831a5b6ace
git-svn-id: https://svn.code.sf.net/p/xcat/code/xcat-core/trunk@10717 8638fb3e-16cb-4fca-ae20-7b5d299a9bcd
1779 lines
53 KiB
Perl
Executable File
1779 lines
53 KiB
Perl
Executable File
#!/usr/bin/env perl
|
|
# IBM(c) 2007 EPL license http://www.eclipse.org/legal/epl-v10.html
|
|
#
|
|
|
|
#-----------------------------------------------------------------------------
|
|
|
|
=head1 xcatconfig
|
|
|
|
|
|
|
|
This is script is called during the initial installation of xCAT
|
|
It can also be called directly to various parts of the configuration
|
|
root ssh keys, node host keys, credentials database setup or all
|
|
|
|
=cut
|
|
|
|
BEGIN
|
|
{
|
|
$::XCATROOT = $ENV{'XCATROOT'} ? $ENV{'XCATROOT'} : '/opt/xcat';
|
|
$::XCATDIR = $ENV{'XCATDIR'} ? $ENV{'XCATDIR'} : '/etc/xcat';
|
|
}
|
|
|
|
use lib "$::XCATROOT/lib/perl";
|
|
use strict;
|
|
use xCAT::Utils;
|
|
use xCAT::NetworkUtils;
|
|
use Getopt::Long;
|
|
use xCAT::MsgUtils;
|
|
use Socket;
|
|
|
|
#-----------------------------------------------------------------------------
|
|
# Main
|
|
|
|
$::progname = "xcatconfig";
|
|
my $args = join ' ', @ARGV;
|
|
$::command = "$0 $args";
|
|
Getopt::Long::Configure("bundling");
|
|
$Getopt::Long::ignorecase = 0;
|
|
|
|
# Default Install dir location
|
|
$::INSTALLDIR = "/install";
|
|
|
|
# Default TFTP dir location
|
|
$::TFTPDIR = "/tftpboot";
|
|
|
|
# parse the options
|
|
if (
|
|
!GetOptions(
|
|
'f|force' => \$::FORCE,
|
|
'i|initinstall' => \$::INITIALINSTALL,
|
|
'u|updateinstall' => \$::UPDATEINSTALL,
|
|
'k|sshkeys' => \$::genSSHRootKeys,
|
|
's|sshnodehostkeys' => \$::genSSHNodeHostKeys,
|
|
'c|credentials' => \$::genCredentials,
|
|
'd|database' => \$::initDB,
|
|
'h|help' => \$::HELP,
|
|
'v|version' => \$::VERSION,
|
|
'V|verbose' => \$::VERBOSE,
|
|
'installdir=s' => \$::INSTALLDIR,
|
|
'tftpdir=s' => \$::TFTPDIR,
|
|
)
|
|
)
|
|
{
|
|
&usage;
|
|
exit(1);
|
|
}
|
|
|
|
if ( (!$::HELP)
|
|
&& (!$::FORCE)
|
|
&& (!$::INITIALINSTALL)
|
|
&& (!$::UPDATEINSTALL)
|
|
&& (!$::genSSHRootKeys)
|
|
&& (!$::genSSHNodeHostKeys)
|
|
&& (!$::genCredentials)
|
|
&& (!$::initDB)
|
|
&& (!$::VERSION))
|
|
{
|
|
&usage;
|
|
exit(1);
|
|
}
|
|
|
|
# display the usage if -h or --help is specified
|
|
if ($::HELP)
|
|
{
|
|
&usage;
|
|
exit(0);
|
|
}
|
|
|
|
# display the version statement if -v or --verison is specified
|
|
if ($::VERSION)
|
|
{
|
|
my $version = xCAT::Utils->Version();
|
|
$version .= "\n";
|
|
xCAT::MsgUtils->message("N", $version);
|
|
exit 0;
|
|
}
|
|
if ($::FORCE)
|
|
{
|
|
if ( $::INITIALINSTALL
|
|
|| $::UPDATEINSTALL
|
|
|| $::genSSHRootKeys
|
|
|| $::genSSHNodeHostKey
|
|
|| $::genCredentials
|
|
|| $::initDB)
|
|
{
|
|
my $warning =
|
|
" The -f flag includes the function for the -i, -u, -k, -s, -c, -d flags. Do not combine with other flags.\n ";
|
|
xCAT::MsgUtils->message("N", $warning);
|
|
exit 1;
|
|
}
|
|
}
|
|
if (($::INITIALINSTALL) && ($::UPDATEINSTALL))
|
|
{
|
|
my $warning =
|
|
" The -i and -u flags may not be input to the command. Use one or the other. \n ";
|
|
xCAT::MsgUtils->message("N", $warning);
|
|
exit 1;
|
|
}
|
|
|
|
#
|
|
# Display command
|
|
#
|
|
verbose("Running $::command");
|
|
if (xCAT::Utils->isAIX())
|
|
{
|
|
$::osname = 'AIX';
|
|
}
|
|
else
|
|
{
|
|
$::osname = 'Linux';
|
|
}
|
|
|
|
#
|
|
# To support AIX INUCLIENTS, to support the scenario where the user needs to install xCAT rpms
|
|
# into the INUCLIENT=1 environment, such as AIX diskless node(installing xCAT in AIX NIM SPOT),
|
|
# or alternative disk installation.
|
|
#
|
|
|
|
if (($::osname eq 'AIX') && ($ENV{'INUCLIENTS'} == 1))
|
|
{
|
|
# INUCLIENTS is configured, add xcatconfig to /etc/inittab
|
|
my $cmd = "/usr/sbin/lsitab xcatconfig > /dev/null 2>&1";
|
|
my $rc = system("$cmd") >>8;
|
|
if ($rc != 0)
|
|
{
|
|
# add new entry
|
|
my $flag;
|
|
if ($::INITIALINSTALL)
|
|
{
|
|
$flag = "-i";
|
|
}
|
|
|
|
if ($::UPDATEINSTALL)
|
|
{
|
|
$flag = "-u";
|
|
}
|
|
|
|
if ($::initDB)
|
|
{
|
|
$flag = "-d";
|
|
}
|
|
|
|
my $mkcmd = qq~/usr/sbin/mkitab "xcatconfig:2:once:$::XCATROOT/sbin/xcatconfig $flag > /dev/console 2>&1"~;
|
|
system("$mkcmd");
|
|
}
|
|
exit(0);
|
|
}
|
|
|
|
if ($::osname eq 'AIX')
|
|
{
|
|
$::arch = `uname -p`;
|
|
#$::root = "";
|
|
$::root = xCAT::Utils->getHomeDir();
|
|
}
|
|
else
|
|
{
|
|
$::arch = `uname -m`;
|
|
$::root = "/root";
|
|
}
|
|
chomp $::arch;
|
|
chomp $::root;
|
|
|
|
|
|
# some Linux-only config
|
|
# Do not need to start vsftpd here, because when xcatd starts, it will restart it
|
|
#if ($::osname eq 'Linux')
|
|
#{
|
|
# start vsftpd
|
|
# my $cmd = "/sbin/chkconfig vsftpd on";
|
|
# my $outref = xCAT::Utils->runcmd("$cmd", 0);
|
|
# my $cmd = "/etc/init.d/vsftpd restart";
|
|
# my $outref = xCAT::Utils->runcmd("$cmd", 0);
|
|
# if ($::RUNCMD_RC != 0)
|
|
# {
|
|
# xCAT::MsgUtils->message('E', "Could not start VSFTPD.");
|
|
# }
|
|
# else
|
|
# {
|
|
# xCAT::MsgUtils->message('I', "VSFTPD has been restarted.");
|
|
# }
|
|
#} # end Linux-only
|
|
|
|
#
|
|
# Generate ssh host keys for the nodes
|
|
#
|
|
#
|
|
if (xCAT::Utils->isMN()) {
|
|
&genSSHNodeHostKey;
|
|
}
|
|
#
|
|
# gen root's ssh keys, if needed and copy to appropriate directories to
|
|
# be used during install
|
|
#
|
|
if ($::INITIALINSTALL || $::FORCE || $::genSSHRootKeys)
|
|
{
|
|
&genSSHRootKeys; # gen new rsa ssh key for root
|
|
}
|
|
|
|
#
|
|
# Update /etc/profile on AIX
|
|
#
|
|
if ($::INITIALINSTALL)
|
|
{
|
|
my $profname = "/etc/profile";
|
|
if ($::osname eq 'AIX')
|
|
{
|
|
my $cmd = qq~cat $profname | grep "XCATROOT"~;
|
|
my $outref = xCAT::Utils->runcmd("$cmd", -1);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
|
|
# make back up file
|
|
my $cpcmd = qq~/bin/cp -p $profname $profname.orig~;
|
|
my $outref = xCAT::Utils->runcmd("$cpcmd", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message('E', "Could not copy $profname.");
|
|
}
|
|
|
|
# add xCAT paths
|
|
my $eccmd =
|
|
qq~echo '# xCAT setup\nXCATROOT=$::XCATROOT\nPATH=\$XCATROOT/bin:\$XCATROOT/sbin:\$PATH\nMANPATH=\$XCATROOT/share/man:\$MANPATH\nexport XCATROOT PATH MANPATH' >>$profname~;
|
|
$outref = xCAT::Utils->runcmd("$eccmd", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message('E', "Could not update $profname.");
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
if ($::INITIALINSTALL || $::FORCE || $::UPDATEINSTALL)
|
|
{
|
|
|
|
#
|
|
# For all MNs create /var/log/consoles if needed
|
|
# Conserver won't start without it
|
|
#
|
|
if (!-d "/var/log/consoles")
|
|
{
|
|
my $cmd = "/bin/mkdir -p /var/log/consoles";
|
|
my $outref = xCAT::Utils->runcmd("$cmd", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message('E',
|
|
"Could not create /var/log/consoles directory.");
|
|
}
|
|
else
|
|
{
|
|
verbose("Created /var/log/consoles directory.");
|
|
}
|
|
}
|
|
|
|
if ($::osname eq 'AIX')
|
|
{
|
|
xCAT::Utils->setupAIXconserver($::VERBOSE);
|
|
|
|
&setupAIXIPMITool;
|
|
|
|
# Add the xcatd subsystem to the AIX
|
|
no strict 'refs';
|
|
my $mkssys_cmd =
|
|
"mkssys -p $::XCATROOT/sbin/xcatd -s xcatd -u 0 -S -n 15 -f 15 -a \"-f\"";
|
|
system($mkssys_cmd);
|
|
use strict;
|
|
|
|
#
|
|
# for AIX systems add xcatd to the /etc/inittab file
|
|
#
|
|
|
|
# add xcatd entry if one does not exist
|
|
my $rcmd = "/bin/cat /etc/inittab | grep 'xcatd'";
|
|
my $outref = xCAT::Utils->runcmd("$rcmd", -1);
|
|
if ($::RUNCMD_RC != 0) {
|
|
my $mkitab_cmd =
|
|
"mkitab \"xcatd:2:once:$::XCATROOT/sbin/restartxcatd > /dev/console 2>&1\" > /dev/null 2>&1";
|
|
xCAT::Utils->runcmd("$mkitab_cmd", 0);
|
|
if ($::RUNCMD_RC != 0) {
|
|
xCAT::MsgUtils->message('E', "Could not set up inittab.");
|
|
}
|
|
}
|
|
|
|
# add AIX needed exports
|
|
&setupAIXexports;
|
|
|
|
}
|
|
|
|
else # for Linux
|
|
{
|
|
&setupLinuxexports; # add Linux exports
|
|
|
|
}
|
|
} # end install,update or force
|
|
|
|
#
|
|
# set up the certificates for xcatd, gen new ones if requested or do not exist
|
|
#
|
|
if ($::INITIALINSTALL || $::UPDATEINSTALL || $::FORCE || $::genCredentials)
|
|
{
|
|
&genCredentials;
|
|
}
|
|
|
|
#
|
|
# Setup database
|
|
#
|
|
if ($::INITIALINSTALL || $::UPDATEINSTALL || $::FORCE || $::initDB)
|
|
{
|
|
&initDB;
|
|
}
|
|
|
|
#
|
|
# set up syslog
|
|
#
|
|
# use postscript to set up syslog
|
|
if ($::INITIALINSTALL || $::FORCE || $::UPDATEINSTALL)
|
|
{
|
|
my $cmd = "$::INSTALLDIR/postscripts/syslog";
|
|
my $outref = xCAT::Utils->runcmd("$cmd", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message('E', "Could not set up syslog.");
|
|
}
|
|
else
|
|
{
|
|
verbose("syslog has been set up.");
|
|
}
|
|
}
|
|
|
|
|
|
#
|
|
|
|
#
|
|
# start xcatd
|
|
#
|
|
if ($::INITIALINSTALL || $::FORCE || $::UPDATEINSTALL || $::genCredentials)
|
|
{
|
|
my $xcmd;
|
|
if ($::osname eq 'AIX')
|
|
{
|
|
$xcmd = "$::XCATROOT/sbin/restartxcatd";
|
|
}
|
|
else
|
|
{
|
|
$xcmd = "/etc/init.d/xcatd restart";
|
|
}
|
|
system($xcmd);
|
|
}
|
|
|
|
# more config needed after xcatd start
|
|
if ($::INITIALINSTALL || $::FORCE)
|
|
{
|
|
my $cmd;
|
|
if ($::osname eq 'Linux') {
|
|
#Zap the almost certainly wrong pxelinux.cfg file
|
|
if (-f "$::TFTPDIR/pxelinux.cfg/default")
|
|
{
|
|
$cmd = "/bin/rm $::TFTPDIR/pxelinux.cfg/default";
|
|
my $outref = xCAT::Utils->runcmd("$cmd", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message('E',
|
|
"Could not remove $::TFTPDIR/pxelinux.cfg/default");
|
|
}
|
|
else
|
|
{
|
|
verbose("Removed $::TFTPDIR/pxelinux.cfg/default.");
|
|
}
|
|
}
|
|
|
|
# run mknb - only needed for Intel platforms for now
|
|
&mknb;
|
|
|
|
# makenetworks and setup http
|
|
&makenetworks;
|
|
&setuphttp;
|
|
|
|
my $linux_note =
|
|
"xCAT is now running, it is recommended to tabedit networks \nand set a dynamic ip address range on any networks where nodes \nare to be discovered. Then, run makedhcp -n to create a new dhcpd \nconfiguration file, and \/etc\/init.d\/dhcpd restart. Either examine sample \nconfiguration templates, or write your own, or specify a value per \nnode with nodeadd or tabedit.";
|
|
xCAT::MsgUtils->message('I', $linux_note);
|
|
} else { #AIX
|
|
# makenetworks
|
|
&makenetworks;
|
|
|
|
my $AIX_note =
|
|
"xCAT is now running.";
|
|
xCAT::MsgUtils->message('I', $AIX_note);
|
|
}
|
|
|
|
} #End - more - Linux-only config
|
|
|
|
END
|
|
{
|
|
# Remove xcatconfig itself from the inittab
|
|
|
|
if (($::osname eq 'AIX') && ($ENV{'INUCLIENTS'} != 1))
|
|
{
|
|
my $cmd = "/usr/sbin/lsitab xcatconfig > /dev/null 2>&1";
|
|
my $rc = system("$cmd") >>8;
|
|
if ($rc == 0)
|
|
{
|
|
my $rmcmd = '/usr/sbin/rmitab xcatconfig';
|
|
system("$rmcmd");
|
|
}
|
|
}
|
|
}
|
|
|
|
exit;
|
|
|
|
#####################################
|
|
# subroutines
|
|
#####################################
|
|
|
|
#-----------------------------------------------------------------------------
|
|
|
|
=head3 usage
|
|
|
|
Displays message for -h option
|
|
|
|
=cut
|
|
|
|
#-----------------------------------------------------------------------------
|
|
|
|
sub usage
|
|
{
|
|
xCAT::MsgUtils->message(
|
|
'I',
|
|
"Usage:\nxcatconfig - Performs basic xCAT setup operations on an xCAT management node. This command should not be run on an xCAT Service Node, unless you are making it a Management Node.\n"
|
|
);
|
|
xCAT::MsgUtils->message(
|
|
'I',
|
|
"xcatconfig [-h|--help]\nxcatconfig [-v|--version]\nxcatconfig [-f|--force] [-V|--verbose]\nxcatconfig [-i|--initinstall] [-V|--verbose]\nxcatconfig [-u|--updateinstall] [-V|--verbose]\nxcatconfig [-k|--sshkeys] [-s|--sshnodehostkeys] [-c|--credentials] [-d|database] [-V|--verbose]"
|
|
);
|
|
}
|
|
|
|
sub verbose
|
|
{
|
|
if (!$::VERBOSE) { return; }
|
|
my $msg = shift;
|
|
xCAT::MsgUtils->message("I", $msg);
|
|
}
|
|
|
|
#-----------------------------------------------------------------------------
|
|
|
|
=head3 genSSHRootKeys
|
|
|
|
Will generate a new ssh rsa key for the root user, if it does not exist or if requested by the input -k flag.
|
|
|
|
=cut
|
|
|
|
#-----------------------------------------------------------------------------
|
|
|
|
sub genSSHRootKeys
|
|
|
|
{
|
|
|
|
#
|
|
# create /.ssh dir if needed
|
|
#
|
|
my $sshdir = "$::root/.ssh";
|
|
if (!-d $sshdir)
|
|
{
|
|
my $cmd = "/bin/mkdir -m 700 -p $sshdir";
|
|
my $outref = xCAT::Utils->runcmd("$cmd", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message('E', "Could not create $sshdir directory.");
|
|
}
|
|
else
|
|
{
|
|
verbose("Created $sshdir directory.");
|
|
}
|
|
}
|
|
|
|
#
|
|
# create or modify the -/.ssh/config file
|
|
#
|
|
my $cfgfile = "$::root/.ssh/config";
|
|
if (-f $cfgfile)
|
|
{
|
|
|
|
# it exists - so see if it needs to be updated
|
|
my $cmd = "/bin/cat $cfgfile | grep 'StrictHostKeyChecking no'";
|
|
my $outref = xCAT::Utils->runcmd("$cmd", -1);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
|
|
# ok - then add this entry
|
|
my $cmd =
|
|
"/bin/echo StrictHostKeyChecking no >> $cfgfile; chmod 600 $cfgfile";
|
|
my $outref = xCAT::Utils->runcmd("$cmd", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message('E',
|
|
"Could not update the $cfgfile file.");
|
|
}
|
|
else
|
|
{
|
|
xCAT::MsgUtils->message('I',
|
|
"Added updates to the $cfgfile file.");
|
|
}
|
|
}
|
|
}
|
|
else
|
|
{
|
|
|
|
# file doesn't exist so just create it
|
|
my $cmd =
|
|
"/bin/echo StrictHostKeyChecking no > $cfgfile; chmod 600 $cfgfile";
|
|
my $outref = xCAT::Utils->runcmd("$cmd", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message('E', "Could not update the $cfgfile file.");
|
|
}
|
|
else
|
|
{
|
|
xCAT::MsgUtils->message('I', "Added updates to the $cfgfile file.");
|
|
}
|
|
}
|
|
|
|
#
|
|
# create /install/postscripts/_ssh if needed
|
|
#
|
|
if (!-d "$::INSTALLDIR/postscripts/_ssh")
|
|
{
|
|
my $cmd = "/bin/mkdir -m 755 -p $::INSTALLDIR/postscripts/_ssh";
|
|
my $outref = xCAT::Utils->runcmd("$cmd", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message('E',
|
|
"Could not create $::INSTALLDIR/postscripts/_ssh directory.");
|
|
}
|
|
else
|
|
{
|
|
verbose("Created $::INSTALLDIR/postscripts/_ssh directory.");
|
|
}
|
|
}
|
|
|
|
#need to gen a new rsa key for root ssh, if Force, genkey or does not exist
|
|
my $pubfile = "$::root/.ssh/id_rsa.pub";
|
|
my $rsafile = "$::root/.ssh/id_rsa";
|
|
|
|
# if exists, and generated new then
|
|
# need to remove the old files
|
|
if ((-r $pubfile) && ($::FORCE || $::genSSHRootKeys))
|
|
{
|
|
|
|
my $cmd = "/bin/rm $::root/.ssh/id_rsa*";
|
|
my $outref = xCAT::Utils->runcmd("$cmd", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message('E',
|
|
"Could not remove id_rsa files from $::root/.ssh directory.");
|
|
}
|
|
else
|
|
{
|
|
xCAT::MsgUtils->message('I',
|
|
"Removed id_rsa files from $::root/.ssh directory.");
|
|
}
|
|
}
|
|
|
|
# ssh key does not exist, gen a new one else leave alone
|
|
if (!-r $pubfile)
|
|
{
|
|
my $cmd = "/usr/bin/ssh-keygen -t rsa -q -b 2048 -N '' -f $rsafile";
|
|
my $outref = xCAT::Utils->runcmd("$cmd", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message('E', "Could not generate $pubfile.");
|
|
}
|
|
else
|
|
{
|
|
xCAT::MsgUtils->message('I', "Generated $pubfile.");
|
|
|
|
}
|
|
}
|
|
|
|
# copy authorized_keys for install on node
|
|
if (-r $pubfile)
|
|
{
|
|
my $cmd =
|
|
"/bin/cp -p $pubfile $::INSTALLDIR/postscripts/_ssh/authorized_keys ";
|
|
my $outref = xCAT::Utils->runcmd("$cmd", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message(
|
|
'E',
|
|
"Could not copy $pubfile to $::INSTALLDIR/postscripts/_ssh/authorized_keys."
|
|
);
|
|
}
|
|
else
|
|
{
|
|
xCAT::MsgUtils->message(
|
|
'I',
|
|
"Copied $pubfile to $::INSTALLDIR/postscripts/_ssh/authorized_keys."
|
|
);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
xCAT::MsgUtils->message(
|
|
'E',
|
|
"Could not copy $pubfile to $::INSTALLDIR/postscripts/_ssh/authorized_keys,because $pubfile does not exist."
|
|
);
|
|
}
|
|
}
|
|
|
|
#-----------------------------------------------------------------------------
|
|
|
|
=head3 genSSHNodeHostKey
|
|
|
|
If node private node hostkeys do not exist in either directory or force option
|
|
or generate host key option, we need to generate them
|
|
These keys are installed on the nodes in /etc/ssh directory and allow the
|
|
node to ssh without password node to node.
|
|
They are store in /etc/xcat/hostkeys on the MN.
|
|
This also includes some migration to /install/postscripts/hostkeys
|
|
for the install process
|
|
|
|
=cut
|
|
|
|
#-----------------------------------------------------------------------------
|
|
|
|
sub genSSHNodeHostKey
|
|
|
|
{
|
|
|
|
my $hostkey = "$::INSTALLDIR/postscripts/hostkeys/ssh_host_rsa_key";
|
|
my $hostkey2 = "/etc/xcat/hostkeys/ssh_host_rsa_key";
|
|
if ( ((!-r $hostkey) && (!-r $hostkey2))
|
|
|| $::FORCE
|
|
|| $::genSSHNodeHostKeys)
|
|
{
|
|
|
|
# create directories /etc/xcat/hostkeys and /install/postscripts/hostkeys
|
|
if (!-d "$::INSTALLDIR/postscripts/hostkeys") # directory for public keys
|
|
{
|
|
my $cmd = "/bin/mkdir -m 755 -p $::INSTALLDIR/postscripts/hostkeys";
|
|
my $outref = xCAT::Utils->runcmd("$cmd", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message(
|
|
'E',
|
|
"Could not create $::INSTALLDIR/postscripts/hostkeys directory."
|
|
);
|
|
}
|
|
}
|
|
if (!-d "/etc/xcat/hostkeys") # directory for public/private keys
|
|
{
|
|
my $cmd = "/bin/mkdir -p /etc/xcat/hostkeys";
|
|
my $outref = xCAT::Utils->runcmd("$cmd", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message('E',
|
|
"Could not create /etc/xcat/hostkeys directory.");
|
|
}
|
|
}
|
|
|
|
# remove the old keys
|
|
if (-r $hostkey)
|
|
{
|
|
my $cmd = "/bin/rm $::INSTALLDIR/postscripts/hostkeys/ssh_host*";
|
|
my $outref = xCAT::Utils->runcmd("$cmd", -1);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message(
|
|
'I',
|
|
"Could not remove ssh keys from $::INSTALLDIR/postscripts/hostkeys directory. They may not exist."
|
|
);
|
|
}
|
|
}
|
|
|
|
# remove the old keys
|
|
if (-r $hostkey2)
|
|
{
|
|
my $cmd = "/bin/rm /etc/xcat/hostkeys/ssh_host*";
|
|
my $outref = xCAT::Utils->runcmd("$cmd", -1);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message(
|
|
'I',
|
|
"Could not remove ssh keys from /etc/xcat/hostkeys directory. They may not exist."
|
|
);
|
|
}
|
|
}
|
|
|
|
#
|
|
# generate new hostkeys
|
|
#
|
|
xCAT::MsgUtils->message('I', "Generating new node hostkeys...");
|
|
xCAT::MsgUtils->message('I', "Generating SSH1 RSA Key...");
|
|
my $cmd =
|
|
"/usr/bin/ssh-keygen -t rsa1 -f /etc/xcat/hostkeys/ssh_host_key -C '' -N ''";
|
|
my $outref = xCAT::Utils->runcmd("$cmd", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message('E', "Could not generate SSH1 RSA key.");
|
|
}
|
|
|
|
xCAT::MsgUtils->message('I', "Generating SSH2 RSA Key...");
|
|
$cmd =
|
|
"/usr/bin/ssh-keygen -t rsa -f /etc/xcat/hostkeys/ssh_host_rsa_key -C '' -N ''";
|
|
$outref = xCAT::Utils->runcmd("$cmd", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message('E', "Could not generate SSH2 RSA key.");
|
|
}
|
|
|
|
xCAT::MsgUtils->message('I', "Generating SSH2 DSA Key...");
|
|
$cmd =
|
|
"/usr/bin/ssh-keygen -t dsa -f /etc/xcat/hostkeys/ssh_host_dsa_key -C '' -N ''";
|
|
$outref = xCAT::Utils->runcmd("$cmd", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message('E', "Could not generate SSH2 DSA key.");
|
|
}
|
|
|
|
# copy the public keys to install directory
|
|
$cmd =
|
|
"/bin/cp /etc/xcat/hostkeys/*.pub $::INSTALLDIR/postscripts/hostkeys/.";
|
|
$outref = xCAT::Utils->runcmd("$cmd", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message('E', "$cmd not successful.");
|
|
}
|
|
else
|
|
{
|
|
verbose("$cmd is successful");
|
|
}
|
|
}
|
|
else
|
|
{ # keys exist and not a request to regenerate
|
|
# so if private keys are in /install ( some migration)
|
|
# move old hostkeys keys if they exist in /install, to the
|
|
# new directory /etc/xcat/hostkeys & remove private keys from /install
|
|
if (-f "$::INSTALLDIR/postscripts/hostkeys/ssh_host_rsa_key")
|
|
{
|
|
|
|
# copy all keys to /etc/xcat/hostkeys directory
|
|
my $cmd =
|
|
"/bin/cp -p $::INSTALLDIR/postscripts/hostkeys/* /etc/xcat/hostkeys/.";
|
|
my $outref = xCAT::Utils->runcmd("$cmd", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message('E', "$cmd not successful.");
|
|
}
|
|
|
|
# remove private keys from install dir, leave the public keys
|
|
if (-f "$::INSTALLDIR/postscripts/hostkeys/ssh_host_dsa_key")
|
|
{
|
|
my $cmd =
|
|
"/bin/rm $::INSTALLDIR/postscripts/hostkeys/ssh_host_dsa_key";
|
|
my $outref = xCAT::Utils->runcmd("$cmd", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message('E', "$cmd not successful.");
|
|
}
|
|
}
|
|
if (-f "$::INSTALLDIR/postscripts/hostkeys/ssh_host_key")
|
|
{
|
|
my $cmd = "/bin/rm $::INSTALLDIR/postscripts/hostkeys/ssh_host_key";
|
|
my $outref = xCAT::Utils->runcmd("$cmd", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message('E', "$cmd not successful.");
|
|
}
|
|
}
|
|
if (-f "$::INSTALLDIR/postscripts/hostkeys/ssh_host_rsa_key")
|
|
{
|
|
my $cmd =
|
|
"/bin/rm $::INSTALLDIR/postscripts/hostkeys/ssh_host_rsa_key";
|
|
my $outref = xCAT::Utils->runcmd("$cmd", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message('E', "$cmd not successful.");
|
|
}
|
|
}
|
|
}
|
|
|
|
# so if no public key in /install/postscripts/hostkeys
|
|
# copy the /etc/xcat/hostkeys
|
|
# public keys to /install/postscripts/hostkeys
|
|
if (!(-f "$::INSTALLDIR/postscripts/hostkeys/ssh_host_rsa_key.pub"))
|
|
{
|
|
|
|
# rm any files
|
|
my $cmd = "/bin/rm $::INSTALLDIR/postscripts/hostkeys/*";
|
|
my $outref = xCAT::Utils->runcmd("$cmd", -1);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message('E',
|
|
"$cmd not successful. Files may not exist.");
|
|
}
|
|
else
|
|
{
|
|
verbose("$cmd is successful");
|
|
}
|
|
|
|
# copy the public keys to install directory
|
|
$cmd =
|
|
"/bin/cp /etc/xcat/hostkeys/*.pub $::INSTALLDIR/postscripts/hostkeys/.";
|
|
$outref = xCAT::Utils->runcmd("$cmd", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message('E', "$cmd not successful.");
|
|
}
|
|
else
|
|
{
|
|
verbose("$cmd is successful");
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
# is_lsb_ubuntu return value indicates whether system appears to be Ubuntu.
|
|
# Using required /etc/lsb-release file, instead of optional lsb_release command.
|
|
|
|
sub is_lsb_ubuntu
|
|
{
|
|
if (open(my $relfile, "<", "/etc/lsb-release")) {
|
|
my @text = <$relfile>;
|
|
close($relfile);
|
|
chomp(@text);
|
|
my $distrib_id = '';
|
|
|
|
foreach (@text) {
|
|
if ( $_ =~ /^\s*DISTRIB_ID=(.*)$/ ) {
|
|
$distrib_id = $1; # last DISTRIB_ID value in file used
|
|
}
|
|
}
|
|
|
|
if ( $distrib_id =~ /^(Ubuntu|"Ubuntu")\s*$/ ) {
|
|
return 1; # return "true"
|
|
}
|
|
}
|
|
|
|
return 0; # return "false"
|
|
}
|
|
|
|
# on Ubuntu need to painstakingly compare /etc/localtime with files under
|
|
# /usr/share/zoneinfo since /etc/localtime # isn't always a symbolic link
|
|
sub discover_timezone_ubuntu
|
|
{
|
|
my $localtime = "/etc/localtime";
|
|
my $zoneinfo = "/usr/share/zoneinfo";
|
|
|
|
my $zone_result = `find $zoneinfo -type f -exec cmp -s $localtime {} \\; -print | grep -v posix | grep -v SystemV`;
|
|
|
|
my @zones = split /\n/, $zone_result;
|
|
|
|
$zones[0] =~ s/$zoneinfo\///;
|
|
|
|
return $zones[0];
|
|
}
|
|
|
|
#-----------------------------------------------------------------------------
|
|
|
|
=head3 initDB
|
|
|
|
Will initialize the DB if it does not already exist, also updates with
|
|
new data needed during update install.
|
|
|
|
=cut
|
|
|
|
#-----------------------------------------------------------------------------
|
|
|
|
sub initDB
|
|
|
|
{
|
|
|
|
my $hname = `hostname`;
|
|
chomp $hname;
|
|
|
|
# some values common to both AIX & Linux
|
|
my $xcatport = "3001";
|
|
my $xcatiport = "3002";
|
|
my $tftpdir = "$::TFTPDIR";
|
|
my $installdir = "$::INSTALLDIR";
|
|
my $master;
|
|
$master = xCAT::NetworkUtils->getipaddr($hname);
|
|
if (!$master) {
|
|
xCAT::MsgUtils->message("E", "Hostname resolution for $hname failed.");
|
|
$master = "NORESOLUTION";
|
|
}
|
|
# get forwarders which are the nameserver entries in /etc/resolv.conf
|
|
# don't use if the address is this machine (Management Node)
|
|
my $forwarders;
|
|
# find out the names for the Management Node
|
|
my @MNnodeinfo = xCAT::Utils->determinehostname;
|
|
my $MNnodename = pop @MNnodeinfo; # hostname
|
|
my @MNnodeipaddr = @MNnodeinfo; # ipaddresses
|
|
|
|
my @names;
|
|
my @tmpnames =
|
|
xCAT::Utils->runcmd(
|
|
"/bin/grep ^[^#]*nameserver /etc/resolv.conf | awk '{print \$2}'", -1);
|
|
foreach my $ip (@tmpnames) {
|
|
if (!grep(/$ip/, @MNnodeipaddr))
|
|
{ # if not the MN
|
|
push @names,$ip; # add it as a forwarder
|
|
}
|
|
}
|
|
if (@names)
|
|
{
|
|
$forwarders = join(',', @names);
|
|
}
|
|
|
|
# for policy table
|
|
# get hostname from the /etc/xcat/cert/server-cert.pem
|
|
my $MNname;
|
|
if ( -e ("/etc/xcat/cert/server-cert.pem")) {
|
|
my $cmd ="grep Subject /etc/xcat/cert/server-cert.pem";
|
|
my $result = xCAT::Utils->runcmd($cmd, 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message("E", "Error from $cmd.\n MN policy not created.");
|
|
|
|
}
|
|
(my $subject,my $mname) = split /CN=/ , $result;
|
|
($MNname, my $endstuff) = split /Subject/, $mname;
|
|
$MNname =~ s/\s*//g;
|
|
}
|
|
|
|
# set value based on OS
|
|
my ($domain, $timezone);
|
|
if ($::osname eq 'AIX')
|
|
{
|
|
my ($name, $rest) = split('\.', $hname);
|
|
if ($rest)
|
|
{
|
|
($domain = $hname) =~ s/^.*?\.//;
|
|
}
|
|
else
|
|
{
|
|
$domain = "";
|
|
}
|
|
|
|
$timezone = $ENV{'TZ'};
|
|
}
|
|
else # linux
|
|
{
|
|
$domain = `hostname -d`;
|
|
my $tz;
|
|
if (-f "/etc/redhat-release")
|
|
{
|
|
|
|
# on Redhat look for "ZONE"
|
|
$tz =
|
|
`grep ^ZONE /etc/sysconfig/clock|cut -d= -f 2|sed -e 's/"//g'`;
|
|
}
|
|
elsif ( is_lsb_ubuntu() )
|
|
{
|
|
$tz = discover_timezone_ubuntu;
|
|
}
|
|
else
|
|
{
|
|
|
|
# on SuSE look for "TIMEZONE"
|
|
$tz =
|
|
`grep ^TIMEZONE /etc/sysconfig/clock|cut -d= -f 2|sed -e 's/"//g'`;
|
|
}
|
|
$timezone = $tz;
|
|
}
|
|
|
|
chomp $timezone;
|
|
chomp $master;
|
|
chomp $domain;
|
|
|
|
# create basic site definition, if they do not exist reset request
|
|
if ( ((!-r "/etc/xcat/site.sqlite") && (!-r "/etc/xcat/cfgloc"))
|
|
|| $::FORCE
|
|
|| $::initDB)
|
|
{
|
|
my $chtabcmds;
|
|
my $confdir = "/etc/xcat";
|
|
my $syncdir = "/var/xcat/syncfiles";
|
|
$chtabcmds = "$::XCATROOT/sbin/chtab key=blademaxp site.value=64;";
|
|
$chtabcmds .= "$::XCATROOT/sbin/chtab key=domain site.value=$domain;";
|
|
$chtabcmds .= "$::XCATROOT/sbin/chtab key=fsptimeout site.value=0;";
|
|
$chtabcmds .=
|
|
"$::XCATROOT/sbin/chtab key=installdir site.value=$installdir;";
|
|
if ($::osname eq 'Linux')
|
|
{
|
|
$chtabcmds .= "$::XCATROOT/sbin/chtab key=ipmimaxp site.value=64;";
|
|
$chtabcmds .=
|
|
"$::XCATROOT/sbin/chtab key=ipmiretries site.value=3;";
|
|
$chtabcmds .=
|
|
"$::XCATROOT/sbin/chtab key=ipmitimeout site.value=2;";
|
|
$chtabcmds .=
|
|
"$::XCATROOT/sbin/chtab key=consoleondemand site.value=no;";
|
|
}
|
|
$chtabcmds .= "$::XCATROOT/sbin/chtab key=master site.value=$master;";
|
|
if ($forwarders) {
|
|
$chtabcmds .= "$::XCATROOT/sbin/chtab key=forwarders site.value=$forwarders;";
|
|
}
|
|
$chtabcmds .= "$::XCATROOT/sbin/chtab key=nameservers site.value=$master;";
|
|
$chtabcmds .= "$::XCATROOT/sbin/chtab key=maxssh site.value=8;";
|
|
$chtabcmds .= "$::XCATROOT/sbin/chtab key=ppcmaxp site.value=64;";
|
|
$chtabcmds .= "$::XCATROOT/sbin/chtab key=ppcretry site.value=3;";
|
|
$chtabcmds .= "$::XCATROOT/sbin/chtab key=ppctimeout site.value=0;";
|
|
$chtabcmds .= "$::XCATROOT/sbin/chtab key=sharedtftp site.value=1;";
|
|
$chtabcmds .=
|
|
"$::XCATROOT/sbin/chtab key=SNsyncfiledir site.value=$syncdir;";
|
|
$chtabcmds .= "$::XCATROOT/sbin/chtab key=tftpdir site.value=$tftpdir;";
|
|
$chtabcmds .=
|
|
"$::XCATROOT/sbin/chtab key=xcatdport site.value=$xcatport;";
|
|
$chtabcmds .=
|
|
"$::XCATROOT/sbin/chtab key=xcatiport site.value=$xcatiport;";
|
|
$chtabcmds .=
|
|
"$::XCATROOT/sbin/chtab key=xcatconfdir site.value=$confdir;";
|
|
$chtabcmds .=
|
|
"$::XCATROOT/sbin/chtab key=timezone site.value=$timezone;";
|
|
|
|
$chtabcmds .= "$::XCATROOT/sbin/chtab key=useNmapfromMN site.value=no;";
|
|
$chtabcmds .= "$::XCATROOT/sbin/chtab key=enableASMI site.value=no;";
|
|
$chtabcmds .= "$::XCATROOT/sbin/chtab key=db2installloc site.value=\/mntdb2;";
|
|
$chtabcmds .= "$::XCATROOT/sbin/chtab key=databaseloc site.value=\/var\/lib;";
|
|
$chtabcmds .= "$::XCATROOT/sbin/chtab key=sshbetweennodes site.value=ALLGROUPS;";
|
|
$chtabcmds .= "$::XCATROOT/sbin/chtab key=dnshandler site.value=ddns;";
|
|
$chtabcmds .= "$::XCATROOT/sbin/chtab key=vsftp site.value=y;";
|
|
$chtabcmds .= "$::XCATROOT/sbin/chtab key=cleanupxcatpost site.value=no;";
|
|
|
|
if ($::osname eq 'AIX')
|
|
{
|
|
$chtabcmds .=
|
|
"$::XCATROOT/sbin/chtab key=useSSHonAIX site.value=yes;";
|
|
$chtabcmds .=
|
|
"$::XCATROOT/sbin/chtab key=useNFSv4onAIX site.value=no;";
|
|
$chtabcmds .=
|
|
"$::XCATROOT/sbin/chtab key=consoleondemand site.value=yes;";
|
|
}
|
|
|
|
my $outref = xCAT::Utils->runcmd("$chtabcmds", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message('E', "Could not create site definition.");
|
|
}
|
|
else
|
|
{
|
|
xCAT::MsgUtils->message('I', "Updated cluster site definition.");
|
|
}
|
|
}
|
|
|
|
# create default postscript list in postscripts table
|
|
# if it does not exist, or request reset
|
|
# If otherpkgs does not exist, then put otherpkgs
|
|
# in the postbootscripts attribute
|
|
# else leave it where it is
|
|
|
|
if ( ((!-r "/etc/xcat/postscripts.sqlite") && (!-r "/etc/xcat/cfgloc"))
|
|
|| $::FORCE
|
|
|| $::initDB)
|
|
{
|
|
|
|
# check to see if otherpkgs in the postscripts table
|
|
# if it is do not change it, otherwise put in postbootscripts
|
|
# 0 = does not exist
|
|
# 1 = exists in postscripts
|
|
# 2 = exists in postbootscripts
|
|
my $otherpkgsexist = &checkotherpkgs;
|
|
my $otherpkgsprocessed = 0;
|
|
|
|
my $chtabcmds = "";
|
|
|
|
# if otherpkgs does not exist or we are initializing the DB
|
|
# put in postbootscripts
|
|
if (($otherpkgsexist == 0) || ($::initDB))
|
|
{
|
|
$chtabcmds =
|
|
"$::XCATROOT/sbin/chtab node=xcatdefaults postscripts.postbootscripts='otherpkgs';";
|
|
$otherpkgsprocessed = 1;
|
|
|
|
}
|
|
if ($::osname eq 'AIX')
|
|
{
|
|
|
|
# if already processed otherpkgs or it is in postbootscripts
|
|
# don't put in postscripts, else put in postscripts
|
|
if (($otherpkgsprocessed == 1) || ($otherpkgsexist == 2))
|
|
{
|
|
$chtabcmds .=
|
|
"$::XCATROOT/sbin/chtab node=xcatdefaults postscripts.postscripts='syslog,aixremoteshell,syncfiles';";
|
|
}
|
|
else
|
|
{ # put otherpkgs in postscripts
|
|
$chtabcmds .=
|
|
"$::XCATROOT/sbin/chtab node=xcatdefaults postscripts.postscripts='syslog,aixremoteshell,otherpkgs,syncfiles';";
|
|
}
|
|
$chtabcmds .=
|
|
"$::XCATROOT/sbin/chtab node=service postscripts.postscripts='' postscripts.postbootscripts='servicenode'";
|
|
|
|
}
|
|
else # linux
|
|
{
|
|
|
|
# if already processed otherpkgs or it is in postbootscripts
|
|
# don't put in postscripts, else put in postscripts
|
|
if (($otherpkgsprocessed == 1) || ($otherpkgsexist == 2))
|
|
{
|
|
$chtabcmds .=
|
|
"$::XCATROOT/sbin/chtab node=xcatdefaults postscripts.postscripts='syslog,remoteshell,syncfiles';";
|
|
}
|
|
else
|
|
{ # put otherpkgs in postscripts attr
|
|
$chtabcmds .=
|
|
"$::XCATROOT/sbin/chtab node=xcatdefaults postscripts.postscripts='syslog,remoteshell,otherpkgs,syncfiles';";
|
|
}
|
|
$chtabcmds .=
|
|
"$::XCATROOT/sbin/chtab node=service postscripts.postscripts='servicenode,xcatserver,xcatclient'";
|
|
}
|
|
|
|
my $outref = xCAT::Utils->runcmd("$chtabcmds", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message('E',
|
|
"Could not create postscripts definition.");
|
|
}
|
|
else
|
|
{
|
|
verbose("Created postscripts definition.");
|
|
}
|
|
}
|
|
# create basic policy definition, if does not exist or request reset.
|
|
if ( ((!-r "/etc/xcat/policy.sqlite") && (!-r "/etc/xcat/cfgloc"))
|
|
|| $::FORCE
|
|
|| $::initDB)
|
|
{
|
|
my $chtabcmds;
|
|
if ($::osname eq 'AIX')
|
|
{
|
|
$chtabcmds =
|
|
"$::XCATROOT/sbin/chtab priority=1 policy.name=root policy.rule=allow;";
|
|
if (defined($MNname)){
|
|
$chtabcmds .=
|
|
"$::XCATROOT/sbin/chtab priority=1.2 policy.name=$MNname policy.rule=trusted;";
|
|
}
|
|
$chtabcmds .=
|
|
"$::XCATROOT/sbin/chtab priority=4.4 policy.commands=getpostscript policy.rule=allow;";
|
|
$chtabcmds .=
|
|
"$::XCATROOT/sbin/chtab priority=4.5 policy.commands=getcredentials policy.rule=allow;";
|
|
$chtabcmds .=
|
|
"$::XCATROOT/sbin/chtab priority=4.6 policy.commands=syncfiles policy.rule=allow;";
|
|
$chtabcmds .=
|
|
"$::XCATROOT/sbin/chtab priority=2.3 policy.commands=lsxcatd policy.rule=allow;";
|
|
}
|
|
else # linux
|
|
{
|
|
$chtabcmds =
|
|
"$::XCATROOT/sbin/chtab priority=1 policy.name=root policy.rule=allow;";
|
|
if (defined($MNname)){
|
|
$chtabcmds .=
|
|
"$::XCATROOT/sbin/chtab priority=1.2 policy.name=$MNname policy.rule=trusted;";
|
|
}
|
|
$chtabcmds .=
|
|
"$::XCATROOT/sbin/chtab priority=2 policy.commands=getbmcconfig policy.rule=allow;";
|
|
$chtabcmds .=
|
|
"$::XCATROOT/sbin/chtab priority=2.3 policy.commands=lsxcatd policy.rule=allow;";
|
|
$chtabcmds .=
|
|
"$::XCATROOT/sbin/chtab priority=3 policy.commands=nextdestiny policy.rule=allow;";
|
|
$chtabcmds .=
|
|
"$::XCATROOT/sbin/chtab priority=4 policy.commands=getdestiny policy.rule=allow;";
|
|
$chtabcmds .=
|
|
"$::XCATROOT/sbin/chtab priority=4.4 policy.commands=getpostscript policy.rule=allow;";
|
|
$chtabcmds .=
|
|
"$::XCATROOT/sbin/chtab priority=4.5 policy.commands=getcredentials policy.rule=allow;";
|
|
$chtabcmds .=
|
|
"$::XCATROOT/sbin/chtab priority=4.6 policy.commands=syncfiles policy.rule=allow;";
|
|
$chtabcmds .=
|
|
"$::XCATROOT/sbin/chtab priority=4.7 policy.commands=litefile policy.rule=allow;";
|
|
$chtabcmds .=
|
|
"$::XCATROOT/sbin/chtab priority=4.8 policy.commands=litetree policy.rule=allow;";
|
|
}
|
|
my $outref = xCAT::Utils->runcmd("$chtabcmds", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message('E', "Could not create policy definition.");
|
|
}
|
|
else
|
|
{
|
|
verbose("Created policy definition.");
|
|
}
|
|
}
|
|
|
|
# update install processing
|
|
# adding otherpkgs and syncfiles new postscripts for migration
|
|
if ($::UPDATEINSTALL)
|
|
{
|
|
# setup Management Node policy to trusted
|
|
my $chtabcmds;
|
|
$chtabcmds =
|
|
"$::XCATROOT/sbin/chtab priority=1.2 policy.name=$MNname policy.rule=trusted;";
|
|
$chtabcmds .=
|
|
"$::XCATROOT/sbin/chtab priority=2.3 policy.commands=lsxcatd policy.rule=allow;";
|
|
my $outref = xCAT::Utils->runcmd("$chtabcmds", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message('E',
|
|
"Could not update policy.name=$hname rule.");
|
|
}
|
|
else
|
|
{
|
|
verbose("Updated policy definition for MN.");
|
|
}
|
|
# add statelite policies on update for Linux
|
|
if ($::osname eq 'Linux') {
|
|
$chtabcmds =
|
|
"$::XCATROOT/sbin/chtab priority=4.7 policy.commands=litefile policy.rule=allow;";
|
|
$chtabcmds .=
|
|
"$::XCATROOT/sbin/chtab priority=4.8 policy.commands=litetree policy.rule=allow;";
|
|
my $outref = xCAT::Utils->runcmd("$chtabcmds", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message('E', "Could not create statelite policy.");
|
|
}
|
|
else
|
|
{
|
|
verbose("Created statelite policy definition.");
|
|
}
|
|
}
|
|
|
|
# check to see if otherpkgs is in the postscripts table
|
|
# if it is do not change it, otherwise put in postbootscripts
|
|
# 0 = does not exist
|
|
# 1 = exists in postscripts
|
|
# 2 = exists in postbootscripts
|
|
my $otherpkgsexist = &checkotherpkgs;
|
|
$chtabcmds ="";
|
|
if (($otherpkgsexist == 1) || ($otherpkgsexist == 2)) {
|
|
# otherpkgs already in postscripts or in postbootscripts
|
|
$chtabcmds = "$::XCATROOT/sbin/chtab node=xcatdefaults postscripts.postscripts+='syncfiles'";
|
|
}
|
|
else
|
|
{ # else otherpkgs does not exist
|
|
# put in postbootscripts
|
|
$chtabcmds = "$::XCATROOT/sbin/chtab node=xcatdefaults postscripts.postbootscripts+='otherpkgs';";
|
|
$chtabcmds .= "$::XCATROOT/sbin/chtab node=xcatdefaults postscripts.postscripts+='syncfiles'";
|
|
}
|
|
|
|
if ($chtabcmds ne "") {
|
|
my $outref = xCAT::Utils->runcmd("$chtabcmds", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message('E',
|
|
"Could not update postscripts definition.");
|
|
}
|
|
else
|
|
{
|
|
verbose("Updated postscripts definition.");
|
|
}
|
|
}
|
|
|
|
# remove any xcatdefaults node in nodelist
|
|
# leave to cleanup from previous bug
|
|
my $rmdefault="$::XCATROOT/sbin/chtab -d node=xcatdefaults nodelist";
|
|
$outref = xCAT::Utils->runcmd("$rmdefault", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message('E',"Could not remove xcatdefaults.");
|
|
}
|
|
else
|
|
{
|
|
verbose("Removed xcatdefaults.");
|
|
}
|
|
|
|
# switch from bind.pm to ddns.pm
|
|
# give a warning message for the first time
|
|
my $cmds = "$::XCATROOT/sbin/tabdump site|grep dnshandler";
|
|
$outref = xCAT::Utils->runcmd("$cmds", -1);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
# set site.dnshandler
|
|
$cmds = "$::XCATROOT/sbin/chtab key=dnshandler site.value=ddns;";
|
|
$outref = xCAT::Utils->runcmd("$cmds", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message('E',"Could not set ddns as dnshandler.");
|
|
}
|
|
}
|
|
|
|
}
|
|
} # end initial DB install setup
|
|
|
|
#-----------------------------------------------------------------------------
|
|
|
|
=head3 check for otherpkgs
|
|
|
|
Check to see if other pkgs exists in postscripts table.
|
|
If it does not we will be putting it in postbootscripts
|
|
return exist_flag
|
|
|
|
exist_flag = 0 does not exist
|
|
exist_flag = 1 exists in postscripts
|
|
exist_flag = 2 exists in postbootscripts
|
|
|
|
=cut
|
|
|
|
#-----------------------------------------------------------------------------
|
|
|
|
sub checkotherpkgs
|
|
{
|
|
my $otherpkgsexist = 0;
|
|
my $postscriptstab = xCAT::Table->new('postscripts');
|
|
my $attr = "xcatdefaults";
|
|
my @values;
|
|
if ($postscriptstab)
|
|
{
|
|
my $ref = $postscriptstab->getAttribs({node => $attr}, 'postscripts');
|
|
if ($ref)
|
|
{
|
|
@values = $ref->{postscripts};
|
|
if (grep(/otherpkgs/, @values))
|
|
{
|
|
$otherpkgsexist = 1;
|
|
}
|
|
}
|
|
if ($otherpkgsexist == 0)
|
|
{
|
|
|
|
# check postbootscripts
|
|
my $ref = $postscriptstab->getAttribs({node => $attr}, 'postbootscripts');
|
|
if ($ref)
|
|
{
|
|
@values = $ref->{postscripts};
|
|
if (grep(/otherpkgs/, @values))
|
|
{
|
|
$otherpkgsexist = 2;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
return $otherpkgsexist;
|
|
}
|
|
|
|
#-----------------------------------------------------------------------------
|
|
|
|
=head3 genCredentials
|
|
|
|
Will generate the xCAT credential, if new install or requested to
|
|
regenerate.
|
|
|
|
=cut
|
|
|
|
#-----------------------------------------------------------------------------
|
|
|
|
sub genCredentials
|
|
|
|
{
|
|
my $hname = `hostname`;
|
|
chomp $hname;
|
|
if ((!-d "/etc/xcat/ca") || $::FORCE || $::genCredentials)
|
|
{
|
|
xCAT::MsgUtils->message(
|
|
'I',
|
|
"\nSetting up basic certificates. Respond with a \'y\' when prompted.\n"
|
|
);
|
|
my $cmd =
|
|
"echo 'y\ny\ny\ny' |$::XCATROOT/share/xcat/scripts/setup-xcat-ca.sh 'xCAT CA'";
|
|
verbose("Running $cmd");
|
|
my $rc = system($cmd);
|
|
if ($rc >> 8)
|
|
{
|
|
xCAT::MsgUtils->message('E',
|
|
"Could not create xCAT certificate in /etc/xcat/ca.");
|
|
}
|
|
else
|
|
{
|
|
xCAT::MsgUtils->message('I', "Created xCAT certificate.");
|
|
}
|
|
}
|
|
|
|
# copy to postscript directory just non-sensitive files
|
|
my $cmd = "/bin/rm -rf $::INSTALLDIR/postscripts/ca >/dev/null 2>&1";
|
|
my $outref = xCAT::Utils->runcmd("$cmd", 0);
|
|
$cmd = "/bin/mkdir -m 755 -p $::INSTALLDIR/postscripts/ca";
|
|
$outref = xCAT::Utils->runcmd("$cmd", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message('E',
|
|
"Could not create $::INSTALLDIR/postscripts/ca directory.");
|
|
}
|
|
else
|
|
{
|
|
verbose("Created $::INSTALLDIR/postscripts/ca directory.");
|
|
}
|
|
$cmd = "/bin/cp -p /etc/xcat/ca/ca-cert.pem $::INSTALLDIR/postscripts/ca/ca-cert.pem";
|
|
$outref = xCAT::Utils->runcmd("$cmd", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message(
|
|
'E',
|
|
"$cmd failed"
|
|
);
|
|
}
|
|
else
|
|
{
|
|
verbose "$cmd succeeded.";
|
|
}
|
|
|
|
if ((!-d "/etc/xcat/cert") || $::FORCE || $::genCredentials)
|
|
{
|
|
my $cmd =
|
|
"echo 'y\ny\ny\ny' |$::XCATROOT/share/xcat/scripts/setup-server-cert.sh $hname";
|
|
verbose("Running $cmd");
|
|
my $rc = system($cmd);
|
|
if ($rc >> 8)
|
|
{
|
|
xCAT::MsgUtils->message('E',
|
|
"Could not create xCAT certificate in /etc/xcat/cert.");
|
|
}
|
|
else
|
|
{
|
|
if ($::genCredentials) { # if just generating new credentials
|
|
xCAT::MsgUtils->message('I', "Created xCAT certificate.");
|
|
my $chtabcmds =
|
|
"$::XCATROOT/sbin/chtab priority=1.2 policy.name=$hname policy.rule=trusted;";
|
|
my $outref = xCAT::Utils->runcmd("$chtabcmds", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message('E', "Could not create policy definition.$chtabcmds.");
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
# copy to postscript directory, no longer use cert directory
|
|
$cmd = "/bin/rm -rf $::INSTALLDIR/postscripts/cert >/dev/null 2>&1";
|
|
$outref = xCAT::Utils->runcmd("$cmd", 0);
|
|
|
|
if ((!-r "$::root/.xcat/client-key.pem") || $::FORCE || $::genCredentials)
|
|
{
|
|
|
|
my $cmd =
|
|
"echo 'y\ny\ny\ny' |$::XCATROOT/share/xcat/scripts/setup-local-client.sh root";
|
|
verbose("Running $cmd");
|
|
my $rc = system($cmd);
|
|
if ($rc >> 8)
|
|
{
|
|
xCAT::MsgUtils->message('E',
|
|
"Could not create xCAT certificate in /.xcat/client-key.pem.");
|
|
}
|
|
else
|
|
{
|
|
xCAT::MsgUtils->message('I', "Created xCAT certificate.");
|
|
}
|
|
}
|
|
|
|
# copy to postscript directory
|
|
$cmd = "/bin/rm -rf $::INSTALLDIR/postscripts/_xcat >/dev/null 2>&1";
|
|
$outref = xCAT::Utils->runcmd("$cmd", 0);
|
|
$cmd = "/bin/mkdir -m 755 -p $::INSTALLDIR/postscripts/_xcat";
|
|
$outref = xCAT::Utils->runcmd("$cmd", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message('E',
|
|
"Could not create $::INSTALLDIR/postscripts/_xcat directory.");
|
|
}
|
|
else
|
|
{
|
|
verbose("Created $::INSTALLDIR/postscripts/_xcat directory.");
|
|
}
|
|
$cmd = "/bin/cp -p $::root/.xcat/ca.pem $::INSTALLDIR/postscripts/_xcat/ca.pem";
|
|
$outref = xCAT::Utils->runcmd("$cmd", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message(
|
|
'E',
|
|
"Could not copy $::root/.xcat/ca.pem to $::INSTALLDIR/postscripts/_xcat directory."
|
|
);
|
|
}
|
|
else
|
|
{
|
|
verbose "Copied $::root/.xcat/ca.pem to $::INSTALLDIR/postscripts/_xcat directory.";
|
|
}
|
|
}
|
|
|
|
#-----------------------------------------------------------------------------
|
|
|
|
=head3 setupAIXIPMITool
|
|
|
|
Set AIX IPMI Tool
|
|
|
|
=cut
|
|
|
|
#-----------------------------------------------------------------------------
|
|
|
|
sub setupAIXIPMITool
|
|
|
|
{
|
|
if (!-f "/usr/bin/ipmitool")
|
|
{
|
|
my $cmd = "ln -sf /opt/freeware/bin/ipmitool /usr/bin/ipmitool";
|
|
my $outref = xCAT::Utils->runcmd("$cmd", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message(
|
|
'E',
|
|
"Could not ln -sf /opt/freeware/bin/ipmitool /usr/bin/ipmitool."
|
|
);
|
|
}
|
|
else
|
|
{
|
|
verbose("ln -sf /opt/freeware/bin/ipmitool /usr/bin/ipmitool.");
|
|
}
|
|
}
|
|
}
|
|
|
|
#-----------------------------------------------------------------------------
|
|
|
|
#-----------------------------------------------------------------------------
|
|
|
|
=head3 setupAIXexports
|
|
|
|
Set AIX exports
|
|
|
|
=cut
|
|
|
|
#-----------------------------------------------------------------------------
|
|
|
|
sub setupAIXexports
|
|
|
|
{
|
|
# check if /install/postscripts is exported
|
|
my $lsnfsexpcmd =
|
|
"/usr/sbin/lsnfsexp -d $::INSTALLDIR/postscripts 2>&1";
|
|
my $outref = xCAT::Utils->runcmd("$lsnfsexpcmd", -1);
|
|
if (($::RUNCMD_RC != 0) || ($outref !~ /-vers=3:4/))
|
|
{
|
|
|
|
# if not exported for both NFS version 3 and version 4,
|
|
# make sure it is exported with -vers=3:4
|
|
my $rmnfsexpcmd = "/usr/sbin/rmnfsexp -d $::INSTALLDIR/postscripts 2>&1";
|
|
xCAT::Utils->runcmd("$rmnfsexpcmd", -1);
|
|
|
|
my $mknfsexpcmd =
|
|
"mknfsexp -d $::INSTALLDIR/postscripts '-B' -v '3,4' -t 'ro'";
|
|
my $outref2 = xCAT::Utils->runcmd("$mknfsexpcmd", -1);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message('E',
|
|
"Could not export directory $::INSTALLDIR/postscripts.");
|
|
}
|
|
}
|
|
}
|
|
|
|
#-----------------------------------------------------------------------------
|
|
|
|
=head3 setupLinuxexports
|
|
|
|
Set Linux exports
|
|
|
|
=cut
|
|
|
|
#-----------------------------------------------------------------------------
|
|
|
|
sub setupLinuxexports
|
|
{
|
|
my $changed_exports = 0;
|
|
|
|
#
|
|
# add tftpboot to /etc/exports - if needed
|
|
#
|
|
|
|
my $cmd = "/bin/cat /etc/exports | grep '$::TFTPDIR'";
|
|
my $outref = xCAT::Utils->runcmd("$cmd", -1);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
|
|
# ok - then add this entry
|
|
#SECURITY: this has potential for sharing private host/user keys
|
|
my $cmd =
|
|
"/bin/echo '$::TFTPDIR *(rw,no_root_squash,sync,no_subtree_check)' >> /etc/exports";
|
|
|
|
my $outref = xCAT::Utils->runcmd("$cmd", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message('E',
|
|
"Could not update the /etc/exports file.");
|
|
}
|
|
else
|
|
{
|
|
verbose("Added $::TFTPDIR to the /etc/exports file.");
|
|
$changed_exports++;
|
|
}
|
|
}
|
|
|
|
#
|
|
# add /install to /etc/exports - if needed
|
|
#
|
|
|
|
$cmd = "/bin/cat /etc/exports | grep '$::INSTALLDIR'";
|
|
$outref = xCAT::Utils->runcmd("$cmd", -1);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
|
|
# ok - then add this entry
|
|
#SECURITY: this has potential for sharing private host/user keys
|
|
my $cmd =
|
|
"/bin/echo '$::INSTALLDIR *(rw,no_root_squash,sync,no_subtree_check)' >> /etc/exports";
|
|
my $outref = xCAT::Utils->runcmd("$cmd", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message('E',
|
|
"Could not update the /etc/exports file.");
|
|
}
|
|
else
|
|
{
|
|
verbose("Added $::INSTALLDIR to the /etc/exports file.");
|
|
$changed_exports++;
|
|
}
|
|
}
|
|
|
|
if ($changed_exports)
|
|
{
|
|
|
|
# restart nfs
|
|
my $cmd = "/sbin/service nfs restart";
|
|
my $outref = xCAT::Utils->runcmd("$cmd", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message('E', "Could not restart NFS.");
|
|
}
|
|
else
|
|
{
|
|
xCAT::MsgUtils->message('I', "NFS has been restarted.");
|
|
}
|
|
|
|
$cmd = "/sbin/chkconfig nfs on";
|
|
$outref = xCAT::Utils->runcmd("$cmd", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message('E', "Could not enable NFS.");
|
|
}
|
|
else
|
|
{
|
|
verbose("NFS has been enabled.");
|
|
}
|
|
$cmd = "/usr/sbin/exportfs -a";
|
|
$outref = xCAT::Utils->runcmd("$cmd", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message('E', "Error with $cmd.");
|
|
}
|
|
else
|
|
{
|
|
verbose("Ran $cmd.");
|
|
}
|
|
}
|
|
}
|
|
|
|
#-----------------------------------------------------------------------------
|
|
|
|
=head3 mknb
|
|
|
|
creates a network boot root image on Linux
|
|
|
|
=cut
|
|
|
|
#-----------------------------------------------------------------------------
|
|
sub mknb
|
|
{
|
|
if ($::arch eq "x86_64" || $::arch eq "x86")
|
|
{
|
|
foreach my $ar (qw(x86 x86_64 ppc64))
|
|
{
|
|
my $cmd = "$::XCATROOT/sbin/mknb $ar";
|
|
my $outref = xCAT::Utils->runcmd("$cmd", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message('E',
|
|
"The mknb $ar command returned error: $::RUNCMD_RC.");
|
|
}
|
|
else
|
|
{
|
|
xCAT::MsgUtils->message('I',
|
|
"The mknb $ar command completed successfully.");
|
|
}
|
|
}
|
|
}
|
|
|
|
}
|
|
|
|
#-----------------------------------------------------------------------------
|
|
|
|
=head3 makenetworks
|
|
|
|
Runs makenetworks on AIX and Linux
|
|
|
|
=cut
|
|
|
|
#-----------------------------------------------------------------------------
|
|
sub makenetworks
|
|
{
|
|
|
|
# run makenetworks
|
|
my $cmd = "$::XCATROOT/sbin/makenetworks";
|
|
my $outref = xCAT::Utils->runcmd("$cmd", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
verbose("The makenetworks command returned error: $::RUNCMD_RC");
|
|
}
|
|
else
|
|
{
|
|
verbose("The makenetworks command was run with no error.");
|
|
}
|
|
|
|
|
|
}
|
|
#-----------------------------------------------------------------------------
|
|
|
|
=head3 setuphttp
|
|
|
|
initializes http on Linux
|
|
|
|
=cut
|
|
|
|
#-----------------------------------------------------------------------------
|
|
sub setuphttp
|
|
{
|
|
|
|
my $cmd;
|
|
# restart httpd
|
|
if (-e "/etc/init.d/apache2")
|
|
{ #for sles
|
|
$cmd = "/etc/init.d/apache2 stop; /etc/init.d/apache2 start";
|
|
}
|
|
else
|
|
{
|
|
$cmd = "/etc/init.d/httpd stop; /etc/init.d/httpd start";
|
|
}
|
|
|
|
my $outref = xCAT::Utils->runcmd("$cmd", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message('E', "Could not restart httpd.");
|
|
}
|
|
else
|
|
{
|
|
xCAT::MsgUtils->message('I', "httpd has been restarted.");
|
|
}
|
|
|
|
# enable httpd
|
|
if (-e "/etc/init.d/apache2")
|
|
{ #for sles
|
|
$cmd = "/sbin/chkconfig apache2 on";
|
|
}
|
|
else
|
|
{
|
|
$cmd = "/sbin/chkconfig httpd on";
|
|
}
|
|
$outref = xCAT::Utils->runcmd("$cmd", 0);
|
|
if ($::RUNCMD_RC != 0)
|
|
{
|
|
xCAT::MsgUtils->message('E', "Could not enable httpd.");
|
|
}
|
|
else
|
|
{
|
|
verbose("httpd has been enabled.");
|
|
}
|
|
}
|