How to add some AFS users on a machine managed by Quattor ?

For example, I would like to add AFS user joel and ycalas on a machine (for example volhcb01). The steps to follow are:

  • Check that this AFS accounts are in /etc/passwd.

  • Log in on volhcb01 (using my AFS account ycalas).

  • Type the following command line:

          LEAFAddAccess --objecttype=host --objectname=volhcb01 --interactive joel,ycalas
The documentation of this command is obtained by:
[lxadm03-14:23:55] /afs/cern.ch/user/y/ycalas (9) > LEAFAddAccess --help
This is LEAFAddAccess version 1.2
Usage:

/usr/bin/LEAFAddAccess
         --objecttype=host|cluster|system
         --objectname=<hostname> or <clustername> or <systemname>

         --get (if only the current setup is looked for)
   OR
         --interactive=<login1, ...,loginN>
         --root=<login1, ...,loginN>
   OR/AND
         --rm_interactive=<login1, ...,loginN>
         --rm_root=<login1, ...,loginN>

         [--server=<server>]
         [--testconnection]

Note: may use CDB_USER and CDB_PASSWORD environment variables
                        or
       create a cdb config file called .cdb.cf in the current working directory containing:
           CDB_USER=fred
           CDB_PASSWORD=xxx
                        or
       enter them from STDIN when asked for.


The following options are available:

 --cgi  <string>
        (default: 'leaftoolssuite')
        Name of the cgi module
 --debug  <integer>
        set the debugging level to <1..5>.
 --get
        Flag to be used if you simply wants to find out what the current setup is.
 --help
        displays this help message.
 --interactive  <string>
        list of logins to be given interactive access, comma separated
 --logfile  <string>
        (default: '/tmp/LEAFAddAccess.log.15097')
        log path/filename to use
 --objectname  <string>
        name of the object
 --objecttype  <string>
        host or cluster or system ?
 --quiet
        suppress application output to stdout.
 --rm_interactive  <string>
        list of logins to be removed interactive access, comma separated
 --rm_root  <string>
        list of logins to be removed root access, comma separated
 --root  <string>
        list of logins to be given root access, comma separated
 --server  <string>
        (default: 'lxservb02')
        Server for the SOAP interface (production=lxservb02, developments=lxdev08)
 --testconnection
        Only test connection to server.
 --verbose
        print more details on operations.
 --version
        prints current version and exits.

[lxadm03-14:35:30] /afs/cern.ch/user/y/ycalas (10) >

  • Execute on the target machine (volhcb01) the following command line:

[root@volhcb01 root]# ncm-ncd --conf access_control

[INFO] NCM-NCD version 1.2.3 started by root at: Fri Jun 30 14:24:35 2006
[INFO] executing configure on components....


[INFO] running component: access_control
---------------------------------------------------------
[INFO] Sudo access controled.
[INFO] configure on component access_control executed, 0 errors, 0 warnings

=========================================================

[OK]   0 errors, 0 warnings executing configure
[root@volhcb01 root]#


How to remove some AFS users on a machine managed by Quattor ?

  • On lxadm: LEAFAddAccess --objecttype=host --objectname=volhcb01 --rm_interactive ycalas

  • On volhcb01: ncm-ncd --conf access_control


How to put a machine in production/maintenance ?

Use the function sms found in /afs/cern.ch/group/c3/bin/sms:

  • To put the machine in production: /afs/cern.ch/group/c3/bin/sms set production.
  • To put the machine in maintenance: /afs/cern.ch/group/c3/bin/sms set maintenance test.

The documentation can be obtained with the --help option:

[root@voatlas01 root]# /afs/cern.ch/group/c3/bin/sms --help
Unknown option: help

Usage: /afs/cern.ch/group/c3/bin/sms get <hostname> [hostname...]
           set <state> <reason> <comment> <hostname> [hostname...]
           clear <state> <reason> <hostname> [hostname...]
           default <hostname> [hostname...]
           history <hostname> [hostname...]

        options --user=<username> --pwd=<password>

        Valid states and their reasons:

              production       none
                               other
              maintenance      "installation and stress test"
                               move
                               "vendor call"
                               rename
                               retirement
                               alarm
                               "hardware tests"
                               "ip renumbering"
                               test
                               "os upgrade"
                               "kernel upgrade"
                               "change cluster"
                               other
              standby          quiescing
                               spare
                               "os upgrade"
                               "kernel upgrade"
                               "change cluster"

Please use perldoc /afs/cern.ch/group/c3/bin/sms for further information

[root@voatlas01 root]#


How to use SPMA ?

  • Log on the machine as root.
  • run spma_wrapper.sh. Note that there is an option --noaction to see what would be done.
Edit | Attach | Watch | Print version | History: r3 < r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r3 - 2006-08-09 - YvanCalas
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    Main All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback