1. 30 Jul, 2018 1 commit
    • Leigh Stoller's avatar
      More OPSVM changes; now boss can be a XEN VM. The wrinkle here is that · fb85c44d
      Leigh Stoller authored
      if we need to assign a routable IP to boss, we also need a routable IP
      for the OPS VM, and the easiest way to do that is with an address
      pool (count=1). Also changes to pass that IP address to the XEN
      clientside code so that it alters the antispoofing firewall rules
      that every XEN VM gets.
      fb85c44d
  2. 06 Jun, 2016 1 commit
  3. 03 May, 2016 1 commit
  4. 28 Apr, 2016 1 commit
  5. 14 Mar, 2016 1 commit
  6. 01 Sep, 2015 1 commit
  7. 05 Mar, 2015 1 commit
  8. 05 Nov, 2014 1 commit
  9. 01 Jul, 2014 1 commit
  10. 26 Mar, 2014 1 commit
  11. 25 Mar, 2014 1 commit
    • Leigh Stoller's avatar
      Server side of firewall support for XEN containers. · 2faea2f3
      Leigh Stoller authored
      This differs from the current firewall support, which assumes a single
      firewall for an entire experiment, hosted on a dedicated physical
      node. At some point, it would be better to host the dedicated firewall
      inside a XEN container, but that is a project for another day (year).
      
      Instead, I added two sets of firewall rules to the default_firewall_rules
      table, one for dom0 and another for domU. These follow the current
      style setup of open,basic,closed, while elabinelab is ignored since it
      does not make sense for this yet.
      
      These two rules sets are independent, the dom0 rules can be applied to
      the physical host, and domU rules can be applied to specific
      containers.
      
      My goal is that all shared nodes will get the dom0 closed rules (ssh
      from local boss only) to avoid the ssh attacks that all of the racks
      are seeing.
      
      DomU rules can be applied on a per-container (node) basis. As
      mentioned above this is quite different, and needed minor additions to
      the virt_nodes table to allow it.
      2faea2f3
  12. 10 Mar, 2014 1 commit
    • Mike Hibler's avatar
      Support "no NFS mount" experiments. · 5446760e
      Mike Hibler authored
      We have had the mechanism implemented in the client for some time and
      available at the site-level or, in special cases, at the node level.
      New NS command:
      
          tb-set-nonfs 1
      
      will ensure that no nodes in the experiment attempt to mount shared
      filesystems from ops (aka, "fs"). In this case, a minimal homdir is
      created on each node with basic dotfiles and your .ssh keys. There will
      also be empty /proj, /share, etc. directories created.
      
      One additional mechanism that we have now is that we do not export filesystems
      from ops to those nodes. Previously, it was all client-side and you could
      mount the shared FSes if you wanted to. By prohibiting the export of these
      filesystems, the mechanism is more suitable for "security" experiments.
      5446760e
  13. 11 Dec, 2013 1 commit
    • Mike Hibler's avatar
      The parser-side of persistent blockstore support. · 09177fb2
      Mike Hibler authored
      In parse-ns, we generate a list of accessible blockstores and put that in
      the .input file. The accessiblity check right now is just that the blockstore
      (actually lease) pid must match that of the experiment. This needs to be
      generalized.
      
      The blockstore set-lease command verifies that the asked-for lease matches
      one of those accessible blockstores. If it does, it make sure the correct
      size and other info wind up in the virt_blockstores table. Less obviously,
      but of critical importance, it emits a "lease" virt_blockstore_attribute
      with the correct lease index. This attributes gets converted into the
      desire that is added by vtopgen to the .vtop file.
      09177fb2
  14. 06 May, 2013 3 commits
    • Kirk Webb's avatar
      Finish validity checks for local blockstores. · 4573d92b
      Kirk Webb authored
      Mike unearthed another round of things we need to check to keep users
      from shooting themselves in the foot too readily.  Made it through
      a fairly complete set of input tests and came up with a couple of additional
      checks myself.
      4573d92b
    • Kirk Webb's avatar
      Updates for local node stuff. · f95fadff
      Kirk Webb authored
      f95fadff
    • Kirk Webb's avatar
      Refactor some of the blockstore object code into finalize() · d228f1e3
      Kirk Webb authored
      Move some of the hacky duplicate functionality code for blockstore objects
      into a finalize() method, called by sim.tcl's run() method.  This code
      does last minute validity checks and assignments (e.g., putting the disk
      space desire onto node objects).  Added the code here to check for
      overlapping mount points where blockstores are attached to real nodes
      (local storage).
      d228f1e3
  15. 01 May, 2013 1 commit
  16. 30 Apr, 2013 3 commits
    • Kirk Webb's avatar
      Add complete local node storage support from parser down to tcmd. · dab52801
      Kirk Webb authored
      Doing this required adding columns to the virt and physical blockstores
      tables to mark the attributes that will be considered for mapping.
      Unmarked entries just flow through to the client-side.
      
      This commit also introduces filesystem support in the form of passing
      through a mount point to the client-side.  It is left to the client to
      decide what filesystem and fs options to use to setup the space, including
      any logical volume aggregation required to support the request.
      dab52801
    • Kirk Webb's avatar
      Parser hacks for blockstores · bb2563cf
      Kirk Webb authored
      * Translate bandwidth spec "~" to 10Kbps, and complain if any other value
        is used on a lan with blockstores.
      
      * Allow blockstores to be fixed to nodes.  Shunt through cases where the
        node a blockstore is fixed to isn't a blockstore pseudo-VM via a
        features / desires hack.  We do this to avoid having a more heavyweight
        blockstore pseudo-VM representation show up when users just want more
        local disk space setup on their nodes.
      bb2563cf
    • Leigh Stoller's avatar
      Add physical memory accounting for openvz/xen nodes. The total · 11752432
      Leigh Stoller authored
      amount a physical has is stored in the node types table, and the
      per-vm memory requirement is stored in the nodes table. ptopgen
      adds up usage, and subtracts from the total for the ptop file.
      The vtop number comes from a virt_node_attribute table, and we
      pass this through to the client side. Note that this is less
      important for openvz, more so for XEN.
      
      In the NS file:
      
      	tb-set-node-memory-size $node 1024
      
      Number is in MBs. The mapper defaults this to 128 for openvz and 256
      for xen. Maximum is hardwired to 256 and 512 respectively. Need to
      think about a good way to configure this in.
      11752432
  17. 26 Nov, 2012 1 commit
  18. 21 Nov, 2012 1 commit
  19. 25 Oct, 2012 1 commit
    • Kirk Webb's avatar
      Add subnode relationship for blockstores. · 3c06a7c8
      Kirk Webb authored
      Yucky stuff to create parent host objects for blockstores on the
      fly, and to insert these hosts into lans when the blockstore shows up in
      lan member lists.
      
      Add "best effort" symbol ("~") to parser for bandwidth spec.
      
      Also adjust the copyright dates on new files.
      3c06a7c8
  20. 11 Oct, 2012 1 commit
  21. 10 Oct, 2012 1 commit
  22. 24 Sep, 2012 1 commit
    • Eric Eide's avatar
      Replace license symbols with {{{ }}}-enclosed license blocks. · 6df609a9
      Eric Eide authored
      This commit is intended to makes the license status of Emulab and
      ProtoGENI source files more clear.  It replaces license symbols like
      "EMULAB-COPYRIGHT" and "GENIPUBLIC-COPYRIGHT" with {{{ }}}-delimited
      blocks that contain actual license statements.
      
      This change was driven by the fact that today, most people acquire and
      track Emulab and ProtoGENI sources via git.
      
      Before the Emulab source code was kept in git, the Flux Research Group
      at the University of Utah would roll distributions by making tar
      files.  As part of that process, the Flux Group would replace the
      license symbols in the source files with actual license statements.
      
      When the Flux Group moved to git, people outside of the group started
      to see the source files with the "unexpanded" symbols.  This meant
      that people acquired source files without actual license statements in
      them.  All the relevant files had Utah *copyright* statements in them,
      but without the expanded *license* statements, the licensing status of
      the source files was unclear.
      
      This commit is intended to clear up that confusion.
      
      Most Utah-copyrighted files in the Emulab source tree are distributed
      under the terms of the Affero GNU General Public License, version 3
      (AGPLv3).
      
      Most Utah-copyrighted files related to ProtoGENI are distributed under
      the terms of the GENI Public License, which is a BSD-like open-source
      license.
      
      Some Utah-copyrighted files in the Emulab source tree are distributed
      under the terms of the GNU Lesser General Public License, version 2.1
      (LGPL).
      6df609a9
  23. 04 Sep, 2012 1 commit
  24. 01 Aug, 2012 1 commit
    • Leigh Stoller's avatar
      This commit adds some simple support for using the Infiniband on the · 997b21b5
      Leigh Stoller authored
      Probe Cluster. The problem is that the IFB is a shared network that
      every node attaches to, which can looks like an ethernet device that
      can ifconfig'ed. In other words, one big lan.
      
      But we still want the user to be able to create a lan so that they can
      interact with it in thei NS file like any other network.
      
      The NS syntax is:
      
      	set lan2 [$ns make-lan "node1 node2 node3" * 0ms]
      	tb-set-switch-fabric $lan2 "infiniband"
      
      The switch fabric tells the backend to do IP assignment for the
      specific global network. Yes, I tried to be a little but general
      purpose. Lets see how this actually turns out.
      
      This first commit treats the fabric as a single big lan on the same
      subnet.
      
      NOTE 1: Since the unroutable IP space is kinda small, but the Probe
      Cluster is really big, we can easily run out of bits if we tried to do
      assignment on virtual topos. Instead, fabrics get their IP allocation
      at swapin time, and the allocations are deleted when the experiment is
      swapped out. The rationale is that the number of swapped in
      experiments is much much smaller then the number of possible topos
      that can be loaded into the DB. Still might run out, but less likely.
      
      The primary impact of above is that IP assignments can change from
      one swap to another, but this is easy to deal with if the user is
      scripting their experiment; the IP allocation is available via the
      XMLRPC interface.
      
      NOTE 2: The current code allocates from a single big network, which
      makes it easy for users to mess each other up if they start doing
      things by hand. Ultimately, we want each lan in each experinent to use
      their own subnet, but that is going to take more work, so lets do it
      in the second phase.
      
      The definition of "network fabrics" is in the new network_fabrics
      tables. As an example for probe:
      
      	INSERT INTO `network_fabrics` set
      		idx=NULL,
      		name='ifband',
      		created=now(),
      		ipalloc=1, ipalloc_onenet=1,
      		ipalloc_subnet='192.168.0.0',ipalloc_netmask='255.255.0.0'
      997b21b5
  25. 26 Mar, 2012 1 commit
  26. 08 Feb, 2012 1 commit
  27. 17 Jan, 2012 1 commit
  28. 12 Jan, 2012 1 commit
  29. 28 Nov, 2011 1 commit
  30. 10 Aug, 2011 1 commit
    • Leigh Stoller's avatar
      Plumb multi image load through from the NS frontend. In other words, · 33b312d7
      Leigh Stoller authored
      you can do this in your NS file:
      
      tb-set-node-loadlist $myboss FBSD73-S2,FBSDXX-FOO
      
      Note that this does not replace tb-set-node-os(), cause that is a
      little too special. So in practice, you would do:
      
      tb-set-node-os $myboss FBSD73-STD
      tb-set-node-loadlist $myboss FBSD73-S2,FBSDXX-FOO
      33b312d7
  31. 15 Jun, 2011 1 commit
  32. 08 Jun, 2011 1 commit
  33. 04 Apr, 2011 1 commit
    • David Johnson's avatar
      Add client side service and service hook configuration commands. The · 25711c9c
      David Johnson authored
      valid service/env/whence tuples are specified in the client_services
      table.  Only services that exist in that table can be configured -- so
      if rc.ifconfig is only configurable at boot, every time, the user can
      only add hooks (or control the service) for rc.ifconfig at boot, every
      time (so not in the load env, nor only once).
      
      Users can either specify a script that gets turned into a per-experiment
      blob, OR they can specify a static blob that they already created in the
      blobs table via mkblob.  They can't do both though.
      
      tb-set-node-service "rc.foo" \
          -node (""|$node) -env (boot|load) -whence (every|first) \
          -script "/path/to/script" -scriptblob "<blobid>" \
          -enable (0|1) -enablehooks (0|1) -fatal (0|1)
      
      All options are "optional".  Even if you disable a service, its hooks
      are enabled by default.  Services can now be fatal.
      
      tb-add-node-service-hook "rc.foo" \
          -node (""|$node) -env (boot|load) -whence (every|first) \
          -script "/path/to/script" -scriptblob "<blobid>" \
          -op (boot|shutdown|reconfig|reset) -point (pre|post) \
          -argv "" -fatal (0|1)
      25711c9c
  34. 16 Nov, 2010 1 commit
    • Kevin Atkinson's avatar
      Add support for all node "tb-set-tarfiles". · a0d0c95e
      Kevin Atkinson authored
      "tb-set-tarfiles" is like "tb-set-node-tarfiles" except that it
      distributes the tarfile to all nodes rather than just one and that it
      uses frisbee to distribute the file.
      
      These changes involved 1) refactoring frisbee info from images table
      into a new table, frisbee_blobs, 2) a new experiment_blobs table, and
      3) a new tmcd command so the node knows how to get the files from the
      server.
      
      The changes where designed to be general purpose enough to eventually
      support:
        1) Distributing arbitrary files (not just tarfiles) to nodes
        2) Perform arbitrary actions on those files
        3) Use arbitrary methods to get the files
      
      As such the tmcd line is as follows:
        URL=* ACTION=*
      
      where URL is currently:
        frisbee.mcast://<ADDR>/<FILE>
      for example
        frisbee.mcast://234.16.184.192:18092/users/kevina/home-dir.tar.gz
      and when we get around to using a master Frisbee server it could be
        frisbee://*
      or it could be a file://, http://, etc.
      
      and ACTION is currently:
        unpack:<LOCATION>
      for example
        unpackt:/users
      with future syntax to be determined.
      a0d0c95e
  35. 29 Oct, 2010 1 commit
  36. 21 Oct, 2010 1 commit