From a739e818320423fb997eabeb0cbf921f691e4ba6 Mon Sep 17 00:00:00 2001 From: Andreas Baumann Date: Wed, 5 Sep 2012 11:09:31 +0200 Subject: reset repo --- var/www/html/CentOS-Base.repo | 52 +++++++++++++++ var/www/html/cfengine/failsafe.cf | 22 +++++++ var/www/html/cfengine/update.cf | 132 ++++++++++++++++++++++++++++++++++++++ var/www/html/kickstart.cfg | 55 ++++++++++++++++ 4 files changed, 261 insertions(+) create mode 100644 var/www/html/CentOS-Base.repo create mode 100644 var/www/html/cfengine/failsafe.cf create mode 100644 var/www/html/cfengine/update.cf create mode 100644 var/www/html/kickstart.cfg (limited to 'var') diff --git a/var/www/html/CentOS-Base.repo b/var/www/html/CentOS-Base.repo new file mode 100644 index 0000000..449198b --- /dev/null +++ b/var/www/html/CentOS-Base.repo @@ -0,0 +1,52 @@ +# CentOS-Base.repo +# +# The mirror system uses the connecting IP address of the client and the +# update status of each mirror to pick mirrors that are updated to and +# geographically close to the client. You should use this for CentOS updates +# unless you are manually picking other mirrors. +# +# If the baseurl= does not work for you, as a fall back you can try the +# remarked out baseurl= line instead. +# +# + +[base] +name=CentOS-$releasever - Base +baseurl=http://192.168.0.159/Centos/$releasever/os/$basearch/ +#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/ +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 + +#released updates +[updates] +name=CentOS-$releasever - Updates +baseurl=http://192.168.0.159/Centos/$releasever/updates/$basearch/ +#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/ +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 + +#additional packages that may be useful +[extras] +name=CentOS-$releasever - Extras +baseurl=http://192.168.0.159/Centos/$releasever/extras/$basearch/ +#baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/ +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 + +#additional packages that extend functionality of existing packages +[centosplus] +name=CentOS-$releasever - Plus +baseurl=http://192.168.0.159/Centos/$releasever/centosplus/$basearch/ +#baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/ +gpgcheck=1 +enabled=0 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 + +#contrib - packages by Centos Users +[contrib] +name=CentOS-$releasever - Contrib +baseurl=http://192.168.0.159/Centos/$releasever/contrib/$basearch +#baseurl=http://mirror.centos.org/centos/$releasever/contrib/$basearch/ +gpgcheck=1 +enabled=0 +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6 diff --git a/var/www/html/cfengine/failsafe.cf b/var/www/html/cfengine/failsafe.cf new file mode 100644 index 0000000..52215b9 --- /dev/null +++ b/var/www/html/cfengine/failsafe.cf @@ -0,0 +1,22 @@ +# failsafe file, do not change! + +body common control +{ + bundlesequence => { "update" }; + + inputs => { "update.cf" }; +} + +############################################ + +body depth_search recurse(d) +{ + depth => "$(d)"; +} + +body depth_search recurse_ignore(d,list) +{ + depth => "$(d)"; + exclude_dirs => { @(list) }; +} + diff --git a/var/www/html/cfengine/update.cf b/var/www/html/cfengine/update.cf new file mode 100644 index 0000000..039636c --- /dev/null +++ b/var/www/html/cfengine/update.cf @@ -0,0 +1,132 @@ +# update promises + +bundle agent update +{ + vars: + + any:: + + "master_server" string => "phost1.eurospider.com"; + + "master_location" string => "/var/cfengine/masterfiles"; + + "ignore_list" slist => { "\.svn", ".*~" }; + + redhat|freebsd:: + + "inputs_location" string => "$(sys.workdir)/inputs/."; + + debian:: + + "inputs_location" string => "/etc/cfengine3/."; + + files: + + any:: + + "$(sys.workdir)/." + + create => "true", + perms => u_p( "0700" ), + action => uimmediate; + + redhat|freebsd:: + + "$(sys.workdir)/bin/." + + create => "true", + perms => u_p( "0700" ), + action => uimmediate; + + debian:: + + "$(sys.workdir)/bin/." + + link_from => u_ln_s( "/usr/sbin" ), + action => uimmediate; + + any:: + + "$(sys.workdir)/ppkeys/." + + perms => u_p( "0700" ), + action => uimmediate; + + redhat|freebsd:: + + "$(sys.workdir)/bin" + + comment => "copy binaries from RPM location", + perms => u_p( "700" ), + copy_from => mycopy( "/usr/local/sbin", "localhost" ), + depth_search => recurse( "inf" ), + action => uimmediate; + + bunsen:: + + "$(inputs_location)" + + comment => "copy from local masterfiles on master policy server", + perms => u_p( "600" ), + copy_from => mycopy("$(master_location)","localhost"), + depth_search => recurse_ignore( "inf", "$(ignore_list)" ), + action => uimmediate; + + !bunsen:: + + "$(inputs_location)" + + comment => "all others fetch the promises from the policy master (also the slave)", + perms => u_p( "600" ), + copy_from => remote_copy( "$(master_location)", "$(master_server)" ), + depth_search => recurse_ignore( "inf", "$(ignore_list)" ), + action => uimmediate; + + commands: + + bunsen:: + + "/bin/sh -c 'cd $(master_location) && svn up >/dev/null 2>&1'" + + comment => "update the master policy files from SVN"; +} + +# self-contained functions, must work even if libaries have bugs + +# Set permissions +body perms u_p( p ) +{ + mode => "$(p)"; +} + +# Basic copy function (for local file copies) +body copy_from mycopy( from, server ) +{ + source => "$(from)"; + compare => "digest"; +} + +# Remote copy function, secure +body copy_from remote_copy( sourcedir, sourceserver ) +{ + source => "$(sourcedir)"; + servers => { "$(sourceserver)" }; + compare => "digest"; + encrypt => "true"; + verify => "true"; + trustkey => "true"; + preserve => "true"; +} + +# Copy if at least 1 minute has elapsed +body action uimmediate +{ + ifelapsed => "1"; +} + +body link_from u_ln_s(x) +{ + link_type => "symlink"; + source => "$(x)"; + when_no_source => "force"; +} diff --git a/var/www/html/kickstart.cfg b/var/www/html/kickstart.cfg new file mode 100644 index 0000000..cfbfca4 --- /dev/null +++ b/var/www/html/kickstart.cfg @@ -0,0 +1,55 @@ +# Kickstart file automatically generated by anaconda. + +#version=DEVEL +install +url --url=http://192.168.0.159/Centos/6.3/os/x86_64 +lang en_US.UTF-8 +keyboard us +network --onboot yes --device eth0 --bootproto dhcp --noipv6 +rootpw --iscrypted $6$M0aOpoXkLRTRzKcS$RPTbAk5YjUZR/JO1ClO9BWZU4KNkXXGOO/9yu2lrHMsfjgehv1Sg02dvhLQ3OzLBfIGggcZ7.2JRle4TJbdAU/ +firewall --service=ssh --port=5308:tcp +authconfig --enableshadow --passalgo=sha512 +selinux --enforcing +timezone --utc Europe/Zurich +bootloader --location=mbr --driveorder=sda --append=" rhgb crashkernel=auto console=ttyS0,9600n81" + +zerombr +clearpart --all --drives=sda --initlabel + +part / --label=ROOT --fstype=ext4 --size=8192 +part swap --label=SWAP --size=4096 +part /data --label=DATA --size=8192 --grow + +skipx +cmdline + +repo --name="CentOS" --baseurl=http://192.168.0.159/Centos/6.3/os/x86_64 --cost=100 + +reboot + +%packages --excludedocs --nobase +@core +wget +%end + +%post +exec < /dev/console > /dev/console +#!/bin/bash +cd /root +wget -O /etc/yum.repos.d/CentOS-Base.repo http://192.168.0.159/CentOS-Base.repo +rpm --import /etc/pki/rpm-gpg/* +yum clean all +yum update -y + +mkdir /root/cfengine +cd /root/cfengine +wget -nd -r http://192.168.0.159/cfengine +yum localinstall -y cfengine-community-3.2.1-1.el6.x86_64.rpm +cp -v {failsafe,update}.cf /var/cfengine/inputs/. +cd /root + +/usr/local/sbin/cf-agent -B + +/usr/local/sbin/cf-agent + +%end -- cgit v1.2.3-54-g00ecf