1. 29 Aug, 2019 1 commit
    • Mike Hibler's avatar
      Fix to jumbo-frames code. · 18b5c1cd
      Mike Hibler authored
      Went to all that trouble to define a per-link "jumboframes" capability...
      and then ignored it. 10Gb physical links with IPs were always getting
      set to jumbo frames.
      18b5c1cd
  2. 19 Jun, 2019 1 commit
    • Mike Hibler's avatar
      Further tweaks to jumbo frames code. · 571b4a14
      Mike Hibler authored
      Now use a sitevar, general/allowjumboframes, rather than MAINSITE
      to determine whether we should even attempt any jumbo frames magic.
      
      Use a per-link/lan setting rather than the hacky per-experiment
      setting to let the user decide if they want to use jumbos. In NS
      world, we already had a link/lan method (set-settings) to specify
      virt_lan_settings which is where it winds up now.
      
      Client-side fixes to make jumbos work with vnodes.
      571b4a14
  3. 17 May, 2019 1 commit
  4. 13 May, 2019 2 commits
  5. 26 Apr, 2019 3 commits
  6. 15 Apr, 2019 1 commit
    • Mike Hibler's avatar
      Initial steps to enable jumbo frames on experiment interfaces. · 33beb373
      Mike Hibler authored
      This is just mods to the tmcd "ifconfig" command to include an MTU= arg.
      Right now we don't have anything in the DB for MTU, so tmcd is just returning
      "MTU=" which says to not explicitly set the MTU.
      
      It also includes the basic client-side support which I have tested on a
      physical interface with MTU=1500. Further changes will be needed to DTRT
      on virtual interfaces and their physical carrier interface.
      
      But the hope is to get the client-side part nailed down before the next
      set of images are rolled, so that we will be ready when support for the
      front-side (UI and DB state) get added.
      33beb373
  7. 14 Mar, 2019 1 commit
  8. 22 Oct, 2018 1 commit
  9. 17 Aug, 2018 1 commit
  10. 08 Aug, 2018 1 commit
    • David Johnson's avatar
      Add Docker container blockstore support. · 9bf09981
      David Johnson authored
      Docker containers may be (and default to, and in the shared host case,
      must be) deprivileged; thus, they cannot mount devices, much less tell
      the kernel (via iscsi userspace tools, etc) to make devices.
      
      Therefore, we must setup any storage backing devices (temp LVs, iscsi
      attachments) outside the container.  This commit makes that possible for
      rc.storage and linux liblocstorage.  Basically, rc.storage now supports
      (for the Linux liblocstorage and Docker) the -j vnodeid calling
      convention; and if it's being called on behalf of a vnodeid, it uses
      per-vnodeid fstab for any mounts, storage.conf for its state; etc.
      
      I modified libvnode_docker to *not* create virtual networks for
      remote blockstore links, because those are pinned to /30s, and thus I
      have no client blockstore link address to place on a device in the root
      context.  However, I (ab)used the existing Docker network setup for the
      blockstore links, and that all happens the same as it used to; we just
      no longer create the Docker virtual network nor attach the container to
      it.
      
      Finally, I modified tmcd dostorageconfig slightly to return
      HOSTIP/HOSTMASK for remote blockstores; and now
      libsetup::getstorageconfig will use HOSTIP in preference to its own
      HOSTID->HOSTIP translation.  I had to do this so that libvnode_docker in
      the root context would not have to go through the mess of translating
      HOSTID on behalf of a vnode.
      9bf09981
  11. 07 May, 2018 1 commit
    • David Johnson's avatar
      Fix docker vnode rebuilds; return supporting image path info from tmcd. · 186c6b7b
      David Johnson authored
      Docker vnodes require the full image path anytime the vnode is created,
      even if the image in question already exists on the vhost.  This is
      because emulab custom docker images are fully-qualified with their
      hosting private registry, so we need that detail even if we're not
      re-pulling the image; i.e., if the vnode gets destroyed and recreated
      after its initial reload.
      186c6b7b
  12. 02 Apr, 2018 1 commit
  13. 26 Mar, 2018 1 commit
  14. 18 Jan, 2018 1 commit
  15. 17 Jan, 2018 1 commit
  16. 12 Dec, 2017 1 commit
    • David Johnson's avatar
      Add Linux exp firewall support for virt_node_public_addr addresses. · 798f9b6f
      David Johnson authored
      A new tmcd command, publicaddrinfo, just dumps the relevant bits of
      virt_node_public_addr to any node in an experiment that has addrs
      allocated (we don't want to restrict based on calling node_id or
      pool_id).
      
      Then the generic getfwconfig() function calls that, and sets some bits.
      I also extended this function to add some dynamic clientside vars
      (EMULAB_DOMAIN, EMULAB_EXPDOMAIN, EMULAB_PUBLICADDRS) so that user
      firewall rule writers can use them to refer to the control net IPs of
      nodes in their experiment (i.e., node-0.EMULAB_EXPDOMAIN); and so that
      rules can be written over EMULAB_PUBLICADDRS -- a command-delineated
      list of IP addrs).
      
      Finally, I extended the Linux firewalling code to allow any experiment
      node to answer ARPs for the public IP addresses; we can't know a priori
      which node should answer -- and it could change.
      
      This closes #353 .
      798f9b6f
  17. 02 Nov, 2017 1 commit
  18. 13 Oct, 2017 1 commit
  19. 13 Sep, 2017 1 commit
  20. 30 Aug, 2017 3 commits
  21. 26 Jul, 2017 1 commit
    • Mike Hibler's avatar
      Support for per-experiment root keypairs (Round 1). See issue #302. · c6150425
      Mike Hibler authored
      Provide automated setup of an ssh keypair enabling root to login without
      a password between nodes. The biggest challenge here is to get the private
      key onto nodes in such a way that a non-root user on those nodes cannot
      obtain it. Otherwise that user would be able to ssh as root to any node.
      This precludes simple distribution of the private key using tmcd/tmcc as
      any user can do a tmcc (tmcd authentication is based on the node, not the
      user).
      
      This version does a post-imaging "push" of the private key from boss using
      ssh. The key is pushed from tbswap after nodes are imaged but before the
      event system, and thus any user startup scripts, are started. We actually
      use "pssh" (really "pscp") to scale a bit better, so YOU MUST HAVE THE
      PSSH PACKAGE INSTALLED. So be sure to do a:
      
          pkg install -r Emulab pssh
      
      on your boss node. See the new utils/pushrootkeys.in script for more.
      
      The public key is distributed via the "tmcc localization" command which
      was already designed to handle adding multiple public keys to root's
      authorized_keys file on a node.
      
      This approach should be backward compatible with old images. I BUMPED THE
      VERSION NUMBER OF TMCD so that newer clients can also get back (via
      rc.localize) a list of keys and the names of the files they should be stashed
      in. This is used to allow us to pass along the SSL and SSH versions of the
      public key so that they can be placed in /root/.ssl/<node>.pub and
      /root/.ssh/id_rsa.pub respectively. Note that this step is not necessary for
      inter-node ssh to work.
      
      Also passed along is an indication of whether the returned key is encrypted.
      This might be used in Round 2 if we securely implant a shared secret on every
      node at imaging time and then use that to encrypt the ssh private key such
      that we can return it via rc.localize. But the client side script currently
      does not implement any decryption, so the client side would need to be changed
      again in this future.
      
      The per experiment root keypair mechanism has been exposed to the user via
      old school NS experiments right now by adding a node "rootkey" method. To
      export the private key to "nodeA" and the public key to "nodeB" do:
      
          $nodeA rootkey private 1
          $nodeB rootkey public 1
      
      This enables an asymmetric relationship such that "nodeA" can ssh into
      "nodeB" as root but not vice-versa. For a symmetric relationship you would do:
      
          $nodeA rootkey private 1
          $nodeB rootkey private 1
          $nodeA rootkey public 1
          $nodeB rootkey public 1
      
      These user specifications will be overridden by hardwired Emulab restrictions.
      The current restrictions are that we do *not* distribute a root pubkey to
      tainted nodes (as it opens a path to root on a node where no one should be
      root) or any keys to firewall nodes, virtnode hosts, delay nodes, subbosses,
      storagehosts, etc. which are not really part of the user topology.
      
      For more on how we got here and what might happen in Round 2, see:
      
          #302
      c6150425
  22. 07 Jul, 2017 1 commit
    • Leigh Stoller's avatar
      Deal with user privs (issue #309): · d1516912
      Leigh Stoller authored
      * Make user privs work across remote clusters (including stitching). I
        took a severe shortcut on this; I do not expect the Cloudlab portal
        will ever talk to anything but an Emulab based aggregate, so I just
        added the priv indicator to the user keys array we send over. If I am
        ever proved wrong on this, I will come out of retirement and fix
        it (for a nominal fee of course).
      
      * Do not show the root password for the console to users with user
        privs.
      
      * Make sure users with user privs cannot start experiments.
      
      * Do show the user trust values on the user dashboard membership tab.
      
      * Update tmcd to use the new privs slot in the nonlocal_user_accounts
        table.
      
      This closes issue #309.
      d1516912
  23. 19 Jun, 2017 1 commit
  24. 31 May, 2017 1 commit
  25. 16 May, 2017 1 commit
  26. 24 Mar, 2017 2 commits
    • Mike Hibler's avatar
      Semi-hack to ensure that Wisconsin nodes don't include their SSDs · fbe5f38f
      Mike Hibler authored
      in blockstore-related VGs.
      
      Right now, you have to decide globally and in advance, what disk types
      are going to be included in blockstore pools. Then you set the sitevar
      accordingly and then set the DB sysvol/nonsysvol/any node_type_features
      to reflect the amount of storage available on just drives of that type.
      
      This value is passed to clients via the otherwise unused PROTO field
      of the blockstore line (when CMD=SLICE and CLASS=local), so this change
      is backward compatible (OS images with older client code will ignore it
      and just give you blockstores including all the devices).
      
      So at Wisconsin, I set storage/local/disktype to "HDD-only" and tweak
      the node_type_attributes '?+disk_any' and '?+disk_nonsysvol' to not
      include the space for the 1 or 2 SSD drives in each machine. tmcd passes
      the PROTO=HDD-only value and the client sees that and does not include
      any SSD devices among the eligible devices from which to create the VG.
      
      The hope is that ultimately, we could get rid of the sitevar and use the
      PROTO field to select, per-blockstore, its type (only HDD, only SSD).
      But that will require additional per node (type) assign features
      differentiating the amount of each type available.
      fbe5f38f
    • Mike Hibler's avatar
  27. 31 Jan, 2017 2 commits
  28. 20 Jan, 2017 1 commit
    • Mike Hibler's avatar
      New 'subbossinfo' command. · d75093f8
      Mike Hibler authored
      When invoked by a subboss, returns key=value pairs from subboss_attributes
      for all services for that subboss. Will be used to configure subbosses,
      eliminating the need to customize startup scripts per-subboss.
      d75093f8
  29. 17 Jan, 2017 1 commit
    • Mike Hibler's avatar
      Implement heartbeat/status reports in Frisbee. · 2be46ba4
      Mike Hibler authored
      There are three pieces here, a change to the frisbee protocol itself, an
      Emulab event component to get status back to the portal, and the surrounding
      infrastructure to make it all work.
      
      Frisbee heartbeat messages:
      
      Added a new message type to the frisbee protocol, "Progress". In theory it
      operates by having the server send a multicast progress request to its clients
      which includes an interval at which to report (or "just once") and an
      indication of what to report (nothing, progress summary, or full stats). The
      client then sends unicast "fire and forget" UDP replies according to that
      schedule. However, I took a shortcut for the moment and just added a command
      line option to the client to tell it to report a summary at the indicated
      interval (-H <interval>).  So the server never sends requests.
      
      This is implemented in the client by a fourth thread since I wanted it to
      operate independent of packet reception (which would cause clients to report
      in a highly synchronized fashion due to multicast). The server instance just
      logs progress reports into its log.
      
      This protocol addition should be fully backward compatible as both client and
      server ignore (but log) unknown messages.
      
      Emulab progress report events:
      
      When this is compiled in (-DEMULAB_EVENTS) and turned on (-E <server>), the
      frisbee server instances will send a FRISBEEPROGRESS event to the indicated
      event server for every progress report it receives (in addition to logging the
      events to its own log). Right now it will create an event with key/value pairs
      for the information in a client summary reply:
      
      TSTAMP is the client's time at which it sends the event. Could be used by the
      received to determine latency of the report if it cared (and if it assumed
      that the clocks are in sync). We don't care about this.
      
      SEQUENCE is the report number. Again, could be used by the receiver, in this
      case to detect loss, if it cared. We don't.
      
      CHUNKS_RECV is complete chunks that the client has received from the network.
      CHUNKS_DECOMP is chunks decompressed by the client.  BYTES_WRITTEN is bytes
      written to disk by the client.
      
      Any of the three can be used by the event receiver as an indication of life
      and/or progress. However, only the last would be a reasonable indicator of
      time remaining since it is the last (and slowest) phase of imaging. To
      estimate time remaining we could compare that value to the amount of
      uncompressed data that is in the image. This makes the sketchy assumptions
      that time for writes to the disk are uniform and that the number and distance
      of seeks is uniform, but it is better than a sharp stick in the eye.
      
      Emulab infrastructure:
      
      There is a new sitevar "images/frisbee/heartbeat" which can be set to a
      non-zero value to tell the frisbee MFS to fire off frisbee with -H <value>
      and thus make reports. The default value of zero means to not make reports.
      The tmcd "loadinfo" command sends this through via the HEARTBEAT=<value>
      param.
      
      REQUIRED A TMCD VERSION BUMP TO 41.
      2be46ba4
  30. 17 Nov, 2016 1 commit
  31. 21 Oct, 2016 1 commit
    • Mike Hibler's avatar
      Fix assorted lint. · 4d94c464
      Mike Hibler authored
      Primarily I was after what was causing the occasional segfault.
      That problem was caused by calling tmcc on a node that was free.
      Seems we were derefing some NULL columns returned by mysql because
      we assumed that there would always be a row in experiments for the
      node in question.
      
      Since I do need to call tmcd from the "pxewait" initramfs on Moonshot
      ARM nodes, I cleaned up this assumption.
      4d94c464
  32. 18 Oct, 2016 1 commit
  33. 04 Oct, 2016 1 commit