All new accounts created on Gitlab now require administrator approval. If you invite any collaborators, please let Flux staff know so they can approve the accounts.

Commit b7246f41 authored by Keith Downie's avatar Keith Downie

Merged with upstream

parents 0624e884 d6bd629c
......@@ -1149,7 +1149,8 @@ SSLProtocol all -SSLv2 -SSLv3
# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
#SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:!RC4:!MD5:!AECDH:+HIGH:+MEDIUM:!LOW
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
......
#!/usr/bin/perl -wT
#
# Copyright (c) 2007-2016 University of Utah and the Flux Group.
# Copyright (c) 2007-2017 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -487,6 +487,31 @@ sub GenUserCredential($)
return ($credential, $speaksfor);
}
#
# Create a user at a cluster via the Cluster RPC Server. The point
# of this is so that the admin user we are operating as exists at
# the cluster when we make the admin level call via using the root
# certificate. Not the best approach, but best I could think of.
#
sub CreatePortalUser($$)
{
my ($authority, $geniuser) = @_;
my $context = APT_Geni::GeniContext();
my ($credential,$speaksfor) =
APT_Geni::GenUserCredential($geniuser);
return -1
if (!defined($credential));
my $credentials = [$credential->asString()];
if (defined($speaksfor)) {
$credentials = [@$credentials, $speaksfor->asString()];
}
my $args = {"credentials" => $credentials};
my $response = PortalRPC($authority, $context, "CreateUser", $args);
return $response->code();
}
#
# RPC to the Cluster RPC server.
#
......
......@@ -405,8 +405,6 @@ sub Delete($)
or return -1;
}
$self->webtask()->Delete();
DBQueryWarn("delete from apt_instance_extension_info where uuid='$uuid'") or
return -1;
DBQueryWarn("delete from apt_instances where uuid='$uuid'") or
return -1;
......@@ -994,6 +992,9 @@ sub UpdateImageStatus($$)
if (!defined($webtask)) {
goto done;
}
# This could be really stale, must refresh.
$webtask->Refresh();
#
# This will need to change; we can get updates from polling or
# from the event stream. The events are processed out of band from
......
......@@ -66,6 +66,7 @@ my $TBOPS = "@TBOPSEMAIL@";
my $OURDOMAIN = "@OURDOMAIN@";
my $MYURN = "urn:publicid:IDN+${OURDOMAIN}+authority+cm";
my $MAINSITE = @TBMAINSITE@;
my $CONVERTER = "$TB/bin/rspec2genilib";
# Concat id/vers.
sub versid($)
......@@ -468,6 +469,11 @@ sub Create($$$$$$)
$vquery .= ",repohash=" . DBQuoteSpecial($argref->{'repohash'});
$vquery .= ",repokey=" . DBQuoteSpecial($argref->{'repokey'});
}
if (exists($argref->{'portal_converted'}) &&
$argref->{'portal_converted'} ne "") {
$vquery .= ",portal_converted=" .
DBQuoteSpecial($argref->{'portal_converted'});
}
# Back to the main table.
$cquery .= ",uuid='$puuid'";
......@@ -538,13 +544,14 @@ sub NewVersion($$)
" creator,creator_idx,updater,updater_idx, ".
" created,uuid, ".
" parent_profileid,parent_version,rspec, ".
" script,paramdefs,reponame,repourl) ".
" script,paramdefs,reponame,repourl, ".
" portal_converted) ".
"select name,profileid,'$newvers',pid,pid_idx, ".
" gid,gid_idx, ".
" creator,creator_idx,'$uid','$uid_idx',".
" now(),uuid(),'$profileid', ".
" '$version',rspec,script,paramdefs, ".
" reponame,repourl ".
" reponame,repourl,portal_converted ".
"from apt_profile_versions as v ".
"where v.profileid='$profileid' and ".
" v.version='$version'"));
......@@ -933,9 +940,9 @@ sub Unlock($)
# specified node, and if $all is set, we change all nodes with the
# same original disk image as the specified node.
#
sub UpdateDiskImage($$@)
sub UpdateDiskImage($$$$$)
{
my ($self, $node_id, $newimage, $all) = @_;
my ($self, $node_id, $newimage, $all, $impotent) = @_;
my $rspec = GeniXML::Parse($self->rspec());
if (! defined($rspec)) {
print STDERR "UpdateDiskImage: Could not parse rspec\n";
......@@ -946,78 +953,88 @@ sub UpdateDiskImage($$@)
# all with the same image.
#
my @nodes = ();
my @list = ();
my $node;
# First find the specified node.
# First find the specified node and generate list to examine.
foreach my $ref (GeniXML::FindNodes("n:node", $rspec)->get_nodelist()) {
if (GeniXML::GetVirtualId($ref) eq $node_id) {
$node = $ref;
last;
push(@list, $node);
}
elsif ($all) {
push(@list, $ref);
}
}
if (!defined($node)) {
print STDERR "$node_id not in rspec\n";
return -1;
}
if ($all) {
#
# Pull out the disk url/urn of the specified node.
#
my $Odiskref = GeniXML::GetDiskImage($node);
my $image_urn;
my $image_url;
if (defined($Odiskref)) {
$image_url = GeniXML::GetText("url", $Odiskref);
$image_urn = GeniXML::GetText("name", $Odiskref);
if (defined($image_url) || defined($image_urn)) {
# Watch for url in the name, flipflop.
if (defined($image_urn) && $image_urn =~ /^http/) {
$image_url = $image_urn;
$image_urn = undef;
}
#
# Pull out the disk url/urn of the specified node.
#
my $Odiskref = GeniXML::GetDiskImage($node);
my $image_urn;
my $image_url;
if (defined($Odiskref)) {
$image_url = GeniXML::GetText("url", $Odiskref);
$image_urn = GeniXML::GetText("name", $Odiskref);
if (defined($image_url) || defined($image_urn)) {
# Watch for url in the name, flipflop.
if (defined($image_urn) && $image_urn =~ /^http/) {
$image_url = $image_urn;
$image_urn = undef;
}
}
}
#
# Now find all nodes using the same disk urn/url and change.
#
foreach my $ref (@list) {
my $diskref = GeniXML::GetDiskImage($ref);
#
# Now find all nodes using the same disk urn/url and change.
# If the both this node and the original node did not
# specify a disk image, then we update it.
#
foreach my $ref (GeniXML::FindNodes("n:node", $rspec)->get_nodelist()) {
my $diskref = GeniXML::GetDiskImage($ref);
#
# If the both this node and the original node did not
# specify a disk image, then we update it.
#
if (!defined($diskref)) {
push(@nodes, $ref)
if (!defined($Odiskref));
next;
}
my $this_url = GeniXML::GetText("url", $diskref);
my $this_urn = GeniXML::GetText("name", $diskref);
next
if (!(defined($image_url) || defined($image_urn)));
if (!defined($diskref)) {
push(@nodes, $ref)
if (!defined($Odiskref));
next;
}
my $this_url = GeniXML::GetText("url", $diskref);
my $this_urn = GeniXML::GetText("name", $diskref);
next
if (!(defined($image_url) || defined($image_urn)));
# Watch for url in the name, flipflop.
if (defined($this_urn) && $this_urn =~ /^http/) {
$this_url = $this_urn;
$this_urn = undef;
}
if (defined($image_url)) {
push(@nodes, $ref)
if ((defined($this_url) && $this_url eq $image_url));
}
else {
push(@nodes, $ref)
if (defined($this_urn) && $this_urn eq $image_urn);
}
# Watch for url in the name, flipflop.
if (defined($this_urn) && $this_urn =~ /^http/) {
$this_url = $this_urn;
$this_urn = undef;
}
if (defined($image_url)) {
# Watch for actually needing to change, for impotent mode.
# Might not change if the cluster is not doing image
# versioning.
push(@nodes, $ref)
if (defined($this_url) && $this_url eq $image_url &&
$this_url ne $newimage);
}
else {
# Watch for actually needing to change, for impotent mode.
# Might not change if the cluster is not doing image
# versioning.
push(@nodes, $ref)
if (defined($this_urn) && $this_urn eq $image_urn &&
$this_urn ne $newimage);
}
}
else {
@nodes = ($node);
}
if (!@nodes) {
print STDERR "Could not find any nodes to update disk image\n";
return -1;
# Impotent mode, return number of nodes to be changed.
if ($impotent) {
return scalar(@nodes);
}
return 0
if (!@nodes);
foreach my $node (@nodes) {
GeniXML::SetDiskImage($node, $newimage);
}
......@@ -1678,7 +1695,21 @@ sub Publish($)
$self->{'DBROW'}->{'published'} = time();
return 0;
}
#
# Set the lastused datetime and usecount for the Picker.
#
sub BumpLastUsed($)
{
my ($self) = @_;
my $profileid = $self->profileid();
return -1
if (! DBQueryWarn("update apt_profiles set ".
" lastused=now(),usecount=usecount+1 ".
"where profileid='$profileid'"));
return 0;
}
#
......@@ -1746,6 +1777,38 @@ sub NodeClientIDs($)
return values(%result);
}
#
# Run a portal converted profile rspec though the converter to update
# the geni-lib script.
#
sub Convert2Genilib($)
{
my ($self) = @_;
my $profileid = $self->profileid();
my $version = $self->version();
my ($in, $filename) = tempfile("/tmp/convertXXXXX", UNLINK => 1);
if (!defined($in)) {
print STDERR "Could not open temporary file for rspec\n";
return -1;
}
print $in $self->rspec();
my $output = emutil::ExecQuiet("$CONVERTER -r $filename");
if ($?) {
print STDERR $output;
print STDERR "*** Could not convert rspec to geni-lib\n";
return -1;
}
my $safe_script = DBQuoteSpecial($output);
return -1
if (! DBQueryWarn("update apt_profile_versions set ".
" script=$safe_script ".
"where profileid='$profileid' and ".
" version='$version'"));
$self->{'DBROW'}->{'script'} = $output;
return 0;
}
###################################################################
package APT_Profile::ImageInfo;
use emdb;
......
This diff is collapsed.
......@@ -33,15 +33,15 @@ SUBDIRS =
BIN_SCRIPTS = manage_profile manage_instance manage_dataset \
create_instance rungenilib ns2rspec nsgenilib.py \
rspec2genilib ns2genilib manage_reservations manage_gitrepo \
manage_images
manage_images rtecheck checkprofile
SBIN_SCRIPTS = apt_daemon aptevent_daemon portal_xmlrpc apt_checkup \
portal_monitor
LIB_SCRIPTS = APT_Profile.pm APT_Instance.pm APT_Dataset.pm APT_Geni.pm \
APT_Aggregate.pm APT_Utility.pm
APT_Aggregate.pm APT_Utility.pm APT_Rspec.pm
WEB_BIN_SCRIPTS = webmanage_profile webmanage_instance webmanage_dataset \
webcreate_instance webrungenilib webns2rspec webns2genilib \
webrspec2genilib webmanage_reservations webmanage_gitrepo \
webmanage_images
webmanage_images webrtecheck
APACHEHOOKS = apt_gitrepo.hook
WEB_SBIN_SCRIPTS= webportal_xmlrpc
LIBEXEC_SCRIPTS = $(WEB_BIN_SCRIPTS) $(WEB_SBIN_SCRIPTS)
......
......@@ -53,6 +53,12 @@ EOF
iocage set template=yes py-cage-new
6. Make it the default
We create the tag py-cage by hand and point it to the correct iocage:
mv /iocage/tags/py-cage /iocage/tags/py-cage-old
cp -R /iocage/tags/py-cage-new /iocage/tags/py-cage
B. Updating your iocage:
......
......@@ -196,6 +196,9 @@ sub callback($$$)
goto done;
}
done:
# This HAS TO BE DONE, to break a circular dependency that causes
# the daemon to grow and grow till it consumes boss.
$instance->Purge();
emutil::FlushCaches();
GeniUtil::FlushCaches();
}
......
#!/usr/bin/perl -w
#
# Copyright (c) 2000-2017 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
# This file is part of the Emulab network testbed software.
#
# This file is free software: you can redistribute it and/or modify it
# under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at
# your option) any later version.
#
# This file is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public
# License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this file. If not, see <http://www.gnu.org/licenses/>.
#
# }}}
#
use strict;
use English;
use Getopt::Std;
use File::Temp qw(tempfile unlink0 :POSIX );
use Data::Dumper;
#
# Convert rspec to geni lib (non destructive, we do not change anything
# in the database). See below for additional regression testing options.
#
sub usage()
{
print STDERR "Usage: checkprofile [-a | pid,name]\n";
print STDERR "Options:\n";
print STDERR " -a : Run rspec2genilib converter on all rspec profiles\n";
print STDERR " -r : Run converted geni-lib\n";
print STDERR " -c : Compare rspecs after running geni-lib\n";
print STDERR " -t : Run RTE check on converted geni-lib script\n";
print STDERR " -g : Print the geni-lib\n";
print STDERR " -s : Print rspec before and after\n";
print STDERR " -x : Only include rspecs with matching token\n";
print STDERR " -G : Also test script based profiles, no RTE of course\n";
print STDERR " -p : Permissive mode, ignore unsupported stuff\n";
exit(-1);
}
my $optlist = "dargscx:tGXp";
my $debug = 0;
my $all = 0;
my $regress = 0;
my $compare = 0;
my $doscript = 0;
my $norspec = 0;
my $printgl = 0;
my $printrspec = 0;
my $rtecheck = 0;
my $permissive = 0;
my $clause = "";
my $profile;
#
# Configure variables
#
my $TB = "@prefix@";
my $TBOPS = "@TBOPSEMAIL@";
my $CONVERTER = "$TB/bin/rspec2genilib";
my $RUNGENILIB = "$TB/bin/rungenilib";
my $RTECHECK = "$TB/bin/rtecheck";
my $XMLLINT = "/usr/local/bin/xmllint";
# Protos
sub fatal($);
sub CheckProfile($);
sub CheckScriptProfile($);
#
# Turn off line buffering on output
#
$| = 1;
STDOUT->autoflush(1);
STDERR->autoflush(1);
#
# Untaint the path
#
$ENV{'PATH'} = "$TB/bin:$TB/sbin:/bin:/usr/bin:/sbin:/usr/sbin";
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
#
# Testbed Support libraries
#
use lib "@prefix@/lib";
use emutil;
use emdb;
use APT_Profile;
use APT_Rspec;
#
# Parse command arguments. Once we return from getopts, all that should
# left are the required arguments.
#
my %options = ();
if (! getopts($optlist, \%options)) {
usage();
}
if (defined($options{"d"})) {
$debug = 1;
}
if (defined($options{"a"})) {
$all = 1;
}
if (defined($options{"r"})) {
$regress = 1;
}
if (defined($options{"c"})) {
$compare = 1;
}
if (defined($options{"g"})) {
$printgl = 1;
}
if (defined($options{"G"})) {
$doscript = 1;
}
if (defined($options{"p"})) {
$permissive = 1;
}
if (defined($options{"s"})) {
$printrspec = 1;
}
if (defined($options{"t"})) {
$rtecheck = 1;
}
if (defined($options{"x"})) {
$clause = "where rspec like '%" . $options{"x"} . "%'";
}
if (defined($options{"X"})) {
$norspec = 1;
}
usage()
if (!$all && @ARGV != 1);
if (!$all) {
$profile = APT_Profile->Lookup($ARGV[0]);
if (!defined($profile)) {
fatal("No such profile");
}
}
if (defined($profile)) {
exit(CheckProfile($profile));
}
else {
#
# Find all profiles with no script
#
my $query_result =
DBQueryFatal("select p.profileid from apt_profiles as p ".
"left join apt_profile_versions as v on ".
" v.profileid=p.profileid and v.version=p.version ".
"$clause ".
"order by p.pid,p.name");
my $count = 0;
my $errors = 0;
while (my ($id) = $query_result->fetchrow_array()) {
my $profile = APT_Profile->Lookup($id);
next
if (!defined($profile));
next
if (defined($profile->script()) && !$doscript);
next
if (!defined($profile->script()) && $norspec);
print "Converting $profile\n";
$count++;
$errors++
if (CheckProfile($profile));
}
print "##########\n";
print "$count profiles, $errors failed\n";
}
#
# Run the converter on a profile.
#
sub CheckProfile($)
{
my ($profile) = @_;
#
# We test script based profiles differently.
#
if (defined($profile->script())) {
return CheckScriptProfile($profile);