VpTechnicalOperations/LegacyTechops
2
0
Fork 0
Code Pull Requests Packages Projects Releases Activity

migration and cleanup from legacy repos

Browse Source
This commit is contained in:
Charles N Wyble - admin 2017-12-09 12:48:51 -06:00
parent 4be209af11
commit 5f1be2380c
67 changed files with 6481 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
CMDB/snmp/.svn/all-wcprops Executable file
View File

@ -0,0 +1,29 @@
K 25
svn:wc:ra_dav:version-url
V 57
/rg0103/pdesubversion-tpqaslack/!svn/ver/366/scripts/snmp
END
debian-default-snmpd
K 25
svn:wc:ra_dav:version-url
V 78
/rg0103/pdesubversion-tpqaslack/!svn/ver/315/scripts/snmp/debian-default-snmpd
END
centos-snmpd.options
K 25
svn:wc:ra_dav:version-url
V 78
/rg0103/pdesubversion-tpqaslack/!svn/ver/359/scripts/snmp/centos-snmpd.options
END
setup-snmp.sh
K 25
svn:wc:ra_dav:version-url
V 71
/rg0103/pdesubversion-tpqaslack/!svn/ver/366/scripts/snmp/setup-snmp.sh
END
snmpd.conf
K 25
svn:wc:ra_dav:version-url
V 68
/rg0103/pdesubversion-tpqaslack/!svn/ver/276/scripts/snmp/snmpd.conf
END

164
CMDB/snmp/.svn/entries Executable file
View File

@ -0,0 +1,164 @@
10
dir
440
https://svn01.atlanta.hp.com/rg0103/pdesubversion-tpqaslack/scripts/snmp
https://svn01.atlanta.hp.com/rg0103/pdesubversion-tpqaslack
2013-10-30T20:33:11.769859Z
366
wyble@hp.com
92b00a8e-620f-4ac7-abd2-c9ef5b6c269b
debian-default-snmpd
file
2013-12-10T21:18:03.480402Z
536542d8470261eb1971bd3bb35adf68
2013-10-02T16:57:28.319476Z
315
wyble@hp.com
723
centos-snmpd.options
file
2013-12-10T21:18:03.487402Z
40233436f1b04129a231dba3a5225762
2013-10-25T19:11:31.312453Z
359
wyble@hp.com
has-props
135
setup-snmp.sh
file
2013-12-10T21:18:03.492402Z
dde4ae53ae1e316b551dbc386ac30e9b
2013-10-30T20:33:11.769859Z
366
wyble@hp.com
1350
snmpd.conf
file
2013-12-10T21:18:03.496402Z
88b7c51014dbd12d784982d41c3ae7e7
2013-09-17T18:44:43.972099Z
276
wyble@hp.com
474

5
CMDB/snmp/.svn/prop-base/centos-snmpd.options.svn-base Executable file
View File

@ -0,0 +1,5 @@
K 14
svn:executable
V 1
*
END

3
CMDB/snmp/.svn/text-base/centos-snmpd.options.svn-base Executable file
View File

@ -0,0 +1,3 @@
# snmpd command line options
OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd.pid"
#OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd.pid -a"

22
CMDB/snmp/.svn/text-base/debian-default-snmpd.svn-base Executable file
View File

@ -0,0 +1,22 @@
# This file controls the activity of snmpd and snmptrapd
# Don't load any MIBs by default.
# You might comment this lines once you have the MIBs downloaded.
export MIBS=
# snmpd control (yes means start daemon).
SNMPDRUN=yes
# snmpd options (use syslog, close stdin/out/err).
SNMPDOPTS='-Lsd -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid'
# snmptrapd control (yes means start daemon). As of net-snmp version
# 5.0, master agentx support must be enabled in snmpd before snmptrapd
# can be run. See snmpd.conf(5) for how to do this.
TRAPDRUN=no
# snmptrapd options (use syslog).
TRAPDOPTS='-Lsd -p /var/run/snmptrapd.pid'
# create symlink on Debian legacy location to official RFC path
SNMPDCOMPAT=yes

62
CMDB/snmp/.svn/text-base/setup-snmp.sh.svn-base Executable file
View File

@ -0,0 +1,62 @@
#!/bin/bash
#A script to setup snmp on redhat/debian systems
centos_snmp()
#Install SNMP on a cent box
{
#Fix yum.conf
wget -O /etc/yum/yum.conf http://slack-master.tplab.tippingpoint.com/yum.conf
#Install snmpd
yum -y install net-snmp
#Install observium bits
wget -O /usr/bin/distro http://www.observium.org/svn/observer/trunk/scripts/distro
chmod 755 /usr/bin/distro
#Pull down snmpd configuration files
wget -O /etc/snmp/snmpd.conf http://slack-master.tplab.tippingpoint.com/snmp/snmpd.conf
wget -O /etc/sysconfig/snmpd.options http://slack-master.tplab.tippingpoint.com/snmp/centos-snmpd.options
#Restart snmpd
/etc/init.d/snmpd restart
chkconfig snmpd on
}
debian_snmp()
#Install snmp on a debian box
{
#Install snmpd
apt-get -y install snmpd
#Install observium bits
wget -O /usr/bin/distro http://www.observium.org/svn/observer/trunk/scripts/distro
chmod 755 /usr/bin/distro
#Pull down snmpd configuration files
wget -O /etc/default/snmpd http://slack-master.tplab.tippingpoint.com/snmp/debian-default-snmpd.conf
wget -O /etc/snmp/snmpd.conf http://slack-master.tplab.tippingpoint.com/snmp/snmpd.conf
#Restart snmpd
/etc/init.d/snmpd restart
chkconfig snmpd on
}
DIST=$(lsb_release -d)
if [ $(echo $DIST | grep Ubuntu -c) -eq 1 ];
then
debian_snmp
fi
if [ $(echo $DIST | grep Centos -c) -eq 1 ];
then
centos_snmp
fi

10
CMDB/snmp/.svn/text-base/snmpd.conf.svn-base Executable file
View File

@ -0,0 +1,10 @@
com2sec readonly default mng-actua1
group MyROGroup v1 readonly
group MyROGroup v2c readonly
group MyROGroup usm readonly
view all included .1 80
access MyROGroup "" any noauth exact all none none
syslocation Austin TX USA
syscontact esplabsupport@hp.com
#This line allows Observium to detect the host OS if the distro script is installed
extend .1.3.6.1.4.1.2021.7890.1 distro /usr/bin/distro

3
CMDB/snmp/centos-snmpd.options Executable file
View File

@ -0,0 +1,3 @@
# snmpd command line options
OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd.pid"
#OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd.pid -a"

22
CMDB/snmp/debian-default-snmpd Executable file
View File

@ -0,0 +1,22 @@
# This file controls the activity of snmpd and snmptrapd
# Don't load any MIBs by default.
# You might comment this lines once you have the MIBs downloaded.
export MIBS=
# snmpd control (yes means start daemon).
SNMPDRUN=yes
# snmpd options (use syslog, close stdin/out/err).
SNMPDOPTS='-LS4d -Lf /dev/null -u snmp -g snmp -I -smux -p /var/run/snmpd.pid'
# snmptrapd control (yes means start daemon). As of net-snmp version
# 5.0, master agentx support must be enabled in snmpd before snmptrapd
# can be run. See snmpd.conf(5) for how to do this.
TRAPDRUN=no
# snmptrapd options (use syslog).
TRAPDOPTS='-Lsd -p /var/run/snmptrapd.pid'
# create symlink on Debian legacy location to official RFC path
SNMPDCOMPAT=yes

70
CMDB/snmp/distro Executable file
View File

@ -0,0 +1,70 @@
#!/bin/sh
# Detects which OS and if it is Linux then it will detect which Linux Distribution.
OS=`uname -s`
REV=`uname -r`
MACH=`uname -m`
if [ "${OS}" = "SunOS" ] ; then
OS=Solaris
ARCH=`uname -p`
OSSTR="${OS} ${REV}(${ARCH} `uname -v`)"
elif [ "${OS}" = "AIX" ] ; then
OSSTR="${OS} `oslevel` (`oslevel -r`)"
elif [ "${OS}" = "Linux" ] ; then
KERNEL=`uname -r`
if [ -f /etc/redhat-release ] ; then
DIST=$(cat /etc/redhat-release | awk '{print $1}')
if [ "${DIST}" = "CentOS" ]; then
DIST="CentOS"
elif [ "${DIST}" = "Mandriva" ]; then
DIST="Mandriva"
PSEUDONAME=`cat /etc/mandriva-release | sed s/.*\(// | sed s/\)//`
REV=`cat /etc/mandriva-release | sed s/.*release\ // | sed s/\ .*//`
elif [ "${DIST}" = "Fedora" ]; then
DIST="Fedora"
else
DIST="RedHat"
fi
PSEUDONAME=`cat /etc/redhat-release | sed s/.*\(// | sed s/\)//`
REV=`cat /etc/redhat-release | sed s/.*release\ // | sed s/\ .*//`
elif [ -f /etc/SuSE-release ] ; then
DIST=`cat /etc/SuSE-release | tr "\n" ' '| sed s/VERSION.*//`
REV=`cat /etc/SuSE-release | tr "\n" ' ' | sed s/.*=\ //`
elif [ -f /etc/mandrake-release ] ; then
DIST='Mandrake'
PSEUDONAME=`cat /etc/mandrake-release | sed s/.*\(// | sed s/\)//`
REV=`cat /etc/mandrake-release | sed s/.*release\ // | sed s/\ .*//`
elif [ -f /etc/debian_version ] ; then
if [ -f /etc/mailcleaner/etc/mailcleaner/version.def ] ; then
DIST="MailCleaner"
REV=`cat /etc/mailcleaner/etc/mailcleaner/version.def`
else
DIST="Debian `cat /etc/debian_version`"
REV=""
fi
fi
if [ -f /etc/UnitedLinux-release ] ; then
DIST="${DIST}[`cat /etc/UnitedLinux-release | tr "\n" ' ' | sed s/VERSION.*//`]"
fi
if [ -f /etc/lsb-release ] ; then
LSB_DIST="`cat /etc/lsb-release | grep DISTRIB_ID | cut -d "=" -f2`"
LSB_REV="`cat /etc/lsb-release | grep DISTRIB_RELEASE | cut -d "=" -f2`"
if [ "$LSB_DIST" != "" ] ; then
DIST=$LSB_DIST
REV=$LSB_REV
fi
fi
# OSSTR="${OS} ${DIST} ${REV}(${PSEUDONAME} ${KERNEL} ${MACH})"
OSSTR="${DIST} ${REV}"
elif [ "${OS}" = "Darwin" ] ; then
if [ -f /usr/bin/sw_vers ] ; then
OSSTR=`/usr/bin/sw_vers|grep -v Build|sed 's/^.*:.//'| tr "\n" ' '`
fi
fi
echo ${OSSTR}

32
CMDB/snmp/setup-snmp.sh Executable file
View File

@ -0,0 +1,32 @@
#!/bin/bash
#Install script for snmp on all Linux systems
if [ -f /etc/apt/sources.list ];
then
#Install observium bits
chmod 755 /usr/bin/distro
#Pull down snmpd configuration files
wget -O /etc/default/snmpd http://txn04-slack-master.tplab.tippingpoint.com/sysmgmt/snmp/debian-default-snmpd
wget -O /etc/snmp/snmpd.conf http://txn04-slack-master.tplab.tippingpoint.com/sysmgmt/snmp/snmpd.conf
#Restart snmpd
/etc/init.d/snmpd restart
elif [ -f /etc/yum.conf ];
then
#Fix yum.conf
wget -O /etc/yum/yum.conf http://fezzik.tplab.tippingpoint.com/yum.conf
#Install snmpd
yum -y install net-snmp
#Install observium bits
curl --silent http://txn04-slack-master.tplab.tippingpoint.com/sysmgmt/snmp/distro > /usr/bin/distro
chmod 755 /usr/bin/distro
#Pull down snmpd configuration files
wget -O /etc/snmp/snmpd.conf http://txn04-slack-master.tplab.tippingpoint.com/sysmgmt/snmp/snmpd.conf
wget -O /etc/sysconfig/snmpd.options http://txn04-slack-master.tplab.tippingpoint.com/sysmgmt/snmp/centos-snmpd.options
#Restart snmpd
/etc/init.d/snmpd restart
chkconfig snmpd on
fi

10
CMDB/snmp/snmpd.conf Executable file
View File

@ -0,0 +1,10 @@
com2sec readonly default mng-actua1
group MyROGroup v1 readonly
group MyROGroup v2c readonly
group MyROGroup usm readonly
view all included .1 80
access MyROGroup "" any noauth exact all none none
syslocation Austin TX USA
syscontact techops-alerts@turnsys.com
#This line allows Observium to detect the host OS if the distro script is installed
extend .1.3.6.1.4.1.2021.7890.1 distro /usr/bin/distro

35
CMDB/subnets Executable file
View File

@ -0,0 +1,35 @@
10.253.0.0/24
10.253.1.0/24
10.253.2.0/24
10.253.3.0/24
10.253.4.0/24
10.253.5.0/24
10.253.6.0/24
10.253.7.0/24
10.253.8.0/24
10.253.9.0/24
10.251.0.0/24
10.251.1.0/24
10.251.2.0/24
10.251.3.0/24
10.251.4.0/24
10.251.5.0/24
10.251.6.0/24
10.251.7.0/24
10.251.8.0/24
10.251.9.0/24
10.251.10.0/24
10.251.11.0/24
10.251.12.0/24
10.251.13.0/24
10.251.30.0/24
10.251.31.0/24
10.251.32.0/24
10.251.33.0/24
10.251.34.0/24
10.251.35.0/24
10.251.36.0/24
10.251.37.0/24
10.251.38.0/24
10.251.39.0/24
10.251.40.0/24

5
CMDB/zenossScan.sh Executable file
View File

@ -0,0 +1,5 @@
#!/bin/bash
for subnet in $(cat subnets); do
zendisc run --now --monitor localhost --deviceclass /Discovered --parallel 8 --net $subnet
done

5
README Normal file → Executable file
View File

@ -1 +1,4 @@
Hello world
System stuff.
More details added later, till then figure it the fuck out yourself!

70
TODO.TXT Executable file
View File

@ -0,0 +1,70 @@
#############################################################
Core services (BLM/S backups, logging, monitoring, security)
#############################################################
####
1) Logging backend
####
Setup stratum 1/2 NTP at SATX
Setup stratum 2 NTP at OVH
Fix time zones everywhere to CST
Setup security onion
6) Backups and storage
* Audit overall backup strategy
Finish setup of ZFS at satx
ZFS caching
Before cache usb:
root@ausprod-linsrv:~/envmon/temper-python# ls /dev/disk/by-id/
ata-HL-DT-ST_DVD+_-RW_GSA-H73N ata-WDC_WD10JMVW-11AJGS3_WD-WX51AB339130 ata-WDC_WD10JMVW-11AJGS3_WD-WX61A759LES4-part1 wwn-0x50014ee65b4b1bfd
ata-PLDS_DVD-ROM_DH-16D2S ata-WDC_WD10JMVW-11AJGS3_WD-WX51AB339130-part1 wwn-0x50014ee65979b8c3 wwn-0x50014ee65b4b1bfd-part1
ata-SanDisk_SDSSDRC032G_151115401425 ata-WDC_WD10JMVW-11AJGS3_WD-WX51AB339130-part9 wwn-0x50014ee65979b8c3-part1 wwn-0x5001b44e3ac304d1
ata-SanDisk_SDSSDRC032G_151115401425-part1 ata-WDC_WD10JMVW-11AJGS3_WD-WX61A759LES4 wwn-0x50014ee65979b8c3-part9 wwn-0x5001b44e3ac304d1-part1
root@ausprod-linsrv:~/envmon/temper-python#
After cache usb:
root@ausprod-linsrv:~/envmon/temper-python# ls /dev/disk/by-id
ata-HL-DT-ST_DVD+_-RW_GSA-H73N ata-WDC_WD10JMVW-11AJGS3_WD-WX51AB339130-part1 usb-MONSTER_USB_2.0_621AE5C7-0:0-part1 wwn-0x50014ee65979b8c3-part1 wwn-0x5001b44e3ac304d1-part1
ata-PLDS_DVD-ROM_DH-16D2S ata-WDC_WD10JMVW-11AJGS3_WD-WX51AB339130-part9 usb-MONSTER_USB_2.0_FBZXXXXXXQJBR-0:0 wwn-0x50014ee65979b8c3-part9
ata-SanDisk_SDSSDRC032G_151115401425 ata-WDC_WD10JMVW-11AJGS3_WD-WX61A759LES4 usb-MONSTER_USB_2.0_FBZXXXXXXQJBR-0:0-part1 wwn-0x50014ee65b4b1bfd
ata-SanDisk_SDSSDRC032G_151115401425-part1 ata-WDC_WD10JMVW-11AJGS3_WD-WX61A759LES4-part1 usb-MONSTER_USB_2.0_FBZXXXXXXQJBR-0:0-part2 wwn-0x50014ee65b4b1bfd-part1
ata-WDC_WD10JMVW-11AJGS3_WD-WX51AB339130 usb-MONSTER_USB_2.0_621AE5C7-0:0 wwn-0x50014ee65979b8c3 wwn-0x5001b44e3ac304d1
r-----------------------
Finish technical infrastructure:
Finish backup setup
ovh replication automation to rsync.net
linux lab server
zfs on usb drive
snapshot/replicate to rsync.net
Finalize laptop data cleanup/backup
Finish monitoring setup
Zenoss
OVH
Security - full lockdown / baseline
===Pen test===
http://resources.infosecinstitute.com/pentesting-distributions-and-installer-kits-for-your-raspberry-pi/
Setup all jimmyraypurser blog post security tools
Setup metasploit/armitage/openvas
Setup warvox
===Setup PIV using CA===
https://technet.microsoft.com/en-us/library/ff829847(v=ws.10).aspx
https://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml
http://sourceforge.net/projects/opensc/files/OpenSC/opensc-0.14.0/
https://technet.microsoft.com/en-us/library/
http://blogs.technet.com/b/pki/archive/2012/03/14/hspd-12-logical-access-authentication-and-2008-active-directory-domains-on-download-center.aspx
https://github.com/dejavusecurity/OutlookPrivacyPlugin
https://blog.josefsson.org/2014/06/23/offline-gnupg-master-key-and-subkeys-on-yubikey-neo-smartcard/
http://blog.mailgun.com/security-guide-basic-infrastructure-security/
http://viccuad.me/blog/secure-yourself-part-1-airgapped-computer-and-GPG-smartcards
https://trmm.net/Yubikey

293
bare-metal/interfaces-fnfDedi Executable file
View File

@ -0,0 +1,293 @@
#This file is fairly long and complex. Don't change it unless you know what you are doing.
#And if you aren't Charles Wyble, you don't know what your doing in this context. Trust me.
# The loopback network interface
auto lo
iface lo inet loopback
#First we create the bonded interfaces for high availabilty:
###########################################################################################
#First bond here (eth0/1 ha pair)
###########################################################################################
auto eth0
allow-bond0 eth0
iface eth0 inet manual
bond-master bond0
auto eth1
allow-bond0 eth1
iface eth1 inet manual
bond-master bond0
auto bond0
iface bond0 inet manual
post-up ifconfig $IFACE up
pre-down ifconfig $IFACE down
bond-slaves none
bond-mode active-backup
bond-miimon 100
bond-downdelay 200
bond-updelay 100
dns-nameservers 208.67.222.222 208.67.220.220
###########################################################################################
#Second bond here (eth2/3 ha pair)
###########################################################################################
auto eth2
allow-bond1 eth2
iface eth2 inet manual
bond-master bond1
auto eth3
allow-bond1 eth3
iface eth3 inet manual
bond-master bond1
auto bond1
iface bond1 inet manual
post-up ifconfig $IFACE up
pre-down ifconfig $IFACE down
bond-slaves none
bond-mode active-backup
bond-miimon 100
bond-downdelay 200
bond-updelay 100
dns-nameservers 208.67.222.222 208.67.220.220
###########################################################################################
#Interface defintions #
###########################################################################################
###########################################################################################
#Backend MGMT interface (used for overall management network, physical devices) #
###########################################################################################
auto bond0.2
iface bond0.2 inet manual
post-up ifconfig $IFACE up
pre-down ifconfig $IFACE down
vlan-raw-device bond0
auto br2
iface br2 inet static
address 10.250.2.3
netmask 255.255.255.0
gateway 10.250.2.1
bridge_ports bond0.2
bridge_stp off
bridge_fd 0
bridge_maxwait 0
###########################################################################################
#Backend FNF interface (used for FNF management network). For now all virtual machines #
###########################################################################################
auto bond0.4
iface bond0.4 inet manual
post-up ifconfig $IFACE up
pre-down ifconfig $IFACE down
vlan-raw-device bond0
auto br4
iface br4 inet static
address 10.250.4.3
netmask 255.255.255.0
gateway 10.250.4.1
bridge_ports bond0.4
bridge_stp off
bridge_fd 0
bridge_maxwait 0
###########################################################################################
#Frontend FNF interface (used for internet traffic) #
###########################################################################################
auto bond1.5
iface bond1.5 inet manual
post-up ifconfig $IFACE up
pre-down ifconfig $IFACE down
vlan-raw-device bond1
auto br5
iface br5 inet static
address 10.250.5.3
netmask 255.255.255.0
gateway 10.250.5.1
bridge_ports bond1.5
bridge_stp off
bridge_fd 0
bridge_maxwait 0
###########################################################################################
#Backend infra interface (used for shared infra services like DNS)
###########################################################################################
auto bond0.6
iface bond0.6 inet manual
post-up ifconfig $IFACE up
pre-down ifconfig $IFACE down
vlan-raw-device bond0
auto br6
iface br6 inet static
address 10.250.6.3
netmask 255.255.255.0
gateway 10.250.6.1
bridge_ports bond0.6
bridge_stp off
bridge_fd 0
bridge_maxwait 0
###########################################################################################
#Backend www interface (used for www management network) #
###########################################################################################
auto bond0.8
iface bond0.8 inet manual
post-up ifconfig $IFACE up
pre-down ifconfig $IFACE down
vlan-raw-device bond0
auto br8
iface br8 inet static
address 10.250.8.3
netmask 255.255.255.0
gateway 10.250.8.1
bridge_ports bond0.8
bridge_stp off
bridge_fd 0
bridge_maxwait 0
###########################################################################################
#Frontend www interface (used for www external network) #
###########################################################################################
auto bond1.9
iface bond1.9 inet manual
post-up ifconfig $IFACE up
pre-down ifconfig $IFACE down
vlan-raw-device bond1
auto br9
iface br9 inet static
address 10.250.9.3
netmask 255.255.255.0
gateway 10.250.9.1
bridge_ports bond1.9
bridge_stp off
bridge_fd 0
bridge_maxwait 0
###########################################################################################
#IMW backend interface #
###########################################################################################
auto bond0.54
iface bond0.54 inet manual
post-up ifconfig $IFACE up
pre-down ifconfig $IFACE down
vlan-raw-device bond1
auto br54
iface br54 inet static
address 10.250.54.3
netmask 255.255.255.0
gateway 10.250.54.1
bridge_ports bond0.54
bridge_stp off
bridge_fd 0
###########################################################################################
#AutoTunnel interfaces #
###########################################################################################
#Management
auto bond0.88
iface bond0.88 inet manual
post-up ifconfig $IFACE up
pre-down ifconfig $IFACE down
vlan-raw-device bond1
auto br88
iface br88 inet static
address 10.250.88.3
netmask 255.255.255.0
gateway 10.250.88.1
bridge_ports bond0.88
bridge_stp off
bridge_fd 0
#Inline
auto bond0.89
iface bond0.89 inet manual
post-up ifconfig $IFACE up
pre-down ifconfig $IFACE down
vlan-raw-device bond1
auto br89
iface br89 inet static
address 10.250.89.3
netmask 255.255.255.0
gateway 10.250.89.1
bridge_ports bond0.89
bridge_stp off
bridge_fd 0
#Isolation
auto bond0.90
iface bond0.90 inet manual
post-up ifconfig $IFACE up
pre-down ifconfig $IFACE down
vlan-raw-device bond1
auto br90
iface br90 inet static
address 10.250.90.3
netmask 255.255.255.0
gateway 10.250.90.1
bridge_ports bond0.90
bridge_stp off
bridge_fd 0
#Registration
auto bond0.91
iface bond0.91 inet manual
post-up ifconfig $IFACE up
pre-down ifconfig $IFACE down
vlan-raw-device bond1
auto br91
iface br91 inet static
address 10.250.91.3
netmask 255.255.255.0
gateway 10.250.91.1
bridge_ports bond0.91
bridge_stp off
bridge_fd 0
###########################################################################################
#KNEL backend interface #
###########################################################################################
auto bond0.24
iface bond0.24 inet manual
post-up ifconfig $IFACE up
pre-down ifconfig $IFACE down
vlan-raw-device bond0
auto br24
iface br24 inet static
address 10.250.24.3
netmask 255.255.255.0
gateway 10.250.24.1
bridge_ports bond0.24
bridge_stp off
bridge_fd 0
bridge_maxwait 0

169
bare-metal/interfaces-tsysDedi Normal file
View File

@ -0,0 +1,169 @@
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet manual
##########################################################################
#WAN bridge - non ovs, physical interface
##########################################################################
auto brWan
iface brWan inet static
address 158.69.225.97
netmask 255.255.255.0
network 158.69.225.0
broadcast 158.69.225.255
gateway 158.69.225.254
bridge_ports eth0
bridge_stp off
bridge_fd 0
bridge_hello 2
bridge_maxage 12
#Routing network
#10.253.0.0/24
#No VLAN1 obviously, what do you think this is? A holiday inn?
##########################################################################
#bare metal net vlan2 goes nowhere just provides isolation
##########################################################################
auto baremetal
allow-ovs baremetal
iface baremetal inet static
address 10.253.44.2
netmask 255.255.255.0
ovs_type OVSBridge
ovs_ports vlan2
allow-baremetal vlan2
iface vlan2 inet manual
ovs_bridge baremetal
ovs_type OVSIntPort
ovs_options tag=2
##########################################################################
#mgmt net vlan3
##########################################################################
auto mgmt
allow-ovs mgmt
iface mgmt inet static
address 10.253.3.2
netmask 255.255.255.0
ovs_type OVSBridge
ovs_ports vlan3
allow-mgmt vlan3
iface vlan3 inet manual
ovs_bridge mgmt
ovs_type OVSIntPort
ovs_options tag=3
##########################################################################
#asn2net net vlan4
##########################################################################
auto asn2net
allow-ovs asn2net
iface asn2net inet static
address 10.253.4.2
netmask 255.255.255.0
ovs_type OVSBridge
ovs_ports vlan4
allow-asn2net vlan4
iface vlan4 inet manual
ovs_bridge asn2net
ovs_type OVSIntPort
ovs_options tag=4
##########################################################################
#S2l net vlan5
##########################################################################
auto s2l
allow-ovs s2l
iface s2l inet static
address 10.253.5.2
netmask 255.255.255.0
ovs_type OVSBridge
ovs_ports vlan5
allow-s2l vlan5
iface vlan5 inet manual
ovs_bridge s2l
ovs_type OVSIntPort
ovs_options tag=5
##########################################################################
#rackrental net vlan6
##########################################################################
auto rackrental
allow-ovs rackrental
iface rackrental inet static
address 10.253.6.2
netmask 255.255.255.0
ovs_type OVSBridge
ovs_ports vlan6
allow-rackrental vlan6
iface vlan6 inet manual
ovs_bridge rackrental
ovs_type OVSIntPort
ovs_options tag=6
##########################################################################
#fnf net vlan7
##########################################################################
auto fnf
allow-ovs fnf
iface fnf inet static
address 10.253.7.2
netmask 255.255.255.0
ovs_type OVSBridge
ovs_ports vlan7
allow-fnf vlan7
iface vlan7 inet manual
ovs_bridge fnf
ovs_type OVSIntPort
ovs_options tag=7
##########################################################################
#knel net vlan8
##########################################################################
auto knel
allow-ovs knel
iface knel inet static
address 10.253.8.2
netmask 255.255.255.0
ovs_type OVSBridge
ovs_ports vlan8
allow-knel vlan8
iface vlan8 inet manual
ovs_bridge knel
ovs_type OVSIntPort
ovs_options tag=8
##########################################################################
#tsys net vlan9
##########################################################################
auto tsys
allow-ovs tsys
iface tsys inet static
address 10.253.9.2
netmask 255.255.255.0
ovs_type OVSBridge
ovs_ports vlan9
allow-tsys vlan9
iface vlan9 inet manual
ovs_bridge tsys
ovs_type OVSIntPort
ovs_options tag=9

674
lab/LICENSE Executable file
View File

@ -0,0 +1,674 @@
GNU GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The GNU General Public License is a free, copyleft license for
software and other kinds of works.
The licenses for most software and other practical works are designed
to take away your freedom to share and change the works. By contrast,
the GNU General Public License is intended to guarantee your freedom to
share and change all versions of a program--to make sure it remains free
software for all its users. We, the Free Software Foundation, use the
GNU General Public License for most of our software; it applies also to
any other work released this way by its authors. You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
them if you wish), that you receive source code or can get it if you
want it, that you can change the software or use pieces of it in new
free programs, and that you know you can do these things.
To protect your rights, we need to prevent others from denying you
these rights or asking you to surrender the rights. Therefore, you have
certain responsibilities if you distribute copies of the software, or if
you modify it: responsibilities to respect the freedom of others.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must pass on to the recipients the same
freedoms that you received. You must make sure that they, too, receive
or can get the source code. And you must show them these terms so they
know their rights.
Developers that use the GNU GPL protect your rights with two steps:
(1) assert copyright on the software, and (2) offer you this License
giving you legal permission to copy, distribute and/or modify it.
For the developers' and authors' protection, the GPL clearly explains
that there is no warranty for this free software. For both users' and
authors' sake, the GPL requires that modified versions be marked as
changed, so that their problems will not be attributed erroneously to
authors of previous versions.
Some devices are designed to deny users access to install or run
modified versions of the software inside them, although the manufacturer
can do so. This is fundamentally incompatible with the aim of
protecting users' freedom to change the software. The systematic
pattern of such abuse occurs in the area of products for individuals to
use, which is precisely where it is most unacceptable. Therefore, we
have designed this version of the GPL to prohibit the practice for those
products. If such problems arise substantially in other domains, we
stand ready to extend this provision to those domains in future versions
of the GPL, as needed to protect the freedom of users.
Finally, every program is threatened constantly by software patents.
States should not allow patents to restrict development and use of
software on general-purpose computers, but in those that do, we wish to
avoid the special danger that patents applied to a free program could
make it effectively proprietary. To prevent this, the GPL assures that
patents cannot be used to render the program non-free.
The precise terms and conditions for copying, distribution and
modification follow.
TERMS AND CONDITIONS
0. Definitions.
"This License" refers to version 3 of the GNU General Public License.
"Copyright" also means copyright-like laws that apply to other kinds of
works, such as semiconductor masks.
"The Program" refers to any copyrightable work licensed under this
License. Each licensee is addressed as "you". "Licensees" and
"recipients" may be individuals or organizations.
To "modify" a work means to copy from or adapt all or part of the work
in a fashion requiring copyright permission, other than the making of an
exact copy. The resulting work is called a "modified version" of the
earlier work or a work "based on" the earlier work.
A "covered work" means either the unmodified Program or a work based
on the Program.
To "propagate" a work means to do anything with it that, without
permission, would make you directly or secondarily liable for
infringement under applicable copyright law, except executing it on a
computer or modifying a private copy. Propagation includes copying,
distribution (with or without modification), making available to the
public, and in some countries other activities as well.
To "convey" a work means any kind of propagation that enables other
parties to make or receive copies. Mere interaction with a user through
a computer network, with no transfer of a copy, is not conveying.
An interactive user interface displays "Appropriate Legal Notices"
to the extent that it includes a convenient and prominently visible
feature that (1) displays an appropriate copyright notice, and (2)
tells the user that there is no warranty for the work (except to the
extent that warranties are provided), that licensees may convey the
work under this License, and how to view a copy of this License. If
the interface presents a list of user commands or options, such as a
menu, a prominent item in the list meets this criterion.
1. Source Code.
The "source code" for a work means the preferred form of the work
for making modifications to it. "Object code" means any non-source
form of a work.
A "Standard Interface" means an interface that either is an official
standard defined by a recognized standards body, or, in the case of
interfaces specified for a particular programming language, one that
is widely used among developers working in that language.
The "System Libraries" of an executable work include anything, other
than the work as a whole, that (a) is included in the normal form of
packaging a Major Component, but which is not part of that Major
Component, and (b) serves only to enable use of the work with that
Major Component, or to implement a Standard Interface for which an
implementation is available to the public in source code form. A
"Major Component", in this context, means a major essential component
(kernel, window system, and so on) of the specific operating system
(if any) on which the executable work runs, or a compiler used to
produce the work, or an object code interpreter used to run it.
The "Corresponding Source" for a work in object code form means all
the source code needed to generate, install, and (for an executable
work) run the object code and to modify the work, including scripts to
control those activities. However, it does not include the work's
System Libraries, or general-purpose tools or generally available free
programs which are used unmodified in performing those activities but
which are not part of the work. For example, Corresponding Source
includes interface definition files associated with source files for
the work, and the source code for shared libraries and dynamically
linked subprograms that the work is specifically designed to require,
such as by intimate data communication or control flow between those
subprograms and other parts of the work.
The Corresponding Source need not include anything that users
can regenerate automatically from other parts of the Corresponding
Source.
The Corresponding Source for a work in source code form is that
same work.
2. Basic Permissions.
All rights granted under this License are granted for the term of
copyright on the Program, and are irrevocable provided the stated
conditions are met. This License explicitly affirms your unlimited
permission to run the unmodified Program. The output from running a
covered work is covered by this License only if the output, given its
content, constitutes a covered work. This License acknowledges your
rights of fair use or other equivalent, as provided by copyright law.
You may make, run and propagate covered works that you do not
convey, without conditions so long as your license otherwise remains
in force. You may convey covered works to others for the sole purpose
of having them make modifications exclusively for you, or provide you
with facilities for running those works, provided that you comply with
the terms of this License in conveying all material for which you do
not control copyright. Those thus making or running the covered works
for you must do so exclusively on your behalf, under your direction
and control, on terms that prohibit them from making any copies of
your copyrighted material outside their relationship with you.
Conveying under any other circumstances is permitted solely under
the conditions stated below. Sublicensing is not allowed; section 10
makes it unnecessary.
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
No covered work shall be deemed part of an effective technological
measure under any applicable law fulfilling obligations under article
11 of the WIPO copyright treaty adopted on 20 December 1996, or
similar laws prohibiting or restricting circumvention of such
measures.
When you convey a covered work, you waive any legal power to forbid
circumvention of technological measures to the extent such circumvention
is effected by exercising rights under this License with respect to
the covered work, and you disclaim any intention to limit operation or
modification of the work as a means of enforcing, against the work's
users, your or third parties' legal rights to forbid circumvention of
technological measures.
4. Conveying Verbatim Copies.
You may convey verbatim copies of the Program's source code as you
receive it, in any medium, provided that you conspicuously and
appropriately publish on each copy an appropriate copyright notice;
keep intact all notices stating that this License and any
non-permissive terms added in accord with section 7 apply to the code;
keep intact all notices of the absence of any warranty; and give all
recipients a copy of this License along with the Program.
You may charge any price or no price for each copy that you convey,
and you may offer support or warranty protection for a fee.
5. Conveying Modified Source Versions.
You may convey a work based on the Program, or the modifications to
produce it from the Program, in the form of source code under the
terms of section 4, provided that you also meet all of these conditions:
a) The work must carry prominent notices stating that you modified
it, and giving a relevant date.
b) The work must carry prominent notices stating that it is
released under this License and any conditions added under section
7. This requirement modifies the requirement in section 4 to
"keep intact all notices".
c) You must license the entire work, as a whole, under this
License to anyone who comes into possession of a copy. This
License will therefore apply, along with any applicable section 7
additional terms, to the whole of the work, and all its parts,
regardless of how they are packaged. This License gives no
permission to license the work in any other way, but it does not
invalidate such permission if you have separately received it.
d) If the work has interactive user interfaces, each must display
Appropriate Legal Notices; however, if the Program has interactive
interfaces that do not display Appropriate Legal Notices, your
work need not make them do so.
A compilation of a covered work with other separate and independent
works, which are not by their nature extensions of the covered work,
and which are not combined with it such as to form a larger program,
in or on a volume of a storage or distribution medium, is called an
"aggregate" if the compilation and its resulting copyright are not
used to limit the access or legal rights of the compilation's users
beyond what the individual works permit. Inclusion of a covered work
in an aggregate does not cause this License to apply to the other
parts of the aggregate.
6. Conveying Non-Source Forms.
You may convey a covered work in object code form under the terms
of sections 4 and 5, provided that you also convey the
machine-readable Corresponding Source under the terms of this License,
in one of these ways:
a) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by the
Corresponding Source fixed on a durable physical medium
customarily used for software interchange.
b) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by a
written offer, valid for at least three years and valid for as
long as you offer spare parts or customer support for that product
model, to give anyone who possesses the object code either (1) a
copy of the Corresponding Source for all the software in the
product that is covered by this License, on a durable physical
medium customarily used for software interchange, for a price no
more than your reasonable cost of physically performing this
conveying of source, or (2) access to copy the
Corresponding Source from a network server at no charge.
c) Convey individual copies of the object code with a copy of the
written offer to provide the Corresponding Source. This
alternative is allowed only occasionally and noncommercially, and
only if you received the object code with such an offer, in accord
with subsection 6b.
d) Convey the object code by offering access from a designated
place (gratis or for a charge), and offer equivalent access to the
Corresponding Source in the same way through the same place at no
further charge. You need not require recipients to copy the
Corresponding Source along with the object code. If the place to
copy the object code is a network server, the Corresponding Source
may be on a different server (operated by you or a third party)
that supports equivalent copying facilities, provided you maintain
clear directions next to the object code saying where to find the
Corresponding Source. Regardless of what server hosts the
Corresponding Source, you remain obligated to ensure that it is
available for as long as needed to satisfy these requirements.
e) Convey the object code using peer-to-peer transmission, provided
you inform other peers where the object code and Corresponding
Source of the work are being offered to the general public at no
charge under subsection 6d.
A separable portion of the object code, whose source code is excluded
from the Corresponding Source as a System Library, need not be
included in conveying the object code work.
A "User Product" is either (1) a "consumer product", which means any
tangible personal property which is normally used for personal, family,
or household purposes, or (2) anything designed or sold for incorporation
into a dwelling. In determining whether a product is a consumer product,
doubtful cases shall be resolved in favor of coverage. For a particular
product received by a particular user, "normally used" refers to a
typical or common use of that class of product, regardless of the status
of the particular user or of the way in which the particular user
actually uses, or expects or is expected to use, the product. A product
is a consumer product regardless of whether the product has substantial
commercial, industrial or non-consumer uses, unless such uses represent
the only significant mode of use of the product.
"Installation Information" for a User Product means any methods,
procedures, authorization keys, or other information required to install
and execute modified versions of a covered work in that User Product from
a modified version of its Corresponding Source. The information must
suffice to ensure that the continued functioning of the modified object
code is in no case prevented or interfered with solely because
modification has been made.
If you convey an object code work under this section in, or with, or
specifically for use in, a User Product, and the conveying occurs as
part of a transaction in which the right of possession and use of the
User Product is transferred to the recipient in perpetuity or for a
fixed term (regardless of how the transaction is characterized), the
Corresponding Source conveyed under this section must be accompanied
by the Installation Information. But this requirement does not apply
if neither you nor any third party retains the ability to install
modified object code on the User Product (for example, the work has
been installed in ROM).
The requirement to provide Installation Information does not include a
requirement to continue to provide support service, warranty, or updates
for a work that has been modified or installed by the recipient, or for
the User Product in which it has been modified or installed. Access to a
network may be denied when the modification itself materially and
adversely affects the operation of the network or violates the rules and
protocols for communication across the network.
Corresponding Source conveyed, and Installation Information provided,
in accord with this section must be in a format that is publicly
documented (and with an implementation available to the public in
source code form), and must require no special password or key for
unpacking, reading or copying.
7. Additional Terms.
"Additional permissions" are terms that supplement the terms of this
License by making exceptions from one or more of its conditions.
Additional permissions that are applicable to the entire Program shall
be treated as though they were included in this License, to the extent
that they are valid under applicable law. If additional permissions
apply only to part of the Program, that part may be used separately
under those permissions, but the entire Program remains governed by
this License without regard to the additional permissions.
When you convey a copy of a covered work, you may at your option
remove any additional permissions from that copy, or from any part of
it. (Additional permissions may be written to require their own
removal in certain cases when you modify the work.) You may place
additional permissions on material, added by you to a covered work,
for which you have or can give appropriate copyright permission.
Notwithstanding any other provision of this License, for material you
add to a covered work, you may (if authorized by the copyright holders of
that material) supplement the terms of this License with terms:
a) Disclaiming warranty or limiting liability differently from the
terms of sections 15 and 16 of this License; or
b) Requiring preservation of specified reasonable legal notices or
author attributions in that material or in the Appropriate Legal
Notices displayed by works containing it; or
c) Prohibiting misrepresentation of the origin of that material, or
requiring that modified versions of such material be marked in
reasonable ways as different from the original version; or
d) Limiting the use for publicity purposes of names of licensors or
authors of the material; or
e) Declining to grant rights under trademark law for use of some
trade names, trademarks, or service marks; or
f) Requiring indemnification of licensors and authors of that
material by anyone who conveys the material (or modified versions of
it) with contractual assumptions of liability to the recipient, for
any liability that these contractual assumptions directly impose on
those licensors and authors.
All other non-permissive additional terms are considered "further
restrictions" within the meaning of section 10. If the Program as you
received it, or any part of it, contains a notice stating that it is
governed by this License along with a term that is a further
restriction, you may remove that term. If a license document contains
a further restriction but permits relicensing or conveying under this
License, you may add to a covered work material governed by the terms
of that license document, provided that the further restriction does
not survive such relicensing or conveying.
If you add terms to a covered work in accord with this section, you
must place, in the relevant source files, a statement of the
additional terms that apply to those files, or a notice indicating
where to find the applicable terms.
Additional terms, permissive or non-permissive, may be stated in the
form of a separately written license, or stated as exceptions;
the above requirements apply either way.
8. Termination.
You may not propagate or modify a covered work except as expressly
provided under this License. Any attempt otherwise to propagate or
modify it is void, and will automatically terminate your rights under
this License (including any patent licenses granted under the third
paragraph of section 11).
However, if you cease all violation of this License, then your
license from a particular copyright holder is reinstated (a)
provisionally, unless and until the copyright holder explicitly and
finally terminates your license, and (b) permanently, if the copyright
holder fails to notify you of the violation by some reasonable means
prior to 60 days after the cessation.
Moreover, your license from a particular copyright holder is
reinstated permanently if the copyright holder notifies you of the
violation by some reasonable means, this is the first time you have
received notice of violation of this License (for any work) from that
copyright holder, and you cure the violation prior to 30 days after
your receipt of the notice.
Termination of your rights under this section does not terminate the
licenses of parties who have received copies or rights from you under
this License. If your rights have been terminated and not permanently
reinstated, you do not qualify to receive new licenses for the same
material under section 10.
9. Acceptance Not Required for Having Copies.
You are not required to accept this License in order to receive or
run a copy of the Program. Ancillary propagation of a covered work
occurring solely as a consequence of using peer-to-peer transmission
to receive a copy likewise does not require acceptance. However,
nothing other than this License grants you permission to propagate or
modify any covered work. These actions infringe copyright if you do
not accept this License. Therefore, by modifying or propagating a
covered work, you indicate your acceptance of this License to do so.
10. Automatic Licensing of Downstream Recipients.
Each time you convey a covered work, the recipient automatically
receives a license from the original licensors, to run, modify and
propagate that work, subject to this License. You are not responsible
for enforcing compliance by third parties with this License.
An "entity transaction" is a transaction transferring control of an
organization, or substantially all assets of one, or subdividing an
organization, or merging organizations. If propagation of a covered
work results from an entity transaction, each party to that
transaction who receives a copy of the work also receives whatever
licenses to the work the party's predecessor in interest had or could
give under the previous paragraph, plus a right to possession of the
Corresponding Source of the work from the predecessor in interest, if
the predecessor has it or can get it with reasonable efforts.
You may not impose any further restrictions on the exercise of the
rights granted or affirmed under this License. For example, you may
not impose a license fee, royalty, or other charge for exercise of
rights granted under this License, and you may not initiate litigation
(including a cross-claim or counterclaim in a lawsuit) alleging that
any patent claim is infringed by making, using, selling, offering for
sale, or importing the Program or any portion of it.
11. Patents.
A "contributor" is a copyright holder who authorizes use under this
License of the Program or a work on which the Program is based. The
work thus licensed is called the contributor's "contributor version".
A contributor's "essential patent claims" are all patent claims
owned or controlled by the contributor, whether already acquired or
hereafter acquired, that would be infringed by some manner, permitted
by this License, of making, using, or selling its contributor version,
but do not include claims that would be infringed only as a
consequence of further modification of the contributor version. For
purposes of this definition, "control" includes the right to grant
patent sublicenses in a manner consistent with the requirements of
this License.
Each contributor grants you a non-exclusive, worldwide, royalty-free
patent license under the contributor's essential patent claims, to
make, use, sell, offer for sale, import and otherwise run, modify and
propagate the contents of its contributor version.
In the following three paragraphs, a "patent license" is any express
agreement or commitment, however denominated, not to enforce a patent
(such as an express permission to practice a patent or covenant not to
sue for patent infringement). To "grant" such a patent license to a
party means to make such an agreement or commitment not to enforce a
patent against the party.
If you convey a covered work, knowingly relying on a patent license,
and the Corresponding Source of the work is not available for anyone
to copy, free of charge and under the terms of this License, through a
publicly available network server or other readily accessible means,
then you must either (1) cause the Corresponding Source to be so
available, or (2) arrange to deprive yourself of the benefit of the
patent license for this particular work, or (3) arrange, in a manner
consistent with the requirements of this License, to extend the patent
license to downstream recipients. "Knowingly relying" means you have
actual knowledge that, but for the patent license, your conveying the
covered work in a country, or your recipient's use of the covered work
in a country, would infringe one or more identifiable patents in that
country that you have reason to believe are valid.
If, pursuant to or in connection with a single transaction or
arrangement, you convey, or propagate by procuring conveyance of, a
covered work, and grant a patent license to some of the parties
receiving the covered work authorizing them to use, propagate, modify
or convey a specific copy of the covered work, then the patent license
you grant is automatically extended to all recipients of the covered
work and works based on it.
A patent license is "discriminatory" if it does not include within
the scope of its coverage, prohibits the exercise of, or is
conditioned on the non-exercise of one or more of the rights that are
specifically granted under this License. You may not convey a covered
work if you are a party to an arrangement with a third party that is
in the business of distributing software, under which you make payment
to the third party based on the extent of your activity of conveying
the work, and under which the third party grants, to any of the
parties who would receive the covered work from you, a discriminatory
patent license (a) in connection with copies of the covered work
conveyed by you (or copies made from those copies), or (b) primarily
for and in connection with specific products or compilations that
contain the covered work, unless you entered into that arrangement,
or that patent license was granted, prior to 28 March 2007.
Nothing in this License shall be construed as excluding or limiting
any implied license or other defenses to infringement that may
otherwise be available to you under applicable patent law.
12. No Surrender of Others' Freedom.
If conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot convey a
covered work so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you may
not convey it at all. For example, if you agree to terms that obligate you
to collect a royalty for further conveying from those to whom you convey
the Program, the only way you could satisfy both those terms and this
License would be to refrain entirely from conveying the Program.
13. Use with the GNU Affero General Public License.
Notwithstanding any other provision of this License, you have
permission to link or combine any covered work with a work licensed
under version 3 of the GNU Affero General Public License into a single
combined work, and to convey the resulting work. The terms of this
License will continue to apply to the part which is the covered work,
but the special requirements of the GNU Affero General Public License,
section 13, concerning interaction through a network will apply to the
combination as such.
14. Revised Versions of this License.
The Free Software Foundation may publish revised and/or new versions of
the GNU General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the
Program specifies that a certain numbered version of the GNU General
Public License "or any later version" applies to it, you have the
option of following the terms and conditions either of that numbered
version or of any later version published by the Free Software
Foundation. If the Program does not specify a version number of the
GNU General Public License, you may choose any version ever published
by the Free Software Foundation.
If the Program specifies that a proxy can decide which future
versions of the GNU General Public License can be used, that proxy's
public statement of acceptance of a version permanently authorizes you
to choose that version for the Program.
Later license versions may give you additional or different
permissions. However, no additional obligations are imposed on any
author or copyright holder as a result of your choosing to follow a
later version.
15. Disclaimer of Warranty.
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16. Limitation of Liability.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.
17. Interpretation of Sections 15 and 16.
If the disclaimer of warranty and limitation of liability provided
above cannot be given local legal effect according to their terms,
reviewing courts shall apply local law that most closely approximates
an absolute waiver of all civil liability in connection with the
Program, unless a warranty or assumption of liability accompanies a
copy of the Program in return for a fee.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
state the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
{one line to give the program's name and a brief idea of what it does.}
Copyright (C) {year} {name of author}
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
Also add information on how to contact you by electronic and paper mail.
If the program does terminal interaction, make it output a short
notice like this when it starts in an interactive mode:
{project} Copyright (C) {year} {fullname}
This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, your program's commands
might be different; for a GUI interface, you would use an "about box".
You should also get your employer (if you work as a programmer) or school,
if any, to sign a "copyright disclaimer" for the program, if necessary.
For more information on this, and how to apply and follow the GNU GPL, see
<http://www.gnu.org/licenses/>.
The GNU General Public License does not permit incorporating your program
into proprietary programs. If your program is a subroutine library, you
may consider it more useful to permit linking proprietary applications with
the library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License. But first, please read
<http://www.gnu.org/philosophy/why-not-lgpl.html>.

0
lab/README Executable file
View File

31
lab/README.md Executable file
View File

@ -0,0 +1,31 @@
FNF Lab
=======
Introduction
------------
This repository contains
* configuration files
* hack notes etc
* helper scripts
* test suites for FreedomStack
related to the FNF R&D lab.
FNF R&D Lab overview
--------------------
The lab consists of various bits of network gear to support development of the FreedomStack and educating a new generation of "net ninjas". You can
find comprehensive documentation on the lab on the FNF wiki:
https://commons.thefnf.org/index.php/FNF_Lab
File/directory overview
-----------------------
* lab_aliases is a set of shell aliases for all the lab hosts. Add it to your shell config and have easy access to all lab systems. It needs a couple
tweaks at the top for your FNFLAB username and private SSH keypath.
* docs is for things not on the wiki. Network and rack diagrams mostly

80
lab/docs/Joes-logical Executable file
View File

@ -0,0 +1,80 @@
nwdiag {
//Upstream space (gateways,partner networks etc)
network "JoesDataCenter Upstream" {
JoesWanGateway [shape = cloud ] address = "96.43.139.113";
address = "96.43.139.113/28";
}
network "Wan edge - public" {
group wan-edge-outside {
wan01-public [shape = cloud ] [ address = "96.43.139.115"];
wan02-public [shape = cloud ] [ address = "96.43.139.116"];
}
}
// Intra network links
JoesWanGateway -- wan01-public;
wan01 -- sw01;
// Networks under our administrative control.
// Using a standardized scheme of: site name, local vlan, description
network "Joes - VLAN 2 - Physical Systems" {
address = "10.250.2.0/24";
group wan-edge-inside {
wan01 [ address = "10.250.2.x" ]
wan02 [ address = "10.250.2.x" ]
}
group switches {
sw01 [address = "10.250.2.25"];
sw02 [address = "10.250.2.75"];
}
group lxc-vm-hosts {
vm01 [address = "10.250.2.3"];
vm02 [address = "10.250.2.5"];
}
group zfs-storage-nodes {
stor01 [address = "10.250.2.70"];
stor02 [address = "10.250.2.75"];
}
}
network "Joes - VLAN 4 - Production Virtual Machines" {
address = "10.250.4.0/24";
group www {
lamplb [ address = "10.250.4.38" ];
lamppublic [ address = "10.250.4.40" ];
lampenterprise [ address = "10.250.4.37" ];
chili [ address = "10.250.4.32" ];
askbot [ address = "10.250.4.72" ];
gus [ address = "10.250.4.74" ];
}
group coreinfra {
dns [ address = "10.250.6.5" ];
ldap [ address = "10.250.4.54" ];
autonoc [ address = "10.250.4.39" ];
sql [ address = "10.250.4.53" ];
}
group comms {
mail [ address = "10.250.4.73" ];
irc [ address = "10.250.4.63" ];
}
}
//network "FNF KC - Development Virtual Machines - Management network - VLAN(x) {
//
//}
}

BIN
lab/docs/Joes-logical.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 62 KiB

126
lab/docs/Lab-physical Executable file
View File

@ -0,0 +1,126 @@
rackdiag {
//r1
rack {
42U;
description = "R1 - Fully enclosed cabinet, holds all cisco routers/switches.)";
42:
41:
40:
39:
38:
37:
36:
35:
34:
33:
32:
31:
30:
29:
28:
27:
26:
25:
24:
23:
22:
21:
20:
19:
18:
17:
16:
15:
14:
13:
12:
11:
10:
09:
08:
07:
06:
05:
04:
03:
02:
01:
}
//r2
rack {
42U;
description = "R2 - Fully enclosed cabinet, holds all the prod gear.)";
42: N/A
41: unmanaged pdu
40: pdu01
39: pdu02
38: devrtr02 mikrotik
37: devrtr01 ubiquiti edge router
36: devsw04 Cisco 3500 poe
35: devsw01 Cisco 2950
34: devsw02 Cisco 2950
33: devsw03 Cisco 3500
32: labsw01 Dell PowerConnect
31: switch patch panel
30: devrtr03 Cisco ISR 1841
29: devrtr04 Cisco ISR 1841
28: labcon01 ACS48
27: console server patch panel
26: devrtr06 Cisco 26xx
25: devsw05 Cisco 2948G
24: devsw05 Cisco 2948G
23: devrtr07 Cisco 3640
22: devrtr07 Cisco 3640
21: available slot
20: available slot
19: devrtr08 (firebox) devrtr05 (pix 501)
18: available slot
17: available slot
16: ups fsrtr01
15: devrtr09 (6500)
14: devrtr09
13: devrtr09
12: devrtr09
11: devrtr09
10: devrtr09
09: devrtr09
08: devrtr09
07: devrtr09
06: devrtr09
05: devrtr09
04: devrtr09
03: devrtr09
}
//r3
rack {
24U;
description = "R3 - Skeltek 2 post, holds client end points";
24:
23:
22:
21:
20:
19:
18:
17:
16:
15:
14:
13:
12:
11:
10:
09:
08:
07:
06:
05:
04:
03:
02:
01:
}

59
lab/docs/LabLogical-Backbone Executable file
View File

@ -0,0 +1,59 @@
nwdiag {
network OVH_TRANSIT_WAN {
address = "192.168.204.0/30"
ovh-wanrtr [ address = ".1"];
ausprod-coreap01-vpnwan [ address = ".2"];
}
group ovhtransitwan {
ovh-wanrtr
ausprod-coreap01-vpnwan
}
network ATT_UVERSE_LAN {
address = "192.168.1.0/24";
group attuverselan {
ausprod-coreap01-wan [address = ".253"];
}
}
network TURNSYS_TRANSIT_LAN {
address = "192.168.2.0/24";
ausprod-coreap01-lan [address = ".1"];
ausprod-coresw01 [address = ".22"];
auslab-labrtr-wan [address = ".21"];
group turnsystransitlan {
ausprod-coreap01-lan;
ausprod-coresw01;
auslab-labrtr-wan;
}
}
network TURNSYS_MGMT_LAN {
address = "10.251.2.0/24";
auslab-labrtr-mgmtgw [ address = ".254"];
auslab-ips [ address = ".97"];
auslab-labsw01 [ address = ".2"];
auslab-labsw02 [ address = ".4"];
auslab-labsw03 [ address = ".5"];
auslab-labcon01 [ address = ".3"];
auslab-linsrv [ address = ".99"];
auslab-winsrv [ address = ".98"];
group turnsysmgmtlan-vlan2 {
auslab-labrtr-mgmtgw;
auslab-ips
auslab-labsw01;
auslab-labsw02;
auslab-labsw03;
auslab-labcon01;
auslab-linsrv
auslab-winsrv
}
}
}

BIN
lab/docs/LabLogical-Backbone.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 36 KiB

103
lab/docs/LabLogical-Devices Executable file
View File

@ -0,0 +1,103 @@
nwdiag {
network TURNSYS_AP_LAN {
address = "10.251.3.0/24";
auslab-labrtr-apgw [ address = ".254"];
auslab-ap01 [ address = ".1"];
auslab-ap02 [ address = ".2"];
auslab-ap03 [ address = ".3"];
auslab-ap04 [ address = ".4"];
auslab-ap05 [ address = ".5"];
auslab-ap06 [ address = ".6"];
auslab-ap07 [ address = ".7"];
auslab-ap08 [ address = ".8"];
auslab-ap09 [ address = ".9"];
auslab-ap10 [ address = ".10"];
auslab-ap11 [ address = ".11"];
auslab-ap12 [ address = ".12"];
group turnsysaplan-vlan3 {
auslab-labrtr-apgw;
auslab-ap01;
auslab-ap02;
auslab-ap03;
auslab-ap04;
auslab-ap05;
auslab-ap06;
auslab-ap07;
auslab-ap08;
auslab-ap09;
auslab-ap10;
auslab-ap11;
auslab-ap12;
}
}
network TURNSYS_SWITCH_LAN {
address = "10.251.4.0/24";
auslab-labrtr-switchgw [ address = ".254"];
auslab-sw01 [ address = ".1"];
auslab-sw02 [ address = ".2"];
auslab-sw03 [ address = ".3"];
auslab-sw05 [ address = ".5"];
auslab-sw06 [ address = ".6"];
auslab-sw07 [ address = ".7"];
group turnsysswitchlan-vlan4 {
auslab-labrtr-switchgw;
auslab-sw01;
auslab-sw02;
auslab-sw03;
auslab-sw05;
auslab-sw06;
auslab-sw07;
}
}
network TURNSYS_VOIP_LAN{
address = "10.251.5.0/24";
auslab-labrtr-voipgw [ address = ".254"];
group turnsysvoip-vlan5 {
auslab-labrtr-voipgw;
}
}
network TURNSYS_ROUTER_LAN{
address = "10.251.6.0/24";
auslab-labrtr-routergw [ address = ".254"];
group turnsysrouter-vlan6 {
auslab-labrtr-routergw;
}
}
network TURNSYS_IPTV_LAN{
address = "10.251.7.0/24";
auslab-labrtr-iptvgw [ address = ".254"];
group turnsysiptv-vlan7 {
auslab-labrtr-iptvgw;
}
}
network TURNSYS_PEANUTGALLERY_LAN{
address = "10.251.8.0/24";
auslab-labrtr-pggw [ address = ".254"];
group turnsyspg-vlan8 {
auslab-labrtr-pggw;
}
}
network TURNSYS_MALZOO_LAN{
address = "10.251.12.0/24";
auslab-labrtr-malgw [ address = ".254"];
group turnsyspg-vlan12 {
auslab-labrtr-malgw;
}
}
}

BIN
lab/docs/LabLogical-Devices.png Executable file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 62 KiB

88
lab/vagrant/Vagrantfile vendored Executable file
View File

@ -0,0 +1,88 @@
# -*- mode: ruby -*-
# vi: set ft=ruby :
# Vagrantfile API/syntax version. Don't touch unless you know what you're doing!
VAGRANTFILE_API_VERSION = "2"
# Convenience function for running Postgres commands. Accesses via temporarily-linked container.
def postgres(cmd)
"docker run --rm --link postgres:postgres -u postgres postgres:9.3 #{cmd}"
end
Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
# All Vagrant configuration is done here. The most common configuration
# options are documented and commented below. For a complete reference,
# please see the online documentation at vagrantup.com.
# Create a private network, which allows host-only access to the machine
# using a specific IP.
# config.vm.network "private_network", ip: "192.168.33.10"
# Create a public network, which generally matched to bridged network.
# Bridged networks make the machine appear as another physical device on
# your network.
# config.vm.network "public_network"
# If true, then any SSH connections made will enable agent forwarding.
# Default value: false
# config.ssh.forward_agent = true
# Share an additional folder to the guest VM. The first argument is
# the path on the host to the actual folder. The second argument is
# the path on the guest to mount the folder. And the optional third
# argument is a set of non-required options.
# config.vm.synced_folder "../data", "/vagrant_data"
# Provider-specific configuration so you can fine-tune various
# backing providers for Vagrant. These expose provider-specific options.
# Example for VirtualBox:
#
config.vm.provider "virtualbox" do |vb|
# # Don't boot with headless mode
# vb.gui = true
#
# # Use VBoxManage to customize the VM. For example to change memory:
# vb.customize ["modifyvm", :id, "--memory", "1024"]
vb.memory = 1024
end
#
# View the documentation for the provider you're using for more
# information on available options. # Enable provisioning with CFEngine. CFEngine Community packages are
config.vm.define :hearth do |hearth|
hearth.vm.box = "ubuntu/trusty64"
hearth.vm.hostname = "hearth"
hearth.vm.network :forwarded_port, guest: 80, host: 8080
hearth.vm.provision :docker do |d|
d.pull_images "postgres:9.3"
d.build_image "/vagrant/docker/thefnf/freeradius", args: "-t thefnf/freeradius"
d.build_image "/vagrant/docker/thefnf/odoo", args: "-t thefnf/odoo"
d.run "thefnf/freeradius", args: "--name radius -p :1813:1813 -p :1863:1863"
d.run "postgres:9.3", args: "--name postgres"
end
hearth.vm.provision :shell, inline: """
sleep 5 # Give Postgres a chance to start
#{postgres("psql -h postgres -c \"CREATE USER odoo WITH UNENCRYPTED PASSWORD 'password' CREATEDB;\"")}
"""
hearth.vm.provision :docker do |d|
d.run "thefnf/odoo", args: "--name odoo --link postgres:postgres -p :80:8069"
end
end
config.vm.define :freedomlink do |fl|
fl.vm.box = "box-cutter/debian76"
fl.vm.hostname = "freedomlink"
end
end

6
lab/vagrant/docker/thefnf/freeradius/Dockerfile Executable file
View File

@ -0,0 +1,6 @@
FROM ubuntu:14.04
EXPOSE 1813 1863
RUN apt-get update && \
apt-get upgrade -y && \
apt-get install -y freeradius
CMD freeradius -f

55
lab/vagrant/docker/thefnf/freeside/Dockerfile Executable file
View File

@ -0,0 +1,55 @@
FROM debian:7
ENV VERSION 3.3
RUN echo deb http://freeside.biz/~ivan/freeside-wheezy/ ./ >/etc/apt/sources.list.d/freeside.list && \
apt-get update && \
apt-get upgrade -y && \
apt-get install -y --force-yes --no-install-recommends adduser apache2 apache2-mpm-prefork apache2-utils curl gcc gnupg ghostscript gsfonts gzip latex-xcolor \
less libapache-dbi-perl libapache2-mod-perl2 libapache2-request-perl libapache-session-perl \
libbusiness-creditcard-perl libcache-cache-perl libcache-simple-timedexpiry-perl libchart-perl \
libclass-container-perl libclass-data-inheritable-perl libclass-returnvalue-perl libcolor-scheme-perl \
libio-compress-perl libconvert-binhex-perl libcrypt-passwdmd5-perl libcrypt-ssleay-perl libcss-squish-perl \
libdate-manip-perl libdbd-mysql-perl libdbd-pg-perl libdbi-perl libdbix-dbschema-perl libdbix-searchbuilder-perl \
libdevel-stacktrace-perl libdevel-symdump-perl liberror-perl libexception-class-perl \
libfile-counterfile-perl libfile-rsync-perl libfont-afm-perl libfreezethaw-perl libfrontier-rpc-perl \
libgd-gd2-perl libgd-graph-perl libgd2-xpm libhtml-format-perl libhtml-mason-perl libhtml-parser-perl \
libhtml-scrubber-perl libhtml-tagset-perl libhtml-tree-perl libhtml-widgets-selectlayers-perl libio-stringy-perl \
libipc-run-perl libipc-run3-perl libipc-sharelite-perl libjavascript-rpc-perl libjson-perl \
liblingua-en-inflect-perl liblingua-en-nameparse-perl liblocale-gettext-perl liblocale-maketext-fuzzy-perl \
liblocale-maketext-lexicon-perl liblocale-subcountry-perl liblog-dispatch-perl libmailtools-perl libmime-tools-perl \
libmodule-versions-report-perl libnet-daemon-perl libnet-ping-external-perl libnet-scp-perl libnet-ssh-perl \
libnet-whois-raw-perl libnetaddr-ip-perl libnumber-format-perl libpam-modules libpam-runtime libpaper-utils \
libparams-validate-perl libparse-recdescent-perl libpcre3 libpg-perl libregexp-common-perl \
libspreadsheet-writeexcel-perl libstring-approx-perl libstring-shellquote-perl libterm-readkey-perl \
libtest-inline-perl libtext-autoformat-perl libtext-charwidth-perl libtext-csv-perl libtext-csv-xs-perl libtext-iconv-perl \
libtext-quoted-perl libtext-reform-perl libtext-template-perl libtext-wrapi18n-perl libtext-wrapper-perl \
libtie-ixhash-perl libtime-duration-perl libtime-modules-perl libtimedate-perl libtree-simple-perl \
libuniversal-require-perl liburi-perl libwant-perl libwww-perl libxml-parser-perl libyaml-perl lmodern make \
perl perl-base perl-modules texlive \
texlive-latex-extra texinfo traceroute ttf-bitstream-vera ttf-dustin ucf zlib1g \
libdatetime-perl libdatetime-format-strptime-perl libfile-slurp-perl libspreadsheet-parseexcel-perl \
libauthen-passphrase-perl libnet-domain-tld-perl libbusiness-us-usps-webtools-perl libxml-simple-perl \
libemail-sender-perl libemail-sender-transport-smtp-tls-perl libemail-sender-perl \
libemail-sender-transport-smtp-tls-perl libhtml-defang-perl libdatetime-format-natural-perl libcgi-pm-perl \
libfile-sharedir-perl libmodule-versions-report-perl libtext-wikiformat-perl libnet-server-perl \
libhttp-server-simple-perl libhtml-rewriteattributes-perl libmime-types-perl libperlio-eol-perl \
libgnupg-interface-perl libdata-ical-perl libcalendar-simple-perl libdatetime-set-perl \
libhook-lexwrap-perl libhttp-server-simple-mason-perl libxml-rss-perl libipc-run-safehandles-perl libpoe-perl \
libsoap-lite-perl libhtml-tableextract-perl libhtml-element-extended-perl libcam-pdf-perl libgd-barcode-perl \
libnet-openssh-perl libgeo-coder-googlev3-perl libgeo-googleearth-pluggable-perl libnet-snmp-perl \
libcrypt-openssl-rsa-perl libpdf-webkit-perl wkhtmltopdf xvfb \
sam2p psmisc libsys-sigaction-perl liblog-dispatch-perl libconvert-color-perl libdate-simple-perl libemail-valid-perl \
libencode-perl libexcel-writer-xlsx-perl libhtml-mason-psgihandler-perl libhtml-quoted-perl libio-string-perl \
libregexp-common-net-cidr-perl libregexp-ipv6-perl libsnmp-perl libtext-password-pronounceable-perl \
libparse-fixedlength-perl && \
cd /usr/src && \
curl http://www.freeside.biz/freeside/freeside-$VERSION.tar.gz |tar xz && \
adduser freeside --system --group --shell /bin/bash && \
rm -rf /var/www/*
ADD Makefile /usr/src/freeside-$VERSION/Makefile
RUN cd /usr/src/freeside-$VERSION && \
make perl-modules && \
make install-perl-modules && \
make create-config && \
make install-docs && \
make install-apache
USER freeside

468
lab/vagrant/docker/thefnf/freeside/Makefile Executable file
View File

@ -0,0 +1,468 @@
#!/usr/bin/make
#solaris and perhaps other very weirdass /bin/sh
#SHELL="/bin/ksh"
DB_TYPE = Pg
#DB_TYPE = mysql
DB_USER = freeside
DB_PASSWORD=password
DATASOURCE = DBI:${DB_TYPE}:dbname=freeside;host=postgres
#changable now (some things which should go to the others still go to CONF)
FREESIDE_CONF = /usr/local/etc/freeside
FREESIDE_LOG = /usr/local/etc/freeside
FREESIDE_LOCK = /usr/local/etc/freeside
FREESIDE_CACHE = /usr/local/etc/freeside
FREESIDE_EXPORT = /usr/local/etc/freeside
MASON_HANDLER = ${FREESIDE_CONF}/handler.pl
MASONDATA = ${FREESIDE_CACHE}/masondata
#where to put the default configuraiton used by freeside-setup to initialize
#a new database (not used after that). primarily of interest to distro
#package maintainers
DIST_CONF = ${FREESIDE_CONF}/default_conf
#deb
FREESIDE_DOCUMENT_ROOT = /var/www
#redhat, fedora, mandrake
#FREESIDE_DOCUMENT_ROOT = /var/www/html/freeside
#freebsd
#FREESIDE_DOCUMENT_ROOT = /usr/local/www/data/freeside
#openbsd
#FREESIDE_DOCUMENT_ROOT = /var/www/htdocs/freeside
#suse
#FREESIDE_DOCUMENT_ROOT = /srv/www/htdocs/freeside
#apache
#FREESIDE_DOCUMENT_ROOT = /usr/local/apache/htdocs/freeside
#deb, redhat, fedora, mandrake, suse, others?
INIT_FILE = /etc/init.d/freeside
#freebsd
#INIT_FILE = /usr/local/etc/rc.d/011.freeside.sh
#deb
INIT_INSTALL = PATH=$PATH:/sbin /usr/sbin/update-rc.d freeside defaults 23 01
#redhat, fedora
#INIT_INSTALL = /sbin/chkconfig freeside on
#not necessary (freebsd)
#INIT_INSTALL = /usr/bin/true
#deb, suse
#HTTPD_RESTART = /etc/init.d/apache restart
#deb w/apache2
HTTPD_RESTART = /etc/init.d/apache2 restart
#redhat, fedora, mandrake
#HTTPD_RESTART = /etc/init.d/httpd restart
#freebsd
#HTTPD_RESTART = /usr/local/etc/rc.d/apache.sh stop || true; sleep 10; /usr/local/etc/rc.d/apache.sh start
#openbsd
#HTTPD_RESTART = kill -TERM `cat /var/www/logs/httpd.pid`; sleep 10; /usr/sbin/httpd -u -DSSL
#apache
#HTTPD_RESTART = /usr/local/apache/bin/apachectl stop; sleep 10; /usr/local/apache/bin/apachectl startssl
#(an include directory, not a file, "Include /etc/apache/conf.d" in httpd.conf)
#deb (3.1+), apache2
APACHE_CONF = /etc/apache2/conf.d
INSSERV_OVERRIDE = /etc/insserv/overrides
FREESIDE_RESTART = ${INIT_FILE} restart
#deb, redhat, fedora, mandrake, suse, others?
INSTALLGROUP = root
#freebsd, openbsd
#INSTALLGROUP = wheel
#edit the stuff below to have the daemons start
QUEUED_USER=fs_queue
API_USER = fs_api
SELFSERVICE_USER = fs_selfservice
#never run on the same machine in production!!!
SELFSERVICE_MACHINES =
# SELFSERVICE_MACHINES = www.example.com
# SELFSERVICE_MACHINES = web1.example.com web2.example.com
#user with sudo access on SELFSERVICE_MACHINES for automated self-service
#installation.
SELFSERVICE_INSTALL_USER = ivan
SELFSERVICE_INSTALL_USERADD = /usr/sbin/useradd
#SELFSERVICE_INSTALL_USERADD = "/usr/sbin/pw useradd"
#RT_ENABLED = 0
RT_ENABLED = 1
RT_DOMAIN = example.com
RT_TIMEZONE = US/Pacific
#RT_TIMEZONE = US/Eastern
FREESIDE_URL = "http://localhost/freeside/"
#for now, same db as specified in DATASOURCE... eventually, otherwise?
RT_DB_DATABASE = freeside
TORRUS_ENABLED = 0
# for auto-version updates, so we can "make release" more things automatically
RPM_SPECFILE = rpm/freeside.spec
#---
#rt/config.layout.in
RT_PATH = /opt/rt3
#only used for dev kludge now, not a big deal
FREESIDE_PATH = `pwd`
PERL_INC_DEV_KLUDGE = /usr/local/share/perl/5.14.2/
VERSION := `grep '^$$VERSION' FS/FS.pm | cut -d\' -f2`
TAG := freeside_`grep '^$$VERSION' FS/FS.pm | cut -d\' -f2 | perl -pe 's/\./_/g'`
#DEBVERSION = `echo ${VERSION} | perl -pe 's/(\d)([a-z])/\1~\2/'`-1
TEXMFHOME := "\$$TEXMFHOME"
ver:
@echo "${VERSION}"
tag:
@echo "${TAG}"
help:
@echo "supported targets:"
@echo " create-database create-config"
@echo " install deploy"
@echo " configure-rt create-rt"
@echo " clean help"
@echo
@echo " install-docs install-perl-modules"
@echo " install-init install-apache"
@echo " install-rt install-texmf"
@echo " install-selfservice update-selfservice"
@echo
@echo " dev dev-docs dev-perl-modules"
@echo
@echo " masondocs alldocs docs"
@echo " wikiman"
@echo " perl-modules"
#@echo
#@echo " upload-docs release"
masondocs: httemplate/* httemplate/*/* httemplate/*/*/* httemplate/*/*/*/*
rm -rf masondocs
cp -pr httemplate masondocs
touch masondocs
alldocs: masondocs
docs:
make masondocs
wikiman:
chmod a+rx ./bin/pod2x
./bin/pod2x
install-docs: docs
#ancient attempt to avoid overwriting customer modifications directly to production web files that's overlived its usefulness
#[ -e ${FREESIDE_DOCUMENT_ROOT} ] && mv ${FREESIDE_DOCUMENT_ROOT} ${FREESIDE_DOCUMENT_ROOT}.`date +%Y%m%d%H%M%S` || true
#cp -r masondocs ${FREESIDE_DOCUMENT_ROOT}
[ -h ${FREESIDE_DOCUMENT_ROOT} ] && rm ${FREESIDE_DOCUMENT_ROOT} || true
mkdir -p ${FREESIDE_DOCUMENT_ROOT}
cp -r masondocs/* masondocs/.htaccess ${FREESIDE_DOCUMENT_ROOT}
chown -R freeside:freeside ${FREESIDE_DOCUMENT_ROOT}
install -D htetc/handler.pl ${MASON_HANDLER}
perl -p -i -e "\
s|%%%FREESIDE_EXPORT%%%|${FREESIDE_EXPORT}|g;\
s'%%%RT_ENABLED%%%'${RT_ENABLED}'g; \
" ${MASON_HANDLER} || true
mkdir -p ${FREESIDE_EXPORT}/profile
chown freeside ${FREESIDE_EXPORT}/profile
cp htetc/htpasswd.logout ${FREESIDE_CONF}
[ ! -e ${MASONDATA} ] && mkdir ${MASONDATA} || true
chown -R freeside ${MASONDATA}
dev-docs:
[ -e ${FREESIDE_DOCUMENT_ROOT} ] && mv ${FREESIDE_DOCUMENT_ROOT} ${FREESIDE_DOCUMENT_ROOT}.`date +%Y%m%d%H%M%S` || true
ln -s ${FREESIDE_PATH}/httemplate ${FREESIDE_DOCUMENT_ROOT}
cp htetc/handler.pl ${MASON_HANDLER}
perl -p -i -e "\
s'###use Module::Refresh;###'use Module::Refresh;'; \
s'###Module::Refresh->refresh;###'Module::Refresh->refresh;'; \
s|%%%FREESIDE_EXPORT%%%|${FREESIDE_EXPORT}|g;\
s'%%%RT_ENABLED%%%'${RT_ENABLED}'g; \
" ${MASON_HANDLER} || true
perl-modules:
cd FS; \
[ -e Makefile ] || perl Makefile.PL; \
make; \
perl -p -i -e "\
s|%%%FREESIDE_CONF%%%|${FREESIDE_CONF}|g;\
s|%%%FREESIDE_CACHE%%%|${FREESIDE_CACHE}|g;\
s'%%%FREESIDE_DOCUMENT_ROOT%%%'${FREESIDE_DOCUMENT_ROOT}'g; \
s'%%%RT_ENABLED%%%'${RT_ENABLED}'g; \
s'%%%RT_PATH%%%'${RT_PATH}'g; \
s'%%%MASONDATA%%%'${MASONDATA}'g;\
s/%%%SELFSERVICE_USER%%%/${SELFSERVICE_USER}/g;\
" blib/lib/FS/*.pm;\
perl -p -i -e "\
s/%%%SELFSERVICE_USER%%%/${SELFSERVICE_USER}/g;\
s/%%%SELFSERVICE_MACHINES%%%/${SELFSERVICE_MACHINES}/g;\
s|%%%FREESIDE_EXPORT%%%|${FREESIDE_EXPORT}|g;\
" blib/lib/FS/Cron/*.pm;\
perl -p -i -e "\
s|%%%FREESIDE_CONF%%%|${FREESIDE_CONF}|g;\
s|%%%FREESIDE_EXPORT%%%|${FREESIDE_EXPORT}|g;\
s|%%%FREESIDE_LOG%%%|${FREESIDE_LOG}|g;\
" blib/lib/FS/part_export/*.pm;\
perl -p -i -e "\
s|%%%FREESIDE_CACHE%%%|${FREESIDE_CACHE}|g;\
" blib/lib/FS/cust_main/*.pm blib/lib/FS/cust_pkg/*.pm;\
perl -p -i -e "\
s|%%%FREESIDE_LOG%%%|${FREESIDE_LOG}|g;\
" blib/lib/FS/Daemon/*.pm;\
perl -p -i -e "\
s|%%%FREESIDE_CONF%%%|${FREESIDE_CONF}|g;\
s|%%%FREESIDE_LOG%%%|${FREESIDE_LOG}|g;\
s|%%%FREESIDE_LOCK%%%|${FREESIDE_LOCK}|g;\
s|%%%FREESIDE_CACHE%%%|${FREESIDE_CACHE}|g;\
s|%%%FREESIDE_EXPORT%%%|${FREESIDE_EXPORT}|g;\
s|%%%DIST_CONF%%%|${DIST_CONF}|g;\
" blib/script/*
install-perl-modules: perl-modules install-rt-initialdata
[ -L ${PERL_INC_DEV_KLUDGE}/FS ] \
&& rm ${PERL_INC_DEV_KLUDGE}/FS \
&& mv ${PERL_INC_DEV_KLUDGE}/FS.old ${PERL_INC_DEV_KLUDGE}/FS \
|| true
cd FS; \
make install UNINST=1
#install this for freeside-setup
install -d $(DIST_CONF)
#install conf/[a-z]* $(DEFAULT_CONF)
#CVS is not [a-z]
install `ls -d conf/[a-z]* | grep -v CVS | grep -v '^conf/registries'` $(DIST_CONF)
dev-perl-modules: perl-modules
[ -d ${PERL_INC_DEV_KLUDGE}/FS -a ! -L ${PERL_INC_DEV_KLUDGE}/FS ] \
&& mv ${PERL_INC_DEV_KLUDGE}/FS ${PERL_INC_DEV_KLUDGE}/FS.old \
|| true
rm -rf ${PERL_INC_DEV_KLUDGE}/FS
ln -sf ${FREESIDE_PATH}/FS/blib/lib/FS ${PERL_INC_DEV_KLUDGE}/FS
install-texmf:
install -D -o freeside -m 444 etc/longtable.sty \
/usr/local/share/texmf/tex/latex/longtable.sty
texhash /usr/local/share/texmf
install-init:
#[ -e ${INIT_FILE} ] || install -o root -g ${INSTALLGROUP} -m 711 init.d/freeside-init ${INIT_FILE}
install -o root -g ${INSTALLGROUP} -m 711 init.d/freeside-init ${INIT_FILE}
perl -p -i -e "\
s/%%%QUEUED_USER%%%/${QUEUED_USER}/g;\
s/%%%API_USER%%%/${API_USER}/g;\
s/%%%SELFSERVICE_USER%%%/${SELFSERVICE_USER}/g;\
s/%%%SELFSERVICE_MACHINES%%%/${SELFSERVICE_MACHINES}/g;\
" ${INIT_FILE}
${INIT_INSTALL}
install-apache:
[ -e ${APACHE_CONF}/freeside-base.conf ] && rm ${APACHE_CONF}/freeside-base.conf || true
[ -d ${APACHE_CONF} ] && \
( install -o root -m 755 htetc/freeside-base2.conf ${APACHE_CONF} && \
( [ ${RT_ENABLED} -eq 1 ] && install -o root -m 755 htetc/freeside-rt.conf ${APACHE_CONF} || true ) && \
( [ ${TORRUS_ENABLED} -eq 1 ] && install -o root -m 755 htetc/freeside-torrus.conf ${APACHE_CONF} || true ) && \
perl -p -i -e "\
s'%%%FREESIDE_DOCUMENT_ROOT%%%'${FREESIDE_DOCUMENT_ROOT}'g; \
s'%%%FREESIDE_CONF%%%'${FREESIDE_CONF}'g; \
s'%%%MASON_HANDLER%%%'${MASON_HANDLER}'g; \
" ${APACHE_CONF}/freeside-*.conf \
) || true
[ -d ${INSSERV_OVERRIDE} ] && [ -x /sbin/insserv ] && ( install -o root -m 755 init.d/insserv-override-apache2 ${INSSERV_OVERRIDE}/apache2 && insserv -d ) || true
install-selfservice:
[ -e ~freeside ] || cp -pr /etc/skel ~freeside && chown -R freeside ~freeside
[ -e ~freeside/.ssh/id_dsa.pub ] || [ -e ~freeside/.ssh/id_rsa.pub ] || su - freeside -c 'ssh-keygen -t dsa'
for MACHINE in ${SELFSERVICE_MACHINES}; do \
scp -r fs_selfservice/FS-SelfService ${SELFSERVICE_INSTALL_USER}@$$MACHINE:. ;\
ssh ${SELFSERVICE_INSTALL_USER}@$$MACHINE "cd FS-SelfService; perl Makefile.PL && make" ;\
ssh ${SELFSERVICE_INSTALL_USER}@$$MACHINE "cd FS-SelfService; sudo make install" ;\
scp ~freeside/.ssh/id_dsa.pub ${SELFSERVICE_INSTALL_USER}@$$MACHINE:. ;\
ssh ${SELFSERVICE_INSTALL_USER}@$$MACHINE "sudo ${SELFSERVICE_INSTALL_USERADD} freeside; sudo install -d -o freeside -m 755 ~freeside/.ssh/; sudo install -o freeside -m 600 ./id_dsa.pub ~freeside/.ssh/authorized_keys" ;\
ssh ${SELFSERVICE_INSTALL_USER}@$$MACHINE "sudo install -o freeside -d /usr/local/freeside" ;\
done
update-selfservice:
for MACHINE in ${SELFSERVICE_MACHINES}; do \
RSYNC_RSH=ssh rsync -rlptz fs_selfservice/FS-SelfService/ ${SELFSERVICE_INSTALL_USER}@$$MACHINE:FS-SelfService ;\
ssh ${SELFSERVICE_INSTALL_USER}@$$MACHINE "cd FS-SelfService; make clean; perl Makefile.PL && make" ;\
ssh ${SELFSERVICE_INSTALL_USER}@$$MACHINE "cd FS-SelfService; sudo make install" ;\
done
install-chown:
chown freeside "${FREESIDE_CACHE}/counters.${DATASOURCE}"
chown freeside "${FREESIDE_CACHE}/cache.${DATASOURCE}"
chown freeside "${FREESIDE_EXPORT}/export.${DATASOURCE}"
install: install-perl-modules install-docs install-init install-apache install-rt install-torrus install-texmf install-chown
deploy: install
${HTTPD_RESTART}
${FREESIDE_RESTART}
dev: dev-perl-modules dev-docs
create-database:
perl -e 'use DBIx::DataSource qw( create_database ); create_database( "${DATASOURCE}", "${DB_USER}", "${DB_PASSWORD}" ) or die $$DBIx::DataSource::errstr;'
create-config: install-perl-modules
[ -e ${FREESIDE_CONF} ] && mv ${FREESIDE_CONF} ${FREESIDE_CONF}.`date +%Y%m%d%H%M%S` || true
install -d -o freeside ${FREESIDE_CONF}
touch ${FREESIDE_CONF}/secrets
chown freeside ${FREESIDE_CONF}/secrets
chmod 600 ${FREESIDE_CONF}/secrets
/bin/echo -e "${DATASOURCE}\n${DB_USER}\n${DB_PASSWORD}" >${FREESIDE_CONF}/secrets
chmod 600 ${FREESIDE_CONF}/secrets
chown freeside ${FREESIDE_CONF}/secrets
mkdir "${FREESIDE_CACHE}/counters.${DATASOURCE}"
chown freeside "${FREESIDE_CACHE}/counters.${DATASOURCE}"
mkdir "${FREESIDE_CACHE}/cache.${DATASOURCE}"
chown freeside "${FREESIDE_CACHE}/cache.${DATASOURCE}"
mkdir "${FREESIDE_EXPORT}/export.${DATASOURCE}"
chown freeside "${FREESIDE_EXPORT}/export.${DATASOURCE}"
#install this for freeside-setup
install -d $(DIST_CONF)
#install conf/[a-z]* $(DEFAULT_CONF)
#CVS is not [a-z]
install `ls -d conf/[a-z]* | grep -v CVS | grep -v '^conf/registries'` $(DIST_CONF)
configure-rt:
cd rt; \
cp config.layout.in config.layout; \
perl -p -i -e "\
s'%%%FREESIDE_DOCUMENT_ROOT%%%'${FREESIDE_DOCUMENT_ROOT}'g;\
s'%%%MASONDATA%%%'${MASONDATA}'g;\
" config.layout; \
./configure --enable-layout=Freeside\
--with-db-type=${DB_TYPE} \
--with-db-dba=${DB_USER} \
--with-db-database=${RT_DB_DATABASE} \
--with-db-rt-user=${DB_USER} \
--with-db-rt-pass="${DB_PASSWORD}" \
--with-web-user=freeside \
--with-web-group=freeside \
--with-rt-group=freeside \
--with-web-handler=modperl2
create-rt: configure-rt
[ -d /opt ] || mkdir /opt #doh
[ -d /opt/rt3 ] || mkdir /opt/rt3 #
[ -d /opt/rt3/share ] || mkdir /opt/rt3/share #
cd rt; make install
rt/sbin/rt-setup-database --dba '${DB_USER}' \
--dba-password '${DB_PASSWORD}' \
--action schema \
|| true
rt/sbin/rt-setup-database --dba-password '${DB_PASSWORD}' \
--action coredata \
&& rt/sbin/rt-setup-database --dba-password '${DB_PASSWORD}' \
--action insert \
--datafile ${RT_PATH}/etc/initialdata \
|| true
install-rt:
if [ ${RT_ENABLED} -eq 1 ]; then ( cd rt; make install ); fi
if [ ${RT_ENABLED} -eq 1 ]; then perl -p -i -e "\
s'%%%RT_DOMAIN%%%'${RT_DOMAIN}'g;\
s'%%%RT_TIMEZONE%%%'${RT_TIMEZONE}'g;\
s'%%%FREESIDE_URL%%%'${FREESIDE_URL}'g;\
" ${RT_PATH}/etc/RT_SiteConfig.pm; fi
if [ ${RT_ENABLED} -eq 1 ]; then \
chown -R freeside:freeside ${RT_PATH}/etc; fi
install-rt-initialdata:
if [ ${RT_ENABLED} -eq 1 ] && [ -d ${RT_PATH} ]; then \
chown -R freeside:freeside ${RT_PATH}/etc; \
install -D -o freeside -g freeside -m 0440 rt/etc/initialdata \
${RT_PATH}/etc/initialdata; fi
configure-torrus:
cd torrus; \
torrus_user=freeside var_user=freeside var_group=freeside ./configure
install-torrus:
if [ ${TORRUS_ENABLED} -eq 1 ]; then ( cd torrus; \
make; \
make install; \
perl -p -i -e "\
s'%%%FREESIDE_URL%%%'${FREESIDE_URL}'g;\
" /usr/local/etc/torrus/conf/torrus-siteconfig.pl; \
torrus clearcache \
);fi
clean:
rm -rf masondocs
rm -rf httemplate/docs/man
rm -rf pod2htmi.tmp
rm -rf pod2htmd.tmp
-cd FS; \
make clean
-cd fs_selfservice/FS-SelfService; \
make clean
#these are probably only useful if you're me...
#release: upload-docs
.PHONY: release
release:
# Update the changelog
#./bin/cvs2cl
#cvs commit -m "Updated for ${VERSION}" ChangeLog
# Update the RPM specfile
#cvs edit ${RPM_SPECFILE}
#perl -p -i -e "s/\d+[^\}]+/${VERSION}/ if /%define\s+version\s+(\d+[^\}]+)\}/;" ${RPM_SPECFILE}
#perl -p -i -e "s/\d+[^\}]+/1/ if /%define\s+release\s+(\d+[^\}]+)\}/;" ${RPM_SPECFILE}
#cvs commit -m "Updated for ${VERSION}" ${RPM_SPECFILE}
# Update the Debian changelog
#cvs edit debian/changelog
#dch -v ${DEBVERSION} -p "New upstream release"
#cvs commit -m "Updated for ${VERSION}" debian/changelog
# Make sure other people's changes are pulled in!
git pull
# Tag the release
git tag -f ${TAG}
#cd /home/ivan
git archive --prefix=freeside-${VERSION}/ ${TAG} | gzip -9 >freeside-${VERSION}.tar.gz
scp freeside-${VERSION}.tar.gz ivan@420.am:/var/www/www.sisd.com/freeside/
mv freeside-${VERSION}.tar.gz ..
#these things failing should not make release target fail, so: "|| true"
#kick off vmware update
#./BUILD_VMWARE_APPLIANCE ${$TAG} || true
#kick off deb package update
#kick off rpm package update too?
#update web demo?
#update web demo self-service?

13
lab/vagrant/docker/thefnf/odoo/Dockerfile Executable file
View File

@ -0,0 +1,13 @@
FROM python:2.7
RUN apt-get install -y libldap2-dev libsasl2-dev && \
adduser odoo --system --group --shell /bin/bash
USER odoo
ENV HOME /home/odoo
ENV PATH $HOME/.local/bin:$PATH
WORKDIR /home/odoo
RUN curl http://nightly.odoo.com/8.0/nightly/src/odoo_8.0-latest.tar.gz |tar xz --strip-components 1 && \
python setup.py install --user && \
python setup.py install --user --single-version-externally-managed --root / # Strips version hash from module directories
ADD openerp_serverrc /home/odoo/.openerp_serverrc
EXPOSE 8069 8072
CMD openerp-server

62
lab/vagrant/docker/thefnf/odoo/openerp_serverrc Executable file
View File

@ -0,0 +1,62 @@
[options]
addons_path = /home/odoo/.local/lib/python2.7/site-packages/openerp/addons
admin_passwd = admin
auto_reload = False
csv_internal_sep = ,
data_dir = /home/odoo/.local/share/Odoo
db_host = postgres
db_maxconn = 64
db_name = False
db_password = odoo
db_port = 5432
db_template = template1
db_user = odoo
dbfilter = .*
debug_mode = False
demo = {}
email_from = False
import_partial =
limit_memory_hard = 2684354560
limit_memory_soft = 2147483648
limit_request = 8192
limit_time_cpu = 60
limit_time_real = 120
list_db = True
log_db = False
log_handler = [':INFO']
log_level = info
logfile = None
logrotate = False
longpolling_port = 8072
max_cron_threads = 2
osv_memory_age_limit = 1.0
osv_memory_count_limit = False
pg_path = None
pidfile = None
proxy_mode = False
reportgz = False
secure_cert_file = server.cert
secure_pkey_file = server.pkey
server_wide_modules = None
smtp_password = False
smtp_port = 25
smtp_server = localhost
smtp_ssl = False
smtp_user = False
syslog = False
test_commit = False
test_enable = False
test_file = False
test_report_directory = False
timezone = False
translate_modules = ['all']
unaccent = False
without_demo = False
workers = 0
xmlrpc = True
xmlrpc_interface =
xmlrpc_port = 8069
xmlrpcs = True
xmlrpcs_interface =
xmlrpcs_port = 8071

53
mtpconfigs/ovh/shared-router/shorewall/conntrack Executable file
View File

@ -0,0 +1,53 @@
#
# Shorewall version 4 - conntrack File
#
# For information about entries in this file, type "man shorewall-conntrack"
#
##############################################################################################################
?FORMAT 3
#ACTION SOURCE DESTINATION PROTO DEST SOURCE USER/ SWITCH
# PORT(S) PORT(S) GROUP
?if $AUTOHELPERS && __CT_TARGET
?if __AMANDA_HELPER
CT:helper:amanda:PO - - udp 10080
?endif
?if __FTP_HELPER
CT:helper:ftp:PO - - tcp 21
?endif
?if __H323_HELPER
CT:helper:RAS:PO - - udp 1719
CT:helper:Q.931:PO - - tcp 1720
?endif
?if __IRC_HELPER
CT:helper:irc:PO - - tcp 6667
?endif
?if __NETBIOS_NS_HELPER
CT:helper:netbios-ns:PO - - udp 137
?endif
?if __PPTP_HELPER
CT:helper:pptp:PO - - tcp 1723
?endif
?if __SANE_HELPER
CT:helper:sane:PO - - tcp 6566
?endif
?if __SIP_HELPER
CT:helper:sip:PO - - udp 5060
?endif
?if __SNMP_HELPER
CT:helper:snmp:PO - - udp 161
?endif
?if __TFTP_HELPER
CT:helper:tftp:PO - - udp 69
?endif
?endif

13
mtpconfigs/ovh/shared-router/shorewall/interfaces Executable file
View File

@ -0,0 +1,13 @@
#ZONE INTERFACE OPTIONS
rr eth0 detect tcpflags,nosmurfs,routefilter,logmartians
wan eth1 detect tcpflags,nosmurfs,routefilter,logmartians,sourceroute=0
barm eth2 detect tcpflags,nosmurfs,routefilter,logmartians
mgmt eth3 detect tcpflags,nosmurfs,routefilter,logmartians
asn eth4 detect tcpflags,nosmurfs,routefilter,logmartians
s2l eth5 detect tcpflags,nosmurfs,routefilter,logmartians
fnf eth6 detect tcpflags,nosmurfs,routefilter,logmartians
knel eth7 detect tcpflags,nosmurfs,routefilter,logmartians
tsys eth8 detect tcpflags,nosmurfs,routefilter,logmartians
vpnrwr tun0 detect dhcp
vpnauslab tun1 detect dhcp
vpnasn2net tun2 detect dhcp

19
mtpconfigs/ovh/shared-router/shorewall/masq Executable file
View File

@ -0,0 +1,19 @@
#
# Shorewall version 4.0 - Sample Masq file for two-interface configuration.
# Copyright (C) 2006 by the Shorewall Team
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# See the file README.txt for further details.
#------------------------------------------------------------------------------
# For information about entries in this file, type "man shorewall-masq"
################################################################################################################
#INTERFACE:DEST SOURCE ADDRESS PROTO PORT(S) IPSEC MARK USER/ SWITCH ORIGINAL
# GROUP DEST
eth1 10.0.0.0/8,\
169.254.0.0/16,\
172.16.0.0/12,\
192.168.0.0/16

28
mtpconfigs/ovh/shared-router/shorewall/params Executable file
View File

@ -0,0 +1,28 @@
#
# Shorewall version 4 - Params File
#
# /etc/shorewall/params
#
# Assign any variables that you need here.
#
# It is suggested that variable names begin with an upper case letter
# to distinguish them from variables used internally within the
# Shorewall programs
#
# Example:
#
# NET_IF=eth0
# NET_BCAST=130.252.100.255
# NET_OPTIONS=routefilter,norfc1918
#
# Example (/etc/shorewall/interfaces record):
#
# net $NET_IF $NET_BCAST $NET_OPTIONS
#
# The result will be the same as if the record had been written
#
# net eth0 130.252.100.255 routefilter,norfc1918
#
###############################################################################
#LAST LINE -- DO NOT REMOVE

20
mtpconfigs/ovh/shared-router/shorewall/policy Executable file
View File

@ -0,0 +1,20 @@
#SOURCE ZONE DESTINATION ZONE POLICY LOG LIMIT:BURST
# LEVEL
#Allow the firewall to get out to the net. Updates/e-mail alerts etc. I could pinhole this, but meh COME AT ME NSA
$FW wan ACCEPT
#Road warrior is trusted. It serves as an extension of the mgmt net.
vpnrwr all ACCEPT
#Anything transisting the vpn link between ausprod-core-rtr01 and tsys-rtr has already been passed firewall rules and IPS inspection.
#Otherwise I wouldn't allow this
vpnauslab all ACCEPT
#Drop everything inbound from the big bad world that isn't explicitly allowed.
#Cause the net is where the NSA lives
wan all DROP
#Drop everything that isn't explicitly allowed.
#Make explicit rules for everything yo. The NSA says you should. Duh.
# #state-sponsored-malware #stuxnet-was-an-inside-job
all all REJECT info

113
mtpconfigs/ovh/shared-router/shorewall/rules Executable file
View File

@ -0,0 +1,113 @@
#ACTION SOURCE DEST PROTO DEST PORT(S) SOURCE ORIGINAL
###########################################################################################################################################################################################################
#Inbound DNAT forwarding from WAN to various zone/ip pinholes
###########################################################################################################################################################################################################
#########################################################
#KNEL rules
#158.69.183.165/29 eth1:2
#########################################################
DNAT wan knel:10.253.8.72 tcp 443 - 158.69.183.165
DNAT wan knel:10.253.8.72 tcp 80 - 158.69.183.165
DNAT wan knel:10.253.8.72 tcp 993 - 158.69.183.165
DNAT wan knel:10.253.8.72 tcp 25 - 158.69.183.165
DNAT wan knel:10.253.8.72 tcp 465 - 158.69.183.165
DNAT wan knel:10.253.8.72 tcp 5222 - 158.69.183.165
#########################################################
#TSYS rules
#158.69.183.161/29 eth1
#########################################################
DNAT wan tsys:10.253.9.78 tcp 443 - 158.69.183.161
DNAT wan tsys:10.253.9.78 tcp 80 - 158.69.183.161
DNAT wan tsys:10.253.9.78 tcp 25 - 158.69.183.161
DNAT wan tsys:10.253.9.78 tcp 465 - 158.69.183.161
DNAT wan tsys:10.253.9.78 tcp 5222 - 158.69.183.161
#########################################################
#RackRental WAN rules
#158.69.183.164/29 eth1:1
#########################################################
#158.69.183.164/29
DNAT wan rr:10.253.6.81 tcp 443 - 158.69.183.164
DNAT wan rr:10.253.6.81 tcp 80 - 158.69.183.164
############################################################
#S2l/asn WAN rules handled by their upstream routers/admins
############################################################
###########################################################################################################################################################################################################
#site to site and road warrior VPN rules
###########################################################################################################################################################################################################
#Allow road warrior connectivity from anywhere
ACCEPT wan fw udp 443
#Allow auslab site to site vpn
ACCEPT wan fw tcp 1195
ACCEPT wan fw udp 1195
############################################################
#FW rules for RoadWarrior VPN
############################################################
ACCEPT all vpnrwr all
############################################################
#FW rules for STS VPN - AUSLAB
#ACCEPT loc vpnauslab all
############################################################
ACCEPT vpnauslab all all
ACCEPT $FW vpnauslab all
############################################################
#FW rules for STS VPN - client - asn2net
#Lock this down soon
############################################################
ACCEPT $FW vpnasn2net all
ACCEPT vpnasn2net $FW all
###########################################################################################################################################################################################################
#outbound from various local nets and the firewall to WAN
###########################################################################################################################################################################################################
ACCEPT rr wan all #Lock this down soon
ACCEPT rr tsys all #Lock this down soon
ACCEPT knel,tsys,mgmt wan all
#Temp rules to get stuff working..
ACCEPT $FW all all #Fw can access everything for now, Lock this down later
ACCEPT mgmt $FW
ACCEPT vpnauslab mgmt all
ACCEPT vpnauslab all all
###########################################################################################################################################################################################################
#intra zone pinhole rules
###########################################################################################################################################################################################################
ACCEPT vpnrwr,rr,barm,tsys,knel,fnf mgmt:10.253.3.86 udp 53
ACCEPT vpnrwr,rr,barm,tsys,knel,fnf mgmt:10.253.3.86 tcp 53
###########################################################################################################################################################################################################
#intra zone wide rules
###########################################################################################################################################################################################################
#Mgmt can hit everything yo, cause it's fucking management with a capital M
ACCEPT mgmt barm,tsys,knel,fnf,vpnrwr,asn,s2l,vpnauslab all
#Ad replication rule
ACCEPT mgmt:10.253.3.86 vpnauslab:10.251.2.98 all
ACCEPT vpnauslab:10.251.2.98 mgmt:10.253.3.86 all
#Zenoss rule
ACCEPT mgmt:10.253.3.77 all all
#Brendan mgmt access
ACCEPT vpnasn2net:10.30.1.2 mgmt:10.253.3.86 udp 53
ACCEPT vpnasn2net:10.30.1.2 mgmt:10.253.3.86 tcp 53
ACCEPT vpnasn2net:10.30.3.0/24 $FW
ACCEPT vpnasn2net:10.30.2.0/24 $FW
ACCEPT vpnasn2net:10.30.2.0/24 mgmt
ACCEPT vpnasn2net:10.30.3.0/24 mgmt

274
mtpconfigs/ovh/shared-router/shorewall/shorewall.conf Executable file
View File

@ -0,0 +1,274 @@
###############################################################################
#
# Shorewall Version 4 -- /etc/shorewall/shorewall.conf
#
# For information about the settings in this file, type "man shorewall.conf"
#
# Manpage also online at http://www.shorewall.net/manpages/shorewall.conf.html
###############################################################################
# S T A R T U P E N A B L E D
###############################################################################
STARTUP_ENABLED=Yes
###############################################################################
# V E R B O S I T Y
###############################################################################
VERBOSITY=1
###############################################################################
# L O G G I N G
###############################################################################
BLACKLIST_LOG_LEVEL=
INVALID_LOG_LEVEL=
LOG_MARTIANS=Yes
LOG_VERBOSITY=2
LOGALLNEW=
LOGFILE="/var/log/firewall.log"
LOGFORMAT="%s:%s:"
LOGTAGONLY=No
LOGLIMIT=
MACLIST_LOG_LEVEL=info
RELATED_LOG_LEVEL=
RPFILTER_LOG_LEVEL=info
SFILTER_LOG_LEVEL=info
SMURF_LOG_LEVEL=info
STARTUP_LOG=/var/log/shorewall-init.log
TCP_FLAGS_LOG_LEVEL=info
UNTRACKED_LOG_LEVEL=
###############################################################################
# L O C A T I O N O F F I L E S A N D D I R E C T O R I E S
###############################################################################
ARPTABLES=
CONFIG_PATH="${CONFDIR}/shorewall:${SHAREDIR}/shorewall"
GEOIPDIR=/usr/share/xt_geoip/LE
IPTABLES=
IP=
IPSET=
LOCKFILE=
MODULESDIR=
NFACCT=
PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin:/usr/local/sbin"
PERL=/usr/bin/perl
RESTOREFILE=restore
SHOREWALL_SHELL=/bin/sh
SUBSYSLOCK=""
TC=
###############################################################################
# D E F A U L T A C T I O N S / M A C R O S
###############################################################################
ACCEPT_DEFAULT=none
DROP_DEFAULT=Drop
NFQUEUE_DEFAULT=none
QUEUE_DEFAULT=none
REJECT_DEFAULT=Reject
###############################################################################
# R S H / R C P C O M M A N D S
###############################################################################
RCP_COMMAND='scp ${files} ${root}@${system}:${destination}'
RSH_COMMAND='ssh ${root}@${system} ${command}'
###############################################################################
# F I R E W A L L O P T I O N S
###############################################################################
ACCOUNTING=Yes
ACCOUNTING_TABLE=filter
ADD_IP_ALIASES=No
ADD_SNAT_ALIASES=No
ADMINISABSENTMINDED=Yes
IGNOREUNKNOWNVARIABLES=No
AUTOCOMMENT=Yes
AUTOHELPERS=Yes
AUTOMAKE=No
BLACKLIST="NEW,INVALID,UNTRACKED"
CHAIN_SCRIPTS=Yes
CLAMPMSS=No
CLEAR_TC=Yes
COMPLETE=No
DEFER_DNS_RESOLUTION=Yes
DELETE_THEN_ADD=Yes
DETECT_DNAT_IPADDRS=No
DISABLE_IPV6=No
DONT_LOAD=
DYNAMIC_BLACKLIST=Yes
EXPAND_POLICIES=Yes
EXPORTMODULES=Yes
FASTACCEPT=No
FORWARD_CLEAR_MARK=
HELPERS=
IMPLICIT_CONTINUE=No
IPSET_WARNINGS=Yes
IP_FORWARDING=On
KEEP_RT_TABLES=No
LEGACY_FASTSTART=Yes
LOAD_HELPERS_ONLY=No
MACLIST_TABLE=filter
MACLIST_TTL=
MANGLE_ENABLED=Yes
MAPOLDACTIONS=No
MARK_IN_FORWARD_CHAIN=No
MODULE_SUFFIX=ko
MULTICAST=Yes
MUTEX_TIMEOUT=60
NULL_ROUTE_RFC1918=No
OPTIMIZE=0
OPTIMIZE_ACCOUNTING=No
REJECT_ACTION=
REQUIRE_INTERFACE=No
RESTORE_DEFAULT_ROUTE=Yes
RESTORE_ROUTEMARKS=Yes
RETAIN_ALIASES=No
ROUTE_FILTER=Yes
SAVE_ARPTABLES=No
SAVE_IPSETS=No
TC_ENABLED=Internal
TC_EXPERT=No
TC_PRIOMAP="2 3 3 3 2 3 1 1 2 2 2 2 2 2 2 2"
TRACK_PROVIDERS=No
TRACK_RULES=No
USE_DEFAULT_RT=No
USE_PHYSICAL_NAMES=No
USE_RT_NAMES=No
WARNOLDCAPVERSION=Yes
ZONE2ZONE=2
###############################################################################
# P A C K E T D I S P O S I T I O N
###############################################################################
BLACKLIST_DISPOSITION=DROP
INVALID_DISPOSITION=CONTINUE
MACLIST_DISPOSITION=REJECT
RELATED_DISPOSITION=ACCEPT
RPFILTER_DISPOSITION=DROP
SMURF_DISPOSITION=DROP
SFILTER_DISPOSITION=DROP
TCP_FLAGS_DISPOSITION=DROP
UNTRACKED_DISPOSITION=CONTINUE
################################################################################
# P A C K E T M A R K L A Y O U T
################################################################################
TC_BITS=
PROVIDER_BITS=
PROVIDER_OFFSET=
MASK_BITS=
ZONE_BITS=0
################################################################################
# L E G A C Y O P T I O N
# D O N O T D E L E T E O R A L T E R
################################################################################
IPSECFILE=zones

14
mtpconfigs/ovh/shared-router/shorewall/zones Executable file
View File

@ -0,0 +1,14 @@
#ZONE TYPE OPTIONS
fw firewall
rr ipv4
wan ipv4
barm ipv4
mgmt ipv4
asn ipv4
s2l ipv4
fnf ipv4
knel ipv4
tsys ipv4
vpnrwr ipv4
vpnauslab ipv4
vpnasn2net ipv4

230
rubix/Monitoring/mibs/LM-SENSORS-MIB Executable file
View File

@ -0,0 +1,230 @@
LM-SENSORS-MIB DEFINITIONS ::= BEGIN
--
-- Derived from the original VEST-INTERNETT-MIB. Open issues:
--
-- (a) where to register this MIB?
-- (b) use not-accessible for diskIOIndex?
--
IMPORTS
MODULE-IDENTITY, OBJECT-TYPE, Integer32, Gauge32
FROM SNMPv2-SMI
DisplayString
FROM SNMPv2-TC
ucdExperimental
FROM UCD-SNMP-MIB;
lmSensorsMIB MODULE-IDENTITY
LAST-UPDATED "200011050000Z"
ORGANIZATION "AdamsNames Ltd"
CONTACT-INFO
"Primary Contact: M J Oldfield
email: m@mail.tc"
DESCRIPTION
"This MIB module defines objects for lm_sensor derived data."
REVISION "200011050000Z"
DESCRIPTION
"Derived from DISKIO-MIB ex UCD."
::= { lmSensors 1 }
lmSensors OBJECT IDENTIFIER ::= { ucdExperimental 16 }
--
lmTempSensorsTable OBJECT-TYPE
SYNTAX SEQUENCE OF LMTempSensorsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table of temperature sensors and their values."
::= { lmSensors 2 }
lmTempSensorsEntry OBJECT-TYPE
SYNTAX LMTempSensorsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry containing a device and its statistics."
INDEX { lmTempSensorsIndex }
::= { lmTempSensorsTable 1 }
LMTempSensorsEntry ::= SEQUENCE {
lmTempSensorsIndex Integer32,
lmTempSensorsDevice DisplayString,
lmTempSensorsValue Gauge32
}
lmTempSensorsIndex OBJECT-TYPE
SYNTAX Integer32 (0..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Reference index for each observed device."
::= { lmTempSensorsEntry 1 }
lmTempSensorsDevice OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The name of the temperature sensor we are reading."
::= { lmTempSensorsEntry 2 }
lmTempSensorsValue OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The temperature of this sensor in mC."
::= { lmTempSensorsEntry 3 }
--
lmFanSensorsTable OBJECT-TYPE
SYNTAX SEQUENCE OF LMFanSensorsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table of fan sensors and their values."
::= { lmSensors 3 }
lmFanSensorsEntry OBJECT-TYPE
SYNTAX LMFanSensorsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry containing a device and its statistics."
INDEX { lmFanSensorsIndex }
::= { lmFanSensorsTable 1 }
LMFanSensorsEntry ::= SEQUENCE {
lmFanSensorsIndex Integer32,
lmFanSensorsDevice DisplayString,
lmFanSensorsValue Gauge32
}
lmFanSensorsIndex OBJECT-TYPE
SYNTAX Integer32 (0..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Reference index for each observed device."
::= { lmFanSensorsEntry 1 }
lmFanSensorsDevice OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The name of the fan sensor we are reading."
::= { lmFanSensorsEntry 2 }
lmFanSensorsValue OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The rotation speed of the fan in RPM."
::= { lmFanSensorsEntry 3 }
--
lmVoltSensorsTable OBJECT-TYPE
SYNTAX SEQUENCE OF LMVoltSensorsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table of voltage sensors and their values."
::= { lmSensors 4 }
lmVoltSensorsEntry OBJECT-TYPE
SYNTAX LMVoltSensorsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry containing a device and its statistics."
INDEX { lmVoltSensorsIndex }
::= { lmVoltSensorsTable 1 }
LMVoltSensorsEntry ::= SEQUENCE {
lmVoltSensorsIndex Integer32,
lmVoltSensorsDevice DisplayString,
lmVoltSensorsValue Gauge32
}
lmVoltSensorsIndex OBJECT-TYPE
SYNTAX Integer32 (0..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Reference index for each observed device."
::= { lmVoltSensorsEntry 1 }
lmVoltSensorsDevice OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The name of the device we are reading."
::= { lmVoltSensorsEntry 2 }
lmVoltSensorsValue OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The voltage in mV."
::= { lmVoltSensorsEntry 3 }
--
lmMiscSensorsTable OBJECT-TYPE
SYNTAX SEQUENCE OF LMMiscSensorsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"Table of miscellaneous sensor devices and their values."
::= { lmSensors 5 }
lmMiscSensorsEntry OBJECT-TYPE
SYNTAX LMMiscSensorsEntry
MAX-ACCESS not-accessible
STATUS current
DESCRIPTION
"An entry containing a device and its statistics."
INDEX { lmMiscSensorsIndex }
::= { lmMiscSensorsTable 1 }
LMMiscSensorsEntry ::= SEQUENCE {
lmMiscSensorsIndex Integer32,
lmMiscSensorsDevice DisplayString,
lmMiscSensorsValue Gauge32
}
lmMiscSensorsIndex OBJECT-TYPE
SYNTAX Integer32 (0..65535)
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"Reference index for each observed device."
::= { lmMiscSensorsEntry 1 }
lmMiscSensorsDevice OBJECT-TYPE
SYNTAX DisplayString
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The name of the device we are reading."
::= { lmMiscSensorsEntry 2 }
lmMiscSensorsValue OBJECT-TYPE
SYNTAX Gauge32
MAX-ACCESS read-only
STATUS current
DESCRIPTION
"The value of this sensor."
::= { lmMiscSensorsEntry 3 }
END

30
rundeck/auslab Normal file
View File

@ -0,0 +1,30 @@
ausprod-core-rtr01-vlmgmt.turnsys.net:
hostname: ausprod-core-rtr01-vlmgmt.turnsys.net
username: root
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
tags: 'prod,auslab,physical,infra'
ausprod-labsvr.turnsys.net:
hostname: ausprod-labsvr.turnsys.net
username: root
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
tags: 'prod,auslab,physical,subo'
fsky2-rpi3.turnsys.net:
hostname: fsky2-rpi3.turnsys.net
username: root
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
tags: 'prod,auslab,physical,subo'
subo-logtest.turnsys.net:
hostname: subo-logtest.turnsys.net
username: root
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
tags: 'prod,auslab,physical,subo'
fground01.turnsys.net:
hostname: fground01.turnsys.net
username: root
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
tags: 'prod,auslab,physical,subo'
fground-flink.turnsys.net:
hostname: fground-flink.turnsys.net
username: root
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
tags: 'prod,auslab,physical,subo'

35
rundeck/ovh Normal file
View File

@ -0,0 +1,35 @@
shared-router.turnsys.net:
hostname: shared-router.turnsys.net
username: root
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
tags: 'prod,ovh,virtual,infra'
tsys-cloud.turnsys.net:
hostname: tsys-cloud.turnsys.net
username: root
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
tags: 'prod,ovh,virtual,tsys'
tsys-rr-shell.turnsys.net:
hostname: tsys-rr-shell.turnsys.net
username: root
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
tags: 'prod,ovh,virtual,rr'
tsys-rr-app.turnsys.net:
hostname: tsys-rr-app.turnsys.net
username: root
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
tags: 'prod,ovh,virtual,rr'
toolbox.turnsys.net:
hostname: toolbox.turnsys.net
username: root
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
tags: 'prod,ovh,virtual,infra'
shared-build.turnsys.net:
hostname: shared-build.turnsys.net
username: root
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
tags: 'prod,ovh,virtual,infra'
shared-zenoss.turnsys.net:
hostname: shared-zenoss.turnsys.net
username: root
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
tags: 'prod,ovh,virtual,infra'

20
rundeck/satx Normal file
View File

@ -0,0 +1,20 @@
ausprod-linsrv.turnsys.net:
hostname: ausprod-linsrv.turnsys.net
username: root
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
tags: 'prod,satx,physical,infra'
tsyscn4.turnsys.net:
hostname: tsyscn4.turnsys.net
username: root
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
tags: 'satx,physical,infra,tsys'
satxtimeserver.turnsys.net:
hostname: satxtimeserver.turnsys.net
username: root
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
tags: 'prod,satx,physical,infra'
octoprint.turnsys.net:
hostname: octoprint.turnsys.net
username: root
ssh-keypath: /var/lib/rundeck/ssh-keys/tsys_root.key
tags: 'prod,satx,physical,infra'

99
rundeck/sshConfig Executable file
View File

@ -0,0 +1,99 @@
StrictHostKeyChecking no
#IdentityFile /home/cwyble/.ssh/id_rsa
#Production systems
Host asn2net-linsrv
User asn2net
Hostname asn2net-linsrv.turnsys.net
Host asn2net-router
User admin
Hostname asn2net-router.turnsys.net
Host ausprod-core-ap01
Hostname ausprod-core-ap01.turnsys.net
User cisco
Host ausprod-core-rtr01
User localuser
Hostname ausprod-core-rtr01-vlmgmt.turnsys.net
Host ausprod-lab-sw01
Hostname ausprod-labsw01.turnsys.net
Host ausprod-lab-sw02
Hostname ausprod-labsw02.turnsys.net
Host ausprod-consrv
User root
ForwardX11 no
Hostname ausprod-consrv.turnsys.net
Host auslab-power
User root:7048
Hostname ausprod-consrv.turnsys.net
ForwardX11 no
Host ausprod-labsvr
User root
Hostname ausprod-labsvr.turnsys.net
Host ausprod-linsrv
User localuser
Hostname ausprod-linsrv.turnsys.net
Host dedi
User root
Hostname dedi.turnsys.com
ForwardX11 yes
Host shared-boss
User localuser
Hostname shared-boss.turnsys.net
Host shared-build
User localuser
Hostname shared-build.turnsys.net
Host shared-router
User root
Hostname shared-router.turnsys.net
Host toolbox
User localuser
Hostname toolbox.turnsys.net
Host shared-voip
User localuser
Hostname shared-voip.turnsys.net
Host shared-zenoss
User root
Hostname shared-zenoss.turnsys.net
Host tsys-rr-app
User root
Hostname tsys-rr-app.turnsys.net
Host tsys-rr-shell
User localuser
Hostname tsys-rr-shell.turnsys.net
Host tsys-cloud
User root
Hostname tsys-cloud.turnsys.net
Host tsyscn4
User localuser
Hostname tsyscn4.turnsys.net
Host shallowblue
User localuser
Hostname shallowblue.turnsys.net
Host tsys-taiga
User localuser
Hostname tsys-taiga.turnsys.net
Host subo-fground
User fground
Hostname fground01.turnsys.net
Host subo-fground-flink
User pi
Hostname fground-flink.turnsys.net
Host subo-fsky
User pi
Hostname fsky2-rpi3.turnsys.net
Host subo-logtest
User fground
Hostname subo-logtest.turnsys.net
Host satxtimeserver
User pi
Hostname satxtimeserver.turnsys.net
#Host ausprod-oob-sw01
#Host ausprod-oob-sw02
Host *
ForwardAgent yes

257
slack/bin/distro Executable file
View File

@ -0,0 +1,257 @@
#!/bin/sh
# Observium License Version 1.0
#
# Copyright (c) 2013 Joe Holden
#
# The intent of this license is to establish the freedom to use, share and contribute to
# the software regulated by this license.
#
# This license applies to any software containing a notice placed by the copyright holder
# saying that it may be distributed under the terms of this license. Such software is herein
# referred to as the Software. This license covers modification and distribution of the
# Software.
#
# Granted Rights
#
# 1. You are granted the non-exclusive rights set forth in this license provided you agree to
# and comply with any and all conditions in this license. Whole or partial distribution of the
# Software, or software items that link with the Software, in any form signifies acceptance of
# this license.
#
# 2. You may copy and distribute the Software in unmodified form provided that the entire package,
# including - but not restricted to - copyright, trademark notices and disclaimers, as released
# by the initial developer of the Software, is distributed.
#
# 3. You may make modifications to the Software and distribute your modifications, in a form that
# is separate from the Software, such as patches. The following restrictions apply to modifications:
#
# a. Modifications must not alter or remove any copyright notices in the Software.
# b. When modifications to the Software are released under this license, a non-exclusive royalty-free
# right is granted to the initial developer of the Software to distribute your modification in
# future versions of the Software provided such versions remain available under these terms in
# addition to any other license(s) of the initial developer.
#
# Limitations of Liability
#
# In no event shall the initial developers or copyright holders be liable for any damages whatsoever,
# including - but not restricted to - lost revenue or profits or other direct, indirect, special,
# incidental or consequential damages, even if they have been advised of the possibility of such damages,
# except to the extent invariable law, if any, provides otherwise.
#
# No Warranty
#
# The Software and this license document are provided AS IS with NO WARRANTY OF ANY KIND, INCLUDING THE
# WARRANTY OF DESIGN, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
#
# URL: https://github.com/joeholden/distroscript/
# README: https://raw.github.com/joeholden/distroscript/master/README.md
# Shells are made of dicks.
DISTROSCRIPT="1.0.15"
if [ -z ${DISTROFORMAT} ]; then
DISTROFORMAT="pipe"
fi
if [ -n "${AGENT_LIBDIR}" -o -n "${MK_LIBDIR}" ]; then
# Set output for check_mk/observium agent
DISTROFORMAT="export"
fi
getos() {
OS=`uname -s`
if [ "${OS}" = "SunOS" ]; then
OS="Solaris"
elif [ "${OS}" = "DragonFly" ]; then
OS="DragonFlyBSD"
fi
export OS
return 0
}
getkernel() {
KERNEL=`uname -r`
export KERNEL
return 0
}
getdistro() {
if [ "${OS}" = "Linux" ]; then
if [ -f /etc/os-release ]; then
. /etc/os-release
DISTRO=`echo ${NAME} | awk '{print $1}'`
elif [ -x /usr/bin/lsb_release ]; then
DISTRO=`/usr/bin/lsb_release -si 2>/dev/null`
elif [ -f /etc/redhat-release ]; then
DISTRO=`cat /etc/redhat-release | awk '{print $1}'`
elif [ -f /etc/fedora-release ]; then
DISTRO="Fedora"
elif [ -f /etc/mandriva-release ]; then
DISTRO="Mandriva"
elif [ -f /etc/arch-release ]; then
DISTRO="ArchLinux"
elif [ -f /etc/gentoo-release ]; then
DISTRO="Gentoo"
elif [ -f /etc/SuSE-release ]; then
DISTRO="SuSE"
elif [ -f /etc/mandrake-release ]; then
DISTRO="Mandrake"
elif [ -f /etc/debian_version ]; then
# shit based on debian
if [ -f /etc/mailcleaner/etc/mailcleaner/version.def ]; then
DISTRO="MailCleaner"
else
DISTRO="Debian"
fi
elif [ -f /etc/UnitedLinux-release ]; then
DISTRO="UnitedLinux"
elif [ -f /etc/openwrt_version ]; then
DISTRO="OpenWRT"
elif [ -f /etc/slackware-version ]; then
DISTRO="Slackware"
else
DISTRO="Unknown"
fi
# Fixing some Distro names
if [ "${DISTRO}" = "Debian GNU/Linux" ]; then
DISTRO="Debian"
elif [ "${DISTRO}" = "Red" -o "${DISTRO}" = "RedHatEnterpriseServer" ]; then
DISTRO="RedHat"
elif [ "${DISTRO}" = "Arch" ]; then
DISTRO="ArchLinux"
fi
elif [ "${OS}" = "FreeBSD" ]; then
if [ -f /etc/platform -a -f /etc/version ]; then
DISTRO="pfSense"
elif [ -f /etc/platform -a -f /etc/prd.name ]; then
DISTRO=`cat /etc/prd.name`
elif [ -f /usr/local/bin/pbreg ]; then
DISTRO="PC-BSD"
elif [ -f /tmp/freenas_config.md5 ]; then
DISTRO="FreeNAS"
else
DISTRO=
fi
elif [ "${OS}" = "Solaris" ]; then
DISTRO=`head -n 1 /etc/release | awk '{print $1}'`
if [ "${DISTRO}" = "Solaris" -o "${DISTRO}" = "Oracle" ]; then
DISTRO=
fi
elif [ "${OS}" = "Darwin" ]; then
case `uname -m` in
AppleTV2*)
DISTRO="AppleTV2"
;;
AppleTV3*)
DISTRO="AppleTV3"
;;
iPhone*)
DISTRO="iPhone"
;;
iPod*)
DISTRO="iPOD"
;;
*)
DISTRO="OSX"
;;
esac
else
DISTRO=
fi
export DISTRO
return 0
}
getarch() {
if [ "${OS}" = "Solaris" ]; then
ARCH=`isainfo -k`
elif [ "${OS}" = "Darwin" ]; then
ARCH=`uname -p`
else
ARCH=`uname -m`
fi
if [ "${OS}" = "Linux" ]; then
if [ "${ARCH}" = "x86_64" ]; then
ARCH="amd64"
elif [ "${ARCH}" = "i486" -o "${ARCH}" = "i586" -o "${ARCH}" = "i686" ]; then
ARCH="i386"
fi
fi
export ARCH
return 0
}
getversion() {
if [ "${OS}" = "FreeBSD" -o "${OS}" = "DragonFlyBSD" ]; then
if [ "${DISTRO}" = "pfSense" ]; then
VERSION=`cat /etc/version`
elif [ "${DISTRO}" = "PC-BSD" ]; then
VERSION=`pbreg get /PC-BSD/Version`
elif [ -f /etc/prd.version ]; then
VERSION=`cat /etc/prd.version`
else
VERSION=`uname -i`
fi
elif [ "${OS}" = "OpenBSD" -o "${OS}" = "NetBSD" ]; then
VERSION=`uname -v`
elif [ "${OS}" = "Linux" ]; then
if [ "${DISTRO}" = "OpenWRT" ]; then
VERSION=`cat /etc/openwrt_version`
elif [ "${DISTRO}" = "Slackware" ]; then
VERSION=`cat /etc/slackware-version | cut -d" " -f2`
elif [ -f /etc/redhat-release ]; then
VERSION=`cat /etc/redhat-release | sed 's/.*release\ //' | sed 's/\ .*//'`
elif [ -x /usr/bin/lsb_release ]; then
VERSION=`lsb_release -sr 2>/dev/null`
elif [ -f /etc/os-release ]; then
. /etc/os-release
VERSION=${VERSION_ID}
else
VERSION=
fi
elif [ "${OS}" = "Darwin" ]; then
VERSION=`sw_vers -productVersion`
elif [ "${OS}" = "Solaris" ]; then
VERSION=`uname -v`
fi
export VERSION
return 0
}
if [ -z ${DISTROEXEC} ]; then
getos
getkernel
getarch
getdistro
getversion
if [ "${AGENT_LIBDIR}" -o "${MK_LIBDIR}" ]; then
echo "<<<distro>>>"
fi
if [ "${DISTROFORMAT}" = "pipe" ]; then
echo "${OS}|${KERNEL}|${ARCH}|${DISTRO}|${VERSION}"
elif [ "${DISTROFORMAT}" = "twopipe" ]; then
echo "${OS}||${KERNEL}||${ARCH}||${DISTRO}||${VERSION}"
elif [ "${DISTROFORMAT}" = "ini" ]; then
echo "[distroscript]"
echo " OS = ${OS}"
echo " KERNEL = ${KERNEL}"
echo " ARCH = ${ARCH}"
echo " DISTRO = ${DISTRO}"
echo " DISTROVER = ${VERSION}"
echo " SCRIPTVER = ${DISTROSCRIPT}"
elif [ "${DISTROFORMAT}" = "export" ]; then
echo "OS=${OS}"
echo "KERNEL=${KERNEL}"
echo "ARCH=${ARCH}"
echo "DISTRO=${DISTRO}"
echo "DISTROVER=${VERSION}"
echo "SCRIPTVER=${DISTROSCRIPT}"
else
echo "Unsupported output format."
exit 1
fi
exit 0
fi

60
slack/bin/slackInstall.sh Executable file
View File

@ -0,0 +1,60 @@
#!/bin/bash
#A script to bootstrap slack onto any TURNSYS managed system in any environment.
#Use this as a template for writing TURNSYS shell scripts
slack-install()
{
wget http://toolbox.turnsys.net/sysinfra/slack/bin/distro -O /usr/bin/distro
chmod +x /usr/bin/distro
apt-get -y install make perl rsync
mkdir /tmp/slackDist
wget http://toolbox.turnsys.net/sysinfra/slack/slackDist.tar.gz -O /tmp/slackDist/slackDist.tar.gz
cd /tmp/slackDist
tar xvfz slackDist.tar.gz
make install
cd /tmp
rm -rf slackDist
mkdir /root/.ssh
chmod 700 /root/.ssh
chown -R root:root /root/.ssh
wget http://toolbox.turnsys.net/sysinfra/slack/env/SlackConfig-$SERVER_TYPE.config -O /etc/slack.conf
wget http://toolbox.turnsys.net/sysinfra/slack/env/SlackSSH-$SERVER_TYPE.config -O /root/.ssh/config
chmod 400 /root/.ssh/config
wget http://toolbox.turnsys.net/sysinfra/slack/env/SlackSSH-$SERVER_TYPE.key -O /root/.ssh/SlackSSH-$SERVER_TYPE.key
chmod 400 /root/.ssh/SlackSSH-$SERVER_TYPE.key
}
#######################################################################################################################################################
#main() #For ease of searching
# Script starts here
# This code serves as a generic template for entrypoint code which is able to handle multi distro, multi environment execution.
# !!!!! DO NOT WRAP IN A FUNCTION. THESE ARE GLOBAL VARIABLES !!!!!
#######################################################################################################################################################
#If we have a fleet later, we can use this code to do fleet stuff
#if [ $(hostname -s|egrep -i -c -E 'ts|ts[0-9]|ts[0-9][0-9]|ts[0-9][0-9][0-9]|linux') -eq 1 ]; then
#export server_type=ts
#fi
case $server_type in
ts)
export SERVER_TYPE="ts"
;;
*)
export SERVER_TYPE="prod"
;;
esac
#######################################################################################################################################################
#Kick everything off
#
slack-install

39
slack/dist/Makefile vendored Executable file
View File

@ -0,0 +1,39 @@
# Makefile for slack/src
# $Id: Makefile 187 2008-03-03 02:00:18Z alan $
include Makefile.common
BACKENDS = slack-getroles slack-installfiles slack-runscript slack-sync slack-stage slack-rolediff
all:
install: install-bin install-conf install-lib install-man
install-bin: all
$(MKDIR) $(DESTDIR)$(sbindir)
$(INSTALL) slack $(DESTDIR)$(sbindir)
$(MKDIR) $(DESTDIR)$(bindir)
$(INSTALL) slack-diff $(DESTDIR)$(bindir)
$(MKDIR) $(DESTDIR)$(slack_libexecdir)
@set -ex;\
for i in $(BACKENDS); do \
$(INSTALL) $$i $(DESTDIR)$(slack_libexecdir); done
$(INSTALL) -d -m $(PRIVDIRMODE) $(DESTDIR)$(slack_localstatedir)
$(INSTALL) -d -m $(PRIVDIRMODE) $(DESTDIR)$(slack_localcachedir)
install-conf: all
$(MKDIR) $(DESTDIR)$(sysconfdir)
$(INSTALL) -m 0644 slack.conf $(DESTDIR)$(sysconfdir)
install-lib: all
$(MKDIR) $(DESTDIR)$(slack_libdir)
$(INSTALL) -m 0644 Slack.pm $(DESTDIR)$(slack_libdir)
install-man: all
clean:
realclean: clean
distclean: clean
test:

27
slack/dist/Makefile.common vendored Executable file
View File

@ -0,0 +1,27 @@
# Common code included in every Makefile
# $Id: Makefile.common 189 2008-04-21 00:52:56Z sundell $
PACKAGE=slack
VERSION=0.15.2
DESTDIR =
prefix = /
exec_prefix = /usr
sysconfdir = ${prefix}/etc
mandir = ${exec_prefix}/share/man
bindir = ${exec_prefix}/bin
sbindir = ${exec_prefix}/sbin
libdir = ${exec_prefix}/lib
libexecdir = ${exec_prefix}/lib
localstatedir = ${prefix}/var
slack_libdir = ${libdir}/slack
slack_libexecdir = ${libexecdir}/slack
slack_localstatedir = ${localstatedir}/lib/slack
slack_localcachedir = ${localstatedir}/cache/slack
INSTALL = install
MKDIR = mkdir -p
PRIVDIRMODE = 0700

371
slack/dist/Slack.pm vendored Executable file
View File

@ -0,0 +1,371 @@
# $Id: Slack.pm 189 2008-04-21 00:52:56Z sundell $
# vim:sw=2
# vim600:fdm=marker
# Copyright (C) 2004-2008 Alan Sundell <alan@sundell.net>
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
# See the file COPYING for details.
package Slack;
require 5.006;
use strict;
use Carp qw(cluck confess croak);
use File::Find;
use POSIX qw(WIFEXITED WEXITSTATUS WIFSIGNALED WTERMSIG);
use base qw(Exporter);
use vars qw($VERSION @EXPORT @EXPORT_OK $DEFAULT_CONFIG_FILE);
$VERSION = '0.15.2';
@EXPORT = qw();
@EXPORT_OK = qw();
$DEFAULT_CONFIG_FILE = '/etc/slack.conf';
my $term;
my @default_options = (
'help|h|?',
'version',
'verbose|v+',
'quiet',
'config|C=s',
'source|s=s',
'rsh|e=s',
'cache|c=s',
'stage|t=s',
'root|r=s',
'dry-run|n',
'backup|b',
'backup-dir=s',
'hostname|H=s',
);
sub default_usage ($) {
my ($synopsis) = @_;
return <<EOF;
Usage: $synopsis
Options:
-h, -?, --help
Print this help message and exit.
--version
Print the version number and exit.
-v, --verbose
Be verbose.
--quiet
Don't be verbose (Overrides previous uses of --verbose)
-C, --config FILE
Use this config file instead of '$DEFAULT_CONFIG_FILE'.
-s, --source DIR
Source for slack files
-e, --rsh COMMAND
Remote shell for rsync
-c, --cache DIR
Local cache directory for slack files
-t, --stage DIR
Local staging directory for slack files
-r, --root DIR
Root destination for slack files
-n, --dry-run
Don't write any files to disk -- just report what would have been done.
-b, --backup
Make backups of existing files in ROOT that are overwritten.
--backup-dir DIR
Put backups into this directory.
-H, --hostname HOST
Pretend to be running on HOST, instead of the name given by
gethostname(2).
EOF
}
# Read options from a config file. Arguments:
# file => config file to read
# opthash => hashref in which to store the options
# verbose => whether to be verbose
sub read_config (%) {
my %arg = @_;
my ($config_fh);
local $_;
confess "Slack::read_config: no config file given"
if not defined $arg{file};
$arg{opthash} = {}
if not defined $arg{opthash};
open($config_fh, '<', $arg{file})
or confess "Could not open config file '$arg{file}': $!";
# Make this into a hash so we can quickly see if we're looking
# for a particular option
my %looking_for;
if (ref $arg{options} eq 'ARRAY') {
%looking_for = map { $_ => 1 } @{$arg{options}};
}
while(<$config_fh>) {
chomp;
s/#.*//; # delete comments
s/\s+$//; # delete trailing spaces
next if m/^$/; # skip empty lines
if (m/^[A-Z_]+=\S+/) {
my ($key, $value) = split(/=/, $_, 2);
$key =~ tr/A-Z_/a-z-/;
# Only set options we're looking for
next if (%looking_for and not $looking_for{$key});
# Don't set options that are already set
next if defined $arg{opthash}->{$key};
$arg{verbose} and print STDERR "Slack::read_config: Setting '$key' to '$value'\n";
$arg{opthash}->{$key} = $value;
} else {
cluck "Slack::read_config: Garbage line '$_' in '$arg{file}' line $. ignored";
}
}
close($config_fh)
or confess "Slack::read_config: Could not close config file: $!";
# The verbose option is treated specially in so many places that
# we need to make sure it's defined.
$arg{opthash}->{verbose} ||= 0;
return $arg{opthash};
}
# Just get the exit code from a command that failed.
# croaks if anything weird happened.
sub get_system_exit (@) {
my @command = @_;
if (WIFEXITED($?)) {
my $exit = WEXITSTATUS($?);
return $exit if $exit;
}
if (WIFSIGNALED($?)) {
my $sig = WTERMSIG($?);
croak "'@command' caught sig $sig";
}
if ($!) {
croak "Syserr on system '@command': $!";
}
croak "Unknown error on '@command'";
}
sub check_system_exit (@) {
my @command = @_;
my $exit = get_system_exit(@command);
# Exit is non-zero if get_system_exit() didn't croak.
croak "'@command' exited $exit";
}
# get options from the command line and the config file
# Arguments
# opthash => hashref in which to store options
# usage => usage statement
# required_options => arrayref of options to require -- an exception
# will be thrown if these options are not defined
# command_line_hash => store options specified on the command line here
sub get_options {
my %arg = @_;
use Getopt::Long;
Getopt::Long::Configure('bundling');
if (not defined $arg{opthash}) {
$arg{opthash} = {};
}
if (not defined $arg{usage}) {
$arg{usage} = default_usage($0);
}
my @extra_options = (); # extra arguments to getoptions
if (defined $arg{command_line_options}) {
@extra_options = @{$arg{command_line_options}};
}
# Make a --quiet function that turns off verbosity
$arg{opthash}->{quiet} = sub { $arg{opthash}->{verbose} = 0; };
unless (GetOptions($arg{opthash},
@default_options,
@extra_options,
)) {
print STDERR $arg{usage};
exit 1;
}
if ($arg{opthash}->{help}) {
print $arg{usage};
exit 0;
}
if ($arg{opthash}->{version}) {
print "slack version $VERSION\n";
exit 0;
}
# Get rid of the quiet handler
delete $arg{opthash}->{quiet};
# If we've been given a hashref, save our options there at this
# stage, so the caller can see what was passed on the command line.
# Unfortunately, perl has no .replace function, so we iterate.
if (ref $arg{command_line_hash} eq 'HASH') {
while (my ($k, $v) = each %{$arg{opthash}}) {
$arg{command_line_hash}->{$k} = $v;
}
}
# Use the default config file
if (not defined $arg{opthash}->{config}) {
$arg{opthash}->{config} = $DEFAULT_CONFIG_FILE;
}
# We need to decide whether to be verbose about reading the config file
# Currently we just do it if global verbosity > 2
my $verbose_config = 0;
if (defined $arg{opthash}->{verbose}
and $arg{opthash}->{verbose} > 2) {
$verbose_config = 1;
}
# Read options from the config file, passing along the options we've
# gotten so far
read_config(
file => $arg{opthash}->{config},
opthash => $arg{opthash},
verbose => $verbose_config,
);
# The "verbose" option gets compared a lot and needs to be defined
$arg{opthash}->{verbose} ||= 0;
# The "hostname" option is set specially if it's not defined
if (not defined $arg{opthash}->{hostname}) {
use Sys::Hostname;
$arg{opthash}->{hostname} = hostname;
}
# We can require some options to be set
if (ref $arg{required_options} eq 'ARRAY') {
for my $option (@{$arg{required_options}}) {
if (not defined $arg{opthash}->{$option}) {
croak "Required option '$option' not given on command line or specified in config file!\n";
}
}
}
return $arg{opthash};
}
sub prompt ($) {
my ($prompt) = @_;
if (not defined $term) {
require Term::ReadLine;
$term = new Term::ReadLine 'slack'
}
$term->readline($prompt);
}
# Calls the callback on absolute pathnames of files in the source directory,
# and also on names of directories that don't exist in the destination
# directory (i.e. where $source/foo exists but $destination/foo does not).
sub find_files_to_install ($$$) {
my ($source, $destination, $callback) = @_;
return find ({
wanted => sub {
if (-l or not -d _) {
# Copy all files, links, etc
my $file = $File::Find::name;
&$callback($file);
} elsif (-d _) {
# For directories, we only want to copy it if it doesn't
# exist in the destination yet.
my $dir = $File::Find::name;
# We know the root directory will exist (we make it above),
# so skip the base of the source
(my $short_source = $source) =~ s#/$##;
return if $dir eq $short_source;
# Strip the $source from the path,
# so we can build the destination dir from it.
my $subdir = $dir;
($subdir =~ s#^$source##)
or croak "sub failed: $source|$subdir";
if (not -d "$destination/$subdir") {
&$callback($dir);
}
}
}
},
$source,
);
}
# Runs rsync with the necessary redirection to its filehandles
sub wrap_rsync (@) {
my @command = @_;
my ($pid);
if ($pid = fork) {
# Parent
} elsif (defined $pid) {
# Child
open(STDIN, "<", "/dev/null")
or die "Could not redirect STDIN from /dev/null\n";
# This redirection is necessary because rsync sends
# verbose output to STDOUT
open(STDOUT, ">&STDERR")
or die "Could not redirect STDOUT to STDERR\n";
exec(@command);
die "Could not exec '@command': $!\n";
} else {
die "Could not fork: $!\n";
}
my $kid = waitpid($pid, 0);
if ($kid != $pid) {
die "waitpid returned $kid\n";
} elsif ($?) {
Slack::check_system_exit(@command);
}
}
# Runs rsync with the necessary redirection to its filehandles, but also
# returns an FH to stdin and a PID.
sub wrap_rsync_fh (@) {
my @command = @_;
my ($fh, $pid);
if ($pid = open($fh, "|-")) {
# Parent
} elsif (defined $pid) {
# Child
# This redirection is necessary because rsync sends
# verbose output to STDOUT
open(STDOUT, ">&STDERR")
or die "Could not redirect STDOUT to STDERR\n";
exec(@command);
die "Could not exec '@command': $!\n";
} else {
die "Could not fork: $!\n";
}
return($fh, $pid);
}
1;

329
slack/dist/slack vendored Executable file
View File

@ -0,0 +1,329 @@
#!/usr/bin/perl -w
# $Id: slack 180 2008-01-19 08:26:19Z alan $
# vim:sw=2
# vim600:fdm=marker
# Copyright (C) 2004-2008 Alan Sundell <alan@sundell.net>
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
# See the file COPYING for details.
# This script is in charge of copying files from the (possibly remote)
# master directory to a local cache, using rsync
require 5.006;
use warnings FATAL => qw(all);
use strict;
use sigtrap qw(die untrapped normal-signals
stack-trace any error-signals);
use File::Path;
use File::Find;
use POSIX; # for strftime
use constant LIBEXEC_DIR => '/usr/lib/slack';
use constant LIB_DIR => '/usr/lib/slack';
use lib LIB_DIR;
use Slack;
sub run_backend(@);
sub run_conditional_backend($@);
(my $PROG = $0) =~ s#.*/##;
# Arguments to pass to each backends (initialized to a hash of empty arrays)
my %backend_flags = ( map { $_ => [] }
qw(getroles sync stage preview preinstall fixfiles installfiles postinstall)
);
my @roles;
########################################
# Environment
# Helpful prefix to die messages
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
# Set a reasonable umask
umask 077;
# Get out of wherever (possibly NFS-mounted) we were
chdir("/")
or die "Could not chdir /: $!";
# Autoflush on STDERR
select((select(STDERR), $|=1)[0]);
########################################
# Config and option parsing {{{
my $usage = Slack::default_usage("$PROG [options] [<role>...]");
$usage .= <<EOF;
--preview MODE
Do a diff of scripts and files before running them.
MODE can be one of 'simple' or 'prompt'.
--no-files
Don't install any files in ROOT, but tell rsync to print what
it would do.
--no-scripts
Don't run scripts.
--no-sync
Skip the slack-sync step. (useful if you're pushing stuff into
the CACHE outside of slack)
--role-list
Role list for slack-getroles
--libexec-dir DIR
Look for backend scripts in this directory.
--diff PROG
Use this diff program for previews
--sleep TIME
Randomly sleep between 1 and TIME seconds before starting
operations
EOF
# Options
my %opt = ();
# So we can distinguish stuff on the command line from config file stuff
my %command_line_opt = ();
Slack::get_options(
opthash => \%opt,
command_line_options => [
'preview=s',
'role-list=s',
'no-scripts|noscripts',
'no-files|nofiles',
'no-sync|nosync',
'libexec-dir=s',
'diff=s',
'sleep=i',
],
required_options => [ qw(source cache stage root) ],
command_line_hash => \%command_line_opt,
usage => $usage,
);
# Special options
if ($opt{'dry-run'}) {
$opt{'no-scripts'} = 1;
$opt{'no-files'} = 1;
}
if ($opt{'no-scripts'}) {
for my $action (qw(fixfiles preinstall postinstall)) {
push @{$backend_flags{$action}},
'--dry-run';
}
}
if ($opt{'no-files'}) {
push @{$backend_flags{installfiles}},
'--dry-run';
}
# propagate verbosity - 1 to all backends
if (defined $command_line_opt{'verbose'} and
$command_line_opt{'verbose'} > 1) {
for my $action (keys %backend_flags) {
push @{$backend_flags{$action}},
('--verbose') x ($command_line_opt{'verbose'} - 1);
}
}
# propagate these flags to all the backends
for my $option (qw(config root cache stage source hostname rsh)) {
if ($command_line_opt{$option}) {
for my $action (keys %backend_flags) {
push @{$backend_flags{$action}},
"--$option=$command_line_opt{$option}";
}
}
}
# getroles also can take 'role-list'
if ($command_line_opt{'role-list'}) {
push @{$backend_flags{'getroles'}},
"--role-list=$command_line_opt{'role-list'}";
}
# The libexec dir defaults to this if it wasn't specified
# on the command line or in a config file.
if (not defined $opt{'libexec-dir'}) {
$opt{'libexec-dir'} = LIBEXEC_DIR;
}
# Pass diff option along to slack-rolediff
if ($opt{'diff'}) {
push @{$backend_flags{preview}},
"--diff=$opt{'diff'}";
}
# Preview takes an optional argument. If no argument is given,
# it gets "" from getopt.
if (defined $opt{'preview'}) {
if (not grep /^$opt{'preview'}$/, qw(simple prompt)) {
die "Unknown preview mode '$opt{'preview'}'!";
}
}
# The backup option defaults to on if it wasn't specified
# on the command line or in a config file
if (not defined $opt{backup}) {
$opt{backup} = 1;
}
# Figure out a place to put backups
if ($opt{backup} and $opt{'backup-dir'}) {
push @{$backend_flags{installfiles}},
'--backup',
'--backup-dir='.
$opt{'backup-dir'}.
"/".
strftime('%F-%T', localtime(time))
;
}
# }}}
# Random sleep, helpful when called from cron.
if ($opt{sleep}) {
my $secs = int(rand($opt{sleep})) + 1;
$opt{verbose} and print STDERR "$PROG: sleep $secs\n";
sleep($secs);
}
# Get a list of roles to install from slack-getroles {{{
if (not @ARGV) {
my @command = ($opt{'libexec-dir'}.'/slack-getroles',
@{$backend_flags{'getroles'}});
$opt{verbose} and print STDERR "$PROG: getroles\n";
($opt{verbose} > 2) and print STDERR "$PROG: Calling '@command' to get a list of roles for this host.\n";
my ($roles_pid, $roles_fh);
if ($roles_pid = open($roles_fh, "-|")) {
# Parent
} elsif (defined $roles_pid) {
# Child
exec(@command);
die "Could not exec '@command': $!\n";
} else {
die "Could not fork to run '@command': $!\n";
}
@roles = split(/\s+/, join(" ", <$roles_fh>));
unless (close($roles_fh)) {
Slack::check_system_exit(@command);
}
} else {
@roles = @ARGV;
}
# }}}
# Check role name syntax {{{
for my $role (@roles) {
# Roles MUST begin with a letter. All else is reserved.
if ($role !~ m/^[a-zA-Z]/) {
die "Role '$role' does not begin with a letter!";
}
}
# }}}
$opt{verbose} and print STDERR "$PROG: installing roles: @roles\n";
unless ($opt{'no-sync'}) {
# sync all the roles down at once
$opt{verbose} and print STDERR "$PROG: sync @roles\n";
run_backend('slack-sync',
@{$backend_flags{sync}}, @roles);
}
ROLE: for my $role (@roles) {
# stage
$opt{verbose} and print STDERR "$PROG: stage files $role\n";
run_backend('slack-stage',
@{$backend_flags{stage}}, '--subdir=files', $role);
if ($opt{preview}) {
if ($opt{preview} eq 'simple') {
$opt{verbose} and print STDERR "$PROG: preview $role\n";
# Here, we run the backend in no-prompt mode.
run_conditional_backend(0, 'slack-rolediff',
@{$backend_flags{preview}}, $role);
# ...and we skip further action in the ROLE after showing the diff.
next ROLE;
} elsif ($opt{preview} eq 'prompt') {
$opt{verbose} and print STDERR "$PROG: preview scripts $role\n";
# Here, we want to prompt and just do the scripts, since
# we need to run preinstall and fixfiles before doing the files.
run_conditional_backend(1, 'slack-rolediff',
@{$backend_flags{preview}}, '--subdir=scripts', $role);
} else {
# Should get caught in option processing, above
die "Unknown preview mode!\n";
}
}
$opt{verbose} and print STDERR "$PROG: stage scripts $role\n";
run_backend('slack-stage',
@{$backend_flags{stage}}, '--subdir=scripts', $role);
# preinstall
$opt{verbose} and print STDERR "$PROG: preinstall $role\n";
run_backend('slack-runscript',
@{$backend_flags{preinstall}}, 'preinstall', $role);
# fixfiles
$opt{verbose} and print STDERR "$PROG: fixfiles $role\n";
run_backend('slack-runscript',
@{$backend_flags{fixfiles}}, 'fixfiles', $role);
# preview files
if ($opt{preview} and $opt{preview} eq 'prompt') {
$opt{verbose} and print STDERR "$PROG: preview files $role\n";
run_conditional_backend(1, 'slack-rolediff',
@{$backend_flags{preview}}, '--subdir=files', $role);
}
# installfiles
$opt{verbose} and print STDERR "$PROG: install $role\n";
run_backend('slack-installfiles',
@{$backend_flags{installfiles}}, $role);
# postinstall
$opt{verbose} and print STDERR "$PROG: postinstall $role\n";
run_backend('slack-runscript',
@{$backend_flags{postinstall}}, 'postinstall', $role);
}
exit 0;
sub run_backend (@) {
my ($backend, @args) = @_;
# If we weren't given an explicit path, prepend the libexec dir
unless ($backend =~ m#^/#) {
$backend = $opt{'libexec-dir'} . '/' . $backend;
}
# Assemble our command line
my (@command) = ($backend, @args);
($opt{verbose} > 2) and print STDERR "$PROG: Calling '@command'\n";
unless (system(@command) == 0) {
Slack::check_system_exit(@command);
}
}
sub run_conditional_backend ($@) {
my ($prompt, $backend, @args) = @_;
# If we weren't given an explicit path, prepend the libexec dir
unless ($backend =~ m#^/#) {
$backend = $opt{'libexec-dir'} . '/' . $backend;
}
# Assemble our command line
my (@command) = ($backend, @args);
($opt{verbose} > 2) and print STDERR "$PROG: Calling '@command'\n";
unless (system(@command) == 0) {
my $exit = Slack::get_system_exit(@command);
if ($exit == 1) {
# exit 1 means a difference found or something normal that requires
# a prompt before continuing.
if ($prompt) {
exit 1 unless Slack::prompt("Continue? [yN] ") eq 'y';
}
} else {
# any other non-successful exit is a serious error.
die "'@command' exited $exit";
}
}
}

514
slack/dist/slack-diff vendored Executable file
View File

@ -0,0 +1,514 @@
#!/usr/bin/perl -w
# $Id: slack-diff 122 2006-09-27 07:34:32Z alan $
# vim:sw=2
# vim600:fdm=marker
# Copyright (C) 2004-2006 Alan Sundell <alan@sundell.net>
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
# See the file COPYING for details.
#
# This script is a wrapper for diff that gives output about special files
# and file modes. (diff can only compare regular files)
require 5.006;
use warnings FATAL => qw(all);
use strict;
use sigtrap qw(die untrapped normal-signals
stack-trace any error-signals);
use Errno;
use File::stat;
use File::Basename;
use File::Find;
use Getopt::Long;
use POSIX qw(SIGPIPE strftime);
use Fcntl qw(:mode); # provides things like S_IFMT that POSIX does not
my $VERSION = '0.1';
(my $PROG = $0) =~ s#.*/##;
my @diff; # diff program to use
my $exit = 0; # our exit code
sub compare ($$);
sub recursive_compare ($$);
sub filetype_to_string ($;$);
sub compare_files ($$);
sub diff ($$);
########################################
# Environment
# Helpful prefix to die messages
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
# Set a reasonable umask
umask 077;
# Autoflush on STDOUT
$|=1;
# Autoflush on STDERR
select((select(STDERR), $|=1)[0]);
# Default options
my %opt = (
fakediff => 1,
perms => 1,
'new-file' => 1,
diff => 'diff',
);
# Config and option parsing
my $usage = <<EOF;
Usage: $PROG [options] <file1> <file2>
$PROG -r <dir1> <dir2>
Options:
-u, -U NUM, --unified=NUM
Tell diff to use unified output format.
--diff PROG
Use this program for diffing, instead of "$opt{diff}"
--fakediff
Make a fake diff for file modes and other things that are not file
contents. Default is on, can be disabled with --nofakediff.
--perms
Care about owner, group, and permissions when doing fakediff.
Default is on, can be disabled with --noperms.
-r, --recursive
Recursively compare directories.
-N, --new-file
Treat missing files as empty. Default is on, can be disabled with
--nonew-file.
--unidirectional-new-file
Treat only missing files in the first directory as empty.
--from-file
Treat arguments as a list of files from which to read filenames to
compare, two lines at a time.
-0, --null
Use NULLs instead of newlines as the separator in --from-file mode
--devnullhack
You have a version of diff that can't deal with -N when not in
recursive mode, so we need to feed it /dev/null instead of the
missing file. Default is on, can be disabled with --nodevnullhack.
--version
Output version info
--help
Output this help text
Exit codes:
0 Found no differences
1 Found a difference
2 Had a serious error
3 Found a difference and had a serious error
EOF
{
Getopt::Long::Configure ("bundling");
GetOptions(\%opt,
'help|h|?',
'version',
'null|0',
'devnullhack',
'new-file|N',
'u',
'unified|U=i',
'recursive|r',
'from-file',
'unidirectional-new-file',
'fakediff!',
'perms!',
'diff=s',
) or die $usage;
if ($opt{help}) {
print $usage;
exit 0;
}
if ($opt{version}) {
print "$PROG version $VERSION\n";
exit 0;
}
}
if ($opt{diff}) {
# We split on spaces here to be useful -- so that people can give
# their diff options.
@diff = split(/\s+/, $opt{diff});
} else {
die "$PROG: No diff program!\n";
}
if ($opt{'u'}) {
push @diff, '-u';
} elsif ($opt{'unified'}) {
$opt{'u'} = 1; # We use this value later
push @diff, "--unified=$opt{'unified'}";
}
if (not $opt{'devnullhack'}) {
push @diff, '-N';
}
# usually, sigpipe would be someone quitting their pager, so don't sweat it
$SIG{PIPE} = sub { exit $exit };
if ($opt{'from-file'}) {
local $/ = "\0" if $opt{'null'};
while (my $old = <>) {
my $new = <>;
die "Uneven number of lines in --from-file mode!\n"
if not defined $new;
chomp($old);
chomp($new);
$exit |= compare($old, $new);
}
} else {
die $usage unless $#ARGV == 1;
$exit |= compare($ARGV[0], $ARGV[1]);
}
exit $exit;
##
# Subroutines
sub compare ($$) {
my ($old, $new) = @_;
if ($opt{recursive}) {
return recursive_compare($old, $new);
} else {
return compare_files($old, $new);
}
}
# compare two directories. We do this by walking down the *new*
# directory, and comparing everything that's there to the stuff in
# the old directory
sub recursive_compare ($$) {
my ($olddir, $newdir) = @_;
my ($retval, $basere, $wanted);
my (%seen);
$retval = 0;
if (-d $newdir) {
$basere = qr(^$newdir);
$wanted = sub {
my ($newfile) = $_;
my $oldfile = $newfile;
$oldfile =~ s#$basere#$olddir#;
$seen{$oldfile} = 1;
$retval |= compare_files($oldfile, $newfile);
};
eval { find({ wanted => $wanted , no_chdir => 1}, $newdir) };
if ($@) {
warn "$PROG: error during find: $@\n";
$retval |= 2;
}
}
return $retval
if $opt{'unidirectional-new-file'};
# If we're not unidirectional, we want to go through the old directory
# and diff any files we didn't see in the newdir.
if (-d $olddir) {
$basere = qr(^$olddir);
$wanted = sub {
my ($oldfile) = $_;
my $newfile;
return if $seen{$oldfile};
$newfile = $oldfile;
$newfile =~ s#$basere#$newdir#;
$retval |= compare_files($oldfile, $newfile);
};
eval { find({ wanted => $wanted , no_chdir => 1}, $olddir) };
if ($@) {
warn "$PROG: error during find: $@\n";
$retval |= 2;
}
}
return $retval;
}
# filetype_to_string(mode)
# filetype_to_string(mode, plural)
#
# Takes a mode returned from stat(), returns a noune describing the filetype,
# e.g. "directory", "symlink".
# If the "plural" argument is provided and true, returns the plural form of
# the noun, e.g. "directories", "symlinks".
sub filetype_to_string ($;$) {
my ($mode, $plural) = @_;
if (S_ISREG($mode)) {
return "regular file".($plural ? "s" : "");
} elsif (S_ISDIR($mode)) {
return "director".($plural ? "ies" : "y");
} elsif (S_ISLNK($mode)) {
return "symlink".($plural ? "s" : "");
} elsif (S_ISBLK($mode)) {
return "block device".($plural ? "s" : "");
} elsif (S_ISCHR($mode)) {
return "character device".($plural ? "s" : "");
} elsif (S_ISFIFO($mode)) {
return "fifo".($plural ? "s" : "");
} elsif (S_ISSOCK($mode)) {
return "socket".($plural ? "s" : "");
} else {
return "unknown filetype".($plural ? "s" : "");
}
}
# compare_files(oldfile, newfile)
# This is the actual diffing routine. It's quite long because we need to
# deal with all sorts of special cases. It will print to STDOUT a
# description of the differences between the two files. For regular files,
# diff(1) will be run to show the differences.
#
# return codes:
# 1 found a difference
# 2 had an error
# 3 found a difference and had an error
sub compare_files ($$) {
my ($oldname, $newname) = @_;
my ($old, $new); # stat buffers
my $return = 0;
# Get rid of unsightly double slashes
$oldname =~ s#//#/#g;
$newname =~ s#//#/#g;
eval { $old = lstat($oldname); };
if (not defined $old and not $!{ENOENT}) {
warn "$PROG: Could not stat $oldname: $!\n";
return 2;
}
eval { $new = lstat($newname); };
if (not defined $new and not $!{ENOENT}) {
warn "$PROG: Could not stat $newname: $!\n";
return 2;
}
# At this point, $old or $new should only be undefined if the
# file does not exist.
if (defined $old and defined $new) {
if (S_IFMT($old->mode) != S_IFMT($new->mode)) {
if ($opt{fakediff}) {
fakediff('filetype',
$oldname => filetype_to_string($old->mode),
$newname => filetype_to_string($new->mode),
);
} else {
print "File types differ between ".
filetype_to_string($old->mode)." $oldname and ".
filetype_to_string($new->mode)." $newname\n";
}
return 1;
}
if ($old->nlink != $new->nlink) {
# In recursive mode, we don't care about link counts in directories,
# as we'll pick that up with what files do and don't exist.
unless ($opt{recursive} and S_ISDIR($old->mode)) {
if ($opt{fakediff}) {
fakediff('nlink',
$oldname => $old->nlink,
$newname => $new->nlink,
);
} else {
print "Link counts differ between ".
filetype_to_string($old->mode, 1).
" $oldname and $newname\n";
}
$return = 1;
}
}
if ($old->uid != $new->uid and $opt{perms}) {
if ($opt{fakediff}) {
fakediff('uid',
$oldname => $old->uid,
$newname => $new->uid,
);
} else {
print "Owner differs between ".
filetype_to_string($old->mode, 1).
" $oldname and $newname\n";
}
$return = 1;
}
if ($old->gid != $new->gid and $opt{perms}) {
if ($opt{fakediff}) {
fakediff('gid',
$oldname => $old->gid,
$newname => $new->gid,
);
} else {
print "Group differs between ".
filetype_to_string($old->mode, 1).
" $oldname and $newname\n";
}
$return = 1;
}
if (S_IMODE($old->mode) != S_IMODE($new->mode) and $opt{perms}) {
if ($opt{fakediff}) {
fakediff('mode',
$oldname => sprintf('%04o', S_IMODE($old->mode)),
$newname => sprintf('%04o', S_IMODE($new->mode)),
);
} else {
print "Modes differ between ".
filetype_to_string($old->mode, 1).
" $oldname and $newname\n";
}
$return = 1;
}
# We don't want to compare anything more about sockets, fifos, or
# directories, once we've checked the permissions and link counts
if (S_ISSOCK($old->mode) or
S_ISFIFO($old->mode) or
S_ISDIR($old->mode)) {
return $return;
}
# Check device file devs, and that's it for them
if (S_ISCHR($old->mode) or
S_ISBLK($old->mode)) {
if ($old->rdev != $new->rdev) {
if ($opt{fakediff}) {
fakediff('rdev',
$oldname => $old->rdev,
$newname => $new->rdev,
);
} else {
print "Device numbers differ between ".
filetype_to_string($old->mode, 1).
" $oldname and $newname\n";
}
$return = 1;
}
return $return;
}
# Compare the targets of symlinks
if (S_ISLNK($old->mode)) {
my $oldtarget = readlink $oldname
or (warn("$PROG: Could not readlink($oldname): $!\n"),
return $return | 2);
my $newtarget = readlink $newname
or (warn("$PROG: Could not readlink($newname): $!\n"),
return $return | 2);
if ($oldtarget ne $newtarget) {
if ($opt{fakediff}) {
fakediff('target',
$oldname => $oldtarget,
$newname => $newtarget,
);
} else {
print "Symlink targets differ between $oldname and $newname\n";
}
$return = 1;
}
return $return;
}
if (not S_ISREG($old->mode)) {
warn "$PROG: Don't know what to do with file mode $old->mode!\n";
return 2;
}
} elsif (not defined $old and not defined $new) {
print "Neither $oldname nor $newname exists\n";
return $return;
} elsif (not defined $old) {
if (not S_ISREG($new->mode) or not $opt{'new-file'}) {
print "Only in ".dirname($newname).": ".
filetype_to_string($new->mode)." ".basename($newname)."\n";
return 1;
} elsif ($opt{'devnullhack'}) {
$oldname = '/dev/null';
}
} elsif (not defined $new) {
if (not S_ISREG($old->mode) or not $opt{'new-file'}) {
print "Only in ".dirname($oldname).": ".
filetype_to_string($old->mode)." ".basename($oldname)."\n";
return 1;
} elsif ($opt{'devnullhack'}) {
$newname = '/dev/null';
}
}
# They are regular files! We can actually run diff!
return diff($oldname, $newname) | $return;
}
sub diff ($$) {
my ($oldname, $newname) = @_;
my @command = (@diff, $oldname, $newname);
my $status;
# If we're not specifying unified diff, we need to print a header
# to indicate what's being diffed. (I'm not sure if this actually would
# work for patch, but it does tell our user what's going on).
# FIXME: We only need to specify this if the files are different
print "@command\n"
if not $opt{u};
{
# There is a bug in perl with use warnings FATAL => qw(all)
# that will cause the child process from system() to stick
# around if there is a warning generated.
# Shut off warnings -- we'll catch the error below.
no warnings;
$status = system(@command);
}
return 0 if ($status == 0);
if ($? == -1) {
die "$PROG: failed to execute '@command': $!\n";
}
if ($? & 128) {
die "$PROG: '@command' dumped core\n";
}
if (my $sig = $? & 127) {
die "$PROG: '@command' caught sig $sig\n"
unless ($sig == SIGPIPE);
}
if (my $exit = $? >> 8) {
if ($exit == 1) {
return 1;
} else {
die "$PROG: '@command' returned $exit\n";
}
}
return 0;
}
sub fakediff ($$) {
my ($type, $oldname, $oldvalue, $newname, $newvalue) = @_;
return unless $opt{fakediff};
my $time = strftime('%F %T.000000000 %z', localtime(0));
# We add a suffix onto the filenames to show we're not actually looking
# at file contents. There's no good way to indicate this that's compatible
# with patch, and this is simple enough.
$oldname .= '#~~' . $type;
$newname .= '#~~' . $type;
if ($opt{u}) {
# fake up a unified diff
print <<EOF;
--- $oldname\t$time
+++ $newname\t$time
@@ -1 +1 @@
-$oldvalue
+$newvalue
EOF
} else {
print <<EOF;
diff $oldname $newname
1c1
< $oldvalue
---
> $newvalue
EOF
}
}

161
slack/dist/slack-getroles vendored Executable file
View File

@ -0,0 +1,161 @@
#!/usr/bin/perl -w
# $Id: slack-getroles 180 2008-01-19 08:26:19Z alan $
# vim:sw=2
# vim600:fdm=marker
# Copyright (C) 2004-2008 Alan Sundell <alan@sundell.net>
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
# See the file COPYING for details.
# This script is in charge of copying files from the (possibly remote)
# master directory to a local cache, using rsync
require 5.006;
use warnings FATAL => qw(all);
use strict;
use sigtrap qw(die untrapped normal-signals
stack-trace any error-signals);
use File::Path;
use constant LIB_DIR => '/usr/lib/slack';
use lib LIB_DIR;
use Slack;
my @rsync = ('rsync',
'--links',
'--times',
);
(my $PROG = $0) =~ s#.*/##;
sub sync_list ();
########################################
# Environment
# Helpful prefix to die messages
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
# Set a reasonable umask
umask 077;
# Get out of wherever (possibly NFS-mounted) we were
chdir("/")
or die "Could not chdir /: $!";
# Autoflush on STDERR
select((select(STDERR), $|=1)[0]);
########################################
# Config and option parsing {{{
my $usage = Slack::default_usage("$PROG [options]");
$usage .= <<EOF;
--role-list
Role list location (can be relative to SOURCE)
--remote-role-list
Role list is remote and should be copied down with rsync
(implied by certain forms of role list or SOURCE)
EOF
# Option defaults
my %opt = ();
Slack::get_options(
opthash => \%opt,
command_line_options => [
'role-list=s',
'remote-role-list',
],
required_options => [ qw(role-list hostname) ],
usage => $usage,
);
# Prepare for backups
if ($opt{backup} and $opt{'backup-dir'}) {
# Make sure backup directory exists
unless (-d $opt{'backup-dir'}) {
($opt{verbose} > 0) and print STDERR "Creating backup directory '$opt{'backup-dir'}'\n";
if (not $opt{'dry-run'}) {
eval { mkpath($opt{'backup-dir'}); };
die "Could not mkpath backup dir '$opt{'backup-dir'}': $@\n" if $@;
}
}
push(@rsync, "--backup", "--backup-dir=$opt{'backup-dir'}");
}
# Pass options along to rsync
if ($opt{'dry-run'}) {
push @rsync, '--dry-run';
}
# Pass options along to rsync
if ($opt{'verbose'} > 1) {
push @rsync, '--verbose';
}
# }}}
# See if role-list is actually relative to source, and pre-pend source
# if need be.
unless ($opt{'role-list'} =~ m#^/# or
$opt{'role-list'} =~ m#^\./# or
$opt{'role-list'} =~ m#^[\w@\.-]+:#) {
if (not defined $opt{source}) {
die "Relative path to role-list given, but source not defined!\n\n$usage\n";
}
$opt{'role-list'} = $opt{source} . '/' . $opt{'role-list'};
}
# auto-detect remote role list
if ($opt{'role-list'} =~ m#^[\w@\.-]+:#) {
$opt{'remote-role-list'} = 1;
}
# Copy a remote list locally
if ($opt{'remote-role-list'}) {
# We need a cache directory if the role list is not local
if (not defined $opt{cache}) {
die "Remote path to role-list given, but cache not defined!\n\n$usage\n";
}
# Look at source type, and add options if necessary
if ($opt{'rsh'} or $opt{'role-list'} =~ m/^[\w@\.-]+::/) {
# This is tunnelled rsync, and so needs an extra option
if ($opt{'rsh'}) {
push @rsync, '-e', $opt{'rsh'};
} else {
push @rsync, '-e', 'ssh';
}
}
sync_list();
}
# Read in the roles list
my @roles = ();
my $host_found = 0;
($opt{verbose} > 0) and print STDERR "$PROG: Reading '$opt{'role-list'}'\n";
open(ROLES, "<", $opt{'role-list'})
or die "Could not open '$opt{'role-list'}' for reading: $!\n";
while(<ROLES>) {
s/#.*//; # Strip comments
chomp;
if (s/^$opt{hostname}:\s*//) {
$host_found++;
push @roles, split();
}
}
close(ROLES)
or die "Could not close '$opt{'role-list'}': $!\n";
if (not $host_found) {
die "Host '$opt{hostname}' not found in '$opt{'role-list'}'!\n";
}
print join("\n", @roles), "\n";
exit 0;
sub sync_list () {
my $source = $opt{'role-list'};
my $destination = $opt{cache} . "/_role_list";
unless (-d $opt{cache}) {
eval { mkpath($opt{cache}); };
die "Could not mkpath '$opt{cache}': $@\n" if $@;
}
# All this to run an rsync command
my @command = (@rsync, $source, $destination);
($opt{verbose} > 0) and print STDERR "$PROG: Calling '@command'\n";
Slack::wrap_rsync(@command);
$opt{'role-list'} = $destination;
}

149
slack/dist/slack-installfiles vendored Executable file
View File

@ -0,0 +1,149 @@
#!/usr/bin/perl -w
# $Id: slack-installfiles 180 2008-01-19 08:26:19Z alan $
# vim:sw=2
# vim600:fdm=marker
# Copyright (C) 2004-2008 Alan Sundell <alan@sundell.net>
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
# See the file COPYING for details.
#
# This script is in charge of copying files from the local stage to the root
# of the local filesystem
require 5.006;
use warnings FATAL => qw(all);
use strict;
use sigtrap qw(die untrapped normal-signals
stack-trace any error-signals);
use File::Path;
use constant LIB_DIR => '/usr/lib/slack';
use lib LIB_DIR;
use Slack;
my @rsync = ('rsync',
'--relative',
'--times',
'--perms',
'--group',
'--owner',
'--links',
'--devices',
'--sparse',
'--no-implied-dirs', # SO GOOD!
'--files-from=-',
'--from0',
);
(my $PROG = $0) =~ s#.*/##;
sub install_files ($);
########################################
# Environment
# Helpful prefix to die messages
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
# Set a reasonable umask
umask 077;
# Get out of wherever (possibly NFS-mounted) we were
chdir("/")
or die "Could not chdir /: $!";
# Autoflush on STDERR
select((select(STDERR), $|=1)[0]);
########################################
# Config and option parsing {{{
my $usage = Slack::default_usage("$PROG [options] <role> [<role>...]");
# Option defaults
my %opt = ();
Slack::get_options(
opthash => \%opt,
usage => $usage,
required_options => [ qw(root stage) ],
);
# }}}
# Arguments are required
die "No roles given!\n\n$usage" unless @ARGV;
unless (-d $opt{root}) {
if (not $opt{'dry-run'}) {
eval {
mkpath($opt{root});
# We have a tight umask, and a root of mode 0700 would be undesirable
# in most cases.
chmod(0755, $opt{root});
};
die "Could not mkpath destination directory '$opt{root}': $@\n" if $@;
}
warn "WARNING[$PROG]: Created destination directory '".$opt{root}."'\n";
}
# Prepare for backups
if ($opt{backup} and $opt{'backup-dir'}) {
# Make sure backup directory exists
unless (-d $opt{'backup-dir'}) {
($opt{verbose} > 0) and print STDERR "$PROG: Creating backup directory '$opt{'backup-dir'}'\n";
if (not $opt{'dry-run'}) {
eval { mkpath($opt{'backup-dir'}); };
die "Could not mkpath backup dir '$opt{'backup-dir'}': $@\n" if $@;
}
}
push(@rsync, "--backup", "--backup-dir=$opt{'backup-dir'}");
}
# Pass options along to rsync
if ($opt{'dry-run'}) {
push @rsync, '--dry-run';
}
if ($opt{'verbose'} > 1) {
push @rsync, '--verbose';
}
# copy over the new files
for my $role (@ARGV) {
install_files($role);
}
exit 0;
# This subroutine takes care of actually installing the files for a role
sub install_files ($) {
my ($role) = @_;
# final / is important for rsync
my $source = $opt{stage} . "/roles/" . $role . "/files/";
my $destination = $opt{root} . "/";
my @command = (@rsync, $source, $destination);
if (not -d $source) {
($opt{verbose} > 0) and
print STDERR "$PROG: No files to install -- '$source' does not exist\n";
return;
}
# Try to give some sensible message here
if ($opt{verbose} > 0) {
if ($opt{'dry-run'}) {
print STDERR "$PROG: Dry-run syncing '$source' to '$destination'\n";
} else {
print STDERR "$PROG: Syncing '$source' to '$destination'\n";
}
}
my ($fh) = Slack::wrap_rsync_fh(@command);
select((select($fh), $|=1)[0]); # Turn on autoflush
my $callback = sub {
my ($file) = @_;
($file =~ s#^$source##)
or die "sub failed: $source|$file";
print $fh "$file\0";
};
# This will print files to be synced to the $fh
Slack::find_files_to_install($source, $destination, $callback);
# Close fh, waitpid, and check return value
unless (close($fh)) {
Slack::check_system_exit(@command);
}
}

146
slack/dist/slack-rolediff vendored Executable file
View File

@ -0,0 +1,146 @@
#!/usr/bin/perl -w
# $Id: slack-rolediff 125 2006-09-27 07:50:07Z alan $
# vim:sw=2
# vim600:fdm=marker
# Copyright (C) 2004-2006 Alan Sundell <alan@sundell.net>
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
# See the file COPYING for details.
#
# This script provides a preview of scripts or files about to be installed.
# Basically, it calls diff -- its smarts are in knowing where things are.
require 5.006;
use warnings FATAL => qw(all);
use strict;
use sigtrap qw(die untrapped normal-signals
stack-trace any error-signals);
use File::Path;
use File::Find;
use constant LIB_DIR => '/usr/lib/slack';
use lib LIB_DIR;
use Slack;
my @diff = ('slack-diff',
'-uN',
);
# directories to compare
my %subdir = (
files => 1,
scripts => 1,
);
(my $PROG = $0) =~ s#.*/##;
sub diff ($$;@);
########################################
# Environment
# Helpful prefix to die messages
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
# Set a reasonable umask
umask 077;
# Get out of wherever (possibly NFS-mounted) we were
chdir("/")
or die "Could not chdir /: $!";
# Autoflush on STDERR
select((select(STDERR), $|=1)[0]);
########################################
# Config and option parsing {{{
my $usage = Slack::default_usage("$PROG [options] <role> [<role>...]");
$usage .= <<EOF;
--subdir DIR
Check this subdir only. Possible values for DIR are 'files' and
'scripts'.
--diff PROG
Use this program to do diffs. [@diff]
EOF
# Option defaults
my %opt = ();
Slack::get_options(
opthash => \%opt,
command_line_options => [
'subdir=s',
'diff=s',
],
usage => $usage,
required_options => [ qw(cache stage root) ],
);
# Arguments are required
die "No roles given!\n\n$usage" unless @ARGV;
# We only allow certain values for this option
if ($opt{subdir}) {
unless ($opt{subdir} eq 'files' or $opt{subdir} eq 'scripts') {
die "--subdir option must be 'files' or 'scripts'\n\n$usage";
}
# Only do this subdir
%subdir = ( $opt{subdir} => 1 );
}
# Let people override our diff. Split on spaces so they can pass args.
if ($opt{diff}) {
@diff = split(/\s+/, $opt{diff});
}
# }}}
my $exit = 0;
# Do the diffs
for my $full_role (@ARGV) {
# Split the full role (e.g. google.foogle.woogle) into components
my @role = split(/\./, $full_role);
if ($subdir{scripts}) {
# Then we compare the cache vs the stage
my $old = $opt{stage} . "/roles/" . $full_role . "/scripts";
my $new = $opt{cache} . "/roles/" . $role[0] . "/scripts";
# For scripts, we don't care so much about mode and owner (since those are
# inherited in the CACHE from the SOURCE), so --noperms.
$exit |= diff($old, $new, '--noperms');
}
if ($subdir{files}) {
# Then we compare the stage vs the root
my $old = $opt{root};
my $new = $opt{stage} . "/roles/" . $full_role . "/files";
# For files, we don't care about files that exist in $old but not $new
$exit |= diff($old, $new, '--unidirectional-new-file');
}
}
exit $exit;
sub diff ($$;@) {
my ($old, $new, @options) = @_;
my @command = (@diff, @options);
# return if there's nothing to do
return 0 if (not -d $old and not -d $new);
($opt{verbose} > 0) and print STDERR "$PROG: Previewing with '@command'\n";
my $return = 0;
my $callback = sub {
my ($new_file) = @_;
my $old_file = $new_file;
($old_file =~ s#^$new#$old#)
or die "sub failed: $new|$new_file";
if (system(@command, $old_file, $new_file) != 0) {
$return |= Slack::get_system_exit(@command);
}
};
# We have to use this function, rather than recursive mode for slack-diff,
# because otherwise we'll print a bunch of bogus stuff about directories
# that exist in $ROOT and therefore aren't being synced.
Slack::find_files_to_install($new, $old, $callback);
return $return;
}

111
slack/dist/slack-runscript vendored Executable file
View File

@ -0,0 +1,111 @@
#!/usr/bin/perl -w
# $Id: slack-runscript 118 2006-09-25 18:35:17Z alan $
# vim:sw=2
# vim600:fdm=marker
# Copyright (C) 2004-2006 Alan Sundell <alan@sundell.net>
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
# See the file COPYING for details.
#
# This script is in charge of running scripts out of the local stage
require 5.006;
use warnings FATAL => qw(all);
use strict;
use sigtrap qw(die untrapped normal-signals
stack-trace any error-signals);
use File::Path;
use File::Find;
use constant LIB_DIR => '/usr/lib/slack';
use lib LIB_DIR;
use Slack;
# Export these options to the environment of the script
my @export_options = qw(root stage hostname verbose);
(my $PROG = $0) =~ s#.*/##;
########################################
# Environment
# Helpful prefix to die messages
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
# Set a reasonable umask
umask 077;
# Autoflush on STDERR
select((select(STDERR), $|=1)[0]);
# Get out of wherever (possibly NFS-mounted) we were
chdir('/')
or die "Could not chdir '/': $!";
########################################
# Config and option parsing {{{
my $usage = Slack::default_usage("$PROG [options] <action> <role> [<role>...]");
# Option defaults
my %opt = ();
Slack::get_options(
opthash => \%opt,
usage => $usage,
required_options => \@export_options,
);
my $action = shift || die "No script to run!\n\n$usage";
# Arguments are required
die "No roles given!\n\n$usage" unless @ARGV;
# }}}
# Start with a clean environment
%ENV = (
PATH => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
);
# Export certain variables to the environment. These are guaranteed to
# be set because we require them in get_options above.
for my $option (@export_options) {
my $env_var = $option;
$env_var =~ tr/a-z-/A-Z_/;
$ENV{$env_var} = $opt{$option};
}
# We want to decrement the verbose value for the child if it's set.
$ENV{VERBOSE}-- if $ENV{VERBOSE};
# Run the script for each role given, if it exists and is executable
for my $role (@ARGV) {
my $script_to_run = "$opt{stage}/roles/$role/scripts/$action";
unless (-x $script_to_run) {
if (-e _) {
# A helpful warning
warn "WARNING[$PROG]: Skipping '$script_to_run' because it's not executable\n";
} elsif ($opt{verbose} > 0) {
print STDERR "$PROG: Skipping '$script_to_run' because it doesn't exist\n";
}
next;
}
my $dir;
if ($action eq 'fixfiles') {
$dir = "$opt{stage}/roles/$role/files";
} else {
$dir = "$opt{stage}/roles/$role/scripts";
}
my @command = ($script_to_run , $role);
# It's OK to chdir even if we're not going to run the script.
# Might as well see if it works.
chdir($dir)
or die "Could not chdir '$dir': $!\n";
if ($opt{'dry-run'}) {
($opt{verbose} > 0)
and print STDERR "$PROG: Not calling '@command' in '$dir' ".
"because --dry-run specified.\n";
} else {
($opt{verbose} > 0)
and print STDERR "$PROG: Calling '@command' in '$dir'.\n";
unless (system("script /root/slackLog -a -f -c @command") == 0) {
Slack::check_system_exit(@command);
}
}
chdir('/')
or die "Could not chdir '/': $!\n"
}
exit 0;

111
slack/dist/slack-runscript.orig vendored Executable file
View File

@ -0,0 +1,111 @@
#!/usr/bin/perl -w
# $Id: slack-runscript 118 2006-09-25 18:35:17Z alan $
# vim:sw=2
# vim600:fdm=marker
# Copyright (C) 2004-2006 Alan Sundell <alan@sundell.net>
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
# See the file COPYING for details.
#
# This script is in charge of running scripts out of the local stage
require 5.006;
use warnings FATAL => qw(all);
use strict;
use sigtrap qw(die untrapped normal-signals
stack-trace any error-signals);
use File::Path;
use File::Find;
use constant LIB_DIR => '/usr/lib/slack';
use lib LIB_DIR;
use Slack;
# Export these options to the environment of the script
my @export_options = qw(root stage hostname verbose);
(my $PROG = $0) =~ s#.*/##;
########################################
# Environment
# Helpful prefix to die messages
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
# Set a reasonable umask
umask 077;
# Autoflush on STDERR
select((select(STDERR), $|=1)[0]);
# Get out of wherever (possibly NFS-mounted) we were
chdir('/')
or die "Could not chdir '/': $!";
########################################
# Config and option parsing {{{
my $usage = Slack::default_usage("$PROG [options] <action> <role> [<role>...]");
# Option defaults
my %opt = ();
Slack::get_options(
opthash => \%opt,
usage => $usage,
required_options => \@export_options,
);
my $action = shift || die "No script to run!\n\n$usage";
# Arguments are required
die "No roles given!\n\n$usage" unless @ARGV;
# }}}
# Start with a clean environment
%ENV = (
PATH => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
);
# Export certain variables to the environment. These are guaranteed to
# be set because we require them in get_options above.
for my $option (@export_options) {
my $env_var = $option;
$env_var =~ tr/a-z-/A-Z_/;
$ENV{$env_var} = $opt{$option};
}
# We want to decrement the verbose value for the child if it's set.
$ENV{VERBOSE}-- if $ENV{VERBOSE};
# Run the script for each role given, if it exists and is executable
for my $role (@ARGV) {
my $script_to_run = "$opt{stage}/roles/$role/scripts/$action";
unless (-x $script_to_run) {
if (-e _) {
# A helpful warning
warn "WARNING[$PROG]: Skipping '$script_to_run' because it's not executable\n";
} elsif ($opt{verbose} > 0) {
print STDERR "$PROG: Skipping '$script_to_run' because it doesn't exist\n";
}
next;
}
my $dir;
if ($action eq 'fixfiles') {
$dir = "$opt{stage}/roles/$role/files";
} else {
$dir = "$opt{stage}/roles/$role/scripts";
}
my @command = ($script_to_run, $role);
# It's OK to chdir even if we're not going to run the script.
# Might as well see if it works.
chdir($dir)
or die "Could not chdir '$dir': $!\n";
if ($opt{'dry-run'}) {
($opt{verbose} > 0)
and print STDERR "$PROG: Not calling '@command' in '$dir' ".
"because --dry-run specified.\n";
} else {
($opt{verbose} > 0)
and print STDERR "$PROG: Calling '@command' in '$dir'.\n";
unless (system(@command) == 0) {
Slack::check_system_exit(@command);
}
}
chdir('/')
or die "Could not chdir '/': $!\n"
}
exit 0;

278
slack/dist/slack-stage vendored Executable file
View File

@ -0,0 +1,278 @@
#!/usr/bin/perl -w
# $Id: slack-stage 180 2008-01-19 08:26:19Z alan $
# vim:sw=2
# vim600:fdm=marker
# Copyright (C) 2004-2008 Alan Sundell <alan@sundell.net>
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
# See the file COPYING for details.
#
# This script is in charge of copying files from the local cache
# directory to the local stage, building a unified single tree onstage
# from the multiple trees that are the role + subroles in the cache
require 5.006;
use warnings FATAL => qw(all);
use strict;
use sigtrap qw(die untrapped normal-signals
stack-trace any error-signals);
use File::Path;
use File::Find;
use constant LIB_DIR => '/usr/lib/slack';
use lib LIB_DIR;
use Slack;
my @rsync = ('rsync',
'--recursive',
'--times',
'--ignore-times',
'--perms',
'--sparse',
);
(my $PROG = $0) =~ s#.*/##;
sub check_stage ();
sub sync_role ($$@);
sub apply_default_perms_to_role ($$);
########################################
# Environment
# Helpful prefix to die messages
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
# Set a reasonable umask
umask 077;
# Get out of wherever (possibly NFS-mounted) we were
chdir("/")
or die "Could not chdir /: $!";
# Autoflush on STDERR
select((select(STDERR), $|=1)[0]);
########################################
# Config and option parsing {{{
my $usage = Slack::default_usage("$PROG [options] <role> [<role>...]");
$usage .= <<EOF;
--subdir DIR
Sync this subdir only. Possible values for DIR are 'files' and
'scripts'.
EOF
# Option defaults
my %opt = ();
Slack::get_options(
opthash => \%opt,
command_line_options => [
'subdir=s',
],
usage => $usage,
required_options => [ qw(cache stage) ],
);
# Arguments are required
die "No roles given!\n\n$usage" unless @ARGV;
# We only allow certain values for this option
if ($opt{subdir}) {
unless ($opt{subdir} eq 'files' or $opt{subdir} eq 'scripts') {
die "--subdir option must be 'files' or 'scripts'\n\n$usage";
}
} else {
$opt{subdir} = '';
}
# Prepare for backups
if ($opt{backup} and $opt{'backup-dir'}) {
# Make sure backup directory exists
unless (-d $opt{'backup-dir'}) {
($opt{verbose} > 0) and print STDERR "Creating backup directory '$opt{'backup-dir'}'\n";
if (not $opt{'dry-run'}) {
eval { mkpath($opt{'backup-dir'}); };
die "Could not mkpath backup dir '$opt{'backup-dir'}': $@\n" if $@;
}
}
push(@rsync, "--backup", "--backup-dir=$opt{'backup-dir'}");
}
# Pass options along to rsync
if ($opt{'dry-run'}) {
push @rsync, '--dry-run';
}
# Pass options along to rsync
if ($opt{'verbose'} > 1) {
push @rsync, '--verbose';
}
# }}}
# copy over the new files
for my $full_role (@ARGV) {
# Split the full role (e.g. google.foogle.woogle) into components
my @role_parts = split(/\./, $full_role);
die "Internal error: Expect at least one role part" if not @role_parts;
# Reassemble parts one at a time onto @role and sync as we go,
# so we do "google", then "google.foogle", then "google.foogle.woogle"
my @role = ();
# Make sure we've got the right perms before we copy stuff down
check_stage();
# For the base role, do both files and scripts.
push @role, shift @role_parts;
for my $subdir(qw(files scripts)) {
if (not $opt{subdir} or $opt{subdir} eq $subdir) {
($opt{verbose} > 1)
and print STDERR "$PROG: Calling sync_role for $full_role, @role\n";
# @role here will have one element, so sync_role will use --delete
sync_role($full_role, $subdir, @role)
}
}
# For all subroles, just do the files.
# (If we wanted script subroles to work like files, we'd get rid of this
# distinction and simplify the code.)
if (not $opt{subdir} or $opt{subdir} eq 'files') {
while (@role_parts) {
push @role, shift @role_parts;
($opt{verbose} > 1)
and print STDERR "$PROG: Calling sync_role for $full_role, @role\n";
sync_role($full_role, 'files', @role);
}
}
for my $subdir (qw(files scripts)) {
apply_default_perms_to_role($full_role, $subdir)
if (not $opt{subdir} or $opt{subdir} eq $subdir);
}
}
exit 0;
# Make sure the stage directory exists and is mode 0700, to protect files
# underneath in transit
sub check_stage () {
my $stage = $opt{stage} . "/roles";
if (not $opt{'dry-run'}) {
if (not -d $stage) {
($opt{verbose} > 0) and print STDERR "$PROG: Creating '$stage'\n";
eval { mkpath($stage); };
die "Could not mkpath cache dir '$stage': $@\n" if $@;
}
($opt{verbose} > 0) and print STDERR "$PROG: Checking perms on '$stage'\n";
if ($> != 0) {
warn "WARNING[$PROG]: Not superuser; unable to chown files\n";
} else {
chown(0, 0, $stage)
or die "Could not chown 0:0 '$stage': $!\n";
}
chmod(0700, $stage)
or die "Could not chmod 0700 '$stage': $!\n";
}
}
# Copy the files for a role from CACHE to STAGE
sub sync_role ($$@) {
my ($full_role, $subdir, @role) = @_;
my @this_rsync = @rsync;
# If we were only given one role part, we're in the base role
my $in_base_role = (scalar @role == 1);
# For the base role, delete any files that don't exist in the cache.
# Not for the subrole (otherwise we'll delete all files not in
# the subrole, which may be most of them!)
if ($in_base_role) {
push @this_rsync, "--delete";
}
# (a) => a/files
# (a,b,c) => a/files.b.c
my $src_path = $role[0].'/'.join(".", $subdir, @role[1 .. $#role]);
# This one's a little simpler:
my $dst_path = $full_role.'/'.$subdir;
# final / is important for rsync
my $source = $opt{cache} . "/roles/" . $src_path . "/";
my $destination = $opt{stage} . "/roles/" . $dst_path . "/";
if (not -d $destination and -d $source) {
($opt{verbose} > 0) and print STDERR "$PROG: Creating '$destination'\n";
if (not $opt{'dry-run'}) {
eval { mkpath($destination); };
die "Could not mkpath stage dir '$destination': $@\n" if $@;
}
}
# We no longer require the source to exist
if (not -d $source) {
# but we need to remove the destination if the source
# doesn't exist and we're in the base role
if ($in_base_role) {
rmtree($destination);
# rmtree() doesn't throw exceptions or give a return value useful
# for detecting failure, so we just check after the fact.
die "Could not rmtree '$destination' when '$source' missing\n"
if -e $destination;
}
# if we continue, rsync will fail because source is missing,
# so we don't.
return;
}
# All this to run an rsync command
my @command = (@this_rsync, $source, $destination);
($opt{verbose} > 0) and print STDERR "$PROG: Syncing $src_path with '@command'\n";
Slack::wrap_rsync(@command);
}
# This just takes the base role, and chowns/chmods everything under it to
# give it some sensible permissions. Basically, the only thing we preserve
# about the original permissions is the executable bit, since that's the
# only thing source code controls systems like CVS, RCS, Perforce seem to
# preserve.
sub apply_default_perms_to_role ($$) {
my ($role, $subdir) = @_;
my $destination = $opt{stage} . "/roles/" . $role;
if ($subdir) {
$destination .= '/' . $subdir;
}
# If the destination doesn't exist, it's probably because the source didn't
return if not -d $destination;
($opt{verbose} > 0) and print STDERR "$PROG: Setting default perms on $destination\n";
if ($> != 0) {
warn "WARNING[$PROG]: Not superuser; won't be able to chown files\n";
}
# Use File::Find to recurse the directory
find({
# The "wanted" subroutine is called for every directory entry
wanted => sub {
return if $opt{'dry-run'};
($opt{verbose} > 2) and print STDERR "$File::Find::name\n";
if (-l) {
# symlinks shouldn't be in here,
# since we dereference when copying
warn "WARNING[$PROG]: Skipping symlink at $File::Find::name: $!\n";
return;
} elsif (-f _) { # results of last stat saved in the "_"
if (-x _) {
chmod 0555, $_
or die "Could not chmod 0555 $File::Find::name: $!";
} else {
chmod 0444, $_
or die "Could not chmod 0444 $File::Find::name: $!";
}
} elsif (-d _) {
chmod 0755, $_
or die "Could not chmod 0755 $File::Find::name: $!";
} else {
warn "WARNING[$PROG]: Unknown file type at $File::Find::name: $!\n";
}
return if $> != 0; # skip chowning if not superuser
chown 0, 0, $_
or die "Could not chown 0:0 $File::Find::name: $!";
},
# end of wanted function
},
# way down here, we have the directory to traverse with File::Find
$destination,
);
}

169
slack/dist/slack-sync vendored Executable file
View File

@ -0,0 +1,169 @@
#!/usr/bin/perl -w
# $Id: slack-sync 180 2008-01-19 08:26:19Z alan $
# vim:sw=2
# vim600:fdm=marker
# Copyright (C) 2004-2008 Alan Sundell <alan@sundell.net>
# All Rights Reserved. This program comes with ABSOLUTELY NO WARRANTY.
# See the file COPYING for details.
#
# This script is in charge of copying files from the (possibly remote)
# master directory to a local cache, using rsync
require 5.006;
use warnings FATAL => qw(all);
use strict;
use sigtrap qw(die untrapped normal-signals
stack-trace any error-signals);
use File::Path;
use constant LIB_DIR => '/usr/lib/slack';
use lib LIB_DIR;
use Slack;
my @rsync = ('rsync',
'--cvs-exclude',
'--recursive',
'--links',
'--copy-links',
'--times',
'--perms',
'--sparse',
'--delete',
'--files-from=-',
'--from0',
);
(my $PROG = $0) =~ s#.*/##;
sub check_cache ($);
sub rsync_source ($$@);
########################################
# Environment
# Helpful prefix to die messages
$SIG{__DIE__} = sub { die "FATAL[$PROG]: @_"; };
# Set a reasonable umask
umask 077;
# Get out of wherever (possibly NFS-mounted) we were
chdir("/")
or die "Could not chdir /: $!";
# Autoflush on STDERR
select((select(STDERR), $|=1)[0]);
########################################
# Config and option parsing {{{
my $usage = Slack::default_usage("$PROG [options] <role> [<role>...]");
# Option defaults
my %opt = ();
Slack::get_options(
opthash => \%opt,
usage => $usage,
required_options => [ qw(source cache) ],
);
# Arguments are required
die "No roles given!\n\n$usage" unless @ARGV;
# Prepare for backups
if ($opt{backup} and $opt{'backup-dir'}) {
# Make sure backup directory exists
unless (-d $opt{'backup-dir'}) {
($opt{verbose} > 0) and print STDERR "Creating backup directory '$opt{'backup-dir'}'\n";
if (not $opt{'dry-run'}) {
eval { mkpath($opt{'backup-dir'}); };
die "Could not mkpath backup dir '$opt{'backup-dir'}': $@\n" if $@;
}
}
push(@rsync, "--backup", "--backup-dir=$opt{'backup-dir'}");
}
# Look at source type, and add options if necessary
if ($opt{'rsh'} or $opt{source} =~ m/^[\w@\.-]+::/) {
# This is tunnelled rsync, and so needs an extra option
if ($opt{'rsh'}) {
push @rsync, '-e', $opt{'rsh'};
} else {
push @rsync, '-e', 'ssh';
}
}
# Pass options along to rsync
if ($opt{'dry-run'}) {
push @rsync, '--dry-run';
}
# Pass options along to rsync
if ($opt{'verbose'} > 1) {
push @rsync, '--verbose';
}
# }}}
my @roles = ();
{
# This hash is just to avoid calling rsync twice if two subroles are
# installed. We only care since it's remote, and therefore slow.
my %roles_to_sync = ();
# copy over the new files
for my $full_role (@ARGV) {
# Get the first element of the role name (the base role)
# e.g., from "google.foogle.woogle", get "google"
my $base_role = (split /\./, $full_role, 2)[0];
$roles_to_sync{$base_role} = 1;
}
@roles = keys %roles_to_sync;
}
my $cache = $opt{cache} . "/roles/";
# Make sure we've got the right perms before we copy stuff down
check_cache($cache);
rsync_source(
$opt{source} . '/roles/',
$cache,
@roles,
);
exit 0;
# Make sure the cache directory exists and is mode 0700, to protect files
# underneath in transit
sub check_cache ($) {
my ($cache) = @_;
if (not $opt{'dry-run'}) {
if (not -d $cache) {
($opt{verbose} > 0) and print STDERR "$PROG: Creating '$cache'\n";
eval { mkpath($cache); };
die "Could not mkpath cache dir '$cache': $@\n" if $@;
}
($opt{verbose} > 0) and print STDERR "$PROG: Checking perms on '$cache'\n";
if ($> != 0) {
warn "WARNING[$PROG]: Not superuser; unable to chown files\n";
} else {
chown(0, 0, $cache)
or die "Could not chown 0:0 '$cache': $!\n";
}
chmod(0700, $cache)
or die "Could not chmod 0700 '$cache': $!\n";
}
}
# Pull down roles from an rsync source
sub rsync_source($$@) {
my ($source, $destination, @roles) = @_;
my @command = (@rsync, $source, $destination);
($opt{verbose} > 0)
and print STDERR "$PROG: Syncing cache with '@command'\n";
my ($fh) = Slack::wrap_rsync_fh(@command);
# Shove the roles down its throat
print $fh join("\0", @roles), "\0";
# Close fh, waitpid, and check return value
unless (close($fh)) {
Slack::check_system_exit(@command);
}
}

0
slack/dist/slack.conf vendored Executable file
View File

6
slack/env/SlackConfig-prod.config vendored Normal file
View File

@ -0,0 +1,6 @@
ROLE_LIST=toolbox.turnsys.net:/local/slack-prod/etc/roles.conf
SOURCE=toolbox.turnsys.net:/local/slack-prod/
CACHE=/var/cache/slack
STAGE=/var/lib/slack/stage
ROOT=/
BACKUP_DIR=/var/lib/slack/backups

4
slack/env/SlackSSH-prod.config vendored Normal file
View File

@ -0,0 +1,4 @@
Host toolbox.turnsys.net
User slack-prod
IdentityFile /root/.ssh/SlackSSH-prod.key
StrictHostKeyChecking no

27
slack/env/SlackSSH-prod.key vendored Normal file
View File

@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAycZwe0FuYISsFaHvaplNhb9uplG8YeMkffIKXp633MwihACm
oNoKEQHlqSKD1urZfLYjwf1YBKAPt9QRdIguwsQ3hl3xKpsO+gsmaOpF3eJMVWHZ
dS/T7lplIOcXr0tbUeibQ9p+c+MgICfpdAJvUnuD8grDmaTuvasBat4Ow6rXIzsQ
WKzSrP3iQJ0xeq+mqRIlPP5dwl66RF+dlaloVxlvG95i3u512EkNg+sMt1X5KbhH
ecQSicpA8K2qK4G71CqRIm7DmXCheSlDzqLACwJAFOU4xN3eqTO3B4Bm5Wri9Oip
hkwzMgWrDNFx/69ZnGF69g0VP8Qyl4R7d3FZDQIDAQABAoIBAQCzCDYpxybO0Sl3
kFXEuf3FHNRrEr8aA9cPQUHeLuppKV++zG0M8CpaaNqENjHQ8lTDiUE1ETuV7wfD
TpGmWmdTPZMe0B/6c9bYGiickrInbHHamJXAmw1qwh5VEXc8fJqslL2feTEWVoLc
xU0pODfacenjS5W+sE99T0xUrG9hQJMRtNOorMQiUraLl670yIZnzMszDIdd1xdv
4XCuQ5Phnup22/kvByIdiNXPaSY/gOooBTZDUzka+FV3Nn9XXhZoNBnNfk6XgHZw
x9vQvnN+tuDr6RX4g1RPq/u6IhsQO2/OT9wwu74KLdkLFTssGold73uys2WvC0NW
zNFVBuBBAoGBAO6lhTWE2hvt5h7btEY36XgoJbu0k/E7fVgEud2yCdRdQ5ApAHVs
xvol1D3waVKUrRePKq2BhaylwtYACYAow3geMsGrlf4ndlLOQ1z6ByNncJPF3Tr1
lFp025QLijoKmnCq3CdIVPrdhTm44go2usXytobpxS2nB5hZwZfyDju5AoGBANhy
i9vOlRXcLiHpmzAKwFs/jR9D09DUZ6ALm22HvDOsISJS+nR2neun+7HXXHm1Kqyu
w1GA8xaqBnuFfuHP09ZYTNammEROS8dL/5muGCwrfwIrd/H4ELsE0spWOrTlfgY/
GN5WeoXZGAwjiu67AoRkpKIQxnsjEKSNKZQntjn1AoGAOyAdIcZZd2P4iJqsTl1Z
5aAkwR2bLcAsbNs25XtPviKhM51E9NLPdXhb3kCrB3+4ZsbcrwIRCVZEMFrv/6WZ
0C/DKYKGdeJ3CUr7G5UCob3mAWabShk/+S1MnaBCTeEEpHdgdgcQrtqlQEjTD+7B
VXutxz0x0f64/gD22ttotVkCgYAma4a52JyMCc5ChMXgLDhiuhAhuZdynRFbzlOj
iJF2lpo3DoWYgKmdd+7sbW7jx62wg0D2Sa5cmoeWC2cvTAWtKXVSMLYcgc1frfTL
4aQ2yu27g93BnKfTmpKUCeRX0dih4TdX1//dnGBxXym9IILc30R94/5nQx0kKE52
Fup4tQKBgHrDPBIJG3MkA5UIkBPnxE9Ei8V4g/TpYjmC+6JiWkBTQCNZ4A2KKl7S
pwGQwdcqA5OsPbw0T54HwMtDm0ao0b3krb70vBw/xdIAHNe3DCmeOuKelvjDyzr1
ZL6gF557VfKFjz23Hp2PbOYo88BAdX1H1zy0FUZJ7Zh4GbOjgVFQ
-----END RSA PRIVATE KEY-----

1
slack/env/SlackSSH-prod.key.pub vendored Normal file
View File

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJxnB7QW5ghKwVoe9qmU2Fv26mUbxh4yR98gpenrfczCKEAKag2goRAeWpIoPW6tl8tiPB/VgEoA+31BF0iC7CxDeGXfEqmw76CyZo6kXd4kxVYdl1L9PuWmUg5xevS1tR6JtD2n5z4yAgJ+l0Am9Se4PyCsOZpO69qwFq3g7DqtcjOxBYrNKs/eJAnTF6r6apEiU8/l3CXrpEX52VqWhXGW8b3mLe7nXYSQ2D6wy3VfkpuEd5xBKJykDwraorgbvUKpEibsOZcKF5KUPOosALAkAU5TjE3d6pM7cHgGblauL06KmGTDMyBasM0XH/r1mcYXr2DRU/xDKXhHt3cVkN charles@ultix-mini

BIN
slack/slackDist.tar.gz Executable file
View File

Binary file not shown.