1. 16 Jan, 2018 1 commit
    • Leigh B Stoller's avatar
      Lots of changes for SSL enabled pubsub: · e44fc90d
      Leigh B Stoller authored
      Pubsub libraries are now SSL enabled by default, so that we can talk SSL
      from a perl client. To do this we need another entry point from SWIG
      into the event code, event_register_withssl. At the same time there is a
      new entry point called event_set_sockbufsizes that calls a new pubsub
      entry point pubsub_set_sockbufsizes.
      
      The problem is that current swig generates code that does not compile,
      and since I don't know nothing about swig, I just hand crafted the two
      new routines that needed in event_wrap.c and the few extra lines that go
      into event.pm.
      
      Also change all the link lines to include the ssl/crypto libraries when
      linking.
      e44fc90d
  2. 11 Jan, 2018 1 commit
    • David Johnson's avatar
      Make clientside startcmdstatus reporting more reliable. · cb5ab9f5
      David Johnson authored
      (I had a disk image containing unmodifiable binary software that would
      overwrite dhcpcd's sane copy of /etc/resolv.conf, at a nondeterministic
      point in time, with something completely bogus.  That screwed up
      startcmdstatus reports; this helps out with that case (in combination
      with other custom scripting that returns /etc/resolv.conf to sanity).
      
      Note though that we only retry infinitely once runstartup has
      successfully gone to the background; up til then, we're limited to about
      a minute's worth of retries.  Likewise, we don't retry forever if
      runstartup itself experiences an error.  We only retry forever if we
      actually have a status to send.
      cb5ab9f5
  3. 09 Jan, 2018 2 commits
  4. 08 Jan, 2018 1 commit
    • David Johnson's avatar
      Add some debugging support to clientside TBScriptLock; use it in libvnode_xen. · 5d0ff72b
      David Johnson authored
      If the TBScriptLock caller provides a debug message, it will be stored
      in a file, and other blocked TBScriptLock callers will get (possibly
      slightly racy) info about who holds the lock.
      
      Then, use this in libvnode_xen to get some info about long calls to xl
      (create|halt|reboot|etc).
      
      Also enable lockdebug in libvnode_xen for now.
      5d0ff72b
  5. 29 Dec, 2017 1 commit
  6. 19 Dec, 2017 1 commit
    • Mike Hibler's avatar
      Revenge of the Delta Images. · a79af843
      Mike Hibler authored
      Can't live with em, can't kill em dead... When writing my hack
      routine to convert an image path into an imageid, I failed to
      consider the .ddz (delta image) suffix.
      a79af843
  7. 14 Dec, 2017 2 commits
    • David Johnson's avatar
      Make c8da063e actually work. · 513c3e11
      David Johnson authored
      Turns out some combination of ebtables userspace and kernel doesn't
      respect the --stp-type matcher.  So just drop all forwarded packets
      destined to the bridge group address.
      
      Anyway, this STP-less firewall bridge should be a better fit for most
      switches.
      513c3e11
    • David Johnson's avatar
      Change Linux firewall bridge STP to off, and stop it from fwding BPDUs. · c8da063e
      David Johnson authored
      Given that in an Emulab per-experiment firewall, there is only one
      switch port in the experiment that is in the default control net vlan
      (the firewalled nodes' ports are only in the per-experiment private
      control net vlan), there is no risk of a control net loop, so it is safe
      to turn off STP for the firewall's control net bridge.
      
      However, when STP is off, Linux then seems to forward BPDUs across the
      bridge (i.e. https://lists.linuxfoundation.org/pipermail/bridge/2007-April/005406.html),
      which we don't want.  They intended it to support transparent bridges,
      but this is not a transparent bridge, and there is no risk of it causing
      a loop scenario.
      c8da063e
  8. 12 Dec, 2017 1 commit
    • David Johnson's avatar
      Add Linux exp firewall support for virt_node_public_addr addresses. · 798f9b6f
      David Johnson authored
      A new tmcd command, publicaddrinfo, just dumps the relevant bits of
      virt_node_public_addr to any node in an experiment that has addrs
      allocated (we don't want to restrict based on calling node_id or
      pool_id).
      
      Then the generic getfwconfig() function calls that, and sets some bits.
      I also extended this function to add some dynamic clientside vars
      (EMULAB_DOMAIN, EMULAB_EXPDOMAIN, EMULAB_PUBLICADDRS) so that user
      firewall rule writers can use them to refer to the control net IPs of
      nodes in their experiment (i.e., node-0.EMULAB_EXPDOMAIN); and so that
      rules can be written over EMULAB_PUBLICADDRS -- a command-delineated
      list of IP addrs).
      
      Finally, I extended the Linux firewalling code to allow any experiment
      node to answer ARPs for the public IP addresses; we can't know a priori
      which node should answer -- and it could change.
      
      This closes #353 .
      798f9b6f
  9. 06 Dec, 2017 2 commits
  10. 05 Dec, 2017 1 commit
  11. 29 Nov, 2017 4 commits
  12. 22 Nov, 2017 1 commit
  13. 21 Nov, 2017 4 commits
  14. 17 Nov, 2017 5 commits
  15. 16 Nov, 2017 1 commit
    • David Johnson's avatar
      Add support for Arch Linux. · f797a96b
      David Johnson authored
      This is pretty minimal "support", but it is working.  I have some
      uncommitted fixes for event/linktest/iperf, however, as mentioned in
      issue #351.
      f797a96b
  16. 15 Nov, 2017 2 commits
    • Elijah Grubb's avatar
      Built out emulabizatization of docker alpine · 134e809f
      Elijah Grubb authored
      The organization of the code follows the guidelines set by the
      ubuntu version extremely closely. Big differences to notice are
      some of the package name changes switching from apt-get to apk,
      the requirement of the --disable-ssl flag when running the configure
      command for pubsub and the methodology required to build a custom
      apk package to use our custom runit. Apk has lots of issues and
      argues against building a new .apk package as root, so
      runit-artifacts.sh creates a new user, gives them super user permissions,
      adds them to the abuild group and runs the runit-packager.sh script
      as this new user. Design of this solution was focused on doing as
      much as possible while remaining in root. Enjoy!
      134e809f
    • Mike Hibler's avatar
      Remove old /etc/rsyslog.d/60-emulab when installing. · 4217aaa0
      Mike Hibler authored
      Replaced by 40-emulab.
      4217aaa0
  17. 14 Nov, 2017 1 commit
  18. 10 Nov, 2017 1 commit
  19. 09 Nov, 2017 1 commit
  20. 08 Nov, 2017 1 commit
  21. 07 Nov, 2017 1 commit
  22. 06 Nov, 2017 1 commit
  23. 02 Nov, 2017 1 commit
  24. 27 Oct, 2017 3 commits