1. 10 Oct, 2011 2 commits
    • Leigh B Stoller's avatar
      Add support for sharing images between projects. New table called · 646b64f6
      Leigh B Stoller authored
      image_permissions stores access info for images. You can share an
      image with a user or a group (project), and you can specify write
      access to allow updating the image in place. Note that write access
      does not allow the descriptor to be modified, only the image itself.
      Well, that is how it will be after Mike changes mfrisbeed.
      
      The front end script to modify permissions is grantimage:
      
      	boss> grantimage -u stoller -w tbres,myimage
      	boss> grantimage -u stoller -w tbres,myimage
      
      which grants write access to stoller. Or:
      
      	boss> grantimage -g testbed,testbed tbres,myimage
      
      which grants access to the testbed project. Notice that you can
      specify subgroups this way.
      
      	boss> grantimage -l tbres,myimage
      
      will give you a list of current permissions. To revoke, just add -r
      option:
      
      	boss> grantimage -g testbed,testbed -r tbres,myimage
      
      Who is allowed to grant access to an image? 1) An adminstrator of
      course, 2) the image creator, and 3) any group_root in the group that
      the image belongs to. Being granted access to use an image does not
      confer permission to grant access to others.
      
      One last task; while the web interface displays the permissions, there
      is no web interface to modify the permissions; users will still have
      to ask us for now.
      646b64f6
    • Mike Hibler's avatar
      Make subboss install do the right thing. · 6e910597
      Mike Hibler authored
      6e910597
  2. 09 Oct, 2011 1 commit
  3. 08 Oct, 2011 5 commits
    • Mike Hibler's avatar
      Adjust the set of unix gids used for a download server. · b207680c
      Mike Hibler authored
      [ this is a re-commit of a faulty earlier commit. ]
      
      When downloading an image, start the frisbeed process with the minimum set of
      gids necessary to access the image. This includes the unix gid of the
      project that the image is in and, optionally, the unix gid of the project
      subgroup if the image is part of one.
      
      Previously, we just use the gid set of the uid of the swapper of the
      experiment. Not only was this excessive, but it might also not include the
      gids needed in the case of a "global" image that is not in the world-readable
      /usr/testbed/images directory.
      b207680c
    • Mike Hibler's avatar
      Revert "Adjust the set of unix gids used for a download server." · baba7478
      Mike Hibler authored
      This reverts commit fc89eb38.
      
      Checked in a bunch of crap that was unrelated.
      baba7478
    • Mike Hibler's avatar
      Adjust the set of unix gids used for a download server. · fc89eb38
      Mike Hibler authored
      When downloading an image, start the frisbeed process with the minimum set of
      gids necessary to access the image. This includes the unix gid of the
      project that the image is in and, optionally, the unix gid of the project
      subgroup if the image is part of one.
      
      Previously, we just use the gid set of the uid of the swapper of the
      experiment. Not only was this excessive, but it might also not include the
      gids needed in the case of a "global" image that is not in the world-readable
      /usr/testbed/images directory.
      fc89eb38
    • Mike Hibler's avatar
      Use boss as the ssh proxy if inner ops is a VM. · 992665d3
      Mike Hibler authored
      Subtle: if your elabinelab uses a VM for ops, then there will be no
      myops.eid.pid.emulab.net DNS alias created outside (since there is no actual
      ops node in the topo) and thus the inner ops cannot be used as a proxy for
      ssh'ing to the unroutable inner nodes. In that case we use the inner boss
      instead.
      992665d3
    • Mike Hibler's avatar
      Use Node method to get event state rather than libdb function. · 2810b0e1
      Mike Hibler authored
      The former will filter out the bogus NULLs we occasionally see.
      2810b0e1
  4. 07 Oct, 2011 14 commits
  5. 06 Oct, 2011 3 commits
  6. 05 Oct, 2011 15 commits