GitLab

Just in case the default route is via a VLAN device.

value beyond reasonable size.

Update some comments and rename GetAllowedLeases to AllowedLeases.

Minor consistency updates.

Two types of global permissions are supported:

* Anonymous read-only (to support users without local accounts).
* Read-only for users with local accounts.

Global permissions are added to leases by way of entries of type "global"
in the lease_permissions table.  The lease mod tool still needs to be
updated to make use of the updated library support here.

The new GetAllowedLeases() method in Lease.pm was reworked - it became
clear that this was needed as I did the global RO permissions stuff.

Also adjust some of the existing lease enumeration functions to take
a lease type selector argument.  Here is the comment above the
new GetAllowedLeases() method:

 Return a list of leases for which a user OR entire project has access.

 Permissions are determined as follows:
 * The owner of a lease always has full (RW) access
 * Users in a project with group_root or above trust always have full (RW)
   access to leases associated with that project.
 * Explicitly granted per-user and per-project permissions are extracted
   from the lease_permissions tables.

 Arguments:
 * upid - User OR Project object to lookup lease access for.
 * type - Optional lease type selector.  Restrict results to this type
          of lease.

 Returns: Array of lease objects the given principal (user or project) has
          access to.  To each of these lease objects, an "allow_modify"
          boolean is set, accessible via $leaseobj->allow_modify().

Project leases are now per-group, so we build a sub authority certificate
for a remote dataset so that on the remote side, it is created inside the
group named by the project on the local side.

Many bug fixes.

to.

I was attempting to read back any last words the program might have
uttered, but if it said nothing, we would hang. I would not have
expected this behavior from a pipe (actually, socketpair) when the
other end has gone away! But, make it non blocking before we read
to be safe.

I was expanding a global list in a loop for every node. So for each
node, I was finding all the delta images in the ever-growing list and
adding their dependencies (again!) making the list even larger. In an
experiment loading a two-level delta image on 8 nodes, the list included
40+ copies of the same three images to load by the time we got to the last
node. However, no node attempted to load all those images because tmcd
exceeded its reply buffer size on the "loadinfo" call and would not
return anything. Of course, by then we had computed a max wait time
based on image.max_wait * 45 so the experiment suffered a slow, lingering
death even though the nodes were not doing anything.

Beware, I do not know if I got the "access key" code right for remote
nodes. Not even sure if we use that path anymore. I attempted to fix it
in libosload, I did not even try in libosload_new.

Taints applied to a node are now extracted from the database and can be
used wherever taint checking needs to happen in tmcd.  I've applied them
to the "accounts" command.  tmcd will never set the "root" flag for
non-admin users on OSes tainted with "useronly".  It won't return any
regular user accounts on nodes with the "blackbox" taint (but will
pass along admin accounts).

* Do not "reset" taint states to match partitions after OS load.

Encumber node with any additional taint states found across the
OSes loaded on a node's partitions (union of states).  Change the
name of the associated Node object method to better represent the
functionality.

* Clear all taint states when a node exits "reloading"

When the reload_daemon is finished with a node and ready to release it,
it will now clear any/all taint states set on the node.  This is the
only automatic way to have a node's taint states cleared.  Users
cannot clear node taint states by os_load'ing away all tainted
partitions after this commit; nodes must travel through reloading
to get cleared.

In our usage info, let's not count nodes in hwdown and hwbroken as
"in use", as it make our node utilization overly high (well, at least for
pc600s and pc850s!)

Also, a couple more hacks to try to work around inconsistencies in the
node_history data. We really just need to fix up the history records!

This is not exposed to users, the main reason for this is so that the name
space for leases (datasets) is per-group instead of per-project. We need
this when creating datasets via the geni interface (backend to APT), since
all leases are created in the holding project. Without a subgroup, we would
run into name collisions on the backend. It also gives us finer access
permission control for the same reason.

Note that I yanked out the lease cache from Lease.pm (not worth the
trouble), and I expanded Lookup to allow for the usual variety of
possibilities that we allow in other Lookup methods.

When locating the root device, if a BSD disk partition fills the entire
DOS partition, then Linux will not create a separate /dev entry for it.
In that case, we use the DOS partition device.

Also, a couple of changes to resync with BSD slicefix.

We still use realpath to validate the path up front, but we pass the
original (DB) path on to the client-side. Passing the resolved path was
wrong anyway for clients that write images across NFS, because the path
the client uses could be different than that computed on the server
(e.g., /proj/foo vs. /.amd_mnt/ops/proj/foo) due to the way mounts are
done. Note that the server will again validate the client-provided path,
so if someone were to mess with a symlink in the path between when
create_image verifies it and when it gets used, there is still no danger.

This will probably eliminate the need for the AMD hack, but I'll leave
it just to be safe.