Changes committed to git://oss.sgi.com/pcp/pcp.git dev
configure | 4
configure.in | 3
man/man1/pcpintro.1 | 15 +
qa/003 | 3
qa/022 | 113 ++------------
qa/022.irix.0 | 302 --------------------------------------
qa/022.irix.1 | 303 ---------------------------------------
qa/022.linux | 150 -------------------
qa/022.linux.1 | 181 -----------------------
qa/069 | 2
qa/359 | 6
qa/390 | 35 ++--
qa/580 | 8 -
qa/748 | 44 +++++
qa/748.out | 13 +
qa/832 | 2
qa/943 | 51 ++++++
qa/943.out | 177 ++++++++++++++++++++++
qa/group | 3
qa/qa_hosts.master | 2
qa/src/GNUlocaldefs | 1
src/include/pcp.conf.in | 5
src/libpcp/src/secureconnect.c | 261 ++++++++++++++++++++++++---------
src/pmcd/GNUmakefile | 9 -
src/pmcd/sasl2.conf | 23 ++
src/pmdas/linux/pmda.c | 5
src/pmdas/linux_proc/GNUmakefile | 17 +-
src/pmdas/linux_proc/Install | 29 ---
src/pmdas/linux_proc/Remove | 30 ---
src/pmdas/linux_proc/contexts.c | 43 +++--
src/pmdas/linux_proc/contexts.h | 4
src/pmdas/linux_proc/pmda.c | 39 +++--
src/pmdas/linux_proc/pmns | 155 -------------------
src/pmdas/linux_proc/pmns.cgroup | 33 ----
src/pmdas/linux_proc/root | 34 ----
src/pmdas/linux_proc/root_proc | 148 +++++++++++++++++++
36 files changed, 807 insertions(+), 1446 deletions(-)
commit 5e80530d41896a1782683289bfc4db3d84dabd69
Author: Nathan Scott <nathans@xxxxxxxxxx>
Date: Wed Jul 24 10:26:31 2013 +1000
Fix pmdaproc cgroup instance domain access, found by qa tests
The earlier changes to pmdaproc allowing no access to metrics
with an instance domain without credentials were a bit heavy
handed - the cgroup metrics should still be allowed through as
the information is not per-user nor sensitive.
commit 3d51eb764d87bd08d4b95e7f62b9f73219e28a90
Author: Nathan Scott <nathans@xxxxxxxxxx>
Date: Wed Jul 24 10:24:06 2013 +1000
Further QA work dealing with new permissions model in pmdaproc
Updates to tests qa/390 and qa/580 allowing them to switch to
using unix domain sockets where available in order to continue
to exercise the per-process metrics in pmdaproc.
commit 43bf9bb9ea8faa5f07dfa51734101e0cd7811b25
Author: Nathan Scott <nathans@xxxxxxxxxx>
Date: Wed Jul 24 10:22:33 2013 +1000
Update test qa/359 to handle access issues wrt proc metrics
commit 48c409d08a310d0afafd8b5d17702e139c72f245
Author: Nathan Scott <nathans@xxxxxxxxxx>
Date: Wed Jul 24 10:21:44 2013 +1000
Allow overriding the default console path for authentication
Adds a PCP_CONSOLE environment variable allowing the default
(/dev/tty or CON:) console to be set to something else. The
original rationale is to allow tests to indicate they do not
wish to interact at all in making authentication decisions,
but it may be more generally useful.
commit 5e2db6d3683c15f69e62d0ab4d1dcaf5a6bc0a80
Author: Nathan Scott <nathans@xxxxxxxxxx>
Date: Wed Jul 24 10:12:12 2013 +1000
Add a couple more machines into my farm
commit 07ceee68cec96bcf7991f126326dc306fe47eb2f
Author: Nathan Scott <nathans@xxxxxxxxxx>
Date: Wed Jul 24 07:02:52 2013 +1000
Resolve long-standing intermittent issue for my setup in qa/069
Depending on host chosen as remote-host-1-and-2, and their IP addrs,
the filtered output was not deterministic for IP addresses of length
not matching that of the original test author.
This takes the filtered IP addresses and gives guarantees about the
amounts of resulting whitespace in the (filtered) log.
commit a72d7a552ce930b756cd000c813d1ac52f35b088
Author: Nathan Scott <nathans@xxxxxxxxxx>
Date: Wed Jul 24 06:16:29 2013 +1000
Update test qa/022 to handle new permissions model in pmdaproc
For versions of PCP with unix_domain_sockets support, test 022
has been updated to continue to run but now making use of that
support. This dodges all the permissions errors (checked over
in test 943) while continuing to use the original test.
Output for several ancient pcp versions has also been removed,
as these will surely never be tested with new tests.
commit 58275d8eeb16996f614d68a136f6abcc0427d6ab
Author: Nathan Scott <nathans@xxxxxxxxxx>
Date: Tue Jul 23 17:28:57 2013 +1000
Rework the interactive prompting code for SASL callbacks
Major rework of the SASL interactive prompting code. This is
now much simplified in the split between command line options
handling and filling-in-the-missing-bits interactively (incl.
password prompting). Removes the use of the obsolete getpass
libc function.
Additional SASL mechanisms now appear to work correctly (happy
days!) and the "plain" method has now been used for successful
authentication, along with a sasldb for user accounts.
Added some comments to the default sasl2 configuration file,
particularly along the lines of file permissions on a sasldb
file that pmcd may have to read.
commit 180109de74a500537a0873db46edabd2af294a34
Author: Nathan Scott <nathans@xxxxxxxxxx>
Date: Tue Jul 23 11:50:21 2013 +1000
Install a default sasl2 configuration file for pmcd
Following the lead of other (more experienced) projects
using SASL2 authentication, such as libvirt, install a
default configuration file for pmcd and SASL.
This configuration (like other projects) enables only
the digest-md5 plugin by default. We may want to also
allow "plain", perhaps, but for now play it safe.
A companion tutorial for "secure sockets", decribing the
details of this configuration and many other aspects of
authentication in PCP, is being committed in the pcp-doc
package as well.
commit 7d28289b2cd74e72f9052a34af2ec7695f1fccd0
Author: Nathan Scott <nathans@xxxxxxxxxx>
Date: Tue Jul 23 11:40:06 2013 +1000
Reinstate Linux pmdaproc as a default-installed PMDA
With recent changes in the Linux pmdaproc to make use of
available user credentials (and as a result, not expose
information it should not), we can reenable this PMDA by
default once more.
commit eb563a4d09a8e224e74fe6f4b65b563eb509eb1d
Author: Nathan Scott <nathans@xxxxxxxxxx>
Date: Tue Jul 23 10:32:07 2013 +1000
Enforce permission checking on credentials with pmdaproc
The Linux process PMDA has become the first PMDA to make use
of the available credentials to enforce real permissions
(small round of applause). If credentials are not available
it allows only the non-per-process metrics back (all others:
PM_ERR_PERMISSION - no soup for you!). However, if they are
available, setegid/seteuid are issued at appropriate places
and the authenticated user sees whatever she should be able
to see, as per the usual kernel-enforced permission checks.
Added new test qa/943 to exercise the behaviour. Its using
pmprobe and various host specifications - localhost vs unix:
- to exercise the different code paths.
commit f6f587f83022ff39ec197fa82fdd1e1ddf03eaa2
Author: Nathan Scott <nathans@xxxxxxxxxx>
Date: Mon Jul 22 21:30:11 2013 +1000
Earlier commit to resolve network related failure in qa/003 was NQR
commit 27c04c1312d3cd84a30d2c78669438e3af803756
Author: Nathan Scott <nathans@xxxxxxxxxx>
Date: Mon Jul 22 16:16:57 2013 +1000
Add badlen-10 and badlen-11 into the set of qa archives, else 438 fails
commit f0daff178533ed7042cb3ecfbacf333ab5827679
Author: Nathan Scott <nathans@xxxxxxxxxx>
Date: Mon Jul 22 15:58:15 2013 +1000
Bring test qa/748 back into the fold
commit 6c3d55b732aa0a891f4902579bcbfe6ec62ea7e7
Merge: 273e6db a309a0e
Author: Nathan Scott <nathans@xxxxxxxxxx>
Date: Mon Jul 22 15:57:38 2013 +1000
Merge branch 'dev' of git://oss.sgi.com/kenj/pcp into dev
commit a309a0e332a217f384d7ed17cae8744f83132d10
Author: Ken McDonell <kenj@xxxxxxxxxxxxxxxx>
Date: Mon Jul 22 15:51:11 2013 +1000
qa/748 [new] - check pmlogrewrite rule for mysql pmda changes
commit 273e6db5748aa43449e3446f6a6ecae0bad31837
Author: Nathan Scott <nathans@xxxxxxxxxx>
Date: Mon Jul 22 13:52:28 2013 +1000
Update qa/003 for new network metrics, add tcp.maxconn special case
|