vo-support.pl.in

#!/usr/bin/perl -w

# Copyright 2012 Stichting FOM
#
#     Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#   http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# This program implements a set of utility functions that may be
# used by packagers in the maintainer scripts (i.e. postinst),
# or by system administrator.


=head1 NAME

vo-support - manage virtual organisation configuration

=head1 SYNOPSIS

vo-support [--debug] [--confdir F<path>] [--sharedir F<path>]
{list-vos | list-modules | run-module I<module> {configure|deconfigure} I<VOs> |
configure-vo I<VOs> | deconfigure-vo I<VOs> |
add-module I<module> | remove-module I<module> }

vo-support --help


=cut

use strict;
use Getopt::Long;
use Pod::Usage;
use File::Copy;
use Site::Configuration::VO;

sub notimpl;
sub listvos;

=head1 DESCRIPTION

This utility interacts with the installed and configured Virtual Organisations (VOs)
on the system, and the special actions (triggers) that help to manage those
parts of the system that relate to them. Normally these triggers are called at
the right time by the system itself, for instance at the moment a VO package is
installed and configured, but the system administrator may choose to run them
at arbitrary times. In addition, this tool can report on the status of various
parts of the VO support system.

The VO support structure is maintained in two places:

=over

=item @datadir@/vo-support/vos/

This directory collects static information about the VOs which is not considered
site-specific or configurable. Data for any specific VO is recorded in a subdirectory
named after the VO.

Adding support for an additional VO is usually just a matter of installing an additional
package.

=item /etc/vo-support/vos/*.conf

Each configured VO has a single file named after it. For details on
the structure of these files see L<vo-config>. These files contain
site-local settings per VO, and may differ radically between sites
depending on local policies and structure.

=back

Typically each VO should be present in both locations, but configuration of a VO is
not easily automated through package management.


=cut


=head1 OPTIONS

The program accepts the following options:

=over

=item B<-d>, B<--debug>

Enter debugging mode. This generates diagnostic output to help
trace the source of difficulties.

=item B<-h>, B<--help>

This option shows the extended help text (which you are reading right
now, if you didn't find this helpful then your only hope is to read
the source code).

=item B<-c>, B<--confdir> F<directory>

Use an alternate configuration directory to look for VO configuration data.
The default is F</etc/vo-config/>. Each configured VO should have one file
in the F<vos> subdirectory named I<VO>.conf.

=item B<-s>, B<--sharedir> F<directory>

Override the static VO data directory (default is F<@datadir@/vo-support>).
For each VO there should be a subdirectory that contains VO-specific data.

=back

=cut

my $debug = 0;
my $help = 0;
my $vo = "";
my $fqan = "";
my $confdir = "";
my $sharedir = "";

GetOptions("debug" => \$debug,
	   "help" => \$help,
	   "confdir=s" => \$confdir,
	   "sharedir=s" => \$sharedir) or do {
  pod2usage("Error parsing command line options.\n");
};

if ($help) {
  pod2usage(-verbose => 2, -exitval => 0);
}

if (!$confdir) {
  $confdir = "/etc/vo-support";
}

if (!$sharedir) {
  $sharedir = "@datadir@/vo-support";
}


my $voconf = Site::Configuration::VO->new();
$voconf->confdir($confdir);

if ($debug) {
  print STDERR "Entering debugging mode.\n";
}

my $command = $ARGV[0] or do {
  pod2usage("$0 requires a command.\n");
};

shift;

=head1 COMMANDS

The program interprets the first non-option argument as the command to execute.

=cut

# The list of commands that this program understands. The keys of the
# hash are the commands as entered by the caller, the values are the names
# of the subroutines to call.
my %commands = ("list-vos" => \&listvos,
		"list-modules" => \&listmodules,
		"run-module" => \&runmodule,
		"configure-vo" => \&configurevo,
		"deconfigure-vo" => \&deconfigurevo,
		"add-module" => \&addmodule,
		"remove-module" => \&removemodule
	       );

if (! defined $commands{$command}) {
  print STDERR "Command '$command' is unknown.\n";
  exit 1;
}

if ( &{$commands{$command}}(@ARGV) ) {
  exit 0;
} else {
  exit 1;
}


=head2 list-vos

List installed and configured virtual organisations. This briefly lists the directories
in

    @datadir@/vo-support/vos/

and the .conf files in

    /etc/vo-support/vos

=cut

# List all the VO
sub listvos {
  # list all the VOs in /usr/share/vo-support/vos
  my @installedvos = <$sharedir/vos/*>;
  print "Installed VOs in $sharedir/vos/\n\n";
  for my $vodir (@installedvos) {
    if (-d $vodir) {
      $vodir =~ m{.*/([^/]*)};
      print $1 . "\n";
    }
  }
  # list all the VOs as configured in /etc/vo-support
  my @configuredvos = <$confdir/vos/*.conf>;
  print "\nConfigured VOs in $confdir/vos/\n\n";
  for my $vo (@configuredvos) {
    $vo =~ m{.*/([^/]*).conf$};
    printf "%s\n", $1;
  }
  my @disabledvos = <$confdir/vos/*.conf-disabled>;
  print "\nDisabled VOs in $confdir/vos/\n\n";
  for my $vo (@disabledvos) {
    $vo =~ m{.*/([^/]*).conf-disabled$};
    printf "%s\n", $1;
  }
}

sub enablevo {
  my $vo = shift;
  my $conffile = "$confdir/vos/$vo.conf";
  my $conftemplate = "$sharedir/vos/$vo/$vo.conf";
  return 1 unless ! -e $conffile;

  if (-e $conffile . "-disabled") {
    move $conffile . "-disabled", $conffile or die "Move failed: $!";
    return 1;
  }
  if (-f $conftemplate) {
    copy $conftemplate, $conffile or die "Copy failed: $!";
    return 1;
  } else {
    printf STDERR "Cannot enable VO, missing configuration template %s\n",
      $conftemplate;
    return 0;
  }
}


sub disablevo {
  my $vo = shift;
  print STDERR "disabling vo $vo\n" if $debug;
  my $conffile = "$confdir/vos/$vo.conf";
  return 1 unless -e $conffile;
  move $conffile, $conffile . "-disabled" or die "Move failed: $!";
  return 1;
}


=head2 list-modules

Lists the installed modules in

    @datadir@/vo-support/modules/{available,install,remove}

=cut

sub listmodules {
  print "Installed modules:\n\n";
  for my $module (<$sharedir/modules/*>) {
    print $module =~ m{.*/modules/(.*)};
    print "\n";
  }
}



=head2 run-module I<module> {configure | deconfigure} I<VOs>

Run the specified module for given VOs.

=cut

=head2 configure-vo I<list of VOs>

=head2 deconfigure-vo I<list of VOs>

This function is used from package maintainer scripts (postinst, prerm) to
activate the support for a newly installed VO or list of VOs. Its counterpart
deconfigurevo removes the support for VOs that are about to be deinstalled.

These functions will enable/disable the VOs as well.

=over

=item enabling a VO

If the VO configuration file exists, this is a no-op.  If the
configuration file exists but is named I<VO>.conf-disabled, it is renamed
to I<VO>.conf. If no file exists, the default is copied from
@datadir@/vos/I<VO>/

=item disabling a VO

If the VO is configured, disable it by renaming the configuration file
with a '-disabled' suffix. Otherwise, this is a no-op. This will not
remove the actual configuration files of the VOs, as this could
possibly destroy manual modifications to the configuration.


=back

=cut

# Run the module on a list of VOs
# first argument is the name of the module
# second argument is the action "configure"/"deconfigure"
sub runmodule {
  my $module = shift or pod2usage("run-module: no module name was given.");
  my $action = shift or pod2usage("run-module: no action was specified.");
  die "Illegal action: $action" if $action !~ /^(de)?configure$/;
  my $modpath = "$sharedir/modules/$module";
  return 0 unless -e $modpath;
  system $modpath, $action, @_;
  return ($? >> 8 == 0); # see perldoc system; exit code needs shift 8
}


sub configurevo {
  # for each vo, enable the vo
  # for each module, run the module on all the VOs
  my @vos = @_;
  foreach my $vo (@vos) {
    enablevo $vo or return 0;
  }
  foreach my $module (<$sharedir/modules/*>) {
    $module =~ s,.*/,,;
    runmodule $module, "configure", @vos or return 0;
  }
  return 1;
}

sub deconfigurevo {
  # be lenient; non-configured VOs are silently
  # ignored by removing them from the list
  # run each module to deconfigure the given VOs
  my @vos = (); # build this list from the arguments
  foreach my $vo (@_) {
    push @vos, $vo if -e "$confdir/vos/$vo.conf";
  }
  my @modules = <$sharedir/modules/*>;
  foreach my $module (@modules) {
    $module =~ s,.*/,,;
    runmodule $module, "deconfigure", @vos or return 0;
  }
  foreach my $vo (@vos) {
    disablevo $vo or return 0;
  }
  return 1;
}

=head2 add-module I<module>

When a new vo-config module is introduced on the system, add-module
should be called to run the module for all the configured VOs on
the system. This is typically done by the post-install script of
the module's package.

=head2 remove-module I<module>

This function is the counterpart of add-module, and makes sure the
module is run for all configured VOs to deconfigure the module before
it is removed, e.g. as the prerm phase of the package maintainer
scripts. This is to make sure no configuration is left behind on
removal.

=cut


sub configuremodule {
  my $module = shift;
  my $action = shift; # configure or deconfigure
  # find all the configured VOs
  my @voconfs = <$confdir/vos/*.conf>;
  my @vos = ();
  # extract the name of the VO from the filename
  foreach my $vo (@voconfs) {
    (my $voname) = $vo =~ m{([^/]*)\.conf$};
    push @vos, $voname;
  }
  if (@vos) {
    runmodule $module, $action, @vos;
  }
}

# this is run when a new module is added to the system
# and it should be run on all the configured VOs.
sub addmodule {
  configuremodule shift, "configure";
}

# The counterpart of addmodule; this is nearly the same as addmodule
sub removemodule {
  configuremodule shift, "deconfigure";
}



=pod


=head1 BUGS

This program probably has bugs.

=head1 AUTHOR

Dennis van Dok <dennisvd at nikhef.nl>


=head1 SEE ALSO

L<Site::Configuration::VO>

=head1 COPYRIGHT

Copyright 2012, 2013 Stichting FOM <grid-mw-security@nikhef.nl>

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

L<http://www.apache.org/licenses/LICENSE-2.0>

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.