1. 12 Sep, 2016 1 commit
    • Mike Hibler's avatar
      Modify NOVIRTNFSMOUNTS to allow mounts on vnodes with routable IPs. · 470a81e5
      Mike Hibler authored
      This is different than the traditional behavior of this defs- variable.
      Previously it caused tmcd to not expose any NFS mounts to shared-host vnodes.
      We relax that now to allow exposing such mounts to vnodes with routable IP
      addresses.
      
      The rationale for this change is simply that the original option was only
      intended to prevent exporting mounts to hosts that could not reach the FS
      node anyway due to their unroutable cnet IPs.
      470a81e5
  2. 04 Sep, 2016 1 commit
  3. 29 Aug, 2016 1 commit
    • Leigh Stoller's avatar
      Fix for bug Kirk reported; we were returning two sets of accounts to · 9f49cc7e
      Leigh Stoller authored
      geni slice nodes when the project was a local project. In this case, we
      want to return the project accounts and ignore the ssh keys sent in the
      geni API call (a future change might involve a merge of accounts, but
      not unless someone actually needs it). And for a nonlocal project we of
      course still want to return the geni API ssh keys, but not return the
      project member accounts, since they are just stub accounts and don't
      actually have any ssh keys associated with them. They just cause
      confusion.
      9f49cc7e
  4. 10 Jun, 2016 2 commits
    • Mike Hibler's avatar
      Allow doloadinfo() to return more than the stock 2K of info. · fa686a25
      Mike Hibler authored
      At least for TCP based calls. We will need this for long-ish delta chains.
      I didn't think this warranted a version number bump even though it is
      possible that an old MFS that makes a UDP-based call will only wind up
      getting the first line (image). The reasoning here is that MFSes that old
      could only handle one line anyway in rc.frisbee!
      fa686a25
    • Leigh Stoller's avatar
      NFS mount changes, still a work in progress, bound to change: · e369c1a8
      Leigh Stoller authored
      * The Emulab portal now adds a toplevel element (Emulab namespace)
        directing the CM to use standard emulab mounts (read: /users).
        We clear that element from the other portals.
      
      * The CM looks for that tag, and allows it only if the caller is the local
        SA. The default for nfsmounts setting for geni experiment containers is
        "genidefault", but that is set to "emulabdefault" when allowed.
      
      * tmcd changes; no using nfsmounts slot instead of nonfsmounts. "none"
        means no mounts (duh), "emulabdefault" means standard mounts we all know
        and love, "genidefault" means no /users mounts.
      
        In addition, when we are doing emulabdefault mounts on a geni experiment
        node, we do not return accounts that are specified in the rspec, but
        rather we return the local project accounts only.
      e369c1a8
  5. 25 Apr, 2016 1 commit
  6. 19 Apr, 2016 1 commit
  7. 14 Apr, 2016 1 commit
  8. 07 Apr, 2016 2 commits
  9. 01 Apr, 2016 2 commits
  10. 28 Mar, 2016 1 commit
  11. 05 Feb, 2016 1 commit
  12. 31 Jan, 2016 1 commit
    • Mike Hibler's avatar
      Tweaks to TRIM reporting code. · f927aba6
      Mike Hibler authored
      Make the interval between TRIM operations a per nodetype (or per node)
      attribute instead of a global site variable. The sitevar will still be
      used to turn TRIM on or off globally.
      f927aba6
  13. 21 Jan, 2016 1 commit
  14. 23 Dec, 2015 1 commit
  15. 10 Nov, 2015 1 commit
  16. 07 Oct, 2015 2 commits
  17. 02 Sep, 2015 1 commit
  18. 01 Sep, 2015 2 commits
  19. 11 Jul, 2015 1 commit
  20. 25 Jun, 2015 1 commit
    • Leigh Stoller's avatar
      Add new options to CreateSliver/Provision; supply an x509 certificate and · 8be26639
      Leigh Stoller authored
      private key.
      
      The goal is to distribute an experiment wide certificate and private
      key. At the moment this is just a self signed x509 certificate and the
      accompanying rsa key. In PEM format. The same cert/key will be distributed
      across multiple aggregates.
      
      An openssh key pair can be trivially derived from the private key. Or the
      public part can be derived from the certificate. A quick google will show
      show.
      
      Initially, you will need to run tmcc directly to get them, using the
      geni_certificate and geni_key commands.
      8be26639
  21. 06 Apr, 2015 2 commits
  22. 31 Mar, 2015 1 commit
    • Mike Hibler's avatar
      Add sitevar to determine whether clients should use UDP or TCP for NFS. · f1ae820e
      Mike Hibler authored
      Yes, out of the blue and off the wall. But I got tired of trying to
      guess what we had Linux and FreeBSD use. I was surprised to discover
      that we were using UDP on Linux (which caused Clemson CloudLab to fail
      because they have jumbo frames enabled on their control net switches
      but ops had the MTU set to 1500).
      
      Anyway, here it is. The default setting is UDP for backward compat.
      We should probably set it to TCP nowadays. There is also an 'osdefault'
      setting which says use the default setting on the client OS.
      f1ae820e
  23. 06 Mar, 2015 1 commit
  24. 05 Mar, 2015 1 commit
  25. 03 Feb, 2015 1 commit
  26. 22 Jan, 2015 1 commit
  27. 08 Jan, 2015 1 commit
    • Kirk Webb's avatar
      Backend support for simultaneous read-only dataset access. · 9b6e1a59
      Kirk Webb authored
      Any number of users/experiments can mount a given dataset (given that
      they have permission) in read-only mode.  Attempts to mount RW will
      fail if the dataset is currently in use.  Attempts to mount RO while
      the dataset is in use RW are also prohibited.
      
      Under the hood, iSCSI lease exports (targets) are now managed per-lease
      instead of per-experiment.  The set of authorized initiators (based
      on network) is manipulated as consumers come and go.  When the last
      consumer goes, the export is torn down. Likewise, if there are no
      current consumers, a new consumer will cause an iSCSI export to be
      created for the lease.
      
      Also included in this commit is a small tweak to implicit lease permissions.
      9b6e1a59
  28. 21 Dec, 2014 1 commit
  29. 07 Dec, 2014 1 commit
    • Mike Hibler's avatar
      Generalize bootlog read-more-from-socket code. · c36f6eab
      Mike Hibler authored
      Long ago Leigh added code in the bootlog command to account for the fact that
      you might not get all the data associated with a TCP-based command in one
      read from the socket. This case also showed up with the hostkeys command
      with uploaded multiple pubkeys.
      
      So I moved the code up to handle_requests so that for all TCP-based
      commands, we read til we get EOF.
      c36f6eab
  30. 02 Dec, 2014 1 commit
  31. 01 Dec, 2014 1 commit
    • Mike Hibler's avatar
      Rudimentary TRIM support. · bdde40fe
      Mike Hibler authored
      We pass through a flag in the tmcd loadinfo call to tell whether to attempt
      to do a TRIM when loading the disk (or after loading the disk). If TRIM=1
      then we do so.
      
      Since it is not clear from what I have read whether repeated TRIMming is
      a detriment to SSD life, we throttle it as follows:
      
      1. We don't TRIM at all unless the sitevariable general/bootdisk_trim_interval
         is non zero. If it is set, we will wait at least that many seconds after
         the previous TRIM before we do it again.
      
      2. We keep track of the last trim via the node_attribute "bootdisk_lasttrim"
         which is a unix timestamp of the last time that tmcd responded to a
         loadinfo request in which it returned TRIM=1.
      
      2. We track, on a per-node basis, whether the boot disk should be TRIMmed
         or not. If the node or node-type attribute "bootdisk_trim" is non-zero,
         we will attempt a trim if the interval has passed since the last trim.
      
      So, we never trim if the sitevariable is 0 (the default value). If it is
      non-zero, we only trim the boot disk of those nodes that have the node or
      node_type attribute set and only after a sufficient interval has passed.
      
      This does not address non-boot disks, but currently frisbee won't mess
      with any other disk anyway. Eventually, we will have to have per-disk or
      per-disktype attributes if we want to do this better.
      bdde40fe
  32. 26 Nov, 2014 1 commit
    • Kirk Webb's avatar
      Fix account listing for vnodes on shared hosts. · 2b2c7bd3
      Kirk Webb authored
      In my cleanup of the "doaccounts" code, it looks like I was a bit
      overzealous. The logic for detecting when a node is a shared vnode
      host was incomplete, and so matched for the vnodes themselves too.
      2b2c7bd3
  33. 25 Nov, 2014 1 commit
  34. 19 Nov, 2014 1 commit
    • Kirk Webb's avatar
      Sprinkle taint checks throughout tmcd to avert privilege escalation. · d9c27fac
      Kirk Webb authored
      Also add utility function to allow the node to get the exact details of
      the image it is running ('imageinfo').
      
      Some of the taint checks are rather heavy-handed presently.  Pretty much
      any vector that could be used by the user to do something as root has
      been severed right at the top of the relevant tmcd calls.
      
      Calls affected:
      
      manifest ('blackbox' and 'useronly' taintstates)
      rpms ('blackbox' and 'useronly' taintstates)
      tarballs ('blackbox' and 'useronly' taintstates)
      blobs ('blackbox' and 'useronly' taintstates)
      startupcmd ('blackbox' taintstate)
      mounts ('blackbox' taintstate)
      programs ('blackbox' taintstate)
      
      Taint handling for the 'accounts' call was dealt with in a prior commit.
      d9c27fac