Commit 280743f4 authored by Mike Hibler's avatar Mike Hibler

Add a temporary "Soft SECVIOLATION" mode to stated.

This prevents it from powering off nodes and generally being quite so
anal about "security violations" in the SECURE boot/load path.  We will
leave this on til we get all the d710 kinks worked out.
parent b1a3f09e
......@@ -57,6 +57,9 @@ my %msgs = ();
my $reload_time = 600;
my $last_reload = time;
# Handling of SECVIOLATIONS, eventually controlled by a sitevar
my $soft_secviolation = 1;
# Command line opts.
my $dbtag = "";
my $debug = 0;
......@@ -643,8 +646,19 @@ sub stateTransition($$) {
#
if ($oldstate eq TBDB_NODESTATE_SECVIOLATION &&
$newstate ne TBDB_NODESTATE_SECVIOLATION) {
notify("$node tried to leave SECVIOLATION (to $newstate)\n");
$newstate = TBDB_NODESTATE_SECVIOLATION;
#
# Allow transitions to SHUTDOWN.
# This allows someone to reboot a node in the SECVIOLATION state
# getting it back to MINIMAL/SHUTDOWN.
#
# XXX DEBUG ONLY!
#
if ($soft_secviolation && $newstate eq TBDB_NODESTATE_SHUTDOWN) {
notify("$node allowed to transition: SECVIOLATION => SHUTDOWN\n");
} else {
notify("$node tried to leave SECVIOLATION (to $newstate)\n");
$newstate = TBDB_NODESTATE_SECVIOLATION;
}
}
my $now = time();
......@@ -872,10 +886,16 @@ sub stateTransition($$) {
(/^EMAILNOTIFY$/) && do {
my $msg = "$node entered state $mode/$newstate from " .
"$mode/$oldstate";
my $dest = $REALTBOPS;
if ($newstate eq TBDB_NODESTATE_SECVIOLATION) {
$msg .= "\n\nNode $node has been powered off.\n" .
"You must address the cause of the violation ".
"and reset the eventstate before powering on.";
if ($soft_secviolation) {
$msg .= "\n\nNode $node was allowed to continue.\n";
$dest = $TBOPS;
} else {
$msg .= "\n\nNode $node has been powered off.\n" .
"You must address the cause of the violation ".
"and reset the eventstate before powering on.";
}
}
SENDMAIL($REALTBOPS,
"STATED: $node entered state $newstate",
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment