GitLab

to the person updating it. Minor changes to the templates for display.

not happy with that part yet.

* The Emulab portal now adds a toplevel element (Emulab namespace)
  directing the CM to use standard emulab mounts (read: /users).
  We clear that element from the other portals.

* The CM looks for that tag, and allows it only if the caller is the local
  SA. The default for nfsmounts setting for geni experiment containers is
  "genidefault", but that is set to "emulabdefault" when allowed.

* tmcd changes; no using nfsmounts slot instead of nonfsmounts. "none"
  means no mounts (duh), "emulabdefault" means standard mounts we all know
  and love, "genidefault" means no /users mounts.

  In addition, when we are doing emulabdefault mounts on a geni experiment
  node, we do not return accounts that are specified in the rspec, but
  rather we return the local project accounts only.

intended to finish, but never did. Unfortunate since we have lost some info
that might have been useful.

In addition, we now record provenance on a plain profile copy, in addition
to a clone.

Fixes to the profile history display, and add a new pointer to the profile
derived from when it is not null.

1. Instead of a plain list of profiles, generate a more detailed list that
   includes last used and usage counts and project name and favorite flag,
   so that the new picker can be sorted/grouped.

   This list is *ordered* by most recent usage (if a real user), or most
   popular (if a guest). 

2. Move the modal from quickvm_sup to the template, and generate the
   current list from the new json info.

3. Add new table apt_profile_favorites to record favorite profiles for
   users.

4. Add new ajax calls for above, MarkFavorite and ClearFavorite that take a
   single argument, the uuid of the profile. There is no UI for this, Keith
   is going to add that.

to be decrypted using the per-exp ssl keypair we create and store on the
nodes. In this case, you can add this to your rspec in the node element.
You can add as many as you want, use the name attribute. We generate a
random password and encrypt the plain text:

  <emulab:password></emulab:password>

which becomes:

    <emulab:password name="foo" encrypted="true">-----BEGIN PKCS7-----
MIIBpAYJKoZIhvcNAQcDoIIBlTCCAZECAQAxggFMMIIBSAIBADCBsDCBqDELMAkG
A1UEBhMCVVMxDTALBgNVBAgTBFV0YWgxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5
MR0wGwYDVQQKExRVdGFoIE5ldHdvcmsgVGVzdGJlZDEPMA0GA1UECxMGQVBUTEFC
MRcwFQYDVQQDEw53d3cuYXB0bGFiLm5ldDEoMCYGCSqGSIb3DQEJARYZdGVzdGJl
ZC1vcHNAZmx1eC51dGFoLmVkdQIDAs8NMA0GCSqGSIb3DQEBAQUABIGAKeyo7mPO
rHRF2G9t0h8/ALBBh7ChD1zCYvRFi2qvvUIIv/kfCNPhujRfodIYR65dP3tfM+BH
VTRxjJrMYH63m8Fz9KMZlVYn+DhMeiwerqTxvVs823zyxcDrOUzTzzakWmJVSqvl
33Po/7CYZ2iq67ATF1Xym3DsRQbQSuwgzu8wPAYJKoZIhvcNAQcBMB0GCWCGSAFl
AwQBKgQQRw0kmvwhIur/ZlfFbB75qoAQXTKjzwN1HDJW4x5GAcWNPA==
-----END PKCS7-----
    </emulab:password>

which can then be decrypted using the private key to get the plaintext
password.

this check, now that the image server and jacks constraints are working.

of more then 2 sites.

multi-site experiments.

is just like importing images (by using a url instead of a urn), which
makes sense since image backed datasets are just images with a flag set.

Key differences:

1. You cannot snapshot a new version of the dataset on a cluster it has
   been imported to. The snapshot has to be done where the dataset was
   created initially. This is slightly inconvenient and will perhaps
   confuse users, but it is far less confusing that then datasets getting
   out of sync.

2. No image versioning of datasets. We can add that later if we want to.

what they should be from the siteids on the nodes.

name attribute.

1) Implement the latest dataset read/write access settings from frontend to
   backend. Also updates for simultaneous read-only usage.

2) New configure options: PROTOGENI_LOCALUSER and PROTOGENI_GENIWEBLOGIN.

   The first changes the way that projects and users are treated at the
   CM. When set, we create real accounts (marked as nonlocal) for users and
   also create real projects (also marked as nonlocal). Users are added to
   those projects according to their credentials. The underlying experiment
   is thus owned by the user and in the project, although all the work is
   still done by the geniuser pseudo user. The advantage of this approach
   is that we can use standard emulab access checks to control access to
   objects like datasets. Maybe images too at some point.

   NOTE: Users are not removed from projects once they are added; we are
   going to need to deal with this, perhaps by adding an expiration stamp
   to the groups_membership tables, and using the credential expiration to
   mark it.

   The second new configure option turns on the web login via the geni
   trusted signer. So, if I create a sliver on a backend cluster when both
   options are set, I can use the trusted signer to log into my newly
   created account on the cluster, and see it (via the emulab classic web
   interface).

   All this is in flux, might end up being a bogus approach in the end.

UI to not use modals.

all users. Cloudlab added to the list, but not exposed except to
admins and studly users.