Commit fa3d2fa7 authored by Mike Hibler's avatar Mike Hibler

1.271: Add new tables for experiment firewalls: firewalls, firewall_rules

       and default_firewall_rules.
parent 92ce268f
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2003 University of Utah and the Flux Group.
# Copyright (c) 2000-2004 University of Utah and the Flux Group.
# All rights reserved.
#
#
......@@ -14,7 +14,7 @@
# The easy way: do 'gmake all'
# You can also run the individual targets too.
all: db-create db-fill sitevars
all: db-create db-fill sitevars fwrules
db-create:
@rm -f ./.tmp-db-create.sql ./.tmp-create-diff
......@@ -23,7 +23,7 @@ db-create:
@if test -s ./.tmp-create-diff; \
then \
cat ./.tmp-create-diff; \
echo "NOTE: Don't forget to update db-migrate.txt!"; \
echo "NOTE: Don't forget to update database-migrate.txt!"; \
mv ./.tmp-db-create.sql ./database-create.sql; \
fi
@rm -f ./.tmp-create-diff ./.tmp-db-create.sql
......@@ -39,4 +39,7 @@ db-fill-dist:
sitevars:
@mysqldump -t tbdb sitevariables > sitevars-create.sql
fwrules:
@mysqldump -t tbdb default_firewall_rules > fwrules-create.sql
dist: db-fill-dist
......@@ -51,6 +51,19 @@ CREATE TABLE current_reloads (
PRIMARY KEY (node_id)
) TYPE=MyISAM;
--
-- Table structure for table `default_firewall_rules`
--
CREATE TABLE default_firewall_rules (
type enum('ipfw','ipfw2','ipchains') NOT NULL default 'ipfw',
style enum('open','closed','basic') NOT NULL default 'basic',
enabled tinyint(4) NOT NULL default '0',
ruleno int(10) unsigned NOT NULL default '0',
rule text NOT NULL,
PRIMARY KEY (type,style,ruleno)
) TYPE=MyISAM;
--
-- Table structure for table `delays`
--
......@@ -350,6 +363,33 @@ CREATE TABLE exppid_access (
PRIMARY KEY (exp_eid,exp_pid,pid)
) TYPE=MyISAM;
--
-- Table structure for table `firewall_rules`
--
CREATE TABLE firewall_rules (
pid varchar(12) NOT NULL default '',
eid varchar(32) NOT NULL default '',
fwname varchar(32) NOT NULL default '',
ruleno int(10) unsigned NOT NULL default '0',
rule text NOT NULL,
PRIMARY KEY (pid,eid,fwname,ruleno),
KEY fwname (fwname)
) TYPE=MyISAM;
--
-- Table structure for table `firewalls`
--
CREATE TABLE firewalls (
pid varchar(12) NOT NULL default '',
eid varchar(32) NOT NULL default '',
fwname varchar(32) NOT NULL default '',
type enum('ipfw','ipfw2','ipchains') NOT NULL default 'ipfw',
style enum('open','closed','basic') NOT NULL default 'basic',
PRIMARY KEY (pid,eid,fwname)
) TYPE=MyISAM;
--
-- Table structure for table `floorimages`
--
......
......@@ -9,4 +9,4 @@ INSERT INTO os_info VALUES ('FREEBSD-MFS','emulab-ops','FREEBSD-MFS','root',NULL
INSERT INTO os_info VALUES ('FRISBEE-MFS','emulab-ops','FRISBEE-MFS','root',NULL,'Frisbee (FreeBSD) in an MFS','FreeBSD','4.5','boss:/tftpboot/frisbee',NULL,'','ping,ssh,ipod,isup',0,1,0,'RELOAD',NULL,NULL,1);
INSERT INTO os_info VALUES ('NEWNODE-MFS','emulab-ops','NEWNODE-MFS','root',NULL,'NewNode (FreeBSD) in an MFS','FreeBSD','4.5','boss:/tftpboot/freebsd.newnode',NULL,'','ping,ssh,ipod,isup',0,1,0,'PXEFBSD',NULL,NULL,1);
INSERT INTO os_info VALUES ('OPSNODE-BSD','emulab-ops','OPSNODE-BSD','root',NULL,'FreeBSD on the Operations Node','FreeBSD','4.X','',NULL,'','ping,ssh,ipod,isup',0,1,0,'OPSNODEBSD',NULL,NULL,1);
INSERT INTO os_info VALUES ('FW-IPFW','emulab-ops','FW-IPFW','root',NULL,'IPFW Firewall','FreeBSD','',NULL,'FreeBSD','','ping,ssh,ipod,isup,veths,mlinks',0,1,1,'NORMAL','emulab-ops-FBSD47-STD',NULL,0);
......@@ -647,6 +647,16 @@ REPLACE INTO table_regex VALUES ('event_groups','agent_name','text','redirect','
REPLACE INTO table_regex VALUES ('virt_lan_lans','pid','text','redirect','projects:pid',0,0,NULL);
REPLACE INTO table_regex VALUES ('virt_lan_lans','eid','text','redirect','experiments:eid',0,0,NULL);
REPLACE INTO table_regex VALUES ('virt_lan_lans','vname','text','redirect','virt_nodes:vname',0,0,NULL);
REPLACE INTO table_regex VALUES ('firewalls','pid','text','redirect','projects:pid',0,0,NULL);
REPLACE INTO table_regex VALUES ('firewalls','eid','text','redirect','experimenets:eid',0,0,NULL);
REPLACE INTO table_regex VALUES ('firewalls','fwname','text','redirect','virt_nodes:vname',0,0,NULL);
REPLACE INTO table_regex VALUES ('firewalls','type','text','regex','^(ipfw|ipfw2|ipchains)$',0,0,NULL);
REPLACE INTO table_regex VALUES ('firewalls','style','text','regex','^(open|closed|basic)$',0,0,NULL);
REPLACE INTO table_regex VALUES ('firewall_rules','pid','text','redirect','projects:pid',0,0,NULL);
REPLACE INTO table_regex VALUES ('firewall_rules','eid','text','redirect','experimenets:eid',0,0,NULL);
REPLACE INTO table_regex VALUES ('firewall_rules','fwname','text','redirect','virt_nodes:vname',0,0,NULL);
REPLACE INTO table_regex VALUES ('firewall_rules','ruleno','int','redirect','default:int',0,50000,NULL);
REPLACE INTO table_regex VALUES ('firewall_rules','rule','text','regex','^\\w[-\\w \\t,/\\{\\}\\(\\)!:\\.]*$',0,1024,NULL);
--
-- Dumping data for table `testsuite_preentables`
......
......@@ -1847,3 +1847,69 @@ last_net_act,last_cpu_act,last_ext_act);
alter table new_nodes add column role varchar(32) not null \
default 'testnode';
1.271: Add new tables for experiment firewalls: firewalls, firewall_rules
and default_firewall_rules:
CREATE TABLE firewalls (
pid varchar(12) NOT NULL default '',
eid varchar(32) NOT NULL default '',
fwname varchar(32) NOT NULL default '',
type enum('ipfw','ipfw2','ipchains') NOT NULL default 'ipfw',
style enum('open','closed','basic') NOT NULL default 'basic',
PRIMARY KEY (pid,eid,fwname)
) TYPE=MyISAM;
CREATE TABLE firewall_rules (
pid varchar(12) NOT NULL default '',
eid varchar(32) NOT NULL default '',
fwname varchar(32) NOT NULL default '',
ruleno int(10) unsigned NOT NULL default '0',
rule text NOT NULL,
PRIMARY KEY (pid,eid,fwname,ruleno),
KEY fwname (fwname)
) TYPE=MyISAM;
CREATE TABLE default_firewall_rules (
type enum('ipfw','ipfw2','ipchains') NOT NULL default 'ipfw',
style enum('open','closed','basic') NOT NULL default 'basic',
enabled tinyint(4) NOT NULL default '0',
ruleno int(10) unsigned NOT NULL default '0',
rule text NOT NULL,
PRIMARY KEY (type,style,ruleno)
) TYPE=MyISAM;
and the associated table_regex's for parsing:
INSERT INTO table_regex VALUES \
('firewalls','pid','text','redirect','projects:pid',0,0,NULL);
INSERT INTO table_regex VALUES \
('firewalls','eid','text','redirect','experimenets:eid',0,0,NULL);
INSERT INTO table_regex VALUES \
('firewalls','fwname','text','redirect','virt_nodes:vname',0,0,NULL);
INSERT INTO table_regex VALUES \
('firewalls','type','text','regex','^(ipfw|ipfw2|ipchains)$',0,0,NULL);
INSERT INTO table_regex VALUES \
('firewalls','style','text','regex','^(open|closed|basic)$',0,0,NULL);
INSERT INTO table_regex VALUES \
('firewall_rules','pid','text','redirect','projects:pid',0,0,NULL);
INSERT INTO table_regex VALUES \
('firewall_rules','eid','text','redirect','experimenets:eid',0,0,NULL);
INSERT INTO table_regex VALUES \
('firewall_rules','fwname','text','redirect','virt_nodes:vname',0,0,NULL);
INSERT INTO table_regex VALUES \
('firewall_rules','ruleno','int','redirect','default:int',0,50000,NULL);
INSERT INTO table_regex VALUES \
('firewall_rules','rule','text','regex','^\\w[-\\w \\t,/\\{\\}\\(\\)!:\\.]*$',0,1024,NULL);
Note that there are no regex's for default_firewall_rules since user
supplied data are never used to fill the table.
Create the IPFW firewall OSID with:
INSERT INTO os_info VALUES ('FW-IPFW','emulab-ops','FW-IPFW',\
'root',NULL,'IPFW Firewall','FreeBSD','',NULL,'FreeBSD',\
'','ping,ssh,ipod,isup,veths,mlinks',0,1,1,'NORMAL',\
'emulab-ops-FBSD47-STD',NULL,0);
Poplulate the default_firewall_rules table using sql/fwrules-create.sql.
-- MySQL dump 8.23
--
-- Host: localhost Database: tbdb
---------------------------------------------------------
-- Server version 3.23.58-log
--
-- Dumping data for table `default_firewall_rules`
--
INSERT INTO default_firewall_rules VALUES ('ipfw','open',1,65534,'allow ip from any to any');
INSERT INTO default_firewall_rules VALUES ('ipfw','closed',1,55000,'allow ip from me to me');
INSERT INTO default_firewall_rules VALUES ('ipfw','closed',1,55100,'allow ip from me to 155.101.128.0/23');
INSERT INTO default_firewall_rules VALUES ('ipfw','closed',1,55101,'allow ip from 155.101.128.0/23 to me');
INSERT INTO default_firewall_rules VALUES ('ipfw','closed',1,65534,'deny ip from any to any');
INSERT INTO default_firewall_rules VALUES ('ipfw','basic',1,55000,'allow ip from me to me');
INSERT INTO default_firewall_rules VALUES ('ipfw','basic',1,55100,'allow ip from me to 155.101.128.0/23');
INSERT INTO default_firewall_rules VALUES ('ipfw','basic',1,55101,'allow ip from 155.101.128.0/23 to me');
INSERT INTO default_firewall_rules VALUES ('ipfw','basic',1,55200,'allow icmp from any to 155.101.132.0/22');
INSERT INTO default_firewall_rules VALUES ('ipfw','basic',1,55201,'allow icmp from 155.101.132.0/22 to any');
INSERT INTO default_firewall_rules VALUES ('ipfw','basic',1,55300,'allow tcp from any to 155.101.132.0/22 22');
INSERT INTO default_firewall_rules VALUES ('ipfw','basic',1,55301,'allow tcp from 155.101.132.0/22 22 to any');
INSERT INTO default_firewall_rules VALUES ('ipfw','basic',1,55400,'allow tcp from me 16534 to 155.101.132.0/22');
INSERT INTO default_firewall_rules VALUES ('ipfw','basic',1,55401,'allow tcp from 155.101.132.0/22 to me 16534');
INSERT INTO default_firewall_rules VALUES ('ipfw','basic',1,55500,'allow udp from 224.4.0.0/16 2917 to 224.4.0.0/16 2917');
INSERT INTO default_firewall_rules VALUES ('ipfw','basic',1,65534,'deny ip from any to any');
......@@ -18,12 +18,12 @@ INSERT INTO sitevariables VALUES ('idle/cc_grp_ldrs',NULL,'3','Start CC\'ing gro
INSERT INTO sitevariables VALUES ('batch/retry_wait',NULL,'900','Number of seconds to wait before retrying a failed batch experiment.');
INSERT INTO sitevariables VALUES ('swap/idleswap_warn',NULL,'30','Number of minutes before an Idle-Swap to send a warning message. Set to 0 for no warning.');
INSERT INTO sitevariables VALUES ('swap/autoswap_warn',NULL,'60','Number of minutes before an Auto-Swap to send a warning message. Set to 0 for no warning.');
INSERT INTO sitevariables VALUES ('plab/stale_age',NULL,'60','Age in minutes at which to consider site data stale and thus node down (0==always use data)');
INSERT INTO sitevariables VALUES ('idle/batch_threshold',NULL,'30','Number of minutes of inactivity for a batch node/expt to be considered idle.');
INSERT INTO sitevariables VALUES ('general/recently_active',NULL,'14','Number of days to be considered a recently active user of the testbed.');
INSERT INTO sitevariables VALUES ('plab/load_metric',NULL,'load_fifteen','GMOND load metric to use (load_one, load_five, load_fifteen)');
INSERT INTO sitevariables VALUES ('plab/max_load',NULL,'5.0','Load at which to stop admitting jobs (0==admit nothing, 1000==admit all)');
INSERT INTO sitevariables VALUES ('plab/min_disk',NULL,'10.0','Minimum disk space free at which to stop admitting jobs (0==admit all, 100==admit none)');
INSERT INTO sitevariables VALUES ('plab/stale_age',NULL,'60','Age in minutes at which to consider site data stale and thus node down (0==always use data)');
INSERT INTO sitevariables VALUES ('watchdog/interval',NULL,'60','Interval in minutes between checks for changes in timeout values (0==never check)');
INSERT INTO sitevariables VALUES ('watchdog/ntpdrift',NULL,'240','Interval in minutes between reporting back NTP drift changes (0==never report)');
INSERT INTO sitevariables VALUES ('watchdog/cvsup',NULL,'720','Interval in minutes between remote node checks for software updates (0==never check)');
......@@ -32,7 +32,8 @@ INSERT INTO sitevariables VALUES ('watchdog/isalive/vnode',NULL,'10','Interval i
INSERT INTO sitevariables VALUES ('watchdog/isalive/plab',NULL,'10','Interval in minutes between planetlab node status reports (0==never report)');
INSERT INTO sitevariables VALUES ('watchdog/isalive/wa',NULL,'1','Interval in minutes between widearea node status reports (0==never report)');
INSERT INTO sitevariables VALUES ('watchdog/isalive/dead_time',NULL,'120','Time, in minutes, after which to consider a node dead if it has not checked in via tha watchdog');
INSERT INTO sitevariables VALUES ('watchdog/rusage',NULL,'1','Interval in minutes between node resource usage reports (0==never report)');
INSERT INTO sitevariables VALUES ('watchdog/hostkeys',NULL,'999999','Interval in minutes between host key reports (0=never report, 999999=once only)');
INSERT INTO sitevariables VALUES ('plab/setup/vnode_batch_size',NULL,'40','Number of plab nodes to setup simultaneously');
INSERT INTO sitevariables VALUES ('plab/setup/vnode_wait_time',NULL,'960','Number of seconds to wait for a plab node to setup');
INSERT INTO sitevariables VALUES ('watchdog/rusage',NULL,'1','Interval in minutes between node resource usage reports (0==never report)');
INSERT INTO sitevariables VALUES ('watchdog/hostkeys',NULL,'999999','Interval in minutes between host key reports (0=never report, 999999=once only)');
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment