1. 22 Jul, 2014 1 commit
  2. 18 Jul, 2014 1 commit
  3. 13 Jul, 2014 1 commit
  4. 12 Jul, 2014 3 commits
    • Mike Hibler's avatar
      Make sure we use -i for sendmail when we pipe into it. · 355f5aa8
      Mike Hibler authored
      This prevents a line with a single "." from meaning EOF to sendmail.
      How arcane!
      
      I discovered this when I ran a create_image and I didn't get the complete
      log mailed to me. This is because create_image did a frisbee download of an
      image with a single chunk, which of course printed out:
      
        Using Multicast 235.252.1.187
        Joined the team after 0 sec. ID is 1586355915. File is 1 chunks (963200 bytes)
        .
      
      Fortunately, "arcane" is my middle name, so it didn't take me long to find
      this...
      355f5aa8
    • Leigh B Stoller's avatar
      Fix type extraction. · 215e2bbc
      Leigh B Stoller authored
      215e2bbc
    • Leigh B Stoller's avatar
      Minor fix. · 016b881e
      Leigh B Stoller authored
      016b881e
  5. 11 Jul, 2014 1 commit
  6. 10 Jul, 2014 3 commits
  7. 09 Jul, 2014 1 commit
  8. 08 Jul, 2014 1 commit
  9. 02 Jul, 2014 1 commit
  10. 01 Jul, 2014 1 commit
  11. 17 Jun, 2014 1 commit
  12. 06 Jun, 2014 2 commits
  13. 04 Jun, 2014 1 commit
  14. 28 May, 2014 1 commit
  15. 21 May, 2014 1 commit
    • Leigh B Stoller's avatar
      Support for a private ilo management subnet, on GENIRACKS. · 01d65606
      Leigh B Stoller authored
      The goal is to put all of the ilo management interfaces (except for
      the control node of course) on to a private network. We determine
      this by looking at the IP in the interface entry, but since dhcpd
      will not allow a mix of subnets have to create a new subnet for it.
      
      Then when we have to interact with the ilo we will have to set up an
      openvpn tunnel to the control node. Why a VPN? Cause the remote
      console will not work across an http proxy.
      
      This code can be further generalized if we think it will be useful in
      a non-genirack setting.
      01d65606
  16. 15 May, 2014 3 commits
    • Leigh B Stoller's avatar
      Couple of new DB tables and libraries for them: · b0c5f6e9
      Leigh B Stoller authored
      1. web_tasks: This table is to track background processes that we
         start either from the web interface or from the protogeni XMLRPC
         interface. The goal is to not have a bunch of task specific stuff
         in tables, but a more general way to start a process tied to an
         object (say, like taking an image) and record state of the process
         in the descriptor (say, the image size as it grows). A client can
         poll for info about the process; the server just looks for the task
         descriptor associated with the object and returns the (currently)
         adhoc data in JSON format to the client.
      
         Work in progress, still determining if this general approach is
         worth it.
      
      2. web_sessions: Playing with real PHP sessions, using the DB to store
         the session data (instead of the default, which is data files in
         /var/run). No idea how I am going to use this one, just want to
         play with sessions.
      b0c5f6e9
    • Leigh B Stoller's avatar
    • Leigh B Stoller's avatar
      6761d2ad
  17. 14 May, 2014 1 commit
  18. 13 May, 2014 1 commit
  19. 12 May, 2014 1 commit
    • Leigh B Stoller's avatar
      Fix for loading an image on a remoteded pg node. This is a kludge, the · 15dce279
      Leigh B Stoller authored
      notion of "dedicated" is currently a type specific attribute, but we
      also have "shared" nodes running on "dedicated" nodes, which messes
      everything up. I am not inclined to fix the underlying problem since
      Utah is the only site that uses this stuff, and these nodes are slowly
      dying out anyway.
      15dce279
  20. 07 May, 2014 1 commit
    • Mike Hibler's avatar
      Prepare for the coming of MBR version 3. · b4fdf8e0
      Mike Hibler authored
      Ironic. After all that hoo-haw about dynamically-created MBRs in the
      previous commit, we introduce a new hardcoded static MBR...
      
      Goals:
       * Single OS partition, in the fast area of rotating disks
       * Proper alignment for 4k sector drives and SSDs (1MB alignment)
       * Still works on 40GB disk (aka, pc850s)
       * P1 16 GiB: goldilocks FS: not too small (> 10GB), but not too big (< 30GB)
       * P2  3 GiB: can hold a co-loaded MBR 1 image (e.g., FBSD410 delay node OS)
       * P3  3 GiB: at least as much swap at currently (>= 1GB)
      
      The partition table:
        P1:     2048	33554432	FS, 16GiB
        P2: 33556480	 6291456	possible delay-node OS or additional swap, 3GiB
        P3: 39847936	 6291456	swap, 3GiB
        P4: 46139392	34278848+	extrafs, 16+GB
      
      The larger size and partition alignment are why I pushed this through despite
      my noble intentions.
      b4fdf8e0
  21. 06 May, 2014 1 commit
    • Mike Hibler's avatar
      Add "relocatable" flag to images table to indicate that an image can be moved. · 65de520b
      Mike Hibler authored
      Hopefully, my last schema change related to images. If relocatable is not
      set then an image must be loaded at the lba_low offset. If set, then the
      image can be loaded at other offsets. Currently, all FBSD images are
      relocatable courtesy of the relocation mechanism in imagezip (which can
      fix up otherwise absolute offsets in an image). Sadly, Linux images are
      not relocatable due to absolute block numbers in the grub partition
      bootblock that we require. Ryan "taught" imagezip to relocate these, but
      I need to find his changes.
      65de520b
  22. 02 May, 2014 1 commit
    • Mike Hibler's avatar
      Add low/high sector numbers to the images table. · c345f7cf
      Mike Hibler authored
      These are computed by imagedump for .ndz images. The plan is to
      pass this info on to clients via tmcc so they can know the max disk
      size required.
      
      There will shortly be a utility to automatically update these values
      when an image is created or updated. Stay tuned.
      c345f7cf
  23. 16 Apr, 2014 1 commit
  24. 15 Apr, 2014 2 commits
  25. 07 Apr, 2014 1 commit
  26. 03 Apr, 2014 1 commit
  27. 25 Mar, 2014 1 commit
  28. 20 Mar, 2014 1 commit
  29. 17 Mar, 2014 3 commits
    • Kirk Webb's avatar
      Add "managetaint" command line utility to manage taint states · 93c518e3
      Kirk Webb authored
      This will currently work with os descriptors and nodes.
      93c518e3
    • Kirk Webb's avatar
      Refactor taintstate code and move final taint updates to stated. · 662972cd
      Kirk Webb authored
      Can't do the untainting for all cases in libosload*.  The untainting
      is now hooked into stated, where we catch the nodes as they send
      along their "RELOADDONE" events to update their taint state according
      to the final state of their partitions.
      662972cd
    • Kirk Webb's avatar
      Add taint state tracking for OSes and Nodes. · 1de4e516
      Kirk Webb authored
      Emulab can now propagate OS taint traits on to nodes that load these OSes.
      The primary reason for doing this is for loading images which
      require special treatment of the node.  For example, an OS that has
      proprietary software, and which will be used as an appliance (blackbox)
      can be marked (tainted) as such.  Code that manages user accounts on such
      OSes, along with other side channel providers (console, node admin, image
      creation) can key off of these taint states to prevent or alter access.
      
      Taint states are defined as SQL sets in the 'os_info' and 'nodes' tables,
      kept in the 'taint_states' column in both.  Currently these sets are comprised
      of the following entries:
      
      * usermode: OS/node should only allow user level access (not root)
      * blackbox: OS/node should allow no direct interaction via shell, console, etc.
      * dangerous: OS image may contain malicious software.
      
      Taint states are inherited by a node from OSes it loads during the OS load
      process.  Similarly, they are cleared from nodes as these OSes are removed.
      Any taint state applied to a node will currently enforce disk zeroing.
      
      No other tools/subsystems consider the taint states currently, but that will
      change soon.
      
      Setting taint states for an OS has to be done via SQL presently.
      1de4e516
  30. 10 Mar, 2014 1 commit
    • Mike Hibler's avatar
      Support "no NFS mount" experiments. · 5446760e
      Mike Hibler authored
      We have had the mechanism implemented in the client for some time and
      available at the site-level or, in special cases, at the node level.
      New NS command:
      
          tb-set-nonfs 1
      
      will ensure that no nodes in the experiment attempt to mount shared
      filesystems from ops (aka, "fs"). In this case, a minimal homdir is
      created on each node with basic dotfiles and your .ssh keys. There will
      also be empty /proj, /share, etc. directories created.
      
      One additional mechanism that we have now is that we do not export filesystems
      from ops to those nodes. Previously, it was all client-side and you could
      mount the shared FSes if you wanted to. By prohibiting the export of these
      filesystems, the mechanism is more suitable for "security" experiments.
      5446760e