Significant hackary involved. Similar to exports_setup, there is a boss-side
script and an ops-side script to handle creation and destruction of the ZFS
clones that are used for the NFS filesystem. The rest was all about when to
invoke said scripts.

Creation is easy, we just do a clone whenever the TBAdminMfsSelect is called
to "turn on" node admin mode. Destruction is not so simple. If we destroyed
the clone on the corresponding TBAdminMfsSelect "off" call, then we could
yank the filesystem out from under the node if it was still running in the
MFS (e.g., "node_admin -n off node"). While that would probably be okay in
most uses, where at worst we would have to apod or power cycle the node, we
try to do better. TBAdminMfsSelect "off" instead just renames the clone
(to "<nodeid>-DEAD") so that it stays available if the node is running on
it at the time, but ensures that it will not get accidentally used by any
future boot. We check for, and destroy, any previous versions for a node
every time we invoke the nfsmfs_setup code for that node. We also destroy
live or dead clones whenever we call nfree. This ensures that all MFSes
get cleaned up at experiment swapout time.

version number.

Needed to match against OS version and not OSID version.

It's going to be used by both OSinfo and Node objects.  New OSes will
want to inherit taint states from the OS they are derived from.

Can't do the untainting for all cases in libosload*.  The untainting
is now hooked into stated, where we catch the nodes as they send
along their "RELOADDONE" events to update their taint state according
to the final state of their partitions.

Emulab can now propagate OS taint traits on to nodes that load these OSes.
The primary reason for doing this is for loading images which
require special treatment of the node.  For example, an OS that has
proprietary software, and which will be used as an appliance (blackbox)
can be marked (tainted) as such.  Code that manages user accounts on such
OSes, along with other side channel providers (console, node admin, image
creation) can key off of these taint states to prevent or alter access.

Taint states are defined as SQL sets in the 'os_info' and 'nodes' tables,
kept in the 'taint_states' column in both.  Currently these sets are comprised
of the following entries:

* usermode: OS/node should only allow user level access (not root)
* blackbox: OS/node should allow no direct interaction via shell, console, etc.
* dangerous: OS image may contain malicious software.

Taint states are inherited by a node from OSes it loads during the OS load
process.  Similarly, they are cleared from nodes as these OSes are removed.
Any taint state applied to a node will currently enforce disk zeroing.

No other tools/subsystems consider the taint states currently, but that will
change soon.

Setting taint states for an OS has to be done via SQL presently.

This commit is intended to makes the license status of Emulab and
ProtoGENI source files more clear.  It replaces license symbols like
"EMULAB-COPYRIGHT" and "GENIPUBLIC-COPYRIGHT" with {{{ }}}-delimited
blocks that contain actual license statements.

This change was driven by the fact that today, most people acquire and
track Emulab and ProtoGENI sources via git.

Before the Emulab source code was kept in git, the Flux Research Group
at the University of Utah would roll distributions by making tar
files.  As part of that process, the Flux Group would replace the
license symbols in the source files with actual license statements.

When the Flux Group moved to git, people outside of the group started
to see the source files with the "unexpanded" symbols.  This meant
that people acquired source files without actual license statements in
them.  All the relevant files had Utah *copyright* statements in them,
but without the expanded *license* statements, the licensing status of
the source files was unclear.

This commit is intended to clear up that confusion.

Most Utah-copyrighted files in the Emulab source tree are distributed
under the terms of the Affero GNU General Public License, version 3
(AGPLv3).

Most Utah-copyrighted files related to ProtoGENI are distributed under
the terms of the GENI Public License, which is a BSD-like open-source
license.

Some Utah-copyrighted files in the Emulab source tree are distributed
under the terms of the GNU Lesser General Public License, version 2.1
(LGPL).

image_permissions stores access info for images. You can share an
image with a user or a group (project), and you can specify write
access to allow updating the image in place. Note that write access
does not allow the descriptor to be modified, only the image itself.
Well, that is how it will be after Mike changes mfrisbeed.

The front end script to modify permissions is grantimage:

	boss> grantimage -u stoller -w tbres,myimage
	boss> grantimage -u stoller -w tbres,myimage

which grants write access to stoller. Or:

	boss> grantimage -g testbed,testbed tbres,myimage

which grants access to the testbed project. Notice that you can
specify subgroups this way.

	boss> grantimage -l tbres,myimage

will give you a list of current permissions. To revoke, just add -r
option:

	boss> grantimage -g testbed,testbed -r tbres,myimage

Who is allowed to grant access to an image? 1) An adminstrator of
course, 2) the image creator, and 3) any group_root in the group that
the image belongs to. Being granted access to use an image does not
confer permission to grant access to others.

One last task; while the web interface displays the permissions, there
is no web interface to modify the permissions; users will still have
to ask us for now.

This also adds the disk_image tags for rspecs.

starting any one of our scripts can take a second or two. That time is
spent including and compiling 10000s of thousands of lines of perl
code, both from our libraries and from the perl libraries.

Mostly this is just a maintenance thing; we just never thought about
it much and we have a lot more code these days.

So I have done two things.

1) I have used SelfLoader() on some of our biggest perl modules.
   SelfLoader delays compilation until code is used. This is not as
   good as AutoLoader() though, and so I did it with just a few 
   modules (the biggest ones).

2) Mostly I reorganized things:

  a) Split libdb into an EmulabConstants module and all the rest of
     the code, which is slowly getting phased out.

  b) Move little things around to avoid including libdb or Experiment
     (the biggest files).

  c) Change "use foo" in many places to a "require foo" in the
     function that actually uses that module. This was really a ...

Add MapToImage() which maps an osinfo to a specific image for a node
type.

Both of these are used in os_setup.

the tb-set-node-os command with a second optional argument; if that is
present, the first arg is the child OS and the second is the parent OS.
We add some new features in ptopgen (OS-parentOSname-childOSname) based
off a new table that maps which child OSes can run on which parents, and
the right desires get added to match.  We setup the reloads in os_setup
along with the parents.  Also needed a new opmode, RELOAD-PCVM, to handle
all this.

For now, users only have to specify that their images can run on pcvms, a
special hack for which type the images can run on.  This makes sense in
general since there is no point conditionalizing childOS loading on
hardware type at the moment, but rather on parentOS.  Hopefully this stuff
wiill mostly work on shared nodes too, although we'll have to be more
aggressive on the client side garbage collecting old frisbee'd images for
long-lived shared hosts.

I only made these changes in libvtop, so assi...

  When a project is initially created a new mailing list is created,
  PROJ-admin@emulab.net.

  testbed-approval is subscribed to the list

  Several emails that originally went to testbed-approval now go to the
  mailing list instead.  The From, To, fields are basically the same
  with testbed-approval becoming PROJ-admin.  This means some mail
  is sent with a From PROJ-admin and Bcc the mailing list.  Note that
  some mail still goes to testbed-approval directly, in particular
  ones where there is no clear project involved, and when a project is
  denied.

  In addition notifications of approval status of new members is also
  sent to the list.  These emails use to only go to testbed-audit@.

  Currently All mail sent to PROJ-admin is also sent to testbed-audit
  (via a Bcc).  This means that some mail that didn't use to go to
  testbed-audit now does.

  The mailing list is deleted when a project is deleted with out first
  being approved.  Becuase o...

     www/newimageid_ez.php3 - The reworked PHP page.  Calls Image::NewImageId with ez=1.
     www/newimageid.php3 - Call Image::NewImageId with ez=0.
     www/imageid_defs.php - Re-use the Image::NewImageId class method, adding an 'ez' arg.
     backend/{newimageid_ez,GNUmakefile}.in configure configure.in - New backend script.
         After checks, calls OSinfo->Create and Image->Create with the same XML args array.
     db/Image.pm.in - Re-use the Image->Create method, adding an imageid over-ride arg.
     db/OSinfo.pm.in - Filter out extraneous db slot args from XML in the Create method.
     db/libdb.pm.in - Add TB_{OS,IMAGE}ID_* constants from dbdefs.php3 .
     sql/database-fill.sql - Add OS entries to the table_regex 'images' pattern set.

form processing to be done.

The gist is that I have moved all of the data checking and DB work to
the backend into a new script called utils/newosid. This script does
all the field checking that used to be done in php. It takes a simple
XML file as input and returns a set of strings to format as errors (if
there are any).

The overall goal to make a big push to move this code out of PHP and
perl.  A nice side effect is that many operations that are current
only available via the web interface will also become available
command line (and also XMLRPC with a little moew work).

thankless job but someone has to do it. I'm expecting to finish by the
time Bush 43 leaves office.

(also knows an integers).