2
0
mirror of https://github.com/xcat2/confluent.git synced 2024-11-26 03:19:48 +00:00

Merge branch 'master' into remote_discovery

This commit is contained in:
Jarrod Johnson 2022-07-18 15:52:42 -04:00
commit 42055e2648
8 changed files with 24 additions and 13 deletions

View File

@ -73,11 +73,13 @@ mv ../addons.tgz .
cd ..
cp -a esxi7out esxi6out
cp -a esxi7 esxi6
cp -a esxi7out esxi8out
cp -a esxi7 esxi8
%install
mkdir -p %{buildroot}/opt/confluent/share/licenses/confluent_osdeploy/
cp LICENSE %{buildroot}/opt/confluent/share/licenses/confluent_osdeploy/
for os in rhvh4 el7 el8 el9 genesis suse15 ubuntu20.04 ubuntu22.04 esxi6 esxi7 coreos; do
for os in rhvh4 el7 el8 el9 genesis suse15 ubuntu20.04 ubuntu22.04 esxi6 esxi7 esxi8 coreos; do
mkdir -p %{buildroot}/opt/confluent/lib/osdeploy/$os/initramfs
mkdir -p %{buildroot}/opt/confluent/lib/osdeploy/$os/profiles
cp ${os}out/addons.* %{buildroot}/opt/confluent/lib/osdeploy/$os/initramfs

View File

@ -25,7 +25,7 @@ export nodename confluent_mgr confluent_profile
exec >> /var/log/confluent/confluent-firstboot.log
exec 2>> /var/log/confluent/confluent-firstboot.log
chmod 600 /var/log/confluent/confluent-firstboot.log
tail -f /var/log/confluent/confluent-firstboot.log > /dev/console &
tail -n 0 -f /var/log/confluent/confluent-firstboot.log > /dev/console &
logshowpid=$!
while ! ping -c 1 $confluent_pingtarget >& /dev/null; do
sleep 1

View File

@ -8,6 +8,7 @@ mkdir -p /etc/confluent
localcli network firewall unload
touch /etc/confluent/confluent.info
begin=$(date +%s)
localcli system secpolicy domain set -n appDom -l disabled
while ! grep NODENAME /etc/confluent/confluent.info; do
echo "Searching for deployment service on local network..."
/opt/confluent/bin/copernicus > /etc/confluent/confluent.info
@ -27,7 +28,7 @@ done
node=$(grep NODENAME: /etc/confluent/confluent.info|head -n 1|awk '{print $2}')
mgr=$(grep MANAGER: /etc/confluent/confluent.info|head -n 1|awk '{print $2}')
cp /opt/confluent/bin/clortho /clortho
/clortho $node $mgr > /etc/confluent/confluent.apikey
(/clortho $node $mgr || /opt/confluent/bin/clortho $node $mgr) > /etc/confluent/confluent.apikey
APIKEY=$(cat /etc/confluent/confluent.apikey)
while [ -z "$APIKEY" ]; do
if [ ! -f /var/run/vmware/show-esx-shell-login ]; then
@ -38,7 +39,7 @@ while [ -z "$APIKEY" ]; do
fi
echo "Deployment server failed to grant node deployment token, retrying token retrieval"
echo "A debug session has been made available on Alt-F1"
/clortho $node $mgr > /etc/confluent/confluent.apikey
(/clortho $node $mgr || /opt/confluent/bin/clortho $node $mgr) > /etc/confluent/confluent.apikey
APIKEY=$(cat /etc/confluent/confluent.apikey)
done
cat /tls/*.pem > /etc/confluent/ca.pem

View File

@ -154,7 +154,7 @@ int main(int argc, char* argv[]) {
}
/* For now, bind to 190 to prove we are a privileged process */
if (bind(n4, (const struct sockaddr *)&addr4, sizeof(addr4)) < 0) {
fprintf(stderr, "Eror binding privilged port!\n");
fprintf(stderr, "Error binding privilged port!\n");
exit(1);
}
if (bind(ns, (const struct sockaddr *)&addr, sizeof(addr)) < 0) {

View File

@ -71,7 +71,8 @@ import struct
import sys
pluginmap = {}
dispatch_plugins = (b'ipmi', u'ipmi', b'redfish', u'redfish', b'tsmsol', u'tsmsol')
dispatch_plugins = (b'ipmi', u'ipmi', b'redfish', u'redfish', b'tsmsol', u'tsmsol', b'geist', u'geist', b'deltapdu', u'deltapdu', b'eatonpdu', u'eatonpdu', b'affluent', u'affluent', b'cnos', u'cnos')
PluginCollection = plugin.PluginCollection
try:
@ -823,17 +824,17 @@ def handle_dispatch(connection, cert, dispatch, peername):
connection.close()
return
plugroute = routespec.routeinfo
plugpath = None
nodesbyhandler = {}
passvalues = []
nodeattr = configmanager.get_node_attributes(
nodes, plugroute['pluginattrs'])
for node in nodes:
plugpath = None
for attrname in plugroute['pluginattrs']:
if attrname in nodeattr[node]:
plugpath = nodeattr[node][attrname]['value']
elif 'default' in plugroute:
plugpath = plugroute['default']
if not plugpath and 'default' in plugroute:
plugpath = plugroute['default']
if plugpath:
try:
hfunc = getattr(pluginmap[plugpath], operation)
@ -990,15 +991,15 @@ def handle_node_request(configmanager, inputdata, operation,
elif 'pluginattrs' in plugroute:
nodeattr = configmanager.get_node_attributes(
nodes, plugroute['pluginattrs'] + ['collective.manager'])
plugpath = None
nodesbymanager = {}
nodesbyhandler = {}
badcollnodes = []
for node in nodes:
plugpath = None
for attrname in plugroute['pluginattrs']:
if attrname in nodeattr[node]:
plugpath = nodeattr[node][attrname]['value']
elif 'default' in plugroute:
if not plugpath and 'default' in plugroute:
plugpath = plugroute['default']
if plugpath in dispatch_plugins:
cfm.check_quorum()

View File

@ -78,7 +78,10 @@ def execupdate(handler, filename, updateobj, type, owner, node, datfile):
completion = 'complete'
if owner:
pwent = pwd.getpwnam(owner)
os.chown(filename, pwent.pw_uid, pwent.pw_gid)
try:
os.chown(filename, pwent.pw_uid, pwent.pw_gid)
except:
raise Exception('Error changing ownership of {} to {}, file is complete but owned by confluent instead'.format(filename, owner))
updateobj.handle_progress({'phase': completion, 'progress': 100.0})
except exc.PubkeyInvalid as pi:
errstr = 'Certificate mismatch detected, does not match value in ' \

View File

@ -260,6 +260,11 @@ def _map_switch_backend(args):
if switch not in noaffluent:
try:
return _affluent_map_switch(args)
except exc.PubkeyInvalid:
log.log({'error': 'While trying to gather ethernet mac addresses '
'from {0}, the TLS certificate failed validation. '
'Clear pubkeys.tls_hardwaremanager if this was '
'expected due to reinstall or new certificate'.format(switch)})
except Exception:
pass
mactobridge, ifnamemap, bridgetoifmap = _offload_map_switch(

View File

@ -2,7 +2,6 @@
[ -f /etc/confluent/functions ] && . /etc/confluent/functions
[ -f /opt/confluent/bin/apiclient ] && confapiclient=/opt/confluent/bin/apiclient
[ -f /etc/confluent/apiclient ] && confapiclient=/etc/confluent/apiclient
nodename=$(grep ^NODENAME: /etc/confluent.info|awk '{print $NF}')
for pubkey in /etc/ssh/ssh_host*key.pub; do
certfile=${pubkey/.pub/-cert.pub}
rm $certfile