Clinton Ebadi [Sat, 15 Dec 2018 17:19:41 +0000 (12:19 -0500)]
create-user-database: new postgres dir, nuke 8.1, ensure permissions
Explicitly chmod dirs to avoid leaving them at 755.
Clinton Ebadi [Sat, 15 Dec 2018 17:19:07 +0000 (12:19 -0500)]
ca-install: support multiple webservers, update for new servers
Clinton Ebadi [Wed, 5 Dec 2018 04:59:24 +0000 (23:59 -0500)]
import hcoop-webalizer cron as script
Clinton Ebadi [Wed, 7 Nov 2018 16:31:36 +0000 (11:31 -0500)]
quotacheck: check volumes on gibran
Clinton Ebadi [Sat, 28 Jan 2017 22:26:10 +0000 (17:26 -0500)]
create-user: create fastcgi wrapper script
mod_fcgid is annoying and has no way to integrate with
mod_waklog. Generate wrapper scripts that grab tokens as a workaround.
clinton_admin [Thu, 22 Oct 2015 02:24:54 +0000 (22:24 -0400)]
hcoop-git-maint: speed up and avoid blocking forever if apache is slow
Previous `find' incantation was actually scanning all the way down
objects/ and refs/. Invert the regex and actually prune. The script
runs in a few seconds rather than a good minute or two now.
Also add a wget timeout so that an unresponsive apache doesn't block
the cron job forever. The cache page isn't really used any more
anyway.
clinton_admin [Tue, 12 May 2015 22:34:05 +0000 (18:34 -0400)]
deploy-domtool: add mccarthy.hcoop.net
clinton_admin [Sat, 25 Apr 2015 22:29:16 +0000 (18:29 -0400)]
mysql-grant-table-drop: quote database and table names
Tables with '-' in their name broke the script.
clinton_admin [Sat, 25 Apr 2015 22:28:35 +0000 (18:28 -0400)]
mysql-grant-drop: exclude `performance_schema' database, consilidate conditionals
clinton_admin [Tue, 24 Mar 2015 20:46:31 +0000 (16:46 -0400)]
hcoop-kprop: invert grep exit status to shut cron up
We want to eat the success message while allowing any error output to
be displayed, but we also want to return success.
clinton_admin [Tue, 24 Mar 2015 20:25:45 +0000 (16:25 -0400)]
apache-sync-logs: allow setting VERBOSE from the environment
Makes one-shot testing way less of a pain
clinton_admin [Tue, 24 Mar 2015 20:25:13 +0000 (16:25 -0400)]
ca-install: permissions were only fixed in combined pem case
Move chmod outside of the if so separate key/cert files are chmoded
instead.
Clinton Ebadi [Sat, 27 Dec 2014 23:39:37 +0000 (18:39 -0500)]
ca-install: use openssl instead of grepping for private key
The check was never reliable, do it the Right Way (tm) instead.
clinton_admin [Fri, 17 Oct 2014 17:25:36 +0000 (13:25 -0400)]
create-user: create ~/.domtool link as admin and chown
Some security update appears to have changed sudo behavior slightly and tokens are lost.
clinton_admin [Fri, 17 Oct 2014 17:24:15 +0000 (13:24 -0400)]
domtool: make -j2 because we finally have enough ram
May as well crank up all of the cpu power we have. Better than halves
deploy time!
clinton_admin [Fri, 17 Oct 2014 17:23:30 +0000 (13:23 -0400)]
domtool: deploy server and slave simultaneously on fritz
Was previously quietly failing during install because
/usr/local/bin/domtool-slave cannot be overwritten while it is
running.
clinton_admin [Tue, 29 Apr 2014 01:28:24 +0000 (21:28 -0400)]
Increase default quota from 400M to 4G
clinton_admin [Tue, 29 Apr 2014 01:27:36 +0000 (21:27 -0400)]
Domtool server moved to fritz
clinton_admin [Tue, 29 Apr 2014 01:27:16 +0000 (21:27 -0400)]
Remove non-existant db volume from quotadisplay
clinton_admin [Tue, 29 Apr 2014 01:26:57 +0000 (21:26 -0400)]
ca-install fixes
* Scan for correct string in key file
* Ensure no one but apache can read the pem on the webserver
* Reload apache after install so the user can actually use it
clinton_admin [Tue, 4 Mar 2014 07:47:04 +0000 (02:47 -0500)]
Grant webalizer read permissions to new user logs
clinton_admin [Sun, 18 Aug 2013 20:06:18 +0000 (16:06 -0400)]
Avoid deleting log files for removed vhosts
* Not entirely certain this is the best behavior, but seems sensible
so members don't accidentally lose their webalizer stats when
reconfiguring a domain
Clinton Ebadi [Tue, 23 Jul 2013 01:39:11 +0000 (21:39 -0400)]
new-user fixes
* Only use latest application password for new member apps, in case
someone applied and was not accepted using the same username previously
* Call `create-user-new' rather than `create-user'
Clinton Ebadi [Tue, 23 Jul 2013 01:37:46 +0000 (21:37 -0400)]
Update domtool library manual when installing server
Clinton Ebadi [Tue, 23 Jul 2013 01:36:39 +0000 (21:36 -0400)]
Remove mire from admin scripts
* `freeze' will now work with bog
* Install ssl certs to navajos
* Do not copy keytabs etc. to mire
* Do not deploy domtool-slave to mire
clinton_admin [Tue, 23 Jul 2013 01:20:06 +0000 (21:20 -0400)]
Silence apache-sync-logs
Clinton Ebadi [Sun, 14 Jul 2013 05:58:53 +0000 (01:58 -0400)]
Remove stale log files and speed up apache log sync
* Major speedup: The apache log directory was pointlessly being copied
for each user on each sync so that it could be chowned and
transferred. But there is no need: afs ignores the owner/group and
unix permissions and root can read the keytabs. Eliminating the
redundant copy sped the script by from ~9 minutes to ~2 minutes.
* Limit scope of each transfer to the per-host apache log
directory. This could result in less stat()ing, but more importantly
allows us to...
* Pass --delete to rsync to clean up stale log files. It turns out
that for a very long time we've just been leaving the uncompressed
logrotated apache logs behind, and never removing old log files. Fix
that.
Clinton Ebadi [Fri, 11 Jan 2013 08:06:18 +0000 (03:06 -0500)]
"Factored" create-user, and script to create shared service users
Converted create-user script into a set of procedures, grouped by
logical step in the user creation process. Things were regrouped only
as much as was needed to get `create-service-user' script for creating
principles for non-humans and `create-user` working with minimal
duplication. This still needs a lot of work (and destroy-user even
more).
Clinton Ebadi [Sun, 6 Jan 2013 08:57:23 +0000 (03:57 -0500)]
Scripts to deploy domtool across all hosts
These have existed for a while, but in my homedir. Builds domtool in
parallel across all hosts. Possible improvements include only building
one copy of domtool per machine architecture.
Clinton Ebadi [Sun, 6 Jan 2013 08:53:13 +0000 (03:53 -0500)]
Update create-user for new nodes
Extract keytabs, change names of a few functions to indicate their
intended functionality, clean up $PATHBITS permissions after creating
so that they aren't owned by whoever ran the script.
Clinton Ebadi [Sun, 6 Jan 2013 08:51:29 +0000 (03:51 -0500)]
Set initial user password from MemberApp in database
The portal password files are not being created for whatever reason,
and the data is there in the database so there's no real point not
using it anyway.
Clinton Ebadi [Sun, 6 Jan 2013 08:50:25 +0000 (03:50 -0500)]
Run remove from lists on deleuze
So that it actually works and all
clinton_admin [Thu, 20 Dec 2012 08:30:22 +0000 (03:30 -0500)]
Fix restoring shell on unfreeze when member did not have a shell preference
clinton_admin [Thu, 20 Dec 2012 08:29:55 +0000 (03:29 -0500)]
Move frozen database into afs, run on fritz
clinton_admin [Thu, 20 Dec 2012 08:29:17 +0000 (03:29 -0500)]
Sync keytabs to navajos
clinton_admin [Thu, 20 Dec 2012 08:26:46 +0000 (03:26 -0500)]
Create postgresql 9.1 tablespaces for users
clinton_admin [Thu, 20 Dec 2012 08:26:26 +0000 (03:26 -0500)]
Escape @ in mail address for quotacheck
* This caused an error on newer perl
clinton_admin [Thu, 20 Dec 2012 08:25:58 +0000 (03:25 -0500)]
Correct order of sudo in apache sync logs
* Modern sudo clears the environment, so we have to run k5start within sudo not outside
clinton_admin [Mon, 6 Aug 2012 17:50:27 +0000 (13:50 -0400)]
Work around portal storing passwords in local fs space on deleuze
* Really need to move these to afs
clinton_admin [Wed, 4 Jul 2012 02:37:17 +0000 (22:37 -0400)]
Update destroy-user
* Run on fritz
* Don't do anything with ldap since Clinton doesn't care about it,
and Davor isn't maintaining it.
clinton_admin [Sun, 25 Mar 2012 07:13:23 +0000 (03:13 -0400)]
Escape tablespace name when creating postgresql tablespace
* Previously, a name with a '-' would break things
* Usernames containing '"' are invalid anyway so we should be bulletproof
clinton_admin [Mon, 12 Dec 2011 19:52:55 +0000 (14:52 -0500)]
Make `new-user' half-work again
* (Non-Working) LDAP stuff disabled
* Run `create-user' on fritz
* Disable setting password (has to be done manually for now)
* Portal has to move to either storing passwords in afs or running on
fritz (or both)
Clinton Ebadi [Wed, 30 Nov 2011 05:44:27 +0000 (00:44 -0500)]
Don't create LDAP entries for new users
* LDAP does not work on fritz.
* I have no interest in making LDAP work on fritz.
Clinton Ebadi [Wed, 30 Nov 2011 05:42:56 +0000 (00:42 -0500)]
Update `create-user' to operate on fritz properly
* It /appeared/ to succeed before for `mb0' but actually failed to do
things like create his homedir so...
* Tweak to where things work, there is still some needless reliance
upon deleuze unfortunately
clinton_admin [Wed, 19 Oct 2011 05:19:40 +0000 (01:19 -0400)]
Only propagate kerberos db to hopper
* fritz is now the master
* deleuze's KDC is too old (dump format 5 vs 6) to load dumps from fritz's kdc, disable
clinton_admin [Fri, 11 Mar 2011 00:42:18 +0000 (19:42 -0500)]
create-user: Database creation fixes
* Invoke `create-user-database' as root
* Do not attempt to create directories or tablespaces if they already
exist
clinton_admin [Fri, 11 Mar 2011 00:41:41 +0000 (19:41 -0500)]
create-user: Sync keytabs to fritz
clinton_admin [Sat, 26 Feb 2011 06:15:26 +0000 (01:15 -0500)]
BCC: admins@hcoop.net instead of just admins in quotacheck
clinton_admin [Sat, 26 Feb 2011 05:01:24 +0000 (00:01 -0500)]
...and pass the new db arguments to the commands to actually dump things
clinton_admin [Sat, 26 Feb 2011 04:39:40 +0000 (23:39 -0500)]
Remove obsolete database volume information from quotacheck email
Clinton Ebadi [Sat, 26 Feb 2011 04:21:28 +0000 (23:21 -0500)]
Update database backup script to connect to fritz
* Mysql has to use a special my.cnf stored in /root
Clinton Ebadi [Sat, 26 Feb 2011 04:10:15 +0000 (23:10 -0500)]
BCC admins@ instead of docelic@ in quota check
Clinton Ebadi [Sat, 26 Feb 2011 04:10:01 +0000 (23:10 -0500)]
Check quotas on fritz instead of deleuze
* Remove $USER.db volume check
Clinton Ebadi [Sat, 26 Feb 2011 04:08:28 +0000 (23:08 -0500)]
You need domtool-admin rights to destroy a user
* Otherwise very bad things happen very quickly
Clinton Ebadi [Sat, 26 Feb 2011 04:08:06 +0000 (23:08 -0500)]
Typo fix in create-user
Clinton Ebadi [Sat, 26 Feb 2011 04:07:55 +0000 (23:07 -0500)]
Explicitly forward kerberos tokens in create-user
Clinton Ebadi [Wed, 23 Feb 2011 12:51:08 +0000 (07:51 -0500)]
Call `create-user-database' with $USER and not $PATHBITS
Clinton Ebadi [Mon, 21 Feb 2011 11:53:50 +0000 (06:53 -0500)]
Set +x on create-user-database script
Clinton Ebadi [Mon, 21 Feb 2011 11:51:32 +0000 (06:51 -0500)]
Create user volumes on fritz instead of deleuze
Clinton Ebadi [Mon, 21 Feb 2011 11:50:40 +0000 (06:50 -0500)]
Create database tablespace stubs on fritz
Clinton Ebadi [Mon, 21 Feb 2011 10:29:36 +0000 (05:29 -0500)]
Sync changes in current working tree
Richard Darst [Mon, 29 Mar 2010 01:57:03 +0000 (21:57 -0400)]
hcoop-kprop: update for fritz
(not acutually done by me)
Richard Darst [Mon, 29 Mar 2010 01:42:43 +0000 (21:42 -0400)]
hcoop-backup{,-wrapper}: temporarily disable backups
mwolson_admin [Sat, 4 Apr 2009 19:30:41 +0000 (15:30 -0400)]
hcoop-git-maint: Send output to /dev/null.
mwolson_admin [Sat, 4 Apr 2009 19:24:07 +0000 (15:24 -0400)]
New stuff.
mwolson_admin [Sat, 4 Apr 2009 19:23:50 +0000 (15:23 -0400)]
Various improvements.
mwolson_admin [Wed, 1 Apr 2009 04:07:40 +0000 (00:07 -0400)]
hcoop-git-maint: Improve detection of bad permissions.
- Fix bug where bogus symlink loop would be created.
- Iterate through /var/cache/git on the second run, not everyone's
homedir regardless of whether they're using git.
- Check AFS permissions at a deeper level. Skip object and refs
directories because they might take a while.
mwolson_admin [Tue, 24 Feb 2009 05:10:35 +0000 (00:10 -0500)]
create-user: Only change public_html acls if dir does not exist.
mwolson_admin [Sun, 8 Feb 2009 15:55:40 +0000 (10:55 -0500)]
hcoop-backup: Ignore ghc's autogenerated conf files.
mwolson_admin [Sun, 8 Feb 2009 15:52:31 +0000 (10:52 -0500)]
Changes by docelic.
mwolson_admin [Mon, 24 Nov 2008 04:11:16 +0000 (23:11 -0500)]
Make several scripts STFU.
mwolson_admin [Tue, 11 Nov 2008 03:41:09 +0000 (22:41 -0500)]
backup-manager: Add help command.
mwolson_admin [Tue, 11 Nov 2008 03:24:50 +0000 (22:24 -0500)]
Initial version of backup-manager.
mwolson_admin [Fri, 17 Oct 2008 04:43:59 +0000 (00:43 -0400)]
hcoop-git-maint: Quick hack to deal with bad user permissions.
mwolson_admin [Thu, 16 Oct 2008 15:30:05 +0000 (11:30 -0400)]
Misc create-user fixes from docelic.
mwolson_admin [Wed, 17 Sep 2008 04:20:12 +0000 (00:20 -0400)]
hcoop-git-maint: Only update page if new content is nonempty.
mwolson_admin [Mon, 8 Sep 2008 21:15:27 +0000 (17:15 -0400)]
hcoop-backup: More permissions twiddling.
mwolson_admin [Thu, 4 Sep 2008 02:38:03 +0000 (22:38 -0400)]
hcoop-backups: Further tweak permissions.
mwolson_admin [Wed, 3 Sep 2008 08:09:52 +0000 (04:09 -0400)]
hcoop-backup: Be sure that only root can read in-progress backups.
mwolson_admin [Wed, 3 Sep 2008 08:04:06 +0000 (04:04 -0400)]
rsync-shell: Enforce bandwidth limit of 325 KB/s.
mwolson_admin [Wed, 3 Sep 2008 07:55:11 +0000 (03:55 -0400)]
Initial implementation of rsync-shell functionality.
mwolson_admin [Wed, 3 Sep 2008 07:54:13 +0000 (03:54 -0400)]
hcoop-backup: Directory itself must be owner-writable.
Otherwise it can't be deleted.
mwolson_admin [Tue, 2 Sep 2008 14:39:39 +0000 (10:39 -0400)]
hcoop-backup: Update file permissions after run.
mwolson_admin [Tue, 2 Sep 2008 02:18:35 +0000 (22:18 -0400)]
hcoop-backup: Move logging to backup-wrapper, use UTC date.
mwolson_admin [Tue, 2 Sep 2008 02:15:24 +0000 (22:15 -0400)]
hcoop-backup: Update log location.
mwolson_admin [Tue, 2 Sep 2008 02:12:07 +0000 (22:12 -0400)]
Initial attempt at rsync.net backup solution.
mwolson_admin [Tue, 2 Sep 2008 01:36:50 +0000 (21:36 -0400)]
Change by someone else.
mwolson_admin [Thu, 28 Aug 2008 02:53:25 +0000 (22:53 -0400)]
import-list: Recreate exim mailmandb if domain changed.
mwolson_admin [Thu, 28 Aug 2008 02:50:45 +0000 (22:50 -0400)]
import-list: Add --domain option, check for root user.
mwolson_admin [Thu, 28 Aug 2008 02:36:40 +0000 (22:36 -0400)]
Initial version of import list script.
mwolson_admin [Thu, 28 Aug 2008 02:35:23 +0000 (22:35 -0400)]
Miscellaneous accumulated scripts that were never checked in before.
mwolson_admin [Thu, 28 Aug 2008 02:33:54 +0000 (22:33 -0400)]
Update of member freeze logic from docelic.
mwolson_admin [Thu, 28 Aug 2008 02:32:19 +0000 (22:32 -0400)]
Remove S3 stuff.
mwolson_admin [Thu, 17 Jul 2008 14:53:55 +0000 (10:53 -0400)]
Add freeze, frozen_shell, hcoop-kprop.
mwolson_admin [Thu, 17 Jul 2008 14:53:32 +0000 (10:53 -0400)]
s3: Wait longer after failure, pick up any failed pieces later.
mwolson_admin [Mon, 30 Jun 2008 18:51:12 +0000 (14:51 -0400)]
s3: Use better retry logic.
mwolson_admin [Fri, 27 Jun 2008 14:35:13 +0000 (10:35 -0400)]
hcoop-backup: Don't complain about /opt directory.
mwolson_admin [Fri, 27 Jun 2008 14:32:55 +0000 (10:32 -0400)]
hcoop-backup: On second thought, put -e back on bash subprocess.
But ignore any errors that it produces, so that we have a better chance
of getting to the last database dump. The first backup run did not get
to that point, for some reason.
mwolson_admin [Fri, 27 Jun 2008 14:28:43 +0000 (10:28 -0400)]
hcoop-backup: Clean up messages, remove -e on bash subprocess.
mwolson_admin [Fri, 27 Jun 2008 14:21:39 +0000 (10:21 -0400)]
hcoop-backup: Put temp output in hcoop-backup, not hcoop-backup-testing.