Commit 80c434bc authored by Leigh Stoller's avatar Leigh Stoller

Silly change for OPSVM_ENABLE, when running boss as a XEN VM; need to

pass along the IP of the FreeBSD OPS jail to XEN client setup, and havit
add that IP to the iptables rules (antispoofing) so that ops can talk to
the control network.
parent 93c353ad
......@@ -86,6 +86,7 @@ my $vnode_id = shift(@ARGV);
my $vnode_ip = shift(@ARGV);
my $vnode_mac = shift(@ARGV);
my $elabinelab= shift(@ARGV);
my $ipaliases = shift(@ARGV);
# The caller (xmcreate) puts this into the environment.
my $vif = $ENV{'vif'};
......@@ -259,6 +260,14 @@ sub Online()
"-I FORWARD -m physdev --physdev-is-bridged ".
"--physdev-in $vif -s $vnode_ip -j $OUTGOING_CHAIN");
if ($ipaliases ne "") {
foreach my $alias (split(",", $ipaliases)) {
push(@rules,
"-I FORWARD -m physdev --physdev-is-bridged ".
"--physdev-in $vif -s $alias -j $OUTGOING_CHAIN");
}
}
push(@rules,
"-I FORWARD -m physdev --physdev-is-bridged ".
"--physdev-out $vif -j $INCOMING_CHAIN");
......@@ -491,6 +500,13 @@ sub Offline()
push(@rules,
"-D FORWARD -m physdev --physdev-is-bridged ".
"--physdev-in $vif -s $vnode_ip -j $OUTGOING_CHAIN");
if ($ipaliases ne "") {
foreach my $alias (split(",", $ipaliases)) {
push(@rules,
"-D FORWARD -m physdev --physdev-is-bridged ".
"--physdev-in $vif -s $alias -j $OUTGOING_CHAIN");
}
}
push(@rules,
"-D FORWARD -m physdev --physdev-is-bridged ".
"--physdev-out $vif -j $INCOMING_CHAIN");
......
......@@ -2185,6 +2185,7 @@ sub vnodePreConfigControlNetwork($$$$$$$$$$$$)
my ($vnode_id, $vmid, $vnconfig, $private,
$ip,$mask,$mac,$gw, $vname,$longdomain,$shortdomain,$bossip) = @_;
my $vninfo = $private;
my $attributes = $vnconfig->{'attributes'};
if (!exists($vninfo->{'cffile'})) {
die("libvnode_xen: vnodePreConfig: no state for $vnode_id!?");
......@@ -2210,9 +2211,15 @@ sub vnodePreConfigControlNetwork($$$$$$$$$$$$)
# Create a network config script for the interface
my $stuff = {'name' => $vnode_id,
'ip' => $ip,
'ipaliases' => "",
'hip' => $gw,
'fqdn', => $longdomain,
'mac' => $fmac};
# Look for aliases on the ip. Need to pass these to emulab-cnet
# for antispoofing rules.
if (exists($attributes->{'XEN_IPALIASES'})) {
$stuff->{'ipaliases'} = $attributes->{'XEN_IPALIASES'};
}
createControlNetworkScript($vmid, $vnconfig, $stuff, $cscript);
#
......@@ -4400,6 +4407,7 @@ sub createControlNetworkScript($$$$)
my $host_ip = $data->{'hip'};
my $name = $data->{'name'};
my $ip = $data->{'ip'};
my $ipaliases = $data->{'ipaliases'};
my $mac = $data->{'mac'};
my $elabinelab = (exists($vnconfig->{'config'}->{'ELABINELAB'}) ?
$vnconfig->{'config'}->{'ELABINELAB'} : 0);
......@@ -4415,7 +4423,7 @@ sub createControlNetworkScript($$$$)
print FILE "if [ -e \"$file.debug\" ]; then ".
"mv -f $file.debug $file.debug.0; fi\n";
print FILE "/etc/xen/scripts/emulab-cnet.pl ".
"$vmid $host_ip $name $ip $mac $elabinelab \$* >$file.debug 2>&1\n";
"$vmid $host_ip $name $ip $mac $elabinelab '$ipaliases' \$* >$file.debug 2>&1\n";
print FILE "exit \$?\n";
close(FILE);
chmod(0555, $file);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment