Changeset 344 for trunk/packages/sipb-xen-console/files

Timestamp:

Mar 30, 2008, 5:09:46 AM (17 years ago)

Author:

broder

Message:

New sipb-xen-console. Now with more magic - and more working

This package installed onto a clean Debian system should do all of the setup
for a console server except for copying the ssh private keys, granting access
to the Postgres database, and Kerberos keytabs

Location:

trunk/packages/sipb-xen-console/files

Files:

• etc/nscd.conf.sipb-xen (added)
• etc/nss-pgsql.conf (modified) (1 diff)
• etc/nsswitch.conf.sipb-xen (modified) (1 diff)
• etc/pam.d (added)
• etc/pam.d/ssh.sipb-xen (added)
• etc/ssh/ssh_config.sipb-xen (modified) (1 diff)
• etc/ssh/ssh_known_hosts (added)
• home/machines/.ssh/known_hosts (deleted)
• usr/bin/sipb-xen-consolefs (modified) (6 diffs)
• usr/bin/sipb-xen-consolesh (added)

trunk/packages/sipb-xen-console/files/etc/nss-pgsql.conf

@@ -6 +6 @@
 database        = sipb_xen
 login           = sipb-xen
-#passwd         = foo
-#passwdtable    = machines
-#grouptable     = machines
-# you can use anything postgres accepts as table expression
-#groupmembertable = accounts JOIN usergroups ON accounts.uid=usergroups.uid JOIN groups ON usergroups.gid=groups.gid
 
-querypasswd = SELECT name, 'moo', 1000 as uid, 1000, '', '/vmhome/'|| name, '/usr/local/bin/sipb-xen-consolesh' FROM machines
-querygroup = SELECT name, NULL, 1000 as gid FROM machines
-querymembers = SELECT name FROM machines WHERE 1000 = %d
-queryids = SELECT 1000 AS gid FROM machines LIMIT 0;
+querypasswd = SELECT name, NULL, machine_id + 1000 as uid, machine_id + 1000 as gid, '', '/consolefs/'|| name, '/usr/bin/sipb-xen-consolesh' FROM machines
+querygroup = SELECT name, NULL, machine_id + 1000 as gid FROM machines
+querymembers = SELECT name FROM machines WHERE 1000 + machine_id = %d
+queryids = SELECT 1000 + machine_id AS gid FROM machines LIMIT 0
 
 passwd_name = name
-passwd_uid = uid
+passwd_uid = 1000 + machine_id
 
 group_name = name
-group_gid = gid
+group_gid = 1000 + machine_id

trunk/packages/sipb-xen-console/files/etc/nsswitch.conf.sipb-xen

@@ -6 +6 @@
 
 passwd:         compat pgsql
-group:          compat
+group:          compat pgsql
 shadow:         compat
 

trunk/packages/sipb-xen-console/files/etc/ssh/ssh_config.sipb-xen

@@ -18 +18 @@
 
 Host *
-   SetEnv VM_NAME
+   SendEnv VM_NAME
 #   ForwardAgent no
 #   ForwardX11 no

trunk/packages/sipb-xen-console/files/usr/bin/sipb-xen-consolefs

@@ -11 +11 @@
                            # - note: these must be returned as negatives
 
+import sipb_xen_database
+
 fuse.fuse_python_api = (0, 2)
 
-machines = ['moo17', 'remus']
 realpath = "/home/machines/"
-uid = 1000
 
 def dirFromList(list):
@@ -48 +48 @@
                 self.st_dev = 0
                 self.st_nlink = 0
-                self.st_uid = uid
+                self.st_uid = 0
                 self.st_gid = 0
                 self.st_size = 0
@@ -64 +64 @@
         def __init__(self, *args, **kw):
                 Fuse.__init__(self, *args, **kw)
+                self.lasttime = time()
+                self.allow_other = 1
                 print 'Init complete.'
         
         def mirrorPath(self, path):
                 return realpath + "/".join(getParts(path)[1:])
+        
+        def getMachines(self):
+                if time() - self.lasttime > 15:
+                        self.lasttime = time()
+                        sipb_xen_database.clear_cache()
+                return [machine.name for machine in sipb_xen_database.Machine.select()]
+        
+        def getUid(self, machine_name):
+                return sipb_xen_database.Machine.get_by(name=machine_name).machine_id + 1000
+        
+        def getK5login(self, machine_name):
+                machine = sipb_xen_database.Machine.get_by(name=machine_name)
+                users = [acl.user for acl in machine.acl]
+                return "\n".join(map(self.userToPrinc, users) + [''])
+        
+        def userToPrinc(self, user):
+                if '@' in user:
+                        (princ, realm) = user.split('@')
+                else:
+                        princ = user
+                        realm = "ATHENA.MIT.EDU"
+                
+                return princ.replace('.', '/') + realm
         
         def getattr(self, path):
@@ -94 +119 @@
                         st.st_nlink = 2
                 elif depth == 1:
-                        if parts[-1] in machines:
+                        if parts[-1] in self.getMachines():
                                 st.st_mode = stat.S_IFDIR | 0755
                                 st.st_nlink = 2
+                                st.st_uid = st.st_gid = self.getUid(parts[0])
                         else:
                                 return -errno.ENOENT
@@ -102 +128 @@
                         st.st_mode = stat.S_IFREG | 0444
                         st.st_nlink = 1
-                        st.st_size = 17
+                        st.st_size = len(self.getK5login(parts[0]))
+                        st.st_uid = st.st_gid = self.getUid(parts[0])
                 else:
-                        st = os.lstat(self.mirrorPath(path))
+                        stats = list(os.lstat(self.mirrorPath(path)))
+                        stats[4:6] = [self.getUid(parts[0])] * 2
+                        return tuple(stats)
                 return st.toTuple()
         
         def readdir(self, path, offset):
                 print '*** readdir', path, offset
+                for (value, zero) in self.getdir(path):
+                        yield fuse.Direntry(value)
+        
+        def getdir(self, path):
+                print '*** getdir', path
                 if path == '/':
-                        for r in  ['.', '..']+machines:
-                                yield fuse.Direntry(r)
+                        contents = ['.', '..']+self.getMachines()
                 elif getDepth(path) == 1:
-                        for r in set(os.listdir(self.mirrorPath(path)) + ['.k5login']):
-                                yield fuse.Direntry(r)
+                        contents = set(os.listdir(self.mirrorPath(path)) + ['.k5login', '.', '..'])
                 else:
-                        for r in os.listdir(self.mirrorPath(path)):
-                                yield fuse.Direntry(r)
+                        contents = os.listdir(self.mirrorPath(path)) + ['.', '..']
+                return [(i, 0) for i in contents]
         
         def read ( self, path, length, offset ):
                 print '*** read', path, length, offset
                 
+                parts = getParts(path)
+                
                 if getDepth(path) < 2:
                         return -errno.ENOENT
-                elif getParts(path)[1:] == ['.k5login']:
-                        pass
+                elif parts[1:] == ['.k5login']:
+                        if parts[0] not in self.getMachines():
+                                return -errno.ENOENT
+                        else:
+                                return self.getK5login(parts[0])[offset:length + offset]
                 else:
                         fname = self.mirrorPath(path)
@@ -136 +173 @@
 
 if __name__ == '__main__':
+        sipb_xen_database.connect('postgres://sipb-xen@sipb-xen-dev.mit.edu/sipb_xen')
         usage="""
 ConsoleFS [mount_path]