1. 04 Apr, 2002 4 commits
    • Leigh Stoller's avatar
      First round of ssl'ification of tmcd/tmcc. This needs to be looked at · ffe40d2e
      Leigh Stoller authored
      by smarter brains by me (I have asked Dave to look it over). Anyway ...
      
      I added a top level ssl directory which has a bunch of goo for
      creating certificates and keys.  I currently create a Certificate
      Authority, a server certificate, and a client certificate. The private
      keys for all three are unencrypted, so no password is required. All
      key/cert combos can be installed on boss. The client side needs the
      key/cert pair (in one file), and the CA cert (no key!). There are
      install targets to do this. NOTE, you do not want to create/install
      these without being careful, since you could instantly invalidate all
      the clients!
      
      I have added the necessary SSL routines to tmcd/tmcc. See the ssl.c
      and ssl.h file. I have set it up so that with all you need to do is
      uncomment three lines in the makefile, and accept,connect,read,write,
      and close are redirected to SSL'ified versions in ssl.c. The current
      security model is that the client and server both "demand" certificate
      verification from the other side (as opposed to just server side
      verification). tmcd reads in server.pem, while tmcc reads in
      client.pem. Both read in the emulab.pem (CA cert with no private
      key).
      
      Initial testing indicates I have done this at least partially
      correctly. Whoever invented this stuff has a really twisted mind
      though. There are some questions at the top of ssl.c that need to be
      answered.
      
      Oh, also redid all the syslog stuff throughout tmcd.
      ffe40d2e
    • Robert Ricci's avatar
      Added /var to the list of filesystems that need to be exported to · 9440d3dd
      Robert Ricci authored
      the other control node.
      9440d3dd
    • Mac Newbold's avatar
    • Shashi Guruprasad's avatar
      08e87b81
  2. 03 Apr, 2002 10 commits
  3. 02 Apr, 2002 10 commits
  4. 01 Apr, 2002 12 commits
    • Robert Ricci's avatar
      Transition to tmcd and event-based node state reporting. · 44311142
      Robert Ricci authored
      Changed scripts that used the 'eventstatus' column to use the more
      descriptively-named 'eventstate' column.
      
      The FreeBSD and Linux starup scripts report a 'REBOOTED' state to tmcd
      when they start, and 'ISUP' when the starup script is done.
      
      node_reboot and power now send TBNODESTATE/REBOOTING events.
      44311142
    • Robert Ricci's avatar
      d28e8767
    • Abhijeet Joglekar's avatar
    • Robert Ricci's avatar
      Fixed some event-system constants · d28662b8
      Robert Ricci authored
      d28662b8
    • Leigh Stoller's avatar
      Minor fixes and cleanups. · 9253e03b
      Leigh Stoller authored
      9253e03b
    • Leigh Stoller's avatar
      Add back in my program-agent lines. · 66701c41
      Leigh Stoller authored
      66701c41
    • Robert Ricci's avatar
      New perl event system functions: EventSend{,Warn,Fatal}() These · e58adf16
      Robert Ricci authored
      basically work like the libdb.pm functions of the same name (and in
      fact much of the code was stolen from there.)
      
      Provides a simple single function call to send events. Intended for
      use in scripts whose primary purpose is _not_ to interface with the
      event system, like power and node_reboot. If more control/efficiency
      is required (for example, these functions reconnect to the event
      system every time they're called) , it's better to use the C-like API.
      
      Example call:
      EventSendFatal(objtype   => "TBEXAMPLE",
                     eventtype => $ARGV[0],
                     host      => "*" );
      e58adf16
    • Robert Ricci's avatar
      stated now gets intstalled in @prefix@/sbin · aa2bd0a2
      Robert Ricci authored
      aa2bd0a2
    • Robert Ricci's avatar
      Added a new exported constant, TB_BOSSNODE, that just contains the · a841a9f8
      Robert Ricci authored
      value of the BOSSNODE configure variable.
      a841a9f8
    • Robert Ricci's avatar
      Removed an extra slash from the description of how to make the · a7759760
      Robert Ricci authored
      makeLinkOutput function.
      a7759760
    • Leigh Stoller's avatar
    • Leigh Stoller's avatar
      First cut at supporting RON (or more generally, remote nodes). · bd587829
      Leigh Stoller authored
      * tmcd/ron: A new directory of client code, based on the freebsd
        client code, but scaled back to the bare minimum. Does only account
        and group file maintenance. I redid the account stuff so that only
        emulab accounts are operated on. Does not require a stub file, but
        instead keeps a couple of local dbm files recording what groups and
        accounts were added by Emulab. There is a ton of paranoia checking
        to make sure that local accounts are not touched.
      
        The update script that runs on the client node detaches so that the
        ssh from boss returns immediately. update can also be run from the
        node periodically and at boottime. The script is installed setuid
        root, but checks to make sure that *only* root or "emulabman" has
        invoked it.
      
      * utils/sshremote: New file. For remote nodes, instead of using sshtb,
        use sshremote, which ssh's in as "emulabman", which needs to be a
        local non-root user, but with an authorized_keys file containing
        boss' public key.
      
      * web interface changes: Allow user to specify his own public key in
        addition to the emulab key.
      
        Add option in showexp page to update accounts on nodes in the
        experiment. I was originally intending to do this from approveuser,
        but this was easier and faster. I will add an option to do it on the
        approveuser page later.
      
      * libdb.pm: Add a TBIsNodeRemote() query to see if a node is in the
        local testbed or a pcRemote node. Currently, this test is hardwired
        to a check for class=pcRemote, but this will need to change to a
        node_types property at some point.
      
      * node_update: Reorg so that there is a maximum number of children
        created. Previously, a child was forked for each node, but that
        could chew up too many processes, especially for remote nodes which
        might hang up. For the same reason, we need to "lock" the experiment
        so that it cannot be terminated while a node_update is in progress.
        Might be to relax that, but this was easy for now. Also add
        distinction between local and remote, since for remote we use
        sshremote insted of sshtb. Various cleanup stuff
      
      * mkacct; When generating a new account, include user supplied pub key
        in the authorized keys file, in addition to the eumlab generated
        key. Both keys are stored in the DB in the users table. Anytime we
        update an account, get a fresh copy of the emulab pub key, in case
        user changes it.
      bd587829
  5. 29 Mar, 2002 4 commits