From: Steve Muir <smuir@cs.princeton.edu>
Date: Mon, 1 Dec 2003 21:22:53 +0000 (+0000)
Subject: Config and scripts to support two instances of sshd, one using automount
X-Git-Tag: rpm_rev_1_0_1~2
X-Git-Url: http://git.onelab.eu/?p=pl_sshd.git;a=commitdiff_plain;h=e05a8634df6a726188b495941800f4dd9f6b7820

Config and scripts to support two instances of sshd, one using automount
magic to provide access to dynamic slices
---

diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..d139dd0
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,3 @@
+PACKAGE := pl_sshd
+
+include rpm.mk
diff --git a/auto.pl_sshd b/auto.pl_sshd
index 71585ee..507c74d 100755
--- a/auto.pl_sshd
+++ b/auto.pl_sshd
@@ -17,7 +17,7 @@ if [ -r "$HOMEDIR/$KEYFILE" ]; then
 elif [ -r "/vservers/$1/home/$1/$KEYFILE" ]; then
     OUT=/vservers/$1/home/$1/.ssh
 else
-    echo $1 not found in /vservers or /home >/tmp/auto.pl_sshd.log
+    echo $1 not found in /vservers or /home >&2
     exit 1
 fi
 
diff --git a/pl_sshd b/pl_sshd
index 8fb92e1..8a57768 100644
--- a/pl_sshd
+++ b/pl_sshd
@@ -15,25 +15,15 @@
 
 # source function library
 . /etc/rc.d/init.d/functions
-#
+
 # pull in sysconfig settings
 [ -f /etc/sysconfig/pl_sshd ] && . /etc/sysconfig/pl_sshd
 
-# add the PlanetLab-specific options
-KEYDIR=/var/pl_sshd/keys
-OPTIONS="-p 806 -o 'AuthorizedKeysFile $KEYDIR/%u/authorized_keys'"
-AUTOMOUNT=/usr/sbin/automount
-AUTOMAP=/etc/auto.pl_sshd
-AUTOPID=
-
 RETVAL=0
 prog="pl_sshd"
 
 # Some functions to make the below more readable
-SSHD=/usr/sbin/sshd
-RSA1_KEY=/var/local/etc/ssh_host_key
-RSA_KEY=/var/local/etc/ssh_host_rsa_key
-DSA_KEY=/var/local/etc/ssh_host_dsa_key
+SSHD=/usr/local/sbin/pl_sshd.sh
 PID_FILE=/var/run/pl_sshd.pid
 
 do_restart_sanity_check()
@@ -46,27 +36,8 @@ do_restart_sanity_check()
 	fi
 }
 
-check_automount()
-{
-    # get pid for our automount process
-    AUTOPID=`mount | \
-	sed -ne "s%^automount(pid\([0-9]*\)) on $KEYDIR type autofs.*%\1%p"`
-
-    # check if that process is still alive
-    { [ -n "$AUTOPID" ] && ps -p $AUTOPID >/dev/null 2>&1; } || return 1
-
-    # check if we can actually mount a user dir in the automount dir
-    [ -d "$KEYDIR/root" ] || return 1
-}
-
 start()
 {
-        # make sure the key dir exists and automount is working on it
-        [ -d "$KEYDIR" ] || mkdir -p $KEYDIR
-	[ -x "$AUTOMAP" ] ||
-	{ echo "$AUTOMAP not executable"; return 1; }
-	check_automount || $AUTOMOUNT $KEYDIR program $AUTOMAP
-
 	echo -n $"Starting $prog:"
 	initlog -c "$SSHD $OPTIONS" && success || failure
 	RETVAL=$?
@@ -76,21 +47,17 @@ start()
 
 stop()
 {
-        check_automount && kill -USR2 $AUTOPID
-
-	#echo -n $"Stopping $prog:"
-	#killproc $SSHD -TERM
-	echo 'you need to kill the port 806 sshd(s) manually'
-	echo 'make sure not to kill the port 22 sshd...'
+	echo -n $"Stopping $prog:"
+	killproc $prog -TERM
 	RETVAL=$?
 	[ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/pl_sshd
-	#echo
+        echo
 }
 
 reload()
 {
 	echo -n $"Reloading $prog:"
-	killproc $SSHD -HUP
+	killproc $prog -HUP
 	RETVAL=$?
 	echo
 }
@@ -121,8 +88,6 @@ case "$1" in
 		fi
 		;;
 	status)
-	        check_automount && echo automount running ||
-		    echo automount not functioning
 		status pl_sshd
 		RETVAL=$?
 		;;
diff --git a/pl_sshd.sh b/pl_sshd.sh
index 4fa07c4..d19c343 100755
--- a/pl_sshd.sh
+++ b/pl_sshd.sh
@@ -1,3 +1,24 @@
 #!/bin/sh
+#
+# this wrapper runs sshd on an alternate port with a different argv[0]
+# and PID file (rather annoyingly, the latter has to be specified
+# explicitly even if argv[0] is changed).
+#
+# the alternate port is necessary so we can have two instances of sshd
+# running, the different name and PID file are required so that stopping
+# the standard sshd won't affect this one.
+#
+# we use port 806 unless there is a '-p' argument specifying a different
+# port.  we also have to specify a different PID file so that one sshd
+# doesn't clobber the other's PID file.
+#
+# XXX - unfortunately the standard init.d/sshd script is fairly brutal
+# when stopping sshd processes - it will stop anything that looks
+# remotely like sshd.  the measures taken here still don't prevent that
+# but i have decided that restarting/stopping sshd should be sufficiently
+# rare that it's not worth worrying about to any greater extent.
+#
+name=pl_sshd
+echo "$@" | grep -q -- '-p[ 0-9]' || port='-p 806'
 
-exec -a pl_sshd /usr/sbin/sshd "$@"
+exec -a $name /usr/sbin/sshd -o "PidFile /var/run/$name.pid" $port "$@"
diff --git a/pl_sshd.spec b/pl_sshd.spec
index 0e3628e..18fddff 100644
--- a/pl_sshd.spec
+++ b/pl_sshd.spec
@@ -1,8 +1,8 @@
 Summary: SSH server config for PlanetLab
 Name: pl_sshd
-Version: 0.1
+Version: 1.0
 Release: 1
-Requires: automount, sshd
+Requires: autofs, openssh-server
 Copyright: GPL
 URL: http://www.planet-lab.org
 Group: System Environment/Base
@@ -13,7 +13,7 @@ SSH server configuration for PlanetLab nodes.  Configures an automounted
 directory as source for authorized_keys files and points sshd to that
 directory.
 
-Created from $Header$.
+$Header: /cvs/pl_sshd/pl_sshd.spec,v 1.2 2003/12/01 14:56:00 sjm-pl_sshd Exp $.
 %prep
 %setup
 
@@ -21,10 +21,12 @@ Created from $Header$.
 
 
 %install
-install -m 0755 -o root -g root pl_sshd.sh $RPM_BUILD_ROOT/usr/local/sbin
-install -m 0755 -o root -g root pl_sshd $RPM_BUILD_ROOT/etc/init.d
-install -m 0755 -o root -g root auto.pl_sshd $RPM_BUILD_ROOT/etc
-echo "OPTIONS='-p 806'" >$RPM_BUILD_ROOT/etc/sysconfig/sshd
+mkdir -p $RPM_BUILD_ROOT/usr/local/sbin
+mkdir -p $RPM_BUILD_ROOT/etc/{sysconfig,init.d}
+mkdir -p $RPM_BUILD_ROOT/var/pl_sshd/keys
+install -m 0755 pl_sshd.sh $RPM_BUILD_ROOT/usr/local/sbin
+install -m 0755 pl_sshd $RPM_BUILD_ROOT/etc/init.d
+install -m 0755 auto.pl_sshd $RPM_BUILD_ROOT/etc
 
 %clean
 rm -rf $RPM_BUILD_ROOT
@@ -42,16 +44,70 @@ rm -rf $RPM_BUILD_ROOT
 RUNLEVEL=`/sbin/runlevel`
 
 if [ "$1" -ge 1 ]; then
+	# create the magic directory for automount
+	keydir=/var/pl_sshd/keys
+	[ -d $keydir ] || mkdir -p $keydir
+
+	# add appropriate entry to auto.master
+	auto_master=/etc/auto.master
+	auto_master_entry="$keydir /etc/auto.pl_sshd"
+	grep -qF "$auto_master_entry" $auto_master || \
+	    echo $auto_master_entry >>$auto_master
+
+	#
+	# use the sysconfig file to tell our system sshd to look in the
+	# magic location for authorized_keys files
+	#
+	sysconfig_sshd=/etc/sysconfig/sshd
+	[ -r $sysconfig_sshd ] && \
+	    mv $sysconfig_sshd $sysconfig_sshd.pl_sshd
+	echo "OPTIONS='-o \"AuthorizedKeysFile $keydir/%u/authorized_keys\"'" \
+	    >$sysconfig_sshd
+
+	# link sshd pam config to pl_sshd so that we can actually login
+	pam_pl_sshd=/etc/pam.d/pl_sshd
+	[ -r $pam_pl_sshd ] || ln -s sshd $pam_pl_sshd
+
 	chkconfig --add pl_sshd
 
 	if [[ "$RUNLEVEL" != "unknown" ]]; then
-		/etc/init.d/pl_sshd restart
+		/etc/init.d/autofs restart
+		/etc/init.d/sshd restart
+		/etc/init.d/pl_sshd start
 	fi
 fi
 
 %preun
+RUNLEVEL=`/sbin/runlevel`
+
 if [ "$1" = 0 ]; then
+	#
+	# stop pl_sshd, remove it from rcX.d init dirs, remove link
+	# to sshd's pam config
+	#
+	[ "$RUNLEVEL" != "unknown" ] && /etc/init.d/pl_sshd stop
 	chkconfig --del pl_sshd
+	rm -f /etc/pam.d/pl_sshd
+
+	#
+	# remove funky config options for sshd (so that when we restart
+	# things will operate normally i.e., without automount magic),
+	# then restart
+	#
+	rm /etc/sysconfig/sshd
+	[ "$RUNLEVEL" != "unknown" ] && /etc/init.d/sshd restart
+
+	#
+	# stop automounter, remove entry from auto.master, restart if
+	# necessary
+	#
+	[ "$RUNLEVEL" != "unknown" ] && /etc/init.d/autofs stop
+	auto_master=/etc/auto.master
+	mv $auto_master $auto_master.pl_sshd.preun
+	sed -e '\,^/var/pl_sshd/keys,d' $auto_master.pl_sshd.preun \
+	    >$auto_master
+
+	[ "$RUNLEVEL" != "unknown" ] && /etc/init.d/autofs start
 fi
 
 
@@ -59,30 +115,6 @@ fi
 
 
 %changelog
-* Tue Nov 25 2003 Steve Muir <smuir@cs.princeton.edu>
-- fixed a couple of Node Manager bugs:
-  - bootstrapping pl_conf state when boot server unreachable
-  - canonical hostnames should be all lower-case
-- fixup UID and GID of users within vservers to match real world
-- enable access to dynamic slices through port 806 sshd
-
-* Sun Oct 26 2003 Aaron Klingaman <Aaron.L.Klingaman@intel.com>
-- readded start/stop only when runlevel is known, for install purposes
-
-* Thu Oct 16 2003 Jeff Sedayao <Jeff.Sedayao@intel.com>
-- Fixed bug in pl_conf  - it was getting negative wait times.  Also added
-  duke4 as a trusted user. 
-
-* Tue Oct  8 2003 Jeff Sedayao <Jeff.Sedayao@intel.com>
-- Removed special fetch login from init function, updated release
-
-* Tue Oct  7 2003 Jeff Sedayao <Jeff.Sedayao@intel.com>
-- Moved special fetch login into main loop, fix account deletion
-  problem
-
-* Tue Oct  7 2003 Aaron Klingaman <Aaron.L.Klingaman@intel.com>
-- Commented out code to start pl_* upon install
-
-* Wed Aug 26 2003 Tammo Spalink <tammo.spalink@intel.com>
-- Initial build.
+* Mon Dec  1 2003 Steve Muir <smuir@cs.princeton.edu>
+- initial creation from files in sidewinder repository
 
diff --git a/rpm.mk b/rpm.mk
new file mode 100644
index 0000000..753be0a
--- /dev/null
+++ b/rpm.mk
@@ -0,0 +1,77 @@
+SPECFILE := $(PACKAGE).spec
+SPECFILE_FILELIST := /^%files/,/^%pre/s,^%attr.*/\([^/]*\),\1,p
+FILES := $(shell sed -ne '$(SPECFILE_FILELIST)' $(SPECFILE))
+VERSION := $(shell sed -ne 's/^Version: \(.*\)/\1/p' $(SPECFILE))
+RELEASE := $(shell sed -ne 's/^Release: \(.*\)/\1/p' $(SPECFILE))
+NAME := $(PACKAGE)-$(VERSION)
+FULLNAME := $(NAME)-$(RELEASE)
+TARBALL := $(FULLNAME).tar.gz
+RPM_BUILDDIR := .rpmbuild
+CWD := $(shell pwd)
+
+#
+# we have to jump through hoops to make RPM work nicely
+#
+RPM_RC_SYS := /usr/lib/rpm/rpmrc:$(wildcard /usr/lib/rpm/redhat/rpmrc)
+RPM_RC_USER := $(wildcard $(HOME)/.rpmrc)
+RPM_RC_LOCAL := .rpmrc
+RPM_RCFILES := $(subst ::,:,$(RPM_RC_SYS):$(RPM_RC_LOCAL):$(RPM_RC_USER))
+
+# ask RPM what architecture it will build for
+ARCH := $(shell rpm --showrc | sed -ne 's/^build arch.*: *\(.*\)/\1/p')
+
+# find out what the standard list of macro files is
+RPM_MACROS_SYS := $(shell rpm --showrc | \
+	sed -ne 's,^macrofiles[^:]*: \(.*\):~.*,\1,p')
+RPM_MACROS_LOCAL := .rpmmacros
+RPM_MACROS_USER := $(wildcard $(HOME)/.rpmmacros)
+RPM_MACROFILES := $(RPM_MACROS_SYS):$(RPM_MACROS_LOCAL):$(RPM_MACROS_USER)
+
+LOCALFILES := $(RPM_RC_LOCAL) $(RPM_MACROS_LOCAL) $(RPM_BUILDDIR)
+
+RPMFILE := $(FULLNAME).$(ARCH).rpm
+
+tarball: $(TARBALL)
+
+#
+# the idiosyncracies of RPM building require that the tarball has files
+# located in directory $(NAME), not $(FULLNAME)
+#
+$(TARBALL): $(FILES)
+	@echo creating $@...
+	@[ -d $(NAME) ] || ln -s . $(NAME)
+	@tar czvf $(TARBALL) $(addprefix $(NAME)/,$^)
+	@rm $(NAME)
+
+rpm: $(RPMFILE)
+
+$(RPMFILE): $(TARBALL) $(SPECFILE) $(LOCALFILES)
+	rpmbuild --buildroot=$(CWD)/$(RPM_BUILDDIR)/tmp \
+	--rcfile $(RPM_RCFILES) -bb $(SPECFILE)
+
+$(RPM_RC_LOCAL):
+	@echo 'macrofiles: $(RPM_MACROFILES)' >$@
+	@echo created $@
+
+$(RPM_MACROS_LOCAL):
+	@exec >$@; \
+	echo "%distribution PlanetLab"; \
+	echo "%_fullname %{name}-%{version}-%{release}"; \
+	echo "%_topdir $(CWD)"; \
+	echo "%_sourcedir %{_topdir}"; \
+	echo "%_builddir %{_topdir}/$(RPM_BUILDDIR)"; \
+	echo "%_rpmdir %{_builddir}"
+	@echo created $@
+
+$(RPM_BUILDDIR):
+	mkdir -p $(RPM_BUILDDIR)/tmp
+	ln -s .. $(RPM_BUILDDIR)/$(ARCH)
+
+rpm-config: $(LOCALFILES)
+	@echo RPM_RCFILES=$(RPM_RCFILES)
+	@echo RPM_MACROFILES=$(RPM_MACROFILES)
+	@echo RPM_ARCH=$(ARCH)
+
+rpm-clean:
+	rm -f $(NAME) $(RPMFILE) $(TARBALL)
+	rm -rf $(LOCALFILES)