Author: fapeeler
Date: Tue May 14 16:38:00 2013
New Revision: 1482439
URL: http://svn.apache.org/r1482439
Log:
VCL-692
moved updating external_sshd.config to create_user routine
removed code related to updating updating AllowUsers
Modified:
vcl/trunk/managementnode/lib/VCL/Module/OS.pm
vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm
Modified: vcl/trunk/managementnode/lib/VCL/Module/OS.pm
URL:
http://svn.apache.org/viewvc/vcl/trunk/managementnode/lib/VCL/Module/OS.pm?rev=1482439&r1=1482438&r2=1482439&view=diff
==============================================================================
--- vcl/trunk/managementnode/lib/VCL/Module/OS.pm (original)
+++ vcl/trunk/managementnode/lib/VCL/Module/OS.pm Tue May 14 16:38:00 2013
@@ -2504,7 +2504,6 @@ sub manage_server_access {
my @userlist_admin;
my @userlist_login;
my %user_hash;
- my $allow_list = $user_login_id_owner;
if ($server_request_admingroupid) {
@userlist_admin =
getusergroupmembers($server_request_admingroupid);
@@ -2559,11 +2558,8 @@ sub manage_server_access {
next if (!($userid));
#Skip reservation owner, this account is processed in the new
and reserved states
if ($userid eq $user_id_owner) {
- #Add owner's login id if does not already exist
- $allow_list .= " $user_login_id_owner" if ($allow_list !~
/$user_login_id_owner/) ;
next;
}
- #my $standalone = 0;
my $standalone = $user_hash{$userid}{user_info}{STANDALONE};
if(!$self->user_exists($user_hash{$userid}{username})){
@@ -2571,16 +2567,6 @@ sub manage_server_access {
}
if(!exists($res_accounts{$userid}) || $request_laststate_name
eq "reinstall" ){
- # check affiliation
- notify($ERRORS{'DEBUG'}, 0, "checking affiliation for
$userid");
- #my $affiliation_name =
get_user_affiliation($user_hash{$userid}{vcl_user_id});
- #if(defined($affiliation_name)) {
-
- # if(!(grep(/$affiliation_name/, split(/,/,
$not_standalone_list) ))) {
- # $standalone = 1;
- # }
- #}
-
if($request_laststate_name ne "reinstall" ){
$user_hash{$userid}{"passwd"} = 0;
# Generate password if linux and standalone
affiliation
@@ -2613,23 +2599,17 @@ sub manage_server_access {
else {
notify($ERRORS{'WARNING'}, 0, "Failed to create
user on $computer_node_name ");
}
-
- $allow_list .= " $user_hash{$userid}{username}";
-
}
else {
notify($ERRORS{'DEBUG'}, 0, "$userid exists in
reservationaccounts table, assuming it exists on OS");
}
-
}
#Remove anyone listed in reservationaccounts list that is not in
user_hash
foreach my $res_userid (sort keys %res_accounts) {
notify($ERRORS{'OK'}, 0, "res_userid= $res_userid username=
$res_accounts{$res_userid}{username}");
- #Skip reservation owner, this account is processed in the new
and reserved states
+ #Skip reservation owner, this account is not to be removed from
the reservation.
if ($res_userid eq $user_login_id_owner) {
- #Add owner's login id if it does not already exist
- $allow_list .= " $user_login_id_owner" if ($allow_list !~
/$user_login_id_owner/) ;
#Skip group checks as the owner may not be a member
next;
}
@@ -2645,23 +2625,10 @@ sub manage_server_access {
}
next;
}
- $allow_list .= " $res_accounts{$res_userid}{username}";
- }
-
- notify($ERRORS{'OK'}, 0, "allow_list= $allow_list");
-
- $self->data->set_server_allow_users($allow_list);
-
- if ($self->can("update_server_access") ) {
- if ( $self->update_server_access($allow_list) ) {
- notify($ERRORS{'OK'}, 0, "updated remote access list");
- }
}
return 1;
-
}
-
#/////////////////////////////////////////////////////////////////////////////
=head2 process_connect_methods
Modified: vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm
URL:
http://svn.apache.org/viewvc/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm?rev=1482439&r1=1482438&r2=1482439&view=diff
==============================================================================
--- vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm (original)
+++ vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm Tue May 14 16:38:00 2013
@@ -962,8 +962,16 @@ sub delete_user {
my $imagemeta_rootaccess = $self->data->get_imagemeta_rootaccess();
- # Remove AllowUsers lines from external_sshd_config
- $self->remove_lines_from_file('/etc/ssh/external_sshd_config',
'AllowUsers') || return;
+ # Remove user from external_sshd_config
+ my $rem_user_sshd_cmd = "sed -i -e \"/AllowUsers/s/$user_login_id//\"
/etc/ssh/external_sshd_config";
+ if ($self->execute($rem_user_sshd_cmd)) {
+ if (!$self->restart_service("ext_sshd")) {
+ notify($ERRORS{'WARNING'}, 0, "failed to restart ext_sshd service on
$computer_node_name after updating /etc/ssh/external_sshd_config");
+ }
+ }
+ else {
+ notify($ERRORS{'WARNING'}, 0, "Failed to remove user_login_id
from external_sshd_config");
+ }
# Remove lines from sudoers
$self->remove_lines_from_file('/etc/sudoers', "^$user_login_id .*") ||
return;
@@ -997,6 +1005,16 @@ sub reserve {
my $imagemeta_rootaccess = $self->data->get_imagemeta_rootaccess();
my $user_uid = $self->data->get_user_uid();
+ # Remove AllowUsers lines from external_sshd_config
+ if($self->remove_lines_from_file('/etc/ssh/external_sshd_config',
'AllowUsers')) {
+ notify($ERRORS{'WARNING'}, 0, "Error in cleaning AllowUsers
directive from external_sshd_config");
+ }
+
+ # Append AllowUsers line to the end of the file
+ if (!$self->append_text_file('/etc/ssh/external_sshd_config',
"AllowUsers \n")) {
+ notify($ERRORS{'WARNING'}, 0, "Error in appending AllowUsers
directive to external_sshd_config");
+ }
+
if ($self->add_vcl_usergroup()) {
}
@@ -1031,37 +1049,6 @@ sub grant_access {
my $computer_node_name = $self->data->get_computer_node_name();
my $server_request_id = $self->data->get_server_request_id();
- my $ext_sshd_config_file_path = '/etc/ssh/external_sshd_config';
-
- # Remove all AllowUsers lines from external_sshd_config
- if (!$self->remove_lines_from_file($ext_sshd_config_file_path,
'AllowUsers')) {
- notify($ERRORS{'WARNING'}, 0, "unable to grant access to
$computer_node_name, existing AllowUsers lines could not be removed from
$ext_sshd_config_file_path");
- return;
- }
-
- # Assemble the list of usernames to add to the AllowUsers line
- my $allow_users = $user_login_id;
-
- if ($server_request_id) {
- my $server_allow_user_list =
$self->data->get_server_allow_users();
- if ($server_allow_user_list) {
- notify($ERRORS{'DEBUG'}, 0, "server allow user list:
$server_allow_user_list");
- $allow_users .= " $server_allow_user_list";
- }
- }
-
- # Append AllowUsers line to the end of the file
- if (!$self->append_text_file($ext_sshd_config_file_path, "AllowUsers
$allow_users\n")) {
- notify($ERRORS{'WARNING'}, 0, "unable to grant access to
$computer_node_name, failed to add AllowUsers line $ext_sshd_config_file_path");
- return;
- }
-
- # Restart the ext_sshd service
- if (!$self->restart_service('ext_sshd')) {
- notify($ERRORS{'WARNING'}, 0, "unable to grant access to
$computer_node_name, failed to restart ext_sshd service after configuring
AllowUsers lines");
- return;
- }
-
# Process the connection methods, allow firewall access from any address
if ($self->process_connect_methods("", 1)) {
notify($ERRORS{'DEBUG'}, 0, "processed connection methods on
$computer_node_name setting 0.0.0.0 for all allowed ports");
@@ -2451,6 +2438,17 @@ sub create_user {
}
}
+ # Add user to external_sshd_config
+ my $add_user_sshd_cmd = "sed -i -e \"/AllowUsers/s/\$/ $username/\"
/etc/ssh/external_sshd_config";
+ if ($self->execute($add_user_sshd_cmd)) {
+ if (!$self->restart_service("ext_sshd")) {
+ notify($ERRORS{'WARNING'}, 0, "failed to restart
ext_sshd service on $computer_node_name after updating
/etc/ssh/external_sshd_config");
+ }
+ }
+ else {
+ notify($ERRORS{'CRITICAL'}, 0, "Failed to add username to
external_sshd_config");
+ }
+
if ($user_standalone) {
notify($ERRORS{'DEBUG'}, 0, "Standalone user setting single-use
password");
@@ -2508,55 +2506,6 @@ sub create_user {
} ## end sub create_user
#/////////////////////////////////////////////////////////////////////////////
-
-=head2 update_server_access
-
- Parameters :
- Returns :
- Description :
-
-=cut
-
-sub update_server_access {
- my ($self) = shift;
- if (ref($self) !~ /linux/i) {
- notify($ERRORS{'CRITICAL'}, 0, "subroutine was called as a
function, it must be called as a class method");
- return;
- }
-
- my $server_allow_user_list = shift ||
$self->data->get_server_allow_users();
-
- my $computer_node_name = $self->data->get_computer_node_name();
-
- my $ext_sshd_config_file_path = '/etc/ssh/external_sshd_config';
-
- if (!$server_allow_user_list) {
- notify($ERRORS{'DEBUG'}, 0, "$ext_sshd_config_file_path
AllowUsers setting not altered, server allow users list is empty");
- return 1;
- }
-
- # Remove all AllowUsers lines from external_sshd_config
- if (!$self->remove_lines_from_file($ext_sshd_config_file_path,
'AllowUsers')) {
- notify($ERRORS{'WARNING'}, 0, "unable to update server access
on $computer_node_name, failed to remove existing AllowUsers lines from
$ext_sshd_config_file_path");
- return;
- }
-
- # Add AllowUsers line to the end of the file
- if (!$self->append_text_file($ext_sshd_config_file_path, "AllowUsers
$server_allow_user_list\n")) {
- notify($ERRORS{'WARNING'}, 0, "unable to update server access
on $computer_node_name, failed to add line to $ext_sshd_config_file_path:
AllowUsers $server_allow_user_list");
- return;
- }
-
- if (!$self->restart_service("ext_sshd")) {
- notify($ERRORS{'WARNING'}, 0, "failed to restart ext_sshd
service on $computer_node_name after updating $ext_sshd_config_file_path");
- return;
- }
-
- return 1;
-}
-
-#/////////////////////////////////////////////////////////////////////////////
-
=head2 enable_dhcp
Parameters : $interface_name (optional)
