Commit 56dc0d3a authored by Mike Hibler's avatar Mike Hibler

Partially completed attempt to get all directory creation/deletion on ops.

Affects user, project and group directories. Gotta take all the directory
creation/removal/moving out of the boss-side scripts and get it into the
ops-side scripts.

Current state is...not even syntactically correct in some scripts!
parent ca1aeaf7
......@@ -34,7 +34,7 @@ use Data::Dumper;
#
# Setup accounts/projects/group stuff on ops/fs. This is installed on
# op/fs and invoked from boss by tbaccy and the proj/group scripts/
# op/fs and invoked from boss by tbacct and the proj/group scripts.
#
sub usage()
{
......@@ -47,10 +47,11 @@ sub usage()
print " accountsetup delgroup ...\n";
exit(1);
}
my $optlist = "dnf";
my $optlist = "dnfR";
my $debug = 0;
my $force = 0;
my $impotent = 0;
my $renamedirs = 0;
#
# Configure variables
......@@ -81,9 +82,17 @@ my $USEREXISTS = 65;
use lib "@prefix@/lib";
use libtestbed;
# Defined in libtestbed;
# Generic names for filesystems
my $USERROOT = USERROOT();
my $PROJROOT = PROJROOT();
my $GROUPROOT = GROUPROOT();
my $SCRATCHROOT = SCRATCHROOT();
# XXX we need the fs mountpoints too
my $FSUSERROOT = "@FSDIR_USERS@";
my $FSPROJROOT = "@FSDIR_PROJ@";
my $FSGROUPROOT = "@FSDIR_GROUPS@";
my $FSSCRATCHROOT = "@FSDIR_SCRATCH@";
#
# Function prototypes
......@@ -97,6 +106,7 @@ sub DelProject();
sub DelGroup();
sub fatal($);
sub ZFSexists($);
sub WhackDir($$);
#
# Check args.
......@@ -114,6 +124,9 @@ if (defined($options{"f"})) {
if (defined($options{"n"})) {
$impotent = 1;
}
if (defined($options{"R"})) {
$renamedirs = 1;
}
usage()
if (@ARGV < 1);
......@@ -224,21 +237,21 @@ sub DeleteUser()
my $user = shift(@ARGV);
my $hdir = shift(@ARGV);
#
# Note that this does NOT remove the user's homedir.
# We remove/rename it below...
#
if (system("$USERDEL $user")) {
if (($? >> 8) != $NOSUCHUSER) {
fatal("Could not remove user $user");
}
}
if ($WITHZFS) {
my $path = "${ZFS_ROOT}${hdir}";
if (ZFSexists($path)) {
system("$ZFS unmount -f $path");
system("$ZFS destroy $path");
if ($?) {
fatal("Could not destroy ZFS $path");
}
}
# XXX we only handle homedirs of the form /users/$user here...
if ($hdir ne "$USERROOT/$user" || WhackDir($USERROOT, $user)) {
fatal("Could not destroy $user homedir $hdir");
}
return 0;
}
......@@ -312,24 +325,12 @@ sub DelProject()
my $name = shift(@ARGV);
my $unix_name = shift(@ARGV);
if ($WITHZFS) {
my $path = "${ZFS_ROOT}${PROJROOT}/$name";
if (ZFSexists($path)) {
system("$ZFS unmount -f $path");
system("$ZFS destroy $path");
if ($?) {
fatal("Could not destroy ZFS $path");
}
}
$path = "${ZFS_ROOT}${GROUPROOT}/$name";
if (ZFSexists($path)) {
system("$ZFS unmount -f $path");
system("$ZFS destroy $path");
if ($?) {
fatal("Could not destroy ZFS $path");
}
}
if (WhackDir($PROJROOT, $name) ||
WhackDir($GROUPROOT, $name) ||
($SCRATCHROOT && WhackDir($SCRATCHROOT, $name))) {
fatal("Could not destroy project '$name' related directories");
}
if (system("egrep -q -s '^${unix_name}:' /etc/group") == 0) {
print "Deleting project $unix_name ...\n";
......@@ -348,6 +349,14 @@ sub DelGroup()
my $name = shift(@ARGV);
my $unix_name = shift(@ARGV);
#
# XXX groups are different because they are a subdirectory under
# /groups/<pid>/.
#
if (WhackDir("$PROJROOT/$name", $name)) {
fatal("Could not destroy project group '$name' related directories");
}
if (system("egrep -q -s '^${unix_name}:' /etc/group") == 0) {
print "Deleting group $unix_name ...\n";
......@@ -376,6 +385,57 @@ sub ZFSexists($)
return ($? ? 0 : 1);
}
sub WhackDir($$)
{
my ($fs,$name) = @_;
if ($renamedirs) {
} else {
}
# users
if ($WITHZFS) {
my $path = "${ZFS_ROOT}${dir}";
if (ZFSexists($path)) {
if ($renamedirs) {
my $npath = "$ZFS_ROOT/_ARCHIVED
if (system("$ZFS rename $path $npath")) {
return $?;
}
} else {
if (system("$ZFS unmount -f $path") ||
system("$ZFS destroy $path")) {
return $?;
}
}
}
return 0;
}
# proj
if ($WITHZFS) {
my $path = "${ZFS_ROOT}${PROJROOT}/$name";
if (ZFSexists($path)) {
system("$ZFS unmount -f $path");
system("$ZFS destroy $path");
if ($?) {
fatal("Could not destroy ZFS $path");
}
}
$path = "${ZFS_ROOT}${GROUPROOT}/$name";
if (ZFSexists($path)) {
system("$ZFS unmount -f $path");
system("$ZFS destroy $path");
if ($?) {
fatal("Could not destroy ZFS $path");
}
}
}
return 0;
}
#
# HUP Mountd after changes to ZFS volumes. Not used, Mike says we
# can do "zfs share -a" instead, but I will leave this code here
......@@ -398,5 +458,3 @@ sub HUPMountd()
# Give mountd time to react.
sleep(1);
}
......@@ -163,7 +163,7 @@ if (AuditStart(0)) {
if (! $group->IsProjectGroup()) {
my $groupdir = "$GRPROOT/$pid";
my $oldname = "$groupdir/$gid";
my $newname = "$groupdir/$gid_idx";
my $newname = "$groupdir/_ARCHIVED-${gid}-${gid_idx}";
my $grouplink = "$PROJROOT/$pid/groups/$gid";
if (-e $grouplink && !unlink($grouplink)) {
......@@ -190,6 +190,34 @@ if (! $group->IsProjectGroup()) {
}
}
}
#
# If this is the project group directory, then rename the /groups directory.
# We should only call this when removing the project!
#
else {
my $oldname = "$GRPROOT/$gid";
my $newname = "$GRPROOT/_ARCHIVED-${gid}-${gid_idx}";
if (-e $oldname) {
print "Renaming $oldname to $newname.\n";
if (rename($oldname, $newname)) {
#
# Chown the owner/group to root and set the permissions so no
# one is allowed to look inside.
#
if (! chmod(0700, $newname)) {
fatal("Could not chmod directory $newname to 0700: $!");
}
if (! chown(0, 0, $newname)) {
fatal("Could not chown directory $newname to 0/0: $!");
}
}
else {
fatal("Could not rename $oldname to $newname: $!");
}
}
}
#
# Remove all members from the group.
......
......@@ -39,6 +39,7 @@ my $TB = "@prefix@";
my $TBOPS = "@TBOPSEMAIL@";
my $CONTROL = "@USERNODE@";
my $WITHZFS = @WITHZFS@;
my $ZFSROOT = @ZFS_ROOT@;
my $MAILMANSUPPORT= @MAILMANSUPPORT@;
my $RMGROUP = "$TB/sbin/rmgroup";
......@@ -46,6 +47,12 @@ my $MODGROUPS= "$TB/sbin/modgroups";
my $DELMMLIST= "$TB/sbin/delmmlist";
my @grouplist= ();
#
# Change this if you really want to remove the directories associated
# with a project. Note: we have never tested the remove path!
#
my $renamedirs = 1;
#
# Untaint the path
#
......@@ -73,6 +80,7 @@ my $SCRATCHROOT = SCRATCHROOT();
# Protos
sub fatal($);
sub removedir($);
#
# We don't want to run this script unless its the real version.
......@@ -132,16 +140,30 @@ if (AuditStart(0)) {
exit(0);
}
my $savename = "${pid}-${pid_idx}";
#
# Rename the project directory.
# Remove or rename the project directory.
#
if (!$WITHZFS && -e "$PROJROOT/$pid") {
if (!removeprojdir($PROJROOT, $pid)) {
my $str = ($renamedirs ? "rename" : "remove");
fatal("Could not $str project directory!");
}
my $savename = "_ARCHIVED-${pid}-${pid_idx}";
if (-e "$PROJROOT/$pid") {
my $rv;
if ($WITHZFS) {
my $oldname = "$ZFSROOT/$pid";
my $newname = "$ZFSROOT/$savename";
$rv = system("zfs rename $oldname $newname");
} else {
my $oldname = "$PROJROOT/$pid";
my $newname = "$PROJROOT/$savename";
if (rename($oldname, $newname)) {
$rv = (rename($oldname, $newname) != 0);
}
if ($rv == 0) {
#
# Chown the owner/group to root and set the permissions so no
# one is allowed to look inside.
......@@ -265,6 +287,50 @@ DBQueryFatal("delete FROM group_features where pid_idx='$pid_idx'");
print "Project $pid has been removed!\n";
exit(0);
#
# Remove or rename a project-related directory.
#
sub removeprojdir($$)
{
my ($fs,$pid) = @_;
my $oldname = "$fs/$pid";
my $newname = "$fs/_ARCHIVED-${pid}-${pid_idx}";
if (-e "$PROJROOT/$pid") {
my $rv;
if ($WITHZFS) {
# XXX need to ssh over to fs to do this
my $oldname = "$ZFSROOT/$pid";
my $newname = "$ZFSROOT/$savename";
$rv = system("zfs rename $oldname $newname");
} else {
my $oldname = "$PROJROOT/$pid";
my $newname = "$PROJROOT/$savename";
$rv = (rename($oldname, $newname) != 0);
}
if ($rv == 0) {
#
# Chown the owner/group to root and set the permissions so no
# one is allowed to look inside.
#
if (! chmod(0700, $newname)) {
fatal("Could not chmod directory $newname to 0700: $!");
}
if (! chown(0, 0, $newname)) {
fatal("Could not chown directory $newname to 0/0: $!");
}
}
else {
fatal("Could not rename proj directory to $newname: $!");
}
}
}
sub fatal($) {
my($mesg) = $_[0];
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment