1. 02 Oct, 2014 1 commit
  2. 01 Oct, 2014 1 commit
  3. 25 Sep, 2014 1 commit
  4. 03 Sep, 2014 1 commit
  5. 26 Aug, 2014 1 commit
  6. 15 Aug, 2014 1 commit
  7. 14 Aug, 2014 2 commits
  8. 06 Aug, 2014 1 commit
  9. 31 Jul, 2014 1 commit
  10. 28 Jul, 2014 2 commits
  11. 22 Jul, 2014 1 commit
  12. 10 Jul, 2014 3 commits
  13. 01 Jul, 2014 1 commit
  14. 09 Jun, 2014 1 commit
  15. 02 Jun, 2014 1 commit
    • Mike Hibler's avatar
      Support for gathering and storing Infiniband interface GUIDs in the DB. · 12a41b7e
      Mike Hibler authored
      Since GUIDs are 16 bytes and our current interface MACs are only 12 bytes,
      I agonized over whether to grow the mac column to 16 bytes and just treat
      it as a unique identifier (which is all we use that column for anyway).
      However, in the end I just added a new guid column as there were mac columns
      in a variety of other tables and it wasn't clear what the relationship was
      and what I might break.
      
      So, the newnode MFS will now report back a GUID for interfaces it recognizes
      as IB (FreeBSD-specific right now). The boss-side checkin code with stash
      that value in new_interfaces (and later interfaces when added). For possible
      backward compat, it will also generate a MAC address from that (possibly
      Mellanox-specific) so that all entries in the interfaces table will have
      a MAC (yes, it should really be the other way around--all interfaces should
      always have a guid).
      
      End of story. We don't do anything else with IB right now other than stash
      an interface GUID.
      12a41b7e
  16. 12 May, 2014 3 commits
  17. 06 May, 2014 1 commit
    • Mike Hibler's avatar
      Add "relocatable" flag to images table to indicate that an image can be moved. · 65de520b
      Mike Hibler authored
      Hopefully, my last schema change related to images. If relocatable is not
      set then an image must be loaded at the lba_low offset. If set, then the
      image can be loaded at other offsets. Currently, all FBSD images are
      relocatable courtesy of the relocation mechanism in imagezip (which can
      fix up otherwise absolute offsets in an image). Sadly, Linux images are
      not relocatable due to absolute block numbers in the grub partition
      bootblock that we require. Ryan "taught" imagezip to relocate these, but
      I need to find his changes.
      65de520b
  18. 05 May, 2014 1 commit
  19. 02 May, 2014 2 commits
  20. 27 Mar, 2014 1 commit
  21. 26 Mar, 2014 1 commit
  22. 25 Mar, 2014 1 commit
    • Leigh B Stoller's avatar
      Server side of firewall support for XEN containers. · 2faea2f3
      Leigh B Stoller authored
      This differs from the current firewall support, which assumes a single
      firewall for an entire experiment, hosted on a dedicated physical
      node. At some point, it would be better to host the dedicated firewall
      inside a XEN container, but that is a project for another day (year).
      
      Instead, I added two sets of firewall rules to the default_firewall_rules
      table, one for dom0 and another for domU. These follow the current
      style setup of open,basic,closed, while elabinelab is ignored since it
      does not make sense for this yet.
      
      These two rules sets are independent, the dom0 rules can be applied to
      the physical host, and domU rules can be applied to specific
      containers.
      
      My goal is that all shared nodes will get the dom0 closed rules (ssh
      from local boss only) to avoid the ssh attacks that all of the racks
      are seeing.
      
      DomU rules can be applied on a per-container (node) basis. As
      mentioned above this is quite different, and needed minor additions to
      the virt_nodes table to allow it.
      2faea2f3
  23. 24 Mar, 2014 1 commit
  24. 17 Mar, 2014 1 commit
    • Kirk Webb's avatar
      Add taint state tracking for OSes and Nodes. · 1de4e516
      Kirk Webb authored
      Emulab can now propagate OS taint traits on to nodes that load these OSes.
      The primary reason for doing this is for loading images which
      require special treatment of the node.  For example, an OS that has
      proprietary software, and which will be used as an appliance (blackbox)
      can be marked (tainted) as such.  Code that manages user accounts on such
      OSes, along with other side channel providers (console, node admin, image
      creation) can key off of these taint states to prevent or alter access.
      
      Taint states are defined as SQL sets in the 'os_info' and 'nodes' tables,
      kept in the 'taint_states' column in both.  Currently these sets are comprised
      of the following entries:
      
      * usermode: OS/node should only allow user level access (not root)
      * blackbox: OS/node should allow no direct interaction via shell, console, etc.
      * dangerous: OS image may contain malicious software.
      
      Taint states are inherited by a node from OSes it loads during the OS load
      process.  Similarly, they are cleared from nodes as these OSes are removed.
      Any taint state applied to a node will currently enforce disk zeroing.
      
      No other tools/subsystems consider the taint states currently, but that will
      change soon.
      
      Setting taint states for an OS has to be done via SQL presently.
      1de4e516
  25. 10 Mar, 2014 1 commit
    • Mike Hibler's avatar
      Support "no NFS mount" experiments. · 5446760e
      Mike Hibler authored
      We have had the mechanism implemented in the client for some time and
      available at the site-level or, in special cases, at the node level.
      New NS command:
      
          tb-set-nonfs 1
      
      will ensure that no nodes in the experiment attempt to mount shared
      filesystems from ops (aka, "fs"). In this case, a minimal homdir is
      created on each node with basic dotfiles and your .ssh keys. There will
      also be empty /proj, /share, etc. directories created.
      
      One additional mechanism that we have now is that we do not export filesystems
      from ops to those nodes. Previously, it was all client-side and you could
      mount the shared FSes if you wanted to. By prohibiting the export of these
      filesystems, the mechanism is more suitable for "security" experiments.
      5446760e
  26. 27 Feb, 2014 1 commit
  27. 19 Feb, 2014 1 commit
    • Leigh B Stoller's avatar
      Checkpoint. · 9e9ac6ee
      Leigh B Stoller authored
      * Add a .htaccess file that does the rewrites, instead of in the httpd
        confile file. Added Rob's stuff for rewriting urls to hide the .php
        although not sure this is working correctly yet.
      
      * Add simple MyExperiments page so that logged in users can find their
        way back to running profiles.
      
      * Move the DB table holding the running experiment records from the
        geni-sa DB into the main Emulab DB. Lots of little changes for that.
      
      * Change logout to plain link instead of ajax call. That was a silly
        thing to do.
      
      * Bug fixes to ssh keys and shell login from the status page.
      9e9ac6ee
  28. 13 Feb, 2014 1 commit
  29. 12 Feb, 2014 1 commit
    • Mike Hibler's avatar
      Add frisbee master server mechanisms for turning on dynamic rate tuning. · d9ee4a67
      Mike Hibler authored
      For the Emulab configuration, we add the new site variable
      "images/frisbee/maxrate_dyn" which should be set non-zero to enable
      dynamic adjustment. If maxrate_dyn is enabled, then the maxrate_{std,usr}
      values are used as both the initial and maximum values for the BW of any
      instance. Really, if maxrate_dyn is on, then both of those should be set
      to the same value so that all servers are operating the same and the value
      should be just above the link BW.
      
      For the "null" configuration (aka, the subboss configuration),
      this is set by adding command line options:
          -O dynamicbw=1,bandwidth=1100000000
      which would enable it and start/cap the BW at 1.1Gb/sec.
      d9ee4a67
  30. 07 Feb, 2014 1 commit
  31. 29 Jan, 2014 1 commit
  32. 17 Jan, 2014 1 commit
  33. 08 Jan, 2014 1 commit