt{'backup-dir'}': $@\n" if $@;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
push(@rsync, "--backup", "--backup-dir=$opt{'backup-dir'}");
|
|
||||||
}
|
|
||||||
|
|
||||||
# Pass options along to rsync
|
|
||||||
if ($opt{'dry-run'}) {
|
|
||||||
push @rsync, '--dry-run';
|
|
||||||
}
|
|
||||||
# Pass options along to rsync
|
|
||||||
if ($opt{'verbose'} > 1) {
|
|
||||||
push @rsync, '--verbose';
|
|
||||||
}
|
|
||||||
# }}}
|
|
||||||
|
|
||||||
# copy over the new files
|
|
||||||
for my $full_role (@ARGV) {
|
|
||||||
# Split the full role (e.g. google.foogle.woogle) into components
|
|
||||||
my @role_parts = split(/\./, $full_role);
|
|
||||||
die "Internal error: Expect at least one role part" if not @role_parts;
|
|
||||||
# Reassemble parts one at a time onto @role and sync as we go,
|
|
||||||
# so we do "google", then "google.foogle", then "google.foogle.woogle"
|
|
||||||
my @role = ();
|
|
||||||
# Make sure we've got the right perms before we copy stuff down
|
|
||||||
check_stage();
|
|
||||||
|
|
||||||
# For the base role, do both files and scripts.
|
|
||||||
push @role, shift @role_parts;
|
|
||||||
for my $subdir(qw(files scripts)) {
|
|
||||||
if (not $opt{subdir} or $opt{subdir} eq $subdir) {
|
|
||||||
($opt{verbose} > 1)
|
|
||||||
and print STDERR "$PROG: Calling sync_role for $full_role, @role\n";
|
|
||||||
# @role here will have one element, so sync_role will use --delete
|
|
||||||
sync_role($full_role, $subdir, @role)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# For all subroles, just do the files.
|
|
||||||
# (If we wanted script subroles to work like files, we'd get rid of this
|
|
||||||
# distinction and simplify the code.)
|
|
||||||
if (not $opt{subdir} or $opt{subdir} eq 'files') {
|
|
||||||
while (@role_parts) {
|
|
||||||
push @role, shift @role_parts;
|
|
||||||
($opt{verbose} > 1)
|
|
||||||
and print STDERR "$PROG: Calling sync_role for $full_role, @role\n";
|
|
||||||
sync_role($full_role, 'files', @role);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
for my $subdir (qw(files scripts)) {
|
|
||||||
apply_default_perms_to_role($full_role, $subdir)
|
|
||||||
if (not $opt{subdir} or $opt{subdir} eq $subdir);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
exit 0;
|
|
||||||
|
|
||||||
# Make sure the stage directory exists and is mode 0700, to protect files
|
|
||||||
# underneath in transit
|
|
||||||
sub check_stage () {
|
|
||||||
my $stage = $opt{stage} . "/roles";
|
|
||||||
if (not $opt{'dry-run'}) {
|
|
||||||
if (not -d $stage) {
|
|
||||||
($opt{verbose} > 0) and print STDERR "$PROG: Creating '$stage'\n";
|
|
||||||
eval { mkpath($stage); };
|
|
||||||
die "Could not mkpath cache dir '$stage': $@\n" if $@;
|
|
||||||
}
|
|
||||||
($opt{verbose} > 0) and print STDERR "$PROG: Checking perms on '$stage'\n";
|
|
||||||
if ($> != 0) {
|
|
||||||
warn "WARNING[$PROG]: Not superuser; unable to chown files\n";
|
|
||||||
} else {
|
|
||||||
chown(0, 0, $stage)
|
|
||||||
or die "Could not chown 0:0 '$stage': $!\n";
|
|
||||||
}
|
|
||||||
chmod(0700, $stage)
|
|
||||||
or die "Could not chmod 0700 '$stage': $!\n";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# Copy the files for a role from CACHE to STAGE
|
|
||||||
sub sync_role ($$@) {
|
|
||||||
my ($full_role, $subdir, @role) = @_;
|
|
||||||
my @this_rsync = @rsync;
|
|
||||||
|
|
||||||
# If we were only given one role part, we're in the base role
|
|
||||||
my $in_base_role = (scalar @role == 1);
|
|
||||||
|
|
||||||
# For the base role, delete any files that don't exist in the cache.
|
|
||||||
# Not for the subrole (otherwise we'll delete all files not in
|
|
||||||
# the subrole, which may be most of them!)
|
|
||||||
if ($in_base_role) {
|
|
||||||
push @this_rsync, "--delete";
|
|
||||||
}
|
|
||||||
|
|
||||||
# (a) => a/files
|
|
||||||
# (a,b,c) => a/files.b.c
|
|
||||||
my $src_path = $role[0].'/'.join(".", $subdir, @role[1 .. $#role]);
|
|
||||||
# This one's a little simpler:
|
|
||||||
my $dst_path = $full_role.'/'.$subdir;
|
|
||||||
|
|
||||||
# final / is important for rsync
|
|
||||||
my $source = $opt{cache} . "/roles/" . $src_path . "/";
|
|
||||||
my $destination = $opt{stage} . "/roles/" . $dst_path . "/";
|
|
||||||
if (not -d $destination and -d $source) {
|
|
||||||
($opt{verbose} > 0) and print STDERR "$PROG: Creating '$destination'\n";
|
|
||||||
if (not $opt{'dry-run'}) {
|
|
||||||
eval { mkpath($destination); };
|
|
||||||
die "Could not mkpath stage dir '$destination': $@\n" if $@;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# We no longer require the source to exist
|
|
||||||
if (not -d $source) {
|
|
||||||
# but we need to remove the destination if the source
|
|
||||||
# doesn't exist and we're in the base role
|
|
||||||
if ($in_base_role) {
|
|
||||||
rmtree($destination);
|
|
||||||
# rmtree() doesn't throw exceptions or give a return value useful
|
|
||||||
# for detecting failure, so we just check after the fact.
|
|
||||||
die "Could not rmtree '$destination' when '$source' missing\n"
|
|
||||||
if -e $destination;
|
|
||||||
}
|
|
||||||
# if we continue, rsync will fail because source is missing,
|
|
||||||
# so we don't.
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
# All this to run an rsync command
|
|
||||||
my @command = (@this_rsync, $source, $destination);
|
|
||||||
($opt{verbose} > 0) and print STDERR "$PROG: Syncing $src_path with '@command'\n";
|
|
||||||
Slack::wrap_rsync(@command);
|
|
||||||
}
|
|
||||||
|
|
||||||
# This just takes the base role, and chowns/chmods everything under it to
|
|
||||||
# give it some sensible permissions. Basically, the only thing we preserve
|
|
||||||
# about the original permissions is the executable bit, since that's the
|
|
||||||
# only thing source code controls systems like CVS, RCS, Perforce seem to
|
|
||||||
# preserve.
|
|
||||||
sub apply_default_perms_to_role ($$) {
|
|
||||||
my ($role, $subdir) = @_;
|
|
||||||
my $destination = $opt{stage} . "/roles/" . $role;
|
|
||||||
|
|
||||||
if ($subdir) {
|
|
||||||
$destination .= '/' . $subdir;
|
|
||||||
}
|
|
||||||
|
|
||||||
# If the destination doesn't exist, it's probably because the source didn't
|
|
||||||
return if not -d $destination;
|
|
||||||
|
|
||||||
($opt{verbose} > 0) and print STDERR "$PROG: Setting default perms on $destination\n";
|
|
||||||
if ($> != 0) {
|
|
||||||
warn "WARNING[$PROG]: Not superuser; won't be able to chown files\n";
|
|
||||||
}
|
|
||||||
# Use File::Find to recurse the directory
|
|
||||||
find({
|
|
||||||
# The "wanted" subroutine is called for every directory entry
|
|
||||||
wanted => sub {
|
|
||||||
return if $opt{'dry-run'};
|
|
||||||
($opt{verbose} > 2) and print STDERR "$File::Find::name\n";
|
|
||||||
if (-l) {
|
|
||||||
# symlinks shouldn't be in here,
|
|
||||||
# since we dereference when copying
|
|
||||||
warn "WARNING[$PROG]: Skipping symlink at $File::Find::name: $!\n";
|
|
||||||
return;
|
|
||||||
} elsif (-f _) { # results of last stat saved in the "_"
|
|
||||||
if (-x _) {
|
|
||||||
chmod 0555, $_
|
|
||||||
or die "Could not chmod 0555 $File::Find::name: $!";
|
|
||||||
} else {
|
|
||||||
chmod 0444, $_
|
|
||||||
or die "Could not chmod 0444 $File::Find::name: $!";
|
|
||||||
}
|
|
||||||
} elsif (-d _) {
|
|
||||||
chmod 0755, $_
|
|
||||||
or die "Could not chmod 0755 $File::Find::name: $!";
|
|
||||||
} else {
|
|
||||||
warn "WARNING[$PROG]: Unknown file type at $File::Find::name: $!\n";
|
|
||||||
}
|
|
||||||
return if $> != 0; # skip chowning if not superuser
|
|
||||||
chown 0, 0, $_
|
|
||||||
or die "Could not chown 0:0 $File::Find::name: $!";
|
|
||||||
},
|
|
||||||
# end of wanted function
|
|
||||||
},
|
|
||||||
# way down here, we have the directory to traverse with File::Find
|
|
||||||
$destination,
|
|
||||||
);
|
|
||||||
}
|
|
169
slack-dist/dist/slack-sync
vendored
169
slack-dist/dist/slack-sync
vendored
@ -1,169 +0,0 @@
|
|||||||
#!/usr/bin/perl -w
|
|
||||||
# $Id: slack-sync 180 2008-01-19 08:26:19Z alan $
|
|
||||||
# vim:sw=2
|
|
||||||
# vim600:fdm=marker
|
|
||||||
# Copyright (C) 2004-2008 Alan Sundell <alan@sundell.net>
|
|
||||||
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
|
|
||||||
# See the file COPYING for details.
|
|
||||||
#
|
|
||||||
# This script is in charge of copying files from the (possibly remote)
|
|
||||||
# master directory to a local cache, using rsync
|
|
||||||
|
|
||||||
require 5.006;
|
|
||||||
use warnings FATAL => qw(all);
|
|
||||||
use strict;
|
|
||||||
use sigtrap qw(die untrapped normal-signals
|
|
||||||
stack-trace any error-signals);
|
|
||||||
|
|
||||||
use File::Path;
|
|
||||||
|
|
||||||
use constant LIB_DIR => '/usr/lib/slack';
|
|
||||||
use lib LIB_DIR;
|
|
||||||
use Slack;
|
|
||||||
|
|
||||||
my @rsync = ('rsync',
|
|
||||||
'--cvs-exclude',
|
|
||||||
'--recursive',
|
|
||||||
'--links',
|
|
||||||
'--copy-links',
|
|
||||||
'--times',
|
|
||||||
'--perms',
|
|
||||||
'--sparse',
|
|
||||||
'--delete',
|
|
||||||
'--files-from=-',
|
|
||||||
'--from0',
|
|
||||||
);
|
|
||||||
|
|
||||||
(my $PROG = $0) =~ s#.*/##;
|
|
||||||
|
|
||||||
sub check_cache ($);
|
|
||||||
sub rsync_source ($$@);
|
|
||||||
|
|
||||||
########################################
|
|
||||||
# Environment
|
|
||||||
# Helpful prefix to die messages
|
|
||||||
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
|
|
||||||
# Set a reasonable umask
|
|
||||||
umask 077;
|
|
||||||
# Get out of wherever (possibly NFS-mounted) we were
|
|
||||||
chdir("/")
|
|
||||||
or die "Could not chdir /: $!";
|
|
||||||
# Autoflush on STDERR
|
|
||||||
select((select(STDERR), $|=1)[0]);
|
|
||||||
|
|
||||||
########################################
|
|
||||||
# Config and option parsing {{{
|
|
||||||
my $usage = Slack::default_usage("$PROG [options] <role> [<role>...]");
|
|
||||||
# Option defaults
|
|
||||||
my %opt = ();
|
|
||||||
Slack::get_options(
|
|
||||||
opthash => \%opt,
|
|
||||||
usage => $usage,
|
|
||||||
required_options => [ qw(source cache) ],
|
|
||||||
);
|
|
||||||
|
|
||||||
# Arguments are required
|
|
||||||
die "No roles given!\n\n$usage" unless @ARGV;
|
|
||||||
|
|
||||||
# Prepare for backups
|
|
||||||
if ($opt{backup} and $opt{'backup-dir'}) {
|
|
||||||
# Make sure backup directory exists
|
|
||||||
unless (-d $opt{'backup-dir'}) {
|
|
||||||
($opt{verbose} > 0) and print STDERR "Creating backup directory '$opt{'backup-dir'}'\n";
|
|
||||||
if (not $opt{'dry-run'}) {
|
|
||||||
eval { mkpath($opt{'backup-dir'}); };
|
|
||||||
die "Could not mkpath backup dir '$opt{'backup-dir'}': $@\n" if $@;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
push(@rsync, "--backup", "--backup-dir=$opt{'backup-dir'}");
|
|
||||||
}
|
|
||||||
# Look at source type, and add options if necessary
|
|
||||||
if ($opt{'rsh'} or $opt{source} =~ m/^[\w@\.-]+::/) {
|
|
||||||
# This is tunnelled rsync, and so needs an extra option
|
|
||||||
if ($opt{'rsh'}) {
|
|
||||||
push @rsync, '-e', $opt{'rsh'};
|
|
||||||
} else {
|
|
||||||
push @rsync, '-e', 'ssh';
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# Pass options along to rsync
|
|
||||||
if ($opt{'dry-run'}) {
|
|
||||||
push @rsync, '--dry-run';
|
|
||||||
}
|
|
||||||
# Pass options along to rsync
|
|
||||||
if ($opt{'verbose'} > 1) {
|
|
||||||
push @rsync, '--verbose';
|
|
||||||
}
|
|
||||||
# }}}
|
|
||||||
|
|
||||||
my @roles = ();
|
|
||||||
|
|
||||||
{
|
|
||||||
# This hash is just to avoid calling rsync twice if two subroles are
|
|
||||||
# installed. We only care since it's remote, and therefore slow.
|
|
||||||
my %roles_to_sync = ();
|
|
||||||
|
|
||||||
# copy over the new files
|
|
||||||
for my $full_role (@ARGV) {
|
|
||||||
# Get the first element of the role name (the base role)
|
|
||||||
# e.g., from "google.foogle.woogle", get "google"
|
|
||||||
my $base_role = (split /\./, $full_role, 2)[0];
|
|
||||||
|
|
||||||
$roles_to_sync{$base_role} = 1;
|
|
||||||
}
|
|
||||||
@roles = keys %roles_to_sync;
|
|
||||||
}
|
|
||||||
|
|
||||||
my $cache = $opt{cache} . "/roles/";
|
|
||||||
# Make sure we've got the right perms before we copy stuff down
|
|
||||||
check_cache($cache);
|
|
||||||
|
|
||||||
rsync_source(
|
|
||||||
$opt{source} . '/roles/',
|
|
||||||
$cache,
|
|
||||||
@roles,
|
|
||||||
);
|
|
||||||
|
|
||||||
exit 0;
|
|
||||||
|
|
||||||
# Make sure the cache directory exists and is mode 0700, to protect files
|
|
||||||
# underneath in transit
|
|
||||||
sub check_cache ($) {
|
|
||||||
my ($cache) = @_;
|
|
||||||
if (not $opt{'dry-run'}) {
|
|
||||||
if (not -d $cache) {
|
|
||||||
($opt{verbose} > 0) and print STDERR "$PROG: Creating '$cache'\n";
|
|
||||||
eval { mkpath($cache); };
|
|
||||||
die "Could not mkpath cache dir '$cache': $@\n" if $@;
|
|
||||||
}
|
|
||||||
($opt{verbose} > 0) and print STDERR "$PROG: Checking perms on '$cache'\n";
|
|
||||||
if ($> != 0) {
|
|
||||||
warn "WARNING[$PROG]: Not superuser; unable to chown files\n";
|
|
||||||
} else {
|
|
||||||
chown(0, 0, $cache)
|
|
||||||
or die "Could not chown 0:0 '$cache': $!\n";
|
|
||||||
}
|
|
||||||
chmod(0700, $cache)
|
|
||||||
or die "Could not chmod 0700 '$cache': $!\n";
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# Pull down roles from an rsync source
|
|
||||||
sub rsync_source($$@) {
|
|
||||||
my ($source, $destination, @roles) = @_;
|
|
||||||
my @command = (@rsync, $source, $destination);
|
|
||||||
|
|
||||||
($opt{verbose} > 0)
|
|
||||||
and print STDERR "$PROG: Syncing cache with '@command'\n";
|
|
||||||
|
|
||||||
my ($fh) = Slack::wrap_rsync_fh(@command);
|
|
||||||
|
|
||||||
# Shove the roles down its throat
|
|
||||||
print $fh join("\0", @roles), "\0";
|
|
||||||
|
|
||||||
# Close fh, waitpid, and check return value
|
|
||||||
unless (close($fh)) {
|
|
||||||
Slack::check_system_exit(@command);
|
|
||||||
}
|
|
||||||
}
|
|
0
slack-dist/dist/slack.conf
vendored
0
slack-dist/dist/slack.conf
vendored
6
slack-dist/env/prod/SlackConfig-prod.config
vendored
6
slack-dist/env/prod/SlackConfig-prod.config
vendored
@ -1,6 +0,0 @@
|
|||||||
ROLE_LIST=techops.turnsys.net:/var/www/html/tsys-techops/slack/prod/etc/roles.conf
|
|
||||||
SOURCE=techops.turnsys.net:/var/www/html/tsys-techops
|
|
||||||
CACHE=/var/cache/slack
|
|
||||||
STAGE=/var/lib/slack/stage
|
|
||||||
ROOT=/
|
|
||||||
BACKUP_DIR=/var/lib/slack/backups
|
|
4
slack-dist/env/prod/SlackSSH-prod.config
vendored
4
slack-dist/env/prod/SlackSSH-prod.config
vendored
@ -1,4 +0,0 @@
|
|||||||
Host techops.turnsys.net
|
|
||||||
User tsys-techops
|
|
||||||
IdentityFile /root/.ssh/SlackSSH-prod.key
|
|
||||||
StrictHostKeyChecking no
|
|
27
slack-dist/env/prod/SlackSSH-prod.key
vendored
27
slack-dist/env/prod/SlackSSH-prod.key
vendored
@ -1,27 +0,0 @@
|
|||||||
-----BEGIN RSA PRIVATE KEY-----
|
|
||||||
MIIEpAIBAAKCAQEAs7Ndaskoh0HVk4NSc8eR3PNBilv9DuWw8tjquo/7VEappkg3
|
|
||||||
F8IlvxitVIxGoZEf2bkEigcYgB+l/6j5ubIKZ8R2vUzY3sSZpl5KGl/2yl+TtO/9
|
|
||||||
F7ZyhYbR348gEDZMFCKUXdFsdCArf6u6nmbWaYGrunRRl/fPwNbmO7c0WF/UEqvB
|
|
||||||
cmJGY7772SJuuQUl/rhy9y4PJr8dmj7K04XU7tLJKqz83PLCiXis+g255vBJPjqA
|
|
||||||
MJG9hRo/8kQmNTbDR4dEwBRjce2Lo6iBaw4NHQ4mjYhZDprH6kZdfvDd6fs6+hJR
|
|
||||||
NIsUX3Q9g8wAReBqdtFED32QenoBKvshoZD78wIDAQABAoIBAGcw/toNfcp+EalN
|
|
||||||
5hE6bxaUUfSj8mOVntE1o0VS3R5+HXmxSoHIKWjdQNumWgD5l3Ktfl/Mx1L72ZVA
|
|
||||||
cXcjODpyZUU7VeZGu3z/9EnFBbEcxXNHxOzTBlyLGQXp6J2msHV3jf95/W+J8bC0
|
|
||||||
6st/fmzD29uMZDaCRbkVLszn3ZVJKzO4EMNg5nfzf0ET9I77/fIgJE7whnCS9lE3
|
|
||||||
0ELH4G/gCD/Rbjp9c6J+E55RvUNMoGECKy5NOKbFYNSEYQiIHpqceYzn82xHtErQ
|
|
||||||
rOz1MtikJHw6ACObsmsifobeGhHcuGqO99iHMmTIpBfLms0Dozr5oz1CODMwSkOP
|
|
||||||
j59RL7ECgYEA505s5NkBc7/aqQTLYdkdhcwi8ttbbPFYSMEuSvKV3GcuOA9S2pVZ
|
|
||||||
RdOE+u2ieEoJuvxbo02xhPSPz4w1VeqBjEoW1jFv1yaRDQG5h8f4Ya8aRCoBg/4c
|
|
||||||
V98cnUbtRym1YrXRSZ8TQVPpFA31A3SAgJSEojQRV09AMpjAHEJvBFcCgYEAxuKP
|
|
||||||
1W7oFPwQdnFUjKvEi+YHli6Jhq3ERrRfI2q9GDCRxyHX/agEtIELjrNk4OdKvjdn
|
|
||||||
oTnxfhI4g59yrOLa7tbV06T8L/ifk1zUG4rhiaZrTIRFGvtTeUoGN7ag/TVc/4Vp
|
|
||||||
RQa05z+MIrIf1jeSAShRIksNmy5n7j53rScTY8UCgYEApHS6L6uqwKVzziA+in9X
|
|
||||||
4j1Vy93yju65mmDfjSIVMvOZhPpAKnFtW5wcPFyg222opW2vqdgfkyxe424IreFh
|
|
||||||
4mD7A6d6oTomf1zukH+5NZrNzhEfqr0NYdyb96bqJWKeOGSVPQcBJb2HRl72CVLX
|
|
||||||
2pO+CaWDftQ2DMNWM8F4NVkCgYBZhUNOw7QNNgRG++4dv3chrXG+xMW8bFzLooas
|
|
||||||
T3A8Aiir5GzvTQCJKwjDu7Xtkc5P3mpz5LvxjkwH2u5oKVh4ZxUqRboJ8bQKRZ9n
|
|
||||||
olSwe8sSTvs4EOZa0toHm9nM/4cTsL5YhpNI/46ZU2oHJ0493SLf975xGitHzrBZ
|
|
||||||
rRwKLQKBgQCIKEi7Vjl7noNc6O2lIJG6GLAmpLsemcweP90wcpotV/qafsChZMt2
|
|
||||||
LSai+iSdguFFu/J0KpfTkxuEeH5aT0D28zRUy3kP7WlP3wOTcDM/6iYsjLNIqeHf
|
|
||||||
X5AL3SFCbMemCZsvBVtPwfli7rsJNft/98VDlhkOaCyMa+sRjEEhlg==
|
|
||||||
-----END RSA PRIVATE KEY-----
|
|
1
slack-dist/env/prod/SlackSSH-prod.key.pub
vendored
1
slack-dist/env/prod/SlackSSH-prod.key.pub
vendored
@ -1 +0,0 @@
|
|||||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzs11qySiHQdWTg1Jzx5Hc80GKW/0O5bDy2Oq6j/tURqmmSDcXwiW/GK1UjEahkR/ZuQSKBxiAH6X/qPm5sgpnxHa9TNjexJmmXkoaX/bKX5O07/0XtnKFhtHfjyAQNkwUIpRd0Wx0ICt/q7qeZtZpgau6dFGX98/A1uY7tzRYX9QSq8FyYkZjvvvZIm65BSX+uHL3Lg8mvx2aPsrThdTu0skqrPzc8sKJeKz6Dbnm8Ek+OoAwkb2FGj/yRCY1NsNHh0TAFGNx7YujqIFrDg0dDiaNiFkOmsfqRl1+8N3p+zr6ElE0ixRfdD2DzABF4Gp20UQPfZB6egEq+yGhkPvz charles@ultix
|
|
Binary file not shown.
File diff suppressed because it is too large
Load Diff
@ -1,9 +0,0 @@
|
|||||||
[stream]
|
|
||||||
# Enable this on slaves, to have them send metrics.
|
|
||||||
enabled = yes
|
|
||||||
destination = tcp:toolbox.turnsys.net:19999
|
|
||||||
api key = 6ed9e20a-c819-4ebc-b894-322eb0710d03
|
|
||||||
timeout seconds = 60
|
|
||||||
buffer size bytes = 1048576
|
|
||||||
reconnect delay seconds = 5
|
|
||||||
initial clock resync iterations = 60
|
|
@ -1,9 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
echo "stopping netdata..."
|
|
||||||
service netdata stop
|
|
||||||
|
|
||||||
echo "starting netdata..."
|
|
||||||
service netdata start
|
|
||||||
|
|
||||||
echo "netdata file refresh"
|
|
File diff suppressed because it is too large
Load Diff
@ -1,9 +0,0 @@
|
|||||||
[stream]
|
|
||||||
# Enable this on slaves, to have them send metrics.
|
|
||||||
enabled = yes
|
|
||||||
destination = tcp:toolbox.turnsys.net:19999
|
|
||||||
api key = 6ed9e20a-c819-4ebc-b894-322eb0710d03
|
|
||||||
timeout seconds = 60
|
|
||||||
buffer size bytes = 1048576
|
|
||||||
reconnect delay seconds = 5
|
|
||||||
initial clock resync iterations = 60
|
|
@ -1,8 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
echo "stopping ossec..."
|
|
||||||
/var/ossec/bin/ossec-control stop
|
|
||||||
|
|
||||||
echo "starting ossec..."
|
|
||||||
/var/ossec/bin/ossec-control start
|
|
||||||
|
|
@ -1,3 +0,0 @@
|
|||||||
postmaster: root
|
|
||||||
root: prodtechopsalerts@turnsys.com
|
|
||||||
|
|
@ -1,11 +0,0 @@
|
|||||||
The first element of the path is a directory where the debian-sa1
|
|
||||||
# script is located
|
|
||||||
PATH=/usr/lib/sysstat:/usr/sbin:/usr/sbin:/usr/bin:/sbin:/bin
|
|
||||||
|
|
||||||
# Activity reports every 10 minutes everyday
|
|
||||||
*/2 * * * * root command -v debian-sa1 > /dev/null && debian-sa1 1 1
|
|
||||||
|
|
||||||
# Additional run at 23:59 to rotate the statistics file
|
|
||||||
59 23 * * * root command -v debian-sa1 > /dev/null && debian-sa1 60 2
|
|
||||||
|
|
||||||
|
|
@ -1,11 +0,0 @@
|
|||||||
# This file controls the activity of snmpd
|
|
||||||
|
|
||||||
# Don't load any MIBs by default.
|
|
||||||
# You might comment this lines once you have the MIBs downloaded.
|
|
||||||
export MIBS=
|
|
||||||
|
|
||||||
# snmpd control (yes means start daemon).
|
|
||||||
SNMPDRUN=yes
|
|
||||||
|
|
||||||
# snmpd options (use syslog, close stdin/out/err).
|
|
||||||
SNMPDOPTS='-LS0-5d -Lf /dev/null -u snmp -g snmp -p /run/snmpd.pid'
|
|
@ -1,10 +0,0 @@
|
|||||||
===============================================================================
|
|
||||||
|
|
||||||
This is a private computer system. These resources, including all
|
|
||||||
related equipment, networks, and devices, are provided for authorized
|
|
||||||
use only. The system may be monitored for all lawful purposes. Evidence
|
|
||||||
of unauthorized use collected during monitoring may be used for criminal
|
|
||||||
prosecution by staff, legal counsel, and law enforcement agencies.
|
|
||||||
|
|
||||||
===============================================================================
|
|
||||||
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user