Overview#
For more Information consult Using the Willeke Script Library.
Use Entirely at Your Own Risk
Services.willeke.biz nor anyone else is responsible if you use a tool or any information on this site and causes damages to anyone or anything! This is only Example code
The .sharedfunctions.sh file contains almost all functions called by any menu or other script used in the organization's Scripts.
The attempt is to set all the default functions we need here for initialization of all the build, menu and maintenance scripts.
More Information#
There might be more information for this subject on one of the following:########################################################## #no bin bash as this is an imported script # # SCRIPT: .sharedfunctions.sh # AUTHOR: jim@willeke.com # DATE: 1/31/2009 7:39:22 AM SHAREDFUNCTIONS_VER=12.5A # Script Version Number # (Valid are A, B, D, T, Q, and P (For Alpha, Beta, Dev, Test, QA, and Production) # # PLATFORM: bash # # REQUIREMENTS: # Varibles should be defined in /usr/local/share/willeke/.sharedenv.sh # /usr/local/shared/.sharedenv.sh should be loaded after this # script for proper operation. # this file should be located at: # /usr/local/share/willeke/.sharedfunctions.sh # # PURPOSE: This script along with the .sharedenv.sh script is to # utilize a common scripting function and variable library for # an orgaanization. # # REV LIST: # DATE: DATE_of_REVISION # BY: AUTHOR_of_MODIFICATION # MODIFICATION: Describe what was modified, new features, etc-- # # 12/31/2007 8:20:53 AM Many mods for generic use # 2003-12-08 Added check for DSbackup PREP to f_backupfulldirectory # -Modified f_lockldap # -Modifications to f_viewlog # 2003-12-03 This is the new Functions Script # 8/16/2005 -- Converted references to $bindir/mailx to $mailer # 12/31/2007 8:20:53 AM Many mods for generic use # # set -n # Uncomment to check script syntax, without execution. # # NOTE: Do not forget to put the # comment back in or # # the shell script will never execute! # set -x # Uncomment to debug this shell script # ########################################################## # DEFINE FILES AND VARIABLES HERE ########################################################## # Varibles should be defined in /usr/local/shared/.sharedenv.sh # /usr/local/shared/.sharedenv.sh should be loaded after this # for proper operation. # ########################################################## # DEFINE FUNCTIONS HERE ########################################################## ###################################################################### # Subroutine to Log to LOGFILE does not show to console ###################################################################### f_write_log () { if [ -n "$LOGFILE" -a -n "$*" ] then printf "$*\n" >> $LOGFILE fi } ###################################################################### # Sends outpuit to console and to $LOGFILE ###################################################################### f_write_and_log () { if [ -n "$*" ] then f_write_log "$*" printf "$*\n" fi } ###################################################################### # Subroutine to echo & run command # Sends outpuit to console and to $LOGFILE ###################################################################### f_cmd () # arg_1 = Command to run { f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'` $*" cmdOutput=`eval $*`; f_write_and_log "$cmdOutput" } ###################################################################### # Subroutine to backup and update files if the source is changed ###################################################################### f_move () { src=$1 dest=$2 diff $src $dest > /dev/null 2>&1 diffResult=$? if [ ! -f $src ] then f_write_and_log "ERROR: Can NOT find $src. No Action performed!..." f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END $0" return 1 elif [ $diffResult -eq 0 ] then f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: Not modified: $dest" else f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: ** Modifying $dest" f_bkup $dest f_cmd cp -p $src $dest fi } ###################################################################### # Get value from Console # $1=parameter that the value will be set # $2=Name of the parameter that we wil prompt as ###################################################################### f_askforvalue () { i_name="$2" i_value="$1" printf "\nEnter the value for $i_name: " stty -echo read i_temp stty echo printf "\n\n" $i_value="$i_temp" } ###################################################################### # Get admin password from Console ###################################################################### f_askndspassword () { printf "\nEnter the password for $ADMIN: " stty -echo read PASS; export PASS stty echo printf "\n\n" } ###################################################################### # Subroutine to set userlimits # Show limtis on box and then set open files to 1024 (Should make this variable # 7/29/2005 # JGJ -- Changed default ulimit to 8192 (1024 is likely not enough!) ###################################################################### f_setulimits() #arg_1=Number of open files { i_openfiles=$1 i_openfiles=${i_openfiles:=8192} ulimit -n $i_openfiles unset i_openfiles } ########################################################################## # Remove NDS from Server BRUTE FORCE # Calls external scripts based on HostOS ########################################################################## f_ndsscrub () { f_write_and_log "\n $HostOS $HostOSVer..." dispnote "WARNING! This will remove ALL Novell Binaries, Log Files and DIB" f_checkyorn "Remove All packages and files associated with any version of eDirectory or the Related Products?" ers=$? if [ $ers -eq 1 ] then cd config ./novell-scrub.sh -n cd .. else f_write_and_log "ABORTING -- User said Not to Scrub" f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END $0" return 1 fi } ########################################################################## # Prompts user to continue You should supply an argument for user prompt ########################################################################## f_pressanykey () # arg $1 message { i_MSG=$1 i_MSG=${i_MSG:="Press <Enter> Key to Continue"} printf "\n $i_MSG " read dummy unset i_MSG } ########################################################################## # Deletes a file or a directory will take wildcards ########################################################################## f_osdeletefileordirectory() # arg $1 filordirectory { CMD_DELETEFILEORDIRECTORY="rm -rf" dispItem "$1" DEL= if [ -f "$1" ] then DEL=$1 fi if [ -d "$1" ] then DEL=$1 fi if [ "$DEL" != "" ] then DELETED= $CMD_DELETEFILEORDIRECTORY $DEL 1>$NULLDEV 2>$NULLDEV DELETED=$? if [ "$DELETED" = "0" ] then DELETESTATUS="${resultok} DELETED ${reset}" else DELETESTATUS="${resultfail}DELETE FAILED${reset}" failure fi else DELETESTATUS=" - " fi # Display the status of the file or directory deletion f_write_and_log "\n $DELETESTATUS" } ########################################################################## # These are owner & permision changes that are made to the OS to # Allows support of eDirectory without direct 'root' access. ########################################################################## f_osperms () { f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: BEGIN f_osperms" f_checkroot f_checkerror $THISERROR f_ndscheckinstalled f_checkerror $THISERROR if [ -z "$ndsGROUP" ]; then printf "\nFollowing are the list of UNIX groups that might be intended for" printf "local eDirectory administration: \n\n" grep nds /etc/group grep iim /etc/group printf "\nInput local group name for eDirectory management...\n" printf " (e.g. iim, ndsgroup, etc.): " read ndsGROUP printf "\n" fi # Start change of file ownership and permissions # /etc f_write_and_log "\n/etc" f_cmd chown root:$ndsGROUP /etc/hosts.nds f_cmd chmod 664 /etc/hosts.nds f_cmd chgrp $ndsGROUP /etc/nds.conf f_cmd chmod 664 /etc/nds.conf # /etc/init.d f_write_and_log "\n/etc/init.d" f_cmd chown root:sys /etc/init.d/nds f_cmd chown root:sys /etc/init.d/ndsnddconfig.sh f_cmd chgrp sys /etc/init.d/ndsd # For new startup items f_cmd chgrp sys /etc/init.d/pre_ndsd_start f_cmd chgrp sys /etc/init.d/post_ndsd_start f_cmd chgrp sys /etc/init.d/pre_ndsd_stop f_cmd chgrp sys /etc/init.d/post_ndsd_stop # end new startup f_cmd chmod 744 /etc/init.d/ndsnddconfig.sh f_cmd chmod 744 /etc/init.d/nds f_cmd chmod 744 /etc/init.d/ndsd f_cmd chmod 744 /etc/init.d/slpuasa #/usr/bin f_write_and_log "\n/usr/bin" f_cmd chown root:$ndsGROUP /usr/bin/ndsunix.sh # added for 8.7.1 f_cmd chown root:$ndsGROUP /usr/bin/edirutil f_cmd chown root:$ndsGROUP /usr/bin/nmasinst f_cmd chown root:$ndsGROUP /usr/bin/ndssnmp f_cmd chown root:$ndsGROUP /usr/bin/ndssnmpconfig f_cmd chown root:$ndsGROUP /usr/bin/ndssnmpsa # For Ice Generation of LDIFs f_cmd chown root:$ndsGROUP /usr/bin/attrs f_cmd chown root:$ndsGROUP /usr/bin/cities f_cmd chown root:$ndsGROUP /usr/bin/company f_cmd chown root:$ndsGROUP /usr/bin/domain f_cmd chown root:$ndsGROUP /usr/bin/ether f_cmd chown root:$ndsGROUP /usr/bin/first f_cmd chown root:$ndsGROUP /usr/bin/initial f_cmd chown root:$ndsGROUP /usr/bin/lastnames f_cmd chown root:$ndsGROUP /usr/bin/titles # end 8.7.1 f_cmd chown root:$ndsGROUP /usr/bin/ndsbackup.sh f_cmd chown root:$ndsGROUP /usr/bin/ndscheck.sh f_cmd chown root:$ndsGROUP /usr/bin/autodsrp.sh f_cmd chown root:$ndsGROUP /usr/bin/dsrmenu.sh f_cmd chown root:$ndsGROUP /usr/bin/ice f_cmd chown root:$ndsGROUP /usr/bin/ldapconfig f_cmd chown root:$ndsGROUP /usr/bin/ndsbackup f_cmd chown root:$ndsGROUP /usr/bin/ndsconfig #f_cmd chown root:$ndsGROUP /usr/bin/pkiconfig f_cmd chown root:$ndsGROUP /usr/bin/ndsimonitor f_cmd chown root:$ndsGROUP /usr/bin/ndslogin f_cmd chown root:$ndsGROUP /usr/bin/ndsmerge f_cmd chown root:$ndsGROUP /usr/bin/ndssch f_cmd chown root:$ndsGROUP /usr/bin/ndsstat f_cmd chown root:$ndsGROUP /usr/bin/ndstrace f_cmd chown root:$ndsGROUP /usr/bin/ndsrepair f_cmd chown root:$ndsGROUP /usr/bin/slpinfo # Check for existance of DirXML f_dirxmlinstallcheck if [ "$THISERROR" -eq "0" ] then f_cmd chown root:$ndsGROUP /usr/bin/dxmlconfig f_cmd chown root:$ndsGROUP /usr/bin/dirxml_jremote f_cmd chown root:$ndsGROUP /usr/bin/dxmldrvconfig f_cmd chown root:$ndsGROUP /usr/bin/rdxml fi f_cmd chmod 554 /usr/bin/ndsunix.sh # added for 8.7.1 f_cmd chmod 554 /usr/bin/edirutil f_cmd chmod 554 /usr/bin/nmasinst f_cmd chmod 554 /usr/bin/ndssnmp f_cmd chmod 554 /usr/bin/ndssnmpconfig f_cmd chmod 554 /usr/bin/ndssnmpsa # For Ice Generation of LDIFs f_cmd chmod 554 /usr/bin/attrs f_cmd chmod 554 /usr/bin/cities f_cmd chmod 554 /usr/bin/company f_cmd chmod 554 /usr/bin/domain f_cmd chmod 554 /usr/bin/ether f_cmd chmod 554 /usr/bin/first f_cmd chmod 554 /usr/bin/initial f_cmd chmod 554 /usr/bin/lastnames f_cmd chmod 554 /usr/bin/titles # end 8.7.1 f_cmd chmod 554 /usr/bin/dsrmenu.sh # ndsrepair.sh not used anymore # f_cmd chmod 444 /usr/bin/ndsrepair.sh f_cmd chmod 554 /usr/bin/ndsbackup.sh f_cmd chmod 554 /usr/bin/ndscheck.sh f_cmd chmod 554 /usr/bin/autodsrp.sh f_cmd chmod 554 /usr/bin/ice f_cmd chmod 554 /usr/bin/ldapconfig f_cmd chmod 554 /usr/bin/ndsbackup # Doesn't exist #f_cmd chmod 554 /usr/bin/ndscfg f_cmd chmod 554 /usr/bin/ndsconfig #f_cmd chmod 554 /usr/bin/pkiconfig # NMAS not currently installed by b1nds-base.sh #f_cmd chmod 554 /usr/bin/nmasconfig f_cmd chmod 554 /usr/bin/ndsimonitor f_cmd chmod 554 /usr/bin/ndslogin f_cmd chmod 554 /usr/bin/ndsmerge f_cmd chmod 554 /usr/bin/ndssch f_cmd chmod 554 /usr/bin/ndsstat f_cmd chmod 554 /usr/bin/ndstrace f_cmd chmod 554 /usr/bin/ndsrepair f_cmd chmod 554 /usr/bin/slpinfo # not used: f_cmd chmod 554 /usr/bin/slpuasa # Check for existance of DirXML f_dirxmlinstallcheck if [ "$THISERROR" -eq "0" ] then f_cmd chmod 554 /usr/bin/dxmlconfig f_cmd chmod 554 /usr/bin/dirxml_jremote f_cmd chmod 554 /usr/bin/dxmldrvconfig f_cmd chmod 554 /usr/bin/rdxml fi #/usr/sbin f_write_and_log "\n/usr/sbin" f_cmd chmod 540 /usr/sbin/nds-uninstall f_cmd chmod 540 /usr/sbin/ndsd # ConsoleOne: #f_cmd chmod 540 /usr/sbin/c1-uninstall #f_cmd chmod 540 /usr/sbin/niciver #f_cmd chmod 540 /usr/sbin/nicivercl #f_cmd chmod 540 /usr/sbin/niciverd #f_cmd chmod 540 /usr/sbin/nldap #f_cmd chmod 540 /usr/sbin/npki #/usr/ldaptools/bin f_write_and_log "\n/usr/ldaptools/bin" f_cmd chgrp -R $ndsGROUP /usr/ldaptools/* f_cmd chmod -R 550 /usr/ldaptools/bin/* #iMonitor conf file f_write_and_log "\n/etc/ndsimon" f_cmd chgrp $ndsGROUP /etc/ndsimon.conf f_cmd chmod 660 /etc/ndsimon.conf #/var f_write_and_log "\n/var" # nds-install normally creates if [ ! -f /var/nds-install.log ]; then f_cmd touch /var/nds-install.log fi # JPMorgan Chase scripts create and update this log if [ ! -f /var/b1nds.log ]; then f_cmd touch /var/b1nds.log fi f_cmd chgrp $ndsGROUP /var/nds-install.log f_cmd chgrp $ndsGROUP /var/b1nds.log f_cmd chmod 660 /var/nds-install.log f_cmd chmod 660 /var/b1nds.log #/var/nds f_write_and_log "\n/var/nds" f_cmd chgrp $ndsGROUP /var/nds f_cmd chmod 775 /var/nds # ndsrepair normally creates if [ ! -f /var/nds/ndsrepair.log ]; then f_cmd touch /var/nds/ndsrepair.log fi # ndstrace normally creates: if [ ! -f /var/nds/ndstrace.log ]; then f_cmd touch /var/nds/ndstrace.log fi # ndsbackup.sh normally creates if [ ! -f /var/nds/ndsbackup.log ]; then f_cmd touch /var/nds/ndsbackup.log fi # ndscheck.sh normally creates if [ ! -f /var/nds/ndscheck.log ]; then f_cmd touch /var/nds/ndscheck.log fi # ndsbackup.sh normally creates if [ ! -f /var/nds/.dsbackup ]; then f_cmd touch /var/nds/.dsbackup fi # autodsrp.sh normally creates if [ ! -f /var/nds/autodsrp.log ]; then f_cmd touch /var/nds/autodsrp.log fi # f_ndsbase script creates this file if [ ! -f /var/nds/version.txt ]; then f_cmd touch /var/nds/version.txt fi f_cmd chgrp $ndsGROUP /var/nds/ndsd.log f_cmd chgrp $ndsGROUP /var/nds/schema.log f_cmd chgrp $ndsGROUP /var/nds/ndsrepair.log f_cmd chgrp $ndsGROUP /var/nds/ndstrace.log f_cmd chgrp $ndsGROUP /var/nds/autodsrp.log f_cmd chgrp $ndsGROUP /var/nds/ndsbackup.log f_cmd chgrp $ndsGROUP /var/nds/ndscheck.log f_cmd chgrp $ndsGROUP /var/nds/version.txt f_cmd chgrp $ndsGROUP /usr/local/shared/.sharedenv.sh f_cmd chgrp $ndsGROUP /usr/local/shared/.sharedenv.sh.bash f_cmd chgrp $ndsGROUP /usr/local/shared/.sharedfunctions.sh f_cmd chgrp $ndsGROUP /var/nds/.dsbackup f_cmd chmod 660 /var/nds/ndsd.log f_cmd chmod 660 /var/nds/ndsrepair.log f_cmd chmod 660 /var/nds/ndstrace.log f_cmd chmod 660 /var/nds/autodsrp.log f_cmd chmod 660 /var/nds/ndsbackup.log f_cmd chmod 660 /var/nds/ndscheck.log f_cmd chmod 660 /var/nds/version.txt f_cmd chmod 660 /usr/local/shared/.sharedenv.sh f_cmd chmod 660 /usr/local/shared/.sharedenv.sh.bash f_cmd chmod 660 /usr/local/shared/.sharedenv.sh_functions f_cmd chmod 660 /var/nds/.dsbackup if [ -f /usr/local/shared/.sharedenv.sh.local ]; then f_cmd chgrp $ndsGROUP /usr/local/shared/.sharedenv.sh.local f_cmd chmod 660 /usr/local/shared/.sharedenv.sh.local fi if [ -d /var/nds/certserv ]; then f_cmd chmod 775 /var/nds/certserv fi #/var/nds/dib f_write_and_log "\n/var/nds/dib" # If ndsd dumps its core, we need to be able to read it if [ ! -f /var/nds/dib/core ]; then f_cmd touch /var/nds/dib/core fi # DirXML will create if [ ! -f /var/nds/dib/DIRXML.LOG ]; then f_cmd touch /var/nds/dib/DIRXML.LOG fi f_cmd chgrp $ndsGROUP /var/nds/dib f_cmd chmod 755 /var/nds/dib f_cmd chgrp $ndsGROUP /var/nds/dib/_ndsdb.ini f_cmd chgrp $ndsGROUP /var/nds/dib/core f_cmd chgrp $ndsGROUP /var/nds/dib/DIRXML.LOG f_cmd chmod 660 /var/nds/dib/_ndsdb.ini f_cmd chmod 660 /var/nds/dib/core f_cmd chmod 660 /var/nds/dib/DIRXML.LOG #/var/nds/dxml f_dirxmlinstallcheck if [ "$THISERROR" -eq "0" ] then f_write_and_log "\n/var/nds/dxml" f_cmd chgrp $ndsGROUP /var/nds/dxml f_cmd chmod 775 /var/nds/dxml f_cmd chmod g+s /var/nds/dxml f_cmd chgrp -R $ndsGROUP /var/nds/dxml/* f_cmd chmod -R 660 /var/nds/dxml/* fi #/var/nds/MIME f_write_and_log "\n/var/nds/MIME" f_cmd chgrp $ndsGROUP /var/nds/MIME f_cmd chmod 775 /var/nds/MIME f_cmd chgrp -R $ndsGROUP /var/nds/MIME/* f_cmd chmod -R 660 /var/nds/MIME/* #/usr/lib/nds-schema f_cmd chgrp -R $ndsGROUP /usr/lib/nds-schema/* f_cmd chmod -R 660 /usr/lib/nds-schema/* #/usr/lib/nds-modules f_write_and_log "\n/usr/lib/nds-modules" for dir in `ls -d /usr/lib/nds-modules/j2re* /usr/lib/nds-modules/jre`; do f_cmd chgrp -h $ndsGROUP $dir f_cmd chmod 775 $dir done f_cmd chown -h $ndsUSER /usr/lib/nds-modules/jre f_dirxmlinstallcheck if [ "$THISERROR" -eq "0" ] then #/usr/lib/dirxml/classes f_write_and_log "\n/usr/lib/dirxml/classes" for src in `cd config; ls *.jar; cd ..`; do f_cmd chgrp $ndsGROUP /usr/lib/dirxml/classes/$src f_cmd chmod 770 /usr/lib/dirxml/classes/$src done fi #/var/novell f_write_and_log "\n/var/novell" f_cmd chgrp $ndsGROUP /var/novell f_cmd chmod 755 /var/novell f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END f_osperms\n" } ###################################################################### # Subroutine to backup files ##################################################################### f_bkup () { dest=$1 if [ -f $dest ]; then f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Backing up to $dest.$DATE" f_cmd cp -p $dest $dest.$DATE f_cmd chown 440 $dest.$DATE fi } ########################################################################## #f_backupcheckcore # Checks to see if there is a core file and changes permissions # Must be run as 'root' # from: ndsbackup.sh ########################################################################## f_backupcheckcore () { if [ -f /var/nds/dib/core ] then f_write_and_log "\nFound /var/nds/dib/core; resetting permissions for analysis and removal..." f_cmd "chown $ndsUSER:$ndsGROUP /var/nds/dib/core" fi } ########################################################################## # Checks for Backup Archives older than MTIME and deletes # Requires root # from: ndsbackup.sh ########################################################################## f_backupcleanarchive () # Arg_1 =Directory to check # Arg_2 = File name. Can be wild cards # Arg_3 = TIME in days that files will be deleted { # Cleanup old DIB archives f_write_and_log "\nCleaning up $1/$2* $3 + days old..." f_cmd "find $1 -type f -name "$2*" -mtime +$3 -exec ls -1 {} \; -exec rm {} \;" } ########################################################################## # ndsbackup Takes paramerter to determine execution method # Requires root # This is the primary ndsbackup routine. If a varible is passed in, it will do # different tricks # -PREP Create login account in NDS for ndsbackup (once only) # -RPW Reset password for existing NDS DSbackup user # -RC DIB backup (stops/starts eDirectory) # -RCNDB DIB backup (stops eDirectory No Restart) # -H This help # anythingelse Archive full contents of eDirectory -- objects and schema # -- can be run as non-root user # from: ndsbackup.sh ########################################################################## f_backupnds () # Arg_1 =Comand line input { # Read command line parameter into a variable param=`echo $1|tr "[:lower:]" "[:upper:]"` # Save current and log file and set Log file specific to this process i_log=$LOGFILE LOGFILE=/var/nds/ndsbackup.log f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: BEGIN backupnds\n" EMAIL_BODY=/tmp/tmp.ndsbackup.$$ # Temp file to hold email message # Environment PATH=$PATH:/usr/local/bin export PATH # Set MTIME Archive files located in $bkupDIR older than this are deleted MTIME=${MTIME:=7} if [ ! -d $bkupDIR ] then printf "\nTarget directory ($bkupDIR) specified in" printf " /usr/local/shared/.sharedenv.sh does not exist!!\n" printf " \nHave you run Modify Install ? " printf "You may need to create this directory manually" f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END f_backupnds ${param}" return 1 fi f_write_and_log "\n bakupnds parameter ${param}" case $param in -PREP) # Get the Admin password f_askndspassword f_retrycommand f_checkpassword f_backupidcreate # Reset backup user ID password f_backuppwdreset f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END f_backupnds ${param}" return 0 ;; -RPW) # Get the Admin password f_askndspassword f_retrycommand f_checkpassword # Reset backup user ID password f_backuppwdreset f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END f_backupnds ${param}" return 0 ;; -H) printf "\nUsage:\t(no params)\tArchive objects and schema" printf "\n\t\t-prep\tCreate login account for ndsbackup (once only)" printf "\n\t\t-rpw\tReset password for existing DSbackup user" printf "\n\t\t-rc\tDIB backup (stops/starts eDirectory)" printf "\n\t\t-h\tThis help" f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END f_backupnds ${param}" return 0 ;; -RC) f_backupdib ;; -RCNDB) f_backupdib 1 ;; *) echo $param f_backupfulldirectory ;; esac if [ $? -ne 0 ] then f_write_and_log "\nUnexpected error." f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END bakupnds parameter: $param" # Reset logfile to where we started LOGFILE=$i_log return 1 fi # zip it & chown it to ndsuser owner f_cmd "gzip $TARBALL" f_cmd "chown $ndsUSER:$ndsGROUP $TARBALL*" f_cmd "chmod 640 $TARBALL*" # Send to remote hosts if desired (need ssh public keys configured) #for host in $bkupHOSTS; do # if [ "x$host" != "x`hostname`" ]; then # f_cmd "/usr/local/bin/scp $TARBALL.gz $ndsUSER@$host:$bkupDIR" # fi #done # Reset logfile to where we started LOGFILE=$i_log unset ilog f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END bakupnds parameter: $param\n" f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Review: /var/nds/ndsbackup.log" } ########################################################################## # backupDIB # Backup image of eDirectory DIB -- temporarily closes database # Must be run as root # RESTART=0 or not set, then we will start eDirectory # Otherwise we will not # 8/1/2005 # JGJ -- Exclude /var/nds/iim that exists on some IT Risk servers ########################################################################## f_backupdib() { RESTART=$1 if [ -z "$RESTART" ] then RESTART="0" fi id=`id | awk '{print $1}'|awk -F"=" '{print $2}'|awk -F"(" '{print $1}'` if [ $id != 0 ] then f_write_and_log "\nYou must have root permissions to make an image of the DIB." f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END $0\n" exit 1 fi f_backupcleanarchive $bkupDIR $SERVERNAME $MTIME f_backupcheckcore # Set tarball name TARBALL=$bkupDIR/$SERVERNAME-`date +%Y%m%d_%H%M`.tar # Check Disk SpacE (max needed so far = 400M for tarball + 150M gzip) availableBytes="`df -k $bkupDIR | tail -1 | awk '{print $4}'`" if [ $availableBytes -lt $availableBytesRequired ] then MSG="`hostname` [$0]: ERROR: Insufficient disk space for backup - `date`" echo $MSG df -k date > $EMAIL_BODY printf "\n$MSG\n" >> $EMAIL_BODY printf "\nRequired : $availableBytesRequired" >> $EMAIL_BODY printf "\nAvailable: $availableBytes\n" >> $EMAIL_BODY df -k >> $EMAIL_BODY $mailer -s"$MSG" $EMAIL_NOTIFY < $EMAIL_BODY rm -f $EMAIL_BODY f_write_and_log "\n$MSG" f_write_and_log "$EMAIL_BODY" f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END backupdib\n" exit 1 fi # Stop eDirectory f_cmd /etc/init.d/nds stop f_waitforndsstop 60 # Make copies of conf files under $edirPATH/conf.bak if [ ! -d $edirPATH/conf.bak ] then f_cmd mkdir $edirPATH/conf.bak fi f_cmd cp $edirconfigDIR/hosts.nds $edirPATH/conf.bak f_cmd cp $edirconfigDIR/nds.conf $edirPATH/conf.bak f_cmd cp $edirconfigDIR/init.d/nds $edirPATH/conf.bak f_cmd cp /etc/ndsimon.conf $edirPATH/conf.bak f_cmd cp $edirdibPATH/_ndsdb.ini $edirPATH/conf.bak current_dir=`pwd` # Tar up the /var/nds and /var/novell directory - Restart nds when done cd $edirPATH; cd .. printf "\nWorking Directory: `pwd`\n" touch $TARBALL find . -type f -print|egrep "$SERVERNAME.*tar|$TREENAME.*tar">/tmp/ndsbackup-exclude # Don't backup core files echo ./nds/dib/core>>/tmp/ndsbackup-exclude # Don't backup temp files echo ./nds/temp>>/tmp/ndsbackup-exclude # Don't backup IT Risk files echo ./nds/iim>>/tmp/ndsbackup-exclude # Run the proper TAR command-line for the host OS case $HostOS in Linux) f_cmd "tar -cf $TARBALL -X /tmp/ndsbackup-exclude ./nds" ;; SunOS) f_cmd "tar -cfX $TARBALL /tmp/ndsbackup-exclude ./nds" ;; *) f_write_and_log "\nABORTING -- Unrecognized OS version: $HostOS" f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END backupdib\n" return 1 ;; esac f_cmd "tar -uf $TARBALL ./novell" rm -f /tmp/ndsbackup-exclude # Pass argument to restart or not..... if [ "$RESTART" -ne "0" ] then f_write_and_log "eDirectory will not be restarted" else f_cmd f_edirautostart $bindir/ndsstat>/dev/null 2>&1 if [ $? -ne 0 ] then MSG="$HOSTNAME [$0]: ERROR: eDirectory failed to restart - `date`" printf "\n$MSG\n" > $EMAIL_BODY printf "Output from ndsstat:\n" >> $EMAIL_BODY printf "####################\n" >> $EMAIL_BODY $bindir/ndsstat >> $EMAIL_BODY 2>&1 # Send a shorter version of message to pagers $mailer -s"$HOSTNAME [ndsbackup.sh]: ERROR: eDirectory failed to restart" $EMAIL_URGENT < $EMAIL_BODY # Send more detail to e-mail users printf "\nExcerpt from /var/nds/ndsd.log:\n" >> $EMAIL_BODY printf "####################\n" >> $EMAIL_BODY tail -128 /var/nds/ndsd.log >> $EMAIL_BODY $mailer -s"$MSG" $EMAIL_NOTIFY < $EMAIL_BODY f_write_and_log "`cat $EMAIL_BODY`" rm -f $EMAIL_BODY fi fi cd $current_dir f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END backupdib\n" } ########################################################################## # backupFullDirectory # Archive full contents of eDirectory -- objects and schema # Created from live database -- can be run as non-root user # from: ndsbackup.sh ########################################################################## f_backupfulldirectory () { f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: BEGIN f_backupfulldirectory" #Cleanup old ndstar archives f_backupcleanarchive $bkupDIR $TREENAME $MTIME # Set tarball name TARBALL=$bkupDIR/$TREENAME-`date +%Y%m%d_%H%M`.ndstar # Check Disk Space (max needed so far = 400M for tarball + 150M gzip) availableBytes="`df -k $bkupDIR | tail -1 | awk '{print $4}'`" if [ $availableBytes -lt $availableBytesRequired ] then MSG="`hostname` [$0]: ERROR: Insufficient disk space for backup - `date`" printf "$MSG\n" df -k date > $EMAIL_BODY printf "\n$MSG\n" >> $EMAIL_BODY printf "\nRequired : $availableBytesRequired" >> $EMAIL_BODY printf "Available: $availableBytes\n" >> $EMAIL_BODY df -k >> $EMAIL_BODY $mailer -s"$MSG" $EMAIL_NOTIFY < $EMAIL_BODY rm -f $EMAIL_BODY f_write_and_log "\n$MSG" f_write_and_log "$EMAIL_BODY" f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END f_backupfulldirectory\n" exit 1 fi f_write_and_log "\n$TARBALL $SERVERNAME-DSbackup.Administration.$BaseDNdot" # We need to have the DSbackup user created and the file for the password. If not there Do something else if [ ! -f /var/nds/.dsbackup ] then f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: DSbackup needs PREP performed! f_backupfulldirectory " return 1 else ndsbackup cf $TARBALL -a $SERVERNAME-DSbackup.Administration.$BaseDNdot `cat /var/nds/.dsbackup` fi f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END f_backupfulldirectory\n" } ########################################################################## #Creates NDS user as $SERVERNAME-DSbackup,ou=Administration,$BaseDN # -Assigns user random password # -Sets networkAddressRestriction to this server's IPAddress # from: ndsbackup.sh ########################################################################## f_backupidcreate () { #echo $SERVERIP # Convert IP to uuencoded string for use in User Network Address Restriction attribute oct1=`echo $SERVERIP | awk -F. '{print $1}'` oct2=`echo $SERVERIP | awk -F. '{print $2}'` oct3=`echo $SERVERIP | awk -F. '{print $3}'` oct4=`echo $SERVERIP | awk -F. '{print $4}'` # Convert each octet to hex (not needed, but left here for future reference) #hexIP=`perl -e "printf '%02X%02X%02X%02X',$oct1,$oct2,$oct3,$oct4"` #asciiIP=`perl -e "print chr($oct1),chr($oct2),chr($oct3),chr($oct4)"` addrRestrict=`perl -I/var/nds -MMIME::Base64 -e "print encode_base64('1#'.chr($oct1).chr($oct2).chr($oct3).chr($oct4),'')"` #addrRestrict=`perl -I/var/nds -MMIME::Base64 -e "print encode_base64('1#$asciiIP','')"` # Unlock LDAP to perform unencrypted operations lock=0 # 0=unlock, any other=lock f_lockldap $lock # Create the user ID $LDAPMODIFY -D$ADMIN -w$PASS <<EOL dn: cn=$SERVERNAME-DSbackup,ou=Administration,$BaseDN changetype: add uid: $SERVERNAME-DSbackup Language: ENGLISH sn: $SERVERNAME-DSbackup passwordAllowChange: FALSE objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: ndsLoginProperties objectClass: top networkAddressRestriction:: $addrRestrict cn: $SERVERNAME-DSbackup ACL: 2#subtree#cn=$SERVERNAME-DSbackup,ou=Administration,$BaseDN#[All Attributes Rights] ACL: 6#entry#cn=$SERVERNAME-DSbackup,ou=Administration,$BaseDN#loginScript ACL: 2#entry#[Public]#messageServer ACL: 2#entry#[Root]#groupMembership ACL: 6#entry#cn=$SERVERNAME-DSbackup,ou=Administration,$BaseDN#printJobConfiguration ACL: 2#entry#[Root]#networkAddress dn: changetype: modify add: ACL ACL: 31#subtree#cn=$SERVERNAME-DSbackup,ou=Administration,$BaseDN#[Entry Rights] ACL: 15#subtree#cn=$SERVERNAME-DSbackup,ou=Administration,$BaseDN#[All Attributes Rights] - EOL f_lockldap $wasLocked } ########################################################################## # ResetPW resets the DSBackup password for this server # Requires root SERVERNAME LDAPMODIFY ADMIN PASS BaseDN # from: ndsbackup.sh ########################################################################## f_backuppwdreset () { # Pick new "random" string newRand="`date +%Y%m%d_%H%M`-`perl -e 'print rand(10000)'`" # Unlock LDAP to perform unencrypted operations lock=0 # 0=unlock, any other=lock f_lockldap $lock # Set the password $LDAPMODIFY -D$ADMIN -w$PASS <<EOL dn: cn=$SERVERNAME-DSbackup,ou=Administration,$BaseDN changetype: modify replace: userPassword userPassword: $newRand EOL echo "-p $newRand">/var/nds/.dsbackup unset newRand f_lockldap $wasLocked } ###################################################################### # Start ndstrace to determine when new replica add is complete # Can't seem to get NDSTRACE to setup correctly by command line ##################################################################### f_monitorreplicaadd () { f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Begin f_monitorreplicaadd" $bindir/ndstrace -l > /tmp/trace$$.log 2>/dev/null & # Loop until ndstrace loads printf "\nWaiting for ndstrace to initialize..." while [ -z "`ndstrace -c modules|grep 'dstrace.*Running'`" ] do printf "." done sleep 2 printf "done.\n" $bindir/ndstrace -c "set dstrace=NODEBUG;dstrace +TIME +PART">/dev/null 2>&1 f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END f_monitorreplicaadd" } f_waitreplicaadd () { printf "%s" "Waiting 2 minutes for new replica add..." f_write_log "Waiting 2 minutes for new replica add..." MAXRETRY=120 replicaState=`tr -dc "[:alnum:][:space:][:punct:]"</tmp/trace$$.log|grep "Removing TRANSITION_ON partition flag for"` while [ -z "$replicaState" -a $MAXRETRY -gt 0 ]; do MAXRETRY=`expr $MAXRETRY - 1`; printf "." sleep 1 replicaState=`tr -dc "[:alnum:][:space:][:punct:]"</tmp/trace$$.log|grep "Removing TRANSITION_ON partition flag for"` done if [ -z "$replicaState" ]; then printf "Continue waiting ([Y]/n)?: " read ans if [ "x$ans" != "xn" ]; then MAXRETRY=1080 replicaState=`tr -dc "[:alnum:][:space:][:punct:]"</tmp/trace$$.log|grep "Removing TRANSITION_ON partition flag for"` while [ -z "$replicaState" -a $MAXRETRY -gt 0 ]; do MAXRETRY=`expr $MAXRETRY - 1` clear printf "\n$BeginTIME: Waiting up to 18 hours for new replica add...\n\n" f_write_log "\n$BeginTIME: Waiting up to 18 hours for new replica add...\n" tail -14 /tmp/trace$$.log printf "\nChecking every 60 seconds; last checked: `date '+%Y-%m-%d %H:%M:%S'`\n" printf "Minutes elapsed: `expr 1082 - $MAXRETRY`\n" sleep 60 replicaState=`tr -dc "[:alnum:][:space:][:punct:]"</tmp/trace$$.log|grep "Removing TRANSITION_ON partition flag for"` done if [ -z "$replicaState" ]; then f_f_write_and_log "not complete." f_write_and_log "(Replica add did not finish)" $bindir/ndstrace -u f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END $0\n" exit 1 fi clear printf "\n$BeginTIME: Waiting up to 18 hours for new replica add...\n\n" f_write_and_log `tail -14 /tmp/trace$$.log` f_write_and_log "\nMinutes elapsed: `expr 1082 - $MAXRETRY`" fi fi f_write_and_log "done." $bindir/ndstrace -u rm -f /tmp/trace$$.log } ##################################################################### # Check to see that ntp is running ##################################################################### f_checkntp() { f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Checking ntp configuration f_checkntp" i_modified=0 if [ -z "`ps -A |grep 'ntp'`" ] then i_msg="Please Start the NTP Client Service." f_write_log "\n`date '+%Y-%m-%d %H:%M:%S'`: $i_msg f_checkntp" f_pressanykey "$i_msg Press <Enter> to continue" i_modified=1 unset i_msg fi if [ -z "`cat /etc/ntp.conf|grep '$NTP1'`" ] then i_msg="Please check /etc/ntp.conf for proper entries." f_write_log "\n`date '+%Y-%m-%d %H:%M:%S'`: $i_msg f_checkntp" f_pressanykey "$i_msg Press <Enter> to continue" i_modified=1 unset i_msg fi if [ $i_modified -eq 0 ] then i_msg="ntp appears to be setup correctly" f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: $i_msg f_checkntp" fi unset i_modified } ##################################################################### # Check if snmp is setup ##################################################################### f_snmpcheck() { f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Checking SNMP Config f_snmpcheck" i_modified=0 case $HostOS in Linux) if [ -z "`rpm -qa | grep -i ucd-snmp`" ] then i_msg="Please install the ucd-snmp-utils RPMs." f_pressanykey "$i_msg Press <Enter> to continue" i_modified=1 unset i_msg fi if [ -z "`rpm -qa | grep -i NOVLsnmp`" ] then i_msg="NOVLsnmp is not Installed!" f_pressanykey "$i_msg Press <Enter> to continue" i_modified=1 unset i_msg fi if [ -z "`rpm -qa | grep -i NOVLsnmp`" ] then i_msg="NOVLsnmp is not Installed!" f_pressanykey "$i_msg Press <Enter> to continue" i_modified=1 unset i_msg fi if [ -z "`ps -A |grep 'snmpd'`" ] then i_msg="Master Agent snmpd is not Running! To Start execute /etc/rc.d/init.d/snmpd start " f_pressanykey "$i_msg Press <Enter> to continue" i_modified=1 unset i_msg fi ;; SunOS) ;; *) f_write_and_log "\nABORTING -- Unrecognized OS version: $HostOS" f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END $0\n" f_fatalexiterror "Unrecognized OS version" ;; esac if [ $i_modified -eq 0 ] then i_msg="SNMP appears to be setup correctly" f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: $i_msg f_snmpcheck" fi unset i_modified } ##################################################################### # check to see if any servers in Tree are out of sync ##################################################################### f_checktimesync() { f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Checking TimeSync f_checktimesync" i_modified=0 i_test=`ndsrepair -T|grep 'No '|wc -l` if [ $i_test -ne 0 ] then i_msg="Please Check TimeSync on all servers in this Tree." f_pressanykey "$i_msg Press <Enter> to continue" unset i_msg fi unset i_test if [ $i_modified -eq 0 ] then i_msg="Servers are in TimeSync" f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: $i_msg f_checktimesync" fi unset i_modified } ##################################################################### # Verify password entry is valid # Accepts argument for remote IP address (e.g. when using f_ndsintotree); # will use either $MASTERIP or 127.0.0.1 as default value # Assumes eDirectory is running on local or remote server # Returns 0 or 1 (0=good=true, 1=bad=false) # Use in conjunction with f_retrycommand to let user try password # entry again: # f_retrycommand f_checkpassword # ##################################################################### f_checkpassword () { checkpasswordIP=$1 checkpasswordIP=${checkpasswordIP:=$MASTERIP} checkpasswordIP=${checkpasswordIP:="127.0.0.1"} THISERROR=1 ndslogin -t $TREENAME -h $checkpasswordIP -p $PASS $ADMINDOT > /dev/null 2>&1 if [ $? -eq 0 ] then THISERROR=0 else THISERROR=1 fi return $THISERROR } ##################################################################### # Get user response to query in terms of y or n # y will return 1 # n will return 0 # q will exit with 1 ##################################################################### f_checkyorn () # arg_@=promptMessage(s) { #shift ckyornstr="$1" ans="" while [ -z "$ans" ] || [ "$ans" = "ERRVAL" ] do #str1=`install "$ckyornstr"` printf "\n$ckyornstr [y/n/q]? " read ans ans=`echo $ans | tr "[:upper:]" "[:lower:]"` case $ans in y|yes) return 1 ;; n|no) return 0 ;; q|quit) f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: $ckyornstr: Aborted program!" exit 1 ;; *) str1="Invalid option : " echo "$instr $str1$ans" ans="ERRVAL" ;; esac done } ##################################################################### # Routine to check for and trap general error # if Arg_1 is NOT 0, then we prompt ##################################################################### f_checkerror () # Arg_1 = Error as numeric # Arg_2 = Prompt Error message as string { errCode=$1 msg=$2 if [ $errCode -ne 0 ]; then validSel=0 while [ $validSel -eq 0 ] do if [ ! -z "$msg" ] then printf "$msg\n" fi printf "Do you want to [A]bort or [C]ontinue? " read handleErr case $handleErr in a|A) validSel=1 f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END checkerror\n" exit 1 ;; c|C) validSel=1 f_write_and_log "** WARNING ** Continuing, but configuration may not be complete!!\n" ;; d|D) validSel=1 f_write_and_log "** WARNING ** Continuing, but configuration may not be complete!!\n" f_debug ;; esac done fi unset msg unset errCode } ###################################################################### # Routine to retry a command until it works # Requires the command return an error code 0=success # Non succuess prompts user for action. ###################################################################### f_retrycommand () { keep_trying=1 while [ $keep_trying -ne 0 ] do eval $* es=$? if [ $es -eq 0 ] then keep_trying=0 else printf "\n[R]etry, re-enter [P]assword and retry, or [F]ail? (r/p/f) " read val case $val in p*|P*) f_askndspassword keep_trying=1 ;; f*|F*) f_checkerror $es keep_trying=0 ;; *) keep_trying=1 ;; esac fi done } ################################################################### # Get Hostname from this Host ################################################################### f_gethostname () { HOSTNAME=`hostname` } ################################################################### # Get DNSHostname from this Host # This does not work! ################################################################### f_getdnshostname () { DNSNAME=`hostname`$dnsdomain } ################################################################### # Get Hostname from this Host ################################################################### f_getndsservername () { if [ -f $bindir/ndsconfig ] then SERVERNAME=`$bindir/ndsconfig get n4u.nds.server-name|awk -F"=" '{print $2}'` fi if [ -z "$SERVERNAME" ] then SERVERNAME=`echo $HOSTNAME|awk -F"." '{print $1}'|tr "[:lower:]" "[:upper:]"` fi } ################################################################### # Get ndstreename from this Host ################################################################### f_getndstreename () { if [ -f $bindir/ndsconfig ] then TREENAME=`$bindir/ndsconfig get n4u.base.tree-name|awk -F"=" '{print $2}'` else TREENAME="" fi } ################################################################### # Check to make sure nici is not installed in CLient Mode ################################################################### ################################################################### # Get HOST IP Address from /etc/hosts ################################################################### f_OLDgethostipaddress () { SERVERIP=`cat /etc/hosts|grep "$HOSTNAME"|head -n 1|awk '{print $1}'` if [ "$SERVERIP" = "127.0.0.1" ] then f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Server IP Address $SERVERIP is incorrect in /ect/hosts" f_fatalexiterror "Please correct IP Address and Retry!" fi } ################################################################### # Get HOST IP Address from DNS # 2005-08-28 Changed to not use DNSNAME which does not work. ################################################################### f_gethostipaddress () { case $HostOS in Linux) #SERVERIP=`ping -c 1 $DNSNAME| awk -F'(' '{print $2}'|awk -F')' '{print $1}'` SERVERIP=`ping -c1 $HOSTNAME| awk -F'(' '{print $2}'|awk -F')' '{print $1}'|sed 1q` ;; SunOS) SERVERIP=`ping -a $HOSTNAME| awk -F'(' '{print $2}'|awk -F')' '{print $1}'` #ping -a $DNSNAME| awk -F'(' '{print $2}'|awk -F')' '{print $1}' ;; *) f_fatalerror "Unrecognized OS version: $HostOS" ;; esac if [ -z "$SERVERIP" ] then f_askndspassword f_retrycommand f_checkpassword fi } ################################################################### # Get TREE Master from Console ################################################################### f_askmasterip () { printf "\nInput $TREENAME nearest replica server IP address: " read MASTERIP printf "\nRunning ndsstat -h$MASTERIP (break out if long wait due to wrong ip):\n\n" cmdOutput=`ndsstat -h$MASTERIP`; f_write_and_log "$cmdOutput" } ################################################################### # ASKt tree name from Console ################################################################### f_asktreename () { printf "\nInput Tree Name: " read TREENAME TREENAME=`echo $TREENAME|tr "[:lower:]" "[:upper:]"`; export TREENAME printf "\n" } ################################################################### # Copy version.txt file that contains the current NDS Version # We need to just copy the file as this maybe an upgrade ################################################################### f_createversionfile () { f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Copying eDirectory version marker..." f_cmd cp ../version.txt /var/nds } ################################################################### # Launcher function for Novell's dsrmenu.sh script ################################################################### f_dsrepair() { config/dsrmenu.sh } ################################################################### # Check if eDirectory is installed # Returns 0 or 1 (0=good=true, 1=bad=false) ################################################################### f_ndscheckinstalled () { THISERROR=1 if [ -f $bindir/ndsconfig ] then f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: eDirectory is installed.\n" THISERROR=0 else f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: eDirectory is NOT installed" THISERROR=1 fi return $THISERROR } ################################################################### # Check if eDirectory is Running # Returns 0 or 1 (0=good=true, 1=bad=false) ################################################################### f_ndscheckrunning () { THISERROR=1 $bindir/ndsstat>/dev/null 2>&1 if [ $? -eq 0 ] then f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: eDirectory is running.\n" THISERROR=0 else f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: eDirectory is NOT running.\n" THISERROR=1 fi return $THISERROR } ################################################################### # Check if DirXML is installed. # Returns 0 or 1 (0=good=true, 1=bad=false) # pkginfo -l DXMLbase # ################################################################### f_dirxmlinstallcheck () { THISERROR=1 if [ -f $bindir/dxmlconfig ] then f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: DirXML IS Installed. \n" THISERROR=0 else f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: DirXML NOT Installed. \n" THISERROR=1 fi return $THISERROR } ###################################################################### # sets ldapTLSRequired to yes or no to lock or unlock use of cleartext bind # 0 = unlock all other lock # ldapconfig doesn't set an exit status, so f_retrycommand won't work # When lock command is issued, a flag 'wasLocked' is set to indicate # if LDAP was already locked (so we don't lock a server that is # intended to be unlocked ###################################################################### f_lockldap () { # Take a snapshot of the /var/nds/ndsd.log so we can detect when LDAP is working again #cp /var/nds/ndsd.log /tmp/$$ndsd.log arg1=$1 if [ -z "$PASS" ] then f_askndspassword f_retrycommand f_checkpassword fi if [ $arg1 -eq 0 ] then # Check to see if LDAP is already unlocked $LDAPSEARCH -b" " -sbase -D "$ADMIN" -w "$PASS">/dev/null 2>&1 if [ $? -ne 0 ] then f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Unlocking LDAP..." $bindir/ldapconfig -t "$TREENAME" -a $ADMINDOT -w "$PASS" -s "LDAP Enable TCP=yes","ldapTLSRequired=no","Require TLS for Simple Binds with Password=no" >/dev/null 2>&1 wasLocked=1 else if [ -z "$wasLocked" ] then f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: LDAP is already unlocked... will not be changed." wasLocked=0 else unset wasLocked fi fi else f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Locking LDAP..." $bindir/ldapconfig -t "$TREENAME" -a $ADMINDOT -w "$PASS" -s "LDAP Enable TCP=no","ldapTLSRequired=no","Require TLS for Simple Binds with Password=yes">/dev/null 2>&1 unset wasLocked fi #es=$? #f_checkerror $es "Error locking or unlocking LDAP"! sleep 1 } ###################################################################### # Enable nds to startup or # Disable nds so it will not start # arg_1 = 0 = disable startup # arg_1 = 1 = enable startup ###################################################################### f_ndsstartupenable () { arg1=$1 if [ $arg1 -eq 0 ] then if [ -f /etc/init.d/nds ] then f_cmd mv /etc/init.d/nds /etc/init.d/_nds f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: eDir Startup is NOT enabled. eDirectory can NOT Start." else f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: eDir Startup command /etc/init.d/nds is missing. CORRECT THIS PROBLEM eDirectory can NOT Start." fi f_pressanykey "WARNING! Press <Enter> to continue." else if [ -f /etc/init.d/_nds ] then f_cmd mv /etc/init.d/_nds /etc/init.d/nds f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: eDir Startup is enabled. eDirectory can be Started." else f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: eDir Startup command /etc/init.d/_nds is missing. eDirectory can NOT be Started." f_pressanykey "Check $ndsUSER for Proper Home Directory Press <Enter> to continue." fi fi unset arg1 } ###################################################################### # Automatically start eDirectory and wait for DB to Open # If /etc/init.d/_nds does not exist, nds startup is disabled. # ElseIf /etc/init.d/nds does not exist, warn. ###################################################################### f_edirautostart () { if [ -f /etc/init.d/nds ] then $SUDO /etc/init.d/nds start MAXRETRY=120 f_waitforndsopen $MAXRETRY unset MAXRETRY else if [ -f /etc/init.d/_nds ] then f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: eDir Startup is Disabled. eDirectory can NOT be Started." else f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: eDir Startup command /etc/init.d/nds is missing. eDirectory can NOT be Started." fi f_pressanykey "WARNING! Press <Enter> to continue." fi } ###################################################################### # Make a common function for fatal errors to Exit script ###################################################################### f_exitiferror () #arg_1=error code #arg_2=Error message { errCode=$1 i_msg=$2 if [ $errCode -ne 0 ]; then str1="\nABORTING...$i_msg\n" f_write_and_log "$i_msg: .. $str1" exit 1 fi } ###################################################################### # Make a common function for fatal errors to Exit script ###################################################################### f_fatalexiterror () #arg_1=Error message { i_msg="$@" i_msg=${i_msg:="Fatal error has occurred ! From Un-defined Function"} str1="\nABORTING...$0\n" f_write_and_log "$i_msg: .. $str1" f_pressanykey "Press <Enter> Key to Exit!" exit 1 } ###################################################################### # Set grep ###################################################################### f_getXPG4grep () { case $HostOS in Linux) XPG4grep="grep" ;; SunOS) XPG4grep="/usr/xpg4/bin/grep" ;; *) f_fatalerror "Unrecognized OS version: $HostOS" ;; esac } ###################################################################### # Set mailer ###################################################################### f_getmailer () { case $HostOS in Linux) mailer="mail" ;; SunOS) mailer="$mailer" ;; *) f_fatalexiterror "Unrecognized OS version: $HostOS" ;; esac } ###################################################################### # gets the and OSVersion hostosarch version # Set HostOS ###################################################################### f_gethostosversions () { HostOS=`uname -s` HostOSVer=`uname -r` case $HostOS in Linux) HostOSArch=`uname -m` OSVersion=`uname -r` ;; SunOS) HostOSArch=`uname -p` OSVersion=`uname -r|awk -F"." '{print $2}'` ;; *) f_fatalerror "Unrecognized OS version: $HostOS" ;; esac } ###################################################################### # gets the Memory on this host ###################################################################### f_getmemorystats () { case $HostOS in Linux) physMEMkb=`cat /proc/meminfo|grep "MemTotal:"|awk '{print $2}'` physMEMmb=`expr $physMEMkb / 1024` availMEMb=`expr $physMEMkb \* 1024` ;; SunOS) physMEMmb=`$sbindir/prtconf|grep "Memory"|head -n 1|awk '{print $3}'` physMEMkb=`dmesg|grep "mem.*K"|head -n 1|awk '{print $11}'|tr -d "[:alpha:]"` availMEMb=`dmesg|grep "avail mem"|head -n 1|awk '{print $12}'` if [ -z "$physMEMkb" ] then #f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: ** Could not detect PHYSICAL memory via 'dmesg'" physMEMkb=`expr $physMEMmb \* 1024` fi if [ -z "$availMEMb" ] then #f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: ** Could not detect AVAILABLE memory via 'dmesg'" availMEMb=`expr $physMEMkb \* 1024` fi case $OSVersion in 7|8) f_write_log "\nRunnig under Solaris $OSVersion...\n" ;; 9) f_write_log "\nRunnig under Solaris $OSVersion...\n" ;; *) f_fatalerror " Unrecognized version of Solaris: $HostOSVer" ;; esac ;; *) f_fatalerror "Unrecognized OS version: $HostOS" ;; esac } ######################################################################### # ######################################################################### f_gethostosarch () { case $HostOS in Linux) ;; SunOS) ;; *) f_write_and_log "\nABORTING -- Unrecognized OS version: $HostOS" f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END FATAL $0\n" exit 1 ;; esac } ######################################################################### # Returns the Binary version of NICI that has been installed ######################################################################### f_nicigetversion () { niciversion="" if [ -f /etc/nici.cfg ] then niciversion=`grep NiciVersion /etc/nici.cfg | awk -F":" '{print $4}'` fi } ######################################################################### # Returns the version of eDirectory Server Package that is installed (eg 8.7.1) # f_getndsinstalledver ######################################################################### f_ndsgetdotedver() { case $HostOS in SunOS) i_ndsinstalled=`pkginfo -l NDSserv | grep -i version | awk ' { print $2 } '` ;; Linux) i_ndsinstalled=`rpm -qa | grep -i ndsserv | awk -F"-" ' { print $2 } '` ;; *) f_write_and_log "\nABORTING -- Unrecognized OS version: $HostOS" f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END FATAL $0\n" exit 1 ;; esac if [ -z "$i_ndsinstalled" ] then i_ndsinstalled="No NDSserv Package Installed" fi } ######################################################################### # Returns the Binary version of eDirectory that is running (eg 10532.19) # was f_getndsversion ######################################################################### f_ndsgetbinversion () { ndsversion="N/A" ndsversion=`ndsstat 2>/dev/null | grep "Binary Version:" |awk '{print $3}'` if [ -z "$ndsversion" ] then # 8.6.x shows as NDS Version ?? ndsversion=`ndsstat 2>/dev/null | grep "NDS Version:" |awk '{print $3}'` fi if [ -z "$ndsversion" ] then ndsversion=" NDS is not running" # versionString=$ndsversion fi f_write_log "Current eDirectory version is: $ndsversion" } ########################################################################## # Extend schema w/ Custom attributes & objectclasses ########################################################################## f_schemaaddcustom () { # To create: # ldapsearch -L -D$ADMIN -W -bcn=schema -sbase objectclass=* > b1 # cp b1 b1.at b1.oc.ldif # Yikes. The file is fixed width with multple lines for a single schema type. # Get all the line back together (somewhere there was a script) # Remove objectclasses from b1.at.ldif # Remove attributetypes from b1.oc.ldif # Add lines in front of each objectclasse: # dn: cn=schema # changetype: modify # Add lines in front of each attributeTypes: # dn: cn=schema # changetype: modify # add: attributetypes # by running ./schema/dnaddat.pl b1.at > b1.at.ldif: # f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Extend schema w/ Custom attributes & objectclasses" f_retrycommand '$LDAPMODIFY -c -D "$ADMIN" -w "$PASS" -f ./schema/b1.at.ldif>>$LOGFILE 2>&1' f_retrycommand '$LDAPMODIFY -a -c -D "$ADMIN" -w "$PASS" -f ./schema/b1.oc.ldif>>$LOGFILE 2>&1' } ########################################################################## # User specified LDIF file to add or change entries in directory ########################################################################## f_importldiff () #arg_1=full path and name of LDIF File { i_file=$1 if [ -z "$i_file" ] then printf "%s" "Enter full path including file name of LDIFF file to impot: " read act i_file=$act unset act fi f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Importing user supplied LDIF: $i_file " if [ -z "$PASS" ] then f_askndspassword f_retrycommand f_checkpassword fi f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Importing user supplied LDIF: $i_file " f_retrycommand '$LDAPMODIFY -a -c -D "$ADMIN" -w "$PASS" -f $i_file>>$LOGFILE 2>&1' f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: DONE Importing user supplied LDIF: $i_file " unset i_file } ########################################################################## # Extend schema for Siteminder attributes & objectclasses ########################################################################## f_addsiteminderschema () { echo "\n`date '+%Y-%m-%d %H:%M:%S'`: Extend schema w/ Netegrity attributes & objectclasses" f_retrycommand '$LDAPMODIFY -c -D "$ADMIN" -w "$PASS" -f ./schema/siteminder-schema.ldif>>$LOGFILE 2>&1' } ########################################################################## # Build the DIT - Add custom LDAP Entries # -- OUs Structure # -- Standard Groups # add Custom Groups and Admin Accounts ########################################################################## f_ditcreate () { # To create: # +ldapsearch -D -W -LL objectclass=domain dc objectclass > b1.dc # cp b1.dc ./schema # ./schema/dnadd.pl b1.dc > ./schema/b1.dc.ldif # +ldapsearch -D -W -LL objectclass=organizationalunit ou objectclass b1.ou # cp b1.ou ./schema # ./schema/dnadd.pl b1.ou > ./schema/b1.ou.ldif # f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Build the Authentication Directory OU structure" f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: /schema/b1.ou.ldif..." f_retrycommand '$LDAPMODIFY -c -D "$ADMIN" -w "$PASS" -f ./schema/b1.ou.ldif>>$LOGFILE 2>&1' f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Build default security groups" f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: schema/b1.sec.ldif..." f_retrycommand '$LDAPMODIFY -c -D "$ADMIN" -w "$PASS" -f ./schema/b1.sec.ldif>>$LOGFILE 2>&1' # Setup eDirectory path variables Not sure why we do this here ??? edirPATH=`$bindir/ndsconfig get n4u.server.vardir|awk -F"=" '{print $2}'` edirdibPATH=`$bindir/ndsconfig get n4u.nds.dibdir|awk -F"=" '{print $2}'` edirconfigDIR=`$bindir/ndsconfig get n4u.server.configdir|awk -F"=" '{print $2}'` } ########################################################################## # Create Custom Groups and LDAP Administration Accounts ########################################################################## f_schemaadddelta () { f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Create deltaAdmin & deltaMainAdmin PLUS Groups & ACLs..." f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: schema/deltaGroups.ldif..." f_retrycommand '$LDAPMODIFY -D "$ADMIN" -w "$PASS" -f schema/deltaGroups.ldif>>$LOGFILE 2>&1' f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: deltaReadGroups.ldif..." f_retrycommand '$LDAPMODIFY -D "$ADMIN" -w "$PASS" -f schema/deltaReadGroups.ldif>>$LOGFILE 2>&1' f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: schema/deltaAdmins.ldif..." f_retrycommand '$LDAPMODIFY -D "$ADMIN" -w "$PASS" -f schema/deltaAdmins.ldif>>$LOGFILE 2>&1' } ########################################################################## # Set LDAP Server Attributes # ISSUE # We can not create KMO's with pkiconfig as it is not present in 8.7.x ########################################################################## f_createldapkmo () { f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Create Server KMO" f_retrycommand '$bindir/pkiconfig kmo -N "SSL/TLS Certificate" -t "$TREENAME" -S "cn=$SERVERNAME.$ServersOUdot" -a "$ADMINDOT"' } ########################################################################## # Set LDAP Server Attributes # ISSUE # We can not create a KMO Object with the name of "SSL/TLS Certificate" # for the server so we can not set it here. ########################################################################## f_modldapserver () { f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Modifying LDAP with various paramaters and to use KMO and setting debug options" # ldapconfig doesn't set an exit status, so f_retrycommand won't work $bindir/ldapconfig -t $TREENAME -a $ADMINDOT -w $PASS -s "LDAP:keyMaterialName=SSL CertificateIP" $bindir/ldapconfig -t $TREENAME -a $ADMINDOT -w $PASS -s "LDAP Screen Level=Operation Connection Config Extensions SearchResponse Error Critical DataConnection" $bindir/ldapconfig -t $TREENAME -a $ADMINDOT -w $PASS -s "LDAP Server Bind Limit=512" $bindir/ldapconfig -t $TREENAME -a $ADMINDOT -w $PASS -s "LDAP Server Idle Timeout=1800" $bindir/ldapconfig -t $TREENAME -a $ADMINDOT -w $PASS -s "searchTimeLimit=1200" } ########################################################################## # Trigger build of indexes f_buildindexes # Load dstrace and set limber process to run ########################################################################## f_buildindexes () { $bindir/ndstrace -l > /tmp/trace$$.log 2>/dev/null & # Loop until ndstrace loads printf "\nWaiting for ndstrace to initialize..." while [ -z "`ndstrace -c modules|grep 'dstrace.*Running'`" ] do printf "." done sleep 2 printf "done.\n" $bindir/ndstrace -c "set dstrace=nodebug;ndstrace LMBR;set dstrace=*l">/dev/null 2>&1 ########################################################################## # Waiting for indexes to be built... # watch for "Predicates were successfully updated." in # /tmp/trace$$.log` ########################################################################## printf "%s" "Waiting for indexes to be built..." f_write_log "Waiting for indexes to be built..." MAXRETRY=60 # Kick off li mber process indexState=`grep "Predicates were successfully updated." /tmp/trace$$.log` while [ -z "$indexState" -a $MAXRETRY -gt 0 ] do MAXRETRY=`expr $MAXRETRY - 1`; printf "." sleep 1 indexState=`grep "Predicates were successfully updated." /tmp/trace$$.log` done if [ -z "$indexState" ] then # Test f_write_and_log "not complete. Limber not complete" $bindir/ndstrace -u f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END f_buildindexes \n" return 1 else f_write_and_log "done." $bindir/ndstrace -u fi rm -f /tmp/trace$$.log unset MAXRETRY } ########################################################################## # Wait until NDS Opens by watching ndsstat ########################################################################## f_waitforndsopen () # Arg_1 =time in seconds to wait { MAXRETRY=$1 MAXRETRY=${MAXRETRY:=20} f_write_and_log "Waiting $MAXRETRY seconds for NDS to Open" # Loop waiting for eDirectory database to open printf "\nWaiting for eDirectory database to open..." $bindir/ndsstat>/dev/null 2>&1 while [ $? -gt 0 -a $MAXRETRY -gt 0 ] do printf "." sleep 1 MAXRETRY=`expr $MAXRETRY - 1` $bindir/ndsstat>/dev/null 2>&1 done f_write_and_log "NDS is Running! " printf "done.\n" unset MAXRETRY } ########################################################################## # Wait up to XX seconds for nds to stop ########################################################################## f_waitforndsstop () # Arg_1 =time in seconds to wait { MAXRETRY=$1 MAXRETRY=${MAXRETRY:=20} while [ `ps -eaf | grep /ndsd | grep -v grep | wc -l` -gt 0 -a $MAXRETRY -gt 0 ] do printf "." sleep 1 MAXRETRY=`expr $MAXRETRY - 1` done unset MAXRETRY if [ `ps -eaf | grep /ndsd | grep -v grep | wc -l` -gt 0 ] then # Give up on stopping the directory; will require manual (or ndscheck.sh) intervention MSG="`hostname` [$0]: ERROR: eDirectory stop FAILED - `date`" date > $EMAIL_BODY printf "\n$MSG\n" >> $EMAIL_BODY $mailer -s"$MSG" $EMAIL_NOTIFY < $EMAIL_BODY rm -f $EMAIL_BODY f_write_and_log "\n$MSG" f_write_and_log "$EMAIL_BODY" f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END $0\n" # May wan to do some thing different here ... exit 1 fi } ########################################################################## # Wait for LDAP to Start # Loops waiting for positive LDAP response # Assumes LDAP is already 'unlocked' # Accepts integer parameter indicating timeout in seconds; default=20 ########################################################################## f_waitforldap () # Arg_1 =time in seconds to wait { MAXRETRY=$1 MAXRETRY=${MAXRETRY:=20} f_write_and_log "\nWaiting $MAXRETRY seconds for LDAP to initialize..." # Loop waiting for positive LDAP response $LDAPSEARCH -b" " -sbase -D "$ADMIN" -w "$PASS">/dev/null 2>&1 while [ $? -ne 0 -a $MAXRETRY -gt 0 ] do sleep 1 $LDAPSEARCH -b" " -sbase -D "$ADMIN" -w "$PASS">/dev/null 2>&1 MAXRETRY=`expr $MAXRETRY - 1`; printf "." done sleep 1 $LDAPSEARCH -b" " -sbase -D "$ADMIN" -w "$PASS">/dev/null 2>&1 if [ $? -eq 0 ] then f_write_and_log " LDAP is responding." else f_write_and_log " LDAP may not be initialized." f_write_and_log "Continuing anyway." fi unset MAXRETRY } ########################################################################## # Create Custom Indexes on this server # Imports custom indexes to be applied to this server ########################################################################## f_createindexes () { f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: BEGIN f_createindexes\n" # Setup indexes to be applied smIndexes=indexes/Novell8_5_Add_Schema.indexes.ldif b1Indexes=indexes/b1.indexes.ldif #indexFiles="$smIndexes $b1Indexes" indexFiles="$b1Indexes" # Make sure eDirectory is running Check before calling # Is NDS Running ? # Do we Have PASS # Is LDAP Running # # apply indexes using LDAP # for file in $indexFiles do if [ ! -f $file ] then f_write_and_log "ERROR: Can't find file $file" f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END f_createindexes\n" return fi f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'` Applying index $file" f_retrycommand 'sed -e "s/#SERVERNAME#/$SERVERNAME/g" $file | $LDAPMODIFY -c -D "$ADMIN" -w "$PASS">>$LOGFILE' done f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END f_createindexes\n" } ###################################################################### # Reset the log file. Renames old to $1.bak ###################################################################### f_resetlog () # Arg_1=logfile to reset { i_log=$1 i_log=${i_log:=$LOGFILE} if [ -f $i_log ]; then mv $i_log $i_log.bak fi f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: $i_log has been Reset \n" unset i_log } ###################################################################### # View the current log file ###################################################################### f_viewndsmodules() { f_viewlog "/usr/lib/nds-modules/ndsmodules.conf" } ###################################################################### # View the current log file ###################################################################### f_viewlog () # Arg_1=logfile to view { i_log=$1 i_log=${i_log:=$LOGFILE} view $i_log unset i_log } ###################################################################### # View the ndsdt log file ###################################################################### f_viewndsdlog () { f_viewlog "/var/nds/ndsd.log" } ################################################################### # Copy .ndsenv, .ndsenv.local.sample, .sharedfunctions.sh to /var/nds # Copy .ndsenv.bash to /var/nds # copy /pre_ndsd_start /post_ndsd_start /pre_ndsd_stop /post_ndsd_stop # To etc/init.d/ ################################################################### f_copyndsenv () { if [ ! -f /usr/local/shared/.sharedenv.sh ] then f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Copying eDirectory shared variables and subroutines..." f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: ** /usr/local/shared/.sharedenv.sh should be reviewed and updated." f_cmd cp -p config/.ndsenv /var/nds f_cmd cp -p config/.sharedfunctions.sh /usr/local/shared/ f_cmd cp -p config/pre_ndsd_start /etc/init.d f_cmd cp -p config/post_ndsd_start /etc/init.d f_cmd cp -p config/pre_ndsd_stop /etc/init.d f_cmd cp -p config/post_ndsd_stop /etc/init.d else f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Copying and BKUP eDirectory shared variables and subroutines..." f_move config/.sharedfunctions.sh /usr/local/shared/.sharedenv.sh_functions f_move config/.ndsenv /usr/local/shared/.sharedenv.sh f_move config/pre_ndsd_start /etc/init.d f_move config/post_ndsd_start /etc/init.d f_move config/pre_ndsd_stop /etc/init.d f_move config/post_ndsd_stop /etc/init.d fi if [ ! -f /usr/local/shared/.sharedenv.sh.bash ] then f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Copying eDirectory 'bash' shared variables..." f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: ** /usr/local/shared/.sharedenv.sh.bash should be reviewed and updated." f_cmd cp -p config/.ndsenv.bash /usr/local/shared/ fi f_cmd cp -p config/.ndsenv.local.sample /usr/local/shared/ } ################################################################### # Fix missing ncurses library in Linux -- Creates a soft link to an # old version, as the install script expects to find the old # version. ################################################################### f_fixlinux () { if [ "$HostOS" = "Linux" -a ! -f /usr/lib/libncurses.so.4 ] then f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Fixing missing ncurses library in Linux..." f_cmd ln -s /usr/lib/libncurses.so.5.2 /usr/lib/libncurses.so.4 fi } ################################################################### # Runs script that gathers info and then displays the log ################################################################### f_getndsunixinfo () { f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Gathering info, this could take a while...." ./config/ndsunix.sh more /tmp/unixinfo.log f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: See /tmp/unixinfo.log..." } ################################################################### # Returns current logged-in user home directory as /home/ndsuser ################################################################### f_getuserhomedir () { env |grep HOME |awk -F= '{print$2}' } ################################################################### # Runs returns the shortname of OS User (eg root ) ################################################################### f_getosuser () { USERNAME=`id | awk '{print $1}'|awk -F"(" '{print $2}'|awk -F")" '{print $1}'` } ################################################################### # Check OS for ndsuser and ndsgroup, create if not there ################################################################### f_checkosforsetup () { f_checkndsuser # check for bash shell # Check for the path for Edirectory f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Checking for: $edirPATH" df -k|grep $edirPATH if [ $? -ne 0 ] then f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Edirectory Mount Point and path do NOT Exist" f_pressanykey "Edirectory Mount Point and path $edirPATH does NOT Exist! Press Enter to continue." fi # Check for the path for backup directory df -k|grep $bkupDIR if [ $? -ne 0 ] then f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Edirectory Mount Point and path $bkupDIR do NOT Exist" f_pressanykey "Edirectory Mount Point and path $bkupDIR does NOT Exist! Press Enter to continue." fi # Check for Required packages i_pkg="SUNWbash" pkginfo |grep $i_pkg if [ $? -ne 0 ] then f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Package $i_pkg is NOT installed" f_pressanykey "Package $i_pkg does is NOT Installed! Press Enter to continue." fi i_pkg="SMCgzip" pkginfo |grep $i_pkg if [ $? -ne 0 ] then f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Package $i_pkg is NOT installed" f_pressanykey "Package $i_pkg does is NOT Installed! Press Enter to continue." fi i_pkg="SUNWjsnmp" pkginfo |grep $i_pkg if [ $? -ne 0 ] then f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Package $i_pkg is NOT installed" f_pressanykey "Package $i_pkg does is NOT Installed! Press Enter to continue." fi i_pkg="SUNWsasnm" pkginfo |grep $i_pkg if [ $? -ne 0 ] then f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Package $i_pkg is NOT installed" f_pressanykey "Package $i_pkg does is NOT Installed! Press Enter to continue." fi i_pkg="SUNWsacom" pkginfo |grep $i_pkg if [ $? -ne 0 ] then f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Package $i_pkg is NOT installed" f_pressanykey "Package $i_pkg does is NOT Installed! Press Enter to continue." fi # Check for perl i_pkg="perl" pkginfo |grep $i_pkg if [ $? -ne 0 ] then f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Package $i_pkg is NOT installed" f_pressanykey "Package $i_pkg does is NOT Installed! Press Enter to continue." fi # Check for NTP # Check for smtp #check for snmp } ################################################################### # Check OS for ndsuser and ndsgroup, create if not there ################################################################### f_checkndsuser () { f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Checking for: $ndsGROUP" cat /etc/group |grep $ndsGROUP if [ $? -ne 0 ] then f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Adding group $ndsGROUP" f_cmd groupadd -g 1004 $ndsGROUP fi f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Checking for: $ndsUSER" cat /etc/passwd |grep $ndsUSER if [ $? -ne 0 ] then f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Adding user $ndsUSER" f_cmd useradd -u 1004 -g 1004 -s /bin/bash $ndsUSER fi f_pressanykey "Check $ndsUSER for Proper Home Directory Press <Enter> to continue." } ################################################################### # These are startup files (nds is overwritten by an install or upgrade) ################################################################### f_checkstartupfiles () { f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Checking files in /etc/init.d..." for src in nds ndsnddconfig.sh do dest=/etc/init.d/$src src=config/$src f_move $src $dest done # Turn off the "evil" FAST_MODE (part of Geodesic memory allocator), if present $XPG4grep -q "GS_FAST_MODE" /etc/init.d/ndsd if [ $? -eq 0 ] then $XPG4grep -q "GS_FAST_MODE=0" /etc/init.d/ndsd if [ $? -ne 0 ] then f_bkup /etc/init.d/ndsd sed -e 's/GS_FAST_MODE=.*/GS_FAST_MODE=0/g' /etc/init.d/ndsd > /tmp/ndsd.$$ f_cmd mv /tmp/ndsd.$$ /etc/init.d/ndsd f_cmd chmod 744 /etc/init.d/ndsd f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: ** Modified /etc/init.d/ndsd -- please review! **\n" else f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Not modified: /etc/init.d/ndsd" fi fi } ################################################################### # Toggles use of malloc/mtmalloc on Solaris # 8/11/2005 --Improved wording of prompts for malloc/mtmalloc # Added detection for Solaris 9 and OS patches to enable # LIBUMEM (see TID 10095892) ################################################################### f_checksolarismemallocator () { f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Checking Solaris memory allocator in use..." if [ "$HostOS" = "SunOS" ] then f_checkroot f_checkerror $THISERROR modified=0 $XPG4grep -q '#SetupMemManager$' /etc/init.d/ndsd if [ $? -eq 0 ] then # Geodesic/mtmalloc is currently disabled f_checkyorn "eDirectory is using MALLOC (GOOD); switch to MTMALLOC" ers=$? if [ $ers -eq 1 ] then sed -e 's/#SetupMemManager$/SetupMemManager/g' /etc/init.d/ndsd > /tmp/ndsd.$$ modified=1 fi else $XPG4grep -q 'SetupMemManager$' /etc/init.d/ndsd if [ $? -eq 0 ] then # Geodesic/mtmalloc is currently enabled f_checkyorn "eDirectory is using MTMALLOC (BAD); switch to MALLOC" ers=$? if [ $ers -eq 1 ] then sed -e 's/SetupMemManager$/#SetupMemManager/g' /etc/init.d/ndsd > /tmp/ndsd.$$ modified=1 fi else f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: SetupMemManager not found -- version >=8.7.3.4 is installed?\n" fi fi if [ $OSVersion -eq 9 -a $modified -eq 0 ] then # Check for required patches for LIBUMEM f_write_and_log "\nSolaris 9 detected; you should configure eDirectory to use LIBUMEM; verify" f_write_and_log "required OS patches before switching to LIBUMEM:\n" f_write_and_log " 112233-11 (or newer ) SunOS 5.9" f_write_and_log " 112874-13 (or newer ) libc patch" f_write_and_log " 114370-01 (or newer ) libumem.so.1" f_write_and_log " 114371-01 (or newer ) libumem; mdb components patch" f_write_and_log " 114373-01 (or newer ) abi_libumem.so.1 patch\n" showrev -p | cut -d" " -f 2 | sort -n > /tmp/$$patches.txt f_write_and_log "These patches were found:\n" for patch in 112233-11 112874-13 114370-01 114371-01 114373-01 do patchNum=`echo $patch | cut -d- -f1` patchMinRev=`echo $patch | cut -d- -f2` instVer=`grep $patchNum /tmp/$$patches.txt | tail -1 | cut -d- -f2` if [ -z "$instVer" ] then f_write_and_log " $patch NOT INSTALLED" else if [ $instVer -ge $patchMinRev ] then f_write_and_log " $patchNum-$instVer ok" else f_write_and_log " $patchNum-$instVer NOT OK" fi fi done $XPG4grep -q 'LD_PRELOAD=/usr/lib/libumem.so \$sbindir/ndsd $' /etc/init.d/ndsd if [ $? -eq 0 ] then # LIBUMEM is already enabled f_checkyorn "eDirectory is using LIBUMEM (GOOD); switch to MALLOC" ers=$? if [ $ers -eq 1 ] then sed -e 's/LD_PRELOAD=\/usr\/lib\/libumem.so \$sbindir\/ndsd $/ \$sbindir\/ndsd /g' /etc/init.d/ndsd > /tmp/ndsd.$$ modified=1 fi else # LIBUMEM not enabled f_checkyorn "eDirectory is using MALLOC (BAD); switch to LIBUMEM" ers=$? if [ $ers -eq 1 ] then sed -e 's/ \$sbindir\/ndsd $/LD_PRELOAD=\/usr\/lib\/libumem.so \$sbindir\/ndsd /g' /etc/init.d/ndsd > /tmp/ndsd.$$ modified=1 fi fi rm /tmp/$$patches.txt unset patch patchNum patchMinRev instVer fi if [ $modified -eq 1 ] then f_bkup /etc/init.d/ndsd mv /tmp/ndsd.$$ /etc/init.d/ndsd chgrp sys /etc/init.d/ndsd chmod u+x /etc/init.d/ndsd unset modified fi else f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Not on Solaris on: $HostOS. Nothing to do.\n" fi } ################################################################### # Tune Solaris OS Parameters for eDirectory Operation ################################################################### f_tunesolaris () { f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Checking ndd settings..." if [ "$HostOS" = "SunOS" ] then if [ ! -h /etc/rc2.d/S75NDSnddconfig ] then rm -f /etc/rc2.d/S75NDSnddconfig f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Adding ndd settings to system startup and executing..." f_cmd ln -s /etc/init.d/ndsnddconfig.sh /etc/rc2.d/S75NDSnddconfig fi /etc/init.d/ndsnddconfig.sh # # Tune /etc/system for eDirectory # ufsLW=`expr $availMEMb / 128` ufsHW=`expr $availMEMb / 64` # Use 2GB memory cap for calculation if [ $ufsLW -gt 16777216 -o $ufsHW -gt 33554432 ] then ufsLW=16777216 ufsHW=33554432 fi $XPG4grep -q "Recommended Novell eDirectory" /etc/system if [ $? -ne 0 ] then # Make sure calculated values are larger than default settings before using them if [ $ufsLW -gt 262144 -a $ufsHW -gt 393216 ] then sed -e "s/set ufs:ufs_LW=.*/set ufs:ufs_LW=$ufsLW/g" -e "s/set ufs:ufs_HW=.*/set ufs:ufs_HW=$ufsHW/g" config/system.stub > /tmp/system.stub.$$ cat /tmp/system.stub.$$ >> /etc/system else cat config/system.stub >> /etc/system fi f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: ** Modified /etc/system -- please review AND restart system! **" f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: ufs:ufs_LW = $ufsLW = availMEMbytes / 128 = $availMEMb / 128" f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: ufs:ufs_HW = $ufsHW = availMEMbytes / 64 = $availMEMb / 64\n" else f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Not modified: /etc/system" fi else f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Not on Solaris on: $HostOS. No modifications made.\n" fi } ################################################################### # Add extra custom and Novell scripts # 8/10/2005 --Changed to update scripts in $ndsUserHome/bin ################################################################### f_addcustomscripts () { f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Checking eDirectory support scripts in /usr/bin..." for src in autodsrp.sh ndsbackup.sh ndscheck.sh dsrmenu.sh ndsunix.sh do dest=/usr/bin/$src src=config/$src f_move $src $dest done f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Checking eDirectory support scripts in $ndsUserHome/bin..." if [ ! -d $ndsUserHome/bin ] then f_cmd mkdir $ndsUserHome/bin fi # Make backups of old scripts before overwritting for src in `utils/*.pl utils/*.sh` do dest=$ndsUserHome/bin/`basename $src` src=$src f_move $src $dest done f_cmd cp -Rp utils/* $ndsUserHome/bin } ################################################################### # Create a softlink for ndsimon.conf to ndsimon.ini # >>>> Review if this is necessary # In old versions of iMonitor it was /var/nds/ndsimon.ini. Remove this file and create # a lik to the new location /usr/share/ndsimon/ndsimon.conf ################################################################### f_imonsoftlink () { f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Checking ndsimon.ini link..." if [ ! -h /var/nds/ndsimon.ini ] then rm -f /var/nds/ndsimon.ini f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Setting up ndsimon.ini link..." f_cmd ln -s /usr/share/ndsimon/ndsimon.conf /var/nds/ndsimon.ini fi } ######################################################################### # Check to see if current session is root ######################################################################### f_checkroot () { THISERROR=1 id=`id | awk '{print $1}'|awk -F"=" '{print $2}'|awk -F"(" '{print $1}'` if [ $id != 0 ] then f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: You should have root permissions to execute this script." echo "$instr $str1" THISERROR=1 else f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: You are running as root." THISERROR=0 fi return $THISERROR } ################################################################### # Verify/update config files # NOTE: We only check to see if the parameter has a value. # If the parameter id present, we do nothing, regardless of the value. # If there is no entry then we create the correct entry, # /etc/nds.conf: Add server ip & ice parameter # 8/1/2005 # JGJ -- Add lines to fix iMonitor binding to wrong interface ################################################################### f_checkndsconf () { f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Checking /etc/nds.conf..." modified=0 if [ ! -f /etc/nds.conf ] then touch /etc/nds.conf fi $XPG4grep -q n4u.server.interfaces /etc/nds.conf if [ $? -ne 0 ] then echo "n4u.server.interfaces=$SERVERIP" >> /etc/nds.conf modified=1 fi $XPG4grep -q n4u.ldap.lburp.transize /etc/nds.conf if [ $? -ne 0 ] then echo "n4u.ldap.lburp.transize=1024" >> /etc/nds.conf modified=1 fi $XPG4grep -q n4u.server.max-threads /etc/nds.conf if [ $? -ne 0 ] then echo "n4u.server.max-threads=128" >> /etc/nds.conf modified=1 fi $XPG4grep -q http.server.interfaces /etc/nds.conf if [ $? -ne 0 ] then # Logic to map server IP's to interface names; reference Novell TID 10088801 echo "http.server.interfaces=$SERVERIP,127.0.0.1" >> /etc/nds.conf modified=1 fi $XPG4grep -q https.server.interfaces /etc/nds.conf if [ $? -ne 0 ] then # Logic to map server IP's to interface names; reference Novell TID 10088801 echo "https.server.interfaces=$SERVERIP,127.0.0.1" >> /etc/nds.conf modified=1 fi if [ $modified -eq 1 ] then f_bkup /etc/nds.conf f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: ** Modified /etc/nds.conf -- please review! **\n" else f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Not modified: /etc/nds.conf" fi } ############f_checkndsdb ####################################################### # /var/nds/dib/_ndsdb.ini: Add cache entry ################################################################### # Cache size is based on available memory (detected earlier and placed in $availMEMb) # Block cache should be roughly the same size as the DIB # Entry cache should be 2-3 times the DIB size # If total cache is more than double DIB size, allocate more to entry cache ################################################################### f_checkndsdb () { f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Checking cache in /var/nds/dib/_ndsdb.ini" # Reserve a minimum of 40% of total memory + 96MB for the OS #reservedMEMb=`expr $availMEMb \* 4 / 10 + 100663296` # Calc fails again when $availMEMb >= 1GB; so divide and multiply by 1024 get get correct result reservedMEMb=`expr \( $availMEMb / 1024 \* 4 / 10 + 98304 \) \* 1024` cacheBytes=`expr $availMEMb - $reservedMEMb` # cacheBytes larger than 8GB reports incorrectly on this comparison; so divide each value by 1024 if [ `expr \( $cacheBytes \/ 1024 \) \> \( $cacheMax \/ 1024 \)` -eq 1 ] then cacheBytes=$cacheMax elif [ `expr \( $cacheBytes \/ 1024 \) \< \( $cacheMin \/ 1024 \)` -eq 1 ] then cacheBytes=$cacheMin fi # Allocate no more than $DIBsize to block cache; allocate remaining to entry cache if [ `expr $cacheBytes \/ 1024 \> \( 2 \* $DIBsize \/ 1024 \)` -eq 1 ] then blockCache=`expr $DIBsize \* 100 / $cacheBytes` else blockCache=50 fi if [ ! -f /var/nds/dib/_ndsdb.ini ] then echo "cache=$cacheBytes" > /var/nds/dib/_ndsdb.ini echo "blockcachepercent=$blockCache" >> /var/nds/dib/_ndsdb.ini f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: ** Created /var/nds/dib/_ndsdb.ini -- please review! **" f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: Using cache = $cacheBytes and block cache percent = $blockCache.\n" else modified=0 sed -e "s/cache=.*/cache=$cacheBytes/g" -e "s/blockcachepercent=.*/blockcachepercent=$blockCache/g" /var/nds/dib/_ndsdb.ini > /tmp/_ndsdb.ini.$$ diff /tmp/_ndsdb.ini.$$ /var/nds/dib/_ndsdb.ini > /dev/null 2>&1 if [ $? -eq 1 ]; then f_write_and_log "OLD /var/nds/dib/_ndsdb.ini:----------------------------------------" f_write_and_log "`cat /var/nds/dib/_ndsdb.ini`\n" f_write_and_log "PROPOSED /var/nds/dib/_ndsdb.ini:-----------------------------------" f_write_and_log "`cat /tmp/_ndsdb.ini.$$`\n" f_checkyorn "Accept the proposed eDirectory cache settings" ers=$? if [ $ers -eq 1 ] then f_bkup /var/nds/dib/_ndsdb.ini mv /tmp/_ndsdb.ini.$$ /var/nds/dib/_ndsdb.ini modified=1 else rm /tmp/_ndsdb.ini.$$ fi fi if [ $modified -eq 1 ] then f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: ** Modified /var/nds/dib/_ndsdb.ini -- please review! **" f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: Reseved memory for OS, etc. = $reservedMEMb bytes" f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: Using cache = $cacheBytes and block cache percent = $blockCache.\n" else f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Not modified: /var/nds/dib/_ndsdb.ini" fi fi } ################################################################### # Checks various Disk Space on OS. # We do not do anything with this yet... ie it is never called # uses TMP_SPACE=9 ROOT_SPACE=9 set in ndsenv ################################################################### f_checkforspaceonfs () #arg1=disk location to check #arg2=Space required for operation. Any space less than this will ouput Warning #arg3=Message to display { i_disklocation=$1 i_needed=$2 i_msg=$3 f_write_and_log "\n Checking Disk Space for $i_disklocation on $HostOS $HostOSVer...\n" case $HostOS in Linux) space_full=`df -k ${i_disklocation} | tail -1 | awk '{print $5}' | sed s/'%'/''/g` echo "space_full: $space_full" if [ $space_full -gt $i_needed ] then str1="$i_disklocation filesystem is" f_write_and_log "$str1 $space_full percent full. $i_msg" fi ;; SunOS) space_full=`df -k ${i_disklocation} | awk '/[0-9]/ { print $5 }'|sed s/'%'/''/ ` if [ $space_full -gt $i_needed ] then str1="$i_disklocation filesystem is" f_write_and_log "$str1 $space_full percent full. $i_msg" fi ;; *) f_write_and_log "\nABORTING -- Unrecognized OS version: $HostOS" f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END $0\n" exit 1 ;;esac } ################################################################### # Does the Directory Need to be running to change http Ports via NDSCONFIG -O ?? # /etc/ndsimon.conf: Modify iMonitor config to allow only supervisor and console operators # to use iMonitor # we try to set http ports NDS must be running. Do NOT need to stop and start # after setting httpports ################################################################### f_checkimonitor () { f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Checking iMontior..." f_ndscheckrunning # set so we know if we made modifications modified=0 if [ "$THISERROR" -eq "0" ] then msg="eDirectory is installed and Running" $XPG4grep -q "http.server.clear-port=8389" /etc/nds.conf && $XPG4grep -q "http.server.tls-port=8636" /etc/nds.conf es=$? if [ $es -ne 0 ] then printf "\n\nYou must login twice as $ADMINDOT\nto change the ports for the HTTP server...\n\n" $bindir/ndsconfig set http.server.clear-port=8389 http.server.tls-port=8636 modified=1 fi else f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Could not verify HTTP ports.\n" fi if [ $modified -eq 1 ]; then f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: ** Modified /etc/nds.conf -- please review! **\n" else f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Not modified: /etc/nds.conf" fi modified=0 $XPG4grep -q "^LockMask: 14" /etc/ndsimon.conf if [ $? -ne 0 ] then f_bkup /etc/ndsimon.conf sed -e 's/#LockMask:/LockMask:/g' /etc/ndsimon.conf | sed -e 's/LockMask:.*/LockMask: 14/g' > /tmp/ndsimon.$$ mv /tmp/ndsimon.$$ /etc/ndsimon.conf modified=1 fi if [ $modified -eq 1 ]; then f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: ** Modified /etc/ndsimon.conf -- please review! **\n" else f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Not modified: /etc/ndsimon.conf" fi } ################################################################### # ################################################################### f_updatetreehostsnds () { # Uncomment treename for this server in hosts.nds (once replica is added) f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Updating /etc/hosts.nds with tree name ($TREENAME)" sed -e 's/#$TREENAME/$TREENAME/g' /etc/hosts.nds > /tmp/hosts.nds.$$ mv /tmp/hosts.nds.$$ /etc/hosts.nds f_write_and_log "\nIt is important that the following lines are changed in /etc/hosts.nds" f_write_and_log "of all other servers in the target tree (remove comment before $TREENAME):\n" f_write_and_log " $TREENAME. $SERVERIP" f_write_and_log " $SERVERNAME $SERVERIP\n" f_write_and_log "You should also add these entries for all other servers in this tree to" f_write_and_log "the local /etc/hosts.nds file.\n" } ################################################################### # /usr/local/shared/.sharedenv.sh: Update already existing environment and add new variables # ISSUE # This is no longer needed. Decision was to keep .ndsenv static on all servers # so all variables are the same. # Should it be necessary to change a varible on a specific server, # create /usr/local/shared/.sharedenv.sh.local # NOTE: File name should be cased as above! # the /usr/local/shared/.sharedenv.sh.local will be read after .ndsenv and will # therfore override values defined in .ndsenv ################################################################### f_updatendsenv () { f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Checking /usr/local/shared/.sharedenv.sh.bash..." # Fix .ndsenv.bash to reference new function names $XPG4grep -q "f_edirautostart;" /usr/local/shared/.sharedenv.sh.bash if [ $? -ne 0 ] then f_bkup /usr/local/shared/.sharedenv.sh.bash sed -e "s/eDirAutoStart;/f_edirautostart;/g" /usr/local/shared/.sharedenv.sh.bash > /tmp/_ndsenv.bash.$$ mv /tmp/_ndsenv.bash.$$ /usr/local/shared/.sharedenv.sh.bash f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: ** Modified /usr/local/shared/.sharedenv.sh.bash -- please review! **" else f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Not modified: /usr/local/shared/.sharedenv.sh.bash" fi } ################################################################### # Stop SLP UA/SA ################################################################### f_stopslp () { f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Stopping SLP..." /etc/init.d/slpuasa stop } ################################################################### # STARTUP SCRIPTS #/etc/rc2.d ################################################################### f_createstartupscripts () { f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Checking /etc/rc2.d..." if [ -f /etc/rc2.d/S74uasaslp ] then f_cmd mv /etc/rc2.d/S74uasaslp /etc/rc2.d/_S74uasaslp fi } ################################################################### # Install/update PERL library for Base64 encode/decode ################################################################### f_updateperllib () { if [ ! -f /var/nds/MIME/Base64.pm ] then f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Installing required PERL Base64 encode/decode module..." if [ ! -d /var/nds/MIME ] then f_cmd mkdir /var/nds/MIME fi f_cmd cp -p config/Base64.pm /var/nds/MIME else f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Checking required PERL Base64 encode/decode module..." f_move config/Base64.pm /var/nds/MIME/Base64.pm fi } ################################################################### # Install/update *.jar files (custom Java classes called by some DirXML drivers) ################################################################### f_dirxmlinstallcustomjars () { for src in `cd config; ls *.jar; cd ..` do dest=/usr/lib/dirxml/classes/$src src=config/$src if [ ! -f $dest ] then f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Installing Java utility library $dest..." f_cmd cp -p $src /usr/lib/dirxml/classes else f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Checking Java utility library $dest..." f_move $src $dest fi done # Remove obsolete jar if [ -f /usr/lib/dirxml/classes/DirXMLNCUtils.jar ] then f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Removing obsolete Java utility library DirXMLNCUtils.jar..." f_cmd rm -f /usr/lib/dirxml/classes/DirXMLNCUtils.jar fi } ################################################################### # Create directory for custom DirXML driver logging ################################################################### f_dirxmlcreatelog () { if [ ! -d /var/nds/dxml ] then mkdir /var/nds/dxml fi } ################################################################### # Install Java version "1.3.1_07" for use with DirXML 1.1a # This is now an OLD JRE version Most DirXML should use 1.4.X.X # To avoid problems with multiple versions of Java on a Solaris environment, DirXML 1.1a uses # Java from the /usr/lib/nds-modules/jre directory. # This directory is a symbolic link to a /usr/lib/nds-modules/jre1.3.1_03 directory. # This default setup can be bypassed by the following two methods: # 1. The environment variables, NDSD_JRE_PATH and DIRXML_JRE_PATH can be used # to cause Java to be accessed from another location. # 2. The symbolic link /usr/lib/nds-modules/jre can be modified to cause Java to be accessed from another location. # # When troubleshooting Java issues with DirXML 1.1a, # ensure these environment variables are not set (also ensure they are not set by the nds and ndsd startup scripts). Also, ensure the jre symbolic link is set to the default path. # ISSUE DO NOT RUN ON DirXML2.x ################################################################### f_dirxmlupdatejre () { f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: BEGIN f_dirxmlupdatejre\n" # Must check the following before getting here! # f_checkroot # f_checkerror $THISERROR # f_ndscheckinstalled # f_checkerror $THISERROR # f_dirxmlinstallcheck # Determine if we are running DirXML 1.1a or Identity Manager 2.0 case $HostOS in Linux) rpm -q --quiet novell-DXMLbase if [ $? -eq 0 ] then jreVer=j2re1.4 else jreVer=jre1.3.1 fi ;; SunOS) pkginfo -q DXMLbase if [ $? -eq 0 ] then jreVer=j2re1.4 else jreVer=j2re1_3 fi ;; *) f_write_and_log "\nABORTING -- Unrecognized OS version: $HostOS" f_fatalexiterror "Unrecognized OS version: $HostOS" ;; esac # Look for an updated JRE appropriate for install of DirXML 1.1 vs. IDM; skip if not found if [ -f ../jre/${jreVer}*${HostOS}* ] then # Set JRE archive name cd ..; src_path=`pwd` src_archive=`ls $src_path/jre/${jreVer}*${HostOS}*` # Remove path info from the filename src_archive=`basename $src_archive` # This strange syntax trucates everything to the right of the OS name in the filename src_archive=${src_archive%.$HostOS*} # Set JRE target path dest_path=$prefix/lib/nds-modules # Override log file i_log=$LOGFILE # Save so we can reset LOGFILE=/var/b1nds.log; export LOGFILE f_write_and_log "\nStarting Java JRE update (only affects DirXML)..." if [ ! -d $dest_path/$src_archive ] then # Get package path cd $dest_path f_write_and_log "\n`pwd`" f_cmd tar xf $src_path/jre/$src_archive.$HostOS.tar es=$?; f_checkerror $es fi if [ -h $dest_path/jre ] then f_write_and_log "\nRemoving existing symbolic link to JRE directory..." rm -f $dest_path/jre fi f_write_and_log "\nCreating symbolic link to JRE directory..." f_cmd ln -s $dest_path/$src_archive $dest_path/jre cd $src_path/bankone else f_write_and_log "\nNo updated JRE version $jreVer for $HostOS found... skipping update." fi f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END f_dirxmlupdatejre\n" # Reset log file LOGFILE=$i_log unset i_log } ########################################################################## # extend the schema for DirXML # Add base schema for DirXML so it does not need to be added later. # NOTE: Check if dirxml is installed before calling ########################################################################## f_dirxmladdschema() { if [ -f $bindir/dxmlconfig ] then f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Extending schema for DirXML..." f_retrycommand '$bindir/dxmlconfig config "$ADMINDOT"' else f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: DirXML not installed on this server..." fi } ###################################################################### #Verifying or create hosts.nds file.. # How can we get any existing servers into this tree ??? # 7/29/2005 # JGJ -- SLP coming soon. In the meantime, must create new tree with # uncommented tree name, or -632 and -626 errors will result ###################################################################### f_checkhostnds () { f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Verifying/creating hosts.nds file..." if [ -f /etc/hosts.nds ] then $XPG4grep -q "$SERVERNAME.*$SERVERIP" /etc/hosts.nds && $XPG4grep -q "^$TREENAME.*$MASTERIP" /etc/hosts.nds && $XPG4grep -q "^$MASTERSERVER.*$MASTERIP" /etc/hosts.nds if [ $? -eq 0 ] then f_write_and_log "\nFound existing /etc/hosts.nds that appears valid... NOT modifying." else f_write_and_log "...recreating hosts.nds..." for src in hosts.nds do dest=/etc/$src src=config/$src f_move $src $dest done # If there is no MASTERIP, then this is a new tree if [ -z $MASTERIP ] then printf "$TREENAME. $SERVERIP\n">>/etc/hosts.nds printf "$SERVERNAME $SERVERIP\n\n">>/etc/hosts.nds else printf "#$TREENAME. $SERVERIP\n">>/etc/hosts.nds printf "$SERVERNAME $SERVERIP\n\n">>/etc/hosts.nds printf "$TREENAME. $MASTERIP\n">>/etc/hosts.nds printf "$MASTERSERVER $MASTERIP\n\n">>/etc/hosts.nds fi fi else f_write_and_log "...creating.../etc/hosts.nds" f_cmd cp config/hosts.nds /etc # If there is no MASTERIP, then this is a new tree if [ -z $MASTERIP ] then printf "$TREENAME. $SERVERIP\n">>/etc/hosts.nds printf "$SERVERNAME $SERVERIP\n\n">>/etc/hosts.nds else printf "#$TREENAME. $SERVERIP\n">>/etc/hosts.nds printf "$SERVERNAME $SERVERIP\n\n">>/etc/hosts.nds printf "$TREENAME. $MASTERIP\n">>/etc/hosts.nds printf "$MASTERSERVER $MASTERIP\n\n">>/etc/hosts.nds fi fi f_write_and_log "Be sure to review /etc/hosts.nds for accuracy after successful installation.\n" } ########################################################################## # from: b1nds-ModifyInstall.sh # The purpose is to customise the OS and NDS environment to Our Standards # Set various customised fetures for startup and maintence # Copies scripts to appropriate locations # Does NOT Modify NDS structure or DIT # Should Always be used after: # --Adding NDS to a server # --To distribute updates to scripts or files # Adds customized /etc/init.d/nds and adds to system startup # Copies version mrker file # Copies ndsenv files to /usr/local/shared// # Fixes symbolic link on Linux # Checks/updates startup files for NDS # Tunes TCP based on Novell recommendations and adds to system startup # (see ../config/ndsnddconfig.sh) # Tunes /etc/system based on Novell recommendation (Solaris only) # (see ../config/system.stub) # adds Custom scripts # Tunes /etc/nds.conf (increases default threads) # Tunes eDirectory cache (/var/nds/dib/_ndsdb.ini) based on system RAM # -- Block cache should be roughly the same size as the DIB # -- Entry cache should be 2-4 times the DIB size # -- If total cache is more than double DIB size (1048576000 bytes), # allocate extra to entry cache # Changes iMonitor default port and requires Supervisor authentication # Removes SLP from system startup (using /etc/hosts.nds instead) ########################################################################## f_modifyinstall () { f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: BEGIN f_modifyinstall\n" f_checkroot f_checkerror $THISERROR f_ndscheckinstalled f_checkerror $THISERROR f_checkndsuser f_createversionfile f_copyndsenv f_fixlinux f_checkstartupfiles f_tunesolaris f_addcustomscripts f_imonsoftlink f_checkndsconf f_checkndsdb f_checkimonitor f_updatendsenv f_stopslp f_createstartupscripts f_updateperllib f_dirxmlinstallcheck if [ "$THISERROR" -eq "0" ] then f_dirxmlupdatejre f_dirxmlinstallcustomjars f_dirxmlcreatelog f_dirxmlfix1x fi f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END f_modifyinstall\n" } ################################################################### # Remove this Server From an Existing TREE ################################################################### f_ndsrmfromtree () { f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: BEGIN rmtree\n" f_ndscheckinstalled if [ "$THISERROR" -eq "0" ] then msg="eDirectory is installed" cmdOutput=`$bindir/ndsstat` f_write_and_log "$cmdOutput\n" $bindir/ndsconfig rm -a $ADMINDOT f_osdeletefileordirectory /var/nds/*.log f_osdeletefileordirectory /etc/nds.conf f_osdeletefileordirectory /etc/hosts.nds f_checkyorn "Remove All packages and files associated with any version of eDirectory or the Related Products?" ers=$? if [ $ers -eq 1 ] then f_ndsscrub fi else msg="eDirectory is NOT installed" fi f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END rmtree\n" } # this function sets the exit to non zero if $1 non numeric f_isdigit () { #expr $1 + 0 >/dev/null 2>&1 if expr $1 + 1 >/dev/null 2>&1 then echo number else echo not a number fi } ################################################################### # Install this Server into an Existing TREE # 8/1/2005 # JGJ -- Added run of f_checkndsconf to prevent NIC order problems # (/etc/nds.conf is removed after f_ndsrmfromtree) ################################################################### f_ndsintotree () { f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: BEGIN f_ndsintotree \n" f_checkroot f_checkerror $THISERROR f_ndscheckinstalled f_checkerror $THISERROR f_asktreename f_askmasterip MASTERTREE="`ndsstat -h $MASTERIP | grep '^Tree' | grep -v grep | awk '{print $NF}'`" MASTERSERVER="`ndsstat -h $MASTERIP | grep '^Server Name' | awk -F"=" '{print $2}' | awk -F"." '{print $1}'`" if [ "$MASTERTREE" != "$TREENAME" ] then f_write_and_log "\nndsstat Tree Name ($MASTERTREE) does NOT match\nyour input ($TREENAME). Adios...\n" f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END $0\n" exit 1 else f_write_and_log "\nIt is important that the following lines are added to /etc/hosts.nds" f_write_and_log "of all other servers in the target tree PRIOR to this process:\n" f_write_and_log " #$TREENAME. $SERVERIP" f_write_and_log " $SERVERNAME $SERVERIP\n" printf "This server will be inserted into the above tree. Continue (y/[N])?: " read ans if [ "x$ans" != "xy" ] then f_write_and_log "\nAborting, user said not to continue...\n" f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END $0\n" exit 1 fi fi f_checkhostnds f_checkndsconf f_askndspassword f_retrycommand f_checkpassword # Run ndsconfig add with the supplied parameters f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Inserting server into $TREENAME at $MASTERIP..." f_retrycommand '$bindir/ndsconfig add -S "$SERVERNAME" -t "$TREENAME" -p "$MASTERIP" -n "$ServersOUdot" -e -a "$ADMINDOT"; $bindir/ndsstat' f_waitforndsopen f_monitorreplicaadd f_stopslp f_cmd ndsstat -r -h $MASTERIP f_write_and_log "\nNOTE: If there are >=3 replicas in the partition holding this server object," f_write_and_log " you must manually add a replica to this server using ConsoleOne or iManager.\n" f_waitreplicaadd lock=0 # 0=unlock, any other=lock f_lockldap $lock f_waitforldap # f_createldapkmo ISSUE See f_createldapkmo () f_modldapserver f_waitforldap f_updatetreehostsnds f_createindexes f_buildindexes lock=1 # 0=unlock, any other=lock f_lockldap $lock f_checkyorn "Run process to modify system configuration (ModifyInstall)" ers=$? if [ $ers -eq 1 ] then f_modifyinstall fi f_checkyorn "Run process to reset File Permissions (OwnerPermsFix)" ers=$? if [ $ers -eq 1 ] then f_osperms fi unset MASTERTREE MASTERSERVER MASTERIP f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END f_ndsintotree\n" f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Server inserted into tree $TREENAME. Don't forget, you may have some to-do's left:\n" f_write_and_log "\t1) Update /etc/hosts.nds on all servers in the tree." f_write_and_log "\t2) Check NTP and make sure time is synchronizing (ntpq -p)." f_write_and_log "\t3) Will this server need SiteMinder schema and configuration (menu options 3,5)?" f_write_and_log "\t4) Has 'sudoers' file been correctly configured for ndsuser?" f_write_and_log "\t5) Has ndsuser '.profile' been created?" f_write_and_log "\t6) Does ndsuser have ability to use CRON?" f_write_and_log "\t7) Have ndsuser monitoring/maintenance/backup scripts been configured in CRON?" f_write_and_log "\t8) KMO recreated to support FQ DNS name (for Identity Services, proxy devices, etc.)?\n" f_write_and_log "Check the ./bankone/samples directory for sample config files. More details can be found in the" f_write_and_log "'eDirectory 8.7.3 Installation on Solaris & Linux' document, posted on TechOne.\n" f_pressanykey } ################################################################### # Create NEW Tree On this Server # JGJ -- Added run of f_checkndsconf to prevent NIC order problems # (/etc/nds.conf is removed after f_ndsrmfromtree) ################################################################### f_ndsnewtree () { f_checkroot f_checkerror $THISERROR f_ndscheckinstalled f_checkerror $THISERROR f_asktreename printf "\nYou will be prompted 3 times for the new admin password; please type\nthe new password carefully.\n" f_askndspassword f_checkndsconf f_checkhostnds # Install the server f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Build Tree: $TREENAME..." f_retrycommand '$bindir/ndsconfig new -i -S "$SERVERNAME" -t "$TREENAME" -n "$ServersOUdot" -e -a "$ADMINDOT" -d "$edirdibPATH" -o 8389 -O 8636 ' #these options no longer work -c "$TREENAME Organizational CA" -k "SSL/TLS Certificate" if [ ! -f /etc/nds.conf ] then f_write_and_log "\nOdds are the tree build failed. Adios...\n" f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END $0\n" exit 1 fi f_waitforndsopen lock=0 # 0=unlock, any other=lock f_lockldap $lock f_waitforldap f_stopslp f_schemaaddcustom f_ditcreate f_schemaadddelta f_modldapserver f_createindexes f_buildindexes lock=1 # 0=unlock, any other=lock f_lockldap $lock f_checkyorn "Run process to modify system configuration (ModifyInstall)" ers=$? if [ $ers -eq 1 ] then f_modifyinstall fi f_checkyorn "Run process to reset File Permissions (OwnerPermsFix)" ers=$? if [ $ers -eq 1 ] then f_osperms fi f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: New tree $TREENAME created. Don't forget, you may have some to-do's left:\n" f_write_and_log "\t1) Check NTP and make sure time is synchronizing (ntpq -p)." f_write_and_log "\t2) Will this server need SiteMinder schema and configuration (menu options 3,5)?" f_write_and_log "\t3) Has 'sudoers' file been correctly configured for ndsuser?" f_write_and_log "\t4) Has ndsuser '.profile' been created?" f_write_and_log "\t5) Does ndsuser have ability to use CRON?" f_write_and_log "\t6) Have ndsuser monitoring/maintenance/backup scripts been configured in CRON?" f_write_and_log "\t7) KMO recreated to support FQ DNS name (for Identity Services, proxy devices, etc.)?\n" f_write_and_log "Check the ./bankone/samples directory for sample config files. More details can be found in the" f_write_and_log "'eDirectory 8.7.3 Installation on Solaris & Linux' document, posted on TechOne.\n" f_pressanykey } ################################################################### # Installs base files required to run NDS on server. # Does not configure nds or create any DIT. # You MUST run f_ndsnewtree () or f_ndsintotree () followed by: # f_modifyinstall () and f_osperms () # BeforeUsing NDS # ISSUE -u parameter (for silent install) does not seem to work # on Linux or Solaris!! # 7/29/2005 # JGJ -- Added f_checksolarismemallocator to always run when # Solaris 9 detected # Added run of f_checkndsconf to prevent NIC order problems ################################################################### f_ndsbase () { f_checkroot f_checkerror $THISERROR # f_nicimodetest # f_checkerror $THISERROR f_resetlog f_ndscheckrunning if [ "$THISERROR" -eq "0" ] then msg="eDirectory is installed and running..." f_checkerror "1" "eDirectory is already installed... perhaps you meant to do an upgrade?" fi f_write_and_log "\nInstalling eDirectory under $HostOS $HostOSVer...\n" case $HostOS in Linux) ../Linux/setup/nds-install -c server,admutils -n $i_licensepath;es=$? ;; SunOS) # Install the packages (accounts for Solaris 9 per TID #10074772) case $OSVersion in 7|8) ../Solaris/setup/nds-install -c server,admutils -n $i_licensepath; es=$? ;; 9) ../Solaris/setup/nds-install -c server,admutils -n $i_licensepath; es=$? f_checksolarismemallocator ;; *) f_write_and_log "\nABORTING -- Unrecognized version of Solaris: $HostOSVer" f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END $0\n" exit 1 ;; esac ;; *) f_write_and_log "\nABORTING -- Unrecognized OS version: $HostOS" f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END $0\n" exit 1 ;; esac f_checkndsconf f_write_and_log "At this point, the eDirectory software has been installed, but the server is not in a tree nor will it accept LDAP requests." f_write_and_log "Proceed to the proper menu selection to create a new tree, or insert this server into an existing tree." f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END f_base" } ################################################################### # Installs patches to ndsbase to bring server to current production release # Configure NDS following an upgrade using ndsconfig # Need to run f_ndsbase first # Should run f_modifyinstall and f_osperms following # Currently this works with 8.7.3 ################################################################### # was f_ndsupgrade() f_ndspatches() { f_write_and_log "\nABORTING -- Bad function Called f_ndspatches()" f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END $0\n" f_pressanykey " Bad function f_ndspatches() Called!" return 1 } ################################################################### # LIB Patches for NDS (Typically Shared Object Files .so) # Installs LIBs or restores Production Libs typically used for # Debuging or testing of Special Functions # arg1= # 1 - To install the debug libraries # 2 - To revert to the original unmodified libraries # 3 - To examine the current libraries installed ################################################################### f_ndsLibPatches() { if [ "$HostOS" != "SunOS" ] then f_pressanykey "Lib patches can only be performed on Solaris (press any key to continue)" return 0 fi arg1=$1 i_target=../ndslibs i_wherewewere=$PWD # Setup if ndslibs is present in distribution #echo "Check $arg1" if [ -d $i_target ] then cd $i_target case $arg1 in 1) f_ndscheckrunning if [ "$THISERROR" -eq "0" ] then f_write_and_log "Edirectory Is Running..." f_checkyorn "eDirectory Must be Stopped to continue. Stop eDirectory ?" ers=$? if [ $ers -eq 1 ] then f_cmd /etc/init.d/nds stop else f_fatalexiterror "Can not continue without stopping eDirectory" fi else f_write_and_log "Edirectory NOT Running..." fi mkdir -p ./usrlib.bak/nds-modules files=`find ./usrlib.new -type file | sed -e 's/\.\/usrlib.new\///'` for file in $files do newfile=`ls -og ./usrlib.new/$file 2>&1 | sed -e 's/\.\/usrlib.new\///'` installed=`ls -og /usr/lib/$file 2>&1 | sed -e 's/\/usr\/lib\///'` if [ "$newfile" == "$installed" ] then echo "Debug version of $file already installed." else if [ -f /usr/lib/$file ] then echo "Backing-up old version of /usr/lib/$file..." cp -p /usr/lib/$file ./usrlib.bak/$file fi echo "Installing new library /usr/lib/$file..." cp -p ./usrlib.new/$file /usr/lib/$file fi done f_write_and_log "test LIB Installation complete..." ;; 2) f_ndscheckrunning if [ "$THISERROR" -eq "0" ] then f_write_and_log "Edirectory Is Running..." f_checkyorn "eDirectory Must be Stopped to continue. Stop eDirectory ?" ers=$? if [ $ers -eq 1 ] then f_cmd /etc/init.d/nds stop else f_fatalexiterror "Can not continue without stopping eDirectory" fi else f_write_and_log "Edirectory NOT Running..." fi files=`find ./usrlib.bak -type file | sed -e 's/\.\/usrlib.bak\///'` for file in $files do bakfile=`ls -og ./usrlib.bak/$file | sed -e 's/\.\/usrlib.bak\///'` installed=`ls -og /usr/lib/$file | sed -e 's/\/usr\/lib\///'` if [ "$bakfile" == "$installed" ] then f_write_and_log "Original version of $file already installed." else f_write_and_log "Re-installing original library $file..." cp -p ./usrlib.bak/$file /usr/lib/$file fi done f_write_and_log "test LIB Restoration complete..." ;; 3) files=`find ./usrlib.new -type file | sed -e 's/\.\/usrlib.new\///'` for file in $files do ls -l /usr/lib/$file done f_write_and_log "LIB File list complete..." ;; esac f_ndscheckrunning if [ "$THISERROR" -eq "0" ] then msg="eDirectory is installed and running..." else f_checkyorn "eDirectory is NOT currently Running: Start eDirectory ?" ers=$? if [ $ers -eq 1 ] then f_cmd /etc/init.d/nds start fi fi else f_write_and_log "No Files exist for updating..." fi f_pressanykey cd $i_wherewewere unset i_wherewewere } ################################################################### # An Upgrade upgrade the server to a version greter than the current Production Release # An Patch puts the server the current Production Release # arg1=1 Is production Builds # arg1=1 Is UpGrades to Builds ################################################################### #was f_ndsPatches f_ndsupgrade() { arg1=$1 case "$arg1" in "1") # Production Paths nmassvrupgradebase # nici do_title="Production Patch" do_nici="${scriptbase}/${currentproductionbasepath}/${niciupgradedir}" do_edir="${scriptbase}/${currentproductionbasepath}/${currentproductionpkg}/edircore" do_secupd="${scriptbase}/${currentproductionbasepath}/${currentproductionpkg}/security/secupd/unix" do_nmassvr="${scriptbase}/${currentproductionbasepath}/${currentproductionpkg}/security/${nmassvrprodbase}/${nmasserver}" do_nmasmth="${scriptbase}/${currentproductionbasepath}/${currentproductionpkg}/security/${nmasmthprodbase}/${nmasmethods}" ;; "2") # Upgrades Paths do_title="Upgrade" do_nici="${scriptbase}/${currentupgradebase}/${niciupgradedir}" do_edir="${scriptbase}/${currentupgradebase}/${currentupgradepkg}/edircore" do_secupd="${scriptbase}/${currentupgradebase}/${currentupgradepkg}/security/secupd/unix" do_nmassvr="${scriptbase}/${currentupgradebase}/${currentupgradepkg}/security/${nmassvrupgradebase}/${nmasserver}" do_nmasmth="${scriptbase}/${currentupgradebase}/${currentupgradepkg}/security/${nmasmthupgradebase}/${nmasmethods}" clear # f_pressanykey "No Current Upgrades Are Available!" # return 0 ;; *) f_write_and_log "Bad Option provided for Patch/Upgrade" f_write_and_log "\nABORTING -- Bad Option provided for Patch/Upgrade" f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END $0\n" exit 1 ;; esac i_wherewewere=$PWD t_title="Apply NICI $do_title" f_checkyorn "$t_title ?" ers=$? if [ $ers -eq 1 ] then # f_niciupgrade will prompt to stop edir f_write_and_log "\n$t_title" clear f_niciupgrade "${do_nici}" f_write_and_log "\nReview /var/nds-install.log for details." fi t_title="eDirectory $do_title" f_checkyorn "Apply $t_title ?" ers=$? if [ $ers -eq 1 ] then f_write_and_log "\nApplying $t_title" f_ndscheckrunning if [ "$THISERROR" -eq "0" ] then f_checkyorn "eDirectory is currently Running: Stop eDirectory ?" ers=$? if [ $ers -eq 1 ] then f_cmd /etc/init.d/nds stop fi else msg="eDirectory is not running..." fi clear cd "${do_edir}" ./install.sh -n f_write_and_log "\nPerforming Security Updates." cd "${do_secupd}" ./install.sh -n f_write_and_log "\nPerforming NMAS Server Updates." cd "${do_nmassvr}" ./install.sh -n f_write_and_log "\nReview /var/nds-install.log for details." cd $i_wherewewere fi f_ndscheckrunning if [ "$THISERROR" -eq "0" ] then msg="eDirectory is installed and running..." else f_checkyorn "eDirectory is NOT currently Running: Start eDirectory ?" ers=$? if [ $ers -eq 1 ] then f_cmd /etc/init.d/nds start fi fi t_title="NMAS Methods $do_title (Apply Once Per Tree)" f_checkyorn "Apply $t_title ?" ers=$? if [ $ers -eq 1 ] then f_write_and_log "\nApplying $t_title" clear f_nmasmethodupdate "${do_nmasmth}" cd $i_wherewewere f_write_and_log "\nReview /var/nds-install.log for details." fi t_title="process to modify system configuration (ModifyInstall)" f_checkyorn "Run $t_title ?" ers=$? if [ $ers -eq 1 ] then f_modifyinstall fi t_title="process to reset File Permissions (OwnerPermsFix)" f_checkyorn "Run $t_title ?" ers=$? if [ $ers -eq 1 ] then f_osperms fi f_write_and_log "\nReview /var/nds-install.log for details." } ################################################################### # Installs NICI package in /$HostOS/setup/ # This does nto work correctly # ISSUE # Package names are different for each NICI version on Linux but not on Solaris. # Packages must be uninstalled be fore re-installing them # Not possable to determine version of NICI that we want to install # nds-install greps itself to determine. ################################################################### f_niciupgrade() #arg_1=directory where package is stored { i_basepath=$1 f_nicigetversion f_ndscheckrunning if [ "$THISERROR" -eq "0" ] then f_checkyorn "eDirectory Will be stopped to Apply NICI Upgrade, continue ?" ers=$? if [ $ers -eq 1 ] then f_write_and_log "\nStoping eDirectory for NICI Upgrade." f_cmd /etc/init.d/nds stop else f_write_and_log "\n User chose not to stop eDirectory for NICI Upgrade. Upgrade NOT Performed!" return 1 fi else f_write_and_log "\n eDirectory is not running. Proceeding with NICI Upgrade." fi f_write_and_log "\nBEGIN Upgrading NICI under $HostOS $HostOSVer..." if [ -z "$niciversion" ] then f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END ERROR Current NICI version not found! f_niciupgrade" else f_write_and_log "\n Current NICI verion installed is: $niciversion" fi case $HostOS in Linux) i_setupdir="${i_basepath}/$HostOS" #i_nicipkg="nici-2.6.5-0.01.i386.rpm" if [ -f $setupdir/$i_nicipkg ] then f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: ERROR could not find: $setupdir/$i_nicipkg! NICI not upgraded! f_niciupgrade" f_checkyorn "ERROR could not find: $i_setupdir/$i_nicipkg!! NICI not upgraded! f_niciupgrade" return 1 fi nicitoinstallversion=`ls $i_setupdir |grep "nici-"|awk -F"-" '{print $2 }'` f_write_and_log "\nUpdating NICI from $niciversion to $nicitoinstallversion..." for i_nicipkg in `ls -1 $i_setupdir` do result=`rpm -Uvh $i_setupdir/$i_nicipkg 2>&1` f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: $method $result" done #rpm -Uvh $i_setupdir/$i_nicipkg #es=$? #echo $es #f_checkerror $es "Failed to install $setupdir/$i_nicipkg... f_niciupgrade" ;; SunOS) i_setupdir="${i_basepath}/Solaris" #f_write_and_log "\nNOTE: Follow Prompts, Ignore Dependancies and continue with the removal of this package!" pkginfo | grep NOVLniu0 >/dev/null 2>&1 ers=$? if [ $ers -eq 0 ] then f_write_and_log "\nRemoving NICI version $niciversion" # Remove the current package ABSOLUTLY pkgrm -n -a $scriptbase/Solaris/setup/admin.nds4s NOVLniu0 f_checkerror $? "Error Removing NICI Package NOVLniu0" fi for i_nicipkg in `ls -1 $i_setupdir` do result=`pkgadd -n -r $scriptbase/Solaris/setup/admin.nds4s -d $i_setupdir/$i_nicipkg -a $scriptbase/Solaris/setup/admin.nds4s NOVLniu0` f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: $method $result" done #pkgadd -n -r $scriptbase/Solaris/setup/admin.nds4s -d $i_setupdir/$i_nicipkg -a $scriptbase/Solaris/setup/admin.nds4s NOVLniu0 #f_checkerror $? "Installing NICI $setupdir/$i_nicipkg" ;; *) f_write_and_log "\nABORTING -- Unrecognized OS version: $HostOS" f_fatalexiterror "Unrecognized OS version: $HostOS" ;; esac f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END Upgrading NICI under $HostOS $HostOSVer." return 0 } ################################################################### # Install Identity Manager 2.x packages and extend the schema for DirXML # Installs base IDM2.x packages onto server. Performs no Configuration of DirXML # Includes - Engine update for IDM2.0.1 - TID2969825 # dirxml_platform.bin -DCLUSTER_INSTALL="true" ################################################################### f_dirxml2xinst () { i_title="Base IDM 2.x Install" f_checkroot f_checkerror $THISERROR f_ndscheckinstalled current_dir=`pwd` f_write_and_log "\n $HostOS $HostOSVer...\n" case $HostOS in Linux) i_dirname="/idm20/linux/setup" i_installfilename="dirxml_linux.bin" ;; SunOS) i_dirname="/idm20/solaris/setup" i_installfilename="dirxml_solaris.bin" ;; *) f_write_and_log "\nABORTING -- Unrecognized OS version: $HostOS" f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END $0\n" f_fatalexiterror "Unrecognized OS version: $HostOS" ;; esac i_testfile="..$i_dirname/$i_installfilename" f_write_and_log "\n$i_title" if [ -f $i_testfile ] then cd ..$i_dirname ./$i_installfilename -DCLUSTER_INSTALL="true" cd $current_dir f_checkerror $es f_checkyorn "Apply Current patches" ers=$? if [ $ers -eq 1 ] then f_dirxml2patches else f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`:\nDirXML IDM2.x Patches not Applied." fi f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`:\nReview <userhomedir>/dirXML/dirXML_InstallLog.log for installation details." else f_write_log "\n`date '+%Y-%m-%d %H:%M:%S'`: $i_testfile not found. DirXML2 Packge is not present to install!" f_checkerror "1" " $i_testfile not found. " f_pressanykey "$i_testfile not found. Press <Enter> to continue" fi # Run DirXML Schema Install so if it failed it will be there. f_dirxmladdschema unset i_testfile f_pressanykey "$i_title. Press <Enter> to continue" f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END f_installIDM2x\n" } ################################################################### # Currently for For IDM2.01 Will patch to the current ir Release # All patches for IDM Engine are in this function. # Also calls f_dirxml2DriverUpdate to update Drivers/Shims etc # Implements the following: # Engine and Remote Loader update for IDM2.0.1 TID #: 2971539 idm201ir4.tgz ################################################################### f_dirxml2patches () { i_title="Engine and Remote Loader update for IDM2.0.1 TID: 2971539 idm201ir4.tgz" srcdir="$scriptbase/idm20/upgrade" f_write_and_log "\n installing $i_title" case $HostOS in # NOTE: THE lower case of directory names..... Linux) pkglocation="$scriptbase/idm20/upgrade/linux" rpm -U --force $pkglocation/novell-DXMLbase-2.0.8-20050127.i386.rpm rpm -U --force $pkglocation/novell-DXMLengn-2.0.8-20050127.i386.rpm rpm -U --force $pkglocation/novell-DXMLevent-2.0.10-20050127.i386.rpm rpm -U --force $pkglocation/novell-DXMLrdxml-2.0.8-20050127.i386.rpm rpm -U --force $pkglocation/novell-NOVLjvml-2.0.10-20050127.i386.rpm ;; SunOS) pkglocation="$scriptbase/idm20/upgrade/solaris/" pkgrm -A $pkglocation/DXMLbase pkgrm -A $pkglocation/DXMLengn pkgrm -A $pkglocation/DXMLevent pkgrm -A $pkglocation/DXMLrdxml pkgrm -A $pkglocation/NOVLjvml pkgadd -d $pkglocation/DXMLbase.pkg pkgadd -d $pkglocation/DXMLengn.pkg pkgadd -d $pkglocation/DXMLevent.pkg pkgadd -d $pkglocation/DXMLrdxml.pkg pkgadd -d $pkglocation/NOVLjvml ;; *) f_write_and_log "\nABORTING -- Unrecognized OS version: $HostOS" f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END $0\n" f_fatalexiterror "Unrecognized OS version: $HostOS" ;; esac f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: ** Finished Applying $i_title" f_dirxml2DriverUpdate } ################################################################### # Install DirXML 1.1a packages and extend the schema for DirXML # FROM: b1nds-DXMLInst.sh # Installs base DirXML packages onto server. Performs no Configuration of DirXML ################################################################### f_dirxml1xinst () { f_checkroot f_checkerror $THISERROR f_ndscheckinstalled current_dir=`pwd` f_write_and_log "\n $HostOS $HostOSVer...\n" case $HostOS in Linux) i_dirname="Linux" ;; SunOS) i_dirname="Solaris" ;; *) f_write_and_log "\nABORTING -- Unrecognized OS version: $HostOS" f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END $0\n" f_fatalexiterror "Unrecognized OS version: $HostOS" ;; esac i_testfile="../dirxml/$i_dirname/setup/dirxml-install" f_write_and_log "\nInstalling DirXML 1.1a under $HostOS $HostOSVer..." f_write_and_log "\nEnter admin password when prompted .........." if [ -f $i_testfile ] then cd ../dirxml/$i_dirname/setup ./dirxml-install -u -c dirxml cd $current_dir f_checkerror $es f_write_and_log "\nReview /var/dirxml1.1_install.log for DirXML installation details." f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Extending schema for DirXML..." f_write_and_log "Logging in with $ADMINDOT...\n" $bindir/ndsstat>/dev/null 2>&1 if [ $? -eq 0 ] then f_retrycommand '$bindir/dxmlconfig config "$ADMINDOT"' else f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: eDirectory is not running -- make sure the schema is extended." fi else f_write_log "\n`date '+%Y-%m-%d %H:%M:%S'`: $i_testfile not found. DirXML Packge is not present to install!" f_checkerror "1" " $i_testfile not found. " fi unset i_testfile f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END f_dirxml1xinst\n" } ################################################################### # Currently for For IDM2.01 # Updates various Driver Fixes # Updated LDAP driver for IDM2.0.1 - TID2969897 # destdir /usr/lib/dirxml/classes # srcdir $menupwd/idm20/patches/ /usr/lib/dirxml/classes ################################################################### f_dirxml2DriverUpdate () { destdir="/usr/lib/dirxml/classes/" srcdir="$scriptbase/idm20/driver_updates/idm201jdbcir1/" i_title="Updated These updated files are for the JDBC 1.6 driver running with IDM2.0.1" f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: ** Update JDBC Driver" i_file="CommonDriverShim.jar" f_bkup $destdir$i_file f_cmd cp $srcdir$i_file $destdir$i_file f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: ** Finished $i_file" i_file="JDBCShim.jar" f_bkup $destdir$i_file f_cmd cp $srcdir$i_file $destdir$i_file f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: ** Finished $i_file" i_file="JDBCUtil.jar" f_bkup $destdir$i_file f_cmd cp $srcdir$i_file $destdir$i_file f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: ** Finished $i_file" f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: ** $i_title" i_title="Updated LDAP driver for IDM2.0.x TID 2970997 idm201ldapir4.tgz" i_file="CommonDriverShim.jar" f_bkup $destdir$i_file f_cmd cp $srcdir$i_file $destdir$i_file f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: ** Finished $i_file" i_file="LDAPShim.jar" f_bkup $destdir$i_file f_cmd cp $srcdir$i_file $destdir$i_file f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: ** Finished $i_file" i_file="LDAPUtil.jar" f_bkup $destdir$i_file f_cmd cp $srcdir$i_file $destdir$i_file f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: ** Finished $i_file" f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: ** $i_title" } ################################################################### # For DirXML 1.1a ################################################################### f_dirxmlfix1x () { f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: BEGIN f_dirxmlfix1x\n" # Check to see if schema has evern been extended for DirXML on # this server; if it has, don't do it again if [ ! -f /var/nds/schema.log ] || [ -z "`grep vrschema.sch /var/nds/schema.log`" ] ; then f_dirxmladdschema fi # Novell-supplied nds-install breaks DirXML; we are fixing it here case $HostOS in Linux) # Check to see which version of DirXML is installed first rpm -q --quiet novell-DXMLbase if [ $? -eq 0 ] then f_write_and_log "\nIdentity Manager 2.0 detected... nothing to fix.\n" else # Looks like DirXML 1.1a, let's check it rpm -qi NDSdxevnt | $XPG4grep -q "Version : 1.1.3" if [ $? -ne 0 ] then f_checkyorn "Fix broken DirXML packages (requires ndsd restart)" ers=$? if [ $ers -eq 1 ] then f_write_and_log "\nFixing incorrect/missing NDSdxevnt...\n" f_cmd /etc/init.d/nds stop f_cmd rpm -Uvh ../dirxml/Linux/NDSdxevnt* f_cmd /etc/init.d/nds start fi fi fi ;; SunOS) # Check to see which version of DirXML is installed first pkginfo -q DXMLbase if [ $? -eq 0 ] then f_write_and_log "\nIdentity Manager 2.0 detected... nothing to fix.\n" else # Looks like DirXML 1.1a, let's check it pkginfo -l NDSdxevnt 2>&1 | $XPG4grep -q "VERSION: 1.1.3" if [ $? -ne 0 ] then f_checkyorn "Fix broken DirXML packages (requires ndsd restart)" ers=$? if [ $ers -eq 1 ] then f_write_and_log "\nFixing incorrect/missing NDSdxevnt...\n" f_cmd /etc/init.d/nds stop f_cmd pkgrm -n -a ../dirxml/Solaris/setup/admin.nds4s NDSdxevnt f_cmd pkgadd -n -d ../dirxml/Solaris/NDSdxevnt.pkg -a ../dirxml/Solaris/setup/admin.nds4s NDSdxevnt f_cmd /etc/init.d/nds start fi fi fi ;; *) f_write_and_log "\nABORTING -- Unrecognized OS version: $HostOS" f_fatalexiterror "Unrecognized OS version: $HostOS" ;; esac f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END f_dirxmlfix1x\n" } ################################################################### # Installs any NMAS Methods in the Directory Provided # Curent Production methods are in the ../nmas directory # For updates to other methods supply the Directory ($1) # The directory should be to the directories containing the methods ################################################################### f_nmasmethodupdate () { i_nmas=$1 i_wherewewere=$PWD # Setup NMAS if present in distribution if [ -d $i_nmas ] then f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: BEGIN f_nmasmethodupdate\n" f_write_and_log "Run this process ONCE per TREE" f_checkyorn "Install/update Server methods (Run this process ONCE per TREE)" ers=$? if [ $ers -eq 1 ] then f_ndscheckrunning if [ "$THISERROR" -eq "0" ] then msg="eDirectory is installed and running..." else f_checkyorn "eDirectory Must be Running to continue. Start eDirectory ?" ers=$? if [ $ers -eq 1 ] then f_cmd /etc/init.d/nds start fi fi if [ -z "$PASS" ] then f_askndspassword f_retrycommand f_checkpassword fi f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Installing NMAS Methods in $i_nmas..." result=`nmasinst -i $ADMINDOT $TREENAME -w $PASS 2>&1` f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: $result" f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Installing/updating NMAS methods..." for method in `ls -1 $i_nmas` do result=`nmasinst -addmethod $ADMINDOT $TREENAME $i_nmas/$method/config.txt -w $PASS 2>&1` f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: $method $result" done fi f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END f_nmasmethodupdate\n" unset i_nmas fi } ################################################################### # Installs NMAS Package # Does NOT install methods see f_nmasmethodupdate () # f_nmasupdate ################################################################### f_nmasupdate () { if [ -d ../nmas ] then f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: BEGIN f_nmasupdate\n" # run Novell's Script for install. cd ../nmas ./install.sh -n cd $startedhere f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END f_nmasupdate\n" fi f_ndscheckrunning if [ "$THISERROR" -eq "0" ] then msg="eDirectory is installed and running..." else f_checkyorn "eDirectory is NOT currently Running: Start eDirectory ?" ers=$? if [ $ers -eq 1 ] then f_cmd /etc/init.d/nds start else f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: User choose not to start eDirectory. f_nmasupdate\n" fi fi } ################################################################### # Will send an email message to desired recipients # i_recipient="$1" # if i_recipient=help, we will dump out parameters # i_subject="$2" # i_msg="$3" # if i_msg as a file exist, the message will be the contents # NOTE: i_msg will be erased # If parameters are not passed, a testing message is sent. ################################################################### f_messagesend() { i_recipient="$1" i_subject="$2" i_msg="$3" i_recipient=${i_recipient:="$EMAIL_NOTIFY"} if [ "$i_recipient" = "help" ] then echo "recipient subject msg" return 1 fi i_subject=${i_subject:="TESTING Message From -`hostname` - `date`"} i_msg=${i_msg:="Message is: Testing Message From -`hostname` - `date`"} if [ -f "$i_msg" ] then i_msgfile="$i_msg" else i_msgfile=/tmp/EMAIL_BODY.$$ date > $i_msgfile printf "\n$i_msg\n" >> $i_msgfile fi $mailer -s "$i_subject" "$i_recipient" < $i_msgfile rm -f $i_msgfile f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END f_sendTestMessage\n" } ################################################################### # Stop ($1=stop) or start ($1=start) Aux services on server that # Require eDirectory. ################################################################### f_stopstartaux() { i_ss=$1 if [ "$i_ss" = "start" ] then ## The umask and chmod is a workaround for a known problem. See: ## http://ino0l900.svr.bankone.net:8880/DirectoryWiki/Wiki.jsp?page=IManagerBlankPageOnLinuxAndSolaris umask 022 chmod o+r /var/opt/novell/tomcat4/webapps/nps/portal/work/*.xsl # Start them case $HostOS in Linux) /etc/init.d/novell-httpd start /etc/init.d/novell-tomcat4 start ;; SunOS) /var/opt/novell/httpd/bin/apachectl startssl /var/opt/novell/tomcat4/bin/startup.sh ;; *) f_write_and_log "\nABORTING -- Unrecognized OS version: $HostOS" f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END $0\n" f_fatalexiterror "Unrecognized OS version: $HostOS" ;; esac fi if [ "$i_ss" = "stop" ] then # Stop them case $HostOS in Linux) /etc/init.d/novell-httpd stop /etc/init.d/novell-tomcat4 stop ;; SunOS) /var/opt/novell/httpd/bin/apachectl stop /var/opt/novell/tomcat4/bin/shutdown.sh ;; *) f_write_and_log "\nABORTING -- Unrecognized OS version: $HostOS" f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END $0\n" f_fatalexiterror "Unrecognized OS version: $HostOS" ;; esac fi } ################################################################### # Verify the the host OS that this script is executing on is supported # by the script ################################################################### verifySupportedOS() { for CHECKOS in $SUPPORTED_OS do if [ "$HostOS" = "$CHECKOS" ] then return 1 fi done echo "Sorry, the \"$HostOS\" operating system is not supported by this installation script." exit 1 } ################################################################### # Clear the PKG_VERSION variables for an INSTALLED Package ################################################################### clearPKGVersion() { PKG_VERSION_MAJOR= PKG_VERSION_MINOR= PKG_VERSION_REVISION= PKG_VERSION_BUILD= PKG_VERSION_RELEASE= PKG_VERSION= } ################################################################### # Clear the PKGFILE_VERSION variables for a Package File ################################################################### clearPKGFileVersion() { PKGFILE_VERSION_MAJOR= PKGFILE_VERSION_MINOR= PKGFILE_VERSION_REVISION= PKGFILE_VERSION_BUILD= PKGFILE_VERSION_RELEASE= PKGFILE_VERSION_BASE= PKGFILE_VERSION= } ################################################################### # Install SUN Package without response # pkg=$1 = full path and name of DXMLengn.pkg # pkgbasename=$2 = Name of package with no extension ################################################################### SunOSinstallPkg() { pkg=$1 pkgbasename=$2 adminvar=$scriptbase/Solaris/setup/admin.nds4s f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: Adding package $pkg" pkgadd -n -r $adminvar -d $pkg -a $adminvar $pkgbasename >> /dev/null 2>&1 ers=$? if [ $ers -eq 1 ] then f_checkyorn "Error adding package $pkg continue ?" ers=$? if [ $ers -eq 0 ] then return 1; fi else f_write_and_log "\n Success adding $package_dir/$pkg " fi } ################################################################### # Remove SUN Package without response # pkg=$1 = DXMLengn (To Remove) Shortname ################################################################### SunOSremovePkg() { pkg=$1 if [ $pkg = "ntls" ] then pkg=NOVLntls fi adminvar=$scriptbase/Solaris/setup/admin.nds4s str1=`gettext install "Removing"` str2=`gettext install "package..."` write_log "Removing $pkg..." pkgrm -n -a $adminvar $pkg >> $LOGFILE 2>&1 if [ $? != 0 ] then str1=`gettext install "Uninstallation of "` str2=`gettext install "package is not successful.Trying with system defaults..."` write_log "Uninstallation of "$1" package is not successful.Trying with system defaults..." pkgrm $pkg SunOScheckForPackageExistence $pkg if [ $pkg_exists = 0 ] then str1=`gettext install "removed successfully."` write_log "$pkg removed successfully." return 0 else str1=`gettext install "ERROR : Failed to remove"` str2=`gettext install "package."` write_log "$instr $str1 $pkg $str2" str1=`gettext install "Please remove"` str2=`gettext install "package manually"` write_and_log "$instr $str1 $pkg $str2" return 1 fi else write_log "$pkg removed successfully." return 0 fi } ################################################################### # Checks for packages Existence # pkg=$1 = DXMLengn to check Shortname # IF the package is present; the following parameters are set # pkg_exists = 1 (Not exists=0) # version = version of package ################################################################### SunOScheckForPackageExistence() { pkg=$1 if [ $pkg = "ntls" ] then pkg="NOVLntls" fi if pkginfo -q $pkg 2>/dev/null then pkg_exists=1 version=`pkgparam $pkg VERSION` else pkg_exists=0 fi } ################################################################### # Checks for packages Existence # pkg=$1 = DXMLengn to check Shortname # IF the package is present; the following parameters are set # pkg_exists = 1 (Not exists=0) # version = version of package ################################################################### LinuxcheckForPackageExistence() { pkg=$1 if rpm -q $pkg >> /dev/null 2>&1 then pkg_exists=1 version=`rpm -qi $pkg 2>/dev/null | grep "Version" | $AWK '{print $3}'` else pkg_exists=0 fi } ################################################################### # Install Linux Package without response # pkg=$1 = Full Path and name of package # pkgbasename=$2 = Name of package with no extension ################################################################### LinuxinstallPkg() { pkg=$1 pkgname=$2 if ! rpm -q $2 >/dev/null 2>&1 then if [ "$pkgname" = "NOVLembox" ] then if ! rpm -ivh --nodeps $1 >> /dev/null 2>&1 then return 1 else write_log "$pkg installed successfully" return 0 fi fi if ! rpm -ivh $rpmforce $1 >> /dev/null 2>&1 then return 1 else write_log "$pkg installed successfully" return 0 fi fi } ################################################################### # Remove SUN Package without response # pkg=$1 = Name of Package ################################################################### LinuxremovePkg() { pkg=$1 if rpm -q $pkg >/dev/null then if ! rpm -e --nodeps $pkg >> /dev/null 2>&1 then str1=`gettext install "ERROR : Failed to remove"` str2=`gettext install "package."` write_log "$instr $str1 $pkg $str2" return 1 else write_log "$pkg removed successfully" return 0 fi fi } ################################################################### # Display a note on the screen to the user. # It will 'bordered' by equal signs (eg: ====). # pkg=$1 = Message ################################################################### f_dispnote() { f_write_and_log "==================================== NOTE ====================================" f_write_and_log "$1" f_write_and_log "==============================================================================" } # This will help in determing errors that could exist in this script. f_write_and_log "$THIS_SCRIPT Version $T_VER loaded successfully" ################################################################### # Display a dots on the screen to the user. # $1 = How many seconds between dots? ################################################################### function dots () { SEC=$1 # How many seconds between dots? while true do sleep $SEC echo ".\c" done } ###################################################################### # Need to clear any varibles not needed as this script is loaded within # other scripts. ###################################################################### unset THIS_SCRIPT unset T_VER ########################################################## # BEGINNING OF MAIN ########################################################## # We do not do exectuions iin this script. # It is expected that the script will be used by other scripts. # This will help in determing errors that could exist in this script. f_write_and_log "SHAREDFUNCTIONS Version $SHAREDFUNCTIONS_VER loaded successfully" ###################################################################### # Need to clear any varibles not needed as this script is loaded within # other scripts. ###################################################################### unset T_THIS_SCRIPT unset SHAREDFUNCTIONS_VER