[moira.git] / incremental / afs_create.pl

#!/usr/athena/bin/perl
# Usage: afs_create locker type cell path quota user group

require "/moira/bin/afs_utils.pl";

$protodir="/moira/dotfiles";
$quota=1;

%proc =
    ("ATHENA.MIT.EDU", 'athena_proc' );

umask(0);

die "Usage: $0 locker type cell path user group\n" if (@ARGV != 6);
($locker,$type,$cell,$path,$user,$group) = @ARGV;

# Lookup volume type
($c = $cell) =~ s/\./_/g;
$vtype = eval "\$vtypes_$c{$type}";
die "Cannot create $type volumes in $cell\n" unless $vtype;
$vname = $vtype . "." . $locker;
$vname =~ s/[^-A-Za-z0-9_.]//g;		# strip out illegal characters

# Find free space/Create volume
$tries = 0; $code = 1;
while ($tries<3 && $code) {
    ($asrv,$apart) = &afs_find($cell,$type,$quota,@except);
    die "Unable to find space to create $vname in $cell\n" unless ($asrv&&$apart);
    $code = system("$vos create $asrv $apart $vname -cell $cell >/dev/null");
    push(@except, $asrv);
    $tries++;
}
&fatal("Unable to create $vname in $cell") if ($code); # Too many create errors
push(@clean, "$vos remove $asrv $apart $vname -cell $cell >/dev/null");

# Create mountpoint and set quota
$path =~ s:^/afs/([^.]):/afs/.\1:;
system("$fs checkv >/dev/null; $fs mkm $path $vname");
&fatal("Unable to create $path") if ($?);
push(@clean, "$fs rmm $path");

# Obtain user/group information (uid >= 0, gid <= 0)
$uid = $gid = 0;
open(PTS, "$pts ex $user -cell $cell|");
chop($_ = <PTS>);
close(PTS);
($uid,$uid,$uid,$uid) = split(/[:,] /, $_) unless ($?);

open(PTS, "$pts ex system:$group -cell $cell|");
chop($_ = <PTS>);
close(PTS);
($gid,$gid,$gid,$gid) = split(/[:,] /, $_) unless ($?);

# Dispatch to the cell-specific creation routines
eval "&$proc{$cell}";
&fatal($@) if ($@);

# Set the filesystem quota
system("$fs sq $path $quota");
&fatal("Unable to set the quota on $path") if ($?);

# Release the parent volume
($p = $path) =~ s:/[^/]+$::;
open(FS, "$fs lv $p|") || &fatal("Can't get information about $p");
chop($_ = <FS>);
close(FS);
&fatal("Can't get information about $p") if ($?);
@tmp = (split(/ /,$_));
if ($tmp[$#tmp] !~ /user\../) {
    system("$vos release $tmp[$#tmp] -cell $cell >/dev/null") &&
	&fatal("Can't release $tmp[$#tmp] in cell $cell");
}

# Update the quota records.
&afs_quota_adj($cell,$asrv,$apart,$quota,0);
exit(0);

sub fatal
{
    local($cmd);
    $_ = join(' ',@_);
    s/\n$//;

    while (@clean) {
	$cmd = pop(@clean);
	warn "$locker: Cleanup failed: $cmd\n" if (system("$cmd"));
    }
    die "$locker: $_\n";
}

# Cell specific procedures
sub athena_proc
{
    # Default acls:
    #
    # ACTIVITY  <user> all <group> all system:anyuser rl
    # APROJ     <user> all <group> all system:anyuser rl
    # AREF      <user> all <group> rl
    # CONTRIB   <user> all system:anyuser rl
    # COURSE    <user> all <group> all system:facdev all system:authuser rl
    # HOMEDIR   <user> all
    # LEASE	<user> all
    # ORG	<user> all <group> all system:cwisfac all
    # PROJECT   <user> all <group> all
    # REF       <user> all system:anyuser rl
    # SW        <user> all system:swmaint all system:authuser rl
    # SYSTEM    system:administrators all system:anyuser rl
    # UROP	<user> all <group> all system:facdev all system:authuser rl
    #
    # Notes:
    # 1. All directories also have "system:expunge ld".

    @acl=("system:expunge ld");
    push(@acl,"system:facdev all") if ($type =~ /^(COURSE|UROP)/);
    push(@acl,"system:swmaint all") if ($type =~ /^(SW)/);
    push(@acl,"system:cwisfac all") if ($type =~ /^(ORG)/);
    push(@acl,"system:administrators all") if ($type =~ /^(SYSTEM)/);
    push(@acl,"$user all")
	if ($uid != 0 && $type =~ /^(ACTIVITY|APROJ|AREF|CONTRIB|COURSE|HOMEDIR|LEASE|ORG|PROJECT|REF|SW|UROP)/);
    push(@acl,"system:$group all")
	if ($gid != 0 && $type =~ /^(ACTIVITY|APROJ|COURSE|ORG|PROJECT|UROP)/);
    push(@acl,"system:$group rl") if ($gid != 0 && $type =~ /^(AREF)/);
    push(@acl,"system:authuser rl")
	if ($type =~ /^(COURSE|SW|UROP)/);
    push(@acl,"system:anyuser rl")
	if ($type =~ /^(ACTIVITY|APROJ|CONTRIB|REF|SYSTEM)/);

    if ($type !~ /^(AREF|ORG|SYSTEM)/) {
	system("$fs mkm $path/OldFiles $vname.backup");
	warn "$locker: Unable to create OldFiles mountpoint\n" if ($?);
    }

    if ($type =~ /ACTIVITY|APROJ|PROJECT/) {
	chown($gid,0,$path) ||
	    die "Unable to set volume ownership\n";
    } elsif ($type =~ /HOMEDIR|UROP/) {
	chown($uid,0,$path) ||
	    die "Unable to set volume ownership\n";
    }

    if ($type eq "ORG") {
	mkdir("$path/www",0755) || die "Unable to create subdirectories\n";
	system("$fs sa $path/www @acl system:anyuser rl -clear") &&
	    die "Unable to set acl on www directory\n";

	system("$fs sa $path @acl system:anyuser l -clear") &&
	    die "Unable to set acl on top-level directory\n";
	return;
    }

    if ($type eq "HOMEDIR") {
	die "Unable to get uid for user\n" unless ($uid);

	mkdir("$path/Public",0755) && chown($uid,0,"$path/Public") &&
	    mkdir("$path/Private",0700) && mkdir("$path/Mail", 0700) &&
		chown($uid,0,"$path/Public","$path/Private","$path/Mail") ||
		    die "Unable to create subdirectories\n";
	system("$fs sa $path/Public @acl system:anyuser rl -clear") &&
	    die "Unable to set acl on Public directory";
	system("$fs sa -dir $path/Private $path/Mail -acl @acl -clear") &&
	    die "Unable to set acl on Private and/or Mail directories\n";

	opendir(DIR,$protodir) || die "Unable to open prototype directory\n";
	@files=readdir(DIR);
	closedir(DIR);

	for $i (@files) {
	    next if ($i eq "." || $i eq "..");
	    next unless -f "$protodir/$i";
	    open(IN,"<$protodir/$i") || die "Unable to open $protodir/$i\n";
	    open(OUT,">$path/$i") || die "Unable to create $i\n";
	    while ($_=<IN>) { print OUT $_; };
	    close(OUT);
	    close(IN);
	    chown($uid,0,"$path/$i");
	}
	system("$fs sa $path @acl system:anyuser l -clear") &&
	    die "Unable to set acl on top-level directory\n";
	return;
    }

    system("$fs sa $path @acl -clear") &&
	die "Unable to set acl of $path\n";
}
Commit	Line	Data
6ff63c15	1	#!/usr/athena/bin/perl
6231b320	2	# Usage: afs_create locker type cell path quota user group
	3
	4	require "/moira/bin/afs_utils.pl";
	5
c09dcc8c	6	$protodir="/moira/dotfiles";
6231b320	7	$quota=1;
6231b320	8
6231b320	9	%proc =
	10	("ATHENA.MIT.EDU", 'athena_proc' );
	11
	12	umask(0);
	13
	14	die "Usage: $0 locker type cell path user group\n" if (@ARGV != 6);
	15	($locker,$type,$cell,$path,$user,$group) = @ARGV;
	16
	17	# Lookup volume type
	18	($c = $cell) =~ s/\./_/g;
754ef493	19	$vtype = eval "\$vtypes_$c{$type}";
	20	die "Cannot create $type volumes in $cell\n" unless $vtype;
	21	$vname = $vtype . "." . $locker;
	22	$vname =~ s/[^-A-Za-z0-9_.]//g; # strip out illegal characters
6231b320	23
97798f36	24	# Find free space/Create volume
c9e7ea4d	25	$tries = 0; $code = 1;
c9e7ea4d	26	while ($tries<3 && $code) {
97798f36	27	($asrv,$apart) = &afs_find($cell,$type,$quota,@except);
	28	die "Unable to find space to create $vname in $cell\n" unless ($asrv&&$apart);
	29	$code = system("$vos create $asrv $apart $vname -cell $cell >/dev/null");
	30	push(@except, $asrv);
c9e7ea4d	31	$tries++;
97798f36	32	}
97798f36	33	&fatal("Unable to create $vname in $cell") if ($code); # Too many create errors
6231b320	34	push(@clean, "$vos remove $asrv $apart $vname -cell $cell >/dev/null");
	35
	36	# Create mountpoint and set quota
	37	$path =~ s:^/afs/([^.]):/afs/.\1:;
870213d6	38	system("$fs checkv >/dev/null; $fs mkm $path $vname");
6231b320	39	&fatal("Unable to create $path") if ($?);
	40	push(@clean, "$fs rmm $path");
	41
6ff63c15	42	# Obtain user/group information (uid >= 0, gid <= 0)
6231b320	43	$uid = $gid = 0;
	44	open(PTS, "$pts ex $user -cell $cell\|");
	45	chop($_ = <PTS>);
	46	close(PTS);
	47	($uid,$uid,$uid,$uid) = split(/[:,] /, $_) unless ($?);
	48
	49	open(PTS, "$pts ex system:$group -cell $cell\|");
	50	chop($_ = <PTS>);
	51	close(PTS);
	52	($gid,$gid,$gid,$gid) = split(/[:,] /, $_) unless ($?);
6231b320	53
	54	# Dispatch to the cell-specific creation routines
	55	eval "&$proc{$cell}";
	56	&fatal($@) if ($@);
	57
	58	# Set the filesystem quota
	59	system("$fs sq $path $quota");
	60	&fatal("Unable to set the quota on $path") if ($?);
	61
	62	# Release the parent volume
	63	($p = $path) =~ s:/[^/]+$::;
	64	open(FS, "$fs lv $p\|") \|\| &fatal("Can't get information about $p");
	65	chop($_ = <FS>);
	66	close(FS);
	67	&fatal("Can't get information about $p") if ($?);
	68	@tmp = (split(/ /,$_));
9efb71b3	69	if ($tmp[$#tmp] !~ /user\../) {
	70	system("$vos release $tmp[$#tmp] -cell $cell >/dev/null") &&
	71	&fatal("Can't release $tmp[$#tmp] in cell $cell");
	72	}
6231b320	73
9205b505	74	# Update the quota records.
9205b505	75	&afs_quota_adj($cell,$asrv,$apart,$quota,0);
6231b320	76	exit(0);
	77
	78	sub fatal
	79	{
	80	local($cmd);
	81	$_ = join(' ',@_);
	82	s/\n$//;
	83
	84	while (@clean) {
	85	$cmd = pop(@clean);
	86	warn "$locker: Cleanup failed: $cmd\n" if (system("$cmd"));
	87	}
	88	die "$locker: $_\n";
	89	}
	90
	91	# Cell specific procedures
	92	sub athena_proc
	93	{
	94	# Default acls:
	95	#
	96	# ACTIVITY <user> all <group> all system:anyuser rl
	97	# APROJ <user> all <group> all system:anyuser rl
	98	# AREF <user> all <group> rl
	99	# CONTRIB <user> all system:anyuser rl
	100	# COURSE <user> all <group> all system:facdev all system:authuser rl
	101	# HOMEDIR <user> all
a2a8b2f6	102	# LEASE <user> all
b22cf8b8	103	# ORG <user> all <group> all system:cwisfac all
6231b320	104	# PROJECT <user> all <group> all
	105	# REF <user> all system:anyuser rl
	106	# SW <user> all system:swmaint all system:authuser rl
	107	# SYSTEM system:administrators all system:anyuser rl
9edc1a1d	108	# UROP <user> all <group> all system:facdev all system:authuser rl
6231b320	109	#
	110	# Notes:
	111	# 1. All directories also have "system:expunge ld".
	112
	113	@acl=("system:expunge ld");
9edc1a1d	114	push(@acl,"system:facdev all") if ($type =~ /^(COURSE\|UROP)/);
6231b320	115	push(@acl,"system:swmaint all") if ($type =~ /^(SW)/);
b22cf8b8	116	push(@acl,"system:cwisfac all") if ($type =~ /^(ORG)/);
6231b320	117	push(@acl,"system:administrators all") if ($type =~ /^(SYSTEM)/);
6231b320	118	push(@acl,"$user all")
b22cf8b8	119	if ($uid != 0 && $type =~ /^(ACTIVITY\|APROJ\|AREF\|CONTRIB\|COURSE\|HOMEDIR\|LEASE\|ORG\|PROJECT\|REF\|SW\|UROP)/);
6231b320	120	push(@acl,"system:$group all")
b22cf8b8	121	if ($gid != 0 && $type =~ /^(ACTIVITY\|APROJ\|COURSE\|ORG\|PROJECT\|UROP)/);
6ff63c15	122	push(@acl,"system:$group rl") if ($gid != 0 && $type =~ /^(AREF)/);
6231b320	123	push(@acl,"system:authuser rl")
9edc1a1d	124	if ($type =~ /^(COURSE\|SW\|UROP)/);
6231b320	125	push(@acl,"system:anyuser rl")
	126	if ($type =~ /^(ACTIVITY\|APROJ\|CONTRIB\|REF\|SYSTEM)/);
	127
1738dc4c	128	if ($type !~ /^(AREF\|ORG\|SYSTEM)/) {
6231b320	129	system("$fs mkm $path/OldFiles $vname.backup");
	130	warn "$locker: Unable to create OldFiles mountpoint\n" if ($?);
	131	}
	132
6ff63c15	133	if ($type =~ /ACTIVITY\|APROJ\|PROJECT/) {
	134	chown($gid,0,$path) \|\|
	135	die "Unable to set volume ownership\n";
	136	} elsif ($type =~ /HOMEDIR\|UROP/) {
	137	chown($uid,0,$path) \|\|
	138	die "Unable to set volume ownership\n";
	139	}
	140
b22cf8b8	141	if ($type eq "ORG") {
b22cf8b8	142	mkdir("$path/www",0755) \|\| die "Unable to create subdirectories\n";
1738dc4c	143	system("$fs sa $path/www @acl system:anyuser rl -clear") &&
b22cf8b8	144	die "Unable to set acl on www directory\n";
	145
	146	system("$fs sa $path @acl system:anyuser l -clear") &&
	147	die "Unable to set acl on top-level directory\n";
1738dc4c	148	return;
b22cf8b8	149	}
b22cf8b8	150
6231b320	151	if ($type eq "HOMEDIR") {
	152	die "Unable to get uid for user\n" unless ($uid);
	153
	154	mkdir("$path/Public",0755) && chown($uid,0,"$path/Public") &&
	155	mkdir("$path/Private",0700) && mkdir("$path/Mail", 0700) &&
	156	chown($uid,0,"$path/Public","$path/Private","$path/Mail") \|\|
	157	die "Unable to create subdirectories\n";
	158	system("$fs sa $path/Public @acl system:anyuser rl -clear") &&
	159	die "Unable to set acl on Public directory";
	160	system("$fs sa -dir $path/Private $path/Mail -acl @acl -clear") &&
	161	die "Unable to set acl on Private and/or Mail directories\n";
	162
	163	opendir(DIR,$protodir) \|\| die "Unable to open prototype directory\n";
	164	@files=readdir(DIR);
	165	closedir(DIR);
	166
	167	for $i (@files) {
	168	next if ($i eq "." \|\| $i eq "..");
	169	next unless -f "$protodir/$i";
	170	open(IN,"<$protodir/$i") \|\| die "Unable to open $protodir/$i\n";
	171	open(OUT,">$path/$i") \|\| die "Unable to create $i\n";
	172	while ($_=<IN>) { print OUT $_; };
	173	close(OUT);
	174	close(IN);
	175	chown($uid,0,"$path/$i");
	176	}
6ff63c15	177	system("$fs sa $path @acl system:anyuser l -clear") &&
6ff63c15	178	die "Unable to set acl on top-level directory\n";
6231b320	179	return;
	180	}
	181
	182	system("$fs sa $path @acl -clear") &&
	183	die "Unable to set acl of $path\n";
	184	}