If 123abc-abc123 were attempted, it would produce
a strange error
when it encounters a string compare to number.
Detect the scenario and treat it like similar situations.
Some plays expect the
inventory from /etc/ansible, detect
if that inventory *could* apply, use if it can.
ansible users generally anticipate leveraging the implicit '.' in the role
path,
chdir to meet that expectation.
'become' in the play without 'become_user' can upset ansible runtime.
Since we are already root, we will just ignore the implicit 'become', since we already
match that behavior.
Provide for applications
where only a small subset of collective
members should be
considered to count
toward whether the collective
can proceed.
Commonly, 'service' nodes may
be numerous to do work, but may all want to go offline
during a maintenance window.
While servicing an enrollment,
there's a window for a collective
member to be 'defined' but not
yet active, meaning quorum may transiently be lost as multiple enrollments progress.
Serialize enrollments by holding the enrollment process open.
Also, there is a chance that a transient transfer error may occur during loading
of the DB. In such a case, restart
the connection rather thn aborting.
Added 2 new function to check if the custom yaml file exists - /etc/confluent/authorize.yaml - and one to update the _allowbyrole and _deniedbyrole vars accordingly.
The open file handle as implemented
could not pass to the subprocess.
Rather than figure out how to open
and pass the filehandle,
simply let the subprocess
independently open the file
if it isn't passed.
While Eaton does not do HTTPS by default,
it can be configured to do so.
Support when available.
Mitigate downgrade attack by
stickying the cert fingerprint.
If fingerprint is present, then refuse
to even think about port 80.
Newer msgpack refuses the encoding argument, use raw=False instead.
Further, newer msgpack refuses to accept int as key by default.
Opt into it as the risk is hash collision due to msgpack int being used directly, and
we aren't dealing with untrusted
peer (we only talk to ourselves).
With V3 systems, we can now ask
the SMMs for the certificates
and use that for a verified
measurement, regardless of
whether the XCC is returning
the correct bay number.
For now, keep using x86_64 as
default, but allow overrides
for other architectures.
One day it may be cleaner to move all addons.cpio to
arch specific subdirs.
This will provide easy way for
client to get FDB data, potentially
for use in conjunction with discovery data.
For now, leave LLDP out, as that isn't currently cached
at the confluent layer.
Jarrod Johnson
erderial