From fa1c2f5c1edcf56ac7ca85149120f2f6274a76a8 Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Fri, 8 Jan 2021 16:32:41 -0500 Subject: [PATCH] Only offer deployment if a candidate manager If candidate managers are defined, and this node is not in that set, ignore PXE and SSDP requests to opt out of deployment. --- .../confluent/discovery/protocols/pxe.py | 26 ++++++++++++++----- .../confluent/discovery/protocols/ssdp.py | 9 ++++++- 2 files changed, 27 insertions(+), 8 deletions(-) diff --git a/confluent_server/confluent/discovery/protocols/pxe.py b/confluent_server/confluent/discovery/protocols/pxe.py index 791b508b..d1bf4043 100644 --- a/confluent_server/confluent/discovery/protocols/pxe.py +++ b/confluent_server/confluent/discovery/protocols/pxe.py @@ -23,6 +23,8 @@ # option 97 = UUID (wireformat) import confluent.config.configmanager as cfm +import confluent.collective.manager as collective +import confluent.noderange as noderange import confluent.log as log import confluent.netutil as netutil import ctypes @@ -264,9 +266,7 @@ def proxydhcp(): if not myipn: continue if opts.get(77, None) == b'iPXE': - cfd = cfg.get_node_attributes(node, ('deployment.*')) - profile = cfd.get(node, {}).get( - 'deployment.pendingprofile', {}).get('value', None) + profile = get_deployment_profile(node, cfg) if not profile: continue myip = socket.inet_ntoa(myipn) @@ -428,17 +428,29 @@ def remap_nodes(nodeattribs, configmanager): macmap[updates[node][attrib]['value'].lower()] = node +def get_deployment_profile(node, cfg): + cfd = cfg.get_node_attributes(node, ('deployment.*')) + profile = cfd.get(node, {}).get('deployment.pendingprofile', {}).get('value', None) + if not profile: + return None + candmgrs = cfd.get(node, {}).get('collective.managercandidates', {}).get('value', None) + if candmgrs: + candmgrs = noderange.NodeRange(candmgrs, cfg).nodes + if collective.get_myname() not in candmgrs: + return None + return profile + staticassigns = {} myipbypeer = {} def check_reply(node, info, packet, sock, cfg, reqview): httpboot = info['architecture'] == 'uefi-httpboot' replen = 275 # default is going to be 286 - cfd = cfg.get_node_attributes(node, ('deployment.*')) - profile = cfd.get(node, {}).get('deployment.pendingprofile', {}).get('value', None) - myipn = info['netinfo']['recvip'] - myipn = socket.inet_aton(myipn) + profile = get_deployment_profile(node, cfg) if not profile: return + myipn = info['netinfo']['recvip'] + myipn = socket.inet_aton(myipn) + rqtype = packet[53][0] insecuremode = cfd.get(node, {}).get('deployment.useinsecureprotocols', {}).get('value', 'never') diff --git a/confluent_server/confluent/discovery/protocols/ssdp.py b/confluent_server/confluent/discovery/protocols/ssdp.py index 86977674..456fb1c4 100644 --- a/confluent_server/confluent/discovery/protocols/ssdp.py +++ b/confluent_server/confluent/discovery/protocols/ssdp.py @@ -29,7 +29,9 @@ import confluent.config.configmanager as cfm +import confluent.collective.manager as collective import confluent.neighutil as neighutil +import confluent.noderange as noderange import confluent.util as util import confluent.log as log import confluent.netutil as netutil @@ -186,10 +188,15 @@ def snoop(handler, byehandler=None, protocol=None, uuidlookup=None): # planned for cfg = cfm.ConfigManager(None) cfd = cfg.get_node_attributes( - node, 'deployment.pendingprofile') + node, ['deployment.pendingprofile', 'collective.managercandidates']) if not cfd.get(node, {}).get( 'deployment.pendingprofile', {}).get('value', None): break + candmgrs = cfd.get(node, {}).get('collective.managercandidates', {}).get('value', None) + if candmgrs: + candmgrs = noderange.NodeRange(candmgrs, cfg).nodes + if collective.get_myname() not in candmgrs: + break currtime = time.time() seconds = int(currtime) msecs = int(currtime * 1000 % 1000)