date:20090721

svn commit: r796405 - /incubator/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm

2009-07-21 Thread fapeeler

Author: fapeeler
Date: Tue Jul 21 17:43:05 2009
New Revision: 796405

URL: http://svn.apache.org/viewvc?rev=796405view=rev
Log:
VCL-187

added code to grant_access routine which enables the external ssh port

Modified:
incubator/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm

Modified: incubator/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm
URL: 
http://svn.apache.org/viewvc/incubator/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm?rev=796405r1=796404r2=796405view=diff
==
--- incubator/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm 
(original)
+++ incubator/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm Tue 
Jul 21 17:43:05 2009
@@ -318,6 +318,40 @@
return 0;
}
 
+   my $user = $self-data-get_user_login_id();
+   my $computer_node_name = $self-data-get_computer_node_name();
+   my $identity = $self-data-get_image_identity;
+
+   notify($ERRORS{'OK'}, 0, In grant_access routine 
$user,$computer_node_name);
+   my @sshcmd;
+   my $clear_extsshd = perl -pi -e \'s/^AllowUsers .*\n//' 
/etc/ssh/external_sshd_config;
+   if(run_ssh_command($computer_node_name, $identity, $clear_extsshd, 
root)) {
+   notify($ERRORS{'DEBUG'}, 0, cleared AllowUsers directive from 
external_sshd_config);
+   }
+   else {
+   notify($ERRORS{'CRITICAL'}, 0, failed to add AllowUsers $user 
to external_sshd_config);
+   }
+
+   my $cmd = echo \AllowUsers $user\  /etc/ssh/external_sshd_config;
+   if (run_ssh_command($computer_node_name, $identity, $cmd, root)) {
+   notify($ERRORS{'DEBUG'}, 0, added AllowUsers $user to 
external_sshd_config);
+   }
+   else {
+   notify($ERRORS{'CRITICAL'}, 0, failed to add AllowUsers $user 
to external_sshd_config);
+   return 0;
+   }
+   undef @sshcmd;
+   @sshcmd = run_ssh_command($computer_node_name, $identity, 
/etc/init.d/ext_sshd restart, root);
+
+   foreach my $l (@{$sshcmd[1]}) {
+   if ($l =~ /Stopping ext_sshd:/i) {
+   #notify($ERRORS{'OK'},0,stopping sshd on 
$computer_node_name );
+   }
+   if ($l =~ /Starting ext_sshd:[  OK  ]/i) {
+   notify($ERRORS{'OK'}, 0, ext_sshd on 
$computer_node_name started);
+   }
+   }#foreach
+   notify($ERRORS{'OK'}, 0, started ext_sshd on $computer_node_name);
return 1;
 }

svn commit: r796423 - /incubator/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm

2009-07-21 Thread fapeeler

Author: fapeeler
Date: Tue Jul 21 18:14:16 2009
New Revision: 796423

URL: http://svn.apache.org/viewvc?rev=796423view=rev
Log:
VCL-187

continued improvements on the Ubuntu.pm

typo in grant_access routine

extended reserve routine to add $user_name to /etc/sudoers file



Modified:
incubator/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm

Modified: incubator/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm
URL: 
http://svn.apache.org/viewvc/incubator/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm?rev=796423r1=796422r2=796423view=diff
==
--- incubator/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm 
(original)
+++ incubator/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm Tue 
Jul 21 18:14:16 2009
@@ -284,7 +284,7 @@
my $image_identity = $self-data-get_image_identity;
my $reservation_password = $self-data-get_reservation_password();
 
-   my $useradd_string = /usr/sbin/useradd -d /home/$user_name -m -g users 
$user_name;
+   my $useradd_string = /usr/sbin/useradd -d /home/$user_name -m -g admin 
$user_name;
 
my @sshcmd = run_ssh_command($computer_node_name, $image_identity, 
$useradd_string, root);
foreach my $l (@{$sshcmd[1]}) {
@@ -308,6 +308,25 @@
notify($ERRORS{'DEBUG'}, 0, Updated the user password  L 
is $l);
}
 
+   #FIXME: This needs to pull from imagemeta data rootaccess - if 
rootaccess==1 then set
+   # Add to sudoers file
+   #clear user from sudoers file
+   my $clear_cmd = perl -pi -e 's/^$user_name .*\n//' /etc/sudoers;
+   if(run_ssh_command($computer_node_name, $image_identity, $clear_cmd, 
root)) {
+   notify($ERRORS{'DEBUG'}, 0, cleared $user_name from 
/etc/sudoers);
+   }
+   else {
+   notify($ERRORS{'CRITICAL'}, 0, failed to clear $user_name from 
/etc/sudoers);
+   }
+   my $sudoers_cmd = echo \$user_name ALL= NOPASSWD: ALL\  
/etc/sudoers;
+   if(run_ssh_command($computer_node_name, $image_identity, $sudoers_cmd, 
root)) {
+   notify($ERRORS{'DEBUG'}, 0, added $user_name to /etc/sudoers);
+   }
+   else {
+   notify($ERRORS{'CRITICAL'}, 0, failed to add $user_name to 
/etc/sudoers);
+   }
+
+
return 1;
 }
 
@@ -324,7 +343,7 @@
 
notify($ERRORS{'OK'}, 0, In grant_access routine 
$user,$computer_node_name);
my @sshcmd;
-   my $clear_extsshd = perl -pi -e \'s/^AllowUsers .*\n//' 
/etc/ssh/external_sshd_config;
+   my $clear_extsshd = perl -pi -e 's/^AllowUsers .*\n//' 
/etc/ssh/external_sshd_config;
if(run_ssh_command($computer_node_name, $identity, $clear_extsshd, 
root)) {
notify($ERRORS{'DEBUG'}, 0, cleared AllowUsers directive from 
external_sshd_config);
}

svn commit: r796472 - /incubator/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm

2009-07-21 Thread fapeeler

Author: fapeeler
Date: Tue Jul 21 18:55:15 2009
New Revision: 796472

URL: http://svn.apache.org/viewvc?rev=796472view=rev
Log:
VCL-187

Added check for image profile root access allowed

cleaned up delete_user routine added step to remove user from sudoers

ran perltidy


Modified:
incubator/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm

Modified: incubator/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm
URL: 
http://svn.apache.org/viewvc/incubator/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm?rev=796472r1=796471r2=796472view=diff
==
--- incubator/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm 
(original)
+++ incubator/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm Tue 
Jul 21 18:55:15 2009
@@ -198,6 +198,8 @@
return 0;
}
 
+   my $imagemeta_rootaccess = $self-data-get_imagemeta_rootaccess();
+
# Use userdel to delete the user
my $user_delete_command = /usr/sbin/userdel $user_login_id;
my @user_delete_results = run_ssh_command($computer_node_name, 
$IDENTITY_bladerhel, $user_delete_command, root);
@@ -208,64 +210,30 @@
}
}
 
-   # User successfully deleted
-   # Remove user from sshd config
-   my $external_sshd_config_path  = 
$computer_node_name:/etc/ssh/external_sshd_config;
-   my $external_sshd_config_temp_path = /tmp/$computer_node_name.sshd;
-
-   # Retrieve the node's external_sshd_config file
-   if (run_scp_command($external_sshd_config_path, 
$external_sshd_config_temp_path, $IDENTITY_bladerhel)) {
-   notify($ERRORS{'DEBUG'}, 0, retrieved 
$external_sshd_config_path);
+   #Clear user from external_sshd_config
+   my $clear_extsshd = perl -pi -e 's/^AllowUsers .*\n//' 
/etc/ssh/external_sshd_config;
+   if (run_ssh_command($computer_node_name, $identity, $clear_extsshd, 
root)) {
+   notify($ERRORS{'DEBUG'}, 0, cleared AllowUsers directive from 
external_sshd_config);
}
else {
-   notify($ERRORS{'WARNING'}, 0, sshd config not cleaned up, 
failed to retrieve $external_sshd_config_path);
-   return 0;
+   notify($ERRORS{'CRITICAL'}, 0, failed to add AllowUsers $user 
to external_sshd_config);
}
 
-   # Remove user from sshd config file
-   # Get the contents of the sshd config file
-   if (open(SSHD_CFG_TEMP, $external_sshd_config_temp_path)) {
-   my @external_sshd_config_lines = SSHD_CFG_TEMP;
-   close SSHD_CFG_TEMP;
-
-   # Loop through the lines, clear out AllowUsers lines
-   foreach my $external_sshd_config_line 
(@external_sshd_config_lines) {
-   $external_sshd_config_line =  if 
($external_sshd_config_line =~ /AllowUsers/);
-   }
+   #Clear user from sudoers
 
-   # Rewrite the temp sshd config file with the modified contents
-   if (open(SSHD_CFG_TEMP, $external_sshd_config_temp_path)) {
-   print SSHD_CFG_TEMP @external_sshd_config_lines;
-   close SSHD_CFG_TEMP;
+   if ($imagemeta_rootaccess) {
+   #clear user from sudoers file
+   my $clear_cmd = perl -pi -e 's/^$user_name .*\n//' 
/etc/sudoers;
+   if (run_ssh_command($computer_node_name, $image_identity, 
$clear_cmd, root)) {
+   notify($ERRORS{'DEBUG'}, 0, cleared $user_name from 
/etc/sudoers);
}
-
-   # Copy the modified file back to the node
-   if (run_scp_command($external_sshd_config_temp_path, 
$external_sshd_config_path, $IDENTITY_bladerhel)) {
-   notify($ERRORS{'DEBUG'}, 0, modified file copied back 
to node: $external_sshd_config_path);
-
-   # Delete the temp file
-   unlink $external_sshd_config_temp_path;
-
-   # Restart external sshd
-   if (run_ssh_command($computer_node_name, 
$IDENTITY_bladerhel, /etc/init.d/ext_sshd restart)) {
-   notify($ERRORS{'DEBUG'}, 0, restarted ext_sshd 
on $computer_node_name);
-   }
-
-   return 1;
-   } ## end if (run_scp_command($external_sshd_config_temp_path...
else {
-   notify($ERRORS{'WARNING'}, 0, failed to copy modified 
file back to node: $external_sshd_config_path);
+   notify($ERRORS{'CRITICAL'}, 0, failed to clear 
$user_name from /etc/sudoers);
+   }
+   } ## end if ($imagemeta_rootaccess)
 
-   # Delete the temp file
-   unlink $external_sshd_config_temp_path;
+   return 1;
 
-   return 0;
-   }
-   } ## end if (open(SSHD_CFG_TEMP,

svn commit: r796405 - /incubator/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm

svn commit: r796423 - /incubator/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm

svn commit: r796472 - /incubator/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm

3 matches

Site Navigation

Mail list logo

Footer information