1. 17 Nov, 2017 1 commit
  2. 26 Jul, 2017 1 commit
    • Mike Hibler's avatar
      Support for per-experiment root keypairs (Round 1). See issue #302. · c6150425
      Mike Hibler authored
      Provide automated setup of an ssh keypair enabling root to login without
      a password between nodes. The biggest challenge here is to get the private
      key onto nodes in such a way that a non-root user on those nodes cannot
      obtain it. Otherwise that user would be able to ssh as root to any node.
      This precludes simple distribution of the private key using tmcd/tmcc as
      any user can do a tmcc (tmcd authentication is based on the node, not the
      user).
      
      This version does a post-imaging "push" of the private key from boss using
      ssh. The key is pushed from tbswap after nodes are imaged but before the
      event system, and thus any user startup scripts, are started. We actually
      use "pssh" (really "pscp") to scale a bit better, so YOU MUST HAVE THE
      PSSH PACKAGE INSTALLED. So be sure to do a:
      
          pkg install -r Emulab pssh
      
      on your boss node. See the new utils/pushrootkeys.in script for more.
      
      The public key is distributed via the "tmcc localization" command which
      was already designed to handle adding multiple public keys to root's
      authorized_keys file on a node.
      
      This approach should be backward compatible with old images. I BUMPED THE
      VERSION NUMBER OF TMCD so that newer clients can also get back (via
      rc.localize) a list of keys and the names of the files they should be stashed
      in. This is used to allow us to pass along the SSL and SSH versions of the
      public key so that they can be placed in /root/.ssl/<node>.pub and
      /root/.ssh/id_rsa.pub respectively. Note that this step is not necessary for
      inter-node ssh to work.
      
      Also passed along is an indication of whether the returned key is encrypted.
      This might be used in Round 2 if we securely implant a shared secret on every
      node at imaging time and then use that to encrypt the ssh private key such
      that we can return it via rc.localize. But the client side script currently
      does not implement any decryption, so the client side would need to be changed
      again in this future.
      
      The per experiment root keypair mechanism has been exposed to the user via
      old school NS experiments right now by adding a node "rootkey" method. To
      export the private key to "nodeA" and the public key to "nodeB" do:
      
          $nodeA rootkey private 1
          $nodeB rootkey public 1
      
      This enables an asymmetric relationship such that "nodeA" can ssh into
      "nodeB" as root but not vice-versa. For a symmetric relationship you would do:
      
          $nodeA rootkey private 1
          $nodeB rootkey private 1
          $nodeA rootkey public 1
          $nodeB rootkey public 1
      
      These user specifications will be overridden by hardwired Emulab restrictions.
      The current restrictions are that we do *not* distribute a root pubkey to
      tainted nodes (as it opens a path to root on a node where no one should be
      root) or any keys to firewall nodes, virtnode hosts, delay nodes, subbosses,
      storagehosts, etc. which are not really part of the user topology.
      
      For more on how we got here and what might happen in Round 2, see:
      
          #302
      c6150425
  3. 29 Apr, 2017 1 commit
  4. 24 Apr, 2017 2 commits
    • David Johnson's avatar
      Clientside Docker vnode support. · 96794781
      David Johnson authored
      See clientside/tmcc/linux/docker/README.md for design notes.
      See clientside/tmcc/linux/docker/dockerfiles/README.md for a description
      of how we automatically Emulabize existing Docker images.
      
      Also, this mostly fits within the existing vnodesetup path, but I did modify
      mkvnode.pl to allow the libvnode backend to provide a vnodePoll wait
      loop instead of the builtin vnodeState loop.
      96794781
    • David Johnson's avatar
      Move fromtopo out of rc.hostnames to genhostslistfromtopo in libsetup.pm. · 3a9765aa
      David Johnson authored
      This allows other callers than rc.hostnames (i.e. docker clientside) to
      generate the hostname list for an experiment.
      3a9765aa
  5. 17 Jan, 2017 1 commit
    • Mike Hibler's avatar
      Implement heartbeat/status reports in Frisbee. · 2be46ba4
      Mike Hibler authored
      There are three pieces here, a change to the frisbee protocol itself, an
      Emulab event component to get status back to the portal, and the surrounding
      infrastructure to make it all work.
      
      Frisbee heartbeat messages:
      
      Added a new message type to the frisbee protocol, "Progress". In theory it
      operates by having the server send a multicast progress request to its clients
      which includes an interval at which to report (or "just once") and an
      indication of what to report (nothing, progress summary, or full stats). The
      client then sends unicast "fire and forget" UDP replies according to that
      schedule. However, I took a shortcut for the moment and just added a command
      line option to the client to tell it to report a summary at the indicated
      interval (-H <interval>).  So the server never sends requests.
      
      This is implemented in the client by a fourth thread since I wanted it to
      operate independent of packet reception (which would cause clients to report
      in a highly synchronized fashion due to multicast). The server instance just
      logs progress reports into its log.
      
      This protocol addition should be fully backward compatible as both client and
      server ignore (but log) unknown messages.
      
      Emulab progress report events:
      
      When this is compiled in (-DEMULAB_EVENTS) and turned on (-E <server>), the
      frisbee server instances will send a FRISBEEPROGRESS event to the indicated
      event server for every progress report it receives (in addition to logging the
      events to its own log). Right now it will create an event with key/value pairs
      for the information in a client summary reply:
      
      TSTAMP is the client's time at which it sends the event. Could be used by the
      received to determine latency of the report if it cared (and if it assumed
      that the clocks are in sync). We don't care about this.
      
      SEQUENCE is the report number. Again, could be used by the receiver, in this
      case to detect loss, if it cared. We don't.
      
      CHUNKS_RECV is complete chunks that the client has received from the network.
      CHUNKS_DECOMP is chunks decompressed by the client.  BYTES_WRITTEN is bytes
      written to disk by the client.
      
      Any of the three can be used by the event receiver as an indication of life
      and/or progress. However, only the last would be a reasonable indicator of
      time remaining since it is the last (and slowest) phase of imaging. To
      estimate time remaining we could compare that value to the amount of
      uncompressed data that is in the image. This makes the sketchy assumptions
      that time for writes to the disk are uniform and that the number and distance
      of seeks is uniform, but it is better than a sharp stick in the eye.
      
      Emulab infrastructure:
      
      There is a new sitevar "images/frisbee/heartbeat" which can be set to a
      non-zero value to tell the frisbee MFS to fire off frisbee with -H <value>
      and thus make reports. The default value of zero means to not make reports.
      The tmcd "loadinfo" command sends this through via the HEARTBEAT=<value>
      param.
      
      REQUIRED A TMCD VERSION BUMP TO 41.
      2be46ba4
  6. 11 Oct, 2016 1 commit
    • David Johnson's avatar
      Let experimenters customize prepare, and interface and hosts file setup. · dd4c67d0
      David Johnson authored
      The prepare script now supports pre and post hooks.  It runs all hooks
      in rc order, from the DYNRUNDIR/prepare.pre.d and BINDIR/prepare.pre.d
      dirs (rc order in this case is the BSD order, or my version of it ---
      any file prefixed with a number is run in numeric order; other files are
      run sorted alphabetically following numeric files).  Post hooks are in
      prepare.post.d, and are run at the end of prepare.
      
      (DYNRUNDIR is always /var/run/emulab .  STATICRUNDIR is usually
      /etc/emulab/run but could be /etc/testbed/run, depending on the
      clientside installation.)
      
      We now allow users to override our default interface configuration --
      and if they do, and tell us about it by writing a file in either
      $DYNRUNDIR or $STATICRUNDIR named interface-done-$mac , we will not
      attempt to configure it, and will assume they have done it!  If they are
      nice to us and write
        $iface $ipaddr $mac
      into the file, we will parse that and put it into the @ifacemap and
      %mac2iface structures in doboot().  We do *not* attempt to provide them
      the ifconfig info in env vars or anything; they have to grok our
      ifconfig file format, in all its potential glory.
      
      We read the hosts.head file(s) from /etc, DYNRUNDIR, and STATICRUNDIR,
      and prepend them to our Emulab hosts content.  Then, we append the
      content of the hosts.tail file(s) from /etc, DYNRUNDIR, and STATICDIR
      --- and that file becomes the new /etc/hosts file.
      
      getmanifest() has become getrcmanifest() to avoid confusion with the
      GENI manifest.  Also, it now supports local manifests embedded in the
      filesystem from $DYNRUNDIR and $STATICRUNDIR (priority is manifest from
      exp, then DYNRUNDIR, then STATICRUNDIR).  All manifests read and
      applied.  Local manifests may also reference local files instead of blob
      ids, of course.  It is important to support local manifests so that
      experimenters can hook our services by default in the disk image.
      dd4c67d0
  7. 04 Oct, 2016 1 commit
  8. 20 Sep, 2016 1 commit
    • Mike Hibler's avatar
      Initial support for ephemeral RW clones of persistent blockstores. · f98ab0e5
      Mike Hibler authored
      Using "set-rwclone" ala:
      
          set $bsobj [$ns blockstore]
          $bsobj set-lease "emulab-ops/bar"
          $bsobj set-node $node
          $bsobj set-rwclone 1
          ...
      
      in your NS file will create a clone of the indicated persistent blockstore.
      
      Somewhat limited in utility since you can only have one clone of a
      particular blockstore per experiment.
      f98ab0e5
  9. 12 Sep, 2016 1 commit
  10. 11 Aug, 2016 1 commit
    • Mike Hibler's avatar
      Linux firewall fixes inspired by Richard. · d54da568
      Mike Hibler authored
       * If firewall setup fails, don't fail completely open! Instead all full
         access to/from the firewall, but block all access to/from inside nodes.
       * Sort the rules by rule number so that user added rules get put in the
         correct place.
       * Fix the rules template for iptables so that user rules get inserted
         into an appropriate location.
       * Fix a bug in the anti-spoofing rules that would prevent any access from
         outside to the inside nodes.
      d54da568
  11. 08 Apr, 2016 1 commit
  12. 07 Apr, 2016 1 commit
  13. 30 Nov, 2015 1 commit
  14. 02 Sep, 2015 1 commit
  15. 06 Mar, 2015 1 commit
  16. 05 Mar, 2015 1 commit
  17. 01 Feb, 2015 1 commit
  18. 09 Oct, 2014 1 commit
    • Mike Hibler's avatar
      Rework client-side storage scripts to semi-coexist with mkextrafs uses. · 9cf8f9c6
      Mike Hibler authored
      Broke rc.storage into two phases, local blockstores and remote blockstores.
      Setup of the former will also pick a best candidate for an old-school
      "extrafs" and put the info in /var/emulab/boot/extrafs. This will be a
      single line with one of DISK=foo, PART=foo, or FS=foo depending on whether
      it found an available full disk, disk partition, or mounted filesystem
      that we can use for mkextrafs (in the first two cases) or where we can
      mooch off of (the last). This is only used in os_mountextrafs() right now;
      i.e., I have NOT changed the mkextrafs script. So explicit invocations
      by the user could still screw things up.
      
      I have tested this with local blockstores and a non-nfs experiment
      on both Linux and FreeBSD to make sure the most common sharing of space
      works. I have not made any new images and I have not yet tested to make
      sure I did not break non-blockstore, non-nfs experiments (i.e., where
      we really should run mkextrafs).
      
      So maybe don't make any new images til I get back, or else be prepared
      to clean up after me.
      9cf8f9c6
  19. 25 Jul, 2014 1 commit
  20. 07 May, 2014 1 commit
    • Mike Hibler's avatar
      Introducing TMCD version 38! Returns additional "loadinfo" info. · 4a8604b1
      Mike Hibler authored
      New loadinfo returns:
      
      IMAGELOW, IMAGEHIGH: range of sectors covered by the image.
          This is NOT the same as what imageinfo or imagedump will show.
          For partition images, these low and high values are adjusted
          for the MBR offset of the partition in question. So when loading
          a Linux image, expect values like 6G and 12G. The intent here
          (not yet realized) is that these values will be used to construct
          an MBR/GPT on the fly, rather than using hardcode magic MBR versions.
          You can get the uncompressed size of the image with (high - low + 1).
      
      IMAGESSIZE: the units of the low/high values.
          Always 512 right now, may be 4096 someday.
      
      IMAGERELOC: non-zero if the image can be placed at an offset other
          than IMAGELOW (i.e., it can be relocated). This may or may not
          prove useful for dynamic MBR construction...we will see.
      
      Probably didn't need to bump the version here, but I am playing it safe.
      4a8604b1
  21. 19 Mar, 2014 1 commit
    • Mike Hibler's avatar
      get FreeBSD firewall working with vnodes. · 650adc28
      Mike Hibler authored
      Firewall needed to be taught about the vnode control net (172.16.0.0).
      Basic stuff works now. Haven't tested everything.
      
      Unrelated to this commit, the Linux firewall seems to be broken.
      No traffic flows between the inside and outside even in an "open"
      configuration. Needs investigation.
      650adc28
  22. 27 Feb, 2014 1 commit
  23. 06 Dec, 2013 1 commit
  24. 24 Sep, 2013 1 commit
  25. 22 Jul, 2013 1 commit
  26. 28 Jun, 2013 1 commit
  27. 09 May, 2013 1 commit
  28. 08 May, 2013 1 commit
    • Mike Hibler's avatar
      First round of client-side support for node-local storage "slices". · c1d21b9a
      Mike Hibler authored
      Supports the three coarse-grained placements we decided on:
      
        "SYSVOL" is special. You can declare a single blockstore with this
             placement and it will create a "native" (ufs/ext) filesystem on
             the 4th partition of the boot disk. This is how you create an
             extra storage partition that can be captured in a custom image.
             We don't use a volume manager here because imagezip doesn't
             recognize any of them (lvm, zfs, vinum).
      
        "ANY" coalesces all "available" storage from all disks into a logical
              volume manager pool and dishes out storage from that for
              individual blockstores. Typically this would include, the 4th
          partition of the boot disk (if not in use) and the second hard
          drive. If the machine has more than 2 drives, it will include
          all the extra drives.
      
        "NONSYSVOL" coalesces all "available" storage that is NOT on the
             boot disk into a logical volume manager pool and dishes out
             storage from that for individual blockstores. This case is if
             you want to avoid interfere with the system disk.
      
      Only implemented on FreeBSD 8/9 with "vinum" right now. It only creates
      "concat" (JBOD) volumes right now.
      
      This stuff will probably get split out into its own perl module(s) at
      some point, as it is getting large.
      
      Next up is LVM on Linux and then maybe ZFS on Freebsd.
      c1d21b9a
  29. 02 Apr, 2013 1 commit
  30. 27 Feb, 2013 4 commits
  31. 14 Feb, 2013 1 commit
  32. 05 Feb, 2013 1 commit
    • Kirk Webb's avatar
      Move storageconfig fetch/parse code to libsetup. · 53813c8e
      Kirk Webb authored
      Create "getstorageconfig" call in libsetup, following the tradition with
      other tmcc information fetching routines.  It's guts were yanked out of
      rc.storage.
      
      Outside of calling the moved code from libsetup, rc.storage was also
      changed slightly to store the returned information using "Storable"
      since it's now dealing with an array of hashes instead of raw lines
      of output from tmcc.
      53813c8e
  33. 12 Dec, 2012 1 commit
  34. 30 Nov, 2012 1 commit
    • Mike Hibler's avatar
      Plumb through an fs-install makefile target and fixes to ops-install. · 3cd66d51
      Mike Hibler authored
      This officially drops the pretense that fs nodes can operate with minimal
      Emulab software. If you have a seperate fs node, it had better be dedicated
      to Emulab!
      
      However, it still doesn't do everything. In particular, accounts are not
      installed. This has never been needed for serving NFS, but is needed for
      the samba stuff to work correctly.
      
      Also, you cannot do an fs node software install from boss yet as we do not
      mount fs filesystems on boss. You really cannot do a full ops install from
      boss either since we don't mount ops' /usr/local/etc/emulab directory.
      3cd66d51
  35. 14 Nov, 2012 1 commit
    • Mike Hibler's avatar
      Client half of the fetch-tarballs-via-the-web change. · 763c6aca
      Mike Hibler authored
      For every tarball and rpm, tmcd will now pass a SERVER= string as well
      telling the client where the file should be downloaded from (if using
      the web rather than NFS). Right now this value is the same for all
      tarballs and rpms, and is hardwired in tmcd as either "www" (if
      SPEWFROMOPS=0) or "users" (if 1). Note: BUMPED THE TMCC VERSION NUMBER
      for this.
      
      Made a common routine for doing an error-check-and-retry copy of a file
      across "racy" NFS. This is used by install-{tarfile,rpm} and rc.topomap.
      763c6aca
  36. 06 Nov, 2012 1 commit