svn commit: r796405 - /incubator/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm
Author: fapeeler Date: Tue Jul 21 17:43:05 2009 New Revision: 796405 URL: http://svn.apache.org/viewvc?rev=796405view=rev Log: VCL-187 added code to grant_access routine which enables the external ssh port Modified: incubator/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm Modified: incubator/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm URL: http://svn.apache.org/viewvc/incubator/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm?rev=796405r1=796404r2=796405view=diff == --- incubator/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm (original) +++ incubator/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm Tue Jul 21 17:43:05 2009 @@ -318,6 +318,40 @@ return 0; } + my $user = $self-data-get_user_login_id(); + my $computer_node_name = $self-data-get_computer_node_name(); + my $identity = $self-data-get_image_identity; + + notify($ERRORS{'OK'}, 0, In grant_access routine $user,$computer_node_name); + my @sshcmd; + my $clear_extsshd = perl -pi -e \'s/^AllowUsers .*\n//' /etc/ssh/external_sshd_config; + if(run_ssh_command($computer_node_name, $identity, $clear_extsshd, root)) { + notify($ERRORS{'DEBUG'}, 0, cleared AllowUsers directive from external_sshd_config); + } + else { + notify($ERRORS{'CRITICAL'}, 0, failed to add AllowUsers $user to external_sshd_config); + } + + my $cmd = echo \AllowUsers $user\ /etc/ssh/external_sshd_config; + if (run_ssh_command($computer_node_name, $identity, $cmd, root)) { + notify($ERRORS{'DEBUG'}, 0, added AllowUsers $user to external_sshd_config); + } + else { + notify($ERRORS{'CRITICAL'}, 0, failed to add AllowUsers $user to external_sshd_config); + return 0; + } + undef @sshcmd; + @sshcmd = run_ssh_command($computer_node_name, $identity, /etc/init.d/ext_sshd restart, root); + + foreach my $l (@{$sshcmd[1]}) { + if ($l =~ /Stopping ext_sshd:/i) { + #notify($ERRORS{'OK'},0,stopping sshd on $computer_node_name ); + } + if ($l =~ /Starting ext_sshd:[ OK ]/i) { + notify($ERRORS{'OK'}, 0, ext_sshd on $computer_node_name started); + } + }#foreach + notify($ERRORS{'OK'}, 0, started ext_sshd on $computer_node_name); return 1; }
svn commit: r796423 - /incubator/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm
Author: fapeeler Date: Tue Jul 21 18:14:16 2009 New Revision: 796423 URL: http://svn.apache.org/viewvc?rev=796423view=rev Log: VCL-187 continued improvements on the Ubuntu.pm typo in grant_access routine extended reserve routine to add $user_name to /etc/sudoers file Modified: incubator/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm Modified: incubator/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm URL: http://svn.apache.org/viewvc/incubator/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm?rev=796423r1=796422r2=796423view=diff == --- incubator/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm (original) +++ incubator/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm Tue Jul 21 18:14:16 2009 @@ -284,7 +284,7 @@ my $image_identity = $self-data-get_image_identity; my $reservation_password = $self-data-get_reservation_password(); - my $useradd_string = /usr/sbin/useradd -d /home/$user_name -m -g users $user_name; + my $useradd_string = /usr/sbin/useradd -d /home/$user_name -m -g admin $user_name; my @sshcmd = run_ssh_command($computer_node_name, $image_identity, $useradd_string, root); foreach my $l (@{$sshcmd[1]}) { @@ -308,6 +308,25 @@ notify($ERRORS{'DEBUG'}, 0, Updated the user password L is $l); } + #FIXME: This needs to pull from imagemeta data rootaccess - if rootaccess==1 then set + # Add to sudoers file + #clear user from sudoers file + my $clear_cmd = perl -pi -e 's/^$user_name .*\n//' /etc/sudoers; + if(run_ssh_command($computer_node_name, $image_identity, $clear_cmd, root)) { + notify($ERRORS{'DEBUG'}, 0, cleared $user_name from /etc/sudoers); + } + else { + notify($ERRORS{'CRITICAL'}, 0, failed to clear $user_name from /etc/sudoers); + } + my $sudoers_cmd = echo \$user_name ALL= NOPASSWD: ALL\ /etc/sudoers; + if(run_ssh_command($computer_node_name, $image_identity, $sudoers_cmd, root)) { + notify($ERRORS{'DEBUG'}, 0, added $user_name to /etc/sudoers); + } + else { + notify($ERRORS{'CRITICAL'}, 0, failed to add $user_name to /etc/sudoers); + } + + return 1; } @@ -324,7 +343,7 @@ notify($ERRORS{'OK'}, 0, In grant_access routine $user,$computer_node_name); my @sshcmd; - my $clear_extsshd = perl -pi -e \'s/^AllowUsers .*\n//' /etc/ssh/external_sshd_config; + my $clear_extsshd = perl -pi -e 's/^AllowUsers .*\n//' /etc/ssh/external_sshd_config; if(run_ssh_command($computer_node_name, $identity, $clear_extsshd, root)) { notify($ERRORS{'DEBUG'}, 0, cleared AllowUsers directive from external_sshd_config); }
svn commit: r796472 - /incubator/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm
Author: fapeeler Date: Tue Jul 21 18:55:15 2009 New Revision: 796472 URL: http://svn.apache.org/viewvc?rev=796472view=rev Log: VCL-187 Added check for image profile root access allowed cleaned up delete_user routine added step to remove user from sudoers ran perltidy Modified: incubator/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm Modified: incubator/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm URL: http://svn.apache.org/viewvc/incubator/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm?rev=796472r1=796471r2=796472view=diff == --- incubator/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm (original) +++ incubator/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm Tue Jul 21 18:55:15 2009 @@ -198,6 +198,8 @@ return 0; } + my $imagemeta_rootaccess = $self-data-get_imagemeta_rootaccess(); + # Use userdel to delete the user my $user_delete_command = /usr/sbin/userdel $user_login_id; my @user_delete_results = run_ssh_command($computer_node_name, $IDENTITY_bladerhel, $user_delete_command, root); @@ -208,64 +210,30 @@ } } - # User successfully deleted - # Remove user from sshd config - my $external_sshd_config_path = $computer_node_name:/etc/ssh/external_sshd_config; - my $external_sshd_config_temp_path = /tmp/$computer_node_name.sshd; - - # Retrieve the node's external_sshd_config file - if (run_scp_command($external_sshd_config_path, $external_sshd_config_temp_path, $IDENTITY_bladerhel)) { - notify($ERRORS{'DEBUG'}, 0, retrieved $external_sshd_config_path); + #Clear user from external_sshd_config + my $clear_extsshd = perl -pi -e 's/^AllowUsers .*\n//' /etc/ssh/external_sshd_config; + if (run_ssh_command($computer_node_name, $identity, $clear_extsshd, root)) { + notify($ERRORS{'DEBUG'}, 0, cleared AllowUsers directive from external_sshd_config); } else { - notify($ERRORS{'WARNING'}, 0, sshd config not cleaned up, failed to retrieve $external_sshd_config_path); - return 0; + notify($ERRORS{'CRITICAL'}, 0, failed to add AllowUsers $user to external_sshd_config); } - # Remove user from sshd config file - # Get the contents of the sshd config file - if (open(SSHD_CFG_TEMP, $external_sshd_config_temp_path)) { - my @external_sshd_config_lines = SSHD_CFG_TEMP; - close SSHD_CFG_TEMP; - - # Loop through the lines, clear out AllowUsers lines - foreach my $external_sshd_config_line (@external_sshd_config_lines) { - $external_sshd_config_line = if ($external_sshd_config_line =~ /AllowUsers/); - } + #Clear user from sudoers - # Rewrite the temp sshd config file with the modified contents - if (open(SSHD_CFG_TEMP, $external_sshd_config_temp_path)) { - print SSHD_CFG_TEMP @external_sshd_config_lines; - close SSHD_CFG_TEMP; + if ($imagemeta_rootaccess) { + #clear user from sudoers file + my $clear_cmd = perl -pi -e 's/^$user_name .*\n//' /etc/sudoers; + if (run_ssh_command($computer_node_name, $image_identity, $clear_cmd, root)) { + notify($ERRORS{'DEBUG'}, 0, cleared $user_name from /etc/sudoers); } - - # Copy the modified file back to the node - if (run_scp_command($external_sshd_config_temp_path, $external_sshd_config_path, $IDENTITY_bladerhel)) { - notify($ERRORS{'DEBUG'}, 0, modified file copied back to node: $external_sshd_config_path); - - # Delete the temp file - unlink $external_sshd_config_temp_path; - - # Restart external sshd - if (run_ssh_command($computer_node_name, $IDENTITY_bladerhel, /etc/init.d/ext_sshd restart)) { - notify($ERRORS{'DEBUG'}, 0, restarted ext_sshd on $computer_node_name); - } - - return 1; - } ## end if (run_scp_command($external_sshd_config_temp_path... else { - notify($ERRORS{'WARNING'}, 0, failed to copy modified file back to node: $external_sshd_config_path); + notify($ERRORS{'CRITICAL'}, 0, failed to clear $user_name from /etc/sudoers); + } + } ## end if ($imagemeta_rootaccess) - # Delete the temp file - unlink $external_sshd_config_temp_path; + return 1; - return 0; - } - } ## end if (open(SSHD_CFG_TEMP,