1. 07 Dec, 2010 1 commit
  2. 09 Nov, 2010 1 commit
  3. 25 Oct, 2010 1 commit
  4. 20 Oct, 2010 1 commit
  5. 13 Oct, 2010 1 commit
  6. 12 Oct, 2010 1 commit
  7. 28 Sep, 2010 1 commit
    • Tom Mitchell's avatar
      Restore regex mods that were lost. · c589fe52
      Tom Mitchell authored
      In the change to protogeni-wrapper the URN regexes for the AM API were
      lost. The existing regexes would pick the wrong URN out of PlanetLab
      certificates, getting the second urn which is a UUID (urn:uuid:)
      instead of the first (urn:publicid:IDN:). The regexes have been
      modified to look for "urn:publicid:" instead of just "urn:".
      c589fe52
  8. 23 Sep, 2010 1 commit
  9. 02 Sep, 2010 1 commit
    • Tom Mitchell's avatar
      Resurrect disabling of UUID checks for AM. · 44a0833c
      Tom Mitchell authored
      The protogeni-wrapper change inadvertently lost the disabling of UUID
      checks in the AM. The AM module is now recognized and certs without
      UUIDs are allowed to pass through rather than generating an error.
      
      This change required that the path parsing be moved earlier. The path
      parse itself remains exactly the same, it just happens earlier on when
      processing a request.
      44a0833c
  10. 05 Aug, 2010 1 commit
  11. 04 Aug, 2010 1 commit
  12. 02 Aug, 2010 1 commit
  13. 30 Jul, 2010 1 commit
    • Leigh B Stoller's avatar
      Merge the 5 different protogeni xmlrpc scripts into a single wrapper · 57f53f06
      Leigh B Stoller authored
      that loads one of five different modules, based on the PATH_INFO.  The
      modules do nothing but pull in the proper library; all of the xmlrpc
      and authorization code is in one place now (the wrapper), instead of
      being duplicated. Much cleaner, much safer.
      
      An update to httpd.conf is required, and done with update script 7.
      57f53f06
  14. 15 Jul, 2010 1 commit
  15. 26 Apr, 2010 1 commit
  16. 21 Apr, 2010 1 commit
    • Leigh B Stoller's avatar
      Companion change to httpd.conf change; ssl client verification is now · 56a47ccc
      Leigh B Stoller authored
      "optional" in the server, so we have to check more carefully in the
      script that the client supplied a proper certificate.
      
      Also, the server is now exporting the entire client certificate so
      that we can pull out the URN from it. UUIDs are slowly being phased
      out. This change requires some new ports installed on boss:
      
       "p5-Crypt-OpenSSL-X509" => "/usr/ports/security/p5-Crypt-OpenSSL-X509",
       "p5-Crypt-X509"         => "/usr/ports/security/p5-Crypt-X509"
      56a47ccc
  17. 08 Apr, 2010 1 commit
  18. 01 Apr, 2010 2 commits
  19. 31 Mar, 2010 1 commit
  20. 30 Mar, 2010 1 commit
    • Tom Mitchell's avatar
      Initial GENI AM API implementation. · ea28f5ed
      Tom Mitchell authored
      Added GENI_AM_SUPPORT to configure. protogeni-cm.pl honors
      GENI_AM_SUPPORT by invoking GeniAM.pm functions instead of GeniCM.pm
      functions. Only GetVersion is implemented.
      ea28f5ed
  21. 03 Mar, 2010 1 commit
  22. 23 Feb, 2010 1 commit
  23. 11 Jan, 2010 1 commit
    • Leigh B. Stoller's avatar
      Redo the CM versioning approach; not sure what I was thinking when I · b95edc28
      Leigh B. Stoller authored
      did this originally, totally stupid. Anyway, the version number is now
      a path argument to the script. No path info means version 1.0. In
      other words, a URL like:
      
      	/protogeni/xmlrpc/cm
      	/protogeni/xmlrpc/cm/1.0
      
      means to use version 1 of the API, while:
      
      	/protogeni/xmlrpc/cm/2.0
      
      gets you version 2 of the API.
      b95edc28
  24. 06 Jan, 2010 1 commit
    • Leigh B. Stoller's avatar
      Slice expiration changes. The crux of these changes: · 5c63cf86
      Leigh B. Stoller authored
      1. You cannot unregister a slice at the SA before it has expired. This
         will be annoying at times, but the alphanumeric namespace for slice
         ames is probably big enough for us.
      
      2. To renew a slice, the easiest approach is to call the Renew method
         at the SA, get a new credential for the slice, and then pass that
         to renew on the CMs where you have slivers.
      
      The changes address the problem of slice expiration.  Before this
      change, when registering a slice at the Slice Authority, there was no
      way to give it an expiration time. The SA just assigns a default
      (currently one hour). Then when asking for a ticket at a CM, you can
      specify a "valid_until" field in the rspec, which becomes the sliver
      expiration time at that CM. You can later (before it expires) "renew"
      the sliver, extending the time. Both the sliver and the slice will
      expire from the CM at that time.
      
      Further complicating things is that credentials also have an
      expiration time in them so that credentials are not valid forever. A
      slice credential picks up the expiration time that the SA assigned to
      the slice (mentioned in the first paragraph).
      
      A problem is that this arrangement allows you to extend the expiration
      of a sliver past the expiration of the slice that is recorded at the
      SA. This makes it impossible to expire slice records at the SA since
      if we did, and there were outstanding slivers, you could get into a
      situation where you would have no ability to access those slivers. (an
      admin person can always kill off the sliver).
      
      Remember, the SA cannot know for sure if there are any slivers out
      there, especially if they can exist past the expiration of the slice.
      
      The solution:
      
      * Provide a Renew call at the SA to update the slice expiration time.
        Also allow for an expiration time in the Register() call.
      
        The SA will need to abide by these three rules:
        1. Never issue slice credentials which expire later than the
           corresponding slice
        2. Never allow the slice expiration time to be moved earlier
        3. Never deregister slices before they expire [*].
      
      * Change the CM to not set the expiration of a sliver past the
        expiration of the slice credential; the credential expiration is an
        upper bound on the valid_until field of the rspec. Instead, one must
        first extend the slice at the SA, get a new slice credential, and
        use that to extend the sliver at the CM.
      
      * For consistency with the SA, the CM API will changed so that
        RenewSliver() becomes RenewSlice(), and it will require the
        slice credential.
      5c63cf86
  25. 02 Dec, 2009 1 commit
  26. 26 Oct, 2009 1 commit
  27. 22 Oct, 2009 4 commits
  28. 24 Sep, 2009 1 commit
  29. 28 Jul, 2009 1 commit
  30. 13 Jul, 2009 1 commit
  31. 09 Jul, 2009 1 commit
  32. 05 Jun, 2009 1 commit
  33. 25 Mar, 2009 1 commit
  34. 04 Mar, 2009 1 commit
    • Leigh B. Stoller's avatar
      Change EMULAB-COPYRIGHT to GENIPUBLIC-COPYRIGHT, for future expansions · bb878eff
      Leigh B. Stoller authored
      to the Geni Public License at http://www.geni.net/docs/GENIPubLic.pdf,
      whose expansion at this time is:
      
      -----
      Permission is hereby granted, free of charge, to any person obtaining
      a copy of this software and/or hardware specification (the "Work") to
      deal in the Work without restriction, including without limitation the
      rights to use, copy, modify, merge, publish, distribute, sublicense,
      and/or sell copies of the Work, and to permit persons to whom the Work
      is furnished to do so, subject to the following conditions:
      
      The above copyright notice and this permission notice shall be
      included in all copies or substantial portions of the Work.
      
      THE WORK IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
      OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
      MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
      NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
      HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
      WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
      OUT OF OR IN CONNECTION WITH THE WORK OR THE USE OR OTHER DEALINGS
      IN THE WORK.
      bb878eff
  35. 29 Jan, 2009 1 commit
    • Leigh B. Stoller's avatar
      Add two calls to CM interface; SliverStatus() and SliceStatus() which · 85ea76eb
      Leigh B. Stoller authored
      allow you to find out the status of your sliver. As you can guess, one
      takes a sliver credential and the other takes the slice credential.
      See the test scripts test/slicestatus.py and test/slicestatus.py. Both
      calls return the same thing. In pythonese:
      
      {'status': 'notready',
       'details': {'de9803c2-773e-102b-8eb4-001143e453fe': 'notready'}
      }
      
      The 'status' is a summary of the entire aggregate; if all nodes are
      ISUP then the status is 'ready'
      
      The details is an array of the status of each sliver, indexed by the
      sliver uuid.
      
      Probably need to define a better set of status indicators, but this is
      the one that was bothering me the most.
      85ea76eb
  36. 28 Jan, 2009 1 commit
    • Leigh B. Stoller's avatar
      Add support for getting the list of active slices on each CM. The · 83dd607b
      Leigh B. Stoller authored
      listusage script gets the list of CMs from the clearinghouse DB, and
      calls the ListUsage() method on each one. The return is a list of
      slices (gids) and for each slice, a list of slivers that represent
      nodes. Currently just for debugging other CMs, but eventually will be
      used to populate the clearinghouse DB with an informational snapshot
      of the federation.
      83dd607b