1. 13 Apr, 2002 1 commit
  2. 12 Apr, 2002 1 commit
    • Robert Ricci's avatar
      New program: pcapper · 7c154d1d
      Robert Ricci authored
      Runs on a node and uses libpcap to count packets going by. Opens a
      socket, so that remote programs can connect and, say, graph its
      output. The client gets to specify the interval at which it wants
      counts reported. Supports multiple interfaces, and multiple clients
      (with different intervals.) It can also write packet counts to a file,
      for analysis later.
      7c154d1d
  3. 11 Apr, 2002 5 commits
  4. 10 Apr, 2002 10 commits
    • Leigh Stoller's avatar
      Fun with Silly Sorting. Some people would call them "views" but I just · 900196b4
      Leigh Stoller authored
      call 'em tuits (okay, I have no idea what a tuit is).
      900196b4
    • Robert Ricci's avatar
      Add stated to boss startup · f0241d51
      Robert Ricci authored
      f0241d51
    • Robert Ricci's avatar
      First pass at operational mode support for node states. · 4db415f5
      Robert Ricci authored
      Operational mode (op_mode in the database) affects the state diagram
      and timeouts for a node. Modes planned so far are:
      NORMAL    - Normal operation
      DELAYING  - Acting as a delay node
      UNKNOWNOS - Running an OS that does not report its state (OSKit kernels, etc.)
      RELOADING - Disk reloading
      
      stated now responds to to TBNODEOPMODE events, and sets database state
      accordingly. The set of state timeouts and valid state transitions are
      affected by a node's operational mode.
      
      The nodes table now stores information about operational modes, and
      the state_transitions and state_timeouts tables include the operational
      mode in addition to states.
      
      Next step will be to get the appropriate programs to send TBNODEOPMODE
      events.
      4db415f5
    • Leigh Stoller's avatar
      log (more informative) error when authentication fails for mysterious · d5aa3129
      Leigh Stoller authored
      reasons, as happens when Dave's autostatus daemon connects and closes
      right away.
      d5aa3129
    • Leigh Stoller's avatar
    • Robert Ricci's avatar
      Fix typo: s/readpending/reloadpending/ · 4f9b11e8
      Robert Ricci authored
      4f9b11e8
    • Leigh Stoller's avatar
      A fair amount of cleanup, both of the ssl stuff and of tmcd in general. · 40d072cf
      Leigh Stoller authored
      Deal with ssl/nossl clients; at Chad's suggestion add a small handshake
      tag to ssl enabled tmcc/tmcd which tells tmcd that it needs to enter
      full SSL mode. This allows old tmcc to connect to an ssl enabled tmcd,
      and still work okay.
      
      I've also ironed out the verification stuff. At the client, we make sure
      that the CommonName field of the peer cert maps to the same address that
      we connected to (bossnode).
      
      At the server, we check the OU field of the cert (we create the client
      certs with the OU field set to the node type; a convention I made up!).
      It must match the type of the node, as we get it from the nodes table.
      Also check the CommonName to make sure it matches our hostname. This is
      by no means bulletproof, but perfection is costly, and we don't have the
      money!
      
      Also cleaned up the REDIRECT testmode stuff. Instead of ifdef'ed under
      TESTMODE, leave it compiled in all the time, but only allow it from the
      local node (where tmcd is running). Mere users will not be able to
      access it, but testbed people can use it since they have accounts on the
      boss node.
      40d072cf
    • Leigh Stoller's avatar
      Convert to prompt=no, with per cert config files. This avoids all · 658ee16b
      Leigh Stoller authored
      interaction with the user. The main point to note is that for the
      clients, there is a localnode.cnf and a ronnode.cnf. The difference is
      that I encode the type (pcron) in one of the extra fields so that tmcd
      can do a check on it. This is in lieu of per client certs, which would
      be a big pain in the butt right now. As we add other remote groups, we
      will create new config files. I bet this will change over time, as
      we learn more.
      
      Chad, it would be nice the tiptunnel cert could be generated from this
      setup.
      658ee16b
    • Leigh Stoller's avatar
      c85e32d6
    • Leigh Stoller's avatar
      Add green/red ball gif to node listing, reflecting whether the node is · 8448ae31
      Leigh Stoller authored
      up or not (what the up/down page does, but its more useful on this
      page.
      8448ae31
  5. 09 Apr, 2002 4 commits
  6. 08 Apr, 2002 2 commits
    • Leigh Stoller's avatar
      Hmm, guess I did not commit this change along with the documentation: · 75377b0d
      Leigh Stoller authored
      Add "$ns rtproto Session" and change tge FAQ and tutorial as needed.
      75377b0d
    • Leigh Stoller's avatar
      Add generation of per-project email lists, as per Dave's request. The · 8cac9c47
      Leigh Stoller authored
      lists are stored on users:/etc/mail/lists. For example, you can send
      email to ron-users@users.emulab.net. An alias entry is added (and
      newaliases run) if there is no alias in /etc/mail/aliases (by the proxy
      of course). There are two new options to genelists (on boss):
      
      	"Use the -a option to generate lists for all projects.\n".
      	"Use the -n option to generate lists for a new user.\n";
      
      With no options, generate the all users and active users lists
      (renamed to emulab-users and emulab-active-users). With the -n option
      (used by mkacct) regen the lists for all the projects the user is a
      member of.
      
      It would be nice to archive the email, but that requires a publically
      readable directory and a u+S archive file; the mailer daemon runs as
      user daemon, and the project tree is 770, so it cannot write the
      archive file. At some point we will have to go to majordomo or spam
      filtering, when the first list is spamm'ed. Sigh.
      8cac9c47
  7. 05 Apr, 2002 8 commits
  8. 04 Apr, 2002 4 commits
    • Leigh Stoller's avatar
      First round of ssl'ification of tmcd/tmcc. This needs to be looked at · ffe40d2e
      Leigh Stoller authored
      by smarter brains by me (I have asked Dave to look it over). Anyway ...
      
      I added a top level ssl directory which has a bunch of goo for
      creating certificates and keys.  I currently create a Certificate
      Authority, a server certificate, and a client certificate. The private
      keys for all three are unencrypted, so no password is required. All
      key/cert combos can be installed on boss. The client side needs the
      key/cert pair (in one file), and the CA cert (no key!). There are
      install targets to do this. NOTE, you do not want to create/install
      these without being careful, since you could instantly invalidate all
      the clients!
      
      I have added the necessary SSL routines to tmcd/tmcc. See the ssl.c
      and ssl.h file. I have set it up so that with all you need to do is
      uncomment three lines in the makefile, and accept,connect,read,write,
      and close are redirected to SSL'ified versions in ssl.c. The current
      security model is that the client and server both "demand" certificate
      verification from the other side (as opposed to just server side
      verification). tmcd reads in server.pem, while tmcc reads in
      client.pem. Both read in the emulab.pem (CA cert with no private
      key).
      
      Initial testing indicates I have done this at least partially
      correctly. Whoever invented this stuff has a really twisted mind
      though. There are some questions at the top of ssl.c that need to be
      answered.
      
      Oh, also redid all the syslog stuff throughout tmcd.
      ffe40d2e
    • Robert Ricci's avatar
      Added /var to the list of filesystems that need to be exported to · 9440d3dd
      Robert Ricci authored
      the other control node.
      9440d3dd
    • Mac Newbold's avatar
    • Shashi Guruprasad's avatar
      08e87b81
  9. 03 Apr, 2002 5 commits