Let me know if there's a better way to submit patches to this project.
Attached is a small patch taken from managementnode/lib/. It fixes a
bug in utils.pm::check_connection(). The netstat check was only
recognizing ssh connections that showed up with ::ffff: in front of
their IPs for lab machines and not for other linux images. This patch
copies the fix for lab machines and uses it for all linux images.
In addition, this patch also removes some code that is now unused thanks
to the OS modularization. While figuring out what happened when linux
machines are deployed, I lost some time delving into this unused code,
so I thought it best to submit a patch removing it so that no one else
gets confused.
Index: VCL/reclaim.pm
===================================================================
--- VCL/reclaim.pm (revision 827859)
+++ VCL/reclaim.pm (working copy)
@@ -180,28 +180,6 @@
}
}
- # TODO: The following section should be removed once
sanitize() is implemented by Linux.pm
- elsif ($image_os_type =~ /linux/){
- # Loaded Linux image needs to be cleaned up
- notify($ERRORS{'OK'}, 0, "attempting steps to
clean up loaded $image_os_name image");
-
- # Make sure user is not connected
- if (isconnected($computer_shortname,
$computer_type, $reservation_remoteip, $image_os_name, $computer_ipaddress,
$image_os_type)) {
- notify($ERRORS{'WARNING'}, 0, "user
$user_unityid is connected to $computer_shortname, computer will be reloaded");
- $self->insert_reload_and_exit();
- } ## end if (isconnected($computer_shortname,
$computer_type...
-
- # User is not connected, delete the user
- if (del_user($computer_shortname,
$user_unityid, $computer_type, $image_os_name)) {
- notify($ERRORS{'OK'}, 0, "user
$user_unityid removed from $computer_shortname");
- insertloadlog($reservation_id,
$computer_id, "info", "reclaim: removed user");
- }
- else {
- notify($ERRORS{'OK'}, 0, "user
$user_unityid could not be removed from $computer_shortname, computer will be
reloaded");
- $self->insert_reload_and_exit();
- }
- }
-
else {
# Unknown image type
notify($ERRORS{'WARNING'}, 0, "unsupported
image OS detected: $image_os_name, computer will be reloaded");
Index: VCL/reserved.pm
===================================================================
--- VCL/reserved.pm (revision 827859)
+++ VCL/reserved.pm (working copy)
@@ -203,112 +203,6 @@
}
}
- # Older style code, remove below once all OS's have been
modularized
- # Check if computer type is blade
- elsif ($computer_type =~ /blade|virtualmachine/) {
- notify($ERRORS{'OK'}, 0, "blade or virtual machine
detected: $computer_type");
- # different senerios
- # standard -- 1-1-1 with connection checks
- # group access M-N-K -- multiple users need access
- # standard with no connection checks
-
- # Check if linux image
- if ($image_os_type =~ /linux/){
- notify($ERRORS{'OK'}, 0, "Linux image detected:
$image_os_name");
-
- # adduser ; this adds user and restarts sshd
- # check for group access
-
- my $grpflag = 0;
- my @group;
-
- if ($imagemeta_usergroupid ne '') {
- notify($ERRORS{'OK'}, 0, "group access
groupid $imagemeta_usergroupid");
-
- # Check group membership count
- if ($user_group_member_count > 0) {
- # Good, at least something is
listed
- notify($ERRORS{'OK'}, 0,
"imagemeta group acess membership is $user_group_member_count");
- $grpflag =
$user_group_member_count;
- @group = @user_group_members;
- }
- else {
- notify($ERRORS{'OK'}, 0, "image
claims group access but membership is 0, usergrouid: $imagemeta_usergroupid,
only adding requester");
- }
-
- } # Close imagemeta user group defined and
member count is > 0
-
- # Try to add the user account to the linux
computer
- if (add_user($computer_short_name,
$user_unityid, $user_uid, 0, $computer_hostname, $image_os_name,
$image_os_type, $remote_ip, $grpflag, @group)) {
- notify($ERRORS{'OK'}, 0, "user
$user_unityid added to $computer_short_name");
- insertloadlog($reservation_id,
$computer_id, "info", "reserved: adding user and opening remote access port for
$remote_ip");
- }
- else {
- notify($ERRORS{'WARNING'}, 0, "could
not add user $user_unityid to $computer_short_name");
- insertloadlog($reservation_id,
$computer_id, "failed", "reserved: could not add user to node");
- $retval_conn = "failed";
- goto RETVALCONN;
- }
-
- # Check if user was set to standalone
- # Occurs if affiliation is not specified in the
NOT_STANDALONE property in vcld.conf
- # or if vcladmin is the user or if the user's
UID is >= 1,000,000
- if ($user_standalone) {
- if
(changelinuxpassword($computer_short_name, $user_unityid,
$reservation_password)) {
- # Password successfully changed
- notify($ERRORS{'OK'}, 0,
"password changed on $computer_short_name for standalone user $user_unityid");
- }
- else {
- notify($ERRORS{'WARNING'}, 0,
"could not change linux password for $user_unityid on $computer_short_name");
- insertloadlog($reservation_id,
$computer_id, "failed", "reserved: could not change user password on node");
- $retval_conn = "failed";
- goto RETVALCONN;
- }
- } # Close if standalone
- else {
- notify($ERRORS{'OK'}, 0, "password not
changed on $computer_short_name for non-standalone user $user_unityid");
- }
-
- #if cluster reservation - populate parent node
with child node information
- if ($request_data->{RESERVATIONCOUNT} > 1) {
- notify($ERRORS{'OK'}, 0, "cluster
reservation, attempting to populate nodes with cluster_info data");
- if (update_cluster_info($request_data))
{
- notify($ERRORS{'OK'}, 0,
"updated cluster nodes with cluster infomation");
- }
- }
-
- } # Close elseif linux computer
-
- } # Close if computer type is blade
-
- # Check if computer type is lab
- elsif ($computer_type eq "lab") {
- notify($ERRORS{'OK'}, 0, "lab computer detected");
-
- # Check if Solaris or RHEL
- if ($image_os_name =~ /sun4x_|rhel/) {
- notify($ERRORS{'OK'}, 0, "Sun or RHEL lab
computer detected");
- if (enablesshd($computer_ip_address,
$user_unityid, $remote_ip, "new", $image_os_name)) {
- notify($ERRORS{'OK'}, 0, "SSHD enabled
on $computer_hostname $computer_ip_address");
- }
- else {
- # Could not enable SSHD
- # Add code to better handle this such
as fetch another machine
- notify($ERRORS{'WARNING'}, 0, "could
not enable SSHD on $computer_hostname");
-
- # Update the computer state to failed
- if (update_computer_state($computer_id,
"failed", "new")) {
- notify($ERRORS{'OK'}, 0,
"setting computer ID $computer_id into failed state");
- }
-
- insertloadlog($reservation_id,
$computer_id, "failed", "reserved: could not enable access port on remote
machine");
- $retval_conn = "failed";
- goto RETVALCONN;
- } ## end else [ if
(enablesshd($computer_ip_address, $user_unityid...
- } # Close if Solaris or RHEL
-
- } # Close elsif computer type is lab
-
} # close if defined remoteIP
elsif ($acknowledge_attempts < 180) {
Index: VCL/utils.pm
===================================================================
--- VCL/utils.pm (revision 827859)
+++ VCL/utils.pm (working copy)
@@ -83,7 +83,6 @@
_machine_os
_pingnode
_sshd_status
- add_user
changelinuxpassword
check_blockrequest_time
check_connection
@@ -102,7 +101,6 @@
convert_to_epoch_seconds
database_execute
database_select
- del_user
delete_computerloadlog_reservation
delete_request
delete_block_request
@@ -1861,6 +1859,18 @@
return $ret_val;
}
} # tcp check
+ if ($line =~
/tcp\s+([0-9]*)\s+([0-9]*)\s::ffff:($ipaddress:22)\s+::ffff:([.0-9]*):([0-9]*)(.*)(ESTABLISHED)
/) {
+ if ($4 eq $remoteIP) {
+ $break = 1;
+ $ret_val =
"connected";
+ return $ret_val;
+ }
+ else {
+ #this isn't the
remoteIP
+ $ret_val =
"conn_wrong_ip";
+ return $ret_val;
+ }
+ } # tcp check
} #foreach
#who; too make sure we didn't miss
it through netstat
undef @SSHCMD;
@@ -2863,269 +2873,6 @@
#/////////////////////////////////////////////////////////////////////////////
-=head2 add_user
-
- Parameters : $node, $user, $uid, $passwd, $hostname, $os, $remoteip,
$grpflag, @group
- Returns : 1 success, 0 failed
- Description : logs into remote node adds supplied user account
-
-=cut
-
-sub add_user {
- my ($node, $user, $uid, $passwd, $hostname, $os,
$image_os_type,$remoteip, $grpflag, @group) = @_;
- my ($package, $filename, $line, $sub) = caller(0);
- notify($ERRORS{'WARNING'}, 0, "node is not defined") if
(!(defined($node)));
- notify($ERRORS{'WARNING'}, 0, "user is not defined") if
(!(defined($user)));
- notify($ERRORS{'OK'}, 0, "uid is not defined") if
(!(defined($uid)));
- notify($ERRORS{'WARNING'}, 0, "passwd is not defined") if
(!(defined($passwd)));
- notify($ERRORS{'WARNING'}, 0, "os is not defined") if
(!(defined($os)));
- notify($ERRORS{'OK'}, 0, "remoteip is not defined") if
(!(defined($remoteip)));
- notify($ERRORS{'OK'}, 0, "grpflag is not defined") if
(!(defined($grpflag)));
-
- if (!(defined($grpflag))) {
- $grpflag = 0;
- }
- elsif ($grpflag > 0) {
- notify($ERRORS{'OK'}, 0, "group access memberlist= @group ");
- }
-
- my $identity;
-
- if ($image_os_type =~ /linux/i) {
- $identity = $IDENTITY_bladerhel;
- }
- else {
- $identity = $IDENTITY_bladerhel;
- }
-
- if ($image_os_type =~ /linux/i) {
- # set common linux useradd string
- my $useradd_string;
- if (!(defined($uid))) { # check for uid if not let OS set one
- $useradd_string = "/usr/sbin/useradd -d /home/$user -m
$user";
- }
- else {
- $useradd_string = "/usr/sbin/useradd -u $uid -d
/home/$user -m $user";
- }
-
- # two methods: single user or group of users
- if ($grpflag) {
- #assumes owner is already member of group
- #ok group flag set proceed
- my $allowuserstring = "AllowUsers";
- foreach my $u (@group) {
- #$u in form of unity:uid
- my ($user_unityid, $uid) = split(":", $u);
- my $cmd = "/usr/sbin/useradd -u $uid -d
/home/$user_unityid -m $user_unityid";
- if (run_ssh_command($node, $identity, $cmd,
"root")) {
- notify($ERRORS{'OK'}, 0, "added user
$user_unityid to $node");
- }
- else {
- notify($ERRORS{'WARNING'}, 0, "failed
to execute $cmd");
- return 0;
- }
-
- #append to ssh string
- $allowuserstring .= " $user_unityid";
- } ## end foreach my $u (@group)
-
- # modify external_sshd config
- my $cmdstring = "echo \"$allowuserstring\" >>
/etc/ssh/external_sshd_config";
- my @sshcmd;
- if (run_ssh_command($node, $identity, $cmdstring,
"root")) {
- notify($ERRORS{'OK'}, 0, "adding user string to
sshd conf $allowuserstring");
- undef @sshcmd;
- @sshcmd = run_ssh_command($node, $identity,
"/etc/init.d/ext_sshd restart", "root");
- foreach my $l (@{$sshcmd[1]}) {
- if ($l =~ /Stopping ext_sshd:/i) {
-
#notify($ERRORS{'OK'},0,"stopping sshd on $node ");
- }
- if ($l =~ /Starting ext_sshd:[ OK
]/i) {
- notify($ERRORS{'OK'}, 0,
"ext_sshd on $node started");
- }
- } #foreach
- notify($ERRORS{'OK'}, 0, "started ext_sshd on
$node");
- return 1;
- } ## end if (run_ssh_command($node,
$IDENTITY_bladerhel...
- else {
- notify($ERRORS{'CRITICAL'}, 0, "failed to add
$allowuserstring to external_sshd_config on $node ");
- return 0;
- }
-
- } ## end if ($grpflag)
- else {
- #single user proceed
- my @sshcmd = run_ssh_command($node, $identity,
$useradd_string, "root");
- foreach my $l (@{$sshcmd[1]}) {
- if ($l =~ /user $user exists/) {
- notify($ERRORS{'OK'}, 0, "detected user
already has account, deleting");
- #FIXME - if type or project is not HPC
related.
- if (del_user($node, $user, "blade",
$os, $image_os_type)) {
- notify($ERRORS{'OK'}, 0, "$user
deleted");
- }
- if (run_ssh_command($node, $identity,
$useradd_string, "root")) {
- notify($ERRORS{'OK'}, 0, "user
$user added");
- }
- } ## end if ($l =~ /user $user exists/)
-
- } ## end foreach my $l (@{$sshcmd[1]})
-
- #SETUP sudoers file
- #clear user from sudoers file first
- my $clear_cmd = "sed -ie \"/^$user .*/d\" /etc/sudoers";
- if (run_ssh_command($node, $identity, $clear_cmd,
"root")) {
- notify($ERRORS{'DEBUG'}, 0, "cleared $user from
/etc/sudoers");
- }
- else {
- notify($ERRORS{'CRITICAL'}, 0, "failed to clear
$user from /etc/sudoers");
- }
- my $sudoers_cmd = "echo \"$user ALL= NOPASSWD: ALL\" >>
/etc/sudoers";
- if (run_ssh_command($node, $identity, $sudoers_cmd,
"root")) {
- notify($ERRORS{'DEBUG'}, 0, "added $user to
/etc/sudoers");
- }
- else {
- notify($ERRORS{'CRITICAL'}, 0, "failed to add
$user to /etc/sudoers");
- }
-
- if (_is_user_added($node, $user, "blade", $os,
$image_os_type)) {
- notify($ERRORS{'OK'}, 0, "added user account
$user to $node");
- undef @sshcmd;
- my $cmd = "echo \"AllowUsers $user\" >>
/etc/ssh/external_sshd_config";
- if (run_ssh_command($node, $identity, $cmd,
"root")) {
- notify($ERRORS{'DEBUG'}, 0, "added
AllowUsers $user to external_sshd_config");
- }
- else {
- notify($ERRORS{'CRITICAL'}, 0, "failed
to add AllowUsers $user to external_sshd_config");
- return 0;
- }
-
- undef @sshcmd;
- @sshcmd = run_ssh_command($node, $identity,
"/etc/init.d/ext_sshd restart", "root");
-
- foreach my $l (@{$sshcmd[1]}) {
- if ($l =~ /Stopping ext_sshd:/i) {
-
#notify($ERRORS{'OK'},0,"stopping sshd on $node ");
- }
- if ($l =~ /Starting ext_sshd:[ OK
]/i) {
- notify($ERRORS{'OK'}, 0,
"ext_sshd on $node started");
- }
- } #foreach
- notify($ERRORS{'OK'}, 0, "started ext_sshd on
$node");
- return 1;
- } ## end if (_is_user_added($node, $user, "blade", ...
- else {
- notify($ERRORS{'CRITICAL'}, 0, "PROBLEM added
user $user to $node @{ $sshcmd[1] }");
- return 0;
- }
- # add user to external_sshd config
- } # grpflag true
-
-
- } # rhel
- else {
- return 0;
- }
-} ## end sub add_user
-
-#/////////////////////////////////////////////////////////////////////////////
-
-=head2 del_user
-
- Parameters : $node, $user, $type, $osname
- Returns : 1 success 0 failure
- Description : removes user account from specificed node
-
-=cut
-
-sub del_user {
- my ($node, $user, $type, $osname, $image_os_type) = @_;
- my ($package, $filename, $line, $sub) = caller(0);
- notify($ERRORS{'WARNING'}, 0, "node is not defined") if
(!(defined($node)));
- notify($ERRORS{'WARNING'}, 0, "user is not defined") if
(!(defined($user)));
- notify($ERRORS{'WARNING'}, 0, "type is not defined") if
(!(defined($type)));
- notify($ERRORS{'WARNING'}, 0, "osname is not defined") if
(!(defined($osname)));
- notify($ERRORS{'WARNING'}, 0, "image_os_type is not defined") if
(!(defined($image_os_type)));
- #set variables to use
- my $cmd;
- my @sshcmd;
- if ($type =~ /blade|virtualmachine/) {
- #my $os = _machine_os($node);
- if ($image_os_type =~ /linux/i) {
- #remove user from machine
- my @file;
- my $l;
- undef $cmd;
- undef @sshcmd;
- # do not currently use userdel -r will affect HPC user
storage for HPC installs
- $cmd = "/usr/sbin/userdel $user";
- @sshcmd = run_ssh_command($node, $IDENTITY_bladerhel,
$cmd, "root");
- foreach my $l (@{$sshcmd[1]}) {
- if ($l =~ /currently logged in/) {
- notify($ERRORS{'WARNING'}, 0, "$user
currently logged in returning 0");
- return 0;
- }
- }
- #user successfully deleted
- my $path1 = "$node:/etc/ssh/external_sshd_config";
- my $path2 = "/tmp/$node.sshd";
- if (run_scp_command($path1, $path2,
$IDENTITY_bladerhel)) {
- notify($ERRORS{'DEBUG'}, 0, "scp success
retrieved $path1");
- }
- else {
- notify($ERRORS{'WARNING'}, 0, "failed to
retrieve $path1");
- return 0;
- }
- #remove from sshd
- if (open(SSHDCFG, "/tmp/$node.sshd")) {
- @file = <SSHDCFG>;
- close SSHDCFG;
- foreach $l (@file) {
- $l = "" if ($l =~ /AllowUsers/);
- }
- if (open(SCP, ">/tmp/$node.sshd")) {
- print SCP @file;
- close SCP;
- }
- undef $path1;
- undef $path2;
- $path1 = "/tmp/$node.sshd";
- $path2 = "$node:/etc/ssh/external_sshd_config";
- if (run_scp_command($path1, $path2,
$IDENTITY_bladerhel)) {
- notify($ERRORS{'DEBUG'}, 0, "scp
success copied $path1 to $path2");
- unlink $path1;
- #turn off external sshd
- if (run_ssh_command($node,
$IDENTITY_bladerhel, "/etc/init.d/ext_sshd stop")) {
- notify($ERRORS{'DEBUG'}, 0,
"turned off ext_sshd on $node");
- }
- return 1;
- }
- else {
- notify($ERRORS{'WARNING'}, 0, "failed
to copy $path1 to $path2");
- return 0;
- }
- } ## end if (open(SSHDCFG, "/tmp/$node.sshd"))
-
- #CLEAR sudoers file
- my $clear_cmd = "sed -ie \"/^$user .*/d\" /etc/sudoers";
- if (run_ssh_command($node, $IDENTITY_bladerhel,
$clear_cmd, "root")) {
- notify($ERRORS{'DEBUG'}, 0, "cleared $user from
/etc/sudoers");
- }
- else {
- notify($ERRORS{'CRITICAL'}, 0, "failed to clear
$user from /etc/sudoers");
- }
-
-
- } ## end elsif
- else {
- notify($ERRORS{'WARNING'}, 0, "$osname does not exist
");
- return 0;
- }
- } ## end if ($type =~ /blade|virtualmachine/)
-
-} ## end sub del_user
-
-#/////////////////////////////////////////////////////////////////////////////
-
=head2 disablesshd
Parameters : $hostname, $unityname, $remoteIP, $state, $osname, $log
