Commit 9b6932b7 authored by Leigh B. Stoller's avatar Leigh B. Stoller
Browse files

tunefs the newly created vnode FS and dial the minfree down to 2

percent, and optimize for space. Prelude to creating smaller jails
on local nodes, as soon as I can get SFS running inside a jail the way
I want it (in which case users will have access to their project and
home dirs on the file server).

Add Mike's IPADDR change, with slight modification. tmcd will specify
a list of ip addresses as a comma separated list, which are converted
to -i options to pass to jail. Kernel will restrict bind to these IPs.
parent ba39fecc
#!/usr/bin/perl -w #!/usr/bin/perl -w
# #
# EMULAB-COPYRIGHT # EMULAB-COPYRIGHT
# Copyright (c) 2000-2002 University of Utah and the Flux Group. # Copyright (c) 2000-2003 University of Utah and the Flux Group.
# All rights reserved. # All rights reserved.
# #
use English; use English;
...@@ -252,6 +252,7 @@ exit(0); ...@@ -252,6 +252,7 @@ exit(0);
sub mkrootfs($) sub mkrootfs($)
{ {
my ($path) = @_; my ($path) = @_;
my $vnsize = $VNFILEMBS;
chdir($path) or chdir($path) or
fatal("Could not chdir to $path: $!"); fatal("Could not chdir to $path: $!");
...@@ -262,7 +263,7 @@ sub mkrootfs($) ...@@ -262,7 +263,7 @@ sub mkrootfs($)
# #
# Big file of zeros. # Big file of zeros.
# #
mysystem("dd if=/dev/zero of=root.vnode bs=1m count=$VNFILEMBS"); mysystem("dd if=/dev/zero of=root.vnode bs=1m count=$vnsize");
# #
# Find a free vndevice. # Find a free vndevice.
...@@ -279,6 +280,7 @@ sub mkrootfs($) ...@@ -279,6 +280,7 @@ sub mkrootfs($)
mysystem("disklabel -r -w vn${vndevice} auto"); mysystem("disklabel -r -w vn${vndevice} auto");
mysystem("newfs -b 8192 -f 1024 -i 4096 -c 15 /dev/vn${vndevice}c"); mysystem("newfs -b 8192 -f 1024 -i 4096 -c 15 /dev/vn${vndevice}c");
mysystem("tunefs -m 2 -o space /dev/vn${vndevice}c");
mysystem("mount /dev/vn${vndevice}c root"); mysystem("mount /dev/vn${vndevice}c root");
push(@mntpoints, "$path/root"); push(@mntpoints, "$path/root");
...@@ -614,6 +616,8 @@ sub getjailconfig($) ...@@ -614,6 +616,8 @@ sub getjailconfig($)
# See if special jail opts supported. # See if special jail opts supported.
# #
sub setjailoptions() { sub setjailoptions() {
my $sawip = 0;
$jailoptions = ""; $jailoptions = "";
# #
...@@ -657,12 +661,27 @@ sub setjailoptions() { ...@@ -657,12 +661,27 @@ sub setjailoptions() {
} }
last SWITCH; last SWITCH;
}; };
/^IPADDR$/ && do {
# Comma separated list of IPs
my @iplist = split(",", $val);
foreach my $ip (@iplist) {
if ($ip =~ /(\d+\.\d+\.\d+\.\d+)/) {
$jailoptions .= " -i $1";
$sawip = 1;
}
}
last SWITCH;
};
} }
} }
print("SSHD port is $sshdport\n"); print("SSHD port is $sshdport\n");
system("sysctl jail.inetraw_allowed=1 >/dev/null 2>&1"); system("sysctl jail.inetraw_allowed=1 >/dev/null 2>&1");
system("sysctl jail.bpf_allowed=1 >/dev/null 2>&1"); system("sysctl jail.bpf_allowed=1 >/dev/null 2>&1");
if ($sawip) {
system("sysctl jail.multiip_allowed=1 >/dev/null 2>&1");
}
if ($?) { if ($?) {
print("Special jail options are NOT supported!\n"); print("Special jail options are NOT supported!\n");
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment