arif/xcat-core
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

These updates move the /install/postscripts/hostkeys private and public keys to reside in /etc/xcat/hostkeys directory. It will leave a copy of the public hostkeys in /install/postscripts/hostkeys

Browse Source 
git-svn-id: https://svn.code.sf.net/p/xcat/code/xcat-core/trunk@2714 8638fb3e-16cb-4fca-ae20-7b5d299a9bcd
This commit is contained in:
lissav 2009-02-10 19:48:29 +00:00
parent 122dffca3b
commit 2ded87c984
4 changed files with 212 additions and 137 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
xCAT-server/lib/xcat/plugins/credentials.pm
View File

@ -120,15 +120,15 @@ sub process_request
}
$tfilename = "/root/.xcat/client-cred.pem";
} elsif (/ssh_dsa_hostkey/) {
unless (-r "/install/postscripts/hostkeys/ssh_host_dsa_key") {
push @{$rsp->{'error'}},"Unable to read private DSA key from /install/postscripts/hostkeys";
unless (-r "/etc/xcat/hostkeys/ssh_host_dsa_key") {
push @{$rsp->{'error'}},"Unable to read private DSA key from /etc/xcat/hostkeys";
}
$tfilename="/install/postscripts/hostkeys/ssh_host_dsa_key";
$tfilename="/etc/xcat/hostkeys/ssh_host_dsa_key";
} elsif (/ssh_rsa_hostkey/) {
unless (-r "/install/postscripts/hostkeys/ssh_host_rsa_key") {
push @{$rsp->{'error'}},"Unable to read private RSA key from /install/postscripts/hostkeys";
unless (-r "/etc/xcat/hostkeys/ssh_host_rsa_key") {
push @{$rsp->{'error'}},"Unable to read private RSA key from /etc/xcat/hostkeys";
}
$tfilename="/install/postscripts/hostkeys/ssh_host_rsa_key";
$tfilename="/etc/xcat/hostkeys/ssh_host_rsa_key";
} elsif (/xcat_cfgloc/) {
unless (-r "/etc/xcat/cfgloc") {
push @{$rsp->{'error'}},"Unable to read xCAT database location";

8
xCAT-server/lib/xcat/plugins/mknb.pm
View File

@ -80,10 +80,10 @@ sub process_request {
chmod(0700,$tempdir."/root/.ssh");
copy("/root/.ssh/id_rsa.pub","$tempdir/root/.ssh/authorized_keys");
chmod(0600,"$tempdir/root/.ssh/authorized_keys");
if (-r "$installdir/postscripts/hostkeys/ssh_host_key") {
copy("$installdir/postscripts/hostkeys/ssh_host_key","$tempdir/etc/ssh_host_key");
copy("$installdir/postscripts/hostkeys/ssh_host_rsa_key","$tempdir/etc/ssh_host_rsa_key");
copy("$installdir/postscripts/hostkeys/ssh_host_dsa_key","$tempdir/etc/ssh_host_dsa_key");
if (-r "/etc/xcat/hostkeys/ssh_host_key") {
copy("/etc/xcat/hostkeys/ssh_host_key","$tempdir/etc/ssh_host_key");
copy("/etc/xcat/hostkeys/ssh_host_rsa_key","$tempdir/etc/ssh_host_rsa_key");
copy("/etc/xcat/hostkeys/ssh_host_dsa_key","$tempdir/etc/ssh_host_dsa_key");
chmod(0600,<$tempdir/etc/ssh_*>);
}
unless (-r "$tempdir/etc/ssh_host_key") {

297
xCAT-server/sbin/xcatconfig
View File

@ -67,6 +67,7 @@ else
}
chomp $::arch;
chomp $::root;
# Make this system a management node
my $cmd = "/bin/touch /etc/xCATMN";
my $outref = xCAT::Utils->runcmd("$cmd", 0);
@ -78,10 +79,12 @@ else
{
xCAT::MsgUtils->message('I', "Created /etc/xCATMN file.\n");
}
# Make sure service node file is not there
if (-f "/etc/xCATSN") {
my $cmd = "/bin/rm /etc/xCATSN";
my $outref = xCAT::Utils->runcmd("$cmd", 0);
# Make sure service node file is not there
if (-f "/etc/xCATSN")
{
my $cmd = "/bin/rm /etc/xCATSN";
my $outref = xCAT::Utils->runcmd("$cmd", 0);
}
# some Linux-only config
@ -210,51 +213,60 @@ if ($::osname eq 'Linux')
#
# Generate ssh keys
#
if ((!-f "/install/postscripts/hostkeys/ssh_host_key") || $::FORCE)
# create /etc/xcat/hostkeys and /install/postscripts/hostkeys
if (!-d "/install/postscripts/hostkeys") # directory for public keys
{
my $cmd = "/bin/mkdir -p /install/postscripts/hostkeys";
my $outref = xCAT::Utils->runcmd("$cmd", 0);
if ($::RUNCMD_RC != 0)
{
xCAT::MsgUtils->message('E',
"Could not create /install/postscripts/hostkeys directory.\n");
}
}
if (!-d "/etc/xcat/hostkeys") # directory for public/private keys
{
my $cmd = "/bin/mkdir -p /etc/xcat/hostkeys";
my $outref = xCAT::Utils->runcmd("$cmd", 0);
if ($::RUNCMD_RC != 0)
{
xCAT::MsgUtils->message('E',
"Could not create /etc/xcat/hostkeys directory.\n");
}
}
if ($::FORCE)
{
# create /install/postscripts/hostkeys if needed
if (!-d "/install/postscripts/hostkeys")
# remove the old keys
my $cmd = "/bin/rm /install/postscripts/hostkeys/ssh_host*";
my $outref = xCAT::Utils->runcmd("$cmd", 0);
if ($::RUNCMD_RC != 0)
{
my $cmd = "/bin/mkdir -p /install/postscripts/hostkeys";
my $outref = xCAT::Utils->runcmd("$cmd", 0);
if ($::RUNCMD_RC != 0)
{
xCAT::MsgUtils->message('E',
"Could not create /install/postscripts/hostkeys directory.\n");
}
else
{
xCAT::MsgUtils->message('I',
"Created /install/postscripts/hostkeys directory.\n");
}
xCAT::MsgUtils->message(
'I',
"Could not remove ssh keys from /install/postscripts/hostkeys directory. They may not exist.\n"
);
}
if ($::FORCE)
# remove the old keys
my $cmd = "/bin/rm /etc/xcat/hostkeys/ssh_host*";
my $outref = xCAT::Utils->runcmd("$cmd", 0);
if ($::RUNCMD_RC != 0)
{
# remove the old keys
my $cmd = "/bin/rm /install/postscripts/hostkeys/ssh_host*";
my $outref = xCAT::Utils->runcmd("$cmd", 0);
if ($::RUNCMD_RC != 0)
{
xCAT::MsgUtils->message(
'E',
"Could not remove ssh keys from /install/postscripts/hostkeys directory.\n"
);
}
else
{
xCAT::MsgUtils->message(
'I',
"Removed ssh keys from /install/postscripts/hostkeys directory.\n"
);
}
xCAT::MsgUtils->message(
'I',
"Could not remove ssh keys from /etc/xcat/hostkeys directory. They may not exist.\n"
);
}
#
# generate new hostkeys
#
xCAT::MsgUtils->message('I', "Generating SSH1 RSA Key...\n");
my $cmd =
"/usr/bin/ssh-keygen -t rsa1 -f /install/postscripts/hostkeys/ssh_host_key -C '' -N ''";
"/usr/bin/ssh-keygen -t rsa1 -f /etc/xcat/hostkeys/ssh_host_key -C '' -N ''";
my $outref = xCAT::Utils->runcmd("$cmd", 0);
if ($::RUNCMD_RC != 0)
{
@ -263,7 +275,7 @@ if ((!-f "/install/postscripts/hostkeys/ssh_host_key") || $::FORCE)
xCAT::MsgUtils->message('I', "Generating SSH2 RSA Key...\n");
my $cmd =
"/usr/bin/ssh-keygen -t rsa -f /install/postscripts/hostkeys/ssh_host_rsa_key -C '' -N ''";
"/usr/bin/ssh-keygen -t rsa -f /etc/xcat/hostkeys/ssh_host_rsa_key -C '' -N ''";
my $outref = xCAT::Utils->runcmd("$cmd", 0);
if ($::RUNCMD_RC != 0)
{
@ -272,45 +284,97 @@ if ((!-f "/install/postscripts/hostkeys/ssh_host_key") || $::FORCE)
xCAT::MsgUtils->message('I', "Generating SSH2 DSA Key...\n");
my $cmd =
"/usr/bin/ssh-keygen -t dsa -f /install/postscripts/hostkeys/ssh_host_dsa_key -C '' -N ''";
"/usr/bin/ssh-keygen -t dsa -f /etc/xcat/hostkeys/ssh_host_dsa_key -C '' -N ''";
my $outref = xCAT::Utils->runcmd("$cmd", 0);
if ($::RUNCMD_RC != 0)
{
xCAT::MsgUtils->message('E', "Could not generate SSH2 DSA key.\n");
}
# copy the public keys to install directory
my $cmd =
"/bin/cp /etc/xcat/hostkeys/*.pub /install/postscripts/hostkeys/.";
my $outref = xCAT::Utils->runcmd("$cmd", 0);
if ($::RUNCMD_RC != 0)
{
xCAT::MsgUtils->message('E', "$cmd not successful.\n");
}
else
{
xCAT::MsgUtils->message('I', "$cmd is successful\n");
}
}
else
#
# move old keys if they exist, to the new directory and remove private keys
if (-f "/install/postscripts/hostkeys/ssh_host_key")
{
xCAT::MsgUtils->message(
'I',
"/install/postscripts/hostkeys directory exists, no keys generated. Use --force option to generate new keys.\n"
);
# copy all keys to /etc/xcat/hostkeys directory
my $cmd = "/bin/cp -p /install/postscripts/hostkeys/* /etc/xcat/hostkeys/.";
my $outref = xCAT::Utils->runcmd("$cmd", 0);
if ($::RUNCMD_RC != 0)
{
xCAT::MsgUtils->message('E', "$cmd not successful.\n");
}
# remove private keys from install dir
if (-f "/install/postscripts/hostkeys/ssh_host_dsa_key")
{
my $cmd = "/bin/rm /install/postscripts/hostkeys/ssh_host_dsa_key";
my $outref = xCAT::Utils->runcmd("$cmd", 0);
if ($::RUNCMD_RC != 0)
{
xCAT::MsgUtils->message('E', "$cmd not successful.\n");
}
}
if (-f "/install/postscripts/hostkeys/ssh_host_key")
{
my $cmd = "/bin/rm /install/postscripts/hostkeys/ssh_host_key";
my $outref = xCAT::Utils->runcmd("$cmd", 0);
if ($::RUNCMD_RC != 0)
{
xCAT::MsgUtils->message('E', "$cmd not successful.\n");
}
}
if (-f "/install/postscripts/hostkeys/ssh_host_rsa_key")
{
my $cmd = "/bin/rm /install/postscripts/hostkeys/ssh_host_rsa_key";
my $outref = xCAT::Utils->runcmd("$cmd", 0);
if ($::RUNCMD_RC != 0)
{
xCAT::MsgUtils->message('E', "$cmd not successful.\n");
}
}
}
#
# move old directories if they exist
if (-d "/install/postscripts/.ssh")
{
my $cmd = "/bin/mv /install/postscripts/.ssh /install/postscripts/_ssh";
my $cmd = "/bin/mv /install/postscripts/.ssh/* /install/postscripts/_ssh/.";
my $outref = xCAT::Utils->runcmd("$cmd", -1);
# if ($::RUNCMD_RC != 0)
# {
my $cmd = "/bin/rmdir /install/postscripts/.ssh";
my $outref = xCAT::Utils->runcmd("$cmd", -1);
# if ($::RUNCMD_RC != 0)
# {
# xCAT::MsgUtils->message(
# 'E',
# "Could not move /install/postscripts/.ssh directory to /install/postscripts/_ssh.\n"
# );
# }
# else
# {
# 'E',
# "Could not move /install/postscripts/.ssh directory to /install/postscripts/_ssh.\n"
# );
# }
# else
# {
# xCAT::MsgUtils->message(
# 'I',
# "Moved /install/postscripts/.ssh directory to /install/postscripts/_ssh.\n"
# "Moved /install/postscripts/.ssh directory to /install/postscripts/_ssh.\n"
# );
# }
# }
}
if (-d "/install/postscripts/.xcat")
{
my $cmd = "/bin/mv /install/postscripts/.xcat /install/postscripts/_xcat";
my $cmd = "/bin/mv /install/postscripts/.xcat/* /install/postscripts/_xcat/.";
my $outref = xCAT::Utils->runcmd("$cmd", 0);
if ($::RUNCMD_RC != 0)
{
@ -319,13 +383,8 @@ if (-d "/install/postscripts/.xcat")
"Could not move /install/postscripts/.xcat directory to /install/postscripts/_xcat.\n"
);
}
else
{
xCAT::MsgUtils->message(
'I',
"Moved /install/postscripts/.xcat directory to /install/postscripts/_xcat.\n"
);
}
my $cmd = "/bin/rmdir /install/postscripts/.xcat";
my $outref = xCAT::Utils->runcmd("$cmd", -1);
}
#
@ -413,7 +472,7 @@ if (!-d "/install/postscripts/_ssh")
}
#
# Generate id_rsa.pub, if it does not exist or the force option
# Generate id_rsa.pub, if it does not exist or the force option
#
my $pubfile = "$::root/.ssh/id_rsa.pub";
my $rsafile = "$::root/.ssh/id_rsa";
@ -450,47 +509,51 @@ if ((!-r $pubfile) || $::FORCE)
{
xCAT::MsgUtils->message('I', "Generated $pubfile.\n");
if ($::osname eq 'AIX')
{
# allows node be able to scp to the MN only for AIX
my $cmd = "/bin/cat $pubfile >> /.ssh/authorized_keys";
my $outref = xCAT::Utils->runcmd("$cmd", 0);
if ($::RUNCMD_RC != 0)
{
xCAT::MsgUtils->message('E',
if ($::osname eq 'AIX')
{
# allows node be able to scp to the MN only for AIX
my $cmd = "/bin/cat $pubfile >> /.ssh/authorized_keys";
my $outref = xCAT::Utils->runcmd("$cmd", 0);
if ($::RUNCMD_RC != 0)
{
xCAT::MsgUtils->message('E',
"Could not cat $pubfile to /.ssh/authorized_keys.\n");
}
else
{
xCAT::MsgUtils->message('I',
}
else
{
xCAT::MsgUtils->message('I',
"Added $pubfile to /.ssh/authorized_keys.\n");
chmod 0600, "/.ssh/authorized_keys";
}
}
chmod 0600, "/.ssh/authorized_keys";
}
}
}
}
# copy authorized_keys for install on node
if (-r $pubfile) {
my $cmd = "/bin/cp $pubfile /install/postscripts/_ssh/authorized_keys";
my $outref = xCAT::Utils->runcmd("$cmd", 0);
if ($::RUNCMD_RC != 0)
{
xCAT::MsgUtils->message(
'E',
"Could not copy $pubfile to /install/postscripts/_ssh/authorized_keys.\n"
);
}
else
{
xCAT::MsgUtils->message(
'I',
"Copied $pubfile to /install/postscripts/_ssh/authorized_keys.\n"
);
}
} else {
xCAT::MsgUtils->message( 'E',
"Could not copy $pubfile to /install/postscripts/_ssh/authorized_keys,because $pubfile does not exist.\n"
);
if (-r $pubfile)
{
my $cmd = "/bin/cp $pubfile /install/postscripts/_ssh/authorized_keys";
my $outref = xCAT::Utils->runcmd("$cmd", 0);
if ($::RUNCMD_RC != 0)
{
xCAT::MsgUtils->message(
'E',
"Could not copy $pubfile to /install/postscripts/_ssh/authorized_keys.\n"
);
}
else
{
xCAT::MsgUtils->message('I',
"Copied $pubfile to /install/postscripts/_ssh/authorized_keys.\n");
}
}
else
{
xCAT::MsgUtils->message(
'E',
"Could not copy $pubfile to /install/postscripts/_ssh/authorized_keys,because $pubfile does not exist.\n"
);
}
#
@ -655,8 +718,7 @@ if ((!-r "/etc/xcat/site.sqlite") || $::FORCE)
}
if ($::osname eq 'AIX')
{
$chtabcmds .=
"$::XCATROOT/sbin/chtab key=useSSHonAIX site.value=no;";
$chtabcmds .= "$::XCATROOT/sbin/chtab key=useSSHonAIX site.value=no;";
$chtabcmds .=
"$::XCATROOT/sbin/chtab key=consoleondemand site.value=yes;";
}
@ -672,19 +734,19 @@ if ((!-r "/etc/xcat/site.sqlite") || $::FORCE)
}
}
# create default postscript list in postscripts table
# create default postscript list in postscripts table
if ((!-r "/etc/xcat/postscripts.sqlite") || $::FORCE)
{
my $chtabcmds;
if ($::osname eq 'AIX')
{
$chtabcmds =
"$::XCATROOT/sbin/chtab node=xcatdefaults postscripts.postscripts='syslog,aixremoteshell';";
$chtabcmds =
"$::XCATROOT/sbin/chtab node=xcatdefaults postscripts.postscripts='syslog,aixremoteshell';";
}
else
{
$chtabcmds =
"$::XCATROOT/sbin/chtab node=xcatdefaults postscripts.postscripts='syslog,remoteshell';";
$chtabcmds =
"$::XCATROOT/sbin/chtab node=xcatdefaults postscripts.postscripts='syslog,remoteshell';";
}
$chtabcmds .=
@ -816,12 +878,12 @@ my $outref = xCAT::Utils->runcmd("$cmd", 0);
if ($::RUNCMD_RC != 0)
{
xCAT::MsgUtils->message('E',
"Could not create /install/postscripts/ca/certs directory.\n");
"Could not create /install/postscripts/ca/certs directory.\n");
}
else
{
xCAT::MsgUtils->message('I',
"Created /install/postscripts/ca/certs directory.\n");
"Created /install/postscripts/ca/certs directory.\n");
}
my $cmd = "/bin/cp -r /etc/xcat/ca/* /install/postscripts/ca";
my $outref = xCAT::Utils->runcmd("$cmd", 0);
@ -943,12 +1005,12 @@ if ($::RUNCMD_RC != 0)
}
else
{
xCAT::MsgUtils->message('I',
"Copied /etc/xcat/ca/certs* to /install/postscripts/ca/certs directory.\n");
xCAT::MsgUtils->message(
'I',
"Copied /etc/xcat/ca/certs* to /install/postscripts/ca/certs directory.\n"
);
}
#
# if there are xcatd processes then stop them
#
@ -1001,8 +1063,9 @@ if ($::RUNCMD_RC != 0)
# for AIX systems add xcatd to the /etc/inittab file
if ($::osname eq 'AIX')
{
my $mkitab_cmd = 'mkitab "xcatd:2:once:/opt/xcat/sbin/xcatd > /dev/console 2>&1" > /dev/null 2>&1';
my $rc = system($mkitab_cmd);
my $mkitab_cmd =
'mkitab "xcatd:2:once:/opt/xcat/sbin/xcatd > /dev/console 2>&1" > /dev/null 2>&1';
my $rc = system($mkitab_cmd);
}
# more - Linux-only config

32
xCAT/xCAT.spec
View File

@ -72,6 +72,7 @@ rm postscripts.tar
rm LICENSE.html
mkdir -p postscripts/hostkeys
mkdir -p /etc/xcat/hostkeys
cd -
cp %{SOURCE1} $RPM_BUILD_ROOT/etc/apache2/conf.d/xcat.conf
cp %{SOURCE1} $RPM_BUILD_ROOT/etc/httpd/conf.d/xcat.conf
@ -104,20 +105,31 @@ if [ ! -d /var/ftp/tftpboot ]; then
echo "/tftpboot /var/ftp/tftpboot none bind,defaults 0 0" >> /etc/fstab
mount /var/ftp/tftpboot
fi
if [ ! -f /install/postscripts/hostkeys/ssh_host_key ]; then
echo Generating SSH1 RSA Key...
/usr/bin/ssh-keygen -t rsa1 -f /install/postscripts/hostkeys/ssh_host_key -C '' -N ''
echo Generating SSH2 RSA Key...
/usr/bin/ssh-keygen -t rsa -f /install/postscripts/hostkeys/ssh_host_rsa_key -C '' -N ''
echo Generating SSH2 DSA Key...
/usr/bin/ssh-keygen -t dsa -f /install/postscripts/hostkeys/ssh_host_dsa_key -C '' -N ''
# never generated the keys
if [ ! -f /install/postscripts/hostkeys/ssh_host_key.pub ]; then
echo Generating SSH1 RSA Key...
/usr/bin/ssh-keygen -t rsa1 -f /etc/xcat/hostkeys/ssh_host_key -C '' -N ''
echo Generating SSH2 RSA Key...
/usr/bin/ssh-keygen -t rsa -f /etc/xcat/hostkeys/ssh_host_rsa_key -C '' -N ''
echo Generating SSH2 DSA Key...
/usr/bin/ssh-keygen -t dsa -f /etc/xcat/hostkeys/ssh_host_dsa_key -C '' -N ''
/bin/cp /etc/xcat/hostkeys/ssh_host*.pub /install/postscripts/hostkeys/
fi
# generated the keys before, still have private keys in install
# copy all to the new private directory and then remove private keys
if [ -f /install/postscripts/hostkeys/ssh_host_key ]; then
/bin/cp /install/postscripts/hostkeys/* /etc/xcat/hostkeys/.
/bin/rm /install/postscripts/hostkeys/ssh_host_dsa_key
/bin/rm /install/postscripts/hostkeys/ssh_host_rsa_key
/bin/rm /install/postscripts/hostkeys/ssh_host_key
fi
if [ -d /install/postscripts/.ssh ]; then
mv /install/postscripts/.ssh /install/postscripts/_ssh
/bin/mv /install/postscripts/.ssh/* /install/postscripts/_ssh/.
rmdir /install/postscripts/.ssh
fi
if [ -d /install/postscripts/.xcat ]; then
mv /install/postscripts/.xcat /install/postscripts/_xcat
/bin/mv /install/postscripts/.xcat/* /install/postscripts/_xcat/.
rmdir /install/postscripts/.xcat
fi
chkconfig vsftpd on
/etc/init.d/vsftpd start