2
0
mirror of https://github.com/xcat2/confluent.git synced 2024-12-25 12:41:39 +00:00

Implement registration and retrieval

Remote discovery can now be registered by
switches.
This commit is contained in:
Jarrod Johnson 2022-07-20 13:01:11 -04:00
parent 480849640e
commit 0dc7b532cc
5 changed files with 56 additions and 15 deletions

View File

@ -57,12 +57,15 @@ def print_disco(options, session, currmac, outhandler, columns):
procinfo.update(tmpinfo)
if 'Switch' in columns or 'Port' in columns:
for tmpinfo in session.read(
'/networking/macs/by-mac/{0}'.format(currmac)):
if 'ports' in tmpinfo:
# The api sorts so that the most specific available value
# is last
procinfo.update(tmpinfo['ports'][-1])
if 'switch' in procinfo:
procinfo['port'] = procinfo['switchport']
else:
for tmpinfo in session.read(
'/networking/macs/by-mac/{0}'.format(currmac)):
if 'ports' in tmpinfo:
# The api sorts so that the most specific available value
# is last
procinfo.update(tmpinfo['ports'][-1])
record = []
for col in columns:
rawcol = columnmapping[col]

View File

@ -217,7 +217,12 @@ def send_discovery_datum(info):
if info['handler'] == pxeh:
enrich_pxe_info(info)
yield msg.KeyValueData({'nodename': info.get('nodename', '')})
yield msg.KeyValueData({'ipaddrs': [_printable_ip(x) for x in addresses]})
if not info.get('forwarder_server', None):
yield msg.KeyValueData({'ipaddrs': [_printable_ip(x) for x in addresses]})
switch = info.get('forwarder_server', None)
if switch:
yield msg.KeyValueData({'switch': switch})
yield msg.KeyValueData({'switchport': info['port']})
sn = info.get('serialnumber', '')
mn = info.get('modelnumber', '')
uuid = info.get('uuid', '')
@ -690,6 +695,8 @@ def detected(info):
info['otheraddresses'] = set([])
for i4addr in info.get('attributes', {}).get('ipv4-address', []):
info['otheraddresses'].add(i4addr)
for i4addr in info.get('attributes', {}).get('ipv4-addresses', []):
info['otheraddresses'].add(i4addr)
if handler and handler.https_supported and not handler.https_cert:
if handler.cert_fail_reason == 'unreachable':
log.log(

View File

@ -41,7 +41,6 @@ class NodeHandler(object):
if info.get('forwarder_url', False):
self.relay_url = info['forwarder_url']
self.relay_server = info['forwarder_server']
self.relay_token = info['forwarder_token']
return
# first let us prefer LLA if possible, since that's most stable
for sa in info['addresses']:
@ -144,7 +143,7 @@ class NodeHandler(object):
relaycreds = self.configmanager.get_node_attributes(self.relay_server, 'secret.*', decrypt=True)
relaycreds = relaycreds.get(self.relay_server, {})
relayuser = relaycreds.get('secret.hardwaremanagementuser', {}).get('value', None)
relaypass = relaycreds.get('secret.hardwaremanegementpassword', {}).get('value', None)
relaypass = relaycreds.get('secret.hardwaremanagementpassword', {}).get('value', None)
if not relayuser or not relaypass:
raise Exception('No credentials for {0}'.format(self.relay_server))
w.set_basic_credentials(relayuser, relaypass)

View File

@ -382,10 +382,12 @@ def _find_service(service, target):
if pi is not None:
yield pi
def check_fish(urldata):
def check_fish(urldata, port=443, verifycallback=None):
if not verifycallback:
verifycallback = lambda x: True
url, data = urldata
try:
wc = webclient.SecureHTTPConnection(_get_svrip(data), 443, verifycallback=lambda x: True)
wc = webclient.SecureHTTPConnection(_get_svrip(data), port, verifycallback=verifycallback)
peerinfo = wc.grab_json_response(url)
except socket.error:
return None

View File

@ -19,6 +19,10 @@ import json
import os
import time
import yaml
import confluent.discovery.protocols.ssdp as ssdp
import eventlet
webclient = eventlet.import_patched('pyghmi.util.webclient')
currtz = None
keymap = 'us'
@ -154,10 +158,36 @@ def handle_request(env, start_response):
reqbody = env['wsgi.input'].read(int(env['CONTENT_LENGTH']))
if env['PATH_INFO'] == '/self/register_discovered':
rb = json.loads(reqbody)
addrs = rb.get('addresses', [])
rb['addresses'] = []
for addr in addrs:
rb['addresses'].append(tuple(addr))
if not rb.get('path', None):
start_response('400 Bad Requst', [])
yield 'Missing Path'
return
targurl = '/hubble/systems/by-port/{0}/webaccess'.format(rb['path'])
tlsverifier = util.TLSCertVerifier(cfg, nodename, 'pubkeys.tls_hardwaremanager')
wc = webclient.SecureHTTPConnection(nodename, 443, verifycallback=tlsverifier.verify_cert)
relaycreds = cfg.get_node_attributes(nodename, 'secret.*', decrypt=True)
relaycreds = relaycreds.get(nodename, {})
relayuser = relaycreds.get('secret.hardwaremanagementuser', {}).get('value', None)
relaypass = relaycreds.get('secret.hardwaremanagementpassword', {}).get('value', None)
if not relayuser or not relaypass:
raise Exception('No credentials for {0}'.format(nodename))
wc.set_basic_credentials(relayuser, relaypass)
wc.request('GET', targurl)
rsp = wc.getresponse()
_ = rsp.read()
if rsp.status == 302:
newurl = rsp.headers['Location']
newhost, newport = newurl.replace('https://', '').split('/')[0].split(':')
def verify_cert(certificate):
hashval = base64.b64decode(rb['fingerprint'])
if len(hashval) == 48:
return hashlib.sha384(certificate).digest() == hashval
raise Exception('Certificate validation failed')
rb['addresses'] = [(newhost, newport)]
rb['forwarder_url'] = targurl
rb['forwarder_server'] = nodename
rb['']
ssdp.check_fish(('/DeviceDescription.json', rb), newport, verify_cert)
disco.detected(rb)
start_response('200 OK', [])
yield 'Registered'