This is Tim Abbott's initial draft at our automatic remctl configuration. /usr/sbin/remctl-update.sh is the magic script. Run it with "all" as an argument, and it will update everything. The inputs to this system are as follows: /etc/remctl/sipb-xen-auto/acl/MACHINENAME This directory contains files named MACHINENAME for each machine. These ACL files specify who is allowed to administer the machine. You can use entries that are Kerberos principles, or entries of the form include /etc/remctl/sipb-xen-auto/moira-acl/sipb-xen to include AFS groups in ACLs. To add a new machine to the system, you simply need to create /etc/remctl/sipb-xen-auto/acl/MACHINENAME and then run /usr/sbin/remctl-update.sh all Everything else is autogenerated from that information. Other files of interest: /etc/remctl/sipb-xen-auto/auto-machine-list The list of machines that should have their remctl configuration files generated from the template. This is generated from listing /etc/remctl/sipb-xen-auto/acl/*. /etc/remctl/sipb-xen-auto/auto-moira-list The list of Athena AFS groups from which acl files should be generated. The ACL files are placed in /etc/remctl/sipb-xen-auto/moira-acl/, and named GROUPNAME. Ths list is generated by parsing the ACL files in /etc/remctl/sipb-xen-auto/acl/. This package also includes a crontab to run /usr/sbin/remctl-update.sh all every 15 minutes or so to keep our Moira mapping up to date. One can request an update of our Moira mapping for group X by running /usr/sbin/remctl-update.sh moiragroup X The web interface should probably run this when it adds a group. We may want to make this also available to users, but I've been lame. This package includes a remctl interface available to anyone to invoke the command: /usr/sbin/remctl-update.sh all using the following command from your favorite machine with remctl: remctl black-mesa.mit.edu remctl-auto-update all It requires no special permission to run; there is a potential DOS issue here, but I don't think it is serious. Thought should be put into how to ensure that the servers stay in sync.