75484db014
Fix macok incorrect value on finding the mac
2022-10-03 10:33:21 -04:00
763b157802
Fix syntax error
2022-09-30 12:36:12 -04:00
6e803e9fca
Add insecure protocol check
2022-09-30 12:22:39 -04:00
9ecd3e3ac7
Add API check
...
Particularly SELinux is a frequently missed configuration
facet, alert when the selinux is blocking.
2022-09-30 12:17:31 -04:00
ee3aef0a4c
Mark COPYRIGHT as legal in rpm
2022-09-30 11:02:55 -04:00
b7dfe20286
Add legal artifacts to confluent_server
2022-09-30 10:43:18 -04:00
c647dec069
Add message on successful node attribute run
2022-09-29 15:45:07 -04:00
903de26dd8
Add node attribute checks to selfcheck
2022-09-29 15:27:12 -04:00
cf000d6872
Add node name resolution check
...
A common scenario for closed networks
is a misconfigured DNS situation.
Detect and report, as this can wreak havoc on a confluent instance.
2022-09-29 09:57:43 -04:00
5a62307d1e
Restore config by name
...
The change to allow CIDR syntax
broke for configurations that use name for
bmc 'address'.
Fix by letting getaddrinfo have a chance to process the ip before
trying to pton it.
2022-09-27 17:05:13 -04:00
0c08d8f6d3
Provide helpful error on bad user/password in delta pdu
2022-09-21 16:19:13 -04:00
5a935d99fc
Have SMM devices register cleanly
...
In remote discovery registration, the
SMM path was not fully implemented
2022-09-13 13:29:42 -04:00
7cbd105ae3
Workaround TSM issue with redfish configuration
2022-09-09 12:04:38 -04:00
2bc2736da4
Fix neighutil invocation of ipn_is_local
2022-09-08 16:07:04 -04:00
4a8af0ad85
Fix assumptions about ip going into netutil
2022-09-08 14:35:16 -04:00
7b98b7dc00
Fix wrong uid after duplicate identity check
2022-09-08 09:51:21 -04:00
cde18bcd3a
Cap the number of deferred packets
...
Prevent deferred packets from growing endlessly
if activity is keeping the loop running.
2022-09-07 08:04:47 -04:00
60cfa1d3c5
Skip peer probe on remote
...
When remote ip is detected,
communicate by returning False
instead of None.
Use this indication to let ssdp
skip a transmit and growing
pending list in such a case.
2022-09-06 16:40:34 -04:00
596fcb0f4c
Implement mitigations for ovewhelming SSDP
...
First, for a given contiguous set of snoop activity, start ignoring a given peer during that contiguous chenk after it has been considered once.
Further, make get_hwaddr cheaper for attempts against
remote IPs.
To facilitate the above, create an efficient 'ip_is_local' to be
a relatively cheap function, with
potential to cache result in future
if it needs to be even cheaper.
2022-09-06 16:08:31 -04:00
7980534bad
Fix confluentdbgcli.py for python3
2022-09-02 15:11:30 -04:00
6c1f87aeb7
Add mechanism for copernicus to request any confluent
...
This can be used for network debug in a generic way, to identify vlan adjacency without regard to nodedoploy state or uuid matching.
2022-09-02 13:32:05 -04:00
1c811dbf3e
Fix python path automatically in confluent_selfcheck
2022-09-02 10:11:12 -04:00
503746131c
Add selfcheck to packaging
2022-09-02 09:53:06 -04:00
a0037a305c
Add confluent_selfcheck to server package
2022-09-02 09:44:13 -04:00
d1d15f29c1
Add facility to fix confluent uuid problem
2022-09-01 13:26:25 -04:00
67f0c8a81b
Add IPv6 and insecure boot checking
2022-09-01 13:17:17 -04:00
ed91e0f2f3
Have askpass delete itself
...
This causes ssh-add to give up, instead of endlessly rerunning
the askpass script.
2022-08-31 17:17:33 -04:00
908e51221c
Correct minor formatting mistake in warning
2022-08-29 12:22:14 -04:00
8277701af6
Rewrite site ssh even if
...
the /etc copy already exists.
IT may be that /var/lib/confluent is being repaired, in which
case just copy existng over while giving warning.
2022-08-29 12:16:35 -04:00
570611f22b
Have osdeploy initialize skip SSH regen
...
When generating new key materials, most people say 'yes' and cause problems
where they cycle valid keys without
realizing the significance.
Replace prompting with an emphasized warning instead.
2022-08-29 11:10:45 -04:00
2a3e6cd6f1
Change websocket dependency name in EL7
2022-08-26 08:16:22 -04:00
352da94005
Implement rebase feature ofr osdeploy
...
Permit user to opt into a rebase of a
profile, to pick up potential updates
from the confluent packaged stock
profiles for files the user has not yet
customized.
2022-08-25 15:21:49 -04:00
93b7547c58
Enable IPMI for user if IPMI has been enabled globally elsewhere
...
Scenarios have come up with trying to repair partially
configured configuration, break
the global and per-account check
into separate concerns.
2022-08-24 10:13:53 -04:00
31b3d6ea06
Move manifest data into dedicated file
2022-08-24 09:29:48 -04:00
d97c508d86
Add hash manifest of new os profiles
...
When importing an image and taking stock copy, mark the files to allow detection of stock
versus customized profile content.
This will be used by a rebase command to know when
to overwrite or when to leave a file alone.
2022-08-23 15:25:17 -04:00
801e43936c
Revise ESXi routed deployment
...
-Have apiclient set timeout on getting credential to avoid hang
-Change dcuiweasel to start shell earlier for better debug
-Do not expire the ident token if deployment is armed continuous anyway
2022-08-19 16:06:46 -04:00
a445107c7f
Fix setting privilege level alone for ipmi
...
The logic incorrectly had it depend on password also being present.
2022-08-19 09:10:52 -04:00
dde66c53c9
Dynamically ascertain name scheme for Delta pdu
...
Some delta pdus have different name schemes
than others, take the hit of
awkward parsing to autodetect.
2022-08-17 10:20:26 -04:00
57fcc8a243
Start SSH agent even on older ssh
...
The unusual path to automation key for syncfiles and ansbile
is most easily handled by ssh-agent, even if no passphrase
will be used
2022-08-16 15:06:26 -04:00
047cd6302a
Add wait for IP connectivity
...
After config, there may be a delay
before the configuration takes effect.
This delay can break nodeconfig.
Try to wait for the delay to pass.
2022-08-09 08:50:19 -04:00
f0c8eee956
Add facility to auto-exec nodeconfig on discovery
...
This permits more open ended node configuration when discovery happens.
2022-08-08 16:13:01 -04:00
610e7bf044
Constrain ip-less offers
...
PXE and HTTP client define a behavior for using non-address portion of an offer if the
offer has none. However, other clients, like
udhcpc will be confounded by such offers.
Ensure that client specifically sets VCI to indicate
it understand such an offer before replying.
This as yet generally doesn't matter as UUID is not sent by OS installers, however
some OSes can't do do API calls over LLA, and
thus we want to start allowing OS requests with
UUID and only offer when it makes sense.
2022-07-29 12:49:25 -04:00
9fe156601b
Add netmask to net config data
...
Some clients may want to consume netmask
without going to the trouble of converting,
so provide the extra data a different way.
2022-07-25 15:54:07 -04:00
830c9e171f
Add IP detection on local segment from remote registration
...
If an ip address is missing, but linklocal is set, try to search the
local nics for a viable connection to use.
2022-07-22 17:17:35 -04:00
0ac2bce883
Have XCC use a null string for ipaddr
...
This avoids the remote discovery failure for now.
2022-07-22 13:31:11 -04:00
6f619bc896
Change ipaddr to a property for allowing logic
2022-07-22 13:23:47 -04:00
bdd5dddce0
Fix typo in log message
2022-07-21 11:20:31 -04:00
d61dcee4fa
Fix handling of explicit prefix
...
Switch to just ip in time and return prefix
length as int.
2022-07-21 11:06:01 -04:00
d385ad1a0a
Support explicit prefix in xcc discovery
2022-07-21 10:13:00 -04:00
ef2c7b5bbc
Fix errant reference
2022-07-21 09:57:29 -04:00
Jarrod Johnson