1. 28 Aug, 2013 5 commits
  2. 27 Aug, 2013 3 commits
    • Jonathon Duerig's avatar
    • Leigh B Stoller's avatar
    • Leigh B Stoller's avatar
      Another Kludge for returning mounts to VMs. What a pain. Here · f1249179
      Leigh B Stoller authored
      are the details, so they are recorded someplace.
      The Racks do not have a real 172 router for the "jail" network.
      This is a mild pain, and one possibility would be to make the
      router be the physical node, so that each set of VMs is using its own
      router thus spreading the load.
      Well, that does not work because we use bridge mode on the physical
      host, and so the packets leave the node before they have a chance to
      go through the routing code. Yes, iptables does have something called
      a brouter via etables, but I could not make that work after a lot of
      trying and tearing my hair out
      So the next not so best thing is to make the control node be the
      router by sticking an alias on xenbr0 for Fine, that works
      although performance could suffer.
      But what about NFS traffic to ops? It would be really silly to send
      that through the routing code on the control node, just to end up
      bridging into into the ops VM. So figured I would optimize that by
      changing domounts to return mounts that reference ops address on the
      jail network. And in fact this worked fine, but only for shared
      But it failed for exclusive VMs! In this case, we add a SNAT rule on
      the physical host that changes the source IP to be that of the
      physical host so that users cannot spoof a VM on a shared node and
      mount an NFS filesystem they should not have access to. In fact, it
      failed for UDP mounts but not for TCP mounts. When I looked at the
      traffic with tcpdump, it appeared that return TCP traffic from ops was
      using its jail IP, but return UDP traffic was using the public IP.
      This confuses SNAT and so the packets never get back into the VM.
      So, this change basically looks at the sharing mode of the node, and
      if its shared we use the jailip in the mounts, and if it is exclusive
      we use the public IP (and thus, that traffic gets routed through the
      control node). This sucks, but I am worn down on this.
  3. 26 Aug, 2013 5 commits
  4. 23 Aug, 2013 2 commits
  5. 22 Aug, 2013 11 commits
  6. 20 Aug, 2013 1 commit
  7. 19 Aug, 2013 3 commits
  8. 16 Aug, 2013 3 commits
  9. 15 Aug, 2013 7 commits
    • Mike Hibler's avatar
    • Mike Hibler's avatar
      Change the semantics of "reset". · c30b122e
      Mike Hibler authored
      "reset" now just unmounts blockstores, it does not destroy them.
      Need this so that people can include a SYSVOL blockstore in a custom image
      (the only place where "reset" is used). Also, destroying blockstores would
      have come as an unpleasant surprise to anyone who created a custom image
      and then expected their data to still be around afterward!
      Also work around a bizzare bug in BSD sed that happens in the prepare script.
      That script does:
           sed -e '/# next line is swap device/,+1d' /etc/fstab
      which should remove the matched comment and the line after it (the swapdev
      entry). But if there are EXACTLY two additional lines after the matched line,
      it would remove both of them (effectively "+2")! So if there was a mount for
      a blockstore device after the swap device, prepare would remove that line too.
      So in the finest tradition of "if it hurts, don't do it", the blockstore code
      makes sure that it adds at least two additional lines.
    • Mike Hibler's avatar
      Fixed check vs. max offset, it was wrong. · f730b322
      Mike Hibler authored
      If number was positive, was converting to "(N)" for some reason.
      Parens don't compare well with integers...
      Also don't need "bc" just to compute abs(), just use "tr" to remove '-'.
      Also adjust the max offset a smidge to 5ms, 1ms is a bit tight.
    • Gary Wong's avatar
      Add tmcd support for the proposed "geni-get" GENI client side. · f1120a88
      Gary Wong authored
      This allows nodes in GENI slices to retrieve information about their
      sliver and slice via tmcc (or equivalent client-side support).  The
      set of queries available and their names were agreed upon in GEC 17
      sessions and subsequent discussions.
    • Leigh B Stoller's avatar
    • Leigh B Stoller's avatar
    • Leigh B Stoller's avatar
      Update last_report in the node_activity table, at the same time · fafb25b8
      Leigh B Stoller authored
      we update last_ext_act, since this is how idle determines staleness.
      Not sure this is the best approach though.