From d75a65da278fd19cac6a27e0a41f46c67e641e65 Mon Sep 17 00:00:00 2001 From: lissav Date: Thu, 20 Dec 2007 19:04:51 +0000 Subject: [PATCH] Add support for xdsh -K to update ssh keys on the nodes git-svn-id: https://svn.code.sf.net/p/xcat/code/xcat-core/trunk@202 8638fb3e-16cb-4fca-ae20-7b5d299a9bcd --- xCAT-server-2.0/sbin/remoteshell.expect | 383 ++++++++++++++++++++++++ 1 file changed, 383 insertions(+) create mode 100644 xCAT-server-2.0/sbin/remoteshell.expect diff --git a/xCAT-server-2.0/sbin/remoteshell.expect b/xCAT-server-2.0/sbin/remoteshell.expect new file mode 100644 index 000000000..f3755dcc4 --- /dev/null +++ b/xCAT-server-2.0/sbin/remoteshell.expect @@ -0,0 +1,383 @@ +#!/usr/bin/expect -- +# IBM(c) 2007 EPL license http://www.eclipse.org/legal/epl-v10.html +# +# sets up ssh on the input node list +# called from by xdsh -K command +# +# DSH_REMOTE_CMD set to path to remote shell (ssh) +# root password must agree on all the nodes +# +# Usage: remoteshell.expect +# [-t remote_shell hostname] test the remoteshell on the host +# [-k] Generates the ssh keys needed +# [-n hostname] - gather ssh keys for the hostname +# [-s node_list] +# [-h ] usage +# +# exit 0 - good +# exit 1 - abort +# exit 2 - usage error +# +# +################################################################################ + +set timeout 80 +log_user 0 + +#Clear xdsh environment variables + +set empty "" + +# path to remote command +if { [info exists env(DSH_REMOTE_CMD)] } { + set remoteshell $env(DSH_REMOTE_CMD) +} else { + set remoteshell "/bin/ssh" +} +if { [info exists env(XCATROOT)] } { + set xcatroot $env(XCATROOT) +} else { + set xcatroot "/opt/xcat" +} +if { [info exists env(XCAT_UPD_MULTNODES)] } { + set manynodes $env(XCAT_UPD_MULTNODES) +} else { + set manynodes "" +} +# +# check input arguments +# +if { [llength $argv] != 0 } { + if { [string compare "-h" [lindex $argv 0]] ==0 } { # usage + + puts "Usage: remoteshell.expect" + puts " -t remote_shell hostname - test the remoteshell on the host" + puts " -k Generates the ssh keys needed" + puts " -n hostname - gather ssh keys for the hostname" + puts " -s node_list - copies keys to the nodes" + puts " -h usage" + exit 0 + } + # -t means test to see if the shell is already setup + if { [string compare "-t" [lindex $argv 0]] ==0 } { + set env(LC_ALL) "C" + set pid [ spawn [lindex $argv 1] [lindex $argv 2] -l root echo test.success ] + expect { + timeout { exit 1 } + "Are you sure you want to continue connecting (yes/no)?" { + exec /bin/kill $pid + exit 1 + } + "*ssword*" { + exec /bin/kill $pid + exit 1 + } + "Permission denied." { + exit 1 + } + "test.success" { + exit 0 + } + } + exit 1 + } elseif { [string compare "-k" [lindex $argv 0]] ==0 } { + # -k means copy the keys to the nodes + set home [exec /usr/bin/perl -e {$user = $ENV{'USER'} ? $ENV{'USER'} : "root"; @info = getpwnam($user); print $info[7] . "\n";}] + if { [string compare $home $empty] ==0 } { + set home $env(HOME) + } + # check to see if ssh rsa1 keys exists, if not generate it + if {![file exists "$home/.ssh/identity"]} { # key does not exist + set env(LC_ALL) "C" + spawn /usr/bin/ssh-keygen -t rsa1 + expect "Generating public/private rsa1" + expect -re "Enter file.*:" + send "\r" + expect -re "Enter passphrase.*:" + send "\r" + expect -re "Enter same passphrase.*:" + send "\r" + expect eof + } elseif {[file exists "$home/.ssh/identity"] &&([file size "$home/.ssh/identity"] == 0)} { # key exists + set env(LC_ALL) "C" + spawn /usr/bin/ssh-keygen -t rsa1 + expect "Generating public/private rsa1" + expect -re "Enter file.*:" + send "\r" + expect -re "Overwrite.*\(y/n\)\?" + send "y\r" + expect -re "Enter passphrase.*:" + send "\r" + expect -re "Enter same passphrase.*:" + send "\r" + expect eof + } + + # check to see if ssh rsa keys exists, if not generate it + if {![file exists "$home/.ssh/id_rsa"]} { + set env(LC_ALL) "C" + spawn /usr/bin/ssh-keygen -t rsa + expect "Generating public/private rsa" + expect -re "Enter file.*:" + send "\r" + expect -re "Enter passphrase.*:" + send "\r" + expect -re "Enter same passphrase.*:" + send "\r" + expect eof + } elseif {[file exists "$home/.ssh/id_rsa"] &&([file size "$home/.ssh/id_rsa"] == 0)} { + set env(LC_ALL) "C" + spawn /usr/bin/ssh-keygen -t rsa + expect "Generating public/private rsa" + expect -re "Enter file.*:" + send "\r" + expect -re "Overwrite.*\(y/n\)\?" + send "y\r" + expect -re "Enter passphrase.*:" + send "\r" + expect -re "Enter same passphrase.*:" + send "\r" + expect eof + } + + # check to see if ssh dsa keys exists, if not generate it + if {![file exists "$home/.ssh/id_dsa"]} { + set env(LC_ALL) "C" + spawn /usr/bin/ssh-keygen -t dsa + expect "Generating public/private dsa" + expect -re "Enter file.*:" + send "\r" + expect -re "Enter passphrase.*:" + send "\r" + expect -re "Enter same passphrase.*:" + send "\r" + expect eof + } elseif {[file exists "$home/.ssh/id_dsa"] && ([file size "$home/.ssh/id_dsa"] == 0)} { + set env(LC_ALL) "C" + spawn /usr/bin/ssh-keygen -t dsa + expect "Generating public/private dsa" + expect -re "Enter file.*:" + send "\r" + expect -re "Overwrite.*\(y/n\)\?" + send "y\r" + expect -re "Enter passphrase.*:" + send "\r" + expect -re "Enter same passphrase.*:" + send "\r" + expect eof + } + } elseif { [string compare "-n" [lindex $argv 0]] ==0 } { + #gather ssh host keys + set hostname [lindex $argv 1] + set hlist [split $hostname '.'] + set name "" + set nlist "" + set j [llength $hlist] + for { set i 0 } { $i<$j} {incr i } { + set element [lindex $hlist $i] + if { $i == 0 } { + set name $element + } else { + + set name "$name.$element" + } + lappend nlist $name + } + + foreach hn $nlist { + set env(LC_ALL) "C" + set pid [ spawn $remoteshell $hn -l root echo test.success ] + expect { + "Are you sure you want to continue connecting (yes/no)?" { + send "yes\r" + exp_continue + } + "*ssword*" { + exec /bin/kill $pid + } + "test.success" { continue } + } + } + } elseif { [string compare "-s" [lindex $argv 0]] ==0 } { + set nodes [lindex $argv 1] + set empty "" + if { [string compare $nodes $empty] ==0 } { + #no target + exit 1 + } + set nodelist [split $nodes ','] + set nodelist2 $nodelist + set printlist [ join $nodelist ", " ] + set scp "/usr/bin/scp" + set directory "/install/postscripts/.ssh" + if { [info exists env(XCAT_REMOTE_PASSWORD)] } { + set word $env(XCAT_REMOTE_PASSWORD) + } else { + exec /bin/stty -echo + set timeout 360 + puts "Enter the password for the userid (usually root) used to access the following target nodes: $printlist" + expect_user "*\n" + set timeout 80 + exec /bin/stty echo + set word $expect_out(buffer) + set expect_out(buffer) "" + send_user "\n" + } + foreach node $nodelist { + set env(LC_ALL) "C" + set pid [ spawn $scp -r -p $directory root\@$node:/tmp ] + expect { + "Are you sure you want to continue connecting (yes/no)?" { + send "yes\r" + exp_continue + } + "*ssword*" { + send "$word\r" + exp_continue + } + "Permission denied*" { + exec /bin/kill $pid + } + } + set pid [ spawn $remoteshell $node -l root /tmp/.ssh/copy.perl ] + expect { + "Are you sure you want to continue connecting (yes/no)?" { + send "yes\r" + exp_continue + } + "*ssword*" { + send "$word\r" + exp_continue + } + "Permission denied*" { + exec /bin/kill $pid + } + } + } + set word "" + set failed "0" + foreach node $nodelist2 { + set hostname $node + set hlist [split $hostname '.'] + set name "" + set nlist "" + set j [llength $hlist] + for { set i 0 } { $i<$j} {incr i } { + set element [lindex $hlist $i] + if { $i == 0 } { + set name $element + } else { + set name "$name.$element" + } + lappend nlist $name + } + foreach hn $nlist { + set env(LC_ALL) "C" + set pid [ spawn $remoteshell $hn -l root echo test.success ] + expect { + "Are you sure you want to continue connecting (yes/no)?" { + send "yes\r" + exp_continue + } + "*ssword*" { + exec /bin/kill $pid + set failed "1" + } + "*refused." { + exec /bin/kill $pid + set failed "1" + } + "Permission denied*" { + exec /bin/kill $pid + set failed "1" + } + timeout { + exec /bin/kill $pid + set failed "1" + } + "test.success" { continue } + } + } + } + if { [string compare "1" $failed ] ==0 } { + exit 1 + } else { + exit 0 + } + } elseif { [string compare "-d" [lindex $argv 0]] ==0 } { + # check xdsh ping to verify + set env(DSH_PING_VERIFY) "1" + set env(DSH_LIST) [lindex $argv 1] + log_user 1 + set timeout 360 + set env(LC_ALL) "C" + if { [info exists env(XCAT_PING)] } { + set pid [ spawn "$xcatroot/bin/xdsh" -B -v -t 80 /bin/echo test.success ] + } else { + set pid [ spawn "$xcatroot/bin/xdsh" -B -t 80 /bin/echo test.success ] + } + expect { + timeout { + exec /bin/kill $pid + set failed "1" + } + } + log_user 0 + set timeout 80 + } elseif { [string compare "-dn" [lindex $argv 0]] ==0 } { + # check xdsh ping nodes + set env(DSH_PING_VERIFY) "1" + #set env(DSH_LIST) [lindex $argv 1] + set node [lindex $argv 1] + log_user 1 + set timeout 360 + set env(LC_ALL) "C" + if { [info exists env(XCAT_PING)] } { + set pid [ spawn "$xcatroot/bin/xdsh" $node -B -v -t 80 /bin/echo test.success ] + } else { # no verify + set pid [ spawn "$xcatroot/bin/xdsh" $node -B -t 80 /bin/echo test.success ] + } + expect { + timeout { + exec /bin/kill $pid + set failed "1" + } + } + log_user 0 + set timeout 80 + } elseif { [string compare "-ds" [lindex $argv 0]] ==0 } { + # check dsh, ssh with options + set env(DSH_PING_VERIFY) "1" + set env(DSH_LIST) [lindex $argv 1] + log_user 1 + set timeout 360 + set env(LC_ALL) "C" + if { [info exists env(XCAT_PING)] } { + set pid [ spawn $xcatroot/bin/xdsh -B -v -o "-o BatchMode=yes" -t 80 /bin/echo test.success ] + } else { # no verify + set pid [ spawn $xcatroot/bin/xdsh -B -o "-o BatchMode=yes" -t 80 /bin/echo test.success ] + } + expect { + timeout { + exec /bin/kill $pid + set failed "1" + } + } + log_user 0 + set timeout 80 + } else { # usage error + puts "Usage: remoteshell.expect" + puts " -t remote_shell hostname - test the remoteshell on the host" + puts " -k Generates the ssh keys needed" + puts " -n hostname - gather ssh keys for the hostname" + puts " -s node_list - copies keys to the nodes" + exit 2 + } +} else { # usage error + puts "Usage: remoteshell.expect" + puts " -t remote_shell hostname - test the remoteshell on the host" + puts " -k Generates the ssh keys needed" + puts " -n hostname - gather ssh keys for the hostname" + puts " -s node_list - copies keys to the nodes" + exit 2 +}