Consult collective.manager
to decide to skip
consideration of a node, if
that node shouldn't be managed anyway.
This should avoid "cross-island" behavior for such
environments.
Newer msgpack refuses the encoding argument, use raw=False instead.
Further, newer msgpack refuses to accept int as key by default.
Opt into it as the risk is hash collision due to msgpack int being used directly, and
we aren't dealing with untrusted
peer (we only talk to ourselves).
This will provide easy way for
client to get FDB data, potentially
for use in conjunction with discovery data.
For now, leave LLDP out, as that isn't currently cached
at the confluent layer.
When two nodes are ambiguous, provide more
info (mac) and also a suggestion of
which of the two appears most
trunk-like if one of them looks
suspiciously like a trunk.
This doesn't make the code more efficient, but it
keeps it from slowing down the main process
and allows it to leverage an additional core
to do the work.
Still needs work to restore the error reporting.
For one, there were still bytes v. str for python3 issues in the
certificate exception and credential handling for smm and generic
credential lookup.
There was a python2-ism in lldp that needed to be made 2/3 agnostic
with ord() of a 'bytes' member, converting to bytearray for
normalized behavior.
The discovery core had an issue with chained smms where a set
was used which cannot take a dict, and so it is converted to a list.
If a temporary password is used but the user did not provide a permanent
password that is viable, make the error more explicit.
When doing snmp, messages would always go to log only, even if the
user was at the confetty cli. Give user access to knowing the error
impacting the query.
For the 'by-mac', only remove the structure when it is ready for API
view without changing internal view.
For the 'by-switch', do the update per switch and after it's done.
Provide ability to check scan status through reading
/networking/macs/rescan
Some switches send raw octets back, some printable. Try to normalize
when unprintable chassis id are detected. This is not 100%, if the hex
would be all between 20 and 80 throughout the string, then this will
fail to do the right thing.
Hopefully, the amount of times when lldp partners disagree on how to
implement LLDP-MIB will be limited. Currently it is known than Lenovo
and Juniper switches disagree, and both of those have what would
be unprintable values in the mfg portion of the chassis id.
Also apply fixes and lay groundwork for eventual 'secure' discovery
policy. As such a policy is too limited to be practical at this point
(SMM only) the full deal is postponed until it would be feasible.
In various scenarios, too many macs on a port can be a sign of trouble.
For example, a chained SMM configuration with head on switch port, or
incorrectly pointing a nodes net attributes at a switch uplink port, or
defining SMMs without any nodes, causing XCCs to think they are
rackmount. This sets some sanity value for avoiding problems. This is
of course a mitigation, invalid scenarios could still run afoul of the
limits, but it should catch a large chunk of offending scenarios.
