$ compare_ipa_dsee_home.py -h usage: compare_ipa_dsee_home.py [-h] (-a | -u USER) [-t | -r] Compare IPA and DSEE home (all or specific user) optional arguments: -h, --help show this help message and exit -a, --all Compare home of all IPA users -u USER, --user USER Compare home of specified IPA user login -t, --table Output is a table on the screen -r, --raw Raw output (default)
This is table output.$ compare_ipa_dsee_home.py -u zdudic Obtaining Kerberos ticket-granting ticket for admin (IPA Administrator) Check if admin has kerberos ticket OK, admin has kerberos ticket zdudic IPA: mystorage:/export/home/zdudic DSEE: mystorage-dsee:/export/pool-0/home-02/zdudic
This is cronjob, that creates html page (only when query all users).$ compare_ipa_dsee_home.py -u zdudic -t Obtaining Kerberos ticket-granting ticket for admin (IPA Administrator) Check if admin has kerberos ticket OK, admin has kerberos ticket +--------+---------------------------------------------------------------------------------+ | User | IPA home | DSEE home | +--------+--------------------------------+------------------------------------------------+ | zdudic | mystorage:/export/home/zdudic | mystorage-dsee:/export/pool-0/home-002/zdudic | +--------+--------------------------------+------------------------------------------------+
55 15 * * * /some-path/compare_ipa_dsee_home.py -a --html >/dev/null
#!/some-path/python3.5 # list users' IPA and DSEE home # ------------------------------ import sys import ldap import argparse import subprocess import logging, logging.handlers from time import gmtime, strftime import datetime from prettytable import PrettyTable # variables # Bold text: \033[1m ... \033[0m BOLD = "\033[1m" END = "\033[0m" html_output = "/some-nfs-path/users_dsee_ipa_home.html" # -- argument work parser = argparse.ArgumentParser( description="Compare IPA and DSEE home (all or specific user)", epilog='Brought to you by ZD') who = parser.add_mutually_exclusive_group(required=True) who.add_argument("-a", "--all", help="Compare home of all IPA users", action="store_true") who.add_argument("-u", "--user", help="Compare home of specified IPA user login") output = parser.add_mutually_exclusive_group() output.add_argument("-t", "--table", help="Output is a table on the screen", action="store_true") output.add_argument("-r", "--raw", help="Raw output (default)", action="store_true") parser.add_argument("--html", help=argparse.SUPPRESS, action="store_true") args = parser.parse_args() allusers=args.all user=args.user tableoutput=args.table rawoutput=args.raw htmloutput=args.html def admin_kinit(): """ Obtain and cache Kerberos ticket-granting ticket for admin admin is IPA administrator account """ try: print("Obtaining Kerberos ticket-granting ticket for admin (IPA Administrator)") subprocess.call(['sudo -u admin kinit -kt /homelocal/admin/.ipa/admin.kt admin'], shell=True) except subprocess.CalledProcessError as err: print("Admin account (IPA Administrator) cannot obtain Kerberos ticket-granting ticket" ) sys.exit("subprocess.CalledProcessError: {0}".format(err)) def admin_kerberos_ticket(): """ Does admin have valid kerberos ticket? """ return True if subprocess.call(['sudo', '-u', 'admin', 'klist', '-s']) == 0 else False def does_user_exist_in_ipa(): """ Check if IPA account exists """ return True if subprocess.call(["sudo -u admin ipa user-find --login %s >/dev/null" % user], shell=True) == 0 else False def get_all_ipa_users(): """ Get list of all IPA users """ global all_ipa_users try: all_ipa_users = subprocess.check_output(['sudo -u admin ipa user-find | grep \"User login\" | awk \'{print $3}\' '], shell=True) except subprocess.SubprocessError as err: print("Can't get list of all IPA users") sys.exit("SubprocessError: {0}".format(err)) def get_ipa_home(user): """ Get IPA home command: ipa automountkey-show default auto.home --key user --raw | tail -1 | awk '{for (i=2; i<=NF; i++) printf $i""FS}' """ global user_ipa_home try: user_ipa_home = subprocess.check_output(['sudo -u admin ipa automountkey-show default auto.home --key %s --raw |tail -1 \ |awk \'{for (i=2; i<=NF; i++) printf $i""FS}\'' % user], shell=True) except subprocess.CalledProcessError as err: print("Can't get IPA home for %s" % user) sys.exit("subprocess.CalledProcessError: {0}".format(err)) def get_dsee_home(user): """ Get DSEE home command: ldapsearch -LLL -h dsee-server.dom.com -x \ -b automountmapname=auto_home,ou=some-container,dc=dom,dc=com automountKey=user \ -o ldif-wrap=no | grep automountInformation | awk '{for (i=2; i<=NF; i++) printf $i""FS}' """ global user_dsee_home dsee_server = "dsee-server.dom.com" search_base = "ou=some-container,dc=dom,dc=com" try: user_dsee_home = subprocess.check_output(['ldapsearch -LLL -h %s -x -b automountmapname=auto_home,%s automountKey=%s \ -o ldif-wrap=no | grep automountInformation | awk \'{for (i=2; i<=NF; i++) printf $i""FS}\'' % (dsee_server, search_base, user)], shell=True) except subprocess.CalledProcessError as err: print("Can't get DSEE home for %s" % user) sys.exit("subprocess.CalledProcessError: {0}".format(err)) def table_output_one_user(user, ipa_home, dsee_home): """ Creates a table with results for only one user """ x = PrettyTable() x.field_names = ["User", "IPA home", "DSEE home"] x.add_row([user, ipa_home, dsee_home]) print(x) def write_to_html_file(file_name, text): """ Write stdout to html file Arguments: file name and text """ original = sys.stdout sys.stdout = open(file_name, 'w+') print("<html>") print(strftime("Generated on: %b %d %Y")) print(text) print("</html>") sys.stdout.close() sys.stdout = original def raw_output(user, ipa_home, dsee_home): """ Creates a raw output of result """ print(BOLD + user + " IPA: " + END + ipa_home + BOLD + " DSEE: " + END + dsee_home) if __name__ == '__main__': admin_kinit() print("Check if admin has kerberos ticket") if not admin_kerberos_ticket(): sys.exit("Admin doesn't have a kerberos ticket!") print("OK, admin has kerberos ticket") # query for only one user if user: # exit if user is not present in IPA if not does_user_exist_in_ipa(): sys.exit("User %s %s %s is not present in IPA, exiting!" % (BOLD, user, END)) get_ipa_home(user) get_dsee_home(user) if tableoutput: table_output_one_user(user, user_ipa_home.decode(), user_dsee_home.decode()) elif rawoutput: raw_output(user, user_ipa_home.decode(), user_dsee_home.decode()) else: # raw is also default raw_output(user, user_ipa_home.decode(), user_dsee_home.decode()) # query for all users if allusers: get_all_ipa_users() if tableoutput: x = PrettyTable() x.field_names = ["User", "IPA home", "DSEE home"] x.align["User"] = "l" x.align["IPA home"] = "l" x.align["DSEE home"] = "l" for user in all_ipa_users.decode().split("\n"): get_ipa_home(user) get_dsee_home(user) x.add_row([user, user_ipa_home.decode(), user_dsee_home.decode()]) print(x) elif rawoutput: for user in all_ipa_users.decode().split("\n"): get_ipa_home(user) get_dsee_home(user) raw_output(user, user_ipa_home.decode(), user_dsee_home.decode()) elif htmloutput: # hidden html output only for all users x = PrettyTable() x.field_names = ["User", "DSEE home", "IPA home"] #x.field_names = ["User", "IPA home", "DSEE home"] for user in all_ipa_users.decode().split("\n"): get_ipa_home(user) get_dsee_home(user) x.add_row([user, user_dsee_home.decode(), user_ipa_home.decode()]) #x.add_row([user, user_ipa_home.decode(), user_dsee_home.decode()]) write_to_html_file(html_output, x.get_html_string(attributes={"border":"1"})) else: # raw is also default for user in all_ipa_users.decode().split("\n"): get_ipa_home(user) get_dsee_home(user) raw_output(user, user_ipa_home.decode(), user_dsee_home.decode()) sys.exit(0)