xCAT/confluent
2
0
Fork 0
mirror of https://github.com/xcat2/confluent.git synced 2025-01-16 20:57:53 +00:00
Code Issues Projects Releases Wiki Activity
1,206 Commits 39 Branches 65 Tags
Commit Graph

542 Commits

Author SHA1 Message Date
Jarrod Johnson
19e733f325 Ensure fingerprint variable is initialized 
During error handling, there were paths where fingerprint was
needed, but not set.  Fix this by getting fingerprint before raising
the exceptions.
 2018-01-23 14:34:06 -05:00
Jarrod Johnson
97401e306b Tolerate disabled IPv4 multicast route 
Sometimes the IPv4 multicast route isn't playing ball.  Tolerate such
a scenario and move on.
 2018-01-22 11:53:19 -05:00
Jarrod Johnson
48b9d735f2 Avoid empty hwaddr 
It has been observed, at least once, for an empty hwaddr to appear.
Take measures to prevent this from occurring and making into the
discovery info.
 2018-01-19 10:22:22 -05:00
Jarrod Johnson
76818135a6 Fix getting nodenames based on enclosure uuid 
Must listify the output and make sure the previous output is fed into
the second filter.
 2018-01-16 13:29:36 -05:00
Jarrod Johnson
0f4940cd7c Tolerate empty string to be blank snmp user 
For SNMP password without user, accept '' as a synonym for None
 2018-01-16 13:14:13 -05:00
Jarrod Johnson
8226c2bd77 Fix mistakes in the draft discovery code 
A couple of blatantly obvious mistakes were made that require fixing.
 2018-01-16 12:13:34 -05:00
Jarrod Johnson
a80ae622f6 Skip SMMs without a stored certificate 
If something happens to have the right ip, but no stored certificate
because it's not discovered, it was used as a data source if the
addpolicy was lax.  Harden the flow by skipping unverifiable parts
of the chain.
 2018-01-16 10:54:42 -05:00
Jarrod Johnson
ea5165d2c5 Fix the TLS verifier to support different fingerprint algos 
It was hard baked to sha512.  Now use sha256 if auto-adding,
and use the stored algo as indicator instead.
 2018-01-16 10:30:15 -05:00
Jarrod Johnson
30e24cc768 Fix type compatibility with enclosure.bay 
enclosure.bay manifests as an int.  Use format() to tolerate either
way.
 2018-01-16 10:20:28 -05:00
Jarrod Johnson
b1951b3d86 Add error on older XCC firmware 
When we do hit a problem with the chained configuration and older
XCC, log a message to show why discovery will forever fail.
 2018-01-16 09:18:30 -05:00
Jarrod Johnson
c649aa2a40 Avoid traceback on older XCC firmware 
Older XCC firmware does not provide chassis-uuid.
 2018-01-16 09:16:23 -05:00
Jarrod Johnson
e7b97afc3c Address a number of oversights 
The null handler case, IPv6 SMM, and SMM cert conversion needed fixes.
 2018-01-11 16:48:34 -05:00
Jarrod Johnson
a70e3a2e19 Add ability for physical discovery to not root in switch 
This permits a design where the switch can be omitted, but only the
head enclosure manager needs 'manual' intervention.
 2018-01-11 10:46:23 -05:00
Jarrod Johnson
a11a0cd543 Accelerate dependent discovery in D2 enclosures 
Rather than wait until the next recheck interval, track and trigger
dependent discovery immediately.
 2018-01-11 08:41:44 -05:00
Jarrod Johnson
3398acaf52 Match XCC to enclosure in a chained setup 
Also apply fixes and lay groundwork for eventual 'secure' discovery
policy.  As such a policy is too limited to be practical at this point
(SMM only) the full deal is postponed until it would be feasible.
 2018-01-10 15:53:49 -05:00
Jarrod Johnson
0c0a450fc2 Implement requisite functions to do chain SMM discovery 
Hook into the neighbor data and lldp to identify SMMs.

Still need to provide context to the XCCs based on the chassis-uuid
property.
 2018-01-09 17:25:31 -05:00
Jarrod Johnson
0337962cd9 Add lenovo-switch to discovery api 
This does not actually allow config deployment, but it can help in
ascertaining access for manual access to a switch.

A proper 'handler' will come later to add configuration, probably with
an emphasis on CNOS rather than ENOS.
 2018-01-09 09:17:39 -05:00
Jarrod Johnson
9f5b88eb9f Fix nodemedia upload 
Implement the tracking properly
 2018-01-04 13:39:51 -05:00
Jarrod Johnson
3265d812ba Tweak the media implementation 
Change key to 'detachall' for now and remove the 'all' argument from
detach.
 2018-01-04 13:21:22 -05:00
Jarrod Johnson
0d40a0cac6 Add ability to clear upload progress tracking 
Remote media uploads could not be cleared, add the ability to do so.
 2017-12-08 18:58:04 -05:00
Jarrod Johnson
6845f64d46 Correct spelling of tenant attribute 
The attribute had been mispelled and needed a fix.
 2017-12-08 18:42:08 -05:00
Jarrod Johnson
ade1d93071 Fix strip_node on createdresource 2017-12-08 18:35:39 -05:00
Jarrod Johnson
b18ad89672 Correct some errors in the previous commit 2017-12-08 18:27:35 -05:00
Jarrod Johnson
09d20ea1ff Add remote media handling to API 2017-12-08 15:03:27 -05:00
Jarrod Johnson
60e8338b47 Fix logout 
The logout was broken by the forwarder security hardening
 2017-11-28 15:48:35 -05:00
Jarrod Johnson
8897eb5dcf Fix user api 
The user api had been messed up.  Correct by using keyword to correctly
place the configmanager argument.
 2017-11-28 15:23:27 -05:00
Jarrod Johnson
208eb46cc2 Merge branch 'master' of github.com:jjohnson42/confluent 2017-11-28 13:42:32 -05:00
Jarrod Johnson
2c5432454a Implement a nicer nodereseat unsupported command 
This carries the error condition cleanly back to the command line.
 2017-11-28 13:42:21 -05:00
Jarrod Johnson
c5dd024557 Move the switch discoverable check for non-SMM into eval_node 
eval_node can establish that this is a direct discovery attempt.
In that specific context, the check can be performed.  Otherwise,
we can't check in this way, but the enclosure manager should raise the
error on behalf of the rest of the situation.
 2017-11-27 16:59:13 -05:00
Jarrod Johnson
72af8f1631 Fix custom and net.* attributes for groups and alias clearing 
The _group function was not using fixup_attribute, add that.

Additionally, on the clear_ functions, use the aliases to make clearing
work with the shorthand as well.
 2017-11-27 10:36:29 -05:00
Jarrod Johnson
a16d4b12ea Merge branch 'master' of github.com:jjohnson42/confluent 2017-11-14 14:29:57 -05:00
Jarrod Johnson
76bfb29d60 Try to put the brakes on too many mac discovery attempts 
In various scenarios, too many macs on a port can be a sign of trouble.
For example, a chained SMM configuration with head on switch port, or
incorrectly pointing a nodes net attributes at a switch uplink port, or
defining SMMs without any nodes, causing XCCs to think they are
rackmount.  This sets some sanity value for avoiding problems.  This is
of course a mitigation, invalid scenarios could still run afoul of the
limits, but it should catch a large chunk of offending scenarios.
 2017-11-14 14:28:31 -05:00
Jarrod Johnson
3e201a5f4f Back off aborted use of configmanager in nodegroups 
Currently, we don't need it and the change was half-attempted.  Remove
the problematic half that remained.
 2017-11-14 12:01:57 -05:00
Jarrod Johnson
4bbc05699e Fixed log age out with size and time rolling 
There was a problem if both size and time based age out were triggering
and failing to honor backupCount.
 2017-11-10 08:48:36 -05:00
Jarrod Johnson
80864d78b3 Remove unused nestedmode 
Without the ability to reliably tell a nodename from an input key,
must not do the nestedmode detection.
 2017-11-08 13:36:36 -05:00
Jarrod Johnson
fcae11bf96 Do natural sort on expression expansion 
This creates more logical behavior from nodeshell and noderun when
dealing with many nodes, particularly when crossing the concurrency
limit.
 2017-11-06 14:57:15 -05:00
Jarrod Johnson
a6bae944a2 Explicit dependency version in rpm 
Installs without update can end up with non-viable old versions.

Force yum to try to update downlevel packages if present.
 2017-11-06 09:20:12 -05:00
Jarrod Johnson
7f4ea287bc Fix issues in expression enabled InputNetworkConfiguration 
This enables setting using expressions for any network configuration
functionality.
 2017-11-03 10:25:26 -04:00
Jarrod Johnson
9f3fe01a49 Evolve the concept, it does not currently work 2017-11-02 17:07:44 -04:00
Jarrod Johnson
8bc766e740 Add concept of aliases for setting and expressions 
For the moment this allows some shortcuts on setting and
expressions for {bmc}.  Other attribute aliases may come.
 2017-11-01 13:28:46 -04:00
Jarrod Johnson
8c21c59459 Dynamic backoff for switch scan 
Have switch scan back off propritonate to time it takes to walk the
switches.  Avoid being back to back on switch scans.
 2017-10-27 16:50:39 -04:00
Jarrod Johnson
d5be1ccf8c Restrict lifetime of port relay to session 
If a session is closed, also kill off any associated
relays in progress.  One exception, video port relay
in ESTABLISHED is left alone due to limitation, but
at least no new open.
 2017-10-27 14:47:10 -04:00
Jarrod Johnson
45b8a18f14 Merge branch 'master' of github.com:jjohnson42/confluent 2017-10-26 13:31:36 -04:00
Jarrod Johnson
52673a990b Confluent server side enclosure reseat 
This provides ability to request reseat of nodes, and redirects it to
the enclosure manager.
 2017-10-26 11:45:16 -04:00
Jarrod Johnson
43c60bc180 Add another invalid uuid 
This is another uuid that will not be unique that may appear in some
systems without a valid uuid.
 2017-10-25 16:16:00 -04:00
Jarrod Johnson
c86d9f3e33 More specifically restrict connectivity 
When serving multiple browser, limit a forwarder to only the specific
client that authorized that forwarder.  Previously, one client was
allowed to access another client's forwarding port if it happened to
know the location.
 2017-10-23 09:34:29 -04:00
Jarrod Johnson
68221b8158 Provide distinct video forwarding per client ip 
While we are limited to one 'listen' target at a time, we can
qualiify by the source address to at least provide distinct
behavior depending on the client.
 2017-10-23 09:28:24 -04:00
Jarrod Johnson
34fb159801 Restrict forward source ip to requestor 
This prevents sockets from opening up to the world that could be used
to connect to management interfaces directly, apart from the specific
requestors.
 2017-10-22 12:35:12 -04:00
Jarrod Johnson
3372a8401a Move registration of key handler up to constructor 
This should be a more bulletproof place to be.  Note that it used
to be here and was moved because pyghmi used to call oem_init, but
pyghmi has been changed for a long time to no longer have that
requirement.
 2017-10-20 15:18:03 -04:00
Jarrod Johnson
f07a0e333f Use natural sort in parts of macmap api 
It was hard to traverse things through default sort, provide
natural sort to node names and port names.
 2017-10-20 15:15:59 -04:00