- 19 Jan, 2018 1 commit
-
-
Mike Hibler authored
-
- 04 Jan, 2018 1 commit
-
-
Mike Hibler authored
-
- 03 Jan, 2018 1 commit
-
-
Mike Hibler authored
-
- 02 Jan, 2018 1 commit
-
-
Mike Hibler authored
-
- 30 Dec, 2017 2 commits
-
-
Mike Hibler authored
-
Mike Hibler authored
-
- 29 Dec, 2017 1 commit
-
-
Mike Hibler authored
-
- 27 Dec, 2017 1 commit
-
-
Mike Hibler authored
It was printing out the destination (aka, boss) rather than the IP that was trying to access boss. Very confusing.
-
- 18 Dec, 2017 1 commit
-
-
Mike Hibler authored
-
- 05 Dec, 2017 3 commits
-
-
Mike Hibler authored
-
Mike Hibler authored
This actually seems to have startled the port build.
-
Mike Hibler authored
-
- 27 Nov, 2017 1 commit
-
-
Leigh B Stoller authored
directories from the proj and groups tree.
-
- 02 Nov, 2017 1 commit
-
-
Mike Hibler authored
-
- 30 Aug, 2017 2 commits
-
-
Leigh B Stoller authored
interfaces and interface_state table to card_saved,port_saved. The primary keys are dropped and new ones added for node_id,iface.
-
Leigh B Stoller authored
from the build tree.
-
- 21 Aug, 2017 3 commits
-
-
Mike Hibler authored
-
Mike Hibler authored
-
Mike Hibler authored
Did this before I realized how DoneIfEdited worked, but it seems like a useful function to have for something someday.
-
- 18 Aug, 2017 1 commit
-
-
Leigh B Stoller authored
-
- 26 Jul, 2017 1 commit
-
-
Mike Hibler authored
Provide automated setup of an ssh keypair enabling root to login without a password between nodes. The biggest challenge here is to get the private key onto nodes in such a way that a non-root user on those nodes cannot obtain it. Otherwise that user would be able to ssh as root to any node. This precludes simple distribution of the private key using tmcd/tmcc as any user can do a tmcc (tmcd authentication is based on the node, not the user). This version does a post-imaging "push" of the private key from boss using ssh. The key is pushed from tbswap after nodes are imaged but before the event system, and thus any user startup scripts, are started. We actually use "pssh" (really "pscp") to scale a bit better, so YOU MUST HAVE THE PSSH PACKAGE INSTALLED. So be sure to do a: pkg install -r Emulab pssh on your boss node. See the new utils/pushrootkeys.in script for more. The public key is distributed via the "tmcc localization" command which was already designed to handle adding multiple public keys to root's authorized_keys file on a node. This approach should be backward compatible with old images. I BUMPED THE VERSION NUMBER OF TMCD so that newer clients can also get back (via rc.localize) a list of keys and the names of the files they should be stashed in. This is used to allow us to pass along the SSL and SSH versions of the public key so that they can be placed in /root/.ssl/<node>.pub and /root/.ssh/id_rsa.pub respectively. Note that this step is not necessary for inter-node ssh to work. Also passed along is an indication of whether the returned key is encrypted. This might be used in Round 2 if we securely implant a shared secret on every node at imaging time and then use that to encrypt the ssh private key such that we can return it via rc.localize. But the client side script currently does not implement any decryption, so the client side would need to be changed again in this future. The per experiment root keypair mechanism has been exposed to the user via old school NS experiments right now by adding a node "rootkey" method. To export the private key to "nodeA" and the public key to "nodeB" do: $nodeA rootkey private 1 $nodeB rootkey public 1 This enables an asymmetric relationship such that "nodeA" can ssh into "nodeB" as root but not vice-versa. For a symmetric relationship you would do: $nodeA rootkey private 1 $nodeB rootkey private 1 $nodeA rootkey public 1 $nodeB rootkey public 1 These user specifications will be overridden by hardwired Emulab restrictions. The current restrictions are that we do *not* distribute a root pubkey to tainted nodes (as it opens a path to root on a node where no one should be root) or any keys to firewall nodes, virtnode hosts, delay nodes, subbosses, storagehosts, etc. which are not really part of the user topology. For more on how we got here and what might happen in Round 2, see: #302
-
- 17 Jul, 2017 1 commit
-
-
Leigh B Stoller authored
-
- 10 Jul, 2017 2 commits
-
-
Mike Hibler authored
-
Mike Hibler authored
Also, default to FreeBSD 10.x when possible.
-
- 06 Jul, 2017 6 commits
-
-
Leigh B Stoller authored
operating in standalone mode (not part of a federation), which would be the case for everyone that is not us. Further exercise would be to automate portal setup when part of a federation. Not a big deal to add, but lets checkpoint what I have done so far.
-
Leigh B Stoller authored
try to chown the source directory.
-
Leigh B Stoller authored
the permissions.
-
Leigh B Stoller authored
-
Leigh B Stoller authored
-
Leigh B Stoller authored
-
- 29 Jun, 2017 3 commits
-
-
Leigh B Stoller authored
-
Leigh B Stoller authored
-
Leigh B Stoller authored
-
- 23 Jun, 2017 1 commit
-
-
Leigh B Stoller authored
-
- 21 Jun, 2017 1 commit
-
-
Mike Hibler authored
-
- 14 Jun, 2017 1 commit
-
-
Mike Hibler authored
-
- 09 Jun, 2017 1 commit
-
-
Mike Hibler authored
Normally this would be done as part of the install between "pre" and "post". But I prefer to run my updates without doing an install at the same time (i.e. "gmake update-testbed-noinstall").
-
- 05 Jun, 2017 2 commits
-
-
Mike Hibler authored
-
Mike Hibler authored
-
- 04 Jun, 2017 1 commit
-
-
Mike Hibler authored
-