2
0
mirror of https://github.com/xcat2/confluent.git synced 2024-11-28 20:39:40 +00:00
Commit Graph

32 Commits

Author SHA1 Message Date
Jarrod Johnson
ab7f0e0528 Fix error checking in imginfo
imginfo was checking fread when it should
have been checking number of records.
2022-04-01 09:32:43 -04:00
Jarrod Johnson
ad40c46509 Remove now-redundant genpasshmac.c file 2022-03-10 09:32:44 -05:00
Jarrod Johnson
301ed7a798 Fix mistake in b64e invocation 2022-03-10 09:15:26 -05:00
Jarrod Johnson
b42e2e4932 Change to b64 output for hmac
base64 utility is not always available, so natively
use base64 format for hmac output.
2022-03-10 09:00:54 -05:00
Jarrod Johnson
61d037ae31 Combine genpasshmac with clortho
This permits saving on addons size by using the same
binary for both networked api grant and hmac api
grant.
2022-03-09 13:36:47 -05:00
Jarrod Johnson
a8c2f859e4 Add a genpasshmac utility
For far edge deployment, create utility
that can hmac a password for use in a REST
api call to skip need for tcp port 13001 access.
2022-03-08 16:27:37 -05:00
Jarrod Johnson
31dad09b0c Update makefile to build in sh256 to clortho 2022-03-08 14:46:33 -05:00
Jarrod Johnson
0abe978bd9 Implement hmac of apikey
For routed deployment, we have to preshare some information.

Additionally, the API arm mechanism gets too open ended.

Add support for using a shared secret over another
channel to do HMAC of a key to authenticate peer,
which has an alternate api arming mechanism
that is hardened.
2022-03-08 14:46:00 -05:00
Jarrod Johnson
b463a53146 Cleanup per coverity
Fix a number of concerns that coverity reports
2022-02-17 17:05:00 -05:00
Jarrod Johnson
00bedf6946 Shuffle confluenntuuid to earlier in copernicus
Currently, ssdp handler behavior needs confluentuuid first, if
it is to have any effect.
2022-02-08 12:06:52 -05:00
Jarrod Johnson
358b719cec Implement deployment binding for new installs
When doing osdeploy initialize,
save the uuid and have deployment
targets specifically pair back with site via
uuid.
2022-02-08 10:41:27 -05:00
Jarrod Johnson
c475e4801f Fix incorrect quotes in autocons.c 2022-01-07 09:28:24 -05:00
Jarrod Johnson
624984b1c9 Do not assume SPCR until confluent confirms text console
TIOCCONS was called for users that did not want to use serial.  This
makes the serial console delayeed when automatic, but avoids video
users from being confused.
2021-12-09 10:34:12 -05:00
Jarrod Johnson
a4fc64ea56 Move el9bin build out of spec
Since the rpm itself is built in an el7 container, build
binary before spec driven build to be compatible.
2021-10-07 09:18:24 -04:00
Jarrod Johnson
54667570bd Create encrypted image and private profile data
Prepare for securing os profile witht custom images
2021-07-23 16:13:24 -04:00
Jarrod Johnson
e43e5ac167 Add confluent_imgutil to addons 2021-07-15 14:42:26 -04:00
Jarrod Johnson
1570d3dbe3 Add c utility for reading confluent multipart images 2021-07-15 12:39:19 -04:00
Jarrod Johnson
1645d47b73 Fix clortho
The suggested correection for clortho was in fact
incorrect.  Revert back and cast it.
2021-06-04 17:19:19 -04:00
Jarrod Johnson
1a30876a2d Begin work to package diskless support
First will work on the 'addons' portion of the needed
work.
2021-06-03 17:17:42 -04:00
Jarrod Johnson
e0c59cc341 Fixup c utilities and add start_root
The diskless will use start_root to boot the 'main' OS as a container.
2021-06-03 17:06:10 -04:00
Jarrod Johnson
917a51a406 Error if bind to privileged port fails 2021-04-28 08:37:23 -04:00
Jarrod Johnson
697b33ae80 Put a lower bound on autocons geometry
If some glitch happens during the read, do not end up with
absurdly low geometry.
2021-03-18 15:48:25 -04:00
Jarrod Johnson
d3a699a8fb Have autocons attempt sizing of serial console
If a terminal is open during autocons, that terminal
will be the size of the console.

Otherwise, fallback to 100x31.
2021-03-13 12:33:53 -05:00
Jarrod Johnson
1ecef6f251 Be a bit paranoid about string boundary 2020-11-06 13:57:35 -05:00
Jarrod Johnson
31c2c5f6f7 Fix errors in the TPM2 support 2020-11-06 13:38:37 -05:00
Jarrod Johnson
f7e7d05729 Add TPM2 support to node api key handling
This is an optional capability that image payloads may use
to use the TPM2 to protect an apikey as an alternative to
arming a weak authentication invocation
2020-11-06 10:00:36 -05:00
Jarrod Johnson
a263851614 Fix problem with autocons
autocons needed to open the devnode earlier
to have the correct name. Fixes TSM autocons
behavior
2020-09-24 08:26:37 -04:00
Jarrod Johnson
8ab9c14d45 Do not surpress if scope index is distinct
This allows vetting multiple peers when vlan tagging
is used with LLA.
2020-06-30 14:18:54 -04:00
Jarrod Johnson
31aeb2552c Have copernicus outut extended info
This will help profiles select
the most appropriate interface.
2020-06-26 16:13:15 -04:00
Jarrod Johnson
785d8a7c1c Fix a couple of problems
In RHV, tmux was unable to attach because of TMUX variable.
Unset it to allow tmux to work normally.

Clortho didn't specify family, which worked in linux but not
in ESXi.
2020-06-19 10:24:51 -04:00
Jarrod Johnson
e4a4bdf317 Fix clortho mistake
In attempting to correct clortho,
a mistake was made in the printf
formats.
2020-05-04 17:27:22 -04:00
Jarrod Johnson
efe936a93d Further build process for confluent_osdeploy 2020-05-04 15:45:35 -04:00