All new accounts created on Gitlab now require administrator approval. If you invite any collaborators, please let Flux staff know so they can approve the accounts.

  1. 28 Aug, 2014 1 commit
  2. 20 Aug, 2014 1 commit
  3. 28 Jul, 2014 1 commit
  4. 15 Jul, 2014 1 commit
    • Kirk Webb's avatar
      Add taint checks at various places to enforce node restrictions · 797f83dd
      Kirk Webb authored
      A bit overdue, but here they are.
      
      * Disallow image creation for any taint state on node/image
      * Disallow console access for "blackbox" and "useronly" states
      * Disallow node_admin for "blackbox" and "useronly" states
      
      TB Admins are exempt from these restrictions.
      797f83dd
  5. 10 Jul, 2014 1 commit
  6. 01 Jul, 2014 1 commit
  7. 16 Apr, 2014 1 commit
  8. 29 Jan, 2014 1 commit
  9. 22 Jan, 2014 1 commit
  10. 06 Jan, 2014 1 commit
    • Mike Hibler's avatar
      Add support for lease extention (renewal). · 9a6cdeae
      Mike Hibler authored
      Add CLI for extending a lease (called extenddataset on ops). The length
      of the extension and the number of times it can be extended are controlled
      by site variables.
      9a6cdeae
  11. 03 Jan, 2014 1 commit
  12. 24 Jul, 2013 1 commit
  13. 26 Mar, 2013 1 commit
  14. 11 Feb, 2013 1 commit
  15. 14 Nov, 2012 1 commit
    • Leigh B Stoller's avatar
      Move rpm/tar download from boss to ops, to avoid wasted network traffic. · f37cd9dc
      Leigh B Stoller authored
      To turn this option on, define SPEWFROMOPS=1 in your defs file. This
      will result in a redirect message from boss which will send the wget
      client over to ops. 
      
      A perl setuid root cgi script is run from the webserver on ops when a
      /spewrpmtar request is made. This script sends the key,nodeid,file
      over to boss via XMLRPC (as elabman). The return is simple yes or no,
      the caller is allowed (not allowed) to have that file. Since the
      ops script runs as root, it can spew the file back to the caller.
      
      Note that the elabinelab checks for the elabinelab source code are
      gone; we are now open source. Also, we spew that file from /share now,
      to be consistent.
      f37cd9dc
  16. 24 Sep, 2012 1 commit
    • Eric Eide's avatar
      Replace license symbols with {{{ }}}-enclosed license blocks. · 6df609a9
      Eric Eide authored
      This commit is intended to makes the license status of Emulab and
      ProtoGENI source files more clear.  It replaces license symbols like
      "EMULAB-COPYRIGHT" and "GENIPUBLIC-COPYRIGHT" with {{{ }}}-delimited
      blocks that contain actual license statements.
      
      This change was driven by the fact that today, most people acquire and
      track Emulab and ProtoGENI sources via git.
      
      Before the Emulab source code was kept in git, the Flux Research Group
      at the University of Utah would roll distributions by making tar
      files.  As part of that process, the Flux Group would replace the
      license symbols in the source files with actual license statements.
      
      When the Flux Group moved to git, people outside of the group started
      to see the source files with the "unexpanded" symbols.  This meant
      that people acquired source files without actual license statements in
      them.  All the relevant files had Utah *copyright* statements in them,
      but without the expanded *license* statements, the licensing status of
      the source files was unclear.
      
      This commit is intended to clear up that confusion.
      
      Most Utah-copyrighted files in the Emulab source tree are distributed
      under the terms of the Affero GNU General Public License, version 3
      (AGPLv3).
      
      Most Utah-copyrighted files related to ProtoGENI are distributed under
      the terms of the GENI Public License, which is a BSD-like open-source
      license.
      
      Some Utah-copyrighted files in the Emulab source tree are distributed
      under the terms of the GNU Lesser General Public License, version 2.1
      (LGPL).
      6df609a9
  17. 21 Jun, 2012 1 commit
    • Leigh B Stoller's avatar
      Horrible kludge for 16 group limit. · 03a4da39
      Leigh B Stoller authored
      The geniuser is now over 16 groups, so try to figure out what project
      the action is going to take place, and use just those groups. This is
      temporary cause Mike says FreeBSD8 8 pushes the limit up to 1024.
      Yippie! When we upgrade, just revert this crap.
      03a4da39
  18. 06 Sep, 2011 1 commit
  19. 30 Aug, 2011 1 commit
  20. 17 Aug, 2011 1 commit
  21. 02 Jun, 2011 1 commit
  22. 18 Mar, 2011 1 commit
  23. 18 Feb, 2011 1 commit
  24. 04 Feb, 2011 1 commit
    • Mike Hibler's avatar
      Add compat fix for inner elabs and new frisbee master server. · c5900ee5
      Mike Hibler authored
      It should not be necessary to do anything to you inner elab infrastructure
      to make it work in the New World.  Eventually, those with elabinelabs should
      update/rebuild/install their Emulab software on boss/ops and update their
      MFSes so they too will use a master server.
      c5900ee5
  25. 03 Feb, 2011 1 commit
  26. 15 Dec, 2010 1 commit
  27. 16 Nov, 2010 1 commit
    • Kevin Atkinson's avatar
      Add support for all node "tb-set-tarfiles". · a0d0c95e
      Kevin Atkinson authored
      "tb-set-tarfiles" is like "tb-set-node-tarfiles" except that it
      distributes the tarfile to all nodes rather than just one and that it
      uses frisbee to distribute the file.
      
      These changes involved 1) refactoring frisbee info from images table
      into a new table, frisbee_blobs, 2) a new experiment_blobs table, and
      3) a new tmcd command so the node knows how to get the files from the
      server.
      
      The changes where designed to be general purpose enough to eventually
      support:
        1) Distributing arbitrary files (not just tarfiles) to nodes
        2) Perform arbitrary actions on those files
        3) Use arbitrary methods to get the files
      
      As such the tmcd line is as follows:
        URL=* ACTION=*
      
      where URL is currently:
        frisbee.mcast://<ADDR>/<FILE>
      for example
        frisbee.mcast://234.16.184.192:18092/users/kevina/home-dir.tar.gz
      and when we get around to using a master Frisbee server it could be
        frisbee://*
      or it could be a file://, http://, etc.
      
      and ACTION is currently:
        unpack:<LOCATION>
      for example
        unpackt:/users
      with future syntax to be determined.
      a0d0c95e
  28. 22 Sep, 2010 1 commit
  29. 08 Sep, 2010 1 commit
  30. 03 Sep, 2010 1 commit
    • Ryan Jackson's avatar
      XML-RPC: Run frisbeelauncher as root for subboss · 59857b38
      Ryan Jackson authored
      Subbosses authenticate to the XML-RPC server as elabman, which means the
      resulting server process runs as the elabman user.  Unfortunately, this
      doesn't work well when the subboss wants to launch a frisbeed for an
      image for which elabman doesn't have read permission (like images under
      /proj).
      
      To fix this, a setuid wrapper script is run instead of trying to run
      frisbeelauncher directly.  This script makes sure the calling user is
      elabman, and then becomes root and execs frisbee_launcher.
      59857b38
  31. 17 Aug, 2010 1 commit
    • Ryan Jackson's avatar
      Run frisbeelauncher as admin for subbosses · c27127bb
      Ryan Jackson authored
      Subbosses make XMLRPC requests as the user 'elabman' which doesn't
      belong to any projects, and therefore has no rights to non-global
      images.  The easiset way to solve this is to run frisbeelauncher with
      admin privileges when a subboss requests it.
      
      We already check to make sure the requesting user has permission to use
      the image in libosload well before we hand the request to the subboss,
      so if the subboss requests the image we can trust it.
      c27127bb
  32. 02 Jul, 2010 1 commit
  33. 29 Jun, 2010 1 commit
  34. 23 Jun, 2010 2 commits
  35. 18 Jun, 2010 1 commit
  36. 28 May, 2010 1 commit
    • Leigh B Stoller's avatar
      Fixes to elabinelab vlan creation. I am not actually sure why things · ed69a9bf
      Leigh B Stoller authored
      broke, but I decided that relying on stdout vs stderr in the xmlrpc
      server, to return results is a bad plan. Instead, the rpc server
      passes a new option to specify an output file that snmpit.proxyv2
      should write the results to. After the proxy runs, grab the contents
      of that file and send back to the calling elabinelab.
      
      Note that you will need to update tbsetup/snmpit_remote.in and install
      it, in your elabinelab.
      ed69a9bf
  37. 15 Apr, 2010 1 commit
  38. 23 Mar, 2010 1 commit
  39. 22 Mar, 2010 1 commit
    • Leigh B Stoller's avatar
      Finish up user deletion. The big visible change is that when a user is · 2965922b
      Leigh B Stoller authored
      deleted, they still remain in the user table with a status of
      "archived", but since all the queries in the system now use uid_idx
      instead of uid, it is safe to reuse a uid since they are no longer
      ambiguous. 
      
      The reason for not deleting users from the users table is so that the
      stats records can refer to the original record (who was that person
      named "mike"). This is very handy and worth the additional effort it
      has taken.
      
      There is no way to ressurect a user, but it would not be hard to add.
      2965922b