#!/bin/sh # IBM(c) 2007 EPL license http://www.eclipse.org/legal/epl-v10.html #egan@us.ibm.com #(C)IBM Corp # # This routine transfers the client credentials from ~/.xcat on the MN # to the SN for Linux. # It only does something, if called with the -d flag. # The -d flag was implemented when the call to the routine was moved # from the postscript table into the servicenode postscript. # if [ ! $1 ]; then logger -t xcat -p local4.err "xcatclient call without -d, doing nothing." exit 0 fi if [ $1 != "-d" ]; then logger -t xcat -p local4.err "xcatclient call without -d, doing nothing." exit 0 fi logger -t xcat -p local4.info "xcatclient call with -d. getting credentials and cfgloc " if [ ! -x /usr/bin/openssl ]; then #Unless we have openssl stup logger -t xcat -p local4.err "$0: /usr/bin/openssl is not executable" exit 0 fi USEOPENSSLFORXCAT=1 #Declare 2.3 style SSL export USEOPENSSLFORXCAT allowcred.awk & CREDPID=$! sleep 1 mkdir -p /root/.xcat chmod 700 /root/.xcat getcredentials.awk xcat_client_cred > /tmp/xcat_client_cred grep -E '' /tmp/xcat_client_cred if [ $? -ne 0 ]; then cat /tmp/xcat_client_cred | grep -v '<'|sed -e 's/<//' -e 's/&/&/' -e 's/"/"/' -e "s/'/'/" > /root/.xcat/client-cred.pem CONT=`cat /root/.xcat/client-cred.pem` while [ -z "$CONT" ]; do SLI=$(awk 'BEGIN{srand(); printf("%d\n",rand()*10)}') SLI=$((10 + $SLI)) sleep $SLI getcredentials.awk xcat_client_cred | grep -v '<'|sed -e 's/<//' -e 's/&/&/' -e 's/"/"/' -e "s/'/'/" > /root/.xcat/client-cred.pem CONT=`cat /root/.xcat/client-cred.pem` done else ERR_MSG=`sed -n 's%.*\(.*\).*%\1%p' /tmp/xcat_client_cred` logger -t xCAT -p local4.err xcat_client_cred Error: $ERR_MSG fi rm /tmp/xcat_client_cred chmod 600 /root/.xcat/client-cred.pem cp _xcat/ca.pem /root/.xcat/ca.pem kill -9 $CREDPID