#!/bin/bash # # GenUsers II script # # # Defaults # BASEDN="dc=cluster,dc=univ,dc=kiev,dc=ua" GROUPS_CONF="./groups.conf" USERS_CONF="./users.conf" POOLS_LDIF="./pools.ldif" MKDIR_SCRIPT="./mkhomes.sh" MKGMD_SCRIPT="./mkgmdir.sh" GRIDMAPDIR=/etc/grid-security/gridmapdir VOMSMAPFILE=./voms-grid-mapfile GROUPMAPFILE=./groupmapfile GRIDALLUSERS=() # write ldif leader function startldif() { cat <<-END version: 1 END } # write mkdir common part function startmkdir() { cat <<-'END' #!/bin/bash # mkhome basedir login uid gid function mkhome() { local USER_HOME=$1/$2 local USER_LOGIN=$2 local USER_UID=$3 local USER_GID=$4 mkdir -p $USER_HOME echo "" > $USER_HOME/.bash_logout echo "[ -f ~/.bashrc ] && . ~/.bashrc" > $USER_HOME/.bash_profile echo "[ -f /etc/bashrc ] && . /etc/bashrc" > $USER_HOME/.bashrc chown -R $USER_UID:$USER_GID $USER_HOME } END } # write mkgmd common part function startmkgmd() { cat <<-END #!/bin/bash GRIDMAPDIR=$GRIDMAPDIR mkdir -p \$GRIDMAPDIR chown root:root \$GRIDMAPDIR chmod 770 \$GRIDMAPDIR cd \$GRIDMAPDIR END } # UID:LOGIN:GID1,GID2,...:GROUP1,GROUP2,...:VO:FLAG: function genuconfmap() { for i in BASE COUNT PREFIX N USER_GIDS USER_GROUPS VO ROLE; do eval local ${i}="\$1"; shift; done for i in `seq 1 $COUNT`; do printf "%d:%s%0${N}d:%s:%s:%s:%s:\n" $((i+${BASE})) $PREFIX $i $USER_GIDS $USER_GROUPS $VO $ROLE; done } # memberUid: ...### function genmemberuids() { for i in PREFIX COUNT N; do eval local ${i}="\$1"; shift; done for i in `seq 1 $COUNT`; do printf "memberUid: %s%0${N}d\n" $PREFIX $i; done } # record user account ID for global grid group function addggpoolgroup() { for i in PREFIX COUNT N; do eval local ${i}="\$1"; shift; done for i in `seq 1 $COUNT`; do GRIDALLUSERS+=("`printf "%s%0${N}d" $PREFIX $i`"); done } function addggpooluser() { GRIDALLUSERS+=("$1") } # uid=..,ou=Pool,ou=Grid,... function genuserldif() { for i in USER_UID USER_GID USER_NAME USER_HOME USER_CN; do eval local ${i}="\$1"; shift; done local CN=${USER_CN:-"Grid pool account $USER_NAME"} cat <<-END dn: uid=$USER_NAME,ou=Pool,ou=Grid,$BASEDN objectClass: top objectClass: account objectClass: posixAccount cn: $CN gecos: $CN uid: $USER_NAME gidNumber: $USER_GID uidNumber: $USER_UID loginShell: /bin/bash homeDirectory: $USER_HOME END } # output a bucket of posixAccounts function genuserldifs() { for i in BASE COUNT PREFIX N USER_GID HOME_PREFIX COMMENT; do eval local ${i}="\$1"; shift; done local CN USER_UID USER_NAME USER_HOME for i in `seq 1 $COUNT`; do CN=`echo $COMMENT | sed "s/#/$i/"`; USER_UID=$((${BASE} + ${i})) USER_NAME=`printf "%s%0${N}d" $PREFIX $i` USER_HOME=${HOME_PREFIX}${USER_NAME} genuserldif $USER_UID $USER_GID $USER_NAME $USER_HOME "$CN" echo done } # create user home dirs function genuserdirs() { for i in BASE COUNT PREFIX N USER_GID HOME_PREFIX; do eval local ${i}="\$1"; shift; done cat <<-END for i in {1..$COUNT} do mkhome $HOME_PREFIX \`printf "${PREFIX}%0${N}d" \$i\` \$(($BASE + \$i)) $USER_GID done END } # create gridmapdir entries function gengmdfiles() { for i in COUNT PREFIX N; do eval local ${i}="\$1"; shift; done cat <<-END # .${PREFIX} for i in {1..$COUNT} do touch \`printf "${PREFIX}%0${N}d" \$i\` done END } # VOMS credential:group name:gid:users.conf flag:vo function gengconfmap() { for i in VOMS_CRED GROUP_NAME GROUP_GID USERS_FLAG VO; do eval local ${i}="\$1"; shift; done echo "\"${VOMS_CRED}\":${GROUP_NAME}:${GROUP_GID}:${USERS_FLAG}:${VO}" } # cn=...,ou=Group,ou=Grid,... function gengroupldif() { for i in GROUP_GID GROUP_NAME GROUP_DESC; do eval local ${i}="\$1"; shift; done GROUP_DESC=${GROUP_DESC:-"Grid pool account group $2"} cat <<-END dn: cn=$GROUP_NAME,ou=Group,ou=Grid,$BASEDN objectClass: top objectClass: posixGroup description: $GROUP_DESC cn: $GROUP_NAME gidNumber: $GROUP_GID END } # #"/alice/Role=production/Capability=NULL" aliceprd #"/alice/Role=production" aliceprd #"/alice/Role=pilot/Capability=NULL" aliplt10 #"/alice/Role=pilot" aliplt10 #"/alice/Role=lcgadmin/Capability=NULL" .alisgm #"/alice/Role=lcgadmin" .alisgm #"/alice/Role=NULL/Capability=NULL" .alice #"/alice" .alice #"/atlas" .atlas #"/atlas/Role=lcgadmin/Capability=NULL" .atlas #"/atlas/Role=lcgadmin" .atlas #"/atlas/Role=pilot/Capability=NULL" .atlas #"/atlas/Role=pilot" .atlas #"/atlas/Role=production/Capability=NULL" .atlas #"/atlas/Role=production" .atlas #"/ops/Role=NULL/Capability=NULL" .ops #"/ops" .ops #"/ops/*/Role=NULL/Capability=NULL" .ops #"/ops/*" .ops # voms-grid-mapfile and groupmapfile entry generator # complex logic reverse-engineered from Yaim function genmfentry() { for i in ACCT VOMS; do eval local ${i}="\$1"; shift; done VOMS=${VOMS//ROLE=/Role=} local ZVOMS="" local V [[ "$VOMS" =~ /\*(/|$) ]] && ZVOMS=${VOMS//\/\*/} for V in "$ZVOMS" "$VOMS" do [ -z "$V" ] && continue if [[ "$V" =~ /Role= ]] ; then echo "\"$V/Capability=NULL\" $ACCT" else echo "\"$V/Role=NULL/Capability=NULL\" $ACCT" fi echo "\"$V\" $ACCT" done } function genvomsmap() { for i in PREFIX VOMS; do eval local ${i}="\$1"; shift; done genmfentry .${PREFIX} "$VOMS" } # groupmapfile entries function gengroupmap() { for i in GROUP VOMS; do eval local ${i}="\$1"; shift; done genmfentry $GROUP "$VOMS" } # # Generate VO entries # POOL_BASE=0 PRD_BASE=500 SGM_BASE=800 PIL_BASE=700 function genvo() { for i in VO_NAME ID_BASE HOME_PREFIX N_POOL POOL_VOMS POOL_PREFIX POOL_GROUP N_SGM SGM_VOMS SGM_PREFIX SGM_GROUP N_PRD PRD_VOMS PRD_PREFIX PRD_GROUP N_PIL PIL_VOMS PIL_PREFIX PIL_GROUP; do eval local ${i}="\$1"; shift; done echo $VO_NAME >&2 [ -z "$N_SGM" ] && N_SGM=0 [ -z "$N_PRD" ] && N_PRD=0 [ -z "$N_PIL" ] && N_PIL=0 POOL_GID=$ID_BASE PRD_GID=$(($ID_BASE + $PRD_BASE)) SGM_GID=$(($ID_BASE + $SGM_BASE)) PIL_GID=$(($ID_BASE + $PIL_BASE)) POOL_N=${#N_POOL} PRD_N=${#N_PRD} SGM_N=${#N_SGM} PIL_N=${#N_PIL} [ "$POOL_VOMS" != '-' ] && \ gengconfmap "$POOL_VOMS" $POOL_GROUP $POOL_GID "" >> $GROUPS_CONF genuconfmap $POOL_GID $N_POOL $POOL_PREFIX $POOL_N $POOL_GID $POOL_GROUP $VO_NAME >> $USERS_CONF genuserldifs $POOL_GID $N_POOL $POOL_PREFIX $POOL_N $POOL_GID $HOME_PREFIX "$VO_NAME pool account #" >> $POOLS_LDIF genuserdirs $POOL_GID $N_POOL $POOL_PREFIX $POOL_N $POOL_GID $HOME_PREFIX >> $MKDIR_SCRIPT gengmdfiles $N_POOL $POOL_PREFIX $POOL_N >> $MKGMD_SCRIPT addggpoolgroup $POOL_PREFIX $N_POOL $POOL_N if [ $N_SGM -ne 0 ] ; then gengconfmap "$SGM_VOMS" $SGM_GROUP $SGM_GID sgm >> $GROUPS_CONF genuconfmap $SGM_GID $N_SGM $SGM_PREFIX $SGM_N "$SGM_GID,$POOL_GID" "$SGM_GROUP,$POOL_GROUP" $VO_NAME sgm >> $USERS_CONF genuserldifs $SGM_GID $N_SGM $SGM_PREFIX $SGM_N $SGM_GID $HOME_PREFIX "$VO_NAME management account #" >> $POOLS_LDIF genuserdirs $SGM_GID $N_SGM $SGM_PREFIX $SGM_N $SGM_GID $HOME_PREFIX >> $MKDIR_SCRIPT gengmdfiles $N_SGM $SGM_PREFIX $SGM_N >> $MKGMD_SCRIPT addggpoolgroup $SGM_PREFIX $N_SGM $SGM_N fi if [ $N_PRD -ne 0 ] ; then gengconfmap "$PRD_VOMS" $PRD_GROUP $PRD_GID prd >> $GROUPS_CONF genuconfmap $PRD_GID $N_PRD $PRD_PREFIX $PRD_N "$PRD_GID,$POOL_GID" "$PRD_GROUP,$POOL_GROUP" $VO_NAME prd >> $USERS_CONF genuserldifs $PRD_GID $N_PRD $PRD_PREFIX $PRD_N $PRD_GID $HOME_PREFIX "$VO_NAME production account #" >> $POOLS_LDIF genuserdirs $PRD_GID $N_PRD $PRD_PREFIX $PRD_N $PRD_GID $HOME_PREFIX >> $MKDIR_SCRIPT gengmdfiles $N_PRD $PRD_PREFIX $PRD_N >> $MKGMD_SCRIPT addggpoolgroup $PRD_PREFIX $N_PRD $PRD_N fi if [ $N_PIL -ne 0 ] ; then gengconfmap "$PIL_VOMS" $PIL_GROUP $PIL_GID prd >> $GROUPS_CONF genuconfmap $PIL_GID $N_PRD $PIL_PREFIX $PIL_N "$PIL_GID,$POOL_GID" "$PRD_GROUP,$POOL_GROUP" $VO_NAME prd >> $USERS_CONF genuserldifs $PIL_GID $N_PRD $PIL_PREFIX $PIL_N $PIL_GID $HOME_PREFIX "$VO_NAME pilot account #" >> $POOLS_LDIF genuserdirs $PIL_GID $N_PRD $PIL_PREFIX $PIL_N $PIL_GID $HOME_PREFIX >> $MKDIR_SCRIPT gengmdfiles $N_PIL $PIL_PREFIX $PIL_N >> $MKGMD_SCRIPT addggpoolgroup $PIL_PREFIX $N_PIL $PIL_N fi gengroupldif $POOL_GID $POOL_GROUP "$VO_NAME pool account group" >> $POOLS_LDIF genmemberuids $POOL_PREFIX $N_POOL $POOL_N >> $POOLS_LDIF [ $N_SGM -ne 0 ] && genmemberuids $SGM_PREFIX $N_SGM $SGM_N >> $POOLS_LDIF [ $N_PIL -ne 0 ] && genmemberuids $PIL_PREFIX $N_PIL $PIL_N >> $POOLS_LDIF [ $N_PRD -ne 0 ] && genmemberuids $PRD_PREFIX $N_PRD $PRD_N >> $POOLS_LDIF echo >> $POOLS_LDIF if [ $N_SGM -ne 0 ] ; then gengroupldif $SGM_GID $SGM_GROUP "$VO_NAME management account group" >> $POOLS_LDIF genmemberuids $SGM_PREFIX $N_SGM $SGM_N >> $POOLS_LDIF echo >> $POOLS_LDIF genvomsmap $SGM_PREFIX "$SGM_VOMS" >> $VOMSMAPFILE gengroupmap $SGM_GROUP "$SGM_VOMS" >> $GROUPMAPFILE fi if [ $N_PIL -ne 0 ] ; then gengroupldif $PIL_GID $PIL_GROUP "$VO_NAME pilot account group" >> $POOLS_LDIF genmemberuids $PIL_PREFIX $N_PIL $PIL_N >> $POOLS_LDIF echo >> $POOLS_LDIF genvomsmap $PIL_PREFIX "$PIL_VOMS" >> $VOMSMAPFILE gengroupmap $PIL_GROUP "$PIL_VOMS" >> $GROUPMAPFILE fi if [ $N_PRD -ne 0 ] ; then gengroupldif $PRD_GID $PRD_GROUP "$VO_NAME production account group" >> $POOLS_LDIF genmemberuids $PRD_PREFIX $N_PRD $PRD_N >> $POOLS_LDIF echo >> $POOLS_LDIF genvomsmap $PRD_PREFIX "$PRD_VOMS" >> $VOMSMAPFILE gengroupmap $PRD_GROUP "$PRD_VOMS" >> $GROUPMAPFILE fi if [ "$POOL_VOMS" != '-' ] ; then genvomsmap $POOL_PREFIX "$POOL_VOMS" >> $VOMSMAPFILE gengroupmap $POOL_GROUP "$POOL_VOMS" >> $GROUPMAPFILE fi } function no_vo () { true } function emptyfiles() { startldif > $POOLS_LDIF echo -n "" > $GROUPS_CONF echo -n "" > $USERS_CONF echo -n "" > $GROUPMAPFILE echo -n "" > $VOMSMAPFILE startmkdir > $MKDIR_SCRIPT startmkgmd > $MKGMD_SCRIPT chmod a+x $MKDIR_SCRIPT $MKGMD_SCRIPT } function dpmmgr() { for i in DPM_UID DPM_GID DPM_HOME; do eval local ${i}="\$1"; shift; done echo "$DPM_UID:dpmmgr:$DPM_GID:dpmmgr:x:dpm:" >> $USERS_CONF genuserldif $DPM_UID $DPM_GID dpmmgr $DPM_HOME "DPM Manager" >> $POOLS_LDIF echo >> $POOLS_LDIF gengroupldif $DPM_GID dpmmgr "DPM Manager" >> $POOLS_LDIF echo >> $POOLS_LDIF addggpooluser dpmmgr } function genuser() { for i in USER_NAME USER_UID USER_GID USER_HOME USER_CN; do eval local ${i}="\$1"; shift; done genuserldif $USER_UID $USER_GID $USER_NAME $USER_HOME "$USER_CN" >> $POOLS_LDIF echo >> $POOLS_LDIF addggpooluser $USER_NAME } function gengroup() { for i in GROUP_NAME GROUP_GID GROUP_DESC; do eval local ${i}="\$1"; shift; done gengroupldif $GROUP_GID $GROUP_NAME "$GROUP_DESC" >> $POOLS_LDIF while [ -n "$1" ] ; do echo "memberUid: $1" >> $POOLS_LDIF shift done echo >> $POOLS_LDIF } function genmf() { for i in VOMS PREFIX GROUP; do eval local ${i}="\$1"; shift; done genvomsmap $PREFIX "$VOMS" >> $VOMSMAPFILE gengroupmap $GROUP "$VOMS" >> $GROUPMAPFILE } function genallusersgroup() { for i in GROUP_NAME GROUP_GID GROUP_DESC; do eval local ${i}="\$1"; shift; done gengroupldif $GROUP_GID $GROUP_NAME "$GROUP_DESC" >> $POOLS_LDIF for i in "${GRIDALLUSERS[@]}"; do echo "memberUid: $i" >> $POOLS_LDIF; done echo >> $POOLS_LDIF } . $1