Commit 5011f5ae authored by Mike Hibler's avatar Mike Hibler

Make the interval at which we reset a node's root password a sitevar.

The interval (60 minutes) was compiled into tmcd before.

N.B.: DYNAMICROOTPASSWORD must be defined for this sitevar to have any
effect. Otherwise, the root password is *never* set to the Emulab value.
This is not a change in behavior, just sayin...
parent d28d8354
......@@ -42,6 +42,7 @@ INSERT INTO sitevariables VALUES ('plab/setup/vnode_batch_size',NULL,'40','Numbe
INSERT INTO sitevariables VALUES ('plab/setup/vnode_wait_time','300','960','Number of seconds to wait for a plab node to setup',0);
INSERT INTO sitevariables VALUES ('watchdog/rusage','30','300','Interval in _seconds_ between node resource usage reports (0==never report)',0);
INSERT INTO sitevariables VALUES ('watchdog/hostkeys',NULL,'999999','Interval in minutes between host key reports (0=never report, 999999=once only)',0);
INSERT INTO sitevariables VALUES ('watchdog/rootpswd',NULL,'60','Interval in minutes between forced resets of root password to Emulab-assigned value (0=never reset)',0);
INSERT INTO sitevariables VALUES ('plab/message',NULL,'','Message to display at the top of the plab_ez page',0);
INSERT INTO sitevariables VALUES ('node/ssh_pubkey','ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEA5pIVUkDhVdgGUcsUTQgmI/N4AhJba05gGn7/Ja46OorcKH12sbn9uH4XImdXRF16VVPMTytcOUAqsMsQ20cUcGyvXHnmmNANrLO2htCzNUdrbPkx5X63FNujjp7mLgdlnwzh/Zuoxw65DVXeVp3T5+9Ad25O4u9ybYsHFc8RmBM= root@boss.emulab.net','','Boss SSH public key to install on nodes',0);
INSERT INTO sitevariables VALUES ('web/banner',NULL,'','Message to place in large lettering at top of home page (typically a special message)',0);
......
#
# Add sitevariable for root password updates
#
use strict;
use libdb;
sub DoUpdate($$$)
{
my ($dbhandle, $dbname, $version) = @_;
DBQueryFatal("INSERT INTO `sitevariables` VALUES ".
"('watchdog/rootpswd',NULL,'60','Interval in minutes between forced resets of root password to Emulab-assigned value (0=never reset)',0)")
if (!TBSiteVarExists("watchdog/rootpswd"));
return 0;
}
1;
......@@ -9185,7 +9185,7 @@ COMMAND_PROTOTYPE(dodoginfo)
char buf[MYBUFSIZE], *bp;
int nrows, *iv;
int iv_interval, iv_isalive, iv_ntpdrift, iv_cvsup;
int iv_rusage, iv_hkeys, iv_dhcpdconf;
int iv_rusage, iv_hkeys, iv_dhcpdconf, iv_rootpswd;
/*
* XXX sitevar fetching should be a library function
......@@ -9200,7 +9200,12 @@ COMMAND_PROTOTYPE(dodoginfo)
}
iv_interval = iv_isalive = iv_ntpdrift = iv_cvsup =
iv_rusage = iv_hkeys = -1;
iv_rusage = iv_hkeys = iv_dhcpdconf = -1;
#ifdef DYNAMICROOTPASSWORDS
iv_rootpswd = 60;
#else
iv_rootpswd = 0;
#endif
while (nrows) {
iv = 0;
row = mysql_fetch_row(res);
......@@ -9216,6 +9221,8 @@ COMMAND_PROTOTYPE(dodoginfo)
iv = &iv_hkeys;
} else if (strcmp(row[0], "watchdog/dhcpdconf") == 0) {
iv = &iv_dhcpdconf;
} else if (strcmp(row[0], "watchdog/rootpswd") == 0) {
iv = &iv_rootpswd;
} else if (strcmp(row[0], "watchdog/isalive/local") == 0) {
if (reqp->islocal && !reqp->isvnode)
iv = &iv_isalive;
......@@ -9237,6 +9244,9 @@ COMMAND_PROTOTYPE(dodoginfo)
/* else check for default value */
else if (row[2] && row[2][0])
*iv = atoi(row[2]) * 60;
/* XXX backward compat: use compiled in default */
else if (*iv >= 0)
*iv *= 60;
else
error("WATCHDOGINFO: sitevar %s not set\n",
row[0]);
......@@ -9253,6 +9263,8 @@ COMMAND_PROTOTYPE(dodoginfo)
* - local nodes do not cvsup
* - only a plab node service slice reports rusage
* (which it uses in place of isalive)
* - only enforce root password reset if DYNAMICROOTPASSWORDS
* is defined (handled above)
*/
if ((reqp->islocal && reqp->isvnode) || reqp->isplabdslice) {
iv_ntpdrift = iv_cvsup = 0;
......@@ -9274,14 +9286,9 @@ COMMAND_PROTOTYPE(dodoginfo)
"RUSAGE=%d HOSTKEYS=%d DHCPDCONF=%d",
iv_interval, iv_isalive, iv_ntpdrift, iv_cvsup,
iv_rusage, iv_hkeys, iv_dhcpdconf);
if (vers >= 29) {
int rootpswdinterval = 0;
#ifdef DYNAMICROOTPASSWORDS
rootpswdinterval = 3600;
#endif
if (vers >= 29)
OUTPUT(bp, sizeof(buf) - (bp - buf), " SETROOTPSWD=%d\n",
rootpswdinterval);
}
iv_rootpswd);
else
OUTPUT(bp, sizeof(buf) - (bp - buf), "\n");
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment