1. 08 Aug, 2018 1 commit
  2. 30 Aug, 2017 2 commits
  3. 21 Aug, 2017 1 commit
  4. 18 Aug, 2017 1 commit
  5. 09 Jun, 2017 1 commit
  6. 30 May, 2017 1 commit
    • Mike Hibler's avatar
      Sort out ZFS refquota/quota settings, part 2. · 2202163e
      Mike Hibler authored
      Add setzfsquotas script to handle fixup of existing quotas, add update
      script to do a one-time invocation of this script at boss-install time,
      and fix accountsetup so it will properly set both quotas going forward.
      2202163e
  7. 04 May, 2017 1 commit
  8. 19 Jun, 2015 1 commit
  9. 16 Jan, 2015 1 commit
  10. 05 Nov, 2014 1 commit
  11. 15 Oct, 2014 1 commit
  12. 07 Oct, 2014 2 commits
  13. 08 Jul, 2014 1 commit
  14. 22 May, 2014 1 commit
  15. 10 Feb, 2014 1 commit
  16. 04 Dec, 2013 1 commit
  17. 02 Dec, 2013 1 commit
  18. 04 Nov, 2013 1 commit
    • Kirk Webb's avatar
      Commit portfix version of snmpit and the Port module. · 264500e2
      Kirk Webb authored
      This commit pushes the changes located in the temporary snmpit_portfix
      subdirectory into the mainline snmpit_test directory, and updates
      db/Ports.pm with the 'portfix' changes.  These changes ensure better
      consistency with port lookup/resolution.  In particular, interswitch
      trunk lookup will return the switch-local side of the link.
      
      This commit also adds an installer script to cleanup the temporary files
      introduced for burning in the snmpit_portfix changes.
      264500e2
  19. 23 Jul, 2013 1 commit
  20. 22 Jul, 2013 1 commit
  21. 24 Jun, 2013 1 commit
  22. 22 Feb, 2013 1 commit
    • Mike Hibler's avatar
      More minor speed ups for stated. · 461a1fce
      Mike Hibler authored
      Log would be mail messages in stated-mail.log rather than actually emailing them.
      Fewer regular log messages.
      Avoid scanning a list unnecessarily if not in debug mode.
      Use mysql to pick out certain osfeatures.
      Bug fix: typo would let stated block when sent a SIGUSR1.
      461a1fce
  23. 17 Jan, 2013 1 commit
  24. 03 Dec, 2012 1 commit
    • Leigh Stoller's avatar
      Add sitecheckin client and server, which will tell Utah (Mother Ship) · 6591e9fd
      Leigh Stoller authored
      about Emulab sites. Nothing private, just the equivalent of calling
      testbed-version so that we know what sites exist and what software
      they are running.
      
      This is opt-out; sites that do not want to tell Utah about themselves
      can set NOSITECHECKIN in their defs file.
      
      In Utah, there is a new option in the Administration drop down menu to
      print out the list from the DB.
      6591e9fd
  25. 08 Nov, 2012 1 commit
  26. 17 Oct, 2012 1 commit
  27. 17 Jul, 2012 1 commit
    • Leigh Stoller's avatar
      Add tracking of control net mac addresses in the node_history. · bb66f52e
      Leigh Stoller authored
      For InstaGeni, need to record and be able to search for history by
      control net mac address. We now record this in the node_history table,
      with corresponding change to the ShowNodeHistory web page.
      
      The backend changes required are that we 1) actually generate a mac
      address for VMs and stick it into the interfaces record, 2) return
      that mac from tmcd in the jailconfig, and 3) have the openvz library
      create the control net interface using that mac.
      
      On the openvz image, needed to switch to using a control network
      bridge for all interfaces (not just routable ones) so that traffic
      leaves the node with the correct mac.
      bb66f52e
  28. 11 Jul, 2012 1 commit
    • Leigh Stoller's avatar
      Cleanup in the web interface to prevent XSS attacks. · 6cf701f9
      Leigh Stoller authored
      We had a couple of different problems actually.
      
      * We allow users to insert html into many DB fields (say, a project or
        experiment description).
      
      * We did not sanitize that output when displaying back.
      
      * We did not sanitize initial page arguments that were reflected in the
        output (say, in a form).
      
      Since no one has the time to analyze every line of code, I took a couple of
      shortcuts. The first is that I changed the regex table to not allow any <>
      chars to go from the user into the DB. Brutal, but in fact there are only a
      couple of places where a user legitimately needs them. For example, a
      startup command that includes redirection. I handle those as special
      cases. As more come up, we can fix them.
      
      I did a quick pass through all of the forms, and made sure that we run
      htmlspecialchars on everything including initial form args. This was not
      too bad cause of the way all of the forms are structured, with a
      "formfields" array.
      
      I also removed a bunch of obsolete code and added an update script to
      actually remove them from the www directory.
      
      Lastly, I purged some XMLRPC code I did a long time ago in the Begin
      Experiment path. Less complexity, easier to grok and fix.
      
      	modified:   sql/database-fill.sql
      	modified:   sql/dbfill-update.sql
      6cf701f9
  29. 28 Jun, 2012 3 commits
  30. 06 Jun, 2012 1 commit
  31. 04 Jun, 2012 1 commit
  32. 11 Apr, 2012 1 commit
  33. 10 Apr, 2012 1 commit
  34. 15 Mar, 2012 1 commit
    • Leigh Stoller's avatar
      Add a new localize_mfs script (based on stuff that was in the mfs · e894ec36
      Leigh Stoller authored
      install script, but I pulled out to create an independent script).
      This works on both freebsd and linux based MFSs. The intent is to do
      all of the localization automcatically for site admins, so that they
      can import new MFSs more easily. This is also used from the new
      install code to bring in the initial MFSs and localize them.
      
      Here is what we localize:
      
      * The timezone is copied from boss:/etc/localtime to mfs:/etc. Ryan
        says the upcoming version of the linux MFS will actually use
        localtime. 
      
      * Copy boss:/usr/testbed/etc/{emulab.pem,client.pem} to mfs:/etc/emulab. 
        The former is for TPM, the later for the ssl version of tmcc.
      
      * Copy out boss root ssh keys (pub) to mfs:/root/.ssh/authorized_keys.
        In an ElabInElab we take care to combine with outer boss keys.
      
      * Copy out the image ssh host keys. These are the keys that we put on
        every image to avoid the ssh host key change sillyness. See notes
        below on how these keys are initialized on an existing emulab. The
        keys are copied from boss:/usr/testbed/etc/image_hostkeys to
        mfs:/etc/ssh directory.
        
      * Initialize the root and toor passwords from a new sitevar named
        images/root_password (which is the encryption hash, not plain
        text). See notes below on how this sitevar is initialized on an
        existing emulab.
      
      About initializing the host keys and the root password hash ... I
      added a new update script (27) that will go out to the current frisbee
      MFS and mount it, grab the current keys and password hash, and put
      them into place on boss. At the moment I only look for a FreeBSD
      frisbee MFS, since not too many people are running the linux mfs, and
      this was hard enough as it is!
      
      For a new installation, a new install phase script will build the them
      and install into /usr/testbed/etc/image_hostkeys. I have not dealt
      with the password yet.
      e894ec36
  35. 29 Feb, 2012 1 commit
    • Leigh Stoller's avatar
      Improve cross referencing between geni-cm and emulab datbases. · f1a659b8
      Leigh Stoller authored
      Add a datetime form to the shownodehistory we page so that a testbed
      admin can plug in a specific date, and find out what that node was
      doing at the time. Changes in the backend (node_history script) to
      support this. Note that the table is hard to seach for such a case,
      and so need to let node_history do its thing and then port process the
      records list. Unfortunately, the timestamps are unsigned ints, but
      perl does not handle those properly, so had to pull in Math::BigInt to
      deal with it.
      
      On the output page, include a link to the genihistory page if a node
      was part of a slice.
      
      On the genihistory page, add a new argument, slice_uuid, to look for
      the records for a specific slice.
      f1a659b8
  36. 17 Feb, 2012 1 commit
    • Leigh Stoller's avatar
      Reorganize the protogeni installation code. · 99c1507e
      Leigh Stoller authored
      * Split all of the certificate stuff out of initsite into initcerts so
        that it can be run independently, and when updating the IP/domain of
        a site.
      
      * Redo initsite in terms of libinstall. Fully automated now, no user
        intervention needed.
      
      * Regarding above statement, the new site no longer has to email the
        new CA certificate to us; a new web page is exported from the
        clearing house website that allows a new CA to be "provisionally"
        accepted; the new CA will be allowed to register their new protogeni
        certificates, but otherwise will have no access to anything else
        until someone at the ClearingHouse moves them from the unapproved to
        the approved column. 
      
      * New script called "cacontrol" that should be used from now on to
        manage the CA certificates. Also called from the web interface to
        provisionally install a new CA certificate into an "unapproved"
        bundle that is not distributed to other protogeni sites. Otherwise,
        cacontrol should be used as follows:
      
      	boss$ perl cacontrol -h
      	Usage: cacontrol [-a] [-n] [-d] <certfile>
      	       cacontrol [-n] [-d] -c <commonname>
      	       cacontrol [-n] [-d] -r <commonname>
      	Options
      	  -n     - Impotent mode; do not do anything for real
      	  -d     - Turn on debugging.
      	  -a     - Add certificate to approved list instead.
      	  -c     - Move certificate (commonname) to approved list.
      	  -r     - Remove certificate with given commonname.
      
        In the first form, add a new CA certificate to the unapproved list
        (this is the entrypoint used by the web page mentioned above). If
        you add the -a option, it goes right into the approved bundle
        (approved means it goes into the xmlsec directory and is exported to
        other sites).
      
        The second form is used to move a CA from the unapproved column to
        the approved colum.
      
        The third form is used to delete a CA certificate.
      
        NO MORE HAND EDITING OF THE FILES!
      99c1507e