From f4e8bb41af0cabfee05b8c7c3783fdadabef4802 Mon Sep 17 00:00:00 2001
From: lissav <lissav@8638fb3e-16cb-4fca-ae20-7b5d299a9bcd>
Date: Wed, 3 Nov 2010 11:55:29 +0000
Subject: [PATCH] support for limiting ssh between nodes in xdsh -K

git-svn-id: https://svn.code.sf.net/p/xcat/code/xcat-core/trunk@8015 8638fb3e-16cb-4fca-ae20-7b5d299a9bcd
---
 perl-xCAT/xCAT/Utils.pm | 60 ++++++++++++++++++++++++++++++++++++-----
 1 file changed, 53 insertions(+), 7 deletions(-)

diff --git a/perl-xCAT/xCAT/Utils.pm b/perl-xCAT/xCAT/Utils.pm
index f09573de1..6b7c4de26 100644
--- a/perl-xCAT/xCAT/Utils.pm
+++ b/perl-xCAT/xCAT/Utils.pm
@@ -1614,7 +1614,6 @@ sub setupSSH
         }
     }
     
-    # comment out authorized_keys2 setup
     # build the shell copy script, needed Perl not always there
     # for root and non-root ids
     open(FILE, ">$home/.ssh/copy.sh")
@@ -1671,13 +1670,60 @@ rmdir \"/tmp/$to_userid\"";
 
     # send the keys to the nodes   for root or some other id
     #
-    my $cmd = "$::REMOTESHELL_EXPECT -s $n_str";
-    my $rc  = system("$cmd") >> 8;
-    if ($rc)
-    {
-        $rsp->{data}->[0] = "remoteshell.expect failed sending keys.";
-        xCAT::MsgUtils->message("E", $rsp, $::CALLBACK);
+    # This environment variable determines whether to setup 
+    # node to node ssh
+    # The nodes must be checked against the site.sshbetweennodes attribute
+    # For root user and not to devices only to nodes 
+    if (($from_userid eq "root") && (!($ENV{'DEVICETYPE'}))) {
+      my $enablenodes;
+      my $disablenodes;
+      my @nodelist=  split(",", $n_str);
+      foreach my $n (@nodelist)
+      {
+         my $enablessh=xCAT::Utils->enablessh($n);
+         if ($enablessh == 1) {
+           $enablenodes .= $n;
+           $enablenodes .= ","; 
+         } else {
+           $disablenodes .= $n;
+           $disablenodes .= ","; 
+         }
 
+      }
+      my $cmd;
+      if ($enablenodes) {  # node on list to setup nodetonodessh
+         chop $enablenodes;  # remove last comma
+         $ENV{'DSH_ENABLE_SSH'} = "YES";
+         $cmd = "$::REMOTESHELL_EXPECT -s $enablenodes";
+         my $rc  = system("$cmd") >> 8;
+         if ($rc)
+         {
+          $rsp->{data}->[0] = "remoteshell.expect failed sending keys to enablenodes.";
+          xCAT::MsgUtils->message("E", $rsp, $::CALLBACK);
+
+          }
+      }
+      if ($disablenodes) {  # node on list to setup nodetonodessh
+         chop $disablenodes;  # remove last comma
+         $cmd = "$::REMOTESHELL_EXPECT -s $disablenodes";
+         my $rc  = system("$cmd") >> 8;
+         if ($rc)
+         {
+          $rsp->{data}->[0] = "remoteshell.expect failed sending keys to disablenodes.";
+          xCAT::MsgUtils->message("E", $rsp, $::CALLBACK);
+
+         }
+      }
+    } else { # from user is not root or it is a device , always send private key
+       $ENV{'DSH_ENABLE_SSH'} = "YES";
+       my $cmd = "$::REMOTESHELL_EXPECT -s $n_str";
+       my $rc  = system("$cmd") >> 8;
+       if ($rc)
+       {
+           $rsp->{data}->[0] = "remoteshell.expect failed sending keys.";
+           xCAT::MsgUtils->message("E", $rsp, $::CALLBACK);
+
+       }
     }
 
     # must always check to see if worked, run test