1. 16 Nov, 2014 1 commit
  2. 13 Nov, 2014 1 commit
  3. 12 Nov, 2014 1 commit
    • Kirk Webb's avatar
      Add global permissions support for leases. · 00b57bf4
      Kirk Webb authored
      Two types of global permissions are supported:
      
      * Anonymous read-only (to support users without local accounts).
      * Read-only for users with local accounts.
      
      Global permissions are added to leases by way of entries of type "global"
      in the lease_permissions table.  The lease mod tool still needs to be
      updated to make use of the updated library support here.
      
      The new GetAllowedLeases() method in Lease.pm was reworked - it became
      clear that this was needed as I did the global RO permissions stuff.
      00b57bf4
  4. 11 Nov, 2014 1 commit
  5. 05 Nov, 2014 2 commits
  6. 03 Nov, 2014 2 commits
  7. 28 Oct, 2014 1 commit
  8. 16 Oct, 2014 1 commit
  9. 07 Oct, 2014 1 commit
  10. 02 Oct, 2014 1 commit
  11. 01 Oct, 2014 1 commit
  12. 25 Sep, 2014 1 commit
  13. 03 Sep, 2014 1 commit
  14. 26 Aug, 2014 1 commit
  15. 15 Aug, 2014 1 commit
  16. 14 Aug, 2014 2 commits
  17. 06 Aug, 2014 1 commit
  18. 31 Jul, 2014 1 commit
  19. 28 Jul, 2014 2 commits
  20. 22 Jul, 2014 1 commit
  21. 10 Jul, 2014 3 commits
  22. 01 Jul, 2014 1 commit
  23. 09 Jun, 2014 1 commit
  24. 02 Jun, 2014 1 commit
    • Mike Hibler's avatar
      Support for gathering and storing Infiniband interface GUIDs in the DB. · 12a41b7e
      Mike Hibler authored
      Since GUIDs are 16 bytes and our current interface MACs are only 12 bytes,
      I agonized over whether to grow the mac column to 16 bytes and just treat
      it as a unique identifier (which is all we use that column for anyway).
      However, in the end I just added a new guid column as there were mac columns
      in a variety of other tables and it wasn't clear what the relationship was
      and what I might break.
      
      So, the newnode MFS will now report back a GUID for interfaces it recognizes
      as IB (FreeBSD-specific right now). The boss-side checkin code with stash
      that value in new_interfaces (and later interfaces when added). For possible
      backward compat, it will also generate a MAC address from that (possibly
      Mellanox-specific) so that all entries in the interfaces table will have
      a MAC (yes, it should really be the other way around--all interfaces should
      always have a guid).
      
      End of story. We don't do anything else with IB right now other than stash
      an interface GUID.
      12a41b7e
  25. 12 May, 2014 3 commits
  26. 06 May, 2014 1 commit
    • Mike Hibler's avatar
      Add "relocatable" flag to images table to indicate that an image can be moved. · 65de520b
      Mike Hibler authored
      Hopefully, my last schema change related to images. If relocatable is not
      set then an image must be loaded at the lba_low offset. If set, then the
      image can be loaded at other offsets. Currently, all FBSD images are
      relocatable courtesy of the relocation mechanism in imagezip (which can
      fix up otherwise absolute offsets in an image). Sadly, Linux images are
      not relocatable due to absolute block numbers in the grub partition
      bootblock that we require. Ryan "taught" imagezip to relocate these, but
      I need to find his changes.
      65de520b
  27. 05 May, 2014 1 commit
  28. 02 May, 2014 2 commits
  29. 27 Mar, 2014 1 commit
  30. 26 Mar, 2014 1 commit
  31. 25 Mar, 2014 1 commit
    • Leigh Stoller's avatar
      Server side of firewall support for XEN containers. · 2faea2f3
      Leigh Stoller authored
      This differs from the current firewall support, which assumes a single
      firewall for an entire experiment, hosted on a dedicated physical
      node. At some point, it would be better to host the dedicated firewall
      inside a XEN container, but that is a project for another day (year).
      
      Instead, I added two sets of firewall rules to the default_firewall_rules
      table, one for dom0 and another for domU. These follow the current
      style setup of open,basic,closed, while elabinelab is ignored since it
      does not make sense for this yet.
      
      These two rules sets are independent, the dom0 rules can be applied to
      the physical host, and domU rules can be applied to specific
      containers.
      
      My goal is that all shared nodes will get the dom0 closed rules (ssh
      from local boss only) to avoid the ssh attacks that all of the racks
      are seeing.
      
      DomU rules can be applied on a per-container (node) basis. As
      mentioned above this is quite different, and needed minor additions to
      the virt_nodes table to allow it.
      2faea2f3