You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@vcl.apache.org by to...@inf.mit.bme.hu on 2014/01/24 16:09:15 UTC
Windows 7 imaging resevation
Hello,
I have a problem with windows imaging reservation, because the vcl gives administrator user for reservation account, but the vcl daemon checks for admin user connection (see the log part below).
After the timeout elapsed, the state changes to "in use", and vcl daemon sets a wrong firewall rule with my public ip, but we're using vpn to connect to vms, so it closes me out.
I workaround this issue by modifying reservation remoteIP in the database, but it is dirty hack.
My questons are:
Is it a konwn issue and how can I fix this. Is there any patch that can solve this issue?
2014-01-24 15:37:28|21671|34:40|reserved|OS.pm:is_user_connected(2723)|admin has not connected to vm-large-25 (216/684 seconds elapsed/remaining), sleeping for 15 seconds
2014-01-24 15:37:43|21671|34:40|reserved|OS.pm:is_user_connected(2676)|checking for connection by admin on vm-large-25
2014-01-24 15:37:43|21671|34:40|reserved|DataStructure.pm:get_reservation_remote_ip(1165)|retrieved remote IP for reservation 40: X.X.X.X
2014-01-24 15:37:44|21671|34:40|reserved|Windows.pm:check_connection_on_port(11001)|checking connections on node vm-large-25 on port 3389
2014-01-24 15:37:44|21671|34:40|reserved|Windows.pm:user_logged_in(8980)|checking if admin is logged in to vm-large-25
2014-01-24 15:37:44|21671|34:40|reserved|utils.pm:run_ssh_command(4902)|executing SSH command on vm-large-25:
|21671|34:40|reserved| /usr/bin/ssh -i /etc/vcl/vcl.key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x vm-large-25 'C:/Windows/Sysnative/qwinsta.exe' 2>&1
2014-01-24 15:37:44|21671|34:40|reserved|utils.pm:(eval)(4917)|waiting up to 60 seconds for SSH process to finish
2014-01-24 15:37:45|21671|34:40|reserved|Windows.pm:user_logged_in(9003)|admin does NOT appear to be logged in on vm-large-25
2014-01-24 15:37:45|21671|34:40|reserved|Windows.pm:check_connection_on_port(11025)|Detected ESTABLISHED is connected. user is not logged in yet. Returning no connection
2014-01-24 15:37:45|21671|34:40|reserved|OS.pm:is_user_connected(2723)|admin has not connected to vm-large-25 (233/667 seconds elapsed/remaining), sleeping for 15 seconds
Br,
Aaron Toth
VCL System Administrator
BUTE-MIT
Re: Windows 7 imaging resevation
Posted by Andy Kurth <an...@ncsu.edu>.
Hi Aaron,
You've found a bug. I've created this issue: https://issues.apache.org/jira
/browse/VCL-745
During the period when a reservation is in the reserved state, the
check_connection_on_port subroutine in Windows.pm detects when a connection
is made on the port corresponding to the connection method (3389 in this
case). When a connection is detected, check_connection_on_port also checks
if the connection is from the same IP address which was captured by the
website when the user clicked Connect. The IP addresses normally match but
in some cases such as when a VPN is used they may be different. When
different, an additional step is performed to call the user_logged_in
subroutine in Windows.pm to retrieve the names of the users logged in to
the reservation computer. This is necessary because the firewall is open
to any address during this period. Someone doing a port scan may connect
to the computer. We need to verify that the connection is from the actual
user by checking if a user matching the reservation username is logged in.
If the reservation user is logged in, it is assumed that the the
VPNsituation occurred and the
IP address the user connected from is assumed to be correct and the
firewall is configured properly.
As you know, for imaging requests the "Administrator" user is used to
loginto the reservation instead of the normal
username. The user_logged_in subroutine uses the normal username if no
argument is supplied. It does not check if this is an imaging requests or
not. As a result, for imaging requests it never detects that Administrator
is logged in. After the loop times out, the firewall is locked down to the
IP address retrieved from the website.
You can make a change to the Windows.pm module to correct this problem.
Find the user_logged_in subroutine.
Change this:
>>>>>>>>>>
# Check if username argument was passed
if (!$username) {
$username = $self->data->get_user_login_id();
}
<<<<<<<<<<
To this:
>>>>>>>>>>
# Check if username argument was passed
if (!$username) {
if ($self->data->get_request_forimaging()) {
$username = 'Administrator';
}
else {
$username = $self->data->get_user_login_id();
}
}
<<<<<<<<<<
Hope this helps,
Andy
On Fri, Jan 24, 2014 at 10:09 AM, <to...@inf.mit.bme.hu> wrote:
> Hello,
>
> I have a problem with windows imaging reservation, because the vcl gives
> administrator user for reservation account, but the vcl daemon checks for
> admin user connection (see the log part below).
> After the timeout elapsed, the state changes to "in use", and vcl daemon
> sets a wrong firewall rule with my public ip, but we're using vpn to
> connect to vms, so it closes me out.
> I workaround this issue by modifying reservation remoteIP in the database,
> but it is dirty hack.
> My questons are:
> Is it a konwn issue and how can I fix this. Is there any patch that can
> solve this issue?
>
> 2014-01-24
> 15:37:28|21671|34:40|reserved|OS.pm:is_user_connected(2723)|admin has not
> connected to vm-large-25 (216/684 seconds elapsed/remaining), sleeping for
> 15 seconds
> 2014-01-24
> 15:37:43|21671|34:40|reserved|OS.pm:is_user_connected(2676)|checking for
> connection by admin on vm-large-25
> 2014-01-24
> 15:37:43|21671|34:40|reserved|DataStructure.pm:get_reservation_remote_ip(1165)|retrieved
> remote IP for reservation 40: X.X.X.X
> 2014-01-24
> 15:37:44|21671|34:40|reserved|Windows.pm:check_connection_on_port(11001)|checking
> connections on node vm-large-25 on port 3389
> 2014-01-24
> 15:37:44|21671|34:40|reserved|Windows.pm:user_logged_in(8980)|checking if
> admin is logged in to vm-large-25
> 2014-01-24 15:37:44|21671|34:40|reserved|utils.pm:run_ssh_command(4902)|executing
> SSH command on vm-large-25:
> |21671|34:40|reserved| /usr/bin/ssh -i /etc/vcl/vcl.key -o
> StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o
> ConnectionAttempts=1 -o ConnectTimeout=3 -l root -p 22 -x vm-large-25
> 'C:/Windows/Sysnative/qwinsta.exe' 2>&1
> 2014-01-24 15:37:44|21671|34:40|reserved|utils.pm:(eval)(4917)|waiting up
> to 60 seconds for SSH process to finish
> 2014-01-24
> 15:37:45|21671|34:40|reserved|Windows.pm:user_logged_in(9003)|admin does
> NOT appear to be logged in on vm-large-25
> 2014-01-24
> 15:37:45|21671|34:40|reserved|Windows.pm:check_connection_on_port(11025)|Detected
> ESTABLISHED is connected. user is not logged in yet. Returning no connection
> 2014-01-24
> 15:37:45|21671|34:40|reserved|OS.pm:is_user_connected(2723)|admin has not
> connected to vm-large-25 (233/667 seconds elapsed/remaining), sleeping for
> 15 seconds
>
> Br,
>
> Aaron Toth
> VCL System Administrator
> BUTE-MIT