1. 07 Jul, 2017 1 commit
    • Leigh Stoller's avatar
      Deal with user privs (issue #309): · d1516912
      Leigh Stoller authored
      * Make user privs work across remote clusters (including stitching). I
        took a severe shortcut on this; I do not expect the Cloudlab portal
        will ever talk to anything but an Emulab based aggregate, so I just
        added the priv indicator to the user keys array we send over. If I am
        ever proved wrong on this, I will come out of retirement and fix
        it (for a nominal fee of course).
      
      * Do not show the root password for the console to users with user
        privs.
      
      * Make sure users with user privs cannot start experiments.
      
      * Do show the user trust values on the user dashboard membership tab.
      
      * Update tmcd to use the new privs slot in the nonlocal_user_accounts
        table.
      
      This closes issue #309.
      d1516912
  2. 19 Jun, 2017 1 commit
  3. 31 May, 2017 1 commit
  4. 16 May, 2017 1 commit
  5. 24 Mar, 2017 2 commits
    • Mike Hibler's avatar
      Semi-hack to ensure that Wisconsin nodes don't include their SSDs · fbe5f38f
      Mike Hibler authored
      in blockstore-related VGs.
      
      Right now, you have to decide globally and in advance, what disk types
      are going to be included in blockstore pools. Then you set the sitevar
      accordingly and then set the DB sysvol/nonsysvol/any node_type_features
      to reflect the amount of storage available on just drives of that type.
      
      This value is passed to clients via the otherwise unused PROTO field
      of the blockstore line (when CMD=SLICE and CLASS=local), so this change
      is backward compatible (OS images with older client code will ignore it
      and just give you blockstores including all the devices).
      
      So at Wisconsin, I set storage/local/disktype to "HDD-only" and tweak
      the node_type_attributes '?+disk_any' and '?+disk_nonsysvol' to not
      include the space for the 1 or 2 SSD drives in each machine. tmcd passes
      the PROTO=HDD-only value and the client sees that and does not include
      any SSD devices among the eligible devices from which to create the VG.
      
      The hope is that ultimately, we could get rid of the sitevar and use the
      PROTO field to select, per-blockstore, its type (only HDD, only SSD).
      But that will require additional per node (type) assign features
      differentiating the amount of each type available.
      fbe5f38f
    • Mike Hibler's avatar
  6. 31 Jan, 2017 2 commits
  7. 20 Jan, 2017 1 commit
    • Mike Hibler's avatar
      New 'subbossinfo' command. · d75093f8
      Mike Hibler authored
      When invoked by a subboss, returns key=value pairs from subboss_attributes
      for all services for that subboss. Will be used to configure subbosses,
      eliminating the need to customize startup scripts per-subboss.
      d75093f8
  8. 17 Jan, 2017 1 commit
    • Mike Hibler's avatar
      Implement heartbeat/status reports in Frisbee. · 2be46ba4
      Mike Hibler authored
      There are three pieces here, a change to the frisbee protocol itself, an
      Emulab event component to get status back to the portal, and the surrounding
      infrastructure to make it all work.
      
      Frisbee heartbeat messages:
      
      Added a new message type to the frisbee protocol, "Progress". In theory it
      operates by having the server send a multicast progress request to its clients
      which includes an interval at which to report (or "just once") and an
      indication of what to report (nothing, progress summary, or full stats). The
      client then sends unicast "fire and forget" UDP replies according to that
      schedule. However, I took a shortcut for the moment and just added a command
      line option to the client to tell it to report a summary at the indicated
      interval (-H <interval>).  So the server never sends requests.
      
      This is implemented in the client by a fourth thread since I wanted it to
      operate independent of packet reception (which would cause clients to report
      in a highly synchronized fashion due to multicast). The server instance just
      logs progress reports into its log.
      
      This protocol addition should be fully backward compatible as both client and
      server ignore (but log) unknown messages.
      
      Emulab progress report events:
      
      When this is compiled in (-DEMULAB_EVENTS) and turned on (-E <server>), the
      frisbee server instances will send a FRISBEEPROGRESS event to the indicated
      event server for every progress report it receives (in addition to logging the
      events to its own log). Right now it will create an event with key/value pairs
      for the information in a client summary reply:
      
      TSTAMP is the client's time at which it sends the event. Could be used by the
      received to determine latency of the report if it cared (and if it assumed
      that the clocks are in sync). We don't care about this.
      
      SEQUENCE is the report number. Again, could be used by the receiver, in this
      case to detect loss, if it cared. We don't.
      
      CHUNKS_RECV is complete chunks that the client has received from the network.
      CHUNKS_DECOMP is chunks decompressed by the client.  BYTES_WRITTEN is bytes
      written to disk by the client.
      
      Any of the three can be used by the event receiver as an indication of life
      and/or progress. However, only the last would be a reasonable indicator of
      time remaining since it is the last (and slowest) phase of imaging. To
      estimate time remaining we could compare that value to the amount of
      uncompressed data that is in the image. This makes the sketchy assumptions
      that time for writes to the disk are uniform and that the number and distance
      of seeks is uniform, but it is better than a sharp stick in the eye.
      
      Emulab infrastructure:
      
      There is a new sitevar "images/frisbee/heartbeat" which can be set to a
      non-zero value to tell the frisbee MFS to fire off frisbee with -H <value>
      and thus make reports. The default value of zero means to not make reports.
      The tmcd "loadinfo" command sends this through via the HEARTBEAT=<value>
      param.
      
      REQUIRED A TMCD VERSION BUMP TO 41.
      2be46ba4
  9. 17 Nov, 2016 1 commit
  10. 21 Oct, 2016 1 commit
    • Mike Hibler's avatar
      Fix assorted lint. · 4d94c464
      Mike Hibler authored
      Primarily I was after what was causing the occasional segfault.
      That problem was caused by calling tmcc on a node that was free.
      Seems we were derefing some NULL columns returned by mysql because
      we assumed that there would always be a row in experiments for the
      node in question.
      
      Since I do need to call tmcd from the "pxewait" initramfs on Moonshot
      ARM nodes, I cleaned up this assumption.
      4d94c464
  11. 18 Oct, 2016 1 commit
  12. 04 Oct, 2016 1 commit
  13. 19 Sep, 2016 1 commit
  14. 12 Sep, 2016 1 commit
    • Mike Hibler's avatar
      Modify NOVIRTNFSMOUNTS to allow mounts on vnodes with routable IPs. · 470a81e5
      Mike Hibler authored
      This is different than the traditional behavior of this defs- variable.
      Previously it caused tmcd to not expose any NFS mounts to shared-host vnodes.
      We relax that now to allow exposing such mounts to vnodes with routable IP
      addresses.
      
      The rationale for this change is simply that the original option was only
      intended to prevent exporting mounts to hosts that could not reach the FS
      node anyway due to their unroutable cnet IPs.
      470a81e5
  15. 04 Sep, 2016 1 commit
  16. 29 Aug, 2016 1 commit
    • Leigh Stoller's avatar
      Fix for bug Kirk reported; we were returning two sets of accounts to · 9f49cc7e
      Leigh Stoller authored
      geni slice nodes when the project was a local project. In this case, we
      want to return the project accounts and ignore the ssh keys sent in the
      geni API call (a future change might involve a merge of accounts, but
      not unless someone actually needs it). And for a nonlocal project we of
      course still want to return the geni API ssh keys, but not return the
      project member accounts, since they are just stub accounts and don't
      actually have any ssh keys associated with them. They just cause
      confusion.
      9f49cc7e
  17. 10 Jun, 2016 2 commits
    • Mike Hibler's avatar
      Allow doloadinfo() to return more than the stock 2K of info. · fa686a25
      Mike Hibler authored
      At least for TCP based calls. We will need this for long-ish delta chains.
      I didn't think this warranted a version number bump even though it is
      possible that an old MFS that makes a UDP-based call will only wind up
      getting the first line (image). The reasoning here is that MFSes that old
      could only handle one line anyway in rc.frisbee!
      fa686a25
    • Leigh Stoller's avatar
      NFS mount changes, still a work in progress, bound to change: · e369c1a8
      Leigh Stoller authored
      * The Emulab portal now adds a toplevel element (Emulab namespace)
        directing the CM to use standard emulab mounts (read: /users).
        We clear that element from the other portals.
      
      * The CM looks for that tag, and allows it only if the caller is the local
        SA. The default for nfsmounts setting for geni experiment containers is
        "genidefault", but that is set to "emulabdefault" when allowed.
      
      * tmcd changes; no using nfsmounts slot instead of nonfsmounts. "none"
        means no mounts (duh), "emulabdefault" means standard mounts we all know
        and love, "genidefault" means no /users mounts.
      
        In addition, when we are doing emulabdefault mounts on a geni experiment
        node, we do not return accounts that are specified in the rspec, but
        rather we return the local project accounts only.
      e369c1a8
  18. 25 Apr, 2016 1 commit
  19. 19 Apr, 2016 1 commit
  20. 14 Apr, 2016 1 commit
  21. 07 Apr, 2016 2 commits
  22. 01 Apr, 2016 2 commits
  23. 28 Mar, 2016 1 commit
  24. 05 Feb, 2016 1 commit
  25. 31 Jan, 2016 1 commit
    • Mike Hibler's avatar
      Tweaks to TRIM reporting code. · f927aba6
      Mike Hibler authored
      Make the interval between TRIM operations a per nodetype (or per node)
      attribute instead of a global site variable. The sitevar will still be
      used to turn TRIM on or off globally.
      f927aba6
  26. 21 Jan, 2016 1 commit
  27. 23 Dec, 2015 1 commit
  28. 10 Nov, 2015 1 commit
  29. 07 Oct, 2015 2 commits
  30. 02 Sep, 2015 1 commit
  31. 01 Sep, 2015 2 commits
  32. 11 Jul, 2015 1 commit
  33. 25 Jun, 2015 1 commit
    • Leigh Stoller's avatar
      Add new options to CreateSliver/Provision; supply an x509 certificate and · 8be26639
      Leigh Stoller authored
      private key.
      
      The goal is to distribute an experiment wide certificate and private
      key. At the moment this is just a self signed x509 certificate and the
      accompanying rsa key. In PEM format. The same cert/key will be distributed
      across multiple aggregates.
      
      An openssh key pair can be trivially derived from the private key. Or the
      public part can be derived from the certificate. A quick google will show
      show.
      
      Initially, you will need to run tmcc directly to get them, using the
      geni_certificate and geni_key commands.
      8be26639