There was a period where we didn't generate unencrypted SSL certs
for nonlocal users; create them now (and generally create any
missing unencrypted/encrypted cert for active users).

Also, now renew certs for nonlocal users.

physical state stuff, since we do call those directly on the Geni
path.

there is an adminmfs, instead of defaulting to null. The ONIE based
switches operate more like normal nodes wrt reload/admin MFSs

(If the reservation being approved isn't in the list returned by LookupAll(),
presumably because it was previously pending, then append it during
feasibility checking.)

1) Rework so that instead of relying on swapin__last + autoswap timeout,
   set expt_expires for classic experiments at the beginning of swapin
   time. This is cause swapin_last is not set till the end of swapin,
   and so during swapin the res system is in an inconsistent state since
   there is no way to determine when the experiment ends.

2) On the Geni path, simplify expiration handling; do not allow a slice
   modification and expiration change at the same time; the bookkeeping
   and failure rollback is a pain, especially wrt reservation system,
   and this rarely ever actually happens, so get rid of a lot of
   complication.

going to leave that state, and it causes the Portal to paint then in
yellow since the are not "ready". A better approach would be to move
nodes out of updating_users after some amount of time has passed. Maybe
on the next trip through this part of the forest.

images and do not send isalive. This stuff is pretty old and crufty!

Remove a bunch of obsolete code while I was here.

We never use this stuff, we should kill it.

for experiments with nodes reserved that have never been swapped
in. Happens in the emulab-ops project, we nalloc nodes to experiments
that like hwdown.

Previously, we just added to the old end_time which could result in a
time that was still in the past!

being used by the cached objects.

1. Reservation system now groks experiment lockdown and swappable. When
   swapping in, lockdown and swappable mean the expected end of the
   experiment is never.

2. Reservation library now handles changes to lockdowm, swappable, and
   autoswap (timeout). editexp now hands these changes off to a new
   script called manage_expsettings, which can be called by hand since
   we might need to force a change (I am not changing the classic UI, if
   a change is not allowed by the res system, we have to do it by hand).

3. Minor fixes to reservation library.

I noticed that group_root could not delete users from projects. Seems
like we should allow that, but with the restriction that a group_root
cannot delete another group_root. Simple enough, right? Well thats not
how the permission system works; permission to do stuff to users is
based on who you are in the project, not who you are doing it to.

And then there are the subtle differences in permission handling between
the Classic interface and the Portal interface. And I am fully
unmotivated to fix anything in the Classic interface, hard to believe?

Anyway, most people are not going to notice anything since the bulk of
the changes affect sub groups. Sigh.

interfaces from the wires table. Helpful for debugging.

issue #366.

System images that are not released yet are stored over in /proj
until released. Imagevalidate (and other utilities) need to look
there for the image file(s) not /usr/testbed.

renaming of card/port in the interfaces table.

caller for maxextension, this is a valid transient state for an
experiment. We always recheck the maxextension in the extension pages
anyway, but throwing an error is annoying.