From: Tim Abbott Date: Mon, 16 Jul 2007 00:48:56 +0000 (-0400) Subject: Initial revison of reasonable automatic remctl setup. X-Git-Tag: sipb-xen-remctl-auto/1.0.4~20 X-Git-Url: http://xvm.mit.edu/gitweb/invirt/packages/invirt-remote.git/commitdiff_plain/fe1a4b1ab1f289737bd9cf03374debba59c260b5?ds=sidebyside Initial revison of reasonable automatic remctl setup. svn path=/trunk/packages/sipb-xen-remctl-auto/sipb-xen-remctl-auto/; revision=32 --- fe1a4b1ab1f289737bd9cf03374debba59c260b5 diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..95b1504 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,5 @@ +sipb-xen-remctl-auto (1.0) unstable; urgency=low + + * Initial release. + + -- Tim Abbott Sun, 15 Jul 2007 19:37:05 -0400 diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..b8626c4 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +4 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..0df6d21 --- /dev/null +++ b/debian/control @@ -0,0 +1,12 @@ +Source: sipb-xen-remctl-auto +Section: net +Priority: extra +Maintainer: SIPB Xen Project +Build-Depends: cdbs (>= 0.4.23-1.1), debhelper (>= 4.1.0) +Standards-Version: 3.7.2 + +Package: sipb-xen-remctl-auto +Architecture: all +Depends: ${misc:Depends}, remctl-server +Description: Installs the SIPB Xen automatic remctl management system + This is our automatic remctl configuration management system. diff --git a/debian/control.in b/debian/control.in new file mode 100644 index 0000000..73dede5 --- /dev/null +++ b/debian/control.in @@ -0,0 +1,12 @@ +Source: sipb-xen-remctl-auto +Section: net +Priority: extra +Maintainer: SIPB Xen Project +Build-Depends: @cdbs@ +Standards-Version: 3.7.2 + +Package: sipb-xen-remctl-auto +Architecture: all +Depends: ${misc:Depends}, remctl-server +Description: Installs the SIPB Xen automatic remctl management system + This is our automatic remctl configuration management system. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..7bddd1a --- /dev/null +++ b/debian/copyright @@ -0,0 +1,3 @@ +This package was created for internal use of the SIPB Xen Project of +the MIT Student Information Processing Board. Ask tabbott@mit.edu if +you have questions about redistribution. diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..6bf6850 --- /dev/null +++ b/debian/rules @@ -0,0 +1,4 @@ +#!/usr/bin/make -f + +DEB_AUTO_UPDATE_DEBIAN_CONTROL = 1 +include /usr/share/cdbs/1/rules/debhelper.mk diff --git a/debian/sipb-xen-remctl-auto.install b/debian/sipb-xen-remctl-auto.install new file mode 100644 index 0000000..9da31b3 --- /dev/null +++ b/debian/sipb-xen-remctl-auto.install @@ -0,0 +1 @@ +files/* . diff --git a/files/etc/cron.d/sipb-xen-remctl-auto b/files/etc/cron.d/sipb-xen-remctl-auto new file mode 100644 index 0000000..f29e9a6 --- /dev/null +++ b/files/etc/cron.d/sipb-xen-remctl-auto @@ -0,0 +1,9 @@ +# /etc/cron.d/sipb-xen-remctl-auto: crontab entries for the sipb-xen-remctl-auto package + +PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin +MAILTO=root + +@reboot root if [ -x /etc/remctl/sipb-xen-auto/remctl-update.sh ]; then nice -n10 /etc/remctl/sipb-xen-auto/remctl-update.sh all; fi +* * * * */15 root if [ -x /etc/remctl/sipb-xen-auto/remctl-update.sh ]; then nice -n10 /etc/remctl/sipb-xen-auto/remctl-update.sh all; fi + +# EOF diff --git a/files/etc/remctl/conf.d/sipb-xen-auto b/files/etc/remctl/conf.d/sipb-xen-auto new file mode 100644 index 0000000..017d322 --- /dev/null +++ b/files/etc/remctl/conf.d/sipb-xen-auto @@ -0,0 +1,2 @@ +include /etc/remctl/sipb-xen-auto/machine.d +remctl-auto-update all /etc/remctl/sipb-xen-auto/remctl-update.sh ANYUSER diff --git a/files/etc/remctl/sipb-xen-auto/README b/files/etc/remctl/sipb-xen-auto/README new file mode 100644 index 0000000..0a4aa84 --- /dev/null +++ b/files/etc/remctl/sipb-xen-auto/README @@ -0,0 +1,66 @@ +This is Tim Abbott's initial draft at our automatic remctl +configuration. + +/etc/remctl/sipb-xen-auto/remctl-update.sh is the magic script. Run +it with "all" as an argument, and it will update everything. + +The inputs to this system are as follows: + +/etc/remctl/sipb-xen-auto/acl/MACHINENAME + + This directory contains files named MACHINENAME for each machine. +These ACL files specify who is allowed to administer the machine. You +can use entries that are Kerberos principles, or entries of the form + +include /etc/remctl/sipb-xen-auto/moira-acl/sipb-xen + +to include AFS groups in ACLs. To add a new machine to the system, +you simply need to create /etc/remctl/sipb-xen-auto/acl/MACHINENAME +and then run + +/etc/remctl/sipb-xen-auto/remctl-update.sh all + +Everything else is autogenerated from that information. + + +Other files of interest: + +/etc/remctl/sipb-xen-auto/auto-machine-list + + The list of machines that should have their remctl configuration +files generated from the template. This is generated from +listing /etc/remctl/sipb-xen-auto/acl/*. + +/etc/remctl/sipb-xen-auto/auto-moira-list + + The list of Athena AFS groups from which acl files should be +generated. The ACL files are placed in +/etc/remctl/sipb-xen-auto/moira-acl/, and named GROUPNAME. Ths list +is generated by parsing the ACL files in /etc/remctl/sipb-xen-auto/acl/. + + +This package also includes a crontab to run + +/etc/remctl/sipb-xen-auto/remctl-update.sh all + +every 15 minutes or so to keep our Moira mapping up to date. One can +request an update of our Moira mapping for group X by running + +/etc/remctl/sipb-xen-auto/remctl-update.sh moiragroup X + +The web interface should probably run this when it adds a group. We +may want to make this also available to users, but I've been lame. + +This package includes a remctl interface available to anyone to invoke +the command: + +/etc/remctl/sipb-xen-auto/remctl-update.sh all + +using the following command from your favorite machine with remctl: + +remctl black-mesa.mit.edu remctl-auto-update all + +It requires no special permission to run; there is a potential DOS +issue here, but I don't think it is serious. + +Thought should be put into how to ensure that the servers stay in sync. diff --git a/files/etc/remctl/sipb-xen-auto/bin/dispatch.create.sh b/files/etc/remctl/sipb-xen-auto/bin/dispatch.create.sh new file mode 120000 index 0000000..29a39d7 --- /dev/null +++ b/files/etc/remctl/sipb-xen-auto/bin/dispatch.create.sh @@ -0,0 +1 @@ +dispatch.sh \ No newline at end of file diff --git a/files/etc/remctl/sipb-xen-auto/bin/dispatch.destroy.sh b/files/etc/remctl/sipb-xen-auto/bin/dispatch.destroy.sh new file mode 120000 index 0000000..29a39d7 --- /dev/null +++ b/files/etc/remctl/sipb-xen-auto/bin/dispatch.destroy.sh @@ -0,0 +1 @@ +dispatch.sh \ No newline at end of file diff --git a/files/etc/remctl/sipb-xen-auto/bin/dispatch.list.sh b/files/etc/remctl/sipb-xen-auto/bin/dispatch.list.sh new file mode 120000 index 0000000..29a39d7 --- /dev/null +++ b/files/etc/remctl/sipb-xen-auto/bin/dispatch.list.sh @@ -0,0 +1 @@ +dispatch.sh \ No newline at end of file diff --git a/files/etc/remctl/sipb-xen-auto/bin/dispatch.reboot.sh b/files/etc/remctl/sipb-xen-auto/bin/dispatch.reboot.sh new file mode 120000 index 0000000..29a39d7 --- /dev/null +++ b/files/etc/remctl/sipb-xen-auto/bin/dispatch.reboot.sh @@ -0,0 +1 @@ +dispatch.sh \ No newline at end of file diff --git a/files/etc/remctl/sipb-xen-auto/bin/dispatch.sh b/files/etc/remctl/sipb-xen-auto/bin/dispatch.sh new file mode 100755 index 0000000..8c62b34 --- /dev/null +++ b/files/etc/remctl/sipb-xen-auto/bin/dispatch.sh @@ -0,0 +1,25 @@ +#!/bin/sh +# dispatch-ACTION.sh MACHINE +# +# remctl should have already verified that the user is authorized to +# control the machine. So, we just need to execute the action requested. +# +# $0 and $1 come from the trusted remctl source. +# +# $2 and so on are user-provided, and thus sketchy. I don't think we +# need them for this script. + +ACTION=$(echo $0 | awk -F'.' '{print $2}') +MACHINE=$1 +echo $ACTION + +case "$ACTION" in + reboot|list|vcpu-list|destroy|create|uptime) + xm $ACTION $MACHINE + exit 0 + ;; + *) + echo "ERROR: Invalid Command" + exit 1 + ;; +esac diff --git a/files/etc/remctl/sipb-xen-auto/bin/dispatch.uptime.sh b/files/etc/remctl/sipb-xen-auto/bin/dispatch.uptime.sh new file mode 120000 index 0000000..29a39d7 --- /dev/null +++ b/files/etc/remctl/sipb-xen-auto/bin/dispatch.uptime.sh @@ -0,0 +1 @@ +dispatch.sh \ No newline at end of file diff --git a/files/etc/remctl/sipb-xen-auto/bin/dispatch.vcpu-list.sh b/files/etc/remctl/sipb-xen-auto/bin/dispatch.vcpu-list.sh new file mode 120000 index 0000000..29a39d7 --- /dev/null +++ b/files/etc/remctl/sipb-xen-auto/bin/dispatch.vcpu-list.sh @@ -0,0 +1 @@ +dispatch.sh \ No newline at end of file diff --git a/files/etc/remctl/sipb-xen-auto/conf.template b/files/etc/remctl/sipb-xen-auto/conf.template new file mode 100644 index 0000000..ab45969 --- /dev/null +++ b/files/etc/remctl/sipb-xen-auto/conf.template @@ -0,0 +1,6 @@ +create #MACHINENAME# #BINDIR#/dispatch.create.sh /etc/remctl/sipb-xen-auto/acl/#MACHINENAME# +reboot #MACHINENAME# #BINDIR#/dispatch.reboot.sh /etc/remctl/sipb-xen-auto/acl/#MACHINENAME# +destroy #MACHINENAME# #BINDIR#/dispatch.destroy.sh /etc/remctl/sipb-xen-auto/acl/#MACHINENAME# +list #MACHINENAME# #BINDIR#/dispatch.list.sh /etc/remctl/sipb-xen-auto/acl/#MACHINENAME# +vcpu-list #MACHINENAME# #BINDIR#/dispatch.vcpu-list.sh /etc/remctl/sipb-xen-auto/acl/#MACHINENAME# +uptime #MACHINENAME# #BINDIR#/dispatch.uptime.sh /etc/remctl/sipb-xen-auto/acl/#MACHINENAME# diff --git a/files/etc/remctl/sipb-xen-auto/remctl-update.sh b/files/etc/remctl/sipb-xen-auto/remctl-update.sh new file mode 100755 index 0000000..b0a96fb --- /dev/null +++ b/files/etc/remctl/sipb-xen-auto/remctl-update.sh @@ -0,0 +1,85 @@ +#!/bin/sh +DIR=/etc/remctl/sipb-xen-auto +TEMPLATE=$DIR/conf.template +MACHINEDIR=$DIR/machine.d +MOIRADIR=$DIR/moira-acl +MOIRATMP=$DIR/moira-tmp +MACHINETMP=$DIR/machine-list-tmp +AUTOMACHINELIST=$DIR/auto-machine-list +AUTOMOIRALIST=$DIR/auto-moira-list +BINDIR=$DIR/bin +ACLDIR=$DIR/acl + +update_machine() +{ + machine=$1 + sed "s/#MACHINENAME#/$machine/g" $TEMPLATE | \ + sed "s,#BINDIR#,$BINDIR,g" >| $MACHINETMP + if ! cmp -s $MACHINEDIR/$machine $MACHINETMP; then + mv $MACHINETMP $MACHINEDIR/$machine + else + rm -f $MACHINETMP + fi +} + +update_moiragroup() +{ + group=$1 + # Should perhaps replace with LDAP, but fine for now. + + # We should do more careful error checking so we don't take away + # all bits and delete the moira-acl files whenever there's an AFS + # outage. + pts membership system:$group -noauth | tail -n+2 | \ + sed 's/\./\//' | \ + sed 's/^ //' | \ + sed 's/$/@ATHENA.MIT.EDU/g' >| $MOIRATMP + if test -s $MOIRATMP; then + if ! cmp -s $MOIRADIR/$group $MOIRATMP; then + mv $MOIRATMP $MOIRADIR/$group + fi + else + if test -e $MOIRADIR/$group; then + rm $MOIRADIR/$group + fi + fi + rm -f $MOIRATMP +} + +case "$1" in + moiragroup) + update_moiragroup "$2" + ;; + + all_machines) + # update the remctl.conf definitions + for machine in `cat $AUTOMACHINELIST`; do + update_machine $machine + done + ;; + all_moira) + # update our moira ACL lists + for group in `cat $AUTOMOIRALIST`; do + update_moiragroup $group + done + ;; + auto_machine_list) + # update the list of maintained machines + /bin/ls $ACLDIR >| $AUTOMACHINELIST + ;; + auto_moira_list) + # update the moira list-of-lists + # /bin/ls $MOIRADIR >| $AUTOMOIRALIST # BAD IDEA in case of outage + + # This extracts the list of all moira lists we care about, and updates those. + grep -R moira $ACLDIR/ /etc/remctl/acl/ | perl -pe 's/.*moira-acl\/(.*)/$1/g' >| $AUTOMOIRALIST + ;; + all) + "$0" auto_machine_list + "$0" all_machines + "$0" auto_moira_list + "$0" all_moira + ;; +esac + +exit 0