Program: USER02info.ksh
This script gathers user and group information from
each AIX server and inserts this information into
the MYSQL CMDB test database running on mtxdoc.
Usage: USER02info.ksh [-v] [-a] [-m machineName]
Where '-v' = Verbose mode.
'-a' = Gather user/group information from all
servers defined in the CMDB Server table
whose Operating System is defined as AIX.
'-m' = Requires a single argument specifying
the IP name of a machine from which to
gather user/group information.
"AutoContent" enabled
Description:
This program gathers user and group information from AIX
servers, builds the appropriate SQL statements, then deletes
and inserts records into the MYSQL CMDB test database running
on mtxdoc.mtxia.com
The information gathered includes user names, UID numbers,
primary group name, secondary groups, and all GID numbers.
The user information includes the database record number of the
server on which the user is configured, the user name, UID number,
gecos information, home directory, shell, login status,
rlogin status, and whether or not the account is locked.
The group information includes the database record number of the
server on which the group is configured, the group name, and
GID number.
Each user is configured as a member of at least one group. Each
group to which a user is a member is identified as either the
primary or secondary group. Only one group per user can be
identified as primary, all other groups are secondary.
Assumptions:
This program assumes there is a script called "mysql.sh" in
the current directory. This script is expected to accept SQL
statements through standard input and perform all MYSQL database
communications.
The database tables User02, Group02, and UserGroup02 are
assumed to already exist in the MYSQL database and are configured
appropriately to accept the following fields -
User02: server_id, name, uid, gecos, shell, login, rlogin, locked
Group02: server_id, name, gid
UserGroup02: server_id, user_id, group_id, grouptype
See the database schema for further explanation of these fields.
Dependencies:
This script uses "rsh" to run commands on each machine that
generate the user and group information. The user running this
script must have "rsh" access to all machines for which this
script will be executed.
This script requires the "rsh" user to be a member of the
"security" group because it accesses several pieces of
information not available to normal users. Information such as
"login", "rlogin", "account_locked".
The output of the MYSQL SQL processor is a specific format and
this script is expecting the data to exist in that format. If
the SQL processor is changed, this script must be modified to
correctly interpret the output from the SQL processor.
Products:
The products of this script are modified MYSQL database tables.
This script generates the SQL statements and executes them as
it is gathering user and group information from the AIX servers.
Interrupting this script does NOT prevent the database from being
modified. The database is modified as the script gathers info.
Configured Usage:
This script is designed to be executed from the command line
or scheduled as a background process.
Details:
This script is currently configured to be executed from
a specific machine in a specific directory i.e.
mtxdoc:/home/french/mysql
This will be changed in future iterations of the script, but
for now thats just the way it is.
Check to see if the user identified a specific machine
from which to gather user and group information, or
requested the script to run gather infor for all machines.
Depending upon what the user specified, the server name
and database record number for each server is selected from
the database and output to a temporary file.
Read each server ID number and server name from the temporary
file and delete all records from the database associated with
the server. This will ensure that old or deleted user names,
group names, or group types are removed and only the current
info will exist when the script is finished.
Build a while loop to be executed on each remote machine
via "rsh" This loop will read each field of data from the
/etc/passwd file and process each field. The loop is used
to extract additional information for each user not contained
within the /etc/passwd construct. This information includes
the login status, rlogin status, account locked status, the
primary and secondary group. The group information is obtained
using the 'id' command. The information gathered for each
user and an executeable line of information is built. This
executable line is constructed to define several shell variables -
uname, ugecos, uhome, ushell, login, rlogin, account_locked
and several variables as returned by the 'id' command.
A ping test is performed to determine if the target machine
is network accessible. If it can not be pinged, it is skipped.
If the ping test is successful, the previously built while
loop command is executed on the remote machine. The result of
the while loop is a series of executable korn shell statements.
These statements are redirected to a temporary file and will
be read and executed one line at a time.
Some processing of the while loop output is required. The id
command output contains opening and closing parenthesis, and
are substituted with colon ':' characters, which will be
interpreted later as field separators.
In order to suppress the special meaning of the whitespace
characters, double quotes are inserted into the line at various
locations. A double quote character is inserted after each
equal sign '='. A double quote character followed by a semi-
colon is inserted after each space character to designate the
end of the value and the beginning of the next variable assignment.
The end of each line is terminated with a double quote to end
the open quote associated with the last variable assignment
on the line.
The 'id' command returns the list of secondary groups to which a
user belongs formatted as follows -
groups=2(bin),3(sys),7(security),8(cron)...
In a previous substitution, the open/close parenthesis were
replaced with a colon ':'. To ensure the data is formatted properly
for processing, a substitution is performed to replace a colon ':'
followed by either a double quote character or a comma with
only the double quote character or comma. The colon is removed.
All user and group information has now been gathered from
a remote machine. The information has been parsed and formatted
into executable korn shell statements and stored in a temporary
file, each line containing all information for a single user.
Read each line from the temporary file and build the appropriate
SQL delete/insert statements for each database record.
Initialize the uid, gid, and groups variables at the beginning
of each loop iteration so that values from the previous
iteration are not carried forward.
Each line read from the temporary file is constructed as an
executable line of korn shell code. Execute the line using
the eval command.
After the line is executed, several shell variables will be
defined. One of these variables is called 'uid' and will
contain two pieces of information, the UID number and the
user name associated with this UID number. The fields of
the 'uid' variable are separated using a colon ':' character
and are separated into their individual components using
the korn shell deletion operators.
For the current data line, delete any existing records from
the User database table associated with this username on
the server being processed. The delete SQL statement is
piped into the MYSQL SQL interpreter for processing.
For the current data line, insert a record into the User
database table for the username currently being processed on
the server being processed. The insert SQL statement is
piped into the MYSQL SQL interpreter for processing.
Another variable containing information is called 'gid' and
contains two pieces of information, the GID number and the
group name associated with this GID number. The fields of
the 'gif' variable are separated using a colon ':' character
and are separated into their individual components using
the korn shell deletion operators.
The database record id number for this groupname on the server
currently being process is selected and saved in a shell variable.
If an database record is found, an SQL insert statement is
constructed for this groupname on the server currently
being processed. The SQL statement is piped into the
MYSQL SQL interpreter for processing.
In preparation for building the server/user/group/grouptype
associations, the database record id number for this previously
inserted username is selected and saved in a shell variable.
Also needed is the database record id number for this previously
inserted groupname, which is selected and saved in a shell variable.
Delete any existing records from the UserGroup database table
associated with this user and group on the server being
processed. The delete SQL statement is piped into the MYSQL
SQL interpreter for processing.
Insert a record into the UserGroup database table that provides
and association between each server, user, and primary group
to which the user is a member.
Now begin processing of any secondary group that may be associated
with the user. Secondary groups are contained in a shell variable
called 'groups'. Check to see if this shell variable contains
a value, if so parse the contents of the 'groups' variable into
korn shell executable statements .
Since the secondary groups associated with each user may
consist of 0 or more values, prepare an associative array
to contain the secondary group values. Begin by unsetting
the shell variable to contain the secondary groups associative
array. Unsetting the array will insure no values from other
iterations of the loop are carried forward to this iteration.
Define the associative array and build an executable korn
shell statement from the values contained in the 'groups'
shell variable.
The 'groups' shell variable may contain 0 or more values, the
values separated by commas ','. Each value may consist of
2 fields, each field separated by colon ':' characters. The
contents of the 'groups' shell variable is piped through the
sed command to reconfigure the values into korn shell executable
statements that initialize associative array values for each
secondary group.
After the executable statement is built, it is executed using
the 'eval' command. The associative array is saved for
processing until all user lines from the temporary file
have been read and processed.
This iteration of the user loop is now complete, and the
next iteration can begin.
In preparation for processing the secondary groups associated
with each user, select the database record id numbers and
user names for the server currently being processed. Loop
through each selected user saving the selected values in
shell variables.
Process the secondary groups for each user, one user at a time
by looping through the associative array containing the
secondary group names and GIDs. Create a list of group
GIDs to loop through by extracting the indices from the
associative array containing the secondary groups for this
user.
Save the secondary group name in a temporary shell variable.
In preparation for inserting the secondary groups into the
Group database table, perform a select for the group to
see if it already exists.
If the secondary group already exists in the Group database
table for the server currently being processed, delete it.
Obtain the GID number from the secondary group associative
array for user and group currently being processed.
Now, insert a record into the Group database table for this
secondary group.
In preparation for inserting a record in the UserGroup database
table, obtain the database record id number for the
secondary group that was just inserted into the Group
database table.
If a record for the secondary group already exists in the
UserGroup database table, delete it.
Insert a record into the UserGroup database table to
associate the secondary group with a user and server.
Go to the next iteration of the GID loop.
Go to the next iteration of the User loop.
Go to the next iteration of the Server loop.
Cleanup temporary files.
This file last modified 11/02/10
|
