You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@vcl.apache.org by fa...@apache.org on 2013/05/14 18:38:01 UTC
svn commit: r1482439 - in /vcl/trunk/managementnode/lib/VCL/Module: OS.pm
OS/Linux.pm
Author: fapeeler
Date: Tue May 14 16:38:00 2013
New Revision: 1482439
URL: http://svn.apache.org/r1482439
Log:
VCL-692
moved updating external_sshd.config to create_user routine
removed code related to updating updating AllowUsers
Modified:
vcl/trunk/managementnode/lib/VCL/Module/OS.pm
vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm
Modified: vcl/trunk/managementnode/lib/VCL/Module/OS.pm
URL: http://svn.apache.org/viewvc/vcl/trunk/managementnode/lib/VCL/Module/OS.pm?rev=1482439&r1=1482438&r2=1482439&view=diff
==============================================================================
--- vcl/trunk/managementnode/lib/VCL/Module/OS.pm (original)
+++ vcl/trunk/managementnode/lib/VCL/Module/OS.pm Tue May 14 16:38:00 2013
@@ -2504,7 +2504,6 @@ sub manage_server_access {
my @userlist_admin;
my @userlist_login;
my %user_hash;
- my $allow_list = $user_login_id_owner;
if ($server_request_admingroupid) {
@userlist_admin = getusergroupmembers($server_request_admingroupid);
@@ -2559,11 +2558,8 @@ sub manage_server_access {
next if (!($userid));
#Skip reservation owner, this account is processed in the new and reserved states
if ($userid eq $user_id_owner) {
- #Add owner's login id if does not already exist
- $allow_list .= " $user_login_id_owner" if ($allow_list !~ /$user_login_id_owner/) ;
next;
}
- #my $standalone = 0;
my $standalone = $user_hash{$userid}{user_info}{STANDALONE};
if(!$self->user_exists($user_hash{$userid}{username})){
@@ -2571,16 +2567,6 @@ sub manage_server_access {
}
if(!exists($res_accounts{$userid}) || $request_laststate_name eq "reinstall" ){
- # check affiliation
- notify($ERRORS{'DEBUG'}, 0, "checking affiliation for $userid");
- #my $affiliation_name = get_user_affiliation($user_hash{$userid}{vcl_user_id});
- #if(defined($affiliation_name)) {
-
- # if(!(grep(/$affiliation_name/, split(/,/, $not_standalone_list) ))) {
- # $standalone = 1;
- # }
- #}
-
if($request_laststate_name ne "reinstall" ){
$user_hash{$userid}{"passwd"} = 0;
# Generate password if linux and standalone affiliation
@@ -2613,23 +2599,17 @@ sub manage_server_access {
else {
notify($ERRORS{'WARNING'}, 0, "Failed to create user on $computer_node_name ");
}
-
- $allow_list .= " $user_hash{$userid}{username}";
-
}
else {
notify($ERRORS{'DEBUG'}, 0, "$userid exists in reservationaccounts table, assuming it exists on OS");
}
-
}
#Remove anyone listed in reservationaccounts list that is not in user_hash
foreach my $res_userid (sort keys %res_accounts) {
notify($ERRORS{'OK'}, 0, "res_userid= $res_userid username= $res_accounts{$res_userid}{username}");
- #Skip reservation owner, this account is processed in the new and reserved states
+ #Skip reservation owner, this account is not to be removed from the reservation.
if ($res_userid eq $user_login_id_owner) {
- #Add owner's login id if it does not already exist
- $allow_list .= " $user_login_id_owner" if ($allow_list !~ /$user_login_id_owner/) ;
#Skip group checks as the owner may not be a member
next;
}
@@ -2645,23 +2625,10 @@ sub manage_server_access {
}
next;
}
- $allow_list .= " $res_accounts{$res_userid}{username}";
- }
-
- notify($ERRORS{'OK'}, 0, "allow_list= $allow_list");
-
- $self->data->set_server_allow_users($allow_list);
-
- if ($self->can("update_server_access") ) {
- if ( $self->update_server_access($allow_list) ) {
- notify($ERRORS{'OK'}, 0, "updated remote access list");
- }
}
return 1;
-
}
-
#/////////////////////////////////////////////////////////////////////////////
=head2 process_connect_methods
Modified: vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm
URL: http://svn.apache.org/viewvc/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm?rev=1482439&r1=1482438&r2=1482439&view=diff
==============================================================================
--- vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm (original)
+++ vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm Tue May 14 16:38:00 2013
@@ -962,8 +962,16 @@ sub delete_user {
my $imagemeta_rootaccess = $self->data->get_imagemeta_rootaccess();
- # Remove AllowUsers lines from external_sshd_config
- $self->remove_lines_from_file('/etc/ssh/external_sshd_config', 'AllowUsers') || return;
+ # Remove user from external_sshd_config
+ my $rem_user_sshd_cmd = "sed -i -e \"/AllowUsers/s/$user_login_id//\" /etc/ssh/external_sshd_config";
+ if ($self->execute($rem_user_sshd_cmd)) {
+ if (!$self->restart_service("ext_sshd")) {
+ notify($ERRORS{'WARNING'}, 0, "failed to restart ext_sshd service on $computer_node_name after updating /etc/ssh/external_sshd_config");
+ }
+ }
+ else {
+ notify($ERRORS{'WARNING'}, 0, "Failed to remove user_login_id from external_sshd_config");
+ }
# Remove lines from sudoers
$self->remove_lines_from_file('/etc/sudoers', "^$user_login_id .*") || return;
@@ -997,6 +1005,16 @@ sub reserve {
my $imagemeta_rootaccess = $self->data->get_imagemeta_rootaccess();
my $user_uid = $self->data->get_user_uid();
+ # Remove AllowUsers lines from external_sshd_config
+ if($self->remove_lines_from_file('/etc/ssh/external_sshd_config', 'AllowUsers')) {
+ notify($ERRORS{'WARNING'}, 0, "Error in cleaning AllowUsers directive from external_sshd_config");
+ }
+
+ # Append AllowUsers line to the end of the file
+ if (!$self->append_text_file('/etc/ssh/external_sshd_config', "AllowUsers \n")) {
+ notify($ERRORS{'WARNING'}, 0, "Error in appending AllowUsers directive to external_sshd_config");
+ }
+
if ($self->add_vcl_usergroup()) {
}
@@ -1031,37 +1049,6 @@ sub grant_access {
my $computer_node_name = $self->data->get_computer_node_name();
my $server_request_id = $self->data->get_server_request_id();
- my $ext_sshd_config_file_path = '/etc/ssh/external_sshd_config';
-
- # Remove all AllowUsers lines from external_sshd_config
- if (!$self->remove_lines_from_file($ext_sshd_config_file_path, 'AllowUsers')) {
- notify($ERRORS{'WARNING'}, 0, "unable to grant access to $computer_node_name, existing AllowUsers lines could not be removed from $ext_sshd_config_file_path");
- return;
- }
-
- # Assemble the list of usernames to add to the AllowUsers line
- my $allow_users = $user_login_id;
-
- if ($server_request_id) {
- my $server_allow_user_list = $self->data->get_server_allow_users();
- if ($server_allow_user_list) {
- notify($ERRORS{'DEBUG'}, 0, "server allow user list: $server_allow_user_list");
- $allow_users .= " $server_allow_user_list";
- }
- }
-
- # Append AllowUsers line to the end of the file
- if (!$self->append_text_file($ext_sshd_config_file_path, "AllowUsers $allow_users\n")) {
- notify($ERRORS{'WARNING'}, 0, "unable to grant access to $computer_node_name, failed to add AllowUsers line $ext_sshd_config_file_path");
- return;
- }
-
- # Restart the ext_sshd service
- if (!$self->restart_service('ext_sshd')) {
- notify($ERRORS{'WARNING'}, 0, "unable to grant access to $computer_node_name, failed to restart ext_sshd service after configuring AllowUsers lines");
- return;
- }
-
# Process the connection methods, allow firewall access from any address
if ($self->process_connect_methods("", 1)) {
notify($ERRORS{'DEBUG'}, 0, "processed connection methods on $computer_node_name setting 0.0.0.0 for all allowed ports");
@@ -2451,6 +2438,17 @@ sub create_user {
}
}
+ # Add user to external_sshd_config
+ my $add_user_sshd_cmd = "sed -i -e \"/AllowUsers/s/\$/ $username/\" /etc/ssh/external_sshd_config";
+ if ($self->execute($add_user_sshd_cmd)) {
+ if (!$self->restart_service("ext_sshd")) {
+ notify($ERRORS{'WARNING'}, 0, "failed to restart ext_sshd service on $computer_node_name after updating /etc/ssh/external_sshd_config");
+ }
+ }
+ else {
+ notify($ERRORS{'CRITICAL'}, 0, "Failed to add username to external_sshd_config");
+ }
+
if ($user_standalone) {
notify($ERRORS{'DEBUG'}, 0, "Standalone user setting single-use password");
@@ -2508,55 +2506,6 @@ sub create_user {
} ## end sub create_user
#/////////////////////////////////////////////////////////////////////////////
-
-=head2 update_server_access
-
- Parameters :
- Returns :
- Description :
-
-=cut
-
-sub update_server_access {
- my ($self) = shift;
- if (ref($self) !~ /linux/i) {
- notify($ERRORS{'CRITICAL'}, 0, "subroutine was called as a function, it must be called as a class method");
- return;
- }
-
- my $server_allow_user_list = shift || $self->data->get_server_allow_users();
-
- my $computer_node_name = $self->data->get_computer_node_name();
-
- my $ext_sshd_config_file_path = '/etc/ssh/external_sshd_config';
-
- if (!$server_allow_user_list) {
- notify($ERRORS{'DEBUG'}, 0, "$ext_sshd_config_file_path AllowUsers setting not altered, server allow users list is empty");
- return 1;
- }
-
- # Remove all AllowUsers lines from external_sshd_config
- if (!$self->remove_lines_from_file($ext_sshd_config_file_path, 'AllowUsers')) {
- notify($ERRORS{'WARNING'}, 0, "unable to update server access on $computer_node_name, failed to remove existing AllowUsers lines from $ext_sshd_config_file_path");
- return;
- }
-
- # Add AllowUsers line to the end of the file
- if (!$self->append_text_file($ext_sshd_config_file_path, "AllowUsers $server_allow_user_list\n")) {
- notify($ERRORS{'WARNING'}, 0, "unable to update server access on $computer_node_name, failed to add line to $ext_sshd_config_file_path: AllowUsers $server_allow_user_list");
- return;
- }
-
- if (!$self->restart_service("ext_sshd")) {
- notify($ERRORS{'WARNING'}, 0, "failed to restart ext_sshd service on $computer_node_name after updating $ext_sshd_config_file_path");
- return;
- }
-
- return 1;
-}
-
-#/////////////////////////////////////////////////////////////////////////////
-
=head2 enable_dhcp
Parameters : $interface_name (optional)