* etc/debian-edu/itzks.config: Add central configuration file, most settings have to be derived from LDAP (todo!)

* sbin/itzks-transfer-cleaner: Cleanup script for ITZkS transfer area.

8 files changed, 293 insertions, 0 deletions

diff --git a/debian/changelog b/debian/changelog
index 839948a..e7adb76 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,11 @@ itzks-systems (2012.08.07.3) UNRELEASED; urgency=low
       adapt README files and the Debian control file.
   * /debian/control:
     + Add acl package as dependency for mainserver profile.
+  * etc/debian-edu/itzks.config:
+    + Add central configuration file, most settings have to be derived from
+      LDAP (todo!)
+  * sbin/itzks-transfer-cleaner:
+    + Cleanup script for ITZkS transfer area.
 
  -- Mike Gabriel <mike.gabriel@das-netzwerkteam.de>  Tue, 07 Aug 2012 19:14:48 +0200
 
diff --git a/debian/itzks-systems-diskless.install b/debian/itzks-systems-diskless.install
new file mode 100644
index 0000000..e7662b0
--- /dev/null
+++ b/debian/itzks-systems-diskless.install
@@ -0,0 +1 @@
+etc/debian-edu etc/
diff --git a/debian/itzks-systems-disklserver.install b/debian/itzks-systems-disklserver.install
index 3415af5..a6bbc47 100644
--- a/debian/itzks-systems-disklserver.install
+++ b/debian/itzks-systems-disklserver.install
@@ -1 +1,2 @@
 bin/diskless-workstation-shell usr/sbin/
+etc/debian-edu etc/
diff --git a/debian/itzks-systems-mainserver.install b/debian/itzks-systems-mainserver.install
index 4b9a209..2d74347 100644
--- a/debian/itzks-systems-mainserver.install
+++ b/debian/itzks-systems-mainserver.install
@@ -1 +1,3 @@
+sbin/itzks-transfer-cleaner usr/sbin
 etc/skel etc/
+etc/debian-edu etc/
diff --git a/debian/itzks-systems-terminalserver.install b/debian/itzks-systems-terminalserver.install
new file mode 100644
index 0000000..e7662b0
--- /dev/null
+++ b/debian/itzks-systems-terminalserver.install
@@ -0,0 +1 @@
+etc/debian-edu etc/
diff --git a/etc/cron.d/itzks-transfer-cleaner b/etc/cron.d/itzks-transfer-cleaner
new file mode 100644
index 0000000..431565b
--- /dev/null
+++ b/etc/cron.d/itzks-transfer-cleaner
@@ -0,0 +1,4 @@
+PATH=/usr/sbin:/usr/sbin:/usr/bin:/sbin:/bin
+
+# Run at 23:30 the transfer area cleaner script
+30 23 * * * root itzks-transfer-cleaner
diff --git a/etc/debian-edu/itzks.config b/etc/debian-edu/itzks.config
new file mode 100644
index 0000000..cb22807
--- /dev/null
+++ b/etc/debian-edu/itzks.config
@@ -0,0 +1,196 @@
+#!/bin/bash
+
+#######################################
+#
+# resource control 
+# of IT-Zukunft Schule server scripts
+#
+#######################################
+
+###
+### server variables
+###
+
+ADMINSERVER="tjener"
+DHCPSERVERS="tjener"
+FILESERVERS="tjener"
+PRINTSERVERS="tjener"
+SAMBASERVERS="tjener"
+ALLSERVERS="tjener disklserver ltspserver00"
+LOGSERVER="tjener"
+NETLOGONSERVER="tjener"
+
+###
+### internet settings
+###
+
+HOSTNAME=`hostname`
+DOMAIN=`hostname -d`
+
+###
+### fileserver settings
+###
+
+HOMEDIRS="/skole/*/home*"
+GROUPDIRS="/skole/*/group*"
+TRANSFERDIRS="/skole/*/transfer/*"
+TRANSFER_DEL_WARNING="-ctime 150"
+TRANSFER_DEL_PERFORM="-ctime +160"
+TRANSFER_WARNINGS_DISABLED="true"
+
+###
+### LDAP server settings
+###
+
+LDAPMASTER="ldap.intern"
+LDAPURI="ldaps://$LDAPMASTER"
+LDAP_BASEDN="dc=skole,dc=skolelinux,dc=no"
+LDAP_ADMINDN="cn=admin,ou=ldap-access,$LDAP_BASEDN"
+LDAP_PEOPLE_BASEDN="$LDAP_BASEDN"
+LDAP_GROUPS_BASEDN="$LDAP_BASEDN"
+LDAP_HOSTS_BASEDN="$LDAP_BASEDN"
+LDAP_PRINTERS_BASEDN="$LDAP_BASDN"
+LDAP_SERVERS="tjener"
+
+###
+### settings for HOME quotas
+###
+
+STD_HOME_QUOTA="3500000 3850000 0 0"
+RED_HOME_QUOTA="1300000 1400000 0 0"
+# grace time for HOMES is 7 days
+STD_HOME_GRACE="604800 604800"
+
+declare -a SPECIAL_HOME_QUOTA
+#SPECIAL_HOME_QUOTA[`id -u gabmik`]="0 0 0 0"
+#SPECIAL_HOME_QUOTA[`id -u sanmar`]="0 0 0 0"
+#SPECIAL_HOME_QUOTA[`id -u andluc`]="0 0 0 0"
+
+###
+### settings for GROUP quotas
+###
+
+STD_GROUP_QUOTA="10000000 11000000 0 0"
+# grace time for GROUPS is 14 days
+STD_GROUP_GRACE="1209600 1209600"
+
+declare -a SPECIAL_GROUP_QUOTA
+SPECIAL_GROUP_QUOTA[`getent group admins | cut -d: -f3`]="0 0 0 0"
+
+################################################################
+###
+### general functions, no more VARs beyond this point, please!
+###
+################################################################
+
+function script_header () {
+
+	case $TERM in
+	xterm|linux)
+		exec_type="ITZkS script (direct call)"
+		;;
+	dumb) 
+		exec_type="cronlog-entry (dumb terminal)"
+		;;
+	cron) 
+		exec_type="cronlog-entry"
+		;;
+	*) 
+		exec_type="ITZkS script (unknown exec origin)"
+		;;
+	esac
+
+	echo
+	echo +++++
+	echo $exec_type: `basename $0`
+	echo `date`, $HOSTNAME
+	echo +++++
+	echo
+}
+
+
+function cron_header () {
+
+	script_header $@
+
+}
+
+function check_host () {
+
+	HOST=`uname -n`
+	ALLOWED_HOSTS="$1"
+	if ! echo $ALLOWED_HOSTS | grep $HOST >/dev/null; then
+		echo -e "\nITZkS script "`basename $0`" is not for: $HOST.$DOMAIN\nPossible hosts are: $ALLOWED_HOSTS\n"
+		exit -1
+	fi
+
+}
+
+function abort_on_host () {
+
+	HOST=`uname -n`
+	FORBIDDEN_HOSTS="$1"
+	if echo $FORBIDDEN_HOSTS | grep $HOST >/dev/null; then
+		echo -e "\nITZkS script "`basename $0`" is forbidden on: $HOST.$DOMAIN\n"
+		exit -1
+	fi
+
+}
+
+function check_root () {
+
+## make sure we are running as root, otherwise become! #########################
+
+	if [ ! "`id 2>&1 | egrep 'uid=0' | cut -d '(' -f1`" = "uid=0" ]; then
+		echo "Enter root's password here..."
+		OMMAND="`absolute_scriptpath $0` $@"
+		su -c "$COMMAND" 
+		exit 0
+	fi
+
+}
+
+function get_password () {
+
+	echostr="$1"
+	stty -echo    # Turns off screen echo.
+	echo -n "$echostr " > /dev/stderr
+	read passwd
+	echo "$passwd" > /dev/stdout
+	echo > /dev/stderr
+	stty echo     # Restores screen echo.
+
+}
+
+function ldapserver_up () {
+
+	ldapsearch -x -n -H "$LDAPURI" -b "$LDAP_BASEDN" cn=admin >/dev/null 2>/dev/null
+	ret=$?
+	return $ret
+
+}
+
+function finish_script () {
+
+	case $1 in
+		0) echo -e "\n*** done as you proposed\n\nFinished $(basename $0)\n" ;;
+		*) echo -e "\n!!! failed\n\nFailure in `basename $0` :-(\n" ;;
+	esac
+	exit $1
+}
+
+function absolute_scriptpath () {
+	# this is buggy for "./bin/script.sh" (per)
+	case $0 in 
+		/*) echo "$0" ;;
+		*)  echo "`pwd`/$0" ;;
+	esac
+	# */
+}
+
+function is_true() {
+
+	echo $1 | egrep "(y|Y|yes|YES|Yes|true|TRUE|True|On|ON|on)" 1>/dev/null
+	return $?
+
+}
diff --git a/sbin/itzks-transfer-cleaner b/sbin/itzks-transfer-cleaner
new file mode 100755
index 0000000..bc0dc95
--- /dev/null
+++ b/sbin/itzks-transfer-cleaner
@@ -0,0 +1,83 @@
+#!/bin/bash
+
+test -e /etc/debian-edu/itzks.config && . /etc/debian-edu/itzks.config || exit -1
+
+declare -i warn_time=`echo $TRANSFER_DEL_WARNING | awk {'print $2'}`
+declare -i del_time=`echo $TRANSFER_DEL_PERFORM | awk {'print $2'}`
+tolerate_time=$(expr $del_time - $warn_time)
+
+function create_mail_warnings () {
+	ls /tmp | grep "transfer_cleaner-" > /dev/null && {
+		echo -e "  TASK: removing yesterday's warning-mails in /tmp silently"
+		rm /tmp/transfer_cleaner-*.mail
+	}
+	echo "  TASK: creating today's warning mails in /tmp"
+	find $TRANSFERDIRS/* -type f -mindepth 1 $TRANSFER_DEL_WARNING -print 2>/dev/null | \
+	while read filename; do
+		uid=$(stat -c %U "$filename")
+		test -e "/tmp/transfer_cleaner-$uid.mail" || \
+		cat > /tmp/transfer_cleaner-$uid.mail << EOT
+Hallo `getent passwd $uid | cut -d":" -f5 | cut -d"," -f1`,
+
+einige Ihrer/Deiner Dateien im Transfer-Bereich des Schulnetzes wurden
+gelöscht.
+
+Diese Mail enthält am Ende eine Liste von Dateien im Transfer-Bereich,
+die innerhalb der letzten $warn_time Tage nicht mehr verändert wurden.
+
+Wenn auf diese Dateien innerhalb der nächsten
+
+  $tolerate_time Tage
+
+nicht schreibend zugegriffen wird (einfaches Öffnen reicht nicht aus),
+dann werden sie aus dem Transfer-Bereich des Schulnetzwerks
+gelöscht.
+
+Dateien, die in $tolerate_time Tagen gelöscht werden:
+-----------------------------------------------------
+EOT
+		echo "  $(echo $filename | cut -d "/" -f 3-)" >> /tmp/transfer_cleaner-$uid.mail
+	done
+}
+
+function send_mail_warnings() {
+	is_true $TRANSFER_WARNINGS_DISABLED && return
+	echo "  TASK: sending mail-warnings to"
+	find /tmp/transfer_cleaner-*.mail 2>/dev/null | while read mailfile; do
+		uid=$(echo $mailfile | cut -d"-" -f2 | cut -d"." -f1)
+		echo "    $uid@$DOMAIN"
+		cat "$mailfile" | mail -s "Transfer-Bereich im Schulnetz: Dateien, die bald gelöscht werden" $uid@$DOMAIN
+	done
+}
+
+function remove_files () {
+	# remove files
+	echo "  TASK: removing expired files"
+	find $TRANSFERDIRS/* -type f -mindepth 1 $TRANSFER_DEL_PERFORM 2>/dev/null |\
+	while read filename; do
+		# removal action in script is disabled for now for testing purposes
+		echo -n "    "; echo rm -vf "$filename"
+	done
+}
+
+function remove_directories () {
+	#remove directories
+	echo "  TASK: removing empty (expired) directories"
+	find $TRANSFERDIRS/* -type d -mindepth 1 2>/dev/null | sort -r | \
+	while read dirname; do
+		rmdir --ignore-fail-on-non-empty -p -v "$dirname" &> /dev/null
+	done
+}
+
+# main 
+
+check_host "tjener"
+check_root
+cron_header
+
+create_mail_warnings
+send_mail_warnings
+remove_files
+remove_directories
+
+finish_script 0