2
0
mirror of https://github.com/xcat2/confluent.git synced 2024-11-29 13:00:03 +00:00
Commit Graph

848 Commits

Author SHA1 Message Date
Jarrod Johnson
6ad383c6ad Assure deterministic enumeration of areas
nodegroup must be restored first.
2017-02-15 10:46:27 -05:00
Jarrod Johnson
446d2270c9 Give a friendlier message on restore of redact DB
A redacted dump will not have a keys.json file, which
is natural.  Replace 'file not found' with a message
indicating the possibility of a redacted dump.
2017-02-15 10:46:27 -05:00
Jarrod Johnson
5395f97a21 Do not write out keys when redacting
It's silly to store keys when redact is requested
2017-02-15 10:46:27 -05:00
Jarrod Johnson
04781e0ece Actually hook up the redact feature 2017-02-15 10:46:27 -05:00
Jarrod Johnson
9bd0b7af9d Make confluentdbutil executable 2017-02-15 10:46:27 -05:00
Jarrod Johnson
ae806e55b0 Add a utility to frontend DB dump/restore
This exposes the library functions as a utility
2017-02-15 10:46:26 -05:00
Jarrod Johnson
393ea41696 Implement restore from db
This provides at least restore for the primary tenant (the only tenant currently used by anyone)
2017-02-15 10:46:26 -05:00
Jarrod Johnson
b87cb87c2a Flesh out the restoration of the master keys
With this commit, the key portion of import should be complete.
2017-02-15 10:46:26 -05:00
Jarrod Johnson
a91d7047b2 Start work on a db restore
Start by parsing the previously dumped key data, since the key data requires special handling.
2017-02-15 10:46:26 -05:00
Jarrod Johnson
638842beec Fix no password backup
If password=None was supplied, it would fail.  Now accomodate unprotected keys.
2017-02-15 10:46:26 -05:00
Jarrod Johnson
15c84e8a9b Modify setup.py.tmpl to be adaptive
This should prevent forgetting to add content to
setup.py moving forward.
2017-01-27 15:23:16 -05:00
Jarrod Johnson
1028f1cb60 Have nodeboot be executable 2017-01-27 14:48:09 -05:00
Jarrod Johnson
f245680732 Rename nodeboot.py to nodeboot
No point in having '.py' extensions
2017-01-27 14:29:55 -05:00
Jarrod Johnson
6007a923a9 Merge pull request #63 from aduffy19/master
update power menu
2017-01-27 14:28:45 -05:00
Amanda Duffy
36bc81448e Fix missing ] and add entries to printed menu 2017-01-27 14:25:42 -05:00
Jarrod Johnson
612350ca65 Provide for a terminal session to process normal commands
If it is not one of the 'special' terminal ones, assume it's a normal one.  Recurse into
the process request to handle it as a separate request.
2017-01-27 14:18:22 -05:00
Amanda Duffy
8599485d56 Merge remote-tracking branch 'origin/master' 2017-01-27 13:44:37 -05:00
Amanda Duffy
fdf74dbf11 Add power options for console commands 2017-01-27 13:44:12 -05:00
Jarrod Johnson
bc5efa8a7e Try restarting confluent if running on update
This mitigates chance of confluent being stale.
2017-01-20 15:50:12 -05:00
Jarrod Johnson
486c322233 Have binding network sockets occur in a retry loop
There seems to be scenarios where a previously used socket won't open up immediately.  Retry when
this is detected.
2017-01-17 13:59:22 -05:00
Jarrod Johnson
548e4404ce Fix confluent startup error if dead
Clean up stale dbg.sock if present rather than fail to start.  Also, if the pid indicated in pid file doesn't exist, ignore
the pidfile contents.
2017-01-06 13:43:02 -05:00
Jarrod Johnson
99e97fe5c4 Add the noderun command to the manifest
The noderun command was not being packaged.  Correct the
oversight so that it will be in packages.
2017-01-06 13:29:25 -05:00
Jarrod Johnson
8c13e738c0 Make usage/help more consistent across the commands
Have every client command run argparse to get a chance at '-h'.  When
lacking arguments, always use print_help() to provide detail rather than usage.
2017-01-06 13:28:28 -05:00
Jarrod Johnson
5ffc2c298b Correct mixup of parentheses and brackets 2017-01-04 09:56:31 -05:00
Jarrod Johnson
7bf8242aba Assign self.ipmicmd in case we are reusing an existing object that is already logged. 2017-01-04 09:45:19 -05:00
Jarrod Johnson
b3c28ad33e Defer assigning of self.ipmicmd until login
Wait until logged in to assign.  This way we have confirmation that ipmicmd is viable before trying to use it.
2017-01-04 09:17:07 -05:00
Jarrod Johnson
e7bdb5ee7d Defer TLS key handler registration
Wait until the object is logged in before trying to set
the key handler.  It carries some prerequisite on talking
to the BMC, so it is better handled in the logged handler.
2017-01-03 16:00:27 -05:00
Amanda Duffy
bdde7e719d Provide a command, nodeboot, to combine setboot and power commands. 2016-12-02 15:06:33 -05:00
Jarrod Johnson
8eef064b9f Provide more useful error on socket error
If a socket error occurred that wasn't -2, the client would get an error
about KeyError, which wouldn't be helpful.  raise the unhandled exception
to provide more informative data in case of an issue.
2016-12-02 10:35:24 -05:00
Jarrod Johnson
cb8cd29022 Add two more man page sources 2016-12-01 16:37:50 -05:00
Jarrod Johnson
c016c55340 Add HTTP/1.0 cache suppression
There is not a single client that will ever talk
to this service that would not support HTTP/1.1.
However, do this to satisfy a scanner.
2016-11-30 11:42:50 -05:00
Jarrod Johnson
d2156f3d67 Move the anti-referrer login to only logout
This has no functional difference, just a cosmetic
difference that does not give the erroneous impression
a logout actually occurred.  This does mean that if a browser
disables cookies and uses the api explorer, there would
be an opportunity for a CSRF.
2016-11-30 10:15:44 -05:00
Jarrod Johnson
bf8dff90f3 Provide CSRF protection to logout resource
Though more annoying than harmful, guard against CSRF succeeding
against the logout resource.
2016-11-30 10:04:25 -05:00
Jarrod Johnson
004d40e7ca Implement more CSRF countermeasures
At some expense of convenience, make it difficult
for CSRF to succeed even against the API explorer
for most people.  User/Password will now only be
accepted on hitting enter in the address bar rather
than following any link.
2016-11-30 09:57:58 -05:00
Jarrod Johnson
ac084b212e Merge branch 'nodeexec' 2016-11-29 10:50:32 -05:00
Jarrod Johnson
7557136d5d Add a number of security headers
There are a number of headers security scanners expect.
Explicitly declare how strict browser should be with
responses.
2016-11-29 10:49:02 -05:00
Amanda Duffy
aeb0b5bb24 Provide a command, nodeboot, to combine setboot and power commands. 2016-11-08 15:15:14 -05:00
Jarrod Johnson
70762d3f6c Undo accidental change to nodesetboot 2016-11-08 14:51:57 -05:00
Jarrod Johnson
eeb668bdfa Correct formatting page in nodesensors man page 2016-11-08 14:50:10 -05:00
Jarrod Johnson
61bd415ec4 Make confluent depend on python-dns
Fedora and family naming convention removes
'python' from the 'dnspython' name.  Work
within that standard to improve compatibility
with epel and such.
2016-11-07 14:07:12 -05:00
Jarrod Johnson
107337fdba Merge branch 'master' of github.com:jjohnson42/confluent 2016-11-07 10:19:41 -05:00
Jarrod Johnson
eb02247a58 Fix consistency of sessionid
Regardless of whether the client uses it as a session id
or not, the fact remains a sessionid is assigned.
Pass the session id in the auth data even if the client
did not send it.
2016-11-07 10:18:32 -05:00
Jarrod Johnson
53904a2a5a Revert "Remove 'path' condition for session cookie"
This reverts commit 0ad4ae90c9.
2016-11-01 13:45:33 -04:00
Jarrod Johnson
5881ad8b68 Support sub-second interval
If a user requests an interval that is not a whole
number, begin honoring it and adjust the timestamp
precision to indicate milliseconds.  Do not bother
with milliseconds on whole number intervals.
2016-10-25 14:38:31 -04:00
Jarrod Johnson
e0211fd8d8 Merge branch 'avoidrecursereplay' 2016-10-25 14:38:04 -04:00
Jarrod Johnson
0ad4ae90c9 Remove 'path' condition for session cookie
The cookie had an unnecessary limitation.  path need not be specified,
and it is possible for a client to request in a way that fails the criteria.
2016-10-21 09:56:14 -04:00
Jarrod Johnson
6f9bdf4a7c Create multiple files on roll conflict
Rather than removing the previous file, append a digit
to denote extra log files sharing the same roll date.
2016-10-18 11:28:47 -04:00
Jarrod Johnson
4eaab9db37 Avoid inifinite replay loop on bad previouslogfile
If circumstances result in a log file after rollover
pointing at itself, break out rather than looping trying
to get the same data from itself.
2016-10-18 11:18:57 -04:00
Jarrod Johnson
92fa2bf4d9 Add a number of security headers
There are a number of headers security scanners expect.
Explicitly declare how strict browser should be with
responses.
2016-10-13 11:08:05 -04:00
Jarrod Johnson
7f9394b33a Handle events without timestamps
If an event is missing a timestamp, omit rather than stack trace
2016-10-11 16:46:01 -04:00