| 1 | #!/bin/bash -ex |
| 2 | |
| 3 | # create a shared service user, that is not able to use mod_waklog. |
| 4 | |
| 5 | # MUST be executed: |
| 6 | # - on fritz |
| 7 | # - as a user with an /etc/sudoers line |
| 8 | # - member of "wheel" unix group on deleuze (FIXME: TRUE?) |
| 9 | # - while holding tickets for a user who can 'ssh -K' to all nodes |
| 10 | # - while holding tokens for a user who is: |
| 11 | # - a member of system:administrator |
| 12 | # - listed in 'bos listusers fritz' |
| 13 | # - and who has been set up with Domtool admin privileges by: |
| 14 | # - running 'domtool-adduser $USER' while holding AFS admin tokens as |
| 15 | # someone who is already a Domtool admin |
| 16 | # - running 'domtool-admin grant $USER priv all' as someone who is already a |
| 17 | # Domtool admin |
| 18 | # (To bootstrap yourself into admindom: |
| 19 | # 1. Run '/etc/init.d/domtool-server stop' on deleuze. |
| 20 | # 2. Run '/etc/init.d/domtool-slave stop' on all Domtool slave machines |
| 21 | # 3. Edit ~domtool/acl, following the example of adamc_admin to grant |
| 22 | # yourself 'priv all'. |
| 23 | # 4. Run '/etc/init.d/domtool-server start' on deleuze. |
| 24 | # 5. Run '/etc/init.d/domtool-slave start' on all Domtool slave |
| 25 | # machines. |
| 26 | # 6. Run 'domtool-adduser' as above.) |
| 27 | |
| 28 | NEWUSER=$1 |
| 29 | |
| 30 | if test -z "$NEWUSER"; then |
| 31 | echo "Invoke as create-user <USERNAME>" |
| 32 | exit 1 |
| 33 | fi |
| 34 | |
| 35 | source /afs/hcoop.net/common/etc/scripts/lib/create-user-lib.sh |
| 36 | |
| 37 | create_pts_user |
| 38 | |
| 39 | create_home_volume |
| 40 | |
| 41 | ensure_afs_servers_synced |