Jarrod Johnson
19e733f325
Ensure fingerprint variable is initialized
...
During error handling, there were paths where fingerprint was
needed, but not set. Fix this by getting fingerprint before raising
the exceptions.
2018-01-23 14:34:06 -05:00
Jarrod Johnson
97401e306b
Tolerate disabled IPv4 multicast route
...
Sometimes the IPv4 multicast route isn't playing ball. Tolerate such
a scenario and move on.
2018-01-22 11:53:19 -05:00
Jarrod Johnson
48b9d735f2
Avoid empty hwaddr
...
It has been observed, at least once, for an empty hwaddr to appear.
Take measures to prevent this from occurring and making into the
discovery info.
2018-01-19 10:22:22 -05:00
Jarrod Johnson
76818135a6
Fix getting nodenames based on enclosure uuid
...
Must listify the output and make sure the previous output is fed into
the second filter.
2018-01-16 13:29:36 -05:00
Jarrod Johnson
0f4940cd7c
Tolerate empty string to be blank snmp user
...
For SNMP password without user, accept '' as a synonym for None
2018-01-16 13:14:13 -05:00
Jarrod Johnson
8226c2bd77
Fix mistakes in the draft discovery code
...
A couple of blatantly obvious mistakes were made that require fixing.
2018-01-16 12:13:34 -05:00
Jarrod Johnson
a80ae622f6
Skip SMMs without a stored certificate
...
If something happens to have the right ip, but no stored certificate
because it's not discovered, it was used as a data source if the
addpolicy was lax. Harden the flow by skipping unverifiable parts
of the chain.
2018-01-16 10:54:42 -05:00
Jarrod Johnson
ea5165d2c5
Fix the TLS verifier to support different fingerprint algos
...
It was hard baked to sha512. Now use sha256 if auto-adding,
and use the stored algo as indicator instead.
2018-01-16 10:30:15 -05:00
Jarrod Johnson
30e24cc768
Fix type compatibility with enclosure.bay
...
enclosure.bay manifests as an int. Use format() to tolerate either
way.
2018-01-16 10:20:28 -05:00
Jarrod Johnson
b1951b3d86
Add error on older XCC firmware
...
When we do hit a problem with the chained configuration and older
XCC, log a message to show why discovery will forever fail.
2018-01-16 09:18:30 -05:00
Jarrod Johnson
c649aa2a40
Avoid traceback on older XCC firmware
...
Older XCC firmware does not provide chassis-uuid.
2018-01-16 09:16:23 -05:00
Jarrod Johnson
e7b97afc3c
Address a number of oversights
...
The null handler case, IPv6 SMM, and SMM cert conversion needed fixes.
2018-01-11 16:48:34 -05:00
Jarrod Johnson
a70e3a2e19
Add ability for physical discovery to not root in switch
...
This permits a design where the switch can be omitted, but only the
head enclosure manager needs 'manual' intervention.
2018-01-11 10:46:23 -05:00
Jarrod Johnson
a11a0cd543
Accelerate dependent discovery in D2 enclosures
...
Rather than wait until the next recheck interval, track and trigger
dependent discovery immediately.
2018-01-11 08:41:44 -05:00
Jarrod Johnson
3398acaf52
Match XCC to enclosure in a chained setup
...
Also apply fixes and lay groundwork for eventual 'secure' discovery
policy. As such a policy is too limited to be practical at this point
(SMM only) the full deal is postponed until it would be feasible.
2018-01-10 15:53:49 -05:00
Jarrod Johnson
0c0a450fc2
Implement requisite functions to do chain SMM discovery
...
Hook into the neighbor data and lldp to identify SMMs.
Still need to provide context to the XCCs based on the chassis-uuid
property.
2018-01-09 17:25:31 -05:00
Jarrod Johnson
0337962cd9
Add lenovo-switch to discovery api
...
This does not actually allow config deployment, but it can help in
ascertaining access for manual access to a switch.
A proper 'handler' will come later to add configuration, probably with
an emphasis on CNOS rather than ENOS.
2018-01-09 09:17:39 -05:00
Jarrod Johnson
9f5b88eb9f
Fix nodemedia upload
...
Implement the tracking properly
2018-01-04 13:39:51 -05:00
Jarrod Johnson
3265d812ba
Tweak the media implementation
...
Change key to 'detachall' for now and remove the 'all' argument from
detach.
2018-01-04 13:21:22 -05:00
Jarrod Johnson
0d40a0cac6
Add ability to clear upload progress tracking
...
Remote media uploads could not be cleared, add the ability to do so.
2017-12-08 18:58:04 -05:00
Jarrod Johnson
6845f64d46
Correct spelling of tenant attribute
...
The attribute had been mispelled and needed a fix.
2017-12-08 18:42:08 -05:00
Jarrod Johnson
ade1d93071
Fix strip_node on createdresource
2017-12-08 18:35:39 -05:00
Jarrod Johnson
b18ad89672
Correct some errors in the previous commit
2017-12-08 18:27:35 -05:00
Jarrod Johnson
09d20ea1ff
Add remote media handling to API
2017-12-08 15:03:27 -05:00
Jarrod Johnson
60e8338b47
Fix logout
...
The logout was broken by the forwarder security hardening
2017-11-28 15:48:35 -05:00
Jarrod Johnson
8897eb5dcf
Fix user api
...
The user api had been messed up. Correct by using keyword to correctly
place the configmanager argument.
2017-11-28 15:23:27 -05:00
Jarrod Johnson
208eb46cc2
Merge branch 'master' of github.com:jjohnson42/confluent
2017-11-28 13:42:32 -05:00
Jarrod Johnson
2c5432454a
Implement a nicer nodereseat unsupported command
...
This carries the error condition cleanly back to the command line.
2017-11-28 13:42:21 -05:00
Jarrod Johnson
c5dd024557
Move the switch discoverable check for non-SMM into eval_node
...
eval_node can establish that this is a direct discovery attempt.
In that specific context, the check can be performed. Otherwise,
we can't check in this way, but the enclosure manager should raise the
error on behalf of the rest of the situation.
2017-11-27 16:59:13 -05:00
Jarrod Johnson
72af8f1631
Fix custom and net.* attributes for groups and alias clearing
...
The _group function was not using fixup_attribute, add that.
Additionally, on the clear_ functions, use the aliases to make clearing
work with the shorthand as well.
2017-11-27 10:36:29 -05:00
Jarrod Johnson
a16d4b12ea
Merge branch 'master' of github.com:jjohnson42/confluent
2017-11-14 14:29:57 -05:00
Jarrod Johnson
76bfb29d60
Try to put the brakes on too many mac discovery attempts
...
In various scenarios, too many macs on a port can be a sign of trouble.
For example, a chained SMM configuration with head on switch port, or
incorrectly pointing a nodes net attributes at a switch uplink port, or
defining SMMs without any nodes, causing XCCs to think they are
rackmount. This sets some sanity value for avoiding problems. This is
of course a mitigation, invalid scenarios could still run afoul of the
limits, but it should catch a large chunk of offending scenarios.
2017-11-14 14:28:31 -05:00
Jarrod Johnson
3e201a5f4f
Back off aborted use of configmanager in nodegroups
...
Currently, we don't need it and the change was half-attempted. Remove
the problematic half that remained.
2017-11-14 12:01:57 -05:00
Jarrod Johnson
4bbc05699e
Fixed log age out with size and time rolling
...
There was a problem if both size and time based age out were triggering
and failing to honor backupCount.
2017-11-10 08:48:36 -05:00
Jarrod Johnson
80864d78b3
Remove unused nestedmode
...
Without the ability to reliably tell a nodename from an input key,
must not do the nestedmode detection.
2017-11-08 13:36:36 -05:00
Jarrod Johnson
fcae11bf96
Do natural sort on expression expansion
...
This creates more logical behavior from nodeshell and noderun when
dealing with many nodes, particularly when crossing the concurrency
limit.
2017-11-06 14:57:15 -05:00
Jarrod Johnson
a6bae944a2
Explicit dependency version in rpm
...
Installs without update can end up with non-viable old versions.
Force yum to try to update downlevel packages if present.
2017-11-06 09:20:12 -05:00
Jarrod Johnson
7f4ea287bc
Fix issues in expression enabled InputNetworkConfiguration
...
This enables setting using expressions for any network configuration
functionality.
2017-11-03 10:25:26 -04:00
Jarrod Johnson
9f3fe01a49
Evolve the concept, it does not currently work
2017-11-02 17:07:44 -04:00
Jarrod Johnson
8bc766e740
Add concept of aliases for setting and expressions
...
For the moment this allows some shortcuts on setting and
expressions for {bmc}. Other attribute aliases may come.
2017-11-01 13:28:46 -04:00
Jarrod Johnson
8c21c59459
Dynamic backoff for switch scan
...
Have switch scan back off propritonate to time it takes to walk the
switches. Avoid being back to back on switch scans.
2017-10-27 16:50:39 -04:00
Jarrod Johnson
d5be1ccf8c
Restrict lifetime of port relay to session
...
If a session is closed, also kill off any associated
relays in progress. One exception, video port relay
in ESTABLISHED is left alone due to limitation, but
at least no new open.
2017-10-27 14:47:10 -04:00
Jarrod Johnson
45b8a18f14
Merge branch 'master' of github.com:jjohnson42/confluent
2017-10-26 13:31:36 -04:00
Jarrod Johnson
52673a990b
Confluent server side enclosure reseat
...
This provides ability to request reseat of nodes, and redirects it to
the enclosure manager.
2017-10-26 11:45:16 -04:00
Jarrod Johnson
43c60bc180
Add another invalid uuid
...
This is another uuid that will not be unique that may appear in some
systems without a valid uuid.
2017-10-25 16:16:00 -04:00
Jarrod Johnson
c86d9f3e33
More specifically restrict connectivity
...
When serving multiple browser, limit a forwarder to only the specific
client that authorized that forwarder. Previously, one client was
allowed to access another client's forwarding port if it happened to
know the location.
2017-10-23 09:34:29 -04:00
Jarrod Johnson
68221b8158
Provide distinct video forwarding per client ip
...
While we are limited to one 'listen' target at a time, we can
qualiify by the source address to at least provide distinct
behavior depending on the client.
2017-10-23 09:28:24 -04:00
Jarrod Johnson
34fb159801
Restrict forward source ip to requestor
...
This prevents sockets from opening up to the world that could be used
to connect to management interfaces directly, apart from the specific
requestors.
2017-10-22 12:35:12 -04:00
Jarrod Johnson
3372a8401a
Move registration of key handler up to constructor
...
This should be a more bulletproof place to be. Note that it used
to be here and was moved because pyghmi used to call oem_init, but
pyghmi has been changed for a long time to no longer have that
requirement.
2017-10-20 15:18:03 -04:00
Jarrod Johnson
f07a0e333f
Use natural sort in parts of macmap api
...
It was hard to traverse things through default sort, provide
natural sort to node names and port names.
2017-10-20 15:15:59 -04:00