From 130e3adbc60b495b79b7c3de5be818d9fbe057f6 Mon Sep 17 00:00:00 2001 From: Jarrod Johnson Date: Thu, 12 Aug 2021 14:17:57 -0400 Subject: [PATCH] Add uuid fill-in for pxe when policy allows If permissive or open, and xcc is known, but uuid missing, fill it in. If open or pxe, and can know node through XCC fingerprint, then accetp that as a clue. Also, do not search ethernet switches when xcc cert helps identity. --- confluent_server/confluent/discovery/core.py | 21 ++++++++++++++++--- .../confluent/discovery/protocols/pxe.py | 6 ++++-- 2 files changed, 22 insertions(+), 5 deletions(-) diff --git a/confluent_server/confluent/discovery/core.py b/confluent_server/confluent/discovery/core.py index d1bc65d7..c368a1cf 100644 --- a/confluent_server/confluent/discovery/core.py +++ b/confluent_server/confluent/discovery/core.py @@ -711,13 +711,25 @@ def detected(info): nodename, info['maccount'] = get_nodename(cfg, handler, info) if nodename and handler and handler.https_supported: dp = cfg.get_node_attributes([nodename], - ('pubkeys.tls_hardwaremanager',)) - lastfp = dp.get(nodename, {}).get('pubkeys.tls_hardwaremanager', + ('pubkeys.tls_hardwaremanager', 'id.uuid', 'discovery.policy')) + dp = dp.get(nodename, {}) + lastfp = dp.get('pubkeys.tls_hardwaremanager', {}).get('value', None) if util.cert_matches(lastfp, handler.https_cert): info['nodename'] = nodename known_nodes[nodename][info['hwaddr']] = info info['discostatus'] = 'discovered' + uuid = info.get('uuid', None) + if uuid: + storeuuid = dp.get('id.uuid', {}).get('value', None) + if not storeuuid: + discop = dp.get('discovery.policy', {}).get('value', '') + if discop: + policies = set(discop.split(',')) + else: + policies = set([]) + if policies & {'open', 'permissive'}: + cfg.set_node_attributes({nodename: {'id.uuid': info['uuid']}}) return # already known, no need for more #TODO(jjohnson2): We might have to get UUID for certain searches... #for now defer probe until inside eval_node. We might not have @@ -850,6 +862,9 @@ def get_nodename(cfg, handler, info): if nodename is None: _map_unique_ids() nodename = nodes_by_uuid.get(curruuid, None) + if not nodename and info['handler'] == pxeh: + enrich_pxe_info(info) + nodename = info.get('nodename', None) if not nodename: # Ok, see if it is something with a chassis-uuid and discover by # chassis @@ -1171,7 +1186,7 @@ def discover_node(cfg, handler, info, nodename, manual): pass return True if info['handler'] == pxeh: - olduuid = dp.get(nodename, {}).get('discovery.policy', {}).get( + olduuid = dp.get(nodename, {}).get('id.uuid', {}).get( 'value', None) if olduuid.lower() != info['uuid']: log.log({'info': 'Detected {0}, but discovery.policy is not set to a ' diff --git a/confluent_server/confluent/discovery/protocols/pxe.py b/confluent_server/confluent/discovery/protocols/pxe.py index 49321042..f682d4f4 100644 --- a/confluent_server/confluent/discovery/protocols/pxe.py +++ b/confluent_server/confluent/discovery/protocols/pxe.py @@ -385,7 +385,9 @@ def snoop(handler, protocol=None, nodeguess=None): 'services': (vivso['service-type'],), 'netinfo': {'ifidx': idx, 'recvip': recv, 'txid': txid}, 'attributes': {'enclosure-machinetype-model': [vivso.get('machine', '')]}} - handler(info) + if time.time() > ignoredisco.get(netaddr, 0) + 90: + ignoredisco[netaddr] = time.time() + handler(info) #consider_discover(info, rqinfo, net4, cfg, rqv) continue # We will fill out service to have something to byte into, @@ -396,7 +398,7 @@ def snoop(handler, protocol=None, nodeguess=None): 'netinfo': {'ifidx': idx, 'recvip': recv, 'txid': txid}, 'services': ('pxe-client',)} if (disco['uuid'] - and time.time() > ignoredisco.get(netaddr, 0) + 60): + and time.time() > ignoredisco.get(netaddr, 0) + 90): ignoredisco[netaddr] = time.time() handler(info) consider_discover(info, rqinfo, net4, cfg, rqv, nodeguess)