From 5efb05264954a0e2c2bde976a27abe7ca66685d4 Mon Sep 17 00:00:00 2001
From: Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr>
Date: Wed, 30 Sep 2009 08:51:39 +0000
Subject: [PATCH] cleanup for the specialaccounts nodemanager plugin: * root
 receives keys for all admins regardless of their site * remove conf_files for
 root's and site_admin's authorized keys * root_ssh_key does not get generated
 in /etc/planetlab anymore * cleaned up ROOT_SSH_KEY_PUB and ROOT_SSH_KEY from
 xml config as well

---
 bashrc                   | 17 ++++-------------
 db-config.d/05-conffiles | 26 +++-----------------------
 default_config.xml       | 15 +--------------
 plc.d/ssh                | 13 ++-----------
 plc.init                 |  1 +
 5 files changed, 11 insertions(+), 61 deletions(-)

diff --git a/bashrc b/bashrc
index 41b27c6..67378cb 100644
--- a/bashrc
+++ b/bashrc
@@ -1,4 +1,6 @@
 # -*-sh-*-
+# $Id$
+# $URL$
 # this file defines a few convenience bash shorthands for managing myplc nodes
 # it is installed in /usr/share/myplc/aliases
 # you might wish to use it in your own bash startup files (.profile/.bashrc)
@@ -24,23 +26,12 @@ function node_dbg () {
     [[ -z "$@" ]] && { echo "Usage: $0 hostname [command]" ; return 1; }
     node_key /etc/planetlab/debug_ssh_key.rsa "$@"
 }
-function node_boot () {
-    [[ -z "$@" ]] && { echo "Usage: $0 hostname [command]" ; return 1; }
-    node_key /etc/planetlab/root_ssh_key.rsa "$@"
-}
-
 function nodes_dbg () {
     [[ -z "$@" ]] && { echo "Usage: $0 hosts_file [command]" ; return 1; }
     node_keys /etc/planetlab/debug_ssh_key.rsa "$@"
 }
-function nodes_boot () {
-    [[ -z "$@" ]] && { echo "Usage: $0 hosts_file [command]" ; return 1; }
-    nodes_key /etc/planetlab/root_ssh_key.rsa "$@"
-}
-
-function clear_keys () {
+function clear_known_hosts () {
     for hostname in "$@"; do	
         sed -i "/$hostname/d" ~/.ssh/known_hosts
     done
-}
-	
+}	
diff --git a/db-config.d/05-conffiles b/db-config.d/05-conffiles
index dab4c24..e44e026 100644
--- a/db-config.d/05-conffiles
+++ b/db-config.d/05-conffiles
@@ -1,4 +1,6 @@
 # -*-python-*-
+# $Id$
+# $URL$
 #################### conf files
 # Setup default PlanetLabConf entries
 
@@ -28,6 +30,7 @@ conf_files = [
      'always_update': False},
     
     # SSH server configuration
+    # keys for root and site_admin are now handled as part of the specialaccounts NodeManager plugin
     {'enabled': True,
      'source': 'PlanetLabConf/sshd_config',
      'dest': '/etc/ssh/sshd_config',
@@ -40,29 +43,6 @@ conf_files = [
      'ignore_cmd_errors': False,
      'always_update': False},
     
-    # Administrative SSH keys
-    {'enabled': True,
-     'source': 'PlanetLabConf/keys.php?root',
-     'dest': '/root/.ssh/authorized_keys',
-     'file_permissions': '644',
-     'file_owner': 'root',
-     'file_group': 'root',
-     'preinstall_cmd': '',
-     'postinstall_cmd': '/bin/chmod 700 /root/.ssh',
-     'error_cmd': '',
-     'ignore_cmd_errors': False,
-     'always_update': False},
-    {'enabled': True,
-     'source': 'PlanetLabConf/keys.php?site_admin',
-     'dest': '/home/site_admin/.ssh/authorized_keys',
-     'file_permissions': '400',
-     'file_owner': 'site_admin',
-     'file_group': 'site_admin',
-     'preinstall_cmd': 'grep -q site_admin /etc/passwd',
-     'postinstall_cmd': '/bin/chmod 700 /home/site_admin/.ssh;/bin/chown site_admin:site_admin /home/site_admin/.ssh',
-     'error_cmd': '',
-     'ignore_cmd_errors': False,
-     'always_update': False},
     # Log rotation configuration
     {'enabled': True,
      'source': 'PlanetLabConf/logrotate.conf',
diff --git a/default_config.xml b/default_config.xml
index eea4cd0..e2204b8 100644
--- a/default_config.xml
+++ b/default_config.xml
@@ -7,6 +7,7 @@ Mark Huang <mlhuang@cs.princeton.edu>
 Copyright (C) 2006 The Trustees of Princeton University
 
 $Id$
+$URL$
 -->
 
 <!DOCTYPE configuration PUBLIC "-//PlanetLab Central//DTD PLC configuration//EN" "plc_config.dtd">
@@ -74,20 +75,6 @@ $Id$
 	     be downloaded, or its contents replaced by a file upload,
 	     but the actual <value> shouldn't need to be changed.  -->
 
-	<variable id="root_ssh_key_pub" type="file">
-	  <name>Root SSH Public Key</name>
-	  <value>/etc/planetlab/root_ssh_key.pub</value>
-	  <description>The SSH public key used to access the root
-	  account on your nodes.</description>
-	</variable>
-
-	<variable id="root_ssh_key" type="file">
-	  <name>Root SSH Private Key</name>
-	  <value>/etc/planetlab/root_ssh_key.rsa</value>
-	  <description>The SSH private key used to access the root
-	  account on your nodes.</description>
-	</variable>
-
 	<variable id="debug_ssh_key_pub" type="file">
 	  <name>Debug SSH Public Key</name>
 	  <value>/etc/planetlab/debug_ssh_key.pub</value>
diff --git a/plc.d/ssh b/plc.d/ssh
index 9b6b1c3..db47023 100755
--- a/plc.d/ssh
+++ b/plc.d/ssh
@@ -1,4 +1,6 @@
 #!/bin/bash
+# $Id$
+# $URL$
 #
 # priority: 600
 #
@@ -18,8 +20,6 @@
 set -x
 
 # XXX Could make these configurable
-KEY_TYPE_ROOT=rsa
-KEY_LEN_ROOT=1024
 KEY_TYPE_DEBUG=rsa
 KEY_LEN_DEBUG=2048	
 
@@ -30,15 +30,6 @@ case "$1" in
 
 	tmp=$(mktemp -d /tmp/ssh.XXXXXX)
 
-	# Generate root SSH key
-	if [ ! -f $PLC_ROOT_SSH_KEY_PUB -o ! -f $PLC_ROOT_SSH_KEY ] ; then
-	    ssh-keygen -N "" -C "$PLC_NAME Central <$PLC_MAIL_SUPPORT_ADDRESS>" \
-		-b $KEY_LEN_ROOT -t $KEY_TYPE_ROOT -f $tmp/root
-	    check
-	    install -D -m 600 $tmp/root $PLC_ROOT_SSH_KEY
-	    install -D -m 644 $tmp/root.pub $PLC_ROOT_SSH_KEY_PUB
-	fi
-
 	# Generate debug SSH key
 	if [ ! -f $PLC_DEBUG_SSH_KEY_PUB -o ! -f $PLC_DEBUG_SSH_KEY ] ; then
 	    ssh-keygen -N "" -C "$PLC_NAME Central <$PLC_MAIL_SUPPORT_ADDRESS>" \
diff --git a/plc.init b/plc.init
index 20755d5..0617516 100755
--- a/plc.init
+++ b/plc.init
@@ -7,6 +7,7 @@
 # description:	Manages all PLC services on this machine
 #
 # $Id$
+# $URL$
 #
 
 # Source function library and configuration
-- 
2.43.0