From 6d76f213ad5eb330ae20be4ace45ab27ff6e4268 Mon Sep 17 00:00:00 2001 From: Clinton Ebadi Date: Sat, 15 Dec 2018 12:37:24 -0500 Subject: [PATCH] create-user: update for new servers remove old servers, add new servers. --- ca-install | 2 +- create-service-user | 6 +++--- create-user-new | 4 ++-- destroy-user | 6 +++--- freeze | 6 +++--- lib/create-user-lib.sh | 49 ++++++++++++++++++++++-------------------- listnew | 2 +- quotacheck | 2 +- 8 files changed, 40 insertions(+), 37 deletions(-) diff --git a/ca-install b/ca-install index 60419ea..416cc0d 100755 --- a/ca-install +++ b/ca-install @@ -58,7 +58,7 @@ function verify_cert () { # Make sure we run this from an admin host... if test "$(hostname -s)" != "gibran"; then - echo "Error: This script must be run from fritz." + echo "Error: This script must be run from gibran." exit 1 fi diff --git a/create-service-user b/create-service-user index 83bdb1d..ef46669 100755 --- a/create-service-user +++ b/create-service-user @@ -3,13 +3,13 @@ # create a shared service user, that is not able to use mod_waklog. # MUST be executed: -# - on fritz +# - on gibran # - as a user with an /etc/sudoers line # - member of "wheel" unix group on deleuze (FIXME: TRUE?) # - while holding tickets for a user who can 'ssh -K' to all nodes # - while holding tokens for a user who is: # - a member of system:administrator -# - listed in 'bos listusers fritz' +# - listed in 'bos listusers gibran' # - and who has been set up with Domtool admin privileges by: # - running 'domtool-adduser $USER' while holding AFS admin tokens as # someone who is already a Domtool admin @@ -38,4 +38,4 @@ create_pts_user create_home_volume -ensure_afs_servers_synced \ No newline at end of file +ensure_afs_servers_synced diff --git a/create-user-new b/create-user-new index 20f647d..0d83f2d 100755 --- a/create-user-new +++ b/create-user-new @@ -1,13 +1,13 @@ #!/bin/bash -ex # MUST be executed: -# - on fritz +# - on gibran # - as a user with an /etc/sudoers line # - member of "wheel" unix group on deleuze (FIXME: TRUE?) # - while holding tickets for a user who can 'ssh -K' to all nodes # - while holding tokens for a user who is: # - a member of system:administrator -# - listed in 'bos listusers fritz' +# - listed in 'bos listusers gibran' # - and who has been set up with Domtool admin privileges by: # - running 'domtool-adduser $USER' while holding AFS admin tokens as # someone who is already a Domtool admin diff --git a/destroy-user b/destroy-user index 1879ec1..899917f 100755 --- a/destroy-user +++ b/destroy-user @@ -88,11 +88,11 @@ pts delete $USER.daemon #fs rm /afs/hcoop.net/old/mail/$PATHBITS #fs rm /afs/hcoop.net/old/logs/$PATHBITS -vos syncserv fritz -vos syncvldb fritz +vos syncserv gibran +vos syncvldb gibran fs checkvolumes # Remove user from all of our mailing lists -echo $USER@hcoop.net | ssh -K mccarthy sudo -u list \ +echo $USER@hcoop.net | ssh -K minsky sudo -u list \ /var/lib/mailman/bin/remove_members --fromall -f - diff --git a/freeze b/freeze index 65e1f37..bfe9ed3 100755 --- a/freeze +++ b/freeze @@ -3,7 +3,7 @@ # # Purpose: freeze user (cancel user services except email), or unfreeze user. # -# Usage (RUN AS _ADMIN USER ON FRITZ WITHOUT SUDO ... but it shouldn't matter where you run it): +# Usage (RUN AS _ADMIN USER ON GIBRAN WITHOUT SUDO ... but it shouldn't matter where you run it): # # Display frozen users or details for one user (one user implies -verbose): # freeze [user], OR @@ -97,8 +97,8 @@ use constant DRY => 0; use constant STORE => "/afs/hcoop.net/common/etc/frozen/cache"; use constant DEFAULT_SHELL => '/bin/bash'; use constant FROZEN_SHELL => '/afs/hcoop.net/common/etc/scripts/frozen_shell'; -use constant PUBLIC_ACCESS => (qw/bog/); -use constant RUN_SERVER => 'fritz'; +use constant PUBLIC_ACCESS => (qw/marsh/); +use constant RUN_SERVER => 'gibran'; my $store = {}; # cached info my $action = 'list'; # list, freeze, unfreeze diff --git a/lib/create-user-lib.sh b/lib/create-user-lib.sh index a65b490..716d0da 100644 --- a/lib/create-user-lib.sh +++ b/lib/create-user-lib.sh @@ -35,21 +35,20 @@ MAILPATH=/afs/hcoop.net/common/email/$PATHBITS # function execute_on_web_nodes () { - ssh -K deleuze $* - ssh -K navajos $* + ssh -K shelob.hcoop.net $* } function execute_on_domtool_server () { - ssh -K fritz.hcoop.net $* + ssh -K gibran.hcoop.net $* } function execute_on_all_machines () { $* - ssh -K hopper.hcoop.net $* - ssh -K deleuze.hcoop.net $* - ssh -K navajos.hcoop.net $* - ssh -K bog.hcoop.net $* + ssh -K marsh.hcoop.net $* + ssh -K minsky.hcoop.net $* + ssh -K shelob.hcoop.net $* + ssh -K outpost.hcoop.net $* } # @@ -99,18 +98,17 @@ function export_user_keytabs () { sudo chmod 440 /etc/keytabs/user.daemon/$NEWUSER # rsync keytabs + # only needed on nodes that will run code on behalf of members + # fixme: duplicates all server list (cd /etc/keytabs sudo tar clpf - user.daemon/$NEWUSER | \ - ssh hopper.hcoop.net cd /etc/keytabs\; sudo tar xlpf -) + ssh marsh.hcoop.net cd /etc/keytabs\; sudo tar xlpf -) (cd /etc/keytabs sudo tar clpf - user.daemon/$NEWUSER | \ - ssh deleuze.hcoop.net cd /etc/keytabs\; sudo tar xlpf -) + ssh minsky.hcoop.net cd /etc/keytabs\; sudo tar xlpf -) (cd /etc/keytabs sudo tar clpf - user.daemon/$NEWUSER | \ - ssh navajos.hcoop.net cd /etc/keytabs\; sudo tar xlpf -) - (cd /etc/keytabs - sudo tar clpf - user.daemon/$NEWUSER | \ - ssh bog.hcoop.net cd /etc/keytabs\; sudo tar xlpf -) + ssh shelob.hcoop.net cd /etc/keytabs\; sudo tar xlpf -) } @@ -128,7 +126,7 @@ function create_home_volume () { vos rename user.$NEWUSER.d user.$NEWUSER fi vos examine user.$NEWUSER 2>/dev/null || \ - vos create fritz.hcoop.net /vicepa user.$NEWUSER -maxquota 4000000 + vos create gibran.hcoop.net /vicepa user.$NEWUSER -maxquota 4000000 mkdir -p `dirname $HOMEPATH` fs ls $HOMEPATH || test -L $HOMEPATH || fs mkm $HOMEPATH user.$NEWUSER @@ -153,7 +151,7 @@ function create_mail_volume () { vos rename mail.$NEWUSER.d mail.$NEWUSER fi vos examine mail.$NEWUSER 2>/dev/null || \ - vos create fritz.hcoop.net /vicepa mail.$NEWUSER -maxquota 4000000 + vos create gibran.hcoop.net /vicepa mail.$NEWUSER -maxquota 4000000 mkdir -p `dirname $MAILPATH` fs ls $MAILPATH || fs mkm $MAILPATH mail.$NEWUSER @@ -170,7 +168,7 @@ function create_mail_volume () { "\n on our website."| \ mail -s "Welcome to your HCoop email store" \ -e -a "From: postmaster@hcoop.net" \ - real-$NEWUSER + real-$NEWUSER@hcoop.net fi chown $NEWUSER:nogroup $MAILPATH/cur $MAILPATH/new $MAILPATH/tmp @@ -188,7 +186,7 @@ function create_mail_volume () { $file fi else - maildirmake --add SpamAssassin=/var/local/lib/spamd/Maildir \ + maildirmake --add SpamAssassin=/afs/hcoop.net/user/s/sp/spamd/Maildir \ $HOMEPATH/Maildir fi @@ -276,7 +274,7 @@ function enable_domtool () { function subscribe_to_lists () { # Subscribe user to our mailing lists. - echo $NEWUSER@hcoop.net | ssh -K deleuze sudo -u list \ + echo $NEWUSER@hcoop.net | ssh -K minsky sudo -u list \ /var/lib/mailman/bin/add_members -r - hcoop-announce } @@ -284,8 +282,11 @@ function ensure_afs_servers_synced () { vos release old # technically this might not be necessary, but for good measure... - vos syncserv fritz - vos syncvldb fritz + local srv + for srv in gibran lovelace outpost; do + vos syncserv $srv + vos syncvldb $srv + done # refresh volume location cache (takes ~2hrs otherwise) execute_on_all_machines fs checkvolumes @@ -297,14 +298,16 @@ function ensure_afs_servers_synced () { function create_fcgi_wrapper () { # note: might want to move this to domtool-adduser - local wrapper="/afs/hcoop.net/common/httpd/fastcgi/${PATHBITS}/${NEWUSER}-wrapper-wrapper" - mkdir -p /afs/hcoop.net/common/httpd/fastcgi/${PATHBITS} + local wrapper_dir="/afs/hcoop.net/common/etc/domtool/httpd/fastcgi/${PATHBITS}" + local wrapper="${wrapper_dir}/${NEWUSER}-wrapper-wrapper" + mkdir -p $wrapper_dir cat > $wrapper < 0.8, mail => 0.6, db => 0.4 ); # AFS servers with volumes -our @servers = qw/fritz gibran/; +our @servers = qw/gibran/; # Which volumes we want? # (Your volumes need to be in format (TYPE).USERNAME, otherwise # you will have to modify below where we take .USERNAME to mean -- 2.20.1