From: Evan Broder Date: Sun, 7 Dec 2008 15:21:31 +0000 (-0500) Subject: Merge invirt-console-server into invirt-console (LP: #305681) X-Git-Tag: 0.2.0^0 X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/invirt-console.git/commitdiff_plain/ea990341e40f67e1998fed6a1e6a8455782db73c?hp=3bba29b440aa05f25e898a22d11db58934ca7924 Merge invirt-console-server into invirt-console (LP: #305681) svn path=/trunk/packages/invirt-console/; revision=1815 --- diff --git a/debian/changelog b/debian/changelog index d0f3ce7..0d439ce 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,164 +1,291 @@ -invirt-console-host (0.0.10) unstable; urgency=low +invirt-console (0.2.0) unstable; urgency=low - * Clean up the old sudoers block in the postinst before we add it back + * Rename source package in preparation for merging invirt-console-server + with invirt-console-host + * Merge invirt-console-host into invirt-console (LP: #305681) - -- Evan Broder Tue, 25 Nov 2008 08:13:32 -0500 + -- Evan Broder Sun, 07 Dec 2008 10:17:06 -0500 -invirt-console-host (0.0.9) unstable; urgency=low +invirt-console-server (0.1.3) unstable; urgency=low - * Add cron dependency + * Fix a gen_config -> gen_files - -- Evan Broder Thu, 20 Nov 2008 11:01:03 -0500 + -- Greg Price Sat, 22 Nov 2008 19:27:59 -0500 -invirt-console-host (0.0.8) unstable; urgency=low +invirt-console-server (0.1.2) unstable; urgency=low - * Specify a full path to invoke-rc.d for when this gets run as a cron - job + * Use gen-files.sh instead of rolling out own - -- Evan Broder Thu, 06 Nov 2008 18:57:02 -0500 + -- Evan Broder Sat, 22 Nov 2008 05:45:25 -0500 -invirt-console-host (0.0.7) unstable; urgency=low +invirt-console-server (0.1.1) unstable; urgency=low - * Use invoke-rc.d instead of calling init scripts directly + * Clean up the init script with some ideas from debathena-pyhesiodfs. + * Switch to using std-init. - -- Evan Broder Fri, 31 Oct 2008 06:29:20 -0400 + -- Evan Broder Sat, 22 Nov 2008 05:26:22 -0500 -invirt-console-host (0.0.6) unstable; urgency=low +invirt-console-server (0.1.0) unstable; urgency=low - * sipb-xen-base -> invirt-base + * Add real caching to consolefs + * Now that we're really caching, cache for a shorter period of time + + -- Evan Broder Mon, 17 Nov 2008 13:16:37 -0500 + +invirt-console-server (0.0.13) unstable; urgency=low + + * Actually get the password fields right for libnss-pgsql + + -- Evan Broder Mon, 10 Nov 2008 22:57:49 -0500 + +invirt-console-server (0.0.12) unstable; urgency=low + + * Fix the libnss-pgsql config - don't suggest that the password should + be in /etc/shadow + + -- Evan Broder Mon, 10 Nov 2008 20:34:14 -0500 + +invirt-console-server (0.0.11) unstable; urgency=low + + * Don't depend on invirt-mail-config + + -- Evan Broder Thu, 06 Nov 2008 22:47:47 -0500 + +invirt-console-server (0.0.10) unstable; urgency=low + + * Fix some uncaught bugs with the libnss-pgsql config + + -- Evan Broder Thu, 06 Nov 2008 22:21:12 -0500 + +invirt-console-server (0.0.9) unstable; urgency=low - -- Evan Broder Tue, 28 Oct 2008 04:23:12 -0400 + * Depend on invirt-mail-config -invirt-console-host (0.0.5) unstable; urgency=low + -- Evan Broder Thu, 06 Nov 2008 21:48:34 -0500 - * invirt-console-host doesn't use the database anymore, so don't connect - to it +invirt-console-server (0.0.8) unstable; urgency=low - -- Evan Broder Sat, 25 Oct 2008 14:09:03 -0400 + * The ACL file for remctl moved, but the reference to it didn't -invirt-console-host (0.0.4) unstable; urgency=low + -- Evan Broder Thu, 06 Nov 2008 03:35:48 -0500 - * Kill DEB_AUTO_UPDATE_DEBIAN_CONTROL +invirt-console-server (0.0.7) unstable; urgency=low - -- Evan Broder Fri, 24 Oct 2008 13:46:46 -0400 + * Apparently remctl scripts run without a PATH -invirt-console-host (0.0.3) unstable; urgency=low + -- Evan Broder Sun, 02 Nov 2008 17:08:35 -0500 - * make initscript even shorter, with code now provided by sipb-xen-base +invirt-console-server (0.0.6) unstable; urgency=low - -- Greg Price Fri, 24 Oct 2008 07:07:46 -0400 + * Use invoke-rc.d instead of calling init scripts directly + + -- Evan Broder Fri, 31 Oct 2008 06:32:17 -0400 + +invirt-console-server (0.0.5) unstable; urgency=low + + * sipb-xen-base -> invirt-base + + -- Evan Broder Tue, 28 Oct 2008 04:23:16 -0400 + +invirt-console-server (0.0.4) unstable; urgency=low + + * sipb-xen-database-common -> invirt-database -invirt-console-host (0.0.2) unstable; urgency=low + -- Evan Broder Sat, 25 Oct 2008 21:04:39 -0400 - * make initscript start conserver on start/restart, not just reload - * drastically shorten initscript to current Invirt best practice, - in hopes that such dumb bugs can't hide so easily +invirt-console-server (0.0.3) unstable; urgency=low - -- Greg Price Fri, 24 Oct 2008 03:33:32 -0400 + * Remove dependency on sipb-xen-chrony-config - we need to take care of + the clock, but not through that package -invirt-console-host (0.0.1) unstable; urgency=low + -- Evan Broder Sat, 25 Oct 2008 19:18:06 -0400 + +invirt-console-server (0.0.2) unstable; urgency=low + + * Standardize on "Invirt project" + + -- Evan Broder Fri, 24 Oct 2008 13:32:17 -0400 + +invirt-console-server (0.0.1) unstable; urgency=low * sipb-xen -> invirt - * -server -> -host while we're at it + * -> -server while we're at it - -- Greg Price Fri, 24 Oct 2008 01:23:56 -0400 + -- Greg Price Fri, 24 Oct 2008 03:54:40 -0400 -sipb-xen-console-server (2.8) unstable; urgency=low +sipb-xen-console (8.4) unstable; urgency=low * Create a dummy console entry that exists by default so that conserver won't quit if no consoles are defined. - -- Evan Broder Tue, 14 Oct 2008 03:10:28 -0400 + -- Evan Broder Tue, 14 Oct 2008 03:13:47 -0400 -sipb-xen-console-server (2.7) unstable; urgency=low +sipb-xen-console (8.3) unstable; urgency=low - * Don't run conserver as root; use sudo instead + * Update nss-pgsql.conf.mako to reflect new config file format - -- Evan Broder Tue, 14 Oct 2008 02:38:46 -0400 + -- Evan Broder Mon, 06 Oct 2008 02:31:37 -0400 -sipb-xen-console-server (2.06.3) unstable; urgency=low +sipb-xen-console (8.2) unstable; urgency=low - * Running conserver as root so it can run xm console + * Actually generate nscd.conf correctly - -- Evan Broder Tue, 14 Oct 2008 01:42:26 -0400 + -- Evan Broder Mon, 06 Oct 2008 01:45:33 -0400 -sipb-xen-console-server (2.06.2) unstable; urgency=low +sipb-xen-console (8.1) unstable; urgency=low - * No really - correctly divert conserver.cf + * ConsoleFS is now RouteFS-based - -- Evan Broder Tue, 14 Oct 2008 01:39:09 -0400 + -- Evan Broder Sun, 05 Oct 2008 05:26:52 -0400 -sipb-xen-console-server (2.06.1) unstable; urgency=low +sipb-xen-console (8.0) unstable; urgency=low - * Correctly divert conserver.cf + * Update config files to work with Hardy - -- Evan Broder Tue, 14 Oct 2008 01:34:25 -0400 + -- Evan Broder Sun, 05 Oct 2008 04:45:21 -0400 -sipb-xen-console-server (2.06) unstable; urgency=low +sipb-xen-console (7.8) unstable; urgency=low * generate config files using mako - -- Yang Zhang Thu, 14 Aug 2008 15:15:18 -0400 + -- Yang Zhang Thu, 14 Aug 2008 15:10:50 -0400 + +sipb-xen-console (7.7) unstable; urgency=low + + * sipb_xen_database -> invirt.database + * use invirt config in sipb-xen-consolefs + * added decomposition of DB URI + * generate nss-pgsql.conf and issue.net.no_tkt from debian init script + + -- Yang Zhang Sun, 3 Aug 2008 01:13:37 -0400 + +sipb-xen-console (7.6) unstable; urgency=low -sipb-xen-console-server (2.05) unstable; urgency=low + * Use invirt-getconf to generate config. - * use invirt.config rather than /etc/invirt/* directly - * get console-server hostname, db connection string from config - * generate conserver config piece needing console-server ip - * remove console 's_sipb-xen-dev', which doesn't work anyway - * all configured! + -- Greg Price Wed, 30 Jul 2008 22:28:33 -0400 - -- Greg Price Sat, 2 Aug 2008 18:58:59 -0400 +sipb-xen-console (7.5) unstable; urgency=low -sipb-xen-console-server (2.04) unstable; urgency=low + * Generate config at start/reload from /etc/invirt/*. - * Get Kerberos realm from config rather than hardcoding. - * Don't hardcode host's hostname in conserver.cf. - * Update for current config-package-dev. + -- Greg Price Mon, 21 Jul 2008 18:29:43 -0400 - -- Greg Price Tue, 22 Jul 2008 01:32:04 -0400 +sipb-xen-console (7.4) unstable; urgency=low -sipb-xen-console-server (2.03) unstable; urgency=low + * pull in sipb-xen-base + + -- Greg Price Mon, 21 Jul 2008 17:41:01 -0400 + +sipb-xen-console (7.3) unstable; urgency=low + + * update for current config-package-dev + + -- Greg Price Sun, 20 Jul 2008 15:41:50 -0400 + +sipb-xen-console (7.3) unstable; urgency=low + + * Move config details out to config package. + + -- Greg Price Sun, 20 Jul 2008 01:01:26 -0400 + +sipb-xen-console (7.2) unstable; urgency=low * Multiplex consoles on multiple hosts. + + -- Greg Price Sun, 13 Jul 2008 08:52:18 -0400 + +sipb-xen-console (7.1) unstable; urgency=low + + * Remember to actually divert the conserver config + + -- Evan Broder Wed, 2 Apr 2008 01:48:05 -0400 + +sipb-xen-console (7) unstable; urgency=low + + * Use conserver instead of ssh to connect to black-mesa + + -- Evan Broder Wed, 2 Apr 2008 00:52:05 -0400 + +sipb-xen-console (6.2) unstable; urgency=low + + * /etc/modules is no longer managed by this package + + -- SIPB Xen Project Tue, 1 Apr 2008 22:25:09 -0400 + +sipb-xen-console (6.1) unstable; urgency=low + + * Don't add the "d_" to the domain name on this side - do it on the + black-mesa side + + -- SIPB Xen Project Tue, 01 Apr 2008 22:20:47 -0400 + +sipb-xen-console (6) unstable; urgency=low + + * modprobe fuse before attaching consolefs + * Revert code to block dropping privileges to user accounts + * Add configuration to accept Kerberos config for users and error on + non-root users if Kerberos authentication fails + + -- SIPB Xen Project Tue, 01 Apr 2008 20:03:11 -0400 + +sipb-xen-console (5.1) unstable; urgency=low + + * Package should create /consolefs so that sipb-xen-consolefs has + somewhere to mount to + + -- Evan Broder Sun, 30 Mar 2008 18:20:02 -0400 + +sipb-xen-console (5) unstable; urgency=low + + * modprobe fuse at boot + + -- Evan Broder Sun, 30 Mar 2008 17:57:36 -0400 + +sipb-xen-console (4.1) unstable; urgency=low + + * It should not be trivial for us to access the serial console of + users' machines - -- Greg Price Sun, 13 Jul 2008 08:35:17 -0400 + -- SIPB Xen Project Sun, 30 Mar 2008 17:42:04 -0400 -sipb-xen-console-server (2.02) unstable; urgency=low +sipb-xen-console (4) unstable; urgency=low - * And...xm isn't in the path, so give a full path + * Added comments to sipb-xen-consolefs + * Added support for symlinks in the realpath + * Changed sipb-xen-consolefs to use syslog instead of printf debugging - -- Evan Broder Wed, 2 Apr 2008 04:48:53 -0400 + -- SIPB Xen Project Sun, 30 Mar 2008 14:17:59 -0400 -sipb-xen-console-server (2.01) unstable; urgency=low +sipb-xen-console (3.2) unstable; urgency=low - * update-conserver script should reload, not restart + * Fixing a bug in sipb-xen-consolefs ('@' is not re-added to realms + in the .k5login - -- Evan Broder Wed, 2 Apr 2008 04:43:12 -0400 + -- SIPB Xen Project Sun, 30 Mar 2008 06:39:30 -0400 -sipb-xen-console-server (2) unstable; urgency=low +sipb-xen-console (3.1) unstable; urgency=low - * Use a python based update-conserver script that gets the list of - consoles from xm list - * Run the update-conserver script every 5 minutes to catch VMs that - are not started or stopped through the remctl interface + * Clean up the motd a bit + * Add dependency on sipb-xen-chrony-config to make sure the clock is + staying synced - -- Evan Broder Wed, 2 Apr 2008 04:32:58 -0400 + -- SIPB Xen Project Sun, 30 Mar 2008 06:33:55 -0400 -sipb-xen-console-server (1.0.2) unstable; urgency=low +sipb-xen-console (3) unstable; urgency=low - * Also...make this package actually do something + * Make the motd useful instead of turning it off - -- Evan Broder Wed, 2 Apr 2008 01:41:32 -0400 + -- SIPB Xen Project Sun, 30 Mar 2008 06:14:23 -0400 -sipb-xen-console-server (1.0.1) unstable; urgency=low +sipb-xen-console (2) unstable; urgency=low - * Misnamed a file + * Actually functional release. - -- Evan Broder Wed, 2 Apr 2008 01:36:29 -0400 + -- SIPB Xen Project Sun, 30 Mar 2008 05:07:43 -0400 -sipb-xen-console-server (1) unstable; urgency=low +sipb-xen-console (1) unstable; urgency=low * Initial release. - -- SIPB Xen Project Wed, 2 Apr 2008 00:27:12 -0400 + -- SIPB Xen Project Sun, 30 Mar 2008 01:08:50 -0400 diff --git a/debian/control b/debian/control index 28deb16..4969f5c 100644 --- a/debian/control +++ b/debian/control @@ -1,10 +1,21 @@ -Source: invirt-console-host +Source: invirt-console Section: servers -Priority: important -Maintainer: invirt@mit.edu -Build-Depends: cdbs (>= 0.4.23-1.1), debhelper (>= 5), config-package-dev (>= 4.5~) +Priority: extra +Maintainer: Invirt project +Build-Depends: cdbs (>= 0.4.23-1.1), debhelper (>= 5), config-package-dev (>= 4.5~), nscd, openssh-server, debathena-ssh-server-config, initscripts Standards-Version: 3.7.2 +Package: invirt-console-server +Architecture: all +Provides: ${diverted-files} +Conflicts: ${diverted-files} +Depends: invirt-base, ${shlibs:Depends}, ${misc:Depends}, + conserver-client, daemon, debathena-kerberos-config, fuse-utils, + libnss-pgsql1, nscd, openssh-server, python, python-routefs, + invirt-database, remctl-server, debathena-ssh-server-config +Description: Invirt serial-console proxy server + This is the software for the serial-console proxy server. + Package: invirt-console-host Architecture: all Provides: ${diverted-files} diff --git a/debian/invirt-console-host.install b/debian/invirt-console-host.install index 9da31b3..260c50b 100644 --- a/debian/invirt-console-host.install +++ b/debian/invirt-console-host.install @@ -1 +1 @@ -files/* . +host/* . diff --git a/debian/invirt-console-server.init b/debian/invirt-console-server.init new file mode 100755 index 0000000..1d083a3 --- /dev/null +++ b/debian/invirt-console-server.init @@ -0,0 +1,86 @@ +#!/bin/bash +### BEGIN INIT INFO +# Provides: invirt-console-server +# Required-Start: $local_fs $remote_fs +# Required-Stop: $local_fs $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Invirt console proxy server +# Description: +### END INIT INFO + +# Author: Invirt project + +# Do NOT "set -e" + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="the Invirt console server" +NAME=invirt-console-server +DAEMON=/usr/bin/invirt-consolefs +MOUNTPOINT="/consolefs" +DAEMON_ARGS="-f $MOUNTPOINT" +PIDFILE=/var/run/$NAME.pid +SCRIPTNAME=/etc/init.d/$NAME +GEN_FILES=(/etc/conserver/invirt-hosts.cf + /etc/remctl/acl/invirt-console-server + /etc/issue.net.no_tkt + /etc/nss-pgsql.conf) + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +. /lib/init/gen-files.sh +. /lib/init/std-init.sh + +# +# Function that starts the daemon/service +# +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + + # Try to make sure fuse is setup + [ -e /dev/fuse ] || modprobe fuse || return 2 + + if cat /proc/mounts | grep " $MOUNTPOINT " >/dev/null 2>&1; then + return 1 + fi + + gen_files + + daemon -r -O daemon.info -E daemon.err -n $NAME -- $DAEMON $DAEMON_ARGS || return 2 +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + + if ! cat /proc/mounts | grep " $MOUNTPOINT " >/dev/null 2>&1; then + return 1 + fi + + daemon --stop -n $NAME + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f $PIDFILE +} + +do_reload() +{ + gen_files + invoke-rc.d conserver-server reload +} + +std_init "$1" diff --git a/debian/invirt-console-server.install b/debian/invirt-console-server.install new file mode 100644 index 0000000..bf66dce --- /dev/null +++ b/debian/invirt-console-server.install @@ -0,0 +1 @@ +server/* . diff --git a/debian/rules b/debian/rules index bfba7f2..b1b8d2b 100755 --- a/debian/rules +++ b/debian/rules @@ -1,6 +1,21 @@ #!/usr/bin/make -f DEB_DIVERT_EXTENSION = .invirt +DEB_TRANSFORM_FILES_invirt-console-server += \ + /etc/init.d/bootmisc.sh.invirt \ + /etc/nsswitch.conf.invirt \ + /etc/nscd.conf.invirt \ + /etc/pam.d/sshd.invirt \ + /etc/ssh/sshd_config.debathena.invirt + +ifneq ($(wildcard /usr/share/base-files/nsswitch.conf),) + DEB_CHECK_FILES_SOURCE_/etc/nsswitch.conf.invirt = \ + /usr/share/base-files/nsswitch.conf +endif + +DEB_DIVERT_FILES_invirt-console-server += \ + /etc/conserver/conserver.cf.invirt \ + /etc/motd.invirt DEB_DIVERT_FILES_invirt-console-host += \ /etc/conserver/conserver.cf.invirt \ /etc/conserver/server.conf.invirt diff --git a/debian/transform_bootmisc.sh.invirt b/debian/transform_bootmisc.sh.invirt new file mode 100755 index 0000000..b6a4b6d --- /dev/null +++ b/debian/transform_bootmisc.sh.invirt @@ -0,0 +1,14 @@ +#!/bin/bash +patch -p0 -o /dev/fd/4 3<&0 4>&1 1>/dev/null < /var/run/motd +- [ -f /etc/motd.tail ] && cat /etc/motd.tail >> /var/run/motd ++ # Do not update motd ++ cp /etc/motd /var/run/motd diff --git a/debian/transform_nscd.conf.invirt b/debian/transform_nscd.conf.invirt new file mode 100755 index 0000000..2efdebb --- /dev/null +++ b/debian/transform_nscd.conf.invirt @@ -0,0 +1,6 @@ +#!/usr/bin/perl -0p +s/^(\s*negative-time-to-live\s*passwd\s*).*$/${1}3/m or die; +s/^(\s*negative-time-to-live\s*group\s*).*$/${1}3/m or die; +s/^(\s*persistent\s*passwd\s*).*$/\1no/m or die; +s/^(\s*persistent\s*group\s*).*$/\1no/m or die; + diff --git a/debian/transform_nsswitch.conf.invirt b/debian/transform_nsswitch.conf.invirt new file mode 100755 index 0000000..652d02f --- /dev/null +++ b/debian/transform_nsswitch.conf.invirt @@ -0,0 +1,3 @@ +#!/usr/bin/perl -0p +s/^(passwd: .*)$/$1 pgsql/m or die; +s/^(group: .*)$/$1 pgsql/m or die; diff --git a/debian/transform_sshd.invirt b/debian/transform_sshd.invirt new file mode 100755 index 0000000..951a589 --- /dev/null +++ b/debian/transform_sshd.invirt @@ -0,0 +1,11 @@ +#!/bin/sh +echo "# If they're not root, but their user exists (success)," +echo 'auth [success=ignore ignore=ignore default=1 module_unknown=die] pam_succeed_if.so uid > 0' +echo "# print the \"You don\'t have tickets\" error:" +echo 'auth [success=die ignore=reset default=die module_unknown=die] pam_echo.so file=/etc/issue.net.no_tkt' +echo "# If !(they are root)," +echo 'auth [success=1 ignore=ignore default=ignore module_unknown=die] pam_succeed_if.so uid eq 0' +echo "# print the \"your account doesn't exist\" error:" +echo 'auth [success=die ignore=reset default=die module_unknown=die] pam_echo.so file=/etc/issue.net.no_user' +echo +exec cat diff --git a/debian/transform_sshd_config.debathena.invirt b/debian/transform_sshd_config.debathena.invirt new file mode 100755 index 0000000..09d0557 --- /dev/null +++ b/debian/transform_sshd_config.debathena.invirt @@ -0,0 +1,2 @@ +#!/usr/bin/perl -0p +s/^#?PrintLastLog .*$/PrintLastLog no/m or die; diff --git a/files/etc/conserver/conserver.cf.invirt b/host/etc/conserver/conserver.cf.invirt similarity index 100% rename from files/etc/conserver/conserver.cf.invirt rename to host/etc/conserver/conserver.cf.invirt diff --git a/files/etc/conserver/invirt-consoles.cf b/host/etc/conserver/invirt-consoles.cf similarity index 100% rename from files/etc/conserver/invirt-consoles.cf rename to host/etc/conserver/invirt-consoles.cf diff --git a/files/etc/conserver/invirt-genconfig.cf.mako b/host/etc/conserver/invirt-genconfig.cf.mako similarity index 100% rename from files/etc/conserver/invirt-genconfig.cf.mako rename to host/etc/conserver/invirt-genconfig.cf.mako diff --git a/files/etc/conserver/server.conf.invirt b/host/etc/conserver/server.conf.invirt similarity index 100% rename from files/etc/conserver/server.conf.invirt rename to host/etc/conserver/server.conf.invirt diff --git a/files/usr/sbin/invirt-update-conserver b/host/usr/sbin/invirt-update-conserver similarity index 100% rename from files/usr/sbin/invirt-update-conserver rename to host/usr/sbin/invirt-update-conserver diff --git a/server/etc/conserver/conserver.cf.invirt b/server/etc/conserver/conserver.cf.invirt new file mode 100644 index 0000000..6d7130e --- /dev/null +++ b/server/etc/conserver/conserver.cf.invirt @@ -0,0 +1,23 @@ +# default config for console +config * { + sslrequired yes; +} +# If no consoles are defined, as is the case when the host first boots +# up, conserver will quit. This keeps it running. +# +# Should someone create a VM called dummy-console, their VM will +# shadow over this one +console dummy-console { + master localhost; + type noop; +} + +default * { + type exec; +} +access * { + trusted 127.0.0.1; + limited *; +} + +#include /etc/conserver/invirt-hosts.cf diff --git a/server/etc/conserver/console.cf b/server/etc/conserver/console.cf new file mode 100644 index 0000000..73c3321 --- /dev/null +++ b/server/etc/conserver/console.cf @@ -0,0 +1,5 @@ +config * { + master localhost; + port 3109; + sslenabled yes; +} diff --git a/server/etc/conserver/invirt-hosts.cf.mako b/server/etc/conserver/invirt-hosts.cf.mako new file mode 100644 index 0000000..3ffe807 --- /dev/null +++ b/server/etc/conserver/invirt-hosts.cf.mako @@ -0,0 +1,4 @@ +<% from invirt.config import structs as cfg %>\ +% for h in cfg.hosts: +#include /etc/conserver/conf.d/${h.hostname} +% endfor diff --git a/server/etc/issue.net.no_tkt.mako b/server/etc/issue.net.no_tkt.mako new file mode 100644 index 0000000..054a32d --- /dev/null +++ b/server/etc/issue.net.no_tkt.mako @@ -0,0 +1,4 @@ +<% from invirt.config import structs as cfg %>\ +You must login to the ${cfg.console.hostname} console server using +Kerberos tickets, but your ssh client did not pass a valid ticket to the +console server. diff --git a/server/etc/issue.net.no_user b/server/etc/issue.net.no_user new file mode 100644 index 0000000..774bde5 --- /dev/null +++ b/server/etc/issue.net.no_user @@ -0,0 +1,2 @@ +The VM you are attempting to access does not appear to exist. + diff --git a/server/etc/motd.invirt b/server/etc/motd.invirt new file mode 100644 index 0000000..cf35576 --- /dev/null +++ b/server/etc/motd.invirt @@ -0,0 +1,3 @@ + +Type Ctrl-e, then c, then . to escape from the console + diff --git a/server/etc/nss-pgsql.conf.mako b/server/etc/nss-pgsql.conf.mako new file mode 100644 index 0000000..5ed9f2e --- /dev/null +++ b/server/etc/nss-pgsql.conf.mako @@ -0,0 +1,10 @@ +<% from invirt.config import structs as cfg %> +connectionstring = host=${cfg.db.host} dbname=${cfg.db.dbname} user=${cfg.db.user} port=${cfg.db.port} + +getpwnam = SELECT name, '*', name, '/consolefs/'|| name, '/usr/bin/invirt-consolesh', machine_id + 1000, machine_id + 1000 FROM machines WHERE name = $1 +getpwuid = SELECT name, '*', name, '/consolefs/'|| name, '/usr/bin/invirt-consolesh', machine_id + 1000, machine_id + 1000 FROM machines WHERE machine_id + 1000 = $1 +allusers = SELECT name, '*', name, '/consolefs/'|| name, '/usr/bin/invirt-consolesh', machine_id + 1000, machine_id + 1000 FROM machines +getgrnam = SELECT name, 'x', machine_id + 1000, NULL FROM machines WHERE name = $1 +getgrgid = SELECT name, 'x', machine_id + 1000, NULL FROM machines WHERE machine_id + 1000 = $1 +groups_dyn = SELECT NULL LIMIT 0; +allgroups = SELECT name, 'x', machine_id + 1000, NULL FROM machines diff --git a/server/etc/remctl/acl/invirt-console-server.mako b/server/etc/remctl/acl/invirt-console-server.mako new file mode 100644 index 0000000..f2fffe3 --- /dev/null +++ b/server/etc/remctl/acl/invirt-console-server.mako @@ -0,0 +1,4 @@ +<% from invirt.config import structs as cfg %>\ +% for h in cfg.hosts: +host/${h.hostname}@${cfg.authn[0].realm} +% endfor diff --git a/server/etc/remctl/conf.d/invirt-console b/server/etc/remctl/conf.d/invirt-console new file mode 100644 index 0000000..cf92047 --- /dev/null +++ b/server/etc/remctl/conf.d/invirt-console @@ -0,0 +1 @@ +console update /usr/sbin/invirt-console-update /etc/remctl/acl/invirt-console-server diff --git a/server/usr/bin/invirt-consolefs b/server/usr/bin/invirt-consolefs new file mode 100755 index 0000000..a3f75ec --- /dev/null +++ b/server/usr/bin/invirt-consolefs @@ -0,0 +1,94 @@ +#!/usr/bin/python + +import routefs +from routes import Mapper + +from syslog import * +from time import time + +import os +import errno + +from invirt.config import structs as config +from invirt import database + +realpath = "/home/machines/" + +class ConsoleFS(routefs.RouteFS): + """ + ConsoleFS creates a series of subdirectories each mirroring the same real + directory, except for a single file - the .k5login - which is dynamically + generated for each subdirectory + """ + + def __init__(self, *args, **kw): + """Initialize the filesystem and set it to allow_other access besides + the user who mounts the filesystem (i.e. root) + """ + super(ConsoleFS, self).__init__(*args, **kw) + self.lasttime = 0 + self.machines = [] + self.fuse_args.add("allow_other", True) + + openlog('invirt-consolefs ', LOG_PID, LOG_DAEMON) + + syslog(LOG_DEBUG, 'Init complete.') + + def make_map(self): + m = Mapper() + m.connect('', controller='getMachines') + m.connect(':machine', controller='getMirror') + m.connect(':machine/.k5login', controller='getK5login') + m.connect(':machine/*(path)', controller='getMirror') + return m + + def recache(self): + if time() - self.lasttime > 5: + self.lasttime = time() + database.clear_cache() + self.machines = dict((machine.name, machine) for machine in database.session.query(database.Machine).all()) + + def getMachines(self, **kw): + self.recache() + return self.machines.keys() + + def getMirror(self, machine, path='', **kw): + """Translate the path into its realpath equivalent, and return that + """ + real = realpath + path + if os.path.isdir(real): + # The list is converted to a set so that we can handle the case + # where there is already a .k5login in the realpath gracefully + return routefs.Directory(set(os.listdir(real) + ['.k5login'])) + elif os.path.islink(real): + return routefs.Symlink(os.readlink(real)) + elif os.path.isfile(real): + return open(real).read() + else: + return -errno.EINVAL + + def getK5login(self, machine, **kw): + self.recache() + machine = self.machines[machine] + users = [acl.user for acl in machine.acl] + return "\n".join(map(self.userToPrinc, users) + ['']) + + def mirrorPath(self, path): + """Translate a virtual path to its real path counterpart""" + return realpath + "/".join(getParts(path)[1:]) + + def userToPrinc(self, user): + """Convert Kerberos v4-style names to v5-style and append a default + realm if none is specified + """ + if '@' in user: + (princ, realm) = user.split('@') + else: + princ = user + realm = config.authn[0].realm + + return princ.replace('.', '/') + '@' + realm + +if __name__ == '__main__': + database.connect() + routefs.main(ConsoleFS) diff --git a/server/usr/bin/invirt-consolesh b/server/usr/bin/invirt-consolesh new file mode 100755 index 0000000..617df6b --- /dev/null +++ b/server/usr/bin/invirt-consolesh @@ -0,0 +1,2 @@ +#!/bin/bash +exec /usr/bin/console "$USER" diff --git a/server/usr/sbin/invirt-console-update b/server/usr/sbin/invirt-console-update new file mode 100755 index 0000000..e24a3ce --- /dev/null +++ b/server/usr/sbin/invirt-console-update @@ -0,0 +1,18 @@ +#!/usr/bin/python +import sys +import os +import subprocess + +def main(args): + contents = args[2] + hostname = os.environ['REMOTE_HOST'].lower() + f = file('/etc/conserver/conf.d/'+hostname, 'w') + f.write(contents) + f.close() + p = subprocess.Popen(['/usr/sbin/invoke-rc.d', 'conserver-server', 'reload'], + stdout=subprocess.PIPE) + p.wait() + return 0 + +if __name__ == '__main__': + sys.exit(main(sys.argv))