+++ /dev/null
-This is Tim Abbott's initial draft at our automatic remctl
-configuration.
-
-/usr/sbin/sipb-xen-remctl-update is the magic script. Run
-it with "all" as an argument, and it will update everything.
-
-The inputs to this system are as follows:
-
-/etc/remctl/sipb-xen-auto/acl/MACHINENAME
-
- This directory contains files named MACHINENAME for each machine.
-These ACL files specify who is allowed to administer the machine. You
-can use entries that are Kerberos principles, or entries of the form
-
-include /etc/remctl/sipb-xen-auto/moira-acl/sipb-xen
-
-to include AFS groups in ACLs. To add a new machine to the system,
-you simply need to create /etc/remctl/sipb-xen-auto/acl/MACHINENAME
-and then run
-
-/usr/sbin/sipb-xen-remctl-update all
-
-Everything else is autogenerated from that information.
-
-
-Other files of interest:
-
-/etc/remctl/sipb-xen-auto/auto-machine-list
-
- The list of machines that should have their remctl configuration
-files generated from the template. This is generated from
-listing /etc/remctl/sipb-xen-auto/acl/*.
-
-/etc/remctl/sipb-xen-auto/auto-moira-list
-
- The list of Athena AFS groups from which acl files should be
-generated. The ACL files are placed in
-/etc/remctl/sipb-xen-auto/moira-acl/, and named GROUPNAME. Ths list
-is generated by parsing the ACL files in /etc/remctl/sipb-xen-auto/acl/.
-
-
-This package also includes a crontab to run
-
-/usr/sbin/sipb-xen-remctl-update all
-
-every 15 minutes or so to keep our Moira mapping up to date. One can
-request an update of our Moira mapping for group X by running
-
-/usr/sbin/sipb-xen-remctl-update moiragroup X
-
-The web interface should probably run this when it adds a group. We
-may want to make this also available to users, but I've been lame.
-
-This package includes a remctl interface available to anyone to invoke
-the command:
-
-/usr/sbin/sipb-xen-remctl-update all
-
-using the following command from your favorite machine with remctl:
-
-remctl black-mesa.mit.edu remctl-auto-update all
-
-It requires no special permission to run; there is a potential DOS
-issue here, but I don't think it is serious.
-
-Thought should be put into how to ensure that the servers stay in sync.