From ab8046f57ad7e42dfd9faf596fc5a3045d9c27a1 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Fri, 3 Nov 2017 13:20:19 +0100
Subject: [rebootcontrol] Move reboot function to helper class

---
 .../rebootcontrol/inc/rebootcontrol.inc.php        | 30 ++++++++++++++++++++++
 modules-available/rebootcontrol/page.inc.php       |  9 +------
 2 files changed, 31 insertions(+), 8 deletions(-)
 create mode 100644 modules-available/rebootcontrol/inc/rebootcontrol.inc.php

(limited to 'modules-available/rebootcontrol')

diff --git a/modules-available/rebootcontrol/inc/rebootcontrol.inc.php b/modules-available/rebootcontrol/inc/rebootcontrol.inc.php
new file mode 100644
index 00000000..789552cd
--- /dev/null
+++ b/modules-available/rebootcontrol/inc/rebootcontrol.inc.php
@@ -0,0 +1,30 @@
+<?php
+
+class RebootControl
+{
+
+	/**
+	 * @param string[] $uuids List of machineuuids to reboot
+	 * @return false|array task struct for the reboot job
+	 */
+	public static function reboot($uuids)
+	{
+		$list = RebootQueries::getMachinesByUuid($uuids);
+		if (empty($list))
+			return false;
+		return self::execute($list, false, 0, 0);
+	}
+
+	public static function execute($list, $shutdown, $minutes, $locationId)
+	{
+		return Taskmanager::submit("RemoteReboot", array(
+			"clients" => $list,
+			"shutdown" => $shutdown,
+			"minutes" => $minutes,
+			"locationId" => $locationId,
+			"sshkey" => SSHKey::getPrivateKey(),
+			"port" => 9922, // Hard-coded, must match mgmt-sshd module
+		));
+	}
+
+}
\ No newline at end of file
diff --git a/modules-available/rebootcontrol/page.inc.php b/modules-available/rebootcontrol/page.inc.php
index d7083528..db7882d9 100644
--- a/modules-available/rebootcontrol/page.inc.php
+++ b/modules-available/rebootcontrol/page.inc.php
@@ -45,14 +45,7 @@ class Page_RebootControl extends Page
 			// TODO: we could also check if the locationid is equal or a sublocation of the $locationId from above
 			// (this would be more of a sanity check though, or does the UI allow selecting machines from different locations)
 
-			$task = Taskmanager::submit("RemoteReboot", array(
-				"clients" => $list,
-				"shutdown" => $shutdown,
-				"minutes" => $minutes,
-				"locationId" => $locationId,
-				"sshkey" => $privKey,
-				"port" => 22, // TODO: Get from ssh config
-			));
+			$task = RebootControl::execute($list, $shutdown, $minutes, $locationId);
 
 			Util::redirect("?do=rebootcontrol&taskid=".$task["id"]);
 		}
-- 
cgit v1.2.3-55-g7522


From 4aad3f3e894a061ee94f5386dd9256051491fa4a Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Fri, 3 Nov 2017 17:49:58 +0100
Subject: [rebootcontrol] Conditional rebuild of config.tgz, proper permissions
 for authorized_keys

---
 modules-available/rebootcontrol/api.inc.php              | 6 ++++--
 modules-available/rebootcontrol/hooks/config-tgz.inc.php | 5 +++--
 modules-available/rebootcontrol/inc/sshkey.inc.php       | 6 +++++-
 3 files changed, 12 insertions(+), 5 deletions(-)

(limited to 'modules-available/rebootcontrol')

diff --git a/modules-available/rebootcontrol/api.inc.php b/modules-available/rebootcontrol/api.inc.php
index dad25375..6ebc8399 100644
--- a/modules-available/rebootcontrol/api.inc.php
+++ b/modules-available/rebootcontrol/api.inc.php
@@ -2,8 +2,10 @@
 
 if (Request::any('action') === 'rebuild' && isLocalExecution()) {
 	if (Module::isAvailable('sysconfig')) {
-		SSHKey::getPublicKey();
-		ConfigTgz::rebuildAllConfigs();
+		SSHKey::getPrivateKey($regen);
+		if (!$regen) {
+			ConfigTgz::rebuildAllConfigs();
+		}
 		echo "OK";
 	}
 	exit(0);
diff --git a/modules-available/rebootcontrol/hooks/config-tgz.inc.php b/modules-available/rebootcontrol/hooks/config-tgz.inc.php
index 0b706960..90e32e8a 100644
--- a/modules-available/rebootcontrol/hooks/config-tgz.inc.php
+++ b/modules-available/rebootcontrol/hooks/config-tgz.inc.php
@@ -1,14 +1,15 @@
 <?php
 
 $pubkey = SSHKey::getPublicKey();
-$tmpfile = '/tmp/bwlp-' . md5($pubkey) . '.tar';
+$tmpfile = '/tmp/bwlp-' . md5($pubkey) . '-2.tar';
 if (!is_file($tmpfile) || !is_readable($tmpfile) || filemtime($tmpfile) + 86400 < time()) {
 	if (file_exists($tmpfile)) {
 		unlink($tmpfile);
 	}
 	try {
 		$a = new PharData($tmpfile);
-		$a->addFromString("/root/.ssh/authorized_keys.d/rebootcontrol", $pubkey);
+		$a["/etc/ssh/mgmt/authorized_keys"] = $pubkey;
+		$a["/etc/ssh/mgmt/authorized_keys"]->chmod(0600);
 		$file = $tmpfile;
 	} catch (Exception $e) {
 		EventLog::failure('Could not include ssh key for reboot-control in config.tgz', (string)$e);
diff --git a/modules-available/rebootcontrol/inc/sshkey.inc.php b/modules-available/rebootcontrol/inc/sshkey.inc.php
index b4e36d25..cce9b3dc 100644
--- a/modules-available/rebootcontrol/inc/sshkey.inc.php
+++ b/modules-available/rebootcontrol/inc/sshkey.inc.php
@@ -3,7 +3,7 @@
 class SSHKey
 {
 
-	public static function getPrivateKey() {
+	public static function getPrivateKey(&$regen = false) {
 		$privKey = Property::get("rebootcontrol-private-key");
 		if (!$privKey) {
 			$rsaKey = openssl_pkey_new(array(
@@ -11,6 +11,10 @@ class SSHKey
 				'private_key_type' => OPENSSL_KEYTYPE_RSA));
 			openssl_pkey_export( openssl_pkey_get_private($rsaKey), $privKey);
 			Property::set("rebootcontrol-private-key", $privKey);
+			if (Module::isAvailable('sysconfig')) {
+				ConfigTgz::rebuildAllConfigs();
+			}
+			$regen = true;
 		}
 		return $privKey;
 	}
-- 
cgit v1.2.3-55-g7522