cellinfo
/
cluster_cleanup_account
5
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Initial commit

This commit is contained in:
Julien Da Silva 2026-04-13 13:58:20 +02:00
commit 8e6fe7f877
1 changed files with 249 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

249
clean_up_accounts.sh Normal file
View File

@ -0,0 +1,249 @@
#! /usr/bin/env bash
#set -euo pipefail
dbrepo="$HOME/dev/cellinfo/ipritevents"
ldap_file=$(mktemp)
trap 'rm -f "$ldap_file"' EXIT
ask_yes_no() {
local prompt="$1"
local default="$2" # y ou n
local reply
while true; do
if [[ "$default" == "y" ]]; then
read -rp "$prompt [Y/n] " reply
reply=${reply:-y}
else
read -rp "$prompt [y/N] " reply
reply=${reply:-n}
fi
case "$reply" in
[Yy]|[Oo])
return 0
;;
[Nn])
return 1
;;
*)
echo "Invalid choice, Please answer 'y' or 'n'."
;;
esac
done
}
search_db() {
# $1: The login to seach in the db file
#git -C "$dbrepo" pull
local file="$dbrepo"/itevents.sql
local col=3
local user="$1"
sed -n "/^\s*(\s*'$user'\s*,/p" "$file" \
| tr -d "'()" |cut -d, --fields=$col \
| tr -d " "
}
update_db() {
# $1: The login to seach in the db file
#git -C "$dbrepo" pull
local user="$1"
local file="$dbrepo"/itevents.sql
local archiver=$(whoami)
local now=$(date +'%Y-%m-%d %H:%M:%S.%3N%:z')
sed -E -i "/^\('$user',/ s/(, *'[^,]*' *){2}, *'([^,]*)' *\)/, '$archiver', '$now', '\2')/g" "$file"
# commit
git -C "$dbrepo" add itevents.sql
git -C "$dbrepo" commit -m "Archived data from old user \"$user\""
}
search_email() {
local login="$1"
email=$(ldapsearch -x -LLL \
-H ldaps://ldap.univ-rennes1.fr \
-D "uid=$(whoami),ou=people,dc=univ-rennes1,dc=fr" \
-y "$ldap_file" \
-b "dc=univ-rennes1,dc=fr" \
"(uid=$login)" mail \
| awk -F': ' '/^mail: / {print $2}')
echo "$email"
}
search_ghosts() {
local home_folder="/mnt/home.ipr"
#folders=$(find /mnt/home.ipr -mindepth 1 -maxdepth 1 -type d ! -name '.*' -exec \
# sh -c 'getent passwd "$(basename "$1")" > /dev/null || printf "%s\n" "$(basename "$1")"' _ {} \; )
mapfile -d '' -t orphan_homes < <(
find "$home_folder" -mindepth 1 -maxdepth 1 -type d ! -name '.*' \
-exec sh -c '
for d; do
getent passwd "$(basename "$d")" > /dev/null || printf "%s\0" "$(basename "$d")"
done
' _ {} + \
| sort -z
)
echo "${orphan_homes[@]}"
}
run_remote() {
local use_sudo=0
if [[ "$1" == "--sudo" ]]; then
use_sudo=1
shift
fi
local host="$1"
local task="$2"
shift 2
local args=("$@")
local remote_cmd="bash -s"
[[ $use_sudo -eq 1 ]] && remote_cmd="sudo -S bash -s"
{
[[ $use_sudo -eq 1 ]] && echo "$PASS"
declare -f "$task"
printf '%q ' "$task" "${args[@]}"
echo
} | ssh "$host" "$remote_cmd"
}
sync_folder() {
# source folder
local src="$1"
# destination folder
local dest="$2"
# supervisor login
local supervisor="$3"
supervisor_group=$(id -gn $supervisor)
# Create dir
mkdir -p "$dest"
chown $supervisor:$supervisor_group "$dest"
# sync
rsync -av --exclude='.*' --chown=$supervisor:$supervisor_group "$src" "$dest"
}
remove_folder() {
local folder="$1"
echo "Removing \""$1"\"..."
rm -r "$folder"
}
mail_it() {
local email="$1"
local msg="$2"
local subject="Old data migrated to your personnal folders on Alambix"
echo "$msg" | mailx -s "$subject" "$email"
}
### MAIN
# Ask password
read -s -p "Please enter sudo password: " PASS
echo
# store it securely for ldap access
printf '%s' "$PASS" > "$ldap_file"
chmod 600 "$ldap_file"
# Ask for account name
echo
echo "Please select an orphan folder in the list: "
echo
PS3="Enter an item number: "
while true; do
select old_user in $(run_remote "home.ipr" "search_ghosts"); do
if [[ -n "$old_user" ]]; then
echo "Selection: $old_user"
break 2
else
echo "Invalid choice"
fi
done
done
# Ask for supervisor's login
supervisor_found=$(search_db "$old_user")
read -rp "Supervisor's login ["$supervisor_found"]: " supervisor
supervisor=${supervisor:-"$supervisor_found"}
# Find corresponding folders
work_src=/mnt/work/$old_user
home_src=/mnt/home.ipr/$old_user
work_dest=/mnt/work/$supervisor/old_users/
home_dest=/mnt/home.ipr/$supervisor/old_users/
# Ask if we remove folders after sync
ask_yes_no "Remove \"$work_src\" and \"$home_src\" after synchronization ?" y
remove_after=$?
# Should we warn the supervisor
ask_yes_no "Email confirmation to supervisor ?" y
send_email=$?
if [ "$send_email" == 0 ]; then
email_found=$(search_email "$supervisor")
read -rp "Email address ["$email_found"]: " email
email=${email:-"$email_found"}
fi
# Print a summary
echo "/!\ SUMMARY:"
echo "------------"
echo "-> \"$work_src\" will be synchronized in \"$work_dest\""
echo "-> \"$home_src\" will be synchronized in \"$home_dest\""
echo -n "-> \"$work_src\" and \"$home_src\" will be "
[[ "$remove_after" == 0 ]] && echo -n "REMOVED from " || echo -n "KEPT on "
echo "the file system."
#[[ "$delete_user" == 0 ]] && echo "-> User "$folder" WILL BE DELETED."
[[ "$send_email" == 0 ]] && echo "-> A confirmation will be sent to "$email"."
echo ""
ask_yes_no "Proceed ?" n
do_it=$?
message=$(cat <<EOF
This is an automatic message, please do not reply.
User "$old_user" is no longer a user of the alambix system.
You are identified as the supervisor of this former user.
In order to delete ${old_user}'s personal files from the system,
his/her data has been migrated to your /home and /work folders
in - $work_dest$old_user
- $home_dest$old_user
Please manage this data as soon as possible and keep only what
is necessary.
EOF
)
if [ "$do_it" == 0 ]; then
run_remote --sudo "home.ipr" "sync_folder" "$home_src" "$home_dest" "$supervisor"
run_remote --sudo "work.ipr" "sync_folder" "$work_src" "$work_dest" "$supervisor"
if [ "$remove_after" == 0 ]; then
ask_yes_no "Please CONFIRM that you REALLY want to delete "$work_src" and "$home_src" ?" y
confirm_removal=$?
[[ "$confirm_removal" == 0 ]] && run_remote --sudo "home.ipr" "remove_folder" "$home_src"
[[ "$confirm_removal" == 0 ]] && run_remote --sudo "work.ipr" "remove_folder" "$work_src"
fi
[[ "$send_email" == 0 ]] && run_remote "alambix" "mail_it" "$email" "$message"
update_db "$old_user"
else
echo "Operation aborted."
fi