- 31 May, 2013 4 commits
-
-
Leigh B Stoller authored
a single slice image, since we can now pull the kernel (ramdisk) out from the guest filesystem (using pygrub for linux, or just mounting BSD filesystems). This is a lot faster and easier to deal with. I added an option to the newimage page so that people can set this, but in general we need a better way to guess that we need it. Always set for EC2 images.
-
Leigh B Stoller authored
dom0mem setting for the node, since that varies and reduces the amount of guest memory available.
-
Leigh B Stoller authored
with this now, but want to get it in before I push new XEN image out.
-
Leigh B Stoller authored
-
- 29 May, 2013 2 commits
-
-
Mike Hibler authored
-
Mike Hibler authored
This would kill off the entire "power" invocation. For example, if the first node in the list given to power failed to connect to its icebox, power would die and not even attempt to power cycle any other node in the list. This manifested itself by lots of nodes getting stuck in reloading because the reload_daemon would try to reboot every node in a single command.
-
- 28 May, 2013 14 commits
-
-
Mike Hibler authored
Console config is handled by pxeboot in the most recent MFS.
-
Mike Hibler authored
-
Leigh B Stoller authored
From: Leigh Stoller <lbstoller@gmail.com> Date: Wed, 22 May 2013 13:49:33 -0700 Cc: instageni-design@geni.net So far we have been pretty loose about checking to make sure the certificate chains obey the Geni rules. These rules include checking to make sure that only approved entities can sign particular kinds of credentials. For example; only something known to be a Slice Authority should be allowed to create a slice and return a slice credential. The other check we have been lax about, is verifying that the URN namespace is consistent along the chain from CA to the target. For example, a chain that starts in Utah: URI:urn:publicid:IDN+emulab.net+authority+root should not be able to sign anything outside its namespace. That is, Utah should not be able to sign a user or slice credential like: urn:publicid:IDN+panther+user+shufeng This is made more complicated when we introduce subsa certs along the way, where Utah signs its SA cert and that signs a project slice. In this case the chain would look something like: URI:urn:publicid:IDN+emulab.net+authority+root URI:urn:publicid:IDN+emulab.net+authority+sa URI:urn:publicid:IDN+emulab.net:testbed+authority+sa URI:urn:publicid:IDN+emulab.net:testbed+slice+myslice There are also scoping rules; A subsa like: URI:urn:publicid:IDN+emulab.net:testbed+authority+sa should not be able to sign: URI:urn:publicid:IDN+emulab.net:someotherproject+slice+myslice The entire cert chain is require to verify this. The CA roots are in the bundle, and the intermediate certs should be enclosed in the signature section of the XML document. We have to make the same check against the user certificate after apache verifies the chain. For apache (or any SSL server) you have to load the chain, and as I mentioned in earlier email, this is easy with perl and python based clients. With all that said, we do not plan to start rigorous enforcement of the first check above, and for the second class of checks, we just want to enforce a simple prefix check until we get our subsa house in order (since we don't even conform properly yet!).
-
Leigh B Stoller authored
and if it really is running, we have to kill it with vnode_setup -k.
-
Leigh B Stoller authored
-
Leigh B Stoller authored
appears to be working. Set a couple of frisbee bandwidth sitevars as per Mike.
-
Leigh B Stoller authored
-
Leigh B Stoller authored
-
Leigh B Stoller authored
-
Leigh B Stoller authored
-
Leigh B Stoller authored
through the 172 phony router we have setup on the control node. This is silly to do for local traffic, but getting XEN guests to not do it, turned into a pit that I didn't want to enter. We want this so that arplockdown works properly; the mac address is really the client not a router. Revisit later.
-
Leigh B Stoller authored
-
Leigh B Stoller authored
-
Jonathon Duerig authored
-
- 24 May, 2013 1 commit
-
-
Mike Hibler authored
Take care of an iSCSI race condition in Fedora15.
-
- 23 May, 2013 6 commits
-
-
Mike Hibler authored
Not sure how I got on this side track, but it is done.
-
Kirk Webb authored
-
Kirk Webb authored
-
Kirk Webb authored
loc-bstore: local blockstore support rem-bstore: remote blockstore support Check for these when a user attaches a blockstore to a local node (local blockstores), or to a link/lan (remote blockstores). All nodes in a lan containing one or more remote blockstores must have an OS with the remote blockstores feature.
-
Leigh B Stoller authored
boot. Need a better way to figure out wait times based on the host OS.
-
Leigh B Stoller authored
boot. Need a better way to figure out wait times based on the host OS.
-
- 22 May, 2013 13 commits
-
-
Leigh B Stoller authored
-
Leigh B Stoller authored
-
Leigh B Stoller authored
kernel command line, according to new loadinfo variable returned from tmcd. This is so we can tailor the amount of memory per node type.
-
Leigh B Stoller authored
Mike's instruction. Faster, better, slicker then snot.
-
Leigh B Stoller authored
-
Leigh B Stoller authored
-
Leigh B Stoller authored
-
Leigh B Stoller authored
-
Leigh B Stoller authored
when we get the RPC results.
-
Leigh B Stoller authored
Return the dom0mem node attribute so that slicefix can use it to set it in the grub config file. Small fix to how loadinfo determine the image for a pcvm; use the def_boot_osid joined with the partitions table, like we do for real nodes. Did not like the special case.
-
Leigh B Stoller authored
-
Leigh B Stoller authored
-
Leigh B Stoller authored
-