GitLab

Bug fix to UpdateManifest(); need to pluck the vlantag out of the
linked lan (the underlying vlan when its an encapsulated link).

creating or terminating genislice experiments (unless there is an
error) and send all CM mail to protogeni-errors. Required a smaill
change in libaudit to specify the "to" address.

node info. Not sure this will survive. Add routines to update as well.
Also add Update and Refresh routines.

Export VMAC for virtual interfaces as for cooked mode.

Fix XML. Don't try to canonicalize to print. That has too much unwanted baggage. Create a copy of the node instead which will automatically add namespace declarations to it.

Print canonicalized strings as output. If you don't the namespaces->prefix bindings won't always be printed if you print out a fragment.

Fixed Geni XML parse bugs. Added additional checks for absent tags. Fixed bug where the ticket was created using the original string rather than the updated rspec.

is looking more and more like a urn, and so have to be careful
when using it to lookup a local node.

Fixed several XML bugs. Fixed two bugs where raw URNs were being passed to Emulab lookup functions. I have no idea how those were working before.

Checkpoint. All the conversion is done, but I need to refactor the xpaths to account for brittleness in the xpath specification.

* When resolving a component, return the gif (certificate) of the
  authority it belongs to.

* Quick fix for skiping links that are for another CM. This will
  change later when the schema defines it.

works for now.

Change all the test scripts to print the errors.

1. You cannot unregister a slice at the SA before it has expired. This
   will be annoying at times, but the alphanumeric namespace for slice
   ames is probably big enough for us.

2. To renew a slice, the easiest approach is to call the Renew method
   at the SA, get a new credential for the slice, and then pass that
   to renew on the CMs where you have slivers.

The changes address the problem of slice expiration.  Before this
change, when registering a slice at the Slice Authority, there was no
way to give it an expiration time. The SA just assigns a default
(currently one hour). Then when asking for a ticket at a CM, you can
specify a "valid_until" field in the rspec, which becomes the sliver
expiration time at that CM. You can later (before it expires) "renew"
the sliver, extending the time. Both the sliver and the slice will
expire from the CM at that time.

Further complicating things is that credentials also have an
expiration time in them so that credentials are not valid forever. A
slice credential picks up the expiration time that the SA assigned to
the slice (mentioned in the first paragraph).

A problem is that this arrangement allows you to extend the expiration
of a sliver past the expiration of the slice that is recorded at the
SA. This makes it impossible to expire slice records at the SA since
if we did, and there were outstanding slivers, you could get into a
situation where you would have no ability to access those slivers. (an
admin person can always kill off the sliver).

Remember, the SA cannot know for sure if there are any slivers out
there, especially if they can exist past the expiration of the slice.

The solution:

* Provide a Renew call at the SA to update the slice expiration time.
  Also allow for an expiration time in the Register() call.

  The SA will need to abide by these three rules:
  1. Never issue slice credentials which expire later than the
     corresponding slice
  2. Never allow the slice expiration time to be moved earlier
  3. Never deregister slices before they expire [*].

* Change the CM to not set the expiration of a sliver past the
  expiration of the slice credential; the credential expiration is an
  upper bound on the valid_until field of the rspec. Instead, one must
  first extend the slice at the SA, get a new slice credential, and
  use that to extend the sliver at the CM.

* For consistency with the SA, the CM API will changed so that
  RenewSliver() becomes RenewSlice(), and it will require the
  slice credential.

What I did was create node table entries for the three SPP nodes.
These are designated as local, shared nodes, reserved to a holding
experiment. This allowed me to use all of the existing shared node
pool support, albeit with a couple of tweaks in libvtop that I will
not bother to mention since they are hideous (another thing I need to
fix).

The virtual nodes that are created on the spp nodes are figments; they
will never be setup, booted or torn down. They exist simply as place
holders in the DB, in order hold the reserved bandwidth on the network
interfaces. In other words, you can create as many of these imaginary
spp nodes (in different slices if you like) as there are interfaces on
the spp node. Or you can create a single spp imaginary node with all
of the interfaces. You get the idea; its the reserved bandwidth that
drives the allocation.

There are also some minor spp specific changes in vnode_setup.in to
avoid trying to generalize things. I will return to this later as
needed.

See this wiki page for info and sample rspecs:

https://www.protogeni.net/trac/protogeni/wiki/SPPNodes

the protogeni interface.

user is a local user. Instead, all users have to send along their keys
in the RedeemTicket() call, and those keys land in the new Emulab
table called nonlocal_user_pubkeys, and tmcd will use that table when
sending keys over local nodes.

This change removes the inconsistency in key handling between slivers
created locally and slivers created at a foreign CM.

Add code to look for a urn in the certificate, and store that into the
DB to overwrite old version without urn. More generally, we need to
think about how to deal with changing user certificates.

* More URN issues dealt with.

* Sliver registration and unregistraton (CM to SA).

* More V2 status stuff.

* Other fixes.

Also still working on start/stop/restart on individual slivers in an
aggregate.