From 6e803e9fcaec3be40e24c6f84d25ea33c720fd14 Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Fri, 30 Sep 2022 12:22:39 -0400 Subject: [PATCH] Add insecure protocol check --- confluent_server/bin/confluent_selfcheck | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/confluent_server/bin/confluent_selfcheck b/confluent_server/bin/confluent_selfcheck index ccbe288b..f0ca02ab 100755 --- a/confluent_server/bin/confluent_selfcheck +++ b/confluent_server/bin/confluent_selfcheck @@ -245,6 +245,10 @@ if __name__ == '__main__': uuid = rsp.get('id.uuid', {}).get('value', None) if uuid: uuidok = True + if 'deployment.useinsecureprotocols' in rsp: + insec = rsp.get('deployment.useinsecureprotocols', {}).get('value', None): + if insec != 'firmware': + emprint(f'{args.node} does not have deployment.useinsecureprotocols set to firmware. This is fine for USB boot. HTTP boot can work, but requires the deployment server CA certificates be provisioned to the UEFI first. PXE and HTTP boot without preprovisioned certificates will fail.') for key in rsp: if key.endswith('.hwaddr'): mac = rsp[key].get('value', None)