Compare commits
78 Commits
2.7.1/mast
...
dist/eole/
Author | SHA1 | Date | |
---|---|---|---|
e34800687a | |||
c60d652730 | |||
9bfa3a41f5 | |||
80231b48a4 | |||
1ca2797bb3 | |||
c54c397a9e | |||
7cadb3da0e | |||
f899c6516c | |||
f7ce4d51d6 | |||
ae562d6a60 | |||
f57addc2cc | |||
c568646a7d | |||
22709760f3 | |||
c26de6593e | |||
9bdc26ad51 | |||
e164823580 | |||
8d0fdbd8bf | |||
15dbc98eb8 | |||
2c377517d8 | |||
dc5fc136c8 | |||
a85ec92831 | |||
23d8921d16 | |||
8d25de0f2a | |||
07e64177f1 | |||
d1eafd3104 | |||
56a630eadb | |||
fd85a16b20 | |||
ccc8629b8e | |||
f48def409d | |||
0c0202ba87 | |||
009c225f80 | |||
2081ae6d7f | |||
49672ce24b | |||
fad3a3febf | |||
a81642fcdb | |||
4a5a5aaaf5 | |||
eb561236ba | |||
8116d52056 | |||
42677eb95b | |||
e3a93a0725 | |||
7c96525042 | |||
2031ec7d64 | |||
d43c8664f3 | |||
36b8982e25 | |||
9acd24cf19 | |||
d61a45ed24 | |||
1aba4425dd | |||
f40cbe1e37 | |||
095d6d5828 | |||
31b8cc8fdb | |||
ed84a3566b | |||
5f1c564aba | |||
dfbd242639 | |||
ee74f2df2e | |||
a327f0e74b | |||
90acea3043 | |||
64e42d7a97 | |||
e8d3fcd104 | |||
44bc50a2ba | |||
5ef8fd5b36 | |||
f2740a38bc | |||
595cf135a4 | |||
8869d18e17 | |||
937d0f5ce9 | |||
373275a8fc | |||
c6fb12c816 | |||
7d059ce03b | |||
225e2f5ff2 | |||
9ad47896a5 | |||
14a2bdd6dd | |||
325e51b0cf | |||
7e886ddca5 | |||
146206e353 | |||
74dec50107 | |||
e3f2d1f5b6 | |||
1ddc6ffb2f | |||
ce87e6219c | |||
5ab6a7f2cb |
1
debian/compat
vendored
Normal file
1
debian/compat
vendored
Normal file
@ -0,0 +1 @@
|
||||
9
|
16
debian/control
vendored
Normal file
16
debian/control
vendored
Normal file
@ -0,0 +1,16 @@
|
||||
Source: eole-redis
|
||||
Section: web
|
||||
Priority: optional
|
||||
Maintainer: Cadoles <eole@ac-dijon.fr>
|
||||
Build-Depends: debhelper (>= 9)
|
||||
Standards-Version: 3.9.3
|
||||
Homepage: https://forge.cadoles.com/Cadoles/eole-redis
|
||||
Vcs-Git: https://forge.cadoles.com/Cadoles/eole-redis.git
|
||||
Vcs-Browser: https://forge.cadoles.com/Cadoles/eole-redis
|
||||
|
||||
Package: eole-redis
|
||||
Architecture: all
|
||||
Depends: ${misc:Depends}, redis-server
|
||||
Description: Dictionnaires et templates pour la configuration d'un serveur redis, testée uniquement avec eolebase
|
||||
.
|
||||
Pour toute information complémentaire, veuillez vous rendre sur la forge Cadoles.
|
44
debian/copyright
vendored
Normal file
44
debian/copyright
vendored
Normal file
@ -0,0 +1,44 @@
|
||||
Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
|
||||
Upstream-Name: {PROJECT}
|
||||
Source: {URL}
|
||||
|
||||
Files: *
|
||||
Copyright: YEAR {UPSTREAM} {AUTHOR} <{MAIL}>
|
||||
License: {UPSTREAM LICENSE}
|
||||
|
||||
Files: debian/*
|
||||
Copyright: 2012 Équipe EOLE <eole@ac-dijon.fr>
|
||||
License: CeCILL-2
|
||||
|
||||
License: {UPSTREAM LICENSE}
|
||||
{TEXT OF THE LICENSE}
|
||||
|
||||
License: CeCILL-2
|
||||
This software is governed by the CeCILL-2 license under French law and
|
||||
abiding by the rules of distribution of free software. You can use,
|
||||
modify and or redistribute the software under the terms of the CeCILL-2
|
||||
license as circulated by CEA, CNRS and INRIA at the following URL
|
||||
"http://www.cecill.info";.
|
||||
.
|
||||
As a counterpart to the access to the source code and rights to copy,
|
||||
modify and redistribute granted by the license, users are provided only
|
||||
with a limited warranty and the software's author, the holder of the
|
||||
economic rights, and the successive licensors have only limited
|
||||
liability.
|
||||
.
|
||||
In this respect, the user's attention is drawn to the risks associated
|
||||
with loading, using, modifying and/or developing or reproducing the
|
||||
software by the user in light of its specific status of free software,
|
||||
that may mean that it is complicated to manipulate, and that also
|
||||
therefore means that it is reserved for developers and experienced
|
||||
professionals having in-depth computer knowledge. Users are therefore
|
||||
encouraged to load and test the software's suitability as regards their
|
||||
requirements in conditions enabling the security of their systems and/or
|
||||
data to be ensured and, more generally, to use and operate it in the
|
||||
same conditions as regards security.
|
||||
.
|
||||
The fact that you are presently reading this means that you have had
|
||||
knowledge of the CeCILL-2 license and that you accept its terms.
|
||||
.
|
||||
On Eole systems, the complete text of the CeCILL-2 License can be found
|
||||
in '/usr/share/common-licenses/CeCILL-2-en'.
|
1
debian/eole-redis.redis2-server.service
vendored
Symbolic link
1
debian/eole-redis.redis2-server.service
vendored
Symbolic link
@ -0,0 +1 @@
|
||||
../init/redis2-server.service
|
3
debian/gbp.conf
vendored
Normal file
3
debian/gbp.conf
vendored
Normal file
@ -0,0 +1,3 @@
|
||||
# Set per distribution debian tag
|
||||
[DEFAULT]
|
||||
debian-tag = debian/eole/%(version)s
|
35
debian/preinst
vendored
Normal file
35
debian/preinst
vendored
Normal file
@ -0,0 +1,35 @@
|
||||
#!/bin/sh
|
||||
# preinst script for eole-redis
|
||||
#
|
||||
# see: dh_installdeb(1)
|
||||
|
||||
set -e
|
||||
|
||||
# summary of how this script can be called:
|
||||
# * <new-preinst> `install'
|
||||
# * <new-preinst> `install' <old-version>
|
||||
# * <new-preinst> `upgrade' <old-version>
|
||||
# * <old-preinst> `abort-upgrade' <new-version>
|
||||
# for details, see https://www.debian.org/doc/debian-policy/ or
|
||||
# the debian-policy package
|
||||
|
||||
case "$1" in
|
||||
install|upgrade)
|
||||
deb-systemd-helper mask redis-server.service
|
||||
;;
|
||||
|
||||
abort-upgrade)
|
||||
;;
|
||||
|
||||
*)
|
||||
echo "preinst called with unknown argument \`$1'" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
# dh_installdeb will replace this with shell code automatically
|
||||
# generated by other debhelper scripts.
|
||||
|
||||
#DEBHELPER#
|
||||
|
||||
exit 0
|
18
debian/rules
vendored
Executable file
18
debian/rules
vendored
Executable file
@ -0,0 +1,18 @@
|
||||
#!/usr/bin/make -f
|
||||
# -*- makefile -*-
|
||||
|
||||
# Uncomment this to turn on verbose mode.
|
||||
#export DH_VERBOSE=1
|
||||
|
||||
%:
|
||||
dh $@
|
||||
|
||||
# Force init script name
|
||||
override_dh_installinit:
|
||||
dh_installinit --noscripts -peole-redis --name=redis2-server $@
|
||||
|
||||
override_dh_systemd_enable:
|
||||
dh_systemd_enable -peole-redis --name=redis2-server
|
||||
|
||||
override_dh_systemd_start:
|
||||
dh_systemd_start -peole-server --no-start --no-restart-on-upgrade redis2-server
|
1
debian/source/format
vendored
Normal file
1
debian/source/format
vendored
Normal file
@ -0,0 +1 @@
|
||||
3.0 (native)
|
@ -1,30 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [ $(CreoleGet activer_redis) = "oui" ];then
|
||||
. /usr/lib/eole/diagnose.sh
|
||||
|
||||
EchoGras "*** Service Redis"
|
||||
nbIface=$(CreoleGet nombre_interfaces)
|
||||
ssl=$(CreoleGet redisSSL non)
|
||||
if [ ${nbIface} -eq 1 ]
|
||||
then
|
||||
TestService "Redis master iface 0" $(CreoleGet "adresse_ip_eth0"):$(CreoleGet "redisPort")
|
||||
if [ ${ssl} = "oui" ]
|
||||
then
|
||||
TestService "Redis master SSL iface 0" $(CreoleGet "adresse_ip_eth0"):$(CreoleGet "redisSSLPort")
|
||||
fi
|
||||
echo
|
||||
else
|
||||
for iface in $(seq 0 ${nbIface})
|
||||
do
|
||||
TestService "Redis master iface ${iface}" $(CreoleGet "adresse_ip_eth${iface}"):$(CreoleGet "redisPort")
|
||||
if [ ${ssl} = "oui" ]
|
||||
then
|
||||
TestService "Redis master SSL iface ${iface}" $(CreoleGet "adresse_ip_eth0"):$(CreoleGet "redisSSLPort")
|
||||
fi
|
||||
echo
|
||||
done
|
||||
fi
|
||||
fi
|
||||
|
||||
exit 0
|
@ -1,23 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [ $(CreoleGet activer_stunnel) = "oui" ];then
|
||||
if [ $(CreoleGet stunnel_add_tunnels non ) = "oui" ];then
|
||||
. /usr/lib/eole/diagnose.sh
|
||||
|
||||
EchoGras "*** Service Stunnel"
|
||||
name=($(CreoleGet stunnel_name))
|
||||
acc_ip=($(CreoleGet stunnel_accept_ip))
|
||||
acc_port=($(CreoleGet stunnel_accept_port))
|
||||
conn_ip=($(CreoleGet stunnel_connect_ip))
|
||||
conn_port=($(CreoleGet stunnel_connect_port))
|
||||
|
||||
len=${#name[@]}
|
||||
for (( i=0; i<$len; i++ ))
|
||||
do
|
||||
TestService "Tunnel ${name[$i]}: ${acc_ip}:${acc_port} => ${conn_ip}:${conn_port}" ${acc_ip}:${acc_port}
|
||||
done
|
||||
echo
|
||||
fi
|
||||
fi
|
||||
|
||||
exit 0
|
@ -6,12 +6,10 @@
|
||||
<file filelist='redis' name='/etc/redis/redis.conf' mkdir='True' rm='True'/>
|
||||
<file filelist='redisSlave' name='/etc/redis/redis-slave.conf' mkdir='True' rm='True'/>
|
||||
<file filelist='redisCl' name='/etc/redis/cluster.conf' source='redis-cluster.conf' mkdir='True' rm='True'/>
|
||||
<file filelist='redisSSL' name='/etc/stunnel/redis-ssl.conf' mkdir='True' rm='True'/>
|
||||
<service servicelist="svredis">redis-server</service>
|
||||
<service servicelist="svredisSlave">redis2-server</service>
|
||||
<service_access service='redis-server'>
|
||||
<port service_accesslist='saRedis' protocol='tcp' port_type='SymLinkOption'>redisPort</port>
|
||||
<port service_accesslist='saSSLRedis' protocol='tcp' port_type='SymLinkOption'>redisSSLPort</port>
|
||||
<port service_accesslist='saRedis' protocol='tcp' port_type='SymLinkOption'>redisClPort</port>
|
||||
<port service_accesslist='saRedisSlave' protocol='tcp' port_type='SymLinkOption'>redisPortSlave</port>
|
||||
<port service_accesslist='saRedisSlave' protocol='tcp' port_type='SymLinkOption'>redisClPortSlave</port>
|
||||
@ -31,9 +29,6 @@
|
||||
<variable name='redisMode' type='string' description="Mode d'utilisation de Redis">
|
||||
<value>Local</value>
|
||||
</variable>
|
||||
<variable name='redisSSL' type='oui/non' description="Activer le support SSL pour redis">
|
||||
<value>non</value>
|
||||
</variable>
|
||||
<variable name='redisSlaveInstance' type='oui/non' description="Voulez-vous lancer une instance esclave Redis sur ce serveur ?">
|
||||
<value>non</value>
|
||||
</variable>
|
||||
@ -43,12 +38,6 @@
|
||||
<variable name='redisPort' type='number' description="Port d'écoute du service Redis">
|
||||
<value>6379</value>
|
||||
</variable>
|
||||
<variable name='redisSSLPort' type='port' description="Port d'écoute SSL du service Redis">
|
||||
<value>6380</value>
|
||||
</variable>
|
||||
<variable name='redisSSLVersion' type='string' description="Version du protocole SSL">
|
||||
<value>TLSv1</value>
|
||||
</variable>
|
||||
<variable name='redisClPort' type='number' description="Port d'écoute du service Cluster Redis"/>
|
||||
<variable name='redisMaxMemory' type='number' description="Quantité de mémoire utilisable par Redis en Mo">
|
||||
<value>512</value>
|
||||
@ -138,12 +127,6 @@
|
||||
<target type='servicelist'>svredis</target>
|
||||
</condition>
|
||||
|
||||
<condition name='disabled_if_in' source="redisSSL">
|
||||
<param>non</param>
|
||||
<target type='variable'>redisSSLPort</target>
|
||||
<target type='service_accesslist'>saSSLRedis</target>
|
||||
</condition>
|
||||
|
||||
<condition name='disabled_if_in' source='redisSlaveInstance'>
|
||||
<param>non</param>
|
||||
<target type='filelist'>redisSlave</target>
|
||||
|
@ -1,62 +0,0 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<creole>
|
||||
<files>
|
||||
<!-- System configuration -->
|
||||
<file filelist='stunnel' name='/etc/default/stunnel4' source='stunnel_default' mkdir='True' rm='True'/>
|
||||
<file filelist='stunnel-custom' name='/etc/stunnel/eole-tunnel.conf' source='stunnel.conf' mkdir='True' rm='True'/>
|
||||
<file filelist='stunnel-custom' name='/usr/share/eole/bastion/data/90-stunnel_dynamic_rules' mode='0755' rm='True'/>
|
||||
<service servicelist="stunnel">stunnel4</service>
|
||||
</files>
|
||||
<variables>
|
||||
<family name='Services'>
|
||||
<variable name='activer_stunnel' type='oui/non' description="Activer Stunnel (serveur mandataire SSL) ?">
|
||||
<value>oui</value>
|
||||
</variable>
|
||||
</family>
|
||||
<family name="stunnel" mode='expert'>
|
||||
<variable name='stunnel_opts' type='string' description="Options complémentaires pour Stunnel"/>
|
||||
<variable name='stunnel_add_tunnels' type='oui/non' description="Ajouter de entrées stunnel personnalisée">
|
||||
<value>non</value>
|
||||
</variable>
|
||||
<variable name="stunnel_name" type='string' description="Nom du tunnel SSL" multi="True"/>
|
||||
<variable name="stunnel_accept_ip" type='ip' description="IP d'écoute du tunnel"/>
|
||||
<variable name="stunnel_accept_port" type="port" description=" Port d'écoute du tunnel"/>
|
||||
<variable name="stunnel_connect_ip" type="ip" description="IP du service à la sortie du tunnel"/>
|
||||
<variable name="stunnel_connect_port" type="port" description="Port d'écoute du service à la sortie du tunnel"/>
|
||||
<variable name="stunnel_ssl_version" type="string" description="Version SSL">
|
||||
<value>TLSv1</value>
|
||||
</variable>
|
||||
</family>
|
||||
</variables>
|
||||
<constraints>
|
||||
<condition name='disabled_if_in' source='activer_stunnel'>
|
||||
<param>non</param>
|
||||
<target type='filelist'>stunnel-custom</target>
|
||||
<target type='filelist'>stunnel</target>
|
||||
<target type='family'>stunnel</target>
|
||||
<target type='servicelist'>stunnel</target>
|
||||
<target type='service_accesslist'>saStunnel</target>
|
||||
</condition>
|
||||
<condition name='disabled_if_in' source='stunnel_add_tunnels'>
|
||||
<param>non</param>
|
||||
<target type='filelist'>stunnel-custom</target>
|
||||
<target type='variable'>stunnel_name</target>
|
||||
<target type='variable'>stunnel_accept_ip</target>
|
||||
<target type='variable'>stunnel_accept_port</target>
|
||||
<target type='variable'>stunnel_connect_ip</target>
|
||||
<target type='variable'>stunnel_connect_port</target>
|
||||
<target type='variable'>stunnel_ssl_version</target>
|
||||
</condition>
|
||||
<group master='stunnel_name'>
|
||||
<slave>stunnel_accept_ip</slave>
|
||||
<slave>stunnel_accept_port</slave>
|
||||
<slave>stunnel_connect_ip</slave>
|
||||
<slave>stunnel_connect_port</slave>
|
||||
<slave>stunnel_ssl_version</slave>
|
||||
</group>
|
||||
|
||||
</constraints>
|
||||
<help>
|
||||
<variable name='activer_stunnel'>Activer le service mandataire SSL (stunnel)</variable>
|
||||
</help>
|
||||
</creole>
|
@ -1,7 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
%for %%tunnel in %%stunnel_name
|
||||
%for %%int_idx in %%range(0, %%int(%%nombre_interfaces))
|
||||
/sbin/iptables -A eth%%{int_idx}-root -s 0.0.0.0/0.0.0.0 -p tcp -m tcp --dport %%tunnel.stunnel_accept_port --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
|
||||
%end for
|
||||
%end for
|
@ -1,12 +0,0 @@
|
||||
pid = /var/run/redis-stunnel.pid
|
||||
|
||||
%if %%redisMode == "Local"
|
||||
[redis-local]
|
||||
cert = %%server_cert
|
||||
key = %%server_key
|
||||
CApath = %%os.path.dirname(%%server_cert)
|
||||
verify = 2
|
||||
SSLversion=%%redisSSLVersion
|
||||
accept = %%redisSSLPort
|
||||
connect = %%redisPort
|
||||
%end if
|
@ -1,19 +0,0 @@
|
||||
pid = /var/run/stunnel.pid
|
||||
%for %%tunnel in %%stunnel_name
|
||||
[%%tunnel]
|
||||
cert = %%server_cert
|
||||
key = %%server_key
|
||||
CApath = %%os.path.dirname(%%server_cert)
|
||||
verify = 2
|
||||
SSLversion=%%tunnel.stunnel_ssl_version
|
||||
%if %%is_empty(%%tunnel.stunnel_accept_ip)
|
||||
accept = %%tunnel.stunnel_accept_port
|
||||
%else
|
||||
accept = %%{tunnel.stunnel_accept_ip}:%%{tunnel.stunnel_accept_port}
|
||||
%end if
|
||||
%if %%is_empty(%%tunnel.stunnel_connect_ip)
|
||||
connect = %%tunnel.stunnel_connect_port
|
||||
%else
|
||||
connect = %%{tunnel.stunnel_connect_ip}:%%{tunnel.stunnel_connect_port}
|
||||
%end if
|
||||
%end for
|
@ -1,18 +0,0 @@
|
||||
# /etc/default/stunnel
|
||||
# Julien LEMOINE <speedblue@debian.org>
|
||||
# September 2003
|
||||
|
||||
# Change to one to enable stunnel automatic startup
|
||||
ENABLED=1
|
||||
FILES="/etc/stunnel/*.conf"
|
||||
OPTIONS="%%stunnel_opts"
|
||||
|
||||
# Change to one to enable ppp restart scripts
|
||||
PPP_RESTART=0
|
||||
|
||||
# Change to enable the setting of limits on the stunnel instances
|
||||
# For example, to set a large limit on file descriptors (to enable
|
||||
# more simultaneous client connections), set RLIMITS="-n 4096"
|
||||
# More than one resource limit may be modified at the same time,
|
||||
# e.g. RLIMITS="-n 4096 -d unlimited"
|
||||
RLIMITS=""
|
Reference in New Issue
Block a user