1. 01 Apr, 2002 2 commits
    • Robert Ricci's avatar
      stated now gets intstalled in @prefix@/sbin · aa2bd0a2
      Robert Ricci authored
      aa2bd0a2
    • Leigh B. Stoller's avatar
      First cut at supporting RON (or more generally, remote nodes). · bd587829
      Leigh B. Stoller authored
      * tmcd/ron: A new directory of client code, based on the freebsd
        client code, but scaled back to the bare minimum. Does only account
        and group file maintenance. I redid the account stuff so that only
        emulab accounts are operated on. Does not require a stub file, but
        instead keeps a couple of local dbm files recording what groups and
        accounts were added by Emulab. There is a ton of paranoia checking
        to make sure that local accounts are not touched.
      
        The update script that runs on the client node detaches so that the
        ssh from boss returns immediately. update can also be run from the
        node periodically and at boottime. The script is installed setuid
        root, but checks to make sure that *only* root or "emulabman" has
        invoked it.
      
      * utils/sshremote: New file. For remote nodes, instead of using sshtb,
        use sshremote, which ssh's in as "emulabman", which needs to be a
        local non-root user, but with an authorized_keys file containing
        boss' public key.
      
      * web interface changes: Allow user to specify his own public key in
        addition to the emulab key.
      
        Add option in showexp page to update accounts on nodes in the
        experiment. I was originally intending to do this from approveuser,
        but this was easier and faster. I will add an option to do it on the
        approveuser page later.
      
      * libdb.pm: Add a TBIsNodeRemote() query to see if a node is in the
        local testbed or a pcRemote node. Currently, this test is hardwired
        to a check for class=pcRemote, but this will need to change to a
        node_types property at some point.
      
      * node_update: Reorg so that there is a maximum number of children
        created. Previously, a child was forked for each node, but that
        could chew up too many processes, especially for remote nodes which
        might hang up. For the same reason, we need to "lock" the experiment
        so that it cannot be terminated while a node_update is in progress.
        Might be to relax that, but this was easy for now. Also add
        distinction between local and remote, since for remote we use
        sshremote insted of sshtb. Various cleanup stuff
      
      * mkacct; When generating a new account, include user supplied pub key
        in the authorized keys file, in addition to the eumlab generated
        key. Both keys are stored in the DB in the users table. Anytime we
        update an account, get a fresh copy of the emulab pub key, in case
        user changes it.
      bd587829
  2. 28 Mar, 2002 1 commit
    • Robert Ricci's avatar
      New script: stated · 447bb8a5
      Robert Ricci authored
      Watches for events sent by TMCD regarding the state of nodes. Records
      this information in the database. Also watches for nodes that undergo
      invalid state transitions, or stay in the same state for too long.
      Right now, the only action it takes is to send email, but in the
      future, will take action to 'unstick' nodes.
      
      Not yet installed by default.
      447bb8a5
  3. 25 Mar, 2002 1 commit
  4. 22 Mar, 2002 1 commit
    • Leigh B. Stoller's avatar
      New "program agent" that runs on the client nodes (freebsd and linux) · 187a3a18
      Leigh B. Stoller authored
      and reponds to PROGRAM events. Currently, just start and stop. Start
      takes a COMMAND= argument, and allows arbitrary command lines since I
      pass the whole thing off to the shell. Caveat; the agent runs as root
      and starts the program as root. You can has as many program objects in
      your NS file as you like, but each one can be started once; you have
      to either stop or wait for the old one to finish before trying to
      start again.
      187a3a18
  5. 11 Mar, 2002 1 commit
    • Leigh B. Stoller's avatar
      Rename exports_setup.proxy and console_setup.proxy to .in versions and · 589d4872
      Leigh B. Stoller authored
      remove the originals, so that we can run the files through configure.
      
      NOTE: I wanted to keep the RCS history intact so I went over to the
      CVS directory on moab and copied the ,v file to the new names, and
      then did a normal cvs remove the originals. This keeps the RCS history
      going without screwing up anyone. Not a recommended approach, but what
      the hell.
      589d4872
  6. 07 Mar, 2002 1 commit
  7. 05 Mar, 2002 1 commit
  8. 04 Mar, 2002 1 commit
    • Robert Ricci's avatar
      New script: schemacheck - Checks to see if the currently-running database · e42f812d
      Robert Ricci authored
      matches the one in the checked-out source.
      
      This now gets called as part of the 'boss-install' target, to guard
      against installing software that is out-of-sync with the running
      database. It is skipped if @prefix@ is not /usr/testbed, to avoid
      getting in the way of development.
      
      If you want to bypass this check, use the 'boss-install-force' target.
      Use of this, however, is not recommended.
      e42f812d
  9. 01 Mar, 2002 1 commit
  10. 27 Feb, 2002 4 commits
  11. 24 Feb, 2002 1 commit
  12. 21 Feb, 2002 1 commit
    • Leigh B. Stoller's avatar
      Some whacking of the event system. I have implemented the addressing · 8305021f
      Leigh B. Stoller authored
      scheme that we discussed in email. Notifications and subscriptions now
      take an "address_tuple" argument (I know, crappy name) that is a
      structure that looks like this:
      
      	char		*site;		/* Which Emulab site. God only */
      	char		*expt;		/* Project and experiment IDs */
      	char		*group;		/* User defined group of nodes */
      	char		*host;		/* A specific host */
      	char		*objtype;	/* LINK, TRAFGEN, etc ... */
              char		*objname;	/* link0, cbr0, cbr1, etc ... */
              char		*eventtype;	/* START, STOP, UP, DOWN, etc ... */
      
      These can be a specific value, ADDRESSTUPLE_ANY if you are a
      subscriber, or ADDRESSTUPLE_ALL if you are a producer. The reason for
      the distinction is that you can optimize the match expression with the
      extra bit of information, and the above structure can make for a
      fairly lengthy match expression, which takes more time of course.
      You should use address_tuple_alloc() and address_tuple_free() rather
      than allocating them yourself. Note that host above is actually the
      ipaddr of control interface. This turns out to be more convenient
      since free nodes do not have virtual names.
      
      Also added a new tbgen directly. This directory includes 3 programs in
      the making:
      
      tbmevd: Is the Testbed Master Event Daemon, to be run on boss and will
      handle TBCONTROL events (reboot, reload, etc). It is just a shell of a
      program right now, that takes the events but does not do anything
      useful with them. Have not defined what the events are, and what DB
      state will be modified.
      
      tbmevc: Is the Testbed Master Event Client (akin to tmcc). It
      generates TBCONTROL events which the tbmevd will pick up and do
      something useful with. This program is intended to be wrapped by a
      perl script that will ask the tmcd for the name of the boss (running
      the event daemon).
      
      sample-client: This is a little client to demonstrate how to connect
      to the event system and use the address tuple to subscribe to events,
      and then how to get information out of notifications.
      
      Note that I have not created a proper build environment yet, so new
      programs should probably go in the event dir for now, and link using
      the same approach as in tbgen/GNUmakefile.in.
      8305021f
  13. 19 Feb, 2002 2 commits
  14. 14 Feb, 2002 1 commit
    • Leigh B. Stoller's avatar
      Respond to Shashi's message that users can cause the parser to go into · e45c4905
      Leigh B. Stoller authored
      an infinite loop rather easily via the NS file TCL hooks. Added a
      perl wrapper around parse.tcl called parse-ns, which forks a child to
      run the parser. The parser is invoked "nice +10" and the CPU limit for
      the child is set to 60 seconds, which should be enough for any parse.
      If the limit is exceeded, send email to tbops since this indicates a
      big problem or a user being dumb/malicious.
      e45c4905
  15. 12 Feb, 2002 1 commit
  16. 11 Feb, 2002 1 commit
  17. 08 Feb, 2002 2 commits
    • Leigh B. Stoller's avatar
      Kill of savevlans since its simply a snapshot of DB state, and not · c8c2b569
      Leigh B. Stoller authored
      very useful by itself anyway.
      c8c2b569
    • Leigh B. Stoller's avatar
      Big round of image/osid changes. This is the first cut (final cut?) at · a73e627e
      Leigh B. Stoller authored
      supporting autocreating and autoloading images. The imageid form now
      sports a field to specify a nodeid to create the image from; If set,
      the backend create_image script is invoked. Thats the easy part.
      Slightly harder is autoloading images based on the osid specified in
      the NS file. To support this, I have added a new DB table called
      osidtoimageid, which holds the mapping from osid/pctype to imageid.
      When users create images, they must specify what node types that image
      is good for. Obviously, the mappings have to be unique or it would be
      impossible to figure it out! Anyway, once that image mapping is
      in place and the image created, the user can specify that ID in the NS
      file. I've changed os_setup to to look for IDs that are not loaded,
      and to try and find one in the osidtoimageid. If found, it invokes
      os_load. To keep things running in parallel as much as possible,
      os_setup issues all the loads/reboots (could be more than a single set
      of loads is multiple IDs are in the NS file) at once, and waits for
      all the children to exit. I've hacked up os_load a bit to try and be
      more robust in the face of PXE failures, which still happen and are
      rather troublsesome. Need an event system!
      
      Contained in this revision are unrelated changed to make the OS and
      Image IDs per-project unique instead of globally unique, since thats a
      pain for the users. This turns out to be very messy, since underneath
      we do not want to pass around pid/ID in all the various places its
      used. Rather, I create a globally unique name and extened the OS and
      Image tables to include pid/name/ID. The user selects pid/name, and I
      create the globally unique ID. For the most part this is invisible
      throughout the system, except where we interface with the user, say in
      the web pages; the user should see his chosen name where possible, and
      the should invoke scripts (os_load, create_image, etc) using his/her
      name not the internal ID. Also, in the front end the NS file should
      use the user name not the ID. All in all, this accounted for a number
      of annoying changes and some special cases that are unavoidable.
      a73e627e
  18. 29 Jan, 2002 1 commit
    • Robert Ricci's avatar
      New script: interswitch · da928f5a
      Robert Ricci authored
      A simple little script to find links/lans that cross between switches,
      and print them out (including which switches they use, and how many
      members they have on each switch.)
      da928f5a
  19. 24 Jan, 2002 1 commit
    • Robert Ricci's avatar
      New script: dbcheck . Beginngs of a database consistency checker. · 441dfb4a
      Robert Ricci authored
      Right now, it loads foreign key information from the foreign_keys
      table of the database, and prints out information on rows that fail
      the consistency checks.
      
      The plan is that it will eventually check more things, such as the
      existence of files references in the database.
      441dfb4a
  20. 18 Jan, 2002 3 commits
  21. 09 Jan, 2002 1 commit
  22. 08 Jan, 2002 1 commit
  23. 07 Jan, 2002 1 commit
    • Leigh B. Stoller's avatar
      Checkpoint first working version of Frisbee Redux. This version · 86efdd9e
      Leigh B. Stoller authored
      requires the linux threads package to give us kernel level pthreads.
      
      From: Leigh Stoller <stoller@fast.cs.utah.edu>
      To: Testbed Operations <testbed-ops@fast.cs.utah.edu>
      Cc: Jay Lepreau <lepreau@cs.utah.edu>
      Subject: Frisbee Redux
      Date: Mon, 7 Jan 2002 12:03:56 -0800
      
      Server:
      The server is multithreaded. One thread takes in requests from the
      clients, and adds the request to a work queue. The other thread processes
      the work queue in fifo order, spitting out the desrired block ranges. A
      request is a chunk/block/blockcount tuple, and most of the time the clients
      are requesting complete 1MB chunks. The exception of course is when
      individual blocks are lost, in which case the clients request just those
      subranges.  The server it totally asynchronous; It maintains a list of who
      is "connected", but thats just to make sure we can time the server out
      after a suitable inactive time. The server really only cares about the work
      queue; As long as the queue si non empty, it spits out data.
      
      Client:
      The client is also multithreaded. One thread receives data packets and
      stuffs them in a chunkbuffer data structure. This thread also request more
      data, either to complete chunks with missing blocks, or to request new
      chunks. Each client can read ahead up 2 chunks, although with multiple
      clients it might actually be much further ahead as it also receives chunks
      that other clients requested. I set the number of chunk buffers to 16,
      although this is probably unnecessary as I will explain below. The other
      thread waits for chunkbuffers to be marked complete, and then invokes the
      imagunzip code on that chunk. Meanwhile, the other thread is busily getting
      more data and requesting/reading ahread, so that by the time the unzip is
      done, there is another chunk to unzip. In practice, the main thread never
      goes idle after the first chunk is received; there is always a ready chunk
      for it. Perfect overlap of I/O! In order to prevent the clients from
      getting overly synchronized (and causing all the clients to wait until the
      last client is done!), each client randomizes it block request order. This
      why we can retain the original frisbee name; clients end up catching random
      blocks flung out from the server until it has all the blocks.
      
      Performance:
      The single node speed is about 180 seconds for our current full image.
      Frisbee V1 compares at about 210 seconds. The two node speed was 181 and
      174 seconds. The amount of CPU used for the two node run ranged from 1% to
      4%, typically averaging about 2% while I watched it with "top."
      
      The main problem on the server side is how to keep boss (1GHZ with a Gbit
      ethernet) from spitting out packets so fast that 1/2 of them get dropped. I
      eventually settled on a static 1ms delay every 64K of packets sent. Nothing
      to be proud of, but it works.
      
      As mentioned above, the number of chunk buffers is 16, although only a few
      of them are used in practice. The reason is that the network transfer speed
      is perhaps 10 times faster than the decompression and raw device write
      speed. To know for sure, I would have to figure out the per byte transfer
      rate for 350 MBs via network, via the time to decompress and write the
      1.2GB of data to the raw disk. With such a big difference, its only
      necessary to ensure that you stay 1 or 2 chunks ahead, since you can
      request 10 chunks in the time it takes to write one of them.
      86efdd9e
  24. 04 Jan, 2002 1 commit
    • Robert Ricci's avatar
      New script: unixgroups . Pretty simple - just a convenient way to manage the · 469dacdb
      Robert Ricci authored
      unixgroup_membershit table from the command line. Runs the appropriate
      commands to make changes in the 'real world' after the database has been
      updated. From the usage message:
      
      Usage: unixgroups <-h | -p | < <-a | -r> uid gid...> >
      -h            This message
      -p            Print group information
      -a uid gid... Add a user to one (or more) groups
      -r uid gid... Remove a user from one (or more) groups
      469dacdb
  25. 03 Jan, 2002 1 commit
    • Robert Ricci's avatar
      Added our apache config file to CVS, in a continuing attempt to put everything · e0d19fbe
      Robert Ricci authored
      needed to build an emulab boss node in one convenient package.
      
      The config file gets run through autoconf to get the DocumentRoot, log, and
      other directories. There is an install target for it, but this is as yet
      unused by anything else. There is also a new configure option specifiying where
      the config file should go.
      e0d19fbe
  26. 26 Dec, 2001 1 commit
    • Leigh B. Stoller's avatar
      A bunch o' account managment script schanges. I have reworked · 46068860
      Leigh B. Stoller authored
      mkprojdir, mkacct-cntrl, mkgroup, and group-update into a set of new
      scripts that are more specific to their intended operation, and strive
      to do less work.
      
      1. mkacct - Replaces mkacct-cntrl. This script no longer does any
         group stuff. All it does is create new accounts, or update the
         password and gecos fields of existing accounts. Usage is the same
         as it was: "mkacct <userid>", and is typically invoked from the web
         interface via the approveuser form.
      
      2. mkgroup - Replaces group-update. This script creates new groups,
         either for the main project when it is approved, or for subgroup
         creation. This script does not alter the group membership. Usage
         is typically from the web interface, but mkgroup can be invoked
         from the command line: "mkgroup [-b | -a] <pid> <gid>" where -b
         puts it in the background and sends email later, while -a just
         captures the log and emails. This "audit" feature is going to find
         its way into more scripts as soon as I figure out a neat and clean
         perl mechanism to make it easy.
      
      3. setgroups - Replaces group-update. This script modifies the group
         membership of either specific users, or all the users in a
         project. It is typically invoked from the web interface when a
         project leader edits the subgroup membership or when a user is
         first approved to a project or subgroup. Command line usage is:
      
      	setgroups [-b | -a] -p <pid> [user ...]
              setgroups [-b | -a] [user ...]\n
      
         The first form is mostly a means to speed things up. The web
         interfaces knows exactly what users have need to be changed, but a
         global project update is nice too.
      
      4. mkproj - Replaces mkprojdir. Actually, mkproj still has all that
         directory code, but it also handles creating the groups and the
         account for the project leader. Part of my policy to move as much
         random code out of the web interface and into the PERL backend
         where it belongs.
      46068860
  27. 03 Dec, 2001 1 commit
    • Leigh B. Stoller's avatar
      Checkpoint the visualization stuff. Rework Chad's stuff to match · e72c90a8
      Leigh B. Stoller authored
      current testbed software practices. Add a wrapper script to go from
      a pid/eid to the top file in the experiment directory. This means we
      cannot visualize experiments that are not active, but until we have a
      topfile generator that is independent of assign_wrapper, there is
      nothing to do about that. A makefile to install new tools. Also add a
      couple of web pages. The first web page spits out a page with an img
      tag which refers to another php script that generates the gif file
      with the backend tools, and stuff is out with an appropriate content
      header line. Very nifty.
      e72c90a8
  28. 05 Nov, 2001 1 commit
    • Leigh B. Stoller's avatar
      Changes to node control (web page). Added a backend script to do this · f9cfddd4
      Leigh B. Stoller authored
      stuff so that the web page did not need to do anything except display
      and form processing. Add tbsetup/node_control for backend so that it
      can be called from the command line too. The virt_nodes table is also
      updated (for those values that have virt_nodes equivalents), and this
      mostly implies that changes can be applied only to swapped in
      experiments since we use the reserved table to map pcXXX to its vname
      so that the virt_nodes table can be updated. It is an easy extension
      to allow changes based on the pid/eid/vname, but I do not see a reason
      to support this ability yet. Note usage:
      
          Usage: node_control name=value [name=value ...] node [node ...]
                 node_control -e pid,eid name=value [name=value ...]
                 node_control -l
          For multiword values, use name='word0 ... wordN'
          Use -l to get a list of operational parameters you can change.
          Use -e to change parameters of all nodes in an experiment.
      
          {824} stoller$ /build/testbed/install//bin/node_control -l
            next_boot_osid            - (administrators only)
            startup_command
            bios_version              - (administrators only)
            rpms                      - (multiple options allowed)
            default_boot_cmdline
            default_boot_path
            default_boot_osid
            next_pxe_boot_path        - (administrators only)
            tarfiles                  - (multiple options allowed)
            pxe_boot_path             - (administrators only)
            next_boot_cmdline         - (administrators only)
            deltas                    - (multiple options allowed)
            next_boot_path            - (administrators only)
      f9cfddd4
  29. 30 Oct, 2001 1 commit
  30. 29 Oct, 2001 1 commit
    • Leigh B. Stoller's avatar
      A bunch of lastlogin changes! The user and experiment information · 4658545e
      Leigh B. Stoller authored
      pages now show the lastlogin info that is gathered from sshd syslog
      reporting to users. That info is parsed by security/genlastlog.c, and
      entered into the DB in the nodeuidlastlogin and uidnodelastlogin
      tables. If not obvious from the names, for each user we want the last time
      they logged in anyplace, and for each node we want the last time anyone
      logged into it. The latter is obviously more useful for scheduling
      purposes. All of the various images have new /etc/syslog.conf files,
      and the 6.2 got new sshd_configs (all cvsup'ed with kill -HUP). There
      is an entry in boss:/etc/crontab and users:/etc/syslog.conf. All of
      this is decribed in greater detail in security/genlastlog.c.
      4658545e
  31. 24 Oct, 2001 2 commits
    • Leigh B. Stoller's avatar
    • Leigh B. Stoller's avatar
      Add swappable and priority bits to experiment creation form. Not used, · 28c1968f
      Leigh B. Stoller authored
      but simply entered into the DB record for the experiment until we know
      what to do with them. Add to batchexp script arguments, since all that
      stuff is done outside the web interface. Add a swapexp perl script to
      swap an an experiment in/out form the command line. Add web links on
      the Experiment Information page to do this from the web interface. A
      bunch of locking changes. Previously expt_terminating in the
      experiment record prevented multiple calls to terminate an experiment,
      but now we have a more general locking problem with
      start,swapin,swapout, and terminate, so change expt_terminating to
      expt_locked (still a datetime field) and add locking to all of
      startexp, swapexp, and endexp. Note that batch experiments cannot be
      swapped yet because of locking issues still to be resolved. Minor
      cleanup in tbreport to make email message look better.
      28c1968f