#!/usr/bin/perl # IBM(c) 2007 EPL license http://www.eclipse.org/legal/epl-v10.html # ##################################################### # # This is script is called during the initial installation of xCAT # It can also be called directly to redo the xcat configuration # ##################################################### BEGIN { $::XCATROOT = $ENV{'XCATROOT'} ? $ENV{'XCATROOT'} : '/opt/xcat'; $::XCATDIR = $ENV{'XCATDIR'} ? $ENV{'XCATDIR'} : '/etc/xcat'; } use lib "$::XCATROOT/lib/perl"; use xCAT::Utils; use Getopt::Long; use xCAT::MsgUtils; use Socket; $::progname = "xcatconfig"; Getopt::Long::Configure("bundling"); $Getopt::Long::ignorecase = 0; # parse the options if ( !GetOptions( 'f|force' => \$::FORCE, 'h|help' => \$::HELP, 'v|version' => \$::VERSION, ) ) { &usage; exit(1); } # display the usage if -h or --help is specified if ($::HELP) { &usage; exit(0); } # display the version statement if -v or --verison is specified if ($::VERSION) { xCAT::MsgUtils->message('I', "$::progname: version 1.0\n"); exit(0); } $::osname = `uname`; chomp $::osname; if ($::osname eq 'AIX') { $::arch = `uname -p`; $::root = ""; } else { $::arch = `uname -m`; $::root = "/root"; } chomp $::arch; chomp $::root; # Make this system a management node my $cmd = "/bin/touch /etc/xCATMN"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not create /etc/xCATMN file.\n"); } else { xCAT::MsgUtils->message('I', "Created /etc/xCATMN file.\n"); } # Make sure service node file is not there if (-f "/etc/xCATSN") { my $cmd = "/bin/rm /etc/xCATSN"; my $outref = xCAT::Utils->runcmd("$cmd", 0); } # some Linux-only config # (used to FTP postscripts to nodes) if ($::osname eq 'Linux') { # Locally mount /var/ftp/install over /install if (!-d "/var/ftp/install") { my $cmd = "/bin/mkdir -p /var/ftp/install"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not create /var/ftp/install directory.\n"); } else { xCAT::MsgUtils->message('I', "Created /var/ftp/install directory.\n"); } } # # add /var/ftp/install to /etc/fstab and mount - if needed # my $changed_fstab = 0; my $cmd = "/bin/cat /etc/fstab | grep '/var/ftp/install'"; my $outref = xCAT::Utils->runcmd("$cmd", -1); if ($::RUNCMD_RC != 0) { # ok - then add this entry my $cmd = "/bin/echo '/install /var/ftp/install none bind,defaults 0 0' >> /etc/fstab"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not update the /etc/fstab file.\n"); } else { xCAT::MsgUtils->message('I', "Added /var/ftp/install to the /etc/fstab file.\n"); $changed_fstab++; } } if ($changed_fstab) { # mount /var/ftp/install my $cmd = "mount /var/ftp/install"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not mount /var/ftp/install.\n"); } else { xCAT::MsgUtils->message('I', "/var/ftp/install has been mounted over /install.\n"); } } # # add /var/ftp/tftpboot to /etc/fstab and mount - if needed # my $changed_fstab = 0; my $cmd = "/bin/cat /etc/fstab | grep '/var/ftp/tftpboot'"; my $outref = xCAT::Utils->runcmd("$cmd", -1); if ($::RUNCMD_RC != 0) { # ok - then add this entry my $cmd = "/bin/echo '/tftpboot /var/ftp/tftpboot none bind,defaults 0 0' >> /etc/fstab"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not update the /etc/fstab file.\n"); } else { xCAT::MsgUtils->message('I', "Added /var/ftp/tftpboot to the /etc/fstab file.\n"); $changed_fstab++; } } if ($changed_fstab) { # mount /var/ftp/tftpboot my $cmd = "mount /var/ftp/tftpboot"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not mount /var/ftp/tftpboot.\n"); } else { xCAT::MsgUtils->message('I', "/var/ftp/tftpboot has been mounted over /tftpboot.\n"); } } # start vsftpd my $cmd = "/sbin/chkconfig vsftpd on"; my $outref = xCAT::Utils->runcmd("$cmd", 0); my $cmd = "/etc/init.d/vsftpd restart"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not start VSFTPD.\n"); } else { xCAT::MsgUtils->message('I', "VSFTPD has been restarted.\n"); } } # - some Linux-only config # # Generate ssh keys # # create /etc/xcat/hostkeys and /install/postscripts/hostkeys if (!-d "/install/postscripts/hostkeys") # directory for public keys { my $cmd = "/bin/mkdir -p /install/postscripts/hostkeys"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not create /install/postscripts/hostkeys directory.\n"); } } if (!-d "/etc/xcat/hostkeys") # directory for public/private keys { my $cmd = "/bin/mkdir -p /etc/xcat/hostkeys"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not create /etc/xcat/hostkeys directory.\n"); } } if ($::FORCE) { # remove the old keys my $cmd = "/bin/rm /install/postscripts/hostkeys/ssh_host*"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message( 'I', "Could not remove ssh keys from /install/postscripts/hostkeys directory. They may not exist.\n" ); } # remove the old keys my $cmd = "/bin/rm /etc/xcat/hostkeys/ssh_host*"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message( 'I', "Could not remove ssh keys from /etc/xcat/hostkeys directory. They may not exist.\n" ); } # # generate new hostkeys # xCAT::MsgUtils->message('I', "Generating SSH1 RSA Key...\n"); my $cmd = "/usr/bin/ssh-keygen -t rsa1 -f /etc/xcat/hostkeys/ssh_host_key -C '' -N ''"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not generate SSH1 RSA key.\n"); } xCAT::MsgUtils->message('I', "Generating SSH2 RSA Key...\n"); my $cmd = "/usr/bin/ssh-keygen -t rsa -f /etc/xcat/hostkeys/ssh_host_rsa_key -C '' -N ''"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not generate SSH2 RSA key.\n"); } xCAT::MsgUtils->message('I', "Generating SSH2 DSA Key...\n"); my $cmd = "/usr/bin/ssh-keygen -t dsa -f /etc/xcat/hostkeys/ssh_host_dsa_key -C '' -N ''"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not generate SSH2 DSA key.\n"); } # copy the public keys to install directory my $cmd = "/bin/cp /etc/xcat/hostkeys/*.pub /install/postscripts/hostkeys/."; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "$cmd not successful.\n"); } else { xCAT::MsgUtils->message('I', "$cmd is successful\n"); } } # # move old keys if they exist, to the new directory and remove private keys if (-f "/install/postscripts/hostkeys/ssh_host_key") { # copy all keys to /etc/xcat/hostkeys directory my $cmd = "/bin/cp -p /install/postscripts/hostkeys/* /etc/xcat/hostkeys/."; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "$cmd not successful.\n"); } # remove private keys from install dir if (-f "/install/postscripts/hostkeys/ssh_host_dsa_key") { my $cmd = "/bin/rm /install/postscripts/hostkeys/ssh_host_dsa_key"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "$cmd not successful.\n"); } } if (-f "/install/postscripts/hostkeys/ssh_host_key") { my $cmd = "/bin/rm /install/postscripts/hostkeys/ssh_host_key"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "$cmd not successful.\n"); } } if (-f "/install/postscripts/hostkeys/ssh_host_rsa_key") { my $cmd = "/bin/rm /install/postscripts/hostkeys/ssh_host_rsa_key"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "$cmd not successful.\n"); } } } # # move old directories if they exist if (-d "/install/postscripts/.ssh") { my $cmd = "/bin/mv /install/postscripts/.ssh/* /install/postscripts/_ssh/."; my $outref = xCAT::Utils->runcmd("$cmd", -1); my $cmd = "/bin/rmdir /install/postscripts/.ssh"; my $outref = xCAT::Utils->runcmd("$cmd", -1); # if ($::RUNCMD_RC != 0) # { # xCAT::MsgUtils->message( # 'E', # "Could not move /install/postscripts/.ssh directory to /install/postscripts/_ssh.\n" # ); # } # else # { # xCAT::MsgUtils->message( # 'I', # "Moved /install/postscripts/.ssh directory to /install/postscripts/_ssh.\n" # ); # } } if (-d "/install/postscripts/.xcat") { my $cmd = "/bin/mv /install/postscripts/.xcat/* /install/postscripts/_xcat/."; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message( 'E', "Could not move /install/postscripts/.xcat directory to /install/postscripts/_xcat.\n" ); } my $cmd = "/bin/rmdir /install/postscripts/.xcat"; my $outref = xCAT::Utils->runcmd("$cmd", -1); } # # create /.ssh dir if needed # my $sshdir = "$::root/.ssh"; if (!-d $sshdir) { my $cmd = "/bin/mkdir -m 700 -p $sshdir"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not create $sshdir directory.\n"); } else { xCAT::MsgUtils->message('I', "Created $sshdir directory.\n"); } } # # create or modify the -/.ssh/config file # my $cfgfile = "$::root/.ssh/config"; if ((-f $cfgfile) || $::FORCE) { # it exists - so see if it needs to be updated - ???????? check!!! # xCAT::MsgUtils->message('I', "Checking for \'StrictHostKeyChecking no\' in $cfgfile.\n"); my $cmd = "/bin/cat $cfgfile | grep 'StrictHostKeyChecking no'"; my $outref = xCAT::Utils->runcmd("$cmd", -1); if ($::RUNCMD_RC != 0) { # ok - then add this entry my $cmd = "/bin/echo StrictHostKeyChecking no >> $cfgfile; chmod 600 $cfgfile"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not update the $cfgfile file.\n"); } else { xCAT::MsgUtils->message('I', "Added updates to the $cfgfile file.\n"); } } } else { # file doesn't exist so just create it my $cmd = "/bin/echo StrictHostKeyChecking no > $cfgfile; chmod 600 $cfgfile"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not update the $cfgfile file.\n"); } else { xCAT::MsgUtils->message('I', "Added updates to the $cfgfile file.\n"); } } # # create /install/postscripts/_ssh if needed # if (!-d "/install/postscripts/_ssh") { my $cmd = "/bin/mkdir -p /install/postscripts/_ssh"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not create /install/postscripts/_ssh directory.\n"); } else { xCAT::MsgUtils->message('I', "Created /install/postscripts/_ssh directory.\n"); } } # # Generate id_rsa.pub, if it does not exist or the force option # my $pubfile = "$::root/.ssh/id_rsa.pub"; my $rsafile = "$::root/.ssh/id_rsa"; if ((!-r $pubfile) || $::FORCE) { if ($::FORCE) { # remove the old file my $cmd = "/bin/rm $::root/.ssh/id_rsa*"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message( 'E', "Could not remove id_rsa files from $::root/.ssh directory.\n" ); } else { xCAT::MsgUtils->message('I', "Removed id_rsa files from $::root/.ssh directory.\n"); } } my $cmd = "/usr/bin/ssh-keygen -t rsa -q -b 2048 -N '' -f $rsafile"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not generate $pubfile.\n"); } else { xCAT::MsgUtils->message('I', "Generated $pubfile.\n"); if ($::osname eq 'AIX') { # allows node be able to scp to the MN only for AIX my $cmd = "/bin/cat $pubfile >> /.ssh/authorized_keys"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not cat $pubfile to /.ssh/authorized_keys.\n"); } else { xCAT::MsgUtils->message('I', "Added $pubfile to /.ssh/authorized_keys.\n"); chmod 0600, "/.ssh/authorized_keys"; } } } } # copy authorized_keys for install on node if (-r $pubfile) { my $cmd = "/bin/cp $pubfile /install/postscripts/_ssh/authorized_keys"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message( 'E', "Could not copy $pubfile to /install/postscripts/_ssh/authorized_keys.\n" ); } else { xCAT::MsgUtils->message('I', "Copied $pubfile to /install/postscripts/_ssh/authorized_keys.\n"); } } else { xCAT::MsgUtils->message( 'E', "Could not copy $pubfile to /install/postscripts/_ssh/authorized_keys,because $pubfile does not exist.\n" ); } # # create /var/log/consoles if needed # if (!-d "/var/log/consoles") { my $cmd = "/bin/mkdir -p /var/log/consoles"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not create /var/log/consoles directory.\n"); } else { xCAT::MsgUtils->message('I', "Created /var/log/consoles directory.\n"); } } if ($::osname eq 'AIX') { if(!-f "/usr/sbin/conserver") { my $cmd = "ln -sf /opt/freeware/sbin/conserver /usr/sbin/conserver"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not ln -sf /opt/freeware/sbin/conserver /usr/sbin/conserver.\n"); } else { xCAT::MsgUtils->message('I', "ln -sf /opt/freeware/sbin/conserver /usr/sbin/conserver.\n"); } } if(!-f "/usr/bin/console") { $cmd = "ln -sf /opt/freeware/bin/console /usr/bin/console"; $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not ln -sf /opt/freeware/bin/console /usr/bin/console.\n"); } else { xCAT::MsgUtils->message('I', "ln -sf /opt/freeware/bin/console /usr/bin/console.\n"); } } $cmd = "lssrc -a | grep conserver"; $outref = xCAT::Utils->runcmd("$cmd", 0); unless($outref =~ /conserver/) { $cmd = "mkssys -p /opt/freeware/sbin/conserver -s conserver -u 0 -S -n 15 -f 15 -a \"-o -O1 -C /etc/conserver.cf\""; $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not add subsystem conserver.\n"); } else { xCAT::MsgUtils->message('I', "Add subsystem conserver.\n"); } } } # some Linux-only config if ($::osname eq 'Linux') { my $changed_exports = 0; # # add tftpboot to /etc/exports - if needed # my $cmd = "/bin/cat /etc/exports | grep '/tftpboot'"; my $outref = xCAT::Utils->runcmd("$cmd", -1); if ($::RUNCMD_RC != 0) { # ok - then add this entry #SECURITY: this has potential for sharing private host/user keys my $cmd = "/bin/echo '/tftpboot *(rw,root_squash,sync)' >> /etc/exports"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not update the /etc/exports file.\n"); } else { xCAT::MsgUtils->message('I', "Added /tftpboot to the /etc/exports file.\n"); $changed_exports++; } } # # add /install to /etc/exports - if needed # my $cmd = "/bin/cat /etc/exports | grep '/install'"; my $outref = xCAT::Utils->runcmd("$cmd", -1); if ($::RUNCMD_RC != 0) { # ok - then add this entry #SECURITY: this has potential for sharing private host/user keys my $cmd = "/bin/echo '/install *(ro,no_root_squash,sync)' >> /etc/exports"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not update the /etc/exports file.\n"); } else { xCAT::MsgUtils->message('I', "Added /install to the /etc/exports file.\n"); $changed_exports++; } } if ($changed_exports) { # restart nfs my $cmd = "/sbin/service nfs restart"; my $outref = xCAT::Utils->runcmd("$cmd", 0); my $cmd = "/sbin/chkconfig nfs on"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not enable NFS.\n"); } else { xCAT::MsgUtils->message('I', "NFS has been restarted.\n"); } } } # - some Linux-only config # # create basic site definition # my $hname = `hostname`; chomp $hname; # some values common to both AIX & Linux my $xcatport = "3001"; my $xcatiport = "3002"; my $tftpdir = "/tftpboot"; my $installdir = "/install"; my ($name, $aliases, $addrtype, $length, @addrs) = gethostbyname($hname); my $master = inet_ntoa($addrs[0]); # set value based on OS my ($domain, $timezone); if ($::osname eq 'AIX') { my ($name, $rest) = split('\.', $hname); if ($rest) { ($domain = $hname) =~ s/^.*?\.//; } else { $domain=""; } $timezone = $ENV{'TZ'}; } else { $domain = `hostname -d`; my $tz; if (-f "/etc/redhat-release") { # on Redhat look for "ZONE" $tz = `grep ^ZONE /etc/sysconfig/clock|cut -d= -f 2|sed -e 's/"//g'`; } else { # on SuSE look for "TIMEZONE" $tz = `grep ^TIMEZONE /etc/sysconfig/clock|cut -d= -f 2|sed -e 's/"//g'`; } $timezone = $tz; } chomp $timezone; chomp $master; chomp $domain; # create basic site definition if ((!-r "/etc/xcat/site.sqlite") || $::FORCE) { my $chtabcmds; $chtabcmds = "$::XCATROOT/sbin/chtab key=xcatdport site.value=$xcatport;"; $chtabcmds .= "$::XCATROOT/sbin/chtab key=xcatiport site.value=$xcatiport;"; $chtabcmds .= "$::XCATROOT/sbin/chtab key=tftpdir site.value=$tftpdir;"; $chtabcmds .= "$::XCATROOT/sbin/chtab key=installdir site.value=$installdir;"; $chtabcmds .= "$::XCATROOT/sbin/chtab key=master site.value=$master;"; $chtabcmds .= "$::XCATROOT/sbin/chtab key=domain site.value=$domain;"; if ($::osname eq 'Linux') { $chtabcmds .= "$::XCATROOT/sbin/chtab key=timezone site.value=$timezone"; } if ($::osname eq 'AIX') { $chtabcmds .= "$::XCATROOT/sbin/chtab key=useSSHonAIX site.value=no;"; $chtabcmds .= "$::XCATROOT/sbin/chtab key=consoleondemand site.value=yes;"; } my $outref = xCAT::Utils->runcmd("$chtabcmds", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not create site definition.\n"); } else { xCAT::MsgUtils->message('I', "Updated cluster site definition.\n"); } } # create default postscript list in postscripts table if ((!-r "/etc/xcat/postscripts.sqlite") || $::FORCE) { my $chtabcmds; if ($::osname eq 'AIX') { $chtabcmds = "$::XCATROOT/sbin/chtab node=xcatdefaults postscripts.postscripts='syslog,aixremoteshell';"; } else { $chtabcmds = "$::XCATROOT/sbin/chtab node=xcatdefaults postscripts.postscripts='syslog,remoteshell';"; } $chtabcmds .= "$::XCATROOT/sbin/chtab node=service postscripts.postscripts='servicenode';"; my $outref = xCAT::Utils->runcmd("$chtabcmds", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not create postscripts definition.\n"); } else { xCAT::MsgUtils->message('I', "Created postscripts definition.\n"); } } # create basic policy definition. if ((!-r "/etc/xcat/policy.sqlite") || $::FORCE) { my $chtabcmds; if ($::osname eq 'AIX') { $chtabcmds = "$::XCATROOT/sbin/chtab priority=1 policy.name=root policy.rule=allow;"; $chtabcmds .= "$::XCATROOT/sbin/chtab priority=1.2 policy.name=$hname policy.rule=allow;"; $chtabcmds .= "$::XCATROOT/sbin/chtab priority=4.4 policy.commands=getpostscript policy.rule=allow;"; $chtabcmds .= "$::XCATROOT/sbin/chtab priority=4.5 policy.commands=getcredentials policy.rule=allow"; } else { $chtabcmds = "$::XCATROOT/sbin/chtab priority=1 policy.name=root policy.rule=allow;"; $chtabcmds .= "$::XCATROOT/sbin/chtab priority=2 policy.commands=getbmcconfig policy.rule=allow;"; $chtabcmds .= "$::XCATROOT/sbin/chtab priority=3 policy.commands=nextdestiny policy.rule=allow;"; $chtabcmds .= "$::XCATROOT/sbin/chtab priority=4 policy.commands=getdestiny policy.rule=allow;"; $chtabcmds .= "$::XCATROOT/sbin/chtab priority=4.4 policy.commands=getpostscript policy.rule=allow;"; $chtabcmds .= "$::XCATROOT/sbin/chtab priority=4.5 policy.commands=getcredentials policy.rule=allow"; } my $outref = xCAT::Utils->runcmd("$chtabcmds", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not create policy definition.\n"); } else { xCAT::MsgUtils->message('I', "Created policy definition.\n"); } } # # set up syslog # # (use postscript to set up syslog -- leaving old code for now in case it # did something differnt) my $cmd = "/install/postscripts/syslog"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not set up syslog.\n"); } else { xCAT::MsgUtils->message('I', "syslog has been set up.\n"); } # # if backup file exists assume it's already set up #if (( ! -r "/etc/syslog.conf.ORIG" ) || $::FORCE) { # my $syslogcmds; # $syslogcmds = "cp /etc/syslog.conf /etc/syslog.conf.ORIG;"; # $syslogcmds .= "echo '*.debug /var/log/localmessages' > /etc/test.tmp;"; # $syslogcmds .= "echo '*.crit /var/log/localmessages' >> /etc/test.tmp;"; # $syslogcmds .= "cat /etc/test.tmp >> /etc/syslog.conf;"; # $syslogcmds .= "rm /etc/test.tmp;"; # $syslogcmds .= "touch /var/log/localmessages;"; # if ($::osname eq 'AIX') { # $syslogcmds .= "stopsrc -s syslogd;"; # $syslogcmds .= "startsrc -s syslogd;"; # } else { # $syslogcmds .= "/etc/init.d/syslog stop;"; # $syslogcmds .= "/etc/init.d/syslog start;"; # } # # my $outref = xCAT::Utils->runcmd("$syslogcmds", 0); # if ($::RUNCMD_RC != 0) # { # xCAT::MsgUtils->message('E', "Could not set up syslog.\n"); # } else { # xCAT::MsgUtils->message('I', "Started syslog daemon.\n"); # } #} # # set up the certificates for xcatd # if ((!-d "/etc/xcat/ca") || $::FORCE) { xCAT::MsgUtils->message( 'I', "\nSetting up basic certificates. Respond with a \'y\' when prompted.\n\n" ); my $cmd = "echo 'y\ny\ny\ny' |$::XCATROOT/share/xcat/scripts/setup-xcat-ca.sh 'xCAT CA'"; xCAT::MsgUtils->message('I', "Running $cmd\n"); my $rc = system($cmd); if ($rc >> 8) { xCAT::MsgUtils->message('E', "Could not create xCAT certificate in /etc/xcat/ca.\n"); } else { xCAT::MsgUtils->message('I', "Created xCAT certificate.\n"); } } # copy to postscript directory my $cmd = "/bin/rm -rf /install/postscripts/ca >/dev/null 2>&1"; my $outref = xCAT::Utils->runcmd("$cmd", 0); my $cmd = "/bin/mkdir -p /install/postscripts/ca/certs"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not create /install/postscripts/ca/certs directory.\n"); } else { xCAT::MsgUtils->message('I', "Created /install/postscripts/ca/certs directory.\n"); } my $cmd = "/bin/cp -r /etc/xcat/ca/* /install/postscripts/ca"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message( 'E', "Could not copy /etc/xcat/ca/* to /install/postscripts/ca directory.\n" ); } else { xCAT::MsgUtils->message('I', "Copied /etc/xcat/ca/* to /install/postscripts/ca directory.\n"); } if ((!-d "/etc/xcat/cert") || $::FORCE) { my $cmd = "echo 'y\ny\ny\ny' |$::XCATROOT/share/xcat/scripts/setup-server-cert.sh $hname"; xCAT::MsgUtils->message('I', "Running $cmd\n"); my $rc = system($cmd); if ($rc >> 8) { xCAT::MsgUtils->message('E', "Could not create xCAT certificate in /etc/xcat/cert.\n"); } else { xCAT::MsgUtils->message('I', "Created xCAT certificate.\n"); } } # copy to postscript directory my $cmd = "/bin/rm -rf /install/postscripts/cert >/dev/null 2>&1"; my $outref = xCAT::Utils->runcmd("$cmd", 0); my $cmd = "/bin/mkdir -p /install/postscripts/cert"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not create /install/postscripts/cert directory.\n"); } else { xCAT::MsgUtils->message('I', "Created /install/postscripts/cert directory.\n"); } my $cmd = "/bin/cp -r /etc/xcat/cert/* /install/postscripts/cert"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message( 'E', "Could not copy /etc/xcat/cert/* to /install/postscripts/cert directory.\n" ); } else { xCAT::MsgUtils->message('I', "Copied /etc/xcat/cert/* to /install/postscripts/cert directory.\n"); } if ((!-r "$::root/.xcat/client-key.pem") || $::FORCE) { my $cmd = "echo 'y\ny\ny\ny' |$::XCATROOT/share/xcat/scripts/setup-local-client.sh root"; xCAT::MsgUtils->message('I', "Running $cmd\n"); my $rc = system($cmd); if ($rc >> 8) { xCAT::MsgUtils->message('E', "Could not create xCAT certificate in /.xcat/client-key.pem.\n"); } else { xCAT::MsgUtils->message('I', "Created xCAT certificate.\n"); } } # copy to postscript directory my $cmd = "/bin/rm -rf /install/postscripts/_xcat >/dev/null 2>&1"; my $outref = xCAT::Utils->runcmd("$cmd", 0); my $cmd = "/bin/mkdir -p /install/postscripts/_xcat"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not create /install/postscripts/_xcat directory.\n"); } else { xCAT::MsgUtils->message('I', "Created /install/postscripts/_xcat directory.\n"); } my $cmd = "/bin/cp -r $::root/.xcat/* /install/postscripts/_xcat"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message( 'E', "Could not copy $::root/.xcat/* to /install/postscripts/_xcat directory.\n" ); } else { xCAT::MsgUtils->message('I', "Copied $::root/.xcat/* to /install/postscripts/_xcat directory.\n"); } my $cmd = "/bin/cp -r /etc/xcat/ca/certs/* /install/postscripts/ca/certs"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message( 'E', "Could not copy /etc/xcat/ca/certs/* to /install/postscripts/ca/certs directory.\n" ); } else { xCAT::MsgUtils->message( 'I', "Copied /etc/xcat/ca/certs* to /install/postscripts/ca/certs directory.\n" ); } # # if there are xcatd processes then stop them # my @xpids = xCAT::Utils->runcmd("ps -ef\|grep \"xcatd\"", 0); if ($#xpids >= 1) { # will have at least "0" for the grep xCAT::MsgUtils->message('I', "Stopping xcatd processes....\n"); foreach $ps (@xpids) { $ps =~ s/^\s+//; # strip any leading spaces my ($uid, $pid, $ppid, $desc) = split /\s+/, $ps; # if $ps contains "grep" then it's not one of the daemon processes if ($ps !~ /grep/) { # print "pid=$pid\n"; my $cmd = "/bin/kill -9 $pid"; xCAT::Utils->runcmd($cmd, 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not stop xcatd process $pid.\n"); } } } } # # start xcatd # xCAT::MsgUtils->message('I', "Starting xcatd.....\n"); my $xcmd; if ($::osname eq 'AIX') { $xcmd = "$::XCATROOT/sbin/xcatd &"; } else { $xcmd = "/etc/init.d/xcatd start"; } my $outref = xCAT::Utils->runcmd("$xcmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not start xcatd.\n"); } # for AIX systems add xcatd to the /etc/inittab file # and add /install/postscripts to /etc/exports if ($::osname eq 'AIX') { my $mkitab_cmd = 'mkitab "xcatd:2:once:/opt/xcat/sbin/xcatd > /dev/console 2>&1" > /dev/null 2>&1'; my $rc = system($mkitab_cmd); # check if /install/postscripts is in /etc/exports my $catcmd = "/bin/cat /etc/exports | grep '/install/postscripts ' >/dev/null 2>&1"; my $outref = xCAT::Utils->runcmd("$catcmd", -1); if ($::RUNCMD_RC != 0) { # if not add it and make sure it is exported my $ecmd = "echo '/install/postscripts -ro' >> /etc/exports; exportfs -a"; my $outref2 = xCAT::Utils->runcmd("$ecmd", -1); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not update the /etc/exports file.\n"); } } } # more - Linux-only config if ($::osname eq 'Linux') { #Zap the almost certainly wrong pxelinux.cfg file if (-f "/tftpboot/pxelinux.cfg/default") { $cmd = "/bin/rm /tftpboot/pxelinux.cfg/default"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not remove /tftpboot/pxelinux.cfg/default\n"); } else { xCAT::MsgUtils->message('I', "Removed /tftpboot/pxelinux.cfg/default.\n"); } } # run mknb - only needed for Intel platforms for now if ($::arch eq "x86_64" || $::arch eq "x86") { foreach my $ar (qw(x86 x86_64 ppc64)) { my $cmd = "$::XCATROOT/sbin/mknb $ar"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "The mknb $ar command returned error: $::RUNCMD_RC.\n"); } else { xCAT::MsgUtils->message('I', "The mknb $ar command was run with no error.\n"); } } } # run makenetworks my $cmd = "$::XCATROOT/sbin/makenetworks"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "The makenetworks command returned error: $::RUNCMD_RC.\n"); } else { xCAT::MsgUtils->message('I', "The makenetworks command was run with no error.\n"); } # set the nameserver in the site table my @names = xCAT::Utils->runcmd( "/bin/grep nameserver /etc/resolv.conf | cut -d' ' -f 2", 0); my $ns = join(',', @names); my $cmd = "$::XCATROOT/sbin/chtab key=nameservers site.value=$ns"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "The chtab command returned error: $::RUNCMD_RC.\n"); } else { xCAT::MsgUtils->message('I', "Updated the site definition with the value of the nameserver.\n"); } # restart httpd my $cmd; if(-e "/etc/init.d/apache2") {#for sles $cmd = "/etc/init.d/apache2 stop; /etc/init.d/apache2 start"; }else { $cmd = "/etc/init.d/httpd stop; /etc/init.d/httpd start"; } my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not restart httpd.\n"); } else { xCAT::MsgUtils->message('I', "httpd has been restarted.\n"); } # enable httpd if(-e "/etc/init.d/apache2") {#for sles $cmd = "/sbin/chkconfig apache2 on"; }else { $cmd = "/sbin/chkconfig httpd on"; } my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', "Could not enable httpd.\n"); } else { xCAT::MsgUtils->message('I', "httpd has been enabled.\n"); } my $linux_note = "xCAT is now installed, it is recommended to tabedit networks \nand set a dynamic ip address range on any networks where nodes \nare to be discovered. Then, run makedhcp -n to create a new dhcpd \nconfiguration file, and \/etc\/init.d\/dhcpd restart. Either examine sample \nconfiguration templates, or write your own, or specify a value per \nnode with nodeadd or tabedit.\n"; xCAT::MsgUtils->message('I', $linux_note); } #End - more - Linux-only config exit; ##################################### # subroutines ##################################### sub usage { xCAT::MsgUtils->message('I', "Usage:\n"); xCAT::MsgUtils->message( 'I', "xcatconfig - Performs basic xCAT configuration on an xCAT management node.\n\n" ); xCAT::MsgUtils->message('I', " xcatconfig [-h|--help] [-f|--force]\n\n"); }