Merge invirt-console-server into invirt-console (LP: #305681)

svn path=/trunk/packages/invirt-console/; revision=1815

diff --combined debian/changelog
index 262bc4b,d0f3ce7..0d439ce
--- 1/debian/changelog
--- 2/debian/changelog
+++ b/debian/changelog
@@@ -1,290 -1,164 +1,291 @@@
 -invirt-console-host (0.0.10) unstable; urgency=low
 +invirt-console (0.2.0) unstable; urgency=low
  
 -  * Clean up the old sudoers block in the postinst before we add it back
 +  * Rename source package in preparation for merging invirt-console-server
 +    with invirt-console-host
++  * Merge invirt-console-host into invirt-console (LP: #305681)
  
-  -- Evan Broder <broder@mit.edu>  Sun, 07 Dec 2008 10:10:36 -0500
 - -- Evan Broder <broder@mit.edu>  Tue, 25 Nov 2008 08:13:32 -0500
++ -- Evan Broder <broder@mit.edu>  Sun, 07 Dec 2008 10:17:06 -0500
  
 -invirt-console-host (0.0.9) unstable; urgency=low
 +invirt-console-server (0.1.3) unstable; urgency=low
  
 -  * Add cron dependency
 +  * Fix a gen_config -> gen_files
  
 - -- Evan Broder <broder@mit.edu>  Thu, 20 Nov 2008 11:01:03 -0500
 + -- Greg Price <price@mit.edu>  Sat, 22 Nov 2008 19:27:59 -0500
  
 -invirt-console-host (0.0.8) unstable; urgency=low
 +invirt-console-server (0.1.2) unstable; urgency=low
  
 -  * Specify a full path to invoke-rc.d for when this gets run as a cron
 -    job
 +  * Use gen-files.sh instead of rolling out own
  
 - -- Evan Broder <broder@mit.edu>  Thu, 06 Nov 2008 18:57:02 -0500
 + -- Evan Broder <broder@mit.edu>  Sat, 22 Nov 2008 05:45:25 -0500
  
 -invirt-console-host (0.0.7) unstable; urgency=low
 +invirt-console-server (0.1.1) unstable; urgency=low
  
 -  * Use invoke-rc.d instead of calling init scripts directly
 +  * Clean up the init script with some ideas from debathena-pyhesiodfs.
 +  * Switch to using std-init.
  
 - -- Evan Broder <broder@mit.edu>  Fri, 31 Oct 2008 06:29:20 -0400
 + -- Evan Broder <broder@mit.edu>  Sat, 22 Nov 2008 05:26:22 -0500
  
 -invirt-console-host (0.0.6) unstable; urgency=low
 +invirt-console-server (0.1.0) unstable; urgency=low
  
 -  * sipb-xen-base -> invirt-base
 +  * Add real caching to consolefs
 +  * Now that we're really caching, cache for a shorter period of time
 +
 + -- Evan Broder <broder@mit.edu>  Mon, 17 Nov 2008 13:16:37 -0500
 +
 +invirt-console-server (0.0.13) unstable; urgency=low
 +
 +  * Actually get the password fields right for libnss-pgsql
 +
 + -- Evan Broder <broder@mit.edu>  Mon, 10 Nov 2008 22:57:49 -0500
 +
 +invirt-console-server (0.0.12) unstable; urgency=low
 +
 +  * Fix the libnss-pgsql config - don't suggest that the password should
 +    be in /etc/shadow
 +
 + -- Evan Broder <broder@mit.edu>  Mon, 10 Nov 2008 20:34:14 -0500
 +
 +invirt-console-server (0.0.11) unstable; urgency=low
 +
 +  * Don't depend on invirt-mail-config
 +
 + -- Evan Broder <broder@mit.edu>  Thu, 06 Nov 2008 22:47:47 -0500
 +
 +invirt-console-server (0.0.10) unstable; urgency=low
 +
 +  * Fix some uncaught bugs with the libnss-pgsql config
 +
 + -- Evan Broder <broder@mit.edu>  Thu, 06 Nov 2008 22:21:12 -0500
 +
 +invirt-console-server (0.0.9) unstable; urgency=low
  
 - -- Evan Broder <broder@mit.edu>  Tue, 28 Oct 2008 04:23:12 -0400
 +  * Depend on invirt-mail-config
  
 -invirt-console-host (0.0.5) unstable; urgency=low
 + -- Evan Broder <broder@mit.edu>  Thu, 06 Nov 2008 21:48:34 -0500
  
 -  * invirt-console-host doesn't use the database anymore, so don't connect
 -    to it
 +invirt-console-server (0.0.8) unstable; urgency=low
  
 - -- Evan Broder <broder@mit.edu>  Sat, 25 Oct 2008 14:09:03 -0400
 +  * The ACL file for remctl moved, but the reference to it didn't
  
 -invirt-console-host (0.0.4) unstable; urgency=low
 + -- Evan Broder <broder@mit.edu>  Thu, 06 Nov 2008 03:35:48 -0500
  
 -  * Kill DEB_AUTO_UPDATE_DEBIAN_CONTROL
 +invirt-console-server (0.0.7) unstable; urgency=low
  
 - -- Evan Broder <broder@mit.edu>  Fri, 24 Oct 2008 13:46:46 -0400
 +  * Apparently remctl scripts run without a PATH
  
 -invirt-console-host (0.0.3) unstable; urgency=low
 + -- Evan Broder <broder@mit.edu>  Sun, 02 Nov 2008 17:08:35 -0500
  
 -  * make initscript even shorter, with code now provided by sipb-xen-base
 +invirt-console-server (0.0.6) unstable; urgency=low
  
 - -- Greg Price <price@mit.edu>  Fri, 24 Oct 2008 07:07:46 -0400
 +  * Use invoke-rc.d instead of calling init scripts directly
 +
 + -- Evan Broder <broder@mit.edu>  Fri, 31 Oct 2008 06:32:17 -0400
 +
 +invirt-console-server (0.0.5) unstable; urgency=low
 +
 +  * sipb-xen-base -> invirt-base
 +
 + -- Evan Broder <broder@mit.edu>  Tue, 28 Oct 2008 04:23:16 -0400
 +
 +invirt-console-server (0.0.4) unstable; urgency=low
 +
 +  * sipb-xen-database-common -> invirt-database
  
 -invirt-console-host (0.0.2) unstable; urgency=low
 + -- Evan Broder <broder@mit.edu>  Sat, 25 Oct 2008 21:04:39 -0400
  
 -  * make initscript start conserver on start/restart, not just reload
 -  * drastically shorten initscript to current Invirt best practice,
 -    in hopes that such dumb bugs can't hide so easily
 +invirt-console-server (0.0.3) unstable; urgency=low
  
 - -- Greg Price <price@mit.edu>  Fri, 24 Oct 2008 03:33:32 -0400
 +  * Remove dependency on sipb-xen-chrony-config - we need to take care of
 +    the clock, but not through that package
  
 -invirt-console-host (0.0.1) unstable; urgency=low
 + -- Evan Broder <broder@mit.edu>  Sat, 25 Oct 2008 19:18:06 -0400
 +
 +invirt-console-server (0.0.2) unstable; urgency=low
 +
 +  * Standardize on "Invirt project"
 +
 + -- Evan Broder <broder@mit.edu>  Fri, 24 Oct 2008 13:32:17 -0400
 +
 +invirt-console-server (0.0.1) unstable; urgency=low
  
    * sipb-xen -> invirt
 -  * -server -> -host while we're at it
 +  *  -> -server while we're at it
  
 - -- Greg Price <price@mit.edu>  Fri, 24 Oct 2008 01:23:56 -0400
 + -- Greg Price <price@mit.edu>  Fri, 24 Oct 2008 03:54:40 -0400
  
 -sipb-xen-console-server (2.8) unstable; urgency=low
 +sipb-xen-console (8.4) unstable; urgency=low
  
    * Create a dummy console entry that exists by default so that conserver
      won't quit if no consoles are defined.
  
 - -- Evan Broder <broder@mit.edu>  Tue, 14 Oct 2008 03:10:28 -0400
 + -- Evan Broder <broder@mit.edu>  Tue, 14 Oct 2008 03:13:47 -0400
  
 -sipb-xen-console-server (2.7) unstable; urgency=low
 +sipb-xen-console (8.3) unstable; urgency=low
  
 -  * Don't run conserver as root; use sudo instead
 +  * Update nss-pgsql.conf.mako to reflect new config file format
  
 - -- Evan Broder <broder@mit.edu>  Tue, 14 Oct 2008 02:38:46 -0400
 + -- Evan Broder <broder@mit.edu>  Mon, 06 Oct 2008 02:31:37 -0400
  
 -sipb-xen-console-server (2.06.3) unstable; urgency=low
 +sipb-xen-console (8.2) unstable; urgency=low
  
 -  * Running conserver as root so it can run xm console
 +  * Actually generate nscd.conf correctly
  
 - -- Evan Broder <broder@mit.edu>  Tue, 14 Oct 2008 01:42:26 -0400
 + -- Evan Broder <broder@mit.edu>  Mon, 06 Oct 2008 01:45:33 -0400
  
 -sipb-xen-console-server (2.06.2) unstable; urgency=low
 +sipb-xen-console (8.1) unstable; urgency=low
  
 -  * No really - correctly divert conserver.cf
 +  * ConsoleFS is now RouteFS-based
  
 - -- Evan Broder <broder@mit.edu>  Tue, 14 Oct 2008 01:39:09 -0400
 + -- Evan Broder <broder@mit.edu>  Sun, 05 Oct 2008 05:26:52 -0400
  
 -sipb-xen-console-server (2.06.1) unstable; urgency=low
 +sipb-xen-console (8.0) unstable; urgency=low
  
 -  * Correctly divert conserver.cf
 +  * Update config files to work with Hardy
  
 - -- Evan Broder <broder@mit.edu>  Tue, 14 Oct 2008 01:34:25 -0400
 + -- Evan Broder <broder@mit.edu>  Sun, 05 Oct 2008 04:45:21 -0400
  
 -sipb-xen-console-server (2.06) unstable; urgency=low
 +sipb-xen-console (7.8) unstable; urgency=low
  
    * generate config files using mako
  
 - -- Yang Zhang <y_z@mit.edu>  Thu, 14 Aug 2008 15:15:18 -0400
 + -- Yang Zhang <y_z@mit.edu>  Thu, 14 Aug 2008 15:10:50 -0400
 +
 +sipb-xen-console (7.7) unstable; urgency=low
 +
 +  * sipb_xen_database -> invirt.database
 +  * use invirt config in sipb-xen-consolefs
 +  * added decomposition of DB URI
 +  * generate nss-pgsql.conf and issue.net.no_tkt from debian init script
 +
 + -- Yang Zhang <y_z@mit.edu>  Sun,  3 Aug 2008 01:13:37 -0400
 +
 +sipb-xen-console (7.6) unstable; urgency=low
  
 -sipb-xen-console-server (2.05) unstable; urgency=low
 +  * Use invirt-getconf to generate config.
  
 -  * use invirt.config rather than /etc/invirt/* directly
 -  * get console-server hostname, db connection string from config
 -  * generate conserver config piece needing console-server ip
 -  * remove console 's_sipb-xen-dev', which doesn't work anyway
 -  * all configured!
 + -- Greg Price <price@mit.edu>  Wed, 30 Jul 2008 22:28:33 -0400
  
 - -- Greg Price <price@mit.edu>  Sat,  2 Aug 2008 18:58:59 -0400
 +sipb-xen-console (7.5) unstable; urgency=low
  
 -sipb-xen-console-server (2.04) unstable; urgency=low
 +  * Generate config at start/reload from /etc/invirt/*.
  
 -  * Get Kerberos realm from config rather than hardcoding.
 -  * Don't hardcode host's hostname in conserver.cf.
 -  * Update for current config-package-dev.
 + -- Greg Price <price@mit.edu>  Mon, 21 Jul 2008 18:29:43 -0400
  
 - -- Greg Price <price@mit.edu>  Tue, 22 Jul 2008 01:32:04 -0400
 +sipb-xen-console (7.4) unstable; urgency=low
  
 -sipb-xen-console-server (2.03) unstable; urgency=low
 +  * pull in sipb-xen-base
 +
 + -- Greg Price <price@mit.edu>  Mon, 21 Jul 2008 17:41:01 -0400
 +
 +sipb-xen-console (7.3) unstable; urgency=low
 +
 +  * update for current config-package-dev
 +
 + -- Greg Price <price@mit.edu>  Sun, 20 Jul 2008 15:41:50 -0400
 +
 +sipb-xen-console (7.3) unstable; urgency=low
 +
 +  * Move config details out to config package.
 +
 + -- Greg Price <price@mit.edu>  Sun, 20 Jul 2008 01:01:26 -0400
 +
 +sipb-xen-console (7.2) unstable; urgency=low
  
    * Multiplex consoles on multiple hosts.
 +  
 + -- Greg Price <price@mit.edu>  Sun, 13 Jul 2008 08:52:18 -0400
 +
 +sipb-xen-console (7.1) unstable; urgency=low
 +
 +  * Remember to actually divert the conserver config
 +
 + -- Evan Broder <broder@sipb-xen-dev.mit.edu>  Wed,  2 Apr 2008 01:48:05 -0400
 +
 +sipb-xen-console (7) unstable; urgency=low
 +
 +  * Use conserver instead of ssh to connect to black-mesa
 +
 + -- Evan Broder <broder@sipb-xen-dev.mit.edu>  Wed,  2 Apr 2008 00:52:05 -0400
 +
 +sipb-xen-console (6.2) unstable; urgency=low
 +
 +  * /etc/modules is no longer managed by this package
 +
 + -- SIPB Xen Project <sipb-xen@mit.edu>  Tue,  1 Apr 2008 22:25:09 -0400
 +
 +sipb-xen-console (6.1) unstable; urgency=low
 +
 +  * Don't add the "d_" to the domain name on this side - do it on the
 +    black-mesa side
 +
 + -- SIPB Xen Project <sipb-xen@mit.edu>  Tue, 01 Apr 2008 22:20:47 -0400
 +
 +sipb-xen-console (6) unstable; urgency=low
 +
 +  * modprobe fuse before attaching consolefs
 +  * Revert code to block dropping privileges to user accounts
 +  * Add configuration to accept Kerberos config for users and error on
 +    non-root users if Kerberos authentication fails
 +
 + -- SIPB Xen Project <sipb-xen@mit.edu>  Tue, 01 Apr 2008 20:03:11 -0400
 +
 +sipb-xen-console (5.1) unstable; urgency=low
 +
 +  * Package should create /consolefs so that sipb-xen-consolefs has
 +    somewhere to mount to
 +
 + -- Evan Broder <broder@sipb-xen-dev.mit.edu>  Sun, 30 Mar 2008 18:20:02 -0400
 +
 +sipb-xen-console (5) unstable; urgency=low
 +
 +  * modprobe fuse at boot
 +
 + -- Evan Broder <broder@sipb-xen-dev.mit.edu>  Sun, 30 Mar 2008 17:57:36 -0400
 +
 +sipb-xen-console (4.1) unstable; urgency=low
 +
 +  * It should not be trivial for us to access the serial console of
 +    users' machines
  
 - -- Greg Price <price@mit.edu>  Sun, 13 Jul 2008 08:35:17 -0400
 + -- SIPB Xen Project <sipb-xen@mit.edu>  Sun, 30 Mar 2008 17:42:04 -0400
  
 -sipb-xen-console-server (2.02) unstable; urgency=low
 +sipb-xen-console (4) unstable; urgency=low
  
 -  * And...xm isn't in the path, so give a full path
 +  * Added comments to sipb-xen-consolefs
 +  * Added support for symlinks in the realpath
 +  * Changed sipb-xen-consolefs to use syslog instead of printf debugging
  
 - -- Evan Broder <broder@sipb-xen-dev.mit.edu>  Wed,  2 Apr 2008 04:48:53 -0400
 + -- SIPB Xen Project <sipb-xen@mit.edu>  Sun, 30 Mar 2008 14:17:59 -0400
  
 -sipb-xen-console-server (2.01) unstable; urgency=low
 +sipb-xen-console (3.2) unstable; urgency=low
  
 -  * update-conserver script should reload, not restart
 +  * Fixing a bug in sipb-xen-consolefs ('@' is not re-added to realms
 +    in the .k5login
  
 - -- Evan Broder <broder@sipb-xen-dev.mit.edu>  Wed,  2 Apr 2008 04:43:12 -0400
 + -- SIPB Xen Project <sipb-xen@mit.edu>  Sun, 30 Mar 2008 06:39:30 -0400
  
 -sipb-xen-console-server (2) unstable; urgency=low
 +sipb-xen-console (3.1) unstable; urgency=low
  
 -  * Use a python based update-conserver script that gets the list of
 -    consoles from xm list
 -  * Run the update-conserver script every 5 minutes to catch VMs that
 -    are not started or stopped through the remctl interface
 +  * Clean up the motd a bit
 +  * Add dependency on sipb-xen-chrony-config to make sure the clock is
 +    staying synced
  
 - -- Evan Broder <broder@sipb-xen-dev.mit.edu>  Wed,  2 Apr 2008 04:32:58 -0400
 + -- SIPB Xen Project <sipb-xen@mit.edu>  Sun, 30 Mar 2008 06:33:55 -0400
  
 -sipb-xen-console-server (1.0.2) unstable; urgency=low
 +sipb-xen-console (3) unstable; urgency=low
  
 -  * Also...make this package actually do something
 +  * Make the motd useful instead of turning it off
  
 - -- Evan Broder <broder@sipb-xen-dev.mit.edu>  Wed,  2 Apr 2008 01:41:32 -0400
 + -- SIPB Xen Project <sipb-xen@mit.edu>  Sun, 30 Mar 2008 06:14:23 -0400
  
 -sipb-xen-console-server (1.0.1) unstable; urgency=low
 +sipb-xen-console (2) unstable; urgency=low
  
 -  * Misnamed a file
 +  * Actually functional release.
  
 - -- Evan Broder <broder@sipb-xen-dev.mit.edu>  Wed,  2 Apr 2008 01:36:29 -0400
 + -- SIPB Xen Project <sipb-xen@mit.edu>  Sun, 30 Mar 2008 05:07:43 -0400
  
 -sipb-xen-console-server (1) unstable; urgency=low
 +sipb-xen-console (1) unstable; urgency=low
  
    * Initial release.
  
 - -- SIPB Xen Project <sipb-xen@mit.edu>  Wed,  2 Apr 2008 00:27:12 -0400
 + -- SIPB Xen Project <sipb-xen@mit.edu>  Sun, 30 Mar 2008 01:08:50 -0400

diff --combined debian/control
index b4767da,28deb16..4969f5c
--- 1/debian/control
--- 2/debian/control
+++ b/debian/control
@@@ -1,17 -1,14 +1,25 @@@
 -Source: invirt-console-host
 +Source: invirt-console
  Section: servers
 -Priority: important
 -Maintainer: invirt@mit.edu
 -Build-Depends: cdbs (>= 0.4.23-1.1), debhelper (>= 5), config-package-dev (>= 4.5~)
 +Priority: extra
 +Maintainer: Invirt project <invirt@mit.edu>
 +Build-Depends: cdbs (>= 0.4.23-1.1), debhelper (>= 5), config-package-dev (>= 4.5~), nscd, openssh-server, debathena-ssh-server-config, initscripts
  Standards-Version: 3.7.2
  
 +Package: invirt-console-server
 +Architecture: all
 +Provides: ${diverted-files}
 +Conflicts: ${diverted-files}
 +Depends: invirt-base, ${shlibs:Depends}, ${misc:Depends},
 + conserver-client, daemon, debathena-kerberos-config, fuse-utils,
 + libnss-pgsql1, nscd, openssh-server, python, python-routefs,
 + invirt-database, remctl-server, debathena-ssh-server-config
 +Description: Invirt serial-console proxy server
 + This is the software for the serial-console proxy server.
++
+ Package: invirt-console-host
+ Architecture: all
+ Provides: ${diverted-files}
+ Conflicts: ${diverted-files}
+ Depends: ${shlibs:Depends}, ${misc:Depends}, conserver-server, remctl-client, invirt-base, cron
+ Description: SIPB Xen serial console server server
+   This configures the VMM for the server-side of the console server

diff --combined debian/invirt-console-host.install
index 0000000,9da31b3..260c50b
mode 000000,100644..100644
--- /dev/null
--- 2/debian/invirt-console-host.install
+++ b/debian/invirt-console-host.install
@@@ -1,0 -1,1 +1,1 @@@
 -files/* .
++host/* .

diff --combined debian/rules
index 47cbab2,bfba7f2..b1b8d2b
--- 1/debian/rules
--- 2/debian/rules
+++ b/debian/rules
@@@ -1,21 -1,9 +1,24 @@@
  #!/usr/bin/make -f
  
  DEB_DIVERT_EXTENSION = .invirt
 +DEB_TRANSFORM_FILES_invirt-console-server += \
 +      /etc/init.d/bootmisc.sh.invirt \
 +      /etc/nsswitch.conf.invirt \
 +      /etc/nscd.conf.invirt \
 +      /etc/pam.d/sshd.invirt \
 +      /etc/ssh/sshd_config.debathena.invirt
 +
 +ifneq ($(wildcard /usr/share/base-files/nsswitch.conf),)
 +    DEB_CHECK_FILES_SOURCE_/etc/nsswitch.conf.invirt = \
 +        /usr/share/base-files/nsswitch.conf
 +endif
 +
 +DEB_DIVERT_FILES_invirt-console-server += \
 +      /etc/conserver/conserver.cf.invirt \
 +      /etc/motd.invirt
+ DEB_DIVERT_FILES_invirt-console-host += \
+       /etc/conserver/conserver.cf.invirt \
+       /etc/conserver/server.conf.invirt
  
  include /usr/share/cdbs/1/rules/debhelper.mk
  include /usr/share/cdbs/1/rules/config-package.mk

diff --combined host/etc/conserver/conserver.cf.invirt
index 0000000,1b92380..1b92380
mode 000000,100644..100644
--- /dev/null
--- 2/files/etc/conserver/conserver.cf.invirt
+++ b/host/etc/conserver/conserver.cf.invirt
@@@ -1,0 -1,25 +1,25 @@@
+ config * {
+       sslrequired yes;
+ }
+ 
+ # If no consoles are defined, as is the case when the host first boots
+ # up, conserver will quit. This keeps it running.
+ #
+ # Should someone create a VM called dummy-console, their VM will
+ # shadow over this one.
+ console dummy-console {
+         master localhost;
+         type noop;
+ }
+ 
+ default * {
+       logfile /var/log/conserver/&.log;
+       timestamp "1lab";
+       rw *;
+       type exec;
+       exec sudo xm console d_f;
+       execsubst f=cs;
+ }
+ 
+ #include /etc/conserver/invirt-genconfig.cf
+ #include /etc/conserver/invirt-consoles.cf

diff --combined host/etc/conserver/invirt-consoles.cf
index 0000000,e69de29..e69de29
mode 000000,100644..100644
--- /dev/null
--- 2/files/etc/conserver/invirt-consoles.cf
+++ b/host/etc/conserver/invirt-consoles.cf

diff --combined host/etc/conserver/invirt-genconfig.cf.mako
index 0000000,94c3f94..94c3f94
mode 000000,100644..100644
--- /dev/null
--- 2/files/etc/conserver/invirt-genconfig.cf.mako
+++ b/host/etc/conserver/invirt-genconfig.cf.mako
@@@ -1,0 -1,6 +1,6 @@@
+ <% from invirt.config import structs as cfg %>\
+ access * {
+        trusted 127.0.0.1;
+        trusted ${cfg.console.ip};
+        limited *;
+ }

diff --combined host/etc/conserver/server.conf.invirt
index 0000000,9081b3b..9081b3b
mode 000000,100644..100644
--- /dev/null
--- 2/files/etc/conserver/server.conf.invirt
+++ b/host/etc/conserver/server.conf.invirt
@@@ -1,0 -1,2 +1,2 @@@
+ OPTS='-p 3109  '
+ ASROOT=

diff --combined host/usr/sbin/invirt-update-conserver
index 0000000,9a7fd3c..9a7fd3c
mode 000000,100755..100755
--- /dev/null
--- 2/files/usr/sbin/invirt-update-conserver
+++ b/host/usr/sbin/invirt-update-conserver
@@@ -1,0 -1,32 +1,32 @@@
+ #!/usr/bin/python
+ 
+ import subprocess
+ import os
+ import socket
+ from invirt.config import structs as config
+ 
+ def live_vms():
+     p = subprocess.Popen(['/usr/sbin/xm', 'list'], stdout=subprocess.PIPE)
+     p.wait()
+     output = p.stdout.read()
+     vms = [x.split()[0][2:] for x in output.splitlines() if x.startswith('d_')]
+     return vms
+ 
+ def reload_conserver():
+     p = subprocess.Popen(['/usr/sbin/invoke-rc.d', 'conserver-server', 'reload'], stdout=subprocess.PIPE)
+     p.wait()
+ 
+ if __name__ == '__main__':
+     hostname = socket.getfqdn().lower()
+     realm = config.authn[0].realm
+     principal = 'host/'+hostname+'@'+realm
+     conftext = '\n'.join('console %s { master %s; }' % (vm, hostname)
+                          for vm in live_vms())
+     f = open('/etc/conserver/invirt-consoles.cf', 'w')
+     f.write(conftext)
+     f.close()
+     reload_conserver()
+     subprocess.call(['/usr/bin/kinit', '-k', '-t', '/etc/krb5.keytab',
+                      principal])
+     subprocess.call(['/usr/bin/remctl', config.console.hostname,
+                      'console', 'update', conftext])