2
0
mirror of https://github.com/xcat2/confluent.git synced 2024-11-26 11:30:23 +00:00
Commit Graph

56 Commits

Author SHA1 Message Date
Jarrod Johnson
ba0d600bf7 Prepare osimage initialize
Provide a helper for the various
setup steps required for
getting ready for OS deployment.
2020-05-21 17:07:58 -04:00
Jarrod Johnson
8ce8f18f56 Change certutil to be a module
This allows it to be used from within
osimage command.
2020-05-21 15:56:16 -04:00
Jarrod Johnson
0af9db5eb7 Autodetect TLS key/cert locations
This facilitates easier getting started when possible.
2020-05-21 15:55:22 -04:00
Jarrod Johnson
22d5da3ae9 Rename certs to pem
There are contexts where the .cert name is not
recognized, go for .pem name instead.
2020-05-21 14:37:17 -04:00
Jarrod Johnson
540d0e1795 Fix SUSE certificate handling
SUSE requires things go through update-ca-certificates,
update the generated certs and the post to do that.
2020-05-18 19:37:54 -04:00
Jarrod Johnson
b73c561ca9 Support relative path import
Have osimage import correct to absolute
path for import.
2020-05-12 15:02:18 -04:00
Jarrod Johnson
1ba2386b82 Provide keyname to importer
This allows client to reliably make association
between import request and tracking
the import activity.
2020-05-12 14:47:00 -04:00
Jarrod Johnson
1beed070fd Add help text to usage 2020-05-12 09:53:46 -04:00
Jarrod Johnson
5addc7519d Rename osdeploy to osimage 2020-05-12 09:48:57 -04:00
Jarrod Johnson
7a68d1444b Extend osdeploy to have a config 2020-05-12 09:48:27 -04:00
Jarrod Johnson
d90e87e153 Fix backup/restore with python3
backup/restore with password
was having problems with python3
2020-05-07 16:22:56 -04:00
Jarrod Johnson
051b8259fd Update certutil to update site tls
This puts the certificate in a location
to be picked up by installers,
complete with subject_hash
so that SuSE can easily pull
them in.
2020-04-22 13:33:31 -04:00
Jarrod Johnson
a3f7fc12b5 Include fe80 in cert
fe80 is needed and a valid
thing to assert.
2020-04-10 09:59:53 -04:00
Jarrod Johnson
8fb206b1f7 Fix cert util on pythoen3
python 3 had bytes and not str and need to be
decoded before string operations.
2020-03-16 09:27:34 -04:00
Jarrod Johnson
1bf7c6970f Merge branch 'master' into osdeploy 2020-03-13 11:06:26 -04:00
Jarrod Johnson
a86d962984 Fix missing pwd import
The pwd module was accidentally omitted, fix the mistake.
2020-03-13 11:04:16 -04:00
Jarrod Johnson
6ade0952c7 Workaround incorrect TLS clients
Standards compliant TLS clients require
that IP addresses be compared against
IP type SAN fields.

However, some firmware ignores IP fields and only checks DNS fields.

Workaround and provide compatibility
by duplicating the IP as DNS and IP fields.

Also, clean up the temporary config file when done.
2020-03-12 19:06:05 -04:00
Jarrod Johnson
e97214ca50 Merge branch 'master' into osdeploy 2020-03-12 16:05:08 -04:00
Jarrod Johnson
9ee29aabe1 Set certificate ownership properly
When creating certificate for collective, ensure that the certificate
is usable by confluent when running
as non-root.
2020-03-12 16:04:23 -04:00
Jarrod Johnson
114324f513 Add CA to self signed cert constraints
Some applications require this be set for it to work
as an enrolled certificate.  Notably UEFI
requires this.
2020-02-24 15:34:55 -05:00
Jarrod Johnson
f6d4fef5e6 Improve error message for collective
When trying to not run as root, give a
better error message explaining the
situation more clearly.
2020-02-18 16:16:40 -05:00
Jarrod Johnson
3bc366bef4 Fix mistake in the cert util 2020-02-03 15:37:20 -05:00
Jarrod Johnson
c666b11138 Add ability to foreground exec confluent
This allows easier debug and option for unit file
in systemd to run foreground if it makes sense.
2020-01-31 08:10:01 -05:00
Jarrod Johnson
8cab591a8b Add collective member deletion
This allows deletion of a dead member, down to deleting down to non-collective
mode.
2019-10-10 11:30:03 -04:00
Jarrod Johnson
c1953bdad3 Another set of python 3 compatibility
Numerous issues arose, particularly
when participating in a mixed
collective.
2019-10-08 10:45:43 -04:00
Jarrod Johnson
578ba06aa3 Fix python3 problem with octal 2019-10-08 09:06:15 -04:00
Jarrod Johnson
90e546bcac Implement a number of py3 compatible adjustments 2019-10-02 08:58:39 -04:00
Jarrod Johnson
44d6bde3ff Make /usr/bin/env python point to python2
Same as before, more RHEL8 compatibility changes
2019-09-23 11:04:52 -04:00
Jarrod Johnson
4dab5fc527 Adapt to RHEL or Debian openssl config locations 2019-08-05 16:16:42 -04:00
Jarrod Johnson
5d572f17f9 Enhance collective usage output
Collective usage output provided no hints as to how to access more detailed
help.  Amend the wording to make this more clear/obvious.
2019-04-03 14:23:30 -04:00
Jarrod Johnson
8a03bc48de Tentatively store certutil
Commit to repository, even though not yet used.  It is likely to
be renamed.  The purpose is to help generate an appropriate self signed
cert for https including all the ip addresses as subject alternative
names so that names or addresses may be used with installers that
have had the cert injected.
2018-12-11 13:51:46 -05:00
Jarrod Johnson
d5c093a30d Provide fallback for unexpected reply in collective show 2018-10-10 09:46:01 -04:00
Jarrod Johnson
cf9d2a43e8 Revert "Provide fallback for unexpected reply in collective show"
This reverts commit 2f566fb81d.
2018-10-10 09:44:06 -04:00
Jarrod Johnson
2f566fb81d Provide fallback for unexpected reply in collective show 2018-10-10 09:41:25 -04:00
Jarrod Johnson
73c06fd25e Fix display of error on join of collective 2018-10-08 09:54:03 -04:00
Jarrod Johnson
f0edbbad39 Have collective show present some info when not in quorum 2018-07-20 14:11:38 -04:00
Jarrod Johnson
96671ace4e Correct collective show behavior 2018-07-19 16:48:30 -04:00
Jarrod Johnson
bcff3fc962 Improve collective show readability 2018-07-19 16:39:13 -04:00
Jarrod Johnson
67d6e9a6c7 Add collective show
Provide a harmless way to look at collective state
2018-07-09 15:07:24 -04:00
Jarrod Johnson
a4edf9afb8 Rename confluentutil to collective
Also adjust output to be a bit more automation friendly.
2018-07-09 13:33:56 -04:00
Jarrod Johnson
401352998c Correctly show the error on non-leader
When non-leader tries to invite, print the error rather than unhelpful
exception with no helpful data.
2018-06-26 14:35:23 -04:00
Jarrod Johnson
38898ca921 Auto-make certificate if missing
Automatically fix a missing certificate if this is the case.
2018-06-19 11:05:38 -04:00
Jarrod Johnson
f2500d9d27 Add general confluentutil command
This provides util commands to manage certificates and collective
membership.
2018-06-13 16:23:49 -04:00
Jarrod Johnson
0507e89da8 Add ability to skip key backup and interactive password
Backups should carefully protect keys.json, but that's only feasible
interactively.  However keys don't change, so have a way to combine
protected keys.json with password with relatively safe non-interactive
incremental backups.
2018-06-13 16:22:40 -04:00
Jarrod Johnson
8515d43dad A shell script to illustrate generating ECDSA key
For now put down the openssl commands required to get the key and
certificate available.
2018-06-12 16:57:36 -04:00
Jarrod Johnson
39e9bf0be5 Cleaner handling of invalid names in restore attempt
Detect problems ahead af time and more cleanly print a message.
2018-05-17 14:40:19 -04:00
Jarrod Johnson
04781e0ece Actually hook up the redact feature 2017-02-15 10:46:27 -05:00
Jarrod Johnson
9bd0b7af9d Make confluentdbutil executable 2017-02-15 10:46:27 -05:00
Jarrod Johnson
ae806e55b0 Add a utility to frontend DB dump/restore
This exposes the library functions as a utility
2017-02-15 10:46:26 -05:00
Jarrod Johnson
ad20193309 Make confluent and confluentsrv.py identical
The two files should be identical.  confluentsrv.py exists
only because PyInstaller struggles unless the target is a
'py' file and does not have some namespace conflict with a
module.
2015-09-23 11:58:48 -04:00