https://github.com/novus/nvd3/commit/67b0a668eb31231eb499b9ecf649d1e46d1b61a8

admin approval. Informational for now, the results are ignores and
stored in the DB and shown on the admin extend page.

1. Allow local admins to snapshot system images.

2. Add a local user accesscheck in ImageInfo().

  #
  # Figure out what root pubkey(s) to use. Originally, we just copied over
  # *.pub, but that gets a whole lot of weird crap on the mothership. So now
  # we try to be more selective:
  #
  # To keep up with the cool kids, we want to use an Ed25519 key
  # (id_ed25519.pub) if possible.
  #
  # However since ed25519 is not supported by older sshds, we better have
  # an RSA alternative (id_rsa.pub) as well.
  #
  # But that key may be really old and less than 2048 bits, so we may have
  # a bigger one as well (id_rsa_new.pub, note: requires changing the default
  # ssh_config on your boss since this is not a default key file name to try).
  #
  # We really don't want to use a DSA key (id_dsa.pub) anymore unless there
  # is no alternative.
  #
  # Finally, if we are an Elabinelab setup, include the outer boss root key.
  #

when null data is returned.

1. Get this working on the NS conversion path.

2. Add support for additional firewall rules along the path,
   the CM never had support for firewall rules.

3. Set the security_level to zapdisk when firewalling is on.

days is iptables vlan based firewalls.

See emulab/emulab-devel issue #303. Ensure we have a controlled set of
pubkeys in root's .ssh/authorized_keys file when we create and load new
images. But allow for a user added key to survive node reboots if they
customize it within an experiment.

We want both to wind up in authorized_keys.

messages we show users.

We were expecting it to always contain "ttyS0", but it could be
"ttyS1" as well depending on where we last made the image.

The bug was that, even when the console pty device does not change,
we still need to re-open the device since our caller has closed it.

The race is that, on starting a domU, xenstore may briefly report the
wrong device before finally reporting the correct one.

On first call to xenmode, we recover from the race because we catch the
attempt to open the non-existent device, but then when we retry the
xenmode and we get back the same pty name, we would not do the open
and the caller would then do a select/read on a closed fd. That is a
fatal error. Now xenmode will report an error when it trys to reopen
the bad pty and we will just keep calling xenmode until we finally get
the right device.

In theory.

It seems that some systemds (i.e. 219) cannot handle by-uuid unitfile
names (although they are happy to print them out via systemctl
list-units).  So, in one place in the fstab-generator, just use the raw
device naming convention.  systemd doesn't care what we use.  From the
comments:

  Ok, don't use the by-uuid method (dev-disk-by\\x2duuid-${transuuid}.swap).
  It seems to me that the vintage of systemd on Centos7
  (i.e. 219) doesn't correctly process dev-by-uuid filenames nor
  unitnames (even systemctl status <blah>, where <blah> is a
  by-uuid unit name reported by systemctl list-units, does not
  work!).  systemd 229 on Ubuntu seems happy to use the by-uuid
  unitfilename we generated above.

(Perhaps I should have done this in all places in this script, but I
didn't for now :(.  I believe my by-uuid encoding is correct, and I
really don't want to rock a mostly-working boat.  This fix is enough for
all the cases we have, I hope.)

From the comments:

  Work around dhclient-scripts that forcibly set preferred_lft and
  valid_lft.  We cannot override the lease time sent from the server
  with a real infinite value (our best bet would be UINT32_MAX, and that
  sucks), so we intercept dhclient's name for the new lease time it's
  about to feed to the ip command.  Does this suck any less?  We cannot
  ex post facto run `ip addr change ...` just to reset the preferred_lft
  and valid_lft fields to "forever"; that seems to be tightly coupled
  with assigning an address to an interface (and we don't want to re-add
  the address; that is the whole point of dhclient-script!).  (Some
  dhclients also do not process "expire never" in dhclient.conf
  correctly, so this is what we are left with!)

were wrong because bad resource records (no swapin_time). Also add
a testrun flag to do all the work on the temporary tables so I can
look at them before renaming the tables.

geni path we are not setting the swapin time for a failed sliver,
so the duration numbers are wrong.

the unsigned int.

or 10G link, force BW shaping off, since the mere presence of property
statements causes the CM to turn on linkdelays, which is typically not
what users are after.

Still a problem to deal with; the CM should throw an error if it gets
this directive and there is non zero delay or loss. But what if the CM
gets this directive with a BW that is *not* one of 1G or 10G? Should it
through an error for this as well or assume the user knows that they are
doing (yeah, right).

data from the main database and they were just out of date wrt the
schema anyway. Instead, copy *just* the log table, which we *do* prune
from the main database. At some point, we will stop saving this data too
and just delete it.

when the link type is lan. This matches what Emulab actually wants to
see.

best_effort. When given, do not set uselinkdelay in the CM. This is a
first commit, this will change slightly in subsequent commit.

Normally this would be done as part of the install between
"pre" and "post". But I prefer to run my updates without doing
an install at the same time (i.e. "gmake update-testbed-noinstall").

all slice log urls.