diff --git a/confluent_osdeploy/confluent_osdeploy.spec.tmpl b/confluent_osdeploy/confluent_osdeploy.spec.tmpl index 1fb3bdcd..e3607c0f 100644 --- a/confluent_osdeploy/confluent_osdeploy.spec.tmpl +++ b/confluent_osdeploy/confluent_osdeploy.spec.tmpl @@ -73,11 +73,13 @@ mv ../addons.tgz . cd .. cp -a esxi7out esxi6out cp -a esxi7 esxi6 +cp -a esxi7out esxi8out +cp -a esxi7 esxi8 %install mkdir -p %{buildroot}/opt/confluent/share/licenses/confluent_osdeploy/ cp LICENSE %{buildroot}/opt/confluent/share/licenses/confluent_osdeploy/ -for os in rhvh4 el7 el8 el9 genesis suse15 ubuntu20.04 ubuntu22.04 esxi6 esxi7 coreos; do +for os in rhvh4 el7 el8 el9 genesis suse15 ubuntu20.04 ubuntu22.04 esxi6 esxi7 esxi8 coreos; do mkdir -p %{buildroot}/opt/confluent/lib/osdeploy/$os/initramfs mkdir -p %{buildroot}/opt/confluent/lib/osdeploy/$os/profiles cp ${os}out/addons.* %{buildroot}/opt/confluent/lib/osdeploy/$os/initramfs diff --git a/confluent_osdeploy/el8/profiles/default/scripts/firstboot.sh b/confluent_osdeploy/el8/profiles/default/scripts/firstboot.sh index a735e2cf..1903f448 100644 --- a/confluent_osdeploy/el8/profiles/default/scripts/firstboot.sh +++ b/confluent_osdeploy/el8/profiles/default/scripts/firstboot.sh @@ -25,7 +25,7 @@ export nodename confluent_mgr confluent_profile exec >> /var/log/confluent/confluent-firstboot.log exec 2>> /var/log/confluent/confluent-firstboot.log chmod 600 /var/log/confluent/confluent-firstboot.log -tail -f /var/log/confluent/confluent-firstboot.log > /dev/console & +tail -n 0 -f /var/log/confluent/confluent-firstboot.log > /dev/console & logshowpid=$! while ! ping -c 1 $confluent_pingtarget >& /dev/null; do sleep 1 diff --git a/confluent_osdeploy/esxi7/initramfs/bin/dcuiweasel b/confluent_osdeploy/esxi7/initramfs/bin/dcuiweasel index 4a490b79..ca3b124b 100644 --- a/confluent_osdeploy/esxi7/initramfs/bin/dcuiweasel +++ b/confluent_osdeploy/esxi7/initramfs/bin/dcuiweasel @@ -8,6 +8,7 @@ mkdir -p /etc/confluent localcli network firewall unload touch /etc/confluent/confluent.info begin=$(date +%s) +localcli system secpolicy domain set -n appDom -l disabled while ! grep NODENAME /etc/confluent/confluent.info; do echo "Searching for deployment service on local network..." /opt/confluent/bin/copernicus > /etc/confluent/confluent.info @@ -27,7 +28,7 @@ done node=$(grep NODENAME: /etc/confluent/confluent.info|head -n 1|awk '{print $2}') mgr=$(grep MANAGER: /etc/confluent/confluent.info|head -n 1|awk '{print $2}') cp /opt/confluent/bin/clortho /clortho -/clortho $node $mgr > /etc/confluent/confluent.apikey +(/clortho $node $mgr || /opt/confluent/bin/clortho $node $mgr) > /etc/confluent/confluent.apikey APIKEY=$(cat /etc/confluent/confluent.apikey) while [ -z "$APIKEY" ]; do if [ ! -f /var/run/vmware/show-esx-shell-login ]; then @@ -38,7 +39,7 @@ while [ -z "$APIKEY" ]; do fi echo "Deployment server failed to grant node deployment token, retrying token retrieval" echo "A debug session has been made available on Alt-F1" - /clortho $node $mgr > /etc/confluent/confluent.apikey + (/clortho $node $mgr || /opt/confluent/bin/clortho $node $mgr) > /etc/confluent/confluent.apikey APIKEY=$(cat /etc/confluent/confluent.apikey) done cat /tls/*.pem > /etc/confluent/ca.pem diff --git a/confluent_osdeploy/utils/copernicus.c b/confluent_osdeploy/utils/copernicus.c index 872b51f0..bf54f853 100644 --- a/confluent_osdeploy/utils/copernicus.c +++ b/confluent_osdeploy/utils/copernicus.c @@ -154,7 +154,7 @@ int main(int argc, char* argv[]) { } /* For now, bind to 190 to prove we are a privileged process */ if (bind(n4, (const struct sockaddr *)&addr4, sizeof(addr4)) < 0) { - fprintf(stderr, "Eror binding privilged port!\n"); + fprintf(stderr, "Error binding privilged port!\n"); exit(1); } if (bind(ns, (const struct sockaddr *)&addr, sizeof(addr)) < 0) { diff --git a/confluent_server/confluent/core.py b/confluent_server/confluent/core.py index 6d7d9366..61b23c69 100644 --- a/confluent_server/confluent/core.py +++ b/confluent_server/confluent/core.py @@ -71,7 +71,8 @@ import struct import sys pluginmap = {} -dispatch_plugins = (b'ipmi', u'ipmi', b'redfish', u'redfish', b'tsmsol', u'tsmsol') +dispatch_plugins = (b'ipmi', u'ipmi', b'redfish', u'redfish', b'tsmsol', u'tsmsol', b'geist', u'geist', b'deltapdu', u'deltapdu', b'eatonpdu', u'eatonpdu', b'affluent', u'affluent', b'cnos', u'cnos') + PluginCollection = plugin.PluginCollection try: @@ -823,17 +824,17 @@ def handle_dispatch(connection, cert, dispatch, peername): connection.close() return plugroute = routespec.routeinfo - plugpath = None nodesbyhandler = {} passvalues = [] nodeattr = configmanager.get_node_attributes( nodes, plugroute['pluginattrs']) for node in nodes: + plugpath = None for attrname in plugroute['pluginattrs']: if attrname in nodeattr[node]: plugpath = nodeattr[node][attrname]['value'] - elif 'default' in plugroute: - plugpath = plugroute['default'] + if not plugpath and 'default' in plugroute: + plugpath = plugroute['default'] if plugpath: try: hfunc = getattr(pluginmap[plugpath], operation) @@ -990,15 +991,15 @@ def handle_node_request(configmanager, inputdata, operation, elif 'pluginattrs' in plugroute: nodeattr = configmanager.get_node_attributes( nodes, plugroute['pluginattrs'] + ['collective.manager']) - plugpath = None nodesbymanager = {} nodesbyhandler = {} badcollnodes = [] for node in nodes: + plugpath = None for attrname in plugroute['pluginattrs']: if attrname in nodeattr[node]: plugpath = nodeattr[node][attrname]['value'] - elif 'default' in plugroute: + if not plugpath and 'default' in plugroute: plugpath = plugroute['default'] if plugpath in dispatch_plugins: cfm.check_quorum() diff --git a/confluent_server/confluent/firmwaremanager.py b/confluent_server/confluent/firmwaremanager.py index 33f14a80..a7713943 100644 --- a/confluent_server/confluent/firmwaremanager.py +++ b/confluent_server/confluent/firmwaremanager.py @@ -78,7 +78,10 @@ def execupdate(handler, filename, updateobj, type, owner, node, datfile): completion = 'complete' if owner: pwent = pwd.getpwnam(owner) - os.chown(filename, pwent.pw_uid, pwent.pw_gid) + try: + os.chown(filename, pwent.pw_uid, pwent.pw_gid) + except: + raise Exception('Error changing ownership of {} to {}, file is complete but owned by confluent instead'.format(filename, owner)) updateobj.handle_progress({'phase': completion, 'progress': 100.0}) except exc.PubkeyInvalid as pi: errstr = 'Certificate mismatch detected, does not match value in ' \ diff --git a/confluent_server/confluent/networking/macmap.py b/confluent_server/confluent/networking/macmap.py index 16edffca..f44e8c93 100644 --- a/confluent_server/confluent/networking/macmap.py +++ b/confluent_server/confluent/networking/macmap.py @@ -260,6 +260,11 @@ def _map_switch_backend(args): if switch not in noaffluent: try: return _affluent_map_switch(args) + except exc.PubkeyInvalid: + log.log({'error': 'While trying to gather ethernet mac addresses ' + 'from {0}, the TLS certificate failed validation. ' + 'Clear pubkeys.tls_hardwaremanager if this was ' + 'expected due to reinstall or new certificate'.format(switch)}) except Exception: pass mactobridge, ifnamemap, bridgetoifmap = _offload_map_switch( diff --git a/misc/setupssh.sh b/misc/setupssh.sh index 7ac31040..3fdf0ef5 100644 --- a/misc/setupssh.sh +++ b/misc/setupssh.sh @@ -2,7 +2,6 @@ [ -f /etc/confluent/functions ] && . /etc/confluent/functions [ -f /opt/confluent/bin/apiclient ] && confapiclient=/opt/confluent/bin/apiclient [ -f /etc/confluent/apiclient ] && confapiclient=/etc/confluent/apiclient -nodename=$(grep ^NODENAME: /etc/confluent.info|awk '{print $NF}') for pubkey in /etc/ssh/ssh_host*key.pub; do certfile=${pubkey/.pub/-cert.pub} rm $certfile