-Try to eliminate stunnel requirement in SLES11. This approach is cleaner and I would like to switch completely to it across the board when less risky

git-svn-id: https://svn.code.sf.net/p/xcat/code/xcat-core/trunk@3131 8638fb3e-16cb-4fca-ae20-7b5d299a9bcd
This commit is contained in:
jbjohnso 2009-04-08 14:44:16 +00:00
parent 6dea0dea97
commit 9f63ade940
8 changed files with 150 additions and 23 deletions

View File

@ -75,21 +75,26 @@ do
if [ "$?" = "0" ]
then
rpm -ivh $i/post/otherpkgs/sles11/$NODE_ARCH/stunnel*.rpm
mkdir -p /usr/var/run/stunnel
mkdir -p /var/stunnel
if [ -x /usr/sbin/stunnel ]; then #Stop if no stunnel to help the next bit
echo client=yes > /etc/stunnel/stunnel.conf
echo foreground=no >> /etc/stunnel/stunnel.conf
echo output=/dev/null >> /etc/stunnel/stunnel.conf
echo verify=0 >> /etc/stunnel/stunnel.conf
echo '[xcatd]' >> /etc/stunnel/stunnel.conf
echo accept=400 >> /etc/stunnel/stunnel.conf
echo connect=$i:3001 >> /etc/stunnel/stunnel.conf
if [ -x /usr/bin/stunnel ]; then
USEOPENSSLFORXCAT=1
export USEOPENSSLFORXCAT
else
rpm -ivh $i/post/otherpkgs/sles11/$NODE_ARCH/stunnel*.rpm
mkdir -p /usr/var/run/stunnel
mkdir -p /var/stunnel
if [ -x /usr/sbin/stunnel ]; then #Stop if no stunnel to help the next bit
echo client=yes > /etc/stunnel/stunnel.conf
echo foreground=no >> /etc/stunnel/stunnel.conf
echo output=/dev/null >> /etc/stunnel/stunnel.conf
echo verify=0 >> /etc/stunnel/stunnel.conf
echo '[xcatd]' >> /etc/stunnel/stunnel.conf
echo accept=400 >> /etc/stunnel/stunnel.conf
echo connect=$i:3001 >> /etc/stunnel/stunnel.conf
stunnel
STUN_PID=$!
sleep 1
stunnel
STUN_PID=$!
sleep 1
fi
fi
mv $i/postscripts /xcatpost
rm -rf $i
@ -122,7 +127,9 @@ cd /
/xcatpost/#TABLE:nodelist:$NODE:node#
rm -Rf /xcatpost
rm -f /tmp/mypostscript
rm -f /etc/stunnel/stunnel.conf
if [ ! -x /usr/bin/stunnel ]; then
rm -f /etc/stunnel/stunnel.conf
fi
rmdir /xcatpost
]]>

View File

@ -0,0 +1,85 @@
<?xml version="1.0"?>
<!DOCTYPE profile SYSTEM "/usr/share/YaST2/include/autoinstall/profile.dtd">
<profile xmlns="http://www.suse.com/1.0/yast2ns" xmlns:config="http://www.suse.com/1.0/configns">
<install>
<bootloader>
<write_bootloader config:type="boolean">true</write_bootloader>
<activate config:type="boolean">true</activate>
<kernel_parameters></kernel_parameters>
<lba_support config:type="boolean">false</lba_support>
<linear config:type="boolean">false</linear>
<location>mbr</location>
</bootloader>
<general>
<clock>
<hwclock>GMT</hwclock>
<timezone>#TABLE:site:key=timezone:value#</timezone>
</clock>
<keyboard>
<keymap>english-us</keymap>
</keyboard>
<language>en_US</language>
<mode>
<confirm config:type="boolean">false</confirm>
<forceboot config:type="boolean">false</forceboot>
<interactive_boot config:type="boolean">false</interactive_boot>
<reboot config:type="boolean">true</reboot>
</mode>
<mouse>
<id>non</id>
</mouse>
</general>
<partitioning config:type="list">
<drive>
<device>/dev/sda</device>
<initialize config:type="boolean">true</initialize>
<use>all</use>
</drive>
</partitioning>
<software>
<patterns config:type="list">
<pattern>base</pattern>
<pattern>x11</pattern>
</patterns>
<packages config:type="list">
<package>xntp</package>
<package>rsync</package>
</packages>
</software>
</install>
<configure>
<users config:type="list">
<user>
<username>root</username>
<user_password>#CRYPT:passwd:key=system,username=root:password#</user_password>
<encrypted config:type="boolean">true</encrypted>
<forename/>
<surname/>
</user>
</users>
<networking>
<dns>
<dhcp_hostname config:type="boolean">true</dhcp_hostname>
<dhcp_resolv config:type="boolean">true</dhcp_resolv>
<domain>local</domain>
<hostname>linux</hostname>
</dns>
<interfaces config:type="list">
<interface>
<bootproto>dhcp</bootproto>
<device>eth0</device>
<startmode>onboot</startmode>
</interface>
</interfaces>
<routing>
<ip_forward config:type="boolean">false</ip_forward>
<routes config:type="list"/>
</routing>
</networking>
<scripts>
#INCLUDE:../scripts/pre.sles#
#INCLUDE:../scripts/chroot.sles#
#INCLUDE:../scripts/post.sles11#
</scripts>
</configure>
</profile>

View File

@ -1,6 +1,10 @@
#!/usr/bin/awk -f
BEGIN {
server = "/inet/tcp/0/127.0.0.1/400"
if (ENVIRON["USEOPENSSLFORXCAT"]) {
server = "openssl s_client -quiet -connect " ENVIRON["XCATSERVER"]
} else {
server = "/inet/tcp/0/127.0.0.1/400"
}
quit = "no"

View File

@ -1,5 +1,12 @@
#!/usr/bin/awk -f
BEGIN {
if (ENVIRON["USEOPENSSLFORXCAT"]) {
server = "openssl s_client -quiet -connect " ENVIRON["XCATSERVER"]
} else {
server = "/inet/tcp/0/127.0.0.1/400"
}
server = "/inet/tcp/0/127.0.0.1/400"
quit = "no"

View File

@ -38,7 +38,12 @@ fi
# cp /xcatpost/hostkeys/*_key /etc/ssh/
#fi
if [ ! -x /usr/sbin/stunnel -a ! -x /usr/bin/stunnel ]; then #Stop if no stunnel to help the next bit
exit 0
if [ -x /usr/bin/openssl ]; then
USEOPENSSLFORXCAT=1
export USEOPENSSLFORXCAT
else
exit 0
fi
fi
allowcred.awk &
CREDPID=$!

View File

@ -5,8 +5,13 @@
#
if [ ! -x /usr/sbin/stunnel -a ! -x /usr/bin/stunnel ]; then #Stop if no stunnel to help the next bit
exit 0
if [ -x /usr/bin/openssl ]; then #Unless we have openssl, then instruct awk scripts to do that instead of stunnel
USEOPENSSLFORXCAT=1
export USEOPENSSLFORXCAT
else
exit 0
fi
fi
allowcred.awk &
CREDPID=$!
sleep 1

View File

@ -38,10 +38,11 @@ if grep 'rw /rw tmpfs ' /proc/mounts >& /dev/null; then
fi
mkdir -p /etc/stunnel
mkdir -p /var/stunnel
mkdir -p /usr/var/run/stunnel #at least for SLES11
if [ -x /usr/bin/stunnel -o -x /usr/sbin/stunnel ]; then
mkdir -p /etc/stunnel
mkdir -p /var/stunnel
mkdir -p /usr/var/run/stunnel #at least for SLES11
cat > /etc/stunnel/stunnel.conf << EOF
client=yes
foreground=no
@ -54,6 +55,12 @@ EOF
echo "connect=$SIP:3001" >> /etc/stunnel/stunnel.conf
stunnel;
sleep 1;
elif [ -x /usr/bin/openssl ]; then
XCATSERVER="$SIP:3001"
export XCATSERVER
USEOPENSSLFORXCAT=1
export USEOPENSSLFORXCAT
fi
mkdir -p /xcatpost;
mkdir -p /tmp/postage
rm -R -f /xcatpost/*
@ -109,8 +116,10 @@ if [ -x /tmp/mypostscript ];then
fi
rm -f /tmp/mypostscript
if [ -x /usr/bin/stunnel -o -x /usr/sbin/stunnel ]; then
killall stunnel
rm -rf /etc/stunnel
fi
#tell user it is done when this is called by updatenode command
if [ $# -gt 0 ]; then

View File

@ -5,8 +5,13 @@
#
if [ ! -x /usr/sbin/stunnel -a ! -x /usr/bin/stunnel ]; then #Stop if no stunnel to help the next bit
exit 0
if [ -x /usr/bin/openssl ]; then
USEOPENSSLFORXCAT=1
export USEOPENSSLFORXCAT
else
exit 0
fi
fi
allowcred.awk &
CREDPID=$!
sleep 1