Jarrod Johnson
06d0e05dbb
Set rootfs to have ssh ready
...
Get the CA and user key into the
right places to use in the target system.
2020-04-20 09:39:36 -04:00
Jarrod Johnson
bfac51ba12
Prototype getinstalldisk
...
This script supersedes the bash script, hopefull
2020-04-17 16:37:04 -04:00
Jarrod Johnson
6798e4e848
Increase precision of copernicus time
...
While it is going to be off by some number of milliseconds,
it's better than being off by 250ms on average.
2020-04-17 12:07:48 -04:00
Jarrod Johnson
b37c034d6f
Also carry in confluent.info
...
The installer needs this information to continue.
2020-04-16 12:40:35 -04:00
Jarrod Johnson
32038baa75
Carry deploycfg into installer
2020-04-16 12:23:45 -04:00
Jarrod Johnson
4e8cc3d801
Carry API key past initramfs
...
This enables api calls during
the installer.
2020-04-16 11:54:40 -04:00
Jarrod Johnson
84988031a2
Move sshutil to a more practical place
...
This makes the keysigning function available to the server.
2020-04-16 09:49:30 -04:00
Jarrod Johnson
211b8ab7e8
Actually print message to serial
...
When console detected, actually notify
the relevant console.
2020-04-15 18:25:16 -04:00
Jarrod Johnson
23e8642950
Improve autocons
...
Provide more feedback and have
a proper cmdline style argument
2020-04-15 17:27:52 -04:00
Jarrod Johnson
76f7c12ca5
Incorporate autocons
...
This should permit skipping
it on kernel command line.
2020-04-15 16:50:33 -04:00
Jarrod Johnson
890793068c
Have prepivot stage accounts
...
Carry forward the ssh key and
disable passwords so that ssh
may safely be enabled during
install.
2020-04-15 16:19:23 -04:00
Jarrod Johnson
709ace4c92
Fix CA bundle in install
...
Once transitioning to install,
the CA bundle was lost, because
the symlink lead out of sysroot.
Fix by prepending sysroot if symlink
2020-04-15 13:30:47 -04:00
Jarrod Johnson
24bc1210d0
Numerous fixes to the OS deploy
...
Most notably, change to safe_dump for yaml.
For the various initrd items, changes
to actually trigger the relevant bits
of the RH installer.
2020-04-14 16:34:50 -04:00
Jarrod Johnson
276e01434d
Remove example output from script
2020-04-10 16:49:14 -04:00
Jarrod Johnson
58fd760698
Implement begins of self api
...
This paves the way to get deployment started
in earnest.
2020-04-10 16:46:41 -04:00
Jarrod Johnson
2bd2946e9f
Add time sync option to copernicus
...
Since we are dealing in TLS certificates,
the easiest thing is to have copernicus sync
time. It is not as robust as ntp,
but it'll do as a stopgap
until the real time utilities
kick in.
2020-04-10 11:23:12 -04:00
Jarrod Johnson
5fb4f2b36c
Add CAs from site to install
...
Preserve the CA situation into the installer
2020-04-09 16:18:39 -04:00
Jarrod Johnson
3ddeb4bcd0
A basic hook to force network bringup
...
initqueue must be satisfied by a udev rule. We don't
know which network until iniqueue phase, but the hook
needs to install earlier. This change induces
udev rule generation.
2020-04-09 16:14:30 -04:00
Jarrod Johnson
1722ad941b
Add a starting sample of initqueue dracut hook
...
For rhel8, this initqueu hook is useful
2020-04-09 16:13:33 -04:00
Jarrod Johnson
e0223706b0
Add a sample CentOS/RH handler snippet
...
Begin work to prepare profiles for booting.
2020-03-16 18:03:07 -04:00
Jarrod Johnson
945b8f2b4a
Rename to reflect more function than CA
2020-03-09 08:52:29 -04:00
Jarrod Johnson
82921fb53d
Add function to sign SSH key
...
This will enable the known_hosts
to work.
shosts.equiv and sshd and ssh client
config will be handled elsewhere.
shosts.equiv will just be everything.
2020-03-06 16:55:06 -05:00
Jarrod Johnson
59a0b00208
Flesh out the SSH code more
...
Notably add user key management
and start poking things in
/var/lib/confluent
2020-03-06 16:17:53 -05:00
Jarrod Johnson
34f2f6e359
Add a sample for doing SSH CA
...
This will explore the concept for the
backend of the get certificate api.
2020-03-06 13:43:54 -05:00
Jarrod Johnson
4529924cce
Fix credserver python3 and LLA support
...
Both client and server had an issue with LLA, along with the
usual python3-isms.
2020-03-02 16:06:07 -05:00
Jarrod Johnson
f798239f90
Switch to using the standard confluent port for credserver
...
Also add a check and only accept API arming
requests from local ips
2020-02-27 16:36:16 -05:00
Jarrod Johnson
0fd4c3b2f7
Merge branch 'master' into nodesearch
2019-10-16 13:24:11 -04:00
Jarrod Johnson
44d6bde3ff
Make /usr/bin/env python point to python2
...
Same as before, more RHEL8 compatibility changes
2019-09-23 11:04:52 -04:00
Jarrod Johnson
56fa13279e
Explicitly indicate use of python2
...
RHEL8 will no longer tolerate implicit use of python.
For now relent to being python2, though ideally one day
it could be either.
Unfortunately, this means once code is ready for python3, we have to
probably implement build time changes for python3 enabled distros
to have different shebangs than python2 distros.
2019-09-23 10:59:00 -04:00
Jarrod Johnson
aaf5aebff7
Fix for tokens with null bytes
...
Since the server may employ the full range of byte values
in the echo token, use that length and the buffer to avoid
nulls truncating the token.
2019-08-12 15:24:51 -04:00
Jarrod Johnson
c1abeaff04
Convert concept to IP based
...
This leaves the door open for routing if supported.
The server shall restrict IP_TTL to denote
acceptable distance from the manager to accept.
2019-08-09 16:43:48 -04:00
Jarrod Johnson
37d4543d24
Merge branch 'master' into nodesearch
2019-08-08 16:18:21 -04:00
Jarrod Johnson
d95464df6f
Add a non-ip network string xmit concept
2019-08-08 16:14:05 -04:00
Jarrod Johnson
b7b7fd82eb
ECHO a packet back to manager
...
In a later phase, we will want assurances
that the neighbor table was populated.
Since here we have the sockaddr handy,
it makes a lot of sense to take the
opportunity to blind fire a packet back.
No reply is expected, just enough to
trigger arp/neighbor solicitation.
2019-07-16 07:51:24 -04:00
Jarrod Johnson
c8d0009dac
Avoid copernicus printout of more duplicate data
...
Separate v4 and v6 results for better chance of success in
dropping duplicate packets.
2019-07-15 11:09:20 -04:00
Jarrod Johnson
79f5dce6dc
Implement node search for confluent
...
This is a viable client to find and get ones node identity.
Node credentials are a separate concern, to be handled later.
2019-07-15 11:09:20 -04:00
Jarrod Johnson
373bf3dca7
Remove stray whitespace
...
Fix formatting mistakes
2019-07-09 10:18:34 -04:00
Jarrod Johnson
d2efb16c71
Remove unneeded line
2019-06-27 15:21:35 -04:00
Jarrod Johnson
739e302506
Add an example for just disabling password complexity
2019-06-27 15:20:24 -04:00
Jarrod Johnson
87e7a90c37
Move stats into the client
...
stats is good enough to be promoted from prototype to a confluent
client component.
2019-04-25 14:46:18 -04:00
Jarrod Johnson
bafc25005f
Flesh out stats with arguments
2019-04-25 14:45:47 -04:00
Jarrod Johnson
33c1137ccf
Remove use of tmp file in stats
2019-04-25 13:59:15 -04:00
Jarrod Johnson
e81579f414
Add a prototype stats command for CLI commands
2019-04-25 13:53:34 -04:00
Jarrod Johnson
34c6d6a4d7
Choose an easier name for the reader
2019-04-11 16:26:59 -04:00
Jarrod Johnson
b402ddd656
Add more keystrokes and easier use
...
No longer require cbl file be specified manually.
2019-04-11 16:26:14 -04:00
Jarrod Johnson
40dbe63336
Script to disable password expiry after expired on SMM
2019-04-05 16:53:32 -04:00
Jarrod Johnson
5c4944a1e4
Provide a sample script for fixing expired credentials
2019-04-05 08:37:31 -04:00
Jarrod Johnson
ae49cf290e
Fix key hold-down behavior in cbl reader
...
The retry print could get stuck in loop and the input
could queue up too many keypresses.
2019-04-03 11:44:05 -04:00
Jarrod Johnson
5ead803c8a
Fix up the injected clear delimiting
...
The delimiting was not being navigated correctly.
2019-04-03 10:38:35 -04:00
Jarrod Johnson
996b1ba45b
Rework prototype cbl reader
...
It is still not right, but it is a bit easier to work with
to figure out what's wrong with it.
2019-04-01 16:56:14 -04:00