Provide for applications
where only a small subset of collective
members should be
considered to count
toward whether the collective
can proceed.
Commonly, 'service' nodes may
be numerous to do work, but may all want to go offline
during a maintenance window.
When a node installs, it may not have it's node mapped address up,
or may not have one at all. Try to use the ip if it would be in the
same set that produced it's ssh certificate.
There remains a gap if a system has no static addressing *and* doesn't
map nodename to IP, but we have an impasse as the situation is too fuzzy
to grant a prinicpal in an SSH cert, and without that we can't securely
attempt rsync. For now, this scenario would still fail and I will
just hope that doesn't come up.
When generating new key materials, most people say 'yes' and cause problems
where they cycle valid keys without
realizing the significance.
Replace prompting with an emphasized warning instead.
Permit user to opt into a rebase of a
profile, to pick up potential updates
from the confluent packaged stock
profiles for files the user has not yet
customized.
Going from python 2 to python 3, the dbm format
goes from the default to unsupported.
This allows a python3 confluentdbutil restore to handle
a python2 dump of unsupported format.
Make sure confluent has made /etc/confluent, and further always initialize the
encryption key, as it will almost certainly
be needed and easiest to just always
generate on first startup.
Depending on the options selected/not selected, the
/var/lib/confluent directory may have been initialized
incorrectly. Have all the potential paths begin with
ensuring /var/lib/confluent is correct, and then
use seteuid consistently to take care of the rest.
ssh is technically opt-in, though strongly recommended, so
osdeploy should cope with that.
TLS is pretty much required, but perhaps not done immediately,
so it gets similar treatmennt.
Rely upon python 3 for now. When the dust settles, either convert to
python 2 friendly use of ctypes, or alternatively just block using
the pass filehandle function in older python.
This would enable files to be uploaded/downloaded
using the client filehandles, overcoming awkward
difference in file privilege between client and
server.
