1. 15 Aug, 2005 1 commit
    • Leigh B. Stoller's avatar
      The bulk of the mailman support. Still not turned on by default (cause · a64593f3
      Leigh B. Stoller authored
      Jay has "comments"), but I do not want it hanging around in my source
      tree. Here is my mail message:
      
      * The "My Mailing Lists" is context sensitive (copied from Tim's
        changes to the My Bug Databases). It takes you to the *archives* for
        the current project (or subgroup) list. Or it takes you to your
        first joined project.
      
      * The showproject and showgroup pages have direct links to the project
        and group specific archives. If you are in reddot mode, you also
        get a link to the admin page for the list. Note that project and
        group leaders are just plain members of these lists.
      
      * The interface to create a new "user" list is:
      
      	https://www.emulab.net/dev/stoller/newmmlist.php3
      
        We do not store the password, but just fire it over in the list
        creation process.
      
        Anyone can create their own mailing lists. They are not associated
        with projects, but just the person creating the list. That person
        is the list administrator and is given permission to access the
        configuration page.
      
        This page is not hooked in yet; not sure where.
      
      * Once you have your own lists, you user profile page includes a link
        in the sub menu: Show Mailman Lists. From this page you can delete
        lists, zap to the admin page, or change the admin password (which is
        really just a subpage of the admin page).
      
      * As usual, in reddot mode you can mess with anyone else's mailman lists,
        (via the magic of mailman cookies).
      
      * Note on cross machine login. The mailman stuff has a really easy way
        to generate the right kind of cookie to give users access. You can
        generate a cookie to give user access, or to the admin interface for
        a list (a different cookie). Behind the scenes, I ssh over and get
        the cookie, and set it in the user's browser from boss. When the
        browser is redirected over to ops, that cookie goes along and gives
        the user the requested access. No passwords need be sent around,
        since we do the authentication ourselves.
      a64593f3
  2. 20 Jul, 2005 1 commit
  3. 07 Jul, 2005 1 commit
    • Leigh B. Stoller's avatar
      Oh, such a silly little project ... Added CVS support to Emulab. When · 9b17b075
      Leigh B. Stoller authored
      enabled in the defs file:
      
      	CVSSUPPORT=1
      
      each project gets a stub CVS tree created (using 'cvs init') in
      /proj/$pid/CVS. It is up to users obviously to do something with
      that tree, and of course they have to either set their CVSROOT
      env variable, or use the -d option to cvs.
      
      The showproject page gets a link to the per-project CVS tree, using
      the cvsweb interface, which I hacked up a bit to allow restricted
      access to specific project trees, via a ?pid=$pid argument to the URL.
      Without the ?pid argument, it falls back to normal behaviour, which is
      check the cvsallowed bit in the users table, and provide access to the
      Emulab source repo.
      
      If you are curious, go here:
      
      	https://www.emulab.net/cvsweb/cvsweb.php3/?pid=testbed
      9b17b075
  4. 31 May, 2005 1 commit
  5. 13 May, 2005 1 commit
    • Leigh B. Stoller's avatar
      Automate initial user/project setup from setup-db.txt. Rather then · dd1b57bc
      Leigh B. Stoller authored
      have the user go through a set of hard to explain steps, just push
      them through it using the web interface.
      
      * New sitevars to control a little state machine used by the web
        interface.
      
      * When first setting up a testbed, the sitevar value will force the
        web interface to present the user with a single menu option "Create
        New Project" and the "Home" link will take the user to that page.
        The user is instructed to login is as elabman.
      
      * The user fills in the form as directed in setup-ops.txt. Even though
        he is logged in as elabman, the newproject form has been altered to
        operate as if no one is logged in. I also default a bunch more of
        the fields in this case.
      
      * The user submits the form. Rather then pend the new project, just
        jump straight into approveproject. That grinds along as usual, and
        when it is done, the elabman account is frozen and the user logged
        out. The user gets a link inviting him to log back in as the user
        just created.
      
      * Side effects of this new process:
      
      	* The user is made an admin user (admin=1) automatically.
      	* The user is added to the emulab-ops project as group_root.
      	* The user verification process is skipped.
      	* The user is added to the unixgroups wheel and tbadmin.
      
      * I reworked this entire section of setup-db.txt ...
      
      * The user still needs to give himself a real shell and password on
        boss, but I left that for the user to do explicitly. I also drop in
        a pointer to the shellonboss.txt. I might automate this part too at
        some point. Not sure yet.
      dd1b57bc
  6. 21 Mar, 2005 1 commit
  7. 25 Jan, 2005 1 commit
  8. 05 Dec, 2003 1 commit
    • Leigh B. Stoller's avatar
      Move setting the node permission table for a project from the web · 4931fecf
      Leigh B. Stoller authored
      interface to the backend. mkproj now looks at the pcremote_ok set
      and makes the proper calls to grantnodetype. This reduces the amount
      of hardwired goo in the web interface.
      
      Still, there is a bit of hardwired stuff in mkproj. At present we do
      not form a relationship between a phys node type and the types we
      assign to the virtual nodes. Thats is, nothing says that a pcplabphys
      implies the right to use pcplabinet, etc. With only 3 remote phys
      types, I just hardwired it into mkproj calling grantnodetype with type
      pcplab (the class for the virtnodes) for pcplabphys. Same for pcron
      and pcwa, (both get pcvwa). Ultimately we need a better type system.
      In general the type system is pretty screwy.
      4931fecf
  9. 16 Oct, 2003 1 commit
  10. 14 Aug, 2003 1 commit
  11. 27 Mar, 2003 1 commit
  12. 13 Feb, 2003 1 commit
  13. 24 Jan, 2003 1 commit
  14. 30 Dec, 2002 1 commit
  15. 05 Dec, 2002 1 commit
  16. 16 Sep, 2002 1 commit
    • Leigh B. Stoller's avatar
      Reorg of working directory and log file stuff for start/swap/end · 533dc18f
      Leigh B. Stoller authored
      experiment. Here is mail to tbops:
      
      * Moved the working directory for experiment setup/swap/end to a new
        directory located on boss instead of over NFS to /proj/$pid/$eid. This
        new location is /usr/testbed/expwork/$pid/$eid.
      
      * Changed the name of the directories we create in /usr/testbed/expinfo to
        $pid-$eid.$index where $index is a new autoincrement field in the DB
        table. I really hated the names that were created before.
      
      * Changed where logs are written from /tmp to the new location in
        /usr/testbed/expwork/$pid/$eid.
      
      Okay, why.
      
      * We no longer operate on NFS mounted directories that might hang. Its
        easier to catch the situation where a copy of the log file over at the
        end of experiment creation fails cause of an NFS problem.
      
      * We no longer have user writable files that are inputs to other parts of
        the system (like top and ptop files).  Not that a user would be bad, but
        it closes a hole.
      
      * We no longer copy user writable files from /proj to boss where we might
        fill up an important filesystem cause the user put a .ndz file in the the
        working directory. Not that a user would be bad, but it closes a hole.
      
      * Its easier to save all the log files this way, for each swap in and
        out.
      
      * Removing a directory over NFS is a royal irritant when someone is CD'ed
        into that directory or looking at a file on the other side (the astute
        observer will peg this as the reason I went down this idiotic path in the
        first place!).
      
      * About 6 other reasons that I can no longer remember. Seriously, I really
        had more reasons I can no longer remember! :-)
      533dc18f
  17. 07 Jul, 2002 1 commit
  18. 12 Feb, 2002 1 commit
  19. 03 Jan, 2002 2 commits
  20. 27 Dec, 2001 1 commit
    • Leigh B. Stoller's avatar
      Another set of group changes. As discussed in email and meetings, · 8404af03
      Leigh B. Stoller authored
      group directories are now created in a different tree than the
      the project directory so that they can be exported independently of
      the project tree to the nodes in a group experiment. The tree is
      routed at /groups on boss/users and on nodes.
      
      1. mkgroup,rmgroup,mkproj - Minor changes to reflect new group
         directory location (/groups). We leave a symlink in the old spot to
         maintain compatability, and to reduce the number of different
         directories that a person needs to worry about. So, when a group is
         made, you get a real directory /groups/pid/gid, and a symlink
         /proj/pid/groups/gid that points to the former.
      
      2. tmcd/tmcd.c - Minor change to add the additional group directory mount
         in the mounts command. Only done when pid!=gid for the experiment.
      
      3. tmcd/libsetup.pm and friends - Minor changes to fix the fact that
         mkdir does not create subdirs along the way unless the -p option is
         specified. Needed to create the local directory for the mounts
         returned by tmcd for group dirs. Pushed them out to the sup trees,
         although 6.2 images older than the most recent one are not going to
         work right. No one is using those images though, and we should just
         flush the sup trees.
      
      4. exports_setup.in - Ah, the crux of the issue. I really dislike NFS
         at this point. The original idea was to export a third set of
         directories to nodes that were part of a group experiment. Those
         nodes would get /groups/pid/gid exported, and /proj/pid read-only.
         Well, no such luck. On users, /groups and /proj are both really on
         /q, and the old restriction of mountd not allowing an IP to
         specified more than once on the right hand side for any FS, reared
         its ugly head again. As far as mountd is concerned, /q/groups and
         /q/proj are the same thing, and so it bombed when I tried to export
         them on different lines, since that meant an IP was repeated twice.
         So, I reworked exports_setup, and now for any node that is part of
         a group experiment, it gets this:
      
      	/q/proj/pid /q/groups/pid/gid -maproot=root 155.101.132.26
      
         which at least allows the individual group dirs to be protected
         from each other, but does not allow /proj/pid to be exported read
         only. Sigh.
      8404af03
  21. 26 Dec, 2001 1 commit
    • Leigh B. Stoller's avatar
      A bunch o' account managment script schanges. I have reworked · 46068860
      Leigh B. Stoller authored
      mkprojdir, mkacct-cntrl, mkgroup, and group-update into a set of new
      scripts that are more specific to their intended operation, and strive
      to do less work.
      
      1. mkacct - Replaces mkacct-cntrl. This script no longer does any
         group stuff. All it does is create new accounts, or update the
         password and gecos fields of existing accounts. Usage is the same
         as it was: "mkacct <userid>", and is typically invoked from the web
         interface via the approveuser form.
      
      2. mkgroup - Replaces group-update. This script creates new groups,
         either for the main project when it is approved, or for subgroup
         creation. This script does not alter the group membership. Usage
         is typically from the web interface, but mkgroup can be invoked
         from the command line: "mkgroup [-b | -a] <pid> <gid>" where -b
         puts it in the background and sends email later, while -a just
         captures the log and emails. This "audit" feature is going to find
         its way into more scripts as soon as I figure out a neat and clean
         perl mechanism to make it easy.
      
      3. setgroups - Replaces group-update. This script modifies the group
         membership of either specific users, or all the users in a
         project. It is typically invoked from the web interface when a
         project leader edits the subgroup membership or when a user is
         first approved to a project or subgroup. Command line usage is:
      
      	setgroups [-b | -a] -p <pid> [user ...]
              setgroups [-b | -a] [user ...]\n
      
         The first form is mostly a means to speed things up. The web
         interfaces knows exactly what users have need to be changed, but a
         global project update is nice too.
      
      4. mkproj - Replaces mkprojdir. Actually, mkproj still has all that
         directory code, but it also handles creating the groups and the
         account for the project leader. Part of my policy to move as much
         random code out of the web interface and into the PERL backend
         where it belongs.
      46068860