Commit da69ca5d authored by Leigh B. Stoller's avatar Leigh B. Stoller
Browse files

Redo the linktest control stuff a bit. I had it doing an ssh over to

ops as the user, but that breaks for admin people who have real shells
on boss and no unencrypted key in the .ssh dir. So, switched it to a
root ssh, and a simple proxy on the other side that flips to the user
and invokes the run_linktest stuff.
parent 013df29a
......@@ -48,6 +48,9 @@ control-install:
@$(MAKE) -C sched control-install
@$(MAKE) -C linktest install
post-install:
@$(MAKE) -C linktest post-install
clean: clean-subdirs
distclean: distclean-subdirs
......
......@@ -15,6 +15,7 @@ DAEMON = linktest
LTEVENT = ltevent
SCRIPT = linktest.pl
SCRIPT_RUN = run_linktest.pl
SCRIPT_PROXY = linktest.proxy
SCRIPT_CONTROL = linktest_control
SCRIPT_TBCOMPAT = tb_compat.tcl
SCRIPT_NSTB_COMPAT = nstb_compat.tcl
......@@ -23,7 +24,8 @@ SYSTEM := $(shell uname -s)
include $(OBJDIR)/Makeconf
all: binaries $(SCRIPT) $(SCRIPT_RUN) weblinktest linktest_control
all: binaries $(SCRIPT) $(SCRIPT_RUN) $(SCRIPT_PROXY) \
weblinktest linktest_control
include $(TESTBED_SRCDIR)/GNUmakerules
......@@ -84,12 +86,20 @@ install:
$(INSTALL_DATA) $(SRCDIR)/linktest.html $(INSTALL_WWWDIR)/doc
$(INSTALL_PROGRAM) $(SCRIPT_RUN) \
$(INSTALL_DIR)/opsdir/bin/$(SCRIPT_RUN)
$(INSTALL_PROGRAM) $(SCRIPT_PROXY) \
$(INSTALL_DIR)/opsdir/sbin/$(SCRIPT_PROXY)
$(INSTALL_PROGRAM) $(LOCAL_BINDIR)/$(LTEVENT) \
$(INSTALL_DIR)/opsdir/libexec/$(LTEVENT)
@echo "Don't forget to do a post-install as root"
post-install:
chown root $(INSTALL_SBINDIR)/$(SCRIPT_CONTROL)
chmod u+s $(INSTALL_SBINDIR)/$(SCRIPT_CONTROL)
control-install:
$(INSTALL_PROGRAM) $(LOCAL_BINDIR)/$(LTEVENT) $(INSTALL_LIBEXECDIR)
$(INSTALL_PROGRAM) $(SCRIPT_RUN) $(INSTALL_BINDIR)
$(INSTALL_PROGRAM) $(SCRIPT_PROXY) $(INSTALL_BINDIR)
client: all
client-install: client
......
#!/usr/bin/perl -w
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2004 University of Utah and the Flux Group.
# All rights reserved.
#
use English;
use Getopt::Std;
use Errno;
use POSIX ":sys_wait_h";
#
# A wrapper for controlling the event scheduler from boss.
#
# The first argument option is the user to run this script as, since we
# get invoked by a root ssh from boss.
#
#
sub usage()
{
print "Usage: linktest.proxy [-d level] -u user -g gid -e pid/eid ".
"-l level -o logfile -t timeout\n";
exit(-1);
}
my $optlist = "d:u:g:e:l:o:t:";
my $debug = 0;
my $user;
my $gid;
my $pid;
my $eid;
my $level;
my $logfile;
my $timeout;
#
# Configure variables
#
my $TB = "@prefix@";
my $TBOPS = "@TBOPSEMAIL@";
my $linktest = "$TB/bin/run_linktest.pl";
#
# Turn off line buffering on output
#
$| = 1;
#
# Untaint the path
#
$ENV{'PATH'} = "/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin";
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
#
# Only real root, from boss.
#
if ($UID != 0) {
die("*** $0:\n".
" Must be root to run this script!\n");
}
#
# Testbed Support libraries
#
use lib "@prefix@/lib";
use libtestbed;
#
# Parse command arguments. Once we return from getopts, all that should be
# left are the required arguments.
#
%options = ();
if (! getopts($optlist, \%options)) {
usage();
}
if (@ARGV) {
usage();
}
if (! defined($options{"u"}) ||
! defined($options{"e"}) ||
! defined($options{"l"}) ||
! defined($options{"g"})) {
usage();
}
if (defined($options{"d"})) {
$debug = 1;
}
$user = $options{"u"};
$gid = $options{"g"};
$level = $options{"l"};
if ($options{"e"} =~ /^([-\w]*)\/([-\w]*)$/) {
$pid = $1;
$eid = $2;
}
else {
usage();
}
if (defined($options{"d"})) {
$debug = $options{"d"};
}
if (defined($options{"t"})) {
$timeout = $options{"t"};
}
if (defined($options{"o"})) {
$output = $options{"o"};
}
#
# Okay, now flip to user before running linktest. Must put the user
# into both the project group and the experiment subgroup.
#
my (undef,undef,$unix_uid) = getpwnam($user) or
die("*** $0:\n".
" No such user $user\n");
my (undef,undef,$unix_ggid) = getgrnam($gid) or
die("*** $0:\n".
" No such group $gid\n");
my (undef,undef,$unix_pgid) = getgrnam($pid) or
die("*** $0:\n".
" No such group $pid\n");
# Flip to user and never go back!
$GID = $unix_ggid;
$EGID = "$unix_ggid $unix_ggid $unix_pgid";
$EUID = $UID = $unix_uid;
$ENV{'USER'} = $user;
$ENV{'LOGNAME'} = $user;
# And run it. Pass a list to exec to avoid extra shell.
my @cmdandargs = ("$linktest", "-v", "-l", $level, "-s", "localhost",
"-e", "$pid/$eid");
push(@cmdandargs, ("-d", $debug))
if ($debug);
push(@cmdandargs, ("-t", $timeout))
if (defined($timeout));
push(@cmdandargs, ("-o", $output))
if (defined($output));
exec(@cmdandargs);
die("*** $0:\n".
" Could not exec $linktest!");
......@@ -32,6 +32,8 @@ my $cancel = 0;
my $timeout;
my $level;
my $output;
my $expstate;
my $dbuid;
my $child_pid; # Child run_linktest process.
#
......@@ -58,6 +60,11 @@ delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
#
$| = 1;
if ($EUID != 0) {
die("*** $0:\n".
" Must be root! Maybe its a development version?\n");
}
#
# Parse command arguments. Once we return from getopts, all that should be
# left are the required arguments.
......@@ -125,6 +132,43 @@ else {
die("Bad data in eid: $eid.");
}
#
# Check state. Only in the active state
#
if (! ($expstate = ExpState($pid, $eid))) {
die("*** $0:\n".
" No such experiment $pid/$eid!\n");
}
if ($expstate ne EXPTSTATE_ACTIVE) {
die("*** $0:\n".
" Experiment $pid/$eid must active!\n");
}
# Need this to pass to boss.
if (! UNIX2DBUID($UID, \$dbuid)) {
die("*** $0:\n".
" You do not exist in the Emulab Database!\n");
}
#
# Check permission. Only people with permission to destroy the experiment
# can do this.
#
if (! TBExptAccessCheck($UID, $pid, $eid, TB_EXPT_DESTROY)) {
die("*** $0:\n".
" You do not have permission to start/stop linktest for ".
"$pid/$eid!\n");
}
# Need the unix_gid info to pass to boss.
my $gid = ExpGroup($pid, $eid);
my ($unix_gid, $unix_gidname);
if (! TBGroupUnixInfo($pid, $gid, \$unix_gid, \$unix_gidname)) {
die("*** $0:\n".
" Could not get unix group info for $pid/$gid!\n");
}
#
# Lets see if there is a linktest running already.
#
......@@ -228,7 +272,7 @@ if ($child_pid) {
# everything die off properly.
#
my $cmd = "$SSH -t -t -1 -F /dev/null " .
"-host $CONTROL $TB/bin/run_linktest.pl -v";
"-host $CONTROL $TB/sbin/linktest.proxy ";
$cmd .= " -d $debug"
if ($debug);
$cmd .= " -t $timeout"
......@@ -236,11 +280,15 @@ $cmd .= " -t $timeout"
$cmd .= " -o $output"
if (defined($output));
$cmd .= " -l " . (defined($level) ? $level : $linktest_level);
$cmd .= " -s ops -e $pid/$eid";
$cmd .= " -g " . $unix_gidname;
$cmd .= " -u $dbuid";
$cmd .= " -e $pid/$eid";
print "Running '$cmd'\n"
if ($debug);
# For sshtb
$UID=0;
exec($cmd);
die("*** $0:\n".
" Could not exec run_linktest.pl\n");
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment