Re: utils.pm::check_connection()
Looks OK to me. I also just realized reserved.pm isn't using the DataStructure
object, but the old $request_data->{} hash. I'll work on this in the near future.
-Andy
Andrew Brown wrote:
We've made your suggested change, and verified that it works. Below is the
exact change we made. Brian has just created issue VCL-101 for this, and
unless there are any objections, we'll commit this patch.
This still doesn't address the issue with netstat and the invalid regex, but
at least logged in users are detected now with the who command when imaging.
-Andrew
Index: reserved.pm
===
--- reserved.pm (revision 750099)
+++ reserved.pm (working copy)
@@ -417,12 +417,12 @@
notify($ERRORS{'OK'}, 0, "checkuser flag is set to 1,
checking user connection");
# Check for the normal user ID if this isn't an imaging
request
# Check for "administrator" if this is an imaging request
- if ($request_forimaging) {
- notify($ERRORS{'OK'}, 0, "forimaging flag is set to
1, checking for connection by administrator");
+ if ($request_forimaging && $image_os_name =~
/win|vmwarewin/) {
+ notify($ERRORS{'OK'}, 0, "forimaging flag is set to
1 and imageosname is $image_os_name, checking for connection by
administrator");
$retval_conn = check_connection($nodename,
$computer_ip_address, $computer_type, $remote_ip, $time_limit,
$image_os_name, 0, $request_id, "administrator",$image_os_type);
}
else {
- notify($ERRORS{'OK'}, 0, "forimaging flag is set to
0, checking for connection by $user_unityid");
+ notify($ERRORS{'OK'}, 0, "forimaging flag is set to
$request_forimaging and imageosname is $image_os_name, checking for
connection by $user_unityid");
$retval_conn = check_connection($nodename,
$computer_ip_address, $computer_type, $remote_ip, $time_limit,
$image_os_name, 0, $request_id, $user_unityid,$image_os_type);
}
} ## end else [ if (!$imagemeta_checkuser)
--
Andy Kurth
Virtual Computing Lab
Office of Information Technology
North Carolina State University
andy_ku...@ncsu.edu
919.513.4090
Re: utils.pm::check_connection()
>
> Problem 2) When a reservation is made, VCL gives us a username, password,
>> and an IP to log in with. We logon to the web portal with the 'admin'
>> username, but when VCL goes to determine if the user has logged in yet, it
>> checks for the user "administrator". Why are they different? How do we get
>> it to use the same username that was given to the user?
>>
>
> This is due to the bug I noted earlier. If you make a Windows imaging
> reservation, the username is always Administrator. If you make a Linux
> imaging reservation, the username is always the normal reservation login
> name (user.unityid).
>
We've made your suggested change, and verified that it works. Below is the
exact change we made. Brian has just created issue VCL-101 for this, and
unless there are any objections, we'll commit this patch.
This still doesn't address the issue with netstat and the invalid regex, but
at least logged in users are detected now with the who command when imaging.
-Andrew
Index: reserved.pm
===
--- reserved.pm (revision 750099)
+++ reserved.pm (working copy)
@@ -417,12 +417,12 @@
notify($ERRORS{'OK'}, 0, "checkuser flag is set to 1,
checking user connection");
# Check for the normal user ID if this isn't an imaging
request
# Check for "administrator" if this is an imaging request
- if ($request_forimaging) {
- notify($ERRORS{'OK'}, 0, "forimaging flag is set to
1, checking for connection by administrator");
+ if ($request_forimaging && $image_os_name =~
/win|vmwarewin/) {
+ notify($ERRORS{'OK'}, 0, "forimaging flag is set to
1 and imageosname is $image_os_name, checking for connection by
administrator");
$retval_conn = check_connection($nodename,
$computer_ip_address, $computer_type, $remote_ip, $time_limit,
$image_os_name, 0, $request_id, "administrator",$image_os_type);
}
else {
- notify($ERRORS{'OK'}, 0, "forimaging flag is set to
0, checking for connection by $user_unityid");
+ notify($ERRORS{'OK'}, 0, "forimaging flag is set to
$request_forimaging and imageosname is $image_os_name, checking for
connection by $user_unityid");
$retval_conn = check_connection($nodename,
$computer_ip_address, $computer_type, $remote_ip, $time_limit,
$image_os_name, 0, $request_id, $user_unityid,$image_os_type);
}
} ## end else [ if (!$imagemeta_checkuser)
Re: utils.pm::check_connection()
I don't think we can/should depend on the 'who' output. I've experienced
some cases where 'who' cmd reported someone, but in-fact no-one was
connected. Maybe it's due to a zombie or orphaned process, I don't know.
But in any case I think the best thing is to first update the regex to
handle the case brought up, then plan moving to the OS modules - if needed.
Aaron
--On February 12, 2009 4:54:56 PM -0500 Andy Kurth
wrote:
Thanks for figuring out why the regex wasn't working. You're right,
check_connection() needs to be modularized and moved to OS modules.
Brian Bouterse wrote:
Problem 1) The linux portions of the utils.pm::check_connection()
function currently use two checks, one 'netstat' command check and one
'who' command check. With IPv6 hosts, the netstat returned lines don't
look the same, therefore the regex on the netstat return doesn't stand a
chance of working. I'm concerned that this type of regex is a losing
battle. What do you all think? The who seems to work more reliable,
could we just take netstat out?
Seems fine to me but modifications to the 'who' output checking will need
to be done. check_connection() is currently only searching the 'who'
output for the reservation username. netstat is checking for any
established connection to port 22.
If 'who' is the only method used, I think you would need to check its
output for *any* logged in user. An example where it would certainly
fail if the current 'who' code was used alone would be for images
configured with user groups. Anyone in the user group may be logged in
rather than the reservation user. It wouldn't catch this.
We definitely want to error on the lenient side. It may be safer to keep
both but loosen up the regex to something like this:
/tcp.*($ipaddress:22)\s+.*(ESTABLISHED)/
Problem 2) When a reservation is made, VCL gives us a username,
password, and an IP to log in with. We logon to the web portal with the
'admin' username, but when VCL goes to determine if the user has logged
in yet, it checks for the user "administrator". Why are they different?
How do we get it to use the same username that was given to the user?
This is due to the bug I noted earlier. If you make a Windows imaging
reservation, the username is always Administrator. If you make a Linux
imaging reservation, the username is always the normal reservation login
name (user.unityid).
reserved.pm is only checking the forimaging flag in order to determine
which username to pass to check_connection(). It should be checking both
the forimaging flag and the OS.
Current (bad):
if ($forimaging==1) {
check_connection(user='Administrator');
}
else {
check_connection(user=$user_unityid);
}
Should be:
if ($forimaging==1 && OS==Windows) {
check_connection(user='Administrator');
}
else {
check_connection(user=$user_unityid);
}
Hope this helps,
Andy
Aaron Peeler
OIT Advanced Computing
College of Engineering-NCSU
919.513.4571
http://vcl.ncsu.edu
Re: utils.pm::check_connection()
Thanks for figuring out why the regex wasn't working. You're right,
check_connection() needs to be modularized and moved to OS modules.
Brian Bouterse wrote:
Problem 1) The linux portions of the utils.pm::check_connection()
function currently use two checks, one 'netstat' command check and one
'who' command check. With IPv6 hosts, the netstat returned lines don't
look the same, therefore the regex on the netstat return doesn't stand a
chance of working. I'm concerned that this type of regex is a losing
battle. What do you all think? The who seems to work more reliable,
could we just take netstat out?
Seems fine to me but modifications to the 'who' output checking will need to be
done. check_connection() is currently only searching the 'who' output for the
reservation username. netstat is checking for any established connection to
port 22.
If 'who' is the only method used, I think you would need to check its output for
*any* logged in user. An example where it would certainly fail if the current
'who' code was used alone would be for images configured with user groups.
Anyone in the user group may be logged in rather than the reservation user. It
wouldn't catch this.
We definitely want to error on the lenient side. It may be safer to keep both
but loosen up the regex to something like this:
/tcp.*($ipaddress:22)\s+.*(ESTABLISHED)/
Problem 2) When a reservation is made, VCL gives us a username,
password, and an IP to log in with. We logon to the web portal with the
'admin' username, but when VCL goes to determine if the user has logged
in yet, it checks for the user "administrator". Why are they different?
How do we get it to use the same username that was given to the user?
This is due to the bug I noted earlier. If you make a Windows imaging
reservation, the username is always Administrator. If you make a Linux imaging
reservation, the username is always the normal reservation login name
(user.unityid).
reserved.pm is only checking the forimaging flag in order to determine which
username to pass to check_connection(). It should be checking both the
forimaging flag and the OS.
Current (bad):
if ($forimaging==1) {
check_connection(user='Administrator');
}
else {
check_connection(user=$user_unityid);
}
Should be:
if ($forimaging==1 && OS==Windows) {
check_connection(user='Administrator');
}
else {
check_connection(user=$user_unityid);
}
Hope this helps,
Andy
Re: utils.pm::check_connection()
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tuesday February 10, 2009, Brian Bouterse wrote: > An aside question Why do we require VCL to be aware of when the > users connect in the first place? What if I want to reserve a server > instance, but never want to SSH into it. Currently, VCL would not > allow that use case because of these additional checks. All I can answer is the aside; so, I cut the rest out. The reason for the user check is limited resources. We don't want users making a reservation for 4 hours, using it for 30 minutes, and then leaving it sitting there unused for 3.5 hours. You can disable the user checks for the "server instance" case you brought up by going to Manage Images->Edit Image Profiles->Edit (for the desired image)->Advanced Options and set "Check for logged in user" to no. However, even in this case, the user still needs to click the Connect button at least once for that reservation. Josh - -- - --- Josh Thompson Systems Programmer Virtual Computing Lab (VCL) North Carolina State University josh_thomp...@ncsu.edu 919-515-5323 my GPG/PGP key can be found at pgp.mit.edu -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFJkfXXV/LQcNdtPQMRAv3qAJ9HC+FA0UlG6BDjfE+JIGsIl6/K/wCeNVCL 9OXQdWbrcZZDj6fAcabJPvc= =oDaU -END PGP SIGNATURE-
