Removing Devices that haven't checked in to ZENworks Linux Management for awhile

Novell Cool Solutions: Feature
By Phillip Cockrell

Digg This - Slashdot This Posted: 26 Apr 2007

PROBLEM: There is no automated function to remove managed devices that have not "checked in" to ZLM for a defined period of time.

SOLUTION: A script can be scheduled to run that will poll the LDAP services on the eDirectory instance for ZLM. The script will generate a list of server names that have not checked in via refresh for the defined period of time. Following the list generation, the output will be piped to zlman to delete the devices.

Note: This script should be run from the primary ZLM server. In addition, a ZLM administrative account should be created. The account only needs "ALL" permissions to the "/Devices" folder in ZLM (all other permissions can be "View".

Example

 #!/bin/bash



# This script is used to automate the deletion of managed devices. When a device has

# not checked in (ie: refreshed) for a defined amount of time (MAX_AGE), the device

# will be added to a list and its corresponding object in ZLM will be deleted.

#

# Please send comments, questions, concerns, additions, etc. to

# Phillip Cockrell <pcockrell@novell.com>



# Tweakables

# ZLM server from which to delete expired devices (should be the master replica!)

ZLMMASTER=zlm7primary.digitalairlines.com



# Managed Zone name

ZLMZONE=ManagedZone1



# ZLM user / password with delete permissions to the /Devices folder

ADMINUSER=deladmin

ADMINPASSWD=novell



# Maximum age a device can go without checking in (in seconds - 86400 = 24 hours)

MAX_AGE=259200



# Where to find the eDirectory supported LDAP utilities

LDAP_PATH="/usr/ldaptools/bin"



#######################################

## Don't touch anything below this line

## unless you really know what you are 

## doing!

#######################################



# Get the current time and figure out a "cutoff" time

NOW=`date +%s`

CUTOFF=$(($NOW - $MAX_AGE))

ZULUCUTOFF=`echo -n $CUTOFF | awk '{print strftime("%Y%m%d%H%M%SZ", $0)}'`

#echo $NOW

#echo $CUTOFF

#echo $ZULUCUTOFF



# Create a file containing the DN's of any accounts

#  that were created more than $MAX_AGE seconds ago

$LDAP_PATH/ldapsearch -x -h $ZLMMASTER -b nrmName=~devices~,ou=$ZLMZONE,o=cell -D nrmName=$ADMINUSER,nrmName=~admins~,ou=$ZLMZONE,o=cell -ZZ -p 10389 -w $ADMINPASSWD -LLL "(loginTime<=$ZULUCUTOFF)" nrmName | grep ^nrmName | awk {'print $2'} > /tmp/$NOW-deviceExpired



# Delete any accounts from the previous search.

cat /tmp/$NOW-deviceExpired | while read line ; do zlman -U$ADMINUSER -P$ADMINPASSWD --quiet server-delete $line ; done



# Just delete the output file from temp for the time being so they don't stack up

rm -f /tmp/$NOW-deviceExpired

If you have any questions you may contact Phillip at pcockrellTAKETHISOUT@novell.com

Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com