DEBUG=1 # Print all debug lines if DEBUG = 1 sub print_debug() { if test "$DEBUG" -eq 1 then echo $@ fi } sub print_usage() { echo "$PROGRAM <user_list> <role_list>\n" echo " user_list - Colon-delimited list of users to add" echo " role_list - Colon-delimited list of roles to add\n" exit 1 } sub get_workspace_IDs() { CUR_ROLE=$1 if test -z "$CUR_ROLE" then echo "Error: No role passed to $0." exit 1 fi # Template group print_debug "Getting Workspace IDs for $role." SERVER_WS_ID=`blcli -i ~/.bladelogic/.user/user_info_$CUR_ROLE.dat ServerGroup groupNameToId "/Workspace"` COMPONENT_WS_ID=`blcli -i ~/.bladelogic/.user/user_info_$CUR_ROLE.dat TemplateGroup groupNameToId "/Workspace"` DEPOT_WS_ID=`blcli -i ~/.bladelogic/.user/user_info_$CUR_ROLE.dat DepotGroup groupNameToId "/Workspace"` JOB_WS_ID=`blcli -i ~/.bladelogic/.user/user_info_$CUR_ROLE.dat JobGroup groupNameToId "/Workspace"` print_debug "Server Workspace Group ID is $SERVER_WS_ID." print_debug "Component Workspace Group ID is $COMPONENT_WS_ID." print_debug "Depot Workspace Group ID is $DEPOT_WS_ID." print_debug "Job Workspace Group ID is $JOB_WS_ID." } sub create_user_workspaces() { CUR_ROLE=$1 CUR_USER=$2 # Create workspace depot, component, and job groups for each # role to which the user belongs print_debug "Creating Workspace groups for $CUR_USER..." # Server group RESULT=`blcli -i ~/.bladelogic/.user/user_info_$CUR_ROLE.dat StaticServerGroup createServerGroup "$CUR_USER" "$SERVER_WS_ID"` print_debug "Server group creation: $RESULT." # Component group RESULT=`blcli -i ~/.bladelogic/.user/user_info_$CUR_ROLE.dat TemplateGroup createTemplateGroup "$CUR_USER" "$COMPONENT_WS_ID"` print_debug "Component group creation: $RESULT." # Depot group RESULT=`blcli -i ~/.bladelogic/.user/user_info_$CUR_ROLE.dat DepotGroup createDepotGroup "$CUR_USER" "$DEPOT_WS_ID"` print_debug "Depot group creation: $RESULT." # Job group RESULT=`blcli -i ~/.bladelogic/.user/user_info_$CUR_ROLE.dat JobGroup createJobGroup "$CUR_USER" "$JOB_WS_ID"` print_debug "Job group creation: $RESULT." } # Parse out users list (assume colon-delimited format) PROGRAM=$0 USER_LIST=$1 ROLE_LIST=$2 PUSH_ACLS=$3 print_debug "ACL Push: $PUSH_ACLS" # Create a file for listing ACL hosts SERVER_LIST="/usr/nsh/tmp/server_list$$" rm -f $SERVER_LIST touch $SERVER_LIST if test -z $USER_LIST then echo "Error: No users defined." print_usage fi if test -z $ROLE_LIST then echo "Error: No roles defined." print_usage fi USER_LIST=`echo $USER_LIST | sed -e s/\:/\ /g` print_debug "User list is $USER_LIST" ROLE_LIST=`echo $ROLE_LIST | sed -e s/\:/\ /g` print_debug "Role list is $ROLE_LIST" # First add the users to RBAC foreach user in $USER_LIST do USER_EXISTS=`blcli RBACUser isUserExists $user` if test "$USER_EXISTS" = "true" then echo "Warning: user $user already exists. Skipping to next user (if applicable)." else desc="$user" password="${user}_123" print_debug "Adding user: $desc" print_debug "Password: $password" RESULT=`blcli RBACUser createUser $user $password $desc` print_debug "Result of creating $user: $RESULT." fi done foreach role in $ROLE_LIST do # Assumes that "Workspace" groups exist on all tabs (except Servers) print_debug "Getting root Workspace groups for $role." get_workspace_IDs $role foreach user in $USER_LIST do if test "$USER_EXISTS" = "true" then echo "Warning: user $user already exists. Skipping to next user (if applicable)." else # Add user to the appropriate roles echo "Adding $user to $role." RESULT=`blcli RBACUser addRole "$user" "$role"` print_debug "Result of adding $user to $role: $RESULT." # Create user workspaces print_debug "Adding $user workspace to $role." create_user_workspaces $role $user fi done if test "$PUSH_ACLS" = "true" || test "$PUSH_ACLS" = "TRUE" then # List servers in role and add to master server list (for ACL pushing) SERVERS=`blcli -i ~/.bladelogic/.user/user_info_$role.dat Server listAllServers` foreach server in $SERVERS do # If the server's not already on the list, then add it if test "`cat $SERVER_LIST | grep -q $server`" -ne 0 then cat $server >> $SERVER_LIST fi done fi done # Push ACLs to necessary servers (if requested) if test "$PUSH_ACLS" = "true" || test "$PUSH_ACLS" = "TRUE" then foreach server in `cat $SERVER_LIST` do echo "Push ACLs to $server." SERVER_ID=`blcli Server getServerIdByName $server` print_debug "ID for $server: $SERVER_ID" RESULT=`blcli Resource requestAgentPushAcl $SERVER_ID` print_debug "Result of ACL push to $server: $RESULT." done fi rm -r $SERVER_LIST
自动添加用户到RBAC
猜你喜欢
转载自bladelogic.iteye.com/blog/1700886
今日推荐
周排行