xCAT/confluent
2
0
Fork 0
mirror of https://github.com/xcat2/confluent.git synced 2024-11-22 17:43:14 +00:00
Code Issues Projects Releases Wiki Activity
3,714 Commits 39 Branches 63 Tags 18 MiB
663f8fc085
Commit Graph

1780 Commits

Author SHA1 Message Date
Jarrod Johnson
54667570bd Create encrypted image and private profile data 
Prepare for securing os profile witht custom images
 2021-07-23 16:13:24 -04:00
Jarrod Johnson
29d0dd6678 Add missing profile content for cloning 2021-07-21 12:47:43 -04:00
Jarrod Johnson
db735a654d Aggregate vt buffer feeds 
If we start developing a backlog
of content to feed to the buffer manager,
aggregate updates to batch submit them more efficiently.
 2021-07-19 11:16:12 -04:00
Jarrod Johnson
a8b54ff434 Fix initial collective join 
Initial collective join combined
with the orderly collective startup
hit a chicken and egg problem.

Disable initting on first enrollment
to let enrollment drive
that specific initialization to
restore behavior.
 2021-07-19 10:25:35 -04:00
Jarrod Johnson
a953a6afba Provide clearer error when osdeploy initialize is not done 
osdeploy import needs to have things prepared by
osdeploy initialize.  Check for it having run and error if needed.
 2021-07-14 15:40:38 -04:00
Jarrod Johnson
430428eba2 Add missing dependencies to the confluent server package 2021-07-08 09:33:35 -04:00
Jarrod Johnson
ef1649208e Switch to using separate CA for TLS 
This allows regenerating TLS cert
without updating boot images.

For example, if ip address changes need a new cert, no
longer should the nodes need new certs to trust
just due to that.
 2021-06-30 14:25:46 -04:00
Jarrod Johnson
35b9635840 Clear armed API if current node token is used 
If a node is armed, but instead unseals the prior key from TPM,
implicitly clear the armed state to avoid leaving it armed.
 2021-06-28 13:30:09 -04:00
Jarrod Johnson
9c43dbff47 Rework MFA handling 
Avoid calling PAM in the parent process, as
this seems to cause problems with some PAM
configurations.
 2021-06-28 11:34:11 -04:00
Jarrod Johnson
f830514d10 Implement support for additional pam prompts 
For example, if PAM has OTP, then support it.
 2021-06-25 17:26:32 -04:00
Jarrod Johnson
b8c9e9c535 Begin work to support complex PAM conversations 
For example, TOTP setups need
more prompts, this will pass
the info to the client for the client to adjust.
 2021-06-23 16:31:42 -04:00
Jarrod Johnson
fc19ca4e36 Change to pythton-dnspython for dependency 
Multiple compatible packages exist that provide same name, accept
either.
 2021-06-23 08:37:00 -04:00
Jarrod Johnson
7122c17ce0 Remove pyte requirement 
We no longer use pyte, remove the requirement.
 2021-06-08 16:43:06 -04:00
Jarrod Johnson
bbe9bc3e06 Constrain plugin collections to flat by default 
When asking for a path that exceeds the plugincollection,
thten provide generic 'not found' behavior.
 2021-06-04 14:48:31 -04:00
Jarrod Johnson
58157b23d7 Error if noderange includes too many ) 
By default, pyparsing consumes only as much of the
input as matches the grammar. Tell it to consume all
of the noderange and error if there's more string than
matches our grammar.
 2021-06-04 14:19:06 -04:00
Jarrod Johnson
b8ddf149bd Skip newer agent behaviors with incompatible old ssh 
The previous attempt to support older ssh failed to completely
enact old behavior when needed.
 2021-06-04 13:40:39 -04:00
Jarrod Johnson
2073926256 Improve ctrl-c and other behaviors of osdeploy import 
More reliably delete an import attempt to avoid odd behaviors.
 2021-05-27 16:10:06 -04:00
Jarrod Johnson
734e12f0f1 Amend long wait to only apply to shutdown 
The previous 30 seconds was a good amount to
wait for everything but a graceful shutdown.

The new 5 minute wait is too long to wait to
find out a system can't turn on.

Apply the 5 minute wait only on clean shutdown
request.
 2021-05-27 09:57:07 -04:00
Jarrod Johnson
deb2b98e7f
Merge pull request #59 from zhougj4/master 
[merge-LXCA] pull request
 2021-05-27 09:54:44 -04:00
Zhou Guangjun
32c84993b0 [merge-LXCA] fix problem in merge with upstream - htmlify the dict 
Details:
Revision: d9cc888e68abe7794ade82a251c4dffe9108a014
Author: Michael Du <duxd2@LENOVO.COM>
Date: 2017/8/2 21:06:22
 2021-05-27 09:58:05 +08:00
Jarrod Johnson
af10e0ea91 Explicitly provide content-length 0 on 204 
For some vintages of eventlet+apache, this is required
to avoid invalid responses from the server.
 2021-05-25 10:18:13 -04:00
zhougj4
7363af866f Merge branch 'lenovo:master' into master 2021-05-24 10:46:50 +02:00
Jarrod Johnson
7c4b500e92 Add boot.img function to CoreOS 2021-05-21 11:11:01 -04:00
Jarrod Johnson
9ac4cf0641 Rename generically to coreos 
We should be able to support either RH or Fedora
flavors.
 2021-05-19 17:28:05 -04:00
Jarrod Johnson
52b39e632d Draft CoreOS support 
Preliminary work toward supporting CoreOS
 2021-05-19 17:12:56 -04:00
Jarrod Johnson
efd7f1de63 Conditionally apply agent to sshutil 
Older OSes (RHEL7/SLES12) cannot
do ssh-keygen with an agent.

Degrade to classic confluent behavior when that happens.
 2021-05-18 12:28:22 -04:00
Jarrod Johnson
af06c150b0 Add error message for long profile names 
If a profile name pushes the filename field of dhcp
beyond what it can support, log an event and
do not offer a corrupted
dhcp offer packet.
 2021-05-18 09:44:02 -04:00
Zhou Guangjun
32db72e38f [merge-LXCA] (138083) [ipmi] Restart Normally and Power off Normally job failed with the message Ensure that the endpoint is reachable on the network from LXCA 
Details:
Revision: d02e5b653f764aeca44efd108acaabc8b173b482
Author: Zhou Guangjun <zhougj4@lenovo.com>
Date: 2018/10/17 17:26:39
 2021-05-13 14:34:02 +08:00
Zhou Guangjun
9648f1c8ac [merge-LXCA] Add support for graphical consoles 
Details:
Revision: a0f0309ee0bc731463794da9d685fa56bc62bc6f
Author: Allan Vidal <avidal@lenovo.com>
Date: 2015/11/26 3:50:31
 2021-05-12 10:49:13 +08:00
Jarrod Johnson
aa7701ea3c More usefully indicate unfound interfaces 
Rather than no data, provide
not found error when requesting a currently unsupported name.
 2021-05-11 08:02:19 -04:00
Jarrod Johnson
8543129fb9 Invalidate sealed token on new token 
If a new token grant occurs, do not
retain stale token sealed, as it can be misleading.
 2021-05-05 09:17:42 -04:00
Jarrod Johnson
a94a341582 Fix ansible path compatibility. 2021-05-03 14:31:28 -04:00
Jarrod Johnson
d17b1d060c Prepend confluent_ to vars and switch to explicitly requesting directory 
The 'profile' variable notably induces dracut to be excruciatingly slow,
mitigate chance by putting confluent before apikey, mgr, and profile.

Further, it has been requested to have the scripts use same name on
server for directory moving forward. Implement this request while
allowing existing OS profiles to keep working.
 2021-05-03 12:48:08 -04:00
Jarrod Johnson
121e0727cf Add Rocky linux recognition 2021-05-03 08:36:57 -04:00
Jarrod Johnson
def534e73f Fixes for boot by DHCP and by MAC 2021-04-28 16:43:11 -04:00
Jarrod Johnson
2cb641e734 Fix PXE based on mac 
We normally use UUID, on a broken platform with bad UUID,
user may need to use hwaddr.  This was supposed to work, but
didn't. Fix it to work correctly.
 2021-04-28 15:36:12 -04:00
Jarrod Johnson
d3fa08d78b Amend syncfiles to handle directory targets better 
Rather than using symlinks for directories, recursively recreate tree
and symlink only the non-directory
entries.

This improves mixing and matching
files and directories to target a directory.
 2021-04-27 12:48:27 -04:00
Jarrod Johnson
38eb88249e Permit wildcard in syncfiles 
This was a supported and used feature in xCAT
syncfiles, carry it into confluent syncfiles.
 2021-04-27 09:12:11 -04:00
Jarrod Johnson
c333c3eb9c Fix missing data on XCC discovery 
The XCC scan now calls the
imm scan to fill out the lost data.
 2021-04-26 08:57:52 -04:00
Jarrod Johnson
f32a9a2f08 Rework inline command handling 
Previously, if hotkey entry
had text data come in, it
would corrupt the state of
the client.

Minimize the corruption and request the server to pause.
 2021-04-23 14:22:24 -04:00
Jarrod Johnson
f584b9bc11 Protect against binary sealed data 
It was detected that binary sealed data
could happen. Ensure that it is str
before passing to configuration.
 2021-04-23 14:17:54 -04:00
Jarrod Johnson
45cc4b7788 Add documentation syncfiles examples 
Also, check to make sure a syncfiles has actual
work to do before triggering a greenthread and
the client to start polling.
 2021-04-23 11:09:35 -04:00
Jarrod Johnson
1f9c440525 Handle non-utf8 console data 
Sometimes console uses non-utf8.

Fallback to cp437 when utf8 fails us.
 2021-04-22 15:14:52 -04:00
Jarrod Johnson
8397c5defc Only close datfile if datfile is a file 
If going by filename alone, there will be
no file handle to close. Correct by not
attempting a close in such a case.
 2021-04-22 13:55:10 -04:00
Jarrod Johnson
b7af6b5c27 Add model name to discovery info 
Sometimes the model name is
useful criteria for evaluating systems,
and the model number isn't
quite that handy.

For XCC, we can provide this data too. Provide it in xcc scan
method and then offer it up to clients.
 2021-04-22 13:38:51 -04:00
Jarrod Johnson
bf00c75f43 Specify supported protocols to be confluent.console 
Eventlet will return no supported protocols if
none are specified. Firefox doesn't care, but
chrome rejects such a reply.
 2021-04-22 07:44:18 -04:00
Jarrod Johnson
479ddd582e Induce python2 to unicode 
eventlet will treat str as binary,
correct by forcing unicode.

For python3, it is a no-op, but
python2 needs it to pass the 'text_type' check in eventlet.
 2021-04-21 15:33:27 -04:00
Jarrod Johnson
d82690f0d9 Fix python3-ism 
python2 doesn't understand how to return
an iterator from within an iterator.
 2021-04-21 13:31:11 -04:00
Jarrod Johnson
34cfd99fd8 Periodic reassimilation 
Have leader periodically try to
assimilate offline members.

This will recover from some scenarios
where a rogue non-quorum collective
or a stray non-collective state
persists.
 2021-04-21 10:30:54 -04:00
Jarrod Johnson
9009f63b2d Implement websocket based terminal access 2021-04-20 15:49:07 -04:00