#!/usr/bin/env perl # IBM(c) 2007 EPL license http://www.eclipse.org/legal/epl-v10.html # #----------------------------------------------------------------------------- =head1 xcatconfig This is script is called during the initial installation of xCAT It can also be called directly to various parts of the configuration root ssh keys, node host keys, credentials database setup or all =cut BEGIN { $::XCATROOT = $ENV{'XCATROOT'} ? $ENV{'XCATROOT'} : '/opt/xcat'; $::XCATDIR = $ENV{'XCATDIR'} ? $ENV{'XCATDIR'} : '/etc/xcat'; } use lib "$::XCATROOT/lib/perl"; use xCAT::Utils; use Getopt::Long; use xCAT::MsgUtils; use Socket; #----------------------------------------------------------------------------- # Main $::progname = "xcatconfig"; my $args = join ' ', @ARGV; $::command = "$0 $args"; Getopt::Long::Configure("bundling"); $Getopt::Long::ignorecase = 0; # parse the options if ( !GetOptions( 'f|force' => \$::FORCE, 'i|initinstall' => \$::INITIALINSTALL, 'u|updateinstall' => \$::UPDATEINSTALL, 'k|sshkeys' => \$::genSSHRootKeys, 's|sshnodehostkeys' => \$::genSSHNodeHostKeys, 'c|credentials' => \$::genCredentials, 'd|database' => \$::initDB, 'h|help' => \$::HELP, 'v|version' => \$::VERSION, ) ) { &usage; exit(1); } if ( (!$::HELP) && (!$::FORCE) && (!$::INITIALINSTALL) && (!$::UPDATEINSTALL) && (!$::genSSHRootKeys) && (!$::genSSHNodeHostKeys) && (!$::genCredentials) && (!$::initDB) && (!$::VERSION)) { &usage; exit(1); } # display the usage if -h or --help is specified if ($::HELP) { &usage; exit(0); } # display the version statement if -v or --verison is specified if ($::VERSION) { my $version = xCAT::Utils->Version(); $version .= "\n"; xCAT::MsgUtils->message("N", $version); exit 0; } if ($::FORCE) { if ( $::INITIALINSTALL || $::UPDATEINSTALL || $::genSSHRootKeys || $::genSSHNodeHostKey || $::genCredentials || $::initDB) { my $warning = " The -f flag includes the function for the -i, -u, -k, -s, -c, -d flags. Do not combine with other flags.\n "; xCAT::MsgUtils->message("N", $warning); exit 1; } } if (($::INITIALINSTALL) && ($::UPDATEINSTALL)) { my $warning = " The -i and -u flags may not be input to the command. Use one or the other. \n "; xCAT::MsgUtils->message("N", $warning); exit 1; } # # Display command # xCAT::MsgUtils->message("I", "Running $::command \n"); if (xCAT::Utils->isAIX()) { $::osname = 'AIX'; } else { $::osname = 'Linux'; } if ($::osname eq 'AIX') { $::arch = `uname -p`; $::root = ""; } else { $::arch = `uname -m`; $::root = "/root"; } chomp $::arch; chomp $::root; # Make this system a management node my $cmd = "/bin/touch /etc/xCATMN"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message( 'E', "Could not create /etc/xCATMN file. Management Node not successfully setup. Manually, touch /etc/xCATMN.\n" ); } else { xCAT::MsgUtils->message('I', "Created /etc/xCATMN file.\n"); } # Make sure service node file is not there if (-f "/etc/xCATSN") { my $cmd = "/bin/rm /etc/xCATSN"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message( 'E', "Could not remove /etc/xCATSN file. Management Node not successfully setup. Manually, remove /etc/xCATSN.\n" ); } else { xCAT::MsgUtils->message( 'I', "Removed /etc/xCATSN file. This node is being converted from a Service Node to a Management Node.\n" ); } } # some Linux-only config if ($::osname eq 'Linux') { # start vsftpd my $cmd = "/sbin/chkconfig vsftpd on"; my $outref = xCAT::Utils->runcmd("$cmd", 0); my $cmd = "/etc/init.d/vsftpd restart"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not start VSFTPD.\n"); } else { xCAT::MsgUtils->message('I', "VSFTPD has been restarted.\n"); } } # end Linux-only # # Generate ssh host keys for the nodes # # &genSSHNodeHostKey; # # gen root's ssh keys, if needed and copy to appropriate directories to # be used during install # if ($::INITIALINSTALL || $::FORCE || $::genSSHRootKeys) { &genSSHRootKeys; # gen new rsa ssh key for root } if ($::INITIALINSTALL || $::FORCE || $::UPDATEINSTALL) { # # For all MNs create /var/log/consoles if needed # Conserver won't start without it # if (!-d "/var/log/consoles") { my $cmd = "/bin/mkdir -p /var/log/consoles"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not create /var/log/consoles directory.\n"); } else { xCAT::MsgUtils->message('I', "Created /var/log/consoles directory.\n"); } } if ($::osname eq 'AIX') { &setupAIXconserver; # for AIX systems add xcatd to the /etc/inittab file my $mkitab_cmd = 'mkitab "xcatd:2:once:/opt/xcat/sbin/xcatd > /dev/console 2>&1" > /dev/null 2>&1'; my $rc = system($mkitab_cmd); # may already be there no error check # add AIX needed exports &setupAIXexports; } else # for Linux { &setupLinuxexports; # add Linux exports } } # end install,update or force # # Setup database # if ($::INITIALINSTALL || $::UPDATEINSTALL || $::FORCE || $::initDB) { &initDB; } # # set up syslog # # use postscript to set up syslog if ($::INITIALINSTALL || $::FORCE || $::UPDATEINSTALL) { my $cmd = "/install/postscripts/syslog"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not set up syslog.\n"); } else { xCAT::MsgUtils->message('I', "syslog has been set up.\n"); } } # # set up the certificates for xcatd, gen new ones if requested or do not exist # if ($::INITIALINSTALL || $::FORCE || $::genCredentials) { &genCredentials; } # # # start xcatd # if ($::INITIALINSTALL || $::FORCE || $::UPDATEINSTALL || $::genCredentials) { my $xcmd; if ($::osname eq 'AIX') { $xcmd = "$::XCATROOT/sbin/xcatstart"; } else { $xcmd = "/etc/init.d/xcatd restart"; } system($xcmd); } # more - Linux-only config if (($::osname eq 'Linux') && (($::INITIALINSTALL || $::FORCE))) { #Zap the almost certainly wrong pxelinux.cfg file if (-f "/tftpboot/pxelinux.cfg/default") { $cmd = "/bin/rm /tftpboot/pxelinux.cfg/default"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not remove /tftpboot/pxelinux.cfg/default\n"); } else { xCAT::MsgUtils->message('I', "Removed /tftpboot/pxelinux.cfg/default.\n"); } } # run mknb - only needed for Intel platforms for now &mknb; # makenetworks and setup http &makenetworks; my $linux_note = "xCAT is now installed, it is recommended to tabedit networks \nand set a dynamic ip address range on any networks where nodes \nare to be discovered. Then, run makedhcp -n to create a new dhcpd \nconfiguration file, and \/etc\/init.d\/dhcpd restart. Either examine sample \nconfiguration templates, or write your own, or specify a value per \nnode with nodeadd or tabedit.\n"; xCAT::MsgUtils->message('I', $linux_note); } #End - more - Linux-only config exit; ##################################### # subroutines ##################################### #----------------------------------------------------------------------------- =head3 usage Displays message for -h option =cut #----------------------------------------------------------------------------- sub usage { xCAT::MsgUtils->message( 'I', "Usage:\nxcatconfig - Performs basic xCAT setup operations on an xCAT management node. This command should not be run on an xCAT Service Node, unless you are making it a Management Node. \n" ); xCAT::MsgUtils->message( 'I', "xcatconfig [-h|--help]\nxcatconfig [-v|--version]\nxcatconfig [-f|--force]\nxcatconfig [-i|--initinstall] \nxcatconfig [-u|--updateinstall]\nxcatconfig [-k|--sshkeys] [-s|--sshnodehostkeys] [-c|--credentials] [-d|database]\n\n" ); } #----------------------------------------------------------------------------- =head3 genSSHRootKeys Will generate a new ssh rsa key for the root user, if it does not exist or if requested by the input -k flag. =cut #----------------------------------------------------------------------------- sub genSSHRootKeys { # # create /.ssh dir if needed # my $sshdir = "$::root/.ssh"; if (!-d $sshdir) { my $cmd = "/bin/mkdir -m 700 -p $sshdir"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not create $sshdir directory.\n"); } else { xCAT::MsgUtils->message('I', "Created $sshdir directory.\n"); } } # # create or modify the -/.ssh/config file # my $cfgfile = "$::root/.ssh/config"; if (-f $cfgfile) { # it exists - so see if it needs to be updated my $cmd = "/bin/cat $cfgfile | grep 'StrictHostKeyChecking no'"; my $outref = xCAT::Utils->runcmd("$cmd", -1); if ($::RUNCMD_RC != 0) { # ok - then add this entry my $cmd = "/bin/echo StrictHostKeyChecking no >> $cfgfile; chmod 600 $cfgfile"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not update the $cfgfile file.\n"); } else { xCAT::MsgUtils->message('I', "Added updates to the $cfgfile file.\n"); } } } else { # file doesn't exist so just create it my $cmd = "/bin/echo StrictHostKeyChecking no > $cfgfile; chmod 600 $cfgfile"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not update the $cfgfile file.\n"); } else { xCAT::MsgUtils->message('I', "Added updates to the $cfgfile file.\n"); } } # # create /install/postscripts/_ssh if needed # if (!-d "/install/postscripts/_ssh") { my $cmd = "/bin/mkdir -p /install/postscripts/_ssh"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not create /install/postscripts/_ssh directory.\n"); } else { xCAT::MsgUtils->message('I', "Created /install/postscripts/_ssh directory.\n"); } } #need to gen a new rsa key for root ssh, if Force, genkey or does not exist my $pubfile = "$::root/.ssh/id_rsa.pub"; my $rsafile = "$::root/.ssh/id_rsa"; # if exists, and generated new then # need to remove the old files if ((-r $pubfile) && ($::FORCE || $::genSSHRootKeys)) { my $cmd = "/bin/rm $::root/.ssh/id_rsa*"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message( 'E', "Could not remove id_rsa files from $::root/.ssh directory.\n" ); } else { xCAT::MsgUtils->message('I', "Removed id_rsa files from $::root/.ssh directory.\n"); } } # ssh key does not exist, gen a new one else leave alone if (!-r $pubfile) { my $cmd = "/usr/bin/ssh-keygen -t rsa -q -b 2048 -N '' -f $rsafile"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not generate $pubfile.\n"); } else { xCAT::MsgUtils->message('I', "Generated $pubfile.\n"); } } # copy authorized_keys for install on node if (-r $pubfile) { my $cmd = "/bin/cp -p $pubfile /install/postscripts/_ssh/authorized_keys "; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message( 'E', "Could not copy $pubfile to /install/postscripts/_ssh/authorized_keys.\n" ); } else { xCAT::MsgUtils->message( 'I', "Copied $pubfile to /install/postscripts/_ssh/authorized_keys.\n" ); } } else { xCAT::MsgUtils->message( 'E', "Could not copy $pubfile to /install/postscripts/_ssh/authorized_keys,because $pubfile does not exist.\n" ); } } #----------------------------------------------------------------------------- =head3 genSSHNodeHostKey If node private node hostkeys do not exist in either directory or force option or generate host key option, we need to generate them These keys are installed on the nodes in /etc/ssh directory and allow the node to ssh without password node to node. They are store in /etc/xcat/hostkeys on the MN. This also includes some migration to /install/postscripts/hostkeys for the install process =cut #----------------------------------------------------------------------------- sub genSSHNodeHostKey { my $hostkey = "/install/postscripts/hostkeys/ssh_host_rsa_key"; my $hostkey2 = "/etc/xcat/hostkeys/ssh_host_rsa_key"; if ( ((!-r $hostkey) && (!-r $hostkey2)) || $::FORCE || $::genSSHNodeHostKeys) { # create directories /etc/xcat/hostkeys and /install/postscripts/hostkeys if (!-d "/install/postscripts/hostkeys") # directory for public keys { my $cmd = "/bin/mkdir -p /install/postscripts/hostkeys"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message( 'E', "Could not create /install/postscripts/hostkeys directory.\n" ); } } if (!-d "/etc/xcat/hostkeys") # directory for public/private keys { my $cmd = "/bin/mkdir -p /etc/xcat/hostkeys"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not create /etc/xcat/hostkeys directory.\n"); } } # remove the old keys if (-r $hostkey) { my $cmd = "/bin/rm /install/postscripts/hostkeys/ssh_host*"; my $outref = xCAT::Utils->runcmd("$cmd", -1); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message( 'I', "Could not remove ssh keys from /install/postscripts/hostkeys directory. They may not exist.\n" ); } } # remove the old keys if (-r $hostkey2) { my $cmd = "/bin/rm /etc/xcat/hostkeys/ssh_host*"; my $outref = xCAT::Utils->runcmd("$cmd", -1); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message( 'I', "Could not remove ssh keys from /etc/xcat/hostkeys directory. They may not exist.\n" ); } } # # generate new hostkeys # xCAT::MsgUtils->message('I', "Generating new node hostkeys...\n"); xCAT::MsgUtils->message('I', "Generating SSH1 RSA Key...\n"); my $cmd = "/usr/bin/ssh-keygen -t rsa1 -f /etc/xcat/hostkeys/ssh_host_key -C '' -N ''"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not generate SSH1 RSA key.\n"); } xCAT::MsgUtils->message('I', "Generating SSH2 RSA Key...\n"); my $cmd = "/usr/bin/ssh-keygen -t rsa -f /etc/xcat/hostkeys/ssh_host_rsa_key -C '' -N ''"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not generate SSH2 RSA key.\n"); } xCAT::MsgUtils->message('I', "Generating SSH2 DSA Key...\n"); my $cmd = "/usr/bin/ssh-keygen -t dsa -f /etc/xcat/hostkeys/ssh_host_dsa_key -C '' -N ''"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not generate SSH2 DSA key.\n"); } # copy the public keys to install directory my $cmd = "/bin/cp /etc/xcat/hostkeys/*.pub /install/postscripts/hostkeys/."; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "$cmd not successful.\n"); } else { xCAT::MsgUtils->message('I', "$cmd is successful\n"); } } else { # keys exist and not a request to regenerate # so if private keys are in /install ( some migration) # move old hostkeys keys if they exist in /install, to the # new directory /etc/xcat/hostkeys & remove private keys from /install if (-f "/install/postscripts/hostkeys/ssh_host_rsa_key") { # copy all keys to /etc/xcat/hostkeys directory my $cmd = "/bin/cp -p /install/postscripts/hostkeys/* /etc/xcat/hostkeys/."; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "$cmd not successful.\n"); } # remove private keys from install dir, leave the public keys if (-f "/install/postscripts/hostkeys/ssh_host_dsa_key") { my $cmd = "/bin/rm /install/postscripts/hostkeys/ssh_host_dsa_key"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "$cmd not successful.\n"); } } if (-f "/install/postscripts/hostkeys/ssh_host_key") { my $cmd = "/bin/rm /install/postscripts/hostkeys/ssh_host_key"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "$cmd not successful.\n"); } } if (-f "/install/postscripts/hostkeys/ssh_host_rsa_key") { my $cmd = "/bin/rm /install/postscripts/hostkeys/ssh_host_rsa_key"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "$cmd not successful.\n"); } } } # so if no public key in /install/postscripts/hostkeys # copy the /etc/xcat/hostkeys # public keys to /install/postscripts/hostkeys if (!(-f "/install/postscripts/hostkeys/ssh_host_rsa_key.pub")) { # rm any files my $cmd = "/bin/rm /install/postscripts/hostkeys/*"; my $outref = xCAT::Utils->runcmd("$cmd", -1); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "$cmd not successful. Files may not exist.\n"); } else { xCAT::MsgUtils->message('I', "$cmd is successful\n"); } # copy the public keys to install directory my $cmd = "/bin/cp /etc/xcat/hostkeys/*.pub /install/postscripts/hostkeys/."; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "$cmd not successful.\n"); } else { xCAT::MsgUtils->message('I', "$cmd is successful\n"); } } } } #----------------------------------------------------------------------------- =head3 initDB Will initialize the DB if it does not already exist, also updates with new data needed during update install. =cut #----------------------------------------------------------------------------- sub initDB { my $hname = `hostname`; chomp $hname; # some values common to both AIX & Linux my $xcatport = "3001"; my $xcatiport = "3002"; my $tftpdir = "/tftpboot"; my $installdir = "/install"; my $master; my ($name, $aliases, $addrtype, $length, @addrs) = gethostbyname($hname); if ($? == 0) { $master = inet_ntoa($addrs[0]); } else { xCAT::MsgUtils->message("E","Hostname resolution for $hname failed.\n"); $master="NORESOLUTION"; } # set value based on OS my ($domain, $timezone); if ($::osname eq 'AIX') { my ($name, $rest) = split('\.', $hname); if ($rest) { ($domain = $hname) =~ s/^.*?\.//; } else { $domain = ""; } $timezone = $ENV{'TZ'}; } else # linux { $domain = `hostname -d`; my $tz; if (-f "/etc/redhat-release") { # on Redhat look for "ZONE" $tz = `grep ^ZONE /etc/sysconfig/clock|cut -d= -f 2|sed -e 's/"//g'`; } else { # on SuSE look for "TIMEZONE" $tz = `grep ^TIMEZONE /etc/sysconfig/clock|cut -d= -f 2|sed -e 's/"//g'`; } $timezone = $tz; } chomp $timezone; chomp $master; chomp $domain; # create basic site definition, if they do not exist reset request if ( ((!-r "/etc/xcat/site.sqlite") && (!-r "/etc/xcat/cfgloc")) || $::FORCE || $::initDB) { my $chtabcmds; $chtabcmds = "$::XCATROOT/sbin/chtab key=xcatdport site.value=$xcatport;"; $chtabcmds .= "$::XCATROOT/sbin/chtab key=xcatiport site.value=$xcatiport;"; $chtabcmds .= "$::XCATROOT/sbin/chtab key=tftpdir site.value=$tftpdir;"; $chtabcmds .= "$::XCATROOT/sbin/chtab key=installdir site.value=$installdir;"; $chtabcmds .= "$::XCATROOT/sbin/chtab key=master site.value=$master;"; $chtabcmds .= "$::XCATROOT/sbin/chtab key=domain site.value=$domain;"; $chtabcmds .= "$::XCATROOT/sbin/chtab key=timezone site.value=$timezone;"; if ($::osname eq 'AIX') { $chtabcmds .= "$::XCATROOT/sbin/chtab key=useSSHonAIX site.value=yes;"; $chtabcmds .= "$::XCATROOT/sbin/chtab key=consoleondemand site.value=yes;"; } my $outref = xCAT::Utils->runcmd("$chtabcmds", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not create site definition.\n"); } else { xCAT::MsgUtils->message('I', "Updated cluster site definition.\n"); } } # create default postscript list in postscripts table # if it does not exist, or request reset if ( ((!-r "/etc/xcat/postscripts.sqlite") && (!-r "/etc/xcat/cfgloc")) || $::FORCE || $::initDB) { my $chtabcmds; if ($::osname eq 'AIX') { $chtabcmds = "$::XCATROOT/sbin/chtab node=xcatdefaults postscripts.postscripts='syslog,aixremoteshell,otherpkgs,syncfiles';"; } else { $chtabcmds = "$::XCATROOT/sbin/chtab node=xcatdefaults postscripts.postscripts='syslog,remoteshell,otherpkgs,syncfiles';"; } $chtabcmds .= "$::XCATROOT/sbin/chtab node=service postscripts.postscripts='servicenode';"; my $outref = xCAT::Utils->runcmd("$chtabcmds", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not create postscripts definition.\n"); } else { xCAT::MsgUtils->message('I', "Created postscripts definition.\n"); } } # create basic policy definition, if does not exist or request reset. if ( ((!-r "/etc/xcat/policy.sqlite") && (!-r "/etc/xcat/cfgloc")) || $::FORCE || $::initDB) { my $chtabcmds; if ($::osname eq 'AIX') { $chtabcmds = "$::XCATROOT/sbin/chtab priority=1 policy.name=root policy.rule=allow;"; $chtabcmds .= "$::XCATROOT/sbin/chtab priority=1.2 policy.name=$hname policy.rule=allow;"; $chtabcmds .= "$::XCATROOT/sbin/chtab priority=4.4 policy.commands=getpostscript policy.rule=allow;"; $chtabcmds .= "$::XCATROOT/sbin/chtab priority=4.5 policy.commands=getcredentials policy.rule=allow;"; $chtabcmds .= "$::XCATROOT/sbin/chtab priority=4.6 policy.commands=syncfiles policy.rule=allow"; } else # linux { $chtabcmds = "$::XCATROOT/sbin/chtab priority=1 policy.name=root policy.rule=allow;"; $chtabcmds .= "$::XCATROOT/sbin/chtab priority=2 policy.commands=getbmcconfig policy.rule=allow;"; $chtabcmds .= "$::XCATROOT/sbin/chtab priority=3 policy.commands=nextdestiny policy.rule=allow;"; $chtabcmds .= "$::XCATROOT/sbin/chtab priority=4 policy.commands=getdestiny policy.rule=allow;"; $chtabcmds .= "$::XCATROOT/sbin/chtab priority=4.4 policy.commands=getpostscript policy.rule=allow;"; $chtabcmds .= "$::XCATROOT/sbin/chtab priority=4.5 policy.commands=getcredentials policy.rule=allow;"; $chtabcmds .= "$::XCATROOT/sbin/chtab priority=4.6 policy.commands=syncfiles policy.rule=allow"; } my $outref = xCAT::Utils->runcmd("$chtabcmds", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not create policy definition.\n"); } else { xCAT::MsgUtils->message('I', "Created policy definition.\n"); } } # update install processing # adding otherpkgs and syncfiles new postscripts for migration if ($::UPDATEINSTALL) { my $chdefcmd; $chdefcmds .= "$::XCATROOT/bin/chdef -t node -o xcatdefaults -p postscripts='otherpkgs,syncfiles';"; my $outref = xCAT::Utils->runcmd("$chdefcmds", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message( 'E', "Could not update postscripts definition.\n" ); } else { xCAT::MsgUtils->message('I', "Updated postscripts definition.\n"); } } } # end initial DB install setup #----------------------------------------------------------------------------- =head3 genCredentials Will generate the xCAT credential, if new install or requested to regenerate. =cut #----------------------------------------------------------------------------- sub genCredentials { my $hname = `hostname`; chomp $hname; if ((!-d "/etc/xcat/ca") || $::FORCE || $::genCredentials) { xCAT::MsgUtils->message( 'I', "\nSetting up basic certificates. Respond with a \'y\' when prompted.\n\n" ); my $cmd = "echo 'y\ny\ny\ny' |$::XCATROOT/share/xcat/scripts/setup-xcat-ca.sh 'xCAT CA'"; xCAT::MsgUtils->message('I', "Running $cmd\n"); my $rc = system($cmd); if ($rc >> 8) { xCAT::MsgUtils->message('E', "Could not create xCAT certificate in /etc/xcat/ca.\n"); } else { xCAT::MsgUtils->message('I', "Created xCAT certificate.\n"); } } # copy to postscript directory my $cmd = "/bin/rm -rf /install/postscripts/ca >/dev/null 2>&1"; my $outref = xCAT::Utils->runcmd("$cmd", 0); my $cmd = "/bin/mkdir -p /install/postscripts/ca/certs"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not create /install/postscripts/ca/certs directory.\n"); } else { xCAT::MsgUtils->message('I', "Created /install/postscripts/ca/certs directory.\n"); } my $cmd = "/bin/cp -r /etc/xcat/ca/* /install/postscripts/ca"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message( 'E', "Could not copy /etc/xcat/ca/* to /install/postscripts/ca directory.\n" ); } else { xCAT::MsgUtils->message('I', "Copied /etc/xcat/ca/* to /install/postscripts/ca directory.\n"); } if ((!-d "/etc/xcat/cert") || $::FORCE || $::genCredentials) { my $cmd = "echo 'y\ny\ny\ny' |$::XCATROOT/share/xcat/scripts/setup-server-cert.sh $hname"; xCAT::MsgUtils->message('I', "Running $cmd\n"); my $rc = system($cmd); if ($rc >> 8) { xCAT::MsgUtils->message('E', "Could not create xCAT certificate in /etc/xcat/cert.\n"); } else { xCAT::MsgUtils->message('I', "Created xCAT certificate.\n"); } } # copy to postscript directory my $cmd = "/bin/rm -rf /install/postscripts/cert >/dev/null 2>&1"; my $outref = xCAT::Utils->runcmd("$cmd", 0); my $cmd = "/bin/mkdir -p /install/postscripts/cert"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not create /install/postscripts/cert directory.\n"); } else { xCAT::MsgUtils->message('I', "Created /install/postscripts/cert directory.\n"); } my $cmd = "/bin/cp -r /etc/xcat/cert/* /install/postscripts/cert"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message( 'E', "Could not copy /etc/xcat/cert/* to /install/postscripts/cert directory.\n" ); } else { xCAT::MsgUtils->message( 'I', "Copied /etc/xcat/cert/* to /install/postscripts/cert directory.\n" ); } if ((!-r "$::root/.xcat/client-key.pem") || $::FORCE || $::genCredentials) { my $cmd = "echo 'y\ny\ny\ny' |$::XCATROOT/share/xcat/scripts/setup-local-client.sh root"; xCAT::MsgUtils->message('I', "Running $cmd\n"); my $rc = system($cmd); if ($rc >> 8) { xCAT::MsgUtils->message( 'E', "Could not create xCAT certificate in /.xcat/client-key.pem.\n" ); } else { xCAT::MsgUtils->message('I', "Created xCAT certificate.\n"); } } # copy to postscript directory my $cmd = "/bin/rm -rf /install/postscripts/_xcat >/dev/null 2>&1"; my $outref = xCAT::Utils->runcmd("$cmd", 0); my $cmd = "/bin/mkdir -p /install/postscripts/_xcat"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not create /install/postscripts/_xcat directory.\n"); } else { xCAT::MsgUtils->message('I', "Created /install/postscripts/_xcat directory.\n"); } my $cmd = "/bin/cp -r $::root/.xcat/* /install/postscripts/_xcat"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message( 'E', "Could not copy $::root/.xcat/* to /install/postscripts/_xcat directory.\n" ); } else { xCAT::MsgUtils->message( 'I', "Copied $::root/.xcat/* to /install/postscripts/_xcat directory.\n" ); } my $cmd = "/bin/cp -r /etc/xcat/ca/certs/* /install/postscripts/ca/certs"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message( 'E', "Could not copy /etc/xcat/ca/certs/* to /install/postscripts/ca/certs directory.\n" ); } else { xCAT::MsgUtils->message( 'I', "Copied /etc/xcat/ca/certs* to /install/postscripts/ca/certs directory.\n" ); } } #----------------------------------------------------------------------------- =head3 setupAIXconserver Set AIX conserver =cut #----------------------------------------------------------------------------- sub setupAIXconserver { if (!-f "/usr/sbin/conserver") { my $cmd = "ln -sf /opt/freeware/sbin/conserver /usr/sbin/conserver"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message( 'E', "Could not ln -sf /opt/freeware/sbin/conserver /usr/sbin/conserver.\n" ); } else { xCAT::MsgUtils->message('I', "ln -sf /opt/freeware/sbin/conserver /usr/sbin/conserver.\n"); } } if (!-f "/usr/bin/console") { $cmd = "ln -sf /opt/freeware/bin/console /usr/bin/console"; $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message( 'E', "Could not ln -sf /opt/freeware/bin/console /usr/bin/console.\n" ); } else { xCAT::MsgUtils->message('I', "ln -sf /opt/freeware/bin/console /usr/bin/console.\n"); } } $cmd = "lssrc -a | grep conserver >/dev/null 2>&1"; $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { $cmd = "mkssys -p /opt/freeware/sbin/conserver -s conserver -u 0 -S -n 15 -f 15 -a \"-o -O1 -C /etc/conserver.cf\""; $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not add subsystem conserver.\n"); } else { xCAT::MsgUtils->message('I', "Add subsystem conserver.\n"); } } } #----------------------------------------------------------------------------- =head3 setupAIXexports Set AIX exports =cut #----------------------------------------------------------------------------- sub setupAIXexports { # check if /install/postscripts is in /etc/exports my $catcmd = "/bin/cat /etc/exports 2>&1 | grep '/install/postscripts ' >/dev/null 2>&1"; my $outref = xCAT::Utils->runcmd("$catcmd", -1); if ($::RUNCMD_RC != 0) { # if not add it and make sure it is exported my $ecmd = "echo '/install/postscripts -ro' >> /etc/exports; exportfs -a"; my $outref2 = xCAT::Utils->runcmd("$ecmd", -1); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not update the /etc/exports file.\n"); } } } #----------------------------------------------------------------------------- =head3 setupLinuxexports Set Linux exports =cut #----------------------------------------------------------------------------- sub setupLinuxexports { my $changed_exports = 0; # # add tftpboot to /etc/exports - if needed # my $cmd = "/bin/cat /etc/exports | grep '/tftpboot'"; my $outref = xCAT::Utils->runcmd("$cmd", -1); if ($::RUNCMD_RC != 0) { # ok - then add this entry #SECURITY: this has potential for sharing private host/user keys my $cmd = "/bin/echo '/tftpboot *(rw,no_root_squash,sync)' >> /etc/exports"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not update the /etc/exports file.\n"); } else { xCAT::MsgUtils->message('I', "Added /tftpboot to the /etc/exports file.\n"); $changed_exports++; } } # # add /install to /etc/exports - if needed # my $cmd = "/bin/cat /etc/exports | grep '/install'"; my $outref = xCAT::Utils->runcmd("$cmd", -1); if ($::RUNCMD_RC != 0) { # ok - then add this entry #SECURITY: this has potential for sharing private host/user keys my $cmd = "/bin/echo '/install *(rw,no_root_squash,sync)' >> /etc/exports"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not update the /etc/exports file.\n"); } else { xCAT::MsgUtils->message('I', "Added /install to the /etc/exports file.\n"); $changed_exports++; } } if ($changed_exports) { # restart nfs my $cmd = "/sbin/service nfs restart"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not restart NFS.\n"); } else { xCAT::MsgUtils->message('I', "NFS has been restarted.\n"); } my $cmd = "/sbin/chkconfig nfs on"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not enable NFS.\n"); } else { xCAT::MsgUtils->message('I', "NFS has been enabled.\n"); } my $cmd = "/usr/sbin/exportfs -a"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Error with $cmd.\n"); } else { xCAT::MsgUtils->message('I', "Ran $cmd.\n"); } } } #----------------------------------------------------------------------------- =head3 mknb creates a network boot root image on Linux =cut #----------------------------------------------------------------------------- sub mknb { if ($::arch eq "x86_64" || $::arch eq "x86") { foreach my $ar (qw(x86 x86_64 ppc64)) { my $cmd = "$::XCATROOT/sbin/mknb $ar"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "The mknb $ar command returned error: $::RUNCMD_RC.\n"); } else { xCAT::MsgUtils->message('I', "The mknb $ar command was run with no error.\n"); } } } } #----------------------------------------------------------------------------- =head3 makenetworks Runs makenetworks and initializes http on Linux =cut #----------------------------------------------------------------------------- sub makenetworks { # run makenetworks my $cmd = "$::XCATROOT/sbin/makenetworks"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "The makenetworks command returned error: $::RUNCMD_RC.\n"); } else { xCAT::MsgUtils->message('I', "The makenetworks command was run with no error.\n"); } # set the nameserver in the site table my @names = xCAT::Utils->runcmd( "/bin/grep ^[^#]*nameserver /etc/resolv.conf | awk '{print \$2}'", 0); my $ns = join(',', @names); my $cmd = "$::XCATROOT/sbin/chtab key=nameservers site.value=$ns"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "The chtab command returned error: $::RUNCMD_RC.\n"); } else { xCAT::MsgUtils->message('I', "Updated the site definition with the value of the nameserver.\n"); } # restart httpd my $cmd; if (-e "/etc/init.d/apache2") { #for sles $cmd = "/etc/init.d/apache2 stop; /etc/init.d/apache2 start"; } else { $cmd = "/etc/init.d/httpd stop; /etc/init.d/httpd start"; } my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not restart httpd.\n"); } else { xCAT::MsgUtils->message('I', "httpd has been restarted.\n"); } # enable httpd if (-e "/etc/init.d/apache2") { #for sles $cmd = "/sbin/chkconfig apache2 on"; } else { $cmd = "/sbin/chkconfig httpd on"; } my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not enable httpd.\n"); } else { xCAT::MsgUtils->message('I', "httpd has been enabled.\n"); } }