xCAT/confluent
2
0
Fork 0
mirror of https://github.com/xcat2/confluent.git synced 2024-11-21 17:11:58 +00:00
Code Issues Projects Releases Wiki Activity
3,663 Commits 39 Branches 63 Tags 18 MiB
4f77615161
Commit Graph

3663 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jarrod Johnson
4f77615161 Provide a sample container build 2021-07-08 09:39:36 -04:00
Jarrod Johnson
430428eba2 Add missing dependencies to the confluent server package 2021-07-08 09:33:35 -04:00
Jarrod Johnson
4dee174bee
Merge pull request #64 from vmaneagit/patch-64 
Update nodeconfig.ronn
 2021-07-08 09:25:11 -04:00
Jarrod Johnson
766a5e0fd2
Merge pull request #61 from vmaneagit/patch-62 
Update confluentdbutil.ronn
 2021-07-08 09:23:54 -04:00
Jarrod Johnson
90a3839353
Merge pull request #65 from vmaneagit/patch-65 
Update nodeeventlog
 2021-07-08 09:23:32 -04:00
Jarrod Johnson
ce17015baf
Merge pull request #68 from vmaneagit/patch-68 
Update nodelicense.ronn
 2021-07-08 09:22:41 -04:00
Jarrod Johnson
360ff0798c
Merge pull request #69 from vmaneagit/patch-69 
Update noderemove
 2021-07-08 09:22:24 -04:00
Jarrod Johnson
c2bd12234b
Merge pull request #70 from vmaneagit/patch-70 
Update nodersync.ronn
 2021-07-08 09:22:03 -04:00
Jarrod Johnson
51f1c67a64
Merge pull request #63 from vmaneagit/patch-63 
Update nodeconfig
 2021-07-08 09:21:50 -04:00
Jarrod Johnson
c3634fe75c
Merge pull request #66 from vmaneagit/patch-66 
Update nodelicense
 2021-07-08 09:21:34 -04:00
Jarrod Johnson
8f394f230c
Merge pull request #71 from vmaneagit/patch-71 
Update nodersync
 2021-07-08 09:21:20 -04:00
Jarrod Johnson
b21d462acf
Merge pull request #72 from vmaneagit/patch-73 
Update noderun.ronn
 2021-07-08 09:20:51 -04:00
Jarrod Johnson
dc32813882
Merge pull request #73 from vmaneagit/patch-72 
Update noderun
 2021-07-08 09:20:38 -04:00
Jarrod Johnson
c8ead7bb6d
Merge pull request #74 from vmaneagit/patch-74 
Update nodepower.ronn
 2021-07-08 09:19:56 -04:00
Jarrod Johnson
f352a10000
Merge pull request #75 from vmaneagit/patch-78 
Update nodepower
 2021-07-08 09:19:39 -04:00
Jarrod Johnson
dd4f329139 Finish changes to builddeb script for vtbufferd 2021-07-01 16:45:20 -04:00
Jarrod Johnson
90bde09c82 Fix make clean without binary existing 2021-07-01 16:39:36 -04:00
Jarrod Johnson
2d2e8114b3 Add install section for Makefile in debian packaging 2021-07-01 16:34:06 -04:00
Jarrod Johnson
b87580466e Add debian packaging for vtbuffered 2021-07-01 16:31:59 -04:00
Jarrod Johnson
08cf1bbf48 Fix the sed syntax for LEAP import 2021-07-01 14:07:43 -04:00
Jarrod Johnson
e565a1752f Fix LEAP initprofile behavior 2021-07-01 13:43:31 -04:00
Jarrod Johnson
ef1649208e Switch to using separate CA for TLS 
This allows regenerating TLS cert
without updating boot images.

For example, if ip address changes need a new cert, no
longer should the nodes need new certs to trust
just due to that.
 2021-06-30 14:25:46 -04:00
Jarrod Johnson
35b9635840 Clear armed API if current node token is used 
If a node is armed, but instead unseals the prior key from TPM,
implicitly clear the armed state to avoid leaving it armed.
 2021-06-28 13:30:09 -04:00
Jarrod Johnson
9c43dbff47 Rework MFA handling 
Avoid calling PAM in the parent process, as
this seems to cause problems with some PAM
configurations.
 2021-06-28 11:34:11 -04:00
Jarrod Johnson
f830514d10 Implement support for additional pam prompts 
For example, if PAM has OTP, then support it.
 2021-06-25 17:26:32 -04:00
Jarrod Johnson
f2eba22b9b Fix TLS certs for el8 diskless 
Properly place and process
the TLS certs for a site.
 2021-06-25 13:06:35 -04:00
Jarrod Johnson
1fcab688dd Fix connection name in networkmanager diskless 2021-06-25 10:56:35 -04:00
Jarrod Johnson
abfa2c4f7c Switch back to default curl output 
The terminal size on console is a challenge.
 2021-06-24 17:01:35 -04:00
Jarrod Johnson
3be73af07e Change style of download progress in curl 
Use a simpler progress bar.
 2021-06-24 16:46:10 -04:00
Jarrod Johnson
a2b2c8a995 Remove extraneous '/' output 
Suppress output of cd -, as
it's a bit odd during boot.
 2021-06-24 15:57:03 -04:00
Jarrod Johnson
42f8056d56 Fix apiclient with TPM managed token 
The retry mechanism is amended
to clear out the useless key
and start trying to get a network grant again.
 2021-06-24 14:53:54 -04:00
Jarrod Johnson
2ef695324a Migrate genesis to new TPM strategy 
Have addons for genesis
implement the same TPM usage
model as the suse/redhat stateless.
 2021-06-24 14:35:21 -04:00
Jarrod Johnson
4c6f0843f9 Remove microcode from genesis 
Should not be needed for genesis level activity, and consumes a large
amount of storage.
 2021-06-24 14:00:19 -04:00
Jarrod Johnson
c19ae8a451 Add tpm2 tools to genesis 
Follow the design of the stateless usage of TPM
 2021-06-24 13:20:47 -04:00
Jarrod Johnson
a8e152cc4a Switch TPM strategy on RedHat diskless 
Switch to thte same approach as used in suse:
-Try to unseal any persistent handles
-If that works, try to use it on network
-If it didn't work, clear that handle
-When an api key is retrieved, then seal it to pcr 15
-When it's all done, extend pcr15 to prevent the OS from being able to
unseal
 2021-06-24 12:04:10 -04:00
Jarrod Johnson
c92b3aea9d Mitigate error output from extraneous handles 
Unrelated handles in use will no longer result in misleading console
output.
 2021-06-24 11:41:34 -04:00
Jarrod Johnson
5be4a5ab73 Add missing TPM utilities to suse boot 2021-06-24 11:22:41 -04:00
Jarrod Johnson
3c41c52d77 Rework TPM usage in SUSE diskless 
For one, need to detect stale
TPM value and clear them.

For another, seal to PCR 15 and extend after unlock, so that the booted
system is unable to retrieve
the data from the TPM (e.g.
a plain user by default is allowed
to unseal data if there's no
policy, so use a policy and
extend the state away before boot)
 2021-06-24 11:09:37 -04:00
Jarrod Johnson
e24a3a7231 Change media_url 
Have autoyast file pass validation and adapt
the processing to work with it.
 2021-06-24 08:27:55 -04:00
Jarrod Johnson
bffb7a8cac Correct typo in suse install autoconsole message 2021-06-23 17:52:21 -04:00
Jarrod Johnson
feb418ac59 Store TPM unsealed apikey in usual location 2021-06-23 17:22:18 -04:00
Jarrod Johnson
ee5ea4263f Add curl to suse15 pkglist 2021-06-23 17:16:13 -04:00
Jarrod Johnson
b30fabd55d Enable TPM2 on SUSE diskless for apikey 
Rather than remote sealed copy, store it in the TPM2

Will convert genesis and EL diskless for this to be the new preferred
mechanism.
 2021-06-23 17:01:27 -04:00
Jarrod Johnson
b8c9e9c535 Begin work to support complex PAM conversations 
For example, TOTP setups need
more prompts, this will pass
the info to the client for the client to adjust.
 2021-06-23 16:31:42 -04:00
Jarrod Johnson
d86fc664e9 Handle space delimiting in nameservers 
If multiple dns servers, then need to quote to preserve
the list.
 2021-06-23 12:35:54 -04:00
Jarrod Johnson
6862d9e580 Correct formatting of nameserver list in suse 2021-06-23 12:26:49 -04:00
Jarrod Johnson
dc8cb1b13f Correct syntax in imageboot for suse 2021-06-23 12:24:36 -04:00
Jarrod Johnson
f10d2af59f Specify netconfig file location 2021-06-23 12:16:08 -04:00
Jarrod Johnson
172bb12885 Modify Suse diskless for suse networking 
Suse doesn't use network manager, populate sysconfig
instead.
 2021-06-23 12:07:13 -04:00
Jarrod Johnson
4445b8cc78 Fix name resolution for suse hosts/containers 
Suse uses a strategy with symlinks, adapt
the resolv.conf target based on findings from
symlink chasing.
 2021-06-23 11:49:16 -04:00