a text field that says emulab,cloudlab, or aptlab.

identity. The credential is just a speaksfor for now, but this might
hold other kinds of credentials in the future.

(all versions).

support code.

Since GUIDs are 16 bytes and our current interface MACs are only 12 bytes,
I agonized over whether to grow the mac column to 16 bytes and just treat
it as a unique identifier (which is all we use that column for anyway).
However, in the end I just added a new guid column as there were mac columns
in a variety of other tables and it wasn't clear what the relationship was
and what I might break.

So, the newnode MFS will now report back a GUID for interfaces it recognizes
as IB (FreeBSD-specific right now). The boss-side checkin code with stash
that value in new_interfaces (and later interfaces when added). For possible
backward compat, it will also generate a MAC address from that (possibly
Mellanox-specific) so that all entries in the interfaces table will have
a MAC (yes, it should really be the other way around--all interfaces should
always have a guid).

End of story. We don't do anything else with IB right now other than stash
an interface GUID.

Hopefully, my last schema change related to images. If relocatable is not
set then an image must be loaded at the lba_low offset. If set, then the
image can be loaded at other offsets. Currently, all FBSD images are
relocatable courtesy of the relocation mechanism in imagezip (which can
fix up otherwise absolute offsets in an image). Sadly, Linux images are
not relocatable due to absolute block numbers in the grub partition
bootblock that we require. Ryan "taught" imagezip to relocate these, but
I need to find his changes.

Tracking this in the DB will eliminate the need to run imageinfo
from tmcd.

These are computed by imagedump for .ndz images. The plan is to
pass this info on to clients via tmcc so they can know the max disk
size required.

There will shortly be a utility to automatically update these values
when an image is created or updated. Stay tuned.

This differs from the current firewall support, which assumes a single
firewall for an entire experiment, hosted on a dedicated physical
node. At some point, it would be better to host the dedicated firewall
inside a XEN container, but that is a project for another day (year).

Instead, I added two sets of firewall rules to the default_firewall_rules
table, one for dom0 and another for domU. These follow the current
style setup of open,basic,closed, while elabinelab is ignored since it
does not make sense for this yet.

These two rules sets are independent, the dom0 rules can be applied to
the physical host, and domU rules can be applied to specific
containers.

My goal is that all shared nodes will get the dom0 closed rules (ssh
from local boss only) to avoid the ssh attacks that all of the racks
are seeing.

DomU rules can be applied on a per-container (node) basis. As
mentioned above this is quite different, and needed minor additions to
the virt_nodes table to allow it.

Emulab can now propagate OS taint traits on to nodes that load these OSes.
The primary reason for doing this is for loading images which
require special treatment of the node.  For example, an OS that has
proprietary software, and which will be used as an appliance (blackbox)
can be marked (tainted) as such.  Code that manages user accounts on such
OSes, along with other side channel providers (console, node admin, image
creation) can key off of these taint states to prevent or alter access.

Taint states are defined as SQL sets in the 'os_info' and 'nodes' tables,
kept in the 'taint_states' column in both.  Currently these sets are comprised
of the following entries:

* usermode: OS/node should only allow user level access (not root)
* blackbox: OS/node should allow no direct interaction via shell, console, etc.
* dangerous: OS image may contain malicious software.

Taint states are inherited by a node from OSes it loads during the OS load
process.  Similarly, they are cleared from nodes as these OSes are removed.
Any taint state applied to a node will currently enforce disk zeroing.

No other tools/subsystems consider the taint states currently, but that will
change soon.

Setting taint states for an OS has to be done via SQL presently.

* Add a .htaccess file that does the rewrites, instead of in the httpd
  confile file. Added Rob's stuff for rewriting urls to hide the .php
  although not sure this is working correctly yet.

* Add simple MyExperiments page so that logged in users can find their
  way back to running profiles.

* Move the DB table holding the running experiment records from the
  geni-sa DB into the main Emulab DB. Lots of little changes for that.

* Change logout to plain link instead of ajax call. That was a silly
  thing to do.

* Bug fixes to ssh keys and shell login from the status page.

and libraries. Rough, needs plenty more work.

start of a page to create new profiles, lots of other changes
and additions.

magic URLs that grant access to console lines.

We need lock/unlock to atomically check quotas.
The explicit IsUnlimited, SetUnlimited methods are to avoid a potentially
ambiguous convention (is no quota, unlimited? is a zero quota unlimited?)

We put the lease in this state while allocating the storage associated
with a dataset lease.

the same field in the users table, so that clients know to update
users.

What a mess.  Conflicts, syntax errors, the works conspired to keep this
from going in.

an option to initilo to gather the keys via the ILO's web XML
interface, and stick the result into the DB. Doing this, just in case
a node loses its keys (which actually happened at BBN).

To create a new descriptor that will be an import from EC2 (and thus
run under XEN), add ?ec2=1 to newimage_ez.php3. Eventually will link
it in someplace. The form will create a XEN based VM, but instead of
node to snapshot from, provide user@host for the EC2 instance.

On the image snapshot page, instead of node use user@host for the EC2
instance.

The backend script (create_image) will call over to ops and invoke
Srikanth's code. I have called that script ec2import-image.pl. See
create_image for how arguments are passed to the script.