I've tried to add in an Ubuntu virtual machine into a VCL installation using the latest code base and the esx.pm module. The VM gets provisioned properly, VCL ssh's into the box, queries the public IP properly, but fails to add the user and set their password.

I thought I could write an OS module to add the Ubuntu support, so I created a Ubuntu.pm based on the existing Linux.pm since most of that worked already for Ubuntu. As a reference for others, I installed this Ubuntu.pm by doing the following modifications:


1) Insert a row into the module table with `perlpackage` equal to 'VCL::Module::OS::Ubuntu' 2) Insert a row into the OS table with `moduleid` equal to the id of the entry from step 1 in the module table 3) Insert/Modify a row in the image table with `OSid` equal to the id of the entry from step 2 in the OS table

Here is the log output showing what isn't working with this Ubuntu.pm module as it manipulates an ubuntu VM:

2009-03-25 22:17:27|20858|113:13|reserved|reserved.pm:process(191)| user acknowledged, remote IP: 76.182.122.192 2009-03-25 22:17:27|20858|113:13|reserved|reserved.pm:process(210)| blade or virtual machine detected: virtualmachine 2009-03-25 22:17:27|20858|113:13|reserved|reserved.pm:process(264)| Linux image detected: ubuntu 2009-03-25 22:17:27|20858|113:13|reserved| utils.pm:run_ssh_command(6691)|executing SSH command on vcl12: /usr/ sbin/useradd -u 101 -d /home/admin -m admin -g ncsu 2009-03-25 22:17:28|20858|113:13|reserved| utils.pm:run_ssh_command(6772)|run_ssh_command output: useradd: unknown group ncsu 2009-03-25 22:17:28|20858|113:13|reserved| utils.pm:run_ssh_command(6775)|SSH command executed on vcl12: /usr/ sbin/useradd -u 101 -d /home/admin -m admin -g ncsu, returning (6, output) 2009-03-25 22:17:28|20858|113:13|reserved| utils.pm:run_ssh_command(6691)|executing SSH command on vcl12: cat / etc/passwd 2009-03-25 22:17:28|20858|113:13|reserved| utils.pm:run_ssh_command(6772)|run_ssh_command output: root:x: 0:0:root:/root:/bin/bash
|20858|113:13|reserved| daemon:x:1:1:daemon:/usr/sbin:/bin/sh
|20858|113:13|reserved| bin:x:2:2:bin:/bin:/bin/sh
|20858|113:13|reserved| sys:x:3:3:sys:/dev:/bin/sh
|20858|113:13|reserved| sync:x:4:65534:sync:/bin:/bin/sync
|20858|113:13|reserved| games:x:5:60:games:/usr/games:/bin/sh
|20858|113:13|reserved| man:x:6:12:man:/var/cache/man:/bin/sh
|20858|113:13|reserved| lp:x:7:7:lp:/var/spool/lpd:/bin/sh
|20858|113:13|reserved| mail:x:8:8:mail:/var/mail:/bin/sh
|20858|113:13|reserved| news:x:9:9:news:/var/spool/news:/bin/sh
|20858|113:13|reserved| uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
|20858|113:13|reserved| proxy:x:13:13:proxy:/bin:/bin/sh
|20858|113:13|reserved| www-data:x:33:33:www-data:/var/www:/bin/sh
|20858|113:13|reserved| backup:x:34:34:backup:/var/backups:/bin/sh
|20858|113:13|reserved| list:x:38:38:Mailing List Manager:/var/list:/ bin/sh
|20858|113:13|reserved| irc:x:39:39:ircd:/var/run/ircd:/bin/sh
|20858|113:13|reserved| gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/bin/sh
|20858|113:13|reserved| nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
|20858|113:13|reserved| libuuid:x:100:101::/var/lib/libuuid:/bin/sh
|20858|113:13|reserved| syslog:x:101:102::/home/syslog:/bin/false
|20858|113:13|reserved| klog:x:102:103::/home/klog:/bin/false
|20858|113:13|reserved| hplip:x:103:7:HPLIP system user,,,:/var/run/ hplip:/bin/false |20858|113:13|reserved| avahi-autoipd:x:104:112:Avahi autoip daemon,,,:/var/lib/avahi-autoipd:/bin/false |20858|113:13|reserved| gdm:x:105:113:Gnome Display Manager:/var/lib/ gdm:/bin/false |20858|113:13|reserved| pulse:x:106:115:PulseAudio daemon,,,:/var/run/ pulse:/bin/false
|20858|113:13|reserved| saned:x:107:118::/home/saned:/bin/false
|20858|113:13|reserved| messagebus:x:108:119::/var/run/dbus:/bin/false
|20858|113:13|reserved| polkituser:x:109:120:PolicyKit,,,:/var/run/ PolicyKit:/bin/false |20858|113:13|reserved| avahi:x:110:121:Avahi mDNS daemon,,,:/var/run/ avahi-daemon:/bin/false |20858|113:13|reserved| haldaemon:x:111:122:Hardware abstraction layer,,,:/var/run/hald:/bin/false |20858|113:13|reserved| tchaw:x:1000:1000:TC Ling,,,:/home/tchaw:/bin/ bash |20858|113:13|reserved| sshd:x:112:65534::/var/run/sshd:/usr/sbin/ nologin 2009-03-25 22:17:28|20858|113:13|reserved| utils.pm:run_ssh_command(6775)|SSH command executed on vcl12: cat /etc/ passwd, returning (0, output) 2009-03-25 22:17:28|20858|113:13|reserved|utils.pm:add_user(3093)| added user account admin to vcl12 2009-03-25 22:17:28|20858|113:13|reserved| utils.pm:run_ssh_command(6691)|executing SSH command on vcl12: echo "AllowUsers admin" >> /etc/ssh/external_sshd_config 2009-03-25 22:17:28|20858|113:13|reserved| utils.pm:run_ssh_command(6772)|run_ssh_command output: none 2009-03-25 22:17:28|20858|113:13|reserved| utils.pm:run_ssh_command(6775)|SSH command executed on vcl12: echo "AllowUsers admin" >> /etc/ssh/external_sshd_config, returning (0, output) 2009-03-25 22:17:28|20858|113:13|reserved|utils.pm:add_user(3096)| added AllowUsers admin to external_sshd_config 2009-03-25 22:17:28|20858|113:13|reserved| utils.pm:run_ssh_command(6691)|executing SSH command on vcl12: /etc/ init.d/ext_sshd restart 2009-03-25 22:17:28|20858|113:13|reserved| utils.pm:run_ssh_command(6772)|run_ssh_command output: bash: /etc/ init.d/ext_sshd: No such file or directory 2009-03-25 22:17:28|20858|113:13|reserved| utils.pm:run_ssh_command(6775)|SSH command executed on vcl12: /etc/ init.d/ext_sshd restart, returning (127, output) 2009-03-25 22:17:28|20858|113:13|reserved|utils.pm:add_user(3114)| started ext_sshd on vcl12 2009-03-25 22:17:28|20858|113:13|reserved|reserved.pm:process(290)| user admin added to vcl12 2009-03-25 22:17:28|20858|113:13|reserved|utils.pm:insertloadlog(5320)| inserted computer=5, info, reserved: adding user and opening remote access port for 76.182.122.192 2009-03-25 22:17:28|20858|113:13|reserved| utils.pm:run_ssh_command(6691)|executing SSH command on vcl12: echo 5wLstN | /usr/bin/passwd -f admin --stdin 2009-03-25 22:17:28|20858|113:13|reserved| utils.pm:run_ssh_command(6772)|run_ssh_command output: /usr/bin/ passwd: invalid option -- 'f'
|20858|113:13|reserved| Usage: passwd [options] [LOGIN]

|20858|113:13|reserved| Options:
|20858|113:13|reserved| -a, --all report password status on all accounts |20858|113:13|reserved| -d, --delete delete the password for the named account |20858|113:13|reserved| -e, --expire force expire the password for the named account |20858|113:13|reserved| -h, --help display this help message and exit |20858|113:13|reserved| -k, --keep-tokens change password only if expired |20858|113:13|reserved| -i, --inactive INACTIVE set password inactive after expiration
|20858|113:13|reserved|                                 to INACTIVE
|20858|113:13|reserved| -l, --lock lock the named account |20858|113:13|reserved| -n, --mindays MIN_DAYS set minimum number of days before password |20858|113:13|reserved| change to MIN_DAYS
|20858|113:13|reserved|   -q, --quiet                   quiet mode
|20858|113:13|reserved| -r, --repository REPOSITORY change password in REPOSITORY repository |20858|113:13|reserved| -S, --status report password status on the named account |20858|113:13|reserved| -u, --unlock unlock the named account |20858|113:13|reserved| -w, --warndays WARN_DAYS set expiration warning days to WARN_DAYS |20858|113:13|reserved| -x, --maxdays MAX_DAYS set maximim number of days before password |20858|113:13|reserved| change to MAX_DAYS 2009-03-25 22:17:28|20858|113:13|reserved| utils.pm:run_ssh_command(6775)|SSH command executed on vcl12: echo 5wLstN | /usr/bin/passwd -f admin --stdin, returning (6, output)

|20858|113:13|reserved| ---- WARNING ----
|20858|113:13|reserved| 2009-03-25 22:17:28|20858|113:13|reserved| reserved.pm:process(308)|could not change linux password for admin on vcl12
|20858|113:13|reserved| ( 0) utils.pm, notify (line: 691)
|20858|113:13|reserved| (-1) reserved.pm, process (line: 308)
|20858|113:13|reserved| (-2) vcld, make_new_child (line: 600)
|20858|113:13|reserved| (-3) vcld, main (line: 347)

2009-03-25 22:17:28|20858|113:13|reserved|utils.pm:insertloadlog(5320)| inserted computer=5, failed, reserved: could not change user password on node 2009-03-25 22:17:28|20858|113:13|reserved|reserved.pm:process(430)| retval_conn = failed 2009-03-25 22:17:28|20858|113:13|reserved|reserved.pm:process(577)| failed to reserve machine 2009-03-25 22:17:28|20858|113:13|reserved| utils.pm:update_request_state(2283)|request 113 state updated to: failed, laststate to: reserved 2009-03-25 22:17:28|20858|113:13|reserved|reserved.pm:process(579)| setting request into failed state 2009-03-25 22:17:28|20858|113:13|reserved| utils.pm:update_computer_state(2325)|computer 5 state updated to: failed 2009-03-25 22:17:28|20858|113:13|reserved|reserved.pm:process(587)| setting computerid 5 into failed state 2009-03-25 22:17:28|20858|113:13|reserved|reserved.pm:process(595)|log id 50 was updated and ending set to failed 2009-03-25 22:17:28|20858|113:13|reserved|reserved.pm:process(602)| exiting 2009-03-25 22:17:28|20858|113:13|reserved|State.pm:DESTROY(439)| destructor called, ref($self)=VCL::reserved 2009-03-25 22:17:28|20858|113:13|reserved| utils.pm:delete_computerloadlog_reservation(8032)|removing computerloadlog entries matching loadstate = begin 2009-03-25 22:17:28|20858|113:13|reserved| utils.pm:delete_computerloadlog_reservation(8079)|deleted rows from computerloadlog for reservation id=13 2009-03-25 22:17:28|20858|113:13|reserved|State.pm:DESTROY(442)| removed computerloadlog rows with loadstate=begin for reservation 2009-03-25 22:17:28|20858|113:13|reserved|State.pm:DESTROY(450)|number of database handles state process created: 1 2009-03-25 22:17:28|20858|113:13|reserved|State.pm:DESTROY(459)| process has a database handle stored in $ENV{dbh}, attempting disconnect 2009-03-25 22:17:28|20858|113:13|reserved|State.pm:DESTROY(461)| $ENV{dbh}: database disconnect successful 2009-03-25 22:17:28|19554|vcld:REAPER(750)|VCL process exited for reservation 13

From doing some forensics on the deployed VM, here what I see isn't working currently:

1) I have the same problem as Melba, `/usr/sbin/useradd -u 101 -d / home/admin -m admin -g ncsu` fails " because useradd says unknown group ncsu"

2) It cannot start /etc/init.d/ext_sshd because ext_sshd doesn't exist. The log reports incorrectly that the "ext_sshd was started on vcl12" This looks like a bug in utils.pm add_user.

3) The log reports incorrectly that the user "admin" was successfully placed into the /etc/passwd file, but that isn't true. This looks like a bug reserved.pm

4) The "admin" user's password isn't being set. This is the command which fails: "echo 5wLstN | /usr/bin/passwd -f admin --stdin" The problem is that on Ubuntu '-f' is an invalid option.

How can this be fixed?

More OS Modularization! The Ubuntu.pm file currently only has the following three methods.

sub capture_prepare ()
sub capture_start ()
sub delete_user  ()

What are the function names for things like .... {useradd, and services management (ie ssh)} that I can use in my Ubuntu.pm file?

Best,
Brian

Brian Bouterse
Secure Open Systems Initiative
919.698.8796




Reply via email to