Jarrod Johnson
060f639ab3
Flag license files appropriately
2022-04-25 17:02:35 -04:00
Jarrod Johnson
9333c999c9
Adjust setup.py licensing for older setuptools
2022-04-25 16:48:31 -04:00
Jarrod Johnson
66f2ba98ec
Set up confluent licensisng in setupdist context
2022-04-25 16:15:49 -04:00
Jarrod Johnson
f6a16a89f2
Prevent spaces in nodenames
2022-04-20 08:55:54 -04:00
Jarrod Johnson
212aa5c6e2
Add ability to unsubscribe from a terminal session
2022-04-13 16:44:01 -04:00
Jarrod Johnson
2bf9a6d415
Add support for consolidated term websocket
...
Since browsers can be stingy with websockets, have
the consoles all share a single websocket.
2022-04-13 16:08:13 -04:00
Jarrod Johnson
7a0dee8af8
Fix keepalive/logout behavior in ws async
...
Use the websocket liveness as the keepalive, so
the reaper is not scheduled for such sockets.
Additionally, register the async thread as to be killed on logout.
2022-04-05 16:56:36 -04:00
Jarrod Johnson
105536656e
Implement async session on websocket
...
This eliminates long polling and sets the stage to restore
socket sharing by terminals and shells.
2022-04-05 16:33:03 -04:00
Jarrod Johnson
8ef91c16c0
Do not let an existing /var/lib/confluent block the requisite chown
2022-04-05 09:35:05 -04:00
Jarrod Johnson
777bdfac5c
Fix the incorrect parameter name in setting password policy
...
The mistake was keeping the requisite rule from applying
2022-03-30 11:16:33 -04:00
Jarrod Johnson
d651c29149
Add password expiration recovery to smm discovery
...
SMM discover can now also unexpire password during onboarding.
2022-03-30 08:50:08 -04:00
Jarrod Johnson
b4f021cfad
Fix omission in SSDP snoop
2022-03-30 08:24:25 -04:00
Jarrod Johnson
69a06a6923
Implement a password unexpiration mechanism in xcc
...
If the node has expired password, do what is necessary to unexpire the
password
to get through assignment.
2022-03-30 08:07:25 -04:00
Jarrod Johnson
d214e7e442
Normalize blank strings in cfgdata
...
In cfgdata, make '' replaced by None for
consistent behavior for cleared and blanked
attributes.
2022-03-25 08:59:46 -04:00
Jarrod Johnson
e4e15d87a7
Background redfish check on snoop
...
When snooping, if a redfish device comes along, background the
query so that it is unable to block the main SSDP receive routine.
2022-03-24 17:18:05 -04:00
Jarrod Johnson
21bfc29a89
Make more clear the default behavior when prompting
2022-03-24 11:18:37 -04:00
Jarrod Johnson
7a66567625
Add missing monotic dependency
2022-03-24 09:20:14 -04:00
Jarrod Johnson
cd3d248a78
Add identimage to rpm build
2022-03-17 13:04:24 -04:00
Jarrod Johnson
bfd40b51de
Correct name of ident_image api
2022-03-17 09:35:49 -04:00
Jarrod Johnson
94ab644f5c
Create mechanism to create node identity images
...
These images are used in the flow of routed deployment.
2022-03-16 15:41:07 -04:00
Jarrod Johnson
fdd3ec4233
Fix check for confluent service having started
...
Give confluent full chance to set things up prior
to proceeding.
2022-03-16 10:28:44 -04:00
Jarrod Johnson
b2603aa1f8
Set ownership of /var/lib/confluent on installation
...
Some paths fail to initialize ownership earlier, give it
a head start
2022-03-16 10:26:16 -04:00
Jarrod Johnson
32081edec8
Workaround ':' format specifier syntax
...
Older python will break by assuming that
: always means a format expression is coming.
Move the field value fetch to format_field, and ascertain if some of the
expression was shunted to format specification
by mistake.
2022-03-11 12:21:09 -05:00
Jarrod Johnson
dc0183fdf4
Add [] slicing/indexing to confluent attribute expression syntax
...
This permits expressions like:
node[:-3]
To say nodename, but leave out 3 chars.
Or:
node[3:]
To skip the first three characters.
2022-03-11 11:23:43 -05:00
Jarrod Johnson
ceada3b7d9
Provide API for using one-time shared secret to register api key
...
This permits long haul node api key registration over a single port. It cannot validate that
the requester is privileged, but the auto-invalidation
offsets the risk of subsequent users having read access to the remote mount.
2022-03-10 16:06:02 -05:00
Jarrod Johnson
6a30afa31e
Have SSDP ignore multicast disabled interfaces
2022-03-09 11:01:01 -05:00
Jarrod Johnson
0abe978bd9
Implement hmac of apikey
...
For routed deployment, we have to preshare some information.
Additionally, the API arm mechanism gets too open ended.
Add support for using a shared secret over another
channel to do HMAC of a key to authenticate peer,
which has an alternate api arming mechanism
that is hardened.
2022-03-08 14:46:00 -05:00
Jarrod Johnson
e67bab4f12
Place cap on api password length
...
No more than 48 characters should ever be in
an api token. Cap it to avoid outrageous crypt
behavior at large password length.
2022-03-08 09:15:13 -05:00
Jarrod Johnson
21c0372a5b
Support get_full_net_config without serverip
...
When trying to get a configuration
without a network context, it would fail.
Now, as intended, it generates network configuration without autosense in such a case.
2022-03-07 15:28:04 -05:00
Jarrod Johnson
15e7e4464e
Keep known_hosts cleaner
...
When repeating osdeploy initialize
of local known_hosts, more
gracefeully avoid duplicate entries.
2022-03-02 16:04:01 -05:00
Jarrod Johnson
19a370b0f5
Add explicit client version dependency
2022-02-25 07:31:12 -05:00
Jarrod Johnson
d7df1e7891
Prevent users from dupe group memberships
2022-02-24 15:06:41 -05:00
Jarrod Johnson
2c9be7a4c4
Remove slp snoop of XCC
...
SSDP snoop catches XCC, and do only
SSDP for consistent format of
snoop info coming into the
xcc handler.
2022-02-24 08:08:50 -05:00
Jarrod Johnson
e390618dd9
Fix handling without olduuid in database
2022-02-23 10:13:06 -05:00
Jarrod Johnson
8f4846c248
Fix for partial returns
...
full_net_config may not always apply,
be sure to gracefully degrade.
2022-02-22 17:08:23 -05:00
Jarrod Johnson
ac8918c2b9
Add ips to ssh principals
...
For any static address, also grant
certificate for that.
2022-02-22 16:48:58 -05:00
Jarrod Johnson
3cf9edeeb8
Stub out buffering for shell sessions
...
This is not yet handled anyway.
For future, establish norm of a nodeid
to prefix multiple distinct sessions.
2022-02-22 08:49:31 -05:00
Jarrod Johnson
8fab8238ed
Disambiguate console from shell buffer
...
There is room for the console replay to get confused,
fix by fully qualifying the console name.
2022-02-18 17:31:13 -05:00
Jarrod Johnson
58b55b6ef6
Error on trying to double-add nodes or groups
...
Prevent user from repeatedly adding the
same group to a node or same node to a group.
2022-02-16 11:58:22 -05:00
Jarrod Johnson
33be75a9a2
Markup bandit exceptions
...
Apply bandit exceptions and explain
the rationale in each case
2022-02-16 09:10:33 -05:00
Jarrod Johnson
f10a27fd7a
Switch to mkstemp
...
Use mkstemp to more confidently reserve a filename as expected.
2022-02-15 17:13:04 -05:00
Jarrod Johnson
93a5496899
Reject reverse range noderange
...
It has been stated that no one would want to do this
on purpose, and thus it should reject. The rationale
being that if no one wants to do this, but did it
anyway, they presumably made a mistake.
So now such attempts will be blocked.
Keep the dead logic around for now
in case a future opinion changes things back.
2022-02-11 15:20:41 -05:00
Jarrod Johnson
bd428790ce
Try for more informative messoge an expression syntax error
2022-02-11 14:51:53 -05:00
Jarrod Johnson
f0c4943612
Merge branch 'master' of github.com:lenovo/confluent
2022-02-11 14:33:47 -05:00
Jarrod Johnson
f547071d38
Warn user of unworkable syntax
...
When used in {} expressions, attributes must obey python syntax rules,
try out the attribute name and report the issue when it would be a problem.
2022-02-11 14:32:52 -05:00
Jarrod Johnson
fbd3a442ac
Support numeric owner/group in syncfile list
2022-02-08 17:38:01 -05:00
Jarrod Johnson
b809514ef9
Fix osdeploy initialize dependency on master key
...
Make sure confluent has made /etc/confluent, and further always initialize the
encryption key, as it will almost certainly
be needed and easiest to just always
generate on first startup.
2022-02-08 16:40:41 -05:00
Jarrod Johnson
b1032d8c4c
Specify write mode for confluent_uuid file
2022-02-08 12:31:04 -05:00
Jarrod Johnson
e7b1791df3
Modify input in bandit-friendly way
...
bandit erroneously flags 'input' based
on possible python2-ism. Avoid the
error by using 'getinput', making that
input or raw_input based on the python version.
2022-02-08 10:59:15 -05:00
Jarrod Johnson
6e03f6ee0a
Correct syntax typo
2022-02-08 10:49:42 -05:00