clinton_admin [Tue, 29 Apr 2014 01:28:24 +0000 (21:28 -0400)]
Increase default quota from 400M to 4G
clinton_admin [Tue, 29 Apr 2014 01:27:36 +0000 (21:27 -0400)]
Domtool server moved to fritz
clinton_admin [Tue, 29 Apr 2014 01:27:16 +0000 (21:27 -0400)]
Remove non-existant db volume from quotadisplay
clinton_admin [Tue, 29 Apr 2014 01:26:57 +0000 (21:26 -0400)]
ca-install fixes
* Scan for correct string in key file
* Ensure no one but apache can read the pem on the webserver
* Reload apache after install so the user can actually use it
clinton_admin [Tue, 4 Mar 2014 07:47:04 +0000 (02:47 -0500)]
Grant webalizer read permissions to new user logs
clinton_admin [Sun, 18 Aug 2013 20:06:18 +0000 (16:06 -0400)]
Avoid deleting log files for removed vhosts
* Not entirely certain this is the best behavior, but seems sensible
so members don't accidentally lose their webalizer stats when
reconfiguring a domain
Clinton Ebadi [Tue, 23 Jul 2013 01:39:11 +0000 (21:39 -0400)]
new-user fixes
* Only use latest application password for new member apps, in case
someone applied and was not accepted using the same username previously
* Call `create-user-new' rather than `create-user'
Clinton Ebadi [Tue, 23 Jul 2013 01:37:46 +0000 (21:37 -0400)]
Update domtool library manual when installing server
Clinton Ebadi [Tue, 23 Jul 2013 01:36:39 +0000 (21:36 -0400)]
Remove mire from admin scripts
* `freeze' will now work with bog
* Install ssl certs to navajos
* Do not copy keytabs etc. to mire
* Do not deploy domtool-slave to mire
clinton_admin [Tue, 23 Jul 2013 01:20:06 +0000 (21:20 -0400)]
Silence apache-sync-logs
Clinton Ebadi [Sun, 14 Jul 2013 05:58:53 +0000 (01:58 -0400)]
Remove stale log files and speed up apache log sync
* Major speedup: The apache log directory was pointlessly being copied
for each user on each sync so that it could be chowned and
transferred. But there is no need: afs ignores the owner/group and
unix permissions and root can read the keytabs. Eliminating the
redundant copy sped the script by from ~9 minutes to ~2 minutes.
* Limit scope of each transfer to the per-host apache log
directory. This could result in less stat()ing, but more importantly
allows us to...
* Pass --delete to rsync to clean up stale log files. It turns out
that for a very long time we've just been leaving the uncompressed
logrotated apache logs behind, and never removing old log files. Fix
that.
Clinton Ebadi [Fri, 11 Jan 2013 08:06:18 +0000 (03:06 -0500)]
"Factored" create-user, and script to create shared service users
Converted create-user script into a set of procedures, grouped by
logical step in the user creation process. Things were regrouped only
as much as was needed to get `create-service-user' script for creating
principles for non-humans and `create-user` working with minimal
duplication. This still needs a lot of work (and destroy-user even
more).
Clinton Ebadi [Sun, 6 Jan 2013 08:57:23 +0000 (03:57 -0500)]
Scripts to deploy domtool across all hosts
These have existed for a while, but in my homedir. Builds domtool in
parallel across all hosts. Possible improvements include only building
one copy of domtool per machine architecture.
Clinton Ebadi [Sun, 6 Jan 2013 08:53:13 +0000 (03:53 -0500)]
Update create-user for new nodes
Extract keytabs, change names of a few functions to indicate their
intended functionality, clean up $PATHBITS permissions after creating
so that they aren't owned by whoever ran the script.
Clinton Ebadi [Sun, 6 Jan 2013 08:51:29 +0000 (03:51 -0500)]
Set initial user password from MemberApp in database
The portal password files are not being created for whatever reason,
and the data is there in the database so there's no real point not
using it anyway.
Clinton Ebadi [Sun, 6 Jan 2013 08:50:25 +0000 (03:50 -0500)]
Run remove from lists on deleuze
So that it actually works and all
clinton_admin [Thu, 20 Dec 2012 08:30:22 +0000 (03:30 -0500)]
Fix restoring shell on unfreeze when member did not have a shell preference
clinton_admin [Thu, 20 Dec 2012 08:29:55 +0000 (03:29 -0500)]
Move frozen database into afs, run on fritz
clinton_admin [Thu, 20 Dec 2012 08:29:17 +0000 (03:29 -0500)]
Sync keytabs to navajos
clinton_admin [Thu, 20 Dec 2012 08:26:46 +0000 (03:26 -0500)]
Create postgresql 9.1 tablespaces for users
clinton_admin [Thu, 20 Dec 2012 08:26:26 +0000 (03:26 -0500)]
Escape @ in mail address for quotacheck
* This caused an error on newer perl
clinton_admin [Thu, 20 Dec 2012 08:25:58 +0000 (03:25 -0500)]
Correct order of sudo in apache sync logs
* Modern sudo clears the environment, so we have to run k5start within sudo not outside
clinton_admin [Mon, 6 Aug 2012 17:50:27 +0000 (13:50 -0400)]
Work around portal storing passwords in local fs space on deleuze
* Really need to move these to afs
clinton_admin [Wed, 4 Jul 2012 02:37:17 +0000 (22:37 -0400)]
Update destroy-user
* Run on fritz
* Don't do anything with ldap since Clinton doesn't care about it,
and Davor isn't maintaining it.
clinton_admin [Sun, 25 Mar 2012 07:13:23 +0000 (03:13 -0400)]
Escape tablespace name when creating postgresql tablespace
* Previously, a name with a '-' would break things
* Usernames containing '"' are invalid anyway so we should be bulletproof
clinton_admin [Mon, 12 Dec 2011 19:52:55 +0000 (14:52 -0500)]
Make `new-user' half-work again
* (Non-Working) LDAP stuff disabled
* Run `create-user' on fritz
* Disable setting password (has to be done manually for now)
* Portal has to move to either storing passwords in afs or running on
fritz (or both)
Clinton Ebadi [Wed, 30 Nov 2011 05:44:27 +0000 (00:44 -0500)]
Don't create LDAP entries for new users
* LDAP does not work on fritz.
* I have no interest in making LDAP work on fritz.
Clinton Ebadi [Wed, 30 Nov 2011 05:42:56 +0000 (00:42 -0500)]
Update `create-user' to operate on fritz properly
* It /appeared/ to succeed before for `mb0' but actually failed to do
things like create his homedir so...
* Tweak to where things work, there is still some needless reliance
upon deleuze unfortunately
clinton_admin [Wed, 19 Oct 2011 05:19:40 +0000 (01:19 -0400)]
Only propagate kerberos db to hopper
* fritz is now the master
* deleuze's KDC is too old (dump format 5 vs 6) to load dumps from fritz's kdc, disable
clinton_admin [Fri, 11 Mar 2011 00:42:18 +0000 (19:42 -0500)]
create-user: Database creation fixes
* Invoke `create-user-database' as root
* Do not attempt to create directories or tablespaces if they already
exist
clinton_admin [Fri, 11 Mar 2011 00:41:41 +0000 (19:41 -0500)]
create-user: Sync keytabs to fritz
clinton_admin [Sat, 26 Feb 2011 06:15:26 +0000 (01:15 -0500)]
BCC: admins@hcoop.net instead of just admins in quotacheck
clinton_admin [Sat, 26 Feb 2011 05:01:24 +0000 (00:01 -0500)]
...and pass the new db arguments to the commands to actually dump things
clinton_admin [Sat, 26 Feb 2011 04:39:40 +0000 (23:39 -0500)]
Remove obsolete database volume information from quotacheck email
Clinton Ebadi [Sat, 26 Feb 2011 04:21:28 +0000 (23:21 -0500)]
Update database backup script to connect to fritz
* Mysql has to use a special my.cnf stored in /root
Clinton Ebadi [Sat, 26 Feb 2011 04:10:15 +0000 (23:10 -0500)]
BCC admins@ instead of docelic@ in quota check
Clinton Ebadi [Sat, 26 Feb 2011 04:10:01 +0000 (23:10 -0500)]
Check quotas on fritz instead of deleuze
* Remove $USER.db volume check
Clinton Ebadi [Sat, 26 Feb 2011 04:08:28 +0000 (23:08 -0500)]
You need domtool-admin rights to destroy a user
* Otherwise very bad things happen very quickly
Clinton Ebadi [Sat, 26 Feb 2011 04:08:06 +0000 (23:08 -0500)]
Typo fix in create-user
Clinton Ebadi [Sat, 26 Feb 2011 04:07:55 +0000 (23:07 -0500)]
Explicitly forward kerberos tokens in create-user
Clinton Ebadi [Wed, 23 Feb 2011 12:51:08 +0000 (07:51 -0500)]
Call `create-user-database' with $USER and not $PATHBITS
Clinton Ebadi [Mon, 21 Feb 2011 11:53:50 +0000 (06:53 -0500)]
Set +x on create-user-database script
Clinton Ebadi [Mon, 21 Feb 2011 11:51:32 +0000 (06:51 -0500)]
Create user volumes on fritz instead of deleuze
Clinton Ebadi [Mon, 21 Feb 2011 11:50:40 +0000 (06:50 -0500)]
Create database tablespace stubs on fritz
Clinton Ebadi [Mon, 21 Feb 2011 10:29:36 +0000 (05:29 -0500)]
Sync changes in current working tree
Richard Darst [Mon, 29 Mar 2010 01:57:03 +0000 (21:57 -0400)]
hcoop-kprop: update for fritz
(not acutually done by me)
Richard Darst [Mon, 29 Mar 2010 01:42:43 +0000 (21:42 -0400)]
hcoop-backup{,-wrapper}: temporarily disable backups
mwolson_admin [Sat, 4 Apr 2009 19:30:41 +0000 (15:30 -0400)]
hcoop-git-maint: Send output to /dev/null.
mwolson_admin [Sat, 4 Apr 2009 19:24:07 +0000 (15:24 -0400)]
New stuff.
mwolson_admin [Sat, 4 Apr 2009 19:23:50 +0000 (15:23 -0400)]
Various improvements.
mwolson_admin [Wed, 1 Apr 2009 04:07:40 +0000 (00:07 -0400)]
hcoop-git-maint: Improve detection of bad permissions.
- Fix bug where bogus symlink loop would be created.
- Iterate through /var/cache/git on the second run, not everyone's
homedir regardless of whether they're using git.
- Check AFS permissions at a deeper level. Skip object and refs
directories because they might take a while.
mwolson_admin [Tue, 24 Feb 2009 05:10:35 +0000 (00:10 -0500)]
create-user: Only change public_html acls if dir does not exist.
mwolson_admin [Sun, 8 Feb 2009 15:55:40 +0000 (10:55 -0500)]
hcoop-backup: Ignore ghc's autogenerated conf files.
mwolson_admin [Sun, 8 Feb 2009 15:52:31 +0000 (10:52 -0500)]
Changes by docelic.
mwolson_admin [Mon, 24 Nov 2008 04:11:16 +0000 (23:11 -0500)]
Make several scripts STFU.
mwolson_admin [Tue, 11 Nov 2008 03:41:09 +0000 (22:41 -0500)]
backup-manager: Add help command.
mwolson_admin [Tue, 11 Nov 2008 03:24:50 +0000 (22:24 -0500)]
Initial version of backup-manager.
mwolson_admin [Fri, 17 Oct 2008 04:43:59 +0000 (00:43 -0400)]
hcoop-git-maint: Quick hack to deal with bad user permissions.
mwolson_admin [Thu, 16 Oct 2008 15:30:05 +0000 (11:30 -0400)]
Misc create-user fixes from docelic.
mwolson_admin [Wed, 17 Sep 2008 04:20:12 +0000 (00:20 -0400)]
hcoop-git-maint: Only update page if new content is nonempty.
mwolson_admin [Mon, 8 Sep 2008 21:15:27 +0000 (17:15 -0400)]
hcoop-backup: More permissions twiddling.
mwolson_admin [Thu, 4 Sep 2008 02:38:03 +0000 (22:38 -0400)]
hcoop-backups: Further tweak permissions.
mwolson_admin [Wed, 3 Sep 2008 08:09:52 +0000 (04:09 -0400)]
hcoop-backup: Be sure that only root can read in-progress backups.
mwolson_admin [Wed, 3 Sep 2008 08:04:06 +0000 (04:04 -0400)]
rsync-shell: Enforce bandwidth limit of 325 KB/s.
mwolson_admin [Wed, 3 Sep 2008 07:55:11 +0000 (03:55 -0400)]
Initial implementation of rsync-shell functionality.
mwolson_admin [Wed, 3 Sep 2008 07:54:13 +0000 (03:54 -0400)]
hcoop-backup: Directory itself must be owner-writable.
Otherwise it can't be deleted.
mwolson_admin [Tue, 2 Sep 2008 14:39:39 +0000 (10:39 -0400)]
hcoop-backup: Update file permissions after run.
mwolson_admin [Tue, 2 Sep 2008 02:18:35 +0000 (22:18 -0400)]
hcoop-backup: Move logging to backup-wrapper, use UTC date.
mwolson_admin [Tue, 2 Sep 2008 02:15:24 +0000 (22:15 -0400)]
hcoop-backup: Update log location.
mwolson_admin [Tue, 2 Sep 2008 02:12:07 +0000 (22:12 -0400)]
Initial attempt at rsync.net backup solution.
mwolson_admin [Tue, 2 Sep 2008 01:36:50 +0000 (21:36 -0400)]
Change by someone else.
mwolson_admin [Thu, 28 Aug 2008 02:53:25 +0000 (22:53 -0400)]
import-list: Recreate exim mailmandb if domain changed.
mwolson_admin [Thu, 28 Aug 2008 02:50:45 +0000 (22:50 -0400)]
import-list: Add --domain option, check for root user.
mwolson_admin [Thu, 28 Aug 2008 02:36:40 +0000 (22:36 -0400)]
Initial version of import list script.
mwolson_admin [Thu, 28 Aug 2008 02:35:23 +0000 (22:35 -0400)]
Miscellaneous accumulated scripts that were never checked in before.
mwolson_admin [Thu, 28 Aug 2008 02:33:54 +0000 (22:33 -0400)]
Update of member freeze logic from docelic.
mwolson_admin [Thu, 28 Aug 2008 02:32:19 +0000 (22:32 -0400)]
Remove S3 stuff.
mwolson_admin [Thu, 17 Jul 2008 14:53:55 +0000 (10:53 -0400)]
Add freeze, frozen_shell, hcoop-kprop.
mwolson_admin [Thu, 17 Jul 2008 14:53:32 +0000 (10:53 -0400)]
s3: Wait longer after failure, pick up any failed pieces later.
mwolson_admin [Mon, 30 Jun 2008 18:51:12 +0000 (14:51 -0400)]
s3: Use better retry logic.
mwolson_admin [Fri, 27 Jun 2008 14:35:13 +0000 (10:35 -0400)]
hcoop-backup: Don't complain about /opt directory.
mwolson_admin [Fri, 27 Jun 2008 14:32:55 +0000 (10:32 -0400)]
hcoop-backup: On second thought, put -e back on bash subprocess.
But ignore any errors that it produces, so that we have a better chance
of getting to the last database dump. The first backup run did not get
to that point, for some reason.
mwolson_admin [Fri, 27 Jun 2008 14:28:43 +0000 (10:28 -0400)]
hcoop-backup: Clean up messages, remove -e on bash subprocess.
mwolson_admin [Fri, 27 Jun 2008 14:21:39 +0000 (10:21 -0400)]
hcoop-backup: Put temp output in hcoop-backup, not hcoop-backup-testing.
mwolson_admin [Fri, 27 Jun 2008 14:10:36 +0000 (10:10 -0400)]
s3: Display additional messages, sleep before retrying.
mwolson_admin [Wed, 25 Jun 2008 22:42:16 +0000 (18:42 -0400)]
hcoop-backup: Try to make xargs die if an error occurred.
mwolson_admin [Wed, 25 Jun 2008 22:37:28 +0000 (18:37 -0400)]
s3: Try 3 times on a file before giving up.
mwolson_admin [Wed, 25 Jun 2008 21:44:40 +0000 (17:44 -0400)]
s3: Parameterize curl command.
mwolson_admin [Wed, 25 Jun 2008 16:25:53 +0000 (12:25 -0400)]
s3.common: Get rid of third argument to move_over.
mwolson_admin [Wed, 25 Jun 2008 08:15:45 +0000 (04:15 -0400)]
hcoop-backup: Keep track of date.
- Also, locase the local variable names.
mwolson_admin [Wed, 25 Jun 2008 08:01:39 +0000 (04:01 -0400)]
hcoop-backup: Take file from stdin and split it.
This avoids taking up double-space for each backed up file in the
temporary area.
mwolson_admin [Wed, 25 Jun 2008 07:11:13 +0000 (03:11 -0400)]
More backup script revamp.
- Split common s3-specific functions into s3.comon.
- Make new simple script s3-move to move a single file over to S3.
- Replace uses of copy_over with $MOVE_OVER.
- Replace one use of catsync in an xargs command to use $MOVE_OVER
instead.
mwolson_admin [Wed, 25 Jun 2008 06:36:24 +0000 (02:36 -0400)]
hcoop-backup: Fix typo in comment.
mwolson_admin [Wed, 25 Jun 2008 06:35:55 +0000 (02:35 -0400)]
hcoop-backup: More work.
- Split files at ~5GB before transferring, due to Amazon S3 limitations.
- Make s3_cmd easier to use.
- Temporarily comment out backup pruning.
mwolson_admin [Wed, 25 Jun 2008 04:59:34 +0000 (00:59 -0400)]
s3: Fix typos.
mwolson_admin [Wed, 25 Jun 2008 04:41:24 +0000 (00:41 -0400)]
hcoop-backup: Implement copy_over.
mwolson_admin [Wed, 25 Jun 2008 04:25:54 +0000 (00:25 -0400)]
s3: Implement bandwidth limit.
mwolson_admin [Wed, 25 Jun 2008 04:08:00 +0000 (00:08 -0400)]
s3: Make location of hmac script a constant.
mwolson_admin [Mon, 23 Jun 2008 04:45:47 +0000 (00:45 -0400)]
Rampantly initial checkin of progress on backup scripts.
mwolson_admin [Mon, 23 Jun 2008 04:40:28 +0000 (00:40 -0400)]
Initial version of other 3rd-party s3 bash script.