xCAT/confluent
2
0
Fork 0
mirror of https://github.com/xcat2/confluent.git synced 2024-11-25 02:52:07 +00:00
Code Issues Projects Releases Wiki Activity
4,697 Commits 39 Branches 63 Tags 18 MiB
3.7
Commit Graph

2198 Commits

Author SHA1 Message Date
Jarrod Johnson
8b89232922 Do not get collective member when collective doesn't exist 2023-03-06 16:59:07 -05:00
Jarrod Johnson
22c464e092 Only add self to collective if self not yet in collective 
Previously, it was safe to just do all the time, but now it may lose
the role.
 2023-03-06 16:49:03 -05:00
Jarrod Johnson
4d9b11bc55 Fix quorum when there is no collective yet 2023-03-06 16:38:09 -05:00
Jarrod Johnson
baa365fcac Implement non-voting collective members 
Provide for applications
where only a small subset of collective
members should be
considered to count
toward whether the collective
can proceed.

Commonly, 'service' nodes may
be numerous to do work, but may all want to go offline
during a maintenance window.
 2023-03-06 11:56:15 -05:00
Jarrod Johnson
b4182cd4b5 Fix formation of error message 
Use format to take in the parameters regardless of type
 2023-02-27 14:55:01 -05:00
Jarrod Johnson
70d8a1059c Consistently treat bytes as bytes in ssh 
In Python3 systems,
there would be confusion
about bytes versus str.

Fix this so that ssh can work more consistently.
 2023-02-24 15:47:20 -05:00
Jarrod Johnson
5ea214a726 Use eventlet subprocess 
sshutil uses eventlet subprocess,
making calledprocesserror
hard to catch.

Adjust to consistently use same
subprocesss module.
 2023-02-22 16:34:13 -05:00
Jarrod Johnson
b99034f539 Improve reliability of collective join 
While servicing an enrollment,
there's a window for a collective
member to be 'defined' but not
yet active, meaning quorum may transiently be lost as multiple enrollments progress.

Serialize enrollments by holding the enrollment process open.

Also, there is a chance that a transient transfer error may occur during loading
of the DB.  In such a case, restart
the connection rather thn aborting.
 2023-02-22 16:11:38 -05:00
Jarrod Johnson
6df2e822a5 Correct api call in discovery 2023-02-22 09:34:32 -05:00
Jarrod Johnson
241800b1c9 Restore filename-only import 
The open file handle as implemented
could not pass to the subprocess.

Rather than figure out how to open
and pass the filehandle,
simply let the subprocess
independently open the file
if it isn't passed.
 2023-02-16 09:13:05 -05:00
Jarrod Johnson
abc639e32b Preferentially support HTTPS on Eaton PDU 
While Eaton does not do HTTPS by default,
it can be configured to do so.

Support when available.

Mitigate downgrade attack by
stickying the cert fingerprint.
If fingerprint is present, then refuse
to even think about port 80.
 2023-02-15 17:03:35 -05:00
Jarrod Johnson
90af99e864 Add more clear error on syncfile mistake 
If a bad node was included in
a syncfile, the error was highly misleading.

Provide a more clear indicaiton of the problem on failure.
 2023-02-14 14:53:40 -05:00
Jarrod Johnson
09ce824c85 Fix bad lookup attempts on slashed addr 
While this should in theory be
harmless, it exacerbates some
DNS setups that would look
up the normal result quickly,
but would stall on
a bad lookup.
 2023-02-14 14:53:40 -05:00
Jarrod Johnson
36195198a6 Add fallback for newer msgpack 
Newer msgpack refuses the encoding argument, use raw=False instead.

Further, newer msgpack refuses to accept int as key by default.
Opt into it as the risk is hash collision due to msgpack int being used directly, and
we aren't dealing with untrusted
peer (we only talk to ourselves).
 2023-02-14 14:53:40 -05:00
Jarrod Johnson
fcde113e08 Add a check of dns.domain to selfcheck for node 2023-02-08 14:45:16 -05:00
Jarrod Johnson
8cf97833ab Fixes for certificate directed discovery 2023-02-01 13:09:40 -05:00
Jarrod Johnson
3e747069d9 Try to get verified bay from SMMs 
With V3 systems, we can now ask
the SMMs for the certificates
and use that for a verified
measurement, regardless of
whether the XCC is returning
the correct bay number.
 2023-02-01 12:57:27 -05:00
Jarrod Johnson
c687da4d5f Tweak architecture override on import 2023-01-31 15:57:41 -05:00
Jarrod Johnson
340ccc422c Specify check for arch override of addons.cpio 
For now, keep using x86_64 as
default, but allow overrides
for other architectures.

One day it may be cleaner to move all addons.cpio to
arch specific subdirs.
 2023-01-31 15:27:45 -05:00
Jarrod Johnson
8e1cc63ac0 Correct spelling of keyword argument in ipmi 2023-01-31 15:00:22 -05:00
Jarrod Johnson
1777223232 Fixes for osdeploy arm ipxe init 2023-01-27 08:40:31 -05:00
Jarrod Johnson
648290ffbc Begin implementing aarch64 deploy support 2023-01-27 08:00:38 -05:00
Jarrod Johnson
0008998680 Add api method to request all mac data 
This will provide easy way for
client to get FDB data, potentially
for use in conjunction with discovery data.

For now, leave LLDP out, as that isn't currently cached
at the confluent layer.
 2023-01-23 13:37:29 -05:00
Jarrod Johnson
2e059b5887 Make an API for getting full discovery data in one fetch 
This makes for faster nodediscover being possible, also
makes web management of the data easier
 2023-01-23 11:47:33 -05:00
Jarrod Johnson
792e6472e4 Fix IPv6 addresses_match 
fe80:: could be submitted during
collective startup, handle that problem appropriately.
 2023-01-23 11:24:25 -05:00
Jarrod Johnson
75f020f53c Have apiarmed continuous be properly respected for shared secret 
Remote media was erroneously being invalidated, despite user opting
out of the strict security.
 2023-01-19 14:54:18 -05:00
Jarrod Johnson
01f939b871 Have SuSE path also not be bothered by inability to restart web service 2023-01-18 08:50:30 -05:00
Jarrod Johnson
1f23750356 Add affluent detection to confluent 
Affluent agent will now have an SSDP
response.  Add support for at
least recognizing and presenting
this in the discovery data.
 2023-01-17 15:11:12 -05:00
Jarrod Johnson
d1265af828 Handle more errors 
subprocess may throw other errors that aren't calledprocesserrors,
in newer python versions.  Handle the case more broadly.
 2023-01-17 10:04:10 -05:00
Jarrod Johnson
51e53405d8 Add attributes for profiles to report state 
Profiles may want to report things
like success and error
 2023-01-13 12:54:21 -05:00
Jarrod Johnson
7f31ae5b57 Fix syntax error 2023-01-13 11:15:51 -05:00
Jarrod Johnson
a09e1a3f8b Handle IPv6 not set on IPMI nodes 2023-01-13 11:07:13 -05:00
Jarrod Johnson
bc452b9b9a Restore role-less group 
If a group is missing a role,
coerce it to administrator
 2023-01-13 10:01:52 -05:00
Jarrod Johnson
453d1f9ceb Add IPv6 configuration support 
For redfish and IPMI devices,
support new IPv6 static configuration
controls
 2023-01-13 10:01:28 -05:00
Jarrod Johnson
feed125c86 Fix restoration of old confluent db 
Old confluent DB may have None in role. This is no longer
allowed.  Restore such entries by coercing them to 'Administrator'
which is how old confluent treated such users.
 2023-01-12 08:38:55 -05:00
Jarrod Johnson
0e18a0c141 Fix routed nodeconfig in nodediscover 2023-01-09 08:55:46 -05:00
Jarrod Johnson
57b6d8677b Fix syncfiles compatibility with IPv6 2023-01-06 09:33:06 -05:00
Jarrod Johnson
130fce0320 Prevent bulk renames from stomping on itself 
If multiple things try to renam to the same thing, block the action.
 2022-12-15 15:42:10 -05:00
Jarrod Johnson
367854128a Several fixes for imgutil 
imgutil had a number of issues
contending with a distribution-less
image being packed/unpacked.
 2022-12-14 16:51:39 -05:00
Jarrod Johnson
adbf96f23f Use bytearray in PXE processing 
Python 2 and 3 are inconsistent
with how they treat memoryview,
but they are consistent on bytearray
treatment

Since rqv is merely a cheaply sliceable view of rq, use rq directly
for functions where the difference
between 2 and 3 would matter.
 2022-12-02 11:24:00 -05:00
Jarrod Johnson
58a4c22aa2 Allow custom privilege levels through messages layer 
If a user has created custom roles, designate custom. as
a prefix to indicate they really
mean what they say
 2022-11-30 11:40:36 -05:00
Jarrod Johnson
57d01ddcaa Base all web forwarding from 3901 
This makes the web forwarding more predictable for
firewall rules
 2022-11-28 15:17:59 -05:00
Jarrod Johnson
05bbd8f63a Further refine pxe logging and fix external DHCP pxe 2022-11-22 11:08:45 -05:00
Jarrod Johnson
bb54ca0f8f Fix mistake caused by erant paste 2022-11-22 09:31:39 -05:00
Jarrod Johnson
2c7b58d47a Put brakes on configuration if no gateway and target is remote 
This configuration would certainly destroy remote connectivity.
 2022-11-22 09:24:18 -05:00
Jarrod Johnson
7341164f36 Have pure proxyDHCP trigger discovery and logs 
For users that fully delegate core DHCP, provide discovery and
logging for PXE as it comes in.
 2022-11-22 09:09:21 -05:00
Jarrod Johnson
626aca0691 Implement proxyDHCP remote operation 
Provide means to function if we are
only the proxyDHCP service, delegated
from DHCP server.
 2022-11-21 13:26:37 -05:00
Jarrod Johnson
132e40cdcb Fix syntax mistak in attribute update 2022-11-21 10:18:58 -05:00
Jarrod Johnson
90a8d80b45 Rework trusted networks to attribute 
This allows  more flexibility and less oddity with how remote subnets are treated.
 2022-11-21 09:57:27 -05:00
Jarrod Johnson
963b35cd32 More aggressive timeout redfish checking 
To make scans go faster, be more aggressive in
giving up on non-responsive targets.
 2022-11-18 14:24:58 -05:00