From: Greg Price Date: Sun, 11 May 2008 01:28:28 +0000 (-0400) Subject: switch to just accepting from remote X-Git-Tag: sipb-xen-remctl-auto/1.0.14~1 X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/invirt-remote.git/commitdiff_plain/ada151f201ec22a6c9289fb09193490dd674287c switch to just accepting from remote svn path=/trunk/packages/sipb-xen-remctl-auto/; revision=524 --- diff --git a/debian/changelog b/debian/changelog index ab422c7..fbfbd5c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +sipb-xen-remctl-auto (1.0.13) unstable; urgency=low + + * Switch to just using the remote server. + + -- Greg Price Sat, 10 May 2008 21:26:42 -0400 + sipb-xen-remctl-auto (1.0.12) unstable; urgency=low * Remove an obsolete line from the remctl config. diff --git a/files/etc/remctl/acl/remote b/files/etc/remctl/acl/remote new file mode 100644 index 0000000..e36e10e --- /dev/null +++ b/files/etc/remctl/acl/remote @@ -0,0 +1 @@ +host/remote.mit.edu@ATHENA.MIT.EDU diff --git a/files/etc/remctl/acl/web b/files/etc/remctl/acl/web deleted file mode 100644 index 06ec231..0000000 --- a/files/etc/remctl/acl/web +++ /dev/null @@ -1 +0,0 @@ -daemon/sipb-xen.mit.edu@ATHENA.MIT.EDU diff --git a/files/etc/remctl/conf.d/sipb-xen-auto b/files/etc/remctl/conf.d/sipb-xen-auto deleted file mode 100644 index 45e6580..0000000 --- a/files/etc/remctl/conf.d/sipb-xen-auto +++ /dev/null @@ -1 +0,0 @@ -include /etc/remctl/sipb-xen-auto/machine.d diff --git a/files/etc/remctl/conf.d/sipb-xen-remote b/files/etc/remctl/conf.d/sipb-xen-remote new file mode 100644 index 0000000..99e8fdf --- /dev/null +++ b/files/etc/remctl/conf.d/sipb-xen-remote @@ -0,0 +1,2 @@ +remote web /usr/sbin/sipb-xen-remote /etc/remctl/acl/remote +remote control /usr/sbin/sipb-xen-remote /etc/remctl/acl/remote diff --git a/files/etc/remctl/conf.d/sipb-xen-web b/files/etc/remctl/conf.d/sipb-xen-web deleted file mode 100644 index e6a7ecb..0000000 --- a/files/etc/remctl/conf.d/sipb-xen-web +++ /dev/null @@ -1,10 +0,0 @@ -web lvcreate /usr/sbin/sipb-xen-lvm /etc/remctl/acl/web -web lvremove /usr/sbin/sipb-xen-lvm /etc/remctl/acl/web -web lvrename /usr/sbin/sipb-xen-lvm /etc/remctl/acl/web -web lvresize /usr/sbin/sipb-xen-lvm /etc/remctl/acl/web -web lvcopy /usr/sbin/sipb-xen-lvcopy /etc/remctl/acl/web -web register /usr/sbin/sipb-xen-remctl-update /etc/remctl/acl/web -web moveregister /usr/sbin/sipb-xen-remctl-update /etc/remctl/acl/web -web unregister /usr/sbin/sipb-xen-remctl-update /etc/remctl/acl/web -web remctl-moira-update /usr/sbin/sipb-xen-remctl-update /etc/remctl/acl/web -web listvms /usr/sbin/sipb-xen-listvms /etc/remctl/acl/web diff --git a/files/etc/remctl/sipb-xen-auto/README b/files/etc/remctl/sipb-xen-auto/README deleted file mode 100644 index 8a950c2..0000000 --- a/files/etc/remctl/sipb-xen-auto/README +++ /dev/null @@ -1,66 +0,0 @@ -This is Tim Abbott's initial draft at our automatic remctl -configuration. - -/usr/sbin/sipb-xen-remctl-update is the magic script. Run -it with "all" as an argument, and it will update everything. - -The inputs to this system are as follows: - -/etc/remctl/sipb-xen-auto/acl/MACHINENAME - - This directory contains files named MACHINENAME for each machine. -These ACL files specify who is allowed to administer the machine. You -can use entries that are Kerberos principles, or entries of the form - -include /etc/remctl/sipb-xen-auto/moira-acl/sipb-xen - -to include AFS groups in ACLs. To add a new machine to the system, -you simply need to create /etc/remctl/sipb-xen-auto/acl/MACHINENAME -and then run - -/usr/sbin/sipb-xen-remctl-update all - -Everything else is autogenerated from that information. - - -Other files of interest: - -/etc/remctl/sipb-xen-auto/auto-machine-list - - The list of machines that should have their remctl configuration -files generated from the template. This is generated from -listing /etc/remctl/sipb-xen-auto/acl/*. - -/etc/remctl/sipb-xen-auto/auto-moira-list - - The list of Athena AFS groups from which acl files should be -generated. The ACL files are placed in -/etc/remctl/sipb-xen-auto/moira-acl/, and named GROUPNAME. Ths list -is generated by parsing the ACL files in /etc/remctl/sipb-xen-auto/acl/. - - -This package also includes a crontab to run - -/usr/sbin/sipb-xen-remctl-update all - -every 15 minutes or so to keep our Moira mapping up to date. One can -request an update of our Moira mapping for group X by running - -/usr/sbin/sipb-xen-remctl-update moiragroup X - -The web interface should probably run this when it adds a group. We -may want to make this also available to users, but I've been lame. - -This package includes a remctl interface available to anyone to invoke -the command: - -/usr/sbin/sipb-xen-remctl-update all - -using the following command from your favorite machine with remctl: - -remctl black-mesa.mit.edu remctl-auto-update all - -It requires no special permission to run; there is a potential DOS -issue here, but I don't think it is serious. - -Thought should be put into how to ensure that the servers stay in sync. diff --git a/files/etc/remctl/sipb-xen-auto/conf.template b/files/etc/remctl/sipb-xen-auto/conf.template deleted file mode 100644 index 2dcc78e..0000000 --- a/files/etc/remctl/sipb-xen-auto/conf.template +++ /dev/null @@ -1 +0,0 @@ -control #MACHINENAME# #BINDIR#/sipb-xen-vmcontrol /etc/remctl/sipb-xen-auto/acl/#MACHINENAME# diff --git a/files/usr/sbin/sipb-xen-remctl-update b/files/usr/sbin/sipb-xen-remctl-update deleted file mode 100755 index f0254b9..0000000 --- a/files/usr/sbin/sipb-xen-remctl-update +++ /dev/null @@ -1,124 +0,0 @@ -#!/bin/sh -DIR=/etc/remctl/sipb-xen-auto -TEMPLATE=$DIR/conf.template -MACHINEDIR=$DIR/machine.d -MOIRADIR=$DIR/moira-acl -MOIRATMP=$DIR/moira-tmp -MACHINETMP=$DIR/machine-list-tmp -AUTOMACHINELIST=$DIR/auto-machine-list -AUTOMOIRALIST=$DIR/auto-moira-list -BINDIR=/usr/sbin -ACLDIR=$DIR/acl - -update_machine() -{ - machine="$1" - sed "s/#MACHINENAME#/$machine/g" "$TEMPLATE" | \ - sed "s,#BINDIR#,$BINDIR,g" >| "$MACHINETMP" - if ! cmp -s "$MACHINEDIR/$machine" "$MACHINETMP"; then - mv "$MACHINETMP" "$MACHINEDIR/$machine" - else - rm -f "$MACHINETMP" - fi -} - -update_moiragroup() -{ - group="$1" - # Should perhaps replace with LDAP, but fine for now. - - # We should do more careful error checking so we don't take away - # all bits and delete the moira-acl files whenever there's an AFS - # outage. - pts membership system:"$group" -noauth | tail -n+2 | \ - sed 's/\./\//' | \ - sed 's/^ //' | \ - sed 's/$/@ATHENA.MIT.EDU/g' >| "$MOIRATMP" - if test -s "$MOIRATMP"; then - if ! cmp -s "$MOIRADIR/$group" "$MOIRATMP"; then - mv "$MOIRATMP" "$MOIRADIR/$group" - fi - else - if test -e "$MOIRADIR/$group"; then - rm "$MOIRADIR/$group" - fi - fi - rm -f "$MOIRATMP" -} - -check_machine_name() -{ - machinename="$1" - if ! perl -0e 'exit($ARGV[0] !~ /^[A-Za-z0-9][A-Za-z0-9._-]*$/)' -- "$machinename"; then - echo "Bad machine name" - exit 1 - fi -} - -case "$1" in - moiragroup) - update_moiragroup "$2" - ;; - - all_machines) - # update the remctl.conf definitions - for machine in `cat "$AUTOMACHINELIST"`; do - update_machine "$machine" - done - ;; - all_moira) - # update our moira ACL lists - for group in `cat "$AUTOMOIRALIST"`; do - update_moiragroup "$group" - done - ;; - auto_machine_list) - # update the list of maintained machines - /bin/ls "$ACLDIR" >| "$AUTOMACHINELIST" - ;; - auto_moira_list) - # update the moira list-of-lists - # /bin/ls "$MOIRADIR" >| "$AUTOMOIRALIST" # BAD IDEA in case of outage - - # This extracts the list of all moira lists we care about, and updates those. - grep -R moira "$ACLDIR/" /etc/remctl/acl/ | perl -pe 's/.*moira-acl\/(.*)/$1/g' >| "$AUTOMOIRALIST" - ;; - unregister) - machine="$2" - check_machine_name "$machine" - rm -f "$ACLDIR"/"$machine" - rm -f "$MACHINEDIR"/"$machine" - "$0" web - ;; - moveregister) - oldmachine="$2" - newmachine="$3" - check_machine_name "$oldmachine" - check_machine_name "$newmachine" - mv "$ACLDIR"/"$oldmachine" "$ACLDIR"/"$newmachine" - rm -f "$MACHINEDIR"/"$oldmachine" - "$0" web - ;; - register) - machine="$2" - check_machine_name "$machine" - if [ -e "$ACLDIR"/"$machine" ]; then - echo "Machine already registered" - exit 1 - fi - echo "include /etc/remctl/acl/web" > "$ACLDIR/$machine" - "$0" web - ;; - web) - "$0" auto_machine_list - "$0" all_machines - ;; - remctl-moira-update|all) - "$0" auto_machine_list - "$0" all_machines - "$0" auto_moira_list - "$0" all_moira - ;; -esac - -exit 0