Merge branch 'master' into remote_discovery

2024-11-22 09:32:21 +00:00 · 2022-07-18 15:52:42 -04:00 · 2022-07-18 15:52:42 -04:00 · 42055e2648
commit 42055e2648
parent f65ff1268a 789def17d1
8 changed files with 24 additions and 13 deletions
--- a/confluent_osdeploy/confluent_osdeploy.spec.tmpl
+++ b/confluent_osdeploy/confluent_osdeploy.spec.tmpl
@ -73,11 +73,13 @@ mv ../addons.tgz .
 cd ..
 cp -a esxi7out esxi6out
 cp -a esxi7 esxi6
+cp -a esxi7out esxi8out
+cp -a esxi7 esxi8

 %install
 mkdir -p %{buildroot}/opt/confluent/share/licenses/confluent_osdeploy/
 cp LICENSE %{buildroot}/opt/confluent/share/licenses/confluent_osdeploy/
-for os in rhvh4 el7 el8 el9 genesis suse15 ubuntu20.04 ubuntu22.04 esxi6 esxi7 coreos; do
+for os in rhvh4 el7 el8 el9 genesis suse15 ubuntu20.04 ubuntu22.04 esxi6 esxi7 esxi8 coreos; do
    mkdir -p %{buildroot}/opt/confluent/lib/osdeploy/$os/initramfs
    mkdir -p %{buildroot}/opt/confluent/lib/osdeploy/$os/profiles
    cp ${os}out/addons.* %{buildroot}/opt/confluent/lib/osdeploy/$os/initramfs
--- a/confluent_osdeploy/el8/profiles/default/scripts/firstboot.sh
+++ b/confluent_osdeploy/el8/profiles/default/scripts/firstboot.sh
@ -25,7 +25,7 @@ export nodename confluent_mgr confluent_profile
 exec >> /var/log/confluent/confluent-firstboot.log
 exec 2>> /var/log/confluent/confluent-firstboot.log
 chmod 600 /var/log/confluent/confluent-firstboot.log
-tail -f /var/log/confluent/confluent-firstboot.log > /dev/console &
+tail -n 0 -f /var/log/confluent/confluent-firstboot.log > /dev/console &
 logshowpid=$!
 while ! ping -c 1 $confluent_pingtarget >& /dev/null; do
 	sleep 1
--- a/confluent_osdeploy/esxi7/initramfs/bin/dcuiweasel
+++ b/confluent_osdeploy/esxi7/initramfs/bin/dcuiweasel
@ -8,6 +8,7 @@ mkdir -p /etc/confluent
 localcli network firewall unload
 touch /etc/confluent/confluent.info
 begin=$(date +%s)
+localcli system secpolicy domain set -n appDom -l disabled
 while ! grep NODENAME /etc/confluent/confluent.info; do
    echo "Searching for deployment service on local network..."
    /opt/confluent/bin/copernicus > /etc/confluent/confluent.info
@ -27,7 +28,7 @@ done
 node=$(grep NODENAME: /etc/confluent/confluent.info|head -n 1|awk '{print $2}')
 mgr=$(grep MANAGER: /etc/confluent/confluent.info|head -n 1|awk '{print $2}')
 cp /opt/confluent/bin/clortho /clortho
-/clortho $node $mgr > /etc/confluent/confluent.apikey
+(/clortho $node $mgr || /opt/confluent/bin/clortho $node $mgr) > /etc/confluent/confluent.apikey
 APIKEY=$(cat /etc/confluent/confluent.apikey)
 while [ -z "$APIKEY" ]; do
    if [ ! -f /var/run/vmware/show-esx-shell-login ]; then
@ -38,7 +39,7 @@ while [ -z "$APIKEY" ]; do
    fi
    echo "Deployment server failed to grant node deployment token, retrying token retrieval"
    echo "A debug session has been made available on Alt-F1"
-    /clortho $node $mgr > /etc/confluent/confluent.apikey
+    (/clortho $node $mgr || /opt/confluent/bin/clortho $node $mgr) > /etc/confluent/confluent.apikey
    APIKEY=$(cat /etc/confluent/confluent.apikey)
 done
 cat /tls/*.pem > /etc/confluent/ca.pem
--- a/confluent_osdeploy/utils/copernicus.c
+++ b/confluent_osdeploy/utils/copernicus.c
@ -154,7 +154,7 @@ int main(int argc, char* argv[]) {
    }
    /* For now, bind to 190 to prove we are a privileged process */
    if (bind(n4, (const struct sockaddr *)&addr4, sizeof(addr4)) < 0) {
-        fprintf(stderr, "Eror binding privilged port!\n");
+        fprintf(stderr, "Error binding privilged port!\n");
        exit(1);
    }
    if (bind(ns, (const struct sockaddr *)&addr, sizeof(addr)) < 0) {
--- a/confluent_server/confluent/core.py
+++ b/confluent_server/confluent/core.py
@ -71,7 +71,8 @@ import struct
 import sys

 pluginmap = {}
-dispatch_plugins = (b'ipmi', u'ipmi', b'redfish', u'redfish', b'tsmsol', u'tsmsol')
+dispatch_plugins = (b'ipmi', u'ipmi', b'redfish', u'redfish', b'tsmsol', u'tsmsol', b'geist', u'geist', b'deltapdu', u'deltapdu', b'eatonpdu', u'eatonpdu', b'affluent', u'affluent', b'cnos', u'cnos')
+
 PluginCollection = plugin.PluginCollection

 try:
@ -823,17 +824,17 @@ def handle_dispatch(connection, cert, dispatch, peername):
        connection.close()
        return
    plugroute = routespec.routeinfo
-    plugpath = None
    nodesbyhandler = {}
    passvalues = []
    nodeattr = configmanager.get_node_attributes(
        nodes, plugroute['pluginattrs'])
    for node in nodes:
+        plugpath = None
        for attrname in plugroute['pluginattrs']:
            if attrname in nodeattr[node]:
                plugpath = nodeattr[node][attrname]['value']
-            elif 'default' in plugroute:
-                plugpath = plugroute['default']
+            if not plugpath and 'default' in plugroute:
+                plugpath = plugroute['default'] 
        if plugpath:
            try:
                hfunc = getattr(pluginmap[plugpath], operation)
@ -990,15 +991,15 @@ def handle_node_request(configmanager, inputdata, operation,
    elif 'pluginattrs' in plugroute:
        nodeattr = configmanager.get_node_attributes(
            nodes, plugroute['pluginattrs'] + ['collective.manager'])
-        plugpath = None
        nodesbymanager = {}
        nodesbyhandler = {}
        badcollnodes = []
        for node in nodes:
+            plugpath = None
            for attrname in plugroute['pluginattrs']:
                if attrname in nodeattr[node]:
                    plugpath = nodeattr[node][attrname]['value']
-                elif 'default' in plugroute:
+                if not plugpath and 'default' in plugroute:
                    plugpath = plugroute['default']
            if plugpath in dispatch_plugins:
                cfm.check_quorum()
--- a/confluent_server/confluent/firmwaremanager.py
+++ b/confluent_server/confluent/firmwaremanager.py
@ -78,7 +78,10 @@ def execupdate(handler, filename, updateobj, type, owner, node, datfile):
                completion = 'complete'
            if owner:
                pwent = pwd.getpwnam(owner)
-                os.chown(filename, pwent.pw_uid, pwent.pw_gid)
+                try:
+                    os.chown(filename, pwent.pw_uid, pwent.pw_gid)
+                except:
+                    raise Exception('Error changing ownership of {} to {}, file is complete but owned by confluent instead'.format(filename, owner))
            updateobj.handle_progress({'phase': completion, 'progress': 100.0})
        except exc.PubkeyInvalid as pi:
            errstr = 'Certificate mismatch detected, does not match value in ' \
--- a/confluent_server/confluent/networking/macmap.py
+++ b/confluent_server/confluent/networking/macmap.py
@ -260,6 +260,11 @@ def _map_switch_backend(args):
    if switch not in noaffluent:
        try:
            return _affluent_map_switch(args)
+        except exc.PubkeyInvalid:
+            log.log({'error': 'While trying to gather ethernet mac addresses '
+                              'from {0}, the TLS certificate failed validation. '
+                              'Clear pubkeys.tls_hardwaremanager if this was '
+                              'expected due to reinstall or new certificate'.format(switch)})
        except Exception:
            pass
    mactobridge, ifnamemap, bridgetoifmap = _offload_map_switch(
--- a/misc/setupssh.sh
+++ b/misc/setupssh.sh
@ -2,7 +2,6 @@
 [ -f /etc/confluent/functions ] && . /etc/confluent/functions
 [ -f /opt/confluent/bin/apiclient ] && confapiclient=/opt/confluent/bin/apiclient
 [ -f /etc/confluent/apiclient ] && confapiclient=/etc/confluent/apiclient
-nodename=$(grep ^NODENAME: /etc/confluent.info|awk '{print $NF}')
 for pubkey in /etc/ssh/ssh_host*key.pub; do
    certfile=${pubkey/.pub/-cert.pub}
    rm $certfile