FullyAutomaticSwapServer

Differences between revisions 10 and 11
Revision 10 as of 2006-07-06 16:09:55
Size: 7618
Editor: mail
Comment:
Revision 11 as of 2006-07-06 16:47:34
Size: 5808
Editor: 201
Comment: Cleaned up page (removed comments that have been already addressed)
Deletions are marked like this. Additions are marked like this.
Line 23: Line 23:
 ''ScottJamesRemnant: what is the absolutely minimum installation footprint, and what is the minimum footprint you'd expect to be workable? 32MB only gives you ~16MB of system memory once the kernel's had its fill. I assume this is your minimum, but worth saying that.''
 ''ScottBalneaves: added to the Rationale section''
Line 35: Line 32:
  ''ScottJamesRemnant: I'd like this to be expanded a bit, right now it suggests that every network block device is a swap *file*? That doesn't make sense.''
  ''ScottBalneaves: clarified slightly.''
Line 63: Line 58:
== Comments ==

''ScottJamesRemnant: if these comments have all been addressed, please remove this section.''

If you're using nbd swap, what about confidentiality and integrity of the swap data ? I assume that a goal of Ubuntu's LTSP setup is to defend against hostile systems on the same network, so at least some encryption is needed. -iwj

Note that the client does not really need to authenticate very much to the server to set up a new swap area: a server which let anyone make not-too-long-lived swap partitions would be vulnerable only to DoS but an LTSP server is pretty vulnerable to DoS from all sorts of other kinds of traffic anyway. But the client needs to be sure that it is talking to the right server and needs a way to establish credentials so that for future requests to the swap area, the server knows that the client is the right client. -iwj

Perhaps we can drag in avahi as a dependency, and let the swap server announce itself on the network. Then, when we log in with a machine with little memory, it could show a message asking the user to use the swap server. This would eliminate any configuring needs. -MichaëlArnauts

Created Ideas/Goals for Edgy+1, in an attempt to mitigate the comments by iwj and MichealArnauts - RodrigoNovo

Summary

To support older, low memory diskless clients, network based swap service is needed to make booting and running possible. Ubuntu LTSP supports nbd (Network Block Device) swapping through the nbd-server and nbd-client packages. Currently these packages need manual setup to work with LTSP. We need to modify these packages to eliminate this manual intervention. Work is also needed to integrate LTSP changes on nbd-server into upstream.

Rationale

There are a lot of older machines out there, and one of the huge selling points of any thin client GNU/Linux solution will be to use existing hardware that's unable to be used with other operating systems. Developing countries, schools, non-profits, and cost-conscious companies will all be interested in taking advantage of hardware they already own. Beyond the usage of LTSP, this implementation can indeed be used in other context as well, it might be helpful for netbooted computing clusters or even just to make Ubuntu work on another low memory machine in your local network.

Our minimum workstation memory configuration that we're able to support should be 32 Megabytes, as a lot of school machines from the late 1990's are configured with this amount of ram. Being able to support this level of machine would make Edubuntu a viable classroom alternative.

Use Cases

William has an old lab with a bunch of old Pentium 120's with 32 megabytes of memory. He's been informed that to upgrade his current operating system that he bought in 1998, to the current one will be both expensive and painful, as it will require him to replace all of his lab machines. However, he hears about Edubuntu on Slashdot, and downloads a CD, and within an hour, he's got it installed on a spare file server. He shows his boss the shiny new lab with great educational software without having to upgrade a single workstation's memory, or buy a software license.

Hans is working on an embedded thin client kiosk solution to be used in homeless shelters in a developing country. Money's tight, being a startup, and the kiosk portal's a web based solution, but he needs something to power the minimal kiosk machine, thanks to the fully automatic swap server his 32MB embedded clients will work right away with Ubuntu LTSP.

Wilma's husband has a home network with several PCs. To give Wilma an opportunity to have her own PC, he assembled a machine from his spare parts with a harddisk that is just able to carry Xubuntu on the disk. Instead of loosing valuable diskspace on this machine, Wilma's husband just installed nbd-server on his powerful machine and nbd-client on his wifes PC now the low profile machine will just use swap space on the powerful one.

Design

Server:

  • The nbd-server needs to be modified to automatically create a swapfile on the fly if a client connects to it, and requests swap space in the form of a file. This would be optional behavior, and would be implemented as a command line option. If nbd-server is run through inetd with this commandline option enabling autocreation of files, a swap client can connect right away without any initial work on the system administrators work to pre-create swap files.
  • The nbd-server package should get assigned a default port in /etc/services for ubuntu (there seems to be no standarization on a specific port yet, ltsp.org uses 9210 for their swapd). This will make easy inetd integration possible.
  • Code needs to be added to nbd-server to clean up the swap files after the connection is done.
  • The authentication mechanism of nbd-server should get enhanced to support the authentication of subnets instead of doing single host only authentication.
  • These modifications have already been done by LTSP. Work needs to be done to make this feature optional during nbd-server startup, code needs to be checked and cleanep up, and finally, sent upstream.

Client:

  • Through the standatization on one port, a wrapper or even a code enhancement to nbd-client for server autodetection would be possible.
  • The client could get either a non blocking wrapper in the initscript that sends a broadcast ping to determine available hosts, and then checks these hosts for nbd service availability or it could get a directly implemented commandline option (which would most likely bloat the client code a bit) that achieves the same.
  • The initscript of nbd-client should also see enhancement to use mkswap and swapon automatically to create a clean swapspace in case a "swap" option is set in the nbd-client configuration.

Implementation

  • Check out ltspswapd from the LTSP project. Check and see if this meets Ubunutu's needs.
  • Integrate ltspswapd changes into nbd-server proper (from where it has branched)
  • Make swap partition creation optional (via command line startup option)
  • Send changes upstream

Ideas / Possible goals for Edgy + 1

  • Research options to transparently encrypt network traffic between nbd-server and nbd-client (possibly using stunnel or OpenSSL directly from nbd)
  • Avahi support (although, this is quite insecure for swap)
  • Implement valid-client-list, to prevent DoS and untrusted clients from connecting
  • Implement connection throttling, as an optional feature (to prevent DoS on the swap server)
  • Implement suport to public/private key exchange during client authentication (again, possibly using OpenSSL), to keep untrusted clients from connecting


CategorySpec

FullyAutomaticSwapServer (last edited 2009-07-24 03:05:53 by 201)