1. 25 Jun, 2015 1 commit
    • Leigh B Stoller's avatar
      Add new options to CreateSliver/Provision; supply an x509 certificate and · 8be26639
      Leigh B Stoller authored
      private key.
      
      The goal is to distribute an experiment wide certificate and private
      key. At the moment this is just a self signed x509 certificate and the
      accompanying rsa key. In PEM format. The same cert/key will be distributed
      across multiple aggregates.
      
      An openssh key pair can be trivially derived from the private key. Or the
      public part can be derived from the certificate. A quick google will show
      show.
      
      Initially, you will need to run tmcc directly to get them, using the
      geni_certificate and geni_key commands.
      8be26639
  2. 19 Jun, 2015 1 commit
    • Leigh B Stoller's avatar
      New support for importing image backed datasets from other clusters. This · 613d90dd
      Leigh B Stoller authored
      is just like importing images (by using a url instead of a urn), which
      makes sense since image backed datasets are just images with a flag set.
      
      Key differences:
      
      1. You cannot snapshot a new version of the dataset on a cluster it has
         been imported to. The snapshot has to be done where the dataset was
         created initially. This is slightly inconvenient and will perhaps
         confuse users, but it is far less confusing that then datasets getting
         out of sync.
      
      2. No image versioning of datasets. We can add that later if we want to.
      613d90dd
  3. 17 Jun, 2015 1 commit
  4. 15 Jun, 2015 1 commit
  5. 10 Jun, 2015 3 commits
  6. 09 Jun, 2015 1 commit
  7. 22 May, 2015 4 commits
  8. 30 Apr, 2015 2 commits
  9. 21 Apr, 2015 1 commit
  10. 01 Apr, 2015 1 commit
    • Leigh B Stoller's avatar
      Tighten up permissions granted to geni users coming from the GPO Portal. · 105c42e1
      Leigh B Stoller authored
      We now ask the portal for a the user's project membership list, and if the
      user is not a member of any (unexpired) projects, we do not allow them to
      create experiments (or much of anything else) in the Cloud Portal. I did
      this by setting the local holding project trust to "user" and setting the
      webonly bit in the users table. The user can use the picker to see public
      profiles, but the create button tells them no dice, go join a project at
      the GPO portal.
      
      We make the project check each time the user logs in via the trusted
      signer.
      105c42e1
  11. 19 Mar, 2015 1 commit
  12. 10 Mar, 2015 1 commit
  13. 09 Mar, 2015 2 commits
  14. 05 Mar, 2015 2 commits
  15. 13 Feb, 2015 1 commit
  16. 04 Feb, 2015 1 commit
    • Leigh B Stoller's avatar
      Reduce the RPC timeout to 60 seconds in the sliverstatus loop, and · 31f8c5f4
      Leigh B Stoller authored
      say something more informative them "read timeout" if we lose contact
      with the backend cluster.
      
      I still need to figure out what to do when this happens, At the moment we
      set the status of the new instance to failed, even though it can't be
      terminated until the network partition clears up.
      31f8c5f4
  17. 29 Jan, 2015 1 commit
  18. 27 Jan, 2015 2 commits
    • Leigh B Stoller's avatar
      Two co-mingled sets of changes: · 85cb063b
      Leigh B Stoller authored
      1) Implement the latest dataset read/write access settings from frontend to
         backend. Also updates for simultaneous read-only usage.
      
      2) New configure options: PROTOGENI_LOCALUSER and PROTOGENI_GENIWEBLOGIN.
      
         The first changes the way that projects and users are treated at the
         CM. When set, we create real accounts (marked as nonlocal) for users and
         also create real projects (also marked as nonlocal). Users are added to
         those projects according to their credentials. The underlying experiment
         is thus owned by the user and in the project, although all the work is
         still done by the geniuser pseudo user. The advantage of this approach
         is that we can use standard emulab access checks to control access to
         objects like datasets. Maybe images too at some point.
      
         NOTE: Users are not removed from projects once they are added; we are
         going to need to deal with this, perhaps by adding an expiration stamp
         to the groups_membership tables, and using the credential expiration to
         mark it.
      
         The second new configure option turns on the web login via the geni
         trusted signer. So, if I create a sliver on a backend cluster when both
         options are set, I can use the trusted signer to log into my newly
         created account on the cluster, and see it (via the emulab classic web
         interface).
      
         All this is in flux, might end up being a bogus approach in the end.
      85cb063b
    • Leigh B Stoller's avatar
      Add ssh key management to Actions menu, do not delete keys in · 7a07142a
      Leigh B Stoller authored
      create_instance, now that user can manage multiple keys.
      7a07142a
  19. 16 Jan, 2015 1 commit
  20. 03 Jan, 2015 1 commit
  21. 15 Dec, 2014 1 commit
  22. 04 Dec, 2014 1 commit
  23. 03 Dec, 2014 3 commits
  24. 12 Nov, 2014 1 commit
  25. 29 Oct, 2014 1 commit
  26. 28 Oct, 2014 1 commit
  27. 27 Oct, 2014 1 commit
  28. 25 Oct, 2014 1 commit
  29. 08 Oct, 2014 1 commit