xCAT/confluent
2
0
Fork 0
mirror of https://github.com/xcat2/confluent.git synced 2026-05-14 02:14:20 +00:00
Code Issues Projects Releases Wiki Activity
5,832 Commits 41 Branches 80 Tags
dcb6aeca65c148bf8ca3cfb6bc9f624cd9bebd56
Commit Graph

2719 Commits

Author SHA1 Message Date
Jarrod Johnson dcb6aeca65 Add ca-only policy 
This policy forces CA validation every time.

This also checks things like date validity.
 2026-05-05 14:41:02 -04:00
Jarrod Johnson 7bc76b62e6 Backport CA policy changes 2026-05-05 11:31:26 -04:00
Jarrod Johnson 6d27e8a009 Allow monitor to read attributes by 'all' resource. 2026-04-29 07:51:08 -04:00
Jarrod Johnson c0b9bb3ab1 Fix group rename in collective 2026-04-17 11:57:35 -04:00
Jarrod Johnson c54ac530e1 Handle some environments where timedatectl does not exist 2026-04-14 13:50:12 -04:00
Jarrod Johnson 8990622470 Improve certificate mismatch handling 2026-04-08 15:37:50 -04:00
Jarrod Johnson 93a35d7e77 Improve srlinux error handling 2026-04-08 15:30:43 -04:00
Jarrod Johnson c49b2fd8ab Update quorum on deletion 
If deletion of a node brings quorum, notify followers
of the good news
 2026-04-07 14:57:09 -04:00
Jarrod Johnson 3ce2a5bc26 More tightly constrain node profile requests 
Normalize paths using abspath and validate the result is within the expected path.
 2026-04-06 15:12:44 -04:00
Jarrod Johnson df73c14475 Support unconfigured good without space 
Some platforms try to combine the words
 2026-03-19 18:05:38 -04:00
Jarrod Johnson 52db46be93 Fix python detection from ansible with space in shebang 2026-03-13 11:41:16 -04:00
Jarrod Johnson 550dfbf6a0 Fix reference of inputdata in remoteconfig 2026-03-13 09:26:11 -04:00
Jarrod Johnson e0951b11a6 Fix filename typo 2026-03-13 08:58:58 -04:00
Jarrod Johnson 1a87701fee Fix ansible running 
Have results available as they happen

change away from stdout, to avoid being stepped on by ansible modules that print to that
 2026-03-09 16:48:42 -04:00
Jarrod Johnson e185f2224f Implement ability for user to kick off confluent ansible runs 
Add nodeapply -A and associated API.

This permits orchestrating plays without touching the nodes directly by the user.
 2026-03-06 16:24:26 -05:00
Jarrod Johnson 74dda48513 Provide helper script for setting up nokia switches 2026-02-23 10:15:55 -05:00
Jarrod Johnson 08b2e1d008 Wire up FDB and LLDP for srlinux 2026-02-18 16:53:12 -05:00
Jarrod Johnson 582842aec8 Add mac and lldp retrieval for SRLinux 2026-02-18 16:16:22 -05:00
Jarrod Johnson 318608cde3 Add draft SRLinux support 
Wire up the non-networking facets of Nokia SR Linux support.

Provide stubs for LLDP and FDB
 2026-02-17 16:13:43 -05:00
Jarrod Johnson 1deb76989e Recognize 1a/2b style enclosure bay in discovery 2026-02-10 17:10:18 -05:00
Jarrod Johnson 480d399f44 Add missing switch member of info with NX switches 2026-02-09 13:17:45 -05:00
Jarrod Johnson 07369667f7 Become incompatible with pysnmp 7.1.16 
The EPEL version of pysnmp is broken, block it from dependecies
 2026-02-06 15:13:46 -05:00
Jarrod Johnson e1d4b72f32 Be less picky about megarac url 
megarac implementations consistently indicate an .xml file, but wildly vary on what it may be.

Broaden recognition.
 2026-02-05 07:57:25 -05:00
Jarrod Johnson 86783a2f12 Fix uninitialized privacy_protocol variable 2026-02-03 07:58:07 -05:00
Jarrod Johnson 99063eb049 Recognize variation in DeviceDescrption.json to see SMM3 2026-02-02 10:17:32 -05:00
Jarrod Johnson 0975bd9e62 Revert "Update some code for async" 
This reverts commit 3058dd4141.
 2026-01-28 15:04:49 -05:00
Jarrod Johnson 3058dd4141 Update some code for async 2026-01-28 14:49:58 -05:00
Jarrod Johnson 99d10896e8 Fix parameter count unpack for accelerated switch interrogation 2026-01-08 17:07:39 -05:00
Jarrod Johnson c196bf9d55 Fix initial startup of a new confluent 
The indexes change failed on a brand new install.
 2025-12-02 14:31:10 -05:00
Markus Hilger ec39de3df0 Add bond alias to team description 2025-11-21 14:16:07 +01:00
Jarrod Johnson 73216fc062 Fix architecture name mismatch 
Confluent went with aarch64 consistent
with EL naming, but Ubuntu used
debian naming, recognize and just
handle that.
 2025-11-18 09:10:30 -05:00
Jarrod Johnson 61b07e0af4 Start index at 1 instead of 0 2025-11-17 12:05:03 -05:00
Jarrod Johnson 53760ab5dd Attribute feature enhancement 
Add expression functions upper, lower, block_number, and block_offset.

Add an 'id.index' auto-attribute to
yield a number for nodes.
 2025-11-17 11:58:04 -05:00
Jarrod Johnson d3e7a49f92 Simplify by recursion 
Use _handle_ast_node to process
everything before the function name in an Attribute call
 2025-11-15 10:32:11 -05:00
Jarrod Johnson 1f688ead28 Implement .replace() for attribute expressions 
Provide an easy to use replace() to allow removing or substiting values
during expression evaluation.
 2025-11-14 17:20:06 -05:00
Jarrod Johnson 6ebb6de107 Allow specifiying SNMP privacy protocol 
Modern SNMP devices may require AES.

Unfortunately, older ones may refuse AES.

For compatibility, continue to default to DES, but
allow AES to be indicated in attributes.
 2025-11-10 10:21:01 -05:00
Jarrod Johnson b07da455c2 Fix SAN generation 
The nameconstraint support missed
a branch, fix this.
 2025-11-07 11:22:12 -05:00
Jarrod Johnson cc9a81103b Do not autosign if the corresponding cryptography is unavailable 
We use cryptography verification, but it's relatively new.

For compatibility, we fall back to fingerprint only.

This is pretty bad when inflicted on
unsuspecting users on autosign,
so skip autosign if cert validation
would break.
 2025-11-04 15:51:22 -05:00
Jarrod Johnson 174d204607 Implement compatibility with newer pysnmp 
For now, terminate the async nature
if newer pysnmp is detected.
 2025-11-04 09:58:11 -05:00
Jarrod Johnson 2826abb7ab Prune excessive leftover ext config files 2025-11-03 14:21:36 -05:00
Jarrod Johnson 5adb5fa780 Automatically sign XCC certificates on discover 
If an XCC doesn't have a 'real' certificate, sign it with the confluent
CA for 47 days.
 2025-11-03 14:02:33 -05:00
Jarrod Johnson 5de063212f Prepare for supporting constrained CA 
If asked to sign using a name constrained CA,
avoid generating a certificate that
would violate those constraints.
 2025-11-03 10:43:34 -05:00
Jarrod Johnson 073f6d1389 Wire up cert signing to nodecertutil 2025-10-31 12:04:27 -04:00
Jarrod Johnson f755ba9f91 Implement method to sign BMC certificates 2025-10-31 10:46:42 -04:00
Jarrod Johnson cf8c01ef13 Merge remote-tracking branch 'lenovo' 2025-10-31 09:48:05 -04:00
Jarrod Johnson 8b12047ae0 Update to handle newer XCC2 firmware 2025-10-31 09:45:59 -04:00
Jarrod Johnson f0a779764d Fix ordering of digest argument 
The digest argument was erroneously inserted between startdate and it's
argument, correct this mistake.
 2025-10-28 15:39:04 -04:00
Jarrod Johnson 0ad7e99efe Only optionally use cryptography verification 
Some supported distributions can't run the newer cryptography.

Make it a feature that only works with newer platforms.
 2025-10-27 08:38:14 -04:00
Jarrod Johnson 24a76612ae Use sha284 hash algorithm 
Some implementations reject sha256 as inadequate if ecdsa has 384 bit keylength. Bring the digest up to match
the key size for the ECDSA.
 2025-10-27 06:41:05 -04:00
Jarrod Johnson 6c9c58f464 Update certutil to prepare for broader usage 
For one, apply more rules from CA/B forum. This includes including KU and EKU extensions, marking basicConstraints critical, and
randomized serial numbers.

Also make the backdate and end date configurable, to allow
for the BMC certs to have a more palatable validity interval.
 2025-10-26 14:57:26 -04:00