mirror of
https://github.com/xcat2/confluent.git
synced 2024-11-22 09:32:21 +00:00
Merge branch 'master' of github.com:jjohnson42/confluent
This commit is contained in:
Jarrod Johnson
commit
abc15974da
@ -156,6 +156,12 @@ node = {
|
||||
'indicates candidate managers, either for '
|
||||
'high availability or load balancing purposes.')
|
||||
},
|
||||
'discovery.passwordrules': {
|
||||
'description': 'Any specified rules shall be configured on the BMC '
|
||||
'upon discovery. "expiration=no,loginfailures=no" '
|
||||
'would disable password expiration and login failures '
|
||||
'triggering a lockout.'
|
||||
},
|
||||
'discovery.policy': {
|
||||
'description': 'Policy to use for auto-configuration of discovered '
|
||||
'and identified nodes. Valid values are "manual", '
|
||||
|
||||
@ -94,7 +94,9 @@ _hasquorum = True
|
||||
_attraliases = {
|
||||
'bmc': 'hardwaremanagement.manager',
|
||||
'bmcuser': 'secret.hardwaremanagementuser',
|
||||
'switchuser': 'secret.hardwaremanagementuser',
|
||||
'bmcpass': 'secret.hardwaremanagementpassword',
|
||||
'switchpass': 'secret.hardwaremanagementpassword',
|
||||
}
|
||||
|
||||
def _mkpath(pathname):
|
||||
|
||||
@ -45,7 +45,7 @@ class NodeHandler(generic.NodeHandler):
|
||||
def config(self, nodename, reset=False):
|
||||
self._bmcconfig(nodename, reset)
|
||||
|
||||
def _bmcconfig(self, nodename, reset=False):
|
||||
def _bmcconfig(self, nodename, reset=False, customconfig=None):
|
||||
# TODO(jjohnson2): set ip parameters, user/pass, alert cfg maybe
|
||||
# In general, try to use https automation, to make it consistent
|
||||
# between hypothetical secure path and today.
|
||||
@ -74,6 +74,8 @@ class NodeHandler(generic.NodeHandler):
|
||||
ic = self._get_ipmicmd(user, passwd)
|
||||
else:
|
||||
raise
|
||||
if customconfig:
|
||||
customconfig(ic)
|
||||
currusers = ic.get_users()
|
||||
lanchan = ic.get_network_channel()
|
||||
userdata = ic.xraw_command(netfn=6, command=0x44, data=(lanchan,
|
||||
|
||||
@ -13,11 +13,13 @@
|
||||
# limitations under the License.
|
||||
|
||||
import confluent.discovery.handlers.imm as immhandler
|
||||
import confluent.util as util
|
||||
import pyghmi.exceptions as pygexc
|
||||
import pyghmi.ipmi.oem.lenovo.imm as imm
|
||||
|
||||
|
||||
|
||||
|
||||
class NodeHandler(immhandler.NodeHandler):
|
||||
devname = 'XCC'
|
||||
|
||||
@ -41,16 +43,45 @@ class NodeHandler(immhandler.NodeHandler):
|
||||
#if ipmicmd:
|
||||
# ipmicmd.ipmi_session.logout()
|
||||
|
||||
def validate_cert(self, certificate):
|
||||
# broadly speaking, merely checks consistency moment to moment,
|
||||
# but if https_cert gets stricter, this check means something
|
||||
fprint = util.get_fingerprint(self.https_cert)
|
||||
return util.cert_matches(fprint, certificate)
|
||||
|
||||
def set_password_policy(self, ic):
|
||||
ruleset = {'USER_GlobalMinPassChgInt': '0'}
|
||||
for rule in self.ruleset.split(','):
|
||||
if '=' not in rule:
|
||||
continue
|
||||
name, value = rule.split('=')
|
||||
if value.lower() in ('no', 'none', 'disable', 'disabled'):
|
||||
value = '0'
|
||||
if name.lower() in ('expiry', 'expiration'):
|
||||
ruleset['USER_GlobalPassExpPeriod'] = value
|
||||
if int(value) < 5:
|
||||
ruleset['USER_GlobalPassExpWarningPeriod'] = value
|
||||
if name.lower() in ('lockout', 'loginfailures'):
|
||||
if value.lower() in ('no', 'none', 'disable', 'disabled'):
|
||||
value = '0'
|
||||
ruleset['USER_GlobalMaxLoginFailures'] = value
|
||||
ic.register_key_handler(self.validate_cert)
|
||||
ic.oem_init()
|
||||
ic._oem.immhandler.wc.grab_json_response('/api/dataset', ruleset)
|
||||
|
||||
def config(self, nodename, reset=False):
|
||||
# TODO(jjohnson2): set ip parameters, user/pass, alert cfg maybe
|
||||
# In general, try to use https automation, to make it consistent
|
||||
# between hypothetical secure path and today.
|
||||
ic = self._bmcconfig(nodename)
|
||||
dpp = self.configmanager.get_node_attributes(
|
||||
nodename, 'discovery.passwordrules')
|
||||
self.ruleset = dpp.get(nodename, {}).get(
|
||||
'discovery.passwordrules', {}).get('value', '')
|
||||
ic = self._bmcconfig(nodename, customconfig=self.set_password_policy)
|
||||
ff = self.info.get('attributes', {}).get('enclosure-form-factor', '')
|
||||
if ff not in ('dense-computing', [u'dense-computing']):
|
||||
return
|
||||
# Ok, we can get the enclosure uuid now..
|
||||
ic.oem_init()
|
||||
enclosureuuid = ic._oem.immhandler.get_property(
|
||||
'/v2/ibmc/smm/chassis/uuid')
|
||||
enclosureuuid = ic._oem.immhandler.get_property(
|
||||
|
||||
@ -25,6 +25,7 @@ import eventlet.green.threading as threading
|
||||
import eventlet.greenpool as greenpool
|
||||
import eventlet.queue as queue
|
||||
import eventlet.support.greendns
|
||||
from fnmatch import fnmatch
|
||||
import pyghmi.constants as pygconstants
|
||||
import pyghmi.exceptions as pygexc
|
||||
console = eventlet.import_patched('pyghmi.ipmi.console')
|
||||
@ -32,6 +33,37 @@ ipmicommand = eventlet.import_patched('pyghmi.ipmi.command')
|
||||
import socket
|
||||
import ssl
|
||||
|
||||
pci_cache = {}
|
||||
|
||||
def get_dns_txt(qstring):
|
||||
return eventlet.support.greendns.resolver.query(
|
||||
qstring, 'TXT')[0].strings[0].replace('i=', '')
|
||||
|
||||
def get_pci_text_from_ids(subdevice, subvendor, device, vendor):
|
||||
fqpi = '{0}.{1}.{2}.{3}'.format(subdevice, subvendor, device, vendor)
|
||||
if fqpi in pci_cache:
|
||||
return pci_cache[fqpi]
|
||||
vendorstr = None
|
||||
try:
|
||||
vendorstr = get_dns_txt('{0}.pci.id.ucw.cz'.format(subvendor))
|
||||
except Exception:
|
||||
try:
|
||||
vendorstr = get_dns_txt('{0}.pci.id.ucw.cz'.format(vendor))
|
||||
except Exception:
|
||||
pass
|
||||
devstr = None
|
||||
try:
|
||||
devstr = get_dns_txt(fqpi + '.pci.id.ucw.cz')
|
||||
except Exception:
|
||||
try:
|
||||
devstr = get_dns_txt('{0}.{1}.pci.id.ucw.cz'.format(
|
||||
device, vendor))
|
||||
except Exception:
|
||||
pass
|
||||
if vendorstr and devstr:
|
||||
pci_cache[fqpi] = vendorstr, devstr
|
||||
return vendorstr, devstr
|
||||
|
||||
|
||||
# There is something not right with the RLocks used in pyghmi when
|
||||
# eventlet comes into play. It seems like sometimes on acquire,
|
||||
@ -841,7 +873,7 @@ class IpmiHandler(object):
|
||||
sanitize_invdata(invdata[1])
|
||||
newinf = {'present': True, 'information': invdata[1]}
|
||||
newinf['name'] = invdata[0]
|
||||
invitems.append(newinf)
|
||||
self.add_invitem(invitems, newinf)
|
||||
else:
|
||||
self.make_inventory_map()
|
||||
compname = self.invmap.get(component, None)
|
||||
@ -855,7 +887,7 @@ class IpmiHandler(object):
|
||||
sanitize_invdata(invdata)
|
||||
newinf = {'present': True, 'information': invdata}
|
||||
newinf['name'] = compname
|
||||
invitems.append(newinf)
|
||||
self.add_invitem(invitems, newinf)
|
||||
except ssl.SSLEOFError:
|
||||
errorneeded = msg.ConfluentNodeError(
|
||||
self.node, 'Unable to communicate with the https server on '
|
||||
@ -872,6 +904,21 @@ class IpmiHandler(object):
|
||||
if errorneeded:
|
||||
self.output.put(errorneeded)
|
||||
|
||||
def add_invitem(self, invitems, newinf):
|
||||
if fnmatch(newinf['name'], 'Adapter ??:??:??') or fnmatch(
|
||||
newinf['name'], 'PCIeGen? x*'):
|
||||
myinf = newinf.get('information', {})
|
||||
sdid = myinf.get('PCI Subsystem Device ID', None)
|
||||
svid = myinf.get('PCI Subsystem Vendor ID', None)
|
||||
did = myinf.get('PCI Device ID', None)
|
||||
vid = myinf.get('PCI Vendor ID', None)
|
||||
vstr, dstr = get_pci_text_from_ids(sdid, svid, did, vid)
|
||||
if vstr:
|
||||
newinf['information']['PCI Vendor'] = vstr
|
||||
if dstr:
|
||||
newinf['name'] = dstr
|
||||
invitems.append(newinf)
|
||||
|
||||
def handle_sensors(self):
|
||||
if self.element[-1] == '':
|
||||
self.element = self.element[:-1]
|
||||
|
||||
Loading…
Reference in New Issue
Block a user