Incorporate allowcred.awk

Add a key suitable for x509 use, 1024 bits for the switch key (because SNMP restricts size of PEM data) and 4096 for cert (being over paranoid)


git-svn-id: https://svn.code.sf.net/p/xcat/code/xcat-core/trunk@10415 8638fb3e-16cb-4fca-ae20-7b5d299a9bcd

xCAT-nbroot2/allowcred.awk

@@ -0,0 +1,15 @@
+#!/usr/bin/awk -f
+BEGIN {
+        listener = "/inet/tcp/300/0/0"
+        quit = "no"
+
+
+       while (match(quit,"no")) {
+         while ((listener |& getline) > 0) {
+                 if (match($0,"CREDOKBYYOU?")) {
+                         print "CREDOKBYME" |& listener
+                   }
+         }
+         close(listener)
+      }
+}

xCAT-nbroot2/install

@@ -587,6 +587,7 @@ inst "$moddir/dodiscovery" "/bin/dodiscovery"
 inst "$moddir/udpcat.awk" "/bin/udpcat.awk"
 inst "$moddir/minixcatd.awk" "/bin/minixcatd.awk"
 inst "$moddir/bmcsetup" "/bin/bmcsetup"
+inst "$moddir/allowcred.awk" "/bin/allowcred.awk"
 inst "$moddir/dhclient.conf" "/etc/dhclient.conf"
 inst "$moddir/dhclient-script" "/sbin/dhclient-script"
 inst "$moddir/rsyslog.conf" "/etc/rsyslog.conf"

xCAT-nbroot2/xcat-cmdline.sh

@@ -60,6 +60,7 @@ mkdir -p /etc/xcat
 mkdir -p /etc/pki/tls
 touch /etc/pki/tls/openssl.cnf
 openssl genrsa -out /etc/xcat/privkey.pem 1024
+openssl genrsa -out /etc/xcat/certkey.pem 4096
 PUBKEY=`openssl rsa -in /etc/xcat/privkey.pem -pubout|grep -v "PUBLIC KEY"`
 PUBKEY=`echo $PUBKEY|sed -e 's/ //g'`
 export PUBKEY