Permalink
Browse files

Merge remote branch 'upstream/master' into spotinstances

  • Loading branch information...
2 parents 36708f6 + da01a68 commit cb5e0dc81e397e82d685f0cb05ab65ab22f0ee70 @pauloricardomg pauloricardomg committed Aug 9, 2010
@@ -53,8 +53,21 @@ def parse_acl_request(xml):
users = {}
for g in grant_a:
- email = getText(g.getElementsByTagName("DisplayName")[0].childNodes)
- id = getText(g.getElementsByTagName("ID")[0].childNodes)
+ el = g.getElementsByTagName("URI")
+ if el != None and len(el) >= 1:
+ u = getText(el[0].childNodes)
+ if u == "http://acs.amazonaws.com/groups/global/AllUsers":
+ id = "CumulusPublicUser"
+ email = ""
+ else:
+ raise cbException('InvalidArgument')
+ else:
+ el = g.getElementsByTagName("DisplayName")
+ if el == None or len(el) < 1:
+ email = None
+ else:
+ email = getText(el[0].childNodes)
+ id = getText(g.getElementsByTagName("ID")[0].childNodes)
perm_set = g.getElementsByTagName("Permission")
perms = ""
@@ -523,6 +536,7 @@ def work(self):
rc = self.grant_public_permissions(self.bucketName, self.objectName)
if not rc:
xml = self.request.content.read()
+ pycb.log(logging.INFO, "xml %s" % (xml))
grants = parse_acl_request(xml)
for g in grants:
pycb.log(logging.INFO, "granting %s to %s" % (g[2], g[0]))
@@ -568,6 +582,7 @@ def work(self):
rc = self.grant_public_permissions(self.bucketName, self.objectName)
if not rc:
xml = self.request.content.read()
+ pycb.log(logging.ERROR, "acl xml %s" % (xml))
grants = parse_acl_request(xml)
for g in grants:
pycb.log(logging.INFO, "granting %s to %s" % (g[2], g[0]))
@@ -0,0 +1,24 @@
+#!/bin/bash
+
+bucket_name=CumulusTest$RANDOM
+fname=GRP$RANDOM
+
+s3cmd mb s3://$bucket_name
+# just run it a few times for races
+s3cmd -r put /etc/group s3://$bucket_name/$fname
+if [ "X$?" != "X0" ]; then
+ echo "recursive put failed"
+ exit 1
+fi
+s3cmd setacl --acl-public s3://$bucket_name/$fname
+if [ "X$?" != "X0" ]; then
+ echo "setacl failed failed"
+ exit 1
+fi
+
+s3cmd -r --force del s3://$bucket_name/
+if [ "X$?" != "X0" ]; then
+ echo "ERROR: delete bucket failed"
+ exit 1
+fi
+exit 0
@@ -1714,9 +1714,81 @@
<a name="backend-config-invm-networking"> </a>
<h2>Network configuration details _NAMELINK(backend-config-invm-networking)</h2>
<p>
- As of Nimbus 2.5, the networking and DHCP situation has changed, this section is currently undergoing an overhaul. Check back soon or contact the list.
+ While addresses for VMs are configured and chosen within the Nimbus service,
+ they are physically queried via an external DHCPd service. There are two ways
+ of arranging the DHCP configuration.
</p>
+<ol>
+ <li>
+ Centralized -- a new or existing DHCP service that you configure with Nimbus-specific
+ MAC to IP mappings. This is generally simpler to set up and is covered in the
+ <a href="z2c/networking-setup.html">Zero-to-Cloud guide</a>.
+ </li>
+ <li>
+ Local -- a DHCP server is installed on every VMM node and automatically configured
+ with the appropriate addresses just before a VM boots. This is more complicated to
+ set up initially but can be preferable in certain scenarios.
+ </li>
+</ol>
+<p>
+ Because Nimbus chooses the MAC address, it controls which DHCP entry will be
+ retrieved by the VM. Additionally, ebtables rules are configured to ensure that
+ a malicious or misconfigured VM cannot use another MAC or IP.
+</p>
+
+<p>
+ In a local DHCP scenario, <tt class="literal">workspace-control</tt> on each VMM
+ manages the DHCP configuration file and injects entries just before each VM boots.
+ To prevent DHCP broadcast requests from getting out to the LAN, an ebtables rule is
+ enacted to force packets to a specific local interface.
+</p>
+
+<p>
+ Configuring local DHCP is not difficult, but you should exercise caution to
+ ensure that the DHCP daemons on each VMM do not interfere with other networks.
+ First of all, you must install an ISC-compatible DHCP server. This should be
+ available on all Linux distributions.
+</p>
+<p>
+ Once installed, find the DHCP configuration location. Typically this is something
+ like <tt class="literal">/etc/dhcp/dhcpd.conf</tt> or
+ <tt class="literal">/etc/dhcp3/dhcpd.conf</tt>. Replace this file with the example
+ in the workspace-control package:
+ <tt class="literal">share/workspace-control/dhcp.conf.example</tt> and then edit
+ it to include proper subnet declarations for your network. Afterwards, try
+ restarting DHCP and checking logs to ensure that it started without error.
+</p>
+<p>
+ Next, edit the <tt class="literal">networks.conf</tt> file in
+ <tt class="literal">etc/workspace-control/</tt>. Set the
+ <tt class="literal">localdhcp</tt> option to <tt class="literal">true</tt>
+ and take a look at the <tt class="literal">dhcp-bridges</tt> section to configure
+ where DHCP packets are bridged to.
+</p>
+
+<p>
+ Finally, you may need to edit the sudo script that workspace-control uses to
+ alter <tt class="literal">dhcp.conf</tt> and restart the service. This script
+ is located at <tt class="literal">libexec/workspace-control/dhcp-config.sh</tt>.
+ It expects the following defaults:
+</p>
+
+<pre class="panel">
+# Policy file for script to adjust
+DHCPD_CONF="/etc/dhcpd.conf"
+
+# Command to run before policy adjustment
+DHCPD_STOP="/etc/init.d/dhcpd stop"
+
+# Command to run after policy adjustment
+DHCPD_START="/etc/init.d/dhcpd start"
+</pre>
+
+<p>
+ You should also ensure that this script can be called via sudo as the
+ <tt class="literal">nimbus</tt> user.
+</p>
<!-- *********************************************************************** -->
<!-- *********************************************************************** -->
@@ -226,13 +226,15 @@
for more information.
</p>
+<a name="whatnext"> </a>
<h3>What's next?</h3>
<p>
Once all of these tests succeed, your cloud is up and running. At this
- point you probably want to configure more VMM nodes and add them
- to the resource pool. You may also want to check out the
- <a href="../reference.html">reference page</a> for details about advanced
- configurations.
+ point you probably want to
+ <a href="../reference.html#resource-pool">configure more VMM nodes</a>
+ and add them to the resource pool. You may also want to check out the
+ <a href="../reference.html">reference page</a> sections for more
+ a list of other configurations and information.
</p>
<p>
You can also now start enabling remote users. You should familiarize yourself with the <a href="../reference.html#user-management">user management</a> tools, the <a href="../reference.html#nimbusweb-config">web application</a> that is available for securely distributing credentials, and look into configuring <a href="../reference.html#group-authz">per-user rights and allocations</a>.
@@ -9,6 +9,8 @@
<h2>Nimbus 2.5 Zero To Cloud Guide</h2>
+<img src="/images/z2c.png" width="640" height="348" />
+
<p>
This "zero to cloud" guide contains configuration information for system
administrators working with Nimbus.
@@ -106,13 +108,9 @@
client like you did before. But this time, a virtual machine
will be started for you as expected.
</p>
- </li>
- <li>
- <p>
- What Next?
- </p>
<p>
- You can now start enabling remote users. You should familiarize yourself with the <a href="../reference.html#user-management">user management</a> tools, the <a href="../reference.html#nimbusweb-config">web application</a> that is available for securely distributing credentials, and look into configuring <a href="../reference.html#group-authz">per-user rights and allocations</a>.
+ This page also describes <a href="final-tests.html#whatnext">what
+ to do next</a> after completing the guide.
</p>
</li>
</ul>
@@ -198,9 +198,13 @@
<pre class="panel">
$ grep Metadata $NIMBUS_HOME/var/services.log
-2010-07-30 14:50:33,769 INFO defaults.HTTPListener [main,initServer:84] Metadata server URL: 'http://0.0.0.0:8090'
+2010-07-30 14:50:33,769 INFO defaults.HTTPListener [main,initServer:84] Metadata server URL:
</pre>
+<p>
+ Now you are ready to configure real nodes. Proceed to the next page to
+ <a href="vmm-setup.html">Install VMM Software</a>.
+</p>
_NIMBUS_CENTER2_COLUMN_END

0 comments on commit cb5e0dc

Please sign in to comment.