-
Leigh B. Stoller authored
* tmcd/ron: A new directory of client code, based on the freebsd client code, but scaled back to the bare minimum. Does only account and group file maintenance. I redid the account stuff so that only emulab accounts are operated on. Does not require a stub file, but instead keeps a couple of local dbm files recording what groups and accounts were added by Emulab. There is a ton of paranoia checking to make sure that local accounts are not touched. The update script that runs on the client node detaches so that the ssh from boss returns immediately. update can also be run from the node periodically and at boottime. The script is installed setuid root, but checks to make sure that *only* root or "emulabman" has invoked it. * utils/sshremote: New file. For remote nodes, instead of using sshtb, use sshremote, which ssh's in as "emulabman", which needs to be a local non-root user, but with an authorized_keys file containing boss' public key. * web interface changes: Allow user to specify his own public key in addition to the emulab key. Add option in showexp page to update accounts on nodes in the experiment. I was originally intending to do this from approveuser, but this was easier and faster. I will add an option to do it on the approveuser page later. * libdb.pm: Add a TBIsNodeRemote() query to see if a node is in the local testbed or a pcRemote node. Currently, this test is hardwired to a check for class=pcRemote, but this will need to change to a node_types property at some point. * node_update: Reorg so that there is a maximum number of children created. Previously, a child was forked for each node, but that could chew up too many processes, especially for remote nodes which might hang up. For the same reason, we need to "lock" the experiment so that it cannot be terminated while a node_update is in progress. Might be to relax that, but this was easy for now. Also add distinction between local and remote, since for remote we use sshremote insted of sshtb. Various cleanup stuff * mkacct; When generating a new account, include user supplied pub key in the authorized keys file, in addition to the eumlab generated key. Both keys are stored in the DB in the users table. Anytime we update an account, get a fresh copy of the emulab pub key, in case user changes it.
bd587829