xCAT/confluent
2
0
Fork 0
mirror of https://github.com/xcat2/confluent.git synced 2024-11-22 01:22:00 +00:00
Code Issues Projects Releases Wiki Activity
4,299 Commits 39 Branches 63 Tags 18 MiB
webauthn
Commit Graph

2004 Commits

Author SHA1 Message Date
Jarrod Johnson
3c3d6bb314 Fix auth handling of the session/info 2022-05-25 17:40:35 -04:00
Jarrod Johnson
f6a17b5f32 Have validate serve as session info request 
This should facilitate login.

Further, provide a quick persistence for the
credential test backend
 2022-05-25 15:58:20 -04:00
Jarrod Johnson
e0079b5a86 Amend webauthn validation api 2022-05-25 10:58:02 -04:00
Jarrod Johnson
c93f09bc91 Provide hook to get registered credentials 
This has to relax the session in getting and requesting validation.
 2022-05-24 19:17:31 -04:00
Jarrod Johnson
9b39c96135 Begin work on webauthn support 
Provide appropriate registration options as a first
step.
 2022-05-24 10:22:34 -04:00
Jarrod Johnson
a3cce144bc Extend manager principals for ssh 
When doing osdeploy initialize -l (not recommended usually),
add on more forms of the name and ip addresses
to be consistent with node ssh behavior.
 2022-05-24 07:24:56 -04:00
Jarrod Johnson
f9d47bb0d3 Fix markingrequest as not implemented 
The Geist PDU support inadvertently took down
unrelated parts of a request, fix by
properly showing not implemented in
a node specific way.
 2022-05-20 08:35:43 -04:00
Jarrod Johnson
eb99fbd8b2 Switch from clear buffer to sized memoryview 
Use the recvmsg hint to mask out the buffer rather
than zeroing the entire buffer. This is more efficient
and further improves efficiency of parsing of the packet.
 2022-05-14 18:35:15 -04:00
Jarrod Johnson
54741517f1 Clear DHCP buffer between recv 
Very large PXE requests can leave residual
information that small, non-pxe requests will
interact poorly with, leading to spurious pxe-client
with cloned uuid of most recent large request.

Clearing between IO normalizes the state to avoid the bleed
over.
 2022-05-14 18:12:19 -04:00
Jarrod Johnson
459c9a5210 Wait for a login attempt to run its course 
If an existing session was not quite logged in, but
may be getting there, join in and wait for result
instead of starting over again.
 2022-05-12 16:39:58 -04:00
Jarrod Johnson
c328fea49a Cleaner output on cli 
Based on feedback, remove the added 'inlet_' from pdu
output.

Also, fix geist plugin to block unsupported
features for now.
 2022-05-11 16:01:43 -04:00
Jarrod Johnson
caba650143 Add nodepower arguments for PDU operations 2022-05-11 14:59:54 -04:00
Jarrod Johnson
e4d7be649a Fix single inlet operations 2022-05-11 13:31:19 -04:00
Jarrod Johnson
d8a0f111db Implement changing PDU state on set 2022-05-11 08:53:24 -04:00
Jarrod Johnson
8dbcc804ed Pull outlets into the generic hierarchy 
This will more easily facilitate adding pdus without dependent nodes.
 2022-05-10 16:05:37 -04:00
Jarrod Johnson
6229cb23e8 Begin PDU implementation 2022-05-10 16:00:08 -04:00
Jarrod Johnson
2925c291cf Increase ipmi concurrency 
128 can be a bit limiting, try 512 for improved responsiveness
 2022-05-05 09:28:09 -04:00
Jarrod Johnson
86891eb2e5 Rework resolv watcher 
Handle symlinks better and do not trigger overly
eagerly
 2022-05-05 09:26:55 -04:00
Jarrod Johnson
d3129847b4 Add recognition of Alma 9 and (presumably) rocky 9 2022-05-04 14:16:51 -04:00
Jarrod Johnson
e2e4014db3 Make ubuntu case insensitive on import 
Ubuntu changes their minds about case of some files.
 2022-05-04 11:01:59 -04:00
Jarrod Johnson
48fd496637 Fix discovery uuid cross-reference 
The SSDP does an endian scramble of the smm uuid,
fix it, and also update the core to prefer the
processed enclosure.uuid attribute.
 2022-04-27 15:09:40 -04:00
Jarrod Johnson
46ffe3f5f2 Fix license directory name for confluent server 2022-04-26 08:00:13 -04:00
Jarrod Johnson
060f639ab3 Flag license files appropriately 2022-04-25 17:02:35 -04:00
Jarrod Johnson
9333c999c9 Adjust setup.py licensing for older setuptools 2022-04-25 16:48:31 -04:00
Jarrod Johnson
66f2ba98ec Set up confluent licensisng in setupdist context 2022-04-25 16:15:49 -04:00
Jarrod Johnson
f6a16a89f2 Prevent spaces in nodenames 2022-04-20 08:55:54 -04:00
Jarrod Johnson
212aa5c6e2 Add ability to unsubscribe from a terminal session 2022-04-13 16:44:01 -04:00
Jarrod Johnson
2bf9a6d415 Add support for consolidated term websocket 
Since browsers can be stingy with websockets, have
the consoles all share a single websocket.
 2022-04-13 16:08:13 -04:00
Jarrod Johnson
7a0dee8af8 Fix keepalive/logout behavior in ws async 
Use the websocket liveness as the keepalive, so
the reaper is not scheduled for such sockets.

Additionally, register the async thread as to be killed on logout.
 2022-04-05 16:56:36 -04:00
Jarrod Johnson
105536656e Implement async session on websocket 
This eliminates long polling and sets the stage to restore
socket sharing by terminals and shells.
 2022-04-05 16:33:03 -04:00
Jarrod Johnson
8ef91c16c0 Do not let an existing /var/lib/confluent block the requisite chown 2022-04-05 09:35:05 -04:00
Jarrod Johnson
777bdfac5c Fix the incorrect parameter name in setting password policy 
The mistake was keeping the requisite rule from applying
 2022-03-30 11:16:33 -04:00
Jarrod Johnson
d651c29149 Add password expiration recovery to smm discovery 
SMM discover can now also unexpire password during onboarding.
 2022-03-30 08:50:08 -04:00
Jarrod Johnson
b4f021cfad Fix omission in SSDP snoop 2022-03-30 08:24:25 -04:00
Jarrod Johnson
69a06a6923 Implement a password unexpiration mechanism in xcc 
If the node has expired password, do what is necessary to unexpire the
password
to get through assignment.
 2022-03-30 08:07:25 -04:00
Jarrod Johnson
d214e7e442 Normalize blank strings in cfgdata 
In cfgdata, make '' replaced by None for
consistent behavior for cleared and blanked
attributes.
 2022-03-25 08:59:46 -04:00
Jarrod Johnson
e4e15d87a7 Background redfish check on snoop 
When snooping, if a redfish device comes along, background the
query so that it is unable to block the main SSDP receive routine.
 2022-03-24 17:18:05 -04:00
Jarrod Johnson
21bfc29a89 Make more clear the default behavior when prompting 2022-03-24 11:18:37 -04:00
Jarrod Johnson
7a66567625 Add missing monotic dependency 2022-03-24 09:20:14 -04:00
Jarrod Johnson
cd3d248a78 Add identimage to rpm build 2022-03-17 13:04:24 -04:00
Jarrod Johnson
bfd40b51de Correct name of ident_image api 2022-03-17 09:35:49 -04:00
Jarrod Johnson
94ab644f5c Create mechanism to create node identity images 
These images are used in the flow of routed deployment.
 2022-03-16 15:41:07 -04:00
Jarrod Johnson
fdd3ec4233 Fix check for confluent service having started 
Give confluent full chance to set things up prior
to proceeding.
 2022-03-16 10:28:44 -04:00
Jarrod Johnson
b2603aa1f8 Set ownership of /var/lib/confluent on installation 
Some paths fail to initialize ownership earlier, give it
a head start
 2022-03-16 10:26:16 -04:00
Jarrod Johnson
32081edec8 Workaround ':' format specifier syntax 
Older python will break by assuming that
: always means a format expression is coming.

Move the field value fetch to format_field, and ascertain if some of the
expression was shunted to format specification
by mistake.
 2022-03-11 12:21:09 -05:00
Jarrod Johnson
dc0183fdf4 Add [] slicing/indexing to confluent attribute expression syntax 
This permits expressions like:
node[:-3]
To say nodename, but leave out 3 chars.
Or:
node[3:]
To skip the first three characters.
 2022-03-11 11:23:43 -05:00
Jarrod Johnson
ceada3b7d9 Provide API for using one-time shared secret to register api key 
This permits long haul node api key registration over a single port. It cannot validate that
the requester is privileged, but the auto-invalidation
offsets the risk of subsequent users having read access to the remote mount.
 2022-03-10 16:06:02 -05:00
Jarrod Johnson
6a30afa31e Have SSDP ignore multicast disabled interfaces 2022-03-09 11:01:01 -05:00
Jarrod Johnson
0abe978bd9 Implement hmac of apikey 
For routed deployment, we have to preshare some information.

Additionally, the API arm mechanism gets too open ended.

Add support for using a shared secret over another
channel to do HMAC of a key to authenticate peer,
which has an alternate api arming mechanism
that is hardened.
 2022-03-08 14:46:00 -05:00
Jarrod Johnson
e67bab4f12 Place cap on api password length 
No more than 48 characters should ever be in
an api token. Cap it to avoid outrageous crypt
behavior at large password length.
 2022-03-08 09:15:13 -05:00