1. 10 Jan, 2014 1 commit
  2. 08 Jan, 2014 1 commit
  3. 18 Dec, 2013 1 commit
  4. 16 Dec, 2013 1 commit
  5. 11 Dec, 2013 1 commit
    • Mike Hibler's avatar
      Pass PERSIST=1 when the blockstore is persistent. · 8ac5ad30
      Mike Hibler authored
      This is a bit hacky as noted in the comment:
                     * XXX we only put out the PERSIST flag if it is set.
                     * Since the client-side is stupid-picky about unknown
                     * attributes, this will cause an older client to fail
                     * when the attribute is passed. Believe it or not,
                     * that is a good thing! This will cause an older
                     * client to fail if presented with a persistent
                     * blockstore. If it did not fail, the client would
                     * proceed to unconditionally create a filesystem on
                     * the blockstore, wiping out what was previously
                     * there.
  6. 22 Nov, 2013 1 commit
  7. 07 Nov, 2013 1 commit
  8. 09 Sep, 2013 3 commits
  9. 28 Aug, 2013 1 commit
  10. 27 Aug, 2013 1 commit
    • Leigh B Stoller's avatar
      Another Kludge for returning mounts to VMs. What a pain. Here · f1249179
      Leigh B Stoller authored
      are the details, so they are recorded someplace.
      The Racks do not have a real 172 router for the "jail" network.
      This is a mild pain, and one possibility would be to make the
      router be the physical node, so that each set of VMs is using its own
      router thus spreading the load.
      Well, that does not work because we use bridge mode on the physical
      host, and so the packets leave the node before they have a chance to
      go through the routing code. Yes, iptables does have something called
      a brouter via etables, but I could not make that work after a lot of
      trying and tearing my hair out
      So the next not so best thing is to make the control node be the
      router by sticking an alias on xenbr0 for Fine, that works
      although performance could suffer.
      But what about NFS traffic to ops? It would be really silly to send
      that through the routing code on the control node, just to end up
      bridging into into the ops VM. So figured I would optimize that by
      changing domounts to return mounts that reference ops address on the
      jail network. And in fact this worked fine, but only for shared
      But it failed for exclusive VMs! In this case, we add a SNAT rule on
      the physical host that changes the source IP to be that of the
      physical host so that users cannot spoof a VM on a shared node and
      mount an NFS filesystem they should not have access to. In fact, it
      failed for UDP mounts but not for TCP mounts. When I looked at the
      traffic with tcpdump, it appeared that return TCP traffic from ops was
      using its jail IP, but return UDP traffic was using the public IP.
      This confuses SNAT and so the packets never get back into the VM.
      So, this change basically looks at the sharing mode of the node, and
      if its shared we use the jailip in the mounts, and if it is exclusive
      we use the public IP (and thus, that traffic gets routed through the
      control node). This sucks, but I am worn down on this.
  11. 16 Aug, 2013 1 commit
  12. 15 Aug, 2013 1 commit
    • Gary Wong's avatar
      Add tmcd support for the proposed "geni-get" GENI client side. · f1120a88
      Gary Wong authored
      This allows nodes in GENI slices to retrieve information about their
      sliver and slice via tmcc (or equivalent client-side support).  The
      set of queries available and their names were agreed upon in GEC 17
      sessions and subsequent discussions.
  13. 13 Aug, 2013 1 commit
  14. 22 Jul, 2013 1 commit
  15. 01 Jul, 2013 1 commit
  16. 27 Jun, 2013 1 commit
  17. 17 Jun, 2013 1 commit
  18. 13 Jun, 2013 2 commits
  19. 04 Jun, 2013 1 commit
    • Leigh B Stoller's avatar
      No longer return tunnel info to containers; just plain interfaces. · bd2964e2
      Leigh B Stoller authored
      Neither OpenVZ or XEN containers can do anything with the tunnel info,
      since tunnels are created in the root context and all the container
      sees is an interface. We have a hack in the client side for openvz,
      but rather then try to duplicate that hack for every XEN guest, lets
      do this the right way, and return plain ifconfig lines from tmcd and
      config them like any other interface. Since we rely on MAC addresses
      to do this, we now return MACs to the root context when it gets the
      tunnel info.
      To do this we need to know the difference between the root context
      asking for info *about* the container, and the container asking for
      its *own* info. Since both XEN and OpenVZ containers are redirected
      through the tmcc proxy, I changed the protocol so tmcd can tell who is
      asking. This is imperfect, since we might someday want the container
      to bypass the proxy, but for now it will do.
      The other consideration is that a XEN container might have requested a
      public IP, in which case it could actually do all of the tunnel stuff
      itself, but then again we have to worry about all of the guests being
      able to do tunnels, and so the easiest thing to do is just always do
      it in the root context for the container.
  20. 28 May, 2013 1 commit
    • Leigh B Stoller's avatar
      Woeful genirack hack; return mounts on the 172 network to avoid going · ce3d8572
      Leigh B Stoller authored
      through the 172 phony router we have setup on the control node. This
      is silly to do for local traffic, but getting XEN guests to not do it,
      turned into a pit that I didn't want to enter. We want this so that
      arplockdown works properly; the mac address is really the client not a
      router. Revisit later.
  21. 22 May, 2013 2 commits
  22. 15 May, 2013 1 commit
  23. 14 May, 2013 1 commit
    • Leigh B Stoller's avatar
      Add new script to do arp lockdown on boss. · f5cc889a
      Leigh B Stoller authored
      The other version is only for the client side (subboss,ops), but does
      not work on real boss. Also hooked into tbswap so that the arps are
      updated during swapin/swapout. Also change tmcd to return arp
      directives for all containers, not just on shared nodes.
  24. 10 May, 2013 1 commit
  25. 02 May, 2013 1 commit
  26. 01 May, 2013 1 commit
  27. 30 Apr, 2013 3 commits
    • Kirk Webb's avatar
      Add complete local node storage support from parser down to tcmd. · dab52801
      Kirk Webb authored
      Doing this required adding columns to the virt and physical blockstores
      tables to mark the attributes that will be considered for mapping.
      Unmarked entries just flow through to the client-side.
      This commit also introduces filesystem support in the form of passing
      through a mount point to the client-side.  It is left to the client to
      decide what filesystem and fs options to use to setup the space, including
      any logical volume aggregation required to support the request.
    • Mike Hibler's avatar
      Avoid redundent output in hwinfo command. · d468c60f
      Mike Hibler authored
    • Mike Hibler's avatar
      Implement the "hwinfo" call. · 636e6436
      Mike Hibler authored
      This call returns info about the HW on the node (duh!) for the benefit
      of the upcoming "nodetest". It returns whatever info about the CPU, memory,
      disks and network interfaces is in the DB. The info comes from a variety of
        node_attributes, node_type_attributes, blockstores, blockstore_attributes,
        blockstore_type_attributes, and interfaces
      at last count.
      We will need to add some new node_type_attributes for cpu/memory.
      Even though some of the info exists already (e.g., "memory", "frequency"),
      I chose to use uniformly prefixed attributes (hw_cpu_*, hw_mem_*) to
      make my tmcd-life easier.
  28. 09 Apr, 2013 1 commit
  29. 29 Mar, 2013 1 commit
  30. 22 Mar, 2013 1 commit
  31. 04 Mar, 2013 1 commit
  32. 28 Feb, 2013 2 commits
    • Mike Hibler's avatar
      More jailconfig fixes. · d274ae74
      Mike Hibler authored
      Move client_writeback inside conditional where it belongs (else we double
      output the first part), make sure jailip is always initialized.
    • Mike Hibler's avatar
      Doh! For jailconfig we could deref a null pointer. · f3533fca
      Mike Hibler authored
      Apparently we don't always set interfaces.mask in the DB for the cnet
      interface. So the mysql query returns NULL, which we would happily strcpy!
      Now we use CONTROL_NETMASK if the queried value is null.
  33. 27 Feb, 2013 1 commit