[X2go-Commits] x2gobroker.git - build-main (branch) updated: 0.0.0.3

X2Go dev team git-admin at x2go.org
Thu Feb 21 21:43:17 CET 2013


The branch, build-main has been updated
       via  e1970e0d61508915fe9bea869f5139a5c6cd7cac (commit)
       via  fd4ae726f53e4ee701e987e31c73079797670b71 (commit)
       via  18b8b460391374b141283e004a826d6ef51e61c0 (commit)
       via  8cec21a5f2e9dde24155f47aa6b7450e56b770c4 (commit)
       via  e6d532ca4ffa675beda709a2b861c7ad2b542330 (commit)
      from  015ccfd30ce69e3cba7cad23c766f19eb7009ad6 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
-----------------------------------------------------------------------

Summary of changes:
 debian/changelog                           |    9 +++
 debian/control                             |    1 -
 etc/broker/x2gobroker-sessionprofiles.conf |   66 +++++++++++------
 etc/x2gobroker.conf                        |  111 +++++++++++++++-------------
 sbin/x2gobroker-pubkeyauthorizer           |   83 ++++++++++++++++-----
 x2gobroker/__init__.py                     |    2 +-
 6 files changed, 175 insertions(+), 97 deletions(-)

The diff of changes is:
diff --git a/debian/changelog b/debian/changelog
index f8f19b0..6871bdf 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+x2gobroker (0.0.0.3-0~x2go1) unstable; urgency=low
+
+  * New upstream version (0.0.0.3):
+    - Script x2gobroker-pubkeyauthorizer is now independent
+      from Python module x2gobroker.
+    - Word wrap config files and limit line lenght to <= 80 chars.
+
+ -- Mike Gabriel <mike.gabriel at das-netzwerkteam.de>  Thu, 21 Feb 2013 21:44:33 +0100
+
 x2gobroker (0.0.0.2-0~x2go1) unstable; urgency=low
 
   * New upstream version (0.0.0.2):
diff --git a/debian/control b/debian/control
index 6d78bbd..07868bd 100644
--- a/debian/control
+++ b/debian/control
@@ -183,7 +183,6 @@ Depends:
  perl,
  python,
  adduser,
- python-x2gobroker (>= ${source:Version}), python-x2gobroker (<< ${source:Version}.1~),
  x2goserver,
 Description: X2Go http(s) based session broker (common files)
  X2Go is a server based computing environment with
diff --git a/etc/broker/x2gobroker-sessionprofiles.conf b/etc/broker/x2gobroker-sessionprofiles.conf
index d797697..f3b4e8b 100644
--- a/etc/broker/x2gobroker-sessionprofiles.conf
+++ b/etc/broker/x2gobroker-sessionprofiles.conf
@@ -1,11 +1,12 @@
 ### X2Go Broker Session Profiles - ADAPT TO YOUR NEEDS ###
 
-# This whole file reflects a set of examplary X2Go session profiles being provided
-# via the X2Go Session Broker (backend: iniconf).
+# This whole file reflects a set of examplary X2Go session profiles being
+# provided via the X2Go Session Broker (backend: iniconf).
 
-# This whole file could be the broker setup in some university institute that runs
-# three server pools (pool-A, pool-B and pool-C). Though most univerities have
-# real IPv4 internet addresses, we use private subnets in the examples below.
+# This whole file could be the broker setup in some university institute that
+# runs three server pools (pool-A, pool-B and pool-C). Though most univerities
+# have real IPv4 internet addresses, we use private subnets in the examples
+# below.
 
 # The X2Go Session Broker is served into the institutes local intranet, the
 # broker cannot be reached from the internet directly.
@@ -13,14 +14,18 @@
 # The first section [DEFAULTS] provides a set of default profile settings that
 # are common to all session profiles given in sections below.
 
-# The other section names can be freely chosen, however, each section name has to
-# be unique within this file.
+# The other section names can be freely chosen, however, each section name has
+# to be unique within this file.
 
-# IMPORTANT: in the session profiles below you will find some lines starting with
-# acl-... These lines do neither protect the X2Go Session Broker nor your X2Go Servers.
-# For protecting the broker use iptables and ip6tables. For protecting your X2Go Servers
-# use iptable+ip6tables and a tightened PAM configuration (e.g. pam_access.so). Securing
-# X2Go Servers means securing the SSH daemon that runs on the X2Go Server.
+# IMPORTANT: in the session profiles below you will find some lines starting
+# with acl-... These lines do neither protect the X2Go Session Broker nor
+# your X2Go Servers. They simply allow for selective session profile provision
+# based on client address, user name and group memberships.
+#
+# For protecting the broker use iptables and ip6tables. For protecting your
+# X2Go Servers use iptable+ip6tables and a tightened PAM configuration (e.g.
+# pam_access.so). Securing X2Go Servers means securing the SSH daemon that
+# runs on the X2Go Server.
 
 
 [DEFAULT]
@@ -55,19 +60,26 @@ sshport=22
 setdpi=0
 pack=16m-jpeg
 
+### EXAMPLES: Below you find some config examples. Adapt them to your needs or
+### simply write your own session profiles and remove the examples below.
+
 ##
-## pool-A (staff servers)
+## EXAMPLE: pool-A (staff servers)
 ##
 ## The pool-A contains three X2Go Servers (server-A, server-B and server-C).
 
-## The staff of our example institute falls into two groups of users: gnome-users and kde-users.
-## The gnome-users log into server-A or server-B, depending on their client subnet (IP configuration of the client).
-## The kde-users login to server-C (server-C can be reached from the whole intranet).
+## The staff of our example institute falls into two groups of users:
+## gnome-users and kde-users.
+## The gnome-users log into server-A or server-B, depending on their client
+## subnet (IP configuration of the client).
+## The kde-users login to server-C (server-C can be reached from the whole
+## intranet).
 ##
-## The split-up of the GNOME users allows some primitive load balancing.
+## The client IP based split-up of the GNOME users allows some primitive load
+## balancing.
 ##
-## If staff people are members of both groups (kde-users, gnome-users) both session profiles will be
-## shown in X2Go Client.
+## If staff people are members of both groups (kde-users, gnome-users) both
+## session profiles will be shown in X2Go Client.
 ##
 
 [pool-A-server-A]
@@ -102,7 +114,7 @@ acl-groups-deny=ALL
 acl-any-order=deny-allow
 
 ##
-## pool-B (e.g. webserver in the DMZ or on the internet)
+## EXAMPLE: pool-B (e.g. webserver in the DMZ or on the internet)
 ##
 ## The pool-B is a single X2Go Server (server-D) that is
 ## hosted externally. The server-D has an official internet IP.
@@ -127,7 +139,7 @@ acl-clients-allow=admin-machine1.domain.local, admin-machine2.domain.local, admi
 acl-any-order=deny-allow
 
 ##
-## pool-C
+## EXAMPLE: pool-C (REAL LOAD BALANCING!!!)
 ##
 ## The pool-C is a server pool for students. Our example institute
 ## knows 200-300 students and has to offer working places for
@@ -137,13 +149,19 @@ acl-any-order=deny-allow
 ## normally stay away from these machines, anyway. Only two test account
 ## get this session profile into their X2Go Clients.
 ##
-## The pool-C contains 6 X2Go Servers that serve all students users together as a load balance
-## server farm.
+## The pool-C contains 6 X2Go Servers that serve all students users together
+## as a load balance server farm.
+##
+## Make sure to install x2gobroker-agent on all these 6 X2Go Servers. Also make
+## sure to once run the script x2gobroker-keygen on the broker host and once
+## the script x2gobroker-pubkeyauthorizer per X2Go Server.
+##
+## All 6 X2Go Servers have to be configured to use the PostgreSQL X2Go session
+## DB backend.
 ##
 
 [pool-C-XFCE]
 user=
-# no load balancing support, yet
 host=s-E1.pool-c.domain.local,s-E2.pool-c.domain.local,s-E3.pool-c.domain.local,s-E4.pool-c.domain.local,s-E5.pool-c.domain.local,s-E6.pool-c.domain.local
 name=XFCE - pool-C
 command=XFCE
diff --git a/etc/x2gobroker.conf b/etc/x2gobroker.conf
index b512cf4..a1fc81a 100644
--- a/etc/x2gobroker.conf
+++ b/etc/x2gobroker.conf
@@ -1,7 +1,7 @@
 # This file is part of the  X2Go Project - http://www.x2go.org
-# Copyright (C) 2011-2012 by Oleksandr Shneyder <oleksandr.shneyder at obviously-nice.de>
-# Copyright (C) 2011-2012 by Heinz-Markus Graesing <heinz-m.graesing at obviously-nice.de>
-# Copyright (C) 2012 by Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
+# Copyright (C) 2011-2013 by Oleksandr Shneyder <oleksandr.shneyder at obviously-nice.de>
+# Copyright (C) 2011-2013 by Heinz-Markus Graesing <heinz-m.graesing at obviously-nice.de>
+# Copyright (C) 2012-2013 by Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
 #
 # X2Go Session Broker is free software; you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
@@ -28,8 +28,8 @@
 #
 # 1. backend = zeroconf
 # Use the ZeroConf X2Go Session Broker backend, this backend is for demo only
-# and only operates on localhost. Make sure you have x2gobroker, x2gobroker-agent
-# and x2goserver installed on the same machine.
+# and only operates on localhost. Make sure you have x2gobroker-daemon and
+# x2goserver installed on the same machine. No need to install x2gobroker-agent.
 
 # 2. backend = simple
 # The Simple X2Go Session Broker backend is for providing session profiles
@@ -41,16 +41,16 @@
 
 # 3. backend = minibalancer
 # A minimal load balancer for an X2Go server farm. Provide the same set of
-# session profiles to multiple users, optimally without login (set check_credentials
-# to false, below) and offer one of several pre-configured X2Go servers running
-# the same setup.
+# session profiles to multiple users, optimally without login (set
+# check_credentials to false, below) and offer one of several pre-configured
+# X2Go servers running the same setup.
 
 # 4. backend = ldap
 # A production backend that stores all session profile, server and session
 # profile mapping in LDAP
 
 
-# Allow unauthenticated connections? Then set check_credentials to false (i.e. 0)
+# Allow unauthenticated connections? Then set check_credentials to false.
 #check-credentials = true
 
 # To secure server-client communication the client can start the communication
@@ -58,8 +58,8 @@
 # use of this feature
 #use-authid = false
 
-# X2Go supports two different auth ID modes (static and dynamic), for now set the
-# below value to true
+# X2Go supports two different auth ID modes (static and dynamic), for now set
+# the below value to true
 #use-static-authid = true
 
 # Make up your own authid below...
@@ -80,14 +80,14 @@
 # default authentication mechanism for all broker backends
 #default-auth-mech = pam
 
-# how does this X2Go Session Broker instance retrieve user and group information
-# from the system? (defaults for all broker backends)
+# how does this X2Go Session Broker instance retrieve user and group
+# information from the system? (defaults for all broker backends)
 #default-user-db = libnss
 #default-group-db = libnss
 
-# on large deployments it is recommended to ignore primary group memberships
-# traversing into all user accounts for primary group detection can be quite
-# CPU intensive on the X2Go Broker server.
+# on large deployments it is recommended to ignore primary group
+# memberships traversing into all user accounts for primary group
+# detection can be quite CPU intensive on the X2Go Broker server.
 #ignore-primary-group-memberships = true
 
 # default X2Go Broker Agent query mode:
@@ -101,37 +101,43 @@
 # So, there are two query modes for the X2GO Broker Agent: LOCAL and SSH.
 #
 #    LOCAL - This LOCAL mode only works for _one_ configured multi-server farm.
-#            If the locally installed X2Go Session Broker is to server many different
-#            multi-server farms, then the LOCAL mode will not work!!!
+#            If the locally installed X2Go Session Broker is to server many
+#            different multi-server farms, then the LOCAL mode will not work!!!
 #
 #            How it works: Assume that the local system has an X2Go Broker Agent
-#            that knows about the multi-server setup. This means: X2Go Server has
-#            to be installed locally and the X2Go Server has to be configured to
-#            use the multi-server farms PostgreSQL session DB backend.
-#
-#            The local system that is running the broker does not necessarily have
-#            to be a real application server. It only has to be aware of running/suspended
-#            sessions within the X2Go multi-server farm setup.
-#
-#            A typical use-case is X2Go on top of a Debian Edu Terminal-Server farm:
-#
-#              TJENER -> PostgreSQL DB, X2Go Server, X2Go Session Broker + Broker Agent
-#              TS01 - TS0X -> X2Go Server configured to use the PostgreSQL DB on TJENER
-#
-#    SSH   - The more generic approach, but also more complex. It allows that the broker
-#            on this system may serve for many different X2Go Server multi-server setups.
-#
-#            With the SSH agent query mode, the X2Go Session Broker will query one of the X2Go
-#            Servers in the targeted multi-server setup (through SSH). The SSH authentication
-#            is done by a system user account (normally UID=x2gobroker) and SSH pub/priv
-#            key authentication has to be configured to make this work.
-#
-#            All X2Go Servers in a multi-server farm need the X2Go Broker Agent installed,
-#            whereas this local system running the X2Go Session Broker does not need a
-#            local X2Go Broker Agent at all.
-
-# The agent query mode can be configured on a per-broker-backend basis, the below value is
-# the default.
+#            that knows about the multi-server setup. This means: X2Go Server
+#            has to be installed locally and the X2Go Server has to be
+#            configured to use the multi-server farms PostgreSQL session DB
+#            backend.
+#
+#            The local system that is running the broker does not necessarily
+#            have to be a real application server. It only has to be aware of
+#            running/suspended sessions within the X2Go multi-server farm setup.
+#
+#            A typical use-case is X2Go on top of a Debian Edu Terminal-Server
+#            farm:
+#
+#              TJENER -> PostgreSQL DB, X2Go Server, X2Go Session Broker +
+#                  Broker Agent
+#              TS01 - TS0X -> X2Go Server configured to use the PostgreSQL DB
+#                  on TJENER
+#
+#    SSH   - The more generic approach, but also more complex. It allows that
+#            the broker on this system may serve for many different X2Go Server
+#            multi-server setups.
+#
+#            With the SSH agent query mode, the X2Go Session Broker will query
+#            one of the X2Go Servers in the targeted multi-server setup (through
+#            SSH). The SSH authentication is done by a system user account
+#            (normally UID=x2gobroker) and SSH pub/priv key authentication has
+#            to be configured to make this work.
+#
+#            All X2Go Servers in a multi-server farm need the X2Go Broker Agent
+#            installed, whereas this local system running the X2Go Session
+#            Broker does not need a local X2Go Broker Agent at all.
+#
+# The agent query mode can be configured on a per-broker-backend basis, the
+# below value is the default.
 #default-agent-query-mode=LOCAL
 
 ###
@@ -140,22 +146,23 @@
 
 # Possible X2Go Session Broker backends:
 #
-# 1. backend = zeroconf
+# 1. backend = zeroconf (activated by default)
 # Use the ZeroConf X2Go Session Broker backend, this backend is for demo only
-# and only operates on localhost. Make sure you have x2gobroker, x2gobroker-agent
-# and x2goserver installed on the same machine.
+# and only operates on localhost. Make sure you have x2gobroker-daemon and
+# and x2goserver installed on the same machine. No need to install
+# x2gobroker-agent.
 
-# 2. backend = infile
+# 2. backend = infile (deactivated by default)
 # The IniFile X2Go Session Broker backend is for providing session profiles
-# to multiple users/clients on a text config file basis.
+# to multiple users/clients on a text config file basis (.ini file format).
 #
 # The session profile setup is accomplished by an extra configuration file,
 # by default named /etc/x2go/broker/x2gobroker-sessionproiles.conf.
 #
 # For small-scale deployments the IniFile backend is the recommended backend.
 
-# 4. backend = ldap
-# A production backend that stores all session profile, server and session
+# 4. backend = ldap (deactivated by default)
+# A production backend that stores all session profiles, servers and session
 # profile mapping in LDAP (MUSIC OF THE FUTURE!!!)
 
 [zeroconf]
diff --git a/sbin/x2gobroker-pubkeyauthorizer b/sbin/x2gobroker-pubkeyauthorizer
index 66ad1ce..a28a068 100755
--- a/sbin/x2gobroker-pubkeyauthorizer
+++ b/sbin/x2gobroker-pubkeyauthorizer
@@ -29,38 +29,81 @@ import logging
 import binascii
 import paramiko
 import urllib
+import getpass
+import logging
+import logging.config
 
 from pwd import getpwnam
 from grp import getgrnam
 
-try:
-    import x2gobroker.defaults
-except ImportError:
-    sys.path.insert(0, os.path.join(os.getcwd(), '..'))
-    import x2gobroker.defaults
+__VERSION__ = '0.0.0.3'
+__AUTHOR__ = 'Mike Gabriel (X2Go Project) <mike.gabriel at das-netzwerkteam.de>'
 
 PROG_NAME = os.path.basename(sys.argv[0])
 PROG_OPTIONS = sys.argv[1:]
 setproctitle.setproctitle("%s %s" % (PROG_NAME, " ".join(PROG_OPTIONS)))
 
-from x2gobroker import __VERSION__
-from x2gobroker import __AUTHOR__
-from x2gobroker.loggers import logger_broker, logger_error
+### The following is a code duplication of x2gobroker.loggers and x2gobroker.defaults.
+### Normally, we would avoid that. However, this is to make this script independent from
+### the python-x2gobroker package (and its manifold python module dependencies).
+
+if os.environ.has_key('X2GOBROKER_DAEMON_USER'):
+    X2GOBROKER_DAEMON_USER=os.environ['X2GOBROKER_DAEMON_USER']
+else:
+    X2GOBROKER_DAEMON_USER="x2gobroker"
+if os.environ.has_key('X2GOBROKER_DAEMON_GROUP'):
+    X2GOBROKER_DAEMON_GROUP=os.environ['X2GOBROKER_DAEMON_GROUP']
+else:
+    X2GOBROKER_DAEMON_GROUP="x2gobroker"
+if os.environ.has_key('X2GOBROKER_LOGCONFIG'):
+    X2GOBROKER_LOGCONFIG=os.environ['X2GOBROKER_LOGCONFIG']
+else:
+    X2GOBROKER_LOGCONFIG="/etc/x2go/broker/x2gobroker-loggers.conf"
+if os.environ.has_key('X2GOBROKER_DEBUG'):
+    X2GOBROKER_DEBUG = ( os.environ['X2GOBROKER_DEBUG'].lower() in ('1', 'on', 'true', 'yes', ) )
+else:
+    X2GOBROKER_DEBUG = False
+# the home directory of the user that the daemon/cgi runs as
+X2GOBROKER_HOME = os.path.normpath(os.path.expanduser('~{broker_uid}'.format(broker_uid=X2GOBROKER_DAEMON_USER)))
 
 if os.geteuid() == 0:
+
+    # we run in standalone daemon mode, so let's use the system configuration for logging
+    logging.config.fileConfig(X2GOBROKER_LOGCONFIG)
+
+    # create loggers
+    logger_broker = logging.getLogger('broker')
+    logger_error = logging.getLogger('error')
+
     # propagate msgs for  the broker logger to the root logger (i.e. to stderr)
     logger_broker.propagate = 1
     logger_error.propagate = 1
 
+else:
+    logger_root = logging.getLogger()
+    stderr_handler = logging.StreamHandler(sys.stderr)
+    stderr_handler.setFormatter(logging.Formatter(fmt='%(asctime)s - %(name)s - %(levelname)s - %(message)s', datefmt=''))
+
+    # all loggers stream to stderr...
+    logger_root.addHandler(stderr_handler)
+
+    logger_broker = logging.getLogger('broker')
+    logger_broker.addHandler(stderr_handler)
+    logger_broker.propagate = 0
+
+    logger_error = logging.getLogger('error')
+    logger_error.addHandler(stderr_handler)
+    logger_error.propagate = 0
+
 # raise log level to DEBUG if requested...
-if x2gobroker.defaults.X2GOBROKER_DEBUG and not x2gobroker.defaults.X2GOBROKER_TESTSUITE:
+if X2GOBROKER_DEBUG:
     logger_broker.setLevel(logging.DEBUG)
 
 logger_broker.info('X2Go Session Broker ({version}), written by {author}'.format(version=__VERSION__, author=__AUTHOR__))
 logger_broker.info('Setting up the »PubKey Authorizer«\'s environment...')
-logger_broker.info('  X2GOBROKER_DEBUG: {value}'.format(value=x2gobroker.defaults.X2GOBROKER_DEBUG))
-logger_broker.info('  X2GOBROKER_DAEMON_USER: {value}'.format(value=x2gobroker.defaults.X2GOBROKER_DAEMON_USER))
-logger_broker.info('  X2GOBROKER_DAEMON_GROUP: {value}'.format(value=x2gobroker.defaults.X2GOBROKER_DAEMON_GROUP))
+logger_broker.info('  X2GOBROKER_DEBUG: {value}'.format(value=X2GOBROKER_DEBUG))
+logger_broker.info('  X2GOBROKER_DAEMON_USER: {value}'.format(value=X2GOBROKER_DAEMON_USER))
+logger_broker.info('  X2GOBROKER_DAEMON_GROUP: {value}'.format(value=X2GOBROKER_DAEMON_GROUP))
 
 # check effective UID the broker runs as and complain appropriately...
 if os.geteuid() != 0:
@@ -87,21 +130,23 @@ if __name__ == '__main__':
     cmdline_args = p.parse_args()
 
     if cmdline_args.broker_url is None:
-        logger_error.error('Cannot proceed without having an URL specified. Use --broker-url as cmdline parameter. Exiting...')
+        logger_error.error('Cannot proceed without having an URL specified. Use --broker-url as cmdline parameter.')
+        logger_error.error('Exiting...')
         sys.exit(-2)
 
-    broker_uid = x2gobroker.defaults.X2GOBROKER_DAEMON_USER
+    broker_uid = X2GOBROKER_DAEMON_USER
     broker_uidnumber = getpwnam(broker_uid).pw_uid
-    broker_gid = x2gobroker.defaults.X2GOBROKER_DAEMON_GROUP
+    broker_gid = X2GOBROKER_DAEMON_GROUP
     broker_gidnumber = getgrnam(broker_gid).gr_gid
-    broker_home = x2gobroker.defaults.X2GOBROKER_HOME
+    broker_home = X2GOBROKER_HOME
 
     if not os.path.exists(broker_home):
-        logger_error.error('The home directory {home} of user {user} does not exists. Cannot continue. Exiting...'.format(home=broker_home, user=broker_uid))
+        logger_error.error('The home directory {home} of user {user} does not exists.')
+        logger_error.error('Cannot continue. Exiting...'.format(home=broker_home, user=broker_uid))
         sys.exit(-2)
 
-    logger_broker.info('Authorizing access to this X2Go server for X2Go Session Broker at URL {url}'.format(url=cmdline_args.broker_url))
-
+    logger_broker.info('Authorizing access to this X2Go server for X2Go Session Broker')
+    logger_broker.info('  at URL {url}'.format(url=cmdline_args.broker_url))
 
     if not os.path.exists('{home}/.ssh'.format(home=broker_home)):
         os.mkdir('{home}/.ssh'.format(home=broker_home))
diff --git a/x2gobroker/__init__.py b/x2gobroker/__init__.py
index d9172cc..6684a5b 100644
--- a/x2gobroker/__init__.py
+++ b/x2gobroker/__init__.py
@@ -18,5 +18,5 @@
 # Free Software Foundation, Inc.,
 # 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
 
-__VERSION__ = '0.0.0.2'
+__VERSION__ = '0.0.0.3'
 __AUTHOR__ = 'Mike Gabriel (X2Go Project) <mike.gabriel at das-netzwerkteam.de>'


hooks/post-receive
-- 
x2gobroker.git (HTTP(S) Session broker for X2Go)

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "x2gobroker.git" (HTTP(S) Session broker for X2Go).




More information about the x2go-commits mailing list