From 158106b8a5a49bf9d88dbaef7e1fe36843e0908f Mon Sep 17 00:00:00 2001 From: Thierry Parmentelat Date: Tue, 19 Jan 2010 21:25:25 +0000 Subject: [PATCH] moving conf_files creation scripts to nodeconfig --- db-config.d/030-conf_files_iptables | 25 ++++++ db-config.d/030-conf_files_kernel | 25 ++++++ db-config.d/030-conf_files_node_update | 62 +++++++++++++++ db-config.d/030-conf_files_ping_of_death | 26 +++++++ db-config.d/030-conf_files_plc_config | 57 ++++++++++++++ db-config.d/030-conf_files_security | 64 ++++++++++++++++ db-config.d/030-conf_files_services | 97 ++++++++++++++++++++++++ db-config.d/030-conf_files_sfa | 25 ++++++ nodeconfig.spec | 6 ++ 9 files changed, 387 insertions(+) create mode 100644 db-config.d/030-conf_files_iptables create mode 100644 db-config.d/030-conf_files_kernel create mode 100644 db-config.d/030-conf_files_node_update create mode 100644 db-config.d/030-conf_files_ping_of_death create mode 100644 db-config.d/030-conf_files_plc_config create mode 100644 db-config.d/030-conf_files_security create mode 100644 db-config.d/030-conf_files_services create mode 100644 db-config.d/030-conf_files_sfa diff --git a/db-config.d/030-conf_files_iptables b/db-config.d/030-conf_files_iptables new file mode 100644 index 0000000..66c155d --- /dev/null +++ b/db-config.d/030-conf_files_iptables @@ -0,0 +1,25 @@ +# -*-python-*- +# $Id: 030-conf_files 16642 2010-01-18 17:14:40Z thierry $ +# $URL: svn+ssh://thierry@svn.planet-lab.org/svn/MyPLC/trunk/db-config.d/030-conf_files $ +#################### conf files + +conf_files = [ + +# iptables + # Firewall configuration + {'enabled': True, + 'source': 'PlanetLabConf/blacklist.php', + 'dest': '/etc/planetlab/blacklist', + 'file_permissions': '600', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': '/sbin/iptables-restore --noflush < /etc/planetlab/blacklist', + 'error_cmd': '', + 'ignore_cmd_errors': True, + 'always_update': False}, + + ] + +for conf_file in conf_files: + SetConfFile(conf_file) diff --git a/db-config.d/030-conf_files_kernel b/db-config.d/030-conf_files_kernel new file mode 100644 index 0000000..8f9bb37 --- /dev/null +++ b/db-config.d/030-conf_files_kernel @@ -0,0 +1,25 @@ +# -*-python-*- +# $Id: 030-conf_files 16642 2010-01-18 17:14:40Z thierry $ +# $URL: svn+ssh://thierry@svn.planet-lab.org/svn/MyPLC/trunk/db-config.d/030-conf_files $ +#################### conf files + +conf_files = [ + +# linux-2.6 + # Kernel sysctl parameters + {'enabled': True, + 'source': 'PlanetLabConf/sysctl.conf', + 'dest': '/etc/sysctl.conf', + 'file_permissions': '644', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': '/sbin/sysctl -e -p /etc/sysctl.conf', + 'error_cmd': '', + 'ignore_cmd_errors': False, + 'always_update': False}, + + ] + +for conf_file in conf_files: + SetConfFile(conf_file) diff --git a/db-config.d/030-conf_files_node_update b/db-config.d/030-conf_files_node_update new file mode 100644 index 0000000..d3d9434 --- /dev/null +++ b/db-config.d/030-conf_files_node_update @@ -0,0 +1,62 @@ +# -*-python-*- +# $Id: 030-conf_files 16642 2010-01-18 17:14:40Z thierry $ +# $URL: svn+ssh://thierry@svn.planet-lab.org/svn/MyPLC/trunk/db-config.d/030-conf_files $ +#################### conf files + +conf_files = [ + +# myplc/noderepo + # YUM configuration + {'enabled': True, + 'source': 'yum/myplc.repo.php?gpgcheck=1', + 'dest': '/etc/yum.myplc.d/myplc.repo', + 'file_permissions': '644', 'file_owner': 'root', 'file_group': 'root', + 'preinstall_cmd': '', 'postinstall_cmd': '', 'error_cmd': '', + 'ignore_cmd_errors': False, + 'always_update': False}, + {'enabled': True, + 'source': 'yum/yum.conf', + 'dest': '/etc/yum.conf', + 'file_permissions': '644', 'file_owner': 'root', 'file_group': 'root', + 'preinstall_cmd': '', 'postinstall_cmd': '', 'error_cmd': '', + 'ignore_cmd_errors': False, + 'always_update': False}, + {'enabled': True, + 'source': 'yum/stock.repo', + 'dest': '/etc/yum.myplc.d/stock.repo', + 'file_permissions': '644', 'file_owner': 'root', 'file_group': 'root', + 'preinstall_cmd': '', 'postinstall_cmd': '', 'error_cmd': '', + 'ignore_cmd_errors': False, + 'always_update': False}, + +# NodeUpdate + {'enabled': True, + 'source': 'PlanetLabConf/delete-rpm-list-production', + 'dest': '/etc/planetlab/delete-rpm-list', + 'file_permissions': '644', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': '', + 'error_cmd': '', + 'ignore_cmd_errors': False, + 'always_update': False}, + +# NodeUpdate + # /etc/planetlab/extensions + {'enabled': True, + 'source': 'PlanetLabConf/extensions.php', + 'dest': '/etc/planetlab/extensions', + 'file_permissions': '644', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': '', + 'error_cmd': '', + 'ignore_cmd_errors': False, + 'always_update': False}, + + ] + +for conf_file in conf_files: + SetConfFile(conf_file) diff --git a/db-config.d/030-conf_files_ping_of_death b/db-config.d/030-conf_files_ping_of_death new file mode 100644 index 0000000..79da0e4 --- /dev/null +++ b/db-config.d/030-conf_files_ping_of_death @@ -0,0 +1,26 @@ +# -*-python-*- +# $Id: 030-conf_files 16642 2010-01-18 17:14:40Z thierry $ +# $URL: svn+ssh://thierry@svn.planet-lab.org/svn/MyPLC/trunk/db-config.d/030-conf_files $ +#################### conf files + +conf_files = [ + +# PoD + # Ping of death configuration + # the 'restart' postcommand doesn't work, b/c the pod script doesn't support it. + {'enabled': True, + 'source': 'PlanetLabConf/ipod.conf.php', + 'dest': '/etc/ipod.conf', + 'file_permissions': '644', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': '/etc/init.d/pod start', + 'error_cmd': '', + 'ignore_cmd_errors': False, + 'always_update': False}, + + ] + +for conf_file in conf_files: + SetConfFile(conf_file) diff --git a/db-config.d/030-conf_files_plc_config b/db-config.d/030-conf_files_plc_config new file mode 100644 index 0000000..da1eb49 --- /dev/null +++ b/db-config.d/030-conf_files_plc_config @@ -0,0 +1,57 @@ +# -*-python-*- +# $Id: 030-conf_files 16642 2010-01-18 17:14:40Z thierry $ +# $URL: svn+ssh://thierry@svn.planet-lab.org/svn/MyPLC/trunk/db-config.d/030-conf_files $ +#################### conf files + +conf_files = [ + + # PLC configuration + {'enabled': True, + 'source': 'PlanetLabConf/get_plc_config.php', + 'dest': '/etc/planetlab/plc_config', + 'file_permissions': '644', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': '', + 'error_cmd': '', + 'ignore_cmd_errors': False, + 'always_update': False}, + {'enabled': True, + 'source': 'PlanetLabConf/get_plc_config.php?python', + 'dest': '/etc/planetlab/plc_config.py', + 'file_permissions': '644', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': '', + 'error_cmd': '', + 'ignore_cmd_errors': False, + 'always_update': False}, + {'enabled': True, + 'source': 'PlanetLabConf/get_plc_config.php?perl', + 'dest': '/etc/planetlab/plc_config.pl', + 'file_permissions': '644', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': '', + 'error_cmd': '', + 'ignore_cmd_errors': False, + 'always_update': False}, + {'enabled': True, + 'source': 'PlanetLabConf/get_plc_config.php?php', + 'dest': '/etc/planetlab/php/plc_config.php', + 'file_permissions': '644', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': '', + 'error_cmd': '', + 'ignore_cmd_errors': False, + 'always_update': False}, + + ] + +for conf_file in conf_files: + SetConfFile(conf_file) diff --git a/db-config.d/030-conf_files_security b/db-config.d/030-conf_files_security new file mode 100644 index 0000000..22d909d --- /dev/null +++ b/db-config.d/030-conf_files_security @@ -0,0 +1,64 @@ +# -*-python-*- +# $Id: 030-conf_files 16642 2010-01-18 17:14:40Z thierry $ +# $URL: svn+ssh://thierry@svn.planet-lab.org/svn/MyPLC/trunk/db-config.d/030-conf_files $ +#################### conf files + +conf_files = [ + + # SSH server configuration + # keys for root and site_admin are now handled as part of the specialaccounts NodeManager plugin + {'enabled': True, + 'source': 'PlanetLabConf/sshd_config', + 'dest': '/etc/ssh/sshd_config', + 'file_permissions': '600', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': '/etc/init.d/sshd restart', + 'error_cmd': '', + 'ignore_cmd_errors': False, + 'always_update': False}, + + # sudo configuration + {'enabled': True, + 'source': 'PlanetLabConf/sudoers.php', + 'dest': '/etc/sudoers', + 'file_permissions': '440', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': '/usr/sbin/visudo -c', + 'error_cmd': '', + 'ignore_cmd_errors': False, + 'always_update': False}, + + # GPG signing keys + {'enabled': True, + 'source': 'PlanetLabConf/get_gpg_key.php', + 'dest': '/etc/pki/rpm-gpg/RPM-GPG-KEY-planetlab', + 'file_permissions': '644', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': 'rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-planetlab', + 'error_cmd': '', + 'ignore_cmd_errors': False, + 'always_update': False}, + + # Proxy ARP setup + {'enabled': True, + 'source': 'PlanetLabConf/proxies.php', + 'dest': '/etc/planetlab/proxies', + 'file_permissions': '644', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': '', + 'error_cmd': '', + 'ignore_cmd_errors': False, + 'always_update': False}, + + ] + +for conf_file in conf_files: + SetConfFile(conf_file) diff --git a/db-config.d/030-conf_files_services b/db-config.d/030-conf_files_services new file mode 100644 index 0000000..ef027d4 --- /dev/null +++ b/db-config.d/030-conf_files_services @@ -0,0 +1,97 @@ +# -*-python-*- +# $Id: 030-conf_files 16642 2010-01-18 17:14:40Z thierry $ +# $URL: svn+ssh://thierry@svn.planet-lab.org/svn/MyPLC/trunk/db-config.d/030-conf_files $ +#################### conf files + +conf_files = [ + + # NTP configuration + {'enabled': True, + 'source': 'PlanetLabConf/ntp.conf.php', + 'dest': '/etc/ntp.conf', + 'file_permissions': '644', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': '/etc/rc.d/init.d/ntpd restart', + 'error_cmd': '', + 'ignore_cmd_errors': False, + 'always_update': False}, + {'enabled': True, + 'source': 'PlanetLabConf/ntp/step-tickers.php', + 'dest': '/etc/ntp/step-tickers', + 'file_permissions': '644', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': '/etc/rc.d/init.d/ntpd restart', + 'error_cmd': '', + 'ignore_cmd_errors': False, + 'always_update': False}, + + # Log rotation configuration + {'enabled': True, + 'source': 'PlanetLabConf/logrotate.conf', + 'dest': '/etc/logrotate.conf', + 'file_permissions': '644', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': '', + 'error_cmd': '', + 'ignore_cmd_errors': False, + 'always_update': False}, + # updatedb/locate nightly cron job + {'enabled': True, + 'source': 'PlanetLabConf/slocate.cron', + 'dest': '/etc/cron.daily/slocate.cron', + 'file_permissions': '755', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': '', + 'error_cmd': '', + 'ignore_cmd_errors': False, + 'always_update': False}, + + # Sendmail configuration + {'enabled': True, + 'source': 'PlanetLabConf/sendmail.mc', + 'dest': '/etc/mail/sendmail.mc', + 'file_permissions': '644', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': '', + 'error_cmd': '', + 'ignore_cmd_errors': False, + 'always_update': False}, + {'enabled': True, + 'source': 'PlanetLabConf/sendmail.cf', + 'dest': '/etc/mail/sendmail.cf', + 'file_permissions': '644', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': 'service sendmail restart', + 'error_cmd': '', + 'ignore_cmd_errors': False, + 'always_update': False}, + + # /etc/issue + {'enabled': True, + 'source': 'PlanetLabConf/issue.php', + 'dest': '/etc/issue', + 'file_permissions': '644', + 'file_owner': 'root', + 'file_group': 'root', + 'preinstall_cmd': '', + 'postinstall_cmd': '', + 'error_cmd': '', + 'ignore_cmd_errors': False, + 'always_update': False}, + + ] + +for conf_file in conf_files: + SetConfFile(conf_file) diff --git a/db-config.d/030-conf_files_sfa b/db-config.d/030-conf_files_sfa new file mode 100644 index 0000000..63d4ec5 --- /dev/null +++ b/db-config.d/030-conf_files_sfa @@ -0,0 +1,25 @@ +# -*-python-*- +# $Id: 030-conf_files 16642 2010-01-18 17:14:40Z thierry $ +# $URL: svn+ssh://thierry@svn.planet-lab.org/svn/MyPLC/trunk/db-config.d/030-conf_files $ +#################### conf files + +conf_files = [ + +# sfa + # /etc/sfa/sfa_config + {'enabled': True, + 'source': u'PlanetLabConf/sfa_config.php', + 'dest': u'/etc/sfa/sfa_config', + 'file_permissions': u'644', + 'file_owner': u'root', + 'file_group': u'root', + 'preinstall_cmd': u'mkdir /etc/sfa', + 'postinstall_cmd': '', + 'error_cmd': '', + 'ignore_cmd_errors': False, + 'always_update': False} + + ] + +for conf_file in conf_files: + SetConfFile(conf_file) diff --git a/nodeconfig.spec b/nodeconfig.spec index bb797fb..eac6f8e 100644 --- a/nodeconfig.spec +++ b/nodeconfig.spec @@ -85,6 +85,12 @@ install -D -m 644 ./yum/%{distroname}/yum.conf $RPM_BUILD_ROOT/var/www/htm # expose the (fcdistro-dependant) stock.repo as https:///yum/stock.repo install -D -m 644 ./yum/%{distroname}/yum.myplc.d/stock.repo $RPM_BUILD_ROOT/var/www/html/yum/stock.repo +# Install db-config.d files +echo "* Installing db-config.d files" +mkdir -p ${RPM_BUILD_ROOT}/etc/planetlab/db-config.d +cp db-config.d/* ${RPM_BUILD_ROOT}/etc/planetlab/db-config.d +chmod 444 ${RPM_BUILD_ROOT}/etc/planetlab/db-config.d/* + popd %clean -- 2.43.0