Jarrod Johnson
60cfa1d3c5
Skip peer probe on remote
...
When remote ip is detected,
communicate by returning False
instead of None.
Use this indication to let ssdp
skip a transmit and growing
pending list in such a case.
2022-09-06 16:40:34 -04:00
Jarrod Johnson
596fcb0f4c
Implement mitigations for ovewhelming SSDP
...
First, for a given contiguous set of snoop activity, start ignoring a given peer during that contiguous chenk after it has been considered once.
Further, make get_hwaddr cheaper for attempts against
remote IPs.
To facilitate the above, create an efficient 'ip_is_local' to be
a relatively cheap function, with
potential to cache result in future
if it needs to be even cheaper.
2022-09-06 16:08:31 -04:00
Jarrod Johnson
7980534bad
Fix confluentdbgcli.py for python3
2022-09-02 15:11:30 -04:00
Jarrod Johnson
6c1f87aeb7
Add mechanism for copernicus to request any confluent
...
This can be used for network debug in a generic way, to identify vlan adjacency without regard to nodedoploy state or uuid matching.
2022-09-02 13:32:05 -04:00
Jarrod Johnson
1c811dbf3e
Fix python path automatically in confluent_selfcheck
2022-09-02 10:11:12 -04:00
Jarrod Johnson
503746131c
Add selfcheck to packaging
2022-09-02 09:53:06 -04:00
Jarrod Johnson
a0037a305c
Add confluent_selfcheck to server package
2022-09-02 09:44:13 -04:00
Jarrod Johnson
d1d15f29c1
Add facility to fix confluent uuid problem
2022-09-01 13:26:25 -04:00
Jarrod Johnson
67f0c8a81b
Add IPv6 and insecure boot checking
2022-09-01 13:17:17 -04:00
Jarrod Johnson
ed91e0f2f3
Have askpass delete itself
...
This causes ssh-add to give up, instead of endlessly rerunning
the askpass script.
2022-08-31 17:17:33 -04:00
Jarrod Johnson
908e51221c
Correct minor formatting mistake in warning
2022-08-29 12:22:14 -04:00
Jarrod Johnson
8277701af6
Rewrite site ssh even if
...
the /etc copy already exists.
IT may be that /var/lib/confluent is being repaired, in which
case just copy existng over while giving warning.
2022-08-29 12:16:35 -04:00
Jarrod Johnson
570611f22b
Have osdeploy initialize skip SSH regen
...
When generating new key materials, most people say 'yes' and cause problems
where they cycle valid keys without
realizing the significance.
Replace prompting with an emphasized warning instead.
2022-08-29 11:10:45 -04:00
Jarrod Johnson
2a3e6cd6f1
Change websocket dependency name in EL7
2022-08-26 08:16:22 -04:00
Jarrod Johnson
352da94005
Implement rebase feature ofr osdeploy
...
Permit user to opt into a rebase of a
profile, to pick up potential updates
from the confluent packaged stock
profiles for files the user has not yet
customized.
2022-08-25 15:21:49 -04:00
Jarrod Johnson
93b7547c58
Enable IPMI for user if IPMI has been enabled globally elsewhere
...
Scenarios have come up with trying to repair partially
configured configuration, break
the global and per-account check
into separate concerns.
2022-08-24 10:13:53 -04:00
Jarrod Johnson
31b3d6ea06
Move manifest data into dedicated file
2022-08-24 09:29:48 -04:00
Jarrod Johnson
d97c508d86
Add hash manifest of new os profiles
...
When importing an image and taking stock copy, mark the files to allow detection of stock
versus customized profile content.
This will be used by a rebase command to know when
to overwrite or when to leave a file alone.
2022-08-23 15:25:17 -04:00
Jarrod Johnson
801e43936c
Revise ESXi routed deployment
...
-Have apiclient set timeout on getting credential to avoid hang
-Change dcuiweasel to start shell earlier for better debug
-Do not expire the ident token if deployment is armed continuous anyway
2022-08-19 16:06:46 -04:00
Jarrod Johnson
a445107c7f
Fix setting privilege level alone for ipmi
...
The logic incorrectly had it depend on password also being present.
2022-08-19 09:10:52 -04:00
Jarrod Johnson
dde66c53c9
Dynamically ascertain name scheme for Delta pdu
...
Some delta pdus have different name schemes
than others, take the hit of
awkward parsing to autodetect.
2022-08-17 10:20:26 -04:00
Jarrod Johnson
57fcc8a243
Start SSH agent even on older ssh
...
The unusual path to automation key for syncfiles and ansbile
is most easily handled by ssh-agent, even if no passphrase
will be used
2022-08-16 15:06:26 -04:00
Jarrod Johnson
047cd6302a
Add wait for IP connectivity
...
After config, there may be a delay
before the configuration takes effect.
This delay can break nodeconfig.
Try to wait for the delay to pass.
2022-08-09 08:50:19 -04:00
Jarrod Johnson
f0c8eee956
Add facility to auto-exec nodeconfig on discovery
...
This permits more open ended node configuration when discovery happens.
2022-08-08 16:13:01 -04:00
Jarrod Johnson
610e7bf044
Constrain ip-less offers
...
PXE and HTTP client define a behavior for using non-address portion of an offer if the
offer has none. However, other clients, like
udhcpc will be confounded by such offers.
Ensure that client specifically sets VCI to indicate
it understand such an offer before replying.
This as yet generally doesn't matter as UUID is not sent by OS installers, however
some OSes can't do do API calls over LLA, and
thus we want to start allowing OS requests with
UUID and only offer when it makes sense.
2022-07-29 12:49:25 -04:00
Jarrod Johnson
9fe156601b
Add netmask to net config data
...
Some clients may want to consume netmask
without going to the trouble of converting,
so provide the extra data a different way.
2022-07-25 15:54:07 -04:00
Jarrod Johnson
830c9e171f
Add IP detection on local segment from remote registration
...
If an ip address is missing, but linklocal is set, try to search the
local nics for a viable connection to use.
2022-07-22 17:17:35 -04:00
Jarrod Johnson
0ac2bce883
Have XCC use a null string for ipaddr
...
This avoids the remote discovery failure for now.
2022-07-22 13:31:11 -04:00
Jarrod Johnson
6f619bc896
Change ipaddr to a property for allowing logic
2022-07-22 13:23:47 -04:00
Jarrod Johnson
bdd5dddce0
Fix typo in log message
2022-07-21 11:20:31 -04:00
Jarrod Johnson
d61dcee4fa
Fix handling of explicit prefix
...
Switch to just ip in time and return prefix
length as int.
2022-07-21 11:06:01 -04:00
Jarrod Johnson
d385ad1a0a
Support explicit prefix in xcc discovery
2022-07-21 10:13:00 -04:00
Jarrod Johnson
ef2c7b5bbc
Fix errant reference
2022-07-21 09:57:29 -04:00
Jarrod Johnson
2256b341b9
Tolerate '/' in hardwaremanagement.manager
...
This paves the way to allowing CIDR syntax to
indicate prefix length for remote XCCs
2022-07-21 09:54:00 -04:00
Jarrod Johnson
79421a724f
Fix base64 decode of fingerprint
...
base64 was being done against wrong variable
2022-07-21 08:33:12 -04:00
Jarrod Johnson
2d8bcb4c0f
Incorporate auto discovery for remote discovery
...
Avail ourselves of secure vouching to handle new and
replaced.
2022-07-20 16:21:25 -04:00
Jarrod Johnson
0dc7b532cc
Implement registration and retrieval
...
Remote discovery can now be registered by
switches.
2022-07-20 13:01:11 -04:00
Jarrod Johnson
42055e2648
Merge branch 'master' into remote_discovery
2022-07-18 15:52:42 -04:00
Jarrod Johnson
926f9e2cdd
Enable more plugins for collective routing
2022-07-13 08:58:31 -04:00
Jarrod Johnson
c627ac73ee
Make a specific error on nodesupport
2022-07-11 16:18:33 -04:00
Jarrod Johnson
f467cfe7c4
Add log message for mac interrogation of switch
...
Clarify when things go wrong due to certificate.
2022-06-30 13:28:26 -04:00
Jarrod Johnson
eaffac0433
Allow blanking a value to default a plugin attribute
2022-06-30 13:27:25 -04:00
Jarrod Johnson
500e083746
Enable ipmi user if required
...
If redfish models ipmi as an account type, and user wants ipmi, add it to the account.
2022-06-28 14:25:12 -04:00
Jarrod Johnson
29965f6ec9
Add a catch all to redfish for xcc
...
Newer xcc changes things yet again, but
we are comfortably in the firmware that can be bootstrapped
with redfish, so use that instead once we've cleared the
redfish incapable variants.
2022-06-28 14:24:48 -04:00
Jarrod Johnson
f65ff1268a
Add new state offline to confluent storage states
2022-06-28 12:15:54 -04:00
Jarrod Johnson
a54a9a5d09
Enable ipmi user if required
...
If redfish models ipmi as an account type, and user wants ipmi, add it to the account.
2022-06-27 14:34:37 -04:00
Jarrod Johnson
9b79da9522
Add a catch all to redfish for xcc
...
Newer xcc changes things yet again, but
we are comfortably in the firmware that can be bootstrapped
with redfish, so use that instead once we've cleared the
redfish incapable variants.
2022-06-27 14:12:51 -04:00
Jarrod Johnson
04c2b1a322
Provide an authenticated path for discovery registration
2022-06-22 16:47:40 -04:00
Jarrod Johnson
559a7ca7b8
Merge branch 'master' into remote_discovery
2022-06-21 14:56:56 -04:00
Jarrod Johnson
0a10311fea
Add more verbose ssh connection feedback
...
Make the nature of connecting more explicit and errors
more reliably holding the session up and asking for relog
2022-06-17 15:35:06 -04:00