Compare commits
No commits in common. "develop" and "2.7.1/master" have entirely different histories.
develop
...
2.7.1/mast
4
Makefile
4
Makefile
@ -4,8 +4,8 @@
|
||||
|
||||
SOURCE=eole-redis
|
||||
VERSION=0.0.1
|
||||
EOLE_VERSION=2.6
|
||||
EOLE_RELEASE=2.6.2
|
||||
EOLE_VERSION=2.7
|
||||
EOLE_RELEASE=2.7.1
|
||||
PKGAPPS=non
|
||||
#FLASK_MODULE=<APPLICATION>
|
||||
|
||||
|
30
diagnose/70_redis
Normal file
30
diagnose/70_redis
Normal file
@ -0,0 +1,30 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [ $(CreoleGet activer_redis) = "oui" ];then
|
||||
. /usr/lib/eole/diagnose.sh
|
||||
|
||||
EchoGras "*** Service Redis"
|
||||
nbIface=$(CreoleGet nombre_interfaces)
|
||||
ssl=$(CreoleGet redisSSL non)
|
||||
if [ ${nbIface} -eq 1 ]
|
||||
then
|
||||
TestService "Redis master iface 0" $(CreoleGet "adresse_ip_eth0"):$(CreoleGet "redisPort")
|
||||
if [ ${ssl} = "oui" ]
|
||||
then
|
||||
TestService "Redis master SSL iface 0" $(CreoleGet "adresse_ip_eth0"):$(CreoleGet "redisSSLPort")
|
||||
fi
|
||||
echo
|
||||
else
|
||||
for iface in $(seq 0 ${nbIface})
|
||||
do
|
||||
TestService "Redis master iface ${iface}" $(CreoleGet "adresse_ip_eth${iface}"):$(CreoleGet "redisPort")
|
||||
if [ ${ssl} = "oui" ]
|
||||
then
|
||||
TestService "Redis master SSL iface ${iface}" $(CreoleGet "adresse_ip_eth0"):$(CreoleGet "redisSSLPort")
|
||||
fi
|
||||
echo
|
||||
done
|
||||
fi
|
||||
fi
|
||||
|
||||
exit 0
|
23
diagnose/70_stunnel
Normal file
23
diagnose/70_stunnel
Normal file
@ -0,0 +1,23 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [ $(CreoleGet activer_stunnel) = "oui" ];then
|
||||
if [ $(CreoleGet stunnel_add_tunnels non ) = "oui" ];then
|
||||
. /usr/lib/eole/diagnose.sh
|
||||
|
||||
EchoGras "*** Service Stunnel"
|
||||
name=($(CreoleGet stunnel_name))
|
||||
acc_ip=($(CreoleGet stunnel_accept_ip))
|
||||
acc_port=($(CreoleGet stunnel_accept_port))
|
||||
conn_ip=($(CreoleGet stunnel_connect_ip))
|
||||
conn_port=($(CreoleGet stunnel_connect_port))
|
||||
|
||||
len=${#name[@]}
|
||||
for (( i=0; i<$len; i++ ))
|
||||
do
|
||||
TestService "Tunnel ${name[$i]}: ${acc_ip}:${acc_port} => ${conn_ip}:${conn_port}" ${acc_ip}:${acc_port}
|
||||
done
|
||||
echo
|
||||
fi
|
||||
fi
|
||||
|
||||
exit 0
|
@ -6,10 +6,12 @@
|
||||
<file filelist='redis' name='/etc/redis/redis.conf' mkdir='True' rm='True'/>
|
||||
<file filelist='redisSlave' name='/etc/redis/redis-slave.conf' mkdir='True' rm='True'/>
|
||||
<file filelist='redisCl' name='/etc/redis/cluster.conf' source='redis-cluster.conf' mkdir='True' rm='True'/>
|
||||
<file filelist='redisSSL' name='/etc/stunnel/redis-ssl.conf' mkdir='True' rm='True'/>
|
||||
<service servicelist="svredis">redis-server</service>
|
||||
<service servicelist="svredisSlave">redis2-server</service>
|
||||
<service_access service='redis-server'>
|
||||
<port service_accesslist='saRedis' protocol='tcp' port_type='SymLinkOption'>redisPort</port>
|
||||
<port service_accesslist='saSSLRedis' protocol='tcp' port_type='SymLinkOption'>redisSSLPort</port>
|
||||
<port service_accesslist='saRedis' protocol='tcp' port_type='SymLinkOption'>redisClPort</port>
|
||||
<port service_accesslist='saRedisSlave' protocol='tcp' port_type='SymLinkOption'>redisPortSlave</port>
|
||||
<port service_accesslist='saRedisSlave' protocol='tcp' port_type='SymLinkOption'>redisClPortSlave</port>
|
||||
@ -29,6 +31,9 @@
|
||||
<variable name='redisMode' type='string' description="Mode d'utilisation de Redis">
|
||||
<value>Local</value>
|
||||
</variable>
|
||||
<variable name='redisSSL' type='oui/non' description="Activer le support SSL pour redis">
|
||||
<value>non</value>
|
||||
</variable>
|
||||
<variable name='redisSlaveInstance' type='oui/non' description="Voulez-vous lancer une instance esclave Redis sur ce serveur ?">
|
||||
<value>non</value>
|
||||
</variable>
|
||||
@ -38,6 +43,12 @@
|
||||
<variable name='redisPort' type='number' description="Port d'écoute du service Redis">
|
||||
<value>6379</value>
|
||||
</variable>
|
||||
<variable name='redisSSLPort' type='port' description="Port d'écoute SSL du service Redis">
|
||||
<value>6380</value>
|
||||
</variable>
|
||||
<variable name='redisSSLVersion' type='string' description="Version du protocole SSL">
|
||||
<value>TLSv1</value>
|
||||
</variable>
|
||||
<variable name='redisClPort' type='number' description="Port d'écoute du service Cluster Redis"/>
|
||||
<variable name='redisMaxMemory' type='number' description="Quantité de mémoire utilisable par Redis en Mo">
|
||||
<value>512</value>
|
||||
@ -127,6 +138,12 @@
|
||||
<target type='servicelist'>svredis</target>
|
||||
</condition>
|
||||
|
||||
<condition name='disabled_if_in' source="redisSSL">
|
||||
<param>non</param>
|
||||
<target type='variable'>redisSSLPort</target>
|
||||
<target type='service_accesslist'>saSSLRedis</target>
|
||||
</condition>
|
||||
|
||||
<condition name='disabled_if_in' source='redisSlaveInstance'>
|
||||
<param>non</param>
|
||||
<target type='filelist'>redisSlave</target>
|
||||
|
62
dicos/90_stunnel.xml
Normal file
62
dicos/90_stunnel.xml
Normal file
@ -0,0 +1,62 @@
|
||||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<creole>
|
||||
<files>
|
||||
<!-- System configuration -->
|
||||
<file filelist='stunnel' name='/etc/default/stunnel4' source='stunnel_default' mkdir='True' rm='True'/>
|
||||
<file filelist='stunnel-custom' name='/etc/stunnel/eole-tunnel.conf' source='stunnel.conf' mkdir='True' rm='True'/>
|
||||
<file filelist='stunnel-custom' name='/usr/share/eole/bastion/data/90-stunnel_dynamic_rules' mode='0755' rm='True'/>
|
||||
<service servicelist="stunnel">stunnel4</service>
|
||||
</files>
|
||||
<variables>
|
||||
<family name='Services'>
|
||||
<variable name='activer_stunnel' type='oui/non' description="Activer Stunnel (serveur mandataire SSL) ?">
|
||||
<value>oui</value>
|
||||
</variable>
|
||||
</family>
|
||||
<family name="stunnel" mode='expert'>
|
||||
<variable name='stunnel_opts' type='string' description="Options complémentaires pour Stunnel"/>
|
||||
<variable name='stunnel_add_tunnels' type='oui/non' description="Ajouter de entrées stunnel personnalisée">
|
||||
<value>non</value>
|
||||
</variable>
|
||||
<variable name="stunnel_name" type='string' description="Nom du tunnel SSL" multi="True"/>
|
||||
<variable name="stunnel_accept_ip" type='ip' description="IP d'écoute du tunnel"/>
|
||||
<variable name="stunnel_accept_port" type="port" description=" Port d'écoute du tunnel"/>
|
||||
<variable name="stunnel_connect_ip" type="ip" description="IP du service à la sortie du tunnel"/>
|
||||
<variable name="stunnel_connect_port" type="port" description="Port d'écoute du service à la sortie du tunnel"/>
|
||||
<variable name="stunnel_ssl_version" type="string" description="Version SSL">
|
||||
<value>TLSv1</value>
|
||||
</variable>
|
||||
</family>
|
||||
</variables>
|
||||
<constraints>
|
||||
<condition name='disabled_if_in' source='activer_stunnel'>
|
||||
<param>non</param>
|
||||
<target type='filelist'>stunnel-custom</target>
|
||||
<target type='filelist'>stunnel</target>
|
||||
<target type='family'>stunnel</target>
|
||||
<target type='servicelist'>stunnel</target>
|
||||
<target type='service_accesslist'>saStunnel</target>
|
||||
</condition>
|
||||
<condition name='disabled_if_in' source='stunnel_add_tunnels'>
|
||||
<param>non</param>
|
||||
<target type='filelist'>stunnel-custom</target>
|
||||
<target type='variable'>stunnel_name</target>
|
||||
<target type='variable'>stunnel_accept_ip</target>
|
||||
<target type='variable'>stunnel_accept_port</target>
|
||||
<target type='variable'>stunnel_connect_ip</target>
|
||||
<target type='variable'>stunnel_connect_port</target>
|
||||
<target type='variable'>stunnel_ssl_version</target>
|
||||
</condition>
|
||||
<group master='stunnel_name'>
|
||||
<slave>stunnel_accept_ip</slave>
|
||||
<slave>stunnel_accept_port</slave>
|
||||
<slave>stunnel_connect_ip</slave>
|
||||
<slave>stunnel_connect_port</slave>
|
||||
<slave>stunnel_ssl_version</slave>
|
||||
</group>
|
||||
|
||||
</constraints>
|
||||
<help>
|
||||
<variable name='activer_stunnel'>Activer le service mandataire SSL (stunnel)</variable>
|
||||
</help>
|
||||
</creole>
|
7
tmpl/90-stunnel_dynamic_rules
Normal file
7
tmpl/90-stunnel_dynamic_rules
Normal file
@ -0,0 +1,7 @@
|
||||
#!/bin/sh
|
||||
|
||||
%for %%tunnel in %%stunnel_name
|
||||
%for %%int_idx in %%range(0, %%int(%%nombre_interfaces))
|
||||
/sbin/iptables -A eth%%{int_idx}-root -s 0.0.0.0/0.0.0.0 -p tcp -m tcp --dport %%tunnel.stunnel_accept_port --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
|
||||
%end for
|
||||
%end for
|
12
tmpl/redis-ssl.conf
Normal file
12
tmpl/redis-ssl.conf
Normal file
@ -0,0 +1,12 @@
|
||||
pid = /var/run/redis-stunnel.pid
|
||||
|
||||
%if %%redisMode == "Local"
|
||||
[redis-local]
|
||||
cert = %%server_cert
|
||||
key = %%server_key
|
||||
CApath = %%os.path.dirname(%%server_cert)
|
||||
verify = 2
|
||||
SSLversion=%%redisSSLVersion
|
||||
accept = %%redisSSLPort
|
||||
connect = %%redisPort
|
||||
%end if
|
19
tmpl/stunnel.conf
Normal file
19
tmpl/stunnel.conf
Normal file
@ -0,0 +1,19 @@
|
||||
pid = /var/run/stunnel.pid
|
||||
%for %%tunnel in %%stunnel_name
|
||||
[%%tunnel]
|
||||
cert = %%server_cert
|
||||
key = %%server_key
|
||||
CApath = %%os.path.dirname(%%server_cert)
|
||||
verify = 2
|
||||
SSLversion=%%tunnel.stunnel_ssl_version
|
||||
%if %%is_empty(%%tunnel.stunnel_accept_ip)
|
||||
accept = %%tunnel.stunnel_accept_port
|
||||
%else
|
||||
accept = %%{tunnel.stunnel_accept_ip}:%%{tunnel.stunnel_accept_port}
|
||||
%end if
|
||||
%if %%is_empty(%%tunnel.stunnel_connect_ip)
|
||||
connect = %%tunnel.stunnel_connect_port
|
||||
%else
|
||||
connect = %%{tunnel.stunnel_connect_ip}:%%{tunnel.stunnel_connect_port}
|
||||
%end if
|
||||
%end for
|
18
tmpl/stunnel_default
Normal file
18
tmpl/stunnel_default
Normal file
@ -0,0 +1,18 @@
|
||||
# /etc/default/stunnel
|
||||
# Julien LEMOINE <speedblue@debian.org>
|
||||
# September 2003
|
||||
|
||||
# Change to one to enable stunnel automatic startup
|
||||
ENABLED=1
|
||||
FILES="/etc/stunnel/*.conf"
|
||||
OPTIONS="%%stunnel_opts"
|
||||
|
||||
# Change to one to enable ppp restart scripts
|
||||
PPP_RESTART=0
|
||||
|
||||
# Change to enable the setting of limits on the stunnel instances
|
||||
# For example, to set a large limit on file descriptors (to enable
|
||||
# more simultaneous client connections), set RLIMITS="-n 4096"
|
||||
# More than one resource limit may be modified at the same time,
|
||||
# e.g. RLIMITS="-n 4096 -d unlimited"
|
||||
RLIMITS=""
|
Loading…
Reference in New Issue
Block a user