1. 08 Nov, 2002 1 commit
  2. 05 Nov, 2002 1 commit
  3. 24 Oct, 2002 1 commit
    • Leigh B. Stoller's avatar
      Add stuff to update the SFS keys on the fileserver after someone uses · cc1c4e54
      Leigh B. Stoller authored
      the web page to add/delete a key! Nodes were getting updated, but
      the SFS server was not cause there was no program to fire the new keys
      over there.
      
      The operation is currently simple. sfskey_update on boss constructs a
      new sfs_users file. Then it runs sfskey_update.proxy on ops (vis ssh
      of course), and gives it the new file via stdin. The proxy creates the
      .pub version from that file, and then moves the two new files into
      place in /etc/sfs. I employ the same locking stuff that Rob did in
      exports_setup and named_setup to prevent multiple updates from
      stacking up. Not likely, but might as well. Also note that the entire
      file is regenerated. When we get 5000 users this might have to change
      a little bit!
      
      Also changed mkacct slightly. Instead of doing a "sfskey register" on
      ops after generating the new key, just add it to the DB. Then fire off
      an sfskey_update to push the new keys over. Also add a -f flag to
      mkacct for use from the web page to indicate that the user has changed
      his SFS keys. Note that mkacct should probably take a series of flags
      since we have it as a wrapper for several things. Or maybe split all
      this stuff up.
      cc1c4e54
  4. 22 Oct, 2002 1 commit
  5. 18 Oct, 2002 1 commit
    • Mac Newbold's avatar
      Merge the newstated branch with the main tree. · 5c961517
      Mac Newbold authored
      Changes to watch out for:
      
      - db calls that change boot info in nodes table are now calls to os_select
      
      - whenever you want to change a node's pxe boot info, or def or next boot
      osids or paths, use os_select.
      
      - when you need to wait for a node to reach some point in the boot process
      (like ISUP), check the state in the database using the lib calls
      
      - Proxydhcp now sends a BOOTING state for each node that it talks to.
      
      - OSs that don't send ISUP will have one generated for them by stated
      either when they ping (if they support ping) or immediately after they get
      to BOOTING.
      
      - States now have timeouts. Actions aren't currently carried out, but they
      will be soon. If you notice problems here, let me know... we're still
      tuning it. (Before all timeouts were set to "none" in the db)
      
      One temporary change:
      
      - While I make our new free node manager daemon (freed), all nodes are
      forced into reloading when they're nfreed and the calls to reset the os
      are disabled (that will move into freed).
      5c961517
  6. 10 Oct, 2002 1 commit
    • Mac Newbold's avatar
      Add a new script: tbresize · 0dd12dba
      Mac Newbold authored
      (installs into /usr/testbed/bin/tbresize but isn't avail. on ops yet)
      
      Usage: tbresize [-d] -a -e pid,eid -n num -t type [-p prefix]
             tbresize [-d] -r -e pid,eid <node> [<node> ...]
             tbresize -h
      Use -h to show this usage message.
      Use -d to enable extra debugging output.
      Use -a to add nodes to an experiment.
      Use -r to remove nodes from an experiment.
      Use -e pid,eid to specify the experiment to resize.
      Use -n to specify the number of nodes to add.
      Use -t to specify the type of the nodes to be added (pc, pc850, pc600,
      etc).
      Use -p to specify a prefix for vnames (i.e. "node" => node0 .. nodeN).
      With -r, specify a list of one or more nodes to be removed (i.e. pcXX).
      
      Can even resize an expt down to no nodes then back up again. If it has
      one LAN/link in the expt, it adds the new nodes to it. If it has zero or
      more than one, it doesn't connect the new nodes to the topology.
      
      After finding and reserving (or before freeing) it fixes up the right
      places in the db and reruns snmpit, then reruns exports_setup and
      named_setup and reboots all the nodes that are now in the expt so they get
      updated configuration data.
      
      Even visualizes properly after being resized, the only catch is that the
      ns file is the original one, not one generated from the db.
      
      Use it, abuse it, have fun with it, and let me know what breaks.
      0dd12dba
  7. 03 Oct, 2002 1 commit
    • Chad Barb's avatar
      Initial version of delay web control. · dd27f82a
      Chad Barb authored
      Functional, but needs some work.
      Won't allow non-admins to use it (since it doesn't do "proper" permission checking yet.)
      Input is aggressively checked for bad mojo before being pasted into any command line.
      
      Run from /delaycontrol.php3?eid=exptname&pid=projname
      Admin bit must be on.
      dd27f82a
  8. 19 Sep, 2002 1 commit
  9. 17 Sep, 2002 1 commit
  10. 13 Sep, 2002 1 commit
  11. 03 Sep, 2002 1 commit
  12. 25 Jul, 2002 1 commit
  13. 03 Jul, 2002 1 commit
  14. 01 Jul, 2002 1 commit
  15. 25 Jun, 2002 1 commit
  16. 24 Jun, 2002 1 commit
  17. 21 Jun, 2002 1 commit
  18. 11 Jun, 2002 1 commit
  19. 06 Jun, 2002 1 commit
  20. 05 Jun, 2002 1 commit
    • Leigh B. Stoller's avatar
      Changes to sshtb. Remove sshremote, and convert sshtb into a perl · 231fc2b1
      Leigh B. Stoller authored
      script that checks the database to see if local or remote. The problem
      with this is that the ssh syntax makes it hard to determine the host
      name by inspection. Would need to parse all the ssh args (bad idea),
      ot work backwards and try to figure out the difference between the
      command (which is not a string but a sequence of args) and the host
      and the preceeding ssh args. Hell with that! Changed sshtb to require
      a specific -host argument. Read the args and look for it. Error out of
      not found, to catch improper usage.
      
      The moral of this update: "sshtb [ssh args] -host <host> [more args ...]
      231fc2b1
  21. 28 May, 2002 1 commit
  22. 24 May, 2002 2 commits
    • Mac Newbold's avatar
      Big changes. Add idlecheck, sdisrunning and sddeploy to configure and the make... · 5aece56b
      Mac Newbold authored
      Big changes. Add idlecheck, sdisrunning and sddeploy to configure and the make files. Install sd* above into sbin dir. Rename sddeploy.pl and isrunning.pl.
      5aece56b
    • Robert Ricci's avatar
      New script: checkports · 64c78cae
      Robert Ricci authored
      Checks to make sure that all ports for an experiment are in the
      correct switch state. If they are enabled, they should have
      carrier.
      
      Note that enough code is shared between checkports and portstats
      that some of it could probably be moved to a library at this
      point.
      64c78cae
  23. 23 May, 2002 1 commit
    • Robert Ricci's avatar
      Added a GNUmakefile for the tools directory. · 6b4b6141
      Robert Ricci authored
      First, gives us a handy way to build all the tools, if there
      is ever more than one.
      
      Second, it's a workaround for a really annoying problem with
      configure. Since there was nothing in the tools/ directory itself,
      it wasn't getting created, so configure could not make
      tools/pcapper (since the parent directory didn't exist.)
      6b4b6141
  24. 22 May, 2002 1 commit
    • Robert Ricci's avatar
      Belated checkin of a lot of new pcapper features. Highlights: · 58c7b4bb
      Robert Ricci authored
      Event system:
      
      When compiled with -DEVENTSYS, can be made to wait for time to start
      in an experiment before starting to count packets. Times are also
      reported relative to experiment time start. Use the '-e' flag to
      enable.
      
      SUID support:
      
      If compiled with -DDROPROOT, and it seems that pcapper was started
      setuid root (euid == 0, and ruid != 0), drops root permissions after
      opening BPF (or raw socket in Linux.) This allows it get permissions
      to read packets, but still be killed by the user. This is particularly
      useful with the testbed's program objects.
      
      New command-line options:
      
      -s: Print out packet counts to stdout, in addition to listening
              on a socket ('-f -' does the same thing, too)
      -p: Count only payload sizes, not header sizes
      -e: Wait for event system time to start in pid/eid
      -z: Don't count zero-length packets in the packet counts (useful
              with '-p')
      
      Also, now creates a GNUmakefile the _right_ way.
      58c7b4bb
  25. 17 May, 2002 1 commit
  26. 16 May, 2002 1 commit
    • Robert Ricci's avatar
      New script: grabron · 8bc28a0b
      Robert Ricci authored
      This script grabs updated latency from Dave Andersen't database
      of RON information, and sticks it into the widearea_recent table.
      8bc28a0b
  27. 09 May, 2002 3 commits
    • Robert Ricci's avatar
      New library function: libtestbed::TBDebugTimeStamp() · 29edb522
      Robert Ricci authored
      Is controlled by a new configure variable called TIMESTAMPS - if this
      variable is set, prints out a timestamp, along with its arguments (so
      that you can distinguish between the timesteamps.) Otherwise, does
      nothing. The basic idea is that we can sprinkle calls to this in the
      code, and only enable it on devel trees.
      29edb522
    • Chad Barb's avatar
      · eb4bccb3
      Chad Barb authored
      Added new vis tools.
      (we should remove the old ones soon)
      eb4bccb3
    • Leigh B. Stoller's avatar
      Commit the static routing support. Invoked from tbprerun, after the · 712fe222
      Leigh B. Stoller authored
      parser runs. The staticroutes script is a wrapper for Chad's route
      solver. The network optimization is currently turned off; use -t to
      turn it on, until I know if its correct.
      
      Note that Chad gets credit for routecalc.cc; I'm just committing the
      file for him, with a couple of trivial changes that I made.
      712fe222
  28. 08 May, 2002 1 commit
  29. 07 May, 2002 1 commit
  30. 02 May, 2002 1 commit
  31. 30 Apr, 2002 1 commit
    • Robert Ricci's avatar
      Added interswitch bandwidth tracking to ptopgen. This feature looks at · 0fc1f7a2
      Robert Ricci authored
      the vlans table to determine how much of the trunk bandwidth is
      currently 'reserved', and subtracts that from the trunk bandwidth
      reported in the output.
      
      This feature is disabled by default. However, you can enable it by
      putting the line
      TRACK_INTERSWITCH_BANDWIDTH=1
      in your defs file.
      0fc1f7a2
  32. 21 Apr, 2002 1 commit
  33. 04 Apr, 2002 1 commit
    • Leigh B. Stoller's avatar
      First round of ssl'ification of tmcd/tmcc. This needs to be looked at · ffe40d2e
      Leigh B. Stoller authored
      by smarter brains by me (I have asked Dave to look it over). Anyway ...
      
      I added a top level ssl directory which has a bunch of goo for
      creating certificates and keys.  I currently create a Certificate
      Authority, a server certificate, and a client certificate. The private
      keys for all three are unencrypted, so no password is required. All
      key/cert combos can be installed on boss. The client side needs the
      key/cert pair (in one file), and the CA cert (no key!). There are
      install targets to do this. NOTE, you do not want to create/install
      these without being careful, since you could instantly invalidate all
      the clients!
      
      I have added the necessary SSL routines to tmcd/tmcc. See the ssl.c
      and ssl.h file. I have set it up so that with all you need to do is
      uncomment three lines in the makefile, and accept,connect,read,write,
      and close are redirected to SSL'ified versions in ssl.c. The current
      security model is that the client and server both "demand" certificate
      verification from the other side (as opposed to just server side
      verification). tmcd reads in server.pem, while tmcc reads in
      client.pem. Both read in the emulab.pem (CA cert with no private
      key).
      
      Initial testing indicates I have done this at least partially
      correctly. Whoever invented this stuff has a really twisted mind
      though. There are some questions at the top of ssl.c that need to be
      answered.
      
      Oh, also redid all the syslog stuff throughout tmcd.
      ffe40d2e
  34. 02 Apr, 2002 1 commit
    • Leigh B. Stoller's avatar
      Ah, the things I do. Added web page and backend script to scroll the · 07323144
      Leigh B. Stoller authored
      experiment log file to the user as it gets generated. The web page
      does not redraw, it just never exits until the backend sees that the
      experiement transition is done, and then it exists, which terminates
      the script. I added a DB field to hold the logfile name and some
      routines in libdb, with the idea that this might be more generally
      useful at some point. Next time you create an experiment, look for the
      last sentence, and click on "realtime".
      07323144
  35. 01 Apr, 2002 3 commits
    • Robert Ricci's avatar
      New perl event system functions: EventSend{,Warn,Fatal}() These · e58adf16
      Robert Ricci authored
      basically work like the libdb.pm functions of the same name (and in
      fact much of the code was stolen from there.)
      
      Provides a simple single function call to send events. Intended for
      use in scripts whose primary purpose is _not_ to interface with the
      event system, like power and node_reboot. If more control/efficiency
      is required (for example, these functions reconnect to the event
      system every time they're called) , it's better to use the C-like API.
      
      Example call:
      EventSendFatal(objtype   => "TBEXAMPLE",
                     eventtype => $ARGV[0],
                     host      => "*" );
      e58adf16
    • Robert Ricci's avatar
      stated now gets intstalled in @prefix@/sbin · aa2bd0a2
      Robert Ricci authored
      aa2bd0a2
    • Leigh B. Stoller's avatar
      First cut at supporting RON (or more generally, remote nodes). · bd587829
      Leigh B. Stoller authored
      * tmcd/ron: A new directory of client code, based on the freebsd
        client code, but scaled back to the bare minimum. Does only account
        and group file maintenance. I redid the account stuff so that only
        emulab accounts are operated on. Does not require a stub file, but
        instead keeps a couple of local dbm files recording what groups and
        accounts were added by Emulab. There is a ton of paranoia checking
        to make sure that local accounts are not touched.
      
        The update script that runs on the client node detaches so that the
        ssh from boss returns immediately. update can also be run from the
        node periodically and at boottime. The script is installed setuid
        root, but checks to make sure that *only* root or "emulabman" has
        invoked it.
      
      * utils/sshremote: New file. For remote nodes, instead of using sshtb,
        use sshremote, which ssh's in as "emulabman", which needs to be a
        local non-root user, but with an authorized_keys file containing
        boss' public key.
      
      * web interface changes: Allow user to specify his own public key in
        addition to the emulab key.
      
        Add option in showexp page to update accounts on nodes in the
        experiment. I was originally intending to do this from approveuser,
        but this was easier and faster. I will add an option to do it on the
        approveuser page later.
      
      * libdb.pm: Add a TBIsNodeRemote() query to see if a node is in the
        local testbed or a pcRemote node. Currently, this test is hardwired
        to a check for class=pcRemote, but this will need to change to a
        node_types property at some point.
      
      * node_update: Reorg so that there is a maximum number of children
        created. Previously, a child was forked for each node, but that
        could chew up too many processes, especially for remote nodes which
        might hang up. For the same reason, we need to "lock" the experiment
        so that it cannot be terminated while a node_update is in progress.
        Might be to relax that, but this was easy for now. Also add
        distinction between local and remote, since for remote we use
        sshremote insted of sshtb. Various cleanup stuff
      
      * mkacct; When generating a new account, include user supplied pub key
        in the authorized keys file, in addition to the eumlab generated
        key. Both keys are stored in the DB in the users table. Anytime we
        update an account, get a fresh copy of the emulab pub key, in case
        user changes it.
      bd587829