1. 06 Aug, 2014 1 commit
  2. 25 Jul, 2014 3 commits
  3. 22 Jul, 2014 1 commit
  4. 17 Jul, 2014 2 commits
    • Leigh Stoller's avatar
      Run the main ssh as root. Also a fix to how we get the · 9dbb7f0a
      Leigh Stoller authored
      parent image when provenance is on.
      9dbb7f0a
    • Mike Hibler's avatar
      Add support for auto-detecting when to create a delta image. · bc7c6e40
      Mike Hibler authored
      Uses the new-ish imagezip -P option. But first we had to get that option
      to imagezip. So the key-value interface between server and client now has
      an IZOPTS key where you can pass options to imagezip (This is now used to
      pass the -N that we have always specified as well).
      
      Also changed imagezip to print out a less ambiguous message when the option
      is in use, if will clearly say that it is full or delta. This matters because
      we have to parse the imagezip output on the server to figure out what kind
      of image it is!
      bc7c6e40
  5. 16 Jul, 2014 4 commits
  6. 15 Jul, 2014 1 commit
    • Kirk Webb's avatar
      Add taint checks at various places to enforce node restrictions · 797f83dd
      Kirk Webb authored
      A bit overdue, but here they are.
      
      * Disallow image creation for any taint state on node/image
      * Disallow console access for "blackbox" and "useronly" states
      * Disallow node_admin for "blackbox" and "useronly" states
      
      TB Admins are exempt from these restrictions.
      797f83dd
  7. 14 Jul, 2014 3 commits
  8. 13 Jul, 2014 1 commit
  9. 12 Jul, 2014 1 commit
    • Mike Hibler's avatar
      Make sure we use -i for sendmail when we pipe into it. · 355f5aa8
      Mike Hibler authored
      This prevents a line with a single "." from meaning EOF to sendmail.
      How arcane!
      
      I discovered this when I ran a create_image and I didn't get the complete
      log mailed to me. This is because create_image did a frisbee download of an
      image with a single chunk, which of course printed out:
      
        Using Multicast 235.252.1.187
        Joined the team after 0 sec. ID is 1586355915. File is 1 chunks (963200 bytes)
        .
      
      Fortunately, "arcane" is my middle name, so it didn't take me long to find
      this...
      355f5aa8
  10. 11 Jul, 2014 1 commit
  11. 10 Jul, 2014 2 commits
  12. 09 Jul, 2014 3 commits
  13. 02 Jul, 2014 1 commit
  14. 01 Jul, 2014 1 commit
  15. 30 Jun, 2014 2 commits
  16. 13 Jun, 2014 1 commit
  17. 12 Jun, 2014 1 commit
    • Kirk Webb's avatar
      Update the use of realpath across all perl scripts · 3f167217
      Kirk Webb authored
      Change to use the realpath function in the 'Cwd' module instead of
      calling realpath via the shell.  The shell command varies in its
      reaction to a missing final path component.  On some platforms (Linux,
      FBSD10+) realpath reports an error if the final component doesn't exist
      on the filesystem.  On others (FBSD < 10), it does not report an error.
      
      The perl function from 'Cwd' emulates the same behavior as FBSD prior to
      version 10, which is the behavior the scripts expect.
      
      From here on out, instead of using `realpath`, do the following:
      
      use Cwd qw(realpath);
      ..
      ..
      my $realpath = realpath($somepath);
      3f167217
  18. 06 Jun, 2014 2 commits
    • Leigh Stoller's avatar
      Lessons learned from my first attempt to use this to debug a problem · 508bd9e5
      Leigh Stoller authored
      for Nick! The output format needed some, uh, tweaks.
      508bd9e5
    • Leigh Stoller's avatar
      New script, analogous to Mike's node_traffic script. Basically, it · b885ce89
      Leigh Stoller authored
      was driving me nuts that we do not have an easy way to see what is
      going on *inside* the fabric.
      
      So this one reports on traffic across trunk links and interconnects
      out of the fabric.  Basic operation is pretty simple:
      
      	Usage: switch_traffic [-rs] [-i seconds] [switch[:switch] ...]
      	Reports traffic across trunk links and interconnects
      	-h          This message
      	-i seconds  Show stats over a <seconds>-period interval
      
      So with no arguments will give portstats style output of all trunk
      links and interconnects in the database. Trunk links are aggregate
      numbers of all of the trunk wires that connect two switches.
      
      The -i option gives traffic over an interval, which is much more
      useful than the raw packet numbers, since on most of our switches
      those numbers have probably rolled over a few times.
      
      You can optionally specify specific switches and interconnects on the
      command line. For example:
      
      boss> wap switch_traffic -i 10 cisco3 ion
      Trunk                    InOctets      InUpkts   InNUpkts   ...
      ----------------------------------------------------------- ...
      cisco3:cisco10                128            0          1   ...
      cisco3:cisco8                2681            7          4   ...
      cisco3:cisco1                4493           25          7   ...
      cisco3:cisco9                 192            0          1   ...
      cisco3:cisco4                 128            0          2   ...
      pg-atla:ion                     0            0          0   ...
      pg-hous:ion                     0            0          0   ...
      pg-losa:ion                     0            0          0   ...
      pg-salt:ion                  2952            0         42   ...
      pg-wash:ion                     0            0          0   ...
      
      NOTE that the above output is abbreviated so it does not wrap in the
      git log, but you get the idea.
      
      Or you can specify a specific trunk link:
      
      	boss> wap switch_traffic -i 10 cisco3:cisco8
      
      Okay this is all pretty basic and eventually it would be nice to take
      these numbers and feed them into mrtg or rrdtool so we can view pretty
      graphs, but this as far as I can take it for now.
      
      Maybe in the short term it would be enough to record the numbers every
      5 minutes or so and put the results into a file.
      b885ce89
  19. 04 Jun, 2014 1 commit
  20. 02 Jun, 2014 2 commits
    • Leigh Stoller's avatar
      Do not drop privs before the second ssh, when taking an image of a · e92c073a
      Leigh Stoller authored
      VM. Note that the target script uses sudo, but not in all the places
      it needs to, so lets just run the script as root, and yank the sudo
      out later.
      e92c073a
    • Mike Hibler's avatar
      Support for gathering and storing Infiniband interface GUIDs in the DB. · 12a41b7e
      Mike Hibler authored
      Since GUIDs are 16 bytes and our current interface MACs are only 12 bytes,
      I agonized over whether to grow the mac column to 16 bytes and just treat
      it as a unique identifier (which is all we use that column for anyway).
      However, in the end I just added a new guid column as there were mac columns
      in a variety of other tables and it wasn't clear what the relationship was
      and what I might break.
      
      So, the newnode MFS will now report back a GUID for interfaces it recognizes
      as IB (FreeBSD-specific right now). The boss-side checkin code with stash
      that value in new_interfaces (and later interfaces when added). For possible
      backward compat, it will also generate a MAC address from that (possibly
      Mellanox-specific) so that all entries in the interfaces table will have
      a MAC (yes, it should really be the other way around--all interfaces should
      always have a guid).
      
      End of story. We don't do anything else with IB right now other than stash
      an interface GUID.
      12a41b7e
  21. 30 May, 2014 1 commit
    • Mike Hibler's avatar
      Change sshtb to allow "-host $BOSSNODE". · f4d4dd0e
      Mike Hibler authored
      Needed when boss is the tip server (i.e., for IPMI consoles).
      
      Somehow this vaguely feels like a potential flaw. Prior to this,
      a misconfigured sshtb command that specified boss would fail.
      Now it will succeed and run in the one place it can cause the
      most damage.
      
      Also, fix a couple of nits in the console code.
      f4d4dd0e
  22. 25 May, 2014 1 commit
  23. 20 May, 2014 2 commits
  24. 15 May, 2014 1 commit
  25. 09 May, 2014 1 commit
    • Mike Hibler's avatar
      New imagevalidate tool for printing/checking/updating image metadata. · 0bb906f4
      Mike Hibler authored
      This should be run whenever an image is created or updated and possibly
      periodically over existing images. It makes sure that various image
      metadata fields are up to date:
      
       * hash: the SHA1 hash of the image. This field has been around for
         awhile and was previously maintained by "imagehash".
      
       * size: the size of the image file.
      
       * range: the sector range covered by the uncompressed image data.
      
       * mtime: modification time of the image. This is the "updated"
         datetime field in the DB. Its intent was always to track the update
         time of the image, but it wasn't always exact (create-image would
         update this with the current time at the start of the image capture
         process).
      
      Documentation? Umm...the usage message is comprehensive!
      It sports a variety of useful options, but the basics are:
      
       * imagevalidate -p <image> ...
          Print current DB metadata for indicated images. <image> can either
          be a <pid>/<imagename> string or the numeric imageid.
      
       * imagevalidate <image> ...
          Check the mtime, size, hash, and image range of the image file and
          compare them to the values in the DB. Whine for ones which are out
          of date.
      
       * imagevalidate -u <image> ...
          Compare and then update DB metadata fields that are out of date.
      
      Fixed a variety of scripts that either used imagehash or computed the
      SHA1 hash directly to now use imagevalidate.
      0bb906f4