Jarrod Johnson
b42e2e4932
Change to b64 output for hmac
...
base64 utility is not always available, so natively
use base64 format for hmac output.
2022-03-10 09:00:54 -05:00
Jarrod Johnson
61d037ae31
Combine genpasshmac with clortho
...
This permits saving on addons size by using the same
binary for both networked api grant and hmac api
grant.
2022-03-09 13:36:47 -05:00
Jarrod Johnson
a8c2f859e4
Add a genpasshmac utility
...
For far edge deployment, create utility
that can hmac a password for use in a REST
api call to skip need for tcp port 13001 access.
2022-03-08 16:27:37 -05:00
Jarrod Johnson
31dad09b0c
Update makefile to build in sh256 to clortho
2022-03-08 14:46:33 -05:00
Jarrod Johnson
0abe978bd9
Implement hmac of apikey
...
For routed deployment, we have to preshare some information.
Additionally, the API arm mechanism gets too open ended.
Add support for using a shared secret over another
channel to do HMAC of a key to authenticate peer,
which has an alternate api arming mechanism
that is hardened.
2022-03-08 14:46:00 -05:00
Jarrod Johnson
b463a53146
Cleanup per coverity
...
Fix a number of concerns that coverity reports
2022-02-17 17:05:00 -05:00
Jarrod Johnson
00bedf6946
Shuffle confluenntuuid to earlier in copernicus
...
Currently, ssdp handler behavior needs confluentuuid first, if
it is to have any effect.
2022-02-08 12:06:52 -05:00
Jarrod Johnson
358b719cec
Implement deployment binding for new installs
...
When doing osdeploy initialize,
save the uuid and have deployment
targets specifically pair back with site via
uuid.
2022-02-08 10:41:27 -05:00
Jarrod Johnson
c475e4801f
Fix incorrect quotes in autocons.c
2022-01-07 09:28:24 -05:00
Jarrod Johnson
624984b1c9
Do not assume SPCR until confluent confirms text console
...
TIOCCONS was called for users that did not want to use serial. This
makes the serial console delayeed when automatic, but avoids video
users from being confused.
2021-12-09 10:34:12 -05:00
Jarrod Johnson
a4fc64ea56
Move el9bin build out of spec
...
Since the rpm itself is built in an el7 container, build
binary before spec driven build to be compatible.
2021-10-07 09:18:24 -04:00
Jarrod Johnson
54667570bd
Create encrypted image and private profile data
...
Prepare for securing os profile witht custom images
2021-07-23 16:13:24 -04:00
Jarrod Johnson
e43e5ac167
Add confluent_imgutil to addons
2021-07-15 14:42:26 -04:00
Jarrod Johnson
1570d3dbe3
Add c utility for reading confluent multipart images
2021-07-15 12:39:19 -04:00
Jarrod Johnson
1645d47b73
Fix clortho
...
The suggested correection for clortho was in fact
incorrect. Revert back and cast it.
2021-06-04 17:19:19 -04:00
Jarrod Johnson
1a30876a2d
Begin work to package diskless support
...
First will work on the 'addons' portion of the needed
work.
2021-06-03 17:17:42 -04:00
Jarrod Johnson
e0c59cc341
Fixup c utilities and add start_root
...
The diskless will use start_root to boot the 'main' OS as a container.
2021-06-03 17:06:10 -04:00
Jarrod Johnson
917a51a406
Error if bind to privileged port fails
2021-04-28 08:37:23 -04:00
Jarrod Johnson
697b33ae80
Put a lower bound on autocons geometry
...
If some glitch happens during the read, do not end up with
absurdly low geometry.
2021-03-18 15:48:25 -04:00
Jarrod Johnson
d3a699a8fb
Have autocons attempt sizing of serial console
...
If a terminal is open during autocons, that terminal
will be the size of the console.
Otherwise, fallback to 100x31.
2021-03-13 12:33:53 -05:00
Jarrod Johnson
1ecef6f251
Be a bit paranoid about string boundary
2020-11-06 13:57:35 -05:00
Jarrod Johnson
31c2c5f6f7
Fix errors in the TPM2 support
2020-11-06 13:38:37 -05:00
Jarrod Johnson
f7e7d05729
Add TPM2 support to node api key handling
...
This is an optional capability that image payloads may use
to use the TPM2 to protect an apikey as an alternative to
arming a weak authentication invocation
2020-11-06 10:00:36 -05:00
Jarrod Johnson
a263851614
Fix problem with autocons
...
autocons needed to open the devnode earlier
to have the correct name. Fixes TSM autocons
behavior
2020-09-24 08:26:37 -04:00
Jarrod Johnson
8ab9c14d45
Do not surpress if scope index is distinct
...
This allows vetting multiple peers when vlan tagging
is used with LLA.
2020-06-30 14:18:54 -04:00
Jarrod Johnson
31aeb2552c
Have copernicus outut extended info
...
This will help profiles select
the most appropriate interface.
2020-06-26 16:13:15 -04:00
Jarrod Johnson
785d8a7c1c
Fix a couple of problems
...
In RHV, tmux was unable to attach because of TMUX variable.
Unset it to allow tmux to work normally.
Clortho didn't specify family, which worked in linux but not
in ESXi.
2020-06-19 10:24:51 -04:00
Jarrod Johnson
e4a4bdf317
Fix clortho mistake
...
In attempting to correct clortho,
a mistake was made in the printf
formats.
2020-05-04 17:27:22 -04:00
Jarrod Johnson
efe936a93d
Further build process for confluent_osdeploy
2020-05-04 15:45:35 -04:00