remove old servers, add new servers.
# Make sure we run this from an admin host...
if test "$(hostname -s)" != "gibran"; then
# Make sure we run this from an admin host...
if test "$(hostname -s)" != "gibran"; then
- echo "Error: This script must be run from fritz."
+ echo "Error: This script must be run from gibran."
# create a shared service user, that is not able to use mod_waklog.
# MUST be executed:
# create a shared service user, that is not able to use mod_waklog.
# MUST be executed:
# - as a user with an /etc/sudoers line
# - member of "wheel" unix group on deleuze (FIXME: TRUE?)
# - while holding tickets for a user who can 'ssh -K' to all nodes
# - while holding tokens for a user who is:
# - a member of system:administrator
# - as a user with an /etc/sudoers line
# - member of "wheel" unix group on deleuze (FIXME: TRUE?)
# - while holding tickets for a user who can 'ssh -K' to all nodes
# - while holding tokens for a user who is:
# - a member of system:administrator
-# - listed in 'bos listusers fritz'
+# - listed in 'bos listusers gibran'
# - and who has been set up with Domtool admin privileges by:
# - running 'domtool-adduser $USER' while holding AFS admin tokens as
# someone who is already a Domtool admin
# - and who has been set up with Domtool admin privileges by:
# - running 'domtool-adduser $USER' while holding AFS admin tokens as
# someone who is already a Domtool admin
-ensure_afs_servers_synced
\ No newline at end of file
+ensure_afs_servers_synced
#!/bin/bash -ex
# MUST be executed:
#!/bin/bash -ex
# MUST be executed:
# - as a user with an /etc/sudoers line
# - member of "wheel" unix group on deleuze (FIXME: TRUE?)
# - while holding tickets for a user who can 'ssh -K' to all nodes
# - while holding tokens for a user who is:
# - a member of system:administrator
# - as a user with an /etc/sudoers line
# - member of "wheel" unix group on deleuze (FIXME: TRUE?)
# - while holding tickets for a user who can 'ssh -K' to all nodes
# - while holding tokens for a user who is:
# - a member of system:administrator
-# - listed in 'bos listusers fritz'
+# - listed in 'bos listusers gibran'
# - and who has been set up with Domtool admin privileges by:
# - running 'domtool-adduser $USER' while holding AFS admin tokens as
# someone who is already a Domtool admin
# - and who has been set up with Domtool admin privileges by:
# - running 'domtool-adduser $USER' while holding AFS admin tokens as
# someone who is already a Domtool admin
#fs rm /afs/hcoop.net/old/mail/$PATHBITS
#fs rm /afs/hcoop.net/old/logs/$PATHBITS
#fs rm /afs/hcoop.net/old/mail/$PATHBITS
#fs rm /afs/hcoop.net/old/logs/$PATHBITS
-vos syncserv fritz
-vos syncvldb fritz
+vos syncserv gibran
+vos syncvldb gibran
fs checkvolumes
# Remove user from all of our mailing lists
fs checkvolumes
# Remove user from all of our mailing lists
-echo $USER@hcoop.net | ssh -K mccarthy sudo -u list \
+echo $USER@hcoop.net | ssh -K minsky sudo -u list \
/var/lib/mailman/bin/remove_members --fromall -f -
/var/lib/mailman/bin/remove_members --fromall -f -
#
# Purpose: freeze user (cancel user services except email), or unfreeze user.
#
#
# Purpose: freeze user (cancel user services except email), or unfreeze user.
#
-# Usage (RUN AS _ADMIN USER ON FRITZ WITHOUT SUDO ... but it shouldn't matter where you run it):
+# Usage (RUN AS _ADMIN USER ON GIBRAN WITHOUT SUDO ... but it shouldn't matter where you run it):
#
# Display frozen users or details for one user (one user implies -verbose):
# freeze [user], OR
#
# Display frozen users or details for one user (one user implies -verbose):
# freeze [user], OR
use constant STORE => "/afs/hcoop.net/common/etc/frozen/cache";
use constant DEFAULT_SHELL => '/bin/bash';
use constant FROZEN_SHELL => '/afs/hcoop.net/common/etc/scripts/frozen_shell';
use constant STORE => "/afs/hcoop.net/common/etc/frozen/cache";
use constant DEFAULT_SHELL => '/bin/bash';
use constant FROZEN_SHELL => '/afs/hcoop.net/common/etc/scripts/frozen_shell';
-use constant PUBLIC_ACCESS => (qw/bog/);
-use constant RUN_SERVER => 'fritz';
+use constant PUBLIC_ACCESS => (qw/marsh/);
+use constant RUN_SERVER => 'gibran';
my $store = {}; # cached info
my $action = 'list'; # list, freeze, unfreeze
my $store = {}; # cached info
my $action = 'list'; # list, freeze, unfreeze
#
function execute_on_web_nodes () {
#
function execute_on_web_nodes () {
- ssh -K deleuze $*
- ssh -K navajos $*
+ ssh -K shelob.hcoop.net $*
}
function execute_on_domtool_server () {
}
function execute_on_domtool_server () {
- ssh -K fritz.hcoop.net $*
+ ssh -K gibran.hcoop.net $*
}
function execute_on_all_machines () {
$*
}
function execute_on_all_machines () {
$*
- ssh -K hopper.hcoop.net $*
- ssh -K deleuze.hcoop.net $*
- ssh -K navajos.hcoop.net $*
- ssh -K bog.hcoop.net $*
+ ssh -K marsh.hcoop.net $*
+ ssh -K minsky.hcoop.net $*
+ ssh -K shelob.hcoop.net $*
+ ssh -K outpost.hcoop.net $*
sudo chmod 440 /etc/keytabs/user.daemon/$NEWUSER
# rsync keytabs
sudo chmod 440 /etc/keytabs/user.daemon/$NEWUSER
# rsync keytabs
+ # only needed on nodes that will run code on behalf of members
+ # fixme: duplicates all server list
(cd /etc/keytabs
sudo tar clpf - user.daemon/$NEWUSER | \
(cd /etc/keytabs
sudo tar clpf - user.daemon/$NEWUSER | \
- ssh hopper.hcoop.net cd /etc/keytabs\; sudo tar xlpf -)
+ ssh marsh.hcoop.net cd /etc/keytabs\; sudo tar xlpf -)
(cd /etc/keytabs
sudo tar clpf - user.daemon/$NEWUSER | \
(cd /etc/keytabs
sudo tar clpf - user.daemon/$NEWUSER | \
- ssh deleuze.hcoop.net cd /etc/keytabs\; sudo tar xlpf -)
+ ssh minsky.hcoop.net cd /etc/keytabs\; sudo tar xlpf -)
(cd /etc/keytabs
sudo tar clpf - user.daemon/$NEWUSER | \
(cd /etc/keytabs
sudo tar clpf - user.daemon/$NEWUSER | \
- ssh navajos.hcoop.net cd /etc/keytabs\; sudo tar xlpf -)
- (cd /etc/keytabs
- sudo tar clpf - user.daemon/$NEWUSER | \
- ssh bog.hcoop.net cd /etc/keytabs\; sudo tar xlpf -)
+ ssh shelob.hcoop.net cd /etc/keytabs\; sudo tar xlpf -)
vos rename user.$NEWUSER.d user.$NEWUSER
fi
vos examine user.$NEWUSER 2>/dev/null || \
vos rename user.$NEWUSER.d user.$NEWUSER
fi
vos examine user.$NEWUSER 2>/dev/null || \
- vos create fritz.hcoop.net /vicepa user.$NEWUSER -maxquota 4000000
+ vos create gibran.hcoop.net /vicepa user.$NEWUSER -maxquota 4000000
mkdir -p `dirname $HOMEPATH`
fs ls $HOMEPATH || test -L $HOMEPATH || fs mkm $HOMEPATH user.$NEWUSER
mkdir -p `dirname $HOMEPATH`
fs ls $HOMEPATH || test -L $HOMEPATH || fs mkm $HOMEPATH user.$NEWUSER
vos rename mail.$NEWUSER.d mail.$NEWUSER
fi
vos examine mail.$NEWUSER 2>/dev/null || \
vos rename mail.$NEWUSER.d mail.$NEWUSER
fi
vos examine mail.$NEWUSER 2>/dev/null || \
- vos create fritz.hcoop.net /vicepa mail.$NEWUSER -maxquota 4000000
+ vos create gibran.hcoop.net /vicepa mail.$NEWUSER -maxquota 4000000
mkdir -p `dirname $MAILPATH`
fs ls $MAILPATH || fs mkm $MAILPATH mail.$NEWUSER
mkdir -p `dirname $MAILPATH`
fs ls $MAILPATH || fs mkm $MAILPATH mail.$NEWUSER
"\n<http://wiki.hcoop.net/MemberManual/Email> on our website."| \
mail -s "Welcome to your HCoop email store" \
-e -a "From: postmaster@hcoop.net" \
"\n<http://wiki.hcoop.net/MemberManual/Email> on our website."| \
mail -s "Welcome to your HCoop email store" \
-e -a "From: postmaster@hcoop.net" \
+ real-$NEWUSER@hcoop.net
fi
chown $NEWUSER:nogroup $MAILPATH/cur $MAILPATH/new $MAILPATH/tmp
fi
chown $NEWUSER:nogroup $MAILPATH/cur $MAILPATH/new $MAILPATH/tmp
- maildirmake --add SpamAssassin=/var/local/lib/spamd/Maildir \
+ maildirmake --add SpamAssassin=/afs/hcoop.net/user/s/sp/spamd/Maildir \
function subscribe_to_lists () {
# Subscribe user to our mailing lists.
function subscribe_to_lists () {
# Subscribe user to our mailing lists.
- echo $NEWUSER@hcoop.net | ssh -K deleuze sudo -u list \
+ echo $NEWUSER@hcoop.net | ssh -K minsky sudo -u list \
/var/lib/mailman/bin/add_members -r - hcoop-announce
}
/var/lib/mailman/bin/add_members -r - hcoop-announce
}
vos release old
# technically this might not be necessary, but for good measure...
vos release old
# technically this might not be necessary, but for good measure...
- vos syncserv fritz
- vos syncvldb fritz
+ local srv
+ for srv in gibran lovelace outpost; do
+ vos syncserv $srv
+ vos syncvldb $srv
+ done
# refresh volume location cache (takes ~2hrs otherwise)
execute_on_all_machines fs checkvolumes
# refresh volume location cache (takes ~2hrs otherwise)
execute_on_all_machines fs checkvolumes
function create_fcgi_wrapper () {
# note: might want to move this to domtool-adduser
function create_fcgi_wrapper () {
# note: might want to move this to domtool-adduser
- local wrapper="/afs/hcoop.net/common/httpd/fastcgi/${PATHBITS}/${NEWUSER}-wrapper-wrapper"
- mkdir -p /afs/hcoop.net/common/httpd/fastcgi/${PATHBITS}
+ local wrapper_dir="/afs/hcoop.net/common/etc/domtool/httpd/fastcgi/${PATHBITS}"
+ local wrapper="${wrapper_dir}/${NEWUSER}-wrapper-wrapper"
+ mkdir -p $wrapper_dir
cat > $wrapper <<EOF
#!/bin/bash
cat > $wrapper <<EOF
#!/bin/bash
-exec k5start -qtUf /etc/keytabs/user.daemon/${NEWUSER} -- $@
+exec k5start -qtUf /etc/keytabs/user.daemon/${NEWUSER} -- \$@
EOF
chmod +x $wrapper
chown $NEWUSER:nogroup $wrapper
EOF
chmod +x $wrapper
chown $NEWUSER:nogroup $wrapper
+ chown $NEWUSER:nogroup $wrapper_dir
-# Make a new mailing list. Run as user in sudoers on mccarthy.
+# Make a new mailing list. Run as user in sudoers on minsky.
#
# Usage: listnew LISTNAME LISTDOMAIN LISTURL USER INITIAL_PASSWORD
#
# Usage: listnew LISTNAME LISTDOMAIN LISTURL USER INITIAL_PASSWORD
# Warn threshold
our %threshold = ( user => 0.8, mail => 0.6, db => 0.4 );
# AFS servers with volumes
# Warn threshold
our %threshold = ( user => 0.8, mail => 0.6, db => 0.4 );
# AFS servers with volumes
-our @servers = qw/fritz gibran/;
+our @servers = qw/gibran/;
# Which volumes we want?
# (Your volumes need to be in format (TYPE).USERNAME, otherwise
# you will have to modify below where we take .USERNAME to mean
# Which volumes we want?
# (Your volumes need to be in format (TYPE).USERNAME, otherwise
# you will have to modify below where we take .USERNAME to mean