Commit 635c17ef authored by Leigh Stoller's avatar Leigh Stoller

Add CONFIG_ADMINUSERS option for elabinelab; instead of using the DB

tables from outer Emulab, use dumpuser/newuser since in a target system
setup, we do not do any DB state transfer from the outer Emulab.
parent 441af93e
......@@ -2781,6 +2781,13 @@ sub SetupBossNode($)
# Make sure it is world readable; N.B. an error is not fatal
system("chmod 644 $RPCCERT");
if (exists($emulabconfig{"CONFIG_ADMINUSERS"}) &&
$emulabconfig{"CONFIG_ADMINUSERS"}) {
mysystem("sudo -u elabman /usr/testbed/sbin/withadminprivs ".
" /usr/testbed/sbin/elabinelab_adminusers");
goto skipsetup;
}
goto skipsetup
if ($emulabconfig{"CONFIG_NODBINIT"});
......
......@@ -37,7 +37,7 @@ SBIN_SCRIPTS = avail inuse showgraph if2port backup webcontrol node_status \
elabinelab_bossinit update_permissions mysqld_watchdog \
dumperrorlog changeleader checkstats changecreator \
dbupdate geni_control subboss_sync showvlans updatewires \
changeiface
changeiface elabinelab_adminusers
WEB_SBIN_SCRIPTS= webnodelog webidlemail webchangeuid \
webchangeleader
......
#!/usr/bin/perl -w
#
# Copyright (c) 2000-2018 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
# This file is part of the Emulab network testbed software.
#
# This file is free software: you can redistribute it and/or modify it
# under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at
# your option) any later version.
#
# This file is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public
# License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this file. If not, see <http://www.gnu.org/licenses/>.
#
# }}}
#
use English;
use Getopt::Std;
#
# ElabInElab: This is run on the inner boss to add admin users.
#
sub usage()
{
print STDERR "Usage: $0 [-d]\n";
exit(1);
}
my $optlist = "d";
my $debug = 0;
sub mysystem($);
sub fatal($);
#
# Configure variables
#
my $TB = "@prefix@";
my $TBOPS = "@TBOPSEMAIL@";
my $ELABINELAB = @ELABINELAB@;
my $SAVEUID = $UID;
my $tmpdir = "/tmp/users.$$";
# un-taint path
$ENV{'PATH'} = '/bin:/usr/bin:/usr/sbin:/usr/local/bin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
# Turn off line buffering on output
$| = 1;
use lib "@prefix@/lib";
use libdb;
use libtestbed;
use User;
use Project;
use Group;
# Defined in libdb ...
my $TBOPSPID = TBOPSPID();
if (!$ELABINELAB) {
fatal("This script can only run on an inner Emulab!");
}
# Only admin types!
if (!TBAdmin($UID)) {
fatal("Only TB administrators can run this script!");
}
#
# Parse command arguments. Once we return from getopts, all that should
# left are the required arguments.
#
%options = ();
if (! getopts($optlist, \%options)) {
usage();
}
if (defined($options{"d"})) {
$debug = 1;
}
usage()
if (scalar(@ARGV));
my $project = Project->Lookup($TBOPSPID);
if (!defined($project)) {
fatal("Could not lookup project $TBOPSPID");
}
my $group = $project->GetProjectGroup();
#
# We know the xml files are in a tar file in the "stuff" directory,
# which was put there by rc.mkelab.
#
mysystem("mkdir $tmpdir");
mysystem("tar xzf $TB/stuff/users.tar.gz -C $tmpdir");
opendir(DIR, $tmpdir) or
fatal("Cannot opendir $tmpdir: $!");
my @files = grep { $_ ne "." && $_ ne ".." } readdir(DIR);
closedir(DIR);
foreach my $file (@files) {
my $uid;
if ($file =~ /^([-\w]+)\.xml$/) {
$uid = $1;
}
else {
fatal("Odd file file $file in $tmpdir");
}
mysystem("$TB/sbin/newuser -s -r -P $tmpdir/$file");
my $user = User->Lookup($uid);
if (!defined($user)) {
fatal("Could not look of $uid after newuser");
}
$user->SetStatus(USERSTATUS_ACTIVE());
$user->Update({"admin" => 1});
mysystem("$TB/sbin/tbacct -s -b add $uid");
# This switches the shell from the paperbag.
mysystem("$TB/sbin/tbacct -s -b mod $uid");
$group->AddMemberShip($user, $Group::MemberShip::TRUSTSTRING_GROUPROOT)
== 0 or fatal("Could not add $uid to $TBOPSPID");
mysystem("$TB/sbin/setgroups $uid");
}
mysystem("$TB/sbin/genelists -a");
exit(0);
#
# Run a command string.
#
sub mysystem($)
{
my ($command) = @_;
if ($debug) {
print "Command: '$command\'\n";
}
system($command);
if ($?) {
die("*** $0:\n".
" Command failed: $? - $command\n");
}
}
sub fatal($)
{
my ($mesg) = @_;
print STDERR "*** $0:\n".
" $mesg\n";
exit(-1);
}
......@@ -86,6 +86,7 @@ my $makeconf = "$TB/sbin/dhcpd_makeconf";
my $nodewait = "$TB/sbin/node_statewait";
my $snmpit = "$TB/bin/snmpit";
my $osselect = "$TB/bin/os_select";
my $dumpuser = "$TB/sbin/dumpuser";
# Protos
sub TearDownEmulab();
......@@ -207,6 +208,7 @@ my $elabinelab = $experiment->elabinelab();
my $elabinelab_eid = $experiment->elabinelab_eid();
my $elabinelab_nosetup = $experiment->elabinelab_nosetup();
my $elabinelab_singlenet = $experiment->elabinelab_singlenet();
my $elabinelab_attributes= $experiment->GetElabInElabAttrs();
exit(0)
if (!$elabinelab);
......@@ -688,6 +690,37 @@ sub DumpDBGoo()
die("*** $0:\n".
" Could not chmod $statedir\n");
if (exists($elabinelab_attributes->{'CONFIG_ADMINUSERS'}) &&
$elabinelab_attributes->{'CONFIG_ADMINUSERS'}) {
# XXX Yes, bad. But we have a bunch of users with admin bit set
# that should not.
my @adminusers = ("stoller", "mike", "duerig", "ricci", "kwebb",
"johnsond", "gary", "amaricq");
if (! $this_user->IsAdmin()) {
die("*** $0:\n".
" Must be an admin user to use CONFIG_ADMINUSERS\n");
}
foreach my $uid (@adminusers) {
system("$dumpuser $uid > $statedir/$uid.xml");
}
#
# Tar up the directory and send it over to ops.
#
$UID = 0;
system("tar cf - -C $statedir . | ".
" gzip | $SSH -F /dev/null -host $CONTROL ".
" '(cat > $expdir/users.tar.gz)'");
if ($?) {
die("*** $0:\n".
" Could not create users.tar.gz\n");
}
$UID = $SAVEUID;
return 0;
}
#
# These tables are dumped completely.
#
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment