Adding Ubuntu Support

Thu, 26 Mar 2009 05:35:39 -0700

I've tried to add in an Ubuntu virtual machine into a VCL installation using the latest code base and the esx.pm module. The VM gets provisioned properly, VCL ssh's into the box, queries the public IP properly, but fails to add the user and set their password.
I thought I could write an OS module to add the Ubuntu support, so I created a Ubuntu.pm based on the existing Linux.pm since most of that worked already for Ubuntu. As a reference for others, I installed this Ubuntu.pm by doing the following modifications: 


1) Insert a row into the module table with `perlpackage` equal to  
'VCL::Module::OS::Ubuntu'
2) Insert a row into the OS table with `moduleid` equal to the id of  
the entry from step 1 in the module table
3) Insert/Modify a row in the image table with `OSid` equal to the id  
of the entry from step 2 in the OS table



Here is the log output showing what isn't working with this Ubuntu.pm  
module as it manipulates an ubuntu VM:



2009-03-25 22:17:27|20858|113:13|reserved|reserved.pm:process(191)| 
user acknowledged, remote IP: 76.182.122.192
2009-03-25 22:17:27|20858|113:13|reserved|reserved.pm:process(210)| 
blade or virtual machine detected: virtualmachine
2009-03-25 22:17:27|20858|113:13|reserved|reserved.pm:process(264)| 
Linux image detected: ubuntu
2009-03-25 22:17:27|20858|113:13|reserved| 
utils.pm:run_ssh_command(6691)|executing SSH command on vcl12: /usr/ 
sbin/useradd -u 101 -d /home/admin -m admin -g ncsu
2009-03-25 22:17:28|20858|113:13|reserved| 
utils.pm:run_ssh_command(6772)|run_ssh_command output: useradd:  
unknown group ncsu
2009-03-25 22:17:28|20858|113:13|reserved| 
utils.pm:run_ssh_command(6775)|SSH command executed on vcl12: /usr/ 
sbin/useradd -u 101 -d /home/admin -m admin -g ncsu, returning (6,  
output)
2009-03-25 22:17:28|20858|113:13|reserved| 
utils.pm:run_ssh_command(6691)|executing SSH command on vcl12: cat / 
etc/passwd
2009-03-25 22:17:28|20858|113:13|reserved| 
utils.pm:run_ssh_command(6772)|run_ssh_command output: root:x: 
0:0:root:/root:/bin/bash

|20858|113:13|reserved| daemon:x:1:1:daemon:/usr/sbin:/bin/sh
|20858|113:13|reserved| bin:x:2:2:bin:/bin:/bin/sh
|20858|113:13|reserved| sys:x:3:3:sys:/dev:/bin/sh
|20858|113:13|reserved| sync:x:4:65534:sync:/bin:/bin/sync
|20858|113:13|reserved| games:x:5:60:games:/usr/games:/bin/sh
|20858|113:13|reserved| man:x:6:12:man:/var/cache/man:/bin/sh
|20858|113:13|reserved| lp:x:7:7:lp:/var/spool/lpd:/bin/sh
|20858|113:13|reserved| mail:x:8:8:mail:/var/mail:/bin/sh
|20858|113:13|reserved| news:x:9:9:news:/var/spool/news:/bin/sh
|20858|113:13|reserved| uucp:x:10:10:uucp:/var/spool/uucp:/bin/sh
|20858|113:13|reserved| proxy:x:13:13:proxy:/bin:/bin/sh
|20858|113:13|reserved| www-data:x:33:33:www-data:/var/www:/bin/sh
|20858|113:13|reserved| backup:x:34:34:backup:/var/backups:/bin/sh

|20858|113:13|reserved| list:x:38:38:Mailing List Manager:/var/list:/ 
bin/sh

|20858|113:13|reserved| irc:x:39:39:ircd:/var/run/ircd:/bin/sh

|20858|113:13|reserved| gnats:x:41:41:Gnats Bug-Reporting System  
(admin):/var/lib/gnats:/bin/sh

|20858|113:13|reserved| nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
|20858|113:13|reserved| libuuid:x:100:101::/var/lib/libuuid:/bin/sh
|20858|113:13|reserved| syslog:x:101:102::/home/syslog:/bin/false
|20858|113:13|reserved| klog:x:102:103::/home/klog:/bin/false

|20858|113:13|reserved| hplip:x:103:7:HPLIP system user,,,:/var/run/ 
hplip:/bin/false
|20858|113:13|reserved| avahi-autoipd:x:104:112:Avahi autoip  
daemon,,,:/var/lib/avahi-autoipd:/bin/false
|20858|113:13|reserved| gdm:x:105:113:Gnome Display Manager:/var/lib/ 
gdm:/bin/false
|20858|113:13|reserved| pulse:x:106:115:PulseAudio daemon,,,:/var/run/ 
pulse:/bin/false

|20858|113:13|reserved| saned:x:107:118::/home/saned:/bin/false
|20858|113:13|reserved| messagebus:x:108:119::/var/run/dbus:/bin/false

|20858|113:13|reserved| polkituser:x:109:120:PolicyKit,,,:/var/run/ 
PolicyKit:/bin/false
|20858|113:13|reserved| avahi:x:110:121:Avahi mDNS daemon,,,:/var/run/ 
avahi-daemon:/bin/false
|20858|113:13|reserved| haldaemon:x:111:122:Hardware abstraction  
layer,,,:/var/run/hald:/bin/false
|20858|113:13|reserved| tchaw:x:1000:1000:TC Ling,,,:/home/tchaw:/bin/ 
bash
|20858|113:13|reserved| sshd:x:112:65534::/var/run/sshd:/usr/sbin/ 
nologin
2009-03-25 22:17:28|20858|113:13|reserved| 
utils.pm:run_ssh_command(6775)|SSH command executed on vcl12: cat /etc/ 
passwd, returning (0, output)
2009-03-25 22:17:28|20858|113:13|reserved|utils.pm:add_user(3093)| 
added user account admin to vcl12
2009-03-25 22:17:28|20858|113:13|reserved| 
utils.pm:run_ssh_command(6691)|executing SSH command on vcl12: echo  
"AllowUsers admin" >> /etc/ssh/external_sshd_config
2009-03-25 22:17:28|20858|113:13|reserved| 
utils.pm:run_ssh_command(6772)|run_ssh_command output: none
2009-03-25 22:17:28|20858|113:13|reserved| 
utils.pm:run_ssh_command(6775)|SSH command executed on vcl12: echo  
"AllowUsers admin" >> /etc/ssh/external_sshd_config, returning (0,  
output)
2009-03-25 22:17:28|20858|113:13|reserved|utils.pm:add_user(3096)| 
added AllowUsers admin to external_sshd_config
2009-03-25 22:17:28|20858|113:13|reserved| 
utils.pm:run_ssh_command(6691)|executing SSH command on vcl12: /etc/ 
init.d/ext_sshd restart
2009-03-25 22:17:28|20858|113:13|reserved| 
utils.pm:run_ssh_command(6772)|run_ssh_command output: bash: /etc/ 
init.d/ext_sshd: No such file or directory
2009-03-25 22:17:28|20858|113:13|reserved| 
utils.pm:run_ssh_command(6775)|SSH command executed on vcl12: /etc/ 
init.d/ext_sshd restart, returning (127, output)
2009-03-25 22:17:28|20858|113:13|reserved|utils.pm:add_user(3114)| 
started ext_sshd on vcl12
2009-03-25 22:17:28|20858|113:13|reserved|reserved.pm:process(290)| 
user admin added to vcl12
2009-03-25 22:17:28|20858|113:13|reserved|utils.pm:insertloadlog(5320)| 
inserted computer=5, info, reserved: adding user and opening remote  
access port for 76.182.122.192
2009-03-25 22:17:28|20858|113:13|reserved| 
utils.pm:run_ssh_command(6691)|executing SSH command on vcl12: echo  
5wLstN | /usr/bin/passwd -f admin --stdin
2009-03-25 22:17:28|20858|113:13|reserved| 
utils.pm:run_ssh_command(6772)|run_ssh_command output: /usr/bin/ 
passwd: invalid option -- 'f'

|20858|113:13|reserved| Usage: passwd [options] [LOGIN]

|20858|113:13|reserved| Options:

|20858|113:13|reserved|   -a, --all                     report  
password status on all accounts
|20858|113:13|reserved|   -d, --delete                  delete the  
password for the named account
|20858|113:13|reserved|   -e, --expire                  force expire  
the password for the named account
|20858|113:13|reserved|   -h, --help                    display this  
help message and exit
|20858|113:13|reserved|   -k, --keep-tokens             change  
password only if expired
|20858|113:13|reserved|   -i, --inactive INACTIVE       set password  
inactive after expiration

|20858|113:13|reserved|                                 to INACTIVE

|20858|113:13|reserved|   -l, --lock                    lock the named  
account
|20858|113:13|reserved|   -n, --mindays MIN_DAYS        set minimum  
number of days before password
|20858|113:13|reserved|                                 change to  
MIN_DAYS

|20858|113:13|reserved|   -q, --quiet                   quiet mode

|20858|113:13|reserved|   -r, --repository REPOSITORY   change  
password in REPOSITORY repository
|20858|113:13|reserved|   -S, --status                  report  
password status on the named account
|20858|113:13|reserved|   -u, --unlock                  unlock the  
named account
|20858|113:13|reserved|   -w, --warndays WARN_DAYS      set expiration  
warning days to WARN_DAYS
|20858|113:13|reserved|   -x, --maxdays MAX_DAYS        set maximim  
number of days before password
|20858|113:13|reserved|                                 change to  
MAX_DAYS
2009-03-25 22:17:28|20858|113:13|reserved| 
utils.pm:run_ssh_command(6775)|SSH command executed on vcl12: echo  
5wLstN | /usr/bin/passwd -f admin --stdin, returning (6, output)


|20858|113:13|reserved| ---- WARNING ----

|20858|113:13|reserved| 2009-03-25 22:17:28|20858|113:13|reserved| 
reserved.pm:process(308)|could not change linux password for admin on  
vcl12

|20858|113:13|reserved| ( 0) utils.pm, notify (line: 691)
|20858|113:13|reserved| (-1) reserved.pm, process (line: 308)
|20858|113:13|reserved| (-2) vcld, make_new_child (line: 600)
|20858|113:13|reserved| (-3) vcld, main (line: 347)


2009-03-25 22:17:28|20858|113:13|reserved|utils.pm:insertloadlog(5320)| 
inserted computer=5, failed, reserved: could not change user password  
on node
2009-03-25 22:17:28|20858|113:13|reserved|reserved.pm:process(430)| 
retval_conn = failed
2009-03-25 22:17:28|20858|113:13|reserved|reserved.pm:process(577)| 
failed to reserve machine
2009-03-25 22:17:28|20858|113:13|reserved| 
utils.pm:update_request_state(2283)|request 113 state updated to:  
failed, laststate to: reserved
2009-03-25 22:17:28|20858|113:13|reserved|reserved.pm:process(579)| 
setting request into failed state
2009-03-25 22:17:28|20858|113:13|reserved| 
utils.pm:update_computer_state(2325)|computer 5 state updated to: failed
2009-03-25 22:17:28|20858|113:13|reserved|reserved.pm:process(587)| 
setting computerid 5 into failed state
2009-03-25 22:17:28|20858|113:13|reserved|reserved.pm:process(595)|log  
id 50 was updated and ending set to failed
2009-03-25 22:17:28|20858|113:13|reserved|reserved.pm:process(602)| 
exiting
2009-03-25 22:17:28|20858|113:13|reserved|State.pm:DESTROY(439)| 
destructor called, ref($self)=VCL::reserved
2009-03-25 22:17:28|20858|113:13|reserved| 
utils.pm:delete_computerloadlog_reservation(8032)|removing  
computerloadlog entries matching loadstate = begin
2009-03-25 22:17:28|20858|113:13|reserved| 
utils.pm:delete_computerloadlog_reservation(8079)|deleted rows from  
computerloadlog for reservation id=13
2009-03-25 22:17:28|20858|113:13|reserved|State.pm:DESTROY(442)| 
removed computerloadlog rows with loadstate=begin for reservation
2009-03-25 22:17:28|20858|113:13|reserved|State.pm:DESTROY(450)|number  
of database handles state process created: 1
2009-03-25 22:17:28|20858|113:13|reserved|State.pm:DESTROY(459)| 
process has a database handle stored in $ENV{dbh}, attempting disconnect
2009-03-25 22:17:28|20858|113:13|reserved|State.pm:DESTROY(461)| 
$ENV{dbh}: database disconnect successful
2009-03-25 22:17:28|19554|vcld:REAPER(750)|VCL process exited for  
reservation 13



From doing some forensics on the deployed VM, here what I see isn't  
working currently:



1)  I have the same problem as Melba,   `/usr/sbin/useradd -u 101 -d / 
home/admin -m admin -g ncsu` fails " because useradd says unknown  
group ncsu"



2)  It cannot start /etc/init.d/ext_sshd because ext_sshd doesn't  
exist.  The log reports incorrectly that the "ext_sshd was started on  
vcl12"  This looks like a bug in utils.pm add_user.



3)  The log reports incorrectly that the user "admin" was successfully  
placed into the /etc/passwd file, but that isn't true.  This looks  
like a bug reserved.pm



4)  The "admin" user's password isn't being set.  This is the command  
which fails:  "echo 5wLstN | /usr/bin/passwd -f admin --stdin"  The  
problem is that on Ubuntu '-f' is an invalid option.


How can this be fixed?


More OS Modularization!  The Ubuntu.pm file currently only has the  
following three methods.


sub capture_prepare ()
sub capture_start ()
sub delete_user  ()


What are the function names for things like .... {useradd, and  
services management (ie ssh)} that I can use in my Ubuntu.pm file?


Best,
Brian

Brian Bouterse
Secure Open Systems Initiative
919.698.8796


























					Reply via email to