1. 10 Oct, 2011 1 commit
    • Leigh B Stoller's avatar
      Add support for sharing images between projects. New table called · 646b64f6
      Leigh B Stoller authored
      image_permissions stores access info for images. You can share an
      image with a user or a group (project), and you can specify write
      access to allow updating the image in place. Note that write access
      does not allow the descriptor to be modified, only the image itself.
      Well, that is how it will be after Mike changes mfrisbeed.
      
      The front end script to modify permissions is grantimage:
      
      	boss> grantimage -u stoller -w tbres,myimage
      	boss> grantimage -u stoller -w tbres,myimage
      
      which grants write access to stoller. Or:
      
      	boss> grantimage -g testbed,testbed tbres,myimage
      
      which grants access to the testbed project. Notice that you can
      specify subgroups this way.
      
      	boss> grantimage -l tbres,myimage
      
      will give you a list of current permissions. To revoke, just add -r
      option:
      
      	boss> grantimage -g testbed,testbed -r tbres,myimage
      
      Who is allowed to grant access to an image? 1) An adminstrator of
      course, 2) the image creator, and 3) any group_root in the group that
      the image belongs to. Being granted access to use an image does not
      confer permission to grant access to others.
      
      One last task; while the web interface displays the permissions, there
      is no web interface to modify the permissions; users will still have
      to ask us for now.
      646b64f6
  2. 12 Aug, 2011 1 commit
    • Leigh B Stoller's avatar
      Lets make it easier to manage pre reservations (Mike, this was Rob's · 5c998ffc
      Leigh B Stoller authored
      idea).
      
      New script and table to manage node pre reservations. Lets just look
      at the script.
      
      To create a reservation:
      
          myboss> wap prereserve -t pc850 testbed 2
          Node reservation request for 2 nodes has been created.
      
      To see the reservation status for testbed
      
          myboss> wap prereserve -i testbed
          Project         Cnt (Cur)  Creator    When               Pri Types
          -------------------------------------------------------------
          testbed         1 (1)      stoller    2011-08-12 12:39:07 0   pc850
      
          which says 1 node is pending and 1 node has already been
          pre-reserved. 
      
      To clear the above reservation request (and optionally, clean
      reserved_pid from the nodes table).
      
          myboss> wap prereserve -c -r testbed
      
          The -r is optional, otherwise just the reservation request is
          cleared, and nodes continue to be pre-reserved to the project.
      
      To see a list of all reservation requests:
      
          myboss> wap prereserve -l
      
      
      So, when a node is released in nfree, we look at the reservation
      status for the node and any pending reservation requests.
      
      1. If the node has a reserved_pid and that request is still pending
         (still in the table), nothing is changed.
      
      2. If the node has a reserved_pid, but the request has been cleared
         from the pending table, then clear reserved_pid.
      
      3. If reserved_pid is null, and there are pending requests, then pick
         the highest priority, most recent dated, request, and set
         reserved_pid to that project.
      
      Options:
      
      * -n <pri> - is how you set a priority. Lowest is zero, choose a
        higher number if you want this reservation request to be considered
        before others. In a tie, look at the date of creation, and use the
        oldest.
      
      * -t <typelist> - a comma separated list of types you want to
        consider. Types are considered in order, but not in the fancy way
        you might imagine.
      5c998ffc
  3. 18 Mar, 2011 1 commit
  4. 15 Dec, 2010 1 commit
  5. 25 Oct, 2010 1 commit
    • Leigh B Stoller's avatar
      New module, called Emulab Features. The basic usage (see tbswap) is: · 1d430992
      Leigh B Stoller authored
      use EmulabFeatures;
      
      if (EmulabFeatures->FeatureEnabled("NewMapper", $user, $group, $experiment)) {
         # Do something
      }
      else {
         # Do something else.
      }
      
      where $user, $group, and $experiment is the current Emulab user, group, and
      experiment the script is operating as. Any of them can be undef. Note that
      features can easily be globally enabled or disabled (bypassing user/group
      check). See below.
      
      There are two scripts to deal with features. The easy one is the script to
      grant (or revoke) feature usage to a particular user or group or experiment:
      
      boss> wap grantfeature -u stoller NewMapper
      boss> wap grantfeature -p geni NewMapper
      boss> wap grantfeature -e geni,myexp NewMapper
      
      Add -r to revoke the feature.
      
      The other script is for managing features. To create a new feature:
      
      boss> wap emulabfeature create NewFeature 'A pithy description'
      
      which adds the feature to the emulab_features DB table. Use "delete"
      to remove a feature from the DB.
      
      You can globally enable and disable features for all users/groups (the
      user/group checks are bypassed). Global disable overrides global
      enable. There are actually two different flags. Lots of rope, I mean
      flexibility.
      
      boss> wap emulabfeature enable NewFeature 1
      boss> wap emulabfeature enable NewFeature 0
      
      boss> wap emulabfeature disable NewFeature 1
      boss> wap emulabfeature disable NewFeature 0
      
      To display a list of all features and associated settings:
      
      boss> wap emulabfeature list
      
      To show the details (including the users and groups) of a specific
      feature:
      
      boss> wap emulabfeature show NewFeature
      
      Oh, if a test is made in the code for a feature, and that feature is
      not in the emulab_features table (as might be the case on other
      Emulab's), the feature is "disabled".
      1d430992
  6. 14 Oct, 2010 1 commit
    • Gary Wong's avatar
      Add a script to compress old expinfo directories. · c8827ceb
      Gary Wong authored
      Run it as "archive-expinfo [-t threshold]", where "threshold" is the
      number of days experiments must have been inactive to be compressed
      (defaulting to 1000).
      
      Directories will be tarred and compressed in place.  For example, if
      /usr/testbed/expinfo/testbed/example/1234 has been inactive for longer
      than the threshold, its entire contents will be archived in
      /usr/testbed/expinfo/testbed/example/1234.tar.bz2 and the original
      directory removed.
      
      The compression is extremely efficient, typically reducing directories
      to around 2% of their original size.
      c8827ceb
  7. 01 Jul, 2010 1 commit
  8. 23 Apr, 2010 1 commit
  9. 15 Apr, 2010 1 commit
  10. 08 Apr, 2010 1 commit
  11. 18 Dec, 2009 1 commit
  12. 07 Nov, 2009 1 commit
    • Leigh B. Stoller's avatar
      Change to infodir (/usr/testbed/expinfo) handling; experiment · 1855897b
      Leigh B. Stoller authored
      directories are now placed in a project subdirectory, to avoid
      blowing out the max number of subdirs (32K in FreeBSD). Dirs are
      now called $pid/$eid/$idx.
      
      This script takes all of the existing directories and moves them into
      their new homes. See doc/UPDATING for instructions.
      1855897b
  13. 16 Oct, 2008 1 commit
  14. 09 May, 2008 1 commit
    • Kevin Atkinson's avatar
      Make project approval mail truly anonymous. Also make membership · 503bb661
      Kevin Atkinson authored
      acceptance email truly anonymous.  A few other emails related to
      project membership are still not anonymous though.  New function
      AnonSENDMAIL in libtestbed which will try to make sure there is no
      trace of the current user in the mail sent.
      
      For now, stop sending membership approval related email to the project
      admin list since this will also go to testbed-approval.  There is also
      some code to remove testbed-approval from the proj-admin list after
      the acceptance email but this is disabled for now since some times people
      reply to the approval email.
      503bb661
  15. 24 Oct, 2007 1 commit
  16. 10 Sep, 2007 1 commit
  17. 21 Aug, 2007 1 commit
    • Leigh B. Stoller's avatar
      Another round of widearea node hacking for CMU. These changes add · 99346dc0
      Leigh B. Stoller authored
      widearea reloading support.
      
      * New slot in the images table to store an access key which remote
        sites must provide in order to download an image (via https).
      
      * tmcd returns a different kind of ADDRESS field from doloadinfo.
        Instead of the multicast stuff, return a URL that points to boss'
        web server. The URL is of the form:
      
         https://www.myemulab.net/spewimage.php?imageid=10013&access_key=abcdef
      
        which as you can see is fully specified; the client does not need
        to know anything else.
      
      * New webpage and backend scripts appropriately called "spewimage"
        which also includes support for the http HEAD request (from wget) to
        avoid downloading images that are already on the node. I just
        learned about this HEAD request stuff today ... but otherwise these
        operate as expected, spewing the image if the access key is provided.
      
      * Changes to rc.frisbee to deal with remote loading. In addition to
        URL support, I also added support for simple paths, the intent being
        that we will probably distribute images offline (say, at night) so
        that when a node reboots it doesn't actually have to wait 60 minutes
        for an image to download. I have not added any server side support
        for this yet though. Maybe later this week.
      
      * Other bits and pieces and fixes to make this work.
      99346dc0
  18. 17 Aug, 2007 1 commit
    • Leigh B. Stoller's avatar
      New widearea node checkin stuff for CMU. This stuff is quite a bit · f3f0fa98
      Leigh B. Stoller authored
      different then the original widearea code. Simpler, less dynamic.
      
      First off, the wanodecreate script creates a new widearea_nodeinfo
      entry.  These are nodes that will later checkin and be created as a
      real node.  The input is a little xml file that you can use to specify
      the stuff in the table entry (city, state, zip, etc). You can also
      provide a privkey (no more then 64 chars), or one will be generated
      for you.  For each one of these, create a Dongle Boot and stash the
      privkey as /etc/emulab/emulab-privkey on the dongle. You do not assign
      the IP address; the node will tell us that when it checks in.
      
      A node checks in like this:
      
      	https://$bossname/wanodecheckin.php?IP=$IP&privkey=$privkey
                     &hostname=$hostname
      
      The web page is simply a stub that makes sure the arguments don't have
      any illegal characters, and then passes off to the backend.
      
      The backend script checks the privkey and finds the widearea_nodeinfo.
      The first time the node checks in, the node is created (db/Node.pm)
      (nodes table, interfaces table, etc), and the node is moved to hwdown.
      Subsequent checkins watch for changes to the IP or hostname, and issue
      named_setup calls as needed.
      f3f0fa98
  19. 07 May, 2007 1 commit
    • Leigh B. Stoller's avatar
      Mostly this commit is the switch from SVN archives to ZIP archives. · 55d1bb6e
      Leigh B. Stoller authored
      Other stuff leaked in too ...
      
      I did separate out a lot of tbsetup/libArchive into db/Archive, and
      whats left in libArchive.pm will eventually move over into the
      Template library.
      
      Note that I have dropped archiving of plain experiments; this is not
      really owrth it outside the workbench context, and it just wastes
      space and makes a lot if stuff painful in the web interface.
      55d1bb6e
  20. 15 Feb, 2007 1 commit
  21. 22 Jan, 2007 1 commit
    • Leigh B. Stoller's avatar
      Add a setuid utility script that will chown a directory tree · 42e84c26
      Leigh B. Stoller authored
      (recursively) to the UID of the real user (not effective) user. The
      user must have write permission on the enclosing directory.
      
      Currently, this script is is called from the Archive code, when
      copying in files, to avoid permission errors when the current user is
      not the same as the previous user.
      
      This script can also be used from several other places that have
      exhibited similar directory permission problems.
      42e84c26
  22. 18 Jan, 2007 2 commits
  23. 14 Dec, 2006 1 commit
  24. 21 Nov, 2006 2 commits
  25. 25 Oct, 2006 1 commit
    • Leigh B. Stoller's avatar
      Makefile Whacking! Try to deal with the problem caused by the delay · 7590f9c5
      Leigh B. Stoller authored
      between when something is installed and when post-install runs. Short
      of a global lock (which we probably need anyway someday), my solution
      is this. In your makefiles, add these variables before the line that
      has the include of $(TESTBED_SRCDIR)/GNUmakerules:
      
      	SETUID_BIN_SCRIPTS   =
      	SETUID_SBIN_SCRIPTS  =
      
      I have added three new rules to GNUmakerules that look like this:
      
      	$(addprefix $(SBINDIR)/, $(SETUID_SBIN_SCRIPTS)): $(SBINDIR)/%: %
      		echo "Installing (setuid) $<"
      		-mkdir -p $(INSTALL_SBINDIR)
      		$(SUDO) $(INSTALL) -o root -m 4755 $< $@
      
      Yep, your eyes ain't lying to you; use sudo to run the target so that
      install does the right thing (which is that the old file is not
      replaced until the new one has the proper attributes on it).
      
      Note that post-install is still needed for the initial install, but
      should no longer be needed for day to day installs since all that other
      stuff post-install does is mkdir/chmod on directories.
      7590f9c5
  26. 05 Oct, 2006 1 commit
    • Leigh B. Stoller's avatar
      More work on "recording" template events. · e9607a77
      Leigh B. Stoller authored
      * New version of template_record just for ops, since so much is
        different about ops, not bothering to maintain a single version.
      
      * Various fixes to how the recorded events are stored and reconstituted.
        The big fix is to wrap them in a sequence to that they get fired
        properly (waiting for completion of previous event in recording).
      
      * New buttons to Pause and Continue event time, which is used when
        adding recorded events. This allows users to pause time while they
        "think" so when an event is recorded, the thinking time is not actually
        in the timeline. Eventually hope to figure this out automatically, but
        that will take some real, uh, thinking.
      
      * Add a new event editor (linked off the template page) that allows
        you to delete and change the recordings. Note that you can only edit
        the events at the template level; you cannot edit the events of an
        instance (swapped in experiment), and you can only edit the recorded
        events, not any other events. Not sure its useful to be able to do
        either of these yet, but probably not too hard to add at some point.
      e9607a77
  27. 12 Sep, 2006 1 commit
  28. 01 Jun, 2006 1 commit
    • Leigh B. Stoller's avatar
      Add suport for building per project, group, experiment DBs on ops. At · adbcfd47
      Leigh B. Stoller authored
      present the per-experiment stuff is not hooked in, but will be for
      templates later. Anyway, each user gets a mysql account on ops, with
      password set to the same as their mailman password (which is also
      their jabber password, etc). Each project gets a DB named by the
      project, and each group gets a DB named by pid,gid. Users are placed
      on the access lists for the DBs as you would expect.
      
      There is a little bit of complexity to make sure that we can create
      DBs on ops outside the Emulab path and grant access to them, without
      Emulab getting confused or mucking things up.
      
      I'll get a news item done ...
      adbcfd47
  29. 31 Jan, 2006 1 commit
    • Kirk Webb's avatar
      · fb36443f
      Kirk Webb authored
      Added trunk stats lookup (given a member port) to and added snmp-if-deref.sh
      to the CVS repo.
      fb36443f
  30. 15 Dec, 2005 1 commit
  31. 08 Nov, 2005 2 commits
  32. 07 Sep, 2005 1 commit
  33. 02 Sep, 2005 1 commit
  34. 30 Aug, 2005 1 commit
    • Leigh B. Stoller's avatar
      Some console support changes: · 43b978df
      Leigh B. Stoller authored
      * utils/spewconlog.in: New script to ssh to the host tipserver and cat
        the console log for a node. In admin mode cats the .log file, while
        in mere user mode, cats the .run file.
      
      * www/shownode.php3: Added a "Show Console Log" function.
      
      * www/showconlog.php3: New script to invoke spewconlog backend script
        and dump the console log to the user.
      43b978df
  35. 12 Jul, 2005 1 commit
  36. 07 Jul, 2005 1 commit
    • Leigh B. Stoller's avatar
      Oh, such a silly little project ... Added CVS support to Emulab. When · 9b17b075
      Leigh B. Stoller authored
      enabled in the defs file:
      
      	CVSSUPPORT=1
      
      each project gets a stub CVS tree created (using 'cvs init') in
      /proj/$pid/CVS. It is up to users obviously to do something with
      that tree, and of course they have to either set their CVSROOT
      env variable, or use the -d option to cvs.
      
      The showproject page gets a link to the per-project CVS tree, using
      the cvsweb interface, which I hacked up a bit to allow restricted
      access to specific project trees, via a ?pid=$pid argument to the URL.
      Without the ?pid argument, it falls back to normal behaviour, which is
      check the cvsallowed bit in the users table, and provide access to the
      Emulab source repo.
      
      If you are curious, go here:
      
      	https://www.emulab.net/cvsweb/cvsweb.php3/?pid=testbed
      9b17b075
  37. 22 Jun, 2005 1 commit
    • Leigh B. Stoller's avatar
      Added my simplistic link tracing and monitoring. Example usage and · 7942119e
      Leigh B. Stoller authored
      some details can be found in the advanced tutorial that I wrote up.
      See this link:
      
      http://www.emulab.net/tutorial/docwrapper.php3?docname=advanced.html#Tracing
      
      The basic idea is that each virt_lan entry gets a couple of new slots
      describing the type of tracing that is desired.
      
        traced tinyint(1) default '0',
        trace_type enum('header','packet','monitor') NOT NULL default 'header',
        trace_expr tinytext,
        trace_snaplen int(11) NOT NULL default '0',
        trace_endnode tinyint(1) NOT NULL default '0',
      
      There is a new physical table called "traces" that is a little bit
      like the current delays table. A new tmcd command returns the trace
      configuration to the client nodes (tmcd/common/config/rc.trace).
      
      The delays table got a new boolean called "noshaping" that tells the
      delay node to bridge, but not set up any pipes. This allows us to
      capture traffic at the delay node, but without much less overhead on
      the packets.
      
      The pcapper got bloated up to do packet capture and more event stuff.
      I also had to add some mutex locking around calls into the pcap
      library and around malloc, since the current setup used linuxthreads,
      which is not compatable with the standard libc_r library. I was
      getting all kinds of memory corruption, and I am sure that if someone
      breathes on the pcapper again, it will break in some new way.
      7942119e