QubesOS/qubes-linux-template-builder
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Removed portions of qubes setup that are now handled within core-agent-linux

Browse Source
This commit is contained in:
Jason Mehring 2014-11-02 16:20:41 -05:00
parent 0e53e2954f
commit cbe081b7bc
33 changed files with 51 additions and 3412 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

102
scripts_debian/04_install_qubes.sh
View File

@ -58,26 +58,26 @@ EOF
chroot "${INSTALLDIR}" locale-gen
chroot "${INSTALLDIR}" update-locale LANG=en_US.UTF-8
# --------------------------------------------------------------------------
# Update /etc/fstab
# --------------------------------------------------------------------------
debug "Updating template fstab file..."
cat >> "${INSTALLDIR}/etc/fstab" <<EOF
/dev/mapper/dmroot / ext4 defaults,noatime 1 1
/dev/xvdc1 swap swap defaults 0 0
/dev/xvdb /rw ext4 noauto,defaults,discard 1 2
/rw/home /home none noauto,bind,defaults 0 0
tmpfs /dev/shm tmpfs defaults 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
proc /proc proc defaults 0 0
sysfs /sys sysfs defaults 0 0
xen /proc/xen xenfs defaults 0 0
/dev/xvdi /mnt/removable auto noauto,user,rw 0 0
/dev/xvdd /lib/modules ext3 defaults 0 0
EOF
# # --------------------------------------------------------------------------
# # Update /etc/fstab
# # --------------------------------------------------------------------------
# #debug "Updating template fstab file..."
# #cat >> "${INSTALLDIR}/etc/fstab" <<EOF
#/dev/mapper/dmroot / ext4 defaults,noatime 1 1
#/dev/xvdc1 swap swap defaults 0 0
#
#/dev/xvdb /rw ext4 noauto,defaults,discard 1 2
#/rw/home /home none noauto,bind,defaults 0 0
#
#tmpfs /dev/shm tmpfs defaults 0 0
#devpts /dev/pts devpts gid=5,mode=620 0 0
#proc /proc proc defaults 0 0
#sysfs /sys sysfs defaults 0 0
#xen /proc/xen xenfs defaults 0 0
#
#/dev/xvdi /mnt/removable auto noauto,user,rw 0 0
#/dev/xvdd /lib/modules ext3 defaults 0 0
#EOF
# --------------------------------------------------------------------------
# Link mtab
@ -85,10 +85,10 @@ EOF
rm -f "${INSTALLDIR}/etc/mtab"
ln -s "../proc/self/mounts" "${INSTALLDIR}/etc/mtab"
# --------------------------------------------------------------------------
# Create modules directory
# --------------------------------------------------------------------------
mkdir -p "${INSTALLDIR}/lib/modules"
# # --------------------------------------------------------------------------
# # Create modules directory
# # --------------------------------------------------------------------------
# mkdir -p "${INSTALLDIR}/lib/modules"
# --------------------------------------------------------------------------
# Start of Qubes package installation
@ -158,30 +158,30 @@ EOF
# --------------------------------------------------------------------------
rm -f "${BUILDCHROOT}/usr/sbin/policy-rc.d"
# --------------------------------------------------------------------------
# Qubes needs a user named 'user'
# --------------------------------------------------------------------------
if chroot "${INSTALLDIR}" id -u 'user' >/dev/null 2>&1; then
:
else
chroot "${INSTALLDIR}" groupadd -f user
chroot "${INSTALLDIR}" useradd -g user -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user
fi
# # --------------------------------------------------------------------------
# # Qubes needs a user named 'user'
# # --------------------------------------------------------------------------
# if chroot "${INSTALLDIR}" id -u 'user' >/dev/null 2>&1; then
# :
# else
# chroot "${INSTALLDIR}" groupadd -f user
# chroot "${INSTALLDIR}" useradd -g user -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user
# fi
# --------------------------------------------------------------------------
# Modules setup
# --------------------------------------------------------------------------
echo "xen_netfront" >> "${INSTALLDIR}/etc/modules"
# # --------------------------------------------------------------------------
# # Modules setup
# # --------------------------------------------------------------------------
# echo "xen_netfront" >> "${INSTALLDIR}/etc/modules"
# --------------------------------------------------------------------------
# Remove `mesg` from root/.profile?
# --------------------------------------------------------------------------
sed -i -e '/^mesg n/d' "${INSTALLDIR}/root/.profile"
# # --------------------------------------------------------------------------
# # Remove `mesg` from root/.profile?
# # --------------------------------------------------------------------------
# sed -i -e '/^mesg n/d' "${INSTALLDIR}/root/.profile"
# --------------------------------------------------------------------------
# Need a xen log directory or xen scripts will fail
# --------------------------------------------------------------------------
mkdir -p -m 0700 "${INSTALLDIR}/var/log/xen"
# # --------------------------------------------------------------------------
# # Need a xen log directory or xen scripts will fail
# # --------------------------------------------------------------------------
# mkdir -p -m 0700 "${INSTALLDIR}/var/log/xen"
# --------------------------------------------------------------------------
# Copy extra files to installation directory. Contains:
@ -189,12 +189,12 @@ EOF
# --------------------------------------------------------------------------
copyTree "qubes-files" "${SCRIPTSDIR}" "${INSTALLDIR}"
# --------------------------------------------------------------------------
# Looks like hosts file may contain tabs and qubes will not parse it
# correctly
# --------------------------------------------------------------------------
expand "${INSTALLDIR}/etc/hosts" > "${INSTALLDIR}/etc/hosts.dist"
mv "${INSTALLDIR}/etc/hosts.dist" "${INSTALLDIR}/etc/hosts"
# # --------------------------------------------------------------------------
# # Looks like hosts file may contain tabs and qubes will not parse it
# # correctly
# # --------------------------------------------------------------------------
# expand "${INSTALLDIR}/etc/hosts" > "${INSTALLDIR}/etc/hosts.dist"
# mv "${INSTALLDIR}/etc/hosts.dist" "${INSTALLDIR}/etc/hosts"
touch "${INSTALLDIR}/tmp/.prepared_qubes"
fi

231
scripts_debian/proxy/files/.facl
View File

@ -40,234 +40,3 @@ user::rw-
group::r--
other::r--
# file: etc/xen
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/vif-bridge
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/vtpm-delete
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/vif2
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/vtpm
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/external-device-migrate
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/vif-route-qubes
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: etc/xen/scripts/network-nat
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/xen-hotplug-common.sh
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/vtpm-common.sh
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/vtpm-impl
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/locking.sh
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/xen-hotplug-cleanup
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/xen-network-common.sh
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/block-nbd
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/block
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/hotplugpath.sh
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/vtpm-migration.sh
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/network-bridge
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/block-enbd
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/vif-common.sh
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/vif-setup
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/vif-nat
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/vif-route
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/vscsi
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/network-route
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/blktap
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/xen-script-common.sh
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/logging.sh
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/block-common.sh
# owner: root
# group: root
user::rwx
group::---
other::---
# file: etc/xen/scripts/vtpm-hotplug-common.sh
# owner: root
# group: root
user::rwx
group::---
other::---
# file: .facl
# owner: user
# group: user
user::rwx
group::rwx
other::rwx

4
scripts_debian/proxy/files/etc/udev/rules.d/98-kexec.rules
View File

@ -1,4 +0,0 @@
SUBSYSTEM=="cpu", ACTION=="online", PROGRAM="/bin/systemctl try-restart kdump.service"
SUBSYSTEM=="cpu", ACTION=="offline", PROGRAM="/bin/systemctl try-restart kdump.service"
SUBSYSTEM=="memory", ACTION=="add", PROGRAM="/bin/systemctl try-restart kdump.service"
SUBSYSTEM=="memory", ACTION=="remove", PROGRAM="/bin/systemctl try-restart kdump.service"

94
scripts_debian/proxy/files/etc/xen/scripts/blktap
View File

@ -1,94 +0,0 @@
#!/bin/bash
# Copyright (c) 2005, XenSource Ltd.
dir=$(dirname "$0")
. "$dir/xen-hotplug-common.sh"
. "$dir/block-common.sh"
findCommand "$@"
##
# check_blktap_sharing file mode
#
# Perform the sharing check for the given blktap and mode.
#
check_blktap_sharing()
{
local file="$1"
local mode="$2"
local base_path="$XENBUS_BASE_PATH/$XENBUS_TYPE"
for dom in $(xenstore-list "$base_path")
do
for dev in $(xenstore-list "$base_path/$dom")
do
params=$(xenstore_read_default "$base_path/$dom/$dev/params" "" | cut -d: -f2)
if [ "$file" = "$params" ]
then
if [ "$mode" = 'w' ]
then
if ! same_vm "$dom"
then
echo 'guest'
return
fi
else
local m=$(xenstore_read_default "$base_path/$dom/$dev/mode" "")
m=$(canonicalise_mode "$m")
if [ "$m" = 'w' ]
then
if ! same_vm "$dom"
then
echo 'guest'
return
fi
fi
fi
fi
done
done
echo 'ok'
}
t=$(xenstore_read_default "$XENBUS_PATH/type" 'MISSING')
if [ -n "$t" ]
then
p=$(xenstore_read "$XENBUS_PATH/params")
p=${p#tapdisk:}
# if we have a ':', chew from head including :
if echo $p | grep -q \:
then
p=${p#*:}
fi
fi
# some versions of readlink cannot be passed a regular file
if [ -L "$p" ]; then
file=$(readlink -f "$p") || fatal "$p link does not exist."
else
file="$p"
fi
if [ "$command" = 'add' ]
then
[ -e "$file" ] || { fatal $file does not exist; }
FRONTEND_ID=$(xenstore_read "$XENBUS_PATH/frontend-id")
FRONTEND_UUID=$(xenstore_read "/local/domain/$FRONTEND_ID/vm")
mode=$(xenstore_read "$XENBUS_PATH/mode")
mode=$(canonicalise_mode "$mode")
if [ "$mode" != '!' ]
then
result=$(check_blktap_sharing "$file" "$mode")
[ "$result" = 'ok' ] || ebusy "$file already in use by other domain"
fi
success
fi
exit 0

354
scripts_debian/proxy/files/etc/xen/scripts/block
View File

@ -1,354 +0,0 @@
#!/bin/bash
dir=$(dirname "$0")
. "$dir/block-common.sh"
HOTPLUG_STORE="/var/run/xen-hotplug/${XENBUS_PATH//\//-}"
expand_dev() {
local dev
case $1 in
/*)
dev=$1
;;
*)
dev=/dev/$1
;;
esac
echo -n $dev
}
find_free_loopback_helper() {
local next_devnum=0
local busy_devnum
while read busy_devnum; do
if [ "$next_devnum" != "$busy_devnum" ]; then
break
fi
let next_devnum=$next_devnum+1
done
echo "/dev/loop${next_devnum}"
}
# Not all distros have "losetup -f"
find_free_loopback_dev() {
local loopdev
loopdev=$(losetup -a | sed -e 's+^/dev/loop++' -e 's/:.*//' | find_free_loopback_helper)
if [ -n "$loopdev" ] && [ -b "$loopdev" ]; then
echo "$loopdev"
fi
}
##
# check_sharing device mode
#
# Check whether the device requested is already in use. To use the device in
# read-only mode, it may be in use in read-only mode, but may not be in use in
# read-write anywhere at all. To use the device in read-write mode, it must
# not be in use anywhere at all.
#
# Prints one of
#
# 'local': the device may not be used because it is mounted in the current
# (i.e. the privileged domain) in a way incompatible with the
# requested mode;
# 'guest': the device may not be used because it already mounted by a guest
# in a way incompatible with the requested mode; or
# 'ok': the device may be used.
#
check_sharing()
{
local dev="$1"
local mode="$2"
local devmm=$(device_major_minor "$dev")
local file
if [ "$mode" = 'w' ]
then
toskip="^$"
else
toskip="^[^ ]* [^ ]* [^ ]* ro[, ]"
fi
for file in $(cat /proc/mounts | grep -v "$toskip" | cut -f 1 -d ' ')
do
if [ -e "$file" ]
then
local d=$(device_major_minor "$file")
if [ "$d" = "$devmm" ]
then
echo 'local'
return
fi
fi
done
local base_path="$XENBUS_BASE_PATH/$XENBUS_TYPE"
for dom in $(xenstore-list "$base_path")
do
for dev in $(xenstore-list "$base_path/$dom")
do
d=$(xenstore_read_default "$base_path/$dom/$dev/physical-device" "")
if [ "$d" = "$devmm" ]
then
if [ "$mode" = 'w' ]
then
if ! same_vm $dom
then
echo 'guest'
return
fi
else
local m=$(xenstore_read_default "$base_path/$dom/$dev/mode" "")
m=$(canonicalise_mode "$m")
if [ "$m" = 'w' ]
then
if ! same_vm $dom
then
echo 'guest'
return
fi
fi
fi
fi
done
done
echo 'ok'
}
##
# check_device_sharing dev mode
#
# Perform the sharing check for the given physical device and mode.
#
check_device_sharing()
{
local dev="$1"
local mode=$(canonicalise_mode "$2")
local result
if [ "x$mode" = 'x!' ]
then
return 0
fi
result=$(check_sharing "$dev" "$mode")
if [ "$result" != 'ok' ]
then
do_ebusy "Device $dev is mounted " "$mode" "$result"
fi
}
##
# check_device_sharing file dev mode
#
# Perform the sharing check for the given file mounted through the given
# loopback interface, in the given mode.
#
check_file_sharing()
{
local file="$1"
local dev="$2"
local mode="$3"
result=$(check_sharing "$dev" "$mode")
if [ "$result" != 'ok' ]
then
do_ebusy "File $file is loopback-mounted through $dev,
which is mounted " "$mode" "$result"
fi
}
##
# do_ebusy prefix mode result
#
# Helper function for check_device_sharing check_file_sharing, calling ebusy
# with an error message constructed from the given prefix, mode, and result
# from a call to check_sharing.
#
do_ebusy()
{
local prefix="$1"
local mode="$2"
local result="$3"
if [ "$result" = 'guest' ]
then
dom='a guest '
when='now'
else
dom='the privileged '
when='by a guest'
fi
if [ "$mode" = 'w' ]
then
m1=''
m2=''
else
m1='read-write '
m2='read-only '
fi
release_lock "block"
ebusy \
"${prefix}${m1}in ${dom}domain,
and so cannot be mounted ${m2}${when}."
}
t=$(xenstore_read_default "$XENBUS_PATH/type" 'MISSING')
case "$command" in
add)
phys=$(xenstore_read_default "$XENBUS_PATH/physical-device" 'MISSING')
if [ "$phys" != 'MISSING' ]
then
# Depending upon the hotplug configuration, it is possible for this
# script to be called twice, so just bail.
exit 0
fi
if [ -n "$t" ]
then
p=$(xenstore_read "$XENBUS_PATH/params")
mode=$(xenstore_read "$XENBUS_PATH/mode")
echo $p > "$HOTPLUG_STORE-params"
echo $mode > "$HOTPLUG_STORE-mode"
echo $t > "$HOTPLUG_STORE-type"
fi
FRONTEND_ID=$(xenstore_read "$XENBUS_PATH/frontend-id")
FRONTEND_UUID=$(xenstore_read_default \
"/local/domain/$FRONTEND_ID/vm" 'unknown')
case $t in
phy)
dev=$(expand_dev $p)
if [ -L "$dev" ]
then
dev=$(readlink -f "$dev") || fatal "$dev link does not exist."
fi
test -e "$dev" || fatal "$dev does not exist."
test -b "$dev" || fatal "$dev is not a block device."
claim_lock "block"
check_device_sharing "$dev" "$mode"
write_dev "$dev"
release_lock "block"
exit 0
;;
file)
# Canonicalise the file, for sharing check comparison, and the mode
# for ease of use here.
file=$(readlink -f "$p") || fatal "$p does not exist."
test -f "$file" || fatal "$file does not exist."
mode=$(canonicalise_mode "$mode")
claim_lock "block"
# Avoid a race with the remove if the path has been deleted, or
# otherwise changed from "InitWait" state e.g. due to a timeout
xenbus_state=$(xenstore_read_default "$XENBUS_PATH/state" 'unknown')
if [ "$xenbus_state" != '2' ]
then
release_lock "block"
fatal "Path closed or removed during hotplug add: $XENBUS_PATH state: $xenbus_state"
fi
if [ "$mode" = 'w' ] && ! stat "$file" -c %A | grep -q w
then
release_lock "block"
ebusy \
"File $file is read-only, and so I will not
mount it read-write in a guest domain."
fi
if [ "x$mode" != 'x!' ]
then
inode=$(stat -c '%i' "$file")
dev=$(stat -c '%D' "$file")
if [ -z "$inode" ] || [ -z "$dev" ]
then
fatal "Unable to lookup $file: dev: $dev inode: $inode"
fi
shared_list=$(losetup -j "$file" | head -n 1 | cut -d : -f 1)
for dev in "$shared_list"
do
if [ -n "$dev" ]
then
check_file_sharing "$file" "$dev" "$mode"
loopdev="$dev"
fi
done
fi
if [ -z "$loopdev" ]; then
loopdev=$(losetup -f 2>/dev/null || find_free_loopback_dev)
if [ "$loopdev" = '' ]
then
release_lock "block"
fatal 'Failed to find an unused loop device'
fi
if LANG=C losetup -h 2>&1 | grep read-only >/dev/null
then
roflag="-$mode"; roflag="${roflag#-w}"; roflag="${roflag#-!}"
else
roflag=''
fi
do_or_die losetup $roflag "$loopdev" "$file"
fi
xenstore_write "$XENBUS_PATH/node" "$loopdev"
echo $loopdev > "$HOTPLUG_STORE-node"
write_dev "$loopdev"
release_lock "block"
exit 0
;;
"")
claim_lock "block"
success
release_lock "block"
;;
esac
;;
remove)
t=$(cat $HOTPLUG_STORE-type)
case $t in
phy)
exit 0
;;
file)
claim_lock "block"
node=$(cat "$HOTPLUG_STORE-node")
losetup -d "$node"
release_lock "block"
exit 0
;;
"")
exit 0
;;
esac
;;
esac
# If we've reached here, $t is neither phy nor file, so fire a helper script.
[ -x ${XEN_SCRIPT_DIR}/block-"$t" ] && \
${XEN_SCRIPT_DIR}/block-"$t" "$command" $node

125
scripts_debian/proxy/files/etc/xen/scripts/block-common.sh
View File

@ -1,125 +0,0 @@
#
# Copyright (c) 2005 XenSource Ltd.
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of version 2.1 of the GNU Lesser General Public
# License as published by the Free Software Foundation.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
dir=$(dirname "$0")
. "$dir/xen-hotplug-common.sh"
findCommand "$@"
if [ "$command" != "add" ] &&
[ "$command" != "remove" ]
then
log err "Invalid command: $command"
exit 1
fi
XENBUS_PATH="${XENBUS_PATH:?}"
ebusy()
{
xenstore_write "$XENBUS_PATH/hotplug-error" "$*" \
"$XENBUS_PATH/hotplug-status" busy
log err "$@"
exit 1
}
##
# Print the given device's major and minor numbers, written in hex and
# separated by a colon.
device_major_minor()
{
stat -L -c %t:%T "$1"
}
##
# Write physical-device = MM,mm to the store, where MM and mm are the major
# and minor numbers of device respectively.
#
# @param device The device from which major and minor numbers are read, which
# will be written into the store.
#
write_dev() {
local mm
mm=$(device_major_minor "$1")
if [ -z $mm ]
then
fatal "Backend device does not exist"
fi
xenstore_write "$XENBUS_PATH/physical-device" "$mm"
success
}
##
# canonicalise_mode mode
#
# Takes the given mode, which may be r, w, ro, rw, w!, or rw!, or variations
# thereof, and canonicalises them to one of
#
# 'r': perform checks for a new read-only mount;
# 'w': perform checks for a read-write mount; or
# '!': perform no checks at all.
#
canonicalise_mode()
{
local mode="$1"
if ! expr index "$mode" 'w' >/dev/null
then
echo 'r'
elif ! expr index "$mode" '!' >/dev/null
then
echo 'w'
else
echo '!'
fi
}
same_vm()
{
local otherdom="$1"
# Note that othervm can be MISSING here, because Xend will be racing with
# the hotplug scripts -- the entries in /local/domain can be removed by
# Xend before the hotplug scripts have removed the entry in
# /local/domain/0/backend/. In this case, we want to pretend that the
# VM is the same as FRONTEND_UUID, because that way the 'sharing' will be
# allowed.
local othervm=$(xenstore_read_default "/local/domain/$otherdom/vm" \
"$FRONTEND_UUID")
local target=$(xenstore_read_default "/local/domain/$FRONTEND_ID/target" \
"-1")
local otarget=$(xenstore_read_default "/local/domain/$otherdom/target" \
"-1")
local otvm=$(xenstore_read_default "/local/domain/$otarget/vm" \
"-1")
otvm=${otvm%-1}
othervm=${othervm%-1}
local frontend_uuid=${FRONTEND_UUID%-1}
[ "$frontend_uuid" = "$othervm" -o "$target" = "$otherdom" -o "$frontend_uuid" = "$otvm" ]
}

27
scripts_debian/proxy/files/etc/xen/scripts/block-enbd
View File

@ -1,27 +0,0 @@
#!/bin/bash
# Usage: block-enbd [bind server ctl_port |unbind node]
#
# The node argument to unbind is the name of the device node we are to
# unbind.
#
# This assumes you're running a correctly configured server at the other end!
dir=$(dirname "$0")
. "$dir/block-common.sh"
case "$command" in
add)
for dev in /dev/nd*; do
if nbd-client $2:$3 $dev; then
write_dev $dev
exit 0
fi
done
exit 1
;;
remove)
nbd-client -d $2
exit 0
;;
esac

27
scripts_debian/proxy/files/etc/xen/scripts/block-nbd
View File

@ -1,27 +0,0 @@
#!/bin/bash
# Usage: block-nbd [bind server ctl_port |unbind node]
#
# The node argument to unbind is the name of the device node we are to
# unbind.
#
# This assumes you're running a correctly configured server at the other end!
dir=$(dirname "$0")
. "$dir/block-common.sh"
case "$command" in
add)
for dev in /dev/nbd*; do
if nbd-client $2 $3 $dev; then
write_dev $dev
exit 0
fi
done
exit 1
;;
remove)
nbd-client -d $2
exit 0
;;
esac

98
scripts_debian/proxy/files/etc/xen/scripts/external-device-migrate
View File

@ -1,98 +0,0 @@
#!/bin/bash
# Copyright (c) 2005 IBM Corporation
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of version 2.1 of the GNU Lesser General Public
# License as published by the Free Software Foundation.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
set -x
# This script is called by XenD for migration of external devices
# It does not handle the migration of those devices itself, but
# passes the requests on to further applications
# It handles the low-level command line parsing and some of the
# synchronization
dir=$(dirname "$0")
. "$dir/logging.sh"
function ext_dev_migrate_usage() {
cat <<EOF
Pass the following command line parameters to the script:
-step <n> : n-th migration step
-host <host> : the destination host
-domname <domain name> : name of the domain that is migrating
-type <device type> : the type of device that is migrating
-subtype <dev. subtype>: the subtype of the device
-recover : indicates recovery request; an error
occurred during migration
-help : display this help screen
EOF
}
# Parse the command line paramters. The following parameters must be
# passed as the first ones in the sequence:
# -step [required]
# -host [required]
# -domname [required]
# -type [required]
# -subtype [optional]
# -recover [optional]
# The remaining ones will be passed to the called function.
function evaluate_params()
{
local step host domname typ recover filename func stype
stype=""
while [ $# -ge 1 ]; do
case "$1" in
-step) step=$2; shift; shift;;
-host) host=$2; shift; shift;;
-domname) domname=$2; shift; shift;;
-type) typ=$2; shift; shift;;
-subtype) stype=$2; shift; shift;;
-recover) recover=1; shift;;
-help) ext_dev_migrate_usage; exit 0;;
*) break;;
esac
done
if [ "$step" = "" -o \
"$host" = "" -o \
"$typ" = "" -o \
"$domname" = "" ]; then
echo "Error: Parameter(s) missing (-step/-host/-type/-domname)" 1>&2
echo "" 1>&2
echo "$0 -help for usage." 1>&2
exit 1
fi
filename="$dir/$typ$stype-migration.sh"
if [ ! -r $filename ]; then
echo "Error: Could not find script '$filename'"
return
fi
. "$filename"
if [ "$recover" = "1" ]; then
func="$typ"_recover
eval $func $host $domname $step $*
else
func="$typ"_migration_step
eval $func $host $domname $step $*
fi
}
evaluate_params "$@"

10
scripts_debian/proxy/files/etc/xen/scripts/hotplugpath.sh
View File

@ -1,10 +0,0 @@
SBINDIR="/usr/sbin"
BINDIR="/usr/bin"
LIBEXEC="/usr/lib/xen/bin"
LIBDIR="/usr/lib64"
SHAREDIR="/usr/share"
PRIVATE_BINDIR="/usr/lib64/xen/bin"
XENFIRMWAREDIR="/usr/lib/xen/boot"
XEN_CONFIG_DIR="/etc/xen"
XEN_SCRIPT_DIR="/etc/xen/scripts"
XEN_LOCK_DIR="/var/lock"

110
scripts_debian/proxy/files/etc/xen/scripts/locking.sh
View File

@ -1,110 +0,0 @@
#
# Copyright (c) 2005 XenSource Ltd.
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of version 2.1 of the GNU Lesser General Public
# License as published by the Free Software Foundation.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
#
# Serialisation
#
LOCK_SLEEPTIME=1
LOCK_SPINNING_RETRIES=5
LOCK_RETRIES=100
LOCK_BASEDIR=/var/run/xen-hotplug
claim_lock()
{
local lockdir="$LOCK_BASEDIR/$1"
mkdir -p "$LOCK_BASEDIR"
_claim_lock "$lockdir"
}
release_lock()
{
_release_lock "$LOCK_BASEDIR/$1"
}
# This function will be redefined in xen-hotplug-common.sh.
sigerr() {
exit 1
}
_claim_lock()
{
local lockdir="$1"
local owner=$(_lock_owner "$lockdir")
local retries=0
while [ $retries -lt $LOCK_RETRIES ]
do
mkdir "$lockdir" 2>/dev/null && trap "_release_lock $lockdir; sigerr" ERR &&
_update_lock_info "$lockdir" && return
local new_owner=$(_lock_owner "$lockdir")
if [ "$new_owner" != "$owner" ]
then
owner="$new_owner"
retries=0
else
local pid=$(echo $owner | cut -d : -f 1)
if [ -n "$pid" -a "$pid" != "unknown" -a ! -f "/proc/$pid/status" ]
then
_release_lock $lockdir
fi
fi
if [ $retries -gt $LOCK_SPINNING_RETRIES ]
then
sleep $LOCK_SLEEPTIME
else
sleep 0
fi
retries=$(($retries + 1))
done
_steal_lock "$lockdir"
}
_release_lock()
{
trap sigerr ERR
rm -rf "$1" 2>/dev/null || true
}
_steal_lock()
{
local lockdir="$1"
local owner=$(cat "$lockdir/owner" 2>/dev/null || echo "unknown")
log err "Forced to steal lock on $lockdir from $owner!"
_release_lock "$lockdir"
_claim_lock "$lockdir"
}
_lock_owner()
{
cat "$1/owner" 2>/dev/null || echo "unknown"
}
_update_lock_info()
{
echo "$$: $0" >"$1/owner"
}

22
scripts_debian/proxy/files/etc/xen/scripts/logging.sh
View File

@ -1,22 +0,0 @@
#
# Copyright (c) 2005 XenSource Ltd.
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of version 2.1 of the GNU Lesser General Public
# License as published by the Free Software Foundation.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
log() {
local level="$1"
shift
logger -p "daemon.$level" -- "$0:" "$@" || echo "$0 $@" >&2
}

337
scripts_debian/proxy/files/etc/xen/scripts/network-bridge
View File

@ -1,337 +0,0 @@
#!/bin/bash
#============================================================================
# Default Xen network start/stop script.
# Xend calls a network script when it starts.
# The script name to use is defined in ${XEN_CONFIG_DIR}/xend-config.sxp
# in the network-script field.
#
# This script creates a bridge (default ${netdev}), adds a device
# (defaults to the device on the default gateway route) to it, copies
# the IP addresses from the device to the bridge and adjusts the routes
# accordingly.
#
# If all goes well, this should ensure that networking stays up.
# However, some configurations are upset by this, especially
# NFS roots. If the bridged setup does not meet your needs,
# configure a different script, for example using routing instead.
#
# Usage:
#
# network-bridge (start|stop|status) {VAR=VAL}*
#
# Vars:
#
# bridge The bridge to use (default ${netdev}).
# netdev The interface to add to the bridge (default gateway device).
# antispoof Whether to use iptables to prevent spoofing (default no).
#
# Internal Vars:
# pdev="p${netdev}"
# tdev=tmpbridge
#
# start:
# Creates the bridge as tdev
# Copies the IP and MAC addresses from pdev to bridge
# Renames netdev to be pdev
# Renames tdev to bridge
# Enslaves pdev to bridge
#
# stop:
# Removes pdev from the bridge
# Transfers addresses, routes from bridge to pdev
# Renames bridge to tdev
# Renames pdev to netdev
# Deletes tdev
#
# status:
# Print addresses, interfaces, routes
#
#============================================================================
dir=$(dirname "$0")
. "$dir/logging.sh"
. "$dir/xen-script-common.sh"
. "$dir/xen-network-common.sh"
. "$dir/locking.sh"
findCommand "$@"
evalVariables "$@"
is_network_root () {
local rootfs=$(awk '{ if ($1 !~ /^[ \t]*#/ && $2 == "/") { print $3; }}' /etc/mtab)
local rootopts=$(awk '{ if ($1 !~ /^[ \t]*#/ && $2 == "/") { print $4; }}' /etc/mtab)
[[ "$rootfs" =~ "^nfs" ]] || [[ "$rootopts" =~ "_netdev" ]] && has_nfsroot=1 || has_nfsroot=0
if [ $has_nfsroot -eq 1 ]; then
local bparms=$(cat /proc/cmdline)
for p in $bparms; do
local ipaddr=$(echo $p | awk /nfsroot=/'{ print substr($1,9,index($1,":")-9) }')
if [ "$ipaddr" != "" ]; then
local nfsdev=$(ip route get $ipaddr | awk /$ipaddr/'{ print $3 }')
[[ "$nfsdev" == "$netdev" ]] && return 0 || return 1
fi
done
fi
return 1
}
find_alt_device () {
local interf=$1
local prefix=${interf%[[:digit:]]}
local ifs=$(ip link show | grep " $prefix" |\
awk '{ printf ("%s",substr($2,1,length($2)-1)) }' |\
sed s/$interf//)
echo "$ifs"
}
netdev=${netdev:-$(ip route list 0.0.0.0/0 | \
sed 's/.*dev \([a-z]\+[0-9]\+\).*$/\1/')}
if is_network_root ; then
altdevs=$(find_alt_device $netdev)
for netdev in $altdevs; do break; done
if [ -z "$netdev" ]; then
[ -x /usr/bin/logger ] && /usr/bin/logger "network-bridge: bridging not supported on network root; not starting"
exit
fi
fi
netdev=${netdev:-eth0}
bridge=${bridge:-${netdev}}
antispoof=${antispoof:-no}
pdev="p${netdev}"
tdev=tmpbridge
get_ip_info() {
addr_pfx=`ip addr show dev $1 | egrep '^ *inet' | sed -e 's/ *inet //' -e 's/ .*//'`
gateway=`ip route show dev $1 | fgrep default | sed 's/default via //'`
}
do_ifup() {
if [ $1 != "${netdev}" ] || ! ifup $1 ; then
if [ -n "$addr_pfx" ] ; then
# use the info from get_ip_info()
ip addr flush $1
ip addr add ${addr_pfx} dev $1
fi
ip link set dev $1 up
[ -n "$gateway" ] && ip route add default via ${gateway}
fi
}
# Usage: transfer_addrs src dst
# Copy all IP addresses (including aliases) from device $src to device $dst.
transfer_addrs () {
local src=$1
local dst=$2
# Don't bother if $dst already has IP addresses.
if ip addr show dev ${dst} | egrep -q '^ *inet ' ; then
return
fi
# Address lines start with 'inet' and have the device in them.
# Replace 'inet' with 'ip addr add' and change the device name $src
# to 'dev $src'.
ip addr show dev ${src} | egrep '^ *inet ' | sed -e "
s/inet/ip addr add/
s@\([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+/[0-9]\+\)@\1@
s/${src}/dev ${dst} label ${dst}/
s/secondary//
" | sh -e
# Remove automatic routes on destination device
ip route list | sed -ne "
/dev ${dst}\( \|$\)/ {
s/^/ip route del /
p
}" | sh -e
}
# Usage: transfer_routes src dst
# Get all IP routes to device $src, delete them, and
# add the same routes to device $dst.
# The original routes have to be deleted, otherwise adding them
# for $dst fails (duplicate routes).
transfer_routes () {
local src=$1
local dst=$2
# List all routes and grep the ones with $src in.
# Stick 'ip route del' on the front to delete.
# Change $src to $dst and use 'ip route add' to add.
ip route list | sed -ne "
/dev ${src}\( \|$\)/ {
h
s/^/ip route del /
P
g
s/${src}/${dst}/
s/^/ip route add /
P
d
}" | sh -e
}
##
# link_exists interface
#
# Returns 0 if the interface named exists (whether up or down), 1 otherwise.
#
link_exists()
{
if ip link show "$1" >/dev/null 2>/dev/null
then
return 0
else
return 1
fi
}
# Set the default forwarding policy for $dev to drop.
# Allow forwarding to the bridge.
antispoofing () {
iptables -P FORWARD DROP
iptables -F FORWARD
iptables -A FORWARD -m physdev --physdev-in ${pdev} -j ACCEPT
}
# Usage: show_status dev bridge
# Print ifconfig and routes.
show_status () {
local dev=$1
local bridge=$2
echo '============================================================'
ip addr show ${dev}
ip addr show ${bridge}
echo ' '
brctl show ${bridge}
echo ' '
ip route list
echo ' '
route -n
echo '============================================================'
}
op_start () {
if [ "${bridge}" = "null" ] ; then
return
fi
if [ `brctl show | wc -l` != 1 ]; then
return
fi
if link_exists "$pdev"; then
# The device is already up.
return
fi
claim_lock "network-bridge"
create_bridge ${tdev}
preiftransfer ${netdev}
transfer_addrs ${netdev} ${tdev}
# Remember slaves for bonding interface.
if [ -e /sys/class/net/${netdev}/bonding/slaves ]; then
slaves=`cat /sys/class/net/${netdev}/bonding/slaves`
fi
# Remember the IP details for do_ifup.
get_ip_info ${netdev}
if ! ifdown ${netdev}; then
ip link set ${netdev} down
ip addr flush ${netdev}
fi
ip link set ${netdev} name ${pdev}
ip link set ${tdev} name ${bridge}
setup_physical_bridge_port ${pdev}
# Restore slaves
if [ -n "${slaves}" ]; then
ip link set ${pdev} up
ifenslave ${pdev} ${slaves}
fi
add_to_bridge2 ${bridge} ${pdev}
do_ifup ${bridge}
if [ ${antispoof} = 'yes' ] ; then
antispoofing
fi
release_lock "network-bridge"
}
op_stop () {
if [ "${bridge}" = "null" ]; then
return
fi
if ! link_exists "$bridge"; then
return
fi
if ! [ -e "/sys/class/net/${bridge}/brif/${pdev}" ]; then
# $bridge is not a bridge to which pdev is enslaved
return
fi
claim_lock "network-bridge"
transfer_addrs ${bridge} ${pdev}
if ! ifdown ${bridge}; then
get_ip_info ${bridge}
fi
ip link set ${pdev} down
ip addr flush ${bridge}
brctl delif ${bridge} ${pdev}
ip link set ${bridge} down
ip link set ${bridge} name ${tdev}
ip link set ${pdev} name ${netdev}
do_ifup ${netdev}
brctl delbr ${tdev}
release_lock "network-bridge"
}
# adds $dev to $bridge but waits for $dev to be in running state first
add_to_bridge2() {
local bridge=$1
local dev=$2
local maxtries=10
echo -n "Waiting for ${dev} to negotiate link."
ip link set ${dev} up
for i in `seq ${maxtries}` ; do
if ifconfig ${dev} | grep -q RUNNING ; then
break
else
echo -n '.'
sleep 1
fi
done
if [ ${i} -eq ${maxtries} ] ; then echo -n '(link isnt in running state)' ; fi
echo
add_to_bridge ${bridge} ${dev}
}
case "$command" in
start)
op_start
;;
stop)
op_stop
;;
status)
show_status ${netdev} ${bridge}
;;
*)
echo "Unknown command: $command" >&2
echo 'Valid commands are: start, stop, status' >&2
exit 1
esac

124
scripts_debian/proxy/files/etc/xen/scripts/network-nat
View File

@ -1,124 +0,0 @@
#!/bin/bash
#============================================================================
# Default Xen network start/stop script when using NAT.
# Xend calls a network script when it starts.
# The script name to use is defined in ${XEN_CONFIG_DIR}/xend-config.sxp
# in the network-script field.
#
# Usage:
#
# network-nat (start|stop|status) {VAR=VAL}*
#
# Vars:
#
# netdev The gateway interface (default eth0).
# antispoof Whether to use iptables to prevent spoofing (default no).
# dhcp Whether to alter the local DHCP configuration (default no).
#
#============================================================================
dir=$(dirname "$0")
. "$dir/hotplugpath.sh"
. "$dir/xen-script-common.sh"
. "$dir/xen-network-common.sh"
findCommand "$@"
evalVariables "$@"
netdev=${netdev:-eth0}
# antispoofing not yet implemented
antispoof=${antispoof:-no}
# turn on dhcp feature by default if dhcpd is installed
if [ -f /etc/dhcpd.conf ]
then
dhcp=${dhcp:-yes}
else
dhcp=${dhcp:-no}
fi
if [ "$dhcp" != 'no' ]
then
dhcpd_conf_file=$(find_dhcpd_conf_file)
dhcpd_init_file=$(find_dhcpd_init_file)
if [ -z "$dhcpd_conf_file" ] || [ -z "$dhcpd_init_file" ]
then
echo 'Failed to find dhcpd configuration or init file.' >&2
exit 1
fi
fi
domain_name=`cat /etc/resolv.conf | grep -v "#" | grep -E 'search|domain' -i | tail -n 1 | awk '{ print $2 }'`
nameserver=`cat /etc/resolv.conf | grep -v "#" | grep "nameserver" -i -m 1 | awk '{ print $2 }'`
function dhcp_start()
{
if ! grep -q "subnet 10.0.0.0" "$dhcpd_conf_file"
then
echo >>"$dhcpd_conf_file" "subnet 10.0.0.0 netmask 255.255.0.0 {\
option domain-name \"$domain_name\";\
option domain-name-servers $nameserver; }"
fi
"$dhcpd_init_file" restart
}
function dhcp_stop()
{
local tmpfile=$(mktemp)
grep -v "subnet 10.0.0.0" "$dhcpd_conf_file" >"$tmpfile"
if diff "$tmpfile" "$dhcpd_conf_file" >&/dev/null
then
rm "$tmpfile"
else
mv "$tmpfile" "$dhcpd_conf_file"
fi
"$dhcpd_init_file" restart
}
op_start() {
echo 1 >/proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o ${netdev} -j MASQUERADE
[ "$dhcp" != 'no' ] && dhcp_start
}
op_stop() {
[ "$dhcp" != 'no' ] && dhcp_stop
iptables -t nat -D POSTROUTING -o ${netdev} -j MASQUERADE
}
show_status() {
echo '============================================================'
ifconfig
echo ' '
ip route list
echo ' '
route -n
echo '============================================================'
}
case "$command" in
start)
op_start
;;
stop)
op_stop
;;
status)
show_status
;;
*)
echo "Unknown command: $command" >&2
echo 'Valid commands are: start, stop, status' >&2
exit 1
esac

28
scripts_debian/proxy/files/etc/xen/scripts/network-route
View File

@ -1,28 +0,0 @@
#!/bin/bash
#============================================================================
# Default Xen network start/stop script.
# Xend calls a network script when it starts.
# The script name to use is defined in ${XEN_CONFIG_DIR}/xend-config.sxp
# in the network-script field.
#
# Usage:
#
# network-route (start|stop|status) {VAR=VAL}*
#
# Vars:
#
# netdev The gateway interface (default eth0).
# antispoof Whether to use iptables to prevent spoofing (default yes).
#
#============================================================================
dir=$(dirname "$0")
. "$dir/hotplugpath.sh"
. "$dir/xen-script-common.sh"
evalVariables "$@"
netdev=${netdev:-eth0}
echo 1 >/proc/sys/net/ipv4/ip_forward
echo 1 >/proc/sys/net/ipv4/conf/${netdev}/proxy_arp

108
scripts_debian/proxy/files/etc/xen/scripts/vif-bridge
View File

@ -1,108 +0,0 @@
#!/bin/bash
#============================================================================
# ${XEN_SCRIPT_DIR}/vif-bridge
#
# Script for configuring a vif in bridged mode.
# The hotplugging system will call this script if it is specified either in
# the device configuration given to Xend, or the default Xend configuration
# in ${XEN_CONFIG_DIR}/xend-config.sxp. If the script is specified in
# neither of those places, then this script is the default.
#
# Usage:
# vif-bridge (add|remove|online|offline)
#
# Environment vars:
# vif vif interface name (required).
# XENBUS_PATH path to this device's details in the XenStore (required).
#
# Read from the store:
# bridge bridge to add the vif to (optional). Defaults to searching for the
# bridge itself.
# ip list of IP networks for the vif, space-separated (optional).
#
# up:
# Enslaves the vif interface to the bridge and adds iptables rules
# for its ip addresses (if any).
#
# down:
# Removes the vif interface from the bridge and removes the iptables
# rules for its ip addresses (if any).
#============================================================================
dir=$(dirname "$0")
. "$dir/vif-common.sh"
bridge=${bridge:-}
bridge=$(xenstore_read_default "$XENBUS_PATH/bridge" "$bridge")
if [ -z "$bridge" ]
then
bridge=$(brctl show | cut -d "
" -f 2 | cut -f 1)
if [ -z "$bridge" ]
then
fatal "Could not find bridge, and none was specified"
fi
else
#
# Old style bridge setup with netloop, used to have a bridge name
# of xenbrX, enslaving pethX and vif0.X, and then configuring
# eth0.
#
# New style bridge setup does not use netloop, so the bridge name
# is ethX and the physical device is enslaved pethX
#
# So if...
#
# - User asks for xenbrX
# - AND xenbrX doesn't exist
# - AND there is a ethX device which is a bridge
#
# ..then we translate xenbrX to ethX
#
# This lets old config files work without modification
#
if [ ! -e "/sys/class/net/$bridge" ] && [ -z "${bridge##xenbr*}" ]
then
if [ -e "/sys/class/net/eth${bridge#xenbr}/bridge" ]
then
bridge="eth${bridge#xenbr}"
fi
fi
fi
RET=0
ip link show $bridge 1>/dev/null 2>&1 || RET=1
if [ "$RET" -eq 1 ]
then
fatal "Could not find bridge device $bridge"
fi
case "$command" in
online)
setup_virtual_bridge_port "$dev"
mtu="`ip link show $bridge | awk '/mtu/ { print $5 }'`"
if [ -n "$mtu" ] && [ "$mtu" -gt 0 ]
then
ip link set $dev mtu $mtu || :
fi
add_to_bridge "$bridge" "$dev"
;;
offline)
do_without_error brctl delif "$bridge" "$dev"
do_without_error ifconfig "$dev" down
;;
add)
setup_virtual_bridge_port "$dev"
add_to_bridge "$bridge" "$dev"
;;
esac
log debug "Successful vif-bridge $command for $dev, bridge $bridge."
if [ "$type_if" = vif -a "$command" = "online" ]
then
success
fi

190
scripts_debian/proxy/files/etc/xen/scripts/vif-common.sh
View File

@ -1,190 +0,0 @@
#
# Copyright (c) 2005 XenSource Ltd.
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of version 2.1 of the GNU Lesser General Public
# License as published by the Free Software Foundation.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
dir=$(dirname "$0")
. "$dir/xen-hotplug-common.sh"
. "$dir/xen-network-common.sh"
findCommand "$@"
if [ "$command" != "online" ] &&
[ "$command" != "offline" ] &&
[ "$command" != "add" ] &&
[ "$command" != "remove" ]
then
log err "Invalid command: $command"
exit 1
fi
# Parameters may be read from the environment, the command line arguments, and
# the store, with overriding in that order. The environment is given by the
# driver, the command line is given by the Xend global configuration, and
# store details are given by the per-domain or per-device configuration.
evalVariables "$@"
# Older versions of Xen do not pass in the type as an argument,
# so the default value is vif.
: ${type_if:=vif}
case "$type_if" in
vif)
dev=$vif
;;
tap)
dev=$INTERFACE
;;
*)
log err "unknown interface type $type_if"
exit 1
;;
esac
case "$command" in
online | offline)
test "$type_if" != vif && exit 0
;;
add | remove)
test "$type_if" != tap && exit 0
;;
esac
if [ "$type_if" = vif ]; then
# Check presence of compulsory args.
XENBUS_PATH="${XENBUS_PATH:?}"
dev="${dev:?}"
vifname=$(xenstore_read_default "$XENBUS_PATH/vifname" "")
if [ "$vifname" ]
then
if [ "$command" == "online" ] && ! ip link show "$vifname" >&/dev/null
then
do_or_die ip link set "$dev" name "$vifname"
fi
dev="$vifname"
fi
elif [ "$type_if" = tap ]; then
# Check presence of compulsory args.
: ${INTERFACE:?}
# Get xenbus_path from device name.
# The name is built like that: "tap${domid}.${devid}".
dev_=${dev#tap}
domid=${dev_%.*}
devid=${dev_#*.}
XENBUS_PATH="/local/domain/0/backend/vif/$domid/$devid"
fi
ip=${ip:-}
ip=$(xenstore_read_default "$XENBUS_PATH/ip" "$ip")
frob_iptable()
{
if [ "$command" == "online" ]
then
local c="-I"
else
local c="-D"
fi
iptables "$c" FORWARD -m physdev --physdev-is-bridged --physdev-in "$dev" \
"$@" -j ACCEPT 2>/dev/null &&
iptables "$c" FORWARD -m physdev --physdev-is-bridged --physdev-out "$dev" \
-j ACCEPT 2>/dev/null
if [ "$command" == "online" -a $? -ne 0 ]
then
log err "iptables setup failed. This may affect guest networking."
fi
}
##
# Add or remove the appropriate entries in the iptables. With antispoofing
# turned on, we have to explicitly allow packets to the interface, regardless
# of the ip setting. If ip is set, then we additionally restrict the packets
# to those coming from the specified networks, though we allow DHCP requests
# as well.
#
handle_iptable()
{
# Check for a working iptables installation. Checking for the iptables
# binary is not sufficient, because the user may not have the appropriate
# modules installed. If iptables is not working, then there's no need to do
# anything with it, so we can just return.
if ! iptables -L -n >&/dev/null
then
return
fi
claim_lock "iptables"
if [ "$ip" != "" ]
then
local addr
for addr in $ip
do
frob_iptable -s "$addr"
done
# Always allow the domain to talk to a DHCP server.
frob_iptable -p udp --sport 68 --dport 67
else
# No IP addresses have been specified, so allow anything.
frob_iptable
fi
release_lock "iptables"
}
##
# ip_of interface
#
# Print the IP address currently in use at the given interface, or nothing if
# the interface is not up.
#
ip_of()
{
ip addr show "$1" | awk "/^.*inet.*$1\$/{print \$2}" | sed -n '1 s,/.*,,p'
}
##
# dom0_ip
#
# Print the IP address of the interface in dom0 through which we are routing.
# This is the IP address on the interface specified as "netdev" as a parameter
# to these scripts, or eth0 by default. This function will call fatal if no
# such interface could be found.
#
dom0_ip()
{
local nd=${netdev:-eth0}
local result=$(ip_of "$nd")
if [ -z "$result" ]
then
fatal
"$netdev is not up. Bring it up or specify another interface with " \
"netdev=<if> as a parameter to $0."
fi
echo "$result"
}

192
scripts_debian/proxy/files/etc/xen/scripts/vif-nat
View File

@ -1,192 +0,0 @@
#!/bin/bash
#============================================================================
# ${XEN_SCRIPT_DIR}/vif-nat
#
# Script for configuring a vif in routed-nat mode.
# The hotplugging system will call this script if it is specified either in
# the device configuration given to Xend, or the default Xend configuration
# in ${XEN_CONFIG_DIR}/xend-config.sxp. If the script is specified in
# neither of those places, then vif-bridge is the default.
#
# Usage:
# vif-nat (add|remove|online|offline)
#
# Environment vars:
# dev vif interface name (required).
# XENBUS_PATH path to this device's details in the XenStore (required).
#
# Parameters:
# dhcp Whether to alter the local DHCP configuration to include this
# new host (default no).
#
# Read from the store:
# ip list of IP networks for the vif, space-separated (default given in
# this script).
#============================================================================
dir=$(dirname "$0")
. "$dir/vif-common.sh"
# turn on dhcp feature by default if dhcpd is installed
if [ -f /etc/dhcpd.conf ]
then
dhcp=${dhcp:-yes}
else
dhcp=${dhcp:-no}
fi
if [ "$dhcp" != 'no' ]
then
dhcpd_conf_file=$(find_dhcpd_conf_file)
dhcpd_init_file=$(find_dhcpd_init_file)
dhcpd_arg_file=$(find_dhcpd_arg_file)
if [ -z "$dhcpd_conf_file" ] || [ -z "$dhcpd_init_file" ] || [ -z "$dhcpd_arg_file" ]
then
echo 'Failed to find dhcpd configuration or init or args file.' >&2
exit 1
fi
fi
domid=$(xenstore_read "$XENBUS_PATH/frontend-id")
vifid=$(xenstore_read "$XENBUS_PATH/handle")
vifid=$(( $vifid + 1 ))
ip_from_dom()
{
local domid1=$(( $domid / 256 ))
local domid2=$(( $domid % 256 ))
echo "10.$domid1.$domid2.$vifid/16"
}
routing_ip()
{
echo $(echo $1 | awk -F. '{print $1"."$2"."$3"."$4 + 127}')
}
dotted_quad()
{
echo\
$(( ($1 & 0xFF000000) >> 24))\
.$(( ($1 & 0x00FF0000) >> 16))\
.$(( ($1 & 0x0000FF00) >> 8 ))\
.$(( $1 & 0x000000FF ))
}
if [ "$ip" = "" ]
then
ip=$(ip_from_dom)
fi
router_ip=$(routing_ip "$ip")
# Split the given IP/bits pair.
vif_ip=`echo ${ip} | awk -F/ '{print $1}'`
hostname=$(xenstore_read "$XENBUS_PATH/domain" | tr -- '_.:/+' '-----')
if [ "$vifid" != "1" ]
then
hostname="$hostname-$vifid"
fi
dhcparg_remove_entry()
{
local tmpfile=$(mktemp)
sed -e "s/${dev} //" "$dhcpd_arg_file" >"$tmpfile"
if diff "$tmpfile" "$dhcpd_arg_file" >/dev/null
then
rm "$tmpfile"
else
mv "$tmpfile" "$dhcpd_arg_file"
fi
}
dhcparg_add_entry()
{
dhcparg_remove_entry
local tmpfile=$(mktemp)
# handle Red Hat, SUSE, and Debian styles, with or without quotes
sed -e 's/^DHCPDARGS="*\([^"]*\)"*/DHCPDARGS="\1'"${dev} "'"/' \
"$dhcpd_arg_file" >"$tmpfile" && mv "$tmpfile" "$dhcpd_arg_file"
sed -e 's/^DHCPD_INTERFACE="*\([^"]*\)"*/DHCPD_INTERFACE="\1'"${dev} "'"/' \
"$dhcpd_arg_file" >"$tmpfile" && mv "$tmpfile" "$dhcpd_arg_file"
sed -e 's/^INTERFACES="*\([^"]*\)"*/INTERFACES="\1'"${dev} "'"/' \
"$dhcpd_arg_file" >"$tmpfile" && mv "$tmpfile" "$dhcpd_arg_file"
rm -f "$tmpfile"
}
dhcp_remove_entry()
{
local tmpfile=$(mktemp)
grep -v "host $hostname" "$dhcpd_conf_file" >"$tmpfile"
if diff "$tmpfile" "$dhcpd_conf_file" >/dev/null
then
rm "$tmpfile"
else
mv "$tmpfile" "$dhcpd_conf_file"
fi
dhcparg_remove_entry
}
dhcp_up()
{
claim_lock "vif-nat-dhcp"
dhcp_remove_entry
mac=$(xenstore_read "$XENBUS_PATH/mac")
echo >>"$dhcpd_conf_file" \
"host $hostname { hardware ethernet $mac; fixed-address $vif_ip; option routers $router_ip; option host-name \"$hostname\"; }"
dhcparg_add_entry
release_lock "vif-nat-dhcp"
"$dhcpd_init_file" restart || true
}
dhcp_down()
{
claim_lock "vif-nat-dhcp"
dhcp_remove_entry
release_lock "vif-nat-dhcp"
"$dhcpd_init_file" restart || true # We need to ignore failure because
# ISC dhcpd 3 borks if there is nothing
# for it to do, which is the case if
# the outgoing interface is not
# configured to offer leases and there
# are no vifs.
}
case "$command" in
online)
if ip route | grep -q "dev ${dev}"
then
log debug "${dev} already up"
exit 0
fi
do_or_die ip link set "${dev}" up arp on
do_or_die ip addr add "$router_ip" dev "${dev}"
do_or_die ip route add "$vif_ip" dev "${dev}" src "$router_ip"
echo 1 >/proc/sys/net/ipv4/conf/${dev}/proxy_arp
[ "$dhcp" != 'no' ] && dhcp_up
;;
offline)
[ "$dhcp" != 'no' ] && dhcp_down
do_without_error ifconfig "${dev}" down
;;
esac
handle_iptable
log debug "Successful vif-nat $command for ${dev}."
if [ "$command" = "online" ]
then
success
fi

56
scripts_debian/proxy/files/etc/xen/scripts/vif-route
View File

@ -1,56 +0,0 @@
#!/bin/bash
#============================================================================
# ${XEN_SCRIPT_DIR}/vif-route
#
# Script for configuring a vif in routed mode.
# The hotplugging system will call this script if it is specified either in
# the device configuration given to Xend, or the default Xend configuration
# in ${XEN_CONFIG_DIR}/xend-config.sxp. If the script is specified in
# neither of those places, then vif-bridge is the default.
#
# Usage:
# vif-route (add|remove|online|offline)
#
# Environment vars:
# dev vif interface name (required).
# XENBUS_PATH path to this device's details in the XenStore (required).
#
# Read from the store:
# ip list of IP networks for the vif, space-separated (default given in
# this script).
#============================================================================
dir=$(dirname "$0")
. "${dir}/vif-common.sh"
main_ip=$(dom0_ip)
case "${command}" in
online)
ifconfig ${dev} ${main_ip} netmask 255.255.255.255 up
echo 1 >/proc/sys/net/ipv4/conf/${dev}/proxy_arp
ipcmd='add'
cmdprefix=''
;;
offline)
do_without_error ifdown ${dev}
ipcmd='del'
cmdprefix='do_without_error'
;;
esac
if [ "${ip}" ] ; then
# If we've been given a list of IP addresses, then add routes from dom0 to
# the guest using those addresses.
for addr in ${ip} ; do
${cmdprefix} ip route ${ipcmd} ${addr} dev ${dev} src ${main_ip}
done
fi
handle_iptable
log debug "Successful vif-route ${command} for ${dev}."
if [ "${command}" = "online" ]
then
success
fi

65
scripts_debian/proxy/files/etc/xen/scripts/vif-route-qubes
View File

@ -1,65 +0,0 @@
#!/bin/bash
#============================================================================
# /etc/xen/vif-route-qubes
#
# Script for configuring a vif in routed mode.
# The hotplugging system will call this script if it is specified either in
# the device configuration given to Xend, or the default Xend configuration
# in /etc/xen/xend-config.sxp. If the script is specified in neither of those
# places, then vif-bridge is the default.
#
# Usage:
# vif-route (add|remove|online|offline)
#
# Environment vars:
# vif vif interface name (required).
# XENBUS_PATH path to this device's details in the XenStore (required).
#
# Read from the store:
# ip list of IP networks for the vif, space-separated (default given in
# this script).
#============================================================================
dir=$(dirname "$0")
. "$dir/vif-common.sh"
#main_ip=$(dom0_ip)
case "$command" in
online)
ifconfig ${vif} up
echo 1 >/proc/sys/net/ipv4/conf/${vif}/proxy_arp
ipcmd='add'
iptables_cmd='-I PREROUTING 1'
cmdprefix=''
;;
offline)
do_without_error ifdown ${vif}
ipcmd='del'
iptables_cmd='-D PREROUTING'
cmdprefix='do_without_error'
;;
esac
domid=${vif/vif/}
domid=${domid/.*/}
# metric must be possitive, but prefer later interface
# 32752 is max XID aka domid
metric=$[ 32752 - $domid ]
if [ "${ip}" ] ; then
# If we've been given a list of IP addresses, then add routes from dom0 to
# the guest using those addresses.
for addr in ${ip} ; do
${cmdprefix} ip route ${ipcmd} ${addr} dev ${vif} metric $metric
done
${cmdprefix} iptables -t raw $iptables_cmd -i ${vif} \! -s ${ip} -j DROP
back_ip=`xenstore-read qubes-netvm-gateway`
${cmdprefix} ip addr ${ipcmd} ${back_ip}/32 dev ${vif}
fi
log debug "Successful vif-route-qubes $command for $vif."
if [ "$command" = "online" ]
then
success
fi

9
scripts_debian/proxy/files/etc/xen/scripts/vif-setup
View File

@ -1,9 +0,0 @@
#!/bin/bash
if test "$script"
then
exec $script $*
else
exec /etc/xen/scripts/vif-bridge $*
fi

46
scripts_debian/proxy/files/etc/xen/scripts/vif2
View File

@ -1,46 +0,0 @@
#!/bin/bash
dir=$(dirname "$0")
. "$dir/xen-hotplug-common.sh"
. "$dir/xen-network-common.sh"
bridge=$(xenstore_read_default "$XENBUS_PATH/bridge" "$bridge")
if [ -z "$bridge" ]
then
nr_bridges=$(($(brctl show | cut -f 1 | grep -v "^$" | wc -l) - 1))
if [ "$nr_bridges" != 1 ]
then
fatal "no bridge specified, and don't know which one to use ($nr_bridges found)"
fi
bridge=$(brctl show | cut -d "
" -f 2 | cut -f 1)
fi
command="$1"
shift
case "$command" in
"online")
if [ "$bridge" != "-" ]
then
setup_virtual_bridge_port "$vif"
add_to_bridge "$bridge" "$vif"
else
# Just let the normal udev rules for interfaces handle it.
true
fi
success
;;
"add")
success
;;
"remove")
;;
*)
echo "Unknown command: $command"
echo 'Valid commands are: add, remove, online'
exit 1
esac

22
scripts_debian/proxy/files/etc/xen/scripts/vscsi
View File

@ -1,22 +0,0 @@
#!/bin/sh
#
# Copyright (c) 2007, FUJITSU Limited
# Based on the block scripts code.
#
dir=$(dirname "$0")
. "$dir/xen-hotplug-common.sh"
findCommand "$@"
case "$command" in
add)
success
;;
remove)
# TODO
exit 0
;;
esac
exit 0

22
scripts_debian/proxy/files/etc/xen/scripts/vtpm
View File

@ -1,22 +0,0 @@
#!/bin/bash
dir=$(dirname "$0")
. "$dir/vtpm-hotplug-common.sh"
vtpm_fatal_error=0
case "$command" in
add)
vtpm_create_instance
;;
remove)
vtpm_remove_instance
;;
esac
if [ $vtpm_fatal_error -eq 0 ]; then
log debug "Successful vTPM operation '$command'."
success
else
fatal "Error while executing vTPM operation '$command'."
fi

448
scripts_debian/proxy/files/etc/xen/scripts/vtpm-common.sh
View File

@ -1,448 +0,0 @@
#
# Copyright (c) 2005 IBM Corporation
# Copyright (c) 2005 XenSource Ltd.
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of version 2.1 of the GNU Lesser General Public
# License as published by the Free Software Foundation.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
dir=$(dirname "$0")
. "$dir/logging.sh"
. "$dir/locking.sh"
VTPMDB="/var/vtpm/vtpm.db"
#In the vtpm-impl file some commands should be defined:
# vtpm_create, vtpm_setup, vtpm_start, etc. (see below)
if [ -r "$dir/vtpm-impl.alt" ]; then
. "$dir/vtpm-impl.alt"
elif [ -r "$dir/vtpm-impl" ]; then
. "$dir/vtpm-impl"
else
function vtpm_create () {
true
}
function vtpm_setup() {
true
}
function vtpm_start() {
true
}
function vtpm_suspend() {
true
}
function vtpm_resume() {
true
}
function vtpm_delete() {
true
}
function vtpm_migrate() {
echo "Error: vTPM migration accross machines not implemented."
}
function vtpm_migrate_local() {
echo "Error: local vTPM migration not supported"
}
function vtpm_migrate_recover() {
true
}
fi
#Find the instance number for the vtpm given the name of the domain
# Parameters
# - vmname : the name of the vm
# Return value
# Returns '0' if instance number could not be found, otherwise
# it returns the instance number in the variable 'instance'
function vtpmdb_find_instance () {
local vmname ret instance
vmname=$1
ret=0
instance=$(cat $VTPMDB | \
awk -vvmname=$vmname \
'{ \
if ( 1 != index($1,"#")) { \
if ( $1 == vmname ) { \
print $2; \
exit; \
} \
} \
}')
if [ "$instance" != "" ]; then
ret=$instance
fi
echo "$ret"
}
# Check whether a particular instance number is still available
# returns "0" if it is not available, "1" otherwise.
function vtpmdb_is_free_instancenum () {
local instance instances avail i
instance=$1
avail=1
#Allowed instance number range: 1-255
if [ $instance -eq 0 -o $instance -gt 255 ]; then
avail=0
else
instances=$(cat $VTPMDB | \
awk \
'{ \
if (1 != index($1,"#")) { \
printf("%s ",$2); \
} \
}')
for i in $instances; do
if [ $i -eq $instance ]; then
avail=0
break
fi
done
fi
echo "$avail"
}
# Get an available instance number given the database
# Returns an unused instance number
function vtpmdb_get_free_instancenum () {
local ctr instances don found
instances=$(cat $VTPMDB | \
awk \
'{ \
if (1 != index($1,"#")) { \
printf("%s ",$2); \
} \
}')
ctr=1
don=0
while [ $don -eq 0 ]; do
found=0
for i in $instances; do
if [ $i -eq $ctr ]; then
found=1;
break;
fi
done
if [ $found -eq 0 ]; then
don=1
break
fi
let ctr=ctr+1
done
echo "$ctr"
}
# Add a domain name and instance number to the DB file
function vtpmdb_add_instance () {
local res vmname inst
vmname=$1
inst=$2
if [ ! -f $VTPMDB ]; then
echo "#Database for VM to vTPM association" > $VTPMDB
echo "#1st column: domain name" >> $VTPMDB
echo "#2nd column: TPM instance number" >> $VTPMDB
fi
res=$(vtpmdb_validate_entry $vmname $inst)
if [ $res -eq 0 ]; then
echo "$vmname $inst" >> $VTPMDB
fi
}
#Validate whether an entry is the same as passed to this
#function
function vtpmdb_validate_entry () {
local res rc vmname inst
rc=0
vmname=$1
inst=$2
res=$(cat $VTPMDB | \
awk -vvmname=$vmname \
-vinst=$inst \
'{ \
if ( 1 == index($1,"#")) {\
} else \
if ( $1 == vmname && \
$2 == inst) { \
printf("1"); \
exit; \
} else \
if ( $1 == vmname || \
$2 == inst) { \
printf("2"); \
exit; \
} \
}')
if [ "$res" == "1" ]; then
rc=1
elif [ "$res" == "2" ]; then
rc=2
fi
echo "$rc"
}
#Remove an entry from the vTPM database given its domain name
#and instance number
function vtpmdb_remove_entry () {
local vmname instance VTPMDB_TMP
vmname=$1
instance=$2
VTPMDB_TMP="$VTPMDB".tmp
$(cat $VTPMDB | \
awk -vvmname=$vmname \
'{ \
if ( $1 != vmname ) { \
print $0; \
} \
'} > $VTPMDB_TMP)
if [ -e $VTPMDB_TMP ]; then
mv -f $VTPMDB_TMP $VTPMDB
vtpm_delete $instance
else
log err "Error creating temporary file '$VTPMDB_TMP'."
fi
}
# Find the reason for the creation of this device:
# Returns 'resume' or 'create'
function vtpm_get_create_reason () {
local resume
resume=$(xenstore_read $XENBUS_PATH/resume)
if [ "$resume" == "True" ]; then
echo "resume"
else
echo "create"
fi
}
#Create a vTPM instance
# If no entry in the TPM database is found, the instance is
# created and an entry added to the database.
function vtpm_create_instance () {
local res instance domname reason uuid
uuid=$(xenstore_read "$XENBUS_PATH"/uuid)
reason=$(vtpm_get_create_reason)
claim_lock vtpmdb
instance="0"
if [ "$uuid" != "" ]; then
instance=$(vtpmdb_find_instance $uuid)
fi
if [ "$instance" == "0" ]; then
domname=$(xenstore_read "$XENBUS_PATH"/domain)
instance=$(vtpmdb_find_instance $domname)
fi
if [ "$instance" == "0" -a "$reason" != "create" ]; then
release_lock vtpmdb
return
fi
if [ "$instance" == "0" ]; then
#Try to give the preferred instance to the domain
instance=$(xenstore_read "$XENBUS_PATH"/pref_instance)
if [ "$instance" != "" ]; then
res=$(vtpmdb_is_free_instancenum $instance)
if [ $res -eq 0 ]; then
instance=$(vtpmdb_get_free_instancenum)
fi
else
instance=$(vtpmdb_get_free_instancenum)
fi
vtpm_create $instance
if [ $vtpm_fatal_error -eq 0 ]; then
if [ "$uuid" != "" ]; then
vtpmdb_add_instance $uuid $instance
else
vtpmdb_add_instance $domname $instance
fi
fi
else
if [ "$reason" == "resume" ]; then
vtpm_resume $instance
else
vtpm_start $instance
fi
fi
release_lock vtpmdb
xenstore_write $XENBUS_PATH/instance $instance
}
#Remove an instance when a VM is terminating or suspending.
#Since it is assumed that the VM will appear again, the
#entry is kept in the VTPMDB file.
function vtpm_remove_instance () {
local instance reason domname uuid
#Stop script execution quietly if path does not exist (anymore)
xenstore-exists "$XENBUS_PATH"/domain
uuid=$(xenstore_read "$XENBUS_PATH"/uuid)
claim_lock vtpmdb
instance="0"
if [ "$uuid" != "" ]; then
instance=$(vtpmdb_find_instance $uuid)
fi
if [ "$instance" == "0" ]; then
domname=$(xenstore_read "$XENBUS_PATH"/domain)
instance=$(vtpmdb_find_instance $domname)
fi
if [ "$instance" != "0" ]; then
vtpm_suspend $instance
fi
release_lock vtpmdb
}
#Remove an entry in the VTPMDB file given the domain's name
#1st parameter: The name of the domain
function vtpm_delete_instance () {
local instance
claim_lock vtpmdb
instance=$(vtpmdb_find_instance $1)
if [ "$instance" != "0" ]; then
vtpmdb_remove_entry $1 $instance
fi
release_lock vtpmdb
}
# Determine whether the given address is local to this machine
# Return values:
# "-1" : the given machine name is invalid
# "0" : this is not an address of this machine
# "1" : this is an address local to this machine
function vtpm_isLocalAddress() {
local addr res
addr=$(ping $1 -c 1 | \
awk '{ print substr($3,2,length($3)-2); exit }')
if [ "$addr" == "" ]; then
echo "-1"
return
fi
res=$(ifconfig | grep "inet addr" | \
awk -vaddr=$addr \
'{ \
if ( addr == substr($2, 6)) {\
print "1"; \
} \
}' \
)
if [ "$res" == "" ]; then
echo "0"
return
fi
echo "1"
}
# Perform a migration step. This function differentiates between migration
# to the local host or to a remote machine.
# Parameters:
# 1st: destination host to migrate to
# 2nd: name of the domain to migrate
# 3rd: the migration step to perform
function vtpm_migration_step() {
local res=$(vtpm_isLocalAddress $1)
if [ "$res" == "0" ]; then
vtpm_migrate $1 $2 $3
else
vtpm_migrate_local
fi
}
# Recover from migration due to an error. This function differentiates
# between migration to the local host or to a remote machine.
# Parameters:
# 1st: destination host the migration was going to
# 2nd: name of the domain that was to be migrated
# 3rd: the last successful migration step that was done
function vtpm_recover() {
local res
res=$(vtpm_isLocalAddress $1)
if [ "$res" == "0" ]; then
vtpm_migrate_recover $1 $2 $3
fi
}
#Determine the domain id given a domain's name.
#1st parameter: name of the domain
#return value: domain id or -1 if domain id could not be determined
function vtpm_domid_from_name () {
local id name ids
ids=$(xenstore-list /local/domain)
for id in $ids; do
name=$(xenstore-read /local/domain/$id/name)
if [ "$name" == "$1" ]; then
echo "$id"
return
fi
done
echo "-1"
}
#Determine the virtual TPM's instance number using the domain ID.
#1st parm: domain ID
function vtpm_uuid_by_domid() {
echo $(xenstore-read /local/domain/0/backend/vtpm/$1/0/uuid)
}
# Determine the vTPM's UUID by the name of the VM
function vtpm_uuid_from_vmname() {
local domid=$(vtpm_domid_from_name $1)
if [ "$domid" != "-1" ]; then
echo $(vtpm_uuid_by_domid $domid)
return
fi
echo ""
}
#Add a virtual TPM instance number and its associated domain name
#to the VTPMDB file and activate usage of this virtual TPM instance
#by writing the instance number into the xenstore
#1st parm: name of virtual machine
#2nd parm: instance of associated virtual TPM
function vtpm_add_and_activate() {
local domid=$(vtpm_domid_from_name $1)
local vtpm_uuid=$(vtpm_uuid_from_vmname $1)
if [ "$vtpm_uuid" != "" -a "$domid" != "-1" ]; then
vtpmdb_add_instance $vtpm_uuid $2
xenstore-write backend/vtpm/$domid/0/instance $2
fi
}

18
scripts_debian/proxy/files/etc/xen/scripts/vtpm-delete
View File

@ -1,18 +0,0 @@
#!/bin/bash
# This scripts must be called the following way:
# vtpm-delete <vtpm uuid>
# or
# vtpm-delete --vmname <vm name>
dir=$(dirname "$0")
. "$dir/vtpm-common.sh"
if [ "$1" == "--vmname" ]; then
vtpm_uuid=$(vtpm_uuid_from_vmname $2)
if [ "$vtpm_uuid" != "" ];then
vtpm_delete_instance $vtpm_uuid
fi
else
vtpm_delete_instance $1
fi

35
scripts_debian/proxy/files/etc/xen/scripts/vtpm-hotplug-common.sh
View File

@ -1,35 +0,0 @@
#
# Copyright (c) 2005 IBM Corporation
# Copyright (c) 2005 XenSource Ltd.
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of version 2.1 of the GNU Lesser General Public
# License as published by the Free Software Foundation.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
dir=$(dirname "$0")
. "$dir/xen-hotplug-common.sh"
findCommand "$@"
if [ "$command" != "online" ] &&
[ "$command" != "offline" ] &&
[ "$command" != "add" ] &&
[ "$command" != "remove" ]
then
log err "Invalid command: $command"
exit 1
fi
XENBUS_PATH="${XENBUS_PATH:?}"
. "$dir/vtpm-common.sh"

208
scripts_debian/proxy/files/etc/xen/scripts/vtpm-impl
View File

@ -1,208 +0,0 @@
#!/bin/bash
# ===================================================================
#
# Copyright (c) 2005, Intel Corp.
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
#
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# * Redistributions in binary form must reproduce the above
# copyright notice, this list of conditions and the following
# disclaimer in the documentation and/or other materials provided
# with the distribution.
# * Neither the name of Intel Corporation nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
# FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
# OF THE POSSIBILITY OF SUCH DAMAGE.
# ===================================================================
# | SRC | TAG | CMD SIZE | ORD |mtype|strt
TPM_CMD_OPEN=\\x00\\x00\\x00\\x00\\x01\\xc1\\x00\\x00\\x00\\x11\\x01\\x00\\x00\\x01\\x01\\x01
TPM_CMD_RESM=\\x00\\x00\\x00\\x00\\x01\\xc1\\x00\\x00\\x00\\x11\\x01\\x00\\x00\\x01\\x01\\x02
TPM_CMD_CLOS=\\x00\\x00\\x00\\x00\\x01\\xc1\\x00\\x00\\x00\\x0e\\x01\\x00\\x00\\x02
TPM_CMD_DELE=\\x00\\x00\\x00\\x00\\x01\\xc1\\x00\\x00\\x00\\x0e\\x01\\x00\\x00\\x03
TPM_TYPE_PVM=\\x01
TPM_TYPE_HVM=\\x02
TPM_SUCCESS=00000000
TX_VTPM_MANAGER=/var/vtpm/fifos/from_console.fifo
RX_VTPM_MANAGER=/var/vtpm/fifos/to_console.fifo
VTPM_MIG=/usr/bin/vtpm_migrator
# -------------------- Helpers for binary streams -----------
function str_to_hex32() {
printf "%0.8x" $1
}
function hex32_to_bin() {
local inst=$(str_to_hex32 $1);
local n1=`echo $inst | sed 's/\(..\)....../\\\\x\1/'`
local n2=`echo $inst | sed 's/..\(..\)..../\\\\x\1/'`
local n3=`echo $inst | sed 's/....\(..\)../\\\\x\1/'`
local n4=`echo $inst | sed 's/......\(..\)/\\\\x\1/'`
echo "$n1$n2$n3$n4"
}
function vtpm_manager_cmd() {
local cmd=$1;
local inst=$2;
local inst_bin=$(hex32_to_bin $inst);
claim_lock vtpm_mgr
#send cmd to vtpm_manager
printf "$cmd$inst_bin" > $TX_VTPM_MANAGER
#recv response
set +e
local resp_hex=`dd skip=10 bs=1 count=4 if=$RX_VTPM_MANAGER 2> /dev/null | xxd -ps`
set -e
release_lock vtpm_mgr
#return whether the command was successful
if [ $resp_hex -ne $TPM_SUCCESS ]; then
vtpm_fatal_error=1
false
else
true
fi
}
# Helper to get vm type to pass to vtpm_manager open/resume
function vtpm_get_type() {
local inst=$(xenstore_read $XENBUS_PATH/frontend-id)
local vm=$(xenstore_read /local/domain/$inst/vm)
if [ "$vm" != "" ]; then
local ostype=$(xenstore-read $vm/image/ostype)
if [ "$ostype" == "hvm" ]; then
echo $TPM_TYPE_HVM;
else
echo $TPM_TYPE_PVM;
fi
fi
}
# ------------------ Command handlers -----------------
# Create new vtpm instance & set it up for use
function vtpm_create () {
# Creation is handled implicitly by the manager on first setup
# so just set it up for use
$(vtpm_start $1)
}
# Setup vtpm instance for use.
function vtpm_start() {
local vmtype=$(vtpm_get_type);
$(vtpm_manager_cmd $TPM_CMD_OPEN$vmtype $1)
}
function vtpm_resume() {
local vmtype=$(vtpm_get_type);
$(vtpm_manager_cmd $TPM_CMD_RESM$vmtype $1)
}
# Reset the vtpm AKA clear PCRs
function vtpm_reset() {
#not used by current implemenation
true
}
# Shutdown the vtpm while the vm is down
# This could be a suspend of shutdown
# we cannot distinquish, so save the state
# and decide on startup if we should keep is
function vtpm_suspend() {
$(vtpm_manager_cmd $TPM_CMD_CLOS $1)
}
function vtpm_delete() {
local inst=$1
if $(vtpm_manager_cmd $TPM_CMD_DELE $inst); then
rm -f /var/vtpm/vtpm_dm_$1.data
true
else
vtpm_fatal_error=1
false
fi
}
# Perform a migration step. This function differentiates between migration
# to the local host or to a remote machine.
# Parameters:
# 1st: destination host to migrate to
# 2nd: name of the domain to migrate
# 3rd: the migration step to perform
function vtpm_migrate() {
local instance res
instance=$(vtpmdb_find_instance $2)
if [ "$instance" == "" ]; then
log err "VTPM Migratoin failed. Unable to translation of domain name"
echo "Error: VTPM Migration failed while looking up instance number"
fi
case "$3" in
0)
#Incicate migration supported
echo "0"
;;
1)
# Get Public Key from Destination
# Call vtpm_manager's migration part 1
claim_lock vtpm_mgr
$VTPM_MIG $1 $2 $instance $3
release_lock vtpm_mgr
;;
2)
# Call manager's migration step 2 and send result to destination
# If successful remove from db
claim_lock vtpm_mgr
$VTPM_MIG $1 $2 $instance $3
release_lock vtpm_mgr
;;
3)
if `ps x | grep "$VTPM_MIG $1"`; then
log err "VTPM Migration failed to complete."
echo "Error: VTPM Migration failed to complete."
fi
;;
esac
}
function vtpm_migrate_recover() {
echo "Error: Recovery not supported yet"
}
function vtpm_migrate_local() {
echo "Error: local vTPM migration not supported"
}

19
scripts_debian/proxy/files/etc/xen/scripts/vtpm-migration.sh
View File

@ -1,19 +0,0 @@
#
# Copyright (c) 2005 IBM Corporation
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of version 2.1 of the GNU Lesser General Public
# License as published by the Free Software Foundation.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
dir=$(dirname "$0")
. "$dir/vtpm-common.sh"

45
scripts_debian/proxy/files/etc/xen/scripts/xen-hotplug-cleanup
View File

@ -1,45 +0,0 @@
#! /bin/bash
dir=$(dirname "$0")
. "$dir/xen-hotplug-common.sh"
# Claim the lock protecting ${XEN_SCRIPT_DIR}/block. This stops a race whereby
# paths in the store would disappear underneath that script as it attempted to
# read from the store checking for device sharing.
# Any other scripts that do similar things will have to have their lock
# claimed too.
# This is pretty horrible, but there's not really a nicer way of solving this.
claim_lock "block"
# split backend/DEVCLASS/VMID/DEVID on slashes
path_array=( ${XENBUS_PATH//\// } )
# get /vm/UUID path
vm=$(xenstore_read_default "/local/domain/${path_array[2]}/vm" "")
# construct /vm/UUID/device/DEVCLASS/DEVID
if [ "$vm" != "" ]; then
vm_dev="$vm/device/${path_array[1]}/${path_array[3]}"
# if the vm path does not exist and the device class is 'vbd' then we may have
# a tap2 device
$(xenstore-read "$vm_dev" 2>/dev/null) || \
{
if [ "${path_array[1]}" = "vbd" ]; then
vm_dev="$vm/device/tap2/${path_array[3]}"
fi
}
else
vm_dev=
fi
# remove device frontend store entries
xenstore-rm -t \
$(xenstore-read "$XENBUS_PATH/frontend" 2>/dev/null) 2>/dev/null || true
# remove device backend store entries
xenstore-rm -t "$XENBUS_PATH" 2>/dev/null || true
xenstore-rm -t "error/$XENBUS_PATH" 2>/dev/null || true
# remove device path from /vm/UUID
[ "$vm_dev" != "" ] && xenstore-rm -t "$vm_dev" 2>/dev/null || true
release_lock "block"

102
scripts_debian/proxy/files/etc/xen/scripts/xen-hotplug-common.sh
View File

@ -1,102 +0,0 @@
#
# Copyright (c) 2005 XenSource Ltd.
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of version 2.1 of the GNU Lesser General Public
# License as published by the Free Software Foundation.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
dir=$(dirname "$0")
. "$dir/hotplugpath.sh"
. "$dir/logging.sh"
. "$dir/xen-script-common.sh"
. "$dir/locking.sh"
exec 2>>/var/log/xen/xen-hotplug.log
export PATH="${BINDIR}:${SBINDIR}:${LIBEXEC}:${PRIVATE_BINDIR}:/sbin:/bin:/usr/bin:/usr/sbin:$PATH"
export LANG="POSIX"
unset $(set | grep ^LC_ | cut -d= -f1)
fatal() {
_xenstore_write "$XENBUS_PATH/hotplug-error" "$*" \
"$XENBUS_PATH/hotplug-status" error
log err "$@"
exit 1
}
success() {
# Tell DevController that backend is "connected"
xenstore_write "$XENBUS_PATH/hotplug-status" connected
}
do_or_die() {
"$@" || fatal "$@ failed"
}
do_without_error() {
"$@" 2>/dev/null || log debug "$@ failed"
}
sigerr() {
fatal "$0 failed; error detected."
}
trap sigerr ERR
##
# xenstore_read <path>+
#
# Read each of the given paths, returning each result on a separate line, or
# exit this script if any of the paths is missing.
#
xenstore_read() {
local v=$(xenstore-read "$@" || true)
[ "$v" != "" ] || fatal "xenstore-read $@ failed."
echo "$v"
}
##
# xenstore_read_default <path> <default>
#
# Read the given path, returning the value there or the given default if the
# path is not present.
#
xenstore_read_default() {
xenstore-read "$1" 2>/dev/null || echo "$2"
}
##
# _xenstore_write (<path> <value>)+
#
# Write each of the key/value pairs to the store.
#
_xenstore_write() {
log debug "Writing $@ to xenstore."
xenstore-write "$@"
}
##
# xenstore_write (<path> <value>)+
#
# Write each of the key/value pairs to the store, and exit this script if any
# such writing fails.
#
xenstore_write() {
_xenstore_write "$@" || fatal "Writing $@ to xenstore failed."
}
log debug "$@" "XENBUS_PATH=$XENBUS_PATH"

141
scripts_debian/proxy/files/etc/xen/scripts/xen-network-common.sh
View File

@ -1,141 +0,0 @@
#
# Copyright (c) 2005 XenSource Ltd.
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of version 2.1 of the GNU Lesser General Public
# License as published by the Free Software Foundation.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
# Gentoo doesn't have ifup/ifdown, so we define appropriate alternatives.
# Other platforms just use ifup / ifdown directly.
##
# preiftransfer
#
# @param $1 The current name for the physical device, which is also the name
# that the virtual device will take once the physical device has
# been renamed.
if ! which ifup >/dev/null 2>/dev/null
then
preiftransfer()
{
true
}
ifup()
{
false
}
ifdown()
{
false
}
else
preiftransfer()
{
true
}
fi
first_file()
{
t="$1"
shift
for file in $@
do
if [ "$t" "$file" ]
then
echo "$file"
return
fi
done
}
find_dhcpd_conf_file()
{
first_file -f /etc/dhcp3/dhcpd.conf /etc/dhcpd.conf
}
find_dhcpd_init_file()
{
first_file -x /etc/init.d/{dhcp3-server,dhcp,dhcpd}
}
find_dhcpd_arg_file()
{
first_file -f /etc/sysconfig/dhcpd /etc/defaults/dhcp /etc/default/dhcp3-server
}
# configure interfaces which act as pure bridge ports:
_setup_bridge_port() {
local dev="$1"
local virtual="$2"
# take interface down ...
ip link set ${dev} down
if [ $virtual -ne 0 ] ; then
# Initialise a dummy MAC address. We choose the numerically
# largest non-broadcast address to prevent the address getting
# stolen by an Ethernet bridge for STP purposes.
# (FE:FF:FF:FF:FF:FF)
ip link set ${dev} address fe:ff:ff:ff:ff:ff || true
fi
# ... and configure it
ip addr flush ${dev}
}
setup_physical_bridge_port() {
_setup_bridge_port $1 0
}
setup_virtual_bridge_port() {
_setup_bridge_port $1 1
}
# Usage: create_bridge bridge
create_bridge () {
local bridge=$1
# Don't create the bridge if it already exists.
if [ ! -e "/sys/class/net/${bridge}/bridge" ]; then
brctl addbr ${bridge}
brctl stp ${bridge} off
brctl setfd ${bridge} 0
# Setting these to zero stops guest<->LAN traffic
# traversing the bridge from hitting the *tables
# rulesets. guest<->host traffic still gets processed
# by the host's iptables rules so this isn't a hole
sysctl -q -w "net.bridge.bridge-nf-call-arptables=0"
sysctl -q -w "net.bridge.bridge-nf-call-ip6tables=0"
sysctl -q -w "net.bridge.bridge-nf-call-iptables=0"
fi
}
# Usage: add_to_bridge bridge dev
add_to_bridge () {
local bridge=$1
local dev=$2
# Don't add $dev to $bridge if it's already on a bridge.
if [ -e "/sys/class/net/${bridge}/brif/${dev}" ]; then
ip link set ${dev} up || true
return
fi
brctl addif ${bridge} ${dev}
ip link set ${dev} up
}

44
scripts_debian/proxy/files/etc/xen/scripts/xen-script-common.sh
View File

@ -1,44 +0,0 @@
#
# Copyright (c) 2005 XenSource Ltd.
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of version 2.1 of the GNU Lesser General Public
# License as published by the Free Software Foundation.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
set -e
evalVariables()
{
for arg in "$@"
do
if expr 'index' "$arg" '=' '>' '1' >/dev/null
then
eval "$arg"
fi
done
}
findCommand()
{
for arg in "$@"
do
if ! expr 'index' "$arg" '=' >/dev/null
then
command="$arg"
return
fi
done
}