2
0
mirror of https://github.com/xcat2/confluent.git synced 2024-11-29 04:50:21 +00:00
Commit Graph

1635 Commits

Author SHA1 Message Date
Jarrod Johnson
a738b761b4 Fix XCC discovery with Whitley changes 2021-01-12 11:47:02 -05:00
Jarrod Johnson
d27ef81e32 Fix PXE handling of candidate managers 2021-01-11 13:33:26 -05:00
Jarrod Johnson
f5344fabaa Correct typo in new attribute text 2021-01-11 13:13:03 -05:00
Jarrod Johnson
fa1c2f5c1e Only offer deployment if a candidate manager
If candidate managers are defined, and this node is not in
that set, ignore PXE and SSDP requests to opt out of
deployment.
2021-01-08 16:32:41 -05:00
Jarrod Johnson
25c3f40559 Cache manager name
Since the get_myname() may be called much much more
frequently now that it is in the deployment flow,
have it cache results to save a lot of disk I/O
2021-01-08 16:30:51 -05:00
Jarrod Johnson
5812a0eef6 Have a rebalance shortly after becoming leader
This will handle startup and takeover when the current leader dies.
2021-01-08 16:15:11 -05:00
Jarrod Johnson
086ce9823b First phase of collective manager candidate implementation
This implements recovery on loss of collective member to
the least loaded candidates for the node.
2021-01-08 16:00:24 -05:00
Jarrod Johnson
2d6bdffebe Finalize the ssh.trustnodes facility
This is the confluent approach to handling the same
problem that xCAT SSH Zones do.
2021-01-08 14:05:37 -05:00
Jarrod Johnson
efdbeeae0d Fix SNMPv2 on non-cisco switches
The cisco change was causing problems elsewhere.
2021-01-08 09:16:40 -05:00
Jarrod Johnson
a2a1142f18 Draft implementation of ssh trust segmentation
Have equiv optionally be restricted to a subset of nodes
so that node to node ssh may be enabled within subsets
without enabling across the board.

This is akin to 'zones' in xCAT, albeit a bit more flexible
and covering both users and administrative access.
2021-01-06 11:52:43 -05:00
Jarrod Johnson
1ec5231ebe Do not reply to mismatched IP in confluent search
If an OS queries for confluent, but will not have a viable address,
avoid replying to let more usable network paths prevail.

For example, one OS was coming up with 169.254 with no dhcp server,
and being told it could do well to talk to 172.29, which obviously
would not work.
2021-01-05 15:17:23 -05:00
Jarrod Johnson
4768bc257a Handle API change for setting user name
The web api now requires the word Administrator instead of
the number 4.
2020-12-15 16:44:55 -05:00
Jarrod Johnson
b29e7bc94a Add new requirement in newer ESXi versions
New ESXi versions use a new efi executable during
boot.
2020-12-15 14:39:15 -05:00
Jarrod Johnson
04d63a269d Fix detection of CentOS 8.3
They changed their package name to be consistent with
their focal shift.
2020-12-15 12:59:48 -05:00
Jarrod Johnson
36f027ac71 Implement support for Cisco switches
Cisco bridge mib requires to be instanced by vlan.
Detect through proprietary mibs and use it to
guide bridge mib walking.
2020-12-15 10:46:14 -05:00
Jarrod Johnson
1238babe60 Notate future development requirements 2020-12-14 13:09:02 -05:00
Jarrod Johnson
f9a82bde00 Fix arch detection in CentOS stream 2020-12-14 10:42:52 -05:00
Jarrod Johnson
48c868e935 Detect architecture for CentOS stream
CentOS stream changed the release rpm to be noarch.
2020-12-14 10:23:05 -05:00
Jarrod Johnson
caf9115439 Fix CentOS stream support 2020-12-14 10:04:31 -05:00
Jarrod Johnson
8b11acbcf2 Recognize CentOS Stream
Allow installation of CentOS stream as a profile.
2020-12-14 09:47:56 -05:00
Jarrod Johnson
47f04c8462 Provide guidance if the user tries to use defaults
Default username/password is no longer a
viable long term credentiol for XCC, have user
clearly be told to change and that they
shouldn't have to worry about the default
user and password.
2020-12-11 10:37:00 -05:00
Jarrod Johnson
5b0e23b8d4 Provide better feedback on XCC security lockouts
Rather than 'NoneType' error about grab_json_response,
provide actual recognizable feedback
2020-12-11 10:21:21 -05:00
Jarrod Johnson
14d9284cc5 Fix older Oracle Linux 7
Older OL has another release file thtat
was tripping the fingerprinting code.
2020-12-10 13:48:51 -05:00
Jarrod Johnson
cd251fa5d6 Add support for OL7 and older other EL7 flavors
Older EL7 didn't have platform-python in installer,
change to fallback to old /usr/bin/python if
needed.
2020-12-10 10:54:30 -05:00
Jarrod Johnson
8d47395e53 Add fetch of '<script>.d' scripts
This can be used by firstboot/post scripts to
get modularized scripts.
2020-12-09 16:46:58 -05:00
Jarrod Johnson
87ef68e26a Add 'memory' console.logging
If console.logging is not desired, but reconstituting the screen is,
provide 'memory' as a method to do that.

On slow disks this can significantly improve performance.
2020-12-09 13:47:46 -05:00
Jarrod Johnson
55b97793fd Lower concurrency limit of ipmi actions
IPMI actions can be a bit sensitive. Introduce some serialization
for improved robustness in liue of better parallelism.

The ideal would be to have 128 per core/process in the end, but for now,
a pool for 128 concurrent operations in flight at a time.
2020-12-08 18:23:13 -05:00
Jarrod Johnson
99609aa669 Add Oracle Linux signature check to osimage
Oracle Linux was being misidenntified as RHEL,
fix so that oracle linux is treated differently.
2020-12-07 15:08:28 -05:00
Jarrod Johnson
ff7f5daac6 Parallelize and timeout ssdp queries
Badly behaving 'desc.tmpl' servers exist in the world,
do not get tripped up or slowed down too much by
having aggressive timeout and making it parallel.
2020-12-04 17:14:35 -05:00
Jarrod Johnson
2d58741f15 Fix PXE/HTTP boot UUID and Mac case sensitivity
Like the SSDP code, PXE too had case sensitivity issues
2020-12-04 12:42:14 -05:00
Jarrod Johnson
57b74d59af Force uuid to lowercase in uuid mapping
Most of the codebase presumes lower case uuid, but
the uuid mapping was preserving whatever case the
attribute was in, making it case sensitive.

In the normal discovery process, this was filled in
as lower case. However if id.uuid is filled in manually
with uppercase, this broke the node lookup by uuid.
2020-12-04 07:41:40 -05:00
Jarrod Johnson
014727d355 Label boot.img with profile name
This allows for easier
search should an image want it
2020-11-09 15:45:44 -05:00
Jarrod Johnson
dc262c366c Fix false positive in affluent detection
Make sure we don't receive
a redirect or other
when asking for mac tables.
2020-11-09 11:23:54 -05:00
Jarrod Johnson
8f99d87fda Reduce calls to update_neigh
On a mostly stable system, update_neigh will
continue to drive a significant portion of
background activity. Mitigate to only call if
circumstances suggest a need, or once every
30 seconds.
2020-11-09 09:00:57 -05:00
Jarrod Johnson
edaaa2393d Hook up apiclient to TPM2 persistence, when available 2020-11-06 16:38:05 -05:00
Jarrod Johnson
31c2c5f6f7 Fix errors in the TPM2 support 2020-11-06 13:38:37 -05:00
Jarrod Johnson
f7e7d05729 Add TPM2 support to node api key handling
This is an optional capability that image payloads may use
to use the TPM2 to protect an apikey as an alternative to
arming a weak authentication invocation
2020-11-06 10:00:36 -05:00
Jarrod Johnson
b4e6e7caa8 Check for some issues in a manual assign request
One is to provide clear feedback when a nodename is requested
that was not previously defined, to make it more clear that
it is a requirement and/or guard against going too far while
the config function will be missing data it needs to complete
onboarding.

Another is to break if the request is trying to assign a node
to a different definition when it already exists under a different
name.
2020-10-30 08:18:27 -04:00
Jarrod Johnson
10ac1756f1 Do not clear the entire nodes lookup on remap
remap may only amend part of the map,
do not cause that to clear out the good data.
2020-10-29 15:49:31 -04:00
Jarrod Johnson
95659db00a Stop trying to use generic cookie parsing
Trying to do so while guarding against errors and sanitizing input was more code and slower
than targeting the one possible cookie we might care about.

So the code is simpler and
the performance is better, and the effect of stray cookies are mitigated.
2020-10-29 11:36:26 -04:00
Jarrod Johnson
bddbc37e8e Fix incorrect length of random strings 2020-10-29 10:57:49 -04:00
Jarrod Johnson
af8429ebf9 Fix esxi updateboot
Updateboot was confounded by a normal of 'file exists'
problems.
2020-10-26 12:22:56 -04:00
Jarrod Johnson
3ac6677d2d Sanitize cookies
If an invalid cookie from another site breaks the cookie jar,
then sanitize it.

https://bugs.python.org/issue31456

Performance enhancement through setting a header in javascript in
lieu of cookie parsing seems a wise move for the future.
2020-10-24 11:10:52 -04:00
Jarrod Johnson
8b5744b7eb Drop attempts to restore cursor key mode
It would corrupt F1 setup menu. This may cause problems for
ESXi TUI, but F1 in UEFI is more commonly on serial
2020-10-23 15:32:16 -04:00
Jarrod Johnson
ed41d93de5 Add remote authentication configuration
While our security guidelines preclude allowing host to know the password,
it is considered acceptable to do the out-of-band authentication configuration.

Have configbmc request a unicast remote configuration. This should handle authentication
as well as ensuring ongoing consistency between out of band and in-band configuration
methods.
2020-10-20 15:51:46 -04:00
Jarrod Johnson
e7fbbe2737 Fix issues with leftover ssh sessions
Upon connection loss, even though confluent internally
decides it is done with it, it fails to close the session.

Catch a number of these scenarios and ensure the connection closes.
2020-10-12 09:47:24 -04:00
Jarrod Johnson
504bee2d2a Fix problem when domain was not set
domain was checked even if domain not defined,
make sure domain is defined before trying
to use it.
2020-10-08 10:39:29 -04:00
Jarrod Johnson
8dd66211b7 Avoid setting uuid and mac in pxe if already set
Notably the uuid change can end up recursing. Fix the behavior that will cause never ending
loops, which in some IO situations
can end in recursion limits.
2020-10-06 17:14:20 -04:00
Jarrod Johnson
f4395abade Deprecate attempts to use default password with SMM
This is removed in some level of the product
2020-10-05 16:54:58 -04:00
Jarrod Johnson
a194e2293e Fix syntax error on discovery core 2020-10-02 15:35:14 -04:00