Commit ff5a57de authored by Leigh Stoller's avatar Leigh Stoller

Add support for idleswapping an experiment as the creator of the

experiment, rather than as an administrator, which presents group
permission problems when the experiment is in a subgroup (requires two
additional group, whereas suexec adds only one group). That aside, the
correct approach is to run the swap as the creator. To do that, must
flip to the user (from the admin person) in the backend using the new
idleswap script, and then run the normal swapexp. Add new option to
swapexp (-i) which changes the email slightly to make it clear that
the experiment was idleswapped, and so that the From: is tbops not the
user (again, to make it more clear).
parent 765b6028
......@@ -1395,6 +1395,7 @@ outfiles="$outfiles Makeconf GNUmakefile \
tbsetup/console_setup.proxy tbsetup/exports_setup.proxy \
tbsetup/checkports tbsetup/webnodereboot tbsetup/libaudit.pm \
tbsetup/sfskey_update tbsetup/sfskey_update.proxy \
tbsetup/idleswap tbsetup/webidleswap \
tip/GNUmakefile \
tmcd/GNUmakefile tmcd/freebsd/GNUmakefile tmcd/openbsd/GNUmakefile \
tmcd/linux/GNUmakefile tmcd/ron/GNUmakefile tmcd/common/GNUmakefile \
......
......@@ -438,6 +438,7 @@ outfiles="$outfiles Makeconf GNUmakefile \
tbsetup/console_setup.proxy tbsetup/exports_setup.proxy \
tbsetup/checkports tbsetup/webnodereboot tbsetup/libaudit.pm \
tbsetup/sfskey_update tbsetup/sfskey_update.proxy \
tbsetup/idleswap tbsetup/webidleswap \
tip/GNUmakefile \
tmcd/GNUmakefile tmcd/freebsd/GNUmakefile tmcd/openbsd/GNUmakefile \
tmcd/linux/GNUmakefile tmcd/ron/GNUmakefile tmcd/common/GNUmakefile \
......
stoller 2003/04/16 11:41:12 MDT
Modified files:
. configure configure.in
tbsetup GNUmakefile.in swapexp.in
www showexp.php3 swapexp.php3
Added files:
tbsetup idleswap.in webidleswap.in
Log:
Add support for idleswapping an experiment as the creator of the
experiment, rather than as an administrator, which presents group
permission problems when the experiment is in a subgroup (requires two
additional group, whereas suexec adds only one group). That aside, the
correct approach is to run the swap as the creator. To do that, must
flip to the user (from the admin person) in the backend using the new
idleswap script, and then run the normal swapexp. Add new option to
swapexp (-i) which changes the email slightly to make it clear that
the experiment was idleswapped, and so that the From: is tbops not the
user (again, to make it more clear).
newbold 2003/04/09 16:07:12 MDT
Modified files:
......
......@@ -29,7 +29,7 @@ SBIN_STUFF = resetvlans console_setup.proxy sched_reload named_setup \
console_reset db2ns bwconfig frisbeelauncher \
rmgroup mkgroup setgroups mkproj \
exports_setup.proxy vnode_setup eventsys_start \
sfskey_update sfskey_update.proxy rmuser
sfskey_update sfskey_update.proxy rmuser idleswap
LIBEXEC_STUFF = rmproj wanlinksolve wanlinkinfo \
os_setup mkexpdir console_setup webnscheck webreport \
......@@ -39,7 +39,7 @@ LIBEXEC_STUFF = rmproj wanlinksolve wanlinkinfo \
webrmgroup webswapexp webnodecontrol \
webmkgroup websetgroups webmkproj \
spewlogfile staticroutes routecalc wanassign \
webnodereboot webrmuser
webnodereboot webrmuser webidleswap
LIB_STUFF = libtbsetup.pm exitonwarn.pm libtestbed.pm snmpit_intel.pm \
snmpit_cisco.pm snmpit_lib.pm snmpit_apc.pm power_rpc27.pm \
......@@ -101,6 +101,8 @@ post-install:
chmod u+s $(INSTALL_SBINDIR)/frisbeelauncher
chown root $(INSTALL_SBINDIR)/rmuser
chmod u+s $(INSTALL_SBINDIR)/rmuser
chown root $(INSTALL_SBINDIR)/idleswap
chmod u+s $(INSTALL_SBINDIR)/idleswap
chown root $(INSTALL_SBINDIR)/named_setup
chmod u+s $(INSTALL_SBINDIR)/named_setup
chown root $(INSTALL_SBINDIR)/exports_setup
......
#!/usr/bin/perl -wT
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2003 University of Utah and the Flux Group.
# All rights reserved.
#
use English;
use Getopt::Std;
#
# This gets invoked from the Web interface.
# Swap an experiment in, swap it out, restart or modify.
#
sub usage()
{
print STDOUT "Usage: idleswap [-r] <pid> <eid>\n";
exit(-1);
}
my $optlist = "r";
#
# Configure variables
#
my $TB = "@prefix@";
my $DBNAME = "@TBDBNAME@";
my $TBOPS = "@TBOPSEMAIL@";
my $TBLOGS = "@TBLOGSEMAIL@";
my $swapexp = "$TB/bin/swapexp";
#
# Testbed Support libraries
#
use lib "@prefix@/lib";
use libdb;
use libtestbed;
#
# Locals.
#
my $request = 0;
#
# Untaint the path
#
$ENV{'PATH'} = '/bin:/usr/bin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
#
# Turn off line buffering on output
#
$| = 1;
#
# We don't want to run this script unless its the real version.
#
if ($EUID != 0) {
die("*** $0:\n".
" Must be root! Maybe its a development version?\n");
}
#
# This script is setuid, so please do not run it as root. Hard to track
# what has happened.
#
if ($UID == 0) {
die("*** $0:\n".
" Please do not run this as root! Its already setuid!\n");
}
#
# Parse command arguments. Once we return from getopts, all that should
# left are the required arguments.
#
%options = ();
if (! getopts($optlist, \%options)) {
usage();
}
if (defined($options{"r"})) {
$request = 1;
}
if (@ARGV != 2) {
usage();
}
my $pid = $ARGV[0];
my $eid = $ARGV[1];
#
# Untaint the arguments.
#
if ($pid =~ /^([-\@\w.]+)$/) {
$pid = $1;
}
else {
die("Tainted argument $pid!\n");
}
if ($eid =~ /^([-\@\w.]+)$/) {
$eid = $1;
}
else {
die("Tainted argument $eid!\n");
}
#
# Only admins can forcibly swap an idle experiment out.
#
if (! TBAdmin($UID)) {
die("*** $0:\n".
" Only testbed administrators can issue a forcible swap!\n");
}
#
# Need to know the creator of the experiment.
#
my $query_result =
DBQueryFatal("SELECT * FROM experiments WHERE eid='$eid' and pid='$pid'");
if (! $query_result->numrows) {
die("*** $0:\n".
" No such experiment $pid/$eid!\n");
}
my %hashrow = $query_result->fetchhash();
my $creator = $hashrow{'expt_head_uid'};
my $gid = $hashrow{'gid'};
if (! $request) {
#
# Fire off the swap and exit.
#
# Flip to the creator. The swap happens as the creator of the
# experiment.
#
my ($unix_uid, $unix_gid, $unix_gname);
(undef,undef,$unix_uid) = getpwnam($creator) or
die("*** $0:\n".
" No such user $creator\n");
TBGroupUnixInfo($pid, $gid, \$unix_gid, \$unix_gname) or
die("*** $0:\n".
" No such group $pid/$gid\n");
$EGID = $GID = $unix_gid;
$EUID = $UID = $unix_uid;
$ENV{'USER'} = $creator;
$ENV{'LOGNAME'} = $creator;
exec "$swapexp -i -s out $pid $eid";
die("*** $0:\n".
" Failed to exec $swapexp!\n");
}
#
# Stub out the request function. Mac can move this part in when its
# time to automate the email.
#
die("*** $0:\n".
" The -r option is not implemented yet!\n");
......@@ -15,17 +15,16 @@ use Getopt::Std;
#
sub usage()
{
print STDOUT "Usage: swapexp <-s in | out | restart | modify> ".
print STDOUT "Usage: swapexp [-i] <-s in | out | restart | modify> ".
"<pid> <eid> [<nsfile>]\n";
exit(-1);
}
my $optlist = "s:";
my $optlist = "s:i";
#
# Configure variables
#
my $TB = "@prefix@";
my $DBNAME = "@TBDBNAME@";
my $TBOPS = "@TBOPSEMAIL@";
my $TBLOGS = "@TBLOGSEMAIL@";
my $TBINFO = "$TB/expinfo";
......@@ -40,6 +39,7 @@ use libtestbed;
my $tbdir = "$TB/bin/";
my $tbdata = "tbdata";
my $batch = 0;
my $idleswap = 0;
my $inout;
my $logname;
my $dbuid;
......@@ -74,7 +74,9 @@ umask(0002);
if (! getopts($optlist, \%options)) {
usage();
}
if (defined($options{"i"})) {
$idleswap = 1;
}
if (defined($options{"s"})) {
$inout = $options{"s"};
......@@ -411,14 +413,25 @@ if (defined($logname)) {
# Send email notification to user.
#
my $message =
"Experiment `$eid' in project `$pid' has been $action.\n\n" .
"Experiment $eid in project $pid has been ";
if ($idleswap) {
$message .= "forcibly swapped out by\n".
"Testbed Operations because it was idle for too long.\n";
}
else {
$message .= "$action.\n";
}
$message .=
"\n".
"Appended below is the output. If you have any questions or comments,\n" .
"please include the output in your message to $TBOPS\n";
SENDMAIL("$user_name <$user_email>",
"Experiment $pid/$eid $action",
$message,
"$user_name <$user_email>",
($idleswap ? $TBOPS : "$user_name <$user_email>"),
"Cc: $expt_head_name <$expt_head_email>\n".
"Bcc: $TBLOGS",
(($inout eq "restart") ? ($logname) : ($repfile, $logname)));
......@@ -491,7 +504,7 @@ sub fatal($)
SENDMAIL("$user_name <$user_email>",
"Swap ${inout} Failure: $pid/$eid",
$mesg,
"$user_name <$user_email>",
($idleswap ? $TBOPS : "$user_name <$user_email>"),
"Cc: $expt_head_name <$expt_head_email>\n".
"Cc: $TBOPS",
($logname));
......
#!/usr/bin/perl -w
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2003 University of Utah and the Flux Group.
# All rights reserved.
#
use English;
#
# This gets invoked from the Web interface. Simply a wrapper ...
#
#
# Configure variables
#
my $TB = "@prefix@";
#
# Run the real thing, and never return.
#
exec "$TB/sbin/idleswap", @ARGV;
die("webidleswap: Could not exec idleswap: $!");
......@@ -88,6 +88,9 @@ if ($expstate) {
WRITESUBMENUBUTTON("Swap this Experiment out",
"swapexp.php3?inout=out&pid=$exp_pid&eid=$exp_eid");
if (ISADMIN($uid)) {
WRITESUBMENUBUTTON("Control Delay Nodes (BETA)",
"delaycontrol.php3?pid=$exp_pid&eid=$exp_eid");
WRITESUBMENUBUTTON("Restart this Experiment",
"swapexp.php3?inout=restart&pid=$exp_pid&eid=$exp_eid");
}
......@@ -99,9 +102,6 @@ if ($expstate) {
}
}
WRITESUBMENUBUTTON("Terminate this experiment",
"endexp.php3?pid=$exp_pid&eid=$exp_eid");
......@@ -123,12 +123,14 @@ if (TBExptAccessCheck($uid, $exp_pid, $exp_eid, $TB_EXPT_MODIFY)) {
# Admin folks get a swap request link to send email.
#
if (ISADMIN($uid)) {
WRITESUBMENUBUTTON("Send a swap/terminate request",
"request_swapexp.php3?&pid=$exp_pid&eid=$exp_eid");
if (strcmp($expstate, $TB_EXPTSTATE_ACTIVE) == 0) {
WRITESUBMENUBUTTON("Control Delay Nodes (BETA)",
"delaycontrol.php3?pid=$exp_pid&eid=$exp_eid");
WRITESUBMENUBUTTON("Force Experiment Swap Out",
"swapexp.php3?inout=out&force=1".
"&pid=$exp_pid&eid=$exp_eid");
}
WRITESUBMENUBUTTON("Send a swap/terminate request",
"request_swapexp.php3?&pid=$exp_pid&eid=$exp_eid");
}
SUBMENUEND_2A();
......
<?php
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2002 University of Utah and the Flux Group.
# Copyright (c) 2000-2003 University of Utah and the Flux Group.
# All rights reserved.
#
include("defs.php3");
......@@ -36,6 +36,19 @@ if (!isset($inout) ||
USERERROR("The argument must be either in, out, or restart!", 1);
}
#
# Only admins can issue a force swapout
#
if (isset($force) && $force == 1) {
if (! ISADMIN($uid)) {
USERERROR("Only testbed administrators can forcibly swap ".
"an experiment out!", 1);
}
}
else {
$force = 0;
}
$exp_eid = $eid;
$exp_pid = $pid;
......@@ -100,13 +113,22 @@ if ($canceled) {
if (!$confirmed) {
echo "<center><h2><br>
Are you sure you want to $action experiment '$exp_eid?'
Are you sure you want to ";
if ($force) {
echo "<font color=red><br>forcibly</br></font> ";
}
echo "$action experiment '$exp_eid?'
</h2>\n";
echo "<form action='swapexp.php3?inout=$inout&pid=$exp_pid&eid=$exp_eid'
method=post>";
echo "<b><input type=submit name=confirmed value=Confirm></b>\n";
echo "<b><input type=submit name=canceled value=Cancel></b>\n";
if ($force) {
echo "<input type=hidden name=force value=$force>\n";
}
echo "</form>\n";
if (!strcmp($inout, "restart")) {
......@@ -155,7 +177,9 @@ set_time_limit(0);
$output = array();
$retval = 0;
$result = exec("$TBSUEXEC_PATH $uid $unix_gid ".
"webswapexp -s $inout $exp_pid $exp_eid",
($force ?
"webidleswap $exp_pid $exp_eid" :
"webswapexp -s $inout $exp_pid $exp_eid"),
$output, $retval);
if ($retval) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment