diff --git a/xCAT-server-2.0/lib/xcat/plugins/anaconda.pm b/xCAT-server-2.0/lib/xcat/plugins/anaconda.pm index c4f440353..aae4905ac 100644 --- a/xCAT-server-2.0/lib/xcat/plugins/anaconda.pm +++ b/xCAT-server-2.0/lib/xcat/plugins/anaconda.pm @@ -169,8 +169,8 @@ sub mknetboot { } # create the node-specific post scripts - mkpath "/install/postscripts/"; - xCAT::Postage->writescript($node,"/install/postscripts/".$node, "netboot", $callback); + #mkpath "/install/postscripts/"; + #xCAT::Postage->writescript($node,"/install/postscripts/".$node, "netboot", $callback); mkpath("/$tftpdir/xcat/netboot/$osver/$arch/$profile/"); #TODO: only copy if newer... @@ -220,10 +220,10 @@ sub mknetboot { kcmdline=>$kcmdline }); } - my $rc = xCAT::Utils->create_postscripts_tar(); - if ( $rc != 0 ) { - xCAT::MsgUtils->message( "S", "Error creating postscripts tar file." ); - } + #my $rc = xCAT::Utils->create_postscripts_tar(); + #if ( $rc != 0 ) { + # xCAT::MsgUtils->message( "S", "Error creating postscripts tar file." ); + #} } sub mkinstall { @@ -296,8 +296,8 @@ sub mkinstall { } # create the node-specific post scripts - mkpath "/install/postscripts/"; - xCAT::Postage->writescript($node,"/install/postscripts/".$node, "install", $callback); + #mkpath "/install/postscripts/"; + #xCAT::Postage->writescript($node,"/install/postscripts/".$node, "install", $callback); if ( diff --git a/xCAT-server-2.0/lib/xcat/plugins/credentials.pm b/xCAT-server-2.0/lib/xcat/plugins/credentials.pm index 0300e55e3..3cfb0a407 100644 --- a/xCAT-server-2.0/lib/xcat/plugins/credentials.pm +++ b/xCAT-server-2.0/lib/xcat/plugins/credentials.pm @@ -113,12 +113,22 @@ sub process_request next; } $tfilename = "/root/.xcat/client-cred.pem"; + } elsif (/ssh_dsa_hostkey/) { + unless (-r "/install/postscripts/hostkeys/ssh_host_dsa_key") { + push @{$rsp->{'error'}},"Unable to read private DSA key from /install/postscripts/hostkeys"; + } + $tfilename="/install/postscripts/hostkeys/ssh_host_dsa_key"; + } elsif (/ssh_rsa_hostkey/) { + unless (-r "/install/postscripts/hostkeys/ssh_host_rsa_key") { + push @{$rsp->{'error'}},"Unable to read private RSA key from /install/postscripts/hostkeys"; + } + $tfilename="/install/postscripts/hostkeys/ssh_host_rsa_key"; } elsif (/xcat_cfgloc/) { unless (-r "/etc/xcat/cfgloc") { push @{$rsp->{'error'}},"Unable to read xCAT database location"; next; } - $tfilename = "/etc/xcat/cfglog"; + $tfilename = "/etc/xcat/cfgloc"; } else { next; } diff --git a/xCAT-server-2.0/sbin/copycerts b/xCAT-server-2.0/sbin/copycerts index 1ad0b6dda..4c6dd0a89 100644 --- a/xCAT-server-2.0/sbin/copycerts +++ b/xCAT-server-2.0/sbin/copycerts @@ -41,7 +41,7 @@ exit 0; Copy from the mounted /xcatpost/ directory to the MS /install/postscripts directory the /install/postscripts/ca install/postscripts/cert and - /install/postscripts/.xcat into the local file system. These certificate are + /install/postscripts/_xcat into the local file system. These certificate are needed for the postresql db setup for the service node to be able to access the DB from the service node. @@ -54,19 +54,19 @@ sub copyCertstoSN `touch /etc/xCATSN`; `touch /tmp/lissatestxxx`; `unalias cp`; - if (-d "/xcatpost/.xcat") + if (-d "/xcatpost/_xcat") { if (!(-d "/root/.xcat")) { mkdir("/root/.xcat", 0600); } - `cp -rp /xcatpost/.xcat/* /root/.xcat`; + `cp -rp /xcatpost/_xcat/* /root/.xcat`; `chmod 0600 /root/.xcat/*`; } else { xCAT::MsgUtils->message('S', - "/xcatpost/.xcat directory does not exist\n"); + "/xcatpost/_xcat directory does not exist\n"); } if (-d "/xcatpost/ca") diff --git a/xCAT-server-2.0/share/xcat/install/scripts/post.rh b/xCAT-server-2.0/share/xcat/install/scripts/post.rh index f04e4707e..e574da42b 100644 --- a/xCAT-server-2.0/share/xcat/install/scripts/post.rh +++ b/xCAT-server-2.0/share/xcat/install/scripts/post.rh @@ -26,8 +26,7 @@ hostname $HOSTNAME export MASTER_IP="#XCATVAR:XCATMASTER#" export MASTER_IPS="#XCATVAR:XCATMASTER#" export MASTER="#XCATVAR:XCATMASTER#" -mkdir -p /xcatpost -cd /xcatpost +cd /tmp RAND=$(perl -e 'print int(rand(50)). "\n"') sleep $RAND for i in $(seq 1 20) @@ -35,9 +34,28 @@ do GOTIT=0 for i in $MASTER_IPS do - wget --wait=10 --random-wait --waitretry=10 --retry-connrefused -t 0 -T 60 http://$i/install/autoinst/xcatpost.tar.gz + wget -l inf -N -r --waitretry=10 --random-wait --retry-connrefused -t 0 -T 60 ftp://$i/install/postscripts + #wget --wait=10 --random-wait --waitretry=10 --retry-connrefused -t 0 -T 60 http://$i/install/autoinst/xcatpost.tar.gz if [ "$?" = "0" ] then + if [ -x /usr/sbin/stunnel ]; then #Stop if no stunnel to help the next bit + echo client=yes > /etc/stunnel/stunnel.conf + echo foreground=yes >> /etc/stunnel/stunnel.conf + echo output=/dev/null >> /etc/stunnel/stunnel.conf + echo verify=0 >> /etc/stunnel/stunnel.conf + echo '[xcatd]' >> /etc/stunnel/stunnel.conf + echo accept=400 >> /etc/stunnel/stunnel.conf + echo connect=$i:3001 >> /etc/stunnel/stunnel.conf + + stunnel & + STUN_PID=$! + sleep 1 + fi + mv $i/install/postscripts /xcatpost + rm -rf $i + chmod +x /xcatpost/* + /xcatpost/getpostscript.awk |sed -e 's/<[^>]*>//g'|egrep -v '^ *$'|sed -e 's/^ *//' > /tmp/mypostscript + chmod +x /tmp/mypostscript GOTIT=1 break fi @@ -49,15 +67,19 @@ do RAND=$(perl -e 'print int(rand(5)). "\n"') sleep $RAND done -gunzip xcatpost.tar.gz -tar -xvf xcatpost.tar -/xcatpost/#TABLE:nodelist:THISNODE:node# -export NODE=#TABLE:nodelist:THISNODE:node# +cd /xcatpost +#gunzip xcatpost.tar.gz +#tar -xvf xcatpost.tar +#/xcatpost/#TABLE:nodelist:THISNODE:node# export PATH=/xcatpost:$PATH +/tmp/mypostscript +export NODE=#TABLE:nodelist:THISNODE:node# export OSVER=#TABLE:nodetype:THISNODE:os# export ARCH=#TABLE:nodetype:THISNODE:arch# addsiteyum updateflag.awk $MASTER 3002 cd / rm -Rf /xcatpost +rm -f /tmp/mypostscript +rm -f /etc/stunnel/stunnel.conf exit 0 diff --git a/xCAT-server-2.0/share/xcat/install/scripts/post.rh.iscsi b/xCAT-server-2.0/share/xcat/install/scripts/post.rh.iscsi index 32a71d21a..276b45bf7 100644 --- a/xCAT-server-2.0/share/xcat/install/scripts/post.rh.iscsi +++ b/xCAT-server-2.0/share/xcat/install/scripts/post.rh.iscsi @@ -26,8 +26,7 @@ hostname $HOSTNAME export MASTER_IP="#XCATVAR:XCATMASTER#" export MASTER_IPS="#XCATVAR:XCATMASTER#" export MASTER="#XCATVAR:XCATMASTER#" -mkdir -p /xcatpost -cd /xcatpost +cd /tmp RAND=$(perl -e 'print int(rand(50)). "\n"') sleep $RAND for i in $(seq 1 20) @@ -35,9 +34,28 @@ do GOTIT=0 for i in $MASTER_IPS do - wget --wait=10 --random-wait --waitretry=10 --retry-connrefused -t 0 -T 60 http://$i/install/autoinst/xcatpost.tar.gz + wget -l inf -N -r --waitretry=10 --random-wait --retry-connrefused -t 0 -T 60 ftp://$i/install/postscripts + #wget --wait=10 --random-wait --waitretry=10 --retry-connrefused -t 0 -T 60 http://$i/install/autoinst/xcatpost.tar.gz if [ "$?" = "0" ] then + if [ -x /usr/sbin/stunnel ]; then #Stop if no stunnel to help the next bit + echo client=yes > /etc/stunnel/stunnel.conf + echo foreground=yes >> /etc/stunnel/stunnel.conf + echo output=/dev/null >> /etc/stunnel/stunnel.conf + echo verify=0 >> /etc/stunnel/stunnel.conf + echo '[xcatd]' >> /etc/stunnel/stunnel.conf + echo accept=400 >> /etc/stunnel/stunnel.conf + echo connect=$i:3001 >> /etc/stunnel/stunnel.conf + + stunnel & + STUN_PID=$! + sleep 1 + fi + mv $i/install/postscripts /xcatpost + rm -rf $i + chmod +x /xcatpost/* + /xcatpost/getpostscript.awk |sed -e 's/<[^>]*>//g'|egrep -v '^ *$'|sed -e 's/^ *//' > /tmp/mypostscript + chmod +x /tmp/mypostscript GOTIT=1 break fi @@ -49,11 +67,13 @@ do RAND=$(perl -e 'print int(rand(5)). "\n"') sleep $RAND done -gunzip xcatpost.tar.gz -tar -xvf xcatpost.tar -/xcatpost/#TABLE:nodelist:THISNODE:node# -export NODE=#TABLE:nodelist:THISNODE:node# +cd /xcatpost +#gunzip xcatpost.tar.gz +#tar -xvf xcatpost.tar +#/xcatpost/#TABLE:nodelist:THISNODE:node# export PATH=/xcatpost:$PATH +/tmp/mypostscript +export NODE=#TABLE:nodelist:THISNODE:node# export OSVER=#TABLE:nodetype:THISNODE:os# export ARCH=#TABLE:nodetype:THISNODE:arch# addsiteyum @@ -61,4 +81,6 @@ iscsiadm -m discovery -t st -p #TABLE:iscsi:$NODE:server# uploadboot cd / rm -Rf /xcatpost +rm -f /tmp/mypostscript +rm -f /etc/stunnel/stunnel.conf exit 0 diff --git a/xCAT/postscripts/allowcred.awk b/xCAT/postscripts/allowcred.awk index 305c103d0..341138d3e 100755 --- a/xCAT/postscripts/allowcred.awk +++ b/xCAT/postscripts/allowcred.awk @@ -4,11 +4,12 @@ BEGIN { quit = "no" - while (match(quit,"no") && (listener |& getline) > 0) { - if (match($0,"CREDOKBYYOU?")) { - print "CREDOKBYME" |& listener - quit="yes" - } - } - close(listener) + while (match(quit,"no")) { + while ((listener |& getline) > 0) { + if (match($0,"CREDOKBYYOU?")) { + print "CREDOKBYME" |& listener + } + } + close(listener) + } } diff --git a/xCAT/postscripts/remoteshell b/xCAT/postscripts/remoteshell index 831b466c5..5ad97988b 100755 --- a/xCAT/postscripts/remoteshell +++ b/xCAT/postscripts/remoteshell @@ -20,46 +20,46 @@ then echo " StrictHostKeyChecking no" >> /etc/ssh/ssh_config fi -if [ -d /xcatpost/.ssh ] +if [ -d /xcatpost/_ssh ] then logger -t xcat "Install: setup root .ssh" - cd /xcatpost/.ssh + cd /xcatpost/_ssh mkdir -p /root/.ssh cp -f * /root/.ssh cd - chmod 700 /root/.ssh chmod 600 /root/.ssh/* fi +allowcred.awk & +sleep 1 + if [ -d /xcatpost/hostkeys ] then logger -t xcat "Install: using server provided host key for convenience." cp /xcatpost/hostkeys/*_key /etc/ssh/ fi +getcredentials.awk ssh_dsa_hostkey | grep -v '<'|sed -e 's/<//' -e 's/&/&/' -e 's/"/"/' -e "s/'/'/" > /etc/ssh/ssh_host_dsa_key +chmod 600 /etc/ssh/ssh_host_dsa_key +if ! grep "PRIVATE KEY" /etc/ssh/ssh_host_dsa_key > /dev/null 2>&1 ; then + rm /etc/ssh/ssh_host_dsa_key +fi +getcredentials.awk ssh_rsa_hostkey | grep -v '<'|sed -e 's/<//' -e 's/&/&/' -e 's/"/"/' -e "s/'/'/" > /etc/ssh/ssh_host_rsa_key +chmod 600 /etc/ssh/ssh_host_rsa_key +if ! grep "PRIVATE KEY" /etc/ssh/ssh_host_rsa_key > /dev/null 2>&1 ; then + rm /etc/ssh/ssh_host_rsa_key +fi if [ ! -x /usr/sbin/stunnel ]; then #Stop if no stunnel to help the next bit exit 0 fi -echo client=yes > /etc/stunnel/stunnel.conf -echo foreground=yes >> /etc/stunnel/stunnel.conf -echo output=/dev/null >> /etc/stunnel/stunnel.conf -echo verify=0 >> /etc/stunnel/stunnel.conf -echo '[xcatd]' >> /etc/stunnel/stunnel.conf -echo accept=400 >> /etc/stunnel/stunnel.conf -echo connect=$MASTER:3001 >> /etc/stunnel/stunnel.conf - -stunnel & -STUN_PID=$! -sleep 1 umask 0077 mkdir -p /root/.ssh/ -allowcred.awk & sleep 1 getcredentials.awk ssh_root_key | grep -v '<'|sed -e 's/<//' -e 's/&/&/' -e 's/"/"/' -e "s/'/'/" > /root/.ssh/id_rsa if ! grep "PRIVATE KEY" /root/.ssh/id_rsa > /dev/null 2>&1 ; then rm /root/.ssh/id_rsa fi -kill $STUN_PID diff --git a/xCAT/xCAT.spec b/xCAT/xCAT.spec index 6bc0adbed..a90327701 100644 --- a/xCAT/xCAT.spec +++ b/xCAT/xCAT.spec @@ -104,6 +104,12 @@ if [ ! -f /install/postscripts/hostkeys/ssh_host_key ]; then echo Generating SSH2 DSA Key... /usr/bin/ssh-keygen -t dsa -f /install/postscripts/hostkeys/ssh_host_dsa_key -C '' -N '' fi +if [ -d /install/postscripts/.ssh ]; then + mv /install/postscripts/.ssh /install/postscripts/_ssh +fi +if [ -d /install/postscripts/.xcat ]; then + mv /install/postscripts/.xcat /install/postscripts/_xcat +fi if [ "$1" = "1" ]; then #Only if installing for the fist time.. mkdir -p /root/.ssh chmod 700 /root/.ssh @@ -112,8 +118,8 @@ if [ "$1" = "1" ]; then #Only if installing for the fist time.. if [ ! -r /root/.ssh/id_rsa.pub ]; then ssh-keygen -t rsa -q -b 2048 -N "" -f /root/.ssh/id_rsa fi - mkdir -p /install/postscripts/.ssh - cp /root/.ssh/id_rsa.pub /install/postscripts/.ssh/authorized_keys + mkdir -p /install/postscripts/_ssh + cp /root/.ssh/id_rsa.pub /install/postscripts/_ssh/authorized_keys mkdir -p /var/log/consoles if ! grep /tftpboot /etc/exports; then @@ -161,8 +167,8 @@ if [ "$1" = "1" ]; then #Only if installing for the fist time.. if [ ! -r /root/.xcat/client-key.pem ]; then yes | $RPM_INSTALL_PREFIX0/share/xcat/scripts/setup-local-client.sh root fi - mkdir -p /install/postscripts/.xcat - cp -r /root/.xcat/* /install/postscripts/.xcat + mkdir -p /install/postscripts/_xcat + cp -r /root/.xcat/* /install/postscripts/_xcat #Zap the almost certainly wrong pxelinux.cfg file if [ -r /tftpboot/pxelinux.cfg/default ] then