1. 29 Aug, 2018 1 commit
  2. 30 Jul, 2018 3 commits
  3. 24 Feb, 2018 1 commit
  4. 13 Dec, 2017 1 commit
  5. 05 Sep, 2017 1 commit
  6. 09 Aug, 2017 1 commit
    • Leigh Stoller's avatar
      Various changes to MLE support, related to issue #317: · 57def35b
      Leigh Stoller authored
      1. We now allow lans to be implemented by a path. We did not allow this
         before, cause some of the sanity checking code was a pain to
         implement for lans. Well, no more sanity checking, the user is
         responsible for doing things correctly (after all, they are doing
         experiments with their own switches!).
      
      2. We now allow topologies with more then one switch to be wired
         together. The wires between switches are marked as "trunk" wires,
         which informs the configuration generation code in libosload_switch
         to create the trunks and do the little tagged/untagged magic that is
         required on procurve switches. The same information is used to mark
         the the logical wires between switches as trunks.
      
         Aside: this stuff needs some work; we have spanning tree on by
         default, which causes the trunks to not work correctly. When I turn
         that off, things start working. So need some help from others who now
         about spanning tree stuff.
      
      3. Serious kludging in the Interface and Port libraries related to
         choice of primary keys in the wires table. In order to insert a
         logical wire (or interface) that represents a connection setup by the
         apcon, we have to overload the primary key since the node_id1 side of
         the logical wires is the same as the physical wire to the apcon. We
         have to have overload the node_id2 side too, but that is really just
         a problem when wiring two switches together. Anyway, the kludge just
         maps card1 to a different id, and the Port library unmaps it. It will
         do for now, but really need logical wires to be done better then
         this.
      57def35b
  7. 26 Jul, 2017 1 commit
    • Mike Hibler's avatar
      Support for per-experiment root keypairs (Round 1). See issue #302. · c6150425
      Mike Hibler authored
      Provide automated setup of an ssh keypair enabling root to login without
      a password between nodes. The biggest challenge here is to get the private
      key onto nodes in such a way that a non-root user on those nodes cannot
      obtain it. Otherwise that user would be able to ssh as root to any node.
      This precludes simple distribution of the private key using tmcd/tmcc as
      any user can do a tmcc (tmcd authentication is based on the node, not the
      user).
      
      This version does a post-imaging "push" of the private key from boss using
      ssh. The key is pushed from tbswap after nodes are imaged but before the
      event system, and thus any user startup scripts, are started. We actually
      use "pssh" (really "pscp") to scale a bit better, so YOU MUST HAVE THE
      PSSH PACKAGE INSTALLED. So be sure to do a:
      
          pkg install -r Emulab pssh
      
      on your boss node. See the new utils/pushrootkeys.in script for more.
      
      The public key is distributed via the "tmcc localization" command which
      was already designed to handle adding multiple public keys to root's
      authorized_keys file on a node.
      
      This approach should be backward compatible with old images. I BUMPED THE
      VERSION NUMBER OF TMCD so that newer clients can also get back (via
      rc.localize) a list of keys and the names of the files they should be stashed
      in. This is used to allow us to pass along the SSL and SSH versions of the
      public key so that they can be placed in /root/.ssl/<node>.pub and
      /root/.ssh/id_rsa.pub respectively. Note that this step is not necessary for
      inter-node ssh to work.
      
      Also passed along is an indication of whether the returned key is encrypted.
      This might be used in Round 2 if we securely implant a shared secret on every
      node at imaging time and then use that to encrypt the ssh private key such
      that we can return it via rc.localize. But the client side script currently
      does not implement any decryption, so the client side would need to be changed
      again in this future.
      
      The per experiment root keypair mechanism has been exposed to the user via
      old school NS experiments right now by adding a node "rootkey" method. To
      export the private key to "nodeA" and the public key to "nodeB" do:
      
          $nodeA rootkey private 1
          $nodeB rootkey public 1
      
      This enables an asymmetric relationship such that "nodeA" can ssh into
      "nodeB" as root but not vice-versa. For a symmetric relationship you would do:
      
          $nodeA rootkey private 1
          $nodeB rootkey private 1
          $nodeA rootkey public 1
          $nodeB rootkey public 1
      
      These user specifications will be overridden by hardwired Emulab restrictions.
      The current restrictions are that we do *not* distribute a root pubkey to
      tainted nodes (as it opens a path to root on a node where no one should be
      root) or any keys to firewall nodes, virtnode hosts, delay nodes, subbosses,
      storagehosts, etc. which are not really part of the user topology.
      
      For more on how we got here and what might happen in Round 2, see:
      
          emulab/emulab-devel#302
      c6150425
  8. 31 May, 2017 1 commit
  9. 05 May, 2017 1 commit
  10. 06 Apr, 2017 1 commit
  11. 30 Mar, 2017 1 commit
  12. 10 Feb, 2017 2 commits
    • Mike Hibler's avatar
      It is Cleanup Friday! · f624f158
      Mike Hibler authored
      Get rid of ELVIN_COMPAT and CONFIG_OPSVM from elabinelab land.
      These options still exist throughout the install code, didn't touch that.
      f624f158
    • Mike Hibler's avatar
      A bunch of cleanups. · b313b8e5
      Mike Hibler authored
      Add a couple of variables at the top for the server/node hardware types
      and server OS image.
      
      Fix all the elabinelab_X(Y) references. Turns out that:
          elabinelab_fixnodes("boss")
      (with quotes) is not the same array element as:
          elabinelab_fixnodes(boss)
      (without quotes). And do to the way we coded things, only
      elabinelab_X("boss") (or "ops" or "fs") worked, elabinelab_X(boss) would
      not. But, only elabinelab_X(mypc1) would work and not elabinelab_X("mypc1")!
      Now you should be able to use the unquoted versions of boss/ops/fs/mypcN.
      Fun times with TCL.
      b313b8e5
  13. 11 Jan, 2017 1 commit
  14. 29 Dec, 2016 1 commit
    • Mike Hibler's avatar
      Modernize elabinelab and Emulab install support a bit. · f7e53243
      Mike Hibler authored
      Support FreeBSD 10.3. We will need to be moving to this before long
      as 10.2 EOLs in two days.
      
      Support setup of "Emulab-aware" ZFS use in install scripts. Note that
      the core support code was already done (WITHZFS, WITHAMD). Mostly this
      involves changes to setup either amd (WITHAMD==1) or autofs (WITHAMD==0)
      on the boss node and to NOT add mounts of /{users,groups,proj} to
      /etc/fstab. We still need to add a section to the install documentation
      about setting up a zpool for Emulab to use. There was also a fix to the
      firstuser script which did not do the account setup correctly.
      
      Support setup of ZFS in elabinelab. The elabinelab attributes CONFIG_ZFS
      and CONFIG_AUTOFS are used to convey intent here. Currently they can only
      be used in an "ops+fs" config (e.g., the standard boss and ops config,
      NOT the seperate fs node config). It should work with either the physical
      or virtual node setups:
      
      * For the physical node setup, we actually use local blockstores in the
        ops node config: a SYSVOL blockstore for /usr/testbed and a tiny 1Mib
        NONSYSVOL blockstore. The latter blockstore is not actually used, we
        just make it to force setup of a ZFS zpool which we then use for the
        inner elab.
      
      * For the virtual node setup, we just identify the virtual EXTRADISK
        intended for "/q" and create a zpool on that device.
      
      I would like to change all physical elabinelab setups to use blockstors
      rather than the current hacky mkextrafs usage. But that is a task for
      another day.
      
      Finally, a couple of random changes in elabinelab code: change the
      CentOS image downloaded to CENTOS7-64-STD, increased the default sizes
      of the EXTRADISKS used in the VM config.
      f7e53243
  15. 31 Oct, 2016 1 commit
  16. 27 Oct, 2016 1 commit
  17. 06 Oct, 2016 1 commit
  18. 29 Sep, 2016 1 commit
    • Mike Hibler's avatar
      Machinery for supporting multiple RO/RW clones of a dataset in one experiment. · 72fb6763
      Mike Hibler authored
      Mostly ptopgen/libvtop changes to get things through assign.
      
      Added a new virt_blockstore_attribute, 'prereserve' that can be applied to
      a RW clone to pre-allocate the full amount of space allocated to the volume
      being cloned. This is instead of the default "sparse" clone which could run
      out of space at an inopportune time if the containing pool runs out of space.
      But it doesn't work yet.
      
      Everything is there in the front end to do the necessary capacity checks and
      allocations of space, but then I discovered that ZFS doesn't readily support
      a non-sparse clone! You can do this, I think, by tweaking the "refreserved"
      attribute of the volume after it is created but that would have to be done
      behind the back of FreeNAS and I would have to do some more testing before I
      am willing to go here.
      
      So for now, all clones are sparse and no one is charged for their usage.
      72fb6763
  19. 20 Sep, 2016 1 commit
    • Mike Hibler's avatar
      Initial support for ephemeral RW clones of persistent blockstores. · f98ab0e5
      Mike Hibler authored
      Using "set-rwclone" ala:
      
          set $bsobj [$ns blockstore]
          $bsobj set-lease "emulab-ops/bar"
          $bsobj set-node $node
          $bsobj set-rwclone 1
          ...
      
      in your NS file will create a clone of the indicated persistent blockstore.
      
      Somewhat limited in utility since you can only have one clone of a
      particular blockstore per experiment.
      f98ab0e5
  20. 06 Sep, 2016 1 commit
  21. 10 Jun, 2016 1 commit
  22. 06 Jun, 2016 1 commit
  23. 06 May, 2016 1 commit
  24. 03 May, 2016 1 commit
  25. 28 Apr, 2016 1 commit
  26. 28 Mar, 2016 1 commit
  27. 14 Mar, 2016 1 commit
  28. 02 Sep, 2015 1 commit
  29. 01 Sep, 2015 1 commit
  30. 06 Apr, 2015 1 commit
  31. 05 Mar, 2015 2 commits
  32. 30 Jan, 2015 1 commit
  33. 26 Jan, 2015 1 commit
  34. 09 Jan, 2015 1 commit
  35. 05 Jan, 2015 1 commit
    • Kirk Webb's avatar
      Enforce permissions for dataset leases at mapping time. · bedcb609
      Kirk Webb authored
      * Swapper must have appropriate level of access (RO or RW).
      * If RO is requested, dataset must not be in use RW.
      * If RW is requested, dataset must not be in use at all.
      
      Also relaxed the checks in the parser; it was considering dynamic lease
      state, which isn't the right thing to do there.
      bedcb609
  36. 29 Dec, 2014 1 commit