xCAT/confluent
2
0
Fork 0
mirror of https://github.com/xcat2/confluent.git synced 2025-02-27 15:50:24 +00:00
Code Issues Projects Releases Wiki Activity
3,841 Commits 39 Branches 67 Tags
Commit Graph

1816 Commits

Author SHA1 Message Date
Jarrod Johnson
4ab5cac3eb Generate random serial number for certificate 
Hardcoding 0x123 serial number would cause strict clients to reject the
certificate.

While we are still not guaranteeing uniqueness, the chances of a
duplicate are impossibly small.
 2021-09-22 07:48:44 -04:00
Jarrod Johnson
1b88e44c59 Ignore broken lldp results 
Some switches may have broken incomplete records,
skip such records to focus on viable complete records.
 2021-09-16 15:49:36 -04:00
Jarrod Johnson
9687ce89b8 Use fe80:: match to find index for getting addresses 
This fixes a problem where fetching
from fe80:: fails to identify nic.
 2021-09-13 17:54:18 -04:00
Jarrod Johnson
52bebe41d1 Provide ipv6 only for deploycfg2 
Older profiles may trip over new network
lines, spare them 'v6' entries until
they opt into deploycfg2.
 2021-09-13 10:26:17 -04:00
Jarrod Johnson
8eb242cba0 Add ipv6 support to genesis 2021-09-09 16:27:59 -04:00
Jarrod Johnson
20f607f49e Skip calling localectl when possible 
localectl can sometimes be unworkable,
prefer sourcing the relevant configuration files directly
when possible.
 2021-09-08 12:42:43 -04:00
Jarrod Johnson
3762a37243 Provide advertise and reply 
Since the packets are the same, just need to handle the
request type.
 2021-09-07 16:50:55 -04:00
Jarrod Johnson
f3d7a949e6 Fix ipv6 netboot support to get to request 
A number of mistakes were in
netutil and the advertise needed
to be complete and transmitted.
 2021-09-07 16:13:27 -04:00
Jarrod Johnson
10e408559b Merge branch 'master' into ip6 2021-09-07 11:10:25 -04:00
Jarrod Johnson
aaea5bcaeb Make sure the netlink socket closes on the way out 2021-08-30 09:01:42 -04:00
Jarrod Johnson
3d4462d788 Fix support for newer XCC firmware 
Newer XCC firmware requires more parameters for usermodify
 2021-08-27 18:29:38 -04:00
Jarrod Johnson
a9044238ba Further the IPv6 support 2021-08-26 17:44:30 -04:00
Jarrod Johnson
d4a846e786 Merge branch 'master' into ip6 2021-08-26 12:23:29 -04:00
Jarrod Johnson
7c617a160b Close socket in relay_data 
Closing the socket outside of relay_data causes relay_data
to stay alive, causing eventlet to think a filehandle is open that is not.

A reasonable question would be why eventlet fails to error that read
when the filehandle is closed, but for now, move the close activity
to the relay_data handler.

This resolves "Second simultaneous read on fileno" conditions introduced
by the fix for leaking filehandles.
 2021-08-26 11:52:22 -04:00
Jarrod Johnson
3e21587f22 Update error text for redfish to cover completely unsupported redfish 
systems
 2021-08-26 08:58:02 -04:00
Jarrod Johnson
1b3231377c Draft work to update pxe and netutil for ipv6 support 2021-08-25 17:58:36 -04:00
Jarrod Johnson
ba7ccaa7f2 Document the netlink data in neighutil 2021-08-25 17:57:52 -04:00
Jarrod Johnson
597db2138f Begin work on ipv6 netboot support 2021-08-25 09:21:12 -04:00
Jarrod Johnson
6bb6b362ab Provide support for merging multiple sources to single destination 2021-08-24 17:39:06 -04:00
Jarrod Johnson
0cfd18d84e Add a little main to experiment with neighutil 2021-08-24 17:18:10 -04:00
Jarrod Johnson
51a73737a7 Fix new neigh behavior 
It would sometimes miss a lookup.
 2021-08-24 17:15:56 -04:00
Jarrod Johnson
4f4d02d68f Refactor neighutil 
Stick to bytes in the expensive part, only convert to and from
presentation form on lookup need.

Convert all external calls to a unified lookup logic.
 2021-08-24 16:19:41 -04:00
Jarrod Johnson
797465b3eb Handle some intra-collective errors better 2021-08-24 15:50:03 -04:00
Jarrod Johnson
69b58836f6 Change to built in neigh fetch 
Rather than outsource, slowly,
to ip neigh for this frequent task,
call netlink directly.
 2021-08-24 11:54:33 -04:00
Jarrod Johnson
06cfd408fc Fix handling of abrupt client close 2021-08-24 07:57:14 -04:00
Jarrod Johnson
f855dda70f Sort list of distributions and profiles 
The default sort order of listdir
isn't particularly helpful to anyone.
 2021-08-18 15:40:58 -04:00
Jarrod Johnson
b07ca72a8b Close stray filehandles 
Proxied terminals and dispsatched
requests would leak filehandles.
 2021-08-17 17:18:10 -04:00
Jarrod Johnson
130e3adbc6 Add uuid fill-in for pxe when policy allows 
If permissive or open, and xcc is known, but uuid missing,
fill it in.

If open or pxe, and can know node through XCC fingerprint,
then accetp that as a clue.

Also, do not search ethernet switches when xcc cert helps identity.
 2021-08-12 14:17:57 -04:00
Jarrod Johnson
0f543c80e9 Add a more specific error if we have a guess about nodename 
If a manual add procedure has not
specified a mac or uuid, but
the discovery framework has a guess about it,
have that guess appear
in events with suggestion on
how to proceed.
 2021-08-12 13:07:57 -04:00
Jarrod Johnson
034eca3bb0 Refine PXE/HTTP log 
Add logs for ignored boot requests, suppress discovery warning for known uuids,
and generally throttle logging these to once per mac address per minute.
 2021-08-11 08:14:32 -04:00
Jarrod Johnson
2a0491ef0c Add ability to specify custom increment in [] 
Often, it's desired to target odd or even, provide custom increment/step syntax,
but only in the [] context.

Perhaps one day can add n1-n12:2 support, but for now, this is easier to handle.
 2021-08-09 11:19:07 -04:00
Jarrod Johnson
f9846cb564 Fix inability to delete a completed servicedata event 2021-08-05 08:31:13 -04:00
Jarrod Johnson
9bfdd20919 Add sanity check to confluent start 
Refuse to start if /etc/confluent is in bad shape that
may create issues later.
 2021-08-04 10:54:21 -04:00
Jarrod Johnson
b604ec4773 Fix detection of missing sync source 
Rather than just assume we want a directory when glob
finds no matches, just take the empty result.
 2021-08-02 11:33:08 -04:00
Jarrod Johnson
2219297afc Fix simple password support 
Simple password was broken during the MFA addition, restore
the most common authentication mechanism.
 2021-07-29 13:16:33 -04:00
Jarrod Johnson
08f226a3bf Recognize Ubuntu 20.04.2 2021-07-28 14:31:04 -04:00
Jarrod Johnson
54667570bd Create encrypted image and private profile data 
Prepare for securing os profile witht custom images
 2021-07-23 16:13:24 -04:00
Jarrod Johnson
29d0dd6678 Add missing profile content for cloning 2021-07-21 12:47:43 -04:00
Jarrod Johnson
db735a654d Aggregate vt buffer feeds 
If we start developing a backlog
of content to feed to the buffer manager,
aggregate updates to batch submit them more efficiently.
 2021-07-19 11:16:12 -04:00
Jarrod Johnson
a8b54ff434 Fix initial collective join 
Initial collective join combined
with the orderly collective startup
hit a chicken and egg problem.

Disable initting on first enrollment
to let enrollment drive
that specific initialization to
restore behavior.
 2021-07-19 10:25:35 -04:00
Jarrod Johnson
a953a6afba Provide clearer error when osdeploy initialize is not done 
osdeploy import needs to have things prepared by
osdeploy initialize.  Check for it having run and error if needed.
 2021-07-14 15:40:38 -04:00
Jarrod Johnson
430428eba2 Add missing dependencies to the confluent server package 2021-07-08 09:33:35 -04:00
Jarrod Johnson
ef1649208e Switch to using separate CA for TLS 
This allows regenerating TLS cert
without updating boot images.

For example, if ip address changes need a new cert, no
longer should the nodes need new certs to trust
just due to that.
 2021-06-30 14:25:46 -04:00
Jarrod Johnson
35b9635840 Clear armed API if current node token is used 
If a node is armed, but instead unseals the prior key from TPM,
implicitly clear the armed state to avoid leaving it armed.
 2021-06-28 13:30:09 -04:00
Jarrod Johnson
9c43dbff47 Rework MFA handling 
Avoid calling PAM in the parent process, as
this seems to cause problems with some PAM
configurations.
 2021-06-28 11:34:11 -04:00
Jarrod Johnson
f830514d10 Implement support for additional pam prompts 
For example, if PAM has OTP, then support it.
 2021-06-25 17:26:32 -04:00
Jarrod Johnson
b8c9e9c535 Begin work to support complex PAM conversations 
For example, TOTP setups need
more prompts, this will pass
the info to the client for the client to adjust.
 2021-06-23 16:31:42 -04:00
Jarrod Johnson
fc19ca4e36 Change to pythton-dnspython for dependency 
Multiple compatible packages exist that provide same name, accept
either.
 2021-06-23 08:37:00 -04:00
Jarrod Johnson
7122c17ce0 Remove pyte requirement 
We no longer use pyte, remove the requirement.
 2021-06-08 16:43:06 -04:00
Jarrod Johnson
bbe9bc3e06 Constrain plugin collections to flat by default 
When asking for a path that exceeds the plugincollection,
thten provide generic 'not found' behavior.
 2021-06-04 14:48:31 -04:00