1. 04 Feb, 2015 1 commit
  2. 05 Dec, 2014 1 commit
    • Mike Hibler's avatar
      Support dynamically created NFS-root filesystems for admin MFS. · f36bcfab
      Mike Hibler authored
      Significant hackary involved. Similar to exports_setup, there is a boss-side
      script and an ops-side script to handle creation and destruction of the ZFS
      clones that are used for the NFS filesystem. The rest was all about when to
      invoke said scripts.
      
      Creation is easy, we just do a clone whenever the TBAdminMfsSelect is called
      to "turn on" node admin mode. Destruction is not so simple. If we destroyed
      the clone on the corresponding TBAdminMfsSelect "off" call, then we could
      yank the filesystem out from under the node if it was still running in the
      MFS (e.g., "node_admin -n off node"). While that would probably be okay in
      most uses, where at worst we would have to apod or power cycle the node, we
      try to do better. TBAdminMfsSelect "off" instead just renames the clone
      (to "<nodeid>-DEAD") so that it stays available if the node is running on
      it at the time, but ensures that it will not get accidentally used by any
      future boot. We check for, and destroy, any previous versions for a node
      every time we invoke the nfsmfs_setup code for that node. We also destroy
      live or dead clones whenever we call nfree. This ensures that all MFSes
      get cleaned up at experiment swapout time.
      f36bcfab
  3. 05 Nov, 2014 1 commit
  4. 04 Nov, 2014 1 commit
  5. 24 Oct, 2014 1 commit
  6. 20 Aug, 2014 1 commit
  7. 25 Jul, 2014 1 commit
  8. 10 Jul, 2014 1 commit
  9. 09 Jul, 2014 1 commit
  10. 01 Jul, 2014 1 commit
  11. 20 Mar, 2014 1 commit
  12. 17 Mar, 2014 2 commits
    • Kirk Webb's avatar
      Refactor taintstate code and move final taint updates to stated. · 662972cd
      Kirk Webb authored
      Can't do the untainting for all cases in libosload*.  The untainting
      is now hooked into stated, where we catch the nodes as they send
      along their "RELOADDONE" events to update their taint state according
      to the final state of their partitions.
      662972cd
    • Kirk Webb's avatar
      Add taint state tracking for OSes and Nodes. · 1de4e516
      Kirk Webb authored
      Emulab can now propagate OS taint traits on to nodes that load these OSes.
      The primary reason for doing this is for loading images which
      require special treatment of the node.  For example, an OS that has
      proprietary software, and which will be used as an appliance (blackbox)
      can be marked (tainted) as such.  Code that manages user accounts on such
      OSes, along with other side channel providers (console, node admin, image
      creation) can key off of these taint states to prevent or alter access.
      
      Taint states are defined as SQL sets in the 'os_info' and 'nodes' tables,
      kept in the 'taint_states' column in both.  Currently these sets are comprised
      of the following entries:
      
      * usermode: OS/node should only allow user level access (not root)
      * blackbox: OS/node should allow no direct interaction via shell, console, etc.
      * dangerous: OS image may contain malicious software.
      
      Taint states are inherited by a node from OSes it loads during the OS load
      process.  Similarly, they are cleared from nodes as these OSes are removed.
      Any taint state applied to a node will currently enforce disk zeroing.
      
      No other tools/subsystems consider the taint states currently, but that will
      change soon.
      
      Setting taint states for an OS has to be done via SQL presently.
      1de4e516
  13. 28 May, 2013 1 commit
  14. 24 Sep, 2012 1 commit
    • Eric Eide's avatar
      Replace license symbols with {{{ }}}-enclosed license blocks. · 6df609a9
      Eric Eide authored
      This commit is intended to makes the license status of Emulab and
      ProtoGENI source files more clear.  It replaces license symbols like
      "EMULAB-COPYRIGHT" and "GENIPUBLIC-COPYRIGHT" with {{{ }}}-delimited
      blocks that contain actual license statements.
      
      This change was driven by the fact that today, most people acquire and
      track Emulab and ProtoGENI sources via git.
      
      Before the Emulab source code was kept in git, the Flux Research Group
      at the University of Utah would roll distributions by making tar
      files.  As part of that process, the Flux Group would replace the
      license symbols in the source files with actual license statements.
      
      When the Flux Group moved to git, people outside of the group started
      to see the source files with the "unexpanded" symbols.  This meant
      that people acquired source files without actual license statements in
      them.  All the relevant files had Utah *copyright* statements in them,
      but without the expanded *license* statements, the licensing status of
      the source files was unclear.
      
      This commit is intended to clear up that confusion.
      
      Most Utah-copyrighted files in the Emulab source tree are distributed
      under the terms of the Affero GNU General Public License, version 3
      (AGPLv3).
      
      Most Utah-copyrighted files related to ProtoGENI are distributed under
      the terms of the GENI Public License, which is a BSD-like open-source
      license.
      
      Some Utah-copyrighted files in the Emulab source tree are distributed
      under the terms of the GNU Lesser General Public License, version 2.1
      (LGPL).
      6df609a9
  15. 30 Aug, 2012 1 commit
  16. 29 Aug, 2012 1 commit
  17. 29 Jun, 2012 1 commit
  18. 26 Jun, 2012 1 commit
  19. 10 Oct, 2011 1 commit
    • Leigh Stoller's avatar
      Add support for sharing images between projects. New table called · 646b64f6
      Leigh Stoller authored
      image_permissions stores access info for images. You can share an
      image with a user or a group (project), and you can specify write
      access to allow updating the image in place. Note that write access
      does not allow the descriptor to be modified, only the image itself.
      Well, that is how it will be after Mike changes mfrisbeed.
      
      The front end script to modify permissions is grantimage:
      
      	boss> grantimage -u stoller -w tbres,myimage
      	boss> grantimage -u stoller -w tbres,myimage
      
      which grants write access to stoller. Or:
      
      	boss> grantimage -g testbed,testbed tbres,myimage
      
      which grants access to the testbed project. Notice that you can
      specify subgroups this way.
      
      	boss> grantimage -l tbres,myimage
      
      will give you a list of current permissions. To revoke, just add -r
      option:
      
      	boss> grantimage -g testbed,testbed -r tbres,myimage
      
      Who is allowed to grant access to an image? 1) An adminstrator of
      course, 2) the image creator, and 3) any group_root in the group that
      the image belongs to. Being granted access to use an image does not
      confer permission to grant access to others.
      
      One last task; while the web interface displays the permissions, there
      is no web interface to modify the permissions; users will still have
      to ask us for now.
      646b64f6
  20. 20 Sep, 2011 1 commit
  21. 11 Oct, 2010 1 commit
    • Leigh Stoller's avatar
      Work on an optimization to the perl code. Maybe you have noticed, but · 92f83e48
      Leigh Stoller authored
      starting any one of our scripts can take a second or two. That time is
      spent including and compiling 10000s of thousands of lines of perl
      code, both from our libraries and from the perl libraries.
      
      Mostly this is just a maintenance thing; we just never thought about
      it much and we have a lot more code these days.
      
      So I have done two things.
      
      1) I have used SelfLoader() on some of our biggest perl modules.
         SelfLoader delays compilation until code is used. This is not as
         good as AutoLoader() though, and so I did it with just a few 
         modules (the biggest ones).
      
      2) Mostly I reorganized things:
      
        a) Split libdb into an EmulabConstants module and all the rest of
           the code, which is slowly getting phased out.
      
        b) Move little things around to avoid including libdb or Experiment
           (the biggest files).
      
        c) Change "use foo" in many places to a "require foo" in the
           function that actually uses that module. This was really a big
           win cause we have dozens of cases where we would include a
           module, but use it in only one place and typically not all.
      
      Most things are now starting up in 1/3 the time. I am hoping this will
      help to reduce the load spiking we see on boss, and also help with the
      upcoming Geni tutorial (which kill boss last time).
      92f83e48
  22. 09 Apr, 2010 1 commit
  23. 08 Apr, 2010 2 commits
  24. 25 Mar, 2010 1 commit
  25. 12 Oct, 2009 1 commit
    • David Johnson's avatar
      Add the ability to load images on virtnodes. For now, we just overload · c6c57bc9
      David Johnson authored
      the tb-set-node-os command with a second optional argument; if that is
      present, the first arg is the child OS and the second is the parent OS.
      We add some new features in ptopgen (OS-parentOSname-childOSname) based
      off a new table that maps which child OSes can run on which parents, and
      the right desires get added to match.  We setup the reloads in os_setup
      along with the parents.  Also needed a new opmode, RELOAD-PCVM, to handle
      all this.
      
      For now, users only have to specify that their images can run on pcvms, a
      special hack for which type the images can run on.  This makes sense in
      general since there is no point conditionalizing childOS loading on
      hardware type at the moment, but rather on parentOS.  Hopefully this stuff
      wiill mostly work on shared nodes too, although we'll have to be more
      aggressive on the client side garbage collecting old frisbee'd images for
      long-lived shared hosts.
      
      I only made these changes in libvtop, so assign_wrapper folks are left in
      the dark.
      
      Currently, the client side supports frisbee.  Only in openvz for now, and
      this probably breaks libvnode_xen.pm.  Also in here are some openvz
      improvements, like ability to sniff out which network is the public
      control net, and which is the fake virtual control net.
      c6c57bc9
  26. 18 Mar, 2009 1 commit
  27. 01 May, 2008 1 commit
    • Kevin Atkinson's avatar
      Implemt FS#187 -- Show admin history of projects: · 8054f5f8
      Kevin Atkinson authored
        When a project is initially created a new mailing list is created,
        PROJ-admin@emulab.net.
      
        testbed-approval is subscribed to the list
      
        Several emails that originally went to testbed-approval now go to the
        mailing list instead.  The From, To, fields are basically the same
        with testbed-approval becoming PROJ-admin.  This means some mail
        is sent with a From PROJ-admin and Bcc the mailing list.  Note that
        some mail still goes to testbed-approval directly, in particular
        ones where there is no clear project involved, and when a project is
        denied.
      
        In addition notifications of approval status of new members is also
        sent to the list.  These emails use to only go to testbed-audit@.
      
        Currently All mail sent to PROJ-admin is also sent to testbed-audit
        (via a Bcc).  This means that some mail that didn't use to go to
        testbed-audit now does.
      
        The mailing list is deleted when a project is deleted with out first
        being approved.  Becuase of this notified that a project is denied
        is sent to testbed-approval instead of PROJ-admin.
      
        Admins can access the mailing list from the Project Profile page.
      
        The mailing list is open in order to allow users to reply to the
        mailing list, in addition the check that PROJ-admin is in the To or
        CC field is disabled.  There is currently no spam control on the
        mailing lists.  However, since the mailing list address is not posted
        anywhere it should't pick up to much spam.  If it does we can deal
        with it then.
      
        Finally, a new script is created to create the per-project admin
        mailing list.  See doc/UPDATING.
      
      Also add DBQuerySingleFatal to libdb, which is like DBQueryFatal but
      also fails if the query didn't return any results.  Basically
      identical to he version in libtblog.  Eventually libtblog should be
      modified to use this version.
      8054f5f8
  28. 19 Oct, 2007 1 commit
    • Russ Fish's avatar
      Move newimageid_ez page form logic to a backend Perl script. · 9a586d0b
      Russ Fish authored
           www/newimageid_ez.php3 - The reworked PHP page.  Calls Image::NewImageId with ez=1.
           www/newimageid.php3 - Call Image::NewImageId with ez=0.
           www/imageid_defs.php - Re-use the Image::NewImageId class method, adding an 'ez' arg.
           backend/{newimageid_ez,GNUmakefile}.in configure configure.in - New backend script.
               After checks, calls OSinfo->Create and Image->Create with the same XML args array.
           db/Image.pm.in - Re-use the Image->Create method, adding an imageid over-ride arg.
           db/OSinfo.pm.in - Filter out extraneous db slot args from XML in the Create method.
           db/libdb.pm.in - Add TB_{OS,IMAGE}ID_* constants from dbdefs.php3 .
           sql/database-fill.sql - Add OS entries to the table_regex 'images' pattern set.
      9a586d0b
  29. 19 Sep, 2007 1 commit
  30. 10 Sep, 2007 1 commit
    • Leigh Stoller's avatar
      Rework the newosid web page as an example of how I want all of our current · 77540494
      Leigh Stoller authored
      form processing to be done.
      
      The gist is that I have moved all of the data checking and DB work to
      the backend into a new script called utils/newosid. This script does
      all the field checking that used to be done in php. It takes a simple
      XML file as input and returns a set of strings to format as errors (if
      there are any).
      
      The overall goal to make a big push to move this code out of PHP and
      perl.  A nice side effect is that many operations that are current
      only available via the web interface will also become available
      command line (and also XMLRPC with a little moew work).
      77540494
  31. 02 Aug, 2007 1 commit
  32. 13 Mar, 2007 1 commit