1. 25 Jun, 2015 1 commit
    • Leigh Stoller's avatar
      Add new options to CreateSliver/Provision; supply an x509 certificate and · 8be26639
      Leigh Stoller authored
      private key.
      
      The goal is to distribute an experiment wide certificate and private
      key. At the moment this is just a self signed x509 certificate and the
      accompanying rsa key. In PEM format. The same cert/key will be distributed
      across multiple aggregates.
      
      An openssh key pair can be trivially derived from the private key. Or the
      public part can be derived from the certificate. A quick google will show
      show.
      
      Initially, you will need to run tmcc directly to get them, using the
      geni_certificate and geni_key commands.
      8be26639
  2. 30 Apr, 2015 1 commit
    • Leigh Stoller's avatar
      Add an object definition to GeniHRN. I am getting tired of parsing URNs and · 4a27b0ce
      Leigh Stoller authored
      picking pieces out, so I added this:
      
        my $foo = GeniHRN->new("urn:publicid:IDN+emulab.net:testbed+slice+myexp3");
      
      and provides:
      
        $foo->domain();
        $foo->type();
        $foo->id();
        $foo->urn();
      
      and has a stringify method that returns the urn, so that existing code all
      works.
      
      The problem though is the XML::RPC and Frontier libraries provide no hooks
      to catch this, and rather then using a stringification, they both convert
      all blessed references into structs, and so anyplace that puts a urn into
      something to go out on the wire, has to be changed to force to the string.
      
      Damn, how disappointing! So all the code is here but basically disabled
      until I find time to go through all the code.
      4a27b0ce
  3. 31 Mar, 2015 1 commit
  4. 14 Apr, 2014 1 commit
  5. 22 Nov, 2013 1 commit
  6. 06 Nov, 2013 1 commit
  7. 12 Oct, 2013 1 commit
  8. 08 Oct, 2013 1 commit
  9. 09 Aug, 2013 1 commit
  10. 22 Jul, 2013 1 commit
  11. 11 Jul, 2013 1 commit
    • Leigh Stoller's avatar
      Implement speaksfor (non-abac) support. · 8d53b3fd
      Leigh Stoller authored
      CM V2 (and thus the AM) now accept a type=speaksfor credential along
      with regular credentials. When supplied, the speaksfor caller must be
      equal to the owner of the speaksfor credential and the target must be
      equal to the owner of the regular credential(s). All operations take
      place in the context of the spokenfor user.
      
      Added speaksfor slots to geni_slices,geni_aggregates and geni_tickets.
      Also to the history table. But these are just the most recent data.
      Each transaction is logged as normal, and the metadata now includes
      the speaksfor data and the log always includes all of the credentials.
      
      For testing, there is a new script in the scripts directory to
      generate a speaksfor credential. Not installed since it is really
      a hack. But to create one:
      
        perl genspeaksfor urn:publicid:IDN+emulab.net+user+leebee \
      	urn:publicid:IDN+emulab.net+user+stoller
      
      which generates a speaksfor credential that says stoller is speaking
      for leebee.
      
      Given a slice credential issued to leebee, the test scripts can be
      invoked as follows (by stoller):
      
        createsliver.py -S speaksfor.cred -s slice.cred -c leebee.cred
      
      A copy of leebee's self credential is needed simply cause of the test
      script's desire to talk to the SA (which does not support speaksfor).
      Not otherwise needed.
      
      Oh, not tested on the AM interface yet.
      8d53b3fd
  12. 28 Jun, 2013 1 commit
  13. 29 Jan, 2013 2 commits
  14. 24 Sep, 2012 1 commit
    • Eric Eide's avatar
      Replace license symbols with {{{ }}}-enclosed license blocks. · 6df609a9
      Eric Eide authored
      This commit is intended to makes the license status of Emulab and
      ProtoGENI source files more clear.  It replaces license symbols like
      "EMULAB-COPYRIGHT" and "GENIPUBLIC-COPYRIGHT" with {{{ }}}-delimited
      blocks that contain actual license statements.
      
      This change was driven by the fact that today, most people acquire and
      track Emulab and ProtoGENI sources via git.
      
      Before the Emulab source code was kept in git, the Flux Research Group
      at the University of Utah would roll distributions by making tar
      files.  As part of that process, the Flux Group would replace the
      license symbols in the source files with actual license statements.
      
      When the Flux Group moved to git, people outside of the group started
      to see the source files with the "unexpanded" symbols.  This meant
      that people acquired source files without actual license statements in
      them.  All the relevant files had Utah *copyright* statements in them,
      but without the expanded *license* statements, the licensing status of
      the source files was unclear.
      
      This commit is intended to clear up that confusion.
      
      Most Utah-copyrighted files in the Emulab source tree are distributed
      under the terms of the Affero GNU General Public License, version 3
      (AGPLv3).
      
      Most Utah-copyrighted files related to ProtoGENI are distributed under
      the terms of the GENI Public License, which is a BSD-like open-source
      license.
      
      Some Utah-copyrighted files in the Emulab source tree are distributed
      under the terms of the GNU Lesser General Public License, version 2.1
      (LGPL).
      6df609a9
  15. 02 Aug, 2012 1 commit
  16. 02 Feb, 2012 1 commit
    • Leigh Stoller's avatar
      Add a couple of changes for the GPO. · cfbcf2c4
      Leigh Stoller authored
      1. Change default slice expiration to a new site variable called
         protogeni/default_slice_lifetime, defaults to six hours.
      
      2. Add a site variable (protogeni/warn_short_slices) to tell the
         sa_daemon if it should send email to war about short lived slices
         expiring, defaults to off.
      cfbcf2c4
  17. 13 Jun, 2011 1 commit
  18. 28 Mar, 2011 1 commit
    • Leigh Stoller's avatar
      Begin the transition away from the ancient Mysql.pm module to the more · 5030b44d
      Leigh Stoller authored
      current and maintained DBI::mysql module. A couple of things make this
      a little more work then you might think.
      
      Mysql exports a slightly different API then DBI, both at the DB *and*
      the statement level. The former required some restructuring of
      emdbi.pm, partly cause we want external sites to continue using Mysql
      for a while longer. So, emdbi suppports both interfaces, via the
      configure variable TBUSEDBI.
      
      I also took the opportunity to also scrap the existing fork()
      detection code and redo it in an easier to understand manner.
      Actually, I had no idea what the previous code was trying to do, so it
      was easier to just get rid of it, rather then try to make it work for
      the DBI API.
      
      There are also API differences in the "statement" class, but
      fortunately this can be hidden by wrapping the statement class with a
      wrapper that adds the routines we need to avoid making silly changes
      to 1000s of queries. They are all trivial little things since mostly
      its a matter of naming (numrows --> rows).
      
      I also changed the library we use on ops (db/libtbdb.pm.in) to use
      DBI, but in this case I just switched it over. Seemed like overkill to
      worry about supporting both APIs on ops. If it works it works, and so
      far it does. 
      
      Lastly, the following modules still use Mysql directly. They all need
      to be changed, but none of these are on the critical path to swapin
      and swapout, so they can change later.
      
      db/dumperrorlog.proxy.in
      db/showgraph.in
      db/sitevarscheck.in
      bgmon/find-asymmetric
      db/pelab_opspush.proxy.in
      slothd/sdisrunning.in
      utils/export_tables.in
      utils/setbuildinfo.in
      pelab/bgmon/libpelabdb.pm
      pelab/dbmonitor/libtbdb.pm
      5030b44d
  19. 21 Mar, 2011 1 commit
    • Leigh Stoller's avatar
      First attempt at fixing deadlock when stitching. This happens if both · 3cdbe5f7
      Leigh Stoller authored
      sides try to stitch at the same time. One side has to back off and let
      the other proceed. The problem is with the slice locking, which had to
      be changed to allow one side to drop the lock so the other side could
      proceed. I ended up doing this with an additional stitching lock, used
      only when stitching.
      3cdbe5f7
  20. 02 Feb, 2011 1 commit
  21. 07 Jan, 2011 1 commit
  22. 06 Jan, 2011 1 commit
  23. 11 Oct, 2010 1 commit
    • Leigh Stoller's avatar
      Work on an optimization to the perl code. Maybe you have noticed, but · 92f83e48
      Leigh Stoller authored
      starting any one of our scripts can take a second or two. That time is
      spent including and compiling 10000s of thousands of lines of perl
      code, both from our libraries and from the perl libraries.
      
      Mostly this is just a maintenance thing; we just never thought about
      it much and we have a lot more code these days.
      
      So I have done two things.
      
      1) I have used SelfLoader() on some of our biggest perl modules.
         SelfLoader delays compilation until code is used. This is not as
         good as AutoLoader() though, and so I did it with just a few 
         modules (the biggest ones).
      
      2) Mostly I reorganized things:
      
        a) Split libdb into an EmulabConstants module and all the rest of
           the code, which is slowly getting phased out.
      
        b) Move little things around to avoid including libdb or Experiment
           (the biggest files).
      
        c) Change "use foo" in many places to a "require foo" in the
           function that actually uses that module. This was really a big
           win cause we have dozens of cases where we would include a
           module, but use it in only one place and typically not all.
      
      Most things are now starting up in 1/3 the time. I am hoping this will
      help to reduce the load spiking we see on boss, and also help with the
      upcoming Geni tutorial (which kill boss last time).
      92f83e48
  24. 05 Oct, 2010 1 commit
  25. 04 Oct, 2010 1 commit
    • Leigh Stoller's avatar
      More purging of UUIDs. Reminder, we still use them all over the place · b3c8e72e
      Leigh Stoller authored
      internally, as the primary key in the tables, but the CM/SA APIs no
      longer use them. The CH still accepts them for now. We can probably
      stop putting them into manifests and advertisements at this point as
      well. 
      
      For slivers, stop using the uuid of the node as the uuid of the sliver
      itself; generate a new one. As above, this is cause the uuid is the
      primary key in the table, but the URN is what we use for lookups,
      etc.
      b3c8e72e
  26. 29 Sep, 2010 1 commit
  27. 26 Apr, 2010 1 commit
  28. 09 Mar, 2010 1 commit
  29. 23 Feb, 2010 2 commits
  30. 11 Feb, 2010 1 commit
  31. 06 Jan, 2010 1 commit
    • Leigh Stoller's avatar
      Slice expiration changes. The crux of these changes: · 5c63cf86
      Leigh Stoller authored
      1. You cannot unregister a slice at the SA before it has expired. This
         will be annoying at times, but the alphanumeric namespace for slice
         ames is probably big enough for us.
      
      2. To renew a slice, the easiest approach is to call the Renew method
         at the SA, get a new credential for the slice, and then pass that
         to renew on the CMs where you have slivers.
      
      The changes address the problem of slice expiration.  Before this
      change, when registering a slice at the Slice Authority, there was no
      way to give it an expiration time. The SA just assigns a default
      (currently one hour). Then when asking for a ticket at a CM, you can
      specify a "valid_until" field in the rspec, which becomes the sliver
      expiration time at that CM. You can later (before it expires) "renew"
      the sliver, extending the time. Both the sliver and the slice will
      expire from the CM at that time.
      
      Further complicating things is that credentials also have an
      expiration time in them so that credentials are not valid forever. A
      slice credential picks up the expiration time that the SA assigned to
      the slice (mentioned in the first paragraph).
      
      A problem is that this arrangement allows you to extend the expiration
      of a sliver past the expiration of the slice that is recorded at the
      SA. This makes it impossible to expire slice records at the SA since
      if we did, and there were outstanding slivers, you could get into a
      situation where you would have no ability to access those slivers. (an
      admin person can always kill off the sliver).
      
      Remember, the SA cannot know for sure if there are any slivers out
      there, especially if they can exist past the expiration of the slice.
      
      The solution:
      
      * Provide a Renew call at the SA to update the slice expiration time.
        Also allow for an expiration time in the Register() call.
      
        The SA will need to abide by these three rules:
        1. Never issue slice credentials which expire later than the
           corresponding slice
        2. Never allow the slice expiration time to be moved earlier
        3. Never deregister slices before they expire [*].
      
      * Change the CM to not set the expiration of a sliver past the
        expiration of the slice credential; the credential expiration is an
        upper bound on the valid_until field of the rspec. Instead, one must
        first extend the slice at the SA, get a new slice credential, and
        use that to extend the sliver at the CM.
      
      * For consistency with the SA, the CM API will changed so that
        RenewSliver() becomes RenewSlice(), and it will require the
        slice credential.
      5c63cf86
  32. 18 Dec, 2009 1 commit
  33. 02 Dec, 2009 1 commit
    • Leigh Stoller's avatar
      Checkpoint. · f83ba977
      Leigh Stoller authored
      * More URN issues dealt with.
      
      * Sliver registration and unregistraton (CM to SA).
      
      * More V2 status stuff.
      
      * Other fixes.
      f83ba977
  34. 13 Nov, 2009 1 commit
  35. 30 Oct, 2009 1 commit
  36. 28 Oct, 2009 1 commit
  37. 22 Oct, 2009 1 commit
  38. 08 Oct, 2009 1 commit