From 8787d23b3a0bf6e6b86fb9d7ac0c2ffbb80b51e8 Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Fri, 17 Aug 2018 10:59:50 -0400
Subject: [PATCH 1/3] Add advanced to API for system configuration.

pyghmi makes hiding optional advanced settings.
---
 confluent_server/confluent/core.py                         | 4 ++++
 .../confluent/plugins/hardwaremanagement/ipmi.py           | 7 +++++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/confluent_server/confluent/core.py b/confluent_server/confluent/core.py
index 576c23f8..11e791db 100644
--- a/confluent_server/confluent/core.py
+++ b/confluent_server/confluent/core.py
@@ -201,6 +201,10 @@ def _init_core():
                     'pluginattrs': ['hardwaremanagement.method'],
                     'default': 'ipmi',
                 }),
+                'advanced': PluginRoute({
+                    'pluginattrs': ['hardwaremanagement.method'],
+                    'default': 'ipmi',
+                }),
             },
         },
         '_console': {
diff --git a/confluent_server/confluent/plugins/hardwaremanagement/ipmi.py b/confluent_server/confluent/plugins/hardwaremanagement/ipmi.py
index 630ed598..beb2a9cc 100644
--- a/confluent_server/confluent/plugins/hardwaremanagement/ipmi.py
+++ b/confluent_server/confluent/plugins/hardwaremanagement/ipmi.py
@@ -533,6 +533,8 @@ class IpmiHandler(object):
             return self.handle_ntp()
         elif self.element[1:3] == ['system', 'all']:
             return self.handle_sysconfig()
+        elif self.element[1:3] == ['system', 'advanced']:
+            return self.handle_sysconfig(True)
         raise Exception('Not implemented')
 
     def decode_alert(self):
@@ -1025,10 +1027,11 @@ class IpmiHandler(object):
             self.ipmicmd.set_domain_name(dn)
             return
 
-    def handle_sysconfig(self):
+    def handle_sysconfig(self, advanced=False):
         if 'read' == self.op:
             self.output.put(msg.ConfigSet(
-                self.node, self.ipmicmd.get_system_configuration()))
+                self.node, self.ipmicmd.get_system_configuration(
+                    hideadvanced=not advanced)))
         elif 'update' == self.op:
             self.ipmicmd.set_system_configuration(
                 self.inputdata.get_attributes(self.node))

From 319fec2145544f09924a7d4d87041998b20819ba Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Fri, 17 Aug 2018 11:16:11 -0400
Subject: [PATCH 2/3] Add advanced to nodeconfig

---
 confluent_client/bin/nodeconfig | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/confluent_client/bin/nodeconfig b/confluent_client/bin/nodeconfig
index 07f6431f..e6f46e35 100755
--- a/confluent_client/bin/nodeconfig
+++ b/confluent_client/bin/nodeconfig
@@ -55,6 +55,11 @@ argparser.add_option('-x', '--exclude', dest='exclude',
                      action='store_true', default=False,
                      help='Treat positional arguments as items to not '
                           'examine, compare, or restore default')
+argparser.add_option('-a', '--advanced', dest='advanced',
+                     action='store_true', default=False,
+                     help='Include advanced settings, which are normally not '
+                          'intended to be used without direction from the '
+                          'relevant server vendor.')
 (options, args) = argparser.parse_args()
 
 cfgpaths = {
@@ -209,7 +214,11 @@ else:
     if printsys or options.exclude:
         if printsys == 'all':
             printsys = []
-        path = '/noderange/{0}/configuration/system/all'.format(noderange)
+        if printsys == [] and not options.advanced:
+            path = '/noderange/{0}/configuration/system/all'.format(noderange)
+        else:
+            path = '/noderange/{0}/configuration/system/advanced'.format(
+                noderange)
         rcode = client.print_attrib_path(path, session, printsys,
                                          options)
 sys.exit(rcode)
\ No newline at end of file

From f5d5cbd67b8e91bd065d0bac3ed280a0e66b31ef Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Fri, 17 Aug 2018 13:56:38 -0400
Subject: [PATCH 3/3] Have collective command warn if the libssl library is not
 viable

Main example is RedHat providing pyOpenSSL of relatively ancient
vintage.
---
 confluent_server/confluent/sockapi.py | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/confluent_server/confluent/sockapi.py b/confluent_server/confluent/sockapi.py
index db6d5864..ea5c37e6 100644
--- a/confluent_server/confluent/sockapi.py
+++ b/confluent_server/confluent/sockapi.py
@@ -144,6 +144,14 @@ def sessionhdl(connection, authname, skipauth=False, cert=None):
     send_data(connection, {'authpassed': 1})
     request = tlvdata.recv(connection)
     if 'collective' in request and skipauth:
+        if not libssl:
+            tlvdata.send(
+                connection,
+                {'collective': {'error': 'Server either does not have '
+                                         'python-openssl installed or has an '
+                                         'incorrect version installed '
+                                         '(e.g. pyOpenSSL)'}})
+            return
         return collective.handle_connection(connection, None, request['collective'],
                                      local=True)
     while request is not None: