If an XCC is booting, it may appear before it's ready to use redfish to manage user accounts. Handle this by delaying the discovery until
the service is ready.
Provide checks for nginx config and apache configuration, perhaps even concurrently.
Latch on the first match, since we are taking care of IP based SANs and subsequent server/virtualhost sections are irrelevant.
Latch onto a chain file, if indicated in the apache configuration, placing our CA in the chain.
For nginx, put our CA in the cert, since nginx
uses the 'certificate' file as the chain.
In this scenario, a cross-signed CA cert is possible.
Cache the directory list over a few seconds
to avoid excessive filesystem calls.
Also switchg to a more potent regex to avoid wasting time on timestamped files.
openEuler 24.03 seems closest to el8, so start with that baseline.
Modify el8 handling to recognize a totally missing CA bundle and assume
the original el8 location.
Have osimage recognize openEuler media by presence of openEuler release file.
The UUID and tls material usually comes from site, but some
OSes may depend entirely on the identity image, so
make the UUID available that way as well.
Newer ansible requires deferred plugin initialization explicitly,
support either ansible norm.
Reliably mark a play as complete even if facing a very early init
problem, e.g. if ansible shebang points to a non-existant python.
Fix incorrect association of stderr to tasks, and present
stderr to the client exactly once.
For various reasons, it is likely/expected for fe80:: to fail the 'local'
check. This is fine in most contexts, except for credserver and ssdp.
ssdp already special cased fe80::, so special case fe80:: in credserver
as well.
If a user has custom
windows categories, match
them to media import.
To do this, we needed to go to pycdlib, as libarchive can't
do UDF-only isos.
For now, this has no progress indication, but does extract it similar
to most Linux distributions are done.
To extend beyond the OpenBmc wrapped dialect of VNC,
provide mechanism for plugins to provide
arbitrary cookie, password, url, and protocols parameters.
Implement for ProxMox.
A common issue in larger layer 2 configurations is
for the neighbor table to be undersized for the number of
nodes.
Detect this manifesting and present a message.
Some kernels may bundle the NLMSG_DONE in the last
useful system call, unlike the previous norm of sending it as
a single message in a terminating system call.
302 works for iPXE, but not for more limited UEFI
http client.
If we are dealing with UefiHttpBoot, check for a header
from nginx config and use X-Accel-Redirect to induce proxy side
redirect transparent to client.
Otherwise, give an error indicating the issue with the profile
name length and incompatibility with Apache capabilities.
When trying to set a node or group attribute, evaluate
length of any potential formatting specification to keep it under
8 characters.
This should prevent even temporary expansion over 10MB for an attribute
on the way to setting it.
Some profiles may want to have a fixed boot image,
and site specific content limited to the identity payload, or at
least the TLS so it could fetch the rest over https.
If an expression causes an inordinate amount of memory to be
used, then block it from continuing.
For now, we consider that an expression that expands beyond 16k. I
am unable to conceive of a use case where someone would want to
use an expression to derive more than 16k as it stands, as we don't
carry any particularly large opaque payloads right now.
