Add a mechanism to close a session the right way
in tlvdata
Fix confluentdbutil/configmanager to restore/dump db to directory
Move auth to asyncio away from eventlet
Fix some issues with httpapi, enable reading body via aiohttp
Fix health from ipmi plugin
Fix user creation across a collective.
Some subprocess calls were reworked to use asyncio friendly
variants.
Also, osdeploy initialize was checked, and reworked the ssh and tls
handling.
osdeploy import was also reworked to functional with async only.
With asyncio, we must close the writer half of a pair
Also rework the get_next_msg to work better.
Still need to allow stop_following to interrupt get_next_msg
Purge sockapi of remaining eventlet call
Extend asyncio into the credserver to finish out sockapi.
Have client and sockapi complete TLS connection including password checking
Fix confetty ability to 'create'.
Since we are rebasing to at least Python 3.6, and with
some extra ctypes wranging of the ssl context, we can likely
remove PyOpenSSL. Take first steps by removing it from 'sockapi'.
Have confluent executable become the 'top level' for eventlet, to allow
work on 'de-eventleting' on 'main.py'.
Rework tlvdata to deal with either a socket or a reader, writer tuple.
Using TLS with asyncio is easiest with the 'open_connection'
semantics, which force either a Protocol handler (callback based) or
dual streams. While protocol approach ends with a more socket-like
'transport', the 'protocol' half is a bit unwieldy. So reader and writer
streams instead.
Reap ssh-agent to avoid stale agents lying around.
Remove nuisance warnings about virbr0 when present.
Do a full runthrough as the confluent user to ssh to a node when user
requests with '-a', marking known_hosts and automation key issues.
Reap ssh-agent to avoid stale agents lying around.
Remove nuisance warnings about virbr0 when present.
Do a full runthrough as the confluent user to ssh to a node when user
requests with '-a', marking known_hosts and automation key issues.
Whether due to the management node or node IP addresses,
check if deployment can reasonably proceed using IPv4 or IPv6,
and give a warning with some suggestions to check.
Also, add nodeinventory <node> -s as an example resolution for missing
uuid.
Provide for applications
where only a small subset of collective
members should be
considered to count
toward whether the collective
can proceed.
Commonly, 'service' nodes may
be numerous to do work, but may all want to go offline
during a maintenance window.
When a node installs, it may not have it's node mapped address up,
or may not have one at all. Try to use the ip if it would be in the
same set that produced it's ssh certificate.
There remains a gap if a system has no static addressing *and* doesn't
map nodename to IP, but we have an impasse as the situation is too fuzzy
to grant a prinicpal in an SSH cert, and without that we can't securely
attempt rsync. For now, this scenario would still fail and I will
just hope that doesn't come up.
When generating new key materials, most people say 'yes' and cause problems
where they cycle valid keys without
realizing the significance.
Replace prompting with an emphasized warning instead.
Permit user to opt into a rebase of a
profile, to pick up potential updates
from the confluent packaged stock
profiles for files the user has not yet
customized.
