Difference between revisions of "Lazy Admin Tools"

From SME Server
Jump to navigationJump to search
 
(One intermediate revision by the same user not shown)
Line 226: Line 226:
  
 
== Known issues==
 
== Known issues==
 +
 +
=== Users from SME 8.0 ===
 +
In issue [https://forums.contribs.org/index.php/topic,53238.msg275866.html#msg275866 lat tools on SME 9.2], gsimpson reporte that user accounts on the new SME server were locked and needed the password reset. mmccarn replied that running the following resolved the issue.
 +
 +
<div style="margin-left: 2em;"><pre>
 +
# force password restore from SME 8.2
 +
cd /root/lat-dump
 +
/usr/sbin/lat-shadow -a -i=mail.shadow -f
 +
signal-event post-upgrade; signal-event reboot</pre>
 +
</div>
  
 
===Large user database===
 
===Large user database===

Latest revision as of 20:27, 24 July 2017

Version

Contrib 10:
Contrib 9:
smeserver-lazy_admin_tools
The latest version of smeserver-lazy_admin_tools is available in the SME repository, click on the version number(s) for more information.



Description

The Lazy Administrator's Tools is a set of scripts designed to automate batch tasks and administration jobs for SME servers. Currently the following tools are available:

Important.png Note:
This HowTo is based on a version created for SME 5.5/5.6/6.0 by Michiel Blotwijk. A new version for sme7.x has been created by J Bennett and is the rpm referred to in the Installation section below. For the SME Server 8 and 9 all binaries are in smecontribs.

The original version information can be found here


Available functions

Command Description
lat-users on wiki documentation add/delete users (and their directories)
lat-groups on wiki documentation add/delete groups
lat-pseudonyms on wiki documentation add/delete e-mail pseudonyms for individual users
lat-ibays on wiki documentation add/delete ibays (and its directories)
lat-quota on wiki documentation set the disk quota for individual users
lat-procmail on wiki documentation activate or deactivate procmail for individual users
lat-hosts on wiki documentation add hostnames to the server
lat-pptp on wiki documentation activate or deactivate pptp access for individualusers
lat-domains on wiki documentation create virtual domains
lat-dump on wiki documentation create input files for the above, using the configuration files of the SME servers.
lat-shadow on wiki documentation transfer crypted password from a SME Server to another


Warning.png Warning:
SME Server 7.x supports the use of '@' in pseudonyms, but lat-pseudonym does not by default. See this forum post for a work-around. SME8 and SME9 version are able to handle the @ in pseudonyms.


Installation

Smecontribs repository for SME Server 8.0 and newer

yum install --enablerepo=smecontribs smeserver-lazy_admin_tools smeserver-userpanel smeserver-mailsorting
signal-event post-upgrade; signal-event reboot

Upgrade notes

1. If you are upgrading from a version prior to 0.7.0-1, don't forget to remove manually the old scripts. Yum will not be able to find and remove them for you.

2. As from version 0.7.0-1 the arguments for lat-groups have changed. Please refer to 'man lat-groups' or to the examples in /usr/doc/lazy-admin-tools for the new format.

Usage

Each tool has its own comprehensive man page. See `man lazy-admin-tools` for an overview of the tools that have been installed.

All tools follow the same concept:

1. Arguments can be specified on the command line (--command-line), or in a file (--input-file) for batch processing.

2. If the arguments are specified on the command line, the arguments must be between quotes (e.g. -c="foo | bar | baz")

3. Most tools recognize the wildcards * and ? in the first argument (e.g -c="foo* | bar | baz").

4. See the various examples in /usr/doc/lazy-admin-tools for the format of the input file.

Easy Scripting

The purpose is to made an easy and quick script to play with the lazzy admin tools when you want to add a user

nano script-lazy


#!/bin/bash

read -p "set the  login (mandatory field)         : " login

read -p "set the firstname (mandatory field)      : " firstname

read -p "set the lastname (mandatory field)       : " lastname

read -p "set the password                         : " password

read -p "set the first group                      : " group1

read -p "set the second group                     : " group2

read -p "set the Limit with grace period (M or G) : " quota1

read -p "set the Absolute limit          (M or G) : " quota2

lat-users -a -c "$login|$firstname|$lastname|$password|||||||||$group1|$group2"
lat-quota -c "$login|$quota1|$quota2"

read -p "Do you want to launch it again, then type enter, else ctrl+c: "

/usr/bin/script-lazy

Or this one if you want to have some default values.

#!/bin/bash

read -p "set the  login (mandatory field)         : " login

read -p "set the firstname (mandatory field)      : " firstname

read -p "set the lastname (mandatory field)       : " lastname

read -p "set the password                         : " password

group1='bpa_tap_adultes'
group2='eleves'
quota1='150M'
quota2='152M'

lat-users -a -c "$login|$firstname|$lastname|$password|||||||||$group1|$group2"
lat-quota -c "$login|$quota1|$quota2"

read -p "Do you want to launch it again, then type enter, else ctrl+c: "

/usr/bin/script-lazy

Then

chmod 755 script-lazy
mv script-lazy /usr/bin

to launch the script then do

script-lazy

As you can see this is a quick example of what you can do with this contribs, you can take this as an example for all your needs.

Server Migration

Migrate user accounts to a new server

Perhaps your SME server was first installed in 2005 or earlier, and has suffered at your hands over the years as you tested add-ons, contribs, and procedures.

The time has come to start fresh -- but you don't want to have to reconfigure all of your users' computers, phones, tablets, etc.

Using Lazy Admin Tools, you can migrate your user accounts to a shiny new server -- with their existing passwords. Transferring their existing email folders is also relatively simple.

Assumptions:

  • Existing SME server legacySME
    • ssh access enabled using port xxx
    • IP address is legacySME_IP
  • Existing or newly installed SME server newSME
    • use the same domain name that was used by legacySME
    • disable DHCP

Results:

  • User accounts and passwords from legacySME will be created on newSME
(optionally transfer user files and email)
  • Users' devices will have access to email on newSME without any reconfiguration


1. On legacySME
Create Lazy Admin Tools backup files
mkdir /root/lat
cd /root/lat
lat-dump -d
2. On newSME
Copy the files from legacySME
(scp uses an uppercase "P" to specify the ssh port number)
mkdir /root/lat
scp -P xxx root@legacySME_IP:/root/lat/* /root/lat
Restore the user accounts and passwords from legacySME on newSME
lat-dump from legacySME created a file called lat-restore that shows the commands required to restore everything that was backed up. To create the user accounts from legacySME on newSME you need to run the lat-users and lat-shadow commands. The commands below will execute these two commands, but you could also review the contents of lat-restore and run these two commands manually.
$(grep lat-users lat-restore)
$(grep lat-shadow lat-restore)
Optional - transfer users' files (including email)
The commands below will transfer all of the user files and email from legacySME to newSME
(ssh uses a lowercase "p" when specifying the port number)
# get the user files and folders from the old server
rsync -rltzq -e "ssh -p xxx" "root@legacySME_IP:/home/e-smith/files/users/" "/home/e-smith/files/users/"
#
# fix file ownership for all users
cd /home/e-smith/files/users
for f in *; do chown -R $f:$f $f; done
3. Cleanup
  • On legacySME
    • Turn it off and disconnect it
    or
    • Run su admin and:
      • Change the hostname
      • Change the IP address
      • Disable DHCP (if it is enabled)
  • On newSME
    • Run su admin and:
      • Change the hostname to legacySME (the original name of the old server)
      • Change the IP address to legacySME_IP
      • Enable DHCP (if it was enabled on legacySME)
  • Other Considerations
    • SSL Certificates
    If you had a commercial or LetsEncrypt certificate on legacySME, you will need to set it up on the new server, too.
    • Repeated data transfers
    The rsync command shown above does *not* delete files from newSME that have been deleted from legacySME. If you choose to do the process above, test the new server, then repeat the data transfer -- your users will see some emails returned to their inbox that they had filed or deleted. To prevent this, add "-delete-before" to the rsync command:
    rsync -rltzq -delete-before -e "ssh -p xxx" "root@legacySME:/home/e-smith/files/users/" "/home/e-smith/files/users/"
    • legacySME vs legacySME_IP
    Since newSME is using the same domain name as legacySME, it will not find legacySME by name unless you add it in server-manager as a host. If you do that, you'll also have to delete that entry before renaming newSME at the end. It is easier to use the legacySME_IP for scp and rsync.

Forum References


Known issues

Users from SME 8.0

In issue lat tools on SME 9.2, gsimpson reporte that user accounts on the new SME server were locked and needed the password reset. mmccarn replied that running the following resolved the issue.

# force password restore from SME 8.2
cd /root/lat-dump
/usr/sbin/lat-shadow -a -i=mail.shadow -f
signal-event post-upgrade; signal-event reboot

Large user database

it has been reported that large user imports might be really long ( 60s per user in SME server already containing 4000 users) (see bugzilla:7545). This script is using sme internal processing. The purpose of doing so is to do everything that is included by other contribs.

S95ldap-update-simple is called with user-modify user-create, group-modify and group-create events. S56update-domain-group-maps is called with the same events. These events allow also the full creation of the user, but have the adverse effect to be really long during large user importation.

A workaround to avoid this could be to: - disable ldap in the db configuration during the import (if you have not enable ldap auth) - or temporally remove the link inside the events to this two scripts and create them back after import.

and revert back theses change after importation and then running the signal event once (user-modify)


Man page are not up to date

Some update is needed for lat-users, lat-procmail and lat-shadow. First is missing -n option, second is stating -a option that in fact does not exist, and third is not working. see Bugzilla:7702

Bugs

Please raise bugs under the SME-Contribs section in bugzilla and select the e-smith-lazy_admin_tools component or use this link .


IDProductVersionStatusSummary (4 tasks)
12419SME Contribs10.0UNCONFIRMEDlat-users error "The user ID should be greater or equal to 5025"
12352SME Contribs10.0CONFIRMEDInstall from git repo fails due to .gitignore file in empty directory (needed to track empty directories)
9111SME Contribs9betaUNCONFIRMEDNFR: add handling of "Comment" property in lat-hosts
8504SME Contribs8.1CONFIRMEDstopping lazy admin tools with "CTRL+C" leaves SME db buggy

Changelog

Only released version in smecontrib are listed here.

smeserver-lazy_admin_tools Changelog: SME 10 (smecontribs)
2021/06/06 Jean-Philippe Pialasse 1.1-6.sme
- add update event to prevent yum to ask for a reboot [SME: 11033]
2020/10/13 Brian Read 1.1-5.sme
- Initial import in SME10 tree [SME: 11033]
2016/03/07 JP Pialasse 1.1-4.sme
- fix error in lat pseudonym, missing character [SME: 5423]

2016/02/09 stephane de Labrusse 1.1-3.sme
- Roll new rpm for sme9

- Bug 8503, 8500, 7731, 7706 are imported but not tested
2014/07/29 JP PIALASSE 1.1.-3.sme
- fix lat-users delete too long due to groups [SME: 8503]