xCAT/confluent
2
0
Fork 0
mirror of https://github.com/xcat2/confluent.git synced 2024-11-22 17:43:14 +00:00
Code Issues Projects Releases Wiki Activity
4,208 Commits 39 Branches 63 Tags 18 MiB
69a06a6923
Commit Graph

4208 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jarrod Johnson
69a06a6923 Implement a password unexpiration mechanism in xcc 
If the node has expired password, do what is necessary to unexpire the
password
to get through assignment.
 2022-03-30 08:07:25 -04:00
Jarrod Johnson
d214e7e442 Normalize blank strings in cfgdata 
In cfgdata, make '' replaced by None for
consistent behavior for cleared and blanked
attributes.
 2022-03-25 08:59:46 -04:00
Jarrod Johnson
e4e15d87a7 Background redfish check on snoop 
When snooping, if a redfish device comes along, background the
query so that it is unable to block the main SSDP receive routine.
 2022-03-24 17:18:05 -04:00
Jarrod Johnson
21bfc29a89 Make more clear the default behavior when prompting 2022-03-24 11:18:37 -04:00
Jarrod Johnson
7a66567625 Add missing monotic dependency 2022-03-24 09:20:14 -04:00
Jarrod Johnson
b830a317f6 Change suse from team to bonding 
Suse more naturally supports team, and the industry push to team
has evaporated
 2022-03-24 09:10:42 -04:00
Jarrod Johnson
4e4fe03b62 Properly honor explicit interface_names 
A mistake resulted in plural interface_names being treated as singular.
 2022-03-24 07:44:13 -04:00
Jarrod Johnson
08264f277b Fix location of apiclient in suse 2022-03-23 15:46:37 -04:00
Jarrod Johnson
ac1ba5cbc5 Correct mistakes in the first pass of routed deployment 2022-03-18 16:04:29 -04:00
Jarrod Johnson
acd8cb9055 First pass at media based routed deployment 2022-03-18 15:39:22 -04:00
Jarrod Johnson
8a3688c1d6 Fix mistake in pre.sh for relocation of apiclient 2022-03-18 12:09:43 -04:00
Jarrod Johnson
cd3d248a78 Add identimage to rpm build 2022-03-17 13:04:24 -04:00
Jarrod Johnson
2299ccc32f Handle VROC devices in autoyast 
At time of running pre, array is not assembled by default,
inject a scan to check for them.

VROC must not be specified by 'md' name, or yast thinks it
needs to own making it, and complains that the setup doesn't
specify members.
 2022-03-17 12:19:42 -04:00
Jarrod Johnson
bfd40b51de Correct name of ident_image api 2022-03-17 09:35:49 -04:00
Jarrod Johnson
94ab644f5c Create mechanism to create node identity images 
These images are used in the flow of routed deployment.
 2022-03-16 15:41:07 -04:00
Jarrod Johnson
40a187d2aa Reverse ordering of reboot and api arming. 
Technically there's room for a race condition where boot is attempted
before the profile is ready, but it's highly unlikely.

Conversely, there is a potential confusing race condition today where
restarting a deploymennt without armed api causes
it to be disarmed before the boot is attempted.
 2022-03-16 14:57:46 -04:00
Jarrod Johnson
fdd3ec4233 Fix check for confluent service having started 
Give confluent full chance to set things up prior
to proceeding.
 2022-03-16 10:28:44 -04:00
Jarrod Johnson
b2603aa1f8 Set ownership of /var/lib/confluent on installation 
Some paths fail to initialize ownership earlier, give it
a head start
 2022-03-16 10:26:16 -04:00
Jarrod Johnson
b6034f2e71 Update to fix new profiles and accomodate old profiles 
/etc/confluent/apiclient is expected by older profiles
 2022-03-16 09:40:55 -04:00
Jarrod Johnson
fe40d7c15e Fix mispelling of confluent 2022-03-16 09:01:22 -04:00
Jarrod Johnson
32081edec8 Workaround ':' format specifier syntax 
Older python will break by assuming that
: always means a format expression is coming.

Move the field value fetch to format_field, and ascertain if some of the
expression was shunted to format specification
by mistake.
 2022-03-11 12:21:09 -05:00
Jarrod Johnson
dc0183fdf4 Add [] slicing/indexing to confluent attribute expression syntax 
This permits expressions like:
node[:-3]
To say nodename, but leave out 3 chars.
Or:
node[3:]
To skip the first three characters.
 2022-03-11 11:23:43 -05:00
Jarrod Johnson
f168c4be2b Allow free ordering of noderange/arguments in nodeping 
With nodeping, no concern about passing arguments to arbitrary subcommand, so
allow arguments to be anywhere.
 2022-03-11 10:55:00 -05:00
Jarrod Johnson
2194ca9018 Create a nodeping script for quick ping wrapping 2022-03-11 10:23:11 -05:00
Jarrod Johnson
ceada3b7d9 Provide API for using one-time shared secret to register api key 
This permits long haul node api key registration over a single port. It cannot validate that
the requester is privileged, but the auto-invalidation
offsets the risk of subsequent users having read access to the remote mount.
 2022-03-10 16:06:02 -05:00
Jarrod Johnson
ad40c46509 Remove now-redundant genpasshmac.c file 2022-03-10 09:32:44 -05:00
Jarrod Johnson
301ed7a798 Fix mistake in b64e invocation 2022-03-10 09:15:26 -05:00
Jarrod Johnson
b42e2e4932 Change to b64 output for hmac 
base64 utility is not always available, so natively
use base64 format for hmac output.
 2022-03-10 09:00:54 -05:00
Jarrod Johnson
61d037ae31 Combine genpasshmac with clortho 
This permits saving on addons size by using the same
binary for both networked api grant and hmac api
grant.
 2022-03-09 13:36:47 -05:00
Jarrod Johnson
6a30afa31e Have SSDP ignore multicast disabled interfaces 2022-03-09 11:01:01 -05:00
Jarrod Johnson
625434fcaf Fix mistake in deploycfg parsing 
More strictly match the field name.
 2022-03-08 16:29:49 -05:00
Jarrod Johnson
a8c2f859e4 Add a genpasshmac utility 
For far edge deployment, create utility
that can hmac a password for use in a REST
api call to skip need for tcp port 13001 access.
 2022-03-08 16:27:37 -05:00
Jarrod Johnson
31dad09b0c Update makefile to build in sh256 to clortho 2022-03-08 14:46:33 -05:00
Jarrod Johnson
0abe978bd9 Implement hmac of apikey 
For routed deployment, we have to preshare some information.

Additionally, the API arm mechanism gets too open ended.

Add support for using a shared secret over another
channel to do HMAC of a key to authenticate peer,
which has an alternate api arming mechanism
that is hardened.
 2022-03-08 14:46:00 -05:00
Jarrod Johnson
e67bab4f12 Place cap on api password length 
No more than 48 characters should ever be in
an api token. Cap it to avoid outrageous crypt
behavior at large password length.
 2022-03-08 09:15:13 -05:00
Jarrod Johnson
21c0372a5b Support get_full_net_config without serverip 
When trying to get a configuration
without a network context, it would fail.

Now, as intended, it generates network configuration without autosense in such a case.
 2022-03-07 15:28:04 -05:00
Jarrod Johnson
98d8aaffe8 Merge branch '3.4' 2022-03-07 15:22:54 -05:00
Jarrod Johnson
ecd114ca5a Add script for setting up ssh 
A frequent scenario is to 'refresh' ssh configuration toward the
end of:
-changing trust nodes
-Adding a collective member
-Repairing a broken configuration
-As part of 'confluent-ifying' a node that wasn't confluent deployed
 2022-03-03 12:34:37 -05:00
Jarrod Johnson
5fb766e62b Move apiclient consistently to /opt/confluent/bin 
It's more reasonable to have
it in a bin directory
 2022-03-03 11:11:29 -05:00
Jarrod Johnson
76fdf59122 Change genesis functions location 
Put it in a place consistent with more normal use.
 2022-03-03 08:34:57 -05:00
Jarrod Johnson
003196bc9e Allow -o with data file 
This makes things like ssh key signing easier.
 2022-03-03 08:25:04 -05:00
Jarrod Johnson
15e7e4464e Keep known_hosts cleaner 
When repeating osdeploy initialize
of local known_hosts, more
gracefeully avoid duplicate entries.
 2022-03-02 16:04:01 -05:00
Jarrod Johnson
687136131e Place Confluent CA certs into TLS anchors 
When processes may update the certificate authorities, the confluent
CA trust would be lost. Place it appropriately so that
update-ca-trust will keep it in the appropriate place.
 2022-03-02 08:41:47 -05:00
Jarrod Johnson
5f610b64b7 Place Confluent CA certs into TLS anchors 
When processes may update the certificate authorities, the confluent
CA trust would be lost. Place it appropriately so that
update-ca-trust will keep it in the appropriate place.
 2022-03-02 08:40:27 -05:00
Jarrod Johnson
6f194f26c0 Fix contents and permissions 
NetworkManager demands specific
permissions
 2022-02-25 16:18:54 -05:00
Jarrod Johnson
71c60be659 Fix el8 dns configuration 
The modification to add dns search must only be suggested
if the respective ip version section is enabled.
 2022-02-25 15:22:45 -05:00
Jarrod Johnson
58a9aa03ef Add DNS domain to el8 network manager 2022-02-25 09:48:56 -05:00
Jarrod Johnson
19a370b0f5 Add explicit client version dependency 2022-02-25 07:31:12 -05:00
Jarrod Johnson
47a517aec1 Decrease retries to do https retries with bad TLS cert 2022-02-24 16:37:48 -05:00
Jarrod Johnson
1f7bd1a28a Fix autoconsole output on diskless 2022-02-24 16:27:32 -05:00