GitLab

server. Apache does the client certificate verification, using CA
certs in /usr/testbed/etc/genicacerts, which will hold the CA certs of
all trusted peers. Currently, it has the cert for my elabinelab
experiment for testing.

into a new module called emdbi.pm, and reexport the symbol names back
out. This allows me to import just the db interface code to the Geni
modules I am writing, without having to drag in 4000 lines of other
crap that is Emulab specific. This change is invisible to the Emulab
code, although I did it without any perl exporter/importer magic
incantations; did it the old fashioned way.

constructed it is possible that assign will place the "lannode" on one
node and all the other interfaces on another node (trivial lan). This
is dealt with by the "virtpatch" code, that according to the comments,
"only Rob and Leigh understand." Wish that were true! Anyway, when
this happens, NewVirtIface never gets called with an underlying
physical interface (which signals it to set the current_speed on the
interface), so the current_speed is left at zero. Not good. So, in
PatchVirts (which installs the vinterfaces for that lannode), also set
the current_speed on the underlying phys interface.

This stuff is totally bizarre, certain to break some other special
case of the hundreds of special case in assign_wrapper.

Oh, the code was easy, but testing it was a pain since assign is so
random; it only rarely splits the lan up in the above manner.

authorized_keys file gets created.

and give appropriate log msgs.

our slice prefixes could be anything.  Thus, have to ensure non-root group
users can't overwrite /etc/slicename, and grab the slicename (also the
name of the user we allow to run vnodesetup, if not real root).  Ugh.

to the corresponding object at that PLC.

off plc,slice,nodegroup,node_id tuples, as appropriate).  Also add
support for sucking down plab nodegroups.

widearea_nodeinfo in support of widearea nodes that need their networks
to be configured statically.  Also the plab sync support for this, and a
sync bugfix.

ops.

to info in /etc/emulab/waconfig.  Pretty much like how planetlab does it
-- each node's dongle has to have a specific set of info.  The key
difference from plab is that widearea nodes that boot off dhcp don't have
to have this file -- if it doesn't exist, they do everything via dhcp and
then tmcc just like normal.

audit to look for projects with an admin/nonadmin mix.

DYNAMICROOTPASSWORDS config vaiables in tmcd. Also change the watchdog
to do nothing when DYNAMICROOTPASSWORDS=0.

config.h for tmcd.c

and non-admins in projects that have users in both categories (mostly
emulab-ops, tbres and testbed).  The new order says that if the
swapper of an active experiment is an admin, only other admins have
their accounts (and homedirs) propagated to the experiment.  Analogous
for non-admin experiments.

Add DYNAMICROOTPASSWORDS, default to true, which causes the root
passwords on emulab images to be changed each time they are allocated
to an experiment. This is to prevent the same password on every node
for years at a time!

(and vnodes). Each time a node is allocated to an experiment it gets a
new root password (using the node_attributes table). The watchdog has
a new section that resets the root password (defaults to hourly).  We
still using a common password in the image to avoid totally bricking
ourselves, but once a node boots into an experiment it gets a new root
password.

This prevents hundreds of nodes with the same password, and all of the
problems associated with that.

to the admin status of the swapper; only the accounts/mounts of users
with the same admin status will be returned.

experiments and visa-versa

returns the hash of the password that is stored in the DB (or
generates a new one if one does not exist, and then stores it). Bumped
the version number too since I added an interval for it to the
watchdoginfo command. This stuff can run on the server, does not
affect existing images.