To extend beyond the OpenBmc wrapped dialect of VNC,
provide mechanism for plugins to provide
arbitrary cookie, password, url, and protocols parameters.
Implement for ProxMox.
A common issue in larger layer 2 configurations is
for the neighbor table to be undersized for the number of
nodes.
Detect this manifesting and present a message.
For one, understand 'ip' to potentially mean 'bmc' for list
to assign convenience.
Parallelize handling of csv importing to improve performance.
Only call rescan once per bulk assign
Some kernels may bundle the NLMSG_DONE in the last
useful system call, unlike the previous norm of sending it as
a single message in a terminating system call.
302 works for iPXE, but not for more limited UEFI
http client.
If we are dealing with UefiHttpBoot, check for a header
from nginx config and use X-Accel-Redirect to induce proxy side
redirect transparent to client.
Otherwise, give an error indicating the issue with the profile
name length and incompatibility with Apache capabilities.
When trying to set a node or group attribute, evaluate
length of any potential formatting specification to keep it under
8 characters.
This should prevent even temporary expansion over 10MB for an attribute
on the way to setting it.
Some profiles may want to have a fixed boot image,
and site specific content limited to the identity payload, or at
least the TLS so it could fetch the rest over https.
If an expression causes an inordinate amount of memory to be
used, then block it from continuing.
For now, we consider that an expression that expands beyond 16k. I
am unable to conceive of a use case where someone would want to
use an expression to derive more than 16k as it stands, as we don't
carry any particularly large opaque payloads right now.
The r8169 enjoys some popularity.
Also, we'd like to be able to try out diskless/cloning with
VMs, so vmxnet3 and virtio_net are handy to round that out.
For both proxmox and vmware, properly model the 'oldstate' feature.
For proxmox, further:
- Wait for power change to actually take effect
- Change reset to a cycle, to help nodesetboot actually work correctly.
This allows users to opt into disabling setting further profile changes.
Nodes may be 'unlocked' (normal), 'autolock' (will lock on next
completion), or 'locked' (unable to change the pending OS profile)
If a nic were aliased *and* the node had attributes
for ipv6 but used host resolution for ipv4 identity,
it was possible for PXE to pick the wrong way
to respond.
Instruct netutil to specifically consider only the matching family
for the PXE/HTTP boot context
If a confluent collective member is stopped, then the
HTTPS check passes. If we end up with a 503 indicating
the other end has a missing confluent, fall back to the loop
to check for other living collective members.
