create-user: update for new servers

remove old servers, add new servers.

diff --git a/ca-install b/ca-install
index 60419ea..416cc0d 100755 (executable)
--- a/ca-install
+++ b/ca-install
@@ -58,7 +58,7 @@ function verify_cert () {
 
 # Make sure we run this from an admin host...
 if test "$(hostname -s)" != "gibran"; then
-    echo "Error: This script must be run from fritz."
+    echo "Error: This script must be run from gibran."
     exit 1
 fi
 

diff --git a/create-service-user b/create-service-user
index 83bdb1d..ef46669 100755 (executable)
--- a/create-service-user
+++ b/create-service-user
@@ -3,13 +3,13 @@
 # create a shared service user, that is not able to use mod_waklog.
 
 # MUST be executed:
-#  - on fritz
+#  - on gibran
 #  - as a user with an /etc/sudoers line
 #  - member of "wheel" unix group on deleuze (FIXME: TRUE?)
 #  - while holding tickets for a user who can 'ssh -K' to all nodes
 #  - while holding tokens for a user who is:
 #     - a member of system:administrator
-#     - listed in 'bos listusers fritz'
+#     - listed in 'bos listusers gibran'
 #  - and who has been set up with Domtool admin privileges by:
 #     - running 'domtool-adduser $USER' while holding AFS admin tokens as
 #       someone who is already a Domtool admin
@@ -38,4 +38,4 @@ create_pts_user
 
 create_home_volume
 
-ensure_afs_servers_synced
\ No newline at end of file
+ensure_afs_servers_synced

diff --git a/create-user-new b/create-user-new
index 20f647d..0d83f2d 100755 (executable)
--- a/create-user-new
+++ b/create-user-new
@@ -1,13 +1,13 @@
 #!/bin/bash -ex
 
 # MUST be executed:
-#  - on fritz
+#  - on gibran
 #  - as a user with an /etc/sudoers line
 #  - member of "wheel" unix group on deleuze (FIXME: TRUE?)
 #  - while holding tickets for a user who can 'ssh -K' to all nodes
 #  - while holding tokens for a user who is:
 #     - a member of system:administrator
-#     - listed in 'bos listusers fritz'
+#     - listed in 'bos listusers gibran'
 #  - and who has been set up with Domtool admin privileges by:
 #     - running 'domtool-adduser $USER' while holding AFS admin tokens as
 #       someone who is already a Domtool admin

diff --git a/destroy-user b/destroy-user
index 1879ec1..899917f 100755 (executable)
--- a/destroy-user
+++ b/destroy-user
@@ -88,11 +88,11 @@ pts delete $USER.daemon
 #fs rm /afs/hcoop.net/old/mail/$PATHBITS
 #fs rm /afs/hcoop.net/old/logs/$PATHBITS
 
-vos syncserv fritz
-vos syncvldb fritz
+vos syncserv gibran
+vos syncvldb gibran
 fs checkvolumes
 
 # Remove user from all of our mailing lists
-echo $USER@hcoop.net | ssh -K mccarthy sudo -u list \
+echo $USER@hcoop.net | ssh -K minsky sudo -u list \
     /var/lib/mailman/bin/remove_members --fromall -f -
 

diff --git a/freeze b/freeze
index 65e1f37..bfe9ed3 100755 (executable)
--- a/freeze
+++ b/freeze
@@ -3,7 +3,7 @@
 #
 # Purpose: freeze user (cancel user services except email), or unfreeze user.
 #
-# Usage (RUN AS _ADMIN USER ON FRITZ WITHOUT SUDO ... but it shouldn't matter where you run it):
+# Usage (RUN AS _ADMIN USER ON GIBRAN WITHOUT SUDO ... but it shouldn't matter where you run it):
 #
 # Display frozen users or details for one user (one user implies -verbose):
 #   freeze  [user], OR
@@ -97,8 +97,8 @@ use constant DRY => 0;
 use constant STORE => "/afs/hcoop.net/common/etc/frozen/cache";
 use constant DEFAULT_SHELL => '/bin/bash';
 use constant FROZEN_SHELL => '/afs/hcoop.net/common/etc/scripts/frozen_shell';
-use constant PUBLIC_ACCESS => (qw/bog/);
-use constant RUN_SERVER => 'fritz';
+use constant PUBLIC_ACCESS => (qw/marsh/);
+use constant RUN_SERVER => 'gibran';
 
 my $store = {}; # cached info
 my $action = 'list'; # list, freeze, unfreeze

diff --git a/lib/create-user-lib.sh b/lib/create-user-lib.sh
index a65b490..716d0da 100644 (file)
--- a/lib/create-user-lib.sh
+++ b/lib/create-user-lib.sh
@@ -35,21 +35,20 @@ MAILPATH=/afs/hcoop.net/common/email/$PATHBITS
 #
 
 function execute_on_web_nodes () {
-    ssh -K deleuze $*
-    ssh -K navajos $*
+    ssh -K shelob.hcoop.net $*
 }
 
 function execute_on_domtool_server () {
-    ssh -K fritz.hcoop.net $*
+    ssh -K gibran.hcoop.net $*
 }
 
 
 function execute_on_all_machines () {
     $*
-    ssh -K hopper.hcoop.net $*
-    ssh -K deleuze.hcoop.net $*
-    ssh -K navajos.hcoop.net $*
-    ssh -K bog.hcoop.net $*
+    ssh -K marsh.hcoop.net $*
+    ssh -K minsky.hcoop.net $*
+    ssh -K shelob.hcoop.net $*
+    ssh -K outpost.hcoop.net $*
 }
 
 #
@@ -99,18 +98,17 @@ function export_user_keytabs () {
     sudo chmod 440            /etc/keytabs/user.daemon/$NEWUSER
 
     # rsync keytabs
+    # only needed on nodes that will run code on behalf of members
+    # fixme: duplicates all server list
     (cd /etc/keytabs
        sudo tar clpf - user.daemon/$NEWUSER | \
-           ssh hopper.hcoop.net cd /etc/keytabs\; sudo tar xlpf -)
+           ssh marsh.hcoop.net cd /etc/keytabs\; sudo tar xlpf -)
     (cd /etc/keytabs
        sudo tar clpf - user.daemon/$NEWUSER | \
-           ssh deleuze.hcoop.net cd /etc/keytabs\; sudo tar xlpf -)
+           ssh minsky.hcoop.net cd /etc/keytabs\; sudo tar xlpf -)
     (cd /etc/keytabs
        sudo tar clpf - user.daemon/$NEWUSER | \
-           ssh navajos.hcoop.net cd /etc/keytabs\; sudo tar xlpf -)
-    (cd /etc/keytabs
-       sudo tar clpf - user.daemon/$NEWUSER | \
-           ssh bog.hcoop.net cd /etc/keytabs\; sudo tar xlpf -)
+           ssh shelob.hcoop.net cd /etc/keytabs\; sudo tar xlpf -)
 }
 
 
@@ -128,7 +126,7 @@ function create_home_volume () {
        vos rename user.$NEWUSER.d user.$NEWUSER
     fi
     vos examine user.$NEWUSER 2>/dev/null || \
-       vos create fritz.hcoop.net /vicepa user.$NEWUSER -maxquota 4000000
+       vos create gibran.hcoop.net /vicepa user.$NEWUSER -maxquota 4000000
 
     mkdir -p `dirname $HOMEPATH`
     fs ls $HOMEPATH || test -L $HOMEPATH || fs mkm $HOMEPATH user.$NEWUSER
@@ -153,7 +151,7 @@ function create_mail_volume () {
        vos rename mail.$NEWUSER.d mail.$NEWUSER
     fi
     vos examine mail.$NEWUSER 2>/dev/null || \
-       vos create fritz.hcoop.net /vicepa mail.$NEWUSER -maxquota 4000000
+       vos create gibran.hcoop.net /vicepa mail.$NEWUSER -maxquota 4000000
     
     mkdir -p `dirname $MAILPATH`
     fs ls $MAILPATH || fs mkm $MAILPATH         mail.$NEWUSER
@@ -170,7 +168,7 @@ function create_mail_volume () {
             "\n<http://wiki.hcoop.net/MemberManual/Email> on our website."| \
             mail -s "Welcome to your HCoop email store" \
             -e -a "From: postmaster@hcoop.net" \
-            real-$NEWUSER
+            real-$NEWUSER@hcoop.net
     fi
 
     chown $NEWUSER:nogroup $MAILPATH/cur $MAILPATH/new $MAILPATH/tmp
@@ -188,7 +186,7 @@ function create_mail_volume () {
                $file
        fi
     else
-       maildirmake --add SpamAssassin=/var/local/lib/spamd/Maildir \
+       maildirmake --add SpamAssassin=/afs/hcoop.net/user/s/sp/spamd/Maildir \
             $HOMEPATH/Maildir
     fi
 
@@ -276,7 +274,7 @@ function enable_domtool () {
 function subscribe_to_lists () {
     # Subscribe user to our mailing lists.
 
-    echo $NEWUSER@hcoop.net | ssh -K deleuze sudo -u list \
+    echo $NEWUSER@hcoop.net | ssh -K minsky sudo -u list  \
        /var/lib/mailman/bin/add_members -r - hcoop-announce
 }
 
@@ -284,8 +282,11 @@ function ensure_afs_servers_synced () {
     vos release old
     
     # technically this might not be necessary, but for good measure...
-    vos syncserv fritz
-    vos syncvldb fritz
+    local srv
+    for srv in gibran lovelace outpost; do
+       vos syncserv $srv
+       vos syncvldb $srv
+    done
     
     # refresh volume location cache (takes ~2hrs otherwise)
     execute_on_all_machines fs checkvolumes
@@ -297,14 +298,16 @@ function ensure_afs_servers_synced () {
 
 function create_fcgi_wrapper () {
     # note: might want to move this to domtool-adduser
-    local wrapper="/afs/hcoop.net/common/httpd/fastcgi/${PATHBITS}/${NEWUSER}-wrapper-wrapper"
-    mkdir -p /afs/hcoop.net/common/httpd/fastcgi/${PATHBITS}
+    local wrapper_dir="/afs/hcoop.net/common/etc/domtool/httpd/fastcgi/${PATHBITS}"
+    local wrapper="${wrapper_dir}/${NEWUSER}-wrapper-wrapper"
+    mkdir -p $wrapper_dir
     cat > $wrapper <<EOF
 #!/bin/bash
 
-exec k5start -qtUf /etc/keytabs/user.daemon/${NEWUSER} -- $@
+exec k5start -qtUf /etc/keytabs/user.daemon/${NEWUSER} -- \$@
 EOF
 
     chmod +x $wrapper
     chown $NEWUSER:nogroup $wrapper
+    chown $NEWUSER:nogroup $wrapper_dir
 }

diff --git a/listnew b/listnew
index 1236596..8ffc0b7 100755 (executable)
--- a/listnew
+++ b/listnew
@@ -1,6 +1,6 @@
 #!/bin/bash -e
 #
-# Make a new mailing list.  Run as user in sudoers on mccarthy.
+# Make a new mailing list.  Run as user in sudoers on minsky.
 #
 # Usage: listnew LISTNAME LISTDOMAIN LISTURL USER INITIAL_PASSWORD
 

diff --git a/quotacheck b/quotacheck
index 700c425..d4cb912 100755 (executable)
--- a/quotacheck
+++ b/quotacheck
@@ -54,7 +54,7 @@ use Data::Dumper qw/Dumper/;
 # Warn threshold
 our %threshold = ( user => 0.8, mail => 0.6, db => 0.4 );
 # AFS servers with volumes
-our @servers = qw/fritz gibran/;
+our @servers = qw/gibran/;
 # Which volumes we want?
 # (Your volumes need to be in format (TYPE).USERNAME, otherwise
 # you will have to modify below where we take .USERNAME to mean