Vsys factory scripts will live here in the future.

diff --git a/comon_exec b/comon_exec
new file mode 100755 (executable)
index 0000000..df6e7c0
--- /dev/null
+++ b/comon_exec
@@ -0,0 +1,40 @@
+#!/usr/bin/perl
+use strict;
+
+#######################################################
+#
+# run any (allowed) progam in the root context
+#
+#######################################################
+
+my @allowed = ("/bin/df"); # allowed commands
+my $cmdline;
+my $path;
+my $p;
+
+# read command line
+$cmdline = <STDIN>;
+chomp($cmdline);
+
+# identify the path
+if ($cmdline =~ /\s*(.+)\s+/) {
+   $path = $1;
+} else {
+   $path = $cmdline;
+}
+
+# run the program if it's executable and allowed to run
+if (-x $path) {
+   foreach $p (@allowed) {
+       if ($p eq $path) {
+           system($cmdline);
+           exit(0);
+       }
+   }
+   print "fatal: '$cmdline' is not allowed to run\n";
+} else {
+   print "fatal: $path either does not exist or is not executable\n";
+}
+
+# some error occurred
+exit(-1);

diff --git a/hide_netif b/hide_netif
new file mode 100755 (executable)
index 0000000..c7ae234
--- /dev/null
+++ b/hide_netif
@@ -0,0 +1,6 @@
+#!/bin/sh
+# Remove hide_netif network attribute.  Attribute is used to hide interfaces that don't have an IP attached. 
+
+# $Id$
+
+nattribute --set --nid $1 --flag ~hide_netif

diff --git a/pfmount b/pfmount
new file mode 100755 (executable)
index 0000000..fb7ee6c
--- /dev/null
+++ b/pfmount
@@ -0,0 +1,10 @@
+#!/bin/sh
+# Mount the planetflow directory in a slice
+
+#mount --bind /usr/local/fprobe /vservers/$1/pf
+# changed from request of Faiyaz
+DEST="/vservers/$1/pf"
+mount | grep "on $DEST type" > /dev/null
+if [ $? -eq 1 ]; then
+    mount --bind /var/local/fprobe $DEST
+fi

diff --git a/pl-ps b/pl-ps
new file mode 100755 (executable)
index 0000000..eafdf5b
--- /dev/null
+++ b/pl-ps
@@ -0,0 +1,36 @@
+#!/usr/bin/perl
+use strict;
+
+###############################################
+# pl-ps for slicestat by KyoungSoo Park
+###############################################
+
+my %slice_id;
+my %slice;
+
+open THIS_PIPE, "/bin/awk -F: \'{print \$1, \$3}\' /etc/passwd |";
+while(<THIS_PIPE>) {
+   if (/(.+)\s+(\d+)/) {
+       $slice_id{$1} = $2;
+       $slice{$2} = $1;
+   }
+}
+close THIS_PIPE;
+
+open THIS_PIPE, "/usr/sbin/vps -eo pid,user | sed 1d | awk \'{print \$1, \$2}\' | sort -k 2 |";
+while(<THIS_PIPE>) {
+   if (/(\d+)\s+(.+)$/) {
+       my $pid = $1;
+       my ($id, $sl);
+
+       if (defined($slice_id{$2})) {
+           $id = $slice_id{$2};
+           $sl = $2;
+       } else {
+           $id = $2;
+           $sl = $slice{$2};
+       }
+       print sprintf("%s %s %s\n", $id, $sl, $pid);
+   }
+}
+close THIS_PIPE;

diff --git a/setup-link b/setup-link
new file mode 100755 (executable)
index 0000000..e5cbd2f
--- /dev/null
+++ b/setup-link
@@ -0,0 +1,96 @@
+#!/bin/sh +x
+
+IP=/sbin/ip
+
+SLICE=$1
+SLICEID=`id -u $SLICE`
+read INDEX
+read REMOTE
+read KEY
+
+LINK=${KEY}if${INDEX}
+
+modprobe ip_gre
+modprobe etun
+
+### Setup EGRE tunnel
+EGRE=d$LINK
+$IP tunnel add $EGRE  mode gre/eth remote $REMOTE key $KEY
+$IP link set $EGRE up
+
+### Setup etun
+ETUN0=a$LINK
+ETUN1=b$LINK
+echo $ETUN0,$ETUN1 > /sys/module/etun/parameters/newif
+ifconfig $ETUN0 mtu 1458 up
+ifconfig $ETUN1 up
+
+### Setup bridge
+BRIDGE=c$LINK
+brctl addbr $BRIDGE
+brctl addif $BRIDGE $EGRE 
+brctl addif $BRIDGE $ETUN1
+ifconfig $BRIDGE up
+
+### Setup iptables so that packets are visible in the vserver
+iptables -t mangle -A FORWARD -o $BRIDGE -j MARK --set-mark $SLICEID
+
+### Create "grab link" script
+GRAB=/vsys/local_grab-$ETUN0
+echo $SLICE > $GRAB.acl 
+rm -f $GRAB
+cat > $GRAB <<EOF
+#!/bin/sh
+
+read PID
+
+chcontext --ctx 1 -- echo \$PID > /sys/class/net/$ETUN0/new_ns_pid 
+EOF
+chmod +x $GRAB
+
+### Create script for setting link rate
+BIND=/vsys/local_rate-$ETUN0
+echo $SLICE > $BIND.acl 
+rm -f $BIND
+cat > $BIND <<EOF
+#!/bin/sh
+
+read rt
+
+tc qdisc add dev $EGRE root handle 1: htb default 10
+tc class add dev $EGRE parent 1: classid 1:10 htb rate \$rt ceil \$rt
+
+rm -rf $BIND.acl 
+touch $BIND.acl 
+
+EOF
+chmod +x $BIND
+
+### Create "delete link" script
+DELETE=/vsys/local_delete-$ETUN0
+echo $SLICE > $DELETE.acl 
+rm -f $DELETE
+cat > $DELETE <<EOF
+#!/bin/sh
+
+read NULL
+
+# Remove iptables rule
+iptables -t mangle -D FORWARD -o $BRIDGE -j MARK --set-mark $SLICEID
+
+# Get rid of etun devices, only need name of one of them
+echo $ETUN1 > /sys/module/etun/parameters/delif
+
+# Get rid of bridge
+ifconfig $BRIDGE down
+brctl delbr $BRIDGE
+
+# Get rid of EGRE tunnel
+ip tunnel del $EGRE
+
+# Clean up files
+rm -f $GRAB $GRAB.acl
+rm -f $DELETE $DELETE.acl
+rm -f $BIND $BIND.acl
+EOF
+chmod +x $DELETE

diff --git a/setup-nat b/setup-nat
new file mode 100755 (executable)
index 0000000..64be40b
--- /dev/null
+++ b/setup-nat
@@ -0,0 +1,57 @@
+#!/bin/sh +x
+
+IP=/sbin/ip
+
+SLICE=$1
+SLICEID=`id -u $SLICE`
+read KEY
+
+modprobe etun
+
+### Setup etun
+ETUN0=nat$KEY
+ETUN1=natx$KEY
+echo $ETUN0,$ETUN1 > /sys/module/etun/parameters/newif
+ifconfig $ETUN1 10.0.$KEY.1 up
+
+/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+/sbin/iptables -A FORWARD -i eth0 -o $ETUN1 -m state --state RELATED,ESTABLISHED -j ACCEPT
+/sbin/iptables -A FORWARD -i $ETUN1 -o eth0 -j ACCEPT
+
+### Create "grab link" script
+GRAB=/vsys/local_grab-$ETUN0
+echo $SLICE > $GRAB.acl 
+rm -f $GRAB
+cat > $GRAB <<EOF
+#!/bin/sh
+
+read PID
+
+chcontext --ctx 1 -- echo \$PID > /sys/class/net/$ETUN0/new_ns_pid 
+EOF
+chmod +x $GRAB
+
+### Create "delete link" script
+DELETE=/vsys/local_delete-$ETUN0
+echo $SLICE > $DELETE.acl 
+rm -f $DELETE
+cat > $DELETE <<EOF
+#!/bin/sh
+
+read NULL
+
+# Remove iptables rules
+/sbin/iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
+/sbin/iptables -D FORWARD -i eth0 -o $ETUN1 -m state --state RELATED,ESTABLISHED -j ACCEPT
+/sbin/iptables -D FORWARD -i $ETUN1 -o eth0 -j ACCEPT
+
+# Get rid of etun devices, only need name of one of them
+echo $ETUN1 > /sys/module/etun/parameters/delif
+
+# Clean up files
+rm -f $GRAB $GRAB.acl
+rm -f $DELETE $DELETE.acl
+
+EOF
+chmod +x $DELETE
+

diff --git a/svn-commit.tmp b/svn-commit.tmp
new file mode 100644 (file)
index 0000000..d04acbe
--- /dev/null
+++ b/svn-commit.tmp
@@ -0,0 +1,5 @@
+First checkin. Vsys scripts will live here in the future.
+
+--This line, and those below, will be ignored--
+
+A    vsys-factory

diff --git a/vsys-factory.spec b/vsys-factory.spec
new file mode 100644 (file)
index 0000000..451b149
--- /dev/null
+++ b/vsys-factory.spec
@@ -0,0 +1,60 @@
+#
+# Vsys filesystem
+#
+# RPM spec file
+#
+# $Id: vsys-factory.spec 9786 2008-07-02 08:54:09Z thierry $
+#
+
+%define name vsys
+%define version 0.8
+%define taglevel 16
+
+%define release %{taglevel}%{?pldistro:.%{pldistro}}%{?date:.%{date}}
+
+Vendor: PlanetLab
+Packager: PlanetLab Central <support@planet-lab.org>
+Distribution: PlanetLab %{plrelease}
+URL: %(echo %{url} | cut -d ' ' -f 2)
+
+Summary: Vsys factory scripts
+Name: %{name}
+Version: %{version}
+Release: %{release}
+License: GPL
+Group: System Environment/Kernel
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
+Requires: vsys
+
+Source0: vsys-factory-%{version}.tar.gz
+
+%description
+Vsys scripts for privileged operations on PlanetLab. These scripts are defined by maintainers of various components,
+to which users require privileged access.
+
+%prep
+%setup
+
+%build
+rm -rf $RPM_BUILD_ROOT
+make
+
+%install
+mkdir -p $RPM_BUILD_ROOT/vsys
+cp * $RPM_BUILD_ROOT/vsys
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%files
+/vsys/*
+
+%post
+if [ "$PL_BOOTCD" != "1" ] ; then
+        service vsys restart
+fi
+
+%postun
+
+%changelog
+

diff --git a/vsys-factory.spec.orig b/vsys-factory.spec.orig
new file mode 100644 (file)
index 0000000..13e5393
--- /dev/null
+++ b/vsys-factory.spec.orig
@@ -0,0 +1,136 @@
+#
+# Vsys filesystem
+#
+# RPM spec file
+#
+# $Id: vsys.spec 9786 2008-07-02 08:54:09Z thierry $
+#
+
+%define url $URL: svn+ssh://sapanb@poppins/svn/vsys/trunk/vsys.spec $
+
+%define name vsys
+%define version 0.8
+%define taglevel 16
+
+%define release %{taglevel}%{?pldistro:.%{pldistro}}%{?date:.%{date}}
+
+Vendor: PlanetLab
+Packager: PlanetLab Central <support@planet-lab.org>
+Distribution: PlanetLab %{plrelease}
+URL: %(echo %{url} | cut -d ' ' -f 2)
+
+Summary: Vsys filesystem 
+Name: %{name}
+Version: %{version}
+Release: %{release}
+License: GPL
+Group: System Environment/Kernel
+BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
+#Requires: 
+BuildRequires: inotify-tools-devel
+BuildRequires: ocaml
+BuildRequires: ocaml-docs
+
+Source0: vsys-%{version}.tar.gz
+
+%description
+vsys is a file-system-based interface that lets slices on PlanetLab safely
+invoke services installed by the PlanetLab administration. Slices invoke and
+interact with these services through fifo pipes. Services can be added and
+removed dynamically.
+
+%prep
+%setup
+
+%build
+rm -rf $RPM_BUILD_ROOT
+make
+
+%install
+mkdir -p $RPM_BUILD_ROOT/usr/bin
+mkdir -p $RPM_BUILD_ROOT/etc/init.d
+mkdir -p $RPM_BUILD_ROOT/vsys
+cp factory/* $RPM_BUILD_ROOT/vsys
+cp vsys $RPM_BUILD_ROOT/usr/bin
+cp vsys-initscript $RPM_BUILD_ROOT/etc/init.d/vsys
+cp vsys.conf $RPM_BUILD_ROOT/etc
+
+install -D -m 644 vsys.logrotate $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d/vsys
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%files
+/usr/bin/vsys
+/etc/init.d/vsys
+/vsys/*
+%config(noreplace) /etc/vsys.conf
+%{_sysconfdir}/logrotate.d/vsys
+
+%post
+chkconfig --add vsys
+chkconfig vsys on
+
+%postun
+
+%changelog
+* Wed Jul 02 2008 Thierry Parmentelat <thierry.parmentelat@sophia.inria.fr> - vsys-0.7-16
+- Usability changes that are necessary for the stability of CoMon
+
+* Wed Jun 25 2008 Stephen Soltesz <soltesz@cs.princeton.edu> - vsys-0.7-15
+- added patch to pl-ps needed by slicestat
+- 
+- 
+
+* Mon Jun 23 2008 Sapan Bhatia <sapanb@cs.princeton.edu> - vsys-0.7-14
+- This change is an attempt to fix unexpected blocking after many days of uptime, reported by KyoungSoo.
+
+* Thu Jun 19 2008 Stephen Soltesz <soltesz@cs.princeton.edu> - vsys-0.7-13
+- accept '-' in filenames also
+- 
+
+* Wed Jun 18 2008 Stephen Soltesz <soltesz@cs.princeton.edu> - vsys-0.7-12
+- don't overwrite the config file that already exists.
+- 
+
+* Wed Jun 18 2008 Sapan Bhatia <sapanb@cs.princeton.edu> - vsys-0.7-11
+- Suppress some temp file that RPM creates frmo showing up as a vsys script.
+- 
+- 
+
+* Wed Jun 18 2008 Sapan Bhatia <sapanb@cs.princeton.edu> - vsys-0.7-10
+- Changed a policy in vsys. When an acl is empty, the script doesn't show up in ANY slice. The previous behavior was for 
+- it to show up in all slices.
+- 
+- 
+
+* Wed Jun 18 2008 Sapan Bhatia <sapanb@cs.princeton.edu> - vsys-0.7-9
+- Added a vsys script for CoMon.
+- 
+
+* Mon Jun 16 2008 Stephen Soltesz <soltesz@cs.princeton.edu> - vsys-0.7-8
+- ignore non-existent directories after restart.
+- 
+
+* Fri May 16 2008 Stephen Soltesz <soltesz@cs.princeton.edu> - vsys-0.7-7
+- added logrotate configuration to package.
+- 
+
+* Mon May 12 2008 Stephen Soltesz <soltesz@cs.princeton.edu> - vsys-0.7-6
+- Added two new scripts for CoMon on 4.2
+- 
+
+* Tue May 06 2008 Stephen Soltesz <soltesz@cs.princeton.edu> - vsys-0.7-5
+- 
+- Corrected directory that the script mounts to the correct one:
+- /var/local/fprobe
+- 
+
+* Wed Apr 23 2008 Stephen Soltesz <soltesz@cs.princeton.edu> - vsys-0.7-4
+- Pulling the latest changes for the 4.2rc2 release
+- 
+
+* Fri Feb 15 2008 Faiyaz Ahmed <faiyaza@cs.princeton.edu> - vsys-0.7-2 vsys-0.7-3
+- * daemonization, writing to a logfile, and saving the pid
+- 
+

diff --git a/vtop b/vtop
new file mode 100755 (executable)
index 0000000..00e44c0
--- /dev/null
+++ b/vtop
@@ -0,0 +1,12 @@
+#!/usr/bin/perl
+use strict;
+
+###############################################
+# vtop for slicestat by KyoungSoo Park
+###############################################
+
+open THIS_PIPE, "/usr/sbin/vtop bn1 |";
+while(<THIS_PIPE>) {
+    print;
+}
+close THIS_PIPE;