1. 17 Nov, 2017 1 commit
  2. 16 Nov, 2017 1 commit
    • David Johnson's avatar
      Add support for Arch Linux. · f797a96b
      David Johnson authored
      This is pretty minimal "support", but it is working.  I have some
      uncommitted fixes for event/linktest/iperf, however, as mentioned in
      issue #351.
      f797a96b
  3. 15 Nov, 2017 2 commits
    • Elijah Grubb's avatar
      Built out emulabizatization of docker alpine · 134e809f
      Elijah Grubb authored
      The organization of the code follows the guidelines set by the
      ubuntu version extremely closely. Big differences to notice are
      some of the package name changes switching from apt-get to apk,
      the requirement of the --disable-ssl flag when running the configure
      command for pubsub and the methodology required to build a custom
      apk package to use our custom runit. Apk has lots of issues and
      argues against building a new .apk package as root, so
      runit-artifacts.sh creates a new user, gives them super user permissions,
      adds them to the abuild group and runs the runit-packager.sh script
      as this new user. Design of this solution was focused on doing as
      much as possible while remaining in root. Enjoy!
      134e809f
    • Mike Hibler's avatar
      Remove old /etc/rsyslog.d/60-emulab when installing. · 4217aaa0
      Mike Hibler authored
      Replaced by 40-emulab.
      4217aaa0
  4. 14 Nov, 2017 1 commit
  5. 10 Nov, 2017 1 commit
  6. 09 Nov, 2017 1 commit
  7. 08 Nov, 2017 1 commit
  8. 07 Nov, 2017 1 commit
  9. 06 Nov, 2017 1 commit
  10. 02 Nov, 2017 1 commit
  11. 27 Oct, 2017 4 commits
  12. 26 Oct, 2017 1 commit
  13. 24 Oct, 2017 1 commit
    • David Johnson's avatar
      Add Docker serial console support. · 6f546d14
      David Johnson authored
      We do this similarly to Xen.  There's a new script (container2pty.py)
      that attaches to the Docker container, via the docker daemon, and
      exports its stdio as a pty.  Then we run capture on a symlink to that
      pty.  New options to capture tell it to keep retrying to open the pty
      maxretries times (we invoke with infinitely many retries); and to not
      prepend /dev to the device string.
      6f546d14
  14. 20 Oct, 2017 1 commit
  15. 11 Oct, 2017 1 commit
    • Mike Hibler's avatar
      Set the --port=P argument even on grub1. · ea2870b2
      Mike Hibler authored
      Not sure why I singled out grub1 to not add that argument, it is
      documented to work and does. By not setting it, old CentOS images
      that used grub1 would hang at boot time for > 5 minutes causing a
      stated timeout and reboot. Once stated had tried that 3 times, it
      would stop doing the reboot and eventually the node would come up.
      
      I have no idea why it was hanging unless the console output was
      going to the real serial port (com1) and that was either generating
      garbage input causing grub to go interactive or causing output to
      block.
      ea2870b2
  16. 10 Oct, 2017 1 commit
  17. 05 Oct, 2017 6 commits
  18. 24 Sep, 2017 1 commit
  19. 23 Sep, 2017 1 commit
  20. 29 Aug, 2017 3 commits
    • Mike Hibler's avatar
      43e189bb
    • Mike Hibler's avatar
      FreeNAS 11 support. · fa0b9a11
      Mike Hibler authored
      No more hacky python proxy to the old django interface! No longer needed,
      as the REST API now covers everything we do. Even if we wanted to keep
      around the old API stub, it would need work as FreeNAS has switched to
      python 3 and many of the old API python modules are gone or renamed.
      fa0b9a11
    • Mike Hibler's avatar
      Fix an ambiguous RE. · 9d887325
      Mike Hibler authored
      If one blockstore name was a subset of another (e.g., "foo" vs. "foo2")
      then the check code could get confused and not mount some iSCSI blockstores.
      9d887325
  21. 26 Aug, 2017 2 commits
  22. 07 Aug, 2017 1 commit
    • Dan Reading's avatar
      Issue #316 emulab/emulab-devel · c5ce9d4c
      Dan Reading authored
      In checknode code for FreeBSD don't check the /dev/ad* device if it is a symlink.
      [I think the a error in the test command for -c]
      c5ce9d4c
  23. 03 Aug, 2017 1 commit
  24. 26 Jul, 2017 1 commit
    • Mike Hibler's avatar
      Support for per-experiment root keypairs (Round 1). See issue #302. · c6150425
      Mike Hibler authored
      Provide automated setup of an ssh keypair enabling root to login without
      a password between nodes. The biggest challenge here is to get the private
      key onto nodes in such a way that a non-root user on those nodes cannot
      obtain it. Otherwise that user would be able to ssh as root to any node.
      This precludes simple distribution of the private key using tmcd/tmcc as
      any user can do a tmcc (tmcd authentication is based on the node, not the
      user).
      
      This version does a post-imaging "push" of the private key from boss using
      ssh. The key is pushed from tbswap after nodes are imaged but before the
      event system, and thus any user startup scripts, are started. We actually
      use "pssh" (really "pscp") to scale a bit better, so YOU MUST HAVE THE
      PSSH PACKAGE INSTALLED. So be sure to do a:
      
          pkg install -r Emulab pssh
      
      on your boss node. See the new utils/pushrootkeys.in script for more.
      
      The public key is distributed via the "tmcc localization" command which
      was already designed to handle adding multiple public keys to root's
      authorized_keys file on a node.
      
      This approach should be backward compatible with old images. I BUMPED THE
      VERSION NUMBER OF TMCD so that newer clients can also get back (via
      rc.localize) a list of keys and the names of the files they should be stashed
      in. This is used to allow us to pass along the SSL and SSH versions of the
      public key so that they can be placed in /root/.ssl/<node>.pub and
      /root/.ssh/id_rsa.pub respectively. Note that this step is not necessary for
      inter-node ssh to work.
      
      Also passed along is an indication of whether the returned key is encrypted.
      This might be used in Round 2 if we securely implant a shared secret on every
      node at imaging time and then use that to encrypt the ssh private key such
      that we can return it via rc.localize. But the client side script currently
      does not implement any decryption, so the client side would need to be changed
      again in this future.
      
      The per experiment root keypair mechanism has been exposed to the user via
      old school NS experiments right now by adding a node "rootkey" method. To
      export the private key to "nodeA" and the public key to "nodeB" do:
      
          $nodeA rootkey private 1
          $nodeB rootkey public 1
      
      This enables an asymmetric relationship such that "nodeA" can ssh into
      "nodeB" as root but not vice-versa. For a symmetric relationship you would do:
      
          $nodeA rootkey private 1
          $nodeB rootkey private 1
          $nodeA rootkey public 1
          $nodeB rootkey public 1
      
      These user specifications will be overridden by hardwired Emulab restrictions.
      The current restrictions are that we do *not* distribute a root pubkey to
      tainted nodes (as it opens a path to root on a node where no one should be
      root) or any keys to firewall nodes, virtnode hosts, delay nodes, subbosses,
      storagehosts, etc. which are not really part of the user topology.
      
      For more on how we got here and what might happen in Round 2, see:
      
          #302
      c6150425
  25. 12 Jul, 2017 3 commits
  26. 10 Jul, 2017 1 commit