GitLab

the web page to add/delete a key! Nodes were getting updated, but
the SFS server was not cause there was no program to fire the new keys
over there.

The operation is currently simple. sfskey_update on boss constructs a
new sfs_users file. Then it runs sfskey_update.proxy on ops (vis ssh
of course), and gives it the new file via stdin. The proxy creates the
.pub version from that file, and then moves the two new files into
place in /etc/sfs. I employ the same locking stuff that Rob did in
exports_setup and named_setup to prevent multiple updates from
stacking up. Not likely, but might as well. Also note that the entire
file is regenerated. When we get 5000 users this might have to change
a little bit!

Also changed mkacct slightly. Instead of doing a "sfskey register" on
ops after generating the new key, just add it to the DB. Then fire off
an sfskey_update to push the new keys over. Also add a -f flag to
mkacct for use from the web page to indicate that the user has changed
his SFS keys. Note that mkacct should probably take a series of flags
since we have it as a wrapper for several things. Or maybe split all
this stuff up.

  iptonodeid. Currently, the only real change for jailflag is in
  doaccounts, which returns a normal accounts list for a jailed virtual
  node (pid,gid like local nodes), a set of tbadmin accounts for a
  physical node doing jails (so we can still log into any node even if
  its doing jails), and continues to do the old thing for widearea nodes
  not doing jails (pcremote_ok slot in projects table). Nasty, I know.

* Add dotarball command which returns a tarball to a widearea node via
  ssl. The filename must be in the tarballs list for the node (vnode),
  and the file must be in the gid of the experiment, or be owned by the
  experiment creator. Last bit of paranoia is that the resolved path
  must live in one of /proj, /groups, or /users. In addition, all of the
  FS commands are wrapped so that an NFS hangup to ops will not wedge
  tmcd completely.

* jailconfig command, which returns the current config for a jailed
  node so that mkjail can give the proper options to the jail command
  (requires Mike's hacks to the kernel and jail). Last 3 are hardwired
  as you can see, but will eventually come from the DB.

		"PORTRANGE=\"%s,%s\"\n"
		"SYSVIPC=1\n"
		"INETRAW=1\n"
		"BPFRO=1\n", row[0], row[1]);

* Do not return any mounts for jail nodes until we figure out the SFS
  thing.

* Change format of vnodelist so that when a node boots it determine if
  the vnodes that need to be started should be jailed or not.

* Add nodeid command so that widearea nodes can find out their emulab
  ID; useful for cvsup.

* Clear some compiler warnings Mac left behind.

Add proper subscription to only stuff I care about and proper exiting when a signal is received (instead of a 'natural' death like exit or die).

node supports and is doing jails. In the virtual node, it means it is
a jailed node. It should be obvious that these are set the same for a
node; it means I do not have to query two nodes to find out what to
do. When set, the parent gets a different set of accounts and mounts,
and we hand out accounts to the jailed node.

with jailed vnodes that now do their own accounts.

  script. The old script is just a wrapper that asks the page for the
  real script, which is run on the node. We return a url and md5 in
  the response, which the node then gets with wget. Right now the md5
  and the url are hardwired in the page, and the script goes in
  /z/testbed/distributions on boss. Needs to be DB loaded instead. The
  node will wait forever until it can get the script. ^C on the
  console will drop the node into a shell if the user knows the root
  password.

  Security is flimsy still; we depend on the ssl connection to ensure
  that the script is really coming from emulab. Should probably sign
  the script.

* Nodes report their local hostname in the URL. Optional of course.
  Stick that in as the nickname so its easier to see where a wa/ron
  node actually is.

* As of version 3, the CDROM no downloads the entire register.pl
  script. The old script is just a wrapper that asks the page for the
  real script, which is run on the node. We return a url and md5 in
  the response, which the node then gets with wget. Right now the md5
  and the url are hardwired in the page, and the script goes in
  /z/testbed/distributions on boss. Needs to be DB loaded instead.

* Return the slice in which we want to place the extrafs (/users)
  instead of trying to guess one. Since we return an fdisk table and a
  set of slices, we know what the setup is going to be anyway!

Add email aliases for testbed-stated and testbed-testsuite, and update all the defs files to use the same (or similar) addr for those lists as for testbed-logs. Make stated use the new alias too.

Small tweak to the always-reload hack. If it is virtual, we don't really want to reload it, since it will pretty much just get stuck in reloadpending.

store the cdkey it passed in the DB). Mostly informational at this
point but could be useful later.

Add icky hack to pass the hostname of the new node into newwanode so
that it gets a nickname set. Optional, but not nice in the web
display until we get the node registration page going; it tells us who
owns the node more clearly.
Another really icky hack to notice that its a ron node, and use the
proper argument to newwanode.

Updated with the latest stuff. Lots of changes to state_transitions, mode_transitions, state_triggers, and state_timeouts.

Small fix for perl oddity. Note to self: Do not expect $myhash{TB_CONSTANT_SUB} to work since it evals TB_CONSTANT_SUB as a string unless you force it to be an expression (ie with parens).

Changes to watch out for:

- db calls that change boot info in nodes table are now calls to os_select

- whenever you want to change a node's pxe boot info, or def or next boot
osids or paths, use os_select.

- when you need to wait for a node to reach some point in the boot process
(like ISUP), check the state in the database using the lib calls

- Proxydhcp now sends a BOOTING state for each node that it talks to.

- OSs that don't send ISUP will have one generated for them by stated
either when they ping (if they support ping) or immediately after they get
to BOOTING.

- States now have timeouts. Actions aren't currently carried out, but they
will be soon. If you notice problems here, let me know... we're still
tuning it. (Before all timeouts were set to "none" in the db)

One temporary change:

- While I make our new free node manager daemon (freed), all nodes are
forced into reloading when they're nfreed and the calls to reset the os
are disabled (that will move into freed).

apod will work with older kernels that don't support authentication

sysctls

you to approve users to main group. Not allowed to "edit" the group
membership in the main group of course; the check was for both cases.

(installs into /usr/testbed/bin/tbresize but isn't avail. on ops yet)

Usage: tbresize [-d] -a -e pid,eid -n num -t type [-p prefix]
       tbresize [-d] -r -e pid,eid <node> [<node> ...]
       tbresize -h
Use -h to show this usage message.
Use -d to enable extra debugging output.
Use -a to add nodes to an experiment.
Use -r to remove nodes from an experiment.
Use -e pid,eid to specify the experiment to resize.
Use -n to specify the number of nodes to add.
Use -t to specify the type of the nodes to be added (pc, pc850, pc600,
etc).
Use -p to specify a prefix for vnames (i.e. "node" => node0 .. nodeN).
With -r, specify a list of one or more nodes to be removed (i.e. pcXX).

Can even resize an expt down to no nodes then back up again. If it has
one LAN/link in the expt, it adds the new nodes to it. If it has zero or
more than one, it doesn't connect the new nodes to the topology.

After finding and reserving (or before freeing) it fixes up the right
places in the db and reruns snmpit, then reruns exports_setup and
named_setup and reboots all the nodes that are now in the expt so they get
updated configuration data.

Even visualizes properly after being resized, the only catch is that the
ns file is the original one, not one generated from the db.

Use it, abuse it, have fun with it, and let me know what breaks.

case where the end of the partition was allocated (instead of free).

Added a little debug output.

routes can be listed for each interface on a node, and so that the
route list can be converted into an ipfw chain on the client for nse.
Add tmcd command to return the entire route list for the experiment.

routes can be listed for each interface on a node, and so that the
route list can be converted into an ipfw chain on the client for nse.

interface on the local node) of the route. Added as a primary key.

used for the SIOCGIFHWADDR ioctl in Linux did NOT deallocate the descriptor,
nor was an error returned by close!  I changed the code to use a statically
allocated socket - better anyway.

Added link to Control Delay Nodes
(only shows up if admin is enabled.)

Add logging to @prefix@/log/power.log - writes down when and how it was rebooted. Will aid in some debugging tasks, and will be much more important after merging the new stated stuff, when node_reboot will check the state of the node before rebooting it.

to NS's main repository as well. This fix ensured that nse gets all packets
rather some being dropped in the kernel or left over in pcap's buffer.

Small changes to image access permissions checks. Root can get any image it wants, and frisbeelauncher only requires READINFO permissions, so that users can os_load shared images still. Also, have os_load pass its debug flag to frisbeelauncher if set.