Isn't it time to be thinking about 3.0?
Here are a number of suggestions:
Review all commands for consistency of option and subcommand naming
('stat' vs 'state' vs 'status', 'mk*' or 'make*' commands).
Review the various usage messages from commands for completeness.
Consider 'xc' or some other
profile name
which is just a subdirectory name (including a datestamp).
I either use "chdef node profile=compute-gpfs-ge-20130207" or "nodeset
netboot=centos6-x86_64-compute-gpfs-ge-20130207". I never directly
manipulate any of the other image related tables.
After building o
On Thu, 7 Feb 2013 at 16:06 -, Jarrod B Johnson wrote:
> Also, in this case, would you only want to use the feature when
> paired with the secure credential bootstrap so that we don't trend
> toward the 'autosign' scenario?
Getting better credential bootstraping would be wonderful.
We can mo
I haven't dabbled in crypto stuff in years, but from what I remember the
entire point of diffie-hellman was to eliminate the need for out-of-band
initial delivery of key.
some kind of flow like:
(1) establish diffie-helman key exchange.
(2) deliver xcat ca cert encrypted with key exchanged in (1
1. dhcp snooping - it's more like binding the ip to a network port
regardless of a mac address (makes swapping in new servers easier (no new
mac discovery)). I'll ping you off list on more details.
2. I'll dig into xcat developer docs (just stalled on my wol plugin I was
thinking about).
3. fewer
I'd want to be able to use the puppet CA integration with or without the secure
credential bootstrap. This would allow me to use this more widely (read: on our
legacy hardware) without requiring IBM gear or SNMPv3 capable switches. I'd
like to use the puppet CA with the secure bootstrap, but I d
Hi,
Inherited an xcat cluster and having unusual issues with name
resolution from nodes (which is stopping PBS from functioning)
symptom:
>From node5:
[root@separatrix bin]# ssh node5
Last login: Wed Feb 6 18:23:08 2013 from 172.20.0.1
[root@node5 ~]# telnet separatrix.hpc 42559
separatrix.
Also, in this case, would you only want to use the feature when paired with
the secure credential bootstrap so that we don't trend toward the
'autosign' scenario? If so, would you view either a requirement for IBM
servers *or* a managed, SNMPv3 capable switch as acceptable for the
security? Doin
I think it would be best to extend it to work with other CAs.
Puppet has control of all systems, while xCAT only has control of our compute
nodes. At least for us, having xCAT pull the strings on the existing puppet CA
would be the better approach.
Greg Mason
HPC Systems Administrator
Michigan
So currently, we have a not-advertised feature for automatic certificate
revocation and reissuance. Currently it only works with our CA. Would it
be acceptable for puppet to trust our CA, or should we make it more
extensible to another CA?
From: Greg Mason
To: xCAT Users Mailing list ,
Hi Ling,
Currently, I bootstrap out systems into puppet with a postbootscript. The
postboot script fires off the puppet client with the --waitforcert option.
Then, a human signs the cert on the puppet server, then the postbootscript
continues with the initial and then subsequent puppet runs.
W
1. Might want more details on this. I could imagine a few different
scenarios fitting that description. Functionally, the switch discovery is
precisely that, ethernet addresses getting bound to ip by virtue of what
port they plug into. If you mean a feature where we recognize tags
injected by s
-First come first serve discovery: Have a noderange to iterate through
first-come-first server rather than requiring a server enclosure or
switch relationship defined for smaller/simpler environments.
Love that idea, would make standing clusters up much more turn-key than
it currently is.
Hi Greg,
Could you give more details for the puppet integration requirement?
Thanks,
Ling
Ling Gao
Poughkeepsie Unix Development Lab
IBM Systems and Technology Group
Internal: T/L 293-5692
External: ling...@us.ibm.com, 845-433-5692
"I never worry about the future. It comes soon enough." --
I would second that :)
From: Greg Mason [mailto:gma...@msu.edu]
Sent: Thursday, February 07, 2013 10:05 AM
To: xCAT Users Mailing list
Subject: Re: [xcat-user] xCAT 2.9 feature proposals...
Just my $0.02: Puppet integration would be outstanding. If we could only get
one of these features, that w
How about things like:
1. DHCP snooping support (ability to tie ip address to switch port)
2. generic control device support (ability to call a different plugin for
controlling a device (wol, external power controllers (apc, baytech,
cyclades, newer avocent devices), different ipmi tool perhaps (i
Just my $0.02: Puppet integration would be outstanding. If we could only get
one of these features, that would be my pick.
-Greg
Greg Mason
HPC Systems Administrator
Michigan State University
High Performance Computing Center
web: www.hpcc.msu.edu
email: gma...@msu.edu
On Feb 7, 2013, at 11:55
First off, if anyone has any requests that I don't enumerate, feel free to
mention.
Some ideas I'm considering pursuing for 2.9 timeframe depending on interest
(we likely can't hit them all even if everyone wanted them):
-Security features
-Authenticated netboot (capability would require
18 matches
Mail list logo