1. 04 Oct, 2017 1 commit
  2. 08 Aug, 2017 1 commit
  3. 06 Jul, 2017 1 commit
  4. 06 May, 2016 1 commit
  5. 12 Apr, 2016 1 commit
  6. 28 Jan, 2016 1 commit
  7. 08 Jan, 2016 1 commit
  8. 04 Jan, 2016 1 commit
  9. 08 Dec, 2015 3 commits
  10. 06 Jul, 2015 1 commit
  11. 27 Jan, 2015 1 commit
    • Leigh B Stoller's avatar
      Two co-mingled sets of changes: · 85cb063b
      Leigh B Stoller authored
      1) Implement the latest dataset read/write access settings from frontend to
         backend. Also updates for simultaneous read-only usage.
      
      2) New configure options: PROTOGENI_LOCALUSER and PROTOGENI_GENIWEBLOGIN.
      
         The first changes the way that projects and users are treated at the
         CM. When set, we create real accounts (marked as nonlocal) for users and
         also create real projects (also marked as nonlocal). Users are added to
         those projects according to their credentials. The underlying experiment
         is thus owned by the user and in the project, although all the work is
         still done by the geniuser pseudo user. The advantage of this approach
         is that we can use standard emulab access checks to control access to
         objects like datasets. Maybe images too at some point.
      
         NOTE: Users are not removed from projects once they are added; we are
         going to need to deal with this, perhaps by adding an expiration stamp
         to the groups_membership tables, and using the credential expiration to
         mark it.
      
         The second new configure option turns on the web login via the geni
         trusted signer. So, if I create a sliver on a backend cluster when both
         options are set, I can use the trusted signer to log into my newly
         created account on the cluster, and see it (via the emulab classic web
         interface).
      
         All this is in flux, might end up being a bogus approach in the end.
      85cb063b
  12. 07 Jan, 2015 1 commit
    • Leigh B Stoller's avatar
      ZFS change; when ZFS_NOEXPORTS is on, we have to call exports_setup · b9ec1a54
      Leigh B Stoller authored
      when a user logs in so that their home directory and projects are exported
      from ops. Otherwise things break.
      
      Since we really do not want to do this too often, exports_setup is
      exporting anyone who is logged in within the last week, and the web
      interface is calling out to exports_setup only once a day for each user.
      
      This can be "improved" but I am worried we are fighting a losing battle and
      will eventually yank this code anyway.
      b9ec1a54
  13. 12 Sep, 2014 1 commit
  14. 26 Aug, 2014 2 commits
  15. 10 Jul, 2014 1 commit
  16. 13 May, 2014 1 commit
  17. 06 May, 2014 10 commits
  18. 01 Apr, 2014 1 commit
  19. 22 Mar, 2014 1 commit
  20. 17 Jan, 2014 1 commit
  21. 10 Jan, 2014 1 commit
  22. 08 Jan, 2014 1 commit
  23. 16 Dec, 2013 1 commit
  24. 07 Nov, 2013 1 commit
  25. 06 Nov, 2013 1 commit
  26. 19 Sep, 2013 1 commit
  27. 03 Jan, 2013 1 commit
  28. 14 Nov, 2012 1 commit
    • Leigh B Stoller's avatar
      Move rpm/tar download from boss to ops, to avoid wasted network traffic. · f37cd9dc
      Leigh B Stoller authored
      To turn this option on, define SPEWFROMOPS=1 in your defs file. This
      will result in a redirect message from boss which will send the wget
      client over to ops. 
      
      A perl setuid root cgi script is run from the webserver on ops when a
      /spewrpmtar request is made. This script sends the key,nodeid,file
      over to boss via XMLRPC (as elabman). The return is simple yes or no,
      the caller is allowed (not allowed) to have that file. Since the
      ops script runs as root, it can spew the file back to the caller.
      
      Note that the elabinelab checks for the elabinelab source code are
      gone; we are now open source. Also, we spew that file from /share now,
      to be consistent.
      f37cd9dc