5ccfa36da6
Fix ssh disconnect handling in python 3
...
In python 3, '' will never match b''. Just
use the value as a boolean to catch either ''
or b''.
2020-07-15 10:34:23 -04:00
5b1e144d32
Fix python3 problem with backspace
...
In python3, a single element reference of a bytes
is an int, not equal to a b'' of the same length and
value. Change to use slices to have python2 and python3
act the same.
2020-07-14 09:13:37 -04:00
4722c3ec92
Check current SMM IP before pushing config
...
If the user requests the same ip address that
is already present, leave the network configuration
alone.
2020-06-18 09:23:30 -04:00
d75867050c
Fallback when pyte contains unknown colors
...
This allows nodeconsole to connect to Ubuntu
installer, for example.
2020-05-22 15:46:16 -04:00
213d440052
Fix certificate watch
...
In python3, it was not working.
If another file got added, it could go
with a busy loop.
2020-05-22 13:55:24 -04:00
0800290c8e
Fix checking colleective status
...
In a few contexts, the result of list_collective
was used directly in a boolean context. As an iterator,
it is always true unless coerced into a potentially empty
list explicitly.
2020-05-21 08:47:07 -04:00
c5c5b36536
Fix reverse noderange in python 3
...
python3 environments do not natively know the word 'unicode',
in such a case, make unicode an alias for 'str'.
2020-05-19 14:18:35 -04:00
87a7e65b42
Add missing dependencies to deb package
...
A number of python packages were missing.
2020-05-12 10:31:36 -04:00
51c09d844f
Fix broken expressions
...
Fix mistake in the {} password fix.
2020-05-08 13:29:33 -04:00
2c4f8dfceb
Fix backup/restore with python3
...
backup/restore with password
was having problems with python3
2020-05-07 16:27:00 -04:00
598ec4a294
Change ubuntu package names
2020-04-28 11:29:41 -04:00
4f85ba2bff
Fix nodeattrib set of password
...
This path happens in nodeattrib.
2020-04-22 09:46:38 -04:00
5232b7c9c4
Fix passwords with {} in them
...
The input handler erroneously
tried to make an expression out
of values that did not support
expressions.
2020-04-22 08:58:38 -04:00
f97fd3105f
Prevent GET from indicating a non-idempotent opreation
...
This could bypass CSRF protection in theory.
2020-04-16 12:08:47 -04:00
bc03da47af
Fix another python3 syntax problem
...
async can't even be a member of
a class, evidently.
2020-04-10 12:12:17 -04:00
bd39171611
Fix another use of async name
...
For better python 3 compatibility,
stop using async as a variable name.
2020-04-10 12:09:27 -04:00
ed050b37e1
Fix httpapi with python3
...
async is now particularly special,
rename variable to fix it
2020-04-10 11:58:45 -04:00
8d1d19d9a8
Fix nodelicense save with expansion
...
Client side checking will not suffice. Move it server side.
Additionally ,fix ownership of downloaded files.
2020-04-09 08:20:55 -04:00
017f3fb372
Switch CP storage to SSDP from SLP
...
The SLP behavior on CP storage BMC is problematic.
Switch to SSDP to see if that provides more robust
behavior.
2020-04-07 11:32:52 -04:00
7e86a72872
Pass along unavailable info to client
2020-04-03 12:33:55 -04:00
2567503662
Handle both types of CP reply
...
The CP storage may reply with
one of two distinct forms. Recognize
either and treat them the same.
2020-04-03 11:01:55 -04:00
a0684520d8
Add documentation for some parameter default
2020-04-02 10:25:57 -04:00
0b95daa30d
Add msgpack to explicit dependencies
...
This will pull in msgpack for debian derivatives.
2020-03-30 10:58:08 -04:00
f6c44922f8
Add support for forced password change
...
ThinkAgile CP storage BMC firmware now requires
a password change be navigated prior to operation.
2020-03-26 14:10:17 -04:00
a86d962984
Fix missing pwd import
...
The pwd module was accidentally omitted, fix the mistake.
2020-03-13 11:04:16 -04:00
9ee29aabe1
Set certificate ownership properly
...
When creating certificate for collective, ensure that the certificate
is usable by confluent when running
as non-root.
2020-03-12 16:04:23 -04:00
f2bd796c2a
Further clean up license error handling
...
Backup of nodelicense was not
consistently checked between
redfish and ipmi plugins.
2020-03-11 09:29:41 -04:00
3c26beda1d
Fix loss of web connectivity during XCC discovery
...
The password policy was incorrectly logging out in the
middle of the flow when a forced password change occurred.
Fix by externally managing the web session.
2020-02-26 10:00:10 -05:00
e2d0e49fc7
Add HTTP boot architecture to pxe
...
This paves the way for future response to HTTP boot
2020-02-20 20:36:36 -05:00
da5a34c2e4
Fix wheezy builds
2020-02-20 08:05:21 -05:00
3629cb8ee7
Fix spelling of cumulus
2020-02-19 16:53:35 -05:00
eae7b3bd80
Add discovery snoop for Cumulus ZTP
...
When a cumulus switch does ZTP, detect
in the discovery facility.
2020-02-19 16:26:33 -05:00
868367e052
Add sensing of ONIE switches
...
Have nodediscover show detected
ONIE install devices.
2020-02-19 15:20:45 -05:00
f6d4fef5e6
Improve error message for collective
...
When trying to not run as root, give a
better error message explaining the
situation more clearly.
2020-02-18 16:16:40 -05:00
b1b7ec4d50
Add affluent plugin
...
Implementing Cumulus NOS
support through an agent called
'affluent'.
2020-02-18 14:23:57 -05:00
c0cd6de4f7
Remove PrivateDevices from unit file
...
PrivateDevices breaks pam_unix, for some reason. Remove this
protection. We still have DevicePolicy closed and running as non-root,
so this should still be relatively safe.i
2020-02-13 11:42:21 -05:00
4437e81e04
Leverage unix_chkpwd
...
If doing PAM authentication, we
can setuid to the target user and then
pam_unix will use unix_chkpwd on
our behalf.
Problems with this working in the lab
was resolved by a yum reinstall pam,
so it was presumably due to messed up
setcap or similar experiments.
2020-02-13 10:37:15 -05:00
6a12af1242
Remove non-root for older distributions
...
Older systemd does not support capabilities. For such a platform,
disable non-root mode.
2020-02-12 13:20:08 -05:00
9879a83a10
Fix mistake in the redfish access protection
...
It contained a syntax error.
2020-02-11 14:22:19 -05:00
cce6b824de
Merge branch 'master' of github.com:jjohnson42/confluent
2020-02-11 14:09:51 -05:00
ce1cb952e8
Fix PAM authentication
...
It's tricky. On Redhat platforms, we need the CAP_DAC_READ_SEARCH
capability. Unfortunately this is one of the nicest capabilities to have.
For now add it to ambient set so that PAM can work on redhat platforms.
Mitigate this risk by safeguarding the license handling code, which
is the only known place that can read a file and send it to somewhere.
If we could drop the capability from effective set and add it back in when
needed, that would be nice, but that appears not to be possible.
Short of that, having a separate authentication process
running and dropping privilege would potentially work.
2020-02-11 14:09:22 -05:00
c6812274e4
Fix media list through collective
...
The Media class was not
serializable by msgpack. Fix this
and improve error messages in
future instances of this behavior.
2020-02-11 09:04:49 -05:00
7cd7068dd7
Remove stray developer output
...
Remove a developer repr from log
output.
2020-02-07 16:01:29 -05:00
48f0330568
Add affluent support to /networking
...
The /networking backend will now
check for affluent on the switches and
use it if possible for improved performance.
2020-02-07 15:57:33 -05:00
66e1d17d28
Have systemd manage confluent run dir
...
The run directory has to be created and owned by confluent,
or else things cannot start.
2020-02-06 13:45:46 -05:00
7480494432
Tighten up new PAM check
...
For one, remove the password cache cleaning, as it no longer is run.
For another, skip the fork if uid is already 0.
Finally, wrap the check in a try/finally to keep the privileged process
more certain in exiting.
2020-02-06 10:05:57 -05:00
49c00bfbb7
Become root to check a password
...
Running as non-root had broken PAM support. Allow setuid so we
can assume root in one specific case.
2020-02-05 16:06:13 -05:00
201985dd0e
Fix missing argument to rpc_set_user
...
Requests were unable to traverse
a collective.
2020-02-05 14:55:51 -05:00
1aee19997a
Carry errors across msgpack
...
Messages that were formerly carried
as pickled exceptions are now sent
as generic strings over msgpack.
2020-02-04 10:16:48 -05:00
3bc366bef4
Fix mistake in the cert util
2020-02-03 15:37:20 -05:00
Jarrod Johnson