Jarrod Johnson
ba0d600bf7
Prepare osimage initialize
...
Provide a helper for the various
setup steps required for
getting ready for OS deployment.
2020-05-21 17:07:58 -04:00
Jarrod Johnson
8ce8f18f56
Change certutil to be a module
...
This allows it to be used from within
osimage command.
2020-05-21 15:56:16 -04:00
Jarrod Johnson
0af9db5eb7
Autodetect TLS key/cert locations
...
This facilitates easier getting started when possible.
2020-05-21 15:55:22 -04:00
Jarrod Johnson
22d5da3ae9
Rename certs to pem
...
There are contexts where the .cert name is not
recognized, go for .pem name instead.
2020-05-21 14:37:17 -04:00
Jarrod Johnson
540d0e1795
Fix SUSE certificate handling
...
SUSE requires things go through update-ca-certificates,
update the generated certs and the post to do that.
2020-05-18 19:37:54 -04:00
Jarrod Johnson
b73c561ca9
Support relative path import
...
Have osimage import correct to absolute
path for import.
2020-05-12 15:02:18 -04:00
Jarrod Johnson
1ba2386b82
Provide keyname to importer
...
This allows client to reliably make association
between import request and tracking
the import activity.
2020-05-12 14:47:00 -04:00
Jarrod Johnson
1beed070fd
Add help text to usage
2020-05-12 09:53:46 -04:00
Jarrod Johnson
5addc7519d
Rename osdeploy to osimage
2020-05-12 09:48:57 -04:00
Jarrod Johnson
7a68d1444b
Extend osdeploy to have a config
2020-05-12 09:48:27 -04:00
Jarrod Johnson
d90e87e153
Fix backup/restore with python3
...
backup/restore with password
was having problems with python3
2020-05-07 16:22:56 -04:00
Jarrod Johnson
051b8259fd
Update certutil to update site tls
...
This puts the certificate in a location
to be picked up by installers,
complete with subject_hash
so that SuSE can easily pull
them in.
2020-04-22 13:33:31 -04:00
Jarrod Johnson
a3f7fc12b5
Include fe80 in cert
...
fe80 is needed and a valid
thing to assert.
2020-04-10 09:59:53 -04:00
Jarrod Johnson
8fb206b1f7
Fix cert util on pythoen3
...
python 3 had bytes and not str and need to be
decoded before string operations.
2020-03-16 09:27:34 -04:00
Jarrod Johnson
1bf7c6970f
Merge branch 'master' into osdeploy
2020-03-13 11:06:26 -04:00
Jarrod Johnson
a86d962984
Fix missing pwd import
...
The pwd module was accidentally omitted, fix the mistake.
2020-03-13 11:04:16 -04:00
Jarrod Johnson
6ade0952c7
Workaround incorrect TLS clients
...
Standards compliant TLS clients require
that IP addresses be compared against
IP type SAN fields.
However, some firmware ignores IP fields and only checks DNS fields.
Workaround and provide compatibility
by duplicating the IP as DNS and IP fields.
Also, clean up the temporary config file when done.
2020-03-12 19:06:05 -04:00
Jarrod Johnson
e97214ca50
Merge branch 'master' into osdeploy
2020-03-12 16:05:08 -04:00
Jarrod Johnson
9ee29aabe1
Set certificate ownership properly
...
When creating certificate for collective, ensure that the certificate
is usable by confluent when running
as non-root.
2020-03-12 16:04:23 -04:00
Jarrod Johnson
114324f513
Add CA to self signed cert constraints
...
Some applications require this be set for it to work
as an enrolled certificate. Notably UEFI
requires this.
2020-02-24 15:34:55 -05:00
Jarrod Johnson
f6d4fef5e6
Improve error message for collective
...
When trying to not run as root, give a
better error message explaining the
situation more clearly.
2020-02-18 16:16:40 -05:00
Jarrod Johnson
3bc366bef4
Fix mistake in the cert util
2020-02-03 15:37:20 -05:00
Jarrod Johnson
c666b11138
Add ability to foreground exec confluent
...
This allows easier debug and option for unit file
in systemd to run foreground if it makes sense.
2020-01-31 08:10:01 -05:00
Jarrod Johnson
8cab591a8b
Add collective member deletion
...
This allows deletion of a dead member, down to deleting down to non-collective
mode.
2019-10-10 11:30:03 -04:00
Jarrod Johnson
c1953bdad3
Another set of python 3 compatibility
...
Numerous issues arose, particularly
when participating in a mixed
collective.
2019-10-08 10:45:43 -04:00
Jarrod Johnson
578ba06aa3
Fix python3 problem with octal
2019-10-08 09:06:15 -04:00
Jarrod Johnson
90e546bcac
Implement a number of py3 compatible adjustments
2019-10-02 08:58:39 -04:00
Jarrod Johnson
44d6bde3ff
Make /usr/bin/env python point to python2
...
Same as before, more RHEL8 compatibility changes
2019-09-23 11:04:52 -04:00
Jarrod Johnson
4dab5fc527
Adapt to RHEL or Debian openssl config locations
2019-08-05 16:16:42 -04:00
Jarrod Johnson
5d572f17f9
Enhance collective usage output
...
Collective usage output provided no hints as to how to access more detailed
help. Amend the wording to make this more clear/obvious.
2019-04-03 14:23:30 -04:00
Jarrod Johnson
8a03bc48de
Tentatively store certutil
...
Commit to repository, even though not yet used. It is likely to
be renamed. The purpose is to help generate an appropriate self signed
cert for https including all the ip addresses as subject alternative
names so that names or addresses may be used with installers that
have had the cert injected.
2018-12-11 13:51:46 -05:00
Jarrod Johnson
d5c093a30d
Provide fallback for unexpected reply in collective show
2018-10-10 09:46:01 -04:00
Jarrod Johnson
cf9d2a43e8
Revert "Provide fallback for unexpected reply in collective show"
...
This reverts commit 2f566fb81d
.
2018-10-10 09:44:06 -04:00
Jarrod Johnson
2f566fb81d
Provide fallback for unexpected reply in collective show
2018-10-10 09:41:25 -04:00
Jarrod Johnson
73c06fd25e
Fix display of error on join of collective
2018-10-08 09:54:03 -04:00
Jarrod Johnson
f0edbbad39
Have collective show present some info when not in quorum
2018-07-20 14:11:38 -04:00
Jarrod Johnson
96671ace4e
Correct collective show behavior
2018-07-19 16:48:30 -04:00
Jarrod Johnson
bcff3fc962
Improve collective show readability
2018-07-19 16:39:13 -04:00
Jarrod Johnson
67d6e9a6c7
Add collective show
...
Provide a harmless way to look at collective state
2018-07-09 15:07:24 -04:00
Jarrod Johnson
a4edf9afb8
Rename confluentutil to collective
...
Also adjust output to be a bit more automation friendly.
2018-07-09 13:33:56 -04:00
Jarrod Johnson
401352998c
Correctly show the error on non-leader
...
When non-leader tries to invite, print the error rather than unhelpful
exception with no helpful data.
2018-06-26 14:35:23 -04:00
Jarrod Johnson
38898ca921
Auto-make certificate if missing
...
Automatically fix a missing certificate if this is the case.
2018-06-19 11:05:38 -04:00
Jarrod Johnson
f2500d9d27
Add general confluentutil command
...
This provides util commands to manage certificates and collective
membership.
2018-06-13 16:23:49 -04:00
Jarrod Johnson
0507e89da8
Add ability to skip key backup and interactive password
...
Backups should carefully protect keys.json, but that's only feasible
interactively. However keys don't change, so have a way to combine
protected keys.json with password with relatively safe non-interactive
incremental backups.
2018-06-13 16:22:40 -04:00
Jarrod Johnson
8515d43dad
A shell script to illustrate generating ECDSA key
...
For now put down the openssl commands required to get the key and
certificate available.
2018-06-12 16:57:36 -04:00
Jarrod Johnson
39e9bf0be5
Cleaner handling of invalid names in restore attempt
...
Detect problems ahead af time and more cleanly print a message.
2018-05-17 14:40:19 -04:00
Jarrod Johnson
04781e0ece
Actually hook up the redact feature
2017-02-15 10:46:27 -05:00
Jarrod Johnson
9bd0b7af9d
Make confluentdbutil executable
2017-02-15 10:46:27 -05:00
Jarrod Johnson
ae806e55b0
Add a utility to frontend DB dump/restore
...
This exposes the library functions as a utility
2017-02-15 10:46:26 -05:00
Jarrod Johnson
ad20193309
Make confluent and confluentsrv.py identical
...
The two files should be identical. confluentsrv.py exists
only because PyInstaller struggles unless the target is a
'py' file and does not have some namespace conflict with a
module.
2015-09-23 11:58:48 -04:00