The root cause for negative has not been determined,
however reduce the hypothetical exposure to the issue
in the hopes of filtering out extraneous problems.
The socket.SO_PEERCRED seemed to work fine for my
ppc64 RHEL system, but testing today on little-
endian SLES 12 system threw that exception. So
checking if the arch is "ppc64" on the exception
case.
Previously, any PAM result was treated as good. This isn't
actually of practical value, since we need a user object to
really do authorization. Change strategy to give pam a chance
to deny anyone, but require the user to exist in confluent
even if pam says the user is a valid one.
If connectivity is lost in the midst of an interrogation,
relay the unreachable status to the client rather than
'Internal Error' that was occuring before.
xcathmc.sh is a xCAT console wrapper needed to be placed in the
confluent consoles plugin directory. Talking with Jarrod, it was
decided that confluent should stay stand-alone and xCAT should ship
this and related "glue" items in a separate RPM. The empty 'console'
directory should be owned by the confluent RPM
If a web application in a wider domain sets a cookie that python
doesn't like, a CookieError would be raised to ruin the whole request.
Address by subclassing SimpleCookie to catch the cookie error and
set an empty Morsel rather than fail out. This allows the errant
cookie to be ignored while still being able to check for the cookie
that we actually care about.
The change to allow configmanager to log traces
erroneously broke due to use of 'import .. as' in
circular imports. Skip 'as' and the problem does not occur.
When a change callback handler raises an exception,
log it and move on to next handler. This prevents
the handler from screwing up the caller or fellow
callback handlers. Unfortunately this means that
no one notices the issue until checking the trace
log file, but it produces more peculiar behavior
as it stands without this change.
If a session was attempted but failed before creation, a trace was thrown.
Fix this by catching the scenario and passing, since the desired effect is
already there.
Clarify that the data is in UTF-8 where applicable. It is expected
that clients are capable of handling UTF-8 for now. Additionally,
the HTML api explorer handling of numeric data is fixed.
When a log object is used as a 'dumb' file target, show the origin of the
output. The motivation here is that 'print' statements are intended to
be an unusual event that should be easily tracked down and eliminated
once their specific use has concluded.
In xcatd, running '-f' means a lot of mysterious output that is hard
to manage as they frequently print out variable contents without
searchable context. For example, if in xcatd someone randomply prints out
a varibale with a nodename, we might see a stray:
n1
With this change (together with previous changes), the same statement
results in stdout log appearing like:
Jan 19 14:20:54 File "/opt/confluent/lib/python/confluent/plugins/hardwaremanagement/ipmi.py", line 364, in _dict_sensor
print nodename: n1
A plugin is now allowed to define a collection. The sensors
hierarchy is added as the first path to allow plugin curated
collections. ipmi plugin updated to list items in those
collections
For exploring the api, a write-only attribute presents difficulty. Address this by allowing
plugins to return a '' value and have ipmi plugin return that value to enable things
like the web api explorer.
Previously some rather uncomfortable looking output would be emitted at someone trying to restart
confluent if not running. Be nicer and recognize when service is not running and a stop attempt is made.
Plugins may implement bootmode as appropriate. Currently, the only
example usage is how IPMI can indicate BIOS style versus UEFI style
boot.
Additionally, limitations of the ChoiceMessage base object around
handling multi-parameter pieces of data are addressed.
The buffer age was not working as intended
The fix to exit on error exited overly eagerly
The log replay failed to report a third value if file did not exist.
To facilitate a clean coordinated shutdown, create a verb so that a termination can be done
and know when it is completed. Only allow for the 'special' case of 'skipauth', where unix domain
socket connection is in hand and only root or the service owner can access.
As it heads into RC, will start using the tags and
overly simplifying things in the same way xCAT
revs versions even without changes for the sake
of consistency
When logging was changed from none to full, it would always
start and immediately abort connecting to start again.
Change this by deciding which connection liveness strategy
to use based on how many settings changed. If just logging
changes, then connect only if not connected or connecting.
If more changes, then skip that kinder strategy and go straight
to reconnecting.
Make sure that the dbm object is closed before another thread might come along. Out of an overabundance of caution,
also join() existing cfgwriter thread to make sure that only one thread touches it at a time. In theory, it should only possibly
be after the db is closed, but take no chances.
If the sync thread had moved beyond the point of checking _writepending, but had not quite managed to trigger
isAlive() to be false, the sync cfg to file would transition to never work. Address this by adding one lock and one boolean.
Inside the lock, the two booleans are manipulated to atomically mark the end of thread sync activity linked with
check for pending data to write.