Download as
Browse Code »

Commit e9cb352e99fe5b28d26c58f7e786b23e62e65dcf

Authored by colab
1 parent 7c7bc18b
Exists in master and in 1 other branch backuprestauracao

renaming scripts

Showing 6 changed files with 319 additions and 325 deletions   Show diff stats
script/gitlab.sh 0 → 100755
  Diff comments   View file @e9cb352
... ... @@ -0,0 +1,122 @@
  1 +#!/bin/bash
  2 +
  3 +# Coloque aqui os ips do gitlab e do redmine
  4 +IP_GITLAB="localhost"
  5 +IP_REDMINE="localhost"
  6 +IP_LDAP="localhost"
  7 +PASSWORD_LDAP="12345678" #"cfl5OcVJ"
  8 +
  9 +while [ -e $IP_GITLAB ]
  10 +do
  11 + echo "Digite o IP externo do Gitlab: "
  12 + read IP_GITLAB
  13 + echo "IP digitado: $IP_GITLAB"
  14 + echo "Confirma (y/n)?"
  15 + read CONFIRMA
  16 + if [ "$CONFIRMA" != "y" ] ; then
  17 + IP_GITLAB=
  18 + fi
  19 +done
  20 +
  21 +while [ -e $IP_REDMINE ]
  22 +do
  23 + echo "Digite o IP externo do Redmine: "
  24 + read IP_REDMINE
  25 + echo "IP digitado: $IP_REDMINE"
  26 + echo "Confirma (y/n)?"
  27 + read CONFIRMA
  28 + if [ "$CONFIRMA" != "y" ] ; then
  29 + IP_REDMINE=
  30 + fi
  31 +done
  32 +
  33 +while [ -e $IP_LDAP ]
  34 +do
  35 + echo "Digite o IP externo do Redmine: "
  36 + read IP_LDAP
  37 + echo "Senha Ldap:"
  38 + read PASSWORD_LDAP
  39 + echo "IP digitado: $IP_LDAP"
  40 + echo "PASSWORD digitado foi: $PASSWORD_LDAP"
  41 + echo "Confirma (y/n)?"
  42 + read CONFIRMA
  43 + if [ "$CONFIRMA" != "y" ] ; then
  44 + IP_LDAP=
  45 + PASSWORD_LDAP=
  46 + fi
  47 +done
  48 +
  49 +
  50 +
  51 +
  52 +
  53 +# Atualizar o sistema
  54 +sudo yum update -y
  55 +
  56 +# Instalar dependencias
  57 +sudo yum install wget vim postfix openssh-server -y
  58 +
  59 +# Fazer o download do gitlab
  60 +sudo wget https://downloads-packages.s3.amazonaws.com/centos-6.5/gitlab-7.0.0_omnibus-1.el6.x86_64.rpm
  61 +
  62 +# Instale o Gitlab
  63 +echo "Instalando gitlab, leva alguns minutos"
  64 +sudo rpm -i gitlab-7.0.0_omnibus-1.el6.x86_64.rpm
  65 +
  66 +# Criar o arquivo de configuracao do gitlab
  67 +echo "Criando arquivo de configuracao do gitlab"
  68 +sudo mkdir -p /etc/gitlab
  69 +sudo touch /etc/gitlab/gitlab.rb
  70 +sudo chmod 600 /etc/gitlab/gitlab.rb
  71 +
  72 +# Adicionar configuracoes para o gitlab
  73 +echo "Editando as configuracoes do gitlab"
  74 +sudo echo "redis['port'] = 1234" >> /etc/gitlab/gitlab.rb
  75 +sudo echo "postgresql['port'] = 2345" >> /etc/gitlab/gitlab.rb
  76 +sudo echo "unicorn['port'] = 3456" >> /etc/gitlab/gitlab.rb
  77 +sudo echo "gitlab_rails['internal_api_url'] = 'http://localhost:3456'" >> /etc/gitlab/gitlab.rb
  78 +sudo echo "external_url \"http://$IP_GITLAB\"" >> /etc/gitlab/gitlab.rb
  79 +
  80 +# Adicionar integracao com redmine
  81 +sudo echo "gitlab_rails['issues_tracker_redmine'] = 'redmine'" >> /etc/gitlab/gitlab.rb
  82 +sudo echo "gitlab_rails['issues_tracker_redmine_title'] = 'Redmine'" >> /etc/gitlab/gitlab.rb
  83 +sudo echo "gitlab_rails['issues_tracker_redmine_project_url'] = 'http://$IP_REDMINE/projects/:issues_tracker_id'" >> /etc/gitlab/gitlab.rb
  84 +sudo echo "gitlab_rails['issues_tracker_redmine_issues_url'] = 'http://$IP_REDMINE/issues/:id'" >> /etc/gitlab/gitlab.rb
  85 +sudo echo "gitlab_rails['issues_tracker_redmine_new_issue_url'] = 'http://$IP_REDMINE/projects/:issues_tracker_id/issues/new'" >> /etc/gitlab/gitlab.rb
  86 +
  87 +# Liberando firewall para servisos http e ssh
  88 +echo "Adicionando regras no firewall para habilitar http e ssh, caso estejam desabilitados"
  89 +sudo lokkit -s http -s ssh
  90 +
  91 +# Liberando porta 22, isso e' essencial para o funcionamento do git
  92 +# Caso queira restringir o acesso para redes especificas, favor adicionar opcao
  93 +# -s 192.168.0.0/24
  94 +#sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
  95 +
  96 +echo "configurando ldap"
  97 +
  98 +localhost=$IP_LDAP
  99 +base="dc=sei,dc=com"
  100 +port="389"
  101 +bind_dn="cn=admin,$base"
  102 +password=$PASSWORD_LDAP
  103 +
  104 +echo "gitlab_rails['ldap_enabled'] = true" >> /etc/gitlab/gitlab.rb
  105 +echo "gitlab_rails['ldap_host'] = '$localhost' " >> /etc/gitlab/gitlab.rb
  106 +echo "gitlab_rails['ldap_port'] = $port" >> /etc/gitlab/gitlab.rb
  107 +echo "gitlab_rails['ldap_base'] = '$base'" >> /etc/gitlab/gitlab.rb
  108 +echo "gitlab_rails['ldap_uid'] = 'uid'" >> /etc/gitlab/gitlab.rb
  109 +echo "gitlab_rails['ldap_method'] = 'plain'" >> /etc/gitlab/gitlab.rb
  110 +echo "gitlab_rails['ldap_bind_dn'] = '$bind_dn'" >> /etc/gitlab/gitlab.rb
  111 +echo "gitlab_rails['ldap_password'] = '$password'" >> /etc/gitlab/gitlab.rb
  112 +echo "gitlab_rails['ldap_allow_username_or_email_login'] = true" >> /etc/gitlab/gitlab.rb
  113 +
  114 +
  115 +echo "Iniciando gitlab"
  116 +sudo gitlab-ctl reconfigure
  117 +sudo gitlab-ctl restart
  118 +
  119 +# Mostrando os dados do gitlab
  120 +echo "Sucesso! Para acessar o gitlab, abra no navegador o ip $IP_GITLAB"
  121 +echo "Usuario: root"
  122 +echo "Senha: 5iveL!fe"
... ...
script/instalacaoGitlab.sh
View file @7c7bc18
... ... @@ -1,122 +0,0 @@
1   -#!/bin/bash
2   -
3   -# Coloque aqui os ips do gitlab e do redmine
4   -IP_GITLAB="localhost"
5   -IP_REDMINE="localhost"
6   -IP_LDAP="localhost"
7   -PASSWORD_LDAP="12345678" #"cfl5OcVJ"
8   -
9   -while [ -e $IP_GITLAB ]
10   -do
11   - echo "Digite o IP externo do Gitlab: "
12   - read IP_GITLAB
13   - echo "IP digitado: $IP_GITLAB"
14   - echo "Confirma (y/n)?"
15   - read CONFIRMA
16   - if [ "$CONFIRMA" != "y" ] ; then
17   - IP_GITLAB=
18   - fi
19   -done
20   -
21   -while [ -e $IP_REDMINE ]
22   -do
23   - echo "Digite o IP externo do Redmine: "
24   - read IP_REDMINE
25   - echo "IP digitado: $IP_REDMINE"
26   - echo "Confirma (y/n)?"
27   - read CONFIRMA
28   - if [ "$CONFIRMA" != "y" ] ; then
29   - IP_REDMINE=
30   - fi
31   -done
32   -
33   -while [ -e $IP_LDAP ]
34   -do
35   - echo "Digite o IP externo do Redmine: "
36   - read IP_LDAP
37   - echo "Senha Ldap:"
38   - read PASSWORD_LDAP
39   - echo "IP digitado: $IP_LDAP"
40   - echo "PASSWORD digitado foi: $PASSWORD_LDAP"
41   - echo "Confirma (y/n)?"
42   - read CONFIRMA
43   - if [ "$CONFIRMA" != "y" ] ; then
44   - IP_LDAP=
45   - PASSWORD_LDAP=
46   - fi
47   -done
48   -
49   -
50   -
51   -
52   -
53   -# Atualizar o sistema
54   -sudo yum update -y
55   -
56   -# Instalar dependencias
57   -sudo yum install wget vim postfix openssh-server -y
58   -
59   -# Fazer o download do gitlab
60   -sudo wget https://downloads-packages.s3.amazonaws.com/centos-6.5/gitlab-7.0.0_omnibus-1.el6.x86_64.rpm
61   -
62   -# Instale o Gitlab
63   -echo "Instalando gitlab, leva alguns minutos"
64   -sudo rpm -i gitlab-7.0.0_omnibus-1.el6.x86_64.rpm
65   -
66   -# Criar o arquivo de configuracao do gitlab
67   -echo "Criando arquivo de configuracao do gitlab"
68   -sudo mkdir -p /etc/gitlab
69   -sudo touch /etc/gitlab/gitlab.rb
70   -sudo chmod 600 /etc/gitlab/gitlab.rb
71   -
72   -# Adicionar configuracoes para o gitlab
73   -echo "Editando as configuracoes do gitlab"
74   -sudo echo "redis['port'] = 1234" >> /etc/gitlab/gitlab.rb
75   -sudo echo "postgresql['port'] = 2345" >> /etc/gitlab/gitlab.rb
76   -sudo echo "unicorn['port'] = 3456" >> /etc/gitlab/gitlab.rb
77   -sudo echo "gitlab_rails['internal_api_url'] = 'http://localhost:3456'" >> /etc/gitlab/gitlab.rb
78   -sudo echo "external_url \"http://$IP_GITLAB\"" >> /etc/gitlab/gitlab.rb
79   -
80   -# Adicionar integracao com redmine
81   -sudo echo "gitlab_rails['issues_tracker_redmine'] = 'redmine'" >> /etc/gitlab/gitlab.rb
82   -sudo echo "gitlab_rails['issues_tracker_redmine_title'] = 'Redmine'" >> /etc/gitlab/gitlab.rb
83   -sudo echo "gitlab_rails['issues_tracker_redmine_project_url'] = 'http://$IP_REDMINE/projects/:issues_tracker_id'" >> /etc/gitlab/gitlab.rb
84   -sudo echo "gitlab_rails['issues_tracker_redmine_issues_url'] = 'http://$IP_REDMINE/issues/:id'" >> /etc/gitlab/gitlab.rb
85   -sudo echo "gitlab_rails['issues_tracker_redmine_new_issue_url'] = 'http://$IP_REDMINE/projects/:issues_tracker_id/issues/new'" >> /etc/gitlab/gitlab.rb
86   -
87   -# Liberando firewall para servisos http e ssh
88   -echo "Adicionando regras no firewall para habilitar http e ssh, caso estejam desabilitados"
89   -sudo lokkit -s http -s ssh
90   -
91   -# Liberando porta 22, isso e' essencial para o funcionamento do git
92   -# Caso queira restringir o acesso para redes especificas, favor adicionar opcao
93   -# -s 192.168.0.0/24
94   -#sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
95   -
96   -echo "configurando ldap"
97   -
98   -localhost=$IP_LDAP
99   -base="dc=colab,dc=com"
100   -port="389"
101   -bind_dn="cn=admin,$base"
102   -password=$PASSWORD_LDAP
103   -
104   -echo "gitlab_rails['ldap_enabled'] = true" >> /etc/gitlab/gitlab.rb
105   -echo "gitlab_rails['ldap_host'] = '$localhost' " >> /etc/gitlab/gitlab.rb
106   -echo "gitlab_rails['ldap_port'] = $port" >> /etc/gitlab/gitlab.rb
107   -echo "gitlab_rails['ldap_base'] = '$base'" >> /etc/gitlab/gitlab.rb
108   -echo "gitlab_rails['ldap_uid'] = 'uid'" >> /etc/gitlab/gitlab.rb
109   -echo "gitlab_rails['ldap_method'] = 'plain'" >> /etc/gitlab/gitlab.rb
110   -echo "gitlab_rails['ldap_bind_dn'] = '$bind_dn'" >> /etc/gitlab/gitlab.rb
111   -echo "gitlab_rails['ldap_password'] = '$password'" >> /etc/gitlab/gitlab.rb
112   -echo "gitlab_rails['ldap_allow_username_or_email_login'] = true" >> /etc/gitlab/gitlab.rb
113   -
114   -
115   -echo "Iniciando gitlab"
116   -sudo gitlab-ctl reconfigure
117   -sudo gitlab-ctl restart
118   -
119   -# Mostrando os dados do gitlab
120   -echo "Sucesso! Para acessar o gitlab, abra no navegador o ip $IP_GITLAB"
121   -echo "Usuario: root"
122   -echo "Senha: 5iveL!fe"
script/instalacaoLdap.sh
View file @7c7bc18
... ... @@ -1,196 +0,0 @@
1   -#!/bin/sh
2   -
3   -DC="dc=sei,dc=com"
4   -PASSWORD="cfl5OcVJ"
5   -
6   -yum install openldap-servers openldap-clients sssd perl-LDAP.noarch -y
7   -
8   -cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
9   -
10   -chown -R ldap:ldap /var/lib/ldap
11   -cd /etc/openldap
12   -mv slapd.d slapd.d.original
13   -
14   -PASS=`slappasswd -s ${PASSWORD}`
15   -
16   -service slapd start
17   -chkconfig slapd on
18   -
19   -cp ldap.conf ldap.conf.original
20   -
21   -echo "escrevendo arquivo em /etc/openldap/slapd.conf"
22   -
23   -echo "# See slapd.conf(5) for details on configuration options.
24   -# This file should NOT be world readable.
25   -#
26   -include /etc/openldap/schema/core.schema
27   -include /etc/openldap/schema/cosine.schema
28   -include /etc/openldap/schema/inetorgperson.schema
29   -include /etc/openldap/schema/nis.schema
30   -
31   -# Added for policy
32   -include /etc/openldap/schema/ppolicy.schema
33   -
34   -# Allow LDAPv2 client connections. This is NOT the default.
35   -allow bind_v2
36   -
37   -# Do not enable referrals until AFTER you have a working directory
38   -# service AND an understanding of referrals.
39   -#referral ldap://root.openldap.org
40   -
41   -pidfile /var/run/openldap/slapd.pid
42   -argsfile /var/run/openldap/slapd.args
43   -
44   -# Load dynamic backend modules:
45   -# modulepath /usr/lib64/openldap
46   -
47   -# Modules available in openldap-servers-overlays RPM package
48   -# Module syncprov.la is now statically linked with slapd and there
49   -# is no need to load it here
50   -# moduleload accesslog.la
51   -# moduleload auditlog.la
52   -# moduleload denyop.la
53   -# moduleload dyngroup.la
54   -# moduleload dynlist.la
55   -# moduleload lastmod.la
56   -# moduleload pcache.la
57   -
58   -moduleload ppolicy.la
59   -
60   -# moduleload refint.la
61   -# moduleload retcode.la
62   -# moduleload rwm.la
63   -# moduleload smbk5pwd.la
64   -# moduleload translucent.la
65   -# moduleload unique.la
66   -# moduleload valsort.la
67   -
68   -# modules available in openldap-servers-sql RPM package:
69   -# moduleload back_sql.la
70   -
71   -# The next three lines allow use of TLS for encrypting connections using a
72   -# dummy test certificate which you can generate by changing to
73   -# /etc/pki/tls/certs, running \"make slapd.pem\", and fixing permissions on
74   -# slapd.pem so that the ldap user or group can read it. Your client software
75   -# may balk at self-signed certificates, however.
76   -# TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
77   -# TLSCertificateFile /etc/pki/tls/certs/slapd.pem
78   -# TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
79   -
80   -# Sample security restrictions
81   -# Require integrity protection (prevent hijacking)
82   -# Require 112-bit (3DES or better) encryption for updates
83   -# Require 63-bit encryption for simple bind
84   -# security ssf=1 update_ssf=112 simple_bind=64
85   -
86   -# Sample access control policy:
87   -# Root DSE: allow anyone to read it
88   -# Subschema (sub)entry DSE: allow anyone to read it
89   -# Other DSEs:
90   -# Allow self write access
91   -# Allow authenticated users read access
92   -# Allow anonymous users to authenticate
93   -# Directives needed to implement policy:
94   -# access to dn.base="" by * read
95   -# access to dn.base=\"cn=Subschema\" by * read
96   -# access to *
97   -# by self write
98   -# by users read
99   -# by anonymous auth
100   -#
101   -# if no access controls are present, the default policy
102   -# allows anyone and everyone to read anything but restricts
103   -# updates to rootdn. (e.g., "access to * by * read")
104   -#
105   -# rootdn can always read and write EVERYTHING!
106   -
107   -#######################################################################
108   -# ldbm and/or bdb database definitions
109   -#######################################################################
110   -
111   -database bdb
112   -suffix "${DC}"
113   -rootdn "cn=admin,${DC}"
114   -rootpw $PASS
115   -
116   -# PPolicy Configuration
117   -overlay ppolicy
118   -ppolicy_default \"cn=default,ou=policies,${DC}\"
119   -ppolicy_use_lockout
120   -ppolicy_hash_cleartext
121   -
122   -
123   -
124   -# The database directory MUST exist prior to running slapd AND
125   -# should only be accessible by the slapd and slap tools.
126   -# Mode 700 recommended.
127   -directory /var/lib/ldap
128   -
129   -# Indices to maintain for this database
130   -index objectClass eq,pres
131   -index ou,cn,mail,surname,givenname eq,pres,sub
132   -index uidNumber,gidNumber,loginShell eq,pres
133   -index uid,memberUid eq,pres,sub
134   -index nisMapName,nisMapEntry eq,pres,sub " > /etc/openldap/slapd.conf
135   -
136   -echo "escrevendo em /etc/openldap/ppolicy.ldif"
137   -
138   -echo "dn: ou = policies,${DC}
139   -objectClass: organizationalUnit
140   -objectClass: top
141   -ou: policies
142   -
143   -# default, policies, example.com
144   -dn: cn=default,ou=policies,${DC}
145   -objectClass: top
146   -objectClass: pwdPolicy
147   -objectClass: person
148   -cn: default
149   -sn: dummy value
150   -pwdAttribute: userPassword
151   -pwdMaxAge: 7516800
152   -pwdExpireWarning: 14482463
153   -pwdMinLength: 2
154   -pwdMaxFailure: 10
155   -pwdLockout: TRUE
156   -pwdLockoutDuration: 60
157   -pwdMustChange: FALSE
158   -pwdAllowUserChange: FALSE
159   -pwdSafeModify: FALSE " > /etc/openldap/ppolicy.ldif
160   -
161   -service slapd restart
162   -
163   -echo "gerando arquivos /tmp/ldap"
164   -mkdir -p /tmp/ldap
165   -cd /tmp/ldap
166   -
167   -echo "dn: ${DC}
168   -objectClass: dcObject
169   -objectClass: organization
170   -dc: sei
171   -o: Sei
172   -description: SEI
173   -
174   -dn: cn=admin,${DC}
175   -objectClass: organizationalRole
176   -cn: Admin
177   -description: System Manager
178   -
179   -dn: ou=users,${DC}
180   -objectClass: organizationalUnit
181   -ou: users
182   -
183   -dn: ou=oldusers,${DC}
184   -objectClass: organizationalUnit
185   -ou: oldusers " > base.ldif
186   -
187   -cd /tmp/ldap
188   -
189   -echo "alimentando lda"
190   -sleep 10
191   -echo "ldapadd -x -D \"cn=admin,${DC}\" -w ${PASSWORD} -f base.ldif"
192   -ldapadd -x -D "cn=admin,${DC}" -w ${PASSWORD} -f base.ldif
193   -
194   -echo "Pronto foi instalado a ldap na maquina local"
195   -echo "admin = cn=admin,${DC}"
196   -echo "senha: ${PASSWORD}"
197 0 \ No newline at end of file
script/ldap.sh 0 → 100755
  Diff comments   View file @e9cb352
... ... @@ -0,0 +1,196 @@
  1 +#!/bin/sh
  2 +
  3 +DC="dc=sei,dc=com"
  4 +PASSWORD=$1 #"cfl5OcVJ"
  5 +
  6 +yum install openldap-servers openldap-clients sssd perl-LDAP.noarch -y
  7 +
  8 +cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
  9 +
  10 +chown -R ldap:ldap /var/lib/ldap
  11 +cd /etc/openldap
  12 +mv slapd.d slapd.d.original
  13 +
  14 +PASS=`slappasswd -s ${PASSWORD}`
  15 +
  16 +service slapd start
  17 +chkconfig slapd on
  18 +
  19 +cp ldap.conf ldap.conf.original
  20 +
  21 +echo "escrevendo arquivo em /etc/openldap/slapd.conf"
  22 +
  23 +echo "# See slapd.conf(5) for details on configuration options.
  24 +# This file should NOT be world readable.
  25 +#
  26 +include /etc/openldap/schema/core.schema
  27 +include /etc/openldap/schema/cosine.schema
  28 +include /etc/openldap/schema/inetorgperson.schema
  29 +include /etc/openldap/schema/nis.schema
  30 +
  31 +# Added for policy
  32 +include /etc/openldap/schema/ppolicy.schema
  33 +
  34 +# Allow LDAPv2 client connections. This is NOT the default.
  35 +allow bind_v2
  36 +
  37 +# Do not enable referrals until AFTER you have a working directory
  38 +# service AND an understanding of referrals.
  39 +#referral ldap://root.openldap.org
  40 +
  41 +pidfile /var/run/openldap/slapd.pid
  42 +argsfile /var/run/openldap/slapd.args
  43 +
  44 +# Load dynamic backend modules:
  45 +# modulepath /usr/lib64/openldap
  46 +
  47 +# Modules available in openldap-servers-overlays RPM package
  48 +# Module syncprov.la is now statically linked with slapd and there
  49 +# is no need to load it here
  50 +# moduleload accesslog.la
  51 +# moduleload auditlog.la
  52 +# moduleload denyop.la
  53 +# moduleload dyngroup.la
  54 +# moduleload dynlist.la
  55 +# moduleload lastmod.la
  56 +# moduleload pcache.la
  57 +
  58 +moduleload ppolicy.la
  59 +
  60 +# moduleload refint.la
  61 +# moduleload retcode.la
  62 +# moduleload rwm.la
  63 +# moduleload smbk5pwd.la
  64 +# moduleload translucent.la
  65 +# moduleload unique.la
  66 +# moduleload valsort.la
  67 +
  68 +# modules available in openldap-servers-sql RPM package:
  69 +# moduleload back_sql.la
  70 +
  71 +# The next three lines allow use of TLS for encrypting connections using a
  72 +# dummy test certificate which you can generate by changing to
  73 +# /etc/pki/tls/certs, running \"make slapd.pem\", and fixing permissions on
  74 +# slapd.pem so that the ldap user or group can read it. Your client software
  75 +# may balk at self-signed certificates, however.
  76 +# TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
  77 +# TLSCertificateFile /etc/pki/tls/certs/slapd.pem
  78 +# TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
  79 +
  80 +# Sample security restrictions
  81 +# Require integrity protection (prevent hijacking)
  82 +# Require 112-bit (3DES or better) encryption for updates
  83 +# Require 63-bit encryption for simple bind
  84 +# security ssf=1 update_ssf=112 simple_bind=64
  85 +
  86 +# Sample access control policy:
  87 +# Root DSE: allow anyone to read it
  88 +# Subschema (sub)entry DSE: allow anyone to read it
  89 +# Other DSEs:
  90 +# Allow self write access
  91 +# Allow authenticated users read access
  92 +# Allow anonymous users to authenticate
  93 +# Directives needed to implement policy:
  94 +# access to dn.base="" by * read
  95 +# access to dn.base=\"cn=Subschema\" by * read
  96 +# access to *
  97 +# by self write
  98 +# by users read
  99 +# by anonymous auth
  100 +#
  101 +# if no access controls are present, the default policy
  102 +# allows anyone and everyone to read anything but restricts
  103 +# updates to rootdn. (e.g., "access to * by * read")
  104 +#
  105 +# rootdn can always read and write EVERYTHING!
  106 +
  107 +#######################################################################
  108 +# ldbm and/or bdb database definitions
  109 +#######################################################################
  110 +
  111 +database bdb
  112 +suffix "${DC}"
  113 +rootdn "cn=admin,${DC}"
  114 +rootpw $PASS
  115 +
  116 +# PPolicy Configuration
  117 +overlay ppolicy
  118 +ppolicy_default \"cn=default,ou=policies,${DC}\"
  119 +ppolicy_use_lockout
  120 +ppolicy_hash_cleartext
  121 +
  122 +
  123 +
  124 +# The database directory MUST exist prior to running slapd AND
  125 +# should only be accessible by the slapd and slap tools.
  126 +# Mode 700 recommended.
  127 +directory /var/lib/ldap
  128 +
  129 +# Indices to maintain for this database
  130 +index objectClass eq,pres
  131 +index ou,cn,mail,surname,givenname eq,pres,sub
  132 +index uidNumber,gidNumber,loginShell eq,pres
  133 +index uid,memberUid eq,pres,sub
  134 +index nisMapName,nisMapEntry eq,pres,sub " > /etc/openldap/slapd.conf
  135 +
  136 +echo "escrevendo em /etc/openldap/ppolicy.ldif"
  137 +
  138 +echo "dn: ou = policies,${DC}
  139 +objectClass: organizationalUnit
  140 +objectClass: top
  141 +ou: policies
  142 +
  143 +# default, policies, example.com
  144 +dn: cn=default,ou=policies,${DC}
  145 +objectClass: top
  146 +objectClass: pwdPolicy
  147 +objectClass: person
  148 +cn: default
  149 +sn: dummy value
  150 +pwdAttribute: userPassword
  151 +pwdMaxAge: 7516800
  152 +pwdExpireWarning: 14482463
  153 +pwdMinLength: 2
  154 +pwdMaxFailure: 10
  155 +pwdLockout: TRUE
  156 +pwdLockoutDuration: 60
  157 +pwdMustChange: FALSE
  158 +pwdAllowUserChange: FALSE
  159 +pwdSafeModify: FALSE " > /etc/openldap/ppolicy.ldif
  160 +
  161 +service slapd restart
  162 +
  163 +echo "gerando arquivos /tmp/ldap"
  164 +mkdir -p /tmp/ldap
  165 +cd /tmp/ldap
  166 +
  167 +echo "dn: ${DC}
  168 +objectClass: dcObject
  169 +objectClass: organization
  170 +dc: sei
  171 +o: Sei
  172 +description: SEI
  173 +
  174 +dn: cn=admin,${DC}
  175 +objectClass: organizationalRole
  176 +cn: Admin
  177 +description: System Manager
  178 +
  179 +dn: ou=users,${DC}
  180 +objectClass: organizationalUnit
  181 +ou: users
  182 +
  183 +dn: ou=oldusers,${DC}
  184 +objectClass: organizationalUnit
  185 +ou: oldusers " > base.ldif
  186 +
  187 +cd /tmp/ldap
  188 +
  189 +echo "alimentando lda"
  190 +sleep 10
  191 +echo "ldapadd -x -D \"cn=admin,${DC}\" -w ${PASSWORD} -f base.ldif"
  192 +ldapadd -x -D "cn=admin,${DC}" -w ${PASSWORD} -f base.ldif
  193 +
  194 +echo "Pronto foi instalado a ldap na maquina local"
  195 +echo "admin = cn=admin,${DC}"
  196 +echo "senha: ${PASSWORD}"
... ...
script/postgresql.sh 100644 → 100755
  Diff comments   View file @e9cb352
... ... @@ -49,13 +49,7 @@ sudo sed -i 's/\/sbin:\/bin:\/usr\/sbin:\/usr\/bin/\/sbin:\/bin:\/usr\/sbin:\/us
49 49  
50 50 # 8. Crie todos os usuários e banco de dados necessários para o funcionamento correto do colab.
51 51  
52   -sudo -u postgres psql -c "CREATE USER colab SUPERUSER INHERIT CREATEDB CREATEROLE;"
53   -sudo -u postgres psql -c "ALTER USER colab PASSWORD 'colab';"
54   -sudo -u postgres psql -c "CREATE USER git;"
55 52 sudo -u postgres psql -c "CREATE ROLE redmine LOGIN ENCRYPTED PASSWORD 'redmine' NOINHERIT VALID UNTIL 'infinity';"
56   -sudo -u postgres psql -c "CREATE DATABASE gitlabhq_production OWNER git;"
57   -sudo -u postgres psql -c "CREATE DATABASE colab WITH OWNER colab ENCODING 'UTF8' LC_COLLATE='en_US.UTF-8' LC_CTYPE='en_US.UTF-8' TEMPLATE=template0;"
58   -sudo -u postgres psql -c "CREATE DATABASE trac_colab WITH OWNER colab ENCODING 'UTF8' LC_COLLATE='en_US.UTF-8' LC_CTYPE='en_US.UTF-8' TEMPLATE=template0;"
59 53 sudo -u postgres psql -c "CREATE DATABASE redmine WITH ENCODING='UTF8' OWNER=redmine;"
60 54  
61 55 #sudo -u postgres psql
... ...
script/redmine.sh 100644 → 100755
  Diff comments   View file @e9cb352
... ... @@ -90,4 +90,4 @@ bundle exec rake redmine:backlogs:install story_trackers=2 task_tracker=1
90 90  
91 91  
92 92 ## 16. Executando redmine
93   -sudo unicorn_rails -c /opt/redmine/config/unicorn.rb -E production -l 0.0.0.0:9080 -D
94 93 \ No newline at end of file
  94 +sudo unicorn_rails -c /opt/redmine/config/unicorn.rb -E production -l 0.0.0.0:9080 -D
... ...