Download as
Browse Code »

Commit e9cb352e99fe5b28d26c58f7e786b23e62e65dcf

Authored by colab
1 parent 7c7bc18b
Exists in master and in 1 other branch backuprestauracao

renaming scripts

Showing 6 changed files with 319 additions and 325 deletions   Show diff stats
script/gitlab.sh 0 → 100755
  Diff comments   View file @e9cb352
@@ -0,0 +1,122 @@ @@ -0,0 +1,122 @@
  1 +#!/bin/bash
  2 +
  3 +# Coloque aqui os ips do gitlab e do redmine
  4 +IP_GITLAB="localhost"
  5 +IP_REDMINE="localhost"
  6 +IP_LDAP="localhost"
  7 +PASSWORD_LDAP="12345678" #"cfl5OcVJ"
  8 +
  9 +while [ -e $IP_GITLAB ]
  10 +do
  11 + echo "Digite o IP externo do Gitlab: "
  12 + read IP_GITLAB
  13 + echo "IP digitado: $IP_GITLAB"
  14 + echo "Confirma (y/n)?"
  15 + read CONFIRMA
  16 + if [ "$CONFIRMA" != "y" ] ; then
  17 + IP_GITLAB=
  18 + fi
  19 +done
  20 +
  21 +while [ -e $IP_REDMINE ]
  22 +do
  23 + echo "Digite o IP externo do Redmine: "
  24 + read IP_REDMINE
  25 + echo "IP digitado: $IP_REDMINE"
  26 + echo "Confirma (y/n)?"
  27 + read CONFIRMA
  28 + if [ "$CONFIRMA" != "y" ] ; then
  29 + IP_REDMINE=
  30 + fi
  31 +done
  32 +
  33 +while [ -e $IP_LDAP ]
  34 +do
  35 + echo "Digite o IP externo do Redmine: "
  36 + read IP_LDAP
  37 + echo "Senha Ldap:"
  38 + read PASSWORD_LDAP
  39 + echo "IP digitado: $IP_LDAP"
  40 + echo "PASSWORD digitado foi: $PASSWORD_LDAP"
  41 + echo "Confirma (y/n)?"
  42 + read CONFIRMA
  43 + if [ "$CONFIRMA" != "y" ] ; then
  44 + IP_LDAP=
  45 + PASSWORD_LDAP=
  46 + fi
  47 +done
  48 +
  49 +
  50 +
  51 +
  52 +
  53 +# Atualizar o sistema
  54 +sudo yum update -y
  55 +
  56 +# Instalar dependencias
  57 +sudo yum install wget vim postfix openssh-server -y
  58 +
  59 +# Fazer o download do gitlab
  60 +sudo wget https://downloads-packages.s3.amazonaws.com/centos-6.5/gitlab-7.0.0_omnibus-1.el6.x86_64.rpm
  61 +
  62 +# Instale o Gitlab
  63 +echo "Instalando gitlab, leva alguns minutos"
  64 +sudo rpm -i gitlab-7.0.0_omnibus-1.el6.x86_64.rpm
  65 +
  66 +# Criar o arquivo de configuracao do gitlab
  67 +echo "Criando arquivo de configuracao do gitlab"
  68 +sudo mkdir -p /etc/gitlab
  69 +sudo touch /etc/gitlab/gitlab.rb
  70 +sudo chmod 600 /etc/gitlab/gitlab.rb
  71 +
  72 +# Adicionar configuracoes para o gitlab
  73 +echo "Editando as configuracoes do gitlab"
  74 +sudo echo "redis['port'] = 1234" >> /etc/gitlab/gitlab.rb
  75 +sudo echo "postgresql['port'] = 2345" >> /etc/gitlab/gitlab.rb
  76 +sudo echo "unicorn['port'] = 3456" >> /etc/gitlab/gitlab.rb
  77 +sudo echo "gitlab_rails['internal_api_url'] = 'http://localhost:3456'" >> /etc/gitlab/gitlab.rb
  78 +sudo echo "external_url \"http://$IP_GITLAB\"" >> /etc/gitlab/gitlab.rb
  79 +
  80 +# Adicionar integracao com redmine
  81 +sudo echo "gitlab_rails['issues_tracker_redmine'] = 'redmine'" >> /etc/gitlab/gitlab.rb
  82 +sudo echo "gitlab_rails['issues_tracker_redmine_title'] = 'Redmine'" >> /etc/gitlab/gitlab.rb
  83 +sudo echo "gitlab_rails['issues_tracker_redmine_project_url'] = 'http://$IP_REDMINE/projects/:issues_tracker_id'" >> /etc/gitlab/gitlab.rb
  84 +sudo echo "gitlab_rails['issues_tracker_redmine_issues_url'] = 'http://$IP_REDMINE/issues/:id'" >> /etc/gitlab/gitlab.rb
  85 +sudo echo "gitlab_rails['issues_tracker_redmine_new_issue_url'] = 'http://$IP_REDMINE/projects/:issues_tracker_id/issues/new'" >> /etc/gitlab/gitlab.rb
  86 +
  87 +# Liberando firewall para servisos http e ssh
  88 +echo "Adicionando regras no firewall para habilitar http e ssh, caso estejam desabilitados"
  89 +sudo lokkit -s http -s ssh
  90 +
  91 +# Liberando porta 22, isso e' essencial para o funcionamento do git
  92 +# Caso queira restringir o acesso para redes especificas, favor adicionar opcao
  93 +# -s 192.168.0.0/24
  94 +#sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
  95 +
  96 +echo "configurando ldap"
  97 +
  98 +localhost=$IP_LDAP
  99 +base="dc=sei,dc=com"
  100 +port="389"
  101 +bind_dn="cn=admin,$base"
  102 +password=$PASSWORD_LDAP
  103 +
  104 +echo "gitlab_rails['ldap_enabled'] = true" >> /etc/gitlab/gitlab.rb
  105 +echo "gitlab_rails['ldap_host'] = '$localhost' " >> /etc/gitlab/gitlab.rb
  106 +echo "gitlab_rails['ldap_port'] = $port" >> /etc/gitlab/gitlab.rb
  107 +echo "gitlab_rails['ldap_base'] = '$base'" >> /etc/gitlab/gitlab.rb
  108 +echo "gitlab_rails['ldap_uid'] = 'uid'" >> /etc/gitlab/gitlab.rb
  109 +echo "gitlab_rails['ldap_method'] = 'plain'" >> /etc/gitlab/gitlab.rb
  110 +echo "gitlab_rails['ldap_bind_dn'] = '$bind_dn'" >> /etc/gitlab/gitlab.rb
  111 +echo "gitlab_rails['ldap_password'] = '$password'" >> /etc/gitlab/gitlab.rb
  112 +echo "gitlab_rails['ldap_allow_username_or_email_login'] = true" >> /etc/gitlab/gitlab.rb
  113 +
  114 +
  115 +echo "Iniciando gitlab"
  116 +sudo gitlab-ctl reconfigure
  117 +sudo gitlab-ctl restart
  118 +
  119 +# Mostrando os dados do gitlab
  120 +echo "Sucesso! Para acessar o gitlab, abra no navegador o ip $IP_GITLAB"
  121 +echo "Usuario: root"
  122 +echo "Senha: 5iveL!fe"
script/instalacaoGitlab.sh
View file @7c7bc18
@@ -1,122 +0,0 @@ @@ -1,122 +0,0 @@
1 -#!/bin/bash  
2 -  
3 -# Coloque aqui os ips do gitlab e do redmine  
4 -IP_GITLAB="localhost"  
5 -IP_REDMINE="localhost"  
6 -IP_LDAP="localhost"  
7 -PASSWORD_LDAP="12345678" #"cfl5OcVJ"  
8 -  
9 -while [ -e $IP_GITLAB ]  
10 -do  
11 - echo "Digite o IP externo do Gitlab: "  
12 - read IP_GITLAB  
13 - echo "IP digitado: $IP_GITLAB"  
14 - echo "Confirma (y/n)?"  
15 - read CONFIRMA  
16 - if [ "$CONFIRMA" != "y" ] ; then  
17 - IP_GITLAB=  
18 - fi  
19 -done  
20 -  
21 -while [ -e $IP_REDMINE ]  
22 -do  
23 - echo "Digite o IP externo do Redmine: "  
24 - read IP_REDMINE  
25 - echo "IP digitado: $IP_REDMINE"  
26 - echo "Confirma (y/n)?"  
27 - read CONFIRMA  
28 - if [ "$CONFIRMA" != "y" ] ; then  
29 - IP_REDMINE=  
30 - fi  
31 -done  
32 -  
33 -while [ -e $IP_LDAP ]  
34 -do  
35 - echo "Digite o IP externo do Redmine: "  
36 - read IP_LDAP  
37 - echo "Senha Ldap:"  
38 - read PASSWORD_LDAP  
39 - echo "IP digitado: $IP_LDAP"  
40 - echo "PASSWORD digitado foi: $PASSWORD_LDAP"  
41 - echo "Confirma (y/n)?"  
42 - read CONFIRMA  
43 - if [ "$CONFIRMA" != "y" ] ; then  
44 - IP_LDAP=  
45 - PASSWORD_LDAP=  
46 - fi  
47 -done  
48 -  
49 -  
50 -  
51 -  
52 -  
53 -# Atualizar o sistema  
54 -sudo yum update -y  
55 -  
56 -# Instalar dependencias  
57 -sudo yum install wget vim postfix openssh-server -y  
58 -  
59 -# Fazer o download do gitlab  
60 -sudo wget https://downloads-packages.s3.amazonaws.com/centos-6.5/gitlab-7.0.0_omnibus-1.el6.x86_64.rpm  
61 -  
62 -# Instale o Gitlab  
63 -echo "Instalando gitlab, leva alguns minutos"  
64 -sudo rpm -i gitlab-7.0.0_omnibus-1.el6.x86_64.rpm  
65 -  
66 -# Criar o arquivo de configuracao do gitlab  
67 -echo "Criando arquivo de configuracao do gitlab"  
68 -sudo mkdir -p /etc/gitlab  
69 -sudo touch /etc/gitlab/gitlab.rb  
70 -sudo chmod 600 /etc/gitlab/gitlab.rb  
71 -  
72 -# Adicionar configuracoes para o gitlab  
73 -echo "Editando as configuracoes do gitlab"  
74 -sudo echo "redis['port'] = 1234" >> /etc/gitlab/gitlab.rb  
75 -sudo echo "postgresql['port'] = 2345" >> /etc/gitlab/gitlab.rb  
76 -sudo echo "unicorn['port'] = 3456" >> /etc/gitlab/gitlab.rb  
77 -sudo echo "gitlab_rails['internal_api_url'] = 'http://localhost:3456'" >> /etc/gitlab/gitlab.rb  
78 -sudo echo "external_url \"http://$IP_GITLAB\"" >> /etc/gitlab/gitlab.rb  
79 -  
80 -# Adicionar integracao com redmine  
81 -sudo echo "gitlab_rails['issues_tracker_redmine'] = 'redmine'" >> /etc/gitlab/gitlab.rb  
82 -sudo echo "gitlab_rails['issues_tracker_redmine_title'] = 'Redmine'" >> /etc/gitlab/gitlab.rb  
83 -sudo echo "gitlab_rails['issues_tracker_redmine_project_url'] = 'http://$IP_REDMINE/projects/:issues_tracker_id'" >> /etc/gitlab/gitlab.rb  
84 -sudo echo "gitlab_rails['issues_tracker_redmine_issues_url'] = 'http://$IP_REDMINE/issues/:id'" >> /etc/gitlab/gitlab.rb  
85 -sudo echo "gitlab_rails['issues_tracker_redmine_new_issue_url'] = 'http://$IP_REDMINE/projects/:issues_tracker_id/issues/new'" >> /etc/gitlab/gitlab.rb  
86 -  
87 -# Liberando firewall para servisos http e ssh  
88 -echo "Adicionando regras no firewall para habilitar http e ssh, caso estejam desabilitados"  
89 -sudo lokkit -s http -s ssh  
90 -  
91 -# Liberando porta 22, isso e' essencial para o funcionamento do git  
92 -# Caso queira restringir o acesso para redes especificas, favor adicionar opcao  
93 -# -s 192.168.0.0/24  
94 -#sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT  
95 -  
96 -echo "configurando ldap"  
97 -  
98 -localhost=$IP_LDAP  
99 -base="dc=colab,dc=com"  
100 -port="389"  
101 -bind_dn="cn=admin,$base"  
102 -password=$PASSWORD_LDAP  
103 -  
104 -echo "gitlab_rails['ldap_enabled'] = true" >> /etc/gitlab/gitlab.rb  
105 -echo "gitlab_rails['ldap_host'] = '$localhost' " >> /etc/gitlab/gitlab.rb  
106 -echo "gitlab_rails['ldap_port'] = $port" >> /etc/gitlab/gitlab.rb  
107 -echo "gitlab_rails['ldap_base'] = '$base'" >> /etc/gitlab/gitlab.rb  
108 -echo "gitlab_rails['ldap_uid'] = 'uid'" >> /etc/gitlab/gitlab.rb  
109 -echo "gitlab_rails['ldap_method'] = 'plain'" >> /etc/gitlab/gitlab.rb  
110 -echo "gitlab_rails['ldap_bind_dn'] = '$bind_dn'" >> /etc/gitlab/gitlab.rb  
111 -echo "gitlab_rails['ldap_password'] = '$password'" >> /etc/gitlab/gitlab.rb  
112 -echo "gitlab_rails['ldap_allow_username_or_email_login'] = true" >> /etc/gitlab/gitlab.rb  
113 -  
114 -  
115 -echo "Iniciando gitlab"  
116 -sudo gitlab-ctl reconfigure  
117 -sudo gitlab-ctl restart  
118 -  
119 -# Mostrando os dados do gitlab  
120 -echo "Sucesso! Para acessar o gitlab, abra no navegador o ip $IP_GITLAB"  
121 -echo "Usuario: root"  
122 -echo "Senha: 5iveL!fe"  
script/instalacaoLdap.sh
View file @7c7bc18
@@ -1,196 +0,0 @@ @@ -1,196 +0,0 @@
1 -#!/bin/sh  
2 -  
3 -DC="dc=sei,dc=com"  
4 -PASSWORD="cfl5OcVJ"  
5 -  
6 -yum install openldap-servers openldap-clients sssd perl-LDAP.noarch -y  
7 -  
8 -cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG  
9 -  
10 -chown -R ldap:ldap /var/lib/ldap  
11 -cd /etc/openldap  
12 -mv slapd.d slapd.d.original  
13 -  
14 -PASS=`slappasswd -s ${PASSWORD}`  
15 -  
16 -service slapd start  
17 -chkconfig slapd on  
18 -  
19 -cp ldap.conf ldap.conf.original  
20 -  
21 -echo "escrevendo arquivo em /etc/openldap/slapd.conf"  
22 -  
23 -echo "# See slapd.conf(5) for details on configuration options.  
24 -# This file should NOT be world readable.  
25 -#  
26 -include /etc/openldap/schema/core.schema  
27 -include /etc/openldap/schema/cosine.schema  
28 -include /etc/openldap/schema/inetorgperson.schema  
29 -include /etc/openldap/schema/nis.schema  
30 -  
31 -# Added for policy  
32 -include /etc/openldap/schema/ppolicy.schema  
33 -  
34 -# Allow LDAPv2 client connections. This is NOT the default.  
35 -allow bind_v2  
36 -  
37 -# Do not enable referrals until AFTER you have a working directory  
38 -# service AND an understanding of referrals.  
39 -#referral ldap://root.openldap.org  
40 -  
41 -pidfile /var/run/openldap/slapd.pid  
42 -argsfile /var/run/openldap/slapd.args  
43 -  
44 -# Load dynamic backend modules:  
45 -# modulepath /usr/lib64/openldap  
46 -  
47 -# Modules available in openldap-servers-overlays RPM package  
48 -# Module syncprov.la is now statically linked with slapd and there  
49 -# is no need to load it here  
50 -# moduleload accesslog.la  
51 -# moduleload auditlog.la  
52 -# moduleload denyop.la  
53 -# moduleload dyngroup.la  
54 -# moduleload dynlist.la  
55 -# moduleload lastmod.la  
56 -# moduleload pcache.la  
57 -  
58 -moduleload ppolicy.la  
59 -  
60 -# moduleload refint.la  
61 -# moduleload retcode.la  
62 -# moduleload rwm.la  
63 -# moduleload smbk5pwd.la  
64 -# moduleload translucent.la  
65 -# moduleload unique.la  
66 -# moduleload valsort.la  
67 -  
68 -# modules available in openldap-servers-sql RPM package:  
69 -# moduleload back_sql.la  
70 -  
71 -# The next three lines allow use of TLS for encrypting connections using a  
72 -# dummy test certificate which you can generate by changing to  
73 -# /etc/pki/tls/certs, running \"make slapd.pem\", and fixing permissions on  
74 -# slapd.pem so that the ldap user or group can read it. Your client software  
75 -# may balk at self-signed certificates, however.  
76 -# TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt  
77 -# TLSCertificateFile /etc/pki/tls/certs/slapd.pem  
78 -# TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem  
79 -  
80 -# Sample security restrictions  
81 -# Require integrity protection (prevent hijacking)  
82 -# Require 112-bit (3DES or better) encryption for updates  
83 -# Require 63-bit encryption for simple bind  
84 -# security ssf=1 update_ssf=112 simple_bind=64  
85 -  
86 -# Sample access control policy:  
87 -# Root DSE: allow anyone to read it  
88 -# Subschema (sub)entry DSE: allow anyone to read it  
89 -# Other DSEs:  
90 -# Allow self write access  
91 -# Allow authenticated users read access  
92 -# Allow anonymous users to authenticate  
93 -# Directives needed to implement policy:  
94 -# access to dn.base="" by * read  
95 -# access to dn.base=\"cn=Subschema\" by * read  
96 -# access to *  
97 -# by self write  
98 -# by users read  
99 -# by anonymous auth  
100 -#  
101 -# if no access controls are present, the default policy  
102 -# allows anyone and everyone to read anything but restricts  
103 -# updates to rootdn. (e.g., "access to * by * read")  
104 -#  
105 -# rootdn can always read and write EVERYTHING!  
106 -  
107 -#######################################################################  
108 -# ldbm and/or bdb database definitions  
109 -#######################################################################  
110 -  
111 -database bdb  
112 -suffix "${DC}"  
113 -rootdn "cn=admin,${DC}"  
114 -rootpw $PASS  
115 -  
116 -# PPolicy Configuration  
117 -overlay ppolicy  
118 -ppolicy_default \"cn=default,ou=policies,${DC}\"  
119 -ppolicy_use_lockout  
120 -ppolicy_hash_cleartext  
121 -  
122 -  
123 -  
124 -# The database directory MUST exist prior to running slapd AND  
125 -# should only be accessible by the slapd and slap tools.  
126 -# Mode 700 recommended.  
127 -directory /var/lib/ldap  
128 -  
129 -# Indices to maintain for this database  
130 -index objectClass eq,pres  
131 -index ou,cn,mail,surname,givenname eq,pres,sub  
132 -index uidNumber,gidNumber,loginShell eq,pres  
133 -index uid,memberUid eq,pres,sub  
134 -index nisMapName,nisMapEntry eq,pres,sub " > /etc/openldap/slapd.conf  
135 -  
136 -echo "escrevendo em /etc/openldap/ppolicy.ldif"  
137 -  
138 -echo "dn: ou = policies,${DC}  
139 -objectClass: organizationalUnit  
140 -objectClass: top  
141 -ou: policies  
142 -  
143 -# default, policies, example.com  
144 -dn: cn=default,ou=policies,${DC}  
145 -objectClass: top  
146 -objectClass: pwdPolicy  
147 -objectClass: person  
148 -cn: default  
149 -sn: dummy value  
150 -pwdAttribute: userPassword  
151 -pwdMaxAge: 7516800  
152 -pwdExpireWarning: 14482463  
153 -pwdMinLength: 2  
154 -pwdMaxFailure: 10  
155 -pwdLockout: TRUE  
156 -pwdLockoutDuration: 60  
157 -pwdMustChange: FALSE  
158 -pwdAllowUserChange: FALSE  
159 -pwdSafeModify: FALSE " > /etc/openldap/ppolicy.ldif  
160 -  
161 -service slapd restart  
162 -  
163 -echo "gerando arquivos /tmp/ldap"  
164 -mkdir -p /tmp/ldap  
165 -cd /tmp/ldap  
166 -  
167 -echo "dn: ${DC}  
168 -objectClass: dcObject  
169 -objectClass: organization  
170 -dc: sei  
171 -o: Sei  
172 -description: SEI  
173 -  
174 -dn: cn=admin,${DC}  
175 -objectClass: organizationalRole  
176 -cn: Admin  
177 -description: System Manager  
178 -  
179 -dn: ou=users,${DC}  
180 -objectClass: organizationalUnit  
181 -ou: users  
182 -  
183 -dn: ou=oldusers,${DC}  
184 -objectClass: organizationalUnit  
185 -ou: oldusers " > base.ldif  
186 -  
187 -cd /tmp/ldap  
188 -  
189 -echo "alimentando lda"  
190 -sleep 10  
191 -echo "ldapadd -x -D \"cn=admin,${DC}\" -w ${PASSWORD} -f base.ldif"  
192 -ldapadd -x -D "cn=admin,${DC}" -w ${PASSWORD} -f base.ldif  
193 -  
194 -echo "Pronto foi instalado a ldap na maquina local"  
195 -echo "admin = cn=admin,${DC}"  
196 -echo "senha: ${PASSWORD}"  
197 \ No newline at end of file 0 \ No newline at end of file
script/ldap.sh 0 → 100755
  Diff comments   View file @e9cb352
@@ -0,0 +1,196 @@ @@ -0,0 +1,196 @@
  1 +#!/bin/sh
  2 +
  3 +DC="dc=sei,dc=com"
  4 +PASSWORD=$1 #"cfl5OcVJ"
  5 +
  6 +yum install openldap-servers openldap-clients sssd perl-LDAP.noarch -y
  7 +
  8 +cp /usr/share/openldap-servers/DB_CONFIG.example /var/lib/ldap/DB_CONFIG
  9 +
  10 +chown -R ldap:ldap /var/lib/ldap
  11 +cd /etc/openldap
  12 +mv slapd.d slapd.d.original
  13 +
  14 +PASS=`slappasswd -s ${PASSWORD}`
  15 +
  16 +service slapd start
  17 +chkconfig slapd on
  18 +
  19 +cp ldap.conf ldap.conf.original
  20 +
  21 +echo "escrevendo arquivo em /etc/openldap/slapd.conf"
  22 +
  23 +echo "# See slapd.conf(5) for details on configuration options.
  24 +# This file should NOT be world readable.
  25 +#
  26 +include /etc/openldap/schema/core.schema
  27 +include /etc/openldap/schema/cosine.schema
  28 +include /etc/openldap/schema/inetorgperson.schema
  29 +include /etc/openldap/schema/nis.schema
  30 +
  31 +# Added for policy
  32 +include /etc/openldap/schema/ppolicy.schema
  33 +
  34 +# Allow LDAPv2 client connections. This is NOT the default.
  35 +allow bind_v2
  36 +
  37 +# Do not enable referrals until AFTER you have a working directory
  38 +# service AND an understanding of referrals.
  39 +#referral ldap://root.openldap.org
  40 +
  41 +pidfile /var/run/openldap/slapd.pid
  42 +argsfile /var/run/openldap/slapd.args
  43 +
  44 +# Load dynamic backend modules:
  45 +# modulepath /usr/lib64/openldap
  46 +
  47 +# Modules available in openldap-servers-overlays RPM package
  48 +# Module syncprov.la is now statically linked with slapd and there
  49 +# is no need to load it here
  50 +# moduleload accesslog.la
  51 +# moduleload auditlog.la
  52 +# moduleload denyop.la
  53 +# moduleload dyngroup.la
  54 +# moduleload dynlist.la
  55 +# moduleload lastmod.la
  56 +# moduleload pcache.la
  57 +
  58 +moduleload ppolicy.la
  59 +
  60 +# moduleload refint.la
  61 +# moduleload retcode.la
  62 +# moduleload rwm.la
  63 +# moduleload smbk5pwd.la
  64 +# moduleload translucent.la
  65 +# moduleload unique.la
  66 +# moduleload valsort.la
  67 +
  68 +# modules available in openldap-servers-sql RPM package:
  69 +# moduleload back_sql.la
  70 +
  71 +# The next three lines allow use of TLS for encrypting connections using a
  72 +# dummy test certificate which you can generate by changing to
  73 +# /etc/pki/tls/certs, running \"make slapd.pem\", and fixing permissions on
  74 +# slapd.pem so that the ldap user or group can read it. Your client software
  75 +# may balk at self-signed certificates, however.
  76 +# TLSCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
  77 +# TLSCertificateFile /etc/pki/tls/certs/slapd.pem
  78 +# TLSCertificateKeyFile /etc/pki/tls/certs/slapd.pem
  79 +
  80 +# Sample security restrictions
  81 +# Require integrity protection (prevent hijacking)
  82 +# Require 112-bit (3DES or better) encryption for updates
  83 +# Require 63-bit encryption for simple bind
  84 +# security ssf=1 update_ssf=112 simple_bind=64
  85 +
  86 +# Sample access control policy:
  87 +# Root DSE: allow anyone to read it
  88 +# Subschema (sub)entry DSE: allow anyone to read it
  89 +# Other DSEs:
  90 +# Allow self write access
  91 +# Allow authenticated users read access
  92 +# Allow anonymous users to authenticate
  93 +# Directives needed to implement policy:
  94 +# access to dn.base="" by * read
  95 +# access to dn.base=\"cn=Subschema\" by * read
  96 +# access to *
  97 +# by self write
  98 +# by users read
  99 +# by anonymous auth
  100 +#
  101 +# if no access controls are present, the default policy
  102 +# allows anyone and everyone to read anything but restricts
  103 +# updates to rootdn. (e.g., "access to * by * read")
  104 +#
  105 +# rootdn can always read and write EVERYTHING!
  106 +
  107 +#######################################################################
  108 +# ldbm and/or bdb database definitions
  109 +#######################################################################
  110 +
  111 +database bdb
  112 +suffix "${DC}"
  113 +rootdn "cn=admin,${DC}"
  114 +rootpw $PASS
  115 +
  116 +# PPolicy Configuration
  117 +overlay ppolicy
  118 +ppolicy_default \"cn=default,ou=policies,${DC}\"
  119 +ppolicy_use_lockout
  120 +ppolicy_hash_cleartext
  121 +
  122 +
  123 +
  124 +# The database directory MUST exist prior to running slapd AND
  125 +# should only be accessible by the slapd and slap tools.
  126 +# Mode 700 recommended.
  127 +directory /var/lib/ldap
  128 +
  129 +# Indices to maintain for this database
  130 +index objectClass eq,pres
  131 +index ou,cn,mail,surname,givenname eq,pres,sub
  132 +index uidNumber,gidNumber,loginShell eq,pres
  133 +index uid,memberUid eq,pres,sub
  134 +index nisMapName,nisMapEntry eq,pres,sub " > /etc/openldap/slapd.conf
  135 +
  136 +echo "escrevendo em /etc/openldap/ppolicy.ldif"
  137 +
  138 +echo "dn: ou = policies,${DC}
  139 +objectClass: organizationalUnit
  140 +objectClass: top
  141 +ou: policies
  142 +
  143 +# default, policies, example.com
  144 +dn: cn=default,ou=policies,${DC}
  145 +objectClass: top
  146 +objectClass: pwdPolicy
  147 +objectClass: person
  148 +cn: default
  149 +sn: dummy value
  150 +pwdAttribute: userPassword
  151 +pwdMaxAge: 7516800
  152 +pwdExpireWarning: 14482463
  153 +pwdMinLength: 2
  154 +pwdMaxFailure: 10
  155 +pwdLockout: TRUE
  156 +pwdLockoutDuration: 60
  157 +pwdMustChange: FALSE
  158 +pwdAllowUserChange: FALSE
  159 +pwdSafeModify: FALSE " > /etc/openldap/ppolicy.ldif
  160 +
  161 +service slapd restart
  162 +
  163 +echo "gerando arquivos /tmp/ldap"
  164 +mkdir -p /tmp/ldap
  165 +cd /tmp/ldap
  166 +
  167 +echo "dn: ${DC}
  168 +objectClass: dcObject
  169 +objectClass: organization
  170 +dc: sei
  171 +o: Sei
  172 +description: SEI
  173 +
  174 +dn: cn=admin,${DC}
  175 +objectClass: organizationalRole
  176 +cn: Admin
  177 +description: System Manager
  178 +
  179 +dn: ou=users,${DC}
  180 +objectClass: organizationalUnit
  181 +ou: users
  182 +
  183 +dn: ou=oldusers,${DC}
  184 +objectClass: organizationalUnit
  185 +ou: oldusers " > base.ldif
  186 +
  187 +cd /tmp/ldap
  188 +
  189 +echo "alimentando lda"
  190 +sleep 10
  191 +echo "ldapadd -x -D \"cn=admin,${DC}\" -w ${PASSWORD} -f base.ldif"
  192 +ldapadd -x -D "cn=admin,${DC}" -w ${PASSWORD} -f base.ldif
  193 +
  194 +echo "Pronto foi instalado a ldap na maquina local"
  195 +echo "admin = cn=admin,${DC}"
  196 +echo "senha: ${PASSWORD}"
script/postgresql.sh 100644 → 100755
  Diff comments   View file @e9cb352
@@ -49,13 +49,7 @@ sudo sed -i 's/\/sbin:\/bin:\/usr\/sbin:\/usr\/bin/\/sbin:\/bin:\/usr\/sbin:\/us @@ -49,13 +49,7 @@ sudo sed -i 's/\/sbin:\/bin:\/usr\/sbin:\/usr\/bin/\/sbin:\/bin:\/usr\/sbin:\/us
49 49
50 # 8. Crie todos os usuários e banco de dados necessários para o funcionamento correto do colab. 50 # 8. Crie todos os usuários e banco de dados necessários para o funcionamento correto do colab.
51 51
52 -sudo -u postgres psql -c "CREATE USER colab SUPERUSER INHERIT CREATEDB CREATEROLE;"  
53 -sudo -u postgres psql -c "ALTER USER colab PASSWORD 'colab';"  
54 -sudo -u postgres psql -c "CREATE USER git;"  
55 sudo -u postgres psql -c "CREATE ROLE redmine LOGIN ENCRYPTED PASSWORD 'redmine' NOINHERIT VALID UNTIL 'infinity';" 52 sudo -u postgres psql -c "CREATE ROLE redmine LOGIN ENCRYPTED PASSWORD 'redmine' NOINHERIT VALID UNTIL 'infinity';"
56 -sudo -u postgres psql -c "CREATE DATABASE gitlabhq_production OWNER git;"  
57 -sudo -u postgres psql -c "CREATE DATABASE colab WITH OWNER colab ENCODING 'UTF8' LC_COLLATE='en_US.UTF-8' LC_CTYPE='en_US.UTF-8' TEMPLATE=template0;"  
58 -sudo -u postgres psql -c "CREATE DATABASE trac_colab WITH OWNER colab ENCODING 'UTF8' LC_COLLATE='en_US.UTF-8' LC_CTYPE='en_US.UTF-8' TEMPLATE=template0;"  
59 sudo -u postgres psql -c "CREATE DATABASE redmine WITH ENCODING='UTF8' OWNER=redmine;" 53 sudo -u postgres psql -c "CREATE DATABASE redmine WITH ENCODING='UTF8' OWNER=redmine;"
60 54
61 #sudo -u postgres psql 55 #sudo -u postgres psql
script/redmine.sh 100644 → 100755
  Diff comments   View file @e9cb352
@@ -90,4 +90,4 @@ bundle exec rake redmine:backlogs:install story_trackers=2 task_tracker=1 @@ -90,4 +90,4 @@ bundle exec rake redmine:backlogs:install story_trackers=2 task_tracker=1
90 90
91 91
92 ## 16. Executando redmine 92 ## 16. Executando redmine
93 -sudo unicorn_rails -c /opt/redmine/config/unicorn.rb -E production -l 0.0.0.0:9080 -D  
94 \ No newline at end of file 93 \ No newline at end of file
  94 +sudo unicorn_rails -c /opt/redmine/config/unicorn.rb -E production -l 0.0.0.0:9080 -D