xCAT/confluent
2
0
Fork 0
mirror of https://github.com/xcat2/confluent.git synced 2026-01-10 18:12:30 +00:00
Code Issues Projects Releases Wiki Activity
5,773 Commits 40 Branches 75 Tags
master
Commit Graph

2692 Commits

Author SHA1 Message Date
Jarrod Johnson
99d10896e8 Fix parameter count unpack for accelerated switch interrogation 2026-01-08 17:07:39 -05:00
Jarrod Johnson
c196bf9d55 Fix initial startup of a new confluent 
The indexes change failed on a brand new install.
 2025-12-02 14:31:10 -05:00
Markus Hilger
ec39de3df0 Add bond alias to team description 2025-11-21 14:16:07 +01:00
Jarrod Johnson
73216fc062 Fix architecture name mismatch 
Confluent went with aarch64 consistent
with EL naming, but Ubuntu used
debian naming, recognize and just
handle that.
 2025-11-18 09:10:30 -05:00
Jarrod Johnson
61b07e0af4 Start index at 1 instead of 0 2025-11-17 12:05:03 -05:00
Jarrod Johnson
53760ab5dd Attribute feature enhancement 
Add expression functions upper, lower, block_number, and block_offset.

Add an 'id.index' auto-attribute to
yield a number for nodes.
 2025-11-17 11:58:04 -05:00
Jarrod Johnson
d3e7a49f92 Simplify by recursion 
Use _handle_ast_node to process
everything before the function name in an Attribute call
 2025-11-15 10:32:11 -05:00
Jarrod Johnson
1f688ead28 Implement .replace() for attribute expressions 
Provide an easy to use replace() to allow removing or substiting values
during expression evaluation.
 2025-11-14 17:20:06 -05:00
Jarrod Johnson
6ebb6de107 Allow specifiying SNMP privacy protocol 
Modern SNMP devices may require AES.

Unfortunately, older ones may refuse AES.

For compatibility, continue to default to DES, but
allow AES to be indicated in attributes.
 2025-11-10 10:21:01 -05:00
Jarrod Johnson
b07da455c2 Fix SAN generation 
The nameconstraint support missed
a branch, fix this.
 2025-11-07 11:22:12 -05:00
Jarrod Johnson
cc9a81103b Do not autosign if the corresponding cryptography is unavailable 
We use cryptography verification, but it's relatively new.

For compatibility, we fall back to fingerprint only.

This is pretty bad when inflicted on
unsuspecting users on autosign,
so skip autosign if cert validation
would break.
 2025-11-04 15:51:22 -05:00
Jarrod Johnson
174d204607 Implement compatibility with newer pysnmp 
For now, terminate the async nature
if newer pysnmp is detected.
 2025-11-04 09:58:11 -05:00
Jarrod Johnson
2826abb7ab Prune excessive leftover ext config files 2025-11-03 14:21:36 -05:00
Jarrod Johnson
5adb5fa780 Automatically sign XCC certificates on discover 
If an XCC doesn't have a 'real' certificate, sign it with the confluent
CA for 47 days.
 2025-11-03 14:02:33 -05:00
Jarrod Johnson
5de063212f Prepare for supporting constrained CA 
If asked to sign using a name constrained CA,
avoid generating a certificate that
would violate those constraints.
 2025-11-03 10:43:34 -05:00
Jarrod Johnson
073f6d1389 Wire up cert signing to nodecertutil 2025-10-31 12:04:27 -04:00
Jarrod Johnson
f755ba9f91 Implement method to sign BMC certificates 2025-10-31 10:46:42 -04:00
Jarrod Johnson
cf8c01ef13 Merge remote-tracking branch 'lenovo' 2025-10-31 09:48:05 -04:00
Jarrod Johnson
8b12047ae0 Update to handle newer XCC2 firmware 2025-10-31 09:45:59 -04:00
Jarrod Johnson
f0a779764d Fix ordering of digest argument 
The digest argument was erroneously inserted between startdate and it's
argument, correct this mistake.
 2025-10-28 15:39:04 -04:00
Jarrod Johnson
0ad7e99efe Only optionally use cryptography verification 
Some supported distributions can't run the newer cryptography.

Make it a feature that only works with newer platforms.
 2025-10-27 08:38:14 -04:00
Jarrod Johnson
24a76612ae Use sha284 hash algorithm 
Some implementations reject sha256 as inadequate if ecdsa has 384 bit keylength. Bring the digest up to match
the key size for the ECDSA.
 2025-10-27 06:41:05 -04:00
Jarrod Johnson
6c9c58f464 Update certutil to prepare for broader usage 
For one, apply more rules from CA/B forum. This includes including KU and EKU extensions, marking basicConstraints critical, and
randomized serial numbers.

Also make the backdate and end date configurable, to allow
for the BMC certs to have a more palatable validity interval.
 2025-10-26 14:57:26 -04:00
Jarrod Johnson
3125f4171b Begin overhaul of TLS cert management 
Begin expanding certutil to sign other certificates from external CSRs more easily.

Have certutil make the CA constraint critical.

Have the fingerprint based validator have a mechanism to check for properly signed certificate in lieu of exact match,
and update the stored fingerprint
on match.

Provide a means to request a custom subject when evaluating a
target.

Change redfish plugin to set that subject in the verifier.
 2025-10-24 20:02:51 -04:00
Jarrod Johnson
762adb882a Track client address on checkin 
When doing DHCP deployment in particular, it's good to track what the actual ip was.
 2025-10-21 13:04:30 -04:00
Jarrod Johnson
c5896c056e Add facility to manage BMC CA certs 
For redfish at least, we can manage
some BMC CA certificate trust stores.
 2025-10-14 14:30:27 -04:00
Jarrod Johnson
a73dced80b Fix configbmc on XCC3 
IPv4 based configbmc is now fixed for multi-nic XCC3 configurations.
 2025-10-14 13:19:28 -04:00
Jarrod Johnson
b6188683b8 Redirect 'xcc' to 'xcc3' for bmcconfig -c 2025-10-14 10:22:15 -04:00
Jarrod Johnson
50243b67d5 Add a more helpful error when bmc not set 
When doing a configbmc, need to present
a more reasonable message about lack of address.
 2025-10-08 14:20:44 -04:00
Jarrod Johnson
7cdfcd4913 Implement support for multi-manager XCC managed systems 2025-10-08 09:42:17 -04:00
Jarrod Johnson
179ad4e196 Fix IPv6 redfish config fetch for select targets 
Not all targets offer up static gateway
 2025-10-08 09:39:17 -04:00
Jarrod Johnson
f34395648e Add vlan_id management to redfish and ipmi plugins 2025-10-06 17:28:55 -04:00
Jarrod Johnson
3505fe36e6 Remove hiddenmenu 
This no longer applies to most grub2
 2025-09-25 14:07:27 -04:00
Jarrod Johnson
29accaa494 Change grub to not prompt 
Sometimes grub can get stuck unexpectedly waiting for interaction. Try to get away from this by default
by setting the timeout to 0.
 2025-09-25 10:09:25 -04:00
Jarrod Johnson
184132c398 Fix collective manager candidates not in nodelist 
For switch operations, need to carry over the same logic as other evaluations.
 2025-09-19 19:41:54 -04:00
Jarrod Johnson
ac7fdb3ef7 Enhance message for enclosure based discovery 
If nodes are accidentally omitted, but present, provide a hint that may clarify
the situation.
 2025-09-19 15:46:18 -04:00
Jarrod Johnson
e7e8daafea Merge pull request #198 from henglikuang/logdirectory 
An effort was made at one point to have log directory configurable, but no way was actually done
to make it accessible.

This corrects that.
 2025-09-18 15:19:07 -04:00
Jarrod Johnson
500cdf7535 Change boot.img to boot.iso for Windows 
Some things expect an iso to be named as such. This drives different handling, but
there's little choice in the matter.
 2025-09-18 08:55:09 -04:00
Jarrod Johnson
22c8921455 Place identity files loose in directory as well 
Some OS deployment mechanism may wish to convey the identity information more loosely. For those, it's convenient if the files are loose instead
of needing extraction from a VFAT image.
 2025-09-17 09:25:40 -04:00
Jarrod Johnson
8109adaabf Add BFB recognition to osimage parsing 
Recognize BFB embedded OS as a potential osdeploy target.

This is toward the end of identifying the appropriate 'addons.cpio' for setting up for a bf.cfg driven bfb install.

For now, it is disabled until companion os category exists.
 2025-09-04 15:23:03 -04:00
Jarrod Johnson
29c6ce230f Tolerate updateboot failure on first import 2025-09-04 10:21:01 -04:00
Jarrod Johnson
87a6891eff Include boot filename in ARM case 
ARM PXE solutions often fail to properly implement
PXE, workaround by going ahead and including the boot filename.
 2025-09-03 09:09:21 -04:00
Jarrod Johnson
a112297e60 Detect ESXi editions for more specific fingerprinting 2025-09-02 10:19:41 -04:00
Jarrod Johnson
c567bfbd17 Add sysctl tune check to selfcheck 
Apart frem the gc_thresh indirect check, perform other checks.

For now, just highlight that tcp_sack being disabled can really
mess with BMC connections.  Since the management node may have high speed and the BMC may be behind a 100MBit link, SACK
is needed to overcome the massive loss and
induce TCP to rate limit appropriately.
 2025-09-02 08:53:55 -04:00
Jarrod Johnson
6d2146f252 Provide more category based firmware query 
Some platforms can have a very slow category,
like disks. Give CLI a way to ask for the desired
categories and a chance to optimize away the uninteresting.
 2025-08-29 17:12:36 -04:00
Jarrod Johnson
5045b46014 Switch to ISO based boot for windows 
Windows boot loader can be easily confused by a plurality
of vfat volumes, coddle it by giving it an ISO image for now.
 2025-08-28 15:14:02 -04:00
Jarrod Johnson
f321f56109 Make more windows content executable 
Other files use the executable
bit as an indication of whether to run or not.
 2025-08-28 08:08:30 -04:00
Jarrod Johnson
9defc47474 Give pycdlib a duped filehandle 
Attempts to share the filehandle resulted in race conditions around closing,
dedicate a dupe filehandle to pycdlib to avoid the conflict.
 2025-08-27 12:29:19 -04:00
Jarrod Johnson
595b628e08 Validate that the agent socket actually works 
If agent is 'kill -9', then recover
from that by reaping the now dead socket.
 2025-08-26 14:00:36 -04:00
Jarrod Johnson
710b24e9f5 Recover from dead ssh agent 
If the ssh-agent is gone, for whatever reason, restart it.
 2025-08-26 11:10:43 -04:00