Add compute and service profile symlinks for alma10, following the
existing pattern used by alma8 and alma9. Also add the missing
dracut_105 symlink required by EL10's dracut v107.
Tested with BIOS and UEFI stateless provisioning on AlmaLinux 10.1.
Port the -r option from the deprecated confignics postscript to
confignetwork. This allows removing network configuration for NICs
that are not defined in xCAT, useful when nodes have extra interfaces
that get DHCP addresses by default.
Safety checks ported from confignics:
- Skip non-ethernet interfaces
- Skip bridge members
- Skip xCAT-defined NICs
- Skip install NIC
- Skip VLAN interfaces
- Skip bonding members (SLAVE/MASTER)
Closes: https://github.com/xcat2/xcat-core/issues/6142
Supersedes: https://github.com/xcat2/xcat-core/pull/7092
Co-Authored-By: Christopher Walker <cjw1006@gmail.com>
Address ShellCheck warnings across go-xcat without breaking
distro detection. Key changes:
- Replace source /etc/os-release with awk parsing that strips
quotes, fixing detection on distros that quote ID/VERSION_ID
- Use $() instead of backticks for command substitution
- Quote $1 and file path variables in dnf/yum repo version checks
- Use ${FUNCNAME[0]} instead of ${FUNCNAME} for dispatch calls
- Fix $@ vs $* usage in string contexts (warn_if_bad, el9 check)
- Remove useless use of cat (UUOC) in pipe chains
- Escape $releasever/$basearch/$stream in CRB repo echo
- Use xargs instead of unquoted command substitution in rm
- Split local declaration and assignment per SC2155
- Fix minor typos (secert -> secret, preform -> perform)
Signed-off-by: Vinícius Ferrão <vinicius@ferrao.net.br>
Co-Authored-By: Samveen <samveen@samveen.in>
Replace backtick command substitutions with $(), quote variable
expansions to prevent word splitting, replace useless cat pipes with
redirections, use grep -q instead of redirecting to /dev/null, and use
bash parameter expansion for case conversion.
Based on the work from PR #6366, rebased and adapted to current master.
Shebangs already merged separately via df64bf8fe are excluded.
Co-Authored-By: Samveen <samveen@yahoo.com>
The activenics{"!remote!"} hash key is checked at line 1940 but never
set by any code path — neither the dhcpinterfaces parsing nor the
querynics discovery populates it. This causes the guard to always
evaluate true, hitting next and silently skipping every !remote!
network when dhcpinterfaces is defined in the site table or on a
service node.
Remove the dead check so remote networks are processed correctly.
The inner activenics{$netif} check (which uses the actual interface
name after stripping the !remote! prefix) is the correct guard and
is preserved.
Original analysis by lebonez in xcat2/xcat-core#7242.
Co-authored-by: Lebonez <25910791+lebonez@users.noreply.github.com>
NetworkManager auto-generates connection names that can contain spaces
(e.g. "Wired connection 2"). Multiple devices can also share the same
auto-generated name. Both cases cause failures when names are passed
to nmcli in bridge and bond setup paths.
Resolve active connection UUID via nmcli device show (GENERAL.CON-UUID)
instead of by name, which avoids both word-splitting on spaces and
ambiguity when multiple connections share the same name.
Changes:
- Bridge slave setup: resolve UUID via device show instead of by name
- Bond slave setup: same UUID-via-device approach for con down/mod
- Bridge rollback: preserve original xcat-prefixed connection name so
rollback paths restore the correct name instead of a UUID
- Utility functions: quote connection name arguments in
is_nmcli_connection_exist, is_connection_activate_intime, and
wait_nic_connect_intime for defensive correctness
- Add -F flag to grep in is_nmcli_connection_exist for literal matching
- Log both human-readable name and UUID when reusing existing connections
Tested on EL10 host with duplicate "Ethernet connection 1/2" profiles
across multiple NICs — UUID resolution via device returns exactly one
UUID per device regardless of name collisions.
Follows up on #7562 and #7483.
Co-authored-by: OliverTUBAF <86062666+OliverTUBAF@users.noreply.github.com>
Detect static netplan addresses on older Ubuntu netplan releases by falling back to generated systemd-networkd configuration when netplan get is unavailable. Keep netplan get authoritative when supported.
Co-authored-by: karcaw <663031+karcaw@users.noreply.github.com>
Add a shared OMAPI policy helper for ISC DHCP and DDNS so administrators can select the key name, signing algorithm, and omshell path from the site table while preserving the existing xcat_key hmac-md5 default.
Keep local ISC updates from hanging indefinitely when omshell does not exit, and use a static host-declaration fallback for local Ubuntu ISC releases where omshell is unstable for xCAT host updates.
Co-authored-by: gskouson <1507929+gskouson@users.noreply.github.com>
NetworkManager can auto-generate connection names with spaces (e.g.
"Wired connection 2"). The bridge slave setup in create_bridge_interface_nmcli
stored this name in a variable that was later expanded unquoted in nmcli
commands, breaking both the initial con mod and all downstream operations
(con up, con delete on rollback). Resolve the connection to its UUID
before use, which is space-safe and valid for all nmcli operations.
Closes: #7483
bool_install_nic on line 99 should be boot_install_nic, matching
the variable used everywhere else in the script. This caused the
SETINSTALLNIC environment variable to have no effect.
Fixes: xcat2/xcat-core#7472
On RHEL 9.x minimal installs, the yum package may not exist as a
separate RPM — only dnf is present with /usr/bin/yum as a symlink.
The previous detection using rpm -q yum would fail, causing hasyum
to remain 0 and skipping repo file creation entirely.
Replace rpm -q based detection with executable checks for /usr/bin/dnf
and /usr/bin/yum. Introduce yumcmd variable to carry the actual command
name through all package operations instead of hardcoding yum.
Fixes: xcat2/xcat-core#7497
bmcsetup iterated every user slot and retried ipmitool user disable for slots that were already disabled. Lenovo XCC reports those attempts as Invalid data field in request, so discovery can spend minutes retrying no-op disables.
Read the current user table once per BMC, keep the old fallback when the table cannot be read, and disable only non-target slots whose IPMI Msg flag is true. Also use the loop's current username when resolving the target slot and keep the intended userslot 2 fallback assignment.
Fixesxcat2/xcat-core#5065
OpenBMC BMCs intermittently return 503 Service Unavailable when the
REST service is busy or recovering. xCAT reported the error immediately,
requiring the user to manually retry. A second attempt usually succeeds.
Retry the same request up to 3 times with a 3-second wait on 503.
If all retries fail, report the error as before. The existing 504
handling for bmcreboot is preserved.
Ref: #4264
The xCAT-server build-readme script runs every tool in share/xcat/tools/
with --help during RPM packaging. At build time perl-xCAT is not installed,
so the compile-time 'use xCAT::DHCP::Backend' aborts before --help can run.
Switch to runtime require inside the remove-operation branch where the
module is actually needed.
Extend the existing sha256-to-sha1 fallback (already present in
got_rmcp_response for Open Session errors) to also cover RAKP2
rejections with "Unauthorized name" (0x0d) or "Invalid role" (0x09).
Ref: #7511
Set bit 4 (0x10) of the requested privilege byte in RAKP Message 1
for name-only user lookup, matching ipmitool behavior. Use the same
value consistently in all HMAC calculations (RAKP2 verification,
RAKP3 auth code, SIK derivation).
Without this, some BMCs fail user lookup with "Unauthorized name"
even though the credentials are correct.
Ref: #7511
OpenBMC-based BMCs return message tag 0 in RAKP2/RAKP4 instead of
echoing the tag from the request. xCAT rejected these as stale
responses and retried indefinitely until timeout.
Accept tag 0 but verify the remote console session ID in the response
matches our current sidm. This prevents stale retries from corrupting
session state while allowing OpenBMC responses through.
Applied to got_rmcp_response, got_rakp2, and got_rakp4.
Ref: #7511
cbc_pad in decrypt mode reads the last byte as the pad count, then
calls splice(@block, 0 - $count). If decrypted data is corrupt, the
pad count can exceed the array size, crashing with "Modification of
non-creatable array value attempted, subscript -16".
Return empty string on invalid padding so the caller treats it as a
decryption failure rather than accepting corrupted data as a valid
IPMI response.
Ref: #7511
Vinícius Ferrão
Markus Hilger
Markus Hilger