Commit 56dc0d3a authored by Mike Hibler's avatar Mike Hibler

Partially completed attempt to get all directory creation/deletion on ops.

Affects user, project and group directories. Gotta take all the directory
creation/removal/moving out of the boss-side scripts and get it into the
ops-side scripts.

Current state is...not even syntactically correct in some scripts!
parent ca1aeaf7
...@@ -34,7 +34,7 @@ use Data::Dumper; ...@@ -34,7 +34,7 @@ use Data::Dumper;
# #
# Setup accounts/projects/group stuff on ops/fs. This is installed on # Setup accounts/projects/group stuff on ops/fs. This is installed on
# op/fs and invoked from boss by tbaccy and the proj/group scripts/ # op/fs and invoked from boss by tbacct and the proj/group scripts.
# #
sub usage() sub usage()
{ {
...@@ -47,10 +47,11 @@ sub usage() ...@@ -47,10 +47,11 @@ sub usage()
print " accountsetup delgroup ...\n"; print " accountsetup delgroup ...\n";
exit(1); exit(1);
} }
my $optlist = "dnf"; my $optlist = "dnfR";
my $debug = 0; my $debug = 0;
my $force = 0; my $force = 0;
my $impotent = 0; my $impotent = 0;
my $renamedirs = 0;
# #
# Configure variables # Configure variables
...@@ -81,9 +82,17 @@ my $USEREXISTS = 65; ...@@ -81,9 +82,17 @@ my $USEREXISTS = 65;
use lib "@prefix@/lib"; use lib "@prefix@/lib";
use libtestbed; use libtestbed;
# Defined in libtestbed; # Generic names for filesystems
my $USERROOT = USERROOT();
my $PROJROOT = PROJROOT(); my $PROJROOT = PROJROOT();
my $GROUPROOT = GROUPROOT(); my $GROUPROOT = GROUPROOT();
my $SCRATCHROOT = SCRATCHROOT();
# XXX we need the fs mountpoints too
my $FSUSERROOT = "@FSDIR_USERS@";
my $FSPROJROOT = "@FSDIR_PROJ@";
my $FSGROUPROOT = "@FSDIR_GROUPS@";
my $FSSCRATCHROOT = "@FSDIR_SCRATCH@";
# #
# Function prototypes # Function prototypes
...@@ -97,6 +106,7 @@ sub DelProject(); ...@@ -97,6 +106,7 @@ sub DelProject();
sub DelGroup(); sub DelGroup();
sub fatal($); sub fatal($);
sub ZFSexists($); sub ZFSexists($);
sub WhackDir($$);
# #
# Check args. # Check args.
...@@ -114,6 +124,9 @@ if (defined($options{"f"})) { ...@@ -114,6 +124,9 @@ if (defined($options{"f"})) {
if (defined($options{"n"})) { if (defined($options{"n"})) {
$impotent = 1; $impotent = 1;
} }
if (defined($options{"R"})) {
$renamedirs = 1;
}
usage() usage()
if (@ARGV < 1); if (@ARGV < 1);
...@@ -224,21 +237,21 @@ sub DeleteUser() ...@@ -224,21 +237,21 @@ sub DeleteUser()
my $user = shift(@ARGV); my $user = shift(@ARGV);
my $hdir = shift(@ARGV); my $hdir = shift(@ARGV);
#
# Note that this does NOT remove the user's homedir.
# We remove/rename it below...
#
if (system("$USERDEL $user")) { if (system("$USERDEL $user")) {
if (($? >> 8) != $NOSUCHUSER) { if (($? >> 8) != $NOSUCHUSER) {
fatal("Could not remove user $user"); fatal("Could not remove user $user");
} }
} }
if ($WITHZFS) {
my $path = "${ZFS_ROOT}${hdir}"; # XXX we only handle homedirs of the form /users/$user here...
if (ZFSexists($path)) { if ($hdir ne "$USERROOT/$user" || WhackDir($USERROOT, $user)) {
system("$ZFS unmount -f $path"); fatal("Could not destroy $user homedir $hdir");
system("$ZFS destroy $path");
if ($?) {
fatal("Could not destroy ZFS $path");
}
}
} }
return 0; return 0;
} }
...@@ -312,24 +325,12 @@ sub DelProject() ...@@ -312,24 +325,12 @@ sub DelProject()
my $name = shift(@ARGV); my $name = shift(@ARGV);
my $unix_name = shift(@ARGV); my $unix_name = shift(@ARGV);
if ($WITHZFS) { if (WhackDir($PROJROOT, $name) ||
my $path = "${ZFS_ROOT}${PROJROOT}/$name"; WhackDir($GROUPROOT, $name) ||
if (ZFSexists($path)) { ($SCRATCHROOT && WhackDir($SCRATCHROOT, $name))) {
system("$ZFS unmount -f $path"); fatal("Could not destroy project '$name' related directories");
system("$ZFS destroy $path");
if ($?) {
fatal("Could not destroy ZFS $path");
}
}
$path = "${ZFS_ROOT}${GROUPROOT}/$name";
if (ZFSexists($path)) {
system("$ZFS unmount -f $path");
system("$ZFS destroy $path");
if ($?) {
fatal("Could not destroy ZFS $path");
}
}
} }
if (system("egrep -q -s '^${unix_name}:' /etc/group") == 0) { if (system("egrep -q -s '^${unix_name}:' /etc/group") == 0) {
print "Deleting project $unix_name ...\n"; print "Deleting project $unix_name ...\n";
...@@ -348,6 +349,14 @@ sub DelGroup() ...@@ -348,6 +349,14 @@ sub DelGroup()
my $name = shift(@ARGV); my $name = shift(@ARGV);
my $unix_name = shift(@ARGV); my $unix_name = shift(@ARGV);
#
# XXX groups are different because they are a subdirectory under
# /groups/<pid>/.
#
if (WhackDir("$PROJROOT/$name", $name)) {
fatal("Could not destroy project group '$name' related directories");
}
if (system("egrep -q -s '^${unix_name}:' /etc/group") == 0) { if (system("egrep -q -s '^${unix_name}:' /etc/group") == 0) {
print "Deleting group $unix_name ...\n"; print "Deleting group $unix_name ...\n";
...@@ -376,6 +385,57 @@ sub ZFSexists($) ...@@ -376,6 +385,57 @@ sub ZFSexists($)
return ($? ? 0 : 1); return ($? ? 0 : 1);
} }
sub WhackDir($$)
{
my ($fs,$name) = @_;
if ($renamedirs) {
} else {
}
# users
if ($WITHZFS) {
my $path = "${ZFS_ROOT}${dir}";
if (ZFSexists($path)) {
if ($renamedirs) {
my $npath = "$ZFS_ROOT/_ARCHIVED
if (system("$ZFS rename $path $npath")) {
return $?;
}
} else {
if (system("$ZFS unmount -f $path") ||
system("$ZFS destroy $path")) {
return $?;
}
}
}
return 0;
}
# proj
if ($WITHZFS) {
my $path = "${ZFS_ROOT}${PROJROOT}/$name";
if (ZFSexists($path)) {
system("$ZFS unmount -f $path");
system("$ZFS destroy $path");
if ($?) {
fatal("Could not destroy ZFS $path");
}
}
$path = "${ZFS_ROOT}${GROUPROOT}/$name";
if (ZFSexists($path)) {
system("$ZFS unmount -f $path");
system("$ZFS destroy $path");
if ($?) {
fatal("Could not destroy ZFS $path");
}
}
}
return 0;
}
# #
# HUP Mountd after changes to ZFS volumes. Not used, Mike says we # HUP Mountd after changes to ZFS volumes. Not used, Mike says we
# can do "zfs share -a" instead, but I will leave this code here # can do "zfs share -a" instead, but I will leave this code here
...@@ -398,5 +458,3 @@ sub HUPMountd() ...@@ -398,5 +458,3 @@ sub HUPMountd()
# Give mountd time to react. # Give mountd time to react.
sleep(1); sleep(1);
} }
...@@ -163,7 +163,7 @@ if (AuditStart(0)) { ...@@ -163,7 +163,7 @@ if (AuditStart(0)) {
if (! $group->IsProjectGroup()) { if (! $group->IsProjectGroup()) {
my $groupdir = "$GRPROOT/$pid"; my $groupdir = "$GRPROOT/$pid";
my $oldname = "$groupdir/$gid"; my $oldname = "$groupdir/$gid";
my $newname = "$groupdir/$gid_idx"; my $newname = "$groupdir/_ARCHIVED-${gid}-${gid_idx}";
my $grouplink = "$PROJROOT/$pid/groups/$gid"; my $grouplink = "$PROJROOT/$pid/groups/$gid";
if (-e $grouplink && !unlink($grouplink)) { if (-e $grouplink && !unlink($grouplink)) {
...@@ -190,6 +190,34 @@ if (! $group->IsProjectGroup()) { ...@@ -190,6 +190,34 @@ if (! $group->IsProjectGroup()) {
} }
} }
} }
#
# If this is the project group directory, then rename the /groups directory.
# We should only call this when removing the project!
#
else {
my $oldname = "$GRPROOT/$gid";
my $newname = "$GRPROOT/_ARCHIVED-${gid}-${gid_idx}";
if (-e $oldname) {
print "Renaming $oldname to $newname.\n";
if (rename($oldname, $newname)) {
#
# Chown the owner/group to root and set the permissions so no
# one is allowed to look inside.
#
if (! chmod(0700, $newname)) {
fatal("Could not chmod directory $newname to 0700: $!");
}
if (! chown(0, 0, $newname)) {
fatal("Could not chown directory $newname to 0/0: $!");
}
}
else {
fatal("Could not rename $oldname to $newname: $!");
}
}
}
# #
# Remove all members from the group. # Remove all members from the group.
......
...@@ -39,6 +39,7 @@ my $TB = "@prefix@"; ...@@ -39,6 +39,7 @@ my $TB = "@prefix@";
my $TBOPS = "@TBOPSEMAIL@"; my $TBOPS = "@TBOPSEMAIL@";
my $CONTROL = "@USERNODE@"; my $CONTROL = "@USERNODE@";
my $WITHZFS = @WITHZFS@; my $WITHZFS = @WITHZFS@;
my $ZFSROOT = @ZFS_ROOT@;
my $MAILMANSUPPORT= @MAILMANSUPPORT@; my $MAILMANSUPPORT= @MAILMANSUPPORT@;
my $RMGROUP = "$TB/sbin/rmgroup"; my $RMGROUP = "$TB/sbin/rmgroup";
...@@ -46,6 +47,12 @@ my $MODGROUPS= "$TB/sbin/modgroups"; ...@@ -46,6 +47,12 @@ my $MODGROUPS= "$TB/sbin/modgroups";
my $DELMMLIST= "$TB/sbin/delmmlist"; my $DELMMLIST= "$TB/sbin/delmmlist";
my @grouplist= (); my @grouplist= ();
#
# Change this if you really want to remove the directories associated
# with a project. Note: we have never tested the remove path!
#
my $renamedirs = 1;
# #
# Untaint the path # Untaint the path
# #
...@@ -73,6 +80,7 @@ my $SCRATCHROOT = SCRATCHROOT(); ...@@ -73,6 +80,7 @@ my $SCRATCHROOT = SCRATCHROOT();
# Protos # Protos
sub fatal($); sub fatal($);
sub removedir($);
# #
# We don't want to run this script unless its the real version. # We don't want to run this script unless its the real version.
...@@ -132,26 +140,40 @@ if (AuditStart(0)) { ...@@ -132,26 +140,40 @@ if (AuditStart(0)) {
exit(0); exit(0);
} }
my $savename = "${pid}-${pid_idx}";
# #
# Rename the project directory. # Remove or rename the project directory.
# #
if (!$WITHZFS && -e "$PROJROOT/$pid") { if (!removeprojdir($PROJROOT, $pid)) {
my $oldname = "$PROJROOT/$pid"; my $str = ($renamedirs ? "rename" : "remove");
my $newname = "$PROJROOT/$savename"; fatal("Could not $str project directory!");
}
if (rename($oldname, $newname)) { my $savename = "_ARCHIVED-${pid}-${pid_idx}";
# if (-e "$PROJROOT/$pid") {
# Chown the owner/group to root and set the permissions so no my $rv;
# one is allowed to look inside.
# if ($WITHZFS) {
if (! chmod(0700, $newname)) { my $oldname = "$ZFSROOT/$pid";
fatal("Could not chmod directory $newname to 0700: $!"); my $newname = "$ZFSROOT/$savename";
}
if (! chown(0, 0, $newname)) { $rv = system("zfs rename $oldname $newname");
fatal("Could not chown directory $newname to 0/0: $!"); } else {
} my $oldname = "$PROJROOT/$pid";
my $newname = "$PROJROOT/$savename";
$rv = (rename($oldname, $newname) != 0);
}
if ($rv == 0) {
#
# Chown the owner/group to root and set the permissions so no
# one is allowed to look inside.
#
if (! chmod(0700, $newname)) {
fatal("Could not chmod directory $newname to 0700: $!");
}
if (! chown(0, 0, $newname)) {
fatal("Could not chown directory $newname to 0/0: $!");
}
} }
else { else {
fatal("Could not rename proj directory to $newname: $!"); fatal("Could not rename proj directory to $newname: $!");
...@@ -265,6 +287,50 @@ DBQueryFatal("delete FROM group_features where pid_idx='$pid_idx'"); ...@@ -265,6 +287,50 @@ DBQueryFatal("delete FROM group_features where pid_idx='$pid_idx'");
print "Project $pid has been removed!\n"; print "Project $pid has been removed!\n";
exit(0); exit(0);
#
# Remove or rename a project-related directory.
#
sub removeprojdir($$)
{
my ($fs,$pid) = @_;
my $oldname = "$fs/$pid";
my $newname = "$fs/_ARCHIVED-${pid}-${pid_idx}";
if (-e "$PROJROOT/$pid") {
my $rv;
if ($WITHZFS) {
# XXX need to ssh over to fs to do this
my $oldname = "$ZFSROOT/$pid";
my $newname = "$ZFSROOT/$savename";
$rv = system("zfs rename $oldname $newname");
} else {
my $oldname = "$PROJROOT/$pid";
my $newname = "$PROJROOT/$savename";
$rv = (rename($oldname, $newname) != 0);
}
if ($rv == 0) {
#
# Chown the owner/group to root and set the permissions so no
# one is allowed to look inside.
#
if (! chmod(0700, $newname)) {
fatal("Could not chmod directory $newname to 0700: $!");
}
if (! chown(0, 0, $newname)) {
fatal("Could not chown directory $newname to 0/0: $!");
}
}
else {
fatal("Could not rename proj directory to $newname: $!");
}
}
}
sub fatal($) { sub fatal($) {
my($mesg) = $_[0]; my($mesg) = $_[0];
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment