ntred - controller/hub/client for remote btred servers
To query the servers:
ntred [-m macro-file] [-e code] [--hub hub] [--port port] [-N|-H] [-T] [--key-file file] [--filelist file-list ] [-L files] -- script-arguments
To start remote servers and a hub:
ntred -i [--servers server[,server,...]] [--serverlist server-list] [--filelist file-list] [--max-servers num] [--no-server-check] [--no-server-start] [--no-hub-start] [--old-dist-method] [--safe-mode] [--server-debug] [-m macro-file] [-M module] [--btred path-to-btred] [--ssh ssh-command] [--local] [--key-file] [--hub hub] [--port port] [file [...]]
To close all remote servers and a hub:
ntred --quit
To kill all remote servers and a hub:
ntred --kill
To manage files on the servers:
ntred --list-files|--list-changed-files
ntred --reload-files
ntred --reload-macros [-m macro-file]
ntred --load-files [--filelist file-list] [file [...]]
ntred --close-files
ntred --save-files|--save-changed-files [-s strip-sfx] [-a append-sfx] [-p strip-prefix] [-r add-prefix] [-f out-fmt]
ntred --dump-files [--filelist file-list] [file [...]]
ntred --upload-file filename < fs-file
Get help:
ntred -u for usage (synopsis) ntred -h for help ntred --man for the manual page
This program is able to start one or more btred servers on remote machines over SSH (it is highly recommended to use some authentication method that does not require entering a password each time the SSH connection is needed), create a proxy hub to provide the communication between the servers and a client, distribute given files over the servers (provided the servers are able to load the files from given filenames (eg. they share the files over NFS), query the servers using a btred-macro and collect the answers.
In the client mode, the standard output of the macro is printed to
STDOUT of the client. STDERR is reserved for debugging and information
messages as well as error messages caused by the macros on the
servers. The rest of the error output from a server is stored in a
file <logdir>/ntred-server-<host>.log (where <logdir> can be specified
using --logdir
and defaults to /tmp).
ntred [-m macro-file] [-e code] [--hub hub] [--port port] [-N|-H] [-T] [--key-file file] -- script-arguments
--macro-file
or some Perl one-liner. If omitted, it defaults to
'autostart()' and a macro with this name must be defined in
the macro file provided..
--execute
.
do { CODE } while TredMacro::NextTree()
loop).
while ($this) { CODE ; $this=$this-
following }``;> loop).
while ($this) { CODE ; $this=$this-
following_visible(FS())
}``;> loop).
--list-files|-L
but this time the files to be processed are
listed in the given file rather than on the command line. Both options
may be used togther in which case the file-lists are joined.
ntred -i [--servers server[,server,...]] [--serverlist server-list] [--filelist file-list] [--max-servers num] [--no-server-check] [--no-server-start] [--no-hub-start] [--old-dist-method] [--safe-mode] [--server-debug] [-m macro-file] [-M module] [--btred path-to-btred] [--ssh ssh-command] [--local] [--key-file] [--hub hub] [--port port] [file [...]]
--serverlist
.
--servers
nor --serverlist
is
provided, then the list of servers is read from ~/.ntred_serverlist.
In the safe mode, only the following opcodes and opcode-sets are allowed (see Opcode):
:base_core :base_mem :base_loop :base_math entereval caller dofile print entertry leavetry tie untie bless sprintf localtime gmtime sort require
plus :base_orig, but the following opcodes (which are forbidden):
getppid getpgrp setpgrp getpriority setpriority pipe_op sselect select dbmopen dbmclose tie untie
ntred --list-files|--list-changed-files
ntred --reload-files [-filelist file-list] [--listed-files file [...]]
ntred --reload-changed-files
ntred --reload-macros [-m macro_file]
ntred --load-files [--filelist file-list] [file [...]]
ntred --close-files
ntred --save-files|--save-changed-files [-s strip-sfx] [-a append-sfx] [-p strip-prefix] [-r add-prefix] [-f out-fmt]
ntred --quit
ntred --kill [--servers server[,server,...]] [--serverlist server-list]
ntred --break
ntred --dump-files [--filelist file-list] [file [...]]
ntred --upload-file filename < fs-file
$TredMacro::FileChanged
variable to 1, otherwise the btred server
would never notice.
--reload-files
request).
--filelist
or --listed-files
options are given, reload only
files occuring in the given lists (all other files remain intact in
servers' memory).
-m
(--macro-file
) is specified, the servers use the given
macro-file instead of the original one (specified when initializing
btred servers). Note, that the file (with exactly the same path) must
be visible from all server hosts.
--filelist
of in
~/.ntred_filelist to the servers. Note, that a file distributed to a
server is not reloaded by the server if the server already has a file
with the same path in memory.
--add-prefix
, --strip-prefix
,
--strip-suffix
,
--append-suffix
.
--save-files
except that only files that have been changed
by some macro will be saved. Note, that a macro has to claim that the
file was changed by setting $TredMacro::FileChanged
variable to 1,
otherwise the btred server would never notice. See also
--list-changed-files
.
##n
suffix where n
is
the absolute position of the tree in the file (starting from one).
The following example shows how csplit
command can be used to
save individual dumps into separate files:
ntred --dump <files> | csplit -z -f out -b '%d.fs' - '/\/\/FSEND/+2' '{*}'
To merge these separate files into one huge FS file, use
any2any -m hugeout.fs out*.fs
##n
suffix where n
is the absolute
position of the tree in the file (starting from one).
USE AT YOUR OWN RISK. IF SECURITY IS A CRITICAL ISSUE OR IF IN DOUBT, DON'T USE IT AT ALL.
Why is security an issue here? Because btred servers execute almost
arbitrary Perl code provided by the client. In the --unrestricted
mode such code may contain arbitrary commands such as system()
or
open(). It is therefore desirable that the servers are not open for
all parties.
The following precautions have been taken to lower the potential security risks:
1) Both btred servers and hub require an authorization based on verification of a MD5 signature of a random data block (generated by the server in case of the hub-to-btred-server communication and by the hub in case of the client-to-hub communication) xor-ed with an authorization key known to both parties. Although the communication is unencrypted, the client must together with each request send an MD5 checksum of the request XORed with the secret authorization key. Only requests whose signature is verified by the server, are responded.
2) There may be only one connection from a hub to server. As soon as it is closed, the server is terminated.
3) If the servers are started by the hub itself (using --init
) the
authorization key is created by the hub and is passed to the btred
server via a ssh encrypted pipe.
4) The authorization key is also stored in user's home directory as
~/.ntred_session_key
with permissions set to 600 for cleint's
disposal. This theoretically (depending on general system security)
limits the access to the hub and thus to the servers to the user
running the hub (and root). It may though obviously be abused by
root who may run some perl code on all machines running btred
servers. This might especially be undesirable if the hub is running
on a machine whose administrator would normaly have no user access
to the machines running btred servers.
5) It is possible to limit perl code evaluated on the servers within a
safer compartment, where some critical perl commands are disabled.
In some cases, the restrictions may not be sufficient, in other
they may be too strict. Some memory leaks can appear when Safe
compartment is used. See --safe-mode
above for more discussion.
6) Unless --hub
option is used, the hub runs on localhost and as
such is not (under normal circumstances) open for connections from
the outside world.
~/.ntred_serverlist
- default list of servers to use
~/.ntred_filelist
- default list of files to load on servers
~/.ntred_session_key
- client/hub session key
Petr Pajas <pajas@matfyz.cz>
Zdenek Zabokrtsky <zabokrtsky@ufal.mff.cuni.cz>
Copyright 2003 Petr Pajas and Zdenek Zabokrtsky, All rights reserved.