1. 05 Nov, 2014 1 commit
  2. 01 Jul, 2014 1 commit
  3. 08 May, 2014 1 commit
  4. 24 Apr, 2014 1 commit
  5. 16 Apr, 2014 1 commit
  6. 26 Mar, 2014 1 commit
  7. 25 Mar, 2014 1 commit
    • Leigh B Stoller's avatar
      Server side of firewall support for XEN containers. · 2faea2f3
      Leigh B Stoller authored
      This differs from the current firewall support, which assumes a single
      firewall for an entire experiment, hosted on a dedicated physical
      node. At some point, it would be better to host the dedicated firewall
      inside a XEN container, but that is a project for another day (year).
      
      Instead, I added two sets of firewall rules to the default_firewall_rules
      table, one for dom0 and another for domU. These follow the current
      style setup of open,basic,closed, while elabinelab is ignored since it
      does not make sense for this yet.
      
      These two rules sets are independent, the dom0 rules can be applied to
      the physical host, and domU rules can be applied to specific
      containers.
      
      My goal is that all shared nodes will get the dom0 closed rules (ssh
      from local boss only) to avoid the ssh attacks that all of the racks
      are seeing.
      
      DomU rules can be applied on a per-container (node) basis. As
      mentioned above this is quite different, and needed minor additions to
      the virt_nodes table to allow it.
      2faea2f3
  8. 10 Mar, 2014 1 commit
    • Mike Hibler's avatar
      Support "no NFS mount" experiments. · 5446760e
      Mike Hibler authored
      We have had the mechanism implemented in the client for some time and
      available at the site-level or, in special cases, at the node level.
      New NS command:
      
          tb-set-nonfs 1
      
      will ensure that no nodes in the experiment attempt to mount shared
      filesystems from ops (aka, "fs"). In this case, a minimal homdir is
      created on each node with basic dotfiles and your .ssh keys. There will
      also be empty /proj, /share, etc. directories created.
      
      One additional mechanism that we have now is that we do not export filesystems
      from ops to those nodes. Previously, it was all client-side and you could
      mount the shared FSes if you wanted to. By prohibiting the export of these
      filesystems, the mechanism is more suitable for "security" experiments.
      5446760e
  9. 13 Feb, 2014 1 commit
  10. 16 Jan, 2014 1 commit
    • Mike Hibler's avatar
      (Partially) add ability to specify read-only datasets. · 7e3e82cc
      Mike Hibler authored
      1. Add set-readonly method to a NS blockstore object.
      2. Make sure that dataset blockstores (leases) in the 'grace' state can
         *only* be accessed read-only.
      
      What has not been done yet is to pass the attribute to the storage server
      and client so they can actually enact read-only-ness.
      7e3e82cc
  11. 03 Jan, 2014 1 commit
  12. 11 Dec, 2013 2 commits
    • Mike Hibler's avatar
      Avoid races with tearing down SAN lans while the client is still active. · c63cd75c
      Mike Hibler authored
      Add a swapout-time triggered program agent that does a "rc.storage fullreset"
      to ensure that the client has unmounted and detached from SAN volumes.
      Eventsys shutdown (which triggers the swapout event sequence) is done before
      VLAN teardown so this works.
      c63cd75c
    • Mike Hibler's avatar
      The parser-side of persistent blockstore support. · 09177fb2
      Mike Hibler authored
      In parse-ns, we generate a list of accessible blockstores and put that in
      the .input file. The accessiblity check right now is just that the blockstore
      (actually lease) pid must match that of the experiment. This needs to be
      generalized.
      
      The blockstore set-lease command verifies that the asked-for lease matches
      one of those accessible blockstores. If it does, it make sure the correct
      size and other info wind up in the virt_blockstores table. Less obviously,
      but of critical importance, it emits a "lease" virt_blockstore_attribute
      with the correct lease index. This attributes gets converted into the
      desire that is added by vtopgen to the .vtop file.
      09177fb2
  13. 30 Oct, 2013 1 commit
  14. 22 Jul, 2013 1 commit
  15. 23 May, 2013 2 commits
  16. 14 May, 2013 2 commits
  17. 09 May, 2013 3 commits
  18. 08 May, 2013 1 commit
  19. 06 May, 2013 3 commits
    • Kirk Webb's avatar
      Finish validity checks for local blockstores. · 4573d92b
      Kirk Webb authored
      Mike unearthed another round of things we need to check to keep users
      from shooting themselves in the foot too readily.  Made it through
      a fairly complete set of input tests and came up with a couple of additional
      checks myself.
      4573d92b
    • Kirk Webb's avatar
      Updates for local node stuff. · f95fadff
      Kirk Webb authored
      f95fadff
    • Kirk Webb's avatar
      Refactor some of the blockstore object code into finalize() · d228f1e3
      Kirk Webb authored
      Move some of the hacky duplicate functionality code for blockstore objects
      into a finalize() method, called by sim.tcl's run() method.  This code
      does last minute validity checks and assignments (e.g., putting the disk
      space desire onto node objects).  Added the code here to check for
      overlapping mount points where blockstores are attached to real nodes
      (local storage).
      d228f1e3
  20. 01 May, 2013 1 commit
  21. 30 Apr, 2013 5 commits
    • Kirk Webb's avatar
      Add complete local node storage support from parser down to tcmd. · dab52801
      Kirk Webb authored
      Doing this required adding columns to the virt and physical blockstores
      tables to mark the attributes that will be considered for mapping.
      Unmarked entries just flow through to the client-side.
      
      This commit also introduces filesystem support in the form of passing
      through a mount point to the client-side.  It is left to the client to
      decide what filesystem and fs options to use to setup the space, including
      any logical volume aggregation required to support the request.
      dab52801
    • Kirk Webb's avatar
      Support multiple blockstores per local node. · d981ca72
      Kirk Webb authored
      d981ca72
    • Kirk Webb's avatar
      Parser hacks for blockstores · bb2563cf
      Kirk Webb authored
      * Translate bandwidth spec "~" to 10Kbps, and complain if any other value
        is used on a lan with blockstores.
      
      * Allow blockstores to be fixed to nodes.  Shunt through cases where the
        node a blockstore is fixed to isn't a blockstore pseudo-VM via a
        features / desires hack.  We do this to avoid having a more heavyweight
        blockstore pseudo-VM representation show up when users just want more
        local disk space setup on their nodes.
      bb2563cf
    • Kirk Webb's avatar
      Make storage lans use vlan encapsulation. · ffe332be
      Kirk Webb authored
      Also, blockstores VMs can't be the sync server...
      ffe332be
    • Leigh B Stoller's avatar
      Add physical memory accounting for openvz/xen nodes. The total · 11752432
      Leigh B Stoller authored
      amount a physical has is stored in the node types table, and the
      per-vm memory requirement is stored in the nodes table. ptopgen
      adds up usage, and subtracts from the total for the ptop file.
      The vtop number comes from a virt_node_attribute table, and we
      pass this through to the client side. Note that this is less
      important for openvz, more so for XEN.
      
      In the NS file:
      
      	tb-set-node-memory-size $node 1024
      
      Number is in MBs. The mapper defaults this to 128 for openvz and 256
      for xen. Maximum is hardwired to 256 and 512 respectively. Need to
      think about a good way to configure this in.
      11752432
  22. 11 Apr, 2013 1 commit
  23. 10 Jan, 2013 1 commit
  24. 07 Dec, 2012 1 commit
  25. 26 Nov, 2012 2 commits
  26. 21 Nov, 2012 1 commit
  27. 15 Nov, 2012 2 commits