Re: utils.pm::check_connection()
Looks OK to me. I also just realized reserved.pm isn't using the DataStructure object, but the old $request_data->{} hash. I'll work on this in the near future. -Andy Andrew Brown wrote: We've made your suggested change, and verified that it works. Below is the exact change we made. Brian has just created issue VCL-101 for this, and unless there are any objections, we'll commit this patch. This still doesn't address the issue with netstat and the invalid regex, but at least logged in users are detected now with the who command when imaging. -Andrew Index: reserved.pm === --- reserved.pm (revision 750099) +++ reserved.pm (working copy) @@ -417,12 +417,12 @@ notify($ERRORS{'OK'}, 0, "checkuser flag is set to 1, checking user connection"); # Check for the normal user ID if this isn't an imaging request # Check for "administrator" if this is an imaging request - if ($request_forimaging) { - notify($ERRORS{'OK'}, 0, "forimaging flag is set to 1, checking for connection by administrator"); + if ($request_forimaging && $image_os_name =~ /win|vmwarewin/) { + notify($ERRORS{'OK'}, 0, "forimaging flag is set to 1 and imageosname is $image_os_name, checking for connection by administrator"); $retval_conn = check_connection($nodename, $computer_ip_address, $computer_type, $remote_ip, $time_limit, $image_os_name, 0, $request_id, "administrator",$image_os_type); } else { - notify($ERRORS{'OK'}, 0, "forimaging flag is set to 0, checking for connection by $user_unityid"); + notify($ERRORS{'OK'}, 0, "forimaging flag is set to $request_forimaging and imageosname is $image_os_name, checking for connection by $user_unityid"); $retval_conn = check_connection($nodename, $computer_ip_address, $computer_type, $remote_ip, $time_limit, $image_os_name, 0, $request_id, $user_unityid,$image_os_type); } } ## end else [ if (!$imagemeta_checkuser) -- Andy Kurth Virtual Computing Lab Office of Information Technology North Carolina State University andy_ku...@ncsu.edu 919.513.4090
Re: utils.pm::check_connection()
> > Problem 2) When a reservation is made, VCL gives us a username, password, >> and an IP to log in with. We logon to the web portal with the 'admin' >> username, but when VCL goes to determine if the user has logged in yet, it >> checks for the user "administrator". Why are they different? How do we get >> it to use the same username that was given to the user? >> > > This is due to the bug I noted earlier. If you make a Windows imaging > reservation, the username is always Administrator. If you make a Linux > imaging reservation, the username is always the normal reservation login > name (user.unityid). > We've made your suggested change, and verified that it works. Below is the exact change we made. Brian has just created issue VCL-101 for this, and unless there are any objections, we'll commit this patch. This still doesn't address the issue with netstat and the invalid regex, but at least logged in users are detected now with the who command when imaging. -Andrew Index: reserved.pm === --- reserved.pm (revision 750099) +++ reserved.pm (working copy) @@ -417,12 +417,12 @@ notify($ERRORS{'OK'}, 0, "checkuser flag is set to 1, checking user connection"); # Check for the normal user ID if this isn't an imaging request # Check for "administrator" if this is an imaging request - if ($request_forimaging) { - notify($ERRORS{'OK'}, 0, "forimaging flag is set to 1, checking for connection by administrator"); + if ($request_forimaging && $image_os_name =~ /win|vmwarewin/) { + notify($ERRORS{'OK'}, 0, "forimaging flag is set to 1 and imageosname is $image_os_name, checking for connection by administrator"); $retval_conn = check_connection($nodename, $computer_ip_address, $computer_type, $remote_ip, $time_limit, $image_os_name, 0, $request_id, "administrator",$image_os_type); } else { - notify($ERRORS{'OK'}, 0, "forimaging flag is set to 0, checking for connection by $user_unityid"); + notify($ERRORS{'OK'}, 0, "forimaging flag is set to $request_forimaging and imageosname is $image_os_name, checking for connection by $user_unityid"); $retval_conn = check_connection($nodename, $computer_ip_address, $computer_type, $remote_ip, $time_limit, $image_os_name, 0, $request_id, $user_unityid,$image_os_type); } } ## end else [ if (!$imagemeta_checkuser)
Re: utils.pm::check_connection()
I don't think we can/should depend on the 'who' output. I've experienced some cases where 'who' cmd reported someone, but in-fact no-one was connected. Maybe it's due to a zombie or orphaned process, I don't know. But in any case I think the best thing is to first update the regex to handle the case brought up, then plan moving to the OS modules - if needed. Aaron --On February 12, 2009 4:54:56 PM -0500 Andy Kurth wrote: Thanks for figuring out why the regex wasn't working. You're right, check_connection() needs to be modularized and moved to OS modules. Brian Bouterse wrote: Problem 1) The linux portions of the utils.pm::check_connection() function currently use two checks, one 'netstat' command check and one 'who' command check. With IPv6 hosts, the netstat returned lines don't look the same, therefore the regex on the netstat return doesn't stand a chance of working. I'm concerned that this type of regex is a losing battle. What do you all think? The who seems to work more reliable, could we just take netstat out? Seems fine to me but modifications to the 'who' output checking will need to be done. check_connection() is currently only searching the 'who' output for the reservation username. netstat is checking for any established connection to port 22. If 'who' is the only method used, I think you would need to check its output for *any* logged in user. An example where it would certainly fail if the current 'who' code was used alone would be for images configured with user groups. Anyone in the user group may be logged in rather than the reservation user. It wouldn't catch this. We definitely want to error on the lenient side. It may be safer to keep both but loosen up the regex to something like this: /tcp.*($ipaddress:22)\s+.*(ESTABLISHED)/ Problem 2) When a reservation is made, VCL gives us a username, password, and an IP to log in with. We logon to the web portal with the 'admin' username, but when VCL goes to determine if the user has logged in yet, it checks for the user "administrator". Why are they different? How do we get it to use the same username that was given to the user? This is due to the bug I noted earlier. If you make a Windows imaging reservation, the username is always Administrator. If you make a Linux imaging reservation, the username is always the normal reservation login name (user.unityid). reserved.pm is only checking the forimaging flag in order to determine which username to pass to check_connection(). It should be checking both the forimaging flag and the OS. Current (bad): if ($forimaging==1) { check_connection(user='Administrator'); } else { check_connection(user=$user_unityid); } Should be: if ($forimaging==1 && OS==Windows) { check_connection(user='Administrator'); } else { check_connection(user=$user_unityid); } Hope this helps, Andy Aaron Peeler OIT Advanced Computing College of Engineering-NCSU 919.513.4571 http://vcl.ncsu.edu
Re: utils.pm::check_connection()
Thanks for figuring out why the regex wasn't working. You're right, check_connection() needs to be modularized and moved to OS modules. Brian Bouterse wrote: Problem 1) The linux portions of the utils.pm::check_connection() function currently use two checks, one 'netstat' command check and one 'who' command check. With IPv6 hosts, the netstat returned lines don't look the same, therefore the regex on the netstat return doesn't stand a chance of working. I'm concerned that this type of regex is a losing battle. What do you all think? The who seems to work more reliable, could we just take netstat out? Seems fine to me but modifications to the 'who' output checking will need to be done. check_connection() is currently only searching the 'who' output for the reservation username. netstat is checking for any established connection to port 22. If 'who' is the only method used, I think you would need to check its output for *any* logged in user. An example where it would certainly fail if the current 'who' code was used alone would be for images configured with user groups. Anyone in the user group may be logged in rather than the reservation user. It wouldn't catch this. We definitely want to error on the lenient side. It may be safer to keep both but loosen up the regex to something like this: /tcp.*($ipaddress:22)\s+.*(ESTABLISHED)/ Problem 2) When a reservation is made, VCL gives us a username, password, and an IP to log in with. We logon to the web portal with the 'admin' username, but when VCL goes to determine if the user has logged in yet, it checks for the user "administrator". Why are they different? How do we get it to use the same username that was given to the user? This is due to the bug I noted earlier. If you make a Windows imaging reservation, the username is always Administrator. If you make a Linux imaging reservation, the username is always the normal reservation login name (user.unityid). reserved.pm is only checking the forimaging flag in order to determine which username to pass to check_connection(). It should be checking both the forimaging flag and the OS. Current (bad): if ($forimaging==1) { check_connection(user='Administrator'); } else { check_connection(user=$user_unityid); } Should be: if ($forimaging==1 && OS==Windows) { check_connection(user='Administrator'); } else { check_connection(user=$user_unityid); } Hope this helps, Andy
Re: utils.pm::check_connection()
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tuesday February 10, 2009, Brian Bouterse wrote: > An aside question Why do we require VCL to be aware of when the > users connect in the first place? What if I want to reserve a server > instance, but never want to SSH into it. Currently, VCL would not > allow that use case because of these additional checks. All I can answer is the aside; so, I cut the rest out. The reason for the user check is limited resources. We don't want users making a reservation for 4 hours, using it for 30 minutes, and then leaving it sitting there unused for 3.5 hours. You can disable the user checks for the "server instance" case you brought up by going to Manage Images->Edit Image Profiles->Edit (for the desired image)->Advanced Options and set "Check for logged in user" to no. However, even in this case, the user still needs to click the Connect button at least once for that reservation. Josh - -- - --- Josh Thompson Systems Programmer Virtual Computing Lab (VCL) North Carolina State University josh_thomp...@ncsu.edu 919-515-5323 my GPG/PGP key can be found at pgp.mit.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFJkfXXV/LQcNdtPQMRAv3qAJ9HC+FA0UlG6BDjfE+JIGsIl6/K/wCeNVCL 9OXQdWbrcZZDj6fAcabJPvc= =oDaU -END PGP SIGNATURE-