* tmcd/ron: A new directory of client code, based on the freebsd
  client code, but scaled back to the bare minimum. Does only account
  and group file maintenance. I redid the account stuff so that only
  emulab accounts are operated on. Does not require a stub file, but
  instead keeps a couple of local dbm files recording what groups and
  accounts were added by Emulab. There is a ton of paranoia checking
  to make sure that local accounts are not touched.

  The update script that runs on the client node detaches so that the
  ssh from boss returns immediately. update can also be run from the
  node periodically and at boottime. The script is installed setuid
  root, but checks to make sure that *only* root or "emulabman" has
  invoked it.

* utils/sshremote: New file. For remote nodes, instead of using sshtb,
  use sshremote, which ssh's in as "emulabman", which needs to be a
  local non-root user, but with an authorized_keys file containing
  boss' public key.

* web interface changes: Allow user to specify his own public key in
  addition to the emulab key.

  Add option in showexp page to update accounts on nodes in the
  experiment. I was originally intending to do this from approveuser,
  but this was easier and faster. I will add an option to do it on the
  approveuser page later.

* libdb.pm: Add a TBIsNodeRemote() query to see if a node is in the
  local testbed or a pcRemote node. Currently, this test is hardwired
  to a check for class=pcRemote, but this will need to change to a
  node_types property at some point.

* node_update: Reorg so that there is a maximum number of children
  created. Previously, a child was forked for each node, but that
  could chew up too many processes, especially for remote nodes which
  might hang up. For the same reason, we need to "lock" the experiment
  so that it cannot be terminated while a node_update is in progress.
  Might be to relax that, but this was easy for now. Also add
  distinction between local and remote, since for remote we use
  sshremote insted of sshtb. Various cleanup stuff

* mkacct; When generating a new account, include user supplied pub key
  in the authorized keys file, in addition to the eumlab generated
  key. Both keys are stored in the DB in the users table. Anytime we
  update an account, get a fresh copy of the emulab pub key, in case
  user changes it.

it even though it doesn't need to be.

make it writable to the tbadmin group.

since we now have schemacheck.

Essentially tip, but instead of presenting a tty, it opens a tunnel port that (for instance)
telnet can talk to. Example (on credit):

tiptunnel /var/log/tiplogs/pc1.acl telnet

Will open up a local port then fork/exec telnet with "localhost" and the tunnel port number as arguments.
(Functionally equivalent to "tip pc1", only with telnet escape sequences)

A later version of this program is what users will likely download for the quick-tip-through-the-web scheme.
(next step: SSL)

directory.

currently installed tmcd. The version number is passed through on
every tmcc request.

the boss. The resolver goo is not going to work on RON nodes.

since it isn't needed, and will result in errors.

broken. Also, it made me slightly uneasy that there was no way to
prevent swig from putting one of its generated files in sorce
directory. So, I've just checked in the two major files that get
generated by SWIG, so that the make rule that runs it never gets
invoked.

One of the reasons for doing this is that swig generates slightly
broken code when the -exportall (which does perl module exports
correctly) arugment is given. A very minor amount of manual tweaking
of the generated .pm file can fix this problem. So, the checked in
copy of event.pm has these tweaks applied.

As a result of all of this, exports work correctly in the event perl
module, so the hacky practice of putting your program in the event
namespace is no longer necessary.

Watches for events sent by TMCD regarding the state of nodes. Records
this information in the database. Also watches for nodes that undergo
invalid state transitions, or stay in the same state for too long.
Right now, the only action it takes is to send email, but in the
future, will take action to 'unstick' nodes.

Not yet installed by default.

state_timeouts is for recording the maximum amount of time (in
seconds) that a node should be in a given state. (0 means no timeout)
The contents of the action column are not yet well-defined - in the
future, it may contain commands for dealing with stuck nodes, or
perhaps a keyword to indicate to the watchdog daemon what action
should be taken.

state_transitions contains a list of valid state transitions.

state string. This was causing (tremendously frustrating) problems
elsewhere.

awkward by the fact that swig insists on putting it's generated C
file in the source directory, not the object directory.

installed anyplace yet ...

be a worse problem with remote nodes, where we will not be able to
keep everyone up to date like we can in the local testbed case. I ran
into this yesterday with the key distribution stuff for RON nodes,
which require incompatable changes to the accounts info that is
returned. So, tmcc now takes a [-v version] argument, which is passed
through to tmcd in the request field. tmcd passes that version number
(assumed to be an int) down, and the routines should look at that. We
will need to make some structural changes in tmcd as we get more
version skew, but for now this is fine. Anyway, tmcd/tmcc have a
compiled in DEFAULT_VERSION (see decls.h). If no version is supplied,
assume DEFAULT_VERSION (2), which covers all of the old images and yet
to be updated current images. As the new tmcc makes it out, versions
will be sent through. VERY IMPORTANT: The current version is placed in
libsetup.pm. When you make incompatible changes, bump the version
number is decls.h and libsetup.pm, recompile and install a new tmcc
and the new libsetup.pm on the clients (and of course, tmcd on the
server).

Fixes to termination; Add signal handlers for HUP,INT,TERM, and make
sure all the children get killed off before exiting. We still have
some problems though; I think the children should wait until the
current request is completed before exiting. I'll give that some more
thought though since it easy to mess that stuff up (leave zombies).

Add build_info[] to startup message to syslog. Good for debugging.
Some minor cleanup and restructuring. Mike is gonna hate it.

a chance to react. Otherwise, we sometimes try to start the new one
before all the children have released the port number (socket).

to listen on the socket.  Since tmcd requests are basically
request/reply, each child is independent of the other, and so there
was no need to bring real threads into the picture. There is a new
option [-a num] to control the number of children in the pool;
defaults to 5. I set it up so that children that die are replaced with
new children. Hopefully this will add a little robustness, making sure
that tmcd is always running.

Oh, fix about a 100 -Wall warnings!

debugging. Make sure it gets passed through to udp case (-u), although
the udp case is going to get killed when we ssl'ize tmcd.

Also added the virt_agents table, which apparently hadn't made it
into CVS yet.

Queue events have a new parameter in the arg list for link events:

	ARGS="PIPE=pipe0 THRESH=8"

This is kinda hacky right now; I do not have time to get all the stuff
just right. The convention is that pipe0 is the first pipe in the list
(left to right) and pipe1 is the other. We can worry about cleanup
later.

daemon that receives the events that tmcd sends.

queue in each direction is in.