1. 27 Aug, 2013 1 commit
  2. 19 Aug, 2013 1 commit
  3. 09 Aug, 2013 2 commits
    • Leigh B Stoller's avatar
      Remove code that extends slice lifetime, and fix underlying bug. · 60a34cdf
      Leigh B Stoller authored
      We currrently have a few cases where a slice record exists, but
      no sliver, and so Renew was failing. Since we store all of the
      expiration in the slice record, we do not actually need to have
      an aggregate, so remove the check.
      60a34cdf
    • Leigh B Stoller's avatar
      I added two new actions to PerformOperationalAction, which appear to · cfd1974a
      Leigh B Stoller authored
      work fine when the nodes are behaving themselves.
      
      1) geni_update_users: Takes a slice credential and a keys argument. Can
        only be invoked when the sliver is in the started/geni_ready state.
        Moves the slice to the geni_updating_users state until all of the
        nodes have completed the update, at which time the sliver moves back
        to started/geni_ready.
      
      2) geni_updating_users_cancel: We can assume that some nodes will be whacky
        and will not perform the update when told to. This cancels the
        update and moves the sliver back to started/geni_ready.
      
      A couple of notes:
      
      * The current emulab node update time is about three minutes; the
        sliver is in this new state for that time and cannot be restarted or
        stopped. It can of course be deleted.
      
      * Should we allow restart while in the updating phase? We could, but
        then I need more bookkeeping.
      
      * Some nodes might not be running the watch dog, or might not even be
        an emulab image, so the operation will never end, not until
        canceled. I could add a timeout, but that will require a monitor or
        adding DB state to store the start time.
      cfd1974a
  4. 23 Jul, 2013 1 commit
    • Leigh B Stoller's avatar
      ABAC Speaksfor credential support. · 60274694
      Leigh B Stoller authored
      The CM can now receive either an ABAC or a non-ABAC speaksfor
      credential in the list of credentials. Thanks to Gary for getting
      libabac built on boss so that I could use it! The AM probably needs a
      little bit more work since it has a few V3 places where it does not
      invoke CMV2 directly, but that should be easy to fix; all of the AMV2
      functions will work tough.
      
      Caveat; I don't bother to look at the speaksfor option; if we get a
      speaksfor credential, I figure it was cause the user wants to use it!
      
      I added a hacky script called genspeaksfor to create a proper speaks
      for credential that allows me to speak for another user. For example:
      
      	genspeaksfor -a urn:publicid:IDN+emulab.net+user+leebee \
      	         urn:publicid:IDN+emulab.net+user+stoller
      
      which generates an ABAC speaks for credential that allows me to spead
      for leebee. To use the PG test scripts with this credential:
      
      	createsliver.py* -S speaksfor.cred -s slice.cred
      
      Where slice.cred is a plain slice credential issued to leebee and then
      given to me via an out of band mechanism (:-).
      60274694
  5. 11 Jul, 2013 1 commit
    • Leigh B Stoller's avatar
      Implement speaksfor (non-abac) support. · 8d53b3fd
      Leigh B Stoller authored
      CM V2 (and thus the AM) now accept a type=speaksfor credential along
      with regular credentials. When supplied, the speaksfor caller must be
      equal to the owner of the speaksfor credential and the target must be
      equal to the owner of the regular credential(s). All operations take
      place in the context of the spokenfor user.
      
      Added speaksfor slots to geni_slices,geni_aggregates and geni_tickets.
      Also to the history table. But these are just the most recent data.
      Each transaction is logged as normal, and the metadata now includes
      the speaksfor data and the log always includes all of the credentials.
      
      For testing, there is a new script in the scripts directory to
      generate a speaksfor credential. Not installed since it is really
      a hack. But to create one:
      
        perl genspeaksfor urn:publicid:IDN+emulab.net+user+leebee \
      	urn:publicid:IDN+emulab.net+user+stoller
      
      which generates a speaksfor credential that says stoller is speaking
      for leebee.
      
      Given a slice credential issued to leebee, the test scripts can be
      invoked as follows (by stoller):
      
        createsliver.py -S speaksfor.cred -s slice.cred -c leebee.cred
      
      A copy of leebee's self credential is needed simply cause of the test
      script's desire to talk to the SA (which does not support speaksfor).
      Not otherwise needed.
      
      Oh, not tested on the AM interface yet.
      8d53b3fd
  6. 28 Jun, 2013 1 commit
  7. 28 May, 2013 1 commit
    • Leigh B Stoller's avatar
      Reorg the credential checking code, and add Geni chain checks. · dd5c6601
      Leigh B Stoller authored
      From: Leigh Stoller <lbstoller@gmail.com>
      Date: Wed, 22 May 2013 13:49:33 -0700
      Cc: instageni-design@geni.net
      
      So far we have been pretty loose about checking to make sure the
      certificate chains obey the Geni rules. These rules include checking to
      make sure that only approved entities can sign particular kinds of
      credentials. For example; only something known to be a Slice Authority
      should be allowed to create a slice and return a slice credential.
      
      The other check we have been lax about, is verifying that the URN namespace
      is consistent along the chain from CA to the target. For example, a chain
      that starts in Utah:
      
      	URI:urn:publicid:IDN+emulab.net+authority+root
      
      should not be able to sign anything outside its namespace. That is, Utah
      should not be able to sign a user or slice credential like:
      
      	urn:publicid:IDN+panther+user+shufeng
      
      This is made more complicated when we introduce subsa certs along the way,
      where Utah signs its SA cert and that signs a project slice. In this case
      the chain would look something like:
      
      	URI:urn:publicid:IDN+emulab.net+authority+root
      	URI:urn:publicid:IDN+emulab.net+authority+sa
              URI:urn:publicid:IDN+emulab.net:testbed+authority+sa
              URI:urn:publicid:IDN+emulab.net:testbed+slice+myslice
      
      There are also scoping rules; A subsa like:
      
              URI:urn:publicid:IDN+emulab.net:testbed+authority+sa
      
      should not be able to sign:
      
              URI:urn:publicid:IDN+emulab.net:someotherproject+slice+myslice
      
      The entire cert chain is require to verify this. The CA roots are in the
      bundle, and the intermediate certs should be enclosed in the signature
      section of the XML document.
      
      We have to make the same check against the user certificate after apache
      verifies the chain. For apache (or any SSL server) you have to load the
      chain, and as I mentioned in earlier email, this is easy with perl and
      python based clients.
      
      With all that said, we do not plan to start rigorous enforcement of the
      first check above, and for the second class of checks, we just want to
      enforce a simple prefix check until we get our subsa house in order (since
      we don't even conform properly yet!).
      dd5c6601
  8. 03 May, 2013 1 commit
  9. 23 Apr, 2013 1 commit
  10. 04 Apr, 2013 1 commit
  11. 03 Apr, 2013 2 commits
  12. 22 Mar, 2013 1 commit
  13. 12 Feb, 2013 1 commit
  14. 29 Jan, 2013 3 commits
    • Leigh B Stoller's avatar
      Add public_url to CM Sliverstatus() return blob, and pg_public_url to · cb95c1d7
      Leigh B Stoller authored
      AM version of same.
      cb95c1d7
    • Leigh B Stoller's avatar
      Add public_url to sliver resolve. · c1c943ba
      Leigh B Stoller authored
      c1c943ba
    • Leigh B Stoller's avatar
      Add a "monitor" process to start/restart sliver to watch nodes. · 0c749af4
      Leigh B Stoller authored
      This is very similar to what Emulab does on the swapin path for
      normal experiments; wait and watch the nodes to see which ones
      fail or otherwise timeout. Up till now, we did not do this on the
      PG path, and so failed nodes were never signaled, and the slice
      was left in a changing state forever. This also allows us to capture
      the node bootlogs and convert them to logfiles that we can associate
      with the slice on the showslice web page.
      
      Details: start/restart forks a child (WrapperFork()) and allows
      the parent to return to the client. The slice is unlocked so that
      the client can call SliverStatus(), etc. But the client cannot
      do anything that actually changes the sliver (update, stop, etc)
      until the monitor finishes (or times out on its own). The lone
      exception is Deleteslice(), which will asynchronously kill the
      monitor and then terminate the slice. Ditto the command line
      script "cleanupslice".
      
      We will probably need to add another way to allow the client to
      terminate the monitor early, but have not decided where yet.
      0c749af4
  15. 28 Jan, 2013 1 commit
  16. 23 Jan, 2013 1 commit
  17. 22 Jan, 2013 1 commit
  18. 18 Jan, 2013 2 commits
  19. 17 Jan, 2013 1 commit
  20. 14 Jan, 2013 1 commit
  21. 29 Nov, 2012 1 commit
  22. 24 Sep, 2012 1 commit
    • Eric Eide's avatar
      Replace license symbols with {{{ }}}-enclosed license blocks. · 6df609a9
      Eric Eide authored
      This commit is intended to makes the license status of Emulab and
      ProtoGENI source files more clear.  It replaces license symbols like
      "EMULAB-COPYRIGHT" and "GENIPUBLIC-COPYRIGHT" with {{{ }}}-delimited
      blocks that contain actual license statements.
      
      This change was driven by the fact that today, most people acquire and
      track Emulab and ProtoGENI sources via git.
      
      Before the Emulab source code was kept in git, the Flux Research Group
      at the University of Utah would roll distributions by making tar
      files.  As part of that process, the Flux Group would replace the
      license symbols in the source files with actual license statements.
      
      When the Flux Group moved to git, people outside of the group started
      to see the source files with the "unexpanded" symbols.  This meant
      that people acquired source files without actual license statements in
      them.  All the relevant files had Utah *copyright* statements in them,
      but without the expanded *license* statements, the licensing status of
      the source files was unclear.
      
      This commit is intended to clear up that confusion.
      
      Most Utah-copyrighted files in the Emulab source tree are distributed
      under the terms of the Affero GNU General Public License, version 3
      (AGPLv3).
      
      Most Utah-copyrighted files related to ProtoGENI are distributed under
      the terms of the GENI Public License, which is a BSD-like open-source
      license.
      
      Some Utah-copyrighted files in the Emulab source tree are distributed
      under the terms of the GNU Lesser General Public License, version 2.1
      (LGPL).
      6df609a9
  23. 04 Sep, 2012 1 commit
  24. 31 Jul, 2012 1 commit
  25. 13 Jul, 2012 1 commit
    • Leigh B Stoller's avatar
      ProtoGeni stitching and vlan tag reservation changes. · 9b7f535e
      Leigh B Stoller authored
      * Get rid of all use of component_hops; this was our original syntax
        before the stitching path stuff was nailed down.
      
      * Allow a vlan tag to be requested in the link statement:
      
          <link client_id="link0" vlantag="765">
            <interface_ref client_id="geni1:if0" />
        
      * Support vlan tag requests in the stiching path part:
      
          <vlanRangeAvailability>765</vlanRangeAvailability>
          <suggestedVLANRange>765</suggestedVLANRange>
      
        This is the only support at the moment; none of the range stuff is
        done. Further, if you really want things to work, make sure all the
        hops have the same vlan tag cause we don't do vlan translation
        internally or at our edge points.
      
      * Utah only change in the mapper; when trying to use a shared vlan
        whose tag is great then 1000, demand the "highvlan" feature on the
        nodes in the lan. Only some of our switches to high numbered vlans.
      9b7f535e
  26. 29 Jun, 2012 1 commit
  27. 21 Jun, 2012 1 commit
  28. 12 Jun, 2012 1 commit
    • Leigh B Stoller's avatar
      Minor change to credential verification and load. · f3310749
      Leigh B Stoller authored
      Move the expiration test into verifygenicred. Change the invocation to
      capture the output so that we can say something useful in the error
      response, instead of what we do now which is just tell the user there
      is an error.
      f3310749
  29. 11 Jun, 2012 1 commit
  30. 07 Jun, 2012 1 commit
    • Leigh B Stoller's avatar
      Add new API call CreateImage; create/snapshot a geni sliver node. · 750be519
      Leigh B Stoller authored
      This call allows a geni user to create a sliver, customise the node,
      and then take a snapshot (possibly creating a new image descriptor)
      without having to use the Emulab web interface. The API looks like:
      
        int CreateImage(slice_urn, sliver_urn, imagename, credentials[]);
      
      The slice must be unlocked and the sliver in the ready state. Once
      the operation starts, the slice is locked until the backend finishes.
      This is something that I might revisit later, but this was the easiest
      approach that ensures consistency. 
      
      The imagename is looked up in the current project the node is attached
      to. If it does not exists, create it. Then snapshot the node. You can
      call this again of course, to take a new snapshot, without having to
      provide a new imagename.
      
      The image file is written to the images directory of the project,
      which is available to the node via /proj, so the user can get to it
      (since the user might not have a local account).
      750be519
  31. 09 Mar, 2012 1 commit
  32. 09 Feb, 2012 1 commit
  33. 08 Feb, 2012 1 commit
  34. 30 Jan, 2012 1 commit
  35. 11 Nov, 2011 1 commit