Un compte de service rancid renseign\u00e9 dans l’annuaire Active Directory<\/p>\n\n\n\n
Un cluster Pacemaker\/Corosync avec une ressource DRBD<\/p>\n\n\n\n
Les noeuds du cluster sont membres du domaine Active Directory<\/p>\n\n\n\n
Un serveur Apache2 sur chaque n\u0153ud du cluster<\/p>\n\n\n\n
Un serveur TACACS+ sur chaque n\u0153ud du cluster<\/p>\n\n\n\n
La cl\u00e9 et le certificat du du VHost pour CVSWeb ainsi que le certificat de la CA.<\/p>\n\n\n\n
Renseigner l’utilisateur rancid au sein des serveurs TACACS+ :<\/p>\n\n\n\n
vim \/etc\/tacacs+\/tac_plus.conf\n<\/pre>\n\n\n\n# Created by Henry-Nicolas Tourneur(henry.nicolas@tourneur.be)\n# See man(5) tac_plus.conf for more details\n\n# Define where to log accounting data, this is the default.\n\naccounting file = \/var\/log\/tac_plus.acct\n\n# This is the key that clients have to use to access Tacacs+\n\nkey = \"abcdefgh\"\n\n# Groups\n\ngroup = admins {\n default service = permit\n login = PAM\n service = exec {\n priv-lvl = 15\n idletime = 10\n }\n}\n\n# Users\n\nuser = test1 {\n member = admins\n}\n\nuser = test2 {\n member = admins\n}\n\nuser = rancid {\n member = admins\n}\n\n# Much more features are availables, like ACL, more service compatibilities,\n# commands authorization, scripting authorization.\n# See the man page for those features.\n<\/pre>\n\n\n\nvim \/etc\/tacacs+\/tac_plus_nortel.conf\n<\/pre>\n\n\n\n# Created by Henry-Nicolas Tourneur(henry.nicolas@tourneur.be)\n# See man(5) tac_plus.conf for more details\n\n# Define where to log accounting data, this is the default.\n\naccounting file = \/var\/log\/tac_plus_nortel.acct\n\n# This is the key that clients have to use to access Tacacs+\n\nkey = \"abcdefgh\"\n\n# Groups\n\ngroup = admins {\n default service = permit\n login = PAM\n service = exec {\n priv-lvl = 6\n idletime = 10\n }\n}\n\n# Users\n\nuser = test1 {\n member = admins\n}\n\nuser = test2 {\n member = admins\n}\n\nuser = rancid {\n member = admins\n}\n\n# Much more features are availables, like ACL, more service compatibilities,\n# commands authorization, scripting authorization.\n# See the man page for those features.\n<\/pre>\n\n\n\nRelancer les serveurs TACACS+ :<\/p>\n\n\n\n
# \/etc\/init.d\/tacacs_plus reload\n# \/etc\/init.d\/tacacs_plus_nortel reload\n<\/pre>\n\n\n\nInstallation et configuration de Rancid<\/h2>\n\n\n\n
Installer Rancid :<\/p>\n\n\n\n
# aptitude update && aptitude install rancid\n<\/pre>\n\n\n\nSauvegarder le fichier de configuration de Rancid :<\/p>\n\n\n\n
# cp \/etc\/rancid\/rancid.conf \/etc\/rancid\/rancid.conf.original\n<\/pre>\n\n\n\nModifier la configuration de Rancid :<\/p>\n\n\n\n
# vim \/etc\/rancid\/rancid.conf\n<\/pre>\n\n\n\n# rancid 2.3.3\n# This file sets up the environment used for rancid. see rancid.conf(5)\n#\n# This will be site specific\n#\nTERM=network;export TERM\n#\n# Create files w\/o world read\/write\/exec permissions, but read\/exec permissions\n# for group.\numask 027\n#\n# Under BASEDIR (i.e.: --localstatedir), there will be a \"logs\" directory for\n# the logs from rancid and a directory for each group of routers defined in\n# LIST_OF_GROUPS (below). In addition to these, there will be a \"CVS\"\n# directory which is the cvs (or Subversion) repository.\n#\n# Use a full path (no sym-links) for BASEDIR.\n#\nTMPDIR=\/tmp; export TMPDIR\n# Be careful changing this, it affects CVSROOT below.\nBASEDIR=\/var\/lib\/rancid; export BASEDIR\nPATH=\/usr\/lib\/rancid\/bin:\/usr\/bin:\/usr\/sbin:\/bin:\/usr\/local\/bin:\/usr\/bin; export PATH\n# Location of the CVS\/SVN repository. Be careful changing this.\nCVSROOT=$BASEDIR\/CVS; export CVSROOT\n# Location of log files produced by rancid-run(1).\nLOGDIR=$BASEDIR\/logs; export LOGDIR\n#\n# Select which RCS system to use, \"cvs\" (default) or \"svn\". Do not change\n# this after CVSROOT has been created with rancid-cvs. Changing between these\n# requires manual conversions.\nRCSSYS=cvs; export RCSSYS\n#\n# if ACLSORT is NO, access-lists will NOT be sorted.\n#ACLSORT=YES; export ACLSORT\n#\n# if NOPIPE is set, temp files will be used instead of a cmd pipe during\n# collection from the router(s).\n#NOPIPE=YES; export NOPIPE\n#\n# FILTER_PWDS determines which passwords are filtered from configs by the\n# value set (NO | YES | ALL). see rancid.conf(5).\n#FILTER_PWDS=YES; export FILTER_PWDS\n#\n# if NOCOMMSTR is set, snmp community strings will be stripped from the configs\n#NOCOMMSTR=YES; export NOCOMMSTR\n#\n# How many times failed collections are retried (for each run) before\n# giving up. Minimum: 1\n#MAX_ROUNDS=4; export MAX_ROUNDS\n#\n# How many hours should pass before complaining about routers that\n# can not be reached. The value should be greater than the number\n# of hours between your rancid-run cron job. Default: 24\n#OLDTIME=4; export OLDTIME\n#\n# How many hours should pass before complaining that a group's collection\n# (the age of it's lock file) is hung.\n#LOCKTIME=4; export LOCKTIME\n#\n# The number of devices to collect simultaneously.\n#PAR_COUNT=5; export PAR_COUNT\n#\n# list of rancid groups\n#LIST_OF_GROUPS=\"sl joebobisp\"\n# more groups...\nLIST_OF_GROUPS=\"GRP1 GRP2 GRP3\"\n#\n# For each group, define a list of people to receive the diffs.\n# in sendmail's \/etc\/aliases.\n# rancid-group: joe,moe@foo\n# rancid-admin-group: hostmaster\n# be sure to read ..\/README regarding aliases.\n#\n# If your MTA configuration is broken or you want mail to be forwarded to a\n# domain not the same as the local one, define that domain here. \"@\" must be\n# included, as this is simply appended to the usual recipients. It is NOT\n# appended to recipients specified in rancid-run's -m option.\n#MAILDOMAIN=\"@example.com\"; export MAILDOMAIN\n#\n# By default, rancid mail is marked with precedence \"bulk\". This may be\n# changed by setting the MAILHEADERS variable; for example no header by setting\n# it to \"\" or adding X- style headers. Individual headers must be separated\n# by a \\n.\n#MAILHEADERS=\"Precedence: bulk\"; export MAILHEADERS\n<\/pre>\n\n\n\nSur le noeud actif du cluster, d\u00e9placer l’arborescence de travail de Rancid sur le disque DRBD :<\/p>\n\n\n\n
# mv \/var\/lib\/rancid \/cluster\/\n# ln -s \/cluster\/rancid \/var\/lib\/\n# rm \/var\/lib\/rancid\/logs && ln -s \/var\/log\/rancid \/cluster\/rancid\/logs\n<\/pre>\n\n\n\nSur le noeud passif du cluster, d\u00e9truire l’arborescence de travail de Rancid et pointer sur la ressource DRBD :<\/p>\n\n\n\n
# rm -rf \/var\/lib\/rancid\n# ln -s \/cluster\/rancid \/var\/lib\/\n<\/pre>\n\n\n\nRemarque<\/ins> : les actions \u00e0 effectuer sur l’arborescence \/var\/lib\/rancid ne sont \u00e0 r\u00e9aliser que sur le noeud actif sur lequel est monter la ressource DRBD, sous \/cluster.<\/p>\n\n\n\nAjouter un fichier de configuration pour les param\u00e8tres de connexion de l’utilisateurs rancid sur les \u00e9quipements :<\/p>\n\n\n\n
# vim \/var\/lib\/rancid\/.cloginrc\n<\/pre>\n\n\n\nadd cyphertype sw1.home.local {aes128-cbc}\nadd cyphertype sw2.home.local {aes128-cbc}\nadd cyphertype sw3.home.local {aes128-cbc}\nadd cyphertype sw4.home.local {aes128-cbc}\nadd noenable * {1}\nadd autoenable * {1}\nadd user * {rancid}\nadd password * {-----------}\n<\/pre>\n\n\n\n# chmod 600 \/var\/lib\/rancid\/.cloginrc && chown rancid:rancid \/var\/lib\/rancid\/.cloginrc\n<\/pre>\n\n\n\nR\u00e9cup\u00e9rer les add-ons H3C pour Rancid (h3clogin et h3crancid) et les placer sous \/var\/lib\/rancid\/bin\/ (penser \u00e0 v\u00e9rifier l’interpr\u00e9teur renseign\u00e9 dans l’en-t\u00eate de ces scripts) :<\/p>\n\n\n\n
# chown root:root \/var\/lib\/rancid\/bin\/h3c*\n<\/pre>\n\n\n\nRenseigner le mod\u00e8le H3C dans Rancid :<\/p>\n\n\n\n
# vim \/var\/lib\/rancid\/bin\/rancid-fe\n<\/pre>\n\n\n\nCr\u00e9er l’arborescence CVS et les fichiers de configuration associ\u00e9s au groupes renseign\u00e9s dans Rancid :<\/p>\n\n\n\n
# usermod -s \/bin\/bash rancid\n# su - rancid\n$ \/var\/lib\/rancid\/bin\/rancid-cvs\n<\/pre>\n\n\n\nCompl\u00e9ter la liste des \u00e9quipements pour chacun des groupes :<\/p>\n\n\n\n
$ vim \/var\/lib\/rancid\/GRP1\/router.db\n<\/pre>\n\n\n\n#hostname:os:status\nsw1.home.local:h3c:up\nsw2.home.local:h3c:up\n<\/pre>\n\n\n\n$ vim \/var\/lib\/rancid\/GRP2\/router.db\n<\/pre>\n\n\n\n#hostname:os:status\nsw3.home.local:h3c:up\n<\/pre>\n\n\n\n$ vim \/var\/lib\/rancid\/GRP3\/router.db\n<\/pre>\n\n\n\n#hostname:os:status\nsw4.home.local:h3c:up\n<\/pre>\n\n\n\nLancer une premi\u00e8re collecte de la configuration des \u00e9quipements :<\/p>\n\n\n\n
$ \/var\/lib\/rancid\/bin\/rancid-run\n<\/pre>\n\n\n\nInstallation et configuration de CVSWeb<\/h2>\n\n\n\n
Installer CVSWeb :<\/p>\n\n\n\n
# aptitude install cvsweb\n<\/pre>\n\n\n\nSauvegarder la configuration de CVSWeb :<\/p>\n\n\n\n
# cp \/etc\/cvsweb\/cvsweb.conf \/etc\/cvsweb\/cvsweb.conf.original\n<\/pre>\n\n\n\nModifier la configuration de CVSWeb :<\/p>\n\n\n\n
# vim \/etc\/cvsweb\/cvsweb.conf\n<\/pre>\n\n\n\n# -*- perl -*-\n# Configuration of cvsweb.cgi, a web interface to CVS repositories.\n#\n# (c) 1998-1999 H. Zeller <zeller@think.de>\n# 1999 H. Nordstrom <hno@hem.passagen.se>\n# 2000-2002 A. MUSHA <knu@FreeBSD.org>\n# 2002-2005 V. Skytt\u00e4 <scop@FreeBSD.org>\n# based on work by Bill Fenner <fenner@FreeBSD.org>\n#\n# $FreeBSD: projects\/cvsweb\/cvsweb.conf,v 1.97 2005\/06\/19 09:13:50 scop Exp $\n# $Id: cvsweb.conf,v 1.29 2001\/07\/23 09:14:52 hzeller Exp $\n# $Idaemons: \/home\/cvs\/cvsweb\/cvsweb.conf,v 1.27 2001\/08\/01 09:48:39 knu Exp $\n#\n\n#\n# Unless otherwise noted, all boolean parameters here default to off\n# when no value for them has been explicitly set.\n#\n\n# Set the path for the following commands:\n# cvs, rlog, rcsdiff\n# gzip (if you enable $allow_compress)\n# (g)tar, zip (if you enable $allow_tar)\n# cvsgraph (if you enable $allow_graph)\n# enscript (if you enable $allow_enscript)\n#\n@command_path = qw(\/bin \/usr\/bin \/usr\/local\/bin);\n\n# Search the above directories for each command (prefer gtar over tar).\n#\nfor (qw(cvs rlog rcsdiff gzip gtar zip cvsgraph enscript)) {\n $CMD{$_} = search_path($_);\n}\n$CMD{tar} = delete($CMD{gtar}) if $CMD{gtar};\n$CMD{tar} ||= search_path('tar');\n\n# CVS roots\n#\n# CVSweb can handle several CVS repositories at once. Enter short (internal)\n# symbolic repository names, their names in the UI and the actual locations\n# here. The repositories will be listed in the order they're specified here.\n#\n# Obviously, CVSweb will need read access to these repository dirs. If you\n# receive an error that no valid CVS roots were found, double-check the file\n# permissions and any other attributes your system may have for the repository\n# directories, such as SELinux file contexts.\n#\n# CVSweb will also load per-cvsroot configuration files if they exist.\n# The symbolic_name (see below) of the CVS root will be concatenated into the\n# name of the main (this) configuration file along with a hyphen, and that\n# file will be loaded for that particular CVS root. For examples, see\n# cvsweb.conf-* in the CVSweb distribution.\n#\n# Note that only local repositories are currently supported. Things like\n# :pserver:someone@xyz.com:\/data\/cvsroot won't work.\n#\n# 'symbolic_name' => ['Name to display', '\/path\/to\/cvsroot']\n#\n@CVSrepositories = (\n# 'local' => ['Local Repository', '\/var\/lib\/cvs'],\n# 'freebsd' => ['FreeBSD', '\/var\/ncvs'],\n# 'openbsd' => ['OpenBSD', '\/var\/ncvs'],\n# 'netbsd' => ['NetBSD', '\/var\/ncvs'],\n# 'ruby' => ['Ruby', '\/var\/anoncvs\/ruby'],\n 'Rancid' => ['My Network Devices', '\/var\/lib\/rancid\/CVS'],\n);\n\n# The default CVS root. Note that @CVSrepositories is list, not a hash,\n# so you'll want to use 2 * 0-based-index-number here; or set this directly\n# to the default's symbolic name. Unless specified, the first valid one in\n# @CVSrepositories is used as the default.\n#\n# For example:\n#\n#$cvstreedefault = $CVSrepositories[2 * 0];\n#$cvstreedefault = 'local';\n\n# Mirror sites. The keys will be used as link texts, and the values are\n# URLs pointing to the corresponding mirrors.\n#\n#%MIRRORS = (\n# 'Other location' => 'http:\/\/192.168.0.1\/cgi-bin\/cvsweb.cgi\/',\n# 'Yet another one' => 'http:\/\/192.168.0.2\/cgi-bin\/cvsweb.cgi\/',\n#);\n\n# Bug tracking system linking options (\"PR\" means Problem Report, as in GNATS)\n# This will be done only for views for which $allow_*_extra below is true.\n#\n#@prcategories = qw(\n# advocacy\n# alpha\n# bin\n# conf\n# docs\n# gnu\n# i386\n# kern\n# misc\n# pending\n# ports\n# sparc\n#);\n#$prcgi = \"http:\/\/www.FreeBSD.org\/cgi\/query-pr.cgi?pr=%s\";\n#$prkeyword = \"PR\";\n\n# Manual gateway linking. This will be done only for views for which\n# $allow_*_extra below is true.\n#\n$mancgi =\n \"http:\/\/www.FreeBSD.org\/cgi\/man.cgi?apropos=0&sektion=%s&query=%s&manpath=FreeBSD+5.0-current&format=html\";\n\n# Defaults for user definable options.\n#\n%DEFAULTVALUE = (\n\n # sortby: File sort order\n # file Sort by filename\n # rev Sort by revision number\n # date Sort by commit date\n # author Sort by author\n # log Sort by log message\n \"sortby\" => \"file\",\n\n # ignorecase: Ignore case in sorts (filenames, authors, log messages)\n # 0 Honor case\n # 1 Ignore case\n \"ignorecase\" => \"0\",\n\n # hideattic: Hide or show files in Attic\n # 1 Hide files in Attic\n # 0 Show files in Attic\n \"hideattic\" => \"1\",\n\n # logsort: Sort order for CVS logs\n # date Sort revisions by date\n # rev Sort revision by revision number\n # cvs Don't sort them. Same order as CVS\/RCS shows them.\n \"logsort\" => \"date\",\n\n # f: Default diff format\n # h Human readable\n # u Unified diff\n # c Context diff\n # s Side by side\n # uc Unified diff, enscript colored (falls back to \"u\" w\/o enscript)\n # cc Context diff, enscript colored (falls back to \"c\" w\/o enscript)\n # sc Side by side, enscript colored (falls back to \"s\" w\/o enscript)\n \"f\" => \"u\",\n\n # hidecvsroot: Don't show the CVSROOT directory. Note that this is\n # just the default for a user settable option (like others in this\n # %DEFAULTVALUE hash); it won't really prevent access to CVSROOT.\n # See @ForbiddenFiles for that.\n # 1 Do not include the top-level CVSROOT directory in dir listings\n # 0 Treat the top-level CVSROOT directory just like all other dirs\n \"hidecvsroot\" => \"0\",\n\n # hidenonreadable: Don't show files and directories that cannot be read\n # in directory listings.\n # 1 Hide non-readable entries\n # 0 Show non-readable entries\n \"hidenonreadable\" => \"1\",\n\n # ln: Show line numbers in HTMLized views\n # 1 Show line numbers\n # 0 Don't show line numbers\n \"ln\" => \"0\",\n);\n\n#\n# Layout options (see also the included CSS file)\n#\n\n# Wanna have a logo on the page ?\n#\n#$logo = '<p><img src=\"\/icons\/apache_pb.gif\" alt=\"Powered by Apache\" \/><\/p>';\n\n# The title of the Page on startup. This will be put inside <h1> and <title>\n# tags, and HTML escaped.\n#\n$defaulttitle = \"My Network CVS Repository\";\n\n# The address is shown on the footer. This will be put inside a <address> tag.\n#\n$address = '<span style=\"font-size: smaller\">My Network CVS <<a href=\"mailto:network-cvs@home.local\">network-cvs@home.local<\/a>><\/span>';\n\n$long_intro = <<EOT;\n<p>D\u00e9p\u00f4t CVS pour l'archivage des configuration des \u00e9quipements\nactifs de mon r\u00e9seau.\n<\/p>\nEOT\n\n$short_instruction = <<EOT;\n<p>\nClick on a directory to enter that directory. Click on a file to display\nits revision history and to get a chance to display diffs between revisions.\n<\/p>\nEOT\n\n# Icons for the web UI. If ICON-URL is empty, the TEXT representation is\n# used. If you do not want to have a tool tip for an icon, set TEXT empty.\n# The width and height of the icon allow the browser to correctly display\n# the table while still loading the icons. If these icons are too large,\n# check out the \"mini\" versions in the icons\/ directory; they have a\n# width\/height of 16\/16.\n#\nmy $iconsdir = '\/cvsweb\/icons';\n\n# format: TEXT ICON-URL width height\n%ICONS = (\n back => [('[BACK]', \"$iconsdir\/back.gif\", 20, 22)],\n dir => [('[DIR]', \"$iconsdir\/dir.gif\", 20, 22)],\n file => [('[TXT]', \"$iconsdir\/text.gif\", 20, 22)],\n binfile => [('[BIN]', \"$iconsdir\/binary.gif\", 20, 22)],\n graph => [('[GRAPH]', \"$iconsdir\/minigraph.png\", 16, 16)],\n);\nundef $iconsdir;\n\n# An URL where to find the CSS.\n#\n$cssurl = '\/cvsweb\/css\/cvsweb.css';\n\n# The length to which the last log entry should be truncated when shown\n# in the directory view.\n#\n$shortLogLen = 80;\n\n# Show author of last change?\n#\n$show_author = 0; # Off for Debian for security by obscurity\n\n# Cell padding for directory table.\n#\n$tablepadding = 2;\n\n# Regular expressions for files and directories which should be hidden.\n# Each regexp is compared against a path relative to a CVS root, after\n# stripping the trailing \",v\" if present. Matching files and directories\n# are not displayed.\n#\n@ForbiddenFiles = (\n qr|^CVSROOT\/+passwd$|o, # CVSROOT\/passwd should not be 'cvs add'ed though.\n qr|\/\\.cvspass$|o, # Ditto. Just in case.\n #qr|^my\/+secret\/+dir|o,\n);\n\n# Use CVSROOT\/descriptions for describing the directories\/modules?\n# See INSTALL, section 9.\n#\n$use_descriptions = 0;\n\n#\n# Human readable diff.\n#\n# (c) 1998 H. Zeller <zeller@think.de>\n#\n# Generates two columns of color encoded diff; much like xdiff or GNU Emacs'\n# ediff-mode.\n#\n# The diff-stuff is a piece of code I once made for cvs2html which is under\n# GPL, see http:\/\/www.sslug.dk\/cvs2html\n# (c) 1997\/98 Peter Toft <pto@sslug.imm.dtu.dk>\n\n# Make lines breakable so that the columns do not exceed the width of the\n# browser?\n#\n$hr_breakable = 1;\n\n# Print function names in diffs (unified and context only).\n# See the -p option in the diff(1) man page.\n#\n$showfunc = 1;\n\n# For each pair of regexps, files that match the first regexp will be diff'ed\n# with an -F option using the second regexp (unified and context only).\n# See the -F option in the diff(1) man page.\n#\n%funcline_regexp = (\n qr\/\\.(?:4th|fr)$\/o => \"\\\\(^\\\\|[ \\t]\\\\): \",\n qr\/\\.rb$\/o => \"^[\\t ]*\\\\(class\\\\|module\\\\|def\\\\) \",\n);\n\n# Ignore whitespace in human readable diffs? ('-w' option to diff)\n#\n$hr_ignwhite = 0;\n\n# Ignore diffs which are caused by keyword substitution, $Id and friends?\n# ('-kk' option to rcsdiff)\n#\n$hr_ignkeysubst = 1;\n\n# The width of the textinput of the \"request diff\" form.\n#\n$inputTextSize = 12;\n\n# Custom per MIME type diff tools, used for comparing binary files such as\n# spreadsheets, images etc. Each key is a MIME type in lowercase.\n# Each value is an array ref of available diff tools for that type, each of\n# which is a hash ref with values (mandatory where default not listed):\n# name: the name to show in the UI for this diff type\n# cmd: full path to executable\n# args: arguments as an array ref (not string!, defaults to no arguments)\n# type: output MIME type (defaults to text\/plain)\n#\n%DIFF_COMMANDS = (\n #'text\/xml' => [\n # { name => 'XMLdiff',\n # cmd => $CMD{xmldiff},\n # },\n # { name => 'XMLdiff (XUpdate)',\n # cmd => $CMD{xmldiff},\n # args => [ qw(-x) ],\n # type => 'text\/xml',\n # },\n #],\n);\n\n#\n# Mime types\n#\n\n# The MIME type lookup works like this:\n# 1) Look up from %MTYPES below with the file name extension (suffix).\n# 2) If not found, use the MIME::Types(3) module if it's available.\n# 3) If not found, lookup from the $mime_types file (see below).\n# 4) If not found, try %MTYPES{'*'}.\n# 5) If not found, use 'application\/octet-stream' if the file's keyword\n# substitution mode is b (ie. the file was checked in as binary to CVS),\n# 'text\/plain' otherwise.\n\n# Quick MIME type lookup; maps filename extensions to MIME types.\n# Add common mappings here for fast lookup. You can also use this\n# to override MIME::Types(3) or the $mime_types file (see below).\n#\n%MTYPES = (\n \"html\" => \"text\/html\",\n \"shtml\" => \"text\/html\",\n \"gif\" => \"image\/gif\",\n \"jpeg\" => \"image\/jpeg\",\n \"jpg\" => \"image\/jpeg\",\n \"png\" => \"image\/png\",\n \"xpm\" => \"image\/xpm\",\n# \"*\" => \"text\/plain\",\n);\n\n# The traditional mime.types file, eg. the one from Apache is fine.\n# See above where this gets used.\n#\n$mime_types = '\/etc\/mime.types';\n\n# Charset appended to the Content-Type HTTP header for text\/* MIME types.\n# Note that the web server may default to some charset which may take effect\n# if you leave this parameter empty or unset.\n# For Apache, see also the AddDefaultCharset directive.\n#\n$charset = '';\n\n# e.g.\n#$charset = $where =~ m,\/ru[\/_-], ? 'koi8-r'\n# : $where =~ m,\/zh[\/_-], ? 'big5'\n# : $where =~ m,\/ja[\/_-], ? 'x-euc-jp'\n# : $where =~ m,\/ko[\/_-], ? 'x-euc-kr'\n# : 'iso-8859-1';\n\n# Output filter\n#\n$output_filter = '';\n\n# e.g.\n## unify\/convert Japanese code into EUC-JP\n#$output_filter= '\/usr\/local\/bin\/nkf -e';\n\n##############\n# Misc\n##############\n\n# Allow annotation of files? See also @annotate_options below.\n#\n$allow_annotate = 1;\n\n# Allow HTMLized versions of files?\n#\n$allow_markup = 1;\n\n# Allow CVSweb to create mailto: links from email addresses in various\n# HTMLized views? Default: yes.\n#\n#$allow_mailtos = 0;\n\n## Extra hyperlinking means hyperlinks to bug tracking systems and manual page\n## gateways, see $prcgi and $mancgi and related options above.\n\n# Allow extra hyperlinking (such as PR cross-references) in logs?\n# Default: yes.\n#\n#$allow_log_extra = 0;\n\n# Allow extra hyperlinking in directory views?\n#\n$allow_dir_extra = 1;\n\n# Allow extra hyperlinking in source code\/formatted diff views?\n#\n$allow_source_extra = 1;\n\n# Allow compression with gzip in general? Note that this also requires\n# that the browser supports it, and will be disabled on the fly when necessary.\n#\n#$allow_compress = 1;\n\n# Use JavaScript in the UI?\n#\n$use_java_script = 1;\n\n# Show a form for setting options in the directory view?\n#\n$edit_option_form = 1;\n\n# Show last changelog message for subdirectories?\n# The current implementation makes many assumptions and may show the\n# incorrect file at some times. The main assumption is that the last\n# modified file has the newest filedate. But some CVS operations\n# touch the file even when a new version isn't checked in, and TAG\n# based browsing essentially puts this out of order unless the last\n# checkin was on the same tag as you are viewing.\n# Enable this if you like the feature, but don't rely on correct results.\n#\n#$show_subdir_lastmod = 1;\n\n# Show CVS log when viewing file contents?\n#\n$show_log_in_markup = 1;\n\n# Preformat when viewing file contents? This should be turned off\n# when you have files in the repository that are in a multibyte\n# encoding which uses HTML special characters ([<>&\"]) as part of a\n# multibyte character. (such as iso-2022-jp, ShiftJIS, etc.)\n# Otherwise those files will get screwed up in markup.\n#\n# Note: enscript(1) highlighting is preferred over the built-in preformatting,\n# ie. this has no effect if $allow_enscript is true and enscript can highlight\n# the file.\n#\n#$preformat_in_markup = 1;\n\n# Default tab width used to expand tabs to spaces in various HTMLized views.\n# Note that CVSweb scans the first few lines of sources for some common editor\n# directives controlling the tab width. It uses the value from them if found,\n# falling back to the value of $tabstop if not. Default: 8.\n#\n#$tabstop = 4;\n\n# If you wish to display absolute times in your local timezone,\n# then define @mytz and fill in the strings for your standard and\n# daylight time. Note that you must also make sure the system\n# timezone is correctly set.\n#\n#@mytz=(\"EST\", \"EDT\");\n\n# CVSweb is friendly to caches by sending the HTTP Last-Modified\n# header corresponding to the sent content. In the case of a\n# checkout, this may require running rcslog on the file solely for the\n# purpose of retrieving the timestamp to be sent. If you have a slow\n# server, you may want to turn this off for a small performance gain.\n#\n$use_moddate = 1;\n\n# Maximum number of filenames to pass to rlog(1) in one command.\n# If you see \"Failed to spawn GNU rlog\" errors with directories containing\n# lots of files, experiment by setting this to different values and see if\n# the error still occurs. A good value to start from would be eg. 200.\n# Just comment this out if you're not bitten by the problem.\n#\n#$file_list_len = 200;\n\n# Allow graphical representations of file revisions and branches with CvsGraph?\n#\n$allow_cvsgraph = $CMD{cvsgraph} ? 1 : 0;\n\n# Path to the CvsGraph configuration file. Only used if $allow_cvsgraph\n# is true. Leave this empty or comment it out to make cvsgraph(1) use its\n# default configuration file. Note that CVSweb will override some of the\n# settings in the configuration file with command line options, see\n# doGraph() and doGraphView() in cvsweb.cgi for details.\n#\n#$cvsgraph_config = \"\/etc\/cvsgraph.conf\";\n\n# URL to the CVSHistory script. This should be absolute (but does not need\n# to include the host and port if the script is on the same server as\n# CVSweb).\n#$cvshistory_url = \"\/cgi-bin\/cvshistory.cgi\";\n\n# Whether to allow downloading a tarball or a zip of the current directory.\n# While downloading of the entire repository is disallowed, depending on\n# the directory this may take a lot of time and disk space. For some CVS\n# versions, the user account running CVSweb needs write access to\n# CVSROOT\/val-tags. See also the tar, gzip and zip options below.\n#\n#$allow_tar = (($CMD{tar} && $CMD{gzip}) || $CMD{zip}) ? 1 : 0;\n\n# Options to pass to tar(1).\n# For example: @tar_options = qw(--ignore-failed-read);\n# GNU tar has some useful options against unexpected errors.\n# Other useful options include \"--owner=0\" and \"--group=0\", see\n# the tar(1) (or gtar(1)) manpage for details.\n#\n@tar_options = qw();\n\n# Options to pass to gzip(1) when compressing a tarball to download.\n# For example: @gzip_options = qw(-3);\n# Try lower compression level than 6 (default) if you want faster\n# compression, or higher for better compression.\n#\n@gzip_options = qw();\n\n# Options to pass to zip(1) when compressing a zip archive to download.\n# For example: @zip_options = qw(-3);\n# Try lower compression level than 6 (default) if you want faster\n# compression, or higher for better compression.\n#\n@zip_options = qw(-q);\n\n# Options to pass to cvs(1).\n# For cvs versions 1.11 to 1.11.6 (broken in < 1.11, removed in 1.11.7), you\n# can use the '-l' option to prevent cvs from writing to the history file.\n# For other cvs versions, either suppress history logging by using the\n# LogHistory parameter in CVSROOT\/config or make sure that the CVSweb user\n# can read and write to CVSROOT\/history.\n# FreeBSD's and OpenBSD's cvs(1) has long since supported -R (read only access\n# mode) option, which considerably speeds up checkouts over NFS. For other\n# platforms, the -R option and the CVSREADONLYFS environment variable are\n# available in cvs >= 1.12.1. A similar effect is provided by -u on NetBSD.\n#\n@cvs_options = qw(-f);\npush @cvs_options, '-R' if ($^O eq 'freebsd' || $^O eq 'openbsd');\npush @cvs_options, '-u' if ($^O eq 'netbsd');\n# Only affects cvs >= 1.12.1, but doesn't hurt older ones.\n$ENV{CVSREADONLYFS} = 1 unless exists($ENV{CVSREADONLYFS});\n\n# Options to pass to the 'cvs annotate' command, usually the normal\n# @cvs_options are good enough here.\n# To make annotate work against a read only repository, add -n, ie.:\n# @annotate_options = (@cvs_options, '-n');\n#\n@annotate_options = @cvs_options;\n\n# Options to pass to rcsdiff(1).\n# Probably the only useful one here is -q (suppress diagnostic output).\n#\n@rcsdiff_options = qw(-q);\n\n# Enables syntax highlighting using GNU Enscript if set.\n# You will need GNU Enscript version 1.6.3 or newer for this to work.\n#\n#$allow_enscript = $CMD{enscript} ? 1 : 0;\n\n# Options to pass to enscript(1).\n# Do not set the -q, --language, -o or --highlight options here.\n# Most useful styles are probably emacs, emacs_verbose and msvc.\n#\n@enscript_options = qw(--style=emacs --color=1);\n\n# Enscript highlight rule to filename regex mappings. The set of useful\n# mappings depends on what highlight rules the system has installed.\n#\n%enscript_types =\n (\n 'ada' => qr\/\\.ad(s|b|a)$\/o,\n 'asm' => qr\/\\.[Ss]$\/o,\n 'awk' => qr\/\\.awk$\/o,\n 'bash' => qr\/\\.(bash(_profile|rc)|inputrc)$\/o,\n 'c' => qr\/\\.(c|h)$\/o,\n 'changelog' => qr\/^changelog$\/io,\n 'cpp' => qr\/\\.(c\\+\\+|C|H|cpp|cc|cxx)$\/o,\n 'csh' => qr\/\\.(csh(rc)?|log(in|out)|history)$\/o,\n 'elisp' => qr\/\\.e(l|macs)$\/o,\n 'fortran' => qr\/\\.[fF]$\/o,\n 'haskell' => qr\/\\.(l?h|l?g)s$\/o,\n 'html' => qr\/\\.x?html?$\/o,\n 'idl' => qr\/\\.idl$\/o,\n 'inf' => qr\/\\.inf$\/io,\n 'java' => qr\/\\.java$\/o,\n 'javascript' => qr\/\\.(js|pac)$\/o,\n 'ksh' => qr\/\\.ksh$\/o,\n 'm4' => qr\/\\.m4$\/o,\n 'makefile' => qr\/(GNU)?[Mm]akefile(?!\\.PL\\b)|\\.(ma?ke?|am)$\/o,\n 'matlab' => qr\/\\.m$\/o,\n 'nroff' => qr\/\\.man$\/o,\n 'pascal' => qr\/\\.p(as|p)?$\/io,\n 'perl' => qr\/\\.p(m|(er)?l)$\/io,\n 'postscript' => qr\/\\.e?ps$\/io,\n 'python' => qr\/\\.py$\/o,\n 'rfc' => qr\/\\b((rfc|draft)\\..*\\.txt)$\/o,\n 'scheme' => qr\/\\.(scm|scheme)$\/o,\n 'sh' => qr\/\\.sh$\/o,\n 'skill' => qr\/\\.il$\/o,\n 'sql' => qr\/\\.sql$\/o,\n 'states' => qr\/\\.st$\/o,\n 'synopsys' => qr\/\\.s(cr|yn(th)?)$\/o,\n 'tcl' => qr\/\\.tcl$\/o,\n 'tcsh' => qr\/\\.tcshrc$\/o,\n 'tex' => qr\/\\.tex$\/o,\n 'vba' => qr\/\\.vba$\/o,\n 'verilog' => qr\/\\.(v|vh)$\/o,\n 'vhdl' => qr\/\\.vhdl?$\/o,\n 'vrml' => qr\/\\.wrl$\/o,\n 'wmlscript' => qr\/\\.wmls(cript)?$\/o,\n 'zsh' => qr\/\\.(zsh(env|rc)|z(profile|log(in|out)))$\/o,\n );\n\n# Troubleshooting: in case of problems, setting this to 1 will cause more\n# error output into your web server error log. Under normal operation,\n# this should be set to 0 or commented out.\n#\n#$DEBUG = 1;\n\n# Enable this to let CVSweb load extra configuration files from the \"conf.d\"\n# subdirectory of the directory this file is located in. This enables site\n# specific configuration without having to modify this \"master\" configuration\n# file (except for enabling this functionality below :)\n#\nif (0) {\n my $confdir = catdir(dirname(__FILE__), 'conf.d');\n if (opendir(CONFD, $confdir)) {\n my @files = sort(map(catfile($confdir, $_), readdir(CONFD)));\n close(CONFD);\n for my $conffile (grep(-f && -r _, @files)) {\n ($conffile) = ($conffile =~ \/(.+\\.conf)$\/) or next;\n do \"$conffile\" or config_error($conffile, $@);\n }\n }\n}\n\n1;\n\n# EOF\n<\/pre>\n\n\n\nCr\u00e9er le r\u00e9pertoire pour le VHost Apache cvs.home.local :<\/p>\n\n\n\n
# mkdir \/var\/www\/cvs.home.local\/\n<\/pre>\n\n\n\nCr\u00e9er un r\u00e9pertoire pour les cl\u00e9s et certificats SSL utilis\u00e9s par Apache :<\/p>\n\n\n\n
# mkdir \/etc\/apache2\/ssl\/\n<\/pre>\n\n\n\nPlacer la cl\u00e9s et les certificats ad\u00e9quats :<\/p>\n\n\n\n
- ca.crt<\/li>
- wildcard.home.local.crt<\/li>
- wildcard.home.local.key<\/li><\/ul>\n\n\n\n
Cr\u00e9er la configuration du VHost Apache cvs.home.local :<\/p>\n\n\n\n
# vim \/etc\/apache2\/sites-available\/cvs.home.local\n<\/pre>\n\n\n\n<VirtualHost *:80>\n ServerAdmin webmaster@home.local\n ServerName cvs.home.local\n\n <IfModule mod_rewrite.c>\n RewriteEngine On\n RewriteRule (.*) https:\/\/%{SERVER_NAME}$1\n <\/IfModule>\n\n<\/VirtualHost>\n\n<VirtualHost *:443>\n ServerAdmin webmaster@home.local\n ServerName cvs.home.local\n\n DocumentRoot \/var\/www\/cvs.home.local\/\n <Directory \/>\n Options FollowSymLinks\n AllowOverride None\n <\/Directory>\n <Location \/>\n Order deny,allow\n Deny from all\n Allow from 10.20.30.0\/24\n\n AuthUserFile \/etc\/apache2\/passwd\n AuthName \"!HOME! Restricted Access !HOME!\"\n AuthType Basic\n Require user admin\n\n # This directive allows us to have apache2's default start page\n # in \/apache2-default\/, but still have \/ go to the right place\n #RedirectMatch ^\/$ \/apache2-default\/\n <\/Location>\n\n ScriptAlias \/cgi-bin\/ \/usr\/lib\/cgi-bin\/\n <Directory \"\/usr\/lib\/cgi-bin\">\n AllowOverride None\n Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch\n Order allow,deny\n Allow from all\n <\/Directory>\n\n Alias \/cvsweb \/usr\/share\/cvsweb\n\n <IfModule mod_rewrite.c>\n RewriteEngine On\n RewriteRule ^\/$ \/cgi-bin\/cvsweb [R]\n <\/IfModule>\n\n ErrorLog ${APACHE_LOG_DIR}\/cvs.home.local-error.log\n\n # Possible values include: debug, info, notice, warn, error, crit,\n # alert, emerg.\n LogLevel warn\n\n CustomLog ${APACHE_LOG_DIR}\/cvs.home.local-access.log combined\n ServerSignature Off\n\n <IfModule mod_ssl.c>\n SSLEngine on\n SSLCertificateFile \/etc\/apache2\/ssl\/wildcard.home.local.crt\n SSLCertificateKeyFile \/etc\/apache2\/ssl\/wildcard.home.local.key\n SSLCACertificateFile \/etc\/apache2\/ssl\/ca.crt\n <\/IfModule>\n<\/VirtualHost>\n<\/pre>\n\n\n\nActiver les modules Apache n\u00e9cessaires :<\/p>\n\n\n\n
# a2enmod rewrite ssl cgi\n<\/pre>\n\n\n\nActiver le VHost Apache cvs.home.local :<\/p>\n\n\n\n
# a2ensite cvs.home.local\n<\/pre>\n\n\n\nRelancer Apache2 :<\/p>\n\n\n\n
# \/etc\/init.d\/apache2 reload\n<\/pre>\n\n\n\nAutomatisation des sauvegardes<\/h2>\n\n\n\n
Ajouter une t\u00e2ches sur les deux noeuds du cluster :<\/p>\n\n\n\n
# vim \/etc\/crontab\n<\/pre>\n\n\n\n# Sauvegarde des equipements actifs de mon reseau\n30 19 * * * root ( crm_resource --resource ClusterFS --locate | grep $HOSTNAME &> \/dev\/null ) && ( ! ps -e | grep rancid-run ) && sudo -u rancid \/var\/lib\/rancid\/bin\/rancid-run &> \/dev\/null<\/pre>\n","protected":false},"excerpt":{"rendered":"Pr\u00e9-requis Un compte de service rancid renseign\u00e9 dans l’annuaire Active Directory Un cluster Pacemaker\/Corosync avec une ressource DRBD Les noeuds du cluster sont membres du domaine Active Directory Un serveur …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[35,36,8,9,37,38],"class_list":["post-44","post","type-post","status-publish","format-standard","hentry","category-computing","tag-cluster","tag-cvs","tag-debian","tag-linux","tag-rancid","tag-tacacs"],"_links":{"self":[{"href":"https:\/\/www.n3oxid.fr\/index.php?rest_route=\/wp\/v2\/posts\/44","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.n3oxid.fr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.n3oxid.fr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.n3oxid.fr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.n3oxid.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=44"}],"version-history":[{"count":1,"href":"https:\/\/www.n3oxid.fr\/index.php?rest_route=\/wp\/v2\/posts\/44\/revisions"}],"predecessor-version":[{"id":45,"href":"https:\/\/www.n3oxid.fr\/index.php?rest_route=\/wp\/v2\/posts\/44\/revisions\/45"}],"wp:attachment":[{"href":"https:\/\/www.n3oxid.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=44"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.n3oxid.fr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=44"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.n3oxid.fr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=44"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}