Firmware updates, media, os import, and more no longer require confluent user to have access

When using the CLI client, the end user access is used when possible for the relevant file rather than requiring the confluent user be able to open it independently. This should largely eliminate the need to place files in /tmp and set relaxed permissions for confluent to process them, except when traversing a collective.

Lenovo v2 product family is now supported

Updates have been performed to support new functions in the v2 family. Notably:

  • New configurations of v2 dense chassis are supported
  • nodereseat can now reseat rackmount servers as well as dense for v2 servers

Ansible playbooks are now supported in OS profiles

A profile may contain ansible/post.d/, ansible/firstboot.d/, and/or ansible/onboot.d/ yaml files. If present, then confluent will execute the plays on the management node targeted at a node reaching that phase of deployment. The ‘Hosts’ line will be provided by confluent, and should be omitted from plays in those directories. Requires osdeploy initialize -a

A syncfiles facility has been implemented

Profiles now have a syncfiles facility that allow files on the deployment server to be synced to servers during the post phase:

  • Implements a superset of syntax as xCAT syncfiles
  • Merging passwd and group implicitly creates password disabled corresponding shadow entries as needed
  • syncfiles file in a profile directory directs functionality (samples available in default profiles)
  • Requires osdeploy initialize -a

Confluent Genesis environment has received improvements

As well as refreshing the general lever of software contained in genesis, some key enhancements have been implemented:

  • Confluent genesis may now be targeted by ansbile plays
  • Console behavior is enhanced for video console when serial is in use
  • Confluent now supports LVM2 drives for rescue activity

Collective behavior has been significantly improved

A focus area during 3.2 development was studying collective behavior in very large configurations, and addressing a number of issues:

  • Improve speed of convergence of state information
  • Reduce instances of ‘lost’ collective members missed during startup
  • Better handling of long-running remote tasks to avoid false errors about collective member going unreachable

Switch interrogation is now subject to collective.managercandidates

A collective may spsecify which managers are permitted to scan a switch. This can be used to speed up switch interrogation in large clusters with multiple collective members dealing with isolated ‘islands’ of networking.

Numerous performance improvements have been implemented

A significant effort was put into profiling and identifying opportunities for significant performance improvement. Notably:

  • VT-aware buffering is now offloaded and rewritten in C
  • SNMP switch interrogation is offloaded the main process
  • nodeconfig memory consumption has been improved
  • Improved discovery performance
  • Web consoles are migrated to a websocket interface

Improvements have been made to OS deployment

A number of enhancements were done for OS deployment:

  • A firstboot.d script may now ‘reboot’ without breaking firstboot support
  • Output is now more prominent on console and in /var/log/confluent
  • A new source_remote_parts is added to let a script source, rather than run, segregated scripts that are remote.
  • Some envirnonment variables have had ‘confluent_’ prepended, to avoid conflict with other uses of the common variable names.
  • Alma, Rocky, CentOS Stream, CentOS, and RedHat are all supported through at least 8.4 version

Confluent private SSH keys are now encrypted

The private keys are now encrypted on generation, and ssh-agent is used to decrypt. The same protection applied to ‘secret.’ attributes is extended to private ssh keys used by confluent SSH certificate authority, and the key used for ansible execution and syncfiles operation

Various minor enhancements and fixes have been done

A large number of minor fixes and enhancements were done. Some changes include:

  • nodesetboot and nodeboot now accept usb as a boot device target
  • osdeploy now has a list subcommand to show distributions and profiles
  • nodeshell now has a -s argument to allow specifying an alternative name (e.g. bmc-{node}) or suffix (e.g. -eth1) for ssh processes