2
0
mirror of https://github.com/xcat2/confluent.git synced 2024-11-22 09:32:21 +00:00
Commit Graph

5241 Commits

Author SHA1 Message Date
Jarrod Johnson
9cf199a53e
Merge pull request #160 from Obihoernchen/typo
Fix small typo
2024-08-22 08:42:06 -04:00
Markus Hilger
e735a12b3a Fix small typo 2024-08-22 12:38:52 +02:00
Jarrod Johnson
cbd457b464 Cancel the recvr task on close
This avoids stail recvr from sending duplicate data.
2024-08-21 09:12:18 -04:00
Jarrod Johnson
dd2119c6d9 Ignore very old ssh key file 2024-08-19 16:26:48 -04:00
Jarrod Johnson
4640cb194f Provide workaround for XCC refusal to rename the initial account 2024-08-19 13:28:49 -04:00
Jarrod Johnson
fb10221e1b Amend affluent error handling
Be more consistent and informative
2024-08-16 11:26:52 -04:00
Jarrod Johnson
d82a982857 Have affluent 'power' status actually at least reaching the service 2024-08-16 10:52:00 -04:00
Jarrod Johnson
e6f6919ef4
Merge pull request #96 from weragrzeda/master
i reverted NTP and Eaton, Only Geist PDUs merging
2024-08-16 09:33:01 -04:00
Jarrod Johnson
1a40842f06 Fix osdeploy updateboot to find multiple grub.cfg 2024-08-15 10:54:52 -04:00
Jarrod Johnson
82e0d9c434 Rework ssh key init to reset key and use context management 2024-08-14 16:08:02 -04:00
Jarrod Johnson
83a4df49c7
Merge pull request #159 from adrianreber/2024-08-13-cat-keys
Do not overwrite the node SSH key with the last found public key
2024-08-14 16:04:36 -04:00
Jarrod Johnson
c442c8704d Merge remote-tracking branch 'xcat/master' 2024-08-14 11:41:09 -04:00
Jarrod Johnson
28b88bdb12 Add reporting of skipped nodes in a 'skip' merge 2024-08-14 11:40:11 -04:00
Jarrod Johnson
29d0e90487 Implement confluentdbutil 'merge'
For now, implement 'skip', where conflicting nodes/groups are
ignored in new input.
2024-08-14 11:26:51 -04:00
Adrian Reber
a6a1907611
Do not overwrite the node SSH key with the last found public key
Instead of overwriting the SSH public code for the node concatenate all
found SSH keys together in one file.

Signed-off-by: Adrian Reber <areber@redhat.com>
2024-08-13 17:30:43 +02:00
Jarrod Johnson
ba7a0f7eab
Merge pull request #158 from Obihoernchen/vlan
Add VLAN/PKEY support to confignet (fix #157)
2024-08-13 11:10:19 -04:00
Markus Hilger
0961174425 Remove redundant code 2024-08-09 19:55:42 +02:00
Markus Hilger
005adec437 Add error handling for interface_names 2024-08-09 19:45:19 +02:00
Markus Hilger
6943c2dc0f Make sure VLAN/PKEY connections are created last
Needed for VLANs on bond connections etc.
2024-08-09 19:38:45 +02:00
Markus Hilger
6833cd9c53 Add VLAN/PKEY support to confignet
Introduce new node attribute net.vlan_id to support VLAN/PKEY
configuration using confignet.
2024-08-09 17:59:34 +02:00
Jarrod Johnson
8fd39c36bb Fix some mistakes in confignet 2024-08-09 07:55:42 -04:00
Jarrod Johnson
2fc4483bba Backport SLP performance enhancement from async branch
Same concept that could bog down async variant
could be a slowdown for normal confluent.
2024-08-08 17:09:33 -04:00
Jarrod Johnson
4453ba3b64 Add cpio to confluent_server
In order to do osdeploy processing, we must have cpio
2024-08-07 09:20:34 -04:00
Jarrod Johnson
ca4955101d Improve "realness" of imgutil exec context
Utilities that expected /dev/pts will now be satisfied,
as a new /dev/pts is mounted.

Further, systemd added a check in various utilities that
was fouled by the previous method of appearing to have a
root filesystem.

Before, after chroot, we would bind mount / to itself, and this
made things using /proc/mounts, /proc/self/mountinfo, df, mount,
etc happy that there is a real looking root filesystem.

However, by doing it after the chroot, systemd could statx on '..' and
get a different mnt id than /. So it had to be done prior to the
chroot.  However it also had to be done before other mounts as
bind mounting over it would block the submounts.

This more closely imitates the initramfs behavior, where '/' starts life
as a 'real' filesystem before being mounted up and switched into.

This behavior was made to imitate the 'start_root.c' behavior as that
seems to be more broadly successful.
2024-08-07 08:40:10 -04:00
Jarrod Johnson
187fda4bb8 Add debootstrap dependency for imgutil 2024-08-07 07:58:08 -04:00
Jarrod Johnson
7ab7600492 Add cpio dependency for imgutil 2024-08-07 07:56:11 -04:00
Jarrod Johnson
f2b9a4fa5d Improve handling of ssh service being pre-hooked 2024-08-06 12:25:21 -04:00
Jarrod Johnson
ef1f51ef98 Wire in bmc config clear to redfish 2024-08-06 10:05:39 -04:00
Jarrod Johnson
21b1ac7690 Remove asyncore for jammy
asyncore isn't needed before noble
2024-08-06 09:34:46 -04:00
Jarrod Johnson
feaef79060 Successfully track credential currency across change 2024-08-06 09:30:13 -04:00
Jarrod Johnson
8c13816331 Fix fetch of model name for XCC3 systems 2024-08-05 15:03:00 -04:00
Jarrod Johnson
e07e6ed152 Improve error handling in OpenBMC console 2024-08-05 14:56:23 -04:00
Jarrod Johnson
0afc3eb03a Port SSDP improvements to SLP
It may not apply, but better to be consistent.
2024-08-05 13:12:54 -04:00
Jarrod Johnson
0fd07e8427 Fix race condition in SSDP snoop
If an asynchronous handler is slow to
enroll a target while another target causes an iteration
of the snoop loop, the various modified structures
had been discarded in the interim.

Now persist the data structures iteration to iteration,
using 'clear()' to empty them rather than getting
brand new data structures each loop.
2024-08-05 13:09:50 -04:00
Jarrod Johnson
fc5c1aa90f Fix SSDP error during merge 2024-08-05 11:32:57 -04:00
Jarrod Johnson
30c4d6b863 Add IPMI enablement to generic Redfish handler
If attributes indicate desire for IPMI, try to accomodate.
2024-08-05 11:07:50 -04:00
Jarrod Johnson
cfb31a0d8d Implement XCC3 discovery
For XCC3, change to generic redfish onboarding mechanism.

Extend the generic mechanism to be more specific in some
ways that the XCC3 is pickier about. However, it's just reiteration
of what should have already have been the case.
2024-08-05 10:00:22 -04:00
Jarrod Johnson
e9d4174ce5 Reapply "Add MegaRAC discovery support for recent MegaRAC"
This reverts commit 9d979256eb.
2024-08-05 08:35:10 -04:00
Jarrod Johnson
ed33b4e93f Merge branch 'megaracdisco' into v4xcc 2024-08-05 08:31:47 -04:00
Jarrod Johnson
4b6d41d2f8 Begin work to support V4 Lenovo servers
V4 Lenovo servers will have XCC3, and will have differences
and mark an unambiguously redfish capable onboarding process.

For now identify XCC3 variants and mark them, stubbing them
to the xcc handler.

An XCC3 handler will be made basing on the generic redfishbmc handler
with accomodations for XCC specific data (e.g. DeviceDescription
attributes and the Lenovo default user/password choice).
2024-08-02 17:35:39 -04:00
Jarrod Johnson
acce4de739 Add support for an OpenBMC modification
While stock OpenBmc does not care about subprotocols,
some implementations use it as a carrier for the XSRF-TOKEN.

Since base OpenBmc ignores it, we just offer it to any implementation
just in case.
2024-08-02 11:57:04 -04:00
Jarrod Johnson
89bd7c6053 Force load IB/OPA modules in case of IB boot
Ubuntu diskless was not working with boot over IB
2024-08-01 09:40:39 -04:00
Jarrod Johnson
71ca9ef76c Fix path to ntp servers in user-data mod for ubuntu 2024-07-29 15:57:34 -04:00
Jarrod Johnson
1c4f1ae817 Try to add ntp and timezones to Ubuntu scripted install 2024-07-29 15:21:10 -04:00
Jarrod Johnson
e6dc383d25 Fix mistake in EL8/EL9 LUKS 2024-07-29 11:22:07 -04:00
Jarrod Johnson
329f2b4485 Amend cryptboot implementation for Ubuntu 22/24, EL8/EL9
Provide mechanism for administrator to place a custom
key for potential interactive recovery into
/var/lib/confluent/private/os/<profile>/pending/luks.key

If not provided, generate a unique one for each install.

Either way, persist the key in /etc/confluent/luks.key, to
facilitate later resealing if the user wants (clevis nor systemd
prior to 256 supports unlock via TPM2, so keyfile is required
for now).

Migrating to otherwise escrowed passphrases and/or sealing to
specific TPMs will be left to operators and/or third parties.
2024-07-29 10:17:14 -04:00
Jarrod Johnson
bee9f18197 Tolerate / in the apikey for LUKS setup
The apikey is highly likely to have a /, and so we need to use something
not in the base64 alphabet as a delimiter.
2024-07-26 17:59:42 -04:00
Jarrod Johnson
1af898dcb8 Fix encryptboot on EL8/EL9 2024-07-26 17:43:51 -04:00
Jarrod Johnson
332068074d Extend systemdecrypt hook to support Ubuntu 24.04
Ubuntu 240.4 systemd-cryptsetup now has an external dependency.
2024-07-26 16:54:58 -04:00
Jarrod Johnson
2df902e80e Remove luks password from argv
Pass the luks password by environment variable instead.
2024-07-26 14:07:54 -04:00