1. 19 Jul, 2011 1 commit
  2. 27 May, 2011 1 commit
  3. 18 May, 2011 1 commit
  4. 17 May, 2011 1 commit
    • Mike Hibler's avatar
      Add machinery to automatically setup mrouted on the control network. · 3ba294d9
      Mike Hibler authored
      This is specifically intended for elabinelab right now where configurations
      with an "inner control network" need a multicast router for inner frisbee
      to work. There is (an undocumented) NEEDMROUTED defs variable that controls
      whether the machinery is triggered or not. It is not documented because, though
      in theory this would work for a real boss setup, it has not been tested and
      each install would probably need a custom mrouted.conf file.
      
      For an inner elab, this variable is automatically set in defs-elabinelab
      if there is an inner control network. The result is that the mrouted port
      will be installed, it will be enabled in rc.conf, and a stub mrouted.conf
      file is created (to force mrouted to ignore the real control network).
      3ba294d9
  5. 11 May, 2011 1 commit
  6. 20 Apr, 2011 1 commit
    • Leigh Stoller's avatar
      Changes our ssh key/account handling in RedeemTicket() and · 03c2107c
      Leigh Stoller authored
      CreateSliver(), to handle multiple accounts.  This somewhat reflects
      the Geni AM API for keys, which allows the client to specify multiple
      users, each with a set of ssh keys.
      
      The keys argument to the CM now looks like the following (note that
      the old format is still accepted and will be for a while).
      
      [{'urn'   => 'urn:blabla'
        'login' => 'dopey',
        'keys'  => [ list of keys like before ]},
       {'login' => "leebee",
        'keys'  => [ list of keys ... ]}];
      
      Key Points:
      
      1. You can supply a urn or a login or both. Typically, it is going to
         be the result of getkeys() at the PG SA, and so it will include
         both.
      
      2. If a login is provided, use that. Otherwise use the id from the urn.
      
      3. No matter what, verify that the token is valid for Emulab an uid
         (standard 8 char unix login that is good on just about any unix
         variant), and transform it if not.
      
      4. For now, getkeys() at the SA will continue to return the old format
         (unless you supply version=2 argument) since we do not want to
         default to a keylist that most CMs will barf on.
      
      5. I have modified the AM code to transform the Geni AM version of the
         "users" argument into the above structure. Bottom line here, is
         that users of the AM interface will not actually need to do
         anything, although now multiple users are actually supported
         instead of ignored.
      
      Still to be done are the changes to the login services structure in
      the manifest. We have yet to settle on what these changes will look
      like, but since people generally supply valid login ids, you probably
      will not need this, since no transformation will take place.
      03c2107c
  7. 05 Apr, 2011 1 commit
  8. 04 Apr, 2011 1 commit
  9. 10 Mar, 2011 1 commit
  10. 07 Mar, 2011 1 commit
  11. 10 Feb, 2011 3 commits
  12. 08 Feb, 2011 2 commits
  13. 07 Feb, 2011 1 commit
  14. 03 Feb, 2011 2 commits
  15. 02 Feb, 2011 1 commit
  16. 18 Jan, 2011 1 commit
  17. 11 Jan, 2011 2 commits
    • Mike Hibler's avatar
      Found a patch that will make the SelfLoader work with perl 5.10.1. · f0ea7d23
      Mike Hibler authored
      Repeating myself since not everything got committed last time...
      
      In the lastest version of SelfLoader they fixed the taint problem.  It is
      literally one line of code (plus updating version string) so I just made
      a patch.  Also, fixup boss/ops-install to apply the patch and change the
       default to use the SelfLoader again.
      f0ea7d23
    • Mike Hibler's avatar
      More work toward getting this working on subboss. · 8d80301e
      Mike Hibler authored
      More work on the hierarchical configuration for subboss. When doing host-based
      authentication, allow client to pass an explicit host (IP) to the mserver.
      If the mserver is configured to allow it, that IP is used for authenticating
      the request instead of the caller's IP. Add a default ("null") configuration
      so the mserver can operate out-of-the-box with no config file. The goal of
      these two changes is for an mserver instance with the default config and a
      proxy option to serve the needs of a subboss node (i.e., so no explicit
      configuration will be needed).
      8d80301e
  18. 06 Jan, 2011 2 commits
  19. 22 Dec, 2010 1 commit
  20. 21 Dec, 2010 1 commit
  21. 17 Dec, 2010 1 commit
  22. 14 Dec, 2010 1 commit
  23. 10 Dec, 2010 4 commits
  24. 07 Dec, 2010 1 commit
  25. 30 Nov, 2010 1 commit
  26. 23 Nov, 2010 1 commit
  27. 12 Nov, 2010 3 commits
  28. 09 Nov, 2010 2 commits
    • Mike Hibler's avatar
      Clean up some update turds. · 1b7ca63a
      Mike Hibler authored
      Cody updated his year old elabinelab and uncovered some problems with the
      update process.  Note the updates to the install/updates scripts are just
      to add "MASTER_SITE_FREEBSD=1" to the make lines.  This doesn't change
      anything functionally, it just speeds up the builds for older FreeBSDs where
      some of the MASTER_SITEs no longer exist.
      1b7ca63a
    • Mike Hibler's avatar
      More chicken and egg. · 8700c093
      Mike Hibler authored
      We had a special hack to make sure general/testbed_shutdown sitevar exists,
      however we were trying to initialize the ns_include column that doesn't
      exist til DB update 191.  Now we just explicitly set known-to-exist columns.
      8700c093