From 956ae925d3dc918ef16be71a80eaf8c37a80b9bf Mon Sep 17 00:00:00 2001 From: lissav Date: Wed, 7 Dec 2011 17:40:24 +0000 Subject: [PATCH] call xcatserver and xcatclient from servicenode so they are no longer need in postscripts table from Linux service node git-svn-id: https://svn.code.sf.net/p/xcat/code/xcat-core/trunk@11166 8638fb3e-16cb-4fca-ae20-7b5d299a9bcd --- xCAT/postscripts/servicenode | 76 ++++++++++++++++++++++++------------ xCAT/postscripts/xcatclient | 15 +++++++ xCAT/postscripts/xcatserver | 20 ++++++++++ 3 files changed, 85 insertions(+), 26 deletions(-) diff --git a/xCAT/postscripts/servicenode b/xCAT/postscripts/servicenode index 9280fa5f5..fc1ef3260 100755 --- a/xCAT/postscripts/servicenode +++ b/xCAT/postscripts/servicenode @@ -8,10 +8,25 @@ =head1 servicenode + On AIX and Linux : This updates the service node with files necessary to access the database on the MasterNode and restarts the xcat daemon - - On AIX systems this does the service node configuration. + If uses multiple environment variables setup by postage.pm from + the site table. + For Linux: + It calls xcatserver and xcatclient script to get the ssh keys, ssl + redentials and cfgloc file and transfer from the MN to the SN + to be able to access the + database, setup ssh keys on the nodes and have daemon to daemon + commmunication between the SN and MN and have the SN access the DB. + For AIX: + The same function in xcatserver and xcatclient is in this script for + AIX and thus it does not call xcatserver and xcatclient. + We get the ssh keys, ssl + credentials and cfgloc file for the SN to be able to access the + database, setup ssh keys on the nodes and have daemon to daemon + commmunication between the SN and MN and have the SN access the DB. + =cut @@ -64,6 +79,8 @@ chomp $installdir; $installdir =~ s/^(\'|\")(.*)(\"|\')$/$2/; # remove any surrounding quotes # update security certificates keys for service node +# This section is used for the updatenode -k function, which sets the +# UPDATESECURITY env variable if ($ENV{UPDATESECURITY} && $ENV{UPDATESECURITY} eq "1") { $::servnode = $ENV{'MASTER'}; @@ -82,8 +99,13 @@ if ($ENV{UPDATESECURITY} && $ENV{UPDATESECURITY} eq "1") { ©certs; if ($::osname eq 'AIX') { # get the xCAT credentials from the server - # the credenticals and certificates copy will be done in xcatclient and xcatserver postscripts &getcreds; + } else { # Linux + # call xcatserver,xcatclient to transfer the SSL credentials and cfgloc + `logger -t $::sdate servicenode: running xcatserver -d`; + &runcmd("xcatserver -d"); + `logger -t $::sdate servicenode: running xcatclient -d`; + &runcmd("xcatclient -d"); } exit 0; @@ -113,9 +135,14 @@ else &runcmd("rpm -e tftp-server"); ©certs; + + `logger -t $::sdate servicenode: runing xcatserver -d`; + &runcmd("xcatserver -d"); + `logger -t $::sdate servicenode: runing xcatclient -d`; + &runcmd("xcatclient -d"); } -`logger -t xcat rc=$rc`; +`logger -t $::sdate servicenode: rc=$rc`; exit $rc; # @@ -140,7 +167,7 @@ sub runcmd $rc = $? >> 8; if ($rc > 0) { - my $msg="$cmd returned rc=$rc $::outref\n"; + my $msg="$::sdate servicenode: $cmd returned rc=$rc $::outref\n"; `logger -t xcat $msg`; return 1; } @@ -282,8 +309,9 @@ sub setupAIXsn ##################################################### # -# getcreds -# Get xCAT credentials and DB cfgloc file +# getcreds ( For AIX) . +# Same function in xcatserver,xcatclient for Linux +# Get xCAT SSL credentials and DB cfgloc file # ##################################################### sub getcreds @@ -327,16 +355,16 @@ sub getcreds $response=&getresponse("xcat_cfgloc"); if (defined ($response) ) { - # need to change entry to use the name of the server as - # know by this node + # need to change entry to use the name of the server as + # know by this node # except for db2 which has a different format, no host my $newstr; if ($response =~ /^DB2:/){ $newstr = $response; } else { - my ($begin, $tmp) = split(';', $response); - my ($tmp2, $end, $end2) = split('\|', $tmp); - my ($tmp3, $oldserv) = split('=', $tmp2); + my ($begin, $tmp) = split(';', $response); + my ($tmp2, $end, $end2) = split('\|', $tmp); + my ($tmp3, $oldserv) = split('=', $tmp2); $newstr = "$begin;$tmp3=$::servnode|$end|$end2"; } my $fd; @@ -400,7 +428,7 @@ sub getresponse } unless ($sock) { - my $msg = "servicenode: Cannot connect to host \'$::servnode\'\n"; + my $msg = "$::sdate servicenode: Cannot connect to host \'$::servnode\'\n"; `logger -t xcat $msg`; print $msg; return undef; @@ -453,7 +481,7 @@ sub openlistener my $pid = xCAT::Utils->xfork; unless (defined $pid) { # fork failed - $msg = "servicenode: Could not fork process.\n"; + $msg = "$::sdate servicenode: Could not fork process.\n"; `logger -t xcat $msg`; #print $msg; return undef; @@ -472,7 +500,7 @@ sub openlistener ); unless ($listener) { - my $msg = "servicenode: Cannot open socket on \'$node\'\n"; + my $msg = "$::sdate servicenode: Cannot open socket on \'$node\'\n"; `logger -t xcat $msg`; print $msg; exit 1; @@ -501,14 +529,9 @@ sub openlistener ##################################################### # # copycerts -#Copy from the mounted /xcatpost/ directory to the MS /install/postscripts -# directory the /install/postscripts/ca install/postscripts/cert and -# /install/postscripts/_xcat into the local file system. These certificate are -# needed for the postresql and mysql db setup for the service node -# to be able to access -# the DB from the service node. -# -# +# Setup the /etc/xcat/ca, /etc/xcat/cert, ~/.xcat directories with +# SSL certificates from the /xcatpost/_xcat directory +# These certificate are needed to access the Databases from the SN ##################################################### sub copycerts @@ -530,7 +553,7 @@ sub copycerts } else { - $msg = "/xcatpost/_xcat directory does not exist\n"; + $msg = "$::sdate servicenode: /xcatpost/_xcat directory does not exist\n"; `logger -t xcat $msg`; } @@ -549,10 +572,11 @@ sub copycerts } else { - $msg = "/xcatpost/ca directory does not exist\n"; + $msg = "$::sdate servicenode: /xcatpost/ca directory does not exist\n"; `logger -t xcat $msg`; } + # if AIX, only need for AIX because xcatserver script does it for Linux if ($^O =~ /^aix/i) { if (-d "/xcatpost/_xcat") { @@ -569,7 +593,7 @@ sub copycerts } else { - $msg = "/xcatpost/_xcat directory does not exist\n"; + $msg = "$::sdate servicenode: /xcatpost/_xcat directory does not exist\n"; `logger -t xcat $msg`; } } diff --git a/xCAT/postscripts/xcatclient b/xCAT/postscripts/xcatclient index 7b84424ad..171317cb3 100755 --- a/xCAT/postscripts/xcatclient +++ b/xCAT/postscripts/xcatclient @@ -3,6 +3,21 @@ #egan@us.ibm.com #(C)IBM Corp # +# This routine transfers the client credentials from ~/.xcat on the MN +# to the SN for Linux. +# It only does something, if called with the -d flag. +# The -d flag was implemented when the call to the routine was moved +# from the postscript table into the servicenode postscript. +# +if [ ! $1 ]; then + logger -t xcat "xcatclient call without -d, doing nothing." + exit 0 +fi +if [ $1 != "-d" ]; then + logger -t xcat "xcatclient call without -d, doing nothing." + exit 0 +fi +logger -t xcat "xcatclient call with -d. getting credentials and cfgloc " if [ ! -x /usr/bin/openssl ]; then #Unless we have openssl stup logger -t xcat "$0: /usr/bin/openssl is not executable" diff --git a/xCAT/postscripts/xcatserver b/xCAT/postscripts/xcatserver index 170c610c3..06ba080f3 100755 --- a/xCAT/postscripts/xcatserver +++ b/xCAT/postscripts/xcatserver @@ -2,7 +2,27 @@ # IBM(c) 2007 EPL license http://www.eclipse.org/legal/epl-v10.html #egan@us.ibm.com #(C)IBM Corp +# This scripts transfers the cfgloc files and the xCAT credentials from +# the Management Node to the Service Node on Linux. +# It only does something, if called with the -d flag. +# The -d flag was implemented when the call to the routine was moved +# from the postscript table into the servicenode postscript. # +if [ ! $1 ]; then + logger -t xcat "xcatserver call without -d, doing nothing." + #echo "xcatserver call without -d, doing nothing." + #echo $1 + exit 0 +fi +if [ $1 != "-d" ]; then + logger -t xcat "xcatserver call without -d, doing nothing." + #echo "xcatserver call without -d, doing nothing." + #echo $1 + exit 0 +fi +logger -t xcat "xcatserver call with -d. getting credentials and cfgloc " +#echo "xcatserver call with -d, getting credentials and cfgloc." +#echo $1 if [ ! -x /usr/bin/openssl ]; then logger -t xcat "$0: /usr/bin/openssl is not executable"