1. 03 Nov, 2016 1 commit
  2. 29 Aug, 2016 1 commit
  3. 10 Jun, 2016 1 commit
    • Leigh B Stoller's avatar
      NFS mount changes, still a work in progress, bound to change: · e369c1a8
      Leigh B Stoller authored
      * The Emulab portal now adds a toplevel element (Emulab namespace)
        directing the CM to use standard emulab mounts (read: /users).
        We clear that element from the other portals.
      
      * The CM looks for that tag, and allows it only if the caller is the local
        SA. The default for nfsmounts setting for geni experiment containers is
        "genidefault", but that is set to "emulabdefault" when allowed.
      
      * tmcd changes; no using nfsmounts slot instead of nonfsmounts. "none"
        means no mounts (duh), "emulabdefault" means standard mounts we all know
        and love, "genidefault" means no /users mounts.
      
        In addition, when we are doing emulabdefault mounts on a geni experiment
        node, we do not return accounts that are specified in the rspec, but
        rather we return the local project accounts only.
      e369c1a8
  4. 06 Jun, 2016 1 commit
  5. 26 Mar, 2016 1 commit
  6. 04 Dec, 2015 1 commit
  7. 04 Nov, 2015 2 commits
    • Leigh B Stoller's avatar
    • Leigh B Stoller's avatar
      Changes for Keith to develop the new profile picker: · eafff053
      Leigh B Stoller authored
      1. Instead of a plain list of profiles, generate a more detailed list that
         includes last used and usage counts and project name and favorite flag,
         so that the new picker can be sorted/grouped.
      
         This list is *ordered* by most recent usage (if a real user), or most
         popular (if a guest). 
      
      2. Move the modal from quickvm_sup to the template, and generate the
         current list from the new json info.
      
      3. Add new table apt_profile_favorites to record favorite profiles for
         users.
      
      4. Add new ajax calls for above, MarkFavorite and ClearFavorite that take a
         single argument, the uuid of the profile. There is no UI for this, Keith
         is going to add that.
      eafff053
  8. 27 Oct, 2015 1 commit
    • Leigh B Stoller's avatar
      Add simple (initial) support passing encrypted secrets to the cluster CM, · 46757729
      Leigh B Stoller authored
      to be decrypted using the per-exp ssl keypair we create and store on the
      nodes. In this case, you can add this to your rspec in the node element.
      You can add as many as you want, use the name attribute. We generate a
      random password and encrypt the plain text:
      
        <emulab:password></emulab:password>
      
      which becomes:
      
          <emulab:password name="foo" encrypted="true">-----BEGIN PKCS7-----
      MIIBpAYJKoZIhvcNAQcDoIIBlTCCAZECAQAxggFMMIIBSAIBADCBsDCBqDELMAkG
      A1UEBhMCVVMxDTALBgNVBAgTBFV0YWgxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5
      MR0wGwYDVQQKExRVdGFoIE5ldHdvcmsgVGVzdGJlZDEPMA0GA1UECxMGQVBUTEFC
      MRcwFQYDVQQDEw53d3cuYXB0bGFiLm5ldDEoMCYGCSqGSIb3DQEJARYZdGVzdGJl
      ZC1vcHNAZmx1eC51dGFoLmVkdQIDAs8NMA0GCSqGSIb3DQEBAQUABIGAKeyo7mPO
      rHRF2G9t0h8/ALBBh7ChD1zCYvRFi2qvvUIIv/kfCNPhujRfodIYR65dP3tfM+BH
      VTRxjJrMYH63m8Fz9KMZlVYn+DhMeiwerqTxvVs823zyxcDrOUzTzzakWmJVSqvl
      33Po/7CYZ2iq67ATF1Xym3DsRQbQSuwgzu8wPAYJKoZIhvcNAQcBMB0GCWCGSAFl
      AwQBKgQQRw0kmvwhIur/ZlfFbB75qoAQXTKjzwN1HDJW4x5GAcWNPA==
      -----END PKCS7-----
          </emulab:password>
      
      which can then be decrypted using the private key to get the plaintext
      password.
      46757729
  9. 16 Oct, 2015 1 commit
  10. 15 Oct, 2015 1 commit
  11. 17 Sep, 2015 1 commit
  12. 14 Sep, 2015 1 commit
  13. 21 Aug, 2015 1 commit
  14. 27 Jul, 2015 1 commit
  15. 11 Jul, 2015 1 commit
  16. 24 Jun, 2015 2 commits
  17. 19 Jun, 2015 1 commit
    • Leigh B Stoller's avatar
      New support for importing image backed datasets from other clusters. This · 613d90dd
      Leigh B Stoller authored
      is just like importing images (by using a url instead of a urn), which
      makes sense since image backed datasets are just images with a flag set.
      
      Key differences:
      
      1. You cannot snapshot a new version of the dataset on a cluster it has
         been imported to. The snapshot has to be done where the dataset was
         created initially. This is slightly inconvenient and will perhaps
         confuse users, but it is far less confusing that then datasets getting
         out of sync.
      
      2. No image versioning of datasets. We can add that later if we want to.
      613d90dd
  18. 09 Jun, 2015 1 commit
  19. 27 May, 2015 1 commit
  20. 26 May, 2015 1 commit
  21. 22 May, 2015 2 commits
  22. 21 Apr, 2015 1 commit
  23. 13 Apr, 2015 1 commit
  24. 26 Mar, 2015 1 commit
  25. 19 Mar, 2015 2 commits
  26. 18 Mar, 2015 1 commit
  27. 05 Mar, 2015 1 commit
  28. 27 Jan, 2015 1 commit
    • Leigh B Stoller's avatar
      Two co-mingled sets of changes: · 85cb063b
      Leigh B Stoller authored
      1) Implement the latest dataset read/write access settings from frontend to
         backend. Also updates for simultaneous read-only usage.
      
      2) New configure options: PROTOGENI_LOCALUSER and PROTOGENI_GENIWEBLOGIN.
      
         The first changes the way that projects and users are treated at the
         CM. When set, we create real accounts (marked as nonlocal) for users and
         also create real projects (also marked as nonlocal). Users are added to
         those projects according to their credentials. The underlying experiment
         is thus owned by the user and in the project, although all the work is
         still done by the geniuser pseudo user. The advantage of this approach
         is that we can use standard emulab access checks to control access to
         objects like datasets. Maybe images too at some point.
      
         NOTE: Users are not removed from projects once they are added; we are
         going to need to deal with this, perhaps by adding an expiration stamp
         to the groups_membership tables, and using the credential expiration to
         mark it.
      
         The second new configure option turns on the web login via the geni
         trusted signer. So, if I create a sliver on a backend cluster when both
         options are set, I can use the trusted signer to log into my newly
         created account on the cluster, and see it (via the emulab classic web
         interface).
      
         All this is in flux, might end up being a bogus approach in the end.
      85cb063b
  29. 03 Jan, 2015 1 commit
  30. 17 Dec, 2014 1 commit
  31. 05 Dec, 2014 2 commits
  32. 04 Dec, 2014 1 commit
  33. 03 Dec, 2014 1 commit
  34. 12 Nov, 2014 1 commit
  35. 23 Sep, 2014 1 commit