1. 12 Mar, 2003 1 commit
    • Leigh B. Stoller's avatar
      Add a few more permission bits to jailconfig: · 53e95db5
      Leigh B. Stoller authored
      INADDRANY: When 1, jail is allowed to bind to INADDR_ANY. When packet
                 comes in, the pchlookup checks the prison IPs.
      
      ROUTING:   Jail gets access to its routing table. This presently implies
                 that the jail gets its own private routing table via new
      	   jail options.
      
      DEVMEM:    Jail gets a real /dev/mem and /dev/kmem instead of a
                 symlink to /dev/null. This pretty much bypasses security so
                 its not something to do on widearea nodes, but on local
                 nodes that fine.
      53e95db5
  2. 10 Mar, 2003 1 commit
  3. 05 Mar, 2003 1 commit
  4. 27 Feb, 2003 2 commits
  5. 13 Feb, 2003 1 commit
  6. 03 Feb, 2003 2 commits
  7. 01 Feb, 2003 1 commit
  8. 31 Jan, 2003 5 commits
  9. 30 Jan, 2003 7 commits
  10. 22 Jan, 2003 2 commits
  11. 15 Jan, 2003 1 commit
  12. 02 Jan, 2003 1 commit
    • Leigh B. Stoller's avatar
      Addition to jailconfig command. Return the list of IP addrs that the · a734b77a
      Leigh B. Stoller authored
      are in the vnodes experiment on that node. This list of IPs is given
      to the kernel as interfaces that a jail is allowed to bind too (those
      kernel changes done by Mike). To construct this list, first look at
      the list of virt_tunnels on that physnode for the experiment. In
      addition, to support local jails, look at the IP list in the
      interfaces table for the physnode. Basically like a doifconfig. At
      some point local jails will change to use tunnels also, but for now
      this will do.
      a734b77a
  13. 20 Dec, 2002 1 commit
  14. 18 Dec, 2002 1 commit
    • Leigh B. Stoller's avatar
      Ignore isalive from local nodes. The new image will run a watchdog · 678a5a34
      Leigh B. Stoller authored
      like the remote nodes do, but for now do not update the up/down status
      from that. I need to mess with db/node_status first to make sure there
      is agreement between the parties. Note that remote nodes send one UDP
      message every 60 seconds (isalive is done with a UDP). Local nodes
      will send them at a slower rate, as is the practice in db/node_status
      which wakes up every 5 minutes and fpings the world!
      678a5a34
  15. 09 Dec, 2002 1 commit
  16. 06 Dec, 2002 1 commit
  17. 06 Nov, 2002 1 commit
    • Shashi Guruprasad's avatar
      NSE related changes: · 05bc3bd4
      Shashi Guruprasad authored
        - Fixes the routing problem
        - A new type "sim" has been created but not in the DB. node_types and
          nodes remain unchanged. This will change after we figure out how
          to represent in the DB the local multiple virtnodes in one phynode case
          The frontend tb_compat.tcl adds the sim type and ptopgen associates
          a huge number of sim nodes to all local PCs.
        - All simulated nodes go into one pc untill I finish coding the distributed
          nse case. Also, sim nodes go through assign but with an explicit
          "fix-node" directive in the top file. A random free pc is chosen using
          the avail script in assign_wrapper. If we don't fix node it, assign
          maps sim nodes to multiple phy nodes even when a valid all to one
          mapping is possible.
        - Syntax for nse:
      
         $ns make-simulated {
      
             set simnode1 [$ns node]
             set simnode2 [$ns node]
      
         }
         ...
      
         The old syntax
      
         set nsenode [$ns nsenode]
         $nsenode make-simulated {
         }
      
         is deprecated
      
        - All 38 frontend tests in the testsuite pass
      
        - A new table v2pmap has been added to handle multiple virt nodes to
          one phy node mapping. This is used in "tmcc hostnames" currently.
      
        - The phy node that is picked to run nse is loaded with a custom image
          FBSD45-NSE . This can use the default FBSD kernel if there is a mechanism
          to run at 1000HZ, have options IPFIREWALL_FORWARD and PERFMON turned on.
          The image is in the 'testbed' group. Do not delete this image.
      
        - Static routes now adds routes for the case dst == nexthop. The routing
          graph would be disconnected otherwise and I need to traverse this in
          assign_wrapper for nse. On the client side, such a route is filtered out in
          libsetup.pm
      
        - sim nodes are also correctly visualized
      05bc3bd4
  18. 05 Nov, 2002 1 commit
  19. 28 Oct, 2002 1 commit
  20. 22 Oct, 2002 1 commit
    • Leigh B. Stoller's avatar
      * Add jailflag to arg list for all functions, which we get via · eb3e2cac
      Leigh B. Stoller authored
        iptonodeid. Currently, the only real change for jailflag is in
        doaccounts, which returns a normal accounts list for a jailed virtual
        node (pid,gid like local nodes), a set of tbadmin accounts for a
        physical node doing jails (so we can still log into any node even if
        its doing jails), and continues to do the old thing for widearea nodes
        not doing jails (pcremote_ok slot in projects table). Nasty, I know.
      
      * Add dotarball command which returns a tarball to a widearea node via
        ssl. The filename must be in the tarballs list for the node (vnode),
        and the file must be in the gid of the experiment, or be owned by the
        experiment creator. Last bit of paranoia is that the resolved path
        must live in one of /proj, /groups, or /users. In addition, all of the
        FS commands are wrapped so that an NFS hangup to ops will not wedge
        tmcd completely.
      
      * jailconfig command, which returns the current config for a jailed
        node so that mkjail can give the proper options to the jail command
        (requires Mike's hacks to the kernel and jail). Last 3 are hardwired
        as you can see, but will eventually come from the DB.
      
      		"PORTRANGE=\"%s,%s\"\n"
      		"SYSVIPC=1\n"
      		"INETRAW=1\n"
      		"BPFRO=1\n", row[0], row[1]);
      
      * Do not return any mounts for jail nodes until we figure out the SFS
        thing.
      
      * Change format of vnodelist so that when a node boots it determine if
        the vnodes that need to be started should be jailed or not.
      
      * Add nodeid command so that widearea nodes can find out their emulab
        ID; useful for cvsup.
      
      * Clear some compiler warnings Mac left behind.
      eb3e2cac
  21. 18 Oct, 2002 1 commit
    • Mac Newbold's avatar
      Merge the newstated branch with the main tree. · 5c961517
      Mac Newbold authored
      Changes to watch out for:
      
      - db calls that change boot info in nodes table are now calls to os_select
      
      - whenever you want to change a node's pxe boot info, or def or next boot
      osids or paths, use os_select.
      
      - when you need to wait for a node to reach some point in the boot process
      (like ISUP), check the state in the database using the lib calls
      
      - Proxydhcp now sends a BOOTING state for each node that it talks to.
      
      - OSs that don't send ISUP will have one generated for them by stated
      either when they ping (if they support ping) or immediately after they get
      to BOOTING.
      
      - States now have timeouts. Actions aren't currently carried out, but they
      will be soon. If you notice problems here, let me know... we're still
      tuning it. (Before all timeouts were set to "none" in the db)
      
      One temporary change:
      
      - While I make our new free node manager daemon (freed), all nodes are
      forced into reloading when they're nfreed and the calls to reset the os
      are disabled (that will move into freed).
      5c961517
  22. 09 Oct, 2002 1 commit
  23. 27 Sep, 2002 1 commit
    • Leigh B. Stoller's avatar
      Add new ntpstart file, intended to wrap up ntpd startup code, after · b437e338
      Leigh B. Stoller authored
      first talking to tmcd to get the ntpdrift and ntp server/peer lists.
      This is a strict wrapper so it should be invoked from /etc/rc.conf
      like this:
      
      	xntpd_program="/usr/local/etc/emulab/ntpstart"
      	xntpd_flags="/usr/sbin/ntpd -p /var/run/ntpd.pid"
      
      which is to say that this program passes it entire argument list off
      to the shell once it sets up the config file. We fire off ntp no
      matter what happens though, and allow for no actual changes to the
      config file if tmcd does not provide anything.
      
      TMCD: Add ntpinfo and ntpdrift commands, as per Mike's specification.
      ntpinfo returns lines like:
      	SERVER=nnn.nnn.nnn.nnn
      	...
      	PEER=nnn.nnn.nnn.nnn
      	...
      	DRIFT=nnn.nn
      
      and "ntpdrift nnn.nn" allows the current drift setting to be placed
      into the DB, although thats not currently happening. In the DB,
      ntpdrift is a new float slot in the nodes table, that defaults to
      NULL. The servers/peers are stored in a new table that looks like
      this:
      
      	+---------+---------+--------+
      	| node_id | IP      | type   |
      	+---------+---------+--------+
      	| wa32    | 1.1.1.1 | server |
      	| wa32    | 1.1.1.2 | server |
      	| wa32    | 1.1.1.3 | peer   |
      	| wa32    | 1.1.1.4 | peer   |
      	+---------+---------+--------+
      b437e338
  24. 25 Sep, 2002 1 commit
  25. 10 Sep, 2002 1 commit
  26. 05 Sep, 2002 2 commits