Changeset 1582 for honeyclient/trunk

Timestamp:

05/14/08 14:58:08 (3 months ago)

Author:

kindlund

Message:

Added work_unit_limit logic; where cloned VMs will get recycled after visiting X number of URLs. This resolves the issue where our driving application may have a slow memory leak; where after X URLs the OS memory is completely filled, rendering the VM unusable. Instead, we preemptively destroy the VM and create a new one before we hit X. Initially, we'll let X = 2000 and go from there.

Files:

• honeyclient/trunk/etc/honeyclient.xml (modified) (1 diff)
• honeyclient/trunk/lib/HoneyClient/Manager/VM/Clone.pm (modified) (6 diffs)
• honeyclient/trunk/t/honeyclient_manager.t (modified) (1 diff)
• honeyclient/trunk/t/honeyclient_manager_vm_clone.t (modified) (2 diffs)

honeyclient/trunk/etc/honeyclient.xml

@@ -350 +350 @@
-                    1
-                </archive_upon_suspend>
+                <work_unit_limit description="An integer, indicating how many work units (e.g., URLs) the clone VM should process before destroying the VM and regenerating a new clone VM.  This option is useful to set, when trying to drive an application that appears to create slow memory leaks within the VM's OS.  For example, after processing X work units, the VM's OS runs out of memory altogether.  To deal with this issue, we preemptively destroy and regenerate a new clone VM at (X-1) work units, so that the leak no longer affects our operations.  To completely disable this functionality, specify -1." default="2000">
+                    2000
+                </work_unit_limit>
-            </Clone>
-            <!-- HoneyClient::Manager::VM::Test Options -->

honeyclient/trunk/lib/HoneyClient/Manager/VM/Clone.pm

@@ -490 +490 @@
-=back
-
+=head2 work_units_processed
+
+=over 4
+
+The number of work units processed by this VM.
+
+=back
+
-=cut
-
@@ -1277 +1285 @@
-                              namespace => "HoneyClient::Agent"),
-
+        # A variable indicating the number of work units processed by this
+        # cloned VM.
+        work_units_processed => 0,
+
-        # A SOAP handle to the VM manager daemon.  (This internal variable
-        # should never be modified externally.)
@@ -1443 +1455 @@
-                       "# Your master VM is: " . getVar(name => "master_vm_config", namespace => "HoneyClient::Manager::VM") . "\n" .
-                       "#\n" .
-and archiving this master VM
+this master VM and archiving a subsequent clone
-    if ($question =~ /^y.*/i) {
-
@@ -1543 +1555 @@
-            $LOG->error("Thread ID (" . threads->tid() . "): Unable to archive VM (" . $vmConfig . ").");
-        }
+    }
+
+    return $self;
+}
+
+=pod
+
+=head2 $object->destroy()
+
+=over 4
+
+Destroys an existing Clone object, by powering off the VM and
+deleting the subdirectory containing the VM data.
+
+I<Output>: The destroyed Clone B<$object>.
+
+I<Notes>:
+This operation alters the Clone B<$object>.  Do not
+expect to perform any additional operations with 
+this object once this call is finished, since the
+underlying VM has been destroyed.
+
+=back
+
+=begin testing
+
+# Shared test variables.
+my ($stub, $som, $URL);
+my $testVM = $ENV{PWD} . "/" . getVar(name      => "test_vm_config",
+                                      namespace => "HoneyClient::Manager::VM::Test");
+
+# Catch all errors, in order to make sure child processes are
+# properly killed.
+eval {
+
+    my $testVMDir = dirname($testVM);
+
+    # Pretend as though no other Clone objects have been created prior
+    # to this point.
+    $HoneyClient::Manager::VM::Clone::OBJECT_COUNT = -1;
+    
+    my $question;
+    $question = prompt("#\n" .
+                       "# Note: Testing real destroy operations will *ONLY* work\n" .
+                       "# with a fully functional master VM that has the HoneyClient code\n" .
+                       "# loaded upon boot-up.\n" .
+                       "#\n" .
+                       "# This test also requires that the firewall VM is registered,\n" .
+                       "# powered on, and operational.\n" .
+                       "#\n" .
+                       "# Your master VM is: " . getVar(name => "master_vm_config", namespace => "HoneyClient::Manager::VM") . "\n" .
+                       "#\n" .
+                       "# Do you want to test cloning this master VM and destroying a subsequent clone?", "no");
+    if ($question =~ /^y.*/i) {
+
+        # Create a generic empty clone, with test state data.
+        my $clone = HoneyClient::Manager::VM::Clone->new(_bypass_firewall => 1);
+        my $cloneConfig = $clone->{config};
+
+        # Archive the clone.
+        $clone->destroy();
+
+        # Wait for the destroy to complete.
+        sleep (45);
+    
+        # Test if the operations worked.
+        is(!-f $cloneConfig, 1, "destroy()") or diag("The destroy() call failed.");
+   
+        $clone = undef;
+
+        if (-f $cloneConfig) {
+            # Connect to daemon as a client.
+            $stub = getClientHandle(namespace => "HoneyClient::Manager::VM");
+    
+            # Destroy the clone VM.
+            $som = $stub->destroyVM(config => $cloneConfig);
+        }
+    }
+};
+
+# Kill the child daemon, if it still exists.
+HoneyClient::Manager::VM->destroy();
+
+# Report any failure found.
+if ($@) {
+    fail($@);
+}
+
+=end testing
+
+=cut
+
+sub destroy {
+
+    # Extract arguments.
+    my ($self, %args) = @_;
+
+    # Sanity check: Make sure we've been fed an object.
+    unless (ref($self)) {
+        $LOG->error("Error: Function must be called in reference to a " .
+                    __PACKAGE__ . "->new() object!");
+        Carp::croak "Error: Function must be called in reference to a " .
+                    __PACKAGE__ . "->new() object!\n";
+    }
+
+    # Log resolved arguments.
+    $LOG->debug(sub {
+        # Make Dumper format more terse.
+        $Data::Dumper::Terse = 1;
+        $Data::Dumper::Indent = 0;
+        Dumper(\%args);
+    });
+
+    # Signal firewall to deny traffic from this clone.
+    $self->_denyNetwork();
+
+    # Extract the VM configuration file.
+    my $vmConfig = $self->{'config'};
+
+    # Set the internal VM configuration to undef, in order to
+    # avoid potential object DESTROY() calls.
+    $self->{'config'} = undef;
+    
+    $LOG->info("Thread ID (" . threads->tid() . "): Destroying clone VM (" . $vmConfig . ").");
+    my $som = $self->{'_vm_handle'}->destroyVM(config => $vmConfig);
+
+    if (!defined($som)) {
+        $LOG->error("Thread ID (" . threads->tid() . "): Unable to destroy VM (" . $self->{'config'} . ").");
+        $self->_changeStatus(status => "error");
+    } else {
+        $self->_changeStatus(status => "deleted");
-    }
-
@@ -1683 +1826 @@
-
-    while (scalar(%{$args{'work'}})) {
+
+        # Before driving, check if a work unit limit has been specified
+        # and if we've exceeded that limit.
+        if ((getVar(name => "work_unit_limit") > 0) &&
+            ($self->{'work_units_processed'} >= getVar(name => "work_unit_limit"))) {
+
+            $LOG->info("Thread ID (" . threads->tid() . "): (" . $self->{'name'} . ") - Work Unit Limit Reached (" . getVar(name => "work_unit_limit") . ").  Recycling clone VM.");
+            $self->destroy();
+        }
+
-        # Create a new clone, if the current clone is not already running.
-        if ($self->{'status'} ne "running") {
@@ -1702 +1855 @@
-        eval {
-            $LOG->info("Thread ID (" . threads->tid() . "): (" . $self->{'name'} . ") - " . $self->{'driver_name'} . " - Driving To Resource: " . $currentWork);
+            $self->{'work_units_processed'}++;
-            $som = $self->{'_agent_handle'}->drive(driver_name => $self->{'driver_name'},
-                                                   parameters  => encode_base64($currentWork));

honeyclient/trunk/t/honeyclient_manager.t

@@ -105 +105 @@
-require_ok('Data::Dumper');
-use Data::Dumper;
+
+# Make sure Sys::Hostname loads.
+BEGIN { use_ok('Sys::Hostname') or diag("Can't load Sys::Hostname package.  Check to make sure the package library is correctly listed within the path."); }
+require_ok('Sys::Hostname');
+use Sys::Hostname;
+
+# Make sure Sys::HostIP loads.
+BEGIN { use_ok('Sys::HostIP') or diag("Can't load Sys::HostIP package.  Check to make sure the package library is correctly listed within the path."); }
+require_ok('Sys::HostIP');
+use Sys::HostIP;
-}
-

honeyclient/trunk/t/honeyclient_manager_vm_clone.t

@@ -283 +283 @@
-                       "# Your master VM is: " . getVar(name => "master_vm_config", namespace => "HoneyClient::Manager::VM") . "\n" .
-                       "#\n" .
-and archiving this master VM
+this master VM and archiving a subsequent clone
-    if ($question =~ /^y.*/i) {
-
@@ -332 +332 @@
-eval {
-
+    my $testVMDir = dirname($testVM);
+
+    # Pretend as though no other Clone objects have been created prior
+    # to this point.
+    $HoneyClient::Manager::VM::Clone::OBJECT_COUNT = -1;
+    
+    my $question;
+    $question = prompt("#\n" .
+                       "# Note: Testing real destroy operations will *ONLY* work\n" .
+                       "# with a fully functional master VM that has the HoneyClient code\n" .
+                       "# loaded upon boot-up.\n" .
+                       "#\n" .
+                       "# This test also requires that the firewall VM is registered,\n" .
+                       "# powered on, and operational.\n" .
+                       "#\n" .
+                       "# Your master VM is: " . getVar(name => "master_vm_config", namespace => "HoneyClient::Manager::VM") . "\n" .
+                       "#\n" .
+                       "# Do you want to test cloning this master VM and destroying a subsequent clone?", "no");
+    if ($question =~ /^y.*/i) {
+
+        # Create a generic empty clone, with test state data.
+        my $clone = HoneyClient::Manager::VM::Clone->new(_bypass_firewall => 1);
+        my $cloneConfig = $clone->{config};
+
+        # Archive the clone.
+        $clone->destroy();
+
+        # Wait for the destroy to complete.
+        sleep (45);
+    
+        # Test if the operations worked.
+        is(!-f $cloneConfig, 1, "destroy()") or diag("The destroy() call failed.");
+   
+        $clone = undef;
+
+        if (-f $cloneConfig) {
+            # Connect to daemon as a client.
+            $stub = getClientHandle(namespace => "HoneyClient::Manager::VM");
+    
+            # Destroy the clone VM.
+            $som = $stub->destroyVM(config => $cloneConfig);
+        }
+    }
+};
+
+# Kill the child daemon, if it still exists.
+HoneyClient::Manager::VM->destroy();
+
+# Report any failure found.
+if ($@) {
+    fail($@);
+}
+}
+
+
+
+# =begin testing
+{
+# Shared test variables.
+my ($stub, $som, $URL);
+my $testVM = $ENV{PWD} . "/" . getVar(name      => "test_vm_config",
+                                      namespace => "HoneyClient::Manager::VM::Test");
+
+# Catch all errors, in order to make sure child processes are
+# properly killed.
+eval {
+
-    # Pretend as though no other Clone objects have been created prior
-    # to this point.