From: Evan Broder Date: Sun, 7 Dec 2008 15:21:31 +0000 (-0500) Subject: Merge invirt-console-server into invirt-console (LP: #305681) X-Git-Tag: 0.2.0^0 X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/invirt-console.git/commitdiff_plain/ea990341e40f67e1998fed6a1e6a8455782db73c?hp=-c Merge invirt-console-server into invirt-console (LP: #305681) svn path=/trunk/packages/invirt-console/; revision=1815 --- ea990341e40f67e1998fed6a1e6a8455782db73c diff --combined debian/changelog index 262bc4b,d0f3ce7..0d439ce --- a/debian/changelog +++ b/debian/changelog @@@ -1,290 -1,164 +1,291 @@@ -invirt-console-host (0.0.10) unstable; urgency=low +invirt-console (0.2.0) unstable; urgency=low - * Clean up the old sudoers block in the postinst before we add it back + * Rename source package in preparation for merging invirt-console-server + with invirt-console-host ++ * Merge invirt-console-host into invirt-console (LP: #305681) - -- Evan Broder Sun, 07 Dec 2008 10:10:36 -0500 - -- Evan Broder Tue, 25 Nov 2008 08:13:32 -0500 ++ -- Evan Broder Sun, 07 Dec 2008 10:17:06 -0500 -invirt-console-host (0.0.9) unstable; urgency=low +invirt-console-server (0.1.3) unstable; urgency=low - * Add cron dependency + * Fix a gen_config -> gen_files - -- Evan Broder Thu, 20 Nov 2008 11:01:03 -0500 + -- Greg Price Sat, 22 Nov 2008 19:27:59 -0500 -invirt-console-host (0.0.8) unstable; urgency=low +invirt-console-server (0.1.2) unstable; urgency=low - * Specify a full path to invoke-rc.d for when this gets run as a cron - job + * Use gen-files.sh instead of rolling out own - -- Evan Broder Thu, 06 Nov 2008 18:57:02 -0500 + -- Evan Broder Sat, 22 Nov 2008 05:45:25 -0500 -invirt-console-host (0.0.7) unstable; urgency=low +invirt-console-server (0.1.1) unstable; urgency=low - * Use invoke-rc.d instead of calling init scripts directly + * Clean up the init script with some ideas from debathena-pyhesiodfs. + * Switch to using std-init. - -- Evan Broder Fri, 31 Oct 2008 06:29:20 -0400 + -- Evan Broder Sat, 22 Nov 2008 05:26:22 -0500 -invirt-console-host (0.0.6) unstable; urgency=low +invirt-console-server (0.1.0) unstable; urgency=low - * sipb-xen-base -> invirt-base + * Add real caching to consolefs + * Now that we're really caching, cache for a shorter period of time + + -- Evan Broder Mon, 17 Nov 2008 13:16:37 -0500 + +invirt-console-server (0.0.13) unstable; urgency=low + + * Actually get the password fields right for libnss-pgsql + + -- Evan Broder Mon, 10 Nov 2008 22:57:49 -0500 + +invirt-console-server (0.0.12) unstable; urgency=low + + * Fix the libnss-pgsql config - don't suggest that the password should + be in /etc/shadow + + -- Evan Broder Mon, 10 Nov 2008 20:34:14 -0500 + +invirt-console-server (0.0.11) unstable; urgency=low + + * Don't depend on invirt-mail-config + + -- Evan Broder Thu, 06 Nov 2008 22:47:47 -0500 + +invirt-console-server (0.0.10) unstable; urgency=low + + * Fix some uncaught bugs with the libnss-pgsql config + + -- Evan Broder Thu, 06 Nov 2008 22:21:12 -0500 + +invirt-console-server (0.0.9) unstable; urgency=low - -- Evan Broder Tue, 28 Oct 2008 04:23:12 -0400 + * Depend on invirt-mail-config -invirt-console-host (0.0.5) unstable; urgency=low + -- Evan Broder Thu, 06 Nov 2008 21:48:34 -0500 - * invirt-console-host doesn't use the database anymore, so don't connect - to it +invirt-console-server (0.0.8) unstable; urgency=low - -- Evan Broder Sat, 25 Oct 2008 14:09:03 -0400 + * The ACL file for remctl moved, but the reference to it didn't -invirt-console-host (0.0.4) unstable; urgency=low + -- Evan Broder Thu, 06 Nov 2008 03:35:48 -0500 - * Kill DEB_AUTO_UPDATE_DEBIAN_CONTROL +invirt-console-server (0.0.7) unstable; urgency=low - -- Evan Broder Fri, 24 Oct 2008 13:46:46 -0400 + * Apparently remctl scripts run without a PATH -invirt-console-host (0.0.3) unstable; urgency=low + -- Evan Broder Sun, 02 Nov 2008 17:08:35 -0500 - * make initscript even shorter, with code now provided by sipb-xen-base +invirt-console-server (0.0.6) unstable; urgency=low - -- Greg Price Fri, 24 Oct 2008 07:07:46 -0400 + * Use invoke-rc.d instead of calling init scripts directly + + -- Evan Broder Fri, 31 Oct 2008 06:32:17 -0400 + +invirt-console-server (0.0.5) unstable; urgency=low + + * sipb-xen-base -> invirt-base + + -- Evan Broder Tue, 28 Oct 2008 04:23:16 -0400 + +invirt-console-server (0.0.4) unstable; urgency=low + + * sipb-xen-database-common -> invirt-database -invirt-console-host (0.0.2) unstable; urgency=low + -- Evan Broder Sat, 25 Oct 2008 21:04:39 -0400 - * make initscript start conserver on start/restart, not just reload - * drastically shorten initscript to current Invirt best practice, - in hopes that such dumb bugs can't hide so easily +invirt-console-server (0.0.3) unstable; urgency=low - -- Greg Price Fri, 24 Oct 2008 03:33:32 -0400 + * Remove dependency on sipb-xen-chrony-config - we need to take care of + the clock, but not through that package -invirt-console-host (0.0.1) unstable; urgency=low + -- Evan Broder Sat, 25 Oct 2008 19:18:06 -0400 + +invirt-console-server (0.0.2) unstable; urgency=low + + * Standardize on "Invirt project" + + -- Evan Broder Fri, 24 Oct 2008 13:32:17 -0400 + +invirt-console-server (0.0.1) unstable; urgency=low * sipb-xen -> invirt - * -server -> -host while we're at it + * -> -server while we're at it - -- Greg Price Fri, 24 Oct 2008 01:23:56 -0400 + -- Greg Price Fri, 24 Oct 2008 03:54:40 -0400 -sipb-xen-console-server (2.8) unstable; urgency=low +sipb-xen-console (8.4) unstable; urgency=low * Create a dummy console entry that exists by default so that conserver won't quit if no consoles are defined. - -- Evan Broder Tue, 14 Oct 2008 03:10:28 -0400 + -- Evan Broder Tue, 14 Oct 2008 03:13:47 -0400 -sipb-xen-console-server (2.7) unstable; urgency=low +sipb-xen-console (8.3) unstable; urgency=low - * Don't run conserver as root; use sudo instead + * Update nss-pgsql.conf.mako to reflect new config file format - -- Evan Broder Tue, 14 Oct 2008 02:38:46 -0400 + -- Evan Broder Mon, 06 Oct 2008 02:31:37 -0400 -sipb-xen-console-server (2.06.3) unstable; urgency=low +sipb-xen-console (8.2) unstable; urgency=low - * Running conserver as root so it can run xm console + * Actually generate nscd.conf correctly - -- Evan Broder Tue, 14 Oct 2008 01:42:26 -0400 + -- Evan Broder Mon, 06 Oct 2008 01:45:33 -0400 -sipb-xen-console-server (2.06.2) unstable; urgency=low +sipb-xen-console (8.1) unstable; urgency=low - * No really - correctly divert conserver.cf + * ConsoleFS is now RouteFS-based - -- Evan Broder Tue, 14 Oct 2008 01:39:09 -0400 + -- Evan Broder Sun, 05 Oct 2008 05:26:52 -0400 -sipb-xen-console-server (2.06.1) unstable; urgency=low +sipb-xen-console (8.0) unstable; urgency=low - * Correctly divert conserver.cf + * Update config files to work with Hardy - -- Evan Broder Tue, 14 Oct 2008 01:34:25 -0400 + -- Evan Broder Sun, 05 Oct 2008 04:45:21 -0400 -sipb-xen-console-server (2.06) unstable; urgency=low +sipb-xen-console (7.8) unstable; urgency=low * generate config files using mako - -- Yang Zhang Thu, 14 Aug 2008 15:15:18 -0400 + -- Yang Zhang Thu, 14 Aug 2008 15:10:50 -0400 + +sipb-xen-console (7.7) unstable; urgency=low + + * sipb_xen_database -> invirt.database + * use invirt config in sipb-xen-consolefs + * added decomposition of DB URI + * generate nss-pgsql.conf and issue.net.no_tkt from debian init script + + -- Yang Zhang Sun, 3 Aug 2008 01:13:37 -0400 + +sipb-xen-console (7.6) unstable; urgency=low -sipb-xen-console-server (2.05) unstable; urgency=low + * Use invirt-getconf to generate config. - * use invirt.config rather than /etc/invirt/* directly - * get console-server hostname, db connection string from config - * generate conserver config piece needing console-server ip - * remove console 's_sipb-xen-dev', which doesn't work anyway - * all configured! + -- Greg Price Wed, 30 Jul 2008 22:28:33 -0400 - -- Greg Price Sat, 2 Aug 2008 18:58:59 -0400 +sipb-xen-console (7.5) unstable; urgency=low -sipb-xen-console-server (2.04) unstable; urgency=low + * Generate config at start/reload from /etc/invirt/*. - * Get Kerberos realm from config rather than hardcoding. - * Don't hardcode host's hostname in conserver.cf. - * Update for current config-package-dev. + -- Greg Price Mon, 21 Jul 2008 18:29:43 -0400 - -- Greg Price Tue, 22 Jul 2008 01:32:04 -0400 +sipb-xen-console (7.4) unstable; urgency=low -sipb-xen-console-server (2.03) unstable; urgency=low + * pull in sipb-xen-base + + -- Greg Price Mon, 21 Jul 2008 17:41:01 -0400 + +sipb-xen-console (7.3) unstable; urgency=low + + * update for current config-package-dev + + -- Greg Price Sun, 20 Jul 2008 15:41:50 -0400 + +sipb-xen-console (7.3) unstable; urgency=low + + * Move config details out to config package. + + -- Greg Price Sun, 20 Jul 2008 01:01:26 -0400 + +sipb-xen-console (7.2) unstable; urgency=low * Multiplex consoles on multiple hosts. + + -- Greg Price Sun, 13 Jul 2008 08:52:18 -0400 + +sipb-xen-console (7.1) unstable; urgency=low + + * Remember to actually divert the conserver config + + -- Evan Broder Wed, 2 Apr 2008 01:48:05 -0400 + +sipb-xen-console (7) unstable; urgency=low + + * Use conserver instead of ssh to connect to black-mesa + + -- Evan Broder Wed, 2 Apr 2008 00:52:05 -0400 + +sipb-xen-console (6.2) unstable; urgency=low + + * /etc/modules is no longer managed by this package + + -- SIPB Xen Project Tue, 1 Apr 2008 22:25:09 -0400 + +sipb-xen-console (6.1) unstable; urgency=low + + * Don't add the "d_" to the domain name on this side - do it on the + black-mesa side + + -- SIPB Xen Project Tue, 01 Apr 2008 22:20:47 -0400 + +sipb-xen-console (6) unstable; urgency=low + + * modprobe fuse before attaching consolefs + * Revert code to block dropping privileges to user accounts + * Add configuration to accept Kerberos config for users and error on + non-root users if Kerberos authentication fails + + -- SIPB Xen Project Tue, 01 Apr 2008 20:03:11 -0400 + +sipb-xen-console (5.1) unstable; urgency=low + + * Package should create /consolefs so that sipb-xen-consolefs has + somewhere to mount to + + -- Evan Broder Sun, 30 Mar 2008 18:20:02 -0400 + +sipb-xen-console (5) unstable; urgency=low + + * modprobe fuse at boot + + -- Evan Broder Sun, 30 Mar 2008 17:57:36 -0400 + +sipb-xen-console (4.1) unstable; urgency=low + + * It should not be trivial for us to access the serial console of + users' machines - -- Greg Price Sun, 13 Jul 2008 08:35:17 -0400 + -- SIPB Xen Project Sun, 30 Mar 2008 17:42:04 -0400 -sipb-xen-console-server (2.02) unstable; urgency=low +sipb-xen-console (4) unstable; urgency=low - * And...xm isn't in the path, so give a full path + * Added comments to sipb-xen-consolefs + * Added support for symlinks in the realpath + * Changed sipb-xen-consolefs to use syslog instead of printf debugging - -- Evan Broder Wed, 2 Apr 2008 04:48:53 -0400 + -- SIPB Xen Project Sun, 30 Mar 2008 14:17:59 -0400 -sipb-xen-console-server (2.01) unstable; urgency=low +sipb-xen-console (3.2) unstable; urgency=low - * update-conserver script should reload, not restart + * Fixing a bug in sipb-xen-consolefs ('@' is not re-added to realms + in the .k5login - -- Evan Broder Wed, 2 Apr 2008 04:43:12 -0400 + -- SIPB Xen Project Sun, 30 Mar 2008 06:39:30 -0400 -sipb-xen-console-server (2) unstable; urgency=low +sipb-xen-console (3.1) unstable; urgency=low - * Use a python based update-conserver script that gets the list of - consoles from xm list - * Run the update-conserver script every 5 minutes to catch VMs that - are not started or stopped through the remctl interface + * Clean up the motd a bit + * Add dependency on sipb-xen-chrony-config to make sure the clock is + staying synced - -- Evan Broder Wed, 2 Apr 2008 04:32:58 -0400 + -- SIPB Xen Project Sun, 30 Mar 2008 06:33:55 -0400 -sipb-xen-console-server (1.0.2) unstable; urgency=low +sipb-xen-console (3) unstable; urgency=low - * Also...make this package actually do something + * Make the motd useful instead of turning it off - -- Evan Broder Wed, 2 Apr 2008 01:41:32 -0400 + -- SIPB Xen Project Sun, 30 Mar 2008 06:14:23 -0400 -sipb-xen-console-server (1.0.1) unstable; urgency=low +sipb-xen-console (2) unstable; urgency=low - * Misnamed a file + * Actually functional release. - -- Evan Broder Wed, 2 Apr 2008 01:36:29 -0400 + -- SIPB Xen Project Sun, 30 Mar 2008 05:07:43 -0400 -sipb-xen-console-server (1) unstable; urgency=low +sipb-xen-console (1) unstable; urgency=low * Initial release. - -- SIPB Xen Project Wed, 2 Apr 2008 00:27:12 -0400 + -- SIPB Xen Project Sun, 30 Mar 2008 01:08:50 -0400 diff --combined debian/control index b4767da,28deb16..4969f5c --- a/debian/control +++ b/debian/control @@@ -1,17 -1,14 +1,25 @@@ -Source: invirt-console-host +Source: invirt-console Section: servers -Priority: important -Maintainer: invirt@mit.edu -Build-Depends: cdbs (>= 0.4.23-1.1), debhelper (>= 5), config-package-dev (>= 4.5~) +Priority: extra +Maintainer: Invirt project +Build-Depends: cdbs (>= 0.4.23-1.1), debhelper (>= 5), config-package-dev (>= 4.5~), nscd, openssh-server, debathena-ssh-server-config, initscripts Standards-Version: 3.7.2 +Package: invirt-console-server +Architecture: all +Provides: ${diverted-files} +Conflicts: ${diverted-files} +Depends: invirt-base, ${shlibs:Depends}, ${misc:Depends}, + conserver-client, daemon, debathena-kerberos-config, fuse-utils, + libnss-pgsql1, nscd, openssh-server, python, python-routefs, + invirt-database, remctl-server, debathena-ssh-server-config +Description: Invirt serial-console proxy server + This is the software for the serial-console proxy server. ++ + Package: invirt-console-host + Architecture: all + Provides: ${diverted-files} + Conflicts: ${diverted-files} + Depends: ${shlibs:Depends}, ${misc:Depends}, conserver-server, remctl-client, invirt-base, cron + Description: SIPB Xen serial console server server + This configures the VMM for the server-side of the console server diff --combined debian/invirt-console-host.install index 0000000,9da31b3..260c50b mode 000000,100644..100644 --- a/debian/invirt-console-host.install +++ b/debian/invirt-console-host.install @@@ -1,0 -1,1 +1,1 @@@ -files/* . ++host/* . diff --combined debian/rules index 47cbab2,bfba7f2..b1b8d2b --- a/debian/rules +++ b/debian/rules @@@ -1,21 -1,9 +1,24 @@@ #!/usr/bin/make -f DEB_DIVERT_EXTENSION = .invirt +DEB_TRANSFORM_FILES_invirt-console-server += \ + /etc/init.d/bootmisc.sh.invirt \ + /etc/nsswitch.conf.invirt \ + /etc/nscd.conf.invirt \ + /etc/pam.d/sshd.invirt \ + /etc/ssh/sshd_config.debathena.invirt + +ifneq ($(wildcard /usr/share/base-files/nsswitch.conf),) + DEB_CHECK_FILES_SOURCE_/etc/nsswitch.conf.invirt = \ + /usr/share/base-files/nsswitch.conf +endif + +DEB_DIVERT_FILES_invirt-console-server += \ + /etc/conserver/conserver.cf.invirt \ + /etc/motd.invirt + DEB_DIVERT_FILES_invirt-console-host += \ + /etc/conserver/conserver.cf.invirt \ + /etc/conserver/server.conf.invirt include /usr/share/cdbs/1/rules/debhelper.mk include /usr/share/cdbs/1/rules/config-package.mk diff --combined host/etc/conserver/conserver.cf.invirt index 0000000,1b92380..1b92380 mode 000000,100644..100644 --- a/host/etc/conserver/conserver.cf.invirt +++ b/host/etc/conserver/conserver.cf.invirt @@@ -1,0 -1,25 +1,25 @@@ + config * { + sslrequired yes; + } + + # If no consoles are defined, as is the case when the host first boots + # up, conserver will quit. This keeps it running. + # + # Should someone create a VM called dummy-console, their VM will + # shadow over this one. + console dummy-console { + master localhost; + type noop; + } + + default * { + logfile /var/log/conserver/&.log; + timestamp "1lab"; + rw *; + type exec; + exec sudo xm console d_f; + execsubst f=cs; + } + + #include /etc/conserver/invirt-genconfig.cf + #include /etc/conserver/invirt-consoles.cf diff --combined host/etc/conserver/invirt-consoles.cf index 0000000,e69de29..e69de29 mode 000000,100644..100644 --- a/host/etc/conserver/invirt-consoles.cf +++ b/host/etc/conserver/invirt-consoles.cf diff --combined host/etc/conserver/invirt-genconfig.cf.mako index 0000000,94c3f94..94c3f94 mode 000000,100644..100644 --- a/host/etc/conserver/invirt-genconfig.cf.mako +++ b/host/etc/conserver/invirt-genconfig.cf.mako @@@ -1,0 -1,6 +1,6 @@@ + <% from invirt.config import structs as cfg %>\ + access * { + trusted 127.0.0.1; + trusted ${cfg.console.ip}; + limited *; + } diff --combined host/etc/conserver/server.conf.invirt index 0000000,9081b3b..9081b3b mode 000000,100644..100644 --- a/host/etc/conserver/server.conf.invirt +++ b/host/etc/conserver/server.conf.invirt @@@ -1,0 -1,2 +1,2 @@@ + OPTS='-p 3109 ' + ASROOT= diff --combined host/usr/sbin/invirt-update-conserver index 0000000,9a7fd3c..9a7fd3c mode 000000,100755..100755 --- a/host/usr/sbin/invirt-update-conserver +++ b/host/usr/sbin/invirt-update-conserver @@@ -1,0 -1,32 +1,32 @@@ + #!/usr/bin/python + + import subprocess + import os + import socket + from invirt.config import structs as config + + def live_vms(): + p = subprocess.Popen(['/usr/sbin/xm', 'list'], stdout=subprocess.PIPE) + p.wait() + output = p.stdout.read() + vms = [x.split()[0][2:] for x in output.splitlines() if x.startswith('d_')] + return vms + + def reload_conserver(): + p = subprocess.Popen(['/usr/sbin/invoke-rc.d', 'conserver-server', 'reload'], stdout=subprocess.PIPE) + p.wait() + + if __name__ == '__main__': + hostname = socket.getfqdn().lower() + realm = config.authn[0].realm + principal = 'host/'+hostname+'@'+realm + conftext = '\n'.join('console %s { master %s; }' % (vm, hostname) + for vm in live_vms()) + f = open('/etc/conserver/invirt-consoles.cf', 'w') + f.write(conftext) + f.close() + reload_conserver() + subprocess.call(['/usr/bin/kinit', '-k', '-t', '/etc/krb5.keytab', + principal]) + subprocess.call(['/usr/bin/remctl', config.console.hostname, + 'console', 'update', conftext])