Contents 1 Remctl 1.1 Config files 1.2 Scripts 1.3 Poseidon 1.4 Hermes 1.5 Dionysus 1.6 Demeter 1.7 Shellservers

Remctl

Here is a list of all the remctl commands that are running on various UGCS servers. In general, scripts get put in /usr/local/share/remctl or /usr/local/lib/remctl. The command configurations are in /etc/remctl/conf.d, and that will point to the paths if they're somewhere else.

Note: these lists are probably horribly out of date.

You can run a remctl command by running "remctl <host> <package> <task> [arg1 arg2 ...]". An example is

remctl hermes mailman create mylist

to create a new list. Note that you cannot pipe anything to standard input, but you do get stdout, stderr, and the correct exit code.

Config files

Remctld is controlled by files in /etc/remctl/conf.d. These are conf files of the format

package task executable aclspec

Package and task are so remctl knows which one to run- they are completely arbitrary (usual name restrictions apply). Executable is the program that should be run. It needs to be +x, but not suid. aclspec is usually a file (typically in /etc/remctl/acl), which is a list of users authorized to run this script (one on a line, like jdhutchin@UGCS.CALTECH.EDU). It can also be "ANYUSER", which means anyone with a valid kerberos token can run it.

An example is:

mailman create  /usr/local/lib/remctl/create_mailinglist ANYUSER

Scripts

Scripts should be pretty robust, since they are being run as root. Particularly, double-check anything being used in a command or filename. For anything more than slightly complicated, a python script is preferred over a shell script- it makes it much easier to validate input. The following environment variables are set:

• REMOTE_USER: kerberos name (xxx@UGCS.CALTECH.EDU) of the remote user
• REMOTE_IP: ip of remote host

Poseidon

• postgres
  • setup-tsearch2: Installs tsearch2 for the current user
  • setup-plpgsql: Installs plpgsql for the current user

Hermes

• mailman (/usr/local/lib/remctl)
  • create <list>: creates the named list
  • mylists: lists all lists owned by the current user
  • list_members <list>: lists members of the named list (you must be the list owner)
  • list_owners <list>: lists the owners of the named list
  • add_members <list> <member1> [member2 ...]: Adds users to the list. No notifications are sent
  • remove_members <list> <member1> [ member2 ...]: Removes users from the list
  • set_spam_tag <list> <level> Sets amavisSpamTag2Level to level for the list
  • set_spam_kill <list> <level> Sets amavisSpamKillLevel to level for the list

Dionysus

• jobs
  • remove <filename>: removes the specified job drop file if it is owned by the caller
• kadmin
  • create <name> <password>: creates the named principal (and the _cgi one as well) for the account creator. All principals are created disabled and will have to be enabled by a sysadmin.

Demeter

• There are a couple on demeter that deal with updating apache config files after a vhost is changed. They are on here to help deal with the possibility of having multiple web servers.
• vhost
  • setup: creates a folder for the user in /afs/.ugcs/drop/vhost
  • update: re-creates the apache configuration files for a user's vhosts, and reloads apache unless /etc/apache2/noreload is present

Shellservers

• apt
  • update: Runs aptitude update
  • update_db: Re-copies /var/cache/debconf/db and the dpkg selection list from the image server
  • set_selections: Makes our current selections match the selection list. An intelligent python program compares the list and figures out the necessary diffs.