Add a shared OMAPI policy helper for ISC DHCP and DDNS so administrators can select the key name, signing algorithm, and omshell path from the site table while preserving the existing xcat_key hmac-md5 default.
Keep local ISC updates from hanging indefinitely when omshell does not exit, and use a static host-declaration fallback for local Ubuntu ISC releases where omshell is unstable for xCAT host updates.
Co-authored-by: gskouson <1507929+gskouson@users.noreply.github.com>
OpenBMC BMCs intermittently return 503 Service Unavailable when the
REST service is busy or recovering. xCAT reported the error immediately,
requiring the user to manually retry. A second attempt usually succeeds.
Retry the same request up to 3 times with a 3-second wait on 503.
If all retries fail, report the error as before. The existing 504
handling for bmcreboot is preserved.
Ref: #4264
Previously, makedhcp warned but still created host entries without
a static IP reservation when a node's address fell inside the
dynamic range. The node would silently get a random IP from the
pool instead of its configured address.
Now errors and skips the node on all four DHCP paths (ISC v4/v6,
Kea v4/v6) with a clear message telling the admin to move the IP
outside the range or adjust the dynamic range.
This makes ISC DHCP and Kea behavior consistent and aligns with
xCAT's design: the dynamic range is for hardware discovery,
known nodes should have static IPs outside it.
Closes#6539
The quiet kernel parameter was hardcoded in anaconda.pm and sles.pm,
making it impossible for admins to get verbose boot output without
editing plugin source code. The existing addkcmdline mechanism
(bootparams and linuximage tables) only appends to the kernel command
line, so there was no way to remove quiet.
Move quiet out of the plugin kcmdline construction and into the
linuximage.addkcmdline default set during copycds osimage creation.
Admins who want verbose boot for debugging can now remove it per
osimage:
chdef -t osimage <image> addkcmdline=""
New osimages get addkcmdline="quiet" by default. Existing osimages
with a custom addkcmdline are not overwritten on re-run of copycds.
Genesis/discovery boot (mknb.pm) is unchanged as it does not use
osimage definitions.
Addresses #6916
On some BMCs (notably Supermicro), a GET immediately after SET
returns the old value until the BMC applies the change. This made
rspconfig output misleading for network setting operations.
- Store the canonical SET value after normalization and compare
with the GET readback for ip, netmask, gateway, and backupgateway.
When they differ, annotate the output:
"BMC Gateway: 10.20.0.1 (requested 10.20.0.254, not yet reflected)"
- Consolidate ip/netmask/gateway/backupgateway display into one block
- Fix backupgateway SET: was routed through the gateway branch
writing parameter 0x0C instead of 0x0E. Now has its own branch
writing the correct IPMI parameter.
- ip=dhcp is unaffected (separate code path, never stores a value)
Tested on Supermicro IPMI BMC (10.20.0.51).
Fixes#3445
Docker container lifecycle management (mgt=docker, mkdocker, rmdocker,
lsdocker) was added in 2015-2016 as an experiment targeting Docker API
v1.22 on Ubuntu only. Documentation and man pages were deliberately
removed in 2019 (PRs #6222 and #6324) with the original developer's
approval, noting that "the interface of Docker has become very simple
right now, so there is no value for xCAT to offer such functions."
The plugin was still being shipped but has had no functional code changes
since April 2016, was never listed as a valid mgt value in Schema.pm,
and no user ever filed an issue about it.
Removed:
- xCAT-server/lib/xcat/plugins/docker.pm (1,142 lines)
- xCAT/postscripts/setupdockerhost
- xCAT-server/share/xcat/scripts/setup-dockerhost-cert.sh
- xCAT-test/autotest/testcase/dockercommand/ (test cases)
- Docker attribute definitions in Schema.pm
- Client symlinks (mkdocker, rmdocker, lsdocker)
- Usage entries and dockerhost cert handling in credentials.pm
- Docker attribute documentation in man7 pages
The "Running xCAT in Docker" documentation (dockerized_xcat/) is
retained as it documents containerizing xCAT itself, not the removed
mgt=docker feature.
Closes#7518
rspconfig vlan= only accepted values 1-4096 with no way to disable
VLAN tagging. Users had to resort to raw IPMI commands to clear a
stale VLAN after ip=dhcp.
- Accept vlan=off/disable/disabled to clear VLAN tagging via
standard IPMI parameter 0x14 with the enable bit unset
- Fix valid range from 1-4096 to 1-4094 (IEEE 802.1Q)
- Use strict digit matching to reject malformed inputs
To clear VLAN after a DHCP reset: rspconfig <node> vlan=off
Tested on Supermicro IPMI BMC (10.20.0.51).
Partially addresses #3725
Two pre-existing bugs in the alert on/off conditions:
1. Operator precedence: 'and' with 'or' without parens caused any
subcommand with argument matching /^en/ or /^dis/ to silently
trigger the alert handler.
2. Loose prefix matching: /^en/ and /^dis/ accepted typos like
"enterprise" or "discover". Replace with exact token matching
while preserving the "en"/"dis" abbreviations used by snmpmon.pm.
RHEL 7 shipped ppc64le ISOs under the "alternate" label, causing
copycds to create distro paths like rhels7.6-alternate/ppc64le.
This mismatched osver() which returns rhels7.6 since /etc/os-release
has no knowledge of the alternate designation.
The architecture (ppc64le vs ppc64) already differentiates the
builds, making the alternate suffix redundant. Strip it during
auto-detection so copycds paths match osver() output.
Fixes#5593
When mkdef is called with an object name but no attributes (e.g.
mkdef -t node -o mynode), setFINALattrs produces an empty hash
and the OBJ loop has nothing to iterate. The code falls through to
"0 object definitions have been created or modified" with no
explanation of what went wrong.
Add a check after setFINALattrs: if FINALATTRS is empty, tell the
user what's missing. For nodes, mention that 'groups' is required.
Fixes#2765
The ntpd config generated by makentp had no access restrictions,
explicitly disabled authentication, and was vulnerable to CVE-2013-5211
amplification attacks.
Add restrict lines to block unauthorized access, add iburst for faster
initial sync, replace "disable auth" with "disable monitor". Security
hardening applies to all platforms including AIX (xntpd supports the
same restrict directives).
The chrony path (EL8+) is unaffected — it delegates to setupntp.
Fixes#2435
The verification logic in rspconfig_response uses a mutually exclusive
if/else to check for the old IP (origin_type) and new IP (check_result).
When setting the same IP, both match the same entry but only origin_type
gets set — check_result stays 0 and the command reports "Config IP failed".
Make the two checks independent so both can match the same IP object.
Fixes#5121
Markus Hilger
Vinícius Ferrão
Daniel Hilst Selli
davidmonro
Markus Hilger
Samveen