-Try to eliminate stunnel requirement in SLES11. This approach is cleaner and I would like to switch completely to it across the board when less risky
git-svn-id: https://svn.code.sf.net/p/xcat/code/xcat-core/trunk@3131 8638fb3e-16cb-4fca-ae20-7b5d299a9bcd
This commit is contained in:
parent
6dea0dea97
commit
9f63ade940
@ -75,21 +75,26 @@ do
|
||||
|
||||
if [ "$?" = "0" ]
|
||||
then
|
||||
rpm -ivh $i/post/otherpkgs/sles11/$NODE_ARCH/stunnel*.rpm
|
||||
mkdir -p /usr/var/run/stunnel
|
||||
mkdir -p /var/stunnel
|
||||
if [ -x /usr/sbin/stunnel ]; then #Stop if no stunnel to help the next bit
|
||||
echo client=yes > /etc/stunnel/stunnel.conf
|
||||
echo foreground=no >> /etc/stunnel/stunnel.conf
|
||||
echo output=/dev/null >> /etc/stunnel/stunnel.conf
|
||||
echo verify=0 >> /etc/stunnel/stunnel.conf
|
||||
echo '[xcatd]' >> /etc/stunnel/stunnel.conf
|
||||
echo accept=400 >> /etc/stunnel/stunnel.conf
|
||||
echo connect=$i:3001 >> /etc/stunnel/stunnel.conf
|
||||
if [ -x /usr/bin/stunnel ]; then
|
||||
USEOPENSSLFORXCAT=1
|
||||
export USEOPENSSLFORXCAT
|
||||
else
|
||||
rpm -ivh $i/post/otherpkgs/sles11/$NODE_ARCH/stunnel*.rpm
|
||||
mkdir -p /usr/var/run/stunnel
|
||||
mkdir -p /var/stunnel
|
||||
if [ -x /usr/sbin/stunnel ]; then #Stop if no stunnel to help the next bit
|
||||
echo client=yes > /etc/stunnel/stunnel.conf
|
||||
echo foreground=no >> /etc/stunnel/stunnel.conf
|
||||
echo output=/dev/null >> /etc/stunnel/stunnel.conf
|
||||
echo verify=0 >> /etc/stunnel/stunnel.conf
|
||||
echo '[xcatd]' >> /etc/stunnel/stunnel.conf
|
||||
echo accept=400 >> /etc/stunnel/stunnel.conf
|
||||
echo connect=$i:3001 >> /etc/stunnel/stunnel.conf
|
||||
|
||||
stunnel
|
||||
STUN_PID=$!
|
||||
sleep 1
|
||||
stunnel
|
||||
STUN_PID=$!
|
||||
sleep 1
|
||||
fi
|
||||
fi
|
||||
mv $i/postscripts /xcatpost
|
||||
rm -rf $i
|
||||
@ -122,7 +127,9 @@ cd /
|
||||
/xcatpost/#TABLE:nodelist:$NODE:node#
|
||||
rm -Rf /xcatpost
|
||||
rm -f /tmp/mypostscript
|
||||
rm -f /etc/stunnel/stunnel.conf
|
||||
if [ ! -x /usr/bin/stunnel ]; then
|
||||
rm -f /etc/stunnel/stunnel.conf
|
||||
fi
|
||||
rmdir /xcatpost
|
||||
]]>
|
||||
|
||||
|
85
xCAT-server/share/xcat/install/sles/compute.sles11.tmpl
Normal file
85
xCAT-server/share/xcat/install/sles/compute.sles11.tmpl
Normal file
@ -0,0 +1,85 @@
|
||||
<?xml version="1.0"?>
|
||||
<!DOCTYPE profile SYSTEM "/usr/share/YaST2/include/autoinstall/profile.dtd">
|
||||
<profile xmlns="http://www.suse.com/1.0/yast2ns" xmlns:config="http://www.suse.com/1.0/configns">
|
||||
<install>
|
||||
<bootloader>
|
||||
<write_bootloader config:type="boolean">true</write_bootloader>
|
||||
<activate config:type="boolean">true</activate>
|
||||
<kernel_parameters></kernel_parameters>
|
||||
<lba_support config:type="boolean">false</lba_support>
|
||||
<linear config:type="boolean">false</linear>
|
||||
<location>mbr</location>
|
||||
</bootloader>
|
||||
<general>
|
||||
<clock>
|
||||
<hwclock>GMT</hwclock>
|
||||
<timezone>#TABLE:site:key=timezone:value#</timezone>
|
||||
</clock>
|
||||
<keyboard>
|
||||
<keymap>english-us</keymap>
|
||||
</keyboard>
|
||||
<language>en_US</language>
|
||||
<mode>
|
||||
<confirm config:type="boolean">false</confirm>
|
||||
<forceboot config:type="boolean">false</forceboot>
|
||||
<interactive_boot config:type="boolean">false</interactive_boot>
|
||||
<reboot config:type="boolean">true</reboot>
|
||||
</mode>
|
||||
<mouse>
|
||||
<id>non</id>
|
||||
</mouse>
|
||||
</general>
|
||||
<partitioning config:type="list">
|
||||
<drive>
|
||||
<device>/dev/sda</device>
|
||||
<initialize config:type="boolean">true</initialize>
|
||||
<use>all</use>
|
||||
</drive>
|
||||
</partitioning>
|
||||
<software>
|
||||
<patterns config:type="list">
|
||||
<pattern>base</pattern>
|
||||
<pattern>x11</pattern>
|
||||
</patterns>
|
||||
<packages config:type="list">
|
||||
<package>xntp</package>
|
||||
<package>rsync</package>
|
||||
</packages>
|
||||
</software>
|
||||
</install>
|
||||
<configure>
|
||||
<users config:type="list">
|
||||
<user>
|
||||
<username>root</username>
|
||||
<user_password>#CRYPT:passwd:key=system,username=root:password#</user_password>
|
||||
<encrypted config:type="boolean">true</encrypted>
|
||||
<forename/>
|
||||
<surname/>
|
||||
</user>
|
||||
</users>
|
||||
<networking>
|
||||
<dns>
|
||||
<dhcp_hostname config:type="boolean">true</dhcp_hostname>
|
||||
<dhcp_resolv config:type="boolean">true</dhcp_resolv>
|
||||
<domain>local</domain>
|
||||
<hostname>linux</hostname>
|
||||
</dns>
|
||||
<interfaces config:type="list">
|
||||
<interface>
|
||||
<bootproto>dhcp</bootproto>
|
||||
<device>eth0</device>
|
||||
<startmode>onboot</startmode>
|
||||
</interface>
|
||||
</interfaces>
|
||||
<routing>
|
||||
<ip_forward config:type="boolean">false</ip_forward>
|
||||
<routes config:type="list"/>
|
||||
</routing>
|
||||
</networking>
|
||||
<scripts>
|
||||
#INCLUDE:../scripts/pre.sles#
|
||||
#INCLUDE:../scripts/chroot.sles#
|
||||
#INCLUDE:../scripts/post.sles11#
|
||||
</scripts>
|
||||
</configure>
|
||||
</profile>
|
@ -1,6 +1,10 @@
|
||||
#!/usr/bin/awk -f
|
||||
BEGIN {
|
||||
server = "/inet/tcp/0/127.0.0.1/400"
|
||||
if (ENVIRON["USEOPENSSLFORXCAT"]) {
|
||||
server = "openssl s_client -quiet -connect " ENVIRON["XCATSERVER"]
|
||||
} else {
|
||||
server = "/inet/tcp/0/127.0.0.1/400"
|
||||
}
|
||||
quit = "no"
|
||||
|
||||
|
||||
|
@ -1,5 +1,12 @@
|
||||
#!/usr/bin/awk -f
|
||||
BEGIN {
|
||||
if (ENVIRON["USEOPENSSLFORXCAT"]) {
|
||||
server = "openssl s_client -quiet -connect " ENVIRON["XCATSERVER"]
|
||||
} else {
|
||||
server = "/inet/tcp/0/127.0.0.1/400"
|
||||
}
|
||||
|
||||
|
||||
server = "/inet/tcp/0/127.0.0.1/400"
|
||||
quit = "no"
|
||||
|
||||
|
@ -38,7 +38,12 @@ fi
|
||||
# cp /xcatpost/hostkeys/*_key /etc/ssh/
|
||||
#fi
|
||||
if [ ! -x /usr/sbin/stunnel -a ! -x /usr/bin/stunnel ]; then #Stop if no stunnel to help the next bit
|
||||
exit 0
|
||||
if [ -x /usr/bin/openssl ]; then
|
||||
USEOPENSSLFORXCAT=1
|
||||
export USEOPENSSLFORXCAT
|
||||
else
|
||||
exit 0
|
||||
fi
|
||||
fi
|
||||
allowcred.awk &
|
||||
CREDPID=$!
|
||||
|
@ -5,8 +5,13 @@
|
||||
#
|
||||
|
||||
if [ ! -x /usr/sbin/stunnel -a ! -x /usr/bin/stunnel ]; then #Stop if no stunnel to help the next bit
|
||||
exit 0
|
||||
if [ -x /usr/bin/openssl ]; then #Unless we have openssl, then instruct awk scripts to do that instead of stunnel
|
||||
USEOPENSSLFORXCAT=1
|
||||
export USEOPENSSLFORXCAT
|
||||
else
|
||||
exit 0
|
||||
fi
|
||||
fi
|
||||
allowcred.awk &
|
||||
CREDPID=$!
|
||||
sleep 1
|
||||
|
@ -38,10 +38,11 @@ if grep 'rw /rw tmpfs ' /proc/mounts >& /dev/null; then
|
||||
fi
|
||||
|
||||
|
||||
mkdir -p /etc/stunnel
|
||||
mkdir -p /var/stunnel
|
||||
mkdir -p /usr/var/run/stunnel #at least for SLES11
|
||||
|
||||
if [ -x /usr/bin/stunnel -o -x /usr/sbin/stunnel ]; then
|
||||
mkdir -p /etc/stunnel
|
||||
mkdir -p /var/stunnel
|
||||
mkdir -p /usr/var/run/stunnel #at least for SLES11
|
||||
|
||||
cat > /etc/stunnel/stunnel.conf << EOF
|
||||
client=yes
|
||||
foreground=no
|
||||
@ -54,6 +55,12 @@ EOF
|
||||
echo "connect=$SIP:3001" >> /etc/stunnel/stunnel.conf
|
||||
stunnel;
|
||||
sleep 1;
|
||||
elif [ -x /usr/bin/openssl ]; then
|
||||
XCATSERVER="$SIP:3001"
|
||||
export XCATSERVER
|
||||
USEOPENSSLFORXCAT=1
|
||||
export USEOPENSSLFORXCAT
|
||||
fi
|
||||
mkdir -p /xcatpost;
|
||||
mkdir -p /tmp/postage
|
||||
rm -R -f /xcatpost/*
|
||||
@ -109,8 +116,10 @@ if [ -x /tmp/mypostscript ];then
|
||||
fi
|
||||
rm -f /tmp/mypostscript
|
||||
|
||||
if [ -x /usr/bin/stunnel -o -x /usr/sbin/stunnel ]; then
|
||||
killall stunnel
|
||||
rm -rf /etc/stunnel
|
||||
fi
|
||||
|
||||
#tell user it is done when this is called by updatenode command
|
||||
if [ $# -gt 0 ]; then
|
||||
|
@ -5,8 +5,13 @@
|
||||
#
|
||||
|
||||
if [ ! -x /usr/sbin/stunnel -a ! -x /usr/bin/stunnel ]; then #Stop if no stunnel to help the next bit
|
||||
exit 0
|
||||
if [ -x /usr/bin/openssl ]; then
|
||||
USEOPENSSLFORXCAT=1
|
||||
export USEOPENSSLFORXCAT
|
||||
else
|
||||
exit 0
|
||||
fi
|
||||
fi
|
||||
allowcred.awk &
|
||||
CREDPID=$!
|
||||
sleep 1
|
||||
|
Loading…
Reference in New Issue
Block a user