Jarrod Johnson
ef1649208e
Switch to using separate CA for TLS
...
This allows regenerating TLS cert
without updating boot images.
For example, if ip address changes need a new cert, no
longer should the nodes need new certs to trust
just due to that.
2021-06-30 14:25:46 -04:00
Jarrod Johnson
35b9635840
Clear armed API if current node token is used
...
If a node is armed, but instead unseals the prior key from TPM,
implicitly clear the armed state to avoid leaving it armed.
2021-06-28 13:30:09 -04:00
Jarrod Johnson
9c43dbff47
Rework MFA handling
...
Avoid calling PAM in the parent process, as
this seems to cause problems with some PAM
configurations.
2021-06-28 11:34:11 -04:00
Jarrod Johnson
f830514d10
Implement support for additional pam prompts
...
For example, if PAM has OTP, then support it.
2021-06-25 17:26:32 -04:00
Jarrod Johnson
b8c9e9c535
Begin work to support complex PAM conversations
...
For example, TOTP setups need
more prompts, this will pass
the info to the client for the client to adjust.
2021-06-23 16:31:42 -04:00
Jarrod Johnson
fc19ca4e36
Change to pythton-dnspython for dependency
...
Multiple compatible packages exist that provide same name, accept
either.
2021-06-23 08:37:00 -04:00
Jarrod Johnson
7122c17ce0
Remove pyte requirement
...
We no longer use pyte, remove the requirement.
2021-06-08 16:43:06 -04:00
Jarrod Johnson
bbe9bc3e06
Constrain plugin collections to flat by default
...
When asking for a path that exceeds the plugincollection,
thten provide generic 'not found' behavior.
2021-06-04 14:48:31 -04:00
Jarrod Johnson
58157b23d7
Error if noderange includes too many )
...
By default, pyparsing consumes only as much of the
input as matches the grammar. Tell it to consume all
of the noderange and error if there's more string than
matches our grammar.
2021-06-04 14:19:06 -04:00
Jarrod Johnson
b8ddf149bd
Skip newer agent behaviors with incompatible old ssh
...
The previous attempt to support older ssh failed to completely
enact old behavior when needed.
2021-06-04 13:40:39 -04:00
Jarrod Johnson
2073926256
Improve ctrl-c and other behaviors of osdeploy import
...
More reliably delete an import attempt to avoid odd behaviors.
2021-05-27 16:10:06 -04:00
Jarrod Johnson
734e12f0f1
Amend long wait to only apply to shutdown
...
The previous 30 seconds was a good amount to
wait for everything but a graceful shutdown.
The new 5 minute wait is too long to wait to
find out a system can't turn on.
Apply the 5 minute wait only on clean shutdown
request.
2021-05-27 09:57:07 -04:00
Jarrod Johnson
deb2b98e7f
Merge pull request #59 from zhougj4/master
...
[merge-LXCA] pull request
2021-05-27 09:54:44 -04:00
Zhou Guangjun
32c84993b0
[merge-LXCA] fix problem in merge with upstream - htmlify the dict
...
Details:
Revision: d9cc888e68abe7794ade82a251c4dffe9108a014
Author: Michael Du <duxd2@LENOVO.COM>
Date: 2017/8/2 21:06:22
2021-05-27 09:58:05 +08:00
Jarrod Johnson
af10e0ea91
Explicitly provide content-length 0 on 204
...
For some vintages of eventlet+apache, this is required
to avoid invalid responses from the server.
2021-05-25 10:18:13 -04:00
zhougj4
7363af866f
Merge branch 'lenovo:master' into master
2021-05-24 10:46:50 +02:00
Jarrod Johnson
7c4b500e92
Add boot.img function to CoreOS
2021-05-21 11:11:01 -04:00
Jarrod Johnson
9ac4cf0641
Rename generically to coreos
...
We should be able to support either RH or Fedora
flavors.
2021-05-19 17:28:05 -04:00
Jarrod Johnson
52b39e632d
Draft CoreOS support
...
Preliminary work toward supporting CoreOS
2021-05-19 17:12:56 -04:00
Jarrod Johnson
efd7f1de63
Conditionally apply agent to sshutil
...
Older OSes (RHEL7/SLES12) cannot
do ssh-keygen with an agent.
Degrade to classic confluent behavior when that happens.
2021-05-18 12:28:22 -04:00
Jarrod Johnson
af06c150b0
Add error message for long profile names
...
If a profile name pushes the filename field of dhcp
beyond what it can support, log an event and
do not offer a corrupted
dhcp offer packet.
2021-05-18 09:44:02 -04:00
Zhou Guangjun
32db72e38f
[merge-LXCA] (138083) [ipmi] Restart Normally and Power off Normally job failed with the message Ensure that the endpoint is reachable on the network from LXCA
...
Details:
Revision: d02e5b653f764aeca44efd108acaabc8b173b482
Author: Zhou Guangjun <zhougj4@lenovo.com>
Date: 2018/10/17 17:26:39
2021-05-13 14:34:02 +08:00
Zhou Guangjun
9648f1c8ac
[merge-LXCA] Add support for graphical consoles
...
Details:
Revision: a0f0309ee0bc731463794da9d685fa56bc62bc6f
Author: Allan Vidal <avidal@lenovo.com>
Date: 2015/11/26 3:50:31
2021-05-12 10:49:13 +08:00
Jarrod Johnson
aa7701ea3c
More usefully indicate unfound interfaces
...
Rather than no data, provide
not found error when requesting a currently unsupported name.
2021-05-11 08:02:19 -04:00
Jarrod Johnson
8543129fb9
Invalidate sealed token on new token
...
If a new token grant occurs, do not
retain stale token sealed, as it can be misleading.
2021-05-05 09:17:42 -04:00
Jarrod Johnson
a94a341582
Fix ansible path compatibility.
2021-05-03 14:31:28 -04:00
Jarrod Johnson
d17b1d060c
Prepend confluent_ to vars and switch to explicitly requesting directory
...
The 'profile' variable notably induces dracut to be excruciatingly slow,
mitigate chance by putting confluent before apikey, mgr, and profile.
Further, it has been requested to have the scripts use same name on
server for directory moving forward. Implement this request while
allowing existing OS profiles to keep working.
2021-05-03 12:48:08 -04:00
Jarrod Johnson
121e0727cf
Add Rocky linux recognition
2021-05-03 08:36:57 -04:00
Jarrod Johnson
def534e73f
Fixes for boot by DHCP and by MAC
2021-04-28 16:43:11 -04:00
Jarrod Johnson
2cb641e734
Fix PXE based on mac
...
We normally use UUID, on a broken platform with bad UUID,
user may need to use hwaddr. This was supposed to work, but
didn't. Fix it to work correctly.
2021-04-28 15:36:12 -04:00
Jarrod Johnson
d3fa08d78b
Amend syncfiles to handle directory targets better
...
Rather than using symlinks for directories, recursively recreate tree
and symlink only the non-directory
entries.
This improves mixing and matching
files and directories to target a directory.
2021-04-27 12:48:27 -04:00
Jarrod Johnson
38eb88249e
Permit wildcard in syncfiles
...
This was a supported and used feature in xCAT
syncfiles, carry it into confluent syncfiles.
2021-04-27 09:12:11 -04:00
Jarrod Johnson
c333c3eb9c
Fix missing data on XCC discovery
...
The XCC scan now calls the
imm scan to fill out the lost data.
2021-04-26 08:57:52 -04:00
Jarrod Johnson
f32a9a2f08
Rework inline command handling
...
Previously, if hotkey entry
had text data come in, it
would corrupt the state of
the client.
Minimize the corruption and request the server to pause.
2021-04-23 14:22:24 -04:00
Jarrod Johnson
f584b9bc11
Protect against binary sealed data
...
It was detected that binary sealed data
could happen. Ensure that it is str
before passing to configuration.
2021-04-23 14:17:54 -04:00
Jarrod Johnson
45cc4b7788
Add documentation syncfiles examples
...
Also, check to make sure a syncfiles has actual
work to do before triggering a greenthread and
the client to start polling.
2021-04-23 11:09:35 -04:00
Jarrod Johnson
1f9c440525
Handle non-utf8 console data
...
Sometimes console uses non-utf8.
Fallback to cp437 when utf8 fails us.
2021-04-22 15:14:52 -04:00
Jarrod Johnson
8397c5defc
Only close datfile if datfile is a file
...
If going by filename alone, there will be
no file handle to close. Correct by not
attempting a close in such a case.
2021-04-22 13:55:10 -04:00
Jarrod Johnson
b7af6b5c27
Add model name to discovery info
...
Sometimes the model name is
useful criteria for evaluating systems,
and the model number isn't
quite that handy.
For XCC, we can provide this data too. Provide it in xcc scan
method and then offer it up to clients.
2021-04-22 13:38:51 -04:00
Jarrod Johnson
bf00c75f43
Specify supported protocols to be confluent.console
...
Eventlet will return no supported protocols if
none are specified. Firefox doesn't care, but
chrome rejects such a reply.
2021-04-22 07:44:18 -04:00
Jarrod Johnson
479ddd582e
Induce python2 to unicode
...
eventlet will treat str as binary,
correct by forcing unicode.
For python3, it is a no-op, but
python2 needs it to pass the 'text_type' check in eventlet.
2021-04-21 15:33:27 -04:00
Jarrod Johnson
d82690f0d9
Fix python3-ism
...
python2 doesn't understand how to return
an iterator from within an iterator.
2021-04-21 13:31:11 -04:00
Jarrod Johnson
34cfd99fd8
Periodic reassimilation
...
Have leader periodically try to
assimilate offline members.
This will recover from some scenarios
where a rogue non-quorum collective
or a stray non-collective state
persists.
2021-04-21 10:30:54 -04:00
Jarrod Johnson
9009f63b2d
Implement websocket based terminal access
2021-04-20 15:49:07 -04:00
Jarrod Johnson
ab6bf82da6
Begin draft work to support websocket
...
First use case will be consoles.
Then we can consider the async case
for smoother async operation as well
though that is less critical.
2021-04-19 17:04:26 -04:00
Jarrod Johnson
37dca72579
Allow managercandidates to limit switch interrogation
...
If a switch is a node and has denoted allowed managers,
do not interrogate that switch if this member is not
permitted.
2021-04-16 14:19:51 -04:00
Jarrod Johnson
1aea406852
Restore error handling to SNMP
...
Properly carry and reconstitute exceptions
used to drive the specific errors.
2021-04-16 14:09:44 -04:00
Jarrod Johnson
374b87e2d7
Offload macmap SNMP activity to an auxillary process
...
This doesn't make the code more efficient, but it
keeps it from slowing down the main process
and allows it to leverage an additional core
to do the work.
Still needs work to restore the error reporting.
2021-04-15 17:22:15 -04:00
Jarrod Johnson
3469c8ab2b
Fix affluent communication
...
Affluent would hang on error, particularly
certificate problem. Fix by catching and being
explicit about the error, and generically
fixing the arguments for 'get' to have
the inntended timeout.
2021-04-14 15:51:18 -04:00
Jarrod Johnson
23dffe882e
Do a keepalive to track idle, but alive collective
...
When relaying a command, use a keepalive to indicate that
the connection is alive, just not sending data.
2021-04-09 17:27:00 -04:00