1. 24 Aug, 2012 1 commit
  2. 20 Aug, 2012 1 commit
  3. 16 Aug, 2012 1 commit
  4. 03 Aug, 2012 1 commit
  5. 01 Aug, 2012 1 commit
    • Leigh Stoller's avatar
      This commit adds some simple support for using the Infiniband on the · 997b21b5
      Leigh Stoller authored
      Probe Cluster. The problem is that the IFB is a shared network that
      every node attaches to, which can looks like an ethernet device that
      can ifconfig'ed. In other words, one big lan.
      
      But we still want the user to be able to create a lan so that they can
      interact with it in thei NS file like any other network.
      
      The NS syntax is:
      
      	set lan2 [$ns make-lan "node1 node2 node3" * 0ms]
      	tb-set-switch-fabric $lan2 "infiniband"
      
      The switch fabric tells the backend to do IP assignment for the
      specific global network. Yes, I tried to be a little but general
      purpose. Lets see how this actually turns out.
      
      This first commit treats the fabric as a single big lan on the same
      subnet.
      
      NOTE 1: Since the unroutable IP space is kinda small, but the Probe
      Cluster is really big, we can easily run out of bits if we tried to do
      assignment on virtual topos. Instead, fabrics get their IP allocation
      at swapin time, and the allocations are deleted when the experiment is
      swapped out. The rationale is that the number of swapped in
      experiments is much much smaller then the number of possible topos
      that can be loaded into the DB. Still might run out, but less likely.
      
      The primary impact of above is that IP assignments can change from
      one swap to another, but this is easy to deal with if the user is
      scripting their experiment; the IP allocation is available via the
      XMLRPC interface.
      
      NOTE 2: The current code allocates from a single big network, which
      makes it easy for users to mess each other up if they start doing
      things by hand. Ultimately, we want each lan in each experinent to use
      their own subnet, but that is going to take more work, so lets do it
      in the second phase.
      
      The definition of "network fabrics" is in the new network_fabrics
      tables. As an example for probe:
      
      	INSERT INTO `network_fabrics` set
      		idx=NULL,
      		name='ifband',
      		created=now(),
      		ipalloc=1, ipalloc_onenet=1,
      		ipalloc_subnet='192.168.0.0',ipalloc_netmask='255.255.0.0'
      997b21b5
  6. 25 Jul, 2012 1 commit
  7. 24 Jul, 2012 1 commit
    • Mike Hibler's avatar
      Add a 'disabled' field to the subbosses table. · e08bfeec
      Mike Hibler authored
      This allows us to more easily disable a subboss in the event of a temporary
      subboss outage (e.g., hardware failure). Previously we would have to remove
      the related rows from the DB and restore them later.
      e08bfeec
  8. 17 Jul, 2012 4 commits
  9. 14 Jul, 2012 1 commit
  10. 11 Jul, 2012 1 commit
    • Leigh Stoller's avatar
      Cleanup in the web interface to prevent XSS attacks. · 6cf701f9
      Leigh Stoller authored
      We had a couple of different problems actually.
      
      * We allow users to insert html into many DB fields (say, a project or
        experiment description).
      
      * We did not sanitize that output when displaying back.
      
      * We did not sanitize initial page arguments that were reflected in the
        output (say, in a form).
      
      Since no one has the time to analyze every line of code, I took a couple of
      shortcuts. The first is that I changed the regex table to not allow any <>
      chars to go from the user into the DB. Brutal, but in fact there are only a
      couple of places where a user legitimately needs them. For example, a
      startup command that includes redirection. I handle those as special
      cases. As more come up, we can fix them.
      
      I did a quick pass through all of the forms, and made sure that we run
      htmlspecialchars on everything including initial form args. This was not
      too bad cause of the way all of the forms are structured, with a
      "formfields" array.
      
      I also removed a bunch of obsolete code and added an update script to
      actually remove them from the www directory.
      
      Lastly, I purged some XMLRPC code I did a long time ago in the Begin
      Experiment path. Less complexity, easier to grok and fix.
      
      	modified:   sql/database-fill.sql
      	modified:   sql/dbfill-update.sql
      6cf701f9
  11. 02 Jul, 2012 2 commits
  12. 18 Jun, 2012 1 commit
  13. 07 Jun, 2012 1 commit
    • Leigh Stoller's avatar
      New script, clone_image to simplify create/snapshot from a node. · b01c991d
      Leigh Stoller authored
      clone_image is a wrapper around newimageid_ez and create_image, that
      simplifies the most common operation; creating a new imageid derived
      from the image/os that is currently running in the node, and then
      taking a snapshot of the node. So for example, if node pcXXX is
      running image FREEBSD, and you want to create a custom image from that
      node, all you need to do:
      
      	boss> clone_image myfreebsd pcXXX
      
      which will create the new descriptor, deriving everything from the
      FREEBSD image on the node, and then take a snapshot from pcXXX. If
      the descriptor already exists, just take the snapshot.
      
      So what if you do:
      
      	boss> clone_image FREEBSD pcXXX
      
      well, the image is always looked up in the project the node is
      currently attached to, so in fact a new descriptor is created in that
      project, and you do not actually overwrite an image from some other
      project. 
      
      I've added some locking to images to prevent concurrent snapshots.
      This seemed like a good idea since this script is going to be used
      from the ProtoGeni interface. More on this in another commit.
      b01c991d
  14. 24 May, 2012 2 commits
  15. 18 May, 2012 1 commit
  16. 16 May, 2012 3 commits
  17. 15 May, 2012 1 commit
    • Mike Hibler's avatar
      Fix a capserver vulnerability reported by John Hickey. · 2d9daab0
      Mike Hibler authored
      Validate those SQL args!
      
      NOTE: we also ensure that the reporting node is listed as a legit tip server
      in the tipservers table. This means that capture may stop working on nodes
      whose servers are not in the table! SQL update 291 will add any servers
      listed in tiplines entries that are not in tipservers to prevent this breakage.
      2d9daab0
  18. 14 May, 2012 2 commits
  19. 11 May, 2012 3 commits
  20. 10 May, 2012 2 commits
  21. 24 Apr, 2012 1 commit
  22. 21 Apr, 2012 2 commits
  23. 17 Apr, 2012 1 commit
  24. 11 Apr, 2012 1 commit
    • Leigh Stoller's avatar
      So this commit allows a vlan to be "shared" bewteen experiments. By · dae29101
      Leigh Stoller authored
      shared, I mean that an experiment can request that a port be put into
      a vlan belonging to another experiment. This started out as a hack to
      support openflow enabled vlans in Geni, but then I got a request to
      make it a little more general purpose. You all know how that goes.
      
      Okay, say you have an experiment E1 in some project and that
      experiment has a link or lan call "lan0". You want other experiments
      to be able to stick ports in that vlan. On boss, you would do this
      after E1 is swapped in:
      
      boss> wap sharevlan -o testbed,E1 lan0 mysharedlan
      
      The -o option says to make the vlan open to anyone; without that
      option, only admins can swap in an experiment that requests a port in
      lan0.  The token "mysharedlan" is just a level of indirection for the
      NS file (or rspec).
      
      Next you create a new experiment E2, and in your NS file:
      
      	$ns make-portinvlan $n1 "mysharedlan"
      
      which says to create a lan with a interface on node n1, in the vlan
      named by the token mysharedlan. The token keeps specific pid/eids out
      of the NS file. 
      
      When E2 is swapped in, assign does its thing, and the selected port is
      added to the members list for lan0 in testbed,E1 and then we call
      snmpit with the syncvlansfromtables (-X) option to get the port added.
      
      When E2 is swapped out, we undo the members list and call snmpit with
      the -X option again.
      
      The access issue is a bit of hack of course (open or admins) but I did
      not want to invent a new permission mechanism (yet).
      
      And of course, this is still a work in progress.
      dae29101
  25. 04 Apr, 2012 2 commits
  26. 27 Mar, 2012 1 commit
    • Leigh Stoller's avatar
      Bunch of changes for "management" interfaces (ilo,drac,etc); make · 85b81867
      Leigh Stoller authored
      management interfaces more of a first class citizen instead of a
      hack. New script:
      
      management_iface -t <type> -a [key|pswd] [-s <switchinfo>]
                              <node_id> mac IP arg1 arg2
      management_iface -r <node_id>
        -h       This message
        -t type  Management type; ilo, ilo2, drac
        -s info  Optional switch info; switch,card,port
        -s -     Search output of switchmac to find switch info
        -a pswd  Password auth; provide login and password.
        -a key   SSH key auth; provide login and key path.
        -r       Remove management interface from DB.
      
      which adds the management interface to the database (interfaces,
      outlets and outlets_remoteauth. Optionally adds the wires table
      entry if you add -s option. Uses switchmac to find the switch info or
      you can specify it on the command line. So for example, here is what I
      did to add the ilo2 interface for a node:
      
      management_iface -t ilo2 -a pswd -s - pc1 e8:39:35:ae:c9:7c \
                       155.98.34.100 elabman mypasswd
      or
      management_iface -t ilo2 -a key -s - pc1 e8:39:35:ae:c9:7c \
                       155.98.34.100 elabman /root/.ssh/somekey
      
      Of course someone had to have added the elabman user and key or
      password to the ilo config via its interface. 
      
      * dhcpd_makeconf will add local node management interfaces to the
        config file. We can set them to dhcp instead of hardwiring the IP in
        the management interface.
      
      * The DB changes add a management type to the enums in the interfaces
        and wires table, and updates the existing interface entries.
      85b81867
  27. 16 Mar, 2012 1 commit