1. 20 Jul, 2016 1 commit
  2. 14 Jul, 2016 1 commit
  3. 10 Jun, 2016 2 commits
    • Leigh B Stoller's avatar
      Fix to CreateDatasetCreds(); we do not need a credential for a local lease, · f74b1548
      Leigh B Stoller authored
      it goes through normal emulab permission checks.
      f74b1548
    • Leigh B Stoller's avatar
      NFS mount changes, still a work in progress, bound to change: · e369c1a8
      Leigh B Stoller authored
      * The Emulab portal now adds a toplevel element (Emulab namespace)
        directing the CM to use standard emulab mounts (read: /users).
        We clear that element from the other portals.
      
      * The CM looks for that tag, and allows it only if the caller is the local
        SA. The default for nfsmounts setting for geni experiment containers is
        "genidefault", but that is set to "emulabdefault" when allowed.
      
      * tmcd changes; no using nfsmounts slot instead of nonfsmounts. "none"
        means no mounts (duh), "emulabdefault" means standard mounts we all know
        and love, "genidefault" means no /users mounts.
      
        In addition, when we are doing emulabdefault mounts on a geni experiment
        node, we do not return accounts that are specified in the rspec, but
        rather we return the local project accounts only.
      e369c1a8
  4. 19 May, 2016 1 commit
  5. 29 Apr, 2016 1 commit
  6. 12 Apr, 2016 1 commit
  7. 06 Apr, 2016 1 commit
  8. 26 Mar, 2016 1 commit
  9. 16 Mar, 2016 1 commit
  10. 14 Mar, 2016 1 commit
  11. 09 Mar, 2016 1 commit
  12. 01 Mar, 2016 1 commit
    • Leigh B Stoller's avatar
      Some tweaks to credential handling: · 3ebffb34
      Leigh B Stoller authored
      1) Anytime we need to generate a slice credential, and the slice has
         expired, bump the slice expiration so we can create a valid credential
         and then reset the expiration. Consider if the slice expires but we
         missed it and its still active; we gotta be able to control it.
      
      2) From the beginning, we have done almost all RPC operations as the
         creator of the experiment. Made sense when the portal interface was not
         project aware, but now other users in the project can see and mess with
         experiments in their project. But we are still doing all the RPC
         operations as the creator of the experiment, which will need to change
         at some point, but in the short term I am seeing a lot of credential
         errors caused by an expired speaks-for credential for that creator (if
         they have not logged into the portal in a while). When this happens,
         lets generate a plain slice credential, issued to the SA, so that we can
         complete the operation. Eventually we have to make the backend project
         aware, and issue the operations as the web user doing the driving.
         Maybe as part of the larger portalization project.
      3ebffb34
  13. 29 Feb, 2016 2 commits
  14. 22 Feb, 2016 1 commit
  15. 05 Feb, 2016 1 commit
  16. 27 Jan, 2016 1 commit
  17. 21 Jan, 2016 1 commit
    • Leigh B Stoller's avatar
      A couple of fixes for guest users: · c363234d
      Leigh B Stoller authored
      1. Do not allow guest users to use anything but the APT cluster. We had
         talked about this a while back, and today it caused a problem:
      
      2. Because a guest tried to use the Mothership (cause of a URN in the
         profile), we had GeniUser lookup confusion. We store guest users in the
         geni-sa geni_users table, but because PROTOGENI_LOCALUSER=1, we end up
         creating a nonlocal account on the Geni path, and that conflicts.
         Changed how we do lookups.
      c363234d
  18. 06 Jan, 2016 1 commit
  19. 04 Jan, 2016 1 commit
  20. 21 Dec, 2015 1 commit
  21. 16 Dec, 2015 1 commit
  22. 01 Dec, 2015 1 commit
    • Leigh B Stoller's avatar
      Add support for cancelation; stopping an experiment setup early, instead of · 32c3d934
      Leigh B Stoller authored
      waiting till it finished setting up (or fails). This is really nice when a
      1000 node experiment has gone awry and it is pointless to wait for it to
      finish. When we do this, we mark the instance as canceled in the DB, and
      then wait for create_instance() to notice it. When it does, it stops
      waiting and invokes terminate with a new cancel option at the backend.
      32c3d934
  23. 16 Nov, 2015 1 commit
  24. 13 Nov, 2015 2 commits
  25. 29 Oct, 2015 1 commit
  26. 28 Oct, 2015 2 commits
  27. 27 Oct, 2015 1 commit
    • Leigh B Stoller's avatar
      Add simple (initial) support passing encrypted secrets to the cluster CM, · 46757729
      Leigh B Stoller authored
      to be decrypted using the per-exp ssl keypair we create and store on the
      nodes. In this case, you can add this to your rspec in the node element.
      You can add as many as you want, use the name attribute. We generate a
      random password and encrypt the plain text:
      
        <emulab:password></emulab:password>
      
      which becomes:
      
          <emulab:password name="foo" encrypted="true">-----BEGIN PKCS7-----
      MIIBpAYJKoZIhvcNAQcDoIIBlTCCAZECAQAxggFMMIIBSAIBADCBsDCBqDELMAkG
      A1UEBhMCVVMxDTALBgNVBAgTBFV0YWgxFzAVBgNVBAcTDlNhbHQgTGFrZSBDaXR5
      MR0wGwYDVQQKExRVdGFoIE5ldHdvcmsgVGVzdGJlZDEPMA0GA1UECxMGQVBUTEFC
      MRcwFQYDVQQDEw53d3cuYXB0bGFiLm5ldDEoMCYGCSqGSIb3DQEJARYZdGVzdGJl
      ZC1vcHNAZmx1eC51dGFoLmVkdQIDAs8NMA0GCSqGSIb3DQEBAQUABIGAKeyo7mPO
      rHRF2G9t0h8/ALBBh7ChD1zCYvRFi2qvvUIIv/kfCNPhujRfodIYR65dP3tfM+BH
      VTRxjJrMYH63m8Fz9KMZlVYn+DhMeiwerqTxvVs823zyxcDrOUzTzzakWmJVSqvl
      33Po/7CYZ2iq67ATF1Xym3DsRQbQSuwgzu8wPAYJKoZIhvcNAQcBMB0GCWCGSAFl
      AwQBKgQQRw0kmvwhIur/ZlfFbB75qoAQXTKjzwN1HDJW4x5GAcWNPA==
      -----END PKCS7-----
          </emulab:password>
      
      which can then be decrypted using the private key to get the plaintext
      password.
      46757729
  28. 25 Oct, 2015 1 commit
  29. 22 Oct, 2015 1 commit
  30. 21 Oct, 2015 1 commit
  31. 20 Oct, 2015 1 commit
  32. 19 Oct, 2015 1 commit
  33. 15 Oct, 2015 2 commits
    • Leigh B Stoller's avatar
      Remove debugging code. · 5295bf87
      Leigh B Stoller authored
      5295bf87
    • Leigh B Stoller's avatar
      Two unrelated changes. · 6762e839
      Leigh B Stoller authored
      1. Use information from sliverstatus to indicate that nodes have startup
         execution services running, and then tell then when they have finished,
         and they exited with non-zero status, indicate that they failed. We also
         hold saying the "ready" in the upper panel until all the services have
         exited, we say "booted" instead, and also say that nodes are running
         startup services.
      
      2. For snapshot, when we know an image has to be copied back to its origin
         cluster, tell the web interface, so that we can add another step to the
         imaging modal ("copying"). We know the copy is done when the origin
         cluster has posted the new image data to the IMS, so we do an additional
         poll in the backend waiting for the image server to get the data, and
         then we mark the image as ready for use.
      6762e839
  34. 05 Oct, 2015 1 commit
  35. 25 Sep, 2015 1 commit