If you can see this check that
Technical Information
This page discusses the technical aspects of the linuxzoo site.
I will add to this over time, and it is partially a guide to people
interested in how the site works, and partially a reference source
for myself.
Overview
This site makes use of User Mode Linux. This allows complete Linux
installations to run as a process within another Linux installation
(kind of a linux-in-linux scheme). The parent Linux is called the HOST,
and the child process-based Linux is known as a GUEST. Users are allocated
guest machines on a queueing basis.
The main server of this site just handles management and communications.
Other servers act as HOSTS, and are linked together using a virtual network
build using tunneling software. Each HOST is controlled by a daemon, which
starts up and stops the GUESTS on that HOST. Each time you connect to the
server, it speaks to your HOSTS daemon, and controls you GUEST remotely.
The GUEST machines each seem to have disk space to run from, but actually
this is just some files in the HOST. The daemon sets these files up for
you, and deletes them as and when required. In this way you can start with
a freshly-installed system at the touch of a button, which is perfect
for system administration tutorials where it is all to easy to mess your system
up!
The nice thing about this architecture is the reliability and self-managing
factors which is has. Machines can go down, GUEST or HOST machines can crash,
networks can fail, but the system (should) regenerate itself over time. It
is self monitoring, and problems can usually be detected within a minute
and corrective action completed within 3 minutes. If things get really bad
HOSTS become isolated from the system, and the affected users are requeued
for the next available GUEST machine.
The architecture was designed to be scalable. When this document was written
we had 80 GUESTS running over 8 different machines, and no sign of
server bottleneck. Our plan is to have 100 GUESTS by September 2005.
Machine topology: April 2005
| 146.176.166.1 |
| linuxzoo.net |
| (gateway and web server) |
| 2.4Ghz Dual,1GB |
| 10.200.0.1 |
|
| | |
| |
| | |
| |
| |
| |
| |
| 10.200.0.4 |
| (146.176.162.82) |
| uml2 |
| hub |
| 2.4Ghz,0.5GB |
| 10.0.2.254 |
|
| 10.200.0.3 |
| (146.176.162.83) |
| uml1 |
| hub |
| 2.0Ghz,2GB |
| 10.0.1.254 |
|
| 10.200.0.6 |
| (146.176.166.11) |
| linuxzoo1 |
| hub |
| 2.4Ghz,1GB |
| 10.0.5.254 |
|
| 10.200.0.7 |
| (146.176.166.9) |
| linuxzoo2 |
| hub |
| 2.4Ghz,1GB |
| 10.0.6.254 |
|
| 10.200.0.8 |
| (146.176.166.10) |
| linuxzoo3 |
| hub (free users) |
| 2.4Ghz,1GB |
| 10.0.7.254 |
|
| | |
| |
| |
| |
| |
| UMLs: 10.0.2.x |
| 7 machines |
|
| UMLs: 10.0.1.x |
| 15 machines |
|
| UMLs: 10.0.5.x |
| 15 machines |
|
| UMLs: 10.0.6.x |
| 15 machines |
|
| UMLs: 10.0.7.x |
| 15 machines |
|
Each UML is connected to its hub via a "tap" device. In turn each hub is
connected to linuxzoo.net via an openvpn encrypted tunnel. From linuxzoo.net,
packets then travel across the internet.
Security
The site was designed with security in mind, yet the focus was really on
trackability rather than limiting what users could do. However, there are
some firewall rules in place to stop some activities, including sending
emails from the GUESTS.
Tracking
The site is currently based at Napier University. Here we have two hardware
firewalls between us and the real world. One of these firewalls has full
packet logging which gives us perfect network logging. On the gateway we also
have significant logging capabilities. The gateway logs are sufficient
to link a user's IP with any network action which leaves or enters the gateway.
If a user tries to hide the browser IP, then the system will not
recognise that user when they try to log into their machine. The system will
also handle NAT firewall users, although when multiple users connect from a
single NAT trackability is reduced slightly under some circumstances. We also
track web server requests and login requests. These logs are processed
automatically and are accessible by the user in question through their login.
Future Work
This is a list of the things I have in mind to do on the system.
- Give users a CPU and network quota for the week.
- Store the student performance on the quiz questions
- Build the packet log continuously rather than every n days
- Provide incremental assessment system in additional to tutorials.
- Kick users with a machine but who are not using it.
- Convert COW images to tar files (and back again) for efficient user storage of files.
- Transport user changes to images between machines.
- Provide fedora core 3 as an image option.
- Provide gentoo as an image option.
- Give users a COW disk quota.
Changelog:
Short summary of changes
- Aug 2010
-
- Frontend queue manager now in OO style
- Switched to svn
- Changed files and queue management to be SELinux compliant
- June 2010
-
- Backend API now in OO style for test node (10.200.0.18)
- Frontend API adapted to use old and new backend API simultaneously
- Perl timeout code changed from SIG to sigaction
- Test node now provides dhcp to virtual machine
- Test node now uses lwp and apache rather than perl multiplex code
- 31 Aug 2008
- Notes upgraded to match slides, able to print notes as a book