Make clearer api grant errors

confluent_osdeploy/ubuntu22.04/initramfs/scripts/casper-bottom/99confluent

@@ -28,7 +28,15 @@ if [ -e /tmp/cnflnthmackeytmp ]; then
     DEVICE=$(cat /tmp/autodetectnic)
     IP=done
 else
+    APIKEY=
     chroot . custom-installation/confluent/bin/clortho $NODENAME $MGR > /root/custom-installation/confluent/confluent.apikey
+    APIKEY=$(cat /root/custom-installation/confluent.apikey)
+    while [ -z "$APIKEY" ]; do
+	echo "Failure trying to get confluent node token registered, check nodedeploy status, retrying in 5 seconds..."
+        sleep 5
+        chroot . custom-installation/confluent/bin/clortho $NODENAME $MGR > /root/custom-installation/confluent/confluent.apikey
+        APIKEY=$(cat /root/custom-installation/confluent.apikey)
+    done
     MGR=[$MGR]
     nic=$(grep ^MANAGER /custom-installation/confluent/confluent.info|grep fe80::|sed -e s/.*%//|head -n 1)
     nic=$(ip link |grep ^$nic:|awk '{print $2}')

confluent_osdeploy/utils/clortho.c

@@ -246,6 +246,6 @@ int main(int argc, char* argv[]) {
             buffer[0] = 255;
             ret = read(sock, buffer, 2);
         }
-        fprintf(stderr, "Password was not accepted\n");
+        fprintf(stderr, "Confluent API token grant denied by server\n");
         exit(1);
 }

confluent_server/confluent/networking/lldp.py

@@ -34,6 +34,7 @@ if __name__ == '__main__':
     import sys
     import confluent.config.configmanager as cfm
 import base64
+import confluent.networking.nxapi as nxapi
 import confluent.exceptions as exc
 import confluent.log as log
 import confluent.messages as msg
@@ -174,11 +175,54 @@ def _init_lldp(data, iname, idx, idxtoportid, switch):
         data[iname] = {'port': iname, 'portid': str(idxtoportid[idx]),
                        'chassisid': _chassisidbyswitch[switch]}
 
-def _extract_neighbor_data_affluent(switch, user, password, cfm, lldpdata):
+_fastbackends = {}
+def detect_backend(switch, verifier)
+        backend = _fastbackends.get(switch, None)
+        if backend:
+            return backend
+        wc =  webclient.SecureHTTPConnection(
+            switch, 443, verifycallback=verifier, timeout=5)
+        wc.set_basic_credentials(user, password)
+        apicheck, retcode = wc.grab_json_response_with_status('/affluent/')
+        if retcode == 401 and apicheck == b'{}':
+            _fastbackends[switch] = 'affluent'
+        else:
+            apicheck, retcode = wc.grab_json_response_with_status('/api/')
+            if retcode == 400 and apicheck.startswith(b'{"imdata":['):
+                    _fastbackends[switch] = 'nxapi'
+        return _fastbackends.get(switch, None)
+
+def _extract_neighbor_data_https(switch, user, password, cfm, lldpdata):
     kv = util.TLSCertVerifier(cfm, switch,
                                   'pubkeys.tls_hardwaremanager').verify_cert
+    backend = detect_backend(switch, kv)
+    if not backend:
+        raise Exception("No HTTPS backend identified")
     wc =  webclient.SecureHTTPConnection(
                 switch, 443, verifycallback=kv, timeout=5)
+    if backend == 'affluent':
+        return _extract_neighbor_data_affluent(switch, user, password, cfm, lldpdata, wc)
+    elif backend == 'nxapi':
+        return _nxapi_map_switch(switch, password, user, cfgm)
+
+
+
+def _extract_neighbor_data_nxapi(switch, user, password, cfm, lldpdata, wc):
+    cli = nxapi.NxApiClient(switch, user, password, cfm)
+    lldipinfo = cli.get_lldp()
+    for port in lldpinfo:
+        portdata = lldpinfo[port]
+        peerid = '{0}.{1}'.format(
+            portdata.get('peerchassisid', '').replace(':', '-').replace('/', '-'),
+            portdata.get('peerportid', '').replace(':', '-').replace('/', '-'),
+        )
+        _extract_extended_desc(portdata, portdata['peerdescription'], True)
+
+
+        mt = cli.get_mac_table()
+        _macsbyswitch[switch] = mt
+        _fast_backend_fixup(mt, switch)
+def _extract_neighbor_data_affluent(switch, user, password, cfm, lldpdata, wc):
     wc.set_basic_credentials(user, password)
     neighdata = wc.grab_json_response('/affluent/lldp/all')
     chassisid = neighdata['chassis']['id']
@@ -219,7 +263,7 @@ def _extract_neighbor_data_b(args):
         return
     lldpdata = {'!!vintage': now}
     try:
-        return _extract_neighbor_data_affluent(switch, user, password, cfm, lldpdata)
+        return _extract_neighbor_data_https(switch, user, password, cfm, lldpdata)
     except Exception:
         pass
     conn = snmp.Session(switch, password, user)

confluent_server/confluent/networking/macmap.py

@@ -152,26 +152,12 @@ def _nodelookup(switch, ifname):
             return _switchportmap[switch][portdesc]
     return None
 
-_fastbackends = {}
 def _fast_map_switch(args):
     switch, password, user, cfgm = args
     macdata = None
-    backend = _fastbackends.get(switch, None)
     kv = util.TLSCertVerifier(cfgm, switch,
                               'pubkeys.tls_hardwaremanager').verify_cert
-    if not backend:
-        wc =  webclient.SecureHTTPConnection(
-            switch, 443, verifycallback=kv, timeout=5)
-        wc.set_basic_credentials(user, password)
-        macdata, retcode = wc.grab_json_response_with_status('/affluent/macs/by-port')
-        if retcode == 200:
-            _fastbackends[switch] = 'affluent'
-        else:
-            apicheck, retcode = wc.grab_json_response_with_status('/api/')
-            if retcode == 400:
-                if apicheck.startswith(b'{"imdata":['):
-                    _fastbackends[switch] = 'nxapi'
-    backend = _fastbackends.get(switch, None)
+    backend = lldp.detect_backend(switch, kv)
     if backend == 'affluent':
         return _affluent_map_switch(switch, password, user, cfgm, macdata)
     elif backend == 'nxapi':