[Chilli] Coova-Chilli Multi Tenanency Mode
David Bird
david at coova.com
Thu Feb 7 17:19:05 UTC 2013
To serialize the iptables, you can edit the up.sh/down.sh scripts to
wrap all the commands inside something like:
(
flock -s 200
# ... commands executed under lock ...
) 200>/tmp/.chilli-flock
David
On Thu, 2013-02-07 at 16:44 +0000, Russell Mike wrote:
>
>
>
> On Thu, Feb 7, 2013 at 4:05 PM, Luis Ferreira <lferreira at cabocom.cv>
> wrote:
>
>
> Luic SAID
>
>
> Hello everyone,
>
> 1. It could be related to iptable locking, because I've got a bit of
> success if I add "sleep 5" on /etc/init.d/chilli after starting each
> vlan. It's not 100% win, but at least the success rate increased.
>
>
>
> Mike SAID:
> I can agree to your point. But i do not use different script for
> starting multiple instances (vlans) the same "/etc/init.d/chilli
> start" does starts everything. But i have been advised to write a
> different script, then i will add the wait between the "start" of each
> instance. The following line in start script just check "chilli.conf"
> files and start everything. MULTI=
> $(ls /usr/local/etc/chilli/*/chilli.conf 2>/dev/null)
>
>
>
>
> Luic Asked:
> 2. The iptables file located at
> v /usr/local/var/run/chilli.tun0.sh is it generated every time
> chilli boots? Is it executed on chilli process startup? Could
> that be the issue? Not giving enough time for the OS to write
> the file, and ask it to run the script? If it’s that, that
> would explain why is a sporadic problem happening on multi
> chilli, because is starting several chilli processes as fast
> as the machine is capable of.
>
>
> Mike SAID:
>
> Yes Luic, the file, the iptables rule under "/var/run/tun*.sh
> is created every time. Because i have seen that when there is
> login page problem from a VLAN, i have verify that iptables
> file exists normal for that tunnel
> "/var/run/tun_problem_vlan.sh. Well, are you satisfied with
> the contents for the iptables file? do you think that i still
> need the iptable rule you advised earlier? in the above
> section of the communication?
>
>
>
> Atentamente,
>
> Luis Ferreira
>
> Director Técnico
>
> Cabocom S.A.
>
>
>
> -----Mensagem original-----
> De: Petr Štetiar [mailto:ynezz at true.cz]
> Enviada: quinta-feira, 7 de Fevereiro de 2013 05:35
> Para: Robert White
> Cc: Luis Ferreira; chilli at coova.org
> Assunto: Re: [Chilli] Coova-Chilli Multi Tenanency Mode
>
> Robert White <rwhite at globalgossip.net> [2013-02-07 13:40:21]:
>
> Ynezz SAID:
>
> All rules from up.sh except the following seem to get created:
>
> ipt_in -p tcp -m tcp --dport $UAMPORT --dst $ADDR -j ACCEPT
>
>
> And sometimes some other rules :)
>
> It seems to only ever happen in multi-instance environments
> so maybe
>
> it is something to do with iptables locking and not allowing
> the
>
> insertion of the rule while another instance is trying to do
> the same? I'm not sure.
>
>
> Yes, maybe something like that, I didn't investigated it in
> the detail either.
>
> I've added simple locking into the coova-chilli init.d script
> and added wildcard system wide iptables rules like "-i tun+"
> and it improved a lot.
>
> -- ynezz
>
>
> Mike Wrote:
>
>
> HI Yneez,
>
>
> It is Fully functional UB 12.4LTS x86_64, suffering with this disease
> only. It will help others as well, if your suggestion fixed the
> problem. Are you willing to provide more information so that i can
> edit the script & give a try? How the below is done you said
>
>
> I've added simple locking into the coova-chilli init.d script and
> added wildcard system wide iptables rules like "-i tun+" and it
> improved a lot.
>
>
>
>
>
> Big Thanks 2 Everyone !!!!
>
>
> Thanks RM --
>
>
>
>
> _______________________________________________
> Chilli mailing list
> Chilli at coova.org
> http://lists.coova.org/cgi-bin/mailman/listinfo/chilli
--
--
David Bird
http://www.linkedin.com/in/dwbird
https://twitter.com/wlanmac
More information about the Chilli
mailing list