The initramfs has a reduced set of modules to boot and then
in diskless mode hands over to the 'real' OS for all userspace
to use the more substantial root filesystem with all of the modules.
However one exception is kernel module autoload, which induces modprobe
to run in the initial mount namespace unconditionally.
Thus, preserve the ramfs drivers (just in case) but have the autoloading
pivot
to the normal root filesystem to get the full complement of modules.
Default is 1 second, bump to 2 seconds for some
extraordinarily slow switches. This changes
overall to about 10 seconds as there are, by default,
5 retries.
Rather than incurring it on each iteration (causing a scan to take
15 seconds in test), defer to
handle them all later (reducing to 5 seconds to scan).
If no neigh table is present for
a given address, send a packet to
induce kernel activity.
Then wait for a bit over 2 seconds to allow for
2 retries (at default settings)
and then proceed assuming all findable neighbor table
entries will be found.
Either this was overlooked or the sshd_config stopped including
Port 22. Fix by putting in port 22. If port 22 already existed,
sshd is fine with the configuration being configured twice.
When a non-readable file was
encountered, confluent would
cryptically report rsync failure.
Check for the usual culprit, unreadable files if rsync fails.
Cause this error to manifest with clearer text.
Use netutil assessment of the
best server ip for pxe responses.
Using 'recvip' is too simplistic for broadcast
packets. recvip just gets the first ipv4 address on the interface,
when an alias may be better.
netutil assesses all the possible aliases, thus has better logic and pxe.py
now uses it.
Eventlet narrowly targets overriding
select in subprocess, to avoid rewriting adequate functions.
However, subprocess does an 'optimization' to skip
select if there's fewer than 3 pipes to juggle and no timeout specified.
Induce python to always use select
by specifying a very long timeout.
This causes confluent to be able to spawn multiple subprocesses and
not be hung waiting for input.
Hardcoding 0x123 serial number would cause strict clients to reject the
certificate.
While we are still not guaranteeing uniqueness, the chances of a
duplicate are impossibly small.
In a diskless boot, sometimes the build system
might not label the scratch contents
correctly. setfiles can be used to fix it.
Notably, this seems to cause the overlay+squashfs to
return 'no data available' on select
calls even with selinux disabled, so it may be another
gap with overlay and/or limitation of squashfs when
queried about modification without a label.
