Changeset 808

Timestamp:

09/08/08 09:35:13 (3 months ago)

Author:

free

Message:

Open SSL ports for IM protocols

Files:

• ares/trunk/ares.py (modified) (11 diffs)

ares/trunk/ares.py

@@ -40 +40 @@
             self.root  ='fakeroot/'
             self.net   = '192.168.1.0/24'
-            self.fqdn  = 'ares.clientdomain.com'
+            self.fqdn  = 'ares.q1'
         else:
             self.root  = '/'
+            # TODO: find a way to configure these
+            self.net   = '192.168.2.0/24'
+            self.fqdn  = 'ares.q1'
         self.aug   = augeas.Augeas(root=self.root)
 
@@ -90 +93 @@
         self._ares = ares
         self._cfg  = '/files/etc/ldap/slapd.conf'
-        self._lds  = ldap.open('localhost')
-        self._lds.simple_bind_s('cn=admin,dc=nodomain', 'admin')
 
     def _add_schema(self,schema):
@@ -187 +188 @@
             self._add_schema(schema)
 
+        # Configure the client
+        aug = self._ares.aug
+        cfg = '/files/etc/ldap.conf/'
+        aug.set(cfg + 'bind_policy','soft')
+
         # Stop here if we not running as root
-        aug = self._ares.aug
         if aug.get('/augeas/root') == 'fakeroot/':
             return
@@ -198 +203 @@
 
         # Populate the database
+        self._lds  = ldap.open('localhost')
+        self._lds.simple_bind_s('cn=admin,dc=nodomain', 'admin')
+
         entries = [
             self._entry_top('AddressBook'),
@@ -213 +221 @@
             self._add_entry(entry)
 
+        # Configure client authentication
+        os.chown('/etc', 0, 0)
+        os.chown('/usr', 0, 0)
+        if os.system('auth-client-config -a -p lac_ldap') != 0:
+            raise ErosError('auth-client-config failed')
+
 #
 # Setup squid
@@ -226 +240 @@
         cfg = self._cfg
 
-        # Add acl
+        # Add acl for local network
         acl_name = 'local_network'
         if not aug.match(cfg + '/acl/' + acl_name):
@@ -232 +246 @@
             aug.set(key + '/type', 'src')
             aug.set(key + '/setting', self._ares.net)
+
+        # Open SSL ports for IM protocolos
+        acl_name = 'SSL_ports'
+        acl_ports = [ aug.get(key) for key in aug.match(cfg + '/acl/' + acl_name + '/setting') ]
+        for port in [ '5050', '5222', '5190' ]:
+            if port not in acl_ports:
+                key = '%s/acl[%d]/%s' % (cfg, len(aug.match(cfg + '/acl')) + 1, acl_name)
+                aug.set(key + '/type', 'port')
+                aug.set(key + '/setting', port)
 
         # Add http access
@@ -294 +317 @@
                 key = k.rstrip('/ipaddr')
         aug.set(key + '/ipaddr', ip)
-        aug.set(key + '/canonical', 'ares')
+        aug.set(key + '/canonical', self._ares.fqdn)
+        aug.set(key + '/alias', 'ares')
 
 #
@@ -496 +520 @@
             aug.set(rec, 'data')
 
-        aug.set(rec + '/path', '/srv/data')
+        aug.set(rec + '/path', '/srv/nfs/share')
         aug.set(rec + '/browseable', 'yes')
         aug.set(rec + '/writeable', 'yes')
@@ -508 +532 @@
             return
 
-        data = '/srv/data'
-
-        if not os.path.exists(data):
-            os.mkdir(data)
+        data = '/srv/nfs/share'
 
         os.chown(data, 0, grp.getgrnam('users')[2])
@@ -535 +556 @@
 
         dirs = [ aug.get(key) for key in aug.match(cfg + '/dir') ]
-        for dir in [ '/home', '/srv/data' ]:
+
+        for dir in [ '/srv/nfs' ]:
             if dir not in dirs:
-                key = cfg + '/dir[%d]' % (len(dirs)+1)
+                key = cfg + '/dir[%d]' % (len(aug.match(cfg + '/dir'))+1)
                 aug.set(key, dir)
                 aug.set(key + '/client', '*')