1. 21 Feb, 2012 2 commits
  2. 20 Feb, 2012 1 commit
  3. 17 Feb, 2012 8 commits
    • Leigh B Stoller's avatar
      Oops, minor fix to previous revision. · c30549b5
      Leigh B Stoller authored
      c30549b5
    • Leigh B Stoller's avatar
      Reorganize the protogeni installation code. · 99c1507e
      Leigh B Stoller authored
      * Split all of the certificate stuff out of initsite into initcerts so
        that it can be run independently, and when updating the IP/domain of
        a site.
      
      * Redo initsite in terms of libinstall. Fully automated now, no user
        intervention needed.
      
      * Regarding above statement, the new site no longer has to email the
        new CA certificate to us; a new web page is exported from the
        clearing house website that allows a new CA to be "provisionally"
        accepted; the new CA will be allowed to register their new protogeni
        certificates, but otherwise will have no access to anything else
        until someone at the ClearingHouse moves them from the unapproved to
        the approved column. 
      
      * New script called "cacontrol" that should be used from now on to
        manage the CA certificates. Also called from the web interface to
        provisionally install a new CA certificate into an "unapproved"
        bundle that is not distributed to other protogeni sites. Otherwise,
        cacontrol should be used as follows:
      
      	boss$ perl cacontrol -h
      	Usage: cacontrol [-a] [-n] [-d] <certfile>
      	       cacontrol [-n] [-d] -c <commonname>
      	       cacontrol [-n] [-d] -r <commonname>
      	Options
      	  -n     - Impotent mode; do not do anything for real
      	  -d     - Turn on debugging.
      	  -a     - Add certificate to approved list instead.
      	  -c     - Move certificate (commonname) to approved list.
      	  -r     - Remove certificate with given commonname.
      
        In the first form, add a new CA certificate to the unapproved list
        (this is the entrypoint used by the web page mentioned above). If
        you add the -a option, it goes right into the approved bundle
        (approved means it goes into the xmlsec directory and is exported to
        other sites).
      
        The second form is used to move a CA from the unapproved column to
        the approved colum.
      
        The third form is used to delete a CA certificate.
      
        NO MORE HAND EDITING OF THE FILES!
      99c1507e
    • Leigh B Stoller's avatar
      BIG reorganization of the install code. · 82e1d812
      Leigh B Stoller authored
      * Split up boss/ops/fs install into indvidual modules; generally, what
        was a toplevel phase in the original files is not a file. This
        allowed for better code/variable reuse. No longer monolithic, which
        makes it easy to test and rerun parts.
      
      * Incorporate "update" into the install process. Certain phase file
        can be used in update mode, as when the IP/subnet/domain changes.
      
      * Moved the MFS setup from rc.mkelab into the normal install process.
        Users no longer have to do this themselves. Good thing.
      
      * installvars.pm is a new library that has the merged set of the
        zillion variables that were at the top of boss/fs/ops install.
      82e1d812
    • Leigh B Stoller's avatar
    • Leigh B Stoller's avatar
      5e545a69
    • Leigh B Stoller's avatar
      A protogeni page that will be used by the new protogeni initsite to · 5664bbb5
      Leigh B Stoller authored
      automatically record a new CA certificate. Hand the certificate off
      to cacontrol, which will provisionally accept the certificate so that
      the caller can then register their other certificates.
      5664bbb5
    • Leigh B Stoller's avatar
      1cbd3dc5
    • Leigh B Stoller's avatar
      Turn of debugging. · 16d71b7c
      Leigh B Stoller authored
      16d71b7c
  4. 16 Feb, 2012 3 commits
  5. 15 Feb, 2012 4 commits
  6. 14 Feb, 2012 1 commit
  7. 13 Feb, 2012 5 commits
  8. 10 Feb, 2012 4 commits
  9. 09 Feb, 2012 2 commits
  10. 08 Feb, 2012 6 commits
  11. 07 Feb, 2012 2 commits
  12. 03 Feb, 2012 1 commit
  13. 02 Feb, 2012 1 commit
    • Leigh B Stoller's avatar
      Add a couple of changes for the GPO. · cfbcf2c4
      Leigh B Stoller authored
      1. Change default slice expiration to a new site variable called
         protogeni/default_slice_lifetime, defaults to six hours.
      
      2. Add a site variable (protogeni/warn_short_slices) to tell the
         sa_daemon if it should send email to war about short lived slices
         expiring, defaults to off.
      cfbcf2c4