xCAT/confluent
2
0
Fork 0
mirror of https://github.com/xcat2/confluent.git synced 2024-11-25 19:10:10 +00:00
Code Issues Projects Releases Wiki Activity
2,332 Commits 39 Branches 63 Tags 18 MiB
501ab64e18
Commit Graph

2332 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jarrod Johnson
501ab64e18 Revert "Add a utility to select disks" 
This reverts commit 2936c7e8fd.
 2020-04-27 17:37:21 -04:00
Jarrod Johnson
2936c7e8fd Add a utility to select disks 
Use python to enable a bit
more flexibility and still be
readable.
 2020-04-24 09:40:55 -04:00
Jarrod Johnson
4f85ba2bff Fix nodeattrib set of password 
This path happens in nodeattrib.
 2020-04-22 09:46:38 -04:00
Jarrod Johnson
5232b7c9c4 Fix passwords with {} in them 
The input handler erroneously
tried to make an expression out
of values that did not support
expressions.
 2020-04-22 08:58:38 -04:00
Jarrod Johnson
f964fd8ce1 Add some information to man page 
If the user consults the man page for help after a
HOSTUNREACH, give some text.
 2020-04-17 10:00:56 -04:00
Jarrod Johnson
f97fd3105f Prevent GET from indicating a non-idempotent opreation 
This could bypass CSRF protection in theory.
 2020-04-16 12:08:47 -04:00
Jarrod Johnson
bc03da47af Fix another python3 syntax problem 
async can't even be a member of
a class, evidently.
 2020-04-10 12:12:17 -04:00
Jarrod Johnson
bd39171611 Fix another use of async name 
For better python 3 compatibility,
stop using async as a variable name.
 2020-04-10 12:09:27 -04:00
Jarrod Johnson
ed050b37e1 Fix httpapi with python3 
async is now particularly special,
rename variable to fix it
 2020-04-10 11:58:45 -04:00
Jarrod Johnson
8d1d19d9a8 Fix nodelicense save with expansion 
Client side checking will not suffice.  Move it server side.

Additionally ,fix ownership of downloaded files.
 2020-04-09 08:20:55 -04:00
Jarrod Johnson
017f3fb372 Switch CP storage to SSDP from SLP 
The SLP behavior on CP storage BMC is problematic.
Switch to SSDP to see if that provides more robust
behavior.
 2020-04-07 11:32:52 -04:00
Jarrod Johnson
46518f890b Fix nodediscover assign 
The feature request for -n was
implemented in a way that broke
nodediscover assign.
 2020-04-06 14:50:24 -04:00
Jarrod Johnson
7e86a72872 Pass along unavailable info to client 2020-04-03 12:33:55 -04:00
Jarrod Johnson
2567503662 Handle both types of CP reply 
The CP storage may reply with
one of two distinct forms.  Recognize
either and treat them the same.
 2020-04-03 11:01:55 -04:00
Jarrod Johnson
6b56181a52 Fix attrib add code 
It was failing due to automatic pathing in python3
 2020-04-02 11:42:54 -04:00
Jarrod Johnson
c18ce50138 Integrate attributes into man pages 2020-04-02 11:01:42 -04:00
Jarrod Johnson
a0684520d8 Add documentation for some parameter default 2020-04-02 10:25:57 -04:00
Jarrod Johnson
374aa49016 Add man page for nodersync 2020-04-02 10:17:44 -04:00
Jarrod Johnson
0b95daa30d Add msgpack to explicit dependencies 
This will pull in msgpack for debian derivatives.
 2020-03-30 10:58:08 -04:00
Jarrod Johnson
d33365195b Have nodediscover list filter by -n 
It is a reasonable expectation and useful feature to provide.
 2020-03-27 12:14:41 -04:00
Jarrod Johnson
3429173c27 nodeconsole changes to specifically target tmux 
tmux needs more direction to avoid ambiguous results.
 2020-03-27 10:57:14 -04:00
Jarrod Johnson
f6c44922f8 Add support for forced password change 
ThinkAgile CP storage BMC firmware now requires
a password change be navigated prior to operation.
 2020-03-26 14:10:17 -04:00
Jarrod Johnson
a86d962984 Fix missing pwd import 
The pwd module was accidentally omitted, fix the mistake.
 2020-03-13 11:04:16 -04:00
Jarrod Johnson
9ee29aabe1 Set certificate ownership properly 
When creating certificate for collective, ensure that the certificate
is usable by confluent when running
as non-root.
 2020-03-12 16:04:23 -04:00
Jarrod Johnson
a413f321fe Fix console loss on server exit 
Catch the new exception that
was used to make other commands
exit cleaner.
 2020-03-11 13:58:37 -04:00
Jarrod Johnson
f2bd796c2a Further clean up license error handling 
Backup of nodelicense was not
consistently checked between
redfish and ipmi plugins.
 2020-03-11 09:29:41 -04:00
Jarrod Johnson
bf31c4872f Fix mistake in nodelicense save 
It was incorrectly presenting unrecognized error infomation.
 2020-03-11 09:22:16 -04:00
Jarrod Johnson
634e5a8944 Update gitignore 2020-03-02 13:15:09 -05:00
Jarrod Johnson
67e3530d16 Add group count to collate 
Feature request to offer the
ability to count output groups
rather than actually show output
groups.
 2020-03-02 11:29:28 -05:00
Jarrod Johnson
3c26beda1d Fix loss of web connectivity during XCC discovery 
The password policy was incorrectly logging out in the
middle of the flow when a forced password change occurred.
Fix by externally managing the web session.
 2020-02-26 10:00:10 -05:00
Jarrod Johnson
e2d0e49fc7 Add HTTP boot architecture to pxe 
This paves the way for future response to HTTP boot
 2020-02-20 20:36:36 -05:00
Jarrod Johnson
da5a34c2e4 Fix wheezy builds 2020-02-20 08:05:21 -05:00
Jarrod Johnson
3629cb8ee7 Fix spelling of cumulus 2020-02-19 16:53:35 -05:00
Jarrod Johnson
8233e0a5bd Merge branch 'master' of github.com:jjohnson42/confluent 2020-02-19 16:26:48 -05:00
Jarrod Johnson
eae7b3bd80 Add discovery snoop for Cumulus ZTP 
When a cumulus switch does ZTP, detect
in the discovery facility.
 2020-02-19 16:26:33 -05:00
Jarrod Johnson
868367e052 Add sensing of ONIE switches 
Have nodediscover show detected
ONIE install devices.
 2020-02-19 15:20:45 -05:00
Jarrod Johnson
6289cfaac4 Fix nodeboot when used with -m 
nodeboot was erroneously using sys.argv rather
than the processed args from optionparser.
 2020-02-19 14:36:10 -05:00
Jarrod Johnson
f6d4fef5e6 Improve error message for collective 
When trying to not run as root, give a
better error message explaining the
situation more clearly.
 2020-02-18 16:16:40 -05:00
Jarrod Johnson
b1b7ec4d50 Add affluent plugin 
Implementing Cumulus NOS
support through an agent called
'affluent'.
 2020-02-18 14:23:57 -05:00
Jarrod Johnson
c0cd6de4f7 Remove PrivateDevices from unit file 
PrivateDevices breaks pam_unix, for some reason.  Remove this
protection.  We still have DevicePolicy closed and running as non-root,
so this should still be relatively safe.i
 2020-02-13 11:42:21 -05:00
Jarrod Johnson
4437e81e04 Leverage unix_chkpwd 
If doing PAM authentication, we
can setuid to the target user and then
pam_unix will use unix_chkpwd on
our behalf.

Problems with this working in the lab
was resolved by a yum reinstall pam,
so it was presumably due to messed up
setcap or similar experiments.
 2020-02-13 10:37:15 -05:00
Jarrod Johnson
6a12af1242 Remove non-root for older distributions 
Older systemd does not support capabilities.  For such a platform,
disable non-root mode.
 2020-02-12 13:20:08 -05:00
Jarrod Johnson
9879a83a10 Fix mistake in the redfish access protection 
It contained a syntax error.
 2020-02-11 14:22:19 -05:00
Jarrod Johnson
cce6b824de Merge branch 'master' of github.com:jjohnson42/confluent 2020-02-11 14:09:51 -05:00
Jarrod Johnson
ce1cb952e8 Fix PAM authentication 
It's tricky.  On Redhat platforms, we need the CAP_DAC_READ_SEARCH
capability.  Unfortunately this is one of the nicest capabilities to have.

For now add it to ambient set so that PAM can work on redhat platforms.
Mitigate this risk by safeguarding the license handling code, which
is the only known place that can read a file and send it to somewhere.

If we could drop the capability from effective set and add it back in when
needed, that would be nice, but that appears not to be possible.

Short of that, having a separate authentication process
running and dropping privilege would potentially work.
 2020-02-11 14:09:22 -05:00
Jarrod Johnson
c6812274e4 Fix media list through collective 
The Media class was not
serializable by msgpack.  Fix this
and improve error messages in
future instances of this behavior.
 2020-02-11 09:04:49 -05:00
Jarrod Johnson
7cd7068dd7 Remove stray developer output 
Remove a developer repr from log
output.
 2020-02-07 16:01:29 -05:00
Jarrod Johnson
48f0330568 Add affluent support to /networking 
The /networking backend will now
check for affluent on the switches and
use it if possible for improved performance.
 2020-02-07 15:57:33 -05:00
Jarrod Johnson
66e1d17d28 Have systemd manage confluent run dir 
The run directory has to be created and owned by confluent,
or else things cannot start.
 2020-02-06 13:45:46 -05:00
Jarrod Johnson
7480494432 Tighten up new PAM check 
For one, remove the password cache cleaning, as it no longer is run.

For another, skip the fork if uid is already 0.

Finally, wrap the check in a try/finally to keep the privileged process
more certain in exiting.
 2020-02-06 10:05:57 -05:00