Overview#
For more Information consult Using the Willeke Script Library.
Use Entirely at Your Own Risk
Services.willeke.biz nor anyone else is responsible if you use a tool or any information on this site and causes damages to anyone or anything! This is only Example code
The .sharedfunctions.sh file contains almost all functions called by any menu or other script used in the organization's Scripts.
The attempt is to set all the default functions we need here for initialization of all the build, menu and maintenance scripts.
More Information#
There might be more information for this subject on one of the following:
##########################################################
#no bin bash as this is an imported script
#
# SCRIPT: .sharedfunctions.sh
# AUTHOR: jim@willeke.com
# DATE: 1/31/2009 7:39:22 AM
SHAREDFUNCTIONS_VER=12.5A # Script Version Number
# (Valid are A, B, D, T, Q, and P (For Alpha, Beta, Dev, Test, QA, and Production)
#
# PLATFORM: bash
#
# REQUIREMENTS:
# Varibles should be defined in /usr/local/share/willeke/.sharedenv.sh
# /usr/local/shared/.sharedenv.sh should be loaded after this
# script for proper operation.
# this file should be located at:
# /usr/local/share/willeke/.sharedfunctions.sh
#
# PURPOSE: This script along with the .sharedenv.sh script is to
# utilize a common scripting function and variable library for
# an orgaanization.
#
# REV LIST:
# DATE: DATE_of_REVISION
# BY: AUTHOR_of_MODIFICATION
# MODIFICATION: Describe what was modified, new features, etc--
#
# 12/31/2007 8:20:53 AM Many mods for generic use
# 2003-12-08 Added check for DSbackup PREP to f_backupfulldirectory
# -Modified f_lockldap
# -Modifications to f_viewlog
# 2003-12-03 This is the new Functions Script
# 8/16/2005 -- Converted references to $bindir/mailx to $mailer
# 12/31/2007 8:20:53 AM Many mods for generic use
#
# set -n # Uncomment to check script syntax, without execution.
# # NOTE: Do not forget to put the # comment back in or
# # the shell script will never execute!
# set -x # Uncomment to debug this shell script
#
##########################################################
# DEFINE FILES AND VARIABLES HERE
##########################################################
# Varibles should be defined in /usr/local/shared/.sharedenv.sh
# /usr/local/shared/.sharedenv.sh should be loaded after this
# for proper operation.
#
##########################################################
# DEFINE FUNCTIONS HERE
##########################################################
######################################################################
# Subroutine to Log to LOGFILE does not show to console
######################################################################
f_write_log ()
{
if [ -n "$LOGFILE" -a -n "$*" ]
then
printf "$*\n" >> $LOGFILE
fi
}
######################################################################
# Sends outpuit to console and to $LOGFILE
######################################################################
f_write_and_log ()
{
if [ -n "$*" ]
then
f_write_log "$*"
printf "$*\n"
fi
}
######################################################################
# Subroutine to echo & run command
# Sends outpuit to console and to $LOGFILE
######################################################################
f_cmd ()
# arg_1 = Command to run
{
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'` $*"
cmdOutput=`eval $*`; f_write_and_log "$cmdOutput"
}
######################################################################
# Subroutine to backup and update files if the source is changed
######################################################################
f_move ()
{
src=$1
dest=$2
diff $src $dest > /dev/null 2>&1
diffResult=$?
if [ ! -f $src ]
then
f_write_and_log "ERROR: Can NOT find $src. No Action performed!..."
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END $0"
return 1
elif [ $diffResult -eq 0 ]
then
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: Not modified: $dest"
else
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: ** Modifying $dest"
f_bkup $dest
f_cmd cp -p $src $dest
fi
}
######################################################################
# Get value from Console
# $1=parameter that the value will be set
# $2=Name of the parameter that we wil prompt as
######################################################################
f_askforvalue ()
{
i_name="$2"
i_value="$1"
printf "\nEnter the value for $i_name: "
stty -echo
read i_temp
stty echo
printf "\n\n"
$i_value="$i_temp"
}
######################################################################
# Get admin password from Console
######################################################################
f_askndspassword ()
{
printf "\nEnter the password for $ADMIN: "
stty -echo
read PASS; export PASS
stty echo
printf "\n\n"
}
######################################################################
# Subroutine to set userlimits
# Show limtis on box and then set open files to 1024 (Should make this variable
# 7/29/2005
# JGJ -- Changed default ulimit to 8192 (1024 is likely not enough!)
######################################################################
f_setulimits()
#arg_1=Number of open files
{
i_openfiles=$1
i_openfiles=${i_openfiles:=8192}
ulimit -n $i_openfiles
unset i_openfiles
}
##########################################################################
# Remove NDS from Server BRUTE FORCE
# Calls external scripts based on HostOS
##########################################################################
f_ndsscrub ()
{
f_write_and_log "\n $HostOS $HostOSVer..."
dispnote "WARNING! This will remove ALL Novell Binaries, Log Files and DIB"
f_checkyorn "Remove All packages and files associated with any version of eDirectory or the Related Products?"
ers=$?
if [ $ers -eq 1 ]
then
cd config
./novell-scrub.sh -n
cd ..
else
f_write_and_log "ABORTING -- User said Not to Scrub"
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END $0"
return 1
fi
}
##########################################################################
# Prompts user to continue You should supply an argument for user prompt
##########################################################################
f_pressanykey ()
# arg $1 message
{
i_MSG=$1
i_MSG=${i_MSG:="Press <Enter> Key to Continue"}
printf "\n $i_MSG "
read dummy
unset i_MSG
}
##########################################################################
# Deletes a file or a directory will take wildcards
##########################################################################
f_osdeletefileordirectory()
# arg $1 filordirectory
{
CMD_DELETEFILEORDIRECTORY="rm -rf"
dispItem "$1"
DEL=
if [ -f "$1" ]
then
DEL=$1
fi
if [ -d "$1" ]
then
DEL=$1
fi
if [ "$DEL" != "" ]
then
DELETED=
$CMD_DELETEFILEORDIRECTORY $DEL 1>$NULLDEV 2>$NULLDEV
DELETED=$?
if [ "$DELETED" = "0" ]
then
DELETESTATUS="${resultok} DELETED ${reset}"
else
DELETESTATUS="${resultfail}DELETE FAILED${reset}"
failure
fi
else
DELETESTATUS=" - "
fi
# Display the status of the file or directory deletion
f_write_and_log "\n $DELETESTATUS"
}
##########################################################################
# These are owner & permision changes that are made to the OS to
# Allows support of eDirectory without direct 'root' access.
##########################################################################
f_osperms ()
{
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: BEGIN f_osperms"
f_checkroot
f_checkerror $THISERROR
f_ndscheckinstalled
f_checkerror $THISERROR
if [ -z "$ndsGROUP" ]; then
printf "\nFollowing are the list of UNIX groups that might be intended for"
printf "local eDirectory administration: \n\n"
grep nds /etc/group
grep iim /etc/group
printf "\nInput local group name for eDirectory management...\n"
printf " (e.g. iim, ndsgroup, etc.): "
read ndsGROUP
printf "\n"
fi
# Start change of file ownership and permissions
# /etc
f_write_and_log "\n/etc"
f_cmd chown root:$ndsGROUP /etc/hosts.nds
f_cmd chmod 664 /etc/hosts.nds
f_cmd chgrp $ndsGROUP /etc/nds.conf
f_cmd chmod 664 /etc/nds.conf
# /etc/init.d
f_write_and_log "\n/etc/init.d"
f_cmd chown root:sys /etc/init.d/nds
f_cmd chown root:sys /etc/init.d/ndsnddconfig.sh
f_cmd chgrp sys /etc/init.d/ndsd
# For new startup items
f_cmd chgrp sys /etc/init.d/pre_ndsd_start
f_cmd chgrp sys /etc/init.d/post_ndsd_start
f_cmd chgrp sys /etc/init.d/pre_ndsd_stop
f_cmd chgrp sys /etc/init.d/post_ndsd_stop
# end new startup
f_cmd chmod 744 /etc/init.d/ndsnddconfig.sh
f_cmd chmod 744 /etc/init.d/nds
f_cmd chmod 744 /etc/init.d/ndsd
f_cmd chmod 744 /etc/init.d/slpuasa
#/usr/bin
f_write_and_log "\n/usr/bin"
f_cmd chown root:$ndsGROUP /usr/bin/ndsunix.sh
# added for 8.7.1
f_cmd chown root:$ndsGROUP /usr/bin/edirutil
f_cmd chown root:$ndsGROUP /usr/bin/nmasinst
f_cmd chown root:$ndsGROUP /usr/bin/ndssnmp
f_cmd chown root:$ndsGROUP /usr/bin/ndssnmpconfig
f_cmd chown root:$ndsGROUP /usr/bin/ndssnmpsa
# For Ice Generation of LDIFs
f_cmd chown root:$ndsGROUP /usr/bin/attrs
f_cmd chown root:$ndsGROUP /usr/bin/cities
f_cmd chown root:$ndsGROUP /usr/bin/company
f_cmd chown root:$ndsGROUP /usr/bin/domain
f_cmd chown root:$ndsGROUP /usr/bin/ether
f_cmd chown root:$ndsGROUP /usr/bin/first
f_cmd chown root:$ndsGROUP /usr/bin/initial
f_cmd chown root:$ndsGROUP /usr/bin/lastnames
f_cmd chown root:$ndsGROUP /usr/bin/titles
# end 8.7.1
f_cmd chown root:$ndsGROUP /usr/bin/ndsbackup.sh
f_cmd chown root:$ndsGROUP /usr/bin/ndscheck.sh
f_cmd chown root:$ndsGROUP /usr/bin/autodsrp.sh
f_cmd chown root:$ndsGROUP /usr/bin/dsrmenu.sh
f_cmd chown root:$ndsGROUP /usr/bin/ice
f_cmd chown root:$ndsGROUP /usr/bin/ldapconfig
f_cmd chown root:$ndsGROUP /usr/bin/ndsbackup
f_cmd chown root:$ndsGROUP /usr/bin/ndsconfig
#f_cmd chown root:$ndsGROUP /usr/bin/pkiconfig
f_cmd chown root:$ndsGROUP /usr/bin/ndsimonitor
f_cmd chown root:$ndsGROUP /usr/bin/ndslogin
f_cmd chown root:$ndsGROUP /usr/bin/ndsmerge
f_cmd chown root:$ndsGROUP /usr/bin/ndssch
f_cmd chown root:$ndsGROUP /usr/bin/ndsstat
f_cmd chown root:$ndsGROUP /usr/bin/ndstrace
f_cmd chown root:$ndsGROUP /usr/bin/ndsrepair
f_cmd chown root:$ndsGROUP /usr/bin/slpinfo
# Check for existance of DirXML
f_dirxmlinstallcheck
if [ "$THISERROR" -eq "0" ]
then
f_cmd chown root:$ndsGROUP /usr/bin/dxmlconfig
f_cmd chown root:$ndsGROUP /usr/bin/dirxml_jremote
f_cmd chown root:$ndsGROUP /usr/bin/dxmldrvconfig
f_cmd chown root:$ndsGROUP /usr/bin/rdxml
fi
f_cmd chmod 554 /usr/bin/ndsunix.sh
# added for 8.7.1
f_cmd chmod 554 /usr/bin/edirutil
f_cmd chmod 554 /usr/bin/nmasinst
f_cmd chmod 554 /usr/bin/ndssnmp
f_cmd chmod 554 /usr/bin/ndssnmpconfig
f_cmd chmod 554 /usr/bin/ndssnmpsa
# For Ice Generation of LDIFs
f_cmd chmod 554 /usr/bin/attrs
f_cmd chmod 554 /usr/bin/cities
f_cmd chmod 554 /usr/bin/company
f_cmd chmod 554 /usr/bin/domain
f_cmd chmod 554 /usr/bin/ether
f_cmd chmod 554 /usr/bin/first
f_cmd chmod 554 /usr/bin/initial
f_cmd chmod 554 /usr/bin/lastnames
f_cmd chmod 554 /usr/bin/titles
# end 8.7.1
f_cmd chmod 554 /usr/bin/dsrmenu.sh
# ndsrepair.sh not used anymore
# f_cmd chmod 444 /usr/bin/ndsrepair.sh
f_cmd chmod 554 /usr/bin/ndsbackup.sh
f_cmd chmod 554 /usr/bin/ndscheck.sh
f_cmd chmod 554 /usr/bin/autodsrp.sh
f_cmd chmod 554 /usr/bin/ice
f_cmd chmod 554 /usr/bin/ldapconfig
f_cmd chmod 554 /usr/bin/ndsbackup
# Doesn't exist
#f_cmd chmod 554 /usr/bin/ndscfg
f_cmd chmod 554 /usr/bin/ndsconfig
#f_cmd chmod 554 /usr/bin/pkiconfig
# NMAS not currently installed by b1nds-base.sh
#f_cmd chmod 554 /usr/bin/nmasconfig
f_cmd chmod 554 /usr/bin/ndsimonitor
f_cmd chmod 554 /usr/bin/ndslogin
f_cmd chmod 554 /usr/bin/ndsmerge
f_cmd chmod 554 /usr/bin/ndssch
f_cmd chmod 554 /usr/bin/ndsstat
f_cmd chmod 554 /usr/bin/ndstrace
f_cmd chmod 554 /usr/bin/ndsrepair
f_cmd chmod 554 /usr/bin/slpinfo
# not used:
f_cmd chmod 554 /usr/bin/slpuasa
# Check for existance of DirXML
f_dirxmlinstallcheck
if [ "$THISERROR" -eq "0" ]
then
f_cmd chmod 554 /usr/bin/dxmlconfig
f_cmd chmod 554 /usr/bin/dirxml_jremote
f_cmd chmod 554 /usr/bin/dxmldrvconfig
f_cmd chmod 554 /usr/bin/rdxml
fi
#/usr/sbin
f_write_and_log "\n/usr/sbin"
f_cmd chmod 540 /usr/sbin/nds-uninstall
f_cmd chmod 540 /usr/sbin/ndsd
# ConsoleOne:
#f_cmd chmod 540 /usr/sbin/c1-uninstall
#f_cmd chmod 540 /usr/sbin/niciver
#f_cmd chmod 540 /usr/sbin/nicivercl
#f_cmd chmod 540 /usr/sbin/niciverd
#f_cmd chmod 540 /usr/sbin/nldap
#f_cmd chmod 540 /usr/sbin/npki
#/usr/ldaptools/bin
f_write_and_log "\n/usr/ldaptools/bin"
f_cmd chgrp -R $ndsGROUP /usr/ldaptools/*
f_cmd chmod -R 550 /usr/ldaptools/bin/*
#iMonitor conf file
f_write_and_log "\n/etc/ndsimon"
f_cmd chgrp $ndsGROUP /etc/ndsimon.conf
f_cmd chmod 660 /etc/ndsimon.conf
#/var
f_write_and_log "\n/var"
# nds-install normally creates
if [ ! -f /var/nds-install.log ]; then
f_cmd touch /var/nds-install.log
fi
# JPMorgan Chase scripts create and update this log
if [ ! -f /var/b1nds.log ]; then
f_cmd touch /var/b1nds.log
fi
f_cmd chgrp $ndsGROUP /var/nds-install.log
f_cmd chgrp $ndsGROUP /var/b1nds.log
f_cmd chmod 660 /var/nds-install.log
f_cmd chmod 660 /var/b1nds.log
#/var/nds
f_write_and_log "\n/var/nds"
f_cmd chgrp $ndsGROUP /var/nds
f_cmd chmod 775 /var/nds
# ndsrepair normally creates
if [ ! -f /var/nds/ndsrepair.log ]; then
f_cmd touch /var/nds/ndsrepair.log
fi
# ndstrace normally creates:
if [ ! -f /var/nds/ndstrace.log ]; then
f_cmd touch /var/nds/ndstrace.log
fi
# ndsbackup.sh normally creates
if [ ! -f /var/nds/ndsbackup.log ]; then
f_cmd touch /var/nds/ndsbackup.log
fi
# ndscheck.sh normally creates
if [ ! -f /var/nds/ndscheck.log ]; then
f_cmd touch /var/nds/ndscheck.log
fi
# ndsbackup.sh normally creates
if [ ! -f /var/nds/.dsbackup ]; then
f_cmd touch /var/nds/.dsbackup
fi
# autodsrp.sh normally creates
if [ ! -f /var/nds/autodsrp.log ]; then
f_cmd touch /var/nds/autodsrp.log
fi
# f_ndsbase script creates this file
if [ ! -f /var/nds/version.txt ]; then
f_cmd touch /var/nds/version.txt
fi
f_cmd chgrp $ndsGROUP /var/nds/ndsd.log
f_cmd chgrp $ndsGROUP /var/nds/schema.log
f_cmd chgrp $ndsGROUP /var/nds/ndsrepair.log
f_cmd chgrp $ndsGROUP /var/nds/ndstrace.log
f_cmd chgrp $ndsGROUP /var/nds/autodsrp.log
f_cmd chgrp $ndsGROUP /var/nds/ndsbackup.log
f_cmd chgrp $ndsGROUP /var/nds/ndscheck.log
f_cmd chgrp $ndsGROUP /var/nds/version.txt
f_cmd chgrp $ndsGROUP /usr/local/shared/.sharedenv.sh
f_cmd chgrp $ndsGROUP /usr/local/shared/.sharedenv.sh.bash
f_cmd chgrp $ndsGROUP /usr/local/shared/.sharedfunctions.sh
f_cmd chgrp $ndsGROUP /var/nds/.dsbackup
f_cmd chmod 660 /var/nds/ndsd.log
f_cmd chmod 660 /var/nds/ndsrepair.log
f_cmd chmod 660 /var/nds/ndstrace.log
f_cmd chmod 660 /var/nds/autodsrp.log
f_cmd chmod 660 /var/nds/ndsbackup.log
f_cmd chmod 660 /var/nds/ndscheck.log
f_cmd chmod 660 /var/nds/version.txt
f_cmd chmod 660 /usr/local/shared/.sharedenv.sh
f_cmd chmod 660 /usr/local/shared/.sharedenv.sh.bash
f_cmd chmod 660 /usr/local/shared/.sharedenv.sh_functions
f_cmd chmod 660 /var/nds/.dsbackup
if [ -f /usr/local/shared/.sharedenv.sh.local ]; then
f_cmd chgrp $ndsGROUP /usr/local/shared/.sharedenv.sh.local
f_cmd chmod 660 /usr/local/shared/.sharedenv.sh.local
fi
if [ -d /var/nds/certserv ]; then
f_cmd chmod 775 /var/nds/certserv
fi
#/var/nds/dib
f_write_and_log "\n/var/nds/dib"
# If ndsd dumps its core, we need to be able to read it
if [ ! -f /var/nds/dib/core ]; then
f_cmd touch /var/nds/dib/core
fi
# DirXML will create
if [ ! -f /var/nds/dib/DIRXML.LOG ]; then
f_cmd touch /var/nds/dib/DIRXML.LOG
fi
f_cmd chgrp $ndsGROUP /var/nds/dib
f_cmd chmod 755 /var/nds/dib
f_cmd chgrp $ndsGROUP /var/nds/dib/_ndsdb.ini
f_cmd chgrp $ndsGROUP /var/nds/dib/core
f_cmd chgrp $ndsGROUP /var/nds/dib/DIRXML.LOG
f_cmd chmod 660 /var/nds/dib/_ndsdb.ini
f_cmd chmod 660 /var/nds/dib/core
f_cmd chmod 660 /var/nds/dib/DIRXML.LOG
#/var/nds/dxml
f_dirxmlinstallcheck
if [ "$THISERROR" -eq "0" ]
then
f_write_and_log "\n/var/nds/dxml"
f_cmd chgrp $ndsGROUP /var/nds/dxml
f_cmd chmod 775 /var/nds/dxml
f_cmd chmod g+s /var/nds/dxml
f_cmd chgrp -R $ndsGROUP /var/nds/dxml/*
f_cmd chmod -R 660 /var/nds/dxml/*
fi
#/var/nds/MIME
f_write_and_log "\n/var/nds/MIME"
f_cmd chgrp $ndsGROUP /var/nds/MIME
f_cmd chmod 775 /var/nds/MIME
f_cmd chgrp -R $ndsGROUP /var/nds/MIME/*
f_cmd chmod -R 660 /var/nds/MIME/*
#/usr/lib/nds-schema
f_cmd chgrp -R $ndsGROUP /usr/lib/nds-schema/*
f_cmd chmod -R 660 /usr/lib/nds-schema/*
#/usr/lib/nds-modules
f_write_and_log "\n/usr/lib/nds-modules"
for dir in `ls -d /usr/lib/nds-modules/j2re* /usr/lib/nds-modules/jre`; do
f_cmd chgrp -h $ndsGROUP $dir
f_cmd chmod 775 $dir
done
f_cmd chown -h $ndsUSER /usr/lib/nds-modules/jre
f_dirxmlinstallcheck
if [ "$THISERROR" -eq "0" ]
then
#/usr/lib/dirxml/classes
f_write_and_log "\n/usr/lib/dirxml/classes"
for src in `cd config; ls *.jar; cd ..`; do
f_cmd chgrp $ndsGROUP /usr/lib/dirxml/classes/$src
f_cmd chmod 770 /usr/lib/dirxml/classes/$src
done
fi
#/var/novell
f_write_and_log "\n/var/novell"
f_cmd chgrp $ndsGROUP /var/novell
f_cmd chmod 755 /var/novell
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END f_osperms\n"
}
######################################################################
# Subroutine to backup files
#####################################################################
f_bkup ()
{
dest=$1
if [ -f $dest ]; then
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Backing up to $dest.$DATE"
f_cmd cp -p $dest $dest.$DATE
f_cmd chown 440 $dest.$DATE
fi
}
##########################################################################
#f_backupcheckcore
# Checks to see if there is a core file and changes permissions
# Must be run as 'root'
# from: ndsbackup.sh
##########################################################################
f_backupcheckcore ()
{
if [ -f /var/nds/dib/core ]
then
f_write_and_log "\nFound /var/nds/dib/core; resetting permissions for analysis and removal..."
f_cmd "chown $ndsUSER:$ndsGROUP /var/nds/dib/core"
fi
}
##########################################################################
# Checks for Backup Archives older than MTIME and deletes
# Requires root
# from: ndsbackup.sh
##########################################################################
f_backupcleanarchive ()
# Arg_1 =Directory to check
# Arg_2 = File name. Can be wild cards
# Arg_3 = TIME in days that files will be deleted
{
# Cleanup old DIB archives
f_write_and_log "\nCleaning up $1/$2* $3 + days old..."
f_cmd "find $1 -type f -name "$2*" -mtime +$3 -exec ls -1 {} \; -exec rm {} \;"
}
##########################################################################
# ndsbackup Takes paramerter to determine execution method
# Requires root
# This is the primary ndsbackup routine. If a varible is passed in, it will do
# different tricks
# -PREP Create login account in NDS for ndsbackup (once only)
# -RPW Reset password for existing NDS DSbackup user
# -RC DIB backup (stops/starts eDirectory)
# -RCNDB DIB backup (stops eDirectory No Restart)
# -H This help
# anythingelse Archive full contents of eDirectory -- objects and schema
# -- can be run as non-root user
# from: ndsbackup.sh
##########################################################################
f_backupnds ()
# Arg_1 =Comand line input
{
# Read command line parameter into a variable
param=`echo $1|tr "[:lower:]" "[:upper:]"`
# Save current and log file and set Log file specific to this process
i_log=$LOGFILE
LOGFILE=/var/nds/ndsbackup.log
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: BEGIN backupnds\n"
EMAIL_BODY=/tmp/tmp.ndsbackup.$$ # Temp file to hold email message
# Environment
PATH=$PATH:/usr/local/bin
export PATH
# Set MTIME Archive files located in $bkupDIR older than this are deleted
MTIME=${MTIME:=7}
if [ ! -d $bkupDIR ]
then
printf "\nTarget directory ($bkupDIR) specified in"
printf " /usr/local/shared/.sharedenv.sh does not exist!!\n"
printf " \nHave you run Modify Install ? "
printf "You may need to create this directory manually"
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END f_backupnds ${param}"
return 1
fi
f_write_and_log "\n bakupnds parameter ${param}"
case $param in
-PREP)
# Get the Admin password
f_askndspassword
f_retrycommand f_checkpassword
f_backupidcreate
# Reset backup user ID password
f_backuppwdreset
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END f_backupnds ${param}"
return 0
;;
-RPW)
# Get the Admin password
f_askndspassword
f_retrycommand f_checkpassword
# Reset backup user ID password
f_backuppwdreset
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END f_backupnds ${param}"
return 0
;;
-H)
printf "\nUsage:\t(no params)\tArchive objects and schema"
printf "\n\t\t-prep\tCreate login account for ndsbackup (once only)"
printf "\n\t\t-rpw\tReset password for existing DSbackup user"
printf "\n\t\t-rc\tDIB backup (stops/starts eDirectory)"
printf "\n\t\t-h\tThis help"
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END f_backupnds ${param}"
return 0
;;
-RC)
f_backupdib
;;
-RCNDB)
f_backupdib 1
;;
*)
echo $param
f_backupfulldirectory
;;
esac
if [ $? -ne 0 ]
then
f_write_and_log "\nUnexpected error."
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END bakupnds parameter: $param"
# Reset logfile to where we started
LOGFILE=$i_log
return 1
fi
# zip it & chown it to ndsuser owner
f_cmd "gzip $TARBALL"
f_cmd "chown $ndsUSER:$ndsGROUP $TARBALL*"
f_cmd "chmod 640 $TARBALL*"
# Send to remote hosts if desired (need ssh public keys configured)
#for host in $bkupHOSTS; do
# if [ "x$host" != "x`hostname`" ]; then
# f_cmd "/usr/local/bin/scp $TARBALL.gz $ndsUSER@$host:$bkupDIR"
# fi
#done
# Reset logfile to where we started
LOGFILE=$i_log
unset ilog
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END bakupnds parameter: $param\n"
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Review: /var/nds/ndsbackup.log"
}
##########################################################################
# backupDIB
# Backup image of eDirectory DIB -- temporarily closes database
# Must be run as root
# RESTART=0 or not set, then we will start eDirectory
# Otherwise we will not
# 8/1/2005
# JGJ -- Exclude /var/nds/iim that exists on some IT Risk servers
##########################################################################
f_backupdib()
{
RESTART=$1
if [ -z "$RESTART" ]
then
RESTART="0"
fi
id=`id | awk '{print $1}'|awk -F"=" '{print $2}'|awk -F"(" '{print $1}'`
if [ $id != 0 ]
then
f_write_and_log "\nYou must have root permissions to make an image of the DIB."
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END $0\n"
exit 1
fi
f_backupcleanarchive $bkupDIR $SERVERNAME $MTIME
f_backupcheckcore
# Set tarball name
TARBALL=$bkupDIR/$SERVERNAME-`date +%Y%m%d_%H%M`.tar
# Check Disk SpacE (max needed so far = 400M for tarball + 150M gzip)
availableBytes="`df -k $bkupDIR | tail -1 | awk '{print $4}'`"
if [ $availableBytes -lt $availableBytesRequired ]
then
MSG="`hostname` [$0]: ERROR: Insufficient disk space for backup - `date`"
echo $MSG
df -k
date > $EMAIL_BODY
printf "\n$MSG\n" >> $EMAIL_BODY
printf "\nRequired : $availableBytesRequired" >> $EMAIL_BODY
printf "\nAvailable: $availableBytes\n" >> $EMAIL_BODY
df -k >> $EMAIL_BODY
$mailer -s"$MSG" $EMAIL_NOTIFY < $EMAIL_BODY
rm -f $EMAIL_BODY
f_write_and_log "\n$MSG"
f_write_and_log "$EMAIL_BODY"
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END backupdib\n"
exit 1
fi
# Stop eDirectory
f_cmd /etc/init.d/nds stop
f_waitforndsstop 60
# Make copies of conf files under $edirPATH/conf.bak
if [ ! -d $edirPATH/conf.bak ]
then
f_cmd mkdir $edirPATH/conf.bak
fi
f_cmd cp $edirconfigDIR/hosts.nds $edirPATH/conf.bak
f_cmd cp $edirconfigDIR/nds.conf $edirPATH/conf.bak
f_cmd cp $edirconfigDIR/init.d/nds $edirPATH/conf.bak
f_cmd cp /etc/ndsimon.conf $edirPATH/conf.bak
f_cmd cp $edirdibPATH/_ndsdb.ini $edirPATH/conf.bak
current_dir=`pwd`
# Tar up the /var/nds and /var/novell directory - Restart nds when done
cd $edirPATH; cd ..
printf "\nWorking Directory: `pwd`\n"
touch $TARBALL
find . -type f -print|egrep "$SERVERNAME.*tar|$TREENAME.*tar">/tmp/ndsbackup-exclude
# Don't backup core files
echo ./nds/dib/core>>/tmp/ndsbackup-exclude
# Don't backup temp files
echo ./nds/temp>>/tmp/ndsbackup-exclude
# Don't backup IT Risk files
echo ./nds/iim>>/tmp/ndsbackup-exclude
# Run the proper TAR command-line for the host OS
case $HostOS in
Linux)
f_cmd "tar -cf $TARBALL -X /tmp/ndsbackup-exclude ./nds"
;;
SunOS)
f_cmd "tar -cfX $TARBALL /tmp/ndsbackup-exclude ./nds"
;;
*)
f_write_and_log "\nABORTING -- Unrecognized OS version: $HostOS"
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END backupdib\n"
return 1
;;
esac
f_cmd "tar -uf $TARBALL ./novell"
rm -f /tmp/ndsbackup-exclude
# Pass argument to restart or not.....
if [ "$RESTART" -ne "0" ]
then
f_write_and_log "eDirectory will not be restarted"
else
f_cmd f_edirautostart
$bindir/ndsstat>/dev/null 2>&1
if [ $? -ne 0 ]
then
MSG="$HOSTNAME [$0]: ERROR: eDirectory failed to restart - `date`"
printf "\n$MSG\n" > $EMAIL_BODY
printf "Output from ndsstat:\n" >> $EMAIL_BODY
printf "####################\n" >> $EMAIL_BODY
$bindir/ndsstat >> $EMAIL_BODY 2>&1
# Send a shorter version of message to pagers
$mailer -s"$HOSTNAME [ndsbackup.sh]: ERROR: eDirectory failed to restart" $EMAIL_URGENT < $EMAIL_BODY
# Send more detail to e-mail users
printf "\nExcerpt from /var/nds/ndsd.log:\n" >> $EMAIL_BODY
printf "####################\n" >> $EMAIL_BODY
tail -128 /var/nds/ndsd.log >> $EMAIL_BODY
$mailer -s"$MSG" $EMAIL_NOTIFY < $EMAIL_BODY
f_write_and_log "`cat $EMAIL_BODY`"
rm -f $EMAIL_BODY
fi
fi
cd $current_dir
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END backupdib\n"
}
##########################################################################
# backupFullDirectory
# Archive full contents of eDirectory -- objects and schema
# Created from live database -- can be run as non-root user
# from: ndsbackup.sh
##########################################################################
f_backupfulldirectory ()
{
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: BEGIN f_backupfulldirectory"
#Cleanup old ndstar archives
f_backupcleanarchive $bkupDIR $TREENAME $MTIME
# Set tarball name
TARBALL=$bkupDIR/$TREENAME-`date +%Y%m%d_%H%M`.ndstar
# Check Disk Space (max needed so far = 400M for tarball + 150M gzip)
availableBytes="`df -k $bkupDIR | tail -1 | awk '{print $4}'`"
if [ $availableBytes -lt $availableBytesRequired ]
then
MSG="`hostname` [$0]: ERROR: Insufficient disk space for backup - `date`"
printf "$MSG\n"
df -k
date > $EMAIL_BODY
printf "\n$MSG\n" >> $EMAIL_BODY
printf "\nRequired : $availableBytesRequired" >> $EMAIL_BODY
printf "Available: $availableBytes\n" >> $EMAIL_BODY
df -k >> $EMAIL_BODY
$mailer -s"$MSG" $EMAIL_NOTIFY < $EMAIL_BODY
rm -f $EMAIL_BODY
f_write_and_log "\n$MSG"
f_write_and_log "$EMAIL_BODY"
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END f_backupfulldirectory\n"
exit 1
fi
f_write_and_log "\n$TARBALL $SERVERNAME-DSbackup.Administration.$BaseDNdot"
# We need to have the DSbackup user created and the file for the password. If not there Do something else
if [ ! -f /var/nds/.dsbackup ]
then
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: DSbackup needs PREP performed! f_backupfulldirectory "
return 1
else
ndsbackup cf $TARBALL -a $SERVERNAME-DSbackup.Administration.$BaseDNdot `cat /var/nds/.dsbackup`
fi
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END f_backupfulldirectory\n"
}
##########################################################################
#Creates NDS user as $SERVERNAME-DSbackup,ou=Administration,$BaseDN
# -Assigns user random password
# -Sets networkAddressRestriction to this server's IPAddress
# from: ndsbackup.sh
##########################################################################
f_backupidcreate ()
{
#echo $SERVERIP
# Convert IP to uuencoded string for use in User Network Address Restriction attribute
oct1=`echo $SERVERIP | awk -F. '{print $1}'`
oct2=`echo $SERVERIP | awk -F. '{print $2}'`
oct3=`echo $SERVERIP | awk -F. '{print $3}'`
oct4=`echo $SERVERIP | awk -F. '{print $4}'`
# Convert each octet to hex (not needed, but left here for future reference)
#hexIP=`perl -e "printf '%02X%02X%02X%02X',$oct1,$oct2,$oct3,$oct4"`
#asciiIP=`perl -e "print chr($oct1),chr($oct2),chr($oct3),chr($oct4)"`
addrRestrict=`perl -I/var/nds -MMIME::Base64 -e "print encode_base64('1#'.chr($oct1).chr($oct2).chr($oct3).chr($oct4),'')"`
#addrRestrict=`perl -I/var/nds -MMIME::Base64 -e "print encode_base64('1#$asciiIP','')"`
# Unlock LDAP to perform unencrypted operations
lock=0 # 0=unlock, any other=lock
f_lockldap $lock
# Create the user ID
$LDAPMODIFY -D$ADMIN -w$PASS <<EOL
dn: cn=$SERVERNAME-DSbackup,ou=Administration,$BaseDN
changetype: add
uid: $SERVERNAME-DSbackup
Language: ENGLISH
sn: $SERVERNAME-DSbackup
passwordAllowChange: FALSE
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: ndsLoginProperties
objectClass: top
networkAddressRestriction:: $addrRestrict
cn: $SERVERNAME-DSbackup
ACL: 2#subtree#cn=$SERVERNAME-DSbackup,ou=Administration,$BaseDN#[All Attributes Rights]
ACL: 6#entry#cn=$SERVERNAME-DSbackup,ou=Administration,$BaseDN#loginScript
ACL: 2#entry#[Public]#messageServer
ACL: 2#entry#[Root]#groupMembership
ACL: 6#entry#cn=$SERVERNAME-DSbackup,ou=Administration,$BaseDN#printJobConfiguration
ACL: 2#entry#[Root]#networkAddress
dn:
changetype: modify
add: ACL
ACL: 31#subtree#cn=$SERVERNAME-DSbackup,ou=Administration,$BaseDN#[Entry Rights]
ACL: 15#subtree#cn=$SERVERNAME-DSbackup,ou=Administration,$BaseDN#[All Attributes Rights]
-
EOL
f_lockldap $wasLocked
}
##########################################################################
# ResetPW resets the DSBackup password for this server
# Requires root SERVERNAME LDAPMODIFY ADMIN PASS BaseDN
# from: ndsbackup.sh
##########################################################################
f_backuppwdreset ()
{
# Pick new "random" string
newRand="`date +%Y%m%d_%H%M`-`perl -e 'print rand(10000)'`"
# Unlock LDAP to perform unencrypted operations
lock=0 # 0=unlock, any other=lock
f_lockldap $lock
# Set the password
$LDAPMODIFY -D$ADMIN -w$PASS <<EOL
dn: cn=$SERVERNAME-DSbackup,ou=Administration,$BaseDN
changetype: modify
replace: userPassword
userPassword: $newRand
EOL
echo "-p $newRand">/var/nds/.dsbackup
unset newRand
f_lockldap $wasLocked
}
######################################################################
# Start ndstrace to determine when new replica add is complete
# Can't seem to get NDSTRACE to setup correctly by command line
#####################################################################
f_monitorreplicaadd ()
{
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Begin f_monitorreplicaadd"
$bindir/ndstrace -l > /tmp/trace$$.log 2>/dev/null &
# Loop until ndstrace loads
printf "\nWaiting for ndstrace to initialize..."
while [ -z "`ndstrace -c modules|grep 'dstrace.*Running'`" ]
do
printf "."
done
sleep 2
printf "done.\n"
$bindir/ndstrace -c "set dstrace=NODEBUG;dstrace +TIME +PART">/dev/null 2>&1
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END f_monitorreplicaadd"
}
f_waitreplicaadd ()
{
printf "%s" "Waiting 2 minutes for new replica add..."
f_write_log "Waiting 2 minutes for new replica add..."
MAXRETRY=120
replicaState=`tr -dc "[:alnum:][:space:][:punct:]"</tmp/trace$$.log|grep "Removing TRANSITION_ON partition flag for"`
while [ -z "$replicaState" -a $MAXRETRY -gt 0 ]; do
MAXRETRY=`expr $MAXRETRY - 1`; printf "."
sleep 1
replicaState=`tr -dc "[:alnum:][:space:][:punct:]"</tmp/trace$$.log|grep "Removing TRANSITION_ON partition flag for"`
done
if [ -z "$replicaState" ]; then
printf "Continue waiting ([Y]/n)?: "
read ans
if [ "x$ans" != "xn" ]; then
MAXRETRY=1080
replicaState=`tr -dc "[:alnum:][:space:][:punct:]"</tmp/trace$$.log|grep "Removing TRANSITION_ON partition flag for"`
while [ -z "$replicaState" -a $MAXRETRY -gt 0 ]; do
MAXRETRY=`expr $MAXRETRY - 1`
clear
printf "\n$BeginTIME: Waiting up to 18 hours for new replica add...\n\n"
f_write_log "\n$BeginTIME: Waiting up to 18 hours for new replica add...\n"
tail -14 /tmp/trace$$.log
printf "\nChecking every 60 seconds; last checked: `date '+%Y-%m-%d %H:%M:%S'`\n"
printf "Minutes elapsed: `expr 1082 - $MAXRETRY`\n"
sleep 60
replicaState=`tr -dc "[:alnum:][:space:][:punct:]"</tmp/trace$$.log|grep "Removing TRANSITION_ON partition flag for"`
done
if [ -z "$replicaState" ]; then
f_f_write_and_log "not complete."
f_write_and_log "(Replica add did not finish)"
$bindir/ndstrace -u
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END $0\n"
exit 1
fi
clear
printf "\n$BeginTIME: Waiting up to 18 hours for new replica add...\n\n"
f_write_and_log `tail -14 /tmp/trace$$.log`
f_write_and_log "\nMinutes elapsed: `expr 1082 - $MAXRETRY`"
fi
fi
f_write_and_log "done."
$bindir/ndstrace -u
rm -f /tmp/trace$$.log
}
#####################################################################
# Check to see that ntp is running
#####################################################################
f_checkntp()
{
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Checking ntp configuration f_checkntp"
i_modified=0
if [ -z "`ps -A |grep 'ntp'`" ]
then
i_msg="Please Start the NTP Client Service."
f_write_log "\n`date '+%Y-%m-%d %H:%M:%S'`: $i_msg f_checkntp"
f_pressanykey "$i_msg Press <Enter> to continue"
i_modified=1
unset i_msg
fi
if [ -z "`cat /etc/ntp.conf|grep '$NTP1'`" ]
then
i_msg="Please check /etc/ntp.conf for proper entries."
f_write_log "\n`date '+%Y-%m-%d %H:%M:%S'`: $i_msg f_checkntp"
f_pressanykey "$i_msg Press <Enter> to continue"
i_modified=1
unset i_msg
fi
if [ $i_modified -eq 0 ]
then
i_msg="ntp appears to be setup correctly"
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: $i_msg f_checkntp"
fi
unset i_modified
}
#####################################################################
# Check if snmp is setup
#####################################################################
f_snmpcheck()
{
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Checking SNMP Config f_snmpcheck"
i_modified=0
case $HostOS in
Linux)
if [ -z "`rpm -qa | grep -i ucd-snmp`" ]
then
i_msg="Please install the ucd-snmp-utils RPMs."
f_pressanykey "$i_msg Press <Enter> to continue"
i_modified=1
unset i_msg
fi
if [ -z "`rpm -qa | grep -i NOVLsnmp`" ]
then
i_msg="NOVLsnmp is not Installed!"
f_pressanykey "$i_msg Press <Enter> to continue"
i_modified=1
unset i_msg
fi
if [ -z "`rpm -qa | grep -i NOVLsnmp`" ]
then
i_msg="NOVLsnmp is not Installed!"
f_pressanykey "$i_msg Press <Enter> to continue"
i_modified=1
unset i_msg
fi
if [ -z "`ps -A |grep 'snmpd'`" ]
then
i_msg="Master Agent snmpd is not Running! To Start execute /etc/rc.d/init.d/snmpd start "
f_pressanykey "$i_msg Press <Enter> to continue"
i_modified=1
unset i_msg
fi
;;
SunOS)
;;
*)
f_write_and_log "\nABORTING -- Unrecognized OS version: $HostOS"
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END $0\n"
f_fatalexiterror "Unrecognized OS version"
;;
esac
if [ $i_modified -eq 0 ]
then
i_msg="SNMP appears to be setup correctly"
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: $i_msg f_snmpcheck"
fi
unset i_modified
}
#####################################################################
# check to see if any servers in Tree are out of sync
#####################################################################
f_checktimesync()
{
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Checking TimeSync f_checktimesync"
i_modified=0
i_test=`ndsrepair -T|grep 'No '|wc -l`
if [ $i_test -ne 0 ]
then
i_msg="Please Check TimeSync on all servers in this Tree."
f_pressanykey "$i_msg Press <Enter> to continue"
unset i_msg
fi
unset i_test
if [ $i_modified -eq 0 ]
then
i_msg="Servers are in TimeSync"
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: $i_msg f_checktimesync"
fi
unset i_modified
}
#####################################################################
# Verify password entry is valid
# Accepts argument for remote IP address (e.g. when using f_ndsintotree);
# will use either $MASTERIP or 127.0.0.1 as default value
# Assumes eDirectory is running on local or remote server
# Returns 0 or 1 (0=good=true, 1=bad=false)
# Use in conjunction with f_retrycommand to let user try password
# entry again:
# f_retrycommand f_checkpassword
#
#####################################################################
f_checkpassword ()
{
checkpasswordIP=$1
checkpasswordIP=${checkpasswordIP:=$MASTERIP}
checkpasswordIP=${checkpasswordIP:="127.0.0.1"}
THISERROR=1
ndslogin -t $TREENAME -h $checkpasswordIP -p $PASS $ADMINDOT > /dev/null 2>&1
if [ $? -eq 0 ]
then
THISERROR=0
else
THISERROR=1
fi
return $THISERROR
}
#####################################################################
# Get user response to query in terms of y or n
# y will return 1
# n will return 0
# q will exit with 1
#####################################################################
f_checkyorn ()
# arg_@=promptMessage(s)
{
#shift
ckyornstr="$1"
ans=""
while [ -z "$ans" ] || [ "$ans" = "ERRVAL" ]
do
#str1=`install "$ckyornstr"`
printf "\n$ckyornstr [y/n/q]? "
read ans
ans=`echo $ans | tr "[:upper:]" "[:lower:]"`
case $ans in
y|yes)
return 1 ;;
n|no)
return 0 ;;
q|quit)
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: $ckyornstr: Aborted program!"
exit 1
;;
*) str1="Invalid option : "
echo "$instr $str1$ans"
ans="ERRVAL"
;;
esac
done
}
#####################################################################
# Routine to check for and trap general error
# if Arg_1 is NOT 0, then we prompt
#####################################################################
f_checkerror ()
# Arg_1 = Error as numeric
# Arg_2 = Prompt Error message as string
{
errCode=$1
msg=$2
if [ $errCode -ne 0 ]; then
validSel=0
while [ $validSel -eq 0 ]
do
if [ ! -z "$msg" ]
then
printf "$msg\n"
fi
printf "Do you want to [A]bort or [C]ontinue? "
read handleErr
case $handleErr in
a|A)
validSel=1
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END checkerror\n"
exit 1
;;
c|C)
validSel=1
f_write_and_log "** WARNING ** Continuing, but configuration may not be complete!!\n"
;;
d|D)
validSel=1
f_write_and_log "** WARNING ** Continuing, but configuration may not be complete!!\n"
f_debug
;;
esac
done
fi
unset msg
unset errCode
}
######################################################################
# Routine to retry a command until it works
# Requires the command return an error code 0=success
# Non succuess prompts user for action.
######################################################################
f_retrycommand ()
{
keep_trying=1
while [ $keep_trying -ne 0 ]
do
eval $*
es=$?
if [ $es -eq 0 ]
then
keep_trying=0
else
printf "\n[R]etry, re-enter [P]assword and retry, or [F]ail? (r/p/f) "
read val
case $val in
p*|P*)
f_askndspassword
keep_trying=1
;;
f*|F*)
f_checkerror $es
keep_trying=0
;;
*)
keep_trying=1
;;
esac
fi
done
}
###################################################################
# Get Hostname from this Host
###################################################################
f_gethostname ()
{
HOSTNAME=`hostname`
}
###################################################################
# Get DNSHostname from this Host
# This does not work!
###################################################################
f_getdnshostname ()
{
DNSNAME=`hostname`$dnsdomain
}
###################################################################
# Get Hostname from this Host
###################################################################
f_getndsservername ()
{
if [ -f $bindir/ndsconfig ]
then
SERVERNAME=`$bindir/ndsconfig get n4u.nds.server-name|awk -F"=" '{print $2}'`
fi
if [ -z "$SERVERNAME" ]
then
SERVERNAME=`echo $HOSTNAME|awk -F"." '{print $1}'|tr "[:lower:]" "[:upper:]"`
fi
}
###################################################################
# Get ndstreename from this Host
###################################################################
f_getndstreename ()
{
if [ -f $bindir/ndsconfig ]
then
TREENAME=`$bindir/ndsconfig get n4u.base.tree-name|awk -F"=" '{print $2}'`
else
TREENAME=""
fi
}
###################################################################
# Check to make sure nici is not installed in CLient Mode
###################################################################
###################################################################
# Get HOST IP Address from /etc/hosts
###################################################################
f_OLDgethostipaddress ()
{
SERVERIP=`cat /etc/hosts|grep "$HOSTNAME"|head -n 1|awk '{print $1}'`
if [ "$SERVERIP" = "127.0.0.1" ]
then
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Server IP Address $SERVERIP is incorrect in /ect/hosts"
f_fatalexiterror "Please correct IP Address and Retry!"
fi
}
###################################################################
# Get HOST IP Address from DNS
# 2005-08-28 Changed to not use DNSNAME which does not work.
###################################################################
f_gethostipaddress ()
{
case $HostOS in
Linux)
#SERVERIP=`ping -c 1 $DNSNAME| awk -F'(' '{print $2}'|awk -F')' '{print $1}'`
SERVERIP=`ping -c1 $HOSTNAME| awk -F'(' '{print $2}'|awk -F')' '{print $1}'|sed 1q`
;;
SunOS)
SERVERIP=`ping -a $HOSTNAME| awk -F'(' '{print $2}'|awk -F')' '{print $1}'`
#ping -a $DNSNAME| awk -F'(' '{print $2}'|awk -F')' '{print $1}'
;;
*)
f_fatalerror "Unrecognized OS version: $HostOS"
;;
esac
if [ -z "$SERVERIP" ]
then
f_askndspassword
f_retrycommand f_checkpassword
fi
}
###################################################################
# Get TREE Master from Console
###################################################################
f_askmasterip ()
{
printf "\nInput $TREENAME nearest replica server IP address: "
read MASTERIP
printf "\nRunning ndsstat -h$MASTERIP (break out if long wait due to wrong ip):\n\n"
cmdOutput=`ndsstat -h$MASTERIP`; f_write_and_log "$cmdOutput"
}
###################################################################
# ASKt tree name from Console
###################################################################
f_asktreename ()
{
printf "\nInput Tree Name: "
read TREENAME
TREENAME=`echo $TREENAME|tr "[:lower:]" "[:upper:]"`; export TREENAME
printf "\n"
}
###################################################################
# Copy version.txt file that contains the current NDS Version
# We need to just copy the file as this maybe an upgrade
###################################################################
f_createversionfile ()
{
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Copying eDirectory version marker..."
f_cmd cp ../version.txt /var/nds
}
###################################################################
# Launcher function for Novell's dsrmenu.sh script
###################################################################
f_dsrepair()
{
config/dsrmenu.sh
}
###################################################################
# Check if eDirectory is installed
# Returns 0 or 1 (0=good=true, 1=bad=false)
###################################################################
f_ndscheckinstalled ()
{
THISERROR=1
if [ -f $bindir/ndsconfig ]
then
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: eDirectory is installed.\n"
THISERROR=0
else
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: eDirectory is NOT installed"
THISERROR=1
fi
return $THISERROR
}
###################################################################
# Check if eDirectory is Running
# Returns 0 or 1 (0=good=true, 1=bad=false)
###################################################################
f_ndscheckrunning ()
{
THISERROR=1
$bindir/ndsstat>/dev/null 2>&1
if [ $? -eq 0 ]
then
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: eDirectory is running.\n"
THISERROR=0
else
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: eDirectory is NOT running.\n"
THISERROR=1
fi
return $THISERROR
}
###################################################################
# Check if DirXML is installed.
# Returns 0 or 1 (0=good=true, 1=bad=false)
# pkginfo -l DXMLbase
#
###################################################################
f_dirxmlinstallcheck ()
{
THISERROR=1
if [ -f $bindir/dxmlconfig ]
then
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: DirXML IS Installed. \n"
THISERROR=0
else
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: DirXML NOT Installed. \n"
THISERROR=1
fi
return $THISERROR
}
######################################################################
# sets ldapTLSRequired to yes or no to lock or unlock use of cleartext bind
# 0 = unlock all other lock
# ldapconfig doesn't set an exit status, so f_retrycommand won't work
# When lock command is issued, a flag 'wasLocked' is set to indicate
# if LDAP was already locked (so we don't lock a server that is
# intended to be unlocked
######################################################################
f_lockldap ()
{
# Take a snapshot of the /var/nds/ndsd.log so we can detect when LDAP is working again
#cp /var/nds/ndsd.log /tmp/$$ndsd.log
arg1=$1
if [ -z "$PASS" ]
then
f_askndspassword
f_retrycommand f_checkpassword
fi
if [ $arg1 -eq 0 ]
then
# Check to see if LDAP is already unlocked
$LDAPSEARCH -b" " -sbase -D "$ADMIN" -w "$PASS">/dev/null 2>&1
if [ $? -ne 0 ]
then
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Unlocking LDAP..."
$bindir/ldapconfig -t "$TREENAME" -a $ADMINDOT -w "$PASS" -s "LDAP Enable TCP=yes","ldapTLSRequired=no","Require TLS for Simple Binds with Password=no" >/dev/null 2>&1
wasLocked=1
else
if [ -z "$wasLocked" ]
then
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: LDAP is already unlocked... will not be changed."
wasLocked=0
else
unset wasLocked
fi
fi
else
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Locking LDAP..."
$bindir/ldapconfig -t "$TREENAME" -a $ADMINDOT -w "$PASS" -s "LDAP Enable TCP=no","ldapTLSRequired=no","Require TLS for Simple Binds with Password=yes">/dev/null 2>&1
unset wasLocked
fi
#es=$?
#f_checkerror $es "Error locking or unlocking LDAP"!
sleep 1
}
######################################################################
# Enable nds to startup or
# Disable nds so it will not start
# arg_1 = 0 = disable startup
# arg_1 = 1 = enable startup
######################################################################
f_ndsstartupenable ()
{
arg1=$1
if [ $arg1 -eq 0 ]
then
if [ -f /etc/init.d/nds ]
then
f_cmd mv /etc/init.d/nds /etc/init.d/_nds
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: eDir Startup is NOT enabled. eDirectory can NOT Start."
else
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: eDir Startup command /etc/init.d/nds is missing. CORRECT THIS PROBLEM eDirectory can NOT Start."
fi
f_pressanykey "WARNING! Press <Enter> to continue."
else
if [ -f /etc/init.d/_nds ]
then
f_cmd mv /etc/init.d/_nds /etc/init.d/nds
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: eDir Startup is enabled. eDirectory can be Started."
else
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: eDir Startup command /etc/init.d/_nds is missing. eDirectory can NOT be Started."
f_pressanykey "Check $ndsUSER for Proper Home Directory Press <Enter> to continue."
fi
fi
unset arg1
}
######################################################################
# Automatically start eDirectory and wait for DB to Open
# If /etc/init.d/_nds does not exist, nds startup is disabled.
# ElseIf /etc/init.d/nds does not exist, warn.
######################################################################
f_edirautostart ()
{
if [ -f /etc/init.d/nds ]
then
$SUDO /etc/init.d/nds start
MAXRETRY=120
f_waitforndsopen $MAXRETRY
unset MAXRETRY
else
if [ -f /etc/init.d/_nds ]
then
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: eDir Startup is Disabled. eDirectory can NOT be Started."
else
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: eDir Startup command /etc/init.d/nds is missing. eDirectory can NOT be Started."
fi
f_pressanykey "WARNING! Press <Enter> to continue."
fi
}
######################################################################
# Make a common function for fatal errors to Exit script
######################################################################
f_exitiferror ()
#arg_1=error code
#arg_2=Error message
{
errCode=$1
i_msg=$2
if [ $errCode -ne 0 ]; then
str1="\nABORTING...$i_msg\n"
f_write_and_log "$i_msg: .. $str1"
exit 1
fi
}
######################################################################
# Make a common function for fatal errors to Exit script
######################################################################
f_fatalexiterror ()
#arg_1=Error message
{
i_msg="$@"
i_msg=${i_msg:="Fatal error has occurred ! From Un-defined Function"}
str1="\nABORTING...$0\n"
f_write_and_log "$i_msg: .. $str1"
f_pressanykey "Press <Enter> Key to Exit!"
exit 1
}
######################################################################
# Set grep
######################################################################
f_getXPG4grep ()
{
case $HostOS in
Linux)
XPG4grep="grep"
;;
SunOS)
XPG4grep="/usr/xpg4/bin/grep"
;;
*)
f_fatalerror "Unrecognized OS version: $HostOS"
;;
esac
}
######################################################################
# Set mailer
######################################################################
f_getmailer ()
{
case $HostOS in
Linux)
mailer="mail"
;;
SunOS)
mailer="$mailer"
;;
*)
f_fatalexiterror "Unrecognized OS version: $HostOS"
;;
esac
}
######################################################################
# gets the and OSVersion hostosarch version
# Set HostOS
######################################################################
f_gethostosversions ()
{
HostOS=`uname -s`
HostOSVer=`uname -r`
case $HostOS in
Linux)
HostOSArch=`uname -m`
OSVersion=`uname -r`
;;
SunOS)
HostOSArch=`uname -p`
OSVersion=`uname -r|awk -F"." '{print $2}'`
;;
*)
f_fatalerror "Unrecognized OS version: $HostOS"
;;
esac
}
######################################################################
# gets the Memory on this host
######################################################################
f_getmemorystats ()
{
case $HostOS in
Linux)
physMEMkb=`cat /proc/meminfo|grep "MemTotal:"|awk '{print $2}'`
physMEMmb=`expr $physMEMkb / 1024`
availMEMb=`expr $physMEMkb \* 1024`
;;
SunOS)
physMEMmb=`$sbindir/prtconf|grep "Memory"|head -n 1|awk '{print $3}'`
physMEMkb=`dmesg|grep "mem.*K"|head -n 1|awk '{print $11}'|tr -d "[:alpha:]"`
availMEMb=`dmesg|grep "avail mem"|head -n 1|awk '{print $12}'`
if [ -z "$physMEMkb" ]
then
#f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: ** Could not detect PHYSICAL memory via 'dmesg'"
physMEMkb=`expr $physMEMmb \* 1024`
fi
if [ -z "$availMEMb" ]
then
#f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: ** Could not detect AVAILABLE memory via 'dmesg'"
availMEMb=`expr $physMEMkb \* 1024`
fi
case $OSVersion in
7|8)
f_write_log "\nRunnig under Solaris $OSVersion...\n"
;;
9)
f_write_log "\nRunnig under Solaris $OSVersion...\n"
;;
*)
f_fatalerror " Unrecognized version of Solaris: $HostOSVer"
;;
esac
;;
*)
f_fatalerror "Unrecognized OS version: $HostOS"
;;
esac
}
#########################################################################
#
#########################################################################
f_gethostosarch ()
{
case $HostOS in
Linux)
;;
SunOS)
;;
*)
f_write_and_log "\nABORTING -- Unrecognized OS version: $HostOS"
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END FATAL $0\n"
exit 1
;;
esac
}
#########################################################################
# Returns the Binary version of NICI that has been installed
#########################################################################
f_nicigetversion ()
{
niciversion=""
if [ -f /etc/nici.cfg ]
then
niciversion=`grep NiciVersion /etc/nici.cfg | awk -F":" '{print $4}'`
fi
}
#########################################################################
# Returns the version of eDirectory Server Package that is installed (eg 8.7.1)
# f_getndsinstalledver
#########################################################################
f_ndsgetdotedver()
{
case $HostOS in
SunOS)
i_ndsinstalled=`pkginfo -l NDSserv | grep -i version | awk ' { print $2 } '`
;;
Linux)
i_ndsinstalled=`rpm -qa | grep -i ndsserv | awk -F"-" ' { print $2 } '`
;;
*)
f_write_and_log "\nABORTING -- Unrecognized OS version: $HostOS"
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END FATAL $0\n"
exit 1
;;
esac
if [ -z "$i_ndsinstalled" ]
then
i_ndsinstalled="No NDSserv Package Installed"
fi
}
#########################################################################
# Returns the Binary version of eDirectory that is running (eg 10532.19)
# was f_getndsversion
#########################################################################
f_ndsgetbinversion ()
{
ndsversion="N/A"
ndsversion=`ndsstat 2>/dev/null | grep "Binary Version:" |awk '{print $3}'`
if [ -z "$ndsversion" ]
then
# 8.6.x shows as NDS Version ??
ndsversion=`ndsstat 2>/dev/null | grep "NDS Version:" |awk '{print $3}'`
fi
if [ -z "$ndsversion" ]
then
ndsversion=" NDS is not running"
# versionString=$ndsversion
fi
f_write_log "Current eDirectory version is: $ndsversion"
}
##########################################################################
# Extend schema w/ Custom attributes & objectclasses
##########################################################################
f_schemaaddcustom ()
{
# To create:
# ldapsearch -L -D$ADMIN -W -bcn=schema -sbase objectclass=* > b1
# cp b1 b1.at b1.oc.ldif
# Yikes. The file is fixed width with multple lines for a single schema type.
# Get all the line back together (somewhere there was a script)
# Remove objectclasses from b1.at.ldif
# Remove attributetypes from b1.oc.ldif
# Add lines in front of each objectclasse:
# dn: cn=schema
# changetype: modify
# Add lines in front of each attributeTypes:
# dn: cn=schema
# changetype: modify
# add: attributetypes
# by running ./schema/dnaddat.pl b1.at > b1.at.ldif:
#
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Extend schema w/ Custom attributes & objectclasses"
f_retrycommand '$LDAPMODIFY -c -D "$ADMIN" -w "$PASS" -f ./schema/b1.at.ldif>>$LOGFILE 2>&1'
f_retrycommand '$LDAPMODIFY -a -c -D "$ADMIN" -w "$PASS" -f ./schema/b1.oc.ldif>>$LOGFILE 2>&1'
}
##########################################################################
# User specified LDIF file to add or change entries in directory
##########################################################################
f_importldiff ()
#arg_1=full path and name of LDIF File
{
i_file=$1
if [ -z "$i_file" ]
then
printf "%s" "Enter full path including file name of LDIFF file to impot: "
read act
i_file=$act
unset act
fi
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Importing user supplied LDIF: $i_file "
if [ -z "$PASS" ]
then
f_askndspassword
f_retrycommand f_checkpassword
fi
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Importing user supplied LDIF: $i_file "
f_retrycommand '$LDAPMODIFY -a -c -D "$ADMIN" -w "$PASS" -f $i_file>>$LOGFILE 2>&1'
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: DONE Importing user supplied LDIF: $i_file "
unset i_file
}
##########################################################################
# Extend schema for Siteminder attributes & objectclasses
##########################################################################
f_addsiteminderschema ()
{
echo "\n`date '+%Y-%m-%d %H:%M:%S'`: Extend schema w/ Netegrity attributes & objectclasses"
f_retrycommand '$LDAPMODIFY -c -D "$ADMIN" -w "$PASS" -f ./schema/siteminder-schema.ldif>>$LOGFILE 2>&1'
}
##########################################################################
# Build the DIT - Add custom LDAP Entries
# -- OUs Structure
# -- Standard Groups
# add Custom Groups and Admin Accounts
##########################################################################
f_ditcreate ()
{
# To create:
# +ldapsearch -D -W -LL objectclass=domain dc objectclass > b1.dc
# cp b1.dc ./schema
# ./schema/dnadd.pl b1.dc > ./schema/b1.dc.ldif
# +ldapsearch -D -W -LL objectclass=organizationalunit ou objectclass b1.ou
# cp b1.ou ./schema
# ./schema/dnadd.pl b1.ou > ./schema/b1.ou.ldif
#
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Build the Authentication Directory OU structure"
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: /schema/b1.ou.ldif..."
f_retrycommand '$LDAPMODIFY -c -D "$ADMIN" -w "$PASS" -f ./schema/b1.ou.ldif>>$LOGFILE 2>&1'
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Build default security groups"
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: schema/b1.sec.ldif..."
f_retrycommand '$LDAPMODIFY -c -D "$ADMIN" -w "$PASS" -f ./schema/b1.sec.ldif>>$LOGFILE 2>&1'
# Setup eDirectory path variables Not sure why we do this here ???
edirPATH=`$bindir/ndsconfig get n4u.server.vardir|awk -F"=" '{print $2}'`
edirdibPATH=`$bindir/ndsconfig get n4u.nds.dibdir|awk -F"=" '{print $2}'`
edirconfigDIR=`$bindir/ndsconfig get n4u.server.configdir|awk -F"=" '{print $2}'`
}
##########################################################################
# Create Custom Groups and LDAP Administration Accounts
##########################################################################
f_schemaadddelta ()
{
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Create deltaAdmin & deltaMainAdmin PLUS Groups & ACLs..."
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: schema/deltaGroups.ldif..."
f_retrycommand '$LDAPMODIFY -D "$ADMIN" -w "$PASS" -f schema/deltaGroups.ldif>>$LOGFILE 2>&1'
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: deltaReadGroups.ldif..."
f_retrycommand '$LDAPMODIFY -D "$ADMIN" -w "$PASS" -f schema/deltaReadGroups.ldif>>$LOGFILE 2>&1'
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: schema/deltaAdmins.ldif..."
f_retrycommand '$LDAPMODIFY -D "$ADMIN" -w "$PASS" -f schema/deltaAdmins.ldif>>$LOGFILE 2>&1'
}
##########################################################################
# Set LDAP Server Attributes
# ISSUE
# We can not create KMO's with pkiconfig as it is not present in 8.7.x
##########################################################################
f_createldapkmo ()
{
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Create Server KMO"
f_retrycommand '$bindir/pkiconfig kmo -N "SSL/TLS Certificate" -t "$TREENAME" -S "cn=$SERVERNAME.$ServersOUdot" -a "$ADMINDOT"'
}
##########################################################################
# Set LDAP Server Attributes
# ISSUE
# We can not create a KMO Object with the name of "SSL/TLS Certificate"
# for the server so we can not set it here.
##########################################################################
f_modldapserver ()
{
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Modifying LDAP with various paramaters and to use KMO and setting debug options"
# ldapconfig doesn't set an exit status, so f_retrycommand won't work
$bindir/ldapconfig -t $TREENAME -a $ADMINDOT -w $PASS -s "LDAP:keyMaterialName=SSL CertificateIP"
$bindir/ldapconfig -t $TREENAME -a $ADMINDOT -w $PASS -s "LDAP Screen Level=Operation Connection Config Extensions SearchResponse Error Critical DataConnection"
$bindir/ldapconfig -t $TREENAME -a $ADMINDOT -w $PASS -s "LDAP Server Bind Limit=512"
$bindir/ldapconfig -t $TREENAME -a $ADMINDOT -w $PASS -s "LDAP Server Idle Timeout=1800"
$bindir/ldapconfig -t $TREENAME -a $ADMINDOT -w $PASS -s "searchTimeLimit=1200"
}
##########################################################################
# Trigger build of indexes f_buildindexes
# Load dstrace and set limber process to run
##########################################################################
f_buildindexes ()
{
$bindir/ndstrace -l > /tmp/trace$$.log 2>/dev/null &
# Loop until ndstrace loads
printf "\nWaiting for ndstrace to initialize..."
while [ -z "`ndstrace -c modules|grep 'dstrace.*Running'`" ]
do
printf "."
done
sleep 2
printf "done.\n"
$bindir/ndstrace -c "set dstrace=nodebug;ndstrace LMBR;set dstrace=*l">/dev/null 2>&1
##########################################################################
# Waiting for indexes to be built...
# watch for "Predicates were successfully updated." in
# /tmp/trace$$.log`
##########################################################################
printf "%s" "Waiting for indexes to be built..."
f_write_log "Waiting for indexes to be built..."
MAXRETRY=60
# Kick off li mber process
indexState=`grep "Predicates were successfully updated." /tmp/trace$$.log`
while [ -z "$indexState" -a $MAXRETRY -gt 0 ]
do
MAXRETRY=`expr $MAXRETRY - 1`; printf "."
sleep 1
indexState=`grep "Predicates were successfully updated." /tmp/trace$$.log`
done
if [ -z "$indexState" ]
then
# Test f_write_and_log "not complete. Limber not complete"
$bindir/ndstrace -u
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END f_buildindexes \n"
return 1
else
f_write_and_log "done."
$bindir/ndstrace -u
fi
rm -f /tmp/trace$$.log
unset MAXRETRY
}
##########################################################################
# Wait until NDS Opens by watching ndsstat
##########################################################################
f_waitforndsopen ()
# Arg_1 =time in seconds to wait
{
MAXRETRY=$1
MAXRETRY=${MAXRETRY:=20}
f_write_and_log "Waiting $MAXRETRY seconds for NDS to Open"
# Loop waiting for eDirectory database to open
printf "\nWaiting for eDirectory database to open..."
$bindir/ndsstat>/dev/null 2>&1
while [ $? -gt 0 -a $MAXRETRY -gt 0 ]
do
printf "."
sleep 1
MAXRETRY=`expr $MAXRETRY - 1`
$bindir/ndsstat>/dev/null 2>&1
done
f_write_and_log "NDS is Running! "
printf "done.\n"
unset MAXRETRY
}
##########################################################################
# Wait up to XX seconds for nds to stop
##########################################################################
f_waitforndsstop ()
# Arg_1 =time in seconds to wait
{
MAXRETRY=$1
MAXRETRY=${MAXRETRY:=20}
while [ `ps -eaf | grep /ndsd | grep -v grep | wc -l` -gt 0 -a $MAXRETRY -gt 0 ]
do
printf "."
sleep 1
MAXRETRY=`expr $MAXRETRY - 1`
done
unset MAXRETRY
if [ `ps -eaf | grep /ndsd | grep -v grep | wc -l` -gt 0 ]
then
# Give up on stopping the directory; will require manual (or ndscheck.sh) intervention
MSG="`hostname` [$0]: ERROR: eDirectory stop FAILED - `date`"
date > $EMAIL_BODY
printf "\n$MSG\n" >> $EMAIL_BODY
$mailer -s"$MSG" $EMAIL_NOTIFY < $EMAIL_BODY
rm -f $EMAIL_BODY
f_write_and_log "\n$MSG"
f_write_and_log "$EMAIL_BODY"
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END $0\n"
# May wan to do some thing different here ...
exit 1
fi
}
##########################################################################
# Wait for LDAP to Start
# Loops waiting for positive LDAP response
# Assumes LDAP is already 'unlocked'
# Accepts integer parameter indicating timeout in seconds; default=20
##########################################################################
f_waitforldap ()
# Arg_1 =time in seconds to wait
{
MAXRETRY=$1
MAXRETRY=${MAXRETRY:=20}
f_write_and_log "\nWaiting $MAXRETRY seconds for LDAP to initialize..."
# Loop waiting for positive LDAP response
$LDAPSEARCH -b" " -sbase -D "$ADMIN" -w "$PASS">/dev/null 2>&1
while [ $? -ne 0 -a $MAXRETRY -gt 0 ]
do
sleep 1
$LDAPSEARCH -b" " -sbase -D "$ADMIN" -w "$PASS">/dev/null 2>&1
MAXRETRY=`expr $MAXRETRY - 1`; printf "."
done
sleep 1
$LDAPSEARCH -b" " -sbase -D "$ADMIN" -w "$PASS">/dev/null 2>&1
if [ $? -eq 0 ]
then
f_write_and_log " LDAP is responding."
else
f_write_and_log " LDAP may not be initialized."
f_write_and_log "Continuing anyway."
fi
unset MAXRETRY
}
##########################################################################
# Create Custom Indexes on this server
# Imports custom indexes to be applied to this server
##########################################################################
f_createindexes ()
{
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: BEGIN f_createindexes\n"
# Setup indexes to be applied
smIndexes=indexes/Novell8_5_Add_Schema.indexes.ldif
b1Indexes=indexes/b1.indexes.ldif
#indexFiles="$smIndexes $b1Indexes"
indexFiles="$b1Indexes"
# Make sure eDirectory is running Check before calling
# Is NDS Running ?
# Do we Have PASS
# Is LDAP Running
#
# apply indexes using LDAP
#
for file in $indexFiles
do
if [ ! -f $file ]
then
f_write_and_log "ERROR: Can't find file $file"
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END f_createindexes\n"
return
fi
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'` Applying index $file"
f_retrycommand 'sed -e "s/#SERVERNAME#/$SERVERNAME/g" $file | $LDAPMODIFY -c -D "$ADMIN" -w "$PASS">>$LOGFILE'
done
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END f_createindexes\n"
}
######################################################################
# Reset the log file. Renames old to $1.bak
######################################################################
f_resetlog ()
# Arg_1=logfile to reset
{
i_log=$1
i_log=${i_log:=$LOGFILE}
if [ -f $i_log ]; then
mv $i_log $i_log.bak
fi
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: $i_log has been Reset \n"
unset i_log
}
######################################################################
# View the current log file
######################################################################
f_viewndsmodules()
{
f_viewlog "/usr/lib/nds-modules/ndsmodules.conf"
}
######################################################################
# View the current log file
######################################################################
f_viewlog ()
# Arg_1=logfile to view
{
i_log=$1
i_log=${i_log:=$LOGFILE}
view $i_log
unset i_log
}
######################################################################
# View the ndsdt log file
######################################################################
f_viewndsdlog ()
{
f_viewlog "/var/nds/ndsd.log"
}
###################################################################
# Copy .ndsenv, .ndsenv.local.sample, .sharedfunctions.sh to /var/nds
# Copy .ndsenv.bash to /var/nds
# copy /pre_ndsd_start /post_ndsd_start /pre_ndsd_stop /post_ndsd_stop
# To etc/init.d/
###################################################################
f_copyndsenv ()
{
if [ ! -f /usr/local/shared/.sharedenv.sh ]
then
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Copying eDirectory shared variables and subroutines..."
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: ** /usr/local/shared/.sharedenv.sh should be reviewed and updated."
f_cmd cp -p config/.ndsenv /var/nds
f_cmd cp -p config/.sharedfunctions.sh /usr/local/shared/
f_cmd cp -p config/pre_ndsd_start /etc/init.d
f_cmd cp -p config/post_ndsd_start /etc/init.d
f_cmd cp -p config/pre_ndsd_stop /etc/init.d
f_cmd cp -p config/post_ndsd_stop /etc/init.d
else
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Copying and BKUP eDirectory shared variables and subroutines..."
f_move config/.sharedfunctions.sh /usr/local/shared/.sharedenv.sh_functions
f_move config/.ndsenv /usr/local/shared/.sharedenv.sh
f_move config/pre_ndsd_start /etc/init.d
f_move config/post_ndsd_start /etc/init.d
f_move config/pre_ndsd_stop /etc/init.d
f_move config/post_ndsd_stop /etc/init.d
fi
if [ ! -f /usr/local/shared/.sharedenv.sh.bash ]
then
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Copying eDirectory 'bash' shared variables..."
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: ** /usr/local/shared/.sharedenv.sh.bash should be reviewed and updated."
f_cmd cp -p config/.ndsenv.bash /usr/local/shared/
fi
f_cmd cp -p config/.ndsenv.local.sample /usr/local/shared/
}
###################################################################
# Fix missing ncurses library in Linux -- Creates a soft link to an
# old version, as the install script expects to find the old
# version.
###################################################################
f_fixlinux ()
{
if [ "$HostOS" = "Linux" -a ! -f /usr/lib/libncurses.so.4 ]
then
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Fixing missing ncurses library in Linux..."
f_cmd ln -s /usr/lib/libncurses.so.5.2 /usr/lib/libncurses.so.4
fi
}
###################################################################
# Runs script that gathers info and then displays the log
###################################################################
f_getndsunixinfo ()
{
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Gathering info, this could take a while...."
./config/ndsunix.sh
more /tmp/unixinfo.log
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: See /tmp/unixinfo.log..."
}
###################################################################
# Returns current logged-in user home directory as /home/ndsuser
###################################################################
f_getuserhomedir ()
{
env |grep HOME |awk -F= '{print$2}'
}
###################################################################
# Runs returns the shortname of OS User (eg root )
###################################################################
f_getosuser ()
{
USERNAME=`id | awk '{print $1}'|awk -F"(" '{print $2}'|awk -F")" '{print $1}'`
}
###################################################################
# Check OS for ndsuser and ndsgroup, create if not there
###################################################################
f_checkosforsetup ()
{
f_checkndsuser
# check for bash shell
# Check for the path for Edirectory
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Checking for: $edirPATH"
df -k|grep $edirPATH
if [ $? -ne 0 ]
then
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Edirectory Mount Point and path do NOT Exist"
f_pressanykey "Edirectory Mount Point and path $edirPATH does NOT Exist! Press Enter to continue."
fi
# Check for the path for backup directory
df -k|grep $bkupDIR
if [ $? -ne 0 ]
then
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Edirectory Mount Point and path $bkupDIR do NOT Exist"
f_pressanykey "Edirectory Mount Point and path $bkupDIR does NOT Exist! Press Enter to continue."
fi
# Check for Required packages
i_pkg="SUNWbash"
pkginfo |grep $i_pkg
if [ $? -ne 0 ]
then
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Package $i_pkg is NOT installed"
f_pressanykey "Package $i_pkg does is NOT Installed! Press Enter to continue."
fi
i_pkg="SMCgzip"
pkginfo |grep $i_pkg
if [ $? -ne 0 ]
then
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Package $i_pkg is NOT installed"
f_pressanykey "Package $i_pkg does is NOT Installed! Press Enter to continue."
fi
i_pkg="SUNWjsnmp"
pkginfo |grep $i_pkg
if [ $? -ne 0 ]
then
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Package $i_pkg is NOT installed"
f_pressanykey "Package $i_pkg does is NOT Installed! Press Enter to continue."
fi
i_pkg="SUNWsasnm"
pkginfo |grep $i_pkg
if [ $? -ne 0 ]
then
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Package $i_pkg is NOT installed"
f_pressanykey "Package $i_pkg does is NOT Installed! Press Enter to continue."
fi
i_pkg="SUNWsacom"
pkginfo |grep $i_pkg
if [ $? -ne 0 ]
then
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Package $i_pkg is NOT installed"
f_pressanykey "Package $i_pkg does is NOT Installed! Press Enter to continue."
fi
# Check for perl
i_pkg="perl"
pkginfo |grep $i_pkg
if [ $? -ne 0 ]
then
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Package $i_pkg is NOT installed"
f_pressanykey "Package $i_pkg does is NOT Installed! Press Enter to continue."
fi
# Check for NTP
# Check for smtp
#check for snmp
}
###################################################################
# Check OS for ndsuser and ndsgroup, create if not there
###################################################################
f_checkndsuser ()
{
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Checking for: $ndsGROUP"
cat /etc/group |grep $ndsGROUP
if [ $? -ne 0 ]
then
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Adding group $ndsGROUP"
f_cmd groupadd -g 1004 $ndsGROUP
fi
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Checking for: $ndsUSER"
cat /etc/passwd |grep $ndsUSER
if [ $? -ne 0 ]
then
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Adding user $ndsUSER"
f_cmd useradd -u 1004 -g 1004 -s /bin/bash $ndsUSER
fi
f_pressanykey "Check $ndsUSER for Proper Home Directory Press <Enter> to continue."
}
###################################################################
# These are startup files (nds is overwritten by an install or upgrade)
###################################################################
f_checkstartupfiles ()
{
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Checking files in /etc/init.d..."
for src in nds ndsnddconfig.sh
do
dest=/etc/init.d/$src
src=config/$src
f_move $src $dest
done
# Turn off the "evil" FAST_MODE (part of Geodesic memory allocator), if present
$XPG4grep -q "GS_FAST_MODE" /etc/init.d/ndsd
if [ $? -eq 0 ]
then
$XPG4grep -q "GS_FAST_MODE=0" /etc/init.d/ndsd
if [ $? -ne 0 ]
then
f_bkup /etc/init.d/ndsd
sed -e 's/GS_FAST_MODE=.*/GS_FAST_MODE=0/g' /etc/init.d/ndsd > /tmp/ndsd.$$
f_cmd mv /tmp/ndsd.$$ /etc/init.d/ndsd
f_cmd chmod 744 /etc/init.d/ndsd
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: ** Modified /etc/init.d/ndsd -- please review! **\n"
else
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Not modified: /etc/init.d/ndsd"
fi
fi
}
###################################################################
# Toggles use of malloc/mtmalloc on Solaris
# 8/11/2005 --Improved wording of prompts for malloc/mtmalloc
# Added detection for Solaris 9 and OS patches to enable
# LIBUMEM (see TID 10095892)
###################################################################
f_checksolarismemallocator ()
{
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Checking Solaris memory allocator in use..."
if [ "$HostOS" = "SunOS" ]
then
f_checkroot
f_checkerror $THISERROR
modified=0
$XPG4grep -q '#SetupMemManager$' /etc/init.d/ndsd
if [ $? -eq 0 ]
then
# Geodesic/mtmalloc is currently disabled
f_checkyorn "eDirectory is using MALLOC (GOOD); switch to MTMALLOC"
ers=$?
if [ $ers -eq 1 ]
then
sed -e 's/#SetupMemManager$/SetupMemManager/g' /etc/init.d/ndsd > /tmp/ndsd.$$
modified=1
fi
else
$XPG4grep -q 'SetupMemManager$' /etc/init.d/ndsd
if [ $? -eq 0 ]
then
# Geodesic/mtmalloc is currently enabled
f_checkyorn "eDirectory is using MTMALLOC (BAD); switch to MALLOC"
ers=$?
if [ $ers -eq 1 ]
then
sed -e 's/SetupMemManager$/#SetupMemManager/g' /etc/init.d/ndsd > /tmp/ndsd.$$
modified=1
fi
else
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: SetupMemManager not found -- version >=8.7.3.4 is installed?\n"
fi
fi
if [ $OSVersion -eq 9 -a $modified -eq 0 ]
then
# Check for required patches for LIBUMEM
f_write_and_log "\nSolaris 9 detected; you should configure eDirectory to use LIBUMEM; verify"
f_write_and_log "required OS patches before switching to LIBUMEM:\n"
f_write_and_log " 112233-11 (or newer ) SunOS 5.9"
f_write_and_log " 112874-13 (or newer ) libc patch"
f_write_and_log " 114370-01 (or newer ) libumem.so.1"
f_write_and_log " 114371-01 (or newer ) libumem; mdb components patch"
f_write_and_log " 114373-01 (or newer ) abi_libumem.so.1 patch\n"
showrev -p | cut -d" " -f 2 | sort -n > /tmp/$$patches.txt
f_write_and_log "These patches were found:\n"
for patch in 112233-11 112874-13 114370-01 114371-01 114373-01
do
patchNum=`echo $patch | cut -d- -f1`
patchMinRev=`echo $patch | cut -d- -f2`
instVer=`grep $patchNum /tmp/$$patches.txt | tail -1 | cut -d- -f2`
if [ -z "$instVer" ]
then
f_write_and_log " $patch NOT INSTALLED"
else
if [ $instVer -ge $patchMinRev ]
then
f_write_and_log " $patchNum-$instVer ok"
else
f_write_and_log " $patchNum-$instVer NOT OK"
fi
fi
done
$XPG4grep -q 'LD_PRELOAD=/usr/lib/libumem.so \$sbindir/ndsd $' /etc/init.d/ndsd
if [ $? -eq 0 ]
then
# LIBUMEM is already enabled
f_checkyorn "eDirectory is using LIBUMEM (GOOD); switch to MALLOC"
ers=$?
if [ $ers -eq 1 ]
then
sed -e 's/LD_PRELOAD=\/usr\/lib\/libumem.so \$sbindir\/ndsd $/ \$sbindir\/ndsd /g' /etc/init.d/ndsd > /tmp/ndsd.$$
modified=1
fi
else
# LIBUMEM not enabled
f_checkyorn "eDirectory is using MALLOC (BAD); switch to LIBUMEM"
ers=$?
if [ $ers -eq 1 ]
then
sed -e 's/ \$sbindir\/ndsd $/LD_PRELOAD=\/usr\/lib\/libumem.so \$sbindir\/ndsd /g' /etc/init.d/ndsd > /tmp/ndsd.$$
modified=1
fi
fi
rm /tmp/$$patches.txt
unset patch patchNum patchMinRev instVer
fi
if [ $modified -eq 1 ]
then
f_bkup /etc/init.d/ndsd
mv /tmp/ndsd.$$ /etc/init.d/ndsd
chgrp sys /etc/init.d/ndsd
chmod u+x /etc/init.d/ndsd
unset modified
fi
else
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Not on Solaris on: $HostOS. Nothing to do.\n"
fi
}
###################################################################
# Tune Solaris OS Parameters for eDirectory Operation
###################################################################
f_tunesolaris ()
{
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Checking ndd settings..."
if [ "$HostOS" = "SunOS" ]
then
if [ ! -h /etc/rc2.d/S75NDSnddconfig ]
then
rm -f /etc/rc2.d/S75NDSnddconfig
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Adding ndd settings to system startup and executing..."
f_cmd ln -s /etc/init.d/ndsnddconfig.sh /etc/rc2.d/S75NDSnddconfig
fi
/etc/init.d/ndsnddconfig.sh
#
# Tune /etc/system for eDirectory
#
ufsLW=`expr $availMEMb / 128`
ufsHW=`expr $availMEMb / 64`
# Use 2GB memory cap for calculation
if [ $ufsLW -gt 16777216 -o $ufsHW -gt 33554432 ]
then
ufsLW=16777216
ufsHW=33554432
fi
$XPG4grep -q "Recommended Novell eDirectory" /etc/system
if [ $? -ne 0 ]
then
# Make sure calculated values are larger than default settings before using them
if [ $ufsLW -gt 262144 -a $ufsHW -gt 393216 ]
then
sed -e "s/set ufs:ufs_LW=.*/set ufs:ufs_LW=$ufsLW/g" -e "s/set ufs:ufs_HW=.*/set ufs:ufs_HW=$ufsHW/g" config/system.stub > /tmp/system.stub.$$
cat /tmp/system.stub.$$ >> /etc/system
else
cat config/system.stub >> /etc/system
fi
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: ** Modified /etc/system -- please review AND restart system! **"
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: ufs:ufs_LW = $ufsLW = availMEMbytes / 128 = $availMEMb / 128"
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: ufs:ufs_HW = $ufsHW = availMEMbytes / 64 = $availMEMb / 64\n"
else
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Not modified: /etc/system"
fi
else
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Not on Solaris on: $HostOS. No modifications made.\n"
fi
}
###################################################################
# Add extra custom and Novell scripts
# 8/10/2005 --Changed to update scripts in $ndsUserHome/bin
###################################################################
f_addcustomscripts ()
{
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Checking eDirectory support scripts in /usr/bin..."
for src in autodsrp.sh ndsbackup.sh ndscheck.sh dsrmenu.sh ndsunix.sh
do
dest=/usr/bin/$src
src=config/$src
f_move $src $dest
done
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Checking eDirectory support scripts in $ndsUserHome/bin..."
if [ ! -d $ndsUserHome/bin ]
then
f_cmd mkdir $ndsUserHome/bin
fi
# Make backups of old scripts before overwritting
for src in `utils/*.pl utils/*.sh`
do
dest=$ndsUserHome/bin/`basename $src`
src=$src
f_move $src $dest
done
f_cmd cp -Rp utils/* $ndsUserHome/bin
}
###################################################################
# Create a softlink for ndsimon.conf to ndsimon.ini
# >>>> Review if this is necessary
# In old versions of iMonitor it was /var/nds/ndsimon.ini. Remove this file and create
# a lik to the new location /usr/share/ndsimon/ndsimon.conf
###################################################################
f_imonsoftlink ()
{
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Checking ndsimon.ini link..."
if [ ! -h /var/nds/ndsimon.ini ]
then
rm -f /var/nds/ndsimon.ini
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Setting up ndsimon.ini link..."
f_cmd ln -s /usr/share/ndsimon/ndsimon.conf /var/nds/ndsimon.ini
fi
}
#########################################################################
# Check to see if current session is root
#########################################################################
f_checkroot ()
{
THISERROR=1
id=`id | awk '{print $1}'|awk -F"=" '{print $2}'|awk -F"(" '{print $1}'`
if [ $id != 0 ]
then
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: You should have root permissions to execute this script."
echo "$instr $str1"
THISERROR=1
else
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: You are running as root."
THISERROR=0
fi
return $THISERROR
}
###################################################################
# Verify/update config files
# NOTE: We only check to see if the parameter has a value.
# If the parameter id present, we do nothing, regardless of the value.
# If there is no entry then we create the correct entry,
# /etc/nds.conf: Add server ip & ice parameter
# 8/1/2005
# JGJ -- Add lines to fix iMonitor binding to wrong interface
###################################################################
f_checkndsconf ()
{
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Checking /etc/nds.conf..."
modified=0
if [ ! -f /etc/nds.conf ]
then
touch /etc/nds.conf
fi
$XPG4grep -q n4u.server.interfaces /etc/nds.conf
if [ $? -ne 0 ]
then
echo "n4u.server.interfaces=$SERVERIP" >> /etc/nds.conf
modified=1
fi
$XPG4grep -q n4u.ldap.lburp.transize /etc/nds.conf
if [ $? -ne 0 ]
then
echo "n4u.ldap.lburp.transize=1024" >> /etc/nds.conf
modified=1
fi
$XPG4grep -q n4u.server.max-threads /etc/nds.conf
if [ $? -ne 0 ]
then
echo "n4u.server.max-threads=128" >> /etc/nds.conf
modified=1
fi
$XPG4grep -q http.server.interfaces /etc/nds.conf
if [ $? -ne 0 ]
then
# Logic to map server IP's to interface names; reference Novell TID 10088801
echo "http.server.interfaces=$SERVERIP,127.0.0.1" >> /etc/nds.conf
modified=1
fi
$XPG4grep -q https.server.interfaces /etc/nds.conf
if [ $? -ne 0 ]
then
# Logic to map server IP's to interface names; reference Novell TID 10088801
echo "https.server.interfaces=$SERVERIP,127.0.0.1" >> /etc/nds.conf
modified=1
fi
if [ $modified -eq 1 ]
then
f_bkup /etc/nds.conf
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: ** Modified /etc/nds.conf -- please review! **\n"
else
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Not modified: /etc/nds.conf"
fi
}
############f_checkndsdb #######################################################
# /var/nds/dib/_ndsdb.ini: Add cache entry
###################################################################
# Cache size is based on available memory (detected earlier and placed in $availMEMb)
# Block cache should be roughly the same size as the DIB
# Entry cache should be 2-3 times the DIB size
# If total cache is more than double DIB size, allocate more to entry cache
###################################################################
f_checkndsdb ()
{
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Checking cache in /var/nds/dib/_ndsdb.ini"
# Reserve a minimum of 40% of total memory + 96MB for the OS
#reservedMEMb=`expr $availMEMb \* 4 / 10 + 100663296`
# Calc fails again when $availMEMb >= 1GB; so divide and multiply by 1024 get get correct result
reservedMEMb=`expr \( $availMEMb / 1024 \* 4 / 10 + 98304 \) \* 1024`
cacheBytes=`expr $availMEMb - $reservedMEMb`
# cacheBytes larger than 8GB reports incorrectly on this comparison; so divide each value by 1024
if [ `expr \( $cacheBytes \/ 1024 \) \> \( $cacheMax \/ 1024 \)` -eq 1 ]
then
cacheBytes=$cacheMax
elif [ `expr \( $cacheBytes \/ 1024 \) \< \( $cacheMin \/ 1024 \)` -eq 1 ]
then
cacheBytes=$cacheMin
fi
# Allocate no more than $DIBsize to block cache; allocate remaining to entry cache
if [ `expr $cacheBytes \/ 1024 \> \( 2 \* $DIBsize \/ 1024 \)` -eq 1 ]
then
blockCache=`expr $DIBsize \* 100 / $cacheBytes`
else
blockCache=50
fi
if [ ! -f /var/nds/dib/_ndsdb.ini ]
then
echo "cache=$cacheBytes" > /var/nds/dib/_ndsdb.ini
echo "blockcachepercent=$blockCache" >> /var/nds/dib/_ndsdb.ini
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: ** Created /var/nds/dib/_ndsdb.ini -- please review! **"
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: Using cache = $cacheBytes and block cache percent = $blockCache.\n"
else
modified=0
sed -e "s/cache=.*/cache=$cacheBytes/g" -e "s/blockcachepercent=.*/blockcachepercent=$blockCache/g" /var/nds/dib/_ndsdb.ini > /tmp/_ndsdb.ini.$$
diff /tmp/_ndsdb.ini.$$ /var/nds/dib/_ndsdb.ini > /dev/null 2>&1
if [ $? -eq 1 ]; then
f_write_and_log "OLD /var/nds/dib/_ndsdb.ini:----------------------------------------"
f_write_and_log "`cat /var/nds/dib/_ndsdb.ini`\n"
f_write_and_log "PROPOSED /var/nds/dib/_ndsdb.ini:-----------------------------------"
f_write_and_log "`cat /tmp/_ndsdb.ini.$$`\n"
f_checkyorn "Accept the proposed eDirectory cache settings"
ers=$?
if [ $ers -eq 1 ]
then
f_bkup /var/nds/dib/_ndsdb.ini
mv /tmp/_ndsdb.ini.$$ /var/nds/dib/_ndsdb.ini
modified=1
else
rm /tmp/_ndsdb.ini.$$
fi
fi
if [ $modified -eq 1 ]
then
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: ** Modified /var/nds/dib/_ndsdb.ini -- please review! **"
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: Reseved memory for OS, etc. = $reservedMEMb bytes"
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: Using cache = $cacheBytes and block cache percent = $blockCache.\n"
else
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Not modified: /var/nds/dib/_ndsdb.ini"
fi
fi
}
###################################################################
# Checks various Disk Space on OS.
# We do not do anything with this yet... ie it is never called
# uses TMP_SPACE=9 ROOT_SPACE=9 set in ndsenv
###################################################################
f_checkforspaceonfs ()
#arg1=disk location to check
#arg2=Space required for operation. Any space less than this will ouput Warning
#arg3=Message to display
{
i_disklocation=$1
i_needed=$2
i_msg=$3
f_write_and_log "\n Checking Disk Space for $i_disklocation on $HostOS $HostOSVer...\n"
case $HostOS in
Linux)
space_full=`df -k ${i_disklocation} | tail -1 | awk '{print $5}' | sed s/'%'/''/g`
echo "space_full: $space_full"
if [ $space_full -gt $i_needed ]
then
str1="$i_disklocation filesystem is"
f_write_and_log "$str1 $space_full percent full. $i_msg"
fi
;;
SunOS)
space_full=`df -k ${i_disklocation} | awk '/[0-9]/ { print $5 }'|sed s/'%'/''/ `
if [ $space_full -gt $i_needed ]
then
str1="$i_disklocation filesystem is"
f_write_and_log "$str1 $space_full percent full. $i_msg"
fi
;;
*)
f_write_and_log "\nABORTING -- Unrecognized OS version: $HostOS"
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END $0\n"
exit 1
;;esac
}
###################################################################
# Does the Directory Need to be running to change http Ports via NDSCONFIG -O ??
# /etc/ndsimon.conf: Modify iMonitor config to allow only supervisor and console operators
# to use iMonitor
# we try to set http ports NDS must be running. Do NOT need to stop and start
# after setting httpports
###################################################################
f_checkimonitor ()
{
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Checking iMontior..."
f_ndscheckrunning
# set so we know if we made modifications
modified=0
if [ "$THISERROR" -eq "0" ]
then
msg="eDirectory is installed and Running"
$XPG4grep -q "http.server.clear-port=8389" /etc/nds.conf && $XPG4grep -q "http.server.tls-port=8636" /etc/nds.conf
es=$?
if [ $es -ne 0 ]
then
printf "\n\nYou must login twice as $ADMINDOT\nto change the ports for the HTTP server...\n\n"
$bindir/ndsconfig set http.server.clear-port=8389 http.server.tls-port=8636
modified=1
fi
else
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Could not verify HTTP ports.\n"
fi
if [ $modified -eq 1 ]; then
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: ** Modified /etc/nds.conf -- please review! **\n"
else
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Not modified: /etc/nds.conf"
fi
modified=0
$XPG4grep -q "^LockMask: 14" /etc/ndsimon.conf
if [ $? -ne 0 ]
then
f_bkup /etc/ndsimon.conf
sed -e 's/#LockMask:/LockMask:/g' /etc/ndsimon.conf | sed -e 's/LockMask:.*/LockMask: 14/g' > /tmp/ndsimon.$$
mv /tmp/ndsimon.$$ /etc/ndsimon.conf
modified=1
fi
if [ $modified -eq 1 ]; then
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: ** Modified /etc/ndsimon.conf -- please review! **\n"
else
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Not modified: /etc/ndsimon.conf"
fi
}
###################################################################
#
###################################################################
f_updatetreehostsnds ()
{
# Uncomment treename for this server in hosts.nds (once replica is added)
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Updating /etc/hosts.nds with tree name ($TREENAME)"
sed -e 's/#$TREENAME/$TREENAME/g' /etc/hosts.nds > /tmp/hosts.nds.$$
mv /tmp/hosts.nds.$$ /etc/hosts.nds
f_write_and_log "\nIt is important that the following lines are changed in /etc/hosts.nds"
f_write_and_log "of all other servers in the target tree (remove comment before $TREENAME):\n"
f_write_and_log " $TREENAME. $SERVERIP"
f_write_and_log " $SERVERNAME $SERVERIP\n"
f_write_and_log "You should also add these entries for all other servers in this tree to"
f_write_and_log "the local /etc/hosts.nds file.\n"
}
###################################################################
# /usr/local/shared/.sharedenv.sh: Update already existing environment and add new variables
# ISSUE
# This is no longer needed. Decision was to keep .ndsenv static on all servers
# so all variables are the same.
# Should it be necessary to change a varible on a specific server,
# create /usr/local/shared/.sharedenv.sh.local
# NOTE: File name should be cased as above!
# the /usr/local/shared/.sharedenv.sh.local will be read after .ndsenv and will
# therfore override values defined in .ndsenv
###################################################################
f_updatendsenv ()
{
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Checking /usr/local/shared/.sharedenv.sh.bash..."
# Fix .ndsenv.bash to reference new function names
$XPG4grep -q "f_edirautostart;" /usr/local/shared/.sharedenv.sh.bash
if [ $? -ne 0 ]
then
f_bkup /usr/local/shared/.sharedenv.sh.bash
sed -e "s/eDirAutoStart;/f_edirautostart;/g" /usr/local/shared/.sharedenv.sh.bash > /tmp/_ndsenv.bash.$$
mv /tmp/_ndsenv.bash.$$ /usr/local/shared/.sharedenv.sh.bash
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: ** Modified /usr/local/shared/.sharedenv.sh.bash -- please review! **"
else
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Not modified: /usr/local/shared/.sharedenv.sh.bash"
fi
}
###################################################################
# Stop SLP UA/SA
###################################################################
f_stopslp ()
{
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Stopping SLP..."
/etc/init.d/slpuasa stop
}
###################################################################
# STARTUP SCRIPTS
#/etc/rc2.d
###################################################################
f_createstartupscripts ()
{
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Checking /etc/rc2.d..."
if [ -f /etc/rc2.d/S74uasaslp ]
then
f_cmd mv /etc/rc2.d/S74uasaslp /etc/rc2.d/_S74uasaslp
fi
}
###################################################################
# Install/update PERL library for Base64 encode/decode
###################################################################
f_updateperllib ()
{
if [ ! -f /var/nds/MIME/Base64.pm ]
then
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Installing required PERL Base64 encode/decode module..."
if [ ! -d /var/nds/MIME ]
then
f_cmd mkdir /var/nds/MIME
fi
f_cmd cp -p config/Base64.pm /var/nds/MIME
else
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Checking required PERL Base64 encode/decode module..."
f_move config/Base64.pm /var/nds/MIME/Base64.pm
fi
}
###################################################################
# Install/update *.jar files (custom Java classes called by some DirXML drivers)
###################################################################
f_dirxmlinstallcustomjars ()
{
for src in `cd config; ls *.jar; cd ..`
do
dest=/usr/lib/dirxml/classes/$src
src=config/$src
if [ ! -f $dest ]
then
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Installing Java utility library $dest..."
f_cmd cp -p $src /usr/lib/dirxml/classes
else
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Checking Java utility library $dest..."
f_move $src $dest
fi
done
# Remove obsolete jar
if [ -f /usr/lib/dirxml/classes/DirXMLNCUtils.jar ]
then
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Removing obsolete Java utility library DirXMLNCUtils.jar..."
f_cmd rm -f /usr/lib/dirxml/classes/DirXMLNCUtils.jar
fi
}
###################################################################
# Create directory for custom DirXML driver logging
###################################################################
f_dirxmlcreatelog ()
{
if [ ! -d /var/nds/dxml ]
then
mkdir /var/nds/dxml
fi
}
###################################################################
# Install Java version "1.3.1_07" for use with DirXML 1.1a
# This is now an OLD JRE version Most DirXML should use 1.4.X.X
# To avoid problems with multiple versions of Java on a Solaris environment, DirXML 1.1a uses
# Java from the /usr/lib/nds-modules/jre directory.
# This directory is a symbolic link to a /usr/lib/nds-modules/jre1.3.1_03 directory.
# This default setup can be bypassed by the following two methods:
# 1. The environment variables, NDSD_JRE_PATH and DIRXML_JRE_PATH can be used
# to cause Java to be accessed from another location.
# 2. The symbolic link /usr/lib/nds-modules/jre can be modified to cause Java to be accessed from another location.
#
# When troubleshooting Java issues with DirXML 1.1a,
# ensure these environment variables are not set (also ensure they are not set by the nds and ndsd startup scripts). Also, ensure the jre symbolic link is set to the default path.
# ISSUE DO NOT RUN ON DirXML2.x
###################################################################
f_dirxmlupdatejre ()
{
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: BEGIN f_dirxmlupdatejre\n"
# Must check the following before getting here!
# f_checkroot
# f_checkerror $THISERROR
# f_ndscheckinstalled
# f_checkerror $THISERROR
# f_dirxmlinstallcheck
# Determine if we are running DirXML 1.1a or Identity Manager 2.0
case $HostOS in
Linux)
rpm -q --quiet novell-DXMLbase
if [ $? -eq 0 ]
then
jreVer=j2re1.4
else
jreVer=jre1.3.1
fi
;;
SunOS)
pkginfo -q DXMLbase
if [ $? -eq 0 ]
then
jreVer=j2re1.4
else
jreVer=j2re1_3
fi
;;
*)
f_write_and_log "\nABORTING -- Unrecognized OS version: $HostOS"
f_fatalexiterror "Unrecognized OS version: $HostOS"
;;
esac
# Look for an updated JRE appropriate for install of DirXML 1.1 vs. IDM; skip if not found
if [ -f ../jre/${jreVer}*${HostOS}* ]
then
# Set JRE archive name
cd ..; src_path=`pwd`
src_archive=`ls $src_path/jre/${jreVer}*${HostOS}*`
# Remove path info from the filename
src_archive=`basename $src_archive`
# This strange syntax trucates everything to the right of the OS name in the filename
src_archive=${src_archive%.$HostOS*}
# Set JRE target path
dest_path=$prefix/lib/nds-modules
# Override log file
i_log=$LOGFILE # Save so we can reset
LOGFILE=/var/b1nds.log; export LOGFILE
f_write_and_log "\nStarting Java JRE update (only affects DirXML)..."
if [ ! -d $dest_path/$src_archive ]
then
# Get package path
cd $dest_path
f_write_and_log "\n`pwd`"
f_cmd tar xf $src_path/jre/$src_archive.$HostOS.tar
es=$?; f_checkerror $es
fi
if [ -h $dest_path/jre ]
then
f_write_and_log "\nRemoving existing symbolic link to JRE directory..."
rm -f $dest_path/jre
fi
f_write_and_log "\nCreating symbolic link to JRE directory..."
f_cmd ln -s $dest_path/$src_archive $dest_path/jre
cd $src_path/bankone
else
f_write_and_log "\nNo updated JRE version $jreVer for $HostOS found... skipping update."
fi
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END f_dirxmlupdatejre\n"
# Reset log file
LOGFILE=$i_log
unset i_log
}
##########################################################################
# extend the schema for DirXML
# Add base schema for DirXML so it does not need to be added later.
# NOTE: Check if dirxml is installed before calling
##########################################################################
f_dirxmladdschema()
{
if [ -f $bindir/dxmlconfig ]
then
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Extending schema for DirXML..."
f_retrycommand '$bindir/dxmlconfig config "$ADMINDOT"'
else
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: DirXML not installed on this server..."
fi
}
######################################################################
#Verifying or create hosts.nds file..
# How can we get any existing servers into this tree ???
# 7/29/2005
# JGJ -- SLP coming soon. In the meantime, must create new tree with
# uncommented tree name, or -632 and -626 errors will result
######################################################################
f_checkhostnds ()
{
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Verifying/creating hosts.nds file..."
if [ -f /etc/hosts.nds ]
then
$XPG4grep -q "$SERVERNAME.*$SERVERIP" /etc/hosts.nds && $XPG4grep -q "^$TREENAME.*$MASTERIP" /etc/hosts.nds && $XPG4grep -q "^$MASTERSERVER.*$MASTERIP" /etc/hosts.nds
if [ $? -eq 0 ]
then
f_write_and_log "\nFound existing /etc/hosts.nds that appears valid... NOT modifying."
else
f_write_and_log "...recreating hosts.nds..."
for src in hosts.nds
do
dest=/etc/$src
src=config/$src
f_move $src $dest
done
# If there is no MASTERIP, then this is a new tree
if [ -z $MASTERIP ]
then
printf "$TREENAME. $SERVERIP\n">>/etc/hosts.nds
printf "$SERVERNAME $SERVERIP\n\n">>/etc/hosts.nds
else
printf "#$TREENAME. $SERVERIP\n">>/etc/hosts.nds
printf "$SERVERNAME $SERVERIP\n\n">>/etc/hosts.nds
printf "$TREENAME. $MASTERIP\n">>/etc/hosts.nds
printf "$MASTERSERVER $MASTERIP\n\n">>/etc/hosts.nds
fi
fi
else
f_write_and_log "...creating.../etc/hosts.nds"
f_cmd cp config/hosts.nds /etc
# If there is no MASTERIP, then this is a new tree
if [ -z $MASTERIP ]
then
printf "$TREENAME. $SERVERIP\n">>/etc/hosts.nds
printf "$SERVERNAME $SERVERIP\n\n">>/etc/hosts.nds
else
printf "#$TREENAME. $SERVERIP\n">>/etc/hosts.nds
printf "$SERVERNAME $SERVERIP\n\n">>/etc/hosts.nds
printf "$TREENAME. $MASTERIP\n">>/etc/hosts.nds
printf "$MASTERSERVER $MASTERIP\n\n">>/etc/hosts.nds
fi
fi
f_write_and_log "Be sure to review /etc/hosts.nds for accuracy after successful installation.\n"
}
##########################################################################
# from: b1nds-ModifyInstall.sh
# The purpose is to customise the OS and NDS environment to Our Standards
# Set various customised fetures for startup and maintence
# Copies scripts to appropriate locations
# Does NOT Modify NDS structure or DIT
# Should Always be used after:
# --Adding NDS to a server
# --To distribute updates to scripts or files
# Adds customized /etc/init.d/nds and adds to system startup
# Copies version mrker file
# Copies ndsenv files to /usr/local/shared//
# Fixes symbolic link on Linux
# Checks/updates startup files for NDS
# Tunes TCP based on Novell recommendations and adds to system startup
# (see ../config/ndsnddconfig.sh)
# Tunes /etc/system based on Novell recommendation (Solaris only)
# (see ../config/system.stub)
# adds Custom scripts
# Tunes /etc/nds.conf (increases default threads)
# Tunes eDirectory cache (/var/nds/dib/_ndsdb.ini) based on system RAM
# -- Block cache should be roughly the same size as the DIB
# -- Entry cache should be 2-4 times the DIB size
# -- If total cache is more than double DIB size (1048576000 bytes),
# allocate extra to entry cache
# Changes iMonitor default port and requires Supervisor authentication
# Removes SLP from system startup (using /etc/hosts.nds instead)
##########################################################################
f_modifyinstall ()
{
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: BEGIN f_modifyinstall\n"
f_checkroot
f_checkerror $THISERROR
f_ndscheckinstalled
f_checkerror $THISERROR
f_checkndsuser
f_createversionfile
f_copyndsenv
f_fixlinux
f_checkstartupfiles
f_tunesolaris
f_addcustomscripts
f_imonsoftlink
f_checkndsconf
f_checkndsdb
f_checkimonitor
f_updatendsenv
f_stopslp
f_createstartupscripts
f_updateperllib
f_dirxmlinstallcheck
if [ "$THISERROR" -eq "0" ]
then
f_dirxmlupdatejre
f_dirxmlinstallcustomjars
f_dirxmlcreatelog
f_dirxmlfix1x
fi
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END f_modifyinstall\n"
}
###################################################################
# Remove this Server From an Existing TREE
###################################################################
f_ndsrmfromtree ()
{
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: BEGIN rmtree\n"
f_ndscheckinstalled
if [ "$THISERROR" -eq "0" ]
then
msg="eDirectory is installed"
cmdOutput=`$bindir/ndsstat`
f_write_and_log "$cmdOutput\n"
$bindir/ndsconfig rm -a $ADMINDOT
f_osdeletefileordirectory /var/nds/*.log
f_osdeletefileordirectory /etc/nds.conf
f_osdeletefileordirectory /etc/hosts.nds
f_checkyorn "Remove All packages and files associated with any version of eDirectory or the Related Products?"
ers=$?
if [ $ers -eq 1 ]
then
f_ndsscrub
fi
else
msg="eDirectory is NOT installed"
fi
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END rmtree\n"
}
# this function sets the exit to non zero if $1 non numeric
f_isdigit ()
{
#expr $1 + 0 >/dev/null 2>&1
if expr $1 + 1 >/dev/null 2>&1
then
echo number
else
echo not a number
fi
}
###################################################################
# Install this Server into an Existing TREE
# 8/1/2005
# JGJ -- Added run of f_checkndsconf to prevent NIC order problems
# (/etc/nds.conf is removed after f_ndsrmfromtree)
###################################################################
f_ndsintotree ()
{
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: BEGIN f_ndsintotree \n"
f_checkroot
f_checkerror $THISERROR
f_ndscheckinstalled
f_checkerror $THISERROR
f_asktreename
f_askmasterip
MASTERTREE="`ndsstat -h $MASTERIP | grep '^Tree' | grep -v grep | awk '{print $NF}'`"
MASTERSERVER="`ndsstat -h $MASTERIP | grep '^Server Name' | awk -F"=" '{print $2}' | awk -F"." '{print $1}'`"
if [ "$MASTERTREE" != "$TREENAME" ]
then
f_write_and_log "\nndsstat Tree Name ($MASTERTREE) does NOT match\nyour input ($TREENAME). Adios...\n"
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END $0\n"
exit 1
else
f_write_and_log "\nIt is important that the following lines are added to /etc/hosts.nds"
f_write_and_log "of all other servers in the target tree PRIOR to this process:\n"
f_write_and_log " #$TREENAME. $SERVERIP"
f_write_and_log " $SERVERNAME $SERVERIP\n"
printf "This server will be inserted into the above tree. Continue (y/[N])?: "
read ans
if [ "x$ans" != "xy" ]
then
f_write_and_log "\nAborting, user said not to continue...\n"
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END $0\n"
exit 1
fi
fi
f_checkhostnds
f_checkndsconf
f_askndspassword
f_retrycommand f_checkpassword
# Run ndsconfig add with the supplied parameters
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Inserting server into $TREENAME at $MASTERIP..."
f_retrycommand '$bindir/ndsconfig add -S "$SERVERNAME" -t "$TREENAME" -p "$MASTERIP" -n "$ServersOUdot" -e -a "$ADMINDOT"; $bindir/ndsstat'
f_waitforndsopen
f_monitorreplicaadd
f_stopslp
f_cmd ndsstat -r -h $MASTERIP
f_write_and_log "\nNOTE: If there are >=3 replicas in the partition holding this server object,"
f_write_and_log " you must manually add a replica to this server using ConsoleOne or iManager.\n"
f_waitreplicaadd
lock=0 # 0=unlock, any other=lock
f_lockldap $lock
f_waitforldap
# f_createldapkmo ISSUE See f_createldapkmo ()
f_modldapserver
f_waitforldap
f_updatetreehostsnds
f_createindexes
f_buildindexes
lock=1 # 0=unlock, any other=lock
f_lockldap $lock
f_checkyorn "Run process to modify system configuration (ModifyInstall)"
ers=$?
if [ $ers -eq 1 ]
then
f_modifyinstall
fi
f_checkyorn "Run process to reset File Permissions (OwnerPermsFix)"
ers=$?
if [ $ers -eq 1 ]
then
f_osperms
fi
unset MASTERTREE MASTERSERVER MASTERIP
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END f_ndsintotree\n"
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Server inserted into tree $TREENAME. Don't forget, you may have some to-do's left:\n"
f_write_and_log "\t1) Update /etc/hosts.nds on all servers in the tree."
f_write_and_log "\t2) Check NTP and make sure time is synchronizing (ntpq -p)."
f_write_and_log "\t3) Will this server need SiteMinder schema and configuration (menu options 3,5)?"
f_write_and_log "\t4) Has 'sudoers' file been correctly configured for ndsuser?"
f_write_and_log "\t5) Has ndsuser '.profile' been created?"
f_write_and_log "\t6) Does ndsuser have ability to use CRON?"
f_write_and_log "\t7) Have ndsuser monitoring/maintenance/backup scripts been configured in CRON?"
f_write_and_log "\t8) KMO recreated to support FQ DNS name (for Identity Services, proxy devices, etc.)?\n"
f_write_and_log "Check the ./bankone/samples directory for sample config files. More details can be found in the"
f_write_and_log "'eDirectory 8.7.3 Installation on Solaris & Linux' document, posted on TechOne.\n"
f_pressanykey
}
###################################################################
# Create NEW Tree On this Server
# JGJ -- Added run of f_checkndsconf to prevent NIC order problems
# (/etc/nds.conf is removed after f_ndsrmfromtree)
###################################################################
f_ndsnewtree ()
{
f_checkroot
f_checkerror $THISERROR
f_ndscheckinstalled
f_checkerror $THISERROR
f_asktreename
printf "\nYou will be prompted 3 times for the new admin password; please type\nthe new password carefully.\n"
f_askndspassword
f_checkndsconf
f_checkhostnds
# Install the server
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Build Tree: $TREENAME..."
f_retrycommand '$bindir/ndsconfig new -i -S "$SERVERNAME" -t "$TREENAME" -n "$ServersOUdot" -e -a "$ADMINDOT" -d "$edirdibPATH" -o 8389 -O 8636 '
#these options no longer work -c "$TREENAME Organizational CA" -k "SSL/TLS Certificate"
if [ ! -f /etc/nds.conf ]
then
f_write_and_log "\nOdds are the tree build failed. Adios...\n"
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END $0\n"
exit 1
fi
f_waitforndsopen
lock=0 # 0=unlock, any other=lock
f_lockldap $lock
f_waitforldap
f_stopslp
f_schemaaddcustom
f_ditcreate
f_schemaadddelta
f_modldapserver
f_createindexes
f_buildindexes
lock=1 # 0=unlock, any other=lock
f_lockldap $lock
f_checkyorn "Run process to modify system configuration (ModifyInstall)"
ers=$?
if [ $ers -eq 1 ]
then
f_modifyinstall
fi
f_checkyorn "Run process to reset File Permissions (OwnerPermsFix)"
ers=$?
if [ $ers -eq 1 ]
then
f_osperms
fi
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: New tree $TREENAME created. Don't forget, you may have some to-do's left:\n"
f_write_and_log "\t1) Check NTP and make sure time is synchronizing (ntpq -p)."
f_write_and_log "\t2) Will this server need SiteMinder schema and configuration (menu options 3,5)?"
f_write_and_log "\t3) Has 'sudoers' file been correctly configured for ndsuser?"
f_write_and_log "\t4) Has ndsuser '.profile' been created?"
f_write_and_log "\t5) Does ndsuser have ability to use CRON?"
f_write_and_log "\t6) Have ndsuser monitoring/maintenance/backup scripts been configured in CRON?"
f_write_and_log "\t7) KMO recreated to support FQ DNS name (for Identity Services, proxy devices, etc.)?\n"
f_write_and_log "Check the ./bankone/samples directory for sample config files. More details can be found in the"
f_write_and_log "'eDirectory 8.7.3 Installation on Solaris & Linux' document, posted on TechOne.\n"
f_pressanykey
}
###################################################################
# Installs base files required to run NDS on server.
# Does not configure nds or create any DIT.
# You MUST run f_ndsnewtree () or f_ndsintotree () followed by:
# f_modifyinstall () and f_osperms ()
# BeforeUsing NDS
# ISSUE -u parameter (for silent install) does not seem to work
# on Linux or Solaris!!
# 7/29/2005
# JGJ -- Added f_checksolarismemallocator to always run when
# Solaris 9 detected
# Added run of f_checkndsconf to prevent NIC order problems
###################################################################
f_ndsbase ()
{
f_checkroot
f_checkerror $THISERROR
# f_nicimodetest
# f_checkerror $THISERROR
f_resetlog
f_ndscheckrunning
if [ "$THISERROR" -eq "0" ]
then
msg="eDirectory is installed and running..."
f_checkerror "1" "eDirectory is already installed... perhaps you meant to do an upgrade?"
fi
f_write_and_log "\nInstalling eDirectory under $HostOS $HostOSVer...\n"
case $HostOS in
Linux)
../Linux/setup/nds-install -c server,admutils -n $i_licensepath;es=$?
;;
SunOS)
# Install the packages (accounts for Solaris 9 per TID #10074772)
case $OSVersion in
7|8)
../Solaris/setup/nds-install -c server,admutils -n $i_licensepath; es=$?
;;
9)
../Solaris/setup/nds-install -c server,admutils -n $i_licensepath; es=$?
f_checksolarismemallocator
;;
*)
f_write_and_log "\nABORTING -- Unrecognized version of Solaris: $HostOSVer"
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END $0\n"
exit 1
;;
esac
;;
*)
f_write_and_log "\nABORTING -- Unrecognized OS version: $HostOS"
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END $0\n"
exit 1
;;
esac
f_checkndsconf
f_write_and_log "At this point, the eDirectory software has been installed, but the server is not in a tree nor will it accept LDAP requests."
f_write_and_log "Proceed to the proper menu selection to create a new tree, or insert this server into an existing tree."
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END f_base"
}
###################################################################
# Installs patches to ndsbase to bring server to current production release
# Configure NDS following an upgrade using ndsconfig
# Need to run f_ndsbase first
# Should run f_modifyinstall and f_osperms following
# Currently this works with 8.7.3
###################################################################
# was f_ndsupgrade()
f_ndspatches()
{
f_write_and_log "\nABORTING -- Bad function Called f_ndspatches()"
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END $0\n"
f_pressanykey " Bad function f_ndspatches() Called!"
return 1
}
###################################################################
# LIB Patches for NDS (Typically Shared Object Files .so)
# Installs LIBs or restores Production Libs typically used for
# Debuging or testing of Special Functions
# arg1=
# 1 - To install the debug libraries
# 2 - To revert to the original unmodified libraries
# 3 - To examine the current libraries installed
###################################################################
f_ndsLibPatches()
{
if [ "$HostOS" != "SunOS" ]
then
f_pressanykey "Lib patches can only be performed on Solaris (press any key to continue)"
return 0
fi
arg1=$1
i_target=../ndslibs
i_wherewewere=$PWD
# Setup if ndslibs is present in distribution
#echo "Check $arg1"
if [ -d $i_target ]
then
cd $i_target
case $arg1 in
1)
f_ndscheckrunning
if [ "$THISERROR" -eq "0" ]
then
f_write_and_log "Edirectory Is Running..."
f_checkyorn "eDirectory Must be Stopped to continue. Stop eDirectory ?"
ers=$?
if [ $ers -eq 1 ]
then
f_cmd /etc/init.d/nds stop
else
f_fatalexiterror "Can not continue without stopping eDirectory"
fi
else
f_write_and_log "Edirectory NOT Running..."
fi
mkdir -p ./usrlib.bak/nds-modules
files=`find ./usrlib.new -type file | sed -e 's/\.\/usrlib.new\///'`
for file in $files
do
newfile=`ls -og ./usrlib.new/$file 2>&1 | sed -e 's/\.\/usrlib.new\///'`
installed=`ls -og /usr/lib/$file 2>&1 | sed -e 's/\/usr\/lib\///'`
if [ "$newfile" == "$installed" ]
then
echo "Debug version of $file already installed."
else
if [ -f /usr/lib/$file ]
then
echo "Backing-up old version of /usr/lib/$file..."
cp -p /usr/lib/$file ./usrlib.bak/$file
fi
echo "Installing new library /usr/lib/$file..."
cp -p ./usrlib.new/$file /usr/lib/$file
fi
done
f_write_and_log "test LIB Installation complete..."
;;
2)
f_ndscheckrunning
if [ "$THISERROR" -eq "0" ]
then
f_write_and_log "Edirectory Is Running..."
f_checkyorn "eDirectory Must be Stopped to continue. Stop eDirectory ?"
ers=$?
if [ $ers -eq 1 ]
then
f_cmd /etc/init.d/nds stop
else
f_fatalexiterror "Can not continue without stopping eDirectory"
fi
else
f_write_and_log "Edirectory NOT Running..."
fi
files=`find ./usrlib.bak -type file | sed -e 's/\.\/usrlib.bak\///'`
for file in $files
do
bakfile=`ls -og ./usrlib.bak/$file | sed -e 's/\.\/usrlib.bak\///'`
installed=`ls -og /usr/lib/$file | sed -e 's/\/usr\/lib\///'`
if [ "$bakfile" == "$installed" ]
then
f_write_and_log "Original version of $file already installed."
else
f_write_and_log "Re-installing original library $file..."
cp -p ./usrlib.bak/$file /usr/lib/$file
fi
done
f_write_and_log "test LIB Restoration complete..."
;;
3)
files=`find ./usrlib.new -type file | sed -e 's/\.\/usrlib.new\///'`
for file in $files
do
ls -l /usr/lib/$file
done
f_write_and_log "LIB File list complete..."
;;
esac
f_ndscheckrunning
if [ "$THISERROR" -eq "0" ]
then
msg="eDirectory is installed and running..."
else
f_checkyorn "eDirectory is NOT currently Running: Start eDirectory ?"
ers=$?
if [ $ers -eq 1 ]
then
f_cmd /etc/init.d/nds start
fi
fi
else
f_write_and_log "No Files exist for updating..."
fi
f_pressanykey
cd $i_wherewewere
unset i_wherewewere
}
###################################################################
# An Upgrade upgrade the server to a version greter than the current Production Release
# An Patch puts the server the current Production Release
# arg1=1 Is production Builds
# arg1=1 Is UpGrades to Builds
###################################################################
#was f_ndsPatches
f_ndsupgrade()
{
arg1=$1
case "$arg1" in
"1")
# Production Paths nmassvrupgradebase
# nici
do_title="Production Patch"
do_nici="${scriptbase}/${currentproductionbasepath}/${niciupgradedir}"
do_edir="${scriptbase}/${currentproductionbasepath}/${currentproductionpkg}/edircore"
do_secupd="${scriptbase}/${currentproductionbasepath}/${currentproductionpkg}/security/secupd/unix"
do_nmassvr="${scriptbase}/${currentproductionbasepath}/${currentproductionpkg}/security/${nmassvrprodbase}/${nmasserver}"
do_nmasmth="${scriptbase}/${currentproductionbasepath}/${currentproductionpkg}/security/${nmasmthprodbase}/${nmasmethods}"
;;
"2")
# Upgrades Paths
do_title="Upgrade"
do_nici="${scriptbase}/${currentupgradebase}/${niciupgradedir}"
do_edir="${scriptbase}/${currentupgradebase}/${currentupgradepkg}/edircore"
do_secupd="${scriptbase}/${currentupgradebase}/${currentupgradepkg}/security/secupd/unix"
do_nmassvr="${scriptbase}/${currentupgradebase}/${currentupgradepkg}/security/${nmassvrupgradebase}/${nmasserver}"
do_nmasmth="${scriptbase}/${currentupgradebase}/${currentupgradepkg}/security/${nmasmthupgradebase}/${nmasmethods}"
clear
# f_pressanykey "No Current Upgrades Are Available!"
# return 0
;;
*)
f_write_and_log "Bad Option provided for Patch/Upgrade"
f_write_and_log "\nABORTING -- Bad Option provided for Patch/Upgrade"
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END $0\n"
exit 1
;;
esac
i_wherewewere=$PWD
t_title="Apply NICI $do_title"
f_checkyorn "$t_title ?"
ers=$?
if [ $ers -eq 1 ]
then
# f_niciupgrade will prompt to stop edir
f_write_and_log "\n$t_title"
clear
f_niciupgrade "${do_nici}"
f_write_and_log "\nReview /var/nds-install.log for details."
fi
t_title="eDirectory $do_title"
f_checkyorn "Apply $t_title ?"
ers=$?
if [ $ers -eq 1 ]
then
f_write_and_log "\nApplying $t_title"
f_ndscheckrunning
if [ "$THISERROR" -eq "0" ]
then
f_checkyorn "eDirectory is currently Running: Stop eDirectory ?"
ers=$?
if [ $ers -eq 1 ]
then
f_cmd /etc/init.d/nds stop
fi
else
msg="eDirectory is not running..."
fi
clear
cd "${do_edir}"
./install.sh -n
f_write_and_log "\nPerforming Security Updates."
cd "${do_secupd}"
./install.sh -n
f_write_and_log "\nPerforming NMAS Server Updates."
cd "${do_nmassvr}"
./install.sh -n
f_write_and_log "\nReview /var/nds-install.log for details."
cd $i_wherewewere
fi
f_ndscheckrunning
if [ "$THISERROR" -eq "0" ]
then
msg="eDirectory is installed and running..."
else
f_checkyorn "eDirectory is NOT currently Running: Start eDirectory ?"
ers=$?
if [ $ers -eq 1 ]
then
f_cmd /etc/init.d/nds start
fi
fi
t_title="NMAS Methods $do_title (Apply Once Per Tree)"
f_checkyorn "Apply $t_title ?"
ers=$?
if [ $ers -eq 1 ]
then
f_write_and_log "\nApplying $t_title"
clear
f_nmasmethodupdate "${do_nmasmth}"
cd $i_wherewewere
f_write_and_log "\nReview /var/nds-install.log for details."
fi
t_title="process to modify system configuration (ModifyInstall)"
f_checkyorn "Run $t_title ?"
ers=$?
if [ $ers -eq 1 ]
then
f_modifyinstall
fi
t_title="process to reset File Permissions (OwnerPermsFix)"
f_checkyorn "Run $t_title ?"
ers=$?
if [ $ers -eq 1 ]
then
f_osperms
fi
f_write_and_log "\nReview /var/nds-install.log for details."
}
###################################################################
# Installs NICI package in /$HostOS/setup/
# This does nto work correctly
# ISSUE
# Package names are different for each NICI version on Linux but not on Solaris.
# Packages must be uninstalled be fore re-installing them
# Not possable to determine version of NICI that we want to install
# nds-install greps itself to determine.
###################################################################
f_niciupgrade()
#arg_1=directory where package is stored
{
i_basepath=$1
f_nicigetversion
f_ndscheckrunning
if [ "$THISERROR" -eq "0" ]
then
f_checkyorn "eDirectory Will be stopped to Apply NICI Upgrade, continue ?"
ers=$?
if [ $ers -eq 1 ]
then
f_write_and_log "\nStoping eDirectory for NICI Upgrade."
f_cmd /etc/init.d/nds stop
else
f_write_and_log "\n User chose not to stop eDirectory for NICI Upgrade. Upgrade NOT Performed!"
return 1
fi
else
f_write_and_log "\n eDirectory is not running. Proceeding with NICI Upgrade."
fi
f_write_and_log "\nBEGIN Upgrading NICI under $HostOS $HostOSVer..."
if [ -z "$niciversion" ]
then
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END ERROR Current NICI version not found! f_niciupgrade"
else
f_write_and_log "\n Current NICI verion installed is: $niciversion"
fi
case $HostOS in
Linux)
i_setupdir="${i_basepath}/$HostOS"
#i_nicipkg="nici-2.6.5-0.01.i386.rpm"
if [ -f $setupdir/$i_nicipkg ]
then
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: ERROR could not find: $setupdir/$i_nicipkg! NICI not upgraded! f_niciupgrade"
f_checkyorn "ERROR could not find: $i_setupdir/$i_nicipkg!! NICI not upgraded! f_niciupgrade"
return 1
fi
nicitoinstallversion=`ls $i_setupdir |grep "nici-"|awk -F"-" '{print $2 }'`
f_write_and_log "\nUpdating NICI from $niciversion to $nicitoinstallversion..."
for i_nicipkg in `ls -1 $i_setupdir`
do
result=`rpm -Uvh $i_setupdir/$i_nicipkg 2>&1`
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: $method $result"
done
#rpm -Uvh $i_setupdir/$i_nicipkg
#es=$?
#echo $es
#f_checkerror $es "Failed to install $setupdir/$i_nicipkg... f_niciupgrade"
;;
SunOS)
i_setupdir="${i_basepath}/Solaris"
#f_write_and_log "\nNOTE: Follow Prompts, Ignore Dependancies and continue with the removal of this package!"
pkginfo | grep NOVLniu0 >/dev/null 2>&1
ers=$?
if [ $ers -eq 0 ]
then
f_write_and_log "\nRemoving NICI version $niciversion"
# Remove the current package ABSOLUTLY
pkgrm -n -a $scriptbase/Solaris/setup/admin.nds4s NOVLniu0
f_checkerror $? "Error Removing NICI Package NOVLniu0"
fi
for i_nicipkg in `ls -1 $i_setupdir`
do
result=`pkgadd -n -r $scriptbase/Solaris/setup/admin.nds4s -d $i_setupdir/$i_nicipkg -a $scriptbase/Solaris/setup/admin.nds4s NOVLniu0`
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: $method $result"
done
#pkgadd -n -r $scriptbase/Solaris/setup/admin.nds4s -d $i_setupdir/$i_nicipkg -a $scriptbase/Solaris/setup/admin.nds4s NOVLniu0
#f_checkerror $? "Installing NICI $setupdir/$i_nicipkg"
;;
*)
f_write_and_log "\nABORTING -- Unrecognized OS version: $HostOS"
f_fatalexiterror "Unrecognized OS version: $HostOS"
;;
esac
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END Upgrading NICI under $HostOS $HostOSVer."
return 0
}
###################################################################
# Install Identity Manager 2.x packages and extend the schema for DirXML
# Installs base IDM2.x packages onto server. Performs no Configuration of DirXML
# Includes - Engine update for IDM2.0.1 - TID2969825
# dirxml_platform.bin -DCLUSTER_INSTALL="true"
###################################################################
f_dirxml2xinst ()
{
i_title="Base IDM 2.x Install"
f_checkroot
f_checkerror $THISERROR
f_ndscheckinstalled
current_dir=`pwd`
f_write_and_log "\n $HostOS $HostOSVer...\n"
case $HostOS in
Linux)
i_dirname="/idm20/linux/setup"
i_installfilename="dirxml_linux.bin"
;;
SunOS)
i_dirname="/idm20/solaris/setup"
i_installfilename="dirxml_solaris.bin"
;;
*)
f_write_and_log "\nABORTING -- Unrecognized OS version: $HostOS"
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END $0\n"
f_fatalexiterror "Unrecognized OS version: $HostOS"
;;
esac
i_testfile="..$i_dirname/$i_installfilename"
f_write_and_log "\n$i_title"
if [ -f $i_testfile ]
then
cd ..$i_dirname
./$i_installfilename -DCLUSTER_INSTALL="true"
cd $current_dir
f_checkerror $es
f_checkyorn "Apply Current patches"
ers=$?
if [ $ers -eq 1 ]
then
f_dirxml2patches
else
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`:\nDirXML IDM2.x Patches not Applied."
fi
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`:\nReview <userhomedir>/dirXML/dirXML_InstallLog.log for installation details."
else
f_write_log "\n`date '+%Y-%m-%d %H:%M:%S'`: $i_testfile not found. DirXML2 Packge is not present to install!"
f_checkerror "1" " $i_testfile not found. "
f_pressanykey "$i_testfile not found. Press <Enter> to continue"
fi
# Run DirXML Schema Install so if it failed it will be there.
f_dirxmladdschema
unset i_testfile
f_pressanykey "$i_title. Press <Enter> to continue"
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END f_installIDM2x\n"
}
###################################################################
# Currently for For IDM2.01 Will patch to the current ir Release
# All patches for IDM Engine are in this function.
# Also calls f_dirxml2DriverUpdate to update Drivers/Shims etc
# Implements the following:
# Engine and Remote Loader update for IDM2.0.1 TID #: 2971539 idm201ir4.tgz
###################################################################
f_dirxml2patches ()
{
i_title="Engine and Remote Loader update for IDM2.0.1 TID: 2971539 idm201ir4.tgz"
srcdir="$scriptbase/idm20/upgrade"
f_write_and_log "\n installing $i_title"
case $HostOS in
# NOTE: THE lower case of directory names.....
Linux)
pkglocation="$scriptbase/idm20/upgrade/linux"
rpm -U --force $pkglocation/novell-DXMLbase-2.0.8-20050127.i386.rpm
rpm -U --force $pkglocation/novell-DXMLengn-2.0.8-20050127.i386.rpm
rpm -U --force $pkglocation/novell-DXMLevent-2.0.10-20050127.i386.rpm
rpm -U --force $pkglocation/novell-DXMLrdxml-2.0.8-20050127.i386.rpm
rpm -U --force $pkglocation/novell-NOVLjvml-2.0.10-20050127.i386.rpm
;;
SunOS)
pkglocation="$scriptbase/idm20/upgrade/solaris/"
pkgrm -A $pkglocation/DXMLbase
pkgrm -A $pkglocation/DXMLengn
pkgrm -A $pkglocation/DXMLevent
pkgrm -A $pkglocation/DXMLrdxml
pkgrm -A $pkglocation/NOVLjvml
pkgadd -d $pkglocation/DXMLbase.pkg
pkgadd -d $pkglocation/DXMLengn.pkg
pkgadd -d $pkglocation/DXMLevent.pkg
pkgadd -d $pkglocation/DXMLrdxml.pkg
pkgadd -d $pkglocation/NOVLjvml
;;
*)
f_write_and_log "\nABORTING -- Unrecognized OS version: $HostOS"
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END $0\n"
f_fatalexiterror "Unrecognized OS version: $HostOS"
;;
esac
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: ** Finished Applying $i_title"
f_dirxml2DriverUpdate
}
###################################################################
# Install DirXML 1.1a packages and extend the schema for DirXML
# FROM: b1nds-DXMLInst.sh
# Installs base DirXML packages onto server. Performs no Configuration of DirXML
###################################################################
f_dirxml1xinst ()
{
f_checkroot
f_checkerror $THISERROR
f_ndscheckinstalled
current_dir=`pwd`
f_write_and_log "\n $HostOS $HostOSVer...\n"
case $HostOS in
Linux)
i_dirname="Linux"
;;
SunOS)
i_dirname="Solaris"
;;
*)
f_write_and_log "\nABORTING -- Unrecognized OS version: $HostOS"
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END $0\n"
f_fatalexiterror "Unrecognized OS version: $HostOS"
;;
esac
i_testfile="../dirxml/$i_dirname/setup/dirxml-install"
f_write_and_log "\nInstalling DirXML 1.1a under $HostOS $HostOSVer..."
f_write_and_log "\nEnter admin password when prompted .........."
if [ -f $i_testfile ]
then
cd ../dirxml/$i_dirname/setup
./dirxml-install -u -c dirxml
cd $current_dir
f_checkerror $es
f_write_and_log "\nReview /var/dirxml1.1_install.log for DirXML installation details."
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Extending schema for DirXML..."
f_write_and_log "Logging in with $ADMINDOT...\n"
$bindir/ndsstat>/dev/null 2>&1
if [ $? -eq 0 ]
then
f_retrycommand '$bindir/dxmlconfig config "$ADMINDOT"'
else
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: eDirectory is not running -- make sure the schema is extended."
fi
else
f_write_log "\n`date '+%Y-%m-%d %H:%M:%S'`: $i_testfile not found. DirXML Packge is not present to install!"
f_checkerror "1" " $i_testfile not found. "
fi
unset i_testfile
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END f_dirxml1xinst\n"
}
###################################################################
# Currently for For IDM2.01
# Updates various Driver Fixes
# Updated LDAP driver for IDM2.0.1 - TID2969897
# destdir /usr/lib/dirxml/classes
# srcdir $menupwd/idm20/patches/ /usr/lib/dirxml/classes
###################################################################
f_dirxml2DriverUpdate ()
{
destdir="/usr/lib/dirxml/classes/"
srcdir="$scriptbase/idm20/driver_updates/idm201jdbcir1/"
i_title="Updated These updated files are for the JDBC 1.6 driver running with IDM2.0.1"
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: ** Update JDBC Driver"
i_file="CommonDriverShim.jar"
f_bkup $destdir$i_file
f_cmd cp $srcdir$i_file $destdir$i_file
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: ** Finished $i_file"
i_file="JDBCShim.jar"
f_bkup $destdir$i_file
f_cmd cp $srcdir$i_file $destdir$i_file
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: ** Finished $i_file"
i_file="JDBCUtil.jar"
f_bkup $destdir$i_file
f_cmd cp $srcdir$i_file $destdir$i_file
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: ** Finished $i_file"
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: ** $i_title"
i_title="Updated LDAP driver for IDM2.0.x TID 2970997 idm201ldapir4.tgz"
i_file="CommonDriverShim.jar"
f_bkup $destdir$i_file
f_cmd cp $srcdir$i_file $destdir$i_file
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: ** Finished $i_file"
i_file="LDAPShim.jar"
f_bkup $destdir$i_file
f_cmd cp $srcdir$i_file $destdir$i_file
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: ** Finished $i_file"
i_file="LDAPUtil.jar"
f_bkup $destdir$i_file
f_cmd cp $srcdir$i_file $destdir$i_file
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: ** Finished $i_file"
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: ** $i_title"
}
###################################################################
# For DirXML 1.1a
###################################################################
f_dirxmlfix1x ()
{
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: BEGIN f_dirxmlfix1x\n"
# Check to see if schema has evern been extended for DirXML on
# this server; if it has, don't do it again
if [ ! -f /var/nds/schema.log ] || [ -z "`grep vrschema.sch /var/nds/schema.log`" ] ; then
f_dirxmladdschema
fi
# Novell-supplied nds-install breaks DirXML; we are fixing it here
case $HostOS in
Linux)
# Check to see which version of DirXML is installed first
rpm -q --quiet novell-DXMLbase
if [ $? -eq 0 ]
then
f_write_and_log "\nIdentity Manager 2.0 detected... nothing to fix.\n"
else
# Looks like DirXML 1.1a, let's check it
rpm -qi NDSdxevnt | $XPG4grep -q "Version : 1.1.3"
if [ $? -ne 0 ]
then
f_checkyorn "Fix broken DirXML packages (requires ndsd restart)"
ers=$?
if [ $ers -eq 1 ]
then
f_write_and_log "\nFixing incorrect/missing NDSdxevnt...\n"
f_cmd /etc/init.d/nds stop
f_cmd rpm -Uvh ../dirxml/Linux/NDSdxevnt*
f_cmd /etc/init.d/nds start
fi
fi
fi
;;
SunOS)
# Check to see which version of DirXML is installed first
pkginfo -q DXMLbase
if [ $? -eq 0 ]
then
f_write_and_log "\nIdentity Manager 2.0 detected... nothing to fix.\n"
else
# Looks like DirXML 1.1a, let's check it
pkginfo -l NDSdxevnt 2>&1 | $XPG4grep -q "VERSION: 1.1.3"
if [ $? -ne 0 ]
then
f_checkyorn "Fix broken DirXML packages (requires ndsd restart)"
ers=$?
if [ $ers -eq 1 ]
then
f_write_and_log "\nFixing incorrect/missing NDSdxevnt...\n"
f_cmd /etc/init.d/nds stop
f_cmd pkgrm -n -a ../dirxml/Solaris/setup/admin.nds4s NDSdxevnt
f_cmd pkgadd -n -d ../dirxml/Solaris/NDSdxevnt.pkg -a ../dirxml/Solaris/setup/admin.nds4s NDSdxevnt
f_cmd /etc/init.d/nds start
fi
fi
fi
;;
*)
f_write_and_log "\nABORTING -- Unrecognized OS version: $HostOS"
f_fatalexiterror "Unrecognized OS version: $HostOS"
;;
esac
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END f_dirxmlfix1x\n"
}
###################################################################
# Installs any NMAS Methods in the Directory Provided
# Curent Production methods are in the ../nmas directory
# For updates to other methods supply the Directory ($1)
# The directory should be to the directories containing the methods
###################################################################
f_nmasmethodupdate ()
{
i_nmas=$1
i_wherewewere=$PWD
# Setup NMAS if present in distribution
if [ -d $i_nmas ]
then
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: BEGIN f_nmasmethodupdate\n"
f_write_and_log "Run this process ONCE per TREE"
f_checkyorn "Install/update Server methods (Run this process ONCE per TREE)"
ers=$?
if [ $ers -eq 1 ]
then
f_ndscheckrunning
if [ "$THISERROR" -eq "0" ]
then
msg="eDirectory is installed and running..."
else
f_checkyorn "eDirectory Must be Running to continue. Start eDirectory ?"
ers=$?
if [ $ers -eq 1 ]
then
f_cmd /etc/init.d/nds start
fi
fi
if [ -z "$PASS" ]
then
f_askndspassword
f_retrycommand f_checkpassword
fi
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Installing NMAS Methods in $i_nmas..."
result=`nmasinst -i $ADMINDOT $TREENAME -w $PASS 2>&1`
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: $result"
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: Installing/updating NMAS methods..."
for method in `ls -1 $i_nmas`
do
result=`nmasinst -addmethod $ADMINDOT $TREENAME $i_nmas/$method/config.txt -w $PASS 2>&1`
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: $method $result"
done
fi
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END f_nmasmethodupdate\n"
unset i_nmas
fi
}
###################################################################
# Installs NMAS Package
# Does NOT install methods see f_nmasmethodupdate ()
# f_nmasupdate
###################################################################
f_nmasupdate ()
{
if [ -d ../nmas ]
then
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: BEGIN f_nmasupdate\n"
# run Novell's Script for install.
cd ../nmas
./install.sh -n
cd $startedhere
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END f_nmasupdate\n"
fi
f_ndscheckrunning
if [ "$THISERROR" -eq "0" ]
then
msg="eDirectory is installed and running..."
else
f_checkyorn "eDirectory is NOT currently Running: Start eDirectory ?"
ers=$?
if [ $ers -eq 1 ]
then
f_cmd /etc/init.d/nds start
else
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: User choose not to start eDirectory. f_nmasupdate\n"
fi
fi
}
###################################################################
# Will send an email message to desired recipients
# i_recipient="$1"
# if i_recipient=help, we will dump out parameters
# i_subject="$2"
# i_msg="$3"
# if i_msg as a file exist, the message will be the contents
# NOTE: i_msg will be erased
# If parameters are not passed, a testing message is sent.
###################################################################
f_messagesend()
{
i_recipient="$1"
i_subject="$2"
i_msg="$3"
i_recipient=${i_recipient:="$EMAIL_NOTIFY"}
if [ "$i_recipient" = "help" ]
then
echo "recipient subject msg"
return 1
fi
i_subject=${i_subject:="TESTING Message From -`hostname` - `date`"}
i_msg=${i_msg:="Message is: Testing Message From -`hostname` - `date`"}
if [ -f "$i_msg" ]
then
i_msgfile="$i_msg"
else
i_msgfile=/tmp/EMAIL_BODY.$$
date > $i_msgfile
printf "\n$i_msg\n" >> $i_msgfile
fi
$mailer -s "$i_subject" "$i_recipient" < $i_msgfile
rm -f $i_msgfile
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END f_sendTestMessage\n"
}
###################################################################
# Stop ($1=stop) or start ($1=start) Aux services on server that
# Require eDirectory.
###################################################################
f_stopstartaux()
{
i_ss=$1
if [ "$i_ss" = "start" ]
then
## The umask and chmod is a workaround for a known problem. See:
## http://ino0l900.svr.bankone.net:8880/DirectoryWiki/Wiki.jsp?page=IManagerBlankPageOnLinuxAndSolaris
umask 022
chmod o+r /var/opt/novell/tomcat4/webapps/nps/portal/work/*.xsl
# Start them
case $HostOS in
Linux)
/etc/init.d/novell-httpd start
/etc/init.d/novell-tomcat4 start
;;
SunOS)
/var/opt/novell/httpd/bin/apachectl startssl
/var/opt/novell/tomcat4/bin/startup.sh
;;
*)
f_write_and_log "\nABORTING -- Unrecognized OS version: $HostOS"
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END $0\n"
f_fatalexiterror "Unrecognized OS version: $HostOS"
;;
esac
fi
if [ "$i_ss" = "stop" ]
then
# Stop them
case $HostOS in
Linux)
/etc/init.d/novell-httpd stop
/etc/init.d/novell-tomcat4 stop
;;
SunOS)
/var/opt/novell/httpd/bin/apachectl stop
/var/opt/novell/tomcat4/bin/shutdown.sh
;;
*)
f_write_and_log "\nABORTING -- Unrecognized OS version: $HostOS"
f_write_and_log "\n`date '+%Y-%m-%d %H:%M:%S'`: END $0\n"
f_fatalexiterror "Unrecognized OS version: $HostOS"
;;
esac
fi
}
###################################################################
# Verify the the host OS that this script is executing on is supported
# by the script
###################################################################
verifySupportedOS()
{
for CHECKOS in $SUPPORTED_OS
do
if [ "$HostOS" = "$CHECKOS" ]
then
return 1
fi
done
echo "Sorry, the \"$HostOS\" operating system is not supported by this installation script."
exit 1
}
###################################################################
# Clear the PKG_VERSION variables for an INSTALLED Package
###################################################################
clearPKGVersion()
{
PKG_VERSION_MAJOR=
PKG_VERSION_MINOR=
PKG_VERSION_REVISION=
PKG_VERSION_BUILD=
PKG_VERSION_RELEASE=
PKG_VERSION=
}
###################################################################
# Clear the PKGFILE_VERSION variables for a Package File
###################################################################
clearPKGFileVersion()
{
PKGFILE_VERSION_MAJOR=
PKGFILE_VERSION_MINOR=
PKGFILE_VERSION_REVISION=
PKGFILE_VERSION_BUILD=
PKGFILE_VERSION_RELEASE=
PKGFILE_VERSION_BASE=
PKGFILE_VERSION=
}
###################################################################
# Install SUN Package without response
# pkg=$1 = full path and name of DXMLengn.pkg
# pkgbasename=$2 = Name of package with no extension
###################################################################
SunOSinstallPkg()
{
pkg=$1
pkgbasename=$2
adminvar=$scriptbase/Solaris/setup/admin.nds4s
f_write_and_log "`date '+%Y-%m-%d %H:%M:%S'`: Adding package $pkg"
pkgadd -n -r $adminvar -d $pkg -a $adminvar $pkgbasename >> /dev/null 2>&1
ers=$?
if [ $ers -eq 1 ]
then
f_checkyorn "Error adding package $pkg continue ?"
ers=$?
if [ $ers -eq 0 ]
then
return 1;
fi
else
f_write_and_log "\n Success adding $package_dir/$pkg "
fi
}
###################################################################
# Remove SUN Package without response
# pkg=$1 = DXMLengn (To Remove) Shortname
###################################################################
SunOSremovePkg()
{
pkg=$1
if [ $pkg = "ntls" ]
then
pkg=NOVLntls
fi
adminvar=$scriptbase/Solaris/setup/admin.nds4s
str1=`gettext install "Removing"`
str2=`gettext install "package..."`
write_log "Removing $pkg..."
pkgrm -n -a $adminvar $pkg >> $LOGFILE 2>&1
if [ $? != 0 ]
then
str1=`gettext install "Uninstallation of "`
str2=`gettext install "package is not successful.Trying with system defaults..."`
write_log "Uninstallation of "$1" package is not successful.Trying with system defaults..."
pkgrm $pkg
SunOScheckForPackageExistence $pkg
if [ $pkg_exists = 0 ]
then
str1=`gettext install "removed successfully."`
write_log "$pkg removed successfully."
return 0
else
str1=`gettext install "ERROR : Failed to remove"`
str2=`gettext install "package."`
write_log "$instr $str1 $pkg $str2"
str1=`gettext install "Please remove"`
str2=`gettext install "package manually"`
write_and_log "$instr $str1 $pkg $str2"
return 1
fi
else
write_log "$pkg removed successfully."
return 0
fi
}
###################################################################
# Checks for packages Existence
# pkg=$1 = DXMLengn to check Shortname
# IF the package is present; the following parameters are set
# pkg_exists = 1 (Not exists=0)
# version = version of package
###################################################################
SunOScheckForPackageExistence()
{
pkg=$1
if [ $pkg = "ntls" ]
then
pkg="NOVLntls"
fi
if pkginfo -q $pkg 2>/dev/null
then
pkg_exists=1
version=`pkgparam $pkg VERSION`
else
pkg_exists=0
fi
}
###################################################################
# Checks for packages Existence
# pkg=$1 = DXMLengn to check Shortname
# IF the package is present; the following parameters are set
# pkg_exists = 1 (Not exists=0)
# version = version of package
###################################################################
LinuxcheckForPackageExistence()
{
pkg=$1
if rpm -q $pkg >> /dev/null 2>&1
then
pkg_exists=1
version=`rpm -qi $pkg 2>/dev/null | grep "Version" | $AWK '{print $3}'`
else
pkg_exists=0
fi
}
###################################################################
# Install Linux Package without response
# pkg=$1 = Full Path and name of package
# pkgbasename=$2 = Name of package with no extension
###################################################################
LinuxinstallPkg()
{
pkg=$1
pkgname=$2
if ! rpm -q $2 >/dev/null 2>&1
then
if [ "$pkgname" = "NOVLembox" ]
then
if ! rpm -ivh --nodeps $1 >> /dev/null 2>&1
then
return 1
else
write_log "$pkg installed successfully"
return 0
fi
fi
if ! rpm -ivh $rpmforce $1 >> /dev/null 2>&1
then
return 1
else
write_log "$pkg installed successfully"
return 0
fi
fi
}
###################################################################
# Remove SUN Package without response
# pkg=$1 = Name of Package
###################################################################
LinuxremovePkg()
{
pkg=$1
if rpm -q $pkg >/dev/null
then
if ! rpm -e --nodeps $pkg >> /dev/null 2>&1
then
str1=`gettext install "ERROR : Failed to remove"`
str2=`gettext install "package."`
write_log "$instr $str1 $pkg $str2"
return 1
else
write_log "$pkg removed successfully"
return 0
fi
fi
}
###################################################################
# Display a note on the screen to the user.
# It will 'bordered' by equal signs (eg: ====).
# pkg=$1 = Message
###################################################################
f_dispnote()
{
f_write_and_log "==================================== NOTE ===================================="
f_write_and_log "$1"
f_write_and_log "=============================================================================="
}
# This will help in determing errors that could exist in this script.
f_write_and_log "$THIS_SCRIPT Version $T_VER loaded successfully"
###################################################################
# Display a dots on the screen to the user.
# $1 = How many seconds between dots?
###################################################################
function dots ()
{
SEC=$1 # How many seconds between dots?
while true
do
sleep $SEC
echo ".\c"
done
}
######################################################################
# Need to clear any varibles not needed as this script is loaded within
# other scripts.
######################################################################
unset THIS_SCRIPT
unset T_VER
##########################################################
# BEGINNING OF MAIN
##########################################################
# We do not do exectuions iin this script.
# It is expected that the script will be used by other scripts.
# This will help in determing errors that could exist in this script.
f_write_and_log "SHAREDFUNCTIONS Version $SHAREDFUNCTIONS_VER loaded successfully"
######################################################################
# Need to clear any varibles not needed as this script is loaded within
# other scripts.
######################################################################
unset T_THIS_SCRIPT
unset SHAREDFUNCTIONS_VER
