Build Backend Pool

From Embedded Xinu
(Difference between revisions)
Jump to: navigation, search
(done with everything up until "The Client")
(Xinu Console Daemon: added description of changing permissions to the serial devices so that the "xinu" group has access to them)
Line 69: Line 69:
 
Many modern firmware implementations will allow a device to upload a boot image over a network device using the Trivial File Transfer Protocol (TFTP).  We use the stock TFTP server available with our Linux distribution (tftp-server-0.42-3.1, at this writing,) configured to answer requests on the private network, and with the /tftpboot directory writable by the xinu-console daemon user ID.  Most TFTP daemons use TCP wrapper to regulate access; see the notes on security below.
 
Many modern firmware implementations will allow a device to upload a boot image over a network device using the Trivial File Transfer Protocol (TFTP).  We use the stock TFTP server available with our Linux distribution (tftp-server-0.42-3.1, at this writing,) configured to answer requests on the private network, and with the /tftpboot directory writable by the xinu-console daemon user ID.  Most TFTP daemons use TCP wrapper to regulate access; see the notes on security below.
  
 +
You will need to
 
See our [[HOWTO:Deploy_Xinu#Configuring the TFTP Server|Configuring the TFTP Server]] wiki for more information on changing the configurations of the TFTP server.
 
See our [[HOWTO:Deploy_Xinu#Configuring the TFTP Server|Configuring the TFTP Server]] wiki for more information on changing the configurations of the TFTP server.
  
Line 77: Line 78:
 
The Xinu Console Daemon uses TCP wrappers to prevent unauthorized access; see the notes on security below.
 
The Xinu Console Daemon uses TCP wrappers to prevent unauthorized access; see the notes on security below.
  
To get your XINU server up and running you will need to make some changes to the configuration of the Xinu Console Daemon. '''NOTE:''' you will need ''root'' access to make some of these changes. First open the file <code> /etc/profile.d/xinu.sh</code>. It should look like this:
+
First you will need to allow the Xinu Console Daemon to access the serial devices which connect the XINU server with the backends. To do this you can change the group to which the devices belong to the "''xinu''" group by running the command <code> chgrp xinu </code> followed a list of the serial devices. An example of this command would be <code> chgrp xinu /dev/ttyS0 /dev/ttyS1 /dev/ttyUSB0 </code> where this example server has three backend routers connected with serial device 0, serial device 1, and USB device 0. '''NOTE:''' you may need ''root'' access to make these changes.
 +
 
 +
To get your XINU server up and running you will need to make some changes to the configuration of the Xinu Console Daemon. '''NOTE:''' you may need ''root'' access to make some of these changes. First open the file <code> /etc/profile.d/xinu.sh</code>. It should look like this:
 
<pre>XINU_SERVERS="morbius"
 
<pre>XINU_SERVERS="morbius"
 
export  XINU_SERVERS</pre>
 
export  XINU_SERVERS</pre>

Revision as of 22:08, 11 July 2008

Contents

Summary

This page details how to scale your laboratory environment up to a pool of backend target machines available for remote access.

The Big Picture

XINU-Lab-schematic.gif

XINU Backends

Backend targets upload a student's kernel over a private network on boot, and run the O/S directly. No simulations or emulation are involved; this is real hardware.

MIPS targets: We use Linksys WRT54GL wireless routers (~$60) with serial port modifications (~$10) running an embedded MIPS32 200MHz processor, 4 MB flash, 16 MB RAM, two UARTs, wired and wireless network interfaces.

PowerPC targets: We use Apple G3 desktops (recycled) with 512 MB RAM, linear framebuffer, PCI bus, NIC, HD. Apple G4 MiniMac also supported.

CISC targets: Classic XINU runs on Intel x86, Sun 3/Motorola 68K, Sparc, and VAX, among others.

XINU Server

A general purpose server with multiple network interfaces manages a private network for the XINU backends, using standard network protocols like DHCP and TFTP.

Backend serial consoles can connect directly to server's serial ports, or, in larger installations, to a serial annex or concentrator that allows many more serial ports.

A daemon running on the server allows users on frontend workstations to remotely access backend serial consoles, or upload fresh kernels. Optional rebooting hardware allows clients to remotely reset crashed backends.

Our Console Tools are freely available for modern UNIX platforms, including Fedora Linux and Solaris.

XINU Frontends

General purpose computer laboratory workstations can compile the XINU kernel, using a standard GNU C compiler and UNIX toolchain. GCC cross-compilers are readily available when the frontend architecture does not match the backend architecture.

Backend consoles can be connected directly to frontend serial ports, or frontends can communicate with the server daemon that manages collections of backend serial consoles.

With fully remote console access, kernel upload and powercycling, any machine on the network is a potential frontend, and need not be physically near the XINU server and laboratory hardware. Students can work on their operating system projects from their dorm room computers.

Additional (Optional) hardware


Setting Up the Server

Our XINU Server is a PowerPC G5 XServe running Fedora Core Linux. We use this configuration as a model for the information below, but other architecture / O/S combinations are known to work, and there's no reason this shouldn't work for virtually any machine with two network interfaces running a modern UNIX O/S.

The first step in setting up your XINU server is to choose a machine for your server (preferably the one you've been using for the first sections of this tutorial) and download our XINU Console Tools. NOTE: some of the following instructions require root access on the XINU server machine. After downloading the RPM package, but before installing it, you will need to install a few packages that should be available through your system's package installing utility. On our machine we use the YUM package installer. You will need to install the tcp_wrappers, tcp_wrappers.devel, and expect packages. We used the commands yum install tcp_wrappers, yum install tcp_wrappers.devel, and yum install expect.

After these packages are installed you can install the XINU Console Tools. First navigate to the directory with the RPM file and execute the command rpmbuild --rebuild xinu-console-latest.src.rpm. This will create four RPM files: xinu-console-server-2.05-3.i386.rpm, xinu-console-clients-2.05-3.i386.rpm, xinu-console-powerd-2.05-3.i386.rpm, xinu-console-debuginfo-2.05-3.i386.rpm (NOTE: the version numbers in these files could be different). On our machine these files were created in the directory /usr/src/redhat/RPMS/i386.

To get things up and running you will just need to install the server and client packages. Navigate to the directory where the four RPM files were created and execute the following commands: rpm -iv xinu-console-server-2.05-3.i386.rpm and rpm -iv xinu-console-clients-2.05-3.i386.rpm. You now have all the necessary tools installed to run your XINU server. You just have to make some changes to some configuration files.

DHCP Daemon

Many modern firmware implementations will allow a device to automatically acquire an IP address using the DHCP protocol even before the O/S kernel begins to boot. The CFE on our Linksys backends will attempt to configure its primary ethernet interface when issued the command,

  ifconfig -auto eth0

over the serial console. See HOWTO:Deploy_Xinu for more details.

In our configuration, the XINU Server runs a DHCP daemon that is configured to supply addresses to backends on the private network. We use the standard dhcp server package that comes stock with our Linux distribution (dhcp-3.0.5-3.fc6, as of this writing). Here is a sample configuration file, dhcpd.conf. Our configuration supplies a fixed IP address for each backend, based upon MAC address.


You will need to change dhcp.conf file to match with your backend pool. This requires knowing the MAC addresses of all your backend routers and coming up with distinct fixed IP addresses for each one as well. Also, note that the line range 192.168.1.200 192.168.1.220; designates a range of IP addresses to be handed out to machines requesting an IP address that do not have MAC addresses on the list.

It is important to note that the "filename" field designates a unique boot image for each backend; this allows each backend to boot a distinct image, customized by the student currently connected to that backend's serial console.

To get this daemon up and running use the command service dhcpd start and remember to restart it after every change to the dhcp.conf file with the command service dhcp restart.

TFTP Daemon

Many modern firmware implementations will allow a device to upload a boot image over a network device using the Trivial File Transfer Protocol (TFTP). We use the stock TFTP server available with our Linux distribution (tftp-server-0.42-3.1, at this writing,) configured to answer requests on the private network, and with the /tftpboot directory writable by the xinu-console daemon user ID. Most TFTP daemons use TCP wrapper to regulate access; see the notes on security below.

You will need to See our Configuring the TFTP Server wiki for more information on changing the configurations of the TFTP server.


Xinu Console Daemon

The Xinu Console Daemon and various associated utilities provide network clients with connectivity to backend consoles that are really only connected directly to the console host. It is freely available from the downloads page.

The Xinu Console Daemon uses TCP wrappers to prevent unauthorized access; see the notes on security below.

First you will need to allow the Xinu Console Daemon to access the serial devices which connect the XINU server with the backends. To do this you can change the group to which the devices belong to the "xinu" group by running the command chgrp xinu followed a list of the serial devices. An example of this command would be chgrp xinu /dev/ttyS0 /dev/ttyS1 /dev/ttyUSB0 where this example server has three backend routers connected with serial device 0, serial device 1, and USB device 0. NOTE: you may need root access to make these changes.

To get your XINU server up and running you will need to make some changes to the configuration of the Xinu Console Daemon. NOTE: you may need root access to make some of these changes. First open the file /etc/profile.d/xinu.sh. It should look like this:

XINU_SERVERS="morbius"
export  XINU_SERVERS

You will want to change "morbius" to match your XINU server's name.

Next, open the file /etc/profile.d/xinu.csh. It should look like this:

setenv XINU_SERVERS morbius

Again, you will want to change "morbius" to match your XINU server's name

Then, open the Xinu Console Daemon configuration file /etc/xinu-consoled.conf. Here is a sample of the configuration file:

#
# This is the configuration file for the connection server.
#
# Lines beginning with # are comments.  Each line specifies a connection
# and has the following form:
#    name class path [ arguments ]*
#
# where
#       name:           name of connection
#       class:          the class of the connection
#       path:           program to run when connection made
#       arguments:      arguments to the program
#
# Each connection should be listed on a separate line
#
#-------------------------- Connections ------------------------------

hostname:
#---------------------------------------------------------------------

router1 mips /usr/sbin/tty-connect -r 115200 /dev/ttyS0
router1-dl DOWNLOAD   /usr/sbin/cp-download /tftpboot/router1.boot
router1-pc POWERCYCLE /usr/bin/xinu-power r01
router1-pf POWEROFF   /usr/bin/xinu-power d01
router1-pn POWERON    /usr/bin/xinu-power u01


router2 mips /usr/sbin/tty-connect -r 115200 /dev/ttyS1
router2-dl DOWNLOAD   /usr/sbin/cp-download /tftpboot/router2.boot
router2-pc POWERCYCLE /bin/echo "Turn off the router, then turn it on"
router2-pf POWEROFF   /bin/echo "Turn off the router"
router2-pn POWERON    /bin/echo "Turn on the router"

The line hostname: will need to contain your XINU server's name. Following that line will be groups of configuration information for each of the backends connected to your XINU server.


The first line of each entry contains the name of the backend, the architecture it runs on, and the command (along with its arguments) for the server to run in order to connect to the backend. So the line router1 mips /usr/sbin/tty-connect -r 115200 /dev/ttyS0 tells the Xinu Console Daemon that there is a router called "router1" that runs a MIPS processor and that to connect to the backend router the daemon should use tty-connect with a baudrate of 115200 on serial device /dev/ttyS0. So, when creating your own configuration file you will want to edit the first line of each entry to reflect the name of each of your backend routers and the serial device connecting it to your XINU server. The other parts of the line should already be correct and should not have to be changed for any of your backends.


The second line of each entry contains the information regarding what actions the server needs to perform to download the specific boot image for that backend router. So the line router1-dl DOWNLOAD /usr/sbin/cp-download /tftpboot/router1.boot tells the Xinu Console Daemon that the DOWNLOAD command for "router1" will run the command /usr/sbin/cp-download which will take a user specified file on the frontend machine (usually their xinu.boot file) and copy it into the XINU server's /tftpboot directory as the file router1.boot. This lets a student create their own modified xinu.boot image and then, when the server designates a backend for them to use, the Xinu Console Daemon will copy their boot image onto the server with the specific name of the boot image that will always run on that given backend. For your server you will want to edit the second line of each entry so that the name of the connection and the name of the boot image matches the name of that backend router by changing router1-dl to [backend name]-dl and by changing /tftpboot/router1.boot to /tftpboot/[backend name].boot.


The third, fourth, and fifth lines of each entry contain information regarding what actions the server needs to perform to powercycle, power off, and power on each router. However, without special hardware to control the power of the backend pool (such as a Serial-Controlled Power Strip) and special software like our Xinu Power Daemon to oversee the use of that hardware these lines will be useless. If you have a more advanced setup with a way to power on and off the backends remotely, then these lines are where you specify the commands used by the Xinu Console Daemon and Xinu Power Daemon to perform those actions. For more information on setting up a Xinu Power Daemon to work with the special power control hardware click here. If you are not using any special power control hardware then the user will be responsible for turning on and off the routers by hand.


The Client

Console Access

Source for xinu-console included in Console Tools tarball. Explain environment variables. Ssh tunneling? Mips-console wrapper script.

Security

A word on security. Isolated private network. TCP Wrappers. Iptables packet filtering.

Personal tools
Namespaces

Variants
Actions
Navigation
Toolbox