Merge branch 'master' into async

confluent_osdeploy/common/profile/scripts/setupssh

@@ -3,6 +3,9 @@
 [ -f /opt/confluent/bin/apiclient ] && confapiclient=/opt/confluent/bin/apiclient
 [ -f /etc/confluent/apiclient ] && confapiclient=/etc/confluent/apiclient
 for pubkey in /etc/ssh/ssh_host*key.pub; do
+    if [ "$pubkey" = /etc/ssh/ssh_host_key.pub ]; then
+        continue
+    fi
     certfile=${pubkey/.pub/-cert.pub}
     rm $certfile
     confluentpython $confapiclient /confluent-api/self/sshcert $pubkey -o $certfile

confluent_server/confluent/discovery/handlers/xcc.py

@@ -388,6 +388,34 @@ class NodeHandler(immhandler.NodeHandler):
             if user['users_user_name'] == '':
                 return user['users_user_id']
 
+    async def create_tmp_account(self, wc):
+        rsp, status = await wc.grab_json_response_with_status('/redfish/v1/AccountService/Accounts')
+        if status != 200:
+            raise Exception("Unable to list current accounts")
+        usednames = set([])
+        tmpnam = '6pmu0ezczzcp'
+        tpass = base64.b64encode(os.urandom(9)).decode() + 'Iw47$'
+        ntpass = base64.b64encode(os.urandom(9)).decode() + 'Iw47$'
+        for acct in rsp.get("Members", []):
+            url = acct.get("@odata.id", None)
+            if url:
+                uinfo = await wc.grab_json_response(url)
+                usednames.add(uinfo.get('UserName', None))
+        if tmpnam in usednames:
+            raise Exception("Tmp account already exists")
+        rsp, status = await wc.grab_json_response_with_status(
+            '/redfish/v1/AccountService/Accounts',
+            {'UserName': tmpnam, 'Password': tpass, 'RoleId': 'Administrator'})
+        if status >= 300:
+            raise Exception("Failure creating tmp account: " + repr(rsp))
+        tmpurl = rsp['@odata.id']
+        wc.set_basic_credentials(tmpnam, tpass)
+        rsp, status = await wc.grab_json_response_with_status(
+            tmpurl, {'Password': ntpass}, method='PATCH')
+        wc.set_basic_credentials(tmpnam, ntpass)
+        return tmpurl
+
+
     async def _setup_xcc_account(self, username, passwd, wc):
         userinfo = await wc.grab_json_response('/api/dataset/imm_users')
         uid = None
@@ -422,6 +450,8 @@ class NodeHandler(immhandler.NodeHandler):
                     await wc.grab_json_response('/api/providers/logout')
                     wc.set_basic_credentials(self._currcreds[0], self._currcreds[1])
                     status = 503
+                    tries = 2
+                    tmpaccount = None
                     while status != 200:
                         rsp, status = await wc.grab_json_response_with_status(
                             '/redfish/v1/AccountService/Accounts/{0}'.format(uid),
@@ -429,9 +459,19 @@ class NodeHandler(immhandler.NodeHandler):
                         if status != 200:
                             rsp = json.loads(rsp)
                             if rsp.get('error', {}).get('code', 'Unknown') in ('Base.1.8.GeneralError', 'Base.1.12.GeneralError', 'Base.1.14.GeneralError'):
-                                await asyncio.sleep(4)
+                                if tries:
+                                    await asyncio.sleep(4)
+                                elif tmpaccount:
+                                    await wc.grab_json_response_with_status(tmpaccount, method='DELETE')
+                                    raise Exception('Failed renaming main account')
+                                else:
+                                    tmpaccount = await self.create_tmp_account(wc)
+                                    tries = 8
                             else:
                                 break
+                    if tmpaccount:
+                        wc.set_basic_credentials(username, passwd)
+                        wc.grab_json_response_with_status(tmpaccount, method='DELETE')
                     self.tmppasswd = None
                     self._currcreds = (username, passwd)
                     return