xCAT/confluent
2
0
Fork 0
mirror of https://github.com/xcat2/confluent.git synced 2024-11-22 17:43:14 +00:00
Code Issues Projects Releases Wiki Activity
4,194 Commits 39 Branches 63 Tags 18 MiB
94ab644f5c
Commit Graph

4194 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jarrod Johnson
94ab644f5c Create mechanism to create node identity images 
These images are used in the flow of routed deployment.
 2022-03-16 15:41:07 -04:00
Jarrod Johnson
40a187d2aa Reverse ordering of reboot and api arming. 
Technically there's room for a race condition where boot is attempted
before the profile is ready, but it's highly unlikely.

Conversely, there is a potential confusing race condition today where
restarting a deploymennt without armed api causes
it to be disarmed before the boot is attempted.
 2022-03-16 14:57:46 -04:00
Jarrod Johnson
fdd3ec4233 Fix check for confluent service having started 
Give confluent full chance to set things up prior
to proceeding.
 2022-03-16 10:28:44 -04:00
Jarrod Johnson
b2603aa1f8 Set ownership of /var/lib/confluent on installation 
Some paths fail to initialize ownership earlier, give it
a head start
 2022-03-16 10:26:16 -04:00
Jarrod Johnson
b6034f2e71 Update to fix new profiles and accomodate old profiles 
/etc/confluent/apiclient is expected by older profiles
 2022-03-16 09:40:55 -04:00
Jarrod Johnson
fe40d7c15e Fix mispelling of confluent 2022-03-16 09:01:22 -04:00
Jarrod Johnson
32081edec8 Workaround ':' format specifier syntax 
Older python will break by assuming that
: always means a format expression is coming.

Move the field value fetch to format_field, and ascertain if some of the
expression was shunted to format specification
by mistake.
 2022-03-11 12:21:09 -05:00
Jarrod Johnson
dc0183fdf4 Add [] slicing/indexing to confluent attribute expression syntax 
This permits expressions like:
node[:-3]
To say nodename, but leave out 3 chars.
Or:
node[3:]
To skip the first three characters.
 2022-03-11 11:23:43 -05:00
Jarrod Johnson
f168c4be2b Allow free ordering of noderange/arguments in nodeping 
With nodeping, no concern about passing arguments to arbitrary subcommand, so
allow arguments to be anywhere.
 2022-03-11 10:55:00 -05:00
Jarrod Johnson
2194ca9018 Create a nodeping script for quick ping wrapping 2022-03-11 10:23:11 -05:00
Jarrod Johnson
ceada3b7d9 Provide API for using one-time shared secret to register api key 
This permits long haul node api key registration over a single port. It cannot validate that
the requester is privileged, but the auto-invalidation
offsets the risk of subsequent users having read access to the remote mount.
 2022-03-10 16:06:02 -05:00
Jarrod Johnson
ad40c46509 Remove now-redundant genpasshmac.c file 2022-03-10 09:32:44 -05:00
Jarrod Johnson
301ed7a798 Fix mistake in b64e invocation 2022-03-10 09:15:26 -05:00
Jarrod Johnson
b42e2e4932 Change to b64 output for hmac 
base64 utility is not always available, so natively
use base64 format for hmac output.
 2022-03-10 09:00:54 -05:00
Jarrod Johnson
61d037ae31 Combine genpasshmac with clortho 
This permits saving on addons size by using the same
binary for both networked api grant and hmac api
grant.
 2022-03-09 13:36:47 -05:00
Jarrod Johnson
6a30afa31e Have SSDP ignore multicast disabled interfaces 2022-03-09 11:01:01 -05:00
Jarrod Johnson
625434fcaf Fix mistake in deploycfg parsing 
More strictly match the field name.
 2022-03-08 16:29:49 -05:00
Jarrod Johnson
a8c2f859e4 Add a genpasshmac utility 
For far edge deployment, create utility
that can hmac a password for use in a REST
api call to skip need for tcp port 13001 access.
 2022-03-08 16:27:37 -05:00
Jarrod Johnson
31dad09b0c Update makefile to build in sh256 to clortho 2022-03-08 14:46:33 -05:00
Jarrod Johnson
0abe978bd9 Implement hmac of apikey 
For routed deployment, we have to preshare some information.

Additionally, the API arm mechanism gets too open ended.

Add support for using a shared secret over another
channel to do HMAC of a key to authenticate peer,
which has an alternate api arming mechanism
that is hardened.
 2022-03-08 14:46:00 -05:00
Jarrod Johnson
e67bab4f12 Place cap on api password length 
No more than 48 characters should ever be in
an api token. Cap it to avoid outrageous crypt
behavior at large password length.
 2022-03-08 09:15:13 -05:00
Jarrod Johnson
21c0372a5b Support get_full_net_config without serverip 
When trying to get a configuration
without a network context, it would fail.

Now, as intended, it generates network configuration without autosense in such a case.
 2022-03-07 15:28:04 -05:00
Jarrod Johnson
98d8aaffe8 Merge branch '3.4' 2022-03-07 15:22:54 -05:00
Jarrod Johnson
ecd114ca5a Add script for setting up ssh 
A frequent scenario is to 'refresh' ssh configuration toward the
end of:
-changing trust nodes
-Adding a collective member
-Repairing a broken configuration
-As part of 'confluent-ifying' a node that wasn't confluent deployed
 2022-03-03 12:34:37 -05:00
Jarrod Johnson
5fb766e62b Move apiclient consistently to /opt/confluent/bin 
It's more reasonable to have
it in a bin directory
 2022-03-03 11:11:29 -05:00
Jarrod Johnson
76fdf59122 Change genesis functions location 
Put it in a place consistent with more normal use.
 2022-03-03 08:34:57 -05:00
Jarrod Johnson
003196bc9e Allow -o with data file 
This makes things like ssh key signing easier.
 2022-03-03 08:25:04 -05:00
Jarrod Johnson
15e7e4464e Keep known_hosts cleaner 
When repeating osdeploy initialize
of local known_hosts, more
gracefeully avoid duplicate entries.
 2022-03-02 16:04:01 -05:00
Jarrod Johnson
687136131e Place Confluent CA certs into TLS anchors 
When processes may update the certificate authorities, the confluent
CA trust would be lost. Place it appropriately so that
update-ca-trust will keep it in the appropriate place.
 2022-03-02 08:41:47 -05:00
Jarrod Johnson
5f610b64b7 Place Confluent CA certs into TLS anchors 
When processes may update the certificate authorities, the confluent
CA trust would be lost. Place it appropriately so that
update-ca-trust will keep it in the appropriate place.
 2022-03-02 08:40:27 -05:00
Jarrod Johnson
6f194f26c0 Fix contents and permissions 
NetworkManager demands specific
permissions
 2022-02-25 16:18:54 -05:00
Jarrod Johnson
71c60be659 Fix el8 dns configuration 
The modification to add dns search must only be suggested
if the respective ip version section is enabled.
 2022-02-25 15:22:45 -05:00
Jarrod Johnson
58a9aa03ef Add DNS domain to el8 network manager 2022-02-25 09:48:56 -05:00
Jarrod Johnson
19a370b0f5 Add explicit client version dependency 2022-02-25 07:31:12 -05:00
Jarrod Johnson
47a517aec1 Decrease retries to do https retries with bad TLS cert 2022-02-24 16:37:48 -05:00
Jarrod Johnson
1f7bd1a28a Fix autoconsole output on diskless 2022-02-24 16:27:32 -05:00
Jarrod Johnson
89cc49c4fc Add loginname to nodeshell man page 2022-02-24 16:08:50 -05:00
Jarrod Johnson
50da83b4f5 Fix api token message not being pushed 2022-02-24 15:56:29 -05:00
Jarrod Johnson
15f4cc085d Aggressively flush out error output 2022-02-24 15:46:38 -05:00
Jarrod Johnson
d7df1e7891 Prevent users from dupe group memberships 2022-02-24 15:06:41 -05:00
Jarrod Johnson
1a5f5aea3a Try an alternative approach to autoconsole errors 2022-02-24 12:18:41 -05:00
Jarrod Johnson
7068287ba3 Fix autocons spurious output 2022-02-24 10:25:59 -05:00
Jarrod Johnson
fb1f6b70bb Improve error handling on bad TLS cert 
Bad TLS cert is a common problem, provide better feedback.
 2022-02-24 09:27:40 -05:00
Jarrod Johnson
2c9be7a4c4 Remove slp snoop of XCC 
SSDP snoop catches XCC, and do only
SSDP for consistent format of
snoop info coming into the
xcc handler.
 2022-02-24 08:08:50 -05:00
Jarrod Johnson
24ef12e029 Disable autoconf of ipv6 in el 
If autoconf is allowed when link is brought up, it scan
confuse redhat network configuration when it already finds
an ipv6 address.
 2022-02-23 16:58:29 -05:00
Jarrod Johnson
e390618dd9 Fix handling without olduuid in database 2022-02-23 10:13:06 -05:00
Jarrod Johnson
8f4846c248 Fix for partial returns 
full_net_config may not always apply,
be sure to gracefully degrade.
 2022-02-22 17:08:23 -05:00
Jarrod Johnson
ac8918c2b9 Add ips to ssh principals 
For any static address, also grant
certificate for that.
 2022-02-22 16:48:58 -05:00
Jarrod Johnson
fdc9d94408 Also register to run before coreos-ignition-setup-user 
For coreos, make sure we preempt either name.
 2022-02-22 14:30:48 -05:00
Jarrod Johnson
3cf9edeeb8 Stub out buffering for shell sessions 
This is not yet handled anyway.

For future, establish norm of a nodeid
to prefix multiple distinct sessions.
 2022-02-22 08:49:31 -05:00