initial import

CHANGELOG

@@ -0,0 +1,3 @@
+2013-03-08 Ulrich Schwickerath <ulrich.schwickerath at cern.ch>
+
+    * First Release

LICENSE

@@ -0,0 +1,19 @@
+Copyright 1990-2013 CERN and Members of the EGEE Collaboration
+
+This work has been partially funded by the EU Commission (contract
+INFSO-RI-222667) under the EGEE-III collaboration.
+See http://www.eu-egee.org/partners/ for details on the copyright holders.
+
+Licensed under the Apache License, Version 2.0 (the "License"); 
+you may not use this file except in compliance with the License. 
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing,
+software distributed under the License is distributed on an
+"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+either express or implied. See the License for the specific
+language governing permissions and limitations under the 
+License.
+

Modulefile

@@ -0,0 +1,8 @@
+name    'vosupport'
+version '0.0.1'
+author 'schwicke'
+license 'Apache License, Version 2.0 (the "License")'
+summary 'VO default definitions and setup tools'
+description 'This modules provides classes and definitions required to setup a list of supported VOs.'
+project_page 'http://www.eu-emi.eu/'
+dependency 'puppetlabs/stdlib'

README

@@ -0,0 +1 @@
+

files/getuid.rb

@@ -0,0 +1,47 @@
+#!/usr/bin/env ruby
+require 'rubygems'
+require 'etc'
+require 'yaml'
+require 'net/ldap'
+
+def populateFromLdap
+  getUIDof = Hash.new()
+  getUIDof["uid"] = Hash.new()
+  getUIDof["gid"] = Hash.new()
+  ldap = Net::LDAP.new
+  ldap.host = "xldap.cern.ch"
+  ldap.port = "389"
+
+  is_authorized = ldap.bind
+  filter = "displayname = *Grid-User*"
+  attrs = ["name", "uidNumber", "gidNumber", "displayName"]
+  ldap.search( :base => "ou=Users,ou=Organic Units,dc=cern,dc=ch", :attributes => attrs, :filter => filter, :return_result => true ) do |entry|
+    name = ""
+    uid  = ""
+    gid  = ""
+    entry.attribute_names.each do |n|
+      case "#{n}"
+      when "name"
+        name = "#{entry[n]}"
+      when "uidnumber"
+        uid = "#{entry[n]}"
+      when "gidnumber"
+        gid = "#{entry[n]}"
+      end
+    end
+    getUIDof["uid"][name] = uid.to_s()
+    getUIDof["gid"][name] = gid.to_s() 
+  end  
+  return getUIDof
+end
+
+cachedir = '/var/cache/poolaccounts'
+cachefile = cachedir + '/uids.yaml'
+newcache  = cachefile + '.new'
+getUIDof = populateFromLdap()
+File.open(newcache,"w") do |f|
+  YAML.dump(getUIDof, f)
+end
+if (File.size?(newcache))
+  File.rename(newcache,cachefile)
+end

lib/puppet/parser/functions/getuid.cron

@@ -0,0 +1,71 @@
+#
+#
+#
+module Puppet::Parser::Functions
+  newfunction(:getuids, :type => :rvalue, :doc =><<-EOS
+This function queries the password file and filters for grid pool accounts.
+it returns a two dimensional hash containing uids and gids for these accounts
+
+EOS
+              ) do |args|
+
+    require 'rubygems'
+    require 'etc'
+    require 'yaml'
+    require 'net/ldap'
+
+    def populateFromPasswd 
+      getUIDof = Hash.new()
+      getUIDof["uid"] = Hash.new()
+      getUIDof["gid"] = Hash.new()
+      Etc.passwd {|u| 
+        if (u.gecos =~ /Grid-User/)
+          uname = u.name
+          getUIDof["uid"][uname.to_s()] = u.uid.to_s() 
+          getUIDof["gid"][uname.to_s()] = u.gid.to_s() 
+        end
+      }
+      return getUIDof
+    end
+
+    def populateFromLdap
+      getUIDof = Hash.new()
+      getUIDof["uid"] = Hash.new()
+      getUIDof["gid"] = Hash.new()
+      ldap = Net::LDAP.new
+      ldap.host = "xldap.cern.ch"
+      ldap.port = "389"
+
+      is_authorized = ldap.bind
+      filter = "displayname = *Grid-User*"
+      attrs = ["name", "uidNumber", "gidNumber", "displayName"]
+      ldap.search( :base => "ou=Users,ou=Organic Units,dc=cern,dc=ch", :attributes => attrs, :filter => filter, :return_result => true ) do |entry|
+        name = ""
+        uid  = ""
+        gid  = ""
+        entry.attribute_names.each do |n|
+          case "#{n}"
+          when "name"
+            name = "#{entry[n]}"
+          when "uidnumber"
+            uid = "#{entry[n]}"
+          when "gidnumber"
+            gid = "#{entry[n]}"
+          end
+        end
+        getUIDof["uid"][name] = uid.to_s()
+        getUIDof["gid"][name] = gid.to_s() 
+      end  
+      return getUIDof
+    end
+
+
+    filename = '/var/cache/uids.yaml'
+    if (File.exists?(filename))
+      getUIDof = YAML.load(File.open(filename)) 
+    else
+      getUIDof = populateFromLdap()
+    end
+    return getUIDof
+  end
+end

lib/puppet/parser/functions/getuids.rb

@@ -0,0 +1,71 @@
+#
+#
+#
+module Puppet::Parser::Functions
+  newfunction(:getuids, :type => :rvalue, :doc =><<-EOS
+This function queries the password file and filters for grid pool accounts.
+it returns a two dimensional hash containing uids and gids for these accounts
+
+EOS
+              ) do |args|
+
+    require 'rubygems'
+    require 'etc'
+    require 'yaml'
+    require 'net/ldap'
+
+    def populateFromPasswd 
+      getUIDof = Hash.new()
+      getUIDof["uid"] = Hash.new()
+      getUIDof["gid"] = Hash.new()
+      Etc.passwd {|u| 
+        if (u.gecos =~ /Grid-User/)
+          uname = u.name
+          getUIDof["uid"][uname.to_s()] = u.uid.to_s() 
+          getUIDof["gid"][uname.to_s()] = u.gid.to_s() 
+        end
+      }
+      return getUIDof
+    end
+
+    def populateFromLdap
+      getUIDof = Hash.new()
+      getUIDof["uid"] = Hash.new()
+      getUIDof["gid"] = Hash.new()
+      ldap = Net::LDAP.new
+      ldap.host = "xldap.cern.ch"
+      ldap.port = "389"
+
+      is_authorized = ldap.bind
+      filter = "displayname = *Grid-User*"
+      attrs = ["name", "uidNumber", "gidNumber", "displayName"]
+      ldap.search( :base => "ou=Users,ou=Organic Units,dc=cern,dc=ch", :attributes => attrs, :filter => filter, :return_result => true ) do |entry|
+        name = ""
+        uid  = ""
+        gid  = ""
+        entry.attribute_names.each do |n|
+          case "#{n}"
+          when "name"
+            name = "#{entry[n]}"
+          when "uidnumber"
+            uid = "#{entry[n]}"
+          when "gidnumber"
+            gid = "#{entry[n]}"
+          end
+        end
+        getUIDof["uid"][name] = uid.to_s()
+        getUIDof["gid"][name] = gid.to_s() 
+      end  
+      return getUIDof
+    end
+
+
+    filename = '/var/cache/poolaccounts/uids.yaml'
+    if (File.exists?(filename))
+      getUIDof = YAML.load(File.open(filename)) 
+    else
+      getUIDof = populateFromLdap()
+    end
+    return getUIDof
+  end
+end

lib/puppet/provider/poolhome/poolhome.rb

@@ -0,0 +1,82 @@
+Puppet::Type.type(:poolhome).provide(:poolhome) do
+  desc "ensure that pool home directories are present"
+
+  def create
+    expand(resource[:start],resource[:number],resource[:prefix],resource[:digits]).each { |accountname|
+      homedir = resource[:homeroot] + '/' + accountname
+      #notice("Creating "+homedir)
+      if (! File.directory?(homedir) ) 
+        uid = getUID(accountname)
+        gid = getGID(accountname)
+        if (uid > 0 && gid > 0)
+          Dir.mkdir(homedir,0700)
+          File.chown(uid,gid,homedir)
+          #notice("created "+homedir+" with uid="+uid.to_s()+" and gid="+gid.to_s())
+        else
+          fail("Cannot create directory")
+        end
+      end 
+    }
+  end
+
+  def getUID(name)
+    poolUidGids = resource[:uidmap]
+    lookup = poolUidGids["uid"][name]
+    #notice(lookup)
+    if (lookup != "") 
+      uid = lookup.to_i()
+    else 
+      uid = 0
+    end
+    return uid
+  end
+
+  def getGID(name)
+    poolUidGids = resource[:uidmap]
+    lookup = poolUidGids["gid"][name]
+    #notice(lookup)
+    if (lookup != "")
+      gid = lookup.to_i()
+    else 
+      gid = 0
+    end
+    return gid
+  end
+
+  def destroy
+    # we don't destroy the home directories again ...
+  end
+
+  def exists?
+    #notice("checking pool accounts")
+    exists = true
+    expand(resource[:start],resource[:number],resource[:prefix],resource[:digits]).each { |accountname|
+      homedir = resource[:homeroot] + '/' + accountname
+      if (! File.directory?(homedir) )
+        #notice("Directory "+homedir+" is missing")
+        exists = false
+      end
+    }
+    #if (exists)
+    #  notice("All home directories exist")
+    #else
+    #  notice("Some pool account home directories are missing. Will try to create them.")
+    #end
+    return exists
+  end
+
+  def expand(from,number,prefix,digits)
+    expanded = []
+    if ("0" == digits.to_s) 
+      expanded.push(prefix)
+    else
+      (from.to_s.to_i() .. (from.to_s.to_i()+number.to_s.to_i()-1)).each { |c|
+        format = '%.'+digits.to_s()+'d'
+        name=prefix + (format % c).to_s()
+        expanded.push(name)
+      }
+    end
+    return expanded
+  end
+
+end

lib/puppet/type/poolhome.rb

@@ -0,0 +1,63 @@
+Puppet::Type.newtype(:poolhome) do 
+  @doc = "ensure that the home directory exists and is owned by the right account"
+  ensurable
+
+  newparam(:prefix) do 
+    desc "account prefix"
+    validate do |value|
+      unless  value =~ /^[a-zA-Z]+/
+        raise ArgumentError , "%s invalid prefix name" % value
+      end
+    end
+    isnamevar
+  end
+
+  newparam(:number) do 
+    desc "number of pool accounts to be created"
+    defaultto 10
+    validate do |value|
+      unless  value.to_s =~ /^[\d]+/
+        raise ArgumentError , "number of pool accounts must be an integer: \"%s\"" % value
+      end
+    end
+  end
+
+
+  newparam(:start) do 
+    desc "first number to start with"
+    defaultto "1"
+    validate do |value|
+      unless  value.to_s =~ /^[\d]+$/
+        raise ArgumentError , "\"%s\" first number must be an integer" % value
+      end
+    end
+  end
+
+  newparam(:digits) do 
+    desc "number of digits"
+    defaultto "3"
+    validate do |value|
+      unless  value.to_s =~ /^[\d]$/
+        raise ArgumentError , "\"%s\" number of digits must be an integer" % value
+      end
+    end
+  end
+
+  newparam(:homeroot) do 
+    desc "permissions of the secret"
+    defaultto "/pool/grid"
+    validate do |value|
+      unless  value =~ /^\/[\/\w]+$/
+        raise ArgumentError , "\"%s\" must be a valid absolute path" % value
+      end
+    end
+  end
+
+  newparam(:uidmap) do 
+    desc "..."
+    defaultto [ "uid" => ["cms001" => "123"],
+                "gid" => ["cms001" => "234"], 
+              ] 
+  end
+
+end