ia64/xen-unstable

changeset 3592:b3c74ea53d8a

bitkeeper revision 1.1159.223.53 (41fc0c19tGe1rM62SUQk8WYZjH-D1Q)

Add iptables modules to the default xen0 kernel, and add example configuration files for a NAT setup.
author iap10@labyrinth.cl.cam.ac.uk
date Sat Jan 29 22:20:09 2005 +0000 (2005-01-29)
parents 48cc820f2cff
children 3a17f2625dc3 a5f1a6abfc46
files .rootkeys linux-2.6.10-xen-sparse/arch/xen/configs/xen0_defconfig tools/examples/network-nat tools/examples/vif-nat tools/examples/xmexample3
line diff
     1.1 --- a/.rootkeys	Sat Jan 29 12:03:44 2005 +0000
     1.2 +++ b/.rootkeys	Sat Jan 29 22:20:09 2005 +0000
     1.3 @@ -314,12 +314,15 @@ 41597996GHP2_yVih2UspXh328fgMQ tools/exa
     1.4  405ff55dawQyCHFEnJ067ChPRoXBBA tools/examples/init.d/xend
     1.5  40278d94cIUWl2eRgnwZtr4hTyWT1Q tools/examples/init.d/xendomains
     1.6  40ee75a9xFz6S05sDKu-JCLqyVTkDA tools/examples/network
     1.7 +41fc0c18hVgK5rKJyZUsqybux9D9Dg tools/examples/network-nat
     1.8  41e661e1giIEKbJ25qfiP-ke8u8hFA tools/examples/network-route
     1.9  40ee75a967sxgcRY4Q7zXoVUaJ4flA tools/examples/vif-bridge
    1.10 +41fc0c18AFAVXA1uGm1JFWHMeeznVw tools/examples/vif-nat
    1.11  41e661e1ooiRKlOfwumG6wwzc0PdhQ tools/examples/vif-route
    1.12  40ee75a93cqxHp6MiYXxxwR5j2_8QQ tools/examples/xend-config.sxp
    1.13  41090ec8Pj_bkgCBpg2W7WfmNkumEA tools/examples/xmexample1
    1.14  40cf2937oKlROYOJTN8GWwWM5AmjBg tools/examples/xmexample2
    1.15 +41fc0c18_k4iL81hu4pMIWQu9dKpKA tools/examples/xmexample3
    1.16  3fbba6dbDfYvJSsw9500b4SZyUhxjQ tools/libxc/Makefile
    1.17  41cc934abX-QLXJXW_clV_wRjM0zYg tools/libxc/plan9a.out.h
    1.18  3fbba6dc1uU7U3IFeF6A-XEOYF2MkQ tools/libxc/rpm.spec
     2.1 --- a/linux-2.6.10-xen-sparse/arch/xen/configs/xen0_defconfig	Sat Jan 29 12:03:44 2005 +0000
     2.2 +++ b/linux-2.6.10-xen-sparse/arch/xen/configs/xen0_defconfig	Sat Jan 29 22:20:09 2005 +0000
     2.3 @@ -499,7 +499,7 @@ CONFIG_IP_NF_FTP=m
     2.4  # CONFIG_IP_NF_QUEUE is not set
     2.5  CONFIG_IP_NF_IPTABLES=m
     2.6  # CONFIG_IP_NF_MATCH_LIMIT is not set
     2.7 -# CONFIG_IP_NF_MATCH_IPRANGE is not set
     2.8 +CONFIG_IP_NF_MATCH_IPRANGE=m
     2.9  # CONFIG_IP_NF_MATCH_MAC is not set
    2.10  # CONFIG_IP_NF_MATCH_PKTTYPE is not set
    2.11  # CONFIG_IP_NF_MATCH_MARK is not set
    2.12 @@ -522,11 +522,20 @@ CONFIG_IP_NF_IPTABLES=m
    2.13  # CONFIG_IP_NF_MATCH_SCTP is not set
    2.14  # CONFIG_IP_NF_MATCH_COMMENT is not set
    2.15  # CONFIG_IP_NF_MATCH_HASHLIMIT is not set
    2.16 -# CONFIG_IP_NF_FILTER is not set
    2.17 +CONFIG_IP_NF_FILTER=m
    2.18 +CONFIG_IP_NF_TARGET_REJECT=m
    2.19  # CONFIG_IP_NF_TARGET_LOG is not set
    2.20  # CONFIG_IP_NF_TARGET_ULOG is not set
    2.21  # CONFIG_IP_NF_TARGET_TCPMSS is not set
    2.22 -# CONFIG_IP_NF_NAT is not set
    2.23 +CONFIG_IP_NF_NAT=m
    2.24 +CONFIG_IP_NF_NAT_NEEDED=y
    2.25 +CONFIG_IP_NF_TARGET_MASQUERADE=m
    2.26 +# CONFIG_IP_NF_TARGET_REDIRECT is not set
    2.27 +# CONFIG_IP_NF_TARGET_NETMAP is not set
    2.28 +# CONFIG_IP_NF_TARGET_SAME is not set
    2.29 +# CONFIG_IP_NF_NAT_LOCAL is not set
    2.30 +# CONFIG_IP_NF_NAT_SNMP_BASIC is not set
    2.31 +CONFIG_IP_NF_NAT_FTP=m
    2.32  # CONFIG_IP_NF_MANGLE is not set
    2.33  # CONFIG_IP_NF_RAW is not set
    2.34  # CONFIG_IP_NF_ARPTABLES is not set
     3.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     3.2 +++ b/tools/examples/network-nat	Sat Jan 29 22:20:09 2005 +0000
     3.3 @@ -0,0 +1,77 @@
     3.4 +#!/bin/sh
     3.5 +#============================================================================
     3.6 +# Default Xen network start/stop script.
     3.7 +# Xend calls a network script when it starts.
     3.8 +# The script name to use is defined in /etc/xen/xend-config.sxp
     3.9 +# in the network-script field.
    3.10 +#
    3.11 +# Usage:
    3.12 +#
    3.13 +# network-route (start|stop|status) {VAR=VAL}*
    3.14 +#
    3.15 +# Vars:
    3.16 +#
    3.17 +# netdev     The gateway interface (default eth0).
    3.18 +# antispoof  Whether to use iptables to prevent spoofing (default yes).
    3.19 +#
    3.20 +#============================================================================
    3.21 +
    3.22 +
    3.23 +
    3.24 +# Exit if anything goes wrong.
    3.25 +set -e 
    3.26 +
    3.27 +# First arg is the operation.
    3.28 +OP=$1
    3.29 +shift
    3.30 +
    3.31 +# Pull variables in args in to environment.
    3.32 +for arg ; do export "${arg}" ; done
    3.33 +
    3.34 +netdev=${netdev:-eth0}
    3.35 +# antispoofing not yet implemented
    3.36 +antispoof=${antispoof:-yes}
    3.37 +
    3.38 +echo "network-nat $OP netdev=$netdev antispoof=$antispoof"
    3.39 +
    3.40 +
    3.41 +op_start() {
    3.42 +	echo 1 >/proc/sys/net/ipv4/ip_forward
    3.43 +	iptables -t nat -A POSTROUTING -o ${netdev} -j MASQUERADE
    3.44 +}
    3.45 +
    3.46 +
    3.47 +op_stop() {
    3.48 +	iptables -t nat -D POSTROUTING -o ${netdev} -j MASQUERADE
    3.49 +}
    3.50 +
    3.51 +
    3.52 +show_status() {
    3.53 +    echo '============================================================'
    3.54 +    ifconfig
    3.55 +    echo ' '
    3.56 +    ip route list
    3.57 +    echo ' '
    3.58 +    route -n
    3.59 +    echo '============================================================'
    3.60 +
    3.61 +}
    3.62 +
    3.63 +case ${OP} in
    3.64 +    start)
    3.65 +        op_start
    3.66 +        ;;
    3.67 +    
    3.68 +    stop)
    3.69 +        op_stop
    3.70 +        ;;
    3.71 +
    3.72 +    status)
    3.73 +        show_status
    3.74 +       ;;
    3.75 +
    3.76 +    *)
    3.77 +       echo 'Unknown command: ' ${OP}
    3.78 +       echo 'Valid commands are: start, stop, status'
    3.79 +       exit 1
    3.80 +esac
     4.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     4.2 +++ b/tools/examples/vif-nat	Sat Jan 29 22:20:09 2005 +0000
     4.3 @@ -0,0 +1,66 @@
     4.4 +#!/bin/sh
     4.5 +#============================================================================
     4.6 +# /etc/xen/vif-nat
     4.7 +#
     4.8 +# Script for configuring a vif in routed-nat mode.
     4.9 +# Xend calls a vif script when bringing a vif up or down.
    4.10 +# This script is the default - but it can be configured for each vif.
    4.11 +#
    4.12 +# Example invocation:
    4.13 +#
    4.14 +# vif-nat up domain=VM1 vif=vif1.0 ip="192.168.0.10/31"
    4.15 +#
    4.16 +# Usage:
    4.17 +# vif-nat (up|down) {VAR=VAL}*
    4.18 +#
    4.19 +# Vars:
    4.20 +#
    4.21 +# domain  name of the domain the interface is on (required).
    4.22 +# vif     vif interface name (required).
    4.23 +# ip      list of IP networks for the vif, space-separated (required).
    4.24 +#============================================================================
    4.25 +
    4.26 +# Exit if anything goes wrong
    4.27 +set -e 
    4.28 +
    4.29 +echo "vif-nat $*"
    4.30 +
    4.31 +# Operation name.
    4.32 +OP=$1
    4.33 +shift
    4.34 +
    4.35 +# Pull variables in args into environment
    4.36 +for arg ; do export "${arg}" ; done
    4.37 +
    4.38 +# Required parameters. Fail if not set.
    4.39 +domain=${domain:?}
    4.40 +vif=${vif:?}
    4.41 +ip=${ip:?} 
    4.42 +
    4.43 +# better way to strip /netmask from the ip?
    4.44 +vif_ip=`echo ${ip} | awk -F. '{print $1"."$2"."$3"."$4}'`
    4.45 +
    4.46 +main_ip=`ifconfig eth0 | grep "inet addr:" | sed -e 's/.*inet addr:\(\w\w*\.\w\w*\.\w\w*\.\w\w*\).*/\1/'`
    4.47 +
    4.48 +# Are we going up or down?
    4.49 +case $OP in
    4.50 +    up)
    4.51 +        ifconfig ${vif} ${vif_ip} netmask 255.255.255.0 up
    4.52 +        echo 1 >/proc/sys/net/ipv4/conf/${vif}/proxy_arp
    4.53 +        iptcmd='-A'
    4.54 +        ipcmd='a'
    4.55 +        ;;
    4.56 +    down)
    4.57 +        ifconfig ${vif} down
    4.58 +        iptcmd='-D'
    4.59 +        ipcmd='d'
    4.60 +        ;;
    4.61 +    *)
    4.62 +        echo 'Invalid command: ' $OP
    4.63 +        echo 'Valid commands are: up, down'
    4.64 +        exit 1
    4.65 +        ;;
    4.66 +esac
    4.67 +
    4.68 +ip r ${ipcmd} ${ip} dev ${vif} src ${main_ip}
    4.69 +#    iptables ${iptcmd} FORWARD -m physdev --physdev-in ${vif} -p udp --sport 68 --dport 67 -j ACCEPT
     5.1 --- /dev/null	Thu Jan 01 00:00:00 1970 +0000
     5.2 +++ b/tools/examples/xmexample3	Sat Jan 29 22:20:09 2005 +0000
     5.3 @@ -0,0 +1,120 @@
     5.4 +#  -*- mode: python; -*-
     5.5 +#============================================================================
     5.6 +# Example Python setup script for 'xm create'.
     5.7 +# This script sets the parameters used when a domain is created using 'xm create'.
     5.8 +#
     5.9 +# This is a relatively advanced script that uses a parameter, vmid, to control
    5.10 +# the settings. So this script can be used to start a set of domains by
    5.11 +# setting the vmid parameter on the 'xm create' command line. For example:
    5.12 +#
    5.13 +# xm create vmid=1
    5.14 +# xm create vmid=2
    5.15 +# xm create vmid=3
    5.16 +#
    5.17 +# The vmid is purely a script variable, and has no effect on the the domain
    5.18 +# id assigned to the new domain.
    5.19 +#============================================================================
    5.20 +
    5.21 +# Define script variables here.
    5.22 +# xm_vars is defined automatically, use xm_vars.var() to define a variable.
    5.23 +
    5.24 +# This function checks that 'vmid' has been given a valid value.
    5.25 +# It is called automatically by 'xm create'.
    5.26 +def vmid_check(var, val):
    5.27 +    val = int(val)
    5.28 +    if val <= 0:
    5.29 +        raise ValueError
    5.30 +    return val
    5.31 +
    5.32 +# Define the 'vmid' variable so that 'xm create' knows about it.
    5.33 +xm_vars.var('vmid',
    5.34 +            use="Virtual machine id. Integer greater than 0.",
    5.35 +            check=vmid_check)
    5.36 +
    5.37 +# Check the defined variables have valid values..
    5.38 +xm_vars.check()
    5.39 +
    5.40 +#----------------------------------------------------------------------------
    5.41 +# Kernel image file.
    5.42 +kernel = "/path/to/domU/kernel"
    5.43 +
    5.44 +# Optional ramdisk.
    5.45 +#ramdisk = "/boot/initrd.gz"
    5.46 +
    5.47 +# The domain build function. Default is 'linux'.
    5.48 +#builder='linux'
    5.49 +
    5.50 +# Initial memory allocation (in megabytes) for the new domain.
    5.51 +memory = 64
    5.52 +
    5.53 +# A name for the new domain. All domains have to have different names,
    5.54 +# so we use the vmid to create a name.
    5.55 +name = "VM%d" % vmid
    5.56 +
    5.57 +# Which CPU to start domain on? 
    5.58 +#cpu = -1   # leave to Xen to pick
    5.59 +cpu = vmid  # set based on vmid (mod number of CPUs)
    5.60 +
    5.61 +#----------------------------------------------------------------------------
    5.62 +# Define network interfaces.
    5.63 +
    5.64 +# Number of network interfaces. Default is 1.
    5.65 +#nics=1
    5.66 +
    5.67 +# Optionally define mac and/or bridge for the network interfaces.
    5.68 +# Random MACs are assigned if not given.
    5.69 +
    5.70 +vif = [ 'ip=192.168.%d.1/24' % (vmid)]
    5.71 +
    5.72 +#----------------------------------------------------------------------------
    5.73 +# Define the disk devices you want the domain to have access to, and
    5.74 +# what you want them accessible as.
    5.75 +# Each disk entry is of the form phy:UNAME,DEV,MODE
    5.76 +# where UNAME is the device, DEV is the device name the domain will see,
    5.77 +# and MODE is r for read-only, w for read-write.
    5.78 +
    5.79 +# This makes the disk device depend on the vmid - assuming
    5.80 +# tHat devices sda7, sda8 etc. exist. The device is exported
    5.81 +# to all domains as sda1.
    5.82 +# All domains get sda6 read-only (to use for /usr, see below).
    5.83 +disk = [ 'phy:hda%d,hda1,w' % (vmid)]
    5.84 +
    5.85 +#----------------------------------------------------------------------------
    5.86 +# Set the kernel command line for the new domain.
    5.87 +# You only need to define the IP parameters and hostname if the domain's
    5.88 +# IP config doesn't, e.g. in ifcfg-eth0 or via DHCP.
    5.89 +# You can use 'extra' to set the runlevel and custom environment
    5.90 +# variables used by custom rc scripts (e.g. VMID=, usr= ).
    5.91 +
    5.92 +# Set if you want dhcp to allocate the IP address.
    5.93 +dhcp="off"
    5.94 +ip="192.168.%d.2" % (vmid)
    5.95 +# Set netmask.
    5.96 +netmask="255.255.255.0"
    5.97 +# Set default gateway.
    5.98 +gateway="192.168.%d.1" % (vmid)
    5.99 +# Set the hostname.
   5.100 +hostname= "domain-%d.xeno" % vmid
   5.101 +
   5.102 +# Set root device.
   5.103 +root = "/dev/hda1 ro"
   5.104 +
   5.105 +# Root device for nfs.
   5.106 +#root = "/dev/nfs"
   5.107 +# The nfs server.
   5.108 +#nfs_server = "10.212.4.103"
   5.109 +# Root directory on the nfs server.
   5.110 +#nfs_root   = "/path/to/root/filesystem"
   5.111 +
   5.112 +# Sets runlevel 4 and the device for /usr.
   5.113 +extra = "4 VMID=%d" % vmid
   5.114 +
   5.115 +#----------------------------------------------------------------------------
   5.116 +# Set according to whether you want the domain restarted when it exits.
   5.117 +# The default is 'onreboot', which restarts the domain when it shuts down
   5.118 +# with exit code reboot.
   5.119 +# Other values are 'always', and 'never'.
   5.120 +
   5.121 +#restart = 'onreboot'
   5.122 +
   5.123 +#============================================================================