Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
slapos
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
francois
slapos
Commits
ddc540fa
Commit
ddc540fa
authored
Jun 23, 2016
by
Rafael Monnerat
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
cleanup: pulse2 recipe is unmantained and unused.
If required older versions might have the code archive.
parent
edeb5aa2
Changes
37
Hide whitespace changes
Inline
Side-by-side
Showing
37 changed files
with
0 additions
and
2963 deletions
+0
-2963
slapos/recipe/pulse2/__init__.py
slapos/recipe/pulse2/__init__.py
+0
-431
slapos/recipe/pulse2/apache.py
slapos/recipe/pulse2/apache.py
+0
-22
slapos/recipe/pulse2/certificate_authority.py
slapos/recipe/pulse2/certificate_authority.py
+0
-112
slapos/recipe/pulse2/innobackupex.py
slapos/recipe/pulse2/innobackupex.py
+0
-25
slapos/recipe/pulse2/mysql.py
slapos/recipe/pulse2/mysql.py
+0
-71
slapos/recipe/pulse2/template/apache.in.in
slapos/recipe/pulse2/template/apache.in.in
+0
-60
slapos/recipe/pulse2/template/logrotate_entry.in
slapos/recipe/pulse2/template/logrotate_entry.in
+0
-13
slapos/recipe/pulse2/template/memcached.in
slapos/recipe/pulse2/template/memcached.in
+0
-2
slapos/recipe/pulse2/template/mmc-core.in
slapos/recipe/pulse2/template/mmc-core.in
+0
-2
slapos/recipe/pulse2/template/mmc_conf/agent/config.ini
slapos/recipe/pulse2/template/mmc_conf/agent/config.ini
+0
-59
slapos/recipe/pulse2/template/mmc_conf/agent/config.ini.in
slapos/recipe/pulse2/template/mmc_conf/agent/config.ini.in
+0
-59
slapos/recipe/pulse2/template/mmc_conf/mmc.ini.in
slapos/recipe/pulse2/template/mmc_conf/mmc.ini.in
+0
-53
slapos/recipe/pulse2/template/mmc_conf/plugins/base.ini
slapos/recipe/pulse2/template/mmc_conf/plugins/base.ini
+0
-190
slapos/recipe/pulse2/template/mmc_conf/plugins/base.ini.in
slapos/recipe/pulse2/template/mmc_conf/plugins/base.ini.in
+0
-190
slapos/recipe/pulse2/template/mmc_conf/plugins/ppolicy.ini.in
...os/recipe/pulse2/template/mmc_conf/plugins/ppolicy.ini.in
+0
-26
slapos/recipe/pulse2/template/my.cnf.in
slapos/recipe/pulse2/template/my.cnf.in
+0
-52
slapos/recipe/pulse2/template/mysqlinit.sql.in
slapos/recipe/pulse2/template/mysqlinit.sql.in
+0
-7
slapos/recipe/pulse2/template/openssl.cnf.ca.in
slapos/recipe/pulse2/template/openssl.cnf.ca.in
+0
-350
slapos/recipe/pulse2/template/php.ini.in
slapos/recipe/pulse2/template/php.ini.in
+0
-11
slapos/recipe/pulse2/template/pulse2_conf/plugins/dyngroup.ini.in
...ecipe/pulse2/template/pulse2_conf/plugins/dyngroup.ini.in
+0
-34
slapos/recipe/pulse2/template/pulse2_conf/plugins/glpi.ini.in
...os/recipe/pulse2/template/pulse2_conf/plugins/glpi.ini.in
+0
-53
slapos/recipe/pulse2/template/pulse2_conf/plugins/imaging.ini.in
...recipe/pulse2/template/pulse2_conf/plugins/imaging.ini.in
+0
-35
slapos/recipe/pulse2/template/pulse2_conf/plugins/inventory.ini.in
...cipe/pulse2/template/pulse2_conf/plugins/inventory.ini.in
+0
-73
slapos/recipe/pulse2/template/pulse2_conf/plugins/msc.ini.in
slapos/recipe/pulse2/template/pulse2_conf/plugins/msc.ini.in
+0
-143
slapos/recipe/pulse2/template/pulse2_conf/plugins/pkgs.ini.in
...os/recipe/pulse2/template/pulse2_conf/plugins/pkgs.ini.in
+0
-15
slapos/recipe/pulse2/template/pulse2_conf/plugins/pulse2.ini.in
.../recipe/pulse2/template/pulse2_conf/plugins/pulse2.ini.in
+0
-16
slapos/recipe/pulse2/template/pulse2_conf/pulse2/atftpd/pcre.conf.in
...pe/pulse2/template/pulse2_conf/pulse2/atftpd/pcre.conf.in
+0
-14
slapos/recipe/pulse2/template/pulse2_conf/pulse2/imaging-server/imaging-server.ini.in
...e/pulse2_conf/pulse2/imaging-server/imaging-server.ini.in
+0
-116
slapos/recipe/pulse2/template/pulse2_conf/pulse2/inventory-server/inventory-server.ini.in
...lse2_conf/pulse2/inventory-server/inventory-server.ini.in
+0
-68
slapos/recipe/pulse2/template/pulse2_conf/pulse2/launchers/launchers.ini.in
...e2/template/pulse2_conf/pulse2/launchers/launchers.ini.in
+0
-160
slapos/recipe/pulse2/template/pulse2_conf/pulse2/launchers/log_launcher_01.ini.in
...plate/pulse2_conf/pulse2/launchers/log_launcher_01.ini.in
+0
-21
slapos/recipe/pulse2/template/pulse2_conf/pulse2/p2ipc-windows.ini.in
...e/pulse2/template/pulse2_conf/pulse2/p2ipc-windows.ini.in
+0
-58
slapos/recipe/pulse2/template/pulse2_conf/pulse2/p2ipc.ini.in
...os/recipe/pulse2/template/pulse2_conf/pulse2/p2ipc.ini.in
+0
-11
slapos/recipe/pulse2/template/pulse2_conf/pulse2/package-server/package-server.ini.in
...e/pulse2_conf/pulse2/package-server/package-server.ini.in
+0
-200
slapos/recipe/pulse2/template/pulse2_conf/pulse2/package-server/plugin_terminal_type.ini.in
...e2_conf/pulse2/package-server/plugin_terminal_type.ini.in
+0
-21
slapos/recipe/pulse2/template/pulse2_conf/pulse2/scheduler/scheduler.ini.in
...e2/template/pulse2_conf/pulse2/scheduler/scheduler.ini.in
+0
-178
slapos/recipe/pulse2/template/stunnel.conf.in
slapos/recipe/pulse2/template/stunnel.conf.in
+0
-12
No files found.
slapos/recipe/pulse2/__init__.py
deleted
100644 → 0
View file @
edeb5aa2
##############################################################################
#
# Copyright (c) 2010 Vifib SARL and Contributors. All Rights Reserved.
#
# WARNING: This program as such is intended to be used by professional
# programmers who take the whole responsibility of assessing all potential
# consequences resulting from its eventual inadequacies and bugs
# End users who are looking for a ready-to-use solution with commercial
# guarantees and support are strongly adviced to contract a Free Software
# Service Company
#
# This program is Free Software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 3
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
##############################################################################
from
slapos.recipe.librecipe
import
BaseSlapRecipe
import
hashlib
import
os
import
pkg_resources
import
sys
import
zc.buildout
import
ConfigParser
class
Recipe
(
BaseSlapRecipe
):
def
getTemplateFilename
(
self
,
template_name
):
return
pkg_resources
.
resource_filename
(
__name__
,
'template/%s'
%
template_name
)
def
_install
(
self
):
# Apache
# TODO add in apache conf location of mmc.ini
document_root
=
self
.
createDataDirectory
(
'htdocs'
)
self
.
createHtdocs
(
self
.
options
[
'source'
].
strip
(),
document_root
)
url
=
self
.
installApache
(
document_root
)
# MySQL
mysql_conf
=
self
.
installMysqlServer
(
self
.
getLocalIPv4Address
(),
45678
)
# LDAP
ldap_port
=
dict
()
# Pulse
mmc_core_conf
=
self
.
installPulse2
(
ip
=
self
.
getLocalIPv4Address
(),
port
=
11000
,
ldap_host
=
ldap_conf
[
'host'
],
ldap_port
=
ldap_conf
[
'port'
])
ca_conf
=
self
.
installCertificateAuthority
()
key
,
certificate
=
self
.
requestCertificate
(
'Pulse'
)
stunnel_conf
=
self
.
installStunnel
(
self
.
getGlobalIPv6Address
(),
self
.
getLocalIPv4Address
(),
12345
,
pulse_conf
[
'inventory_port'
],
certificate
,
key
,
ca_conf
[
'ca_crl'
],
ca_conf
[
'certificate_authority_path'
])
self
.
linkBinary
()
self
.
setConnectionDict
(
dict
(
stunnel_inventory_ip
=
stunnel_conf
[
'public_ip'
],
stunnel_inventory_port
=
stunnel_conf
[
'public_port'
],
url
=
url
,
**
mysql_conf
))
return
self
.
path_list
def
linkBinary
(
self
):
"""Links binaries to instance's bin directory for easier exposal"""
for
linkline
in
self
.
options
.
get
(
'link_binary_list'
,
''
).
splitlines
():
if
not
linkline
:
continue
target
=
linkline
.
split
()
if
len
(
target
)
==
1
:
target
=
target
[
0
]
path
,
linkname
=
os
.
path
.
split
(
target
)
else
:
linkname
=
target
[
1
]
target
=
target
[
0
]
link
=
os
.
path
.
join
(
self
.
bin_directory
,
linkname
)
if
os
.
path
.
lexists
(
link
):
if
not
os
.
path
.
islink
(
link
):
raise
zc
.
buildout
.
UserError
(
'Target link already %r exists but it is not link'
%
link
)
os
.
unlink
(
link
)
os
.
symlink
(
target
,
link
)
self
.
logger
.
debug
(
'Created link %r -> %r'
%
(
link
,
target
))
self
.
path_list
.
append
(
link
)
def
installCrond
(
self
):
timestamps
=
self
.
createDataDirectory
(
'cronstamps'
)
cron_output
=
os
.
path
.
join
(
self
.
log_directory
,
'cron-output'
)
self
.
_createDirectory
(
cron_output
)
catcher
=
zc
.
buildout
.
easy_install
.
scripts
([(
'catchcron'
,
__name__
+
'.catdatefile'
,
'catdatefile'
)],
self
.
ws
,
sys
.
executable
,
self
.
bin_directory
,
arguments
=
[
cron_output
])[
0
]
self
.
path_list
.
append
(
catcher
)
cron_d
=
os
.
path
.
join
(
self
.
etc_directory
,
'cron.d'
)
crontabs
=
os
.
path
.
join
(
self
.
etc_directory
,
'crontabs'
)
self
.
_createDirectory
(
cron_d
)
self
.
_createDirectory
(
crontabs
)
# Use execute from erp5.
wrapper
=
zc
.
buildout
.
easy_install
.
scripts
([(
'crond'
,
'slapos.recipe.librecipe.execute'
,
'execute'
)],
self
.
ws
,
sys
.
executable
,
self
.
wrapper_directory
,
arguments
=
[
self
.
options
[
'dcrond_binary'
].
strip
(),
'-s'
,
cron_d
,
'-c'
,
crontabs
,
'-t'
,
timestamps
,
'-f'
,
'-l'
,
'5'
,
'-M'
,
catcher
]
)[
0
]
self
.
path_list
.
append
(
wrapper
)
return
cron_d
def
installLogrotate
(
self
):
"""Installs logortate main configuration file and registers its to cron"""
logrotate_d
=
os
.
path
.
abspath
(
os
.
path
.
join
(
self
.
etc_directory
,
'logrotate.d'
))
self
.
_createDirectory
(
logrotate_d
)
logrotate_backup
=
self
.
createBackupDirectory
(
'logrotate'
)
logrotate_conf
=
self
.
createConfigurationFile
(
"logrotate.conf"
,
"include %s"
%
logrotate_d
)
logrotate_cron
=
os
.
path
.
join
(
self
.
cron_d
,
'logrotate'
)
state_file
=
os
.
path
.
join
(
self
.
data_root_directory
,
'logrotate.status'
)
open
(
logrotate_cron
,
'w'
).
write
(
'0 0 * * * %s -s %s %s'
%
(
self
.
options
[
'logrotate_binary'
],
state_file
,
logrotate_conf
))
self
.
path_list
.
extend
([
logrotate_d
,
logrotate_conf
,
logrotate_cron
])
return
logrotate_d
,
logrotate_backup
def
registerLogRotation
(
self
,
name
,
log_file_list
,
postrotate_script
):
"""Register new log rotation requirement"""
open
(
os
.
path
.
join
(
self
.
logrotate_d
,
name
),
'w'
).
write
(
self
.
substituteTemplate
(
self
.
getTemplateFilename
(
'logrotate_entry.in'
),
dict
(
file_list
=
' '
.
join
([
'"'
+
q
+
'"'
for
q
in
log_file_list
]),
postrotate
=
postrotate_script
,
olddir
=
self
.
logrotate_backup
)))
def
installCertificateAuthority
(
self
,
ca_country_code
=
'XX'
,
ca_email
=
'xx@example.com'
,
ca_state
=
'State'
,
ca_city
=
'City'
,
ca_company
=
'Company'
):
backup_path
=
self
.
createBackupDirectory
(
'ca'
)
self
.
ca_dir
=
os
.
path
.
join
(
self
.
data_root_directory
,
'ca'
)
self
.
_createDirectory
(
self
.
ca_dir
)
self
.
ca_request_dir
=
os
.
path
.
join
(
self
.
ca_dir
,
'requests'
)
self
.
_createDirectory
(
self
.
ca_request_dir
)
config
=
dict
(
ca_dir
=
self
.
ca_dir
,
request_dir
=
self
.
ca_request_dir
)
self
.
ca_private
=
os
.
path
.
join
(
self
.
ca_dir
,
'private'
)
self
.
ca_certs
=
os
.
path
.
join
(
self
.
ca_dir
,
'certs'
)
self
.
ca_crl
=
os
.
path
.
join
(
self
.
ca_dir
,
'crl'
)
self
.
ca_newcerts
=
os
.
path
.
join
(
self
.
ca_dir
,
'newcerts'
)
self
.
ca_key_ext
=
'.key'
self
.
ca_crt_ext
=
'.crt'
for
d
in
[
self
.
ca_private
,
self
.
ca_crl
,
self
.
ca_newcerts
,
self
.
ca_certs
]:
self
.
_createDirectory
(
d
)
for
f
in
[
'crlnumber'
,
'serial'
]:
if
not
os
.
path
.
exists
(
os
.
path
.
join
(
self
.
ca_dir
,
f
)):
open
(
os
.
path
.
join
(
self
.
ca_dir
,
f
),
'w'
).
write
(
'01'
)
if
not
os
.
path
.
exists
(
os
.
path
.
join
(
self
.
ca_dir
,
'index.txt'
)):
open
(
os
.
path
.
join
(
self
.
ca_dir
,
'index.txt'
),
'w'
).
write
(
''
)
openssl_configuration
=
os
.
path
.
join
(
self
.
ca_dir
,
'openssl.cnf'
)
config
.
update
(
working_directory
=
self
.
ca_dir
,
country_code
=
ca_country_code
,
state
=
ca_state
,
city
=
ca_city
,
company
=
ca_company
,
email_address
=
ca_email
,
)
self
.
_writeFile
(
openssl_configuration
,
pkg_resources
.
resource_string
(
__name__
,
'template/openssl.cnf.ca.in'
)
%
config
)
self
.
path_list
.
extend
(
zc
.
buildout
.
easy_install
.
scripts
([
(
'certificate_authority'
,
__name__
+
'.certificate_authority'
,
'runCertificateAuthority'
)],
self
.
ws
,
sys
.
executable
,
self
.
wrapper_directory
,
arguments
=
[
dict
(
openssl_configuration
=
openssl_configuration
,
openssl_binary
=
self
.
options
[
'openssl_binary'
],
certificate
=
os
.
path
.
join
(
self
.
ca_dir
,
'cacert.pem'
),
key
=
os
.
path
.
join
(
self
.
ca_private
,
'cakey.pem'
),
crl
=
os
.
path
.
join
(
self
.
ca_crl
),
request_dir
=
self
.
ca_request_dir
)]))
# configure backup
backup_cron
=
os
.
path
.
join
(
self
.
cron_d
,
'ca_rdiff_backup'
)
open
(
backup_cron
,
'w'
).
write
(
'''0 0 * * * %(rdiff_backup)s %(source)s %(destination)s'''
%
dict
(
rdiff_backup
=
self
.
options
[
'rdiff_backup_binary'
],
source
=
self
.
ca_dir
,
destination
=
backup_path
))
self
.
path_list
.
append
(
backup_cron
)
return
dict
(
ca_certificate
=
os
.
path
.
join
(
config
[
'ca_dir'
],
'cacert.pem'
),
ca_crl
=
os
.
path
.
join
(
config
[
'ca_dir'
],
'crl'
),
certificate_authority_path
=
config
[
'ca_dir'
]
)
def
requestCertificate
(
self
,
name
):
hash
=
hashlib
.
sha512
(
name
).
hexdigest
()
key
=
os
.
path
.
join
(
self
.
ca_private
,
hash
+
self
.
ca_key_ext
)
certificate
=
os
.
path
.
join
(
self
.
ca_certs
,
hash
+
self
.
ca_crt_ext
)
parser
=
ConfigParser
.
RawConfigParser
()
parser
.
add_section
(
'certificate'
)
parser
.
set
(
'certificate'
,
'name'
,
name
)
parser
.
set
(
'certificate'
,
'key_file'
,
key
)
parser
.
set
(
'certificate'
,
'certificate_file'
,
certificate
)
parser
.
write
(
open
(
os
.
path
.
join
(
self
.
ca_request_dir
,
hash
),
'w'
))
return
key
,
certificate
def
installStunnel
(
self
,
public_ip
,
private_ip
,
public_port
,
private_port
,
ca_certificate
,
key
,
ca_crl
,
ca_path
):
"""Installs stunnel"""
template_filename
=
self
.
getTemplateFilename
(
'stunnel.conf.in'
)
log
=
os
.
path
.
join
(
self
.
log_directory
,
'stunnel.log'
)
pid_file
=
os
.
path
.
join
(
self
.
run_directory
,
'stunnel.pid'
)
stunnel_conf
=
dict
(
public_ip
=
public_ip
,
private_ip
=
private_ip
,
public_port
=
public_port
,
pid_file
=
pid_file
,
log
=
log
,
cert
=
ca_certificate
,
key
=
key
,
ca_crl
=
ca_crl
,
ca_path
=
ca_path
,
private_port
=
private_port
,
)
stunnel_conf_path
=
self
.
createConfigurationFile
(
"stunnel.conf"
,
self
.
substituteTemplate
(
template_filename
,
stunnel_conf
))
wrapper
=
zc
.
buildout
.
easy_install
.
scripts
([(
'stunnel'
,
'slapos.recipe.librecipe.execute'
,
'execute'
)],
self
.
ws
,
sys
.
executable
,
self
.
wrapper_directory
,
arguments
=
[
self
.
options
[
'stunnel_binary'
].
strip
(),
stunnel_conf_path
]
)[
0
]
self
.
path_list
.
append
(
wrapper
)
return
stunnel_conf
def
installPulse2
(
self
,
ip
,
port
,
ldap_host
,
ldap_port
):
"""Installs both mmc_core and pulse2"""
config
=
dict
(
ldap_host
=
ldap_host
,
ldap_port
=
ldap_port
,
memcached_port
=
port
,
ldap_logfile_path
=
os
.
path
.
join
(
self
.
log_directory
,
'ldap.log'
),
mmc_core_binary
=
self
.
options
[
'mmc_core_binary'
]
)
#TODO write function that takes all templates in subdir and creates conf
# files, keeping same dir structure.
mmc_conf_path
=
self
.
createConfigurationFile
(
os
.
path
.
join
(
"mmc"
,
"agent"
,
"config.ini"
),
self
.
substituteTemplate
(
self
.
getTemplateFilename
(
os
.
path
.
join
(
"mmc_conf"
,
"agent"
,
"config.ini.in"
)),
config
))
config
[
'mmc_core_config_file'
]
=
mysql_conf_path
self
.
path_list
.
append
(
self
.
createRunningWrapper
(
'mmc-core'
,
self
.
substituteTemplate
(
self
.
getTemplateFilename
(
'mmc-core.in'
),
config
)))
return
dict
(
memcached_url
=
'%s:%s'
%
(
config
[
'memcached_ip'
],
config
[
'memcached_port'
]),
memcached_ip
=
config
[
'memcached_ip'
],
memcached_port
=
config
[
'memcached_port'
])
def
createHtdocs
(
self
,
source
,
document_root
):
source
=
self
.
options
[
'source'
].
strip
()
document_root
=
self
.
createDataDirectory
(
'htdocs'
)
for
p
in
os
.
listdir
(
document_root
):
path
=
os
.
path
.
join
(
document_root
,
p
)
if
os
.
path
.
isdir
(
path
):
shutil
.
rmtree
(
path
)
else
:
os
.
unlink
(
path
)
for
p
in
os
.
listdir
(
source
):
path
=
os
.
path
.
join
(
source
,
p
)
if
os
.
path
.
isdir
(
path
):
shutil
.
copytree
(
path
,
os
.
path
.
join
(
document_root
,
p
))
else
:
shutil
.
copy2
(
path
,
os
.
path
.
join
(
document_root
,
p
))
def
installApache
(
self
,
document_root
,
ip
=
None
,
port
=
None
):
if
ip
is
None
:
ip
=
self
.
getGlobalIPv6Address
()
if
port
is
None
:
port
=
'9080'
apache_config
=
dict
(
pid_file
=
os
.
path
.
join
(
self
.
run_directory
,
'httpd.pid'
),
lock_file
=
os
.
path
.
join
(
self
.
run_directory
,
'httpd.lock'
),
ip
=
ip
,
port
=
port
,
error_log
=
os
.
path
.
join
(
self
.
log_directory
,
'httpd-error.log'
),
access_log
=
os
.
path
.
join
(
self
.
log_directory
,
'httpd-access.log'
),
document_root
=
document_root
,
php_ini_dir
=
self
.
etc_directory
)
config_file
=
self
.
createConfigurationFile
(
'httpd.conf'
,
self
.
substituteTemplate
(
pkg_resources
.
resource_filename
(
__name__
,
'template/apache.in'
),
apache_config
))
self
.
path_list
.
append
(
config_file
)
self
.
path_list
.
append
(
self
.
createConfigurationFile
(
'php.ini'
,
self
.
substituteTemplate
(
pkg_resources
.
resource_filename
(
__name__
,
'template/php.ini.in'
),
{})))
self
.
path_list
.
extend
(
zc
.
buildout
.
easy_install
.
scripts
([(
'httpd'
,
__name__
+
'.apache'
,
'runApache'
)],
self
.
ws
,
sys
.
executable
,
self
.
wrapper_directory
,
arguments
=
[
dict
(
required_path_list
=
[],
binary
=
self
.
options
[
'httpd_binary'
],
config
=
config_file
)
]))
return
'http://[%s]:%s'
%
(
ip
,
port
)
def
installMysqlServer
(
self
,
ip
,
port
,
database
=
'erp5'
,
user
=
'user'
,
test_database
=
'test_erp5'
,
test_user
=
'test_user'
,
template_filename
=
None
,
parallel_test_database_amount
=
100
,
mysql_conf
=
None
):
if
mysql_conf
is
None
:
mysql_conf
=
{}
backup_directory
=
self
.
createBackupDirectory
(
'mysql'
)
if
template_filename
is
None
:
template_filename
=
self
.
getTemplateFilename
(
'my.cnf.in'
)
error_log
=
os
.
path
.
join
(
self
.
log_directory
,
'mysqld.log'
)
slow_query_log
=
os
.
path
.
join
(
self
.
log_directory
,
'mysql-slow.log'
)
mysql_conf
.
update
(
ip
=
ip
,
data_directory
=
os
.
path
.
join
(
self
.
data_root_directory
,
'mysql'
),
tcp_port
=
port
,
pid_file
=
os
.
path
.
join
(
self
.
run_directory
,
'mysqld.pid'
),
socket
=
os
.
path
.
join
(
self
.
run_directory
,
'mysqld.sock'
),
error_log
=
error_log
,
slow_query_log
=
slow_query_log
,
mysql_database
=
database
,
mysql_user
=
user
,
mysql_password
=
self
.
generatePassword
(),
mysql_test_password
=
self
.
generatePassword
(),
mysql_test_database
=
test_database
,
mysql_test_user
=
test_user
,
mysql_parallel_test_dict
=
[
(
'test_%i'
%
x
,)
*
2
+
(
self
.
generatePassword
(),)
\
for
x
in
xrange
(
0
,
parallel_test_database_amount
)],
)
self
.
registerLogRotation
(
'mysql'
,
[
error_log
,
slow_query_log
],
'%(mysql_binary)s --no-defaults -B --user=root '
'--socket=%(mysql_socket)s -e "FLUSH LOGS"'
%
dict
(
mysql_binary
=
self
.
options
[
'mysql_binary'
],
mysql_socket
=
mysql_conf
[
'socket'
]))
self
.
_createDirectory
(
mysql_conf
[
'data_directory'
])
mysql_conf_path
=
self
.
createConfigurationFile
(
"my.cnf"
,
self
.
substituteTemplate
(
template_filename
,
mysql_conf
))
mysql_script_list
=
[]
for
x_database
,
x_user
,
x_password
in
\
[(
mysql_conf
[
'mysql_database'
],
mysql_conf
[
'mysql_user'
],
mysql_conf
[
'mysql_password'
]),
(
mysql_conf
[
'mysql_test_database'
],
mysql_conf
[
'mysql_test_user'
],
mysql_conf
[
'mysql_test_password'
]),
]
+
mysql_conf
[
'mysql_parallel_test_dict'
]:
mysql_script_list
.
append
(
pkg_resources
.
resource_string
(
__name__
,
'template/initmysql.sql.in'
)
%
{
'mysql_database'
:
x_database
,
'mysql_user'
:
x_user
,
'mysql_password'
:
x_password
})
mysql_script_list
.
append
(
'EXIT'
)
mysql_script
=
'
\
n
'
.
join
(
mysql_script_list
)
self
.
path_list
.
extend
(
zc
.
buildout
.
easy_install
.
scripts
([(
'mysql_update'
,
__name__
+
'.mysql'
,
'updateMysql'
)],
self
.
ws
,
sys
.
executable
,
self
.
wrapper_directory
,
arguments
=
[
dict
(
mysql_script
=
mysql_script
,
mysql_binary
=
self
.
options
[
'mysql_binary'
].
strip
(),
mysql_upgrade_binary
=
self
.
options
[
'mysql_upgrade_binary'
].
strip
(),
socket
=
mysql_conf
[
'socket'
],
)]))
self
.
path_list
.
extend
(
zc
.
buildout
.
easy_install
.
scripts
([(
'mysqld'
,
__name__
+
'.mysql'
,
'runMysql'
)],
self
.
ws
,
sys
.
executable
,
self
.
wrapper_directory
,
arguments
=
[
dict
(
mysql_install_binary
=
self
.
options
[
'mysql_install_binary'
].
strip
(),
mysqld_binary
=
self
.
options
[
'mysqld_binary'
].
strip
(),
data_directory
=
mysql_conf
[
'data_directory'
].
strip
(),
mysql_binary
=
self
.
options
[
'mysql_binary'
].
strip
(),
socket
=
mysql_conf
[
'socket'
].
strip
(),
configuration_file
=
mysql_conf_path
,
)]))
self
.
path_list
.
extend
([
mysql_conf_path
])
# backup configuration
backup_directory
=
self
.
createBackupDirectory
(
'mysql'
)
full_backup
=
os
.
path
.
join
(
backup_directory
,
'full'
)
incremental_backup
=
os
.
path
.
join
(
backup_directory
,
'incremental'
)
self
.
_createDirectory
(
full_backup
)
self
.
_createDirectory
(
incremental_backup
)
innobackupex_argument_list
=
[
self
.
options
[
'perl_binary'
],
self
.
options
[
'innobackupex_binary'
],
'--defaults-file=%s'
%
mysql_conf_path
,
'--socket=%s'
%
mysql_conf
[
'socket'
].
strip
(),
'--user=root'
,
'--ibbackup=%s'
%
self
.
options
[
'xtrabackup_binary'
]]
environment
=
dict
(
PATH
=
'%s'
%
self
.
bin_directory
)
innobackupex_incremental
=
zc
.
buildout
.
easy_install
.
scripts
([(
'innobackupex_incremental'
,
'slapos.recipe.librecipe.execute'
,
'executee'
)],
self
.
ws
,
sys
.
executable
,
self
.
bin_directory
,
arguments
=
[
innobackupex_argument_list
+
[
'--incremental'
],
environment
])[
0
]
self
.
path_list
.
append
(
innobackupex_incremental
)
innobackupex_full
=
zc
.
buildout
.
easy_install
.
scripts
([(
'innobackupex_full'
,
'slapos.recipe.librecipe.execute'
,
'executee'
)],
self
.
ws
,
sys
.
executable
,
self
.
bin_directory
,
arguments
=
[
innobackupex_argument_list
,
environment
])[
0
]
self
.
path_list
.
append
(
innobackupex_full
)
backup_controller
=
zc
.
buildout
.
easy_install
.
scripts
([
(
'innobackupex_controller'
,
__name__
+
'.innobackupex'
,
'controller'
)],
self
.
ws
,
sys
.
executable
,
self
.
bin_directory
,
arguments
=
[
innobackupex_incremental
,
innobackupex_full
,
full_backup
,
incremental_backup
])[
0
]
self
.
path_list
.
append
(
backup_controller
)
mysql_backup_cron
=
os
.
path
.
join
(
self
.
cron_d
,
'mysql_backup'
)
open
(
mysql_backup_cron
,
'w'
).
write
(
'0 0 * * * '
+
backup_controller
)
self
.
path_list
.
append
(
mysql_backup_cron
)
# The return could be more explicit database, user ...
return
mysql_conf
slapos/recipe/pulse2/apache.py
deleted
100644 → 0
View file @
edeb5aa2
import
os
import
sys
import
time
def
runApache
(
args
):
sleep
=
60
conf
=
args
[
0
]
while
True
:
ready
=
True
for
f
in
conf
.
get
(
'required_path_list'
,
[]):
if
not
os
.
path
.
exists
(
f
):
print
'File %r does not exists, sleeping for %s'
%
(
f
,
sleep
)
ready
=
False
if
ready
:
break
time
.
sleep
(
sleep
)
apache_wrapper_list
=
[
conf
[
'binary'
],
'-f'
,
conf
[
'config'
],
'-DFOREGROUND'
]
apache_wrapper_list
.
extend
(
sys
.
argv
[
1
:])
sys
.
stdout
.
flush
()
sys
.
stderr
.
flush
()
os
.
execl
(
apache_wrapper_list
[
0
],
*
apache_wrapper_list
)
slapos/recipe/pulse2/certificate_authority.py
deleted
100644 → 0
View file @
edeb5aa2
import
os
import
subprocess
import
time
import
ConfigParser
def
popenCommunicate
(
command_list
,
input
=
None
):
subprocess_kw
=
dict
(
stdout
=
subprocess
.
PIPE
,
stderr
=
subprocess
.
STDOUT
)
if
input
is
not
None
:
subprocess_kw
.
update
(
stdin
=
subprocess
.
PIPE
)
popen
=
subprocess
.
Popen
(
command_list
,
**
subprocess_kw
)
result
=
popen
.
communicate
(
input
)[
0
]
if
popen
.
returncode
is
None
:
popen
.
kill
()
if
popen
.
returncode
!=
0
:
raise
ValueError
(
'Issue during calling %r, result was:
\
n
%s'
%
(
command_list
,
result
))
return
result
class
CertificateAuthority
:
def
__init__
(
self
,
key
,
certificate
,
openssl_binary
,
openssl_configuration
,
request_dir
):
self
.
key
=
key
self
.
certificate
=
certificate
self
.
openssl_binary
=
openssl_binary
self
.
openssl_configuration
=
openssl_configuration
self
.
request_dir
=
request_dir
def
checkAuthority
(
self
):
file_list
=
[
self
.
key
,
self
.
certificate
]
ca_ready
=
True
for
f
in
file_list
:
if
not
os
.
path
.
exists
(
f
):
ca_ready
=
False
break
if
ca_ready
:
return
for
f
in
file_list
:
if
os
.
path
.
exists
(
f
):
os
.
unlink
(
f
)
try
:
# no CA, let us create new one
popenCommunicate
([
self
.
openssl_binary
,
'req'
,
'-nodes'
,
'-config'
,
self
.
openssl_configuration
,
'-new'
,
'-x509'
,
'-extensions'
,
'v3_ca'
,
'-keyout'
,
self
.
key
,
'-out'
,
self
.
certificate
,
'-days'
,
'10950'
],
'Automatic Certificate Authority
\
n
'
)
except
:
try
:
for
f
in
file_list
:
if
os
.
path
.
exists
(
f
):
os
.
unlink
(
f
)
except
:
# do not raise during cleanup
pass
raise
def
_checkCertificate
(
self
,
common_name
,
key
,
certificate
):
file_list
=
[
key
,
certificate
]
ready
=
True
for
f
in
file_list
:
if
not
os
.
path
.
exists
(
f
):
ready
=
False
break
if
ready
:
return
False
for
f
in
file_list
:
if
os
.
path
.
exists
(
f
):
os
.
unlink
(
f
)
csr
=
certificate
+
'.csr'
try
:
popenCommunicate
([
self
.
openssl_binary
,
'req'
,
'-config'
,
self
.
openssl_configuration
,
'-nodes'
,
'-new'
,
'-keyout'
,
key
,
'-out'
,
csr
,
'-days'
,
'3650'
],
common_name
+
'
\
n
'
)
try
:
popenCommunicate
([
self
.
openssl_binary
,
'ca'
,
'-batch'
,
'-config'
,
self
.
openssl_configuration
,
'-out'
,
certificate
,
'-infiles'
,
csr
])
finally
:
if
os
.
path
.
exists
(
csr
):
os
.
unlink
(
csr
)
except
:
try
:
for
f
in
file_list
:
if
os
.
path
.
exists
(
f
):
os
.
unlink
(
f
)
except
:
# do not raise during cleanup
pass
raise
else
:
return
True
def
checkRequestDir
(
self
):
for
request_file
in
os
.
listdir
(
self
.
request_dir
):
parser
=
ConfigParser
.
RawConfigParser
()
parser
.
readfp
(
open
(
os
.
path
.
join
(
self
.
request_dir
,
request_file
),
'r'
))
if
self
.
_checkCertificate
(
parser
.
get
(
'certificate'
,
'name'
),
parser
.
get
(
'certificate'
,
'key_file'
),
parser
.
get
(
'certificate'
,
'certificate_file'
)):
print
'Created certificate %r'
%
parser
.
get
(
'certificate'
,
'name'
)
def
runCertificateAuthority
(
args
):
ca_conf
=
args
[
0
]
ca
=
CertificateAuthority
(
ca_conf
[
'key'
],
ca_conf
[
'certificate'
],
ca_conf
[
'openssl_binary'
],
ca_conf
[
'openssl_configuration'
],
ca_conf
[
'request_dir'
])
while
True
:
ca
.
checkAuthority
()
ca
.
checkRequestDir
()
time
.
sleep
(
60
)
slapos/recipe/pulse2/innobackupex.py
deleted
100644 → 0
View file @
edeb5aa2
import
os
import
glob
def
controller
(
args
):
"""Creates full or incremental backup
If no full backup is done, it is created
If full backup exists incremental backup is done starting with base
base is the newest (according to date) full or incremental backup
"""
innobackupex_incremental
,
innobackupex_full
,
full_backup
,
incremental_backup
\
=
args
if
len
(
os
.
listdir
(
full_backup
))
==
0
:
print
'Doing full backup in %r'
%
full_backup
os
.
execv
(
innobackupex_full
,
[
innobackupex_full
,
full_backup
])
else
:
backup_list
=
filter
(
os
.
path
.
isdir
,
glob
.
glob
(
full_backup
+
"/*"
)
+
glob
.
glob
(
incremental_backup
+
"/*"
))
backup_list
.
sort
(
key
=
lambda
x
:
os
.
path
.
getmtime
(
x
),
reverse
=
True
)
base
=
backup_list
[
0
]
print
'Doing incremental backup in %r using %r as a base'
%
(
incremental_backup
,
base
)
os
.
execv
(
innobackupex_incremental
,
[
innobackupex_incremental
,
'--incremental-basedir=%s'
%
base
,
incremental_backup
])
slapos/recipe/pulse2/mysql.py
deleted
100644 → 0
View file @
edeb5aa2
import
os
import
subprocess
import
time
import
sys
def
runMysql
(
args
):
sleep
=
60
conf
=
args
[
0
]
mysqld_wrapper_list
=
[
conf
[
'mysqld_binary'
],
'--defaults-file=%s'
%
conf
[
'configuration_file'
]]
# we trust mysql_install that if mysql directory is available mysql was
# correctly initalised
if
not
os
.
path
.
isdir
(
os
.
path
.
join
(
conf
[
'data_directory'
],
'mysql'
)):
while
True
:
# XXX: Protect with proper root password
# XXX: Follow http://dev.mysql.com/doc/refman/5.0/en/default-privileges.html
popen
=
subprocess
.
Popen
([
conf
[
'mysql_install_binary'
],
'--skip-name-resolve'
,
'--no-defaults'
,
'--datadir=%s'
%
conf
[
'data_directory'
]],
stdout
=
subprocess
.
PIPE
,
stderr
=
subprocess
.
STDOUT
)
result
=
popen
.
communicate
()[
0
]
if
popen
.
returncode
is
None
or
popen
.
returncode
!=
0
:
print
"Failed to initialise server.
\
n
The error was: %s"
%
result
print
"Waiting for %ss and retrying"
%
sleep
time
.
sleep
(
sleep
)
else
:
print
"Mysql properly initialised"
break
else
:
print
"MySQL already initialised"
print
"Starting %r"
%
mysqld_wrapper_list
[
0
]
sys
.
stdout
.
flush
()
sys
.
stderr
.
flush
()
os
.
execl
(
mysqld_wrapper_list
[
0
],
*
mysqld_wrapper_list
)
def
updateMysql
(
args
):
conf
=
args
[
0
]
sleep
=
30
is_succeed
=
False
while
True
:
if
not
is_succeed
:
mysql_upgrade_list
=
[
conf
[
'mysql_upgrade_binary'
],
'--no-defaults'
,
'--user=root'
,
'--socket=%s'
%
conf
[
'socket'
]]
mysql_upgrade
=
subprocess
.
Popen
(
mysql_upgrade_list
,
stdout
=
subprocess
.
PIPE
,
stderr
=
subprocess
.
STDOUT
)
result
=
mysql_upgrade
.
communicate
()[
0
]
if
mysql_upgrade
.
returncode
is
None
:
mysql_upgrade
.
kill
()
if
mysql_upgrade
.
returncode
!=
0
and
not
'is already upgraded'
in
result
:
print
"Command %r failed with result:
\
n
%s"
%
(
mysql_upgrade_list
,
result
)
print
'Sleeping for %ss and retrying'
%
sleep
else
:
if
mysql_upgrade
.
returncode
==
0
:
print
"MySQL database upgraded with result:
\
n
%s"
%
result
else
:
print
"No need to upgrade MySQL database"
mysql_list
=
[
conf
[
'mysql_binary'
].
strip
(),
'--no-defaults'
,
'-B'
,
'--user=root'
,
'--socket=%s'
%
conf
[
'socket'
]]
mysql
=
subprocess
.
Popen
(
mysql_list
,
stdin
=
subprocess
.
PIPE
,
stdout
=
subprocess
.
PIPE
,
stderr
=
subprocess
.
STDOUT
)
result
=
mysql
.
communicate
(
conf
[
'mysql_script'
])[
0
]
if
mysql
.
returncode
is
None
:
mysql
.
kill
()
if
mysql
.
returncode
!=
0
:
print
'Command %r failed with:
\
n
%s'
%
(
mysql_list
,
result
)
print
'Sleeping for %ss and retrying'
%
sleep
else
:
is_succeed
=
True
print
'SlapOS initialisation script succesfully applied on database.'
sys
.
stdout
.
flush
()
sys
.
stderr
.
flush
()
time
.
sleep
(
sleep
)
slapos/recipe/pulse2/template/apache.in.in
deleted
100644 → 0
View file @
edeb5aa2
# Apache static configuration
# Automatically generated
# Basic server configuration
PidFile "%(pid_file)s"
Listen %(ip)s:%(port)s
PHPINIDir %(php_ini_dir)s
ServerAdmin someone@email
DefaultType text/plain
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType application/x-httpd-php .php .phtml .php5 .php4
AddType application/x-httpd-php-source .phps
# Log configuration
ErrorLog "%(error_log)s"
LogLevel warn
LogFormat "%%h %%{REMOTE_USER}i %%l %%u %%t \"%%r\" %%>s %%b \"%%{Referer}i\" \"%%{User-Agent}i\"" combined
LogFormat "%%h %%{REMOTE_USER}i %%l %%u %%t \"%%r\" %%>s %%b" common
CustomLog "%(access_log)s" common
# Directory protection
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
Alias /mmc %(document_root)s
### Allow access to lmc web directory to everyone
<Directory %(document_root)s>
AllowOverride None
Order allow,deny
allow from all
php_flag short_open_tag on
php_flag magic_quotes_gpc on
</Directory>
DocumentRoot %(document_root)s
DirectoryIndex index.html index.php
# List of modules
LoadModule unixd_module modules/mod_unixd.so
LoadModule access_compat_module modules/mod_access_compat.so
LoadModule authz_core_module modules/mod_authz_core.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule headers_module modules/mod_headers.so
LoadModule dir_module modules/mod_dir.so
LoadModule php5_module modules/libphp5.so
slapos/recipe/pulse2/template/logrotate_entry.in
deleted
100644 → 0
View file @
edeb5aa2
%(file_list)s {
daily
dateext
rotate 30
compress
notifempty
sharedscripts
create
postrotate
%(postrotate)s
endscript
olddir %(olddir)s
}
slapos/recipe/pulse2/template/memcached.in
deleted
100644 → 0
View file @
edeb5aa2
#!/bin/sh
exec
%
(
memcached_binary
)
s
-p
%
(
memcached_port
)
s
-U
%
(
memcached_port
)
s
-l
%
(
memcached_ip
)
s
slapos/recipe/pulse2/template/mmc-core.in
deleted
100644 → 0
View file @
edeb5aa2
#!/bin/sh
exec
%
(
mmc_core_binary
)
s
-f
%
(
mmc_core_config_file
)
s
slapos/recipe/pulse2/template/mmc_conf/agent/config.ini
deleted
100644 → 0
View file @
edeb5aa2
[main]
host
=
%(mmc_host)s
port
=
%(mmc_port)s
# Credentials for HTTP basic authentication
login
=
mmc
password
=
s3cr3t
# RPC Session timeout in seconds.
# If unset default to Twisted hardcoded 900 seconds.
#sessiontimeout = 900
# Multi-threading support (enabled by default)
#multithreading = 1
#maxthreads = 20
# SSL support
enablessl
=
1
localcert
=
%(ssl_localcert)s
cacert
=
%(ssl_cacert)s
# Certificate check
# verifypeer = 0
# Path to the file containing the Certificate Authority (PEM format)
# cacert =
# Path to the file containing the local key and certificate (PEM format)
# localcert =
[daemon]
user
=
%(daemon_user)s
group
=
%(daemon_user)s
umask
=
0077
pidfile
=
%(daemon_pidfile)s
# user = mmc
# group = mmc
# umask = 0007
# pidfile= /var/run/mmc-agent.pid
[loggers]
keys
=
root
[handlers]
keys
=
hand01,hand02
[formatters]
keys
=
form01
[logger_root]
level
=
NOTSET
handlers
=
hand01
[handler_hand01]
class
=
FileHandler
level
=
INFO
formatter
=
form01
args
=
("%s" % %(mmc_log)s,)
[handler_hand02]
class
=
StreamHandler
level
=
DEBUG
args
=
(sys.stderr,)
[formatter_form01]
format
=
%(asctime)s #%(thread)d %(levelname)s %(message)s
slapos/recipe/pulse2/template/mmc_conf/agent/config.ini.in
deleted
100644 → 0
View file @
edeb5aa2
[main]
host = %(mmc_host)s
port = %(mmc_port)s
# Credentials for HTTP basic authentication
login = mmc
password = s3cr3t
# RPC Session timeout in seconds.
# If unset default to Twisted hardcoded 900 seconds.
#sessiontimeout = 900
# Multi-threading support (enabled by default)
#multithreading = 1
#maxthreads = 20
# SSL support
enablessl = 1
localcert = %(ssl_localcert)s
cacert = %(ssl_cacert)s
# Certificate check
# verifypeer = 0
# Path to the file containing the Certificate Authority (PEM format)
# cacert =
# Path to the file containing the local key and certificate (PEM format)
# localcert =
[daemon]
user = %(daemon_user)s
group = %(daemon_user)s
umask = 0077
pidfile= %(daemon_pidfile)s
# user = mmc
# group = mmc
# umask = 0007
# pidfile= /var/run/mmc-agent.pid
[loggers]
keys=root
[handlers]
keys=hand01,hand02
[formatters]
keys=form01
[logger_root]
level=NOTSET
handlers=hand01
[handler_hand01]
class=FileHandler
level=INFO
formatter=form01
args=("%s" % %(mmc_log)s,)
[handler_hand02]
class=StreamHandler
level=DEBUG
args=(sys.stderr,)
[formatter_form01]
format=%(asctime)s #%(thread)d %(levelname)s %(message)s
slapos/recipe/pulse2/template/mmc_conf/mmc.ini.in
deleted
100644 → 0
View file @
edeb5aa2
[global]
; RPC backend to use
backend = xmlrpc
; HTTP basic authentication credentials to use for XMLRPC communication
login = mmc
password = s3cr3t
; Root URL where the MMC web pages are installed
; root= /mmc/ for http://127.0.0.1/mmc/
root = /mmc/
; Filesystem path where the MMC web modules are installed
rootfsmodules = %(mmc_location)s/modules/
; Available pagination steps
pagination = 10 20 50 100
; Number of items to display in lists
maxperpage = 10
; Declare if this installation is a community version or not
; community can be yes or no
community = yes
; Debug section
[debug]
; 0 : no information
; 1 : XMLRPC calls and results are displayed by the web interface
level = 0
; Login page title
; UTF-8 strings must be used
[logintitle]
; Default page title for English and non-translated languages
C =
; French title
fr_FR =
; Spanish title
es_ES =
[server_01]
description = localhost
url = https://127.0.0.1:7080
; Timeout in seconds for all socket I/O operations
; Beware that timeout on a SSL socket only works with PHP >= 5.2.1
; timeout = 300
; SSL certificate check support
; verifypeer = 0
; Path to the file containing the Certificate Authority (PEM format)
; cacert =
; Path to the file containing the local key and certificate (PEM format)
; localcert =
slapos/recipe/pulse2/template/mmc_conf/plugins/base.ini
deleted
100644 → 0
View file @
edeb5aa2
[ldap]
# LDAP we are connected to
# If ldapurl starts with "ldaps://", use LDAP over SSL on the LDAPS port.
# LDAPS is deprecated, and you should use StartTLS.
# If ldapverifypeer = demand, always use the server hostname instead of its IP
# address in the LDAP URL. This hostname must match the CN field of the server
# certificate.
ldapurl
=
ldap://%(ldap_host)s:%(ldap_port)s
# Network timeout in seconds for LDAP operations. No default timeout set.
#network_timeout =
# TLS connection parameters when LDAPS is not used:
# off - never use TLS (default value)
# start_tls - Use the LDAPv3 StartTLS extended operation (better)
#start_tls = off
# If start_tls != off or LDAPS, specify check to perform on server certificate:
# never - don't ask certificate
# demand - request certificate. If none or bad certificate provided, stop the
# connection (recommended)
#ldapverifypeer = demand
# Client certicates to use (default are empty) for LDAPS or TLS connections:
# For example: /etc/ssl/certs
#cacertdir =
# For example: /etc/mmc/certs/demoCA/cacert.pem
#cacert =
# For example: /etc/mmc/certs/client.cert
#localcert =
# For example: /etc/mmc/certs/client.key
#localkey =
# Accepted ciphers
# Use this for more security: TLSv1+SHA1+AES+DH:CAMELLIA:!NULL:!ADH
#ciphersuites = TLSv1:!NULL
# LDAP debug level - set this to 255 to debug LDAP connection problems
#ldapdebuglevel = 0
# LDAP base DN
baseDN
=
dc=mandriva, dc=com
# Users location in the LDAP
baseUsersDN
=
ou=Users, %%(basedn)s
# Groups location in the LDAP
baseGroupsDN
=
ou=Groups, %%(basedn)s
# LDAP manager
rootName
=
cn=admin, %%(basedn)s
password
=
secret
# If enabled, the MMC will create/move/delete the home of the users
# Else will do nothing, but only write user informations into LDAP
userHomeAction
=
1
# Skeleton directory to populate a new home directory
skelDir
=
/etc/skel
# If set, all new users will belong to this group when created
defaultUserGroup
=
Domain Users
# Default home directory for users
defaultHomeDir
=
/home
# user uid number start
uidStart
=
10000
# group gid number start
gidStart
=
10000
# LDAP log file path
logfile
=
%(ldap_logfile_path)s
# FDS log file path
# logfile = /opt/fedora-ds/slapd-hostname/logs/access
# you can specify here where you can authorized creation of your homedir
# default is your defaultHomeDir
# example:
# authorizedHomeDir = /home, /home2, /mnt/depot/newhome
# LDAP user password scheme to use
# Possible values are "ssha", "crypt" and "passmod"
# "passmod" uses the LDAP Password Modify Extended Operations to change
# password. The password encryption is done by the LDAP server.
passwordscheme
=
passmod
#[backup-tools]
## Path of the backup tools
#path = /usr/lib/mmc/backup-tools
## Where are put the archives
#destpath = /home/archives
# Computer inventory plugin to use (Pulse 2 related option)
# [computers]
# method = glpi
# method = inventory
# Audit system configuration
# If commented, the audit module will be disabled
# [audit]
# method = database
# dbhost = localhost
# MySQL and PostgreSQL backends are available
# dbdriver = postgres
# dbport = 5432
# dbdriver = mysql
# dbport = 3306
# dbuser = audit
# dbpassword = audit
# dbname = audit
# User authentication configuration
#[authentication]
# Authenticators chain
#method = baseldap externalldap
# baseldap authenticator configuration
#[authentication_baseldap]
# Set a list of login that will only be authentified using this authenticator
#authonly = root
# Externalldap authenticator configuration
#[authentication_externalldap]
# Login list that won't be authenticated with this authenticator.
#exclude =
# If set, only the speficied logins will be authenticated with this
# authenticator.
#authonly =
# Set whether this authenticator is mandatory. If it is mandatory and can't be
# validated during the mmc-agent activation phase, the mmc-agent exits with an
# error.
#mandatory = True
# LDAP server URLs. The LDAP server are selected in the given order when
# authenticating a user.
#ldapurl = ldap://192.168.0.1:389 ldap://192.168.0.2:389
# LDAP connection timeout in seconds. If the LDAP connection failed after this
# timeout, we try the next LDAP server in the list or give up if it the last.
#network_timeout =
# LDAP suffix where to search for user
#suffix = cn=Users,dc=mandriva,dc=com
# How to bind to the LDAP. Empty if anonymous
#bindname = cn=account, cn=Users, dc=linboxad, dc=com
#bindpasswd = s3cr3t
#bindname =
#bindpasswd =
# User filter
#filter = objectClass=*
# User attribute containing her/his login
#attr = cn
# User provisioning configuration
#[provisioning]
#method = externalldap
# externalldap provisioner configuration
#[provisioning_externalldap]
# Login list that won't be provisioned with this provisioner
#exclude = root
# These attributes are mandatory to create a user
#ldap_uid = cn
#ldap_givenName = sn
#ldap_sn = sn
# Other attributes to fill in
#ldap_mail = mail
#...
# We are able to fill the ACL fields the user logs in according to the value of
# an attribute from the external LDAP.
# What is the field name ?
#profile_attr =
# Here we define two profiles: profile1 and profile2
# profile1 allows the user to log in and change her/his password in the web
# interface
#profile_acl_profile1= :base#users#passwd/
# profile2 disallows the user to do anything (no ACL defined)
#profile_acl_profile2 =
# ... You can define as much profile_acl_* options as you need
# For each profile, we can create a group of user, and put users with a given
# profile in the corresponding group automatically when they log in.
# Set the next line to True to activate profile to group mapping
#profile_group_mapping = False
# A prefix for the created group can be set
#profile_group_prefix =
# Example userdefault settings to support Kerberos
# [userdefault]
# objectClass = +krb5KDCEntry,krb5Principal
# krb5KeyVersionNumber = 1
# krb5KDCFlags = 126
# krb5PrincipalName = %uid%@DOMAIN
# Subscription informations
# [subscription]
# product_name = MDS
# vendor_name = Mandriva
# vendor_mail = sales@mandriva.com
# customer_name =
# customer_mail =
# comment =
# users = 0
# computers = 0
# # Support informations
# support_mail = customer@customercare.mandriva.com
# support_phone = 0810 LINBOX
# support_comment =
slapos/recipe/pulse2/template/mmc_conf/plugins/base.ini.in
deleted
100644 → 0
View file @
edeb5aa2
[ldap]
# LDAP we are connected to
# If ldapurl starts with "ldaps://", use LDAP over SSL on the LDAPS port.
# LDAPS is deprecated, and you should use StartTLS.
# If ldapverifypeer = demand, always use the server hostname instead of its IP
# address in the LDAP URL. This hostname must match the CN field of the server
# certificate.
ldapurl = ldap://%(ldap_host)s:%(ldap_port)s
# Network timeout in seconds for LDAP operations. No default timeout set.
#network_timeout =
# TLS connection parameters when LDAPS is not used:
# off - never use TLS (default value)
# start_tls - Use the LDAPv3 StartTLS extended operation (better)
#start_tls = off
# If start_tls != off or LDAPS, specify check to perform on server certificate:
# never - don't ask certificate
# demand - request certificate. If none or bad certificate provided, stop the
# connection (recommended)
#ldapverifypeer = demand
# Client certicates to use (default are empty) for LDAPS or TLS connections:
# For example: /etc/ssl/certs
#cacertdir =
# For example: /etc/mmc/certs/demoCA/cacert.pem
#cacert =
# For example: /etc/mmc/certs/client.cert
#localcert =
# For example: /etc/mmc/certs/client.key
#localkey =
# Accepted ciphers
# Use this for more security: TLSv1+SHA1+AES+DH:CAMELLIA:!NULL:!ADH
#ciphersuites = TLSv1:!NULL
# LDAP debug level - set this to 255 to debug LDAP connection problems
#ldapdebuglevel = 0
# LDAP base DN
baseDN = dc=mandriva, dc=com
# Users location in the LDAP
baseUsersDN = ou=Users, %%(basedn)s
# Groups location in the LDAP
baseGroupsDN = ou=Groups, %%(basedn)s
# LDAP manager
rootName = cn=admin, %%(basedn)s
password = secret
# If enabled, the MMC will create/move/delete the home of the users
# Else will do nothing, but only write user informations into LDAP
userHomeAction = 1
# Skeleton directory to populate a new home directory
skelDir = /etc/skel
# If set, all new users will belong to this group when created
defaultUserGroup = Domain Users
# Default home directory for users
defaultHomeDir = /home
# user uid number start
uidStart = 10000
# group gid number start
gidStart = 10000
# LDAP log file path
logfile = %(ldap_logfile_path)s
# FDS log file path
# logfile = /opt/fedora-ds/slapd-hostname/logs/access
# you can specify here where you can authorized creation of your homedir
# default is your defaultHomeDir
# example:
# authorizedHomeDir = /home, /home2, /mnt/depot/newhome
# LDAP user password scheme to use
# Possible values are "ssha", "crypt" and "passmod"
# "passmod" uses the LDAP Password Modify Extended Operations to change
# password. The password encryption is done by the LDAP server.
passwordscheme = passmod
#[backup-tools]
## Path of the backup tools
#path = /usr/lib/mmc/backup-tools
## Where are put the archives
#destpath = /home/archives
# Computer inventory plugin to use (Pulse 2 related option)
# [computers]
# method = glpi
# method = inventory
# Audit system configuration
# If commented, the audit module will be disabled
# [audit]
# method = database
# dbhost = localhost
# MySQL and PostgreSQL backends are available
# dbdriver = postgres
# dbport = 5432
# dbdriver = mysql
# dbport = 3306
# dbuser = audit
# dbpassword = audit
# dbname = audit
# User authentication configuration
#[authentication]
# Authenticators chain
#method = baseldap externalldap
# baseldap authenticator configuration
#[authentication_baseldap]
# Set a list of login that will only be authentified using this authenticator
#authonly = root
# Externalldap authenticator configuration
#[authentication_externalldap]
# Login list that won't be authenticated with this authenticator.
#exclude =
# If set, only the speficied logins will be authenticated with this
# authenticator.
#authonly =
# Set whether this authenticator is mandatory. If it is mandatory and can't be
# validated during the mmc-agent activation phase, the mmc-agent exits with an
# error.
#mandatory = True
# LDAP server URLs. The LDAP server are selected in the given order when
# authenticating a user.
#ldapurl = ldap://192.168.0.1:389 ldap://192.168.0.2:389
# LDAP connection timeout in seconds. If the LDAP connection failed after this
# timeout, we try the next LDAP server in the list or give up if it the last.
#network_timeout =
# LDAP suffix where to search for user
#suffix = cn=Users,dc=mandriva,dc=com
# How to bind to the LDAP. Empty if anonymous
#bindname = cn=account, cn=Users, dc=linboxad, dc=com
#bindpasswd = s3cr3t
#bindname =
#bindpasswd =
# User filter
#filter = objectClass=*
# User attribute containing her/his login
#attr = cn
# User provisioning configuration
#[provisioning]
#method = externalldap
# externalldap provisioner configuration
#[provisioning_externalldap]
# Login list that won't be provisioned with this provisioner
#exclude = root
# These attributes are mandatory to create a user
#ldap_uid = cn
#ldap_givenName = sn
#ldap_sn = sn
# Other attributes to fill in
#ldap_mail = mail
#...
# We are able to fill the ACL fields the user logs in according to the value of
# an attribute from the external LDAP.
# What is the field name ?
#profile_attr =
# Here we define two profiles: profile1 and profile2
# profile1 allows the user to log in and change her/his password in the web
# interface
#profile_acl_profile1= :base#users#passwd/
# profile2 disallows the user to do anything (no ACL defined)
#profile_acl_profile2 =
# ... You can define as much profile_acl_* options as you need
# For each profile, we can create a group of user, and put users with a given
# profile in the corresponding group automatically when they log in.
# Set the next line to True to activate profile to group mapping
#profile_group_mapping = False
# A prefix for the created group can be set
#profile_group_prefix =
# Example userdefault settings to support Kerberos
# [userdefault]
# objectClass = +krb5KDCEntry,krb5Principal
# krb5KeyVersionNumber = 1
# krb5KDCFlags = 126
# krb5PrincipalName = %uid%@DOMAIN
# Subscription informations
# [subscription]
# product_name = MDS
# vendor_name = Mandriva
# vendor_mail = sales@mandriva.com
# customer_name =
# customer_mail =
# comment =
# users = 0
# computers = 0
# # Support informations
# support_mail = customer@customercare.mandriva.com
# support_phone = 0810 LINBOX
# support_comment =
slapos/recipe/pulse2/template/mmc_conf/plugins/ppolicy.ini.in
deleted
100644 → 0
View file @
edeb5aa2
[main]
disable = 1
[ppolicy]
# Branch where the password policies are stored
ppolicyDN = ou=Password Policies, %(baseDN)s
# Name of the default password policy
ppolicyDefault = default
# This options are used only once to create the default password policy entry
# into the LDAP
[ppolicyattributes]
pwdAttribute = userPassword
pwdLockout = True
pwdMaxFailure = 5
pwdLockoutDuration = 900
# Password can't be change if it not 7 days old
pwdMinAge = 25200
# Password expiration is 42 days
pwdMaxAge = 3628800
pwdMinLength = 8
pwdInHistory = 5
pwdMustChange = True
# To check password quality
pwdCheckModule = mmc-check-password.so
pwdCheckQuality = 2
slapos/recipe/pulse2/template/my.cnf.in
deleted
100644 → 0
View file @
edeb5aa2
# ERP5 buildout my.cnf template based on my-huge.cnf shipped with mysql
# The MySQL server
[mysqld]
# ERP5 by default requires InnoDB storage. MySQL by default fallbacks to using
# different engine, like MyISAM. Such behaviour generates problems only, when
# tables requested as InnoDB are silently created with MyISAM engine.
#
# Loud fail is really required in such case.
sql-mode="NO_ENGINE_SUBSTITUTION"
skip-show-database
port = %(tcp_port)s
bind-address = %(ip)s
socket = %(socket)s
datadir = %(data_directory)s
pid-file = %(pid_file)s
log-error = %(error_log)s
log-slow-file = %(slow_query_log)s
long_query_time = 5
max_allowed_packet = 128M
query_cache_size = 32M
plugin-load = ha_innodb_plugin.so
# The following are important to configure and depend a lot on to the size of
# your database and the available resources.
#innodb_buffer_pool_size = 4G
#innodb_log_file_size = 256M
#innodb_log_buffer_size = 8M
# Some dangerous settings you may want to uncomment if you only want
# performance or less disk access. Useful for unit tests.
#innodb_flush_log_at_trx_commit = 0
#innodb_flush_method = nosync
#innodb_doublewrite = 0
#sync_frm = 0
# Uncomment the following if you need binary logging, which is recommended
# on production instances (either for replication or incremental backups).
#log-bin=mysql-bin
# Force utf8 usage
collation_server = utf8_unicode_ci
character_set_server = utf8
skip-character-set-client-handshake
[mysql]
no-auto-rehash
socket = %(socket)s
[mysqlhotcopy]
interactive-timeout
slapos/recipe/pulse2/template/mysqlinit.sql.in
deleted
100644 → 0
View file @
edeb5aa2
CREATE DATABASE IF NOT EXISTS %(database)s;
GRANT ALL PRIVILEGES ON %(database)s.* TO %(user)s@localhost IDENTIFIED BY %(password)r;
GRANT ALL PRIVILEGES ON %(database)s.* TO %(user)s@'%%' IDENTIFIED BY %(password)r;
GRANT SHOW DATABASES ON *.* TO %(user)s@localhost IDENTIFIED BY %(password)r;
GRANT SHOW DATABASES ON *.* TO %(user)s@'%%' IDENTIFIED BY %(password)r;
FLUSH PRIVILEGES;
EXIT
slapos/recipe/pulse2/template/openssl.cnf.ca.in
deleted
100644 → 0
View file @
edeb5aa2
#
# OpenSSL example configuration file.
# This is mostly being used for generation of certificate requests.
#
# This definition stops the following lines choking if HOME isn't
# defined.
HOME = .
RANDFILE = $ENV::HOME/.rnd
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
# To use this configuration file with the "-extfile" option of the
# "openssl x509" utility, name here the section containing the
# X.509v3 extensions to use:
# extensions =
# (Alternatively, use a configuration file that has only
# X.509v3 extensions in its main [= default] section.)
[ new_oids ]
# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
# Add a simple OID like this:
# testoid1=1.2.3.4
# Or use config file substitution like this:
# testoid2=${testoid1}.5.6
# Policies used by the TSA examples.
tsa_policy1 = 1.2.3.4.1
tsa_policy2 = 1.2.3.4.5.6
tsa_policy3 = 1.2.3.4.5.7
####################################################################
[ ca ]
default_ca = CA_default # The default ca section
####################################################################
[ CA_default ]
dir = %(working_directory)s # Where everything is kept
certs = $dir/certs # Where the issued certs are kept
crl_dir = $dir/crl # Where the issued crl are kept
database = $dir/index.txt # database index file.
#unique_subject = no # Set to 'no' to allow creation of
# several ctificates with same subject.
new_certs_dir = $dir/newcerts # default place for new certs.
certificate = $dir/cacert.pem # The CA certificate
serial = $dir/serial # The current serial number
crlnumber = $dir/crlnumber # the current crl number
# must be commented out to leave a V1 CRL
crl = $dir/crl.pem # The current CRL
private_key = $dir/private/cakey.pem # The private key
RANDFILE = $dir/private/.rand # private random number file
x509_extensions = usr_cert # The extentions to add to the cert
# Comment out the following two lines for the "traditional"
# (and highly broken) format.
name_opt = ca_default # Subject Name options
cert_opt = ca_default # Certificate field options
# Extension copying option: use with caution.
# copy_extensions = copy
# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
# so this is commented out by default to leave a V1 CRL.
# crlnumber must also be commented out to leave a V1 CRL.
# crl_extensions = crl_ext
default_days = 3650 # how long to certify for
default_crl_days= 30 # how long before next CRL
default_md = default # use public key default MD
preserve = no # keep passed DN ordering
# A few difference way of specifying how similar the request should look
# For type CA, the listed attributes must be the same, and the optional
# and supplied fields are just that :-)
policy = policy_match
# For the CA policy
[ policy_match ]
countryName = match
stateOrProvinceName = match
organizationName = match
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
# For the 'anything' policy
# At this point in time, you must list all acceptable 'object'
# types.
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
####################################################################
[ req ]
default_bits = 2048
default_md = sha1
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
#attributes = req_attributes
x509_extensions = v3_ca # The extentions to add to the self signed cert
# Passwords for private keys if not present they will be prompted for
# input_password = secret
# output_password = secret
# This sets a mask for permitted string types. There are several options.
# default: PrintableString, T61String, BMPString.
# pkix : PrintableString, BMPString (PKIX recommendation before 2004)
# utf8only: only UTF8Strings (PKIX recommendation after 2004).
# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
# MASK:XXXX a literal mask value.
# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
string_mask = utf8only
# req_extensions = v3_req # The extensions to add to a certificate request
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_value = %(country_code)s
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_value = %(state)s
localityName = Locality Name (eg, city)
localityName_value = %(city)s
0.organizationName = Organization Name (eg, company)
0.organizationName_value = %(company)s
# we can do this but it is not needed normally :-)
#1.organizationName = Second Organization Name (eg, company)
#1.organizationName_default = World Wide Web Pty Ltd
commonName = Common Name (eg, your name or your server\'s hostname)
commonName_max = 64
emailAddress = Email Address
emailAddress_value = %(email_address)s
emailAddress_max = 64
# SET-ex3 = SET extension number 3
#[ req_attributes ]
#challengePassword = A challenge password
#challengePassword_min = 4
#challengePassword_max = 20
#
#unstructuredName = An optional company name
[ usr_cert ]
# These extensions are added when 'ca' signs a request.
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "OpenSSL Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
# An alternative to produce certificates that aren't
# deprecated according to PKIX.
# subjectAltName=email:move
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
# This is required for TSA certificates.
# extendedKeyUsage = critical,timeStamping
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ v3_ca ]
# Extensions for a typical CA
# PKIX recommendation.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
# This is what PKIX recommends but some broken software chokes on critical
# extensions.
#basicConstraints = critical,CA:true
# So we do this instead.
basicConstraints = CA:true
# Key usage: this is typical for a CA certificate. However since it will
# prevent it being used as an test self-signed certificate it is best
# left out by default.
# keyUsage = cRLSign, keyCertSign
# Some might want this also
# nsCertType = sslCA, emailCA
# Include email address in subject alt name: another PKIX recommendation
# subjectAltName=email:copy
# Copy issuer details
# issuerAltName=issuer:copy
# DER hex encoding of an extension: beware experts only!
# obj=DER:02:03
# Where 'obj' is a standard or added object
# You can even override a supported extension:
# basicConstraints= critical, DER:30:03:01:01:FF
[ crl_ext ]
# CRL extensions.
# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
# issuerAltName=issuer:copy
authorityKeyIdentifier=keyid:always
[ proxy_cert_ext ]
# These extensions should be added when creating a proxy certificate
# This goes against PKIX guidelines but some CAs do it and some software
# requires this to avoid interpreting an end user certificate as a CA.
basicConstraints=CA:FALSE
# Here are some examples of the usage of nsCertType. If it is omitted
# the certificate can be used for anything *except* object signing.
# This is OK for an SSL server.
# nsCertType = server
# For an object signing certificate this would be used.
# nsCertType = objsign
# For normal client use this is typical
# nsCertType = client, email
# and for everything including object signing:
# nsCertType = client, email, objsign
# This is typical in keyUsage for a client certificate.
# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
# This will be displayed in Netscape's comment listbox.
nsComment = "OpenSSL Generated Certificate"
# PKIX recommendations harmless if included in all certificates.
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid,issuer
# This stuff is for subjectAltName and issuerAltname.
# Import the email address.
# subjectAltName=email:copy
# An alternative to produce certificates that aren't
# deprecated according to PKIX.
# subjectAltName=email:move
# Copy subject details
# issuerAltName=issuer:copy
#nsCaRevocationUrl = http://www.domain.dom/ca-crl.pem
#nsBaseUrl
#nsRevocationUrl
#nsRenewalUrl
#nsCaPolicyUrl
#nsSslServerName
# This really needs to be in place for it to be a proxy certificate.
proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
####################################################################
[ tsa ]
default_tsa = tsa_config1 # the default TSA section
[ tsa_config1 ]
# These are used by the TSA reply generation only.
dir = /etc/pki/tls # TSA root directory
serial = $dir/tsaserial # The current serial number (mandatory)
crypto_device = builtin # OpenSSL engine to use for signing
signer_cert = $dir/tsacert.pem # The TSA signing certificate
# (optional)
certs = $dir/cacert.pem # Certificate chain to include in reply
# (optional)
signer_key = $dir/private/tsakey.pem # The TSA private key (optional)
default_policy = tsa_policy1 # Policy if request did not specify it
# (optional)
other_policies = tsa_policy2, tsa_policy3 # acceptable policies (optional)
digests = md5, sha1 # Acceptable message digests (mandatory)
accuracy = secs:1, millisecs:500, microsecs:100 # (optional)
clock_precision_digits = 0 # number of digits after dot. (optional)
ordering = yes # Is ordering defined for timestamps?
# (optional, default: no)
tsa_name = yes # Must the TSA name be included in the reply?
# (optional, default: no)
ess_cert_id_chain = no # Must the ESS cert id chain be included?
# (optional, default: no)
slapos/recipe/pulse2/template/php.ini.in
deleted
100644 → 0
View file @
edeb5aa2
[PHP]
engine = On
safe_mode = Off
expose_php = On
error_reporting = E_ALL | E_STRICT
display_errors = On
display_startup_errors = On
log_errors = On
log_errors_max_len = 1024
ignore_repeated_errors = Off
ignore_repeated_source = Off
slapos/recipe/pulse2/template/pulse2_conf/plugins/dyngroup.ini.in
deleted
100644 → 0
View file @
edeb5aa2
[main]
# Is the plugin disable ?
disable = 0
# Are dynamic group enable ?
dynamic_enable = 1
# Are profiles enable ?
# profiles_enable = 0
# Preselected module in the dynamic group creation page
# default_module =
# Maximum number of elements in the static group creation list
# max_elements_for_static_list = 2000
[database]
dbdriver = mysql
dbhost = %(mysql_host)s
dbport = %(mysql_port)s
dbuser = %(mysql_user)s
dbpasswd = %(mysql_password)s
dbname = dyngroup
# dbsslenable = 0
# dbsslca =
# dbsslcert =
# dbsslkey =
# Database connection lifetime
# dbpoolrecycle = 60
# Database connection pool size
# dbpoolsize = 5
[querymanager]
# can we query on group names ?
activate = 0
slapos/recipe/pulse2/template/pulse2_conf/plugins/glpi.ini.in
deleted
100644 → 0
View file @
edeb5aa2
[main]
disable = 0
dbdriver = mysql
dbhost = %(mysql_host)s
dbport = %(mysql_port)s
dbuser = %(mysql_user)s
dbpasswd = %(mysql_password)s
dbname = glpi
# dbsslenable = 0
# dbsslca =
# dbsslcert =
# dbsslkey =
# Database connection lifetime
# dbpoolrecycle = 60
# Database connection pool size
# dbpoolsize = 5
# Allow users to filter computers list using an entity selector
localisation = True
# Accepted GLPI profiles. A user must have her/his GLPI profile in this list
# else she/he can't display any computers from the GLPI inventory
# active_profiles = profile1 profile2 profile3
# Only display computers with the specified state
# filter_on = state=3
# Give the uri to link to for a computer inventory
# glpi_computer_uri =
# should be something like that :
# glpi_computer_uri = http://localhost/glpi/front/computer.form.php?ID=
# Tell whether the query manager of the dyngroup plugin can use this module
[querymanager]
activate = True
# GLPI authentication configuration
#[authentication_glpi]
# URL to connect to the GLPI HTTP interface ?
#baseurl = http://glpi-server/glpi/
# GLPI provisioning configuration
#[provisioning_glpi]
# Users that will never be provisioned
#exclude = root
# Before provisioning, should we perform a GLPI authentication to create or
# update the user informations in the GLPI database ?
#doauth = 1
# MMC web interface ACLs definition according to the user GLPI profile
#profile_acl_profile1 = :##:base#main#default
#profile_acl_profile2 =
#profile_acl_profile3 =
# If the user belong to more than one profile, the first profile of this list
# will be used
#profiles_order = profile1 profile2 profile3
slapos/recipe/pulse2/template/pulse2_conf/plugins/imaging.ini.in
deleted
100644 → 0
View file @
edeb5aa2
[main]
disable = 0
[database]
# dbdriver = mysql
# dbhost = localhost
# dbport = 3306
# dbname = imaging
# dbuser = mmc
# dbpasswd = mmc
# dbsslenable = 0
# dbsslca = /etc/mmc/pulse2/imaging/cacert.pem
# dbsslcert = /etc/mmc/pulse2/imaging/cert.pem
# dbsslkey = /etc/mmc/pulse2/imaging/key.pem
# Database connection lifetime
# dbpoolrecycle = 60
# Database connection pool size
# dbpoolsize = 5
# [web]
# ##### Interface customization #####
# user may want to override the way dates are displayed (see http://www.php.net/date for more informations)
# web_def_date_fmt = "%Y-%m-%d %H:%M:%S"
# web_def_default_protocol = nfs
# Menu settings
# web_def_default_menu_name = Menu
# web_def_default_timeout = 60
# web_def_default_background_uri =
# web_def_default_message = Warning ! Your PC is being backed up or restored. Do not reboot !
# start options
# web_def_kernel_parameters = quiet
# backup/restore options
# web_def_image_parameters =
slapos/recipe/pulse2/template/pulse2_conf/plugins/inventory.ini.in
deleted
100644 → 0
View file @
edeb5aa2
[main]
disable = 0
displayLocalisationBar = 0
# Example of software filter when querying a computer inventory.
# All softwares containing the KB string will be excluded
# software_filter = %KB%
[inventory]
dbdriver = mysql
dbhost = %(mysql_host)s
dbport = %(mysql_port)s
dbuser = %(mysql_user)s
dbpasswd = %(mysql_password)s
dbname = inventory
dbsslenable = 0
dbsslca = %(inventory_ssl_cacert)s
dbsslcert = %(inventory_ssl_cert)s
dbsslkey = %(inventory_ssl_key)s
# Database connection lifetime
# dbpoolrecycle = 60
# Database connection pool size
# dbpoolsize = 5
[computers]
# display = cn::Computer Name||displayName::Description
# content =
[expert_mode]
Bios = BiosVersion|ChipSerial|BiosVendor|SmbManufacturer|SmbProduct|SmbVersion|SmbSerial|SmbUUID|SmbType|DateFirstSwitchOn
Network = CardType|MIB|Bandwidth|NetworkType|SubnetMask|State
Hardware = Build|Version|ProcessorCount|SwapSpace|User|Date|Workgroup|RegisteredName|RegisteredCompany|OSSerialNumber|Type|OsSerialKey|ProcessorFrequency|Host
Software = ProductPath|Type|Icon|UninstallPath|ExecutableSize|Application
Controller = ExpandedType|HardwareVersion|StandardType
Drive = DriveType|FileCount|FileSystem
Input = StandardDescription|ExpandedDescription|Connector
Memory = ExtendedDescription|SlotCount
Monitor = Stamp|Type|Serial|Manuf
Pci =
Port = Stamp
Printer =
Slot =
Sound = Description
Storage = ExtendedType|VolumeName|Media
VideoCard =
[graph]
Network = Gateway
Hardware = OperatingSystem|ProcessorType
Memory = Size
# [querymanager]
# list = Entity/Label||Software/ProductName||Hardware/ProcessorType||Hardware/OperatingSystem||Drive/TotalSpace||Inventory/Date
# double = Software/Products::Software/ProductName##Software/ProductVersion
# halfstatic = Registry/Value/display name::Path##DisplayName
# extended = Inventory/Date||Drive/TotalSpace
# [provisioning_inventory]
# Users that will never be provisioned
# exclude = root
# A user can be automatically linked to a list of entities according to his
# profile.
# What is the LDAP field name that defines its profile name ?
# profile_attr =
# Here are the possible notations for profile to entities mapping:
# A simple list of the entities names
# profile_entity_profile1 = entityA entityB
# The dot char is the root entity
# profile_entity_profile2 = .
# In this example the content of the multi-valued 'pulse2entity' LDAP attribute
# will be used
# profile_entity_profile3 = %pulse2entity%
# Here the provisioning plugin 'network_to_entity' will be used
# profile_entity_profile4 = plugin:network_to_entity
slapos/recipe/pulse2/template/pulse2_conf/plugins/msc.ini.in
deleted
100644 → 0
View file @
edeb5aa2
[main]
disable = 0
[msc]
# repopath = /var/lib/pulse2/packages
# qactionspath = /var/lib/pulse2/qactions
# download_directory_path = /var/lib/pulse2/downloads
# dbdriver = mysql
# dbhost = localhost
# dbport = 3306
# dbname = msc
# dbuser = mmc
# dbpasswd = mmc
# dbdebug = ERROR
# Database connection lifetime
# dbpoolrecycle = 60
# Database connection pool size
# dbpoolsize = 5
# SSL support
# dbsslenable = 0
# dbsslca =
# dbsslcert =
# dbsslkey =
# Computer's IP addresses filtering
# ignore_non_rfc2780 = 1
# ignore_non_rfc1918 = 0
# Comma separated values of excluded or included IP addresses or ranges
# For example: exclude_ipaddr = 192.168.0.1,10.0.0.0/10.255.255.255
# Included addresses are never filtered.
# exclude_ipaddr =
# include_ipaddr =
# Computer's host name filtering
# ignore_non_fqdn = 0
# ignore_invalid_hostname = 0
# Space separated list regexp for rejected or accepted host name
# Host name matching the regexp in include_hostname are always accepted
# For example: exclude_hostname = ^computer[0-9]*$ ^server[0-9]*$
# exclude_hostname =
# include_hostname =
# Computer's MAC addresses filtering
# wol_macaddr_blacklist =
# default scheduler used by the msc
default_scheduler = scheduler_01
[scheduler_api]
host = %(ipv4)s
port = 9990
username =
password =
enablessl = 1
# verifypeer = 0
# cacert =
# localcert =
[scheduler_01]
host = %(ipv4)s
port = 8000
username = username
password = password
enablessl = 1
# verifypeer = 0
# cacert =
# localcert =
[web]
# ##### Interface customization #####
# user may want to override the way dates are displayed (see http://www.php.net/date for more informations)
# web_def_date_fmt = "%Y-%m-%d %H:%M:%S"
#
# ##### Deployment default settings #####
# pre-check the "awake" checkbox in 'standard' deploy mode
# web_def_awake = 1
# pre-check the "do inventory" checkbox in 'standard' deploy mode
# web_def_inventory = 1
# hidden option
# web_show_reboot = 0
# pre-select the following mode in 'advanced' deploy mode
# the two available modes are push and push_pull
# web_def_mode = push
# if set to False, the following setting allow the user to toggle between push and push/pull mode in advanced mode
# web_force_mode = True
# web_def_maxbw = 0
# web_def_delay = 60
# web_def_attempts = 3
# web_def_deployment_intervals =
# web_dlpath =
# Max bandwidth for file download in Kbit/s
# web_def_dlmaxbw = 0
#
# ##### Proxy default settings ####
# May the local proxy system be used ?
# web_allow_local_proxy = False
# default proxy mode, defaut "multiple", other possible value "single"
# web_def_local_proxy_mode = multiple
# Max number of clients per proxy in proxy mode
# web_def_max_clients_per_proxy = 10
# Number of auto-selected proxy in semi-auto mode
# web_def_proxy_number = 2
# default mode (semi_auto / manual)
# web_def_proxy_selection_mode = semi_auto
#
# ##### VNC Applet default settings ####
# Here we may define the VNC applet behavior (in some way)
# may the VNC applet used ? (this setting simply (en/dis)able the display of the VNC action button)
# vnc_show_icon = True
# allow user to interact with remote desktop ?
# vnc_view_only = True
# use the following VNC client pre-defined rules,
# currently available profiles:
# fiber: for high speed local networks (low latency, 10 Mb/s per connection)
# lan: for 100 Mb local networks (low latency, 3 Mb/s per connection)
# cable: for high-end broadband links (high latency, 400 kb/s per connection)
# dsl: for low-end broadband links (high latency, 120 kb/s per connection)
# isdn: (high latency, 75 kb/s)
# vnc_network_connectivity = lan
# display applet control to user
# vnc_allow_user_control = False
# the port to use to connect to a VNC
# vnc_port = 5900
#
# ##### Client probing behavior ####
# the LED which represents the client status can take four colors:
# black => no probe done
# red => all probe failed
# orange => minimal probe succedeed (ping), maximal probe failed (ssh)
# green => all probe succedeed
# available probes are: none (field is empty), ping, ssh, ping_ssh (ie. both)
# for networks where icmp is not allowed, ping may be disabled: probe_order=ssh
# to speed-up display, ssh may be disabled: probe_order=ping
# to fully disable probe: probe_order=
# default conf: ping_ssh, in other terms: ping = orange, ssh = green
# probe_order=ping_ssh
[package_api]
# mserver = 127.0.0.1
# mport = 9990
# mmountpoint = /rpc
# enablessl = 1
# verifypeer = 0
# localcert =
# cacert =
slapos/recipe/pulse2/template/pulse2_conf/plugins/pkgs.ini.in
deleted
100644 → 0
View file @
edeb5aa2
[main]
disable = 0
[user_package_api]
server = localhost
port = 9990
mountpoint = /upaa
username =
password =
enablessl = 1
# verifypeer = 0
# cacert =
# localcert =
slapos/recipe/pulse2/template/pulse2_conf/plugins/pulse2.ini.in
deleted
100644 → 0
View file @
edeb5aa2
[main]
disable = 0
# [database]
# dbdriver = mysql
# dbhost = localhost
# dbport = 3306
# dbname = pulse2
# dbuser = mmc
# dbpasswd = mmc
# dbsslenable = 0
# dbsslca =
# dbsslcert =
# dbsslkey =
slapos/recipe/pulse2/template/pulse2_conf/pulse2/atftpd/pcre.conf.in
deleted
100644 → 0
View file @
edeb5aa2
^/tftpboot/revoboot/bin/revoboot.pxe$ bootloader/pxe_boot
^/bootloader/pxe_boot$ bootloader/pxe_boot
^/bootloader/bootsplash.xpm$ bootloader/bootsplash.xpm
^/bootmenus/default bootmenus/default
^/bootmenus/([0-9A-F]{12}) bootmenus/$1
^/bootmenus/([0-9A-F]{8}) bootmenus/$1
^/custom/(.+) custom/$1
^/diskless/kernel$ diskless/kernel
^/diskless/initrd$ diskless/initrd
^/diskless/memtest$ diskless/memtest
^/tools/memtest$ diskless/memtest
^/masters/(.+) masters/$1
^/(.*)$ ?
.* ?
slapos/recipe/pulse2/template/pulse2_conf/pulse2/imaging-server/imaging-server.ini.in
deleted
100644 → 0
View file @
edeb5aa2
[main]
# We will bind on this address ...
# host = 0.0.0.0
# ... and this UDP port
# port = 1001
# required password to record a client, not checked if empty
# adminpass =
[daemon]
# as we are a service, we need some info to be run, such as:
# - the identity we will run into
# user = root
# group = root
# - our umask
# umask = 0077
# and where to record our PID
# pidfile= /var/run/pulse2-imaging-server.pid
[package-server]
# here are described how to talk to our referent package server
#
# host = 127.0.0.1
# port = 9990
# mount_point = /imaging_api
# enablessl = True
# username = username
# password = password
# cacert = /etc/mmc/pulse2/imaging-server/keys/cacert.pem
# localcert = /etc/mmc/pulse2/imaging-server/keys/privkey.pem
# verifypeer = False
[hooks]
# hooks_dir = /usr/lib/pulse2/imaging-server/hooks
#
# 0xAD => "I'm new" action : menu creation request, triggered by the bootloader
# arg[1] = source MAC (short)
# arg[2] = given ID (short)
# arg[3] = given PASSWORD (optionnal)
# exit 0 on success
# create_client_path = create_client
#
# 0xAA => "I just booted" action : menu update request + inventory processing request, triggered by the bootloader
# arg[1] = source MAC (short)
# boot_client_path = boot_client
# arg[1] = source MAC (short)
# arg[2] = where the inventory is temporaly stored
# process_inventory_path = process_inventory
#
# 0xEC => "I just started a backup" : start a backup request, triggered by revoinc
# arg[1] = source MAC (short)
# arg[2] = kind of backup (L = image, B = Master)
# exit 0 on success
# start_image_path = start_image
#
# 0xED => "I just finished a backup" : end a backup request, triggered by revodoneimage
# end_image_path = end_image
#
# 0xCD => "Change my default menu" => change default menu request, triggered by revodefault
# arg[1] = source MAC (short)
# arg[2] = item to use
# exit 0 on success
# change_default_path = change_default
#
# 0x4C => log stuff
# arg[1] = source MAC (short)
# arg[2] = action :
# 0 => booted
# 1 => took item arg[3]
# 2 => starting restoration (more info in arg[3])
# 3 => finished restoration (more info in arg[3])
# 4 => starting backup (more info in arg[3])
# 5 => finished backup (more info in arg[3])
# 6 => started postinst
# 7 => finished postinst
# 8 => critical error
# arg[3] = optional, see upper
# exit 0 on success
# log_action_path = log_action
#
# 0x1A => asks for its UUID
# arg[1] = source MAC (short)
# exit 0 on success, UUID is the last line on stdout
# get_uuid_path = get_uuid
#
# 0x1B => asks for its Hostname
# arg[1] = source MAC (short)
# exit 0 on success, hostname is the last line on stdout
# get_hostname_path = get_hostname
#
# 0x54 => ask for time sync (for mtftp)
# arg[1] = source MAC (short)
# arg[2] = computed sync
# exit 0 on success
# mtftp_sync_path = mtftp_sync
[loggers]
keys = root
[handlers]
keys = hand01
[formatters]
keys = form01
[logger_root]
level = NOTSET
handlers = hand01
[handler_hand01]
class = FileHandler
level = INFO
formatter = form01
args = ("/var/log/mmc/pulse2-imaging-server.log",)
[formatter_form01]
format = %(asctime)s %(levelname)s %(message)s
slapos/recipe/pulse2/template/pulse2_conf/pulse2/inventory-server/inventory-server.ini.in
deleted
100644 → 0
View file @
edeb5aa2
[main]
# host =
# port = 9999
# ocsmapping = /etc/mmc/pulse2/inventory-server/OcsNGMap.xml
# enablessl = False
# verifypeer = False
# cacert = /etc/mmc/pulse2/inventory-server/keys/cacert.pem
# localcert = /etc/mmc/pulse2/inventory-server/keys/privkey.pem
# to put the data from the registry as hostname
# hostname = Hardware/Host # by default
# default_entity = .
# entities_rules_file =
[database]
# dbdriver = mysql
# dbhost = localhost
# dbport = 3306
# dbname = inventory
# dbuser = mmc
# dbpasswd = mmc
# dbpoolrecycle = 60
# dbsslenable = 0
# dbsslca = /etc/mmc/pulse2/inventory/cacert.pem
# dbsslcert = /etc/mmc/pulse2/inventory/cert.pem
# dbsslkey = /etc/mmc/pulse2/inventory/key.pem
[daemon]
# pidfile = /var/run/pulse2-inventory-server.pid
# user = root
# group = root
# umask = 0077
# Example of non-root execution settings:
# user = mmc
# group = mmc
# umask = 0007
# [option_01]
# NAME = REGISTRY
# PARAM_01 = NAME::srvcomment||REGKEY::SYSTEM\CurrentControlSet\Services\lanmanserver\parameters||REGTREE::2##srvcomment
# PARAM_02 = NAME::DisplayName||REGKEY::SYSTEM\CurrentControlSet\Services\lanmanserver||REGTREE::2##DisplayName
[loggers]
keys=root
[handlers]
keys=hand01,hand02
[formatters]
keys=form01
[logger_root]
level=NOTSET
handlers=hand01
[handler_hand01]
class=FileHandler
level=INFO
formatter=form01
args=("/var/log/mmc/pulse2-inventory-server.log",)
[handler_hand02]
class=StreamHandler
level=DEBUG
args=(sys.stderr,)
[formatter_form01]
format=%(asctime)s %(levelname)s %(message)s
slapos/recipe/pulse2/template/pulse2_conf/pulse2/launchers/launchers.ini.in
deleted
100644 → 0
View file @
edeb5aa2
[launchers]
# Pulse2 Launcher path
# launcher_path = /usr/sbin/pulse2-launcher
## Misc locations ##
# Source directory for push mode
# source_path = /var/lib/pulse2/packages
## Workflow-related commands ##
# global ping command
# ping_path = /usr/sbin/pulse2-ping
# global inventory command
# inventory_command = export P2SRV=`echo $SSH_CONNECTION | cut -f1 -d\ `; export P2PORT=9999; export http_proxy=""; export ftp_proxy=""; ( [ -x /cygdrive/c/Program\ Files/OCS\ Inventory\ Agent/OCSInventory.exe ] && /cygdrive/c/Program\ Files/OCS\ Inventory\ Agent/OCSInventory.exe /np /server:$P2SRV /pnum:$P2PORT ) || ( [ -x /usr/bin/ocsinventory-agent ] && /usr/bin/ocsinventory-agent --server=http://$P2SRV:$P2PORT ) || ( [ -x /usr/sbin/ocsinventory-agent ] && /usr/sbin/ocsinventory-agent --server=http://$P2SRV:$P2PORT ) || ( [ -x /usr/local/sbin/ocs_mac_agent.php ] && /usr/local/sbin/ocs_mac_agent.php )
# global reboot command
# reboot_command = /bin/shutdown.exe -f -r 1 || shutdown -r now
# global halt command
# halt_command = /bin/shutdown.exe -f -s 1 || shutdown -h now
## Target on client ##
# target directory on client
# target_path = /tmp
# temp folder name prefix on client
# temp_folder_prefix = MDVPLS
## Foll-proofing ##
# Above this amount of seconds the command will automatically be killed.
# max_command_age = 86400
# Above this amount of seconds a computer will be considered as
# unreachable.
# max_ping_time = 4
# Above this amount of seconds a computer will be considered as without
# ssh installed
# max_probe_time = 20
[daemon]
# the place were we put the daemons's PID files
# pidfile = /var/run/pulse2
# user = root
# group = root
# umask = 0077
# Example of non-root execution settings:
# user = mmc
# group = mmc
# umask = 0007
[wrapper]
# wrapper path
# path = /usr/sbin/pulse2-output-wrapper
# cap the amount of logs a wrapper can generate (in bytes)
# max_log_size = 512000
# wrapper will quit it process takes longer to complete (in seconds)
# max_exec_time = 21600
[ssh]
# defaultkey is the name of the default SSH key
# default_key = default
# openssl binaries path
# scp_path = /usr/bin/scp
# ssh_path = /usr/bin/ssh
# ssh_agent_path = /usr/bin/ssh-agent
# sshkey_default = /root/.ssh/id_dsa
# sshkey_mysecondkey = /somewhere/my_second_key
# options passed to SSH via "-o"
# ssh_options = LogLevel=ERROR UserKnownHostsFile=/dev/null StrictHostKeyChecking=no Batchmode=yes PasswordAuthentication=no ServerAliveInterval=10 CheckHostIP=no ConnectTimeout=10
# ssh's keyforwarding control: never, always, or let (aka 'let the scheduler decide')
# forward_key = let
[wget]
# wget binary path (on client)
# wget_path = /usr/bin/wget
# wget_options =
# check_certs = False
# resume = True
[rsync]
# rsync_path = /usr/bin/rsync
# resume = True
# set_executable can be yes, no or keep
# set_executable = yes
# set_access can be private, restricted or public
# set_access = private
[wol]
# Pulse2 WOL Path
# wol_path = /usr/sbin/pulse2-wol
# wol_port = 40000
# wol_bcast = 255.255.255.255
[tcp_sproxy]
# Pulse2 SSH Proxy path
# tcp_sproxy_path = /usr/sbin/pulse2-tcp-sproxy
# The "external" VNC IP adress
# tcp_sproxy_host =
# The TCP range to attribue to the proxy
# tcp_sproxy_port_range = 8100-8200
# the initial ssh connection to the client timeout
# tcp_sproxy_establish_delay = 20
# the initial VNC connection to the proxy timeout
# tcp_sproxy_connect_delay = 60
# the number of seconds a connection will stay open after the initial handshake
# tcp_sproxy_session_lenght = 3600
[smart_cleaner]
# Pulse2 Smart Cleaner path (on the target); if empty we do not use it
# smart_cleaner_path = /usr/bin/pulse2-smart-cleaner.sh
# cleaner options, space separated, see doc
# smart_cleaner_options =
[scheduler_01]
# host = 127.0.0.1
# port = 8000
# enablessl = True
# username = username
# password = password
# periodicaly talk to our referent scheduler
# awake_time = 600
# add some randomness in our wake-ups
# awake_incertitude_factor = .2
# if set to yes, do no send results directly after a command completion
# defer_results = no
# Launchers sections, one per launcher
[launcher_01]
# bind = 127.0.0.1
port = 8001
# slots = 300
# username = username
# password = password
# scheduler = scheduler_01
enablessl = True
cacert = /etc/mmc/pulse2/launchers/keys/cacert.pem
localcert = /etc/mmc/pulse2/launchers/keys/privkey.pem
verifypeer = False
# You can override the logger configuration of this launcher with the
# loggconffile option, else the logger configuration from the current file will
# be used.
# logconffile = /etc/mmc/pulse2/launchers/log_launcher_01.ini
[loggers]
keys = root
[handlers]
keys = hand01
[formatters]
keys = form01
[logger_root]
level = NOTSET
handlers = hand01
[handler_hand01]
class = FileHandler
level = INFO
formatter = form01
args = ("/var/log/mmc/pulse2-launchers.log",)
[formatter_form01]
format = %(asctime)s %(levelname)s %(message)s
slapos/recipe/pulse2/template/pulse2_conf/pulse2/launchers/log_launcher_01.ini.in
deleted
100644 → 0
View file @
edeb5aa2
[loggers]
keys = root
[handlers]
keys = hand01
[formatters]
keys = form01
[logger_root]
level = NOTSET
handlers = hand01
[handler_hand01]
class = FileHandler
level = INFO
formatter = form01
args = ("/var/log/mmc/pulse2-launcher-01.log",)
[formatter_form01]
format = %(asctime)s %(levelname)s %(message)s
slapos/recipe/pulse2/template/pulse2_conf/pulse2/p2ipc-windows.ini.in
deleted
100644 → 0
View file @
edeb5aa2
[main]
server =
port = 9999
command_name = C:\Program Files\OCS Inventory Agent\OCSInventory.exe
command_attr = /SERVER:127.0.0.1 /PNUM:9999
enablessl = True
verifypeer = False
cacert = cacert.pem
localcert = privkey.pem
# [polling]
# activate = 0
# type = reg
# time = 600
# path = HKEY_LOCAL_MACHINE\Software\Mandriva\Inventory\Client\do_inventory
[loggers]
keys = root
[handlers]
keys = hand01
[formatters]
keys = form01
[logger_root]
level = NOTSET
handlers = hand01
[handler_hand01]
class = handlers.NTEventLogHandler
level = INFO
formatter = form01
args = ("Pulse 2 Proxy SSL",)
# [handler_hand01]
# class = handlers.RotatingFileHandler
# level = DEBUG
# formatter = form01
# args = ("C:\\Program Files\\Mandriva\\Pulse2 Inventory SSL Proxy\\log.txt", "a", 100*1024, 5)
[formatter_form01]
format = %(asctime)s %(levelname)s %(message)s
# Xml update add extra information to OCS XML output
[xmlupdate]
# execute the update
enable = False
# keep a local copy of the updated XML
keepxmlupdate = False
# notify software updates
updatedetection = False
# add software icons to XML output
addicon = False
# add OCS execution debug to OCS XML output
[ocsdebug]
enable = False
\ No newline at end of file
slapos/recipe/pulse2/template/pulse2_conf/pulse2/p2ipc.ini.in
deleted
100644 → 0
View file @
edeb5aa2
[main]
# server =
# port = 9999
# path = /
# tmpdirname = /tmp/Pulse2InventoryProxy
# command_name = /usr/local/bin/ocsinventory-agent
# command_attr = -l /tmp/Pulse2InventoryProxy
# enablessl = True
# key_file = conf/key/privkey.pem
# cert_file = conf/key/cacert.pem
slapos/recipe/pulse2/template/pulse2_conf/pulse2/package-server/package-server.ini.in
deleted
100644 → 0
View file @
edeb5aa2
[main]
# ----------
# NETWORKING
# ----------
# port = 9990
# host =
# The public IP send when a client agent is wondering how to reach this package server, set to the "host" parameter value if not defined
# public_ip =
#
# --------
# PACKAGES
# --------
# Is package autodetection activated ?
# package_detect_activate = 0
# Time between two loops of detection
# package_detect_loop = 60
# methods in none, last_time_modification, check_size
# for more than 1 method, separate with ","
# package_detect_smart_method = none
# package_detect_smart_time = 60
# Package api can synhronise package data to others servers
# package_mirror_loop = 5
# package synchronisation targets
# package_mirror_target =
# package synchronisation state file. used only if package_mirror_target is defined
# File where pending sync are written so that they can be finished on package server restart.
# package_mirror_status_file = /var/data/mmc/status
# package synchronisation command to use
# package_mirror_command = /usr/bin/rsync
# package synchronisation command options
# package_mirror_command_options = -ar --delete
# package synchronisation command on only one level options
# package_mirror_level0_command_options = -d --delete
# options passed to SSH via "-o" if specified --rsh is automatically added to package_mirror_command_options
# package_mirror_command_options_ssh_options =
# for example
# package_mirror_command_options_ssh_options = IdentityFile=/root/.ssh/id_dsa StrictHostKeyChecking=no Batchmode=yes PasswordAuthentication=no ServerAliveInterval=10 CheckHostIP=no ConnectTimeout=10
# loop for the sync of the whole package directory
# can only be activated when package_mirror_target is given
# package_global_mirror_activate = 1
# package_global_mirror_loop = 3600
# package_global_mirror_command_options = -ar --delete
# real package deletion
# real_package_deletion = 0
#
# ----------
# MISC STUFF
# ----------
# machine/mirror assign algo
# mm_assign_algo = default
# user/packageput assign algo
# up_assign_algo = default
# tmp_input_dir = /tmp/packages/default
[daemon]
# the place were we put the daemons's PID files
# pidfile = /var/run/pulse2-package-server.pid
# user = root
# group = root
# umask = 0022
# Example of non-root execution settings:
# user = mmc
# group = mmc
# umask = 0002
[ssl]
# enablessl = 1
# username =
# password =
# certfile = /etc/mmc/pulse2/package-server/keys/cacert.pem
# privkey = /etc/mmc/pulse2/package-server/keys/privkey.pem
# verifypeer = 0
[mmc_agent]
# We sometimes need to talk to our referent agent
# here are some key to speak with it
# host = 127.0.0.1
# port = 7080
# username = mmc
# password = s3cr3t
# enablessl = True
# verifypeer = False
# cacert = /etc/mmc/pulse2/package-server/keys/cacert.pem
# localcert = /etc/mmc/pulse2/package-server/keys/privkey.pem
[mirror_api]
# mount_point = /rpc
[user_packageapi_api]
# mount_point = /upaa
[scheduler_api]
# mount_point = /scheduler_api
# schedulers = scheduler_01
# [imaging_api]
# mount_point = /imaging_api
# uuid = PLEASE_PUT_A_UUID_FOR_THAT_SERVER
##################
# Some locations #
##################
### main tree
# base_folder = /var/lib/pulse2/imaging
### Bootloaders
# Where bootloader (and bootsplash) is stored, relative to "base_folder"
# bootloader_folder = bootloader # Where bootloader (and bootsplash) is stored, relative to "base_folder"
# pxe_bootloader = pxe_boot # the network bootloader
# cd_bootloader = cd_boot # the cdrom bootloader
# bootsplash_file = bootsplash.xpm # the bootloader splashscreen
### Bootmenus
# Where boot menus are generated / being served, relative to "base_folder"
# bootmenus_folder = bootmenus
### Diskless
# Where kernel, initrd and other official diskless tools are stored, relative to "base_folder"
# diskless_folder = diskless # Where kernel, initrd and other official diskless tools are stored, relative to "base_folder"
# diskless_kernel = kernel # Name of the diskless kernel to run
# diskless_initrd = initrd # Name of the diskless initrd to boot (core)
# diskless_initrdcd = initrdcd # Name of the diskless initrd to boot (addon to boot on CD)
# diskless_memtest = memtest # diskless memtest tool
### Inventories
# Where inventories are stored / retrieved, relative to "base_folder"
# inventories_folder = inventories
### NFS
# Where additionnal material (hdmap, exclude) are stored / retrieved, relative to "base_folder"
# (a.k.a. /revoinfo client side)
# computers_folder = computers
# Where images are stored, relative to "base_folder"
# (a.k.a. /revoinfo client side)
# masters_folder = masters
# Where postinst tools are stored, relative to "base_folder"
# (a.k.a. /opt client side)
# postinst_folder = postinst
# will contain archived computer imaging data
# archives_folder = archives
### ISO images generation
# isos_folder = /var/lib/pulse2/imaging/isos # will contain generated ISO images
# isogen_tool = /usr/bin/mkisofs # tool used to generate ISO file
### RPC offline mode
# RPC replay file name, relative to "base_folder"
# rpc_replay_file = rpc-replay.pck
# RPC replay loop timer in seconds
# rpc_loop_timer = 60
# RPC to replay at each loop
# rpc_count = 10
# Interval in seconds between two RPCs
# rpc_interval = 2
# Our UUID cache *inside* base_folder
# uuid_cache_file = uuid-cache.txt
# Our UUID cache lifetime
# uuid_cache_lifetime = 300
[mirror:01]
mount_point = /mirror1
src = /var/lib/pulse2/packages
[package_api_put:01]
mount_point = /package_api_get1
src = /var/lib/pulse2/packages
tmp_input_dir = /tmp/package_tmp/put1
# Logger configuration
[loggers]
keys = root,imaging
[handlers]
keys = hand01,hand_imaging
[formatters]
keys = form01,form_imaging
[logger_root]
level = NOTSET
handlers = hand01
[handler_hand01]
class = FileHandler
level = INFO
formatter = form01
args = ("%s" % %(pulse2_log_file_package_server)s,)
[formatter_form01]
format = %%(asctime)s %%(levelname)s %%(message)s
# Imaging API logger configuration
[logger_imaging]
level = NOTSET
handlers = hand_imaging
propagate = 0
qualname = imaging
[handler_hand_imaging]
class = FileHandler
level = INFO
formatter = form_imaging
args = ("%s" % %(pulse2_log_file_package_server)s,)
[formatter_form_imaging]
format = %%(asctime)s %%(levelname)s Imaging: %%(message)s
slapos/recipe/pulse2/template/pulse2_conf/pulse2/package-server/plugin_terminal_type.ini.in
deleted
100644 → 0
View file @
edeb5aa2
#[main]
#dbdriver = mysql
#dbhost = localhost
#dbname = inventory
#dbuser = mmc
#dbpasswd = mmc
#dbpoolrecycle =
#dbport =
#dbsslenable = 0
#dbsslca =
#dbsslcert =
#dbsslkey =
#[associations:XX]
# the mirror url you want to declare
#mirror = MIRROR_URL
# the type of terminal (SAGEM or )
#terminal_types = TERMINAL_TYPE
# the type of api it is (package_api or mirror)
#kind = KIND
slapos/recipe/pulse2/template/pulse2_conf/pulse2/scheduler/scheduler.ini.in
deleted
100644 → 0
View file @
edeb5aa2
[scheduler]
# This scheduler name
id = scheduler_01
## MANAGING ##
# scheduler_path = /usr/sbin/pulse2-scheduler
## NETWORK ##
# port = 8000
# host = 127.0.0.1
# username = username
# password = password
# enablessl = True
# If verifypeer is set, the scheduler will also connect to all the launchers
# using the following certificates.
# verifypeer = False
# cacert = /etc/mmc/pulse2/scheduler/keys/cacert.pem
# localcert = /etc/mmc/pulse2/scheduler/keys/privkey.pem
## SCHEDULING ##
# for some functions below, we add this factor, to prevent load peaks
# incertitude_factor = .2
#
# initial wait time, in seconds, to make stuff stabilize
# initial_wait = 2
#
# attempt to start (and stop) commands every n seconds
# awake_time = 600
#
# preemption settings : preempting every N second, run M commands
# preempt_amount = 50
# preempt_period = 1
#
# status settings : check every N second, +/- incertitude_factor %
# checkstatus_period = 900
#
# health logging : log some stats every N seconds, +/- incertitude_factor %
# loghealth_period = 60
#
# once per day, hour specified below (HH:MM:SS), the scheduler will
# analyse the database, looking to weird / broken commands;
# you should enable this if you see stalled commands in logs
# in this case, please specify an hour when the scheduler is
# not very used (8 pm can be a good choice: analyse_hour = 20:00:00)
# set to empty by default to disable analysis
# analyse_hour =
#
# attempt to clean states in commands every n seconds
# clean_states_time = 3600
# clean state that are going to be clean
# (from the launcher point of view, ie :
# * stop -> the command is not running on the launcher but it's state in the db say it is)
# * run -> the command
# possible states : run, stop
# active_clean_states =
#
# default database encoding (used to inject log files)
# dbencoding = utf-8
#
# scheduler mode, see doc !
# mode = async
#
# max number of slots to uses, for all launchers
# max_slots = 300
#
# locking system
# please use with caution: the only reason to activate this feature
# is for systems under heavy load; risk of double-preemption is
# drastically reduce using this, but your system will be even more slow
# lock_processed_commands = False
## Commands life ##
# Command max default authorized time (for each stage)
# max_command_time = 3600
#
# Command max upload time (aka 'upload' stage), override the previous one for looooong uploads
# max_upload_time = 21600
#
# Command max WOL wait-for-completion time: wait this ammount of second before going futher
# max_wol_time = 300
## NETWORKING ##
# prefered method to reach a client
# available:
# - fqdn: attempt to perform a DNS query on FQDN
# - hosts: same, no DNS query
# - ip: just try IP address
# - netbios: attempt to do a nmblookup on IP adress
# tests are performed using ping
# resolv_order = fqdn hosts netbios ip
## CHECKING ##
# in some situations itn may be useful to do some pre-checks on clients
# checks can be done against every information recorded into the "target" table
# the following informations are available:
# target_name => contain the target Hostname
# target_uuid => contain the target UUID
# target_ipaddr => contain the target IP addresses, only the first one is used
# target_macaddr => contain the target MAC adresses, only the first one is used
# The two following options are formated as follow:
# *_check = <data-to-ask>=<expected-value>,...
# for exemple:
# server_check = IP=ipaddr
# client_check = UUID=uuid,HOSTNAME=name
# => will ask to client if its UUID is 'target_uuid', HOSTNAME is 'target_name',
# and tell it to give us it's IP and check the IP's value is 'target_ipaddr'
# While checking things, we may also want to announce what we are currently try to
# do on client, for each stage, for example TRANFERT while transfering something:
# announce_check = transfert=TRANFERT (comma-separated list as for previous options)
# currently available keywords: transfert, execute, delete, inventory
# announce_check =
# server_check =
# client_check =
## Computer / Group assignment ##
# mg_assign_algo = default
[database]
# dbdriver = mysql
# dbhost = localhost
# dbport = 3306
# dbname = msc
# dbuser = mmc
# dbpasswd = mmc
# dbdebug = ERROR
# dbpoolrecycle = 60
# dbpooltimeout = 30
# SSL support
# dbsslenable = 0
# dbsslca =
# dbsslcert =
# dbsslkey =
[daemon]
# pidfile = /var/run/pulse2
# user = root
# group = root
# umask = 0077
# Example of non-root execution settings:
# user = mmc
# group = mmc
# umask = 0007
# setrlimit option allows to set process system resources usage. Syntax is:
# setrlimit = limit1 soft1 hard1 limit2 soft2 hard2 ...
# For example:
# setrlimit = RLIMIT_NOFILE 2048 2048 RLIMIT_CORE 0 0
# setrlimit =
# Our launchers
[launcher_01]
host=%(ipv4)s
port=8001
username = username
password = password
enablessl = True
[loggers]
keys=root
[handlers]
keys=hand01
[formatters]
keys=form01
[logger_root]
level=NOTSET
handlers=hand01
[handler_hand01]
class=FileHandler
level=INFO
formatter=form01
args=("%s" % %(pulse2_log_file_scheduler)s,)
[formatter_form01]
format=%%(asctime)s %%(levelname)s %%(message)s
slapos/recipe/pulse2/template/stunnel.conf.in
deleted
100644 → 0
View file @
edeb5aa2
foreground = yes
output = %(log)s
pid = %(pid_file)s
syslog = no
CApath = %(ca_path)s
key = %(key)s
CRLpath = %(ca_crl)s
cert = %(cert)s
[service]
accept = %(public_ip)s:%(public_port)s
connect = %(private_ip)s:%(private_port)s
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment