1. 12 Dec, 2017 1 commit
  2. 11 Dec, 2017 1 commit
    • Leigh Stoller's avatar
      Add extension limiting to manage_extensions and request extension paths. · f71d7d95
      Leigh Stoller authored
      The limit is the number of hours since the experiment is created, so a
      limit of 10 days really just means that experiments can not live past 10
      days. I think this makes more sense then anything else. There is an
      associated flag with extension limiting that controls whether the user
      can even request another extension after the limit. The normal case is
      that the user cannot request any more extensions, but when set, the user
      is granted no free time and goes through need admin approval path.
      Some changes to the email, so that both the user and admin email days
      how many days/hours were both requested and granted.
      Also UI change; explicitly tell the user when extensions are disabled,
      and also when no time is granted (so that the users is more clearly
  3. 06 Dec, 2017 1 commit
  4. 04 Dec, 2017 2 commits
    • Leigh Stoller's avatar
      Extension policy changes: · bd7d9d05
      Leigh Stoller authored
      * New tables to store policies for users and projects/groups. At the
        moment, there is only one policy (with associated reason); disabled.
        This allows us to mark projects/groups/users with enable/disable
        flags. Note that policies are applied consecutively, so you can
        disable extensions for a project, but enable them for a user in that
      * Apply extensions when experiments are created, send mail to the audit
        log when policies cause extensions to be disabled.
      * New driver script (manage_extensions) to change the policy tables.
    • Leigh Stoller's avatar
      Changes related to extensions: · e1b6076f
      Leigh Stoller authored
      * Change the units of extension from days to hours along the extension
        path. The user does not see this directly, but it allows us to extend
        experiments to the hour before they are needed by a different
        reservation, both on the user extend modal and the admin extend modal.
        On the admin extend page, the input box still defaults to days, but
        you can also use xDyH to specify days and hours. Or just yH for just
        But to make things easier, there is also a new "max" checkbox to
        extend an experiment out to the maximum allowed by the reservation
      * Changes to "lockout" (disabling extensions). Add a reason field to the
        database, clicking the lockout checkbox will prompt for an optional
        The user no longer sees the extension modal when extensions are
        disabled, we show an alert instead telling them extensions are
        disabled, and the reason.
        On the admin extend page there is a new checkbox to disable extensions
        when denying an extension or scheduling termination.
        Log extension disable/enable to the audit log.
      * Clear out a bunch of old extension code that is no longer used (since
        the extension code was moved from php to perl).
  5. 14 Nov, 2017 1 commit
  6. 08 Nov, 2017 2 commits
  7. 06 Nov, 2017 1 commit
  8. 30 Oct, 2017 2 commits
    • Leigh Stoller's avatar
      Minor fix. · 27ab83d7
      Leigh Stoller authored
    • Leigh Stoller's avatar
      Security stuff: · 5945d7c8
      Leigh Stoller authored
      1. New table login_history to save all logins (uid,IP,portal).
      2. Send warning email when user who has not been active for over a year
         logs in.
  9. 04 Oct, 2017 1 commit
  10. 03 Oct, 2017 2 commits
  11. 12 Sep, 2017 1 commit
  12. 10 Sep, 2017 1 commit
  13. 07 Sep, 2017 1 commit
  14. 30 Aug, 2017 1 commit
  15. 23 Aug, 2017 1 commit
    • Leigh Stoller's avatar
      Several changes: · a6cd8ee2
      Leigh Stoller authored
      1. Get rid of direct queries to wires and interfaces, use library.
      2. Allow node:iface on the command line for ports.
      3. Add -i option to print out results in node:iface. Eventually we want
         to flush card.port output, but lets wait on that for a while.
      4. Switch from card,port to iface lookups.
      5. The DB change adds iface to the port_counters table, no longer using
         card,port. Eventually flush them.
  16. 18 Aug, 2017 1 commit
  17. 17 Aug, 2017 1 commit
  18. 14 Aug, 2017 1 commit
  19. 11 Aug, 2017 1 commit
  20. 27 Jul, 2017 2 commits
  21. 26 Jul, 2017 2 commits
    • Leigh Stoller's avatar
      Changes to apt_announcements table: · 4408843a
      Leigh Stoller authored
      1. Add a unique uuid for a shared lookup token with the web UI.
      2. Add pid_idx for targeting announcements to projects (issue #258).
    • Mike Hibler's avatar
      Support for per-experiment root keypairs (Round 1). See issue #302. · c6150425
      Mike Hibler authored
      Provide automated setup of an ssh keypair enabling root to login without
      a password between nodes. The biggest challenge here is to get the private
      key onto nodes in such a way that a non-root user on those nodes cannot
      obtain it. Otherwise that user would be able to ssh as root to any node.
      This precludes simple distribution of the private key using tmcd/tmcc as
      any user can do a tmcc (tmcd authentication is based on the node, not the
      This version does a post-imaging "push" of the private key from boss using
      ssh. The key is pushed from tbswap after nodes are imaged but before the
      event system, and thus any user startup scripts, are started. We actually
      use "pssh" (really "pscp") to scale a bit better, so YOU MUST HAVE THE
      PSSH PACKAGE INSTALLED. So be sure to do a:
          pkg install -r Emulab pssh
      on your boss node. See the new utils/pushrootkeys.in script for more.
      The public key is distributed via the "tmcc localization" command which
      was already designed to handle adding multiple public keys to root's
      authorized_keys file on a node.
      This approach should be backward compatible with old images. I BUMPED THE
      VERSION NUMBER OF TMCD so that newer clients can also get back (via
      rc.localize) a list of keys and the names of the files they should be stashed
      in. This is used to allow us to pass along the SSL and SSH versions of the
      public key so that they can be placed in /root/.ssl/<node>.pub and
      /root/.ssh/id_rsa.pub respectively. Note that this step is not necessary for
      inter-node ssh to work.
      Also passed along is an indication of whether the returned key is encrypted.
      This might be used in Round 2 if we securely implant a shared secret on every
      node at imaging time and then use that to encrypt the ssh private key such
      that we can return it via rc.localize. But the client side script currently
      does not implement any decryption, so the client side would need to be changed
      again in this future.
      The per experiment root keypair mechanism has been exposed to the user via
      old school NS experiments right now by adding a node "rootkey" method. To
      export the private key to "nodeA" and the public key to "nodeB" do:
          $nodeA rootkey private 1
          $nodeB rootkey public 1
      This enables an asymmetric relationship such that "nodeA" can ssh into
      "nodeB" as root but not vice-versa. For a symmetric relationship you would do:
          $nodeA rootkey private 1
          $nodeB rootkey private 1
          $nodeA rootkey public 1
          $nodeB rootkey public 1
      These user specifications will be overridden by hardwired Emulab restrictions.
      The current restrictions are that we do *not* distribute a root pubkey to
      tainted nodes (as it opens a path to root on a node where no one should be
      root) or any keys to firewall nodes, virtnode hosts, delay nodes, subbosses,
      storagehosts, etc. which are not really part of the user topology.
      For more on how we got here and what might happen in Round 2, see:
  22. 13 Jul, 2017 1 commit
    • Leigh Stoller's avatar
      Work on issue #302: · 92c8e4ba
      Leigh Stoller authored
      Add new table experiment_keys to hold RSA priv/pub key pair and an SSH
      public key derived from the private key.
      Initialized when experiment is first created, I have not done anything
      to set the keys for existing experiments yet.
      But for testing, you can do this:
      	use lib "/usr/testbed/lib";
      	use Experiment;
      	my $experiment = Experiment->Lookup("testbed", "layers");
  23. 06 Jul, 2017 1 commit
  24. 20 Jun, 2017 1 commit
  25. 12 Jun, 2017 1 commit
  26. 06 Jun, 2017 2 commits
  27. 05 Jun, 2017 1 commit
  28. 30 May, 2017 1 commit
    • Leigh Stoller's avatar
      Rework how we store the sliver/slice status from the clusters: · e5d36e0d
      Leigh Stoller authored
      In the beginning, the number and size of experiments was small, and so
      storing the entire slice/sliver status blob as json in the web task was
      fine, even though we had to lock tables to prevent races between the
      event updates and the local polling.
      But lately the size of those json blobs is getting huge and the lock is
      bogging things down, including not being able to keep up with the number
      of events coming from all the clusters, we get really far behind.
      So I have moved the status blobs out of the per-instance web task and
      into new tables, once per slice and one per node (sliver). This keeps
      the blobs very small and thus the lock time very small. So now we can
      keep up with the event stream.
      If we grow big enough that this problem comes big enough, we can switch
      to innodb for the per-sliver table and do row locking instead of table
      locking, but I do not think that will happen
  29. 16 May, 2017 1 commit
  30. 04 May, 2017 1 commit
  31. 02 May, 2017 1 commit
    • Leigh Stoller's avatar
      Speed up the instantiate page response time, it was taking forever! · af8cc34f
      Leigh Stoller authored
      1. Okay, 10-15 seconds for me, which is the same as forever.
      2. Do not sort in PHP, sort in javascript, let the client burn those
         cycles instead of poor overworked boss.
      3. Store global lastused/usecount in the apt_profiles table so that we
         do not have to compute it every time for profile.
      4. Compute the user's lastused/usecount for each profile in a single
         query and create local array. Cuts out 100s of queries.
  32. 19 Apr, 2017 1 commit
    • Leigh Stoller's avatar
      Add support for user session tracking and Google Analytics. · a896be22
      Leigh Stoller authored
      If we assign a unique constant random value to every user, and spit that
      out in the initial ga() stuff at the beginning of each page load, google
      can combine interactions from the same user across different devices.
      Say, like work vs home computer.
  33. 17 Apr, 2017 1 commit