GitLab

This checkin adds the necessary NS and client-side changes.

You get such a firewall by creating a firewall object and doing:

	$fw set-type ipfw2-vlan

In addition to the usual firewall setup, it sets the firewall node command
line to boot "/kernel.fw" which is an IPFW2-enabled kernel with a custom
bridge hack.

The client-side setup for firewalled nodes is easy: do nothing.

The client-side setup for the firewall is more involved, using vlan devices
and bridging and all sorts of geeky magic.

Note finally that I don't yet have a decent set of default rules for anything
other than a completely open firewall.  The rules might be slightly different
than for the "software" firewall since they are applied at layer2 (and we want
them just to be applied at layer2 and not multiple times)

Made a pass over tar file related things:

	* os/install-tarfile: Added support for bzip2 compressed files and
	fixed the '.tgz' regex (it detected '.tar.tgz' before).  Also
	binmode'd some file handles to squelch a warning on Redhat 9.

	* tbsetup/fetchtar.proxy.in: Added 'https' as a valid protocol for
	URLs and 'tar.bz2' as a valid extension.  Changed the wget call to
	do 'timestamping', which means it should only download files that
	have changed since the last download.

	* tbsetup/tarfiles_setup.in: More 'https' and '.tar.bz2' stuff.
	When downloading tarballs, copy the file name extension from the
	URL onto the local file name so 'install-tarfile' can figure out
	how to decompress it properly.

	* tbsetup/ns2ir/tb_compat.tcl.in: Added a bunch of checks to the
	tb-set-node-tarfiles function.

	* www/faq.html, www/tutorial/nscommands.html,
	www/tutorial/tutorial.html: Flesh out and clean up tarfile related
	documentation.  Also added anchors for the individual functions so
	you can link to them from other pages.

pub key, root password, etc. Currently just returning the pub key,
which I stuck into a site variable. I need this for inner elab so that
the standard image can be used; root ssh from inner boss will fail
unless the pub key is changed, and we certainly do not want to have to
create special images for inner elab nodes, unless we want to of
course.

* Add password option to pass in initial elabman password on the
  command line.

* Call Rob's firstuser script with password to set up the initial
  account and project.

* Startup elvind and apache.

* Run initial named configuration and install named files, then start
  up named.

* Create the initial experiments, now that all the above daemons are
  running.

The basic idea here is that you no longer need to reboot ops or boss
when installing Emulab. Run the ops install, then run the boss
install. Then reboot (ops first of course). This should make the
initial setup synchronization slightly easier, I hope ...

xmlconvert won't choke on it.

delay:2, you get delay-pc600:2 (or delay-pc850:2, etc.). With this,
you can do this in your NS file:

	namespace eval TBCOMPAT {
	  set hwtypes(delay-pc600) 1
	}
	tb-make-hard-vtype delay delay-pc600

which will cause delays to be pc600. The TB_COMPAT is a temp thing,
until Rob comes back and tells us a better way to do this.

template files. This is rather simplistic, but should suffice for
generating a working set of files that can then be customized by the
site as needed.

BIG TODO: Deal with multiple reverse maps when the netmask is greater
then /24, and requires a set of reverse maps, not just one.

cron.

Wrap description in htmlspecialchars() call to avoid ' and " looking
like end of string terminators, thus confusing the browser. We
probably have this problem in a few other places.

FreeBSD), and Bison (on CygWin, and presumably Linux.)

Details: The #include lex.yy.c in tg.y used to be in the epilog code, after
the second %% line.  This worked in Yacc, which generates the yyparse()
function at the end.  But it caused many identifiers to be used before known
in Bison, which puts the yyparse() function in the middle where the rules are.

Moving the #include lex.yy.c to the prolog, before the %} line, fixed things
in Bison, but left yylex and yylval undefined at the crucial moments in Yacc.
I added the necessary forward declarations in the prolog and epilog and now
it builds on both flavors.

* Reorder and reorg slightly the ports install section to deal with
  the case where the ports are already installed from packages before
  calling boss-install.

* Install initial self signed apache cert/key from the ssl directory
  so that apache will run right away. Also make sure that startup file
  in /usr/local/etc/rc.d is renamed so it runs at bootup.

* Build and install testbed tree from boss-install. This is nice for
  inner elab, but might not be such a good idea for real installations
  cause it goes away for a really long time, and cause the output from
  the make is lost. Rob, suggestions? Maybe just redirect the output
  and tell the user about it?

* Install newly created dhcpd.conf template file, and generate a new
  dhcpd.conf file from it. Also, touch /var/db/dhcpd.leases or else
  dhcpd breaks. How stupid is that?

passed to nodes at bootup (by tmcd).

option to pass initial password on command line. Both options used when
setting up elabinelab.

	SFSSUPPORT=0
	DISABLE_NSE=1

cause I do not want to deal with these yet (if ever) in inner elab.

(I was once confused because I thought the same code was being executed twice)

botching their sshd setup due to some code I added.

(config files) can be localized:

	C                      = @SSLCERT_COUNTRY@
	ST                     = @SSLCERT_STATE@
	L                      = @SSLCERT_LOCALITY@
	O                      = @SSLCERT_ORGNAME@

Which are initialized locally to:

	SSLCERT_COUNTRY="US"
	SSLCERT_STATE="Utah"
	SSLCERT_LOCALITY="Salt Lake City"
	SSLCERT_ORGNAME="Utah Network Testbed"

Also added an "apache" target which will generate an initial cert/key
for the apache server. This is a self signed certificate of course, which
is fine for getting a new site off the ground. Note that the cert/key are
installed during by install/boss-install.

file to a tftp server.

Short term, will be used to periodically save off the configurations
of our switches for backup purposes.

Long-term, could be the start of automated configuration for Cisco
devices that reside within the testbed.

the hwdown experiment listing.  Just a simple hack I though.  Ye Gads!
That was painful.  On the plus side, I now know the different between all
those SQL join types :-)

Anyway, added a showlastlog variable in the SHOWNODES function.  Currently,
it only gets set if the pid/eid is emulab-ops/hwdown.  Eventually it could
be a parameter so it could be selected for any experiment.

Ack - we were doing the php4-extensions wrong. It's not good enough
to merely define (with -D) the WITH_ variables, they have to be set
to "yes"

Bump version number to 1.7