1. 11 Jan, 2011 1 commit
    • Mike Hibler's avatar
      More work toward getting this working on subboss. · 8d80301e
      Mike Hibler authored
      More work on the hierarchical configuration for subboss. When doing host-based
      authentication, allow client to pass an explicit host (IP) to the mserver.
      If the mserver is configured to allow it, that IP is used for authenticating
      the request instead of the caller's IP. Add a default ("null") configuration
      so the mserver can operate out-of-the-box with no config file. The goal of
      these two changes is for an mserver instance with the default config and a
      proxy option to serve the needs of a subboss node (i.e., so no explicit
      configuration will be needed).
  2. 16 Nov, 2010 1 commit
    • Kevin Atkinson's avatar
      Add support for all node "tb-set-tarfiles". · a0d0c95e
      Kevin Atkinson authored
      "tb-set-tarfiles" is like "tb-set-node-tarfiles" except that it
      distributes the tarfile to all nodes rather than just one and that it
      uses frisbee to distribute the file.
      These changes involved 1) refactoring frisbee info from images table
      into a new table, frisbee_blobs, 2) a new experiment_blobs table, and
      3) a new tmcd command so the node knows how to get the files from the
      The changes where designed to be general purpose enough to eventually
        1) Distributing arbitrary files (not just tarfiles) to nodes
        2) Perform arbitrary actions on those files
        3) Use arbitrary methods to get the files
      As such the tmcd line is as follows:
        URL=* ACTION=*
      where URL is currently:
      for example
      and when we get around to using a master Frisbee server it could be
      or it could be a file://, http://, etc.
      and ACTION is currently:
      for example
      with future syntax to be determined.
  3. 12 Nov, 2010 1 commit
  4. 09 Nov, 2010 2 commits
  5. 20 Oct, 2010 1 commit
    • Mike Hibler's avatar
      Support for no shared filesystem (unsupport for shared filesystem?) and · c1c1bce2
      Mike Hibler authored
      (eventual) support for NFS servers without race conditions!
      This means no NFS between nodes and ops/fs. There are still NFS mounts of
      ops on boss however.
      Added new defs-* variable NOSHAREDFS, which when set non-zero will disable
      the export of NFS filesystems to nodes.  Involved lots of little changes:
       * /users, /proj, and /share filesystems are not exported to nodes.
       * Returned mount info now includes an FSTYPE key which will be set to "LOCAL"
         if NOSHAREDFS is in effect (by default it is set to "NFS-RACY"; more on
         this later).  In the case where it is set to LOCAL, the other mount lines
         no longer contain REMOTE=foo settings.  Because of this change,
       * The client rc.mounts script will now create local versions of /users/*,
         /proj/<pid>, and /share when FSTYPE=LOCAL.  It first runs mkextrafs to
         create a large partition for these, since someday we will likely want
         to pre-populate these with a non-trivial amount of data.  Right now,
         the only thing that is put in the user's homedir is the standard dotfiles
         for the OS and the Emulab authorized_keys file (so you can login).
       * Linktest had to be modified to fetch the various results files (via
         loghole) rather than just assuming they were in /proj.  And also changed
         to invoke tevc with the local copy of the event key so it won't try to
         read it over NFS.
       * create_image was modified to ssh to the node and run the imagezip
         command, capturing the output of ssh.  This is controlled via the "-s"
         option which defaults to on for a NOSHAREDFS system, but can also be
         used on a normal system.
       * elabinelab's can be configured with/without a shared FS via the
         CONFIG_SHAREDFS attribute (note polarity change) which defaults to 1.
      Another new defs-* variable, NFSRACY, will some day allow you to specify
      (by setting to 0) that your NFS server does NOT have the nefarious mountd
      race condition when changing /etc/exports.  Currently, this defaults to 1
      since all versions of FreeBSD supported as an "fs" node have this "feature."
      Rumor has it that FreeBSD 8 does not have this problem nor, presumably,
      would a Linux NFS server.
      The only use of this variable right now is to set the FSTYPE returned by the
      tmcd "mounts" call, which in turn is used by one client script, rc.topomap
      (via a libsetup function) to determine whether it should try copying
      the topo file multiple times.
      Random: add python2.6 to list of python's checked for in configure.
      Random: resync defs-example-privatecnet with defs-example.
      Random: did a little code-pissin here and there.
  6. 18 Oct, 2010 1 commit
  7. 12 Oct, 2010 1 commit
    • Cody Cutler's avatar
      This reverts commit 0450a43c. · 4cbd3447
      Cody Cutler authored
      This patch added a bunch of NULL checks throughout TMCD.  While most of
      the NULL checks did handle it properly some didn't, so I'd rather leave
      it all be and let it be fixed properly later.
      Such a patch shouldn't be snuck in with all the TDLS changes, anyway.
  8. 11 Oct, 2010 1 commit
  9. 29 Sep, 2010 1 commit
  10. 31 Aug, 2010 1 commit
  11. 23 Aug, 2010 1 commit
  12. 03 Aug, 2010 1 commit
  13. 14 Jul, 2010 1 commit
  14. 23 Jun, 2010 1 commit
  15. 22 Jun, 2010 1 commit
  16. 16 Jun, 2010 1 commit
  17. 11 Jun, 2010 1 commit
  18. 28 May, 2010 2 commits
  19. 26 May, 2010 1 commit
    • Cody Cutler's avatar
      Roll my own ASCII to binary conversion and put quote size back to 1024 · 3a97b620
      Cody Cutler authored
      sscanf() with "%2x" requires an unsigned int * and writes sizeof(int) to
      the pointer.  I made my own conversion because we were writing NULLs to
      neighbor strings since we were passing characters to sscanf() and the
      remaining three bytes were 00.  I feel there must be a library function
      to do this two character ASCII to byte conversion though.
      I forgot that the quote would be written in ASCII so I have to double
      quote's size.
  20. 25 May, 2010 2 commits
  21. 24 May, 2010 2 commits
    • Robert P Ricci's avatar
      Small bugfixes · f0b88b9e
      Robert P Ricci authored
    • Robert Ricci's avatar
      Beginnings of an 'imagekey' command · 28eef73c
      Robert Ricci authored
      Returns the decryption key for an image from a new database
      Requires TPM client authentication, and requires that the node
      be in the correct (currently hardcoded) state, which requires
      a TPM quote to get into.
  22. 22 May, 2010 1 commit
    • Cody Cutler's avatar
      Fix a bunch of NULL pointers · 0450a43c
      Cody Cutler authored
      strncmp and sscanf will segfault if you give them a NULL pointer.  This
      patch doesn't really change behavior but we shouldn't really be
      If anything it logs an error message instead of mysteriously dying with
      "status 11"!
  23. 21 May, 2010 8 commits
  24. 20 May, 2010 3 commits
  25. 19 May, 2010 2 commits
  26. 18 May, 2010 1 commit
    • Robert P Ricci's avatar
      First cut at 'quoteprep' tmcd command · 0d749155
      Robert P Ricci authored
      This command is for TPM secure booting, and does three things:
      1) Figures out what sets of PCRs a node is supposed to include in
         its quote to get to the given state
      2) Gives the node its (encrypted) identity key for use in generating
         the quote
      3) Generates a noce for replay prevention, stores it in the database,
         and passes it back to the client
      This version compiles, but it totally untested, so I'm sure it doesn't
      work yet. I haven't added the database modifications to the schema file
      yet, since it's not certain that I've got 'em right.