10:58 p.m.
commit 6c70ff19038088f7bcd224d8db2627a9d7da11be
Author: Xavier Lamien <laxathom(a)lxtnow.net>
Date: Tue Sep 11 00:57:44 2012 +0200
Add module fas
modules/fas/manifests/init.pp | 47 ++++++++++
modules/fas/templates/client/fas.conf.erb | 66 ++++++++++++++
modules/fas/templates/server/fas.cfg | 139 +++++++++++++++++++++++++++++
3 files changed, 252 insertions(+), 0 deletions(-)
---
diff --git a/modules/fas/manifests/init.pp b/modules/fas/manifests/init.pp
new file mode 100644
index 0000000..ebd6ed0
--- /dev/null
+++ b/modules/fas/manifests/init.pp
@@ -0,0 +1,47 @@
+class fas {
+
+ class server (
+ $fas_db_user = 'fasuser',
+ $fas_db_passwd = 'faspass',
+ $fas_db_host = $hostname,
+ $fas_db_name = 'fas2',
+ $fas_srv_port = '8088',
+ $fas_mail_srv = 'localhost',
+ $fas_srv_env = 'production'
+ )
+ {
+
+ package { 'fas': ensure => installed }
+ package { 'fas-template-rpmfusion': ensure => installed }
+ package { 'fas-theme-rpmfusion': ensure => installed }
+
+ file { '/etc/fas.cfg':
+ owner => 'root',
+ group => 'root',
+ mode => 0600,
+ content => template('fas/server/fas.cfg.erb'),
+ require => Package['fas']
+ }
+
+
+ }
+
+ class client (
+ $group = $fas_groups ? { "" => ["sysadmin-main" ], default =>
$fas_groups }
+ $restricted_app = $fas_restricted_app ? { "" => ["/usr/bin/cvs
server", default => $fas_restricted_app }
+ $ssh_groups = $fas_ssh_groups
+ )
+ {
+
+ package { "fas-clients": ensure => installed }
+
+ file { "/etc/fas.conf":
+ owner => "root",
+ group => "root",
+ mode => 0600,
+ content => template("fas/client/fas.conf.erb"),
+ require => Package["fas-clients"],
+ }
+
+ }
+}
diff --git a/modules/fas/templates/client/fas.conf.erb
b/modules/fas/templates/client/fas.conf.erb
new file mode 100644
index 0000000..12b2edb
--- /dev/null
+++ b/modules/fas/templates/client/fas.conf.erb
@@ -0,0 +1,66 @@
+[global]
+; url - Location to fas server
+url = https://fas.rpmfusion.org/accounts/
+
+; temp - Location to generate files while user creation process is happening
+temp = /var/db
+
+; login - username to contact fas
+login = <=% fas_sys_user %>
+
+; password - password for login name
+password = <=% fas_sys_passwd %>
+
+; prefix - Install db files, etc, to a prefix (like a chroot for example)
+prefix = /
+
+[host]
+; Group hierarchy is 1) groups, 2) restricted_groups 3) ssh_restricted_groups
+; so if someone is in all 3, the client behaves the same as if they were just
+; in 'groups'
+
+; groups that should have a shell account on this system.
+groups = <=% fas_group %>
+
+; groups that should have a restricted account on this system.
+; restricted accounts use the restricted_shell value in [users]
+restricted_groups =
+
+; ssh_restricted_groups: groups that should be restricted by ssh key. You will
+; need to disable password based logins in order for this value to have any
+; security meaning. Group types can be placed here as well, for example
+; @hg,@git,@svn
+ssh_restricted_groups = <=% fas_ssh_group %>
+
+; aliases_template: Gets prepended to the aliases file when it is generated by
+; fasClient
+aliases_template = /tmp/template.txt
+
+[users]
+; default shell given to people in [host] groups
+shell = /bin/bash
+
+; home - the location for fas user home dirs
+home = /home/rpmfusion
+
+; home_backup_dir - Location home dirs should get moved to when a user is
+; deleted this location should be tmpwatched
+home_backup_dir = /tmp/rpmfusion
+
+; ssh_restricted_app - This is the path to the restricted shell script. It
+; will not work automatically for most people though through alterations it
+; is a powerfull way to restrict access to a machine. An alternative example
+; could be given to people who should only have cvs access on the machine.
+; setting this value to "/usr/bin/cvs server" would do this.
+ssh_restricted_app = "/usr/bin/cvs server"
+
+; restricted_shell - The shell given to users in the ssh_restricted_groups
+restricted_shell = /sbin/nologin
+
+; ssh_restricted_shell - The shell given to users in the ssh_restricted_groups
+ssh_restricted_shell = /bin/bash
+
+; ssh_key_options - Options to be appended to people ssh keys. Users in the
+; ssh_restricted_groups will have the keys they uploaded altered when they are
+; installed on this machine, appended with the options below.
+ssh_key_options = no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty
diff --git a/modules/fas/templates/server/fas.cfg b/modules/fas/templates/server/fas.cfg
new file mode 100644
index 0000000..0a0b9fe
--- /dev/null
+++ b/modules/fas/templates/server/fas.cfg
@@ -0,0 +1,139 @@
+[global]
+
+samadhi.baseurl = 'https://fas.rpmfusion.org/'
+
+theme = 'rpmfusion'
+# TODO: better namespacing (maybe a [fas] section)
+admingroup = 'accounts'
+
+#accounts_email = "nobody(a)rpmfusion.org"
+accounts_email = "accounts(a)rpmfusion.org"
+legal_cla_email = "nobody(a)rpmfusion.org"
+#legal_cla_email = "legal-cla-archive(a)rpmfusion.org"
+
+email_host = "rpmfusion.org" # as in, web-members@email_host
+
+gpgexec = "/usr/bin/gpg"
+gpghome = "/home/thl/work/rpmfusion/rpmfusion-infrastructure/fas/gnupg"
+gpg_fingerprint = "C199 1E25 D00A D200 2D2E 54D1 BF7F 1647 C54E 8410"
+gpg_passphrase = "m00!s@ysth3c0w"
+gpg_keyserver = "hkp://subkeys.pgp.net"
+
+cla_done_group = "cla_done"
+cla_fedora_group = "cla_rpmfusion"
+
+privileged_view_groups = "(^fas-.*)"
+username_blacklist =
"(.*-members)|(.*-sponsors)|(.*-administrators)|(root)|(webmaster)"
+
+openidstore = "/var/tmp/fas/openid"
+
+openssl_digest = "md5"
+openssl_expire = 31536000 # 60*60*24*365 = 1 year
+openssl_ca_file = "/etc/pki/CA_rpmfusion"
+openssl_c = "ES"
+openssl_st = "Barcelona"
+openssl_l = "Barcelona"
+openssl_o = "RPM Fusion"
+openssl_ou = "Upload Files"
+
+# Groups that automatically grant membership to other groups
+# Format: 'group1:a,b,c|group2:d,e,f'
+auto_approve_groups =
'cvsextras:rpmfusionbugs|cla_rpmfusion:cla_done|cla_redhat:cla_done|cla_dell:cla_done|cla_ibm:cla_done'
+
+# This is where all of your settings go for your development environment # Settings that
are the same for both development and production
+# (such as template engine, encodings, etc.) all go in
+# fas/config/app.cfg
+
+mail.on = True
+mail.server = '<=% fas_mail_srv %>'
+#mail.testmode = True
+mail.debug = False
+mail.encoding = 'utf-8'
+
+# DATABASE
+
+# pick the form for your database
+# sqlobject.dburi="postgres://username@hostname/databasename"
+# sqlobject.dburi="mysql://username:password@hostname:port/databasename"
+# sqlobject.dburi="sqlite:///file_name_and_path"
+
+sqlalchemy.dburi="postgres://<=% fas_db_user %>:<=% fas_db_passwd
%>@<=% fas_db_host %>/<=% fas_db_name %>"
+#sqlalchemy.echo=True
+
+# if you are using a database or table type without transactions
+# (MySQL default, for example), you should turn off transactions
+# by prepending notrans_ on the uri
+#
sqlobject.dburi="notrans_mysql://username:password@hostname:port/databasename"
+
+# for Windows users, sqlite URIs look like:
+# sqlobject.dburi="sqlite:///drive_letter:/path/to/file"
+
+# SERVER
+
+# Some server parameters that you may want to tweak
+server.socket_port=<%= fas_srv_port %>
+
+# Enable the debug output at the end on pages.
+# log_debug_info_filter.on = False
+
+server.environment="<=% fas_srv_env %>"
+autoreload.package="fas"
+
+# session_filter.on = True
+
+# Set to True if you'd like to abort execution if a controller gets an
+# unexpected parameter. False by default
+tg.strict_parameters = False
+
+server.webpath='/accounts'
+base_url_filter.on = True
+base_url_filter.use_x_forwarded_host = True
+base_url_filter.base_url = "http://fas.rpmfusion.org:<=% fas_srv_port
%>/accounts"
+
+# Make the session cookie only return to the host over an SSL link
+# Disabled for testing.
+#visit.cookie.secure = True
+
+[/rpmfusion-server-ca.cert]
+static_filter.on = True
+static_filter.file = "/etc/pki/rpmfusion/rpmfusion-server-ca.cert"
+
+[/rpmfusion-upload-ca.cert]
+static_filter.on = True
+static_filter.file = "/etc/pki/rpmfusion/rpmfusion-upload-ca.cert"
+
+# LOGGING
+# Logging configuration generally follows the style of the standard
+# Python logging module configuration. Note that when specifying
+# log format messages, you need to use *() for formatting variables.
+# Deployment independent log configuration is in fas/config/log.cfg
+[logging]
+
+[[loggers]]
+[[[fas]]]
+level='DEBUG'
+qualname='fas'
+handlers=['debug_out']
+
+[[[allinfo]]]
+level='INFO'
+handlers=['debug_out']
+
+[[[access]]]
+level='INFO'
+qualname='turbogears.access'
+handlers=['access_out']
+propagate=0
+
+[[[identity]]]
+level='INFO'
+qualname='turbogears.identity'
+handlers=['access_out']
+propagate=0
+
+[[[database]]]
+# Set to INFO to make SQLAlchemy display SQL commands
+level='ERROR'
+qualname='sqlalchemy.engine'
+handlers=['debug_out']
+propagate=0
4485
days inactive
4485
days old
sysadmin-notify@lists.rpmfusion.org
0 comments
1 participants
participants (1)
-
Xavier Lamien