Jarrod Johnson
b4374817f5
Move getinstalldisk into profiles
2020-05-22 15:27:25 -04:00
Jarrod Johnson
968400d72b
Update ssh known hosts and tftp
...
This is also required to get install going.
2020-05-22 15:03:56 -04:00
Jarrod Johnson
eabf2073c1
Fix construction of site cpio
...
It must include directory names in correct
order for it to unpack correctly
2020-05-22 12:49:33 -04:00
Jarrod Johnson
906855ecf7
Fix cpio generation
...
It needed to be relative path, and also
fix use of bytes fed into cpio.
2020-05-22 11:40:54 -04:00
Jarrod Johnson
59e9ef2215
Create initramfs.cpio
...
This actually enables the site for
booting with site addons.
Use of a temporary name mitigates
problem if multiple collective members
try to init at same time.
2020-05-22 11:05:35 -04:00
Jarrod Johnson
ba0d600bf7
Prepare osimage initialize
...
Provide a helper for the various
setup steps required for
getting ready for OS deployment.
2020-05-21 17:07:58 -04:00
Jarrod Johnson
8ce8f18f56
Change certutil to be a module
...
This allows it to be used from within
osimage command.
2020-05-21 15:56:16 -04:00
Jarrod Johnson
0af9db5eb7
Autodetect TLS key/cert locations
...
This facilitates easier getting started when possible.
2020-05-21 15:55:22 -04:00
Jarrod Johnson
22d5da3ae9
Rename certs to pem
...
There are contexts where the .cert name is not
recognized, go for .pem name instead.
2020-05-21 14:37:17 -04:00
Jarrod Johnson
540d0e1795
Fix SUSE certificate handling
...
SUSE requires things go through update-ca-certificates,
update the generated certs and the post to do that.
2020-05-18 19:37:54 -04:00
Jarrod Johnson
b73c561ca9
Support relative path import
...
Have osimage import correct to absolute
path for import.
2020-05-12 15:02:18 -04:00
Jarrod Johnson
1ba2386b82
Provide keyname to importer
...
This allows client to reliably make association
between import request and tracking
the import activity.
2020-05-12 14:47:00 -04:00
Jarrod Johnson
1beed070fd
Add help text to usage
2020-05-12 09:53:46 -04:00
Jarrod Johnson
5addc7519d
Rename osdeploy to osimage
2020-05-12 09:48:57 -04:00
Jarrod Johnson
7a68d1444b
Extend osdeploy to have a config
2020-05-12 09:48:27 -04:00
Jarrod Johnson
d90e87e153
Fix backup/restore with python3
...
backup/restore with password
was having problems with python3
2020-05-07 16:22:56 -04:00
Jarrod Johnson
051b8259fd
Update certutil to update site tls
...
This puts the certificate in a location
to be picked up by installers,
complete with subject_hash
so that SuSE can easily pull
them in.
2020-04-22 13:33:31 -04:00
Jarrod Johnson
a3f7fc12b5
Include fe80 in cert
...
fe80 is needed and a valid
thing to assert.
2020-04-10 09:59:53 -04:00
Jarrod Johnson
8fb206b1f7
Fix cert util on pythoen3
...
python 3 had bytes and not str and need to be
decoded before string operations.
2020-03-16 09:27:34 -04:00
Jarrod Johnson
1bf7c6970f
Merge branch 'master' into osdeploy
2020-03-13 11:06:26 -04:00
Jarrod Johnson
a86d962984
Fix missing pwd import
...
The pwd module was accidentally omitted, fix the mistake.
2020-03-13 11:04:16 -04:00
Jarrod Johnson
6ade0952c7
Workaround incorrect TLS clients
...
Standards compliant TLS clients require
that IP addresses be compared against
IP type SAN fields.
However, some firmware ignores IP fields and only checks DNS fields.
Workaround and provide compatibility
by duplicating the IP as DNS and IP fields.
Also, clean up the temporary config file when done.
2020-03-12 19:06:05 -04:00
Jarrod Johnson
e97214ca50
Merge branch 'master' into osdeploy
2020-03-12 16:05:08 -04:00
Jarrod Johnson
9ee29aabe1
Set certificate ownership properly
...
When creating certificate for collective, ensure that the certificate
is usable by confluent when running
as non-root.
2020-03-12 16:04:23 -04:00
Jarrod Johnson
114324f513
Add CA to self signed cert constraints
...
Some applications require this be set for it to work
as an enrolled certificate. Notably UEFI
requires this.
2020-02-24 15:34:55 -05:00
Jarrod Johnson
f6d4fef5e6
Improve error message for collective
...
When trying to not run as root, give a
better error message explaining the
situation more clearly.
2020-02-18 16:16:40 -05:00
Jarrod Johnson
3bc366bef4
Fix mistake in the cert util
2020-02-03 15:37:20 -05:00
Jarrod Johnson
c666b11138
Add ability to foreground exec confluent
...
This allows easier debug and option for unit file
in systemd to run foreground if it makes sense.
2020-01-31 08:10:01 -05:00
Jarrod Johnson
8cab591a8b
Add collective member deletion
...
This allows deletion of a dead member, down to deleting down to non-collective
mode.
2019-10-10 11:30:03 -04:00
Jarrod Johnson
c1953bdad3
Another set of python 3 compatibility
...
Numerous issues arose, particularly
when participating in a mixed
collective.
2019-10-08 10:45:43 -04:00
Jarrod Johnson
578ba06aa3
Fix python3 problem with octal
2019-10-08 09:06:15 -04:00
Jarrod Johnson
90e546bcac
Implement a number of py3 compatible adjustments
2019-10-02 08:58:39 -04:00
Jarrod Johnson
44d6bde3ff
Make /usr/bin/env python point to python2
...
Same as before, more RHEL8 compatibility changes
2019-09-23 11:04:52 -04:00
Jarrod Johnson
4dab5fc527
Adapt to RHEL or Debian openssl config locations
2019-08-05 16:16:42 -04:00
Jarrod Johnson
5d572f17f9
Enhance collective usage output
...
Collective usage output provided no hints as to how to access more detailed
help. Amend the wording to make this more clear/obvious.
2019-04-03 14:23:30 -04:00
Jarrod Johnson
8a03bc48de
Tentatively store certutil
...
Commit to repository, even though not yet used. It is likely to
be renamed. The purpose is to help generate an appropriate self signed
cert for https including all the ip addresses as subject alternative
names so that names or addresses may be used with installers that
have had the cert injected.
2018-12-11 13:51:46 -05:00
Jarrod Johnson
d5c093a30d
Provide fallback for unexpected reply in collective show
2018-10-10 09:46:01 -04:00
Jarrod Johnson
cf9d2a43e8
Revert "Provide fallback for unexpected reply in collective show"
...
This reverts commit 2f566fb81ddfdd14b3b623ee6d1ff48d67e636b4.
2018-10-10 09:44:06 -04:00
Jarrod Johnson
2f566fb81d
Provide fallback for unexpected reply in collective show
2018-10-10 09:41:25 -04:00
Jarrod Johnson
73c06fd25e
Fix display of error on join of collective
2018-10-08 09:54:03 -04:00
Jarrod Johnson
f0edbbad39
Have collective show present some info when not in quorum
2018-07-20 14:11:38 -04:00
Jarrod Johnson
96671ace4e
Correct collective show behavior
2018-07-19 16:48:30 -04:00
Jarrod Johnson
bcff3fc962
Improve collective show readability
2018-07-19 16:39:13 -04:00
Jarrod Johnson
67d6e9a6c7
Add collective show
...
Provide a harmless way to look at collective state
2018-07-09 15:07:24 -04:00
Jarrod Johnson
a4edf9afb8
Rename confluentutil to collective
...
Also adjust output to be a bit more automation friendly.
2018-07-09 13:33:56 -04:00
Jarrod Johnson
401352998c
Correctly show the error on non-leader
...
When non-leader tries to invite, print the error rather than unhelpful
exception with no helpful data.
2018-06-26 14:35:23 -04:00
Jarrod Johnson
38898ca921
Auto-make certificate if missing
...
Automatically fix a missing certificate if this is the case.
2018-06-19 11:05:38 -04:00
Jarrod Johnson
f2500d9d27
Add general confluentutil command
...
This provides util commands to manage certificates and collective
membership.
2018-06-13 16:23:49 -04:00
Jarrod Johnson
0507e89da8
Add ability to skip key backup and interactive password
...
Backups should carefully protect keys.json, but that's only feasible
interactively. However keys don't change, so have a way to combine
protected keys.json with password with relatively safe non-interactive
incremental backups.
2018-06-13 16:22:40 -04:00
Jarrod Johnson
8515d43dad
A shell script to illustrate generating ECDSA key
...
For now put down the openssl commands required to get the key and
certificate available.
2018-06-12 16:57:36 -04:00