GitLab

stitcher log file.

by not enough free nodes.

See USEABACCREDS toplevel variable in APT_Geni.

not just the experiment creator.

we cannot get their project list, which causes create_instance to fail.

that and in fact, it needed a change to libaudit. I am still pondering
this, the change I put in needs more thought.

multi-site experiments.

used to make API calls. We use our alternate CA though (valid only in Utah)
since the key is unencrypted.

private key.

The goal is to distribute an experiment wide certificate and private
key. At the moment this is just a self signed x509 certificate and the
accompanying rsa key. In PEM format. The same cert/key will be distributed
across multiple aggregates.

An openssh key pair can be trivially derived from the private key. Or the
public part can be derived from the certificate. A quick google will show
show.

Initially, you will need to run tmcc directly to get them, using the
geni_certificate and geni_key commands.

is just like importing images (by using a url instead of a urn), which
makes sense since image backed datasets are just images with a flag set.

Key differences:

1. You cannot snapshot a new version of the dataset on a cluster it has
   been imported to. The snapshot has to be done where the dataset was
   created initially. This is slightly inconvenient and will perhaps
   confuse users, but it is far less confusing that then datasets getting
   out of sync.

2. No image versioning of datasets. We can add that later if we want to.

Currently using it for the stitcher log, more later. Needed to
a little rearranging in spewlogfile.php3 so that I could use it
from the Cloudlab UI.

These need to be generalized since its probably not the last non Emulab
aggregate we are going to talk to.

when a multisite experiment.

Also need to deal with node counts, the usage stats do not handle
multisite, nor do we store history entries for the individual sites
in a multisite.

instead of cloudlab-ops, which we want to use for the combined cluster
email list. Send more email to logs instead of ops, now that we are
generating enough of it.

their experiments, we fall back to naming it for them.

We now ask the portal for a the user's project membership list, and if the
user is not a member of any (unexpired) projects, we do not allow them to
create experiments (or much of anything else) in the Cloud Portal. I did
this by setting the local holding project trust to "user" and setting the
webonly bit in the users table. The user can use the picker to see public
profiles, but the create button tells them no dice, go join a project at
the GPO portal.

We make the project check each time the user logs in via the trusted
signer.

we can get at it from users of CallMethod. Then in create_instance,
put that into the APT_Instance record so that we can easily see the
log file if there is a failure. That is displayed in the status page
when in red-dot mode.