GitLab

Currently using it for the stitcher log, more later. Needed to
a little rearranging in spewlogfile.php3 so that I could use it
from the Cloudlab UI.

These need to be generalized since its probably not the last non Emulab
aggregate we are going to talk to.

when a multisite experiment.

Also need to deal with node counts, the usage stats do not handle
multisite, nor do we store history entries for the individual sites
in a multisite.

instead of cloudlab-ops, which we want to use for the combined cluster
email list. Send more email to logs instead of ops, now that we are
generating enough of it.

their experiments, we fall back to naming it for them.

We now ask the portal for a the user's project membership list, and if the
user is not a member of any (unexpired) projects, we do not allow them to
create experiments (or much of anything else) in the Cloud Portal. I did
this by setting the local holding project trust to "user" and setting the
webonly bit in the users table. The user can use the picker to see public
profiles, but the create button tells them no dice, go join a project at
the GPO portal.

We make the project check each time the user logs in via the trusted
signer.

we can get at it from users of CallMethod. Then in create_instance,
put that into the APT_Instance record so that we can easily see the
log file if there is a failure. That is displayed in the status page
when in red-dot mode.

can make use of it (to tell users what nodes are up/down).

say something more informative them "read timeout" if we lose contact
with the backend cluster.

I still need to figure out what to do when this happens, At the moment we
set the status of the new instance to failed, even though it can't be
terminated until the network partition clears up.

box about keys.

1) Implement the latest dataset read/write access settings from frontend to
   backend. Also updates for simultaneous read-only usage.

2) New configure options: PROTOGENI_LOCALUSER and PROTOGENI_GENIWEBLOGIN.

   The first changes the way that projects and users are treated at the
   CM. When set, we create real accounts (marked as nonlocal) for users and
   also create real projects (also marked as nonlocal). Users are added to
   those projects according to their credentials. The underlying experiment
   is thus owned by the user and in the project, although all the work is
   still done by the geniuser pseudo user. The advantage of this approach
   is that we can use standard emulab access checks to control access to
   objects like datasets. Maybe images too at some point.

   NOTE: Users are not removed from projects once they are added; we are
   going to need to deal with this, perhaps by adding an expiration stamp
   to the groups_membership tables, and using the credential expiration to
   mark it.

   The second new configure option turns on the web login via the geni
   trusted signer. So, if I create a sliver on a backend cluster when both
   options are set, I can use the trusted signer to log into my newly
   created account on the cluster, and see it (via the emulab classic web
   interface).

   All this is in flux, might end up being a bogus approach in the end.

create_instance, now that user can manage multiple keys.

UI to not use modals.

all users. Cloudlab added to the list, but not exposed except to
admins and studly users.

function has been moved into manage_instance and its associated library
(APT_Instance). Lots of cleanup of the code and more use of webtasks to
communicate with the web server.

certificate or an expired certificate, create a new one automatically.
We will reuse the private of an existing but expired certificate.

trust our certificate.

then just success/failure. For example, lets tell the user if the reason
for failure is lack of nodes.

the slice name, if the user uid does.

limit of 5 days. Pass that along in the list of credentials.

box, but as a collapsible. Warn user if they do not have a key (provided on
signup page) that they are restricted to browser shell. Whenever user
provides a key, replace in the database (if its changed). This keeps the
user out of the Emulab interface to edit their ssh keys. Might have to
revisit this if APT/Cloud users need/want more then the one key.