Re: [Testbed-admins] How to add more Emulab admin account

["chunhui Zhang(Evan)" <chyz198@gmail.com>]

Hi,
 
    I put option 'ISOLATEADMINS=0' in my defs file and reconfig, recompile and I got a error when I was doing reinstall,
-------------------------------------------------------------------------------------------------------------------------
%sudo gmake boss-install
Checking DB schema...
cd ./db && perl schemacheck
Checking Site variables...
cd ./db && perl sitevarscheck
Use of uninitialized value in subroutine entry at /usr/local/lib/perl5/site_perl
/5.8.8/mach/Mysql.pm line 137.
Use of uninitialized value in subroutine entry at /usr/local/lib/perl5/site_perl
/5.8.8/mach/Mysql.pm line 137.
Checking Initial DB Fill ...
cd ./db && perl dbfillcheck
gmake[1]: Entering directory `/usr/testbed/obj/testbed/protogeni'
gmake[2]: Entering directory `/usr/testbed/obj/testbed/protogeni/lib'
Checking DB schema...
cd ../../protogeni/lib && perl genischemacheck.pl
The schemata described in /usr/testbed/src/testbed/protogeni/updates differ from

the running databases. As a safety measure, you will not be able to
install until this is resolved.

If you are a user of the emulab software outside of Utah, this is
probably because your database was created for an older version of the
emulab software. You can update your database by:

        boss> cd /your/srcdir/protogeni/updates
        boss> sudo perl /usr/testbed/obj/testbed/protogeni/scripts/update

gmake[2]: *** [install-genischemacheck] Error 1
gmake[2]: Leaving directory `/usr/testbed/obj/testbed/protogeni/lib'
gmake[1]: *** [install-genischemacheck] Error 2
gmake[1]: Leaving directory `/usr/testbed/obj/testbed/protogeni'
gmake: *** [install-genischemacheck] Error 2
-----------------------------------------------------------------------------------------------------------------------------------
Then I followed the instruction, and get another error,
-----------------------------------------------------------------------------------------------------
%cd /usr/testbed/src/testbed/protogeni/updates/
%sudo perl /usr/testbed/obj/testbed/protogeni/scripts/update
Processing update /11
DB Query failed:
  Query: alter table aggregate_history drop aggregate_uuid
  Error: Can't DROP 'aggregate_uuid'; check that column/key exists (1091)
*** /usr/testbed/obj/testbed/protogeni/scripts/update:
    Could not apply updates to SA DB
%
---------------------------------------------------------------------------------------------------

Then I looked at DB(geni) and there is no 'aggregate_uuid' field in table 'aggregate_history'.
Do you have any idea about this?  Thanks

Evan

On Tue, Dec 15, 2009 at 1:17 PM, Leigh Stoller <stoller@flux.utah.edu> wrote:

  I tried to request a user account in 'emulab-ops' project at our
  site and it is not allowed. Actually this user is intend to be
  other admin here.

What should I do to make it happen or the general way to maintain
Emulab is just with one root admin?

First off, are you seeing an email message to your tbops list
like this:

>> Subject: WEB ERROR REPORT
>> In /joinproject.php3
>> New user 'testuser' attempted to join project 'xxx'
>> which would create a mix of admin and non-admin users

If so, then you have run into a security feature; Emulab does not
allow users who are not admins be in the same projects as users who
are admins. The idea is that there are enough things that project
members can do that having a non-admin in a project with admins might
make it possible for the non-admin to escalate his privileges and gain
admin access.

We have this enabled because we have 1000s of users we do not know,
and this is just safer. Some sites elect to turn this off because
their user base is more tightly controlled. If you want to turn this
off, add this lines to your defs file:

ISOLATEADMINS=0

Then reconfig, rebuild, reinstall ...

If you decide you want to keep ISOLATEADMINS turned on, then I can
describe the process for bypassing it. But its a little cumbersome,
and hard to explain. :-)

Lbs