Provide for applications
where only a small subset of collective
members should be
considered to count
toward whether the collective
can proceed.
Commonly, 'service' nodes may
be numerous to do work, but may all want to go offline
during a maintenance window.
confignet is special, it is designed
to work when networking
isn't right. So have it run during firstboot
in case post fouled up
the network for firstboot.
While servicing an enrollment,
there's a window for a collective
member to be 'defined' but not
yet active, meaning quorum may transiently be lost as multiple enrollments progress.
Serialize enrollments by holding the enrollment process open.
Also, there is a chance that a transient transfer error may occur during loading
of the DB. In such a case, restart
the connection rather thn aborting.
Floats are either unnecessarily long
in normal output, or too unconstrained in CSV output.
Normalize to as many digits as 'makes sense' up to 5 digits.
5 miight seem a bit much, but one common metric is kWh, which may need
that precision over short intervals.
Added 2 new function to check if the custom yaml file exists - /etc/confluent/authorize.yaml - and one to update the _allowbyrole and _deniedbyrole vars accordingly.
The open file handle as implemented
could not pass to the subprocess.
Rather than figure out how to open
and pass the filehandle,
simply let the subprocess
independently open the file
if it isn't passed.
While Eaton does not do HTTPS by default,
it can be configured to do so.
Support when available.
Mitigate downgrade attack by
stickying the cert fingerprint.
If fingerprint is present, then refuse
to even think about port 80.
In some scenarios, the 'default'
interface is overlapped by another connection, either
identical or as a superset in a bond.
Whittle down the default
interface if superseded
to mitigate duplicate interface setup.
Newer msgpack refuses the encoding argument, use raw=False instead.
Further, newer msgpack refuses to accept int as key by default.
Opt into it as the risk is hash collision due to msgpack int being used directly, and
we aren't dealing with untrusted
peer (we only talk to ourselves).
With V3 systems, we can now ask
the SMMs for the certificates
and use that for a verified
measurement, regardless of
whether the XCC is returning
the correct bay number.
For now, keep using x86_64 as
default, but allow overrides
for other architectures.
One day it may be cleaner to move all addons.cpio to
arch specific subdirs.
Jarrod Johnson
erderial
Tinashe