1. 02 Feb, 2012 1 commit
  2. 23 Jan, 2012 1 commit
  3. 20 Jan, 2012 1 commit
    • Ryan Jackson's avatar
      Fix server info query for firewalls · 3bd39dbf
      Ryan Jackson authored
      Fixed the query for server name, ip, and mac so that it works with
      multiple subbosses.  Previously the query would fail due to the
      subquery returning multiple rows.
      3bd39dbf
  4. 19 Jan, 2012 1 commit
    • Leigh B Stoller's avatar
      Deprecate the use of jailip in the nodes table, for local dynamic · 1a52760a
      Leigh B Stoller authored
      virtual nodes. We now create an interfaces table entry so that we do
      not special code to find the control network interface. This entry is
      delated along with the node entries when the experiment is swapped
      out.
      
      Of course, we still have existing nodes with jailip entries, so not
      much code was removed, but this saves me from having to add more
      special cases for XEN elabinelab, and at some point we can remove the
      deprecated code.
      1a52760a
  5. 13 Jan, 2012 1 commit
  6. 12 Jan, 2012 2 commits
    • Ryan Jackson's avatar
      tmcd changes for Linux firewall support · df0c2e51
      Ryan Jackson authored
      df0c2e51
    • Leigh B Stoller's avatar
      The rest of the virt_node_attributes table support. You can do this in · 51552904
      Leigh B Stoller authored
      your NS file:
      
      	$node0 add-attribute jailip 155.98.36.229
      	$node0 add-attribute jailipmask 255.255.252.0
      
      to override the default jail ip assignment. Use this carefully of
      course since there is no checking yet.
      
      You can also do something like this:
      
      	$myboss add-attribute XEN_EXTRADISKS "disk1:10G,disk2:10G,disk3:10G"
      	$myops  add-attribute XEN_EXTRADISKS "disk1:4G,disk2:10G"
      
      which will add these extra disks to your xen containers. Note that
      this requires clientside changes from another commit to be installed
      in the XEN image.
      51552904
  7. 10 Jan, 2012 1 commit
  8. 06 Jan, 2012 1 commit
  9. 13 Dec, 2011 1 commit
  10. 15 Nov, 2011 1 commit
    • Mike Hibler's avatar
      Further overhaul of firewall code. NOTE: required bump of tmcd version to 34. · 6a26b246
      Mike Hibler authored
      Firewalls now work with nodes which require a subboss. Had to introduce new
      firewall rules which skipped around the checks that no packets to/from
      node control net IPs should pass through the firewall, if the IP in question
      belongs to a subboss (since subboss is on the node control network). It
      actually checks for all Emulab servers (boss, ops, fs or any subboss),
      so the code should work for an Emulab install which has a non-segmented
      control network in which all servers were in the same subnet as the nodes.
      
      In addition to the new rules, we also had to pass in additional information
      via "tmcc firewallinfo" giving the IP/MAC of those server nodes that are on
      the node control network. We use this to establish ARP entries on the
      inside network so that nodes can find the servers. Since the existing
      client-side firewall code in libsetup.pm would blow up if it got a line
      that it didn't recognize, I had to bump the tmcd version number and add
      some conditional code to tmcd.c:dofwinfo() to not return the extra info for
      old versions.
      
      Added a couple of new firewall variables EMULAB_BOSSES and EMULAB_SERVERS
      that are used in the new rules. Fixed the support scripts in firewall/
      to properly initialize these variables.
      
      IMPORTANT: tmcd looks up boss, ops, fs, and subbosses in the interfaces
      table to find their IPs and MAC addresses. By default, we do not create
      such interface table entries for boss/ops/fs. We have them at Utah for
      other reasons. These entries are only needed if you have a non-segmented
      control network (or a subboss) and you want to firewall such nodes.
      The script to initialize the firewall variables (initfwvars.pl) will
      print out a warning for configurations that are affected and don't have
      the entries.
      6a26b246
  11. 26 Oct, 2011 1 commit
  12. 04 Oct, 2011 1 commit
    • Mike Hibler's avatar
      Add node/node_type attribute "no_clflush". · fdfce71d
      Mike Hibler authored
      This is for FreeBSD to turn off use of the CLFLUSH instruction via the
      hw.clflush_disable loader var. We have encountered some opteron machines
      on which this causes problems.
      
      The attribute can be set for the node_type (via the web page for editing
      node types) or the node (via brute-force SQL hackary) to override whatever
      FreeBSD would do by default. This attribute is passed via tmcd to the
      diskloader MFS which will fixup the loader.conf file post-frisbee.
      fdfce71d
  13. 17 Aug, 2011 1 commit
  14. 11 Aug, 2011 1 commit
    • Mike Hibler's avatar
      Initial support for loading Windows7 .wim images via WinPE/ImageX. · ac711ea5
      Mike Hibler authored
      1. Support for "one-shot" PXE booting ala the one-shot osid. Switches to
         pxelinux to boot WinPE and then switch back after done. Painful now
         because we have to HUP dhcpd everytime we change the PXE path, but we
         may be able to fix this in the future by going all-pxelinux-all-the-time.
      
      2. Added pxe_select, analogous to os_select, for changing the pxe_boot_path
         including the one time path.
      
      3. Added the WIMRELOAD state machine to shepherd a node through the process.
         Still has some rough edges and may need refining.
      ac711ea5
  15. 10 Aug, 2011 1 commit
  16. 20 Jul, 2011 1 commit
  17. 20 Jun, 2011 1 commit
  18. 10 Jun, 2011 1 commit
  19. 09 Jun, 2011 1 commit
  20. 03 Jun, 2011 1 commit
    • Mike Hibler's avatar
      Make secure diskload path handle multiple images. · a14d74c8
      Mike Hibler authored
      Make sure "tmcd imagekey" returns info for all images.
      Make Linux rc.frisbee handle it.
      
      Also: change to elabinelab setup to not load secure image info
      into the elabinelab DB (i.e., so we don't propogate the secret keys).
      a14d74c8
  21. 25 May, 2011 1 commit
  22. 23 May, 2011 1 commit
  23. 02 May, 2011 1 commit
  24. 21 Apr, 2011 1 commit
  25. 20 Apr, 2011 1 commit
    • Leigh B Stoller's avatar
      Changes our ssh key/account handling in RedeemTicket() and · 03c2107c
      Leigh B Stoller authored
      CreateSliver(), to handle multiple accounts.  This somewhat reflects
      the Geni AM API for keys, which allows the client to specify multiple
      users, each with a set of ssh keys.
      
      The keys argument to the CM now looks like the following (note that
      the old format is still accepted and will be for a while).
      
      [{'urn'   => 'urn:blabla'
        'login' => 'dopey',
        'keys'  => [ list of keys like before ]},
       {'login' => "leebee",
        'keys'  => [ list of keys ... ]}];
      
      Key Points:
      
      1. You can supply a urn or a login or both. Typically, it is going to
         be the result of getkeys() at the PG SA, and so it will include
         both.
      
      2. If a login is provided, use that. Otherwise use the id from the urn.
      
      3. No matter what, verify that the token is valid for Emulab an uid
         (standard 8 char unix login that is good on just about any unix
         variant), and transform it if not.
      
      4. For now, getkeys() at the SA will continue to return the old format
         (unless you supply version=2 argument) since we do not want to
         default to a keylist that most CMs will barf on.
      
      5. I have modified the AM code to transform the Geni AM version of the
         "users" argument into the above structure. Bottom line here, is
         that users of the AM interface will not actually need to do
         anything, although now multiple users are actually supported
         instead of ignored.
      
      Still to be done are the changes to the login services structure in
      the manifest. We have yet to settle on what these changes will look
      like, but since people generally supply valid login ids, you probably
      will not need this, since no transformation will take place.
      03c2107c
  26. 15 Apr, 2011 1 commit
  27. 03 Apr, 2011 1 commit
    • David Johnson's avatar
      Add domanifest command. · a12ed9ed
      David Johnson authored
      domanifest returns service configuration info (both static,
      administrator info and per-experiment info), and also service hook
      configuration.
      a12ed9ed
  28. 09 Mar, 2011 1 commit
  29. 16 Feb, 2011 1 commit
    • Mike Hibler's avatar
      Frisbee master server compatibility mode fix for vnodes. · a173e553
      Mike Hibler authored
      The mserver wants to validate nodes by looking up their IP address in the
      interfaces table, and vnodes have no interfaces table entries.  So when we
      invoke the frisbeehelper in compat mode, do so with the pnode identity
      instead. For validation purposes, this is identical.
      
      Is this an issue for non-compat mode? Not right now since all our vnode
      implementations that load images make their loadinfo request from the
      physical host.  If vnodes start to call the master server on boss directly,
      we will have an issue.
      a173e553
  30. 08 Feb, 2011 1 commit
  31. 03 Feb, 2011 1 commit
  32. 01 Feb, 2011 1 commit
    • Mike Hibler's avatar
      Implement limited backward compatibility with the old frisbee setup. · 1017ccce
      Mike Hibler authored
      The big backward compatibility issue is that we no longer store running
      frisbeed info in the DB.  This means that loadinfo could not return
      address:port info to clients and thus old frisbee MFSes could no longer
      work.  While not a show stopper to require people to update their MFS first,
      I made a token effort to implement backward compat as follows.
      
      When an old frisbee MFS does "tmcc loadinfo" (as identified by a tmcd
      version < 33), tmcd will invoke "frisbeehelper" to startup a daemon.
      Sound like frisbeelauncher?  Well sorta, but vastly simplified and I only
      want this to be temporary.  The helper just uses the frisbee client to make
      a "proxy" request to the localhost master server.  The Emulab configuration
      of the master server now allows requests from localhost to proxy for another
      node.
      
      frisbeehelper is also used by webfrisbeekiller to kill a running daemon
      (yes, just like frisbeelauncher).  It makes a proxy status request on
      localhost and uses the returned info to identify the particular instance
      and kill it.
      1017ccce
  33. 19 Jan, 2011 1 commit
  34. 11 Jan, 2011 1 commit
    • Mike Hibler's avatar
      More work toward getting this working on subboss. · 8d80301e
      Mike Hibler authored
      More work on the hierarchical configuration for subboss. When doing host-based
      authentication, allow client to pass an explicit host (IP) to the mserver.
      If the mserver is configured to allow it, that IP is used for authenticating
      the request instead of the caller's IP. Add a default ("null") configuration
      so the mserver can operate out-of-the-box with no config file. The goal of
      these two changes is for an mserver instance with the default config and a
      proxy option to serve the needs of a subboss node (i.e., so no explicit
      configuration will be needed).
      8d80301e
  35. 07 Dec, 2010 4 commits
  36. 16 Nov, 2010 1 commit
    • Kevin Atkinson's avatar
      Add support for all node "tb-set-tarfiles". · a0d0c95e
      Kevin Atkinson authored
      "tb-set-tarfiles" is like "tb-set-node-tarfiles" except that it
      distributes the tarfile to all nodes rather than just one and that it
      uses frisbee to distribute the file.
      
      These changes involved 1) refactoring frisbee info from images table
      into a new table, frisbee_blobs, 2) a new experiment_blobs table, and
      3) a new tmcd command so the node knows how to get the files from the
      server.
      
      The changes where designed to be general purpose enough to eventually
      support:
        1) Distributing arbitrary files (not just tarfiles) to nodes
        2) Perform arbitrary actions on those files
        3) Use arbitrary methods to get the files
      
      As such the tmcd line is as follows:
        URL=* ACTION=*
      
      where URL is currently:
        frisbee.mcast://<ADDR>/<FILE>
      for example
        frisbee.mcast://234.16.184.192:18092/users/kevina/home-dir.tar.gz
      and when we get around to using a master Frisbee server it could be
        frisbee://*
      or it could be a file://, http://, etc.
      
      and ACTION is currently:
        unpack:<LOCATION>
      for example
        unpackt:/users
      with future syntax to be determined.
      a0d0c95e