GitLab

is not killed, the image upload will fail, and it takes 30 minutes for
frisbeed to idle exit. We really need to know if the frisbeed process has
any clients for this.

add for VMs, but we were never deleting them and after a while
sshd refuses to start.

Do not remove iscsi startup files in the guest on XEN44.

XEN43-64-STD, but is XEN44-64-BIGFS on APT and probably Cloud.

to a local disk image we were creating a duplicate of the image via
image_import in the project of the experiment. Change LookupByURL() to
notice that the URL refers to a local disk image, and return that image.

the public IP of ops for the mounts.

exported. Does not appear to happen automatically.

In my cleanup of the "doaccounts" code, it looks like I was a bit
overzealous. The logic for detecting when a node is a shared vnode
host was incomplete, and so matched for the vnodes themselves too.

Apparently at some point in the past, wire info for new nodes moved into
its own table rather than using the switch_* fields of new_interfaces.
For Geniracks or if a certain feature is set, then this new style is used.

However, newscript unconditionally assumed the new format and generated
incomplete entries for non-Geniracks. Newscript now makes the same checks
as newnode.

Move the taint clearing action so that it happens as the node exits
the "reloading" experiment (vs. when it goes into reloading).

Also add utility function to allow the node to get the exact details of
the image it is running ('imageinfo').

Some of the taint checks are rather heavy-handed presently.  Pretty much
any vector that could be used by the user to do something as root has
been severed right at the top of the relevant tmcd calls.

Calls affected:

manifest ('blackbox' and 'useronly' taintstates)
rpms ('blackbox' and 'useronly' taintstates)
tarballs ('blackbox' and 'useronly' taintstates)
blobs ('blackbox' and 'useronly' taintstates)
startupcmd ('blackbox' taintstate)
mounts ('blackbox' taintstate)
programs ('blackbox' taintstate)

Taint handling for the 'accounts' call was dealt with in a prior commit.

Also fix incorrect check for a dictionary entry that doesn't exist.

Just in case the default route is via a VLAN device.

value beyond reasonable size.

Update some comments and rename GetAllowedLeases to AllowedLeases.

Minor consistency updates.

Two types of global permissions are supported:

* Anonymous read-only (to support users without local accounts).
* Read-only for users with local accounts.

Global permissions are added to leases by way of entries of type "global"
in the lease_permissions table.  The lease mod tool still needs to be
updated to make use of the updated library support here.

The new GetAllowedLeases() method in Lease.pm was reworked - it became
clear that this was needed as I did the global RO permissions stuff.

Also adjust some of the existing lease enumeration functions to take
a lease type selector argument.  Here is the comment above the
new GetAllowedLeases() method:

 Return a list of leases for which a user OR entire project has access.

 Permissions are determined as follows:
 * The owner of a lease always has full (RW) access
 * Users in a project with group_root or above trust always have full (RW)
   access to leases associated with that project.
 * Explicitly granted per-user and per-project permissions are extracted
   from the lease_permissions tables.

 Arguments:
 * upid - User OR Project object to lookup lease access for.
 * type - Optional lease type selector.  Restrict results to this type
          of lease.

 Returns: Array of lease objects the given principal (user or project) has
          access to.  To each of these lease objects, an "allow_modify"
          boolean is set, accessible via $leaseobj->allow_modify().

Project leases are now per-group, so we build a sub authority certificate
for a remote dataset so that on the remote side, it is created inside the
group named by the project on the local side.

Many bug fixes.