GitLab

all users. Cloudlab added to the list, but not exposed except to
admins and studly users.

function has been moved into manage_instance and its associated library
(APT_Instance). Lots of cleanup of the code and more use of webtasks to
communicate with the web server.

certificate or an expired certificate, create a new one automatically.
We will reuse the private of an existing but expired certificate.

trust our certificate.

then just success/failure. For example, lets tell the user if the reason
for failure is lack of nodes.

the slice name, if the user uid does.

limit of 5 days. Pass that along in the list of credentials.

box, but as a collapsible. Warn user if they do not have a key (provided on
signup page) that they are restricted to browser shell. Whenever user
provides a key, replace in the database (if its changed). This keeps the
user out of the Emulab interface to edit their ssh keys. Might have to
revisit this if APT/Cloud users need/want more then the one key.

can tell which interface (APT or CloudLab) was used to create an instance.
Don't want to have to go back and parse email.

authenticate Geni users to CloudLab (who do not have Emulab accounts).
CloudLab users must have an account to do anything (unlike APT which allows
guest users). But instead of requiring them to go through the Emulab
account creation (high bar), let then use their Geni credentials to prove
who they are. We then build a local account for that new user, and save off
the speaksfor credential so that we can act on their behalf when talking to
the backend clusters (and their MA to get their ssh keys).

These users do not have a local account password, so they cannot log into
the web interface using the Emulab login page, nor do they have a shell on
ops.

Once authenticated, we put the appropriate cookies into the browser via
javascript, so they can use the Cloud (okay, APT) web interface (they
appear logged in).

I make use of the nonlocal_id field of the users table, which was not being
used for anything else. Officially, these are "nonlocal" users in the code
(IsNonLocal()).

When a nonlocal user instantiates a profile, we use their speaksfor
credential to ask their home MA for their ssh keys, which we then store in
the DB, and then provide to the aggregate via the CreateSliver call.
Note that no provision has been made for users who edit their profile and
add keys; I am not currently expecting these users to stumble into the web
interface (yet).

snapshot, since until we are running image versions on the AM
we use to instantiate, there is reason to create a new version of
a profile when we do a disk snapshot.

an alternate CA so that they can never authenticate to the Geni
federation if they manage to get a hold of their certifiate (which
they can't). Only when TBMAINSITE=1

Change to use the realpath function in the 'Cwd' module instead of
calling realpath via the shell.  The shell command varies in its
reaction to a missing final path component.  On some platforms (Linux,
FBSD10+) realpath reports an error if the final component doesn't exist
on the filesystem.  On others (FBSD < 10), it does not report an error.

The perl function from 'Cwd' emulates the same behavior as FBSD prior to
version 10, which is the behavior the scripts expect.

From here on out, instead of using `realpath`, do the following:

use Cwd qw(realpath);
..
..
my $realpath = realpath($somepath);

allows the user to create a new disk image in place, instead of having
to create a new profile (Clone).

which starts an image capture in the background on behalf of a user
using the APT web interface. The webtask holds the state of the image
capture as to told to us by the aggregate manager, and conferred to
the user via ajax calls which read the state of the webtask.

experiment.

the firewall section to see if myip needs to be replaced
in the exceptions.

Set initial expiration to 16 hours for real users. Leave at 3 hours
for guests.

Watch for REFUSED return code from Renew().

if a profile is public, make sure all the nodes are firewalled.

BUSY errors in Terminate(), and retry (for a while).

deal with resource busy errors properly.

if they do not provide a key.

* Add a .htaccess file that does the rewrites, instead of in the httpd
  confile file. Added Rob's stuff for rewriting urls to hide the .php
  although not sure this is working correctly yet.

* Add simple MyExperiments page so that logged in users can find their
  way back to running profiles.

* Move the DB table holding the running experiment records from the
  geni-sa DB into the main Emulab DB. Lots of little changes for that.

* Change logout to plain link instead of ajax call. That was a silly
  thing to do.

* Bug fixes to ssh keys and shell login from the status page.

without silly hack.