2
0
mirror of https://github.com/xcat2/confluent.git synced 2024-11-26 11:30:23 +00:00
Commit Graph

816 Commits

Author SHA1 Message Date
Jarrod Johnson
d2156f3d67 Move the anti-referrer login to only logout
This has no functional difference, just a cosmetic
difference that does not give the erroneous impression
a logout actually occurred.  This does mean that if a browser
disables cookies and uses the api explorer, there would
be an opportunity for a CSRF.
2016-11-30 10:15:44 -05:00
Jarrod Johnson
bf8dff90f3 Provide CSRF protection to logout resource
Though more annoying than harmful, guard against CSRF succeeding
against the logout resource.
2016-11-30 10:04:25 -05:00
Jarrod Johnson
004d40e7ca Implement more CSRF countermeasures
At some expense of convenience, make it difficult
for CSRF to succeed even against the API explorer
for most people.  User/Password will now only be
accepted on hitting enter in the address bar rather
than following any link.
2016-11-30 09:57:58 -05:00
Jarrod Johnson
ac084b212e Merge branch 'nodeexec' 2016-11-29 10:50:32 -05:00
Jarrod Johnson
7557136d5d Add a number of security headers
There are a number of headers security scanners expect.
Explicitly declare how strict browser should be with
responses.
2016-11-29 10:49:02 -05:00
Jarrod Johnson
70762d3f6c Undo accidental change to nodesetboot 2016-11-08 14:51:57 -05:00
Jarrod Johnson
eeb668bdfa Correct formatting page in nodesensors man page 2016-11-08 14:50:10 -05:00
Jarrod Johnson
61bd415ec4 Make confluent depend on python-dns
Fedora and family naming convention removes
'python' from the 'dnspython' name.  Work
within that standard to improve compatibility
with epel and such.
2016-11-07 14:07:12 -05:00
Jarrod Johnson
107337fdba Merge branch 'master' of github.com:jjohnson42/confluent 2016-11-07 10:19:41 -05:00
Jarrod Johnson
eb02247a58 Fix consistency of sessionid
Regardless of whether the client uses it as a session id
or not, the fact remains a sessionid is assigned.
Pass the session id in the auth data even if the client
did not send it.
2016-11-07 10:18:32 -05:00
Jarrod Johnson
53904a2a5a Revert "Remove 'path' condition for session cookie"
This reverts commit 0ad4ae90c9.
2016-11-01 13:45:33 -04:00
Jarrod Johnson
5881ad8b68 Support sub-second interval
If a user requests an interval that is not a whole
number, begin honoring it and adjust the timestamp
precision to indicate milliseconds.  Do not bother
with milliseconds on whole number intervals.
2016-10-25 14:38:31 -04:00
Jarrod Johnson
e0211fd8d8 Merge branch 'avoidrecursereplay' 2016-10-25 14:38:04 -04:00
Jarrod Johnson
0ad4ae90c9 Remove 'path' condition for session cookie
The cookie had an unnecessary limitation.  path need not be specified,
and it is possible for a client to request in a way that fails the criteria.
2016-10-21 09:56:14 -04:00
Jarrod Johnson
6f9bdf4a7c Create multiple files on roll conflict
Rather than removing the previous file, append a digit
to denote extra log files sharing the same roll date.
2016-10-18 11:28:47 -04:00
Jarrod Johnson
4eaab9db37 Avoid inifinite replay loop on bad previouslogfile
If circumstances result in a log file after rollover
pointing at itself, break out rather than looping trying
to get the same data from itself.
2016-10-18 11:18:57 -04:00
Jarrod Johnson
92fa2bf4d9 Add a number of security headers
There are a number of headers security scanners expect.
Explicitly declare how strict browser should be with
responses.
2016-10-13 11:08:05 -04:00
Jarrod Johnson
7f9394b33a Handle events without timestamps
If an event is missing a timestamp, omit rather than stack trace
2016-10-11 16:46:01 -04:00
Jarrod Johnson
05a6664165 Add a noderun command
This command enables running various commands against the nodes.
While I was at it, fix permissions on some files in git.
2016-10-06 16:30:29 -04:00
Jarrod Johnson
457f1fe30b Provide resource to allow clients to expand custom expressions
Clients may now format a string as if it were to be an expression for an attribute,
and have the server evaluate it using the same engine without passing through the
attribute engine.  This makes it easier, for example, to do nodeexec n1-n4 ipmitool -H {hardwaremanagement.manager}
2016-10-06 15:51:07 -04:00
Jarrod Johnson
2efadf21b5 Begin writing man pages
Provide a couple of man pages to get started on the effort
to provide man pages for the commands.
2016-10-04 15:10:53 -04:00
Jarrod Johnson
bb38ff4588 Fix auto-version build
The build autoversion was not correct.  Use
git describe instead to be more complete.
2016-09-30 13:12:40 -04:00
Jarrod Johnson
d4ffc41451 Provide means of asynchttp of passing exceptions
This allows client code to be actually same when
using synchronous versus asynchonous.
2016-09-28 15:00:49 -04:00
Jarrod Johnson
fbd5059ade Unconditionally register key handler
For reasons not entirely understood, we can
have an ipmi command object without registering
a key handler.  Unconditionally register the key handler
on each use of the command object.  This still saves the
network load of logging in, so it's not a terrible workaround.
2016-09-28 14:59:43 -04:00
Jarrod Johnson
baf8587759 Have the confluent message populate 'errorcode'
This allows web code framework to correctly handle responses
in noderange/async as if they were traditional straightforward rest calls.
2016-09-26 16:00:00 -04:00
Jarrod Johnson
7eb881d7e5 Add API code values to confluent messages
When a message is used that would raise an exception in a singleton
case, make available the appropriate apicode in contexts that would be
relevant (namely multi-node operations and all asynchttp).
2016-09-23 16:44:02 -04:00
Jarrod Johnson
9f0daf324e Refactor error code into exceptions
This makes the exceptions more self describing and simplifies httpapi and sockapi.
An important step to improve asynchttp conveyance of error data that would normally
be an http error in synchronous operation.
2016-09-23 16:32:53 -04:00
Jarrod Johnson
ddbc155d6b Merge pull request #61 from aduffy19/fixIndexOutOfRangeError
Add exception check if passvalues is empty
2016-09-23 09:48:35 -04:00
Amanda Duffy
9d86ffee92 Add exception check if passvalues is empty 2016-09-22 16:58:00 -04:00
Jarrod Johnson
1286f8af3c Add facility for Anti-CSRF measures
Enable a WebUI to request an auth token.  This will allow it to indicate it is running in a browser and have the server implement protections such that
other software in the browser cannot send arbitrary requests into the server API.

This is implemented in a backward compatible fashion, allowing, for example, purely non-browser clients to ignore the CSRF protection as
it doesn't apply to that use case.
2016-09-22 11:09:05 -04:00
Jarrod Johnson
d183ef768d Defer console startup until after API startup
Consoles starting up would potentially delay API availaility.  Change
by having the API having ample time to startup, then commence the
busy work of starting cnosole sessions.
2016-09-13 11:33:53 -04:00
Jarrod Johnson
d19fdad0ba Avoid double-disconnect behavior
Do a better job of cleanly handling scenarios
where disconnect would come from a session currently
disconnected.  Inside the ipmi plugin, suppress a
disconnect event if one has been sent.  Inside
consoleserver, surpress logging a disconnect when
already disconnected.

Originally was going to skip the reconnect, but that would
mitigate recovery.  Hopefully supressing the duplicate
disconnect in ipmi plugin, and some fixes in pyghmi will
avoid a 'double connect' scenario.
2016-09-12 14:35:27 -04:00
Jarrod Johnson
b503d9ca11 Fix nodeeventlog with 'None' entries
Some entries have 'None' fields.  Gracefully tolerate
this scenario.
2016-09-09 09:14:25 -04:00
Jarrod Johnson
9e4ee7bb31 Fix conflicts with system python modules
If python system module had a name that conflicted in some way
with a plugin, the plugin load would fail.  Fix this by prioritizing
the plugin path over system locations.  Also, to avoid the breakage
going the other way, remove the plugindir from the system path when
that particular directory is done.
2016-08-29 09:56:21 -04:00
Jarrod Johnson
4d04c1fb18 Add break and reopen to http consoles
HTTP console API did not have a means to send break
or request session reopen.  Rectify this discrepency
by adding an 'action' key to request certain console
specific actions.  In retrospect, closing the session
should have just been an 'action', but leaving things
as-is.
2016-08-23 14:04:20 -04:00
Jarrod Johnson
1085e342fd Make missing NTP server return 404
Before it was returning 500 because of index out of range
if a client was pulling an index unconditionally.
2016-08-08 09:11:59 -04:00
Jarrod Johnson
05e642ada5 Do not overwrite 'login' prompt in ssh plugin
ssh plugin was sending backspaces without bound, causing
deletion of the login prompt.
2016-08-04 16:44:18 -04:00
Jarrod Johnson
00da61b981 Enable backspace for ssh user/pass prompt
When prompting for username and password,
make backspace work fine.
2016-08-03 13:49:27 -04:00
Jarrod Johnson
786a1ec93e Fix a couple of formatting issues 2016-07-19 09:15:45 -04:00
Jarrod Johnson
27524ab3ce Merge pull request #60 from jjohnson42/switchsupport
Provide function to interrogate ethernet switches for location
2016-07-18 10:33:22 -04:00
Jarrod Johnson
7b160bd99c Fix namesmatch to actually return True
In the common case, we were falling through the bottom
without an explicit return.  Restructure things to both
explicitly return and look a bit more sane.
2016-07-15 16:47:42 -04:00
Jarrod Johnson
9516efd74a Merge branch 'master' into switchsupport 2016-07-14 11:01:07 -04:00
Jarrod Johnson
5410b394f2 Fix 'unset' on noderange
The Attributes management class was making shared shallow
copies.  This caused a problem when attributes class assumed
it could modify the result.  Correct by providing a deep copy
of that node's data when it is requested.
2016-07-14 09:56:40 -04:00
Jarrod Johnson
801a4c4b1e Merge branch 'switchsupport' of github.com:jjohnson42/confluent into switchsupport 2016-07-14 09:28:00 -04:00
Jarrod Johnson
29da853bcf Add mac map lookup against config to get node
This brings things right to the level of xCAT in
terms of underlying capability.  mac addresses have both
an all inclusive list of ports it is found on, and any nodes
that it matches.  It goes another step further by logging errors
when ambiguity is detected (either verbatim config conflict or
ambiguous result based on 'namesmatch' and the switch config).
2016-07-14 09:27:15 -04:00
Jarrod Johnson
7a72de6033 Improve behavior of mac map
One, include a number of 'fellow' mac addresses on the same port.
Another, allow a mac to appear on multiple ports and have that
reflected in the data structure.  Also capture errors to trace
log rather than hanging up on unexpected cases.
2016-07-14 09:27:15 -04:00
Jarrod Johnson
b9733b3e0e Provide config enabled switch mapping
Wire up the singleton switch search function to a function that
extracts list of switches and relevant auth data from the config
engine.  Add attributes to allow indication by hardware management
port connection.  The OS nics will be added later for in-band discovery,
but that's of limited value until PXE support anyway.

This time, the update function is a generator that yields as a sign to caller
that the mac map has had at least a partial update to be considered.
2016-07-14 09:27:15 -04:00
Jarrod Johnson
4aeb7e1df5 Provide a simple global 'log' function
As we implement internal processes with automation,
provide a hook for code to convey information about
situations encountered during background activity.
Ultimately, it is intended to hook event forwarders
for things like syslog/email/etc
2016-07-14 09:27:15 -04:00
Jarrod Johnson
147b3952e0 Implement the next layer of switch discovery
Refactor the snmputil to be object oriented to simplify upstream code.  Implement
a method to generate a mac address to ifName/ifDescr for a given switch.
2016-07-14 09:27:15 -04:00
Jarrod Johnson
54e135f210 Add a util function for SNMP
On the path to instrumenting network switches, first
we'll add some framework for SNMP.  Given that we are
using eventlet and thus we need a patchable SNMP,
we employ PySNMP, despite it being a bit peculiar.
This commit tucks away the oddness and makes it
pretty easy to use for our purposes.
2016-07-14 09:27:15 -04:00