2
0
mirror of https://github.com/xcat2/confluent.git synced 2024-11-26 19:40:12 +00:00
Commit Graph

1617 Commits

Author SHA1 Message Date
Jarrod Johnson
caf9115439 Fix CentOS stream support 2020-12-14 10:04:31 -05:00
Jarrod Johnson
8b11acbcf2 Recognize CentOS Stream
Allow installation of CentOS stream as a profile.
2020-12-14 09:47:56 -05:00
Jarrod Johnson
47f04c8462 Provide guidance if the user tries to use defaults
Default username/password is no longer a
viable long term credentiol for XCC, have user
clearly be told to change and that they
shouldn't have to worry about the default
user and password.
2020-12-11 10:37:00 -05:00
Jarrod Johnson
5b0e23b8d4 Provide better feedback on XCC security lockouts
Rather than 'NoneType' error about grab_json_response,
provide actual recognizable feedback
2020-12-11 10:21:21 -05:00
Jarrod Johnson
14d9284cc5 Fix older Oracle Linux 7
Older OL has another release file thtat
was tripping the fingerprinting code.
2020-12-10 13:48:51 -05:00
Jarrod Johnson
cd251fa5d6 Add support for OL7 and older other EL7 flavors
Older EL7 didn't have platform-python in installer,
change to fallback to old /usr/bin/python if
needed.
2020-12-10 10:54:30 -05:00
Jarrod Johnson
8d47395e53 Add fetch of '<script>.d' scripts
This can be used by firstboot/post scripts to
get modularized scripts.
2020-12-09 16:46:58 -05:00
Jarrod Johnson
87ef68e26a Add 'memory' console.logging
If console.logging is not desired, but reconstituting the screen is,
provide 'memory' as a method to do that.

On slow disks this can significantly improve performance.
2020-12-09 13:47:46 -05:00
Jarrod Johnson
55b97793fd Lower concurrency limit of ipmi actions
IPMI actions can be a bit sensitive. Introduce some serialization
for improved robustness in liue of better parallelism.

The ideal would be to have 128 per core/process in the end, but for now,
a pool for 128 concurrent operations in flight at a time.
2020-12-08 18:23:13 -05:00
Jarrod Johnson
99609aa669 Add Oracle Linux signature check to osimage
Oracle Linux was being misidenntified as RHEL,
fix so that oracle linux is treated differently.
2020-12-07 15:08:28 -05:00
Jarrod Johnson
ff7f5daac6 Parallelize and timeout ssdp queries
Badly behaving 'desc.tmpl' servers exist in the world,
do not get tripped up or slowed down too much by
having aggressive timeout and making it parallel.
2020-12-04 17:14:35 -05:00
Jarrod Johnson
2d58741f15 Fix PXE/HTTP boot UUID and Mac case sensitivity
Like the SSDP code, PXE too had case sensitivity issues
2020-12-04 12:42:14 -05:00
Jarrod Johnson
57b74d59af Force uuid to lowercase in uuid mapping
Most of the codebase presumes lower case uuid, but
the uuid mapping was preserving whatever case the
attribute was in, making it case sensitive.

In the normal discovery process, this was filled in
as lower case. However if id.uuid is filled in manually
with uppercase, this broke the node lookup by uuid.
2020-12-04 07:41:40 -05:00
Jarrod Johnson
014727d355 Label boot.img with profile name
This allows for easier
search should an image want it
2020-11-09 15:45:44 -05:00
Jarrod Johnson
dc262c366c Fix false positive in affluent detection
Make sure we don't receive
a redirect or other
when asking for mac tables.
2020-11-09 11:23:54 -05:00
Jarrod Johnson
8f99d87fda Reduce calls to update_neigh
On a mostly stable system, update_neigh will
continue to drive a significant portion of
background activity. Mitigate to only call if
circumstances suggest a need, or once every
30 seconds.
2020-11-09 09:00:57 -05:00
Jarrod Johnson
edaaa2393d Hook up apiclient to TPM2 persistence, when available 2020-11-06 16:38:05 -05:00
Jarrod Johnson
31c2c5f6f7 Fix errors in the TPM2 support 2020-11-06 13:38:37 -05:00
Jarrod Johnson
f7e7d05729 Add TPM2 support to node api key handling
This is an optional capability that image payloads may use
to use the TPM2 to protect an apikey as an alternative to
arming a weak authentication invocation
2020-11-06 10:00:36 -05:00
Jarrod Johnson
b4e6e7caa8 Check for some issues in a manual assign request
One is to provide clear feedback when a nodename is requested
that was not previously defined, to make it more clear that
it is a requirement and/or guard against going too far while
the config function will be missing data it needs to complete
onboarding.

Another is to break if the request is trying to assign a node
to a different definition when it already exists under a different
name.
2020-10-30 08:18:27 -04:00
Jarrod Johnson
10ac1756f1 Do not clear the entire nodes lookup on remap
remap may only amend part of the map,
do not cause that to clear out the good data.
2020-10-29 15:49:31 -04:00
Jarrod Johnson
95659db00a Stop trying to use generic cookie parsing
Trying to do so while guarding against errors and sanitizing input was more code and slower
than targeting the one possible cookie we might care about.

So the code is simpler and
the performance is better, and the effect of stray cookies are mitigated.
2020-10-29 11:36:26 -04:00
Jarrod Johnson
bddbc37e8e Fix incorrect length of random strings 2020-10-29 10:57:49 -04:00
Jarrod Johnson
af8429ebf9 Fix esxi updateboot
Updateboot was confounded by a normal of 'file exists'
problems.
2020-10-26 12:22:56 -04:00
Jarrod Johnson
3ac6677d2d Sanitize cookies
If an invalid cookie from another site breaks the cookie jar,
then sanitize it.

https://bugs.python.org/issue31456

Performance enhancement through setting a header in javascript in
lieu of cookie parsing seems a wise move for the future.
2020-10-24 11:10:52 -04:00
Jarrod Johnson
8b5744b7eb Drop attempts to restore cursor key mode
It would corrupt F1 setup menu. This may cause problems for
ESXi TUI, but F1 in UEFI is more commonly on serial
2020-10-23 15:32:16 -04:00
Jarrod Johnson
ed41d93de5 Add remote authentication configuration
While our security guidelines preclude allowing host to know the password,
it is considered acceptable to do the out-of-band authentication configuration.

Have configbmc request a unicast remote configuration. This should handle authentication
as well as ensuring ongoing consistency between out of band and in-band configuration
methods.
2020-10-20 15:51:46 -04:00
Jarrod Johnson
e7fbbe2737 Fix issues with leftover ssh sessions
Upon connection loss, even though confluent internally
decides it is done with it, it fails to close the session.

Catch a number of these scenarios and ensure the connection closes.
2020-10-12 09:47:24 -04:00
Jarrod Johnson
504bee2d2a Fix problem when domain was not set
domain was checked even if domain not defined,
make sure domain is defined before trying
to use it.
2020-10-08 10:39:29 -04:00
Jarrod Johnson
8dd66211b7 Avoid setting uuid and mac in pxe if already set
Notably the uuid change can end up recursing. Fix the behavior that will cause never ending
loops, which in some IO situations
can end in recursion limits.
2020-10-06 17:14:20 -04:00
Jarrod Johnson
f4395abade Deprecate attempts to use default password with SMM
This is removed in some level of the product
2020-10-05 16:54:58 -04:00
Jarrod Johnson
a194e2293e Fix syntax error on discovery core 2020-10-02 15:35:14 -04:00
Jarrod Johnson
d27577d2b7 Fix missing close parenthesis 2020-10-02 14:57:59 -04:00
Jarrod Johnson
1113c2a849 Improve duplicate switch attribute errors 2020-10-02 13:36:45 -04:00
Jarrod Johnson
587197e934 Refresh chained SMM discovery for SMMv2
Additionally, amend overall
discovery to force chain validation
rather than theoretically
accepting a low mac count match.
2020-10-02 11:45:50 -04:00
Jarrod Johnson
2ba05fb7b1 Enable IPMI on SMMv2 2020-09-29 11:21:53 -04:00
Jarrod Johnson
eeb3a3fa65 Have a clause for redfish not yet ready
We need redfish, but redfish is slow to boot on TSM..
2020-09-22 14:33:58 -04:00
Jarrod Johnson
56f8ca0982 Implement redfish resilient discovery for TSM
TSM redfish stack has an issue where it refuses to recognize any
non-redfish password change. Use redfish to change.

Regretably, it takes about 10 seconds for that change to propogate
to the practical API, so we have a discovery delay now.
2020-09-22 14:31:28 -04:00
Jarrod Johnson
9828ea5898 Fix chained smm discovery on cumulus 2020-09-14 11:02:00 -04:00
Jarrod Johnson
7bdf7afb80 Fix another mistake in chained SMM discovery 2020-09-14 08:04:41 -04:00
Jarrod Johnson
cd20a69eb6 Fix typo in function name in chained smm discovery 2020-09-14 08:03:18 -04:00
Jarrod Johnson
c3d14977f2 Update attributes documentation 2020-09-11 09:56:35 -04:00
Jarrod Johnson
31d19e9398 Fix deployment.useinsecureprotocols
If explicitly set to 'never', it would behave as 'firmware'.
2020-09-11 09:44:09 -04:00
Jarrod Johnson
4fe84ca6dc Fix various issues in 3.0.0 release
If the kernel is new enough to do SKU, but the firmware doesn't have it,
fallback to model.

Fix outright mistakes in the config_port_tsm code

Up mac count from 2 to 3. If querying cumulus switches using SNMP
the switch will add its own mac to the list bringing the
total for a shared port to 3.
2020-09-09 10:58:37 -04:00
Jarrod Johnson
6f55a4ffe0 Python 3.7 fix for ipv6 lla handling
Python 3.7 changes behavior of recfrom (because.. why not apparently...)
Use getnameinfo to normalize the printable version.
2020-09-02 12:12:10 -04:00
Jarrod Johnson
5e01d9c97b Handle unresolvable switches gracecfully
Rather than a trace log,
keep it to only the event log.
2020-09-02 11:50:50 -04:00
Jarrod Johnson
46396247bb Fix remote passphrase authentication
For python 3 platforms, the
db hosted hash
needed the str changed
to bytes explictly.
2020-09-02 08:54:29 -04:00
Jarrod Johnson
a737ee7622 Correct incorrect quotes 2020-08-28 10:45:54 -04:00
Jarrod Johnson
616d0bd23e Amend language of attribute help 2020-08-28 09:49:25 -04:00
Jarrod Johnson
b8ffdfbf74 Add more text to deployment.encryptboot 2020-08-28 09:45:55 -04:00