xCAT/confluent
2
0
Fork 0
mirror of https://github.com/xcat2/confluent.git synced 2024-11-22 09:32:21 +00:00
Code Issues Projects Releases Wiki Activity

Add insecure protocol check

Browse Source
This commit is contained in:
Jarrod Johnson 2022-09-30 12:22:39 -04:00
parent 9ecd3e3ac7
commit 6e803e9fca
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
confluent_server/bin/confluent_selfcheck
View File

@ -245,6 +245,10 @@ if __name__ == '__main__':
uuid = rsp.get('id.uuid', {}).get('value', None)
if uuid:
uuidok = True
if 'deployment.useinsecureprotocols' in rsp:
insec = rsp.get('deployment.useinsecureprotocols', {}).get('value', None):
if insec != 'firmware':
emprint(f'{args.node} does not have deployment.useinsecureprotocols set to firmware. This is fine for USB boot. HTTP boot can work, but requires the deployment server CA certificates be provisioned to the UEFI first. PXE and HTTP boot without preprovisioned certificates will fail.')
for key in rsp:
if key.endswith('.hwaddr'):
mac = rsp[key].get('value', None)