xCAT/confluent
2
0
Fork 0
mirror of https://github.com/xcat2/confluent.git synced 2026-02-15 12:18:59 +00:00
Code Issues Projects Releases Wiki Activity
5,953 Commits 40 Branches 76 Tags
667e44983d697e729f4f4ec583fc8b86a7d90e13
Commit Graph

2834 Commits

Author SHA1 Message Date
Jarrod Johnson
667e44983d Fix ordering of confluentbmcname setting 2026-01-23 20:38:29 -05:00
Jarrod Johnson
b0647275df Replace dead references to SecureHTTPConnection 2026-01-23 20:23:23 -05:00
Jarrod Johnson
c4616745c4 Remove pyghmi usage across multiple areas 2026-01-23 13:31:09 -05:00
Jarrod Johnson
60c3d5400a Fix up proxmox module for async operation 2026-01-23 10:30:01 -05:00
Jarrod Johnson
6bc9282698 Change to await login 2026-01-22 14:59:31 -05:00
Jarrod Johnson
b06ffb293a Asyncify proxmox retrieve function 2026-01-22 14:53:52 -05:00
Jarrod Johnson
b548002a8d Fix nodegroup attribute async behavior 2026-01-22 14:50:59 -05:00
Jarrod Johnson
218ecce63f Correct import name 2026-01-22 14:46:34 -05:00
Jarrod Johnson
1c679727ad Correct issues in recent revision 2026-01-22 14:44:36 -05:00
Jarrod Johnson
50e530ebde Replace pyghmi with aiohmi in various plugins, remove some eventlet usage 2026-01-22 14:40:44 -05:00
Jarrod Johnson
7984c02042 Temporarily remove eficompressor dependency 2026-01-22 09:42:05 -05:00
Jarrod Johnson
d338f8d586 Temporarily lift some rpm dependencies to work through dev 2026-01-22 09:26:45 -05:00
Jarrod Johnson
c0d53ba986 Clean up RPM dependencies for async branch 2026-01-22 09:26:01 -05:00
Jarrod Johnson
68097428a5 Modernize asyncio invocation in main confluent runtime 2026-01-21 16:47:17 -05:00
Jarrod Johnson
7fedbc1810 Replace some pyghmi references and modernize some asyncio invocations 2026-01-21 16:45:42 -05:00
Jarrod Johnson
b2f1b8da79 Add tasks management module for async 2026-01-21 16:23:31 -05:00
Jarrod Johnson
0dabccaec8 Corrections after some mistakes in the merge 2026-01-20 14:55:06 -05:00
Jarrod Johnson
d89305ca42 Merge branch 'master' into async 
Try to merge in 2025 work into async
 2026-01-20 14:24:01 -05:00
Jarrod Johnson
99d10896e8 Fix parameter count unpack for accelerated switch interrogation 2026-01-08 17:07:39 -05:00
Jarrod Johnson
c196bf9d55 Fix initial startup of a new confluent 
The indexes change failed on a brand new install.
 2025-12-02 14:31:10 -05:00
Markus Hilger
ec39de3df0 Add bond alias to team description 2025-11-21 14:16:07 +01:00
Jarrod Johnson
73216fc062 Fix architecture name mismatch 
Confluent went with aarch64 consistent
with EL naming, but Ubuntu used
debian naming, recognize and just
handle that.
 2025-11-18 09:10:30 -05:00
Jarrod Johnson
61b07e0af4 Start index at 1 instead of 0 2025-11-17 12:05:03 -05:00
Jarrod Johnson
53760ab5dd Attribute feature enhancement 
Add expression functions upper, lower, block_number, and block_offset.

Add an 'id.index' auto-attribute to
yield a number for nodes.
 2025-11-17 11:58:04 -05:00
Jarrod Johnson
d3e7a49f92 Simplify by recursion 
Use _handle_ast_node to process
everything before the function name in an Attribute call
 2025-11-15 10:32:11 -05:00
Jarrod Johnson
1f688ead28 Implement .replace() for attribute expressions 
Provide an easy to use replace() to allow removing or substiting values
during expression evaluation.
 2025-11-14 17:20:06 -05:00
Jarrod Johnson
6ebb6de107 Allow specifiying SNMP privacy protocol 
Modern SNMP devices may require AES.

Unfortunately, older ones may refuse AES.

For compatibility, continue to default to DES, but
allow AES to be indicated in attributes.
 2025-11-10 10:21:01 -05:00
Jarrod Johnson
b07da455c2 Fix SAN generation 
The nameconstraint support missed
a branch, fix this.
 2025-11-07 11:22:12 -05:00
Jarrod Johnson
cc9a81103b Do not autosign if the corresponding cryptography is unavailable 
We use cryptography verification, but it's relatively new.

For compatibility, we fall back to fingerprint only.

This is pretty bad when inflicted on
unsuspecting users on autosign,
so skip autosign if cert validation
would break.
 2025-11-04 15:51:22 -05:00
Jarrod Johnson
174d204607 Implement compatibility with newer pysnmp 
For now, terminate the async nature
if newer pysnmp is detected.
 2025-11-04 09:58:11 -05:00
Jarrod Johnson
2826abb7ab Prune excessive leftover ext config files 2025-11-03 14:21:36 -05:00
Jarrod Johnson
5adb5fa780 Automatically sign XCC certificates on discover 
If an XCC doesn't have a 'real' certificate, sign it with the confluent
CA for 47 days.
 2025-11-03 14:02:33 -05:00
Jarrod Johnson
5de063212f Prepare for supporting constrained CA 
If asked to sign using a name constrained CA,
avoid generating a certificate that
would violate those constraints.
 2025-11-03 10:43:34 -05:00
Jarrod Johnson
073f6d1389 Wire up cert signing to nodecertutil 2025-10-31 12:04:27 -04:00
Jarrod Johnson
f755ba9f91 Implement method to sign BMC certificates 2025-10-31 10:46:42 -04:00
Jarrod Johnson
cf8c01ef13 Merge remote-tracking branch 'lenovo' 2025-10-31 09:48:05 -04:00
Jarrod Johnson
8b12047ae0 Update to handle newer XCC2 firmware 2025-10-31 09:45:59 -04:00
Jarrod Johnson
f0a779764d Fix ordering of digest argument 
The digest argument was erroneously inserted between startdate and it's
argument, correct this mistake.
 2025-10-28 15:39:04 -04:00
Jarrod Johnson
0ad7e99efe Only optionally use cryptography verification 
Some supported distributions can't run the newer cryptography.

Make it a feature that only works with newer platforms.
 2025-10-27 08:38:14 -04:00
Jarrod Johnson
24a76612ae Use sha284 hash algorithm 
Some implementations reject sha256 as inadequate if ecdsa has 384 bit keylength. Bring the digest up to match
the key size for the ECDSA.
 2025-10-27 06:41:05 -04:00
Jarrod Johnson
6c9c58f464 Update certutil to prepare for broader usage 
For one, apply more rules from CA/B forum. This includes including KU and EKU extensions, marking basicConstraints critical, and
randomized serial numbers.

Also make the backdate and end date configurable, to allow
for the BMC certs to have a more palatable validity interval.
 2025-10-26 14:57:26 -04:00
Jarrod Johnson
3125f4171b Begin overhaul of TLS cert management 
Begin expanding certutil to sign other certificates from external CSRs more easily.

Have certutil make the CA constraint critical.

Have the fingerprint based validator have a mechanism to check for properly signed certificate in lieu of exact match,
and update the stored fingerprint
on match.

Provide a means to request a custom subject when evaluating a
target.

Change redfish plugin to set that subject in the verifier.
 2025-10-24 20:02:51 -04:00
Jarrod Johnson
762adb882a Track client address on checkin 
When doing DHCP deployment in particular, it's good to track what the actual ip was.
 2025-10-21 13:04:30 -04:00
Jarrod Johnson
c5896c056e Add facility to manage BMC CA certs 
For redfish at least, we can manage
some BMC CA certificate trust stores.
 2025-10-14 14:30:27 -04:00
Jarrod Johnson
a73dced80b Fix configbmc on XCC3 
IPv4 based configbmc is now fixed for multi-nic XCC3 configurations.
 2025-10-14 13:19:28 -04:00
Jarrod Johnson
b6188683b8 Redirect 'xcc' to 'xcc3' for bmcconfig -c 2025-10-14 10:22:15 -04:00
Jarrod Johnson
50243b67d5 Add a more helpful error when bmc not set 
When doing a configbmc, need to present
a more reasonable message about lack of address.
 2025-10-08 14:20:44 -04:00
Jarrod Johnson
7cdfcd4913 Implement support for multi-manager XCC managed systems 2025-10-08 09:42:17 -04:00
Jarrod Johnson
179ad4e196 Fix IPv6 redfish config fetch for select targets 
Not all targets offer up static gateway
 2025-10-08 09:39:17 -04:00
Jarrod Johnson
f34395648e Add vlan_id management to redfish and ipmi plugins 2025-10-06 17:28:55 -04:00