1. 10 Jun, 2003 1 commit
    • Leigh B. Stoller's avatar
      Minor changes to ifconfig and linkdelay to allow a veth interface to · d639bd53
      Leigh B. Stoller authored
      stand alone (no underlying phys interface) so that both ends of a
      virtual link can be on the same node.
      
      Change "startcmd" to return the uid of the swapper, not the creator,
      as the UID to run the startup command.
      
      Get creator/swapper uid in the initial query for the node, instead of
      as separate queries later. Saves some queries ...
      
      Remove old code.
      
      Add progagents command to return the list of program object names, and
      the UID to run those objects as (again, the swapper not the creator).
      This allows the program-agent startup code on the node to be more
      selective in its elvin subscription, as well as running the programs
      as the proper UID.
      
      Changes to jailconfig. If the node has its own IP in the nodes table
      (jailip), return that as JAILIP in the configuration for mkjail.
      d639bd53
  2. 23 May, 2003 1 commit
  3. 22 May, 2003 1 commit
  4. 19 May, 2003 1 commit
    • Leigh B. Stoller's avatar
      Minor changes. · ef27ae3c
      Leigh B. Stoller authored
      dojailconfig: Do not return a jail config unless the node is really
      jailed.
      
      doifconfig: Look at the node name, and return ifconfig info specific
      to the name instead of always returning all info for the machine. Upon
      boot, virtual interfaces will not be setup, but instead will be setup
      when the jail is setup. When the jail requests ifconfig info, it gets
      only its list of interfaces to setup.
      
      dolinkdelays: Ditto, since linkdelays will be setup after per-jail
      interfaces are setup.
      ef27ae3c
  5. 13 May, 2003 1 commit
    • Leigh B. Stoller's avatar
      Minor change to linkdelays to join with veth_interfaces (in addition · ff7a781f
      Leigh B. Stoller authored
      to interfaces) so that we return the MAC of the virtual interface not
      the physical interface.  I do not much like this arrangement.  We
      store veth interfaces in another dynamic table, so must join with both
      interfaces and veth_interfaces to see which iface each linkdelay
      corresponds to. If there is a veth entry use that, else use the normal
      interfaces entry. Maybe we should use the regular interfaces table,
      with type veth, entries added/deleted on the fly. I avoided that cause
      I view the interfaces table as static and pertaining to physical
      interfaces only, but the current arrangement does not scale well
      (although if it only ever has to scale to veth_interfaces, so be it).
      ff7a781f
  6. 05 May, 2003 1 commit
  7. 18 Apr, 2003 1 commit
    • Leigh B. Stoller's avatar
      Add widearearoot and wideareajailroot to the users table, to control · 97b206ba
      Leigh B. Stoller authored
      who gets root on widearea nodes, inside and outside of jail. Kinda
      brute force; might need to make this more flexible at some point,
      perhaps with a node/user mapping table for widearearoot (root outside
      the jail), and a widearea_trust slot to the group_membership table
      (root inside a jail), but this will do for now since its handled
      entirely inside of tmcd.
      
      I was originally using local_root to determine root access inside the
      jail, but we need to more finely control who gets root on widearea
      nodes. Outside the jail, only tbadmin got jail, and thats definitely
      too restrictive!
      97b206ba
  8. 11 Apr, 2003 1 commit
  9. 03 Apr, 2003 1 commit
    • Leigh B. Stoller's avatar
      Two unrelated changes. 1) Return the email address to version 9 · ce0676ad
      Leigh B. Stoller authored
      clients so they can create a proper .forward file. 2) Add some
      test code for seeing how feasible it is to do accounts on ops/tips
      using tmcd instead of direct ssh. Initial results are not good; too
      many accounts; does not scale well. Going to need a smarter protocol
      for doing hundreds of accounts, but I will leave this code in place
      for now. Note, unlike testbed nodes, control nodes must connect with
      ssl.
      ce0676ad
  10. 25 Mar, 2003 1 commit
  11. 19 Mar, 2003 1 commit
  12. 18 Mar, 2003 1 commit
  13. 12 Mar, 2003 1 commit
    • Leigh B. Stoller's avatar
      Add a few more permission bits to jailconfig: · 53e95db5
      Leigh B. Stoller authored
      INADDRANY: When 1, jail is allowed to bind to INADDR_ANY. When packet
                 comes in, the pchlookup checks the prison IPs.
      
      ROUTING:   Jail gets access to its routing table. This presently implies
                 that the jail gets its own private routing table via new
      	   jail options.
      
      DEVMEM:    Jail gets a real /dev/mem and /dev/kmem instead of a
                 symlink to /dev/null. This pretty much bypasses security so
                 its not something to do on widearea nodes, but on local
                 nodes that fine.
      53e95db5
  14. 10 Mar, 2003 1 commit
  15. 05 Mar, 2003 1 commit
  16. 27 Feb, 2003 2 commits
  17. 13 Feb, 2003 1 commit
  18. 03 Feb, 2003 2 commits
  19. 01 Feb, 2003 1 commit
  20. 31 Jan, 2003 5 commits
  21. 30 Jan, 2003 7 commits
  22. 22 Jan, 2003 2 commits
  23. 15 Jan, 2003 1 commit
  24. 02 Jan, 2003 1 commit
    • Leigh B. Stoller's avatar
      Addition to jailconfig command. Return the list of IP addrs that the · a734b77a
      Leigh B. Stoller authored
      are in the vnodes experiment on that node. This list of IPs is given
      to the kernel as interfaces that a jail is allowed to bind too (those
      kernel changes done by Mike). To construct this list, first look at
      the list of virt_tunnels on that physnode for the experiment. In
      addition, to support local jails, look at the IP list in the
      interfaces table for the physnode. Basically like a doifconfig. At
      some point local jails will change to use tunnels also, but for now
      this will do.
      a734b77a
  25. 20 Dec, 2002 1 commit
  26. 18 Dec, 2002 1 commit
    • Leigh B. Stoller's avatar
      Ignore isalive from local nodes. The new image will run a watchdog · 678a5a34
      Leigh B. Stoller authored
      like the remote nodes do, but for now do not update the up/down status
      from that. I need to mess with db/node_status first to make sure there
      is agreement between the parties. Note that remote nodes send one UDP
      message every 60 seconds (isalive is done with a UDP). Local nodes
      will send them at a slower rate, as is the practice in db/node_status
      which wakes up every 5 minutes and fpings the world!
      678a5a34
  27. 09 Dec, 2002 1 commit