Difference between revisions of "Lazy Admin Tools"
Unnilennium (talk | contribs) |
|||
(4 intermediate revisions by 3 users not shown) | |||
Line 52: | Line 52: | ||
===Installation=== | ===Installation=== | ||
− | ====Smecontribs repository for SME Server 8.0==== | + | ====Smecontribs repository for SME Server 8.0 and newer==== |
yum install --enablerepo=smecontribs smeserver-lazy_admin_tools smeserver-userpanel smeserver-mailsorting | yum install --enablerepo=smecontribs smeserver-lazy_admin_tools smeserver-userpanel smeserver-mailsorting | ||
Line 141: | Line 141: | ||
As you can see this is a quick example of what you can do with this contribs, you can take this as an example for all your needs. | As you can see this is a quick example of what you can do with this contribs, you can take this as an example for all your needs. | ||
+ | |||
+ | ===Server Migration=== | ||
+ | ====Migrate user accounts to a new server==== | ||
+ | Perhaps your SME server was first installed in 2005 or earlier, and has suffered at your hands over the years as you tested add-ons, contribs, and procedures. | ||
+ | |||
+ | The time has come to start fresh -- but you don't want to have to reconfigure all of your users' computers, phones, tablets, etc. | ||
+ | |||
+ | Using Lazy Admin Tools, you can migrate your user accounts to a shiny new server -- with their existing passwords. Transferring their existing email folders is also relatively simple. | ||
+ | |||
+ | Assumptions: | ||
+ | * Existing SME server '''legacySME''' | ||
+ | ** ssh access enabled using port xxx | ||
+ | ** IP address is legacySME_IP | ||
+ | * Existing or newly installed SME server '''newSME''' | ||
+ | ** use the same domain name that was used by '''legacySME''' | ||
+ | ** disable DHCP | ||
+ | |||
+ | Results: | ||
+ | * User accounts and passwords from '''legacySME''' will be created on '''newSME''' | ||
+ | :(optionally transfer user files and email) | ||
+ | * Users' devices will have access to email on '''newSME''' without any reconfiguration | ||
+ | |||
+ | |||
+ | ;1. On '''legacySME''' | ||
+ | : Create Lazy Admin Tools backup files | ||
+ | <div style="margin-left: 2em;"> | ||
+ | <nowiki>mkdir /root/lat | ||
+ | cd /root/lat | ||
+ | lat-dump -d</nowiki> | ||
+ | </div> | ||
+ | |||
+ | ;2. On '''newSME''' | ||
+ | : Copy the files from '''legacySME''' | ||
+ | : (scp uses an uppercase "P" to specify the ssh port number) | ||
+ | <div style="margin-left: 2em;"> | ||
+ | <nowiki>mkdir /root/lat | ||
+ | scp -P xxx root@legacySME_IP:/root/lat/* /root/lat</nowiki> | ||
+ | </div> | ||
+ | |||
+ | : Restore the user accounts and passwords from '''legacySME''' on '''newSME''' | ||
+ | :: lat-dump from '''legacySME''' created a file called ''lat-restore'' that shows the commands required to restore everything that was backed up. To create the user accounts from '''legacySME''' on '''newSME''' you need to run the ''lat-users'' and ''lat-shadow'' commands. The commands below will execute these two commands, but you could also review the contents of ''lat-restore'' and run these two commands manually. | ||
+ | <div style="margin-left: 2em;"> | ||
+ | <nowiki>$(grep lat-users lat-restore) | ||
+ | $(grep lat-shadow lat-restore)</nowiki> | ||
+ | </div> | ||
+ | |||
+ | : Optional - transfer users' files (including email) | ||
+ | ::The commands below will transfer all of the user files and email from '''legacySME''' to '''newSME''' | ||
+ | ::(ssh uses a lowercase "p" when specifying the port number) | ||
+ | <div style="margin-left: 2em;"> | ||
+ | <nowiki># get the user files and folders from the old server | ||
+ | rsync -rltzq -e "ssh -p xxx" "root@legacySME_IP:/home/e-smith/files/users/" "/home/e-smith/files/users/" | ||
+ | # | ||
+ | # fix file ownership for all users | ||
+ | cd /home/e-smith/files/users | ||
+ | for f in *; do chown -R $f:$f $f; done</nowiki> | ||
+ | </div> | ||
+ | |||
+ | ;3. Cleanup | ||
+ | * On '''legacySME''' | ||
+ | ** Turn it off and disconnect it | ||
+ | *: or | ||
+ | ** Run <tt>su admin</tt> and: | ||
+ | *** Change the hostname | ||
+ | *** Change the IP address | ||
+ | *** Disable DHCP (if it is enabled) | ||
+ | * On '''newSME''' | ||
+ | ** Run <tt>su admin</tt> and: | ||
+ | *** Change the hostname to '''legacySME''' (the original name of the old server) | ||
+ | *** Change the IP address to '''legacySME_IP''' | ||
+ | *** Enable DHCP (if it was enabled on '''legacySME''') | ||
+ | * Other Considerations | ||
+ | ** SSL Certificates | ||
+ | *: If you had a commercial or LetsEncrypt certificate on '''legacySME''', you will need to set it up on the new server, too. | ||
+ | ** Repeated data transfers | ||
+ | *: The <tt>rsync</tt> command shown above does *not* delete files from '''newSME''' that have been deleted from '''legacySME'''. If you choose to do the process above, test the new server, then repeat the data transfer -- your users will see some emails returned to their inbox that they had filed or deleted. To prevent this, add "-delete-before" to the rsync command: | ||
+ | *:<tt>rsync -rltzq -delete-before -e "ssh -p xxx" "root@legacySME:/home/e-smith/files/users/" "/home/e-smith/files/users/"</tt> | ||
+ | **'''legacySME''' vs '''legacySME_IP''' | ||
+ | *: Since '''newSME''' is using the same domain name as '''legacySME''', it will not find '''legacySME''' by name unless you add it in server-manager as a host. If you do that, you'll also have to delete that entry before renaming '''newSME''' at the end. It is easier to use the '''legacySME_IP''' for scp and rsync. | ||
===Forum References=== | ===Forum References=== | ||
Line 147: | Line 226: | ||
== Known issues== | == Known issues== | ||
+ | |||
+ | === Users from SME 8.0 === | ||
+ | In issue [https://forums.contribs.org/index.php/topic,53238.msg275866.html#msg275866 lat tools on SME 9.2], gsimpson reporte that user accounts on the new SME server were locked and needed the password reset. mmccarn replied that running the following resolved the issue. | ||
+ | |||
+ | <div style="margin-left: 2em;"><pre> | ||
+ | # force password restore from SME 8.2 | ||
+ | cd /root/lat-dump | ||
+ | /usr/sbin/lat-shadow -a -i=mail.shadow -f | ||
+ | signal-event post-upgrade; signal-event reboot</pre> | ||
+ | </div> | ||
===Large user database=== | ===Large user database=== | ||
Line 176: | Line 265: | ||
Only released version in smecontrib are listed here. | Only released version in smecontrib are listed here. | ||
− | {{ #smechangelog: smeserver-lazy_admin_tools | + | {{ #smechangelog: smeserver-lazy_admin_tools}} |
[[Category: Contrib]] [[Category:Howto]] [[Category:Administration]] | [[Category: Contrib]] [[Category:Howto]] [[Category:Administration]] |
Latest revision as of 20:27, 24 July 2017
Version
Description
The Lazy Administrator's Tools is a set of scripts designed to automate batch tasks and administration jobs for SME servers. Currently the following tools are available:
Available functions
Command | Description |
---|---|
lat-users on wiki documentation | add/delete users (and their directories) |
lat-groups on wiki documentation | add/delete groups |
lat-pseudonyms on wiki documentation | add/delete e-mail pseudonyms for individual users |
lat-ibays on wiki documentation | add/delete ibays (and its directories) |
lat-quota on wiki documentation | set the disk quota for individual users |
lat-procmail on wiki documentation | activate or deactivate procmail for individual users |
lat-hosts on wiki documentation | add hostnames to the server |
lat-pptp on wiki documentation | activate or deactivate pptp access for individualusers |
lat-domains on wiki documentation | create virtual domains |
lat-dump on wiki documentation | create input files for the above, using the configuration files of the SME servers. |
lat-shadow on wiki documentation | transfer crypted password from a SME Server to another |
Installation
Smecontribs repository for SME Server 8.0 and newer
yum install --enablerepo=smecontribs smeserver-lazy_admin_tools smeserver-userpanel smeserver-mailsorting signal-event post-upgrade; signal-event reboot
Upgrade notes
1. If you are upgrading from a version prior to 0.7.0-1, don't forget to remove manually the old scripts. Yum will not be able to find and remove them for you.
2. As from version 0.7.0-1 the arguments for lat-groups have changed. Please refer to 'man lat-groups' or to the examples in /usr/doc/lazy-admin-tools for the new format.
Usage
Each tool has its own comprehensive man page. See `man lazy-admin-tools` for an overview of the tools that have been installed.
All tools follow the same concept:
1. Arguments can be specified on the command line (--command-line), or in a file (--input-file) for batch processing.
2. If the arguments are specified on the command line, the arguments must be between quotes (e.g. -c="foo | bar | baz")
3. Most tools recognize the wildcards * and ? in the first argument (e.g -c="foo* | bar | baz").
4. See the various examples in /usr/doc/lazy-admin-tools for the format of the input file.
Easy Scripting
The purpose is to made an easy and quick script to play with the lazzy admin tools when you want to add a user
nano script-lazy
#!/bin/bash read -p "set the login (mandatory field) : " login read -p "set the firstname (mandatory field) : " firstname read -p "set the lastname (mandatory field) : " lastname read -p "set the password : " password read -p "set the first group : " group1 read -p "set the second group : " group2 read -p "set the Limit with grace period (M or G) : " quota1 read -p "set the Absolute limit (M or G) : " quota2 lat-users -a -c "$login|$firstname|$lastname|$password|||||||||$group1|$group2" lat-quota -c "$login|$quota1|$quota2" read -p "Do you want to launch it again, then type enter, else ctrl+c: " /usr/bin/script-lazy
Or this one if you want to have some default values.
#!/bin/bash read -p "set the login (mandatory field) : " login read -p "set the firstname (mandatory field) : " firstname read -p "set the lastname (mandatory field) : " lastname read -p "set the password : " password group1='bpa_tap_adultes' group2='eleves' quota1='150M' quota2='152M' lat-users -a -c "$login|$firstname|$lastname|$password|||||||||$group1|$group2" lat-quota -c "$login|$quota1|$quota2" read -p "Do you want to launch it again, then type enter, else ctrl+c: " /usr/bin/script-lazy
Then
chmod 755 script-lazy mv script-lazy /usr/bin
to launch the script then do
script-lazy
As you can see this is a quick example of what you can do with this contribs, you can take this as an example for all your needs.
Server Migration
Migrate user accounts to a new server
Perhaps your SME server was first installed in 2005 or earlier, and has suffered at your hands over the years as you tested add-ons, contribs, and procedures.
The time has come to start fresh -- but you don't want to have to reconfigure all of your users' computers, phones, tablets, etc.
Using Lazy Admin Tools, you can migrate your user accounts to a shiny new server -- with their existing passwords. Transferring their existing email folders is also relatively simple.
Assumptions:
- Existing SME server legacySME
- ssh access enabled using port xxx
- IP address is legacySME_IP
- Existing or newly installed SME server newSME
- use the same domain name that was used by legacySME
- disable DHCP
Results:
- User accounts and passwords from legacySME will be created on newSME
- (optionally transfer user files and email)
- Users' devices will have access to email on newSME without any reconfiguration
- 1. On legacySME
- Create Lazy Admin Tools backup files
mkdir /root/lat cd /root/lat lat-dump -d
- 2. On newSME
- Copy the files from legacySME
- (scp uses an uppercase "P" to specify the ssh port number)
mkdir /root/lat scp -P xxx root@legacySME_IP:/root/lat/* /root/lat
- Restore the user accounts and passwords from legacySME on newSME
- lat-dump from legacySME created a file called lat-restore that shows the commands required to restore everything that was backed up. To create the user accounts from legacySME on newSME you need to run the lat-users and lat-shadow commands. The commands below will execute these two commands, but you could also review the contents of lat-restore and run these two commands manually.
$(grep lat-users lat-restore) $(grep lat-shadow lat-restore)
- Optional - transfer users' files (including email)
- The commands below will transfer all of the user files and email from legacySME to newSME
- (ssh uses a lowercase "p" when specifying the port number)
# get the user files and folders from the old server rsync -rltzq -e "ssh -p xxx" "root@legacySME_IP:/home/e-smith/files/users/" "/home/e-smith/files/users/" # # fix file ownership for all users cd /home/e-smith/files/users for f in *; do chown -R $f:$f $f; done
- 3. Cleanup
- On legacySME
- Turn it off and disconnect it
- or
- Run su admin and:
- Change the hostname
- Change the IP address
- Disable DHCP (if it is enabled)
- On newSME
- Run su admin and:
- Change the hostname to legacySME (the original name of the old server)
- Change the IP address to legacySME_IP
- Enable DHCP (if it was enabled on legacySME)
- Run su admin and:
- Other Considerations
- SSL Certificates
- If you had a commercial or LetsEncrypt certificate on legacySME, you will need to set it up on the new server, too.
- Repeated data transfers
- The rsync command shown above does *not* delete files from newSME that have been deleted from legacySME. If you choose to do the process above, test the new server, then repeat the data transfer -- your users will see some emails returned to their inbox that they had filed or deleted. To prevent this, add "-delete-before" to the rsync command:
- rsync -rltzq -delete-before -e "ssh -p xxx" "root@legacySME:/home/e-smith/files/users/" "/home/e-smith/files/users/"
- legacySME vs legacySME_IP
- Since newSME is using the same domain name as legacySME, it will not find legacySME by name unless you add it in server-manager as a host. If you do that, you'll also have to delete that entry before renaming newSME at the end. It is easier to use the legacySME_IP for scp and rsync.
Forum References
Known issues
Users from SME 8.0
In issue lat tools on SME 9.2, gsimpson reporte that user accounts on the new SME server were locked and needed the password reset. mmccarn replied that running the following resolved the issue.
# force password restore from SME 8.2 cd /root/lat-dump /usr/sbin/lat-shadow -a -i=mail.shadow -f signal-event post-upgrade; signal-event reboot
Large user database
it has been reported that large user imports might be really long ( 60s per user in SME server already containing 4000 users) (see bugzilla:7545).
This script is using sme internal processing. The purpose of doing so is to do everything that is included by other contribs.
S95ldap-update-simple is called with user-modify user-create, group-modify and group-create events. S56update-domain-group-maps is called with the same events. These events allow also the full creation of the user, but have the adverse effect to be really long during large user importation.
A workaround to avoid this could be to: - disable ldap in the db configuration during the import (if you have not enable ldap auth) - or temporally remove the link inside the events to this two scripts and create them back after import.
and revert back theses change after importation and then running the signal event once (user-modify)
Man page are not up to date
Some update is needed for lat-users, lat-procmail and lat-shadow. First is missing -n option, second is stating -a option that in fact does not exist, and third is not working. see Bugzilla:7702
Bugs
Please raise bugs under the SME-Contribs section in bugzilla and select the e-smith-lazy_admin_tools component or use this link .
ID | Product | Version | Status | Summary (4 tasks) ⇒ |
---|---|---|---|---|
12419 | SME Contribs | 10.0 | UNCONFIRMED | lat-users error "The user ID should be greater or equal to 5025" |
12352 | SME Contribs | 10.0 | CONFIRMED | Install from git repo fails due to .gitignore file in empty directory (needed to track empty directories) |
9111 | SME Contribs | 9beta | UNCONFIRMED | NFR: add handling of "Comment" property in lat-hosts |
8504 | SME Contribs | 8.1 | CONFIRMED | stopping lazy admin tools with "CTRL+C" leaves SME db buggy |
Changelog
Only released version in smecontrib are listed here.
- add update event to prevent yum to ask for a reboot [SME: 11033]
- Initial import in SME10 tree [SME: 11033]
- fix error in lat pseudonym, missing character [SME: 5423]
2016/02/09 stephane de Labrusse 1.1-3.sme
- Roll new rpm for sme9
- fix lat-users delete too long due to groups [SME: 8503]