* sslxmlrpc_server.py: A rather gross hack that needs more thought; pass the client IP address to the emulabserver class instantiation, which is passed along to the new elabinelab module ... * emulabserver.py: A new class called elabinelab which exports some methods that are to be used by an inner elab. At present, the IP address of the client is passed along and a bunch of checks are made that restrict the client to the inner emulab boss node, with the credentials of the creator of the inner emulab. In other words, the ssl certificate of the elabinelab creator is placed on the inner boss, and all proxy operations are invoked with this certificate (as the creator) and only from the inner boss node. The elabinelab class currently exports two methods; a power method to power cycle an inner node; the command is handed of the power command, which does the permission checks. Of course, the inner boss does its permission checks, but ultimately, the outer boss will allow the power cycle only if the client is allowed to power cycle the node. The other method exported is a vlans command to setup and destroy a set of vlans for an inner experiment. Permissions checks are modeled as above, with everything passed out to new snmpit.proxy script, which then invokes plain snmpit.
Showing with 213 additions and 4 deletions