Lay groundwork for pulling this sort of data in on discovery. The plan is that *if* serial numbers will
be used as a cue for discovery, it would be in the context of a nodediscover command.
A redacted dump will not have a keys.json file, which
is natural. Replace 'file not found' with a message
indicating the possibility of a redacted dump.
Clients may now format a string as if it were to be an expression for an attribute,
and have the server evaluate it using the same engine without passing through the
attribute engine. This makes it easier, for example, to do nodeexec n1-n4 ipmitool -H {hardwaremanagement.manager}
Wire up the singleton switch search function to a function that
extracts list of switches and relevant auth data from the config
engine. Add attributes to allow indication by hardware management
port connection. The OS nics will be added later for in-band discovery,
but that's of limited value until PXE support anyway.
This time, the update function is a generator that yields as a sign to caller
that the mac map has had at least a partial update to be considered.
As we implement internal processes with automation,
provide a hook for code to convey information about
situations encountered during background activity.
Ultimately, it is intended to hook event forwarders
for things like syslog/email/etc
gdbm backend does not support the 'iterkeys' interface directly,
requiring instead to manually traverse. Unfortunately, dbhash
does not implement the gdbm interface for this, so we have
to have two codepaths.
When initializing security key, a background thread may occur. Sometimes,
the system would go to daemonize while that thread was still running, and
the whole system could exit. Leading to incomplete write to globals as well
as leaving the daemon looking at the data copied over from pre-fork and
seeing the last state of that thread forever frozen. Make sure the background
threads are fully done prior to exiting.
Like self-signed TLS certificates, SSH host keys
warrant a similar security policy. This implementations
follows the lead of the TLS management and uses the same
policy name and interpretation, just storing the value
in 'pubkeys.ssh' for the node rather than an extensible
set of entry points (for now).
This causes some additional features into core. Namely
the ability to use a fixed module rather than a string
defined plugin. This allows shellserver to implement the
'plugin' interface without living in 'plugins'. 'plugins'
implies modularity and potential eventual choice, but
this functionality is core. It would make sense for the
'attributes' plugin to be changed to match this strategy.
When attribute notification is requested, node deletion was not
sent to the watchers. Address the limitation by notifying on all
attributes for a deleted node.
Add TimedAndSizeRotatingFileHandler which mixes together
the RotatingFileHandler and TimedRotatingFileHandler from
python logging module to process the log data.
Add logrollover event to track the renamed information, so
that console session can read the log data from current log
file and last renamed file.
Global configuration is used by the log handler. The format
of the log section in '/etc/confluent/service.cfg' is like:
[log]
when = m
backup_count = 3
max_bytes = 8192
utc = False
Enhance noderange to implement:
attribute.name==value (also attribute.name=value) -- strict equality match
attribute.name=~value -- regular expression match
attribute.name!=value -- strict negative match
attribute.name!~value -- negative regular expression match
~nameexpression -- search by node name using regular expression
This also goes a step further by intelligently limiting searches when found to the right of @ or ,-.
get_node_attributes would make a fatal mistake when more
than one node queried due to loop side effect. Also address
numerous issue with html-ification in the messaging module.
On the plugin front, add a one-off description for the 'noderange' attribute.
For the other pieces, make noderange more like any 'extensible' string value
rather than making it special.
Make expansion of groups and rejection of unrecognized elements work.
Additionally, implement dynamic groups. A group may have a 'noderange'
attribute. In this case it is considered to have 'dynamic' members. This
only has meaning in noderange expansion, not in deriving configuration data.
This does not yet add the search by attribute value capabilities and still
doesn't do the pagination or + operators.
The change to allow configmanager to log traces
erroneously broke due to use of 'import .. as' in
circular imports. Skip 'as' and the problem does not occur.
When a change callback handler raises an exception,
log it and move on to next handler. This prevents
the handler from screwing up the caller or fellow
callback handlers. Unfortunately this means that
no one notices the issue until checking the trace
log file, but it produces more peculiar behavior
as it stands without this change.
To facilitate a clean coordinated shutdown, create a verb so that a termination can be done
and know when it is completed. Only allow for the 'special' case of 'skipauth', where unix domain
socket connection is in hand and only root or the service owner can access.
Make sure that the dbm object is closed before another thread might come along. Out of an overabundance of caution,
also join() existing cfgwriter thread to make sure that only one thread touches it at a time. In theory, it should only possibly
be after the db is closed, but take no chances.
If the sync thread had moved beyond the point of checking _writepending, but had not quite managed to trigger
isAlive() to be false, the sync cfg to file would transition to never work. Address this by adding one lock and one boolean.
Inside the lock, the two booleans are manipulated to atomically mark the end of thread sync activity linked with
check for pending data to write.
Jarrod Johnson
Allen Lin37
chenglch
Jarrod Johnon