[hcoop/scripts.git] / lib / create-user-lib.sh

# -*- sh-mode -*-

# Library functions for create-user scripts
# Export the $NEWUSER variable before sourcing!

# Functionality is split so that the scripts for creating real users,
# service users, and web service users can share as much code as
# possible.

# This has probably grown to the point where it shouldn't be a shell
# script any more.

# ALWAYS REMEMBER: THIS MUST BE IDEMPOTENT! re creating a user is
# something that should be perfectly permissible, and is something
# that we do somewhat regularly (to bring old accounts up to date).

export PATH=$PATH:/afs/hcoop.net/common/bin/

if test -z "$NEWUSER"; then
	echo "NEWUSER not set before sourcing create user library"
	exit 1
fi

#
# Construct various paths for later perusal.
#

# (If it's not clear, for user fred, PATHBITS = f/fr/fred)
PATHBITS=`echo $NEWUSER | head -c 1`/`echo $NEWUSER | head -c 2`/$NEWUSER
HOMEPATH=/afs/hcoop.net/user/$PATHBITS
MAILPATH=/afs/hcoop.net/common/email/$PATHBITS

#
# Helper functions
#

function execute_on_web_nodes () {
    ssh -K deleuze $*
    ssh -K navajos $*
}

function execute_on_domtool_server () {
    ssh -K fritz.hcoop.net $*
}


function execute_on_all_machines () {
    $*
    ssh -K hopper.hcoop.net $*
    ssh -K deleuze.hcoop.net $*
    ssh -K navajos.hcoop.net $*
    ssh -K bog.hcoop.net $*
}

#
# User credentials
#

function create_pts_user () {
    # Create primary user kerberos principle and afs pts user

    # We use -randkey for user's main principal as well, to make sure
    # that the creation process does not continue without having a
    # main principal. (But you who want to set password for a user,
    # don't worry - we'll invoke cpw later, so that it has the same
    # effect as setting password right now - while it is more error
    # tolerant).

    sudo kadmin.local -p root/admin -q "ank -policy user -randkey +requires_preauth $NEWUSER@HCOOP.NET"
    sudo kadmin.local -p root/admin -q "modprinc -maxlife 1day $NEWUSER@HCOOP.NET"

    pts cu $NEWUSER || true
}

function create_pts_user_daemon () {

    # Create additional kerberos principles ($user.daemon for now, in
    # theory also $user.mail, $user.cgi) and pts users for any used to
    # gain afs access ($user.daemon only)
    sudo kadmin.local -p root/admin -q "ank -policy daemon -randkey +requires_preauth $NEWUSER/daemon@HCOOP.NET"
    pts cu $NEWUSER.daemon || true
}

function export_user_keytabs () {

    # Export .mailfilter and .cgi keys to a keytab file

    # This is suboptimal, we need to generate keytabs for
    # cgi/mail/etc. separately, and only sync to the nodes that
    # perform the services in question

    # create a daemon keytab (used by /etc/exim4/get-token)
    # *only* if it does not exist!
    test -e /etc/keytabs/user.daemon/$NEWUSER || \
	sudo kadmin.local -p root/admin -q "ktadd -k /etc/keytabs/user.daemon/$NEWUSER $NEWUSER/daemon@HCOOP.NET"

    # Properly chown/mod keytab files (must be $NEWUSER:www-data)
    sudo chown $NEWUSER:www-data /etc/keytabs/user.daemon/$NEWUSER
    sudo chmod 440            /etc/keytabs/user.daemon/$NEWUSER

    # rsync keytabs
    (cd /etc/keytabs
	sudo tar clpf - user.daemon/$NEWUSER | \
	    ssh hopper.hcoop.net cd /etc/keytabs\; sudo tar xlpf -)
    (cd /etc/keytabs
	sudo tar clpf - user.daemon/$NEWUSER | \
	    ssh deleuze.hcoop.net cd /etc/keytabs\; sudo tar xlpf -)
    (cd /etc/keytabs
	sudo tar clpf - user.daemon/$NEWUSER | \
	    ssh navajos.hcoop.net cd /etc/keytabs\; sudo tar xlpf -)
    (cd /etc/keytabs
	sudo tar clpf - user.daemon/$NEWUSER | \
	    ssh bog.hcoop.net cd /etc/keytabs\; sudo tar xlpf -)
}


#
# Create/mount/set-perms on user's volumes (home, mail, databases, logs)
#

# Each function that creates an afs volume should ensure that the
# backup volume is created and mounted for users.

function create_home_volume () {

    if vos examine user.$NEWUSER.d 2>/dev/null; then
	echo "Reactivating old volume (user.$NEWUSER.d)"
	vos rename user.$NEWUSER.d user.$NEWUSER
    fi
    vos examine user.$NEWUSER 2>/dev/null || \
	vos create fritz.hcoop.net /vicepa user.$NEWUSER -maxquota 4000000

    mkdir -p `dirname $HOMEPATH`
    fs ls $HOMEPATH || test -L $HOMEPATH || fs mkm $HOMEPATH user.$NEWUSER
    chown $NEWUSER:nogroup $HOMEPATH
    fs sa $HOMEPATH $NEWUSER            all
    fs sa $HOMEPATH system:anyuser   l
    # cleanliness / needed to keep suphp happy
    chown root:root $HOMEPATH/../../
    chown root:root $HOMEPATH/../
    
    # backup volume
    mkdir -p `dirname /afs/hcoop.net/.old/user/$PATHBITS`
    fs ls /afs/hcoop.net/.old/user/$PATHBITS || \
	fs mkm /afs/hcoop.net/.old/user/$PATHBITS user.$NEWUSER.backup
}


function create_mail_volume () {

    if vos examine mail.$NEWUSER.d 2>/dev/null; then
	echo "Reactivating old volume (mail.$NEWUSER.d)"
	vos rename mail.$NEWUSER.d mail.$NEWUSER
    fi
    vos examine mail.$NEWUSER 2>/dev/null || \
	vos create fritz.hcoop.net /vicepa mail.$NEWUSER -maxquota 4000000
    
    mkdir -p `dirname $MAILPATH`
    fs ls $MAILPATH || fs mkm $MAILPATH         mail.$NEWUSER
    fs ls $HOMEPATH/Maildir || fs mkm $HOMEPATH/Maildir mail.$NEWUSER
    chown $NEWUSER:nogroup $MAILPATH
    chown $NEWUSER:nogroup $HOMEPATH/Maildir
    fs sa $MAILPATH $NEWUSER        all
    fs sa $MAILPATH $NEWUSER.daemon all

    if test ! -e $MAILPATH/new; then
	mkdir -p $MAILPATH/cur $MAILPATH/new $MAILPATH/tmp
	echo -e "This email account is provided as a service for HCoop members." \
            "\n\nTo learn how to use it, please visit the page" \
            "\n<http://wiki.hcoop.net/MemberManual/Email> on our website."| \
            mail -s "Welcome to your HCoop email store" \
            -e -a "From: postmaster@hcoop.net" \
            real-$NEWUSER
    fi

    chown $NEWUSER:nogroup $MAILPATH/cur $MAILPATH/new $MAILPATH/tmp

    # Set up shared SpamAssassin folder
    if test -f $HOMEPATH/Maildir/shared-maildirs; then
        # Deal with case where user rsync'd their Maildir from fyodor
        # Not an issue now, but harmless and can be adapted when we
        # move the spamd dirs into afs where they belong later.
	pattern='^SpamAssassin	/home/spamd'
	file=$HOMEPATH/Maildir/shared-maildirs
	if grep $pattern $file; then
            sed -i -r -e \
		's!^(SpamAssassin	)/home/spamd!\1/var/local/lib/spamd!1' \
		$file
	fi
    else
	maildirmake --add SpamAssassin=/var/local/lib/spamd/Maildir \
            $HOMEPATH/Maildir
    fi

    mkdir -p `dirname /afs/hcoop.net/.old/mail/$PATHBITS`
    fs ls /afs/hcoop.net/.old/mail/$PATHBITS || \
	fs mkm /afs/hcoop.net/.old/mail/$PATHBITS mail.$NEWUSER.backup
    vos release old
}

function seed_user_hcoop_directories () {
    # Additional standard directories. Some of these should probably
    # be on their own volumes, and access via a canonical path instead
    # to give users more control over their home dir without risking
    # breaking system services.

    # Apache logs
    mkdir -p $HOMEPATH/.logs
    chown $NEWUSER:nogroup $HOMEPATH/.logs
    mkdir -p $HOMEPATH/.logs/apache
    chown $NEWUSER:nogroup $HOMEPATH/.logs/apache
    fs sa $HOMEPATH/.logs/apache $NEWUSER.daemon rlwidk
    fs sa $HOMEPATH/.logs/apache webalizer read
    mkdir -p $HOMEPATH/.logs/mail
    fs sa $HOMEPATH/.logs/mail $NEWUSER.daemon rlwidk
    chown $NEWUSER:nogroup $HOMEPATH/.logs/mail

    # public_html
    test -e $HOMEPATH/public_html || \
	(mkdir -p $HOMEPATH/public_html; \
	chown $NEWUSER:nogroup $HOMEPATH/public_html; \
	fs sa $HOMEPATH/public_html system:anyuser none; \
	fs sa $HOMEPATH/public_html $NEWUSER.daemon rl)

    # .procmail.d
    mkdir -p $HOMEPATH/.procmail.d
    chown $NEWUSER:nogroup $HOMEPATH/.procmail.d
    fs sa $HOMEPATH/.procmail.d system:anyuser rl

    # .public
    mkdir -p $HOMEPATH/.public/
    chown $NEWUSER:nogroup $HOMEPATH/.public
    fs sa $HOMEPATH/.public system:anyuser rl

    # .domtool
    mkdir -p $HOMEPATH/.public/.domtool
    chown $NEWUSER:nogroup $HOMEPATH/.public/.domtool
    test -e $HOMEPATH/.domtool || \
	test -L $HOMEPATH/.domtool || \
        execute_on_domtool_server ln -s $HOMEPATH/.public/.domtool $HOMEPATH/.domtool
        execute_on_domtool_server chown $NEWUSER $HOMEPATH/.domtool 
        # ^^ work around sudo env_reset crap without having to
        # actually figure out how to make it work cleanly -- clinton,
        # 2011-11-30

    # Gitweb hosting
    test -L /var/cache/git/$NEWUSER || \
	sudo ln -s $HOMEPATH/.hcoop-git /var/cache/git/$NEWUSER

}

#
# Non-AFS files and directories
#

function create_dav_locks () {
    # Make per-user apache DAV lock directory -- the directory must be
    # both user and group-writable, which is silly.
    execute_on_web_nodes sudo mkdir -p /var/lock/apache2/dav/$NEWUSER
    execute_on_web_nodes sudo chown $NEWUSER:www-data /var/lock/apache2/dav/$NEWUSER
    execute_on_web_nodes sudo chmod ug=rwx,o= /var/lock/apache2/dav/$NEWUSER
}

function setup_user_databases () {
    sudo /afs/hcoop.net/common/etc/scripts/create-user-database $NEWUSER
}

#
# etc
#

function enable_domtool () {
    execute_on_domtool_server domtool-adduser $NEWUSER
}

function subscribe_to_lists () {
    # Subscribe user to our mailing lists.

    echo $NEWUSER@hcoop.net | ssh -K deleuze sudo -u list \
	/var/lib/mailman/bin/add_members -r - hcoop-announce
}

function ensure_afs_servers_synced () {
    vos release old
    
    # technically this might not be necessary, but for good measure...
    vos syncserv fritz
    vos syncvldb fritz
    
    # refresh volume location cache (takes ~2hrs otherwise)
    execute_on_all_machines fs checkvolumes
}
Commit	Line	Data
abfe84ca CE	1	# -- sh-mode --
	2
	3	# Library functions for create-user scripts
	4	# Export the $NEWUSER variable before sourcing!
	5
	6	# Functionality is split so that the scripts for creating real users,
	7	# service users, and web service users can share as much code as
	8	# possible.
	9
	10	# This has probably grown to the point where it shouldn't be a shell
	11	# script any more.
	12
	13	# ALWAYS REMEMBER: THIS MUST BE IDEMPOTENT! re creating a user is
	14	# something that should be perfectly permissible, and is something
	15	# that we do somewhat regularly (to bring old accounts up to date).
	16
	17	export PATH=$PATH:/afs/hcoop.net/common/bin/
	18
	19	if test -z "$NEWUSER"; then
	20	echo "NEWUSER not set before sourcing create user library"
	21	exit 1
	22	fi
	23
	24	#
	25	# Construct various paths for later perusal.
	26	#
	27
	28	# (If it's not clear, for user fred, PATHBITS = f/fr/fred)
	29	PATHBITS=`echo $NEWUSER \| head -c 1`/`echo $NEWUSER \| head -c 2`/$NEWUSER
	30	HOMEPATH=/afs/hcoop.net/user/$PATHBITS
	31	MAILPATH=/afs/hcoop.net/common/email/$PATHBITS
	32
	33	#
	34	# Helper functions
	35	#
	36
	37	function execute_on_web_nodes () {
	38	ssh -K deleuze $*
abfe84ca CE	39	ssh -K navajos $*
	40	}
	41
	42	function execute_on_domtool_server () {
c6119dbd	43	ssh -K fritz.hcoop.net $*
abfe84ca CE	44	}
	45
	46
	47	function execute_on_all_machines () {
	48	$*
abfe84ca CE	49	ssh -K hopper.hcoop.net $*
	50	ssh -K deleuze.hcoop.net $*
	51	ssh -K navajos.hcoop.net $*
	52	ssh -K bog.hcoop.net $*
	53	}
	54
	55	#
	56	# User credentials
	57	#
	58
	59	function create_pts_user () {
	60	# Create primary user kerberos principle and afs pts user
	61
	62	# We use -randkey for user's main principal as well, to make sure
	63	# that the creation process does not continue without having a
	64	# main principal. (But you who want to set password for a user,
	65	# don't worry - we'll invoke cpw later, so that it has the same
	66	# effect as setting password right now - while it is more error
	67	# tolerant).
	68
	69	sudo kadmin.local -p root/admin -q "ank -policy user -randkey +requires_preauth $NEWUSER@HCOOP.NET"
	70	sudo kadmin.local -p root/admin -q "modprinc -maxlife 1day $NEWUSER@HCOOP.NET"
	71
	72	pts cu $NEWUSER \|\| true
	73	}
	74
	75	function create_pts_user_daemon () {
	76
	77	# Create additional kerberos principles ($user.daemon for now, in
	78	# theory also $user.mail, $user.cgi) and pts users for any used to
	79	# gain afs access ($user.daemon only)
	80	sudo kadmin.local -p root/admin -q "ank -policy daemon -randkey +requires_preauth $NEWUSER/daemon@HCOOP.NET"
	81	pts cu $NEWUSER.daemon \|\| true
	82	}
	83
	84	function export_user_keytabs () {
	85
	86	# Export .mailfilter and .cgi keys to a keytab file
	87
	88	# This is suboptimal, we need to generate keytabs for
	89	# cgi/mail/etc. separately, and only sync to the nodes that
	90	# perform the services in question
	91
	92	# create a daemon keytab (used by /etc/exim4/get-token)
	93	# only if it does not exist!
	94	test -e /etc/keytabs/user.daemon/$NEWUSER \|\| \
	95	sudo kadmin.local -p root/admin -q "ktadd -k /etc/keytabs/user.daemon/$NEWUSER $NEWUSER/daemon@HCOOP.NET"
	96
	97	# Properly chown/mod keytab files (must be $NEWUSER:www-data)
	98	sudo chown $NEWUSER:www-data /etc/keytabs/user.daemon/$NEWUSER
	99	sudo chmod 440 /etc/keytabs/user.daemon/$NEWUSER
	100
	101	# rsync keytabs
abfe84ca CE	102	(cd /etc/keytabs
	103	sudo tar clpf - user.daemon/$NEWUSER \| \
	104	ssh hopper.hcoop.net cd /etc/keytabs\; sudo tar xlpf -)
	105	(cd /etc/keytabs
	106	sudo tar clpf - user.daemon/$NEWUSER \| \
	107	ssh deleuze.hcoop.net cd /etc/keytabs\; sudo tar xlpf -)
	108	(cd /etc/keytabs
	109	sudo tar clpf - user.daemon/$NEWUSER \| \
	110	ssh navajos.hcoop.net cd /etc/keytabs\; sudo tar xlpf -)
	111	(cd /etc/keytabs
	112	sudo tar clpf - user.daemon/$NEWUSER \| \
	113	ssh bog.hcoop.net cd /etc/keytabs\; sudo tar xlpf -)
	114	}
	115
	116
	117	#
	118	# Create/mount/set-perms on user's volumes (home, mail, databases, logs)
	119	#
	120
	121	# Each function that creates an afs volume should ensure that the
	122	# backup volume is created and mounted for users.
	123
	124	function create_home_volume () {
	125
	126	if vos examine user.$NEWUSER.d 2>/dev/null; then
	127	echo "Reactivating old volume (user.$NEWUSER.d)"
	128	vos rename user.$NEWUSER.d user.$NEWUSER
	129	fi
	130	vos examine user.$NEWUSER 2>/dev/null \|\| \
8b5b63b2	131	vos create fritz.hcoop.net /vicepa user.$NEWUSER -maxquota 4000000
abfe84ca CE	132
	133	mkdir -p `dirname $HOMEPATH`
	134	fs ls $HOMEPATH \|\| test -L $HOMEPATH \|\| fs mkm $HOMEPATH user.$NEWUSER
	135	chown $NEWUSER:nogroup $HOMEPATH
	136	fs sa $HOMEPATH $NEWUSER all
	137	fs sa $HOMEPATH system:anyuser l
	138	# cleanliness / needed to keep suphp happy
	139	chown root:root $HOMEPATH/../../
	140	chown root:root $HOMEPATH/../
	141
	142	# backup volume
	143	mkdir -p `dirname /afs/hcoop.net/.old/user/$PATHBITS`
	144	fs ls /afs/hcoop.net/.old/user/$PATHBITS \|\| \
	145	fs mkm /afs/hcoop.net/.old/user/$PATHBITS user.$NEWUSER.backup
	146	}
	147
	148
	149	function create_mail_volume () {
	150
	151	if vos examine mail.$NEWUSER.d 2>/dev/null; then
	152	echo "Reactivating old volume (mail.$NEWUSER.d)"
	153	vos rename mail.$NEWUSER.d mail.$NEWUSER
	154	fi
	155	vos examine mail.$NEWUSER 2>/dev/null \|\| \
8b5b63b2	156	vos create fritz.hcoop.net /vicepa mail.$NEWUSER -maxquota 4000000
abfe84ca CE	157
	158	mkdir -p `dirname $MAILPATH`
	159	fs ls $MAILPATH \|\| fs mkm $MAILPATH mail.$NEWUSER
	160	fs ls $HOMEPATH/Maildir \|\| fs mkm $HOMEPATH/Maildir mail.$NEWUSER
	161	chown $NEWUSER:nogroup $MAILPATH
	162	chown $NEWUSER:nogroup $HOMEPATH/Maildir
	163	fs sa $MAILPATH $NEWUSER all
	164	fs sa $MAILPATH $NEWUSER.daemon all
	165
	166	if test ! -e $MAILPATH/new; then
	167	mkdir -p $MAILPATH/cur $MAILPATH/new $MAILPATH/tmp
	168	echo -e "This email account is provided as a service for HCoop members." \
	169	"\n\nTo learn how to use it, please visit the page" \
	170	"\n<http://wiki.hcoop.net/MemberManual/Email> on our website."\| \
	171	mail -s "Welcome to your HCoop email store" \
	172	-e -a "From: postmaster@hcoop.net" \
	173	real-$NEWUSER
	174	fi
	175
	176	chown $NEWUSER:nogroup $MAILPATH/cur $MAILPATH/new $MAILPATH/tmp
	177
	178	# Set up shared SpamAssassin folder
	179	if test -f $HOMEPATH/Maildir/shared-maildirs; then
	180	# Deal with case where user rsync'd their Maildir from fyodor
	181	# Not an issue now, but harmless and can be adapted when we
	182	# move the spamd dirs into afs where they belong later.
	183	pattern='^SpamAssassin /home/spamd'
	184	file=$HOMEPATH/Maildir/shared-maildirs
	185	if grep $pattern $file; then
	186	sed -i -r -e \
	187	's!^(SpamAssassin )/home/spamd!\1/var/local/lib/spamd!1' \
	188	$file
	189	fi
	190	else
	191	maildirmake --add SpamAssassin=/var/local/lib/spamd/Maildir \
	192	$HOMEPATH/Maildir
	193	fi
	194
	195	mkdir -p `dirname /afs/hcoop.net/.old/mail/$PATHBITS`
	196	fs ls /afs/hcoop.net/.old/mail/$PATHBITS \|\| \
	197	fs mkm /afs/hcoop.net/.old/mail/$PATHBITS mail.$NEWUSER.backup
	198	vos release old
	199	}
	200
	201	function seed_user_hcoop_directories () {
	202	# Additional standard directories. Some of these should probably
	203	# be on their own volumes, and access via a canonical path instead
	204	# to give users more control over their home dir without risking
	205	# breaking system services.
	206
	207	# Apache logs
	208	mkdir -p $HOMEPATH/.logs
	209	chown $NEWUSER:nogroup $HOMEPATH/.logs
	210	mkdir -p $HOMEPATH/.logs/apache
	211	chown $NEWUSER:nogroup $HOMEPATH/.logs/apache
	212	fs sa $HOMEPATH/.logs/apache $NEWUSER.daemon rlwidk
e26d1812	213	fs sa $HOMEPATH/.logs/apache webalizer read
abfe84ca CE	214	mkdir -p $HOMEPATH/.logs/mail
	215	fs sa $HOMEPATH/.logs/mail $NEWUSER.daemon rlwidk
	216	chown $NEWUSER:nogroup $HOMEPATH/.logs/mail
	217
	218	# public_html
	219	test -e $HOMEPATH/public_html \|\| \
	220	(mkdir -p $HOMEPATH/public_html; \
	221	chown $NEWUSER:nogroup $HOMEPATH/public_html; \
	222	fs sa $HOMEPATH/public_html system:anyuser none; \
	223	fs sa $HOMEPATH/public_html $NEWUSER.daemon rl)
	224
	225	# .procmail.d
	226	mkdir -p $HOMEPATH/.procmail.d
	227	chown $NEWUSER:nogroup $HOMEPATH/.procmail.d
	228	fs sa $HOMEPATH/.procmail.d system:anyuser rl
	229
	230	# .public
	231	mkdir -p $HOMEPATH/.public/
	232	chown $NEWUSER:nogroup $HOMEPATH/.public
	233	fs sa $HOMEPATH/.public system:anyuser rl
	234
	235	# .domtool
	236	mkdir -p $HOMEPATH/.public/.domtool
	237	chown $NEWUSER:nogroup $HOMEPATH/.public/.domtool
	238	test -e $HOMEPATH/.domtool \|\| \
	239	test -L $HOMEPATH/.domtool \|\| \
39aa6e0c	240	execute_on_domtool_server ln -s $HOMEPATH/.public/.domtool $HOMEPATH/.domtool
39aa6e0c	241	execute_on_domtool_server chown $NEWUSER $HOMEPATH/.domtool
abfe84ca CE	242	# ^^ work around sudo env_reset crap without having to
	243	# actually figure out how to make it work cleanly -- clinton,
	244	# 2011-11-30
	245
	246	# Gitweb hosting
	247	test -L /var/cache/git/$NEWUSER \|\| \
	248	sudo ln -s $HOMEPATH/.hcoop-git /var/cache/git/$NEWUSER
	249
	250	}
	251
	252	#
	253	# Non-AFS files and directories
	254	#
	255
	256	function create_dav_locks () {
	257	# Make per-user apache DAV lock directory -- the directory must be
	258	# both user and group-writable, which is silly.
	259	execute_on_web_nodes sudo mkdir -p /var/lock/apache2/dav/$NEWUSER
	260	execute_on_web_nodes sudo chown $NEWUSER:www-data /var/lock/apache2/dav/$NEWUSER
	261	execute_on_web_nodes sudo chmod ug=rwx,o= /var/lock/apache2/dav/$NEWUSER
	262	}
	263
	264	function setup_user_databases () {
	265	sudo /afs/hcoop.net/common/etc/scripts/create-user-database $NEWUSER
	266	}
	267
	268	#
	269	# etc
	270	#
	271
	272	function enable_domtool () {
	273	execute_on_domtool_server domtool-adduser $NEWUSER
	274	}
	275
	276	function subscribe_to_lists () {
	277	# Subscribe user to our mailing lists.
	278
	279	echo $NEWUSER@hcoop.net \| ssh -K deleuze sudo -u list \
	280	/var/lib/mailman/bin/add_members -r - hcoop-announce
	281	}
	282
	283	function ensure_afs_servers_synced () {
	284	vos release old
	285
	286	# technically this might not be necessary, but for good measure...
	287	vos syncserv fritz
	288	vos syncvldb fritz
	289
	290	# refresh volume location cache (takes ~2hrs otherwise)
	291	execute_on_all_machines fs checkvolumes
	292	}