1. 23 Sep, 2008 1 commit
  2. 22 Sep, 2008 2 commits
  3. 29 Aug, 2008 4 commits
    • Leigh B. Stoller's avatar
      16bccb22
    • Leigh B. Stoller's avatar
      abc77681
    • Leigh B. Stoller's avatar
      7d3a83a0
    • Leigh B. Stoller's avatar
      A set up small changes for GENI. · f28bbfa6
      Leigh B. Stoller authored
      * Hacky tmcd redirection. If the reserved table slot tmcd_redirect is
        set, return redirect spec that tells the client tmcc to drop the
        connection and retry the server at the new location, using the vnode
        id that is part of the redirection string. Note that tmcd_redirect
        is set on the remote emulab by the Geni startsliver code.
      
      * Neuter the privkey stuff that we require of remote nodes. In fact,
        its already only required for RON nodes, and rather then yet another
        exception, just kill it. It offers us nothing.
      
      * Neuter the ssl client verification. This is where we verify the
        client certificate has a CN field with the type of the node equal to
        type the DB says it is. This is also a pointless check since is
        offers us nothing additional; the client certificate already had to
        be signed by us. Tired of adding special cases to the code for each
        new node type.
      
      * Temporary neutering of the requirement that all remote nodes use ssl
        to talk to tmcd. The problem here is that remote nodes on other
        testbeds will not have the proper certificate on their images, and
        so they will not be able to talk to our tmcd. Since we do not return
        anything sensitive via tmcd, I have relaxed this requirement for
        now, and changed the check so that functions with newly added flag
        F_REMREQSSL will not be allowed unless it is ssl. For the protogeni
        code this will do since I only need a few things.
      
      * For tmcd on the remote testbeds, there is new code in doaccounts
        that will return accounts and ssh keys from the nonlocal users
        table.  This table is set up by the Geni libraries during sliver
        creation (from the registry entry for the slice).
      f28bbfa6
  4. 27 Aug, 2008 1 commit
  5. 22 Aug, 2008 1 commit
  6. 24 Jun, 2008 1 commit
  7. 30 May, 2008 1 commit
  8. 16 May, 2008 1 commit
  9. 16 Apr, 2008 1 commit
  10. 15 Apr, 2008 4 commits
  11. 07 Feb, 2008 1 commit
  12. 06 Feb, 2008 1 commit
  13. 31 Jan, 2008 1 commit
    • Leigh B. Stoller's avatar
      When looking for virtnodes on their physical nodes, look at the jailip · 904eda19
      Leigh B. Stoller authored
      in the nodes table if there is no match in the interfaces table. This
      is probably temporary until we get the vserver networking straightened
      out. Unlike jails, packets from vservers actually have the IP of the
      vserver as the src, not the physical host, but that does not
      correspond to anything in the interfaces table. This change lets me
      test things as they are now.
      904eda19
  14. 14 Jan, 2008 1 commit
  15. 10 Jan, 2008 2 commits
  16. 14 Sep, 2007 1 commit
    • Mike Hibler's avatar
      Fix some nits: · 84ef9202
      Mike Hibler authored
       * remove extra newline in bootwhat data
       * check command line for custom kernel in FBSD6 delay code
       * de-utahize a hostname lookup in ixpboot
      84ef9202
  17. 07 Sep, 2007 2 commits
  18. 23 Aug, 2007 2 commits
  19. 21 Aug, 2007 1 commit
    • Leigh B. Stoller's avatar
      Another round of widearea node hacking for CMU. These changes add · 99346dc0
      Leigh B. Stoller authored
      widearea reloading support.
      
      * New slot in the images table to store an access key which remote
        sites must provide in order to download an image (via https).
      
      * tmcd returns a different kind of ADDRESS field from doloadinfo.
        Instead of the multicast stuff, return a URL that points to boss'
        web server. The URL is of the form:
      
         https://www.myemulab.net/spewimage.php?imageid=10013&access_key=abcdef
      
        which as you can see is fully specified; the client does not need
        to know anything else.
      
      * New webpage and backend scripts appropriately called "spewimage"
        which also includes support for the http HEAD request (from wget) to
        avoid downloading images that are already on the node. I just
        learned about this HEAD request stuff today ... but otherwise these
        operate as expected, spewing the image if the access key is provided.
      
      * Changes to rc.frisbee to deal with remote loading. In addition to
        URL support, I also added support for simple paths, the intent being
        that we will probably distribute images offline (say, at night) so
        that when a node reboots it doesn't actually have to wait 60 minutes
        for an image to download. I have not added any server side support
        for this yet though. Maybe later this week.
      
      * Other bits and pieces and fixes to make this work.
      99346dc0
  20. 17 Aug, 2007 1 commit
    • Leigh B. Stoller's avatar
      Widearea support. · ea2cca4b
      Leigh B. Stoller authored
      * Add a bootwhat command that can be used instead of the bootinfo
        protocol, which is not appropriate for widearea cause its UDP. We
        lose the ability to have nodes "pxewait", but that is not actually
        necessary for widearea nodes since they are always allocated and up.
      
        Rather then duplicate code, I reorganized the bootinfo code so that
        I can link in the guts of it. There is some hackery to deal with the
        events that bootinfo sends, but so be it.
      
      * Initial support for setting up accounts for the CMU widearea nodes,
        adding yet another way to specify accounts for a node. In this case,
        its a new node_type_attributes slot called "project_accounts" that
        is a comma separated list of group idx's. This is just a temporary
        measure to make sure that accounts are always set up on the nodes,
        the way they are for RON nodes. This will all need to change since
        we want to also create accounts on the fly for people creating
        experiments using the virtual nodes on each widearea node, but I
        have not figured that part out yet.
      ea2cca4b
  21. 12 Jun, 2007 1 commit
  22. 04 May, 2007 1 commit
  23. 26 Apr, 2007 1 commit
    • Robert Ricci's avatar
      Changes proposed by Jason Shupe and Keith Sklower from DETER. Some of the · 733ebb12
      Robert Ricci authored
      relevant email:
      
      Date: Wed, 18 Apr 2007 21:20:37 -0700
      From: Jason Shupe <jshupe@ISI.EDU>
      To: Testbed Ops <testbed-ops@emulab.net>
      Subject: [patches] tmcd.c (Jason) and elabinelab.in (Keith)
      
      Included in this email are my description of the problem, and my patches
      to tmcd.c, followed by more descriptions of the problem and Keith's
      patch to elabinelab.in.  I apologize in advance for misquoting,
      changing and other wise abusing Keith's prose.
      
      An elab in elab experiment was started from the DeterTest project.  A
      simple inner experiment was then started from the emulab-ops project.
      During experiment swap in the program agent would fail to start.  If the
      same simple inner experiment was started under the DeterTest project or
      on the main testbed it would start normally.
      
      It turned out that Keith's account (among others) wasn't getting created
      on the inner experimental node.
      
      tmcd was only sending a subset of accounts to the experimental nodes.
      By digging through the database queries from tmcd.c I noticed one of the
      database responses contained a NULL in the g.unix_gid field.  By
      removing the only user from the emulab-ops sub group 'ops-test' it was
      then possible to successfully swap in the inner experiment.
      
      I've included two different versions of an untested tmcd.c patch.  Both
      versions include changes only to the mysql statement.  Both versions of
      the modified mysql statements were tested on the elab in elab database
      after the only member of emulab-ops was re-added to the 'ops-test'
      group.  Both queries returned all results of the original statements
      except the offending record with the 'NULL' value for g.unix_gid.
      
      The first patch directly excludes the offending record(s), and the
      second patch simple changes the _left join_'s to just _join_'s (Keith's
      suggestion) which also produces the same result for the data set tested.
      
      Ted reminded me that "is not NULL" is better than my initial "!='NULL'",
      which also produces the same results.  Other suggestions on this end
      include specifically using "inner join", and to use both "inner join"
      and "is not NULL".
      
      Date: Tue, 24 Apr 2007 14:44:08 -0700
      From: Leigh Stoller <stoller@flux.utah.edu>
      Subject: Re: [patches] tmcd.c (Jason) and elabinelab.in (Keith)
      
      Well, unix_gid is not supposed to be null, so we should fix that problem
      instead, I would think.
      
      Date: Wed, 25 Apr 2007 00:35:30 -0700 (PDT)
      From: Keith Sklower <sklower@vangogh.CS.Berkeley.EDU>
      Subject: Re: [Deter-ops] [patches] tmcd.c (Jason) and elabinelab.in (Keith)
      
      It became null because of using an outer join instead of an inner join.
      
      I'll repeat the condition:
      1.) the DETER emulab-ops has subgroups
      2.) the inner elab group membership table and references to a group
          which was not inherited from the outer boss [pid=emulab-ops,
          gid=test-grup, uid=jhickey]
      
      So, my initial proposal was to be a bit tidier in specifying what
      group membership entries should be subsetted.
      
      (the was a phrase which intended to catch the group membership
      for anybody currently active in emulab-ops, but it was too encompassing).
      
      Date: Wed, 25 Apr 2007 13:15:51 -0600
      From: Robert P Ricci <ricci@cs.utah.edu>
      Subject: Re: [Deter-ops] [patches] tmcd.c (Jason) and elabinelab.in (Keith)
      
      I guess, then, I will commit both proposed changes to tmcd - both to
      make the existing join more 'correct', and to guard against other ways
      (ie. bad/inconsistent DB state) the gid might show up as null.
      733ebb12
  24. 16 Apr, 2007 1 commit
    • Mike Hibler's avatar
      Make sure exptidx gets properly recorded in the port_registration table. · b86a004b
      Mike Hibler authored
      Previously it was not being filled in and would wind up '0'.  Since it was
      part of the primary key along with the service, this basically meant that
      only one experiment at a time could successfully use the sync-server; i.e.,
      only one could have (0, 'emulab-syncd') as their primary key.
      b86a004b
  25. 12 Apr, 2007 1 commit
    • Mike Hibler's avatar
      Fix an incorrect error return in a seldom used DB routine. · ae097403
      Mike Hibler authored
      Also, attempt reconnect once if DB access fails:
      >               /*
      >                * Try once to reconnect.  In theory, the caller (client)
      >                * will retry the tmcc call and we will reconnect and
      >                * everything will be fine.  The problem is that the
      >                * client may get a different tmcd process each time,
      >                * and every one of those will fail once before
      >                * reconnecting.  Hence, the client could wind up failing
      >                * even if it retried.
      >                */
      ae097403
  26. 23 Mar, 2007 2 commits
  27. 22 Mar, 2007 1 commit
  28. 01 Mar, 2007 1 commit
    • Leigh B. Stoller's avatar
      A change for Dave that we discussed a couple of months back and · 01cb437a
      Leigh B. Stoller authored
      yesterday Dave said he needs it now.
      
      Currently the accounts that are returned to ron nodes are determined
      by looking for the node type in the pcremote_ok slot of the projects
      table. There is no per-user subgroup setting; everyone gets the group
      of their project.
      
      Dave needs to be able to assign remote users to specific subgroups
      within a variety of projects, and I did not want to hack up the
      pcremote_ok mechanism any further. So, new way to do this, that might
      replace pcremote_ok at some point, but for now will just override it.
      
      I am using the node_attributes table to drive what groups get
      installed, and thus what users get accounts and a grouplist.
      
      	inset into node_attributes values
      	           ('ronXXX', "dp_projects", "10000,10001,...");
      
      where the group list is specified as a list of gid_idx's. This works
      out very nicely cause I can use a subquery and FIND_IN_SET clause, and
      so the changes to tmcd where actually pretty easy.
      01cb437a
  29. 19 Feb, 2007 1 commit