1. 26 Mar, 2003 1 commit
    • Leigh Stoller's avatar
      Add "gid" slot to the images table for changing permission scheme from · 4c56daf6
      Leigh Stoller authored
      only pid, to pid/gid like most other things in the testbed. Also add a
      "global" slot to denote images that are globally available to all
      projects (system images). The older "shared" attribute is now used to
      denote images that are shared within a project (available to all
      subgroups in the project). The migration path for existing DBs is
      given in the migrate file. Be sure to run those commands on an
      existing testbed or things will break!
      
      www/newimageid, www/newimageid_ez: A bunch of changes for
      shared/global attributes. Added a group menu to the form so users can
      create images in subgroups. Beefed up the Java code that constructs
      the path name to use the gid, shared, and global attributes of the
      form to give the user the best possible path that we can. Improved the
      pathname checking code so that we do not allow just any old path in
      case the user elects to disregard the path we carefully constructed
      for them. Also check the proj/group membership, and setup defaults for
      users that have permission in just one pid/gid to create images.
      
      libdb.in: Changed permission check in TBImageIDAccessCheck() to
      reflect shared/global attribute changes.
      
      os_load: Get rid of test that checked path of the image. The path
      checking is done in the web interface anyway, so why duplicate in 4
      places. Other minor changes reflecting shared->global name change.
      Also note that images can come from the group directory now.
      
      create_image: Get rid of test that checked path of the image. The path
      checking is done in the web interface anyway, so why duplicate in 4
      places. Also note that images can come from the group directory now.
      
      www/dbdefs: Changed permission check in TBImageIDAccessCheck() to
      reflect shared/global attribute changes.
      
      www/showimageid_list, www/showstuff: Minor global/shared attribute
      changes.
      
      www/menu: Change osids/imageids pointer to point to the image list,
      not the osid list. This is more reasonable for mere users who have
      access to the EZ form, and thus never really need to concern
      themselves with osids.
      
      www/editimageid: Add proper pathname checking. There were no checks at
      all before!
      4c56daf6
  2. 14 Mar, 2003 1 commit
  3. 07 Mar, 2003 1 commit
    • Mac Newbold's avatar
      A few changes to stated: · 92fa4ae2
      Mac Newbold authored
       - fix bad indenting to a uniform 4 spaces (before was 2, 4 and 8 mixed)
       - Move ping-for-isup functionality into a separate script
       - Make sure every transition triggered by stated (directly or indirectly)
         sends an event, instead of taking shortcuts.
      
      This called for a new script, eventping, which just pings until the node
      is pingable, then sends an ISUP event. Stated runs this in the background
      where necessary, and nothing else should run it.
      
      Adding eventping meant modifying configure and the utils makefile, too.
      92fa4ae2
  4. 05 Mar, 2003 1 commit
  5. 13 Feb, 2003 2 commits
  6. 18 Dec, 2002 1 commit
    • Kirk Webb's avatar
      · 09c57e3b
      Kirk Webb authored
      When an image is created successfully, a message stating this fact is printed
      to the log.
      
      More importantly, I fixed a bug in the NFS slack factor logic which resulted
      in create_image waiting forever for progress to be made.
      09c57e3b
  7. 10 Dec, 2002 1 commit
    • Kirk Webb's avatar
      · fc985a64
      Kirk Webb authored
      Modified the timeout logic in create_image to track the image creation progress
      (size) rather than simply waiting a certain amount of time.  Also changed the
      code to report progress at regularly spaced intervals (adjustable), and
      to indicate when the timeout timer has been activated, or halted due to
      progress.  The changes also include an NFS cache slack factor, which makes
      the effective non-progress timeout equal to the sum of the slack time, plus
      the non-progress time (currently 3 + 5 = 8 minutes).
      
      Some changes were made to the error and cleanup logic to help revert the
      state of the DB and node as much as possible (node is not rebooted if the
      DB state cannot first be reverted) prior to exit.
      fc985a64
  8. 06 Dec, 2002 2 commits
  9. 22 Oct, 2002 1 commit
  10. 18 Oct, 2002 1 commit
    • Mac Newbold's avatar
      Merge the newstated branch with the main tree. · 5c961517
      Mac Newbold authored
      Changes to watch out for:
      
      - db calls that change boot info in nodes table are now calls to os_select
      
      - whenever you want to change a node's pxe boot info, or def or next boot
      osids or paths, use os_select.
      
      - when you need to wait for a node to reach some point in the boot process
      (like ISUP), check the state in the database using the lib calls
      
      - Proxydhcp now sends a BOOTING state for each node that it talks to.
      
      - OSs that don't send ISUP will have one generated for them by stated
      either when they ping (if they support ping) or immediately after they get
      to BOOTING.
      
      - States now have timeouts. Actions aren't currently carried out, but they
      will be soon. If you notice problems here, let me know... we're still
      tuning it. (Before all timeouts were set to "none" in the db)
      
      One temporary change:
      
      - While I make our new free node manager daemon (freed), all nodes are
      forced into reloading when they're nfreed and the calls to reset the os
      are disabled (that will move into freed).
      5c961517
  11. 17 Sep, 2002 1 commit
  12. 04 Sep, 2002 1 commit
  13. 26 Aug, 2002 2 commits
    • Leigh Stoller's avatar
      Rework all of the ssh key handling. Moved the parsing and verification · ae77bdb6
      Leigh Stoller authored
      to an external perl script, and use ssh-keygen to attempt conversion
      off SSH2/SECSH key formats. This is actually a simplification of the
      php code, which is not generally very good at this kind of thing (or
      maybe I mean perl is just better at it). The parsing and error
      handling it also much improved.
      ae77bdb6
    • Leigh Stoller's avatar
      Minor reorg of cvsupd startup. It now gets started by perl script that · 541a3586
      Leigh Stoller authored
      flips the uid/gid to nobody/nobody. It would be good to run this in a
      chroot shell, but that would be difficult given that we cannot easily
      rebuild cvsupd (modula-3). The right solution is to either run it in a
      jail or to move it to ops.
      
      Note, files in the sup tree obviously have to be world readable for
      cvsupd to send them off.
      541a3586
  14. 26 Jul, 2002 1 commit
  15. 22 Jul, 2002 1 commit
  16. 07 Jul, 2002 1 commit
  17. 01 Jul, 2002 1 commit
  18. 24 Jun, 2002 3 commits
  19. 19 Jun, 2002 1 commit
  20. 13 Jun, 2002 1 commit
  21. 05 Jun, 2002 1 commit
    • Leigh Stoller's avatar
      Changes to sshtb. Remove sshremote, and convert sshtb into a perl · 231fc2b1
      Leigh Stoller authored
      script that checks the database to see if local or remote. The problem
      with this is that the ssh syntax makes it hard to determine the host
      name by inspection. Would need to parse all the ssh args (bad idea),
      ot work backwards and try to figure out the difference between the
      command (which is not a string but a sequence of args) and the host
      and the preceeding ssh args. Hell with that! Changed sshtb to require
      a specific -host argument. Read the args and look for it. Error out of
      not found, to catch improper usage.
      
      The moral of this update: "sshtb [ssh args] -host <host> [more args ...]
      231fc2b1
  22. 23 May, 2002 2 commits
  23. 12 May, 2002 1 commit
  24. 17 Apr, 2002 1 commit
  25. 01 Apr, 2002 1 commit
    • Leigh Stoller's avatar
      First cut at supporting RON (or more generally, remote nodes). · bd587829
      Leigh Stoller authored
      * tmcd/ron: A new directory of client code, based on the freebsd
        client code, but scaled back to the bare minimum. Does only account
        and group file maintenance. I redid the account stuff so that only
        emulab accounts are operated on. Does not require a stub file, but
        instead keeps a couple of local dbm files recording what groups and
        accounts were added by Emulab. There is a ton of paranoia checking
        to make sure that local accounts are not touched.
      
        The update script that runs on the client node detaches so that the
        ssh from boss returns immediately. update can also be run from the
        node periodically and at boottime. The script is installed setuid
        root, but checks to make sure that *only* root or "emulabman" has
        invoked it.
      
      * utils/sshremote: New file. For remote nodes, instead of using sshtb,
        use sshremote, which ssh's in as "emulabman", which needs to be a
        local non-root user, but with an authorized_keys file containing
        boss' public key.
      
      * web interface changes: Allow user to specify his own public key in
        addition to the emulab key.
      
        Add option in showexp page to update accounts on nodes in the
        experiment. I was originally intending to do this from approveuser,
        but this was easier and faster. I will add an option to do it on the
        approveuser page later.
      
      * libdb.pm: Add a TBIsNodeRemote() query to see if a node is in the
        local testbed or a pcRemote node. Currently, this test is hardwired
        to a check for class=pcRemote, but this will need to change to a
        node_types property at some point.
      
      * node_update: Reorg so that there is a maximum number of children
        created. Previously, a child was forked for each node, but that
        could chew up too many processes, especially for remote nodes which
        might hang up. For the same reason, we need to "lock" the experiment
        so that it cannot be terminated while a node_update is in progress.
        Might be to relax that, but this was easy for now. Also add
        distinction between local and remote, since for remote we use
        sshremote insted of sshtb. Various cleanup stuff
      
      * mkacct; When generating a new account, include user supplied pub key
        in the authorized keys file, in addition to the eumlab generated
        key. Both keys are stored in the DB in the users table. Anytime we
        update an account, get a fresh copy of the emulab pub key, in case
        user changes it.
      bd587829
  26. 04 Mar, 2002 1 commit
  27. 01 Mar, 2002 1 commit
  28. 12 Feb, 2002 1 commit
  29. 08 Feb, 2002 1 commit
    • Leigh Stoller's avatar
      Big round of image/osid changes. This is the first cut (final cut?) at · a73e627e
      Leigh Stoller authored
      supporting autocreating and autoloading images. The imageid form now
      sports a field to specify a nodeid to create the image from; If set,
      the backend create_image script is invoked. Thats the easy part.
      Slightly harder is autoloading images based on the osid specified in
      the NS file. To support this, I have added a new DB table called
      osidtoimageid, which holds the mapping from osid/pctype to imageid.
      When users create images, they must specify what node types that image
      is good for. Obviously, the mappings have to be unique or it would be
      impossible to figure it out! Anyway, once that image mapping is
      in place and the image created, the user can specify that ID in the NS
      file. I've changed os_setup to to look for IDs that are not loaded,
      and to try and find one in the osidtoimageid. If found, it invokes
      os_load. To keep things running in parallel as much as possible,
      os_setup issues all the loads/reboots (could be more than a single set
      of loads is multiple IDs are in the NS file) at once, and waits for
      all the children to exit. I've hacked up os_load a bit to try and be
      more robust in the face of PXE failures, which still happen and are
      rather troublsesome. Need an event system!
      
      Contained in this revision are unrelated changed to make the OS and
      Image IDs per-project unique instead of globally unique, since thats a
      pain for the users. This turns out to be very messy, since underneath
      we do not want to pass around pid/ID in all the various places its
      used. Rather, I create a globally unique name and extened the OS and
      Image tables to include pid/name/ID. The user selects pid/name, and I
      create the globally unique ID. For the most part this is invisible
      throughout the system, except where we interface with the user, say in
      the web pages; the user should see his chosen name where possible, and
      the should invoke scripts (os_load, create_image, etc) using his/her
      name not the internal ID. Also, in the front end the NS file should
      use the user name not the ID. All in all, this accounted for a number
      of annoying changes and some special cases that are unavoidable.
      a73e627e
  30. 01 Feb, 2002 3 commits
    • Robert Ricci's avatar
      Added some checks for key types, etc. that are currently not used in · 6d6d755b
      Robert Ricci authored
      the testbed database anywhere. Otherwise, they could accidentally be
      mistaken for columns.
      
      Now, all table options (the 'create_definition' rule in the MySQL
      documentation for 'CREATE TABLE') are recognized.
      6d6d755b
    • Robert Ricci's avatar
    • Robert Ricci's avatar
      New script: schemadiff - a script to sync up the schemas of two · 83341399
      Robert Ricci authored
      databases. This script is not quite ready for usage - I've done some
      testing, but more testing shuld be done before it's widely used.
      
      From the usage message:
      Prints on stdout a set of SQL commands to change the database
      from file1 so that it has the same schema as the database from
      file2 (same argument order as diff)
      
      The files given are the output of mysqldump for the two databases -
      the dump ouput can contain oly column definitions, or it can contain
      row information (which is ignored.)
      
      This script can find and fix: created/dropped tables, created/dropped
      columns, columns that have had type chages, renamed columns, changes
      in primary and other (non-primary) keys. It keeps columns in order
      when creating new tables and adding columns.
      
      There a few things that I still want to do with this script:
      
      Make a framework for populating columns. For example, if column 'foo'
      is added, it would look in some location for a script that would
      populate this column.
      
      Create a wrapper that connects to the database to be updated, backs it
      up, locks all tables, applies the changes, and can recover if
      something goes wrong.
      
      Add a 'safe mode' (which would be the default), which won't remove
      columns or tables.
      
      There are a few caveats:
      
      Columns that have been _both_ renamed and had their type changed will
      be dropped and re-created, since it's impossible to detect this case.
      
      There may be some ordering issues. For example, the primary key for a
      table may need to be dropped before you can allow a column that used
      to be in the primary key in the primary key to contain NULLs.
      
      Will only work in one direction - a master-slave type relationship. If
      used between databases that have _both_ been changed, changes in the
      database being updated first will be lost.
      83341399
  31. 24 Jan, 2002 1 commit
  32. 23 Jan, 2002 1 commit