Initial revison of reasonable automatic remctl setup.

svn path=/trunk/packages/sipb-xen-remctl-auto/sipb-xen-remctl-auto/; revision=32

diff --git a/debian/changelog b/debian/changelog
new file mode 100644 (file)
index 0000000..95b1504
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,5 @@
+sipb-xen-remctl-auto (1.0) unstable; urgency=low
+
+  * Initial release.
+
+ -- Tim Abbott <tabbott@mit.edu>  Sun, 15 Jul 2007 19:37:05 -0400

diff --git a/debian/compat b/debian/compat
new file mode 100644 (file)
index 0000000..b8626c4
--- /dev/null
+++ b/debian/compat
@@ -0,0 +1 @@
+4

diff --git a/debian/control b/debian/control
new file mode 100644 (file)
index 0000000..0df6d21
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,12 @@
+Source: sipb-xen-remctl-auto
+Section: net
+Priority: extra
+Maintainer: SIPB Xen Project <sipb-xen@mit.edu>
+Build-Depends: cdbs (>= 0.4.23-1.1), debhelper (>= 4.1.0)
+Standards-Version: 3.7.2
+
+Package: sipb-xen-remctl-auto
+Architecture: all
+Depends: ${misc:Depends}, remctl-server
+Description: Installs the SIPB Xen automatic remctl management system
+ This is our automatic remctl configuration management system.

diff --git a/debian/control.in b/debian/control.in
new file mode 100644 (file)
index 0000000..73dede5
--- /dev/null
+++ b/debian/control.in
@@ -0,0 +1,12 @@
+Source: sipb-xen-remctl-auto
+Section: net
+Priority: extra
+Maintainer: SIPB Xen Project <sipb-xen@mit.edu>
+Build-Depends: @cdbs@
+Standards-Version: 3.7.2
+
+Package: sipb-xen-remctl-auto
+Architecture: all
+Depends: ${misc:Depends}, remctl-server
+Description: Installs the SIPB Xen automatic remctl management system
+ This is our automatic remctl configuration management system.

diff --git a/debian/copyright b/debian/copyright
new file mode 100644 (file)
index 0000000..7bddd1a
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,3 @@
+This package was created for internal use of the SIPB Xen Project of
+the MIT Student Information Processing Board.  Ask tabbott@mit.edu if
+you have questions about redistribution.

diff --git a/debian/rules b/debian/rules
new file mode 100755 (executable)
index 0000000..6bf6850
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,4 @@
+#!/usr/bin/make -f
+
+DEB_AUTO_UPDATE_DEBIAN_CONTROL = 1
+include /usr/share/cdbs/1/rules/debhelper.mk

diff --git a/debian/sipb-xen-remctl-auto.install b/debian/sipb-xen-remctl-auto.install
new file mode 100644 (file)
index 0000000..9da31b3
--- /dev/null
+++ b/debian/sipb-xen-remctl-auto.install
@@ -0,0 +1 @@
+files/* .

diff --git a/files/etc/cron.d/sipb-xen-remctl-auto b/files/etc/cron.d/sipb-xen-remctl-auto
new file mode 100644 (file)
index 0000000..f29e9a6
--- /dev/null
+++ b/files/etc/cron.d/sipb-xen-remctl-auto
@@ -0,0 +1,9 @@
+# /etc/cron.d/sipb-xen-remctl-auto: crontab entries for the sipb-xen-remctl-auto package
+
+PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
+MAILTO=root
+
+@reboot         root    if [ -x /etc/remctl/sipb-xen-auto/remctl-update.sh ]; then nice -n10 /etc/remctl/sipb-xen-auto/remctl-update.sh all; fi
+* * * * */15       root    if [ -x /etc/remctl/sipb-xen-auto/remctl-update.sh ]; then nice -n10 /etc/remctl/sipb-xen-auto/remctl-update.sh all; fi
+
+# EOF

diff --git a/files/etc/remctl/conf.d/sipb-xen-auto b/files/etc/remctl/conf.d/sipb-xen-auto
new file mode 100644 (file)
index 0000000..017d322
--- /dev/null
+++ b/files/etc/remctl/conf.d/sipb-xen-auto
@@ -0,0 +1,2 @@
+include /etc/remctl/sipb-xen-auto/machine.d
+remctl-auto-update all /etc/remctl/sipb-xen-auto/remctl-update.sh ANYUSER

diff --git a/files/etc/remctl/sipb-xen-auto/README b/files/etc/remctl/sipb-xen-auto/README
new file mode 100644 (file)
index 0000000..0a4aa84
--- /dev/null
+++ b/files/etc/remctl/sipb-xen-auto/README
@@ -0,0 +1,66 @@
+This is Tim Abbott's initial draft at our automatic remctl
+configuration.
+
+/etc/remctl/sipb-xen-auto/remctl-update.sh is the magic script.  Run
+it with "all" as an argument, and it will update everything.
+
+The inputs to this system are as follows:
+
+/etc/remctl/sipb-xen-auto/acl/MACHINENAME
+
+  This directory contains files named MACHINENAME for each machine.
+These ACL files specify who is allowed to administer the machine.  You
+can use entries that are Kerberos principles, or entries of the form
+
+include /etc/remctl/sipb-xen-auto/moira-acl/sipb-xen
+
+to include AFS groups in ACLs.  To add a new machine to the system,
+you simply need to create /etc/remctl/sipb-xen-auto/acl/MACHINENAME
+and then run
+
+/etc/remctl/sipb-xen-auto/remctl-update.sh all
+
+Everything else is autogenerated from that information.
+
+
+Other files of interest:
+
+/etc/remctl/sipb-xen-auto/auto-machine-list
+
+  The list of machines that should have their remctl configuration
+files generated from the template.  This is generated from
+listing /etc/remctl/sipb-xen-auto/acl/*.
+ 
+/etc/remctl/sipb-xen-auto/auto-moira-list
+
+  The list of Athena AFS groups from which acl files should be
+generated.  The ACL files are placed in
+/etc/remctl/sipb-xen-auto/moira-acl/, and named GROUPNAME.  Ths list
+is generated by parsing the ACL files in /etc/remctl/sipb-xen-auto/acl/.
+
+
+This package also includes a crontab to run
+
+/etc/remctl/sipb-xen-auto/remctl-update.sh all
+
+every 15 minutes or so to keep our Moira mapping up to date.  One can
+request an update of our Moira mapping for group X by running
+
+/etc/remctl/sipb-xen-auto/remctl-update.sh moiragroup X
+
+The web interface should probably run this when it adds a group.  We
+may want to make this also available to users, but I've been lame.
+
+This package includes a remctl interface available to anyone to invoke
+the command:
+
+/etc/remctl/sipb-xen-auto/remctl-update.sh all
+
+using the following command from your favorite machine with remctl:
+
+remctl black-mesa.mit.edu remctl-auto-update all
+
+It requires no special permission to run; there is a potential DOS
+issue here, but I don't think it is serious.
+
+Thought should be put into how to ensure that the servers stay in sync.  

diff --git a/files/etc/remctl/sipb-xen-auto/bin/dispatch.create.sh b/files/etc/remctl/sipb-xen-auto/bin/dispatch.create.sh
new file mode 120000 (symlink)
index 0000000..29a39d7
--- /dev/null
+++ b/files/etc/remctl/sipb-xen-auto/bin/dispatch.create.sh
@@ -0,0 +1 @@
+dispatch.sh
\ No newline at end of file

diff --git a/files/etc/remctl/sipb-xen-auto/bin/dispatch.destroy.sh b/files/etc/remctl/sipb-xen-auto/bin/dispatch.destroy.sh
new file mode 120000 (symlink)
index 0000000..29a39d7
--- /dev/null
+++ b/files/etc/remctl/sipb-xen-auto/bin/dispatch.destroy.sh
@@ -0,0 +1 @@
+dispatch.sh
\ No newline at end of file

diff --git a/files/etc/remctl/sipb-xen-auto/bin/dispatch.list.sh b/files/etc/remctl/sipb-xen-auto/bin/dispatch.list.sh
new file mode 120000 (symlink)
index 0000000..29a39d7
--- /dev/null
+++ b/files/etc/remctl/sipb-xen-auto/bin/dispatch.list.sh
@@ -0,0 +1 @@
+dispatch.sh
\ No newline at end of file

diff --git a/files/etc/remctl/sipb-xen-auto/bin/dispatch.reboot.sh b/files/etc/remctl/sipb-xen-auto/bin/dispatch.reboot.sh
new file mode 120000 (symlink)
index 0000000..29a39d7
--- /dev/null
+++ b/files/etc/remctl/sipb-xen-auto/bin/dispatch.reboot.sh
@@ -0,0 +1 @@
+dispatch.sh
\ No newline at end of file

diff --git a/files/etc/remctl/sipb-xen-auto/bin/dispatch.sh b/files/etc/remctl/sipb-xen-auto/bin/dispatch.sh
new file mode 100755 (executable)
index 0000000..8c62b34
--- /dev/null
+++ b/files/etc/remctl/sipb-xen-auto/bin/dispatch.sh
@@ -0,0 +1,25 @@
+#!/bin/sh
+# dispatch-ACTION.sh MACHINE
+#
+# remctl should have already verified that the user is authorized to
+# control the machine.  So, we just need to execute the action requested.
+#
+# $0 and $1 come from the trusted remctl source.
+#
+# $2 and so on are user-provided, and thus sketchy.  I don't think we
+# need them for this script.
+
+ACTION=$(echo $0 | awk -F'.' '{print $2}')
+MACHINE=$1
+echo $ACTION
+
+case "$ACTION" in
+    reboot|list|vcpu-list|destroy|create|uptime)
+        xm $ACTION $MACHINE
+        exit 0
+       ;;
+    *)
+        echo "ERROR: Invalid Command"
+        exit 1
+        ;;
+esac

diff --git a/files/etc/remctl/sipb-xen-auto/bin/dispatch.uptime.sh b/files/etc/remctl/sipb-xen-auto/bin/dispatch.uptime.sh
new file mode 120000 (symlink)
index 0000000..29a39d7
--- /dev/null
+++ b/files/etc/remctl/sipb-xen-auto/bin/dispatch.uptime.sh
@@ -0,0 +1 @@
+dispatch.sh
\ No newline at end of file

diff --git a/files/etc/remctl/sipb-xen-auto/bin/dispatch.vcpu-list.sh b/files/etc/remctl/sipb-xen-auto/bin/dispatch.vcpu-list.sh
new file mode 120000 (symlink)
index 0000000..29a39d7
--- /dev/null
+++ b/files/etc/remctl/sipb-xen-auto/bin/dispatch.vcpu-list.sh
@@ -0,0 +1 @@
+dispatch.sh
\ No newline at end of file

diff --git a/files/etc/remctl/sipb-xen-auto/conf.template b/files/etc/remctl/sipb-xen-auto/conf.template
new file mode 100644 (file)
index 0000000..ab45969
--- /dev/null
+++ b/files/etc/remctl/sipb-xen-auto/conf.template
@@ -0,0 +1,6 @@
+create #MACHINENAME# #BINDIR#/dispatch.create.sh /etc/remctl/sipb-xen-auto/acl/#MACHINENAME#
+reboot #MACHINENAME# #BINDIR#/dispatch.reboot.sh /etc/remctl/sipb-xen-auto/acl/#MACHINENAME#
+destroy #MACHINENAME# #BINDIR#/dispatch.destroy.sh /etc/remctl/sipb-xen-auto/acl/#MACHINENAME#
+list #MACHINENAME# #BINDIR#/dispatch.list.sh /etc/remctl/sipb-xen-auto/acl/#MACHINENAME#
+vcpu-list #MACHINENAME# #BINDIR#/dispatch.vcpu-list.sh /etc/remctl/sipb-xen-auto/acl/#MACHINENAME#
+uptime #MACHINENAME# #BINDIR#/dispatch.uptime.sh /etc/remctl/sipb-xen-auto/acl/#MACHINENAME#

diff --git a/files/etc/remctl/sipb-xen-auto/remctl-update.sh b/files/etc/remctl/sipb-xen-auto/remctl-update.sh
new file mode 100755 (executable)
index 0000000..b0a96fb
--- /dev/null
+++ b/files/etc/remctl/sipb-xen-auto/remctl-update.sh
@@ -0,0 +1,85 @@
+#!/bin/sh
+DIR=/etc/remctl/sipb-xen-auto
+TEMPLATE=$DIR/conf.template
+MACHINEDIR=$DIR/machine.d
+MOIRADIR=$DIR/moira-acl
+MOIRATMP=$DIR/moira-tmp
+MACHINETMP=$DIR/machine-list-tmp
+AUTOMACHINELIST=$DIR/auto-machine-list
+AUTOMOIRALIST=$DIR/auto-moira-list
+BINDIR=$DIR/bin
+ACLDIR=$DIR/acl
+
+update_machine()
+{
+    machine=$1
+    sed "s/#MACHINENAME#/$machine/g" $TEMPLATE | \
+       sed "s,#BINDIR#,$BINDIR,g" >| $MACHINETMP
+    if ! cmp -s $MACHINEDIR/$machine $MACHINETMP; then
+       mv $MACHINETMP $MACHINEDIR/$machine
+    else
+       rm -f $MACHINETMP
+    fi
+}
+
+update_moiragroup()
+{
+    group=$1
+    # Should perhaps replace with LDAP, but fine for now.
+
+    # We should do more careful error checking so we don't take away
+    # all bits and delete the moira-acl files whenever there's an AFS
+    # outage.
+    pts membership system:$group -noauth | tail -n+2 | \
+       sed 's/\./\//' | \
+       sed 's/^  //' | \
+       sed 's/$/@ATHENA.MIT.EDU/g' >| $MOIRATMP
+    if test -s $MOIRATMP; then
+       if ! cmp -s $MOIRADIR/$group $MOIRATMP; then
+           mv $MOIRATMP $MOIRADIR/$group
+       fi
+    else
+       if test -e $MOIRADIR/$group; then
+           rm $MOIRADIR/$group
+       fi
+    fi
+    rm -f $MOIRATMP
+}
+
+case "$1" in
+    moiragroup)
+       update_moiragroup "$2"
+       ;;
+
+    all_machines)
+        # update the remctl.conf definitions
+       for machine in `cat $AUTOMACHINELIST`; do
+           update_machine $machine
+       done
+       ;;
+    all_moira)
+        # update our moira ACL lists
+       for group in `cat $AUTOMOIRALIST`; do
+           update_moiragroup $group
+       done
+       ;;
+    auto_machine_list)
+        # update the list of maintained machines
+       /bin/ls $ACLDIR >| $AUTOMACHINELIST
+       ;;
+    auto_moira_list)
+        # update the moira list-of-lists
+        # /bin/ls $MOIRADIR >| $AUTOMOIRALIST # BAD IDEA in case of outage
+
+       # This extracts the list of all moira lists we care about, and updates those.
+       grep -R moira $ACLDIR/ /etc/remctl/acl/ | perl -pe 's/.*moira-acl\/(.*)/$1/g' >| $AUTOMOIRALIST
+       ;;
+    all)
+       "$0" auto_machine_list
+       "$0" all_machines
+       "$0" auto_moira_list
+       "$0" all_moira
+       ;;
+esac
+
+exit 0