GitHub - mit-scripts/scripts-pony: Scripts hostname management interface

mit-scripts / scripts-pony Public

Notifications You must be signed in to change notification settings
Fork 4
Star 1

Scripts hostname management interface

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 275 Commits
data		data
scripts		scripts
scriptspony		scriptspony
web_scripts		web_scripts
.gitignore		.gitignore
MANIFEST.in		MANIFEST.in
README		README
README.turbogears		README.turbogears
TODO		TODO
check_dns.py		check_dns.py
development.ini		development.ini
find_expiring_certs.py		find_expiring_certs.py
handle_cert_mail.py		handle_cert_mail.py
handle_mail.py		handle_mail.py
renew_mit_certs.py		renew_mit_certs.py
replace_ca.py		replace_ca.py
send_mitcert_request.py		send_mitcert_request.py
setup.cfg		setup.cfg
setup.py		setup.py
test.ini		test.ini

Repository files navigation

=== Checking Out ===

You can get your own clone of Scripts Pony by doing
"git clone https://github.com/mit-scripts/scripts-pony.git". Doing this in 
~/Scripts/turbogears/ is mildly recommended.

=== Install ===

To install your own instance of Scripts Pony, make a symbolic link
from somewhere in your web_scripts directory to your checkout of
Scripts Pony, and make sure that daemon.scripts can write in your checkout.

ln -s "$(pwd)/web_scripts" ~/web_scripts/pony
add consult
fsr sa . daemon.scripts write

You will also need to give daemon.scripts write access to ~/.local/bin and ~/.local/lib:
mkdir ~/.local/lib
fs sa ~/.local/lib daemon.scripts write
mkdir ~/.local/bin
fs sa ~/.local/bin daemon.scripts write

Pony will try to use your username+scripts-pony database on
sql.mit.edu.  Go to sql.mit.edu and create this database, and
be sure the login info in your ~/.my.conf is accurate.

Then ssh into scripts.mit.edu, cd into ~/Scripts/turbogears/scripts-pony, and run:
python setup.py develop --user
paster setup-app development.ini

=== Mail and Cron ===

To correctly process incoming mail, you need to be signed up for
mail_scripts and Pony needs the following in ~/mail_scripts/procmailrc:

:0w
* ^Delivered-To:.*pony\+.*@.*
| /mit/locker/Scripts/turbogears/scripts-pony/handle_mail.py

To periodically check DNS automatically for tickets blocking on DNS,
you need to be signed up for cron_scripts and load a crontab that
contains:

2,17,32,49 * * * * /mit/locker/Scripts/turbogears/scripts-pony/check_dns.py

=== Authentication and Authorization ===

Scripts Pony authenticates with ~/Private/scripts-pony.keytab,
if that exists.  If not, it uses no authentication (but can still
do reads).

Scripts Pony's LDAP user needs the following ACI on
ou=VirtualHosts,dc=scripts,dc=mit,dc=edu in order to make changes in
LDAP:

(target="ldap:///ou=VirtualHosts,dc=scripts,dc=mit,dc=edu")(targetattr="scriptsVhostDirectory || scriptsVhostAlias || scriptsVhostCertificate || scriptsVhostCertificateKeyFile")(version 3.0;acl "pony";allow (add, write, delete) userdn="ldap:///uid=daemon/scripts-pony.mit.edu,ou=People,dc=scripts,dc=mit,dc=edu";)

This assumes that the user in LDAP looks like:

dn: uid=daemon/scripts-pony.mit.edu,ou=People,dc=scripts,dc=mit,dc=edu
uid: daemon/scripts-pony.mit.edu
objectClass: account
objectClass: top