-Try out ceasing use of stunnel in favor of openssl everywhere

git-svn-id: https://svn.code.sf.net/p/xcat/code/xcat-core/trunk@3643 8638fb3e-16cb-4fca-ae20-7b5d299a9bcd
This commit is contained in:
jbjohnso 2009-06-25 19:18:22 +00:00
parent 4b6d9ebcff
commit e25e9fe30a
30 changed files with 46 additions and 181 deletions

View File

@ -38,19 +38,11 @@ do
#wget --wait=10 --random-wait --waitretry=10 --retry-connrefused -t 0 -T 60 http://$i/install/autoinst/xcatpost.tar.gz
if [ "$?" = "0" ]
then
if [ -x /usr/sbin/stunnel -o -x /usr/bin/stunnel ]; then #Stop if no stunnel to help the next bit
echo client=yes > /etc/stunnel/stunnel.conf
echo foreground=yes >> /etc/stunnel/stunnel.conf
echo output=/dev/null >> /etc/stunnel/stunnel.conf
echo verify=0 >> /etc/stunnel/stunnel.conf
echo '[xcatd]' >> /etc/stunnel/stunnel.conf
echo accept=400 >> /etc/stunnel/stunnel.conf
echo connect=$i:3001 >> /etc/stunnel/stunnel.conf
stunnel &
STUN_PID=$!
sleep 1
if [ ! -x /usr/bin/openssl ]; then #Stop if no openssl to help the next bit
exit 1
fi
XCATSERVER=$i:3001
export XCATSERVER
mv $i/postscripts /xcatpost
rm -rf $i
chmod +x /xcatpost/*
@ -92,5 +84,4 @@ updateflag.awk $MASTER 3002
cd /
rm -Rf /xcatpost
rm -f /tmp/mypostscript
rm -f /etc/stunnel/stunnel.conf
exit 0

View File

@ -38,19 +38,11 @@ do
#wget --wait=10 --random-wait --waitretry=10 --retry-connrefused -t 0 -T 60 http://$i/install/autoinst/xcatpost.tar.gz
if [ "$?" = "0" ]
then
if [ -x /usr/sbin/stunnel -o -x /usr/bin/stunnel ]; then #Stop if no stunnel to help the next bit
echo client=yes > /etc/stunnel/stunnel.conf
echo foreground=yes >> /etc/stunnel/stunnel.conf
echo output=/dev/null >> /etc/stunnel/stunnel.conf
echo verify=0 >> /etc/stunnel/stunnel.conf
echo '[xcatd]' >> /etc/stunnel/stunnel.conf
echo accept=400 >> /etc/stunnel/stunnel.conf
echo connect=$i:3001 >> /etc/stunnel/stunnel.conf
stunnel &
STUN_PID=$!
sleep 1
if [ ! -x /usr/bin/openssl ]; then #Stop if no openssl to help the next bit
exit 1;
fi
XCATSERVER=$i:3001
export XCATSERVER
mv $i/postscripts /xcatpost
rm -rf $i
chmod +x /xcatpost/*
@ -91,5 +83,4 @@ uploadboot
cd /
rm -Rf /xcatpost
rm -f /tmp/mypostscript
rm -f /etc/stunnel/stunnel.conf
exit 0

View File

@ -67,20 +67,11 @@ do
wget -l inf -N -r --waitretry=10 --random-wait --retry-connrefused -t 0 -T 60 ftp://$i/postscripts
if [ "$?" = "0" ]
then
mkdir -p /var/stunnel
if [ -x /usr/sbin/stunnel ]; then #Stop if no stunnel to help the next bit
echo client=yes > /etc/stunnel/stunnel.conf
echo foreground=no >> /etc/stunnel/stunnel.conf
echo output=/dev/null >> /etc/stunnel/stunnel.conf
echo verify=0 >> /etc/stunnel/stunnel.conf
echo '[xcatd]' >> /etc/stunnel/stunnel.conf
echo accept=400 >> /etc/stunnel/stunnel.conf
echo connect=$i:3001 >> /etc/stunnel/stunnel.conf
stunnel
STUN_PID=$!
sleep 1
if [ ! -x /usr/bin/openssl ]; then #Stop if no openssl to help the next bit
exit 1
fi
XCATSERVER=$i:3001
export XCATSERVER
mv $i/postscripts /xcatpost
rm -rf $i
chmod +x /xcatpost/*
@ -112,7 +103,6 @@ cd /
/xcatpost/#TABLE:nodelist:$NODE:node#
rm -Rf /xcatpost
rm -f /tmp/mypostscript
rm -f /etc/stunnel/stunnel.conf
rmdir /xcatpost
]]>

View File

@ -41,20 +41,11 @@ do
wget -l inf -N -r --waitretry=10 --random-wait --retry-connrefused -t 0 -T 60 ftp://$i/postscripts
if [ "$?" = "0" ]
then
mkdir -p /var/stunnel
if [ -x /usr/sbin/stunnel ]; then #Stop if no stunnel to help the next bit
echo client=yes > /etc/stunnel/stunnel.conf
echo foreground=no >> /etc/stunnel/stunnel.conf
echo output=/dev/null >> /etc/stunnel/stunnel.conf
echo verify=0 >> /etc/stunnel/stunnel.conf
echo '[xcatd]' >> /etc/stunnel/stunnel.conf
echo accept=400 >> /etc/stunnel/stunnel.conf
echo connect=$i:3001 >> /etc/stunnel/stunnel.conf
stunnel
STUN_PID=$!
sleep 1
if [ ! -x /usr/bin/openssl ]; then #Stop if no openssl to help the next bit
exit 1
fi
XCATSERVER=$i:3001
export XCATSERVER
mv $i/postscripts /xcatpost
rm -rf $i
chmod +x /xcatpost/*
@ -86,7 +77,6 @@ cd /
/xcatpost/#TABLE:nodelist:$NODE:node#
rm -Rf /xcatpost
rm -f /tmp/mypostscript
rm -f /etc/stunnel/stunnel.conf
rmdir /xcatpost
]]>

View File

@ -69,29 +69,11 @@ do
if [ "$?" = "0" ]
then
if [ -x /usr/bin/openssl ]; then
USEOPENSSLFORXCAT=1
export USEOPENSSLFORXCAT
XCATSERVER=$i:3001
export XCATSERVER
else
NODE_ARCH=#TABLE:nodetype:$NODE:arch#
wget -l inf -N -r --waitretry=10 --random-wait --retry-connrefused -t 0 -T 60 ftp://$i/post/otherpkgs/sles11/$NODE_ARCH
rpm -ivh $i/post/otherpkgs/sles11/$NODE_ARCH/stunnel*.rpm
mkdir -p /usr/var/run/stunnel
mkdir -p /var/stunnel
if [ -x /usr/sbin/stunnel ]; then #Stop if no stunnel to help the next bit
echo client=yes > /etc/stunnel/stunnel.conf
echo foreground=no >> /etc/stunnel/stunnel.conf
echo output=/dev/null >> /etc/stunnel/stunnel.conf
echo verify=0 >> /etc/stunnel/stunnel.conf
echo '[xcatd]' >> /etc/stunnel/stunnel.conf
echo accept=400 >> /etc/stunnel/stunnel.conf
echo connect=$i:3001 >> /etc/stunnel/stunnel.conf
stunnel
STUN_PID=$!
sleep 1
fi
exit 1
fi
fi
mv $i/postscripts /xcatpost
rm -rf $i
@ -124,9 +106,6 @@ cd /
/xcatpost/#TABLE:nodelist:$NODE:node#
rm -Rf /xcatpost
rm -f /tmp/mypostscript
if [ ! -x /usr/bin/stunnel ]; then
rm -f /etc/stunnel/stunnel.conf
fi
rmdir /xcatpost
]]>

View File

@ -49,29 +49,8 @@ do
if [ "$?" = "0" ]
then
if [ -x /usr/bin/openssl ]; then
USEOPENSSLFORXCAT=1
export USEOPENSSLFORXCAT
XCATSERVER=$i:3001
export XCATSERVER
else
rpm -ivh $i/post/otherpkgs/sles11/$NODE_ARCH/stunnel*.rpm
mkdir -p /usr/var/run/stunnel
mkdir -p /var/stunnel
if [ -x /usr/sbin/stunnel ]; then #Stop if no stunnel to help the next bit
echo client=yes > /etc/stunnel/stunnel.conf
echo foreground=no >> /etc/stunnel/stunnel.conf
echo output=/dev/null >> /etc/stunnel/stunnel.conf
echo verify=0 >> /etc/stunnel/stunnel.conf
echo '[xcatd]' >> /etc/stunnel/stunnel.conf
echo accept=400 >> /etc/stunnel/stunnel.conf
echo connect=$i:3001 >> /etc/stunnel/stunnel.conf
stunnel
STUN_PID=$!
sleep 1
fi
fi
XCATSERVER=$i:3001
export XCATSERVER
mv $i/postscripts /xcatpost
rm -rf $i
chmod +x /xcatpost/*
@ -103,9 +82,6 @@ cd /
/xcatpost/#TABLE:nodelist:$NODE:node#
rm -Rf /xcatpost
rm -f /tmp/mypostscript
if [ ! -x /usr/bin/stunnel ]; then
rm -f /etc/stunnel/stunnel.conf
fi
rmdir /xcatpost
]]>

View File

@ -43,7 +43,7 @@
<pattern>x11</pattern>
</patterns>
<packages config:type="list">
<package>stunnel</package>
<package>openssl</package>
<package>xntp</package>
<package>rsync</package>
</packages>

View File

@ -42,7 +42,7 @@
<pattern>x11</pattern>
</patterns>
<packages config:type="list">
<package>stunnel</package>
<package>openssl</package>
<package>xntp</package>
<package>rsync</package>
</packages>

View File

@ -89,7 +89,6 @@
<pattern>32bit</pattern>
</patterns>
<packages config:type="list">
<package>stunnel</package>
<package>xntp</package>
<package>rsync</package>
<package>xen</package>

View File

@ -1,6 +1,6 @@
bash
nfs-utils
stunnel
openssl
dhclient
kernel
openssh-server

View File

@ -1,6 +1,6 @@
bash
nfs-utils
stunnel
openssl
dhclient
kernel
openssh-server

View File

@ -1,6 +1,6 @@
bash
nfs-utils
stunnel
openssl
glibc.ppc64
dhclient
kernel.ppc64

View File

@ -1,5 +1,5 @@
bash
stunnel
openssl
dhclient
kernel
openssh-server

View File

@ -1,6 +1,6 @@
bash
nfs-utils
stunnel
openssl
dhclient
kernel
openssh-server

View File

@ -1,6 +1,6 @@
bash
nfs-utils
stunnel
openssl
dhclient
kernel
openssh-server

View File

@ -1,5 +1,5 @@
bash
stunnel
openssl
dhclient
kernel
openssh-server

View File

@ -1,5 +1,5 @@
bash
stunnel
openssl
dhclient
kernel
openssh-server

View File

@ -1,6 +1,6 @@
bash
nfs-utils
stunnel
openssl
dhcpcd
kernel-smp
openssh

View File

@ -1,7 +1,7 @@
aaa_base
bash
nfs-utils
stunnel
openssl
dhcpcd
kernel-ppc64
openssh

View File

@ -1,7 +1,7 @@
aaa_base
bash
nfs-utils
#stunnel
openssl
dhcpcd
kernel
openssh

View File

@ -1,5 +1,5 @@
bash
stunnel
openssl
dhclient
kernel
openssh-server

View File

@ -6,7 +6,7 @@ syslogd
klogd
device-mapper
bash
stunnel
openssl
nfs-utils
ksh
syslog-ng

View File

@ -34,7 +34,7 @@ pam-modules
timezone
mysql-client
perl-Expect
#stunnel
openssl
xCATsn
perl-DBD-mysql
portmap

View File

@ -1,10 +1,6 @@
#!/usr/bin/awk -f
BEGIN {
if (ENVIRON["USEOPENSSLFORXCAT"]) {
server = "openssl s_client -quiet -connect " ENVIRON["XCATSERVER"]
} else {
server = "/inet/tcp/0/127.0.0.1/400"
}
server = "openssl s_client -quiet -connect " ENVIRON["XCATSERVER"]
quit = "no"

View File

@ -1,10 +1,6 @@
#!/usr/bin/awk -f
BEGIN {
if (ENVIRON["USEOPENSSLFORXCAT"]) {
server = "openssl s_client -quiet -connect " ENVIRON["XCATSERVER"]
} else {
server = "/inet/tcp/0/127.0.0.1/400"
}
server = "openssl s_client -quiet -connect " ENVIRON["XCATSERVER"]
quit = "no"

View File

@ -37,13 +37,8 @@ fi
# logger -t xcat "Install: using server provided host key for convenience."
# cp /xcatpost/hostkeys/*_key /etc/ssh/
#fi
if [ ! -x /usr/sbin/stunnel -a ! -x /usr/bin/stunnel ]; then #Stop if no stunnel to help the next bit
if [ -x /usr/bin/openssl ]; then
USEOPENSSLFORXCAT=1
export USEOPENSSLFORXCAT
else
exit 0
fi
if [ ! -x /usr/bin/openssl ]; then
exit 0
fi
allowcred.awk &
CREDPID=$!

View File

@ -1,10 +1,6 @@
#!/usr/bin/awk -f
BEGIN {
if (ENVIRON["USEOPENSSLFORXCAT"]) {
server = "openssl s_client -quiet -connect " ENVIRON["XCATSERVER"]
} else {
server = "/inet/tcp/0/127.0.0.1/400"
}
server = "openssl s_client -quiet -connect " ENVIRON["XCATSERVER"]
quit = "no"

View File

@ -4,13 +4,8 @@
#(C)IBM Corp
#
if [ ! -x /usr/sbin/stunnel -a ! -x /usr/bin/stunnel ]; then #Stop if no stunnel to help the next bit
if [ -x /usr/bin/openssl ]; then #Unless we have openssl, then instruct awk scripts to do that instead of stunnel
USEOPENSSLFORXCAT=1
export USEOPENSSLFORXCAT
else
exit 0
fi
if [ ! -x /usr/bin/openssl ]; then #Unless we have openssl stup
exit 0
fi
allowcred.awk &
CREDPID=$!

View File

@ -38,28 +38,9 @@ if grep 'rw /rw tmpfs ' /proc/mounts >& /dev/null; then
fi
if [ -x /usr/bin/stunnel -o -x /usr/sbin/stunnel ]; then
mkdir -p /etc/stunnel
mkdir -p /var/stunnel
mkdir -p /usr/var/run/stunnel #at least for SLES11
cat > /etc/stunnel/stunnel.conf << EOF
client=yes
foreground=no
output=/dev/null
#output=/var/log/stunnel.log
verify=0
[xcatd]
accept=400
EOF
echo "connect=$SIP:3001" >> /etc/stunnel/stunnel.conf
stunnel;
sleep 1;
elif [ -x /usr/bin/openssl ]; then
if [ -x /usr/bin/openssl ]; then
XCATSERVER="$SIP:3001"
export XCATSERVER
USEOPENSSLFORXCAT=1
export USEOPENSSLFORXCAT
fi
mkdir -p /xcatpost;
mkdir -p /tmp/postage
@ -124,11 +105,6 @@ if [ -x /tmp/mypostscript ];then
fi
rm -f /tmp/mypostscript
if [ -x /usr/bin/stunnel -o -x /usr/sbin/stunnel ]; then
killall stunnel
rm -rf /etc/stunnel
fi
#tell user it is done when this is called by updatenode command
if [ $# -gt 0 ]; then
echo "returned"

View File

@ -4,13 +4,8 @@
#(C)IBM Corp
#
if [ ! -x /usr/sbin/stunnel -a ! -x /usr/bin/stunnel ]; then #Stop if no stunnel to help the next bit
if [ -x /usr/bin/openssl ]; then
USEOPENSSLFORXCAT=1
export USEOPENSSLFORXCAT
else
exit 0
fi
if [ ! -x /usr/bin/openssl ]; then
exit 0
fi
allowcred.awk &
CREDPID=$!