From 9f63ade9404e39e2137ce02c10f29e753cd0773a Mon Sep 17 00:00:00 2001 From: jbjohnso Date: Wed, 8 Apr 2009 14:44:16 +0000 Subject: [PATCH] -Try to eliminate stunnel requirement in SLES11. This approach is cleaner and I would like to switch completely to it across the board when less risky git-svn-id: https://svn.code.sf.net/p/xcat/code/xcat-core/trunk@3131 8638fb3e-16cb-4fca-ae20-7b5d299a9bcd --- .../share/xcat/install/scripts/post.sles11 | 37 ++++---- .../xcat/install/sles/compute.sles11.tmpl | 85 +++++++++++++++++++ xCAT/postscripts/getcredentials.awk | 6 +- xCAT/postscripts/getpostscript.awk | 7 ++ xCAT/postscripts/remoteshell | 7 +- xCAT/postscripts/xcatclient | 7 +- xCAT/postscripts/xcatdsklspost | 17 +++- xCAT/postscripts/xcatserver | 7 +- 8 files changed, 150 insertions(+), 23 deletions(-) create mode 100644 xCAT-server/share/xcat/install/sles/compute.sles11.tmpl diff --git a/xCAT-server/share/xcat/install/scripts/post.sles11 b/xCAT-server/share/xcat/install/scripts/post.sles11 index 5c3a15e41..ff6591f9c 100644 --- a/xCAT-server/share/xcat/install/scripts/post.sles11 +++ b/xCAT-server/share/xcat/install/scripts/post.sles11 @@ -75,21 +75,26 @@ do if [ "$?" = "0" ] then - rpm -ivh $i/post/otherpkgs/sles11/$NODE_ARCH/stunnel*.rpm - mkdir -p /usr/var/run/stunnel - mkdir -p /var/stunnel - if [ -x /usr/sbin/stunnel ]; then #Stop if no stunnel to help the next bit - echo client=yes > /etc/stunnel/stunnel.conf - echo foreground=no >> /etc/stunnel/stunnel.conf - echo output=/dev/null >> /etc/stunnel/stunnel.conf - echo verify=0 >> /etc/stunnel/stunnel.conf - echo '[xcatd]' >> /etc/stunnel/stunnel.conf - echo accept=400 >> /etc/stunnel/stunnel.conf - echo connect=$i:3001 >> /etc/stunnel/stunnel.conf + if [ -x /usr/bin/stunnel ]; then + USEOPENSSLFORXCAT=1 + export USEOPENSSLFORXCAT + else + rpm -ivh $i/post/otherpkgs/sles11/$NODE_ARCH/stunnel*.rpm + mkdir -p /usr/var/run/stunnel + mkdir -p /var/stunnel + if [ -x /usr/sbin/stunnel ]; then #Stop if no stunnel to help the next bit + echo client=yes > /etc/stunnel/stunnel.conf + echo foreground=no >> /etc/stunnel/stunnel.conf + echo output=/dev/null >> /etc/stunnel/stunnel.conf + echo verify=0 >> /etc/stunnel/stunnel.conf + echo '[xcatd]' >> /etc/stunnel/stunnel.conf + echo accept=400 >> /etc/stunnel/stunnel.conf + echo connect=$i:3001 >> /etc/stunnel/stunnel.conf - stunnel - STUN_PID=$! - sleep 1 + stunnel + STUN_PID=$! + sleep 1 + fi fi mv $i/postscripts /xcatpost rm -rf $i @@ -122,7 +127,9 @@ cd / /xcatpost/#TABLE:nodelist:$NODE:node# rm -Rf /xcatpost rm -f /tmp/mypostscript -rm -f /etc/stunnel/stunnel.conf +if [ ! -x /usr/bin/stunnel ]; then + rm -f /etc/stunnel/stunnel.conf +fi rmdir /xcatpost ]]> diff --git a/xCAT-server/share/xcat/install/sles/compute.sles11.tmpl b/xCAT-server/share/xcat/install/sles/compute.sles11.tmpl new file mode 100644 index 000000000..92b364fc2 --- /dev/null +++ b/xCAT-server/share/xcat/install/sles/compute.sles11.tmpl @@ -0,0 +1,85 @@ + + + + + + true + true + + false + false + mbr + + + + GMT + #TABLE:site:key=timezone:value# + + + english-us + + en_US + + false + false + false + true + + + non + + + + + /dev/sda + true + all + + + + + base + x11 + + + xntp + rsync + + + + + + + root + #CRYPT:passwd:key=system,username=root:password# + true + + + + + + + true + true + local + linux + + + + dhcp + eth0 + onboot + + + + false + + + + + #INCLUDE:../scripts/pre.sles# + #INCLUDE:../scripts/chroot.sles# + #INCLUDE:../scripts/post.sles11# + + + diff --git a/xCAT/postscripts/getcredentials.awk b/xCAT/postscripts/getcredentials.awk index 9343897a6..83d180859 100755 --- a/xCAT/postscripts/getcredentials.awk +++ b/xCAT/postscripts/getcredentials.awk @@ -1,6 +1,10 @@ #!/usr/bin/awk -f BEGIN { - server = "/inet/tcp/0/127.0.0.1/400" + if (ENVIRON["USEOPENSSLFORXCAT"]) { + server = "openssl s_client -quiet -connect " ENVIRON["XCATSERVER"] + } else { + server = "/inet/tcp/0/127.0.0.1/400" + } quit = "no" diff --git a/xCAT/postscripts/getpostscript.awk b/xCAT/postscripts/getpostscript.awk index f6ea24b96..0b14fc541 100755 --- a/xCAT/postscripts/getpostscript.awk +++ b/xCAT/postscripts/getpostscript.awk @@ -1,5 +1,12 @@ #!/usr/bin/awk -f BEGIN { + if (ENVIRON["USEOPENSSLFORXCAT"]) { + server = "openssl s_client -quiet -connect " ENVIRON["XCATSERVER"] + } else { + server = "/inet/tcp/0/127.0.0.1/400" + } + + server = "/inet/tcp/0/127.0.0.1/400" quit = "no" diff --git a/xCAT/postscripts/remoteshell b/xCAT/postscripts/remoteshell index 489b2acb5..3cac45b3d 100755 --- a/xCAT/postscripts/remoteshell +++ b/xCAT/postscripts/remoteshell @@ -38,7 +38,12 @@ fi # cp /xcatpost/hostkeys/*_key /etc/ssh/ #fi if [ ! -x /usr/sbin/stunnel -a ! -x /usr/bin/stunnel ]; then #Stop if no stunnel to help the next bit - exit 0 + if [ -x /usr/bin/openssl ]; then + USEOPENSSLFORXCAT=1 + export USEOPENSSLFORXCAT + else + exit 0 + fi fi allowcred.awk & CREDPID=$! diff --git a/xCAT/postscripts/xcatclient b/xCAT/postscripts/xcatclient index 28a5158f4..62453a8ac 100755 --- a/xCAT/postscripts/xcatclient +++ b/xCAT/postscripts/xcatclient @@ -5,8 +5,13 @@ # if [ ! -x /usr/sbin/stunnel -a ! -x /usr/bin/stunnel ]; then #Stop if no stunnel to help the next bit - exit 0 + if [ -x /usr/bin/openssl ]; then #Unless we have openssl, then instruct awk scripts to do that instead of stunnel + USEOPENSSLFORXCAT=1 + export USEOPENSSLFORXCAT + else + exit 0 fi +fi allowcred.awk & CREDPID=$! sleep 1 diff --git a/xCAT/postscripts/xcatdsklspost b/xCAT/postscripts/xcatdsklspost index 639583040..680cc4384 100755 --- a/xCAT/postscripts/xcatdsklspost +++ b/xCAT/postscripts/xcatdsklspost @@ -38,10 +38,11 @@ if grep 'rw /rw tmpfs ' /proc/mounts >& /dev/null; then fi -mkdir -p /etc/stunnel -mkdir -p /var/stunnel -mkdir -p /usr/var/run/stunnel #at least for SLES11 - +if [ -x /usr/bin/stunnel -o -x /usr/sbin/stunnel ]; then + mkdir -p /etc/stunnel + mkdir -p /var/stunnel + mkdir -p /usr/var/run/stunnel #at least for SLES11 + cat > /etc/stunnel/stunnel.conf << EOF client=yes foreground=no @@ -54,6 +55,12 @@ EOF echo "connect=$SIP:3001" >> /etc/stunnel/stunnel.conf stunnel; sleep 1; +elif [ -x /usr/bin/openssl ]; then + XCATSERVER="$SIP:3001" + export XCATSERVER + USEOPENSSLFORXCAT=1 + export USEOPENSSLFORXCAT +fi mkdir -p /xcatpost; mkdir -p /tmp/postage rm -R -f /xcatpost/* @@ -109,8 +116,10 @@ if [ -x /tmp/mypostscript ];then fi rm -f /tmp/mypostscript +if [ -x /usr/bin/stunnel -o -x /usr/sbin/stunnel ]; then killall stunnel rm -rf /etc/stunnel +fi #tell user it is done when this is called by updatenode command if [ $# -gt 0 ]; then diff --git a/xCAT/postscripts/xcatserver b/xCAT/postscripts/xcatserver index 4071ee15a..0f3660d94 100755 --- a/xCAT/postscripts/xcatserver +++ b/xCAT/postscripts/xcatserver @@ -5,8 +5,13 @@ # if [ ! -x /usr/sbin/stunnel -a ! -x /usr/bin/stunnel ]; then #Stop if no stunnel to help the next bit - exit 0 + if [ -x /usr/bin/openssl ]; then + USEOPENSSLFORXCAT=1 + export USEOPENSSLFORXCAT + else + exit 0 fi +fi allowcred.awk & CREDPID=$! sleep 1