xCAT/confluent
2
0
Fork 0
mirror of https://github.com/xcat2/confluent.git synced 2026-01-11 02:22:31 +00:00
Code Issues Projects Releases Wiki Activity
5,748 Commits 40 Branches 75 Tags
ec39de3df0737d67b941d40c2c01c56e61789d80
Commit Graph

5748 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Markus Hilger
ec39de3df0 Add bond alias to team description 2025-11-21 14:16:07 +01:00
Jarrod Johnson
a3b768c70f Draft bluefield deploymeent facilities 2025-11-20 16:44:24 -05:00
Jarrod Johnson
4f75d4942b Modify adoption process: 
Restore useinsecureprotocols if set directly on node

Switch from pxe-style to identity-file based node api token for hardened node authentication
 2025-11-20 16:05:22 -05:00
Jarrod Johnson
4d2f36917c Restore useinsecureprotocols after adopt 2025-11-20 15:49:51 -05:00
Jarrod Johnson
a2a50d34d1 Merge remote-tracking branch 'xcat' 2025-11-19 15:38:01 -05:00
Jarrod Johnson
041008a524 Remove redundant el10 initramfs fixup 2025-11-19 15:37:29 -05:00
Jarrod Johnson
5923feaa18 Merge pull request #202 from Obihoernchen/custom 
Add documentation for custom nodeattribs
 2025-11-19 07:47:46 -05:00
Jarrod Johnson
73216fc062 Fix architecture name mismatch 
Confluent went with aarch64 consistent
with EL naming, but Ubuntu used
debian naming, recognize and just
handle that.
 2025-11-18 09:10:30 -05:00
Jarrod Johnson
100944490c Fix potentially uninitialized curridx 2025-11-17 15:07:17 -05:00
Jarrod Johnson
61b07e0af4 Start index at 1 instead of 0 2025-11-17 12:05:03 -05:00
Jarrod Johnson
53760ab5dd Attribute feature enhancement 
Add expression functions upper, lower, block_number, and block_offset.

Add an 'id.index' auto-attribute to
yield a number for nodes.
 2025-11-17 11:58:04 -05:00
Jarrod Johnson
d3e7a49f92 Simplify by recursion 
Use _handle_ast_node to process
everything before the function name in an Attribute call
 2025-11-15 10:32:11 -05:00
Jarrod Johnson
1f688ead28 Implement .replace() for attribute expressions 
Provide an easy to use replace() to allow removing or substiting values
during expression evaluation.
 2025-11-14 17:20:06 -05:00
Jarrod Johnson
d20c5ac6eb Move handling of the loop directio straight to onboot 
There were difficulties in the devfs after
boot, just let the full system handle it.
 2025-11-13 15:33:04 -05:00
Jarrod Johnson
4484216198 Fix issues with the tethered memory optimizations 2025-11-13 15:24:26 -05:00
Jarrod Johnson
e1efd6a9c5 Implement new 'uncompressed' image method 
This allows the FS to just live, uncompressed, in cache.

This is generally a bad idea, however:

- In a hypothetically super-tuned diskless image, the lack of double-cache can offset the lack of compression
- The image will have supreme read performance
- It will have the most deterministic memory behavior
 2025-11-13 14:39:53 -05:00
Jarrod Johnson
58d5209595 Port tethered improvments to EL8 2025-11-13 14:35:18 -05:00
Jarrod Johnson
53c918042a Remove double-caching in tethered diskless 
By default, the squashfs file was being cached as well as the contents after extraction.

This is superfluous pressure on the cache of the OS.

However, it does help keep the image afloat through 'confignet', so
leave it on until onboot completes, then reclaim cache and disable further caching.
 2025-11-13 14:28:25 -05:00
Markus Hilger
9148a841b5 Add documentation for custom nodeattribs 2025-11-13 00:45:53 +01:00
Jarrod Johnson
6ebb6de107 Allow specifiying SNMP privacy protocol 
Modern SNMP devices may require AES.

Unfortunately, older ones may refuse AES.

For compatibility, continue to default to DES, but
allow AES to be indicated in attributes.
 2025-11-10 10:21:01 -05:00
Jarrod Johnson
20292cdfd0 Do not let diskless.conf persist into EL9 diskless images 
It fouls run of kdump building the kdump image.
 2025-11-07 13:22:21 -05:00
Jarrod Johnson
b07da455c2 Fix SAN generation 
The nameconstraint support missed
a branch, fix this.
 2025-11-07 11:22:12 -05:00
Jarrod Johnson
cc9a81103b Do not autosign if the corresponding cryptography is unavailable 
We use cryptography verification, but it's relatively new.

For compatibility, we fall back to fingerprint only.

This is pretty bad when inflicted on
unsuspecting users on autosign,
so skip autosign if cert validation
would break.
 2025-11-04 15:51:22 -05:00
Jarrod Johnson
21155d2091 Bring untethered changes to el10 diskless 2025-11-04 11:17:28 -05:00
Jarrod Johnson
6c0d7ea60e Simplify end untethered el9 diskless environment 
Rather than treat both as the same, since untethered has everything up front anyway, go ahead and extract the filesystem.

This makes the mount look more straightforward and makes it so deletion of files from
the image also frees ram.
 2025-11-04 11:14:52 -05:00
Jarrod Johnson
174d204607 Implement compatibility with newer pysnmp 
For now, terminate the async nature
if newer pysnmp is detected.
 2025-11-04 09:58:11 -05:00
Jarrod Johnson
2826abb7ab Prune excessive leftover ext config files 2025-11-03 14:21:36 -05:00
Jarrod Johnson
5adb5fa780 Automatically sign XCC certificates on discover 
If an XCC doesn't have a 'real' certificate, sign it with the confluent
CA for 47 days.
 2025-11-03 14:02:33 -05:00
Jarrod Johnson
5de063212f Prepare for supporting constrained CA 
If asked to sign using a name constrained CA,
avoid generating a certificate that
would violate those constraints.
 2025-11-03 10:43:34 -05:00
Jarrod Johnson
073f6d1389 Wire up cert signing to nodecertutil 2025-10-31 12:04:27 -04:00
Jarrod Johnson
f755ba9f91 Implement method to sign BMC certificates 2025-10-31 10:46:42 -04:00
Jarrod Johnson
cf8c01ef13 Merge remote-tracking branch 'lenovo' 2025-10-31 09:48:05 -04:00
Jarrod Johnson
8b12047ae0 Update to handle newer XCC2 firmware 2025-10-31 09:45:59 -04:00
Jarrod Johnson
f0a779764d Fix ordering of digest argument 
The digest argument was erroneously inserted between startdate and it's
argument, correct this mistake.
 2025-10-28 15:39:04 -04:00
Jarrod Johnson
0ad7e99efe Only optionally use cryptography verification 
Some supported distributions can't run the newer cryptography.

Make it a feature that only works with newer platforms.
 2025-10-27 08:38:14 -04:00
Jarrod Johnson
24a76612ae Use sha284 hash algorithm 
Some implementations reject sha256 as inadequate if ecdsa has 384 bit keylength. Bring the digest up to match
the key size for the ECDSA.
 2025-10-27 06:41:05 -04:00
Jarrod Johnson
6c9c58f464 Update certutil to prepare for broader usage 
For one, apply more rules from CA/B forum. This includes including KU and EKU extensions, marking basicConstraints critical, and
randomized serial numbers.

Also make the backdate and end date configurable, to allow
for the BMC certs to have a more palatable validity interval.
 2025-10-26 14:57:26 -04:00
Jarrod Johnson
3125f4171b Begin overhaul of TLS cert management 
Begin expanding certutil to sign other certificates from external CSRs more easily.

Have certutil make the CA constraint critical.

Have the fingerprint based validator have a mechanism to check for properly signed certificate in lieu of exact match,
and update the stored fingerprint
on match.

Provide a means to request a custom subject when evaluating a
target.

Change redfish plugin to set that subject in the verifier.
 2025-10-24 20:02:51 -04:00
Jarrod Johnson
762adb882a Track client address on checkin 
When doing DHCP deployment in particular, it's good to track what the actual ip was.
 2025-10-21 13:04:30 -04:00
Jarrod Johnson
36687069aa Fix ESXi8 deployment 
The changes for getinstalldisk assumed functionality
in ESXi9.  Target older
functional level for our purposes.

Also expand the fallback to cover cases where the disk interrogation fails.
 2025-10-21 11:11:52 -04:00
Jarrod Johnson
11ff2dabfc Clean up kickstart networking 
Try to apply hostname through localcli, since
hostname is unsupported through net if dhcp.

Also more affirimatively indicate dhcp.
 2025-10-17 10:00:38 -04:00
Jarrod Johnson
f9351484a4 Add fallback if getinstalldisk detects no preferred disks 2025-10-17 09:32:33 -04:00
Jarrod Johnson
b22c17208a Stop preferring HWE for now 
The HWE has some missing hardware support, ironically...
 2025-10-16 18:30:46 -04:00
Jarrod Johnson
4982ac1a17 Bump genesis version 2025-10-15 16:51:21 -04:00
Jarrod Johnson
a43d7e11e2 Implement an esxi getinstalldisk 3.14.2 2025-10-15 10:43:36 -04:00
Jarrod Johnson
c5896c056e Add facility to manage BMC CA certs 
For redfish at least, we can manage
some BMC CA certificate trust stores.
 2025-10-14 14:30:27 -04:00
Jarrod Johnson
a73dced80b Fix configbmc on XCC3 
IPv4 based configbmc is now fixed for multi-nic XCC3 configurations.
 2025-10-14 13:19:28 -04:00
Jarrod Johnson
b6188683b8 Redirect 'xcc' to 'xcc3' for bmcconfig -c 2025-10-14 10:22:15 -04:00
Jarrod Johnson
50243b67d5 Add a more helpful error when bmc not set 
When doing a configbmc, need to present
a more reasonable message about lack of address.
 2025-10-08 14:20:44 -04:00
Jarrod Johnson
7cdfcd4913 Implement support for multi-manager XCC managed systems 2025-10-08 09:42:17 -04:00