Debian 12

The Debian 12 ‘mini.iso’ for netboot is now recognized as an osdeploy import payload for deployment.

Deployment functionality may now be locked

A new facility is provided to let environments lock down deployment activity.

The following will prevent nodedeploy activity:

confetty set /noderange/{noderange}/deployment/lock=locked

The following will allow nodedeploy activity:

confetty set /noderange/{noderange}/deployment/lock=unlocked

To request deployment to lock when deployment completes:

confetty set /noderange/{noderange}/deployment/lock=autolock

Note that ‘Operator’ priviliege is blocked from locking/unlocking deployment state, ‘Administrator’ privilege is required, unlike other node attributes.

Improve collective failover for management nodes with confluent down

Many nodeapply operations will now failover if the targeted deployment server has confluent down, but webserver running.

Support for virtual machines as nodes

New vcenter and proxmox plugins are added, providing text console, screenshots (vcenter only), power control, inventory, and set boot device support.

Make syncfiles more robust to private address interfaces

When a system had a mix of unreachable addresses and viable addresses, syncfiles could be confused. This has been improved.

Fix remote video console access through confluent

The remote video access would fail to start if no local consoles had been accessed, this has been addressed.

Diskless Enterprise Linux images now honor ntp server

The ntp server setting was ignored by diskless profiles, this has been addressed.

An issue with EL8 diskless builds was addressed

Changes to default SELinux behavior caused failures with EL8, this has been addressed.

Improve confluent_selfcheck to cover more scenarios

A few scenarios are added to cover detected issues.

Add drivers to default diskless/cloning driver list

For virtual machines network drivers are added, as well as r8169

Attribute formatting is now limited in pad size

Overly large padding is now rejected as not supported.

TLS certificates now added in identity images

For identity image deployment, a profile may now use the identity image to get the local certificate authorites.

Amend URL shortening behavior

UEFI implementations cannot handle 302, so 302 is only sent to iPXE. If nginx configuration detected, a proxy side redirect is done, otherwise an error message.

Improvements to nodeconsole display and error handling

Screenshots are now framed to help tiling, as well as error messages being rendered as images.

Fix bug with autoconsole for systems without SPCR

A cosmetic error message is averted if there is no SPCR to read.