Managing passwd/group .header files

Purpose

This procedure explains how to add/modify passwd.header and group.header files for clusters/machines for both old and obsolete prepare-machine and new SinDes. SinDes is now fully in production on SLC3 and RHES3 nodes. The old prepare-machine mechanism remains active only for remaining RH73, RHES21 and Solaris* nodes.

Roles

Not sure :/

Required Information

Referred Documents

• SinDes documentation.

Activities

Define your needs and modify CDB profile

You must first define what you need SinDes to do. Basically, this means:

• Do I need to transfer the same information to all machines within a cluster ?
• How do I get this information in the first place ?

For example, usually, the /etc/passwd.header is the same for all machines within the same cluster. Few machines in the cluster will have their own /etc/passwd.header. This file is created dynamically at preparation time.

Another example, is the /etc/group.header file. It differs from the previous example because it is not created dynamically, it is static.

For the moment, all nodes (SLC3/4 and RHES3) will have this line included in their profile:

"/software/components/sindes/items/passwd-header" = nlist("method", "script", "scope", "cluster");

It will ask SinDes to create a passwd.header file for each cluster.

"/software/components/sindes/items/group-header" = nlist("method", "file", "scope", "cluster");

This will ask to use one group.header for each cluster.

If you need to change the scope for one of this item, you must overload this declaration by writing these line (one or both): Make sure you overload these values after including the upper template that defines cluster's defaults values. If not, your changes won't be used!

"/software/components/sindes/items/passwd-header" = nlist("method", "script", "scope", "node");
"/software/components/sindes/items/group-header" = nlist("method", "file", "scope", "node");

Preparing data to be sent to SinDes server

passwd.header

Get the pre-prepared tarball containing:

Crypt 
oracle
run 
template

You should edit template file. When you are finished, repack the tar:

 passwd-header/ $ rm passwd-header.tar.gz && tar zcvf passwd-header.tar.gz *

The passwd-header.tar.gz is ready to be transfered.

group.header

Simply get the group.header as you would like it to be transfered and pack it:

$ ls group-header/
group.header
$ tar zcvf group-header.tar.gz group-header

beware the subdirectory group-header/ here.

Uploading data to SinDes server

You must have correct informations in CDB profile before uploading data.

You should use sindes-upload-file in order to upload anything to the server. It will:

• use scp to upload data
• check profiles in CDB to see if what you are trying to upload seems correct
• take care of file permission on server side

Usage is:

sindes-upload-file --scope node --method script --file passwd-header.tar.gz --itemname passwd-header -server sindes-server --target lxdev06

The message

If no error displayed, then you can proceed with more items or to prepare step.

is displayed alone in case of success. If not, you should see the exact error.

Here are some common cases:

uploading the passwd/group header for all cluster

sindes-upload-file --scope cluster --method script --file passwd-header.tar.gz --itemname passwd-header -server sindes-server --target lxdev
sindes-upload-file --scope cluster --method file --file group-header.tar.gz --itemname group-header -server sindes-server --target lxdev

uploading the passwd/group header for a single host

sindes-upload-file --scope node --method script --file passwd-header.tar.gz --itemname passwd-header -server sindes-server --target lxdev06
sindes-upload-file --scope node --method file --file group-header.tar.gz --itemname group-header -server sindes-server --target lxdev06

using a cluster file instead of previous node specific file

Log in the SinDes shell. You must remove the node specific file before continuing. For passwd-header:

SINDESsh  > remove -target lxdev06 -scope node -method script -item passwd-header
[INFO] 1 script(s) removed for passwd-header out of 1
[INFO] 1 empty directorie(s) removed

For group-header:

SINDESsh  > remove -target lxdev06 -scope node -method file -item group-header

You must do this step before preparing machine. If not, you will get an error message.

Prepare and check data on SinDes server

Log in the shell and run:

SINDESsh  > prepare -target lxdev06 -noupdateacl

If you changed only node specific data, or:

SINDESsh  > prepare -target lxdev -type cluster -noupdateacl

If you changed cluster data (this also include node specific data).

Notify node(s)

All affected nodes must run the sindes ncm component. You can use wassh:

wassh root@lxdev "ncm-ncd --configure sindes"

or notify.pl on lxservb01:

TO BE COMPLETED

Checking Completion

On the node(s), check that /etc/passwd.header (or whatever you're interested in) matches your changes. If you had to do manual operation on the server, check all permissions:

• find ~sindes/rfiles -type f \( ! -user sindes -o ! -group sindes -o ! -perm 640 \)
• find ~sindes/scripts/ -type f \( ! -user sindes -o ! -group sindes -o -perm +077 \)

Any files that matches this find should be fixed !

-- MarcPoulhies - 11 Oct 2005