From 1be510f9529cb082f802408b472a77d074b394c0 Mon Sep 17 00:00:00 2001 From: Nicolas Vigier Date: Sun, 14 Apr 2013 13:46:12 +0000 Subject: Add zarb MLs html archives --- .../20101029/0a250102/attachment-0001.html | 418 +++++++++++ .../attachments/20101029/0a250102/attachment.html | 419 +++++++++++ .../20101029/0d388268/attachment-0001.html | 114 +++ .../attachments/20101029/0d388268/attachment.html | 113 +++ .../20101029/181142ec/attachment-0001.html | 109 +++ .../attachments/20101029/181142ec/attachment.html | 108 +++ .../20101029/225b43fb/attachment-0001.html | 91 +++ .../attachments/20101029/225b43fb/attachment.html | 90 +++ .../20101029/2a768e17/attachment-0001.html | 100 +++ .../attachments/20101029/2a768e17/attachment.html | 99 +++ .../20101029/30bdaa9a/attachment-0001.html | 95 +++ .../attachments/20101029/30bdaa9a/attachment.html | 94 +++ .../20101029/373a5efb/attachment-0001.html | 92 +++ .../attachments/20101029/373a5efb/attachment.html | 93 +++ .../20101029/3c45a862/attachment-0001.html | 91 +++ .../attachments/20101029/3c45a862/attachment.html | 90 +++ .../20101029/3d892885/attachment-0001.html | 158 +++++ .../attachments/20101029/3d892885/attachment.html | 157 +++++ .../20101029/4969ecb2/attachment-0001.html | 91 +++ .../attachments/20101029/4969ecb2/attachment.html | 90 +++ .../20101029/534f63e7/attachment-0001.html | 761 ++++++++++++++++++++ .../attachments/20101029/534f63e7/attachment.html | 762 +++++++++++++++++++++ .../20101029/6561f43c/attachment-0001.html | 91 +++ .../attachments/20101029/6561f43c/attachment.html | 90 +++ .../20101029/89afaba1/attachment-0001.html | 173 +++++ .../attachments/20101029/89afaba1/attachment.html | 174 +++++ .../20101029/cd653f71/attachment-0001.html | 103 +++ .../attachments/20101029/cd653f71/attachment.html | 102 +++ .../20101029/d832edeb/attachment-0001.html | 108 +++ .../attachments/20101029/d832edeb/attachment.html | 107 +++ .../20101029/e266393a/attachment-0001.asc | 7 + .../attachments/20101029/e266393a/attachment.asc | 7 + 32 files changed, 5197 insertions(+) create mode 100644 zarb-ml/mageia-sysadm/attachments/20101029/0a250102/attachment-0001.html create mode 100644 zarb-ml/mageia-sysadm/attachments/20101029/0a250102/attachment.html create mode 100644 zarb-ml/mageia-sysadm/attachments/20101029/0d388268/attachment-0001.html create mode 100644 zarb-ml/mageia-sysadm/attachments/20101029/0d388268/attachment.html create mode 100644 zarb-ml/mageia-sysadm/attachments/20101029/181142ec/attachment-0001.html create mode 100644 zarb-ml/mageia-sysadm/attachments/20101029/181142ec/attachment.html create mode 100644 zarb-ml/mageia-sysadm/attachments/20101029/225b43fb/attachment-0001.html create mode 100644 zarb-ml/mageia-sysadm/attachments/20101029/225b43fb/attachment.html create mode 100644 zarb-ml/mageia-sysadm/attachments/20101029/2a768e17/attachment-0001.html create mode 100644 zarb-ml/mageia-sysadm/attachments/20101029/2a768e17/attachment.html create mode 100644 zarb-ml/mageia-sysadm/attachments/20101029/30bdaa9a/attachment-0001.html create mode 100644 zarb-ml/mageia-sysadm/attachments/20101029/30bdaa9a/attachment.html create mode 100644 zarb-ml/mageia-sysadm/attachments/20101029/373a5efb/attachment-0001.html create mode 100644 zarb-ml/mageia-sysadm/attachments/20101029/373a5efb/attachment.html create mode 100644 zarb-ml/mageia-sysadm/attachments/20101029/3c45a862/attachment-0001.html create mode 100644 zarb-ml/mageia-sysadm/attachments/20101029/3c45a862/attachment.html create mode 100644 zarb-ml/mageia-sysadm/attachments/20101029/3d892885/attachment-0001.html create mode 100644 zarb-ml/mageia-sysadm/attachments/20101029/3d892885/attachment.html create mode 100644 zarb-ml/mageia-sysadm/attachments/20101029/4969ecb2/attachment-0001.html create mode 100644 zarb-ml/mageia-sysadm/attachments/20101029/4969ecb2/attachment.html create mode 100644 zarb-ml/mageia-sysadm/attachments/20101029/534f63e7/attachment-0001.html create mode 100644 zarb-ml/mageia-sysadm/attachments/20101029/534f63e7/attachment.html create mode 100644 zarb-ml/mageia-sysadm/attachments/20101029/6561f43c/attachment-0001.html create mode 100644 zarb-ml/mageia-sysadm/attachments/20101029/6561f43c/attachment.html create mode 100644 zarb-ml/mageia-sysadm/attachments/20101029/89afaba1/attachment-0001.html create mode 100644 zarb-ml/mageia-sysadm/attachments/20101029/89afaba1/attachment.html create mode 100644 zarb-ml/mageia-sysadm/attachments/20101029/cd653f71/attachment-0001.html create mode 100644 zarb-ml/mageia-sysadm/attachments/20101029/cd653f71/attachment.html create mode 100644 zarb-ml/mageia-sysadm/attachments/20101029/d832edeb/attachment-0001.html create mode 100644 zarb-ml/mageia-sysadm/attachments/20101029/d832edeb/attachment.html create mode 100644 zarb-ml/mageia-sysadm/attachments/20101029/e266393a/attachment-0001.asc create mode 100644 zarb-ml/mageia-sysadm/attachments/20101029/e266393a/attachment.asc (limited to 'zarb-ml/mageia-sysadm/attachments/20101029') diff --git a/zarb-ml/mageia-sysadm/attachments/20101029/0a250102/attachment-0001.html b/zarb-ml/mageia-sysadm/attachments/20101029/0a250102/attachment-0001.html new file mode 100644 index 000000000..713a6e7bb --- /dev/null +++ b/zarb-ml/mageia-sysadm/attachments/20101029/0a250102/attachment-0001.html @@ -0,0 +1,418 @@ + + + +[53] - deploy ldap with puppet on valstar + + + + +
+
+
Revision
53
+
Author
misc
+
Date
2010-10-29 00:55:56 +0200 (Fri, 29 Oct 2010)
+
+ +

Log Message

+
- deploy ldap with puppet on valstar
+ +

Modified Paths

+ + +

Added Paths

+ + +
+
+

Diff

+ +

Modified: puppet/manifests/nodes.pp (52 => 53)

+

+--- puppet/manifests/nodes.pp	2010-10-28 16:47:50 UTC (rev 52)
++++ puppet/manifests/nodes.pp	2010-10-28 22:55:56 UTC (rev 53)
+@@ -16,6 +16,7 @@
+     timezone::timezone { "Europe/Paris": }
+     include rsyncd
+     include mirror
++    include openldap::master 
+ 
+     # for puppet svn checkout
+     package {"subversion":
+
+ +

Added: puppet/modules/openldap/manifests/init.pp (0 => 53)

+

+--- puppet/modules/openldap/manifests/init.pp	                        (rev 0)
++++ puppet/modules/openldap/manifests/init.pp	2010-10-28 22:55:56 UTC (rev 53)
+@@ -0,0 +1,46 @@
++class openldap {
++    class base {
++        package { 'openldap-servers':
++            ensure => installed 
++        }
++
++        service { ldap:
++            ensure => running,
++            subscribe => [ Package['openldap-servers']],
++            path => "/etc/init.d/ldap"
++        }
++    }
++
++    # /etc/
++    # 11:57:48|  blingme> misc: nothing special, just copy slapd.conf, mandriva-dit-access.conf across, slapcat one side, slapadd other side
++
++    file { '/etc/openldap/slapd.conf':
++        ensure => present,
++        owner => root,
++        group => root,
++        mode => 644,
++        require => Package["openldap-servers"],
++        content => "",
++        notify => [Service['ldap']]
++    }
++
++    file { '/etc/openldap/mandriva-dit-access.conf':
++        ensure => present,
++        owner => root,
++        group => root,
++        mode => 644,
++        require => Package["openldap-servers"],
++        content => "",
++        notify => [Service['ldap']]
++    }
++
++    class master inherits base {
++        file { '/etc/openldap/mandriva-dit-access.conf':
++            content => template("openldap/mandriva-dit-access.conf"),
++        }
++
++        file { '/etc/openldap/slapd.conf':
++            content => template("bind/slapd.conf"),
++        }
++    }
++}
+
+ +

Added: puppet/modules/openldap/templates/mandriva-dit-access.conf (0 => 53)

+

+--- puppet/modules/openldap/templates/mandriva-dit-access.conf	                        (rev 0)
++++ puppet/modules/openldap/templates/mandriva-dit-access.conf	2010-10-28 22:55:56 UTC (rev 53)
+@@ -0,0 +1,157 @@
++# mandriva-dit-access.conf
++
++limits group="cn=LDAP Replicators,ou=System Groups,dc=mageia,dc=org"
++	limit size=unlimited
++	limit time=unlimited
++
++limits group="cn=LDAP Admins,ou=System Groups,dc=mageia,dc=org"
++	limit size=unlimited
++	limit time=unlimited
++
++limits group="cn=Account Admins,ou=System Groups,dc=mageia,dc=org"
++	limit size=unlimited
++	limit time=unlimited
++
++# so we don't have to add these to every other acl down there
++access to dn.subtree="dc=mageia,dc=org"
++	by group.exact="cn=LDAP Admins,ou=System Groups,dc=mageia,dc=org" write
++	by group.exact="cn=LDAP Replicators,ou=System Groups,dc=mageia,dc=org" read
++	by * break
++
++# userPassword access
++# shadowLastChange is here because it needs to be writable by the user because
++# of pam_ldap, which will update this attr whenever the password is changed.
++# And this is done with the user's credentials
++access to dn.subtree="dc=mageia,dc=org"
++        attrs=shadowLastChange
++        by self write
++        by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write
++        by * read
++access to dn.subtree="dc=mageia,dc=org"
++	attrs=userPassword
++	by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write
++	by self write
++	by anonymous auth
++	by * none
++
++# kerberos key access
++# "by auth" just in case...
++access to dn.subtree="dc=mageia,dc=org"
++        attrs=krb5Key
++        by self write
++        by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write
++        by anonymous auth
++        by * none
++
++# password policies
++access to dn.subtree="ou=Password Policies,dc=mageia,dc=org"
++	by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write
++	by * read
++
++# samba password attributes
++# by self not strictly necessary, because samba uses its own admin user to
++# change the password on the user's behalf
++# openldap also doesn't auth on these attributes, but maybe some day it will
++access to dn.subtree="dc=mageia,dc=org"
++	attrs=sambaLMPassword,sambaNTPassword
++	by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write
++	by anonymous auth
++	by self write
++	by * none
++# password history attribute
++# pwdHistory is read-only, but ACL is simplier with it here
++access to dn.subtree="dc=mageia,dc=org"
++	attrs=sambaPasswordHistory,pwdHistory
++	by self read
++	by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write
++	by * none
++
++# pwdReset, so the admin can force an user to change a password
++access to dn.subtree="dc=mageia,dc=org"
++	attrs=pwdReset
++	by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write
++	by * read
++
++# group owner can add/remove/edit members to groups
++access to dn.regex="^cn=[^,]+,ou=(System Groups|Group),dc=mageia,dc=org$"
++	attrs=member
++	by dnattr=owner write
++	by * break
++
++# let the user change some of his/her attributes
++access to dn.subtree="ou=People,dc=mageia,dc=org"
++	attrs=carLicense,homePhone,homePostalAddress,mobile,pager,telephoneNumber
++	by self write
++	by * break
++
++# create new accounts
++access to dn.regex="^([^,]+,)?ou=(People|Group|Hosts),dc=mageia,dc=org$"
++	attrs=children,entry
++	by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write
++	by * break
++# access to existing entries
++access to dn.regex="^[^,]+,ou=(People|Hosts|Group),dc=mageia,dc=org$"
++	by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write
++	by * break
++
++# sambaDomainName entry
++access to dn.regex="^(sambaDomainName=[^,]+,)?dc=mageia,dc=org$"
++	attrs=children,entry,@sambaDomain,@sambaUnixIdPool
++	by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write
++	by * read
++
++# samba ID mapping
++access to dn.regex="^(sambaSID=[^,]+,)?ou=Idmap,dc=mageia,dc=org$"
++	attrs=children,entry,@sambaIdmapEntry
++	by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write
++	by group.exact="cn=IDMAP Admins,ou=System Groups,dc=mageia,dc=org" write
++	by * read
++
++# global address book
++# XXX - which class(es) to use?
++access to dn.regex="^(.*,)?ou=Address Book,dc=mageia,dc=org"
++	attrs=children,entry,@inetOrgPerson,@evolutionPerson,@evolutionPersonList
++	by group.exact="cn=Address Book Admins,ou=System Groups,dc=mageia,dc=org" write
++	by * read
++
++# dhcp entries
++# XXX - open up read access to anybody?
++access to dn.sub="ou=dhcp,dc=mageia,dc=org"
++	attrs=children,entry,@dhcpService,@dhcpServer,@dhcpSharedNetwork,@dhcpSubnet,@dhcpPool,@dhcpGroup,@dhcpHost,@dhcpClass,@dhcpSubClass,@dhcpOptions,@dhcpLeases,@dhcpLog
++	by group.exact="cn=DHCP Admins,ou=System Groups,dc=mageia,dc=org" write
++	by group.exact="cn=DHCP Readers,ou=System Groups,dc=mageia,dc=org" read
++	by * read
++
++# sudoers
++access to dn.regex="^([^,]+,)?ou=sudoers,dc=mageia,dc=org$"
++	attrs=children,entry,@sudoRole
++	by group.exact="cn=Sudo Admins,ou=System Groups,dc=mageia,dc=org" write
++	by * read
++
++# dns
++access to dn="ou=dns,dc=mageia,dc=org"
++	attrs=entry,@extensibleObject
++	by group.exact="cn=DNS Admins,ou=System Groups,dc=mageia,dc=org" write
++	by * read
++access to dn.sub="ou=dns,dc=mageia,dc=org"
++	attrs=children,entry,@dNSZone
++	by group.exact="cn=DNS Admins,ou=System Groups,dc=mageia,dc=org" write
++	by group.exact="cn=DNS Readers,ou=System Groups,dc=mageia,dc=org" read
++	by * none
++
++# MTA
++# XXX - what else can we add here? Virtual Domains? With which schema?
++access to dn.one="ou=People,dc=mageia,dc=org"
++	attrs=@inetLocalMailRecipient,mail
++	by group.exact="cn=MTA Admins,ou=System Groups,dc=mageia,dc=org" write
++	by * read
++
++# KDE Configuration
++access to dn.sub="ou=KDEConfig,dc=mageia,dc=org"
++	by group.exact="cn=KDEConfig Admins,ou=System Groups,dc=mageia,dc=org" write
++	by * read
++
++# last one
++access to dn.subtree="dc=mageia,dc=org" attrs=entry,uid,cn
++	by * read
++
+
+ +

Added: puppet/modules/openldap/templates/slapd.conf (0 => 53)

+

+--- puppet/modules/openldap/templates/slapd.conf	                        (rev 0)
++++ puppet/modules/openldap/templates/slapd.conf	2010-10-28 22:55:56 UTC (rev 53)
+@@ -0,0 +1,95 @@
++# slapd.conf template
++include	/usr/share/openldap/schema/core.schema
++include	/usr/share/openldap/schema/cosine.schema
++include	/usr/share/openldap/schema/corba.schema 
++include	/usr/share/openldap/schema/inetorgperson.schema
++include	/usr/share/openldap/schema/java.schema 
++include	/usr/share/openldap/schema/krb5-kdc.schema
++#include /usr/share/openldap/schema/kerberosobject.schema
++include	/usr/share/openldap/schema/misc.schema
++include	/usr/share/openldap/schema/nis.schema
++include	/usr/share/openldap/schema/openldap.schema 
++include /usr/share/openldap/schema/autofs.schema
++include /usr/share/openldap/schema/samba.schema
++include /usr/share/openldap/schema/kolab.schema
++include /usr/share/openldap/schema/evolutionperson.schema
++include /usr/share/openldap/schema/calendar.schema
++include /usr/share/openldap/schema/sudo.schema
++include /usr/share/openldap/schema/dnszone.schema
++include /usr/share/openldap/schema/dhcp.schema
++include /usr/share/openldap/schema/dyngroup.schema
++include /usr/share/openldap/schema/ppolicy.schema
++
++#include	/etc/openldap/schema/local.schema
++
++pidfile		/var/run/ldap/slapd.pid
++argsfile	/var/run/ldap/slapd.args
++
++modulepath	/usr/lib/openldap
++moduleload	back_monitor.la
++moduleload	syncprov.la
++moduleload	ppolicy.la
++#moduleload	refint.la
++
++TLSCertificateFile      /etc/ssl/openldap/ldap.pem
++TLSCertificateKeyFile   /etc/ssl/openldap/ldap.pem
++TLSCACertificateFile    /etc/ssl/openldap/ldap.pem
++
++loglevel 256
++
++database	bdb
++suffix		"dc=mageia,dc=org"
++directory	/var/lib/ldap
++rootdn		"cn=manager,dc=mageia,dc=org"
++
++checkpoint 256 5
++# 32Mbytes, can hold about 10k posixAccount entries
++dbconfig set_cachesize 0 33554432 1
++dbconfig set_lg_bsize 2097152
++cachesize 1000
++idlcachesize 3000
++
++index	objectClass					eq
++index	uidNumber,gidNumber,memberuid,member		eq
++index	uid						eq,subinitial
++index	cn,mail,surname,givenname			eq,subinitial
++index	sambaSID					eq,sub
++index	sambaDomainName,displayName,sambaGroupType	eq
++index	sambaSIDList					eq
++index	krb5PrincipalName				eq
++index	uniqueMember					pres,eq
++index	zoneName,relativeDomainName			eq
++index	sudouser					eq,sub
++index	entryCSN,entryUUID				eq
++index	dhcpHWAddress,dhcpClassData			eq
++
++overlay syncprov
++syncprov-checkpoint 100 10
++syncprov-sessionlog 100
++
++overlay ppolicy
++ppolicy_default "cn=default,ou=Password Policies,dc=mageia,dc=org"
++ppolicy_hash_cleartext yes
++ppolicy_use_lockout yes
++
++
++# uncomment if you want to automatically update group
++# memberships when an user is removed from the tree
++# Also uncomment the refint.la moduleload above
++#overlay refint
++#refint_attributes member
++#refint_nothing "uid=LDAP Admin,ou=System Accounts,dc=example,dc=com"
++
++authz-regexp "gidNumber=0\\\+uidNumber=0,cn=peercred,cn=external,cn=auth"
++	"uid=Account Admin,ou=System Accounts,dc=mageia,dc=org"
++authz-regexp ^uid=([^,]+),cn=[^,]+,cn=auth$ uid=$1,ou=People,dc=mageia,dc=org
++
++include /etc/openldap/mandriva-dit-access.conf
++
++
++database monitor
++access to dn.subtree="cn=Monitor"
++	by group.exact="cn=LDAP Monitors,ou=System Groups,dc=mageia,dc=org" read
++	by group.exact="cn=LDAP Admins,ou=System Groups,dc=mageia,dc=org" read
++	by * none
++
+
+
+
+ + + diff --git a/zarb-ml/mageia-sysadm/attachments/20101029/0a250102/attachment.html b/zarb-ml/mageia-sysadm/attachments/20101029/0a250102/attachment.html new file mode 100644 index 000000000..cf08c4062 --- /dev/null +++ b/zarb-ml/mageia-sysadm/attachments/20101029/0a250102/attachment.html @@ -0,0 +1,419 @@ + + + +[53] - deploy ldap with puppet on valstar + + + + +
+
+
Revision
53
+
Author
misc
+
Date
2010-10-29 00:55:56 +0200 (Fri, 29 Oct 2010)
+
+ +

Log Message

+
- deploy ldap with puppet on valstar
+ +

Modified Paths

+ + +

Added Paths

+ + +
+
+

Diff

+ +

Modified: puppet/manifests/nodes.pp (52 => 53)

+

+--- puppet/manifests/nodes.pp	2010-10-28 16:47:50 UTC (rev 52)
++++ puppet/manifests/nodes.pp	2010-10-28 22:55:56 UTC (rev 53)
+@@ -16,6 +16,7 @@
+     timezone::timezone { "Europe/Paris": }
+     include rsyncd
+     include mirror
++    include openldap::master 
+ 
+     # for puppet svn checkout
+     package {"subversion":
+
+ +

Added: puppet/modules/openldap/manifests/init.pp (0 => 53)

+

+--- puppet/modules/openldap/manifests/init.pp	                        (rev 0)
++++ puppet/modules/openldap/manifests/init.pp	2010-10-28 22:55:56 UTC (rev 53)
+@@ -0,0 +1,46 @@
++class openldap {
++    class base {
++        package { 'openldap-servers':
++            ensure => installed 
++        }
++
++        service { ldap:
++            ensure => running,
++            subscribe => [ Package['openldap-servers']],
++            path => "/etc/init.d/ldap"
++        }
++    }
++
++    # /etc/
++    # 11:57:48|  blingme> misc: nothing special, just copy slapd.conf, mandriva-dit-access.conf across, slapcat one side, slapadd other side
++
++    file { '/etc/openldap/slapd.conf':
++        ensure => present,
++        owner => root,
++        group => root,
++        mode => 644,
++        require => Package["openldap-servers"],
++        content => "",
++        notify => [Service['ldap']]
++    }
++
++    file { '/etc/openldap/mandriva-dit-access.conf':
++        ensure => present,
++        owner => root,
++        group => root,
++        mode => 644,
++        require => Package["openldap-servers"],
++        content => "",
++        notify => [Service['ldap']]
++    }
++
++    class master inherits base {
++        file { '/etc/openldap/mandriva-dit-access.conf':
++            content => template("openldap/mandriva-dit-access.conf"),
++        }
++
++        file { '/etc/openldap/slapd.conf':
++            content => template("bind/slapd.conf"),
++        }
++    }
++}
+
+ +

Added: puppet/modules/openldap/templates/mandriva-dit-access.conf (0 => 53)

+

+--- puppet/modules/openldap/templates/mandriva-dit-access.conf	                        (rev 0)
++++ puppet/modules/openldap/templates/mandriva-dit-access.conf	2010-10-28 22:55:56 UTC (rev 53)
+@@ -0,0 +1,157 @@
++# mandriva-dit-access.conf
++
++limits group="cn=LDAP Replicators,ou=System Groups,dc=mageia,dc=org"
++	limit size=unlimited
++	limit time=unlimited
++
++limits group="cn=LDAP Admins,ou=System Groups,dc=mageia,dc=org"
++	limit size=unlimited
++	limit time=unlimited
++
++limits group="cn=Account Admins,ou=System Groups,dc=mageia,dc=org"
++	limit size=unlimited
++	limit time=unlimited
++
++# so we don't have to add these to every other acl down there
++access to dn.subtree="dc=mageia,dc=org"
++	by group.exact="cn=LDAP Admins,ou=System Groups,dc=mageia,dc=org" write
++	by group.exact="cn=LDAP Replicators,ou=System Groups,dc=mageia,dc=org" read
++	by * break
++
++# userPassword access
++# shadowLastChange is here because it needs to be writable by the user because
++# of pam_ldap, which will update this attr whenever the password is changed.
++# And this is done with the user's credentials
++access to dn.subtree="dc=mageia,dc=org"
++        attrs=shadowLastChange
++        by self write
++        by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write
++        by * read
++access to dn.subtree="dc=mageia,dc=org"
++	attrs=userPassword
++	by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write
++	by self write
++	by anonymous auth
++	by * none
++
++# kerberos key access
++# "by auth" just in case...
++access to dn.subtree="dc=mageia,dc=org"
++        attrs=krb5Key
++        by self write
++        by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write
++        by anonymous auth
++        by * none
++
++# password policies
++access to dn.subtree="ou=Password Policies,dc=mageia,dc=org"
++	by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write
++	by * read
++
++# samba password attributes
++# by self not strictly necessary, because samba uses its own admin user to
++# change the password on the user's behalf
++# openldap also doesn't auth on these attributes, but maybe some day it will
++access to dn.subtree="dc=mageia,dc=org"
++	attrs=sambaLMPassword,sambaNTPassword
++	by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write
++	by anonymous auth
++	by self write
++	by * none
++# password history attribute
++# pwdHistory is read-only, but ACL is simplier with it here
++access to dn.subtree="dc=mageia,dc=org"
++	attrs=sambaPasswordHistory,pwdHistory
++	by self read
++	by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write
++	by * none
++
++# pwdReset, so the admin can force an user to change a password
++access to dn.subtree="dc=mageia,dc=org"
++	attrs=pwdReset
++	by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write
++	by * read
++
++# group owner can add/remove/edit members to groups
++access to dn.regex="^cn=[^,]+,ou=(System Groups|Group),dc=mageia,dc=org$"
++	attrs=member
++	by dnattr=owner write
++	by * break
++
++# let the user change some of his/her attributes
++access to dn.subtree="ou=People,dc=mageia,dc=org"
++	attrs=carLicense,homePhone,homePostalAddress,mobile,pager,telephoneNumber
++	by self write
++	by * break
++
++# create new accounts
++access to dn.regex="^([^,]+,)?ou=(People|Group|Hosts),dc=mageia,dc=org$"
++	attrs=children,entry
++	by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write
++	by * break
++# access to existing entries
++access to dn.regex="^[^,]+,ou=(People|Hosts|Group),dc=mageia,dc=org$"
++	by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write
++	by * break
++
++# sambaDomainName entry
++access to dn.regex="^(sambaDomainName=[^,]+,)?dc=mageia,dc=org$"
++	attrs=children,entry,@sambaDomain,@sambaUnixIdPool
++	by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write
++	by * read
++
++# samba ID mapping
++access to dn.regex="^(sambaSID=[^,]+,)?ou=Idmap,dc=mageia,dc=org$"
++	attrs=children,entry,@sambaIdmapEntry
++	by group.exact="cn=Account Admins,ou=System Groups,dc=mageia,dc=org" write
++	by group.exact="cn=IDMAP Admins,ou=System Groups,dc=mageia,dc=org" write
++	by * read
++
++# global address book
++# XXX - which class(es) to use?
++access to dn.regex="^(.*,)?ou=Address Book,dc=mageia,dc=org"
++	attrs=children,entry,@inetOrgPerson,@evolutionPerson,@evolutionPersonList
++	by group.exact="cn=Address Book Admins,ou=System Groups,dc=mageia,dc=org" write
++	by * read
++
++# dhcp entries
++# XXX - open up read access to anybody?
++access to dn.sub="ou=dhcp,dc=mageia,dc=org"
++	attrs=children,entry,@dhcpService,@dhcpServer,@dhcpSharedNetwork,@dhcpSubnet,@dhcpPool,@dhcpGroup,@dhcpHost,@dhcpClass,@dhcpSubClass,@dhcpOptions,@dhcpLeases,@dhcpLog
++	by group.exact="cn=DHCP Admins,ou=System Groups,dc=mageia,dc=org" write
++	by group.exact="cn=DHCP Readers,ou=System Groups,dc=mageia,dc=org" read
++	by * read
++
++# sudoers
++access to dn.regex="^([^,]+,)?ou=sudoers,dc=mageia,dc=org$"
++	attrs=children,entry,@sudoRole
++	by group.exact="cn=Sudo Admins,ou=System Groups,dc=mageia,dc=org" write
++	by * read
++
++# dns
++access to dn="ou=dns,dc=mageia,dc=org"
++	attrs=entry,@extensibleObject
++	by group.exact="cn=DNS Admins,ou=System Groups,dc=mageia,dc=org" write
++	by * read
++access to dn.sub="ou=dns,dc=mageia,dc=org"
++	attrs=children,entry,@dNSZone
++	by group.exact="cn=DNS Admins,ou=System Groups,dc=mageia,dc=org" write
++	by group.exact="cn=DNS Readers,ou=System Groups,dc=mageia,dc=org" read
++	by * none
++
++# MTA
++# XXX - what else can we add here? Virtual Domains? With which schema?
++access to dn.one="ou=People,dc=mageia,dc=org"
++	attrs=@inetLocalMailRecipient,mail
++	by group.exact="cn=MTA Admins,ou=System Groups,dc=mageia,dc=org" write
++	by * read
++
++# KDE Configuration
++access to dn.sub="ou=KDEConfig,dc=mageia,dc=org"
++	by group.exact="cn=KDEConfig Admins,ou=System Groups,dc=mageia,dc=org" write
++	by * read
++
++# last one
++access to dn.subtree="dc=mageia,dc=org" attrs=entry,uid,cn
++	by * read
++
+
+ +

Added: puppet/modules/openldap/templates/slapd.conf (0 => 53)

+

+--- puppet/modules/openldap/templates/slapd.conf	                        (rev 0)
++++ puppet/modules/openldap/templates/slapd.conf	2010-10-28 22:55:56 UTC (rev 53)
+@@ -0,0 +1,95 @@
++# slapd.conf template
++include	/usr/share/openldap/schema/core.schema
++include	/usr/share/openldap/schema/cosine.schema
++include	/usr/share/openldap/schema/corba.schema 
++include	/usr/share/openldap/schema/inetorgperson.schema
++include	/usr/share/openldap/schema/java.schema 
++include	/usr/share/openldap/schema/krb5-kdc.schema
++#include /usr/share/openldap/schema/kerberosobject.schema
++include	/usr/share/openldap/schema/misc.schema
++include	/usr/share/openldap/schema/nis.schema
++include	/usr/share/openldap/schema/openldap.schema 
++include /usr/share/openldap/schema/autofs.schema
++include /usr/share/openldap/schema/samba.schema
++include /usr/share/openldap/schema/kolab.schema
++include /usr/share/openldap/schema/evolutionperson.schema
++include /usr/share/openldap/schema/calendar.schema
++include /usr/share/openldap/schema/sudo.schema
++include /usr/share/openldap/schema/dnszone.schema
++include /usr/share/openldap/schema/dhcp.schema
++include /usr/share/openldap/schema/dyngroup.schema
++include /usr/share/openldap/schema/ppolicy.schema
++
++#include	/etc/openldap/schema/local.schema
++
++pidfile		/var/run/ldap/slapd.pid
++argsfile	/var/run/ldap/slapd.args
++
++modulepath	/usr/lib/openldap
++moduleload	back_monitor.la
++moduleload	syncprov.la
++moduleload	ppolicy.la
++#moduleload	refint.la
++
++TLSCertificateFile      /etc/ssl/openldap/ldap.pem
++TLSCertificateKeyFile   /etc/ssl/openldap/ldap.pem
++TLSCACertificateFile    /etc/ssl/openldap/ldap.pem
++
++loglevel 256
++
++database	bdb
++suffix		"dc=mageia,dc=org"
++directory	/var/lib/ldap
++rootdn		"cn=manager,dc=mageia,dc=org"
++
++checkpoint 256 5
++# 32Mbytes, can hold about 10k posixAccount entries
++dbconfig set_cachesize 0 33554432 1
++dbconfig set_lg_bsize 2097152
++cachesize 1000
++idlcachesize 3000
++
++index	objectClass					eq
++index	uidNumber,gidNumber,memberuid,member		eq
++index	uid						eq,subinitial
++index	cn,mail,surname,givenname			eq,subinitial
++index	sambaSID					eq,sub
++index	sambaDomainName,displayName,sambaGroupType	eq
++index	sambaSIDList					eq
++index	krb5PrincipalName				eq
++index	uniqueMember					pres,eq
++index	zoneName,relativeDomainName			eq
++index	sudouser					eq,sub
++index	entryCSN,entryUUID				eq
++index	dhcpHWAddress,dhcpClassData			eq
++
++overlay syncprov
++syncprov-checkpoint 100 10
++syncprov-sessionlog 100
++
++overlay ppolicy
++ppolicy_default "cn=default,ou=Password Policies,dc=mageia,dc=org"
++ppolicy_hash_cleartext yes
++ppolicy_use_lockout yes
++
++
++# uncomment if you want to automatically update group
++# memberships when an user is removed from the tree
++# Also uncomment the refint.la moduleload above
++#overlay refint
++#refint_attributes member
++#refint_nothing "uid=LDAP Admin,ou=System Accounts,dc=example,dc=com"
++
++authz-regexp "gidNumber=0\\\+uidNumber=0,cn=peercred,cn=external,cn=auth"
++	"uid=Account Admin,ou=System Accounts,dc=mageia,dc=org"
++authz-regexp ^uid=([^,]+),cn=[^,]+,cn=auth$ uid=$1,ou=People,dc=mageia,dc=org
++
++include /etc/openldap/mandriva-dit-access.conf
++
++
++database monitor
++access to dn.subtree="cn=Monitor"
++	by group.exact="cn=LDAP Monitors,ou=System Groups,dc=mageia,dc=org" read
++	by group.exact="cn=LDAP Admins,ou=System Groups,dc=mageia,dc=org" read
++	by * none
++
+
+
+
+ + + + diff --git a/zarb-ml/mageia-sysadm/attachments/20101029/0d388268/attachment-0001.html b/zarb-ml/mageia-sysadm/attachments/20101029/0d388268/attachment-0001.html new file mode 100644 index 000000000..8e34f11d8 --- /dev/null +++ b/zarb-ml/mageia-sysadm/attachments/20101029/0d388268/attachment-0001.html @@ -0,0 +1,114 @@ + + + +[61] - enable ssl + + + + +
+
+
Revision
61
+
Author
nanardon
+
Date
2010-10-29 02:38:08 +0200 (Fri, 29 Oct 2010)
+
+ +

Log Message

+
- enable ssl
+ +

Modified Paths

+ + +
+
+

Diff

+ +

Modified: puppet/modules/postgresql/templates/pg_hba.conf (60 => 61)

+

+--- puppet/modules/postgresql/templates/pg_hba.conf	2010-10-28 23:59:20 UTC (rev 60)
++++ puppet/modules/postgresql/templates/pg_hba.conf	2010-10-29 00:38:08 UTC (rev 61)
+@@ -83,5 +83,5 @@
+ # IPv6 local connections:
+ host    all             all             ::1/128                 pam
+ 
+-host    all             all             0.0.0.0/0               pam
+-host    all             all             ::0/0                   pam
++hostssl all             all             0.0.0.0/0               pam
++hostssl all             all             ::0/0                   pam
+
+ +

Modified: puppet/modules/postgresql/templates/postgresql.conf (60 => 61)

+

+--- puppet/modules/postgresql/templates/postgresql.conf	2010-10-28 23:59:20 UTC (rev 60)
++++ puppet/modules/postgresql/templates/postgresql.conf	2010-10-29 00:38:08 UTC (rev 61)
+@@ -57,7 +57,7 @@
+ # - Connection Settings -
+ 
+ #listen_addresses = 'localhost'		# what IP address(es) to listen on;
+-listen_addresses = *
++listen_addresses = '*'
+ 					# comma-separated list of addresses;
+ 					# defaults to 'localhost', '*' = all
+ 					# (change requires restart)
+@@ -80,6 +80,7 @@
+ 
+ #authentication_timeout = 1min		# 1s-600s
+ #ssl = off				# (change requires restart)
++ssl = on
+ #ssl_ciphers = 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH'	# allowed SSL ciphers
+ 					# (change requires restart)
+ #ssl_renegotiation_limit = 512MB	# amount of data between renegotiations
+
+
+
+ + + + diff --git a/zarb-ml/mageia-sysadm/attachments/20101029/0d388268/attachment.html b/zarb-ml/mageia-sysadm/attachments/20101029/0d388268/attachment.html new file mode 100644 index 000000000..764050135 --- /dev/null +++ b/zarb-ml/mageia-sysadm/attachments/20101029/0d388268/attachment.html @@ -0,0 +1,113 @@ + + + +[61] - enable ssl + + + + +
+
+
Revision
61
+
Author
nanardon
+
Date
2010-10-29 02:38:08 +0200 (Fri, 29 Oct 2010)
+
+ +

Log Message

+
- enable ssl
+ +

Modified Paths

+ + +
+
+

Diff

+ +

Modified: puppet/modules/postgresql/templates/pg_hba.conf (60 => 61)

+

+--- puppet/modules/postgresql/templates/pg_hba.conf	2010-10-28 23:59:20 UTC (rev 60)
++++ puppet/modules/postgresql/templates/pg_hba.conf	2010-10-29 00:38:08 UTC (rev 61)
+@@ -83,5 +83,5 @@
+ # IPv6 local connections:
+ host    all             all             ::1/128                 pam
+ 
+-host    all             all             0.0.0.0/0               pam
+-host    all             all             ::0/0                   pam
++hostssl all             all             0.0.0.0/0               pam
++hostssl all             all             ::0/0                   pam
+
+ +

Modified: puppet/modules/postgresql/templates/postgresql.conf (60 => 61)

+

+--- puppet/modules/postgresql/templates/postgresql.conf	2010-10-28 23:59:20 UTC (rev 60)
++++ puppet/modules/postgresql/templates/postgresql.conf	2010-10-29 00:38:08 UTC (rev 61)
+@@ -57,7 +57,7 @@
+ # - Connection Settings -
+ 
+ #listen_addresses = 'localhost'		# what IP address(es) to listen on;
+-listen_addresses = *
++listen_addresses = '*'
+ 					# comma-separated list of addresses;
+ 					# defaults to 'localhost', '*' = all
+ 					# (change requires restart)
+@@ -80,6 +80,7 @@
+ 
+ #authentication_timeout = 1min		# 1s-600s
+ #ssl = off				# (change requires restart)
++ssl = on
+ #ssl_ciphers = 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH'	# allowed SSL ciphers
+ 					# (change requires restart)
+ #ssl_renegotiation_limit = 512MB	# amount of data between renegotiations
+
+
+
+ + + diff --git a/zarb-ml/mageia-sysadm/attachments/20101029/181142ec/attachment-0001.html b/zarb-ml/mageia-sysadm/attachments/20101029/181142ec/attachment-0001.html new file mode 100644 index 000000000..a31c56e6f --- /dev/null +++ b/zarb-ml/mageia-sysadm/attachments/20101029/181142ec/attachment-0001.html @@ -0,0 +1,109 @@ + + + +[57] - typo + + + + +
+
+
Revision
57
+
Author
nanardon
+
Date
2010-10-29 01:50:01 +0200 (Fri, 29 Oct 2010)
+
+ +

Log Message

+
- typo
+ +

Modified Paths

+ + +
+
+

Diff

+ +

Modified: puppet/modules/postgresql/manifests/init.pp (56 => 57)

+

+--- puppet/modules/postgresql/manifests/init.pp	2010-10-28 23:43:45 UTC (rev 56)
++++ puppet/modules/postgresql/manifests/init.pp	2010-10-28 23:50:01 UTC (rev 57)
+@@ -1,5 +1,5 @@
+ class postgresql {
+-    package { postgresql9.0-server:
++    package { 'postgresql9.0-server':
+         ensure => installed
+     }
+ 
+@@ -12,8 +12,8 @@
+         owner => postgres,
+         group => postgres,
+         mode => 644,
++        content => template("postgresql/postgresql.conf")
+         require => Package["postgresql9.0-server"],
+-        content => "",
+         notify => [Service['postgreql']]
+     }
+     
+@@ -22,8 +22,8 @@
+         owner => postgres,
+         group => postgres,
+         mode => 644,
++        content => template("postgresql/pg_hba.conf")
+         require => Package["postgresql9.0-server"],
+-        content => "",
+         notify => [Service['postgresql']]
+     }
+ }
+
+
+
+ + + + diff --git a/zarb-ml/mageia-sysadm/attachments/20101029/181142ec/attachment.html b/zarb-ml/mageia-sysadm/attachments/20101029/181142ec/attachment.html new file mode 100644 index 000000000..c1f6d49b4 --- /dev/null +++ b/zarb-ml/mageia-sysadm/attachments/20101029/181142ec/attachment.html @@ -0,0 +1,108 @@ + + + +[57] - typo + + + + +
+
+
Revision
57
+
Author
nanardon
+
Date
2010-10-29 01:50:01 +0200 (Fri, 29 Oct 2010)
+
+ +

Log Message

+
- typo
+ +

Modified Paths

+ + +
+
+

Diff

+ +

Modified: puppet/modules/postgresql/manifests/init.pp (56 => 57)

+

+--- puppet/modules/postgresql/manifests/init.pp	2010-10-28 23:43:45 UTC (rev 56)
++++ puppet/modules/postgresql/manifests/init.pp	2010-10-28 23:50:01 UTC (rev 57)
+@@ -1,5 +1,5 @@
+ class postgresql {
+-    package { postgresql9.0-server:
++    package { 'postgresql9.0-server':
+         ensure => installed
+     }
+ 
+@@ -12,8 +12,8 @@
+         owner => postgres,
+         group => postgres,
+         mode => 644,
++        content => template("postgresql/postgresql.conf")
+         require => Package["postgresql9.0-server"],
+-        content => "",
+         notify => [Service['postgreql']]
+     }
+     
+@@ -22,8 +22,8 @@
+         owner => postgres,
+         group => postgres,
+         mode => 644,
++        content => template("postgresql/pg_hba.conf")
+         require => Package["postgresql9.0-server"],
+-        content => "",
+         notify => [Service['postgresql']]
+     }
+ }
+
+
+
+ + + diff --git a/zarb-ml/mageia-sysadm/attachments/20101029/225b43fb/attachment-0001.html b/zarb-ml/mageia-sysadm/attachments/20101029/225b43fb/attachment-0001.html new file mode 100644 index 000000000..54ea755a3 --- /dev/null +++ b/zarb-ml/mageia-sysadm/attachments/20101029/225b43fb/attachment-0001.html @@ -0,0 +1,91 @@ + + + +[66] - check postgres is running + + + + +
+
+
Revision
66
+
Author
nanardon
+
Date
2010-10-29 03:22:42 +0200 (Fri, 29 Oct 2010)
+
+ +

Log Message

+
- check postgres is running
+ +

Modified Paths

+ + +
+
+

Diff

+ +

Modified: puppet/modules/postgresql/manifests/init.pp (65 => 66)

+

+--- puppet/modules/postgresql/manifests/init.pp	2010-10-29 01:18:06 UTC (rev 65)
++++ puppet/modules/postgresql/manifests/init.pp	2010-10-29 01:22:42 UTC (rev 66)
+@@ -4,6 +4,8 @@
+     }
+ 
+     service { postgresql:
++        ensure => running,
++        subscribe => Package[postgresql9.0-server"],
+         restart => "/etc/rc.d/init.d/postgresql reload"
+     }
+ 
+
+
+
+ + + + diff --git a/zarb-ml/mageia-sysadm/attachments/20101029/225b43fb/attachment.html b/zarb-ml/mageia-sysadm/attachments/20101029/225b43fb/attachment.html new file mode 100644 index 000000000..d63c4ab06 --- /dev/null +++ b/zarb-ml/mageia-sysadm/attachments/20101029/225b43fb/attachment.html @@ -0,0 +1,90 @@ + + + +[66] - check postgres is running + + + + +
+
+
Revision
66
+
Author
nanardon
+
Date
2010-10-29 03:22:42 +0200 (Fri, 29 Oct 2010)
+
+ +

Log Message

+
- check postgres is running
+ +

Modified Paths

+ + +
+
+

Diff

+ +

Modified: puppet/modules/postgresql/manifests/init.pp (65 => 66)

+

+--- puppet/modules/postgresql/manifests/init.pp	2010-10-29 01:18:06 UTC (rev 65)
++++ puppet/modules/postgresql/manifests/init.pp	2010-10-29 01:22:42 UTC (rev 66)
+@@ -4,6 +4,8 @@
+     }
+ 
+     service { postgresql:
++        ensure => running,
++        subscribe => Package[postgresql9.0-server"],
+         restart => "/etc/rc.d/init.d/postgresql reload"
+     }
+ 
+
+
+
+ + + diff --git a/zarb-ml/mageia-sysadm/attachments/20101029/2a768e17/attachment-0001.html b/zarb-ml/mageia-sysadm/attachments/20101029/2a768e17/attachment-0001.html new file mode 100644 index 000000000..7ebcee856 --- /dev/null +++ b/zarb-ml/mageia-sysadm/attachments/20101029/2a768e17/attachment-0001.html @@ -0,0 +1,100 @@ + + + +[58] - typo + + + + +
+
+
Revision
58
+
Author
nanardon
+
Date
2010-10-29 01:50:45 +0200 (Fri, 29 Oct 2010)
+
+ +

Log Message

+
- typo
+ +

Modified Paths

+ + +
+
+

Diff

+ +

Modified: puppet/modules/postgresql/manifests/init.pp (57 => 58)

+

+--- puppet/modules/postgresql/manifests/init.pp	2010-10-28 23:50:01 UTC (rev 57)
++++ puppet/modules/postgresql/manifests/init.pp	2010-10-28 23:50:45 UTC (rev 58)
+@@ -12,7 +12,7 @@
+         owner => postgres,
+         group => postgres,
+         mode => 644,
+-        content => template("postgresql/postgresql.conf")
++        content => template("postgresql/postgresql.conf"),
+         require => Package["postgresql9.0-server"],
+         notify => [Service['postgreql']]
+     }
+@@ -22,7 +22,7 @@
+         owner => postgres,
+         group => postgres,
+         mode => 644,
+-        content => template("postgresql/pg_hba.conf")
++        content => template("postgresql/pg_hba.conf"),
+         require => Package["postgresql9.0-server"],
+         notify => [Service['postgresql']]
+     }
+
+
+
+ + + + diff --git a/zarb-ml/mageia-sysadm/attachments/20101029/2a768e17/attachment.html b/zarb-ml/mageia-sysadm/attachments/20101029/2a768e17/attachment.html new file mode 100644 index 000000000..8d7a58b8e --- /dev/null +++ b/zarb-ml/mageia-sysadm/attachments/20101029/2a768e17/attachment.html @@ -0,0 +1,99 @@ + + + +[58] - typo + + + + +
+
+
Revision
58
+
Author
nanardon
+
Date
2010-10-29 01:50:45 +0200 (Fri, 29 Oct 2010)
+
+ +

Log Message

+
- typo
+ +

Modified Paths

+ + +
+
+

Diff

+ +

Modified: puppet/modules/postgresql/manifests/init.pp (57 => 58)

+

+--- puppet/modules/postgresql/manifests/init.pp	2010-10-28 23:50:01 UTC (rev 57)
++++ puppet/modules/postgresql/manifests/init.pp	2010-10-28 23:50:45 UTC (rev 58)
+@@ -12,7 +12,7 @@
+         owner => postgres,
+         group => postgres,
+         mode => 644,
+-        content => template("postgresql/postgresql.conf")
++        content => template("postgresql/postgresql.conf"),
+         require => Package["postgresql9.0-server"],
+         notify => [Service['postgreql']]
+     }
+@@ -22,7 +22,7 @@
+         owner => postgres,
+         group => postgres,
+         mode => 644,
+-        content => template("postgresql/pg_hba.conf")
++        content => template("postgresql/pg_hba.conf"),
+         require => Package["postgresql9.0-server"],
+         notify => [Service['postgresql']]
+     }
+
+
+
+ + + diff --git a/zarb-ml/mageia-sysadm/attachments/20101029/30bdaa9a/attachment-0001.html b/zarb-ml/mageia-sysadm/attachments/20101029/30bdaa9a/attachment-0001.html new file mode 100644 index 000000000..55686e854 --- /dev/null +++ b/zarb-ml/mageia-sysadm/attachments/20101029/30bdaa9a/attachment-0001.html @@ -0,0 +1,95 @@ + + + +[62] - fix the config file so it work on x86_64 and x86 + + + + +
+
+
Revision
62
+
Author
misc
+
Date
2010-10-29 02:40:37 +0200 (Fri, 29 Oct 2010)
+
+ +

Log Message

+
- fix the config file so it work on x86_64 and x86
+ +

Modified Paths

+ + +
+
+

Diff

+ +

Modified: puppet/modules/openldap/templates/slapd.conf (61 => 62)

+

+--- puppet/modules/openldap/templates/slapd.conf	2010-10-29 00:38:08 UTC (rev 61)
++++ puppet/modules/openldap/templates/slapd.conf	2010-10-29 00:40:37 UTC (rev 62)
+@@ -25,7 +25,11 @@
+ pidfile		/var/run/ldap/slapd.pid
+ argsfile	/var/run/ldap/slapd.args
+ 
+-modulepath	/usr/lib/openldap
++<%
++path_module_directory = "/usr/lib" + ( architecture == "x86_64" ? '64' : '') + "/openldap"
++%>
++
++modulepath	<%= path_module_directory %>
+ moduleload	back_monitor.la
+ moduleload	syncprov.la
+ moduleload	ppolicy.la
+
+
+
+ + + + diff --git a/zarb-ml/mageia-sysadm/attachments/20101029/30bdaa9a/attachment.html b/zarb-ml/mageia-sysadm/attachments/20101029/30bdaa9a/attachment.html new file mode 100644 index 000000000..8fc581701 --- /dev/null +++ b/zarb-ml/mageia-sysadm/attachments/20101029/30bdaa9a/attachment.html @@ -0,0 +1,94 @@ + + + +[62] - fix the config file so it work on x86_64 and x86 + + + + +
+
+
Revision
62
+
Author
misc
+
Date
2010-10-29 02:40:37 +0200 (Fri, 29 Oct 2010)
+
+ +

Log Message

+
- fix the config file so it work on x86_64 and x86
+ +

Modified Paths

+ + +
+
+

Diff

+ +

Modified: puppet/modules/openldap/templates/slapd.conf (61 => 62)

+

+--- puppet/modules/openldap/templates/slapd.conf	2010-10-29 00:38:08 UTC (rev 61)
++++ puppet/modules/openldap/templates/slapd.conf	2010-10-29 00:40:37 UTC (rev 62)
+@@ -25,7 +25,11 @@
+ pidfile		/var/run/ldap/slapd.pid
+ argsfile	/var/run/ldap/slapd.args
+ 
+-modulepath	/usr/lib/openldap
++<%
++path_module_directory = "/usr/lib" + ( architecture == "x86_64" ? '64' : '') + "/openldap"
++%>
++
++modulepath	<%= path_module_directory %>
+ moduleload	back_monitor.la
+ moduleload	syncprov.la
+ moduleload	ppolicy.la
+
+
+
+ + + diff --git a/zarb-ml/mageia-sysadm/attachments/20101029/373a5efb/attachment-0001.html b/zarb-ml/mageia-sysadm/attachments/20101029/373a5efb/attachment-0001.html new file mode 100644 index 000000000..124e28ca0 --- /dev/null +++ b/zarb-ml/mageia-sysadm/attachments/20101029/373a5efb/attachment-0001.html @@ -0,0 +1,92 @@ + + + +[64] - allow epoll user to connect locally to epoll db + + + + +
+
+
Revision
64
+
Author
nanardon
+
Date
2010-10-29 03:12:24 +0200 (Fri, 29 Oct 2010)
+
+ +

Log Message

+
- allow epoll user to connect locally to epoll db
+ +

Modified Paths

+ + +
+
+

Diff

+ +

Modified: puppet/modules/postgresql/templates/pg_hba.conf (63 => 64)

+

+--- puppet/modules/postgresql/templates/pg_hba.conf	2010-10-29 01:05:58 UTC (rev 63)
++++ puppet/modules/postgresql/templates/pg_hba.conf	2010-10-29 01:12:24 UTC (rev 64)
+@@ -76,6 +76,10 @@
+ 
+ # TYPE  DATABASE        USER            CIDR-ADDRESS            METHOD
+ 
++# Nanar:
++# This bypass global config for specific user/base
++host   epoll            epoll           127.0.0.1/32            md5
++
+ # "local" is for Unix domain socket connections only
+ local   all             all                                     ident
+ # IPv4 local connections:
+
+
+
+ + + diff --git a/zarb-ml/mageia-sysadm/attachments/20101029/373a5efb/attachment.html b/zarb-ml/mageia-sysadm/attachments/20101029/373a5efb/attachment.html new file mode 100644 index 000000000..650bf514d --- /dev/null +++ b/zarb-ml/mageia-sysadm/attachments/20101029/373a5efb/attachment.html @@ -0,0 +1,93 @@ + + + +[64] - allow epoll user to connect locally to epoll db + + + + +
+
+
Revision
64
+
Author
nanardon
+
Date
2010-10-29 03:12:24 +0200 (Fri, 29 Oct 2010)
+
+ +

Log Message

+
- allow epoll user to connect locally to epoll db
+ +

Modified Paths

+ + +
+
+

Diff

+ +

Modified: puppet/modules/postgresql/templates/pg_hba.conf (63 => 64)

+

+--- puppet/modules/postgresql/templates/pg_hba.conf	2010-10-29 01:05:58 UTC (rev 63)
++++ puppet/modules/postgresql/templates/pg_hba.conf	2010-10-29 01:12:24 UTC (rev 64)
+@@ -76,6 +76,10 @@
+ 
+ # TYPE  DATABASE        USER            CIDR-ADDRESS            METHOD
+ 
++# Nanar:
++# This bypass global config for specific user/base
++host   epoll            epoll           127.0.0.1/32            md5
++
+ # "local" is for Unix domain socket connections only
+ local   all             all                                     ident
+ # IPv4 local connections:
+
+
+
+ + + + diff --git a/zarb-ml/mageia-sysadm/attachments/20101029/3c45a862/attachment-0001.html b/zarb-ml/mageia-sysadm/attachments/20101029/3c45a862/attachment-0001.html new file mode 100644 index 000000000..7b64c134e --- /dev/null +++ b/zarb-ml/mageia-sysadm/attachments/20101029/3c45a862/attachment-0001.html @@ -0,0 +1,91 @@ + + + +[54] -fix templates naming + + + + +
+
+
Revision
54
+
Author
misc
+
Date
2010-10-29 01:27:31 +0200 (Fri, 29 Oct 2010)
+
+ +

Log Message

+
-fix templates naming
+ +

Modified Paths

+ + +
+
+

Diff

+ +

Modified: puppet/modules/openldap/manifests/init.pp (53 => 54)

+

+--- puppet/modules/openldap/manifests/init.pp	2010-10-28 22:55:56 UTC (rev 53)
++++ puppet/modules/openldap/manifests/init.pp	2010-10-28 23:27:31 UTC (rev 54)
+@@ -40,7 +40,7 @@
+         }
+ 
+         file { '/etc/openldap/slapd.conf':
+-            content => template("bind/slapd.conf"),
++            content => template("openldap/slapd.conf"),
+         }
+     }
+ }
+
+
+
+ + + + diff --git a/zarb-ml/mageia-sysadm/attachments/20101029/3c45a862/attachment.html b/zarb-ml/mageia-sysadm/attachments/20101029/3c45a862/attachment.html new file mode 100644 index 000000000..ac3bccbf8 --- /dev/null +++ b/zarb-ml/mageia-sysadm/attachments/20101029/3c45a862/attachment.html @@ -0,0 +1,90 @@ + + + +[54] -fix templates naming + + + + +
+
+
Revision
54
+
Author
misc
+
Date
2010-10-29 01:27:31 +0200 (Fri, 29 Oct 2010)
+
+ +

Log Message

+
-fix templates naming
+ +

Modified Paths

+ + +
+
+

Diff

+ +

Modified: puppet/modules/openldap/manifests/init.pp (53 => 54)

+

+--- puppet/modules/openldap/manifests/init.pp	2010-10-28 22:55:56 UTC (rev 53)
++++ puppet/modules/openldap/manifests/init.pp	2010-10-28 23:27:31 UTC (rev 54)
+@@ -40,7 +40,7 @@
+         }
+ 
+         file { '/etc/openldap/slapd.conf':
+-            content => template("bind/slapd.conf"),
++            content => template("openldap/slapd.conf"),
+         }
+     }
+ }
+
+
+
+ + + diff --git a/zarb-ml/mageia-sysadm/attachments/20101029/3d892885/attachment-0001.html b/zarb-ml/mageia-sysadm/attachments/20101029/3d892885/attachment-0001.html new file mode 100644 index 000000000..005bc75fd --- /dev/null +++ b/zarb-ml/mageia-sysadm/attachments/20101029/3d892885/attachment-0001.html @@ -0,0 +1,158 @@ + + + +[63] - add ldap config file, with ldap restricted to localhost (until we set a firewall or stricter acl) + + + + +
+
+
Revision
63
+
Author
misc
+
Date
2010-10-29 03:05:58 +0200 (Fri, 29 Oct 2010)
+
+ +

Log Message

+
- add ldap config file, with ldap restricted to localhost (until we set a firewall or stricter acl)
+ +

Modified Paths

+ + +

Added Paths

+ + +
+
+

Diff

+ +

Modified: puppet/modules/openldap/manifests/init.pp (62 => 63)

+

+--- puppet/modules/openldap/manifests/init.pp	2010-10-29 00:40:37 UTC (rev 62)
++++ puppet/modules/openldap/manifests/init.pp	2010-10-29 01:05:58 UTC (rev 63)
+@@ -34,6 +34,16 @@
+         notify => [Service['ldap']]
+     }
+ 
++    file { '/etc/sysconfig/ldap':
++        ensure => present,
++        owner => root,
++        group => root,
++        mode => 644,
++        require => Package["openldap-servers"],
++        content => "",
++        notify => [Service['ldap']]
++    } 
++
+     class master inherits base {
+         file { '/etc/openldap/mandriva-dit-access.conf':
+             content => template("openldap/mandriva-dit-access.conf"),
+@@ -42,5 +52,9 @@
+         file { '/etc/openldap/slapd.conf':
+             content => template("openldap/slapd.conf"),
+         }
++
++        file { '/etc/sysconfig/ldap':
++            content => template("openldap/ldap.sysconfig"),
++        }
+     }
+ }
+
+ +

Added: puppet/modules/openldap/templates/ldap.sysconfig (0 => 63)

+

+--- puppet/modules/openldap/templates/ldap.sysconfig	                        (rev 0)
++++ puppet/modules/openldap/templates/ldap.sysconfig	2010-10-29 01:05:58 UTC (rev 63)
+@@ -0,0 +1,37 @@
++# debug level for slapd
++SLAPDSYSLOGLEVEL="0"
++SLAPDSYSLOGLOCALUSER="local4"
++
++# SLAPD URL list 
++SLAPDURLLIST="ldap://127.0.0.1/ ldaps://127.0.0.1/"
++
++# Config file to use for slapd
++#SLAPDCONF=/etc/openldap/slapd.conf
++
++# Which user to run as
++#LDAPUSER=ldap
++#LDAPGROUP=ldap
++
++# Should file permissions on database files be fixed at startup. Default is yes
++# FIXPERMS=no
++
++# Whether database recovery should be run before starting slapd in start 
++# (not strictly be necessary in 2.3). Default is no
++# AUTORECOVER=yes
++
++# At what intervals to run ldap-hot-db-backup from cron, which will
++# do hot database backups for all bdb/hdb databases, and archive
++# unnecessary transaction logs, one of hourly,daily,weekly,monthly,yearly
++# Default is daily
++# RUN_DB_BACKUP=daily
++
++# How many days to keep archived transaction logs for. This should be just
++# greater than the backup interval on these files. Default is 7
++# KEEP_ARCHIVES_DAYS=7
++
++# How many files slapd should be able to have open. By default, the process
++# will inherit the default per-process limit (usually 1024), which may
++# not be enough, so ulimit -n is run with the value in MAXFILES (which
++# defaults to 1024 as well). 4096 is the maximum OpenLDAP will use without 
++# recompiling.
++# MAXFILES=4096
+
+
+
+ + + + diff --git a/zarb-ml/mageia-sysadm/attachments/20101029/3d892885/attachment.html b/zarb-ml/mageia-sysadm/attachments/20101029/3d892885/attachment.html new file mode 100644 index 000000000..30fa02699 --- /dev/null +++ b/zarb-ml/mageia-sysadm/attachments/20101029/3d892885/attachment.html @@ -0,0 +1,157 @@ + + + +[63] - add ldap config file, with ldap restricted to localhost (until we set a firewall or stricter acl) + + + + +
+
+
Revision
63
+
Author
misc
+
Date
2010-10-29 03:05:58 +0200 (Fri, 29 Oct 2010)
+
+ +

Log Message

+
- add ldap config file, with ldap restricted to localhost (until we set a firewall or stricter acl)
+ +

Modified Paths

+ + +

Added Paths

+ + +
+
+

Diff

+ +

Modified: puppet/modules/openldap/manifests/init.pp (62 => 63)

+

+--- puppet/modules/openldap/manifests/init.pp	2010-10-29 00:40:37 UTC (rev 62)
++++ puppet/modules/openldap/manifests/init.pp	2010-10-29 01:05:58 UTC (rev 63)
+@@ -34,6 +34,16 @@
+         notify => [Service['ldap']]
+     }
+ 
++    file { '/etc/sysconfig/ldap':
++        ensure => present,
++        owner => root,
++        group => root,
++        mode => 644,
++        require => Package["openldap-servers"],
++        content => "",
++        notify => [Service['ldap']]
++    } 
++
+     class master inherits base {
+         file { '/etc/openldap/mandriva-dit-access.conf':
+             content => template("openldap/mandriva-dit-access.conf"),
+@@ -42,5 +52,9 @@
+         file { '/etc/openldap/slapd.conf':
+             content => template("openldap/slapd.conf"),
+         }
++
++        file { '/etc/sysconfig/ldap':
++            content => template("openldap/ldap.sysconfig"),
++        }
+     }
+ }
+
+ +

Added: puppet/modules/openldap/templates/ldap.sysconfig (0 => 63)

+

+--- puppet/modules/openldap/templates/ldap.sysconfig	                        (rev 0)
++++ puppet/modules/openldap/templates/ldap.sysconfig	2010-10-29 01:05:58 UTC (rev 63)
+@@ -0,0 +1,37 @@
++# debug level for slapd
++SLAPDSYSLOGLEVEL="0"
++SLAPDSYSLOGLOCALUSER="local4"
++
++# SLAPD URL list 
++SLAPDURLLIST="ldap://127.0.0.1/ ldaps://127.0.0.1/"
++
++# Config file to use for slapd
++#SLAPDCONF=/etc/openldap/slapd.conf
++
++# Which user to run as
++#LDAPUSER=ldap
++#LDAPGROUP=ldap
++
++# Should file permissions on database files be fixed at startup. Default is yes
++# FIXPERMS=no
++
++# Whether database recovery should be run before starting slapd in start 
++# (not strictly be necessary in 2.3). Default is no
++# AUTORECOVER=yes
++
++# At what intervals to run ldap-hot-db-backup from cron, which will
++# do hot database backups for all bdb/hdb databases, and archive
++# unnecessary transaction logs, one of hourly,daily,weekly,monthly,yearly
++# Default is daily
++# RUN_DB_BACKUP=daily
++
++# How many days to keep archived transaction logs for. This should be just
++# greater than the backup interval on these files. Default is 7
++# KEEP_ARCHIVES_DAYS=7
++
++# How many files slapd should be able to have open. By default, the process
++# will inherit the default per-process limit (usually 1024), which may
++# not be enough, so ulimit -n is run with the value in MAXFILES (which
++# defaults to 1024 as well). 4096 is the maximum OpenLDAP will use without 
++# recompiling.
++# MAXFILES=4096
+
+
+
+ + + diff --git a/zarb-ml/mageia-sysadm/attachments/20101029/4969ecb2/attachment-0001.html b/zarb-ml/mageia-sysadm/attachments/20101029/4969ecb2/attachment-0001.html new file mode 100644 index 000000000..b3b94d742 --- /dev/null +++ b/zarb-ml/mageia-sysadm/attachments/20101029/4969ecb2/attachment-0001.html @@ -0,0 +1,91 @@ + + + +[59] - typo + + + + +
+
+
Revision
59
+
Author
nanardon
+
Date
2010-10-29 01:51:17 +0200 (Fri, 29 Oct 2010)
+
+ +

Log Message

+
- typo
+ +

Modified Paths

+ + +
+
+

Diff

+ +

Modified: puppet/modules/postgresql/manifests/init.pp (58 => 59)

+

+--- puppet/modules/postgresql/manifests/init.pp	2010-10-28 23:50:45 UTC (rev 58)
++++ puppet/modules/postgresql/manifests/init.pp	2010-10-28 23:51:17 UTC (rev 59)
+@@ -14,7 +14,7 @@
+         mode => 644,
+         content => template("postgresql/postgresql.conf"),
+         require => Package["postgresql9.0-server"],
+-        notify => [Service['postgreql']]
++        notify => [Service['postgresql']]
+     }
+     
+     file { '/var/lib/pgsql/data/pg_hba.conf':
+
+
+
+ + + + diff --git a/zarb-ml/mageia-sysadm/attachments/20101029/4969ecb2/attachment.html b/zarb-ml/mageia-sysadm/attachments/20101029/4969ecb2/attachment.html new file mode 100644 index 000000000..be34ca511 --- /dev/null +++ b/zarb-ml/mageia-sysadm/attachments/20101029/4969ecb2/attachment.html @@ -0,0 +1,90 @@ + + + +[59] - typo + + + + +
+
+
Revision
59
+
Author
nanardon
+
Date
2010-10-29 01:51:17 +0200 (Fri, 29 Oct 2010)
+
+ +

Log Message

+
- typo
+ +

Modified Paths

+ + +
+
+

Diff

+ +

Modified: puppet/modules/postgresql/manifests/init.pp (58 => 59)

+

+--- puppet/modules/postgresql/manifests/init.pp	2010-10-28 23:50:45 UTC (rev 58)
++++ puppet/modules/postgresql/manifests/init.pp	2010-10-28 23:51:17 UTC (rev 59)
+@@ -14,7 +14,7 @@
+         mode => 644,
+         content => template("postgresql/postgresql.conf"),
+         require => Package["postgresql9.0-server"],
+-        notify => [Service['postgreql']]
++        notify => [Service['postgresql']]
+     }
+     
+     file { '/var/lib/pgsql/data/pg_hba.conf':
+
+
+
+ + + diff --git a/zarb-ml/mageia-sysadm/attachments/20101029/534f63e7/attachment-0001.html b/zarb-ml/mageia-sysadm/attachments/20101029/534f63e7/attachment-0001.html new file mode 100644 index 000000000..a1d38ab04 --- /dev/null +++ b/zarb-ml/mageia-sysadm/attachments/20101029/534f63e7/attachment-0001.html @@ -0,0 +1,761 @@ + + + +[55] - add postgresql config + + + + +
+
+
Revision
55
+
Author
nanardon
+
Date
2010-10-29 01:41:31 +0200 (Fri, 29 Oct 2010)
+
+ +

Log Message

+
- add postgresql config
+ +

Modified Paths

+ + +

Added Paths

+ + +
+
+

Diff

+ +

Modified: puppet/manifests/nodes.pp (54 => 55)

+

+--- puppet/manifests/nodes.pp	2010-10-28 23:27:31 UTC (rev 54)
++++ puppet/manifests/nodes.pp	2010-10-28 23:41:31 UTC (rev 55)
+@@ -68,6 +68,7 @@
+ # 
+ 	include default_mageia_server
+     include bind::bind_master
++    include postgresl
+     bind::zone_master { "mageia.org": }
+     bind::zone_master { "mageia.fr": } 
+     timezone::timezone { "Europe/Paris": }
+
+ +

Added: puppet/modules/postgresql/manifests/init.pp (0 => 55)

+

+--- puppet/modules/postgresql/manifests/init.pp	                        (rev 0)
++++ puppet/modules/postgresql/manifests/init.pp	2010-10-28 23:41:31 UTC (rev 55)
+@@ -0,0 +1,29 @@
++class postgresql {
++    package { postgresql9.0-server:
++        ensure => installed
++    }
++
++    service { postgresql:
++        restart => "/etc/rc.d/init.d/postgresql reload"
++    }
++
++    file { '/var/lib/pgsql/data/postgresql.conf':
++        ensure => present,
++        owner => postgres,
++        group => postgres,
++        mode => 644,
++        require => Package["postgresql9.0-server"],
++        content => "",
++        notify => [Service['postgreql']]
++    }
++    
++    file { '/var/lib/pgsql/data/pg_hba.conf':
++        ensure => present,
++        owner => postgres,
++        group => postgres,
++        mode => 644,
++        require => Package["postgresql9.0-server"],
++        content => "",
++        notify => [Service['postgresql']]
++    }
++}
+
+ +

Added: puppet/modules/postgresql/templates/pg_hba.conf (0 => 55)

+

+--- puppet/modules/postgresql/templates/pg_hba.conf	                        (rev 0)
++++ puppet/modules/postgresql/templates/pg_hba.conf	2010-10-28 23:41:31 UTC (rev 55)
+@@ -0,0 +1,84 @@
++# PostgreSQL Client Authentication Configuration File
++# ===================================================
++#
++# Refer to the "Client Authentication" section in the PostgreSQL
++# documentation for a complete description of this file.  A short
++# synopsis follows.
++#
++# This file controls: which hosts are allowed to connect, how clients
++# are authenticated, which PostgreSQL user names they can use, which
++# databases they can access.  Records take one of these forms:
++#
++# local      DATABASE  USER  METHOD  [OPTIONS]
++# host       DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTIONS]
++# hostssl    DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTIONS]
++# hostnossl  DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTIONS]
++#
++# (The uppercase items must be replaced by actual values.)
++#
++# The first field is the connection type: "local" is a Unix-domain
++# socket, "host" is either a plain or SSL-encrypted TCP/IP socket,
++# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a
++# plain TCP/IP socket.
++#
++# DATABASE can be "all", "sameuser", "samerole", "replication", a
++# database name, or a comma-separated list thereof.
++#
++# USER can be "all", a user name, a group name prefixed with "+", or a
++# comma-separated list thereof.  In both the DATABASE and USER fields
++# you can also write a file name prefixed with "@" to include names
++# from a separate file.
++#
++# CIDR-ADDRESS specifies the set of hosts the record matches.  It is
++# made up of an IP address and a CIDR mask that is an integer (between
++# 0 and 32 (IPv4) or 128 (IPv6) inclusive) that specifies the number
++# of significant bits in the mask.  Alternatively, you can write an IP
++# address and netmask in separate columns to specify the set of hosts.
++# Instead of a CIDR-address, you can write "samehost" to match any of
++# the server's own IP addresses, or "samenet" to match any address in
++# any subnet that the server is directly connected to.
++#
++# METHOD can be "trust", "reject", "md5", "password", "gss", "sspi",
++# "krb5", "ident", "pam", "ldap", "radius" or "cert".  Note that
++# "password" sends passwords in clear text; "md5" is preferred since
++# it sends encrypted passwords.
++#
++# OPTIONS are a set of options for the authentication in the format
++# NAME=VALUE.  The available options depend on the different
++# authentication methods -- refer to the "Client Authentication"
++# section in the documentation for a list of which options are
++# available for which authentication methods.
++#
++# Database and user names containing spaces, commas, quotes and other
++# special characters must be quoted.  Quoting one of the keywords
++# "all", "sameuser", "samerole" or "replication" makes the name lose
++# its special character, and just match a database or username with
++# that name.
++#
++# This file is read on server startup and when the postmaster receives
++# a SIGHUP signal.  If you edit the file on a running system, you have
++# to SIGHUP the postmaster for the changes to take effect.  You can
++# use "pg_ctl reload" to do that.
++
++# Put your actual configuration here
++# ----------------------------------
++#
++# If you want to allow non-local connections, you need to add more
++# "host" records.  In that case you will also need to make PostgreSQL
++# listen on a non-local interface via the listen_addresses
++# configuration parameter, or via the -i or -h command line switches.
++
++# CAUTION: Configuring the system for local "trust" authentication
++# allows any local user to connect as any PostgreSQL user, including
++# the database superuser.  If you do not trust all your local users,
++# use another authentication method.
++
++
++# TYPE  DATABASE        USER            CIDR-ADDRESS            METHOD
++
++# "local" is for Unix domain socket connections only
++local   all             all                                     trust
++# IPv4 local connections:
++host    all             all             127.0.0.1/32            trust
++# IPv6 local connections:
++host    all             all             ::1/128                 trust
+
+ +

Added: puppet/modules/postgresql/templates/postgresql.conf (0 => 55)

+

+--- puppet/modules/postgresql/templates/postgresql.conf	                        (rev 0)
++++ puppet/modules/postgresql/templates/postgresql.conf	2010-10-28 23:41:31 UTC (rev 55)
+@@ -0,0 +1,528 @@
++# -----------------------------
++# PostgreSQL configuration file
++# -----------------------------
++#
++# This file consists of lines of the form:
++#
++#   name = value
++#
++# (The "=" is optional.)  Whitespace may be used.  Comments are introduced with
++# "#" anywhere on a line.  The complete list of parameter names and allowed
++# values can be found in the PostgreSQL documentation.
++#
++# The commented-out settings shown in this file represent the default values.
++# Re-commenting a setting is NOT sufficient to revert it to the default value;
++# you need to reload the server.
++#
++# This file is read on server startup and when the server receives a SIGHUP
++# signal.  If you edit the file on a running system, you have to SIGHUP the
++# server for the changes to take effect, or use "pg_ctl reload".  Some
++# parameters, which are marked below, require a server shutdown and restart to
++# take effect.
++#
++# Any parameter can also be given as a command-line option to the server, e.g.,
++# "postgres -c log_connections=on".  Some parameters can be changed at run time
++# with the "SET" SQL command.
++#
++# Memory units:  kB = kilobytes        Time units:  ms  = milliseconds
++#                MB = megabytes                     s   = seconds
++#                GB = gigabytes                     min = minutes
++#                                                   h   = hours
++#                                                   d   = days
++
++
++#------------------------------------------------------------------------------
++# FILE LOCATIONS
++#------------------------------------------------------------------------------
++
++# The default values of these variables are driven from the -D command-line
++# option or PGDATA environment variable, represented here as ConfigDir.
++
++#data_directory = 'ConfigDir'		# use data in another directory
++					# (change requires restart)
++#hba_file = 'ConfigDir/pg_hba.conf'	# host-based authentication file
++					# (change requires restart)
++#ident_file = 'ConfigDir/pg_ident.conf'	# ident configuration file
++					# (change requires restart)
++
++# If external_pid_file is not explicitly set, no extra PID file is written.
++#external_pid_file = '(none)'		# write an extra PID file
++					# (change requires restart)
++
++
++#------------------------------------------------------------------------------
++# CONNECTIONS AND AUTHENTICATION
++#------------------------------------------------------------------------------
++
++# - Connection Settings -
++
++#listen_addresses = 'localhost'		# what IP address(es) to listen on;
++					# comma-separated list of addresses;
++					# defaults to 'localhost', '*' = all
++					# (change requires restart)
++#port = 5432				# (change requires restart)
++max_connections = 100			# (change requires restart)
++# Note:  Increasing max_connections costs ~400 bytes of shared memory per 
++# connection slot, plus lock space (see max_locks_per_transaction).
++#superuser_reserved_connections = 3	# (change requires restart)
++#unix_socket_directory = ''		# (change requires restart)
++#unix_socket_group = ''			# (change requires restart)
++#unix_socket_permissions = 0777		# begin with 0 to use octal notation
++					# (change requires restart)
++#bonjour = off				# advertise server via Bonjour
++					# (change requires restart)
++#bonjour_name = ''			# defaults to the computer name
++					# (change requires restart)
++
++# - Security and Authentication -
++
++#authentication_timeout = 1min		# 1s-600s
++#ssl = off				# (change requires restart)
++#ssl_ciphers = 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH'	# allowed SSL ciphers
++					# (change requires restart)
++#ssl_renegotiation_limit = 512MB	# amount of data between renegotiations
++#password_encryption = on
++#db_user_namespace = off
++
++# Kerberos and GSSAPI
++#krb_server_keyfile = ''
++#krb_srvname = 'postgres'		# (Kerberos only)
++#krb_caseins_users = off
++
++# - TCP Keepalives -
++# see "man 7 tcp" for details
++
++#tcp_keepalives_idle = 0		# TCP_KEEPIDLE, in seconds;
++					# 0 selects the system default
++#tcp_keepalives_interval = 0		# TCP_KEEPINTVL, in seconds;
++					# 0 selects the system default
++#tcp_keepalives_count = 0		# TCP_KEEPCNT;
++					# 0 selects the system default
++
++
++#------------------------------------------------------------------------------
++# RESOURCE USAGE (except WAL)
++#------------------------------------------------------------------------------
++
++# - Memory -
++
++shared_buffers = 24MB			# min 128kB
++					# (change requires restart)
++#temp_buffers = 8MB			# min 800kB
++#max_prepared_transactions = 0		# zero disables the feature
++					# (change requires restart)
++# Note:  Increasing max_prepared_transactions costs ~600 bytes of shared memory
++# per transaction slot, plus lock space (see max_locks_per_transaction).
++# It is not advisable to set max_prepared_transactions nonzero unless you
++# actively intend to use prepared transactions.
++#work_mem = 1MB				# min 64kB
++#maintenance_work_mem = 16MB		# min 1MB
++#max_stack_depth = 2MB			# min 100kB
++
++# - Kernel Resource Usage -
++
++#max_files_per_process = 1000		# min 25
++					# (change requires restart)
++#shared_preload_libraries = ''		# (change requires restart)
++
++# - Cost-Based Vacuum Delay -
++
++#vacuum_cost_delay = 0ms		# 0-100 milliseconds
++#vacuum_cost_page_hit = 1		# 0-10000 credits
++#vacuum_cost_page_miss = 10		# 0-10000 credits
++#vacuum_cost_page_dirty = 20		# 0-10000 credits
++#vacuum_cost_limit = 200		# 1-10000 credits
++
++# - Background Writer -
++
++#bgwriter_delay = 200ms			# 10-10000ms between rounds
++#bgwriter_lru_maxpages = 100		# 0-1000 max buffers written/round
++#bgwriter_lru_multiplier = 2.0		# 0-10.0 multipler on buffers scanned/round
++
++# - Asynchronous Behavior -
++
++#effective_io_concurrency = 1		# 1-1000. 0 disables prefetching
++
++
++#------------------------------------------------------------------------------
++# WRITE AHEAD LOG
++#------------------------------------------------------------------------------
++
++# - Settings -
++
++#wal_level = minimal			# minimal, archive, or hot_standby
++					# (change requires restart)
++#fsync = on				# turns forced synchronization on or off
++#synchronous_commit = on		# immediate fsync at commit
++#wal_sync_method = fsync		# the default is the first option 
++					# supported by the operating system:
++					#   open_datasync
++					#   fdatasync
++					#   fsync
++					#   fsync_writethrough
++					#   open_sync
++#full_page_writes = on			# recover from partial page writes
++#wal_buffers = 64kB			# min 32kB
++					# (change requires restart)
++#wal_writer_delay = 200ms		# 1-10000 milliseconds
++
++#commit_delay = 0			# range 0-100000, in microseconds
++#commit_siblings = 5			# range 1-1000
++
++# - Checkpoints -
++
++#checkpoint_segments = 3		# in logfile segments, min 1, 16MB each
++#checkpoint_timeout = 5min		# range 30s-1h
++#checkpoint_completion_target = 0.5	# checkpoint target duration, 0.0 - 1.0
++#checkpoint_warning = 30s		# 0 disables
++
++# - Archiving -
++
++#archive_mode = off		# allows archiving to be done
++				# (change requires restart)
++#archive_command = ''		# command to use to archive a logfile segment
++#archive_timeout = 0		# force a logfile segment switch after this
++				# number of seconds; 0 disables
++
++# - Streaming Replication -
++
++#max_wal_senders = 0		# max number of walsender processes
++				# (change requires restart)
++#wal_sender_delay = 200ms	# walsender cycle time, 1-10000 milliseconds
++#wal_keep_segments = 0		# in logfile segments, 16MB each; 0 disables
++#vacuum_defer_cleanup_age = 0	# number of xacts by which cleanup is delayed
++
++# - Standby Servers -
++
++#hot_standby = off			# "on" allows queries during recovery
++					# (change requires restart)
++#max_standby_archive_delay = 30s	# max delay before canceling queries
++					# when reading WAL from archive;
++					# -1 allows indefinite delay
++#max_standby_streaming_delay = 30s	# max delay before canceling queries
++					# when reading streaming WAL;
++					# -1 allows indefinite delay
++
++
++#------------------------------------------------------------------------------
++# QUERY TUNING
++#------------------------------------------------------------------------------
++
++# - Planner Method Configuration -
++
++#enable_bitmapscan = on
++#enable_hashagg = on
++#enable_hashjoin = on
++#enable_indexscan = on
++#enable_material = on
++#enable_mergejoin = on
++#enable_nestloop = on
++#enable_seqscan = on
++#enable_sort = on
++#enable_tidscan = on
++
++# - Planner Cost Constants -
++
++#seq_page_cost = 1.0			# measured on an arbitrary scale
++#random_page_cost = 4.0			# same scale as above
++#cpu_tuple_cost = 0.01			# same scale as above
++#cpu_index_tuple_cost = 0.005		# same scale as above
++#cpu_operator_cost = 0.0025		# same scale as above
++#effective_cache_size = 128MB
++
++# - Genetic Query Optimizer -
++
++#geqo = on
++#geqo_threshold = 12
++#geqo_effort = 5			# range 1-10
++#geqo_pool_size = 0			# selects default based on effort
++#geqo_generations = 0			# selects default based on effort
++#geqo_selection_bias = 2.0		# range 1.5-2.0
++#geqo_seed = 0.0			# range 0.0-1.0
++
++# - Other Planner Options -
++
++#default_statistics_target = 100	# range 1-10000
++#constraint_exclusion = partition	# on, off, or partition
++#cursor_tuple_fraction = 0.1		# range 0.0-1.0
++#from_collapse_limit = 8
++#join_collapse_limit = 8		# 1 disables collapsing of explicit 
++					# JOIN clauses
++
++
++#------------------------------------------------------------------------------
++# ERROR REPORTING AND LOGGING
++#------------------------------------------------------------------------------
++
++# - Where to Log -
++
++#log_destination = 'stderr'		# Valid values are combinations of
++					# stderr, csvlog, syslog, and eventlog,
++					# depending on platform.  csvlog
++					# requires logging_collector to be on.
++
++# This is used when logging to stderr:
++#logging_collector = off		# Enable capturing of stderr and csvlog
++					# into log files. Required to be on for
++					# csvlogs.
++					# (change requires restart)
++
++# These are only used if logging_collector is on:
++#log_directory = 'pg_log'		# directory where log files are written,
++					# can be absolute or relative to PGDATA
++#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log'	# log file name pattern,
++					# can include strftime() escapes
++#log_truncate_on_rotation = off		# If on, an existing log file of the
++					# same name as the new log file will be
++					# truncated rather than appended to.
++					# But such truncation only occurs on
++					# time-driven rotation, not on restarts
++					# or size-driven rotation.  Default is
++					# off, meaning append to existing files
++					# in all cases.
++#log_rotation_age = 1d			# Automatic rotation of logfiles will
++					# happen after that time.  0 disables.
++#log_rotation_size = 10MB		# Automatic rotation of logfiles will 
++					# happen after that much log output.
++					# 0 disables.
++
++# These are relevant when logging to syslog:
++#syslog_facility = 'LOCAL0'
++#syslog_ident = 'postgres'
++
++#silent_mode = off			# Run server silently.
++					# DO NOT USE without syslog or
++					# logging_collector
++					# (change requires restart)
++
++
++# - When to Log -
++
++#client_min_messages = notice		# values in order of decreasing detail:
++					#   debug5
++					#   debug4
++					#   debug3
++					#   debug2
++					#   debug1
++					#   log
++					#   notice
++					#   warning
++					#   error
++
++#log_min_messages = warning		# values in order of decreasing detail:
++					#   debug5
++					#   debug4
++					#   debug3
++					#   debug2
++					#   debug1
++					#   info
++					#   notice
++					#   warning
++					#   error
++					#   log
++					#   fatal
++					#   panic
++
++#log_min_error_statement = error	# values in order of decreasing detail:
++				 	#   debug5
++					#   debug4
++					#   debug3
++					#   debug2
++					#   debug1
++				 	#   info
++					#   notice
++					#   warning
++					#   error
++					#   log
++					#   fatal
++					#   panic (effectively off)
++
++#log_min_duration_statement = -1	# -1 is disabled, 0 logs all statements
++					# and their durations, > 0 logs only
++					# statements running at least this number
++					# of milliseconds
++
++
++# - What to Log -
++
++#debug_print_parse = off
++#debug_print_rewritten = off
++#debug_print_plan = off
++#debug_pretty_print = on
++#log_checkpoints = off
++#log_connections = off
++#log_disconnections = off
++#log_duration = off
++#log_error_verbosity = default		# terse, default, or verbose messages
++#log_hostname = off
++#log_line_prefix = ''			# special values:
++					#   %a = application name
++					#   %u = user name
++					#   %d = database name
++					#   %r = remote host and port
++					#   %h = remote host
++					#   %p = process ID
++					#   %t = timestamp without milliseconds
++					#   %m = timestamp with milliseconds
++					#   %i = command tag
++					#   %e = SQL state
++					#   %c = session ID
++					#   %l = session line number
++					#   %s = session start timestamp
++					#   %v = virtual transaction ID
++					#   %x = transaction ID (0 if none)
++					#   %q = stop here in non-session
++					#        processes
++					#   %% = '%'
++					# e.g. '<%u%%%d> '
++#log_lock_waits = off			# log lock waits >= deadlock_timeout
++#log_statement = 'none'			# none, ddl, mod, all
++#log_temp_files = -1			# log temporary files equal or larger
++					# than the specified size in kilobytes;
++					# -1 disables, 0 logs all temp files
++#log_timezone = unknown			# actually, defaults to TZ environment
++					# setting
++
++
++#------------------------------------------------------------------------------
++# RUNTIME STATISTICS
++#------------------------------------------------------------------------------
++
++# - Query/Index Statistics Collector -
++
++#track_activities = on
++#track_counts = on
++#track_functions = none			# none, pl, all
++#track_activity_query_size = 1024 	# (change requires restart)
++#update_process_title = on
++#stats_temp_directory = 'pg_stat_tmp'
++
++
++# - Statistics Monitoring -
++
++#log_parser_stats = off
++#log_planner_stats = off
++#log_executor_stats = off
++#log_statement_stats = off
++
++
++#------------------------------------------------------------------------------
++# AUTOVACUUM PARAMETERS
++#------------------------------------------------------------------------------
++
++#autovacuum = on			# Enable autovacuum subprocess?  'on' 
++					# requires track_counts to also be on.
++#log_autovacuum_min_duration = -1	# -1 disables, 0 logs all actions and
++					# their durations, > 0 logs only
++					# actions running at least this number
++					# of milliseconds.
++#autovacuum_max_workers = 3		# max number of autovacuum subprocesses
++					# (change requires restart)
++#autovacuum_naptime = 1min		# time between autovacuum runs
++#autovacuum_vacuum_threshold = 50	# min number of row updates before
++					# vacuum
++#autovacuum_analyze_threshold = 50	# min number of row updates before 
++					# analyze
++#autovacuum_vacuum_scale_factor = 0.2	# fraction of table size before vacuum
++#autovacuum_analyze_scale_factor = 0.1	# fraction of table size before analyze
++#autovacuum_freeze_max_age = 200000000	# maximum XID age before forced vacuum
++					# (change requires restart)
++#autovacuum_vacuum_cost_delay = 20ms	# default vacuum cost delay for
++					# autovacuum, in milliseconds;
++					# -1 means use vacuum_cost_delay
++#autovacuum_vacuum_cost_limit = -1	# default vacuum cost limit for
++					# autovacuum, -1 means use
++					# vacuum_cost_limit
++
++
++#------------------------------------------------------------------------------
++# CLIENT CONNECTION DEFAULTS
++#------------------------------------------------------------------------------
++
++# - Statement Behavior -
++
++#search_path = '"$user",public'		# schema names
++#default_tablespace = ''		# a tablespace name, '' uses the default
++#temp_tablespaces = ''			# a list of tablespace names, '' uses
++					# only default tablespace
++#check_function_bodies = on
++#default_transaction_isolation = 'read committed'
++#default_transaction_read_only = off
++#session_replication_role = 'origin'
++#statement_timeout = 0			# in milliseconds, 0 is disabled
++#vacuum_freeze_min_age = 50000000
++#vacuum_freeze_table_age = 150000000
++#bytea_output = 'hex'			# hex, escape
++#xmlbinary = 'base64'
++#xmloption = 'content'
++
++# - Locale and Formatting -
++
++datestyle = 'iso, mdy'
++#intervalstyle = 'postgres'
++#timezone = unknown			# actually, defaults to TZ environment
++					# setting
++#timezone_abbreviations = 'Default'     # Select the set of available time zone
++					# abbreviations.  Currently, there are
++					#   Default
++					#   Australia
++					#   India
++					# You can create your own file in
++					# share/timezonesets/.
++#extra_float_digits = 0			# min -15, max 3
++#client_encoding = sql_ascii		# actually, defaults to database
++					# encoding
++
++# These settings are initialized by initdb, but they can be changed.
++lc_messages = 'C'			# locale for system error message
++					# strings
++lc_monetary = 'C'			# locale for monetary formatting
++lc_numeric = 'C'			# locale for number formatting
++lc_time = 'C'				# locale for time formatting
++
++# default configuration for text search
++default_text_search_config = 'pg_catalog.english'
++
++# - Other Defaults -
++
++#dynamic_library_path = '$libdir'
++#local_preload_libraries = ''
++
++
++#------------------------------------------------------------------------------
++# LOCK MANAGEMENT
++#------------------------------------------------------------------------------
++
++#deadlock_timeout = 1s
++#max_locks_per_transaction = 64		# min 10
++					# (change requires restart)
++# Note:  Each lock table slot uses ~270 bytes of shared memory, and there are
++# max_locks_per_transaction * (max_connections + max_prepared_transactions)
++# lock table slots.
++
++
++#------------------------------------------------------------------------------
++# VERSION/PLATFORM COMPATIBILITY
++#------------------------------------------------------------------------------
++
++# - Previous PostgreSQL Versions -
++
++#array_nulls = on
++#backslash_quote = safe_encoding	# on, off, or safe_encoding
++#default_with_oids = off
++#escape_string_warning = on
++#lo_compat_privileges = off
++#sql_inheritance = on
++#standard_conforming_strings = off
++#synchronize_seqscans = on
++
++# - Other Platforms and Clients -
++
++#transform_null_equals = off
++
++
++#------------------------------------------------------------------------------
++# CUSTOMIZED OPTIONS
++#------------------------------------------------------------------------------
++
++#custom_variable_classes = ''		# list of custom variable class names
+
+
+
+ + + diff --git a/zarb-ml/mageia-sysadm/attachments/20101029/534f63e7/attachment.html b/zarb-ml/mageia-sysadm/attachments/20101029/534f63e7/attachment.html new file mode 100644 index 000000000..d7d4317b7 --- /dev/null +++ b/zarb-ml/mageia-sysadm/attachments/20101029/534f63e7/attachment.html @@ -0,0 +1,762 @@ + + + +[55] - add postgresql config + + + + +
+
+
Revision
55
+
Author
nanardon
+
Date
2010-10-29 01:41:31 +0200 (Fri, 29 Oct 2010)
+
+ +

Log Message

+
- add postgresql config
+ +

Modified Paths

+ + +

Added Paths

+ + +
+
+

Diff

+ +

Modified: puppet/manifests/nodes.pp (54 => 55)

+

+--- puppet/manifests/nodes.pp	2010-10-28 23:27:31 UTC (rev 54)
++++ puppet/manifests/nodes.pp	2010-10-28 23:41:31 UTC (rev 55)
+@@ -68,6 +68,7 @@
+ # 
+ 	include default_mageia_server
+     include bind::bind_master
++    include postgresl
+     bind::zone_master { "mageia.org": }
+     bind::zone_master { "mageia.fr": } 
+     timezone::timezone { "Europe/Paris": }
+
+ +

Added: puppet/modules/postgresql/manifests/init.pp (0 => 55)

+

+--- puppet/modules/postgresql/manifests/init.pp	                        (rev 0)
++++ puppet/modules/postgresql/manifests/init.pp	2010-10-28 23:41:31 UTC (rev 55)
+@@ -0,0 +1,29 @@
++class postgresql {
++    package { postgresql9.0-server:
++        ensure => installed
++    }
++
++    service { postgresql:
++        restart => "/etc/rc.d/init.d/postgresql reload"
++    }
++
++    file { '/var/lib/pgsql/data/postgresql.conf':
++        ensure => present,
++        owner => postgres,
++        group => postgres,
++        mode => 644,
++        require => Package["postgresql9.0-server"],
++        content => "",
++        notify => [Service['postgreql']]
++    }
++    
++    file { '/var/lib/pgsql/data/pg_hba.conf':
++        ensure => present,
++        owner => postgres,
++        group => postgres,
++        mode => 644,
++        require => Package["postgresql9.0-server"],
++        content => "",
++        notify => [Service['postgresql']]
++    }
++}
+
+ +

Added: puppet/modules/postgresql/templates/pg_hba.conf (0 => 55)

+

+--- puppet/modules/postgresql/templates/pg_hba.conf	                        (rev 0)
++++ puppet/modules/postgresql/templates/pg_hba.conf	2010-10-28 23:41:31 UTC (rev 55)
+@@ -0,0 +1,84 @@
++# PostgreSQL Client Authentication Configuration File
++# ===================================================
++#
++# Refer to the "Client Authentication" section in the PostgreSQL
++# documentation for a complete description of this file.  A short
++# synopsis follows.
++#
++# This file controls: which hosts are allowed to connect, how clients
++# are authenticated, which PostgreSQL user names they can use, which
++# databases they can access.  Records take one of these forms:
++#
++# local      DATABASE  USER  METHOD  [OPTIONS]
++# host       DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTIONS]
++# hostssl    DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTIONS]
++# hostnossl  DATABASE  USER  CIDR-ADDRESS  METHOD  [OPTIONS]
++#
++# (The uppercase items must be replaced by actual values.)
++#
++# The first field is the connection type: "local" is a Unix-domain
++# socket, "host" is either a plain or SSL-encrypted TCP/IP socket,
++# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a
++# plain TCP/IP socket.
++#
++# DATABASE can be "all", "sameuser", "samerole", "replication", a
++# database name, or a comma-separated list thereof.
++#
++# USER can be "all", a user name, a group name prefixed with "+", or a
++# comma-separated list thereof.  In both the DATABASE and USER fields
++# you can also write a file name prefixed with "@" to include names
++# from a separate file.
++#
++# CIDR-ADDRESS specifies the set of hosts the record matches.  It is
++# made up of an IP address and a CIDR mask that is an integer (between
++# 0 and 32 (IPv4) or 128 (IPv6) inclusive) that specifies the number
++# of significant bits in the mask.  Alternatively, you can write an IP
++# address and netmask in separate columns to specify the set of hosts.
++# Instead of a CIDR-address, you can write "samehost" to match any of
++# the server's own IP addresses, or "samenet" to match any address in
++# any subnet that the server is directly connected to.
++#
++# METHOD can be "trust", "reject", "md5", "password", "gss", "sspi",
++# "krb5", "ident", "pam", "ldap", "radius" or "cert".  Note that
++# "password" sends passwords in clear text; "md5" is preferred since
++# it sends encrypted passwords.
++#
++# OPTIONS are a set of options for the authentication in the format
++# NAME=VALUE.  The available options depend on the different
++# authentication methods -- refer to the "Client Authentication"
++# section in the documentation for a list of which options are
++# available for which authentication methods.
++#
++# Database and user names containing spaces, commas, quotes and other
++# special characters must be quoted.  Quoting one of the keywords
++# "all", "sameuser", "samerole" or "replication" makes the name lose
++# its special character, and just match a database or username with
++# that name.
++#
++# This file is read on server startup and when the postmaster receives
++# a SIGHUP signal.  If you edit the file on a running system, you have
++# to SIGHUP the postmaster for the changes to take effect.  You can
++# use "pg_ctl reload" to do that.
++
++# Put your actual configuration here
++# ----------------------------------
++#
++# If you want to allow non-local connections, you need to add more
++# "host" records.  In that case you will also need to make PostgreSQL
++# listen on a non-local interface via the listen_addresses
++# configuration parameter, or via the -i or -h command line switches.
++
++# CAUTION: Configuring the system for local "trust" authentication
++# allows any local user to connect as any PostgreSQL user, including
++# the database superuser.  If you do not trust all your local users,
++# use another authentication method.
++
++
++# TYPE  DATABASE        USER            CIDR-ADDRESS            METHOD
++
++# "local" is for Unix domain socket connections only
++local   all             all                                     trust
++# IPv4 local connections:
++host    all             all             127.0.0.1/32            trust
++# IPv6 local connections:
++host    all             all             ::1/128                 trust
+
+ +

Added: puppet/modules/postgresql/templates/postgresql.conf (0 => 55)

+

+--- puppet/modules/postgresql/templates/postgresql.conf	                        (rev 0)
++++ puppet/modules/postgresql/templates/postgresql.conf	2010-10-28 23:41:31 UTC (rev 55)
+@@ -0,0 +1,528 @@
++# -----------------------------
++# PostgreSQL configuration file
++# -----------------------------
++#
++# This file consists of lines of the form:
++#
++#   name = value
++#
++# (The "=" is optional.)  Whitespace may be used.  Comments are introduced with
++# "#" anywhere on a line.  The complete list of parameter names and allowed
++# values can be found in the PostgreSQL documentation.
++#
++# The commented-out settings shown in this file represent the default values.
++# Re-commenting a setting is NOT sufficient to revert it to the default value;
++# you need to reload the server.
++#
++# This file is read on server startup and when the server receives a SIGHUP
++# signal.  If you edit the file on a running system, you have to SIGHUP the
++# server for the changes to take effect, or use "pg_ctl reload".  Some
++# parameters, which are marked below, require a server shutdown and restart to
++# take effect.
++#
++# Any parameter can also be given as a command-line option to the server, e.g.,
++# "postgres -c log_connections=on".  Some parameters can be changed at run time
++# with the "SET" SQL command.
++#
++# Memory units:  kB = kilobytes        Time units:  ms  = milliseconds
++#                MB = megabytes                     s   = seconds
++#                GB = gigabytes                     min = minutes
++#                                                   h   = hours
++#                                                   d   = days
++
++
++#------------------------------------------------------------------------------
++# FILE LOCATIONS
++#------------------------------------------------------------------------------
++
++# The default values of these variables are driven from the -D command-line
++# option or PGDATA environment variable, represented here as ConfigDir.
++
++#data_directory = 'ConfigDir'		# use data in another directory
++					# (change requires restart)
++#hba_file = 'ConfigDir/pg_hba.conf'	# host-based authentication file
++					# (change requires restart)
++#ident_file = 'ConfigDir/pg_ident.conf'	# ident configuration file
++					# (change requires restart)
++
++# If external_pid_file is not explicitly set, no extra PID file is written.
++#external_pid_file = '(none)'		# write an extra PID file
++					# (change requires restart)
++
++
++#------------------------------------------------------------------------------
++# CONNECTIONS AND AUTHENTICATION
++#------------------------------------------------------------------------------
++
++# - Connection Settings -
++
++#listen_addresses = 'localhost'		# what IP address(es) to listen on;
++					# comma-separated list of addresses;
++					# defaults to 'localhost', '*' = all
++					# (change requires restart)
++#port = 5432				# (change requires restart)
++max_connections = 100			# (change requires restart)
++# Note:  Increasing max_connections costs ~400 bytes of shared memory per 
++# connection slot, plus lock space (see max_locks_per_transaction).
++#superuser_reserved_connections = 3	# (change requires restart)
++#unix_socket_directory = ''		# (change requires restart)
++#unix_socket_group = ''			# (change requires restart)
++#unix_socket_permissions = 0777		# begin with 0 to use octal notation
++					# (change requires restart)
++#bonjour = off				# advertise server via Bonjour
++					# (change requires restart)
++#bonjour_name = ''			# defaults to the computer name
++					# (change requires restart)
++
++# - Security and Authentication -
++
++#authentication_timeout = 1min		# 1s-600s
++#ssl = off				# (change requires restart)
++#ssl_ciphers = 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH'	# allowed SSL ciphers
++					# (change requires restart)
++#ssl_renegotiation_limit = 512MB	# amount of data between renegotiations
++#password_encryption = on
++#db_user_namespace = off
++
++# Kerberos and GSSAPI
++#krb_server_keyfile = ''
++#krb_srvname = 'postgres'		# (Kerberos only)
++#krb_caseins_users = off
++
++# - TCP Keepalives -
++# see "man 7 tcp" for details
++
++#tcp_keepalives_idle = 0		# TCP_KEEPIDLE, in seconds;
++					# 0 selects the system default
++#tcp_keepalives_interval = 0		# TCP_KEEPINTVL, in seconds;
++					# 0 selects the system default
++#tcp_keepalives_count = 0		# TCP_KEEPCNT;
++					# 0 selects the system default
++
++
++#------------------------------------------------------------------------------
++# RESOURCE USAGE (except WAL)
++#------------------------------------------------------------------------------
++
++# - Memory -
++
++shared_buffers = 24MB			# min 128kB
++					# (change requires restart)
++#temp_buffers = 8MB			# min 800kB
++#max_prepared_transactions = 0		# zero disables the feature
++					# (change requires restart)
++# Note:  Increasing max_prepared_transactions costs ~600 bytes of shared memory
++# per transaction slot, plus lock space (see max_locks_per_transaction).
++# It is not advisable to set max_prepared_transactions nonzero unless you
++# actively intend to use prepared transactions.
++#work_mem = 1MB				# min 64kB
++#maintenance_work_mem = 16MB		# min 1MB
++#max_stack_depth = 2MB			# min 100kB
++
++# - Kernel Resource Usage -
++
++#max_files_per_process = 1000		# min 25
++					# (change requires restart)
++#shared_preload_libraries = ''		# (change requires restart)
++
++# - Cost-Based Vacuum Delay -
++
++#vacuum_cost_delay = 0ms		# 0-100 milliseconds
++#vacuum_cost_page_hit = 1		# 0-10000 credits
++#vacuum_cost_page_miss = 10		# 0-10000 credits
++#vacuum_cost_page_dirty = 20		# 0-10000 credits
++#vacuum_cost_limit = 200		# 1-10000 credits
++
++# - Background Writer -
++
++#bgwriter_delay = 200ms			# 10-10000ms between rounds
++#bgwriter_lru_maxpages = 100		# 0-1000 max buffers written/round
++#bgwriter_lru_multiplier = 2.0		# 0-10.0 multipler on buffers scanned/round
++
++# - Asynchronous Behavior -
++
++#effective_io_concurrency = 1		# 1-1000. 0 disables prefetching
++
++
++#------------------------------------------------------------------------------
++# WRITE AHEAD LOG
++#------------------------------------------------------------------------------
++
++# - Settings -
++
++#wal_level = minimal			# minimal, archive, or hot_standby
++					# (change requires restart)
++#fsync = on				# turns forced synchronization on or off
++#synchronous_commit = on		# immediate fsync at commit
++#wal_sync_method = fsync		# the default is the first option 
++					# supported by the operating system:
++					#   open_datasync
++					#   fdatasync
++					#   fsync
++					#   fsync_writethrough
++					#   open_sync
++#full_page_writes = on			# recover from partial page writes
++#wal_buffers = 64kB			# min 32kB
++					# (change requires restart)
++#wal_writer_delay = 200ms		# 1-10000 milliseconds
++
++#commit_delay = 0			# range 0-100000, in microseconds
++#commit_siblings = 5			# range 1-1000
++
++# - Checkpoints -
++
++#checkpoint_segments = 3		# in logfile segments, min 1, 16MB each
++#checkpoint_timeout = 5min		# range 30s-1h
++#checkpoint_completion_target = 0.5	# checkpoint target duration, 0.0 - 1.0
++#checkpoint_warning = 30s		# 0 disables
++
++# - Archiving -
++
++#archive_mode = off		# allows archiving to be done
++				# (change requires restart)
++#archive_command = ''		# command to use to archive a logfile segment
++#archive_timeout = 0		# force a logfile segment switch after this
++				# number of seconds; 0 disables
++
++# - Streaming Replication -
++
++#max_wal_senders = 0		# max number of walsender processes
++				# (change requires restart)
++#wal_sender_delay = 200ms	# walsender cycle time, 1-10000 milliseconds
++#wal_keep_segments = 0		# in logfile segments, 16MB each; 0 disables
++#vacuum_defer_cleanup_age = 0	# number of xacts by which cleanup is delayed
++
++# - Standby Servers -
++
++#hot_standby = off			# "on" allows queries during recovery
++					# (change requires restart)
++#max_standby_archive_delay = 30s	# max delay before canceling queries
++					# when reading WAL from archive;
++					# -1 allows indefinite delay
++#max_standby_streaming_delay = 30s	# max delay before canceling queries
++					# when reading streaming WAL;
++					# -1 allows indefinite delay
++
++
++#------------------------------------------------------------------------------
++# QUERY TUNING
++#------------------------------------------------------------------------------
++
++# - Planner Method Configuration -
++
++#enable_bitmapscan = on
++#enable_hashagg = on
++#enable_hashjoin = on
++#enable_indexscan = on
++#enable_material = on
++#enable_mergejoin = on
++#enable_nestloop = on
++#enable_seqscan = on
++#enable_sort = on
++#enable_tidscan = on
++
++# - Planner Cost Constants -
++
++#seq_page_cost = 1.0			# measured on an arbitrary scale
++#random_page_cost = 4.0			# same scale as above
++#cpu_tuple_cost = 0.01			# same scale as above
++#cpu_index_tuple_cost = 0.005		# same scale as above
++#cpu_operator_cost = 0.0025		# same scale as above
++#effective_cache_size = 128MB
++
++# - Genetic Query Optimizer -
++
++#geqo = on
++#geqo_threshold = 12
++#geqo_effort = 5			# range 1-10
++#geqo_pool_size = 0			# selects default based on effort
++#geqo_generations = 0			# selects default based on effort
++#geqo_selection_bias = 2.0		# range 1.5-2.0
++#geqo_seed = 0.0			# range 0.0-1.0
++
++# - Other Planner Options -
++
++#default_statistics_target = 100	# range 1-10000
++#constraint_exclusion = partition	# on, off, or partition
++#cursor_tuple_fraction = 0.1		# range 0.0-1.0
++#from_collapse_limit = 8
++#join_collapse_limit = 8		# 1 disables collapsing of explicit 
++					# JOIN clauses
++
++
++#------------------------------------------------------------------------------
++# ERROR REPORTING AND LOGGING
++#------------------------------------------------------------------------------
++
++# - Where to Log -
++
++#log_destination = 'stderr'		# Valid values are combinations of
++					# stderr, csvlog, syslog, and eventlog,
++					# depending on platform.  csvlog
++					# requires logging_collector to be on.
++
++# This is used when logging to stderr:
++#logging_collector = off		# Enable capturing of stderr and csvlog
++					# into log files. Required to be on for
++					# csvlogs.
++					# (change requires restart)
++
++# These are only used if logging_collector is on:
++#log_directory = 'pg_log'		# directory where log files are written,
++					# can be absolute or relative to PGDATA
++#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log'	# log file name pattern,
++					# can include strftime() escapes
++#log_truncate_on_rotation = off		# If on, an existing log file of the
++					# same name as the new log file will be
++					# truncated rather than appended to.
++					# But such truncation only occurs on
++					# time-driven rotation, not on restarts
++					# or size-driven rotation.  Default is
++					# off, meaning append to existing files
++					# in all cases.
++#log_rotation_age = 1d			# Automatic rotation of logfiles will
++					# happen after that time.  0 disables.
++#log_rotation_size = 10MB		# Automatic rotation of logfiles will 
++					# happen after that much log output.
++					# 0 disables.
++
++# These are relevant when logging to syslog:
++#syslog_facility = 'LOCAL0'
++#syslog_ident = 'postgres'
++
++#silent_mode = off			# Run server silently.
++					# DO NOT USE without syslog or
++					# logging_collector
++					# (change requires restart)
++
++
++# - When to Log -
++
++#client_min_messages = notice		# values in order of decreasing detail:
++					#   debug5
++					#   debug4
++					#   debug3
++					#   debug2
++					#   debug1
++					#   log
++					#   notice
++					#   warning
++					#   error
++
++#log_min_messages = warning		# values in order of decreasing detail:
++					#   debug5
++					#   debug4
++					#   debug3
++					#   debug2
++					#   debug1
++					#   info
++					#   notice
++					#   warning
++					#   error
++					#   log
++					#   fatal
++					#   panic
++
++#log_min_error_statement = error	# values in order of decreasing detail:
++				 	#   debug5
++					#   debug4
++					#   debug3
++					#   debug2
++					#   debug1
++				 	#   info
++					#   notice
++					#   warning
++					#   error
++					#   log
++					#   fatal
++					#   panic (effectively off)
++
++#log_min_duration_statement = -1	# -1 is disabled, 0 logs all statements
++					# and their durations, > 0 logs only
++					# statements running at least this number
++					# of milliseconds
++
++
++# - What to Log -
++
++#debug_print_parse = off
++#debug_print_rewritten = off
++#debug_print_plan = off
++#debug_pretty_print = on
++#log_checkpoints = off
++#log_connections = off
++#log_disconnections = off
++#log_duration = off
++#log_error_verbosity = default		# terse, default, or verbose messages
++#log_hostname = off
++#log_line_prefix = ''			# special values:
++					#   %a = application name
++					#   %u = user name
++					#   %d = database name
++					#   %r = remote host and port
++					#   %h = remote host
++					#   %p = process ID
++					#   %t = timestamp without milliseconds
++					#   %m = timestamp with milliseconds
++					#   %i = command tag
++					#   %e = SQL state
++					#   %c = session ID
++					#   %l = session line number
++					#   %s = session start timestamp
++					#   %v = virtual transaction ID
++					#   %x = transaction ID (0 if none)
++					#   %q = stop here in non-session
++					#        processes
++					#   %% = '%'
++					# e.g. '<%u%%%d> '
++#log_lock_waits = off			# log lock waits >= deadlock_timeout
++#log_statement = 'none'			# none, ddl, mod, all
++#log_temp_files = -1			# log temporary files equal or larger
++					# than the specified size in kilobytes;
++					# -1 disables, 0 logs all temp files
++#log_timezone = unknown			# actually, defaults to TZ environment
++					# setting
++
++
++#------------------------------------------------------------------------------
++# RUNTIME STATISTICS
++#------------------------------------------------------------------------------
++
++# - Query/Index Statistics Collector -
++
++#track_activities = on
++#track_counts = on
++#track_functions = none			# none, pl, all
++#track_activity_query_size = 1024 	# (change requires restart)
++#update_process_title = on
++#stats_temp_directory = 'pg_stat_tmp'
++
++
++# - Statistics Monitoring -
++
++#log_parser_stats = off
++#log_planner_stats = off
++#log_executor_stats = off
++#log_statement_stats = off
++
++
++#------------------------------------------------------------------------------
++# AUTOVACUUM PARAMETERS
++#------------------------------------------------------------------------------
++
++#autovacuum = on			# Enable autovacuum subprocess?  'on' 
++					# requires track_counts to also be on.
++#log_autovacuum_min_duration = -1	# -1 disables, 0 logs all actions and
++					# their durations, > 0 logs only
++					# actions running at least this number
++					# of milliseconds.
++#autovacuum_max_workers = 3		# max number of autovacuum subprocesses
++					# (change requires restart)
++#autovacuum_naptime = 1min		# time between autovacuum runs
++#autovacuum_vacuum_threshold = 50	# min number of row updates before
++					# vacuum
++#autovacuum_analyze_threshold = 50	# min number of row updates before 
++					# analyze
++#autovacuum_vacuum_scale_factor = 0.2	# fraction of table size before vacuum
++#autovacuum_analyze_scale_factor = 0.1	# fraction of table size before analyze
++#autovacuum_freeze_max_age = 200000000	# maximum XID age before forced vacuum
++					# (change requires restart)
++#autovacuum_vacuum_cost_delay = 20ms	# default vacuum cost delay for
++					# autovacuum, in milliseconds;
++					# -1 means use vacuum_cost_delay
++#autovacuum_vacuum_cost_limit = -1	# default vacuum cost limit for
++					# autovacuum, -1 means use
++					# vacuum_cost_limit
++
++
++#------------------------------------------------------------------------------
++# CLIENT CONNECTION DEFAULTS
++#------------------------------------------------------------------------------
++
++# - Statement Behavior -
++
++#search_path = '"$user",public'		# schema names
++#default_tablespace = ''		# a tablespace name, '' uses the default
++#temp_tablespaces = ''			# a list of tablespace names, '' uses
++					# only default tablespace
++#check_function_bodies = on
++#default_transaction_isolation = 'read committed'
++#default_transaction_read_only = off
++#session_replication_role = 'origin'
++#statement_timeout = 0			# in milliseconds, 0 is disabled
++#vacuum_freeze_min_age = 50000000
++#vacuum_freeze_table_age = 150000000
++#bytea_output = 'hex'			# hex, escape
++#xmlbinary = 'base64'
++#xmloption = 'content'
++
++# - Locale and Formatting -
++
++datestyle = 'iso, mdy'
++#intervalstyle = 'postgres'
++#timezone = unknown			# actually, defaults to TZ environment
++					# setting
++#timezone_abbreviations = 'Default'     # Select the set of available time zone
++					# abbreviations.  Currently, there are
++					#   Default
++					#   Australia
++					#   India
++					# You can create your own file in
++					# share/timezonesets/.
++#extra_float_digits = 0			# min -15, max 3
++#client_encoding = sql_ascii		# actually, defaults to database
++					# encoding
++
++# These settings are initialized by initdb, but they can be changed.
++lc_messages = 'C'			# locale for system error message
++					# strings
++lc_monetary = 'C'			# locale for monetary formatting
++lc_numeric = 'C'			# locale for number formatting
++lc_time = 'C'				# locale for time formatting
++
++# default configuration for text search
++default_text_search_config = 'pg_catalog.english'
++
++# - Other Defaults -
++
++#dynamic_library_path = '$libdir'
++#local_preload_libraries = ''
++
++
++#------------------------------------------------------------------------------
++# LOCK MANAGEMENT
++#------------------------------------------------------------------------------
++
++#deadlock_timeout = 1s
++#max_locks_per_transaction = 64		# min 10
++					# (change requires restart)
++# Note:  Each lock table slot uses ~270 bytes of shared memory, and there are
++# max_locks_per_transaction * (max_connections + max_prepared_transactions)
++# lock table slots.
++
++
++#------------------------------------------------------------------------------
++# VERSION/PLATFORM COMPATIBILITY
++#------------------------------------------------------------------------------
++
++# - Previous PostgreSQL Versions -
++
++#array_nulls = on
++#backslash_quote = safe_encoding	# on, off, or safe_encoding
++#default_with_oids = off
++#escape_string_warning = on
++#lo_compat_privileges = off
++#sql_inheritance = on
++#standard_conforming_strings = off
++#synchronize_seqscans = on
++
++# - Other Platforms and Clients -
++
++#transform_null_equals = off
++
++
++#------------------------------------------------------------------------------
++# CUSTOMIZED OPTIONS
++#------------------------------------------------------------------------------
++
++#custom_variable_classes = ''		# list of custom variable class names
+
+
+
+ + + + diff --git a/zarb-ml/mageia-sysadm/attachments/20101029/6561f43c/attachment-0001.html b/zarb-ml/mageia-sysadm/attachments/20101029/6561f43c/attachment-0001.html new file mode 100644 index 000000000..5887c9387 --- /dev/null +++ b/zarb-ml/mageia-sysadm/attachments/20101029/6561f43c/attachment-0001.html @@ -0,0 +1,91 @@ + + + +[56] - typo + + + + +
+
+
Revision
56
+
Author
nanardon
+
Date
2010-10-29 01:43:45 +0200 (Fri, 29 Oct 2010)
+
+ +

Log Message

+
- typo
+ +

Modified Paths

+ + +
+
+

Diff

+ +

Modified: puppet/manifests/nodes.pp (55 => 56)

+

+--- puppet/manifests/nodes.pp	2010-10-28 23:41:31 UTC (rev 55)
++++ puppet/manifests/nodes.pp	2010-10-28 23:43:45 UTC (rev 56)
+@@ -68,7 +68,7 @@
+ # 
+ 	include default_mageia_server
+     include bind::bind_master
+-    include postgresl
++    include postgresql
+     bind::zone_master { "mageia.org": }
+     bind::zone_master { "mageia.fr": } 
+     timezone::timezone { "Europe/Paris": }
+
+
+
+ + + + diff --git a/zarb-ml/mageia-sysadm/attachments/20101029/6561f43c/attachment.html b/zarb-ml/mageia-sysadm/attachments/20101029/6561f43c/attachment.html new file mode 100644 index 000000000..4975e718a --- /dev/null +++ b/zarb-ml/mageia-sysadm/attachments/20101029/6561f43c/attachment.html @@ -0,0 +1,90 @@ + + + +[56] - typo + + + + +
+
+
Revision
56
+
Author
nanardon
+
Date
2010-10-29 01:43:45 +0200 (Fri, 29 Oct 2010)
+
+ +

Log Message

+
- typo
+ +

Modified Paths

+ + +
+
+

Diff

+ +

Modified: puppet/manifests/nodes.pp (55 => 56)

+

+--- puppet/manifests/nodes.pp	2010-10-28 23:41:31 UTC (rev 55)
++++ puppet/manifests/nodes.pp	2010-10-28 23:43:45 UTC (rev 56)
+@@ -68,7 +68,7 @@
+ # 
+ 	include default_mageia_server
+     include bind::bind_master
+-    include postgresl
++    include postgresql
+     bind::zone_master { "mageia.org": }
+     bind::zone_master { "mageia.fr": } 
+     timezone::timezone { "Europe/Paris": }
+
+
+
+ + + diff --git a/zarb-ml/mageia-sysadm/attachments/20101029/89afaba1/attachment-0001.html b/zarb-ml/mageia-sysadm/attachments/20101029/89afaba1/attachment-0001.html new file mode 100644 index 000000000..ad877ad8c --- /dev/null +++ b/zarb-ml/mageia-sysadm/attachments/20101029/89afaba1/attachment-0001.html @@ -0,0 +1,173 @@ + + + +[60] - add login management to postgresql + + + + +
+
+
Revision
60
+
Author
nanardon
+
Date
2010-10-29 01:59:20 +0200 (Fri, 29 Oct 2010)
+
+ +

Log Message

+
- add login management to postgresql
+ +

Modified Paths

+ + +

Added Paths

+ + +
+
+

Diff

+ +

Modified: puppet/modules/postgresql/manifests/init.pp (59 => 60)

+

+--- puppet/modules/postgresql/manifests/init.pp	2010-10-28 23:51:17 UTC (rev 59)
++++ puppet/modules/postgresql/manifests/init.pp	2010-10-28 23:59:20 UTC (rev 60)
+@@ -7,11 +7,19 @@
+         restart => "/etc/rc.d/init.d/postgresql reload"
+     }
+ 
++    file { '/etc/pam.d/postgresql':
++        ensure => present,
++        owner  => root,
++        group  => root,
++        mode   => 644,
++        content => template("postgresql/pam"),
++    }
++
+     file { '/var/lib/pgsql/data/postgresql.conf':
+         ensure => present,
+         owner => postgres,
+         group => postgres,
+-        mode => 644,
++        mode => 600,
+         content => template("postgresql/postgresql.conf"),
+         require => Package["postgresql9.0-server"],
+         notify => [Service['postgresql']]
+@@ -21,7 +29,7 @@
+         ensure => present,
+         owner => postgres,
+         group => postgres,
+-        mode => 644,
++        mode => 600,
+         content => template("postgresql/pg_hba.conf"),
+         require => Package["postgresql9.0-server"],
+         notify => [Service['postgresql']]
+
+ +

Added: puppet/modules/postgresql/templates/pam (0 => 60)

+

+--- puppet/modules/postgresql/templates/pam	                        (rev 0)
++++ puppet/modules/postgresql/templates/pam	2010-10-28 23:59:20 UTC (rev 60)
+@@ -0,0 +1,5 @@
++#%PAM-1.0
++auth       include      system-auth
++account    include      system-auth
++password   include      system-auth
++session    include      system-auth
+
+ +

Modified: puppet/modules/postgresql/templates/pg_hba.conf (59 => 60)

+

+--- puppet/modules/postgresql/templates/pg_hba.conf	2010-10-28 23:51:17 UTC (rev 59)
++++ puppet/modules/postgresql/templates/pg_hba.conf	2010-10-28 23:59:20 UTC (rev 60)
+@@ -77,8 +77,11 @@
+ # TYPE  DATABASE        USER            CIDR-ADDRESS            METHOD
+ 
+ # "local" is for Unix domain socket connections only
+-local   all             all                                     trust
++local   all             all                                     ident
+ # IPv4 local connections:
+-host    all             all             127.0.0.1/32            trust
++host    all             all             127.0.0.1/32            pam
+ # IPv6 local connections:
+-host    all             all             ::1/128                 trust
++host    all             all             ::1/128                 pam
++
++host    all             all             0.0.0.0/0               pam
++host    all             all             ::0/0                   pam
+
+ +

Modified: puppet/modules/postgresql/templates/postgresql.conf (59 => 60)

+

+--- puppet/modules/postgresql/templates/postgresql.conf	2010-10-28 23:51:17 UTC (rev 59)
++++ puppet/modules/postgresql/templates/postgresql.conf	2010-10-28 23:59:20 UTC (rev 60)
+@@ -57,6 +57,7 @@
+ # - Connection Settings -
+ 
+ #listen_addresses = 'localhost'		# what IP address(es) to listen on;
++listen_addresses = *
+ 					# comma-separated list of addresses;
+ 					# defaults to 'localhost', '*' = all
+ 					# (change requires restart)
+@@ -73,6 +74,7 @@
+ 					# (change requires restart)
+ #bonjour_name = ''			# defaults to the computer name
+ 					# (change requires restart)
++bonjour_name = 'Magiea\'s Postgresql server'
+ 
+ # - Security and Authentication -
+ 
+
+
+
+ + + diff --git a/zarb-ml/mageia-sysadm/attachments/20101029/89afaba1/attachment.html b/zarb-ml/mageia-sysadm/attachments/20101029/89afaba1/attachment.html new file mode 100644 index 000000000..803f502e7 --- /dev/null +++ b/zarb-ml/mageia-sysadm/attachments/20101029/89afaba1/attachment.html @@ -0,0 +1,174 @@ + + + +[60] - add login management to postgresql + + + + +
+
+
Revision
60
+
Author
nanardon
+
Date
2010-10-29 01:59:20 +0200 (Fri, 29 Oct 2010)
+
+ +

Log Message

+
- add login management to postgresql
+ +

Modified Paths

+ + +

Added Paths

+ + +
+
+

Diff

+ +

Modified: puppet/modules/postgresql/manifests/init.pp (59 => 60)

+

+--- puppet/modules/postgresql/manifests/init.pp	2010-10-28 23:51:17 UTC (rev 59)
++++ puppet/modules/postgresql/manifests/init.pp	2010-10-28 23:59:20 UTC (rev 60)
+@@ -7,11 +7,19 @@
+         restart => "/etc/rc.d/init.d/postgresql reload"
+     }
+ 
++    file { '/etc/pam.d/postgresql':
++        ensure => present,
++        owner  => root,
++        group  => root,
++        mode   => 644,
++        content => template("postgresql/pam"),
++    }
++
+     file { '/var/lib/pgsql/data/postgresql.conf':
+         ensure => present,
+         owner => postgres,
+         group => postgres,
+-        mode => 644,
++        mode => 600,
+         content => template("postgresql/postgresql.conf"),
+         require => Package["postgresql9.0-server"],
+         notify => [Service['postgresql']]
+@@ -21,7 +29,7 @@
+         ensure => present,
+         owner => postgres,
+         group => postgres,
+-        mode => 644,
++        mode => 600,
+         content => template("postgresql/pg_hba.conf"),
+         require => Package["postgresql9.0-server"],
+         notify => [Service['postgresql']]
+
+ +

Added: puppet/modules/postgresql/templates/pam (0 => 60)

+

+--- puppet/modules/postgresql/templates/pam	                        (rev 0)
++++ puppet/modules/postgresql/templates/pam	2010-10-28 23:59:20 UTC (rev 60)
+@@ -0,0 +1,5 @@
++#%PAM-1.0
++auth       include      system-auth
++account    include      system-auth
++password   include      system-auth
++session    include      system-auth
+
+ +

Modified: puppet/modules/postgresql/templates/pg_hba.conf (59 => 60)

+

+--- puppet/modules/postgresql/templates/pg_hba.conf	2010-10-28 23:51:17 UTC (rev 59)
++++ puppet/modules/postgresql/templates/pg_hba.conf	2010-10-28 23:59:20 UTC (rev 60)
+@@ -77,8 +77,11 @@
+ # TYPE  DATABASE        USER            CIDR-ADDRESS            METHOD
+ 
+ # "local" is for Unix domain socket connections only
+-local   all             all                                     trust
++local   all             all                                     ident
+ # IPv4 local connections:
+-host    all             all             127.0.0.1/32            trust
++host    all             all             127.0.0.1/32            pam
+ # IPv6 local connections:
+-host    all             all             ::1/128                 trust
++host    all             all             ::1/128                 pam
++
++host    all             all             0.0.0.0/0               pam
++host    all             all             ::0/0                   pam
+
+ +

Modified: puppet/modules/postgresql/templates/postgresql.conf (59 => 60)

+

+--- puppet/modules/postgresql/templates/postgresql.conf	2010-10-28 23:51:17 UTC (rev 59)
++++ puppet/modules/postgresql/templates/postgresql.conf	2010-10-28 23:59:20 UTC (rev 60)
+@@ -57,6 +57,7 @@
+ # - Connection Settings -
+ 
+ #listen_addresses = 'localhost'		# what IP address(es) to listen on;
++listen_addresses = *
+ 					# comma-separated list of addresses;
+ 					# defaults to 'localhost', '*' = all
+ 					# (change requires restart)
+@@ -73,6 +74,7 @@
+ 					# (change requires restart)
+ #bonjour_name = ''			# defaults to the computer name
+ 					# (change requires restart)
++bonjour_name = 'Magiea\'s Postgresql server'
+ 
+ # - Security and Authentication -
+ 
+
+
+
+ + + + diff --git a/zarb-ml/mageia-sysadm/attachments/20101029/cd653f71/attachment-0001.html b/zarb-ml/mageia-sysadm/attachments/20101029/cd653f71/attachment-0001.html new file mode 100644 index 000000000..23d85564b --- /dev/null +++ b/zarb-ml/mageia-sysadm/attachments/20101029/cd653f71/attachment-0001.html @@ -0,0 +1,103 @@ + + + +[65] - sync with change at zarb ( ldap, ns ) + + + + +
+
+
Revision
65
+
Author
misc
+
Date
2010-10-29 03:18:06 +0200 (Fri, 29 Oct 2010)
+
+ +

Log Message

+
- sync with change at zarb ( ldap, ns )
+ +

Modified Paths

+ + +
+
+

Diff

+ +

Modified: puppet/modules/bind/templates/zones/mageia.org.zone (64 => 65)

+

+--- puppet/modules/bind/templates/zones/mageia.org.zone	2010-10-29 01:12:24 UTC (rev 64)
++++ puppet/modules/bind/templates/zones/mageia.org.zone	2010-10-29 01:18:06 UTC (rev 65)
+@@ -42,13 +42,19 @@
+ jonund      IN  AAAA    2a02:2178:2:7::5
+ fiona       IN  A       212.85.158.150
+ fiona       IN  AAAA    2a02:2178:2:7::6
+-  
+ 
++; alamut  
++ns0         IN  A       212.85.158.146
++; krampouezh            
++ns1         IN  A       95.142.164.207 
++
+ ; aliases
+ www         IN  CNAME www-zarb
+ blog        IN  CNAME www-zarb
+ rsync       IN  CNAME www-zarb
+ 
++ldap        IN  CNAME valstar
++
+ svn         IN  CNAME krampouezh
+ meetbot     IN  CNAME krampouezh
+ 
+
+
+
+ + + + diff --git a/zarb-ml/mageia-sysadm/attachments/20101029/cd653f71/attachment.html b/zarb-ml/mageia-sysadm/attachments/20101029/cd653f71/attachment.html new file mode 100644 index 000000000..958aafd4f --- /dev/null +++ b/zarb-ml/mageia-sysadm/attachments/20101029/cd653f71/attachment.html @@ -0,0 +1,102 @@ + + + +[65] - sync with change at zarb ( ldap, ns ) + + + + +
+
+
Revision
65
+
Author
misc
+
Date
2010-10-29 03:18:06 +0200 (Fri, 29 Oct 2010)
+
+ +

Log Message

+
- sync with change at zarb ( ldap, ns )
+ +

Modified Paths

+ + +
+
+

Diff

+ +

Modified: puppet/modules/bind/templates/zones/mageia.org.zone (64 => 65)

+

+--- puppet/modules/bind/templates/zones/mageia.org.zone	2010-10-29 01:12:24 UTC (rev 64)
++++ puppet/modules/bind/templates/zones/mageia.org.zone	2010-10-29 01:18:06 UTC (rev 65)
+@@ -42,13 +42,19 @@
+ jonund      IN  AAAA    2a02:2178:2:7::5
+ fiona       IN  A       212.85.158.150
+ fiona       IN  AAAA    2a02:2178:2:7::6
+-  
+ 
++; alamut  
++ns0         IN  A       212.85.158.146
++; krampouezh            
++ns1         IN  A       95.142.164.207 
++
+ ; aliases
+ www         IN  CNAME www-zarb
+ blog        IN  CNAME www-zarb
+ rsync       IN  CNAME www-zarb
+ 
++ldap        IN  CNAME valstar
++
+ svn         IN  CNAME krampouezh
+ meetbot     IN  CNAME krampouezh
+ 
+
+
+
+ + + diff --git a/zarb-ml/mageia-sysadm/attachments/20101029/d832edeb/attachment-0001.html b/zarb-ml/mageia-sysadm/attachments/20101029/d832edeb/attachment-0001.html new file mode 100644 index 000000000..6017218a4 --- /dev/null +++ b/zarb-ml/mageia-sysadm/attachments/20101029/d832edeb/attachment-0001.html @@ -0,0 +1,108 @@ + + + +[67] - typo + + + + +
+
+
Revision
67
+
Author
nanardon
+
Date
2010-10-29 03:23:27 +0200 (Fri, 29 Oct 2010)
+
+ +

Log Message

+
- typo
+ +

Modified Paths

+ + +
+
+

Diff

+ +

Modified: puppet/modules/postgresql/manifests/init.pp (66 => 67)

+

+--- puppet/modules/postgresql/manifests/init.pp	2010-10-29 01:22:42 UTC (rev 66)
++++ puppet/modules/postgresql/manifests/init.pp	2010-10-29 01:23:27 UTC (rev 67)
+@@ -5,7 +5,7 @@
+ 
+     service { postgresql:
+         ensure => running,
+-        subscribe => Package[postgresql9.0-server"],
++        subscribe => Package["postgresql9.0-server"],
+         restart => "/etc/rc.d/init.d/postgresql reload"
+     }
+ 
+@@ -24,7 +24,7 @@
+         mode => 600,
+         content => template("postgresql/postgresql.conf"),
+         require => Package["postgresql9.0-server"],
+-        notify => [Service['postgresql']]
++        notify => [Service["postgresql"]]
+     }
+     
+     file { '/var/lib/pgsql/data/pg_hba.conf':
+@@ -34,6 +34,6 @@
+         mode => 600,
+         content => template("postgresql/pg_hba.conf"),
+         require => Package["postgresql9.0-server"],
+-        notify => [Service['postgresql']]
++        notify => [Service["postgresql"]]
+     }
+ }
+
+
+
+ + + + diff --git a/zarb-ml/mageia-sysadm/attachments/20101029/d832edeb/attachment.html b/zarb-ml/mageia-sysadm/attachments/20101029/d832edeb/attachment.html new file mode 100644 index 000000000..26f2f8874 --- /dev/null +++ b/zarb-ml/mageia-sysadm/attachments/20101029/d832edeb/attachment.html @@ -0,0 +1,107 @@ + + + +[67] - typo + + + + +
+
+
Revision
67
+
Author
nanardon
+
Date
2010-10-29 03:23:27 +0200 (Fri, 29 Oct 2010)
+
+ +

Log Message

+
- typo
+ +

Modified Paths

+ + +
+
+

Diff

+ +

Modified: puppet/modules/postgresql/manifests/init.pp (66 => 67)

+

+--- puppet/modules/postgresql/manifests/init.pp	2010-10-29 01:22:42 UTC (rev 66)
++++ puppet/modules/postgresql/manifests/init.pp	2010-10-29 01:23:27 UTC (rev 67)
+@@ -5,7 +5,7 @@
+ 
+     service { postgresql:
+         ensure => running,
+-        subscribe => Package[postgresql9.0-server"],
++        subscribe => Package["postgresql9.0-server"],
+         restart => "/etc/rc.d/init.d/postgresql reload"
+     }
+ 
+@@ -24,7 +24,7 @@
+         mode => 600,
+         content => template("postgresql/postgresql.conf"),
+         require => Package["postgresql9.0-server"],
+-        notify => [Service['postgresql']]
++        notify => [Service["postgresql"]]
+     }
+     
+     file { '/var/lib/pgsql/data/pg_hba.conf':
+@@ -34,6 +34,6 @@
+         mode => 600,
+         content => template("postgresql/pg_hba.conf"),
+         require => Package["postgresql9.0-server"],
+-        notify => [Service['postgresql']]
++        notify => [Service["postgresql"]]
+     }
+ }
+
+
+
+ + + diff --git a/zarb-ml/mageia-sysadm/attachments/20101029/e266393a/attachment-0001.asc b/zarb-ml/mageia-sysadm/attachments/20101029/e266393a/attachment-0001.asc new file mode 100644 index 000000000..ced926f35 --- /dev/null +++ b/zarb-ml/mageia-sysadm/attachments/20101029/e266393a/attachment-0001.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.9 (GNU/Linux) + +iEYEARECAAYFAkzKICcACgkQP0wYCuTizasxywCffao/2L5p4Zv3A/B3oUv6pulO +AicAn1N8tEKvFXbPOqex7zodOXDfKqMU +=9LCI +-----END PGP SIGNATURE----- diff --git a/zarb-ml/mageia-sysadm/attachments/20101029/e266393a/attachment.asc b/zarb-ml/mageia-sysadm/attachments/20101029/e266393a/attachment.asc new file mode 100644 index 000000000..ced926f35 --- /dev/null +++ b/zarb-ml/mageia-sysadm/attachments/20101029/e266393a/attachment.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1.4.9 (GNU/Linux) + +iEYEARECAAYFAkzKICcACgkQP0wYCuTizasxywCffao/2L5p4Zv3A/B3oUv6pulO +AicAn1N8tEKvFXbPOqex7zodOXDfKqMU +=9LCI +-----END PGP SIGNATURE----- -- cgit v1.2.1