1. 01 Jan, 2018 1 commit
    • Leigh Stoller's avatar
      Changes to reservation system wrt classic interface: · dc90a087
      Leigh Stoller authored
      1. Reservation system now groks experiment lockdown and swappable. When
         swapping in, lockdown and swappable mean the expected end of the
         experiment is never.
      
      2. Reservation library now handles changes to lockdowm, swappable, and
         autoswap (timeout). editexp now hands these changes off to a new
         script called manage_expsettings, which can be called by hand since
         we might need to force a change (I am not changing the classic UI, if
         a change is not allowed by the res system, we have to do it by hand).
      
      3. Minor fixes to reservation library.
      dc90a087
  2. 06 Sep, 2017 1 commit
    • Mike Hibler's avatar
      Implement slightly different policy for root keypair distribution. · 9a4eb5dc
      Mike Hibler authored
      If the site default is "distribute both keys to all nodes" (1), but the user
      specifies at least one explicit key distribution in an experiment, then
      default all the unspecified distributions for that experiment to "do not
      distribute." This avoids unexpected trust relationships with the unspecified
      nodes.
      9a4eb5dc
  3. 31 Aug, 2017 1 commit
  4. 23 Aug, 2017 1 commit
  5. 22 Aug, 2017 1 commit
  6. 27 Jul, 2017 1 commit
  7. 26 Jul, 2017 1 commit
    • Mike Hibler's avatar
      Support for per-experiment root keypairs (Round 1). See issue #302. · c6150425
      Mike Hibler authored
      Provide automated setup of an ssh keypair enabling root to login without
      a password between nodes. The biggest challenge here is to get the private
      key onto nodes in such a way that a non-root user on those nodes cannot
      obtain it. Otherwise that user would be able to ssh as root to any node.
      This precludes simple distribution of the private key using tmcd/tmcc as
      any user can do a tmcc (tmcd authentication is based on the node, not the
      user).
      
      This version does a post-imaging "push" of the private key from boss using
      ssh. The key is pushed from tbswap after nodes are imaged but before the
      event system, and thus any user startup scripts, are started. We actually
      use "pssh" (really "pscp") to scale a bit better, so YOU MUST HAVE THE
      PSSH PACKAGE INSTALLED. So be sure to do a:
      
          pkg install -r Emulab pssh
      
      on your boss node. See the new utils/pushrootkeys.in script for more.
      
      The public key is distributed via the "tmcc localization" command which
      was already designed to handle adding multiple public keys to root's
      authorized_keys file on a node.
      
      This approach should be backward compatible with old images. I BUMPED THE
      VERSION NUMBER OF TMCD so that newer clients can also get back (via
      rc.localize) a list of keys and the names of the files they should be stashed
      in. This is used to allow us to pass along the SSL and SSH versions of the
      public key so that they can be placed in /root/.ssl/<node>.pub and
      /root/.ssh/id_rsa.pub respectively. Note that this step is not necessary for
      inter-node ssh to work.
      
      Also passed along is an indication of whether the returned key is encrypted.
      This might be used in Round 2 if we securely implant a shared secret on every
      node at imaging time and then use that to encrypt the ssh private key such
      that we can return it via rc.localize. But the client side script currently
      does not implement any decryption, so the client side would need to be changed
      again in this future.
      
      The per experiment root keypair mechanism has been exposed to the user via
      old school NS experiments right now by adding a node "rootkey" method. To
      export the private key to "nodeA" and the public key to "nodeB" do:
      
          $nodeA rootkey private 1
          $nodeB rootkey public 1
      
      This enables an asymmetric relationship such that "nodeA" can ssh into
      "nodeB" as root but not vice-versa. For a symmetric relationship you would do:
      
          $nodeA rootkey private 1
          $nodeB rootkey private 1
          $nodeA rootkey public 1
          $nodeB rootkey public 1
      
      These user specifications will be overridden by hardwired Emulab restrictions.
      The current restrictions are that we do *not* distribute a root pubkey to
      tainted nodes (as it opens a path to root on a node where no one should be
      root) or any keys to firewall nodes, virtnode hosts, delay nodes, subbosses,
      storagehosts, etc. which are not really part of the user topology.
      
      For more on how we got here and what might happen in Round 2, see:
      
          #302
      c6150425
  8. 14 Jul, 2017 1 commit
  9. 13 Jul, 2017 1 commit
    • Leigh Stoller's avatar
      Work on issue #302: · 92c8e4ba
      Leigh Stoller authored
      Add new table experiment_keys to hold RSA priv/pub key pair and an SSH
      public key derived from the private key.
      
      Initialized when experiment is first created, I have not done anything
      to set the keys for existing experiments yet.
      
      But for testing, you can do this:
      
      	use lib "/usr/testbed/lib";
      	use Experiment;
      
      	my $experiment = Experiment->Lookup("testbed", "layers");
      	$experiment->GenerateKeys();
      92c8e4ba
  10. 07 Jul, 2017 1 commit
    • Leigh Stoller's avatar
      Deal with user privs (issue #309): · d1516912
      Leigh Stoller authored
      * Make user privs work across remote clusters (including stitching). I
        took a severe shortcut on this; I do not expect the Cloudlab portal
        will ever talk to anything but an Emulab based aggregate, so I just
        added the priv indicator to the user keys array we send over. If I am
        ever proved wrong on this, I will come out of retirement and fix
        it (for a nominal fee of course).
      
      * Do not show the root password for the console to users with user
        privs.
      
      * Make sure users with user privs cannot start experiments.
      
      * Do show the user trust values on the user dashboard membership tab.
      
      * Update tmcd to use the new privs slot in the nonlocal_user_accounts
        table.
      
      This closes issue #309.
      d1516912
  11. 12 Jun, 2017 2 commits
  12. 07 Jun, 2017 1 commit
  13. 05 Jun, 2017 1 commit
    • Leigh Stoller's avatar
      Working on issue #269 ... · ad2a3e70
      Leigh Stoller authored
      Add new script to "deprecate" images:
      
      	boss> wap deprecate_image
      	Usage: deprecate_image [-e|-w] <image> [warning message to users]
      	Options:
      	       -e     Use of image is an error; default is warning
      	       -w     Use of image is a warning
      
      When an image is deprecated with just warnings, new classic experiments
      generate warnings in the output. Swapping in an experiment also
      generates warnings in the output, but also sends email to the user.
      When the image set for error, both new experiment and swapin will fail
      with prejudice.
      
      Same deal on the Geni path; we generate warnings/errors and send email.
      Errors are reflected back in the Portal interface.
      
      At the moment the image server knows nothing about deprecated images, so
      the Portal constraint checker will not be bothered nor tell the user
      until later when the cluster throws an error. As a result, when we
      deprecate an image, we need to do it on all clusters. Needs to think
      about this a bit more.
      ad2a3e70
  14. 16 May, 2017 1 commit
  15. 22 Mar, 2017 1 commit
  16. 20 Jan, 2017 1 commit
    • Leigh Stoller's avatar
      Add a change for admission control; set the previously unused · 9326c43b
      Leigh Stoller authored
      expt_expires slot in the experiments table whenever we set the slice
      expiration time. In addition, do this in GetTicket() so that the
      mapper sees the proper expiration time; we do not set the slice
      expiration until the ticket is redeemed, and this throws off admission
      control.
      9326c43b
  17. 10 Oct, 2016 1 commit
    • Leigh Stoller's avatar
      Address linktest problems reported by Mike in issue #160: · e7422d49
      Leigh Stoller authored
      1. Changes to gentopofile to not put in linktest info for links and lan
         with only one member.
      
      2. Fix to the CM for deletenode of a node that has tagged links.
      
      3. Fixes to the status web page for deletenode; we were installing the
         linktest event handlers multiple times.
      
      4. Pass through -N argument to linktest from the CM, when the experiment
         has NFS mounts turned off, so that we use loghole to gather the data
         files (instead of via NFS).
      
      This closes issues #160.
      e7422d49
  18. 03 Oct, 2016 1 commit
  19. 10 Jun, 2016 1 commit
  20. 25 May, 2016 1 commit
  21. 14 Apr, 2016 1 commit
  22. 25 Feb, 2016 1 commit
  23. 22 Feb, 2016 1 commit
  24. 16 Nov, 2015 1 commit
  25. 25 Jun, 2015 1 commit
  26. 06 Apr, 2015 1 commit
  27. 13 Mar, 2015 2 commits
  28. 05 Mar, 2015 1 commit
  29. 26 Jan, 2015 3 commits
  30. 22 Jan, 2015 1 commit
  31. 31 Jul, 2014 1 commit
  32. 01 Jul, 2014 1 commit
  33. 17 Jun, 2014 1 commit
  34. 07 Nov, 2013 1 commit
  35. 14 Oct, 2013 2 commits