Add a shared OMAPI policy helper for ISC DHCP and DDNS so administrators can select the key name, signing algorithm, and omshell path from the site table while preserving the existing xcat_key hmac-md5 default.
Keep local ISC updates from hanging indefinitely when omshell does not exit, and use a static host-declaration fallback for local Ubuntu ISC releases where omshell is unstable for xCAT host updates.
Co-authored-by: gskouson <1507929+gskouson@users.noreply.github.com>
The CUDA docs were frozen at CUDA 9.2 / RHEL 7.5 / Ubuntu 14.04 since
2019. Update to cover all currently supported OS and architecture
combinations (EL 7-10, Ubuntu 20.04-24.04, x86_64/ppc64le/sbsa).
Consolidate the version-specific repo and osimage pages into generic
guides that use placeholder variables, reducing 7 files to 2 while
covering more OS versions. Both online (direct NVIDIA repo URL) and
offline (dnf download / apt download mirroring) workflows are
documented.
All NVIDIA repository URLs validated against
developer.download.nvidia.com/compute/cuda/repos/ and confirmed
accessible with valid repodata.
Addresses #7373
The default xCAT Apache configuration shipped with Options Indexes
enabled for the /install and /tftpboot directories. This allowed
unauthenticated users to browse directory listings, disclosing the
full tree of postscripts, boot files, and (in production deployments)
potentially kickstart files with password hashes, custom scripts with
embedded credentials, and cluster topology details.
Replace Options Indexes with -Indexes in all four shipped Apache config
files (MN and SN, Apache 2.2 and 2.4 variants). Direct file access
by known path continues to work, so all provisioning workflows are
unaffected. Directory browsing for /xcat-doc is preserved as it
contains only public documentation.
Additionally, add an Apache hardening guide documenting recommended
permissions for sensitive directories under /install, network binding
best practices, and IP-based access control options.
Addresses #7450
Docker container lifecycle management (mgt=docker, mkdocker, rmdocker,
lsdocker) was added in 2015-2016 as an experiment targeting Docker API
v1.22 on Ubuntu only. Documentation and man pages were deliberately
removed in 2019 (PRs #6222 and #6324) with the original developer's
approval, noting that "the interface of Docker has become very simple
right now, so there is no value for xCAT to offer such functions."
The plugin was still being shipped but has had no functional code changes
since April 2016, was never listed as a valid mgt value in Schema.pm,
and no user ever filed an issue about it.
Removed:
- xCAT-server/lib/xcat/plugins/docker.pm (1,142 lines)
- xCAT/postscripts/setupdockerhost
- xCAT-server/share/xcat/scripts/setup-dockerhost-cert.sh
- xCAT-test/autotest/testcase/dockercommand/ (test cases)
- Docker attribute definitions in Schema.pm
- Client symlinks (mkdocker, rmdocker, lsdocker)
- Usage entries and dockerhost cert handling in credentials.pm
- Docker attribute documentation in man7 pages
The "Running xCAT in Docker" documentation (dockerized_xcat/) is
retained as it documents containerizing xCAT itself, not the removed
mgt=docker feature.
Closes#7518
rspconfig vlan= only accepted values 1-4096 with no way to disable
VLAN tagging. Users had to resort to raw IPMI commands to clear a
stale VLAN after ip=dhcp.
- Accept vlan=off/disable/disabled to clear VLAN tagging via
standard IPMI parameter 0x14 with the enable bit unset
- Fix valid range from 1-4096 to 1-4094 (IEEE 802.1Q)
- Use strict digit matching to reject malformed inputs
To clear VLAN after a DHCP reset: rspconfig <node> vlan=off
Tested on Supermicro IPMI BMC (10.20.0.51).
Partially addresses #3725
Vinícius Ferrão
Markus Hilger
Markus Hilger
besawn
Mark Gurevich