Commit 5011f5ae authored by Mike Hibler's avatar Mike Hibler

Make the interval at which we reset a node's root password a sitevar.

The interval (60 minutes) was compiled into tmcd before.

N.B.: DYNAMICROOTPASSWORD must be defined for this sitevar to have any
effect. Otherwise, the root password is *never* set to the Emulab value.
This is not a change in behavior, just sayin...
parent d28d8354
...@@ -42,6 +42,7 @@ INSERT INTO sitevariables VALUES ('plab/setup/vnode_batch_size',NULL,'40','Numbe ...@@ -42,6 +42,7 @@ INSERT INTO sitevariables VALUES ('plab/setup/vnode_batch_size',NULL,'40','Numbe
INSERT INTO sitevariables VALUES ('plab/setup/vnode_wait_time','300','960','Number of seconds to wait for a plab node to setup',0); INSERT INTO sitevariables VALUES ('plab/setup/vnode_wait_time','300','960','Number of seconds to wait for a plab node to setup',0);
INSERT INTO sitevariables VALUES ('watchdog/rusage','30','300','Interval in _seconds_ between node resource usage reports (0==never report)',0); INSERT INTO sitevariables VALUES ('watchdog/rusage','30','300','Interval in _seconds_ between node resource usage reports (0==never report)',0);
INSERT INTO sitevariables VALUES ('watchdog/hostkeys',NULL,'999999','Interval in minutes between host key reports (0=never report, 999999=once only)',0); INSERT INTO sitevariables VALUES ('watchdog/hostkeys',NULL,'999999','Interval in minutes between host key reports (0=never report, 999999=once only)',0);
INSERT INTO sitevariables VALUES ('watchdog/rootpswd',NULL,'60','Interval in minutes between forced resets of root password to Emulab-assigned value (0=never reset)',0);
INSERT INTO sitevariables VALUES ('plab/message',NULL,'','Message to display at the top of the plab_ez page',0); INSERT INTO sitevariables VALUES ('plab/message',NULL,'','Message to display at the top of the plab_ez page',0);
INSERT INTO sitevariables VALUES ('node/ssh_pubkey','ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA5pIVUkDhVdgGUcsUTQgmI/N4AhJba05gGn7/Ja46OorcKH12sbn9uH4XImdXRF16VVPMTytcOUAqsMsQ20cUcGyvXHnmmNANrLO2htCzNUdrbPkx5X63FNujjp7mLgdlnwzh/Zuoxw65DVXeVp3T5+9Ad25O4u9ybYsHFc8RmBM= root@boss.emulab.net','','Boss SSH public key to install on nodes',0); INSERT INTO sitevariables VALUES ('node/ssh_pubkey','ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA5pIVUkDhVdgGUcsUTQgmI/N4AhJba05gGn7/Ja46OorcKH12sbn9uH4XImdXRF16VVPMTytcOUAqsMsQ20cUcGyvXHnmmNANrLO2htCzNUdrbPkx5X63FNujjp7mLgdlnwzh/Zuoxw65DVXeVp3T5+9Ad25O4u9ybYsHFc8RmBM= root@boss.emulab.net','','Boss SSH public key to install on nodes',0);
INSERT INTO sitevariables VALUES ('web/banner',NULL,'','Message to place in large lettering at top of home page (typically a special message)',0); INSERT INTO sitevariables VALUES ('web/banner',NULL,'','Message to place in large lettering at top of home page (typically a special message)',0);
......
#
# Add sitevariable for root password updates
#
use strict;
use libdb;
sub DoUpdate($$$)
{
my ($dbhandle, $dbname, $version) = @_;
DBQueryFatal("INSERT INTO `sitevariables` VALUES ".
"('watchdog/rootpswd',NULL,'60','Interval in minutes between forced resets of root password to Emulab-assigned value (0=never reset)',0)")
if (!TBSiteVarExists("watchdog/rootpswd"));
return 0;
}
1;
...@@ -9185,7 +9185,7 @@ COMMAND_PROTOTYPE(dodoginfo) ...@@ -9185,7 +9185,7 @@ COMMAND_PROTOTYPE(dodoginfo)
char buf[MYBUFSIZE], *bp; char buf[MYBUFSIZE], *bp;
int nrows, *iv; int nrows, *iv;
int iv_interval, iv_isalive, iv_ntpdrift, iv_cvsup; int iv_interval, iv_isalive, iv_ntpdrift, iv_cvsup;
int iv_rusage, iv_hkeys, iv_dhcpdconf; int iv_rusage, iv_hkeys, iv_dhcpdconf, iv_rootpswd;
/* /*
* XXX sitevar fetching should be a library function * XXX sitevar fetching should be a library function
...@@ -9200,7 +9200,12 @@ COMMAND_PROTOTYPE(dodoginfo) ...@@ -9200,7 +9200,12 @@ COMMAND_PROTOTYPE(dodoginfo)
} }
iv_interval = iv_isalive = iv_ntpdrift = iv_cvsup = iv_interval = iv_isalive = iv_ntpdrift = iv_cvsup =
iv_rusage = iv_hkeys = -1; iv_rusage = iv_hkeys = iv_dhcpdconf = -1;
#ifdef DYNAMICROOTPASSWORDS
iv_rootpswd = 60;
#else
iv_rootpswd = 0;
#endif
while (nrows) { while (nrows) {
iv = 0; iv = 0;
row = mysql_fetch_row(res); row = mysql_fetch_row(res);
...@@ -9216,6 +9221,8 @@ COMMAND_PROTOTYPE(dodoginfo) ...@@ -9216,6 +9221,8 @@ COMMAND_PROTOTYPE(dodoginfo)
iv = &iv_hkeys; iv = &iv_hkeys;
} else if (strcmp(row[0], "watchdog/dhcpdconf") == 0) { } else if (strcmp(row[0], "watchdog/dhcpdconf") == 0) {
iv = &iv_dhcpdconf; iv = &iv_dhcpdconf;
} else if (strcmp(row[0], "watchdog/rootpswd") == 0) {
iv = &iv_rootpswd;
} else if (strcmp(row[0], "watchdog/isalive/local") == 0) { } else if (strcmp(row[0], "watchdog/isalive/local") == 0) {
if (reqp->islocal && !reqp->isvnode) if (reqp->islocal && !reqp->isvnode)
iv = &iv_isalive; iv = &iv_isalive;
...@@ -9237,6 +9244,9 @@ COMMAND_PROTOTYPE(dodoginfo) ...@@ -9237,6 +9244,9 @@ COMMAND_PROTOTYPE(dodoginfo)
/* else check for default value */ /* else check for default value */
else if (row[2] && row[2][0]) else if (row[2] && row[2][0])
*iv = atoi(row[2]) * 60; *iv = atoi(row[2]) * 60;
/* XXX backward compat: use compiled in default */
else if (*iv >= 0)
*iv *= 60;
else else
error("WATCHDOGINFO: sitevar %s not set\n", error("WATCHDOGINFO: sitevar %s not set\n",
row[0]); row[0]);
...@@ -9253,6 +9263,8 @@ COMMAND_PROTOTYPE(dodoginfo) ...@@ -9253,6 +9263,8 @@ COMMAND_PROTOTYPE(dodoginfo)
* - local nodes do not cvsup * - local nodes do not cvsup
* - only a plab node service slice reports rusage * - only a plab node service slice reports rusage
* (which it uses in place of isalive) * (which it uses in place of isalive)
* - only enforce root password reset if DYNAMICROOTPASSWORDS
* is defined (handled above)
*/ */
if ((reqp->islocal && reqp->isvnode) || reqp->isplabdslice) { if ((reqp->islocal && reqp->isvnode) || reqp->isplabdslice) {
iv_ntpdrift = iv_cvsup = 0; iv_ntpdrift = iv_cvsup = 0;
...@@ -9274,14 +9286,9 @@ COMMAND_PROTOTYPE(dodoginfo) ...@@ -9274,14 +9286,9 @@ COMMAND_PROTOTYPE(dodoginfo)
"RUSAGE=%d HOSTKEYS=%d DHCPDCONF=%d", "RUSAGE=%d HOSTKEYS=%d DHCPDCONF=%d",
iv_interval, iv_isalive, iv_ntpdrift, iv_cvsup, iv_interval, iv_isalive, iv_ntpdrift, iv_cvsup,
iv_rusage, iv_hkeys, iv_dhcpdconf); iv_rusage, iv_hkeys, iv_dhcpdconf);
if (vers >= 29) { if (vers >= 29)
int rootpswdinterval = 0;
#ifdef DYNAMICROOTPASSWORDS
rootpswdinterval = 3600;
#endif
OUTPUT(bp, sizeof(buf) - (bp - buf), " SETROOTPSWD=%d\n", OUTPUT(bp, sizeof(buf) - (bp - buf), " SETROOTPSWD=%d\n",
rootpswdinterval); iv_rootpswd);
}
else else
OUTPUT(bp, sizeof(buf) - (bp - buf), "\n"); OUTPUT(bp, sizeof(buf) - (bp - buf), "\n");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment