From: Sapan Bhatia Date: Tue, 15 Jul 2008 17:16:13 +0000 (+0000) Subject: Vsys factory scripts will live here in the future. X-Git-Tag: vsys-factory-0.7-0@12284~9 X-Git-Url: http://git.onelab.eu/?p=vsys-scripts.git;a=commitdiff_plain;h=83db2ab069cdf09076a4a83b11318fd5f564ec18 Vsys factory scripts will live here in the future. --- 83db2ab069cdf09076a4a83b11318fd5f564ec18 diff --git a/comon_exec b/comon_exec new file mode 100755 index 0000000..df6e7c0 --- /dev/null +++ b/comon_exec @@ -0,0 +1,40 @@ +#!/usr/bin/perl +use strict; + +####################################################### +# +# run any (allowed) progam in the root context +# +####################################################### + +my @allowed = ("/bin/df"); # allowed commands +my $cmdline; +my $path; +my $p; + +# read command line +$cmdline = ; +chomp($cmdline); + +# identify the path +if ($cmdline =~ /\s*(.+)\s+/) { + $path = $1; +} else { + $path = $cmdline; +} + +# run the program if it's executable and allowed to run +if (-x $path) { + foreach $p (@allowed) { + if ($p eq $path) { + system($cmdline); + exit(0); + } + } + print "fatal: '$cmdline' is not allowed to run\n"; +} else { + print "fatal: $path either does not exist or is not executable\n"; +} + +# some error occurred +exit(-1); diff --git a/hide_netif b/hide_netif new file mode 100755 index 0000000..c7ae234 --- /dev/null +++ b/hide_netif @@ -0,0 +1,6 @@ +#!/bin/sh +# Remove hide_netif network attribute. Attribute is used to hide interfaces that don't have an IP attached. + +# $Id$ + +nattribute --set --nid $1 --flag ~hide_netif diff --git a/pfmount b/pfmount new file mode 100755 index 0000000..fb7ee6c --- /dev/null +++ b/pfmount @@ -0,0 +1,10 @@ +#!/bin/sh +# Mount the planetflow directory in a slice + +#mount --bind /usr/local/fprobe /vservers/$1/pf +# changed from request of Faiyaz +DEST="/vservers/$1/pf" +mount | grep "on $DEST type" > /dev/null +if [ $? -eq 1 ]; then + mount --bind /var/local/fprobe $DEST +fi diff --git a/pl-ps b/pl-ps new file mode 100755 index 0000000..eafdf5b --- /dev/null +++ b/pl-ps @@ -0,0 +1,36 @@ +#!/usr/bin/perl +use strict; + +############################################### +# pl-ps for slicestat by KyoungSoo Park +############################################### + +my %slice_id; +my %slice; + +open THIS_PIPE, "/bin/awk -F: \'{print \$1, \$3}\' /etc/passwd |"; +while() { + if (/(.+)\s+(\d+)/) { + $slice_id{$1} = $2; + $slice{$2} = $1; + } +} +close THIS_PIPE; + +open THIS_PIPE, "/usr/sbin/vps -eo pid,user | sed 1d | awk \'{print \$1, \$2}\' | sort -k 2 |"; +while() { + if (/(\d+)\s+(.+)$/) { + my $pid = $1; + my ($id, $sl); + + if (defined($slice_id{$2})) { + $id = $slice_id{$2}; + $sl = $2; + } else { + $id = $2; + $sl = $slice{$2}; + } + print sprintf("%s %s %s\n", $id, $sl, $pid); + } +} +close THIS_PIPE; diff --git a/setup-link b/setup-link new file mode 100755 index 0000000..e5cbd2f --- /dev/null +++ b/setup-link @@ -0,0 +1,96 @@ +#!/bin/sh +x + +IP=/sbin/ip + +SLICE=$1 +SLICEID=`id -u $SLICE` +read INDEX +read REMOTE +read KEY + +LINK=${KEY}if${INDEX} + +modprobe ip_gre +modprobe etun + +### Setup EGRE tunnel +EGRE=d$LINK +$IP tunnel add $EGRE mode gre/eth remote $REMOTE key $KEY +$IP link set $EGRE up + +### Setup etun +ETUN0=a$LINK +ETUN1=b$LINK +echo $ETUN0,$ETUN1 > /sys/module/etun/parameters/newif +ifconfig $ETUN0 mtu 1458 up +ifconfig $ETUN1 up + +### Setup bridge +BRIDGE=c$LINK +brctl addbr $BRIDGE +brctl addif $BRIDGE $EGRE +brctl addif $BRIDGE $ETUN1 +ifconfig $BRIDGE up + +### Setup iptables so that packets are visible in the vserver +iptables -t mangle -A FORWARD -o $BRIDGE -j MARK --set-mark $SLICEID + +### Create "grab link" script +GRAB=/vsys/local_grab-$ETUN0 +echo $SLICE > $GRAB.acl +rm -f $GRAB +cat > $GRAB < /sys/class/net/$ETUN0/new_ns_pid +EOF +chmod +x $GRAB + +### Create script for setting link rate +BIND=/vsys/local_rate-$ETUN0 +echo $SLICE > $BIND.acl +rm -f $BIND +cat > $BIND < $DELETE.acl +rm -f $DELETE +cat > $DELETE < /sys/module/etun/parameters/delif + +# Get rid of bridge +ifconfig $BRIDGE down +brctl delbr $BRIDGE + +# Get rid of EGRE tunnel +ip tunnel del $EGRE + +# Clean up files +rm -f $GRAB $GRAB.acl +rm -f $DELETE $DELETE.acl +rm -f $BIND $BIND.acl +EOF +chmod +x $DELETE diff --git a/setup-nat b/setup-nat new file mode 100755 index 0000000..64be40b --- /dev/null +++ b/setup-nat @@ -0,0 +1,57 @@ +#!/bin/sh +x + +IP=/sbin/ip + +SLICE=$1 +SLICEID=`id -u $SLICE` +read KEY + +modprobe etun + +### Setup etun +ETUN0=nat$KEY +ETUN1=natx$KEY +echo $ETUN0,$ETUN1 > /sys/module/etun/parameters/newif +ifconfig $ETUN1 10.0.$KEY.1 up + +/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE +/sbin/iptables -A FORWARD -i eth0 -o $ETUN1 -m state --state RELATED,ESTABLISHED -j ACCEPT +/sbin/iptables -A FORWARD -i $ETUN1 -o eth0 -j ACCEPT + +### Create "grab link" script +GRAB=/vsys/local_grab-$ETUN0 +echo $SLICE > $GRAB.acl +rm -f $GRAB +cat > $GRAB < /sys/class/net/$ETUN0/new_ns_pid +EOF +chmod +x $GRAB + +### Create "delete link" script +DELETE=/vsys/local_delete-$ETUN0 +echo $SLICE > $DELETE.acl +rm -f $DELETE +cat > $DELETE < /sys/module/etun/parameters/delif + +# Clean up files +rm -f $GRAB $GRAB.acl +rm -f $DELETE $DELETE.acl + +EOF +chmod +x $DELETE + diff --git a/svn-commit.tmp b/svn-commit.tmp new file mode 100644 index 0000000..d04acbe --- /dev/null +++ b/svn-commit.tmp @@ -0,0 +1,5 @@ +First checkin. Vsys scripts will live here in the future. + +--This line, and those below, will be ignored-- + +A vsys-factory diff --git a/vsys-factory.spec b/vsys-factory.spec new file mode 100644 index 0000000..451b149 --- /dev/null +++ b/vsys-factory.spec @@ -0,0 +1,60 @@ +# +# Vsys filesystem +# +# RPM spec file +# +# $Id: vsys-factory.spec 9786 2008-07-02 08:54:09Z thierry $ +# + +%define name vsys +%define version 0.8 +%define taglevel 16 + +%define release %{taglevel}%{?pldistro:.%{pldistro}}%{?date:.%{date}} + +Vendor: PlanetLab +Packager: PlanetLab Central +Distribution: PlanetLab %{plrelease} +URL: %(echo %{url} | cut -d ' ' -f 2) + +Summary: Vsys factory scripts +Name: %{name} +Version: %{version} +Release: %{release} +License: GPL +Group: System Environment/Kernel +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot +Requires: vsys + +Source0: vsys-factory-%{version}.tar.gz + +%description +Vsys scripts for privileged operations on PlanetLab. These scripts are defined by maintainers of various components, +to which users require privileged access. + +%prep +%setup + +%build +rm -rf $RPM_BUILD_ROOT +make + +%install +mkdir -p $RPM_BUILD_ROOT/vsys +cp * $RPM_BUILD_ROOT/vsys + +%clean +rm -rf $RPM_BUILD_ROOT + +%files +/vsys/* + +%post +if [ "$PL_BOOTCD" != "1" ] ; then + service vsys restart +fi + +%postun + +%changelog + diff --git a/vsys-factory.spec.orig b/vsys-factory.spec.orig new file mode 100644 index 0000000..13e5393 --- /dev/null +++ b/vsys-factory.spec.orig @@ -0,0 +1,136 @@ +# +# Vsys filesystem +# +# RPM spec file +# +# $Id: vsys.spec 9786 2008-07-02 08:54:09Z thierry $ +# + +%define url $URL: svn+ssh://sapanb@poppins/svn/vsys/trunk/vsys.spec $ + +%define name vsys +%define version 0.8 +%define taglevel 16 + +%define release %{taglevel}%{?pldistro:.%{pldistro}}%{?date:.%{date}} + +Vendor: PlanetLab +Packager: PlanetLab Central +Distribution: PlanetLab %{plrelease} +URL: %(echo %{url} | cut -d ' ' -f 2) + +Summary: Vsys filesystem +Name: %{name} +Version: %{version} +Release: %{release} +License: GPL +Group: System Environment/Kernel +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot +#Requires: +BuildRequires: inotify-tools-devel +BuildRequires: ocaml +BuildRequires: ocaml-docs + +Source0: vsys-%{version}.tar.gz + +%description +vsys is a file-system-based interface that lets slices on PlanetLab safely +invoke services installed by the PlanetLab administration. Slices invoke and +interact with these services through fifo pipes. Services can be added and +removed dynamically. + +%prep +%setup + +%build +rm -rf $RPM_BUILD_ROOT +make + +%install +mkdir -p $RPM_BUILD_ROOT/usr/bin +mkdir -p $RPM_BUILD_ROOT/etc/init.d +mkdir -p $RPM_BUILD_ROOT/vsys +cp factory/* $RPM_BUILD_ROOT/vsys +cp vsys $RPM_BUILD_ROOT/usr/bin +cp vsys-initscript $RPM_BUILD_ROOT/etc/init.d/vsys +cp vsys.conf $RPM_BUILD_ROOT/etc + +install -D -m 644 vsys.logrotate $RPM_BUILD_ROOT/%{_sysconfdir}/logrotate.d/vsys + +%clean +rm -rf $RPM_BUILD_ROOT + +%files +/usr/bin/vsys +/etc/init.d/vsys +/vsys/* +%config(noreplace) /etc/vsys.conf +%{_sysconfdir}/logrotate.d/vsys + +%post +chkconfig --add vsys +chkconfig vsys on + +%postun + +%changelog +* Wed Jul 02 2008 Thierry Parmentelat - vsys-0.7-16 +- Usability changes that are necessary for the stability of CoMon + +* Wed Jun 25 2008 Stephen Soltesz - vsys-0.7-15 +- added patch to pl-ps needed by slicestat +- +- + +* Mon Jun 23 2008 Sapan Bhatia - vsys-0.7-14 +- This change is an attempt to fix unexpected blocking after many days of uptime, reported by KyoungSoo. + +* Thu Jun 19 2008 Stephen Soltesz - vsys-0.7-13 +- accept '-' in filenames also +- + +* Wed Jun 18 2008 Stephen Soltesz - vsys-0.7-12 +- don't overwrite the config file that already exists. +- + +* Wed Jun 18 2008 Sapan Bhatia - vsys-0.7-11 +- Suppress some temp file that RPM creates frmo showing up as a vsys script. +- +- + +* Wed Jun 18 2008 Sapan Bhatia - vsys-0.7-10 +- Changed a policy in vsys. When an acl is empty, the script doesn't show up in ANY slice. The previous behavior was for +- it to show up in all slices. +- +- + +* Wed Jun 18 2008 Sapan Bhatia - vsys-0.7-9 +- Added a vsys script for CoMon. +- + +* Mon Jun 16 2008 Stephen Soltesz - vsys-0.7-8 +- ignore non-existent directories after restart. +- + +* Fri May 16 2008 Stephen Soltesz - vsys-0.7-7 +- added logrotate configuration to package. +- + +* Mon May 12 2008 Stephen Soltesz - vsys-0.7-6 +- Added two new scripts for CoMon on 4.2 +- + +* Tue May 06 2008 Stephen Soltesz - vsys-0.7-5 +- +- Corrected directory that the script mounts to the correct one: +- /var/local/fprobe +- + +* Wed Apr 23 2008 Stephen Soltesz - vsys-0.7-4 +- Pulling the latest changes for the 4.2rc2 release +- + +* Fri Feb 15 2008 Faiyaz Ahmed - vsys-0.7-2 vsys-0.7-3 +- * daemonization, writing to a logfile, and saving the pid +- + diff --git a/vtop b/vtop new file mode 100755 index 0000000..00e44c0 --- /dev/null +++ b/vtop @@ -0,0 +1,12 @@ +#!/usr/bin/perl +use strict; + +############################################### +# vtop for slicestat by KyoungSoo Park +############################################### + +open THIS_PIPE, "/usr/sbin/vtop bn1 |"; +while() { + print; +} +close THIS_PIPE;