confluent/TODO

-user can bog down all requests by hammering it with bad auth requests causing
 the auth facility to get bogged down in PBKDF
    Option:
        -a multiprocessing pool to handle new authentications.  The auth action
         itself would be stalled out whilst an attack was underway, but once
         in, the respective session layers will provide a caching session that
         should accelerate things after the client gets in once
        -penalizing a client clearly trying to break in
-other auth
    -pam if user exists but has no passphrase
    -keystone?
    -ad? (specialized to the AD case)
-expressionkeys never gets smaller - perf impact
-When a user account is changed, have httpapi and sockapi notified of changes
 to kill off related sessions.  password changes are given a pass, but user
 deletion will result in immediate session termination
-need event notification for config change- e.g. set attribute triggers consol
 session object check to see if credentials changed
 design is that calling code on init registers a callback for related node to
 the in-context config manager object.  callback shall be OO so no context
 object parametr passed in.  ipmi will use it for user/password/hardwaremanagement.manager
 changes to console and command objects.  console will use it to hook add/deletion
 of nodes and/or indicating a different console.method or hardwaremanagement.method
-When the time comes to dole out configuration/discovery, take page from xCAT
    'flexdiscover' command, if possible bring an ipmi device under management
    by way of ipv6 to eliminate requirement for ip to be specified.
    Requires the polling event support (which is required for security anyway)
-Change the remote timeout behavior to yield a response, then have pluginapi
 decides whether to error the response or a message indicating error in case of
 multi-node request

-this stack trace (happened with method was set to ""):
Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/eventlet/wsgi.py", line 402, in handle_one_response
    for data in result:
  File "/home/jbjohnso/Development/confluent/confluent/httpapi.py", line 301, in resourcehandler
    cfgmgr, querydict)
  File "/home/jbjohnso/Development/confluent/confluent/pluginapi.py", line 273, in handle_path
    passvalue = pluginmap[plugpath].__dict__[operation](
KeyError: ''


-have pyghmi and friends do multiprocessing pools (particularly the PBKDF stuff in auth)
-have console sessions be instructed as to more specific clue for unconnected
    -misconfigured - console.method probably not set right
    -unreachable - hardwaremanagement.manager probably wrong
    -authentication failure - user/passphrase probable not right
Implement dbm style backing for the configuration persistence The pickling would get horrendously slow as total node count increased. This meant very long time to sync to disk for just one change out of 65,000. This strategy changes things to more selective and only do things for the dirty keys rather than everything. Large changes to small amounts of nodes will take more time (because more calls to dump pickle), but small changes to a small subset of nodes will take much less time. 2014-03-04 01:01:13 +00:00			`-user can bog down all requests by hammering it with bad auth requests causing`
			`the auth facility to get bogged down in PBKDF`
			`Option:`
			`-a multiprocessing pool to handle new authentications. The auth action`
			`itself would be stalled out whilst an attack was underway, but once`
			`in, the respective session layers will provide a caching session that`
			`should accelerate things after the client gets in once`
			`-penalizing a client clearly trying to break in`
Refactor/rename code confetty had a lot of stuff in it. Factor out bits to a common library for constructing purpose oriented commands. 2014-03-04 22:12:19 +00:00			`-other auth`
			`-pam if user exists but has no passphrase`
			`-keystone?`
			`-ad? (specialized to the AD case)`
Fix expression detection with unicode strings If data was coming in as unicode strings (as is the case in the json parser), it failed to treat the data as equivalent to string. Correct by checking both str and unicode for now 2014-03-01 15:48:08 +00:00			`-expressionkeys never gets smaller - perf impact`
Jot down notes about things to work in the future 2014-04-11 14:03:02 +00:00			`-When a user account is changed, have httpapi and sockapi notified of changes`
			`to kill off related sessions. password changes are given a pass, but user`
			`deletion will result in immediate session termination`
Fix expression detection with unicode strings If data was coming in as unicode strings (as is the case in the json parser), it failed to treat the data as equivalent to string. Correct by checking both str and unicode for now 2014-03-01 15:48:08 +00:00			`-need event notification for config change- e.g. set attribute triggers consol`
			`session object check to see if credentials changed`
Jot down notes about things to do 2014-03-02 18:05:19 +00:00			`design is that calling code on init registers a callback for related node to`
			`the in-context config manager object. callback shall be OO so no context`
			`object parametr passed in. ipmi will use it for user/password/hardwaremanagement.manager`
			`changes to console and command objects. console will use it to hook add/deletion`
			`of nodes and/or indicating a different console.method or hardwaremanagement.method`
Fix expression detection with unicode strings If data was coming in as unicode strings (as is the case in the json parser), it failed to treat the data as equivalent to string. Correct by checking both str and unicode for now 2014-03-01 15:48:08 +00:00			`-When the time comes to dole out configuration/discovery, take page from xCAT`
			`'flexdiscover' command, if possible bring an ipmi device under management`
			`by way of ipv6 to eliminate requirement for ip to be specified.`
			`Requires the polling event support (which is required for security anyway)`
Add some notes about security related design 2014-04-21 20:01:14 +00:00			`-Change the remote timeout behavior to yield a response, then have pluginapi`
			`decides whether to error the response or a message indicating error in case of`
			`multi-node request`
Fix expression detection with unicode strings If data was coming in as unicode strings (as is the case in the json parser), it failed to treat the data as equivalent to string. Correct by checking both str and unicode for now 2014-03-01 15:48:08 +00:00
			`-this stack trace (happened with method was set to ""):`
			`Traceback (most recent call last):`
			`File "/usr/lib/python2.6/site-packages/eventlet/wsgi.py", line 402, in handle_one_response`
			`for data in result:`
			`File "/home/jbjohnso/Development/confluent/confluent/httpapi.py", line 301, in resourcehandler`
			`cfgmgr, querydict)`
			`File "/home/jbjohnso/Development/confluent/confluent/pluginapi.py", line 273, in handle_path`
			`passvalue = pluginmap[plugpath].__dict__[operation](`
			`KeyError: ''`

Add health/hardware resource to nodes and wire up for IPMI 2014-04-15 18:59:36 +00:00
			`-have pyghmi and friends do multiprocessing pools (particularly the PBKDF stuff in auth)`
Manager to get more traces into trace log instead of the stderr log 2014-04-23 15:14:17 +00:00			`-have console sessions be instructed as to more specific clue for unconnected`
			`-misconfigured - console.method probably not set right`
			`-unreachable - hardwaremanagement.manager probably wrong`
			`-authentication failure - user/passphrase probable not right`