rollup from old
This commit is contained in:
parent
119169009f
commit
17ed3bce46
0
archive/CMDB/snmp/.svn/text-base/setup-snmp.sh.svn-base
Executable file → Normal file
0
archive/CMDB/snmp/.svn/text-base/setup-snmp.sh.svn-base
Executable file → Normal file
0
archive/CMDB/snmp/distro
Executable file → Normal file
0
archive/CMDB/snmp/distro
Executable file → Normal file
0
archive/CMDB/snmp/setup-snmp.sh
Executable file → Normal file
0
archive/CMDB/snmp/setup-snmp.sh
Executable file → Normal file
0
archive/CMDB/zenossScan.sh
Executable file → Normal file
0
archive/CMDB/zenossScan.sh
Executable file → Normal file
0
archive/lab/vagrant/docker/thefnf/freeside/Makefile
Executable file → Normal file
0
archive/lab/vagrant/docker/thefnf/freeside/Makefile
Executable file → Normal file
@ -1,53 +0,0 @@
|
||||
#
|
||||
# Shorewall version 4 - conntrack File
|
||||
#
|
||||
# For information about entries in this file, type "man shorewall-conntrack"
|
||||
#
|
||||
##############################################################################################################
|
||||
?FORMAT 3
|
||||
#ACTION SOURCE DESTINATION PROTO DEST SOURCE USER/ SWITCH
|
||||
# PORT(S) PORT(S) GROUP
|
||||
?if $AUTOHELPERS && __CT_TARGET
|
||||
|
||||
?if __AMANDA_HELPER
|
||||
CT:helper:amanda:PO - - udp 10080
|
||||
?endif
|
||||
|
||||
?if __FTP_HELPER
|
||||
CT:helper:ftp:PO - - tcp 21
|
||||
?endif
|
||||
|
||||
?if __H323_HELPER
|
||||
CT:helper:RAS:PO - - udp 1719
|
||||
CT:helper:Q.931:PO - - tcp 1720
|
||||
?endif
|
||||
|
||||
?if __IRC_HELPER
|
||||
CT:helper:irc:PO - - tcp 6667
|
||||
?endif
|
||||
|
||||
?if __NETBIOS_NS_HELPER
|
||||
CT:helper:netbios-ns:PO - - udp 137
|
||||
?endif
|
||||
|
||||
?if __PPTP_HELPER
|
||||
CT:helper:pptp:PO - - tcp 1723
|
||||
?endif
|
||||
|
||||
?if __SANE_HELPER
|
||||
CT:helper:sane:PO - - tcp 6566
|
||||
?endif
|
||||
|
||||
?if __SIP_HELPER
|
||||
CT:helper:sip:PO - - udp 5060
|
||||
?endif
|
||||
|
||||
?if __SNMP_HELPER
|
||||
CT:helper:snmp:PO - - udp 161
|
||||
?endif
|
||||
|
||||
?if __TFTP_HELPER
|
||||
CT:helper:tftp:PO - - udp 69
|
||||
?endif
|
||||
|
||||
?endif
|
@ -1,13 +0,0 @@
|
||||
#ZONE INTERFACE OPTIONS
|
||||
rr eth0 detect tcpflags,nosmurfs,routefilter,logmartians
|
||||
wan eth1 detect tcpflags,nosmurfs,routefilter,logmartians,sourceroute=0
|
||||
barm eth2 detect tcpflags,nosmurfs,routefilter,logmartians
|
||||
mgmt eth3 detect tcpflags,nosmurfs,routefilter,logmartians
|
||||
asn eth4 detect tcpflags,nosmurfs,routefilter,logmartians
|
||||
s2l eth5 detect tcpflags,nosmurfs,routefilter,logmartians
|
||||
fnf eth6 detect tcpflags,nosmurfs,routefilter,logmartians
|
||||
knel eth7 detect tcpflags,nosmurfs,routefilter,logmartians
|
||||
tsys eth8 detect tcpflags,nosmurfs,routefilter,logmartians
|
||||
vpnrwr tun0 detect dhcp
|
||||
vpnauslab tun1 detect dhcp
|
||||
vpnasn2net tun2 detect dhcp
|
@ -1,19 +0,0 @@
|
||||
#
|
||||
# Shorewall version 4.0 - Sample Masq file for two-interface configuration.
|
||||
# Copyright (C) 2006 by the Shorewall Team
|
||||
#
|
||||
# This library is free software; you can redistribute it and/or
|
||||
# modify it under the terms of the GNU Lesser General Public
|
||||
# License as published by the Free Software Foundation; either
|
||||
# version 2.1 of the License, or (at your option) any later version.
|
||||
#
|
||||
# See the file README.txt for further details.
|
||||
#------------------------------------------------------------------------------
|
||||
# For information about entries in this file, type "man shorewall-masq"
|
||||
################################################################################################################
|
||||
#INTERFACE:DEST SOURCE ADDRESS PROTO PORT(S) IPSEC MARK USER/ SWITCH ORIGINAL
|
||||
# GROUP DEST
|
||||
eth1 10.0.0.0/8,\
|
||||
169.254.0.0/16,\
|
||||
172.16.0.0/12,\
|
||||
192.168.0.0/16
|
@ -1,28 +0,0 @@
|
||||
#
|
||||
# Shorewall version 4 - Params File
|
||||
#
|
||||
# /etc/shorewall/params
|
||||
#
|
||||
# Assign any variables that you need here.
|
||||
#
|
||||
# It is suggested that variable names begin with an upper case letter
|
||||
# to distinguish them from variables used internally within the
|
||||
# Shorewall programs
|
||||
#
|
||||
# Example:
|
||||
#
|
||||
# NET_IF=eth0
|
||||
# NET_BCAST=130.252.100.255
|
||||
# NET_OPTIONS=routefilter,norfc1918
|
||||
#
|
||||
# Example (/etc/shorewall/interfaces record):
|
||||
#
|
||||
# net $NET_IF $NET_BCAST $NET_OPTIONS
|
||||
#
|
||||
# The result will be the same as if the record had been written
|
||||
#
|
||||
# net eth0 130.252.100.255 routefilter,norfc1918
|
||||
#
|
||||
###############################################################################
|
||||
|
||||
#LAST LINE -- DO NOT REMOVE
|
@ -1,20 +0,0 @@
|
||||
#SOURCE ZONE DESTINATION ZONE POLICY LOG LIMIT:BURST
|
||||
# LEVEL
|
||||
#Allow the firewall to get out to the net. Updates/e-mail alerts etc. I could pinhole this, but meh COME AT ME NSA
|
||||
$FW wan ACCEPT
|
||||
|
||||
#Road warrior is trusted. It serves as an extension of the mgmt net.
|
||||
vpnrwr all ACCEPT
|
||||
|
||||
#Anything transisting the vpn link between ausprod-core-rtr01 and tsys-rtr has already been passed firewall rules and IPS inspection.
|
||||
#Otherwise I wouldn't allow this
|
||||
vpnauslab all ACCEPT
|
||||
|
||||
#Drop everything inbound from the big bad world that isn't explicitly allowed.
|
||||
#Cause the net is where the NSA lives
|
||||
wan all DROP
|
||||
|
||||
#Drop everything that isn't explicitly allowed.
|
||||
#Make explicit rules for everything yo. The NSA says you should. Duh.
|
||||
# #state-sponsored-malware #stuxnet-was-an-inside-job
|
||||
all all REJECT info
|
@ -1,113 +0,0 @@
|
||||
#ACTION SOURCE DEST PROTO DEST PORT(S) SOURCE ORIGINAL
|
||||
###########################################################################################################################################################################################################
|
||||
#Inbound DNAT forwarding from WAN to various zone/ip pinholes
|
||||
###########################################################################################################################################################################################################
|
||||
#########################################################
|
||||
#KNEL rules
|
||||
#158.69.183.165/29 eth1:2
|
||||
#########################################################
|
||||
DNAT wan knel:10.253.8.72 tcp 443 - 158.69.183.165
|
||||
DNAT wan knel:10.253.8.72 tcp 80 - 158.69.183.165
|
||||
DNAT wan knel:10.253.8.72 tcp 993 - 158.69.183.165
|
||||
DNAT wan knel:10.253.8.72 tcp 25 - 158.69.183.165
|
||||
DNAT wan knel:10.253.8.72 tcp 465 - 158.69.183.165
|
||||
DNAT wan knel:10.253.8.72 tcp 5222 - 158.69.183.165
|
||||
|
||||
#########################################################
|
||||
#TSYS rules
|
||||
#158.69.183.161/29 eth1
|
||||
#########################################################
|
||||
DNAT wan tsys:10.253.9.78 tcp 443 - 158.69.183.161
|
||||
DNAT wan tsys:10.253.9.78 tcp 80 - 158.69.183.161
|
||||
DNAT wan tsys:10.253.9.78 tcp 25 - 158.69.183.161
|
||||
DNAT wan tsys:10.253.9.78 tcp 465 - 158.69.183.161
|
||||
DNAT wan tsys:10.253.9.78 tcp 5222 - 158.69.183.161
|
||||
|
||||
#########################################################
|
||||
#RackRental WAN rules
|
||||
#158.69.183.164/29 eth1:1
|
||||
#########################################################
|
||||
#158.69.183.164/29
|
||||
DNAT wan rr:10.253.6.81 tcp 443 - 158.69.183.164
|
||||
DNAT wan rr:10.253.6.81 tcp 80 - 158.69.183.164
|
||||
|
||||
############################################################
|
||||
#S2l/asn WAN rules handled by their upstream routers/admins
|
||||
############################################################
|
||||
|
||||
###########################################################################################################################################################################################################
|
||||
#site to site and road warrior VPN rules
|
||||
###########################################################################################################################################################################################################
|
||||
|
||||
#Allow road warrior connectivity from anywhere
|
||||
ACCEPT wan fw udp 443
|
||||
|
||||
#Allow auslab site to site vpn
|
||||
ACCEPT wan fw tcp 1195
|
||||
ACCEPT wan fw udp 1195
|
||||
|
||||
|
||||
############################################################
|
||||
#FW rules for RoadWarrior VPN
|
||||
############################################################
|
||||
ACCEPT all vpnrwr all
|
||||
|
||||
############################################################
|
||||
#FW rules for STS VPN - AUSLAB
|
||||
#ACCEPT loc vpnauslab all
|
||||
############################################################
|
||||
ACCEPT vpnauslab all all
|
||||
ACCEPT $FW vpnauslab all
|
||||
|
||||
############################################################
|
||||
#FW rules for STS VPN - client - asn2net
|
||||
#Lock this down soon
|
||||
############################################################
|
||||
ACCEPT $FW vpnasn2net all
|
||||
ACCEPT vpnasn2net $FW all
|
||||
|
||||
|
||||
###########################################################################################################################################################################################################
|
||||
#outbound from various local nets and the firewall to WAN
|
||||
###########################################################################################################################################################################################################
|
||||
ACCEPT rr wan all #Lock this down soon
|
||||
ACCEPT rr tsys all #Lock this down soon
|
||||
ACCEPT knel,tsys,mgmt wan all
|
||||
|
||||
|
||||
#Temp rules to get stuff working..
|
||||
ACCEPT $FW all all #Fw can access everything for now, Lock this down later
|
||||
ACCEPT mgmt $FW
|
||||
|
||||
ACCEPT vpnauslab mgmt all
|
||||
ACCEPT vpnauslab all all
|
||||
|
||||
###########################################################################################################################################################################################################
|
||||
#intra zone pinhole rules
|
||||
###########################################################################################################################################################################################################
|
||||
ACCEPT vpnrwr,rr,barm,tsys,knel,fnf mgmt:10.253.3.86 udp 53
|
||||
ACCEPT vpnrwr,rr,barm,tsys,knel,fnf mgmt:10.253.3.86 tcp 53
|
||||
|
||||
###########################################################################################################################################################################################################
|
||||
#intra zone wide rules
|
||||
###########################################################################################################################################################################################################
|
||||
#Mgmt can hit everything yo, cause it's fucking management with a capital M
|
||||
ACCEPT mgmt barm,tsys,knel,fnf,vpnrwr,asn,s2l,vpnauslab all
|
||||
|
||||
#Ad replication rule
|
||||
ACCEPT mgmt:10.253.3.86 vpnauslab:10.251.2.98 all
|
||||
ACCEPT vpnauslab:10.251.2.98 mgmt:10.253.3.86 all
|
||||
|
||||
#Zenoss rule
|
||||
ACCEPT mgmt:10.253.3.77 all all
|
||||
|
||||
|
||||
|
||||
|
||||
#Brendan mgmt access
|
||||
ACCEPT vpnasn2net:10.30.1.2 mgmt:10.253.3.86 udp 53
|
||||
ACCEPT vpnasn2net:10.30.1.2 mgmt:10.253.3.86 tcp 53
|
||||
ACCEPT vpnasn2net:10.30.3.0/24 $FW
|
||||
ACCEPT vpnasn2net:10.30.2.0/24 $FW
|
||||
ACCEPT vpnasn2net:10.30.2.0/24 mgmt
|
||||
ACCEPT vpnasn2net:10.30.3.0/24 mgmt
|
@ -1,274 +0,0 @@
|
||||
###############################################################################
|
||||
#
|
||||
# Shorewall Version 4 -- /etc/shorewall/shorewall.conf
|
||||
#
|
||||
# For information about the settings in this file, type "man shorewall.conf"
|
||||
#
|
||||
# Manpage also online at http://www.shorewall.net/manpages/shorewall.conf.html
|
||||
###############################################################################
|
||||
# S T A R T U P E N A B L E D
|
||||
###############################################################################
|
||||
|
||||
STARTUP_ENABLED=Yes
|
||||
|
||||
###############################################################################
|
||||
# V E R B O S I T Y
|
||||
###############################################################################
|
||||
|
||||
VERBOSITY=1
|
||||
|
||||
###############################################################################
|
||||
# L O G G I N G
|
||||
###############################################################################
|
||||
|
||||
BLACKLIST_LOG_LEVEL=
|
||||
|
||||
INVALID_LOG_LEVEL=
|
||||
|
||||
LOG_MARTIANS=Yes
|
||||
|
||||
LOG_VERBOSITY=2
|
||||
|
||||
LOGALLNEW=
|
||||
|
||||
LOGFILE="/var/log/firewall.log"
|
||||
|
||||
LOGFORMAT="%s:%s:"
|
||||
|
||||
LOGTAGONLY=No
|
||||
|
||||
LOGLIMIT=
|
||||
|
||||
MACLIST_LOG_LEVEL=info
|
||||
|
||||
RELATED_LOG_LEVEL=
|
||||
|
||||
RPFILTER_LOG_LEVEL=info
|
||||
|
||||
SFILTER_LOG_LEVEL=info
|
||||
|
||||
SMURF_LOG_LEVEL=info
|
||||
|
||||
STARTUP_LOG=/var/log/shorewall-init.log
|
||||
|
||||
TCP_FLAGS_LOG_LEVEL=info
|
||||
|
||||
UNTRACKED_LOG_LEVEL=
|
||||
|
||||
###############################################################################
|
||||
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
|
||||
###############################################################################
|
||||
|
||||
ARPTABLES=
|
||||
|
||||
CONFIG_PATH="${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
|
||||
|
||||
GEOIPDIR=/usr/share/xt_geoip/LE
|
||||
|
||||
IPTABLES=
|
||||
|
||||
IP=
|
||||
|
||||
IPSET=
|
||||
|
||||
LOCKFILE=
|
||||
|
||||
MODULESDIR=
|
||||
|
||||
NFACCT=
|
||||
|
||||
PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin"
|
||||
|
||||
PERL=/usr/bin/perl
|
||||
|
||||
RESTOREFILE=restore
|
||||
|
||||
SHOREWALL_SHELL=/bin/sh
|
||||
|
||||
SUBSYSLOCK=""
|
||||
|
||||
TC=
|
||||
|
||||
###############################################################################
|
||||
# D E F A U L T A C T I O N S / M A C R O S
|
||||
###############################################################################
|
||||
|
||||
ACCEPT_DEFAULT=none
|
||||
DROP_DEFAULT=Drop
|
||||
NFQUEUE_DEFAULT=none
|
||||
QUEUE_DEFAULT=none
|
||||
REJECT_DEFAULT=Reject
|
||||
|
||||
###############################################################################
|
||||
# R S H / R C P C O M M A N D S
|
||||
###############################################################################
|
||||
|
||||
RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
|
||||
RSH_COMMAND='ssh ${root}@${system} ${command}'
|
||||
|
||||
###############################################################################
|
||||
# F I R E W A L L O P T I O N S
|
||||
###############################################################################
|
||||
|
||||
ACCOUNTING=Yes
|
||||
|
||||
ACCOUNTING_TABLE=filter
|
||||
|
||||
ADD_IP_ALIASES=No
|
||||
|
||||
ADD_SNAT_ALIASES=No
|
||||
|
||||
ADMINISABSENTMINDED=Yes
|
||||
|
||||
IGNOREUNKNOWNVARIABLES=No
|
||||
|
||||
AUTOCOMMENT=Yes
|
||||
|
||||
AUTOHELPERS=Yes
|
||||
|
||||
AUTOMAKE=No
|
||||
|
||||
BLACKLIST="NEW,INVALID,UNTRACKED"
|
||||
|
||||
CHAIN_SCRIPTS=Yes
|
||||
|
||||
CLAMPMSS=No
|
||||
|
||||
CLEAR_TC=Yes
|
||||
|
||||
COMPLETE=No
|
||||
|
||||
DEFER_DNS_RESOLUTION=Yes
|
||||
|
||||
DELETE_THEN_ADD=Yes
|
||||
|
||||
DETECT_DNAT_IPADDRS=No
|
||||
|
||||
DISABLE_IPV6=No
|
||||
|
||||
DONT_LOAD=
|
||||
|
||||
DYNAMIC_BLACKLIST=Yes
|
||||
|
||||
EXPAND_POLICIES=Yes
|
||||
|
||||
EXPORTMODULES=Yes
|
||||
|
||||
FASTACCEPT=No
|
||||
|
||||
FORWARD_CLEAR_MARK=
|
||||
|
||||
HELPERS=
|
||||
|
||||
IMPLICIT_CONTINUE=No
|
||||
|
||||
IPSET_WARNINGS=Yes
|
||||
|
||||
IP_FORWARDING=On
|
||||
|
||||
KEEP_RT_TABLES=No
|
||||
|
||||
LEGACY_FASTSTART=Yes
|
||||
|
||||
LOAD_HELPERS_ONLY=No
|
||||
|
||||
MACLIST_TABLE=filter
|
||||
|
||||
MACLIST_TTL=
|
||||
|
||||
MANGLE_ENABLED=Yes
|
||||
|
||||
MAPOLDACTIONS=No
|
||||
|
||||
MARK_IN_FORWARD_CHAIN=No
|
||||
|
||||
MODULE_SUFFIX=ko
|
||||
|
||||
MULTICAST=Yes
|
||||
|
||||
MUTEX_TIMEOUT=60
|
||||
|
||||
NULL_ROUTE_RFC1918=No
|
||||
|
||||
OPTIMIZE=0
|
||||
|
||||
OPTIMIZE_ACCOUNTING=No
|
||||
|
||||
REJECT_ACTION=
|
||||
|
||||
REQUIRE_INTERFACE=No
|
||||
|
||||
RESTORE_DEFAULT_ROUTE=Yes
|
||||
|
||||
RESTORE_ROUTEMARKS=Yes
|
||||
|
||||
RETAIN_ALIASES=No
|
||||
|
||||
ROUTE_FILTER=Yes
|
||||
|
||||
SAVE_ARPTABLES=No
|
||||
|
||||
SAVE_IPSETS=No
|
||||
|
||||
TC_ENABLED=Internal
|
||||
|
||||
TC_EXPERT=No
|
||||
|
||||
TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2"
|
||||
|
||||
TRACK_PROVIDERS=No
|
||||
|
||||
TRACK_RULES=No
|
||||
|
||||
USE_DEFAULT_RT=No
|
||||
|
||||
USE_PHYSICAL_NAMES=No
|
||||
|
||||
USE_RT_NAMES=No
|
||||
|
||||
WARNOLDCAPVERSION=Yes
|
||||
|
||||
ZONE2ZONE=2
|
||||
|
||||
###############################################################################
|
||||
# P A C K E T D I S P O S I T I O N
|
||||
###############################################################################
|
||||
|
||||
BLACKLIST_DISPOSITION=DROP
|
||||
|
||||
INVALID_DISPOSITION=CONTINUE
|
||||
|
||||
MACLIST_DISPOSITION=REJECT
|
||||
|
||||
RELATED_DISPOSITION=ACCEPT
|
||||
|
||||
RPFILTER_DISPOSITION=DROP
|
||||
|
||||
SMURF_DISPOSITION=DROP
|
||||
|
||||
SFILTER_DISPOSITION=DROP
|
||||
|
||||
TCP_FLAGS_DISPOSITION=DROP
|
||||
|
||||
UNTRACKED_DISPOSITION=CONTINUE
|
||||
|
||||
################################################################################
|
||||
# P A C K E T M A R K L A Y O U T
|
||||
################################################################################
|
||||
|
||||
TC_BITS=
|
||||
|
||||
PROVIDER_BITS=
|
||||
|
||||
PROVIDER_OFFSET=
|
||||
|
||||
MASK_BITS=
|
||||
|
||||
ZONE_BITS=0
|
||||
|
||||
################################################################################
|
||||
# L E G A C Y O P T I O N
|
||||
# D O N O T D E L E T E O R A L T E R
|
||||
################################################################################
|
||||
|
||||
IPSECFILE=zones
|
@ -1,14 +0,0 @@
|
||||
#ZONE TYPE OPTIONS
|
||||
fw firewall
|
||||
rr ipv4
|
||||
wan ipv4
|
||||
barm ipv4
|
||||
mgmt ipv4
|
||||
asn ipv4
|
||||
s2l ipv4
|
||||
fnf ipv4
|
||||
knel ipv4
|
||||
tsys ipv4
|
||||
vpnrwr ipv4
|
||||
vpnauslab ipv4
|
||||
vpnasn2net ipv4
|
@ -1,30 +0,0 @@
|
||||
ausprod-core-rtr01-vlmgmt.turnsys.net:
|
||||
hostname: ausprod-core-rtr01-vlmgmt.turnsys.net
|
||||
username: root
|
||||
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
|
||||
tags: 'prod,auslab,physical,infra'
|
||||
ausprod-labsvr.turnsys.net:
|
||||
hostname: ausprod-labsvr.turnsys.net
|
||||
username: root
|
||||
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
|
||||
tags: 'prod,auslab,physical,subo'
|
||||
fsky2-rpi3.turnsys.net:
|
||||
hostname: fsky2-rpi3.turnsys.net
|
||||
username: root
|
||||
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
|
||||
tags: 'prod,auslab,physical,subo'
|
||||
subo-logtest.turnsys.net:
|
||||
hostname: subo-logtest.turnsys.net
|
||||
username: root
|
||||
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
|
||||
tags: 'prod,auslab,physical,subo'
|
||||
fground01.turnsys.net:
|
||||
hostname: fground01.turnsys.net
|
||||
username: root
|
||||
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
|
||||
tags: 'prod,auslab,physical,subo'
|
||||
fground-flink.turnsys.net:
|
||||
hostname: fground-flink.turnsys.net
|
||||
username: root
|
||||
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
|
||||
tags: 'prod,auslab,physical,subo'
|
@ -1,35 +0,0 @@
|
||||
shared-router.turnsys.net:
|
||||
hostname: shared-router.turnsys.net
|
||||
username: root
|
||||
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
|
||||
tags: 'prod,ovh,virtual,infra'
|
||||
tsys-cloud.turnsys.net:
|
||||
hostname: tsys-cloud.turnsys.net
|
||||
username: root
|
||||
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
|
||||
tags: 'prod,ovh,virtual,tsys'
|
||||
tsys-rr-shell.turnsys.net:
|
||||
hostname: tsys-rr-shell.turnsys.net
|
||||
username: root
|
||||
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
|
||||
tags: 'prod,ovh,virtual,rr'
|
||||
tsys-rr-app.turnsys.net:
|
||||
hostname: tsys-rr-app.turnsys.net
|
||||
username: root
|
||||
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
|
||||
tags: 'prod,ovh,virtual,rr'
|
||||
toolbox.turnsys.net:
|
||||
hostname: toolbox.turnsys.net
|
||||
username: root
|
||||
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
|
||||
tags: 'prod,ovh,virtual,infra'
|
||||
shared-build.turnsys.net:
|
||||
hostname: shared-build.turnsys.net
|
||||
username: root
|
||||
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
|
||||
tags: 'prod,ovh,virtual,infra'
|
||||
shared-zenoss.turnsys.net:
|
||||
hostname: shared-zenoss.turnsys.net
|
||||
username: root
|
||||
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
|
||||
tags: 'prod,ovh,virtual,infra'
|
@ -1,20 +0,0 @@
|
||||
ausprod-linsrv.turnsys.net:
|
||||
hostname: ausprod-linsrv.turnsys.net
|
||||
username: root
|
||||
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
|
||||
tags: 'prod,satx,physical,infra'
|
||||
tsyscn4.turnsys.net:
|
||||
hostname: tsyscn4.turnsys.net
|
||||
username: root
|
||||
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
|
||||
tags: 'satx,physical,infra,tsys'
|
||||
satxtimeserver.turnsys.net:
|
||||
hostname: satxtimeserver.turnsys.net
|
||||
username: root
|
||||
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
|
||||
tags: 'prod,satx,physical,infra'
|
||||
octoprint.turnsys.net:
|
||||
hostname: octoprint.turnsys.net
|
||||
username: root
|
||||
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
|
||||
tags: 'prod,satx,physical,infra'
|
@ -1,99 +0,0 @@
|
||||
StrictHostKeyChecking no
|
||||
|
||||
|
||||
#IdentityFile /home/cwyble/.ssh/id_rsa
|
||||
|
||||
#Production systems
|
||||
|
||||
Host asn2net-linsrv
|
||||
User asn2net
|
||||
Hostname asn2net-linsrv.turnsys.net
|
||||
Host asn2net-router
|
||||
User admin
|
||||
Hostname asn2net-router.turnsys.net
|
||||
Host ausprod-core-ap01
|
||||
Hostname ausprod-core-ap01.turnsys.net
|
||||
User cisco
|
||||
Host ausprod-core-rtr01
|
||||
User localuser
|
||||
Hostname ausprod-core-rtr01-vlmgmt.turnsys.net
|
||||
Host ausprod-lab-sw01
|
||||
Hostname ausprod-labsw01.turnsys.net
|
||||
Host ausprod-lab-sw02
|
||||
Hostname ausprod-labsw02.turnsys.net
|
||||
Host ausprod-consrv
|
||||
User root
|
||||
ForwardX11 no
|
||||
Hostname ausprod-consrv.turnsys.net
|
||||
Host auslab-power
|
||||
User root:7048
|
||||
Hostname ausprod-consrv.turnsys.net
|
||||
ForwardX11 no
|
||||
Host ausprod-labsvr
|
||||
User root
|
||||
Hostname ausprod-labsvr.turnsys.net
|
||||
Host ausprod-linsrv
|
||||
User localuser
|
||||
Hostname ausprod-linsrv.turnsys.net
|
||||
Host dedi
|
||||
User root
|
||||
Hostname dedi.turnsys.com
|
||||
ForwardX11 yes
|
||||
Host shared-boss
|
||||
User localuser
|
||||
Hostname shared-boss.turnsys.net
|
||||
Host shared-build
|
||||
User localuser
|
||||
Hostname shared-build.turnsys.net
|
||||
Host shared-router
|
||||
User root
|
||||
Hostname shared-router.turnsys.net
|
||||
Host toolbox
|
||||
User localuser
|
||||
Hostname toolbox.turnsys.net
|
||||
Host shared-voip
|
||||
User localuser
|
||||
Hostname shared-voip.turnsys.net
|
||||
Host shared-zenoss
|
||||
User root
|
||||
Hostname shared-zenoss.turnsys.net
|
||||
Host tsys-rr-app
|
||||
User root
|
||||
Hostname tsys-rr-app.turnsys.net
|
||||
Host tsys-rr-shell
|
||||
User localuser
|
||||
Hostname tsys-rr-shell.turnsys.net
|
||||
Host tsys-cloud
|
||||
User root
|
||||
Hostname tsys-cloud.turnsys.net
|
||||
Host tsyscn4
|
||||
User localuser
|
||||
Hostname tsyscn4.turnsys.net
|
||||
Host shallowblue
|
||||
User localuser
|
||||
Hostname shallowblue.turnsys.net
|
||||
Host tsys-taiga
|
||||
User localuser
|
||||
Hostname tsys-taiga.turnsys.net
|
||||
Host subo-fground
|
||||
User fground
|
||||
Hostname fground01.turnsys.net
|
||||
Host subo-fground-flink
|
||||
User pi
|
||||
Hostname fground-flink.turnsys.net
|
||||
Host subo-fsky
|
||||
User pi
|
||||
Hostname fsky2-rpi3.turnsys.net
|
||||
Host subo-logtest
|
||||
User fground
|
||||
Hostname subo-logtest.turnsys.net
|
||||
Host satxtimeserver
|
||||
User pi
|
||||
Hostname satxtimeserver.turnsys.net
|
||||
|
||||
#Host ausprod-oob-sw01
|
||||
#Host ausprod-oob-sw02
|
||||
|
||||
|
||||
Host *
|
||||
ForwardAgent yes
|
@ -1,257 +0,0 @@
|
||||
#!/bin/sh
|
||||
# Observium License Version 1.0
|
||||
#
|
||||
# Copyright (c) 2013 Joe Holden
|
||||
#
|
||||
# The intent of this license is to establish the freedom to use, share and contribute to
|
||||
# the software regulated by this license.
|
||||
#
|
||||
# This license applies to any software containing a notice placed by the copyright holder
|
||||
# saying that it may be distributed under the terms of this license. Such software is herein
|
||||
# referred to as the Software. This license covers modification and distribution of the
|
||||
# Software.
|
||||
#
|
||||
# Granted Rights
|
||||
#
|
||||
# 1. You are granted the non-exclusive rights set forth in this license provided you agree to
|
||||
# and comply with any and all conditions in this license. Whole or partial distribution of the
|
||||
# Software, or software items that link with the Software, in any form signifies acceptance of
|
||||
# this license.
|
||||
#
|
||||
# 2. You may copy and distribute the Software in unmodified form provided that the entire package,
|
||||
# including - but not restricted to - copyright, trademark notices and disclaimers, as released
|
||||
# by the initial developer of the Software, is distributed.
|
||||
#
|
||||
# 3. You may make modifications to the Software and distribute your modifications, in a form that
|
||||
# is separate from the Software, such as patches. The following restrictions apply to modifications:
|
||||
#
|
||||
# a. Modifications must not alter or remove any copyright notices in the Software.
|
||||
# b. When modifications to the Software are released under this license, a non-exclusive royalty-free
|
||||
# right is granted to the initial developer of the Software to distribute your modification in
|
||||
# future versions of the Software provided such versions remain available under these terms in
|
||||
# addition to any other license(s) of the initial developer.
|
||||
#
|
||||
# Limitations of Liability
|
||||
#
|
||||
# In no event shall the initial developers or copyright holders be liable for any damages whatsoever,
|
||||
# including - but not restricted to - lost revenue or profits or other direct, indirect, special,
|
||||
# incidental or consequential damages, even if they have been advised of the possibility of such damages,
|
||||
# except to the extent invariable law, if any, provides otherwise.
|
||||
#
|
||||
# No Warranty
|
||||
#
|
||||
# The Software and this license document are provided AS IS with NO WARRANTY OF ANY KIND, INCLUDING THE
|
||||
# WARRANTY OF DESIGN, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
|
||||
#
|
||||
# URL: https://github.com/joeholden/distroscript/
|
||||
# README: https://raw.github.com/joeholden/distroscript/master/README.md
|
||||
|
||||
# Shells are made of dicks.
|
||||
DISTROSCRIPT="1.0.15"
|
||||
|
||||
if [ -z ${DISTROFORMAT} ]; then
|
||||
DISTROFORMAT="pipe"
|
||||
fi
|
||||
|
||||
if [ -n "${AGENT_LIBDIR}" -o -n "${MK_LIBDIR}" ]; then
|
||||
# Set output for check_mk/observium agent
|
||||
DISTROFORMAT="export"
|
||||
fi
|
||||
|
||||
getos() {
|
||||
OS=`uname -s`
|
||||
if [ "${OS}" = "SunOS" ]; then
|
||||
OS="Solaris"
|
||||
elif [ "${OS}" = "DragonFly" ]; then
|
||||
OS="DragonFlyBSD"
|
||||
fi
|
||||
export OS
|
||||
return 0
|
||||
}
|
||||
|
||||
getkernel() {
|
||||
KERNEL=`uname -r`
|
||||
export KERNEL
|
||||
return 0
|
||||
}
|
||||
|
||||
getdistro() {
|
||||
if [ "${OS}" = "Linux" ]; then
|
||||
if [ -f /etc/os-release ]; then
|
||||
. /etc/os-release
|
||||
DISTRO=`echo ${NAME} | awk '{print $1}'`
|
||||
elif [ -x /usr/bin/lsb_release ]; then
|
||||
DISTRO=`/usr/bin/lsb_release -si 2>/dev/null`
|
||||
elif [ -f /etc/redhat-release ]; then
|
||||
DISTRO=`cat /etc/redhat-release | awk '{print $1}'`
|
||||
elif [ -f /etc/fedora-release ]; then
|
||||
DISTRO="Fedora"
|
||||
elif [ -f /etc/mandriva-release ]; then
|
||||
DISTRO="Mandriva"
|
||||
elif [ -f /etc/arch-release ]; then
|
||||
DISTRO="ArchLinux"
|
||||
elif [ -f /etc/gentoo-release ]; then
|
||||
DISTRO="Gentoo"
|
||||
elif [ -f /etc/SuSE-release ]; then
|
||||
DISTRO="SuSE"
|
||||
elif [ -f /etc/mandrake-release ]; then
|
||||
DISTRO="Mandrake"
|
||||
elif [ -f /etc/debian_version ]; then
|
||||
# shit based on debian
|
||||
if [ -f /etc/mailcleaner/etc/mailcleaner/version.def ]; then
|
||||
DISTRO="MailCleaner"
|
||||
else
|
||||
DISTRO="Debian"
|
||||
fi
|
||||
elif [ -f /etc/UnitedLinux-release ]; then
|
||||
DISTRO="UnitedLinux"
|
||||
elif [ -f /etc/openwrt_version ]; then
|
||||
DISTRO="OpenWRT"
|
||||
elif [ -f /etc/slackware-version ]; then
|
||||
DISTRO="Slackware"
|
||||
else
|
||||
DISTRO="Unknown"
|
||||
fi
|
||||
|
||||
# Fixing some Distro names
|
||||
if [ "${DISTRO}" = "Debian GNU/Linux" ]; then
|
||||
DISTRO="Debian"
|
||||
elif [ "${DISTRO}" = "Red" -o "${DISTRO}" = "RedHatEnterpriseServer" ]; then
|
||||
DISTRO="RedHat"
|
||||
elif [ "${DISTRO}" = "Arch" ]; then
|
||||
DISTRO="ArchLinux"
|
||||
fi
|
||||
|
||||
elif [ "${OS}" = "FreeBSD" ]; then
|
||||
if [ -f /etc/platform -a -f /etc/version ]; then
|
||||
DISTRO="pfSense"
|
||||
elif [ -f /etc/platform -a -f /etc/prd.name ]; then
|
||||
DISTRO=`cat /etc/prd.name`
|
||||
elif [ -f /usr/local/bin/pbreg ]; then
|
||||
DISTRO="PC-BSD"
|
||||
elif [ -f /tmp/freenas_config.md5 ]; then
|
||||
DISTRO="FreeNAS"
|
||||
else
|
||||
DISTRO=
|
||||
fi
|
||||
elif [ "${OS}" = "Solaris" ]; then
|
||||
DISTRO=`head -n 1 /etc/release | awk '{print $1}'`
|
||||
if [ "${DISTRO}" = "Solaris" -o "${DISTRO}" = "Oracle" ]; then
|
||||
DISTRO=
|
||||
fi
|
||||
elif [ "${OS}" = "Darwin" ]; then
|
||||
case `uname -m` in
|
||||
AppleTV2*)
|
||||
DISTRO="AppleTV2"
|
||||
;;
|
||||
AppleTV3*)
|
||||
DISTRO="AppleTV3"
|
||||
;;
|
||||
iPhone*)
|
||||
DISTRO="iPhone"
|
||||
;;
|
||||
iPod*)
|
||||
DISTRO="iPOD"
|
||||
;;
|
||||
*)
|
||||
DISTRO="OSX"
|
||||
;;
|
||||
esac
|
||||
else
|
||||
DISTRO=
|
||||
fi
|
||||
export DISTRO
|
||||
return 0
|
||||
}
|
||||
|
||||
getarch() {
|
||||
if [ "${OS}" = "Solaris" ]; then
|
||||
ARCH=`isainfo -k`
|
||||
elif [ "${OS}" = "Darwin" ]; then
|
||||
ARCH=`uname -p`
|
||||
else
|
||||
ARCH=`uname -m`
|
||||
fi
|
||||
if [ "${OS}" = "Linux" ]; then
|
||||
if [ "${ARCH}" = "x86_64" ]; then
|
||||
ARCH="amd64"
|
||||
elif [ "${ARCH}" = "i486" -o "${ARCH}" = "i586" -o "${ARCH}" = "i686" ]; then
|
||||
ARCH="i386"
|
||||
fi
|
||||
fi
|
||||
export ARCH
|
||||
return 0
|
||||
}
|
||||
|
||||
getversion() {
|
||||
if [ "${OS}" = "FreeBSD" -o "${OS}" = "DragonFlyBSD" ]; then
|
||||
if [ "${DISTRO}" = "pfSense" ]; then
|
||||
VERSION=`cat /etc/version`
|
||||
elif [ "${DISTRO}" = "PC-BSD" ]; then
|
||||
VERSION=`pbreg get /PC-BSD/Version`
|
||||
elif [ -f /etc/prd.version ]; then
|
||||
VERSION=`cat /etc/prd.version`
|
||||
else
|
||||
VERSION=`uname -i`
|
||||
fi
|
||||
elif [ "${OS}" = "OpenBSD" -o "${OS}" = "NetBSD" ]; then
|
||||
VERSION=`uname -v`
|
||||
elif [ "${OS}" = "Linux" ]; then
|
||||
if [ "${DISTRO}" = "OpenWRT" ]; then
|
||||
VERSION=`cat /etc/openwrt_version`
|
||||
elif [ "${DISTRO}" = "Slackware" ]; then
|
||||
VERSION=`cat /etc/slackware-version | cut -d" " -f2`
|
||||
elif [ -f /etc/redhat-release ]; then
|
||||
VERSION=`cat /etc/redhat-release | sed 's/.*release\ //' | sed 's/\ .*//'`
|
||||
elif [ -x /usr/bin/lsb_release ]; then
|
||||
VERSION=`lsb_release -sr 2>/dev/null`
|
||||
elif [ -f /etc/os-release ]; then
|
||||
. /etc/os-release
|
||||
VERSION=${VERSION_ID}
|
||||
else
|
||||
VERSION=
|
||||
fi
|
||||
elif [ "${OS}" = "Darwin" ]; then
|
||||
VERSION=`sw_vers -productVersion`
|
||||
elif [ "${OS}" = "Solaris" ]; then
|
||||
VERSION=`uname -v`
|
||||
fi
|
||||
export VERSION
|
||||
return 0
|
||||
}
|
||||
|
||||
|
||||
if [ -z ${DISTROEXEC} ]; then
|
||||
getos
|
||||
getkernel
|
||||
getarch
|
||||
getdistro
|
||||
getversion
|
||||
if [ "${AGENT_LIBDIR}" -o "${MK_LIBDIR}" ]; then
|
||||
echo "<<<distro>>>"
|
||||
fi
|
||||
if [ "${DISTROFORMAT}" = "pipe" ]; then
|
||||
echo "${OS}|${KERNEL}|${ARCH}|${DISTRO}|${VERSION}"
|
||||
elif [ "${DISTROFORMAT}" = "twopipe" ]; then
|
||||
echo "${OS}||${KERNEL}||${ARCH}||${DISTRO}||${VERSION}"
|
||||
elif [ "${DISTROFORMAT}" = "ini" ]; then
|
||||
echo "[distroscript]"
|
||||
echo " OS = ${OS}"
|
||||
echo " KERNEL = ${KERNEL}"
|
||||
echo " ARCH = ${ARCH}"
|
||||
echo " DISTRO = ${DISTRO}"
|
||||
echo " DISTROVER = ${VERSION}"
|
||||
echo " SCRIPTVER = ${DISTROSCRIPT}"
|
||||
elif [ "${DISTROFORMAT}" = "export" ]; then
|
||||
echo "OS=${OS}"
|
||||
echo "KERNEL=${KERNEL}"
|
||||
echo "ARCH=${ARCH}"
|
||||
echo "DISTRO=${DISTRO}"
|
||||
echo "DISTROVER=${VERSION}"
|
||||
echo "SCRIPTVER=${DISTROSCRIPT}"
|
||||
else
|
||||
echo "Unsupported output format."
|
||||
exit 1
|
||||
fi
|
||||
exit 0
|
||||
fi
|
@ -1,60 +0,0 @@
|
||||
#!/bin/bash
|
||||
#A script to bootstrap slack onto any TURNSYS managed system in any environment.
|
||||
#Use this as a template for writing TURNSYS shell scripts
|
||||
|
||||
slack-install()
|
||||
{
|
||||
|
||||
wget http://toolbox.turnsys.net/sysinfra/slack/bin/distro -O /usr/bin/distro
|
||||
chmod +x /usr/bin/distro
|
||||
|
||||
apt-get -y install make perl rsync
|
||||
|
||||
mkdir /tmp/slackDist
|
||||
wget http://toolbox.turnsys.net/sysinfra/slack/slackDist.tar.gz -O /tmp/slackDist/slackDist.tar.gz
|
||||
cd /tmp/slackDist
|
||||
tar xvfz slackDist.tar.gz
|
||||
make install
|
||||
cd /tmp
|
||||
rm -rf slackDist
|
||||
|
||||
mkdir /root/.ssh
|
||||
chmod 700 /root/.ssh
|
||||
chown -R root:root /root/.ssh
|
||||
|
||||
wget http://toolbox.turnsys.net/sysinfra/slack/env/SlackConfig-$SERVER_TYPE.config -O /etc/slack.conf
|
||||
|
||||
wget http://toolbox.turnsys.net/sysinfra/slack/env/SlackSSH-$SERVER_TYPE.config -O /root/.ssh/config
|
||||
chmod 400 /root/.ssh/config
|
||||
|
||||
wget http://toolbox.turnsys.net/sysinfra/slack/env/SlackSSH-$SERVER_TYPE.key -O /root/.ssh/SlackSSH-$SERVER_TYPE.key
|
||||
chmod 400 /root/.ssh/SlackSSH-$SERVER_TYPE.key
|
||||
}
|
||||
|
||||
|
||||
#######################################################################################################################################################
|
||||
#main() #For ease of searching
|
||||
# Script starts here
|
||||
# This code serves as a generic template for entrypoint code which is able to handle multi distro, multi environment execution.
|
||||
# !!!!! DO NOT WRAP IN A FUNCTION. THESE ARE GLOBAL VARIABLES !!!!!
|
||||
#######################################################################################################################################################
|
||||
|
||||
#If we have a fleet later, we can use this code to do fleet stuff
|
||||
#if [ $(hostname -s|egrep -i -c -E 'ts|ts[0-9]|ts[0-9][0-9]|ts[0-9][0-9][0-9]|linux') -eq 1 ]; then
|
||||
#export server_type=ts
|
||||
#fi
|
||||
|
||||
|
||||
case $server_type in
|
||||
ts)
|
||||
export SERVER_TYPE="ts"
|
||||
;;
|
||||
*)
|
||||
export SERVER_TYPE="prod"
|
||||
;;
|
||||
esac
|
||||
|
||||
#######################################################################################################################################################
|
||||
#Kick everything off
|
||||
#
|
||||
slack-install
|
39
archive/slack-runtime/dist/Makefile
vendored
39
archive/slack-runtime/dist/Makefile
vendored
@ -1,39 +0,0 @@
|
||||
# Makefile for slack/src
|
||||
# $Id: Makefile 187 2008-03-03 02:00:18Z alan $
|
||||
include Makefile.common
|
||||
|
||||
BACKENDS = slack-getroles slack-installfiles slack-runscript slack-sync slack-stage slack-rolediff
|
||||
|
||||
all:
|
||||
|
||||
install: install-bin install-conf install-lib install-man
|
||||
|
||||
install-bin: all
|
||||
$(MKDIR) $(DESTDIR)$(sbindir)
|
||||
$(INSTALL) slack $(DESTDIR)$(sbindir)
|
||||
$(MKDIR) $(DESTDIR)$(bindir)
|
||||
$(INSTALL) slack-diff $(DESTDIR)$(bindir)
|
||||
$(MKDIR) $(DESTDIR)$(slack_libexecdir)
|
||||
@set -ex;\
|
||||
for i in $(BACKENDS); do \
|
||||
$(INSTALL) $$i $(DESTDIR)$(slack_libexecdir); done
|
||||
$(INSTALL) -d -m $(PRIVDIRMODE) $(DESTDIR)$(slack_localstatedir)
|
||||
$(INSTALL) -d -m $(PRIVDIRMODE) $(DESTDIR)$(slack_localcachedir)
|
||||
|
||||
install-conf: all
|
||||
$(MKDIR) $(DESTDIR)$(sysconfdir)
|
||||
$(INSTALL) -m 0644 slack.conf $(DESTDIR)$(sysconfdir)
|
||||
|
||||
install-lib: all
|
||||
$(MKDIR) $(DESTDIR)$(slack_libdir)
|
||||
$(INSTALL) -m 0644 Slack.pm $(DESTDIR)$(slack_libdir)
|
||||
|
||||
install-man: all
|
||||
|
||||
clean:
|
||||
|
||||
realclean: clean
|
||||
|
||||
distclean: clean
|
||||
|
||||
test:
|
27
archive/slack-runtime/dist/Makefile.common
vendored
27
archive/slack-runtime/dist/Makefile.common
vendored
@ -1,27 +0,0 @@
|
||||
# Common code included in every Makefile
|
||||
# $Id: Makefile.common 189 2008-04-21 00:52:56Z sundell $
|
||||
|
||||
PACKAGE=slack
|
||||
VERSION=0.15.2
|
||||
|
||||
DESTDIR =
|
||||
|
||||
prefix = /
|
||||
exec_prefix = /usr
|
||||
sysconfdir = ${prefix}/etc
|
||||
mandir = ${exec_prefix}/share/man
|
||||
bindir = ${exec_prefix}/bin
|
||||
sbindir = ${exec_prefix}/sbin
|
||||
libdir = ${exec_prefix}/lib
|
||||
libexecdir = ${exec_prefix}/lib
|
||||
localstatedir = ${prefix}/var
|
||||
|
||||
slack_libdir = ${libdir}/slack
|
||||
slack_libexecdir = ${libexecdir}/slack
|
||||
slack_localstatedir = ${localstatedir}/lib/slack
|
||||
slack_localcachedir = ${localstatedir}/cache/slack
|
||||
|
||||
INSTALL = install
|
||||
MKDIR = mkdir -p
|
||||
|
||||
PRIVDIRMODE = 0700
|
371
archive/slack-runtime/dist/Slack.pm
vendored
371
archive/slack-runtime/dist/Slack.pm
vendored
@ -1,371 +0,0 @@
|
||||
# $Id: Slack.pm 189 2008-04-21 00:52:56Z sundell $
|
||||
# vim:sw=2
|
||||
# vim600:fdm=marker
|
||||
# Copyright (C) 2004-2008 Alan Sundell <alan@sundell.net>
|
||||
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
|
||||
# See the file COPYING for details.
|
||||
|
||||
package Slack;
|
||||
|
||||
require 5.006;
|
||||
use strict;
|
||||
use Carp qw(cluck confess croak);
|
||||
use File::Find;
|
||||
use POSIX qw(WIFEXITED WEXITSTATUS WIFSIGNALED WTERMSIG);
|
||||
|
||||
use base qw(Exporter);
|
||||
use vars qw($VERSION @EXPORT @EXPORT_OK $DEFAULT_CONFIG_FILE);
|
||||
$VERSION = '0.15.2';
|
||||
@EXPORT = qw();
|
||||
@EXPORT_OK = qw();
|
||||
|
||||
$DEFAULT_CONFIG_FILE = '/etc/slack.conf';
|
||||
|
||||
my $term;
|
||||
|
||||
my @default_options = (
|
||||
'help|h|?',
|
||||
'version',
|
||||
'verbose|v+',
|
||||
'quiet',
|
||||
'config|C=s',
|
||||
'source|s=s',
|
||||
'rsh|e=s',
|
||||
'cache|c=s',
|
||||
'stage|t=s',
|
||||
'root|r=s',
|
||||
'dry-run|n',
|
||||
'backup|b',
|
||||
'backup-dir=s',
|
||||
'hostname|H=s',
|
||||
);
|
||||
|
||||
sub default_usage ($) {
|
||||
my ($synopsis) = @_;
|
||||
return <<EOF;
|
||||
Usage: $synopsis
|
||||
|
||||
Options:
|
||||
-h, -?, --help
|
||||
Print this help message and exit.
|
||||
|
||||
--version
|
||||
Print the version number and exit.
|
||||
|
||||
-v, --verbose
|
||||
Be verbose.
|
||||
|
||||
--quiet
|
||||
Don't be verbose (Overrides previous uses of --verbose)
|
||||
|
||||
-C, --config FILE
|
||||
Use this config file instead of '$DEFAULT_CONFIG_FILE'.
|
||||
|
||||
-s, --source DIR
|
||||
Source for slack files
|
||||
|
||||
-e, --rsh COMMAND
|
||||
Remote shell for rsync
|
||||
|
||||
-c, --cache DIR
|
||||
Local cache directory for slack files
|
||||
|
||||
-t, --stage DIR
|
||||
Local staging directory for slack files
|
||||
|
||||
-r, --root DIR
|
||||
Root destination for slack files
|
||||
|
||||
-n, --dry-run
|
||||
Don't write any files to disk -- just report what would have been done.
|
||||
|
||||
-b, --backup
|
||||
Make backups of existing files in ROOT that are overwritten.
|
||||
|
||||
--backup-dir DIR
|
||||
Put backups into this directory.
|
||||
|
||||
-H, --hostname HOST
|
||||
Pretend to be running on HOST, instead of the name given by
|
||||
gethostname(2).
|
||||
EOF
|
||||
}
|
||||
# Read options from a config file. Arguments:
|
||||
# file => config file to read
|
||||
# opthash => hashref in which to store the options
|
||||
# verbose => whether to be verbose
|
||||
sub read_config (%) {
|
||||
my %arg = @_;
|
||||
my ($config_fh);
|
||||
local $_;
|
||||
|
||||
confess "Slack::read_config: no config file given"
|
||||
if not defined $arg{file};
|
||||
$arg{opthash} = {}
|
||||
if not defined $arg{opthash};
|
||||
|
||||
open($config_fh, '<', $arg{file})
|
||||
or confess "Could not open config file '$arg{file}': $!";
|
||||
|
||||
# Make this into a hash so we can quickly see if we're looking
|
||||
# for a particular option
|
||||
my %looking_for;
|
||||
if (ref $arg{options} eq 'ARRAY') {
|
||||
%looking_for = map { $_ => 1 } @{$arg{options}};
|
||||
}
|
||||
|
||||
while(<$config_fh>) {
|
||||
chomp;
|
||||
s/#.*//; # delete comments
|
||||
s/\s+$//; # delete trailing spaces
|
||||
next if m/^$/; # skip empty lines
|
||||
|
||||
if (m/^[A-Z_]+=\S+/) {
|
||||
my ($key, $value) = split(/=/, $_, 2);
|
||||
$key =~ tr/A-Z_/a-z-/;
|
||||
# Only set options we're looking for
|
||||
next if (%looking_for and not $looking_for{$key});
|
||||
# Don't set options that are already set
|
||||
next if defined $arg{opthash}->{$key};
|
||||
|
||||
$arg{verbose} and print STDERR "Slack::read_config: Setting '$key' to '$value'\n";
|
||||
$arg{opthash}->{$key} = $value;
|
||||
} else {
|
||||
cluck "Slack::read_config: Garbage line '$_' in '$arg{file}' line $. ignored";
|
||||
}
|
||||
}
|
||||
|
||||
close($config_fh)
|
||||
or confess "Slack::read_config: Could not close config file: $!";
|
||||
|
||||
# The verbose option is treated specially in so many places that
|
||||
# we need to make sure it's defined.
|
||||
$arg{opthash}->{verbose} ||= 0;
|
||||
|
||||
return $arg{opthash};
|
||||
}
|
||||
|
||||
# Just get the exit code from a command that failed.
|
||||
# croaks if anything weird happened.
|
||||
sub get_system_exit (@) {
|
||||
my @command = @_;
|
||||
|
||||
if (WIFEXITED($?)) {
|
||||
my $exit = WEXITSTATUS($?);
|
||||
return $exit if $exit;
|
||||
}
|
||||
if (WIFSIGNALED($?)) {
|
||||
my $sig = WTERMSIG($?);
|
||||
croak "'@command' caught sig $sig";
|
||||
}
|
||||
if ($!) {
|
||||
croak "Syserr on system '@command': $!";
|
||||
}
|
||||
croak "Unknown error on '@command'";
|
||||
}
|
||||
|
||||
sub check_system_exit (@) {
|
||||
my @command = @_;
|
||||
my $exit = get_system_exit(@command);
|
||||
# Exit is non-zero if get_system_exit() didn't croak.
|
||||
croak "'@command' exited $exit";
|
||||
}
|
||||
|
||||
# get options from the command line and the config file
|
||||
# Arguments
|
||||
# opthash => hashref in which to store options
|
||||
# usage => usage statement
|
||||
# required_options => arrayref of options to require -- an exception
|
||||
# will be thrown if these options are not defined
|
||||
# command_line_hash => store options specified on the command line here
|
||||
sub get_options {
|
||||
my %arg = @_;
|
||||
use Getopt::Long;
|
||||
Getopt::Long::Configure('bundling');
|
||||
|
||||
if (not defined $arg{opthash}) {
|
||||
$arg{opthash} = {};
|
||||
}
|
||||
|
||||
if (not defined $arg{usage}) {
|
||||
$arg{usage} = default_usage($0);
|
||||
}
|
||||
|
||||
my @extra_options = (); # extra arguments to getoptions
|
||||
if (defined $arg{command_line_options}) {
|
||||
@extra_options = @{$arg{command_line_options}};
|
||||
}
|
||||
|
||||
# Make a --quiet function that turns off verbosity
|
||||
$arg{opthash}->{quiet} = sub { $arg{opthash}->{verbose} = 0; };
|
||||
|
||||
unless (GetOptions($arg{opthash},
|
||||
@default_options,
|
||||
@extra_options,
|
||||
)) {
|
||||
print STDERR $arg{usage};
|
||||
exit 1;
|
||||
}
|
||||
if ($arg{opthash}->{help}) {
|
||||
print $arg{usage};
|
||||
exit 0;
|
||||
}
|
||||
|
||||
if ($arg{opthash}->{version}) {
|
||||
print "slack version $VERSION\n";
|
||||
exit 0;
|
||||
}
|
||||
|
||||
# Get rid of the quiet handler
|
||||
delete $arg{opthash}->{quiet};
|
||||
|
||||
# If we've been given a hashref, save our options there at this
|
||||
# stage, so the caller can see what was passed on the command line.
|
||||
# Unfortunately, perl has no .replace function, so we iterate.
|
||||
if (ref $arg{command_line_hash} eq 'HASH') {
|
||||
while (my ($k, $v) = each %{$arg{opthash}}) {
|
||||
$arg{command_line_hash}->{$k} = $v;
|
||||
}
|
||||
}
|
||||
|
||||
# Use the default config file
|
||||
if (not defined $arg{opthash}->{config}) {
|
||||
$arg{opthash}->{config} = $DEFAULT_CONFIG_FILE;
|
||||
}
|
||||
|
||||
# We need to decide whether to be verbose about reading the config file
|
||||
# Currently we just do it if global verbosity > 2
|
||||
my $verbose_config = 0;
|
||||
if (defined $arg{opthash}->{verbose}
|
||||
and $arg{opthash}->{verbose} > 2) {
|
||||
$verbose_config = 1;
|
||||
}
|
||||
|
||||
# Read options from the config file, passing along the options we've
|
||||
# gotten so far
|
||||
read_config(
|
||||
file => $arg{opthash}->{config},
|
||||
opthash => $arg{opthash},
|
||||
verbose => $verbose_config,
|
||||
);
|
||||
|
||||
# The "verbose" option gets compared a lot and needs to be defined
|
||||
$arg{opthash}->{verbose} ||= 0;
|
||||
|
||||
# The "hostname" option is set specially if it's not defined
|
||||
if (not defined $arg{opthash}->{hostname}) {
|
||||
use Sys::Hostname;
|
||||
$arg{opthash}->{hostname} = hostname;
|
||||
}
|
||||
|
||||
# We can require some options to be set
|
||||
if (ref $arg{required_options} eq 'ARRAY') {
|
||||
for my $option (@{$arg{required_options}}) {
|
||||
if (not defined $arg{opthash}->{$option}) {
|
||||
croak "Required option '$option' not given on command line or specified in config file!\n";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return $arg{opthash};
|
||||
}
|
||||
|
||||
sub prompt ($) {
|
||||
my ($prompt) = @_;
|
||||
if (not defined $term) {
|
||||
require Term::ReadLine;
|
||||
$term = new Term::ReadLine 'slack'
|
||||
}
|
||||
|
||||
$term->readline($prompt);
|
||||
}
|
||||
|
||||
|
||||
# Calls the callback on absolute pathnames of files in the source directory,
|
||||
# and also on names of directories that don't exist in the destination
|
||||
# directory (i.e. where $source/foo exists but $destination/foo does not).
|
||||
sub find_files_to_install ($$$) {
|
||||
my ($source, $destination, $callback) = @_;
|
||||
return find ({
|
||||
wanted => sub {
|
||||
if (-l or not -d _) {
|
||||
# Copy all files, links, etc
|
||||
my $file = $File::Find::name;
|
||||
&$callback($file);
|
||||
} elsif (-d _) {
|
||||
# For directories, we only want to copy it if it doesn't
|
||||
# exist in the destination yet.
|
||||
my $dir = $File::Find::name;
|
||||
# We know the root directory will exist (we make it above),
|
||||
# so skip the base of the source
|
||||
(my $short_source = $source) =~ s#/$##;
|
||||
return if $dir eq $short_source;
|
||||
|
||||
# Strip the $source from the path,
|
||||
# so we can build the destination dir from it.
|
||||
my $subdir = $dir;
|
||||
($subdir =~ s#^$source##)
|
||||
or croak "sub failed: $source|$subdir";
|
||||
|
||||
if (not -d "$destination/$subdir") {
|
||||
&$callback($dir);
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
$source,
|
||||
);
|
||||
}
|
||||
|
||||
# Runs rsync with the necessary redirection to its filehandles
|
||||
sub wrap_rsync (@) {
|
||||
my @command = @_;
|
||||
my ($pid);
|
||||
|
||||
if ($pid = fork) {
|
||||
# Parent
|
||||
} elsif (defined $pid) {
|
||||
# Child
|
||||
open(STDIN, "<", "/dev/null")
|
||||
or die "Could not redirect STDIN from /dev/null\n";
|
||||
# This redirection is necessary because rsync sends
|
||||
# verbose output to STDOUT
|
||||
open(STDOUT, ">&STDERR")
|
||||
or die "Could not redirect STDOUT to STDERR\n";
|
||||
exec(@command);
|
||||
die "Could not exec '@command': $!\n";
|
||||
} else {
|
||||
die "Could not fork: $!\n";
|
||||
}
|
||||
|
||||
my $kid = waitpid($pid, 0);
|
||||
if ($kid != $pid) {
|
||||
die "waitpid returned $kid\n";
|
||||
} elsif ($?) {
|
||||
Slack::check_system_exit(@command);
|
||||
}
|
||||
}
|
||||
|
||||
# Runs rsync with the necessary redirection to its filehandles, but also
|
||||
# returns an FH to stdin and a PID.
|
||||
sub wrap_rsync_fh (@) {
|
||||
my @command = @_;
|
||||
my ($fh, $pid);
|
||||
|
||||
if ($pid = open($fh, "|-")) {
|
||||
# Parent
|
||||
} elsif (defined $pid) {
|
||||
# Child
|
||||
# This redirection is necessary because rsync sends
|
||||
# verbose output to STDOUT
|
||||
open(STDOUT, ">&STDERR")
|
||||
or die "Could not redirect STDOUT to STDERR\n";
|
||||
exec(@command);
|
||||
die "Could not exec '@command': $!\n";
|
||||
} else {
|
||||
die "Could not fork: $!\n";
|
||||
}
|
||||
return($fh, $pid);
|
||||
}
|
||||
|
||||
1;
|
329
archive/slack-runtime/dist/slack
vendored
329
archive/slack-runtime/dist/slack
vendored
@ -1,329 +0,0 @@
|
||||
#!/usr/bin/perl -w
|
||||
# $Id: slack 180 2008-01-19 08:26:19Z alan $
|
||||
# vim:sw=2
|
||||
# vim600:fdm=marker
|
||||
# Copyright (C) 2004-2008 Alan Sundell <alan@sundell.net>
|
||||
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
|
||||
# See the file COPYING for details.
|
||||
|
||||
# This script is in charge of copying files from the (possibly remote)
|
||||
# master directory to a local cache, using rsync
|
||||
|
||||
require 5.006;
|
||||
use warnings FATAL => qw(all);
|
||||
use strict;
|
||||
use sigtrap qw(die untrapped normal-signals
|
||||
stack-trace any error-signals);
|
||||
|
||||
use File::Path;
|
||||
use File::Find;
|
||||
use POSIX; # for strftime
|
||||
|
||||
use constant LIBEXEC_DIR => '/usr/lib/slack';
|
||||
use constant LIB_DIR => '/usr/lib/slack';
|
||||
use lib LIB_DIR;
|
||||
use Slack;
|
||||
|
||||
sub run_backend(@);
|
||||
sub run_conditional_backend($@);
|
||||
|
||||
(my $PROG = $0) =~ s#.*/##;
|
||||
|
||||
# Arguments to pass to each backends (initialized to a hash of empty arrays)
|
||||
my %backend_flags = ( map { $_ => [] }
|
||||
qw(getroles sync stage preview preinstall fixfiles installfiles postinstall)
|
||||
);
|
||||
|
||||
my @roles;
|
||||
|
||||
########################################
|
||||
# Environment
|
||||
# Helpful prefix to die messages
|
||||
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
|
||||
# Set a reasonable umask
|
||||
umask 077;
|
||||
# Get out of wherever (possibly NFS-mounted) we were
|
||||
chdir("/")
|
||||
or die "Could not chdir /: $!";
|
||||
# Autoflush on STDERR
|
||||
select((select(STDERR), $|=1)[0]);
|
||||
|
||||
########################################
|
||||
# Config and option parsing {{{
|
||||
my $usage = Slack::default_usage("$PROG [options] [<role>...]");
|
||||
$usage .= <<EOF;
|
||||
|
||||
--preview MODE
|
||||
Do a diff of scripts and files before running them.
|
||||
MODE can be one of 'simple' or 'prompt'.
|
||||
|
||||
--no-files
|
||||
Don't install any files in ROOT, but tell rsync to print what
|
||||
it would do.
|
||||
|
||||
--no-scripts
|
||||
Don't run scripts.
|
||||
|
||||
--no-sync
|
||||
Skip the slack-sync step. (useful if you're pushing stuff into
|
||||
the CACHE outside of slack)
|
||||
|
||||
--role-list
|
||||
Role list for slack-getroles
|
||||
|
||||
--libexec-dir DIR
|
||||
Look for backend scripts in this directory.
|
||||
|
||||
--diff PROG
|
||||
Use this diff program for previews
|
||||
|
||||
--sleep TIME
|
||||
Randomly sleep between 1 and TIME seconds before starting
|
||||
operations
|
||||
EOF
|
||||
|
||||
# Options
|
||||
my %opt = ();
|
||||
# So we can distinguish stuff on the command line from config file stuff
|
||||
my %command_line_opt = ();
|
||||
Slack::get_options(
|
||||
opthash => \%opt,
|
||||
command_line_options => [
|
||||
'preview=s',
|
||||
'role-list=s',
|
||||
'no-scripts|noscripts',
|
||||
'no-files|nofiles',
|
||||
'no-sync|nosync',
|
||||
'libexec-dir=s',
|
||||
'diff=s',
|
||||
'sleep=i',
|
||||
],
|
||||
required_options => [ qw(source cache stage root) ],
|
||||
command_line_hash => \%command_line_opt,
|
||||
usage => $usage,
|
||||
);
|
||||
|
||||
# Special options
|
||||
if ($opt{'dry-run'}) {
|
||||
$opt{'no-scripts'} = 1;
|
||||
$opt{'no-files'} = 1;
|
||||
}
|
||||
if ($opt{'no-scripts'}) {
|
||||
for my $action (qw(fixfiles preinstall postinstall)) {
|
||||
push @{$backend_flags{$action}},
|
||||
'--dry-run';
|
||||
}
|
||||
}
|
||||
if ($opt{'no-files'}) {
|
||||
push @{$backend_flags{installfiles}},
|
||||
'--dry-run';
|
||||
}
|
||||
# propagate verbosity - 1 to all backends
|
||||
if (defined $command_line_opt{'verbose'} and
|
||||
$command_line_opt{'verbose'} > 1) {
|
||||
for my $action (keys %backend_flags) {
|
||||
push @{$backend_flags{$action}},
|
||||
('--verbose') x ($command_line_opt{'verbose'} - 1);
|
||||
}
|
||||
}
|
||||
# propagate these flags to all the backends
|
||||
for my $option (qw(config root cache stage source hostname rsh)) {
|
||||
if ($command_line_opt{$option}) {
|
||||
for my $action (keys %backend_flags) {
|
||||
push @{$backend_flags{$action}},
|
||||
"--$option=$command_line_opt{$option}";
|
||||
}
|
||||
}
|
||||
}
|
||||
# getroles also can take 'role-list'
|
||||
if ($command_line_opt{'role-list'}) {
|
||||
push @{$backend_flags{'getroles'}},
|
||||
"--role-list=$command_line_opt{'role-list'}";
|
||||
}
|
||||
|
||||
# The libexec dir defaults to this if it wasn't specified
|
||||
# on the command line or in a config file.
|
||||
if (not defined $opt{'libexec-dir'}) {
|
||||
$opt{'libexec-dir'} = LIBEXEC_DIR;
|
||||
}
|
||||
|
||||
# Pass diff option along to slack-rolediff
|
||||
if ($opt{'diff'}) {
|
||||
push @{$backend_flags{preview}},
|
||||
"--diff=$opt{'diff'}";
|
||||
}
|
||||
|
||||
# Preview takes an optional argument. If no argument is given,
|
||||
# it gets "" from getopt.
|
||||
if (defined $opt{'preview'}) {
|
||||
if (not grep /^$opt{'preview'}$/, qw(simple prompt)) {
|
||||
die "Unknown preview mode '$opt{'preview'}'!";
|
||||
}
|
||||
}
|
||||
|
||||
# The backup option defaults to on if it wasn't specified
|
||||
# on the command line or in a config file
|
||||
if (not defined $opt{backup}) {
|
||||
$opt{backup} = 1;
|
||||
}
|
||||
# Figure out a place to put backups
|
||||
if ($opt{backup} and $opt{'backup-dir'}) {
|
||||
push @{$backend_flags{installfiles}},
|
||||
'--backup',
|
||||
'--backup-dir='.
|
||||
$opt{'backup-dir'}.
|
||||
"/".
|
||||
strftime('%F-%T', localtime(time))
|
||||
;
|
||||
}
|
||||
# }}}
|
||||
|
||||
# Random sleep, helpful when called from cron.
|
||||
if ($opt{sleep}) {
|
||||
my $secs = int(rand($opt{sleep})) + 1;
|
||||
$opt{verbose} and print STDERR "$PROG: sleep $secs\n";
|
||||
sleep($secs);
|
||||
}
|
||||
|
||||
# Get a list of roles to install from slack-getroles {{{
|
||||
if (not @ARGV) {
|
||||
my @command = ($opt{'libexec-dir'}.'/slack-getroles',
|
||||
@{$backend_flags{'getroles'}});
|
||||
$opt{verbose} and print STDERR "$PROG: getroles\n";
|
||||
($opt{verbose} > 2) and print STDERR "$PROG: Calling '@command' to get a list of roles for this host.\n";
|
||||
my ($roles_pid, $roles_fh);
|
||||
if ($roles_pid = open($roles_fh, "-|")) {
|
||||
# Parent
|
||||
} elsif (defined $roles_pid) {
|
||||
# Child
|
||||
exec(@command);
|
||||
die "Could not exec '@command': $!\n";
|
||||
} else {
|
||||
die "Could not fork to run '@command': $!\n";
|
||||
}
|
||||
@roles = split(/\s+/, join(" ", <$roles_fh>));
|
||||
unless (close($roles_fh)) {
|
||||
Slack::check_system_exit(@command);
|
||||
}
|
||||
} else {
|
||||
@roles = @ARGV;
|
||||
}
|
||||
# }}}
|
||||
|
||||
# Check role name syntax {{{
|
||||
for my $role (@roles) {
|
||||
# Roles MUST begin with a letter. All else is reserved.
|
||||
if ($role !~ m/^[a-zA-Z]/) {
|
||||
die "Role '$role' does not begin with a letter!";
|
||||
}
|
||||
}
|
||||
# }}}
|
||||
|
||||
$opt{verbose} and print STDERR "$PROG: installing roles: @roles\n";
|
||||
|
||||
unless ($opt{'no-sync'}) {
|
||||
# sync all the roles down at once
|
||||
$opt{verbose} and print STDERR "$PROG: sync @roles\n";
|
||||
run_backend('slack-sync',
|
||||
@{$backend_flags{sync}}, @roles);
|
||||
}
|
||||
|
||||
ROLE: for my $role (@roles) {
|
||||
# stage
|
||||
$opt{verbose} and print STDERR "$PROG: stage files $role\n";
|
||||
run_backend('slack-stage',
|
||||
@{$backend_flags{stage}}, '--subdir=files', $role);
|
||||
|
||||
if ($opt{preview}) {
|
||||
if ($opt{preview} eq 'simple') {
|
||||
$opt{verbose} and print STDERR "$PROG: preview $role\n";
|
||||
# Here, we run the backend in no-prompt mode.
|
||||
run_conditional_backend(0, 'slack-rolediff',
|
||||
@{$backend_flags{preview}}, $role);
|
||||
# ...and we skip further action in the ROLE after showing the diff.
|
||||
next ROLE;
|
||||
} elsif ($opt{preview} eq 'prompt') {
|
||||
$opt{verbose} and print STDERR "$PROG: preview scripts $role\n";
|
||||
# Here, we want to prompt and just do the scripts, since
|
||||
# we need to run preinstall and fixfiles before doing the files.
|
||||
run_conditional_backend(1, 'slack-rolediff',
|
||||
@{$backend_flags{preview}}, '--subdir=scripts', $role);
|
||||
} else {
|
||||
# Should get caught in option processing, above
|
||||
die "Unknown preview mode!\n";
|
||||
}
|
||||
}
|
||||
|
||||
$opt{verbose} and print STDERR "$PROG: stage scripts $role\n";
|
||||
run_backend('slack-stage',
|
||||
@{$backend_flags{stage}}, '--subdir=scripts', $role);
|
||||
|
||||
# preinstall
|
||||
$opt{verbose} and print STDERR "$PROG: preinstall $role\n";
|
||||
run_backend('slack-runscript',
|
||||
@{$backend_flags{preinstall}}, 'preinstall', $role);
|
||||
|
||||
# fixfiles
|
||||
$opt{verbose} and print STDERR "$PROG: fixfiles $role\n";
|
||||
run_backend('slack-runscript',
|
||||
@{$backend_flags{fixfiles}}, 'fixfiles', $role);
|
||||
|
||||
# preview files
|
||||
if ($opt{preview} and $opt{preview} eq 'prompt') {
|
||||
$opt{verbose} and print STDERR "$PROG: preview files $role\n";
|
||||
run_conditional_backend(1, 'slack-rolediff',
|
||||
@{$backend_flags{preview}}, '--subdir=files', $role);
|
||||
}
|
||||
|
||||
# installfiles
|
||||
$opt{verbose} and print STDERR "$PROG: install $role\n";
|
||||
run_backend('slack-installfiles',
|
||||
@{$backend_flags{installfiles}}, $role);
|
||||
|
||||
# postinstall
|
||||
$opt{verbose} and print STDERR "$PROG: postinstall $role\n";
|
||||
run_backend('slack-runscript',
|
||||
@{$backend_flags{postinstall}}, 'postinstall', $role);
|
||||
}
|
||||
exit 0;
|
||||
|
||||
sub run_backend (@) {
|
||||
my ($backend, @args) = @_;
|
||||
# If we weren't given an explicit path, prepend the libexec dir
|
||||
unless ($backend =~ m#^/#) {
|
||||
$backend = $opt{'libexec-dir'} . '/' . $backend;
|
||||
}
|
||||
|
||||
# Assemble our command line
|
||||
my (@command) = ($backend, @args);
|
||||
($opt{verbose} > 2) and print STDERR "$PROG: Calling '@command'\n";
|
||||
unless (system(@command) == 0) {
|
||||
Slack::check_system_exit(@command);
|
||||
}
|
||||
}
|
||||
|
||||
sub run_conditional_backend ($@) {
|
||||
my ($prompt, $backend, @args) = @_;
|
||||
# If we weren't given an explicit path, prepend the libexec dir
|
||||
unless ($backend =~ m#^/#) {
|
||||
$backend = $opt{'libexec-dir'} . '/' . $backend;
|
||||
}
|
||||
|
||||
# Assemble our command line
|
||||
my (@command) = ($backend, @args);
|
||||
($opt{verbose} > 2) and print STDERR "$PROG: Calling '@command'\n";
|
||||
unless (system(@command) == 0) {
|
||||
my $exit = Slack::get_system_exit(@command);
|
||||
|
||||
if ($exit == 1) {
|
||||
# exit 1 means a difference found or something normal that requires
|
||||
# a prompt before continuing.
|
||||
if ($prompt) {
|
||||
exit 1 unless Slack::prompt("Continue? [yN] ") eq 'y';
|
||||
}
|
||||
} else {
|
||||
# any other non-successful exit is a serious error.
|
||||
die "'@command' exited $exit";
|
||||
}
|
||||
}
|
||||
}
|
514
archive/slack-runtime/dist/slack-diff
vendored
514
archive/slack-runtime/dist/slack-diff
vendored
@ -1,514 +0,0 @@
|
||||
#!/usr/bin/perl -w
|
||||
# $Id: slack-diff 122 2006-09-27 07:34:32Z alan $
|
||||
# vim:sw=2
|
||||
# vim600:fdm=marker
|
||||
# Copyright (C) 2004-2006 Alan Sundell <alan@sundell.net>
|
||||
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
|
||||
# See the file COPYING for details.
|
||||
#
|
||||
# This script is a wrapper for diff that gives output about special files
|
||||
# and file modes. (diff can only compare regular files)
|
||||
|
||||
require 5.006;
|
||||
use warnings FATAL => qw(all);
|
||||
use strict;
|
||||
use sigtrap qw(die untrapped normal-signals
|
||||
stack-trace any error-signals);
|
||||
|
||||
use Errno;
|
||||
use File::stat;
|
||||
use File::Basename;
|
||||
use File::Find;
|
||||
use Getopt::Long;
|
||||
use POSIX qw(SIGPIPE strftime);
|
||||
use Fcntl qw(:mode); # provides things like S_IFMT that POSIX does not
|
||||
|
||||
|
||||
my $VERSION = '0.1';
|
||||
(my $PROG = $0) =~ s#.*/##;
|
||||
my @diff; # diff program to use
|
||||
my $exit = 0; # our exit code
|
||||
|
||||
sub compare ($$);
|
||||
sub recursive_compare ($$);
|
||||
sub filetype_to_string ($;$);
|
||||
sub compare_files ($$);
|
||||
sub diff ($$);
|
||||
|
||||
########################################
|
||||
# Environment
|
||||
# Helpful prefix to die messages
|
||||
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
|
||||
# Set a reasonable umask
|
||||
umask 077;
|
||||
# Autoflush on STDOUT
|
||||
$|=1;
|
||||
# Autoflush on STDERR
|
||||
select((select(STDERR), $|=1)[0]);
|
||||
|
||||
# Default options
|
||||
my %opt = (
|
||||
fakediff => 1,
|
||||
perms => 1,
|
||||
'new-file' => 1,
|
||||
diff => 'diff',
|
||||
);
|
||||
|
||||
# Config and option parsing
|
||||
my $usage = <<EOF;
|
||||
Usage: $PROG [options] <file1> <file2>
|
||||
$PROG -r <dir1> <dir2>
|
||||
|
||||
Options:
|
||||
-u, -U NUM, --unified=NUM
|
||||
Tell diff to use unified output format.
|
||||
--diff PROG
|
||||
Use this program for diffing, instead of "$opt{diff}"
|
||||
--fakediff
|
||||
Make a fake diff for file modes and other things that are not file
|
||||
contents. Default is on, can be disabled with --nofakediff.
|
||||
--perms
|
||||
Care about owner, group, and permissions when doing fakediff.
|
||||
Default is on, can be disabled with --noperms.
|
||||
-r, --recursive
|
||||
Recursively compare directories.
|
||||
-N, --new-file
|
||||
Treat missing files as empty. Default is on, can be disabled with
|
||||
--nonew-file.
|
||||
--unidirectional-new-file
|
||||
Treat only missing files in the first directory as empty.
|
||||
--from-file
|
||||
Treat arguments as a list of files from which to read filenames to
|
||||
compare, two lines at a time.
|
||||
-0, --null
|
||||
Use NULLs instead of newlines as the separator in --from-file mode
|
||||
--devnullhack
|
||||
You have a version of diff that can't deal with -N when not in
|
||||
recursive mode, so we need to feed it /dev/null instead of the
|
||||
missing file. Default is on, can be disabled with --nodevnullhack.
|
||||
--version
|
||||
Output version info
|
||||
--help
|
||||
Output this help text
|
||||
|
||||
Exit codes:
|
||||
0 Found no differences
|
||||
1 Found a difference
|
||||
2 Had a serious error
|
||||
3 Found a difference and had a serious error
|
||||
EOF
|
||||
|
||||
{
|
||||
Getopt::Long::Configure ("bundling");
|
||||
GetOptions(\%opt,
|
||||
'help|h|?',
|
||||
'version',
|
||||
'null|0',
|
||||
'devnullhack',
|
||||
'new-file|N',
|
||||
'u',
|
||||
'unified|U=i',
|
||||
'recursive|r',
|
||||
'from-file',
|
||||
'unidirectional-new-file',
|
||||
'fakediff!',
|
||||
'perms!',
|
||||
'diff=s',
|
||||
) or die $usage;
|
||||
if ($opt{help}) {
|
||||
print $usage;
|
||||
exit 0;
|
||||
}
|
||||
if ($opt{version}) {
|
||||
print "$PROG version $VERSION\n";
|
||||
exit 0;
|
||||
}
|
||||
}
|
||||
|
||||
if ($opt{diff}) {
|
||||
# We split on spaces here to be useful -- so that people can give
|
||||
# their diff options.
|
||||
@diff = split(/\s+/, $opt{diff});
|
||||
} else {
|
||||
die "$PROG: No diff program!\n";
|
||||
}
|
||||
|
||||
if ($opt{'u'}) {
|
||||
push @diff, '-u';
|
||||
} elsif ($opt{'unified'}) {
|
||||
$opt{'u'} = 1; # We use this value later
|
||||
push @diff, "--unified=$opt{'unified'}";
|
||||
}
|
||||
|
||||
if (not $opt{'devnullhack'}) {
|
||||
push @diff, '-N';
|
||||
}
|
||||
|
||||
# usually, sigpipe would be someone quitting their pager, so don't sweat it
|
||||
$SIG{PIPE} = sub { exit $exit };
|
||||
|
||||
if ($opt{'from-file'}) {
|
||||
local $/ = "\0" if $opt{'null'};
|
||||
while (my $old = <>) {
|
||||
my $new = <>;
|
||||
die "Uneven number of lines in --from-file mode!\n"
|
||||
if not defined $new;
|
||||
chomp($old);
|
||||
chomp($new);
|
||||
$exit |= compare($old, $new);
|
||||
}
|
||||
} else {
|
||||
die $usage unless $#ARGV == 1;
|
||||
$exit |= compare($ARGV[0], $ARGV[1]);
|
||||
}
|
||||
exit $exit;
|
||||
|
||||
##
|
||||
# Subroutines
|
||||
|
||||
sub compare ($$) {
|
||||
my ($old, $new) = @_;
|
||||
|
||||
if ($opt{recursive}) {
|
||||
return recursive_compare($old, $new);
|
||||
} else {
|
||||
return compare_files($old, $new);
|
||||
}
|
||||
}
|
||||
|
||||
# compare two directories. We do this by walking down the *new*
|
||||
# directory, and comparing everything that's there to the stuff in
|
||||
# the old directory
|
||||
sub recursive_compare ($$) {
|
||||
my ($olddir, $newdir) = @_;
|
||||
my ($retval, $basere, $wanted);
|
||||
my (%seen);
|
||||
|
||||
$retval = 0;
|
||||
|
||||
if (-d $newdir) {
|
||||
$basere = qr(^$newdir);
|
||||
$wanted = sub {
|
||||
my ($newfile) = $_;
|
||||
my $oldfile = $newfile;
|
||||
|
||||
$oldfile =~ s#$basere#$olddir#;
|
||||
$seen{$oldfile} = 1;
|
||||
$retval |= compare_files($oldfile, $newfile);
|
||||
};
|
||||
|
||||
eval { find({ wanted => $wanted , no_chdir => 1}, $newdir) };
|
||||
if ($@) {
|
||||
warn "$PROG: error during find: $@\n";
|
||||
$retval |= 2;
|
||||
}
|
||||
}
|
||||
return $retval
|
||||
if $opt{'unidirectional-new-file'};
|
||||
|
||||
# If we're not unidirectional, we want to go through the old directory
|
||||
# and diff any files we didn't see in the newdir.
|
||||
if (-d $olddir) {
|
||||
$basere = qr(^$olddir);
|
||||
$wanted = sub {
|
||||
my ($oldfile) = $_;
|
||||
my $newfile;
|
||||
|
||||
return if $seen{$oldfile};
|
||||
$newfile = $oldfile;
|
||||
|
||||
$newfile =~ s#$basere#$newdir#;
|
||||
$retval |= compare_files($oldfile, $newfile);
|
||||
};
|
||||
|
||||
eval { find({ wanted => $wanted , no_chdir => 1}, $olddir) };
|
||||
if ($@) {
|
||||
warn "$PROG: error during find: $@\n";
|
||||
$retval |= 2;
|
||||
}
|
||||
}
|
||||
return $retval;
|
||||
}
|
||||
|
||||
# filetype_to_string(mode)
|
||||
# filetype_to_string(mode, plural)
|
||||
#
|
||||
# Takes a mode returned from stat(), returns a noune describing the filetype,
|
||||
# e.g. "directory", "symlink".
|
||||
# If the "plural" argument is provided and true, returns the plural form of
|
||||
# the noun, e.g. "directories", "symlinks".
|
||||
sub filetype_to_string ($;$) {
|
||||
my ($mode, $plural) = @_;
|
||||
|
||||
if (S_ISREG($mode)) {
|
||||
return "regular file".($plural ? "s" : "");
|
||||
} elsif (S_ISDIR($mode)) {
|
||||
return "director".($plural ? "ies" : "y");
|
||||
} elsif (S_ISLNK($mode)) {
|
||||
return "symlink".($plural ? "s" : "");
|
||||
} elsif (S_ISBLK($mode)) {
|
||||
return "block device".($plural ? "s" : "");
|
||||
} elsif (S_ISCHR($mode)) {
|
||||
return "character device".($plural ? "s" : "");
|
||||
} elsif (S_ISFIFO($mode)) {
|
||||
return "fifo".($plural ? "s" : "");
|
||||
} elsif (S_ISSOCK($mode)) {
|
||||
return "socket".($plural ? "s" : "");
|
||||
} else {
|
||||
return "unknown filetype".($plural ? "s" : "");
|
||||
}
|
||||
}
|
||||
|
||||
# compare_files(oldfile, newfile)
|
||||
# This is the actual diffing routine. It's quite long because we need to
|
||||
# deal with all sorts of special cases. It will print to STDOUT a
|
||||
# description of the differences between the two files. For regular files,
|
||||
# diff(1) will be run to show the differences.
|
||||
#
|
||||
# return codes:
|
||||
# 1 found a difference
|
||||
# 2 had an error
|
||||
# 3 found a difference and had an error
|
||||
sub compare_files ($$) {
|
||||
my ($oldname, $newname) = @_;
|
||||
my ($old, $new); # stat buffers
|
||||
my $return = 0;
|
||||
|
||||
# Get rid of unsightly double slashes
|
||||
$oldname =~ s#//#/#g;
|
||||
$newname =~ s#//#/#g;
|
||||
|
||||
eval { $old = lstat($oldname); };
|
||||
if (not defined $old and not $!{ENOENT}) {
|
||||
warn "$PROG: Could not stat $oldname: $!\n";
|
||||
return 2;
|
||||
}
|
||||
eval { $new = lstat($newname); };
|
||||
if (not defined $new and not $!{ENOENT}) {
|
||||
warn "$PROG: Could not stat $newname: $!\n";
|
||||
return 2;
|
||||
}
|
||||
# At this point, $old or $new should only be undefined if the
|
||||
# file does not exist.
|
||||
|
||||
if (defined $old and defined $new) {
|
||||
if (S_IFMT($old->mode) != S_IFMT($new->mode)) {
|
||||
if ($opt{fakediff}) {
|
||||
fakediff('filetype',
|
||||
$oldname => filetype_to_string($old->mode),
|
||||
$newname => filetype_to_string($new->mode),
|
||||
);
|
||||
} else {
|
||||
print "File types differ between ".
|
||||
filetype_to_string($old->mode)." $oldname and ".
|
||||
filetype_to_string($new->mode)." $newname\n";
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
if ($old->nlink != $new->nlink) {
|
||||
# In recursive mode, we don't care about link counts in directories,
|
||||
# as we'll pick that up with what files do and don't exist.
|
||||
unless ($opt{recursive} and S_ISDIR($old->mode)) {
|
||||
if ($opt{fakediff}) {
|
||||
fakediff('nlink',
|
||||
$oldname => $old->nlink,
|
||||
$newname => $new->nlink,
|
||||
);
|
||||
} else {
|
||||
print "Link counts differ between ".
|
||||
filetype_to_string($old->mode, 1).
|
||||
" $oldname and $newname\n";
|
||||
}
|
||||
$return = 1;
|
||||
}
|
||||
}
|
||||
if ($old->uid != $new->uid and $opt{perms}) {
|
||||
if ($opt{fakediff}) {
|
||||
fakediff('uid',
|
||||
$oldname => $old->uid,
|
||||
$newname => $new->uid,
|
||||
);
|
||||
} else {
|
||||
print "Owner differs between ".
|
||||
filetype_to_string($old->mode, 1).
|
||||
" $oldname and $newname\n";
|
||||
}
|
||||
$return = 1;
|
||||
}
|
||||
if ($old->gid != $new->gid and $opt{perms}) {
|
||||
if ($opt{fakediff}) {
|
||||
fakediff('gid',
|
||||
$oldname => $old->gid,
|
||||
$newname => $new->gid,
|
||||
);
|
||||
} else {
|
||||
print "Group differs between ".
|
||||
filetype_to_string($old->mode, 1).
|
||||
" $oldname and $newname\n";
|
||||
}
|
||||
$return = 1;
|
||||
}
|
||||
if (S_IMODE($old->mode) != S_IMODE($new->mode) and $opt{perms}) {
|
||||
if ($opt{fakediff}) {
|
||||
fakediff('mode',
|
||||
$oldname => sprintf('%04o', S_IMODE($old->mode)),
|
||||
$newname => sprintf('%04o', S_IMODE($new->mode)),
|
||||
);
|
||||
} else {
|
||||
print "Modes differ between ".
|
||||
filetype_to_string($old->mode, 1).
|
||||
" $oldname and $newname\n";
|
||||
}
|
||||
$return = 1;
|
||||
}
|
||||
|
||||
# We don't want to compare anything more about sockets, fifos, or
|
||||
# directories, once we've checked the permissions and link counts
|
||||
if (S_ISSOCK($old->mode) or
|
||||
S_ISFIFO($old->mode) or
|
||||
S_ISDIR($old->mode)) {
|
||||
return $return;
|
||||
}
|
||||
|
||||
# Check device file devs, and that's it for them
|
||||
if (S_ISCHR($old->mode) or
|
||||
S_ISBLK($old->mode)) {
|
||||
if ($old->rdev != $new->rdev) {
|
||||
if ($opt{fakediff}) {
|
||||
fakediff('rdev',
|
||||
$oldname => $old->rdev,
|
||||
$newname => $new->rdev,
|
||||
);
|
||||
} else {
|
||||
print "Device numbers differ between ".
|
||||
filetype_to_string($old->mode, 1).
|
||||
" $oldname and $newname\n";
|
||||
}
|
||||
$return = 1;
|
||||
}
|
||||
return $return;
|
||||
}
|
||||
|
||||
# Compare the targets of symlinks
|
||||
if (S_ISLNK($old->mode)) {
|
||||
my $oldtarget = readlink $oldname
|
||||
or (warn("$PROG: Could not readlink($oldname): $!\n"),
|
||||
return $return | 2);
|
||||
my $newtarget = readlink $newname
|
||||
or (warn("$PROG: Could not readlink($newname): $!\n"),
|
||||
return $return | 2);
|
||||
if ($oldtarget ne $newtarget) {
|
||||
if ($opt{fakediff}) {
|
||||
fakediff('target',
|
||||
$oldname => $oldtarget,
|
||||
$newname => $newtarget,
|
||||
);
|
||||
} else {
|
||||
print "Symlink targets differ between $oldname and $newname\n";
|
||||
}
|
||||
$return = 1;
|
||||
}
|
||||
return $return;
|
||||
}
|
||||
|
||||
if (not S_ISREG($old->mode)) {
|
||||
warn "$PROG: Don't know what to do with file mode $old->mode!\n";
|
||||
return 2;
|
||||
}
|
||||
} elsif (not defined $old and not defined $new) {
|
||||
print "Neither $oldname nor $newname exists\n";
|
||||
return $return;
|
||||
} elsif (not defined $old) {
|
||||
if (not S_ISREG($new->mode) or not $opt{'new-file'}) {
|
||||
print "Only in ".dirname($newname).": ".
|
||||
filetype_to_string($new->mode)." ".basename($newname)."\n";
|
||||
return 1;
|
||||
} elsif ($opt{'devnullhack'}) {
|
||||
$oldname = '/dev/null';
|
||||
}
|
||||
} elsif (not defined $new) {
|
||||
if (not S_ISREG($old->mode) or not $opt{'new-file'}) {
|
||||
print "Only in ".dirname($oldname).": ".
|
||||
filetype_to_string($old->mode)." ".basename($oldname)."\n";
|
||||
return 1;
|
||||
} elsif ($opt{'devnullhack'}) {
|
||||
$newname = '/dev/null';
|
||||
}
|
||||
}
|
||||
# They are regular files! We can actually run diff!
|
||||
return diff($oldname, $newname) | $return;
|
||||
}
|
||||
|
||||
sub diff ($$) {
|
||||
my ($oldname, $newname) = @_;
|
||||
my @command = (@diff, $oldname, $newname);
|
||||
my $status;
|
||||
|
||||
# If we're not specifying unified diff, we need to print a header
|
||||
# to indicate what's being diffed. (I'm not sure if this actually would
|
||||
# work for patch, but it does tell our user what's going on).
|
||||
# FIXME: We only need to specify this if the files are different
|
||||
print "@command\n"
|
||||
if not $opt{u};
|
||||
|
||||
{
|
||||
# There is a bug in perl with use warnings FATAL => qw(all)
|
||||
# that will cause the child process from system() to stick
|
||||
# around if there is a warning generated.
|
||||
# Shut off warnings -- we'll catch the error below.
|
||||
no warnings;
|
||||
$status = system(@command);
|
||||
}
|
||||
return 0 if ($status == 0);
|
||||
if ($? == -1) {
|
||||
die "$PROG: failed to execute '@command': $!\n";
|
||||
}
|
||||
if ($? & 128) {
|
||||
die "$PROG: '@command' dumped core\n";
|
||||
}
|
||||
if (my $sig = $? & 127) {
|
||||
die "$PROG: '@command' caught sig $sig\n"
|
||||
unless ($sig == SIGPIPE);
|
||||
}
|
||||
if (my $exit = $? >> 8) {
|
||||
if ($exit == 1) {
|
||||
return 1;
|
||||
} else {
|
||||
die "$PROG: '@command' returned $exit\n";
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
sub fakediff ($$) {
|
||||
my ($type, $oldname, $oldvalue, $newname, $newvalue) = @_;
|
||||
|
||||
return unless $opt{fakediff};
|
||||
my $time = strftime('%F %T.000000000 %z', localtime(0));
|
||||
|
||||
# We add a suffix onto the filenames to show we're not actually looking
|
||||
# at file contents. There's no good way to indicate this that's compatible
|
||||
# with patch, and this is simple enough.
|
||||
$oldname .= '#~~' . $type;
|
||||
$newname .= '#~~' . $type;
|
||||
|
||||
if ($opt{u}) {
|
||||
# fake up a unified diff
|
||||
print <<EOF;
|
||||
--- $oldname\t$time
|
||||
+++ $newname\t$time
|
||||
@@ -1 +1 @@
|
||||
-$oldvalue
|
||||
+$newvalue
|
||||
EOF
|
||||
} else {
|
||||
print <<EOF;
|
||||
diff $oldname $newname
|
||||
1c1
|
||||
< $oldvalue
|
||||
---
|
||||
> $newvalue
|
||||
EOF
|
||||
}
|
||||
}
|
161
archive/slack-runtime/dist/slack-getroles
vendored
161
archive/slack-runtime/dist/slack-getroles
vendored
@ -1,161 +0,0 @@
|
||||
#!/usr/bin/perl -w
|
||||
# $Id: slack-getroles 180 2008-01-19 08:26:19Z alan $
|
||||
# vim:sw=2
|
||||
# vim600:fdm=marker
|
||||
# Copyright (C) 2004-2008 Alan Sundell <alan@sundell.net>
|
||||
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
|
||||
# See the file COPYING for details.
|
||||
|
||||
# This script is in charge of copying files from the (possibly remote)
|
||||
# master directory to a local cache, using rsync
|
||||
|
||||
require 5.006;
|
||||
use warnings FATAL => qw(all);
|
||||
use strict;
|
||||
use sigtrap qw(die untrapped normal-signals
|
||||
stack-trace any error-signals);
|
||||
|
||||
use File::Path;
|
||||
|
||||
use constant LIB_DIR => '/usr/lib/slack';
|
||||
use lib LIB_DIR;
|
||||
use Slack;
|
||||
|
||||
my @rsync = ('rsync',
|
||||
'--links',
|
||||
'--times',
|
||||
);
|
||||
|
||||
(my $PROG = $0) =~ s#.*/##;
|
||||
|
||||
sub sync_list ();
|
||||
|
||||
########################################
|
||||
# Environment
|
||||
# Helpful prefix to die messages
|
||||
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
|
||||
# Set a reasonable umask
|
||||
umask 077;
|
||||
# Get out of wherever (possibly NFS-mounted) we were
|
||||
chdir("/")
|
||||
or die "Could not chdir /: $!";
|
||||
# Autoflush on STDERR
|
||||
select((select(STDERR), $|=1)[0]);
|
||||
|
||||
########################################
|
||||
# Config and option parsing {{{
|
||||
my $usage = Slack::default_usage("$PROG [options]");
|
||||
$usage .= <<EOF;
|
||||
|
||||
--role-list
|
||||
Role list location (can be relative to SOURCE)
|
||||
|
||||
--remote-role-list
|
||||
Role list is remote and should be copied down with rsync
|
||||
(implied by certain forms of role list or SOURCE)
|
||||
EOF
|
||||
|
||||
# Option defaults
|
||||
my %opt = ();
|
||||
Slack::get_options(
|
||||
opthash => \%opt,
|
||||
command_line_options => [
|
||||
'role-list=s',
|
||||
'remote-role-list',
|
||||
],
|
||||
required_options => [ qw(role-list hostname) ],
|
||||
usage => $usage,
|
||||
);
|
||||
|
||||
# Prepare for backups
|
||||
if ($opt{backup} and $opt{'backup-dir'}) {
|
||||
# Make sure backup directory exists
|
||||
unless (-d $opt{'backup-dir'}) {
|
||||
($opt{verbose} > 0) and print STDERR "Creating backup directory '$opt{'backup-dir'}'\n";
|
||||
if (not $opt{'dry-run'}) {
|
||||
eval { mkpath($opt{'backup-dir'}); };
|
||||
die "Could not mkpath backup dir '$opt{'backup-dir'}': $@\n" if $@;
|
||||
}
|
||||
}
|
||||
push(@rsync, "--backup", "--backup-dir=$opt{'backup-dir'}");
|
||||
}
|
||||
# Pass options along to rsync
|
||||
if ($opt{'dry-run'}) {
|
||||
push @rsync, '--dry-run';
|
||||
}
|
||||
# Pass options along to rsync
|
||||
if ($opt{'verbose'} > 1) {
|
||||
push @rsync, '--verbose';
|
||||
}
|
||||
# }}}
|
||||
|
||||
# See if role-list is actually relative to source, and pre-pend source
|
||||
# if need be.
|
||||
unless ($opt{'role-list'} =~ m#^/# or
|
||||
$opt{'role-list'} =~ m#^\./# or
|
||||
$opt{'role-list'} =~ m#^[\w@\.-]+:#) {
|
||||
if (not defined $opt{source}) {
|
||||
die "Relative path to role-list given, but source not defined!\n\n$usage\n";
|
||||
}
|
||||
$opt{'role-list'} = $opt{source} . '/' . $opt{'role-list'};
|
||||
}
|
||||
|
||||
# auto-detect remote role list
|
||||
if ($opt{'role-list'} =~ m#^[\w@\.-]+:#) {
|
||||
$opt{'remote-role-list'} = 1;
|
||||
}
|
||||
|
||||
# Copy a remote list locally
|
||||
if ($opt{'remote-role-list'}) {
|
||||
# We need a cache directory if the role list is not local
|
||||
if (not defined $opt{cache}) {
|
||||
die "Remote path to role-list given, but cache not defined!\n\n$usage\n";
|
||||
}
|
||||
# Look at source type, and add options if necessary
|
||||
if ($opt{'rsh'} or $opt{'role-list'} =~ m/^[\w@\.-]+::/) {
|
||||
# This is tunnelled rsync, and so needs an extra option
|
||||
if ($opt{'rsh'}) {
|
||||
push @rsync, '-e', $opt{'rsh'};
|
||||
} else {
|
||||
push @rsync, '-e', 'ssh';
|
||||
}
|
||||
}
|
||||
sync_list();
|
||||
}
|
||||
|
||||
# Read in the roles list
|
||||
my @roles = ();
|
||||
my $host_found = 0;
|
||||
($opt{verbose} > 0) and print STDERR "$PROG: Reading '$opt{'role-list'}'\n";
|
||||
open(ROLES, "<", $opt{'role-list'})
|
||||
or die "Could not open '$opt{'role-list'}' for reading: $!\n";
|
||||
while(<ROLES>) {
|
||||
s/#.*//; # Strip comments
|
||||
chomp;
|
||||
if (s/^$opt{hostname}:\s*//) {
|
||||
$host_found++;
|
||||
push @roles, split();
|
||||
}
|
||||
}
|
||||
close(ROLES)
|
||||
or die "Could not close '$opt{'role-list'}': $!\n";
|
||||
if (not $host_found) {
|
||||
die "Host '$opt{hostname}' not found in '$opt{'role-list'}'!\n";
|
||||
}
|
||||
print join("\n", @roles), "\n";
|
||||
exit 0;
|
||||
|
||||
sub sync_list () {
|
||||
my $source = $opt{'role-list'};
|
||||
my $destination = $opt{cache} . "/_role_list";
|
||||
unless (-d $opt{cache}) {
|
||||
eval { mkpath($opt{cache}); };
|
||||
die "Could not mkpath '$opt{cache}': $@\n" if $@;
|
||||
}
|
||||
# All this to run an rsync command
|
||||
my @command = (@rsync, $source, $destination);
|
||||
($opt{verbose} > 0) and print STDERR "$PROG: Calling '@command'\n";
|
||||
Slack::wrap_rsync(@command);
|
||||
$opt{'role-list'} = $destination;
|
||||
}
|
||||
|
149
archive/slack-runtime/dist/slack-installfiles
vendored
149
archive/slack-runtime/dist/slack-installfiles
vendored
@ -1,149 +0,0 @@
|
||||
#!/usr/bin/perl -w
|
||||
# $Id: slack-installfiles 180 2008-01-19 08:26:19Z alan $
|
||||
# vim:sw=2
|
||||
# vim600:fdm=marker
|
||||
# Copyright (C) 2004-2008 Alan Sundell <alan@sundell.net>
|
||||
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
|
||||
# See the file COPYING for details.
|
||||
#
|
||||
# This script is in charge of copying files from the local stage to the root
|
||||
# of the local filesystem
|
||||
|
||||
require 5.006;
|
||||
use warnings FATAL => qw(all);
|
||||
use strict;
|
||||
use sigtrap qw(die untrapped normal-signals
|
||||
stack-trace any error-signals);
|
||||
|
||||
use File::Path;
|
||||
|
||||
use constant LIB_DIR => '/usr/lib/slack';
|
||||
use lib LIB_DIR;
|
||||
use Slack;
|
||||
|
||||
my @rsync = ('rsync',
|
||||
'--relative',
|
||||
'--times',
|
||||
'--perms',
|
||||
'--group',
|
||||
'--owner',
|
||||
'--links',
|
||||
'--devices',
|
||||
'--sparse',
|
||||
'--no-implied-dirs', # SO GOOD!
|
||||
'--files-from=-',
|
||||
'--from0',
|
||||
);
|
||||
|
||||
(my $PROG = $0) =~ s#.*/##;
|
||||
|
||||
sub install_files ($);
|
||||
|
||||
########################################
|
||||
# Environment
|
||||
# Helpful prefix to die messages
|
||||
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
|
||||
# Set a reasonable umask
|
||||
umask 077;
|
||||
# Get out of wherever (possibly NFS-mounted) we were
|
||||
chdir("/")
|
||||
or die "Could not chdir /: $!";
|
||||
# Autoflush on STDERR
|
||||
select((select(STDERR), $|=1)[0]);
|
||||
|
||||
########################################
|
||||
# Config and option parsing {{{
|
||||
my $usage = Slack::default_usage("$PROG [options] <role> [<role>...]");
|
||||
# Option defaults
|
||||
my %opt = ();
|
||||
Slack::get_options(
|
||||
opthash => \%opt,
|
||||
usage => $usage,
|
||||
required_options => [ qw(root stage) ],
|
||||
);
|
||||
# }}}
|
||||
|
||||
# Arguments are required
|
||||
die "No roles given!\n\n$usage" unless @ARGV;
|
||||
|
||||
unless (-d $opt{root}) {
|
||||
if (not $opt{'dry-run'}) {
|
||||
eval {
|
||||
mkpath($opt{root});
|
||||
# We have a tight umask, and a root of mode 0700 would be undesirable
|
||||
# in most cases.
|
||||
chmod(0755, $opt{root});
|
||||
};
|
||||
die "Could not mkpath destination directory '$opt{root}': $@\n" if $@;
|
||||
}
|
||||
warn "WARNING[$PROG]: Created destination directory '".$opt{root}."'\n";
|
||||
}
|
||||
|
||||
# Prepare for backups
|
||||
if ($opt{backup} and $opt{'backup-dir'}) {
|
||||
# Make sure backup directory exists
|
||||
unless (-d $opt{'backup-dir'}) {
|
||||
($opt{verbose} > 0) and print STDERR "$PROG: Creating backup directory '$opt{'backup-dir'}'\n";
|
||||
if (not $opt{'dry-run'}) {
|
||||
eval { mkpath($opt{'backup-dir'}); };
|
||||
die "Could not mkpath backup dir '$opt{'backup-dir'}': $@\n" if $@;
|
||||
}
|
||||
}
|
||||
push(@rsync, "--backup", "--backup-dir=$opt{'backup-dir'}");
|
||||
}
|
||||
# Pass options along to rsync
|
||||
if ($opt{'dry-run'}) {
|
||||
push @rsync, '--dry-run';
|
||||
}
|
||||
if ($opt{'verbose'} > 1) {
|
||||
push @rsync, '--verbose';
|
||||
}
|
||||
|
||||
# copy over the new files
|
||||
for my $role (@ARGV) {
|
||||
install_files($role);
|
||||
}
|
||||
exit 0;
|
||||
|
||||
# This subroutine takes care of actually installing the files for a role
|
||||
sub install_files ($) {
|
||||
my ($role) = @_;
|
||||
# final / is important for rsync
|
||||
my $source = $opt{stage} . "/roles/" . $role . "/files/";
|
||||
my $destination = $opt{root} . "/";
|
||||
my @command = (@rsync, $source, $destination);
|
||||
|
||||
if (not -d $source) {
|
||||
($opt{verbose} > 0) and
|
||||
print STDERR "$PROG: No files to install -- '$source' does not exist\n";
|
||||
return;
|
||||
}
|
||||
|
||||
# Try to give some sensible message here
|
||||
if ($opt{verbose} > 0) {
|
||||
if ($opt{'dry-run'}) {
|
||||
print STDERR "$PROG: Dry-run syncing '$source' to '$destination'\n";
|
||||
} else {
|
||||
print STDERR "$PROG: Syncing '$source' to '$destination'\n";
|
||||
}
|
||||
}
|
||||
|
||||
my ($fh) = Slack::wrap_rsync_fh(@command);
|
||||
|
||||
select((select($fh), $|=1)[0]); # Turn on autoflush
|
||||
|
||||
my $callback = sub {
|
||||
my ($file) = @_;
|
||||
($file =~ s#^$source##)
|
||||
or die "sub failed: $source|$file";
|
||||
print $fh "$file\0";
|
||||
};
|
||||
|
||||
# This will print files to be synced to the $fh
|
||||
Slack::find_files_to_install($source, $destination, $callback);
|
||||
|
||||
# Close fh, waitpid, and check return value
|
||||
unless (close($fh)) {
|
||||
Slack::check_system_exit(@command);
|
||||
}
|
||||
}
|
146
archive/slack-runtime/dist/slack-rolediff
vendored
146
archive/slack-runtime/dist/slack-rolediff
vendored
@ -1,146 +0,0 @@
|
||||
#!/usr/bin/perl -w
|
||||
# $Id: slack-rolediff 125 2006-09-27 07:50:07Z alan $
|
||||
# vim:sw=2
|
||||
# vim600:fdm=marker
|
||||
# Copyright (C) 2004-2006 Alan Sundell <alan@sundell.net>
|
||||
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
|
||||
# See the file COPYING for details.
|
||||
#
|
||||
# This script provides a preview of scripts or files about to be installed.
|
||||
# Basically, it calls diff -- its smarts are in knowing where things are.
|
||||
|
||||
require 5.006;
|
||||
use warnings FATAL => qw(all);
|
||||
use strict;
|
||||
use sigtrap qw(die untrapped normal-signals
|
||||
stack-trace any error-signals);
|
||||
|
||||
use File::Path;
|
||||
use File::Find;
|
||||
|
||||
use constant LIB_DIR => '/usr/lib/slack';
|
||||
use lib LIB_DIR;
|
||||
use Slack;
|
||||
|
||||
my @diff = ('slack-diff',
|
||||
'-uN',
|
||||
);
|
||||
|
||||
# directories to compare
|
||||
my %subdir = (
|
||||
files => 1,
|
||||
scripts => 1,
|
||||
);
|
||||
|
||||
(my $PROG = $0) =~ s#.*/##;
|
||||
|
||||
sub diff ($$;@);
|
||||
|
||||
########################################
|
||||
# Environment
|
||||
# Helpful prefix to die messages
|
||||
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
|
||||
# Set a reasonable umask
|
||||
umask 077;
|
||||
# Get out of wherever (possibly NFS-mounted) we were
|
||||
chdir("/")
|
||||
or die "Could not chdir /: $!";
|
||||
# Autoflush on STDERR
|
||||
select((select(STDERR), $|=1)[0]);
|
||||
|
||||
########################################
|
||||
# Config and option parsing {{{
|
||||
my $usage = Slack::default_usage("$PROG [options] <role> [<role>...]");
|
||||
$usage .= <<EOF;
|
||||
|
||||
--subdir DIR
|
||||
Check this subdir only. Possible values for DIR are 'files' and
|
||||
'scripts'.
|
||||
|
||||
--diff PROG
|
||||
Use this program to do diffs. [@diff]
|
||||
EOF
|
||||
# Option defaults
|
||||
my %opt = ();
|
||||
Slack::get_options(
|
||||
opthash => \%opt,
|
||||
command_line_options => [
|
||||
'subdir=s',
|
||||
'diff=s',
|
||||
],
|
||||
usage => $usage,
|
||||
required_options => [ qw(cache stage root) ],
|
||||
);
|
||||
|
||||
# Arguments are required
|
||||
die "No roles given!\n\n$usage" unless @ARGV;
|
||||
|
||||
# We only allow certain values for this option
|
||||
if ($opt{subdir}) {
|
||||
unless ($opt{subdir} eq 'files' or $opt{subdir} eq 'scripts') {
|
||||
die "--subdir option must be 'files' or 'scripts'\n\n$usage";
|
||||
}
|
||||
# Only do this subdir
|
||||
%subdir = ( $opt{subdir} => 1 );
|
||||
}
|
||||
|
||||
# Let people override our diff. Split on spaces so they can pass args.
|
||||
if ($opt{diff}) {
|
||||
@diff = split(/\s+/, $opt{diff});
|
||||
}
|
||||
|
||||
# }}}
|
||||
|
||||
my $exit = 0;
|
||||
# Do the diffs
|
||||
for my $full_role (@ARGV) {
|
||||
# Split the full role (e.g. google.foogle.woogle) into components
|
||||
my @role = split(/\./, $full_role);
|
||||
|
||||
if ($subdir{scripts}) {
|
||||
# Then we compare the cache vs the stage
|
||||
my $old = $opt{stage} . "/roles/" . $full_role . "/scripts";
|
||||
my $new = $opt{cache} . "/roles/" . $role[0] . "/scripts";
|
||||
# For scripts, we don't care so much about mode and owner (since those are
|
||||
# inherited in the CACHE from the SOURCE), so --noperms.
|
||||
$exit |= diff($old, $new, '--noperms');
|
||||
}
|
||||
|
||||
if ($subdir{files}) {
|
||||
# Then we compare the stage vs the root
|
||||
my $old = $opt{root};
|
||||
my $new = $opt{stage} . "/roles/" . $full_role . "/files";
|
||||
# For files, we don't care about files that exist in $old but not $new
|
||||
$exit |= diff($old, $new, '--unidirectional-new-file');
|
||||
}
|
||||
}
|
||||
exit $exit;
|
||||
|
||||
sub diff ($$;@) {
|
||||
my ($old, $new, @options) = @_;
|
||||
|
||||
my @command = (@diff, @options);
|
||||
|
||||
# return if there's nothing to do
|
||||
return 0 if (not -d $old and not -d $new);
|
||||
|
||||
($opt{verbose} > 0) and print STDERR "$PROG: Previewing with '@command'\n";
|
||||
|
||||
my $return = 0;
|
||||
my $callback = sub {
|
||||
my ($new_file) = @_;
|
||||
my $old_file = $new_file;
|
||||
($old_file =~ s#^$new#$old#)
|
||||
or die "sub failed: $new|$new_file";
|
||||
if (system(@command, $old_file, $new_file) != 0) {
|
||||
$return |= Slack::get_system_exit(@command);
|
||||
}
|
||||
};
|
||||
|
||||
# We have to use this function, rather than recursive mode for slack-diff,
|
||||
# because otherwise we'll print a bunch of bogus stuff about directories
|
||||
# that exist in $ROOT and therefore aren't being synced.
|
||||
Slack::find_files_to_install($new, $old, $callback);
|
||||
|
||||
return $return;
|
||||
}
|
111
archive/slack-runtime/dist/slack-runscript
vendored
111
archive/slack-runtime/dist/slack-runscript
vendored
@ -1,111 +0,0 @@
|
||||
#!/usr/bin/perl -w
|
||||
# $Id: slack-runscript 118 2006-09-25 18:35:17Z alan $
|
||||
# vim:sw=2
|
||||
# vim600:fdm=marker
|
||||
# Copyright (C) 2004-2006 Alan Sundell <alan@sundell.net>
|
||||
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
|
||||
# See the file COPYING for details.
|
||||
#
|
||||
# This script is in charge of running scripts out of the local stage
|
||||
|
||||
require 5.006;
|
||||
use warnings FATAL => qw(all);
|
||||
use strict;
|
||||
use sigtrap qw(die untrapped normal-signals
|
||||
stack-trace any error-signals);
|
||||
|
||||
use File::Path;
|
||||
use File::Find;
|
||||
|
||||
use constant LIB_DIR => '/usr/lib/slack';
|
||||
use lib LIB_DIR;
|
||||
use Slack;
|
||||
|
||||
# Export these options to the environment of the script
|
||||
my @export_options = qw(root stage hostname verbose);
|
||||
|
||||
(my $PROG = $0) =~ s#.*/##;
|
||||
|
||||
########################################
|
||||
# Environment
|
||||
# Helpful prefix to die messages
|
||||
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
|
||||
# Set a reasonable umask
|
||||
umask 077;
|
||||
# Autoflush on STDERR
|
||||
select((select(STDERR), $|=1)[0]);
|
||||
# Get out of wherever (possibly NFS-mounted) we were
|
||||
chdir('/')
|
||||
or die "Could not chdir '/': $!";
|
||||
|
||||
########################################
|
||||
# Config and option parsing {{{
|
||||
my $usage = Slack::default_usage("$PROG [options] <action> <role> [<role>...]");
|
||||
# Option defaults
|
||||
my %opt = ();
|
||||
Slack::get_options(
|
||||
opthash => \%opt,
|
||||
usage => $usage,
|
||||
required_options => \@export_options,
|
||||
);
|
||||
|
||||
my $action = shift || die "No script to run!\n\n$usage";
|
||||
# Arguments are required
|
||||
die "No roles given!\n\n$usage" unless @ARGV;
|
||||
|
||||
# }}}
|
||||
|
||||
# Start with a clean environment
|
||||
%ENV = (
|
||||
PATH => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
|
||||
);
|
||||
# Export certain variables to the environment. These are guaranteed to
|
||||
# be set because we require them in get_options above.
|
||||
for my $option (@export_options) {
|
||||
my $env_var = $option;
|
||||
$env_var =~ tr/a-z-/A-Z_/;
|
||||
$ENV{$env_var} = $opt{$option};
|
||||
}
|
||||
# We want to decrement the verbose value for the child if it's set.
|
||||
$ENV{VERBOSE}-- if $ENV{VERBOSE};
|
||||
|
||||
# Run the script for each role given, if it exists and is executable
|
||||
for my $role (@ARGV) {
|
||||
my $script_to_run = "$opt{stage}/roles/$role/scripts/$action";
|
||||
unless (-x $script_to_run) {
|
||||
if (-e _) {
|
||||
# A helpful warning
|
||||
warn "WARNING[$PROG]: Skipping '$script_to_run' because it's not executable\n";
|
||||
} elsif ($opt{verbose} > 0) {
|
||||
print STDERR "$PROG: Skipping '$script_to_run' because it doesn't exist\n";
|
||||
}
|
||||
next;
|
||||
}
|
||||
my $dir;
|
||||
if ($action eq 'fixfiles') {
|
||||
$dir = "$opt{stage}/roles/$role/files";
|
||||
} else {
|
||||
$dir = "$opt{stage}/roles/$role/scripts";
|
||||
}
|
||||
my @command = ($script_to_run , $role);
|
||||
|
||||
# It's OK to chdir even if we're not going to run the script.
|
||||
# Might as well see if it works.
|
||||
chdir($dir)
|
||||
or die "Could not chdir '$dir': $!\n";
|
||||
if ($opt{'dry-run'}) {
|
||||
($opt{verbose} > 0)
|
||||
and print STDERR "$PROG: Not calling '@command' in '$dir' ".
|
||||
"because --dry-run specified.\n";
|
||||
} else {
|
||||
($opt{verbose} > 0)
|
||||
and print STDERR "$PROG: Calling '@command' in '$dir'.\n";
|
||||
unless (system("script /root/slackLog -a -f -c @command") == 0) {
|
||||
Slack::check_system_exit(@command);
|
||||
}
|
||||
}
|
||||
chdir('/')
|
||||
or die "Could not chdir '/': $!\n"
|
||||
}
|
||||
exit 0;
|
||||
|
111
archive/slack-runtime/dist/slack-runscript.orig
vendored
111
archive/slack-runtime/dist/slack-runscript.orig
vendored
@ -1,111 +0,0 @@
|
||||
#!/usr/bin/perl -w
|
||||
# $Id: slack-runscript 118 2006-09-25 18:35:17Z alan $
|
||||
# vim:sw=2
|
||||
# vim600:fdm=marker
|
||||
# Copyright (C) 2004-2006 Alan Sundell <alan@sundell.net>
|
||||
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
|
||||
# See the file COPYING for details.
|
||||
#
|
||||
# This script is in charge of running scripts out of the local stage
|
||||
|
||||
require 5.006;
|
||||
use warnings FATAL => qw(all);
|
||||
use strict;
|
||||
use sigtrap qw(die untrapped normal-signals
|
||||
stack-trace any error-signals);
|
||||
|
||||
use File::Path;
|
||||
use File::Find;
|
||||
|
||||
use constant LIB_DIR => '/usr/lib/slack';
|
||||
use lib LIB_DIR;
|
||||
use Slack;
|
||||
|
||||
# Export these options to the environment of the script
|
||||
my @export_options = qw(root stage hostname verbose);
|
||||
|
||||
(my $PROG = $0) =~ s#.*/##;
|
||||
|
||||
########################################
|
||||
# Environment
|
||||
# Helpful prefix to die messages
|
||||
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
|
||||
# Set a reasonable umask
|
||||
umask 077;
|
||||
# Autoflush on STDERR
|
||||
select((select(STDERR), $|=1)[0]);
|
||||
# Get out of wherever (possibly NFS-mounted) we were
|
||||
chdir('/')
|
||||
or die "Could not chdir '/': $!";
|
||||
|
||||
########################################
|
||||
# Config and option parsing {{{
|
||||
my $usage = Slack::default_usage("$PROG [options] <action> <role> [<role>...]");
|
||||
# Option defaults
|
||||
my %opt = ();
|
||||
Slack::get_options(
|
||||
opthash => \%opt,
|
||||
usage => $usage,
|
||||
required_options => \@export_options,
|
||||
);
|
||||
|
||||
my $action = shift || die "No script to run!\n\n$usage";
|
||||
# Arguments are required
|
||||
die "No roles given!\n\n$usage" unless @ARGV;
|
||||
|
||||
# }}}
|
||||
|
||||
# Start with a clean environment
|
||||
%ENV = (
|
||||
PATH => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
|
||||
);
|
||||
# Export certain variables to the environment. These are guaranteed to
|
||||
# be set because we require them in get_options above.
|
||||
for my $option (@export_options) {
|
||||
my $env_var = $option;
|
||||
$env_var =~ tr/a-z-/A-Z_/;
|
||||
$ENV{$env_var} = $opt{$option};
|
||||
}
|
||||
# We want to decrement the verbose value for the child if it's set.
|
||||
$ENV{VERBOSE}-- if $ENV{VERBOSE};
|
||||
|
||||
# Run the script for each role given, if it exists and is executable
|
||||
for my $role (@ARGV) {
|
||||
my $script_to_run = "$opt{stage}/roles/$role/scripts/$action";
|
||||
unless (-x $script_to_run) {
|
||||
if (-e _) {
|
||||
# A helpful warning
|
||||
warn "WARNING[$PROG]: Skipping '$script_to_run' because it's not executable\n";
|
||||
} elsif ($opt{verbose} > 0) {
|
||||
print STDERR "$PROG: Skipping '$script_to_run' because it doesn't exist\n";
|
||||
}
|
||||
next;
|
||||
}
|
||||
my $dir;
|
||||
if ($action eq 'fixfiles') {
|
||||
$dir = "$opt{stage}/roles/$role/files";
|
||||
} else {
|
||||
$dir = "$opt{stage}/roles/$role/scripts";
|
||||
}
|
||||
my @command = ($script_to_run, $role);
|
||||
|
||||
# It's OK to chdir even if we're not going to run the script.
|
||||
# Might as well see if it works.
|
||||
chdir($dir)
|
||||
or die "Could not chdir '$dir': $!\n";
|
||||
if ($opt{'dry-run'}) {
|
||||
($opt{verbose} > 0)
|
||||
and print STDERR "$PROG: Not calling '@command' in '$dir' ".
|
||||
"because --dry-run specified.\n";
|
||||
} else {
|
||||
($opt{verbose} > 0)
|
||||
and print STDERR "$PROG: Calling '@command' in '$dir'.\n";
|
||||
unless (system(@command) == 0) {
|
||||
Slack::check_system_exit(@command);
|
||||
}
|
||||
}
|
||||
chdir('/')
|
||||
or die "Could not chdir '/': $!\n"
|
||||
}
|
||||
exit 0;
|
||||
|
278
archive/slack-runtime/dist/slack-stage
vendored
278
archive/slack-runtime/dist/slack-stage
vendored
@ -1,278 +0,0 @@
|
||||
#!/usr/bin/perl -w
|
||||
# $Id: slack-stage 180 2008-01-19 08:26:19Z alan $
|
||||
# vim:sw=2
|
||||
# vim600:fdm=marker
|
||||
# Copyright (C) 2004-2008 Alan Sundell <alan@sundell.net>
|
||||
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
|
||||
# See the file COPYING for details.
|
||||
#
|
||||
# This script is in charge of copying files from the local cache
|
||||
# directory to the local stage, building a unified single tree onstage
|
||||
# from the multiple trees that are the role + subroles in the cache
|
||||
|
||||
require 5.006;
|
||||
use warnings FATAL => qw(all);
|
||||
use strict;
|
||||
use sigtrap qw(die untrapped normal-signals
|
||||
stack-trace any error-signals);
|
||||
|
||||
use File::Path;
|
||||
use File::Find;
|
||||
|
||||
use constant LIB_DIR => '/usr/lib/slack';
|
||||
use lib LIB_DIR;
|
||||
use Slack;
|
||||
|
||||
my @rsync = ('rsync',
|
||||
'--recursive',
|
||||
'--times',
|
||||
'--ignore-times',
|
||||
'--perms',
|
||||
'--sparse',
|
||||
);
|
||||
|
||||
(my $PROG = $0) =~ s#.*/##;
|
||||
|
||||
sub check_stage ();
|
||||
sub sync_role ($$@);
|
||||
sub apply_default_perms_to_role ($$);
|
||||
|
||||
########################################
|
||||
# Environment
|
||||
# Helpful prefix to die messages
|
||||
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
|
||||
# Set a reasonable umask
|
||||
umask 077;
|
||||
# Get out of wherever (possibly NFS-mounted) we were
|
||||
chdir("/")
|
||||
or die "Could not chdir /: $!";
|
||||
# Autoflush on STDERR
|
||||
select((select(STDERR), $|=1)[0]);
|
||||
|
||||
########################################
|
||||
# Config and option parsing {{{
|
||||
my $usage = Slack::default_usage("$PROG [options] <role> [<role>...]");
|
||||
$usage .= <<EOF;
|
||||
|
||||
--subdir DIR
|
||||
Sync this subdir only. Possible values for DIR are 'files' and
|
||||
'scripts'.
|
||||
EOF
|
||||
# Option defaults
|
||||
my %opt = ();
|
||||
Slack::get_options(
|
||||
opthash => \%opt,
|
||||
command_line_options => [
|
||||
'subdir=s',
|
||||
],
|
||||
usage => $usage,
|
||||
required_options => [ qw(cache stage) ],
|
||||
);
|
||||
|
||||
# Arguments are required
|
||||
die "No roles given!\n\n$usage" unless @ARGV;
|
||||
|
||||
# We only allow certain values for this option
|
||||
if ($opt{subdir}) {
|
||||
unless ($opt{subdir} eq 'files' or $opt{subdir} eq 'scripts') {
|
||||
die "--subdir option must be 'files' or 'scripts'\n\n$usage";
|
||||
}
|
||||
} else {
|
||||
$opt{subdir} = '';
|
||||
}
|
||||
|
||||
# Prepare for backups
|
||||
if ($opt{backup} and $opt{'backup-dir'}) {
|
||||
# Make sure backup directory exists
|
||||
unless (-d $opt{'backup-dir'}) {
|
||||
($opt{verbose} > 0) and print STDERR "Creating backup directory '$opt{'backup-dir'}'\n";
|
||||
if (not $opt{'dry-run'}) {
|
||||
eval { mkpath($opt{'backup-dir'}); };
|
||||
die "Could not mkpath backup dir '$opt{'backup-dir'}': $@\n" if $@;
|
||||
}
|
||||
}
|
||||
push(@rsync, "--backup", "--backup-dir=$opt{'backup-dir'}");
|
||||
}
|
||||
|
||||
# Pass options along to rsync
|
||||
if ($opt{'dry-run'}) {
|
||||
push @rsync, '--dry-run';
|
||||
}
|
||||
# Pass options along to rsync
|
||||
if ($opt{'verbose'} > 1) {
|
||||
push @rsync, '--verbose';
|
||||
}
|
||||
# }}}
|
||||
|
||||
# copy over the new files
|
||||
for my $full_role (@ARGV) {
|
||||
# Split the full role (e.g. google.foogle.woogle) into components
|
||||
my @role_parts = split(/\./, $full_role);
|
||||
die "Internal error: Expect at least one role part" if not @role_parts;
|
||||
# Reassemble parts one at a time onto @role and sync as we go,
|
||||
# so we do "google", then "google.foogle", then "google.foogle.woogle"
|
||||
my @role = ();
|
||||
# Make sure we've got the right perms before we copy stuff down
|
||||
check_stage();
|
||||
|
||||
# For the base role, do both files and scripts.
|
||||
push @role, shift @role_parts;
|
||||
for my $subdir(qw(files scripts)) {
|
||||
if (not $opt{subdir} or $opt{subdir} eq $subdir) {
|
||||
($opt{verbose} > 1)
|
||||
and print STDERR "$PROG: Calling sync_role for $full_role, @role\n";
|
||||
# @role here will have one element, so sync_role will use --delete
|
||||
sync_role($full_role, $subdir, @role)
|
||||
}
|
||||
}
|
||||
|
||||
# For all subroles, just do the files.
|
||||
# (If we wanted script subroles to work like files, we'd get rid of this
|
||||
# distinction and simplify the code.)
|
||||
if (not $opt{subdir} or $opt{subdir} eq 'files') {
|
||||
while (@role_parts) {
|
||||
push @role, shift @role_parts;
|
||||
($opt{verbose} > 1)
|
||||
and print STDERR "$PROG: Calling sync_role for $full_role, @role\n";
|
||||
sync_role($full_role, 'files', @role);
|
||||
}
|
||||
}
|
||||
|
||||
for my $subdir (qw(files scripts)) {
|
||||
apply_default_perms_to_role($full_role, $subdir)
|
||||
if (not $opt{subdir} or $opt{subdir} eq $subdir);
|
||||
}
|
||||
}
|
||||
exit 0;
|
||||
|
||||
# Make sure the stage directory exists and is mode 0700, to protect files
|
||||
# underneath in transit
|
||||
sub check_stage () {
|
||||
my $stage = $opt{stage} . "/roles";
|
||||
if (not $opt{'dry-run'}) {
|
||||
if (not -d $stage) {
|
||||
($opt{verbose} > 0) and print STDERR "$PROG: Creating '$stage'\n";
|
||||
eval { mkpath($stage); };
|
||||
die "Could not mkpath cache dir '$stage': $@\n" if $@;
|
||||
}
|
||||
($opt{verbose} > 0) and print STDERR "$PROG: Checking perms on '$stage'\n";
|
||||
if ($> != 0) {
|
||||
warn "WARNING[$PROG]: Not superuser; unable to chown files\n";
|
||||
} else {
|
||||
chown(0, 0, $stage)
|
||||
or die "Could not chown 0:0 '$stage': $!\n";
|
||||
}
|
||||
chmod(0700, $stage)
|
||||
or die "Could not chmod 0700 '$stage': $!\n";
|
||||
}
|
||||
}
|
||||
|
||||
# Copy the files for a role from CACHE to STAGE
|
||||
sub sync_role ($$@) {
|
||||
my ($full_role, $subdir, @role) = @_;
|
||||
my @this_rsync = @rsync;
|
||||
|
||||
# If we were only given one role part, we're in the base role
|
||||
my $in_base_role = (scalar @role == 1);
|
||||
|
||||
# For the base role, delete any files that don't exist in the cache.
|
||||
# Not for the subrole (otherwise we'll delete all files not in
|
||||
# the subrole, which may be most of them!)
|
||||
if ($in_base_role) {
|
||||
push @this_rsync, "--delete";
|
||||
}
|
||||
|
||||
# (a) => a/files
|
||||
# (a,b,c) => a/files.b.c
|
||||
my $src_path = $role[0].'/'.join(".", $subdir, @role[1 .. $#role]);
|
||||
# This one's a little simpler:
|
||||
my $dst_path = $full_role.'/'.$subdir;
|
||||
|
||||
# final / is important for rsync
|
||||
my $source = $opt{cache} . "/roles/" . $src_path . "/";
|
||||
my $destination = $opt{stage} . "/roles/" . $dst_path . "/";
|
||||
if (not -d $destination and -d $source) {
|
||||
($opt{verbose} > 0) and print STDERR "$PROG: Creating '$destination'\n";
|
||||
if (not $opt{'dry-run'}) {
|
||||
eval { mkpath($destination); };
|
||||
die "Could not mkpath stage dir '$destination': $@\n" if $@;
|
||||
}
|
||||
}
|
||||
|
||||
# We no longer require the source to exist
|
||||
if (not -d $source) {
|
||||
# but we need to remove the destination if the source
|
||||
# doesn't exist and we're in the base role
|
||||
if ($in_base_role) {
|
||||
rmtree($destination);
|
||||
# rmtree() doesn't throw exceptions or give a return value useful
|
||||
# for detecting failure, so we just check after the fact.
|
||||
die "Could not rmtree '$destination' when '$source' missing\n"
|
||||
if -e $destination;
|
||||
}
|
||||
# if we continue, rsync will fail because source is missing,
|
||||
# so we don't.
|
||||
return;
|
||||
}
|
||||
|
||||
# All this to run an rsync command
|
||||
my @command = (@this_rsync, $source, $destination);
|
||||
($opt{verbose} > 0) and print STDERR "$PROG: Syncing $src_path with '@command'\n";
|
||||
Slack::wrap_rsync(@command);
|
||||
}
|
||||
|
||||
# This just takes the base role, and chowns/chmods everything under it to
|
||||
# give it some sensible permissions. Basically, the only thing we preserve
|
||||
# about the original permissions is the executable bit, since that's the
|
||||
# only thing source code controls systems like CVS, RCS, Perforce seem to
|
||||
# preserve.
|
||||
sub apply_default_perms_to_role ($$) {
|
||||
my ($role, $subdir) = @_;
|
||||
my $destination = $opt{stage} . "/roles/" . $role;
|
||||
|
||||
if ($subdir) {
|
||||
$destination .= '/' . $subdir;
|
||||
}
|
||||
|
||||
# If the destination doesn't exist, it's probably because the source didn't
|
||||
return if not -d $destination;
|
||||
|
||||
($opt{verbose} > 0) and print STDERR "$PROG: Setting default perms on $destination\n";
|
||||
if ($> != 0) {
|
||||
warn "WARNING[$PROG]: Not superuser; won't be able to chown files\n";
|
||||
}
|
||||
# Use File::Find to recurse the directory
|
||||
find({
|
||||
# The "wanted" subroutine is called for every directory entry
|
||||
wanted => sub {
|
||||
return if $opt{'dry-run'};
|
||||
($opt{verbose} > 2) and print STDERR "$File::Find::name\n";
|
||||
if (-l) {
|
||||
# symlinks shouldn't be in here,
|
||||
# since we dereference when copying
|
||||
warn "WARNING[$PROG]: Skipping symlink at $File::Find::name: $!\n";
|
||||
return;
|
||||
} elsif (-f _) { # results of last stat saved in the "_"
|
||||
if (-x _) {
|
||||
chmod 0555, $_
|
||||
or die "Could not chmod 0555 $File::Find::name: $!";
|
||||
} else {
|
||||
chmod 0444, $_
|
||||
or die "Could not chmod 0444 $File::Find::name: $!";
|
||||
}
|
||||
} elsif (-d _) {
|
||||
chmod 0755, $_
|
||||
or die "Could not chmod 0755 $File::Find::name: $!";
|
||||
} else {
|
||||
warn "WARNING[$PROG]: Unknown file type at $File::Find::name: $!\n";
|
||||
}
|
||||
return if $> != 0; # skip chowning if not superuser
|
||||
chown 0, 0, $_
|
||||
or die "Could not chown 0:0 $File::Find::name: $!";
|
||||
},
|
||||
# end of wanted function
|
||||
},
|
||||
# way down here, we have the directory to traverse with File::Find
|
||||
$destination,
|
||||
);
|
||||
}
|
169
archive/slack-runtime/dist/slack-sync
vendored
169
archive/slack-runtime/dist/slack-sync
vendored
@ -1,169 +0,0 @@
|
||||
#!/usr/bin/perl -w
|
||||
# $Id: slack-sync 180 2008-01-19 08:26:19Z alan $
|
||||
# vim:sw=2
|
||||
# vim600:fdm=marker
|
||||
# Copyright (C) 2004-2008 Alan Sundell <alan@sundell.net>
|
||||
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
|
||||
# See the file COPYING for details.
|
||||
#
|
||||
# This script is in charge of copying files from the (possibly remote)
|
||||
# master directory to a local cache, using rsync
|
||||
|
||||
require 5.006;
|
||||
use warnings FATAL => qw(all);
|
||||
use strict;
|
||||
use sigtrap qw(die untrapped normal-signals
|
||||
stack-trace any error-signals);
|
||||
|
||||
use File::Path;
|
||||
|
||||
use constant LIB_DIR => '/usr/lib/slack';
|
||||
use lib LIB_DIR;
|
||||
use Slack;
|
||||
|
||||
my @rsync = ('rsync',
|
||||
'--cvs-exclude',
|
||||
'--recursive',
|
||||
'--links',
|
||||
'--copy-links',
|
||||
'--times',
|
||||
'--perms',
|
||||
'--sparse',
|
||||
'--delete',
|
||||
'--files-from=-',
|
||||
'--from0',
|
||||
);
|
||||
|
||||
(my $PROG = $0) =~ s#.*/##;
|
||||
|
||||
sub check_cache ($);
|
||||
sub rsync_source ($$@);
|
||||
|
||||
########################################
|
||||
# Environment
|
||||
# Helpful prefix to die messages
|
||||
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
|
||||
# Set a reasonable umask
|
||||
umask 077;
|
||||
# Get out of wherever (possibly NFS-mounted) we were
|
||||
chdir("/")
|
||||
or die "Could not chdir /: $!";
|
||||
# Autoflush on STDERR
|
||||
select((select(STDERR), $|=1)[0]);
|
||||
|
||||
########################################
|
||||
# Config and option parsing {{{
|
||||
my $usage = Slack::default_usage("$PROG [options] <role> [<role>...]");
|
||||
# Option defaults
|
||||
my %opt = ();
|
||||
Slack::get_options(
|
||||
opthash => \%opt,
|
||||
usage => $usage,
|
||||
required_options => [ qw(source cache) ],
|
||||
);
|
||||
|
||||
# Arguments are required
|
||||
die "No roles given!\n\n$usage" unless @ARGV;
|
||||
|
||||
# Prepare for backups
|
||||
if ($opt{backup} and $opt{'backup-dir'}) {
|
||||
# Make sure backup directory exists
|
||||
unless (-d $opt{'backup-dir'}) {
|
||||
($opt{verbose} > 0) and print STDERR "Creating backup directory '$opt{'backup-dir'}'\n";
|
||||
if (not $opt{'dry-run'}) {
|
||||
eval { mkpath($opt{'backup-dir'}); };
|
||||
die "Could not mkpath backup dir '$opt{'backup-dir'}': $@\n" if $@;
|
||||
}
|
||||
}
|
||||
push(@rsync, "--backup", "--backup-dir=$opt{'backup-dir'}");
|
||||
}
|
||||
# Look at source type, and add options if necessary
|
||||
if ($opt{'rsh'} or $opt{source} =~ m/^[\w@\.-]+::/) {
|
||||
# This is tunnelled rsync, and so needs an extra option
|
||||
if ($opt{'rsh'}) {
|
||||
push @rsync, '-e', $opt{'rsh'};
|
||||
} else {
|
||||
push @rsync, '-e', 'ssh';
|
||||
}
|
||||
}
|
||||
|
||||
# Pass options along to rsync
|
||||
if ($opt{'dry-run'}) {
|
||||
push @rsync, '--dry-run';
|
||||
}
|
||||
# Pass options along to rsync
|
||||
if ($opt{'verbose'} > 1) {
|
||||
push @rsync, '--verbose';
|
||||
}
|
||||
# }}}
|
||||
|
||||
my @roles = ();
|
||||
|
||||
{
|
||||
# This hash is just to avoid calling rsync twice if two subroles are
|
||||
# installed. We only care since it's remote, and therefore slow.
|
||||
my %roles_to_sync = ();
|
||||
|
||||
# copy over the new files
|
||||
for my $full_role (@ARGV) {
|
||||
# Get the first element of the role name (the base role)
|
||||
# e.g., from "google.foogle.woogle", get "google"
|
||||
my $base_role = (split /\./, $full_role, 2)[0];
|
||||
|
||||
$roles_to_sync{$base_role} = 1;
|
||||
}
|
||||
@roles = keys %roles_to_sync;
|
||||
}
|
||||
|
||||
my $cache = $opt{cache} . "/roles/";
|
||||
# Make sure we've got the right perms before we copy stuff down
|
||||
check_cache($cache);
|
||||
|
||||
rsync_source(
|
||||
$opt{source} . '/roles/',
|
||||
$cache,
|
||||
@roles,
|
||||
);
|
||||
|
||||
exit 0;
|
||||
|
||||
# Make sure the cache directory exists and is mode 0700, to protect files
|
||||
# underneath in transit
|
||||
sub check_cache ($) {
|
||||
my ($cache) = @_;
|
||||
if (not $opt{'dry-run'}) {
|
||||
if (not -d $cache) {
|
||||
($opt{verbose} > 0) and print STDERR "$PROG: Creating '$cache'\n";
|
||||
eval { mkpath($cache); };
|
||||
die "Could not mkpath cache dir '$cache': $@\n" if $@;
|
||||
}
|
||||
($opt{verbose} > 0) and print STDERR "$PROG: Checking perms on '$cache'\n";
|
||||
if ($> != 0) {
|
||||
warn "WARNING[$PROG]: Not superuser; unable to chown files\n";
|
||||
} else {
|
||||
chown(0, 0, $cache)
|
||||
or die "Could not chown 0:0 '$cache': $!\n";
|
||||
}
|
||||
chmod(0700, $cache)
|
||||
or die "Could not chmod 0700 '$cache': $!\n";
|
||||
}
|
||||
}
|
||||
|
||||
# Pull down roles from an rsync source
|
||||
sub rsync_source($$@) {
|
||||
my ($source, $destination, @roles) = @_;
|
||||
my @command = (@rsync, $source, $destination);
|
||||
|
||||
($opt{verbose} > 0)
|
||||
and print STDERR "$PROG: Syncing cache with '@command'\n";
|
||||
|
||||
my ($fh) = Slack::wrap_rsync_fh(@command);
|
||||
|
||||
# Shove the roles down its throat
|
||||
print $fh join("\0", @roles), "\0";
|
||||
|
||||
# Close fh, waitpid, and check return value
|
||||
unless (close($fh)) {
|
||||
Slack::check_system_exit(@command);
|
||||
}
|
||||
}
|
0
archive/slack-runtime/dist/slack.conf
vendored
0
archive/slack-runtime/dist/slack.conf
vendored
@ -1,6 +0,0 @@
|
||||
ROLE_LIST=toolbox.turnsys.net:/local/slack-prod/etc/roles.conf
|
||||
SOURCE=toolbox.turnsys.net:/local/slack-prod/
|
||||
CACHE=/var/cache/slack
|
||||
STAGE=/var/lib/slack/stage
|
||||
ROOT=/
|
||||
BACKUP_DIR=/var/lib/slack/backups
|
@ -1,4 +0,0 @@
|
||||
Host toolbox.turnsys.net
|
||||
User slack-prod
|
||||
IdentityFile /root/.ssh/SlackSSH-prod.key
|
||||
StrictHostKeyChecking no
|
27
archive/slack-runtime/env/SlackSSH-prod.key
vendored
27
archive/slack-runtime/env/SlackSSH-prod.key
vendored
@ -1,27 +0,0 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEowIBAAKCAQEAycZwe0FuYISsFaHvaplNhb9uplG8YeMkffIKXp633MwihACm
|
||||
oNoKEQHlqSKD1urZfLYjwf1YBKAPt9QRdIguwsQ3hl3xKpsO+gsmaOpF3eJMVWHZ
|
||||
dS/T7lplIOcXr0tbUeibQ9p+c+MgICfpdAJvUnuD8grDmaTuvasBat4Ow6rXIzsQ
|
||||
WKzSrP3iQJ0xeq+mqRIlPP5dwl66RF+dlaloVxlvG95i3u512EkNg+sMt1X5KbhH
|
||||
ecQSicpA8K2qK4G71CqRIm7DmXCheSlDzqLACwJAFOU4xN3eqTO3B4Bm5Wri9Oip
|
||||
hkwzMgWrDNFx/69ZnGF69g0VP8Qyl4R7d3FZDQIDAQABAoIBAQCzCDYpxybO0Sl3
|
||||
kFXEuf3FHNRrEr8aA9cPQUHeLuppKV++zG0M8CpaaNqENjHQ8lTDiUE1ETuV7wfD
|
||||
TpGmWmdTPZMe0B/6c9bYGiickrInbHHamJXAmw1qwh5VEXc8fJqslL2feTEWVoLc
|
||||
xU0pODfacenjS5W+sE99T0xUrG9hQJMRtNOorMQiUraLl670yIZnzMszDIdd1xdv
|
||||
4XCuQ5Phnup22/kvByIdiNXPaSY/gOooBTZDUzka+FV3Nn9XXhZoNBnNfk6XgHZw
|
||||
x9vQvnN+tuDr6RX4g1RPq/u6IhsQO2/OT9wwu74KLdkLFTssGold73uys2WvC0NW
|
||||
zNFVBuBBAoGBAO6lhTWE2hvt5h7btEY36XgoJbu0k/E7fVgEud2yCdRdQ5ApAHVs
|
||||
xvol1D3waVKUrRePKq2BhaylwtYACYAow3geMsGrlf4ndlLOQ1z6ByNncJPF3Tr1
|
||||
lFp025QLijoKmnCq3CdIVPrdhTm44go2usXytobpxS2nB5hZwZfyDju5AoGBANhy
|
||||
i9vOlRXcLiHpmzAKwFs/jR9D09DUZ6ALm22HvDOsISJS+nR2neun+7HXXHm1Kqyu
|
||||
w1GA8xaqBnuFfuHP09ZYTNammEROS8dL/5muGCwrfwIrd/H4ELsE0spWOrTlfgY/
|
||||
GN5WeoXZGAwjiu67AoRkpKIQxnsjEKSNKZQntjn1AoGAOyAdIcZZd2P4iJqsTl1Z
|
||||
5aAkwR2bLcAsbNs25XtPviKhM51E9NLPdXhb3kCrB3+4ZsbcrwIRCVZEMFrv/6WZ
|
||||
0C/DKYKGdeJ3CUr7G5UCob3mAWabShk/+S1MnaBCTeEEpHdgdgcQrtqlQEjTD+7B
|
||||
VXutxz0x0f64/gD22ttotVkCgYAma4a52JyMCc5ChMXgLDhiuhAhuZdynRFbzlOj
|
||||
iJF2lpo3DoWYgKmdd+7sbW7jx62wg0D2Sa5cmoeWC2cvTAWtKXVSMLYcgc1frfTL
|
||||
4aQ2yu27g93BnKfTmpKUCeRX0dih4TdX1//dnGBxXym9IILc30R94/5nQx0kKE52
|
||||
Fup4tQKBgHrDPBIJG3MkA5UIkBPnxE9Ei8V4g/TpYjmC+6JiWkBTQCNZ4A2KKl7S
|
||||
pwGQwdcqA5OsPbw0T54HwMtDm0ao0b3krb70vBw/xdIAHNe3DCmeOuKelvjDyzr1
|
||||
ZL6gF557VfKFjz23Hp2PbOYo88BAdX1H1zy0FUZJ7Zh4GbOjgVFQ
|
||||
-----END RSA PRIVATE KEY-----
|
@ -1 +0,0 @@
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJxnB7QW5ghKwVoe9qmU2Fv26mUbxh4yR98gpenrfczCKEAKag2goRAeWpIoPW6tl8tiPB/VgEoA+31BF0iC7CxDeGXfEqmw76CyZo6kXd4kxVYdl1L9PuWmUg5xevS1tR6JtD2n5z4yAgJ+l0Am9Se4PyCsOZpO69qwFq3g7DqtcjOxBYrNKs/eJAnTF6r6apEiU8/l3CXrpEX52VqWhXGW8b3mLe7nXYSQ2D6wy3VfkpuEd5xBKJykDwraorgbvUKpEibsOZcKF5KUPOosALAkAU5TjE3d6pM7cHgGblauL06KmGTDMyBasM0XH/r1mcYXr2DRU/xDKXhHt3cVkN charles@ultix-mini
|
Binary file not shown.
0
archive/slack/ts-base-ovh/files/etc/cron.daily/clamscan
Executable file → Normal file
0
archive/slack/ts-base-ovh/files/etc/cron.daily/clamscan
Executable file → Normal file
0
archive/slack/ts-base-ovh/files/usr/local/bin/upAndRoll.sh
Executable file → Normal file
0
archive/slack/ts-base-ovh/files/usr/local/bin/upAndRoll.sh
Executable file → Normal file
0
archive/slack/ts-base-ovh/scripts/postinstall
Executable file → Normal file
0
archive/slack/ts-base-ovh/scripts/postinstall
Executable file → Normal file
@ -1,25 +0,0 @@
|
||||
{
|
||||
ATTWAN [shape = cloud];
|
||||
ATTWAN -- ATTDSLModem
|
||||
|
||||
network untrusted {
|
||||
address = "192.168.1.x/24"
|
||||
|
||||
ATTDSLModem [address = ".254"];
|
||||
pfv-core-rtr02 [address = ".70"];
|
||||
pfv-core-rtr01 [address = ".71"];
|
||||
}
|
||||
|
||||
network LAN-VLAN100 {
|
||||
address = "10.251.100.x/24"
|
||||
LANGW-RTR01 [address = ".252"];
|
||||
LANGW-RTR02 [address = ".253"];
|
||||
LANGW-FLOAT [address = ".254"];
|
||||
}
|
||||
network NERDBONE-VLAN200 {
|
||||
address = "10.251.200.x/24"
|
||||
NERDBONEGW-RTR01 [address = ".252"];
|
||||
NERDBONEGW-RTR02 [address = ".253"];
|
||||
NERDBONEGW-FLOAT [address = ".254"];
|
||||
}
|
||||
}
|
Binary file not shown.
Before Width: | Height: | Size: 19 KiB |
3
doorman/README.md
Normal file
3
doorman/README.md
Normal file
@ -0,0 +1,3 @@
|
||||
# doorman
|
||||
|
||||
All things related to badge management for TSYS
|
0
doorman/doorman.pl
Executable file → Normal file
0
doorman/doorman.pl
Executable file → Normal file
0
doorman/test.pl
Executable file → Normal file
0
doorman/test.pl
Executable file → Normal file
0
fixHosts.sh
Executable file → Normal file
0
fixHosts.sh
Executable file → Normal file
0
libre-work/librenms/distro
Executable file → Normal file
0
libre-work/librenms/distro
Executable file → Normal file
0
libre-work/librenms/ntp-client.sh
Executable file → Normal file
0
libre-work/librenms/ntp-client.sh
Executable file → Normal file
0
libre-work/librenms/ntp-server.sh
Executable file → Normal file
0
libre-work/librenms/ntp-server.sh
Executable file → Normal file
0
libre-work/librenms/os-updates.sh
Executable file → Normal file
0
libre-work/librenms/os-updates.sh
Executable file → Normal file
0
libre-work/librenms/postfix-queues
Executable file → Normal file
0
libre-work/librenms/postfix-queues
Executable file → Normal file
0
libre-work/librenms/postfixdetailed
Executable file → Normal file
0
libre-work/librenms/postfixdetailed
Executable file → Normal file
0
libre-work/librenms/smart
Executable file → Normal file
0
libre-work/librenms/smart
Executable file → Normal file
File diff suppressed because it is too large
Load Diff
@ -1,280 +0,0 @@
|
||||
interface ethernet 1/e1
|
||||
description sw1-mgmt
|
||||
exit
|
||||
interface ethernet 1/e2
|
||||
description sw2-mgmt
|
||||
exit
|
||||
interface ethernet 1/e3
|
||||
description sw3-mgmt
|
||||
exit
|
||||
interface ethernet 1/e4
|
||||
description sw4-mgmt
|
||||
exit
|
||||
interface ethernet 1/e5
|
||||
description sw5-mgmt
|
||||
exit
|
||||
interface ethernet 1/e6
|
||||
description sw6-mgmt
|
||||
exit
|
||||
interface range ethernet 1/e(7,19)
|
||||
description r7-mgmt
|
||||
exit
|
||||
interface range ethernet 1/e(8,20)
|
||||
description r8-mgmt
|
||||
exit
|
||||
interface ethernet 1/e9
|
||||
description fw1-mgmt
|
||||
exit
|
||||
interface ethernet 1/e10
|
||||
description fw2-mgmt
|
||||
exit
|
||||
interface ethernet 1/e11
|
||||
description r3-mgmt
|
||||
exit
|
||||
interface ethernet 1/e12
|
||||
description r2-mgmt
|
||||
exit
|
||||
interface ethernet 1/e13
|
||||
description r1-mgmt
|
||||
exit
|
||||
interface ethernet 1/e14
|
||||
description r4-mgmt
|
||||
exit
|
||||
interface ethernet 1/e15
|
||||
description r5-mgmt
|
||||
exit
|
||||
interface ethernet 1/e16
|
||||
description r6-mgmt
|
||||
exit
|
||||
interface ethernet 1/e17
|
||||
description sw7
|
||||
exit
|
||||
interface ethernet 1/e18
|
||||
description sw8-mgmt
|
||||
exit
|
||||
interface ethernet 1/e21
|
||||
description sw9-mgmt
|
||||
exit
|
||||
interface ethernet 1/e22
|
||||
description r4(wan)
|
||||
exit
|
||||
interface ethernet 1/e23
|
||||
description r5(wan)
|
||||
exit
|
||||
interface ethernet 1/e24
|
||||
description fw2(wan)
|
||||
exit
|
||||
interface ethernet 1/e25
|
||||
description auslab-con01
|
||||
exit
|
||||
interface ethernet 1/e26
|
||||
description r10(mgmt)
|
||||
exit
|
||||
interface ethernet 1/e27
|
||||
description r11(mgmt)
|
||||
exit
|
||||
interface ethernet 1/e28
|
||||
description r10(wan)
|
||||
exit
|
||||
interface ethernet 1/e29
|
||||
description r11(wan)
|
||||
exit
|
||||
interface ethernet 1/e42
|
||||
description ikeabench-sw
|
||||
exit
|
||||
interface ethernet 1/e45
|
||||
description LabPC
|
||||
exit
|
||||
interface ethernet 1/e46
|
||||
description Uplink-From-labsw02
|
||||
exit
|
||||
interface ethernet 1/e46
|
||||
duplex full
|
||||
exit
|
||||
interface ethernet 1/e47
|
||||
description GroundStation-Switch
|
||||
exit
|
||||
interface ethernet 1/e48
|
||||
description Uplink-To-labrtr01
|
||||
exit
|
||||
interface range ethernet 1/e(46,48)
|
||||
switchport mode trunk
|
||||
exit
|
||||
vlan database
|
||||
vlan 2-8,12,19-20,22,101,300-320,400-420
|
||||
exit
|
||||
interface range ethernet 1/e(46,48)
|
||||
switchport trunk allowed vlan add 2
|
||||
exit
|
||||
interface range ethernet 1/e(46,48)
|
||||
switchport trunk allowed vlan add 3
|
||||
exit
|
||||
interface ethernet 1/e4
|
||||
switchport access vlan 4
|
||||
exit
|
||||
interface range ethernet 1/e(46,48)
|
||||
switchport trunk allowed vlan add 4
|
||||
exit
|
||||
interface range ethernet 1/e(46,48)
|
||||
switchport trunk allowed vlan add 5
|
||||
exit
|
||||
interface ethernet 1/e20
|
||||
switchport access vlan 6
|
||||
exit
|
||||
interface range ethernet 1/e(46,48)
|
||||
switchport trunk allowed vlan add 6
|
||||
exit
|
||||
interface range ethernet 1/e(46,48)
|
||||
switchport trunk allowed vlan add 7
|
||||
exit
|
||||
interface range ethernet 1/e(46,48)
|
||||
switchport trunk allowed vlan add 8
|
||||
exit
|
||||
interface ethernet 1/e29
|
||||
switchport access vlan 20
|
||||
exit
|
||||
interface range ethernet 1/e(25,42-43,45,47)
|
||||
switchport access vlan 22
|
||||
exit
|
||||
interface ethernet 1/e46
|
||||
switchport trunk native vlan 22
|
||||
exit
|
||||
interface ethernet 1/e48
|
||||
switchport trunk allowed vlan add 22
|
||||
exit
|
||||
interface ethernet 1/e1
|
||||
switchport access vlan 300
|
||||
exit
|
||||
interface ethernet 1/e2
|
||||
switchport access vlan 301
|
||||
exit
|
||||
interface ethernet 1/e3
|
||||
switchport access vlan 302
|
||||
exit
|
||||
interface ethernet 1/e5
|
||||
switchport access vlan 304
|
||||
exit
|
||||
interface ethernet 1/e6
|
||||
switchport access vlan 305
|
||||
exit
|
||||
interface ethernet 1/e44
|
||||
switchport access vlan 306
|
||||
exit
|
||||
interface ethernet 1/e7
|
||||
switchport access vlan 307
|
||||
exit
|
||||
interface ethernet 1/e9
|
||||
switchport access vlan 308
|
||||
exit
|
||||
interface ethernet 1/e11
|
||||
switchport access vlan 309
|
||||
exit
|
||||
interface ethernet 1/e13
|
||||
switchport access vlan 310
|
||||
exit
|
||||
interface ethernet 1/e14
|
||||
switchport access vlan 311
|
||||
exit
|
||||
interface ethernet 1/e15
|
||||
switchport access vlan 312
|
||||
exit
|
||||
interface ethernet 1/e21
|
||||
switchport access vlan 313
|
||||
exit
|
||||
interface ethernet 1/e23
|
||||
switchport access vlan 314
|
||||
exit
|
||||
interface ethernet 1/e17
|
||||
switchport access vlan 315
|
||||
exit
|
||||
interface ethernet 1/e18
|
||||
switchport access vlan 316
|
||||
exit
|
||||
interface ethernet 1/e26
|
||||
switchport access vlan 317
|
||||
exit
|
||||
interface ethernet 1/e19
|
||||
switchport access vlan 318
|
||||
exit
|
||||
interface ethernet 1/e28
|
||||
switchport access vlan 319
|
||||
exit
|
||||
interface ethernet 1/e16
|
||||
switchport access vlan 400
|
||||
exit
|
||||
interface ethernet 1/e8
|
||||
switchport access vlan 401
|
||||
exit
|
||||
interface ethernet 1/e10
|
||||
switchport access vlan 402
|
||||
exit
|
||||
interface ethernet 1/e12
|
||||
switchport access vlan 403
|
||||
exit
|
||||
interface ethernet 1/e22
|
||||
switchport access vlan 407
|
||||
exit
|
||||
interface ethernet 1/e24
|
||||
switchport access vlan 408
|
||||
exit
|
||||
interface ethernet 1/e27
|
||||
switchport access vlan 409
|
||||
exit
|
||||
interface vlan 2
|
||||
name management-network
|
||||
exit
|
||||
interface vlan 3
|
||||
name ap
|
||||
exit
|
||||
interface vlan 4
|
||||
name switch
|
||||
exit
|
||||
interface vlan 5
|
||||
name voip
|
||||
exit
|
||||
interface vlan 6
|
||||
name router
|
||||
exit
|
||||
interface vlan 7
|
||||
name iptv
|
||||
exit
|
||||
interface vlan 8
|
||||
name client
|
||||
exit
|
||||
interface vlan 19
|
||||
name storage
|
||||
exit
|
||||
interface vlan 20
|
||||
name router-wan
|
||||
exit
|
||||
interface vlan 101
|
||||
name fstack1
|
||||
exit
|
||||
interface vlan 22
|
||||
ip address 10.251.22.2 255.255.255.0
|
||||
exit
|
||||
ip default-gateway 10.251.22.254
|
||||
hostname labsw01.pfv.turnsys.net
|
||||
line ssh
|
||||
exec-timeout 0
|
||||
exit
|
||||
logging 10.253.3.99
|
||||
aaa authentication enable default enable
|
||||
aaa authentication enable radius enable
|
||||
ip http authentication none
|
||||
aaa authentication login default line
|
||||
aaa authentication login radius local
|
||||
line ssh
|
||||
password d4d78a126ab5aa766f1c716b3fbcd230 encrypted
|
||||
exit
|
||||
line console
|
||||
password d4d78a126ab5aa766f1c716b3fbcd230 encrypted
|
||||
exit
|
||||
enable password level 15 6a3299495f48d92cd5541197dacfcf20 encrypted
|
||||
username admin password 6a3299495f48d92cd5541197dacfcf20 level 15 encrypted
|
||||
snmp-server host 10.253.3.99 kn3lmgmt
|
||||
snmp-server location PFV
|
||||
snmp-server contact prodtechops@turnsys.com
|
||||
snmp-server community kn3lmgmt 10.253.3.99
|
||||
ip https server
|
||||
|
@ -1,896 +0,0 @@
|
||||
<?xml version="1.0"?>
|
||||
<opnsense>
|
||||
<theme>opnsense</theme>
|
||||
<sysctl>
|
||||
<item>
|
||||
<descr>Disable the pf ftp proxy handler.</descr>
|
||||
<tunable>debug.pfftpproxy</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr>Increase UFS read-ahead speeds to match current state of hard drives and NCQ. More information here: http://ivoras.sharanet.org/blog/tree/2010-11-19.ufs-read-ahead.html</descr>
|
||||
<tunable>vfs.read_max</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr>Set the ephemeral port range to be lower.</descr>
|
||||
<tunable>net.inet.ip.portrange.first</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr>Drop packets to closed TCP ports without returning a RST</descr>
|
||||
<tunable>net.inet.tcp.blackhole</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr>Do not send ICMP port unreachable messages for closed UDP ports</descr>
|
||||
<tunable>net.inet.udp.blackhole</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr>Randomize the ID field in IP packets (default is 0: sequential IP IDs)</descr>
|
||||
<tunable>net.inet.ip.random_id</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr>
|
||||
Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
|
||||
It can also be used to probe for information about your internal networks. These functions come enabled
|
||||
as part of the standard FreeBSD core system.
|
||||
</descr>
|
||||
<tunable>net.inet.ip.sourceroute</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr>
|
||||
Source routing is another way for an attacker to try to reach non-routable addresses behind your box.
|
||||
It can also be used to probe for information about your internal networks. These functions come enabled
|
||||
as part of the standard FreeBSD core system.
|
||||
</descr>
|
||||
<tunable>net.inet.ip.accept_sourceroute</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr>
|
||||
Redirect attacks are the purposeful mass-issuing of ICMP type 5 packets. In a normal network, redirects
|
||||
to the end stations should not be required. This option enables the NIC to drop all inbound ICMP redirect
|
||||
packets without returning a response.
|
||||
</descr>
|
||||
<tunable>net.inet.icmp.drop_redirect</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr>
|
||||
This option turns off the logging of redirect packets because there is no limit and this could fill
|
||||
up your logs consuming your whole hard drive.
|
||||
</descr>
|
||||
<tunable>net.inet.icmp.log_redirect</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr>Drop SYN-FIN packets (breaks RFC1379, but nobody uses it anyway)</descr>
|
||||
<tunable>net.inet.tcp.drop_synfin</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr>Enable sending IPv4 redirects</descr>
|
||||
<tunable>net.inet.ip.redirect</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr>Enable sending IPv6 redirects</descr>
|
||||
<tunable>net.inet6.ip6.redirect</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr>Enable privacy settings for IPv6 (RFC 4941)</descr>
|
||||
<tunable>net.inet6.ip6.use_tempaddr</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr>Prefer privacy addresses and use them over the normal addresses</descr>
|
||||
<tunable>net.inet6.ip6.prefer_tempaddr</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr>Generate SYN cookies for outbound SYN-ACK packets</descr>
|
||||
<tunable>net.inet.tcp.syncookies</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr>Maximum incoming/outgoing TCP datagram size (receive)</descr>
|
||||
<tunable>net.inet.tcp.recvspace</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr>Maximum incoming/outgoing TCP datagram size (send)</descr>
|
||||
<tunable>net.inet.tcp.sendspace</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr>Do not delay ACK to try and piggyback it onto a data packet</descr>
|
||||
<tunable>net.inet.tcp.delayed_ack</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr>Maximum outgoing UDP datagram size</descr>
|
||||
<tunable>net.inet.udp.maxdgram</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr>Handling of non-IP packets which are not passed to pfil (see if_bridge(4))</descr>
|
||||
<tunable>net.link.bridge.pfil_onlyip</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr>Set to 1 to additionally filter on the physical interface for locally destined packets</descr>
|
||||
<tunable>net.link.bridge.pfil_local_phys</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr>Set to 0 to disable filtering on the incoming and outgoing member interfaces.</descr>
|
||||
<tunable>net.link.bridge.pfil_member</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr>Set to 1 to enable filtering on the bridge interface</descr>
|
||||
<tunable>net.link.bridge.pfil_bridge</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr>Allow unprivileged access to tap(4) device nodes</descr>
|
||||
<tunable>net.link.tap.user_open</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr>Randomize PID's (see src/sys/kern/kern_fork.c: sysctl_kern_randompid())</descr>
|
||||
<tunable>kern.randompid</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr>Maximum size of the IP input queue</descr>
|
||||
<tunable>net.inet.ip.intr_queue_maxlen</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr>Disable CTRL+ALT+Delete reboot from keyboard.</descr>
|
||||
<tunable>hw.syscons.kbd_reboot</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr>Enable TCP extended debugging</descr>
|
||||
<tunable>net.inet.tcp.log_debug</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr>Set ICMP Limits</descr>
|
||||
<tunable>net.inet.icmp.icmplim</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr>TCP Offload Engine</descr>
|
||||
<tunable>net.inet.tcp.tso</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr>UDP Checksums</descr>
|
||||
<tunable>net.inet.udp.checksum</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
<item>
|
||||
<descr>Maximum socket buffer size</descr>
|
||||
<tunable>kern.ipc.maxsockbuf</tunable>
|
||||
<value>default</value>
|
||||
</item>
|
||||
</sysctl>
|
||||
<system>
|
||||
<optimization>normal</optimization>
|
||||
<hostname>ovh-core-rtr01</hostname>
|
||||
<domain>turnsys.net</domain>
|
||||
<group>
|
||||
<name>admins</name>
|
||||
<description>System Administrators</description>
|
||||
<scope>system</scope>
|
||||
<gid>1999</gid>
|
||||
<member>0</member>
|
||||
<priv>user-shell-access</priv>
|
||||
<priv>page-all</priv>
|
||||
</group>
|
||||
<user>
|
||||
<name>root</name>
|
||||
<descr>System Administrator</descr>
|
||||
<scope>system</scope>
|
||||
<groupname>admins</groupname>
|
||||
<password>$2b$10$k7UpLMTFYZHVQqDpnlXr1.tMDVslyuzDVWfvMg9.MNwC1SydPyxoy</password>
|
||||
<uid>0</uid>
|
||||
<expires/>
|
||||
<authorizedkeys>c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFCQVFDL0xZSGo0TTh2UGJncmlDaXhnRXBiMFFwdUpNT2Z5c29VOEc2U1ZyWUQ2b21oYWFkam1ITUY1YStRNTdYRVUyQU8vTlNQWnI2TFRrdTNuUlY4anV5OFhVS1U4MzYrRVhaMkhJQnBMNVVmS3ptd2pyMERPdGFMTngva0lFa1ZEL21CeGhGSDRBWGlVVXZkZmpCZDZOdlNPcGJVWllocFo4RGRFTTdCeFZpT3YzV0FxZjd5Q1FJZGcxNWI4bUdkbmduemNzK2l6VWllKytzL09IMUpxZ21MVUhQM0F4VHE0WUVSS045azJCeU50UjdPNlBHZytHdlR1a1U3Z25tbE1abXFLb3dFWUVFMkREZGRtU2t2ZVpqUkdlbTRaVHFFdTkwNHBETWR2cXRPNVNiZUNMdSs2aUFsUy9hOThhVlBiaWMwaU90TXBFd3Y5dnpUaXBUbWE1NGwgam9zZWZjdWJAc2xlaXBuaXINCnNzaC1yc2EgQUFBQUIzTnphQzF5YzJFQUFBQURBUUFCQUFBQkFRQ281VDBGRVVLb1lheFJoanM5eVd6S3RFeVh1S0p2VFdvbHJ5RDM5NWVxeUJKMHhPeGJrWEorOEVNd0t0V002Tlc1cWFxV2JUMkpKL1Z6T0ljb1lteEF1Kytxd1NXT2Vza1ZyK0Z4UHIyeXBhV0Q5OG5KeStDcFo5Uk42UHc2S2lrSGFreXF6U1VXS1hkb3ZXaVRwZHpxUk8rajBMbUptZ1VpVDNOc2g0MmV5YnZ0L1Q3Sk1rVkc0Vytqb1JYK0RDUzRVSVJSUWdNUkQ0VHFCUS9qcjltN1ZzMGFKbjFsZmxnc3Byc2FjZ29nK3NIbEV6aXR3d2NScU1OcHA1Sm0wRGZoajZQcUF2c2dLSllXT09NRlZvd3ZHc3FuUTl3cUpvNUFsbGxiVEdWMVJIZUlCTzNmUlJVOFVkOVRQQTNBZngxNi9hcGYxbmtMaFY4UVg5bUl4RVdwIGNoYXJsZXNAbGl2aW5ncm9vbQ==</authorizedkeys>
|
||||
<ipsecpsk/>
|
||||
<otp_seed/>
|
||||
</user>
|
||||
<nextuid>2000</nextuid>
|
||||
<nextgid>2000</nextgid>
|
||||
<timezone>America/Chicago</timezone>
|
||||
<timeservers>0.opnsense.pool.ntp.org 1.opnsense.pool.ntp.org 2.opnsense.pool.ntp.org 3.opnsense.pool.ntp.org</timeservers>
|
||||
<webgui>
|
||||
<protocol>http</protocol>
|
||||
<ssl-certref>5acd29581b4ba</ssl-certref>
|
||||
<port/>
|
||||
<ssl-ciphers/>
|
||||
<interfaces/>
|
||||
<compression/>
|
||||
</webgui>
|
||||
<disablenatreflection>yes</disablenatreflection>
|
||||
<usevirtualterminal>1</usevirtualterminal>
|
||||
<disableconsolemenu>1</disableconsolemenu>
|
||||
<disablechecksumoffloading>1</disablechecksumoffloading>
|
||||
<disablesegmentationoffloading>1</disablesegmentationoffloading>
|
||||
<disablelargereceiveoffloading>1</disablelargereceiveoffloading>
|
||||
<ipv6allow>1</ipv6allow>
|
||||
<powerd_ac_mode>hadp</powerd_ac_mode>
|
||||
<powerd_battery_mode>hadp</powerd_battery_mode>
|
||||
<powerd_normal_mode>hadp</powerd_normal_mode>
|
||||
<bogons>
|
||||
<interval>monthly</interval>
|
||||
</bogons>
|
||||
<kill_states>1</kill_states>
|
||||
<backupcount>60</backupcount>
|
||||
<crypto_hardware>aesni</crypto_hardware>
|
||||
<pf_share_forward>1</pf_share_forward>
|
||||
<lb_use_sticky>1</lb_use_sticky>
|
||||
<language>en_US</language>
|
||||
<dnsserver>10.253.3.201</dnsserver>
|
||||
<dnsserver>8.8.8.8</dnsserver>
|
||||
<dnsserver>8.8.4.4</dnsserver>
|
||||
<serialspeed>115200</serialspeed>
|
||||
<primaryconsole>video</primaryconsole>
|
||||
<ssh>
|
||||
<noauto>1</noauto>
|
||||
<interfaces>lan,opt1</interfaces>
|
||||
<enabled>enabled</enabled>
|
||||
<permitrootlogin>1</permitrootlogin>
|
||||
</ssh>
|
||||
<rulesetoptimization>basic</rulesetoptimization>
|
||||
<maximumstates/>
|
||||
<maximumfrags/>
|
||||
<aliasesresolveinterval/>
|
||||
<maximumtableentries/>
|
||||
<dns1gw>none</dns1gw>
|
||||
<dns2gw>none</dns2gw>
|
||||
<dns3gw>none</dns3gw>
|
||||
<dns4gw>none</dns4gw>
|
||||
<dns5gw>none</dns5gw>
|
||||
<dns6gw>none</dns6gw>
|
||||
<dns7gw>none</dns7gw>
|
||||
<dns8gw>none</dns8gw>
|
||||
</system>
|
||||
<interfaces>
|
||||
<wan>
|
||||
<if>em0</if>
|
||||
<descr>WAN</descr>
|
||||
<enable>1</enable>
|
||||
<spoofmac/>
|
||||
<blockpriv>1</blockpriv>
|
||||
<blockbogons>1</blockbogons>
|
||||
<ipaddr>158.69.183.161</ipaddr>
|
||||
<subnet>29</subnet>
|
||||
<gateway>GW_WAN</gateway>
|
||||
<ipaddrv6/>
|
||||
<subnetv6/>
|
||||
<gatewayv6/>
|
||||
</wan>
|
||||
<lan>
|
||||
<if>vtnet0</if>
|
||||
<descr>TSYS</descr>
|
||||
<enable>1</enable>
|
||||
<spoofmac/>
|
||||
<ipaddr>10.253.9.252</ipaddr>
|
||||
<subnet>24</subnet>
|
||||
<gateway/>
|
||||
<ipaddrv6/>
|
||||
<subnetv6/>
|
||||
<gatewayv6/>
|
||||
</lan>
|
||||
<opt1>
|
||||
<if>vtnet1</if>
|
||||
<descr>mgmt</descr>
|
||||
<enable>1</enable>
|
||||
<spoofmac/>
|
||||
<ipaddr>10.253.3.252</ipaddr>
|
||||
<subnet>24</subnet>
|
||||
<gateway/>
|
||||
<ipaddrv6/>
|
||||
<subnetv6/>
|
||||
<gatewayv6/>
|
||||
</opt1>
|
||||
<openvpn>
|
||||
<internal_dynamic>1</internal_dynamic>
|
||||
<enable>1</enable>
|
||||
<if>openvpn</if>
|
||||
<descr>OpenVPN</descr>
|
||||
<type>group</type>
|
||||
<virtual>1</virtual>
|
||||
</openvpn>
|
||||
</interfaces>
|
||||
<dhcpd>
|
||||
<lan>
|
||||
<numberoptions/>
|
||||
<range>
|
||||
<from>10.253.9.10</from>
|
||||
<to>10.253.9.244</to>
|
||||
</range>
|
||||
</lan>
|
||||
</dhcpd>
|
||||
<unbound>
|
||||
<enable>on</enable>
|
||||
</unbound>
|
||||
<snmpd>
|
||||
<syslocation/>
|
||||
<syscontact/>
|
||||
<rocommunity>public</rocommunity>
|
||||
</snmpd>
|
||||
<syslog>
|
||||
<reverse/>
|
||||
</syslog>
|
||||
<nat>
|
||||
<outbound>
|
||||
<mode>automatic</mode>
|
||||
</outbound>
|
||||
<rule>
|
||||
<protocol>tcp</protocol>
|
||||
<interface>wan</interface>
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<descr>Allow HTTP to tsys-cloud-www</descr>
|
||||
<tag/>
|
||||
<tagged/>
|
||||
<poolopts/>
|
||||
<associated-rule-id>pass</associated-rule-id>
|
||||
<target>10.253.9.80</target>
|
||||
<local-port>80</local-port>
|
||||
<source>
|
||||
<any>1</any>
|
||||
</source>
|
||||
<destination>
|
||||
<address>158.69.183.163</address>
|
||||
<port>80</port>
|
||||
</destination>
|
||||
<updated>
|
||||
<username>root@10.251.100.101</username>
|
||||
<time>1523418308.4677</time>
|
||||
<description>/firewall_nat_edit.php made changes</description>
|
||||
</updated>
|
||||
<created>
|
||||
<username>root@10.40.50.77</username>
|
||||
<time>1523415475.9344</time>
|
||||
<description>/firewall_nat_edit.php made changes</description>
|
||||
</created>
|
||||
</rule>
|
||||
<rule>
|
||||
<protocol>tcp</protocol>
|
||||
<interface>wan</interface>
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<descr>Allow HTTPS to tsys-cloud-www</descr>
|
||||
<tag/>
|
||||
<tagged/>
|
||||
<poolopts/>
|
||||
<associated-rule-id>pass</associated-rule-id>
|
||||
<target>10.253.9.80</target>
|
||||
<local-port>443</local-port>
|
||||
<source>
|
||||
<any>1</any>
|
||||
</source>
|
||||
<destination>
|
||||
<address>158.69.183.163</address>
|
||||
<port>443</port>
|
||||
</destination>
|
||||
<updated>
|
||||
<username>root@10.251.100.101</username>
|
||||
<time>1523418287.4024</time>
|
||||
<description>/firewall_nat_edit.php made changes</description>
|
||||
</updated>
|
||||
<created>
|
||||
<username>root@10.40.50.77</username>
|
||||
<time>1523415559.6905</time>
|
||||
<description>/firewall_nat_edit.php made changes</description>
|
||||
</created>
|
||||
</rule>
|
||||
</nat>
|
||||
<filter>
|
||||
<rule>
|
||||
<type>pass</type>
|
||||
<interface>wan</interface>
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<statetype>keep state</statetype>
|
||||
<protocol>tcp</protocol>
|
||||
<source>
|
||||
<any>1</any>
|
||||
</source>
|
||||
<destination>
|
||||
<address>158.69.183.163</address>
|
||||
<port>443</port>
|
||||
</destination>
|
||||
<updated>
|
||||
<username>root@10.251.100.101</username>
|
||||
<time>1523416403.3059</time>
|
||||
<description>/firewall_rules_edit.php made changes</description>
|
||||
</updated>
|
||||
<created>
|
||||
<username>root@10.251.100.101</username>
|
||||
<time>1523416403.3059</time>
|
||||
<description>/firewall_rules_edit.php made changes</description>
|
||||
</created>
|
||||
</rule>
|
||||
<rule>
|
||||
<type>pass</type>
|
||||
<interface>wan</interface>
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<statetype>keep state</statetype>
|
||||
<protocol>tcp</protocol>
|
||||
<source>
|
||||
<any>1</any>
|
||||
</source>
|
||||
<destination>
|
||||
<address>158.69.183.163</address>
|
||||
<port>80</port>
|
||||
</destination>
|
||||
<updated>
|
||||
<username>root@10.251.100.101</username>
|
||||
<time>1523416435.3134</time>
|
||||
<description>/firewall_rules_edit.php made changes</description>
|
||||
</updated>
|
||||
<created>
|
||||
<username>root@10.251.100.101</username>
|
||||
<time>1523416435.3134</time>
|
||||
<description>/firewall_rules_edit.php made changes</description>
|
||||
</created>
|
||||
</rule>
|
||||
<rule>
|
||||
<type>pass</type>
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<descr>Default allow LAN to any rule</descr>
|
||||
<interface>lan</interface>
|
||||
<source>
|
||||
<network>lan</network>
|
||||
</source>
|
||||
<destination>
|
||||
<any/>
|
||||
</destination>
|
||||
</rule>
|
||||
<rule>
|
||||
<type>pass</type>
|
||||
<ipprotocol>inet6</ipprotocol>
|
||||
<descr>Default allow LAN IPv6 to any rule</descr>
|
||||
<interface>lan</interface>
|
||||
<source>
|
||||
<network>lan</network>
|
||||
</source>
|
||||
<destination>
|
||||
<any/>
|
||||
</destination>
|
||||
</rule>
|
||||
<rule>
|
||||
<type>pass</type>
|
||||
<interface>openvpn</interface>
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<statetype>keep state</statetype>
|
||||
<source>
|
||||
<any>1</any>
|
||||
</source>
|
||||
<destination>
|
||||
<any>1</any>
|
||||
</destination>
|
||||
<updated>
|
||||
<username>root@10.253.9.2</username>
|
||||
<time>1523403486.057</time>
|
||||
<description>/firewall_rules_edit.php made changes</description>
|
||||
</updated>
|
||||
<created>
|
||||
<username>root@10.253.9.2</username>
|
||||
<time>1523403486.057</time>
|
||||
<description>/firewall_rules_edit.php made changes</description>
|
||||
</created>
|
||||
</rule>
|
||||
<rule>
|
||||
<type>pass</type>
|
||||
<interface>opt1</interface>
|
||||
<ipprotocol>inet6</ipprotocol>
|
||||
<statetype>keep state</statetype>
|
||||
<descr>Default allow LAN IPv6 to any rule</descr>
|
||||
<source>
|
||||
<network>opt1</network>
|
||||
</source>
|
||||
<destination>
|
||||
<any>1</any>
|
||||
</destination>
|
||||
<updated>
|
||||
<username>root@10.40.50.77</username>
|
||||
<time>1523484939.8032</time>
|
||||
<description>/firewall_rules_edit.php made changes</description>
|
||||
</updated>
|
||||
<created>
|
||||
<username>root@10.40.50.77</username>
|
||||
<time>1523484939.8032</time>
|
||||
<description>/firewall_rules_edit.php made changes</description>
|
||||
</created>
|
||||
</rule>
|
||||
<rule>
|
||||
<type>pass</type>
|
||||
<interface>opt1</interface>
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<statetype>keep state</statetype>
|
||||
<descr>Default allow LAN to any rule</descr>
|
||||
<source>
|
||||
<network>opt1</network>
|
||||
</source>
|
||||
<destination>
|
||||
<any>1</any>
|
||||
</destination>
|
||||
<updated>
|
||||
<username>root@10.40.50.77</username>
|
||||
<time>1523484915.9788</time>
|
||||
<description>/firewall_rules_edit.php made changes</description>
|
||||
</updated>
|
||||
<created>
|
||||
<username>root@10.40.50.77</username>
|
||||
<time>1523484915.9788</time>
|
||||
<description>/firewall_rules_edit.php made changes</description>
|
||||
</created>
|
||||
</rule>
|
||||
<rule>
|
||||
<type>pass</type>
|
||||
<interface>opt1</interface>
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<statetype>keep state</statetype>
|
||||
<descr>Allow traffic to management VLAN</descr>
|
||||
<source>
|
||||
<any>1</any>
|
||||
</source>
|
||||
<destination>
|
||||
<any>1</any>
|
||||
</destination>
|
||||
<updated>
|
||||
<username>root@10.40.50.77</username>
|
||||
<time>1523479299.9205</time>
|
||||
<description>/firewall_rules_edit.php made changes</description>
|
||||
</updated>
|
||||
<created>
|
||||
<username>root@10.40.50.77</username>
|
||||
<time>1523478607.6733</time>
|
||||
<description>/firewall_rules_edit.php made changes</description>
|
||||
</created>
|
||||
</rule>
|
||||
</filter>
|
||||
<rrd>
|
||||
<enable/>
|
||||
</rrd>
|
||||
<load_balancer>
|
||||
<monitor_type>
|
||||
<name>ICMP</name>
|
||||
<type>icmp</type>
|
||||
<descr>ICMP</descr>
|
||||
<options/>
|
||||
</monitor_type>
|
||||
<monitor_type>
|
||||
<name>TCP</name>
|
||||
<type>tcp</type>
|
||||
<descr>Generic TCP</descr>
|
||||
<options/>
|
||||
</monitor_type>
|
||||
<monitor_type>
|
||||
<name>HTTP</name>
|
||||
<type>http</type>
|
||||
<descr>Generic HTTP</descr>
|
||||
<options>
|
||||
<path>/</path>
|
||||
<host/>
|
||||
<code>200</code>
|
||||
</options>
|
||||
</monitor_type>
|
||||
<monitor_type>
|
||||
<name>HTTPS</name>
|
||||
<type>https</type>
|
||||
<descr>Generic HTTPS</descr>
|
||||
<options>
|
||||
<path>/</path>
|
||||
<host/>
|
||||
<code>200</code>
|
||||
</options>
|
||||
</monitor_type>
|
||||
<monitor_type>
|
||||
<name>SMTP</name>
|
||||
<type>send</type>
|
||||
<descr>Generic SMTP</descr>
|
||||
<options>
|
||||
<send/>
|
||||
<expect>220 *</expect>
|
||||
</options>
|
||||
</monitor_type>
|
||||
</load_balancer>
|
||||
<ntpd>
|
||||
<prefer>0.opnsense.pool.ntp.org</prefer>
|
||||
</ntpd>
|
||||
<widgets>
|
||||
<sequence>system_information-container:00000000-col3:show,services_status-container:00000001-col4:show,gateways-container:00000002-col4:show,interface_list-container:00000003-col4:show</sequence>
|
||||
<column_count>2</column_count>
|
||||
</widgets>
|
||||
<revision>
|
||||
<username>root@10.40.50.77</username>
|
||||
<time>1523486151.3622</time>
|
||||
<description>/firewall_virtual_ip_edit.php made changes</description>
|
||||
</revision>
|
||||
<OPNsense>
|
||||
<captiveportal version="1.0.0">
|
||||
<zones/>
|
||||
<templates/>
|
||||
</captiveportal>
|
||||
<cron version="1.0.0">
|
||||
<jobs/>
|
||||
</cron>
|
||||
<Netflow version="1.0.0">
|
||||
<capture>
|
||||
<interfaces/>
|
||||
<egress_only>wan</egress_only>
|
||||
<version>v9</version>
|
||||
<targets/>
|
||||
</capture>
|
||||
<collect>
|
||||
<enable>0</enable>
|
||||
</collect>
|
||||
</Netflow>
|
||||
<IDS version="1.0.1">
|
||||
<rules/>
|
||||
<userDefinedRules/>
|
||||
<files/>
|
||||
<fileTags/>
|
||||
<general>
|
||||
<enabled>0</enabled>
|
||||
<ips>0</ips>
|
||||
<promisc>0</promisc>
|
||||
<interfaces>wan</interfaces>
|
||||
<homenet>192.168.0.0/16,10.0.0.0/8,172.16.0.0/12</homenet>
|
||||
<defaultPacketSize/>
|
||||
<UpdateCron/>
|
||||
<AlertLogrotate>W0D23</AlertLogrotate>
|
||||
<AlertSaveLogs>4</AlertSaveLogs>
|
||||
<MPMAlgo>ac</MPMAlgo>
|
||||
<syslog>0</syslog>
|
||||
<LogPayload>0</LogPayload>
|
||||
</general>
|
||||
</IDS>
|
||||
<proxy version="1.0.0">
|
||||
<general>
|
||||
<enabled>0</enabled>
|
||||
<icpPort/>
|
||||
<logging>
|
||||
<enable>
|
||||
<accessLog>1</accessLog>
|
||||
<storeLog>1</storeLog>
|
||||
</enable>
|
||||
<ignoreLogACL/>
|
||||
<target/>
|
||||
</logging>
|
||||
<alternateDNSservers/>
|
||||
<dnsV4First>0</dnsV4First>
|
||||
<forwardedForHandling>on</forwardedForHandling>
|
||||
<uriWhitespaceHandling>strip</uriWhitespaceHandling>
|
||||
<useViaHeader>1</useViaHeader>
|
||||
<suppressVersion>0</suppressVersion>
|
||||
<VisibleEmail>admin@localhost.local</VisibleEmail>
|
||||
<VisibleHostname/>
|
||||
<cache>
|
||||
<local>
|
||||
<enabled>0</enabled>
|
||||
<directory>/var/squid/cache</directory>
|
||||
<cache_mem>256</cache_mem>
|
||||
<maximum_object_size/>
|
||||
<size>100</size>
|
||||
<l1>16</l1>
|
||||
<l2>256</l2>
|
||||
<cache_linux_packages>0</cache_linux_packages>
|
||||
<cache_windows_updates>0</cache_windows_updates>
|
||||
</local>
|
||||
</cache>
|
||||
<traffic>
|
||||
<enabled>0</enabled>
|
||||
<maxDownloadSize>2048</maxDownloadSize>
|
||||
<maxUploadSize>1024</maxUploadSize>
|
||||
<OverallBandwidthTrotteling>1024</OverallBandwidthTrotteling>
|
||||
<perHostTrotteling>256</perHostTrotteling>
|
||||
</traffic>
|
||||
</general>
|
||||
<forward>
|
||||
<interfaces>lan</interfaces>
|
||||
<port>3128</port>
|
||||
<sslbumpport>3129</sslbumpport>
|
||||
<sslbump>0</sslbump>
|
||||
<sslurlonly>0</sslurlonly>
|
||||
<sslcertificate/>
|
||||
<sslnobumpsites/>
|
||||
<ssl_crtd_storage_max_size>4</ssl_crtd_storage_max_size>
|
||||
<sslcrtd_children>5</sslcrtd_children>
|
||||
<ftpInterfaces/>
|
||||
<ftpPort>2121</ftpPort>
|
||||
<ftpTransparentMode>0</ftpTransparentMode>
|
||||
<addACLforInterfaceSubnets>1</addACLforInterfaceSubnets>
|
||||
<transparentMode>0</transparentMode>
|
||||
<acl>
|
||||
<allowedSubnets/>
|
||||
<unrestricted/>
|
||||
<bannedHosts/>
|
||||
<whiteList/>
|
||||
<blackList/>
|
||||
<browser/>
|
||||
<mimeType/>
|
||||
<safePorts>80:http,21:ftp,443:https,70:gopher,210:wais,1025-65535:unregistered ports,280:http-mgmt,488:gss-http,591:filemaker,777:multiling http</safePorts>
|
||||
<sslPorts>443:https</sslPorts>
|
||||
<remoteACLs>
|
||||
<blacklists/>
|
||||
<UpdateCron/>
|
||||
</remoteACLs>
|
||||
</acl>
|
||||
<icap>
|
||||
<enable>0</enable>
|
||||
<RequestURL>icap://[::1]:1344/avscan</RequestURL>
|
||||
<ResponseURL>icap://[::1]:1344/avscan</ResponseURL>
|
||||
<SendClientIP>1</SendClientIP>
|
||||
<SendUsername>0</SendUsername>
|
||||
<EncodeUsername>0</EncodeUsername>
|
||||
<UsernameHeader>X-Username</UsernameHeader>
|
||||
<EnablePreview>1</EnablePreview>
|
||||
<PreviewSize>1024</PreviewSize>
|
||||
<OptionsTTL>60</OptionsTTL>
|
||||
<exclude/>
|
||||
</icap>
|
||||
<authentication>
|
||||
<method/>
|
||||
<realm>OPNsense proxy authentication</realm>
|
||||
<credentialsttl>2</credentialsttl>
|
||||
<children>5</children>
|
||||
</authentication>
|
||||
</forward>
|
||||
</proxy>
|
||||
<TrafficShaper version="1.0.1">
|
||||
<pipes/>
|
||||
<queues/>
|
||||
<rules/>
|
||||
</TrafficShaper>
|
||||
<quagga>
|
||||
<bgp version="0.0.0">
|
||||
<enabled>1</enabled>
|
||||
<asnumber>64522</asnumber>
|
||||
<networks>10.253.9.0/24,10.253.3.0/24,192.168.194.0/30</networks>
|
||||
<redistribute/>
|
||||
<neighbors>
|
||||
<neighbor uuid="e56fc4ba-e5c4-48d6-8219-69250f2b8222">
|
||||
<enabled>1</enabled>
|
||||
<address>192.168.194.1</address>
|
||||
<remoteas>64517</remoteas>
|
||||
<updatesource>openvpn</updatesource>
|
||||
<nexthopself>0</nexthopself>
|
||||
<defaultoriginate>0</defaultoriginate>
|
||||
<linkedPrefixlistIn/>
|
||||
<linkedPrefixlistOut/>
|
||||
<linkedRoutemapIn/>
|
||||
<linkedRoutemapOut/>
|
||||
</neighbor>
|
||||
</neighbors>
|
||||
<aspaths/>
|
||||
<prefixlists/>
|
||||
<routemaps/>
|
||||
</bgp>
|
||||
<general version="0.0.0">
|
||||
<enabled>1</enabled>
|
||||
<enablelogfile>0</enablelogfile>
|
||||
<logfilelevel>notifications</logfilelevel>
|
||||
<enablesyslog>0</enablesyslog>
|
||||
<sysloglevel>notifications</sysloglevel>
|
||||
</general>
|
||||
</quagga>
|
||||
</OPNsense>
|
||||
<cert>
|
||||
<refid>5acd29581b4ba</refid>
|
||||
<descr>Web GUI SSL certificate</descr>
|
||||
<crt>LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZiekNDQTFlZ0F3SUJBZ0lKQUlNTlZ4N1QzSWM3TUEwR0NTcUdTSWIzRFFFQkN3VUFNRTR4Q3pBSkJnTlYKQkFZVEFrNU1NUlV3RXdZRFZRUUlEQXhhZFdsa0xVaHZiR3hoYm1ReEZUQVRCZ05WQkFjTURFMXBaR1JsYkdoaApjbTVwY3pFUk1BOEdBMVVFQ2d3SVQxQk9jMlZ1YzJVd0hoY05NVGd3TkRFd01qRXhOVEEwV2hjTk1Ua3dOREV3Ck1qRXhOVEEwV2pCT01Rc3dDUVlEVlFRR0V3Sk9UREVWTUJNR0ExVUVDQXdNV25WcFpDMUliMnhzWVc1a01SVXcKRXdZRFZRUUhEQXhOYVdSa1pXeG9ZWEp1YVhNeEVUQVBCZ05WQkFvTUNFOVFUbk5sYm5ObE1JSUNJakFOQmdrcQpoa2lHOXcwQkFRRUZBQU9DQWc4QU1JSUNDZ0tDQWdFQTFiaDZkSEdTZkRSZU55YzhGbis2b0dEa3ltbmp6YWhCCkM4Z1JpWDMwWWR3SVBYcWhpYllLQmdkWVFZZDRoNGgzWERPelllMmxZZVRVYUVaZkRsVkxqV2FyL0hMYW5HODMKQW04eE9MdXdwQmdGc0lNTGZUR0FEcUJDd1BaMDlnU0UwT0t1dkdFUGoyNkg4eWhNeDNXT2VvVGJ2RENKMVdCYgpvQjFSTDJmVG1GbkdxMTZTSTJpVDc2VndBM3BUQXlFb1pmRllmeGRMSTBpbmp5dnU3aWNCQVBNU09pWXowbVJXClVZZDNHKzUrcmI0QkVkSXl3TGpDRzd2SjdYQTJlWXJlZTY3YlpTeTVqNVc0eXpjTFJNbkZzZGMrb1EwR3dJanIKVFowQzYvZWowUWpWbE5ERFNQaGM0dkJaZ2xWMTJlL3FtekN0MnNPYzVxS3Zyc1JtckNGL3RSelV5cU9ZaGt2eAp2c0huODVnTmswS05YbEkwUGNWM2NhTWo0RlJVNXI3clpEb0hnTi9UTFpFaUVmVUJXMFlJM25FSUZrY3VyVngyCm5KNWNxWjBZK1NiSk1BZzVPYUhWcTZxRWhsdEExa1BvQWllcXBhQjdzb2lDT0hQZ08rQ09YNUlCK1FMM2h2dmMKMHc0YUplNEErS0ROS21ReVRpQ21JYXdrU0l0V2Fka1lUMFNnVjVnMUJKYnRQdnJKZytOM1dpN3dKdkxqOXVnZQovVWx0V3VPeXM3eXQyWDRIbFdWQXdUSC9XMEN3enVaUXpsbk02ODJHdThacGxMWGt6OU1DVFRkbm5oQnErRXllCnJrM3lONk4zRWZSMTN2T2lyM1VWcEVVVkVvSm9sRERGNERpMDQxR3BWU25xVFVBeUs2aGQxQVpFYXVVd1RyeUkKSDZtMWwrVUIvdHNDQXdFQUFhTlFNRTR3SFFZRFZSME9CQllFRlA3OWZLUU5sM0VWaGdLdm8xOFNqd3NGWDBjcgpNQjhHQTFVZEl3UVlNQmFBRlA3OWZLUU5sM0VWaGdLdm8xOFNqd3NGWDBjck1Bd0dBMVVkRXdRRk1BTUJBZjh3CkRRWUpLb1pJaHZjTkFRRUxCUUFEZ2dJQkFGZ245NlYrMEhqRlFtaEd5RDZBM1lXenByaitiZkd1RWZCcmZhcUMKbVd2NTM4TVlTOEE2MWswMEhOZjZoZUZISUpWSzI1akN6dXZDMC8rZmJGRForZmtkcllNUFNjNzBOQm9oOFJnaApxTDNoOW9KenR4bEVCbkc2Z3lQdG1ISDVYbW1mZmYzWTU0U0ljT0x0c3BTWlNUVDlMbUpNcm4wNmhRbE5Cd3Z3Cm1XWXBqTklMRWJSN1BWN3ZtZjQ3MW1OTmVqczZSK2Y2Z2RpMDdCcVl6YVppWldsdGZFb2FsNk5qRFRUUUhTdEUKcVlVSGpXWHZGU0g5SVRjdzN3QVRjdGVZVW8rOFI1dWEvNmhMUEViMERUeUo3Y0FuZDFjNVpwK1lEUzRDcDd2dgowdVFybDliNWtKdWYrWDUzL3lMMmNMK1dDdFJsU0tKOW9kV1NzRlRqLzhLUTBWNUJOcGFqcnE2dnp2c2FVaTNqCkk2Z0dFVlphak9YQVdYdmxhWDdLQXduSi9EZzVmUmFXT0oxTmpuSFZibFNsbWRPdWh3cHVJM0cyc3hsaDIxa28KQkZiOVo0V3ZoODBEWXBxQnRScEFpRDRaMGVkOCtLelkzQ0NyQzBOS1pUVjhPbFRmRWZlSzdxNzRDbmMyQmJhSwp5UUI2SlVlRVU1VVd5K1paQkNrM2kzN3dBcmhyc0UwU1B4N2ZKUXJQZlNpbUQxZE0wcHcrdExZMDFQaUxudlZTCk9SaEw0S09NMDAydVhBUW1CbDZBMXlGRjBsMzhwR1cvbFNDNktId3lnQ0Znb2hHYnFsQmw3eDM1czR0Vkoyak4KdEpXRFdWYmt4eFZEbFFGbW5DTURzbzBEaFBBbGJNbVJ0OC8yeEx5cVRsV2F1SGpvZ3B5dStpdmhrOXcvc3VGUQpkSndXCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K</crt>
|
||||
<prv>LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRRFZ1SHAwY1pKOE5GNDMKSnp3V2Y3cWdZT1RLYWVQTnFFRUx5QkdKZmZSaDNBZzllcUdKdGdvR0IxaEJoM2lIaUhkY003Tmg3YVZoNU5SbwpSbDhPVlV1TlpxdjhjdHFjYnpjQ2J6RTR1N0NrR0FXd2d3dDlNWUFPb0VMQTluVDJCSVRRNHE2OFlRK1Bib2Z6CktFekhkWTU2aE51OE1JblZZRnVnSFZFdlo5T1lXY2FyWHBJamFKUHZwWEFEZWxNRElTaGw4VmgvRjBzalNLZVAKSys3dUp3RUE4eEk2SmpQU1pGWlJoM2NiN242dHZnRVIwakxBdU1JYnU4bnRjRFo1aXQ1N3J0dGxMTG1QbGJqTApOd3RFeWNXeDF6NmhEUWJBaU90Tm5RTHI5NlBSQ05XVTBNTkkrRnppOEZtQ1ZYWFo3K3FiTUszYXc1em1vcSt1CnhHYXNJWCsxSE5US281aUdTL0crd2Vmem1BMlRRbzFlVWpROXhYZHhveVBnVkZUbXZ1dGtPZ2VBMzlNdGtTSVIKOVFGYlJnamVjUWdXUnk2dFhIYWNubHlwblJqNUpza3dDRGs1b2RXcnFvU0dXMERXUStnQ0o2cWxvSHV5aUlJNApjK0E3NEk1ZmtnSDVBdmVHKzl6VERob2w3Z0Q0b00wcVpESk9JS1lockNSSWkxWnAyUmhQUktCWG1EVUVsdTArCitzbUQ0M2RhTHZBbTh1UDI2Qjc5U1cxYTQ3S3p2SzNaZmdlVlpVREJNZjliUUxETzVsRE9XY3pyellhN3htbVUKdGVUUDB3Sk5OMmVlRUdyNFRKNnVUZkkzbzNjUjlIWGU4Nkt2ZFJXa1JSVVNnbWlVTU1YZ09MVGpVYWxWS2VwTgpRRElycUYzVUJrUnE1VEJPdklnZnFiV1g1UUgrMndJREFRQUJBb0lDQUJBdzhxNEJzS3hTTjFVTVZ1UUpkelVSClFpUUhrNmVQK0tXUTJhdEY3STdCWWFwdXNQQkM1MDEvbnZNUDlWU25SUXVxS3d2Zk9pbEpjY0lZbXJqMlEwd0sKSER0NjVBNzM2ZjM0T0kxb3dzQWJ4Y3FTa3Z0QUZjaUY0YWpHd3lPa1FmK2xQTUd1eE1RRUJxNm9QZkRhZWhuVQpHT1dQODlGRGhJMkR5eFBCVk9sMDI3VTk2K3BjME9CVjh6K0FNK3ZIeGt5NjFRNkQwRUJ6RDZhc0dHVFlkWjRCCnpENjFpRFdIUG5iY3dXeFBUQytUZG5kSUttb3BWU05PdmNTTVBNUkdmZ1oydjg1UmJobHZxVmxUNlRtajQ2Tk8KZ0VNcFBucTFwTVh6Z0RZcVE3SGhiblRndi9xMlBpcy9ORGpJaXE0aEcrLzM1eVBzcitWVksrUWNvdjZsWnd4SgpDRG9oRnFvQlZzNlBiK2YvSGZjUlBCRnBmY1FjeDNnQ2ZWTWh5a3dPN3dBak56cGh1SDNZSlZucGN0Lytnc2p3CkUzMVVLbkZ0eEhmM0NCemNhVDFiR21idzMxekFLalZRTUdOcjFJd2x5Q2o5RmdLdERURzFqcWVKS3pFZy9qMUQKakl6TUo2QUVJMVR1cjlxTi8rZmxQVE53YXVjRmpUMWRRMzVpeG92RFpyY3ZKMEhlTStkSUdTVnNqKzl1K0NTdApzb3ZvdGprWGpsWmdIUngvY1hId1dEbUQ3SFp3MlRuNnBBeGE0aEplRFc0MlJOQURrODRSM3dpSzZzVEl1VHZZClFGUGJJN0I3a3BlMWlzVTduamVjbkcweS8wcjJkbUZNUFpncUNPYXFtSTYwMTl4N09zVjFUNkxHSXBkMDRHY1YKUlYrN1ZuWmcrS0NHenhHaTEvWlJBb0lCQVFENVlhY1NCTGlmYnoxeHpjWEM2bEJ3cE5KNW5wT1M2SG16QlJocQpJcHI4WlVWcDBHTkw3SnBJYzE0cDY4RzRlWDB0NTh5eDRKMDRTdVZDVDMvOFMwamtaV01RckVmbTg0ZmM3RitsCk1vakxEcS9uWmQ2a1ZnUjdCSU5DZjJpaXc2ZEpkOFVTWWc3K2pLakpYK2J2cGsvbWdoYW9yRE1FYVZaN2UvQUoKM0VNenV5TVMrSWgvRGJRYTEyNUV2QkZzdm1CR3NveWNGYmJMMHFDc3BBNjBzcTd2UHNCdlIvVVN3d1ZyVGhmagoxV0ltSmtNdHlwVVNLSVBSZXJUaHZjMlhCL1R0Zk9ieXJnc0l6RnRMOTFtOWRDNXNRTzhSUzZWYTloc3hhMTZZCkVlSGZ2N3NuTTY3M2w1YVgzd2ZrclpWN3g5ZEJCNU5sek9Wa2lkNzZKSmlvb1JYREFvSUJBUURiWklueno4T1IKV013cXNsQWVqLzVXTk8wYzE1U0RoOTB1RkVneFJ1Qmw2dDNqRVZlV0g5U1VLRlRoUkQxWGxsRkpGY3k0YmdBTApIaEQvakE5QTVSdnowczhlVHduODcxM0o1YmdNMWFOb092MVJTS2dZeFN1UWwzdkRYSHFNQ3Rrd3JUOFhsL3lEClo3bU9LVXU4bHhnS1Q1UllXc1dtZ3FuQXJMSG1Ca1FKMU4zdVpiVHU0cWx0WGtoelhaL2swN1B5ZlZvOFMrb2UKU1hwVy85RkpDcEd0Z21PT05WSXcvbU1MNy9ZZ3hFTFRRUS9udmIrSkFKb2xQWWp6ZkVFYy9TYkQ1ckFob09XcwpCYmRKYXkyWGRmWC83ZVZZQnptblllZ2Zod2h4WDVTWGZ3b2lCc2c1VUtvekhaSVhpckVkeTQrdk1wUzl0eWs3Cks1bkN0Mk1QOUNrSkFvSUJBUURLRml4QkdicFMyTjQ5L3JZbmdhRzE1cHI1RzF3VFRIaHliY3FmRjNQbzNGZ24KcTBzTUY2dmUwajZZVWdnbDZhMWJLZUJpdE5ZeTY5NWtvZS9oRDFEK1pIcW01RFZRSGtFVzhpVi94VGU4OVNYdQpxa3FGZVg4Z0FVUXMrdnBjQzVqZ25FSUM1NXVuQTIwejRwZE4xTVFpMDRCeEp6b2dkUXd6L1BkRHhrNWUrV011CjJHQWtOWUtoemJuNTBUMTlsYmlIRWVHSUNzQ2E0eEI1Vm1qa1hYZ05RQmpKRk5Ld1pZRmF0Mm44b3NwcWg4OGcKcUcyc3pWQWt6UDhQZjdPK2xDQVM0NGh6V0Q1dzNzbU5BZUNpK2ljMGFscFE5YkFGeWpHM0ZuOE5WRkJwOVFGQQpmMDFtTGwxR3JPSEVtalhzbk1EK1habEFnWTNTcnpjV0ZkbnZyTG5wQW9JQkFERXlVbDBCOGZEZDRLcVNZYlQ0CnhTZS9wb3daSzR4ekl2MzZQbFlPZHJOai8yMnpyZGhVT3U4ZVBDcG5pdm5oRTBrNFFqZjVNcmxMZkxSUlMvcFoKWmZNL0NvTFpabnY1a1NaOUJOQ2I5NUNmNmI0WWRObFpIWFBIQkZIQ294aFVObS9iNlpINDJ2NzhlM2VOZXhaSApLM1RrYzNkOG8yVzdWeVdGbEQ3b21NazdtcWlpMWZmYmkvS2llY3lrNmYzK0d4UDlXQWE5WHpwN2I1dWlzZU9YCkl5T3RZWFc2THp3ZFQwaVYvck5LVDFIZi9Sa1NTNmtGSVl2SVNMV1EzMmtJdTNDaWdreUlML2hyTDdhZStoSkUKdVcweWc0TkIyNFBWU0tBSlA3TnNvMzExVjJoWjdQd3RRbjFEM0VhN0t3eHJZVVVBS3FxQU1CYThxRFlwdVdVUwpjMEVDZ2dFQWRudXFjWENTeFNicXFQbEc3VU5VZ0dyS28zMHJyWDJaSFlxVkNPc0c4TmZBZC9Id3dRc3pmMEpmCmJqc1JGQlVEYzFLdTk1dFRpWU5VWnArd211S2pxcEZIcjFhNmtQOEgxNWFTUllSTTNITHYwUDYxSGVqa29NeUMKZ3A4QlJibDRuUzh1N3o5YjNWV3FuOVJKOEIrWFRDTGh5Qy9DVTZRZEZCZC9ZUXpOTGNNQktEckppd0pNN3U4YgpFSUZ5MWpRZVlOTC9WcWNuSDY0dm9INEdDZzc5eFJLdlBmWnhBaUZTckhIUVdQWWVJRllDRnlVTUhwMmpTdE43CjVOZ01RWXArbkZZL2d5cWJId2JHQ0JtYWp0bWVYRU1WcnR5SzZ2QXE1RUM2djFrWS9tVFRDb1Jtdmk1djE2ZWoKbWx4azdLanhCWTAvd2tHREY5bkhEMGNEVHpYaHdBPT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=</prv>
|
||||
</cert>
|
||||
<ppps/>
|
||||
<vlans>
|
||||
<vlan>
|
||||
<if>vtnet0</if>
|
||||
<tag>9</tag>
|
||||
<pcp>0</pcp>
|
||||
<descr>tsys</descr>
|
||||
<vlanif>vtnet0_vlan9</vlanif>
|
||||
</vlan>
|
||||
<vlan>
|
||||
<if>vtnet1</if>
|
||||
<tag>3</tag>
|
||||
<pcp>0</pcp>
|
||||
<descr>mgmt</descr>
|
||||
<vlanif>vtnet1_vlan3</vlanif>
|
||||
</vlan>
|
||||
</vlans>
|
||||
<gateways>
|
||||
<gateway_item>
|
||||
<descr>Interface WAN Gateway</descr>
|
||||
<defaultgw>1</defaultgw>
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<interface>wan</interface>
|
||||
<gateway>158.69.183.166</gateway>
|
||||
<monitor_disable>1</monitor_disable>
|
||||
<name>GW_WAN</name>
|
||||
<interval>1</interval>
|
||||
<weight>1</weight>
|
||||
</gateway_item>
|
||||
<gateway_item>
|
||||
<descr>Interface WAN Gateway</descr>
|
||||
<defaultgw>1</defaultgw>
|
||||
<ipprotocol>inet</ipprotocol>
|
||||
<interface>wan</interface>
|
||||
<gateway>158.69.183.166</gateway>
|
||||
<monitor_disable>1</monitor_disable>
|
||||
<name>GW_WAN</name>
|
||||
<interval>1</interval>
|
||||
<weight>1</weight>
|
||||
</gateway_item>
|
||||
</gateways>
|
||||
<openvpn>
|
||||
<openvpn-client>
|
||||
<protocol>UDP</protocol>
|
||||
<dev_mode>tun</dev_mode>
|
||||
<server_addr>158.69.183.162</server_addr>
|
||||
<server_port>1194</server_port>
|
||||
<proxy_authtype>none</proxy_authtype>
|
||||
<description>ASN2NET Backbone</description>
|
||||
<mode>p2p_shared_key</mode>
|
||||
<crypto>AES-128-CBC</crypto>
|
||||
<digest>SHA1</digest>
|
||||
<engine>none</engine>
|
||||
<tunnel_network>192.168.194.0/30</tunnel_network>
|
||||
<verbosity_level>1</verbosity_level>
|
||||
<interface>wan</interface>
|
||||
<vpnid>1</vpnid>
|
||||
<custom_options/>
|
||||
<shared_key>Iw0KIyAyMDQ4IGJpdCBPcGVuVlBOIHN0YXRpYyBrZXkNCiMNCi0tLS0tQkVHSU4gT3BlblZQTiBTdGF0aWMga2V5IFYxLS0tLS0NCjRhYjBlYzc3NGNlZmFjNDk0ZDkxMmRlOGRkMzkyN2JhDQowZGZjMzI2MGMwZmQwOGE2ZmI0NjVjMGNmZjQ1MzU1YQ0KMDBmODc5MzQwMDI0YjU1OTQ2MDAzNmUyOTJjNDhiNWQNCjkzMjg3ZjY3ZTIwOTI4ZDA2MzczMjM2NjliMjNmZjNiDQoxZjY3MDJlYzkwZWEzOGU3MWZjN2JjMDA5ZTI1YzdiYw0KZjVmNGE4YTNlMzdhMDUyOTkxMGEzNDVjMTQ4Mjk5OTkNCjU0OWE4NGIzYTAyZTg4M2Y1M2ZkZWYzNGZlYzlhNTg3DQpiMDBjMWM3ZjU4YjFlOTYyZTQ1ZjEyMjI0MGI0YTBlMQ0KMTgxZTU3NjY0Y2UwZmIxNTg5YTA1NmZjYWYyNDYwNGYNCmU3M2I4OTJmN2JmNzRlZjMxODEzYzc5ODJhZjkwNmNhDQo4YzAwYTY1OWEwMzI3MGQ3ZGFiNjE0YzkwM2RjYWRlZQ0KNmEwZjQ2MDFhMWE4ODAzMjQxZjY4MTY5M2UyZWFjN2ENCmUyZWNkMDBkYmU4Mjc1MDY2OWQ0MTkwNTZmYjE4OWE0DQpiYzY1YzAyOWY1ZjM2YzI1MTM0MzkzM2M3OTRkZjdhMg0KY2E3OWUyN2E1ZDNjNDhiNjgwNjg2Yjc5MmQ3ZGZiOGUNCmIwODZkMzAyNzNiN2U0ZmNjNTdiNGVjZTQyOTgyMjg2DQotLS0tLUVORCBPcGVuVlBOIFN0YXRpYyBrZXkgVjEtLS0tLQ==</shared_key>
|
||||
</openvpn-client>
|
||||
</openvpn>
|
||||
<staticroutes/>
|
||||
<virtualip>
|
||||
<vip>
|
||||
<type>single</type>
|
||||
<subnet_bits>29</subnet_bits>
|
||||
<mode>carp</mode>
|
||||
<interface>wan</interface>
|
||||
<descr>tsys-cloud-www</descr>
|
||||
<subnet>158.69.183.163</subnet>
|
||||
<vhid>1</vhid>
|
||||
<advskew>0</advskew>
|
||||
<advbase>1</advbase>
|
||||
<password>123</password>
|
||||
</vip>
|
||||
<vip>
|
||||
<type>single</type>
|
||||
<subnet_bits>24</subnet_bits>
|
||||
<mode>carp</mode>
|
||||
<interface>lan</interface>
|
||||
<descr>floating gw tsys </descr>
|
||||
<subnet>10.253.9.254</subnet>
|
||||
<vhid>2</vhid>
|
||||
<advskew>0</advskew>
|
||||
<advbase>1</advbase>
|
||||
<password>vip123</password>
|
||||
</vip>
|
||||
<vip>
|
||||
<type>single</type>
|
||||
<subnet_bits>24</subnet_bits>
|
||||
<mode>carp</mode>
|
||||
<interface>opt1</interface>
|
||||
<descr>toolbox/ucs</descr>
|
||||
<subnet>10.253.3.254</subnet>
|
||||
<vhid>3</vhid>
|
||||
<advskew>0</advskew>
|
||||
<advbase>1</advbase>
|
||||
<password>c0l0rad0</password>
|
||||
</vip>
|
||||
</virtualip>
|
||||
</opnsense>
|
@ -1,232 +0,0 @@
|
||||
!
|
||||
! Last configuration change at 14:50:15 CST Fri Feb 9 2018 by cisco
|
||||
! NVRAM config last updated at 14:50:18 CST Fri Feb 9 2018 by cisco
|
||||
! NVRAM config last updated at 14:50:18 CST Fri Feb 9 2018 by cisco
|
||||
version 15.2
|
||||
no service pad
|
||||
service timestamps debug datetime msec
|
||||
service timestamps log datetime msec
|
||||
service password-encryption
|
||||
!
|
||||
hostname pfv-core-ap01
|
||||
!
|
||||
logging rate-limit console 9
|
||||
no logging console
|
||||
no logging monitor
|
||||
enable secret 5 $1$lB96$.3rp3EmJ9p2KjpJh7h0.T.
|
||||
!
|
||||
no aaa new-model
|
||||
clock timezone CST -6 0
|
||||
no ip domain lookup
|
||||
ip name-server 10.253.3.86
|
||||
!
|
||||
!
|
||||
dot11 syslog
|
||||
dot11 vlan-name Nerdbone vlan 200
|
||||
dot11 vlan-name TheNerdery vlan 100
|
||||
!
|
||||
dot11 ssid Nerdbone
|
||||
vlan 200
|
||||
authentication open
|
||||
authentication key-management wpa
|
||||
mbssid guest-mode
|
||||
wpa-psk ascii 7 08714E1E041831051302180B386A
|
||||
!
|
||||
dot11 ssid TheNerdery
|
||||
vlan 100
|
||||
authentication open
|
||||
authentication key-management wpa
|
||||
mbssid guest-mode
|
||||
wpa-psk ascii 7 132B47021800572E6A
|
||||
!
|
||||
dot11 network-map
|
||||
power inline negotiation injector override
|
||||
crypto pki token default removal timeout 0
|
||||
!
|
||||
crypto pki trustpoint TP-self-signed-3632941680
|
||||
enrollment selfsigned
|
||||
subject-name cn=IOS-Self-Signed-Certificate-3632941680
|
||||
revocation-check none
|
||||
rsakeypair TP-self-signed-3632941680
|
||||
!
|
||||
!
|
||||
crypto pki certificate chain TP-self-signed-3632941680
|
||||
certificate self-signed 01
|
||||
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
|
||||
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
|
||||
69666963 6174652D 33363332 39343136 3830301E 170D3933 30333031 30303032
|
||||
31385A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
|
||||
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 36333239
|
||||
34313638 3030819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
|
||||
8100BDC3 965C98A2 EB69E593 4AEAB184 675EC9C6 8518857D B366DDF8 F4E666C8
|
||||
6C08CF6A 7563828E 607931DA EB0AD984 142ECB95 1618F2A9 A9624D61 07FCE76F
|
||||
0C0A8696 E178A8B1 FB966206 8A0769BC B7FA8881 AE34443C 3800B61F B97E9FA1
|
||||
66E0675F 7B494A0C AD657CD9 847C6755 A65A7E59 B625E45D 89C0AFDE 2B646015
|
||||
5CFF0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
|
||||
551D2304 18301680 14715BA0 DC1E3390 78A05B38 1C6B64C8 52A67D60 9B301D06
|
||||
03551D0E 04160414 715BA0DC 1E339078 A05B381C 6B64C852 A67D609B 300D0609
|
||||
2A864886 F70D0101 05050003 8181000B 52E38067 C0AB47F9 08AA49B5 5D4EEA01
|
||||
6E94406F 1579D75C 6888DFB0 D93BF95A 719F2884 7EEF5101 03A5FF8A D5D88568
|
||||
E48F6F15 7337BF48 B5D8A329 579F9287 DBD9539A 9B084568 BD20BD94 A778A0DE
|
||||
6DCE2368 1EF9AC86 6271A1C1 1072FCC1 F5B0DAFB 9FA3200A 967A8F03 E3D37ADC
|
||||
3C25EE36 671237BC 3A7A9049 B027B0
|
||||
quit
|
||||
username cisco privilege 15 password 7 0313591B553C131862043D012F4A381B3C09
|
||||
!
|
||||
!
|
||||
bridge irb
|
||||
!
|
||||
!
|
||||
interface Dot11Radio0
|
||||
no ip address
|
||||
no ip route-cache
|
||||
!
|
||||
encryption mode ciphers aes-ccm
|
||||
!
|
||||
encryption vlan 100 mode ciphers aes-ccm tkip
|
||||
!
|
||||
encryption vlan 200 mode ciphers aes-ccm tkip
|
||||
!
|
||||
ssid Nerdbone
|
||||
!
|
||||
ssid TheNerdery
|
||||
!
|
||||
antenna gain 0
|
||||
mbssid
|
||||
speed basic-1.0 basic-2.0 basic-5.5 basic-11.0 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
|
||||
channel 2422
|
||||
station-role root
|
||||
bridge-group 1
|
||||
bridge-group 1 subscriber-loop-control
|
||||
bridge-group 1 spanning-disabled
|
||||
bridge-group 1 block-unknown-source
|
||||
no bridge-group 1 source-learning
|
||||
no bridge-group 1 unicast-flooding
|
||||
!
|
||||
interface Dot11Radio0.100
|
||||
encapsulation dot1Q 100
|
||||
no ip route-cache
|
||||
bridge-group 100
|
||||
bridge-group 100 subscriber-loop-control
|
||||
bridge-group 100 spanning-disabled
|
||||
bridge-group 100 port-protected
|
||||
bridge-group 100 block-unknown-source
|
||||
no bridge-group 100 source-learning
|
||||
no bridge-group 100 unicast-flooding
|
||||
!
|
||||
interface Dot11Radio0.200
|
||||
encapsulation dot1Q 200
|
||||
no ip route-cache
|
||||
bridge-group 200
|
||||
bridge-group 200 subscriber-loop-control
|
||||
bridge-group 200 spanning-disabled
|
||||
bridge-group 200 block-unknown-source
|
||||
no bridge-group 200 source-learning
|
||||
no bridge-group 200 unicast-flooding
|
||||
!
|
||||
interface Dot11Radio1
|
||||
no ip address
|
||||
no ip route-cache
|
||||
!
|
||||
encryption mode ciphers aes-ccm
|
||||
!
|
||||
encryption vlan 100 mode ciphers aes-ccm tkip
|
||||
!
|
||||
encryption vlan 200 mode ciphers aes-ccm tkip
|
||||
antenna gain 0
|
||||
dfs band 3 block
|
||||
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
|
||||
channel dfs
|
||||
station-role root
|
||||
bridge-group 1
|
||||
bridge-group 1 subscriber-loop-control
|
||||
bridge-group 1 spanning-disabled
|
||||
bridge-group 1 block-unknown-source
|
||||
no bridge-group 1 source-learning
|
||||
no bridge-group 1 unicast-flooding
|
||||
!
|
||||
interface Dot11Radio1.100
|
||||
encapsulation dot1Q 100
|
||||
no ip route-cache
|
||||
bridge-group 100
|
||||
bridge-group 100 subscriber-loop-control
|
||||
bridge-group 100 spanning-disabled
|
||||
bridge-group 100 port-protected
|
||||
bridge-group 100 block-unknown-source
|
||||
no bridge-group 100 source-learning
|
||||
no bridge-group 100 unicast-flooding
|
||||
!
|
||||
interface Dot11Radio1.200
|
||||
encapsulation dot1Q 200
|
||||
no ip route-cache
|
||||
bridge-group 200
|
||||
bridge-group 200 subscriber-loop-control
|
||||
bridge-group 200 spanning-disabled
|
||||
bridge-group 200 block-unknown-source
|
||||
no bridge-group 200 source-learning
|
||||
no bridge-group 200 unicast-flooding
|
||||
!
|
||||
interface GigabitEthernet0
|
||||
no ip address
|
||||
no ip route-cache
|
||||
duplex auto
|
||||
speed auto
|
||||
bridge-group 1
|
||||
bridge-group 1 spanning-disabled
|
||||
no bridge-group 1 source-learning
|
||||
!
|
||||
interface GigabitEthernet0.100
|
||||
encapsulation dot1Q 100
|
||||
no ip route-cache
|
||||
bridge-group 100
|
||||
bridge-group 100 spanning-disabled
|
||||
no bridge-group 100 source-learning
|
||||
!
|
||||
interface GigabitEthernet0.200
|
||||
encapsulation dot1Q 200
|
||||
no ip route-cache
|
||||
bridge-group 200
|
||||
bridge-group 200 spanning-disabled
|
||||
no bridge-group 200 source-learning
|
||||
!
|
||||
interface BVI1
|
||||
ip address 10.251.30.251 255.255.255.0
|
||||
no ip route-cache
|
||||
!
|
||||
ip default-gateway 10.251.30.254
|
||||
no ip http server
|
||||
ip http secure-server
|
||||
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
|
||||
logging 10.253.3.99
|
||||
access-list 3 permit 10.253.3.99
|
||||
access-list 3 remark For SNMP - Only Monitoring Servers can access.
|
||||
access-list 3 permit 10.243.3.33
|
||||
access-list 3 deny any log
|
||||
snmp-server community kn3l-mgmt RO 3
|
||||
snmp-server community kn3lmgmt RO
|
||||
snmp-server host 10.253.3.33 kn3l-mgmt
|
||||
bridge 1 route ip
|
||||
!
|
||||
!
|
||||
banner login ^C5
|
||||
===============================================================================
|
||||
-------------------------------------------------------------------------------
|
||||
TURN NET SYSTEMS - PRODUCTION SYSTEM - GO AWAY
|
||||
-------------------------------------------------------------------------------
|
||||
|
||||
This is a private computer system. These resources, including all
|
||||
related equipmentURN NET SYSTEMS - PRODUCTION SYSTEM - GO AWAY
|
||||
===============================================================================
|
||||
^C
|
||||
!
|
||||
line con 0
|
||||
line vty 0 4
|
||||
login local
|
||||
transport input all
|
||||
!
|
||||
no exception crashinfo
|
||||
sntp server 10.40.100.200
|
||||
sntp server 10.251.30.71
|
||||
sntp server 10.253.3.201
|
||||
end
|
||||
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -1,283 +0,0 @@
|
||||
!
|
||||
! Last configuration change at 14:54:50 CST Fri Feb 9 2018 by cisco
|
||||
! NVRAM config last updated at 14:54:52 CST Fri Feb 9 2018 by cisco
|
||||
!
|
||||
version 12.2
|
||||
no service pad
|
||||
service timestamps debug datetime msec
|
||||
service timestamps log datetime msec
|
||||
service password-encryption
|
||||
!
|
||||
hostname pfv-core-sw01
|
||||
!
|
||||
boot-start-marker
|
||||
boot-end-marker
|
||||
!
|
||||
enable secret 5 $1$.DDG$avbJ/Ba3mTZaUZj0DGbyr0
|
||||
enable password 7 13061E010803
|
||||
!
|
||||
username cisco privilege 15 password 7 1505091C57191970043E11262B5F25143975
|
||||
aaa new-model
|
||||
!
|
||||
!
|
||||
aaa authentication login default group NPS_RADIUS_SERVERS local
|
||||
aaa authorization exec default group NPS_RADIUS_SERVERS local if-authenticated
|
||||
!
|
||||
!
|
||||
!
|
||||
aaa session-id common
|
||||
clock timezone CST -6
|
||||
system mtu routing 1500
|
||||
ip subnet-zero
|
||||
ip routing
|
||||
ip domain-name turnsys.net
|
||||
ip name-server 10.251.30.71
|
||||
!
|
||||
!
|
||||
!
|
||||
crypto pki trustpoint TP-self-signed-1485245952
|
||||
enrollment selfsigned
|
||||
subject-name cn=IOS-Self-Signed-Certificate-1485245952
|
||||
revocation-check none
|
||||
rsakeypair TP-self-signed-1485245952
|
||||
!
|
||||
!
|
||||
crypto pki certificate chain TP-self-signed-1485245952
|
||||
certificate self-signed 01
|
||||
30820250 308201B9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
|
||||
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
|
||||
69666963 6174652D 31343835 32343539 3532301E 170D3933 30333031 30303030
|
||||
35335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
|
||||
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 34383532
|
||||
34353935 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
|
||||
8100B3BC 70D69DBD 98EF4C19 8B98D8D6 FA1EEA8F 89C99567 38DAEDEE E481EB4B
|
||||
5FE96885 1E2E4CF6 7282D474 3C0F9711 FD94A661 DF3FCADA FCD801B3 BAC0F907
|
||||
A167C100 68E8B2C8 EC191A61 07EAEE1B 9A27C508 5BDE75D4 8E027D98 979AB506
|
||||
35AEF3AF ED6AB97B AF2137DD 1C28EB7F 9DDC88B0 AECA1529 8E252DAD D0AF0CD9
|
||||
14D50203 010001A3 78307630 0F060355 1D130101 FF040530 030101FF 30230603
|
||||
551D1104 1C301A82 18617573 2D636F72 65737730 312E7475 726E7379 732E6E65
|
||||
74301F06 03551D23 04183016 801437DF 64CC8992 2CD93FAC 0829D8DA E56280E2
|
||||
0374301D 0603551D 0E041604 1437DF64 CC89922C D93FAC08 29D8DAE5 6280E203
|
||||
74300D06 092A8648 86F70D01 01040500 03818100 6090B1E0 D07F081C 273982E5
|
||||
DA52C1A9 FF9D381B 6A9A6A65 A8315696 F7E1483C A8AE9C6A 74635CFE 03D8F845
|
||||
46188168 8E5CBF98 C4450FAC 95628D2E 3EB3D16F F8461D75 114A8F6F D40098E3
|
||||
C50F9AA7 6568273C 73436B35 B57CCF52 D152EBE0 84EE5684 F3D027B0 AEBDD7A0
|
||||
ECB58FD2 D717CADE 12CE7A53 C80E6BC4 3235D6FF
|
||||
quit
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
spanning-tree mode pvst
|
||||
spanning-tree extend system-id
|
||||
!
|
||||
vlan internal allocation policy ascending
|
||||
!
|
||||
ip ssh time-out 60
|
||||
ip ssh authentication-retries 5
|
||||
!
|
||||
!
|
||||
!
|
||||
interface FastEthernet0/1
|
||||
description labsw01
|
||||
switchport trunk encapsulation dot1q
|
||||
switchport mode trunk
|
||||
!
|
||||
interface FastEthernet0/2
|
||||
description unknown
|
||||
spanning-tree portfast
|
||||
!
|
||||
interface FastEthernet0/3
|
||||
description printer-pi
|
||||
switchport access vlan 22
|
||||
spanning-tree portfast
|
||||
!
|
||||
interface FastEthernet0/4
|
||||
description pfv-ucs
|
||||
switchport trunk encapsulation dot1q
|
||||
switchport mode trunk
|
||||
!
|
||||
interface FastEthernet0/5
|
||||
description extcam-left
|
||||
switchport access vlan 200
|
||||
spanning-tree portfast
|
||||
!
|
||||
interface FastEthernet0/6
|
||||
description extcam-right
|
||||
switchport access vlan 200
|
||||
spanning-tree portfast
|
||||
!
|
||||
interface FastEthernet0/7
|
||||
description ap1
|
||||
switchport access vlan 22
|
||||
spanning-tree portfast
|
||||
!
|
||||
interface FastEthernet0/8
|
||||
description ap2
|
||||
switchport access vlan 22
|
||||
!
|
||||
interface FastEthernet0/9
|
||||
description ap3
|
||||
switchport access vlan 22
|
||||
!
|
||||
interface FastEthernet0/10
|
||||
description ap4
|
||||
switchport access vlan 100
|
||||
!
|
||||
interface FastEthernet0/11
|
||||
description gallileo
|
||||
switchport access vlan 22
|
||||
switchport mode access
|
||||
!
|
||||
interface FastEthernet0/12
|
||||
description ausprod-coreap01
|
||||
power inline never
|
||||
switchport trunk encapsulation dot1q
|
||||
switchport trunk native vlan 30
|
||||
switchport mode trunk
|
||||
!
|
||||
interface FastEthernet0/13
|
||||
description inkjet
|
||||
switchport access vlan 22
|
||||
!
|
||||
interface FastEthernet0/14
|
||||
description color laser
|
||||
switchport access vlan 22
|
||||
switchport mode access
|
||||
!
|
||||
interface FastEthernet0/15
|
||||
description bwlaser
|
||||
switchport access vlan 22
|
||||
switchport mode access
|
||||
!
|
||||
interface FastEthernet0/16
|
||||
description octopi
|
||||
switchport access vlan 22
|
||||
switchport mode access
|
||||
!
|
||||
interface FastEthernet0/17
|
||||
description workbench switch
|
||||
switchport access vlan 100
|
||||
switchport mode access
|
||||
!
|
||||
interface FastEthernet0/18
|
||||
!
|
||||
interface FastEthernet0/19
|
||||
description parallela
|
||||
switchport access vlan 22
|
||||
switchport mode access
|
||||
!
|
||||
interface FastEthernet0/20
|
||||
!
|
||||
interface FastEthernet0/21
|
||||
!
|
||||
interface FastEthernet0/22
|
||||
description temp-port
|
||||
switchport access vlan 30
|
||||
switchport mode access
|
||||
!
|
||||
interface FastEthernet0/23
|
||||
description pfv-corertr01
|
||||
switchport trunk encapsulation dot1q
|
||||
switchport mode trunk
|
||||
!
|
||||
interface FastEthernet0/24
|
||||
description pfv-corertr02
|
||||
switchport trunk encapsulation dot1q
|
||||
switchport mode trunk
|
||||
!
|
||||
interface GigabitEthernet0/1
|
||||
!
|
||||
interface GigabitEthernet0/2
|
||||
!
|
||||
interface Vlan1
|
||||
no ip address
|
||||
!
|
||||
interface Vlan30
|
||||
description Mgmt net
|
||||
ip address 10.251.30.100 255.255.255.0
|
||||
!
|
||||
interface Vlan31
|
||||
description AP net
|
||||
no ip address
|
||||
!
|
||||
interface Vlan32
|
||||
description Switch net
|
||||
no ip address
|
||||
!
|
||||
interface Vlan33
|
||||
description VOIP net
|
||||
no ip address
|
||||
!
|
||||
interface Vlan34
|
||||
description Router net
|
||||
no ip address
|
||||
!
|
||||
interface Vlan35
|
||||
description IPTV
|
||||
no ip address
|
||||
!
|
||||
interface Vlan36
|
||||
description PeanutGallery
|
||||
no ip address
|
||||
!
|
||||
interface Vlan37
|
||||
description MALZOO (RED) net
|
||||
no ip address
|
||||
!
|
||||
interface Vlan38
|
||||
description Fstack1
|
||||
no ip address
|
||||
!
|
||||
interface Vlan39
|
||||
description Fstack2
|
||||
no ip address
|
||||
!
|
||||
interface Vlan40
|
||||
description Storage
|
||||
no ip address
|
||||
!
|
||||
interface Vlan100
|
||||
description Desknet
|
||||
no ip address
|
||||
!
|
||||
interface Vlan200
|
||||
description nerdbone
|
||||
no ip address
|
||||
!
|
||||
ip default-gateway 10.251.30.254
|
||||
ip classless
|
||||
ip route 0.0.0.0 0.0.0.0 10.251.30.254
|
||||
no ip http server
|
||||
no ip http secure-server
|
||||
!
|
||||
!
|
||||
logging 10.253.3.99
|
||||
access-list 93 remark NTP access
|
||||
access-list 93 deny any log
|
||||
snmp-server user kn3lmgmt kn3lmgmt v1
|
||||
snmp-server user kn3lmgmt kn3lmgmt v2c
|
||||
snmp-server community kn3lmgmt RO
|
||||
snmp-server user kn3lmgmt kn3lmgmt v1
|
||||
snmp-server user kn3lmgmt kn3lmgmt v2c
|
||||
snmp-server location PFV
|
||||
snmp-server chassis-id pfv-core-sw01
|
||||
!
|
||||
control-plane
|
||||
!
|
||||
!
|
||||
line con 0
|
||||
line vty 0 4
|
||||
transport input all
|
||||
line vty 5 15
|
||||
!
|
||||
ntp clock-period 36029657
|
||||
ntp access-group peer 93
|
||||
ntp access-group serve 93
|
||||
ntp access-group serve-only 93
|
||||
ntp server 10.253.3.201
|
||||
ntp server 10.40.100.200
|
||||
ntp server 10.251.30.71
|
||||
end
|
||||
|
@ -1,436 +0,0 @@
|
||||
!
|
||||
! Last configuration change at 13:44:44 CST Fri Feb 9 2018 by cisco
|
||||
! NVRAM config last updated at 13:44:45 CST Fri Feb 9 2018 by cisco
|
||||
!
|
||||
version 12.3
|
||||
no service pad
|
||||
service timestamps debug datetime msec
|
||||
service timestamps log datetime msec
|
||||
service password-encryption
|
||||
!
|
||||
hostname outap-front
|
||||
!
|
||||
logging rate-limit console 9
|
||||
no logging console
|
||||
no logging monitor
|
||||
enable secret 5 $1$lB96$.3rp3EmJ9p2KjpJh7h0.T.
|
||||
!
|
||||
clock timezone CST -6
|
||||
ip subnet-zero
|
||||
no ip domain lookup
|
||||
ip domain name turnsys.net
|
||||
ip name-server 10.40.50.254
|
||||
!
|
||||
!
|
||||
no aaa new-model
|
||||
dot11 syslog
|
||||
dot11 vlan-name Public vlan 2
|
||||
dot11 vlan-name Video vlan 201
|
||||
dot11 vlan-name Voice vlan 200
|
||||
dot11 vlan-name Workstations vlan 50
|
||||
!
|
||||
dot11 ssid SATX-Internet
|
||||
vlan 50
|
||||
authentication open
|
||||
authentication key-management wpa
|
||||
guest-mode
|
||||
mbssid guest-mode dtim-period 75
|
||||
wpa-psk ascii 7 070D2E43410E1C1704
|
||||
!
|
||||
dot11 network-map
|
||||
!
|
||||
crypto pki trustpoint TP-self-signed-4066931324
|
||||
enrollment selfsigned
|
||||
subject-name cn=IOS-Self-Signed-Certificate-4066931324
|
||||
revocation-check none
|
||||
rsakeypair TP-self-signed-4066931324
|
||||
!
|
||||
!
|
||||
crypto ca certificate chain TP-self-signed-4066931324
|
||||
certificate self-signed 01
|
||||
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
|
||||
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
|
||||
69666963 6174652D 34303636 39333133 3234301E 170D3132 30313038 31363333
|
||||
32325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
|
||||
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 30363639
|
||||
33313332 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
|
||||
8100C811 9A785118 E4DAF6E4 1F1AA2BF 443A6F35 EA8A65EA 6A4768D9 C0998DD4
|
||||
335F80D8 69A45641 72E6AA4F 05260247 7FCF755F C13336C0 8071A2C5 4AB23C96
|
||||
BF57D1BB CD52B4F1 E7423EB8 C9482C26 3742EAFC 730A0DFF 02CEAC28 9B08F072
|
||||
04960164 01CE5182 BA8898A2 AF23160D 299B87B8 E53AADB3 9233EC21 D973F636
|
||||
01990203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
|
||||
551D2304 18301680 1444BE0D D2F9A64D 600430DB 70E4DB6E F890968D 74301D06
|
||||
03551D0E 04160414 44BE0DD2 F9A64D60 0430DB70 E4DB6EF8 90968D74 300D0609
|
||||
2A864886 F70D0101 04050003 81810006 C0FD3D8F 1D87A0D4 1BCD3561 BDA8713D
|
||||
A72756CA 65E67BB8 6BE0F3EE 17863E60 512A1B52 900F99D1 D4A66158 4B4D04C4
|
||||
33FE9E09 C82A76CD F63B13CC 0901AB8A 60D739DA 9B0FF35A 0A71529F 70B75C0F
|
||||
8F012B28 F979C9E6 66FDD951 97478D5B ACFCF8E6 B7786CDD 0593B48A FC551254
|
||||
F3452830 685FB60B 7BDEF67B C689FA
|
||||
quit
|
||||
username Cisco privilege 15 password 7 02050D480809
|
||||
!
|
||||
bridge irb
|
||||
!
|
||||
!
|
||||
interface Dot11Radio0
|
||||
no ip address
|
||||
no ip route-cache
|
||||
!
|
||||
encryption mode ciphers aes-ccm
|
||||
!
|
||||
encryption vlan 2 mode ciphers aes-ccm tkip
|
||||
!
|
||||
encryption vlan 50 mode ciphers aes-ccm tkip
|
||||
!
|
||||
encryption vlan 200 mode ciphers aes-ccm tkip
|
||||
!
|
||||
encryption vlan 201 mode ciphers aes-ccm tkip
|
||||
!
|
||||
ssid SATX-Internet
|
||||
!
|
||||
mbssid
|
||||
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
|
||||
station-role root
|
||||
antenna gain 0
|
||||
bridge-group 1
|
||||
bridge-group 1 subscriber-loop-control
|
||||
bridge-group 1 block-unknown-source
|
||||
no bridge-group 1 source-learning
|
||||
no bridge-group 1 unicast-flooding
|
||||
bridge-group 1 spanning-disabled
|
||||
!
|
||||
interface Dot11Radio0.2
|
||||
encapsulation dot1Q 2
|
||||
no ip route-cache
|
||||
bridge-group 2
|
||||
bridge-group 2 subscriber-loop-control
|
||||
bridge-group 2 port-protected
|
||||
bridge-group 2 block-unknown-source
|
||||
no bridge-group 2 source-learning
|
||||
no bridge-group 2 unicast-flooding
|
||||
bridge-group 2 spanning-disabled
|
||||
!
|
||||
interface Dot11Radio0.50
|
||||
encapsulation dot1Q 50
|
||||
no ip route-cache
|
||||
bridge-group 50
|
||||
bridge-group 50 subscriber-loop-control
|
||||
bridge-group 50 block-unknown-source
|
||||
no bridge-group 50 source-learning
|
||||
no bridge-group 50 unicast-flooding
|
||||
bridge-group 50 spanning-disabled
|
||||
!
|
||||
interface Dot11Radio0.200
|
||||
encapsulation dot1Q 200
|
||||
no ip route-cache
|
||||
bridge-group 200
|
||||
bridge-group 200 subscriber-loop-control
|
||||
bridge-group 200 block-unknown-source
|
||||
no bridge-group 200 source-learning
|
||||
no bridge-group 200 unicast-flooding
|
||||
bridge-group 200 spanning-disabled
|
||||
!
|
||||
interface Dot11Radio0.201
|
||||
encapsulation dot1Q 201
|
||||
no ip route-cache
|
||||
bridge-group 201
|
||||
bridge-group 201 subscriber-loop-control
|
||||
bridge-group 201 block-unknown-source
|
||||
no bridge-group 201 source-learning
|
||||
no bridge-group 201 unicast-flooding
|
||||
bridge-group 201 spanning-disabled
|
||||
!
|
||||
interface FastEthernet0
|
||||
no ip address
|
||||
no ip route-cache
|
||||
duplex auto
|
||||
speed auto
|
||||
bridge-group 1
|
||||
no bridge-group 1 source-learning
|
||||
!
|
||||
interface FastEthernet0.2
|
||||
encapsulation dot1Q 2
|
||||
no ip route-cache
|
||||
bridge-group 2
|
||||
no bridge-group 2 source-learning
|
||||
bridge-group 2 spanning-disabled
|
||||
!
|
||||
interface FastEthernet0.50
|
||||
encapsulation dot1Q 50
|
||||
no ip route-cache
|
||||
bridge-group 50
|
||||
no bridge-group 50 source-learning
|
||||
bridge-group 50 spanning-disabled
|
||||
!
|
||||
interface FastEthernet0.200
|
||||
encapsulation dot1Q 200
|
||||
no ip route-cache
|
||||
bridge-group 200
|
||||
no bridge-group 200 source-learning
|
||||
bridge-group 200 spanning-disabled
|
||||
!
|
||||
interface FastEthernet0.201
|
||||
encapsulation dot1Q 201
|
||||
no ip route-cache
|
||||
bridge-group 201
|
||||
no bridge-group 201 source-learning
|
||||
bridge-group 201 spanning-disabled
|
||||
!
|
||||
interface BVI1
|
||||
ip address 10.40.100.201 255.255.255.0
|
||||
no ip route-cache
|
||||
!
|
||||
ip default-gateway 10.40.100.254
|
||||
no ip http server
|
||||
ip http secure-server
|
||||
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
|
||||
!
|
||||
snmp-server community kn3lmgmt RO
|
||||
snmp-server location SATX
|
||||
snmp-server contact prodtechopsalerts@turnsys.com
|
||||
bridge 1 route ip
|
||||
!
|
||||
!
|
||||
banner login ^CC5
|
||||
===============================================================================
|
||||
-------------------------------------------------------------------------------
|
||||
RT - PRODUCTION SYSTEM - GO AWAY
|
||||
-------------------------------------------------------------------------------
|
||||
|
||||
This is a private computer system.
|
||||
===============================================================================
|
||||
^C
|
||||
!
|
||||
line con 0
|
||||
line vty 0 4
|
||||
login local
|
||||
!
|
||||
no exception crashinfo
|
||||
sntp server 10.251.30.253
|
||||
sntp server 10.40.100.200
|
||||
end
|
||||
|
||||
outap-front#conf t
|
||||
Enter configuration commands, one per line. End with CNTL/Z.
|
||||
outap-front(config)#no sntp server 10.251.30.253
|
||||
outap-front(config)#end
|
||||
outap-front#write mem
|
||||
Building configuration...
|
||||
[OK]
|
||||
outap-front#show run
|
||||
Building configuration...
|
||||
|
||||
Current configuration : 5971 bytes
|
||||
!
|
||||
! Last configuration change at 13:46:16 CST Fri Feb 9 2018 by cisco
|
||||
! NVRAM config last updated at 13:46:19 CST Fri Feb 9 2018 by cisco
|
||||
!
|
||||
version 12.3
|
||||
no service pad
|
||||
service timestamps debug datetime msec
|
||||
service timestamps log datetime msec
|
||||
service password-encryption
|
||||
!
|
||||
hostname outap-front
|
||||
!
|
||||
logging rate-limit console 9
|
||||
no logging console
|
||||
no logging monitor
|
||||
enable secret 5 $1$lB96$.3rp3EmJ9p2KjpJh7h0.T.
|
||||
!
|
||||
clock timezone CST -6
|
||||
ip subnet-zero
|
||||
no ip domain lookup
|
||||
ip domain name turnsys.net
|
||||
ip name-server 10.40.50.254
|
||||
!
|
||||
!
|
||||
no aaa new-model
|
||||
dot11 syslog
|
||||
dot11 vlan-name Public vlan 2
|
||||
dot11 vlan-name Video vlan 201
|
||||
dot11 vlan-name Voice vlan 200
|
||||
dot11 vlan-name Workstations vlan 50
|
||||
!
|
||||
dot11 ssid SATX-Internet
|
||||
vlan 50
|
||||
authentication open
|
||||
authentication key-management wpa
|
||||
guest-mode
|
||||
mbssid guest-mode dtim-period 75
|
||||
wpa-psk ascii 7 070D2E43410E1C1704
|
||||
!
|
||||
dot11 network-map
|
||||
!
|
||||
crypto pki trustpoint TP-self-signed-4066931324
|
||||
enrollment selfsigned
|
||||
subject-name cn=IOS-Self-Signed-Certificate-4066931324
|
||||
revocation-check none
|
||||
rsakeypair TP-self-signed-4066931324
|
||||
!
|
||||
!
|
||||
crypto ca certificate chain TP-self-signed-4066931324
|
||||
certificate self-signed 01
|
||||
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
|
||||
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
|
||||
69666963 6174652D 34303636 39333133 3234301E 170D3132 30313038 31363333
|
||||
32325A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
|
||||
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 30363639
|
||||
33313332 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
|
||||
8100C811 9A785118 E4DAF6E4 1F1AA2BF 443A6F35 EA8A65EA 6A4768D9 C0998DD4
|
||||
335F80D8 69A45641 72E6AA4F 05260247 7FCF755F C13336C0 8071A2C5 4AB23C96
|
||||
BF57D1BB CD52B4F1 E7423EB8 C9482C26 3742EAFC 730A0DFF 02CEAC28 9B08F072
|
||||
04960164 01CE5182 BA8898A2 AF23160D 299B87B8 E53AADB3 9233EC21 D973F636
|
||||
01990203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
|
||||
551D2304 18301680 1444BE0D D2F9A64D 600430DB 70E4DB6E F890968D 74301D06
|
||||
03551D0E 04160414 44BE0DD2 F9A64D60 0430DB70 E4DB6EF8 90968D74 300D0609
|
||||
2A864886 F70D0101 04050003 81810006 C0FD3D8F 1D87A0D4 1BCD3561 BDA8713D
|
||||
A72756CA 65E67BB8 6BE0F3EE 17863E60 512A1B52 900F99D1 D4A66158 4B4D04C4
|
||||
33FE9E09 C82A76CD F63B13CC 0901AB8A 60D739DA 9B0FF35A 0A71529F 70B75C0F
|
||||
8F012B28 F979C9E6 66FDD951 97478D5B ACFCF8E6 B7786CDD 0593B48A FC551254
|
||||
F3452830 685FB60B 7BDEF67B C689FA
|
||||
quit
|
||||
username Cisco privilege 15 password 7 02050D480809
|
||||
!
|
||||
bridge irb
|
||||
!
|
||||
!
|
||||
interface Dot11Radio0
|
||||
no ip address
|
||||
no ip route-cache
|
||||
!
|
||||
encryption mode ciphers aes-ccm
|
||||
!
|
||||
encryption vlan 2 mode ciphers aes-ccm tkip
|
||||
!
|
||||
encryption vlan 50 mode ciphers aes-ccm tkip
|
||||
!
|
||||
encryption vlan 200 mode ciphers aes-ccm tkip
|
||||
!
|
||||
encryption vlan 201 mode ciphers aes-ccm tkip
|
||||
!
|
||||
ssid SATX-Internet
|
||||
!
|
||||
mbssid
|
||||
speed basic-6.0 9.0 basic-12.0 18.0 basic-24.0 36.0 48.0 54.0
|
||||
station-role root
|
||||
antenna gain 0
|
||||
bridge-group 1
|
||||
bridge-group 1 subscriber-loop-control
|
||||
bridge-group 1 block-unknown-source
|
||||
no bridge-group 1 source-learning
|
||||
no bridge-group 1 unicast-flooding
|
||||
bridge-group 1 spanning-disabled
|
||||
!
|
||||
interface Dot11Radio0.2
|
||||
encapsulation dot1Q 2
|
||||
no ip route-cache
|
||||
bridge-group 2
|
||||
bridge-group 2 subscriber-loop-control
|
||||
bridge-group 2 port-protected
|
||||
bridge-group 2 block-unknown-source
|
||||
no bridge-group 2 source-learning
|
||||
no bridge-group 2 unicast-flooding
|
||||
bridge-group 2 spanning-disabled
|
||||
!
|
||||
interface Dot11Radio0.50
|
||||
encapsulation dot1Q 50
|
||||
no ip route-cache
|
||||
bridge-group 50
|
||||
bridge-group 50 subscriber-loop-control
|
||||
bridge-group 50 block-unknown-source
|
||||
no bridge-group 50 source-learning
|
||||
no bridge-group 50 unicast-flooding
|
||||
bridge-group 50 spanning-disabled
|
||||
!
|
||||
interface Dot11Radio0.200
|
||||
encapsulation dot1Q 200
|
||||
no ip route-cache
|
||||
bridge-group 200
|
||||
bridge-group 200 subscriber-loop-control
|
||||
bridge-group 200 block-unknown-source
|
||||
no bridge-group 200 source-learning
|
||||
no bridge-group 200 unicast-flooding
|
||||
bridge-group 200 spanning-disabled
|
||||
!
|
||||
interface Dot11Radio0.201
|
||||
encapsulation dot1Q 201
|
||||
no ip route-cache
|
||||
bridge-group 201
|
||||
bridge-group 201 subscriber-loop-control
|
||||
bridge-group 201 block-unknown-source
|
||||
no bridge-group 201 source-learning
|
||||
no bridge-group 201 unicast-flooding
|
||||
bridge-group 201 spanning-disabled
|
||||
!
|
||||
interface FastEthernet0
|
||||
no ip address
|
||||
no ip route-cache
|
||||
duplex auto
|
||||
speed auto
|
||||
bridge-group 1
|
||||
no bridge-group 1 source-learning
|
||||
!
|
||||
interface FastEthernet0.2
|
||||
encapsulation dot1Q 2
|
||||
no ip route-cache
|
||||
bridge-group 2
|
||||
no bridge-group 2 source-learning
|
||||
bridge-group 2 spanning-disabled
|
||||
!
|
||||
interface FastEthernet0.50
|
||||
encapsulation dot1Q 50
|
||||
no ip route-cache
|
||||
bridge-group 50
|
||||
no bridge-group 50 source-learning
|
||||
bridge-group 50 spanning-disabled
|
||||
!
|
||||
interface FastEthernet0.200
|
||||
encapsulation dot1Q 200
|
||||
no ip route-cache
|
||||
bridge-group 200
|
||||
no bridge-group 200 source-learning
|
||||
bridge-group 200 spanning-disabled
|
||||
!
|
||||
interface FastEthernet0.201
|
||||
encapsulation dot1Q 201
|
||||
no ip route-cache
|
||||
bridge-group 201
|
||||
no bridge-group 201 source-learning
|
||||
bridge-group 201 spanning-disabled
|
||||
!
|
||||
interface BVI1
|
||||
ip address 10.40.100.201 255.255.255.0
|
||||
no ip route-cache
|
||||
!
|
||||
ip default-gateway 10.40.100.254
|
||||
no ip http server
|
||||
ip http secure-server
|
||||
ip http help-path http://www.cisco.com/warp/public/779/smbiz/prodconfig/help/eag
|
||||
!
|
||||
snmp-server community kn3lmgmt RO
|
||||
snmp-server location SATX
|
||||
snmp-server contact prodtechopsalerts@turnsys.com
|
||||
bridge 1 route ip
|
||||
!
|
||||
!
|
||||
banner login ^CC5
|
||||
===============================================================================
|
||||
-------------------------------------------------------------------------------
|
||||
RT - PRODUCTION SYSTEM - GO AWAY
|
||||
-------------------------------------------------------------------------------
|
||||
|
||||
This is a private computer system.
|
||||
===============================================================================
|
||||
^C
|
||||
!
|
||||
line con 0
|
||||
line vty 0 4
|
||||
login local
|
||||
!
|
||||
no exception crashinfo
|
||||
sntp server 10.40.100.200
|
||||
sntp server 10.253.3.201
|
||||
sntp server 10.251.30.71
|
||||
end
|
||||
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -1,160 +0,0 @@
|
||||
interface ethernet g1
|
||||
description satx-prodsw2
|
||||
exit
|
||||
interface ethernet g2
|
||||
description satx-prodsw3
|
||||
exit
|
||||
interface ethernet g3
|
||||
description satx-tsyssw1
|
||||
exit
|
||||
interface ethernet g4
|
||||
description unknown
|
||||
exit
|
||||
interface ethernet g5
|
||||
description SW03
|
||||
exit
|
||||
interface ethernet g6
|
||||
description joesWorkstation-sw05
|
||||
exit
|
||||
interface ethernet g7
|
||||
description NWU01
|
||||
exit
|
||||
interface range ethernet g(19-22)
|
||||
description rrkvm
|
||||
exit
|
||||
interface ethernet g23
|
||||
description pfvsvr01
|
||||
exit
|
||||
port jumbo-frame
|
||||
interface range ethernet g(1-3,23-24)
|
||||
switchport mode trunk
|
||||
exit
|
||||
vlan database
|
||||
vlan 2-12,22,30,50,100,170-171,200-201
|
||||
exit
|
||||
interface range ethernet g(1-3,23-24)
|
||||
switchport trunk allowed vlan add 2
|
||||
exit
|
||||
interface range ethernet g(1-3,23-24)
|
||||
switchport trunk allowed vlan add 3
|
||||
exit
|
||||
interface range ethernet g(1-3,23-24)
|
||||
switchport trunk allowed vlan add 4
|
||||
exit
|
||||
interface range ethernet g(1-3,23-24)
|
||||
switchport trunk allowed vlan add 5
|
||||
exit
|
||||
interface range ethernet g(1-3,23-24)
|
||||
switchport trunk allowed vlan add 6
|
||||
exit
|
||||
interface range ethernet g(1-3,23-24)
|
||||
switchport trunk allowed vlan add 7
|
||||
exit
|
||||
interface ethernet g8
|
||||
switchport access vlan 8
|
||||
exit
|
||||
interface range ethernet g(1-3,23-24)
|
||||
switchport trunk allowed vlan add 8
|
||||
exit
|
||||
interface range ethernet g(1-3,23-24)
|
||||
switchport trunk allowed vlan add 9
|
||||
exit
|
||||
interface range ethernet g(1-3,23-24)
|
||||
switchport trunk allowed vlan add 10
|
||||
exit
|
||||
interface range ethernet g(1-3,23-24)
|
||||
switchport trunk allowed vlan add 11
|
||||
exit
|
||||
interface range ethernet g(1-3,23-24)
|
||||
switchport trunk allowed vlan add 12
|
||||
exit
|
||||
interface range ethernet g(1-3,23-24)
|
||||
switchport trunk allowed vlan add 22
|
||||
exit
|
||||
interface range ethernet g(1-3,23-24)
|
||||
switchport trunk allowed vlan add 30
|
||||
exit
|
||||
interface range ethernet g(4-7)
|
||||
switchport access vlan 50
|
||||
exit
|
||||
interface range ethernet g(1-3,23-24)
|
||||
switchport trunk allowed vlan add 50
|
||||
exit
|
||||
interface range ethernet g(1-3,23-24)
|
||||
switchport trunk allowed vlan add 100
|
||||
exit
|
||||
interface range ethernet g(1-3,23-24)
|
||||
switchport trunk allowed vlan add 170
|
||||
exit
|
||||
interface range ethernet g(1-3,23-24)
|
||||
switchport trunk allowed vlan add 171
|
||||
exit
|
||||
interface range ethernet g(1-3,23-24)
|
||||
switchport trunk allowed vlan add 200
|
||||
exit
|
||||
interface range ethernet g(1-3,23-24)
|
||||
switchport trunk allowed vlan add 201
|
||||
exit
|
||||
voice vlan oui-table add 0001e3 Siemens_AG_phone________
|
||||
voice vlan oui-table add 00036b Cisco_phone_____________
|
||||
voice vlan oui-table add 00096e Avaya___________________
|
||||
voice vlan oui-table add 000fe2 H3C_Aolynk______________
|
||||
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
|
||||
voice vlan oui-table add 00d01e Pingtel_phone___________
|
||||
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
|
||||
voice vlan oui-table add 00e0bb 3Com_phone______________
|
||||
interface range ethernet g(4-5)
|
||||
negotiation 100f
|
||||
exit
|
||||
interface ethernet g6
|
||||
negotiation 1000f
|
||||
exit
|
||||
iscsi target port 860 address 0.0.0.0
|
||||
iscsi target port 3260 address 0.0.0.0
|
||||
interface vlan 100
|
||||
ip address 10.40.100.250 255.255.255.0
|
||||
exit
|
||||
ip default-gateway 10.40.100.254
|
||||
hostname satx-prodsw1
|
||||
logging 10.253.3.99
|
||||
username admin password a9166ce242b34acf0afb80b1092536bd level 15 encrypted
|
||||
snmp-server location satx
|
||||
snmp-server community kn3l rw 10.253.3.77 view DefaultSuper
|
||||
snmp-server community kn3lmgmt ro view Default
|
||||
clock timezone -6
|
||||
sntp client poll timer 120
|
||||
sntp unicast client enable
|
||||
sntp server 10.40.100.200
|
||||
sntp server 10.251.30.71
|
||||
sntp server 10.253.3.201
|
||||
ip domain-name turnsys.net
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
Default settings:
|
||||
Service tag: CBRWFH1
|
||||
|
||||
SW version 2.0.0.35 (date 27-Jan-2009 time 18:13:34)
|
||||
|
||||
Gigabit Ethernet Ports
|
||||
=============================
|
||||
no shutdown
|
||||
speed 1000
|
||||
duplex full
|
||||
negotiation
|
||||
flow-control off
|
||||
mdix auto
|
||||
no back-pressure
|
||||
|
||||
interface vlan 1
|
||||
interface port-channel 1 - 8
|
||||
|
||||
spanning-tree
|
||||
spanning-tree mode STP
|
||||
|
||||
qos basic
|
||||
qos trust cos
|
||||
|
@ -1,166 +0,0 @@
|
||||
!
|
||||
! Last configuration change at 20:06:32 UTC Fri Feb 9 2018 by cisco
|
||||
! NVRAM config last updated at 20:06:34 UTC Fri Feb 9 2018 by cisco
|
||||
!
|
||||
version 12.0
|
||||
no service pad
|
||||
service timestamps debug uptime
|
||||
service timestamps log uptime
|
||||
service password-encryption
|
||||
!
|
||||
hostname satx-prodsw3
|
||||
!
|
||||
aaa new-model
|
||||
enable secret 5 $1$QKJ2$YHSuwlCO4m1NkQwYYXVza.
|
||||
enable password 7 13061E010803
|
||||
!
|
||||
username cisco privilege 15 password 7 02050D480809
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
ip subnet-zero
|
||||
ip name-server 10.40.100.200
|
||||
!
|
||||
!
|
||||
!
|
||||
interface FastEthernet0/1
|
||||
description UPLINK TO SATXLANSW01-0/18
|
||||
switchport trunk encapsulation dot1q
|
||||
switchport mode trunk
|
||||
!
|
||||
interface FastEthernet0/2
|
||||
description nwu03
|
||||
switchport trunk encapsulation dot1q
|
||||
switchport trunk native vlan 100
|
||||
switchport mode trunk
|
||||
!
|
||||
interface FastEthernet0/3
|
||||
description vaultcam
|
||||
switchport access vlan 201
|
||||
switchport trunk encapsulation dot1q
|
||||
switchport trunk native vlan 100
|
||||
!
|
||||
interface FastEthernet0/4
|
||||
description gpspi
|
||||
switchport access vlan 100
|
||||
!
|
||||
interface FastEthernet0/5
|
||||
description trendnet-poe-camsw
|
||||
switchport access vlan 201
|
||||
spanning-tree portfast
|
||||
!
|
||||
interface FastEthernet0/6
|
||||
!
|
||||
interface FastEthernet0/7
|
||||
!
|
||||
interface FastEthernet0/8
|
||||
!
|
||||
interface FastEthernet0/9
|
||||
!
|
||||
interface FastEthernet0/10
|
||||
!
|
||||
interface FastEthernet0/11
|
||||
!
|
||||
interface FastEthernet0/12
|
||||
!
|
||||
interface FastEthernet0/13
|
||||
!
|
||||
interface FastEthernet0/14
|
||||
!
|
||||
interface FastEthernet0/15
|
||||
!
|
||||
interface FastEthernet0/16
|
||||
!
|
||||
interface FastEthernet0/17
|
||||
!
|
||||
interface FastEthernet0/18
|
||||
!
|
||||
interface FastEthernet0/19
|
||||
!
|
||||
interface FastEthernet0/20
|
||||
!
|
||||
interface FastEthernet0/21
|
||||
!
|
||||
interface FastEthernet0/22
|
||||
description satx-house
|
||||
switchport access vlan 2
|
||||
spanning-tree portfast
|
||||
!
|
||||
interface FastEthernet0/23
|
||||
description labcam
|
||||
switchport access vlan 201
|
||||
spanning-tree portfast
|
||||
!
|
||||
interface FastEthernet0/24
|
||||
description satx-infrabox
|
||||
switchport access vlan 100
|
||||
switchport trunk encapsulation dot1q
|
||||
spanning-tree portfast
|
||||
!
|
||||
interface GigabitEthernet0/1
|
||||
!
|
||||
interface GigabitEthernet0/2
|
||||
!
|
||||
interface VLAN1
|
||||
no ip directed-broadcast
|
||||
no ip route-cache
|
||||
shutdown
|
||||
!
|
||||
interface VLAN2
|
||||
description public
|
||||
no ip directed-broadcast
|
||||
no ip route-cache
|
||||
shutdown
|
||||
!
|
||||
interface VLAN50
|
||||
description workstations
|
||||
no ip directed-broadcast
|
||||
no ip route-cache
|
||||
shutdown
|
||||
!
|
||||
interface VLAN100
|
||||
description mgmt
|
||||
ip address 10.40.100.252 255.255.255.0
|
||||
no ip directed-broadcast
|
||||
no ip route-cache
|
||||
!
|
||||
interface VLAN200
|
||||
description voip
|
||||
no ip directed-broadcast
|
||||
no ip route-cache
|
||||
shutdown
|
||||
!
|
||||
interface VLAN201
|
||||
description video
|
||||
no ip directed-broadcast
|
||||
no ip route-cache
|
||||
shutdown
|
||||
!
|
||||
ip default-gateway 10.40.100.254
|
||||
logging 10.253.3.99
|
||||
access-list 93 remark NTP access
|
||||
access-list 93 deny any log
|
||||
snmp-server engineID local 00000009020000053274C2C0
|
||||
snmp-server community kn3lmgmt RO
|
||||
snmp-server location SATX
|
||||
snmp-server enable traps snmp authentication linkdown linkup coldstart
|
||||
snmp-server host 10.253.3.99 trap kn3lmgmt
|
||||
!
|
||||
line con 0
|
||||
transport input none
|
||||
stopbits 1
|
||||
line vty 0 4
|
||||
password 7 01100F175804
|
||||
line vty 5 15
|
||||
!
|
||||
ntp clock-period 11258997
|
||||
ntp access-group peer 93
|
||||
ntp access-group serve 93
|
||||
ntp access-group serve-only 93
|
||||
ntp server 10.253.3.201
|
||||
ntp server 10.40.100.200
|
||||
ntp server 10.251.30.71
|
||||
end
|
||||
|
@ -1,160 +0,0 @@
|
||||
!
|
||||
version 12.4
|
||||
service timestamps debug datetime msec
|
||||
service timestamps log datetime msec
|
||||
no service password-encryption
|
||||
!
|
||||
hostname satx-rr-rtr
|
||||
!
|
||||
boot-start-marker
|
||||
boot-end-marker
|
||||
!
|
||||
logging message-counter syslog
|
||||
enable secret 5 $1$4vT2$7i6iJRSZXXci8rhRQ3Pn40
|
||||
enable password c0l0rad0
|
||||
!
|
||||
no aaa new-model
|
||||
!
|
||||
!
|
||||
!
|
||||
dot11 syslog
|
||||
!
|
||||
flow exporter toolbox9995
|
||||
description Exports to Toolbox/nfsen
|
||||
destination 10.253.3.99
|
||||
template data timeout 300
|
||||
!
|
||||
!
|
||||
flow monitor toolbox
|
||||
record netflow ipv4 original-input
|
||||
exporter toolbox9995
|
||||
cache timeout active 300
|
||||
!
|
||||
ip source-route
|
||||
no ip routing
|
||||
!
|
||||
!
|
||||
no ip cef
|
||||
!
|
||||
!
|
||||
no ipv6 cef
|
||||
!
|
||||
multilink bundle-name authenticated
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
voice-card 0
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
archive
|
||||
log config
|
||||
hidekeys
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
interface FastEthernet0/0
|
||||
ip address 10.40.100.210 255.255.255.0
|
||||
ip flow monitor toolbox input
|
||||
ip flow monitor toolbox output
|
||||
no ip route-cache
|
||||
duplex full
|
||||
speed auto
|
||||
no mop enabled
|
||||
!
|
||||
interface FastEthernet0/1
|
||||
no ip address
|
||||
ip flow monitor toolbox input
|
||||
ip flow monitor toolbox output
|
||||
no ip route-cache
|
||||
shutdown
|
||||
duplex auto
|
||||
speed auto
|
||||
!
|
||||
interface Serial0/1/0
|
||||
no ip address
|
||||
no ip route-cache
|
||||
shutdown
|
||||
no fair-queue
|
||||
clock rate 2000000
|
||||
!
|
||||
interface Serial0/1/1
|
||||
no ip address
|
||||
no ip route-cache
|
||||
shutdown
|
||||
clock rate 2000000
|
||||
!
|
||||
ip default-gateway 10.40.100.254
|
||||
ip forward-protocol nd
|
||||
no ip http server
|
||||
no ip http secure-server
|
||||
!
|
||||
!
|
||||
!
|
||||
logging 10.253.3.99
|
||||
access-list 93 remark NTP access
|
||||
access-list 93 deny any log
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
snmp-server community kn3lmgmt RO
|
||||
snmp-server location satx
|
||||
!
|
||||
control-plane
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
!
|
||||
line con 0
|
||||
line aux 0
|
||||
line vty 0 4
|
||||
exec-timeout 15 0
|
||||
password c0l0rad0
|
||||
login
|
||||
line vty 5 15
|
||||
exec-timeout 15 0
|
||||
login
|
||||
!
|
||||
scheduler allocate 20000 1000
|
||||
ntp access-group peer 93
|
||||
ntp access-group serve 93
|
||||
ntp access-group serve-only 93
|
||||
ntp server 10.251.30.71
|
||||
ntp server 10.40.100.200
|
||||
ntp server 10.253.3.201
|
||||
end
|
||||
|
@ -1,163 +0,0 @@
|
||||
interface ethernet g1
|
||||
description unused
|
||||
exit
|
||||
interface range ethernet g(2-3)
|
||||
description tsys-cn2
|
||||
exit
|
||||
interface ethernet g4
|
||||
description tsys-cn4
|
||||
exit
|
||||
interface ethernet g5
|
||||
description satx-consrv1
|
||||
exit
|
||||
interface ethernet g6
|
||||
description rr-zeroinstrtr
|
||||
exit
|
||||
interface range ethernet g(7,12)
|
||||
description PGSLED
|
||||
exit
|
||||
interface ethernet g8
|
||||
description shallowblue
|
||||
exit
|
||||
interface ethernet g9
|
||||
description galielo
|
||||
exit
|
||||
interface ethernet g10
|
||||
description ap1
|
||||
exit
|
||||
interface ethernet g11
|
||||
description ap2
|
||||
exit
|
||||
interface ethernet g13
|
||||
description ap4
|
||||
exit
|
||||
interface ethernet g14
|
||||
description ap5
|
||||
exit
|
||||
interface ethernet g15
|
||||
description ap6
|
||||
exit
|
||||
interface ethernet g16
|
||||
description ap7
|
||||
exit
|
||||
interface ethernet g17
|
||||
description ap8
|
||||
exit
|
||||
interface ethernet g18
|
||||
description ap9
|
||||
exit
|
||||
interface ethernet g19
|
||||
description ap10
|
||||
exit
|
||||
interface ethernet g20
|
||||
description octopi
|
||||
exit
|
||||
interface ethernet g21
|
||||
description available
|
||||
exit
|
||||
interface ethernet g22
|
||||
description auslab-ips(mgmt)
|
||||
exit
|
||||
interface ethernet g23
|
||||
description ps3(mgmt)
|
||||
exit
|
||||
interface ethernet g24
|
||||
description "satx-rtr01 fe0/0"
|
||||
exit
|
||||
interface range ethernet g(1-4,8,17-18,24)
|
||||
switchport mode trunk
|
||||
exit
|
||||
vlan database
|
||||
vlan 2-8,60-70,100
|
||||
exit
|
||||
interface range ethernet g(7,9,11,20-21,23)
|
||||
switchport access vlan 2
|
||||
exit
|
||||
interface range ethernet g(1,3-4,8,17-18,24)
|
||||
switchport trunk allowed vlan add 2
|
||||
exit
|
||||
interface range ethernet g(13-14,16)
|
||||
switchport access vlan 3
|
||||
exit
|
||||
interface range ethernet g(1,3-4,8,17-18,24)
|
||||
switchport trunk allowed vlan add 3
|
||||
exit
|
||||
interface range ethernet g(1,3-4,8,17-18,24)
|
||||
switchport trunk allowed vlan add 4
|
||||
exit
|
||||
interface range ethernet g(1,3-4,8,17-18,24)
|
||||
switchport trunk allowed vlan add 5
|
||||
exit
|
||||
interface range ethernet g(1,3-4,8,17-18,24)
|
||||
switchport trunk allowed vlan add 6
|
||||
exit
|
||||
interface range ethernet g(1,3-4,8,17-18,24)
|
||||
switchport trunk allowed vlan add 7
|
||||
exit
|
||||
interface range ethernet g(1,3-4,8,17-18,24)
|
||||
switchport trunk allowed vlan add 8
|
||||
exit
|
||||
interface range ethernet g(1,3-4,8,24)
|
||||
switchport trunk allowed vlan add 60
|
||||
exit
|
||||
interface range ethernet g(1,3-4,8,24)
|
||||
switchport trunk allowed vlan add 61
|
||||
exit
|
||||
interface range ethernet g(1,3-4,8,24)
|
||||
switchport trunk allowed vlan add 62
|
||||
exit
|
||||
interface range ethernet g(1,3-4,8,24)
|
||||
switchport trunk allowed vlan add 63
|
||||
exit
|
||||
interface range ethernet g(1,3-4,8,24)
|
||||
switchport trunk allowed vlan add 64
|
||||
exit
|
||||
interface range ethernet g(1,3-4,8,24)
|
||||
switchport trunk allowed vlan add 65
|
||||
exit
|
||||
interface range ethernet g(1,3-4,8,24)
|
||||
switchport trunk allowed vlan add 66
|
||||
exit
|
||||
interface range ethernet g(1,3-4,8,24)
|
||||
switchport trunk allowed vlan add 67
|
||||
exit
|
||||
interface range ethernet g(1,3-4,8,24)
|
||||
switchport trunk allowed vlan add 68
|
||||
exit
|
||||
interface range ethernet g(1,3-4,8,24)
|
||||
switchport trunk allowed vlan add 69
|
||||
exit
|
||||
interface range ethernet g(1,3-4,8,24)
|
||||
switchport trunk allowed vlan add 70
|
||||
exit
|
||||
interface range ethernet g(5-6,15,22)
|
||||
switchport access vlan 100
|
||||
exit
|
||||
interface range ethernet g(1-4,24)
|
||||
switchport trunk allowed vlan add 100
|
||||
exit
|
||||
interface vlan 70
|
||||
name Storage
|
||||
exit
|
||||
interface vlan 100
|
||||
ip address 10.40.100.249 255.255.255.0
|
||||
exit
|
||||
ip default-gateway 10.40.100.254
|
||||
hostname satx-tsyscoresw1
|
||||
line ssh
|
||||
exec-timeout 0
|
||||
exit
|
||||
username admin password c5446cf68968ea534bceadd492e0477a level 15 encrypted
|
||||
ip ssh server
|
||||
snmp-server community kn3lmgmt ro
|
||||
snmp-server location SATX
|
||||
snmp-server contact prodtechopsalerts@turnsys.com
|
||||
clock timezone -6 zone utc
|
||||
clock source sntp
|
||||
sntp client poll timer 60
|
||||
sntp unicast client enable
|
||||
sntp unicast client poll
|
||||
sntp server 10.40.100.200
|
||||
sntp server 10.251.30.71
|
||||
sntp server 10.253.3.201
|
||||
|
0
scripts/auto-netdata-install.sh
Executable file → Normal file
0
scripts/auto-netdata-install.sh
Executable file → Normal file
@ -1,114 +0,0 @@
|
||||
#!/bin/bash
|
||||
# Detects which OS and if it is Linux then it will detect which Linux Distribution.
|
||||
|
||||
OS=`uname -s`
|
||||
REV=`uname -r`
|
||||
MACH=`uname -m`
|
||||
|
||||
if [ "${OS}" = "SunOS" ] ; then
|
||||
OS=Solaris
|
||||
ARCH=`uname -p`
|
||||
OSSTR="${OS} ${REV}(${ARCH} `uname -v`)"
|
||||
|
||||
elif [ "${OS}" = "AIX" ] ; then
|
||||
OSSTR="${OS} `oslevel` (`oslevel -r`)"
|
||||
|
||||
elif [ "${OS}" = "Linux" ] ; then
|
||||
KERNEL=`uname -r`
|
||||
|
||||
if [ -f /etc/fedora-release ]; then
|
||||
DIST=$(cat /etc/fedora-release | awk '{print $1}')
|
||||
REV=`cat /etc/fedora-release | sed s/.*release\ // | sed s/\ .*//`
|
||||
|
||||
elif [ -f /etc/redhat-release ] ; then
|
||||
DIST=$(cat /etc/redhat-release | awk '{print $1}')
|
||||
if [ "${DIST}" = "CentOS" ]; then
|
||||
DIST="CentOS"
|
||||
elif [ "${DIST}" = "Mandriva" ]; then
|
||||
DIST="Mandriva"
|
||||
PSEUDONAME=`cat /etc/mandriva-release | sed s/.*\(// | sed s/\)//`
|
||||
REV=`cat /etc/mandriva-release | sed s/.*release\ // | sed s/\ .*//`
|
||||
elif [ -f /etc/oracle-release ]; then
|
||||
DIST="Oracle"
|
||||
else
|
||||
DIST="RedHat"
|
||||
fi
|
||||
|
||||
PSEUDONAME=`cat /etc/redhat-release | sed s/.*\(// | sed s/\)//`
|
||||
REV=`cat /etc/redhat-release | sed s/.*release\ // | sed s/\ .*//`
|
||||
|
||||
elif [ -f /etc/mandrake-release ] ; then
|
||||
DIST='Mandrake'
|
||||
PSEUDONAME=`cat /etc/mandrake-release | sed s/.*\(// | sed s/\)//`
|
||||
REV=`cat /etc/mandrake-release | sed s/.*release\ // | sed s/\ .*//`
|
||||
|
||||
elif [ -f /etc/devuan_version ] ; then
|
||||
DIST="Devuan `cat /etc/devuan_version`"
|
||||
REV=""
|
||||
|
||||
elif [ -f /etc/debian_version ] ; then
|
||||
DIST="Debian `cat /etc/debian_version`"
|
||||
REV=""
|
||||
ID=`lsb_release -i | awk -F ':' '{print $2}' | sed 's/ //g'`
|
||||
if [ "${ID}" = "Raspbian" ] ; then
|
||||
DIST="Raspbian `cat /etc/debian_version`"
|
||||
fi
|
||||
|
||||
elif [ -f /etc/gentoo-release ] ; then
|
||||
DIST="Gentoo"
|
||||
REV=$(tr -d '[[:alpha:]]' </etc/gentoo-release | tr -d " ")
|
||||
|
||||
elif [ -f /etc/arch-release ] ; then
|
||||
DIST="Arch Linux"
|
||||
REV="" # Omit version since Arch Linux uses rolling releases
|
||||
IGNORE_LSB=1 # /etc/lsb-release would overwrite $REV with "rolling"
|
||||
|
||||
elif [ -f /etc/os-release ] ; then
|
||||
DIST=$(grep '^NAME=' /etc/os-release | cut -d= -f2- | tr -d '"')
|
||||
REV=$(grep '^VERSION_ID=' /etc/os-release | cut -d= -f2- | tr -d '"')
|
||||
|
||||
elif [ -f /etc/openwrt_version ] ; then
|
||||
DIST="OpenWrt"
|
||||
REV=$(cat /etc/openwrt_version)
|
||||
|
||||
elif [ -f /etc/pld-release ] ; then
|
||||
DIST=$(cat /etc/pld-release)
|
||||
REV=""
|
||||
|
||||
elif [ -f /etc/SuSE-release ] ; then
|
||||
DIST=$(echo SLES $(grep VERSION /etc/SuSE-release | cut -d = -f 2 | tr -d " "))
|
||||
REV=$(echo SP$(grep PATCHLEVEL /etc/SuSE-release | cut -d = -f 2 | tr -d " "))
|
||||
fi
|
||||
|
||||
if [ -f /etc/lsb-release -a "${IGNORE_LSB}" != 1 ] ; then
|
||||
LSB_DIST=$(lsb_release -si)
|
||||
LSB_REV=$(lsb_release -sr)
|
||||
if [ "$LSB_DIST" != "" ] ; then
|
||||
DIST=$LSB_DIST
|
||||
fi
|
||||
if [ "$LSB_REV" != "" ] ; then
|
||||
REV=$LSB_REV
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ "`uname -a | awk '{print $(NF)}'`" = "DD-WRT" ] ; then
|
||||
DIST="dd-wrt"
|
||||
fi
|
||||
|
||||
if [ -n "${REV}" ]
|
||||
then
|
||||
OSSTR="${DIST} ${REV}"
|
||||
else
|
||||
OSSTR="${DIST}"
|
||||
fi
|
||||
|
||||
elif [ "${OS}" = "Darwin" ] ; then
|
||||
if [ -f /usr/bin/sw_vers ] ; then
|
||||
OSSTR=`/usr/bin/sw_vers|grep -v Build|sed 's/^.*:.//'| tr "\n" ' '`
|
||||
fi
|
||||
|
||||
elif [ "${OS}" = "FreeBSD" ] ; then
|
||||
OSSTR=`/usr/bin/uname -mior`
|
||||
fi
|
||||
|
||||
echo ${OSSTR}
|
@ -1,95 +0,0 @@
|
||||
#!/bin/bash
|
||||
#TSYS Slack installer
|
||||
#Use as a reference for other TSYS scripts
|
||||
|
||||
#######################################################################################################################################################
|
||||
#Global variables
|
||||
#######################################################################################################################################################
|
||||
|
||||
|
||||
export MGMT_INT="$(netstat -rn |grep 0.0.0.0|awk '{print $NF}' |head -n1 )"
|
||||
export MGMT_IP="$(ifconfig $MGMT_INT |grep inet|awk '{print $2}'|head -n1)"
|
||||
|
||||
export DIST_SERVER="https://techops.turnsys.net/"
|
||||
export DIST_ROOT_PATH="slack-dist"
|
||||
|
||||
#######################################################################################################################################################
|
||||
#Execution begins
|
||||
#######################################################################################################################################################
|
||||
|
||||
#######################################################################################################################################################
|
||||
#Step 1. determine server type and site
|
||||
#######################################################################################################################################################
|
||||
|
||||
#Will be useful later when we have fleets of kvm/lxc etc machines, commented out for now.
|
||||
|
||||
#if [ $(hostname -s|egrep -i -c -E 'ts|ts[0-9]|ts[0-9][0-9]|ts[0-9][0-9][0-9]|linux') -eq 1 ]; then
|
||||
#export server_type=ts
|
||||
#fi
|
||||
|
||||
#if [ $(hostname -s|egrep -c -E 'cvm') -eq 1 ]; then
|
||||
#export server_type=cvm
|
||||
#fi
|
||||
|
||||
|
||||
|
||||
#case $server_type in
|
||||
# abc)
|
||||
# export SERVER_TYPE="abc"
|
||||
# ;;
|
||||
# xxx)
|
||||
# export SERVER_TYPE="xxx"
|
||||
# ;;
|
||||
# yyy)
|
||||
# export SERVER_TYPE="yyy"
|
||||
# ;;
|
||||
# *)
|
||||
# export SERVER_TYPE="prod"
|
||||
# ;;
|
||||
#esac
|
||||
|
||||
export SERVER_TYPE="prod"
|
||||
|
||||
|
||||
#######################################################################################################################################################
|
||||
#Step 2: Fixup the /etc/hosts file
|
||||
#######################################################################################################################################################
|
||||
#Static /etc/hosts bits
|
||||
#cat > /etc/hosts << HOSTFILESTATIC
|
||||
#127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
|
||||
#::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
|
||||
#HOSTFILESTATIC
|
||||
|
||||
#Dynamic /etc/hosts bits
|
||||
#cat >> /etc/hosts <<HOSTFILEDYNAMIC
|
||||
#127.0.1.1 $(hostname) $(hostname -s)
|
||||
#$MGMT_IP $(hostname) $(hostname -s)
|
||||
#HOSTFILEDYNAMIC
|
||||
|
||||
#######################################################################################################################################################
|
||||
#Step 3: Grab slack runtime bits and deploy slack
|
||||
#######################################################################################################################################################
|
||||
curl --insecure -q $DIST_SERVER/$DIST_ROOT_PATH/bin/distro > /usr/bin/distro
|
||||
chmod +x /usr/bin/distro
|
||||
|
||||
apt-get -y install make perl rsync
|
||||
|
||||
mkdir /tmp/slackDist
|
||||
wget --quiet --no-check-certificate $DIST_SERVER/$DIST_ROOT_PATH/slackDist.tar.gz -O /tmp/slackDist/slackDist.tar.gz
|
||||
cd /tmp/slackDist
|
||||
tar xvfz slackDist.tar.gz
|
||||
make install
|
||||
cd /tmp
|
||||
rm -rf slackDist
|
||||
|
||||
mkdir /root/.ssh
|
||||
chmod 700 /root/.ssh
|
||||
chown -R root:root /root/.ssh
|
||||
|
||||
echo "Server type:" $SERVER_TYPE
|
||||
|
||||
wget --quiet --no-check-certificate $DIST_SERVER/$DIST_ROOT_PATH/env/$SERVER_TYPE/SlackConfig-$SERVER_TYPE.config -O /etc/slack.conf
|
||||
wget --quiet --no-check-certificate $DIST_SERVER/$DIST_ROOT_PATH/env/$SERVER_TYPE/SlackSSH-$SERVER_TYPE.config -O /root/.ssh/config
|
||||
wget --quiet --no-check-certificate $DIST_SERVER/$DIST_ROOT_PATH/env/$SERVER_TYPE/SlackSSH-$SERVER_TYPE.key -O /root/.ssh/SlackSSH-$SERVER_TYPE.key
|
||||
chmod 400 /root/.ssh/SlackSSH-$SERVER_TYPE.key
|
||||
chmod 400 /root/.ssh/config
|
39
slack-dist/dist/Makefile
vendored
39
slack-dist/dist/Makefile
vendored
@ -1,39 +0,0 @@
|
||||
# Makefile for slack/src
|
||||
# $Id: Makefile 187 2008-03-03 02:00:18Z alan $
|
||||
include Makefile.common
|
||||
|
||||
BACKENDS = slack-getroles slack-installfiles slack-runscript slack-sync slack-stage slack-rolediff
|
||||
|
||||
all:
|
||||
|
||||
install: install-bin install-conf install-lib install-man
|
||||
|
||||
install-bin: all
|
||||
$(MKDIR) $(DESTDIR)$(sbindir)
|
||||
$(INSTALL) slack $(DESTDIR)$(sbindir)
|
||||
$(MKDIR) $(DESTDIR)$(bindir)
|
||||
$(INSTALL) slack-diff $(DESTDIR)$(bindir)
|
||||
$(MKDIR) $(DESTDIR)$(slack_libexecdir)
|
||||
@set -ex;\
|
||||
for i in $(BACKENDS); do \
|
||||
$(INSTALL) $$i $(DESTDIR)$(slack_libexecdir); done
|
||||
$(INSTALL) -d -m $(PRIVDIRMODE) $(DESTDIR)$(slack_localstatedir)
|
||||
$(INSTALL) -d -m $(PRIVDIRMODE) $(DESTDIR)$(slack_localcachedir)
|
||||
|
||||
install-conf: all
|
||||
$(MKDIR) $(DESTDIR)$(sysconfdir)
|
||||
$(INSTALL) -m 0644 slack.conf $(DESTDIR)$(sysconfdir)
|
||||
|
||||
install-lib: all
|
||||
$(MKDIR) $(DESTDIR)$(slack_libdir)
|
||||
$(INSTALL) -m 0644 Slack.pm $(DESTDIR)$(slack_libdir)
|
||||
|
||||
install-man: all
|
||||
|
||||
clean:
|
||||
|
||||
realclean: clean
|
||||
|
||||
distclean: clean
|
||||
|
||||
test:
|
27
slack-dist/dist/Makefile.common
vendored
27
slack-dist/dist/Makefile.common
vendored
@ -1,27 +0,0 @@
|
||||
# Common code included in every Makefile
|
||||
# $Id: Makefile.common 189 2008-04-21 00:52:56Z sundell $
|
||||
|
||||
PACKAGE=slack
|
||||
VERSION=0.15.2
|
||||
|
||||
DESTDIR =
|
||||
|
||||
prefix = /
|
||||
exec_prefix = /usr
|
||||
sysconfdir = ${prefix}/etc
|
||||
mandir = ${exec_prefix}/share/man
|
||||
bindir = ${exec_prefix}/bin
|
||||
sbindir = ${exec_prefix}/sbin
|
||||
libdir = ${exec_prefix}/lib
|
||||
libexecdir = ${exec_prefix}/lib
|
||||
localstatedir = ${prefix}/var
|
||||
|
||||
slack_libdir = ${libdir}/slack
|
||||
slack_libexecdir = ${libexecdir}/slack
|
||||
slack_localstatedir = ${localstatedir}/lib/slack
|
||||
slack_localcachedir = ${localstatedir}/cache/slack
|
||||
|
||||
INSTALL = install
|
||||
MKDIR = mkdir -p
|
||||
|
||||
PRIVDIRMODE = 0700
|
371
slack-dist/dist/Slack.pm
vendored
371
slack-dist/dist/Slack.pm
vendored
@ -1,371 +0,0 @@
|
||||
# $Id: Slack.pm 189 2008-04-21 00:52:56Z sundell $
|
||||
# vim:sw=2
|
||||
# vim600:fdm=marker
|
||||
# Copyright (C) 2004-2008 Alan Sundell <alan@sundell.net>
|
||||
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
|
||||
# See the file COPYING for details.
|
||||
|
||||
package Slack;
|
||||
|
||||
require 5.006;
|
||||
use strict;
|
||||
use Carp qw(cluck confess croak);
|
||||
use File::Find;
|
||||
use POSIX qw(WIFEXITED WEXITSTATUS WIFSIGNALED WTERMSIG);
|
||||
|
||||
use base qw(Exporter);
|
||||
use vars qw($VERSION @EXPORT @EXPORT_OK $DEFAULT_CONFIG_FILE);
|
||||
$VERSION = '0.15.2';
|
||||
@EXPORT = qw();
|
||||
@EXPORT_OK = qw();
|
||||
|
||||
$DEFAULT_CONFIG_FILE = '/etc/slack.conf';
|
||||
|
||||
my $term;
|
||||
|
||||
my @default_options = (
|
||||
'help|h|?',
|
||||
'version',
|
||||
'verbose|v+',
|
||||
'quiet',
|
||||
'config|C=s',
|
||||
'source|s=s',
|
||||
'rsh|e=s',
|
||||
'cache|c=s',
|
||||
'stage|t=s',
|
||||
'root|r=s',
|
||||
'dry-run|n',
|
||||
'backup|b',
|
||||
'backup-dir=s',
|
||||
'hostname|H=s',
|
||||
);
|
||||
|
||||
sub default_usage ($) {
|
||||
my ($synopsis) = @_;
|
||||
return <<EOF;
|
||||
Usage: $synopsis
|
||||
|
||||
Options:
|
||||
-h, -?, --help
|
||||
Print this help message and exit.
|
||||
|
||||
--version
|
||||
Print the version number and exit.
|
||||
|
||||
-v, --verbose
|
||||
Be verbose.
|
||||
|
||||
--quiet
|
||||
Don't be verbose (Overrides previous uses of --verbose)
|
||||
|
||||
-C, --config FILE
|
||||
Use this config file instead of '$DEFAULT_CONFIG_FILE'.
|
||||
|
||||
-s, --source DIR
|
||||
Source for slack files
|
||||
|
||||
-e, --rsh COMMAND
|
||||
Remote shell for rsync
|
||||
|
||||
-c, --cache DIR
|
||||
Local cache directory for slack files
|
||||
|
||||
-t, --stage DIR
|
||||
Local staging directory for slack files
|
||||
|
||||
-r, --root DIR
|
||||
Root destination for slack files
|
||||
|
||||
-n, --dry-run
|
||||
Don't write any files to disk -- just report what would have been done.
|
||||
|
||||
-b, --backup
|
||||
Make backups of existing files in ROOT that are overwritten.
|
||||
|
||||
--backup-dir DIR
|
||||
Put backups into this directory.
|
||||
|
||||
-H, --hostname HOST
|
||||
Pretend to be running on HOST, instead of the name given by
|
||||
gethostname(2).
|
||||
EOF
|
||||
}
|
||||
# Read options from a config file. Arguments:
|
||||
# file => config file to read
|
||||
# opthash => hashref in which to store the options
|
||||
# verbose => whether to be verbose
|
||||
sub read_config (%) {
|
||||
my %arg = @_;
|
||||
my ($config_fh);
|
||||
local $_;
|
||||
|
||||
confess "Slack::read_config: no config file given"
|
||||
if not defined $arg{file};
|
||||
$arg{opthash} = {}
|
||||
if not defined $arg{opthash};
|
||||
|
||||
open($config_fh, '<', $arg{file})
|
||||
or confess "Could not open config file '$arg{file}': $!";
|
||||
|
||||
# Make this into a hash so we can quickly see if we're looking
|
||||
# for a particular option
|
||||
my %looking_for;
|
||||
if (ref $arg{options} eq 'ARRAY') {
|
||||
%looking_for = map { $_ => 1 } @{$arg{options}};
|
||||
}
|
||||
|
||||
while(<$config_fh>) {
|
||||
chomp;
|
||||
s/#.*//; # delete comments
|
||||
s/\s+$//; # delete trailing spaces
|
||||
next if m/^$/; # skip empty lines
|
||||
|
||||
if (m/^[A-Z_]+=\S+/) {
|
||||
my ($key, $value) = split(/=/, $_, 2);
|
||||
$key =~ tr/A-Z_/a-z-/;
|
||||
# Only set options we're looking for
|
||||
next if (%looking_for and not $looking_for{$key});
|
||||
# Don't set options that are already set
|
||||
next if defined $arg{opthash}->{$key};
|
||||
|
||||
$arg{verbose} and print STDERR "Slack::read_config: Setting '$key' to '$value'\n";
|
||||
$arg{opthash}->{$key} = $value;
|
||||
} else {
|
||||
cluck "Slack::read_config: Garbage line '$_' in '$arg{file}' line $. ignored";
|
||||
}
|
||||
}
|
||||
|
||||
close($config_fh)
|
||||
or confess "Slack::read_config: Could not close config file: $!";
|
||||
|
||||
# The verbose option is treated specially in so many places that
|
||||
# we need to make sure it's defined.
|
||||
$arg{opthash}->{verbose} ||= 0;
|
||||
|
||||
return $arg{opthash};
|
||||
}
|
||||
|
||||
# Just get the exit code from a command that failed.
|
||||
# croaks if anything weird happened.
|
||||
sub get_system_exit (@) {
|
||||
my @command = @_;
|
||||
|
||||
if (WIFEXITED($?)) {
|
||||
my $exit = WEXITSTATUS($?);
|
||||
return $exit if $exit;
|
||||
}
|
||||
if (WIFSIGNALED($?)) {
|
||||
my $sig = WTERMSIG($?);
|
||||
croak "'@command' caught sig $sig";
|
||||
}
|
||||
if ($!) {
|
||||
croak "Syserr on system '@command': $!";
|
||||
}
|
||||
croak "Unknown error on '@command'";
|
||||
}
|
||||
|
||||
sub check_system_exit (@) {
|
||||
my @command = @_;
|
||||
my $exit = get_system_exit(@command);
|
||||
# Exit is non-zero if get_system_exit() didn't croak.
|
||||
croak "'@command' exited $exit";
|
||||
}
|
||||
|
||||
# get options from the command line and the config file
|
||||
# Arguments
|
||||
# opthash => hashref in which to store options
|
||||
# usage => usage statement
|
||||
# required_options => arrayref of options to require -- an exception
|
||||
# will be thrown if these options are not defined
|
||||
# command_line_hash => store options specified on the command line here
|
||||
sub get_options {
|
||||
my %arg = @_;
|
||||
use Getopt::Long;
|
||||
Getopt::Long::Configure('bundling');
|
||||
|
||||
if (not defined $arg{opthash}) {
|
||||
$arg{opthash} = {};
|
||||
}
|
||||
|
||||
if (not defined $arg{usage}) {
|
||||
$arg{usage} = default_usage($0);
|
||||
}
|
||||
|
||||
my @extra_options = (); # extra arguments to getoptions
|
||||
if (defined $arg{command_line_options}) {
|
||||
@extra_options = @{$arg{command_line_options}};
|
||||
}
|
||||
|
||||
# Make a --quiet function that turns off verbosity
|
||||
$arg{opthash}->{quiet} = sub { $arg{opthash}->{verbose} = 0; };
|
||||
|
||||
unless (GetOptions($arg{opthash},
|
||||
@default_options,
|
||||
@extra_options,
|
||||
)) {
|
||||
print STDERR $arg{usage};
|
||||
exit 1;
|
||||
}
|
||||
if ($arg{opthash}->{help}) {
|
||||
print $arg{usage};
|
||||
exit 0;
|
||||
}
|
||||
|
||||
if ($arg{opthash}->{version}) {
|
||||
print "slack version $VERSION\n";
|
||||
exit 0;
|
||||
}
|
||||
|
||||
# Get rid of the quiet handler
|
||||
delete $arg{opthash}->{quiet};
|
||||
|
||||
# If we've been given a hashref, save our options there at this
|
||||
# stage, so the caller can see what was passed on the command line.
|
||||
# Unfortunately, perl has no .replace function, so we iterate.
|
||||
if (ref $arg{command_line_hash} eq 'HASH') {
|
||||
while (my ($k, $v) = each %{$arg{opthash}}) {
|
||||
$arg{command_line_hash}->{$k} = $v;
|
||||
}
|
||||
}
|
||||
|
||||
# Use the default config file
|
||||
if (not defined $arg{opthash}->{config}) {
|
||||
$arg{opthash}->{config} = $DEFAULT_CONFIG_FILE;
|
||||
}
|
||||
|
||||
# We need to decide whether to be verbose about reading the config file
|
||||
# Currently we just do it if global verbosity > 2
|
||||
my $verbose_config = 0;
|
||||
if (defined $arg{opthash}->{verbose}
|
||||
and $arg{opthash}->{verbose} > 2) {
|
||||
$verbose_config = 1;
|
||||
}
|
||||
|
||||
# Read options from the config file, passing along the options we've
|
||||
# gotten so far
|
||||
read_config(
|
||||
file => $arg{opthash}->{config},
|
||||
opthash => $arg{opthash},
|
||||
verbose => $verbose_config,
|
||||
);
|
||||
|
||||
# The "verbose" option gets compared a lot and needs to be defined
|
||||
$arg{opthash}->{verbose} ||= 0;
|
||||
|
||||
# The "hostname" option is set specially if it's not defined
|
||||
if (not defined $arg{opthash}->{hostname}) {
|
||||
use Sys::Hostname;
|
||||
$arg{opthash}->{hostname} = hostname;
|
||||
}
|
||||
|
||||
# We can require some options to be set
|
||||
if (ref $arg{required_options} eq 'ARRAY') {
|
||||
for my $option (@{$arg{required_options}}) {
|
||||
if (not defined $arg{opthash}->{$option}) {
|
||||
croak "Required option '$option' not given on command line or specified in config file!\n";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return $arg{opthash};
|
||||
}
|
||||
|
||||
sub prompt ($) {
|
||||
my ($prompt) = @_;
|
||||
if (not defined $term) {
|
||||
require Term::ReadLine;
|
||||
$term = new Term::ReadLine 'slack'
|
||||
}
|
||||
|
||||
$term->readline($prompt);
|
||||
}
|
||||
|
||||
|
||||
# Calls the callback on absolute pathnames of files in the source directory,
|
||||
# and also on names of directories that don't exist in the destination
|
||||
# directory (i.e. where $source/foo exists but $destination/foo does not).
|
||||
sub find_files_to_install ($$$) {
|
||||
my ($source, $destination, $callback) = @_;
|
||||
return find ({
|
||||
wanted => sub {
|
||||
if (-l or not -d _) {
|
||||
# Copy all files, links, etc
|
||||
my $file = $File::Find::name;
|
||||
&$callback($file);
|
||||
} elsif (-d _) {
|
||||
# For directories, we only want to copy it if it doesn't
|
||||
# exist in the destination yet.
|
||||
my $dir = $File::Find::name;
|
||||
# We know the root directory will exist (we make it above),
|
||||
# so skip the base of the source
|
||||
(my $short_source = $source) =~ s#/$##;
|
||||
return if $dir eq $short_source;
|
||||
|
||||
# Strip the $source from the path,
|
||||
# so we can build the destination dir from it.
|
||||
my $subdir = $dir;
|
||||
($subdir =~ s#^$source##)
|
||||
or croak "sub failed: $source|$subdir";
|
||||
|
||||
if (not -d "$destination/$subdir") {
|
||||
&$callback($dir);
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
$source,
|
||||
);
|
||||
}
|
||||
|
||||
# Runs rsync with the necessary redirection to its filehandles
|
||||
sub wrap_rsync (@) {
|
||||
my @command = @_;
|
||||
my ($pid);
|
||||
|
||||
if ($pid = fork) {
|
||||
# Parent
|
||||
} elsif (defined $pid) {
|
||||
# Child
|
||||
open(STDIN, "<", "/dev/null")
|
||||
or die "Could not redirect STDIN from /dev/null\n";
|
||||
# This redirection is necessary because rsync sends
|
||||
# verbose output to STDOUT
|
||||
open(STDOUT, ">&STDERR")
|
||||
or die "Could not redirect STDOUT to STDERR\n";
|
||||
exec(@command);
|
||||
die "Could not exec '@command': $!\n";
|
||||
} else {
|
||||
die "Could not fork: $!\n";
|
||||
}
|
||||
|
||||
my $kid = waitpid($pid, 0);
|
||||
if ($kid != $pid) {
|
||||
die "waitpid returned $kid\n";
|
||||
} elsif ($?) {
|
||||
Slack::check_system_exit(@command);
|
||||
}
|
||||
}
|
||||
|
||||
# Runs rsync with the necessary redirection to its filehandles, but also
|
||||
# returns an FH to stdin and a PID.
|
||||
sub wrap_rsync_fh (@) {
|
||||
my @command = @_;
|
||||
my ($fh, $pid);
|
||||
|
||||
if ($pid = open($fh, "|-")) {
|
||||
# Parent
|
||||
} elsif (defined $pid) {
|
||||
# Child
|
||||
# This redirection is necessary because rsync sends
|
||||
# verbose output to STDOUT
|
||||
open(STDOUT, ">&STDERR")
|
||||
or die "Could not redirect STDOUT to STDERR\n";
|
||||
exec(@command);
|
||||
die "Could not exec '@command': $!\n";
|
||||
} else {
|
||||
die "Could not fork: $!\n";
|
||||
}
|
||||
return($fh, $pid);
|
||||
}
|
||||
|
||||
1;
|
329
slack-dist/dist/slack
vendored
329
slack-dist/dist/slack
vendored
@ -1,329 +0,0 @@
|
||||
#!/usr/bin/perl -w
|
||||
# $Id: slack 180 2008-01-19 08:26:19Z alan $
|
||||
# vim:sw=2
|
||||
# vim600:fdm=marker
|
||||
# Copyright (C) 2004-2008 Alan Sundell <alan@sundell.net>
|
||||
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
|
||||
# See the file COPYING for details.
|
||||
|
||||
# This script is in charge of copying files from the (possibly remote)
|
||||
# master directory to a local cache, using rsync
|
||||
|
||||
require 5.006;
|
||||
use warnings FATAL => qw(all);
|
||||
use strict;
|
||||
use sigtrap qw(die untrapped normal-signals
|
||||
stack-trace any error-signals);
|
||||
|
||||
use File::Path;
|
||||
use File::Find;
|
||||
use POSIX; # for strftime
|
||||
|
||||
use constant LIBEXEC_DIR => '/usr/lib/slack';
|
||||
use constant LIB_DIR => '/usr/lib/slack';
|
||||
use lib LIB_DIR;
|
||||
use Slack;
|
||||
|
||||
sub run_backend(@);
|
||||
sub run_conditional_backend($@);
|
||||
|
||||
(my $PROG = $0) =~ s#.*/##;
|
||||
|
||||
# Arguments to pass to each backends (initialized to a hash of empty arrays)
|
||||
my %backend_flags = ( map { $_ => [] }
|
||||
qw(getroles sync stage preview preinstall fixfiles installfiles postinstall)
|
||||
);
|
||||
|
||||
my @roles;
|
||||
|
||||
########################################
|
||||
# Environment
|
||||
# Helpful prefix to die messages
|
||||
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
|
||||
# Set a reasonable umask
|
||||
umask 077;
|
||||
# Get out of wherever (possibly NFS-mounted) we were
|
||||
chdir("/")
|
||||
or die "Could not chdir /: $!";
|
||||
# Autoflush on STDERR
|
||||
select((select(STDERR), $|=1)[0]);
|
||||
|
||||
########################################
|
||||
# Config and option parsing {{{
|
||||
my $usage = Slack::default_usage("$PROG [options] [<role>...]");
|
||||
$usage .= <<EOF;
|
||||
|
||||
--preview MODE
|
||||
Do a diff of scripts and files before running them.
|
||||
MODE can be one of 'simple' or 'prompt'.
|
||||
|
||||
--no-files
|
||||
Don't install any files in ROOT, but tell rsync to print what
|
||||
it would do.
|
||||
|
||||
--no-scripts
|
||||
Don't run scripts.
|
||||
|
||||
--no-sync
|
||||
Skip the slack-sync step. (useful if you're pushing stuff into
|
||||
the CACHE outside of slack)
|
||||
|
||||
--role-list
|
||||
Role list for slack-getroles
|
||||
|
||||
--libexec-dir DIR
|
||||
Look for backend scripts in this directory.
|
||||
|
||||
--diff PROG
|
||||
Use this diff program for previews
|
||||
|
||||
--sleep TIME
|
||||
Randomly sleep between 1 and TIME seconds before starting
|
||||
operations
|
||||
EOF
|
||||
|
||||
# Options
|
||||
my %opt = ();
|
||||
# So we can distinguish stuff on the command line from config file stuff
|
||||
my %command_line_opt = ();
|
||||
Slack::get_options(
|
||||
opthash => \%opt,
|
||||
command_line_options => [
|
||||
'preview=s',
|
||||
'role-list=s',
|
||||
'no-scripts|noscripts',
|
||||
'no-files|nofiles',
|
||||
'no-sync|nosync',
|
||||
'libexec-dir=s',
|
||||
'diff=s',
|
||||
'sleep=i',
|
||||
],
|
||||
required_options => [ qw(source cache stage root) ],
|
||||
command_line_hash => \%command_line_opt,
|
||||
usage => $usage,
|
||||
);
|
||||
|
||||
# Special options
|
||||
if ($opt{'dry-run'}) {
|
||||
$opt{'no-scripts'} = 1;
|
||||
$opt{'no-files'} = 1;
|
||||
}
|
||||
if ($opt{'no-scripts'}) {
|
||||
for my $action (qw(fixfiles preinstall postinstall)) {
|
||||
push @{$backend_flags{$action}},
|
||||
'--dry-run';
|
||||
}
|
||||
}
|
||||
if ($opt{'no-files'}) {
|
||||
push @{$backend_flags{installfiles}},
|
||||
'--dry-run';
|
||||
}
|
||||
# propagate verbosity - 1 to all backends
|
||||
if (defined $command_line_opt{'verbose'} and
|
||||
$command_line_opt{'verbose'} > 1) {
|
||||
for my $action (keys %backend_flags) {
|
||||
push @{$backend_flags{$action}},
|
||||
('--verbose') x ($command_line_opt{'verbose'} - 1);
|
||||
}
|
||||
}
|
||||
# propagate these flags to all the backends
|
||||
for my $option (qw(config root cache stage source hostname rsh)) {
|
||||
if ($command_line_opt{$option}) {
|
||||
for my $action (keys %backend_flags) {
|
||||
push @{$backend_flags{$action}},
|
||||
"--$option=$command_line_opt{$option}";
|
||||
}
|
||||
}
|
||||
}
|
||||
# getroles also can take 'role-list'
|
||||
if ($command_line_opt{'role-list'}) {
|
||||
push @{$backend_flags{'getroles'}},
|
||||
"--role-list=$command_line_opt{'role-list'}";
|
||||
}
|
||||
|
||||
# The libexec dir defaults to this if it wasn't specified
|
||||
# on the command line or in a config file.
|
||||
if (not defined $opt{'libexec-dir'}) {
|
||||
$opt{'libexec-dir'} = LIBEXEC_DIR;
|
||||
}
|
||||
|
||||
# Pass diff option along to slack-rolediff
|
||||
if ($opt{'diff'}) {
|
||||
push @{$backend_flags{preview}},
|
||||
"--diff=$opt{'diff'}";
|
||||
}
|
||||
|
||||
# Preview takes an optional argument. If no argument is given,
|
||||
# it gets "" from getopt.
|
||||
if (defined $opt{'preview'}) {
|
||||
if (not grep /^$opt{'preview'}$/, qw(simple prompt)) {
|
||||
die "Unknown preview mode '$opt{'preview'}'!";
|
||||
}
|
||||
}
|
||||
|
||||
# The backup option defaults to on if it wasn't specified
|
||||
# on the command line or in a config file
|
||||
if (not defined $opt{backup}) {
|
||||
$opt{backup} = 1;
|
||||
}
|
||||
# Figure out a place to put backups
|
||||
if ($opt{backup} and $opt{'backup-dir'}) {
|
||||
push @{$backend_flags{installfiles}},
|
||||
'--backup',
|
||||
'--backup-dir='.
|
||||
$opt{'backup-dir'}.
|
||||
"/".
|
||||
strftime('%F-%T', localtime(time))
|
||||
;
|
||||
}
|
||||
# }}}
|
||||
|
||||
# Random sleep, helpful when called from cron.
|
||||
if ($opt{sleep}) {
|
||||
my $secs = int(rand($opt{sleep})) + 1;
|
||||
$opt{verbose} and print STDERR "$PROG: sleep $secs\n";
|
||||
sleep($secs);
|
||||
}
|
||||
|
||||
# Get a list of roles to install from slack-getroles {{{
|
||||
if (not @ARGV) {
|
||||
my @command = ($opt{'libexec-dir'}.'/slack-getroles',
|
||||
@{$backend_flags{'getroles'}});
|
||||
$opt{verbose} and print STDERR "$PROG: getroles\n";
|
||||
($opt{verbose} > 2) and print STDERR "$PROG: Calling '@command' to get a list of roles for this host.\n";
|
||||
my ($roles_pid, $roles_fh);
|
||||
if ($roles_pid = open($roles_fh, "-|")) {
|
||||
# Parent
|
||||
} elsif (defined $roles_pid) {
|
||||
# Child
|
||||
exec(@command);
|
||||
die "Could not exec '@command': $!\n";
|
||||
} else {
|
||||
die "Could not fork to run '@command': $!\n";
|
||||
}
|
||||
@roles = split(/\s+/, join(" ", <$roles_fh>));
|
||||
unless (close($roles_fh)) {
|
||||
Slack::check_system_exit(@command);
|
||||
}
|
||||
} else {
|
||||
@roles = @ARGV;
|
||||
}
|
||||
# }}}
|
||||
|
||||
# Check role name syntax {{{
|
||||
for my $role (@roles) {
|
||||
# Roles MUST begin with a letter. All else is reserved.
|
||||
if ($role !~ m/^[a-zA-Z]/) {
|
||||
die "Role '$role' does not begin with a letter!";
|
||||
}
|
||||
}
|
||||
# }}}
|
||||
|
||||
$opt{verbose} and print STDERR "$PROG: installing roles: @roles\n";
|
||||
|
||||
unless ($opt{'no-sync'}) {
|
||||
# sync all the roles down at once
|
||||
$opt{verbose} and print STDERR "$PROG: sync @roles\n";
|
||||
run_backend('slack-sync',
|
||||
@{$backend_flags{sync}}, @roles);
|
||||
}
|
||||
|
||||
ROLE: for my $role (@roles) {
|
||||
# stage
|
||||
$opt{verbose} and print STDERR "$PROG: stage files $role\n";
|
||||
run_backend('slack-stage',
|
||||
@{$backend_flags{stage}}, '--subdir=files', $role);
|
||||
|
||||
if ($opt{preview}) {
|
||||
if ($opt{preview} eq 'simple') {
|
||||
$opt{verbose} and print STDERR "$PROG: preview $role\n";
|
||||
# Here, we run the backend in no-prompt mode.
|
||||
run_conditional_backend(0, 'slack-rolediff',
|
||||
@{$backend_flags{preview}}, $role);
|
||||
# ...and we skip further action in the ROLE after showing the diff.
|
||||
next ROLE;
|
||||
} elsif ($opt{preview} eq 'prompt') {
|
||||
$opt{verbose} and print STDERR "$PROG: preview scripts $role\n";
|
||||
# Here, we want to prompt and just do the scripts, since
|
||||
# we need to run preinstall and fixfiles before doing the files.
|
||||
run_conditional_backend(1, 'slack-rolediff',
|
||||
@{$backend_flags{preview}}, '--subdir=scripts', $role);
|
||||
} else {
|
||||
# Should get caught in option processing, above
|
||||
die "Unknown preview mode!\n";
|
||||
}
|
||||
}
|
||||
|
||||
$opt{verbose} and print STDERR "$PROG: stage scripts $role\n";
|
||||
run_backend('slack-stage',
|
||||
@{$backend_flags{stage}}, '--subdir=scripts', $role);
|
||||
|
||||
# preinstall
|
||||
$opt{verbose} and print STDERR "$PROG: preinstall $role\n";
|
||||
run_backend('slack-runscript',
|
||||
@{$backend_flags{preinstall}}, 'preinstall', $role);
|
||||
|
||||
# fixfiles
|
||||
$opt{verbose} and print STDERR "$PROG: fixfiles $role\n";
|
||||
run_backend('slack-runscript',
|
||||
@{$backend_flags{fixfiles}}, 'fixfiles', $role);
|
||||
|
||||
# preview files
|
||||
if ($opt{preview} and $opt{preview} eq 'prompt') {
|
||||
$opt{verbose} and print STDERR "$PROG: preview files $role\n";
|
||||
run_conditional_backend(1, 'slack-rolediff',
|
||||
@{$backend_flags{preview}}, '--subdir=files', $role);
|
||||
}
|
||||
|
||||
# installfiles
|
||||
$opt{verbose} and print STDERR "$PROG: install $role\n";
|
||||
run_backend('slack-installfiles',
|
||||
@{$backend_flags{installfiles}}, $role);
|
||||
|
||||
# postinstall
|
||||
$opt{verbose} and print STDERR "$PROG: postinstall $role\n";
|
||||
run_backend('slack-runscript',
|
||||
@{$backend_flags{postinstall}}, 'postinstall', $role);
|
||||
}
|
||||
exit 0;
|
||||
|
||||
sub run_backend (@) {
|
||||
my ($backend, @args) = @_;
|
||||
# If we weren't given an explicit path, prepend the libexec dir
|
||||
unless ($backend =~ m#^/#) {
|
||||
$backend = $opt{'libexec-dir'} . '/' . $backend;
|
||||
}
|
||||
|
||||
# Assemble our command line
|
||||
my (@command) = ($backend, @args);
|
||||
($opt{verbose} > 2) and print STDERR "$PROG: Calling '@command'\n";
|
||||
unless (system(@command) == 0) {
|
||||
Slack::check_system_exit(@command);
|
||||
}
|
||||
}
|
||||
|
||||
sub run_conditional_backend ($@) {
|
||||
my ($prompt, $backend, @args) = @_;
|
||||
# If we weren't given an explicit path, prepend the libexec dir
|
||||
unless ($backend =~ m#^/#) {
|
||||
$backend = $opt{'libexec-dir'} . '/' . $backend;
|
||||
}
|
||||
|
||||
# Assemble our command line
|
||||
my (@command) = ($backend, @args);
|
||||
($opt{verbose} > 2) and print STDERR "$PROG: Calling '@command'\n";
|
||||
unless (system(@command) == 0) {
|
||||
my $exit = Slack::get_system_exit(@command);
|
||||
|
||||
if ($exit == 1) {
|
||||
# exit 1 means a difference found or something normal that requires
|
||||
# a prompt before continuing.
|
||||
if ($prompt) {
|
||||
exit 1 unless Slack::prompt("Continue? [yN] ") eq 'y';
|
||||
}
|
||||
} else {
|
||||
# any other non-successful exit is a serious error.
|
||||
die "'@command' exited $exit";
|
||||
}
|
||||
}
|
||||
}
|
514
slack-dist/dist/slack-diff
vendored
514
slack-dist/dist/slack-diff
vendored
@ -1,514 +0,0 @@
|
||||
#!/usr/bin/perl -w
|
||||
# $Id: slack-diff 122 2006-09-27 07:34:32Z alan $
|
||||
# vim:sw=2
|
||||
# vim600:fdm=marker
|
||||
# Copyright (C) 2004-2006 Alan Sundell <alan@sundell.net>
|
||||
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
|
||||
# See the file COPYING for details.
|
||||
#
|
||||
# This script is a wrapper for diff that gives output about special files
|
||||
# and file modes. (diff can only compare regular files)
|
||||
|
||||
require 5.006;
|
||||
use warnings FATAL => qw(all);
|
||||
use strict;
|
||||
use sigtrap qw(die untrapped normal-signals
|
||||
stack-trace any error-signals);
|
||||
|
||||
use Errno;
|
||||
use File::stat;
|
||||
use File::Basename;
|
||||
use File::Find;
|
||||
use Getopt::Long;
|
||||
use POSIX qw(SIGPIPE strftime);
|
||||
use Fcntl qw(:mode); # provides things like S_IFMT that POSIX does not
|
||||
|
||||
|
||||
my $VERSION = '0.1';
|
||||
(my $PROG = $0) =~ s#.*/##;
|
||||
my @diff; # diff program to use
|
||||
my $exit = 0; # our exit code
|
||||
|
||||
sub compare ($$);
|
||||
sub recursive_compare ($$);
|
||||
sub filetype_to_string ($;$);
|
||||
sub compare_files ($$);
|
||||
sub diff ($$);
|
||||
|
||||
########################################
|
||||
# Environment
|
||||
# Helpful prefix to die messages
|
||||
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
|
||||
# Set a reasonable umask
|
||||
umask 077;
|
||||
# Autoflush on STDOUT
|
||||
$|=1;
|
||||
# Autoflush on STDERR
|
||||
select((select(STDERR), $|=1)[0]);
|
||||
|
||||
# Default options
|
||||
my %opt = (
|
||||
fakediff => 1,
|
||||
perms => 1,
|
||||
'new-file' => 1,
|
||||
diff => 'diff',
|
||||
);
|
||||
|
||||
# Config and option parsing
|
||||
my $usage = <<EOF;
|
||||
Usage: $PROG [options] <file1> <file2>
|
||||
$PROG -r <dir1> <dir2>
|
||||
|
||||
Options:
|
||||
-u, -U NUM, --unified=NUM
|
||||
Tell diff to use unified output format.
|
||||
--diff PROG
|
||||
Use this program for diffing, instead of "$opt{diff}"
|
||||
--fakediff
|
||||
Make a fake diff for file modes and other things that are not file
|
||||
contents. Default is on, can be disabled with --nofakediff.
|
||||
--perms
|
||||
Care about owner, group, and permissions when doing fakediff.
|
||||
Default is on, can be disabled with --noperms.
|
||||
-r, --recursive
|
||||
Recursively compare directories.
|
||||
-N, --new-file
|
||||
Treat missing files as empty. Default is on, can be disabled with
|
||||
--nonew-file.
|
||||
--unidirectional-new-file
|
||||
Treat only missing files in the first directory as empty.
|
||||
--from-file
|
||||
Treat arguments as a list of files from which to read filenames to
|
||||
compare, two lines at a time.
|
||||
-0, --null
|
||||
Use NULLs instead of newlines as the separator in --from-file mode
|
||||
--devnullhack
|
||||
You have a version of diff that can't deal with -N when not in
|
||||
recursive mode, so we need to feed it /dev/null instead of the
|
||||
missing file. Default is on, can be disabled with --nodevnullhack.
|
||||
--version
|
||||
Output version info
|
||||
--help
|
||||
Output this help text
|
||||
|
||||
Exit codes:
|
||||
0 Found no differences
|
||||
1 Found a difference
|
||||
2 Had a serious error
|
||||
3 Found a difference and had a serious error
|
||||
EOF
|
||||
|
||||
{
|
||||
Getopt::Long::Configure ("bundling");
|
||||
GetOptions(\%opt,
|
||||
'help|h|?',
|
||||
'version',
|
||||
'null|0',
|
||||
'devnullhack',
|
||||
'new-file|N',
|
||||
'u',
|
||||
'unified|U=i',
|
||||
'recursive|r',
|
||||
'from-file',
|
||||
'unidirectional-new-file',
|
||||
'fakediff!',
|
||||
'perms!',
|
||||
'diff=s',
|
||||
) or die $usage;
|
||||
if ($opt{help}) {
|
||||
print $usage;
|
||||
exit 0;
|
||||
}
|
||||
if ($opt{version}) {
|
||||
print "$PROG version $VERSION\n";
|
||||
exit 0;
|
||||
}
|
||||
}
|
||||
|
||||
if ($opt{diff}) {
|
||||
# We split on spaces here to be useful -- so that people can give
|
||||
# their diff options.
|
||||
@diff = split(/\s+/, $opt{diff});
|
||||
} else {
|
||||
die "$PROG: No diff program!\n";
|
||||
}
|
||||
|
||||
if ($opt{'u'}) {
|
||||
push @diff, '-u';
|
||||
} elsif ($opt{'unified'}) {
|
||||
$opt{'u'} = 1; # We use this value later
|
||||
push @diff, "--unified=$opt{'unified'}";
|
||||
}
|
||||
|
||||
if (not $opt{'devnullhack'}) {
|
||||
push @diff, '-N';
|
||||
}
|
||||
|
||||
# usually, sigpipe would be someone quitting their pager, so don't sweat it
|
||||
$SIG{PIPE} = sub { exit $exit };
|
||||
|
||||
if ($opt{'from-file'}) {
|
||||
local $/ = "\0" if $opt{'null'};
|
||||
while (my $old = <>) {
|
||||
my $new = <>;
|
||||
die "Uneven number of lines in --from-file mode!\n"
|
||||
if not defined $new;
|
||||
chomp($old);
|
||||
chomp($new);
|
||||
$exit |= compare($old, $new);
|
||||
}
|
||||
} else {
|
||||
die $usage unless $#ARGV == 1;
|
||||
$exit |= compare($ARGV[0], $ARGV[1]);
|
||||
}
|
||||
exit $exit;
|
||||
|
||||
##
|
||||
# Subroutines
|
||||
|
||||
sub compare ($$) {
|
||||
my ($old, $new) = @_;
|
||||
|
||||
if ($opt{recursive}) {
|
||||
return recursive_compare($old, $new);
|
||||
} else {
|
||||
return compare_files($old, $new);
|
||||
}
|
||||
}
|
||||
|
||||
# compare two directories. We do this by walking down the *new*
|
||||
# directory, and comparing everything that's there to the stuff in
|
||||
# the old directory
|
||||
sub recursive_compare ($$) {
|
||||
my ($olddir, $newdir) = @_;
|
||||
my ($retval, $basere, $wanted);
|
||||
my (%seen);
|
||||
|
||||
$retval = 0;
|
||||
|
||||
if (-d $newdir) {
|
||||
$basere = qr(^$newdir);
|
||||
$wanted = sub {
|
||||
my ($newfile) = $_;
|
||||
my $oldfile = $newfile;
|
||||
|
||||
$oldfile =~ s#$basere#$olddir#;
|
||||
$seen{$oldfile} = 1;
|
||||
$retval |= compare_files($oldfile, $newfile);
|
||||
};
|
||||
|
||||
eval { find({ wanted => $wanted , no_chdir => 1}, $newdir) };
|
||||
if ($@) {
|
||||
warn "$PROG: error during find: $@\n";
|
||||
$retval |= 2;
|
||||
}
|
||||
}
|
||||
return $retval
|
||||
if $opt{'unidirectional-new-file'};
|
||||
|
||||
# If we're not unidirectional, we want to go through the old directory
|
||||
# and diff any files we didn't see in the newdir.
|
||||
if (-d $olddir) {
|
||||
$basere = qr(^$olddir);
|
||||
$wanted = sub {
|
||||
my ($oldfile) = $_;
|
||||
my $newfile;
|
||||
|
||||
return if $seen{$oldfile};
|
||||
$newfile = $oldfile;
|
||||
|
||||
$newfile =~ s#$basere#$newdir#;
|
||||
$retval |= compare_files($oldfile, $newfile);
|
||||
};
|
||||
|
||||
eval { find({ wanted => $wanted , no_chdir => 1}, $olddir) };
|
||||
if ($@) {
|
||||
warn "$PROG: error during find: $@\n";
|
||||
$retval |= 2;
|
||||
}
|
||||
}
|
||||
return $retval;
|
||||
}
|
||||
|
||||
# filetype_to_string(mode)
|
||||
# filetype_to_string(mode, plural)
|
||||
#
|
||||
# Takes a mode returned from stat(), returns a noune describing the filetype,
|
||||
# e.g. "directory", "symlink".
|
||||
# If the "plural" argument is provided and true, returns the plural form of
|
||||
# the noun, e.g. "directories", "symlinks".
|
||||
sub filetype_to_string ($;$) {
|
||||
my ($mode, $plural) = @_;
|
||||
|
||||
if (S_ISREG($mode)) {
|
||||
return "regular file".($plural ? "s" : "");
|
||||
} elsif (S_ISDIR($mode)) {
|
||||
return "director".($plural ? "ies" : "y");
|
||||
} elsif (S_ISLNK($mode)) {
|
||||
return "symlink".($plural ? "s" : "");
|
||||
} elsif (S_ISBLK($mode)) {
|
||||
return "block device".($plural ? "s" : "");
|
||||
} elsif (S_ISCHR($mode)) {
|
||||
return "character device".($plural ? "s" : "");
|
||||
} elsif (S_ISFIFO($mode)) {
|
||||
return "fifo".($plural ? "s" : "");
|
||||
} elsif (S_ISSOCK($mode)) {
|
||||
return "socket".($plural ? "s" : "");
|
||||
} else {
|
||||
return "unknown filetype".($plural ? "s" : "");
|
||||
}
|
||||
}
|
||||
|
||||
# compare_files(oldfile, newfile)
|
||||
# This is the actual diffing routine. It's quite long because we need to
|
||||
# deal with all sorts of special cases. It will print to STDOUT a
|
||||
# description of the differences between the two files. For regular files,
|
||||
# diff(1) will be run to show the differences.
|
||||
#
|
||||
# return codes:
|
||||
# 1 found a difference
|
||||
# 2 had an error
|
||||
# 3 found a difference and had an error
|
||||
sub compare_files ($$) {
|
||||
my ($oldname, $newname) = @_;
|
||||
my ($old, $new); # stat buffers
|
||||
my $return = 0;
|
||||
|
||||
# Get rid of unsightly double slashes
|
||||
$oldname =~ s#//#/#g;
|
||||
$newname =~ s#//#/#g;
|
||||
|
||||
eval { $old = lstat($oldname); };
|
||||
if (not defined $old and not $!{ENOENT}) {
|
||||
warn "$PROG: Could not stat $oldname: $!\n";
|
||||
return 2;
|
||||
}
|
||||
eval { $new = lstat($newname); };
|
||||
if (not defined $new and not $!{ENOENT}) {
|
||||
warn "$PROG: Could not stat $newname: $!\n";
|
||||
return 2;
|
||||
}
|
||||
# At this point, $old or $new should only be undefined if the
|
||||
# file does not exist.
|
||||
|
||||
if (defined $old and defined $new) {
|
||||
if (S_IFMT($old->mode) != S_IFMT($new->mode)) {
|
||||
if ($opt{fakediff}) {
|
||||
fakediff('filetype',
|
||||
$oldname => filetype_to_string($old->mode),
|
||||
$newname => filetype_to_string($new->mode),
|
||||
);
|
||||
} else {
|
||||
print "File types differ between ".
|
||||
filetype_to_string($old->mode)." $oldname and ".
|
||||
filetype_to_string($new->mode)." $newname\n";
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
if ($old->nlink != $new->nlink) {
|
||||
# In recursive mode, we don't care about link counts in directories,
|
||||
# as we'll pick that up with what files do and don't exist.
|
||||
unless ($opt{recursive} and S_ISDIR($old->mode)) {
|
||||
if ($opt{fakediff}) {
|
||||
fakediff('nlink',
|
||||
$oldname => $old->nlink,
|
||||
$newname => $new->nlink,
|
||||
);
|
||||
} else {
|
||||
print "Link counts differ between ".
|
||||
filetype_to_string($old->mode, 1).
|
||||
" $oldname and $newname\n";
|
||||
}
|
||||
$return = 1;
|
||||
}
|
||||
}
|
||||
if ($old->uid != $new->uid and $opt{perms}) {
|
||||
if ($opt{fakediff}) {
|
||||
fakediff('uid',
|
||||
$oldname => $old->uid,
|
||||
$newname => $new->uid,
|
||||
);
|
||||
} else {
|
||||
print "Owner differs between ".
|
||||
filetype_to_string($old->mode, 1).
|
||||
" $oldname and $newname\n";
|
||||
}
|
||||
$return = 1;
|
||||
}
|
||||
if ($old->gid != $new->gid and $opt{perms}) {
|
||||
if ($opt{fakediff}) {
|
||||
fakediff('gid',
|
||||
$oldname => $old->gid,
|
||||
$newname => $new->gid,
|
||||
);
|
||||
} else {
|
||||
print "Group differs between ".
|
||||
filetype_to_string($old->mode, 1).
|
||||
" $oldname and $newname\n";
|
||||
}
|
||||
$return = 1;
|
||||
}
|
||||
if (S_IMODE($old->mode) != S_IMODE($new->mode) and $opt{perms}) {
|
||||
if ($opt{fakediff}) {
|
||||
fakediff('mode',
|
||||
$oldname => sprintf('%04o', S_IMODE($old->mode)),
|
||||
$newname => sprintf('%04o', S_IMODE($new->mode)),
|
||||
);
|
||||
} else {
|
||||
print "Modes differ between ".
|
||||
filetype_to_string($old->mode, 1).
|
||||
" $oldname and $newname\n";
|
||||
}
|
||||
$return = 1;
|
||||
}
|
||||
|
||||
# We don't want to compare anything more about sockets, fifos, or
|
||||
# directories, once we've checked the permissions and link counts
|
||||
if (S_ISSOCK($old->mode) or
|
||||
S_ISFIFO($old->mode) or
|
||||
S_ISDIR($old->mode)) {
|
||||
return $return;
|
||||
}
|
||||
|
||||
# Check device file devs, and that's it for them
|
||||
if (S_ISCHR($old->mode) or
|
||||
S_ISBLK($old->mode)) {
|
||||
if ($old->rdev != $new->rdev) {
|
||||
if ($opt{fakediff}) {
|
||||
fakediff('rdev',
|
||||
$oldname => $old->rdev,
|
||||
$newname => $new->rdev,
|
||||
);
|
||||
} else {
|
||||
print "Device numbers differ between ".
|
||||
filetype_to_string($old->mode, 1).
|
||||
" $oldname and $newname\n";
|
||||
}
|
||||
$return = 1;
|
||||
}
|
||||
return $return;
|
||||
}
|
||||
|
||||
# Compare the targets of symlinks
|
||||
if (S_ISLNK($old->mode)) {
|
||||
my $oldtarget = readlink $oldname
|
||||
or (warn("$PROG: Could not readlink($oldname): $!\n"),
|
||||
return $return | 2);
|
||||
my $newtarget = readlink $newname
|
||||
or (warn("$PROG: Could not readlink($newname): $!\n"),
|
||||
return $return | 2);
|
||||
if ($oldtarget ne $newtarget) {
|
||||
if ($opt{fakediff}) {
|
||||
fakediff('target',
|
||||
$oldname => $oldtarget,
|
||||
$newname => $newtarget,
|
||||
);
|
||||
} else {
|
||||
print "Symlink targets differ between $oldname and $newname\n";
|
||||
}
|
||||
$return = 1;
|
||||
}
|
||||
return $return;
|
||||
}
|
||||
|
||||
if (not S_ISREG($old->mode)) {
|
||||
warn "$PROG: Don't know what to do with file mode $old->mode!\n";
|
||||
return 2;
|
||||
}
|
||||
} elsif (not defined $old and not defined $new) {
|
||||
print "Neither $oldname nor $newname exists\n";
|
||||
return $return;
|
||||
} elsif (not defined $old) {
|
||||
if (not S_ISREG($new->mode) or not $opt{'new-file'}) {
|
||||
print "Only in ".dirname($newname).": ".
|
||||
filetype_to_string($new->mode)." ".basename($newname)."\n";
|
||||
return 1;
|
||||
} elsif ($opt{'devnullhack'}) {
|
||||
$oldname = '/dev/null';
|
||||
}
|
||||
} elsif (not defined $new) {
|
||||
if (not S_ISREG($old->mode) or not $opt{'new-file'}) {
|
||||
print "Only in ".dirname($oldname).": ".
|
||||
filetype_to_string($old->mode)." ".basename($oldname)."\n";
|
||||
return 1;
|
||||
} elsif ($opt{'devnullhack'}) {
|
||||
$newname = '/dev/null';
|
||||
}
|
||||
}
|
||||
# They are regular files! We can actually run diff!
|
||||
return diff($oldname, $newname) | $return;
|
||||
}
|
||||
|
||||
sub diff ($$) {
|
||||
my ($oldname, $newname) = @_;
|
||||
my @command = (@diff, $oldname, $newname);
|
||||
my $status;
|
||||
|
||||
# If we're not specifying unified diff, we need to print a header
|
||||
# to indicate what's being diffed. (I'm not sure if this actually would
|
||||
# work for patch, but it does tell our user what's going on).
|
||||
# FIXME: We only need to specify this if the files are different
|
||||
print "@command\n"
|
||||
if not $opt{u};
|
||||
|
||||
{
|
||||
# There is a bug in perl with use warnings FATAL => qw(all)
|
||||
# that will cause the child process from system() to stick
|
||||
# around if there is a warning generated.
|
||||
# Shut off warnings -- we'll catch the error below.
|
||||
no warnings;
|
||||
$status = system(@command);
|
||||
}
|
||||
return 0 if ($status == 0);
|
||||
if ($? == -1) {
|
||||
die "$PROG: failed to execute '@command': $!\n";
|
||||
}
|
||||
if ($? & 128) {
|
||||
die "$PROG: '@command' dumped core\n";
|
||||
}
|
||||
if (my $sig = $? & 127) {
|
||||
die "$PROG: '@command' caught sig $sig\n"
|
||||
unless ($sig == SIGPIPE);
|
||||
}
|
||||
if (my $exit = $? >> 8) {
|
||||
if ($exit == 1) {
|
||||
return 1;
|
||||
} else {
|
||||
die "$PROG: '@command' returned $exit\n";
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
sub fakediff ($$) {
|
||||
my ($type, $oldname, $oldvalue, $newname, $newvalue) = @_;
|
||||
|
||||
return unless $opt{fakediff};
|
||||
my $time = strftime('%F %T.000000000 %z', localtime(0));
|
||||
|
||||
# We add a suffix onto the filenames to show we're not actually looking
|
||||
# at file contents. There's no good way to indicate this that's compatible
|
||||
# with patch, and this is simple enough.
|
||||
$oldname .= '#~~' . $type;
|
||||
$newname .= '#~~' . $type;
|
||||
|
||||
if ($opt{u}) {
|
||||
# fake up a unified diff
|
||||
print <<EOF;
|
||||
--- $oldname\t$time
|
||||
+++ $newname\t$time
|
||||
@@ -1 +1 @@
|
||||
-$oldvalue
|
||||
+$newvalue
|
||||
EOF
|
||||
} else {
|
||||
print <<EOF;
|
||||
diff $oldname $newname
|
||||
1c1
|
||||
< $oldvalue
|
||||
---
|
||||
> $newvalue
|
||||
EOF
|
||||
}
|
||||
}
|
161
slack-dist/dist/slack-getroles
vendored
161
slack-dist/dist/slack-getroles
vendored
@ -1,161 +0,0 @@
|
||||
#!/usr/bin/perl -w
|
||||
# $Id: slack-getroles 180 2008-01-19 08:26:19Z alan $
|
||||
# vim:sw=2
|
||||
# vim600:fdm=marker
|
||||
# Copyright (C) 2004-2008 Alan Sundell <alan@sundell.net>
|
||||
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
|
||||
# See the file COPYING for details.
|
||||
|
||||
# This script is in charge of copying files from the (possibly remote)
|
||||
# master directory to a local cache, using rsync
|
||||
|
||||
require 5.006;
|
||||
use warnings FATAL => qw(all);
|
||||
use strict;
|
||||
use sigtrap qw(die untrapped normal-signals
|
||||
stack-trace any error-signals);
|
||||
|
||||
use File::Path;
|
||||
|
||||
use constant LIB_DIR => '/usr/lib/slack';
|
||||
use lib LIB_DIR;
|
||||
use Slack;
|
||||
|
||||
my @rsync = ('rsync',
|
||||
'--links',
|
||||
'--times',
|
||||
);
|
||||
|
||||
(my $PROG = $0) =~ s#.*/##;
|
||||
|
||||
sub sync_list ();
|
||||
|
||||
########################################
|
||||
# Environment
|
||||
# Helpful prefix to die messages
|
||||
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
|
||||
# Set a reasonable umask
|
||||
umask 077;
|
||||
# Get out of wherever (possibly NFS-mounted) we were
|
||||
chdir("/")
|
||||
or die "Could not chdir /: $!";
|
||||
# Autoflush on STDERR
|
||||
select((select(STDERR), $|=1)[0]);
|
||||
|
||||
########################################
|
||||
# Config and option parsing {{{
|
||||
my $usage = Slack::default_usage("$PROG [options]");
|
||||
$usage .= <<EOF;
|
||||
|
||||
--role-list
|
||||
Role list location (can be relative to SOURCE)
|
||||
|
||||
--remote-role-list
|
||||
Role list is remote and should be copied down with rsync
|
||||
(implied by certain forms of role list or SOURCE)
|
||||
EOF
|
||||
|
||||
# Option defaults
|
||||
my %opt = ();
|
||||
Slack::get_options(
|
||||
opthash => \%opt,
|
||||
command_line_options => [
|
||||
'role-list=s',
|
||||
'remote-role-list',
|
||||
],
|
||||
required_options => [ qw(role-list hostname) ],
|
||||
usage => $usage,
|
||||
);
|
||||
|
||||
# Prepare for backups
|
||||
if ($opt{backup} and $opt{'backup-dir'}) {
|
||||
# Make sure backup directory exists
|
||||
unless (-d $opt{'backup-dir'}) {
|
||||
($opt{verbose} > 0) and print STDERR "Creating backup directory '$opt{'backup-dir'}'\n";
|
||||
if (not $opt{'dry-run'}) {
|
||||
eval { mkpath($opt{'backup-dir'}); };
|
||||
die "Could not mkpath backup dir '$opt{'backup-dir'}': $@\n" if $@;
|
||||
}
|
||||
}
|
||||
push(@rsync, "--backup", "--backup-dir=$opt{'backup-dir'}");
|
||||
}
|
||||
# Pass options along to rsync
|
||||
if ($opt{'dry-run'}) {
|
||||
push @rsync, '--dry-run';
|
||||
}
|
||||
# Pass options along to rsync
|
||||
if ($opt{'verbose'} > 1) {
|
||||
push @rsync, '--verbose';
|
||||
}
|
||||
# }}}
|
||||
|
||||
# See if role-list is actually relative to source, and pre-pend source
|
||||
# if need be.
|
||||
unless ($opt{'role-list'} =~ m#^/# or
|
||||
$opt{'role-list'} =~ m#^\./# or
|
||||
$opt{'role-list'} =~ m#^[\w@\.-]+:#) {
|
||||
if (not defined $opt{source}) {
|
||||
die "Relative path to role-list given, but source not defined!\n\n$usage\n";
|
||||
}
|
||||
$opt{'role-list'} = $opt{source} . '/' . $opt{'role-list'};
|
||||
}
|
||||
|
||||
# auto-detect remote role list
|
||||
if ($opt{'role-list'} =~ m#^[\w@\.-]+:#) {
|
||||
$opt{'remote-role-list'} = 1;
|
||||
}
|
||||
|
||||
# Copy a remote list locally
|
||||
if ($opt{'remote-role-list'}) {
|
||||
# We need a cache directory if the role list is not local
|
||||
if (not defined $opt{cache}) {
|
||||
die "Remote path to role-list given, but cache not defined!\n\n$usage\n";
|
||||
}
|
||||
# Look at source type, and add options if necessary
|
||||
if ($opt{'rsh'} or $opt{'role-list'} =~ m/^[\w@\.-]+::/) {
|
||||
# This is tunnelled rsync, and so needs an extra option
|
||||
if ($opt{'rsh'}) {
|
||||
push @rsync, '-e', $opt{'rsh'};
|
||||
} else {
|
||||
push @rsync, '-e', 'ssh';
|
||||
}
|
||||
}
|
||||
sync_list();
|
||||
}
|
||||
|
||||
# Read in the roles list
|
||||
my @roles = ();
|
||||
my $host_found = 0;
|
||||
($opt{verbose} > 0) and print STDERR "$PROG: Reading '$opt{'role-list'}'\n";
|
||||
open(ROLES, "<", $opt{'role-list'})
|
||||
or die "Could not open '$opt{'role-list'}' for reading: $!\n";
|
||||
while(<ROLES>) {
|
||||
s/#.*//; # Strip comments
|
||||
chomp;
|
||||
if (s/^$opt{hostname}:\s*//) {
|
||||
$host_found++;
|
||||
push @roles, split();
|
||||
}
|
||||
}
|
||||
close(ROLES)
|
||||
or die "Could not close '$opt{'role-list'}': $!\n";
|
||||
if (not $host_found) {
|
||||
die "Host '$opt{hostname}' not found in '$opt{'role-list'}'!\n";
|
||||
}
|
||||
print join("\n", @roles), "\n";
|
||||
exit 0;
|
||||
|
||||
sub sync_list () {
|
||||
my $source = $opt{'role-list'};
|
||||
my $destination = $opt{cache} . "/_role_list";
|
||||
unless (-d $opt{cache}) {
|
||||
eval { mkpath($opt{cache}); };
|
||||
die "Could not mkpath '$opt{cache}': $@\n" if $@;
|
||||
}
|
||||
# All this to run an rsync command
|
||||
my @command = (@rsync, $source, $destination);
|
||||
($opt{verbose} > 0) and print STDERR "$PROG: Calling '@command'\n";
|
||||
Slack::wrap_rsync(@command);
|
||||
$opt{'role-list'} = $destination;
|
||||
}
|
||||
|
149
slack-dist/dist/slack-installfiles
vendored
149
slack-dist/dist/slack-installfiles
vendored
@ -1,149 +0,0 @@
|
||||
#!/usr/bin/perl -w
|
||||
# $Id: slack-installfiles 180 2008-01-19 08:26:19Z alan $
|
||||
# vim:sw=2
|
||||
# vim600:fdm=marker
|
||||
# Copyright (C) 2004-2008 Alan Sundell <alan@sundell.net>
|
||||
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
|
||||
# See the file COPYING for details.
|
||||
#
|
||||
# This script is in charge of copying files from the local stage to the root
|
||||
# of the local filesystem
|
||||
|
||||
require 5.006;
|
||||
use warnings FATAL => qw(all);
|
||||
use strict;
|
||||
use sigtrap qw(die untrapped normal-signals
|
||||
stack-trace any error-signals);
|
||||
|
||||
use File::Path;
|
||||
|
||||
use constant LIB_DIR => '/usr/lib/slack';
|
||||
use lib LIB_DIR;
|
||||
use Slack;
|
||||
|
||||
my @rsync = ('rsync',
|
||||
'--relative',
|
||||
'--times',
|
||||
'--perms',
|
||||
'--group',
|
||||
'--owner',
|
||||
'--links',
|
||||
'--devices',
|
||||
'--sparse',
|
||||
'--no-implied-dirs', # SO GOOD!
|
||||
'--files-from=-',
|
||||
'--from0',
|
||||
);
|
||||
|
||||
(my $PROG = $0) =~ s#.*/##;
|
||||
|
||||
sub install_files ($);
|
||||
|
||||
########################################
|
||||
# Environment
|
||||
# Helpful prefix to die messages
|
||||
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
|
||||
# Set a reasonable umask
|
||||
umask 077;
|
||||
# Get out of wherever (possibly NFS-mounted) we were
|
||||
chdir("/")
|
||||
or die "Could not chdir /: $!";
|
||||
# Autoflush on STDERR
|
||||
select((select(STDERR), $|=1)[0]);
|
||||
|
||||
########################################
|
||||
# Config and option parsing {{{
|
||||
my $usage = Slack::default_usage("$PROG [options] <role> [<role>...]");
|
||||
# Option defaults
|
||||
my %opt = ();
|
||||
Slack::get_options(
|
||||
opthash => \%opt,
|
||||
usage => $usage,
|
||||
required_options => [ qw(root stage) ],
|
||||
);
|
||||
# }}}
|
||||
|
||||
# Arguments are required
|
||||
die "No roles given!\n\n$usage" unless @ARGV;
|
||||
|
||||
unless (-d $opt{root}) {
|
||||
if (not $opt{'dry-run'}) {
|
||||
eval {
|
||||
mkpath($opt{root});
|
||||
# We have a tight umask, and a root of mode 0700 would be undesirable
|
||||
# in most cases.
|
||||
chmod(0755, $opt{root});
|
||||
};
|
||||
die "Could not mkpath destination directory '$opt{root}': $@\n" if $@;
|
||||
}
|
||||
warn "WARNING[$PROG]: Created destination directory '".$opt{root}."'\n";
|
||||
}
|
||||
|
||||
# Prepare for backups
|
||||
if ($opt{backup} and $opt{'backup-dir'}) {
|
||||
# Make sure backup directory exists
|
||||
unless (-d $opt{'backup-dir'}) {
|
||||
($opt{verbose} > 0) and print STDERR "$PROG: Creating backup directory '$opt{'backup-dir'}'\n";
|
||||
if (not $opt{'dry-run'}) {
|
||||
eval { mkpath($opt{'backup-dir'}); };
|
||||
die "Could not mkpath backup dir '$opt{'backup-dir'}': $@\n" if $@;
|
||||
}
|
||||
}
|
||||
push(@rsync, "--backup", "--backup-dir=$opt{'backup-dir'}");
|
||||
}
|
||||
# Pass options along to rsync
|
||||
if ($opt{'dry-run'}) {
|
||||
push @rsync, '--dry-run';
|
||||
}
|
||||
if ($opt{'verbose'} > 1) {
|
||||
push @rsync, '--verbose';
|
||||
}
|
||||
|
||||
# copy over the new files
|
||||
for my $role (@ARGV) {
|
||||
install_files($role);
|
||||
}
|
||||
exit 0;
|
||||
|
||||
# This subroutine takes care of actually installing the files for a role
|
||||
sub install_files ($) {
|
||||
my ($role) = @_;
|
||||
# final / is important for rsync
|
||||
my $source = $opt{stage} . "/roles/" . $role . "/files/";
|
||||
my $destination = $opt{root} . "/";
|
||||
my @command = (@rsync, $source, $destination);
|
||||
|
||||
if (not -d $source) {
|
||||
($opt{verbose} > 0) and
|
||||
print STDERR "$PROG: No files to install -- '$source' does not exist\n";
|
||||
return;
|
||||
}
|
||||
|
||||
# Try to give some sensible message here
|
||||
if ($opt{verbose} > 0) {
|
||||
if ($opt{'dry-run'}) {
|
||||
print STDERR "$PROG: Dry-run syncing '$source' to '$destination'\n";
|
||||
} else {
|
||||
print STDERR "$PROG: Syncing '$source' to '$destination'\n";
|
||||
}
|
||||
}
|
||||
|
||||
my ($fh) = Slack::wrap_rsync_fh(@command);
|
||||
|
||||
select((select($fh), $|=1)[0]); # Turn on autoflush
|
||||
|
||||
my $callback = sub {
|
||||
my ($file) = @_;
|
||||
($file =~ s#^$source##)
|
||||
or die "sub failed: $source|$file";
|
||||
print $fh "$file\0";
|
||||
};
|
||||
|
||||
# This will print files to be synced to the $fh
|
||||
Slack::find_files_to_install($source, $destination, $callback);
|
||||
|
||||
# Close fh, waitpid, and check return value
|
||||
unless (close($fh)) {
|
||||
Slack::check_system_exit(@command);
|
||||
}
|
||||
}
|
146
slack-dist/dist/slack-rolediff
vendored
146
slack-dist/dist/slack-rolediff
vendored
@ -1,146 +0,0 @@
|
||||
#!/usr/bin/perl -w
|
||||
# $Id: slack-rolediff 125 2006-09-27 07:50:07Z alan $
|
||||
# vim:sw=2
|
||||
# vim600:fdm=marker
|
||||
# Copyright (C) 2004-2006 Alan Sundell <alan@sundell.net>
|
||||
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
|
||||
# See the file COPYING for details.
|
||||
#
|
||||
# This script provides a preview of scripts or files about to be installed.
|
||||
# Basically, it calls diff -- its smarts are in knowing where things are.
|
||||
|
||||
require 5.006;
|
||||
use warnings FATAL => qw(all);
|
||||
use strict;
|
||||
use sigtrap qw(die untrapped normal-signals
|
||||
stack-trace any error-signals);
|
||||
|
||||
use File::Path;
|
||||
use File::Find;
|
||||
|
||||
use constant LIB_DIR => '/usr/lib/slack';
|
||||
use lib LIB_DIR;
|
||||
use Slack;
|
||||
|
||||
my @diff = ('slack-diff',
|
||||
'-uN',
|
||||
);
|
||||
|
||||
# directories to compare
|
||||
my %subdir = (
|
||||
files => 1,
|
||||
scripts => 1,
|
||||
);
|
||||
|
||||
(my $PROG = $0) =~ s#.*/##;
|
||||
|
||||
sub diff ($$;@);
|
||||
|
||||
########################################
|
||||
# Environment
|
||||
# Helpful prefix to die messages
|
||||
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
|
||||
# Set a reasonable umask
|
||||
umask 077;
|
||||
# Get out of wherever (possibly NFS-mounted) we were
|
||||
chdir("/")
|
||||
or die "Could not chdir /: $!";
|
||||
# Autoflush on STDERR
|
||||
select((select(STDERR), $|=1)[0]);
|
||||
|
||||
########################################
|
||||
# Config and option parsing {{{
|
||||
my $usage = Slack::default_usage("$PROG [options] <role> [<role>...]");
|
||||
$usage .= <<EOF;
|
||||
|
||||
--subdir DIR
|
||||
Check this subdir only. Possible values for DIR are 'files' and
|
||||
'scripts'.
|
||||
|
||||
--diff PROG
|
||||
Use this program to do diffs. [@diff]
|
||||
EOF
|
||||
# Option defaults
|
||||
my %opt = ();
|
||||
Slack::get_options(
|
||||
opthash => \%opt,
|
||||
command_line_options => [
|
||||
'subdir=s',
|
||||
'diff=s',
|
||||
],
|
||||
usage => $usage,
|
||||
required_options => [ qw(cache stage root) ],
|
||||
);
|
||||
|
||||
# Arguments are required
|
||||
die "No roles given!\n\n$usage" unless @ARGV;
|
||||
|
||||
# We only allow certain values for this option
|
||||
if ($opt{subdir}) {
|
||||
unless ($opt{subdir} eq 'files' or $opt{subdir} eq 'scripts') {
|
||||
die "--subdir option must be 'files' or 'scripts'\n\n$usage";
|
||||
}
|
||||
# Only do this subdir
|
||||
%subdir = ( $opt{subdir} => 1 );
|
||||
}
|
||||
|
||||
# Let people override our diff. Split on spaces so they can pass args.
|
||||
if ($opt{diff}) {
|
||||
@diff = split(/\s+/, $opt{diff});
|
||||
}
|
||||
|
||||
# }}}
|
||||
|
||||
my $exit = 0;
|
||||
# Do the diffs
|
||||
for my $full_role (@ARGV) {
|
||||
# Split the full role (e.g. google.foogle.woogle) into components
|
||||
my @role = split(/\./, $full_role);
|
||||
|
||||
if ($subdir{scripts}) {
|
||||
# Then we compare the cache vs the stage
|
||||
my $old = $opt{stage} . "/roles/" . $full_role . "/scripts";
|
||||
my $new = $opt{cache} . "/roles/" . $role[0] . "/scripts";
|
||||
# For scripts, we don't care so much about mode and owner (since those are
|
||||
# inherited in the CACHE from the SOURCE), so --noperms.
|
||||
$exit |= diff($old, $new, '--noperms');
|
||||
}
|
||||
|
||||
if ($subdir{files}) {
|
||||
# Then we compare the stage vs the root
|
||||
my $old = $opt{root};
|
||||
my $new = $opt{stage} . "/roles/" . $full_role . "/files";
|
||||
# For files, we don't care about files that exist in $old but not $new
|
||||
$exit |= diff($old, $new, '--unidirectional-new-file');
|
||||
}
|
||||
}
|
||||
exit $exit;
|
||||
|
||||
sub diff ($$;@) {
|
||||
my ($old, $new, @options) = @_;
|
||||
|
||||
my @command = (@diff, @options);
|
||||
|
||||
# return if there's nothing to do
|
||||
return 0 if (not -d $old and not -d $new);
|
||||
|
||||
($opt{verbose} > 0) and print STDERR "$PROG: Previewing with '@command'\n";
|
||||
|
||||
my $return = 0;
|
||||
my $callback = sub {
|
||||
my ($new_file) = @_;
|
||||
my $old_file = $new_file;
|
||||
($old_file =~ s#^$new#$old#)
|
||||
or die "sub failed: $new|$new_file";
|
||||
if (system(@command, $old_file, $new_file) != 0) {
|
||||
$return |= Slack::get_system_exit(@command);
|
||||
}
|
||||
};
|
||||
|
||||
# We have to use this function, rather than recursive mode for slack-diff,
|
||||
# because otherwise we'll print a bunch of bogus stuff about directories
|
||||
# that exist in $ROOT and therefore aren't being synced.
|
||||
Slack::find_files_to_install($new, $old, $callback);
|
||||
|
||||
return $return;
|
||||
}
|
111
slack-dist/dist/slack-runscript
vendored
111
slack-dist/dist/slack-runscript
vendored
@ -1,111 +0,0 @@
|
||||
#!/usr/bin/perl -w
|
||||
# $Id: slack-runscript 118 2006-09-25 18:35:17Z alan $
|
||||
# vim:sw=2
|
||||
# vim600:fdm=marker
|
||||
# Copyright (C) 2004-2006 Alan Sundell <alan@sundell.net>
|
||||
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
|
||||
# See the file COPYING for details.
|
||||
#
|
||||
# This script is in charge of running scripts out of the local stage
|
||||
|
||||
require 5.006;
|
||||
use warnings FATAL => qw(all);
|
||||
use strict;
|
||||
use sigtrap qw(die untrapped normal-signals
|
||||
stack-trace any error-signals);
|
||||
|
||||
use File::Path;
|
||||
use File::Find;
|
||||
|
||||
use constant LIB_DIR => '/usr/lib/slack';
|
||||
use lib LIB_DIR;
|
||||
use Slack;
|
||||
|
||||
# Export these options to the environment of the script
|
||||
my @export_options = qw(root stage hostname verbose);
|
||||
|
||||
(my $PROG = $0) =~ s#.*/##;
|
||||
|
||||
########################################
|
||||
# Environment
|
||||
# Helpful prefix to die messages
|
||||
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
|
||||
# Set a reasonable umask
|
||||
umask 077;
|
||||
# Autoflush on STDERR
|
||||
select((select(STDERR), $|=1)[0]);
|
||||
# Get out of wherever (possibly NFS-mounted) we were
|
||||
chdir('/')
|
||||
or die "Could not chdir '/': $!";
|
||||
|
||||
########################################
|
||||
# Config and option parsing {{{
|
||||
my $usage = Slack::default_usage("$PROG [options] <action> <role> [<role>...]");
|
||||
# Option defaults
|
||||
my %opt = ();
|
||||
Slack::get_options(
|
||||
opthash => \%opt,
|
||||
usage => $usage,
|
||||
required_options => \@export_options,
|
||||
);
|
||||
|
||||
my $action = shift || die "No script to run!\n\n$usage";
|
||||
# Arguments are required
|
||||
die "No roles given!\n\n$usage" unless @ARGV;
|
||||
|
||||
# }}}
|
||||
|
||||
# Start with a clean environment
|
||||
%ENV = (
|
||||
PATH => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
|
||||
);
|
||||
# Export certain variables to the environment. These are guaranteed to
|
||||
# be set because we require them in get_options above.
|
||||
for my $option (@export_options) {
|
||||
my $env_var = $option;
|
||||
$env_var =~ tr/a-z-/A-Z_/;
|
||||
$ENV{$env_var} = $opt{$option};
|
||||
}
|
||||
# We want to decrement the verbose value for the child if it's set.
|
||||
$ENV{VERBOSE}-- if $ENV{VERBOSE};
|
||||
|
||||
# Run the script for each role given, if it exists and is executable
|
||||
for my $role (@ARGV) {
|
||||
my $script_to_run = "$opt{stage}/roles/$role/scripts/$action";
|
||||
unless (-x $script_to_run) {
|
||||
if (-e _) {
|
||||
# A helpful warning
|
||||
warn "WARNING[$PROG]: Skipping '$script_to_run' because it's not executable\n";
|
||||
} elsif ($opt{verbose} > 0) {
|
||||
print STDERR "$PROG: Skipping '$script_to_run' because it doesn't exist\n";
|
||||
}
|
||||
next;
|
||||
}
|
||||
my $dir;
|
||||
if ($action eq 'fixfiles') {
|
||||
$dir = "$opt{stage}/roles/$role/files";
|
||||
} else {
|
||||
$dir = "$opt{stage}/roles/$role/scripts";
|
||||
}
|
||||
my @command = ($script_to_run , $role);
|
||||
|
||||
# It's OK to chdir even if we're not going to run the script.
|
||||
# Might as well see if it works.
|
||||
chdir($dir)
|
||||
or die "Could not chdir '$dir': $!\n";
|
||||
if ($opt{'dry-run'}) {
|
||||
($opt{verbose} > 0)
|
||||
and print STDERR "$PROG: Not calling '@command' in '$dir' ".
|
||||
"because --dry-run specified.\n";
|
||||
} else {
|
||||
($opt{verbose} > 0)
|
||||
and print STDERR "$PROG: Calling '@command' in '$dir'.\n";
|
||||
unless (system("script /root/slackLog -a -f -c @command") == 0) {
|
||||
Slack::check_system_exit(@command);
|
||||
}
|
||||
}
|
||||
chdir('/')
|
||||
or die "Could not chdir '/': $!\n"
|
||||
}
|
||||
exit 0;
|
||||
|
111
slack-dist/dist/slack-runscript.orig
vendored
111
slack-dist/dist/slack-runscript.orig
vendored
@ -1,111 +0,0 @@
|
||||
#!/usr/bin/perl -w
|
||||
# $Id: slack-runscript 118 2006-09-25 18:35:17Z alan $
|
||||
# vim:sw=2
|
||||
# vim600:fdm=marker
|
||||
# Copyright (C) 2004-2006 Alan Sundell <alan@sundell.net>
|
||||
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
|
||||
# See the file COPYING for details.
|
||||
#
|
||||
# This script is in charge of running scripts out of the local stage
|
||||
|
||||
require 5.006;
|
||||
use warnings FATAL => qw(all);
|
||||
use strict;
|
||||
use sigtrap qw(die untrapped normal-signals
|
||||
stack-trace any error-signals);
|
||||
|
||||
use File::Path;
|
||||
use File::Find;
|
||||
|
||||
use constant LIB_DIR => '/usr/lib/slack';
|
||||
use lib LIB_DIR;
|
||||
use Slack;
|
||||
|
||||
# Export these options to the environment of the script
|
||||
my @export_options = qw(root stage hostname verbose);
|
||||
|
||||
(my $PROG = $0) =~ s#.*/##;
|
||||
|
||||
########################################
|
||||
# Environment
|
||||
# Helpful prefix to die messages
|
||||
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
|
||||
# Set a reasonable umask
|
||||
umask 077;
|
||||
# Autoflush on STDERR
|
||||
select((select(STDERR), $|=1)[0]);
|
||||
# Get out of wherever (possibly NFS-mounted) we were
|
||||
chdir('/')
|
||||
or die "Could not chdir '/': $!";
|
||||
|
||||
########################################
|
||||
# Config and option parsing {{{
|
||||
my $usage = Slack::default_usage("$PROG [options] <action> <role> [<role>...]");
|
||||
# Option defaults
|
||||
my %opt = ();
|
||||
Slack::get_options(
|
||||
opthash => \%opt,
|
||||
usage => $usage,
|
||||
required_options => \@export_options,
|
||||
);
|
||||
|
||||
my $action = shift || die "No script to run!\n\n$usage";
|
||||
# Arguments are required
|
||||
die "No roles given!\n\n$usage" unless @ARGV;
|
||||
|
||||
# }}}
|
||||
|
||||
# Start with a clean environment
|
||||
%ENV = (
|
||||
PATH => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
|
||||
);
|
||||
# Export certain variables to the environment. These are guaranteed to
|
||||
# be set because we require them in get_options above.
|
||||
for my $option (@export_options) {
|
||||
my $env_var = $option;
|
||||
$env_var =~ tr/a-z-/A-Z_/;
|
||||
$ENV{$env_var} = $opt{$option};
|
||||
}
|
||||
# We want to decrement the verbose value for the child if it's set.
|
||||
$ENV{VERBOSE}-- if $ENV{VERBOSE};
|
||||
|
||||
# Run the script for each role given, if it exists and is executable
|
||||
for my $role (@ARGV) {
|
||||
my $script_to_run = "$opt{stage}/roles/$role/scripts/$action";
|
||||
unless (-x $script_to_run) {
|
||||
if (-e _) {
|
||||
# A helpful warning
|
||||
warn "WARNING[$PROG]: Skipping '$script_to_run' because it's not executable\n";
|
||||
} elsif ($opt{verbose} > 0) {
|
||||
print STDERR "$PROG: Skipping '$script_to_run' because it doesn't exist\n";
|
||||
}
|
||||
next;
|
||||
}
|
||||
my $dir;
|
||||
if ($action eq 'fixfiles') {
|
||||
$dir = "$opt{stage}/roles/$role/files";
|
||||
} else {
|
||||
$dir = "$opt{stage}/roles/$role/scripts";
|
||||
}
|
||||
my @command = ($script_to_run, $role);
|
||||
|
||||
# It's OK to chdir even if we're not going to run the script.
|
||||
# Might as well see if it works.
|
||||
chdir($dir)
|
||||
or die "Could not chdir '$dir': $!\n";
|
||||
if ($opt{'dry-run'}) {
|
||||
($opt{verbose} > 0)
|
||||
and print STDERR "$PROG: Not calling '@command' in '$dir' ".
|
||||
"because --dry-run specified.\n";
|
||||
} else {
|
||||
($opt{verbose} > 0)
|
||||
and print STDERR "$PROG: Calling '@command' in '$dir'.\n";
|
||||
unless (system(@command) == 0) {
|
||||
Slack::check_system_exit(@command);
|
||||
}
|
||||
}
|
||||
chdir('/')
|
||||
or die "Could not chdir '/': $!\n"
|
||||
}
|
||||
exit 0;
|
||||
|
278
slack-dist/dist/slack-stage
vendored
278
slack-dist/dist/slack-stage
vendored
@ -1,278 +0,0 @@
|
||||
#!/usr/bin/perl -w
|
||||
# $Id: slack-stage 180 2008-01-19 08:26:19Z alan $
|
||||
# vim:sw=2
|
||||
# vim600:fdm=marker
|
||||
# Copyright (C) 2004-2008 Alan Sundell <alan@sundell.net>
|
||||
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
|
||||
# See the file COPYING for details.
|
||||
#
|
||||
# This script is in charge of copying files from the local cache
|
||||
# directory to the local stage, building a unified single tree onstage
|
||||
# from the multiple trees that are the role + subroles in the cache
|
||||
|
||||
require 5.006;
|
||||
use warnings FATAL => qw(all);
|
||||
use strict;
|
||||
use sigtrap qw(die untrapped normal-signals
|
||||
stack-trace any error-signals);
|
||||
|
||||
use File::Path;
|
||||
use File::Find;
|
||||
|
||||
use constant LIB_DIR => '/usr/lib/slack';
|
||||
use lib LIB_DIR;
|
||||
use Slack;
|
||||
|
||||
my @rsync = ('rsync',
|
||||
'--recursive',
|
||||
'--times',
|
||||
'--ignore-times',
|
||||
'--perms',
|
||||
'--sparse',
|
||||
);
|
||||
|
||||
(my $PROG = $0) =~ s#.*/##;
|
||||
|
||||
sub check_stage ();
|
||||
sub sync_role ($$@);
|
||||
sub apply_default_perms_to_role ($$);
|
||||
|
||||
########################################
|
||||
# Environment
|
||||
# Helpful prefix to die messages
|
||||
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
|
||||
# Set a reasonable umask
|
||||
umask 077;
|
||||
# Get out of wherever (possibly NFS-mounted) we were
|
||||
chdir("/")
|
||||
or die "Could not chdir /: $!";
|
||||
# Autoflush on STDERR
|
||||
select((select(STDERR), $|=1)[0]);
|
||||
|
||||
########################################
|
||||
# Config and option parsing {{{
|
||||
my $usage = Slack::default_usage("$PROG [options] <role> [<role>...]");
|
||||
$usage .= <<EOF;
|
||||
|
||||
--subdir DIR
|
||||
Sync this subdir only. Possible values for DIR are 'files' and
|
||||
'scripts'.
|
||||
EOF
|
||||
# Option defaults
|
||||
my %opt = ();
|
||||
Slack::get_options(
|
||||
opthash => \%opt,
|
||||
command_line_options => [
|
||||
'subdir=s',
|
||||
],
|
||||
usage => $usage,
|
||||
required_options => [ qw(cache stage) ],
|
||||
);
|
||||
|
||||
# Arguments are required
|
||||
die "No roles given!\n\n$usage" unless @ARGV;
|
||||
|
||||
# We only allow certain values for this option
|
||||
if ($opt{subdir}) {
|
||||
unless ($opt{subdir} eq 'files' or $opt{subdir} eq 'scripts') {
|
||||
die "--subdir option must be 'files' or 'scripts'\n\n$usage";
|
||||
}
|
||||
} else {
|
||||
$opt{subdir} = '';
|
||||
}
|
||||
|
||||
# Prepare for backups
|
||||
if ($opt{backup} and $opt{'backup-dir'}) {
|
||||
# Make sure backup directory exists
|
||||
unless (-d $opt{'backup-dir'}) {
|
||||
($opt{verbose} > 0) and print STDERR "Creating backup directory '$opt{'backup-dir'}'\n";
|
||||
if (not $opt{'dry-run'}) {
|
||||
eval { mkpath($opt{'backup-dir'}); };
|
||||
die "Could not mkpath backup dir '$opt{'backup-dir'}': $@\n" if $@;
|
||||
}
|
||||
}
|
||||
push(@rsync, "--backup", "--backup-dir=$opt{'backup-dir'}");
|
||||
}
|
||||
|
||||
# Pass options along to rsync
|
||||
if ($opt{'dry-run'}) {
|
||||
push @rsync, '--dry-run';
|
||||
}
|
||||
# Pass options along to rsync
|
||||
if ($opt{'verbose'} > 1) {
|
||||
push @rsync, '--verbose';
|
||||
}
|
||||
# }}}
|
||||
|
||||
# copy over the new files
|
||||
for my $full_role (@ARGV) {
|
||||
# Split the full role (e.g. google.foogle.woogle) into components
|
||||
my @role_parts = split(/\./, $full_role);
|
||||
die "Internal error: Expect at least one role part" if not @role_parts;
|
||||
# Reassemble parts one at a time onto @role and sync as we go,
|
||||
# so we do "google", then "google.foogle", then "google.foogle.woogle"
|
||||
my @role = ();
|
||||
# Make sure we've got the right perms before we copy stuff down
|
||||
check_stage();
|
||||
|
||||
# For the base role, do both files and scripts.
|
||||
push @role, shift @role_parts;
|
||||
for my $subdir(qw(files scripts)) {
|
||||
if (not $opt{subdir} or $opt{subdir} eq $subdir) {
|
||||
($opt{verbose} > 1)
|
||||
and print STDERR "$PROG: Calling sync_role for $full_role, @role\n";
|
||||
# @role here will have one element, so sync_role will use --delete
|
||||
sync_role($full_role, $subdir, @role)
|
||||
}
|
||||
}
|
||||
|
||||
# For all subroles, just do the files.
|
||||
# (If we wanted script subroles to work like files, we'd get rid of this
|
||||
# distinction and simplify the code.)
|
||||
if (not $opt{subdir} or $opt{subdir} eq 'files') {
|
||||
while (@role_parts) {
|
||||
push @role, shift @role_parts;
|
||||
($opt{verbose} > 1)
|
||||
and print STDERR "$PROG: Calling sync_role for $full_role, @role\n";
|
||||
sync_role($full_role, 'files', @role);
|
||||
}
|
||||
}
|
||||
|
||||
for my $subdir (qw(files scripts)) {
|
||||
apply_default_perms_to_role($full_role, $subdir)
|
||||
if (not $opt{subdir} or $opt{subdir} eq $subdir);
|
||||
}
|
||||
}
|
||||
exit 0;
|
||||
|
||||
# Make sure the stage directory exists and is mode 0700, to protect files
|
||||
# underneath in transit
|
||||
sub check_stage () {
|
||||
my $stage = $opt{stage} . "/roles";
|
||||
if (not $opt{'dry-run'}) {
|
||||
if (not -d $stage) {
|
||||
($opt{verbose} > 0) and print STDERR "$PROG: Creating '$stage'\n";
|
||||
eval { mkpath($stage); };
|
||||
die "Could not mkpath cache dir '$stage': $@\n" if $@;
|
||||
}
|
||||
($opt{verbose} > 0) and print STDERR "$PROG: Checking perms on '$stage'\n";
|
||||
if ($> != 0) {
|
||||
warn "WARNING[$PROG]: Not superuser; unable to chown files\n";
|
||||
} else {
|
||||
chown(0, 0, $stage)
|
||||
or die "Could not chown 0:0 '$stage': $!\n";
|
||||
}
|
||||
chmod(0700, $stage)
|
||||
or die "Could not chmod 0700 '$stage': $!\n";
|
||||
}
|
||||
}
|
||||
|
||||
# Copy the files for a role from CACHE to STAGE
|
||||
sub sync_role ($$@) {
|
||||
my ($full_role, $subdir, @role) = @_;
|
||||
my @this_rsync = @rsync;
|
||||
|
||||
# If we were only given one role part, we're in the base role
|
||||
my $in_base_role = (scalar @role == 1);
|
||||
|
||||
# For the base role, delete any files that don't exist in the cache.
|
||||
# Not for the subrole (otherwise we'll delete all files not in
|
||||
# the subrole, which may be most of them!)
|
||||
if ($in_base_role) {
|
||||
push @this_rsync, "--delete";
|
||||
}
|
||||
|
||||
# (a) => a/files
|
||||
# (a,b,c) => a/files.b.c
|
||||
my $src_path = $role[0].'/'.join(".", $subdir, @role[1 .. $#role]);
|
||||
# This one's a little simpler:
|
||||
my $dst_path = $full_role.'/'.$subdir;
|
||||
|
||||
# final / is important for rsync
|
||||
my $source = $opt{cache} . "/roles/" . $src_path . "/";
|
||||
my $destination = $opt{stage} . "/roles/" . $dst_path . "/";
|
||||
if (not -d $destination and -d $source) {
|
||||
($opt{verbose} > 0) and print STDERR "$PROG: Creating '$destination'\n";
|
||||
if (not $opt{'dry-run'}) {
|
||||
eval { mkpath($destination); };
|
||||
die "Could not mkpath stage dir '$destination': $@\n" if $@;
|
||||
}
|
||||
}
|
||||
|
||||
# We no longer require the source to exist
|
||||
if (not -d $source) {
|
||||
# but we need to remove the destination if the source
|
||||
# doesn't exist and we're in the base role
|
||||
if ($in_base_role) {
|
||||
rmtree($destination);
|
||||
# rmtree() doesn't throw exceptions or give a return value useful
|
||||
# for detecting failure, so we just check after the fact.
|
||||
die "Could not rmtree '$destination' when '$source' missing\n"
|
||||
if -e $destination;
|
||||
}
|
||||
# if we continue, rsync will fail because source is missing,
|
||||
# so we don't.
|
||||
return;
|
||||
}
|
||||
|
||||
# All this to run an rsync command
|
||||
my @command = (@this_rsync, $source, $destination);
|
||||
($opt{verbose} > 0) and print STDERR "$PROG: Syncing $src_path with '@command'\n";
|
||||
Slack::wrap_rsync(@command);
|
||||
}
|
||||
|
||||
# This just takes the base role, and chowns/chmods everything under it to
|
||||
# give it some sensible permissions. Basically, the only thing we preserve
|
||||
# about the original permissions is the executable bit, since that's the
|
||||
# only thing source code controls systems like CVS, RCS, Perforce seem to
|
||||
# preserve.
|
||||
sub apply_default_perms_to_role ($$) {
|
||||
my ($role, $subdir) = @_;
|
||||
my $destination = $opt{stage} . "/roles/" . $role;
|
||||
|
||||
if ($subdir) {
|
||||
$destination .= '/' . $subdir;
|
||||
}
|
||||
|
||||
# If the destination doesn't exist, it's probably because the source didn't
|
||||
return if not -d $destination;
|
||||
|
||||
($opt{verbose} > 0) and print STDERR "$PROG: Setting default perms on $destination\n";
|
||||
if ($> != 0) {
|
||||
warn "WARNING[$PROG]: Not superuser; won't be able to chown files\n";
|
||||
}
|
||||
# Use File::Find to recurse the directory
|
||||
find({
|
||||
# The "wanted" subroutine is called for every directory entry
|
||||
wanted => sub {
|
||||
return if $opt{'dry-run'};
|
||||
($opt{verbose} > 2) and print STDERR "$File::Find::name\n";
|
||||
if (-l) {
|
||||
# symlinks shouldn't be in here,
|
||||
# since we dereference when copying
|
||||
warn "WARNING[$PROG]: Skipping symlink at $File::Find::name: $!\n";
|
||||
return;
|
||||
} elsif (-f _) { # results of last stat saved in the "_"
|
||||
if (-x _) {
|
||||
chmod 0555, $_
|
||||
or die "Could not chmod 0555 $File::Find::name: $!";
|
||||
} else {
|
||||
chmod 0444, $_
|
||||
or die "Could not chmod 0444 $File::Find::name: $!";
|
||||
}
|
||||
} elsif (-d _) {
|
||||
chmod 0755, $_
|
||||
or die "Could not chmod 0755 $File::Find::name: $!";
|
||||
} else {
|
||||
warn "WARNING[$PROG]: Unknown file type at $File::Find::name: $!\n";
|
||||
}
|
||||
return if $> != 0; # skip chowning if not superuser
|
||||
chown 0, 0, $_
|
||||
or die "Could not chown 0:0 $File::Find::name: $!";
|
||||
},
|
||||
# end of wanted function
|
||||
},
|
||||
# way down here, we have the directory to traverse with File::Find
|
||||
$destination,
|
||||
);
|
||||
}
|
169
slack-dist/dist/slack-sync
vendored
169
slack-dist/dist/slack-sync
vendored
@ -1,169 +0,0 @@
|
||||
#!/usr/bin/perl -w
|
||||
# $Id: slack-sync 180 2008-01-19 08:26:19Z alan $
|
||||
# vim:sw=2
|
||||
# vim600:fdm=marker
|
||||
# Copyright (C) 2004-2008 Alan Sundell <alan@sundell.net>
|
||||
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
|
||||
# See the file COPYING for details.
|
||||
#
|
||||
# This script is in charge of copying files from the (possibly remote)
|
||||
# master directory to a local cache, using rsync
|
||||
|
||||
require 5.006;
|
||||
use warnings FATAL => qw(all);
|
||||
use strict;
|
||||
use sigtrap qw(die untrapped normal-signals
|
||||
stack-trace any error-signals);
|
||||
|
||||
use File::Path;
|
||||
|
||||
use constant LIB_DIR => '/usr/lib/slack';
|
||||
use lib LIB_DIR;
|
||||
use Slack;
|
||||
|
||||
my @rsync = ('rsync',
|
||||
'--cvs-exclude',
|
||||
'--recursive',
|
||||
'--links',
|
||||
'--copy-links',
|
||||
'--times',
|
||||
'--perms',
|
||||
'--sparse',
|
||||
'--delete',
|
||||
'--files-from=-',
|
||||
'--from0',
|
||||
);
|
||||
|
||||
(my $PROG = $0) =~ s#.*/##;
|
||||
|
||||
sub check_cache ($);
|
||||
sub rsync_source ($$@);
|
||||
|
||||
########################################
|
||||
# Environment
|
||||
# Helpful prefix to die messages
|
||||
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
|
||||
# Set a reasonable umask
|
||||
umask 077;
|
||||
# Get out of wherever (possibly NFS-mounted) we were
|
||||
chdir("/")
|
||||
or die "Could not chdir /: $!";
|
||||
# Autoflush on STDERR
|
||||
select((select(STDERR), $|=1)[0]);
|
||||
|
||||
########################################
|
||||
# Config and option parsing {{{
|
||||
my $usage = Slack::default_usage("$PROG [options] <role> [<role>...]");
|
||||
# Option defaults
|
||||
my %opt = ();
|
||||
Slack::get_options(
|
||||
opthash => \%opt,
|
||||
usage => $usage,
|
||||
required_options => [ qw(source cache) ],
|
||||
);
|
||||
|
||||
# Arguments are required
|
||||
die "No roles given!\n\n$usage" unless @ARGV;
|
||||
|
||||
# Prepare for backups
|
||||
if ($opt{backup} and $opt{'backup-dir'}) {
|
||||
# Make sure backup directory exists
|
||||
unless (-d $opt{'backup-dir'}) {
|
||||
($opt{verbose} > 0) and print STDERR "Creating backup directory '$opt{'backup-dir'}'\n";
|
||||
if (not $opt{'dry-run'}) {
|
||||
eval { mkpath($opt{'backup-dir'}); };
|
||||
die "Could not mkpath backup dir '$opt{'backup-dir'}': $@\n" if $@;
|
||||
}
|
||||
}
|
||||
push(@rsync, "--backup", "--backup-dir=$opt{'backup-dir'}");
|
||||
}
|
||||
# Look at source type, and add options if necessary
|
||||
if ($opt{'rsh'} or $opt{source} =~ m/^[\w@\.-]+::/) {
|
||||
# This is tunnelled rsync, and so needs an extra option
|
||||
if ($opt{'rsh'}) {
|
||||
push @rsync, '-e', $opt{'rsh'};
|
||||
} else {
|
||||
push @rsync, '-e', 'ssh';
|
||||
}
|
||||
}
|
||||
|
||||
# Pass options along to rsync
|
||||
if ($opt{'dry-run'}) {
|
||||
push @rsync, '--dry-run';
|
||||
}
|
||||
# Pass options along to rsync
|
||||
if ($opt{'verbose'} > 1) {
|
||||
push @rsync, '--verbose';
|
||||
}
|
||||
# }}}
|
||||
|
||||
my @roles = ();
|
||||
|
||||
{
|
||||
# This hash is just to avoid calling rsync twice if two subroles are
|
||||
# installed. We only care since it's remote, and therefore slow.
|
||||
my %roles_to_sync = ();
|
||||
|
||||
# copy over the new files
|
||||
for my $full_role (@ARGV) {
|
||||
# Get the first element of the role name (the base role)
|
||||
# e.g., from "google.foogle.woogle", get "google"
|
||||
my $base_role = (split /\./, $full_role, 2)[0];
|
||||
|
||||
$roles_to_sync{$base_role} = 1;
|
||||
}
|
||||
@roles = keys %roles_to_sync;
|
||||
}
|
||||
|
||||
my $cache = $opt{cache} . "/roles/";
|
||||
# Make sure we've got the right perms before we copy stuff down
|
||||
check_cache($cache);
|
||||
|
||||
rsync_source(
|
||||
$opt{source} . '/roles/',
|
||||
$cache,
|
||||
@roles,
|
||||
);
|
||||
|
||||
exit 0;
|
||||
|
||||
# Make sure the cache directory exists and is mode 0700, to protect files
|
||||
# underneath in transit
|
||||
sub check_cache ($) {
|
||||
my ($cache) = @_;
|
||||
if (not $opt{'dry-run'}) {
|
||||
if (not -d $cache) {
|
||||
($opt{verbose} > 0) and print STDERR "$PROG: Creating '$cache'\n";
|
||||
eval { mkpath($cache); };
|
||||
die "Could not mkpath cache dir '$cache': $@\n" if $@;
|
||||
}
|
||||
($opt{verbose} > 0) and print STDERR "$PROG: Checking perms on '$cache'\n";
|
||||
if ($> != 0) {
|
||||
warn "WARNING[$PROG]: Not superuser; unable to chown files\n";
|
||||
} else {
|
||||
chown(0, 0, $cache)
|
||||
or die "Could not chown 0:0 '$cache': $!\n";
|
||||
}
|
||||
chmod(0700, $cache)
|
||||
or die "Could not chmod 0700 '$cache': $!\n";
|
||||
}
|
||||
}
|
||||
|
||||
# Pull down roles from an rsync source
|
||||
sub rsync_source($$@) {
|
||||
my ($source, $destination, @roles) = @_;
|
||||
my @command = (@rsync, $source, $destination);
|
||||
|
||||
($opt{verbose} > 0)
|
||||
and print STDERR "$PROG: Syncing cache with '@command'\n";
|
||||
|
||||
my ($fh) = Slack::wrap_rsync_fh(@command);
|
||||
|
||||
# Shove the roles down its throat
|
||||
print $fh join("\0", @roles), "\0";
|
||||
|
||||
# Close fh, waitpid, and check return value
|
||||
unless (close($fh)) {
|
||||
Slack::check_system_exit(@command);
|
||||
}
|
||||
}
|
0
slack-dist/dist/slack.conf
vendored
0
slack-dist/dist/slack.conf
vendored
6
slack-dist/env/prod/SlackConfig-prod.config
vendored
6
slack-dist/env/prod/SlackConfig-prod.config
vendored
@ -1,6 +0,0 @@
|
||||
ROLE_LIST=techops.turnsys.net:/var/www/html/tsys-techops/slack/prod/etc/roles.conf
|
||||
SOURCE=techops.turnsys.net:/var/www/html/tsys-techops
|
||||
CACHE=/var/cache/slack
|
||||
STAGE=/var/lib/slack/stage
|
||||
ROOT=/
|
||||
BACKUP_DIR=/var/lib/slack/backups
|
4
slack-dist/env/prod/SlackSSH-prod.config
vendored
4
slack-dist/env/prod/SlackSSH-prod.config
vendored
@ -1,4 +0,0 @@
|
||||
Host techops.turnsys.net
|
||||
User tsys-techops
|
||||
IdentityFile /root/.ssh/SlackSSH-prod.key
|
||||
StrictHostKeyChecking no
|
27
slack-dist/env/prod/SlackSSH-prod.key
vendored
27
slack-dist/env/prod/SlackSSH-prod.key
vendored
@ -1,27 +0,0 @@
|
||||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIIEpAIBAAKCAQEAs7Ndaskoh0HVk4NSc8eR3PNBilv9DuWw8tjquo/7VEappkg3
|
||||
F8IlvxitVIxGoZEf2bkEigcYgB+l/6j5ubIKZ8R2vUzY3sSZpl5KGl/2yl+TtO/9
|
||||
F7ZyhYbR348gEDZMFCKUXdFsdCArf6u6nmbWaYGrunRRl/fPwNbmO7c0WF/UEqvB
|
||||
cmJGY7772SJuuQUl/rhy9y4PJr8dmj7K04XU7tLJKqz83PLCiXis+g255vBJPjqA
|
||||
MJG9hRo/8kQmNTbDR4dEwBRjce2Lo6iBaw4NHQ4mjYhZDprH6kZdfvDd6fs6+hJR
|
||||
NIsUX3Q9g8wAReBqdtFED32QenoBKvshoZD78wIDAQABAoIBAGcw/toNfcp+EalN
|
||||
5hE6bxaUUfSj8mOVntE1o0VS3R5+HXmxSoHIKWjdQNumWgD5l3Ktfl/Mx1L72ZVA
|
||||
cXcjODpyZUU7VeZGu3z/9EnFBbEcxXNHxOzTBlyLGQXp6J2msHV3jf95/W+J8bC0
|
||||
6st/fmzD29uMZDaCRbkVLszn3ZVJKzO4EMNg5nfzf0ET9I77/fIgJE7whnCS9lE3
|
||||
0ELH4G/gCD/Rbjp9c6J+E55RvUNMoGECKy5NOKbFYNSEYQiIHpqceYzn82xHtErQ
|
||||
rOz1MtikJHw6ACObsmsifobeGhHcuGqO99iHMmTIpBfLms0Dozr5oz1CODMwSkOP
|
||||
j59RL7ECgYEA505s5NkBc7/aqQTLYdkdhcwi8ttbbPFYSMEuSvKV3GcuOA9S2pVZ
|
||||
RdOE+u2ieEoJuvxbo02xhPSPz4w1VeqBjEoW1jFv1yaRDQG5h8f4Ya8aRCoBg/4c
|
||||
V98cnUbtRym1YrXRSZ8TQVPpFA31A3SAgJSEojQRV09AMpjAHEJvBFcCgYEAxuKP
|
||||
1W7oFPwQdnFUjKvEi+YHli6Jhq3ERrRfI2q9GDCRxyHX/agEtIELjrNk4OdKvjdn
|
||||
oTnxfhI4g59yrOLa7tbV06T8L/ifk1zUG4rhiaZrTIRFGvtTeUoGN7ag/TVc/4Vp
|
||||
RQa05z+MIrIf1jeSAShRIksNmy5n7j53rScTY8UCgYEApHS6L6uqwKVzziA+in9X
|
||||
4j1Vy93yju65mmDfjSIVMvOZhPpAKnFtW5wcPFyg222opW2vqdgfkyxe424IreFh
|
||||
4mD7A6d6oTomf1zukH+5NZrNzhEfqr0NYdyb96bqJWKeOGSVPQcBJb2HRl72CVLX
|
||||
2pO+CaWDftQ2DMNWM8F4NVkCgYBZhUNOw7QNNgRG++4dv3chrXG+xMW8bFzLooas
|
||||
T3A8Aiir5GzvTQCJKwjDu7Xtkc5P3mpz5LvxjkwH2u5oKVh4ZxUqRboJ8bQKRZ9n
|
||||
olSwe8sSTvs4EOZa0toHm9nM/4cTsL5YhpNI/46ZU2oHJ0493SLf975xGitHzrBZ
|
||||
rRwKLQKBgQCIKEi7Vjl7noNc6O2lIJG6GLAmpLsemcweP90wcpotV/qafsChZMt2
|
||||
LSai+iSdguFFu/J0KpfTkxuEeH5aT0D28zRUy3kP7WlP3wOTcDM/6iYsjLNIqeHf
|
||||
X5AL3SFCbMemCZsvBVtPwfli7rsJNft/98VDlhkOaCyMa+sRjEEhlg==
|
||||
-----END RSA PRIVATE KEY-----
|
1
slack-dist/env/prod/SlackSSH-prod.key.pub
vendored
1
slack-dist/env/prod/SlackSSH-prod.key.pub
vendored
@ -1 +0,0 @@
|
||||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzs11qySiHQdWTg1Jzx5Hc80GKW/0O5bDy2Oq6j/tURqmmSDcXwiW/GK1UjEahkR/ZuQSKBxiAH6X/qPm5sgpnxHa9TNjexJmmXkoaX/bKX5O07/0XtnKFhtHfjyAQNkwUIpRd0Wx0ICt/q7qeZtZpgau6dFGX98/A1uY7tzRYX9QSq8FyYkZjvvvZIm65BSX+uHL3Lg8mvx2aPsrThdTu0skqrPzc8sKJeKz6Dbnm8Ek+OoAwkb2FGj/yRCY1NsNHh0TAFGNx7YujqIFrDg0dDiaNiFkOmsfqRl1+8N3p+zr6ElE0ixRfdD2DzABF4Gp20UQPfZB6egEq+yGhkPvz charles@ultix
|
Binary file not shown.
File diff suppressed because it is too large
Load Diff
@ -1,9 +0,0 @@
|
||||
[stream]
|
||||
# Enable this on slaves, to have them send metrics.
|
||||
enabled = yes
|
||||
destination = tcp:toolbox.turnsys.net:19999
|
||||
api key = 6ed9e20a-c819-4ebc-b894-322eb0710d03
|
||||
timeout seconds = 60
|
||||
buffer size bytes = 1048576
|
||||
reconnect delay seconds = 5
|
||||
initial clock resync iterations = 60
|
@ -1,9 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
echo "stopping netdata..."
|
||||
service netdata stop
|
||||
|
||||
echo "starting netdata..."
|
||||
service netdata start
|
||||
|
||||
echo "netdata file refresh"
|
File diff suppressed because it is too large
Load Diff
@ -1,9 +0,0 @@
|
||||
[stream]
|
||||
# Enable this on slaves, to have them send metrics.
|
||||
enabled = yes
|
||||
destination = tcp:toolbox.turnsys.net:19999
|
||||
api key = 6ed9e20a-c819-4ebc-b894-322eb0710d03
|
||||
timeout seconds = 60
|
||||
buffer size bytes = 1048576
|
||||
reconnect delay seconds = 5
|
||||
initial clock resync iterations = 60
|
@ -1,8 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
echo "stopping ossec..."
|
||||
/var/ossec/bin/ossec-control stop
|
||||
|
||||
echo "starting ossec..."
|
||||
/var/ossec/bin/ossec-control start
|
||||
|
@ -1,3 +0,0 @@
|
||||
postmaster: root
|
||||
root: prodtechopsalerts@turnsys.com
|
||||
|
@ -1,11 +0,0 @@
|
||||
The first element of the path is a directory where the debian-sa1
|
||||
# script is located
|
||||
PATH=/usr/lib/sysstat:/usr/sbin:/usr/sbin:/usr/bin:/sbin:/bin
|
||||
|
||||
# Activity reports every 10 minutes everyday
|
||||
*/2 * * * * root command -v debian-sa1 > /dev/null && debian-sa1 1 1
|
||||
|
||||
# Additional run at 23:59 to rotate the statistics file
|
||||
59 23 * * * root command -v debian-sa1 > /dev/null && debian-sa1 60 2
|
||||
|
||||
|
@ -1,11 +0,0 @@
|
||||
# This file controls the activity of snmpd
|
||||
|
||||
# Don't load any MIBs by default.
|
||||
# You might comment this lines once you have the MIBs downloaded.
|
||||
export MIBS=
|
||||
|
||||
# snmpd control (yes means start daemon).
|
||||
SNMPDRUN=yes
|
||||
|
||||
# snmpd options (use syslog, close stdin/out/err).
|
||||
SNMPDOPTS='-LS0-5d -Lf /dev/null -u snmp -g snmp -p /run/snmpd.pid'
|
@ -1,10 +0,0 @@
|
||||
===============================================================================
|
||||
|
||||
This is a private computer system. These resources, including all
|
||||
related equipment, networks, and devices, are provided for authorized
|
||||
use only. The system may be monitored for all lawful purposes. Evidence
|
||||
of unauthorized use collected during monitoring may be used for criminal
|
||||
prosecution by staff, legal counsel, and law enforcement agencies.
|
||||
|
||||
===============================================================================
|
||||
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user