instead of ssh. Did some cleanup (more conversion to objects) while I
was in there.

Also add -s (silent mode) option.

I'm sure there was a reason for this at one time, but I don't recall it...

Don't update lastlog_seqnum until _all_ the data is copied, not
just the data from the log data.

Protect dumperrorlog with a lock to keep multiple instances form
running at the same time.

Modified patch to not use the binary (system call) sysctl interface.  As far as I can tell, we don't need it anyway as we only access the ipod settings via /proc/sys.  See Documentation/sysctl/ctl_unnumbered.txt in the kernel source for the current policy regarding binary sysctls.

not in use.

to remote nodes.

* Hacky tmcd redirection. If the reserved table slot tmcd_redirect is
  set, return redirect spec that tells the client tmcc to drop the
  connection and retry the server at the new location, using the vnode
  id that is part of the redirection string. Note that tmcd_redirect
  is set on the remote emulab by the Geni startsliver code.

* Neuter the privkey stuff that we require of remote nodes. In fact,
  its already only required for RON nodes, and rather then yet another
  exception, just kill it. It offers us nothing.

* Neuter the ssl client verification. This is where we verify the
  client certificate has a CN field with the type of the node equal to
  type the DB says it is. This is also a pointless check since is
  offers us nothing additional; the client certificate already had to
  be signed by us. Tired of adding special cases to the code for each
  new node type.

* Temporary neutering of the requirement that all remote nodes use ssl
  to talk to tmcd. The problem here is that remote nodes on other
  testbeds will not have the proper certificate on their images, and
  so they will not be able to talk to our tmcd. Since we do not return
  anything sensitive via tmcd, I have relaxed this requirement for
  now, and changed the check so that functions with newly added flag
  F_REMREQSSL will not be allowed unless it is ssl. For the protogeni
  code this will do since I only need a few things.

* For tmcd on the remote testbeds, there is new code in doaccounts
  that will return accounts and ssh keys from the nonlocal users
  table.  This table is set up by the Geni libraries during sliver
  creation (from the registry entry for the slice).

from the default doaccounts widearea cases.  A widearea node is called
dedicated if the dedicated_widearea node_type_attribute for a type is set
to 1.  In this case, remote nodes look exactly like local nodes, of
course.

We need it to make sure that we make writeable mounts for /var, which
the emulab version of netif writes into.

osconfig scripts.
  * fixserial: fixes securetty, inittab, grub.conf according to args
  * cpwa.sh: simply copies widearea files from boot medium to disk
(the scripts can be run without osconfig, but then you need to set some
env vars that osconfig sets before it runs them.)

locking the "log" table (and hence preventing swap activity) for too
long.

from other experiments with the experiment in question... can't believe that
ever worked.  It's a testimony to how few people use that feature!

to get recreated correctly.  So have ports-install apply a patch (though
it doesn't automatically recreate the INDEX as that takes forever...)

dir resides, otherwise the package system get confused.

frisbee-loaded slice based on a tarball downloaded from boss.  For now,
the tarball is dynamically created by boss based on params sent to the
osconfig_dump.php script; it is populated with files and a MANIFEST based
on the files and constraints in the osconfig_* tables, which are pretty
self-explanatory.  Transport is not secure, nor intended to be -- nodes on
the control net or widearea nodes auth'd with a privkey can grab stuff
destined to them based on their IP addr.  For the MFS case, the tarball is
unpacked and the MANIFEST entries are executed/copied/extracted, and
(nearly all of) the client side is re-run.  For the slicefix case, we just
execute/copy/extract the MANIFEST entries in the mounted slice... there
are some useful env vars set for scripts to use.

If this mechanism ever becomes generally useful, or we're pushing big update
tarballs, we'll have to add a caching mechanism (doh).  Right now, it's just
for dongle-booted nodes or widearea nodes on which we cannot update the
physical boot media without much pain; as well as for making major whacks
to frisbee-loaded slices, which we need for the widearea case.

Also, call this from rc.cdboot (to update a "read-only" (real media is
mounted ro, but other parts of the fs are rw via unionfs or mfs) MFS),
and from slicefix.

NOTE: the client side osconfig script does not get installed from the
makefile; this is intentional.  This script should not be placed in our
local tftp'd MFSes, at least until there's some need for it!

special people).

special people).