Jammy's Paradise: 201210

2012-10-23

ITM Agent Owner由ROOT轉換為Normal User

啟用ITM Agent的Owner預設會是由root所持有，但使用者不希望當Agent發生異常時，需要透過root才能重新啟動Agent的服務，因此經由IBM工程師給的建議和執行程序，我將它簡單的編譯成Script，主要還是方便透過這支Script來修改多台系統的配置，程序如下：

#!/usr/bin/perl -w
use strict;
##################################################
## Target: ##
## transfer itm agent owner to normal user ##
## ##
## 1.chown -R seadm:se /opt/IBM/ITM/ ##
## 2.chmod -R o-rwx /opt/IBM/ITM/ ##
## 3./opt/IBM/ITM/bin/SetPerm.sh ##
## 4./opt/IBM/ITM/bin/UpdateAutoRun.sh ##
## 5./opt/IBM/ITM/bin/itmcmd agent stop all ##
## 6.Disable ux agent under /etc/rc.itm1 ##
## 7./etc/rc.itm1 ##
## ##
## Date: 2012/10/22 ##
## Ver: 1.2 ##
## Author: Jammy Yu ##
##################################################

## Initial setup
my $command;
my $source_dir = '/tmp';
my $env_dir = '/etc';
my $itm_dir = '/opt/IBM/ITM';
my $user = 'seadm';
my $group = 'se';
my $time = `date +%Y-%m-%d_%H:%M:%S`;

##################################################
## 0. Initial test ##
##################################################
print"Transfer agent owner from root to $user has Step0~7:\n";
print"-" x 52,"\n";
print"step0...Initial check\t\t\t";
if (!-e "$itm_dir") {
print "Please check itm has been installed first!\n";
exit 1;
}
if (!-e "$source_dir/agent_owner_transfer_SetPerm") {
print "Please check agent_owner_transfer_SetPerm file has been under $source_dir dir!\n";
exit 1;
}
print"OK!\n";

##################################################
## 1.chown -R seadm:se /opt/IBM/ITM/ ##
##################################################
print"step1...Chown -R $user:$group /opt/IBM/ITM/\t";
$command = "/usr/bin/chown -R $user:$group $itm_dir";
`$command`;
print"OK!\n";

##################################################
## 2.chmod -R o-rwx /opt/IBM/ITM/ ##
##################################################
print"step2...Chmod -R o-rwx /opt/IBM/ITM/\t";
$command = "/usr/bin/chmod -R o-rwx $itm_dir";
`$command`;
print"OK!\n";

##################################################
## 3./opt/IBM/ITM/bin/SetPerm ##
##################################################
print"step3...Running SetPerm.sh\t\t";
if (-e "$itm_dir/bin/SetPerm")
{
$command = "/usr/bin/cp -f $itm_dir/bin/SetPerm $itm_dir/bin/SetPerm.bak_$time";
`$command`;
$command = "/usr/bin/cp -f $source_dir/agent_owner_transfer_SetPerm $itm_dir/bin/";
`$command`;
$command = "$itm_dir/bin/agent_owner_transfer_SetPerm";
`$command`;
}
else
{
$command = "/usr/bin/cp -f $source_dir/agent_owner_transfer_SetPerm $itm_dir/bin/";
`$command`;
$command = "$itm_dir/bin/agent_owner_transfer_SetPerm";
`$command`;
}
print"OK!\n";

##################################################
## 4./opt/IBM/ITM/bin/UpdateAutoRun.sh ##
##################################################
print"step4...Running UpdateAutoRun.sh\t";
$command = "$itm_dir/bin/UpdateAutoRun.sh";
`$command`;
print"OK!\n";

##################################################
## 5./opt/IBM/ITM/bin/itmcmd agent stop all ##
##################################################
print"step5...Stop itm agent\t\t\t";
$command = "$itm_dir/bin/itmcmd agent stop all >/dev/null 2>&1";
`$command`;
print"OK!\n";

##################################################
## 6.Disable ux agent under /etc/rc.itm1 ##
##################################################
print"step6...Disable ux agent line\t\t";
if (-e "$env_dir/rc.itm1")
{
$command = "/usr/bin/cp -f $env_dir/rc.itm1 $env_dir/rc.itm1.bak_$time";
`$command`;
}

open(TMP, "$env_dir/rc.itm1.bak_$time") || die "$!\n";
open(FHD, "> $env_dir/rc.itm1") || die "$!\n";

while ( <TMP> )
{
chomp;
if ( /ux/ )
{
$_ =~ s/$_/#$_/;
print FHD "$_\n";
}
else
{
print FHD "$_\n";
}
}

close(FHD);
close(TMP);

print"OK!\n";

##################################################
## 7.re-execute /etc/rc.itm1 ##
##################################################
print"step7...Running /etc/rc.itm1\t\t";
$command = "$env_dir/rc.itm1";
`$command`;
print"OK!\n";
print"-" x 52,"\n";

2012-10-13

透過Silent Install的模式進行ITM Agent的安裝和配置

當需要安裝ITM Agent數量變多的時候，我們可能會希望讓系統自行安裝和配置，甚至於順便啟動服務。

下列提供的作法共分為七個步驟，分別是：

1.安裝Unix OS Agent、AIX Premium Agent和Unix LOG Agent
2.將原先kul_config檔案備份並將定義好的kul_config檔案拷貝至/opt/IBM/ITM/config目錄下
3.檢查Unix LOG Agent欲檢查的目錄及檔案是否存在
4.將原先syslog.conf檔案備份並將定義好的syslog.config檔案拷貝至/etc目錄底下
5.重新啟動syslog daemon
6.將ITM Agent安裝檔刪除
7.僅啟動AIX Premium和Unix LOG Agent，故必須把Unix OS Agent自動帶起服務的項目先Disable

#!/usr/bin/perl -w
use strict;
##################################################
## Target ##
## 1.Install & Config ul,ux,px agent ##
## 2.Replace ITM config file:kul_configfile ##
## 3.Check directory and files for ul agent ##
## 4.Replace syslog entry to /etc/syslog.conf ##
## 5.Start syslogd but ITM agent ##
## 6.Delete temp ul ux px agent directory ##
## 7.Disable ux agent from /etc/rc.itm1 file ##
## ##
## Date: 2012/10/12   ##
## Ver: 1.7   ##
## Author: Jammy Yu ##
##################################################

## Initial setup
my $source_dir = '/TWSE';
my $install_dir = '/opt/IBM/ITM';
my $env_dir = '/etc';

## Package source
my %agent_relation = (
"ux" => "$source_dir/ITM_V6.2.3_Agent_Multiplatform",
"ul" => "$source_dir/ITM_V6.2.3_Agent_Multiplatform",
"px" => "$source_dir/ITM_Agents_SystemP_V6.2.2",
);

## LOG record
open(LOG, ">$source_dir/agent_install.log") || die "$!\n";

## Start Program
my $start_time = `date +%Y-%m-%d_%H:%M:%S`;

print LOG "Program start time:$start_time\n";

##################################################
## 1.Install & Config ul,ux,px agent   ##
##################################################
while (my ($agent_name, $agent_source_dir) = each (%agent_relation))
{
## Check source agent directory
if (!-e "$agent_source_dir")
{
print"ERROR: Please check source agent directories are aready under the $source_dir directory\n";
exit 1;
}
## Chmod agent Directory
`chmod -R 777 $agent_source_dir`;
print LOG "Chmod agent Directory:$agent_source_dir to 777\n";
## Install agent
`$agent_source_dir/install.sh -q -h $install_dir -p $agent_source_dir/$agent_name\_silent_install.txt`;
print LOG "Install agent name:$agent_name,\t Source agent dir:$agent_source_dir\n";

## Config agent
`$install_dir/bin/itmcmd config -A -p $agent_source_dir/silent_config.txt $agent_name`;
print LOG "Config agent name:$agent_name\n";
}
print LOG "-" x 80,"\n";

##################################################
## 2.Replace /opt/IBM/ITM/config/kul_configfile   ##
##################################################
my $itmconfig_dir = '/opt/IBM/ITM/config';
my $command;
if (-e "$itmconfig_dir/kul_configfile")
{
$command = "/usr/bin/mv $itmconfig_dir/kul_configfile $itmconfig_dir/kul_configfile.bak_$start_time";
`$command`;
$command = "/usr/bin/cp -f $source_dir/kul_configfile $itmconfig_dir/kul_configfile";
`$command`;
$command = "/usr/bin/chmod 777 $itmconfig_dir/kul_configfile";
`$command`;
}
else
{
$command = "/usr/bin/cp -f $source_dir/kul_configfile $itmconfig_dir/kul_configfile";
`$command`;
$command = "/usr/bin/chmod 777 $itmconfig_dir/kul_configfile";
`$command`;
}

##################################################
## 3.check directory and files for ul agent ##
##################################################
my %file_relation = (
"/var/log/syslog/critical_files" => "D",
"/var/log/syslog/auth_files" => "D",
"/var/log/syslog/user_files" => "D",
"/var/log/syslog/sftp_files" => "D",
"/var/log/syslog/critical" => "F",
"/var/log/syslog/auth" => "F",
"/var/log/syslog/user" => "F",
"/var/log/syslog/sftp" => "F",
);

while (my ($path, $type) = each (%file_relation))
{
=cut
## Build directory and files
if ( $type eq 'D' )
{
build_dir($path);
}
elsif ( $type eq 'F' )
{
build_file($path);
}
=cut
## Check directory and files
if (-e "$path" )
{
print LOG "Type:$type,PATH:$path\t check: Exist!\n";
}
else
{
print LOG "Type:$type,PATH:$path\t check: Doesn't Exist!\n";
}
}
print LOG "-" x 80,"\n";

##################################################
## 4.Replace syslog entry to /etc/syslog.conf   ##
##################################################
if (-e "$env_dir/syslog.conf")
{
$command = "/usr/bin/cp -f $env_dir/syslog.conf $env_dir/syslog.conf.bak_$start_time";
`$command`;
$command = "/usr/bin/cat $source_dir/syslog_build.config > $env_dir/syslog.conf";
`$command`;
}
else
{
$command = "/usr/bin/touch $env_dir/syslog.conf";
`$command`;
$command = "/usr/bin/cat $source_dir/syslog_build.config > $env_dir/syslog.conf";
`$command`;
}

##################################################
## 5.Start syslogd but ITM agent   ##
##################################################
=cut
`$install_dir/bin/itmcmd agent start px`;
`$install_dir/bin/itmcmd agent start ul`;
=cut

`/usr/bin/stopsrc -s syslogd`;
`/usr/bin/startsrc -s syslogd`;

## Agent status
my $agent_status = `$install_dir/bin/cinfo -r`;
print LOG "ITM install agent status:$agent_status\n";
print LOG "-" x 80,"\n";
my $agent_status = `$install_dir/bin/cinfo -i`;
print LOG "ITM install package:$agent_status\n";
print LOG "-" x 80,"\n";
my $agent_status = `ps -ef | grep syslogd | grep -v grep`;
print LOG "Syslog daemon status:$agent_status\n";
print LOG "-" x 80,"\n";

##################################################
## 6.Delete temp ul ux px agent directory ##
##################################################
my $host = `hostname`;
chomp($host);

if ($host ne "WKLPAR")
{
opendir(DIR, "$source_dir") || die "Can't open dir\n";
while( defined(my $filename = readdir(DIR)) )
{
next if ($filename eq '.' || $filename eq '..');

if (-d "$source_dir/$filename")
{
`rm -rf "$source_dir/$filename"`;
print LOG "Delete directory:$source_dir/$filename\n";
}
}
close(DIR);
}

## End Program
my $end_time = `date +%Y-%m-%d_%H:%M:%S`;
print LOG "Program end time:$end_time\n";

close(LOG);

##################################################
## 7.Disable ux agent from /etc/rc.itm1 file ##
##################################################
if (-e "$env_dir/rc.itm1")
{
$command = "/usr/bin/cp -f $env_dir/rc.itm1 $env_dir/rc.itm1.bak_$start_time";
`$command`;
}

open(TMP, "$env_dir/rc.itm1.bak_$start_time") || die "$!\n";

open(FHD, "> $env_dir/rc.itm1") || die "$!\n";

while ( <TMP> )
{
chomp;
if ( /ux/ )
{
$_ =~ s/$_/#$_/;
print FHD "$_\n";
}
else
{
print FHD "$_\n";
}
}

close(FHD);

close(TMP);

##################################################
## Subroutine    ##
##################################################
sub build_dir
{
my $directory = shift;
my $command;

if (-e $directory)
{
$command = "/usr/bin/mv $directory $directory.bak_$start_time";
`$command`;
$command = "/usr/bin/mkdir -p $directory";
`$command`;
}
else
{
$command = "/usr/bin/mkdir -p $directory";
`$command`;
}

return;
}

sub build_file
{
my $file = shift;
my $command;
if (-e $file)
{
$command = "/usr/bin/mv $file $file.bak_$start_time";
`$command`;
$command = "/usr/bin/touch $file";
`$command`;
}
else
{
$command = "/usr/bin/touch $file";
`$command`;
}

return;
}

2012-10-02

大量修改Crontab Job

當修改多台機器或多個使用者的crontab時，若時間充裕的狀態下，我們可能一台一台主機登入並一一對每個使用者的crontab去做修改，但同時要改9x台主機或多個使用者的話，應該不會想用徒手煉鋼的方式去完成此任務，因此透過每個使用者已預先埋好的ssh key，我們可透過下列這支Script順利完成：

P.S.前提是至少要有三個配置檔，crontab_ssh_host、crontab_ssh_user和crontab_user1，配置檔內容如底端範例所示。

#!/usr/bin/perl -w
use strict;
##################################################
## Target: Deploy cron Job to each host and user##
## ##
## Date: 2012/10/01 ##
## Ver: 1.0 ##
## Author: Jammy Yu ##
##################################################

## Initial setup
my $program_dir = '/tmp/deploy_cronjob';
my $cron_dir = '/var/spool/cron/crontabs';
my @host;
my @user;
my @user_crontab;

## Load host name
open(HOST, "$program_dir/crontab_ssh_host.txt") || die "ERROR:Can't open host file\n";
while ( <HOST> )
{
chomp;
next if /^\s+/;
next if /^#/;
push(@host, $_);
}
close(HOST);

## Load user name
open(USER, "$program_dir/crontab_ssh_user.txt") || die "ERROR:Can't open user file\n";
while ( <USER> )
{
chomp;
next if /^\s+/;
next if /^#/;
push(@user, $_);
}
close(USER);

## Calculate the number of user's crontab job
opendir(DIR, "$program_dir") || die "ERROR:Can't open program dir\n";
while( defined( my $filename = readdir(DIR) ) )
{
next if ($filename eq '.' || $filename eq '..');
next if ($filename eq 'crontab_ssh.pl');
next if ($filename eq 'crontab_ssh1.pl');
next if ($filename eq 'crontab_ssh_host.txt');
next if ($filename eq 'crontab_ssh_user.txt');
push(@user_crontab, $filename);
}
close(DIR);

##################################################
## Deploy the crontab job task to each host ##
##################################################
if (@user_crontab == @user)
{
foreach my $host (@host)
{
scp_key($host);

foreach my $user (@user)
{
`/usr/bin/scp $program_dir/crontab_$user root@"$host":$cron_dir/$user`;
`ssh root@"$host" chown root:cron $cron_dir/$user`;
`ssh root@"$host" chmod 600 $cron_dir/$user`;
}
}
}
else
{
print "ERROR:defined users from crontab_ssh_user.txt and defined crontab_\$user counters are not the same\n";
exit 1;
}

sub scp_key
{
my $target_host = shift;
my $tmp_dir = '/tmp';
my $command;
$command = "/usr/bin/cat ~/.ssh/id_rsa.pub > $tmp_dir/key";
`LANG=C $command`;
$command = "/usr/bin/scp -q $tmp_dir/key root\@$target_host:~/.ssh/authorized_keys2";
`LANG=C $command`;
$command = "/usr/bin/rm $tmp_dir/key 2>/dev/null";
`LANG=C $command`;

return($target_host);
}

================================================================

crontab_ssh_host檔案內容格式：

## Insert the host name or IP address

10.199.131.238

10.199.131.239

================================================================

crontab_ssh_user檔案內容格式：

## Insert the user name

tommy

jammy

================================================================

crontab_user1檔案內容格式：

45 2 * * 0 /usr/lib/spell/compress

45 23 * * * ulimit 5000; /usr/lib/smdemon.cleanu > /dev/null

================================================================

crontab_user2檔案內容格式：

45 2 * * 0 /usr/lib/spell/compress

================================================================