Remctl
From UGCS
(Difference between revisions)
(→Remctl) |
(→Remctl) |
||
| (9 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
=Remctl= | =Remctl= | ||
| − | Here is a list of all the remctl commands that are running on various UGCS servers: | + | Here is a list of all the remctl commands that are running on various UGCS servers. In general, scripts get put in /usr/local/share/remctl or /usr/local/lib/remctl. The command configurations are in /etc/remctl/conf.d, and that will point to the paths if they're somewhere else. |
| + | |||
| + | Note: these lists are probably horribly out of date. | ||
| + | |||
| + | You can run a remctl command by running "remctl <host> <package> <task> [arg1 arg2 ...]". An example is | ||
| + | remctl hermes mailman create mylist | ||
| + | to create a new list. Note that you cannot pipe anything to standard input, but you do get stdout, stderr, and the correct exit code. | ||
| + | |||
| + | ==Config files== | ||
| + | Remctld is controlled by files in /etc/remctl/conf.d. These are conf files of the format | ||
| + | package task executable aclspec | ||
| + | Package and task are so remctl knows which one to run- they are completely arbitrary (usual name restrictions apply). Executable is the program that should be run. It needs to be +x, but not suid. aclspec is usually a file (typically in /etc/remctl/acl), which is a list of users authorized to run this script (one on a line, like jdhutchin@UGCS.CALTECH.EDU). It can also be "ANYUSER", which means anyone with a valid kerberos token can run it. | ||
| + | |||
| + | An example is: | ||
| + | mailman create /usr/local/lib/remctl/create_mailinglist ANYUSER | ||
| + | |||
| + | ==Scripts== | ||
| + | Scripts should be pretty robust, since they are being run as root. Particularly, double-check anything being used in a command or filename. For anything more than slightly complicated, a python script is preferred over a shell script- it makes it much easier to validate input. The following environment variables are set: | ||
| + | * REMOTE_USER: kerberos name (xxx@UGCS.CALTECH.EDU) of the remote user | ||
| + | * REMOTE_IP: ip of remote host | ||
==Poseidon== | ==Poseidon== | ||
| + | * postgres | ||
| + | ** setup-tsearch2: Installs tsearch2 for the current user | ||
| + | ** setup-plpgsql: Installs plpgsql for the current user | ||
| + | |||
| + | ==Hermes== | ||
| + | * mailman (/usr/local/lib/remctl) | ||
| + | ** create <list>: creates the named list | ||
| + | ** mylists: lists all lists owned by the current user | ||
| + | ** list_members <list>: lists members of the named list (you must be the list owner) | ||
| + | ** list_owners <list>: lists the owners of the named list | ||
| + | ** add_members <list> <member1> [member2 ...]: Adds users to the list. No notifications are sent | ||
| + | ** remove_members <list> <member1> [ member2 ...]: Removes users from the list | ||
| + | ** set_spam_tag <list> <level> Sets amavisSpamTag2Level to level for the list | ||
| + | ** set_spam_kill <list> <level> Sets amavisSpamKillLevel to level for the list | ||
| + | |||
| + | |||
| + | ==Dionysus== | ||
| + | * jobs | ||
| + | ** remove <filename>: removes the specified job drop file if it is owned by the caller | ||
| + | * kadmin | ||
| + | ** create <name> <password>: creates the named principal (and the _cgi one as well) for the account creator. All principals are created disabled and will have to be enabled by a sysadmin. | ||
| + | |||
| + | ==Demeter== | ||
| + | * There are a couple on demeter that deal with updating apache config files after a vhost is changed. They are on here to help deal with the possibility of having multiple web servers. | ||
* vhost | * vhost | ||
** setup: creates a folder for the user in /afs/.ugcs/drop/vhost | ** setup: creates a folder for the user in /afs/.ugcs/drop/vhost | ||
** update: re-creates the apache configuration files for a user's vhosts, and reloads apache unless /etc/apache2/noreload is present | ** update: re-creates the apache configuration files for a user's vhosts, and reloads apache unless /etc/apache2/noreload is present | ||
| − | == | + | ==Shellservers== |
| − | * | + | * apt |
| − | ** | + | ** update: Runs aptitude update |
| + | ** update_db: Re-copies /var/cache/debconf/db and the dpkg selection list from the image server | ||
| + | ** set_selections: Makes our current selections match the selection list. An intelligent python program compares the list and figures out the necessary diffs. | ||
| + | |||
| + | [[Category:Sysadmin_Documentation]] | ||
Latest revision as of 07:07, 19 August 2009
Contents |
Remctl
Here is a list of all the remctl commands that are running on various UGCS servers. In general, scripts get put in /usr/local/share/remctl or /usr/local/lib/remctl. The command configurations are in /etc/remctl/conf.d, and that will point to the paths if they're somewhere else.
Note: these lists are probably horribly out of date.
You can run a remctl command by running "remctl <host> <package> <task> [arg1 arg2 ...]". An example is
remctl hermes mailman create mylist
to create a new list. Note that you cannot pipe anything to standard input, but you do get stdout, stderr, and the correct exit code.
Config files
Remctld is controlled by files in /etc/remctl/conf.d. These are conf files of the format
package task executable aclspec
Package and task are so remctl knows which one to run- they are completely arbitrary (usual name restrictions apply). Executable is the program that should be run. It needs to be +x, but not suid. aclspec is usually a file (typically in /etc/remctl/acl), which is a list of users authorized to run this script (one on a line, like jdhutchin@UGCS.CALTECH.EDU). It can also be "ANYUSER", which means anyone with a valid kerberos token can run it.
An example is:
mailman create /usr/local/lib/remctl/create_mailinglist ANYUSER
Scripts
Scripts should be pretty robust, since they are being run as root. Particularly, double-check anything being used in a command or filename. For anything more than slightly complicated, a python script is preferred over a shell script- it makes it much easier to validate input. The following environment variables are set:
- REMOTE_USER: kerberos name (xxx@UGCS.CALTECH.EDU) of the remote user
- REMOTE_IP: ip of remote host
Poseidon
- postgres
- setup-tsearch2: Installs tsearch2 for the current user
- setup-plpgsql: Installs plpgsql for the current user
Hermes
- mailman (/usr/local/lib/remctl)
- create <list>: creates the named list
- mylists: lists all lists owned by the current user
- list_members <list>: lists members of the named list (you must be the list owner)
- list_owners <list>: lists the owners of the named list
- add_members <list> <member1> [member2 ...]: Adds users to the list. No notifications are sent
- remove_members <list> <member1> [ member2 ...]: Removes users from the list
- set_spam_tag <list> <level> Sets amavisSpamTag2Level to level for the list
- set_spam_kill <list> <level> Sets amavisSpamKillLevel to level for the list
Dionysus
- jobs
- remove <filename>: removes the specified job drop file if it is owned by the caller
- kadmin
- create <name> <password>: creates the named principal (and the _cgi one as well) for the account creator. All principals are created disabled and will have to be enabled by a sysadmin.
Demeter
- There are a couple on demeter that deal with updating apache config files after a vhost is changed. They are on here to help deal with the possibility of having multiple web servers.
- vhost
- setup: creates a folder for the user in /afs/.ugcs/drop/vhost
- update: re-creates the apache configuration files for a user's vhosts, and reloads apache unless /etc/apache2/noreload is present
Shellservers
- apt
- update: Runs aptitude update
- update_db: Re-copies /var/cache/debconf/db and the dpkg selection list from the image server
- set_selections: Makes our current selections match the selection list. An intelligent python program compares the list and figures out the necessary diffs.
