1. 08 Feb, 2019 1 commit
    • Leigh B Stoller's avatar
      Another set of changes for new geni-lib parameters. · 59259db3
      Leigh B Stoller authored
      * Use an emulabfeature to control what projects use the new ppwizard and
        geni-lib code. The feature is applied to the profile's project, since
        who is instantiating and what project it is instantiated into, does
        not really matter, the incompatible changes are also associated with
        the profile.
      
      * Run both versions of the ppwizard side by side, and flip between them
        when the user is using the profile picker.
      
      * The new version of geni-lib is /usr/testbed/opsdir/lib/geni-lib.new,
        we tell the genilab jail to use that directory when on the new path.
      
      * All of this is temporary.
      59259db3
  2. 13 Aug, 2015 1 commit
  3. 12 Aug, 2015 1 commit
    • Mike Hibler's avatar
      More tweaks. · 88a4a831
      Mike Hibler authored
      Loopback mount @TBROOT@/lib/geni-lib directory read-only in the jail.
      This way we don't have to copy geni-lib stuff into the base jail and worry
      about multiple versions. The version mounted in the jail can either be
      the standard version or a dev-tree version depending on which copy of the
      script is run.
      
      Create per-instance snapshots of the base jail rather than having one
      "current" snapshot that all instances used. Not as efficient, but allows
      us to update the base (e.g., with security fixes) without needing to
      remember to create a new "current" snapshot!
      
      Add -C option to just create a jail instance without running anything
      in it. Then you can use "jexec" to test stuff in the jail. Use the new
      -R option afterward to remove the instance.
      
      Try to sanitize the environment passed to the command script. We cannot
      just give it a "clean" environment because genilib passes stuff via the
      environment. So we get rid of SUDO_* and SSH_* and set the assorted USER*
      variables correctly. This may have to be refined depending on how much
      geni-lib scripts expect from the environment.
      88a4a831
  4. 11 Aug, 2015 1 commit
    • Mike Hibler's avatar
      Two versions of a python jail for running geni-lib scripts. · 794fe4d4
      Mike Hibler authored
      genilib-iocage uses the FreeBSD "iocage" jail management package to
      setup a jail, run the script, and teardown the jail. Unfortunately,
      this version is really, really slow (11 seconds for a one-shot jail).
      
      So instead we will use genilib-jail which uses the template jail instance
      I built using iocage, but creates the one-off jails by using raw zfs and
      jail commands. It runs in about 1.3 seconds. genilib-iocage is left in
      case the author speeds it up someday.
      
      N.B. these are NOT plug in replacements for rungenilib.proxy.in.
      In particular, the new scripts run as root and don't do any validation
      of the caller or arguments. So genilib-jail will be called from rungenilib
      for now (though I have not done that part yet!)
      794fe4d4