nodeconsole automation added

nodeconsole now has -e and -a options. This allows expect-like scripting to run against a console, for automating console interaction. This includes confluent expression support for formulating node-unique values, e.g. sending ip addr add dev eno1 {net.ipv4_address} to console.

Fixes for arm deployment of el9 and ubuntu diskless

Some issues were found with those deployments in arm nodes

Fixes for ubuntu deployments

ssh service name is correctly specified now, and sample syncfiles are now in the stock profiles

Permit override of unix ownership/permssions on service sockets

For http and native API sockets, if using unix domain the group and permissions can now be customized. Note that the security is still enforced by the peer credentials or in-payload authentication headers, but for environments that want to add file permission limitations as well, this is now possible.

apiclient now writes to stdout in binary

Before, using apiclient to download required using -o, and shell redirect would fail with binary content. Binary content is now passed through allowing shell redirected output.

Allow the monitor role to retrieve attributes via all resource

Formerly, the monitor role was denied access to ‘all’ but allowed ‘current’, which is effectively the same information. Allow both for consistency.

Fix chrony.conf generation in diskless

There were mistakes in the generation of chrony.conf, that has been simplified and fixed.

Add two new pubkey policies, ‘ca’, and ‘ca-only’

The default remains ‘tofu’ (trust on first use), but ‘ca’ is added to allow a signed certificate to pass for first add. ca-only enables traditional x509 certificate validation on every access without trusting the pinned copy.

osdeploy -r added

osdeploy now has a ‘refresh’ option, to allow building of existing contents. Useful if manually handling every OS deployment artifact, but just needing confluent to package up the externally produced material.