arplock-opsfs.sh.in 2.75 KB
Newer Older
1 2 3 4 5 6 7 8
#!/bin/sh

# PROVIDE: arplock
# REQUIRE: mountd
# BEFORE: DAEMON
# KEYWORD: shutdown

#
9
# Copyright (c) 2012-2014 University of Utah and the Flux Group.
10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
# 
# {{{EMULAB-LICENSE
# 
# This file is part of the Emulab network testbed software.
# 
# This file is free software: you can redistribute it and/or modify it
# under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at
# your option) any later version.
# 
# This file is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public
# License for more details.
# 
# You should have received a copy of the GNU Affero General Public License
# along with this file.  If not, see <http://www.gnu.org/licenses/>.
# 
# }}}
#

. /etc/emulab/paths.sh

33 34 35 36 37 38
#
# XXX allow a timeout on tmcc calls. Without timeout, ops/fs boot will hang
# if Emulab services (i.e., tmcd) are not running on boss.
# Set to zero for no timeout.
timo=5

39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72
if [ ! -x $BINDIR/fixarpinfo ]; then
    echo "*** fixarpinfo script missing, ARP lockdown not done"
    exit 0
fi

#
# XXX create some missing state if we are the fs or ops node
#
if [ ! -r $BOOTDIR/controlif -a -x $BINDIR/findif ]; then
    iface=`$BINDIR/findif -i @FSNODE_IP@`
    if [ -n "$iface" ]; then
	echo $iface > $BOOTDIR/controlif
	echo @FSNODE_IP@ > $BOOTDIR/myip
    else
	iface=`$BINDIR/findif -i @USERNODE_IP@`
	if [ -n "$iface" ]; then
	    echo $iface > $BOOTDIR/controlif
	    echo @USERNODE_IP@ > $BOOTDIR/myip
	fi
    fi
fi

#
# OPS/FS version of the ARP lockdown script. We would like to run this early,
# but there is a race with boss. fixarpinfo uses tmcc to get the info.
# But boss does not start tmcd until after it has mounted the filesystems
# from ops and fs...deadlock!
#
# So we start this after we export filesystems. Yes, someone could spoof
# boss before we make this call, but we will detect this in fixarpinfo
# since it makes an SSL-enabled call to get arpinfo and that call will
# fail and so will we.
#
case "$1" in
73
start|faststart|quietstart|onestart|forcestart)
74
	echo "Setting up static ARP entries."
75
	$BINDIR/fixarpinfo -sv -t $timo >$LOGDIR/fixarpinfo.log 2>&1
76
	;;
77
restart|fastrestart|quietrestart|onerestart|forcerestart)
78
	echo "Updating static ARP entries."
79
	$BINDIR/fixarpinfo -uv -t $timo >$LOGDIR/fixarpinfo.log 2>&1
80
	;;
81
stop|faststop|quietstop|onestop|forcestop)
82
	echo "Removing static ARP entries."
83
	$BINDIR/fixarpinfo -cv -t $timo >$LOGDIR/fixarpinfo.log 2>&1
84 85 86 87 88 89
	;;
*)
	echo "Usage: `basename $0` {start|stop|restart}" >&2
	false
	;;
esac
90
stat=$?
91

92 93 94 95
if [ $timo -gt 0 -a $stat -eq 255 ]; then
    echo "WARNING: arpinfo call timed out; ARP not locked down!"
fi
exit $stat