OpenVZ Forum: Support

Home » General » Support » Reboot VPS

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Reboot VPS [message #2591]

Mon, 10 April 2006 21:05

scooter
Messages: 38
Registered: December 2005
Location: Texas

Member

Has anyone came up with a way for a VPS to be rebooted via the webpage?

I'm not much of a php programer so not able to actually do this unfortunately.

Reckon I need to learn PHP Smile

Scooter Harris

Report message to a moderator

Re: Reboot VPS [message #2592 is a reply to message #2591]

Mon, 10 April 2006 21:25

kir
Messages: 1645
Registered: August 2005
Location: Moscow, Russia

Senior Member

Actually you can use shell (or any other language, for that matter) to program simple CGIs. Or, yep, use php. Smile

I can not teach you the basics of PHP, but I can tell you you are entering the high risk zone so, if implemented improperly (insecurely) your solution could do more harm than good.

So, here are a few ideas of how to do it more securely:

(1) do NOT run web server on a host system, use some dedicated VE for it.

(2) in the host system, create some user, say ovzss. Install sudo package if it's not there, and edit /etc/sudoers to allow this user execute vzctl start and vzctl stop commands as root without entering a password. The appropriate line in /etc/sudoers should look like this:

ovzss         ALL=(ALL)        NOPASSWD:/usr/sbin/vzctl start,/usr/sbin/vzctl stop

(3) in the VE you created for running a web server, create SSH keys for apache user (or another user from which account your httpd runs), and put ssh2 public key to host system as ~ovzss/.ssh/authorized_keys2, so apache user can login into host system via ssh without entering the password

(4) in the CGI you wrote, you should do something like

system("ssh ovzss@host.ip.add.ress sudo /usr/sbin/vzctl start $VEID");

(5) in the CGI you wrote, CHECK that $VEID passed from the web user is really a VEID, i.e. it should contain positive non-zero number not exceeding a few digits and only that.

(6) Limit access to the CGI script itself, using Apache Allow/Deny directives.

Surely this can be improved in a few ways, but I hope that as-is it creates a sensible minimum security.

Kir Kolyshkin

http://static.openvz.org/userbars/openvz-developer.png

Report message to a moderator

Re: Reboot VPS [message #2593 is a reply to message #2591]

Mon, 10 April 2006 21:30

scooter
Messages: 38
Registered: December 2005
Location: Texas

Member

great thank you, i'll check it out this evening Smile

But yes when i was going to 'build' something i was going to restrict apache access to the core servers to 1 single IP and run the other stuff from a VE and post to the apache on the core.

Scooter Harris

Report message to a moderator

Re: Reboot VPS [message #2623 is a reply to message #2591]

Tue, 11 April 2006 21:57

scooter
Messages: 38
Registered: December 2005
Location: Texas

Member

Well, i did get something working, nothing fancy but it works.

Got it working with all the servers we have from one location.

Just need to secure it some so people can't reboot anyone else's VE's Smile

Scooter

Scooter Harris

Report message to a moderator

Previous Topic:	software RAID1 support on Centos 4.1?
Next Topic:	Iptables problem in SUSE10 kernel

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Sun Nov 17 21:49:30 GMT 2024

Total time taken to generate the page: 0.04638 seconds