Skip to content
GitLab
Menu
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
emulab
emulab-devel
Commits
a3d2cf4c
Commit
a3d2cf4c
authored
Nov 29, 2010
by
Leigh B Stoller
Browse files
Merge branch 'master' of git-public.flux.utah.edu:/flux/git/emulab-devel
parents
e2a8dbf5
4ef9397e
Changes
82
Hide whitespace changes
Inline
Side-by-side
backend/editimageid.in
View file @
a3d2cf4c
...
...
@@ -139,8 +139,9 @@ my %xmlfields =
"
description
"
=>
["
description
",
$SLOT_OPTIONAL
],
"
path
"
=>
["
path
",
$SLOT_OPTIONAL
],
"
mtype_*
"
=>
["
mtype
",
$SLOT_OPTIONAL
],
"
load_address
"
=>
["
load_address
",
$SLOT_ADMINONLY
],
"
frisbee_pid
"
=>
["
frisbee_pid
",
$SLOT_ADMINONLY
]);
#"load_address" => ["load_address", $SLOT_ADMINONLY],
#"frisbee_pid" => ["frisbee_pid", $SLOT_ADMINONLY]
);
#
# Need a list of node types. We join this over the nodes table so that
# we get a list of just the nodes that are currently in the testbed, not
...
...
@@ -376,28 +377,28 @@ UserError("Node Types: Must select at least one node type")
#
# Only admins can edit the load_address or the frisbee pid.
#
if
(
$isadmin
)
{
if
(
exists
(
$editimageid_args
{"
load_address
"})
&&
$editimageid_args
{"
load_address
"}
ne
"")
{
$foo
=
escapeshellarg
(
$editimageid_args
{"
load_address
"});
if
(
$editimageid_args
{"
load_address
"}
ne
$foo
)
{
UserError
("
Load Address: Contains illegal characters!
");
}
}
# Frisbee_pid has already been checked to be a valid int coming from XML.
}
else
{
# Not isadmin.
if
(
exists
(
$editimageid_args
{"
load_address
"})
&&
$editimageid_args
{"
load_address
"}
ne
$image
->
load_address
())
{
UserError
("
Load Address: No permission, admin-only
");
}
if
(
exists
(
$editimageid_args
{"
frisbee_pid
"})
&&
$editimageid_args
{"
frisbee_pid
"}
ne
$image
->
frisbee_pid
())
{
UserError
("
Frisbee PID: No permission, admin-only
");
}
}
#
XXX: Bring back functionally is some way
#
if ($isadmin) {
#
if (exists($editimageid_args{"load_address"}) &&
#
$editimageid_args{"load_address"} ne "") {
#
$foo = escapeshellarg($editimageid_args{"load_address"});
#
#
if ($editimageid_args{"load_address"} ne $foo) {
#
UserError("Load Address: Contains illegal characters!");
#
}
#
}
#
# Frisbee_pid has already been checked to be a valid int coming from XML.
#
}
#
else { # Not isadmin.
#
if (exists($editimageid_args{"load_address"}) &&
#
$editimageid_args{"load_address"} ne $image->load_address()) {
#
UserError("Load Address: No permission, admin-only");
#
}
#
if (exists($editimageid_args{"frisbee_pid"}) &&
#
$editimageid_args{"frisbee_pid"} ne $image->frisbee_pid()) {
#
UserError("Frisbee PID: No permission, admin-only");
#
}
#
}
#
# Mereusers are not allowed to create more than one osid/imageid mapping
...
...
db/EmulabConstants.pm.in
View file @
a3d2cf4c
...
...
@@ -94,12 +94,15 @@ use vars qw(@ISA @EXPORT);
TBDB_NODESTATE_PXEFAILED
TBDB_NODESTATE_PXELIMBO
TBDB_NODESTATE_PXEBOOTING
TBDB_NODESTATE_ALWAYSUP
TBDB_NODESTATE_MFSSETUP
TBDB_NODESTATE_TBFAILED
TBDB_NODESTATE_POWEROFF
TBDB_NODESTATE_POWEROFF
TBDB_NODESTATE_SECVIOLATION
TBDB_NODESTATE_TPMSIGNOFF
TBDB_NODEOPMODE_NORMAL
TBDB_NODEOPMODE_DELAYING
TBDB_NODEOPMODE_UNKNOWNOS
TBDB_NODEOPMODE_RELOADING
TBDB_NODEOPMODE_NORMALv1
TBDB_NODEOPMODE_MINIMAL
TBDB_NODEOPMODE_PCVM
TBDB_NODEOPMODE_RELOAD
TBDB_NODEOPMODE_RELOADMOTE
TBDB_NODEOPMODE_RELOADPCVM
TBDB_NODEOPMODE_RELOAD
TBDB_NODEOPMODE_RELOADMOTE
TBDB_NODEOPMODE_RELOADPCVM
TBDB_NODEOPMODE_SECUREBOOT
TBDB_NODEOPMODE_SECURELOAD
TBDB_NODEOPMODE_DELAY
TBDB_NODEOPMODE_BOOTWHAT
TBDB_NODEOPMODE_ANY
...
...
@@ -128,6 +131,7 @@ use vars qw(@ISA @EXPORT);
TBDB_STATS_FLAGS_MODSWAPOUT
TBDB_JAILIPBASE
TBDB_JAILIPMASK
TBDB_FRISBEEMCBASEADDR
TBDB_RSRVROLE_NODE
TBDB_RSRVROLE_VIRTHOST
TBDB_RSRVROLE_DELAYNODE
TBDB_RSRVROLE_SIMHOST
...
...
@@ -399,6 +403,9 @@ sub TBDB_NODESTATE_PXEWAKEUP() { "PXEWAKEUP"; }
sub
TBDB_NODESTATE_PXEFAILED
()
{
"PXEFAILED"
;
}
sub
TBDB_NODESTATE_PXEBOOTING
()
{
"PXEBOOTING"
;
}
sub
TBDB_NODESTATE_POWEROFF
()
{
"POWEROFF"
;
}
sub
TBDB_NODESTATE_TPMSIGNOFF
()
{
"TPMSIGNOFF"
;
}
sub
TBDB_NODESTATE_SECVIOLATION
(){
"SECVIOLATION"
;
}
sub
TBDB_NODESTATE_MFSBOOTING
()
{
"MFSBOOTING"
;
}
sub
TBDB_NODEOPMODE_ANY
{
"*"
;
}
#
A
wildcard
opmode
sub
TBDB_NODEOPMODE_NORMAL
{
"NORMAL"
;
}
...
...
@@ -410,6 +417,8 @@ sub TBDB_NODEOPMODE_MINIMAL { "MINIMAL"; }
sub
TBDB_NODEOPMODE_PCVM
{
"PCVM"
;
}
sub
TBDB_NODEOPMODE_RELOAD
{
"RELOAD"
;
}
sub
TBDB_NODEOPMODE_RELOADMOTE
{
"RELOAD-MOTE"
;
}
sub
TBDB_NODEOPMODE_SECUREBOOT
{
"SECUREBOOT"
;
}
sub
TBDB_NODEOPMODE_SECURELOAD
{
"SECURELOAD"
;
}
sub
TBDB_NODEOPMODE_RELOADPCVM
{
"RELOAD-PCVM"
;
}
sub
TBDB_NODEOPMODE_DELAY
{
"DELAY"
;
}
sub
TBDB_NODEOPMODE_BOOTWHAT
{
"_BOOTWHAT_"
;
}
#
A
redirection
opmode
...
...
@@ -495,6 +504,9 @@ sub TBDB_STATS_FLAGS_MODSWAPOUT() { 0x40; }
sub
TBDB_JAILIPBASE
()
{
"@JAILIPBASE@"
;
}
sub
TBDB_JAILIPMASK
()
{
"@JAILIPMASK@"
;
}
#
Frisbee
.
sub
TBDB_FRISBEEMCBASEADDR
()
{
"@FRISEBEEMCASTADDR@:@FRISEBEEMCASTPORT@"
;
}
#
Reserved
node
"roles"
sub
TBDB_RSRVROLE_NODE
()
{
"node"
;
}
sub
TBDB_RSRVROLE_VIRTHOST
()
{
"virthost"
;
}
...
...
db/Image.pm.in
View file @
a3d2cf4c
...
...
@@ -127,9 +127,9 @@ sub part4_osid($) { return field($_[0], "part4_osid"); }
sub
default_osid
($)
{
return
field
($
_
[
0
],
"default_osid"
);
}
sub
path
($)
{
return
field
($
_
[
0
],
"path"
);
}
sub
magic
($)
{
return
field
($
_
[
0
],
"magic"
);
}
sub
load_address
($)
{
return
field
($
_
[
0
],
"load_address"
);
}
sub
frisbee_pid
($)
{
return
field
($
_
[
0
],
"frisbee_pid"
);
}
sub
load_busy
($)
{
return
field
($
_
[
0
],
"load_busy"
);
}
#
sub
load_address
($)
{
return
field
($
_
[
0
],
"load_address"
);
}
#
sub
frisbee_pid
($)
{
return
field
($
_
[
0
],
"frisbee_pid"
);
}
#
sub
load_busy
($)
{
return
field
($
_
[
0
],
"load_busy"
);
}
sub
ezid
($)
{
return
field
($
_
[
0
],
"ezid"
);
}
sub
shared
($)
{
return
field
($
_
[
0
],
"shared"
);
}
sub
global
($)
{
return
field
($
_
[
0
],
"global"
);
}
...
...
@@ -146,7 +146,7 @@ sub ActiveImages($)
my
@
result
=
();
my
$
query_result
=
DBQueryWarn
(
"select imageid from
image
s where frisbee_pid!=0"
);
DBQueryWarn
(
"select imageid from
frisbee_blob
s where frisbee_pid!=0"
);
return
undef
if
(
!defined($query_result));
...
...
@@ -370,7 +370,8 @@ sub EditImageid($$$$)
#
(
Others
above
already
did
their
own
updates
.)
#
my
%
updates
;
foreach
my
$
col
(
"description"
,
"path"
,
"load_address"
,
"frisbee_pid"
)
{
#
foreach
my
$
col
(
"description"
,
"path"
,
"load_address"
,
"frisbee_pid"
)
{
foreach
my
$
col
(
"description"
,
"path"
)
{
#
Copy
args
we
want
so
that
others
can
't get through.
if (exists($argref->{$col})) {
$updates{$col} = $mods{$col} = $argref->{$col};
...
...
@@ -659,25 +660,6 @@ sub UnLockTables($)
return 0;
}
#
# Bump the busy indicator to keep the frisbeed going.
#
sub KeepBusy($)
{
my ($self) = @_;
# Must be a real reference.
return -1
if (! ref($self));
my $imageid = $self->imageid();
DBQueryFatal("update images set load_busy=GREATEST(load_busy,1) " .
"where imageid='
$
imageid
'");
return 0;
}
#
# Mark the update time in the record,
#
...
...
db/VirtExperiment.pm.in
View file @
a3d2cf4c
...
...
@@ -72,6 +72,7 @@ my $debug = 0;
"virt_tiptunnels"
=>
[
"host"
,
"vnode"
],
"virt_parameters"
=>
[
"name"
,
"value"
],
"virt_paths"
=>
[
"pathname"
,
"segmentname"
],
"experiment_blobs"
=>
[
"path"
,
"action"
],
);
#
...
...
@@ -1193,5 +1194,10 @@ use vars qw(@ISA);
@
ISA
=
"VirtExperiment::VirtTableRow"
;
use
VirtExperiment
;
package
VirtExperiment
::
VirtTableRow
::
experiment_blobs
;
use
vars
qw
(@
ISA
);
@
ISA
=
"VirtExperiment::VirtTableRow"
;
use
VirtExperiment
;
#
_Always_
make
sure
that
this
1
is
at
the
end
of
the
file
...
1
;
db/dbboot.in
View file @
a3d2cf4c
...
...
@@ -53,10 +53,10 @@ open(STDERR, ">> $logname") or die("opening $logname for STDERR: $!");
open
(
STDOUT
,
"
>>
$logname
")
or
die
("
opening
$logname
for STDOUT: $!
");
#
# Clear the
load_address field of the image
s table since any frisbee's
# Clear the
frisbee_blob
s table since any frisbee's
# that were running are obviously not running anymore!
#
DBQueryFat
a
l
("
update images set load_address='',frisbee_pid=0,load_busy=0
");
DBQueryFat
e
l
("
delete from frisbee_blobs
");
#
# Clear the event scheduler pids. Its okay to set them to zero since
...
...
db/libdb.pm.in
View file @
a3d2cf4c
...
...
@@ -1408,8 +1408,10 @@ sub TBNodeDiskloadOSID($)
my $mfs;
return 0
if ($node->NodeTypeAttribute("diskloadmfs_osid", \$mfs) != 0);
if ($node->NodeAttribute("diskloadmfs_osid", \$mfs) || !defined($mfs)) {
return 0
if ($node->NodeTypeAttribute("diskloadmfs_osid", \$mfs) != 0);
}
$mfs = TB_OSID_FREEBSD_MFS()
if (!defined($mfs));
...
...
db/xmlconvert.in
View file @
a3d2cf4c
...
...
@@ -122,6 +122,9 @@ my %virtual_tables =
"
virt_paths
"
=>
{
rows
=>
undef
,
tag
=>
"
path_members
",
row
=>
"
path_member
"},
"
experiment_blobs
"
=>
{
rows
=>
undef
,
tag
=>
"
blobs
",
row
=>
"
blob
"},
# This is a fake table. See below. If we add more, lets generalize.
"
external_sourcefiles
"
=>
{
rows
=>
undef
,
tag
=>
"
nsfiles
",
...
...
event/new_sched/emulab_proxy.cc
View file @
a3d2cf4c
...
...
@@ -63,7 +63,7 @@ EmulabResponse::~EmulabResponse()
}
ServerProxy
::
ServerProxy
(
xmlrpc_c
::
clientXmlTransport
Ptr
transport
,
ServerProxy
::
ServerProxy
(
xmlrpc_c
::
clientXmlTransport
*
transport
,
bool
wbxml_mode
,
const
char
*
url
)
{
...
...
event/new_sched/emulab_proxy.h
View file @
a3d2cf4c
...
...
@@ -135,7 +135,7 @@ class ServerProxy
* @param wbxml_mode Indicate whether or not wbxml should be used.
* @param url The url to use.
*/
ServerProxy
(
xmlrpc_c
::
clientXmlTransport
Ptr
transport
,
ServerProxy
(
xmlrpc_c
::
clientXmlTransport
*
transport
,
bool
wbxml_mode
=
false
,
const
char
*
url
=
""
);
...
...
@@ -176,7 +176,7 @@ class ServerProxy
private:
xmlrpc_c
::
value
call
(
xmlrpc_c
::
rpcPtr
rpc
);
xmlrpc_c
::
clientXmlTransport
Ptr
transport
;
xmlrpc_c
::
clientXmlTransport
*
transport
;
std
::
string
server_url
;
};
...
...
event/new_sched/event-sched.c
View file @
a3d2cf4c
...
...
@@ -997,7 +997,7 @@ SetExpPath(const char *path)
}
int
AddUserEnv
(
char
*
name
,
char
*
path
)
AddUserEnv
(
const
char
*
name
,
const
char
*
path
)
{
int
retval
=
0
;
FILE
*
file
;
...
...
@@ -1042,7 +1042,8 @@ AddUserEnv(char *name, char *path)
*/
int
AddAgent
(
event_handle_t
handle
,
char
*
vname
,
char
*
vnode
,
char
*
nodeid
,
char
*
ipaddr
,
char
*
type
)
const
char
*
vname
,
const
char
*
vnode
,
const
char
*
nodeid
,
const
char
*
ipaddr
,
const
char
*
type
)
{
struct
agent
*
agentp
;
...
...
@@ -1173,7 +1174,7 @@ AddAgent(event_handle_t handle,
* Add an agent group to the list.
*/
int
AddGroup
(
event_handle_t
handle
,
char
*
groupname
,
char
*
agentname
)
AddGroup
(
event_handle_t
handle
,
const
char
*
groupname
,
const
char
*
agentname
)
{
struct
agent
*
group
=
NULL
,
*
agent
;
int
retval
=
0
;
...
...
@@ -1238,8 +1239,9 @@ AddGroup(event_handle_t handle, char *groupname, char *agentname)
int
AddEvent
(
event_handle_t
handle
,
address_tuple_t
tuple
,
char
*
exidx
,
char
*
ftime
,
char
*
objname
,
char
*
exargs
,
char
*
objtype
,
char
*
evttype
,
char
*
parent
,
char
*
triggertype
)
const
char
*
exidx
,
const
char
*
ftime
,
const
char
*
objname
,
const
char
*
exargs
,
const
char
*
objtype
,
const
char
*
evttype
,
const
char
*
parent
,
const
char
*
triggertype
)
{
timeline_agent_t
ta
=
NULL
;
sched_event_t
event
;
...
...
event/new_sched/rpc.cc
View file @
a3d2cf4c
...
...
@@ -299,14 +299,15 @@ RPC_metadata(char *pid, char *eid)
int
lpc
;
for
(
lpc
=
0
;
lpc
<
userenv
.
size
();
lpc
++
)
{
char
*
name
,
*
value
;
string
name
,
value
;
map
<
string
,
xmlrpc_c
::
value
>
ue
;
ue
=
(
xmlrpc_c
::
value_struct
)
userenv
[
lpc
];
name
=
(
char
*
)((
string
)
(
xmlrpc_c
::
value_string
)
ue
[
"name"
]
).
c_str
()
;
value
=
(
char
*
)((
string
)
(
xmlrpc_c
::
value_string
)
ue
[
"value"
]
).
c_str
()
;
name
=
(
xmlrpc_c
::
value_string
)
ue
[
"name"
];
value
=
(
xmlrpc_c
::
value_string
)
ue
[
"value"
];
if
((
retval
=
AddUserEnv
(
name
,
value
))
!=
0
)
if
((
retval
=
AddUserEnv
(
name
.
c_str
(),
value
.
c_str
()))
!=
0
)
return
retval
;
}
}
...
...
@@ -585,17 +586,18 @@ RPC_agentlist(event_handle_t handle, char *pid, char *eid)
((
xmlrpc_c
::
value_array
)
er
.
getValue
()).
vectorValueValue
();
for
(
i
=
0
;
i
<
agents
.
size
();
i
++
)
{
char
*
vname
,
*
vnode
,
*
nodeid
,
*
ipaddr
,
*
type
;
string
vname
,
vnode
,
nodeid
,
ipaddr
,
type
;
vector
<
xmlrpc_c
::
value
>
agent
=
((
xmlrpc_c
::
value_array
)
agents
[
i
]).
vectorValueValue
();
vname
=
(
char
*
)((
string
)(
xmlrpc_c
::
value_string
)
agent
[
0
]).
c_str
();
vnode
=
(
char
*
)((
string
)(
xmlrpc_c
::
value_string
)
agent
[
1
]).
c_str
();
nodeid
=
(
char
*
)((
string
)(
xmlrpc_c
::
value_string
)
agent
[
2
]).
c_str
();
ipaddr
=
(
char
*
)((
string
)(
xmlrpc_c
::
value_string
)
agent
[
3
]).
c_str
();
type
=
(
char
*
)((
string
)(
xmlrpc_c
::
value_string
)
agent
[
4
]).
c_str
();
info
(
"D: adding agent %s
\n
"
,
vname
);
if
(
AddAgent
(
handle
,
vname
,
vnode
,
nodeid
,
ipaddr
,
type
)
<
0
)
{
vname
=
(
xmlrpc_c
::
value_string
)
agent
[
0
];
vnode
=
(
xmlrpc_c
::
value_string
)
agent
[
1
];
nodeid
=
(
xmlrpc_c
::
value_string
)
agent
[
2
];
ipaddr
=
(
xmlrpc_c
::
value_string
)
agent
[
3
];
type
=
(
xmlrpc_c
::
value_string
)
agent
[
4
];
info
(
"D: adding agent %s
\n
"
,
(
char
*
)
vname
.
c_str
());
if
(
AddAgent
(
handle
,
vname
.
c_str
(),
vnode
.
c_str
(),
nodeid
.
c_str
(),
ipaddr
.
c_str
(),
type
.
c_str
())
<
0
)
{
return
-
1
;
}
}
...
...
@@ -616,16 +618,19 @@ RPC_grouplist(event_handle_t handle, char *pid, char *eid)
((
xmlrpc_c
::
value_array
)
er
.
getValue
()).
vectorValueValue
();
for
(
i
=
0
;
i
<
groups
.
size
();
i
++
)
{
char
*
groupname
,
*
agentname
;
string
groupname
,
agentname
;
vector
<
xmlrpc_c
::
value
>
group
=
((
xmlrpc_c
::
value_array
)
groups
[
i
]).
vectorValueValue
();
groupname
=
(
char
*
)((
string
)(
xmlrpc_c
::
value_string
)
group
[
0
]).
c_str
();
info
(
"D:
\t
In GroupList() parsed name %s
\n
"
,
groupname
);
agentname
=
(
char
*
)((
string
)(
xmlrpc_c
::
value_string
)
group
[
1
]).
c_str
();
info
(
"D:
\t
In GroupList() parsed agent %s
\n
"
,
agentname
);
groupname
=
(
xmlrpc_c
::
value_string
)
group
[
0
];
info
(
"D:
\t
In GroupList() parsed name %s
\n
"
,
(
char
*
)
groupname
.
c_str
());
agentname
=
(
xmlrpc_c
::
value_string
)
group
[
1
];
info
(
"D:
\t
In GroupList() parsed agent %s
\n
"
,
(
char
*
)
agentname
.
c_str
());
if
(
AddGroup
(
handle
,
groupname
,
agentname
)
!=
0
)
{
if
(
AddGroup
(
handle
,
groupname
.
c_str
(),
agentname
.
c_str
())
!=
0
)
{
return
-
1
;
}
}
...
...
@@ -656,25 +661,27 @@ RPC_eventlist(char *pid, char *eid,
// info("rpc.cc:RPC_eventlist(): Interating over invoke results\n");
// XXX
for
(
i
=
0
;
i
<
events
.
size
();
i
++
)
{
char
*
exidx
,
*
extime
,
*
objname
,
*
objtype
,
*
evttype
,
*
exargs
;
char
*
parent
,
*
triggertype
;
string
exidx
,
extime
,
objname
,
objtype
,
evttype
,
exargs
;
string
parent
,
triggertype
;
vector
<
xmlrpc_c
::
value
>
event
=
((
xmlrpc_c
::
value_array
)
events
[
i
]).
vectorValueValue
();
exidx
=
(
char
*
)((
string
)
(
xmlrpc_c
::
value_string
)
event
[
0
]
).
c_str
()
;
extime
=
(
char
*
)((
string
)
(
xmlrpc_c
::
value_string
)
event
[
1
]
).
c_str
()
;
objname
=
(
char
*
)((
string
)
(
xmlrpc_c
::
value_string
)
event
[
2
]
).
c_str
()
;
objtype
=
(
char
*
)((
string
)
(
xmlrpc_c
::
value_string
)
event
[
3
]
).
c_str
()
;
evttype
=
(
char
*
)((
string
)
(
xmlrpc_c
::
value_string
)
event
[
4
]
).
c_str
()
;
exargs
=
(
char
*
)((
string
)
(
xmlrpc_c
::
value_string
)
event
[
5
]
).
c_str
()
;
parent
=
(
char
*
)((
string
)
(
xmlrpc_c
::
value_string
)
event
[
6
]
).
c_str
()
;
triggertype
=
(
char
*
)((
string
)
(
xmlrpc_c
::
value_string
)
event
[
7
]
).
c_str
()
;
exidx
=
(
xmlrpc_c
::
value_string
)
event
[
0
];
extime
=
(
xmlrpc_c
::
value_string
)
event
[
1
];
objname
=
(
xmlrpc_c
::
value_string
)
event
[
2
];
objtype
=
(
xmlrpc_c
::
value_string
)
event
[
3
];
evttype
=
(
xmlrpc_c
::
value_string
)
event
[
4
];
exargs
=
(
xmlrpc_c
::
value_string
)
event
[
5
];
parent
=
(
xmlrpc_c
::
value_string
)
event
[
6
];
triggertype
=
(
xmlrpc_c
::
value_string
)
event
[
7
];
// XXX
// info("rpc.cc:RPC_eventlist(): Adding an event\n");
// XXX
if
(
AddEvent
(
handle
,
tuple
,
exidx
,
extime
,
objname
,
exargs
,
objtype
,
evttype
,
parent
,
triggertype
)
<
0
)
{
if
(
AddEvent
(
handle
,
tuple
,
exidx
.
c_str
(),
extime
.
c_str
(),
objname
.
c_str
(),
exargs
.
c_str
(),
objtype
.
c_str
(),
evttype
.
c_str
(),
parent
.
c_str
(),
triggertype
.
c_str
())
<
0
)
{
return
-
1
;
}
}
...
...
event/new_sched/rpc.h
View file @
a3d2cf4c
...
...
@@ -67,17 +67,19 @@ int RPC_eventlist(char *pid, char *eid,
event_handle_t
handle
,
address_tuple_t
tuple
);
extern
int
SetExpPath
(
const
char
*
path
);
extern
int
AddUserEnv
(
char
*
name
,
char
*
value
);
extern
int
AddUserEnv
(
const
char
*
name
,
const
char
*
value
);
extern
int
AddAgent
(
event_handle_t
handle
,
char
*
vname
,
char
*
vnode
,
char
*
nodeid
,
char
*
ipaddr
,
char
*
type
);
const
char
*
vname
,
const
char
*
vnode
,
const
char
*
nodeid
,
const
char
*
ipaddr
,
const
char
*
type
);
extern
int
AddGroup
(
event_handle_t
handle
,
char
*
groupname
,
char
*
agentname
);
extern
int
AddGroup
(
event_handle_t
handle
,
const
char
*
groupname
,
const
char
*
agentname
);
extern
int
AddEvent
(
event_handle_t
handle
,
address_tuple_t
tuple
,
char
*
exidx
,
char
*
ftime
,
char
*
objname
,
char
*
exargs
,
char
*
objtype
,
char
*
evttype
,
char
*
parent
,
char
*
triggertype
);
const
char
*
exidx
,
const
char
*
ftime
,
const
char
*
objname
,
const
char
*
exargs
,
const
char
*
objtype
,
const
char
*
evttype
,
const
char
*
parent
,
const
char
*
triggertype
);
extern
int
AddRobot
(
event_handle_t
handle
,
struct
agent
*
agent
,
...
...
event/stated/SECURELOAD-magic.txt
0 → 100644
View file @
a3d2cf4c
Some notes about the TPM-enforced boot path (SECURELOAD state machine).
The current implementation requires that we boot from a flash device
BEFORE we network boot (see the paper for details). Unfortunately,
there is a lot of magic associated with the PXEBOOTING state, which is
assumed to always be the first state we will see when a node boots.
However, in the secure boot path the first thing we see is a secure
transition to the GPXEBOOTING state, so magic had to be added for that!
In particular:
* When stated gets a transition to GPXEBOOTING, it forces the node into
the SECURELOAD op_mode. This is a new trigger called SECURELOAD and
a new trigger table entry:
insert into state_triggers values \
('*','*','GPXEBOOTING','SECURELOAD');
* Later, when we do get a PXEBOOTING state, we DON'T push the machine
into the PXEBOOT op_mode. We do this with an override trigger:
insert into state_triggers values \
('*','SECURELOAD','PXEBOOTING','SECURELOAD');
This is supposed to override the more general any ('*') op_mode trigger
for the PXEBOOTING state and will just make sure we state in SECURELOAD.
Updates on 9/7/10:
We need two secure state machines, one for loading and one for booting.
The latter will be used for all boots on machines which have gPXE dongles,
regardless of what they are booting. So we need to amend the above to
account for:
* some nodes will always see GPXEBOOTING first
* nodes which have just undergone the secure load will then reboot into
the secure boot path
* if a node was in the SECURELOAD op_mode but didn't finish, it cannot
be allowed to SECUREBOOT (which shouldn't happen, it should wind up in
SECVIOLATION).
I think what we needs is a SECUREBOOT op_mode which is entered whenever
a node transitions to GPXEBOOTING. This is allowed from any op_mode/state
except from */SECVIOLATION.
SECURELOAD consists of:
!SECVIOLATION -- "quote ok" --> GPXEBOOTING
GPXEBOOTING -- "DHCP" --> PXEBOOTING
PXEBOOTING -- "bootinfo" --> BOOTING
BOOTING -- "quote ok" --> RELOADSETUP
RELOADSETUP -- "reload ready" --> RELOADING
RELOADING -- "image ok" --> RELOADDONE
RELOADDONE -- "quote ok" --> TPMSIGNOFF
SECUREBOOT consists of:
!SECVIOLATION -- "quote ok" --> GPXEBOOTING
GPXEBOOTING -- "DHCP" --> PXEBOOTING
PXEBOOTING -- "bootinfo" --> BOOTING
BOOTING -- "quote ok" --> TPMSIGNOFF
How do we differentiate the two op_modes when they arrive at GPXEBOOTING?
Well, os_load should have set the next_op_mode to SECURELOAD (assuming the
MFS is listed with that as its op_mode), so we check that in the SECUREBOOT
trigger used by a transition to GPXEBOOTING.
For a regular "untrusted" node boot through gPXE, we will arrive at
GPXEBOOTING from some arbitrary state, get forced into SECUREBOOT and
go through the steps. We neuter the actions that PXEBOOTING and BOOTING
normally take. As part of the TPMSIGNOFF, we perform those actions,
which include putting the node into PXEKERNEL op_mode (PXEBOOT action) and
then setting the nodes.op_mode as appropriate for the next boot (BOOTING
action).
For a secure load, we again arrive at GPXEBOOTING from any state, get
forced into SECURELOAD, and work through the state machine. Again we
perform none of the normal triggers along the way: PXEBOOTING, BOOTING,
RELOADDONE. SIGNOFF, does the RELOADDONE triggers (RESET, RELOADDONEV2)
which leave the node in SECURELOAD/TPMSIGNOFF. Now we have a problem
because next_op_mode is still set to SECURELOAD which will tell the
SECUREBOOT trigger to keep us in the SECURELOAD op_mode. Hmm...I think
next_op_mode will get set by the os_select in RESET.
How do we do this? If we associate the SECUREBOOT trigger with
SECURELOAD/TPMSIGNOFF, then as soon as we get the TPMSIGNOFF event
(from the MFS?) it will get to step #5 below where it will trigger
RESET (clear the one-time boot info), RELOADDONEV2 (send apod), and
then SECUREBOOT. The last should:
* set DB next_op_mode to SECUREBOOT?
* directly change op_mode?
to get the opmode from SECURELOAD/TPMSIGNOFF to SECUREBOOT/SHUTDOWN.
What happens if a node in a secure reload reboots in the middle?
stated will see a transition from SECURELOAD/!TPMSIGNOFF -> GPXEBOOTING
which is okay; since the op_mode is still SECURELOAD we will just restart.
For nodes that have a gPXE dongle, should we allow them to boot via the
"standard" boot path or require that they always boot via the dongle?
If the latter, we would have to be a bit more rigerous about making sure
they boot through GPXEBOOTING.
Notes on state transitions:
If a node state transition is reported, stated:
1. Check for invalid state transitions, reporting them if so
NEW: if mode==SECURELOAD, set state to SECVIOLATION
2. Update nodes.eventstate in DB
3. Check to see if there is a TBCOMMAND "timeout" for this node.
If so and command is REBOOT, see if we have rebooted and report if so.
NOTE: this step appears to just report and not ever do anything else.
4. Queue any per-node timeout associated with the current mode and new state
(from state_timeouts). This removes old timeouts for the node queued by
the previous state.
5. Check for per-node triggers associated with the current mode and new state
(from state_triggers) and execute them. Several of these triggers can
force op_mode transitions: PXEBOOT (to PXEBOOT), SECURELOAD (to
SECURELOAD), BOOTING (to DB bootopmode if in PXEKERNEL op_mode, to DB
nodes.next_op_mode if curstate==ISUP).
6. Check if current mode and new state should trigger an op_mode transition
(allowed transitions from mode_transitions). The actual next op_mode
comes from nodes.next_op_mode which is cleared afterward.
Notes on triggers:
"PXEBOOT":
* Transitions node into PXEKERNEL op_mode
"BOOTING":
Queries DB to find what opmode/osid to boot next, order is: next, temp, def.
Updates DB nodes table with osid. Update op_mode of node:
* if current mode is PXEKERNEL, transition into new mode
* else if came from ISUP state, transition into mode nodes.next_op_mode (?)
* else if next mode is RELOAD, update DB and stated state to make current
mode be RELOAD (does not do an opModeTransition like the others)
"RESET":
Marks end of successful boot. Resets internal stated flags, calls osselect
to clear DB one-time (next) boot info.
"RELOADDONE","RELOADDONEV2":
Marks end of reload and reboots machine (V2 only). Clears DB reload state
and sends an apod (V2 only).
"CHECKGENISUP":
Sends ISUP if node cannot.
* if nodes.osfeatures includes "isup", do nothing
* else if includes "ping", fire off "eventping" to send ISUP when node pings
* else generate an ISUP event for the node
"ISUP":
Always generates an ISUP event, regardless of osfeatures
(used by the ALWAYSUP op_mode).
"CHECKPORTREG":
Ensures that certain DB port_registration entries exist (backward compat
for older images). Right now: if emulab_syncd port is not registered,
insert an entry with the default port.