- 11 Oct, 2011 2 commits
-
-
Leigh B Stoller authored
NS files. Tweak permission check in Geni CM to also allow this, although at this time only global images from any project are allowed. The virt_nodes table has been changed to accommodate pid/osname syntax: tb-set-node-os $nodeA somepid/someos Note: we are really exporting permission to use images, not entries in the os_info table (OSIDs) which is what the NS parser and protogeni CM are using. But in fact, an image is both an image descriptor and an OS descriptor linked together, so if you export an image or make it global, you are implicitly doing the same for the OS descriptor. As mentioned many times in the past, OSIDs suck.
-
Mike Hibler authored
To finish what Leigh started. Note that the master server currently only does node (IP) based authentication so "user" permissions in the image_permissions table are applied based on the uid of the swapper of the experiment that the contacting node is a part of.
-
- 10 Oct, 2011 5 commits
-
-
Mike Hibler authored
I do not know if this fix is correct or complete. It is however, sufficient to make a non-protogeni elabinelab work again.
-
Mike Hibler authored
-
Mike Hibler authored
Since some DB state is pre-loaded during elabinelab setup, the initial project leader's account was appearing as though it was already setup.
-
Leigh B Stoller authored
image_permissions stores access info for images. You can share an image with a user or a group (project), and you can specify write access to allow updating the image in place. Note that write access does not allow the descriptor to be modified, only the image itself. Well, that is how it will be after Mike changes mfrisbeed. The front end script to modify permissions is grantimage: boss> grantimage -u stoller -w tbres,myimage boss> grantimage -u stoller -w tbres,myimage which grants write access to stoller. Or: boss> grantimage -g testbed,testbed tbres,myimage which grants access to the testbed project. Notice that you can specify subgroups this way. boss> grantimage -l tbres,myimage will give you a list of current permissions. To revoke, just add -r option: boss> grantimage -g testbed,testbed -r tbres,myimage Who is allowed to grant access to an image? 1) An adminstrator of course, 2) the image creator, and 3) any group_root in the group that the image belongs to. Being granted access to use an image does not confer permission to grant access to others. One last task; while the web interface displays the permissions, there is no web interface to modify the permissions; users will still have to ask us for now.
-
Mike Hibler authored
-
- 09 Oct, 2011 1 commit
-
-
Mike Hibler authored
We were doing this just in the CONFIG_SINGLENET case, but we have to do this even when the experiment has a private cnet since the inner dhcpd has to respond to PXE boots on the real control net.
-
- 08 Oct, 2011 5 commits
-
-
Mike Hibler authored
[ this is a re-commit of a faulty earlier commit. ] When downloading an image, start the frisbeed process with the minimum set of gids necessary to access the image. This includes the unix gid of the project that the image is in and, optionally, the unix gid of the project subgroup if the image is part of one. Previously, we just use the gid set of the uid of the swapper of the experiment. Not only was this excessive, but it might also not include the gids needed in the case of a "global" image that is not in the world-readable /usr/testbed/images directory.
-
Mike Hibler authored
This reverts commit fc89eb38. Checked in a bunch of crap that was unrelated.
-
Mike Hibler authored
When downloading an image, start the frisbeed process with the minimum set of gids necessary to access the image. This includes the unix gid of the project that the image is in and, optionally, the unix gid of the project subgroup if the image is part of one. Previously, we just use the gid set of the uid of the swapper of the experiment. Not only was this excessive, but it might also not include the gids needed in the case of a "global" image that is not in the world-readable /usr/testbed/images directory.
-
Mike Hibler authored
Subtle: if your elabinelab uses a VM for ops, then there will be no myops.eid.pid.emulab.net DNS alias created outside (since there is no actual ops node in the topo) and thus the inner ops cannot be used as a proxy for ssh'ing to the unroutable inner nodes. In that case we use the inner boss instead.
-
Mike Hibler authored
The former will filter out the bogus NULLs we occasionally see.
-
- 07 Oct, 2011 14 commits
-
-
Jonathon Duerig authored
-
Jonathon Duerig authored
-
Jonathon Duerig authored
-
Leigh B Stoller authored
-
Ryan Jackson authored
Per-repository 'keywords' may now be configured by setting the hooks.gitmail.keyword option. One X-Git-Repo-Keyword header is added to commit mails for each keyword specified. The primary use case for this is to configure related repositories with the same keyword(s), so that commit mails for those repositories can be filtered with a single rule rather than one for each repository.
-
Leigh B Stoller authored
use this path when setting up the vlan, instead of recomputing the set of trunks that are need. Assign does a much better job of this, so throwing the info away is bad. But, if there is no switch path, we still have to be careful cause the switch infrastructure might have loops, and the existing algorithm did not take that into account. And in fact, Utah has loops and this was causing grief. I added a simple spanning tree function (Prim's Greedy) to calculate a loop free set of trunks. An added complication is if the vlans are modified on the command line, and the there is a switch path in the DB. In this case we have to throw that away, and revert to dumb loop free calculation. Note that we also have to store the switch path in the vlans table, since for swapmod/synctables, we need to know how to undo stale vlans (which are no longer in the lans table).
-
Leigh B Stoller authored
actual switch details.
-
Leigh B Stoller authored
-
Leigh B Stoller authored
-
Leigh B Stoller authored
-
Leigh B Stoller authored
lans.
-
Leigh B Stoller authored
-
Leigh B Stoller authored
loopfree path from a set of trunk links. Silly place for this, but I need it in libvtop.
-
Leigh B Stoller authored
table, and is a lan attribute).
-
- 06 Oct, 2011 3 commits
-
-
Leigh B Stoller authored
-
Jonathon Duerig authored
-
Jonathon Duerig authored
-
- 05 Oct, 2011 10 commits
-
-
Jonathon Duerig authored
-
Leigh B Stoller authored
-
Leigh B Stoller authored
will be subsumed by the NewMapper feature when that is exported to all sites, which will happen soon.
-
Leigh B Stoller authored
-
Leigh B Stoller authored
context instead.
-
Leigh B Stoller authored
flag that says to reregister certs and resources. This is used from an update script (21) that updates the certificates with a new URL that uses http on a different port then 443.
-
Leigh B Stoller authored
-
Leigh B Stoller authored
-
Leigh B Stoller authored
-
Leigh B Stoller authored
-