GitLab

"approved" designation is confusing. Changed to reflect group
membership trust!=none instead of user status=active since thats what
people really want to know.

by smarter brains by me (I have asked Dave to look it over). Anyway ...

I added a top level ssl directory which has a bunch of goo for
creating certificates and keys.  I currently create a Certificate
Authority, a server certificate, and a client certificate. The private
keys for all three are unencrypted, so no password is required. All
key/cert combos can be installed on boss. The client side needs the
key/cert pair (in one file), and the CA cert (no key!). There are
install targets to do this. NOTE, you do not want to create/install
these without being careful, since you could instantly invalidate all
the clients!

I have added the necessary SSL routines to tmcd/tmcc. See the ssl.c
and ssl.h file. I have set it up so that with all you need to do is
uncomment three lines in the makefile, and accept,connect,read,write,
and close are redirected to SSL'ified versions in ssl.c. The current
security model is that the client and server both "demand" certificate
verification from the other side (as opposed to just server side
verification). tmcd reads in server.pem, while tmcc reads in
client.pem. Both read in the emulab.pem (CA cert with no private
key).

Initial testing indicates I have done this at least partially
correctly. Whoever invented this stuff has a really twisted mind
though. There are some questions at the top of ssl.c that need to be
answered.

Oh, also redid all the syslog stuff throughout tmcd.

the other control node.

the tmcd parent. killall was messing things up somewhow.

TBNODESTATE/REBOOTING event. While I was at it, converted power to use
Getopt::Std for getting command-line arguments.

node_reboot uses this argument to prevent the event from getting sent twice
(sice node_reboot has already sent it.)

file in /etc/testbed, and if there such a file, take a different path
through the setup code that is a lot shorter (mounts, accounts,
startupcmd).  All the other stuff is bypassed. There are no
differences though between what you install on the MFS and what you
install on a regular node.  Just run the mfs-install target instead,
which creates the little ismfs file for you.

might be some extra whitespace (well, there *is* extra whitespace).

addr/port.

Rob noticed, that in an experiment with gated running, the trafgen
would startup before gated got its routes.  The result was that trafgen
traffic would use the default route sending data out the control net IF.
When the real route came online, traffic would start going out the
proper interface but the source addr would still be the control net addr
so TCP ACKs would still come back via the control net.

By binding the local address for trafgen to 192.168.X.X we force the
source addr to be correct always.

find a node that we already knew about, and it hasn't changed state or
timestamp, we just use the old entry. This allows us to still notice
new nodes, or nodes that have had their state changed externally (say,
by hand), but not forget about nodes we've already sent mail about.

experiment log file to the user as it gets generated. The web page
does not redraw, it just never exits until the backend sees that the
experiement transition is done, and then it exists, which terminates
the script. I added a DB field to hold the logfile name and some
routines in libdb, with the idea that this might be more generally
useful at some point. Next time you create an experiment, look for the
last sentence, and click on "realtime".

the delivery of multiple notifications. So, instead of a single
notification, which could result in missed ones, we now maintain a
queue.

Tiptunnel can now take "ssl-server-cert:" property from the ACL file,
which is a SHA hash of the expected server certificate.

(this is used to verify the server's identity,
thus precluding man-in-the-middle attacks.)

If no "ssl-server-cert:" is in the ACL,
it will revert to using a normal TCP connection.

In this version, authentication is still the same (even over SSL.)
(next step: add SSL to capture server.)

project members (but approved in other projects) to see things they
are not supposed to.

Spotted by Dave!

Changed scripts that used the 'eventstatus' column to use the more
descriptively-named 'eventstate' column.

The FreeBSD and Linux starup scripts report a 'REBOOTED' state to tmcd
when they start, and 'ISUP' when the starup script is done.

node_reboot and power now send TBNODESTATE/REBOOTING events.

basically work like the libdb.pm functions of the same name (and in
fact much of the code was stolen from there.)

Provides a simple single function call to send events. Intended for
use in scripts whose primary purpose is _not_ to interface with the
event system, like power and node_reboot. If more control/efficiency
is required (for example, these functions reconnect to the event
system every time they're called) , it's better to use the C-like API.

Example call:
EventSendFatal(objtype   => "TBEXAMPLE",
               eventtype => $ARGV[0],
               host      => "*" );

value of the BOSSNODE configure variable.

makeLinkOutput function.

* tmcd/ron: A new directory of client code, based on the freebsd
  client code, but scaled back to the bare minimum. Does only account
  and group file maintenance. I redid the account stuff so that only
  emulab accounts are operated on. Does not require a stub file, but
  instead keeps a couple of local dbm files recording what groups and
  accounts were added by Emulab. There is a ton of paranoia checking
  to make sure that local accounts are not touched.

  The update script that runs on the client node detaches so that the
  ssh from boss returns immediately. update can also be run from the
  node periodically and at boottime. The script is installed setuid
  root, but checks to make sure that *only* root or "emulabman" has
  invoked it.

* utils/sshremote: New file. For remote nodes, instead of using sshtb,
  use sshremote, which ssh's in as "emulabman", which needs to be a
  local non-root user, but with an authorized_keys file containing
  boss' public key.

* web interface changes: Allow user to specify his own public key in
  addition to the emulab key.

  Add option in showexp page to update accounts on nodes in the
  experiment. I was originally intending to do this from approveuser,
  but this was easier and faster. I will add an option to do it on the
  approveuser page later.

* libdb.pm: Add a TBIsNodeRemote() query to see if a node is in the
  local testbed or a pcRemote node. Currently, this test is hardwired
  to a check for class=pcRemote, but this will need to change to a
  node_types property at some point.

* node_update: Reorg so that there is a maximum number of children
  created. Previously, a child was forked for each node, but that
  could chew up too many processes, especially for remote nodes which
  might hang up. For the same reason, we need to "lock" the experiment
  so that it cannot be terminated while a node_update is in progress.
  Might be to relax that, but this was easy for now. Also add
  distinction between local and remote, since for remote we use
  sshremote insted of sshtb. Various cleanup stuff

* mkacct; When generating a new account, include user supplied pub key
  in the authorized keys file, in addition to the eumlab generated
  key. Both keys are stored in the DB in the users table. Anytime we
  update an account, get a fresh copy of the emulab pub key, in case
  user changes it.

it even though it doesn't need to be.