-Try out ceasing use of stunnel in favor of openssl everywhere
git-svn-id: https://svn.code.sf.net/p/xcat/code/xcat-core/trunk@3643 8638fb3e-16cb-4fca-ae20-7b5d299a9bcd
This commit is contained in:
parent
4b6d9ebcff
commit
e25e9fe30a
@ -38,19 +38,11 @@ do
|
||||
#wget --wait=10 --random-wait --waitretry=10 --retry-connrefused -t 0 -T 60 http://$i/install/autoinst/xcatpost.tar.gz
|
||||
if [ "$?" = "0" ]
|
||||
then
|
||||
if [ -x /usr/sbin/stunnel -o -x /usr/bin/stunnel ]; then #Stop if no stunnel to help the next bit
|
||||
echo client=yes > /etc/stunnel/stunnel.conf
|
||||
echo foreground=yes >> /etc/stunnel/stunnel.conf
|
||||
echo output=/dev/null >> /etc/stunnel/stunnel.conf
|
||||
echo verify=0 >> /etc/stunnel/stunnel.conf
|
||||
echo '[xcatd]' >> /etc/stunnel/stunnel.conf
|
||||
echo accept=400 >> /etc/stunnel/stunnel.conf
|
||||
echo connect=$i:3001 >> /etc/stunnel/stunnel.conf
|
||||
|
||||
stunnel &
|
||||
STUN_PID=$!
|
||||
sleep 1
|
||||
if [ ! -x /usr/bin/openssl ]; then #Stop if no openssl to help the next bit
|
||||
exit 1
|
||||
fi
|
||||
XCATSERVER=$i:3001
|
||||
export XCATSERVER
|
||||
mv $i/postscripts /xcatpost
|
||||
rm -rf $i
|
||||
chmod +x /xcatpost/*
|
||||
@ -92,5 +84,4 @@ updateflag.awk $MASTER 3002
|
||||
cd /
|
||||
rm -Rf /xcatpost
|
||||
rm -f /tmp/mypostscript
|
||||
rm -f /etc/stunnel/stunnel.conf
|
||||
exit 0
|
||||
|
@ -38,19 +38,11 @@ do
|
||||
#wget --wait=10 --random-wait --waitretry=10 --retry-connrefused -t 0 -T 60 http://$i/install/autoinst/xcatpost.tar.gz
|
||||
if [ "$?" = "0" ]
|
||||
then
|
||||
if [ -x /usr/sbin/stunnel -o -x /usr/bin/stunnel ]; then #Stop if no stunnel to help the next bit
|
||||
echo client=yes > /etc/stunnel/stunnel.conf
|
||||
echo foreground=yes >> /etc/stunnel/stunnel.conf
|
||||
echo output=/dev/null >> /etc/stunnel/stunnel.conf
|
||||
echo verify=0 >> /etc/stunnel/stunnel.conf
|
||||
echo '[xcatd]' >> /etc/stunnel/stunnel.conf
|
||||
echo accept=400 >> /etc/stunnel/stunnel.conf
|
||||
echo connect=$i:3001 >> /etc/stunnel/stunnel.conf
|
||||
|
||||
stunnel &
|
||||
STUN_PID=$!
|
||||
sleep 1
|
||||
if [ ! -x /usr/bin/openssl ]; then #Stop if no openssl to help the next bit
|
||||
exit 1;
|
||||
fi
|
||||
XCATSERVER=$i:3001
|
||||
export XCATSERVER
|
||||
mv $i/postscripts /xcatpost
|
||||
rm -rf $i
|
||||
chmod +x /xcatpost/*
|
||||
@ -91,5 +83,4 @@ uploadboot
|
||||
cd /
|
||||
rm -Rf /xcatpost
|
||||
rm -f /tmp/mypostscript
|
||||
rm -f /etc/stunnel/stunnel.conf
|
||||
exit 0
|
||||
|
@ -67,20 +67,11 @@ do
|
||||
wget -l inf -N -r --waitretry=10 --random-wait --retry-connrefused -t 0 -T 60 ftp://$i/postscripts
|
||||
if [ "$?" = "0" ]
|
||||
then
|
||||
mkdir -p /var/stunnel
|
||||
if [ -x /usr/sbin/stunnel ]; then #Stop if no stunnel to help the next bit
|
||||
echo client=yes > /etc/stunnel/stunnel.conf
|
||||
echo foreground=no >> /etc/stunnel/stunnel.conf
|
||||
echo output=/dev/null >> /etc/stunnel/stunnel.conf
|
||||
echo verify=0 >> /etc/stunnel/stunnel.conf
|
||||
echo '[xcatd]' >> /etc/stunnel/stunnel.conf
|
||||
echo accept=400 >> /etc/stunnel/stunnel.conf
|
||||
echo connect=$i:3001 >> /etc/stunnel/stunnel.conf
|
||||
|
||||
stunnel
|
||||
STUN_PID=$!
|
||||
sleep 1
|
||||
if [ ! -x /usr/bin/openssl ]; then #Stop if no openssl to help the next bit
|
||||
exit 1
|
||||
fi
|
||||
XCATSERVER=$i:3001
|
||||
export XCATSERVER
|
||||
mv $i/postscripts /xcatpost
|
||||
rm -rf $i
|
||||
chmod +x /xcatpost/*
|
||||
@ -112,7 +103,6 @@ cd /
|
||||
/xcatpost/#TABLE:nodelist:$NODE:node#
|
||||
rm -Rf /xcatpost
|
||||
rm -f /tmp/mypostscript
|
||||
rm -f /etc/stunnel/stunnel.conf
|
||||
rmdir /xcatpost
|
||||
]]>
|
||||
|
||||
|
@ -41,20 +41,11 @@ do
|
||||
wget -l inf -N -r --waitretry=10 --random-wait --retry-connrefused -t 0 -T 60 ftp://$i/postscripts
|
||||
if [ "$?" = "0" ]
|
||||
then
|
||||
mkdir -p /var/stunnel
|
||||
if [ -x /usr/sbin/stunnel ]; then #Stop if no stunnel to help the next bit
|
||||
echo client=yes > /etc/stunnel/stunnel.conf
|
||||
echo foreground=no >> /etc/stunnel/stunnel.conf
|
||||
echo output=/dev/null >> /etc/stunnel/stunnel.conf
|
||||
echo verify=0 >> /etc/stunnel/stunnel.conf
|
||||
echo '[xcatd]' >> /etc/stunnel/stunnel.conf
|
||||
echo accept=400 >> /etc/stunnel/stunnel.conf
|
||||
echo connect=$i:3001 >> /etc/stunnel/stunnel.conf
|
||||
|
||||
stunnel
|
||||
STUN_PID=$!
|
||||
sleep 1
|
||||
if [ ! -x /usr/bin/openssl ]; then #Stop if no openssl to help the next bit
|
||||
exit 1
|
||||
fi
|
||||
XCATSERVER=$i:3001
|
||||
export XCATSERVER
|
||||
mv $i/postscripts /xcatpost
|
||||
rm -rf $i
|
||||
chmod +x /xcatpost/*
|
||||
@ -86,7 +77,6 @@ cd /
|
||||
/xcatpost/#TABLE:nodelist:$NODE:node#
|
||||
rm -Rf /xcatpost
|
||||
rm -f /tmp/mypostscript
|
||||
rm -f /etc/stunnel/stunnel.conf
|
||||
rmdir /xcatpost
|
||||
]]>
|
||||
|
||||
|
@ -69,29 +69,11 @@ do
|
||||
if [ "$?" = "0" ]
|
||||
then
|
||||
if [ -x /usr/bin/openssl ]; then
|
||||
USEOPENSSLFORXCAT=1
|
||||
export USEOPENSSLFORXCAT
|
||||
XCATSERVER=$i:3001
|
||||
export XCATSERVER
|
||||
else
|
||||
NODE_ARCH=#TABLE:nodetype:$NODE:arch#
|
||||
wget -l inf -N -r --waitretry=10 --random-wait --retry-connrefused -t 0 -T 60 ftp://$i/post/otherpkgs/sles11/$NODE_ARCH
|
||||
rpm -ivh $i/post/otherpkgs/sles11/$NODE_ARCH/stunnel*.rpm
|
||||
mkdir -p /usr/var/run/stunnel
|
||||
mkdir -p /var/stunnel
|
||||
if [ -x /usr/sbin/stunnel ]; then #Stop if no stunnel to help the next bit
|
||||
echo client=yes > /etc/stunnel/stunnel.conf
|
||||
echo foreground=no >> /etc/stunnel/stunnel.conf
|
||||
echo output=/dev/null >> /etc/stunnel/stunnel.conf
|
||||
echo verify=0 >> /etc/stunnel/stunnel.conf
|
||||
echo '[xcatd]' >> /etc/stunnel/stunnel.conf
|
||||
echo accept=400 >> /etc/stunnel/stunnel.conf
|
||||
echo connect=$i:3001 >> /etc/stunnel/stunnel.conf
|
||||
|
||||
stunnel
|
||||
STUN_PID=$!
|
||||
sleep 1
|
||||
fi
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
mv $i/postscripts /xcatpost
|
||||
rm -rf $i
|
||||
@ -124,9 +106,6 @@ cd /
|
||||
/xcatpost/#TABLE:nodelist:$NODE:node#
|
||||
rm -Rf /xcatpost
|
||||
rm -f /tmp/mypostscript
|
||||
if [ ! -x /usr/bin/stunnel ]; then
|
||||
rm -f /etc/stunnel/stunnel.conf
|
||||
fi
|
||||
rmdir /xcatpost
|
||||
]]>
|
||||
|
||||
|
@ -49,29 +49,8 @@ do
|
||||
|
||||
if [ "$?" = "0" ]
|
||||
then
|
||||
if [ -x /usr/bin/openssl ]; then
|
||||
USEOPENSSLFORXCAT=1
|
||||
export USEOPENSSLFORXCAT
|
||||
XCATSERVER=$i:3001
|
||||
export XCATSERVER
|
||||
else
|
||||
rpm -ivh $i/post/otherpkgs/sles11/$NODE_ARCH/stunnel*.rpm
|
||||
mkdir -p /usr/var/run/stunnel
|
||||
mkdir -p /var/stunnel
|
||||
if [ -x /usr/sbin/stunnel ]; then #Stop if no stunnel to help the next bit
|
||||
echo client=yes > /etc/stunnel/stunnel.conf
|
||||
echo foreground=no >> /etc/stunnel/stunnel.conf
|
||||
echo output=/dev/null >> /etc/stunnel/stunnel.conf
|
||||
echo verify=0 >> /etc/stunnel/stunnel.conf
|
||||
echo '[xcatd]' >> /etc/stunnel/stunnel.conf
|
||||
echo accept=400 >> /etc/stunnel/stunnel.conf
|
||||
echo connect=$i:3001 >> /etc/stunnel/stunnel.conf
|
||||
|
||||
stunnel
|
||||
STUN_PID=$!
|
||||
sleep 1
|
||||
fi
|
||||
fi
|
||||
XCATSERVER=$i:3001
|
||||
export XCATSERVER
|
||||
mv $i/postscripts /xcatpost
|
||||
rm -rf $i
|
||||
chmod +x /xcatpost/*
|
||||
@ -103,9 +82,6 @@ cd /
|
||||
/xcatpost/#TABLE:nodelist:$NODE:node#
|
||||
rm -Rf /xcatpost
|
||||
rm -f /tmp/mypostscript
|
||||
if [ ! -x /usr/bin/stunnel ]; then
|
||||
rm -f /etc/stunnel/stunnel.conf
|
||||
fi
|
||||
rmdir /xcatpost
|
||||
]]>
|
||||
|
||||
|
@ -43,7 +43,7 @@
|
||||
<pattern>x11</pattern>
|
||||
</patterns>
|
||||
<packages config:type="list">
|
||||
<package>stunnel</package>
|
||||
<package>openssl</package>
|
||||
<package>xntp</package>
|
||||
<package>rsync</package>
|
||||
</packages>
|
||||
|
@ -42,7 +42,7 @@
|
||||
<pattern>x11</pattern>
|
||||
</patterns>
|
||||
<packages config:type="list">
|
||||
<package>stunnel</package>
|
||||
<package>openssl</package>
|
||||
<package>xntp</package>
|
||||
<package>rsync</package>
|
||||
</packages>
|
||||
|
@ -89,7 +89,6 @@
|
||||
<pattern>32bit</pattern>
|
||||
</patterns>
|
||||
<packages config:type="list">
|
||||
<package>stunnel</package>
|
||||
<package>xntp</package>
|
||||
<package>rsync</package>
|
||||
<package>xen</package>
|
||||
|
@ -1,6 +1,6 @@
|
||||
bash
|
||||
nfs-utils
|
||||
stunnel
|
||||
openssl
|
||||
dhclient
|
||||
kernel
|
||||
openssh-server
|
||||
|
@ -1,6 +1,6 @@
|
||||
bash
|
||||
nfs-utils
|
||||
stunnel
|
||||
openssl
|
||||
dhclient
|
||||
kernel
|
||||
openssh-server
|
||||
|
@ -1,6 +1,6 @@
|
||||
bash
|
||||
nfs-utils
|
||||
stunnel
|
||||
openssl
|
||||
glibc.ppc64
|
||||
dhclient
|
||||
kernel.ppc64
|
||||
|
@ -1,5 +1,5 @@
|
||||
bash
|
||||
stunnel
|
||||
openssl
|
||||
dhclient
|
||||
kernel
|
||||
openssh-server
|
||||
|
@ -1,6 +1,6 @@
|
||||
bash
|
||||
nfs-utils
|
||||
stunnel
|
||||
openssl
|
||||
dhclient
|
||||
kernel
|
||||
openssh-server
|
||||
|
@ -1,6 +1,6 @@
|
||||
bash
|
||||
nfs-utils
|
||||
stunnel
|
||||
openssl
|
||||
dhclient
|
||||
kernel
|
||||
openssh-server
|
||||
|
@ -1,5 +1,5 @@
|
||||
bash
|
||||
stunnel
|
||||
openssl
|
||||
dhclient
|
||||
kernel
|
||||
openssh-server
|
||||
|
@ -1,5 +1,5 @@
|
||||
bash
|
||||
stunnel
|
||||
openssl
|
||||
dhclient
|
||||
kernel
|
||||
openssh-server
|
||||
|
@ -1,6 +1,6 @@
|
||||
bash
|
||||
nfs-utils
|
||||
stunnel
|
||||
openssl
|
||||
dhcpcd
|
||||
kernel-smp
|
||||
openssh
|
||||
|
@ -1,7 +1,7 @@
|
||||
aaa_base
|
||||
bash
|
||||
nfs-utils
|
||||
stunnel
|
||||
openssl
|
||||
dhcpcd
|
||||
kernel-ppc64
|
||||
openssh
|
||||
|
@ -1,7 +1,7 @@
|
||||
aaa_base
|
||||
bash
|
||||
nfs-utils
|
||||
#stunnel
|
||||
openssl
|
||||
dhcpcd
|
||||
kernel
|
||||
openssh
|
||||
|
@ -1,5 +1,5 @@
|
||||
bash
|
||||
stunnel
|
||||
openssl
|
||||
dhclient
|
||||
kernel
|
||||
openssh-server
|
||||
|
@ -6,7 +6,7 @@ syslogd
|
||||
klogd
|
||||
device-mapper
|
||||
bash
|
||||
stunnel
|
||||
openssl
|
||||
nfs-utils
|
||||
ksh
|
||||
syslog-ng
|
||||
|
@ -34,7 +34,7 @@ pam-modules
|
||||
timezone
|
||||
mysql-client
|
||||
perl-Expect
|
||||
#stunnel
|
||||
openssl
|
||||
xCATsn
|
||||
perl-DBD-mysql
|
||||
portmap
|
||||
|
@ -1,10 +1,6 @@
|
||||
#!/usr/bin/awk -f
|
||||
BEGIN {
|
||||
if (ENVIRON["USEOPENSSLFORXCAT"]) {
|
||||
server = "openssl s_client -quiet -connect " ENVIRON["XCATSERVER"]
|
||||
} else {
|
||||
server = "/inet/tcp/0/127.0.0.1/400"
|
||||
}
|
||||
server = "openssl s_client -quiet -connect " ENVIRON["XCATSERVER"]
|
||||
quit = "no"
|
||||
|
||||
|
||||
|
@ -1,10 +1,6 @@
|
||||
#!/usr/bin/awk -f
|
||||
BEGIN {
|
||||
if (ENVIRON["USEOPENSSLFORXCAT"]) {
|
||||
server = "openssl s_client -quiet -connect " ENVIRON["XCATSERVER"]
|
||||
} else {
|
||||
server = "/inet/tcp/0/127.0.0.1/400"
|
||||
}
|
||||
server = "openssl s_client -quiet -connect " ENVIRON["XCATSERVER"]
|
||||
|
||||
|
||||
quit = "no"
|
||||
|
@ -37,13 +37,8 @@ fi
|
||||
# logger -t xcat "Install: using server provided host key for convenience."
|
||||
# cp /xcatpost/hostkeys/*_key /etc/ssh/
|
||||
#fi
|
||||
if [ ! -x /usr/sbin/stunnel -a ! -x /usr/bin/stunnel ]; then #Stop if no stunnel to help the next bit
|
||||
if [ -x /usr/bin/openssl ]; then
|
||||
USEOPENSSLFORXCAT=1
|
||||
export USEOPENSSLFORXCAT
|
||||
else
|
||||
exit 0
|
||||
fi
|
||||
if [ ! -x /usr/bin/openssl ]; then
|
||||
exit 0
|
||||
fi
|
||||
allowcred.awk &
|
||||
CREDPID=$!
|
||||
|
@ -1,10 +1,6 @@
|
||||
#!/usr/bin/awk -f
|
||||
BEGIN {
|
||||
if (ENVIRON["USEOPENSSLFORXCAT"]) {
|
||||
server = "openssl s_client -quiet -connect " ENVIRON["XCATSERVER"]
|
||||
} else {
|
||||
server = "/inet/tcp/0/127.0.0.1/400"
|
||||
}
|
||||
server = "openssl s_client -quiet -connect " ENVIRON["XCATSERVER"]
|
||||
|
||||
quit = "no"
|
||||
|
||||
|
@ -4,13 +4,8 @@
|
||||
#(C)IBM Corp
|
||||
#
|
||||
|
||||
if [ ! -x /usr/sbin/stunnel -a ! -x /usr/bin/stunnel ]; then #Stop if no stunnel to help the next bit
|
||||
if [ -x /usr/bin/openssl ]; then #Unless we have openssl, then instruct awk scripts to do that instead of stunnel
|
||||
USEOPENSSLFORXCAT=1
|
||||
export USEOPENSSLFORXCAT
|
||||
else
|
||||
exit 0
|
||||
fi
|
||||
if [ ! -x /usr/bin/openssl ]; then #Unless we have openssl stup
|
||||
exit 0
|
||||
fi
|
||||
allowcred.awk &
|
||||
CREDPID=$!
|
||||
|
@ -38,28 +38,9 @@ if grep 'rw /rw tmpfs ' /proc/mounts >& /dev/null; then
|
||||
fi
|
||||
|
||||
|
||||
if [ -x /usr/bin/stunnel -o -x /usr/sbin/stunnel ]; then
|
||||
mkdir -p /etc/stunnel
|
||||
mkdir -p /var/stunnel
|
||||
mkdir -p /usr/var/run/stunnel #at least for SLES11
|
||||
|
||||
cat > /etc/stunnel/stunnel.conf << EOF
|
||||
client=yes
|
||||
foreground=no
|
||||
output=/dev/null
|
||||
#output=/var/log/stunnel.log
|
||||
verify=0
|
||||
[xcatd]
|
||||
accept=400
|
||||
EOF
|
||||
echo "connect=$SIP:3001" >> /etc/stunnel/stunnel.conf
|
||||
stunnel;
|
||||
sleep 1;
|
||||
elif [ -x /usr/bin/openssl ]; then
|
||||
if [ -x /usr/bin/openssl ]; then
|
||||
XCATSERVER="$SIP:3001"
|
||||
export XCATSERVER
|
||||
USEOPENSSLFORXCAT=1
|
||||
export USEOPENSSLFORXCAT
|
||||
fi
|
||||
mkdir -p /xcatpost;
|
||||
mkdir -p /tmp/postage
|
||||
@ -124,11 +105,6 @@ if [ -x /tmp/mypostscript ];then
|
||||
fi
|
||||
rm -f /tmp/mypostscript
|
||||
|
||||
if [ -x /usr/bin/stunnel -o -x /usr/sbin/stunnel ]; then
|
||||
killall stunnel
|
||||
rm -rf /etc/stunnel
|
||||
fi
|
||||
|
||||
#tell user it is done when this is called by updatenode command
|
||||
if [ $# -gt 0 ]; then
|
||||
echo "returned"
|
||||
|
@ -4,13 +4,8 @@
|
||||
#(C)IBM Corp
|
||||
#
|
||||
|
||||
if [ ! -x /usr/sbin/stunnel -a ! -x /usr/bin/stunnel ]; then #Stop if no stunnel to help the next bit
|
||||
if [ -x /usr/bin/openssl ]; then
|
||||
USEOPENSSLFORXCAT=1
|
||||
export USEOPENSSLFORXCAT
|
||||
else
|
||||
exit 0
|
||||
fi
|
||||
if [ ! -x /usr/bin/openssl ]; then
|
||||
exit 0
|
||||
fi
|
||||
allowcred.awk &
|
||||
CREDPID=$!
|
||||
|
Loading…
Reference in New Issue
Block a user