#!/bin/sh # vim: set filetype=sh: # PROGNAME=oscfc3cmds ############################################################################## # # OSCFC3CMDS POST-INSTALL SCRIPT # # * do NOT remove existing content! Only add new paragraphs at the bottom # of the file. # # * this code is duplicated in svn://oscrepo/oscfc3cmds/trunk! # Any changes made here must also be made there! # # * Any new functions *MUST* be reentrant! # # * Any new functions *MUST* be of the form: # # name_of_fix() # { # ! func_patch_level || return 0 # # # Your Name - The Date # # A description of what the fix is for ... # # ... # # ... # the code to make the fix goes here # } # # and should be set to 1. # # * If a fix changes then the should be incremented. # # * If you only want to collect information about machines, then # there is already a function to do this. Just expand it as # you need. (You could even delete the existing reporting paragraphs # if you want.) # ############################################################################## PKGS_TO_INSTALL="" PKGS_TO_REMOVE="" # # Alexis Huxley - Mon Jul 25 15:52:49 CEST 2005 # Certain early installed machines don't know what model they are, so fix that. # create_etc_mkkickstart_info_if_necessary() { # Don't do this if it has already been done. ! func_patch_level 1 || return 0 # # Alexis Huxley - Mid 2005 # This function creates /etc/mkkickstart-info for machines which are known # not to have it. YOU DO NOT NEED TO ADD EVERY HOST HERE!!! # if [ "X`grep MKKICKSTART_MODEL= /etc/mkkickstart-info 2>/dev/null`" = X ]; then case `uname -n` in almaspr) MODEL=PE1850 PROFILE=server ;; astrolin3) MODEL=GX270 PROFILE=desktop ;; ga004545) MODEL=GX240 PROFILE=desktop ;; ga008899) MODEL=GX270 PROFILE=desktop ;; ga010252) MODEL=GX270 PROFILE=desktop ;; ga011997) MODEL=GX280 PROFILE=desktop ;; ga012064) MODEL=GX280 PROFILE=desktop ;; mediaw) MODEL=GX110 PROFILE=desktop ;; nb004685) MODEL=C810 PROFILE=laptop ;; nb004734) MODEL=C400 PROFILE=laptop ;; nb008581) MODEL=C640 PROFILE=laptop ;; nb010172) MODEL=D600 PROFILE=laptop ;; nb012066) MODEL=D410 PROFILE=laptop ;; nb012085) MODEL=X1 PROFILE=laptop ;; nb012086) MODEL=D610 PROFILE=laptop ;; nb012087) MODEL=D810 PROFILE=laptop ;; pc003412) MODEL=GX110 PROFILE=desktop ;; pc004400) MODEL=GX240 PROFILE=desktop ;; pc008427) MODEL=GX260 PROFILE=desktop ;; pc008429) MODEL=GX260 PROFILE=desktop ;; pc008735) MODEL=GX270 PROFILE=desktop ;; pc008869) MODEL=GX270 PROFILE=desktop ;; pc008877) MODEL=GX270 PROFILE=desktop ;; pc008887) MODEL=GX270 PROFILE=desktop ;; pc008892) MODEL=GX270 PROFILE=desktop ;; pc008897) MODEL=GX270 PROFILE=desktop ;; pc008645) MODEL=GX260 PROFILE=desktop ;; pc008907) MODEL=GX270 PROFILE=desktop ;; ga010281) MODEL=GX270 PROFILE=desktop ;; pc011919) MODEL=GX280 PROFILE=desktop ;; pc011921) MODEL=GX280 PROFILE=desktop ;; ga008901) MODEL=GX270 PROFILE=desktop ;; scifc) MODEL=PE1650 PROFILE=server ;; ga010227) MODEL=PRE650 PROFILE=desktop ;; *) echo "oscfc3cmds-postinstall: `uname -n`: unknown machine type, update oscfc3cmds with the info" >&2 exit 0 ;; esac { echo "MKKICKSTART_MODEL=$MODEL" echo "MKKICKSTART_PROFILE=$PROFILE" } >> /etc/mkkickstart-info fi } add_os_to_etc_mkkickstart_info_if_necessary() { # Don't do this if it has already been done. ! func_patch_level 1 || return 0 # Alexis Huxley Fri Dec 9 17:42:31 CET 2005 # To allow loading of appropriate GPG signatures, which are # stored in a per-OS directory in xavier, we need to # know the OS here. But we can't gracefully learn it # here if it hasn't been recorded in /etc/mkkickstart-info grep "^MKKICKSTART_OS=" /etc/mkkickstart-info > /dev/null || { echo "MKKICKSTART_OS=fedora3" >> /etc/mkkickstart-info } } note_to_install_mozilla_and_vnc() { # Don't do this if it has already been done. ! func_patch_level 1 || return 0 # # Alexis Huxley - Mon Jul 25 15:52:49 CEST 2005 # Added mozilla-mail and vnc to mkkickstart, but some machines # installed before this addition, so install it. # if [ "X$MKKICKSTART_PROFILE" = Xdesktop -o "X$MKKICKSTART_PROFILE" = Xlaptop ]; then PKGS_TO_INSTALL="$PKGS_TO_INSTALL mozilla-mail mozilla-chat mozplugger vnc vnc-server" fi } note_to_install_gv_and_xfig() { # Don't do this if it has already been done. ! func_patch_level 1 || return 0 # # Alexis Huxley - Tue Jul 26 14:43:39 CEST 2005 # Monika Petr-Gotzens reports that her laptop is missing ghostview; # this is possible as this was added sometime after the first installs # were done. Maybe other machines are missing it too, so lets tell # them to add it. Note the time at which it is installed is offset # further, so that there is no danger that things will be installed # at the same time. # if [ "X$MKKICKSTART_PROFILE" = Xdesktop -o "X$MKKICKSTART_PROFILE" = Xlaptop ]; then PKGS_TO_INSTALL="$PKGS_TO_INSTALL gv xfig" fi } note_to_install_gildas() { # Don't do this if it has already been done. ! func_patch_level 1 || return 0 # # Alexis Huxley - Mon Dec 5 22:31:34 CET 2005 # gildas is now distributed as a separate RPM; this means it will not be installed # by nightly 'yum update's. It must be explicitly installed to get on to the the # auto-upgrade path. # if [ "X$MKKICKSTART_PROFILE" = Xdesktop -o "X$MKKICKSTART_PROFILE" = Xlaptop ]; then PKGS_TO_INSTALL="$PKGS_TO_INSTALL scisoft-gildas" fi } note_to_install_pymidas() { # Don't do this if it has already been done. ! func_patch_level 2 || return 0 # # Alexis Huxley - Tue Jan 17 16:33:38 CET 2006 # pymidas is now distributed as a separate RPM; this means it will not be installed # by nightly 'yum update's. It must be explicitly installed to get on to the the # auto-upgrade path. # if [ "X$MKKICKSTART_PROFILE" = Xdesktop -o "X$MKKICKSTART_PROFILE" = Xlaptop ]; then PKGS_TO_INSTALL="$PKGS_TO_INSTALL scisoft-pymidas" fi } note_to_install_asciidata() { # Don't do this if it has already been done. ! func_patch_level 1 || return 0 # # Alexis Huxley - Thu Jan 19 20:31:36 CET 2006 # asciidata is now distributed as a separate RPM; this means it will not be installed # by nightly 'yum update's. It must be explicitly installed to get on to the the # auto-upgrade path. # if [ "X$MKKICKSTART_PROFILE" = Xdesktop -o "X$MKKICKSTART_PROFILE" = Xlaptop ]; then PKGS_TO_INSTALL="$PKGS_TO_INSTALL scisoft-asciidata" fi } note_to_install_morescisoft() { # Don't do this if it has already been done. ! func_patch_level 2 || return 0 # # Alexis Huxley - Mon Jan 30 22:12:59 CET 2006 # Many more RPMs have recently been added to Scisoft as packages with recently # fixed bugs are abstracted into their own RPM. # if [ "X$MKKICKSTART_PROFILE" = Xdesktop -o "X$MKKICKSTART_PROFILE" = Xlaptop ]; then PKGS_TO_INSTALL="$PKGS_TO_INSTALL scisoft-eclipse scisoft-dislin scisoft-matplotlib scisoft-libf2c scisoft-pmw scisoft-pcfitsio scisoft-stscipython scisoft-sextractor scisoft-cloudy scisoft-supermongo scisoft-swarp scisoft-weightwatcher" fi } randomize_nightly_yum_update() { # Don't do this if it has already been done. ! func_patch_level 1 || return 0 # # Alexis Huxley - Wed Jul 27 08:34:59 CEST 2005 # The random delay before upgrading has been changed to max 3 hours; # some hosts currently don't even wait at all. This section rewrites # the cron file for this. Since that file is itself being run # now then there might be some danger in doing this, but the command # that is being run is the very last one in there ... so hopefully # the shell interpreting that script knows its at the end of it. # if [ "X$MKKICKSTART_PROFILE" = Xdesktop -o "X$MKKICKSTART_PROFILE" = Xlaptop -o "X$MKKICKSTART_PROFILE" = Xserver ]; then { # This sleep is here to ensure that installs are staggered # over the hour, so not all machines try to update at # once and overload the server's ftpd. echo "#!/bin/sh" echo "sleep \`expr \$RANDOM % 10800\`" # Thu Dec 8 15:42:27 CET 2005 - Alexis Huxley # It looks like doing a 'yum clean all' before doing updates, # prevents the 'Request not within range' error message from # yum. echo "yum clean all" echo "yum -y update yum" echo "yum -y update" echo "yum clean packages" } > /etc/cron.daily/update chmod 755 /etc/cron.daily/update fi } note_to_install_expect() { # Don't do this if it has already been done. ! func_patch_level 1 || return 0 # # Alexis Huxley - Fri Dec 9 15:32:15 CET 2005 # Install expect. This has been installed for # even longer than oscfc3cmds existed. # if [ "X$MKKICKSTART_PROFILE" = Xdesktop -o "X$MKKICKSTART_PROFILE" = Xlaptop ]; then PKGS_TO_INSTALL="$PKGS_TO_INSTALL expect" fi } note_to_install_sybase_open_client() { # Don't do this if it has already been done. ! func_patch_level 1 || return 0 # # Alexis Huxley - Fri Jul 29 12:34:16 CEST 2005 # Install the sybase client by default. # if [ "X$MKKICKSTART_PROFILE" = Xdesktop -o "X$MKKICKSTART_PROFILE" = Xlaptop ]; then PKGS_TO_INSTALL="$PKGS_TO_INSTALL sybase-common sybase-openclient" fi } note_to_remove_sendmaildoc() { # Don't do this if it has already been done. ! func_patch_level 1 || return 0 # # Alexis Huxley - Fri Dec 9 15:35:22 CET 2005 # sendmail-doc has long since not been installed, but # there appear to be some machines out there with it # still. # PKGS_TO_REMOVE="$PKGS_TO_REMOVE sendmail-doc" } note_to_remove_oldlegatoclientdocumentation() { # Don't do this if it has already been done. ! func_patch_level 1 || return 0 # # Alexis Huxley - Wed Feb 1 15:56:00 CET 2006 # There is no point in keeping the old Legato client documentation # for the new Legato client; remove it. # [ ! -x /etc/init.d/networker ] || /etc/init.d/networker stop rm -fr /nsr.squid.delete-soon [ ! -d /nsr ] || mv /nsr /nsr.squid.delete-soon PKGS_TO_REMOVE="$PKGS_TO_REMOVE lgtoman" } note_to_remove_xscreensaver() { # Don't do this if it has already been done. ! func_patch_level 1 || return 0 # # Alexis Huxley - Wed Aug 24 18:26:54 CEST 2005 # This is a fix for the new version of the screensaver # that Timo Bergemann found; it leaves xscreensaver # installed when it isn't required. # PKGS_TO_REMOVE="$PKGS_TO_REMOVE xscreensaver" } add_aips_service_entries() { # Don't do this if it has already been done. ! func_patch_level 1 || return 0 # # Alexis Huxley - Fri Aug 26 17:19:40 CEST 2005 # Add AIPS-related entries to /etc/services if they are not # already there. # if ! grep -q 5000 /etc/services; then cat >> /etc/services <<'EOF_OSCFC3CMDS' sssin 5000/tcp SSSIN # AIPS TV server ssslock 5002/tcp SSSLOCK # AIPS TV Lock msgserv 5008/tcp MSGSERV # AIPS Message Server tekserv 5009/tcp TEKSERV # AIPS TekServer aipsmt0 5010/tcp AIPSMT0 # AIPS remote FITS disk access aipsmt1 5011/tcp AIPSMT1 # AIPS remote tape 1 aipsmt2 5012/tcp AIPSMT2 # AIPS remote tape 2 EOF_OSCFC3CMDS fi } install_and_remove_packages() { # # Execute scheduled installations and removals. # # Mon Mar 20 15:53:39 CET 2006 - Alexis Huxley # Note that the removal is done before the installation # this was introduced to be able to handle the # upgrade of the 'phone' command (where we are # not sure if what /usr/bin/phone is contributed # by a standalone script or an RPM so we remove # it using both 'rm' and 'yum remove'). if [ "X$PKGS_TO_INSTALL" != X -o "X$PKGS_TO_REMOVE" != X ]; then { if [ "X$PKGS_TO_REMOVE" != X ]; then echo "yum -y remove $PKGS_TO_REMOVE" fi if [ "X$PKGS_TO_INSTALL" != X ]; then echo "yum -y install $PKGS_TO_INSTALL" fi } | at now+15minutes fi } install_gpg_signatures() { # Don't do this if it has already been done. ! func_patch_level 1 || return 0 # Alexis Huxley - Fri Dec 9 15:38:44 CET 2005 # # GPG signatures get converted to packages, so they cannot be installed # in a post install script during which time the rpm db is already locked. # So we use the usual 'at' trick here. The main one goes off 15 minutes # after this package gets installed so this one we do an hour after. { echo "rpm --quiet --import /usr/share/doc/fedora-release-3/RPM-GPG-KEY*" echo "wget --quiet -P /tmp ftp://oscrepo.hq.eso.org/software/linux/$MKKICKSTART_OS/RPM-signatures/\\*.gpg" echo "rpm --quiet --import /tmp/*.gpg" echo "rm -f /tmp/*.gpg" } | at now+60minutes } recreate_all_printer_entries() { # Don't do this if it has already been done. ! func_patch_level 3 || return 0 # Alexis Huxley - Mon Nov 21 09:11:26 CET 2005 # # This unconditionally recreates all printers in exactly # the same way that mkkickstart does (except no 'echo's) # Install printers chkconfig cups on rm -f /etc/cups/printers.conf service cups restart wget --quiet -O - http://www.eso.org/projects/it/services/printers/printers.html | sed -n 's/^$[^<]*$<.*/\1/p' | sort -u | while read PRINTER; do lpadmin -h localhost -x $PRINTER 2>/dev/null done wget --quiet -O - http://www.eso.org/projects/it/services/printers/printers.html | sed -n 's/^$[^<]*$<.*/\1/p' | sort -u | while read PRINTER; do lpadmin -h localhost -p $PRINTER -v lpd://print/$PRINTER -E done # Some specific printers require special options # foomatic-configure produces a perl syntax error when the PPD file doesn't # exist or loops wrong so we can't be sure its worked properly without # running it twice. for LOOP in 1 2; do { # Wolfram Freudling's printer doesn't support postscript so we need to tell # cups to convert postscript to PCL before submitting it to caxton. #foomatic-configure -s cups -n pacol3 -p HP-Color_Inkjet_Printer_CP1700 -d hpijs -o PageSize=A4 -o PaperDimension=A4 -o Duplex=DuplexNoTumble -o PaperDimension=A4 -o DefaultImageableArea=A4 foomatic-configure -s cups -n pacol3 -p HP-Color_Inkjet_Printer_CP1700 -d hpijs # Discard output (with syntax error) first loop, but output it on the second. } 2>&1 | if [ $LOOP = 1 ]; then cat > /dev/null else cat fi done # But running it twice creates a .old file in /etc/cups/ppd. rm -f /etc/cups/ppd/*.old echo } fix_removable_media_device_permissions() { # Don't do this if it has already been done. ! func_patch_level 1 || return 0 # Alexis Huxley - Mon Nov 21 09:18:04 CET 2005 # # This is not a total fix. It fixes: # # SCSI tapes # IDE CD-ROMs and DVDs # # but does *not* fix: # # SCSI CD-ROMs and DVDs (not tried to set up yet) # IDE floppies (permissions are ignored, perhaps because driver loaded so early?) # if [ "X$MKKICKSTART_PROFILE" = Xdesktop -o "X$MKKICKSTART_PROFILE" = Xlaptop ]; then cat > /etc/udev/rules.d/00-local.rules <<'EOF_OSCFC3CMDS' KERNEL="hd[a-z]*", NAME="%k", SYSFS{removable}="1", MODE="0666" # This line for floppies looks right, but is ignored. KERNEL="fd[0-9]*", NAME="%k", MODE="0666" KERNEL="st*", NAME="%k", MODE="0666" KERNEL="nst*", NAME="%k", MODE="0666" EOF_OSCFC3CMDS fi } exit_if_machine_being_installed() { # Mon Dec 5 22:33:11 CET 2005 - Alexis Huxley # oscfc3cmds is meant only to apply patches to systems installed # earlier. At *install* time it should do *nothing* (everything # you might think you want it to do at install time should be # done by mkkickstart). Therefore if this is install-time, exit # gracefully. postinstall scripts are called with '1' as $1 for # installs, '2' for upgrades, '0' for removes. [ "X$1" = X2 ] || exit 0 } write_sudoers_file() { # Don't do this if it has already been done. ! func_patch_level 1 || return 0 # Tue Dec 6 09:00:00 CET 2005 - Timo Bergemann # To correct some crap left over from a previous version of this func. rm -rf /etc/suders rm -rf /etc/sudoers.sample # Mon Dec 5 22:33:33 CET 2005 - Timo Bergemann # Enable users to run kppp, so they can configure their ESO laptops # to connect to their personal ISPs at home. if [ "X$MKKICKSTART_PROFILE" = Xlaptop ]; then cat > /etc/sudoers <<'EOF_OSCFC3CMDS' Cmnd_Alias KPPP=/usr/sbin/kppp Cmnd_Alias KPPP2=/usr/bin/kppp root ALL=(ALL) ALL ALL ALL = NOPASSWD: KPPP ALL ALL = NOPASSWD: KPPP2 EOF_OSCFC3CMDS # to give the right permissions chmod 440 /etc/sudoers fi } fix_wlan_interface_configuration_scripts() { # Don't do this if it has already been done. ! func_patch_level 1 || return 0 # Thu Dec 8 14:57:43 CET 2005 - Alexis Huxley # The interface configuration files for WLANs should # be writable by the user, so that they can tailor it # to their home WLANs. # This is only applicable to laptops. [ "X$MKKICKSTART_PROFILE" = Xlaptop ] || return 0 for FILE in /etc/sysconfig/network-scripts/ifcfg-*; do case $FILE in *-lo|*-eth0) # Do nothing for loopback and primary interface. : ;; *) echo "chmod'ing $FILE (on assumption is WLAN interface) ..." chmod 666 $FILE ;; esac done } install_cisco_vpnclient() { # Don't do this if it has already been done. ! func_patch_level 6 || return 0 # This is only applicable to laptops. [ "X$MKKICKSTART_PROFILE" = Xlaptop ] || return 0 # Download the sources. wget --quiet -O /tmp/vpn.tar ftp://oscrepo.hq.eso.org/software/linux/sources/vpnclient-linux-4.8.00.0490-k9.tar # keep cd's local to this function ( cd /tmp tar xf vpn.tar cd vpnclient { # Directory where binaries will be installed? echo # /usr/local/bin # Automatically start the VPN service at boot time? echo # yes # Directory containing linux kernel source code? echo # default location correct # Above correct? echo # yes } | ./vpn_install ) # write the config file cat > /etc/opt/cisco-vpnclient/Profiles/eso.pcf < /etc/cron.daily/check_i_am_backed_up <<'EOF' #!/bin/sh PROGNAME=`basename $0` # # Global variables # # Get a list of all local mount points (that's the "mount | sed" part) # and ensure that if /export is in this list then it is at the front # of the list (that's the "while | sort | cut" part). MNTPNTS=`mount | sed -n 's/^.* on $[^ ]*$ type ext[23] .*/\1/p' | while read X; do case $X in /export/diska) echo "100 $X" ;; /export) echo "10 $X" ;; *) echo "1 $X" ;; esac; done | sort -k 1nr | cut -f2 -d' '` # If /export/diska exists then it needs to be either backed up or it (or one of its parents) needs # to be backed up or reported upon. EXPORTDISKA_NEEDSBACKUPORREPORT=`{ [ -d /export/diska ] && echo true; } || echo false` # Check if the machine is dual boot. If it is we will not be backing it up. main() { # Only flag missing backups on Monday's [ "X`date '+%a'`" = XMon ] || return 0 # Logic here is that /export/diska should be backed up but that if it isn't a mount point # then either /export or / should be backed up. / is not backed up (subject to previous test), # /scratch is not backed up, anything else should be. for MNTPNT in $MNTPNTS; do #echo "debug: $MNTPNT ..." case "`uname -n`:$MNTPNT" in *:/export/diska|*:/export|*:/) [ $EXPORTDISKA_NEEDSBACKUPORREPORT = false ] || mntpnt_is_backed_up $MNTPNT || { UNBACKED_MNTPNTS="$UNBACKED_MNTPNTS $MNTPNT" #echo "debug: $MNTPNT being added to unbackedup fs list" } EXPORTDISKA_NEEDSBACKUPORREPORT=false ;; *:/media/*) : ;; *:/scratch) : ;; pc003640:/raid) # Another of Gert's RAIDs. Reinhold Dorn backs this up. : ;; pc012232:/export/raid) : ;; pc012178:/scratch[1234]) # Luigi Bedin's superduper multi-scratch desktop. : ;; pc010069:/export/r1[ab]) # this is only on Gert Finger's pc010069 and is not backed # up by us. : ;; *) mntpnt_is_backed_up $MNTPNT || UNBACKED_MNTPNTS="$UNBACKED_MNTPNTS $MNTPNT" ;; esac done [ "X$UNBACKED_MNTPNTS" = X ] || alert_unbackedup_data "$UNBACKED_MNTPNTS" } mntpnt_is_backed_up() { local MNTPNT MNTPNT="$1" /usr/sbin/mminfo -qclient=`hostname` -s stiles -qname=$MNTPNT -q'savetime>7 days ago' >/dev/null 2>&1 } alert_unbackedup_data() { local MNTPNTS MNTPNT MNTPNTS="$1" { echo "Host: `uname -n`" # No space 'cos there already is one as things get appended to $MNTPNTS echo "Unbackedup-Mountpoints:$MNTPNTS" } | Mail -s "`uname -n` has stuff not backed up!" helpdesk@eso.org } main "$@" EOF chmod 755 /etc/cron.daily/check_i_am_backed_up } note_to_upgrade_phone_command() { # Don't do this if it has already been done. ! func_patch_level 4 || return 0 # Sat Jan 28 19:31:54 CET 2006 - Alexis Huxley # The version of ESO's phone command written by Alexis, which # downloads a web page and caches it has been converted to an # RPM. Here we remove the very old version. This function should # really *never* need to be changed. rm -f /usr/bin/phone /var/local/phonelist.txt # Mon Mar 20 15:52:53 CET 2006 - Alexis Huxley # Ha! I spoke too soon! Adam Dobrzycki reported that, immediately # after his machine was reinstalled, phone was missing. The phone # package is installed by mkkickstart these days, and that meant # that the above call to note_to_install_phone() didn't actually # install anything, but *this* function nonetheless deleted the # phone command (thinking that it was deleting the non-RPM-ised # version when it fact it was deleting the RPM-ised version.) # That 'rm' needs qualifying: we need to say "if /usr/bin/phone # is not the RPM version then delete it" but we can't say that # from inside a post-install script because the RPM database # is locked as *this* package is being installed!!! # # What are the other options? We need to do something: # # 1) reentrant # 2) same results if no phone/RPM phone/non-RPM phone installed # 3) does not access RPM database # # Okay! Look at this: # # pc008887# yum -y remove phone # Transaction Listing: # Remove: phone.i386 0:0.0-20060128192724 # Total download size: 0 # # Removed: phone.i386 0:0.0-20060128192724 # pc008887# yum -y install phone # Transaction Listing: # Install: phone.i386 0:0.0-20060128192724 - eso # Total download size: 9.8 k # # Installed: phone.i386 0:0.0-20060128192724 # pc008887# rm -f /usr/bin/phone # pc008887# yum -y remove phone # Transaction Listing: # Remove: phone.i386 0:0.0-20060128192724 # Total download size: 0 # # Removed: phone.i386 0:0.0-20060128192724 # pc008887# yum -y install phone # Transaction Listing: # Install: phone.i386 0:0.0-20060128192724 - eso # Total download size: 9.8 k # # Installed: phone.i386 0:0.0-20060128192724 # pc008887# ls -ld /usr/bin/phone # -rwxr-xr-x 1 root root 34840 Jan 28 19:27 /usr/bin/phone # pc008887# # # The point is that even after /usr/bin/was removed with 'rm', 'yum remove' # successfully removed the package (and then 'yum install' went on to # install it successfully. # # So the solution we adopt is as follows: # # 1) remove the file with 'rm' # 2) remove the RPM with 'yum remove' # 3) install the RPM with 'yum install' # # Note that since the removal and installation of RPMs is delegated to # an 'at'-ed invocation of yum, that invocation must be altered to do # removals before installations. # # The 'rm' is done above. The note to remove the phone RPM we put # here: PKGS_TO_REMOVE="$PKGS_TO_REMOVE phone" # The call to install the phone command was put in another function, but # this is pretty pointless now, so we'll do it here: PKGS_TO_INSTALL="$PKGS_TO_INSTALL phone" # Finally the function to 'rm /usr/bin/phone' and this function have # been deleted and renamed respectively. This means that we have some # patchlevel files that are obsolete and can now be removed: func_patch_level --delete note_to_install_phone func_patch_level --delete remove_old_phone_command } note_to_remove_legato_on_laptops_and_cluster_nodes() { # Don't do this if it has already been done. ! func_patch_level 1 || return 0 # Thu Feb 2 07:56:25 CET 2006 - Alexis Huxley # Legato got accidentally installed on laptops and cluster nodes once; # here we fix that. if [ "X$MKKICKSTART_PROFILE" = Xlaptop -o "X$MKKICKSTART_PROFILE" = Xcluster ]; then { echo "echo \"stopping old/new legato client ...\"" echo "[ ! -x /etc/init.d/networker ] || /etc/init.d/networker stop" echo "echo \"removing old/new legato client ...\"" echo "yum -y erase lgtoclnt" echo "echo \"disabling old/new legato client configuration ...\"" echo "[ ! -d /nsr ] || rm -fr /nsr" } | at now+30min fi # Fri Mar 24 10:17:24 CET 2006 - Alexis Huxley # This function (note_to_remove_legato_on_laptops_and_cluster_nodes) used to do some # additional tasks which (from the beginning) *had* to be removed eventually. In line # with its now much smaller functionality, the function name has changed and so here # we clean up the patchlevel file left by this function under its old name. func_patch_level --delete upgrade_legato_client } rewrite_clashing_gids() { # Don't do this if it has already been done. ! func_patch_level 1 || return 0 # Thu Mar 2 11:04:00 CET 2006 - Alexis Huxley # This is the same change made by mkkickstart to avoid clashing # GIDs. It is applied only on non-laptops which are NIS clients. # (The point of this is to avoid laptop users who already have # these GIDs in use on local accounts or people who might want # to use ppp-ish programs or NIS servers themselves from being # affected. if [ "X$MKKICKSTART_PROFILE" != Xlaptop -a "X$MKKICKSTART_PROFILE" != Xserver ] && ypwhich > /dev/null 2>&1; then perl -pi -e 's/^([^:]*:[^:]*:)50\b(.*)/${1}501$2/' /etc/group perl -pi -e 's/^([^:]*:[^:]*:)40\b(.*)/${1}502$2/' /etc/group fi } reget_roots_authorized_keys2() { # Don't do this if it has already been done. ! func_patch_level 1 || return 0 # Wed Jan 18 20:18:52 CET 2006 - Alexis Huxley # Some hosts' ~/root/.ssh/authorized_keys2 are size zero 'cos # the permissions of the master copy of this file were such that # installed clients couldn't read the file. Here we blindly download # a new version. wget --quiet -O /root/.ssh/authorized_keys2 ftp://oscrepo.hq.eso.org/secure/ssh-config/authorized_keys2.osc } report_configuration_info() { # Don't do this if it has already been done. ! func_patch_level 3 || return 0 # This is a special function to display whatever information you want to collect. } lock_exportdiska_on_dualboots() { # Don't do this if it has already been done. ! func_patch_level 7 || return 0 # Tue Mar 14 09:25:41 CET 2006 - Alexis Huxley # Dualboot machines are not supposed to have /export/diska, but removing # it is simply do dangerous. What we need to do is the following: # # 1) check if system is a dualboot desktop - if not return success # 2) check if /export/diska exists - if not return success # 3) check if /export/diska is being used - if so send email, return success # 4) chmod 700 /export/diska/; chown root:root /export/diska/; cat > /export/diska/README # 5) check if /export/diska is a mount point - if not return success # 6) unmount /export/diska # 7) comment out /export/disk in /etc/fstab # # Deleting the 'done' flag would not have enough to trigger the rechecking of # all of this the next day; so the sysadmin must do all the above manually *or* # somehow force reinstallation, e.g. by bumping the patch level of this function. # # So here we go ... # Only proceed if desktop. #echo "lock_exportdiska_on_dualboots: checking if machine is desktop ..." [ "X$MKKICKSTART_PROFILE" = Xdesktop ] || return 0 # Only proceed if dualboot. #echo "lock_exportdiska_on_dualboots: checking if machine is dualboot ..." fdisk -l $(df / | sed -n 's@^$/dev/[hs]d[a-z]$.*@\1@p') | grep -q NTFS || return 0 # Only proceed if /export/diska exists. #echo "lock_exportdiska_on_dualboots: checking if /export/diska exists ..." [ -d /export/diska ] || return 0 # If /export/diska full then send a mail to helpdesk@eso.org and do not proceed. #echo "lock_exportdiska_on_dualboots: checking if /export/diska populated ..." [ "X`ls /export/diska | egrep -v 'lost\+found|README'`" = X ] || { #echo "lock_exportdiska_on_dualboots: reporting this host to helpdesk ..." { echo "This system is a dualboot and should not have /export/diska" echo "backed up; but it must be backed up because it is not empty!" echo echo "Speak to the user and get them to move this stuff or delete" echo "it ASAP!" echo echo "oscfc3cmds will need this function's patch level bumping" echo "in order to retrigger this check; put the call in waiting" echo "and then do it." } | Mail -s "`uname -n` is dualboot with populated /export/diska!" helpdesk@eso.org return 0 } # Lock the directory. #echo "lock_exportdiska_on_dualboots: locking /export/diska ..." chmod 700 /export/diska chown root:root /export/diska { echo "Tue Mar 14 09:25:41 CET 2006 - Alexis Huxley" echo echo "This directory has been deliberately locked; this system is" echo "dual boot and should not have this partition; hence this" echo "file and the partition not being mounted." } > /export/diska/README # Only proceed if /export/diska is a mount point. #echo "lock_exportdiska_on_dualboots: checking if /export/diska is a mount point ..." [ "X`df -l | grep ' /export/diska$'`" != X ] || return 0 # Unmount /export/diska #echo "lock_exportdiska_on_dualboots: unmounting /export/diska ..." umount /export/diska # Comment out entry in /etc/fstab #echo "lock_exportdiska_on_dualboots: commented /export/diska out of /etc/fstab ..." perl -pi -e 's@^([^#].*\s/export/diska\s.*)@# /export/diska entry commented out by oscfc3cmds\n#$1@' /etc/fstab return 0 } lock_exportdiska_if_singlebootdesktop_and_is_empty() { # Don't do this if it has already been done. ! func_patch_level 3 || return 0 # Wed Mar 29 11:31:15 CEST 2006 - Alexis Huxley # We have run out of Legato client licenses! See mails from Kevin Maguire # and Alexis Huxley # <20060329090100.GA6371@pc008887.hq.eso.org>. This function is an # implementation of the solution agreed to in those mails. # # Single boot desktop systems with an empty /export/diska get that locked # with a README file explaining why and what to do about it. # Only proceed if desktop. [ "X$MKKICKSTART_PROFILE" = Xdesktop ] || return 0 # Only proceed if singleboot. ! fdisk -l $(df / | sed -n 's@^$/dev/[hs]d[a-z]$.*@\1@p') | grep -q NTFS || return 0 # Only proceed if /export/diska exists. [ -d /export/diska ] || return 0 # Only proceed if /export/diska empty. [ "X`ls /export/diska | egrep -v 'lost\+found|README'`" = X ] || return 0 # Lock the directory. echo "lock_exportdiska_if_singlebootdesktop_and_is_empty: locking /export/diska ..." chmod 755 /export/diska chown root:root /export/diska # Explain why to the user. { echo "Wed Mar 29 11:31:15 CEST 2006 - Alexis Huxley" echo echo "We (ESO/Garching) are short of backup licenses; therefore this" echo "directory on this machine is not being backed up; therefore the" echo "directory's permissions have been set to prevent you saving data" echo "here (and falsely expecting it to be backed up)." echo echo "If you would really like to be able to save data here (max 20GB)" echo "and have it backed up then please call Helpdesk." } > /export/diska/README return 0 } main() { exit_if_machine_being_installed "$@" create_etc_mkkickstart_info_if_necessary add_os_to_etc_mkkickstart_info_if_necessary . /etc/mkkickstart-info # Do not add any 'note_to_{install,remove}_...' functions before here! note_to_install_gildas note_to_install_pymidas note_to_install_asciidata note_to_install_mozilla_and_vnc note_to_install_gv_and_xfig note_to_install_sybase_open_client note_to_remove_xscreensaver note_to_install_expect note_to_remove_sendmaildoc note_to_install_morescisoft note_to_remove_oldlegatoclientdocumentation note_to_upgrade_phone_command note_to_remove_legato_on_laptops_and_cluster_nodes # Do not add any 'note_to_{install,remove}_...' functions after here! install_and_remove_packages randomize_nightly_yum_update add_aips_service_entries recreate_all_printer_entries fix_removable_media_device_permissions fix_wlan_interface_configuration_scripts install_cisco_vpnclient install_gpg_signatures write_sudoers_file fix_hosts_entry_in_nsswitchconf fix_etc_yum_repos_d_files_referencing_xavier report_configuration_info reget_roots_authorized_keys2 write_check_i_am_backed_up lock_exportdiska_on_dualboots lock_exportdiska_if_singlebootdesktop_and_is_empty } ############################################################################## # # Support functions # ############################################################################## func_patch_level() { local LEVEL MODE FIXNAME USAGE_MSG USAGE_MSG="Usage: func_patch_level { --delete | }" MODE=normal while [ "X$1" != X ]; do case $1 in --delete) MODE=delete ;; --) shift; break ;; -*) internal "$USAGE_MSG" ;; *) break ;; esac shift done case $MODE in normal) [ "X$1" != X -a "X$2" = X ] || internal "$USAGE_MSG" LEVEL=$1 FIXNAME=${FUNCNAME[1]} # Tell caller immmediately if we are already at required level. [ "X`cat /var/local/$PROGNAME/$FIXNAME 2>/dev/null`" != "X$LEVEL" ] || return 0 # really we should not record the step as having been done until # we have actually done it, but that would entail two calls, and # that seems unnecessarily complicated. mkdir -p /var/local/$PROGNAME echo $LEVEL > /var/local/$PROGNAME/$FIXNAME info "applying fix $FIXNAME patch level $LEVEL ..." # Tell caller that we are *not* already at the required level. return 1 ;; delete) [ "X$1" != X -a "X$2" = X ] || internal "$USAGE_MSG" FIXNAME=$1 rm -f /var/local/$PROGNAME/$FIXNAME ;; esac } info() { echo "$PROGNAME: INFO: $1" >&2 } internal() { echo "$PROGNAME: INTERNAL ERROR: $1" >&2 exit 0 } main "$@"