source: trunk/packages/sipb-xen-remctl-auto/sipb-xen-remctl-auto/files/etc/remctl/sipb-xen-auto/README @ 198

Last change on this file since 198 was 198, checked in by tabbott, 17 years ago

more remctl interface changes.

File size: 2.1 KB
RevLine 
[32]1This is Tim Abbott's initial draft at our automatic remctl
2configuration.
3
[198]4/usr/sbin/sipb-xen-remctl-update is the magic script.  Run
[32]5it with "all" as an argument, and it will update everything.
6
7The inputs to this system are as follows:
8
9/etc/remctl/sipb-xen-auto/acl/MACHINENAME
10
11  This directory contains files named MACHINENAME for each machine.
12These ACL files specify who is allowed to administer the machine.  You
13can use entries that are Kerberos principles, or entries of the form
14
15include /etc/remctl/sipb-xen-auto/moira-acl/sipb-xen
16
17to include AFS groups in ACLs.  To add a new machine to the system,
18you simply need to create /etc/remctl/sipb-xen-auto/acl/MACHINENAME
19and then run
20
[198]21/usr/sbin/sipb-xen-remctl-update all
[32]22
23Everything else is autogenerated from that information.
24
25
26Other files of interest:
27
28/etc/remctl/sipb-xen-auto/auto-machine-list
29
30  The list of machines that should have their remctl configuration
31files generated from the template.  This is generated from
32listing /etc/remctl/sipb-xen-auto/acl/*.
33 
34/etc/remctl/sipb-xen-auto/auto-moira-list
35
36  The list of Athena AFS groups from which acl files should be
37generated.  The ACL files are placed in
38/etc/remctl/sipb-xen-auto/moira-acl/, and named GROUPNAME.  Ths list
39is generated by parsing the ACL files in /etc/remctl/sipb-xen-auto/acl/.
40
41
42This package also includes a crontab to run
43
[198]44/usr/sbin/sipb-xen-remctl-update all
[32]45
46every 15 minutes or so to keep our Moira mapping up to date.  One can
47request an update of our Moira mapping for group X by running
48
[198]49/usr/sbin/sipb-xen-remctl-update moiragroup X
[32]50
51The web interface should probably run this when it adds a group.  We
52may want to make this also available to users, but I've been lame.
53
54This package includes a remctl interface available to anyone to invoke
55the command:
56
[198]57/usr/sbin/sipb-xen-remctl-update all
[32]58
59using the following command from your favorite machine with remctl:
60
61remctl black-mesa.mit.edu remctl-auto-update all
62
63It requires no special permission to run; there is a potential DOS
64issue here, but I don't think it is serious.
65
66Thought should be put into how to ensure that the servers stay in sync. 
Note: See TracBrowser for help on using the repository browser.