2
0
mirror of https://github.com/xcat2/confluent.git synced 2024-11-29 13:00:03 +00:00
Commit Graph

62 Commits

Author SHA1 Message Date
Jarrod Johnson
06d0e05dbb Set rootfs to have ssh ready
Get the CA and user key into the
right places to use in the target system.
2020-04-20 09:39:36 -04:00
Jarrod Johnson
bfac51ba12 Prototype getinstalldisk
This script supersedes the bash script, hopefull
2020-04-17 16:37:04 -04:00
Jarrod Johnson
6798e4e848 Increase precision of copernicus time
While it is going to be off by some number of milliseconds,
it's better than being off by 250ms on average.
2020-04-17 12:07:48 -04:00
Jarrod Johnson
b37c034d6f Also carry in confluent.info
The installer needs this information to continue.
2020-04-16 12:40:35 -04:00
Jarrod Johnson
32038baa75 Carry deploycfg into installer 2020-04-16 12:23:45 -04:00
Jarrod Johnson
4e8cc3d801 Carry API key past initramfs
This enables api calls during
the installer.
2020-04-16 11:54:40 -04:00
Jarrod Johnson
84988031a2 Move sshutil to a more practical place
This makes the keysigning function available to the server.
2020-04-16 09:49:30 -04:00
Jarrod Johnson
211b8ab7e8 Actually print message to serial
When console detected, actually notify
the relevant console.
2020-04-15 18:25:16 -04:00
Jarrod Johnson
23e8642950 Improve autocons
Provide more feedback and have
a proper cmdline style argument
2020-04-15 17:27:52 -04:00
Jarrod Johnson
76f7c12ca5 Incorporate autocons
This should permit skipping
it on kernel command line.
2020-04-15 16:50:33 -04:00
Jarrod Johnson
890793068c Have prepivot stage accounts
Carry forward the ssh key and
disable passwords so that ssh
may safely be enabled during
install.
2020-04-15 16:19:23 -04:00
Jarrod Johnson
709ace4c92 Fix CA bundle in install
Once transitioning to install,
the CA bundle was lost, because
the symlink lead out of sysroot.

Fix by prepending sysroot if symlink
2020-04-15 13:30:47 -04:00
Jarrod Johnson
24bc1210d0 Numerous fixes to the OS deploy
Most notably, change to safe_dump for yaml.

For the various initrd items, changes
to actually trigger the relevant bits
of the RH installer.
2020-04-14 16:34:50 -04:00
Jarrod Johnson
276e01434d Remove example output from script 2020-04-10 16:49:14 -04:00
Jarrod Johnson
58fd760698 Implement begins of self api
This paves the way to get deployment started
in earnest.
2020-04-10 16:46:41 -04:00
Jarrod Johnson
2bd2946e9f Add time sync option to copernicus
Since we are dealing in TLS certificates,
the easiest thing is to have copernicus sync
time.  It is not as robust as ntp,
but it'll do as a stopgap
until the real time utilities
kick in.
2020-04-10 11:23:12 -04:00
Jarrod Johnson
5fb4f2b36c Add CAs from site to install
Preserve the CA situation into the installer
2020-04-09 16:18:39 -04:00
Jarrod Johnson
3ddeb4bcd0 A basic hook to force network bringup
initqueue must be satisfied by a udev rule.  We don't
know which network until iniqueue phase, but the hook
needs to install earlier.  This change induces
udev rule generation.
2020-04-09 16:14:30 -04:00
Jarrod Johnson
1722ad941b Add a starting sample of initqueue dracut hook
For rhel8, this initqueu hook is useful
2020-04-09 16:13:33 -04:00
Jarrod Johnson
e0223706b0 Add a sample CentOS/RH handler snippet
Begin work to prepare profiles for booting.
2020-03-16 18:03:07 -04:00
Jarrod Johnson
945b8f2b4a Rename to reflect more function than CA 2020-03-09 08:52:29 -04:00
Jarrod Johnson
82921fb53d Add function to sign SSH key
This will enable the known_hosts
to work.

shosts.equiv and sshd and ssh client
config will be handled elsewhere.
shosts.equiv will just be everything.
2020-03-06 16:55:06 -05:00
Jarrod Johnson
59a0b00208 Flesh out the SSH code more
Notably add user key management
and start poking things in
/var/lib/confluent
2020-03-06 16:17:53 -05:00
Jarrod Johnson
34f2f6e359 Add a sample for doing SSH CA
This will explore the concept for the
backend of the get certificate api.
2020-03-06 13:43:54 -05:00
Jarrod Johnson
4529924cce Fix credserver python3 and LLA support
Both client and server had an issue with LLA, along with the
usual python3-isms.
2020-03-02 16:06:07 -05:00
Jarrod Johnson
f798239f90 Switch to using the standard confluent port for credserver
Also add a check and only accept API arming
requests from local ips
2020-02-27 16:36:16 -05:00
Jarrod Johnson
0fd4c3b2f7 Merge branch 'master' into nodesearch 2019-10-16 13:24:11 -04:00
Jarrod Johnson
44d6bde3ff Make /usr/bin/env python point to python2
Same as before, more RHEL8 compatibility changes
2019-09-23 11:04:52 -04:00
Jarrod Johnson
56fa13279e Explicitly indicate use of python2
RHEL8 will no longer tolerate implicit use of python.
For now relent to being python2, though ideally one day
it could be either.

Unfortunately, this means once code is ready for python3, we have to
probably implement build time changes for python3 enabled distros
to have different shebangs than python2 distros.
2019-09-23 10:59:00 -04:00
Jarrod Johnson
aaf5aebff7 Fix for tokens with null bytes
Since the server may employ the full range of byte values
in the echo token, use that length and the buffer to avoid
nulls truncating the token.
2019-08-12 15:24:51 -04:00
Jarrod Johnson
c1abeaff04 Convert concept to IP based
This leaves the door open for routing if supported.

The server shall restrict IP_TTL to denote
acceptable distance from the manager to accept.
2019-08-09 16:43:48 -04:00
Jarrod Johnson
37d4543d24 Merge branch 'master' into nodesearch 2019-08-08 16:18:21 -04:00
Jarrod Johnson
d95464df6f Add a non-ip network string xmit concept 2019-08-08 16:14:05 -04:00
Jarrod Johnson
b7b7fd82eb ECHO a packet back to manager
In a later phase, we will want assurances
that the neighbor table was populated.
Since here we have the sockaddr handy,
it makes a lot of sense to take the
opportunity to blind fire a packet back.
No reply is expected, just enough to
trigger arp/neighbor solicitation.
2019-07-16 07:51:24 -04:00
Jarrod Johnson
c8d0009dac Avoid copernicus printout of more duplicate data
Separate v4 and v6 results for better chance of success in
dropping duplicate packets.
2019-07-15 11:09:20 -04:00
Jarrod Johnson
79f5dce6dc Implement node search for confluent
This is a viable client to find and get ones node identity.

Node credentials are a separate concern, to be handled later.
2019-07-15 11:09:20 -04:00
Jarrod Johnson
373bf3dca7 Remove stray whitespace
Fix formatting mistakes
2019-07-09 10:18:34 -04:00
Jarrod Johnson
d2efb16c71 Remove unneeded line 2019-06-27 15:21:35 -04:00
Jarrod Johnson
739e302506 Add an example for just disabling password complexity 2019-06-27 15:20:24 -04:00
Jarrod Johnson
87e7a90c37 Move stats into the client
stats is good enough to be promoted from prototype to a confluent
client component.
2019-04-25 14:46:18 -04:00
Jarrod Johnson
bafc25005f Flesh out stats with arguments 2019-04-25 14:45:47 -04:00
Jarrod Johnson
33c1137ccf Remove use of tmp file in stats 2019-04-25 13:59:15 -04:00
Jarrod Johnson
e81579f414 Add a prototype stats command for CLI commands 2019-04-25 13:53:34 -04:00
Jarrod Johnson
34c6d6a4d7 Choose an easier name for the reader 2019-04-11 16:26:59 -04:00
Jarrod Johnson
b402ddd656 Add more keystrokes and easier use
No longer require cbl file be specified manually.
2019-04-11 16:26:14 -04:00
Jarrod Johnson
40dbe63336 Script to disable password expiry after expired on SMM 2019-04-05 16:53:32 -04:00
Jarrod Johnson
5c4944a1e4 Provide a sample script for fixing expired credentials 2019-04-05 08:37:31 -04:00
Jarrod Johnson
ae49cf290e Fix key hold-down behavior in cbl reader
The retry print could get stuck in loop and the input
could queue up too many keypresses.
2019-04-03 11:44:05 -04:00
Jarrod Johnson
5ead803c8a Fix up the injected clear delimiting
The delimiting was not being navigated correctly.
2019-04-03 10:38:35 -04:00
Jarrod Johnson
996b1ba45b Rework prototype cbl reader
It is still not right, but it is a bit easier to work with
to figure out what's wrong with it.
2019-04-01 16:56:14 -04:00