Jarrod Johnson
6ad383c6ad
Assure deterministic enumeration of areas
...
nodegroup must be restored first.
2017-02-15 10:46:27 -05:00
Jarrod Johnson
446d2270c9
Give a friendlier message on restore of redact DB
...
A redacted dump will not have a keys.json file, which
is natural. Replace 'file not found' with a message
indicating the possibility of a redacted dump.
2017-02-15 10:46:27 -05:00
Jarrod Johnson
5395f97a21
Do not write out keys when redacting
...
It's silly to store keys when redact is requested
2017-02-15 10:46:27 -05:00
Jarrod Johnson
04781e0ece
Actually hook up the redact feature
2017-02-15 10:46:27 -05:00
Jarrod Johnson
9bd0b7af9d
Make confluentdbutil executable
2017-02-15 10:46:27 -05:00
Jarrod Johnson
ae806e55b0
Add a utility to frontend DB dump/restore
...
This exposes the library functions as a utility
2017-02-15 10:46:26 -05:00
Jarrod Johnson
393ea41696
Implement restore from db
...
This provides at least restore for the primary tenant (the only tenant currently used by anyone)
2017-02-15 10:46:26 -05:00
Jarrod Johnson
b87cb87c2a
Flesh out the restoration of the master keys
...
With this commit, the key portion of import should be complete.
2017-02-15 10:46:26 -05:00
Jarrod Johnson
a91d7047b2
Start work on a db restore
...
Start by parsing the previously dumped key data, since the key data requires special handling.
2017-02-15 10:46:26 -05:00
Jarrod Johnson
638842beec
Fix no password backup
...
If password=None was supplied, it would fail. Now accomodate unprotected keys.
2017-02-15 10:46:26 -05:00
Jarrod Johnson
15c84e8a9b
Modify setup.py.tmpl to be adaptive
...
This should prevent forgetting to add content to
setup.py moving forward.
2017-01-27 15:23:16 -05:00
Jarrod Johnson
1028f1cb60
Have nodeboot be executable
2017-01-27 14:48:09 -05:00
Jarrod Johnson
f245680732
Rename nodeboot.py to nodeboot
...
No point in having '.py' extensions
2017-01-27 14:29:55 -05:00
Jarrod Johnson
6007a923a9
Merge pull request #63 from aduffy19/master
...
update power menu
2017-01-27 14:28:45 -05:00
Amanda Duffy
36bc81448e
Fix missing ] and add entries to printed menu
2017-01-27 14:25:42 -05:00
Jarrod Johnson
612350ca65
Provide for a terminal session to process normal commands
...
If it is not one of the 'special' terminal ones, assume it's a normal one. Recurse into
the process request to handle it as a separate request.
2017-01-27 14:18:22 -05:00
Amanda Duffy
8599485d56
Merge remote-tracking branch 'origin/master'
2017-01-27 13:44:37 -05:00
Amanda Duffy
fdf74dbf11
Add power options for console commands
2017-01-27 13:44:12 -05:00
Jarrod Johnson
bc5efa8a7e
Try restarting confluent if running on update
...
This mitigates chance of confluent being stale.
2017-01-20 15:50:12 -05:00
Jarrod Johnson
486c322233
Have binding network sockets occur in a retry loop
...
There seems to be scenarios where a previously used socket won't open up immediately. Retry when
this is detected.
2017-01-17 13:59:22 -05:00
Jarrod Johnson
548e4404ce
Fix confluent startup error if dead
...
Clean up stale dbg.sock if present rather than fail to start. Also, if the pid indicated in pid file doesn't exist, ignore
the pidfile contents.
2017-01-06 13:43:02 -05:00
Jarrod Johnson
99e97fe5c4
Add the noderun command to the manifest
...
The noderun command was not being packaged. Correct the
oversight so that it will be in packages.
2017-01-06 13:29:25 -05:00
Jarrod Johnson
8c13e738c0
Make usage/help more consistent across the commands
...
Have every client command run argparse to get a chance at '-h'. When
lacking arguments, always use print_help() to provide detail rather than usage.
2017-01-06 13:28:28 -05:00
Jarrod Johnson
5ffc2c298b
Correct mixup of parentheses and brackets
2017-01-04 09:56:31 -05:00
Jarrod Johnson
7bf8242aba
Assign self.ipmicmd in case we are reusing an existing object that is already logged.
2017-01-04 09:45:19 -05:00
Jarrod Johnson
b3c28ad33e
Defer assigning of self.ipmicmd until login
...
Wait until logged in to assign. This way we have confirmation that ipmicmd is viable before trying to use it.
2017-01-04 09:17:07 -05:00
Jarrod Johnson
e7bdb5ee7d
Defer TLS key handler registration
...
Wait until the object is logged in before trying to set
the key handler. It carries some prerequisite on talking
to the BMC, so it is better handled in the logged handler.
2017-01-03 16:00:27 -05:00
Amanda Duffy
bdde7e719d
Provide a command, nodeboot, to combine setboot and power commands.
2016-12-02 15:06:33 -05:00
Jarrod Johnson
8eef064b9f
Provide more useful error on socket error
...
If a socket error occurred that wasn't -2, the client would get an error
about KeyError, which wouldn't be helpful. raise the unhandled exception
to provide more informative data in case of an issue.
2016-12-02 10:35:24 -05:00
Jarrod Johnson
cb8cd29022
Add two more man page sources
2016-12-01 16:37:50 -05:00
Jarrod Johnson
c016c55340
Add HTTP/1.0 cache suppression
...
There is not a single client that will ever talk
to this service that would not support HTTP/1.1.
However, do this to satisfy a scanner.
2016-11-30 11:42:50 -05:00
Jarrod Johnson
d2156f3d67
Move the anti-referrer login to only logout
...
This has no functional difference, just a cosmetic
difference that does not give the erroneous impression
a logout actually occurred. This does mean that if a browser
disables cookies and uses the api explorer, there would
be an opportunity for a CSRF.
2016-11-30 10:15:44 -05:00
Jarrod Johnson
bf8dff90f3
Provide CSRF protection to logout resource
...
Though more annoying than harmful, guard against CSRF succeeding
against the logout resource.
2016-11-30 10:04:25 -05:00
Jarrod Johnson
004d40e7ca
Implement more CSRF countermeasures
...
At some expense of convenience, make it difficult
for CSRF to succeed even against the API explorer
for most people. User/Password will now only be
accepted on hitting enter in the address bar rather
than following any link.
2016-11-30 09:57:58 -05:00
Jarrod Johnson
ac084b212e
Merge branch 'nodeexec'
2016-11-29 10:50:32 -05:00
Jarrod Johnson
7557136d5d
Add a number of security headers
...
There are a number of headers security scanners expect.
Explicitly declare how strict browser should be with
responses.
2016-11-29 10:49:02 -05:00
Amanda Duffy
aeb0b5bb24
Provide a command, nodeboot, to combine setboot and power commands.
2016-11-08 15:15:14 -05:00
Jarrod Johnson
70762d3f6c
Undo accidental change to nodesetboot
2016-11-08 14:51:57 -05:00
Jarrod Johnson
eeb668bdfa
Correct formatting page in nodesensors man page
2016-11-08 14:50:10 -05:00
Jarrod Johnson
61bd415ec4
Make confluent depend on python-dns
...
Fedora and family naming convention removes
'python' from the 'dnspython' name. Work
within that standard to improve compatibility
with epel and such.
2016-11-07 14:07:12 -05:00
Jarrod Johnson
107337fdba
Merge branch 'master' of github.com:jjohnson42/confluent
2016-11-07 10:19:41 -05:00
Jarrod Johnson
eb02247a58
Fix consistency of sessionid
...
Regardless of whether the client uses it as a session id
or not, the fact remains a sessionid is assigned.
Pass the session id in the auth data even if the client
did not send it.
2016-11-07 10:18:32 -05:00
Jarrod Johnson
53904a2a5a
Revert "Remove 'path' condition for session cookie"
...
This reverts commit 0ad4ae90c9
.
2016-11-01 13:45:33 -04:00
Jarrod Johnson
5881ad8b68
Support sub-second interval
...
If a user requests an interval that is not a whole
number, begin honoring it and adjust the timestamp
precision to indicate milliseconds. Do not bother
with milliseconds on whole number intervals.
2016-10-25 14:38:31 -04:00
Jarrod Johnson
e0211fd8d8
Merge branch 'avoidrecursereplay'
2016-10-25 14:38:04 -04:00
Jarrod Johnson
0ad4ae90c9
Remove 'path' condition for session cookie
...
The cookie had an unnecessary limitation. path need not be specified,
and it is possible for a client to request in a way that fails the criteria.
2016-10-21 09:56:14 -04:00
Jarrod Johnson
6f9bdf4a7c
Create multiple files on roll conflict
...
Rather than removing the previous file, append a digit
to denote extra log files sharing the same roll date.
2016-10-18 11:28:47 -04:00
Jarrod Johnson
4eaab9db37
Avoid inifinite replay loop on bad previouslogfile
...
If circumstances result in a log file after rollover
pointing at itself, break out rather than looping trying
to get the same data from itself.
2016-10-18 11:18:57 -04:00
Jarrod Johnson
92fa2bf4d9
Add a number of security headers
...
There are a number of headers security scanners expect.
Explicitly declare how strict browser should be with
responses.
2016-10-13 11:08:05 -04:00
Jarrod Johnson
7f9394b33a
Handle events without timestamps
...
If an event is missing a timestamp, omit rather than stack trace
2016-10-11 16:46:01 -04:00