Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
emulab
emulab-devel
Commits
dfd1d0a7
Commit
dfd1d0a7
authored
Sep 24, 2015
by
Leigh B Stoller
Browse files
Shuffle GetSSHKeys a bit so I can use it from the XMLRPC interface.
parent
c3339c9d
Changes
2
Hide whitespace changes
Inline
Side-by-side
apt/APT_Instance.pm.in
View file @
dfd1d0a7
...
...
@@ -30,14 +30,21 @@ use Data::Dumper;
use
POSIX
qw
(
tmpnam
);
use
Exporter
;
use
vars
qw
(@
ISA
@
EXPORT
$
AUTOLOAD
$
RECORDHISTORY_TERMINATED
$
RECORDHISTORY_EXPIRED
);
$
RECORDHISTORY_TERMINATED
$
RECORDHISTORY_EXPIRED
$
APT_HOLDINGPROJECT
$
CLOUD_HOLDINGPROJECT
);
@
ISA
=
"Exporter"
;
#
RecordHistory
flags
.
$
RECORDHISTORY_TERMINATED
=
0x00
;
$
RECORDHISTORY_EXPIRED
=
0x01
;
@
EXPORT
=
qw
($
RECORDHISTORY_TERMINATED
$
RECORDHISTORY_EXPIRED
);
#
Names
of
the
holding
projects
.
$
APT_HOLDINGPROJECT
=
"aptguests"
;
$
CLOUD_HOLDINGPROJECT
=
"CloudLab"
;
@
EXPORT
=
qw
($
RECORDHISTORY_TERMINATED
$
RECORDHISTORY_EXPIRED
$
APT_HOLDINGPROJECT
$
CLOUD_HOLDINGPROJECT
);
#
Must
come
after
package
declaration
!
use
EmulabConstants
;
...
...
@@ -526,6 +533,14 @@ sub GetGeniAuthority($)
return
APT_Geni
::
GetAuthority
($
self
->
aggregate_urn
());
}
sub
GetProject
($)
{
my
($
self
)
=
@
_
;
require
Project
;
return
Project
->
Lookup
($
self
->
pid_idx
());
}
#
#
Warn
creator
that
the
experiment
is
going
to
expire
.
This
is
hooked
#
in
from
the
sa_daemon
,
so
we
can
send
a
message
that
is
less
geni
like
...
...
@@ -719,6 +734,80 @@ sub WriteCredentials($$)
return
0
;
}
#
#
Build
a
set
of
sshkeys
.
#
sub
GetSSHKeys
($$)
{
my
($
self
,
$
pref
)
=
@
_
;
my
$
rval
;
my
@
keys
;
my
$
geniuser
=
$
self
->
GetGeniUser
();
return
-
1
if
(
!defined($geniuser));
my
$
project
=
$
self
->
GetProject
();
return
-
1
if
(
!defined($project));
if
($
geniuser
->
GetKeyBundle
(\@
keys
,
1
)
<
0
||
!@keys) {
print
STDERR
"No ssh keys for $geniuser
\n
"
;
return
-
1
;
}
#
#
CM
format
.
#
$
rval
=
[{
'urn'
=>
$
geniuser
->
urn
(),
'login'
=>
$
geniuser
->
uid
(),
'keys'
=>
[
@
keys
]
}];
if
(
! ($project->pid() eq $APT_HOLDINGPROJECT ||
$
project
->
pid
()
eq
$
CLOUD_HOLDINGPROJECT
))
{
#
#
Get
other
users
from
the
project
.
Real
local
users
are
easy
,
#
nonlocal
users
from
the
GPO
portal
are
messy
.
#
my
@
members
;
if
($
project
->
GetProjectGroup
()->
MemberList
(\@
members
))
{
print
STDERR
"Error getting memberlist for $project
\n
"
;
}
else
{
foreach
my
$
member
(@
members
)
{
next
if
($
member
->
SameUser
($
geniuser
->
emulab_user
()));
my
$
guser
=
GeniUser
->
CreateFromLocal
($
member
);
next
if
(
!defined($guser));
#
#
So
,
users
coming
in
from
the
trusted
signer
have
their
keys
#
at
their
home
portal
.
We
download
those
keys
whenever
they
#
log
in
,
and
cache
them
in
their
local
stub
account
,
but
they
#
could
be
out
of
date
.
But
in
order
to
refresh
those
keys
,
we
#
would
need
a
valid
(
not
expired
)
speaks
-
for
credential
,
which
#
we
might
have
,
but
typically
not
since
they
have
short
expire
#
times
.
So
,
lets
not
worry
about
this
right
now
,
just
use
the
#
cached
keys
and
see
who
complains
.
#
@
keys
=
();
if
($
guser
->
GetKeyBundle
(\@
keys
,
1
)
<
0
||
!@keys) {
print
STDERR
"No ssh keys for $guser
\n
"
;
next
;
}
push
(@{$
rval
},
{
'urn'
=>
$
guser
->
urn
(),
'login'
=>
$
guser
->
uid
(),
'keys'
=>
[
@
keys
]
});
}
}
}
$$
pref
=
$
rval
;
return
0
;
}
###################################################################
package
APT_Instance
::
Aggregate
;
use
emdb
;
...
...
apt/create_instance.in
View file @
dfd1d0a7
...
...
@@ -92,10 +92,6 @@ my $UPDATEGENIUSER= "$TB/sbin/protogeni/updategeniuser";
my
$STITCHER
=
"
$TB
/gcf/src/stitcher.py
";
my
$OPENSSL
=
"
/usr/bin/openssl
";
# Names of the holding projects.
my
$APT_HOLDINGPROJECT
=
"
aptguests
";
my
$CLOUD_HOLDINGPROJECT
=
"
CloudLab
";
# un-taint path
$ENV
{'
PATH
'}
=
'
/bin:/usr/bin:/usr/local/bin:/usr/site/bin
';
delete
@ENV
{'
IFS
',
'
CDPATH
',
'
ENV
',
'
BASH_ENV
'};
...
...
@@ -579,15 +575,6 @@ if (!$debug) {
}
}
#
# Get the set of keys (accounts) that need to be sent along. We build
# them in CM format, but convert to AM format later if needed.
#
my
$sshkeys
;
if
(
GetSSHKeys
(
$geniuser
,
$project
,
\
$sshkeys
)
<
0
||
!
@
{
$sshkeys
})
{
fatal
("
No ssh keys to use for
$geniuser
/
$project
!
");
}
# Generate the extra credentials that tells the backend this experiment
# can access the datasets.
my
@dataset_credentials
=
();
...
...
@@ -727,6 +714,17 @@ else {
$instance
->
Update
({'
aggregate_urn
'
=>
$default_aggregate_urn
});
}
#
# Get the set of keys (accounts) that need to be sent along. We build
# them in CM format, but convert to AM format later if needed.
#
my
$sshkeys
;
if
(
$instance
->
GetSSHKeys
(
\
$sshkeys
)
<
0
||
!
@
{
$sshkeys
})
{
$slice
->
Delete
();
$instance
->
Delete
();
fatal
("
Error constructing ssh key list
");
}
# We use this list of references for ParRun below.
my
@aggregate_list
=
();
foreach
my
$aggregate_urn
(
@aggregate_urns
)
{
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment