1. 29 Jul, 2011 1 commit
  2. 18 Jul, 2011 1 commit
    • Gary Wong's avatar
      Add a "gencabundle" script to generate ProtoGENI CA certificate bundles. · 1a0dcebf
      Gary Wong authored
      It only makes sense to run this at the clearinghouse.  It brings both
      the local CA bundle and the bundle to be distributed to federates up
      to date with respect to .../etc/genicacerts/*.pem and
      .../etc/extracerts.bundle.
      
      Any time the sources are changed, just run this script.  The local bundle is
      ready immediately.  The federates will fetch the new version as they get
      around to it.
      1a0dcebf
  3. 07 Apr, 2011 1 commit
    • Leigh B Stoller's avatar
      Add delegation support to run on boss to make it easier for an admin · c50139c6
      Leigh B Stoller authored
      to delegate a credential to a user. Say you want to delegate a CH
      credential to a local user so they can lookup things:
      
      boss> getchcredential | delegatecredential 'urn:publicid:IDN+emulab.net+user+XXX' resolve:0
      
      This will spit out a delegated credential. Save that in a file and
      give to the user. The user then sends that along as the credential
      argument.
      c50139c6
  4. 30 Mar, 2011 1 commit
  5. 04 Feb, 2011 1 commit
  6. 04 Oct, 2010 1 commit
  7. 24 Jun, 2010 2 commits
  8. 23 Jun, 2010 1 commit
  9. 15 Jun, 2010 1 commit
  10. 15 Apr, 2010 1 commit
  11. 05 Mar, 2010 1 commit
  12. 18 Feb, 2010 1 commit
  13. 04 Feb, 2010 1 commit
    • Leigh B Stoller's avatar
      Big cleanup of GeniComponent stuff. Moved Resolve() into GeniComponent · b63cb055
      Leigh B Stoller authored
      since it has to be aware of the CM version. Add a Version() call to
      GeniAuthority with goes asks the CM what version it is exporting.
      Based on that, we know how to do a resolve of a component. Refactored
      the code that was used in GeniAggregate when creating tunnels, since
      that is where we have to Resolve components. This also turns up in
      cooked mode.
      
      Continuine moving towards a urn-only world. If a GeniAuthority or a
      GeniComponent does not have the URN set locally in the DB, go back to
      the clearinghouse and get it. Error if it is not known, and go bang on
      the remote site to update and rerun register_resources.
      b63cb055
  14. 02 Feb, 2010 1 commit
  15. 06 Jan, 2010 1 commit
    • Leigh B. Stoller's avatar
      Slice expiration changes. The crux of these changes: · 5c63cf86
      Leigh B. Stoller authored
      1. You cannot unregister a slice at the SA before it has expired. This
         will be annoying at times, but the alphanumeric namespace for slice
         ames is probably big enough for us.
      
      2. To renew a slice, the easiest approach is to call the Renew method
         at the SA, get a new credential for the slice, and then pass that
         to renew on the CMs where you have slivers.
      
      The changes address the problem of slice expiration.  Before this
      change, when registering a slice at the Slice Authority, there was no
      way to give it an expiration time. The SA just assigns a default
      (currently one hour). Then when asking for a ticket at a CM, you can
      specify a "valid_until" field in the rspec, which becomes the sliver
      expiration time at that CM. You can later (before it expires) "renew"
      the sliver, extending the time. Both the sliver and the slice will
      expire from the CM at that time.
      
      Further complicating things is that credentials also have an
      expiration time in them so that credentials are not valid forever. A
      slice credential picks up the expiration time that the SA assigned to
      the slice (mentioned in the first paragraph).
      
      A problem is that this arrangement allows you to extend the expiration
      of a sliver past the expiration of the slice that is recorded at the
      SA. This makes it impossible to expire slice records at the SA since
      if we did, and there were outstanding slivers, you could get into a
      situation where you would have no ability to access those slivers. (an
      admin person can always kill off the sliver).
      
      Remember, the SA cannot know for sure if there are any slivers out
      there, especially if they can exist past the expiration of the slice.
      
      The solution:
      
      * Provide a Renew call at the SA to update the slice expiration time.
        Also allow for an expiration time in the Register() call.
      
        The SA will need to abide by these three rules:
        1. Never issue slice credentials which expire later than the
           corresponding slice
        2. Never allow the slice expiration time to be moved earlier
        3. Never deregister slices before they expire [*].
      
      * Change the CM to not set the expiration of a sliver past the
        expiration of the slice credential; the credential expiration is an
        upper bound on the valid_until field of the rspec. Instead, one must
        first extend the slice at the SA, get a new slice credential, and
        use that to extend the sliver at the CM.
      
      * For consistency with the SA, the CM API will changed so that
        RenewSliver() becomes RenewSlice(), and it will require the
        slice credential.
      5c63cf86
  16. 02 Dec, 2009 1 commit
  17. 09 Jul, 2009 1 commit
  18. 05 Jun, 2009 1 commit
  19. 04 Mar, 2009 1 commit
    • Leigh B. Stoller's avatar
      Change EMULAB-COPYRIGHT to GENIPUBLIC-COPYRIGHT, for future expansions · bb878eff
      Leigh B. Stoller authored
      to the Geni Public License at http://www.geni.net/docs/GENIPubLic.pdf,
      whose expansion at this time is:
      
      -----
      Permission is hereby granted, free of charge, to any person obtaining
      a copy of this software and/or hardware specification (the "Work") to
      deal in the Work without restriction, including without limitation the
      rights to use, copy, modify, merge, publish, distribute, sublicense,
      and/or sell copies of the Work, and to permit persons to whom the Work
      is furnished to do so, subject to the following conditions:
      
      The above copyright notice and this permission notice shall be
      included in all copies or substantial portions of the Work.
      
      THE WORK IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
      OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
      MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
      NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
      HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
      WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
      OUT OF OR IN CONNECTION WITH THE WORK OR THE USE OR OTHER DEALINGS
      IN THE WORK.
      bb878eff
  20. 02 Mar, 2009 1 commit
    • Leigh B. Stoller's avatar
      A bunch of changes for a "standalone" clearinghouse. Presently this · 60f04310
      Leigh B. Stoller authored
      its really a hugely stripped down Emulab boss install, using a very
      short version of install/boss-install to get a few things into place.
      
      I refactored a few things in both the protogeni code and the Emulab
      code, and whacked a bunch of makefiles and configure stuff. The result
      is that we only need to install about 10-12 files from the Emulab
      code, plus the protogeni code. Quite manageable, if you don't mind
      that it requires FreeBSD 6.X ... Still, I think it satisfies the
      requirement that we have a packaged clearinghouse that can be run
      standalone from a running Emulab site.
      60f04310
  21. 09 Feb, 2009 1 commit
  22. 02 Feb, 2009 1 commit
  23. 28 Jan, 2009 1 commit
    • Leigh B. Stoller's avatar
      Add support for getting the list of active slices on each CM. The · 83dd607b
      Leigh B. Stoller authored
      listusage script gets the list of CMs from the clearinghouse DB, and
      calls the ListUsage() method on each one. The return is a list of
      slices (gids) and for each slice, a list of slivers that represent
      nodes. Currently just for debugging other CMs, but eventually will be
      used to populate the clearinghouse DB with an informational snapshot
      of the federation.
      83dd607b
  24. 12 Jan, 2009 1 commit
  25. 08 Dec, 2008 1 commit
  26. 18 Nov, 2008 1 commit
  27. 11 Nov, 2008 1 commit
  28. 03 Nov, 2008 2 commits
  29. 30 Oct, 2008 1 commit
  30. 27 Oct, 2008 1 commit
  31. 16 Oct, 2008 1 commit
  32. 23 Jul, 2008 1 commit
  33. 07 Mar, 2007 1 commit
    • Leigh B. Stoller's avatar
      Changes for how we distribute the initial set of imageids and osids. · 3c1678d6
      Leigh B. Stoller authored
      * install/dump-descriptors <filename> will write out a set of insert
        statements for the images and os_info table, slightly munged. In
        fact, what I do is create temporary tables called temp_images and
        temp_os_info, clean them a bit, and then write out the insert
        statements to load them into new tables of the same name.
      
        There are some arrays at the top of this script that says what images and
        osids to write out.
      
      * install/load-descriptors <filename> takes the output of
        dump-descriptors, creates the two temporary tables and loads the
        data into them. Then it (optionally) updates those tables with the
        local indicies of elabman and the emulab-ops project and group.
      
        Then it computes an osidtoimageid table for all class='pc' types. On a
        new testbed this is a reasonable approach, in my opinion.
      
        Next it takes the contents of the two temp tables and moves them across
        to the actual tables.
      
      * install/descriptors.sql is the current data set which has everything
        contained in sql/database-fill-supplemental.sql and install/images/*
      3c1678d6
  34. 14 Sep, 2005 1 commit
    • Mike Hibler's avatar
      Changes related to allowing seperate 'fs' (file server) node. · c53d5827
      Mike Hibler authored
      Entailed new instructions for manual setup as well as integration into
      elabinelab framework.  First, the manual path:
      
      setup.txt, setup-boss.txt, setup-ops.txt and new setup-fs.txt:
          Updated to reflect potential for separate fs node.  The org here
          is a little dicey and could be confusing with ops+fs vs. ops and fs.
          Has not been field tested yet.
      
      */GNUmakefile.in: new fs-install target.
      
      configure, configure.in, defs-*:
          Somewhat unrelated, make min uid/gid to use be a defs setting.
          Also add config of fs-install.in script.
      
      boss-install.in, ops-install.in and new fs-install.in:
          Handle distinct fs node.  If you have one, fs-install is run before
          ops-install.  All scripts rely on the defs file settings of FSNODE
          and USERNODE to determine if the fs node is seperate.
      
      utils/checkquota.in:
          Just return "ok" if quotas are not used (i.e., if defs file FS_WITH_QUOTA
          string is null.
      
      install/ports/emulab-fs:
          Meta port for fs node specific stuff.  Also a patch for the samba port
          Makefile so it doesn't drag in CUPs, etc.  Note that the current samba
          port Makefile has this change, I am just backporting to our version.
      
      Elabinelab specific changes:
      
      elabinelab-withfs.ns:
          NS fragment used in conjunction with
      	tb-elab-in-elab-topology "withfs"
          to setup inner-elab with fs node.
      
      elabinelab.ns:
          The hard work on the boss side.  Recognize seperate-fs config and handle
          running of rc.mkelab on that node.  fs setup happens before ops setup.
      
      rc.mkelab:
          The hard work on the client side.  Recognize FsNode setup as well as
          differentiate ops+fs from ops setup.
      
      Related stuff either not part of the repo or checked in previously:
          emulab-fs package
      c53d5827
  35. 30 Sep, 2004 1 commit
  36. 29 Sep, 2004 1 commit
  37. 12 May, 2004 1 commit