1. 19 Nov, 2017 1 commit
    • Leigh Stoller's avatar
      Some small changes: · c7acad6c
      Leigh Stoller authored
      1. Add WebTask support for communicating back to the web interface and
         the Geni interface. Especially helpful for the case that a dataset
         needs admin approval.
      
      2. Some changes related to above to make it easier to pass back the
         reason for nor approving.
      
      3. Small semantic change to -C (always create) which I added for the
         Geni path a while back. It now means always create but respect the
         approval decision. In other words, if a dataset would need approval
         cause it is too big, create the dataset but mark it as needing
         approval and send mail. -C used to mean always create and approve.
         The new approach is a better fit for the Portal/Geni path.
      c7acad6c
  2. 09 Nov, 2017 1 commit
    • Mike Hibler's avatar
      Introduce a "failed" state for resource allocation. · 7e13f79b
      Mike Hibler authored
      If a background resource allocation fails, we put the lease in the "failed"
      state instead of destroying it. There were some ripple effects, specifically,
      the lease_daemon now checks for "failed" leases and send messages to us at
      the same frequency as for "unapproved" leases. The correct response here is
      almost certainly to destroy the lease, though you can put it back in the
      "unapproved" state (via modlease) and try to approve it to see what happened.
      
      Also add background mode to approvelease since it can do time consuming
      resource allocation.
      
      Nit: cleanup logfiles used in backgroud operation.
      7e13f79b
  3. 07 Nov, 2017 1 commit
    • Mike Hibler's avatar
      Changes to the way lease (dataset) creation works: · 65b1e100
      Mike Hibler authored
       * A failure to allocate resources results in the embryonic dataset being
         destroyed. Previously, we would just leave it "unapproved". This means
         that, for a background lease creation, either the lease will eventually
         wind up in the "valid" state (success) or it will disappear (failure).
      
       * If creation fails early due to a policy violation, we exit with the
         value 2. Other early (non-background) exits will be 1 or -1 (255).
         This allows the a calling script to easily differentiate policy
         violations (for which the user might want to appeal via -U) from other
         more serious failures.
      65b1e100
  4. 06 Oct, 2016 1 commit
  5. 29 Aug, 2016 1 commit
  6. 16 Oct, 2015 1 commit
    • Mike Hibler's avatar
      New sitevar to set a default per-project dataset quota. · e6e123f2
      Mike Hibler authored
      In createdataset, if the "usequotas" sitevar is set for the dataset type in
      question but a quota does not exist for the dataset's project, we create
      a quota object using the value from the new "default_quota" sitevar for that
      dataset type. If that sitevar does not exist or has a value of zero, we do
      NOT create a quota object and hence createdataset will fail.
      e6e123f2
  7. 26 May, 2015 1 commit
  8. 15 May, 2015 1 commit
    • Leigh Stoller's avatar
      Directory based image paths. · 3a21f39e
      Leigh Stoller authored
      Soon, we will have images with both full images and deltas, for the same
      image version. To make this possible, the image path will now be a
      directory instead of a file, and all of the versions (ndz,sig,sha1,delta)
      files will reside in the directory.
      
      A new config variable IMAGEDIRECTORIES turns this on, there is also a check
      for the ImageDiretories feature. This is applied only when a brand new
      image is created; a clone version of the image inherits the path it started
      with. Yes, you can have a mix of directory based and file based image
      descriptors.
      
      When it is time to convert all images over, there is a script called
      imagetodir that will go through all image descriptors, create the
      directory, move/rename all the files, and update the descriptors.
      Ultimately, we will not support file based image paths.
      
      I also added versioning to the image metadata descriptors so that going
      forward, old clients can handle a descriptor from a new server.
      3a21f39e
  9. 12 Mar, 2015 1 commit
  10. 05 Mar, 2015 1 commit
  11. 27 Jan, 2015 1 commit
    • Leigh Stoller's avatar
      Two co-mingled sets of changes: · 85cb063b
      Leigh Stoller authored
      1) Implement the latest dataset read/write access settings from frontend to
         backend. Also updates for simultaneous read-only usage.
      
      2) New configure options: PROTOGENI_LOCALUSER and PROTOGENI_GENIWEBLOGIN.
      
         The first changes the way that projects and users are treated at the
         CM. When set, we create real accounts (marked as nonlocal) for users and
         also create real projects (also marked as nonlocal). Users are added to
         those projects according to their credentials. The underlying experiment
         is thus owned by the user and in the project, although all the work is
         still done by the geniuser pseudo user. The advantage of this approach
         is that we can use standard emulab access checks to control access to
         objects like datasets. Maybe images too at some point.
      
         NOTE: Users are not removed from projects once they are added; we are
         going to need to deal with this, perhaps by adding an expiration stamp
         to the groups_membership tables, and using the credential expiration to
         mark it.
      
         The second new configure option turns on the web login via the geni
         trusted signer. So, if I create a sliver on a backend cluster when both
         options are set, I can use the trusted signer to log into my newly
         created account on the cluster, and see it (via the emulab classic web
         interface).
      
         All this is in flux, might end up being a bogus approach in the end.
      85cb063b
  12. 12 Nov, 2014 1 commit
  13. 11 Nov, 2014 1 commit
    • Leigh Stoller's avatar
      Add gid to project_leases, and allow creation in subgroups. · d859078e
      Leigh Stoller authored
      This is not exposed to users, the main reason for this is so that the name
      space for leases (datasets) is per-group instead of per-project. We need
      this when creating datasets via the geni interface (backend to APT), since
      all leases are created in the holding project. Without a subgroup, we would
      run into name collisions on the backend. It also gives us finer access
      permission control for the same reason.
      
      Note that I yanked out the lease cache from Lease.pm (not worth the
      trouble), and I expanded Lookup to allow for the usual variety of
      possibilities that we allow in other Lookup methods.
      d859078e
  14. 28 Oct, 2014 1 commit
  15. 25 Oct, 2014 1 commit
  16. 30 Jan, 2014 1 commit
  17. 29 Jan, 2014 1 commit
  18. 06 Jan, 2014 1 commit
    • Mike Hibler's avatar
      Add support for lease extention (renewal). · 9a6cdeae
      Mike Hibler authored
      Add CLI for extending a lease (called extenddataset on ops). The length
      of the extension and the number of times it can be extended are controlled
      by site variables.
      9a6cdeae
  19. 03 Jan, 2014 4 commits