Project4/BIRNPortalIssues/sync grid accounts

From CVRG Wiki

Jump to: navigation, search

Image:CVRG_wiki-90x48px.gif Project 4 - BIRNPortalIssues 

#!/bin/bash
#
# sync_grid_accounts
#
# script to maintain consistant grid-mapfiles and local bt* user
# accounts on grid racks.
# C Airriess / BIRN-CC / airriess@ncmir.ucsd.edu
# 02/2004

### Settings ###
HOMEPATH="/export/home" # default home directory path
GRIDFILE="/etc/grid-security/grid-mapfile"
MYHOME="/opt/BIRN/sbin/grid"
GRIDMASTERFILE="/home/srb/grid-security/grid-mapfile.master.asc"
#PAGER="airriess@ncmir.ucsd.edu"
#PAGER="noc@nbirn.net"
PAGER="pjain@ncmir.ucsd.edu"
### /Settings ###

### Die and send warning if we are already running (hanging)
if [ -f $0.lck ]; then
        echo -e "To: $PAGER\nSubject: sync_grid error\n\nHouston, we have a problem (lockfile still exists): dying." | /usr/sbin/sendmail -t -f pjain@`hostname -s`.nbirn.net
        echo "Dying--lockfile present"
        exit
fi

/bin/touch $0.lck

DATE=`/bin/date +'%s'`
cd $MYHOME

### Become srb and grab/decrypt the master grid-mapfile from srb
/bin/su - srb -c "Scat $GRIDMASTERFILE | gpg -dv --yes -o grid-mapfile.master"

if [ -f "/opt/srb/grid-mapfile.master" ] ; then
    chmod 0600 /opt/srb/grid-mapfile.master
    mv /opt/srb/grid-mapfile.master $MYHOME
else
        echo -e "To: $PAGER\nSubject: sync_grid error\n\nHouston, we have a problem (lockfile still exists): dying." | /usr/sbin/sendmail -t -f pjain@`hostname -s`.nbirn.net
        echo "grid-mapfile not fetched on `hostname`!" | mail -s "Problem with grid-mapfile on `hostname`" -c noc@nbirn.net
        echo "Dying--grid-mapfile not decoded"
        exit
fi

### If we got and decrypted the master file, diff it against ours
if [ -f grid-mapfile.master ]; then
        diff $GRIDFILE grid-mapfile.master > grid-mapfile.diff
        /bin/rm -f grid-mapfile.master
fi

### If there are differences (additions or deletions)...
if [ -s grid-mapfile.diff ]; then

        ### Add any new local temporary accounts
        for i in `grep "^>" grid-mapfile.diff | sed "s/.*O=BIRN.*\" //"` ; do
                echo "Creating acct for: $i"
                /usr/sbin/useradd -d $HOMEPATH/$i $i
                if [ "$i" != "awlin" ] && [ "$i" != "airriess" ] ; then
                        /usr/bin/passwd -l $i
                fi
        done

        ### Delete any expired temporary accounts
        for i in `grep "^<" grid-mapfile.diff | sed "s/.*O=BIRN.*\" //"` ; do
                echo "Deleting acct for: $i"
                /usr/sbin/userdel $i
                /bin/rm -rfv $HOMEPATH/$i
        done

        ### Update our local grid-mapfile
        /usr/bin/patch -b $GRIDFILE grid-mapfile.diff

        ### And save the diffs just in case
        /bin/mv -f grid-mapfile.diff grid-mapfile.diff.$DATE

fi

/bin/chmod 0600 $GRIDFILE
/bin/rm -f $0.lck

exit
Retrieved from "http://wiki.cvrgrid.org/index.php/Project4/BIRNPortalIssues/sync_grid_accounts"
Personal tools
Project Infrastructures