1. 06 Dec, 2018 1 commit
    • Leigh Stoller's avatar
      Various fixes for ualloc switches: · cdcbedc7
      Leigh Stoller authored
      * Stop using the ALWAYSUP state machine for switches, this causes ISUP
        to always get sent, which in certain cases, results in stated
        rebooting the switch!
        Added new ONIE state machine, which handles the way switches actually
        boot into ONIE first and then does the bootinfo/grub dance, or does a
        reload or does admin mode.
      * Do not send PXEBOOTING from ONIE; this was a mistake, it throws us
        into the PXEKERNEL state machine, which sometimes results is stated
        rebooting the switch!
        We still use PXEWAIT (it is sent by bootinfod), since that is the
        "waiting" state that is wired into a lot of Emulab, it just happens to
        now be a state in the ONIE state machine, so its legal.
      * Fix a bug in libossetup, that was fooling libossetup_switch into
        thinking the wrong thing.
      * Add some timeouts to the libosload_mlnx code, sshd sometime refuses to
        answer after a failed login. Strange.
      * Fix a fork() problem in the switch reload code; gotta call exit, not
        return! This was wreaking subtle (okay not so subtle) havoc in
  2. 30 Nov, 2018 1 commit
  3. 11 Apr, 2018 1 commit
  4. 09 Mar, 2018 2 commits
  5. 08 Mar, 2018 1 commit
  6. 01 Jan, 2018 1 commit
  7. 26 Dec, 2017 1 commit
    • Mike Hibler's avatar
      Adjust another stated timeout for the new HPs: RELOAD/SHUTDOWN. · 6cc159aa
      Mike Hibler authored
      Note that node_type_attributes.bios_waittime could be used to
      dynamically adjust the stated timeout, but I don't want to embed
      semantics of a particular state in stated, so we would have to
      have some more general mechanism to tell stated to adjust the
      timeout value based on a database field.
  8. 23 Dec, 2017 1 commit
  9. 03 Oct, 2017 1 commit
  10. 05 Sep, 2017 1 commit
  11. 01 Sep, 2017 1 commit
  12. 26 Jul, 2017 1 commit
    • Mike Hibler's avatar
      Support for per-experiment root keypairs (Round 1). See issue #302. · c6150425
      Mike Hibler authored
      Provide automated setup of an ssh keypair enabling root to login without
      a password between nodes. The biggest challenge here is to get the private
      key onto nodes in such a way that a non-root user on those nodes cannot
      obtain it. Otherwise that user would be able to ssh as root to any node.
      This precludes simple distribution of the private key using tmcd/tmcc as
      any user can do a tmcc (tmcd authentication is based on the node, not the
      This version does a post-imaging "push" of the private key from boss using
      ssh. The key is pushed from tbswap after nodes are imaged but before the
      event system, and thus any user startup scripts, are started. We actually
      use "pssh" (really "pscp") to scale a bit better, so YOU MUST HAVE THE
      PSSH PACKAGE INSTALLED. So be sure to do a:
          pkg install -r Emulab pssh
      on your boss node. See the new utils/pushrootkeys.in script for more.
      The public key is distributed via the "tmcc localization" command which
      was already designed to handle adding multiple public keys to root's
      authorized_keys file on a node.
      This approach should be backward compatible with old images. I BUMPED THE
      VERSION NUMBER OF TMCD so that newer clients can also get back (via
      rc.localize) a list of keys and the names of the files they should be stashed
      in. This is used to allow us to pass along the SSL and SSH versions of the
      public key so that they can be placed in /root/.ssl/<node>.pub and
      /root/.ssh/id_rsa.pub respectively. Note that this step is not necessary for
      inter-node ssh to work.
      Also passed along is an indication of whether the returned key is encrypted.
      This might be used in Round 2 if we securely implant a shared secret on every
      node at imaging time and then use that to encrypt the ssh private key such
      that we can return it via rc.localize. But the client side script currently
      does not implement any decryption, so the client side would need to be changed
      again in this future.
      The per experiment root keypair mechanism has been exposed to the user via
      old school NS experiments right now by adding a node "rootkey" method. To
      export the private key to "nodeA" and the public key to "nodeB" do:
          $nodeA rootkey private 1
          $nodeB rootkey public 1
      This enables an asymmetric relationship such that "nodeA" can ssh into
      "nodeB" as root but not vice-versa. For a symmetric relationship you would do:
          $nodeA rootkey private 1
          $nodeB rootkey private 1
          $nodeA rootkey public 1
          $nodeB rootkey public 1
      These user specifications will be overridden by hardwired Emulab restrictions.
      The current restrictions are that we do *not* distribute a root pubkey to
      tainted nodes (as it opens a path to root on a node where no one should be
      root) or any keys to firewall nodes, virtnode hosts, delay nodes, subbosses,
      storagehosts, etc. which are not really part of the user topology.
      For more on how we got here and what might happen in Round 2, see:
  13. 30 May, 2017 1 commit
  14. 02 May, 2017 1 commit
  15. 17 Apr, 2017 1 commit
  16. 27 Feb, 2017 1 commit
  17. 19 Dec, 2016 1 commit
  18. 02 Nov, 2016 1 commit
  19. 20 Oct, 2016 2 commits
  20. 18 Oct, 2016 1 commit
  21. 03 Oct, 2016 1 commit
  22. 05 Jul, 2016 1 commit
  23. 07 Jun, 2016 1 commit
  24. 13 Apr, 2016 1 commit
  25. 22 Mar, 2016 1 commit
  26. 14 Mar, 2016 2 commits
  27. 15 Dec, 2015 2 commits
  28. 30 Nov, 2015 1 commit
  29. 12 Nov, 2015 1 commit
  30. 29 Oct, 2015 1 commit
  31. 23 Oct, 2015 1 commit
  32. 01 Sep, 2015 1 commit
  33. 14 Aug, 2015 1 commit
  34. 11 Aug, 2015 2 commits
  35. 17 Jun, 2015 1 commit