Improve gluster-check-rebalance

Reviewed-on: #14

cpupower/cpupower

@@ -1,2 +1,3 @@
 CPU_GOVERNOR="performance"
+CPU_CSTATE_MAX="C1"
 CPU_CSTATES_DISABLE_BY_LATENCY="3"

cpupower/cpupower.sh

@@ -26,11 +26,25 @@ else
   echo "CPU governor is not set."
 fi
 
+# Set the Cstate by Max C-State
+if [ ! "${CPU_CSTATE_MAX}" == "" ]; then
+  print_header "Setting CPU CStates to max \"${CPU_CSTATE_MAX}\""
+  CPU_POWER_SET_ACTION="-e"
+  CPU_POWER_CSTATE=0
+  for CPU_CSTATE_NAME in /sys/devices/system/cpu/cpu0/cpuidle/state*/name; do
+    cpupower idle-set "${CPU_POWER_SET_ACTION}" "${CPU_POWER_CSTATE}" &> /dev/null
+    CPU_POWER_CSTATE=$((CPU_POWER_CSTATE+1))
+    if grep -q "\b${CPU_CSTATE_MAX}\b" "${CPU_CSTATE_NAME}"; then
+      CPU_POWER_SET_ACTION="-d"
+    fi
+  done
+  cpupower idle-info
 # Set the Cstate by latency
-if [ ! "${CPU_CSTATES_DISABLE_BY_LATENCY}" == "" ]; then
+elif [ ! "${CPU_CSTATES_DISABLE_BY_LATENCY}" == "" ]; then
   print_header "Setting CPU CStates by latency to ${CPU_CSTATES_DISABLE_BY_LATENCY}"
   cpupower idle-set --disable-by-latency "${CPU_CSTATES_DISABLE_BY_LATENCY}" &> /dev/null
   cpupower idle-info
 else
-  echo "No CPU Cstates by latency configured."
+  echo "No CPU Cstates configured."
 fi
+

cpupower/readme.md

@@ -67,7 +67,7 @@ ansible -b storage\_nodes -m shell -a "systemctl enable --now cpupower.service"
 #### Sidenotes
 
 ##### cpupower.sh
-The script uses *cpupower idle-set --disable-by-latency*, which is out of convenience since this option allows to disable all C-States that take more time than specified at once. While just using disable just disables a single C-States but does not disable deeper one. E.g. (based on the example from [cpupower idle-info](#cpupowerandc-stateconfiguration-cpupowe)) *cpupower idle-set --disable 4* would disable C1E status but would leave C6 status active...
+The script can be configured to either use a C-State as MAX, which is preferred or by latency. Both can be configured in /etc/default/cpupower. 
 
 ## How To Check the actual status
 To check the actual status of the CPU power settings it is recommended to query it directly with *cpupower*.

gluster/check-fuse-mounts/check-fuse-mounts.service

@@ -0,0 +1,10 @@
+[Unit]
+Description=Check Fuse Mounts and remount them if needed.
+After=remote-fs.target
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/sbin/check-fuse-mounts.sh
+
+[Install]
+WantedBy=multi-user.target

gluster/check-fuse-mounts/check-fuse-mounts.sh

@@ -0,0 +1,19 @@
+#!/bin/bash
+
+header1 () {
+cat << HEADER1
+################################################################################
+# ${FUSE} has an issue, trying to remount it
+################################################################################
+HEADER1
+}
+
+for FUSE in $(grep 'fuse.glusterfs' /proc/mounts | cut -d ' ' -f 2); do
+  if ! stat "${FUSE}" &> /dev/null; then
+    header1 "${FUSE}"
+    umount "${FUSE}"
+    sleep 1s
+    ls -alh "${FUSE}"
+    echo ""
+  fi
+done

gluster/check-fuse-mounts/check-fuse-mounts.timer

@@ -0,0 +1,8 @@
+[Unit]
+Description=Check Fuse Mounts and remount them if needed.
+
+[Timer]
+OnCalendar=*:0/5
+
+[Install]
+WantedBy=timers.target

gluster/check-fuse-mounts/check-fuse-mounts.yml

@@ -0,0 +1,38 @@
+---
+- hosts: storage_nodes
+  any_errors_fatal: true
+  tasks:
+  - assert:
+      that:
+      - ansible_play_hosts == ansible_play_hosts_all
+
+  - name: Copy check-fuse-mounts script
+    copy:
+      owner: root
+      group: root
+      mode: 0755
+      src: "check-fuse-mounts.sh"
+      dest: "/usr/local/sbin/check-fuse-mounts.sh"
+
+  - name: Copy check-fuse-mounts systemd service
+    copy:
+      owner: root
+      group: root
+      mode: 0644
+      src: "check-fuse-mounts.service"
+      dest: "/etc/systemd/system/check-fuse-mounts.service"
+
+  - name: Copy check-fuse-mounts systemd timer
+    copy:
+      owner: root
+      group: root
+      mode: 0644
+      src: "check-fuse-mounts.timer"
+      dest: "/etc/systemd/system/check-fuse-mounts.timer"
+
+  - name: Enable check-fuse-mounts timer
+    systemd:
+      name: check-fuse-mounts.timer
+      daemon_reload: true
+      state: started
+      enabled: true

gluster/check-glsuter-rebalance/check-gluster-rebalance.service

@@ -0,0 +1,10 @@
+[Unit]
+Description=Check status of gluster rebalance
+After=glusterd.service
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/sbin/check-gluster-rebalance.sh
+
+[Install]
+WantedBy=multi-user.target

gluster/check-glsuter-rebalance/check-gluster-rebalance.sh

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+VOLS="kis-aim01 aug-heyexarchiv-repo"
+SENDER="icasfs-alert@uniklinik-freiburg.de"
+RECIPIENT="thomas.gebert@iternity.com"
+
+for VOL in ${VOLS}; do
+  echo "################################################################################"
+  echo "# ${VOL}"
+  sudo gluster vol rebalance "${VOL}" status
+  echo ""
+  if [ -f "/home/l3support/bin/brick-do.sh" ]; then
+    /home/l3support/bin/brick-do.sh -v "${VOL}" -c "df -hTa"
+  fi
+done | mail -S sendwait -s "gluster rebalance status on $HOSTNAME" -r "${SENDER}" "${RECIPIENT}"

gluster/check-glsuter-rebalance/check-gluster-rebalance.timer

@@ -0,0 +1,9 @@
+[Unit]
+Description=Check status of gluster rebalance
+After=glusterd.servcie
+
+[Timer]
+OnCalendar=Mon..Fri 07:00
+
+[Install]
+WantedBy=multi-user.target

gluster/gluster-shell-functions.sh

@@ -0,0 +1,13 @@
+check_volume_status() {
+  if ! sudo gluster vol status "${1}"; then
+    sleep 1m
+    check_volume_status "${1}"
+fi }
+
+
+start_volume() {
+  if ! sudo gluster vol start "${1}" force; then
+    sleep 1m
+    start_volume "${1}"
+  fi
+}

gp-scripts/README.md

@@ -0,0 +1,34 @@
+# General Purpose Scripts
+Here are some general purpose scripts...
+
+- [General Purpose Scripts](#general-purpose-scripts)
+  - [brick-do.sh](#brick-dosh)
+  - [checkup.sh](#checkupsh)
+
+
+## brick-do.sh
+Script to run commands on the single bricks of a GlusterFS volume.
+e.g.
+
+    brick-do.sh -v ge-pacs -c "sudo ls -alh" -p "/ge-pacs/data"
+
+Where `-p` is optional
+
+```
+# brick-do.sh --help
+
+A little helper script to exeucte commands on single bricks.
+
+Usage:  [OPTION]
+Mandatory:
+  -c|--COMMAND       COMMAND     the command to execute
+  -v|--volume        VOLUME      the volume of the bricks
+
+Optionial:
+  -p|--brick-path    BRICK_PATH  in case the command needs to be run in a
+                                 subdirectory of the brick path
+```
+
+## checkup.sh
+Run a quick test on the cluster and do some sanity checks. Most checks are intended to be reviewed by a human being.
+

gp-scripts/brick-do.sh

@@ -0,0 +1,113 @@
+#!/bin/bash
+
+################################################################################
+# Global variables
+################################################################################
+GLUSTER_CMD="sudo /usr/sbin/gluster"
+
+
+################################################################################
+# Functions
+################################################################################
+brick_list() {
+  VOLUME="${1}"
+  if [ "${VOLUME}" == "" ]; then
+     echo "No volume given."
+     show_help
+     return 1
+  fi
+
+  if BRICK_LIST=$(${GLUSTER_CMD} vol info "${VOLUME}" | grep ^Brick[0-9] | cut -d ' ' -f 2); then
+    return 0
+  else
+    return 1
+  fi
+}
+
+execute_command() {
+  if [ "${COMMAND}" == "" ]; then
+    echo "No command given."
+    show_help
+    return 1
+  fi
+
+  for BRICK in ${BRICK_LIST}; do
+    echo "### ${BRICK} ###"
+    ssh "${BRICK%%:*}" "${COMMAND} ${BRICK##*:}${BRICK_PATH}"
+  done
+}
+
+show_help() {
+cat << HELP
+
+A little helper script to exeucte commands on single bricks.
+
+Usage: $1 [OPTION]
+Mandatory:
+  -c|--COMMAND       COMMAND     the command to execute
+  -v|--volume        VOLUME      the volume of the bricks
+
+Optionial:
+  -p|--brick-path    BRICK_PATH  in case the command needs to be run in a
+                                 subdirectory of the brick path
+
+HELP
+exit 0
+}
+
+
+################################################################################
+# Argument parser
+################################################################################
+die() {
+  printf '%s\n' "$1" >&2
+  exit 1
+}
+
+while :; do
+  case $1 in
+    -h|-\?|--help)
+        show_help    # Display a usage synopsis.
+        exit
+        ;;
+    -c|--COMMAND)
+        if [ "$2" ]; then
+            COMMAND=$2
+            shift
+        else
+            die 'ERROR: "-c|--command" requires a non-empty option argument.'
+        fi
+        ;;
+    -p|--brick-path)
+        if [ "$2" ]; then
+            BRICK_PATH=$2
+            shift
+        else
+            die 'ERROR: "-p|--brick-path" requires a non-empty option argument.'
+        fi
+        ;;
+    -v|--volume)
+        if [ "$2" ]; then
+            VOLUME=$2
+            shift
+        else
+            die 'ERROR: "-v|--volume" requires a non-empty option argument.'
+        fi
+        ;;
+    --)              # End of all options.
+        shift
+        break
+        ;;
+    *)               # Default case: No more options, so break out of the loop.
+        break
+  esac
+
+  shift
+done
+
+
+################################################################################
+# Main Main Main
+################################################################################
+brick_list "${VOLUME}"
+execute_command "${COMMAND}"

gp-scripts/checkpoint_EndpointSecurity.ps1

@@ -0,0 +1,106 @@
+# ====================================================================================
+# Check Point SecuRemote Configuration Script
+# - Ensures client_sub_type = "SecuRemote"
+# - Restarts EPWD and TracSrvWrapper services
+# - Restarts TrGUI.exe
+# - Self-elevates to Administrator if needed
+# - Waits for key press before exit
+# ====================================================================================
+
+# --- Self-elevate if not running as Administrator ---
+if (-not ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(
+    [Security.Principal.WindowsBuiltInRole] "Administrator")) {
+
+    Write-Host "Restarting script as Administrator..." -ForegroundColor Yellow
+    Start-Process powershell.exe -Verb RunAs -ArgumentList "-ExecutionPolicy Bypass -File `"$PSCommandPath`""
+    exit
+}
+
+# --- Registry configuration ---
+$regPath = "HKLM:\SOFTWARE\WOW6432Node\CheckPoint\TRAC"
+$name = "client_sub_type"
+$value = "EndpointSecurity"
+$restartNeeded = $false
+
+try {
+    Write-Host "Checking registry value $name in $regPath ..." -ForegroundColor Cyan
+
+    if (-not (Test-Path $regPath)) {
+        Write-Host "Registry path does not exist, creating..." -ForegroundColor Yellow
+        New-Item -Path $regPath -Force | Out-Null
+    }
+
+    $currentValue = (Get-ItemProperty -Path $regPath -Name $name -ErrorAction SilentlyContinue).$name
+
+    if ($currentValue -eq $value) {
+        Write-Host "Registry already set to '$value'. No change needed." -ForegroundColor Green
+    } else {
+        Write-Host "Updating registry value from '$currentValue' to '$value'..." -ForegroundColor Yellow
+        Set-ItemProperty -Path $regPath -Name $name -Value $value -Type String
+        Write-Host "Registry value updated successfully." -ForegroundColor Green
+        $restartNeeded = $true
+    }
+}
+catch {
+    Write-Host "Error setting registry value: $($_)" -ForegroundColor Red
+    exit 1
+}
+
+# --- Stop TrGUI.exe if running ---
+try {
+    $trgui = Get-Process -Name "TrGUI" -ErrorAction SilentlyContinue
+    if ($trgui) {
+        Write-Host "Stopping TrGUI.exe ..." -ForegroundColor Cyan
+        Stop-Process -Name "TrGUI" -Force
+        Start-Sleep -Seconds 2
+        Write-Host "TrGUI.exe stopped." -ForegroundColor Green
+    } else {
+        Write-Host "TrGUI.exe not running." -ForegroundColor Yellow
+    }
+}
+catch {
+    Write-Host "Error stopping TrGUI.exe: $($_)" -ForegroundColor Red
+}
+
+# --- Restart services if needed ---
+$services = @("EPWD", "TracSrvWrapper")
+
+if ($restartNeeded) {
+    foreach ($svc in $services) {
+        try {
+            Write-Host "Restarting service $svc ..." -ForegroundColor Cyan
+            if (Get-Service -Name $svc -ErrorAction SilentlyContinue) {
+                Restart-Service -Name $svc -Force -ErrorAction Stop
+                Write-Host "Service $svc restarted successfully." -ForegroundColor Green
+            } else {
+                Write-Host "Service $svc not found." -ForegroundColor Yellow
+            }
+        }
+        catch {
+            Write-Host "Failed to restart ${svc}: $($_)" -ForegroundColor Red
+        }
+    }
+} else {
+    Write-Host "No service restart required (registry already correct)." -ForegroundColor Cyan
+}
+
+# --- Restart TrGUI.exe ---
+try {
+    $trguiPath = "C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe"
+    if (Test-Path $trguiPath) {
+        Write-Host "Starting TrGUI.exe ..." -ForegroundColor Cyan
+        Start-Process -FilePath $trguiPath
+        Write-Host "TrGUI.exe started successfully." -ForegroundColor Green
+    } else {
+        Write-Host "TrGUI.exe not found at expected path: $trguiPath" -ForegroundColor Yellow
+    }
+}
+catch {
+    Write-Host "Error starting TrGUI.exe: $($_)" -ForegroundColor Red
+}
+
+Write-Host "`nAll tasks completed successfully." -ForegroundColor Cyan
+
+# --- Wait for user input before closing ---
+Write-Host "`nPress any key to exit..."
+[void][System.Console]::ReadKey($true)

gp-scripts/checkpoint_SecuRemote.ps1

@@ -0,0 +1,106 @@
+# ====================================================================================
+# Check Point SecuRemote Configuration Script
+# - Ensures client_sub_type = "SecuRemote"
+# - Restarts EPWD and TracSrvWrapper services
+# - Restarts TrGUI.exe
+# - Self-elevates to Administrator if needed
+# - Waits for key press before exit
+# ====================================================================================
+
+# --- Self-elevate if not running as Administrator ---
+if (-not ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(
+    [Security.Principal.WindowsBuiltInRole] "Administrator")) {
+
+    Write-Host "Restarting script as Administrator..." -ForegroundColor Yellow
+    Start-Process powershell.exe -Verb RunAs -ArgumentList "-ExecutionPolicy Bypass -File `"$PSCommandPath`""
+    exit
+}
+
+# --- Registry configuration ---
+$regPath = "HKLM:\SOFTWARE\WOW6432Node\CheckPoint\TRAC"
+$name = "client_sub_type"
+$value = "SecuRemote"
+$restartNeeded = $false
+
+try {
+    Write-Host "Checking registry value $name in $regPath ..." -ForegroundColor Cyan
+
+    if (-not (Test-Path $regPath)) {
+        Write-Host "Registry path does not exist, creating..." -ForegroundColor Yellow
+        New-Item -Path $regPath -Force | Out-Null
+    }
+
+    $currentValue = (Get-ItemProperty -Path $regPath -Name $name -ErrorAction SilentlyContinue).$name
+
+    if ($currentValue -eq $value) {
+        Write-Host "Registry already set to '$value'. No change needed." -ForegroundColor Green
+    } else {
+        Write-Host "Updating registry value from '$currentValue' to '$value'..." -ForegroundColor Yellow
+        Set-ItemProperty -Path $regPath -Name $name -Value $value -Type String
+        Write-Host "Registry value updated successfully." -ForegroundColor Green
+        $restartNeeded = $true
+    }
+}
+catch {
+    Write-Host "Error setting registry value: $($_)" -ForegroundColor Red
+    exit 1
+}
+
+# --- Stop TrGUI.exe if running ---
+try {
+    $trgui = Get-Process -Name "TrGUI" -ErrorAction SilentlyContinue
+    if ($trgui) {
+        Write-Host "Stopping TrGUI.exe ..." -ForegroundColor Cyan
+        Stop-Process -Name "TrGUI" -Force
+        Start-Sleep -Seconds 2
+        Write-Host "TrGUI.exe stopped." -ForegroundColor Green
+    } else {
+        Write-Host "TrGUI.exe not running." -ForegroundColor Yellow
+    }
+}
+catch {
+    Write-Host "Error stopping TrGUI.exe: $($_)" -ForegroundColor Red
+}
+
+# --- Restart services if needed ---
+$services = @("EPWD", "TracSrvWrapper")
+
+if ($restartNeeded) {
+    foreach ($svc in $services) {
+        try {
+            Write-Host "Restarting service $svc ..." -ForegroundColor Cyan
+            if (Get-Service -Name $svc -ErrorAction SilentlyContinue) {
+                Restart-Service -Name $svc -Force -ErrorAction Stop
+                Write-Host "Service $svc restarted successfully." -ForegroundColor Green
+            } else {
+                Write-Host "Service $svc not found." -ForegroundColor Yellow
+            }
+        }
+        catch {
+            Write-Host "Failed to restart ${svc}: $($_)" -ForegroundColor Red
+        }
+    }
+} else {
+    Write-Host "No service restart required (registry already correct)." -ForegroundColor Cyan
+}
+
+# --- Restart TrGUI.exe ---
+try {
+    $trguiPath = "C:\Program Files (x86)\CheckPoint\Endpoint Connect\TrGUI.exe"
+    if (Test-Path $trguiPath) {
+        Write-Host "Starting TrGUI.exe ..." -ForegroundColor Cyan
+        Start-Process -FilePath $trguiPath
+        Write-Host "TrGUI.exe started successfully." -ForegroundColor Green
+    } else {
+        Write-Host "TrGUI.exe not found at expected path: $trguiPath" -ForegroundColor Yellow
+    }
+}
+catch {
+    Write-Host "Error starting TrGUI.exe: $($_)" -ForegroundColor Red
+}
+
+Write-Host "`nAll tasks completed successfully." -ForegroundColor Cyan
+
+# --- Wait for user input before closing ---
+Write-Host "`nPress any key to exit..."
+[void][System.Console]::ReadKey($true)

gp-scripts/checkup.sh

@@ -0,0 +1,63 @@
+#!/bin/bash
+
+################################################################################
+# Global variables
+################################################################################
+ANSIBLE_CMD="ansible -i /etc/filescale/cluster.ansible.yml"
+
+################################################################################
+# Functions
+################################################################################
+header1() {
+cat << HEADER1
+
+################################################################################
+# ${@}
+################################################################################
+HEADER1
+}
+
+################################################################################
+# Main Main Main
+################################################################################
+header1 "Check Firewall
+#  Our zones used are external and nterconnecti and client and the bond devices
+#  have to be attached to one of these"
+${ANSIBLE_CMD} -b all -m shell \
+    -a 'for zone in external interconnect client; do
+          echo "### ${zone} ###"
+          echo -n "running:   "
+          firewall-cmd --zone="${zone}" --list-interfaces
+          echo -n "permanent: "
+          firewall-cmd --permanent --zone="${zone}" --list-interfaces
+          echo ""
+        done'
+
+
+header1 "Check NTP/Chrony
+# - correct address/name
+# - Reach is > 0"
+${ANSIBLE_CMD} -b all -m shell -a "timedatectl"
+${ANSIBLE_CMD} -b all -m shell -a "chronyc sources"
+
+
+header1 "Check Mailing
+# - correct relay address/name
+# - correct sender address
+# - correct recipient address"
+${ANSIBLE_CMD} -b all -m shell \
+    -a "grep -H ^relayhost /etc/postfix/main.cf; grep -H '^\ *from' /etc/kapacitor/kapacitor.conf"
+
+
+header1 "Check Bonding"
+${ANSIBLE_CMD} -b all -m shell \
+    -a 'for bond in /proc/net/bonding/bond*; do
+           echo "### ${bond##*/} ###"
+           egrep "Bonding Mode|MII Status|Slave Interface|Permanent HW addr|port state|Churn State|Aggregator ID" ${bond}
+           echo ""
+        done'
+
+
+header1 "Do some generic tests with 
+#  fs-manager check all"
+fs-manager check all

password-change-tool/change-user-password.sh

@@ -0,0 +1,141 @@
+#!/bin/bash
+
+################################################################################
+# Global variables
+################################################################################
+USER_TO_CHANGE=""
+NEW_PASSWORD=""
+MY_NAME=$(basename "$0")
+USERS_ALLOWED_ALL="
+qqpam50
+thomas
+"
+
+
+################################################################################
+# Functions
+################################################################################
+die() {
+  printf '%s\n' "$1" >&2
+  exit 1
+}
+
+show_help() {
+cat << HELP
+
+Script to update the password of a user.
+The password is either
+ - entered interactively
+ - redirected from STDIN via    ${MY_NAME} ... <<< 'newpassword'
+ - redirected from a file via   ${MY_NAME} ... < /path/to/file-with-password
+
+Usage: $1 [OPTION]
+Mandatory:
+  -u|--user USER                the username for password change
+
+HELP
+}
+
+check_if_root() {
+  if [ ${EUID} -ne 0 ]; then
+    echo "Script must be run as root or sudo"
+    exit 1
+  fi
+  return
+}
+
+check_user() {
+  if [ "${USER_TO_CHANGE}" == "" ]; then
+    echo "User cannot be empty."
+    exit 1
+  fi
+
+  if ! id "${USER_TO_CHANGE}" &> /dev/null ; then
+    echo "User \"${USER_TO_CHANGE}\" does not exist."
+    exit 1
+  fi
+  return
+}
+
+check_change_permissions() {
+  GREP_OUT=$(echo "${USERS_ALLOWED_ALL}" | grep "\b${SUDO_USER}\b")
+  if [ $? -eq 0 ]; then
+    return
+  fi
+
+  if [ "${SUDO_USER}" == "${USER_TO_CHANGE}" ]; then
+    return
+  else
+    echo "You only can change the password for your own user."
+    exit 1
+  fi
+}
+
+get_password() {
+  if test -t 0; then
+    echo -n "New password: "
+  fi
+  IFS= read -rs NEW_PASSWORD
+  PW_CHANGE_SUCCESS=$?
+  echo ""
+
+  if [ $PW_CHANGE_SUCCESS -ne 0 ]; then
+    echo "Couldn't read new password."
+    exit 1
+  fi
+
+  if [ "${NEW_PASSWORD}" == "" ]; then
+    echo "New passord cannot be empty."
+    exit 1
+  fi
+
+  return
+}
+
+change_user_password() {
+  CHPASSWD_OUT=$(chpasswd <<< "${USER_TO_CHANGE}:${NEW_PASSWORD}" 2>&1)
+  if [ $? -ne 0 ]; then
+    echo "Password change failed. Error is:"
+    echo "${CHPASSWD_OUT}"
+    exit 1
+  fi
+  return
+}
+
+################################################################################
+# Argument parser
+################################################################################
+while :; do
+  case $1 in
+    -h|-\?|--help)
+        show_help    # Display a usage synopsis.
+        exit
+        ;;
+    -u|--user)  # Takes an option argument; ensure it has been specified.
+        if [ "$2" ]; then
+            USER_TO_CHANGE=$2
+            shift
+        else
+            die 'ERROR: "-u|--user" requires a non-empty option argument.'
+        fi
+        ;;
+    --)              # End of all options.
+        shift
+        break
+        ;;
+    *)               # Default case: No more options, so break out of the loop.
+        break
+  esac
+
+  shift
+done
+
+
+################################################################################
+# Main, main, main
+################################################################################
+check_if_root
+check_user
+check_change_permissions
+get_password
+change_user_password

password-change-tool/sudo-rule

@@ -0,0 +1 @@
+ALL ALL=(ALL) NOPASSWD: /usr/local/bin/change-user-password.sh

retention-helper/retention-helper.sh

@@ -50,7 +50,7 @@ get_xattr_of_file() {
 }
 
 find_files_with_atime() {
-  while read -r FILE; do
+  find "${DIRECTORY}" -type f | while read -r FILE; do
     ATIME_FILE=$(get_atime_of_file "${FILE}")
     if [ "${ATIME_FILE}" == "" ]; then
       continue
@@ -58,12 +58,12 @@ find_files_with_atime() {
     if [ ${ATIME_FILE} -ge ${ATIME_SEARCH} ]; then
       echo "${FILE}"
     fi
-  done <<< $(find "${DIRECTORY}" -type f)
+  done
 }
 
 
 find_files_with_retention() {
-  while read -r FILE; do
+  find "${DIRECTORY}" -type f | while read -r FILE; do
     RETENTION_FILE=$(get_xattr_of_file "${FILE}" "trusted.worm.attr" | grep -o '[0-9]\+$')
     if [ "${RETENTION_FILE}" == "" ]; then
       continue
@@ -72,12 +72,12 @@ find_files_with_retention() {
     if [ ${RETENTION_FILE} -eq ${RETENTION_SEARCH} ]; then
       echo "${FILE}"
     fi
-  done <<< $(find "${DIRECTORY}" -type f)
+  done
 }
 
 
 set_atime() {
-  for FILE in $(find_files_with_retention "${DIRECTORY}" "${RETENTION_SEARCH}"); do
+  find_files_with_retention "${DIRECTORY}" "${RETENTION_SEARCH}" | while read -r FILE; do
     if [ -f "${FILE}" ]; then
       ARCHIVE_TIME=$(get_xattr_of_file "${FILE}" "trusted.archive_time")
       NEW_ATIME=$((ARCHIVE_TIME+NEW_RETENTION))
@@ -89,7 +89,7 @@ set_atime() {
 
 
 show_atime_retention() {
-  while read -r FILE; do
+  find "${DIRECTORY}" -type f | while read -r FILE; do
     ATIME=$(get_atime_of_file "${FILE}")
     if [ "${ATIME}" == "" ]; then
       continue
@@ -98,7 +98,7 @@ show_atime_retention() {
     echo "${FILE}"
     echo "  atime:             $(date --date=@${ATIME}) || ${ATIME}"
     echo "  trusted.worm.attr: ${TRUSTED_WORM_ATTR}"
-  done <<< $(find "${DIRECTORY}" -type f)
+  done
 }
 
 ################################################################################