1. 09 Oct, 2012 2 commits
  2. 08 Oct, 2012 5 commits
  3. 24 Sep, 2012 1 commit
    • Eric Eide's avatar
      Replace license symbols with {{{ }}}-enclosed license blocks. · 6df609a9
      Eric Eide authored
      This commit is intended to makes the license status of Emulab and
      ProtoGENI source files more clear.  It replaces license symbols like
      "EMULAB-COPYRIGHT" and "GENIPUBLIC-COPYRIGHT" with {{{ }}}-delimited
      blocks that contain actual license statements.
      
      This change was driven by the fact that today, most people acquire and
      track Emulab and ProtoGENI sources via git.
      
      Before the Emulab source code was kept in git, the Flux Research Group
      at the University of Utah would roll distributions by making tar
      files.  As part of that process, the Flux Group would replace the
      license symbols in the source files with actual license statements.
      
      When the Flux Group moved to git, people outside of the group started
      to see the source files with the "unexpanded" symbols.  This meant
      that people acquired source files without actual license statements in
      them.  All the relevant files had Utah *copyright* statements in them,
      but without the expanded *license* statements, the licensing status of
      the source files was unclear.
      
      This commit is intended to clear up that confusion.
      
      Most Utah-copyrighted files in the Emulab source tree are distributed
      under the terms of the Affero GNU General Public License, version 3
      (AGPLv3).
      
      Most Utah-copyrighted files related to ProtoGENI are distributed under
      the terms of the GENI Public License, which is a BSD-like open-source
      license.
      
      Some Utah-copyrighted files in the Emulab source tree are distributed
      under the terms of the GNU Lesser General Public License, version 2.1
      (LGPL).
      6df609a9
  4. 14 Sep, 2012 1 commit
    • Leigh B Stoller's avatar
      "improvements" to prereserve: · f7219346
      Leigh B Stoller authored
      New option -s datetime to specify a starting time for the pre-reserve.
      New option -e datetime to specify a ending time for the pre-reserve.
      
      The idea is that you can schedule a pre-reserve to begin sometime later,
      and you can optionally specify a time for a prereserve to terminate.
      There is a new script that runs from cron that checks for pre-reserves
      that need to be started or terminated.
      
      For example:
      
      boss> wap prereserve -s '2012-09-14 09:08:15' -e '2012-09-15' emulab-ops 50
      
      You can use any datetime string that is valid for str2time. At some point
      it would be nice to allow natural language dates ("tomorrow") but that
      requires a another bunch of perl packages and I didn't want to bother.
      
      NOTE: when using -e, -r is implied; in other words, when the
      pre-reserve is terminated, the table entry is cleared *and* the
      reserved_pid of all of the nodes is cleared. Any experiments using
      those nodes is left alone, although if the user does a swapmod, they
      could easily lose the nodes if another pre-reserve is set up that
      promises those nodes to another project.
      f7219346
  5. 12 Sep, 2012 1 commit
    • Mike Hibler's avatar
      Add SSL-only "arpinfo" command to return MAC/IP for servers and "peer" nodes. · fb1f8f9a
      Mike Hibler authored
      Details:
      
      Return MAC/IP (ARP) information for a node's "peers" on the node control
      net. We also return info for the control net gateway (if there is one)
      and any servers on the node control network (e.g., subbosses).
      
      As far as "peer" info, right now we just support calls by subbosses that
      will return the info for the set of nodes they control. This could also
      be used by experiment firewalls or gateways to return info for the nodes
      they are protecting and setup filters accordingly.
      
      Note that this call only returns info if invoked using SSL. This allows
      the client to be sure it is getting the info from boss.
      
      Tangentially related, is the addition of an index to the subbosses table
      to speed up a really slow query.
      fb1f8f9a
  6. 04 Sep, 2012 1 commit
  7. 27 Aug, 2012 1 commit
  8. 24 Aug, 2012 1 commit
  9. 20 Aug, 2012 1 commit
  10. 16 Aug, 2012 1 commit
  11. 03 Aug, 2012 1 commit
  12. 01 Aug, 2012 1 commit
    • Leigh B Stoller's avatar
      This commit adds some simple support for using the Infiniband on the · 997b21b5
      Leigh B Stoller authored
      Probe Cluster. The problem is that the IFB is a shared network that
      every node attaches to, which can looks like an ethernet device that
      can ifconfig'ed. In other words, one big lan.
      
      But we still want the user to be able to create a lan so that they can
      interact with it in thei NS file like any other network.
      
      The NS syntax is:
      
      	set lan2 [$ns make-lan "node1 node2 node3" * 0ms]
      	tb-set-switch-fabric $lan2 "infiniband"
      
      The switch fabric tells the backend to do IP assignment for the
      specific global network. Yes, I tried to be a little but general
      purpose. Lets see how this actually turns out.
      
      This first commit treats the fabric as a single big lan on the same
      subnet.
      
      NOTE 1: Since the unroutable IP space is kinda small, but the Probe
      Cluster is really big, we can easily run out of bits if we tried to do
      assignment on virtual topos. Instead, fabrics get their IP allocation
      at swapin time, and the allocations are deleted when the experiment is
      swapped out. The rationale is that the number of swapped in
      experiments is much much smaller then the number of possible topos
      that can be loaded into the DB. Still might run out, but less likely.
      
      The primary impact of above is that IP assignments can change from
      one swap to another, but this is easy to deal with if the user is
      scripting their experiment; the IP allocation is available via the
      XMLRPC interface.
      
      NOTE 2: The current code allocates from a single big network, which
      makes it easy for users to mess each other up if they start doing
      things by hand. Ultimately, we want each lan in each experinent to use
      their own subnet, but that is going to take more work, so lets do it
      in the second phase.
      
      The definition of "network fabrics" is in the new network_fabrics
      tables. As an example for probe:
      
      	INSERT INTO `network_fabrics` set
      		idx=NULL,
      		name='ifband',
      		created=now(),
      		ipalloc=1, ipalloc_onenet=1,
      		ipalloc_subnet='192.168.0.0',ipalloc_netmask='255.255.0.0'
      997b21b5
  13. 25 Jul, 2012 1 commit
  14. 24 Jul, 2012 1 commit
    • Mike Hibler's avatar
      Add a 'disabled' field to the subbosses table. · e08bfeec
      Mike Hibler authored
      This allows us to more easily disable a subboss in the event of a temporary
      subboss outage (e.g., hardware failure). Previously we would have to remove
      the related rows from the DB and restore them later.
      e08bfeec
  15. 17 Jul, 2012 4 commits
  16. 14 Jul, 2012 1 commit
  17. 11 Jul, 2012 1 commit
    • Leigh B Stoller's avatar
      Cleanup in the web interface to prevent XSS attacks. · 6cf701f9
      Leigh B Stoller authored
      We had a couple of different problems actually.
      
      * We allow users to insert html into many DB fields (say, a project or
        experiment description).
      
      * We did not sanitize that output when displaying back.
      
      * We did not sanitize initial page arguments that were reflected in the
        output (say, in a form).
      
      Since no one has the time to analyze every line of code, I took a couple of
      shortcuts. The first is that I changed the regex table to not allow any <>
      chars to go from the user into the DB. Brutal, but in fact there are only a
      couple of places where a user legitimately needs them. For example, a
      startup command that includes redirection. I handle those as special
      cases. As more come up, we can fix them.
      
      I did a quick pass through all of the forms, and made sure that we run
      htmlspecialchars on everything including initial form args. This was not
      too bad cause of the way all of the forms are structured, with a
      "formfields" array.
      
      I also removed a bunch of obsolete code and added an update script to
      actually remove them from the www directory.
      
      Lastly, I purged some XMLRPC code I did a long time ago in the Begin
      Experiment path. Less complexity, easier to grok and fix.
      
      	modified:   sql/database-fill.sql
      	modified:   sql/dbfill-update.sql
      6cf701f9
  18. 02 Jul, 2012 2 commits
  19. 18 Jun, 2012 1 commit
  20. 07 Jun, 2012 1 commit
    • Leigh B Stoller's avatar
      New script, clone_image to simplify create/snapshot from a node. · b01c991d
      Leigh B Stoller authored
      clone_image is a wrapper around newimageid_ez and create_image, that
      simplifies the most common operation; creating a new imageid derived
      from the image/os that is currently running in the node, and then
      taking a snapshot of the node. So for example, if node pcXXX is
      running image FREEBSD, and you want to create a custom image from that
      node, all you need to do:
      
      	boss> clone_image myfreebsd pcXXX
      
      which will create the new descriptor, deriving everything from the
      FREEBSD image on the node, and then take a snapshot from pcXXX. If
      the descriptor already exists, just take the snapshot.
      
      So what if you do:
      
      	boss> clone_image FREEBSD pcXXX
      
      well, the image is always looked up in the project the node is
      currently attached to, so in fact a new descriptor is created in that
      project, and you do not actually overwrite an image from some other
      project. 
      
      I've added some locking to images to prevent concurrent snapshots.
      This seemed like a good idea since this script is going to be used
      from the ProtoGeni interface. More on this in another commit.
      b01c991d
  21. 24 May, 2012 2 commits
  22. 18 May, 2012 1 commit
  23. 16 May, 2012 3 commits
  24. 15 May, 2012 1 commit
    • Mike Hibler's avatar
      Fix a capserver vulnerability reported by John Hickey. · 2d9daab0
      Mike Hibler authored
      Validate those SQL args!
      
      NOTE: we also ensure that the reporting node is listed as a legit tip server
      in the tipservers table. This means that capture may stop working on nodes
      whose servers are not in the table! SQL update 291 will add any servers
      listed in tiplines entries that are not in tipservers to prevent this breakage.
      2d9daab0
  25. 14 May, 2012 2 commits
  26. 11 May, 2012 2 commits