2
0
mirror of https://github.com/xcat2/confluent.git synced 2026-07-18 00:16:50 +00:00
Commit Graph

3150 Commits

Author SHA1 Message Date
Markus Hilger 69a6714108 Use raw string notation to fix python compile warnings
E.g.: SyntaxError: "\d" is an invalid escape sequence. Did you mean "\\d"? A raw string is also an option.
2026-07-14 01:26:19 +02:00
Jarrod Johnson 090a887ed9 Merge pull request #235 from Obihoernchen/aiohmi
Various asyncio fixes
2026-07-13 13:26:07 -04:00
Markus Hilger 44d2534b4b Revert changes flagged by review
Restore pre-PR behavior for three changes flagged by @jjohnson42.
Bigger changes are needed for these. Will be done in a separate PR.
2026-07-13 17:25:58 +02:00
Markus Hilger dc906b9cd0 Await IPMI session challenge callbacks
The IPMI 1.5 session-challenge callback returned coroutine objects from error reporting and session activation instead of expressing an asynchronous callback contract directly. That made completion depend on the dispatch path noticing and awaiting the returned object.

Make the callback asynchronous and explicitly await both onlogon() and _activate_session(), ensuring failure notification and activation finish before callback dispatch continues.
2026-07-13 17:25:22 +02:00
Jarrod Johnson e853db5c36 Support affluent peeraddresses, when available 2026-07-13 11:16:47 -04:00
Jarrod Johnson 1660fe9c7d Merge pull request #231 from Obihoernchen/ipmioemfix
Improve SEL record type handling in aiohmi
2026-07-13 08:56:28 -04:00
Markus Hilger 670a11666d Fix remaining hardware async responses 2026-07-13 02:50:12 +02:00
Markus Hilger ca6a54ab05 Fix asynchronous console control dispatch 2026-07-13 02:50:12 +02:00
Markus Hilger 430260becf Await collective address propagation 2026-07-13 02:50:12 +02:00
Markus Hilger 3c6e7d202f Await BMC discovery configuration operations 2026-07-13 02:50:12 +02:00
Markus Hilger b5c5f62789 Fix OEM asynchronous operation dispatch 2026-07-13 02:50:12 +02:00
Markus Hilger 0165fc9935 Fix IPMI coroutine result handling 2026-07-13 02:50:11 +02:00
Markus Hilger 38746b19d5 Import signal for SSH agent cleanup 2026-07-13 02:50:11 +02:00
Markus Hilger b5e0e9f9e4 Fix asynchronous console and shell contracts 2026-07-13 02:50:11 +02:00
Markus Hilger 9c4f9e1935 Fix hardware management async dispatch 2026-07-13 02:50:11 +02:00
Markus Hilger 89d0fa81b9 Fix asynchronous discovery call contracts 2026-07-13 02:50:11 +02:00
Markus Hilger 5fc036a2b7 Await asynchronous configuration mutations 2026-07-13 02:50:11 +02:00
Markus Hilger 91654ea0d1 Fix aiohmi async call contracts 2026-07-13 02:50:11 +02:00
Markus Hilger 2c41841efc Fix additional missing awaits in aiohmi
Await the channel access raw command, the TSMA remote media settings
requests, and the XCC3 volume creation responses. These calls returned
or unpacked coroutine objects, breaking set_channel_access, TSMA
virtual media attach, and RAID volume creation at runtime.
2026-07-13 02:50:11 +02:00
Markus Hilger 2117d120d8 Fix remaining aiohmi async call paths
Await OEM sensor, NTP, retry, and firmware-update operations that otherwise returned or discarded coroutine objects. Return the initialized energy manager for FAPM systems and update stale utility entry points to use asynchronous Command factories.
2026-07-13 02:50:11 +02:00
Markus Hilger 6650a01a25 Fix Redfish OEM handler instantiation
Fallback paths called OEM handler constructors directly, but these handlers are initialized through async create factories. This caused generic, TSMA, and SMM3 selection to fail with 'OEMHandler() takes no arguments'. Use and await the factories consistently.

Also await the asynchronous bmcinfo lookup and forward the TSMA pool argument correctly.
2026-07-13 02:50:11 +02:00
Markus Hilger 2f006e507f Add net.extra_settings for passthrough network settings
Allow arbitrary per-connection network settings, such as static routes
or a firewalld zone, to be specified as semicolon-delimited key=value
pairs on a net.*.extra_settings attribute. The keys are passed through
to the network backend of the deployed OS in its native syntax: nmcli
properties on NetworkManager systems, netplan YAML paths on netplan
systems, and ifcfg variables on wicked systems.
2026-07-11 20:46:46 +02:00
Markus Hilger 3af93c2a39 Tolerate standard SEL records with malformed bodies
A type 0x02 record whose body cannot be decoded (e.g. a bogus EvM
revision) would raise and abort retrieval of the entire event log.
ipmitool and freeipmi print such entries with whatever fields they can
extract rather than failing; degrade to the same raw passthrough used
for undecodable reserved types instead of raising.
2026-07-10 16:50:25 +02:00
Markus Hilger 2034d522d7 Decode Linux kernel panic SEL records
The Linux kernel ipmi panic logger stores panic strings in SEL records
of type 0xf0, with a chunk sequence number in byte 4 and up to 11
characters of the message in bytes 5-15.  ipmitool and freeipmi both
recognize this convention; do the same rather than presenting such
records as opaque non-timestamped OEM data.
2026-07-10 16:50:25 +02:00
Markus Hilger 9f35965b1b Decode reserved SEL record types as standard events
Some BMCs (e.g. AMI) log events using spec-reserved record types like
0x04 with a standard system event record layout.  Previously only type
0x02 was decoded, leaving such entries with no usable data and tripping
the generic OEM handler.  Follow ipmitool and treat all types below 0xc0
as standard format.  If the body of a reserved type turns out not to
follow the standard layout, fall back to passing it through raw instead
of aborting the whole log retrieval.
2026-07-10 16:50:25 +02:00
Markus Hilger be7a3c753a Fix crash if sel entry is not OEM 2026-07-10 16:50:25 +02:00
Jarrod Johnson 0272137e94 Have custom handling for megarac initial password state
Initial password state demands webgui to change password.

So act like the webgui.
2026-07-09 16:42:28 -04:00
Jarrod Johnson 149ecad90e Improvements for MegaRAC discovery
Some Megarac fail with Host header looking like link local.

Systems with nVidia architecture have multiple bmcs, select the actual bmc.
2026-07-09 14:12:23 -04:00
Jarrod Johnson b724de4230 Merge pull request #223 from Obihoernchen/showsecret
Add server-side confluentdbutil showattrib subcommand
2026-07-08 17:53:12 -04:00
Markus Hilger 6f11dffae8 Add server-side confluentdbutil showattrib subcommand
Adds `confluentdbutil showattrib <noderange> <attribute>...` to print the
node attribute.

In contrast to nodeattrib it can shows secrets and crypted values with -u flag.
It's server-side only: reads the config store and master key directly, never over
the API.
It's read-only and works without confluentd running.
2026-07-08 19:55:18 +02:00
Jarrod Johnson 0d90317d1f Merge remote-tracking branch 'xcat/master' 2026-07-08 11:57:15 -04:00
Jarrod Johnson e41a844aa3 Further tighten routing for "special" cases
Mitigate risk of misdirection through more explicit routing rules.
2026-07-08 11:56:48 -04:00
Jarrod Johnson c9adc7690a http api fixes
Instead of returning a sessionless authdata if webauthn loaded and validation requested, raise a not found indicating missing webauthn module.

Fix str being passod to rsp_write for the 403 return.

Ensure the console and shell session logic triggers only for subordinates of nodes or noderange.

Fix  str being passed to rsp.write for the successful console session
2026-07-08 11:27:26 -04:00
Jarrod Johnson 9e71ea6b6e Merge pull request #225 from Obihoernchen/license
License naming fixes for EPEL
2026-07-08 09:46:41 -04:00
Jarrod Johnson ec0ab527b2 Fix exception name 2026-07-07 16:56:32 -04:00
Jarrod Johnson 25a6fb82d4 Correct exception name in passkey denial 2026-07-07 16:47:50 -04:00
Jarrod Johnson 8e75585f7d Fixes for shell session operation in select paths
The classic console interface is restored.
2026-07-07 16:39:35 -04:00
Jarrod Johnson 9a4653412c Fix webauthn related issues
The block on user modification shorted out webauthn hooks.

Further, be more picky about the prefix before the username in webauthn registered credentials and validation.
2026-07-07 16:37:45 -04:00
Markus Hilger dba2af71c7 Match Apache-2.0 license name with SPDX expressions
For EPEL the official SPDX license expressions have to be used.
Check:

- https://docs.fedoraproject.org/en-US/packaging-guidelines/LicensingGuidelines/
- https://spdx.org/licenses/
- https://docs.fedoraproject.org/en-US/legal/allowed-licenses/
2026-07-07 21:08:43 +02:00
Jarrod Johnson c3b75f0ca1 Remove stale logging output from enlogic 2026-07-02 16:23:32 -04:00
Markus Hilger 89c710f8c3 Fix key typo dropping verified flag in enclosure discovery 2026-07-02 22:07:48 +02:00
Markus Hilger e280651343 Fix discostatus typo hiding records from the unidentified filter 2026-07-02 22:07:38 +02:00
Markus Hilger 7727cd86fc Fix typos in help text, errors, and log messages 2026-07-02 22:07:27 +02:00
Jarrod Johnson 98190031df Merge pull request #221 from Obihoernchen/defaultdoc
Add more attribute documentation
2026-07-02 15:05:44 -04:00
Markus Hilger 0f20c709c0 Add more attribute documentation
- deployment.lock: add missing 'unlocked' (messages.py's
  InputDeploymentLock/DeploymentLock already accept and persist it).
- hardwaremanagement.method: correct stale "ipmi is used if not
  specified" claim. Was changed to null in
  c14165e2bd.
- snmp.privacyprotocol: document that unset is treated as 'des'
  (snmputil.py explicitly groups None with 'des').
2026-07-02 19:50:56 +02:00
Jarrod Johnson a8cd9a24d5 Auto-restart vtbufferd on exit
If vtbuffer is interrupted, then restart it.
2026-07-02 12:13:24 -04:00
Jarrod Johnson 752d04939b Merge pull request #220 from Obihoernchen/pubkeys_addpolicy
Fix pubkeys.addpolicy documentation to match implementation
2026-07-02 10:31:04 -04:00
Jarrod Johnson d24359a86c Add comments clarifying non-voting state with respect to security expectations 2026-07-02 10:27:21 -04:00
Markus Hilger 4c0b2e44f4 Fix pubkeys.addpolicy documentation to match implementation
validvalues listed 'automatic'/'manual', but that was outdated.
Commit 454e1b8267 and cc70dcfa2b
implemented unset/'tofu' (trust-on-first-use, the default), 'manual', 'ca-only',
and an implicit 'ca' (any value that isn't otherwise handled falls
through to the standard CA-verification path, keying an already
pinned match without a full CA reverify).
The validvalues fix in ecaa75d967 rejected
these new values. Add new valid values with proper documentation.
2026-07-02 15:55:50 +02:00
Jarrod Johnson ada4cb196d Lock down non-system users to not have open ended access 2026-07-01 21:11:27 -04:00