1. 25 Nov, 2014 4 commits
    • Mike Hibler's avatar
      All the grue necessary to autogenerate pxelinux config files for nodes. · 2c33fc02
      Mike Hibler authored
      Keeping them up to date throughout the node lifecycle is not a lot of fun...
      2c33fc02
    • Mike Hibler's avatar
      Client side for the HP Moonshots. · 7bdb3fdb
      Mike Hibler authored
      7bdb3fdb
    • Kirk Webb's avatar
      Add power support for moonshot. · 1d87bf24
      Kirk Webb authored
      This enhances the power_ipmi module in three ways:
      
      * Will now check for auth creds in the outets_remoteauth table.
        - Previously the module had credentials hard-wired.
        - Key role in table should be "ipmi-passwd".
      
      * Makes it run in parallel for the set of outlets provided
        - via emutil::ParRun().
      
      * HP Moonshot chassis iLO support.
        - Device (node) type == "ipmi-ms".
        - Outlet to ipmi address resolution.
        - Additional required ipmitool parameters ("lanplus" protocol).
      
      * Supports KGKEY for session encryption.
        - KGKEYs can be placed in the DB ("ipmi-kgkey" role, key encoded in hex).
      
      Note that the "status" command doesn't really work presently, but that's
      OK since it wasn't ever hooked in.
      1d87bf24
    • Kirk Webb's avatar
      cloudlab defs file for kwebb · d82ed018
      Kirk Webb authored
      d82ed018
  2. 23 Nov, 2014 4 commits
  3. 22 Nov, 2014 1 commit
  4. 19 Nov, 2014 2 commits
    • Kirk Webb's avatar
      Clear taint states from nodes in the proper place (on 'reloading' exit). · 721bb6bc
      Kirk Webb authored
      Move the taint clearing action so that it happens as the node exits
      the "reloading" experiment (vs. when it goes into reloading).
      721bb6bc
    • Kirk Webb's avatar
      Sprinkle taint checks throughout tmcd to avert privilege escalation. · d9c27fac
      Kirk Webb authored
      Also add utility function to allow the node to get the exact details of
      the image it is running ('imageinfo').
      
      Some of the taint checks are rather heavy-handed presently.  Pretty much
      any vector that could be used by the user to do something as root has
      been severed right at the top of the relevant tmcd calls.
      
      Calls affected:
      
      manifest ('blackbox' and 'useronly' taintstates)
      rpms ('blackbox' and 'useronly' taintstates)
      tarballs ('blackbox' and 'useronly' taintstates)
      blobs ('blackbox' and 'useronly' taintstates)
      startupcmd ('blackbox' taintstate)
      mounts ('blackbox' taintstate)
      programs ('blackbox' taintstate)
      
      Taint handling for the 'accounts' call was dealt with in a prior commit.
      d9c27fac
  5. 18 Nov, 2014 3 commits
  6. 17 Nov, 2014 1 commit
  7. 16 Nov, 2014 2 commits
  8. 15 Nov, 2014 1 commit
  9. 14 Nov, 2014 6 commits
  10. 13 Nov, 2014 1 commit
  11. 12 Nov, 2014 15 commits