تغييرات

وصفات puppet master المستخدمة في معسكر 2013 (عرض المصدر)

مراجعة 12:51، 3 سبتمبر 2013

تم إضافة 13٬263 بايت ، قبل 11 سنة

لا يوجد ملخص تحرير

سطر 911: سطر 911:

#AUTOGROUP_MAXBACK=150

+

</pre>

+

== /etc/puppet/modules/adefcamps/ ==

+

=== manifests/init.pp ===

+

<pre>

+

class adefcamps{

+

}

+

class adefcamps::setupldapclient inherits adefcamps {

+

file {

+

"/tmp/adef-camps-script-2":

+

source => "puppet:///modules/adefcamps/adef-camps-script-2",

+

group => "root",

+

owner => "root",

+

mode => "0544"

+

}

+

# exec {

+

# "/usr/local/bin/adef-camps-script-2":

+

# command => "mv /tmp/adef-camps-script-2 /usr/local/bin/adef-camps-script-2 ; /usr/local/bin/adef-camps-script-2",

+

# path => "/usr/local/bin:/usr/bin:/bin",

+

# subscribe => file['/tmp/adef-camps-script-2'],

+

# unless => "test -e /usr/local/bin/adef-camps-script-2"

+

# }

+

file {

+

"/var/cache/debconf/ldap-auth-config.preseed":

+

source => 'puppet:///modules/adefcamps/ldap-auth-config'; # someplace with that output

+

}

+

package { 'ldap-auth-config':

+

ensure => 'present',

+

require => File["/var/cache/debconf/ldap-auth-config.preseed"],

+

responsefile => "/var/cache/debconf/ldap-auth-config.preseed"

+

}

+

package { 'auth-client-config':

+

ensure => 'present',

+

require => File["/var/cache/debconf/ldap-auth-config.preseed"],

+

responsefile => "/var/cache/debconf/ldap-auth-config.preseed"

+

}

+

package { 'ldap-auth-client':

+

ensure => 'present',

+

require => File["/var/cache/debconf/ldap-auth-config.preseed"],

+

responsefile => "/var/cache/debconf/ldap-auth-config.preseed"

+

}

+

package { 'libnss-ldap':

+

ensure => 'present',

+

require => File["/var/cache/debconf/ldap-auth-config.preseed"],

+

responsefile => "/var/cache/debconf/ldap-auth-config.preseed"

+

}

+

package { 'libpam-ldap':

+

ensure => 'present',

+

require => File["/var/cache/debconf/ldap-auth-config.preseed"],

+

responsefile => "/var/cache/debconf/ldap-auth-config.preseed"

+

}

+

package { 'nscd':

+

ensure => 'present',

+

}

+

package { 'nss-updatedb':

+

ensure => 'present',

+

}

+

package { 'libnss-db':

+

ensure => 'present',

+

}

+

package { 'libpam-ccreds':

+

ensure => 'present',

+

}

+

# Not sure we need this, if we use ccreds, this will revert to non-ccreds ... i guess ! ... i guess we need it because of the sequence of events !! (start ldap auth properly, then do the ccreds thing!

+

exec {

+

'auth-client-config_lac_ldap':

+

command => "auth-client-config -t nss -p lac_ldap",

+

path => "/usr/sbin",

+

require => package['ldap-auth-config']

+

}

+

exec {

+

'pam-auth-add-ldap':

+

command => 'pam-auth-update --package ldap',

+

environment =>"DEBIAN_FRONTEND=noninteractive",

+

path => '/usr/sbin',

+

require => package['ldap-auth-config']

+

}

+

exec {

+

'restart-nscd':

+

command => "/etc/init.d/nscd restart",

+

}

+

}

+

class adefcamps::setupldapclientwithccreds inherits adefcamps::setupldapclient {

+

file {

+

'/usr/share/pam-configs/ldap-with-ccreds':

+

ensure => 'file',

+

source => "puppet:///modules/adefcamps/ldap-with-ccreds"

+

}

+

exec {

+

'pam-auth-add-ldap-ccreds-remove-ldap':

+

command => 'pam-auth-update --package ldap-ccreds --package --remove ldap',

+

environment =>"DEBIAN_FRONTEND=noninteractive",

+

path => '/usr/sbin',

+

require => file['/usr/share/pam-configs/ldap-with-ccreds']

+

}

+

file {

+

'/etc/cron.daily/upd-local-nss-db':

+

ensure => 'file',

+

mode => "755",

+

source => "puppet:///modules/adefcamps/upd-local-nss-db"

+

}

+

exec {

+

'update-local-nss-db':

+

command => "/etc/cron.daily/upd-local-nss-db",

+

#require => [file['/etc/cron.daily/upd-local-nss-db'],exec['/usr/local/bin/adef-camps-script-2'],exec['pam-auth-add-ldap-ccreds-remove-ldap']]

+

require => [file['/etc/cron.daily/upd-local-nss-db'],exec['pam-auth-add-ldap-ccreds-remove-ldap']]

+

}

+

file {

+

'/etc/auth-client-config/profile.d/ldap-ccreds-auth-config':

+

ensure => "file",

+

mode => "644",

+

source => "puppet:///modules/adefcamps/ldap-ccreds-auth-config"

+

}

+

exec {

+

'auth-client-config_lac_ldap_ccreds':

+

command => "auth-client-config -t nss -p lac_ldap_ccreds",

+

path => "/usr/sbin"

+

}

+

augeas {

+

'ldap-ccreds-params':

+

context => "/files/etc/ldap.conf",

+

changes => ["set bind_timelimit 1","set bind_policy soft","set nss_reconnect_tries 1","set nss_reconnect_sleeptime 1","set nss_reconnect_maxsleeptime 3","set nss_reconnect_maxconntries 2"],

+

#requires => package[]

+

}

+

}

+

#class adefcamps::adefcampssetup inherits adefcamps::setupldapclient {

+

class adefcamps::adefcampssetup inherits adefcamps::setupldapclientwithccreds {

+

file {

+

"/tmp/adef-camps-script-1":

+

source => "puppet:///modules/adefcamps/adef-camps-script-1",

+

group => "root",

+

owner => "root",

+

mode => "0544"

+

}

+

file {

+

"/etc/profile":

+

source => "puppet:///modules/adefcamps/profile",

+

group => "root",

+

owner => "root",

+

mode => "0644"

+

}

+

#exec {

+

# "/usr/local/bin/adef-camps-script-1":

+

# command => "mv /tmp/adef-camps-script-1 /usr/local/bin/adef-camps-script-1 ; /usr/local/bin/adef-camps-script-1",

+

# path => "/usr/local/bin:/usr/bin:/bin",

+

# subscribe => file['/tmp/adef-camps-script-1'],

+

# #unless => "test -e /usr/local/bin/adef-camps-script-1"

+

#}

+

}

+

</pre>

+

=== files/adef-camps-script-1 ===

+

<pre>

+

#!/bin/bash

+

(cat <<EOF

+

ldap-auth-config ldap-auth-config/bindpw password

+

ldap-auth-config ldap-auth-config/rootbindpw password

+

ldap-auth-config ldap-auth-config/binddn string cn=proxyuser,dc=example,dc=net

+

libpam-runtime libpam-runtime/profiles multiselect unix, winbind, ldap, xdg-support, gnome-keyring, consolekit, capability

+

ldap-auth-config ldap-auth-config/dbrootlogin boolean true

+

ldap-auth-config ldap-auth-config/rootbinddn string cn=adefadmin,dc=adefcamps,dc=org

+

ldap-auth-config ldap-auth-config/pam_password select md5

+

ldap-auth-config ldap-auth-config/move-to-debconf boolean true

+

ldap-auth-config ldap-auth-config/ldapns/ldap-server string ldap://10.0.0.4

+

ldap-auth-config ldap-auth-config/ldapns/base-dn string dc=adefcamps,dc=org

+

ldap-auth-config ldap-auth-config/override boolean true

+

ldap-auth-config ldap-auth-config/ldapns/ldap_version select 3

+

ldap-auth-config ldap-auth-config/dblogin boolean false

+

EOF

+

)| sudo debconf-set-selections

+

sudo apt-get install auth-client-config ldap-auth-client ldap-auth-config #libnss-ldap libpam-ldap nscd

+

#sudo apt-get install nss-updatedb libnss-db libpam-ccreds

+

sudo auth-client-config -t nss -p lac_ldap

+

sudo /etc/init.d/nscd restart

+

sudo wget https://launchpadlibrarian.net/147602103/ldap-with-ccreds -O /usr/share/pam-configs/ldap-with-ccreds

+

sudo pam-auth-update --package --remove ldap

+

echo '#!/bin/sh' | sudo tee /etc/cron.daily/upd-local-nss-db

+

echo '/usr/sbin/nss_updatedb ldap' | sudo tee -a /etc/cron.daily/upd-local-nss-db

+

sudo chmod +x /etc/cron.daily/upd-local-nss-db

+

/etc/cron.daily/upd-local-nss-db

+

wget http://arabdigitalexpression.org/adefwiki/images/c/cf/Ldap-ccreds-auth-config.txt -O /etc/auth-client-config/profile.d/ldap-ccreds-auth-config

+

sudo auth-client-config -t nss -p lac_ldap_ccreds

+

</pre>

+

=== files/adef-camps-script-2 ===

+

<pre>

+

#!/bin/bash

+

(cat <<EOF

+

ldap-auth-config ldap-auth-config/bindpw password

+

ldap-auth-config ldap-auth-config/rootbindpw password

+

ldap-auth-config ldap-auth-config/binddn string cn=proxyuser,dc=example,dc=net

+

ldap-auth-config ldap-auth-config/dbrootlogin boolean true

+

ldap-auth-config ldap-auth-config/rootbinddn string cn=adefadmin,dc=adefcamps,dc=org

+

ldap-auth-config ldap-auth-config/pam_password select md5

+

ldap-auth-config ldap-auth-config/move-to-debconf boolean true

+

ldap-auth-config ldap-auth-config/ldapns/ldap-server string ldap://10.0.0.4

+

ldap-auth-config ldap-auth-config/ldapns/base-dn string dc=adefcamps,dc=org

+

ldap-auth-config ldap-auth-config/override boolean true

+

ldap-auth-config ldap-auth-config/ldapns/ldap_version select 3

+

ldap-auth-config ldap-auth-config/dblogin boolean false

+

EOF

+

)| sudo debconf-set-selections

+

sudo apt-get install auth-client-config ldap-auth-client ldap-auth-config #libnss-ldap libpam-ldap nscd

+

#sudo apt-get install nss-updatedb libnss-db libpam-ccreds

+

#sudo auth-client-config -t nss -p lac_ldap

+

#

+

#sudo /etc/init.d/nscd restart

+

#

+

#sudo wget https://launchpadlibrarian.net/147602103/ldap-with-ccreds -O /usr/share/pam-configs/ldap-with-ccreds

+

#

+

#sudo pam-auth-update --package --remove ldap

+

#

+

#echo '#!/bin/sh' | sudo tee /etc/cron.daily/upd-local-nss-db

+

#echo '/usr/sbin/nss_updatedb ldap' | sudo tee -a /etc/cron.daily/upd-local-nss-db

+

#sudo chmod +x /etc/cron.daily/upd-local-nss-db

+

#

+

#/etc/cron.daily/upd-local-nss-db

+

#

+

#wget http://arabdigitalexpression.org/adefwiki/images/c/cf/Ldap-ccreds-auth-config.txt -O /etc/auth-client-config/profile.d/ldap-ccreds-auth-config

+

#

+

#sudo auth-client-config -t nss -p lac_ldap_ccreds

+

#

+

</pre>

+

=== ldap-auth-config ===

+

YOU NEED TO CHANGE ldap-server string and rootbindpw password AT LEAST

+

<pre>

+

ldap-auth-config ldap-auth-config/move-to-debconf boolean true

+

ldap-auth-config ldap-auth-config/ldapns/ldap-server string ldap://server_ip_goes_here

+

ldap-auth-config ldap-auth-config/ldapns/base-dn string dc=adefcamps,dc=org

+

ldap-auth-config ldap-auth-config/ldapns/ldap_version select 3

+

ldap-auth-config ldap-auth-config/dbrootlogin boolean true

+

ldap-auth-config ldap-auth-config/dblogin boolean true

+

ldap-auth-config ldap-auth-config/rootbinddn string cn=adefadmin,dc=adefcamps,dc=org

+

ldap-auth-config ldap-auth-config/rootbindpw password PASSWORD_GOES_HERE

+

ldap-auth-config ldap-auth-config/override boolean true

+

ldap-auth-config ldap-auth-config/binddn string cn=proxyuser,dc=example,dc=net

+

ldap-auth-config ldap-auth-config/bindpw password

+

ldap-auth-config ldap-auth-config/pam_password select md5

+

</pre>

+

=== ldap-ccreds-auth-config ===

+

<pre>

+

#

+

# Clients should be able to authenticate with this profile if following

+

# Network Authentication in the Ubuntu Server guide. Please note that

+

# these settings are not suitable for sometimes disconnected (eg laptop)

+

# systems. The example is taken from LDAPClientAuthentication at:

+

# https://help.ubuntu.com/community/LDAPClientAuthentication

+

#

+

[lac_ldap_ccreds]

+

nss_passwd=passwd: files ldap[NOTFOUND=return] db

+

nss_group=group: files ldap[NOTFOUND=return] db

+

nss_shadow=shadow: files ldap

+

nss_netgroup=netgroup: nis

+

</pre>

+

=== ldap-with-ccreds ===

+

<pre>

+

Name: LDAP Authentication that falls back to success if creds unavailable

+

Default: yes

+

Priority: 132

+

Conflicts: ldap

+

Auth-Type: Primary

+

Auth-Initial:

+

[success=end default=ignore] pam_ldap.so

+

Auth:

+

[success=end default=ignore] pam_ldap.so use_first_pass

+

Account-Type: Primary

+

Account:

+

[success=end authinfo_unavail=1 default=ignore] pam_ldap.so

+

Password-Type: Primary

+

Password-Initial:

+

[success=end user_unknown=ignore default=die] pam_ldap.so

+

Password:

+

[success=end user_unknown=ignore default=die] pam_ldap.so use_authtok try_first_pass

+

Session-Type: Additional

+

Session:

+

optional pam_ldap.so

+

</pre>

+

=== processing.desktop ===

+

<pre>

+

[Desktop Entry]

+

Name=Processing

+

GenericName=Processing

+

GenericName[ar]=بروسيسنج

+

Comment=Processing programming language and development environment!

+

Icon=/usr/local/bin/lib/icons/pde-512.png

+

Exec=processing

+

Terminal=false

+

Type=Application

+

Categories=Development;Software Development;Programming;

+

MimeType=application/processing-project;

+

</pre>

+

=== profile ===

+

<pre>

+

#!/bin/sh

+

/usr/sbin/nss_updatedb ldap

+

adefadmin@cmpsrvlinpuppetmaster01v:/etc/puppet/modules/adefcamps/files$ ^C

+

adefadmin@cmpsrvlinpuppetmaster01v:/etc/puppet/modules/adefcamps/files$ cat profile

+

# /etc/profile: system-wide .profile file for the Bourne shell (sh(1))

+

# and Bourne compatible shells (bash(1), ksh(1), ash(1), ...).

+

if [ "$PS1" ]; then

+

if [ "$BASH" ] && [ "$BASH" != "/bin/sh" ]; then

+

# The file bash.bashrc already sets the default PS1.

+

# PS1='\h:\w\$ '

+

if [ -f /etc/bash.bashrc ]; then

+

. /etc/bash.bashrc

+

fi

+

else

+

if [ "`id -u`" -eq 0 ]; then

+

PS1='# '

+

else

+

PS1='$ '

+

fi

+

fi

+

fi

+

# The default umask is now handled by pam_umask.

+

# See pam_umask(8) and /etc/login.defs.

+

if [ -d /etc/profile.d ]; then

+

for i in /etc/profile.d/*.sh; do

+

if [ -r $i ]; then

+

. $i

+

fi

+

done

+

unset i

+

fi

+

ln -f -T -s /adefcamps/SAN/Share ~Share

+

ln -T -s /adefcamps/SAN/Users/$USER/Music ~/Music

+

ln -T -s /adefcamps/SAN/Users/$USER/Downloads ~/Downloads

+

ln -T -s /adefcamps/SAN/Users/$USER/Documents ~/Documents

+

ln -T -s /adefcamps/SAN/Users/$USER/Pictures ~/Pictures

+

ln -T -s /adefcamps/SAN/Users/$USER/Videos ~/Videos

+

mkdir ~/Local

+

ln -T -s ~/Local ~/محلي

+

ln -T -s ~/Downloads ~/التنزيلات

+

ln -T -s ~/Documents ~/مستندات

+

ln -T -s ~/Music ~/موسيقى

+

ln -T -s ~/Pictures ~/صور

+

ln -T -s ~/Videos ~/فيديو

+

</pre>

+

=== upd-local-nss-db ===

+

<pre>

+

#!/bin/sh

+

/usr/sbin/nss_updatedb ldap

</pre>

Uwe

بيروقراطيون، checkuser، smwadministrator، smwcurator، staff، إداريون، تقنيون

2٬074

تعديل

تغييرات

وصفات puppet master المستخدمة في معسكر 2013 (عرض المصدر)

مراجعة 12:51، 3 سبتمبر 2013

قائمة التصفح

بحث