Neat blogs
Navigation
Editing
statcounter.com
clustrmaps.com
technorati.com
Saturday December 22, 2007 We want admins to be able to debug policy engine rulesets - they need to be able to determine before hand which rule will apply and they need to be able to see afterwards which rule applied.
Some background, a policy rule states that if an expression of attributes evaluates to true, then a file create under pNFS will be given a certain layout. And a layout is basically a stripe count and width. The count is the number of DS to stripe the file across and the width is how large of a chunk of data to send to each DS.
A client can generate a layout hint that it can send to the server. And the server is free to reject it, especially if the server already has a rule. The way to think of this is that it allows an admin on the client, who does not have administration rights on the server, to define new policies in the middle of the night. I.e., no need to wake the server admin up.
The client's hint lacks the final necessary information, the set of DS to be used. So even if the server accepts the hint, it needs to be instantiated with the actual DS hosts. The server policy engine will determine that set by looking at usage information for the DS - or it might just pick them in some round robion fashion. This is a classic scheduling problem from AI.
To enable the admin to debug, we need to allow access to both the client and server policy rulesets. But we should start simple and get some code which works on a ruleset.
I'm going to skip how rules are loaded to the sped (Simple Policy Engine Daemon) and how we get our hands on them from it. Instead, I'm going to create a tool which handles a flat file. Furthermore, that format may not be what I end up using - right now this debug tool is also a design tool.
I could write it in Perl, which is perfect for basically string processing, but I think I will be stealing major chunks of the code for sped. So, I'll write it in C.
The very first thing I want to look at are the parameters to the program. I need to get at attributes such as the path, the extension, the UID, the GID, and the IP. I was going to grab the time and day from the system, but I just realized I can be doing postmortem debugging and need to get these. Okay, I also need to be able to get the policy rulesets read in from a file.
I'm going to present a chunk of code, of which I'll end up throwing some away. I want to look at option handling and make sure it works before I do anything else:
#include <stdio.h>
#include <stdarg.h>
#include <unistd.h>
int
main(int argc, char *argv[])
{
int i;
int iFlags = 0;
int ch;
int iFoundSome = 0;
while ((ch = getopt(argc, argv, "?vr:p:u:g:i:h:d:")) != -1) {
iFoundSome = 1;
switch (ch) {
case 'v' :
fprintf(stdout, "Oh, be chatty!\n");
break;
case 'r' :
fprintf(stdout, "The rules are in %s!\n", optarg);
break;
case 'h' :
fprintf(stdout, "The hour is %s!\n", optarg);
break;
case 'd' :
fprintf(stdout, "The day is %s!\n", optarg);
break;
case 'p' :
fprintf(stdout, "with the %s!\n", optarg);
break;
case 'u' :
fprintf(stdout, "It was %s,\n", optarg);
break;
case 'g' :
fprintf(stdout, "The group is %s!\n", optarg);
break;
case 'i' :
fprintf(stdout, "in the %s,\n", optarg);
break;
case '?' :
default :
goto usage;
}
}
if (!iFoundSome)
goto usage;
argc -= optind;
argv += optind;
return (0);
usage:
fprintf(stderr,
"speadm explain -r rules-file [-v]"
" [-p proposed-filename] [-u uid] [-g gid] [-i ip]"
" [-h hour] [-d day]\n");
return (1);
}
Okay, as an aside, OSX Leopard cut and paste can rock! Seeing the text being dragged from the Terminal to Firefox was amazing.
The first thing to notice is that I've used -h for hour and not help. Next notice that the rule file is not optional. But I've used a flag for it. I did this to allow it to appear anywhere in the argument list. I will have to eventually add some code to make sure it is present.
A short test run shows us some neat things that getopt() does for us:
stealth:spe tdh$ gcc main.c stealth:spe tdh$ ./a.out speadm explain -r rules-file [-v] [-p proposed-filename] [-u uid] [-g gid] [-i ip] [-h hour] [-d day] stealth:spe tdh$ ./a.out -r tests/simple.txt The rules are in tests/simple.txt! stealth:spe tdh$ ./a.out -r ./a.out: option requires an argument -- r speadm explain -r rules-file [-v] [-p proposed-filename] [-u uid] [-g gid] [-i ip] [-h hour] [-d day] stealth:spe tdh$
I didn't have to explicitly enter in error handling for detecting when an option was missing. But wait, does it work like I want:
stealth:spe tdh$ ./a.out -r -v The rules are in -v!
In the next entry, I'll do the sanity checking for the arguments. This will include setting the default values. And it will also have to consider if an argument is allowed to begin with a '-'...
Hi Tom,
Just wondering if IPv6 addresses will be supported in your policy language?
Posted by Peter Schow on January 20, 2008 at 12:57 PM CST #
Peter,
For the prototype I am doing, not at first.
But for the final product, the answer has to be yes. It would be stupid to not design this in.
And that means I should really check my assumption about being able to store the address in an uint_t.
I'll let it go for now, but I will have to revisit it as soon as the prototype is done.
Thanks,
Tom
Posted by Tom Haynes on January 20, 2008 at 02:30 PM CST #