xCAT/confluent
2
0
Fork 0
mirror of https://github.com/xcat2/confluent.git synced 2024-11-22 09:32:21 +00:00
Code Issues Projects Releases Wiki Activity
4,194 Commits 39 Branches 63 Tags 18 MiB
94ab644f5c
Commit Graph

1963 Commits

Author SHA1 Message Date
Jarrod Johnson
94ab644f5c Create mechanism to create node identity images 
These images are used in the flow of routed deployment.
 2022-03-16 15:41:07 -04:00
Jarrod Johnson
fdd3ec4233 Fix check for confluent service having started 
Give confluent full chance to set things up prior
to proceeding.
 2022-03-16 10:28:44 -04:00
Jarrod Johnson
b2603aa1f8 Set ownership of /var/lib/confluent on installation 
Some paths fail to initialize ownership earlier, give it
a head start
 2022-03-16 10:26:16 -04:00
Jarrod Johnson
32081edec8 Workaround ':' format specifier syntax 
Older python will break by assuming that
: always means a format expression is coming.

Move the field value fetch to format_field, and ascertain if some of the
expression was shunted to format specification
by mistake.
 2022-03-11 12:21:09 -05:00
Jarrod Johnson
dc0183fdf4 Add [] slicing/indexing to confluent attribute expression syntax 
This permits expressions like:
node[:-3]
To say nodename, but leave out 3 chars.
Or:
node[3:]
To skip the first three characters.
 2022-03-11 11:23:43 -05:00
Jarrod Johnson
ceada3b7d9 Provide API for using one-time shared secret to register api key 
This permits long haul node api key registration over a single port. It cannot validate that
the requester is privileged, but the auto-invalidation
offsets the risk of subsequent users having read access to the remote mount.
 2022-03-10 16:06:02 -05:00
Jarrod Johnson
6a30afa31e Have SSDP ignore multicast disabled interfaces 2022-03-09 11:01:01 -05:00
Jarrod Johnson
0abe978bd9 Implement hmac of apikey 
For routed deployment, we have to preshare some information.

Additionally, the API arm mechanism gets too open ended.

Add support for using a shared secret over another
channel to do HMAC of a key to authenticate peer,
which has an alternate api arming mechanism
that is hardened.
 2022-03-08 14:46:00 -05:00
Jarrod Johnson
e67bab4f12 Place cap on api password length 
No more than 48 characters should ever be in
an api token. Cap it to avoid outrageous crypt
behavior at large password length.
 2022-03-08 09:15:13 -05:00
Jarrod Johnson
21c0372a5b Support get_full_net_config without serverip 
When trying to get a configuration
without a network context, it would fail.

Now, as intended, it generates network configuration without autosense in such a case.
 2022-03-07 15:28:04 -05:00
Jarrod Johnson
15e7e4464e Keep known_hosts cleaner 
When repeating osdeploy initialize
of local known_hosts, more
gracefeully avoid duplicate entries.
 2022-03-02 16:04:01 -05:00
Jarrod Johnson
19a370b0f5 Add explicit client version dependency 2022-02-25 07:31:12 -05:00
Jarrod Johnson
d7df1e7891 Prevent users from dupe group memberships 2022-02-24 15:06:41 -05:00
Jarrod Johnson
2c9be7a4c4 Remove slp snoop of XCC 
SSDP snoop catches XCC, and do only
SSDP for consistent format of
snoop info coming into the
xcc handler.
 2022-02-24 08:08:50 -05:00
Jarrod Johnson
e390618dd9 Fix handling without olduuid in database 2022-02-23 10:13:06 -05:00
Jarrod Johnson
8f4846c248 Fix for partial returns 
full_net_config may not always apply,
be sure to gracefully degrade.
 2022-02-22 17:08:23 -05:00
Jarrod Johnson
ac8918c2b9 Add ips to ssh principals 
For any static address, also grant
certificate for that.
 2022-02-22 16:48:58 -05:00
Jarrod Johnson
3cf9edeeb8 Stub out buffering for shell sessions 
This is not yet handled anyway.

For future, establish norm of a nodeid
to prefix multiple distinct sessions.
 2022-02-22 08:49:31 -05:00
Jarrod Johnson
8fab8238ed Disambiguate console from shell buffer 
There is room for the console replay to get confused,
fix by fully qualifying the console name.
 2022-02-18 17:31:13 -05:00
Jarrod Johnson
58b55b6ef6 Error on trying to double-add nodes or groups 
Prevent user from repeatedly adding the
same group to a node or same node to a group.
 2022-02-16 11:58:22 -05:00
Jarrod Johnson
33be75a9a2 Markup bandit exceptions 
Apply bandit exceptions and explain
the rationale in each case
 2022-02-16 09:10:33 -05:00
Jarrod Johnson
f10a27fd7a Switch to mkstemp 
Use mkstemp to more confidently reserve a filename as expected.
 2022-02-15 17:13:04 -05:00
Jarrod Johnson
93a5496899 Reject reverse range noderange 
It has been stated that no one would want to do this
on purpose, and thus it should reject. The rationale
being that if no one wants to do this, but did it
anyway, they presumably made a mistake.

So now such attempts will be blocked.

Keep the dead logic around for now
in case a future opinion changes things back.
 2022-02-11 15:20:41 -05:00
Jarrod Johnson
bd428790ce Try for more informative messoge an expression syntax error 2022-02-11 14:51:53 -05:00
Jarrod Johnson
f0c4943612 Merge branch 'master' of github.com:lenovo/confluent 2022-02-11 14:33:47 -05:00
Jarrod Johnson
f547071d38 Warn user of unworkable syntax 
When used in {} expressions, attributes must obey python syntax rules,
try out the attribute name and report the issue when it would be a problem.
 2022-02-11 14:32:52 -05:00
Jarrod Johnson
fbd3a442ac Support numeric owner/group in syncfile list 2022-02-08 17:38:01 -05:00
Jarrod Johnson
b809514ef9 Fix osdeploy initialize dependency on master key 
Make sure confluent has made /etc/confluent, and further always initialize the
encryption key, as it will almost certainly
be needed and easiest to just always
generate on first startup.
 2022-02-08 16:40:41 -05:00
Jarrod Johnson
b1032d8c4c Specify write mode for confluent_uuid file 2022-02-08 12:31:04 -05:00
Jarrod Johnson
e7b1791df3 Modify input in bandit-friendly way 
bandit erroneously flags 'input' based
on possible python2-ism.  Avoid the
error by using 'getinput', making that
input or raw_input based on the python version.
 2022-02-08 10:59:15 -05:00
Jarrod Johnson
6e03f6ee0a Correct syntax typo 2022-02-08 10:49:42 -05:00
Jarrod Johnson
358b719cec Implement deployment binding for new installs 
When doing osdeploy initialize,
save the uuid and have deployment
targets specifically pair back with site via
uuid.
 2022-02-08 10:41:27 -05:00
Jarrod Johnson
4a38a88136 Add recognition of RHEL9 media 2022-02-07 09:20:05 -05:00
Jarrod Johnson
522d7e2b59 Fix configmanager issue witht more recent python3 2022-02-04 16:21:39 -05:00
Jarrod Johnson
485c323608 Stage uploads in memory 
The strategy of duping file descriptors
is inadequate. The copies share
identical offsets.

Fix this by reading the file once into
memory, and using BytesIO to fake a file.

This is relatively memory intensive in theory, but in practice
pyghmi library had been duping everything to memory
anyway, so it is a wash for now.
 2022-01-27 17:29:17 -05:00
Jarrod Johnson
effaba9661 Fix adding nodes with uuid for pxe 
When adding nodes, they wouldn't be tracked for PXE
until id.uuid changed, or service restarted.

Fix by explicitly remapping all added and new names.
 2022-01-26 08:35:10 -05:00
Jarrod Johnson
3f90c35bc9 Raise error on missing piece of syncfiles entry 2022-01-20 13:13:04 -05:00
Jarrod Johnson
456b43eeb7 Correctly align rtattr and nlmsg 
When advancing through messages,
must pad to nearest multiple of
4.  This resolves erroneously landing on incorrect offsets.
 2022-01-19 13:21:59 -05:00
Jarrod Johnson
2d13921d54 Amend deployment initialize for consistent ownership 
Depending on the options selected/not selected, the
/var/lib/confluent directory may have been initialized
incorrectly.  Have all the potential paths begin with
ensuring /var/lib/confluent is correct, and then
use seteuid consistently to take care of the rest.
 2022-01-14 15:08:19 -05:00
Jarrod Johnson
8b95e8f507 Improve osdeploy import error handling 
Before, conditions that were unexpected
would result in hangs.  Now
transition to and report error state.
 2022-01-14 09:23:54 -05:00
Jarrod Johnson
fdc3d1c457 Broaden scope of logging issues with connecting to a leader. 
Notably, certificate mismatch should be caught.
 2022-01-14 07:39:25 -05:00
Jarrod Johnson
8d5d8ef5ed Have later syncfiles entries supersede earlier 
This allows a vague entry to
be followed by a specific
entry to allow 'common' content
and then a specific override.
 2022-01-13 16:52:10 -05:00
Jarrod Johnson
aa816c0f1d Have attribute update support wildcards 
This makes nodeattrib behave more like nodeconfig.
 2022-01-13 13:27:07 -05:00
Jarrod Johnson
b7a786dc83 Choose more accurate description of ambiguous switch situation 
Technically, it need not be an aggregation, but link between switches generically covers it.
 2022-01-12 09:31:44 -05:00
Jarrod Johnson
f46fc9f7de Provide error about in-use dhcp 
The events will more clearly indicate
when dnsmasq is not adequately configured.
 2022-01-12 09:27:49 -05:00
Jarrod Johnson
2d95fb1d74 Improve 'ambiguous' notification in macmap. 
When two nodes are ambiguous, provide more
info (mac) and also a suggestion of
which of the two appears most
trunk-like if one of them looks
suspiciously like a trunk.
 2022-01-12 08:31:13 -05:00
Jarrod Johnson
04b462712d Tolerate redfish variations and fix loop 
Some redfish omit the trailing /, and the correct move on non-redfish
is to continue to next candidate,
not break.
 2022-01-11 16:53:46 -05:00
Jarrod Johnson
9c40569429 Add el9 to spec files 2022-01-11 16:02:47 -05:00
Jarrod Johnson
6df73d88b3 If SSDP happens but HTTPS not ready, ignore 2022-01-07 10:45:10 -05:00
Jarrod Johnson
d5a8e881ab Defer handler processing 
This was done in slp, do it also for ssdp. This
hopefully does it's best to flush udp buffer more
quickly in at scale scenarios.
 2022-01-07 09:55:49 -05:00