GitLab

the new create image workflow.

to CreateImage().

We need to get rid of this!

Since BSD jail days we have attempted to partition up the UDP/TCP port
range among vnodes as jails and their host shared the same namespace.
Originally we supported a range of 256 per experiment which wound up
limiting the number of experiments we could instantiate. In order to get
a class up and running where we expected a large number of single-vnode
experiments, I reduced the range to 32 to allow more experiments, forgetting
that we pick a unique port per-vnode from that range to use for sshd.
So as a result I limited the number of vnodes per experiment to 32!

Did I mention that we need to eviscerate this mechanism with extreme
prejudice?

In checknode code for FreeBSD don't check the /dev/ad* device if it is a symlink.
[I think the a error in the test command for -c]

Closes #323.

with something other then their row index. Something unique in fact.

does not croak for them.

do not have the reservation ID, and so instead of editing you end up
creating a new one. This is easily fixable, will do so later. In the
meantime just reload the reservation listing page.

1. Add display_start and display_end datetime fields for scheduling when
   an announcement should be shown/retired.

2. Add priority integer for ordering messages, default is 3.

Closes #321

1. Add a unique uuid for a shared lookup token with the web UI.

2. Add pid_idx for targeting announcements to projects (issue #258).

Provide automated setup of an ssh keypair enabling root to login without
a password between nodes. The biggest challenge here is to get the private
key onto nodes in such a way that a non-root user on those nodes cannot
obtain it. Otherwise that user would be able to ssh as root to any node.
This precludes simple distribution of the private key using tmcd/tmcc as
any user can do a tmcc (tmcd authentication is based on the node, not the
user).

This version does a post-imaging "push" of the private key from boss using
ssh. The key is pushed from tbswap after nodes are imaged but before the
event system, and thus any user startup scripts, are started. We actually
use "pssh" (really "pscp") to scale a bit better, so YOU MUST HAVE THE
PSSH PACKAGE INSTALLED. So be sure to do a:

    pkg install -r Emulab pssh

on your boss node. See the new utils/pushrootkeys.in script for more.

The public key is distributed via the "tmcc localization" command which
was already designed to handle adding multiple public keys to root's
authorized_keys file on a node.

This approach should be backward compatible with old images. I BUMPED THE
VERSION NUMBER OF TMCD so that newer clients can also get back (via
rc.localize) a list of keys and the names of the files they should be stashed
in. This is used to allow us to pass along the SSL and SSH versions of the
public key so that they can be placed in /root/.ssl/<node>.pub and
/root/.ssh/id_rsa.pub respectively. Note that this step is not necessary for
inter-node ssh to work.

Also passed along is an indication of whether the returned key is encrypted.
This might be used in Round 2 if we securely implant a shared secret on every
node at imaging time and then use that to encrypt the ssh private key such
that we can return it via rc.localize. But the client side script currently
does not implement any decryption, so the client side would need to be changed
again in this future.

The per experiment root keypair mechanism has been exposed to the user via
old school NS experiments right now by adding a node "rootkey" method. To
export the private key to "nodeA" and the public key to "nodeB" do:

    $nodeA rootkey private 1
    $nodeB rootkey public 1

This enables an asymmetric relationship such that "nodeA" can ssh into
"nodeB" as root but not vice-versa. For a symmetric relationship you would do:

    $nodeA rootkey private 1
    $nodeB rootkey private 1
    $nodeA rootkey public 1
    $nodeB rootkey public 1

These user specifications will be overridden by hardwired Emulab restrictions.
The current restrictions are that we do *not* distribute a root pubkey to
tainted nodes (as it opens a path to root on a node where no one should be
root) or any keys to firewall nodes, virtnode hosts, delay nodes, subbosses,
storagehosts, etc. which are not really part of the user topology.

For more on how we got here and what might happen in Round 2, see:

    #302

1. nosnapshot; create the descriptor (clone_image) but do not start the
   imaging process (create_image).

2. mustnotexist: Must be a new image in the project or return error.

A nit that I didn't want getting mixed up with a later meaningful commit.

sites can work around being offline.