daemon+rib: Merge nrd and nfd into a single process (separate threads)
Change-Id: I41952d5b8ee29f109130c570e0d13ccad6970d2f
Refs: #2489
diff --git a/contrib/osx-launchd/README.md b/contrib/osx-launchd/README.md
index 68d3b9b..6b453aa 100644
--- a/contrib/osx-launchd/README.md
+++ b/contrib/osx-launchd/README.md
@@ -7,23 +7,17 @@
Initial setup
-------------
-Edit `net.named-data.nfd` and `net.named-data.nrd` correcting paths for `nfd` and `nfd`
-binaries, configuration file, and log files.
+Edit `net.named-data.nfd` correcting paths for `nfd` binary, configuration and log files.
- # Copy launchd.plist for nfd (forwarding daemon)
+ # Copy launchd.plist for NFD
sudo cp net.named-data.nfd.plist /Library/LaunchDaemons/
sudo chown root /Library/LaunchDaemons/net.named-data.nfd.plist
- # Copy launchd.plist for nrd (RIB management daemon)
- sudo cp net.named-data.nrd.plist /Library/LaunchDaemons/
- sudo chown root /Library/LaunchDaemons/net.named-data.nrd.plist
-
### Assumptions in the default scripts
-* `nfd` and `nrd` are installed into `/usr/local/bin`
+* `nfd` is installed into `/usr/local/bin`
* Configuration file is `/usr/local/etc/ndn/nfd.conf`
* `nfd` will be run as root
-* `nrd` will be run as user `ndn` and group `ndn`
* Log files will be written to `/usr/local/var/log/ndn` folder, which is owned by user `ndn`
### Creating users
@@ -62,29 +56,24 @@
sudo mkdir -p /usr/local/var/log/ndn
sudo chown -R ndn:ndn /usr/local/var/log/ndn
-`HOME` directories for `nfd` and `nrd` should be created and configured with correct
-library's config file and contain proper NDN security credentials for signing Data
-packets. This is necessary since default private key storage on OSX (`osx-keychain`) does
-not support non-interactive access, and file-based private key storage needs to be used:
+`HOME` directory for `nfd` should be created and configured with correct library's config file
+and contain proper NDN security credentials for signing Data packets. This is necessary since
+default private key storage on OSX (`osx-keychain`) does not support non-interactive access,
+and file-based private key storage needs to be used:
- # Generate self-signed NDN certificate for nfd (owned by root)
- sudo mkdir -p /usr/local/var/lib/ndn/nfd/.ndn
- sudo sh -c 'echo tpm=file > /usr/local/var/lib/ndn/nfd/.ndn/client.conf'
- sudo HOME=/usr/local/var/lib/ndn/nfd ndnsec-keygen /localhost/daemons/nfd | \
- sudo HOME=/usr/local/var/lib/ndn/nfd ndnsec-install-cert -
-
- # Generate self-signed NDN certificate for nrd (owned by ndn)
- sudo mkdir -p /usr/local/var/lib/ndn/nrd/.ndn
- sudo chown -R ndn:ndn /usr/local/var/lib/ndn/nrd
- sudo -u ndn -g ndn sh -c 'echo tpm=file > /usr/local/var/lib/ndn/nrd/.ndn/client.conf'
- sudo -u ndn -g ndn HOME=/usr/local/var/lib/ndn/nrd ndnsec-keygen /localhost/daemons/nrd | \
- sudo -u ndn -g ndn HOME=/usr/local/var/lib/ndn/nrd ndnsec-install-cert -
+ # Create HOME and generate self-signed NDN certificate for nfd
+ sudo -s -- ' \
+ mkdir -p /usr/local/var/lib/ndn/nfd/.ndn; \
+ export HOME=/usr/local/var/lib/ndn/nfd; \
+ echo tpm=tpm-file > /usr/local/var/lib/ndn/nfd/.ndn/client.conf; \
+ ndnsec-keygen /localhost/daemons/nfd | ndnsec-install-cert -; \
+ '
### Configuring NFD's security
-NFD sample configuration allows anybody to create faces, add nexthops to FIB,
-and set strategy choice for namespaces. While such settings could be a good start, it is
-generally not a good idea to run NFD in this mode.
+NFD sample configuration allows anybody to create faces, add nexthops to FIB, and set strategy
+choice for namespaces. While such settings could be a good start, it is generally not a good
+idea to run NFD in this mode.
While thorough discussion about security configuration of NFD is outside the scope of this
document, at least the following change should be done to nfd.conf in authorize section:
@@ -93,7 +82,7 @@
{
authorize
{
- certfile certs/localhost_daemons_nrd.ndncert
+ certfile certs/localhost_daemons_nfd.ndncert
privileges
{
faces
@@ -114,25 +103,25 @@
}
While this configuration still allows management of faces and updating strategy choice by
-anybody, only NFD's RIB Manager Daemon (`nrd`) is allowed to manage FIB.
+anybody, only NFD's RIB Manager (i.e., NFD itself) is allowed to manage FIB.
-As the final step to make this configuration work, nrd's self-signed certificate needs to
-be exported into `localhost_daemons_nrd.ndncert` file:
+As the final step to make this configuration work, NFD's self-signed certificate needs to
+be exported into `localhost_daemons_nfd.ndncert` file:
- sudo mkdir /usr/local/etc/ndn/certs
- sudo sh -c 'sudo -u ndn -g ndn HOME=/usr/local/var/lib/ndn/nrd \
- ndnsec-dump-certificate -i /localhost/daemons/nrd \
- > /usr/local/etc/ndn/certs/localhost_daemons_nrd.ndncert'
+ sudo -s -- '\
+ mkdir -p /usr/local/etc/ndn/certs || true; \
+ export HOME=/usr/local/var/lib/ndn/nfd; \
+ ndnsec-dump-certificate -i /localhost/daemons/nfd > \
+ /usr/local/etc/ndn/certs/localhost_daemons_nfd.ndncert; \
+ '
Enable auto-start
-----------------
sudo launchctl load -w /Library/LaunchDaemons/net.named-data.nfd.plist
- sudo launchctl load -w /Library/LaunchDaemons/net.named-data.nrd.plist
Disable auto-start
------------------
sudo launchctl unload -w /Library/LaunchDaemons/net.named-data.nfd.plist
- sudo launchctl unload -w /Library/LaunchDaemons/net.named-data.nrd.plist
diff --git a/contrib/osx-launchd/net.named-data.nrd.plist b/contrib/osx-launchd/net.named-data.nrd.plist
deleted file mode 100644
index 3cd7aaa..0000000
--- a/contrib/osx-launchd/net.named-data.nrd.plist
+++ /dev/null
@@ -1,25 +0,0 @@
-<?xml version='1.0' encoding='UTF-8'?>
-<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN"
-"http://www.apple.com/DTDs/PropertyList-1.0.dtd" >
-<plist version='1.0'>
-<dict>
-<key>Label</key><string>net.named-data.nrd</string>
-<key>ProgramArguments</key>
-<array>
- <string>/usr/local/bin/nrd</string>
- <string>--config</string>
- <string>/usr/local/etc/ndn/nfd.conf</string>
-</array>
-<key>UserName</key><string>ndn</string>
-<key>GroupName</key><string>ndn</string>
-<key>EnvironmentVariables</key>
-<dict>
- <key>HOME</key><string>/usr/local/var/lib/ndn/nrd</string>
-</dict>
-<key>Debug</key><true/>
-<key>Disabled</key><true/>
-<key>KeepAlive</key><true/>
-<key>StandardErrorPath</key><string>/usr/local/var/log/ndn/nrd.log</string>
-<key>ProcessType</key><string>Background</string>
-</dict>
-</plist>
diff --git a/contrib/upstart/README.md b/contrib/upstart/README.md
index 760e8a8..ff0042e 100644
--- a/contrib/upstart/README.md
+++ b/contrib/upstart/README.md
@@ -8,26 +8,18 @@
Initial setup
-------------
-Edit `nfd.conf` and `nrd.conf` correcting paths for `nfd` and `nfd` binaries,
-configuration file, and log files.
+* Edit `nfd.conf` correcting paths for `nfd` binary, configuration and log files.
- # Copy upstart config file for nfd (forwarding daemon)
- sudo cp nfd.conf /etc/init/
+* Copy upstart config file for NFD
- # Copy upstart config file for nrd (RIB management daemon)
- sudo cp nrd.conf /etc/init/
-
- # Copy upstart config file for nfd-watcher (will restart NFD when network change detected)
- sudo cp nfd-watcher.conf /etc/init/
+ sudo cp nfd.conf /etc/init/
### Assumptions in the default scripts
-* `nfd` and `nrd` are installed into `/usr/local/bin`
+* `nfd` is installed into `/usr/local/bin`
* Configuration file is `/usr/local/etc/ndn/nfd.conf`
* `nfd` will be run as root
-* `nrd` will be run as user `ndn` and group `ndn`
* Log files will be written to `/usr/local/var/log/ndn` folder, which is owned by user `ndn`
-* Whenever network connectivity changes, both `nfd` and `nrd` are restarted
### Creating users
@@ -53,19 +45,15 @@
sudo mkdir -p /usr/local/var/log/ndn
sudo chown -R ndn:ndn /usr/local/var/log/ndn
-`HOME` directories for `nfd` and `nrd` should be created prior to starting. This is
-necessary to manage unique security credentials for the deamons.
+`HOME` directory for `nfd` should be created prior to starting. This is necessary to manage
+unique security credentials for the deamon.
# Create HOME and generate self-signed NDN certificate for nfd
- sudo mkdir -p /usr/local/var/lib/ndn/nfd/.ndn
- sudo HOME=/usr/local/var/lib/ndn/nfd ndnsec-keygen /localhost/daemons/nfd | \
- sudo HOME=/usr/local/var/lib/ndn/nfd ndnsec-install-cert -
-
- # Create HOME and generate self-signed NDN certificate for nrd
- sudo mkdir -p /usr/local/var/lib/ndn/nrd/.ndn
- sudo chown -R ndn:ndn /usr/local/var/lib/ndn/nrd
- sudo -u ndn -g ndn HOME=/usr/local/var/lib/ndn/nrd ndnsec-keygen /localhost/daemons/nrd | \
- sudo -u ndn -g ndn HOME=/usr/local/var/lib/ndn/nrd ndnsec-install-cert -
+ sudo -s -- ' \
+ mkdir -p /usr/local/var/lib/ndn/nfd/.ndn; \
+ export HOME=/usr/local/var/lib/ndn/nfd; \
+ ndnsec-keygen /localhost/daemons/nfd | ndnsec-install-cert -; \
+ '
### Configuring NFD's security
@@ -81,7 +69,7 @@
{
authorize
{
- certfile certs/localhost_daemons_nrd.ndncert
+ certfile certs/localhost_daemons_nfd.ndncert
privileges
{
faces
@@ -102,43 +90,36 @@
}
While this configuration still allows management of faces and updating strategy choice by
-anybody, only NFD's RIB Manager Daemon (`nrd`) is allowed to manage FIB.
+anybody, only NFD's RIB Manager (i.e., NFD itself) is allowed to manage FIB.
-As the final step to make this configuration work, nrd's self-signed certificate needs to
-be exported into `localhost_daemons_nrd.ndncert` file:
+As the final step to make this configuration work, nfd's self-signed certificate needs to
+be exported into `localhost_daemons_nfd.ndncert` file:
- sudo mkdir /usr/local/etc/ndn/certs
- sudo sh -c 'sudo -u ndn -g ndn HOME=/usr/local/var/lib/ndn/nrd \
- ndnsec-dump-certificate -i /localhost/daemons/nrd \
- > /usr/local/etc/ndn/certs/localhost_daemons_nrd.ndncert'
+ sudo -s -- '\
+ mkdir -p /usr/local/etc/ndn/certs || true; \
+ export HOME=/usr/local/var/lib/ndn/nfd; \
+ ndnsec-dump-certificate -i /localhost/daemons/nfd > \
+ /usr/local/etc/ndn/certs/localhost_daemons_nfd.ndncert; \
+ '
Enable auto-start
-----------------
-After copying the provided upstart scripts, `nfd` and `nrd` daemons will automatically run
-after the reboot. To manually start them, use the following commands:
+After copying the provided upstart script, `nfd` daemon will automatically run after the reboot.
+To manually start them, use the following commands:
sudo start nfd
- # nrd will be automatically started by upstart
-
-Note that an additional upstart job, ``nfd-watcher``, will automatically monitor for
-network connectivity changes, such as when network interface gets connected, disconnected,
-or IP addresses of the network interface get updated. When ``nfd-watcher`` detects the
-event, it will restart `nfd` and `nrd`.
Disable auto-start
------------------
-To stop `nrd` and `nfd` daemon, use the following commands:
+To stop `nfd` daemon, use the following commands:
sudo stop nfd
- # nrd will be automatically stopped by upstart
-Note that as long as upstart files are present in `/etc/init/`, the daemons will
-automatically start after the reboot. To permanently stop `nfd` and `nrd` daemons, delete
+Note that as long as upstart files are present in `/etc/init/`, the daemon will
+automatically start after the reboot. To permanently stop `nfd` daemon, delete
the upstart files:
sudo rm /etc/init/nfd.conf
- sudo rm /etc/init/nrd.conf
- sudo rm /etc/init/nfd-watcher.conf
diff --git a/contrib/upstart/nfd-watcher.conf b/contrib/upstart/nfd-watcher.conf
deleted file mode 100644
index 392af52..0000000
--- a/contrib/upstart/nfd-watcher.conf
+++ /dev/null
@@ -1,13 +0,0 @@
-# nfd-watcher.conf
-#
-# Restarting NDN Forwarding Daemon on network connectivity changes
-
-start on (net-device-up or
- net-device-removed or
- net-device-changed)
-task
-
-script
- status nfd | grep -q start/ || stop
- restart nfd
-end script
diff --git a/contrib/upstart/nfd.conf b/contrib/upstart/nfd.conf
index 97179a2..d3673f5 100644
--- a/contrib/upstart/nfd.conf
+++ b/contrib/upstart/nfd.conf
@@ -14,4 +14,13 @@
export HOME
exec /usr/local/bin/nfd --config /usr/local/etc/ndn/nfd.conf 2>> /usr/local/var/log/ndn/nfd.log
+
+post-start script
+ if [ -f /usr/local/etc/ndn/nfd-init.sh ]; then
+ sleep 2 # post-start is executed just after nfd process starts, but there is no guarantee
+ # that all initialization has been finished
+ . /usr/local/etc/ndn/nfd-init.sh
+ fi
+end script
+
post-stop exec sleep 2
diff --git a/contrib/upstart/nrd.conf b/contrib/upstart/nrd.conf
deleted file mode 100644
index 574b81c..0000000
--- a/contrib/upstart/nrd.conf
+++ /dev/null
@@ -1,22 +0,0 @@
-# nrd.conf
-#
-# NDN RIB Manager Daemon
-
-description "NDN RIB Manager Daemon"
-
-start on started nfd
-stop on stopping nfd
-
-respawn
-respawn limit unlimited
-
-setuid ndn
-setgid ndn
-
-pre-start exec sleep 2
-script
- export HOME=/usr/local/var/lib/ndn/nrd
- /usr/local/bin/nrd --config /usr/local/etc/ndn/nfd.conf 2>> /usr/local/var/log/ndn/nrd.log
-end script
-
-post-stop exec sleep 2