1. 14 Jul, 2014 1 commit
  2. 04 Jun, 2014 1 commit
  3. 02 Jun, 2014 1 commit
  4. 26 May, 2014 1 commit
  5. 18 May, 2014 2 commits
  6. 14 Apr, 2014 2 commits
    • Leigh B Stoller's avatar
      When calling DeleteSlice(), if a monitor process is running, then the · 09421138
      Leigh B Stoller authored
      slice is busy.  This might mean that the user will not be able to
      delete the slice for a long time, but we are having problems with
      users canceling slices before they finish setting up, and the XEN
      client side is not handling this very well. Note that the cleanupslice
      script calls GeniCM::CleanupDeadSlice() directly, which *does* kill
      the monitor, so admin cleanup is not affected.
      
      Regarding the xen client side, signals can be blocked for a really
      long time while a container is setting up, and so trying to kill it
      fails, and bad things ripple out. Fixing that is going to take some
      time to get right, so just avoid the problem for now.
      09421138
    • Leigh B Stoller's avatar
      52292e36
  7. 10 Apr, 2014 1 commit
  8. 07 Apr, 2014 1 commit
  9. 31 Dec, 2013 1 commit
  10. 18 Dec, 2013 1 commit
  11. 07 Nov, 2013 1 commit
  12. 31 Oct, 2013 1 commit
  13. 18 Sep, 2013 1 commit
  14. 27 Aug, 2013 1 commit
  15. 19 Aug, 2013 1 commit
  16. 09 Aug, 2013 2 commits
    • Leigh B Stoller's avatar
      Remove code that extends slice lifetime, and fix underlying bug. · 60a34cdf
      Leigh B Stoller authored
      We currrently have a few cases where a slice record exists, but
      no sliver, and so Renew was failing. Since we store all of the
      expiration in the slice record, we do not actually need to have
      an aggregate, so remove the check.
      60a34cdf
    • Leigh B Stoller's avatar
      I added two new actions to PerformOperationalAction, which appear to · cfd1974a
      Leigh B Stoller authored
      work fine when the nodes are behaving themselves.
      
      1) geni_update_users: Takes a slice credential and a keys argument. Can
        only be invoked when the sliver is in the started/geni_ready state.
        Moves the slice to the geni_updating_users state until all of the
        nodes have completed the update, at which time the sliver moves back
        to started/geni_ready.
      
      2) geni_updating_users_cancel: We can assume that some nodes will be whacky
        and will not perform the update when told to. This cancels the
        update and moves the sliver back to started/geni_ready.
      
      A couple of notes:
      
      * The current emulab node update time is about three minutes; the
        sliver is in this new state for that time and cannot be restarted or
        stopped. It can of course be deleted.
      
      * Should we allow restart while in the updating phase? We could, but
        then I need more bookkeeping.
      
      * Some nodes might not be running the watch dog, or might not even be
        an emulab image, so the operation will never end, not until
        canceled. I could add a timeout, but that will require a monitor or
        adding DB state to store the start time.
      cfd1974a
  17. 23 Jul, 2013 1 commit
    • Leigh B Stoller's avatar
      ABAC Speaksfor credential support. · 60274694
      Leigh B Stoller authored
      The CM can now receive either an ABAC or a non-ABAC speaksfor
      credential in the list of credentials. Thanks to Gary for getting
      libabac built on boss so that I could use it! The AM probably needs a
      little bit more work since it has a few V3 places where it does not
      invoke CMV2 directly, but that should be easy to fix; all of the AMV2
      functions will work tough.
      
      Caveat; I don't bother to look at the speaksfor option; if we get a
      speaksfor credential, I figure it was cause the user wants to use it!
      
      I added a hacky script called genspeaksfor to create a proper speaks
      for credential that allows me to speak for another user. For example:
      
      	genspeaksfor -a urn:publicid:IDN+emulab.net+user+leebee \
      	         urn:publicid:IDN+emulab.net+user+stoller
      
      which generates an ABAC speaks for credential that allows me to spead
      for leebee. To use the PG test scripts with this credential:
      
      	createsliver.py* -S speaksfor.cred -s slice.cred
      
      Where slice.cred is a plain slice credential issued to leebee and then
      given to me via an out of band mechanism (:-).
      60274694
  18. 11 Jul, 2013 1 commit
    • Leigh B Stoller's avatar
      Implement speaksfor (non-abac) support. · 8d53b3fd
      Leigh B Stoller authored
      CM V2 (and thus the AM) now accept a type=speaksfor credential along
      with regular credentials. When supplied, the speaksfor caller must be
      equal to the owner of the speaksfor credential and the target must be
      equal to the owner of the regular credential(s). All operations take
      place in the context of the spokenfor user.
      
      Added speaksfor slots to geni_slices,geni_aggregates and geni_tickets.
      Also to the history table. But these are just the most recent data.
      Each transaction is logged as normal, and the metadata now includes
      the speaksfor data and the log always includes all of the credentials.
      
      For testing, there is a new script in the scripts directory to
      generate a speaksfor credential. Not installed since it is really
      a hack. But to create one:
      
        perl genspeaksfor urn:publicid:IDN+emulab.net+user+leebee \
      	urn:publicid:IDN+emulab.net+user+stoller
      
      which generates a speaksfor credential that says stoller is speaking
      for leebee.
      
      Given a slice credential issued to leebee, the test scripts can be
      invoked as follows (by stoller):
      
        createsliver.py -S speaksfor.cred -s slice.cred -c leebee.cred
      
      A copy of leebee's self credential is needed simply cause of the test
      script's desire to talk to the SA (which does not support speaksfor).
      Not otherwise needed.
      
      Oh, not tested on the AM interface yet.
      8d53b3fd
  19. 28 Jun, 2013 1 commit
  20. 28 May, 2013 1 commit
    • Leigh B Stoller's avatar
      Reorg the credential checking code, and add Geni chain checks. · dd5c6601
      Leigh B Stoller authored
      From: Leigh Stoller <lbstoller@gmail.com>
      Date: Wed, 22 May 2013 13:49:33 -0700
      Cc: instageni-design@geni.net
      
      So far we have been pretty loose about checking to make sure the
      certificate chains obey the Geni rules. These rules include checking to
      make sure that only approved entities can sign particular kinds of
      credentials. For example; only something known to be a Slice Authority
      should be allowed to create a slice and return a slice credential.
      
      The other check we have been lax about, is verifying that the URN namespace
      is consistent along the chain from CA to the target. For example, a chain
      that starts in Utah:
      
      	URI:urn:publicid:IDN+emulab.net+authority+root
      
      should not be able to sign anything outside its namespace. That is, Utah
      should not be able to sign a user or slice credential like:
      
      	urn:publicid:IDN+panther+user+shufeng
      
      This is made more complicated when we introduce subsa certs along the way,
      where Utah signs its SA cert and ...
      dd5c6601
  21. 03 May, 2013 1 commit
  22. 23 Apr, 2013 1 commit
  23. 04 Apr, 2013 1 commit
  24. 03 Apr, 2013 2 commits
  25. 22 Mar, 2013 1 commit
  26. 12 Feb, 2013 1 commit
  27. 29 Jan, 2013 3 commits
    • Leigh B Stoller's avatar
      Add public_url to CM Sliverstatus() return blob, and pg_public_url to · cb95c1d7
      Leigh B Stoller authored
      AM version of same.
      cb95c1d7
    • Leigh B Stoller's avatar
      Add public_url to sliver resolve. · c1c943ba
      Leigh B Stoller authored
      c1c943ba
    • Leigh B Stoller's avatar
      Add a "monitor" process to start/restart sliver to watch nodes. · 0c749af4
      Leigh B Stoller authored
      This is very similar to what Emulab does on the swapin path for
      normal experiments; wait and watch the nodes to see which ones
      fail or otherwise timeout. Up till now, we did not do this on the
      PG path, and so failed nodes were never signaled, and the slice
      was left in a changing state forever. This also allows us to capture
      the node bootlogs and convert them to logfiles that we can associate
      with the slice on the showslice web page.
      
      Details: start/restart forks a child (WrapperFork()) and allows
      the parent to return to the client. The slice is unlocked so that
      the client can call SliverStatus(), etc. But the client cannot
      do anything that actually changes the sliver (update, stop, etc)
      until the monitor finishes (or times out on its own). The lone
      exception is Deleteslice(), which will asynchronously kill the
      monitor and then terminate the slice. Ditto the command line
      script "cleanupslice".
      
      We will probably need to add another way to allow the client to
      terminate the monitor early, but have not decided where yet.
      0c749af4
  28. 28 Jan, 2013 1 commit
  29. 23 Jan, 2013 1 commit
  30. 22 Jan, 2013 1 commit
  31. 18 Jan, 2013 2 commits
  32. 17 Jan, 2013 1 commit
  33. 14 Jan, 2013 1 commit