Jarrod Johnson
597393842a
Add transaction ID to the carried information
...
The ability to extend an OFFER requires that we also keep track
of the transaction id.
2020-03-09 15:30:26 -04:00
Jarrod Johnson
b9fc9b3c19
Put the recvmsg info into the handler payload
...
This allows the rest of the discovery infrastructure to operate
with this data.
2020-03-09 15:14:05 -04:00
Jarrod Johnson
49b8e12a01
Update TODO
...
We have now done IP_PKTINFO, but there is a potential TODO
if wanting to properly honor unicast request.
For now, will just do always-broadcast as the options to do unicast
are more complex to do (either construct the packets or inject neigh
entry manually)
2020-03-09 15:05:19 -04:00
Jarrod Johnson
f20fb70336
Have the peer and target info on DHCP receive
...
This has the data that will be handy in formulating a reply.
2020-03-09 14:39:53 -04:00
Jarrod Johnson
934f8f0f20
Use recvmsg for PXE
...
Switch to recvmsg in preparation for getting more
data for forming replies.
2020-03-09 11:25:38 -04:00
Jarrod Johnson
945b8f2b4a
Rename to reflect more function than CA
2020-03-09 08:52:29 -04:00
Jarrod Johnson
82921fb53d
Add function to sign SSH key
...
This will enable the known_hosts
to work.
shosts.equiv and sshd and ssh client
config will be handled elsewhere.
shosts.equiv will just be everything.
2020-03-06 16:55:06 -05:00
Jarrod Johnson
59a0b00208
Flesh out the SSH code more
...
Notably add user key management
and start poking things in
/var/lib/confluent
2020-03-06 16:17:53 -05:00
Jarrod Johnson
34f2f6e359
Add a sample for doing SSH CA
...
This will explore the concept for the
backend of the get certificate api.
2020-03-06 13:43:54 -05:00
Jarrod Johnson
7fe47baab3
Fix another python 3 expectation
...
python3 needs this stringified from socket that
provides bytes.
2020-03-02 16:42:42 -05:00
Jarrod Johnson
3c1453c16b
Actually use the de-lla address
...
After removing the %, actually use the trimmed address.
2020-03-02 16:23:18 -05:00
Jarrod Johnson
4529924cce
Fix credserver python3 and LLA support
...
Both client and server had an issue with LLA, along with the
usual python3-isms.
2020-03-02 16:06:07 -05:00
Jarrod Johnson
97ddd59dbd
Merge branch 'osdeploy' of github.com:jjohnson42/confluent into osdeploy
2020-03-02 14:55:11 -05:00
Jarrod Johnson
b7b2522f6b
Fix python3 compatibility of ssdp
...
The ssdp module in osdeploy was not reacting
adequately to copernicus. fix the assumptions about bytes
versus str.
2020-03-02 14:54:23 -05:00
Jarrod Johnson
bd0e187525
Merge branch 'master' into osdeploy
2020-03-02 13:15:22 -05:00
Jarrod Johnson
634e5a8944
Update gitignore
2020-03-02 13:15:09 -05:00
Jarrod Johnson
455b637c48
Merge branch 'master' into osdeploy
2020-03-02 11:30:30 -05:00
Jarrod Johnson
67e3530d16
Add group count to collate
...
Feature request to offer the
ability to count output groups
rather than actually show output
groups.
2020-03-02 11:29:28 -05:00
Jarrod Johnson
e257d526c3
Have ip_on_same_subnet normalize ::ffff: addresses
...
This will cause the ips to count as equivalent rather than giving up
on them.
2020-02-27 17:03:12 -05:00
Jarrod Johnson
a066f061c7
Remove IPv6 portion of IPv4 address
...
If it is presented as an IPv6 compatible IPv4 address,
make it a normal IP address.
2020-02-27 16:59:32 -05:00
Jarrod Johnson
29b4045817
Omit TRANS.TBL files from osimport
...
Avoid clutter of TRANS.TBL files while importing an ISO
2020-02-27 16:36:47 -05:00
Jarrod Johnson
f798239f90
Switch to using the standard confluent port for credserver
...
Also add a check and only accept API arming
requests from local ips
2020-02-27 16:36:16 -05:00
Jarrod Johnson
f955086cc3
Create an alternative api.armed behavior
...
Move from a clock based expiration to a simpler 'once' versus
'continous' model. 'once' is intended to be used generally, 'continuous'
for stateless without benefit of TPM. The goal would be to use TPM
to seal a key to avoid continuous.
2020-02-27 13:33:05 -05:00
Jarrod Johnson
cd20a23626
Merge branch 'master' into osdeploy
2020-02-27 07:20:20 -05:00
Jarrod Johnson
3c26beda1d
Fix loss of web connectivity during XCC discovery
...
The password policy was incorrectly logging out in the
middle of the flow when a forced password change occurred.
Fix by externally managing the web session.
2020-02-26 10:00:10 -05:00
Jarrod Johnson
54be209f4e
Merge branch 'nodesearch' into osdeploy
2020-02-24 16:26:07 -05:00
Jarrod Johnson
114324f513
Add CA to self signed cert constraints
...
Some applications require this be set for it to work
as an enrolled certificate. Notably UEFI
requires this.
2020-02-24 15:34:55 -05:00
Jarrod Johnson
d2de4ffa14
Fix single file OS image osimport
2020-02-21 14:25:18 -05:00
Jarrod Johnson
d4483bb59f
Polish up the osimport concept more
2020-02-21 14:18:15 -05:00
Jarrod Johnson
90bec92d1f
Fix python3 for os import
...
Need to be explicit about binary data with python 3.
2020-02-21 09:34:49 -05:00
Jarrod Johnson
4b3541e21d
Suppress libarchive logging
...
libarchive ffi goes crazy logging at *import* time. Pre-empt
use of the logging with a null handler prior to import.
2020-02-21 08:46:42 -05:00
Jarrod Johnson
737e7a440f
Add a prototype for imageimporter
...
This is a sample of fingerprinting, covering rhel/centos 7/8
and suse enterprise 12/15 and cumulus.
Mainly to run the gamut of detection schemes.
The schemes are for iso images, try to be very careful and adaptive.
Otherwise, go for a quick sum to see if we have a shot and a long checksum to confirm.
2020-02-20 23:24:42 -05:00
Jarrod Johnson
24874bb4be
Merge branch 'master' into nodesearch
2020-02-20 20:37:23 -05:00
Jarrod Johnson
e2d0e49fc7
Add HTTP boot architecture to pxe
...
This paves the way for future response to HTTP boot
2020-02-20 20:36:36 -05:00
Jarrod Johnson
da5a34c2e4
Fix wheezy builds
2020-02-20 08:05:21 -05:00
Jarrod Johnson
3629cb8ee7
Fix spelling of cumulus
2020-02-19 16:53:35 -05:00
Jarrod Johnson
8233e0a5bd
Merge branch 'master' of github.com:jjohnson42/confluent
2020-02-19 16:26:48 -05:00
Jarrod Johnson
eae7b3bd80
Add discovery snoop for Cumulus ZTP
...
When a cumulus switch does ZTP, detect
in the discovery facility.
2020-02-19 16:26:33 -05:00
Jarrod Johnson
868367e052
Add sensing of ONIE switches
...
Have nodediscover show detected
ONIE install devices.
2020-02-19 15:20:45 -05:00
Jarrod Johnson
6289cfaac4
Fix nodeboot when used with -m
...
nodeboot was erroneously using sys.argv rather
than the processed args from optionparser.
2020-02-19 14:36:10 -05:00
Jarrod Johnson
f6d4fef5e6
Improve error message for collective
...
When trying to not run as root, give a
better error message explaining the
situation more clearly.
2020-02-18 16:16:40 -05:00
Jarrod Johnson
b1b7ec4d50
Add affluent plugin
...
Implementing Cumulus NOS
support through an agent called
'affluent'.
2020-02-18 14:23:57 -05:00
Jarrod Johnson
c0cd6de4f7
Remove PrivateDevices from unit file
...
PrivateDevices breaks pam_unix, for some reason. Remove this
protection. We still have DevicePolicy closed and running as non-root,
so this should still be relatively safe.i
2020-02-13 11:42:21 -05:00
Jarrod Johnson
4437e81e04
Leverage unix_chkpwd
...
If doing PAM authentication, we
can setuid to the target user and then
pam_unix will use unix_chkpwd on
our behalf.
Problems with this working in the lab
was resolved by a yum reinstall pam,
so it was presumably due to messed up
setcap or similar experiments.
2020-02-13 10:37:15 -05:00
Jarrod Johnson
6a12af1242
Remove non-root for older distributions
...
Older systemd does not support capabilities. For such a platform,
disable non-root mode.
2020-02-12 13:20:08 -05:00
Jarrod Johnson
9879a83a10
Fix mistake in the redfish access protection
...
It contained a syntax error.
2020-02-11 14:22:19 -05:00
Jarrod Johnson
cce6b824de
Merge branch 'master' of github.com:jjohnson42/confluent
2020-02-11 14:09:51 -05:00
Jarrod Johnson
ce1cb952e8
Fix PAM authentication
...
It's tricky. On Redhat platforms, we need the CAP_DAC_READ_SEARCH
capability. Unfortunately this is one of the nicest capabilities to have.
For now add it to ambient set so that PAM can work on redhat platforms.
Mitigate this risk by safeguarding the license handling code, which
is the only known place that can read a file and send it to somewhere.
If we could drop the capability from effective set and add it back in when
needed, that would be nice, but that appears not to be possible.
Short of that, having a separate authentication process
running and dropping privilege would potentially work.
2020-02-11 14:09:22 -05:00
Jarrod Johnson
c6812274e4
Fix media list through collective
...
The Media class was not
serializable by msgpack. Fix this
and improve error messages in
future instances of this behavior.
2020-02-11 09:04:49 -05:00
Jarrod Johnson
7cd7068dd7
Remove stray developer output
...
Remove a developer repr from log
output.
2020-02-07 16:01:29 -05:00