-
Leigh B. Stoller authored
* Hacky tmcd redirection. If the reserved table slot tmcd_redirect is set, return redirect spec that tells the client tmcc to drop the connection and retry the server at the new location, using the vnode id that is part of the redirection string. Note that tmcd_redirect is set on the remote emulab by the Geni startsliver code. * Neuter the privkey stuff that we require of remote nodes. In fact, its already only required for RON nodes, and rather then yet another exception, just kill it. It offers us nothing. * Neuter the ssl client verification. This is where we verify the client certificate has a CN field with the type of the node equal to type the DB says it is. This is also a pointless check since is offers us nothing additional; the client certificate already had to be signed by us. Tired of adding special cases to the code for each new node type. * Temporary neutering of the requirement that all remote nodes use ssl to talk to tmcd. The problem here is that remote nodes on other testbeds will not have the proper certificate on their images, and so they will not be able to talk to our tmcd. Since we do not return anything sensitive via tmcd, I have relaxed this requirement for now, and changed the check so that functions with newly added flag F_REMREQSSL will not be allowed unless it is ssl. For the protogeni code this will do since I only need a few things. * For tmcd on the remote testbeds, there is new code in doaccounts that will return accounts and ssh keys from the nonlocal users table. This table is set up by the Geni libraries during sliver creation (from the registry entry for the slice).
f28bbfa6