2
0
mirror of https://github.com/xcat2/xcat-core.git synced 2025-07-24 05:11:12 +00:00

Merge pull request #4528 from whowutwut/doc_updates

Some documentation updates for 2.13.9 release
This commit is contained in:
Yuan Bai
2017-12-15 12:10:43 +08:00
committed by GitHub
9 changed files with 240 additions and 80 deletions

View File

@@ -1,7 +1,7 @@
Q/A list
========
Questions & Answers
===================
.. toctree::
:maxdepth: 2
makehosts_qa.rst
makehosts.rst

View File

@@ -1,10 +1,10 @@
DNS,hostname and alias Q/A list
-------------------------------
DNS, Hostname, Alias
====================
Q: When there are multiple NICs, how to generate ``/etc/hosts`` records?
````````````````````````````````````````````````````````````````````````
------------------------------------------------------------------------
When there are multiple NICs, and you want to use ``confignetwork`` to configure these NICs, suggest to use ``hosts`` table to configure installnic and use ``nics`` table to configure secondary NICs. You can refer to the following best practice example to generate ``/etc/hosts`` records.
When there are multiple NICs, and you want to use ``confignetwork`` to configure these NICs, suggest to use ``hosts`` table to configure the installation NIC (``installnic``) and to use ``nics`` table to configure secondary NICs. Refer to the following example to generate ``/etc/hosts`` records.
**Best practice example**:
@@ -12,7 +12,7 @@ When there are multiple NICs, and you want to use ``confignetwork`` to configure
* ``mgtnetwork`` is xCAT management network
* There are 2 adapters in system node1: ``eth0`` and ``eth1``
* Add installnic ``eth0`` ``10.5.106.101`` record in ``/etc/hosts``, its alias is ``mgtnic``
* hostnames ``node1-pub`` and ``node1.public.com`` are for nic ``eth1``, ip is ``192.168.30.101``
* hostnames ``node1-pub`` and ``node1.public.com`` are for nic ``eth1``, IP is ``192.168.30.101``
**Steps**:
@@ -21,7 +21,7 @@ When there are multiple NICs, and you want to use ``confignetwork`` to configure
chdef -t network mgtnetwork net=10.0.0.0 mask=255.0.0.0 domain=cluster.com
chdef -t network pubnetwork net=192.168.30.0 mask=255.255.255.0 domain=public.com
#. Create ``node1`` with installnic ip ``10.5.106.101``, its alias is ``mgtnic``: ::
#. Create ``node1`` with installnic IP ``10.5.106.101``, its alias is ``mgtnic``: ::
chdef node1 ip=10.5.106.101 hostnames=mgtnic groups=all
@@ -53,21 +53,22 @@ When there are multiple NICs, and you want to use ``confignetwork`` to configure
10.5.106.101 node1 node1.cluster.com mgtnic
192.168.30.101 node1-pub node1.public.com
#. Edit ``/etc/resolv.conf``, xCAT management node ip like ``10.5.106.2`` is nameserver: ::
#. Edit ``/etc/resolv.conf``, xCAT management node IP like ``10.5.106.2`` is nameserver: ::
search cluster.com public.com
nameserver 10.5.106.2
#. Execute ``makedns -n`` to configure DNS
Q: How to configure aliases?
````````````````````````````
----------------------------
There are 3 methods to configure aliases:
#. Use ``hostnames`` in ``hosts`` table to configure aliases for the installnic.
#. If you want to use script ``confignetwork`` to configure secondary NICs, suggest to use ``aliases`` in ``nics`` table to configure aliases, you can refer to :doc:`Configure Aliases <../guides/admin-guides/manage_clusters/common/deployment/network/cfg_network_aliases>`
#. If you want to generate aliases records in ``/etc/hosts`` for secondary NICs, and don't want to use script ``confignetwork`` to configure these NICs, suggest to use ``otherinterfaces`` in ``hosts`` table to configure aliases. You can refer to following example:
#. If you want to use script ``confignetwork`` to configure secondary NICs, suggest to use ``aliases`` in ``nics`` table to configure aliases. Refer to :doc:`Configure Aliases <../guides/admin-guides/manage_clusters/common/deployment/network/cfg_network_aliases>`
#. If you want to generate aliases records in ``/etc/hosts`` for secondary NICs and you don't want to use the script ``confignetwork`` to configure these NICs, suggest to use ``otherinterfaces`` in ``hosts`` table to configure aliases. Refer to following example:
* If you want to add ``node1-hd`` ``20.1.1.1`` in ``hosts`` table, and don't use ``confignetwork`` to configure it, you can add ``otherinterfaces`` like this: ::
@@ -80,7 +81,7 @@ There are 3 methods to configure aliases:
**Note**: If suffixes or aliases for the same IP are configured in both ``hosts`` table and ``nics`` table, will cause conflicts. ``makehosts`` will use values from ``nics`` table. The values from ``nics`` table will over-write that from ``hosts`` table to create ``/etc/hosts`` records.
Q: How to handle the same short hostname in different domains?
``````````````````````````````````````````````````````````````
--------------------------------------------------------------
You can follow the best practice example.
@@ -127,6 +128,6 @@ You can follow the best practice example.
#. Execute ``makedns -n`` to configure DNS
Q: When to use ``hosts`` table and ``nics`` table?
``````````````````````````````````````````````````
--------------------------------------------------
``hosts`` table is used to store IP addresses and hostnames of nodes. ``makehosts`` use these data to create ``/etc/hosts`` records. ``nics`` table is used to stores secondary NICs details. Some scripts like ``confignetwork`` use data from ``nics`` table to configure secondary NICs. ``makehosts`` also use these data to create ``/etc/hosts`` records for each NIC.

View File

@@ -63,7 +63,7 @@ OpenPOWER OpenBMC specific :
\ **rflash**\ \ *noderange*\ \ *tar_file_path*\ {[\ **-c | -**\ **-check**\ ] | [\ **-a | -**\ **-activate**\ ] | [\ **-u | -**\ **-upload**\ ]}
\ **rflash**\ \ *noderange*\ \ *tar_file_directory*\ [\ **-d**\] [\ **--no-host-reboot**\]
\ **rflash**\ \ *noderange*\ \ *tar_file_directory*\ [\ **-d**\ ] [\ **-**\ **-no-host-reboot**\ ]
\ **rflash**\ \ *noderange*\ \ *image_id*\ {[\ **-a | -**\ **-activate**\ ] | [\ **-**\ **-delete**\ ]}
@@ -180,21 +180,24 @@ To apply the firmware level, a reboot is required to BMC and HOST.
\ **Note:**\ When using \ **rflash**\ in hierarchical environment, the .tar file must be accessible from Service Nodes.
\ **-d**\ :
.. code-block:: perl
This option steamlines the update, activate, reboot BMC and reboot HOST procedure. It expects a directory containing both BMC and PNOR .tar files. When BMC and PNOR tar files are provided, the command will upload and activate firmware. After BMC becomes activate, it will reboot BMC. If BMC state is Ready, the command will reboot the HOST. If BMC state is NotReady, the command will exit.
\ **Note:**\ When using \ **--no-host-reboot**\, it will not reboot the host after BMC is reboot.
\ **Note:**\ When using \ **-**\ **-no-host-reboot**\ , it will not reboot the host after BMC is reboot.
\ **-**\ **-delete**\ :
.. code-block:: perl
The delete option will delete update image from BMC. It expects an ID as the input.
This delete option will delete update image from BMC. It expects an ID as the input.
***************
@@ -389,7 +392,7 @@ To apply the firmware level, a reboot is required to BMC and HOST.
.. code-block:: perl
rflash p9euh02 -a /tmp/witherspoon.pnor.squashfs.tar
rflash p9euh02 -a /tmp/witherspoon.pnor.squashfs.tar

View File

@@ -19,7 +19,7 @@ SYNOPSIS
********
\ **pdu Attributes:**\ \ *node*\ , \ *nodetype*\ , \ *outlet*\ , \ *machinetype*\ , \ *modelnum*\ , \ *serialnum*\ , \ *comments*\ , \ *disable*\
\ **pdu Attributes:**\ \ *node*\ , \ *nodetype*\ , \ *pdutype*\ , \ *outlet*\ , \ *username*\ , \ *password*\ , \ *snmpversion*\ , \ *community*\ , \ *snmpuser*\ , \ *authtype*\ , \ *authkey*\ , \ *privtype*\ , \ *privkey*\ , \ *seclevel*\ , \ *comments*\ , \ *disable*\
***********
@@ -48,27 +48,75 @@ pdu Attributes:
\ **pdutype**\
The type of pdu
\ **outlet**\
The pdu outlet count
\ **machinetype**\
\ **username**\
The pdu machine type
The remote login user name
\ **modelnum**\
\ **password**\
The pdu model number
The remote login password
\ **serialnum**\
\ **snmpversion**\
The pdu serial number
The version to use to communicate with switch. SNMPv1 is assumed by default.
\ **community**\
The community string to use for SNMPv1/v2
\ **snmpuser**\
The username to use for SNMPv3 communication, ignored for SNMPv1
\ **authtype**\
The authentication protocol(MD5|SHA) to use for SNMPv3.
\ **authkey**\
The authentication passphrase for SNMPv3
\ **privtype**\
The privacy protocol(AES|DES) to use for SNMPv3.
\ **privkey**\
The privacy passphrase to use for SNMPv3.
\ **seclevel**\
The Security Level(noAuthNoPriv|authNoPriv|authPriv) to use for SNMPv3.

View File

@@ -19,7 +19,7 @@ SYNOPSIS
********
\ **group Attributes:**\ \ *addkcmdline*\ , \ *arch*\ , \ *authdomain*\ , \ *bmc*\ , \ *bmcpassword*\ , \ *bmcport*\ , \ *bmcusername*\ , \ *bmcvlantag*\ , \ *cfgmgr*\ , \ *cfgmgtroles*\ , \ *cfgserver*\ , \ *chain*\ , \ *chassis*\ , \ *cmdmapping*\ , \ *cons*\ , \ *conserver*\ , \ *consoleondemand*\ , \ *consport*\ , \ *cpucount*\ , \ *cputype*\ , \ *currchain*\ , \ *currstate*\ , \ *dhcpinterfaces*\ , \ *disksize*\ , \ *displayname*\ , \ *dockercpus*\ , \ *dockerflag*\ , \ *dockerhost*\ , \ *dockermemory*\ , \ *dockernics*\ , \ *domainadminpassword*\ , \ *domainadminuser*\ , \ *domaintype*\ , \ *getmac*\ , \ *groupname*\ , \ *grouptype*\ , \ *hcp*\ , \ *height*\ , \ *hostcluster*\ , \ *hostinterface*\ , \ *hostmanager*\ , \ *hostnames*\ , \ *hosttype*\ , \ *hwtype*\ , \ *id*\ , \ *initrd*\ , \ *installnic*\ , \ *interface*\ , \ *ip*\ , \ *iscsipassword*\ , \ *iscsiserver*\ , \ *iscsitarget*\ , \ *iscsiuserid*\ , \ *kcmdline*\ , \ *kernel*\ , \ *linkports*\ , \ *mac*\ , \ *machinetype*\ , \ *membergroups*\ , \ *members*\ , \ *memory*\ , \ *mgt*\ , \ *micbridge*\ , \ *michost*\ , \ *micid*\ , \ *miconboot*\ , \ *micpowermgt*\ , \ *micvlog*\ , \ *migrationdest*\ , \ *modelnum*\ , \ *monserver*\ , \ *mpa*\ , \ *mtm*\ , \ *nameservers*\ , \ *netboot*\ , \ *nfsdir*\ , \ *nfsserver*\ , \ *nicaliases*\ , \ *niccustomscripts*\ , \ *nicdevices*\ , \ *nicextraparams*\ , \ *nichostnameprefixes*\ , \ *nichostnamesuffixes*\ , \ *nicips*\ , \ *nicnetworks*\ , \ *nicsadapter*\ , \ *nictypes*\ , \ *nimserver*\ , \ *nodetype*\ , \ *ondiscover*\ , \ *os*\ , \ *osvolume*\ , \ *otherinterfaces*\ , \ *ou*\ , \ *outlet*\ , \ *parent*\ , \ *passwd.HMC*\ , \ *passwd.admin*\ , \ *passwd.celogin*\ , \ *passwd.general*\ , \ *passwd.hscroot*\ , \ *password*\ , \ *pdu*\ , \ *postbootscripts*\ , \ *postscripts*\ , \ *power*\ , \ *pprofile*\ , \ *prescripts-begin*\ , \ *prescripts-end*\ , \ *primarynic*\ , \ *productkey*\ , \ *profile*\ , \ *protocol*\ , \ *provmethod*\ , \ *rack*\ , \ *room*\ , \ *routenames*\ , \ *serial*\ , \ *serialflow*\ , \ *serialnum*\ , \ *serialport*\ , \ *serialspeed*\ , \ *servicenode*\ , \ *setupconserver*\ , \ *setupdhcp*\ , \ *setupftp*\ , \ *setupipforward*\ , \ *setupldap*\ , \ *setupnameserver*\ , \ *setupnfs*\ , \ *setupnim*\ , \ *setupntp*\ , \ *setupproxydhcp*\ , \ *setuptftp*\ , \ *sfp*\ , \ *side*\ , \ *slot*\ , \ *slotid*\ , \ *slots*\ , \ *snmpauth*\ , \ *snmppassword*\ , \ *snmpprivacy*\ , \ *snmpusername*\ , \ *snmpversion*\ , \ *storagcontroller*\ , \ *storagetype*\ , \ *supernode*\ , \ *supportedarchs*\ , \ *supportproxydhcp*\ , \ *switch*\ , \ *switchinterface*\ , \ *switchport*\ , \ *switchtype*\ , \ *switchvlan*\ , \ *syslog*\ , \ *termport*\ , \ *termserver*\ , \ *tftpdir*\ , \ *tftpserver*\ , \ *unit*\ , \ *urlpath*\ , \ *usercomment*\ , \ *userid*\ , \ *username*\ , \ *vmbeacon*\ , \ *vmbootorder*\ , \ *vmcfgstore*\ , \ *vmcluster*\ , \ *vmcpus*\ , \ *vmhost*\ , \ *vmmanager*\ , \ *vmmaster*\ , \ *vmmemory*\ , \ *vmnicnicmodel*\ , \ *vmnics*\ , \ *vmothersetting*\ , \ *vmphyslots*\ , \ *vmstorage*\ , \ *vmstoragecache*\ , \ *vmstorageformat*\ , \ *vmstoragemodel*\ , \ *vmtextconsole*\ , \ *vmvirtflags*\ , \ *vmvncport*\ , \ *webport*\ , \ *wherevals*\ , \ *xcatmaster*\
\ **group Attributes:**\ \ *addkcmdline*\ , \ *arch*\ , \ *authdomain*\ , \ *authkey*\ , \ *authtype*\ , \ *bmc*\ , \ *bmcpassword*\ , \ *bmcport*\ , \ *bmcusername*\ , \ *bmcvlantag*\ , \ *cfgmgr*\ , \ *cfgmgtroles*\ , \ *cfgserver*\ , \ *chain*\ , \ *chassis*\ , \ *cmdmapping*\ , \ *community*\ , \ *cons*\ , \ *conserver*\ , \ *consoleondemand*\ , \ *consport*\ , \ *cpucount*\ , \ *cputype*\ , \ *currchain*\ , \ *currstate*\ , \ *dhcpinterfaces*\ , \ *disksize*\ , \ *displayname*\ , \ *dockercpus*\ , \ *dockerflag*\ , \ *dockerhost*\ , \ *dockermemory*\ , \ *dockernics*\ , \ *domainadminpassword*\ , \ *domainadminuser*\ , \ *domaintype*\ , \ *getmac*\ , \ *groupname*\ , \ *grouptype*\ , \ *hcp*\ , \ *height*\ , \ *hostcluster*\ , \ *hostinterface*\ , \ *hostmanager*\ , \ *hostnames*\ , \ *hosttype*\ , \ *hwtype*\ , \ *id*\ , \ *initrd*\ , \ *installnic*\ , \ *interface*\ , \ *ip*\ , \ *iscsipassword*\ , \ *iscsiserver*\ , \ *iscsitarget*\ , \ *iscsiuserid*\ , \ *kcmdline*\ , \ *kernel*\ , \ *linkports*\ , \ *mac*\ , \ *membergroups*\ , \ *members*\ , \ *memory*\ , \ *mgt*\ , \ *micbridge*\ , \ *michost*\ , \ *micid*\ , \ *miconboot*\ , \ *micpowermgt*\ , \ *micvlog*\ , \ *migrationdest*\ , \ *monserver*\ , \ *mpa*\ , \ *mtm*\ , \ *nameservers*\ , \ *netboot*\ , \ *nfsdir*\ , \ *nfsserver*\ , \ *nicaliases*\ , \ *niccustomscripts*\ , \ *nicdevices*\ , \ *nicextraparams*\ , \ *nichostnameprefixes*\ , \ *nichostnamesuffixes*\ , \ *nicips*\ , \ *nicnetworks*\ , \ *nicsadapter*\ , \ *nictypes*\ , \ *nimserver*\ , \ *nodetype*\ , \ *ondiscover*\ , \ *os*\ , \ *osvolume*\ , \ *otherinterfaces*\ , \ *ou*\ , \ *outlet*\ , \ *parent*\ , \ *passwd.HMC*\ , \ *passwd.admin*\ , \ *passwd.celogin*\ , \ *passwd.general*\ , \ *passwd.hscroot*\ , \ *password*\ , \ *pdu*\ , \ *pdutype*\ , \ *postbootscripts*\ , \ *postscripts*\ , \ *power*\ , \ *pprofile*\ , \ *prescripts-begin*\ , \ *prescripts-end*\ , \ *primarynic*\ , \ *privkey*\ , \ *privtype*\ , \ *productkey*\ , \ *profile*\ , \ *protocol*\ , \ *provmethod*\ , \ *rack*\ , \ *room*\ , \ *routenames*\ , \ *seclevel*\ , \ *serial*\ , \ *serialflow*\ , \ *serialport*\ , \ *serialspeed*\ , \ *servicenode*\ , \ *setupconserver*\ , \ *setupdhcp*\ , \ *setupftp*\ , \ *setupipforward*\ , \ *setupldap*\ , \ *setupnameserver*\ , \ *setupnfs*\ , \ *setupnim*\ , \ *setupntp*\ , \ *setupproxydhcp*\ , \ *setuptftp*\ , \ *sfp*\ , \ *side*\ , \ *slot*\ , \ *slotid*\ , \ *slots*\ , \ *snmpauth*\ , \ *snmppassword*\ , \ *snmpprivacy*\ , \ *snmpuser*\ , \ *snmpusername*\ , \ *snmpversion*\ , \ *storagcontroller*\ , \ *storagetype*\ , \ *supernode*\ , \ *supportedarchs*\ , \ *supportproxydhcp*\ , \ *switch*\ , \ *switchinterface*\ , \ *switchport*\ , \ *switchtype*\ , \ *switchvlan*\ , \ *syslog*\ , \ *termport*\ , \ *termserver*\ , \ *tftpdir*\ , \ *tftpserver*\ , \ *unit*\ , \ *urlpath*\ , \ *usercomment*\ , \ *userid*\ , \ *username*\ , \ *vmbeacon*\ , \ *vmbootorder*\ , \ *vmcfgstore*\ , \ *vmcluster*\ , \ *vmcpus*\ , \ *vmhost*\ , \ *vmmanager*\ , \ *vmmaster*\ , \ *vmmemory*\ , \ *vmnicnicmodel*\ , \ *vmnics*\ , \ *vmothersetting*\ , \ *vmphyslots*\ , \ *vmstorage*\ , \ *vmstoragecache*\ , \ *vmstorageformat*\ , \ *vmstoragemodel*\ , \ *vmtextconsole*\ , \ *vmvirtflags*\ , \ *vmvncport*\ , \ *webport*\ , \ *wherevals*\ , \ *xcatmaster*\
***********
@@ -57,6 +57,18 @@ group Attributes:
\ **authkey**\ (pdu.authkey)
The authentication passphrase for SNMPv3
\ **authtype**\ (pdu.authtype)
The authentication protocol(MD5|SHA) to use for SNMPv3.
\ **bmc**\ (ipmi.bmc, openbmc.bmc)
The hostname of the BMC adapter.
@@ -179,6 +191,12 @@ group Attributes:
\ **community**\ (pdu.community)
The community string to use for SNMPv1/v2
\ **cons**\ (nodehm.cons)
The console method. If nodehm.serialport is set, this will default to the nodehm.mgt setting, otherwise it defaults to unused. Valid values: cyclades, mrv, or the values valid for the mgt attribute.
@@ -457,12 +475,6 @@ group Attributes:
\ **machinetype**\ (pdu.machinetype)
The pdu machine type
\ **membergroups**\ (nodegroup.membergroups)
This attribute stores a comma-separated list of nodegroups that this nodegroup refers to. This attribute is only used by PCM.
@@ -529,12 +541,6 @@ group Attributes:
\ **modelnum**\ (pdu.modelnum)
The pdu model number
\ **monserver**\ (noderes.monserver)
The monitoring aggregation point for this node. The format is "x,y" where x is the ip address as known by the management node and y is the ip address as known by the node.
@@ -780,7 +786,7 @@ group Attributes:
\ **password**\ (ppchcp.password, mpa.password, websrv.password, switches.sshpassword)
\ **password**\ (ppchcp.password, mpa.password, websrv.password, pdu.password, switches.sshpassword)
Password of the HMC or IVM. If not filled in, xCAT will look in the passwd table for key=hmc or key=ivm. If not in the passwd table, the default used is abc123 for HMCs and padmin for IVMs.
@@ -794,6 +800,10 @@ group Attributes:
or
The remote login password
or
The remote login password. It can be for ssh or telnet. If it is for telnet, set protocol to "telnet". If the sshusername is blank, the username, password and protocol will be retrieved from the passwd table with "switch" as the key.
@@ -804,6 +814,12 @@ group Attributes:
\ **pdutype**\ (pdu.pdutype)
The type of pdu
\ **postbootscripts**\ (postscripts.postbootscripts)
Comma separated list of scripts that should be run on this node after diskful installation or diskless boot. Each script can take zero or more parameters. For example: "script1 p1 p2,script2,...". On AIX these scripts are run during the processing of /etc/inittab. On Linux they are run at the init.d time. xCAT automatically adds the scripts in the xcatdefaults.postbootscripts attribute to run first in the list. Please note that the postbootscripts specified for "xcatdefaults" will be assigned to node automatically, they can not be removed from "postbootscripts" attribute of a node with "chdef -m" command
@@ -867,6 +883,18 @@ group Attributes:
\ **privkey**\ (pdu.privkey)
The privacy passphrase to use for SNMPv3.
\ **privtype**\ (pdu.privtype)
The privacy protocol(AES|DES) to use for SNMPv3.
\ **productkey**\ (prodkey.key)
The product key relevant to the aforementioned node/group and product combination
@@ -909,6 +937,12 @@ group Attributes:
\ **seclevel**\ (pdu.seclevel)
The Security Level(noAuthNoPriv|authNoPriv|authPriv) to use for SNMPv3.
\ **serial**\ (vpd.serial)
The serial number of the node.
@@ -921,12 +955,6 @@ group Attributes:
\ **serialnum**\ (pdu.serialnum)
The pdu serial number
\ **serialport**\ (nodehm.serialport)
The serial port for this node, in the linux numbering style (0=COM1/ttyS0, 1=COM2/ttyS1). For SOL on IBM blades, this is typically 1. For rackmount IBM servers, this is typically 0.
@@ -1067,13 +1095,23 @@ group Attributes:
\ **snmpuser**\ (pdu.snmpuser)
The username to use for SNMPv3 communication, ignored for SNMPv1
\ **snmpusername**\ (switches.username)
The username to use for SNMPv3 communication, ignored for SNMPv1
\ **snmpversion**\ (switches.snmpversion)
\ **snmpversion**\ (pdu.snmpversion, switches.snmpversion)
The version to use to communicate with switch. SNMPv1 is assumed by default.
or
The version to use to communicate with switch. SNMPv1 is assumed by default.
@@ -1195,7 +1233,7 @@ group Attributes:
\ **username**\ (ppchcp.username, mpa.username, websrv.username, switches.sshusername)
\ **username**\ (ppchcp.username, mpa.username, websrv.username, pdu.username, switches.sshusername)
Userid of the HMC or IVM. If not filled in, xCAT will look in the passwd table for key=hmc or key=ivm. If not in the passwd table, the default used is hscroot for HMCs and padmin for IVMs.
@@ -1209,6 +1247,10 @@ group Attributes:
or
The remote login user name
or
The remote login user name. It can be for ssh or telnet. If it is for telnet, set protocol to "telnet". If the sshusername is blank, the username, password and protocol will be retrieved from the passwd table with "switch" as the key.

View File

@@ -19,7 +19,7 @@ SYNOPSIS
********
\ **node Attributes:**\ \ *addkcmdline*\ , \ *appstatus*\ , \ *appstatustime*\ , \ *arch*\ , \ *authdomain*\ , \ *bmc*\ , \ *bmcpassword*\ , \ *bmcport*\ , \ *bmcusername*\ , \ *bmcvlantag*\ , \ *cfgmgr*\ , \ *cfgmgtroles*\ , \ *cfgserver*\ , \ *chain*\ , \ *chassis*\ , \ *cmdmapping*\ , \ *cons*\ , \ *conserver*\ , \ *consoleondemand*\ , \ *consport*\ , \ *cpucount*\ , \ *cputype*\ , \ *currchain*\ , \ *currstate*\ , \ *dhcpinterfaces*\ , \ *disksize*\ , \ *displayname*\ , \ *dockercpus*\ , \ *dockerflag*\ , \ *dockerhost*\ , \ *dockermemory*\ , \ *dockernics*\ , \ *domainadminpassword*\ , \ *domainadminuser*\ , \ *domaintype*\ , \ *getmac*\ , \ *groups*\ , \ *hcp*\ , \ *height*\ , \ *hidden*\ , \ *hostcluster*\ , \ *hostinterface*\ , \ *hostmanager*\ , \ *hostnames*\ , \ *hosttype*\ , \ *hwtype*\ , \ *id*\ , \ *initrd*\ , \ *installnic*\ , \ *interface*\ , \ *ip*\ , \ *iscsipassword*\ , \ *iscsiserver*\ , \ *iscsitarget*\ , \ *iscsiuserid*\ , \ *kcmdline*\ , \ *kernel*\ , \ *linkports*\ , \ *mac*\ , \ *machinetype*\ , \ *memory*\ , \ *mgt*\ , \ *micbridge*\ , \ *michost*\ , \ *micid*\ , \ *miconboot*\ , \ *micpowermgt*\ , \ *micvlog*\ , \ *migrationdest*\ , \ *modelnum*\ , \ *monserver*\ , \ *mpa*\ , \ *mtm*\ , \ *nameservers*\ , \ *netboot*\ , \ *nfsdir*\ , \ *nfsserver*\ , \ *nicaliases*\ , \ *niccustomscripts*\ , \ *nicdevices*\ , \ *nicextraparams*\ , \ *nichostnameprefixes*\ , \ *nichostnamesuffixes*\ , \ *nicips*\ , \ *nicnetworks*\ , \ *nicsadapter*\ , \ *nictypes*\ , \ *nimserver*\ , \ *node*\ , \ *nodetype*\ , \ *ondiscover*\ , \ *os*\ , \ *osvolume*\ , \ *otherinterfaces*\ , \ *ou*\ , \ *outlet*\ , \ *parent*\ , \ *passwd.HMC*\ , \ *passwd.admin*\ , \ *passwd.celogin*\ , \ *passwd.general*\ , \ *passwd.hscroot*\ , \ *password*\ , \ *pdu*\ , \ *postbootscripts*\ , \ *postscripts*\ , \ *power*\ , \ *pprofile*\ , \ *prescripts-begin*\ , \ *prescripts-end*\ , \ *primarynic*\ , \ *primarysn*\ , \ *productkey*\ , \ *profile*\ , \ *protocol*\ , \ *provmethod*\ , \ *rack*\ , \ *room*\ , \ *routenames*\ , \ *serial*\ , \ *serialflow*\ , \ *serialnum*\ , \ *serialport*\ , \ *serialspeed*\ , \ *servicenode*\ , \ *setupconserver*\ , \ *setupdhcp*\ , \ *setupftp*\ , \ *setupipforward*\ , \ *setupldap*\ , \ *setupnameserver*\ , \ *setupnfs*\ , \ *setupnim*\ , \ *setupntp*\ , \ *setupproxydhcp*\ , \ *setuptftp*\ , \ *sfp*\ , \ *side*\ , \ *slot*\ , \ *slotid*\ , \ *slots*\ , \ *snmpauth*\ , \ *snmppassword*\ , \ *snmpprivacy*\ , \ *snmpusername*\ , \ *snmpversion*\ , \ *status*\ , \ *statustime*\ , \ *storagcontroller*\ , \ *storagetype*\ , \ *supernode*\ , \ *supportedarchs*\ , \ *supportproxydhcp*\ , \ *switch*\ , \ *switchinterface*\ , \ *switchport*\ , \ *switchtype*\ , \ *switchvlan*\ , \ *syslog*\ , \ *termport*\ , \ *termserver*\ , \ *tftpdir*\ , \ *tftpserver*\ , \ *unit*\ , \ *updatestatus*\ , \ *updatestatustime*\ , \ *urlpath*\ , \ *usercomment*\ , \ *userid*\ , \ *username*\ , \ *vmbeacon*\ , \ *vmbootorder*\ , \ *vmcfgstore*\ , \ *vmcluster*\ , \ *vmcpus*\ , \ *vmhost*\ , \ *vmmanager*\ , \ *vmmaster*\ , \ *vmmemory*\ , \ *vmnicnicmodel*\ , \ *vmnics*\ , \ *vmothersetting*\ , \ *vmphyslots*\ , \ *vmstorage*\ , \ *vmstoragecache*\ , \ *vmstorageformat*\ , \ *vmstoragemodel*\ , \ *vmtextconsole*\ , \ *vmvirtflags*\ , \ *vmvncport*\ , \ *webport*\ , \ *xcatmaster*\ , \ *zonename*\
\ **node Attributes:**\ \ *addkcmdline*\ , \ *appstatus*\ , \ *appstatustime*\ , \ *arch*\ , \ *authdomain*\ , \ *authkey*\ , \ *authtype*\ , \ *bmc*\ , \ *bmcpassword*\ , \ *bmcport*\ , \ *bmcusername*\ , \ *bmcvlantag*\ , \ *cfgmgr*\ , \ *cfgmgtroles*\ , \ *cfgserver*\ , \ *chain*\ , \ *chassis*\ , \ *cmdmapping*\ , \ *community*\ , \ *cons*\ , \ *conserver*\ , \ *consoleondemand*\ , \ *consport*\ , \ *cpucount*\ , \ *cputype*\ , \ *currchain*\ , \ *currstate*\ , \ *dhcpinterfaces*\ , \ *disksize*\ , \ *displayname*\ , \ *dockercpus*\ , \ *dockerflag*\ , \ *dockerhost*\ , \ *dockermemory*\ , \ *dockernics*\ , \ *domainadminpassword*\ , \ *domainadminuser*\ , \ *domaintype*\ , \ *getmac*\ , \ *groups*\ , \ *hcp*\ , \ *height*\ , \ *hidden*\ , \ *hostcluster*\ , \ *hostinterface*\ , \ *hostmanager*\ , \ *hostnames*\ , \ *hosttype*\ , \ *hwtype*\ , \ *id*\ , \ *initrd*\ , \ *installnic*\ , \ *interface*\ , \ *ip*\ , \ *iscsipassword*\ , \ *iscsiserver*\ , \ *iscsitarget*\ , \ *iscsiuserid*\ , \ *kcmdline*\ , \ *kernel*\ , \ *linkports*\ , \ *mac*\ , \ *memory*\ , \ *mgt*\ , \ *micbridge*\ , \ *michost*\ , \ *micid*\ , \ *miconboot*\ , \ *micpowermgt*\ , \ *micvlog*\ , \ *migrationdest*\ , \ *monserver*\ , \ *mpa*\ , \ *mtm*\ , \ *nameservers*\ , \ *netboot*\ , \ *nfsdir*\ , \ *nfsserver*\ , \ *nicaliases*\ , \ *niccustomscripts*\ , \ *nicdevices*\ , \ *nicextraparams*\ , \ *nichostnameprefixes*\ , \ *nichostnamesuffixes*\ , \ *nicips*\ , \ *nicnetworks*\ , \ *nicsadapter*\ , \ *nictypes*\ , \ *nimserver*\ , \ *node*\ , \ *nodetype*\ , \ *ondiscover*\ , \ *os*\ , \ *osvolume*\ , \ *otherinterfaces*\ , \ *ou*\ , \ *outlet*\ , \ *parent*\ , \ *passwd.HMC*\ , \ *passwd.admin*\ , \ *passwd.celogin*\ , \ *passwd.general*\ , \ *passwd.hscroot*\ , \ *password*\ , \ *pdu*\ , \ *pdutype*\ , \ *postbootscripts*\ , \ *postscripts*\ , \ *power*\ , \ *pprofile*\ , \ *prescripts-begin*\ , \ *prescripts-end*\ , \ *primarynic*\ , \ *primarysn*\ , \ *privkey*\ , \ *privtype*\ , \ *productkey*\ , \ *profile*\ , \ *protocol*\ , \ *provmethod*\ , \ *rack*\ , \ *room*\ , \ *routenames*\ , \ *seclevel*\ , \ *serial*\ , \ *serialflow*\ , \ *serialport*\ , \ *serialspeed*\ , \ *servicenode*\ , \ *setupconserver*\ , \ *setupdhcp*\ , \ *setupftp*\ , \ *setupipforward*\ , \ *setupldap*\ , \ *setupnameserver*\ , \ *setupnfs*\ , \ *setupnim*\ , \ *setupntp*\ , \ *setupproxydhcp*\ , \ *setuptftp*\ , \ *sfp*\ , \ *side*\ , \ *slot*\ , \ *slotid*\ , \ *slots*\ , \ *snmpauth*\ , \ *snmppassword*\ , \ *snmpprivacy*\ , \ *snmpuser*\ , \ *snmpusername*\ , \ *snmpversion*\ , \ *status*\ , \ *statustime*\ , \ *storagcontroller*\ , \ *storagetype*\ , \ *supernode*\ , \ *supportedarchs*\ , \ *supportproxydhcp*\ , \ *switch*\ , \ *switchinterface*\ , \ *switchport*\ , \ *switchtype*\ , \ *switchvlan*\ , \ *syslog*\ , \ *termport*\ , \ *termserver*\ , \ *tftpdir*\ , \ *tftpserver*\ , \ *unit*\ , \ *updatestatus*\ , \ *updatestatustime*\ , \ *urlpath*\ , \ *usercomment*\ , \ *userid*\ , \ *username*\ , \ *vmbeacon*\ , \ *vmbootorder*\ , \ *vmcfgstore*\ , \ *vmcluster*\ , \ *vmcpus*\ , \ *vmhost*\ , \ *vmmanager*\ , \ *vmmaster*\ , \ *vmmemory*\ , \ *vmnicnicmodel*\ , \ *vmnics*\ , \ *vmothersetting*\ , \ *vmphyslots*\ , \ *vmstorage*\ , \ *vmstoragecache*\ , \ *vmstorageformat*\ , \ *vmstoragemodel*\ , \ *vmtextconsole*\ , \ *vmvirtflags*\ , \ *vmvncport*\ , \ *webport*\ , \ *xcatmaster*\ , \ *zonename*\
***********
@@ -69,6 +69,18 @@ node Attributes:
\ **authkey**\ (pdu.authkey)
The authentication passphrase for SNMPv3
\ **authtype**\ (pdu.authtype)
The authentication protocol(MD5|SHA) to use for SNMPv3.
\ **bmc**\ (ipmi.bmc, openbmc.bmc)
The hostname of the BMC adapter.
@@ -191,6 +203,12 @@ node Attributes:
\ **community**\ (pdu.community)
The community string to use for SNMPv1/v2
\ **cons**\ (nodehm.cons)
The console method. If nodehm.serialport is set, this will default to the nodehm.mgt setting, otherwise it defaults to unused. Valid values: cyclades, mrv, or the values valid for the mgt attribute.
@@ -469,12 +487,6 @@ node Attributes:
\ **machinetype**\ (pdu.machinetype)
The pdu machine type
\ **memory**\ (hwinv.memory)
The size of the memory for the node in MB.
@@ -529,12 +541,6 @@ node Attributes:
\ **modelnum**\ (pdu.modelnum)
The pdu model number
\ **monserver**\ (noderes.monserver)
The monitoring aggregation point for this node. The format is "x,y" where x is the ip address as known by the management node and y is the ip address as known by the node.
@@ -786,7 +792,7 @@ node Attributes:
\ **password**\ (ppchcp.password, mpa.password, websrv.password, switches.sshpassword)
\ **password**\ (ppchcp.password, mpa.password, websrv.password, pdu.password, switches.sshpassword)
Password of the HMC or IVM. If not filled in, xCAT will look in the passwd table for key=hmc or key=ivm. If not in the passwd table, the default used is abc123 for HMCs and padmin for IVMs.
@@ -800,6 +806,10 @@ node Attributes:
or
The remote login password
or
The remote login password. It can be for ssh or telnet. If it is for telnet, set protocol to "telnet". If the sshusername is blank, the username, password and protocol will be retrieved from the passwd table with "switch" as the key.
@@ -810,6 +820,12 @@ node Attributes:
\ **pdutype**\ (pdu.pdutype)
The type of pdu
\ **postbootscripts**\ (postscripts.postbootscripts)
Comma separated list of scripts that should be run on this node after diskful installation or diskless boot. Each script can take zero or more parameters. For example: "script1 p1 p2,script2,...". On AIX these scripts are run during the processing of /etc/inittab. On Linux they are run at the init.d time. xCAT automatically adds the scripts in the xcatdefaults.postbootscripts attribute to run first in the list. Please note that the postbootscripts specified for "xcatdefaults" will be assigned to node automatically, they can not be removed from "postbootscripts" attribute of a node with "chdef -m" command
@@ -879,6 +895,18 @@ node Attributes:
\ **privkey**\ (pdu.privkey)
The privacy passphrase to use for SNMPv3.
\ **privtype**\ (pdu.privtype)
The privacy protocol(AES|DES) to use for SNMPv3.
\ **productkey**\ (prodkey.key)
The product key relevant to the aforementioned node/group and product combination
@@ -921,6 +949,12 @@ node Attributes:
\ **seclevel**\ (pdu.seclevel)
The Security Level(noAuthNoPriv|authNoPriv|authPriv) to use for SNMPv3.
\ **serial**\ (vpd.serial)
The serial number of the node.
@@ -933,12 +967,6 @@ node Attributes:
\ **serialnum**\ (pdu.serialnum)
The pdu serial number
\ **serialport**\ (nodehm.serialport)
The serial port for this node, in the linux numbering style (0=COM1/ttyS0, 1=COM2/ttyS1). For SOL on IBM blades, this is typically 1. For rackmount IBM servers, this is typically 0.
@@ -1079,13 +1107,23 @@ node Attributes:
\ **snmpuser**\ (pdu.snmpuser)
The username to use for SNMPv3 communication, ignored for SNMPv1
\ **snmpusername**\ (switches.username)
The username to use for SNMPv3 communication, ignored for SNMPv1
\ **snmpversion**\ (switches.snmpversion)
\ **snmpversion**\ (pdu.snmpversion, switches.snmpversion)
The version to use to communicate with switch. SNMPv1 is assumed by default.
or
The version to use to communicate with switch. SNMPv1 is assumed by default.
@@ -1231,7 +1269,7 @@ node Attributes:
\ **username**\ (ppchcp.username, mpa.username, websrv.username, switches.sshusername)
\ **username**\ (ppchcp.username, mpa.username, websrv.username, pdu.username, switches.sshusername)
Userid of the HMC or IVM. If not filled in, xCAT will look in the passwd table for key=hmc or key=ivm. If not in the passwd table, the default used is hscroot for HMCs and padmin for IVMs.
@@ -1245,6 +1283,10 @@ node Attributes:
or
The remote login user name
or
The remote login user name. It can be for ssh or telnet. If it is for telnet, set protocol to "telnet". If the sshusername is blank, the username, password and protocol will be retrieved from the passwd table with "switch" as the key.

View File

@@ -40,15 +40,11 @@ pdu Attributes:
\ **machinetype**\ (pdu.machinetype)
The pdu machine type
\ **modelnum**\ (pdu.modelnum)
The pdu model number
\ **node**\ (pdu.node)
@@ -70,9 +66,7 @@ pdu Attributes:
\ **serialnum**\ (pdu.serialnum)
The pdu serial number

View File

@@ -0,0 +1,29 @@
2017-12-12 - TLS Vulnerabilities
================================
*Dec 12, 2017*, TLS implementations may disclose side channel information via discrepencies between valid and invalid PKCS#1 padding
Advisory CVEs
-------------
* CWE-203 - http://cwe.mitre.org/data/definitions/203.html
Summary
-------
Transport Layer Security (TLS) is a mechanism for a security transport over network connections, and is defined in RFC 5246. TLS may utilize RSA cryptography to secure the connection, and section 7.4.7 describes how client and server may exchange keys. Implementations that don't closely follow the descriptions in RFC 5246 may leak information to an attacker when they handle PKCS #1 v1.5 padding errors in ways that lets the attacker distinguish between valid and invalid messages. An attacker may utilize discrepancies in TLS error messages to obtain the pre-master secret key private RSA key used by TLS to decrypt sensitive data. This type of attack has become known as a Bleichenbacher attack. CERT/CC previously published CERT Advisory CA-1998-07 for this type of attack.
Action
------
Consider the following recommended actions:
1. Disable TLS RSA
2. Apply an update (if available)
xCAT uses OpenSSL for client-server communication but **does not** ship it.
It is highly recommended to keep your OpenSSL levels up-to-date. Obtain the updated software packages from your Operating system distribution channels.

View File

@@ -4,6 +4,7 @@
.. toctree::
:maxdepth: 1
20171212_tls.rst
20170828_openssl.rst
20170216_openssl.rst
20170126_openssl.rst