xCAT/confluent
2
0
Fork 0
mirror of https://github.com/xcat2/confluent.git synced 2024-11-22 17:43:14 +00:00
Code Issues Projects Releases Wiki Activity
4,199 Commits 39 Branches 63 Tags 18 MiB
acd8cb9055
Commit Graph

617 Commits

Author SHA1 Message Date
Jarrod Johnson
acd8cb9055 First pass at media based routed deployment 2022-03-18 15:39:22 -04:00
Jarrod Johnson
8a3688c1d6 Fix mistake in pre.sh for relocation of apiclient 2022-03-18 12:09:43 -04:00
Jarrod Johnson
2299ccc32f Handle VROC devices in autoyast 
At time of running pre, array is not assembled by default,
inject a scan to check for them.

VROC must not be specified by 'md' name, or yast thinks it
needs to own making it, and complains that the setup doesn't
specify members.
 2022-03-17 12:19:42 -04:00
Jarrod Johnson
b6034f2e71 Update to fix new profiles and accomodate old profiles 
/etc/confluent/apiclient is expected by older profiles
 2022-03-16 09:40:55 -04:00
Jarrod Johnson
fe40d7c15e Fix mispelling of confluent 2022-03-16 09:01:22 -04:00
Jarrod Johnson
ad40c46509 Remove now-redundant genpasshmac.c file 2022-03-10 09:32:44 -05:00
Jarrod Johnson
301ed7a798 Fix mistake in b64e invocation 2022-03-10 09:15:26 -05:00
Jarrod Johnson
b42e2e4932 Change to b64 output for hmac 
base64 utility is not always available, so natively
use base64 format for hmac output.
 2022-03-10 09:00:54 -05:00
Jarrod Johnson
61d037ae31 Combine genpasshmac with clortho 
This permits saving on addons size by using the same
binary for both networked api grant and hmac api
grant.
 2022-03-09 13:36:47 -05:00
Jarrod Johnson
625434fcaf Fix mistake in deploycfg parsing 
More strictly match the field name.
 2022-03-08 16:29:49 -05:00
Jarrod Johnson
a8c2f859e4 Add a genpasshmac utility 
For far edge deployment, create utility
that can hmac a password for use in a REST
api call to skip need for tcp port 13001 access.
 2022-03-08 16:27:37 -05:00
Jarrod Johnson
31dad09b0c Update makefile to build in sh256 to clortho 2022-03-08 14:46:33 -05:00
Jarrod Johnson
0abe978bd9 Implement hmac of apikey 
For routed deployment, we have to preshare some information.

Additionally, the API arm mechanism gets too open ended.

Add support for using a shared secret over another
channel to do HMAC of a key to authenticate peer,
which has an alternate api arming mechanism
that is hardened.
 2022-03-08 14:46:00 -05:00
Jarrod Johnson
5fb766e62b Move apiclient consistently to /opt/confluent/bin 
It's more reasonable to have
it in a bin directory
 2022-03-03 11:11:29 -05:00
Jarrod Johnson
76fdf59122 Change genesis functions location 
Put it in a place consistent with more normal use.
 2022-03-03 08:34:57 -05:00
Jarrod Johnson
003196bc9e Allow -o with data file 
This makes things like ssh key signing easier.
 2022-03-03 08:25:04 -05:00
Jarrod Johnson
687136131e Place Confluent CA certs into TLS anchors 
When processes may update the certificate authorities, the confluent
CA trust would be lost. Place it appropriately so that
update-ca-trust will keep it in the appropriate place.
 2022-03-02 08:41:47 -05:00
Jarrod Johnson
6f194f26c0 Fix contents and permissions 
NetworkManager demands specific
permissions
 2022-02-25 16:18:54 -05:00
Jarrod Johnson
71c60be659 Fix el8 dns configuration 
The modification to add dns search must only be suggested
if the respective ip version section is enabled.
 2022-02-25 15:22:45 -05:00
Jarrod Johnson
58a9aa03ef Add DNS domain to el8 network manager 2022-02-25 09:48:56 -05:00
Jarrod Johnson
47a517aec1 Decrease retries to do https retries with bad TLS cert 2022-02-24 16:37:48 -05:00
Jarrod Johnson
1f7bd1a28a Fix autoconsole output on diskless 2022-02-24 16:27:32 -05:00
Jarrod Johnson
50da83b4f5 Fix api token message not being pushed 2022-02-24 15:56:29 -05:00
Jarrod Johnson
15f4cc085d Aggressively flush out error output 2022-02-24 15:46:38 -05:00
Jarrod Johnson
1a5f5aea3a Try an alternative approach to autoconsole errors 2022-02-24 12:18:41 -05:00
Jarrod Johnson
7068287ba3 Fix autocons spurious output 2022-02-24 10:25:59 -05:00
Jarrod Johnson
fb1f6b70bb Improve error handling on bad TLS cert 
Bad TLS cert is a common problem, provide better feedback.
 2022-02-24 09:27:40 -05:00
Jarrod Johnson
24ef12e029 Disable autoconf of ipv6 in el 
If autoconf is allowed when link is brought up, it scan
confuse redhat network configuration when it already finds
an ipv6 address.
 2022-02-23 16:58:29 -05:00
Jarrod Johnson
fdc9d94408 Also register to run before coreos-ignition-setup-user 
For coreos, make sure we preempt either name.
 2022-02-22 14:30:48 -05:00
Jarrod Johnson
b463a53146 Cleanup per coverity 
Fix a number of concerns that coverity reports
 2022-02-17 17:05:00 -05:00
Jarrod Johnson
f10a27fd7a Switch to mkstemp 
Use mkstemp to more confidently reserve a filename as expected.
 2022-02-15 17:13:04 -05:00
Jarrod Johnson
00bedf6946 Shuffle confluenntuuid to earlier in copernicus 
Currently, ssdp handler behavior needs confluentuuid first, if
it is to have any effect.
 2022-02-08 12:06:52 -05:00
Jarrod Johnson
358b719cec Implement deployment binding for new installs 
When doing osdeploy initialize,
save the uuid and have deployment
targets specifically pair back with site via
uuid.
 2022-02-08 10:41:27 -05:00
Jarrod Johnson
638a1b3587 Fix confignet for python2 2022-02-03 11:50:34 -05:00
Jarrod Johnson
5f4a565feb Use python2-compatible apiclient load for el7 diskless 2022-02-03 10:10:23 -05:00
Jarrod Johnson
e94d0a5236 Fix for EL7 compatibility 
Some python 3 exclusive assumptions were made.
Unfortunately, EL7 is python2
centric.
 2022-02-03 10:09:28 -05:00
Jarrod Johnson
0bca6e0852 Apply more fixes for EL7 diskless 2022-02-02 15:22:58 -05:00
Jarrod Johnson
c6816099f7 Add el7 diskless draft to packaging 2022-02-02 13:23:34 -05:00
Jarrod Johnson
eaa0921420 Draft EL7 diskless support 2022-02-02 13:09:26 -05:00
Jarrod Johnson
554e25d6cb Assume libcrypt.so.1 if not 2 in more generic way 2022-02-02 11:17:08 -05:00
Jarrod Johnson
f346cae683 Use more widely known paths for libcrypt 2022-02-02 10:53:46 -05:00
Jarrod Johnson
1431f9ce13 Change to python 2/3 agnostic syntax 2022-02-02 08:37:22 -05:00
Jarrod Johnson
9f071c1fdb Provide more details in example syncfiles 2022-01-20 14:10:30 -05:00
Jarrod Johnson
456b43eeb7 Correctly align rtattr and nlmsg 
When advancing through messages,
must pad to nearest multiple of
4.  This resolves erroneously landing on incorrect offsets.
 2022-01-19 13:21:59 -05:00
Jarrod Johnson
dbaae417e9 Have configbmc stall on TSM 
TSM will stall out for an extended
period of time after a network change.

Accomodate by forcing a pause
on detection of TSM.
 2022-01-10 12:01:15 -05:00
Jarrod Johnson
181f704331 Correct configbmc misidentification of lan chan 
The lan channel get mac address was incorrect, change
to correctly request.
 2022-01-10 09:29:40 -05:00
Jarrod Johnson
c475e4801f Fix incorrect quotes in autocons.c 2022-01-07 09:28:24 -05:00
Jarrod Johnson
abec8c498c Break netlink address fetch on invalid rta_len 
It is considered valid for kernel to return a null rta_len
in the midst of data and expect the caller to terminate.
 2021-12-20 12:28:35 -05:00
Jarrod Johnson
ad33572290 Add debug information to coreos init 2021-12-09 11:55:12 -05:00
Jarrod Johnson
624984b1c9 Do not assume SPCR until confluent confirms text console 
TIOCCONS was called for users that did not want to use serial.  This
makes the serial console delayeed when automatic, but avoids video
users from being confused.
 2021-12-09 10:34:12 -05:00