Commit 2fca6883 authored by Mike Hibler's avatar Mike Hibler

Optionally limit frisbee download and upload to a range of ports.

Primarily, so we can let frisbee upload to boss work through our firewall
without opening a gaping hole.

YOU MUST RECONFIGURE YOUR TREE before installing.
parent fc148f14
......@@ -48,6 +48,7 @@
#undef NFSRACY
#undef FRISEBEEMCASTADDR
#undef FRISEBEEMCASTPORT
#undef FRISEBEENUMPORTS
#undef HAVE_SRANDOMDEV
......
......@@ -1503,6 +1503,7 @@ done
#
......@@ -1577,6 +1578,7 @@ BOSSEVENTPORT=16505
UNIFIED_BOSS_AND_OPS=0
FRISEBEEMCASTADDR="234.5.6"
FRISEBEEMCASTPORT=3564
FRISEBEENUMPORTS=0
MIN_UNIX_UID=10000
MIN_UNIX_GID=6000
DELAYTHRESH=2
......@@ -1796,6 +1798,10 @@ cat >> confdefs.h <<EOF
#define FRISEBEEMCASTPORT "$FRISEBEEMCASTPORT"
EOF
cat >> confdefs.h <<EOF
#define FRISEBEENUMPORTS "$FRISEBEENUMPORTS"
EOF
if test $OPSDBSUPPORT -eq 1; then
cat >> confdefs.h <<EOF
......@@ -2234,17 +2240,17 @@ for ac_hdr in ulxmlrpcpp/ulxr_config.h
do
ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
echo "configure:2238: checking for $ac_hdr" >&5
echo "configure:2244: checking for $ac_hdr" >&5
if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
#line 2243 "configure"
#line 2249 "configure"
#include "confdefs.h"
#include <$ac_hdr>
EOF
ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
{ (eval echo configure:2248: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
{ (eval echo configure:2254: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
if test -z "$ac_err"; then
rm -rf conftest*
......@@ -2283,17 +2289,17 @@ for ac_hdr in linux/videodev.h
do
ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'`
echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
echo "configure:2287: checking for $ac_hdr" >&5
echo "configure:2293: checking for $ac_hdr" >&5
if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
#line 2292 "configure"
#line 2298 "configure"
#include "confdefs.h"
#include <$ac_hdr>
EOF
ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
{ (eval echo configure:2297: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
{ (eval echo configure:2303: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
if test -z "$ac_err"; then
rm -rf conftest*
......@@ -2326,7 +2332,7 @@ done
# Extract the first word of "gtk-config", so it can be a program name with args.
set dummy gtk-config; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
echo "configure:2330: checking for $ac_word" >&5
echo "configure:2336: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_prog_GTK_CONFIG'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
......@@ -2383,7 +2389,7 @@ ac_link='${CXX-g++} -o conftest${ac_exeext} $CXXFLAGS $CPPFLAGS $LDFLAGS conftes
cross_compiling=$ac_cv_prog_cxx_cross
echo $ac_n "checking how to run the C++ preprocessor""... $ac_c" 1>&6
echo "configure:2387: checking how to run the C++ preprocessor" >&5
echo "configure:2393: checking how to run the C++ preprocessor" >&5
if test -z "$CXXCPP"; then
if eval "test \"`echo '$''{'ac_cv_prog_CXXCPP'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
......@@ -2396,12 +2402,12 @@ ac_link='${CXX-g++} -o conftest${ac_exeext} $CXXFLAGS $CPPFLAGS $LDFLAGS conftes
cross_compiling=$ac_cv_prog_cxx_cross
CXXCPP="${CXX-g++} -E"
cat > conftest.$ac_ext <<EOF
#line 2400 "configure"
#line 2406 "configure"
#include "confdefs.h"
#include <stdlib.h>
EOF
ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
{ (eval echo configure:2405: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
{ (eval echo configure:2411: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
if test -z "$ac_err"; then
:
......@@ -2427,17 +2433,17 @@ echo "$ac_t""$CXXCPP" 1>&6
ac_safe=`echo "xercesc/dom/DOM.hpp" | sed 'y%./+-%__p_%'`
echo $ac_n "checking for xercesc/dom/DOM.hpp""... $ac_c" 1>&6
echo "configure:2431: checking for xercesc/dom/DOM.hpp" >&5
echo "configure:2437: checking for xercesc/dom/DOM.hpp" >&5
if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
cat > conftest.$ac_ext <<EOF
#line 2436 "configure"
#line 2442 "configure"
#include "confdefs.h"
#include <xercesc/dom/DOM.hpp>
EOF
ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out"
{ (eval echo configure:2441: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
{ (eval echo configure:2447: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }
ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"`
if test -z "$ac_err"; then
rm -rf conftest*
......@@ -2501,7 +2507,7 @@ fi
# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff"
# ./install, which can be erroneously created by make from ./install.sh.
echo $ac_n "checking for a BSD compatible install""... $ac_c" 1>&6
echo "configure:2505: checking for a BSD compatible install" >&5
echo "configure:2511: checking for a BSD compatible install" >&5
if test -z "$INSTALL"; then
if eval "test \"`echo '$''{'ac_cv_path_install'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
......@@ -2562,7 +2568,7 @@ esac
# Extract the first word of "rsync", so it can be a program name with args.
set dummy rsync; ac_word=$2
echo $ac_n "checking for $ac_word""... $ac_c" 1>&6
echo "configure:2566: checking for $ac_word" >&5
echo "configure:2572: checking for $ac_word" >&5
if eval "test \"`echo '$''{'ac_cv_path_RSYNC'+set}'`\" = set"; then
echo $ac_n "(cached) $ac_c" 1>&6
else
......@@ -3111,6 +3117,7 @@ s%@SSLCERT_LOCALITY@%$SSLCERT_LOCALITY%g
s%@SSLCERT_ORGNAME@%$SSLCERT_ORGNAME%g
s%@FRISEBEEMCASTADDR@%$FRISEBEEMCASTADDR%g
s%@FRISEBEEMCASTPORT@%$FRISEBEEMCASTPORT%g
s%@FRISEBEENUMPORTS@%$FRISEBEENUMPORTS%g
s%@WINSUPPORT@%$WINSUPPORT%g
s%@NSVERIFY@%$NSVERIFY%g
s%@CVSSUPPORT@%$CVSSUPPORT%g
......
......@@ -195,6 +195,7 @@ AC_SUBST(SSLCERT_LOCALITY)
AC_SUBST(SSLCERT_ORGNAME)
AC_SUBST(FRISEBEEMCASTADDR)
AC_SUBST(FRISEBEEMCASTPORT)
AC_SUBST(FRISEBEENUMPORTS)
AC_SUBST(WINSUPPORT)
AC_SUBST(NSVERIFY)
AC_SUBST(CVSSUPPORT)
......@@ -296,6 +297,7 @@ BOSSEVENTPORT=16505
UNIFIED_BOSS_AND_OPS=0
FRISEBEEMCASTADDR="234.5.6"
FRISEBEEMCASTPORT=3564
FRISEBEENUMPORTS=0
MIN_UNIX_UID=10000
MIN_UNIX_GID=6000
DELAYTHRESH=2
......@@ -412,6 +414,7 @@ fi
AC_DEFINE_UNQUOTED(BOSSEVENTPORT, "$BOSSEVENTPORT")
AC_DEFINE_UNQUOTED(FRISEBEEMCASTADDR, "$FRISEBEEMCASTADDR")
AC_DEFINE_UNQUOTED(FRISEBEEMCASTPORT, "$FRISEBEEMCASTPORT")
AC_DEFINE_UNQUOTED(FRISEBEENUMPORTS, "$FRISEBEENUMPORTS")
if test $OPSDBSUPPORT -eq 1; then
AC_DEFINE_UNQUOTED(OPSDBSUPPORT, 1)
......
......@@ -50,6 +50,14 @@ NOSHAREDFS=0
# If you don't know what this means, leave it at one, it won't hurt
NFSRACY=1
#
# Define a port range for frisbee use. You may want to do this if you
# have a firewall between boss and the nodes to limit the size of the
# "hole" required.
#
FRISEBEEMCASTPORT=21700
FRISEBEENUMPORTS=100
#
# If enabled, needs setup, see:
# http://users.emulab.net/trac/emulab/wiki/NodeUsageInstall
......
......@@ -282,6 +282,21 @@ JAILIPMASK=$VIRTNODE_NETMASK
DISABLE_NAMED_SETUP=0
DISABLE_EXPORTS_SETUP=0
#
# Frisbee address/port parameters (and yes meant to spell it that way).
#
# FRISEBEEMCASTADDR Starting multicast address to use. Each frisbeed
# download server instance gets a unique address.
# FRISEBEEMCASTPORT Starting port for download and upload servers.
# Each server gets a unique port number.
# FRISEBEENUMPORTS When non-zero, limits the range of ports used for
# download/upload to MCASTPORT to MCASTPORT+NUMPORTS-1.
# When zero, any port can be used.
#
FRISEBEEMCASTADDR="234.5.6"
FRISEBEEMCASTPORT=3564
FRISEBEENUMPORTS=0
#
# Only supported on the Mother Ship (emulab.net) right now.
#
......@@ -307,8 +322,6 @@ TBDBNAME=tbdb
IPBASE=10
DELAYCAPACITY=2
DISABLE_NSE=1
FRISEBEEMCASTADDR="234.5.6"
FRISEBEEMCASTPORT=3564
# Sometimes the main page is down in a directory on WWWHOST
# No trailing '/'!
......
......@@ -58,6 +58,11 @@ struct emulab_ha_extra_info {
static char *MC_BASEADDR = FRISEBEEMCASTADDR;
static char *MC_BASEPORT = FRISEBEEMCASTPORT;
#ifdef FRISEBEENUMPORTS
static char *MC_NUMPORTS = FRISEBEENUMPORTS;
#else
static char *MC_NUMPORTS = "0";
#endif
static char *SHAREDIR = SHAREROOT_DIR;
static char *PROJDIR = PROJROOT_DIR;
static char *GROUPSDIR = GROUPSROOT_DIR;
......@@ -81,7 +86,7 @@ static char *STDIMAGEDIR;
static int dump_doaliases = 1;
/* Multicast address/port base info */
static int mc_a, mc_b, mc_c, mc_port;
static int mc_a, mc_b, mc_c, mc_port_lo, mc_port_num;
/* Memory alloc functions that abort when no memory */
static void *mymalloc(size_t size);
......@@ -251,7 +256,6 @@ set_get_values(struct config_host_authinfo *ai, int ix)
#endif
/* get_timeout */
#if 1
/*
* In the short run, we leave this at pre-master-server levels
* for compatibility (we still support advance startup of servers
......@@ -260,15 +264,17 @@ set_get_values(struct config_host_authinfo *ai, int ix)
* We also need this at Utah while we work out some MC problems on
* our control net (sometimes nodes can take minutes before they
* actually hook up with the server.
*
* In an inner elab, neither of these apply.
*/
ii->get_timeout = 1800;
#else
if (!INELABINELAB)
ii->get_timeout = 1800;
/*
* We use a small server inactive timeout since we no longer have
* to start up a frisbeed well in advance of the client(s).
*/
ii->get_timeout = 60;
#endif
else
ii->get_timeout = 60;
/* get_options */
snprintf(str, sizeof str, " -W %u",
......@@ -455,9 +461,25 @@ emulab_get_server_address(struct config_imageinfo *ii, int methods, int first,
*addrp = (a << 24) | (b << 16) | (c << 8) | d;
} else if (methods & CONFIG_IMAGE_UCAST) {
*methp = CONFIG_IMAGE_UCAST;
*addrp = 0;
/* XXX on retries, we don't mess with the address */
if (first)
*addrp = 0;
}
/*
* In the interest of uniform distribution, if we have a maximum
* number of ports to use we just use the index directly.
*/
if (mc_port_num) {
*portp = mc_port_lo + (idx % mc_port_num);
}
/*
* In the interest of backward compat, if there is no maximum
* number of ports, we use the "classic" formula.
*/
else {
*portp = mc_port_lo + (((c << 8) | d) & 0x7FFF);
}
*portp = mc_port + (((c << 8) | d) & 0x7FFF);
return 0;
}
......@@ -1404,7 +1426,13 @@ emulab_init(void)
MC_BASEADDR);
return NULL;
}
mc_port = atoi(MC_BASEPORT);
mc_port_lo = atoi(MC_BASEPORT);
mc_port_num = atoi(MC_NUMPORTS);
if (mc_port_num < 0 || mc_port_num >= 65536) {
error("emulab_init: MC_NUMPORTS '%s' not in valid range!",
MC_NUMPORTS);
return NULL;
}
if ((path = realpath(SHAREROOT_DIR, pathbuf)) == NULL) {
error("emulab_init: could not resolve '%s'", SHAREROOT_DIR);
......
......@@ -30,13 +30,14 @@ extern int debug;
static char *DEFAULT_IMAGEDIR = "/usr/local/images";
static char *DEFAULT_MCADDR = "239.192.1";
static char *DEFAULT_MCPORT = "1025";
static char *DEFAULT_MCNUMPORT = "0";
static char *indexfile;
char *imagedir = NULL;
static char *rimagedir;
/* Multicast address/port base info */
static int mc_a, mc_b, mc_c, mc_port;
static int mc_a, mc_b, mc_c, mc_port_lo, mc_port_num;
/* Memory alloc functions that abort when no memory */
static void *mymalloc(size_t size);
......@@ -276,9 +277,25 @@ null_get_server_address(struct config_imageinfo *ii, int methods, int first,
*addrp = (a << 24) | (b << 16) | (c << 8) | d;
} else if (methods & CONFIG_IMAGE_UCAST) {
*methp = CONFIG_IMAGE_UCAST;
*addrp = 0;
/* XXX on retries, we don't mess with the address */
if (first)
*addrp = 0;
}
/*
* In the interest of uniform distribution, if we have a maximum
* number of ports to use we just use the index directly.
*/
if (mc_port_num) {
*portp = mc_port_lo + (idx % mc_port_num);
}
/*
* In the interest of backward compat, if there is no maximum
* number of ports, we use the "classic" formula.
*/
else {
*portp = mc_port_lo + (((c << 8) | d) & 0x7FFF);
}
*portp = mc_port + (((c << 8) | d) & 0x7FFF);
if (debug)
fprintf(stderr,
......@@ -674,7 +691,13 @@ null_init(void)
DEFAULT_MCADDR);
return NULL;
}
mc_port = atoi(DEFAULT_MCPORT);
mc_port_lo = atoi(DEFAULT_MCPORT);
mc_port_num = atoi(DEFAULT_MCNUMPORT);
if (mc_port_num < 0 || mc_port_num >= 65536) {
error("emulab_init: MC numports '%s' not in valid range!",
DEFAULT_MCNUMPORT);
return NULL;
}
return &null_config;
}
......
......@@ -37,7 +37,7 @@
#define FRISBEE_SERVER "/usr/testbed/sbin/frisbeed"
#define FRISBEE_CLIENT "/usr/testbed/sbin/frisbee"
#define FRISBEE_UPLOAD "/usr/testbed/sbin/frisuploadd"
#define FRISBEE_RETRIES 3
#define FRISBEE_RETRIES 5
static void get_options(int argc, char **argv);
static int makesocket(int portnum, struct in_addr *ifip, int *tcpsockp);
......@@ -1588,7 +1588,8 @@ startchild(struct childinfo *ci)
ci->imageinfo->put_options : "";
snprintf(argbuf, sizeof argbuf,
"%s -i %s -T %d %s -s %llu -m %s -p %d %s",
pname, ifacestr, ci->timeout, opts, isize,
pname, ifacestr, ci->timeout, opts,
(unsigned long long)isize,
inet_ntoa(in), ci->port, ci->imageinfo->path);
break;
}
......@@ -2052,8 +2053,20 @@ reapchildren(int wpid, int *statusp)
ci->method, 0,
&ci->addr, &ci->port,
&ci->method) &&
!startchild(ci))
!startchild(ci)) {
/* give it a chance to run, and check again */
sleep(1);
in.s_addr = htonl(ci->addr);
log("%s: restarted %s process on %s:%d"
" (pid %d)",
ci->imageinfo->imageid,
ci->ptype == PTYPE_SERVER ?
"server" : "uploader",
inet_ntoa(in), ci->port, ci->pid);
if (wpid)
wpid = ci->pid;
continue;
}
}
if (ci->done)
ci->done(ci, status);
......
......@@ -2063,6 +2063,7 @@ sub CreateDefsFile($)
/^FRISEBEEMCASTADDR$/ && do {
print OUTDEFS "FRISEBEEMCASTADDR=\"$frismcastaddr\"\n";
print OUTDEFS "FRISEBEEMCASTPORT=\"6000\"\n";
print OUTDEFS "FRISEBEENUMPORTS=\"0\"\n";
last SWITCH;
};
/^TBCOOKIESUFFIX$/ && do {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment