1. 25 Mar, 2007 1 commit
  2. 21 Mar, 2007 1 commit
  3. 20 Mar, 2007 1 commit
  4. 16 Mar, 2007 2 commits
    • Leigh Stoller's avatar
      Do not create initial public keys for elabman since they are · 3c2b27c2
      Leigh Stoller authored
      unencrypted, not to mention useless.
      3c2b27c2
    • Leigh Stoller's avatar
      Change to elabman handling, to setup an account that we can use for · d7f33445
      Leigh Stoller authored
      helping remote sites setup and update.
      
      * Added a V2 (DSA) key to the install directory that us inserted into
        the pubkeys table for the elabman. This key is encrypted and stored in
        /root/.ssh/elabman_dsa on Utah's boss.
      
      * elabman now starts out as webonly=0,status='active' with a real
        shell on both boss and ops.
      
      * freeze/thaw user now treat elabman as special, giving elabman a real
        account on boss and ops when thawed.
      
      * Addeda "notes" entry to the user profile that indicates the account
        can be frozen once the remote emulab is up and running.
      d7f33445
  5. 02 Mar, 2007 1 commit
  6. 23 Feb, 2007 1 commit
  7. 16 Feb, 2007 1 commit
  8. 15 Feb, 2007 1 commit
  9. 13 Feb, 2007 1 commit
  10. 19 Jan, 2007 1 commit
  11. 18 Jan, 2007 1 commit
  12. 16 Jan, 2007 4 commits
    • Leigh Stoller's avatar
      Make rule not quite clever enough. · 34d921d1
      Leigh Stoller authored
      34d921d1
    • Leigh Stoller's avatar
      Move the bulk (or guts) of newuser and newproject from the web · 16aaa101
      Leigh Stoller authored
      interface to the backend. There are new scripts that can be called
      from the command line:
      
      	newuser xmlfile
      	newproj xmlfile
      
      They both run from small xmlfiles that are generated by the web
      interface from the form data. I also moved user verification to the
      backend so that we do not have duplicated email functions, but that
      was a small change.
      
      Upon error, the xmlfile is saved and sent to tbops so that we can
      rerun the command by hand, rather then force user to fill out form
      again. I also do a better job of putting the form back up intact when
      there are internal errors.
      
      If the user provides an initial public key, that is put into the xml
      file as well and addpubkey is called from newuser instead of the web
      interface. A more general change to addpukey is that it is now
      *always* called as "nobody". This script was a morass of confusion
      cause of having to call it as nobody before the user actually
      exists. In fact, another of my ongoing projects is to reduce the
      number of scripts called as a particular user, but thats a story for
      another day. Anyway, the script is always called as nobody, but we
      pass along the implied user in the environment so that it can do
      permission checks.
      16aaa101
    • Leigh Stoller's avatar
    • Leigh Stoller's avatar
      Remove webxxx.in files since they are all the same. · dbd36e65
      Leigh Stoller authored
      * New rule:
      
      	web%: $(TESTBED_SRCDIR)/WEBtemplate.in
      		@echo "Generating $@"
      		cat $< | sed -e 's,@PROGTOINVOKE@,$(word 2,$^),' > $@
      
      * New target in the makefiles:
      
      	$(LIBEXEC_STUFF): web%: $(INSTALL_SBINDIR)/%
      
        the above rule is good in a makefile like account/GNUmakefile where all
        of the programs are installed to the same place. In the larger makefiles,
        might need to split the above rule up a bit:
      
              webnewuser: web%: $(INSTALL_SBINDIR)/%
              webfoobar: web%: $(INSTALL_BINDIR)/%
      
      * All of the webXXX.in files will be removed ...
      dbd36e65
  13. 15 Jan, 2007 1 commit
  14. 09 Jan, 2007 1 commit
  15. 03 Jan, 2007 3 commits
    • Leigh Stoller's avatar
      Fix minor bug. · 1197b0ff
      Leigh Stoller authored
      1197b0ff
    • Leigh Stoller's avatar
      Move most of the password changing code to the backend, as I just did · 32983db4
      Leigh Stoller authored
      for email changes. Currently, the hash is passed in on the command
      line from the web interface, and there is no method for invoking it on
      the command line and providing a text password, but that is an easy
      change now that the bulk of the code is in the backend instead of the
      web interface.
      
      Note that this change took longer cause we allow inactive,frozen, and
      wikionly users to change their password, but since they do not have
      accounts (yet) the operation is invoked as user "nobody" and tbacct
      about to me made aware of that possibility.
      
      Also add equivalent auditing email message that goes to the user when
      password is changed.
      
      Also more cleanup and conversion to objects.
      32983db4
    • Leigh Stoller's avatar
      Started out adding an email message to users whenever their email · 6d50ce56
      Leigh Stoller authored
      address is changed by an admin, but in the process I decided to
      implement the entire operation in the backend, since that is what we
      want to do anyway for all operations. Email is sent from the backend
      script as well.
      6d50ce56
  16. 01 Dec, 2006 1 commit
  17. 27 Nov, 2006 1 commit
    • Leigh Stoller's avatar
      Call this commit "Snow in Corvallis" ... · 4998b2d7
      Leigh Stoller authored
      The major functional change in this revision is converting from user
      selected UIDs to system selected UIDs. This is controlled by the
      variable $USERSELECTUIDS in defs/defs.php3.in which is now set to
      zero, so system selected UIDs is the default.
      
      The algo for creating the uid is to take the email address, strip the
      @whatever from it, squeeze out dots and dashes and underlines, and
      make sure any +foo tokens are removed. Then make sure it is unique by
      taking the first 5 characters and then adding a 3 digit number,
      derived by checking the DB to see what exists.
      
      Since we will want to (more often) change the UID selected, there is a
      new admin only menu option on the Show User page. It calls the backend
      script to do the work (sbin/changeuid).
      
      The login page now defaults to storing and showing the email address
      for login, rather then the UID. It will still accept either one though
      (has for a long time).
      
      Along the way I also reorg'ed a number of pages to use the new user,
      group, and project classes and moved some common functionality into
      the class defs.
      
      Also changed the way addpubkey is called, to avoid some confusion.
      4998b2d7
  18. 25 Oct, 2006 1 commit
    • Leigh Stoller's avatar
      Makefile Whacking! Try to deal with the problem caused by the delay · 7590f9c5
      Leigh Stoller authored
      between when something is installed and when post-install runs. Short
      of a global lock (which we probably need anyway someday), my solution
      is this. In your makefiles, add these variables before the line that
      has the include of $(TESTBED_SRCDIR)/GNUmakerules:
      
      	SETUID_BIN_SCRIPTS   =
      	SETUID_SBIN_SCRIPTS  =
      
      I have added three new rules to GNUmakerules that look like this:
      
      	$(addprefix $(SBINDIR)/, $(SETUID_SBIN_SCRIPTS)): $(SBINDIR)/%: %
      		echo "Installing (setuid) $<"
      		-mkdir -p $(INSTALL_SBINDIR)
      		$(SUDO) $(INSTALL) -o root -m 4755 $< $@
      
      Yep, your eyes ain't lying to you; use sudo to run the target so that
      install does the right thing (which is that the old file is not
      replaced until the new one has the proper attributes on it).
      
      Note that post-install is still needed for the initial install, but
      should no longer be needed for day to day installs since all that other
      stuff post-install does is mkdir/chmod on directories.
      7590f9c5
  19. 20 Oct, 2006 1 commit
    • Mike Hibler's avatar
      Wow, this should make me look important! · afa5e919
      Mike Hibler authored
      Two-day boondoggle to support "/scratch", an optional large, shared filesystem
      for users.  To do this, I needed to find all the instances where /proj is used
      and behave accordingly.  The boondoggle part was the decision to gather up all
      the hardwired instances of shared directory names ("/proj", "/users", etc.)
      so that they are set in a common place (via unexposed configure variables).
      This is a boondoggle because:
      
      1. I didn't change the client-side scripts.  They need a different mechanism
         (e.g., tmcd) to get the info, configure is the wrong way.
      
      2. Even if I had done #1 it is likely--no, certain--that something would
         fail if you tried to rename "/proj" to be "/mike".  These names are just
         too ingrained.
      
      3. We may not even use "/scratch" as it turns out.
      
      Note, I also didn't fix any of the .html documentation.  Anyway, it is done.
      To maintain my illusion in the future you should:
      
      1. Have perl scripts include "use libtestbed" and use the defined PROJROOT(),
         et.al. functions where possible.  If not possible, make sure they run
         through configure and use @PROJROOT_DIR@, etc.
      
      2. Use the configure method for python, C, php and other languages.
      
      3. There are perl (TBValidUserDir) and php (VALIDUSERPATH) functions which
         you should call to determine if an NS, template parameter, tarball or
         other file are in "an acceptable location."  Use these functions where
         possible.  They know about the optional "scratch" filesystem.  Note that
         the perl function is over-engineered to handles cases that don't occur
         in nature.
      afa5e919
  20. 18 Oct, 2006 1 commit
  21. 16 Jun, 2006 1 commit
  22. 01 Jun, 2006 1 commit
    • Leigh Stoller's avatar
      Add suport for building per project, group, experiment DBs on ops. At · adbcfd47
      Leigh Stoller authored
      present the per-experiment stuff is not hooked in, but will be for
      templates later. Anyway, each user gets a mysql account on ops, with
      password set to the same as their mailman password (which is also
      their jabber password, etc). Each project gets a DB named by the
      project, and each group gets a DB named by pid,gid. Users are placed
      on the access lists for the DBs as you would expect.
      
      There is a little bit of complexity to make sure that we can create
      DBs on ops outside the Emulab path and grant access to them, without
      Emulab getting confused or mucking things up.
      
      I'll get a news item done ...
      adbcfd47
  23. 02 Mar, 2006 1 commit
  24. 13 Dec, 2005 2 commits
  25. 12 Dec, 2005 2 commits
    • Leigh Stoller's avatar
    • Leigh Stoller's avatar
      Several changes; · be9e6fbe
      Leigh Stoller authored
      * Add creation of no-passphrase Protocol 2 RSA key in addition to
        Protocol 1 key. Currently Protocol 1 will continue to be generated,
        until we figure out an acceptable way to conditionalize this for old
        and new sites.
      
      * No longer generate authorized_keys2 file. All keys go in the main
        file, and the authorized_keys2 file is deleted if it exists, after
        successful creation of the main file.
      
      * When regenerating the Emulab keys, read the current .pub file in and
        delete the existing keys from the DB.
      be9e6fbe
  26. 10 Nov, 2005 1 commit
  27. 14 Oct, 2005 2 commits
  28. 04 Oct, 2005 1 commit
  29. 26 Sep, 2005 1 commit
  30. 20 Sep, 2005 1 commit
    • Leigh Stoller's avatar
      Checkpoint Chat Support stuff; mostly working but still needs work. · 90cdfb60
      Leigh Stoller authored
      Ready for local people to play with.
      
      The current implementation is that we munge the mysql DB on ops directly,
      underneath jabberd. We add/del users from the authreg table, and set up
      buddy lists in the roster-items and roster-groups tables. modgroups will
      invoke the modjabberbuddies whenever a user is added or removed from a
      group, although currently I am building buddy lists for just the top level
      projects.
      
      The "My IM" link in the collaboration menu will tell the user their
      jabber ID on the Emulab chat server (jabber.emulab.net) and also give
      them their plain text password to plug into their chat client.
      
      I also installed a java applet (Jeti) that is a simple chat client that
      I found off the jabberware page. Like all applets, it exhibits a degree
      of flakiness, but I really do not expect too many people to use it.
      90cdfb60
  31. 14 Sep, 2005 1 commit
    • Mike Hibler's avatar
      Changes related to allowing seperate 'fs' (file server) node. · c53d5827
      Mike Hibler authored
      Entailed new instructions for manual setup as well as integration into
      elabinelab framework.  First, the manual path:
      
      setup.txt, setup-boss.txt, setup-ops.txt and new setup-fs.txt:
          Updated to reflect potential for separate fs node.  The org here
          is a little dicey and could be confusing with ops+fs vs. ops and fs.
          Has not been field tested yet.
      
      */GNUmakefile.in: new fs-install target.
      
      configure, configure.in, defs-*:
          Somewhat unrelated, make min uid/gid to use be a defs setting.
          Also add config of fs-install.in script.
      
      boss-install.in, ops-install.in and new fs-install.in:
          Handle distinct fs node.  If you have one, fs-install is run before
          ops-install.  All scripts rely on the defs file settings of FSNODE
          and USERNODE to determine if the fs node is seperate.
      
      utils/checkquota.in:
          Just return "ok" if quotas are not used (i.e., if defs file FS_WITH_QUOTA
          string is null.
      
      install/ports/emulab-fs:
          Meta port for fs node specific stuff.  Also a patch for the samba port
          Makefile so it doesn't drag in CUPs, etc.  Note that the current samba
          port Makefile has this change, I am just backporting to our version.
      
      Elabinelab specific changes:
      
      elabinelab-withfs.ns:
          NS fragment used in conjunction with
      	tb-elab-in-elab-topology "withfs"
          to setup inner-elab with fs node.
      
      elabinelab.ns:
          The hard work on the boss side.  Recognize seperate-fs config and handle
          running of rc.mkelab on that node.  fs setup happens before ops setup.
      
      rc.mkelab:
          The hard work on the client side.  Recognize FsNode setup as well as
          differentiate ops+fs from ops setup.
      
      Related stuff either not part of the repo or checked in previously:
          emulab-fs package
      c53d5827