1. 28 Dec, 2016 1 commit
    • Leigh B Stoller's avatar
      Slight change to geni-lib portal wrap; requesting to dump param defs · 44b17a4d
      Leigh B Stoller authored
      does not result in immediate termination. Instead we dump the params
      defs to a different file now, and continue on to spit the rspec to the
      output file. This complicates returning back to ops though, since now we
      have two file. So I elected to do a cheesy tar pack/unpack on the return
      trip.
      44b17a4d
  2. 06 Dec, 2016 1 commit
    • Mike Hibler's avatar
      Add the -B option to specify the "base" iocage to use. · fc02c625
      Mike Hibler authored
      This could make it easier in the future to try out different
      versions of the jail environment (e.g., FreeBSD 10.2 vs. 10.1)
      without manually tweaking a magic symlink in /iocage/tags.
      
      Also, document that you need to create the geni-lib mountpoint
      and may need to add some symlinks that are missing in newer
      FreeBSD packages.
      fc02c625
  3. 14 Jul, 2016 1 commit
  4. 26 Aug, 2015 1 commit
  5. 13 Aug, 2015 1 commit
  6. 12 Aug, 2015 1 commit
    • Mike Hibler's avatar
      More tweaks. · 88a4a831
      Mike Hibler authored
      Loopback mount @TBROOT@/lib/geni-lib directory read-only in the jail.
      This way we don't have to copy geni-lib stuff into the base jail and worry
      about multiple versions. The version mounted in the jail can either be
      the standard version or a dev-tree version depending on which copy of the
      script is run.
      
      Create per-instance snapshots of the base jail rather than having one
      "current" snapshot that all instances used. Not as efficient, but allows
      us to update the base (e.g., with security fixes) without needing to
      remember to create a new "current" snapshot!
      
      Add -C option to just create a jail instance without running anything
      in it. Then you can use "jexec" to test stuff in the jail. Use the new
      -R option afterward to remove the instance.
      
      Try to sanitize the environment passed to the command script. We cannot
      just give it a "clean" environment because genilib passes stuff via the
      environment. So we get rid of SUDO_* and SSH_* and set the assorted USER*
      variables correctly. This may have to be refined depending on how much
      geni-lib scripts expect from the environment.
      88a4a831
  7. 11 Aug, 2015 1 commit
    • Mike Hibler's avatar
      Two versions of a python jail for running geni-lib scripts. · 794fe4d4
      Mike Hibler authored
      genilib-iocage uses the FreeBSD "iocage" jail management package to
      setup a jail, run the script, and teardown the jail. Unfortunately,
      this version is really, really slow (11 seconds for a one-shot jail).
      
      So instead we will use genilib-jail which uses the template jail instance
      I built using iocage, but creates the one-off jails by using raw zfs and
      jail commands. It runs in about 1.3 seconds. genilib-iocage is left in
      case the author speeds it up someday.
      
      N.B. these are NOT plug in replacements for rungenilib.proxy.in.
      In particular, the new scripts run as root and don't do any validation
      of the caller or arguments. So genilib-jail will be called from rungenilib
      for now (though I have not done that part yet!)
      794fe4d4