Put certificates and keys in a format amenable to conserver use, update conserver plugin to make use of conserver certificate authentication

git-svn-id: https://svn.code.sf.net/p/xcat/code/xcat-core/trunk@235 8638fb3e-16cb-4fca-ae20-7b5d299a9bcd

xCAT-server-2.0/lib/xcat/plugins/conserver.pm

@@ -26,6 +26,15 @@ sub docfheaders {
   my $content = shift;
   my $numlines = @$content;
   my @meat = grep(!/^#/,@$content);
+  unless (grep(/^config \* {/,@meat)) {
+    push @$content,"config * {\n";
+    push @$content,"  sslauthority /etc/xcat/ca/ca-cert.pem;\n";
+    push @$content,"  sslcredentials /etc/xcat/cert/server-cred.pem;\n";
+    push @$content,"}\n";
+  }
+}
+
+  }
   unless (grep(/^default full/,@meat)) {
     push @$content,"default full { rw *; }\n";
   }

xCAT-server-2.0/share/xcat/scripts/setup-local-client.sh

@@ -1,5 +1,6 @@
 
 # IBM(c) 2007 EPL license http://www.eclipse.org/legal/epl-v10.html
+umask 0077 #nothing make by this script should be readable by group or others
 
 
 if [ -z "$XCATDIR" ]; then
@@ -47,6 +48,8 @@ if [ -f root.cert ]; then
 fi
 
 cp root.cert $USERHOME/.xcat/client-cert.pem
+#Unify certificate and key in one file, console command at least expects it
+cat $USERHOME/.xcat/client-cert.pem $USERHOME/.xcat/client-key.pem > $USERHOME/.xcat/client-cred.pem
 cp ca-cert.pem $USERHOME/.xcat/ca.pem
 chown -R $1 $USERHOME/.xcat
 find $USERHOME/.xcat -type f -exec chmod 600 {} \;

xCAT-server-2.0/share/xcat/scripts/setup-server-cert.sh

@@ -6,6 +6,7 @@ fi
 if [ -z "$1" ]; then
   echo "Usage: $0 servername"
 fi
+umask 0077
 CNA=$*
 
 XCATCADIR=$XCATDIR/ca
@@ -38,6 +39,8 @@ if [ -f `hostname`.cert ]; then
 fi
 
 cp `hostname`.cert $XCATDIR/cert/server-cert.pem
+#Put key and cert in a single file for the likes of conserver
+cat $XCATDIR/cert/server-cert.pem $XCATDIR/cert/server-key.pem > $XCATDIR/cert/server-cred.pem 
 cp ca-cert.pem $XCATDIR/cert/ca.pem
 cd -