Purge sockapi of remaining eventlet call
Extend asyncio into the credserver to finish out sockapi.
Have client and sockapi complete TLS connection including password checking
Fix confetty ability to 'create'.
Refresh getcsr and installcert to handle latest firmware.
Also add ability to have pre-existing CSR, and trust the SAN on the way through.
If this becomes more properly a feature, then would likely impose a SAN
on certs, similar to the SSH principals, rather than deferring to the CSR
to get it right.
Since we are rebasing to at least Python 3.6, and with
some extra ctypes wranging of the ssl context, we can likely
remove PyOpenSSL. Take first steps by removing it from 'sockapi'.
Have confluent executable become the 'top level' for eventlet, to allow
work on 'de-eventleting' on 'main.py'.
Rework tlvdata to deal with either a socket or a reader, writer tuple.
Using TLS with asyncio is easiest with the 'open_connection'
semantics, which force either a Protocol handler (callback based) or
dual streams. While protocol approach ends with a more socket-like
'transport', the 'protocol' half is a bit unwieldy. So reader and writer
streams instead.
Some firmware cannot tolerate a web session being
active during a rename. Make sure logout has been done, and
give a retry if needed to let the session close out after
logging out.
For one, when using confluent expressions, induce {} to be an error to
trigger an error for someone trying to xargs something.
Another is to add warnings when clear does something deliberately, but
is something that might surprise a user, steering them toward
what they possibly might want to do instead.
When doing pxe and the noderange of the candidate managers fails,
try again without validation in case the user omitted collective members
from nodelist, but still used ',' to enumerate them.
Reap ssh-agent to avoid stale agents lying around.
Remove nuisance warnings about virbr0 when present.
Do a full runthrough as the confluent user to ssh to a node when user
requests with '-a', marking known_hosts and automation key issues.
Reap ssh-agent to avoid stale agents lying around.
Remove nuisance warnings about virbr0 when present.
Do a full runthrough as the confluent user to ssh to a node when user
requests with '-a', marking known_hosts and automation key issues.
For relay agent options, preserve and echo back the option,
needed for certain environments.
Also, it turns out that for whatever reason on some platforms, iPXE's
proxyDHCP logic can't seem to get a reply. In this scenario,
provide the filename in the DHCP offer without waiting for proxyDHCP.
This change may be worth evaluating more broadly, but may carry risk of not working
right with unmanaged DHCP servers.
The code was comparing two string constants, instead of
a variable to a constant. Correct the problem to enable
the preflight checks to work as intended.
