Merge branch 'tpm-tmcd' of git-public.flux.utah.edu:/flux/git/users/mike/emulab-devel into tpm-tmcd

db/Image.pm.in

@@ -137,6 +137,30 @@ sub updated($)          { return field($_[0], "updated"); }
 sub mbr_version($)      { return field($_[0], "mbr_version"); }
 sub access_key($)       { return field($_[0], "access_key"); }
 
+#
+# Get a list of all running frisbee images.
+#
+sub ActiveImages($)
+{
+    my ($class) = @_;
+    my @result  = ();
+
+    my $query_result =
+	DBQueryWarn("select imageid from images where frisbee_pid!=0");
+    return undef
+	if (!defined($query_result));
+
+    while (my ($imageid) = $query_result->fetchrow_array()) {
+	my $image = Image->Lookup($imageid);
+	if (!defined($image)) {
+	    print STDERR "*** Could not find DB object for image $imageid\n";
+	    return undef;
+	}
+	push(@result, $image);
+    }
+    return \@result;
+}
+
 #
 # Refresh a class instance by reloading from the DB.
 #

db/audit.in

-#!/usr/bin/perl -wT
+#!/usr/bin/perl -w
 #
 # EMULAB-COPYRIGHT
-# Copyright (c) 2000-2008 University of Utah and the Flux Group.
+# Copyright (c) 2000-2010 University of Utah and the Flux Group.
 # All rights reserved.
 #
 use English;
@@ -200,12 +200,14 @@ if ($today == 7) {
 
 if (! ($query_result = 
        DBQueryWarn("select n.node_id from nodes as n ".
+		   "left join node_types as t on t.type=n.type ".
 		   "left join reserved as r on r.node_id=n.node_id ".
 		   "where (n.eventstate!='". TBDB_NODESTATE_ISUP ."' and ".
 		   "       n.eventstate!='". TBDB_NODESTATE_PXEWAIT ."' and ".
 		   "       n.eventstate!='". TBDB_NODESTATE_ALWAYSUP ."' and ".
 		   "       n.eventstate!='". TBDB_NODESTATE_POWEROFF ."') ".
-		   " and r.pid is null and n.role='testnode'"))) {
+		   " and r.pid is null and n.role='testnode' and ".
+		   "     t.isfednode=0"))) {
     fatal("Error accessing the database.");
 }
 

db/idlemail.in

@@ -2,7 +2,7 @@
 
 #
 # EMULAB-COPYRIGHT
-# Copyright (c) 2000-2007 University of Utah and the Flux Group.
+# Copyright (c) 2000-2010 University of Utah and the Flux Group.
 # All rights reserved.
 #
 
@@ -165,7 +165,7 @@ EOT
 	$time= $r{'idle_time'};
 	$lastact= $r{'lastact'};
         $staleness = $r{'staleness'};
-        if ($staleness >= 600) { # 10 minute stale limit
+        if (!defined($staleness) || $staleness >= 600) { # 10 minute stale limit
             $stale=1;
         }
 	
@@ -283,7 +283,7 @@ EOT
 	    $time= $r{'idle_time'};
 	    $lastact= $r{'lastact'};
 	    $staleness = $r{'staleness'};
-	    if ($staleness >= 600) { # 10 minute stale limit
+	    if (!defined($staleness) || $staleness >= 600) { # 10 minute stale limit
 		$stale=1;
 	    }
 	    SendMessage($pid,$pid,$eid,1,0,$nodes,$time,$lastact,$stale,
@@ -363,7 +363,7 @@ EOT
 	$time= $r{'idle_time'};
 	$lastact= $r{'lastact'};
         $staleness = $r{'staleness'};
-        if ($staleness >= 600) { # 10 minute stale limit
+        if (!defined($staleness) || $staleness >= 600) { # 10 minute stale limit
             $stale=1;
         }
 	

event/stated/stated.in

@@ -637,14 +637,14 @@ sub stateTransition($$) {
             $newstate = TBDB_NODESTATE_SECVIOLATION;
             notify("Moving $node to $newstate because it's in $mode\n");
         }
-	#
-	# And nodes that are in the SECVIOLATION state already are
-	# not allowed to leave!
-	#
-	elsif ($oldstate eq TBDB_NODESTATE_SECVIOLATION) {
-            $newstate = TBDB_NODESTATE_SECVIOLATION;
-	    notify("$node tried to leave SECVIOLATION (to $newstate)\n");
-	}
+    }
+    #
+    # Nodes that are in the SECVIOLATION state are not allowed to leave!
+    #
+    if ($oldstate eq TBDB_NODESTATE_SECVIOLATION &&
+	$newstate ne TBDB_NODESTATE_SECVIOLATION) {
+	notify("$node tried to leave SECVIOLATION (to $newstate)\n");
+	$newstate = TBDB_NODESTATE_SECVIOLATION;
     }
 
     my $now = time();
@@ -870,10 +870,16 @@ sub stateTransition($$) {
 		next;
 	    };
             (/^EMAILNOTIFY$/) && do {
+		my $msg = "$node entered state $mode/$newstate from " .
+		    "$mode/$oldstate";
+		if ($newstate eq TBDB_NODESTATE_SECVIOLATION) {
+		    $msg .= "\n\nNode $node has been powered off.\n" .
+			    "You must address the cause of the violation ".
+			    "and reset the eventstate before powering on.";
+		}
 		SENDMAIL($REALTBOPS,
 			 "STATED: $node entered state $newstate",
-			 "$node entered state $mode/$newstate from " .
-                         "$mode/$oldstate",
+			 $msg,
 			 "Stated Daemon <".$TBOPS.">");
 		next;
             };
@@ -1187,11 +1193,14 @@ sub handleCommand($$;$$) {
 			    $TBPOWEROFF   => "off");
 	    my $func = $funcmap{$command};
 	    info("Sending power $func for nodes: $nodelist\n");
+	    #
 	    # Permissions were checked in order to send the message,
 	    # so we don't need to do any fancy stuff here.
-
-	    my $cmd = "$power $func $nodelist &";
-	    debug("$cmd\n") and
+	    # We do invoke with -e to prevent power from sending a
+	    # further SHUTDOWN event.
+	    #
+	    my $cmd = "$power -e $func $nodelist &";
+	    debug("$cmd\n");
 	    system($cmd) and
 	      notify("$params/$command: ".
 		     "Command '$cmd' failed, error $?: $!\n");
@@ -1693,4 +1702,3 @@ END {
     # Restore $? in case one of the things I called changed it
     $? = $stat;
 }
-

install/boss-install.in

@@ -112,6 +112,7 @@ my $BATCHEXP        = "$PREFIX/bin/batchexp";
 my $NAMED_SETUP     = "$PREFIX/sbin/named_setup";
 my $ADDPUBKEY       = "$PREFIX/sbin/addpubkey";
 my $TBACCT          = "$PREFIX/sbin/tbacct";
+my $GENTOPOFILE     = "$PREFIX/libexec/gentopofile";
 my $WWWDIR          = "$PREFIX/www";
 
 my $CRACKLIB_DICT   = "/usr/local/lib/pw_dict.pwd";
@@ -1622,6 +1623,11 @@ Phase "experiments", "Setting up system experiments", sub {
 			   "  -L 'System Experiment' ".
 			   "  -E '$desc - DO NOT DELETE' ".
 			   "  -p $pid -e $eid");
+	    #
+	    # XXX create an empty topomap so that nodes booting up in
+	    # one of these experiments won't fail in rc.topomap.
+	    #
+	    ExecQuiet("$SUDO -u $PROTOUSER $GENTOPOFILE $pid $eid");
 	};
     }
 };

install/update-testbed.in

@@ -45,6 +45,7 @@ my $PGENISUPPORT = @PROTOGENI_SUPPORT@;
 my $INSTALLUPDATE= "$TB/sbin/update-install";
 my $SETSITEVAR   = "$TB/sbin/setsitevar";
 my $STARTUP      = "/usr/local/etc/rc.d/3.testbed.sh";
+my $FRISBEE      = "$TB/sbin/frisbeelauncher";
 my $tempfile     = "/var/tmp/update.$$";
 
 # Protos
@@ -85,6 +86,7 @@ BEGIN
 use emdb;
 use libEmulab;
 use libtestbed;
+use Image;
 
 #
 # Parse command arguments.
@@ -305,6 +307,23 @@ if ($stopbed) {
 	Fatal("Could not stop testbed daemons. Stopping.");
     }
     $stopped = 1;
+
+    my $activeimages = Image->ActiveImages();
+    if (defined($activeimages)) {
+	my @activeimages = @{ $activeimages };
+	if (@activeimages) {
+	    print "** Stopping running frisbee processes ...\n";
+	}
+	foreach my $image (@activeimages) {
+	    my $imageid = $image->imageid();
+	    print "-> Killing frisbee for $image ...\n";
+	    system("$FRISBEE -k $imageid");
+	    if ($?) {
+		Fatal("Could not stop frisbee for $image!");
+	    }
+	}
+    }
+    
     print "** Testbed is stopped. Proceeding to update\n";
 
     #

install/updates/5/12

+#
+# Create a null topomap for system experiments.
+#
+# This way, when a node happens to boot from disk while in one of these
+# experiments (e.g., hwdown), it won't fail in rc.topomap.  For new installs,
+# this is now done by boss-install.
+#
+# Is this important?  No, but it irritated me.
+#
+use strict;
+use libinstall;
+
+# XXX lifted from boss-install.in
+my %EXPERIMENTS =
+    ("hwdown"	     => {"pid"	       => "emulab-ops",
+			 "description" => "Node reported as down"},
+     "reloading"     => {"pid"	       => "emulab-ops",
+			 "description" => "Nodes reloading images"},
+     "reloadpending" => {"pid"	       => "emulab-ops",
+			 "description" => "Nodes waiting for reload"},
+     "oldreserved"   => {"pid"	       => "emulab-ops",
+			 "description" => "Nodes in limbo during swap modify"},
+     "nfree-leases"  => {"pid"	       => "emulab-ops",
+			 "description" => "Nodes in limbo during nfree"},
+     "nfree-locked"  => {"pid"	       => "emulab-ops",
+			 "description" => "Nodes in limbo during nfree"},
+     "opsnodes"	     => {"pid"	       => "emulab-ops",
+			 "description" => "Nodes designated as Ops Nodes"},
+     "holding"	     => {"pid"	       => "emulab-ops",
+			 "description" => "Nodes in a holding pattern"},
+     "shared-nodes"  => {"pid"	       => "emulab-ops",
+			 "description" => "Nodes in shared mode"},
+     "hwcheckup"     => {"pid"	       => "emulab-ops",
+			 "description" => "Nodes being testing after failure"},
+    );
+
+my $SUDO        = "/usr/local/bin/sudo";
+my $GENTOPOFILE = "$TBROOT/libexec/gentopofile";
+
+sub InstallUpdate($$)
+{
+    my ($version, $phase) = @_;
+
+    #
+    # If something should run in the pre-install phase.
+    #
+    if ($phase eq "pre") {
+	Phase "gentopo", "Creating NULL topomap for system experiments", sub {
+	    foreach my $eid (keys(%EXPERIMENTS)) {
+		my $pid  = $EXPERIMENTS{$eid}->{"pid"};
+		ExecQuiet("$SUDO -u $PROTOUSER $GENTOPOFILE $pid $eid");
+	    }
+	};
+    }
+    
+    #
+    # If something should run in the post-install phase.
+    #
+    if ($phase eq "post") {
+    }
+    
+    return 0;
+}
+1;

install/updates/5/13

+#
+# Install new port, for ProtoGENI.
+#
+use strict;
+use libinstall;
+
+sub InstallUpdate($$)
+{
+    my ($version, $phase) = @_;
+
+    #
+    # If something should run in the pre-install phase.
+    #
+    if ($phase eq "pre") {
+	Phase "p5-XML-SemanticDiff", "Checking for p5-XML-SemanticDiff", sub {
+	    DoneIfPackageInstalled("p5-XML-SemanticDiff");
+	    ExecQuietFatal("cd $PORTSDIR/textproc/p5-XML-SemanticDiff; ".
+			   "make MASTER_SITE_FREEBSD=1 -DBATCH install");
+	};
+    }    
+    
+    #
+    # If something should run in the post-install phase.
+    #
+    if ($phase eq "post") {
+    }
+    
+    return 0;
+}
+1;

protogeni/lib/GeniAuthority.pm.in

@@ -344,7 +344,6 @@ sub Version($)
 	else {
 	    $self->{'version'}  = $response->value()->{'api'};
 	    $self->{'apilevel'} = $response->value()->{'level'};
-	    $self->{'apilevel'} = 0;
 	    $self->{'api'}      = "CM";
 	}
     }

protogeni/lib/GeniTicket.pm.in

@@ -169,7 +169,7 @@ sub Create($$$$)
     # For now, all tickets expire very quickly ...
     #
     $self->{'redeem_before'} =
-	POSIX::strftime("20%y-%m-%dT%H:%M:%S", localtime(time() + (5*60)));
+	POSIX::strftime("20%y-%m-%dT%H:%M:%S", localtime(time() + (10*60)));
 
     #
     # Locally generated tickets need a local DB index, which can be the

protogeni/updates/16

+#
+# 
+#
+use strict;
+use GeniDB;
+
+sub DoUpdate($$$)
+{
+    my ($dbhandle, $dbname, $version) = @_;
+
+    DBSetDefault($dbhandle);
+
+    DBQueryFatal( "ALTER TABLE `geni_authorities` " .
+		  "MODIFY `type` enum( 'sa', 'ma', 'ch', 'cm', 'ses', 'am' ) " .
+		  "NOT NULL DEFAULT 'sa'" );
+    
+    return 0;
+}
+1;

sql/updates/4/222

 #
-# DB state for secure boot and loading.
+# Add missing sitevars.
 #
 use strict;
 use libdb;
@@ -7,154 +7,26 @@ use libdb;
 sub DoUpdate($$$)
 {
     my ($dbhandle, $dbname, $version) = @_;
-    my @mode_transitions = (
-	["SECUREBOOT","TPMSIGNOFF","MINIMAL","SHUTDOWN",""],
-	["SECUREBOOT","TPMSIGNOFF","NORMAL","SHUTDOWN",""],
-	["SECUREBOOT","TPMSIGNOFF","NORMALv2","SHUTDOWN",""],
-	["SECUREBOOT","TPMSIGNOFF","PXEFBSD","SHUTDOWN",""]
-    );
-    my @timeouts = (
-	["SECUREBOOT","BOOTING",3600,"STATE:SECVIOLATION"],
-	["SECUREBOOT","GPXEBOOTING",3600,"STATE:SECVIOLATION"],
-	["SECUREBOOT","PXEBOOTING",3600,"STATE:SECVIOLATION"],
-	["SECUREBOOT","SHUTDOWN",3600,"STATE:SECVIOLATION"],
-	["SECUREBOOT","TPMSIGNOFF",3600,"STATE:SECVIOLATION"],
-	["SECURELOAD","BOOTING",3600,"STATE:SECVIOLATION"],
-	["SECURELOAD","GPXEBOOTING",3600,"STATE:SECVIOLATION"],
-	["SECURELOAD","PXEBOOTING",3600,"STATE:SECVIOLATION"],
-	["SECURELOAD","RELOADDONE",3600,"STATE:SECVIOLATION"],
-	["SECURELOAD","RELOADING",3600,"STATE:SECVIOLATION"],
-	["SECURELOAD","RELOADSETUP",3600,"STATE:SECVIOLATION"],
-	["SECURELOAD","SHUTDOWN",3600,"STATE:SECVIOLATION"],
-	["SECURELOAD","TPMSIGNOFF",3600,"STATE:SECVIOLATION"]
-    );
-    my @transitions = (
-	["SECUREBOOT","BOOTING","SECVIOLATION","QuoteFailed"],
-	["SECUREBOOT","BOOTING","TPMSIGNOFF","QuoteOK"],
-	["SECUREBOOT","GPXEBOOTING","PXEBOOTING","DHCP"],
-	["SECUREBOOT","PXEBOOTING","BOOTING","BootInfo"],
-	["SECURELOAD","BOOTING","PXEBOOTING","re-BootInfo"],
-	["SECURELOAD","BOOTING","RELOADSETUP","QuoteOK"],
-	["SECURELOAD","BOOTING","SECVIOLATION","QuoteFailed"],
-	["SECURELOAD","GPXEBOOTING","PXEBOOTING","DHCP"],
-	["SECURELOAD","PXEBOOTING","BOOTING","BootInfo"],
-	["SECURELOAD","RELOADDONE","SECVIOLATION","QuoteFailed"],
-	["SECURELOAD","RELOADDONE","TPMSIGNOFF","QuoteOK"],
-	["SECURELOAD","RELOADING","RELOADDONE","ImageOK"],
-	["SECURELOAD","RELOADING","SECVIOLATION","ImageBad"],
-	["SECURELOAD","RELOADSETUP","RELOADING","ReloadReady"],
-	["SECURELOAD","SHUTDOWN","GPXEBOOTING","QuoteOK"],
-	["SECURELOAD","SHUTDOWN","SECVIOLATION","QuoteFailed"]
-    );
-    my @triggers = (
-	["*","*","GPXEBOOTING","SECUREBOOT"],
-	["*","*","SECVIOLATION","POWEROFF, EMAILNOTIFY"],
-	["*","SECUREBOOT","BOOTING",""],
-	["*","SECUREBOOT","PXEBOOTING",""],
-	["*","SECUREBOOT","TPMSIGNOFF","PXEBOOT, BOOTING, CHECKGENISUP"],
-	["*","SECURELOAD","BOOTING",""],
-	["*","SECURELOAD","PXEBOOTING",""],
-	["*","SECURELOAD","RELOADDONE","RESET, RELOADDONE"]
-    );
 
-    foreach my $row (@mode_transitions) {
-	my ($opm1,$s1,$opm2,$s2,$lab) = @$row;
-	my $query_result =
-	    DBQueryFatal("SELECT op_mode1 FROM mode_transitions WHERE ".
-			 "op_mode1='$opm1' AND state1='$s1' AND ".
-			 "op_mode2='$opm2' AND state2='$s2'");
-	if ($query_result->numrows == 0) {
-	    DBQueryFatal("INSERT INTO mode_transitions VALUES ".
-			 "('$opm1','$s1','$opm2', '$s2','$lab')");
-	}
-    }
-
-    foreach my $row (@timeouts) {
-	my ($opm,$s,$to,$act) = @$row;
-	my $query_result =
-	    DBQueryFatal("SELECT op_mode FROM state_timeouts WHERE ".
-			 "op_mode='$opm' AND state='$s'");
-	if ($query_result->numrows == 0) {
-	    DBQueryFatal("INSERT INTO state_timeouts VALUES ".
-			 "('$opm','$s','$to', '$act')");
-	}
-    }
+    DBQueryFatal("INSERT INTO sitevariables VALUES ".
+		 "('protogeni/max_components','-1','-1', ".
+		 " 'Maximum number of components that can be allocated.".
+		 " -1 indicates any number of components can be allocated.', ".
+		 " 0")
+	if (!TBSiteVarExists("protogeni/max_components"));
 
-    foreach my $row (@transitions) {
-	my ($opm,$s1,$s2,$lab) = @$row;
-	my $query_result =
-	    DBQueryFatal("SELECT op_mode FROM state_transitions WHERE ".
-			 "op_mode='$opm' AND state1='$s1' AND state2='$s2'");
-	if ($query_result->numrows == 0) {
-	    DBQueryFatal("INSERT INTO state_transitions VALUES ".
-			 "('$opm','$s1','$s2','$lab')");
-	}
-    }
+    my $foo = "When set, external users may allocate slivers on your testbed.";
 
-    foreach my $row (@triggers) {
-	my ($node,$opm,$s,$trig) = @$row;
-	my $query_result =
-	    DBQueryFatal("SELECT node_id FROM state_triggers WHERE ".
-			 "node_id='$node' AND op_mode='$opm' AND state='$s'");
-	if ($query_result->numrows == 0) {
-	    DBQueryFatal("INSERT INTO state_triggers VALUES ".
-			 "('$node','$opm','$s','$trig')");
-	}
-    }
-
-    #
-    # Add fields to images table for authentication/decryption keys
-    #
-    if (!DBSlotExists("images", "auth_uuid")) {
-        DBQueryFatal("ALTER TABLE images ADD `auth_uuid`".
-		     "  varchar(64) DEFAULT NULL AFTER access_key");
-    }
-    DBQueryFatal("REPLACE INTO table_regex VALUES ".
-		 "('images','auth_uuid','text','regex', ".
-		 "  '^[0-9a-fA-F]+\$',0,0,NULL)");
-    if (!DBSlotExists("images", "auth_key")) {
-        DBQueryFatal("ALTER TABLE images ADD `auth_key` ".
-		     "  varchar(512) DEFAULT NULL AFTER auth_uuid");
+    if (TBSiteVarExists("protogeni/max_components")) {
+	DBQueryFatal("update sitevariables set ".
+		     "description='$foo' ".
+		     "where name='protogeni/max_externalnodes'");
     }
-    DBQueryFatal("REPLACE INTO table_regex VALUES ".
-		 "('images','auth_key','text','regex', ".
-		 "  '^[0-9a-fA-F,]+\$',0,0,NULL)");
-    if (!DBSlotExists("images", "decryption_key")) {
-        DBQueryFatal("ALTER TABLE images ADD `decryption_key` ".
-		     "  varchar(256) DEFAULT NULL AFTER auth_key");
+    else {
+	DBQueryFatal("INSERT INTO sitevariables VALUES ".
+		     "('protogeni/max_externalnodes',NULL,'1024', ".
+		     " '$foo', 0");
     }
-    DBQueryFatal("REPLACE INTO table_regex VALUES ".
-		 "('images','decryption_key','text','regex', ".
-		 "  '^[0-9a-fA-F]+\$',0,0,NULL)");
-
-    if (!DBSlotExists("node_hostkeys", "tpmidentity")) {
-	DBQueryFatal("ALTER TABLE node_hostkeys ADD `tpmidentity` ".
-		     " mediumtext AFTER tpmx509");
-    }
-
-    #
-    # Add nonces/quotes tables
-    #
-    if (!DBTableExists("nonces")) {
-	DBQueryFatal("CREATE TABLE `nonces` ( ".
-		     "  `node_id` varchar(32) NOT NULL, ".
-		     "  `purpose` varchar(64) NOT NULL, ".
-		     "  `nonce` mediumtext, ".
-		     "  `expires` int(10) NOT NULL, ".
-		     "  PRIMARY KEY (`node_id`,`purpose`) ".
-		     ") ENGINE=MyISAM DEFAULT CHARSET=latin1");
-    }
-    if (!DBTableExists("tpm_quote_values")) {
-	DBQueryFatal("CREATE TABLE `tpm_quote_values` ( ".
-		     "  `node_id` varchar(32) NOT NULL default '', ".
-		     "  `op_mode` varchar(20) NOT NULL, ".
-		     "  `state` varchar(20) NOT NULL, ".
-		     "  `pcr` int(11) NOT NULL, ".
-		     "  `value` mediumtext, ".
-		     "  PRIMARY KEY (`node_id`,`op_mode`,`state`,`pcr`) ".
-		     ") ENGINE=MyISAM DEFAULT CHARSET=latin1");
-    }
-
     return 0;
 }
 1;

sql/updates/4/223

+#
+# DB state for secure boot and loading.
+#
+use strict;
+use libdb;
+
+sub DoUpdate($$$)
+{
+    my ($dbhandle, $dbname, $version) = @_;
+    my @mode_transitions = (
+	["SECUREBOOT","TPMSIGNOFF","MINIMAL","SHUTDOWN",""],
+	["SECUREBOOT","TPMSIGNOFF","NORMAL","SHUTDOWN",""],
+	["SECUREBOOT","TPMSIGNOFF","NORMALv2","SHUTDOWN",""],
+	["SECUREBOOT","TPMSIGNOFF","PXEFBSD","SHUTDOWN",""]
+    );
+    my @timeouts = (
+	["SECUREBOOT","BOOTING",3600,"STATE:SECVIOLATION"],
+	["SECUREBOOT","GPXEBOOTING",3600,"STATE:SECVIOLATION"],
+	["SECUREBOOT","PXEBOOTING",3600,"STATE:SECVIOLATION"],
+	["SECUREBOOT","SHUTDOWN",3600,"STATE:SECVIOLATION"],
+	["SECUREBOOT","TPMSIGNOFF",3600,"STATE:SECVIOLATION"],
+	["SECURELOAD","BOOTING",3600,"STATE:SECVIOLATION"],
+	["SECURELOAD","GPXEBOOTING",3600,"STATE:SECVIOLATION"],
+	["SECURELOAD","PXEBOOTING",3600,"STATE:SECVIOLATION"],
+	["SECURELOAD","RELOADDONE",3600,"STATE:SECVIOLATION"],
+	["SECURELOAD","RELOADING",3600,"STATE:SECVIOLATION"],
+	["SECURELOAD","RELOADSETUP",3600,"STATE:SECVIOLATION"],
+	["SECURELOAD","SHUTDOWN",3600,"STATE:SECVIOLATION"],
+	["SECURELOAD","TPMSIGNOFF",3600,"STATE:SECVIOLATION"]
+    );
+    my @transitions = (
+	["SECUREBOOT","BOOTING","SECVIOLATION","QuoteFailed"],
+	["SECUREBOOT","BOOTING","TPMSIGNOFF","QuoteOK"],
+	["SECUREBOOT","GPXEBOOTING","PXEBOOTING","DHCP"],
+	["SECUREBOOT","PXEBOOTING","BOOTING","BootInfo"],
+	["SECURELOAD","BOOTING","PXEBOOTING","re-BootInfo"],
+	["SECURELOAD","BOOTING","RELOADSETUP","QuoteOK"],
+	["SECURELOAD","BOOTING","SECVIOLATION","QuoteFailed"],
+	["SECURELOAD","GPXEBOOTING","PXEBOOTING","DHCP"],
+	["SECURELOAD","PXEBOOTING","BOOTING","BootInfo"],
+	["SECURELOAD","RELOADDONE","SECVIOLATION","QuoteFailed"],
+	["SECURELOAD","RELOADDONE","TPMSIGNOFF","QuoteOK"],
+	["SECURELOAD","RELOADING","RELOADDONE","ImageOK"],
+	["SECURELOAD","RELOADING","SECVIOLATION","ImageBad"],
+	["SECURELOAD","RELOADSETUP","RELOADING","ReloadReady"],
+	["SECURELOAD","SHUTDOWN","GPXEBOOTING","QuoteOK"],
+	["SECURELOAD","SHUTDOWN","SECVIOLATION","QuoteFailed"]
+    );
+    my @triggers = (
+	["*","*","GPXEBOOTING","SECUREBOOT"],
+	["*","*","SECVIOLATION","POWEROFF, EMAILNOTIFY"],
+	["*","SECUREBOOT","BOOTING",""],
+	["*","SECUREBOOT","PXEBOOTING",""],
+	["*","SECUREBOOT","TPMSIGNOFF","PXEBOOT, BOOTING, CHECKGENISUP"],
+	["*","SECURELOAD","BOOTING",""],
+	["*","SECURELOAD","PXEBOOTING",""],
+	["*","SECURELOAD","RELOADDONE","RESET, RELOADDONE"]
+    );
+
+    foreach my $row (@mode_transitions) {
+	my ($opm1,$s1,$opm2,$s2,$lab) = @$row;
+	my $query_result =
+	    DBQueryFatal("SELECT op_mode1 FROM mode_transitions WHERE ".
+			 "op_mode1='$opm1' AND state1='$s1' AND ".
+			 "op_mode2='$opm2' AND state2='$s2'");
+	if ($query_result->numrows == 0) {
+	    DBQueryFatal("INSERT INTO mode_transitions VALUES ".
+			 "('$opm1','$s1','$opm2', '$s2','$lab')");
+	}
+    }
+
+    foreach my $row (@timeouts) {
+	my ($opm,$s,$to,$act) = @$row;
+	my $query_result =
+	    DBQueryFatal("SELECT op_mode FROM state_timeouts WHERE ".
+			 "op_mode='$opm' AND state='$s'");
+	if ($query_result->numrows == 0) {
+	    DBQueryFatal("INSERT INTO state_timeouts VALUES ".
+			 "('$opm','$s','$to', '$act')");
+	}
+    }
+
+    foreach my $row (@transitions) {
+	my ($opm,$s1,$s2,$lab) = @$row;
+	my $query_result =
+	    DBQueryFatal("SELECT op_mode FROM state_transitions WHERE ".
+			 "op_mode='$opm' AND state1='$s1' AND state2='$s2'");
+	if ($query_result->numrows == 0) {
+	    DBQueryFatal("INSERT INTO state_transitions VALUES ".
+			 "('$opm','$s1','$s2','$lab')");
+	}
+    }
+
+    foreach my $row (@triggers) {
+	my ($node,$opm,$s,$trig) = @$row;
+	my $query_result =
+	    DBQueryFatal("SELECT node_id FROM state_triggers WHERE ".
+			 "node_id='$node' AND op_mode='$opm' AND state='$s'");
+	if ($query_result->numrows == 0) {
+	    DBQueryFatal("INSERT INTO state_triggers VALUES ".
+			 "('$node','$opm','$s','$trig')");
+	}
+    }
+
+    #
+    # Add fields to images table for authentication/decryption keys
+    #
+    if (!DBSlotExists("images", "auth_uuid")) {
+        DBQueryFatal("ALTER TABLE images ADD `auth_uuid`".
+		     "  varchar(64) DEFAULT NULL AFTER access_key");
+    }
+    DBQueryFatal("REPLACE INTO table_regex VALUES ".
+		 "('images','auth_uuid','text','regex', ".
+		 "  '^[0-9a-fA-F]+\$',0,0,NULL)");
+    if (!DBSlotExists("images", "auth_key")) {
+        DBQueryFatal("ALTER TABLE images ADD `auth_key` ".
+		     "  varchar(512) DEFAULT NULL AFTER auth_uuid");
+    }
+    DBQueryFatal("REPLACE INTO table_regex VALUES ".
+		 "('images','auth_key','text','regex', ".
+		 "  '^[0-9a-fA-F,]+\$',0,0,NULL)");
+    if (!DBSlotExists("images", "decryption_key")) {
+        DBQueryFatal("ALTER TABLE images ADD `decryption_key` ".
+		     "  varchar(256) DEFAULT NULL AFTER auth_key");
+    }
+    DBQueryFatal("REPLACE INTO table_regex VALUES ".
+		 "('images','decryption_key','text','regex', ".
+		 "  '^[0-9a-fA-F]+\$',0,0,NULL)");
+
+    if (!DBSlotExists("node_hostkeys", "tpmidentity")) {
+	DBQueryFatal("ALTER TABLE node_hostkeys ADD `tpmidentity` ".
+		     " mediumtext AFTER tpmx509");
+    }
+
+    #
+    # Add nonces/quotes tables
+    #
+    if (!DBTableExists("nonces")) {
+	DBQueryFatal("CREATE TABLE `nonces` ( ".
+		     "  `node_id` varchar(32) NOT NULL, ".