| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
Instead of always creating DSA, RSA, and RSA1 key pairs when any of them
is missing, create only the key pair currently requested via Bcfg2.
That is, the abstract configuration entries now determine which key
types are generated (and therefore included in the ssh_known_hosts
files).
The rationale is that many sites don't use RSA1 keys anymore.
|
|
|
|
| |
Signed-off-by: Sol Jerome <sol.jerome@gmail.com>
|
|
|
|
| |
Signed-off-by: Sol Jerome <sol.jerome@gmail.com>
|
|
|
|
| |
Signed-off-by: Sol Jerome <sol.jerome@gmail.com>
|
| |
|
| |
|
| |
|
|
|
|
| |
Signed-off-by: Sol Jerome <sol.jerome@gmail.com>
|
|
|
|
| |
Signed-off-by: Sol Jerome <sol.jerome@gmail.com>
|
|
|
|
|
|
|
|
| |
Ignored files (like Vim swap files) were being picked up by the File
Monitor and were causing tracebacks because they are invalid XML. Now
check for such ignored file patterns before doing any other
processing.
(cherry picked from commit c266631eb36e117bad0f297506dc301ee9cc0487)
|
|
|
|
|
|
|
| |
This fix is more complete than 8059a36 and also fixes issues relating to
the use of wildcards in Decisions.
Signed-off-by: Sol Jerome <sol.jerome@gmail.com>
|
|\ |
|
| |
| |
| |
| |
| | |
toggle "[+]" to "[-]" and back on expanding/collapsing lists
make the whole header bar clickable
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
From the ticket:
A floating, cert-authenticated client can be not recognized properly by
hostname if it resolves to an arbitrary name in reverse DNS.
Background: Metadata.resolve_client, called from @exposed Core's
methods, falls back to reverse DNS lookup for client's name, because the
name is not preserved thanks to bailing off early from
Metadata.AuthenticateConnection.
(This issue can be related to #936.)
This patch enables caching of client names for cert-based floating
clients.
Signed-off-by: Sol Jerome <sol.jerome@gmail.com>
|
|/ |
|
|
|
|
|
|
| |
Don't run 'post' Action entries if they are unlisted in whitelist mode.
Signed-off-by: Sol Jerome <sol.jerome@gmail.com>
|
|
|
|
|
|
|
| |
Previously, we wanted one second for the FileMonitor to notify us
about newly generated SSHkeys. Now, we wait up to ten seconds before
logging a warning and giving up.
(cherry picked from commit 204ddcddea55b1f8eed5f6dfe4dd2967bac5bad7)
|
|
|
|
|
|
|
|
|
| |
Previously, if we got a "changed" event for a path we weren't
monitoring, we would log a warning and ignore it. Now, we log the
warning, but treat it like a "created" event so we know about the
file/directory going forward. This situation shouldn't occur, but this
new logic will handle it a little better.
(cherry picked from commit 29701f299632ea343d7b58af4d3b7a143ced0078)
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|\ |
|
| | |
|
| | |
|
| | |
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
allowing the normal FileMonitor events to populate the data
structures.
We now call the File Monitor's handle_events_in_interval() method
after generating new host keys, so that the normal code paths can
populate the data structures used for binding to file data.
We need the explicit call because we can't wait for the server's
normal event queue processing to discover the changes; we need the
newly-generated keys available immediately for binding during the
current connection with the client.
(cherry picked from commit 74a6e4707725710f6629b292902f2312710e4980)
|
| |
|
|
|
|
| |
regexes consistent
|
| |
|
| |
|
| |
|
| |
|
|\ |
|
| |
| |
| |
| |
| |
| |
| | |
FileMonitor never forgets about directories you've asked it to watch,
so we should never remove them from self.handles. Otherwise, once
deleted and readded, events will arrive with a requestID we don't have
a handle for.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Better config handling: Split into packages.conf (which contains
one-time configuration directives) and sources.xml (which contains
the actual package sources.) The config file looks like a
StructFile, and supports <Client> tags and negated Client and Group
tags. Packages.Reload (_not_ Refresh) is run on changes to the
sources config. tools/packages-convert.py is provided to convert to
the new format.
* Automagic handling of GPG keys. The new config format handles
association of GPG keys go with repos; Packages then Does The Right
Thing and gets them to the clients, gets them installed properly,
and handles them in the specification. At the moment this only
works for yum repos, not APT (see below).
* Automatic generation of yum configs using the sources and GPG keys
supplied. APT configs are not done yet (see below).
* The early vestiges of integration with Pulp (pulpproject.org).
Yet to do:
* Better support for Pulp; documentation on Pulp integration.
* APT support for key handling and config generation.
|
|/
|
|
| |
Signed-off-by: Sol Jerome <sol.jerome@gmail.com>
|
| |
|
| |
|
|
|
|
| |
Properties initialization.
|