- 27 Jan, 2015 26 commits
-
-
Leigh B Stoller authored
-
Leigh B Stoller authored
1) Implement the latest dataset read/write access settings from frontend to backend. Also updates for simultaneous read-only usage. 2) New configure options: PROTOGENI_LOCALUSER and PROTOGENI_GENIWEBLOGIN. The first changes the way that projects and users are treated at the CM. When set, we create real accounts (marked as nonlocal) for users and also create real projects (also marked as nonlocal). Users are added to those projects according to their credentials. The underlying experiment is thus owned by the user and in the project, although all the work is still done by the geniuser pseudo user. The advantage of this approach is that we can use standard emulab access checks to control access to objects like datasets. Maybe images too at some point. NOTE: Users are not removed from projects once they are added; we are going to need to deal with this, perhaps by adding an expiration stamp to the groups_membership tables, and using the credential expiration to mark it. The second new configure option turns on the web login via the geni trusted signer. So, if I create a sliver on a backend cluster when both options are set, I can use the trusted signer to log into my newly created account on the cluster, and see it (via the emulab classic web interface). All this is in flux, might end up being a bogus approach in the end.
-
Leigh B Stoller authored
tipline will not exist until the VM is running (since the capture runs on the physhost), but that that is too late for inclusion in the manifest. Need a better mechanism.
-
Leigh B Stoller authored
can create an experiment for another user.
-
Leigh B Stoller authored
-
Leigh B Stoller authored
-
Leigh B Stoller authored
-
Leigh B Stoller authored
interactions with versioning that need to be worked out, since only the head version can be deleted.
-
Leigh B Stoller authored
-
Mike Hibler authored
-
Leigh B Stoller authored
create_instance, now that user can manage multiple keys.
-
Leigh B Stoller authored
-
Leigh B Stoller authored
can get it easily.
-
Leigh B Stoller authored
-
Leigh B Stoller authored
which looks at environment variable to determine what user should be used for access checks. Now used from the protogeni interface, when real accounts are in use (but all work still done by geniuser).
-
Leigh B Stoller authored
-
Leigh B Stoller authored
interface.
-
Leigh B Stoller authored
-
Leigh B Stoller authored
as a guest and that they have to apply for a real account.
-
Leigh B Stoller authored
to let people login using the trusted signer.
-
Leigh B Stoller authored
-
Leigh B Stoller authored
-
Leigh B Stoller authored
-
Leigh B Stoller authored
most recently used.
-
Leigh B Stoller authored
-
Leigh B Stoller authored
-
- 26 Jan, 2015 9 commits
-
-
Mike Hibler authored
Was using internal EventSend but that is really just for talking to boss and we need to talk to ops.
-
Mike Hibler authored
Fixes issue with user appearing multiple times on a /etc/group line.
-
Mike Hibler authored
-
Leigh B Stoller authored
-
Mike Hibler authored
-
Mike Hibler authored
-
Mike Hibler authored
-
Mike Hibler authored
-
Mike Hibler authored
Currently only used to shutdown remote blockstores in advance of a swapout (per-experiment event: objtype=="BSTORE", objname=="rem-bstore", eventtype=="STOP").
-
- 25 Jan, 2015 1 commit
-
-
Leigh B Stoller authored
.forward files. Change addpubkeys to use dropfile for the auth keys file, and add createsshkey method to generate the key on ops, and send the public key back via stdout.
-
- 23 Jan, 2015 3 commits
-
-
Mike Hibler authored
-
Leigh B Stoller authored
-
Leigh B Stoller authored
-
- 22 Jan, 2015 1 commit
-
-
Leigh B Stoller authored
-