Research Administration Tasks: Difference between revisions

From Research
Jump to navigation Jump to search
Mmmark (talk | contribs)
No edit summary
Mmmark (talk | contribs)
Customizing Logwatch moved to the page: Customizing Logwatch
Line 86: Line 86:
* quotas
* quotas
** TODO
** TODO
== Customizing Logwatch ==
There are two basic customizations which we often perform:
# increase the header-information with machine-specific info (hardware, admininstrator(s), usage, etc):
# adjust the order of the information - we care very much about disk-usage, and prefer it ''first''
Start by ensuring logwatch is actually installed!  A mail-transport agent (MTA) like Postfix must be installed and working (to receive the daily logwatch summary).
<br>
=== Logwatch Headers ===
Use this template, to create '''/etc/log.d/custom_header''' (ASCII, plain-text file)
Machine info:  Pentium4 2.4GHz, 1GB, GigE, 40GB+120GB, RivaTNT
  Running RedHat 9 Linux
  Located in Research Server Room A (Beta Space, Surrey Campus)
  Used by Davis Marques <dmarques@sfu.ca>
  Into service xxx.  Re-purposed Dec. 15, 2004
  Administered by Gordon Pritchard <gordonp+corsair@sfu.ca>
Another example:
Machine info:  Pentium4 dual-core 3GHz, 2GB, GigE, 80GB, ATI-R300-mobility
  Running Gentoo Linux
  Located in office  525 / The Axis (Beta Space, Surrey Campus)
  Used by Gordon Pritchard <gordonp+zero@sfu.ca)
  Into service September 6, 2005.
  Administered by Gordon Pritchard <gordonp+zero@sfu.ca>
<br>
To include this custom header, we now have to modify the main logwatch Perl script '''logwatch.pl''' to add the bold / red line:
* on a RedHat 9 machine, this file is /etc/log.d/scripts/logwatch.pl:
    $printing = 'y';
    print OUTFILE "\n ################### LogWatch $Version ($VDate) #################### \n";
    print OUTFILE "      Processing Initiated: " . localtime(time) . "\n";
    print OUTFILE "      Date Range Processed: $Config{'range'}\n";
    print OUTFILE "    Detail Level of Output: $Config{'detail'}\n";
    print OUTFILE "          Logfiles for Host: $Config{'hostname'}\n";
    <font color=red>'''print OUTFILE "\n" . `/bin/cat  $BaseDir/custom_header` .  "\n";'''</font>
    print OUTFILE "################################################################ \n\n";
}
* on a Gentoo machine, this file is /usr/sbin/logwatch.pl:
      outline( $index_par, "\n ################### LogWatch $Version ($VDate) #################### \n");
  }
  outline( $index_par, "      Processing Initiated: " . localtime(time) . "\n");
  outline( $index_par, "      Date Range Processed: $Config{'range'}\n");
  outline( $index_par, "                            $print_range\n") if ($Config{'range'} ne 'all');
  outline( $index_par, "                            Period is " . GetPeriod() . ".\n")
      if ($Config{'range'} ne 'all');
  outline( $index_par, "    Detail Level of Output: $Config{'detail'}\n");
  outline( $index_par, "            Type of Output: $Config{'output'}\n");
  outline( $index_par, "          Logfiles for Host: $Config{'hostname'}\n");
  <font color=red>'''outline( $index_par, "\n" . `/bin/cat  $BaseDir/custom_header` .  "\n");'''</font>
 
  if ( $outtype_html or $outtype_htmlembed ) {
  outline( $index_par, "\n");
  } else {
  outline( $index_par, "################################################################## \n");
=== Logwatch Information Order ===
The scripts locate in '''/etc/log.d/scripts/services/''' are run according to their file-name ordering.  Simply renaming a file changes it's relationship to other information.  We should move '''zz-disk_space''' to '''aa-disk_space''' to have our disk-usage appear right after the custom header; as root:
<font color=red>zero</font> <font color=blue>services # </font>'''mv /etc/log.d/scripts/services/zz-disk_space /etc/log.d/scripts/services/aa-disk_space'''
But wait - there's more!!
This disk-space script evolves through the various releases, often suppressing output if nothing prior is printed.  And, (now) as the first entry, nothing prior will '''ever''' get printed :-O  So, we'll strip out all the conditionals, and produce a pared-down script '''/etc/log.d/scripts/services/aa-disk_space''' which forever more will always give us our disk-usage as the first thing:
Gentoo:
#!/bin/bash
##########################################################################
# $Id: aa-disk_space,v 1.8 2005/02/24 17:08:05 kirk Exp $
##########################################################################
 
    echo
    df -hP | head -n1; df -hP | grep '^[/ ]'
RedHat 9:
#!/bin/bash
##########################################################################
# $Id: disk_space,v 1.1 2003/01/13 04:00:59 kirk Exp $
##########################################################################
 
    echo
    echo
    echo "------------------ Disk Space --------------------"
    echo
    df -h
    echo
One more thing to do - there is a corresponding configuration file which we simply move (rename) to align with the above:
* on both Gentoo, and RedHat 9, this file is /etc/log.d/conf/services/zz-disk_space.conf
<font color=red>zero</font> <font color=blue># </font>'''mv /etc/log.d/conf/services/zz-disk_space.conf /etc/log.d/conf/services/aa-disk_space.conf'''
To test it all, invoke the daily logwatch cron-job manually (Gentoo shown; others similar):
<font color=red>zero</font> <font color=blue># </font>'''sh /etc/cron.daily/00-logwatch'''
<br>

Revision as of 21:12, 28 September 2005

Adding Users

  • As root on yamato, run
    /usr/local/sbin/diradm.superadduser '$username' '$email' '$Fullname'
  • Note that a file named '$username' is created in your current directory with the template filled out for mailing (the same file is displayed onscreen).
  • For now, we must:
export DEBUG=1
DEBUG=1 /usr/local/sbin/diradm.superadduser ...
  • The password you are prompted for at the end is for hood
  • Add the newly-created user to our Research Mailing List

Changing a Users Password

This method does not require the old password.

  • As root on hood:
    ldappass $username

Adding Users to a Group

Adding or removing from a group. Uses the same syntax as gpasswd(8).

  • As root on hood: diradm gpasswd (-a|-d) USERNAME GROUP For example:
    diradm gpasswd -a mdeepwel pond

Adding Groups

Adding groups takes the same syntax as groupadd(8).

  • As root on hood:
    diradm groupadd

Adding Projects

  • As root on hood:
    diradm amadd -O $mapbase $key $src
  • '-O' means the default mount options for automount.
  • As root on yamato: create the $src directory now, and give it the approriate permissions. chgrp -R it, and chmod 2771 it.
  • Make the directory. mkdir -p $src
  • Set ownership. chgrp -R $group $src
  • Set permissions. chmod 2771 $src
  • If web content is being served: mkdir -p $src/htdocs ; chmod 2775 $src/htdocs

Adding CVS Repositories

Replace ${foobar} with the name of the repository.

  • On hood, run:
    • diradm amadd -O auto.cvs ${foobar} 209.87.56.240:/export/cvs/${foobar}
  • On yamato, run (assuming there's a previously created group called ${foobar}:
    • cvs -d /export/cvs/${foobar} init
    • chmod -R 2770 /export/cvs/${foobar}
    • chgrp -R foobar /export/cvs/${foobar}
    • The chgrp command can instead be a chown command for a single user repository; group name and cvs repository name don't have to match, either.
  • To access CVS repo, use CVS_RSH="ssh" with URL being :ext:${user}@cvs.iat.sfu.ca:/var/cvsroot/${foobar}
  • Users must be in group cvs in addition to ${foobar} to access the repository!

Adding SVN Repositories

Replace ${foobar} with the name of the repository.

  • On hood, run:
    • diradm amadd -O auto.svn ${foobar} 209.87.56.240:/export/svn/${foobar}
  • On yamato, run (assuming there's a previously created group called ${foobar}:
    • mkdir /export/svn/${foobar}
  • On nelson, run:
    • svnadmin create /var/svnroot/${foobar} --fs-type fsfs
  • On yamato:
    • chmod -R 2770 /export/svn/${foobar}
    • chgrp -R foobar /export/svn/${foobar}

General User Management

  • diradm offers almost all regular POSIX commands, sometimes with a few extra frills. The only commands NOT completely implemented are gpasswd and passwd.
  • Gentoo update procedures (eg, how to update without ever messing up a machine).
    • TODO
  • Welcoming new users; email template or typical wording you've used
    • This is in the diradm.superadduser script, as it fills out the template.
To: $FULLNAME <$EMAIL>
Subject: Research account created - $NEWUSER

Hello $FULLNAME,

Your research account has been created.
Username: $NEWUSER
Password: $NEWPASS

Please visit http://research.iat.sfu.ca/network/changepassword.php to change
your password when you receive this email.

For support with the research network, please email:
help@research.iat.sfu.ca

And include a good description of the entire problem and a suitable subject
line.

Please note that this username/password pair is only valid for the SFU Surrey
Research Network, and is NOT tied into the main SFU authentication systems.
  • quotas
    • TODO