1. 14 Mar, 2012 1 commit
    • Mike Hibler's avatar
      Pass through bootinfo flags on tmcc "bootwhat" command. · 3ca3abf6
      Mike Hibler authored
      bootwhat will now return a FLAGS=%d value corresponding to the flags
      field in the boot_what struct.
      
      NOTE: THIS REQUIRED A TMCD VERSION BUMP. We are now at version 35.
      The issue was backward compatibility with existing CD/dongle boot images
      which are overly strict in their parsing of the returned bootwhat values.
      
      Added a new boot_what flag (the whole point of this) to signify if the
      entity being returned is part of the "secure boot" path. This is used
      by the gPXE dongle to determine whether it needs to do a trusted boot
      path "sign-off" for the MFS it downloads. We used to use the name of
      the MFS as our heuristic for this.
      
      bootinfo uses the new tbdb.os_info osfeature "ontrustedboot" to determine
      whether to set the flag.
      3ca3abf6
  2. 29 Feb, 2012 1 commit
    • Leigh Stoller's avatar
      Improve cross referencing between geni-cm and emulab datbases. · f1a659b8
      Leigh Stoller authored
      Add a datetime form to the shownodehistory we page so that a testbed
      admin can plug in a specific date, and find out what that node was
      doing at the time. Changes in the backend (node_history script) to
      support this. Note that the table is hard to seach for such a case,
      and so need to let node_history do its thing and then port process the
      records list. Unfortunately, the timestamps are unsigned ints, but
      perl does not handle those properly, so had to pull in Math::BigInt to
      deal with it.
      
      On the output page, include a link to the genihistory page if a node
      was part of a slice.
      
      On the genihistory page, add a new argument, slice_uuid, to look for
      the records for a specific slice.
      f1a659b8
  3. 30 Jan, 2012 1 commit
  4. 23 Jan, 2012 1 commit
    • Leigh Stoller's avatar
      Add support for disk agents. This is just the plumbing, Yathindra is · 95ada2d1
      Leigh Stoller authored
      doing the real/hard work. Anyway, in your NS file you can do this:
      
      	set newdisk [new Disk $ns]
      	$newdisk set node $n0
      	$newdisk set type foo
      	$newdisk set mountpoint /qq
      	$newdisk set parameters "foo bar fee"
      	$newdisk set command "bla bla bla"
      
      The parameters and command are optional and default to null. Then on
      your node, tmcd returns:
      
      	DISK DISKNAME=newdisk DISKTYPE='foo' MOUNTPOINT='/qq' MOUNTPOINT='foo bar fee' PARAMETERS='bla bla bla'
      
      Note that there is no client support code in this commit.
      95ada2d1
  5. 12 Jan, 2012 2 commits
  6. 11 Jan, 2012 3 commits
  7. 02 Dec, 2011 1 commit
    • Leigh Stoller's avatar
      Changes to allow new users to request their encrypted SSL certificate · 8def7e94
      Leigh Stoller authored
      on the join/start project pages. At the moment this is conditional
      under the PROTOGENI flag, since users on non-protogeni sites rarely
      need an encrypted SSL certificate. The initial passphrase has to be
      store someplace since we cannot built the certificate until the user
      is approved, so put it into the users table, and delete when the first
      certificate is built (at approval).
      8def7e94
  8. 07 Nov, 2011 1 commit
  9. 11 Oct, 2011 1 commit
    • Leigh Stoller's avatar
      More work on image permissions; allow specification of pid/osname in · cfc9612a
      Leigh Stoller authored
      NS files. Tweak permission check in Geni CM to also allow this,
      although at this time only global images from any project are allowed.
      The virt_nodes table has been changed to accommodate pid/osname
      syntax:
      
      	tb-set-node-os $nodeA somepid/someos
      
      Note: we are really exporting permission to use images, not entries in
      the os_info table (OSIDs) which is what the NS parser and protogeni CM
      are using. But in fact, an image is both an image descriptor and an OS
      descriptor linked together, so if you export an image or make it
      global, you are implicitly doing the same for the OS descriptor. As
      mentioned many times in the past, OSIDs suck.
      cfc9612a
  10. 10 Oct, 2011 1 commit
    • Leigh Stoller's avatar
      Add support for sharing images between projects. New table called · 646b64f6
      Leigh Stoller authored
      image_permissions stores access info for images. You can share an
      image with a user or a group (project), and you can specify write
      access to allow updating the image in place. Note that write access
      does not allow the descriptor to be modified, only the image itself.
      Well, that is how it will be after Mike changes mfrisbeed.
      
      The front end script to modify permissions is grantimage:
      
      	boss> grantimage -u stoller -w tbres,myimage
      	boss> grantimage -u stoller -w tbres,myimage
      
      which grants write access to stoller. Or:
      
      	boss> grantimage -g testbed,testbed tbres,myimage
      
      which grants access to the testbed project. Notice that you can
      specify subgroups this way.
      
      	boss> grantimage -l tbres,myimage
      
      will give you a list of current permissions. To revoke, just add -r
      option:
      
      	boss> grantimage -g testbed,testbed -r tbres,myimage
      
      Who is allowed to grant access to an image? 1) An adminstrator of
      course, 2) the image creator, and 3) any group_root in the group that
      the image belongs to. Being granted access to use an image does not
      confer permission to grant access to others.
      
      One last task; while the web interface displays the permissions, there
      is no web interface to modify the permissions; users will still have
      to ask us for now.
      646b64f6
  11. 28 Sep, 2011 1 commit
  12. 14 Sep, 2011 1 commit
  13. 02 Sep, 2011 1 commit
  14. 01 Sep, 2011 1 commit
  15. 30 Aug, 2011 2 commits
  16. 12 Aug, 2011 1 commit
    • Leigh Stoller's avatar
      Lets make it easier to manage pre reservations (Mike, this was Rob's · 5c998ffc
      Leigh Stoller authored
      idea).
      
      New script and table to manage node pre reservations. Lets just look
      at the script.
      
      To create a reservation:
      
          myboss> wap prereserve -t pc850 testbed 2
          Node reservation request for 2 nodes has been created.
      
      To see the reservation status for testbed
      
          myboss> wap prereserve -i testbed
          Project         Cnt (Cur)  Creator    When               Pri Types
          -------------------------------------------------------------
          testbed         1 (1)      stoller    2011-08-12 12:39:07 0   pc850
      
          which says 1 node is pending and 1 node has already been
          pre-reserved. 
      
      To clear the above reservation request (and optionally, clean
      reserved_pid from the nodes table).
      
          myboss> wap prereserve -c -r testbed
      
          The -r is optional, otherwise just the reservation request is
          cleared, and nodes continue to be pre-reserved to the project.
      
      To see a list of all reservation requests:
      
          myboss> wap prereserve -l
      
      
      So, when a node is released in nfree, we look at the reservation
      status for the node and any pending reservation requests.
      
      1. If the node has a reserved_pid and that request is still pending
         (still in the table), nothing is changed.
      
      2. If the node has a reserved_pid, but the request has been cleared
         from the pending table, then clear reserved_pid.
      
      3. If reserved_pid is null, and there are pending requests, then pick
         the highest priority, most recent dated, request, and set
         reserved_pid to that project.
      
      Options:
      
      * -n <pri> - is how you set a priority. Lowest is zero, choose a
        higher number if you want this reservation request to be considered
        before others. In a tie, look at the date of creation, and use the
        oldest.
      
      * -t <typelist> - a comma separated list of types you want to
        consider. Types are considered in order, but not in the fancy way
        you might imagine.
      5c998ffc
  17. 10 Aug, 2011 3 commits
  18. 09 Aug, 2011 1 commit
    • Mike Hibler's avatar
      Add vnode_id index to vinterfaces table. · 8c7ac32a
      Mike Hibler authored
      Part I of "Lessons learned from a 100K node experiment". nfree would
      run for hours trying to free 100K virtual nodes due to a slow query in
      Node::ReleaseSharedBandwidth(). Now it takes 5 minutes.
      
      There were other lessons as well, but they fall in the category of
      "rearranging deck chairs" since we are going to have to massively overhaul
      lots of infrastructure to support O(100000+) node experiments on a regular
      basis.
      8c7ac32a
  19. 19 Jul, 2011 1 commit
  20. 01 Jul, 2011 2 commits
  21. 25 May, 2011 3 commits
  22. 13 May, 2011 1 commit
  23. 06 May, 2011 1 commit
  24. 05 May, 2011 1 commit
  25. 20 Apr, 2011 1 commit
    • Leigh Stoller's avatar
      Changes our ssh key/account handling in RedeemTicket() and · 03c2107c
      Leigh Stoller authored
      CreateSliver(), to handle multiple accounts.  This somewhat reflects
      the Geni AM API for keys, which allows the client to specify multiple
      users, each with a set of ssh keys.
      
      The keys argument to the CM now looks like the following (note that
      the old format is still accepted and will be for a while).
      
      [{'urn'   => 'urn:blabla'
        'login' => 'dopey',
        'keys'  => [ list of keys like before ]},
       {'login' => "leebee",
        'keys'  => [ list of keys ... ]}];
      
      Key Points:
      
      1. You can supply a urn or a login or both. Typically, it is going to
         be the result of getkeys() at the PG SA, and so it will include
         both.
      
      2. If a login is provided, use that. Otherwise use the id from the urn.
      
      3. No matter what, verify that the token is valid for Emulab an uid
         (standard 8 char unix login that is good on just about any unix
         variant), and transform it if not.
      
      4. For now, getkeys() at the SA will continue to return the old format
         (unless you supply version=2 argument) since we do not want to
         default to a keylist that most CMs will barf on.
      
      5. I have modified the AM code to transform the Geni AM version of the
         "users" argument into the above structure. Bottom line here, is
         that users of the AM interface will not actually need to do
         anything, although now multiple users are actually supported
         instead of ignored.
      
      Still to be done are the changes to the login services structure in
      the manifest. We have yet to settle on what these changes will look
      like, but since people generally supply valid login ids, you probably
      will not need this, since no transformation will take place.
      03c2107c
  26. 11 Apr, 2011 1 commit
  27. 31 Mar, 2011 1 commit
  28. 18 Mar, 2011 1 commit
  29. 10 Mar, 2011 1 commit
  30. 09 Mar, 2011 1 commit
  31. 14 Feb, 2011 1 commit