diff options
Diffstat (limited to 'nms')
| -rw-r--r-- | nms/.bashrc | 16 | ||||
| -rw-r--r-- | nms/.gitignore | 1 | ||||
| -rw-r--r-- | nms/Dockerfile.in | 119 | ||||
| -rw-r--r-- | nms/README.md | 32 | ||||
| -rw-r--r-- | nms/ansible/inventories/localtest | 5 | ||||
| -rw-r--r-- | nms/ansible/inventories/prod | 5 | ||||
| -rw-r--r-- | nms/ansible/roles/nmsfront/handlers/main.yml | 5 | ||||
| -rw-r--r-- | nms/ansible/roles/nmsfront/tasks/main.yml | 76 | ||||
| -rw-r--r-- | nms/ansible/roles/nmsfront/vars/main.yml | 6 | ||||
| -rw-r--r-- | nms/ansible/roles/tgmanage/tasks/main.yml | 14 | ||||
| -rwxr-xr-x | nms/ansible/roles/tgmanage/templates/config.pm.j2 | 109 | ||||
| -rw-r--r-- | nms/ansible/roles/tgmanage/vars/main.yml | 13 | ||||
| -rw-r--r-- | nms/ansible/site.yml | 70 | ||||
| -rwxr-xr-x | nms/config.pm | 81 | ||||
| -rwxr-xr-x | nms/makedockerfiles.sh | 26 | ||||
| -rw-r--r-- | nms/nms-dump.sql | 695 | ||||
| -rw-r--r-- | nms/pg_hba.conf | 118 | ||||
| -rw-r--r-- | nms/postgresql.conf | 616 |
18 files changed, 0 insertions, 2007 deletions
diff --git a/nms/.bashrc b/nms/.bashrc deleted file mode 100644 index 06072e3..0000000 --- a/nms/.bashrc +++ /dev/null @@ -1,16 +0,0 @@ -NAME='NMS Docker' - - -ln -s /srv/tgmanage/web/etc/apache2/nms.tg16.gathering.org.conf /etc/apache2/sites-enabled/ -ln -s /srv/tgmanage/nms/config.pm /srv/tgmanage/include/ -echo 'demo:$apr1$IKrQYF6x$0zmRciLR7Clc2tEEosyHV.' > /srv/tgmanage/web/.htpasswd - -/etc/init.d/apache2 restart -echo "go here to look at nms: http://172.17.0.2:8080/" - -# Aliases -alias h="history" -alias l="ls -lAhoF --color --show-control-chars" -alias ll="ls -lash --color --show-control-chars" -alias cd..="cd .." - diff --git a/nms/.gitignore b/nms/.gitignore deleted file mode 100644 index 567609b..0000000 --- a/nms/.gitignore +++ /dev/null @@ -1 +0,0 @@ -build/ diff --git a/nms/Dockerfile.in b/nms/Dockerfile.in deleted file mode 100644 index 9f0dfd6..0000000 --- a/nms/Dockerfile.in +++ /dev/null @@ -1,119 +0,0 @@ -@template nms-base - -FROM debian:jessie - -ENV container docker -MAINTAINER "Kristian" <kly@kly.no> -#RUN systemctl set-default basic.target -RUN apt-get update && apt-get -y install \ - wget \ - vim \ - man \ - build-essential \ - net-tools \ - bash-completion \ - git-core \ - autoconf \ - netcat \ - libwww-perl \ - libmicrohttpd-dev \ - libcurl4-gnutls-dev \ - libedit-dev \ - libpcre3-dev \ - libncurses5-dev \ - python-demjson \ - python-docutils \ - libtool \ - nodejs \ - httpie \ - locales \ - screen \ - openssh-server \ - pkg-config - -VOLUME [ "/sys/fs/cgroup" ] -VOLUME [ "/run" ] -VOLUME [ "/run/lock" ] -RUN echo en_US.UTF8 UTF-8 > /etc/locale.gen -RUN locale-gen -RUN echo 'LANG="en_US.utf8"' > /etc/default/locale -RUN echo . /etc/default/locale >> /root/.bashrc -RUN echo export LANG >> /root/.bashrc -RUN echo . /etc/bash_completion >> /root/.bashrc -ENV TERM=rxvt-unicode -RUN rm /etc/apt/apt.conf.d/docker-clean -RUN systemctl mask dev-hugepages.mount sys-fs-fuse-connections.mount systemd-logind.service -RUN git clone https://github.com/tech-server/tgmanage.git /srv/tgmanage -#RUN systemctl disable systemd-logind.service -CMD ["/sbin/init"] - -@template nms-front -FROM nms-base -RUN apt-get -y install \ - libcapture-tiny-perl \ - libcgi-pm-perl \ - libcommon-sense-perl \ - libdata-dumper-simple-perl \ - libdbd-pg-perl \ - libdbi-perl \ - libdigest-perl \ - libgd-perl \ - libgeo-ip-perl \ - libhtml-parser-perl \ - libhtml-template-perl \ - libimage-magick-perl \ - libimage-magick-q16-perl \ - libjson-perl \ - libjson-xs-perl \ - libnetaddr-ip-perl \ - libnet-cidr-perl \ - libnet-ip-perl \ - libnet-openssh-perl \ - libnet-oping-perl \ - libnet-rawip-perl \ - libnet-telnet-cisco-perl \ - libnet-telnet-perl \ - libsnmp-perl \ - libsocket6-perl \ - libsocket-perl \ - libswitch-perl \ - libtimedate-perl \ - perl \ - perl-base \ - perl-modules \ - varnish \ - libfreezethaw-perl \ - apache2 - -RUN cd /srv/tgmanage/ && tools/get_mibs.sh - -# Apache shait -RUN a2dissite 000-default -RUN a2enmod cgi -RUN sed -i 's/Listen 80/Listen 8080/g' /etc/apache2/ports.conf -RUN ln -s /srv/tgmanage/web/etc/apache2/nms.tg16.gathering.org.conf /etc/apache2/sites-enabled/ -#(no, not for production, it's just demo:demo during development) -RUN echo 'demo:$apr1$IKrQYF6x$0zmRciLR7Clc2tEEosyHV.' > /srv/tgmanage/web/htpasswd-read -RUN echo 'demo:$apr1$IKrQYF6x$0zmRciLR7Clc2tEEosyHV.' > /srv/tgmanage/web/htpasswd-write -RUN systemctl enable apache2 - -# Varnish shait -RUN rm /etc/varnish/default.vcl -RUN ln -s /srv/tgmanage/web/etc/varnish/nms.vcl /etc/varnish/default.vcl -RUN sed -i 's/6081/80/' /lib/systemd/system/varnish.service -RUN systemctl enable varnish - -ADD config.pm /srv/tgmanage/include/ - -@template nms-db -FROM nms-base -RUN apt-get install -y postgresql-doc-9.4 postgresql-9.4 -ADD nms-dump.sql / -ADD postgresql.conf /etc/postgresql/9.4/main/ -ADD pg_hba.conf /etc/postgresql/9.4/main/ -RUN chown -R postgres:postgres /etc/postgresql/ -RUN chmod a+r /etc/postgresql/9.4/main/*conf -RUN service postgresql start && su postgres -c "psql --command=\"CREATE ROLE nms PASSWORD 'md5f6f0a94af5ec8b6001e41b8f06fd22d8' NOSUPERUSER NOCREATEDB NOCREATEROLE INHERIT LOGIN;\"" && su postgres -c "createdb -O nms nms" && service postgresql stop -RUN service postgresql start && su postgres -c "cat /nms-dump.sql | psql nms" && service postgresql stop -RUN service postgresql start && su postgres -c "psql --command=\"ALTER ROLE nms PASSWORD 'md5f6f0a94af5ec8b6001e41b8f06fd22d8';\"" && service postgresql stop -EXPOSE 5432 diff --git a/nms/README.md b/nms/README.md deleted file mode 100644 index 9a23e8d..0000000 --- a/nms/README.md +++ /dev/null @@ -1,32 +0,0 @@ -#Instructions - -## Installation -- fetch data from tg server: `scp ${USER}@wat.gathering.org:/root/nms-2015.sql.gz .` -- Rename the nms dump so we can use it later: `mv nms-2015.sql.gz nms-dump.sql.gz` - -- Do the Debian install(or whatever OS you're on.): -https://docs.docker.com/engine/installation/linux/debian/ -And make sure that your user is in the docker group, so that you can run docker without sudo. - -- Clone repository: `git clone git@github.com:tech-server/tgmanage.git` - -- run `./makedockerfiles.sh`, which creates the docker image files, and builds - them. - -- Start database node: -`docker run -v /sys/fs/cgroup:/sys/fs/cgroup:ro --privileged --rm -ti --name=db nms-db` - -- Start front end node: --- with cgroup: `docker run -v /sys/fs/cgroup:/sys/fs/cgroup:ro --privileged --rm -ti --name=front --link=db:db nms-front` --- getting to prompt(without cgroup): -`docker run -v "/home/kiro/repos/tgmanage:/srv/tgmanage" -v "/home/kiro/repos/tgmanage/nms/.bashrc:/root/.bashrc" -w "/srv/tgmanage/web/nms.gathering.org" \ --rm=true -ti --name=front --privileged nms-front /bin/bash` - -- Find IP's: -`docker inspect nms-db | grep "IPAddress\":"` -`docker inspect nms-front | grep "IPAddress\":"` - -- Open the nms-front ip in the web browser. -http://172.17.0.2:8080/ - -- Note: `docker run -v /sys/fs/cgroup:/sys/fs/cgroup:ro --rm -ti` diff --git a/nms/ansible/inventories/localtest b/nms/ansible/inventories/localtest deleted file mode 100644 index 1a527db..0000000 --- a/nms/ansible/inventories/localtest +++ /dev/null @@ -1,5 +0,0 @@ -[db] -nms-dev-db.gathering.org - -[nms-front] -dockerlol diff --git a/nms/ansible/inventories/prod b/nms/ansible/inventories/prod deleted file mode 100644 index 4c4f31b..0000000 --- a/nms/ansible/inventories/prod +++ /dev/null @@ -1,5 +0,0 @@ -[db] -nms-dev-db.gathering.org - -[nms-front] -nms-dev-db.gathering.org diff --git a/nms/ansible/roles/nmsfront/handlers/main.yml b/nms/ansible/roles/nmsfront/handlers/main.yml deleted file mode 100644 index 5cc3cb8..0000000 --- a/nms/ansible/roles/nmsfront/handlers/main.yml +++ /dev/null @@ -1,5 +0,0 @@ -- name: restart apache - service: name=apache2 state=restarted - -- name: restart varnish - service: name=varnish state=restarted diff --git a/nms/ansible/roles/nmsfront/tasks/main.yml b/nms/ansible/roles/nmsfront/tasks/main.yml deleted file mode 100644 index d4e8d00..0000000 --- a/nms/ansible/roles/nmsfront/tasks/main.yml +++ /dev/null @@ -1,76 +0,0 @@ -- name: Basic packages - apt: name={{ item }} state=present - with_items: - - python-demjson - - python-passlib - - libcapture-tiny-perl - - libcommon-sense-perl - - libdata-dumper-simple-perl - - libdbd-pg-perl - - libdbi-perl - - libdigest-perl - - libjson-perl - - libjson-xs-perl - - libnetaddr-ip-perl - - libnet-cidr-perl - - libnet-ip-perl - - libnet-openssh-perl - - libnet-oping-perl - - libnet-rawip-perl - - libsnmp-perl - - libsocket6-perl - - libsocket-perl - - libswitch-perl - - libtimedate-perl - - perl - - perl-base - - perl-modules - - varnish - - libfreezethaw-perl - - apache2 - -- name: Enable CGI - apache2_module: state=present name=cgid - notify: - - restart apache - -- name: Remove default apache site - file: path=/etc/apache2/sites-enabled/000-default.conf state=absent - notify: - - restart apache - -- name: Add NMS site config - file: src=/srv/tgmanage/web/etc/apache2/nms.tg16.gathering.org.conf dest=/etc/apache2/sites-enabled/nms.tg16.gathering.org.conf state=link - notify: - - restart apache - -- name: "Apache: Don't listen on 80" - lineinfile: line="Listen 80" state=absent dest=/etc/apache2/ports.conf - notify: - - restart apache - -- name: "Apache: DO listen on 8080" - lineinfile: line="Listen 8080" state=present dest=/etc/apache2/ports.conf - notify: - - restart apache - -- name: "Varnish: Set up VCL" - file: path=/etc/varnish/default.vcl src=/srv/tgmanage/web/etc/varnish/nms.vcl state=link force=true - notify: - - restart varnish - -- name: "Varnish: Remove default systemd config" - lineinfile: line="ExecStart=/usr/sbin/varnishd -a :6081 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m" state=absent dest=/lib/systemd/system/varnish.service - notify: - - restart varnish - -- name: "Varnish: Add sensible systemd config" - lineinfile: line="ExecStart=/usr/sbin/varnishd -f /etc/varnish/default.vcl -s malloc,256m" state=present dest=/lib/systemd/system/varnish.service insertafter="Service" - notify: - - restart varnish - -- name: Setup basic auth for nms read-only - htpasswd: path=/srv/tgmanage/web/htpasswd-read name=tg password={{ htpasswd_tg }} owner=root group=www-data mode=0640 - -- name: Setup basic auth for nms write-only - htpasswd: path=/srv/tgmanage/web/htpasswd-write name=tg password={{ htpasswd_tg }} owner=root group=www-data mode=0640 diff --git a/nms/ansible/roles/nmsfront/vars/main.yml b/nms/ansible/roles/nmsfront/vars/main.yml deleted file mode 100644 index b7e2a81..0000000 --- a/nms/ansible/roles/nmsfront/vars/main.yml +++ /dev/null @@ -1,6 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -36643163343266613738383865323138366265616435316431663035623038623339666462633634 -3130363031633765306233333133363633663130393238660a646566396636653835383037613236 -37383335336361323962383838333330656634636461303636343166613236633566316533646561 -6130303831626632320a353732663631313931346136376536336234613866323966363062663265 -62363238393062363933623030643165396466383438623734316565663935363464 diff --git a/nms/ansible/roles/tgmanage/tasks/main.yml b/nms/ansible/roles/tgmanage/tasks/main.yml deleted file mode 100644 index cbd48ae..0000000 --- a/nms/ansible/roles/tgmanage/tasks/main.yml +++ /dev/null @@ -1,14 +0,0 @@ ---- - - name: Git core - apt: name=git-core state=present - - # Note the update! - # - # The idea here is that you run this playbook repeatedly on whatever - # "production" site is in use instead of manually logging in and doing - # changes. - - name: tgmanage repo - git: repo=https://github.com/tech-server/tgmanage.git dest=/srv/tgmanage update=true accept_hostkey=yes track_submodules=no - - - name: "Copy config.pm.dist to config.pm" - template: src=config.pm.j2 dest=/srv/tgmanage/include/config.pm mode=0644 diff --git a/nms/ansible/roles/tgmanage/templates/config.pm.j2 b/nms/ansible/roles/tgmanage/templates/config.pm.j2 deleted file mode 100755 index 73b59e3..0000000 --- a/nms/ansible/roles/tgmanage/templates/config.pm.j2 +++ /dev/null @@ -1,109 +0,0 @@ -#! /usr/bin/perl -use strict; -use warnings; -use DBI; -package nms::config; - -# DB -our $db_name = "{{ db_name }}"; -our $db_host = "{{ db_host }}"; -our $db_username = "{{ db_user }}"; -our $db_password = "{{ db_password }}"; - -# NMS: What SNMP objects to fetch. -# Some basics -our @snmp_objects = [ -['ifIndex'], -['sysName'], -['sysDescr'], -['ifHighSpeed'], -['ifType'], -['ifName'], -['ifDescr'], -['ifAlias'], -['ifOperStatus'], -['ifAdminStatus'], -['ifLastChange'], -['ifHCInOctets'], -['ifHCOutOctets'], -['ifInDiscards'], -['ifOutDiscards'], -['ifInErrors'], -['ifOutErrors'], -['ifInUnknownProtos'], -['ifOutQLen'], -['sysUpTime'], -['jnxOperatingTemp'], -['jnxOperatingCPU'], -['jnxOperatingDescr'], -['jnxBoxSerialNo'] -]; -# Max SNMP polls to fire off at the same time. -our $snmp_max = 20; - -# DHCP-servers -our $dhcp_server1 = "185.110.149.2"; # primary -our $dhcp_server2 = "185.110.148.2"; # secondary - -# TACACS-login for NMS -our $tacacs_user = "<removed>"; -our $tacacs_pass = "<removed>"; - -# Telnet-timeout for smanagrun -our $telnet_timeout = 300; - -# IP/IPv6/DNS-info -our $tgname = "tg16"; -our $pri_hostname = "r2-d2"; -our $pri_v4 = "185.110.149.2"; -our $pri_v6 = "2a06:5841:149a::2"; -our $pri_net_v4 = "185.110.149.0/26"; -our $pri_net_v6 = "2a06:5841:149a::/64"; - -our $sec_hostname = "c-3po"; -our $sec_v4 = "185.110.148.2"; -our $sec_v6 = "2a06:5841:1337::2"; -our $sec_net_v4 = "185.110.148.0/26"; -our $sec_net_v6 = "2a06:5841:1337::/64"; - -# for RIPE to get reverse zones via DNS AXFR -# https://www.ripe.net/data-tools/dns/reverse-dns/how-to-set-up-reverse-delegation -our $ext_xfer = "193.0.0.0/22; 2001:610:240::/48; 2001:67c:2e8::/48"; - -# allow XFR from NOC -our $noc_net = "185.110.150.0/25; 2a06:5841:150a::1/64"; - -# To generate new dnssec-key for ddns: -# dnssec-keygen -a HMAC-MD5 -b 128 -n HOST DHCP_UPDATER -our $ddns_key = "<removed>"; -our $ddns_to = "127.0.0.1"; # just use localhost - -# Base networks -our $base_ipv4net = "88.92.0.0/17"; -our $base_ipv6net = "2a06:5840::/29"; -our $ipv6zone = "0.4.8.5.6.0.a.2.ip6.arpa"; - -# extra networks that are outside the normal ranges -# that should have recursive DNS access -our $rec_net = "185.110.148.0/22"; - -# extra networks that are outside the normal ranges -# that should be added to DNS -our @extra_nets = ( - '185.110.148.0/24', - '185.110.149.0/24', - '185.110.150.0/24', - '185.110.151.0/24', -); - -# add WLC's -our $wlc1 = "185.110.148.14"; - -# add VOIP-server -our $voip1 = "<removed>"; - -# PXE-server (rest of bootstrap assumes $sec_v4/$sec_v6) -our $pxe_server_v4 = $sec_v4; -our $pxe_server_v6 = $sec_v6; - -1; diff --git a/nms/ansible/roles/tgmanage/vars/main.yml b/nms/ansible/roles/tgmanage/vars/main.yml deleted file mode 100644 index 447e3e8..0000000 --- a/nms/ansible/roles/tgmanage/vars/main.yml +++ /dev/null @@ -1,13 +0,0 @@ -$ANSIBLE_VAULT;1.1;AES256 -63623639616438346566333434306435303933343234636339336638633166626465613832656462 -3764636465303334666265626334613364383833623239660a366136303264323463656336333732 -33323236626465656535313938663534306462383265313635393634336233303735383033333737 -6465383165653738300a653663303362333030386638313237656535643563333033633838656630 -34333430623934346565303765666239646363613230326531663032323164346365356466363134 -36356239643235303039366363353065306130656462383135343031366234316535386635306466 -30303039656531353339333434633566316534613538666432336135363864383139303035343436 -32396130643366363339363934653763326432396165393531656533376237346563376434653932 -66333565316336643366643336633131323066663862363735636464376138303031623933386363 -33396364623331393438393036623261323866643430623137626430326162663936633766646231 -36656533343466653735386136663764613466663033613561373734303565323534323436623066 -38653761396334643236 diff --git a/nms/ansible/site.yml b/nms/ansible/site.yml deleted file mode 100644 index e0f534a..0000000 --- a/nms/ansible/site.yml +++ /dev/null @@ -1,70 +0,0 @@ ---- -- hosts: all - roles: - - tgmanage - -- hosts: nms-front - roles: - - nmsfront - become: false - tasks: - # Some of these are probably redundant, but kept around because it works - # and they aren't too bad. - - name: Misc packages - apt: name={{ item }} state=present - with_items: - - wget - - vim - - man - - build-essential - - net-tools - - bash-completion - - git-core - - autoconf - - netcat - - libwww-perl - - libmicrohttpd-dev - - libcurl4-gnutls-dev - - libedit-dev - - libpcre3-dev - - libncurses5-dev - - python-demjson - - python-docutils - - libtool - - locales - - screen - - openssh-server - - libcapture-tiny-perl - - libcgi-pm-perl - - libcommon-sense-perl - - libdata-dumper-simple-perl - - libdbd-pg-perl - - libdbi-perl - - libdigest-perl - - libgd-perl - - libgeo-ip-perl - - libhtml-parser-perl - - libhtml-template-perl - - libimage-magick-perl - - libimage-magick-q16-perl - - libjson-perl - - libjson-xs-perl - - libnetaddr-ip-perl - - libnet-cidr-perl - - libnet-ip-perl - - libnet-openssh-perl - - libnet-oping-perl - - libnet-rawip-perl - - libnet-telnet-cisco-perl - - libnet-telnet-perl - - libsnmp-perl - - libsocket6-perl - - libsocket-perl - - libswitch-perl - - libtimedate-perl - - perl - - perl-base - - perl-modules - - varnish - - libfreezethaw-perl - - apache2 diff --git a/nms/config.pm b/nms/config.pm deleted file mode 100755 index db9775f..0000000 --- a/nms/config.pm +++ /dev/null @@ -1,81 +0,0 @@ -#! /usr/bin/perl -use strict; -use warnings; -use DBI; -package nms::config; - -# DB -our $db_name = "nms"; -our $db_host = "nms-dev-db.gathering.org"; -our $db_username = "nms"; -our $db_password = "nms-lol"; - -# NMS hash used for public NMS obfuscation of interface names -our $nms_hash = "<removed>"; - -# DHCP-servers -our $dhcp_server1 = "185.12.59.66"; # primary -our $dhcp_server2 = "185.12.59.2"; # secondary - -# TACACS-login for NMS -our $tacacs_user = "<removed>"; -our $tacacs_pass = "<removed>"; - -# SNMP read-only for NMS, etc -our $snmp_community = "<removed>"; - -# Telnet-timeout for smanagrun -our $telnet_timeout = 300; - -# IP/IPv6/DNS-info -our $tgname = "tg15"; -our $pri_hostname = "marty"; -our $pri_v4 = "185.12.59.66"; -our $pri_v6 = "2a02:ed02:1ee7::66"; -our $pri_net_v4 = "185.12.59.64/27"; -our $pri_net_v6 = "2a02:ed02:1ee7::/64"; - -our $sec_hostname = "emmet"; -our $sec_v4 = "185.12.59.2"; -our $sec_v6 = "2a02:ed02:1337::2"; -our $sec_net_v4 = "185.12.59.0/26"; -our $sec_net_v6 = "2a02:ed02:1337::/64"; - -# for RIPE to get reverse zones via DNS AXFR -# https://www.ripe.net/data-tools/dns/reverse-dns/how-to-set-up-reverse-delegation -our $ext_xfer = "193.0.0.0/22; 2001:610:240::/48; 2001:67c:2e8::/48"; - -# allow XFR from NOC -our $noc_net = "151.216.254.0/24; 2a02:ed02:254::/64"; - -# To generate new dnssec-key for ddns: -# dnssec-keygen -a HMAC-MD5 -b 128 -n HOST DHCP_UPDATER -our $ddns_key = "<removed>"; -our $ddns_to = "127.0.0.1"; # just use localhost - -# Base networks -our $base_ipv4net = "151.216.128.0/17"; -our $base_ipv6net = "2a02:ed02::/32"; -our $ipv6zone = "2.0.d.e.2.0.a.2.ip6.arpa"; - -# extra networks that are outside the normal ranges -# that should have recursive DNS access -our $rec_net = "185.12.59.0/24"; - -# extra networks that are outside the normal ranges -# that should be added to DNS -our @extra_nets = ( - '185.12.59.0/24', # norsk nett -); - -# add WLC's -our $wlc1 = "151.216.128.130"; - -# add VOIP-server -our $voip1 = "<removed>"; - -# PXE-server (rest of bootstrap assumes $sec_v4/$sec_v6) -our $pxe_server_v4 = $sec_v4; -our $pxe_server_v6 = $sec_v6; - -1; diff --git a/nms/makedockerfiles.sh b/nms/makedockerfiles.sh deleted file mode 100755 index 6c7e3da..0000000 --- a/nms/makedockerfiles.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/sh -awk -v TARGET=/dev/null ' -BEGIN { - system("mkdir -p build") -} -/^@template/ { - TARGET="build/Dockerfile."$2; - TARGETS[ntargets++]=$2; - print "# Generated" > TARGET - next; -} -{ - print > TARGET -} -END { - print "#! /bin/sh" > "build/build.sh" - print "set -e" > "build/build.sh" - for (x in TARGETS) { - a = TARGETS[x] - print "echo Building "a > "build/build.sh" - print "echo Logs: build/"a".log" > "build/build.sh" - print "docker build -t "a" -f build/Dockerfile."a" . > build/"a".log 2>&1 || cat build/"a".log" > "build/build.sh" - } - system("chmod +x build/build.sh") -}' < Dockerfile.in -build/build.sh diff --git a/nms/nms-dump.sql b/nms/nms-dump.sql deleted file mode 100644 index 25ba3ac..0000000 --- a/nms/nms-dump.sql +++ /dev/null @@ -1,695 +0,0 @@ --- --- PostgreSQL database dump --- - -SET statement_timeout = 0; -SET lock_timeout = 0; -SET client_encoding = 'UTF8'; -SET standard_conforming_strings = on; -SET check_function_bodies = false; -SET client_min_messages = warning; - --- --- Name: plpgsql; Type: EXTENSION; Schema: -; Owner: --- - -CREATE EXTENSION IF NOT EXISTS plpgsql WITH SCHEMA pg_catalog; - - --- --- Name: EXTENSION plpgsql; Type: COMMENT; Schema: -; Owner: --- - -COMMENT ON EXTENSION plpgsql IS 'PL/pgSQL procedural language'; - - -SET search_path = public, pg_catalog; - --- --- Name: comment_state; Type: TYPE; Schema: public; Owner: nms --- - -CREATE TYPE comment_state AS ENUM ( - 'active', - 'inactive', - 'persist', - 'delete' -); - - -ALTER TYPE comment_state OWNER TO nms; - -SET default_tablespace = ''; - -SET default_with_oids = false; - --- --- Name: dhcp; Type: TABLE; Schema: public; Owner: nms; Tablespace: --- - -CREATE TABLE dhcp ( - switch integer, - "time" timestamp with time zone, - mac macaddr, - ip inet -); - - -ALTER TABLE dhcp OWNER TO nms; - --- --- Name: linknet_ping; Type: TABLE; Schema: public; Owner: nms; Tablespace: --- - -CREATE TABLE linknet_ping ( - linknet integer NOT NULL, - "time" timestamp with time zone DEFAULT now() NOT NULL, - latency1_ms double precision, - latency2_ms double precision -); - - -ALTER TABLE linknet_ping OWNER TO nms; - --- --- Name: linknets; Type: TABLE; Schema: public; Owner: nms; Tablespace: --- - -CREATE TABLE linknets ( - linknet integer NOT NULL, - switch1 integer NOT NULL, - addr1 inet, - switch2 integer NOT NULL, - addr2 inet, - port1 character varying(10), - port2 character varying(10) -); - - -ALTER TABLE linknets OWNER TO nms; - --- --- Name: linknets_linknet_seq; Type: SEQUENCE; Schema: public; Owner: nms --- - -CREATE SEQUENCE linknets_linknet_seq - START WITH 1 - INCREMENT BY 1 - NO MINVALUE - NO MAXVALUE - CACHE 1; - - -ALTER TABLE linknets_linknet_seq OWNER TO nms; - --- --- Name: linknets_linknet_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: nms --- - -ALTER SEQUENCE linknets_linknet_seq OWNED BY linknets.linknet; - - --- --- Name: ping; Type: TABLE; Schema: public; Owner: nms; Tablespace: --- - -CREATE TABLE ping ( - switch integer NOT NULL, - "time" timestamp with time zone DEFAULT now() NOT NULL, - latency_ms double precision -); - - -ALTER TABLE ping OWNER TO nms; - --- --- Name: ping_secondary_ip; Type: TABLE; Schema: public; Owner: nms; Tablespace: --- - -CREATE TABLE ping_secondary_ip ( - switch integer NOT NULL, - "time" timestamp with time zone DEFAULT now() NOT NULL, - latency_ms double precision -); - - -ALTER TABLE ping_secondary_ip OWNER TO nms; - --- --- Name: polls; Type: TABLE; Schema: public; Owner: nms; Tablespace: --- - -CREATE TABLE polls ( - switch integer NOT NULL, - "time" timestamp with time zone NOT NULL, - ifname character varying(30) NOT NULL, - ifhighspeed integer, - ifhcoutoctets bigint, - ifhcinoctets bigint -); - - -ALTER TABLE polls OWNER TO nms; - --- --- Name: seen_mac; Type: TABLE; Schema: public; Owner: nms; Tablespace: --- - -CREATE TABLE seen_mac ( - mac macaddr NOT NULL, - address inet NOT NULL, - seen timestamp with time zone DEFAULT now() NOT NULL -); - - -ALTER TABLE seen_mac OWNER TO nms; - --- --- Name: snmp; Type: TABLE; Schema: public; Owner: nms; Tablespace: --- - -CREATE TABLE snmp ( - "time" timestamp without time zone DEFAULT now() NOT NULL, - switch integer NOT NULL, - data jsonb, - id integer NOT NULL -); - - -ALTER TABLE snmp OWNER TO nms; - --- --- Name: snmp_id_seq; Type: SEQUENCE; Schema: public; Owner: nms --- - -CREATE SEQUENCE snmp_id_seq - START WITH 1 - INCREMENT BY 1 - NO MINVALUE - NO MAXVALUE - CACHE 1; - - -ALTER TABLE snmp_id_seq OWNER TO nms; - --- --- Name: snmp_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: nms --- - -ALTER SEQUENCE snmp_id_seq OWNED BY snmp.id; - - --- --- Name: switch_comments; Type: TABLE; Schema: public; Owner: nms; Tablespace: --- - -CREATE TABLE switch_comments ( - switch integer NOT NULL, - "time" timestamp with time zone, - comment text, - state comment_state DEFAULT 'active'::comment_state, - username character varying(32), - id integer NOT NULL -); - - -ALTER TABLE switch_comments OWNER TO nms; - --- --- Name: switch_comments_id_seq; Type: SEQUENCE; Schema: public; Owner: nms --- - -CREATE SEQUENCE switch_comments_id_seq - START WITH 1 - INCREMENT BY 1 - NO MINVALUE - NO MAXVALUE - CACHE 1; - - -ALTER TABLE switch_comments_id_seq OWNER TO nms; - --- --- Name: switch_comments_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: nms --- - -ALTER SEQUENCE switch_comments_id_seq OWNED BY switch_comments.id; - - --- --- Name: switch_temp; Type: TABLE; Schema: public; Owner: nms; Tablespace: --- - -CREATE TABLE switch_temp ( - switch integer, - temp integer, - "time" timestamp with time zone -); - - -ALTER TABLE switch_temp OWNER TO nms; - --- --- Name: switches; Type: TABLE; Schema: public; Owner: nms; Tablespace: --- - -CREATE TABLE switches ( - switch integer DEFAULT nextval(('"switches_switch_seq"'::text)::regclass) NOT NULL, - mgmt_v4_addr inet, - sysname character varying NOT NULL, - switchtype character varying DEFAULT 'ex2200'::character varying NOT NULL, - last_updated timestamp with time zone, - locked boolean DEFAULT false NOT NULL, - poll_frequency interval DEFAULT '00:01:00'::interval NOT NULL, - community character varying DEFAULT 'FullPuppTilNMS'::character varying NOT NULL, - lldp_chassis_id character varying, - mgmt_v6_addr inet, - placement box, - subnet4 cidr, - subnet6 cidr, - distro_name character varying, - distro_phy_port character varying(100), - mgmt_v6_gw inet, - mgmt_v4_gw inet, - mgmt_vlan integer DEFAULT 666, - traffic_vlan integer, - last_config_fetch timestamp with time zone, - current_mac macaddr -); - - -ALTER TABLE switches OWNER TO nms; - --- --- Name: switches_switch_seq; Type: SEQUENCE; Schema: public; Owner: nms --- - -CREATE SEQUENCE switches_switch_seq - START WITH 1 - INCREMENT BY 1 - NO MINVALUE - NO MAXVALUE - CACHE 1; - - -ALTER TABLE switches_switch_seq OWNER TO nms; - --- --- Name: test_table; Type: TABLE; Schema: public; Owner: nms; Tablespace: --- - -CREATE TABLE test_table ( - test timestamp with time zone -); - - -ALTER TABLE test_table OWNER TO nms; - --- --- Name: linknet; Type: DEFAULT; Schema: public; Owner: nms --- - -ALTER TABLE ONLY linknets ALTER COLUMN linknet SET DEFAULT nextval('linknets_linknet_seq'::regclass); - - --- --- Name: id; Type: DEFAULT; Schema: public; Owner: nms --- - -ALTER TABLE ONLY snmp ALTER COLUMN id SET DEFAULT nextval('snmp_id_seq'::regclass); - - --- --- Name: id; Type: DEFAULT; Schema: public; Owner: nms --- - -ALTER TABLE ONLY switch_comments ALTER COLUMN id SET DEFAULT nextval('switch_comments_id_seq'::regclass); - - --- --- Name: polls_time_switch_ifname_key; Type: CONSTRAINT; Schema: public; Owner: nms; Tablespace: --- - -ALTER TABLE ONLY polls - ADD CONSTRAINT polls_time_switch_ifname_key UNIQUE ("time", switch, ifname); - - --- --- Name: seen_mac_pkey; Type: CONSTRAINT; Schema: public; Owner: nms; Tablespace: --- - -ALTER TABLE ONLY seen_mac - ADD CONSTRAINT seen_mac_pkey PRIMARY KEY (mac, address, seen); - - --- --- Name: switch_comments_pkey; Type: CONSTRAINT; Schema: public; Owner: nms; Tablespace: --- - -ALTER TABLE ONLY switch_comments - ADD CONSTRAINT switch_comments_pkey PRIMARY KEY (id); - - --- --- Name: switches_pkey; Type: CONSTRAINT; Schema: public; Owner: nms; Tablespace: --- - -ALTER TABLE ONLY switches - ADD CONSTRAINT switches_pkey PRIMARY KEY (switch); - - --- --- Name: switches_sysname_key; Type: CONSTRAINT; Schema: public; Owner: nms; Tablespace: --- - -ALTER TABLE ONLY switches - ADD CONSTRAINT switches_sysname_key UNIQUE (sysname); - - --- --- Name: switches_sysname_key1; Type: CONSTRAINT; Schema: public; Owner: nms; Tablespace: --- - -ALTER TABLE ONLY switches - ADD CONSTRAINT switches_sysname_key1 UNIQUE (sysname); - - --- --- Name: dhcp_ip; Type: INDEX; Schema: public; Owner: nms; Tablespace: --- - -CREATE INDEX dhcp_ip ON dhcp USING btree (ip); - - --- --- Name: dhcp_mac; Type: INDEX; Schema: public; Owner: nms; Tablespace: --- - -CREATE INDEX dhcp_mac ON dhcp USING btree (mac); - - --- --- Name: dhcp_switch; Type: INDEX; Schema: public; Owner: nms; Tablespace: --- - -CREATE INDEX dhcp_switch ON dhcp USING btree (switch); - - --- --- Name: dhcp_time; Type: INDEX; Schema: public; Owner: nms; Tablespace: --- - -CREATE INDEX dhcp_time ON dhcp USING btree ("time"); - - --- --- Name: ping_index; Type: INDEX; Schema: public; Owner: nms; Tablespace: --- - -CREATE INDEX ping_index ON ping USING btree ("time"); - - --- --- Name: ping_secondary_index; Type: INDEX; Schema: public; Owner: nms; Tablespace: --- - -CREATE INDEX ping_secondary_index ON ping_secondary_ip USING btree ("time"); - - --- --- Name: polls_ifname; Type: INDEX; Schema: public; Owner: nms; Tablespace: --- - -CREATE INDEX polls_ifname ON polls USING btree (ifname); - - --- --- Name: polls_switch; Type: INDEX; Schema: public; Owner: nms; Tablespace: --- - -CREATE INDEX polls_switch ON polls USING btree (switch); - - --- --- Name: polls_switch_ifname; Type: INDEX; Schema: public; Owner: nms; Tablespace: --- - -CREATE INDEX polls_switch_ifname ON polls USING btree (switch, ifname); - - --- --- Name: polls_time; Type: INDEX; Schema: public; Owner: nms; Tablespace: --- - -CREATE INDEX polls_time ON polls USING btree ("time"); - - --- --- Name: seen_mac_addr_family; Type: INDEX; Schema: public; Owner: nms; Tablespace: --- - -CREATE INDEX seen_mac_addr_family ON seen_mac USING btree (family(address)); - - --- --- Name: seen_mac_seen; Type: INDEX; Schema: public; Owner: nms; Tablespace: --- - -CREATE INDEX seen_mac_seen ON seen_mac USING btree (seen); - - --- --- Name: snmp_time; Type: INDEX; Schema: public; Owner: nms; Tablespace: --- - -CREATE INDEX snmp_time ON snmp USING btree ("time"); - - --- --- Name: snmp_time15; Type: INDEX; Schema: public; Owner: nms; Tablespace: --- - -CREATE INDEX snmp_time15 ON snmp USING btree (id, switch); - - --- --- Name: snmp_time6; Type: INDEX; Schema: public; Owner: nms; Tablespace: --- - -CREATE INDEX snmp_time6 ON snmp USING btree ("time" DESC, switch); - - --- --- Name: switch_temp_index; Type: INDEX; Schema: public; Owner: nms; Tablespace: --- - -CREATE INDEX switch_temp_index ON switch_temp USING btree (switch); - - --- --- Name: switches_switch; Type: INDEX; Schema: public; Owner: nms; Tablespace: --- - -CREATE INDEX switches_switch ON switches USING hash (switch); - - --- --- Name: updated_index2; Type: INDEX; Schema: public; Owner: nms; Tablespace: --- - -CREATE INDEX updated_index2 ON linknet_ping USING btree ("time"); - - --- --- Name: updated_index3; Type: INDEX; Schema: public; Owner: nms; Tablespace: --- - -CREATE INDEX updated_index3 ON ping_secondary_ip USING btree ("time"); - - --- --- Name: dhcp_switch_fkey; Type: FK CONSTRAINT; Schema: public; Owner: nms --- - -ALTER TABLE ONLY dhcp - ADD CONSTRAINT dhcp_switch_fkey FOREIGN KEY (switch) REFERENCES switches(switch); - - --- --- Name: snmp_switch_fkey; Type: FK CONSTRAINT; Schema: public; Owner: nms --- - -ALTER TABLE ONLY snmp - ADD CONSTRAINT snmp_switch_fkey FOREIGN KEY (switch) REFERENCES switches(switch); - - --- --- Name: switchname; Type: FK CONSTRAINT; Schema: public; Owner: nms --- - -ALTER TABLE ONLY polls - ADD CONSTRAINT switchname FOREIGN KEY (switch) REFERENCES switches(switch); - - --- --- Name: switchname; Type: FK CONSTRAINT; Schema: public; Owner: nms --- - -ALTER TABLE ONLY ping - ADD CONSTRAINT switchname FOREIGN KEY (switch) REFERENCES switches(switch); - - --- --- Name: switchname; Type: FK CONSTRAINT; Schema: public; Owner: nms --- - -ALTER TABLE ONLY switch_comments - ADD CONSTRAINT switchname FOREIGN KEY (switch) REFERENCES switches(switch); - - --- --- Name: public; Type: ACL; Schema: -; Owner: postgres --- - -REVOKE ALL ON SCHEMA public FROM PUBLIC; -REVOKE ALL ON SCHEMA public FROM postgres; -GRANT ALL ON SCHEMA public TO postgres; -GRANT ALL ON SCHEMA public TO PUBLIC; -GRANT ALL ON SCHEMA public TO fap; - - --- --- Name: dhcp; Type: ACL; Schema: public; Owner: nms --- - -REVOKE ALL ON TABLE dhcp FROM PUBLIC; -REVOKE ALL ON TABLE dhcp FROM nms; -GRANT ALL ON TABLE dhcp TO nms; -GRANT ALL ON TABLE dhcp TO fap; - - --- --- Name: linknet_ping; Type: ACL; Schema: public; Owner: nms --- - -REVOKE ALL ON TABLE linknet_ping FROM PUBLIC; -REVOKE ALL ON TABLE linknet_ping FROM nms; -GRANT ALL ON TABLE linknet_ping TO nms; -GRANT ALL ON TABLE linknet_ping TO fap; - - --- --- Name: linknets; Type: ACL; Schema: public; Owner: nms --- - -REVOKE ALL ON TABLE linknets FROM PUBLIC; -REVOKE ALL ON TABLE linknets FROM nms; -GRANT ALL ON TABLE linknets TO nms; -GRANT ALL ON TABLE linknets TO fap; - - --- --- Name: ping; Type: ACL; Schema: public; Owner: nms --- - -REVOKE ALL ON TABLE ping FROM PUBLIC; -REVOKE ALL ON TABLE ping FROM nms; -GRANT ALL ON TABLE ping TO nms; -GRANT ALL ON TABLE ping TO fap; - - --- --- Name: ping_secondary_ip; Type: ACL; Schema: public; Owner: nms --- - -REVOKE ALL ON TABLE ping_secondary_ip FROM PUBLIC; -REVOKE ALL ON TABLE ping_secondary_ip FROM nms; -GRANT ALL ON TABLE ping_secondary_ip TO nms; -GRANT ALL ON TABLE ping_secondary_ip TO fap; - - --- --- Name: polls; Type: ACL; Schema: public; Owner: nms --- - -REVOKE ALL ON TABLE polls FROM PUBLIC; -REVOKE ALL ON TABLE polls FROM nms; -GRANT ALL ON TABLE polls TO nms; -GRANT ALL ON TABLE polls TO fap; - - --- --- Name: seen_mac; Type: ACL; Schema: public; Owner: nms --- - -REVOKE ALL ON TABLE seen_mac FROM PUBLIC; -REVOKE ALL ON TABLE seen_mac FROM nms; -GRANT ALL ON TABLE seen_mac TO nms; -GRANT ALL ON TABLE seen_mac TO fap; - - --- --- Name: snmp; Type: ACL; Schema: public; Owner: nms --- - -REVOKE ALL ON TABLE snmp FROM PUBLIC; -REVOKE ALL ON TABLE snmp FROM nms; -GRANT ALL ON TABLE snmp TO nms; -GRANT ALL ON TABLE snmp TO postgres; -GRANT ALL ON TABLE snmp TO fap; - - --- --- Name: snmp_id_seq; Type: ACL; Schema: public; Owner: nms --- - -REVOKE ALL ON SEQUENCE snmp_id_seq FROM PUBLIC; -REVOKE ALL ON SEQUENCE snmp_id_seq FROM nms; -GRANT ALL ON SEQUENCE snmp_id_seq TO nms; -GRANT ALL ON SEQUENCE snmp_id_seq TO postgres; - - --- --- Name: switch_comments; Type: ACL; Schema: public; Owner: nms --- - -REVOKE ALL ON TABLE switch_comments FROM PUBLIC; -REVOKE ALL ON TABLE switch_comments FROM nms; -GRANT ALL ON TABLE switch_comments TO nms; -GRANT ALL ON TABLE switch_comments TO fap; - - --- --- Name: switch_temp; Type: ACL; Schema: public; Owner: nms --- - -REVOKE ALL ON TABLE switch_temp FROM PUBLIC; -REVOKE ALL ON TABLE switch_temp FROM nms; -GRANT ALL ON TABLE switch_temp TO nms; -GRANT ALL ON TABLE switch_temp TO fap; - - --- --- Name: switches; Type: ACL; Schema: public; Owner: nms --- - -REVOKE ALL ON TABLE switches FROM PUBLIC; -REVOKE ALL ON TABLE switches FROM nms; -GRANT ALL ON TABLE switches TO nms; -GRANT ALL ON TABLE switches TO fap; - - --- --- Name: test_table; Type: ACL; Schema: public; Owner: nms --- - -REVOKE ALL ON TABLE test_table FROM PUBLIC; -REVOKE ALL ON TABLE test_table FROM nms; -GRANT ALL ON TABLE test_table TO nms; -GRANT ALL ON TABLE test_table TO fap; - - --- --- PostgreSQL database dump complete --- - diff --git a/nms/pg_hba.conf b/nms/pg_hba.conf deleted file mode 100644 index 9b23a31..0000000 --- a/nms/pg_hba.conf +++ /dev/null @@ -1,118 +0,0 @@ -# PostgreSQL Client Authentication Configuration File -# =================================================== -# -# Refer to the "Client Authentication" section in the PostgreSQL -# documentation for a complete description of this file. A short -# synopsis follows. -# -# This file controls: which hosts are allowed to connect, how clients -# are authenticated, which PostgreSQL user names they can use, which -# databases they can access. Records take one of these forms: -# -# local DATABASE USER METHOD [OPTIONS] -# host DATABASE USER ADDRESS METHOD [OPTIONS] -# hostssl DATABASE USER ADDRESS METHOD [OPTIONS] -# hostnossl DATABASE USER ADDRESS METHOD [OPTIONS] -# -# (The uppercase items must be replaced by actual values.) -# -# The first field is the connection type: "local" is a Unix-domain -# socket, "host" is either a plain or SSL-encrypted TCP/IP socket, -# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a -# plain TCP/IP socket. -# -# DATABASE can be "all", "sameuser", "samerole", "replication", a -# database name, or a comma-separated list thereof. The "all" -# keyword does not match "replication". Access to replication -# must be enabled in a separate record (see example below). -# -# USER can be "all", a user name, a group name prefixed with "+", or a -# comma-separated list thereof. In both the DATABASE and USER fields -# you can also write a file name prefixed with "@" to include names -# from a separate file. -# -# ADDRESS specifies the set of hosts the record matches. It can be a -# host name, or it is made up of an IP address and a CIDR mask that is -# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that -# specifies the number of significant bits in the mask. A host name -# that starts with a dot (.) matches a suffix of the actual host name. -# Alternatively, you can write an IP address and netmask in separate -# columns to specify the set of hosts. Instead of a CIDR-address, you -# can write "samehost" to match any of the server's own IP addresses, -# or "samenet" to match any address in any subnet that the server is -# directly connected to. -# -# METHOD can be "trust", "reject", "md5", "password", "gss", "sspi", -# "ident", "peer", "pam", "ldap", "radius" or "cert". Note that -# "password" sends passwords in clear text; "md5" is preferred since -# it sends encrypted passwords. -# -# OPTIONS are a set of options for the authentication in the format -# NAME=VALUE. The available options depend on the different -# authentication methods -- refer to the "Client Authentication" -# section in the documentation for a list of which options are -# available for which authentication methods. -# -# Database and user names containing spaces, commas, quotes and other -# special characters must be quoted. Quoting one of the keywords -# "all", "sameuser", "samerole" or "replication" makes the name lose -# its special character, and just match a database or username with -# that name. -# -# This file is read on server startup and when the postmaster receives -# a SIGHUP signal. If you edit the file on a running system, you have -# to SIGHUP the postmaster for the changes to take effect. You can -# use "pg_ctl reload" to do that. - -# Put your actual configuration here -# ---------------------------------- -# -# If you want to allow non-local connections, you need to add more -# "host" records. In that case you will also need to make PostgreSQL -# listen on a non-local interface via the listen_addresses -# configuration parameter, or via the -i or -h command line switches. - - - - -# DO NOT DISABLE! -# If you change this first entry you will need to make sure that the -# database superuser can access the database using some other method. -# Noninteractive access to all databases is required during automatic -# maintenance (custom daily cronjobs, replication, and similar tasks). -# -# Database administrative login by Unix domain socket -local all postgres peer - -# TYPE DATABASE USER ADDRESS METHOD - -# "local" is for Unix domain socket connections only -local all all peer -# IPv4 local connections: -host all all 127.0.0.1/32 md5 -# IPv6 local connections: -host all all ::1/128 md5 - -host nms nms 172.17.0.0/16 md5 - -# NOC-nett -host nms nms 185.110.150.0/25 md5 -host nms nms 2a06:5841:150a::0/64 md5 - -host nms fap 185.110.150.0/25 md5 -host nms fap 2a06:5841:150a::0/64 md5 - -# Server-nett -host nms nms 185.110.148.0/26 md5 -host nms nms 2a06:5841:1337::0/64 md5 - -host nms fap 185.110.148.0/26 md5 -host nms fap 2a06:5841:1337::0/64 md5 -# r2-d2 med mer -host nms nms 185.110.149.0/26 md5 - -# Allow replication connections from localhost, by a user with the -# replication privilege. -#local replication postgres peer -#host replication postgres 127.0.0.1/32 md5 -#host replication postgres ::1/128 md5 diff --git a/nms/postgresql.conf b/nms/postgresql.conf deleted file mode 100644 index 5ae771a..0000000 --- a/nms/postgresql.conf +++ /dev/null @@ -1,616 +0,0 @@ -# ----------------------------- -# PostgreSQL configuration file -# ----------------------------- -# -# This file consists of lines of the form: -# -# name = value -# -# (The "=" is optional.) Whitespace may be used. Comments are introduced with -# "#" anywhere on a line. The complete list of parameter names and allowed -# values can be found in the PostgreSQL documentation. -# -# The commented-out settings shown in this file represent the default values. -# Re-commenting a setting is NOT sufficient to revert it to the default value; -# you need to reload the server. -# -# This file is read on server startup and when the server receives a SIGHUP -# signal. If you edit the file on a running system, you have to SIGHUP the -# server for the changes to take effect, or use "pg_ctl reload". Some -# parameters, which are marked below, require a server shutdown and restart to -# take effect. -# -# Any parameter can also be given as a command-line option to the server, e.g., -# "postgres -c log_connections=on". Some parameters can be changed at run time -# with the "SET" SQL command. -# -# Memory units: kB = kilobytes Time units: ms = milliseconds -# MB = megabytes s = seconds -# GB = gigabytes min = minutes -# TB = terabytes h = hours -# d = days - - -#------------------------------------------------------------------------------ -# FILE LOCATIONS -#------------------------------------------------------------------------------ - -# The default values of these variables are driven from the -D command-line -# option or PGDATA environment variable, represented here as ConfigDir. - -data_directory = '/var/lib/postgresql/9.4/main' # use data in another directory - # (change requires restart) -hba_file = '/etc/postgresql/9.4/main/pg_hba.conf' # host-based authentication file - # (change requires restart) -ident_file = '/etc/postgresql/9.4/main/pg_ident.conf' # ident configuration file - # (change requires restart) - -# If external_pid_file is not explicitly set, no extra PID file is written. -external_pid_file = '/var/run/postgresql/9.4-main.pid' # write an extra PID file - # (change requires restart) - - -#------------------------------------------------------------------------------ -# CONNECTIONS AND AUTHENTICATION -#------------------------------------------------------------------------------ - -# - Connection Settings - - -#listen_addresses = 'localhost' # what IP address(es) to listen on; - # comma-separated list of addresses; - # defaults to 'localhost'; use '*' for all - # (change requires restart) -listen_addresses = '*' -port = 5432 # (change requires restart) -max_connections = 50 # (change requires restart) -# Note: Increasing max_connections costs ~400 bytes of shared memory per -# connection slot, plus lock space (see max_locks_per_transaction). -#superuser_reserved_connections = 3 # (change requires restart) -unix_socket_directories = '/var/run/postgresql' # comma-separated list of directories - # (change requires restart) -#unix_socket_group = '' # (change requires restart) -#unix_socket_permissions = 0777 # begin with 0 to use octal notation - # (change requires restart) -#bonjour = off # advertise server via Bonjour - # (change requires restart) -#bonjour_name = '' # defaults to the computer name - # (change requires restart) - -# - Security and Authentication - - -#authentication_timeout = 1min # 1s-600s -ssl = true # (change requires restart) -#ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers - # (change requires restart) -#ssl_prefer_server_ciphers = on # (change requires restart) -#ssl_ecdh_curve = 'prime256v1' # (change requires restart) -#ssl_renegotiation_limit = 0 # amount of data between renegotiations -ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem' # (change requires restart) -ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key' # (change requires restart) -#ssl_ca_file = '' # (change requires restart) -#ssl_crl_file = '' # (change requires restart) -#password_encryption = on -#db_user_namespace = off - -# GSSAPI using Kerberos -#krb_server_keyfile = '' -#krb_caseins_users = off - -# - TCP Keepalives - -# see "man 7 tcp" for details - -#tcp_keepalives_idle = 0 # TCP_KEEPIDLE, in seconds; - # 0 selects the system default -#tcp_keepalives_interval = 0 # TCP_KEEPINTVL, in seconds; - # 0 selects the system default -#tcp_keepalives_count = 0 # TCP_KEEPCNT; - # 0 selects the system default - - -#------------------------------------------------------------------------------ -# RESOURCE USAGE (except WAL) -#------------------------------------------------------------------------------ - -# - Memory - - -shared_buffers = 2GB # min 128kB - # (change requires restart) -#huge_pages = try # on, off, or try - # (change requires restart) -temp_buffers = 32MB # min 800kB -#max_prepared_transactions = 0 # zero disables the feature - # (change requires restart) -# Note: Increasing max_prepared_transactions costs ~600 bytes of shared memory -# per transaction slot, plus lock space (see max_locks_per_transaction). -# It is not advisable to set max_prepared_transactions nonzero unless you -# actively intend to use prepared transactions. -work_mem = 16MB # min 64kB -maintenance_work_mem = 256MB # min 1MB -#autovacuum_work_mem = -1 # min 1MB, or -1 to use maintenance_work_mem -#max_stack_depth = 2MB # min 100kB -dynamic_shared_memory_type = posix # the default is the first option - # supported by the operating system: - # posix - # sysv - # windows - # mmap - # use none to disable dynamic shared memory - -# - Disk - - -#temp_file_limit = -1 # limits per-session temp file space - # in kB, or -1 for no limit - -# - Kernel Resource Usage - - -#max_files_per_process = 1000 # min 25 - # (change requires restart) -shared_preload_libraries = '' # (change requires restart) - -# - Cost-Based Vacuum Delay - - -#vacuum_cost_delay = 0 # 0-100 milliseconds -#vacuum_cost_page_hit = 1 # 0-10000 credits -#vacuum_cost_page_miss = 10 # 0-10000 credits -#vacuum_cost_page_dirty = 20 # 0-10000 credits -#vacuum_cost_limit = 200 # 1-10000 credits - -# - Background Writer - - -#bgwriter_delay = 200ms # 10-10000ms between rounds -#bgwriter_lru_maxpages = 100 # 0-1000 max buffers written/round -#bgwriter_lru_multiplier = 2.0 # 0-10.0 multipler on buffers scanned/round - -# - Asynchronous Behavior - - -#effective_io_concurrency = 1 # 1-1000; 0 disables prefetching -#max_worker_processes = 8 - - -#------------------------------------------------------------------------------ -# WRITE AHEAD LOG -#------------------------------------------------------------------------------ - -# - Settings - - -wal_level = archive # minimal, archive, hot_standby, or logical - # (change requires restart) -#fsync = on # turns forced synchronization on or off -#synchronous_commit = on # synchronization level; - # off, local, remote_write, or on -#wal_sync_method = fsync # the default is the first option - # supported by the operating system: - # open_datasync - # fdatasync (default on Linux) - # fsync - # fsync_writethrough - # open_sync -#full_page_writes = on # recover from partial page writes -#wal_log_hints = off # also do full page writes of non-critical updates - # (change requires restart) -#wal_buffers = -1 # min 32kB, -1 sets based on shared_buffers - # (change requires restart) -#wal_writer_delay = 200ms # 1-10000 milliseconds - -#commit_delay = 0 # range 0-100000, in microseconds -#commit_siblings = 5 # range 1-1000 - -# - Checkpoints - - -#checkpoint_segments = 3 # in logfile segments, min 1, 16MB each -#checkpoint_timeout = 5min # range 30s-1h -#checkpoint_completion_target = 0.5 # checkpoint target duration, 0.0 - 1.0 -#checkpoint_warning = 30s # 0 disables - -# - Archiving - - -#archive_mode = off # allows archiving to be done - # (change requires restart) -#archive_command = '' # command to use to archive a logfile segment - # placeholders: %p = path of file to archive - # %f = file name only - # e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f' -#archive_timeout = 0 # force a logfile segment switch after this - # number of seconds; 0 disables - - -#------------------------------------------------------------------------------ -# REPLICATION -#------------------------------------------------------------------------------ - -# - Sending Server(s) - - -# Set these on the master and on any standby that will send replication data. - -#max_wal_senders = 0 # max number of walsender processes - # (change requires restart) -#wal_keep_segments = 0 # in logfile segments, 16MB each; 0 disables -#wal_sender_timeout = 60s # in milliseconds; 0 disables - -#max_replication_slots = 0 # max number of replication slots - # (change requires restart) - -# - Master Server - - -# These settings are ignored on a standby server. - -#synchronous_standby_names = '' # standby servers that provide sync rep - # comma-separated list of application_name - # from standby(s); '*' = all -#vacuum_defer_cleanup_age = 0 # number of xacts by which cleanup is delayed - -# - Standby Servers - - -# These settings are ignored on a master server. - -#hot_standby = off # "on" allows queries during recovery - # (change requires restart) -#max_standby_archive_delay = 30s # max delay before canceling queries - # when reading WAL from archive; - # -1 allows indefinite delay -#max_standby_streaming_delay = 30s # max delay before canceling queries - # when reading streaming WAL; - # -1 allows indefinite delay -#wal_receiver_status_interval = 10s # send replies at least this often - # 0 disables -#hot_standby_feedback = off # send info from standby to prevent - # query conflicts -#wal_receiver_timeout = 60s # time that receiver waits for - # communication from master - # in milliseconds; 0 disables - - -#------------------------------------------------------------------------------ -# QUERY TUNING -#------------------------------------------------------------------------------ - -# - Planner Method Configuration - - -#enable_bitmapscan = on -#enable_hashagg = on -#enable_hashjoin = on -#enable_indexscan = on -#enable_indexonlyscan = on -#enable_material = on -#enable_mergejoin = on -#enable_nestloop = on -#enable_seqscan = on -#enable_sort = on -#enable_tidscan = on - -# - Planner Cost Constants - - -#seq_page_cost = 1.0 # measured on an arbitrary scale -#random_page_cost = 4.0 # same scale as above -#cpu_tuple_cost = 0.01 # same scale as above -#cpu_index_tuple_cost = 0.005 # same scale as above -#cpu_operator_cost = 0.0025 # same scale as above -#effective_cache_size = 4GB - -# - Genetic Query Optimizer - - -#geqo = on -#geqo_threshold = 12 -#geqo_effort = 5 # range 1-10 -#geqo_pool_size = 0 # selects default based on effort -#geqo_generations = 0 # selects default based on effort -#geqo_selection_bias = 2.0 # range 1.5-2.0 -#geqo_seed = 0.0 # range 0.0-1.0 - -# - Other Planner Options - - -#default_statistics_target = 100 # range 1-10000 -#constraint_exclusion = partition # on, off, or partition -#cursor_tuple_fraction = 0.1 # range 0.0-1.0 -#from_collapse_limit = 8 -#join_collapse_limit = 8 # 1 disables collapsing of explicit - # JOIN clauses - - -#------------------------------------------------------------------------------ -# ERROR REPORTING AND LOGGING -#------------------------------------------------------------------------------ - -# - Where to Log - - -#log_destination = 'stderr' # Valid values are combinations of - # stderr, csvlog, syslog, and eventlog, - # depending on platform. csvlog - # requires logging_collector to be on. - -# This is used when logging to stderr: -#logging_collector = off # Enable capturing of stderr and csvlog - # into log files. Required to be on for - # csvlogs. - # (change requires restart) - -# These are only used if logging_collector is on: -#log_directory = 'pg_log' # directory where log files are written, - # can be absolute or relative to PGDATA -#log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log' # log file name pattern, - # can include strftime() escapes -#log_file_mode = 0600 # creation mode for log files, - # begin with 0 to use octal notation -#log_truncate_on_rotation = off # If on, an existing log file with the - # same name as the new log file will be - # truncated rather than appended to. - # But such truncation only occurs on - # time-driven rotation, not on restarts - # or size-driven rotation. Default is - # off, meaning append to existing files - # in all cases. -#log_rotation_age = 1d # Automatic rotation of logfiles will - # happen after that time. 0 disables. -#log_rotation_size = 10MB # Automatic rotation of logfiles will - # happen after that much log output. - # 0 disables. - -# These are relevant when logging to syslog: -#syslog_facility = 'LOCAL0' -#syslog_ident = 'postgres' - -# This is only relevant when logging to eventlog (win32): -#event_source = 'PostgreSQL' - -# - When to Log - - -#client_min_messages = notice # values in order of decreasing detail: - # debug5 - # debug4 - # debug3 - # debug2 - # debug1 - # log - # notice - # warning - # error - -#log_min_messages = warning # values in order of decreasing detail: - # debug5 - # debug4 - # debug3 - # debug2 - # debug1 - # info - # notice - # warning - # error - # log - # fatal - # panic - -#log_min_error_statement = error # values in order of decreasing detail: - # debug5 - # debug4 - # debug3 - # debug2 - # debug1 - # info - # notice - # warning - # error - # log - # fatal - # panic (effectively off) - -log_min_duration_statement = 2000 # -1 is disabled, 0 logs all statements - # and their durations, > 0 logs only - # statements running at least this number - # of milliseconds - - -# - What to Log - - -#debug_print_parse = off -#debug_print_rewritten = off -#debug_print_plan = off -#debug_pretty_print = on -#log_checkpoints = off -#log_connections = off -#log_disconnections = off -#log_duration = off -#log_error_verbosity = default # terse, default, or verbose messages -#log_hostname = off -log_line_prefix = '%t [%p-%l] %q%u@%d ' # special values: - # %a = application name - # %u = user name - # %d = database name - # %r = remote host and port - # %h = remote host - # %p = process ID - # %t = timestamp without milliseconds - # %m = timestamp with milliseconds - # %i = command tag - # %e = SQL state - # %c = session ID - # %l = session line number - # %s = session start timestamp - # %v = virtual transaction ID - # %x = transaction ID (0 if none) - # %q = stop here in non-session - # processes - # %% = '%' - # e.g. '<%u%%%d> ' -#log_lock_waits = off # log lock waits >= deadlock_timeout -#log_statement = 'none' # none, ddl, mod, all -#log_temp_files = -1 # log temporary files equal or larger - # than the specified size in kilobytes; - # -1 disables, 0 logs all temp files -log_timezone = 'UTC' - - -#------------------------------------------------------------------------------ -# RUNTIME STATISTICS -#------------------------------------------------------------------------------ - -# - Query/Index Statistics Collector - - -#track_activities = on -#track_counts = on -#track_io_timing = off -#track_functions = none # none, pl, all -#track_activity_query_size = 1024 # (change requires restart) -#update_process_title = on -stats_temp_directory = '/var/run/postgresql/9.4-main.pg_stat_tmp' - - -# - Statistics Monitoring - - -#log_parser_stats = off -#log_planner_stats = off -#log_executor_stats = off -#log_statement_stats = off - - -#------------------------------------------------------------------------------ -# AUTOVACUUM PARAMETERS -#------------------------------------------------------------------------------ - -#autovacuum = on # Enable autovacuum subprocess? 'on' - # requires track_counts to also be on. -#log_autovacuum_min_duration = -1 # -1 disables, 0 logs all actions and - # their durations, > 0 logs only - # actions running at least this number - # of milliseconds. -#autovacuum_max_workers = 3 # max number of autovacuum subprocesses - # (change requires restart) -#autovacuum_naptime = 1min # time between autovacuum runs -#autovacuum_vacuum_threshold = 50 # min number of row updates before - # vacuum -#autovacuum_analyze_threshold = 50 # min number of row updates before - # analyze -#autovacuum_vacuum_scale_factor = 0.2 # fraction of table size before vacuum -#autovacuum_analyze_scale_factor = 0.1 # fraction of table size before analyze -#autovacuum_freeze_max_age = 200000000 # maximum XID age before forced vacuum - # (change requires restart) -#autovacuum_multixact_freeze_max_age = 400000000 # maximum multixact age - # before forced vacuum - # (change requires restart) -#autovacuum_vacuum_cost_delay = 20ms # default vacuum cost delay for - # autovacuum, in milliseconds; - # -1 means use vacuum_cost_delay -#autovacuum_vacuum_cost_limit = -1 # default vacuum cost limit for - # autovacuum, -1 means use - # vacuum_cost_limit - - -#------------------------------------------------------------------------------ -# CLIENT CONNECTION DEFAULTS -#------------------------------------------------------------------------------ - -# - Statement Behavior - - -#search_path = '"$user",public' # schema names -#default_tablespace = '' # a tablespace name, '' uses the default -#temp_tablespaces = '' # a list of tablespace names, '' uses - # only default tablespace -#check_function_bodies = on -#default_transaction_isolation = 'read committed' -#default_transaction_read_only = off -#default_transaction_deferrable = off -#session_replication_role = 'origin' -#statement_timeout = 0 # in milliseconds, 0 is disabled -#lock_timeout = 0 # in milliseconds, 0 is disabled -#vacuum_freeze_min_age = 50000000 -#vacuum_freeze_table_age = 150000000 -#vacuum_multixact_freeze_min_age = 5000000 -#vacuum_multixact_freeze_table_age = 150000000 -#bytea_output = 'hex' # hex, escape -#xmlbinary = 'base64' -#xmloption = 'content' -#gin_fuzzy_search_limit = 0 - -# - Locale and Formatting - - -datestyle = 'iso, mdy' -#intervalstyle = 'postgres' -timezone = 'UTC' -#timezone_abbreviations = 'Default' # Select the set of available time zone - # abbreviations. Currently, there are - # Default - # Australia (historical usage) - # India - # You can create your own file in - # share/timezonesets/. -#extra_float_digits = 0 # min -15, max 3 -#client_encoding = sql_ascii # actually, defaults to database - # encoding - -# These settings are initialized by initdb, but they can be changed. -lc_messages = 'en_US.utf8' # locale for system error message - # strings -lc_monetary = 'en_US.utf8' # locale for monetary formatting -lc_numeric = 'en_US.utf8' # locale for number formatting -lc_time = 'en_US.utf8' # locale for time formatting - -# default configuration for text search -default_text_search_config = 'pg_catalog.english' - -# - Other Defaults - - -#dynamic_library_path = '$libdir' -#local_preload_libraries = '' -#session_preload_libraries = '' - - -#------------------------------------------------------------------------------ -# LOCK MANAGEMENT -#------------------------------------------------------------------------------ - -#deadlock_timeout = 1s -#max_locks_per_transaction = 64 # min 10 - # (change requires restart) -# Note: Each lock table slot uses ~270 bytes of shared memory, and there are -# max_locks_per_transaction * (max_connections + max_prepared_transactions) -# lock table slots. -#max_pred_locks_per_transaction = 64 # min 10 - # (change requires restart) - - -#------------------------------------------------------------------------------ -# VERSION/PLATFORM COMPATIBILITY -#------------------------------------------------------------------------------ - -# - Previous PostgreSQL Versions - - -#array_nulls = on -#backslash_quote = safe_encoding # on, off, or safe_encoding -#default_with_oids = off -#escape_string_warning = on -#lo_compat_privileges = off -#quote_all_identifiers = off -#sql_inheritance = on -#standard_conforming_strings = on -#synchronize_seqscans = on - -# - Other Platforms and Clients - - -#transform_null_equals = off - - -#------------------------------------------------------------------------------ -# ERROR HANDLING -#------------------------------------------------------------------------------ - -#exit_on_error = off # terminate session on any error? -#restart_after_crash = on # reinitialize after backend crash? - - -#------------------------------------------------------------------------------ -# CONFIG FILE INCLUDES -#------------------------------------------------------------------------------ - -# These options allow settings to be loaded from files other than the -# default postgresql.conf. - -#include_dir = 'conf.d' # include files ending in '.conf' from - # directory 'conf.d' -#include_if_exists = 'exists.conf' # include file only if it exists -#include = 'special.conf' # include file - - -#------------------------------------------------------------------------------ -# CUSTOMIZED OPTIONS -#------------------------------------------------------------------------------ - -# Add settings for extensions here |