FullyAutomaticSwapServer

Differences between revisions 5 and 18 (spanning 13 versions)
Revision 5 as of 2006-06-19 08:37:35
Size: 5658
Editor: ALagny-109-1-10-209
Comment:
Revision 18 as of 2009-07-24 03:05:53
Size: 6785
Editor: 201
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
 * '''Launchpad Entry:''' https://launchpad.net/distros/ubuntu/+spec/fully-automatic-swap-server  * '''Launchpad Entry:''' UbuntuSpec:fully-automatic-swap-server
Line 3: Line 3:
 * '''Contributors:''' OliverGrawert  * '''Contributors:''' OliverGrawert, RodrigoNovo, ScottBalneaves
Line 7: Line 7:
 
Line 10: Line 10:
To support low level diskless clients some kind of nework based swap service is needed to make even booting possible. Ubuntu LTSP supports nbd (Network Block Device) swapping through the nbd-server and nbd-client packages. Sadly these packages currently need a fair amount of manual setup.
Scope of this spec is to solve this problem and modify the two packages so a fully automatic network swapping is guaranteed if you just install the ndb-server and nbd-client packages on the machines		 To support older, low memory diskless clients, network based swap service is needed to make booting and running possible. Ubuntu LTSP supports nbd (Network Block Device) swapping through the nbd-server and nbd-client packages. Currently these packages need manual setup to work with LTSP. We need to modify these packages to eliminate this manual intervention. Work is also needed to integrate LTSP changes on nbd-server into upstream.
Line 15: Line 14:
There are a lot of older machines out there, and one of the huge selling points of any thin client GNU/Linux solution will be to use existing, older hardware that's unable to be used with other operating systems. Developing countries, schools, non-profits, and cost-conscious companies will all be interested in taking advantage of hardware they already own.
Beyond the usage of LTSP, this implementation can indeed be used in other context as well, it might be helpful for netbooted computing clusters or even just to make ubuntu work on another low powered machine in your local network. Since NBD is not restricted to swap, even other areas of blockdevice related interaction would be possible.		 There are a lot of older machines out there, and one of the huge selling points of any thin client GNU/Linux solution will be to use existing hardware that's unable to be used with other operating systems. Developing countries, schools, non-profits, and cost-conscious companies will all be interested in taking advantage of hardware they already own.
Beyond the usage of LTSP, this implementation can indeed be used in other context as well, it might be helpful for netbooted computing clusters or even just to make Ubuntu work on another low memory machine in your local network.

Current Ubuntu LTSP needs a minimum of 48MB to boot. To support lower specced thin clients a form of swapspace is required. Our minimum workstation memory configuration that we want to be able to support should be 32 Megabytes, as a lot of school machines from the late 1990's are configured with this amount of ram. Being able to support this level of machine would make Edubuntu a viable classroom alternative.
Line 20: Line 21:
Will has an old lab with a bunch of old Pentium 120's with 32 megabytes of memory. He's been informed that to upgrade his current operating system that he bought in 1998, to the current one will be both expensive and painful, as it will require him to replace all of his lab machines. However, he hears about Edubuntu on Slashdot, and downloads a CD, and within an hour, he's got it installed on a spare file server. He shows his boss the shiny new lab with great educational software without having to upgrade a single workstations memory, or buy a software license. William has an old lab with a bunch of old Pentium 120's with 32 megabytes of memory. He's been informed that to upgrade his current operating system that he bought in 1998, to the current one will be both expensive and painful, as it will require him to replace all of his lab machines. However, he hears about Edubuntu on Slashdot, and downloads a CD, and within an hour, he's got it installed on a spare file server. He shows his boss the shiny new lab with great educational software without having to upgrade a single workstation's memory, or buy a software license.
Line 22: Line 23:
Hans is working on an embedded thin client kiosk solution to be used in homeless shelters in a developing country. Money's tight, being a startup, and the kiosk portal's a web based solution, but he needs something to power the minimal kiosk machine, thanks to the fully automatic swap server his 32MB embedded clients will work right away with ubuntu LTSP. Hans is working on an embedded thin client kiosk solution to be used in homeless shelters in a developing country. Money's tight, being a startup, and the kiosk portal's a web based solution, but he needs something to power the minimal kiosk machine, thanks to the fully automatic swap server his 32MB embedded clients will work right away with Ubuntu LTSP.
Line 24: Line 25:
Wilmas husband has a home network with several PCs. To give Wilma an opportunity to have her own PC, he assembled a machine from his spare parts with a harddisk that is just able to carry xubuntu on the disk. Instead of loosing valuable diskspace on this machine, Wilmas husband just installed nbd-server on his powerful machine and nbd-client on his wifes PC now the low profile machine will just use swap space on the powerful one. Wilma's husband has a home network with several PCs. To give Wilma an opportunity to have her own PC, he assembled a machine from his spare parts with a harddisk that is just able to carry Xubuntu on the disk. Instead of loosing valuable diskspace on this machine, Wilma's husband just installed nbd-server on his powerful machine and nbd-client on his wifes PC now the low profile machine will just use swap space on the powerful one.
Line 30: Line 31:
 * The nbd-server needs to be modified to automatically create a swapfile on the fly if a client connects to it, so that if nbd-server is run through inetd with a commandline option enabling this autocreation of files, a swap client can connect right away without any initial configuration on the server.  * The nbd-server needs to be modified to automatically create a swapfile on the fly if a client connects to it, and requests swap space in the form of a network block device. This will be optional behavior, and will be implemented as a command line option (nbd in LTSP will be exclusively used for swapping, so switching it to a swap only mode is fine in that case). If nbd-server is run through inetd with this specific commandline option for enabling autocreation of files, a swap client can connect right away without any initial work on the system administrators work to pre-create swap files for the exported block devices.
Line 34: Line 35:
 * These modifications have already been done by LTSP. Work needs to be done to make this feature optional during nbd-server startup, code needs to be checked and cleanep up, and finally, sent upstream.
Line 37: Line 39:
 * Through the standarization on one port, a wrapper or even a code enhancement to nbd-client for server autodetection would be possible.  * Through the standatization on one port, a wrapper or even a code enhancement to nbd-client for server autodetection would be possible.
Line 43: Line 45:
 * Check out ltspswapd from the ltsp project. We already hacked up the nbd-server to do this. Check and see if this meets Ubunutu's needs.  * Check out ltspswapd from the LTSP project. Check and see if this meets Ubunutu's needs.
 * Integrate ltspswapd changes into nbd-server proper (from where it has branched)
 * Make swap partition creation optional (via command line startup option)
 * Send changes upstream

== Ideas / Possible goals for Edgy + 1 ==

 * Research options to transparently encrypt network traffic between nbd-server and nbd-client (possibly using stunnel or OpenSSL directly from nbd)
 * Avahi support (although, this is quite insecure for swap)
 * Implement valid-client-list, to prevent DoS and untrusted clients from connecting
 * Implement connection throttling, as an optional feature (to prevent DoS on the swap server)
 * Implement suport to public/private key exchange during client authentication (again, possibly using OpenSSL), to keep untrusted clients from connecting
Line 47: Line 60:
If you're using nbd swap, what about confidentiality and integrity of the swap data ? I assume that a goal of Ubuntu's LTSP setup is to defend against hostile systems on the same network, so at least some encryption is needed. -iwj  * In Mille-xterm, implementation was done using xinetd, that calls a python script before running the nbd server. The script prepare the swap for the client, and then lunch nbd-server. Each connection has it's own instance of nbd-server. The inconvenient is that swap files are not cleaned when a connection is closed.
Line 49: Line 62:
Note that the client does not really need to authenticate very much to the server to set up a new swap area: a server which let anyone make not-too-long-lived swap partitions would be vulnerable only to DoS but an LTSP server is pretty vulnerable to DoS from all sorts of other kinds of traffic anyway. But the client needs to be sure that it is talking to the right server and needs a way to establish credentials so that for future requests to the swap area, the server knows that the client is the right client. -iwj == Updates ==
Line 51: Line 64:
I would assume that the security concious individual would probably be willing to spend some money towards the problem. One way would be to simply put enough memory in the machine to avoid swapping. As well, putting limits on memory usage for x.org eliminates a large amount of swapping problems. -ScottBalneaves  * Fix to get things exactly the way we want: nbdswapd works perfectly, we just need to add the SO_KEEPALIVE socket option to get it to clean up after itelf if the client goes away uncleanly. This can be done by adding the line:

{{{
nbdswapd: ALL: keepalive
}}}

to the file {{{/etc/hosts.allow}}} -- ScottBalneaves
Line 54: Line 74:
CategoryEdubuntuSpec

Summary

To support older, low memory diskless clients, network based swap service is needed to make booting and running possible. Ubuntu LTSP supports nbd (Network Block Device) swapping through the nbd-server and nbd-client packages. Currently these packages need manual setup to work with LTSP. We need to modify these packages to eliminate this manual intervention. Work is also needed to integrate LTSP changes on nbd-server into upstream.

Rationale

There are a lot of older machines out there, and one of the huge selling points of any thin client GNU/Linux solution will be to use existing hardware that's unable to be used with other operating systems. Developing countries, schools, non-profits, and cost-conscious companies will all be interested in taking advantage of hardware they already own. Beyond the usage of LTSP, this implementation can indeed be used in other context as well, it might be helpful for netbooted computing clusters or even just to make Ubuntu work on another low memory machine in your local network.

Current Ubuntu LTSP needs a minimum of 48MB to boot. To support lower specced thin clients a form of swapspace is required. Our minimum workstation memory configuration that we want to be able to support should be 32 Megabytes, as a lot of school machines from the late 1990's are configured with this amount of ram. Being able to support this level of machine would make Edubuntu a viable classroom alternative.

Use Cases

William has an old lab with a bunch of old Pentium 120's with 32 megabytes of memory. He's been informed that to upgrade his current operating system that he bought in 1998, to the current one will be both expensive and painful, as it will require him to replace all of his lab machines. However, he hears about Edubuntu on Slashdot, and downloads a CD, and within an hour, he's got it installed on a spare file server. He shows his boss the shiny new lab with great educational software without having to upgrade a single workstation's memory, or buy a software license.

Hans is working on an embedded thin client kiosk solution to be used in homeless shelters in a developing country. Money's tight, being a startup, and the kiosk portal's a web based solution, but he needs something to power the minimal kiosk machine, thanks to the fully automatic swap server his 32MB embedded clients will work right away with Ubuntu LTSP.

Wilma's husband has a home network with several PCs. To give Wilma an opportunity to have her own PC, he assembled a machine from his spare parts with a harddisk that is just able to carry Xubuntu on the disk. Instead of loosing valuable diskspace on this machine, Wilma's husband just installed nbd-server on his powerful machine and nbd-client on his wifes PC now the low profile machine will just use swap space on the powerful one.

Design

Server:

  • The nbd-server needs to be modified to automatically create a swapfile on the fly if a client connects to it, and requests swap space in the form of a network block device. This will be optional behavior, and will be implemented as a command line option (nbd in LTSP will be exclusively used for swapping, so switching it to a swap only mode is fine in that case). If nbd-server is run through inetd with this specific commandline option for enabling autocreation of files, a swap client can connect right away without any initial work on the system administrators work to pre-create swap files for the exported block devices.
  • The nbd-server package should get assigned a default port in /etc/services for ubuntu (there seems to be no standarization on a specific port yet, ltsp.org uses 9210 for their swapd). This will make easy inetd integration possible.
  • Code needs to be added to nbd-server to clean up the swap files after the connection is done.
  • The authentication mechanism of nbd-server should get enhanced to support the authentication of subnets instead of doing single host only authentication.
  • These modifications have already been done by LTSP. Work needs to be done to make this feature optional during nbd-server startup, code needs to be checked and cleanep up, and finally, sent upstream.

Client:

  • Through the standatization on one port, a wrapper or even a code enhancement to nbd-client for server autodetection would be possible.
  • The client could get either a non blocking wrapper in the initscript that sends a broadcast ping to determine available hosts, and then checks these hosts for nbd service availability or it could get a directly implemented commandline option (which would most likely bloat the client code a bit) that achieves the same.
  • The initscript of nbd-client should also see enhancement to use mkswap and swapon automatically to create a clean swapspace in case a "swap" option is set in the nbd-client configuration.

Implementation

  • Check out ltspswapd from the LTSP project. Check and see if this meets Ubunutu's needs.
  • Integrate ltspswapd changes into nbd-server proper (from where it has branched)
  • Make swap partition creation optional (via command line startup option)
  • Send changes upstream

Ideas / Possible goals for Edgy + 1

  • Research options to transparently encrypt network traffic between nbd-server and nbd-client (possibly using stunnel or OpenSSL directly from nbd)
  • Avahi support (although, this is quite insecure for swap)
  • Implement valid-client-list, to prevent DoS and untrusted clients from connecting
  • Implement connection throttling, as an optional feature (to prevent DoS on the swap server)
  • Implement suport to public/private key exchange during client authentication (again, possibly using OpenSSL), to keep untrusted clients from connecting

Comments

  • In Mille-xterm, implementation was done using xinetd, that calls a python script before running the nbd server. The script prepare the swap for the client, and then lunch nbd-server. Each connection has it's own instance of nbd-server. The inconvenient is that swap files are not cleaned when a connection is closed.

Updates

  • Fix to get things exactly the way we want: nbdswapd works perfectly, we just need to add the SO_KEEPALIVE socket option to get it to clean up after itelf if the client goes away uncleanly. This can be done by adding the line: 

nbdswapd: ALL: keepalive

to the file /etc/hosts.allow -- ScottBalneaves

CategorySpec CategoryEdubuntuSpec

FullyAutomaticSwapServer (last edited 2009-07-24 03:05:53 by 201)