Merge invirt-console-server into invirt-console (LP: #305681)

svn path=/trunk/packages/invirt-console/; revision=1815

diff --git a/debian/changelog b/debian/changelog
index d0f3ce7..0d439ce 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,164 +1,291 @@
-invirt-console-host (0.0.10) unstable; urgency=low
+invirt-console (0.2.0) unstable; urgency=low
 
-  * Clean up the old sudoers block in the postinst before we add it back
+  * Rename source package in preparation for merging invirt-console-server
+    with invirt-console-host
+  * Merge invirt-console-host into invirt-console (LP: #305681)
 
- -- Evan Broder <broder@mit.edu>  Tue, 25 Nov 2008 08:13:32 -0500
+ -- Evan Broder <broder@mit.edu>  Sun, 07 Dec 2008 10:17:06 -0500
 
-invirt-console-host (0.0.9) unstable; urgency=low
+invirt-console-server (0.1.3) unstable; urgency=low
 
-  * Add cron dependency
+  * Fix a gen_config -> gen_files
 
- -- Evan Broder <broder@mit.edu>  Thu, 20 Nov 2008 11:01:03 -0500
+ -- Greg Price <price@mit.edu>  Sat, 22 Nov 2008 19:27:59 -0500
 
-invirt-console-host (0.0.8) unstable; urgency=low
+invirt-console-server (0.1.2) unstable; urgency=low
 
-  * Specify a full path to invoke-rc.d for when this gets run as a cron
-    job
+  * Use gen-files.sh instead of rolling out own
 
- -- Evan Broder <broder@mit.edu>  Thu, 06 Nov 2008 18:57:02 -0500
+ -- Evan Broder <broder@mit.edu>  Sat, 22 Nov 2008 05:45:25 -0500
 
-invirt-console-host (0.0.7) unstable; urgency=low
+invirt-console-server (0.1.1) unstable; urgency=low
 
-  * Use invoke-rc.d instead of calling init scripts directly
+  * Clean up the init script with some ideas from debathena-pyhesiodfs.
+  * Switch to using std-init.
 
- -- Evan Broder <broder@mit.edu>  Fri, 31 Oct 2008 06:29:20 -0400
+ -- Evan Broder <broder@mit.edu>  Sat, 22 Nov 2008 05:26:22 -0500
 
-invirt-console-host (0.0.6) unstable; urgency=low
+invirt-console-server (0.1.0) unstable; urgency=low
 
-  * sipb-xen-base -> invirt-base
+  * Add real caching to consolefs
+  * Now that we're really caching, cache for a shorter period of time
+
+ -- Evan Broder <broder@mit.edu>  Mon, 17 Nov 2008 13:16:37 -0500
+
+invirt-console-server (0.0.13) unstable; urgency=low
+
+  * Actually get the password fields right for libnss-pgsql
+
+ -- Evan Broder <broder@mit.edu>  Mon, 10 Nov 2008 22:57:49 -0500
+
+invirt-console-server (0.0.12) unstable; urgency=low
+
+  * Fix the libnss-pgsql config - don't suggest that the password should
+    be in /etc/shadow
+
+ -- Evan Broder <broder@mit.edu>  Mon, 10 Nov 2008 20:34:14 -0500
+
+invirt-console-server (0.0.11) unstable; urgency=low
+
+  * Don't depend on invirt-mail-config
+
+ -- Evan Broder <broder@mit.edu>  Thu, 06 Nov 2008 22:47:47 -0500
+
+invirt-console-server (0.0.10) unstable; urgency=low
+
+  * Fix some uncaught bugs with the libnss-pgsql config
+
+ -- Evan Broder <broder@mit.edu>  Thu, 06 Nov 2008 22:21:12 -0500
+
+invirt-console-server (0.0.9) unstable; urgency=low
 
- -- Evan Broder <broder@mit.edu>  Tue, 28 Oct 2008 04:23:12 -0400
+  * Depend on invirt-mail-config
 
-invirt-console-host (0.0.5) unstable; urgency=low
+ -- Evan Broder <broder@mit.edu>  Thu, 06 Nov 2008 21:48:34 -0500
 
-  * invirt-console-host doesn't use the database anymore, so don't connect
-    to it
+invirt-console-server (0.0.8) unstable; urgency=low
 
- -- Evan Broder <broder@mit.edu>  Sat, 25 Oct 2008 14:09:03 -0400
+  * The ACL file for remctl moved, but the reference to it didn't
 
-invirt-console-host (0.0.4) unstable; urgency=low
+ -- Evan Broder <broder@mit.edu>  Thu, 06 Nov 2008 03:35:48 -0500
 
-  * Kill DEB_AUTO_UPDATE_DEBIAN_CONTROL
+invirt-console-server (0.0.7) unstable; urgency=low
 
- -- Evan Broder <broder@mit.edu>  Fri, 24 Oct 2008 13:46:46 -0400
+  * Apparently remctl scripts run without a PATH
 
-invirt-console-host (0.0.3) unstable; urgency=low
+ -- Evan Broder <broder@mit.edu>  Sun, 02 Nov 2008 17:08:35 -0500
 
-  * make initscript even shorter, with code now provided by sipb-xen-base
+invirt-console-server (0.0.6) unstable; urgency=low
 
- -- Greg Price <price@mit.edu>  Fri, 24 Oct 2008 07:07:46 -0400
+  * Use invoke-rc.d instead of calling init scripts directly
+
+ -- Evan Broder <broder@mit.edu>  Fri, 31 Oct 2008 06:32:17 -0400
+
+invirt-console-server (0.0.5) unstable; urgency=low
+
+  * sipb-xen-base -> invirt-base
+
+ -- Evan Broder <broder@mit.edu>  Tue, 28 Oct 2008 04:23:16 -0400
+
+invirt-console-server (0.0.4) unstable; urgency=low
+
+  * sipb-xen-database-common -> invirt-database
 
-invirt-console-host (0.0.2) unstable; urgency=low
+ -- Evan Broder <broder@mit.edu>  Sat, 25 Oct 2008 21:04:39 -0400
 
-  * make initscript start conserver on start/restart, not just reload
-  * drastically shorten initscript to current Invirt best practice,
-    in hopes that such dumb bugs can't hide so easily
+invirt-console-server (0.0.3) unstable; urgency=low
 
- -- Greg Price <price@mit.edu>  Fri, 24 Oct 2008 03:33:32 -0400
+  * Remove dependency on sipb-xen-chrony-config - we need to take care of
+    the clock, but not through that package
 
-invirt-console-host (0.0.1) unstable; urgency=low
+ -- Evan Broder <broder@mit.edu>  Sat, 25 Oct 2008 19:18:06 -0400
+
+invirt-console-server (0.0.2) unstable; urgency=low
+
+  * Standardize on "Invirt project"
+
+ -- Evan Broder <broder@mit.edu>  Fri, 24 Oct 2008 13:32:17 -0400
+
+invirt-console-server (0.0.1) unstable; urgency=low
 
   * sipb-xen -> invirt
-  * -server -> -host while we're at it
+  *  -> -server while we're at it
 
- -- Greg Price <price@mit.edu>  Fri, 24 Oct 2008 01:23:56 -0400
+ -- Greg Price <price@mit.edu>  Fri, 24 Oct 2008 03:54:40 -0400
 
-sipb-xen-console-server (2.8) unstable; urgency=low
+sipb-xen-console (8.4) unstable; urgency=low
 
   * Create a dummy console entry that exists by default so that conserver
     won't quit if no consoles are defined.
 
- -- Evan Broder <broder@mit.edu>  Tue, 14 Oct 2008 03:10:28 -0400
+ -- Evan Broder <broder@mit.edu>  Tue, 14 Oct 2008 03:13:47 -0400
 
-sipb-xen-console-server (2.7) unstable; urgency=low
+sipb-xen-console (8.3) unstable; urgency=low
 
-  * Don't run conserver as root; use sudo instead
+  * Update nss-pgsql.conf.mako to reflect new config file format
 
- -- Evan Broder <broder@mit.edu>  Tue, 14 Oct 2008 02:38:46 -0400
+ -- Evan Broder <broder@mit.edu>  Mon, 06 Oct 2008 02:31:37 -0400
 
-sipb-xen-console-server (2.06.3) unstable; urgency=low
+sipb-xen-console (8.2) unstable; urgency=low
 
-  * Running conserver as root so it can run xm console
+  * Actually generate nscd.conf correctly
 
- -- Evan Broder <broder@mit.edu>  Tue, 14 Oct 2008 01:42:26 -0400
+ -- Evan Broder <broder@mit.edu>  Mon, 06 Oct 2008 01:45:33 -0400
 
-sipb-xen-console-server (2.06.2) unstable; urgency=low
+sipb-xen-console (8.1) unstable; urgency=low
 
-  * No really - correctly divert conserver.cf
+  * ConsoleFS is now RouteFS-based
 
- -- Evan Broder <broder@mit.edu>  Tue, 14 Oct 2008 01:39:09 -0400
+ -- Evan Broder <broder@mit.edu>  Sun, 05 Oct 2008 05:26:52 -0400
 
-sipb-xen-console-server (2.06.1) unstable; urgency=low
+sipb-xen-console (8.0) unstable; urgency=low
 
-  * Correctly divert conserver.cf
+  * Update config files to work with Hardy
 
- -- Evan Broder <broder@mit.edu>  Tue, 14 Oct 2008 01:34:25 -0400
+ -- Evan Broder <broder@mit.edu>  Sun, 05 Oct 2008 04:45:21 -0400
 
-sipb-xen-console-server (2.06) unstable; urgency=low
+sipb-xen-console (7.8) unstable; urgency=low
 
   * generate config files using mako
 
- -- Yang Zhang <y_z@mit.edu>  Thu, 14 Aug 2008 15:15:18 -0400
+ -- Yang Zhang <y_z@mit.edu>  Thu, 14 Aug 2008 15:10:50 -0400
+
+sipb-xen-console (7.7) unstable; urgency=low
+
+  * sipb_xen_database -> invirt.database
+  * use invirt config in sipb-xen-consolefs
+  * added decomposition of DB URI
+  * generate nss-pgsql.conf and issue.net.no_tkt from debian init script
+
+ -- Yang Zhang <y_z@mit.edu>  Sun,  3 Aug 2008 01:13:37 -0400
+
+sipb-xen-console (7.6) unstable; urgency=low
 
-sipb-xen-console-server (2.05) unstable; urgency=low
+  * Use invirt-getconf to generate config.
 
-  * use invirt.config rather than /etc/invirt/* directly
-  * get console-server hostname, db connection string from config
-  * generate conserver config piece needing console-server ip
-  * remove console 's_sipb-xen-dev', which doesn't work anyway
-  * all configured!
+ -- Greg Price <price@mit.edu>  Wed, 30 Jul 2008 22:28:33 -0400
 
- -- Greg Price <price@mit.edu>  Sat,  2 Aug 2008 18:58:59 -0400
+sipb-xen-console (7.5) unstable; urgency=low
 
-sipb-xen-console-server (2.04) unstable; urgency=low
+  * Generate config at start/reload from /etc/invirt/*.
 
-  * Get Kerberos realm from config rather than hardcoding.
-  * Don't hardcode host's hostname in conserver.cf.
-  * Update for current config-package-dev.
+ -- Greg Price <price@mit.edu>  Mon, 21 Jul 2008 18:29:43 -0400
 
- -- Greg Price <price@mit.edu>  Tue, 22 Jul 2008 01:32:04 -0400
+sipb-xen-console (7.4) unstable; urgency=low
 
-sipb-xen-console-server (2.03) unstable; urgency=low
+  * pull in sipb-xen-base
+
+ -- Greg Price <price@mit.edu>  Mon, 21 Jul 2008 17:41:01 -0400
+
+sipb-xen-console (7.3) unstable; urgency=low
+
+  * update for current config-package-dev
+
+ -- Greg Price <price@mit.edu>  Sun, 20 Jul 2008 15:41:50 -0400
+
+sipb-xen-console (7.3) unstable; urgency=low
+
+  * Move config details out to config package.
+
+ -- Greg Price <price@mit.edu>  Sun, 20 Jul 2008 01:01:26 -0400
+
+sipb-xen-console (7.2) unstable; urgency=low
 
   * Multiplex consoles on multiple hosts.
+  
+ -- Greg Price <price@mit.edu>  Sun, 13 Jul 2008 08:52:18 -0400
+
+sipb-xen-console (7.1) unstable; urgency=low
+
+  * Remember to actually divert the conserver config
+
+ -- Evan Broder <broder@sipb-xen-dev.mit.edu>  Wed,  2 Apr 2008 01:48:05 -0400
+
+sipb-xen-console (7) unstable; urgency=low
+
+  * Use conserver instead of ssh to connect to black-mesa
+
+ -- Evan Broder <broder@sipb-xen-dev.mit.edu>  Wed,  2 Apr 2008 00:52:05 -0400
+
+sipb-xen-console (6.2) unstable; urgency=low
+
+  * /etc/modules is no longer managed by this package
+
+ -- SIPB Xen Project <sipb-xen@mit.edu>  Tue,  1 Apr 2008 22:25:09 -0400
+
+sipb-xen-console (6.1) unstable; urgency=low
+
+  * Don't add the "d_" to the domain name on this side - do it on the
+    black-mesa side
+
+ -- SIPB Xen Project <sipb-xen@mit.edu>  Tue, 01 Apr 2008 22:20:47 -0400
+
+sipb-xen-console (6) unstable; urgency=low
+
+  * modprobe fuse before attaching consolefs
+  * Revert code to block dropping privileges to user accounts
+  * Add configuration to accept Kerberos config for users and error on
+    non-root users if Kerberos authentication fails
+
+ -- SIPB Xen Project <sipb-xen@mit.edu>  Tue, 01 Apr 2008 20:03:11 -0400
+
+sipb-xen-console (5.1) unstable; urgency=low
+
+  * Package should create /consolefs so that sipb-xen-consolefs has
+    somewhere to mount to
+
+ -- Evan Broder <broder@sipb-xen-dev.mit.edu>  Sun, 30 Mar 2008 18:20:02 -0400
+
+sipb-xen-console (5) unstable; urgency=low
+
+  * modprobe fuse at boot
+
+ -- Evan Broder <broder@sipb-xen-dev.mit.edu>  Sun, 30 Mar 2008 17:57:36 -0400
+
+sipb-xen-console (4.1) unstable; urgency=low
+
+  * It should not be trivial for us to access the serial console of
+    users' machines
 
- -- Greg Price <price@mit.edu>  Sun, 13 Jul 2008 08:35:17 -0400
+ -- SIPB Xen Project <sipb-xen@mit.edu>  Sun, 30 Mar 2008 17:42:04 -0400
 
-sipb-xen-console-server (2.02) unstable; urgency=low
+sipb-xen-console (4) unstable; urgency=low
 
-  * And...xm isn't in the path, so give a full path
+  * Added comments to sipb-xen-consolefs
+  * Added support for symlinks in the realpath
+  * Changed sipb-xen-consolefs to use syslog instead of printf debugging
 
- -- Evan Broder <broder@sipb-xen-dev.mit.edu>  Wed,  2 Apr 2008 04:48:53 -0400
+ -- SIPB Xen Project <sipb-xen@mit.edu>  Sun, 30 Mar 2008 14:17:59 -0400
 
-sipb-xen-console-server (2.01) unstable; urgency=low
+sipb-xen-console (3.2) unstable; urgency=low
 
-  * update-conserver script should reload, not restart
+  * Fixing a bug in sipb-xen-consolefs ('@' is not re-added to realms
+    in the .k5login
 
- -- Evan Broder <broder@sipb-xen-dev.mit.edu>  Wed,  2 Apr 2008 04:43:12 -0400
+ -- SIPB Xen Project <sipb-xen@mit.edu>  Sun, 30 Mar 2008 06:39:30 -0400
 
-sipb-xen-console-server (2) unstable; urgency=low
+sipb-xen-console (3.1) unstable; urgency=low
 
-  * Use a python based update-conserver script that gets the list of
-    consoles from xm list
-  * Run the update-conserver script every 5 minutes to catch VMs that
-    are not started or stopped through the remctl interface
+  * Clean up the motd a bit
+  * Add dependency on sipb-xen-chrony-config to make sure the clock is
+    staying synced
 
- -- Evan Broder <broder@sipb-xen-dev.mit.edu>  Wed,  2 Apr 2008 04:32:58 -0400
+ -- SIPB Xen Project <sipb-xen@mit.edu>  Sun, 30 Mar 2008 06:33:55 -0400
 
-sipb-xen-console-server (1.0.2) unstable; urgency=low
+sipb-xen-console (3) unstable; urgency=low
 
-  * Also...make this package actually do something
+  * Make the motd useful instead of turning it off
 
- -- Evan Broder <broder@sipb-xen-dev.mit.edu>  Wed,  2 Apr 2008 01:41:32 -0400
+ -- SIPB Xen Project <sipb-xen@mit.edu>  Sun, 30 Mar 2008 06:14:23 -0400
 
-sipb-xen-console-server (1.0.1) unstable; urgency=low
+sipb-xen-console (2) unstable; urgency=low
 
-  * Misnamed a file
+  * Actually functional release.
 
- -- Evan Broder <broder@sipb-xen-dev.mit.edu>  Wed,  2 Apr 2008 01:36:29 -0400
+ -- SIPB Xen Project <sipb-xen@mit.edu>  Sun, 30 Mar 2008 05:07:43 -0400
 
-sipb-xen-console-server (1) unstable; urgency=low
+sipb-xen-console (1) unstable; urgency=low
 
   * Initial release.
 
- -- SIPB Xen Project <sipb-xen@mit.edu>  Wed,  2 Apr 2008 00:27:12 -0400
+ -- SIPB Xen Project <sipb-xen@mit.edu>  Sun, 30 Mar 2008 01:08:50 -0400

diff --git a/debian/control b/debian/control
index 28deb16..4969f5c 100644 (file)
--- a/debian/control
+++ b/debian/control
@@ -1,10 +1,21 @@
-Source: invirt-console-host
+Source: invirt-console
 Section: servers
-Priority: important
-Maintainer: invirt@mit.edu
-Build-Depends: cdbs (>= 0.4.23-1.1), debhelper (>= 5), config-package-dev (>= 4.5~)
+Priority: extra
+Maintainer: Invirt project <invirt@mit.edu>
+Build-Depends: cdbs (>= 0.4.23-1.1), debhelper (>= 5), config-package-dev (>= 4.5~), nscd, openssh-server, debathena-ssh-server-config, initscripts
 Standards-Version: 3.7.2
 
+Package: invirt-console-server
+Architecture: all
+Provides: ${diverted-files}
+Conflicts: ${diverted-files}
+Depends: invirt-base, ${shlibs:Depends}, ${misc:Depends},
+ conserver-client, daemon, debathena-kerberos-config, fuse-utils,
+ libnss-pgsql1, nscd, openssh-server, python, python-routefs,
+ invirt-database, remctl-server, debathena-ssh-server-config
+Description: Invirt serial-console proxy server
+ This is the software for the serial-console proxy server.
+
 Package: invirt-console-host
 Architecture: all
 Provides: ${diverted-files}

diff --git a/debian/invirt-console-host.install b/debian/invirt-console-host.install
index 9da31b3..260c50b 100644 (file)
--- a/debian/invirt-console-host.install
+++ b/debian/invirt-console-host.install
@@ -1 +1 @@
-files/* .
+host/* .

diff --git a/debian/invirt-console-server.init b/debian/invirt-console-server.init
new file mode 100755 (executable)
index 0000000..1d083a3
--- /dev/null
+++ b/debian/invirt-console-server.init
@@ -0,0 +1,86 @@
+#!/bin/bash
+### BEGIN INIT INFO
+# Provides:          invirt-console-server
+# Required-Start:    $local_fs $remote_fs
+# Required-Stop:     $local_fs $remote_fs
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Invirt console proxy server
+# Description:       
+### END INIT INFO
+
+# Author: Invirt project <invirt@mit.edu>
+
+# Do NOT "set -e"
+
+# PATH should only include /usr/* if it runs after the mountnfs.sh script
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC="the Invirt console server"
+NAME=invirt-console-server
+DAEMON=/usr/bin/invirt-consolefs
+MOUNTPOINT="/consolefs"
+DAEMON_ARGS="-f $MOUNTPOINT"
+PIDFILE=/var/run/$NAME.pid
+SCRIPTNAME=/etc/init.d/$NAME
+GEN_FILES=(/etc/conserver/invirt-hosts.cf
+    /etc/remctl/acl/invirt-console-server
+    /etc/issue.net.no_tkt
+    /etc/nss-pgsql.conf)
+
+# Exit if the package is not installed
+[ -x "$DAEMON" ] || exit 0
+
+. /lib/init/gen-files.sh
+. /lib/init/std-init.sh
+
+#
+# Function that starts the daemon/service
+#
+do_start()
+{
+    # Return
+    #   0 if daemon has been started
+    #   1 if daemon was already running
+    #   2 if daemon could not be started
+    
+    # Try to make sure fuse is setup
+    [ -e /dev/fuse ] || modprobe fuse || return 2
+    
+    if cat /proc/mounts | grep " $MOUNTPOINT " >/dev/null 2>&1; then
+        return 1
+    fi
+    
+    gen_files
+    
+    daemon -r -O daemon.info -E daemon.err -n $NAME -- $DAEMON $DAEMON_ARGS || return 2
+}
+
+#
+# Function that stops the daemon/service
+#
+do_stop()
+{
+    # Return
+    #   0 if daemon has been stopped
+    #   1 if daemon was already stopped
+    #   2 if daemon could not be stopped
+    #   other if a failure occurred
+    
+    if ! cat /proc/mounts | grep " $MOUNTPOINT " >/dev/null 2>&1; then
+        return 1
+    fi
+    
+    daemon --stop -n $NAME
+    RETVAL="$?"
+    [ "$RETVAL" = 2 ] && return 2
+    # Many daemons don't delete their pidfiles when they exit.
+    rm -f $PIDFILE
+}
+
+do_reload()
+{
+    gen_files
+    invoke-rc.d conserver-server reload
+}
+
+std_init "$1"

diff --git a/debian/invirt-console-server.install b/debian/invirt-console-server.install
new file mode 100644 (file)
index 0000000..bf66dce
--- /dev/null
+++ b/debian/invirt-console-server.install
@@ -0,0 +1 @@
+server/* .

diff --git a/debian/rules b/debian/rules
index bfba7f2..b1b8d2b 100755 (executable)
--- a/debian/rules
+++ b/debian/rules
@@ -1,6 +1,21 @@
 #!/usr/bin/make -f
 
 DEB_DIVERT_EXTENSION = .invirt
+DEB_TRANSFORM_FILES_invirt-console-server += \
+       /etc/init.d/bootmisc.sh.invirt \
+       /etc/nsswitch.conf.invirt \
+       /etc/nscd.conf.invirt \
+       /etc/pam.d/sshd.invirt \
+       /etc/ssh/sshd_config.debathena.invirt
+
+ifneq ($(wildcard /usr/share/base-files/nsswitch.conf),)
+    DEB_CHECK_FILES_SOURCE_/etc/nsswitch.conf.invirt = \
+        /usr/share/base-files/nsswitch.conf
+endif
+
+DEB_DIVERT_FILES_invirt-console-server += \
+       /etc/conserver/conserver.cf.invirt \
+       /etc/motd.invirt
 DEB_DIVERT_FILES_invirt-console-host += \
        /etc/conserver/conserver.cf.invirt \
        /etc/conserver/server.conf.invirt

diff --git a/debian/transform_bootmisc.sh.invirt b/debian/transform_bootmisc.sh.invirt
new file mode 100755 (executable)
index 0000000..b6a4b6d
--- /dev/null
+++ b/debian/transform_bootmisc.sh.invirt
@@ -0,0 +1,14 @@
+#!/bin/bash
+patch -p0 -o /dev/fd/4 3<&0 4>&1 1>/dev/null <<EOF
+
+# Yes, I there's no context. But the lines being replaced are less
+# likely to change than the lines around them
+
+--- Ignored
++++ /dev/fd/3
+@@ -42,3 +42,2 @@
+-      # Update motd
+-      uname -snrvm > /var/run/motd
+-      [ -f /etc/motd.tail ] && cat /etc/motd.tail >> /var/run/motd
++      # Do not update motd
++      cp /etc/motd /var/run/motd

diff --git a/debian/transform_nscd.conf.invirt b/debian/transform_nscd.conf.invirt
new file mode 100755 (executable)
index 0000000..2efdebb
--- /dev/null
+++ b/debian/transform_nscd.conf.invirt
@@ -0,0 +1,6 @@
+#!/usr/bin/perl -0p
+s/^(\s*negative-time-to-live\s*passwd\s*).*$/${1}3/m or die;
+s/^(\s*negative-time-to-live\s*group\s*).*$/${1}3/m or die;
+s/^(\s*persistent\s*passwd\s*).*$/\1no/m or die;
+s/^(\s*persistent\s*group\s*).*$/\1no/m or die;
+

diff --git a/debian/transform_nsswitch.conf.invirt b/debian/transform_nsswitch.conf.invirt
new file mode 100755 (executable)
index 0000000..652d02f
--- /dev/null
+++ b/debian/transform_nsswitch.conf.invirt
@@ -0,0 +1,3 @@
+#!/usr/bin/perl -0p
+s/^(passwd: .*)$/$1 pgsql/m or die;
+s/^(group: .*)$/$1 pgsql/m or die;

diff --git a/debian/transform_sshd.invirt b/debian/transform_sshd.invirt
new file mode 100755 (executable)
index 0000000..951a589
--- /dev/null
+++ b/debian/transform_sshd.invirt
@@ -0,0 +1,11 @@
+#!/bin/sh
+echo "# If they're not root, but their user exists (success),"
+echo 'auth    [success=ignore ignore=ignore default=1 module_unknown=die]   pam_succeed_if.so uid > 0'
+echo "# print the \"You don\'t have tickets\" error:"
+echo 'auth    [success=die ignore=reset default=die module_unknown=die]     pam_echo.so file=/etc/issue.net.no_tkt'
+echo "# If !(they are root),"
+echo 'auth    [success=1 ignore=ignore default=ignore module_unknown=die]   pam_succeed_if.so uid eq 0'
+echo "# print the \"your account doesn't exist\" error:"
+echo 'auth    [success=die ignore=reset default=die module_unknown=die]     pam_echo.so file=/etc/issue.net.no_user'
+echo
+exec cat

diff --git a/debian/transform_sshd_config.debathena.invirt b/debian/transform_sshd_config.debathena.invirt
new file mode 100755 (executable)
index 0000000..09d0557
--- /dev/null
+++ b/debian/transform_sshd_config.debathena.invirt
@@ -0,0 +1,2 @@
+#!/usr/bin/perl -0p
+s/^#?PrintLastLog .*$/PrintLastLog no/m or die;

diff --git a/files/etc/conserver/conserver.cf.invirt b/host/etc/conserver/conserver.cf.invirt
similarity index 100%
rename from files/etc/conserver/conserver.cf.invirt
rename to host/etc/conserver/conserver.cf.invirt

diff --git a/files/etc/conserver/invirt-consoles.cf b/host/etc/conserver/invirt-consoles.cf
similarity index 100%
rename from files/etc/conserver/invirt-consoles.cf
rename to host/etc/conserver/invirt-consoles.cf

diff --git a/files/etc/conserver/invirt-genconfig.cf.mako b/host/etc/conserver/invirt-genconfig.cf.mako
similarity index 100%
rename from files/etc/conserver/invirt-genconfig.cf.mako
rename to host/etc/conserver/invirt-genconfig.cf.mako

diff --git a/files/etc/conserver/server.conf.invirt b/host/etc/conserver/server.conf.invirt
similarity index 100%
rename from files/etc/conserver/server.conf.invirt
rename to host/etc/conserver/server.conf.invirt

diff --git a/files/usr/sbin/invirt-update-conserver b/host/usr/sbin/invirt-update-conserver
similarity index 100%
rename from files/usr/sbin/invirt-update-conserver
rename to host/usr/sbin/invirt-update-conserver

diff --git a/server/etc/conserver/conserver.cf.invirt b/server/etc/conserver/conserver.cf.invirt
new file mode 100644 (file)
index 0000000..6d7130e
--- /dev/null
+++ b/server/etc/conserver/conserver.cf.invirt
@@ -0,0 +1,23 @@
+# default config for console
+config * {
+       sslrequired yes;
+}
+# If no consoles are defined, as is the case when the host first boots
+# up, conserver will quit. This keeps it running.
+#
+# Should someone create a VM called dummy-console, their VM will
+# shadow over this one
+console dummy-console {
+        master localhost;
+        type noop;
+}
+
+default * {
+        type exec;
+}
+access * {
+        trusted 127.0.0.1;
+        limited *;
+}
+
+#include /etc/conserver/invirt-hosts.cf

diff --git a/server/etc/conserver/console.cf b/server/etc/conserver/console.cf
new file mode 100644 (file)
index 0000000..73c3321
--- /dev/null
+++ b/server/etc/conserver/console.cf
@@ -0,0 +1,5 @@
+config * {
+  master localhost;
+  port   3109;
+  sslenabled yes;
+}

diff --git a/server/etc/conserver/invirt-hosts.cf.mako b/server/etc/conserver/invirt-hosts.cf.mako
new file mode 100644 (file)
index 0000000..3ffe807
--- /dev/null
+++ b/server/etc/conserver/invirt-hosts.cf.mako
@@ -0,0 +1,4 @@
+<% from invirt.config import structs as cfg %>\
+% for h in cfg.hosts:
+#include /etc/conserver/conf.d/${h.hostname}
+% endfor

diff --git a/server/etc/issue.net.no_tkt.mako b/server/etc/issue.net.no_tkt.mako
new file mode 100644 (file)
index 0000000..054a32d
--- /dev/null
+++ b/server/etc/issue.net.no_tkt.mako
@@ -0,0 +1,4 @@
+<% from invirt.config import structs as cfg %>\
+You must login to the ${cfg.console.hostname} console server using
+Kerberos tickets, but your ssh client did not pass a valid ticket to the
+console server.

diff --git a/server/etc/issue.net.no_user b/server/etc/issue.net.no_user
new file mode 100644 (file)
index 0000000..774bde5
--- /dev/null
+++ b/server/etc/issue.net.no_user
@@ -0,0 +1,2 @@
+The VM you are attempting to access does not appear to exist.
+

diff --git a/server/etc/motd.invirt b/server/etc/motd.invirt
new file mode 100644 (file)
index 0000000..cf35576
--- /dev/null
+++ b/server/etc/motd.invirt
@@ -0,0 +1,3 @@
+
+Type Ctrl-e, then c, then . to escape from the console
+

diff --git a/server/etc/nss-pgsql.conf.mako b/server/etc/nss-pgsql.conf.mako
new file mode 100644 (file)
index 0000000..5ed9f2e
--- /dev/null
+++ b/server/etc/nss-pgsql.conf.mako
@@ -0,0 +1,10 @@
+<% from invirt.config import structs as cfg %>
+connectionstring = host=${cfg.db.host} dbname=${cfg.db.dbname} user=${cfg.db.user} port=${cfg.db.port}
+
+getpwnam = SELECT name, '*', name, '/consolefs/'|| name, '/usr/bin/invirt-consolesh', machine_id + 1000, machine_id + 1000 FROM machines WHERE name = $1
+getpwuid = SELECT name, '*', name, '/consolefs/'|| name, '/usr/bin/invirt-consolesh', machine_id + 1000, machine_id + 1000 FROM machines WHERE machine_id + 1000 = $1
+allusers = SELECT name, '*', name, '/consolefs/'|| name, '/usr/bin/invirt-consolesh', machine_id + 1000, machine_id + 1000 FROM machines
+getgrnam = SELECT name, 'x', machine_id + 1000, NULL FROM machines WHERE name = $1
+getgrgid = SELECT name, 'x', machine_id + 1000, NULL FROM machines WHERE machine_id + 1000 = $1
+groups_dyn = SELECT NULL LIMIT 0;
+allgroups = SELECT name, 'x', machine_id + 1000, NULL FROM machines

diff --git a/server/etc/remctl/acl/invirt-console-server.mako b/server/etc/remctl/acl/invirt-console-server.mako
new file mode 100644 (file)
index 0000000..f2fffe3
--- /dev/null
+++ b/server/etc/remctl/acl/invirt-console-server.mako
@@ -0,0 +1,4 @@
+<% from invirt.config import structs as cfg %>\
+% for h in cfg.hosts:
+host/${h.hostname}@${cfg.authn[0].realm}
+% endfor

diff --git a/server/etc/remctl/conf.d/invirt-console b/server/etc/remctl/conf.d/invirt-console
new file mode 100644 (file)
index 0000000..cf92047
--- /dev/null
+++ b/server/etc/remctl/conf.d/invirt-console
@@ -0,0 +1 @@
+console update /usr/sbin/invirt-console-update /etc/remctl/acl/invirt-console-server

diff --git a/server/usr/bin/invirt-consolefs b/server/usr/bin/invirt-consolefs
new file mode 100755 (executable)
index 0000000..a3f75ec
--- /dev/null
+++ b/server/usr/bin/invirt-consolefs
@@ -0,0 +1,94 @@
+#!/usr/bin/python
+
+import routefs
+from routes import Mapper
+
+from syslog import *
+from time import time
+
+import os
+import errno
+
+from invirt.config import structs as config
+from invirt import database
+
+realpath = "/home/machines/"
+
+class ConsoleFS(routefs.RouteFS):
+    """
+    ConsoleFS creates a series of subdirectories each mirroring the same real
+    directory, except for a single file - the .k5login - which is dynamically
+    generated for each subdirectory
+    """
+    
+    def __init__(self, *args, **kw):
+        """Initialize the filesystem and set it to allow_other access besides
+        the user who mounts the filesystem (i.e. root)
+        """
+        super(ConsoleFS, self).__init__(*args, **kw)
+        self.lasttime = 0
+        self.machines = []
+        self.fuse_args.add("allow_other", True)
+        
+        openlog('invirt-consolefs ', LOG_PID, LOG_DAEMON)
+        
+        syslog(LOG_DEBUG, 'Init complete.')
+    
+    def make_map(self):
+        m = Mapper()
+        m.connect('', controller='getMachines')
+        m.connect(':machine', controller='getMirror')
+        m.connect(':machine/.k5login', controller='getK5login')
+        m.connect(':machine/*(path)', controller='getMirror')
+        return m
+    
+    def recache(self):
+        if time() - self.lasttime > 5:
+            self.lasttime = time()
+            database.clear_cache()
+            self.machines = dict((machine.name, machine) for machine in database.session.query(database.Machine).all())
+
+    def getMachines(self, **kw):
+        self.recache()
+        return self.machines.keys()
+    
+    def getMirror(self, machine, path='', **kw):
+        """Translate the path into its realpath equivalent, and return that
+        """
+        real = realpath + path
+        if os.path.isdir(real):
+            # The list is converted to a set so that we can handle the case 
+            # where there is already a .k5login in the realpath gracefully    
+            return routefs.Directory(set(os.listdir(real) + ['.k5login']))
+        elif os.path.islink(real):
+            return routefs.Symlink(os.readlink(real))
+        elif os.path.isfile(real):
+            return open(real).read()
+        else:
+            return -errno.EINVAL
+    
+    def getK5login(self, machine, **kw):
+        self.recache()
+        machine = self.machines[machine]
+        users = [acl.user for acl in machine.acl]
+        return "\n".join(map(self.userToPrinc, users) + [''])
+    
+    def mirrorPath(self, path):
+        """Translate a virtual path to its real path counterpart"""
+        return realpath + "/".join(getParts(path)[1:])
+    
+    def userToPrinc(self, user):
+        """Convert Kerberos v4-style names to v5-style and append a default
+        realm if none is specified
+        """
+        if '@' in user:
+            (princ, realm) = user.split('@')
+        else:
+            princ = user
+            realm = config.authn[0].realm
+        
+        return princ.replace('.', '/') + '@' + realm
+
+if __name__ == '__main__':
+    database.connect()
+    routefs.main(ConsoleFS)

diff --git a/server/usr/bin/invirt-consolesh b/server/usr/bin/invirt-consolesh
new file mode 100755 (executable)
index 0000000..617df6b
--- /dev/null
+++ b/server/usr/bin/invirt-consolesh
@@ -0,0 +1,2 @@
+#!/bin/bash
+exec /usr/bin/console "$USER"

diff --git a/server/usr/sbin/invirt-console-update b/server/usr/sbin/invirt-console-update
new file mode 100755 (executable)
index 0000000..e24a3ce
--- /dev/null
+++ b/server/usr/sbin/invirt-console-update
@@ -0,0 +1,18 @@
+#!/usr/bin/python
+import sys
+import os
+import subprocess
+
+def main(args):
+  contents = args[2]
+  hostname = os.environ['REMOTE_HOST'].lower()
+  f = file('/etc/conserver/conf.d/'+hostname, 'w')
+  f.write(contents)
+  f.close()
+  p = subprocess.Popen(['/usr/sbin/invoke-rc.d', 'conserver-server', 'reload'],
+                       stdout=subprocess.PIPE)
+  p.wait()
+  return 0
+
+if __name__ == '__main__':
+  sys.exit(main(sys.argv))