1. 04 Sep, 2012 1 commit
  2. 27 Aug, 2012 1 commit
  3. 24 Aug, 2012 1 commit
  4. 20 Aug, 2012 1 commit
  5. 16 Aug, 2012 1 commit
  6. 03 Aug, 2012 1 commit
  7. 01 Aug, 2012 1 commit
    • Leigh B Stoller's avatar
      This commit adds some simple support for using the Infiniband on the · 997b21b5
      Leigh B Stoller authored
      Probe Cluster. The problem is that the IFB is a shared network that
      every node attaches to, which can looks like an ethernet device that
      can ifconfig'ed. In other words, one big lan.
      
      But we still want the user to be able to create a lan so that they can
      interact with it in thei NS file like any other network.
      
      The NS syntax is:
      
      	set lan2 [$ns make-lan "node1 node2 node3" * 0ms]
      	tb-set-switch-fabric $lan2 "infiniband"
      
      The switch fabric tells the backend to do IP assignment for the
      specific global network. Yes, I tried to be a little but general
      purpose. Lets see how this actually turns out.
      
      This first commit treats the fabric as a single big lan on the same
      subnet.
      
      NOTE 1: Since the unroutable IP space is kinda small, but the Probe
      Cluster is really big, we can easily run out of bits if we tried to do
      assignment on virtual topos. Instead, fabrics get their IP allocation
      at swapin time, and the allocations are deleted when the experiment is
      swapped out. The rationale is that the number of swapped in
      experiments is much much smaller then the number of possible topos
      that can be loaded into the DB. Still might run out, but less likely.
      
      The primary impact of above is that IP assignments can change from
      one swap to another, but this is easy to deal with if the user is
      scripting their experiment; the IP allocation is available via the
      XMLRPC interface.
      
      NOTE 2: The current code allocates from a single big network, which
      makes it easy for users to mess each other up if they start doing
      things by hand. Ultimately, we want each lan in each experinent to use
      their own subnet, but that is going to take more work, so lets do it
      in the second phase.
      
      The definition of "network fabrics" is in the new network_fabrics
      tables. As an example for probe:
      
      	INSERT INTO `network_fabrics` set
      		idx=NULL,
      		name='ifband',
      		created=now(),
      		ipalloc=1, ipalloc_onenet=1,
      		ipalloc_subnet='192.168.0.0',ipalloc_netmask='255.255.0.0'
      997b21b5
  8. 25 Jul, 2012 1 commit
  9. 24 Jul, 2012 1 commit
    • Mike Hibler's avatar
      Add a 'disabled' field to the subbosses table. · e08bfeec
      Mike Hibler authored
      This allows us to more easily disable a subboss in the event of a temporary
      subboss outage (e.g., hardware failure). Previously we would have to remove
      the related rows from the DB and restore them later.
      e08bfeec
  10. 17 Jul, 2012 4 commits
  11. 14 Jul, 2012 1 commit
  12. 11 Jul, 2012 1 commit
    • Leigh B Stoller's avatar
      Cleanup in the web interface to prevent XSS attacks. · 6cf701f9
      Leigh B Stoller authored
      We had a couple of different problems actually.
      
      * We allow users to insert html into many DB fields (say, a project or
        experiment description).
      
      * We did not sanitize that output when displaying back.
      
      * We did not sanitize initial page arguments that were reflected in the
        output (say, in a form).
      
      Since no one has the time to analyze every line of code, I took a couple of
      shortcuts. The first is that I changed the regex table to not allow any <>
      chars to go from the user into the DB. Brutal, but in fact there are only a
      couple of places where a user legitimately needs them. For example, a
      startup command that includes redirection. I handle those as special
      cases. As more come up, we can fix them.
      
      I did a quick pass through all of the forms, and made sure that we run
      htmlspecialchars on everything including initial form args. This was not
      too bad cause of the way all of the forms are structured, with a
      "formfields" array.
      
      I also removed a bunch of obsolete code and added an update script to
      actually remove them from the www directory.
      
      Lastly, I purged some XMLRPC code I did a long time ago in the Begin
      Experiment path. Less complexity, easier to grok and fix.
      
      	modified:   sql/database-fill.sql
      	modified:   sql/dbfill-update.sql
      6cf701f9
  13. 02 Jul, 2012 2 commits
  14. 18 Jun, 2012 1 commit
  15. 07 Jun, 2012 1 commit
    • Leigh B Stoller's avatar
      New script, clone_image to simplify create/snapshot from a node. · b01c991d
      Leigh B Stoller authored
      clone_image is a wrapper around newimageid_ez and create_image, that
      simplifies the most common operation; creating a new imageid derived
      from the image/os that is currently running in the node, and then
      taking a snapshot of the node. So for example, if node pcXXX is
      running image FREEBSD, and you want to create a custom image from that
      node, all you need to do:
      
      	boss> clone_image myfreebsd pcXXX
      
      which will create the new descriptor, deriving everything from the
      FREEBSD image on the node, and then take a snapshot from pcXXX. If
      the descriptor already exists, just take the snapshot.
      
      So what if you do:
      
      	boss> clone_image FREEBSD pcXXX
      
      well, the image is always looked up in the project the node is
      currently attached to, so in fact a new descriptor is created in that
      project, and you do not actually overwrite an image from some other
      project. 
      
      I've added some locking to images to prevent concurrent snapshots.
      This seemed like a good idea since this script is going to be used
      from the ProtoGeni interface. More on this in another commit.
      b01c991d
  16. 24 May, 2012 2 commits
  17. 18 May, 2012 1 commit
  18. 16 May, 2012 3 commits
  19. 15 May, 2012 1 commit
    • Mike Hibler's avatar
      Fix a capserver vulnerability reported by John Hickey. · 2d9daab0
      Mike Hibler authored
      Validate those SQL args!
      
      NOTE: we also ensure that the reporting node is listed as a legit tip server
      in the tipservers table. This means that capture may stop working on nodes
      whose servers are not in the table! SQL update 291 will add any servers
      listed in tiplines entries that are not in tipservers to prevent this breakage.
      2d9daab0
  20. 14 May, 2012 2 commits
  21. 11 May, 2012 3 commits
  22. 10 May, 2012 2 commits
  23. 24 Apr, 2012 1 commit
  24. 21 Apr, 2012 2 commits
  25. 17 Apr, 2012 1 commit
  26. 11 Apr, 2012 1 commit
    • Leigh B Stoller's avatar
      So this commit allows a vlan to be "shared" bewteen experiments. By · dae29101
      Leigh B Stoller authored
      shared, I mean that an experiment can request that a port be put into
      a vlan belonging to another experiment. This started out as a hack to
      support openflow enabled vlans in Geni, but then I got a request to
      make it a little more general purpose. You all know how that goes.
      
      Okay, say you have an experiment E1 in some project and that
      experiment has a link or lan call "lan0". You want other experiments
      to be able to stick ports in that vlan. On boss, you would do this
      after E1 is swapped in:
      
      boss> wap sharevlan -o testbed,E1 lan0 mysharedlan
      
      The -o option says to make the vlan open to anyone; without that
      option, only admins can swap in an experiment that requests a port in
      lan0.  The token "mysharedlan" is just a level of indirection for the
      NS file (or rspec).
      
      Next you create a new experiment E2, and in your NS file:
      
      	$ns make-portinvlan $n1 "mysharedlan"
      
      which says to create a lan with a interface on node n1, in the vlan
      named by the token mysharedlan. The token keeps specific pid/eids out
      of the NS file. 
      
      When E2 is swapped in, assign does its thing, and the selected port is
      added to the members list for lan0 in testbed,E1 and then we call
      snmpit with the syncvlansfromtables (-X) option to get the port added.
      
      When E2 is swapped out, we undo the members list and call snmpit with
      the -X option again.
      
      The access issue is a bit of hack of course (open or admins) but I did
      not want to invent a new permission mechanism (yet).
      
      And of course, this is still a work in progress.
      dae29101
  27. 04 Apr, 2012 2 commits