#! /bin/sh # # GRIDADM=gridadm CERTSTORE=/global/globussrc/local/certs GLOBUS_INSTALL_PATH=/global/globus/globus-gsialpha4 export GLOBUS_INSTALL_PATH gsiroot=/etc/grid-security globusroot=/opt/globus exec= print_items() { echo " *** Check the following items ***" echo " - globus-services.conf: contains proper job manager(s) for $host" echo " - grid-info-hosts.conf: has host been added" echo " - globus-gatekeepers.conf: daemon of inetd set properly" echo " - GIIS: is $host to be the GIIS host (has CNAME been reset)" } case "$#" in 2 ) ;; * ) echo "Usage: $0 [prepare|deploy|postdeploy|getcerts] host" >&2 echo "" echo " Perform the steps above in mentioned order. Prepare the" echo " Globus install tree at $GLOBUS_INSTALL_PATH first, with" echo " relevant information in these files:" echo "" print_items >&2 echo "" echo " After the postdeploy step, get gatekeeper and host certs signed" exit 1 ;; esac cmd="$1" host="$2" case "$cmd" in prepare ) has_globus=`rsh $host 'test -d '$globusroot' ; echo $?'` has_gsi=`rsh $host 'test -d '$gsiroot' ; echo $?'` echo "$has_globus gsi: $has_gsi" if [ $has_gsi -eq 1 ]; then rsh $host "$exec mkdir $gsiroot ; $exec chown root:root $gsiroot; $exec chmod 755 $gsiroot" echo "GSI directory created successfully" else echo "GSI directory ALREADY existed, please prepare by hand ($has_gsi)" >&2 fi if [ $has_globus -eq 1 ]; then rsh $host "$exec mkdir $globusroot ; \ $exec chown gridadm:ices $globusroot ; \ $exec chmod 755 $globusroot" echo "Globus directory created successfully" else echo "Globus directory ALREADY existed" >&2 echo "please prepare by hand ($has_globus)" >&2 fi ;; deploy ) print_items echo "" echo "Press enter to approve or break to cancel" read x rsh $host "su $GRIDADM -c \"setenv \ GLOBUS_INSTALL_PATH $GLOBUS_INSTALL_PATH; \ cd $GLOBUS_INSTALL_PATH; \ /bin/pwd; \ $exec ./sbin/globus-local-deploy $globusroot\" " ;; postd* ) has_globus=`rsh $host 'test -d '$globusroot/etc' ; echo $?'` has_gsi=`rsh $host 'test -d '$gsiroot' ; echo $?'` if [ $has_globus -eq 1 -o $has_gsi -eq 1 ]; then echo "Host $host has no GSI or deployed globus" >&2 exit 1 fi rsh $host "test -h $globusroot/etc/globus-gatekeeper.key -o -f $gsiroot/globus-gatekeeper.key || $exec mv \ $globusroot/etc/globus-gatekeeper.request \ $globusroot/etc/globus-gatekeeper.key \ $globusroot/etc/globus-gatekeeper.cert \ $gsiroot/ ; \ $exec chown root:root \ $gsiroot/globus-gatekeeper.key \ $gsiroot/globus-gatekeeper.request \ $gsiroot/globus-gatekeeper.cert \ $globusroot/sbin \ $globusroot/sbin/globus-gatekeeper-controller \ $globusroot/sbin/globus-gatekeeper \ $globusroot/libexec \ $globusroot/libexec/globus-k5 \ $globusroot/etc \ $globusroot/etc/globus-services \ $globusroot/etc/globus-gatekeeper.conf ; \ $exec rm -f $globusroot/etc/grid-mapfile ; \ test -d $globusroot/share/certificates.original || \ $exec mv $globusroot/share/certificates \ $globusroot/share/certificates.original ; \ test -h $globusroot/share/certificates || $exec \ ln -s $gsiroot/certificates $globusroot/share/ ; \ test -h $gsiroot/certificates || $exec \ ln -s /global/globus/share/certificates $gsiroot/ ; \ $exec ln -s $gsiroot/globus-gatekeeper.key $globusroot/etc/ ; \ $exec ln -s $gsiroot/globus-gatekeeper.cert $globusroot/etc/ ; \ $exec ln -s $gsiroot/grid-mapfile $globusroot/etc/ ; \ $exec ln -s $gsiroot/globus-gatekeeper.request $globusroot/etc/ ; \ " echo "Gatekeeper stuff moved successfully" echo "Make sure to login and get the cert request" ;; getcerts ) STOR=$CERTSTORE/grid-security.$host.tar if [ -f $STOR ]; then echo "ERROR: tar backup for $host already exists in $CERTSTORE" >&2 exit 1 fi has_gsi=`rsh $host 'test -d '$gsiroot' ; echo $?'` if [ $has_gsi -eq 1 ]; then echo "Host $host has no GSI structures" >&2 exit 1 fi rsh $host "cd $gsiroot ; tar cf - ." > $STOR chown root:root $STOR chmod 400 $STOR chmod 700 $CERTSTORE ls -ldag $STOR $CERTSTORE ;; * ) echo "Unknown command $cmd" >&2 exit 1 ;; esac