Author: fapeeler
Date: Wed Mar 13 19:44:00 2013
New Revision: 1456106
URL: http://svn.apache.org/r1456106
Log:
VCL-584
utils.pm, OS.pm: changes to check for existing IP address assigned in VCL
database for server loads
VCL-669
Linux.pm,Datastructure.pm,OS.pm,Linux.pm: setup user supplied ssh identity keys
General
utils.pm, ubuntu.pm,linux.pm,windows.pm: commented out notify statements that
print out the details of netstat and network configuration
Modified:
vcl/trunk/managementnode/lib/VCL/DataStructure.pm
vcl/trunk/managementnode/lib/VCL/Module/OS.pm
vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm
vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm
vcl/trunk/managementnode/lib/VCL/Module/OS/Windows.pm
vcl/trunk/managementnode/lib/VCL/utils.pm
Modified: vcl/trunk/managementnode/lib/VCL/DataStructure.pm
URL:
http://svn.apache.org/viewvc/vcl/trunk/managementnode/lib/VCL/DataStructure.pm?rev=1456106&r1=1456105&r2=1456106&view=diff
==============================================================================
--- vcl/trunk/managementnode/lib/VCL/DataStructure.pm (original)
+++ vcl/trunk/managementnode/lib/VCL/DataStructure.pm Wed Mar 13 19:44:00 2013
@@ -445,6 +445,7 @@ $SUBROUTINE_MAPPINGS{user_affiliation_he
$SUBROUTINE_MAPPINGS{user_affiliation_name} =
'$self->request_data->{user}{affiliation}{name}';
$SUBROUTINE_MAPPINGS{user_affiliation_sitewwwaddress} =
'$self->request_data->{user}{affiliation}{sitewwwaddress}';
$SUBROUTINE_MAPPINGS{user_imtype_name} =
'$self->request_data->{user}{IMtype}{name}';
+$SUBROUTINE_MAPPINGS{user_sshPublicKeys} =
'$self->request_data->{user}{sshPublicKeys}';
$SUBROUTINE_MAPPINGS{management_node_id} = '$ENV{management_node_info}{id}';
$SUBROUTINE_MAPPINGS{management_node_ipaddress} =
'$ENV{management_node_info}{IPaddress}';
Modified: vcl/trunk/managementnode/lib/VCL/Module/OS.pm
URL:
http://svn.apache.org/viewvc/vcl/trunk/managementnode/lib/VCL/Module/OS.pm?rev=1456106&r1=1456105&r2=1456106&view=diff
==============================================================================
--- vcl/trunk/managementnode/lib/VCL/Module/OS.pm (original)
+++ vcl/trunk/managementnode/lib/VCL/Module/OS.pm Wed Mar 13 19:44:00 2013
@@ -872,10 +872,18 @@ sub server_request_set_fixedIP {
if(!$self->update_fixedIP_info()) {
notify($ERRORS{'WARNING'}, 0, "Unable to update information
related fixedIP for server_request $server_request_id");
}
+
+ #Confirm requested IP is not being used
+ if (!$self->confirm_fixedIP_is_available()) {
+ #failed, insert into loadlog, fail reservation
+ insertloadlog($reservation_id, $computer_id,
"failed","$server_request_fixedIP is NOT available");
+ return 0;
+ }
# Try to set the static public IP address using the OS module
if ($self->can("set_static_public_address")) {
if ($self->set_static_public_address()) {
- notify($ERRORS{'DEBUG'}, 0, "set static public IP address on
$computer_node_name using OS module's set_static_public_address() method");
$self->data->set_computer_ip_address($server_request_fixedIP);
+ notify($ERRORS{'DEBUG'}, 0, "set static public IP address on
$computer_node_name using OS module's set_static_public_address() method");
+
$self->data->set_computer_ip_address($server_request_fixedIP);
# Delete cached network configuration information so it is
retrieved next time it is needed
delete $self->{network_configuration};
@@ -893,6 +901,7 @@ sub server_request_set_fixedIP {
}
else {
notify($ERRORS{'WARNING'}, 0, "failed to set static public IP
address on $computer_node_name");
+ insertloadlog($reservation_id, $computer_id,
"failed"," Not able to assigne IPaddress $server_request_fixedIP");
return 0;
}
}
@@ -906,6 +915,52 @@ sub server_request_set_fixedIP {
}
+
+#/////////////////////////////////////////////////////////////////////////////
+
+=head2 confirm_fixedIP_is_available
+
+ Parameters : none
+ Returns : If successful: true
+ If failed: 0
+ Description : Preforms checks to confirm the requested IP is not being used
+ -- Check VCL database computer table
for IP
+ -- try to ping the IP
+ -- future; good to check with upstream
network switch or control
+
+=cut
+#/////////////////////////////////////////////////////////////////////////////
+
+sub confirm_fixedIP_is_available {
+ my $self = shift;
+ if (ref($self) !~ /VCL::Module/i) {
+ notify($ERRORS{'CRITICAL'}, 0, "subroutine was called as a
function, it must be called as a class method");
+ return;
+ }
+
+ my $reservation_id = $self->data->get_reservation_id() || return;
+ my $computer_id = $self->data->get_computer_id() || return;
+ my $computer_node_name = $self->data->get_computer_node_name() ||
return;
+ my $server_request_id = $self->data->get_server_request_id();
+ my $server_request_fixedIP =
$self->data->get_server_request_fixedIP();
+
+ #check VCL computer table
+ if(is_IP_assigned_query($server_request_fixedIP)) {
+ notify($ERRORS{'WARNING'}, 0, "$server_request_fixedIP is
already assigned");
+ insertloadlog($reservation_id, $computer_id,
"failed","$server_request_fixedIP is already assigned");
+ return 0;
+ }
+
+ #Is IP pingable
+ if(_pingnode($server_request_fixedIP)) {
+ notify($ERRORS{'WARNING'}, 0, "$server_request_fixedIP is
answering ping test");
+ insertloadlog($reservation_id, $computer_id,
"failed","$server_request_fixedIP is answering ping test, but is not assigned
in VCL database");
+ return 0;
+ }
+
+ return 1;
+}
+
#/////////////////////////////////////////////////////////////////////////////
=head2 update_public_ip_address
@@ -2418,8 +2473,9 @@ sub manage_server_access {
my $server_request_admingroupid =
$self->data->get_server_request_admingroupid();
my $server_request_logingroupid =
$self->data->get_server_request_logingroupid();
my $user_login_id_owner = $self->data->get_user_login_id();
+ my $user_sshPublicKeys =
$self->data->get_user_sshPublicKeys();
my $user_id_owner = $self->data->get_user_id();
- my $image_os_type = $self->data->get_image_os_type();
+ my $image_os_type =
$self->data->get_image_os_type();
my $request_laststate_name =
$self->data->get_request_laststate_name();
# Build list of users.
@@ -2449,6 +2505,7 @@ sub manage_server_access {
my ($username,$uid,$vcl_user_id) = 0;
($username,$uid,$vcl_user_id) = split(/:/, $str);
my ($correct_username, $user_domain) = split /@/,
$username;
+ $user_hash{$vcl_user_id}{"user_info"} = get_user_info($vcl_user_id);
$user_hash{$vcl_user_id}{"username"} = $correct_username;
$user_hash{$vcl_user_id}{"uid"} = $uid;
$user_hash{$vcl_user_id}{"vcl_user_id"} = $vcl_user_id;
@@ -2463,6 +2520,7 @@ sub manage_server_access {
($username, $uid,$vcl_user_id) = split(/:/, $str);
my ($correct_username, $user_domain) = split /@/,
$username;
if (!exists($user_hash{$uid})) {
+ $user_hash{$vcl_user_id}{"user_info"} =
get_user_info($vcl_user_id);
$user_hash{$vcl_user_id}{"username"} =
$correct_username;
$user_hash{$vcl_user_id}{"uid"} = $uid;
$user_hash{$vcl_user_id}{"vcl_user_id"} =
$vcl_user_id;
@@ -2488,7 +2546,9 @@ sub manage_server_access {
$allow_list .= " $user_login_id_owner" if ($allow_list !~
/$user_login_id_owner/) ;
next;
}
- my $standalone = 0;
+ #my $standalone = 0;
+ my $standalone = $user_hash{$userid}{user_info}{STANDALONE};
+
if(!$self->user_exists($user_hash{$userid}{username})){
delete($res_accounts{$userid});
}
@@ -2496,13 +2556,13 @@ sub manage_server_access {
if(!exists($res_accounts{$userid}) || $request_laststate_name
eq "reinstall" ){
# check affiliation
notify($ERRORS{'DEBUG'}, 0, "checking affiliation for
$userid");
- my $affiliation_name =
get_user_affiliation($user_hash{$userid}{vcl_user_id});
- if(defined($affiliation_name)) {
+ #my $affiliation_name =
get_user_affiliation($user_hash{$userid}{vcl_user_id});
+ #if(defined($affiliation_name)) {
- if(!(grep(/$affiliation_name/, split(/,/,
$not_standalone_list) ))) {
- $standalone = 1;
- }
- }
+ # if(!(grep(/$affiliation_name/, split(/,/,
$not_standalone_list) ))) {
+ # $standalone = 1;
+ # }
+ #}
if($request_laststate_name ne "reinstall" ){
$user_hash{$userid}{"passwd"} = 0;
@@ -2530,7 +2590,7 @@ sub manage_server_access {
}
# Create user on the OS
-
if($self->create_user($user_hash{$userid}{username},$user_hash{$userid}{passwd},$user_hash{$userid}{uid},$user_hash{$userid}{rootaccess},$standalone))
{
+
if($self->create_user($user_hash{$userid}{username},$user_hash{$userid}{passwd},$user_hash{$userid}{uid},$user_hash{$userid}{rootaccess},$standalone,$user_hash{$userid}{user_info}{user_sshPublicKeys}))
{
notify($ERRORS{'OK'}, 0, "Successfully created
user $user_hash{$userid}{username} on $computer_node_name");
}
else {
Modified: vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm
URL:
http://svn.apache.org/viewvc/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm?rev=1456106&r1=1456105&r2=1456106&view=diff
==============================================================================
--- vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm (original)
+++ vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm Wed Mar 13 19:44:00 2013
@@ -914,12 +914,29 @@ sub delete_user {
return 0;
}
+
if ($self->user_logged_in($user_login_id)) {
notify($ERRORS{'OK'}, 0, "user $user_login_id is logged in,
logging of user");
if ($self->logoff_user($user_login_id)) {
}
}
+
+ #Clean out any public ssh identity keys
+ my $home_network_share_cmd = "df /home/$user_login_id";
+ my ($exit_status, $output) = $self->execute($home_network_share_cmd);
+ if(grep(/dev/, @$output)){
+ # confirm .ssh directory exists
+ # Make directory
+ my $rm_keys_cmd = "/bin/rm /home/$user_login_id/.ssh/authorized_keys";
+ if ($self->execute($rm_keys_cmd)) {
+ notify($ERRORS{'DEBUG'}, 0, "removed
/home/$user_login_id/.ssh/authorized_keys file");
+ }
+ }
+ else {
+ notify($ERRORS{'DEBUG'}, 0, "Detected network mounted home
directory, will not remove authorized_keys: @$output");
+ }
+
# Use userdel to delete the user
# Do not use userdel -r, it will affect HPC user storage for HPC
installs
my $user_delete_command = "/usr/sbin/userdel $user_login_id";
@@ -1279,7 +1296,7 @@ sub is_connected {
my $remote_ip = $self->data->get_reservation_remote_ip();
my $computer_ipaddress = $self->data->get_computer_ip_address();
- my @SSHCMD = run_ssh_command($computer_node_name, $identity, "netstat
-an", "root", 22, 1);
+ my @SSHCMD = run_ssh_command($computer_node_name, $identity, "netstat
-an", "root", 22, 0);
foreach my $line (@{$SSHCMD[1]}) {
chomp($line);
next if ($line =~ /Warning/);
@@ -2168,7 +2185,8 @@ sub get_network_configuration {
}
$self->{network_configuration} = $network_configuration;
- notify($ERRORS{'DEBUG'}, 0, "retrieved network configuration:\n" .
format_data($self->{network_configuration}));
+ #can produce large output, if you need to monitor the configuration
setting uncomment the below output statement
+ #notify($ERRORS{'DEBUG'}, 0, "retrieved network configuration:\n" .
format_data($self->{network_configuration}));
return $self->{network_configuration};
}
@@ -2366,6 +2384,7 @@ sub create_user {
my $user_uid = shift;
my $adminoverride = shift;
my $user_standalone = shift;
+ my $user_sshPublicKeys = shift;
if (!$username) {
$username = $self->data->get_user_login_id();
@@ -2386,6 +2405,11 @@ sub create_user {
$user_standalone = $self->data->get_user_standalone();
notify($ERRORS{'OK'}, 0, "user_standalone not provided, pulling
from datastructure");
}
+
+ if ( !defined($user_sshPublicKeys) ) {
+ $user_sshPublicKeys = $self->data->get_user_sshPublicKeys();
+ notify($ERRORS{'OK'}, 0, "user_sshPublicKeys not provided,
pulling from datastructure");
+ }
#adminoverride, if 0 use value from database for $imagemeta_rootaccess
# if 1 or 2 override database
@@ -2452,7 +2476,31 @@ sub create_user {
notify($ERRORS{'CRITICAL'}, 0, "failed to add $username
to /etc/sudoers");
}
} ## end if ($imagemeta_rootaccess)
-
+
+ # Add user's public ssh identity keys if exists
+ if( $user_sshPublicKeys ) {
+ #Only add keys to home directories that are local,
+ #should not add network mounted filesystems as the clean up
process will delete the key
+ my $home_network_share_cmd = "df /home/$username";
+ my ($exit_status, $output) =
$self->execute($home_network_share_cmd);
+ if(grep(/dev/, @$output)){
+ # confirm .ssh directory exists
+ # Make directory
+ my $mkdir = "mkdir /home/$username/.ssh";
+ if ($self->execute($mkdir)) {
+ notify($ERRORS{'DEBUG'}, 0, "created
/home/$username/.ssh directory");
+ }
+ #concatenate user's sshPublicKeys to authorized_keys
file
+ my $keys_cat_cmd = "echo \"$user_sshPublicKeys\" >>
/home/$username/.ssh/authorized_keys";
+ if ($self->execute($keys_cat_cmd)) {
+ notify($ERRORS{'DEBUG'}, 0, "copied public keys to
/home/$username/.ssh/authorized_keys");
+ }
+ }
+ else {
+ notify($ERRORS{'DEBUG'}, 0, "/home/$username is a
network share, skipping adding public ssh keys: @$output");
+ }
+ }
+
return 1;
} ## end sub create_user
@@ -3541,7 +3589,8 @@ sub get_firewall_configuration {
}
}
- notify($ERRORS{'DEBUG'}, 0, "retrieved firewall configuration from
$computer_node_name:\n" . format_data($firewall_configuration));
+ #The below notify statement can produce large amounts of output over
time, if needed to debug a reservation, uncomment the line
+ #notify($ERRORS{'DEBUG'}, 0, "retrieved firewall configuration from
$computer_node_name:\n" . format_data($firewall_configuration));
return $firewall_configuration;
Modified: vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm
URL:
http://svn.apache.org/viewvc/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm?rev=1456106&r1=1456105&r2=1456106&view=diff
==============================================================================
--- vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm (original)
+++ vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm Wed Mar 13
19:44:00 2013
@@ -389,7 +389,8 @@ sub get_network_configuration {
}
$self->{network_configuration} = $network_configuration;
- notify($ERRORS{'DEBUG'}, 0, "retrieved network configuration:\n" .
format_data($self->{network_configuration}));
+ #can produce large output, if you need to monitor the configuration
setting uncomment the below output statement
+ #notify($ERRORS{'DEBUG'}, 0, "retrieved network configuration:\n" .
format_data($self->{network_configuration}));
return $self->{network_configuration};
}
Modified: vcl/trunk/managementnode/lib/VCL/Module/OS/Windows.pm
URL:
http://svn.apache.org/viewvc/vcl/trunk/managementnode/lib/VCL/Module/OS/Windows.pm?rev=1456106&r1=1456105&r2=1456106&view=diff
==============================================================================
--- vcl/trunk/managementnode/lib/VCL/Module/OS/Windows.pm (original)
+++ vcl/trunk/managementnode/lib/VCL/Module/OS/Windows.pm Wed Mar 13 19:44:00
2013
@@ -5782,7 +5782,8 @@ sub get_network_configuration {
}
$self->{network_configuration} = $network_configuration;
- notify($ERRORS{'DEBUG'}, 0, "retrieved network configuration:\n" .
format_data($self->{network_configuration}));
+ #can produce large output, if you need to monitor the configuration
setting uncomment the below output statement
+ #notify($ERRORS{'DEBUG'}, 0, "retrieved network configuration:\n" .
format_data($self->{network_configuration}));
return $self->{network_configuration};
}
Modified: vcl/trunk/managementnode/lib/VCL/utils.pm
URL:
http://svn.apache.org/viewvc/vcl/trunk/managementnode/lib/VCL/utils.pm?rev=1456106&r1=1456105&r2=1456106&view=diff
==============================================================================
--- vcl/trunk/managementnode/lib/VCL/utils.pm (original)
+++ vcl/trunk/managementnode/lib/VCL/utils.pm Wed Mar 13 19:44:00 2013
@@ -162,6 +162,7 @@ our @EXPORT = qw(
insert_reload_request
insert_request
insertloadlog
+ is_IP_assigned_query
is_management_node_process_running
is_inblockrequest
is_public_ip_address
@@ -1370,7 +1371,7 @@ sub isconnected {
if ($image_os_type =~ /windows/i) {
#notify($ERRORS{'OK'},0,"checking $nodename
$ipaddress");
undef @SSHCMD;
- @SSHCMD = run_ssh_command($shortname, $identity_keys,
"netstat -an", "root", 22, 1);
+ @SSHCMD = run_ssh_command($shortname, $identity_keys,
"netstat -an", "root", 22, 0);
foreach my $line (@{$SSHCMD[1]}) {
chomp($line);
if ($line =~ /Connection refused/) {
@@ -1390,7 +1391,7 @@ sub isconnected {
} ## end if ($osname =~ /win|vmwarewin/)
elsif ($image_os_type =~ /linux/i) {
undef @SSHCMD;
- @SSHCMD = run_ssh_command($nodename, $identity_keys,
"netstat -an", "root", 22, 1);
+ @SSHCMD = run_ssh_command($nodename, $identity_keys,
"netstat -an", "root", 22, 0);
foreach my $line (@{$SSHCMD[1]}) {
chomp($line);
if ($line =~ /Warning/) {
@@ -7413,6 +7414,7 @@ EOF
if (!defined($user_info->{IMid})) {
$user_info->{IMid} = '';
}
+
# Affiliation specific changes
# Check if the user's affiliation is listed in the management node's
NOT_STANDALONE parameter
@@ -10357,6 +10359,55 @@ sub get_current_image_contents_noDS {
return @{$cat_output};
}
+#/////////////////////////////////////////////////////////////////////////////
+
+=head2 is_IP_assigned_query
+
+ Parameters : IP address
+ Returns : boolean 1=true, 0=false
+ Description : checks if IP address exists in db
+
+=cut
+
+sub is_IP_assigned_query {
+
+ my ($IPaddress) = @_;
+
+ if (!defined($IPaddress)) {
+ notify($ERRORS{'WARNING'}, 0, "IPaddress argument was not supplied");
+ return;
+ }
+
+ my $select_statement = <<EOF;
+SELECT
+computer.id AS computer_id,
+computer.hostname AS computer_hostname,
+computer.stateid AS computer_stateid,
+state.name AS state_name
+FROM computer, state
+WHERE
+computer.IPaddress = '$IPaddress' AND
+computer.stateid = state.id AND
+state.name != 'deleted' AND
+computer.vmhostid IS NOT NULL
+EOF
+
+ # Call the database select subroutine
+ my @selected_rows = database_select($select_statement);
+
+ # Check to make sure 1 row was returned
+ if (scalar @selected_rows == 0) {
+ notify($ERRORS{'OK'}, 0, "zero rows were returned from database select
statement $IPaddress is available");
+ return 0;
+ }
+ elsif (scalar @selected_rows >= 1) {
+ notify($ERRORS{'OK'}, 0, scalar @selected_rows . " rows were returned
from database select statement: $IPaddress is assigned");
+ return 1;
+ }
+
+ return 1;
+
+}
#/////////////////////////////////////////////////////////////////////////////
