Commit a430914d authored by Leigh Stoller's avatar Leigh Stoller

New config script to "localize" the node at bootup. Currently just

installs a new root pubkey into /root/.ssh, which comes from a
sitevar.
parent d746ca67
......@@ -20,7 +20,7 @@ SUBDIR = tmcd/common/config
SCRIPTS = $(addprefix $(SRCDIR)/, \
rc.config rc.misc rc.mounts rc.accounts rc.route \
rc.tunnels rc.ifconfig rc.delays rc.hostnames \
rc.syncserver rc.linkagent \
rc.syncserver rc.linkagent rc.localize \
rc.keys rc.trafgen rc.tarfiles rc.rpms rc.progagent \
rc.startcmd rc.simulator rc.topomap rc.firewall)
......
......@@ -79,13 +79,13 @@ if (@ARGV) {
my @bootscripts;
if (MFS()) {
@bootscripts = ("rc.misc", "rc.mounts", "rc.accounts",
@bootscripts = ("rc.misc", "rc.localize", "rc.mounts", "rc.accounts",
"rc.hostnames", "rc.keys", "rc.tarfiles",
"rc.rpms", "rc.startcmd");
}
else {
@bootscripts = ("rc.misc", "rc.keys", "rc.mounts", "rc.topomap",
"rc.accounts",
@bootscripts = ("rc.misc", "rc.localize", "rc.keys", "rc.mounts",
"rc.topomap", "rc.accounts",
"rc.route", "rc.tunnels", "rc.ifconfig", "rc.delays",
"rc.hostnames", "rc.syncserver", "rc.trafgen",
"rc.tarfiles", "rc.rpms", "rc.progagent", "rc.linkagent",
......
#!/usr/bin/perl -w
#
# EMULAB-COPYRIGHT
# Copyright (c) 2004 University of Utah and the Flux Group.
# All rights reserved.
#
use English;
use Getopt::Std;
sub usage()
{
print "Usage: " .
scriptname() . " [-j vnodeid] boot|shutdown|reconfig|reset\n";
exit(1);
}
my $optlist = "j:";
my $action = "boot";
# Turn off line buffering on output
$| = 1;
# Drag in path stuff so we can find emulab stuff.
BEGIN { require "/etc/emulab/paths.pm"; import emulabpaths; }
# Only root.
if ($EUID != 0) {
die("*** $0:\n".
" Must be root to run this script!\n");
}
#
# Load the OS independent support library. It will load the OS dependent
# library and initialize itself.
#
use libsetup;
use libtmcc;
use librc;
#
# Not all clients support this.
#
exit(0)
if (REMOTE() || JAILED() || CONTROL());
# Protos.
sub doboot();
sub doshutdown();
sub doreconfig();
sub docleanup();
# Parse command line.
if (! getopts($optlist, \%options)) {
usage();
}
if (defined($options{'j'})) {
my $vnodeid = $options{'j'};
libsetup_setvnodeid($vnodeid);
}
# Allow default above.
if (@ARGV) {
$action = $ARGV[0];
}
# Execute the action.
SWITCH: for ($action) {
/^boot$/i && do {
doboot();
last SWITCH;
};
/^shutdown$/i && do {
doshutdown();
last SWITCH;
};
/^reconfig$/i && do {
doreconfig();
last SWITCH;
};
/^reset$/i && do {
docleanup();
last SWITCH;
};
fatal("Invalid action: $action\n");
}
exit(0);
# More protos
sub donodeid();
sub docreator();
#
# Boot Action.
#
sub doboot()
{
my @tmccresults;
my @pubkeys = ();
print STDOUT "Checking Testbed localization configuration ... \n";
if (tmcc(TMCCCMD_LOCALIZATION, undef, \@tmccresults) < 0) {
fatal("Could not get localization info from server!");
}
# Important; if no results then do nothing.
return 0
if (! @tmccresults);
#
# Go through and see what we got. For now, we expect just ssh keys
#
foreach my $str (@tmccresults) {
if ($str =~ /^ROOTPUBKEY='(.*)'$/) {
push(@pubkeys, $1);
}
else {
warning("Bad localization line: $str");
}
}
#
# Write new pubkeys to root authkeys file. As a safety mechanism, back
# up old authkeys to authkeys2 file, which is also used by openssh sshd.
#
if (@pubkeys) {
my $authkeys = "/root/.ssh/authorized_keys";
my $authkeys2 = "/root/.ssh/authorized_keys2";
system("cp -pf $authkeys $authkeys2") == 0
or fatal("Could not backup root ssh authorized_keys file");
if (!open(AUTHKEYS, "> ${authkeys}.new")) {
warning("Could not open ${authkeys}.new: $!");
return -1;
}
print AUTHKEYS "#\n";
print AUTHKEYS "# DO NOT EDIT! This file auto generated at bootup.\n";
print AUTHKEYS "#\n";
foreach my $key (@pubkeys) {
print AUTHKEYS "$key\n";
}
close(AUTHKEYS);
system("mv -f ${authkeys}.new ${authkeys}") == 0
or warning("Could not mv ${authkeys}.new to ${authkeys}");
return 0;
}
}
#
# Shutdown Action.
#
sub doshutdown()
{
# Nothing to do
}
#
# Node Reconfig Action (without rebooting).
#
sub doreconfig()
{
doshutdown();
return doboot();
}
#
# Node cleanup action (node is reset to completely clean state).
#
sub docleanup()
{
}
......@@ -28,7 +28,7 @@ use Exporter;
TMCCCMD_NTPINFO TMCCCMD_NTPDRIFT TMCCCMD_EVENTKEY TMCCCMD_ROUTELIST
TMCCCMD_ROLE TMCCCMD_RUSAGE TMCCCMD_WATCHDOGINFO TMCCCMD_HOSTKEYS
TMCCCMD_FIREWALLINFO TMCCCMD_EMULABCONFIG
TMCCCMD_CREATOR TMCCCMD_HOSTINFO
TMCCCMD_CREATOR TMCCCMD_HOSTINFO TMCCCMD_LOCALIZATION
);
# Must come after package declaration!
......@@ -159,6 +159,7 @@ my %commandset =
"emulabconfig" => {TAG => "emulabconfig"},
"creator" => {TAG => "creator"},
"hostinfo" => {TAG => "hostinfo"},
"localization" => {TAG => "localization"},
);
#
......@@ -206,6 +207,7 @@ sub TMCCCMD_FIREWALLINFO(){ $commandset{"firewallinfo"}->{TAG}; }
sub TMCCCMD_EMULABCONFIG(){ $commandset{"emulabconfig"}->{TAG}; }
sub TMCCCMD_CREATOR (){ $commandset{"creator"}->{TAG}; }
sub TMCCCMD_HOSTINFO (){ $commandset{"hostinfo"}->{TAG}; }
sub TMCCCMD_LOCALIZATION(){ $commandset{"localization"}->{TAG}; }
#
# Caller uses this routine to set configuration of this library
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment