FullyAutomaticSwapServer

Differences between revisions 5 and 8 (spanning 3 versions)
Revision 5 as of 2006-06-19 08:37:35
Size: 5658
Editor: ALagny-109-1-10-209
Comment:
Revision 8 as of 2006-06-23 08:19:23
Size: 6545
Editor: ALagny-109-1-9-136
Comment: Updates after the BOF meeting on UDS Paris
Deletions are marked like this. Additions are marked like this.
Line 3: Line 3:
 * '''Contributors:''' OliverGrawert  * '''Contributors:''' OliverGrawert, RodrigoNovo, ScottBalneaves
Line 7: Line 7:
 
Line 10: Line 10:
To support low level diskless clients some kind of nework based swap service is needed to make even booting possible. Ubuntu LTSP supports nbd (Network Block Device) swapping through the nbd-server and nbd-client packages. Sadly these packages currently need a fair amount of manual setup.
Scope of this spec is to solve this problem and modify the two packages so a fully automatic network swapping is guaranteed if you just install the ndb-server and nbd-client packages on the machines
To support older, low memory diskless clients, network based swap service is needed to make booting and running possible. Ubuntu LTSP supports nbd (Network Block Device) swapping through the nbd-server and nbd-client packages. Currently these packages need manual setup to work with LTSP. We need to modify these packages to eliminate this manual intervention. Work is also needed to integrate LTSP changes on nbd-server into upstream.
Line 15: Line 14:
There are a lot of older machines out there, and one of the huge selling points of any thin client GNU/Linux solution will be to use existing, older hardware that's unable to be used with other operating systems. Developing countries, schools, non-profits, and cost-conscious companies will all be interested in taking advantage of hardware they already own.
Beyond the usage of LTSP, this implementation can indeed be used in other context as well, it might be helpful for netbooted computing clusters or even just to make ubuntu work on another low powered machine in your local network. Since NBD is not restricted to swap, even other areas of blockdevice related interaction would be possible.
There are a lot of older machines out there, and one of the huge selling points of any thin client GNU/Linux solution will be to use existing hardware that's unable to be used with other operating systems. Developing countries, schools, non-profits, and cost-conscious companies will all be interested in taking advantage of hardware they already own.
Beyond the usage of LTSP, this implementation can indeed be used in other context as well, it might be helpful for netbooted computing clusters or even just to make Ubuntu work on another low memory machine in your local network.
Line 20: Line 19:
Will has an old lab with a bunch of old Pentium 120's with 32 megabytes of memory. He's been informed that to upgrade his current operating system that he bought in 1998, to the current one will be both expensive and painful, as it will require him to replace all of his lab machines. However, he hears about Edubuntu on Slashdot, and downloads a CD, and within an hour, he's got it installed on a spare file server. He shows his boss the shiny new lab with great educational software without having to upgrade a single workstations memory, or buy a software license. William has an old lab with a bunch of old Pentium 120's with 32 megabytes of memory. He's been informed that to upgrade his current operating system that he bought in 1998, to the current one will be both expensive and painful, as it will require him to replace all of his lab machines. However, he hears about Edubuntu on Slashdot, and downloads a CD, and within an hour, he's got it installed on a spare file server. He shows his boss the shiny new lab with great educational software without having to upgrade a single workstation's memory, or buy a software license.
Line 22: Line 21:
Hans is working on an embedded thin client kiosk solution to be used in homeless shelters in a developing country. Money's tight, being a startup, and the kiosk portal's a web based solution, but he needs something to power the minimal kiosk machine, thanks to the fully automatic swap server his 32MB embedded clients will work right away with ubuntu LTSP. Hans is working on an embedded thin client kiosk solution to be used in homeless shelters in a developing country. Money's tight, being a startup, and the kiosk portal's a web based solution, but he needs something to power the minimal kiosk machine, thanks to the fully automatic swap server his 32MB embedded clients will work right away with Ubuntu LTSP.
Line 24: Line 23:
Wilmas husband has a home network with several PCs. To give Wilma an opportunity to have her own PC, he assembled a machine from his spare parts with a harddisk that is just able to carry xubuntu on the disk. Instead of loosing valuable diskspace on this machine, Wilmas husband just installed nbd-server on his powerful machine and nbd-client on his wifes PC now the low profile machine will just use swap space on the powerful one. Wilma's husband has a home network with several PCs. To give Wilma an opportunity to have her own PC, he assembled a machine from his spare parts with a harddisk that is just able to carry Xubuntu on the disk. Instead of loosing valuable diskspace on this machine, Wilma's husband just installed nbd-server on his powerful machine and nbd-client on his wifes PC now the low profile machine will just use swap space on the powerful one.
Line 34: Line 33:
 * These modifications have already been done by LTSP. Work needs to be done to make this feature optional during nbd-server startup, code needs to be checked and cleanep up, and finally, sent upstream.
Line 37: Line 37:
 * Through the standarization on one port, a wrapper or even a code enhancement to nbd-client for server autodetection would be possible.  * Through the standatization on one port, a wrapper or even a code enhancement to nbd-client for server autodetection would be possible.
Line 43: Line 43:
 * Check out ltspswapd from the ltsp project. We already hacked up the nbd-server to do this. Check and see if this meets Ubunutu's needs.  * Check out ltspswapd from the LTSP project. Check and see if this meets Ubunutu's needs.
 * Integrate ltspswapd changes into nbd-server proper (from where it has branched)
 * Make swap partition creation optional (via command line startup option)
 * Send changes upstream

== Ideas / Possible goals for Edgy + 1 ==

 * Research options to transparently encrypt network traffic between nbd-server and nbd-client (possibly using stunnel or OpenSSL directly from nbd)
 * Avahi support (although, this is quite insecure for swap)
 * Implement valid-client-list, to prevent DoS and untrusted clients from connecting
 * Implement connection throttling, as an optional feature (to prevent DoS on the swap server)
 * Implement suport to public/private key exchange during client authentication (again, possibly using OpenSSL), to keep untrusted clients from connecting
Line 51: Line 62:
I would assume that the security concious individual would probably be willing to spend some money towards the problem. One way would be to simply put enough memory in the machine to avoid swapping. As well, putting limits on memory usage for x.org eliminates a large amount of swapping problems. -ScottBalneaves Perhaps we can drag in avahi as a dependency, and let the swap server announce itself on the network. Then, when we log in with a machine with little memory, it could show a message asking the user to use the swap server. This would eliminate any configuring needs. -MichaëlArnauts

Created Ideas/Goals for Edgy+1, in an attempt to mitigate the comments by iwj and MichealArnauts - RodrigoNovo

Summary

To support older, low memory diskless clients, network based swap service is needed to make booting and running possible. Ubuntu LTSP supports nbd (Network Block Device) swapping through the nbd-server and nbd-client packages. Currently these packages need manual setup to work with LTSP. We need to modify these packages to eliminate this manual intervention. Work is also needed to integrate LTSP changes on nbd-server into upstream.

Rationale

There are a lot of older machines out there, and one of the huge selling points of any thin client GNU/Linux solution will be to use existing hardware that's unable to be used with other operating systems. Developing countries, schools, non-profits, and cost-conscious companies will all be interested in taking advantage of hardware they already own. Beyond the usage of LTSP, this implementation can indeed be used in other context as well, it might be helpful for netbooted computing clusters or even just to make Ubuntu work on another low memory machine in your local network.

Use Cases

William has an old lab with a bunch of old Pentium 120's with 32 megabytes of memory. He's been informed that to upgrade his current operating system that he bought in 1998, to the current one will be both expensive and painful, as it will require him to replace all of his lab machines. However, he hears about Edubuntu on Slashdot, and downloads a CD, and within an hour, he's got it installed on a spare file server. He shows his boss the shiny new lab with great educational software without having to upgrade a single workstation's memory, or buy a software license.

Hans is working on an embedded thin client kiosk solution to be used in homeless shelters in a developing country. Money's tight, being a startup, and the kiosk portal's a web based solution, but he needs something to power the minimal kiosk machine, thanks to the fully automatic swap server his 32MB embedded clients will work right away with Ubuntu LTSP.

Wilma's husband has a home network with several PCs. To give Wilma an opportunity to have her own PC, he assembled a machine from his spare parts with a harddisk that is just able to carry Xubuntu on the disk. Instead of loosing valuable diskspace on this machine, Wilma's husband just installed nbd-server on his powerful machine and nbd-client on his wifes PC now the low profile machine will just use swap space on the powerful one.

Design

Server:

  • The nbd-server needs to be modified to automatically create a swapfile on the fly if a client connects to it, so that if nbd-server is run through inetd with a commandline option enabling this autocreation of files, a swap client can connect right away without any initial configuration on the server.
  • The nbd-server package should get assigned a default port in /etc/services for ubuntu (there seems to be no standarization on a specific port yet, ltsp.org uses 9210 for their swapd). This will make easy inetd integration possible.
  • Code needs to be added to nbd-server to clean up the swap files after the connection is done.
  • The authentication mechanism of nbd-server should get enhanced to support the authentication of subnets instead of doing single host only authentication.
  • These modifications have already been done by LTSP. Work needs to be done to make this feature optional during nbd-server startup, code needs to be checked and cleanep up, and finally, sent upstream.

Client:

  • Through the standatization on one port, a wrapper or even a code enhancement to nbd-client for server autodetection would be possible.
  • The client could get either a non blocking wrapper in the initscript that sends a broadcast ping to determine available hosts, and then checks these hosts for nbd service availability or it could get a directly implemented commandline option (which would most likely bloat the client code a bit) that achieves the same.
  • The initscript of nbd-client should also see enhancement to use mkswap and swapon automatically to create a clean swapspace in case a "swap" option is set in the nbd-client configuration.

Implementation

  • Check out ltspswapd from the LTSP project. Check and see if this meets Ubunutu's needs.
  • Integrate ltspswapd changes into nbd-server proper (from where it has branched)
  • Make swap partition creation optional (via command line startup option)
  • Send changes upstream

Ideas / Possible goals for Edgy + 1

  • Research options to transparently encrypt network traffic between nbd-server and nbd-client (possibly using stunnel or OpenSSL directly from nbd)
  • Avahi support (although, this is quite insecure for swap)
  • Implement valid-client-list, to prevent DoS and untrusted clients from connecting
  • Implement connection throttling, as an optional feature (to prevent DoS on the swap server)
  • Implement suport to public/private key exchange during client authentication (again, possibly using OpenSSL), to keep untrusted clients from connecting

Comments

If you're using nbd swap, what about confidentiality and integrity of the swap data ? I assume that a goal of Ubuntu's LTSP setup is to defend against hostile systems on the same network, so at least some encryption is needed. -iwj

Note that the client does not really need to authenticate very much to the server to set up a new swap area: a server which let anyone make not-too-long-lived swap partitions would be vulnerable only to DoS but an LTSP server is pretty vulnerable to DoS from all sorts of other kinds of traffic anyway. But the client needs to be sure that it is talking to the right server and needs a way to establish credentials so that for future requests to the swap area, the server knows that the client is the right client. -iwj

Perhaps we can drag in avahi as a dependency, and let the swap server announce itself on the network. Then, when we log in with a machine with little memory, it could show a message asking the user to use the swap server. This would eliminate any configuring needs. -MichaëlArnauts

Created Ideas/Goals for Edgy+1, in an attempt to mitigate the comments by iwj and MichealArnauts - RodrigoNovo


CategorySpec

FullyAutomaticSwapServer (last edited 2009-07-24 03:05:53 by 201)