Commit f5cc889a authored by Leigh B Stoller's avatar Leigh B Stoller

Add new script to do arp lockdown on boss.

The other version is only for the client side (subboss,ops), but does
not work on real boss. Also hooked into tbswap so that the arps are
updated during swapin/swapout. Also change tmcd to return arp
directives for all containers, not just on shared nodes.
parent 5a2e0415
#
# Copyright (c) 2000-2012 University of Utah and the Flux Group.
# Copyright (c) 2000-2013 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -63,7 +63,8 @@ SBIN_STUFF = resetvlans console_setup.proxy sched_reload named_setup \
elabinelab snmpit.proxy panic node_attributes \
nfstrace plabinelab smbpasswd_setup smbpasswd_setup.proxy \
rmproj snmpit.proxynew snmpit.proxyv2 pool_daemon \
checknodes_daemon snmpit.proxyv3 image_setup tcpp
checknodes_daemon snmpit.proxyv3 image_setup tcpp \
arplockdown
ifeq ($(ISMAINSITE),1)
SBIN_STUFF += repos_daemon
......@@ -120,7 +121,7 @@ SETUID_BIN_SCRIPTS = node_reboot eventsys_control tarfiles_setup savelogs \
SETUID_SBIN_SCRIPTS = mkproj rmgroup mkgroup frisbeehelper \
rmuser idleswap named_setup exports_setup \
sfskey_update setgroups newnode_reboot vnode_setup \
elabinelab nfstrace rmproj
elabinelab nfstrace rmproj arplockdown
SETUID_LIBX_SCRIPTS = console_setup spewrpmtar_verify
SETUID_SUEXEC_SCRIPTS= spewlogfile
......
This diff is collapsed.
#!/usr/bin/perl -w
#
# Copyright (c) 2000-2012 University of Utah and the Flux Group.
# Copyright (c) 2000-2013 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -916,6 +916,16 @@ sub doSwapout($) {
}
TBDebugTimeStamp("exports finished");
print "Resetting locked down arp entries\n";
TBDebugTimeStamp("arplockdown started");
if (system("arplockdown -v -d")) {
tberror({type => 'secondary', severity => SEV_SECONDARY,
error => ['arplockdown_setup_failed']},
"Failed to reset locked down arp entries");
return 1;
}
TBDebugTimeStamp("arplockdown finished");
#
# Ditto these two.
#
......@@ -1326,6 +1336,16 @@ sub doSwapin($) {
# os_setup. (Actually, these probably can too, since they should finish
# long before the nodes reboot, but better safe than sorry)
#
print "Locking down arp entries\n";
TBDebugTimeStamp("arplockdown started");
if (system("arplockdown -v -d")) {
tberror({type => 'secondary', severity => SEV_SECONDARY,
error => ['arplockdown_setup_failed']},
"Failed to lockdown arp entries");
return 1;
}
TBDebugTimeStamp("arplockdown finished");
print "Setting up mountpoints.\n";
TBDebugTimeStamp("mountpoints started");
if (system("exports_setup")) {
......
......@@ -10355,8 +10355,7 @@ COMMAND_PROTOTYPE(doarpinfo)
"where n.node_id=i.node_id and i.role='ctrl' "
" and i.mac not like '000000%%' "
" and (n.role='testnode' or "
" (n.role='virtnode' and "
" sharing_mode is null)) ", 4);
" n.role='virtnode') ", 4);
if (!res) {
error("doarpinfo: %s: DB Error getting"
"control interface info\n", reqp->nodeid);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment