1. 11 Jan, 2012 4 commits
  2. 02 Dec, 2011 2 commits
  3. 29 Nov, 2011 1 commit
  4. 07 Nov, 2011 1 commit
  5. 11 Oct, 2011 1 commit
    • Leigh B Stoller's avatar
      More work on image permissions; allow specification of pid/osname in · cfc9612a
      Leigh B Stoller authored
      NS files. Tweak permission check in Geni CM to also allow this,
      although at this time only global images from any project are allowed.
      The virt_nodes table has been changed to accommodate pid/osname
      syntax:
      
      	tb-set-node-os $nodeA somepid/someos
      
      Note: we are really exporting permission to use images, not entries in
      the os_info table (OSIDs) which is what the NS parser and protogeni CM
      are using. But in fact, an image is both an image descriptor and an OS
      descriptor linked together, so if you export an image or make it
      global, you are implicitly doing the same for the OS descriptor. As
      mentioned many times in the past, OSIDs suck.
      cfc9612a
  6. 10 Oct, 2011 1 commit
    • Leigh B Stoller's avatar
      Add support for sharing images between projects. New table called · 646b64f6
      Leigh B Stoller authored
      image_permissions stores access info for images. You can share an
      image with a user or a group (project), and you can specify write
      access to allow updating the image in place. Note that write access
      does not allow the descriptor to be modified, only the image itself.
      Well, that is how it will be after Mike changes mfrisbeed.
      
      The front end script to modify permissions is grantimage:
      
      	boss> grantimage -u stoller -w tbres,myimage
      	boss> grantimage -u stoller -w tbres,myimage
      
      which grants write access to stoller. Or:
      
      	boss> grantimage -g testbed,testbed tbres,myimage
      
      which grants access to the testbed project. Notice that you can
      specify subgroups this way.
      
      	boss> grantimage -l tbres,myimage
      
      will give you a list of current permissions. To revoke, just add -r
      option:
      
      	boss> grantimage -g testbed,testbed -r tbres,myimage
      
      Who is allowed to grant access to an image? 1) An adminstrator of
      course, 2) the image creator, and 3) any group_root in the group that
      the image belongs to. Being granted access to use an image does not
      confer permission to grant access to others.
      
      One last task; while the web interface displays the permissions, there
      is no web interface to modify the permissions; users will still have
      to ask us for now.
      646b64f6
  7. 04 Oct, 2011 1 commit
  8. 28 Sep, 2011 1 commit
  9. 14 Sep, 2011 1 commit
  10. 02 Sep, 2011 1 commit
  11. 01 Sep, 2011 1 commit
  12. 30 Aug, 2011 4 commits
  13. 12 Aug, 2011 3 commits
    • Mike Hibler's avatar
      56162df1
    • Leigh B Stoller's avatar
      Lets make it easier to manage pre reservations (Mike, this was Rob's · 5c998ffc
      Leigh B Stoller authored
      idea).
      
      New script and table to manage node pre reservations. Lets just look
      at the script.
      
      To create a reservation:
      
          myboss> wap prereserve -t pc850 testbed 2
          Node reservation request for 2 nodes has been created.
      
      To see the reservation status for testbed
      
          myboss> wap prereserve -i testbed
          Project         Cnt (Cur)  Creator    When               Pri Types
          -------------------------------------------------------------
          testbed         1 (1)      stoller    2011-08-12 12:39:07 0   pc850
      
          which says 1 node is pending and 1 node has already been
          pre-reserved. 
      
      To clear the above reservation request (and optionally, clean
      reserved_pid from the nodes table).
      
          myboss> wap prereserve -c -r testbed
      
          The -r is optional, otherwise just the reservation request is
          cleared, and nodes continue to be pre-reserved to the project.
      
      To see a list of all reservation requests:
      
          myboss> wap prereserve -l
      
      
      So, when a node is released in nfree, we look at the reservation
      status for the node and any pending reservation requests.
      
      1. If the node has a reserved_pid and that request is still pending
         (still in the table), nothing is changed.
      
      2. If the node has a reserved_pid, but the request has been cleared
         from the pending table, then clear reserved_pid.
      
      3. If reserved_pid is null, and there are pending requests, then pick
         the highest priority, most recent dated, request, and set
         reserved_pid to that project.
      
      Options:
      
      * -n <pri> - is how you set a priority. Lowest is zero, choose a
        higher number if you want this reservation request to be considered
        before others. In a tie, look at the date of creation, and use the
        oldest.
      
      * -t <typelist> - a comma separated list of types you want to
        consider. Types are considered in order, but not in the fancy way
        you might imagine.
      5c998ffc
    • Mike Hibler's avatar
  14. 11 Aug, 2011 1 commit
    • Mike Hibler's avatar
      Initial support for loading Windows7 .wim images via WinPE/ImageX. · ac711ea5
      Mike Hibler authored
      1. Support for "one-shot" PXE booting ala the one-shot osid. Switches to
         pxelinux to boot WinPE and then switch back after done. Painful now
         because we have to HUP dhcpd everytime we change the PXE path, but we
         may be able to fix this in the future by going all-pxelinux-all-the-time.
      
      2. Added pxe_select, analogous to os_select, for changing the pxe_boot_path
         including the one time path.
      
      3. Added the WIMRELOAD state machine to shepherd a node through the process.
         Still has some rough edges and may need refining.
      ac711ea5
  15. 10 Aug, 2011 4 commits
  16. 09 Aug, 2011 2 commits
    • Mike Hibler's avatar
      Fix syntax error in previous commit. · 5225d513
      Mike Hibler authored
      5225d513
    • Mike Hibler's avatar
      Add vnode_id index to vinterfaces table. · 8c7ac32a
      Mike Hibler authored
      Part I of "Lessons learned from a 100K node experiment". nfree would
      run for hours trying to free 100K virtual nodes due to a slow query in
      Node::ReleaseSharedBandwidth(). Now it takes 5 minutes.
      
      There were other lessons as well, but they fall in the category of
      "rearranging deck chairs" since we are going to have to massively overhaul
      lots of infrastructure to support O(100000+) node experiments on a regular
      basis.
      8c7ac32a
  17. 28 Jul, 2011 1 commit
    • Leigh B Stoller's avatar
      Power "saving" additions from Barry Trent, who got them from Kevin · 03478fb9
      Leigh B Stoller authored
      Lahey.
      
      Power saving turns off nodes that have been sitting in PXEWAIT (and
      are thus free) for more then a set amount of time (see sitevar
      general/idlepower_idletime, which defaults to 3600 seconds).
      
      The driver script is tbsetup/idlepower.in and needs to be added to
      /etc/crontab at sites that want to do this. Even so, operation is
      enabled by the sitevar general/idlepower_enable. Each time it runs, it
      checks for nodes that need to be turned off, and then calls power.
      Note: This should be a daemon not a cron job.
      
      To be considered for power saving, you must add an attribute to the
      node_type_attributes table called 'idlepower_enable', set to 1.
      
      Locally, I hacked up stated and power to make the state transitions
      legal so that stated does not whine. I added POWEROFF as a valid
      transition from any state, to opmodes NORMAL, NORMALv1, and NORMALv2.
      Barry's original patch already had a state transition for PXEKERNEL.
      In power, I added code to look at the actual operation, and in the
      case of "on", do not send an event if the node is not in POWEROFF,
      since a user can foolishly say power on anytime, and the node is on
      nothing is every going to change, and the state transition would be
      wrong.
      
      node_reboot takes of powering nodes on, when they are in POWEROFF.
      
      Barry on copyright issues:
       "I'm not sure those rights are mine to grant! Remember that this code
       came originally from Kevin Lahey (kml@patheticgeek.net) and
       originated at DETER (although he's apparently not there anymore). I
       don't foresee a problem from our point of view (but I'll double
       check, of course). Shall I try to contact Kevin try to sort this mess
       out, or do you think it's better to coordinate from your end?"
      03478fb9
  18. 19 Jul, 2011 2 commits
  19. 01 Jul, 2011 2 commits
  20. 22 Jun, 2011 1 commit
  21. 02 Jun, 2011 1 commit
  22. 25 May, 2011 3 commits
  23. 18 May, 2011 1 commit
    • Mike Hibler's avatar
      Support image PUT (aka, "upload") and assorted minor changes. · 77dbad39
      Mike Hibler authored
      1. Support for PUT.
      
      The big change is support for uploading via the master server, based heavily
      on the prototype that Grant did. Currently only host-based (IP-based)
      authentication is done as is the case with download. Grant's SSL-based
      authentication code is "integrated" but has not even been compiled in.
      
      The PUT protocol allows for assorted gewgaws, like specifying a maximum size,
      setting a timeout value, returning size and signature info, etc.
      
      There is a new, awkwardly-named client utility "frisupload" which, like the
      download client, takes an "image ID" as an argument and requests to upload
      (PUT) that image via the master server. As with download, the image ID can
      be either of the form "<pid>/<emulab-image-name>", to upload/update an actual
      Emulab image or it can start with a "/" in which case it is considered to
      be a pathname on the server.
      
      On the server side, the master server takes PUT requests, verifies permission
      to upload the image, fires up a separate instance of an upload daemon (with
      the even catchier moniker "frisuploadd"), and returns the unicast addr/port
      info to the client which then begins the upload. The master server also acts
      as a traffic cop to make sure that downloads and uploads (or uploads and
      uploads) don't overlap.
      
      This has been integrated into the Emulab "create image" process in a
      backward-compatible way (i.e., so old admin MFSes will continue to work).
      Boy, was that fun. One not-so-desirable effect of this integration is that
      images now traverse our network twice, once to upload from node to boss and
      once for boss to write out the image file across NFS to ops. This is not
      really something that should be "fixed" in frisbee, it is only "undesirable"
      because we have a crappy NFS server.
      
      What has NOT been done includes: support of hierarchical PUT operations
      (we don't need it for either the elabinelab or subboss case), support for
      uploading standard images stored on boss (we really want something better
      than host-based authentication here), and the aforementioned support of
      SSL-based authentication.
      
      2. Other tidbits that got mixed in with PUT support:
      
      Added two new site variables:
          images/frisbee/maxrate_std
          images/frisbee/maxrate_usr
      which replace the hardwired (in mfrisbeed and frisbeelauncher before that)
      bandwidth limits for image download. mfrisbeed reads these (and the
      images/create/* variables) when it starts up or receives a HUP signal.
      These could be read from the DB on every GET/PUT, but they really don't change
      much and I needed something to test the reread-the-config-on-a-HUP code!
      
      Fixed avoidance of "problematic multicast addresses" so it would actually
      work as intended.
      
      Lots of internal "refactoring" to make up for things I did wrong the first
      time and to give the general impression that "Wow, Mike did a LOT!"
      77dbad39