Skip to content
/ scripts-pony Public

Scripts hostname management interface

1 star 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mit-scripts/scripts-pony

2 Branches0 Tags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

amigdal-mitamigdal-mit
Let .mit.edu cert renewal script work when called from other director…
Aug 13, 2024
ffb8b48 · Aug 13, 2024

History

275 Commits
data
data
Dec 9, 2009
scripts
scripts
Jun 2, 2020
scriptspony
scriptspony
Mar 9, 2022
web_scripts
web_scripts
Sep 21, 2018
.gitignore
.gitignore
Dec 9, 2009
MANIFEST.in
MANIFEST.in
Jun 15, 2018
README
README
Jan 22, 2020
README.turbogears
README.turbogears
Dec 19, 2009
TODO
TODO
Jul 2, 2013
check_dns.py
check_dns.py
Sep 25, 2018
development.ini
development.ini
Mar 6, 2020
find_expiring_certs.py
find_expiring_certs.py
Jun 25, 2018
handle_cert_mail.py
handle_cert_mail.py
Apr 10, 2020
handle_mail.py
handle_mail.py
Sep 21, 2018
renew_mit_certs.py
renew_mit_certs.py
Aug 13, 2024
replace_ca.py
replace_ca.py
Jun 2, 2020
send_mitcert_request.py
send_mitcert_request.py
Jun 15, 2018
setup.cfg
setup.cfg
Jun 15, 2018
setup.py
setup.py
Jun 2, 2020
test.ini
test.ini
Dec 9, 2009

Repository files navigation

=== Checking Out ===

You can get your own clone of Scripts Pony by doing
"git clone https://github.com/mit-scripts/scripts-pony.git". Doing this in 
~/Scripts/turbogears/ is mildly recommended.

=== Install ===

To install your own instance of Scripts Pony, make a symbolic link
from somewhere in your web_scripts directory to your checkout of
Scripts Pony, and make sure that daemon.scripts can write in your checkout.

ln -s "$(pwd)/web_scripts" ~/web_scripts/pony
add consult
fsr sa . daemon.scripts write

You will also need to give daemon.scripts write access to ~/.local/bin and ~/.local/lib:
mkdir ~/.local/lib
fs sa ~/.local/lib daemon.scripts write
mkdir ~/.local/bin
fs sa ~/.local/bin daemon.scripts write

Pony will try to use your username+scripts-pony database on
sql.mit.edu.  Go to sql.mit.edu and create this database, and
be sure the login info in your ~/.my.conf is accurate.

Then ssh into scripts.mit.edu, cd into ~/Scripts/turbogears/scripts-pony, and run:
python setup.py develop --user
paster setup-app development.ini

=== Mail and Cron ===

To correctly process incoming mail, you need to be signed up for
mail_scripts and Pony needs the following in ~/mail_scripts/procmailrc:

:0w
* ^Delivered-To:.*pony\+.*@.*
| /mit/locker/Scripts/turbogears/scripts-pony/handle_mail.py

To periodically check DNS automatically for tickets blocking on DNS,
you need to be signed up for cron_scripts and load a crontab that
contains:

2,17,32,49 * * * * /mit/locker/Scripts/turbogears/scripts-pony/check_dns.py

=== Authentication and Authorization ===

Scripts Pony authenticates with ~/Private/scripts-pony.keytab,
if that exists.  If not, it uses no authentication (but can still
do reads).

Scripts Pony's LDAP user needs the following ACI on
ou=VirtualHosts,dc=scripts,dc=mit,dc=edu in order to make changes in
LDAP:

(target="ldap:///ou=VirtualHosts,dc=scripts,dc=mit,dc=edu")(targetattr="scriptsVhostDirectory || scriptsVhostAlias || scriptsVhostCertificate || scriptsVhostCertificateKeyFile")(version 3.0;acl "pony";allow (add, write, delete) userdn="ldap:///uid=daemon/scripts-pony.mit.edu,ou=People,dc=scripts,dc=mit,dc=edu";)

This assumes that the user in LDAP looks like:

dn: uid=daemon/scripts-pony.mit.edu,ou=People,dc=scripts,dc=mit,dc=edu
uid: daemon/scripts-pony.mit.edu
objectClass: account
objectClass: top

About

Scripts hostname management interface

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

9 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 13

Languages