Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
emulab
emulab-devel
Commits
4be204e0
Commit
4be204e0
authored
Jan 27, 2014
by
Keith Downie
Browse files
Merge remote-tracking branch 'central/master'
parents
37c3d154
822ee940
Changes
74
Hide whitespace changes
Inline
Side-by-side
account/newproj.in
View file @
4be204e0
#!/usr/bin/perl -wT
#
# Copyright (c) 2000-2011 University of Utah and the Flux Group.
# Copyright (c) 2000-2011
, 2014
University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
...
...
@@ -41,6 +41,7 @@ my $debug = 0;
my
$nonlocal
=
0
;
my
$impotent
=
0
;
my
$silent
=
0
;
my
$viaAPT
=
0
;
my
$resend
;
#
...
...
@@ -221,6 +222,11 @@ my $xmlparse = eval { XMLin($xmlfile,
fatal
(
$@
)
if
(
$@
);
# APT flag. Notice and delete.
if
(
exists
(
$xmlparse
->
{'
attribute
'}
->
{"
viaAPT
"}))
{
$viaAPT
=
1
;
delete
(
$xmlparse
->
{'
attribute
'}
->
{"
viaAPT
"});
}
#
# Make sure all the required arguments were provided.
...
...
@@ -326,8 +332,12 @@ if (exists($newproj_args{'newuser_xml'})) {
print
$cmd
.
"
\n
"
if
(
$debug
);
my
$cmd_out
=
`
$cmd
`;
UserError
("
Transient Error: (3, $?,
$cmd
)
$cmd_out
")
if
(
$?
);
if
(
$?
)
{
if
((
$?
>>
8
)
>
0
)
{
UserError
(
$cmd_out
);
}
fatal
("
Error creating new user: (3, $?,
$cmd
)
$cmd_out
");
}
#
# Parse the last line of output. Ick.
...
...
@@ -360,6 +370,9 @@ exit(0)
my
$new_pid
=
$newproj_args
{'
pid
'};
delete
(
$newproj_args
{'
pid
'});
delete
(
$newproj_args
{'
head_uid
'});
# APT flag.
$newproj_args
{'
viaAPT
'}
=
1
if
(
$viaAPT
);
my
$newproj
=
Project
->
Create
(
$new_pid
,
$leader
,
\
%newproj_args
);
if
(
!
defined
(
$newproj
))
{
...
...
account/newuser.in
View file @
4be204e0
#!/usr/bin/perl -w
#
# Copyright (c) 2000-201
3
University of Utah and the Flux Group.
# Copyright (c) 2000-201
4
University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
...
...
@@ -41,6 +41,7 @@ my $impotent= 0;
my
$type
=
"";
my
$silent
=
0
;
my
$portal
=
0
;
my
$viaAPT
=
0
;
my
@keyfiles
=
();
#
...
...
@@ -206,6 +207,20 @@ fatal($@)
print
STDERR
Dumper
(
$xmlparse
)
if
(
$debug
);
# APT flag. Notice and delete.
if
(
exists
(
$xmlparse
->
{'
attribute
'}
->
{"
viaAPT
"}))
{
$viaAPT
=
1
;
delete
(
$xmlparse
->
{'
attribute
'}
->
{"
viaAPT
"});
# Remove these, we do not require them on the APT path.
delete
(
$required
{"
affiliation_abbreviation
"});
delete
(
$required
{"
phone
"});
delete
(
$required
{"
title
"});
delete
(
$required
{"
address
"});
delete
(
$required
{"
zip
"});
delete
(
$required
{"
wikiname
"});
}
#
# Make sure all the required arguments were provided.
#
...
...
@@ -428,6 +443,9 @@ elsif ($type eq "wikionly") {
elsif
(
$type
eq
"
leader
")
{
$flags
=
$
User::
NEWUSER_FLAGS_PROJLEADER
;
}
if
(
$viaAPT
)
{
$flags
|=
$
User::
NEWUSER_FLAGS_VIAAPT
;
}
my
$newuser
=
User
->
Create
(
$new_uid
,
$flags
,
\
%newuser_args
);
if
(
!
defined
(
$newuser
))
{
fatal
("
Could not create new user!
");
...
...
@@ -500,7 +518,7 @@ SENDMAIL("$usr_name '$usr_uid' <$usr_email>",
"
Testbed Operations
\n
",
"
$TBAPPROVAL
",
"
Bcc:
$TBAUDIT
")
if
(
!
$silent
);
if
(
!
(
$silent
||
$viaAPT
)
);
#
# Do we have a keyfile? If so, rerun addpubkey for real now that the
...
...
clientside/tmcc/common/config/rc.mkelab
View file @
4be204e0
...
...
@@ -2002,6 +2002,9 @@ sub SetupBossNode($)
# Copy over creators ssl certificate for XMLRPC. See below.
mysystem
("
cp -fp ~
${creator}
/.ssl/emulab.pem
$stuffdir
");
# Copy extra ssh pub key for adding to elabman.
mysystem
("
cp -fp ~
${creator}
/.ssh/elabinelab.pub
$stuffdir
")
if
(
-
e
"
/users/
${creator}
/.ssh/elabinelab.pub
");
#
# Write the config variables out. genirack install phase needs it.
...
...
@@ -2484,6 +2487,10 @@ sub SetupBossNode($)
mysystem
("
/etc/rc.sendmail start
");
}
# Copy additional key into the install directory.
mysystem
("
cp -fp
$stuffdir
/elabinelab.pub
$TBDIR
/src/testbed/install
")
if
(
-
e
"
$stuffdir
/elabinelab.pub
");
#
# INNER OPS DEPENDENCY: boss-install eventually wants to NFS mount
# the filesystems on ops/fs, so at this point the ops/fs filesystems
...
...
clientside/tmcc/common/config/rc.storage
View file @
4be204e0
#!/usr/bin/perl -w
#
# Copyright (c) 2004-201
3
University of Utah and the Flux Group.
# Copyright (c) 2004-201
4
University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
...
...
@@ -405,6 +405,9 @@ sub process($$$$)
if
(
!
exists
(
$href
->
{'
PERSIST
'}))
{
$href
->
{'
PERSIST
'}
=
0
;
}
if
(
!
exists
(
$href
->
{'
PERMS
'}))
{
$href
->
{'
PERMS
'}
=
"
RW
";
}
}
elsif
(
$class
eq
"
local
")
{
if
(
$href
->
{'
HOSTID
'}
ne
"
localhost
"
||
...
...
@@ -528,6 +531,9 @@ sub process($$$$)
if
(
$href
->
{'
PERSIST
'})
{
$msg
.=
"
persistent
";
}
if
(
$href
->
{'
PERMS
'}
eq
"
RO
")
{
$msg
.=
"
read-only
";
}
print
"
$msg
iSCSI node attached as
$dev
";
}
}
...
...
@@ -537,7 +543,11 @@ sub process($$$$)
}
}
if
(
$href
->
{'
MOUNTPOINT
'})
{
print
"
mounted on
"
.
$href
->
{'
MOUNTPOINT
'};
my
$w
=
"
RW
";
if
(
$href
->
{'
PERMS
'}
eq
"
RO
")
{
$w
=
"
RO
";
}
print
"
mounted
$w
on
"
.
$href
->
{'
MOUNTPOINT
'};
}
print
"
\n
";
}
else
{
...
...
clientside/tmcc/common/libgenvnode.pm
View file @
4be204e0
#!/usr/bin/perl -wT
#
# Copyright (c) 2008-201
2
University of Utah and the Flux Group.
# Copyright (c) 2008-201
4
University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
...
...
@@ -60,6 +60,7 @@ sub VNODE_PATH(;$) {
my
$VCNET_NET
=
"
172.16.0.0
";
my
$VCNET_MASK
=
"
255.240.0.0
";
my
$VCNET_GW
=
"
172.16.0.1
";
my
$VCNET_SLASHMASK
=
"
12
";
#
# Find virtual control net iface info. Returns:
...
...
@@ -67,5 +68,5 @@ my $VCNET_GW = "172.16.0.1";
#
sub
findVirtControlNet
()
{
return
(
$VCNET_NET
,
$VCNET_MASK
,
$VCNET_GW
);
return
(
$VCNET_NET
,
$VCNET_MASK
,
$VCNET_GW
,
$VCNET_SLASHMASK
);
}
clientside/tmcc/common/mkvnode.pl
View file @
4be204e0
#!/usr/bin/perl -w
#
# Copyright (c) 2009-201
3
University of Utah and the Flux Group.
# Copyright (c) 2009-201
4
University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
...
...
@@ -99,6 +99,7 @@ my $cleaning = 0;
my
$rebooting
=
0
;
my
$reload
=
0
;
my
(
$vmid
,
$vmtype
,
$ret
,
$err
);
my
$ISXENVM
=
(
GENVNODETYPE
()
eq
"
xen
"
?
1
:
0
);
# Flags for leaveme.
my
$LEAVEME_REBOOT
=
0x1
;
...
...
@@ -136,6 +137,21 @@ if ($UID != 0) {
"
Must be root to run this script!
\n
");
}
#
# Deal with VIFROUTING flag from the server. Do this before we switch
# our vnode_id below since it is a physical host attribute. This will
# go away at some point.
#
my
%attributes
=
();
if
(
getnodeattributes
(
\
%attributes
))
{
die
("
*** $0:
\n
"
.
"
Could not get node attributes
");
}
if
(
exists
(
$attributes
{"
xenvifrouting
"}))
{
# Gack, tell backend network scripts.
system
("
touch
$ETCDIR
/xenvifrouting
");
}
# Tell the library what vnode we are messing with.
libsetup_setvnodeid
(
$vnodeid
);
...
...
@@ -657,7 +673,7 @@ if (defined(VNCONFIG('SSHDPORT')) && VNCONFIG('SSHDPORT') ne "" &&
}
#
# Start the container. If all goes well, this will exit cleanly, with
the
# Start the container. If all goes well, this will exit cleanly, with
# it running in its new context. Still, lets protect it with a timer
# since it might get hung up inside and we do not want to get stuck here.
#
...
...
@@ -665,9 +681,11 @@ my $childpid = fork();
if
(
$childpid
)
{
my
$timedout
=
0
;
local
$SIG
{
ALRM
}
=
sub
{
kill
("
TERM
",
$childpid
);
$timedout
=
1
;
};
alarm
180
;
alarm
180
if
(
!
INXENVM
());
waitpid
(
$childpid
,
0
);
alarm
0
;
alarm
0
if
(
!
INXENVM
());
#
# If failure then cleanup.
...
...
clientside/tmcc/freebsd/liblocstorage.pm
View file @
4be204e0
#!/usr/bin/perl -wT
#
# Copyright (c) 2013 University of Utah and the Flux Group.
# Copyright (c) 2013
-2014
University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
...
...
@@ -912,18 +912,26 @@ sub os_check_storage_element($$)
if
(
$mpoint
)
{
my
$line
=
`
$MOUNT
| grep '^/dev/
$dev
on '
`;
if
(
!
$line
)
{
my
$mopt
=
"";
my
$fopt
=
"
-p
";
# check for RO export and adjust options accordingly
if
(
exists
(
$href
->
{'
PERMS
'})
&&
$href
->
{'
PERMS
'}
eq
"
RO
")
{
$mopt
=
"
-o ro
";
$fopt
=
"
-n
";
}
# the mountpoint should exist
if
(
!
-
d
"
$mpoint
")
{
warn
("
***
$bsid
: no mount point
$mpoint
\n
");
return
-
1
;
}
# fsck it in case of an abrupt shutdown
if
(
mysystem
("
$FSCK
-t ufs
-p
/dev/
$dev
$redir
"))
{
if
(
mysystem
("
$FSCK
$fopt
-t ufs /dev/
$dev
$redir
"))
{
warn
("
***
$bsid
: fsck of /dev/
$dev
failed
\n
");
return
-
1
;
}
# and mount it
if
(
mysystem
("
$MOUNT
-t ufs /dev/
$dev
$mpoint
$redir
"))
{
if
(
mysystem
("
$MOUNT
$mopt
-t ufs /dev/
$dev
$mpoint
$redir
"))
{
warn
("
***
$bsid
: could not mount /dev/
$dev
on
$mpoint
\n
");
return
-
1
;
}
...
...
@@ -1098,6 +1106,9 @@ sub os_create_storage($$)
return
0
;
}
my
$mopt
=
"";
my
$fopt
=
"
-p
";
if
(
exists
(
$href
->
{'
MOUNTPOINT
'})
&&
!
exists
(
$href
->
{'
MOUNTED
'}))
{
my
$lv
=
$href
->
{'
VOLNAME
'};
my
$mdev
=
$href
->
{'
LVDEV
'};
...
...
@@ -1117,7 +1128,12 @@ sub os_create_storage($$)
#
if
(
$href
->
{'
CLASS
'}
eq
"
SAN
"
&&
$href
->
{'
PROTO
'}
eq
"
iSCSI
"
&&
$href
->
{'
PERSIST
'}
!=
0
)
{
if
(
mysystem
("
$FSCK
-t ufs -p
$mdev
$redir
"))
{
# check for RO export and adjust options accordingly
if
(
exists
(
$href
->
{'
PERMS
'})
&&
$href
->
{'
PERMS
'}
eq
"
RO
")
{
$mopt
=
"
-o ro
";
$fopt
=
"
-n
";
}
if
(
mysystem
("
$FSCK
$fopt
-t ufs
$mdev
$redir
"))
{
warn
("
***
$lv
: fsck of persistent store
$mdev
failed
\n
");
return
0
;
}
...
...
@@ -1158,7 +1174,7 @@ sub os_create_storage($$)
return
0
;
}
}
else
{
if
(
mysystem
("
$MOUNT
-t ufs
$mdev
$mpoint
$redir
"))
{
if
(
mysystem
("
$MOUNT
$mopt
-t ufs
$mdev
$mpoint
$redir
"))
{
warn
("
***
$lv
: could not mount
$mdev
on
$mpoint$logmsg
\n
");
return
0
;
}
...
...
clientside/tmcc/freenas8/libvnode_blockstore.pm
View file @
4be204e0
...
...
@@ -741,11 +741,16 @@ sub exportSlice($$$$) {
return
-
1
;
}
my
$perm
=
"
rw
";
if
(
exists
(
$sconf
->
{'
PERMS
'})
&&
$sconf
->
{'
PERMS
'}
eq
"
RO
")
{
$perm
=
"
ro
";
}
# Create iSCSI target
my
$serial
=
genSerial
();
eval
{
freenasRunCmd
(
$FREENAS_CLI_VERB_IST_TARGET
,
"
add
$iqn
$serial
$ISCSI_GLOBAL_PORTAL
"
.
"
$tag
Auto -1
")
};
"
$tag
Auto -1
flags=
$perm
")
};
if
(
$@
)
{
warn
("
*** ERROR: blockstore_exportSlice:
$volname
:
"
.
"
Failed to create iSCSI target: $@
");
...
...
clientside/tmcc/linux/GNUmakefile.in
View file @
4be204e0
#
# Copyright (c) 2000-201
3
University of Utah and the Flux Group.
# Copyright (c) 2000-201
4
University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
...
...
@@ -328,6 +328,7 @@ xen-install: dir-install
$(INSTALL) -m 755 $(SRCDIR)/xen/interfaces $(SYSETCDIR)/network/
$(INSTALL) -m 755 $(SRCDIR)/xen/emulab-cnet.pl $(SYSETCDIR)/xen/scripts/
$(INSTALL) -m 755 $(SRCDIR)/xen/emulab-enet.pl $(SYSETCDIR)/xen/scripts/
$(INSTALL) -m 755 $(SRCDIR)/xen/vif-route-emulab $(SYSETCDIR)/xen/scripts/
$(INSTALL) -m 755 $(SRCDIR)/xen/emulab-tun.pl $(SYSETCDIR)/xen/scripts/
$(INSTALL) -m 755 $(SRCDIR)/xen/create-image $(LBINDIR)/
$(INSTALL) -m 755 $(SRCDIR)/xen/mkimagecache $(BINDIR)/
...
...
clientside/tmcc/linux/liblocstorage.pm
View file @
4be204e0
#!/usr/bin/perl -wT
#
# Copyright (c) 2013 University of Utah and the Flux Group.
# Copyright (c) 2013
-2014
University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
...
...
@@ -610,17 +610,26 @@ sub os_check_storage_element($$)
if
(
$mpoint
)
{
my
$line
=
`
$MOUNT
| grep '^/dev/
$dev
on '
`;
if
(
!
$line
)
{
my
$mopt
=
"";
my
$fopt
=
"
-p
";
# check for RO export and adjust options accordingly
if
(
exists
(
$href
->
{'
PERMS
'})
&&
$href
->
{'
PERMS
'}
eq
"
RO
")
{
$mopt
=
"
-o ro
";
$fopt
=
"
-n
";
}
# the mountpoint should exist
if
(
!
-
d
"
$mpoint
")
{
warn
("
***
$bsid
: no mount point
$mpoint
\n
");
return
-
1
;
}
# fsck it in case of an abrupt shutdown
if
(
mysystem
("
$FSCK
-p
/dev/
$dev
$redir
"))
{
if
(
mysystem
("
$FSCK
$fopt
/dev/
$dev
$redir
"))
{
warn
("
***
$bsid
: fsck of /dev/
$dev
failed
\n
");
return
-
1
;
}
if
(
mysystem
("
$MOUNT
/dev/
$dev
$mpoint
$redir
"))
{
if
(
mysystem
("
$MOUNT
$mopt
/dev/
$dev
$mpoint
$redir
"))
{
warn
("
***
$bsid
: could not mount /dev/
$dev
on
$mpoint
\n
");
return
-
1
;
}
...
...
@@ -789,6 +798,9 @@ sub os_create_storage($$)
return
0
;
}
my
$mopt
=
"";
my
$fopt
=
"
-p
";
if
(
exists
(
$href
->
{'
MOUNTPOINT
'}))
{
my
$lv
=
$href
->
{'
VOLNAME
'};
my
$mdev
=
$href
->
{'
LVDEV
'};
...
...
@@ -808,6 +820,11 @@ sub os_create_storage($$)
#
if
(
$href
->
{'
CLASS
'}
eq
"
SAN
"
&&
$href
->
{'
PROTO
'}
eq
"
iSCSI
"
&&
$href
->
{'
PERSIST
'}
!=
0
)
{
# check for RO export and adjust options accordingly
if
(
exists
(
$href
->
{'
PERMS
'})
&&
$href
->
{'
PERMS
'}
eq
"
RO
")
{
$mopt
=
"
-o ro
";
$fopt
=
"
-n
";
}
# figure out what the fstype is
$fstype
=
`
blkid -s TYPE -o value
$mdev
`;
chomp
(
$fstype
);
...
...
@@ -818,7 +835,7 @@ sub os_create_storage($$)
$fstype
=
"
ext4
";
}
if
(
mysystem
("
$FSCK
-p
$mdev
$redir
"))
{
if
(
mysystem
("
$FSCK
$fopt
$mdev
$redir
"))
{
warn
("
***
$lv
: fsck of persistent store
$mdev
failed
\n
");
return
0
;
}
...
...
@@ -880,7 +897,7 @@ sub os_create_storage($$)
return
0
;
}
}
else
{
if
(
mysystem
("
$MOUNT
-t
$fstype
$mdev
$mpoint
$redir
"))
{
if
(
mysystem
("
$MOUNT
$mopt
-t
$fstype
$mdev
$mpoint
$redir
"))
{
warn
("
***
$lv
: could not mount
$mdev
on
$mpoint$logmsg
\n
");
return
0
;
}
...
...
clientside/tmcc/linux/xen/emulab-cnet.pl
View file @
4be204e0
#!/usr/bin/perl -w
#
# Copyright (c) 2000-201
3
University of Utah and the Flux Group.
# Copyright (c) 2000-201
4
University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
...
...
@@ -66,24 +66,29 @@ my $TMCD_PORT = 7777;
my
$SLOTHD_PORT
=
8509
;
my
$EVPROXY_PORT
=
16505
;
my
$IPTABLES
=
"
/sbin/iptables
";
my
$ARPING
=
"
/usr/bin/arping
";
# For testing.
my
$VIFROUTING
=
((
-
e
"
$ETCDIR
/xenvifrouting
")
?
1
:
0
);
usage
()
if
(
@ARGV
<
4
);
if
(
@ARGV
<
5
);
my
$vmid
=
shift
(
@ARGV
);
my
$host_ip
=
shift
(
@ARGV
);
my
$vnode_id
=
shift
(
@ARGV
);
my
$vnode_ip
=
shift
(
@ARGV
);
my
$vmid
=
shift
(
@ARGV
);
my
$host_ip
=
shift
(
@ARGV
);
my
$vnode_id
=
shift
(
@ARGV
);
my
$vnode_ip
=
shift
(
@ARGV
);
my
$vnode_mac
=
shift
(
@ARGV
);
# The caller (xmcreate) puts this into the environment.
my
$vif
=
$ENV
{'
vif
'};
my
$XENBUS_PATH
=
$ENV
{'
XENBUS_PATH
'};
my
$bridge
=
`
xenstore-read "
$XENBUS_PATH
/bridge"
`;
#
# Well, this is interesting; we
could get
called with the XEN store
# Well, this is interesting; we
are
called with the XEN store
# gone and so not able to find the bridge. vif-bridge does the same
# thing and just ignores it! So if we cannot get, default to what
# currently think is the control network bridge.
# thing and just ignores it! So if we cannot get it, default to what
# currently think is the control network bridge, so that vif-bridge
# does not leave a bunch of iptables rules behind.
#
if
(
$?
)
{
$bridge
=
"
xenbr0
";
...
...
@@ -154,18 +159,44 @@ sub Online()
{
mysystem2
("
ifconfig
$vif
txqueuelen 256
");
if
(
$VIFROUTING
)
{
#
# When using routing instead of bridging, we have to restart
# dhcp *after* the vif has been created so that dhcpd will
# start listening on it.
#
if
(
TBScriptLock
("
dhcpd
",
0
,
900
)
!=
TBSCRIPTLOCK_OKAY
())
{
print
STDERR
"
Could not get the dhcpd lock after a long time!
\n
";
return
-
1
;
}
restartDHCP
();
TBScriptUnlock
();
#
# And this clears the arp caches.
#
mysystem
("
$ARPING
-c 4 -A -I
$bridge
$vnode_ip
");
}
# Prevent dhcp requests from leaving the physical host.
DoIPtables
("
-A FORWARD -o
$bridge
-m pkttype
"
.
"
--pkt-type broadcast
"
.
"
-m physdev --physdev-in
$vif
--physdev-is-bridged
"
.
"
--physdev-out
$outer_controlif
-j DROP
")
==
0
or
return
-
1
;
#
# We ask vif-bridge to turn on antispoofing; this rule would negate that.
# We turn on antispoofing. In bridge mode, vif-bridge adds a rule
# to allow outgoing traffic. But vif-route does this wrong, so we
# do it here. We also need an incoming rule since in route mode,
# incoming packets go throught the FORWARD table, which is set to
# DROP for antispoofing.
#
if
(
0
)
{
DoIPtables
("
-A FORWARD -m physdev --physdev-in
$vif
-j ACCEPT
")
if
(
$VIFROUTING
)
{
DoIPtables
("
-A FORWARD -i
$vif
-s
$vnode_ip
"
.
"
-m mac --mac-source
$vnode_mac
-j ACCEPT
")
==
0
or
return
-
1
;
DoIPtables
("
-A FORWARD -o
$vif
-d
$vnode_ip
-j ACCEPT
")
==
0
or
return
-
1
;
}
...
...
@@ -268,6 +299,20 @@ sub Online()
"
-s
$vnode_ip
-d
$network
/
$cnet_mask
")
==
0
or
return
-
1
;
#
# Do not rewrite multicast (frisbee) traffic. Client throws up.
#
DoIPtables
("
-t nat -A POSTROUTING -j ACCEPT
"
.
"
-s
$vnode_ip
-d 224.0.0.0/4
")
==
0
or
return
-
1
;
#
# Ditto the apod packet.
#
DoIPtables
("
-t nat -A POSTROUTING -j ACCEPT
"
.
"
-s
$vnode_ip
-m icmp --protocol icmp --icmp-type 6/6
")
==
0
or
return
-
1
;
#
# Boss/ops/fs specific rules in case the control network is
# segmented like it is in Utah.
...
...
@@ -309,9 +354,10 @@ sub Offline()
"
--physdev-out
$outer_controlif
-j DROP
");
# See above.
if
(
0
)
{
DoIPtables
("
-D FORWARD -m physdev
"
.
"
--physdev-in
$vif
-j ACCEPT
");
if
(
$VIFROUTING
)
{
DoIPtables
("
-D FORWARD -i
$vif
-s
$vnode_ip
"
.
"
-m mac --mac-source
$vnode_mac
-j ACCEPT
");
DoIPtables
("
-D FORWARD -o
$vif
-d
$vnode_ip
-j ACCEPT
");
}
# tmcc
...
...
@@ -350,6 +396,12 @@ sub Offline()
DoIPtables
("
-t nat -D POSTROUTING -j ACCEPT
"
.
"
-s
$vnode_ip
-d
$boss_ip
,
$ops_ip
");
DoIPtables
("
-t nat -D POSTROUTING -j ACCEPT
"
.
"
-s
$vnode_ip
-d 224.0.0.0/4
");
DoIPtables
("
-t nat -D POSTROUTING -j ACCEPT
"
.
"
-s
$vnode_ip
-m icmp --protocol icmp --icmp-type 6/6
");
}
DoIPtables
("
-t nat -D POSTROUTING
"
.
...
...
@@ -379,7 +431,19 @@ if (@ARGV) {
# First run the xen script to do the bridge interface. We do this
# inside the lock since vif-bridge does some iptables stuff.
#
mysystem2
("
/etc/xen/scripts/vif-bridge
@ARGV
");
# vif-bridge/vif-route has bugs that cause it to leave iptables
# rules behind. If we put this stuff into the environment, they
# will work properly.
#
$ENV
{"
ip
"}
=
$vnode_ip
;
if
(
$VIFROUTING
)
{
$ENV
{"
netdev
"}
=
"
xenbr0
";
$ENV
{"
gatewaydev
"}
=
"
xenbr0
";
mysystem2
("
/etc/xen/scripts/vif-route-emulab
@ARGV
");
}
else
{
mysystem2
("
/etc/xen/scripts/vif-bridge
@ARGV
");
}
if
(
$?
)
{
TBScriptUnlock
();
exit
(
1
);
...
...
clientside/tmcc/linux/xen/libvnode_xen.pm
View file @
4be204e0
#!/usr/bin/perl -wT
#
# Copyright (c) 2008-201
3
University of Utah and the Flux Group.
# Copyright (c) 2008-201
4
University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
...
...
@@ -210,6 +210,7 @@ my $OVSSTART = "/usr/local/share/openvswitch/scripts/ovs-ctl";
my
$ISREMOTENODE
=
REMOTEDED
();
my
$BRIDGENAME
=
"
xenbr0
";
my
$VIFROUTING
=
((
-
e
"
$ETCDIR
/xenvifrouting
")
?
1
:
0
);
#
# Information about the running Xen hypervisor
...
...
@@ -235,7 +236,7 @@ sub formatDHCP($$$);
sub
fixupMac
($);
sub
createControlNetworkScript
($$$);
sub
createExpNetworkScript
($$$$$$$$);
sub
createTunnelScript
($$$$);
sub
createTunnelScript
($$$$
$
);
sub
createExpBridges
($$$);
sub
destroyExpBridges
($$);
sub
domainStatus
($);
...
...
@@ -337,28 +338,11 @@ sub rootPreConfig($)
my
(
$alias_iface
,
$alias_ip
,
$alias_mask
);
#
# Start the Xen daemon if not running.
# There doesn't seem to be a sure fire way to tell this.
# However, one of the important things xend should do for us is
# set up a bridge device for the control network, so we look for this.