Sorting and filing and tidying userscripts in preparation for Slurm

checkuser

@@ -1,5 +1,9 @@
 #!/bin/bash
 
+set -o errexit \
+    -o pipefail \
+    -o nounset
+
 # Checks the year-based ACLs to see whether a user has reapplied
 # for their RC accounts that session.
 
@@ -31,42 +35,85 @@ id "$username" >/dev/null 2>/dev/null && echo "${GREEN}yes${RESET}" || echo "${R
 
 
 echo -n "User is in groups: "
-user_groups="$(groups "$username" 2>&1)"
-if [ $? == 0 ]; then
+if user_groups="$(groups "$username" 2>&1)"
+then
     echo "${GREEN}${user_groups#*:}${RESET}"
 else
     echo "${RED}${user_groups#groups: *:}${RESET}"
 fi
 
 echo "" # Blank line for section separation
 
-declare -a sge_access_groups sge_access_group_labels
-sge_access_groups+=(AY201617)
-sge_access_group_labels+=("access group for 2016-2017")
-sge_access_groups+=(AY201718)
-sge_access_group_labels+=("access group for 2017-2018")
-sge_access_groups+=(AY201819)
-sge_access_group_labels+=("access group for 2018-2019")
-sge_access_groups+=(Open)
-sge_access_group_labels+=("Open access group")
-
-for (( access_group_index=0; access_group_index < "${#sge_access_groups[@]}"; access_group_index++ )); do
-    access_group="${sge_access_groups[$access_group_index]}"
-    access_group_label="${sge_access_group_labels[$access_group_index]}"
-
-    echo -n "Checking whether user is in $access_group_label: "
-    if qconf -su "$access_group" 2>/dev/null >/dev/null; then
-        qconf -su "$access_group" | grep -q "$username"
-        if [ $? == 0 ]
+function sge_check_acls() {
+    local access_group
+    local access_group_label
+    local -a sge_access_groups sge_access_group_labels
+
+    sge_access_groups+=(AY201617)
+    sge_access_group_labels+=("access group for 2016-2017")
+    sge_access_groups+=(AY201718)
+    sge_access_group_labels+=("access group for 2017-2018")
+    sge_access_groups+=(AY201819)
+    sge_access_group_labels+=("access group for 2018-2019")
+    sge_access_groups+=(Open)
+    sge_access_group_labels+=("Open access group")
+
+    for (( access_group_index=0; access_group_index < "${#sge_access_groups[@]}"; access_group_index++ )); do
+        access_group="${sge_access_groups[$access_group_index]}"
+        access_group_label="${sge_access_group_labels[$access_group_index]}"
+
+        echo -n "Checking whether user is in $access_group_label: "
+        if qconf -su "$access_group" 2>/dev/null >/dev/null; then
+            if qconf -su "$access_group" | grep -q "$username"
+            then
+              echo "${GREEN}yes${RESET}"
+            else
+              echo "${RED}no${RESET}"
+            fi
+        else
+            echo "${BLUE}no such group${RESET}"
+        fi
+    done
+}
+
+function sge_check_nosub() {
+    local username="$1"
+    echo -n "Checking whether user has been blocked from submitting jobs: "
+    if qconf -su NoSubmission 2>/dev/null >/dev/null
+    then
+        # check NoSubmission for blocked users
+        if qconf -su NoSubmission | grep -q "$username"
         then
-          echo "${GREEN}yes${RESET}"
+          echo "${RED}yes${RESET}"
         else
-          echo "${RED}no${RESET}"
+          echo "${GREEN}no${RESET}"
         fi
     else
-        echo "${BLUE}no such group${RESET}"
+        echo "${GREEN}no (no blocked ACL here)${RESET}"
     fi
-done
+}
+
+function slurm_check_user_exists() {
+    local username="$1"
+    echo -n "Checking whether user is in Slurm DB: "
+    command -v jq >/dev/null || echo "${RED}could not check, jq not found${RESET}"
+    if sacctmgr --json list user "$username" \
+        | jq -er '.users[].name' >/dev/null
+    then
+        echo "${GREEN}yes${RESET}"
+    else
+        echo "${RED}no${RESET}"
+    fi
+}
+
+
+if command -v qconf >/dev/null; then
+    sge_check_acls "$username"
+    sge_check_nosub "$username"
+elif command -v sacctmgr >/dev/null; then
+    slurm_check_user_exists "$username"
+fi
+
 
 echo -n "Checking whether user is in the actual PAM userlist: "
 pam_listfile="/var/opt/sge/shared/userlist"
@@ -79,37 +126,21 @@ else
     echo "${RED}no${RESET}"
 fi
 
-echo -n "Checking whether user has been blocked from submitting jobs: "
-if qconf -su NoSubmission 2>/dev/null >/dev/null
-then
-    # check NoSubmission for blocked users
-    qconf -su NoSubmission | grep -q "$username"
-    if [ $? == 0 ]
-    then
-      echo "${RED}yes${RESET}"
-    else
-      echo "${GREEN}no${RESET}"
-    fi
-else
-    echo "${GREEN}no (no blocked ACL here)${RESET}"
-fi
-
 echo "" # Blank line for section separation
 
 echo -n "Checking whether user has a home directory: "
-stat --printf='' "/home/${username}" 2>/dev/null
-if [ $? == 0 ]
+if stat --printf='' "/home/${username}" 2>/dev/null
 then
   echo "${GREEN}yes${RESET}"
 else
   echo "${RED}no${RESET}"
 fi
 
 echo -n "Checking whether user has a scratch directory: "
-stat --printf='' "/scratch/scratch/${username}" 2>/dev/null
-if [ $? == 0 ]
+if stat --printf='' "/scratch/scratch/${username}" 2>/dev/null
 then
   echo "${GREEN}yes${RESET}"
+  flag_has_no_scratch=n
 else
   echo "${RED}no${RESET}"
   flag_has_no_scratch=y
@@ -126,7 +157,7 @@ fi
 
 echo -n "Checking whether scratch directory is *owned* by that user: "
 owner="$(stat --printf=%U "/scratch/scratch/${username}" 2>/dev/null)"
-if [ -z "$flag_has_no_scratch" ]; 
+if [ "$flag_has_no_scratch" == "n" ]
 then
     if [ "$owner" == "$username" ]
     then
@@ -140,15 +171,15 @@ fi
 
 echo -n "Checking whether home directory is usable by owner: "
 perms="$(stat --printf=%A "/home/${username}" 2>/dev/null)"
-if [[ "${perms:1:3}" =~ rwx ]];
+if [[ "${perms:1:3}" =~ rwx ]]
 then
     echo "${GREEN}yes${RESET}"
 else 
     echo "${RED}no: perms are ${perms}${RESET}"
 fi
 
 echo -n "Checking whether scratch directory is usable by owner: "
-if [ -z "$flag_has_no_scratch" ];
+if [ "$flag_has_no_scratch" == "n" ]
 then
     perms="$(stat --printf=%A "/scratch/scratch/${username}" 2>/dev/null)"
     if [[ "${perms:1:3}" =~ rwx ]];

createuser

@@ -4,7 +4,7 @@ set -e
 
 export LC_ALL=C
 
-PLATFORM=""
+cluster_name="${CLUSTER_NAME:-}"
 ACL=""
 
 # Make sure we have a userid to create
@@ -15,7 +15,7 @@ then
 fi 
 
 # Check that the userid starts with a letter and is alphanumeric, 7 chars
-if echo $1 | grep -qE '^[[:lower:]][[:lower:][:digit:]]{6}$' ;
+if echo "$1" | grep -qE '^[[:lower:]][[:lower:][:digit:]]{6}$' ;
 then
     echo "Valid user string: $1" 1>&2
 else
@@ -26,8 +26,22 @@ fi
 
 
 # Work out where we are
-</opt/sge/default/common/cluster_name read -r PLATFORM || (echo "Error: could not determine cluster." >&2; exit 1)
-case "$PLATFORM" in
+if [[ -n "$cluster_name" ]]; then
+    # Allow overriding cluster_name for testing/whatever
+    echo "Warning: cluster name overridden as \"$cluster_name\"" >&2
+    cluster_name="$cluster_name"
+elif [[ -r /opt/sge/default/common/cluster_name ]]; then
+    cluster_name="$(cat /opt/sge/default/common/cluster_name)"
+elif command -v sacctmgr >/dev/null; then
+    cluster_name="$(sacctmgr -pn list cluster | cut -f 1 -d '|')"
+elif [[ -r /shared/ucl/etc/cluster_name ]]; then
+    cluster_name="$(cat /shared/ucl/etc/cluster_name)"
+else
+    echo "Error: could not find a way to determine cluster name." >&2
+    exit 1
+fi
+
+case "$cluster_name" in
     "grace")
         ACL="Open"
         ;;
@@ -45,12 +59,12 @@ case "$PLATFORM" in
         exit 1
         ;;
     *)
-        echo "Error: unknown cluster: $PLATFORM" >&2
+        echo "Error: unknown cluster: $cluster_name" >&2
         exit 1
         ;;
 esac
 
-if [[ "$PLATFORM" == "legion" ]]; then
+if [[ "$cluster_name" == "legion" ]]; then
     echo "Reminder: new accounts unassociated with existing paid projects 
           are no longer to be created on Legion (as of 2019-01-01). "
     read -r -p "Are you sure you want to create this account? Please type 'yes' if so: " response
@@ -60,7 +74,7 @@ if [[ "$PLATFORM" == "legion" ]]; then
     fi
 fi
 
-if [[ "$PLATFORM" == "grace" ]]; then
+if [[ "$cluster_name" == "grace" ]]; then
     echo "Reminder: new accounts are no longer to be created on Grace."
     read -r -p "Are you sure you want to create this account? Please type 'yes' if so: " response
     if [[ "$response" != "yes" ]]; then
@@ -70,16 +84,29 @@ if [[ "$PLATFORM" == "grace" ]]; then
 fi
 
 echo "creating account for $1"
-qconf -au "$1" "$ACL"
+if command -v qconf >/dev/null; then
+    qconf -au "$1" "$ACL"
+elif command -v sacctmgr >/dev/null; then
+    echo "Slurm user adding is not yet implemented since the details of cluster implementation have not yet been finalised."
+    echo "You'll need the sacctmgr command, probably something like this:"
+    echo ""
+    echo "  sacctmgr add user name=\"\$username\""
+    echo ""
+    echo "You'll also need at least Operator privileges on Slurm. (Or sudo access to get them.)"
+    exit 1
+else
+    echo "Error: no mechanism for adding users found." >&2
+    exit 1
+fi
 
 [email protected]
 echo "Emailing user ${RECIPIENT}"
 /usr/sbin/sendmail -t<<EOF
 From: [email protected]
 To: ${RECIPIENT}
-Subject: ${PLATFORM^} account
+Subject: ${cluster_name^} account
 
-We are happy to confirm that your account to use the Research Computing ${PLATFORM^} 
+We are happy to confirm that your account to use the Research Computing ${cluster_name^} 
 HPC cluster is now active. You should be able to log in within 5 minutes of 
 receiving this email.
 
@@ -88,7 +115,7 @@ the system.
 
 GETTING HELP 
 
-Information to help you get started in using ${PLATFORM^} is available at 
+Information to help you get started in using ${cluster_name^} is available at 
 
 https://www.rc.ucl.ac.uk/docs/
 
@@ -97,7 +124,7 @@ including a user guide covering all of our systems.
 ANNOUNCEMENTS 
 
 Emails relating to planned outages, service changes etc will be sent to the
-${PLATFORM}[email protected] email list. You have been subscribed to this
+${cluster_name}[email protected] email list. You have been subscribed to this
 list using the email address associated with your main UCL userid - please
 make sure that you read all notices sent to this address promptly and
 observe the requests/guidelines they contain.