1. 12 Dec, 2017 1 commit
    • David Johnson's avatar
      Add Linux exp firewall support for virt_node_public_addr addresses. · 798f9b6f
      David Johnson authored
      A new tmcd command, publicaddrinfo, just dumps the relevant bits of
      virt_node_public_addr to any node in an experiment that has addrs
      allocated (we don't want to restrict based on calling node_id or
      pool_id).
      
      Then the generic getfwconfig() function calls that, and sets some bits.
      I also extended this function to add some dynamic clientside vars
      (EMULAB_DOMAIN, EMULAB_EXPDOMAIN, EMULAB_PUBLICADDRS) so that user
      firewall rule writers can use them to refer to the control net IPs of
      nodes in their experiment (i.e., node-0.EMULAB_EXPDOMAIN); and so that
      rules can be written over EMULAB_PUBLICADDRS -- a command-delineated
      list of IP addrs).
      
      Finally, I extended the Linux firewalling code to allow any experiment
      node to answer ARPs for the public IP addresses; we can't know a priori
      which node should answer -- and it could change.
      
      This closes #353 .
      798f9b6f
  2. 02 Nov, 2017 1 commit
  3. 13 Oct, 2017 1 commit
  4. 13 Sep, 2017 1 commit
  5. 30 Aug, 2017 3 commits
  6. 26 Jul, 2017 1 commit
    • Mike Hibler's avatar
      Support for per-experiment root keypairs (Round 1). See issue #302. · c6150425
      Mike Hibler authored
      Provide automated setup of an ssh keypair enabling root to login without
      a password between nodes. The biggest challenge here is to get the private
      key onto nodes in such a way that a non-root user on those nodes cannot
      obtain it. Otherwise that user would be able to ssh as root to any node.
      This precludes simple distribution of the private key using tmcd/tmcc as
      any user can do a tmcc (tmcd authentication is based on the node, not the
      user).
      
      This version does a post-imaging "push" of the private key from boss using
      ssh. The key is pushed from tbswap after nodes are imaged but before the
      event system, and thus any user startup scripts, are started. We actually
      use "pssh" (really "pscp") to scale a bit better, so YOU MUST HAVE THE
      PSSH PACKAGE INSTALLED. So be sure to do a:
      
          pkg install -r Emulab pssh
      
      on your boss node. See the new utils/pushrootkeys.in script for more.
      
      The public key is distributed via the "tmcc localization" command which
      was already designed to handle adding multiple public keys to root's
      authorized_keys file on a node.
      
      This approach should be backward compatible with old images. I BUMPED THE
      VERSION NUMBER OF TMCD so that newer clients can also get back (via
      rc.localize) a list of keys and the names of the files they should be stashed
      in. This is used to allow us to pass along the SSL and SSH versions of the
      public key so that they can be placed in /root/.ssl/<node>.pub and
      /root/.ssh/id_rsa.pub respectively. Note that this step is not necessary for
      inter-node ssh to work.
      
      Also passed along is an indication of whether the returned key is encrypted.
      This might be used in Round 2 if we securely implant a shared secret on every
      node at imaging time and then use that to encrypt the ssh private key such
      that we can return it via rc.localize. But the client side script currently
      does not implement any decryption, so the client side would need to be changed
      again in this future.
      
      The per experiment root keypair mechanism has been exposed to the user via
      old school NS experiments right now by adding a node "rootkey" method. To
      export the private key to "nodeA" and the public key to "nodeB" do:
      
          $nodeA rootkey private 1
          $nodeB rootkey public 1
      
      This enables an asymmetric relationship such that "nodeA" can ssh into
      "nodeB" as root but not vice-versa. For a symmetric relationship you would do:
      
          $nodeA rootkey private 1
          $nodeB rootkey private 1
          $nodeA rootkey public 1
          $nodeB rootkey public 1
      
      These user specifications will be overridden by hardwired Emulab restrictions.
      The current restrictions are that we do *not* distribute a root pubkey to
      tainted nodes (as it opens a path to root on a node where no one should be
      root) or any keys to firewall nodes, virtnode hosts, delay nodes, subbosses,
      storagehosts, etc. which are not really part of the user topology.
      
      For more on how we got here and what might happen in Round 2, see:
      
          #302
      c6150425
  7. 07 Jul, 2017 1 commit
    • Leigh Stoller's avatar
      Deal with user privs (issue #309): · d1516912
      Leigh Stoller authored
      * Make user privs work across remote clusters (including stitching). I
        took a severe shortcut on this; I do not expect the Cloudlab portal
        will ever talk to anything but an Emulab based aggregate, so I just
        added the priv indicator to the user keys array we send over. If I am
        ever proved wrong on this, I will come out of retirement and fix
        it (for a nominal fee of course).
      
      * Do not show the root password for the console to users with user
        privs.
      
      * Make sure users with user privs cannot start experiments.
      
      * Do show the user trust values on the user dashboard membership tab.
      
      * Update tmcd to use the new privs slot in the nonlocal_user_accounts
        table.
      
      This closes issue #309.
      d1516912
  8. 19 Jun, 2017 1 commit
  9. 31 May, 2017 1 commit
  10. 16 May, 2017 1 commit
  11. 24 Mar, 2017 2 commits
    • Mike Hibler's avatar
      Semi-hack to ensure that Wisconsin nodes don't include their SSDs · fbe5f38f
      Mike Hibler authored
      in blockstore-related VGs.
      
      Right now, you have to decide globally and in advance, what disk types
      are going to be included in blockstore pools. Then you set the sitevar
      accordingly and then set the DB sysvol/nonsysvol/any node_type_features
      to reflect the amount of storage available on just drives of that type.
      
      This value is passed to clients via the otherwise unused PROTO field
      of the blockstore line (when CMD=SLICE and CLASS=local), so this change
      is backward compatible (OS images with older client code will ignore it
      and just give you blockstores including all the devices).
      
      So at Wisconsin, I set storage/local/disktype to "HDD-only" and tweak
      the node_type_attributes '?+disk_any' and '?+disk_nonsysvol' to not
      include the space for the 1 or 2 SSD drives in each machine. tmcd passes
      the PROTO=HDD-only value and the client sees that and does not include
      any SSD devices among the eligible devices from which to create the VG.
      
      The hope is that ultimately, we could get rid of the sitevar and use the
      PROTO field to select, per-blockstore, its type (only HDD, only SSD).
      But that will require additional per node (type) assign features
      differentiating the amount of each type available.
      fbe5f38f
    • Mike Hibler's avatar
  12. 31 Jan, 2017 2 commits
  13. 20 Jan, 2017 1 commit
    • Mike Hibler's avatar
      New 'subbossinfo' command. · d75093f8
      Mike Hibler authored
      When invoked by a subboss, returns key=value pairs from subboss_attributes
      for all services for that subboss. Will be used to configure subbosses,
      eliminating the need to customize startup scripts per-subboss.
      d75093f8
  14. 17 Jan, 2017 1 commit
    • Mike Hibler's avatar
      Implement heartbeat/status reports in Frisbee. · 2be46ba4
      Mike Hibler authored
      There are three pieces here, a change to the frisbee protocol itself, an
      Emulab event component to get status back to the portal, and the surrounding
      infrastructure to make it all work.
      
      Frisbee heartbeat messages:
      
      Added a new message type to the frisbee protocol, "Progress". In theory it
      operates by having the server send a multicast progress request to its clients
      which includes an interval at which to report (or "just once") and an
      indication of what to report (nothing, progress summary, or full stats). The
      client then sends unicast "fire and forget" UDP replies according to that
      schedule. However, I took a shortcut for the moment and just added a command
      line option to the client to tell it to report a summary at the indicated
      interval (-H <interval>).  So the server never sends requests.
      
      This is implemented in the client by a fourth thread since I wanted it to
      operate independent of packet reception (which would cause clients to report
      in a highly synchronized fashion due to multicast). The server instance just
      logs progress reports into its log.
      
      This protocol addition should be fully backward compatible as both client and
      server ignore (but log) unknown messages.
      
      Emulab progress report events:
      
      When this is compiled in (-DEMULAB_EVENTS) and turned on (-E <server>), the
      frisbee server instances will send a FRISBEEPROGRESS event to the indicated
      event server for every progress report it receives (in addition to logging the
      events to its own log). Right now it will create an event with key/value pairs
      for the information in a client summary reply:
      
      TSTAMP is the client's time at which it sends the event. Could be used by the
      received to determine latency of the report if it cared (and if it assumed
      that the clocks are in sync). We don't care about this.
      
      SEQUENCE is the report number. Again, could be used by the receiver, in this
      case to detect loss, if it cared. We don't.
      
      CHUNKS_RECV is complete chunks that the client has received from the network.
      CHUNKS_DECOMP is chunks decompressed by the client.  BYTES_WRITTEN is bytes
      written to disk by the client.
      
      Any of the three can be used by the event receiver as an indication of life
      and/or progress. However, only the last would be a reasonable indicator of
      time remaining since it is the last (and slowest) phase of imaging. To
      estimate time remaining we could compare that value to the amount of
      uncompressed data that is in the image. This makes the sketchy assumptions
      that time for writes to the disk are uniform and that the number and distance
      of seeks is uniform, but it is better than a sharp stick in the eye.
      
      Emulab infrastructure:
      
      There is a new sitevar "images/frisbee/heartbeat" which can be set to a
      non-zero value to tell the frisbee MFS to fire off frisbee with -H <value>
      and thus make reports. The default value of zero means to not make reports.
      The tmcd "loadinfo" command sends this through via the HEARTBEAT=<value>
      param.
      
      REQUIRED A TMCD VERSION BUMP TO 41.
      2be46ba4
  15. 17 Nov, 2016 1 commit
  16. 21 Oct, 2016 1 commit
    • Mike Hibler's avatar
      Fix assorted lint. · 4d94c464
      Mike Hibler authored
      Primarily I was after what was causing the occasional segfault.
      That problem was caused by calling tmcc on a node that was free.
      Seems we were derefing some NULL columns returned by mysql because
      we assumed that there would always be a row in experiments for the
      node in question.
      
      Since I do need to call tmcd from the "pxewait" initramfs on Moonshot
      ARM nodes, I cleaned up this assumption.
      4d94c464
  17. 18 Oct, 2016 1 commit
  18. 04 Oct, 2016 1 commit
  19. 19 Sep, 2016 1 commit
  20. 12 Sep, 2016 1 commit
    • Mike Hibler's avatar
      Modify NOVIRTNFSMOUNTS to allow mounts on vnodes with routable IPs. · 470a81e5
      Mike Hibler authored
      This is different than the traditional behavior of this defs- variable.
      Previously it caused tmcd to not expose any NFS mounts to shared-host vnodes.
      We relax that now to allow exposing such mounts to vnodes with routable IP
      addresses.
      
      The rationale for this change is simply that the original option was only
      intended to prevent exporting mounts to hosts that could not reach the FS
      node anyway due to their unroutable cnet IPs.
      470a81e5
  21. 04 Sep, 2016 1 commit
  22. 29 Aug, 2016 1 commit
    • Leigh Stoller's avatar
      Fix for bug Kirk reported; we were returning two sets of accounts to · 9f49cc7e
      Leigh Stoller authored
      geni slice nodes when the project was a local project. In this case, we
      want to return the project accounts and ignore the ssh keys sent in the
      geni API call (a future change might involve a merge of accounts, but
      not unless someone actually needs it). And for a nonlocal project we of
      course still want to return the geni API ssh keys, but not return the
      project member accounts, since they are just stub accounts and don't
      actually have any ssh keys associated with them. They just cause
      confusion.
      9f49cc7e
  23. 10 Jun, 2016 2 commits
    • Mike Hibler's avatar
      Allow doloadinfo() to return more than the stock 2K of info. · fa686a25
      Mike Hibler authored
      At least for TCP based calls. We will need this for long-ish delta chains.
      I didn't think this warranted a version number bump even though it is
      possible that an old MFS that makes a UDP-based call will only wind up
      getting the first line (image). The reasoning here is that MFSes that old
      could only handle one line anyway in rc.frisbee!
      fa686a25
    • Leigh Stoller's avatar
      NFS mount changes, still a work in progress, bound to change: · e369c1a8
      Leigh Stoller authored
      * The Emulab portal now adds a toplevel element (Emulab namespace)
        directing the CM to use standard emulab mounts (read: /users).
        We clear that element from the other portals.
      
      * The CM looks for that tag, and allows it only if the caller is the local
        SA. The default for nfsmounts setting for geni experiment containers is
        "genidefault", but that is set to "emulabdefault" when allowed.
      
      * tmcd changes; no using nfsmounts slot instead of nonfsmounts. "none"
        means no mounts (duh), "emulabdefault" means standard mounts we all know
        and love, "genidefault" means no /users mounts.
      
        In addition, when we are doing emulabdefault mounts on a geni experiment
        node, we do not return accounts that are specified in the rspec, but
        rather we return the local project accounts only.
      e369c1a8
  24. 25 Apr, 2016 1 commit
  25. 19 Apr, 2016 1 commit
  26. 14 Apr, 2016 1 commit
  27. 07 Apr, 2016 2 commits
  28. 01 Apr, 2016 2 commits
  29. 28 Mar, 2016 1 commit
  30. 05 Feb, 2016 1 commit
  31. 31 Jan, 2016 1 commit
    • Mike Hibler's avatar
      Tweaks to TRIM reporting code. · f927aba6
      Mike Hibler authored
      Make the interval between TRIM operations a per nodetype (or per node)
      attribute instead of a global site variable. The sitevar will still be
      used to turn TRIM on or off globally.
      f927aba6
  32. 21 Jan, 2016 1 commit
  33. 23 Dec, 2015 1 commit