Commit 080626a9 authored by Mike Hibler's avatar Mike Hibler
Browse files

Well, that took longer than anticipated...

Modify the firewall /etc/hosts setup to include unqualified control net IP
addresses so that NS firewall rules can include the symbolic node names.

Modified the tmcc firewallinfo command to return the host info and rc.firewall
to do the setup.  Maybe should have done this by changing how the tmcc hosts
command works for firewalls, but rc.hostnames gets run after rc.firewall and
I didn't want to figure out if there were any dependencies.
parent ea2408f4
......@@ -24,6 +24,7 @@ my $action = "boot";
my $debug = 0;
my $fwinfo;
my @fwrules;
my @fwhosts;
sub usage()
{
......@@ -84,7 +85,7 @@ if (@ARGV) {
$action = $ARGV[0];
}
my $TMFWC = CONFDIR() . "/rc.fw";
my $TMFWC = TMFWCONFIG;
# Execute the action.
SWITCH: for ($action) {
......@@ -113,7 +114,7 @@ sub doboot()
#
# Get our firewall info
#
if (getfwconfig(\$fwinfo, \@fwrules) != 0) {
if (getfwconfig(\$fwinfo, \@fwrules, \@fwhosts) != 0) {
exit(0);
}
......@@ -169,6 +170,15 @@ sub doboot()
exit($rc);
}
#
# Update the hosts file with unqualified names for firewalled hosts
#
if (@fwhosts > 0) {
if (genhostsfile($HOSTSFILE, @fwhosts) != 0) {
fatal("Could not update $HOSTSFILE!");
}
}
#
# and execute it!
#
......
#!/usr/bin/perl -w
#
# EMULAB-COPYRIGHT
# Copyright (c) 2004 University of Utah and the Flux Group.
# Copyright (c) 2004, 2005 University of Utah and the Flux Group.
# All rights reserved.
#
use English;
......@@ -104,11 +104,16 @@ sub fromtopo($);
#
sub doboot()
{
my $HTEMP = "${pathname}.new";
my @tmccresults;
print STDOUT "Checking Testbed hostnames configuration ... \n";
#
# Firewall hostname setup is done much earlier (rc.firewall)
#
return 0
if (ISFW());
#
# First see if we have a topo file; we can generate our own hosts
# file if we do, saving a lot of load on tmcd in big experiments.
......@@ -122,57 +127,10 @@ sub doboot()
return 0
if (! @tmccresults);
#
# Note, we no longer start with the 'prototype' file here because we have
# to make up a localhost line that's properly qualified.
#
if (!open(HOSTS, ">$HTEMP")) {
fatal("Could not open $HTEMP: $!");
if (genhostsfile($pathname, @tmccresults) != 0) {
fatal("Could not update $pathname!");
}
my $localaliases = "loghost";
#
# Find out our domain name, so that we can qualify the localhost entry
#
my $hostname = `hostname`;
if ($hostname =~ /[^.]+\.(.+)/) {
$localaliases .= " localhost.$1";
}
#
# First, write a localhost line into the hosts file - we have to know the
# domain to use here
#
print HOSTS os_etchosts_line("localhost", "127.0.0.1",
$localaliases), "\n";
#
# Now convert each hostname into hosts file representation and write
# it to the hosts file. Note that ALIASES is for backwards compat.
# Should go away at some point.
#
my $pat = q(NAME=([-\w\.]+) IP=([0-9\.]*) ALIASES=\'([-\w\. ]*)\');
foreach my $str (@tmccresults) {
if ($str =~ /$pat/) {
my $name = $1;
my $ip = $2;
my $aliases = $3;
my $hostline = os_etchosts_line($name, $ip, $aliases);
print HOSTS "$hostline\n";
}
else {
warning("Bad hosts line: $str");
}
}
close(HOSTS);
system("mv -f $HTEMP $pathname");
if ($?) {
fatal("Could not move $HTEMP to $pathname!");
}
return 0;
}
......
......@@ -20,18 +20,19 @@ use Exporter;
TBBackGround TBForkCmd vnodejailsetup plabsetup vnodeplabsetup
jailsetup dojailconfig findiface libsetup_getvnodeid
ixpsetup libsetup_refresh gettopomap getfwconfig gettiptunnelconfig
gettraceconfig
gettraceconfig genhostsfile
TBDebugTimeStamp TBDebugTimeStampsOn
MFS REMOTE CONTROL WINDOWS JAILED PLAB LOCALROOTFS IXP USESFS
SIMTRAFGEN SIMHOST ISDELAYNODEPATH JAILHOST DELAYHOST STARGATE
ISFW
CONFDIR TMDELAY TMJAILNAME TMSIMRC TMCC
TMNICKNAME TMSTARTUPCMD FINDIF
TMROUTECONFIG TMLINKDELAY TMDELMAP TMTOPOMAP TMLTMAP
TMGATEDCONFIG TMSYNCSERVER TMKEYHASH TMNODEID TMEVENTKEY
TMCREATOR TMSWAPPER
TMCREATOR TMSWAPPER TMFWCONFIG
);
# Must come after package declaration!
......@@ -46,7 +47,7 @@ use libtmcc;
#
# BE SURE TO BUMP THIS AS INCOMPATIBILE CHANGES TO TMCD ARE MADE!
#
sub TMCD_VERSION() { 24; };
sub TMCD_VERSION() { 25; };
libtmcc::configtmcc("version", TMCD_VERSION());
# Control tmcc timeout.
......@@ -217,6 +218,7 @@ sub TMROLE() { CONFDIR() . "/role";}
sub TMSIMRC() { CONFDIR() . "/rc.simulator";}
sub TMCREATOR() { CONFDIR() . "/creator";}
sub TMSWAPPER() { CONFDIR() . "/swapper";}
sub TMFWCONFIG() { CONFDIR() . "/rc.fw";}
#
# This is a debugging thing for my home network.
......@@ -283,6 +285,11 @@ sub PLAB() { if ($inplab) { return $vnodeid; } else { return 0; } }
#
sub IXP() { if ($inixp) { return $vnodeid; } else { return 0; } }
#
# Are we a firewall node
#
sub ISFW() { if (-e TMFWCONFIG()) { return 1; } else { return 0; } }
#
# Are we hosting a simulator or maybe just a NSE based trafgen.
#
......@@ -660,6 +667,73 @@ sub gettopomap($)
return 0;
}
#
# Generate a hosts file given hostname info in tmcc hostinfo format
# Returns 0 on success, non-zero otherwise.
#
sub genhostsfile($@)
{
my ($pathname, @hostlist) = @_;
my $HTEMP = "$pathname.new";
#
# Note, we no longer start with the 'prototype' file here because we have
# to make up a localhost line that's properly qualified.
#
if (!open(HOSTS, ">$HTEMP")) {
warn("Could not create temporary hosts file $HTEMP\n");
return 1;
}
my $localaliases = "loghost";
#
# Find out our domain name, so that we can qualify the localhost entry
#
my $hostname = `hostname`;
if ($hostname =~ /[^.]+\.(.+)/) {
$localaliases .= " localhost.$1";
}
#
# First, write a localhost line into the hosts file - we have to know the
# domain to use here
#
print HOSTS os_etchosts_line("localhost", "127.0.0.1",
$localaliases), "\n";
#
# Now convert each hostname into hosts file representation and write
# it to the hosts file. Note that ALIASES is for backwards compat.
# Should go away at some point.
#
my $pat = q(NAME=([-\w\.]+) IP=([0-9\.]*) ALIASES=\'([-\w\. ]*)\');
foreach my $str (@hostlist) {
if ($str =~ /$pat/) {
my $name = $1;
my $ip = $2;
my $aliases = $3;
my $hostline = os_etchosts_line($name, $ip, $aliases);
print HOSTS "$hostline\n";
}
else {
warn("Ignoring bad hosts line: $str");
}
}
close(HOSTS);
system("mv -f $HTEMP $pathname");
if ($?) {
warn("Could not move $HTEMP to $pathname\n");
return 1;
}
return 0;
}
#
# Convert from MAC to iface name (eth0/fxp0/etc) using little helper program.
#
......@@ -963,12 +1037,13 @@ sub expandfwvars($)
# Return the firewall configuration. We parse tmcd output here and return
# a list of hash entries to the caller.
#
sub getfwconfig($$)
sub getfwconfig($$;$)
{
my ($infoptr, $rptr) = @_; # Return info and rule list to caller.
my ($infoptr, $rptr, $hptr) = @_;
my @tmccresults = ();
my $fwinfo = {};
my @fwrules = ();
my @fwhosts = ();
$$infoptr = undef;
@$rptr = ();
......@@ -978,9 +1053,10 @@ sub getfwconfig($$)
}
my $rempat = q(TYPE=remote FWIP=([0-9\.]*));
my $fwpat = q(TYPE=([\w-]+) STYLE=(\w+) IN_IF=(\w*) OUT_IF=(\w*) IN_VLAN=(\d+) OUT_VLAN=(\d+));
my $fwpat = q(TYPE=([-\w]+) STYLE=(\w+) IN_IF=(\w*) OUT_IF=(\w*) IN_VLAN=(\d+) OUT_VLAN=(\d+));
my $rpat = q(RULENO=(\d*) RULE="(.*)");
my $vpat = q(VAR=(EMULAB_\w+) VALUE="(.*)");
my $hpat = q(HOST=([-\w]+) CNETIP=([0-9\.]*));
$fwinfo->{"TYPE"} = "none";
foreach my $line (@tmccresults) {
......@@ -1026,6 +1102,10 @@ sub getfwconfig($$)
push(@fwrules, $fw);
} elsif ($line =~ /$vpat/) {
$fwvars{$1} = $2;
} elsif ($line =~ /$hpat/) {
# create a tmcc hostlist format string
push(@fwhosts,
"NAME=$1 IP=$2 ALIASES=''");
} else {
warn("*** WARNING: Bad firewall info line: $line\n");
return 1;
......@@ -1040,6 +1120,7 @@ sub getfwconfig($$)
$$infoptr = $fwinfo;
@$rptr = @fwrules;
@$hptr = @fwhosts;
return $bad;
}
......
......@@ -26,4 +26,4 @@
* NB: See ron/libsetup.pm. That is version 4! I'll merge that in.
*/
#define DEFAULT_VERSION 2
#define CURRENT_VERSION 24
#define CURRENT_VERSION 25
......@@ -5445,6 +5445,38 @@ COMMAND_PROTOTYPE(dofwinfo)
if (verbose)
info("FWINFO: %d default rules\n", nrows);
/*
* Ohhh...I gotta bad case of the butt-uglies!
*
* Return the list of the unqualified names of the firewalled hosts
* along with their IP addresses. The client code uses this to
* construct a local hosts file so that symbolic host names can
* be used in firewall rules.
*/
if (vers > 24) {
res = mydb_query("select r.vname,i.IP from reserved as r "
"left join interfaces as i on r.node_id=i.node_id "
"where r.pid='%s' and r.eid='%s' and i.role='ctrl'",
2, reqp->pid, reqp->eid);
if (!res) {
error("FWINFO: %s: DB Error getting host info!\n",
reqp->nodeid);
return 1;
}
nrows = (int)mysql_num_rows(res);
for (n = nrows; n > 0; n--) {
row = mysql_fetch_row(res);
OUTPUT(buf, sizeof(buf), "HOST=%s CNETIP=%s\n",
row[0], row[1]);
client_writeback(sock, buf, strlen(buf), tcp);
}
mysql_free_result(res);
if (verbose)
info("FWINFO: %d firewalled hosts\n", nrows);
}
return 0;
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment