-Fix remoteshell to not cause SELinux errors on RHEL5 installs

-Fix SLES support of the new credentials/dynamic postscripts


git-svn-id: https://svn.code.sf.net/p/xcat/code/xcat-core/trunk@1240 8638fb3e-16cb-4fca-ae20-7b5d299a9bcd

xCAT-server-2.0/lib/xcat/plugins/sles.pm

@@ -132,9 +132,9 @@ sub mkinstall
             next;
         }
 	
-		# create the node-specific post script
-		mkpath "/install/postscripts/";
-		xCAT::Postage->writescript($node, "/install/postscripts/".$node, "install", $callback);
+		# create the node-specific post script DEPRECATED, don't do
+		#mkpath "/install/postscripts/";
+		#xCAT::Postage->writescript($node, "/install/postscripts/".$node, "install", $callback);
 
         if (
             (
@@ -282,11 +282,11 @@ sub mkinstall
                 );
         }
     }
-    my $rc = xCAT::Utils->create_postscripts_tar();
-    if ($rc != 0)
-    {
-        xCAT::MsgUtils->message("S", "Error creating postscripts tar file.");
-    }
+    #my $rc = xCAT::Utils->create_postscripts_tar();
+    #if ($rc != 0)
+    #{
+    #    xCAT::MsgUtils->message("S", "Error creating postscripts tar file.");
+    #}
 }
 
 sub copycd

xCAT-server-2.0/share/xcat/install/scripts/post.sles

@@ -58,15 +58,34 @@ export MASTER="#XCATVAR:XCATMASTER#"
 #
 #  This script has not yet been updated to work with service nodes
 #
-mkdir -p /xcatpost
 for i in $(seq 1 20)
 do
 	GOTIT=0
 	for i in $MASTER_IPS
 	do
-		mount -r $i:/install/postscripts /xcatpost
+		#mount -r $i:/install/postscripts /xcatpost
+      wget -l inf -N -r --waitretry=10 --random-wait --retry-connrefused  -t 0 -T 60 ftp://$i/install/postscripts
 		if [ "$?" = "0" ]
 		then
+         mkdir -p /var/stunnel
+         if [ -x /usr/sbin/stunnel ]; then #Stop if no stunnel to help the next bit
+            echo client=yes > /etc/stunnel/stunnel.conf
+            echo foreground=no >> /etc/stunnel/stunnel.conf
+            echo output=/dev/null >> /etc/stunnel/stunnel.conf
+            echo verify=0 >> /etc/stunnel/stunnel.conf
+            echo '[xcatd]' >> /etc/stunnel/stunnel.conf
+            echo accept=400 >> /etc/stunnel/stunnel.conf
+            echo connect=$i:3001 >> /etc/stunnel/stunnel.conf
+
+            stunnel
+            STUN_PID=$!
+            sleep 1
+         fi
+         mv $i/install/postscripts /xcatpost
+         rm -rf $i
+         chmod +x /xcatpost/*
+         /xcatpost/getpostscript.awk |sed -e 's/<[^>]*>//g'|egrep -v '^ *$'|sed -e 's/^ *//' > /tmp/mypostscript
+         chmod +x /tmp/mypostscript
 			GOTIT=1
 			break
 		fi
@@ -78,10 +97,15 @@ do
 	RAND=$(perl -e 'print int(rand(5)). "\n"')
 	sleep $RAND
 done
+PATH=/xcatpost:$PATH
+export PATH
+/tmp/mypostscript
 updateflag.awk $MASTER 3002
 cd /
 /xcatpost/#TABLE:nodelist:$NODE:node#
-umount /xcatpost
+rm -Rf /xcatpost
+rm -f /tmp/mypostscript
+rm -f /etc/stunnel/stunnel.conf
 rmdir /xcatpost
 ]]>
 

xCAT-server-2.0/share/xcat/install/sles/compute.ppc64.tmpl

@@ -43,6 +43,7 @@
 	    <pattern>x11</pattern>
       </patterns>
       <packages config:type="list">
+        <package>stunnel</package>
         <package>xntp</package>
         <package>rsync</package>
       </packages>

xCAT-server-2.0/share/xcat/install/sles/compute.tmpl

@@ -42,6 +42,7 @@
 	    <pattern>x11</pattern>
       </patterns>
       <packages config:type="list">
+        <package>stunnel</package>
         <package>xntp</package>
         <package>rsync</package>
       </packages>

xCAT/postscripts/remoteshell

@@ -30,14 +30,18 @@ then
 	chmod 700 /root/.ssh
 	chmod 600 /root/.ssh/*
 fi
-allowcred.awk &
-sleep 1
 
 if [ -d /xcatpost/hostkeys ]
 then
 	logger -t xcat "Install: using server provided host key for convenience."
 	cp /xcatpost/hostkeys/*_key /etc/ssh/
 fi
+if [ ! -x /usr/sbin/stunnel ]; then #Stop if no stunnel to help the next bit
+   exit 0
+fi
+allowcred.awk &
+CREDPID=$!
+sleep 1
 getcredentials.awk ssh_dsa_hostkey | grep -v '<'|sed -e 's/&lt;/</' -e 's/&gt;/>/' -e 's/&amp;/&/' -e 's/&quot/"/' -e "s/&apos;/'/" > /etc/ssh/ssh_host_dsa_key
 chmod 600 /etc/ssh/ssh_host_dsa_key
 if ! grep "PRIVATE KEY" /etc/ssh/ssh_host_dsa_key > /dev/null 2>&1 ; then
@@ -50,9 +54,6 @@ if ! grep "PRIVATE KEY" /etc/ssh/ssh_host_rsa_key > /dev/null 2>&1 ; then
 fi
 
 
-if [ ! -x /usr/sbin/stunnel ]; then #Stop if no stunnel to help the next bit
-   exit 0
-fi
 
 
 umask 0077
@@ -63,3 +64,4 @@ getcredentials.awk ssh_root_key | grep -v '<'|sed -e 's/&lt;/</' -e 's/&gt;/>/'
 if ! grep "PRIVATE KEY" /root/.ssh/id_rsa > /dev/null 2>&1 ; then
    rm /root/.ssh/id_rsa
 fi
+kill -9 $CREDPID