Research Administration Tasks: Difference between revisions

From Research
Jump to navigation Jump to search
← Older editNewer edit →
Mmmark (talk | contribs)
543 edits
add user to group example
Mmmark (talk | contribs)
543 edits
adding users to a group reorganization
Line 1: Line 1:
==Adding users==
== Adding Users ==
* As root on yamato, run {{Commandline | /usr/local/sbin/diradm.superadduser '$username' '$email' '$Fullname'}}
* As root on yamato, run {{Commandline | /usr/local/sbin/diradm.superadduser '$username' '$email' '$Fullname'}}
* Note that a file named '$username' is created in your current directory with the template filled out for mailing (the same file is displayed onscreen).
* Note that a file named '$username' is created in your current directory with the template filled out for mailing (the same file is displayed onscreen).
Line 7: Line 7:
* The password you are prompted for at the end is '''for hood'''
* The password you are prompted for at the end is '''for hood'''
* Add the newly-created user to our [http://bismarck.iat.sfu.ca/mailman/admin/research/ Research Mailing List]
* Add the newly-created user to our [http://bismarck.iat.sfu.ca/mailman/admin/research/ Research Mailing List]
==Adding groups==
 
* As root on hood, diradm groupadd
== Adding Users to a Group ==
Adding or removing from a group. Uses the same syntax as gpasswd(8).
* As root on hood, diradm gpasswd (-a|-d) USERNAME GROUP For example: {{Commandline | diradm gpasswd -a mdeepwel pond}}
 
== Adding Groups ==
* same syntax as groupadd(8).
* same syntax as groupadd(8).
Adding or removing users from a group:
* As root on hood, {{Commandline | diradm groupadd}}
* same syntax as gpasswd(8)
* As root on hood, diradm gpasswd (-a|-d) USERNAME GROUP
{{Commandline | diradm gpasswd -a mdeepwel pond}}


==Adding projects==
== Adding Projects ==
* As root on hood: {{Commandline | diradm amadd -O $mapbase $key $src}}
* As root on hood: {{Commandline | diradm amadd -O $mapbase $key $src}}
* '-O' means the default mount options for automount.
* '-O' means the default mount options for automount.
Line 24: Line 25:
* If web content is being served: mkdir -p $src/htdocs ; chmod 2775 $src/htdocs  
* If web content is being served: mkdir -p $src/htdocs ; chmod 2775 $src/htdocs  


== Adding CVS repositories ==
== Adding CVS Repositories ==
* On hood, run ''diradm amadd -O auto.cvs ${foobar} 209.87.56.240:/export/cvs/${foobar}''
* On hood, run ''diradm amadd -O auto.cvs ${foobar} 209.87.56.240:/export/cvs/${foobar}''
** Replace ''${foobar}'' with the name of the repository
** Replace ''${foobar}'' with the name of the repository
Line 35: Line 36:
* Users must be in group cvs in addition to ${foobar} to access the repository!
* Users must be in group cvs in addition to ${foobar} to access the repository!


== Adding SVN repositories ==
== Adding SVN Repositories ==
* On hood, run ''diradm amadd -O auto.svn ${foobar} 209.87.56.240:/export/svn/${foobar}''
* On hood, run ''diradm amadd -O auto.svn ${foobar} 209.87.56.240:/export/svn/${foobar}''
** Replace ''${foobar}'' with the name of the repository
** Replace ''${foobar}'' with the name of the repository
Line 45: Line 46:
* Users must be in group cvs in addition to ${foobar} to access the repository!
* Users must be in group cvs in addition to ${foobar} to access the repository!


== General user management ==
== General User Management ==
* diradm offers almost all regular POSIX commands, sometimes with a few extra frills. The only commands NOT completely implemented are gpasswd and passwd.
* diradm offers almost all regular POSIX commands, sometimes with a few extra frills. The only commands NOT completely implemented are gpasswd and passwd.
* Gentoo update procedures (eg, how to update without ever messing up a machine).
* Gentoo update procedures (eg, how to update without ever messing up a machine).
Line 77: Line 78:




==Customizing Logwatch==
== Customizing Logwatch ==
There are two basic customizations which we often perform:
There are two basic customizations which we often perform:
# increase the header-information with machine-specific info (hardware, admininstrator(s), usage, etc):
# increase the header-information with machine-specific info (hardware, admininstrator(s), usage, etc):
Line 83: Line 84:
Start by ensuring logwatch is actually installed!  A mail-transport agent (MTA) like Postfix must be installed and working (to receive the daily logwatch summary).
Start by ensuring logwatch is actually installed!  A mail-transport agent (MTA) like Postfix must be installed and working (to receive the daily logwatch summary).
<br>
<br>
===Logwatch Headers===
=== Logwatch Headers ===
Use this template, to create '''/etc/log.d/custom_header''' (ASCII, plain-text file)
Use this template, to create '''/etc/log.d/custom_header''' (ASCII, plain-text file)
  Machine info:  Pentium4 2.4GHz, 1GB, GigE, 40GB+120GB, RivaTNT
  Machine info:  Pentium4 2.4GHz, 1GB, GigE, 40GB+120GB, RivaTNT
Line 128: Line 129:
   outline( $index_par, "################################################################## \n");
   outline( $index_par, "################################################################## \n");


===Logwatch Information Order===
=== Logwatch Information Order ===
The scripts locate in '''/etc/log.d/scripts/services/''' are run according to their file-name ordering.  Simply renaming a file changes it's relationship to other information.  We should move '''zz-disk_space''' to '''aa-disk_space''' to have our disk-usage appear right after the custom header; as root:
The scripts locate in '''/etc/log.d/scripts/services/''' are run according to their file-name ordering.  Simply renaming a file changes it's relationship to other information.  We should move '''zz-disk_space''' to '''aa-disk_space''' to have our disk-usage appear right after the custom header; as root:


Revision as of 03:51, 21 September 2005

Adding Users

  • As root on yamato, run
    /usr/local/sbin/diradm.superadduser '$username' '$email' '$Fullname'
  • Note that a file named '$username' is created in your current directory with the template filled out for mailing (the same file is displayed onscreen).
  • For now, we must:
export DEBUG=1
DEBUG=1 /usr/local/sbin/diradm.superadduser ...
  • The password you are prompted for at the end is for hood
  • Add the newly-created user to our Research Mailing List

Adding Users to a Group

Adding or removing from a group. Uses the same syntax as gpasswd(8).

  • As root on hood, diradm gpasswd (-a|-d) USERNAME GROUP For example:
    diradm gpasswd -a mdeepwel pond

Adding Groups

  • same syntax as groupadd(8).
  • As root on hood,
    diradm groupadd

Adding Projects

  • As root on hood:
    diradm amadd -O $mapbase $key $src
  • '-O' means the default mount options for automount.
  • As root on yamato: create the $src directory now, and give it the approriate permissions. chgrp -R it, and chmod 2771 it.
  • Make the directory. mkdir -p $src
  • Set ownership. chgrp -R $group $src
  • Set permissions. chmod 2771 $src
  • If web content is being served: mkdir -p $src/htdocs ; chmod 2775 $src/htdocs

Adding CVS Repositories

  • On hood, run diradm amadd -O auto.cvs ${foobar} 209.87.56.240:/export/cvs/${foobar}
    • Replace ${foobar} with the name of the repository
  • On yamato, run (assuming there's a previously created group called ${foobar}:
    • cvs -d /export/cvs/${foobar} init
    • chmod -R 2770 /export/cvs/${foobar}
    • chgrp foobar /export/cvs/${foobar}
    • The chgrp command can instead be a chown command for a single user repository; group name and cvs repository name don't have to match, either.
  • To access CVS repo, use CVS_RSH="ssh" with URL being :ext:${user}@cvs.iat.sfu.ca:/var/cvsroot/${foobar}
  • Users must be in group cvs in addition to ${foobar} to access the repository!

Adding SVN Repositories

  • On hood, run diradm amadd -O auto.svn ${foobar} 209.87.56.240:/export/svn/${foobar}
    • Replace ${foobar} with the name of the repository
  • On yamato, run (assuming there's a previously created group called ${foobar}:
    • chmod -R 2770 /export/cvs/${foobar}
    • chgrp foobar /export/cvs/${foobar}
  • On nelson, run svnadmin create /var/svnroot/${foobar} --fs-type fsfs
  • Repo URL is svn+ssh://${user}@cvs.iat.sfu.ca/var/svnroot/${foobar}
  • Users must be in group cvs in addition to ${foobar} to access the repository!

General User Management

  • diradm offers almost all regular POSIX commands, sometimes with a few extra frills. The only commands NOT completely implemented are gpasswd and passwd.
  • Gentoo update procedures (eg, how to update without ever messing up a machine).
    • TODO
  • Welcoming new users; email template or typical wording you've used
    • This is in the diradm.superadduser script, as it fills out the template.
To: $FULLNAME <$EMAIL>
Subject: Research account created - $NEWUSER

Hello $FULLNAME,

Your research account has been created.
Username: $NEWUSER
Password: $NEWPASS

Please visit http://research.iat.sfu.ca/network/changepassword.php to change
your password when you receive this email.

For support with the research network, please email:
help@research.iat.sfu.ca

And include a good description of the entire problem and a suitable subject
line.

Please note that this username/password pair is only valid for the SFU Surrey
Research Network, and is NOT tied into the main SFU authentication systems.
  • quotas
    • TODO


Customizing Logwatch

There are two basic customizations which we often perform:

  1. increase the header-information with machine-specific info (hardware, admininstrator(s), usage, etc):
  2. adjust the order of the information - we care very much about disk-usage, and prefer it first

Start by ensuring logwatch is actually installed! A mail-transport agent (MTA) like Postfix must be installed and working (to receive the daily logwatch summary).

Logwatch Headers

Use this template, to create /etc/log.d/custom_header (ASCII, plain-text file) 

Machine info:  Pentium4 2.4GHz, 1GB, GigE, 40GB+120GB, RivaTNT
 Running RedHat 9 Linux
 Located in Research Server Room A (Beta Space, Surrey Campus)
 Used by Davis Marques <dmarques@sfu.ca>
 Into service xxx.  Re-purposed Dec. 15, 2004
 Administered by Gordon Pritchard <gordonp+corsair@sfu.ca>

Another example: 

Machine info:  Pentium4 dual-core 3GHz, 2GB, GigE, 80GB, ATI-R300-mobility
 Running Gentoo Linux
 Located in office  525 / The Axis (Beta Space, Surrey Campus)
 Used by Gordon Pritchard <gordonp+zero@sfu.ca)
 Into service September 6, 2005.
 Administered by Gordon Pritchard <gordonp+zero@sfu.ca>


To include this custom header, we now have to modify the main logwatch Perl script logwatch.pl to add the bold / red line:

  • on a RedHat 9 machine, this file is /etc/log.d/scripts/logwatch.pl:
   $printing = 'y';
   print OUTFILE "\n ################### LogWatch $Version ($VDate) #################### \n";
   print OUTFILE "       Processing Initiated: " . localtime(time) . "\n";
   print OUTFILE "       Date Range Processed: $Config{'range'}\n";
   print OUTFILE "     Detail Level of Output: $Config{'detail'}\n";
   print OUTFILE "          Logfiles for Host: $Config{'hostname'}\n";
   print OUTFILE "\n" . `/bin/cat  $BaseDir/custom_header` .  "\n";
   print OUTFILE "################################################################ \n\n";
}
  • on a Gentoo machine, this file is /usr/sbin/logwatch.pl:
      outline( $index_par, "\n ################### LogWatch $Version ($VDate) #################### \n");
  }
  outline( $index_par, "       Processing Initiated: " . localtime(time) . "\n");
  outline( $index_par, "       Date Range Processed: $Config{'range'}\n");
  outline( $index_par, "                             $print_range\n") if ($Config{'range'} ne 'all');
  outline( $index_par, "                             Period is " . GetPeriod() . ".\n")
     if ($Config{'range'} ne 'all');
  outline( $index_par, "     Detail Level of Output: $Config{'detail'}\n");
  outline( $index_par, "             Type of Output: $Config{'output'}\n");
  outline( $index_par, "          Logfiles for Host: $Config{'hostname'}\n");
  outline( $index_par, "\n" . `/bin/cat  $BaseDir/custom_header` .  "\n");
 
  if ( $outtype_html or $outtype_htmlembed ) {
  outline( $index_par, "\n");
  } else {
  outline( $index_par, "################################################################## \n");

Logwatch Information Order

The scripts locate in /etc/log.d/scripts/services/ are run according to their file-name ordering. Simply renaming a file changes it's relationship to other information. We should move zz-disk_space to aa-disk_space to have our disk-usage appear right after the custom header; as root: 

zero services # mv /etc/log.d/scripts/services/zz-disk_space /etc/log.d/scripts/services/aa-disk_space

But wait - there's more!! This disk-space script evolves through the various releases, often suppressing output if nothing prior is printed. And, (now) as the first entry, nothing prior will ever get printed :-O So, we'll strip out all the conditionals, and produce a pared-down script /etc/log.d/scripts/services/aa-disk_space which forever more will always give us our disk-usage as the first thing:

Gentoo: 

#!/bin/bash
##########################################################################
# $Id: aa-disk_space,v 1.8 2005/02/24 17:08:05 kirk Exp $
##########################################################################
 
    echo
    df -hP | head -n1; df -hP | grep '^[/ ]'

RedHat 9: 

#!/bin/bash
##########################################################################
# $Id: disk_space,v 1.1 2003/01/13 04:00:59 kirk Exp $
##########################################################################
 
   echo
   echo
   echo "------------------ Disk Space --------------------"
   echo
   df -h
   echo


One more thing to do - there is a corresponding configuration file which we simply move (rename) to align with the above:

  • on both Gentoo, and RedHat 9, this file is /etc/log.d/conf/services/zz-disk_space.conf
zero # mv /etc/log.d/conf/services/zz-disk_space.conf /etc/log.d/conf/services/aa-disk_space.conf

To test it all, invoke the daily logwatch cron-job manually (Gentoo shown; others similar): 

zero # sh /etc/cron.daily/00-logwatch


Retrieved from "https://research.iat.sfu.ca/research/index.php?title=Research_Administration_Tasks&oldid=579"