From 269300119a4a44b261cdbecf42b6ea660de7f88e Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Fri, 4 Jun 2021 13:40:39 -0400 Subject: [PATCH 1/3] Skip newer agent behaviors with incompatible old ssh The previous attempt to support older ssh failed to completely enact old behavior when needed. --- confluent_server/confluent/sshutil.py | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/confluent_server/confluent/sshutil.py b/confluent_server/confluent/sshutil.py index 29ff4442..d255dcb7 100644 --- a/confluent_server/confluent/sshutil.py +++ b/confluent_server/confluent/sshutil.py @@ -34,7 +34,7 @@ def normalize_uid(): def assure_agent(): if sshver() <= 7.6: - return + return False global agent_pid if agent_pid is None: sai = subprocess.check_output(['ssh-agent']) @@ -51,6 +51,7 @@ def assure_agent(): if k == 'SSH_AGENT_PID': agent_pid = v os.environ[k] = v + return True def get_passphrase(): if sshver() <= 7.6: @@ -90,9 +91,11 @@ def initialize_ca(): def prep_ssh_key(keyname): - assure_agent() if keyname in ready_keys: return + if not assure_agent(): + ready_keys[keyname] = 1 + return tmpdir = tempfile.mkdtemp() try: askpass = os.path.join(tmpdir, 'askpass.sh') @@ -121,8 +124,9 @@ def sign_host_key(pubkey, nodename, principals=()): principals.add(nodename) principals = ','.join(sorted(principals)) flags = '-Us' if sshver() > 7.6 else '-s' + keyname = '/etc/confluent/ssh/ca.pub' if flags == '-Us' else '/etc/confluent/ssh/ca' subprocess.check_call( - ['ssh-keygen', flags, '/etc/confluent/ssh/ca.pub', '-I', nodename, + ['ssh-keygen', flags, keyname, '-I', nodename, '-n', principals, '-h', pkeyname]) certname = pkeyname.replace('.pub', '-cert.pub') with open(certname) as cert: From 03a75ec67dd4d9a04d824ffe2d5e0aa7708d82b8 Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Fri, 4 Jun 2021 14:19:06 -0400 Subject: [PATCH 2/3] Error if noderange includes too many ) By default, pyparsing consumes only as much of the input as matches the grammar. Tell it to consume all of the noderange and error if there's more string than matches our grammar. --- confluent_server/confluent/noderange.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/confluent_server/confluent/noderange.py b/confluent_server/confluent/noderange.py index 17375150..76828717 100644 --- a/confluent_server/confluent/noderange.py +++ b/confluent_server/confluent/noderange.py @@ -106,7 +106,7 @@ class NodeRange(object): self.endpage = None self.cfm = config try: - elements = _parser.parseString("(" + noderange + ")").asList()[0] + elements = _parser.parseString("(" + noderange + ")", parseAll=True).asList()[0] except pp.ParseException as pe: raise Exception("Invalid syntax") if noderange[0] in ('<', '>'): From 14bb841b2da4ca8354527310312b3c586adc342e Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Tue, 8 Jun 2021 09:12:33 -0400 Subject: [PATCH 3/3] Fix nodebmcreset partial success The error handling is improved, to catch both noderange global issues as well as partial completions. --- confluent_client/bin/nodebmcreset | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/confluent_client/bin/nodebmcreset b/confluent_client/bin/nodebmcreset index 09a6221b..e18f10aa 100755 --- a/confluent_client/bin/nodebmcreset +++ b/confluent_client/bin/nodebmcreset @@ -47,14 +47,14 @@ exitcode = 0 errorNodes = set([]) session.stop_if_noderange_over(noderange, options.maxnodes) success = session.simple_noderange_command(noderange, 'configuration/management_controller/reset', 'reset', key='state', errnodes=errorNodes) # = 0 if successful -if success != 0: - sys.exit(success) # Determine which nodes were successful and print them allNodes = set([]) for node in session.read('/noderange/{0}/nodes/'.format(noderange)): + if 'error' in node and success != 0: + sys.exit(success) allNodes.add(node['item']['href'].replace("/", "")) goodNodes = allNodes - errorNodes