Skip to content
GitLab
Commit 4be204e0 authored by Keith Downie's avatar Keith Downie
Browse files

Merge remote-tracking branch 'central/master'

parents 37c3d154 822ee940
Hide whitespace changes
Inline Side-by-side
account/newproj.in
View file @ 4be204e0
#!/usr/bin/perl -wT
#
# Copyright (c) 2000-2011 University of Utah and the Flux Group.
# Copyright (c) 2000-2011, 2014 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -41,6 +41,7 @@ my $debug = 0;
my $nonlocal= 0;
my $impotent= 0;
my $silent = 0;
my $viaAPT = 0;
my $resend;
#
......@@ -221,6 +222,11 @@ my $xmlparse = eval { XMLin($xmlfile,
fatal($@)
if ($@);
# APT flag. Notice and delete.
if (exists($xmlparse->{'attribute'}->{"viaAPT"})) {
$viaAPT = 1;
delete($xmlparse->{'attribute'}->{"viaAPT"});
}
#
# Make sure all the required arguments were provided.
......@@ -326,8 +332,12 @@ if (exists($newproj_args{'newuser_xml'})) {
print $cmd . "\n"
if ($debug);
my $cmd_out = `$cmd`;
UserError("Transient Error: (3, $?, $cmd) $cmd_out")
if ($?);
if ($?) {
if (($? >> 8) > 0) {
UserError($cmd_out);
}
fatal("Error creating new user: (3, $?, $cmd) $cmd_out");
}
#
# Parse the last line of output. Ick.
......@@ -360,6 +370,9 @@ exit(0)
my $new_pid = $newproj_args{'pid'};
delete($newproj_args{'pid'});
delete($newproj_args{'head_uid'});
# APT flag.
$newproj_args{'viaAPT'} = 1
if ($viaAPT);
my $newproj = Project->Create($new_pid, $leader, \%newproj_args);
if (!defined($newproj)) {
......
account/newuser.in
View file @ 4be204e0
#!/usr/bin/perl -w
#
# Copyright (c) 2000-2013 University of Utah and the Flux Group.
# Copyright (c) 2000-2014 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -41,6 +41,7 @@ my $impotent= 0;
my $type = "";
my $silent = 0;
my $portal = 0;
my $viaAPT = 0;
my @keyfiles = ();
#
......@@ -206,6 +207,20 @@ fatal($@)
print STDERR Dumper($xmlparse)
if ($debug);
# APT flag. Notice and delete.
if (exists($xmlparse->{'attribute'}->{"viaAPT"})) {
$viaAPT = 1;
delete($xmlparse->{'attribute'}->{"viaAPT"});
# Remove these, we do not require them on the APT path.
delete($required{"affiliation_abbreviation"});
delete($required{"phone"});
delete($required{"title"});
delete($required{"address"});
delete($required{"zip"});
delete($required{"wikiname"});
}
#
# Make sure all the required arguments were provided.
#
......@@ -428,6 +443,9 @@ elsif ($type eq "wikionly") {
elsif ($type eq "leader") {
$flags = $User::NEWUSER_FLAGS_PROJLEADER;
}
if ($viaAPT) {
$flags |= $User::NEWUSER_FLAGS_VIAAPT;
}
my $newuser = User->Create($new_uid, $flags, \%newuser_args);
if (!defined($newuser)) {
fatal("Could not create new user!");
......@@ -500,7 +518,7 @@ SENDMAIL("$usr_name '$usr_uid' <$usr_email>",
"Testbed Operations\n",
"$TBAPPROVAL",
"Bcc: $TBAUDIT")
if (!$silent);
if (!($silent || $viaAPT));
#
# Do we have a keyfile? If so, rerun addpubkey for real now that the
......
clientside/tmcc/common/config/rc.mkelab
View file @ 4be204e0
......@@ -2002,6 +2002,9 @@ sub SetupBossNode($)
# Copy over creators ssl certificate for XMLRPC. See below.
mysystem("cp -fp ~${creator}/.ssl/emulab.pem $stuffdir");
# Copy extra ssh pub key for adding to elabman.
mysystem("cp -fp ~${creator}/.ssh/elabinelab.pub $stuffdir")
if (-e "/users/${creator}/.ssh/elabinelab.pub");
#
# Write the config variables out. genirack install phase needs it.
......@@ -2484,6 +2487,10 @@ sub SetupBossNode($)
mysystem("/etc/rc.sendmail start");
}
# Copy additional key into the install directory.
mysystem("cp -fp $stuffdir/elabinelab.pub $TBDIR/src/testbed/install")
if (-e "$stuffdir/elabinelab.pub");
#
# INNER OPS DEPENDENCY: boss-install eventually wants to NFS mount
# the filesystems on ops/fs, so at this point the ops/fs filesystems
......
clientside/tmcc/common/config/rc.storage
View file @ 4be204e0
#!/usr/bin/perl -w
#
# Copyright (c) 2004-2013 University of Utah and the Flux Group.
# Copyright (c) 2004-2014 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -405,6 +405,9 @@ sub process($$$$)
if (!exists($href->{'PERSIST'})) {
$href->{'PERSIST'} = 0;
}
if (!exists($href->{'PERMS'})) {
$href->{'PERMS'} = "RW";
}
}
elsif ($class eq "local") {
if ($href->{'HOSTID'} ne "localhost" ||
......@@ -528,6 +531,9 @@ sub process($$$$)
if ($href->{'PERSIST'}) {
$msg .= " persistent";
}
if ($href->{'PERMS'} eq "RO") {
$msg .= " read-only";
}
print " $msg iSCSI node attached as $dev";
}
}
......@@ -537,7 +543,11 @@ sub process($$$$)
}
}
if ($href->{'MOUNTPOINT'}) {
print " mounted on " . $href->{'MOUNTPOINT'};
my $w = "RW";
if ($href->{'PERMS'} eq "RO") {
$w = "RO";
}
print " mounted $w on " . $href->{'MOUNTPOINT'};
}
print "\n";
} else {
......
clientside/tmcc/common/libgenvnode.pm
View file @ 4be204e0
#!/usr/bin/perl -wT
#
# Copyright (c) 2008-2012 University of Utah and the Flux Group.
# Copyright (c) 2008-2014 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -60,6 +60,7 @@ sub VNODE_PATH(;$) {
my $VCNET_NET = "172.16.0.0";
my $VCNET_MASK = "255.240.0.0";
my $VCNET_GW = "172.16.0.1";
my $VCNET_SLASHMASK = "12";
#
# Find virtual control net iface info. Returns:
......@@ -67,5 +68,5 @@ my $VCNET_GW = "172.16.0.1";
#
sub findVirtControlNet()
{
return ($VCNET_NET, $VCNET_MASK, $VCNET_GW);
return ($VCNET_NET, $VCNET_MASK, $VCNET_GW, $VCNET_SLASHMASK);
}
clientside/tmcc/common/mkvnode.pl
View file @ 4be204e0
#!/usr/bin/perl -w
#
# Copyright (c) 2009-2013 University of Utah and the Flux Group.
# Copyright (c) 2009-2014 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -99,6 +99,7 @@ my $cleaning = 0;
my $rebooting = 0;
my $reload = 0;
my ($vmid,$vmtype,$ret,$err);
my $ISXENVM = (GENVNODETYPE() eq "xen" ? 1 : 0);
# Flags for leaveme.
my $LEAVEME_REBOOT = 0x1;
......@@ -136,6 +137,21 @@ if ($UID != 0) {
" Must be root to run this script!\n");
}
#
# Deal with VIFROUTING flag from the server. Do this before we switch
# our vnode_id below since it is a physical host attribute. This will
# go away at some point.
#
my %attributes = ();
if (getnodeattributes(\%attributes)) {
die("*** $0:\n".
"Could not get node attributes");
}
if (exists($attributes{"xenvifrouting"})) {
# Gack, tell backend network scripts.
system("touch $ETCDIR/xenvifrouting");
}
# Tell the library what vnode we are messing with.
libsetup_setvnodeid($vnodeid);
......@@ -657,7 +673,7 @@ if (defined(VNCONFIG('SSHDPORT')) && VNCONFIG('SSHDPORT') ne "" &&
}
#
# Start the container. If all goes well, this will exit cleanly, with the
# Start the container. If all goes well, this will exit cleanly, with
# it running in its new context. Still, lets protect it with a timer
# since it might get hung up inside and we do not want to get stuck here.
#
......@@ -665,9 +681,11 @@ my $childpid = fork();
if ($childpid) {
my $timedout = 0;
local $SIG{ALRM} = sub { kill("TERM", $childpid); $timedout = 1; };
alarm 180;
alarm 180
if (!INXENVM());
waitpid($childpid, 0);
alarm 0;
alarm 0
if (!INXENVM());
#
# If failure then cleanup.
......
clientside/tmcc/freebsd/liblocstorage.pm
View file @ 4be204e0
#!/usr/bin/perl -wT
#
# Copyright (c) 2013 University of Utah and the Flux Group.
# Copyright (c) 2013-2014 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -912,18 +912,26 @@ sub os_check_storage_element($$)
if ($mpoint) {
my $line = `$MOUNT | grep '^/dev/$dev on '`;
if (!$line) {
my $mopt = "";
my $fopt = "-p";
# check for RO export and adjust options accordingly
if (exists($href->{'PERMS'}) && $href->{'PERMS'} eq "RO") {
$mopt = "-o ro";
$fopt = "-n";
}
# the mountpoint should exist
if (! -d "$mpoint") {
warn("*** $bsid: no mount point $mpoint\n");
return -1;
}
# fsck it in case of an abrupt shutdown
if (mysystem("$FSCK -t ufs -p /dev/$dev $redir")) {
if (mysystem("$FSCK $fopt -t ufs /dev/$dev $redir")) {
warn("*** $bsid: fsck of /dev/$dev failed\n");
return -1;
}
# and mount it
if (mysystem("$MOUNT -t ufs /dev/$dev $mpoint $redir")) {
if (mysystem("$MOUNT $mopt -t ufs /dev/$dev $mpoint $redir")) {
warn("*** $bsid: could not mount /dev/$dev on $mpoint\n");
return -1;
}
......@@ -1098,6 +1106,9 @@ sub os_create_storage($$)
return 0;
}
my $mopt = "";
my $fopt = "-p";
if (exists($href->{'MOUNTPOINT'}) && !exists($href->{'MOUNTED'})) {
my $lv = $href->{'VOLNAME'};
my $mdev = $href->{'LVDEV'};
......@@ -1117,7 +1128,12 @@ sub os_create_storage($$)
#
if ($href->{'CLASS'} eq "SAN" && $href->{'PROTO'} eq "iSCSI" &&
$href->{'PERSIST'} != 0) {
if (mysystem("$FSCK -t ufs -p $mdev $redir")) {
# check for RO export and adjust options accordingly
if (exists($href->{'PERMS'}) && $href->{'PERMS'} eq "RO") {
$mopt = "-o ro";
$fopt = "-n";
}
if (mysystem("$FSCK $fopt -t ufs $mdev $redir")) {
warn("*** $lv: fsck of persistent store $mdev failed\n");
return 0;
}
......@@ -1158,7 +1174,7 @@ sub os_create_storage($$)
return 0;
}
} else {
if (mysystem("$MOUNT -t ufs $mdev $mpoint $redir")) {
if (mysystem("$MOUNT $mopt -t ufs $mdev $mpoint $redir")) {
warn("*** $lv: could not mount $mdev on $mpoint$logmsg\n");
return 0;
}
......
clientside/tmcc/freenas8/libvnode_blockstore.pm
View file @ 4be204e0
......@@ -741,11 +741,16 @@ sub exportSlice($$$$) {
return -1;
}
my $perm = "rw";
if (exists($sconf->{'PERMS'}) && $sconf->{'PERMS'} eq "RO") {
$perm = "ro";
}
# Create iSCSI target
my $serial = genSerial();
eval { freenasRunCmd($FREENAS_CLI_VERB_IST_TARGET,
"add $iqn $serial $ISCSI_GLOBAL_PORTAL ".
"$tag Auto -1") };
"$tag Auto -1 flags=$perm") };
if ($@) {
warn("*** ERROR: blockstore_exportSlice: $volname: ".
"Failed to create iSCSI target: $@");
......
clientside/tmcc/linux/GNUmakefile.in
View file @ 4be204e0
#
# Copyright (c) 2000-2013 University of Utah and the Flux Group.
# Copyright (c) 2000-2014 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -328,6 +328,7 @@ xen-install: dir-install
$(INSTALL) -m 755 $(SRCDIR)/xen/interfaces $(SYSETCDIR)/network/
$(INSTALL) -m 755 $(SRCDIR)/xen/emulab-cnet.pl $(SYSETCDIR)/xen/scripts/
$(INSTALL) -m 755 $(SRCDIR)/xen/emulab-enet.pl $(SYSETCDIR)/xen/scripts/
$(INSTALL) -m 755 $(SRCDIR)/xen/vif-route-emulab $(SYSETCDIR)/xen/scripts/
$(INSTALL) -m 755 $(SRCDIR)/xen/emulab-tun.pl $(SYSETCDIR)/xen/scripts/
$(INSTALL) -m 755 $(SRCDIR)/xen/create-image $(LBINDIR)/
$(INSTALL) -m 755 $(SRCDIR)/xen/mkimagecache $(BINDIR)/
......
clientside/tmcc/linux/liblocstorage.pm
View file @ 4be204e0
#!/usr/bin/perl -wT
#
# Copyright (c) 2013 University of Utah and the Flux Group.
# Copyright (c) 2013-2014 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -610,17 +610,26 @@ sub os_check_storage_element($$)
if ($mpoint) {
my $line = `$MOUNT | grep '^/dev/$dev on '`;
if (!$line) {
my $mopt = "";
my $fopt = "-p";
# check for RO export and adjust options accordingly
if (exists($href->{'PERMS'}) && $href->{'PERMS'} eq "RO") {
$mopt = "-o ro";
$fopt = "-n";
}
# the mountpoint should exist
if (! -d "$mpoint") {
warn("*** $bsid: no mount point $mpoint\n");
return -1;
}
# fsck it in case of an abrupt shutdown
if (mysystem("$FSCK -p /dev/$dev $redir")) {
if (mysystem("$FSCK $fopt /dev/$dev $redir")) {
warn("*** $bsid: fsck of /dev/$dev failed\n");
return -1;
}
if (mysystem("$MOUNT /dev/$dev $mpoint $redir")) {
if (mysystem("$MOUNT $mopt /dev/$dev $mpoint $redir")) {
warn("*** $bsid: could not mount /dev/$dev on $mpoint\n");
return -1;
}
......@@ -789,6 +798,9 @@ sub os_create_storage($$)
return 0;
}
my $mopt = "";
my $fopt = "-p";
if (exists($href->{'MOUNTPOINT'})) {
my $lv = $href->{'VOLNAME'};
my $mdev = $href->{'LVDEV'};
......@@ -808,6 +820,11 @@ sub os_create_storage($$)
#
if ($href->{'CLASS'} eq "SAN" && $href->{'PROTO'} eq "iSCSI" &&
$href->{'PERSIST'} != 0) {
# check for RO export and adjust options accordingly
if (exists($href->{'PERMS'}) && $href->{'PERMS'} eq "RO") {
$mopt = "-o ro";
$fopt = "-n";
}
# figure out what the fstype is
$fstype = `blkid -s TYPE -o value $mdev`;
chomp($fstype);
......@@ -818,7 +835,7 @@ sub os_create_storage($$)
$fstype = "ext4";
}
if (mysystem("$FSCK -p $mdev $redir")) {
if (mysystem("$FSCK $fopt $mdev $redir")) {
warn("*** $lv: fsck of persistent store $mdev failed\n");
return 0;
}
......@@ -880,7 +897,7 @@ sub os_create_storage($$)
return 0;
}
} else {
if (mysystem("$MOUNT -t $fstype $mdev $mpoint $redir")) {
if (mysystem("$MOUNT $mopt -t $fstype $mdev $mpoint $redir")) {
warn("*** $lv: could not mount $mdev on $mpoint$logmsg\n");
return 0;
}
......
clientside/tmcc/linux/xen/emulab-cnet.pl
View file @ 4be204e0
#!/usr/bin/perl -w
#
# Copyright (c) 2000-2013 University of Utah and the Flux Group.
# Copyright (c) 2000-2014 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -66,24 +66,29 @@ my $TMCD_PORT = 7777;
my $SLOTHD_PORT = 8509;
my $EVPROXY_PORT= 16505;
my $IPTABLES = "/sbin/iptables";
my $ARPING = "/usr/bin/arping";
# For testing.
my $VIFROUTING = ((-e "$ETCDIR/xenvifrouting") ? 1 : 0);
usage()
if (@ARGV < 4);
if (@ARGV < 5);
my $vmid = shift(@ARGV);
my $host_ip = shift(@ARGV);
my $vnode_id = shift(@ARGV);
my $vnode_ip = shift(@ARGV);
my $vmid = shift(@ARGV);
my $host_ip = shift(@ARGV);
my $vnode_id = shift(@ARGV);
my $vnode_ip = shift(@ARGV);
my $vnode_mac = shift(@ARGV);
# The caller (xmcreate) puts this into the environment.
my $vif = $ENV{'vif'};
my $XENBUS_PATH = $ENV{'XENBUS_PATH'};
my $bridge = `xenstore-read "$XENBUS_PATH/bridge"`;
#
# Well, this is interesting; we could get called with the XEN store
# Well, this is interesting; we are called with the XEN store
# gone and so not able to find the bridge. vif-bridge does the same
# thing and just ignores it! So if we cannot get, default to what
# currently think is the control network bridge.
# thing and just ignores it! So if we cannot get it, default to what
# currently think is the control network bridge, so that vif-bridge
# does not leave a bunch of iptables rules behind.
#
if ($?) {
$bridge = "xenbr0";
......@@ -154,18 +159,44 @@ sub Online()
{
mysystem2("ifconfig $vif txqueuelen 256");
if ($VIFROUTING) {
#
# When using routing instead of bridging, we have to restart
# dhcp *after* the vif has been created so that dhcpd will
# start listening on it.
#
if (TBScriptLock("dhcpd", 0, 900) != TBSCRIPTLOCK_OKAY()) {
print STDERR "Could not get the dhcpd lock after a long time!\n";
return -1;
}
restartDHCP();
TBScriptUnlock();
#
# And this clears the arp caches.
#
mysystem("$ARPING -c 4 -A -I $bridge $vnode_ip");
}
# Prevent dhcp requests from leaving the physical host.
DoIPtables("-A FORWARD -o $bridge -m pkttype ".
"--pkt-type broadcast " .
"-m physdev --physdev-in $vif --physdev-is-bridged ".
"--physdev-out $outer_controlif -j DROP")
== 0 or return -1;
#
# We ask vif-bridge to turn on antispoofing; this rule would negate that.
# We turn on antispoofing. In bridge mode, vif-bridge adds a rule
# to allow outgoing traffic. But vif-route does this wrong, so we
# do it here. We also need an incoming rule since in route mode,
# incoming packets go throught the FORWARD table, which is set to
# DROP for antispoofing.
#
if (0) {
DoIPtables("-A FORWARD -m physdev --physdev-in $vif -j ACCEPT")
if ($VIFROUTING) {
DoIPtables("-A FORWARD -i $vif -s $vnode_ip ".
" -m mac --mac-source $vnode_mac -j ACCEPT")
== 0 or return -1;
DoIPtables("-A FORWARD -o $vif -d $vnode_ip -j ACCEPT")
== 0 or return -1;
}
......@@ -268,6 +299,20 @@ sub Online()
" -s $vnode_ip -d $network/$cnet_mask")
== 0 or return -1;
#
# Do not rewrite multicast (frisbee) traffic. Client throws up.
#
DoIPtables("-t nat -A POSTROUTING -j ACCEPT " .
" -s $vnode_ip -d 224.0.0.0/4")
== 0 or return -1;
#
# Ditto the apod packet.
#
DoIPtables("-t nat -A POSTROUTING -j ACCEPT ".
" -s $vnode_ip -m icmp --protocol icmp --icmp-type 6/6")
== 0 or return -1;
#
# Boss/ops/fs specific rules in case the control network is
# segmented like it is in Utah.
......@@ -309,9 +354,10 @@ sub Offline()
"--physdev-out $outer_controlif -j DROP");
# See above.
if (0) {
DoIPtables("-D FORWARD -m physdev ".
"--physdev-in $vif -j ACCEPT");
if ($VIFROUTING) {
DoIPtables("-D FORWARD -i $vif -s $vnode_ip ".
" -m mac --mac-source $vnode_mac -j ACCEPT");
DoIPtables("-D FORWARD -o $vif -d $vnode_ip -j ACCEPT");
}
# tmcc
......@@ -350,6 +396,12 @@ sub Offline()
DoIPtables("-t nat -D POSTROUTING -j ACCEPT " .
" -s $vnode_ip -d $boss_ip,$ops_ip");
DoIPtables("-t nat -D POSTROUTING -j ACCEPT " .
" -s $vnode_ip -d 224.0.0.0/4");
DoIPtables("-t nat -D POSTROUTING -j ACCEPT ".
" -s $vnode_ip -m icmp --protocol icmp --icmp-type 6/6");
}
DoIPtables("-t nat -D POSTROUTING ".
......@@ -379,7 +431,19 @@ if (@ARGV) {
# First run the xen script to do the bridge interface. We do this
# inside the lock since vif-bridge does some iptables stuff.
#
mysystem2("/etc/xen/scripts/vif-bridge @ARGV");
# vif-bridge/vif-route has bugs that cause it to leave iptables
# rules behind. If we put this stuff into the environment, they
# will work properly.
#
$ENV{"ip"} = $vnode_ip;
if ($VIFROUTING) {
$ENV{"netdev"} = "xenbr0";
$ENV{"gatewaydev"} = "xenbr0";
mysystem2("/etc/xen/scripts/vif-route-emulab @ARGV");
}
else {
mysystem2("/etc/xen/scripts/vif-bridge @ARGV");
}
if ($?) {
TBScriptUnlock();
exit(1);
......
clientside/tmcc/linux/xen/libvnode_xen.pm
View file @ 4be204e0
#!/usr/bin/perl -wT
#
# Copyright (c) 2008-2013 University of Utah and the Flux Group.
# Copyright (c) 2008-2014 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -210,6 +210,7 @@ my $OVSSTART = "/usr/local/share/openvswitch/scripts/ovs-ctl";
my $ISREMOTENODE = REMOTEDED();
my $BRIDGENAME = "xenbr0";
my $VIFROUTING = ((-e "$ETCDIR/xenvifrouting") ? 1 : 0);
#
# Information about the running Xen hypervisor
......@@ -235,7 +236,7 @@ sub formatDHCP($$$);
sub fixupMac($);
sub createControlNetworkScript($$$);
sub createExpNetworkScript($$$$$$$$);
sub createTunnelScript($$$$);
sub createTunnelScript($$$$$);
sub createExpBridges($$$);
sub destroyExpBridges($$);
sub domainStatus($);
......@@ -337,28 +338,11 @@ sub rootPreConfig($)
my ($alias_iface, $alias_ip, $alias_mask);
#
# Start the Xen daemon if not running.
# There doesn't seem to be a sure fire way to tell this.
# However, one of the important things xend should do for us is
# set up a bridge device for the control network, so we look for this.