From 3b1e407c5cf3e6d1252d6c222005e0128068671f Mon Sep 17 00:00:00 2001 From: lissav Date: Fri, 31 Jul 2009 14:56:34 +0000 Subject: [PATCH] Merge Linux post processing during install from xCAT.spec into xcatconfig. Also make lots more options on xcatconfig git-svn-id: https://svn.code.sf.net/p/xcat/code/xcat-core/trunk@3906 8638fb3e-16cb-4fca-ae20-7b5d299a9bcd --- xCAT-server/sbin/xcatconfig | 1945 +++++++++++++++++++---------------- 1 file changed, 1038 insertions(+), 907 deletions(-) diff --git a/xCAT-server/sbin/xcatconfig b/xCAT-server/sbin/xcatconfig index 5163a8ae7..43c8f05b5 100644 --- a/xCAT-server/sbin/xcatconfig +++ b/xCAT-server/sbin/xcatconfig @@ -1,12 +1,18 @@ -#!/usr/bin/perl +#!/usr/bin/env perl # IBM(c) 2007 EPL license http://www.eclipse.org/legal/epl-v10.html # -##################################################### -# -# This is script is called during the initial installation of xCAT -# It can also be called directly to redo the xcat configuration -# -##################################################### + +#----------------------------------------------------------------------------- + +=head1 xcatconfig + + + + This is script is called during the initial installation of xCAT + It can also be called directly to various parts of the configuration + root ssh keys, node host keys, credentials database setup or all + +=cut BEGIN { @@ -20,17 +26,27 @@ use Getopt::Long; use xCAT::MsgUtils; use Socket; -$::progname = "xcatconfig"; +#----------------------------------------------------------------------------- +# Main +$::progname = "xcatconfig"; +my $args = join ' ', @ARGV; +$::command = "$0 $args"; Getopt::Long::Configure("bundling"); $Getopt::Long::ignorecase = 0; # parse the options if ( !GetOptions( - 'f|force' => \$::FORCE, - 'h|help' => \$::HELP, - 'v|version' => \$::VERSION, + 'f|force' => \$::FORCE, + 'i|initinstall' => \$::INITIALINSTALL, + 'u|updateinstall' => \$::UPDATEINSTALL, + 'k|sshkeys' => \$::genSSHRootKeys, + 's|sshnodehostkeys' => \$::genSSHNodeHostKeys, + 'c|credentials' => \$::genCredentials, + 'd|database' => \$::initDB, + 'h|help' => \$::HELP, + 'v|version' => \$::VERSION, ) ) { @@ -38,6 +54,20 @@ if ( exit(1); } +if ( (!$::HELP) + && (!$::FORCE) + && (!$::INITIALINSTALL) + && (!$::UPDATEINSTALL) + && (!$::genSSHRootKeys) + && (!$::genSSHNodeHostKeys) + && (!$::genCredentials) + && (!$::initDB) + && (!$::VERSION)) +{ + &usage; + exit(1); +} + # display the usage if -h or --help is specified if ($::HELP) { @@ -48,13 +78,46 @@ if ($::HELP) # display the version statement if -v or --verison is specified if ($::VERSION) { - xCAT::MsgUtils->message('I', "$::progname: version 1.0\n"); - exit(0); + my $version = xCAT::Utils->Version(); + $version .= "\n"; + xCAT::MsgUtils->message("N", $version); + exit 0; +} +if ($::FORCE) +{ + if ( $::INITIALINSTALL + || $::UPDATEINSTALL + || $::genSSHRootKeys + || $::genSSHNodeHostKey + || $::genCredentials + || $::initDB) + { + my $warning = + " The -f flag includes the function for the -i, -u, -k, -s, -c, -d flags. Do not combine with other flags.\n "; + xCAT::MsgUtils->message("N", $warning); + exit 1; + } +} +if (($::INITIALINSTALL) && ($::UPDATEINSTALL)) +{ + my $warning = + " The -i and -u flags may not be input to the command. Use one or the other. \n "; + xCAT::MsgUtils->message("N", $warning); + exit 1; } -$::osname = `uname`; -chomp $::osname; - +# +# Display command +# +xCAT::MsgUtils->message("I", "Running $::command \n"); +if (xCAT::Utils->isAIX()) +{ + $::osname = 'AIX'; +} +else +{ + $::osname = 'Linux'; +} if ($::osname eq 'AIX') { $::arch = `uname -p`; @@ -73,7 +136,10 @@ my $cmd = "/bin/touch /etc/xCATMN"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { - xCAT::MsgUtils->message('E', "Could not create /etc/xCATMN file.\n"); + xCAT::MsgUtils->message( + 'E', + "Could not create /etc/xCATMN file. Management Node not successfully setup. Manually, touch /etc/xCATMN.\n" + ); } else { @@ -85,115 +151,26 @@ if (-f "/etc/xCATSN") { my $cmd = "/bin/rm /etc/xCATSN"; my $outref = xCAT::Utils->runcmd("$cmd", 0); + if ($::RUNCMD_RC != 0) + { + xCAT::MsgUtils->message( + 'E', + "Could not remove /etc/xCATSN file. Management Node not successfully setup. Manually, remove /etc/xCATSN.\n" + ); + } + else + { + xCAT::MsgUtils->message( + 'I', + "Removed /etc/xCATSN file. This node is being converted from a Service Node to a Management Node.\n" + ); + } } # some Linux-only config -# (used to FTP postscripts to nodes) if ($::osname eq 'Linux') { - # Locally mount /var/ftp/install over /install - if (!-d "/var/ftp/install") - { - my $cmd = "/bin/mkdir -p /var/ftp/install"; - my $outref = xCAT::Utils->runcmd("$cmd", 0); - if ($::RUNCMD_RC != 0) - { - xCAT::MsgUtils->message('E', - "Could not create /var/ftp/install directory.\n"); - } - else - { - xCAT::MsgUtils->message('I', - "Created /var/ftp/install directory.\n"); - } - } - - # - # add /var/ftp/install to /etc/fstab and mount - if needed - # - my $changed_fstab = 0; - my $cmd = "/bin/cat /etc/fstab | grep '/var/ftp/install'"; - my $outref = xCAT::Utils->runcmd("$cmd", -1); - if ($::RUNCMD_RC != 0) - { - - # ok - then add this entry - my $cmd = - "/bin/echo '/install /var/ftp/install none bind,defaults 0 0' >> /etc/fstab"; - my $outref = xCAT::Utils->runcmd("$cmd", 0); - if ($::RUNCMD_RC != 0) - { - xCAT::MsgUtils->message('E', - "Could not update the /etc/fstab file.\n"); - } - else - { - xCAT::MsgUtils->message('I', - "Added /var/ftp/install to the /etc/fstab file.\n"); - $changed_fstab++; - } - } - if ($changed_fstab) - { - - # mount /var/ftp/install - my $cmd = "mount /var/ftp/install"; - my $outref = xCAT::Utils->runcmd("$cmd", 0); - if ($::RUNCMD_RC != 0) - { - xCAT::MsgUtils->message('E', "Could not mount /var/ftp/install.\n"); - } - else - { - xCAT::MsgUtils->message('I', - "/var/ftp/install has been mounted over /install.\n"); - } - } - - # - # add /var/ftp/tftpboot to /etc/fstab and mount - if needed - # - my $changed_fstab = 0; - my $cmd = "/bin/cat /etc/fstab | grep '/var/ftp/tftpboot'"; - my $outref = xCAT::Utils->runcmd("$cmd", -1); - if ($::RUNCMD_RC != 0) - { - - # ok - then add this entry - my $cmd = - "/bin/echo '/tftpboot /var/ftp/tftpboot none bind,defaults 0 0' >> /etc/fstab"; - my $outref = xCAT::Utils->runcmd("$cmd", 0); - if ($::RUNCMD_RC != 0) - { - xCAT::MsgUtils->message('E', - "Could not update the /etc/fstab file.\n"); - } - else - { - xCAT::MsgUtils->message('I', - "Added /var/ftp/tftpboot to the /etc/fstab file.\n"); - $changed_fstab++; - } - } - if ($changed_fstab) - { - - # mount /var/ftp/tftpboot - my $cmd = "mount /var/ftp/tftpboot"; - my $outref = xCAT::Utils->runcmd("$cmd", 0); - if ($::RUNCMD_RC != 0) - { - xCAT::MsgUtils->message('E', - "Could not mount /var/ftp/tftpboot.\n"); - } - else - { - xCAT::MsgUtils->message('I', - "/var/ftp/tftpboot has been mounted over /tftpboot.\n"); - } - } - # start vsftpd my $cmd = "/sbin/chkconfig vsftpd on"; my $outref = xCAT::Utils->runcmd("$cmd", 0); @@ -208,258 +185,252 @@ if ($::osname eq 'Linux') xCAT::MsgUtils->message('I', "VSFTPD has been restarted.\n"); } -} # - some Linux-only config +} # end Linux-only # -# Generate ssh host keys +# Generate ssh host keys for the nodes +# # -# create /etc/xcat/hostkeys and /install/postscripts/hostkeys -if (!-d "/install/postscripts/hostkeys") # directory for public keys +&genSSHNodeHostKey; + +# +# gen root's ssh keys, if needed and copy to appropriate directories to +# be used during install +# +if ($::INITIALINSTALL || $::FORCE || $::genSSHRootKeys) { - my $cmd = "/bin/mkdir -p /install/postscripts/hostkeys"; + &genSSHRootKeys; # gen new rsa ssh key for root +} + +if ($::INITIALINSTALL || $::FORCE || $::UPDATEINSTALL) +{ + + # + # For all MNs create /var/log/consoles if needed + # Conserver won't start without it + # + if (!-d "/var/log/consoles") + { + my $cmd = "/bin/mkdir -p /var/log/consoles"; + my $outref = xCAT::Utils->runcmd("$cmd", 0); + if ($::RUNCMD_RC != 0) + { + xCAT::MsgUtils->message('E', + "Could not create /var/log/consoles directory.\n"); + } + else + { + xCAT::MsgUtils->message('I', + "Created /var/log/consoles directory.\n"); + } + } + + if ($::osname eq 'AIX') + { + &setupAIXconserver; + + # for AIX systems add xcatd to the /etc/inittab file + my $mkitab_cmd = + 'mkitab "xcatd:2:once:/opt/xcat/sbin/xcatd > /dev/console 2>&1" > /dev/null 2>&1'; + my $rc = system($mkitab_cmd); # may already be there no error check + + # add AIX needed exports + &setupAIXexports; + + } + + else # for Linux + { + &setupLinuxexports; # add Linux exports + + } +} # end install,update or force + +# +# Setup database +# +if ($::INITIALINSTALL || $::UPDATEINSTALL || $::FORCE || $::initDB) +{ + &initDB; +} + +# +# set up syslog +# +# use postscript to set up syslog +if ($::INITIALINSTALL || $::FORCE || $::UPDATEINSTALL) +{ + my $cmd = "/install/postscripts/syslog"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { - xCAT::MsgUtils->message('E', - "Could not create /install/postscripts/hostkeys directory.\n"); + xCAT::MsgUtils->message('E', "Could not set up syslog.\n"); + } + else + { + xCAT::MsgUtils->message('I', "syslog has been set up.\n"); } } -if (!-d "/etc/xcat/hostkeys") # directory for public/private keys + +# +# set up the certificates for xcatd, gen new ones if requested or do not exist +# +if ($::INITIALINSTALL || $::FORCE || $::genCredentials) { - my $cmd = "/bin/mkdir -p /etc/xcat/hostkeys"; - my $outref = xCAT::Utils->runcmd("$cmd", 0); - if ($::RUNCMD_RC != 0) - { - xCAT::MsgUtils->message('E', - "Could not create /etc/xcat/hostkeys directory.\n"); - } + &genCredentials; } -# -# if private hostkeys do not exist in either directory or force option -# regenerate -my $hostkey = "/install/postscripts/hostkeys/ssh_host_rsa_key"; -my $hostkey2 = "/etc/xcat/hostkeys/ssh_host_rsa_key"; -if (((!-r $hostkey) && (!-r $hostkey2)) || $::FORCE) + +# + +# +# start xcatd +# +if ($::INITIALINSTALL || $::FORCE || $::UPDATEINSTALL || $::genCredentials) +{ + my $xcmd; + if ($::osname eq 'AIX') + { + $xcmd = "$::XCATROOT/sbin/xcatstart"; + + } + else + { + $xcmd = "/etc/init.d/xcatd restart"; + } + system($xcmd); + +} + +# more - Linux-only config +if (($::osname eq 'Linux') && (($::INITIALINSTALL || $::FORCE))) { - # remove the old keys - my $cmd = "/bin/rm /install/postscripts/hostkeys/ssh_host*"; - my $outref = xCAT::Utils->runcmd("$cmd", -1); - if ($::RUNCMD_RC != 0) + #Zap the almost certainly wrong pxelinux.cfg file + if (-f "/tftpboot/pxelinux.cfg/default") { - xCAT::MsgUtils->message( - 'I', - "Could not remove ssh keys from /install/postscripts/hostkeys directory. They may not exist.\n" - ); + $cmd = "/bin/rm /tftpboot/pxelinux.cfg/default"; + my $outref = xCAT::Utils->runcmd("$cmd", 0); + if ($::RUNCMD_RC != 0) + { + xCAT::MsgUtils->message('E', + "Could not remove /tftpboot/pxelinux.cfg/default\n"); + } + else + { + xCAT::MsgUtils->message('I', + "Removed /tftpboot/pxelinux.cfg/default.\n"); + } } - # remove the old keys - my $cmd = "/bin/rm /etc/xcat/hostkeys/ssh_host*"; - my $outref = xCAT::Utils->runcmd("$cmd", -1); - if ($::RUNCMD_RC != 0) + # run mknb - only needed for Intel platforms for now + &mknb; + + # makenetworks and setup http + &makenetworks; + + my $linux_note = + "xCAT is now installed, it is recommended to tabedit networks \nand set a dynamic ip address range on any networks where nodes \nare to be discovered. Then, run makedhcp -n to create a new dhcpd \nconfiguration file, and \/etc\/init.d\/dhcpd restart. Either examine sample \nconfiguration templates, or write your own, or specify a value per \nnode with nodeadd or tabedit.\n"; + xCAT::MsgUtils->message('I', $linux_note); + +} #End - more - Linux-only config + +exit; + +##################################### +# subroutines +##################################### + +#----------------------------------------------------------------------------- + +=head3 usage + + Displays message for -h option + +=cut + +#----------------------------------------------------------------------------- + +sub usage +{ + xCAT::MsgUtils->message( + 'I', + "Usage:\nxcatconfig - Performs basic xCAT setup operations on an xCAT management node. This command should not be run on an xCAT Service Node, unless you are making it a Management Node. \n" + ); + xCAT::MsgUtils->message( + 'I', + "xcatconfig [-h|--help]\nxcatconfig [-v|--version]\nxcatconfig [-f|--force]\nxcatconfig [-i|--initinstall] \nxcatconfig [-u|--updateinstall]\nxcatconfig [-k|--sshkeys] [-s|--sshnodehostkeys] [-c|--credentials] [-d|database]\n\n" + ); +} + +#----------------------------------------------------------------------------- + +=head3 genSSHRootKeys + + Will generate a new ssh rsa key for the root user, if it does not exist or if requested by the input -k flag. + +=cut + +#----------------------------------------------------------------------------- + +sub genSSHRootKeys + +{ + + # + # create /.ssh dir if needed + # + my $sshdir = "$::root/.ssh"; + if (!-d $sshdir) { - xCAT::MsgUtils->message( - 'I', - "Could not remove ssh keys from /etc/xcat/hostkeys directory. They may not exist.\n" - ); + my $cmd = "/bin/mkdir -m 700 -p $sshdir"; + my $outref = xCAT::Utils->runcmd("$cmd", 0); + if ($::RUNCMD_RC != 0) + { + xCAT::MsgUtils->message('E', + "Could not create $sshdir directory.\n"); + } + else + { + xCAT::MsgUtils->message('I', "Created $sshdir directory.\n"); + } } # - # generate new hostkeys + # create or modify the -/.ssh/config file # - xCAT::MsgUtils->message('I', "Generating SSH1 RSA Key...\n"); - my $cmd = - "/usr/bin/ssh-keygen -t rsa1 -f /etc/xcat/hostkeys/ssh_host_key -C '' -N ''"; - my $outref = xCAT::Utils->runcmd("$cmd", 0); - if ($::RUNCMD_RC != 0) + my $cfgfile = "$::root/.ssh/config"; + if (-f $cfgfile) { - xCAT::MsgUtils->message('E', "Could not generate SSH1 RSA key.\n"); - } - xCAT::MsgUtils->message('I', "Generating SSH2 RSA Key...\n"); - my $cmd = - "/usr/bin/ssh-keygen -t rsa -f /etc/xcat/hostkeys/ssh_host_rsa_key -C '' -N ''"; - my $outref = xCAT::Utils->runcmd("$cmd", 0); - if ($::RUNCMD_RC != 0) - { - xCAT::MsgUtils->message('E', "Could not generate SSH2 RSA key.\n"); - } - - xCAT::MsgUtils->message('I', "Generating SSH2 DSA Key...\n"); - my $cmd = - "/usr/bin/ssh-keygen -t dsa -f /etc/xcat/hostkeys/ssh_host_dsa_key -C '' -N ''"; - my $outref = xCAT::Utils->runcmd("$cmd", 0); - if ($::RUNCMD_RC != 0) - { - xCAT::MsgUtils->message('E', "Could not generate SSH2 DSA key.\n"); - } - - # copy the public keys to install directory - my $cmd = - "/bin/cp /etc/xcat/hostkeys/*.pub /install/postscripts/hostkeys/."; - my $outref = xCAT::Utils->runcmd("$cmd", 0); - if ($::RUNCMD_RC != 0) - { - xCAT::MsgUtils->message('E', "$cmd not successful.\n"); - } - else - { - xCAT::MsgUtils->message('I', "$cmd is successful\n"); - } -} else { # keys exist -# -# so if private keys are in /install -# move old hostkeys keys if they exist in /install, to the -# new directory /etc/xcat/hostkeys and remove private keys from /install - if (-f "/install/postscripts/hostkeys/ssh_host_rsa_key") - { - - # copy all keys to /etc/xcat/hostkeys directory - my $cmd = "/bin/cp -p /install/postscripts/hostkeys/* /etc/xcat/hostkeys/."; - my $outref = xCAT::Utils->runcmd("$cmd", 0); - if ($::RUNCMD_RC != 0) - { - xCAT::MsgUtils->message('E', "$cmd not successful.\n"); - } - - # remove private keys from install dir, leave the public keys - if (-f "/install/postscripts/hostkeys/ssh_host_dsa_key") - { - my $cmd = "/bin/rm /install/postscripts/hostkeys/ssh_host_dsa_key"; - my $outref = xCAT::Utils->runcmd("$cmd", 0); + # it exists - so see if it needs to be updated + my $cmd = "/bin/cat $cfgfile | grep 'StrictHostKeyChecking no'"; + my $outref = xCAT::Utils->runcmd("$cmd", -1); if ($::RUNCMD_RC != 0) { - xCAT::MsgUtils->message('E', "$cmd not successful.\n"); + + # ok - then add this entry + my $cmd = + "/bin/echo StrictHostKeyChecking no >> $cfgfile; chmod 600 $cfgfile"; + my $outref = xCAT::Utils->runcmd("$cmd", 0); + if ($::RUNCMD_RC != 0) + { + xCAT::MsgUtils->message('E', + "Could not update the $cfgfile file.\n"); + } + else + { + xCAT::MsgUtils->message('I', + "Added updates to the $cfgfile file.\n"); + } } } - if (-f "/install/postscripts/hostkeys/ssh_host_key") - { - my $cmd = "/bin/rm /install/postscripts/hostkeys/ssh_host_key"; - my $outref = xCAT::Utils->runcmd("$cmd", 0); - if ($::RUNCMD_RC != 0) - { - xCAT::MsgUtils->message('E', "$cmd not successful.\n"); - } - } - if (-f "/install/postscripts/hostkeys/ssh_host_rsa_key") - { - my $cmd = "/bin/rm /install/postscripts/hostkeys/ssh_host_rsa_key"; - my $outref = xCAT::Utils->runcmd("$cmd", 0); - if ($::RUNCMD_RC != 0) - { - xCAT::MsgUtils->message('E', "$cmd not successful.\n"); - } - } - } - # so if no public key in /install/postscripts/hostkeys - # copy the /etc/xcat/hostkeys public keys to /install/postscripts/hostkeys - if ( !(-f "/install/postscripts/hostkeys/ssh_host_rsa_key.pub")) - { - # rm any files - my $cmd = - "/bin/rm /install/postscripts/hostkeys/*"; - my $outref = xCAT::Utils->runcmd("$cmd", -1); - if ($::RUNCMD_RC != 0) - { - xCAT::MsgUtils->message('E', "$cmd not successful. Files may not exist.\n"); - } else { - xCAT::MsgUtils->message('I', "$cmd is successful\n"); - } - # copy the public keys to install directory - my $cmd = - "/bin/cp /etc/xcat/hostkeys/*.pub /install/postscripts/hostkeys/."; - my $outref = xCAT::Utils->runcmd("$cmd", 0); - if ($::RUNCMD_RC != 0) - { - xCAT::MsgUtils->message('E', "$cmd not successful.\n"); - } - else - { - xCAT::MsgUtils->message('I', "$cmd is successful\n"); - } - } -} - - -# -# move old directories if they exist -if (-d "/install/postscripts/.ssh") -{ - my $cmd = "/bin/mv /install/postscripts/.ssh/* /install/postscripts/_ssh/."; - my $outref = xCAT::Utils->runcmd("$cmd", -1); - my $cmd = "/bin/rmdir /install/postscripts/.ssh"; - my $outref = xCAT::Utils->runcmd("$cmd", -1); - - # if ($::RUNCMD_RC != 0) - # { - # xCAT::MsgUtils->message( - # 'E', - # "Could not move /install/postscripts/.ssh directory to /install/postscripts/_ssh.\n" - # ); - # } - # else - # { - # xCAT::MsgUtils->message( - # 'I', - # "Moved /install/postscripts/.ssh directory to /install/postscripts/_ssh.\n" - # ); - # } -} -if (-d "/install/postscripts/.xcat") -{ - my $cmd = - "/bin/mv /install/postscripts/.xcat/* /install/postscripts/_xcat/."; - my $outref = xCAT::Utils->runcmd("$cmd", 0); - if ($::RUNCMD_RC != 0) - { - xCAT::MsgUtils->message( - 'E', - "Could not move /install/postscripts/.xcat directory to /install/postscripts/_xcat.\n" - ); - } - my $cmd = "/bin/rmdir /install/postscripts/.xcat"; - my $outref = xCAT::Utils->runcmd("$cmd", -1); -} - -# -# create /.ssh dir if needed -# -my $sshdir = "$::root/.ssh"; -if (!-d $sshdir) -{ - my $cmd = "/bin/mkdir -m 700 -p $sshdir"; - my $outref = xCAT::Utils->runcmd("$cmd", 0); - if ($::RUNCMD_RC != 0) - { - xCAT::MsgUtils->message('E', "Could not create $sshdir directory.\n"); - } - else - { - xCAT::MsgUtils->message('I', "Created $sshdir directory.\n"); - } -} - -# -# create or modify the -/.ssh/config file -# -my $cfgfile = "$::root/.ssh/config"; -if ((-f $cfgfile) || $::FORCE) -{ - - # it exists - so see if it needs to be updated - ???????? check!!! - # xCAT::MsgUtils->message('I', "Checking for \'StrictHostKeyChecking no\' in $cfgfile.\n"); - my $cmd = "/bin/cat $cfgfile | grep 'StrictHostKeyChecking no'"; - my $outref = xCAT::Utils->runcmd("$cmd", -1); - if ($::RUNCMD_RC != 0) - { - - # ok - then add this entry + # file doesn't exist so just create it my $cmd = - "/bin/echo StrictHostKeyChecking no >> $cfgfile; chmod 600 $cfgfile"; + "/bin/echo StrictHostKeyChecking no > $cfgfile; chmod 600 $cfgfile"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { @@ -472,55 +443,35 @@ if ((-f $cfgfile) || $::FORCE) "Added updates to the $cfgfile file.\n"); } } -} -else -{ - # file doesn't exist so just create it - my $cmd = - "/bin/echo StrictHostKeyChecking no > $cfgfile; chmod 600 $cfgfile"; - my $outref = xCAT::Utils->runcmd("$cmd", 0); - if ($::RUNCMD_RC != 0) + # + # create /install/postscripts/_ssh if needed + # + if (!-d "/install/postscripts/_ssh") { - xCAT::MsgUtils->message('E', "Could not update the $cfgfile file.\n"); - } - else - { - xCAT::MsgUtils->message('I', "Added updates to the $cfgfile file.\n"); - } -} - -# -# create /install/postscripts/_ssh if needed -# -if (!-d "/install/postscripts/_ssh") -{ - my $cmd = "/bin/mkdir -p /install/postscripts/_ssh"; - my $outref = xCAT::Utils->runcmd("$cmd", 0); - if ($::RUNCMD_RC != 0) - { - xCAT::MsgUtils->message('E', + my $cmd = "/bin/mkdir -p /install/postscripts/_ssh"; + my $outref = xCAT::Utils->runcmd("$cmd", 0); + if ($::RUNCMD_RC != 0) + { + xCAT::MsgUtils->message('E', "Could not create /install/postscripts/_ssh directory.\n"); - } - else - { - xCAT::MsgUtils->message('I', + } + else + { + xCAT::MsgUtils->message('I', "Created /install/postscripts/_ssh directory.\n"); + } } -} -# -# Generate id_rsa.pub, if it does not exist or the force option -# -my $pubfile = "$::root/.ssh/id_rsa.pub"; -my $rsafile = "$::root/.ssh/id_rsa"; -if ((!-r $pubfile) || $::FORCE) -{ + #need to gen a new rsa key for root ssh, if Force, genkey or does not exist + my $pubfile = "$::root/.ssh/id_rsa.pub"; + my $rsafile = "$::root/.ssh/id_rsa"; - if ($::FORCE) + # if exists, and generated new then + # need to remove the old files + if ((-r $pubfile) && ($::FORCE || $::genSSHRootKeys)) { - # remove the old file my $cmd = "/bin/rm $::root/.ssh/id_rsa*"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) @@ -537,82 +488,667 @@ if ((!-r $pubfile) || $::FORCE) } } - my $cmd = "/usr/bin/ssh-keygen -t rsa -q -b 2048 -N '' -f $rsafile"; - my $outref = xCAT::Utils->runcmd("$cmd", 0); - if ($::RUNCMD_RC != 0) + # ssh key does not exist, gen a new one else leave alone + if (!-r $pubfile) { - xCAT::MsgUtils->message('E', "Could not generate $pubfile.\n"); + my $cmd = "/usr/bin/ssh-keygen -t rsa -q -b 2048 -N '' -f $rsafile"; + my $outref = xCAT::Utils->runcmd("$cmd", 0); + if ($::RUNCMD_RC != 0) + { + xCAT::MsgUtils->message('E', "Could not generate $pubfile.\n"); + } + else + { + xCAT::MsgUtils->message('I', "Generated $pubfile.\n"); + + } + } + + # copy authorized_keys for install on node + if (-r $pubfile) + { + my $cmd = + "/bin/cp -p $pubfile /install/postscripts/_ssh/authorized_keys "; + my $outref = xCAT::Utils->runcmd("$cmd", 0); + if ($::RUNCMD_RC != 0) + { + xCAT::MsgUtils->message( + 'E', + "Could not copy $pubfile to /install/postscripts/_ssh/authorized_keys.\n" + ); + } + else + { + xCAT::MsgUtils->message( + 'I', + "Copied $pubfile to /install/postscripts/_ssh/authorized_keys.\n" + ); + } } else { - xCAT::MsgUtils->message('I', "Generated $pubfile.\n"); + xCAT::MsgUtils->message( + 'E', + "Could not copy $pubfile to /install/postscripts/_ssh/authorized_keys,because $pubfile does not exist.\n" + ); + } +} - if ($::osname eq 'AIX') +#----------------------------------------------------------------------------- + +=head3 genSSHNodeHostKey + + If node private node hostkeys do not exist in either directory or force option + or generate host key option, we need to generate them + These keys are installed on the nodes in /etc/ssh directory and allow the + node to ssh without password node to node. + They are store in /etc/xcat/hostkeys on the MN. + This also includes some migration to /install/postscripts/hostkeys + for the install process + +=cut + +#----------------------------------------------------------------------------- + +sub genSSHNodeHostKey + +{ + + my $hostkey = "/install/postscripts/hostkeys/ssh_host_rsa_key"; + my $hostkey2 = "/etc/xcat/hostkeys/ssh_host_rsa_key"; + if ( ((!-r $hostkey) && (!-r $hostkey2)) + || $::FORCE + || $::genSSHNodeHostKeys) + { + + # create directories /etc/xcat/hostkeys and /install/postscripts/hostkeys + if (!-d "/install/postscripts/hostkeys") # directory for public keys { - - # allows node be able to scp to the MN only for AIX - my $cmd = "/bin/cat $pubfile >> /.ssh/authorized_keys"; + my $cmd = "/bin/mkdir -p /install/postscripts/hostkeys"; + my $outref = xCAT::Utils->runcmd("$cmd", 0); + if ($::RUNCMD_RC != 0) + { + xCAT::MsgUtils->message( + 'E', + "Could not create /install/postscripts/hostkeys directory.\n" + ); + } + } + if (!-d "/etc/xcat/hostkeys") # directory for public/private keys + { + my $cmd = "/bin/mkdir -p /etc/xcat/hostkeys"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', - "Could not cat $pubfile to /.ssh/authorized_keys.\n"); + "Could not create /etc/xcat/hostkeys directory.\n"); + } + } + + # remove the old keys + if (-r $hostkey) + { + my $cmd = "/bin/rm /install/postscripts/hostkeys/ssh_host*"; + my $outref = xCAT::Utils->runcmd("$cmd", -1); + if ($::RUNCMD_RC != 0) + { + xCAT::MsgUtils->message( + 'I', + "Could not remove ssh keys from /install/postscripts/hostkeys directory. They may not exist.\n" + ); + } + } + + # remove the old keys + if (-r $hostkey2) + { + my $cmd = "/bin/rm /etc/xcat/hostkeys/ssh_host*"; + my $outref = xCAT::Utils->runcmd("$cmd", -1); + if ($::RUNCMD_RC != 0) + { + xCAT::MsgUtils->message( + 'I', + "Could not remove ssh keys from /etc/xcat/hostkeys directory. They may not exist.\n" + ); + } + } + + # + # generate new hostkeys + # + xCAT::MsgUtils->message('I', "Generating new node hostkeys...\n"); + xCAT::MsgUtils->message('I', "Generating SSH1 RSA Key...\n"); + my $cmd = + "/usr/bin/ssh-keygen -t rsa1 -f /etc/xcat/hostkeys/ssh_host_key -C '' -N ''"; + my $outref = xCAT::Utils->runcmd("$cmd", 0); + if ($::RUNCMD_RC != 0) + { + xCAT::MsgUtils->message('E', "Could not generate SSH1 RSA key.\n"); + } + + xCAT::MsgUtils->message('I', "Generating SSH2 RSA Key...\n"); + my $cmd = + "/usr/bin/ssh-keygen -t rsa -f /etc/xcat/hostkeys/ssh_host_rsa_key -C '' -N ''"; + my $outref = xCAT::Utils->runcmd("$cmd", 0); + if ($::RUNCMD_RC != 0) + { + xCAT::MsgUtils->message('E', "Could not generate SSH2 RSA key.\n"); + } + + xCAT::MsgUtils->message('I', "Generating SSH2 DSA Key...\n"); + my $cmd = + "/usr/bin/ssh-keygen -t dsa -f /etc/xcat/hostkeys/ssh_host_dsa_key -C '' -N ''"; + my $outref = xCAT::Utils->runcmd("$cmd", 0); + if ($::RUNCMD_RC != 0) + { + xCAT::MsgUtils->message('E', "Could not generate SSH2 DSA key.\n"); + } + + # copy the public keys to install directory + my $cmd = + "/bin/cp /etc/xcat/hostkeys/*.pub /install/postscripts/hostkeys/."; + my $outref = xCAT::Utils->runcmd("$cmd", 0); + if ($::RUNCMD_RC != 0) + { + xCAT::MsgUtils->message('E', "$cmd not successful.\n"); + } + else + { + xCAT::MsgUtils->message('I', "$cmd is successful\n"); + } + } + else + { # keys exist and not a request to regenerate + # so if private keys are in /install ( some migration) + # move old hostkeys keys if they exist in /install, to the + # new directory /etc/xcat/hostkeys & remove private keys from /install + if (-f "/install/postscripts/hostkeys/ssh_host_rsa_key") + { + + # copy all keys to /etc/xcat/hostkeys directory + my $cmd = + "/bin/cp -p /install/postscripts/hostkeys/* /etc/xcat/hostkeys/."; + my $outref = xCAT::Utils->runcmd("$cmd", 0); + if ($::RUNCMD_RC != 0) + { + xCAT::MsgUtils->message('E', "$cmd not successful.\n"); + } + + # remove private keys from install dir, leave the public keys + if (-f "/install/postscripts/hostkeys/ssh_host_dsa_key") + { + my $cmd = + "/bin/rm /install/postscripts/hostkeys/ssh_host_dsa_key"; + my $outref = xCAT::Utils->runcmd("$cmd", 0); + if ($::RUNCMD_RC != 0) + { + xCAT::MsgUtils->message('E', "$cmd not successful.\n"); + } + } + if (-f "/install/postscripts/hostkeys/ssh_host_key") + { + my $cmd = "/bin/rm /install/postscripts/hostkeys/ssh_host_key"; + my $outref = xCAT::Utils->runcmd("$cmd", 0); + if ($::RUNCMD_RC != 0) + { + xCAT::MsgUtils->message('E', "$cmd not successful.\n"); + } + } + if (-f "/install/postscripts/hostkeys/ssh_host_rsa_key") + { + my $cmd = + "/bin/rm /install/postscripts/hostkeys/ssh_host_rsa_key"; + my $outref = xCAT::Utils->runcmd("$cmd", 0); + if ($::RUNCMD_RC != 0) + { + xCAT::MsgUtils->message('E', "$cmd not successful.\n"); + } + } + } + + # so if no public key in /install/postscripts/hostkeys + # copy the /etc/xcat/hostkeys + # public keys to /install/postscripts/hostkeys + if (!(-f "/install/postscripts/hostkeys/ssh_host_rsa_key.pub")) + { + + # rm any files + my $cmd = "/bin/rm /install/postscripts/hostkeys/*"; + my $outref = xCAT::Utils->runcmd("$cmd", -1); + if ($::RUNCMD_RC != 0) + { + xCAT::MsgUtils->message('E', + "$cmd not successful. Files may not exist.\n"); } else { - xCAT::MsgUtils->message('I', - "Added $pubfile to /.ssh/authorized_keys.\n"); - chmod 0600, "/.ssh/authorized_keys"; + xCAT::MsgUtils->message('I', "$cmd is successful\n"); + } + + # copy the public keys to install directory + my $cmd = + "/bin/cp /etc/xcat/hostkeys/*.pub /install/postscripts/hostkeys/."; + my $outref = xCAT::Utils->runcmd("$cmd", 0); + if ($::RUNCMD_RC != 0) + { + xCAT::MsgUtils->message('E', "$cmd not successful.\n"); + } + else + { + xCAT::MsgUtils->message('I', "$cmd is successful\n"); } } } } -# copy authorized_keys for install on node -if (-r $pubfile) +#----------------------------------------------------------------------------- + +=head3 initDB + + Will initialize the DB if it does not already exist, also updates with + new data needed during update install. + +=cut + +#----------------------------------------------------------------------------- + +sub initDB + { - my $cmd = "/bin/cp $pubfile /install/postscripts/_ssh/authorized_keys"; + + my $hname = `hostname`; + chomp $hname; + + # some values common to both AIX & Linux + my $xcatport = "3001"; + my $xcatiport = "3002"; + my $tftpdir = "/tftpboot"; + my $installdir = "/install"; + + my ($name, $aliases, $addrtype, $length, @addrs) = gethostbyname($hname); + my $master = inet_ntoa($addrs[0]); + + # set value based on OS + my ($domain, $timezone); + if ($::osname eq 'AIX') + { + my ($name, $rest) = split('\.', $hname); + if ($rest) + { + ($domain = $hname) =~ s/^.*?\.//; + } + else + { + $domain = ""; + } + + $timezone = $ENV{'TZ'}; + } + else # linux + { + $domain = `hostname -d`; + my $tz; + if (-f "/etc/redhat-release") + { + + # on Redhat look for "ZONE" + $tz = + `grep ^ZONE /etc/sysconfig/clock|cut -d= -f 2|sed -e 's/"//g'`; + } + else + { + + # on SuSE look for "TIMEZONE" + $tz = + `grep ^TIMEZONE /etc/sysconfig/clock|cut -d= -f 2|sed -e 's/"//g'`; + } + $timezone = $tz; + } + + chomp $timezone; + chomp $master; + chomp $domain; + + # create basic site definition, if they do not exist reset request + if ( ((!-r "/etc/xcat/site.sqlite") && (!-r "/etc/xcat/cfgloc")) + || $::FORCE + || $::initDB) + { + my $chtabcmds; + $chtabcmds = + "$::XCATROOT/sbin/chtab key=xcatdport site.value=$xcatport;"; + $chtabcmds .= + "$::XCATROOT/sbin/chtab key=xcatiport site.value=$xcatiport;"; + $chtabcmds .= "$::XCATROOT/sbin/chtab key=tftpdir site.value=$tftpdir;"; + $chtabcmds .= + "$::XCATROOT/sbin/chtab key=installdir site.value=$installdir;"; + $chtabcmds .= "$::XCATROOT/sbin/chtab key=master site.value=$master;"; + $chtabcmds .= "$::XCATROOT/sbin/chtab key=domain site.value=$domain;"; + $chtabcmds .= + "$::XCATROOT/sbin/chtab key=timezone site.value=$timezone"; + + if ($::osname eq 'AIX') + { + $chtabcmds .= + "$::XCATROOT/sbin/chtab key=useSSHonAIX site.value=yes;"; + $chtabcmds .= + "$::XCATROOT/sbin/chtab key=consoleondemand site.value=yes;"; + } + + my $outref = xCAT::Utils->runcmd("$chtabcmds", 0); + if ($::RUNCMD_RC != 0) + { + xCAT::MsgUtils->message('E', "Could not create site definition.\n"); + } + else + { + xCAT::MsgUtils->message('I', "Updated cluster site definition.\n"); + } + } + + # create default postscript list in postscripts table + # if it does not exist, or request reset + + if ( ((!-r "/etc/xcat/postscripts.sqlite") && (!-r "/etc/xcat/cfgloc")) + || $::FORCE + || $::initDB) + { + my $chtabcmds; + if ($::osname eq 'AIX') + { + $chtabcmds = + "$::XCATROOT/sbin/chtab node=xcatdefaults postscripts.postscripts='syslog,aixremoteshell,otherpkgs,syncfiles';"; + } + else + { + $chtabcmds = + "$::XCATROOT/sbin/chtab node=xcatdefaults postscripts.postscripts='syslog,remoteshell,otherpkgs,syncfiles';"; + } + + $chtabcmds .= + "$::XCATROOT/sbin/chtab node=service postscripts.postscripts='servicenode';"; + + my $outref = xCAT::Utils->runcmd("$chtabcmds", 0); + if ($::RUNCMD_RC != 0) + { + xCAT::MsgUtils->message('E', + "Could not create postscripts definition.\n"); + } + else + { + xCAT::MsgUtils->message('I', "Created postscripts definition.\n"); + } + } + + # create basic policy definition, if does not exist or request reset. + if ( ((!-r "/etc/xcat/policy.sqlite") && (!-r "/etc/xcat/cfgloc")) + || $::FORCE + || $::initDB) + { + my $chtabcmds; + if ($::osname eq 'AIX') + { + $chtabcmds = + "$::XCATROOT/sbin/chtab priority=1 policy.name=root policy.rule=allow;"; + $chtabcmds .= + "$::XCATROOT/sbin/chtab priority=1.2 policy.name=$hname policy.rule=allow;"; + $chtabcmds .= + "$::XCATROOT/sbin/chtab priority=4.4 policy.commands=getpostscript policy.rule=allow;"; + $chtabcmds .= + "$::XCATROOT/sbin/chtab priority=4.5 policy.commands=getcredentials policy.rule=allow;"; + $chtabcmds .= + "$::XCATROOT/sbin/chtab priority=4.6 policy.commands=syncfiles policy.rule=allow"; + } + else # linux + { + $chtabcmds = + "$::XCATROOT/sbin/chtab priority=1 policy.name=root policy.rule=allow;"; + $chtabcmds .= + "$::XCATROOT/sbin/chtab priority=2 policy.commands=getbmcconfig policy.rule=allow;"; + $chtabcmds .= + "$::XCATROOT/sbin/chtab priority=3 policy.commands=nextdestiny policy.rule=allow;"; + $chtabcmds .= + "$::XCATROOT/sbin/chtab priority=4 policy.commands=getdestiny policy.rule=allow;"; + $chtabcmds .= + "$::XCATROOT/sbin/chtab priority=4.4 policy.commands=getpostscript policy.rule=allow;"; + $chtabcmds .= + "$::XCATROOT/sbin/chtab priority=4.5 policy.commands=getcredentials policy.rule=allow;"; + $chtabcmds .= + "$::XCATROOT/sbin/chtab priority=4.6 policy.commands=syncfiles policy.rule=allow"; + } + my $outref = xCAT::Utils->runcmd("$chtabcmds", 0); + if ($::RUNCMD_RC != 0) + { + xCAT::MsgUtils->message('E', + "Could not create policy definition.\n"); + } + else + { + xCAT::MsgUtils->message('I', "Created policy definition.\n"); + } + } + + # update install processing + # adding otherpkgs and syncfiles new postscripts for migration + if ($::UPDATEINSTALL) + { + my $chdefcmd; + $chdefcmds .= + "$::XCATROOT/bin/chdef -t node -o xcatdefaults -p postscripts='otherpkgs,syncfiles';"; + my $outref = xCAT::Utils->runcmd("$chdefcmds", 0); + if ($::RUNCMD_RC != 0) + { + xCAT::MsgUtils->message( + 'E', + "Could not update postscripts definition.\n" + ); + } + else + { + xCAT::MsgUtils->message('I', + "Updated postscripts definition.\n"); + } + + } +} # end initial DB install setup + +#----------------------------------------------------------------------------- + +=head3 genCredentials + + Will generate the xCAT credential, if new install or requested to + regenerate. + +=cut + +#----------------------------------------------------------------------------- + +sub genCredentials + +{ + my $hname = `hostname`; + chomp $hname; + if ((!-d "/etc/xcat/ca") || $::FORCE || $::genCredentials) + { + xCAT::MsgUtils->message( + 'I', + "\nSetting up basic certificates. Respond with a \'y\' when prompted.\n\n" + ); + my $cmd = + "echo 'y\ny\ny\ny' |$::XCATROOT/share/xcat/scripts/setup-xcat-ca.sh 'xCAT CA'"; + xCAT::MsgUtils->message('I', "Running $cmd\n"); + my $rc = system($cmd); + if ($rc >> 8) + { + xCAT::MsgUtils->message('E', + "Could not create xCAT certificate in /etc/xcat/ca.\n"); + } + else + { + xCAT::MsgUtils->message('I', "Created xCAT certificate.\n"); + } + } + + # copy to postscript directory + my $cmd = "/bin/rm -rf /install/postscripts/ca >/dev/null 2>&1"; + my $outref = xCAT::Utils->runcmd("$cmd", 0); + my $cmd = "/bin/mkdir -p /install/postscripts/ca/certs"; + my $outref = xCAT::Utils->runcmd("$cmd", 0); + if ($::RUNCMD_RC != 0) + { + xCAT::MsgUtils->message('E', + "Could not create /install/postscripts/ca/certs directory.\n"); + } + else + { + xCAT::MsgUtils->message('I', + "Created /install/postscripts/ca/certs directory.\n"); + } + my $cmd = "/bin/cp -r /etc/xcat/ca/* /install/postscripts/ca"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message( 'E', - "Could not copy $pubfile to /install/postscripts/_ssh/authorized_keys.\n" + "Could not copy /etc/xcat/ca/* to /install/postscripts/ca directory.\n" ); } else { xCAT::MsgUtils->message('I', - "Copied $pubfile to /install/postscripts/_ssh/authorized_keys.\n"); + "Copied /etc/xcat/ca/* to /install/postscripts/ca directory.\n"); } -} -else -{ - xCAT::MsgUtils->message( - 'E', - "Could not copy $pubfile to /install/postscripts/_ssh/authorized_keys,because $pubfile does not exist.\n" - ); -} -# -# create /var/log/consoles if needed -# -if (!-d "/var/log/consoles") -{ - my $cmd = "/bin/mkdir -p /var/log/consoles"; + if ((!-d "/etc/xcat/cert") || $::FORCE || $::genCredentials) + { + my $cmd = + "echo 'y\ny\ny\ny' |$::XCATROOT/share/xcat/scripts/setup-server-cert.sh $hname"; + xCAT::MsgUtils->message('I', "Running $cmd\n"); + my $rc = system($cmd); + if ($rc >> 8) + { + xCAT::MsgUtils->message('E', + "Could not create xCAT certificate in /etc/xcat/cert.\n"); + } + else + { + xCAT::MsgUtils->message('I', "Created xCAT certificate.\n"); + } + } + + # copy to postscript directory + my $cmd = "/bin/rm -rf /install/postscripts/cert >/dev/null 2>&1"; + my $outref = xCAT::Utils->runcmd("$cmd", 0); + my $cmd = "/bin/mkdir -p /install/postscripts/cert"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { xCAT::MsgUtils->message('E', - "Could not create /var/log/consoles directory.\n"); + "Could not create /install/postscripts/cert directory.\n"); } else { - xCAT::MsgUtils->message('I', "Created /var/log/consoles directory.\n"); + xCAT::MsgUtils->message('I', + "Created /install/postscripts/cert directory.\n"); + } + my $cmd = "/bin/cp -r /etc/xcat/cert/* /install/postscripts/cert"; + my $outref = xCAT::Utils->runcmd("$cmd", 0); + if ($::RUNCMD_RC != 0) + { + xCAT::MsgUtils->message( + 'E', + "Could not copy /etc/xcat/cert/* to /install/postscripts/cert directory.\n" + ); + } + else + { + xCAT::MsgUtils->message( + 'I', + "Copied /etc/xcat/cert/* to /install/postscripts/cert directory.\n" + ); + } + + if ((!-r "$::root/.xcat/client-key.pem") || $::FORCE || $::genCredentials) + { + + my $cmd = + "echo 'y\ny\ny\ny' |$::XCATROOT/share/xcat/scripts/setup-local-client.sh root"; + xCAT::MsgUtils->message('I', "Running $cmd\n"); + my $rc = system($cmd); + if ($rc >> 8) + { + xCAT::MsgUtils->message( + 'E', + "Could not create xCAT certificate in /.xcat/client-key.pem.\n" + ); + } + else + { + xCAT::MsgUtils->message('I', "Created xCAT certificate.\n"); + } + } + + # copy to postscript directory + my $cmd = "/bin/rm -rf /install/postscripts/_xcat >/dev/null 2>&1"; + my $outref = xCAT::Utils->runcmd("$cmd", 0); + my $cmd = "/bin/mkdir -p /install/postscripts/_xcat"; + my $outref = xCAT::Utils->runcmd("$cmd", 0); + if ($::RUNCMD_RC != 0) + { + xCAT::MsgUtils->message('E', + "Could not create /install/postscripts/_xcat directory.\n"); + } + else + { + xCAT::MsgUtils->message('I', + "Created /install/postscripts/_xcat directory.\n"); + } + my $cmd = "/bin/cp -r $::root/.xcat/* /install/postscripts/_xcat"; + my $outref = xCAT::Utils->runcmd("$cmd", 0); + if ($::RUNCMD_RC != 0) + { + xCAT::MsgUtils->message( + 'E', + "Could not copy $::root/.xcat/* to /install/postscripts/_xcat directory.\n" + ); + } + else + { + xCAT::MsgUtils->message( + 'I', + "Copied $::root/.xcat/* to /install/postscripts/_xcat directory.\n" + ); + } + my $cmd = "/bin/cp -r /etc/xcat/ca/certs/* /install/postscripts/ca/certs"; + my $outref = xCAT::Utils->runcmd("$cmd", 0); + if ($::RUNCMD_RC != 0) + { + xCAT::MsgUtils->message( + 'E', + "Could not copy /etc/xcat/ca/certs/* to /install/postscripts/ca/certs directory.\n" + ); + } + else + { + xCAT::MsgUtils->message( + 'I', + "Copied /etc/xcat/ca/certs* to /install/postscripts/ca/certs directory.\n" + ); } } -if ($::osname eq 'AIX') +#----------------------------------------------------------------------------- + +=head3 setupAIXconserver + + Set AIX conserver + +=cut + +#----------------------------------------------------------------------------- + +sub setupAIXconserver + { if (!-f "/usr/sbin/conserver") { @@ -649,7 +1185,7 @@ if ($::osname eq 'AIX') } } - $cmd = "lssrc -a | grep conserver >/dev/null 2>&1"; + $cmd = "lssrc -a | grep conserver >/dev/null 2>&1"; $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { @@ -666,12 +1202,54 @@ if ($::osname eq 'AIX') xCAT::MsgUtils->message('I', "Add subsystem conserver.\n"); } } + } -# some Linux-only config -if ($::osname eq 'Linux') +#----------------------------------------------------------------------------- + +=head3 setupAIXexports + + Set AIX exports + +=cut + +#----------------------------------------------------------------------------- + +sub setupAIXexports + { + # check if /install/postscripts is in /etc/exports + my $catcmd = + "/bin/cat /etc/exports 2>&1 | grep '/install/postscripts ' >/dev/null 2>&1"; + my $outref = xCAT::Utils->runcmd("$catcmd", -1); + if ($::RUNCMD_RC != 0) + { + + # if not add it and make sure it is exported + my $ecmd = + "echo '/install/postscripts -ro' >> /etc/exports; exportfs -a"; + my $outref2 = xCAT::Utils->runcmd("$ecmd", -1); + if ($::RUNCMD_RC != 0) + { + xCAT::MsgUtils->message('E', + "Could not update the /etc/exports file.\n"); + } + } +} + +#----------------------------------------------------------------------------- + +=head3 setupLinuxexports + + Set Linux exports + +=cut + +#----------------------------------------------------------------------------- + +sub setupLinuxexports +{ my $changed_exports = 0; # @@ -686,7 +1264,8 @@ if ($::osname eq 'Linux') # ok - then add this entry #SECURITY: this has potential for sharing private host/user keys my $cmd = - "/bin/echo '/tftpboot *(rw,root_squash,sync)' >> /etc/exports"; + "/bin/echo '/tftpboot *(rw,no_root_squash,sync)' >> /etc/exports"; + my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { @@ -713,7 +1292,7 @@ if ($::osname eq 'Linux') # ok - then add this entry #SECURITY: this has potential for sharing private host/user keys my $cmd = - "/bin/echo '/install *(ro,no_root_squash,sync)' >> /etc/exports"; + "/bin/echo '/install *(rw,no_root_squash,sync)' >> /etc/exports"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { @@ -732,8 +1311,16 @@ if ($::osname eq 'Linux') { # restart nfs - my $cmd = "/sbin/service nfs restart"; + my $cmd = "/sbin/service nfs restart"; my $outref = xCAT::Utils->runcmd("$cmd", 0); + if ($::RUNCMD_RC != 0) + { + xCAT::MsgUtils->message('E', "Could not restart NFS.\n"); + } + else + { + xCAT::MsgUtils->message('I', "NFS has been restarted.\n"); + } my $cmd = "/sbin/chkconfig nfs on"; my $outref = xCAT::Utils->runcmd("$cmd", 0); @@ -743,481 +1330,32 @@ if ($::osname eq 'Linux') } else { - xCAT::MsgUtils->message('I', "NFS has been restarted.\n"); + xCAT::MsgUtils->message('I', "NFS has been enabled.\n"); } - } -} # - some Linux-only config - -# -# create basic site definition -# -my $hname = `hostname`; -chomp $hname; - -# some values common to both AIX & Linux -my $xcatport = "3001"; -my $xcatiport = "3002"; -my $tftpdir = "/tftpboot"; -my $installdir = "/install"; - -my ($name, $aliases, $addrtype, $length, @addrs) = gethostbyname($hname); -my $master = inet_ntoa($addrs[0]); - -# set value based on OS -my ($domain, $timezone); -if ($::osname eq 'AIX') -{ - my ($name, $rest) = split('\.', $hname); - if ($rest) - { - ($domain = $hname) =~ s/^.*?\.//; - } - else - { - $domain = ""; - } - - $timezone = $ENV{'TZ'}; -} -else -{ - $domain = `hostname -d`; - my $tz; - if (-f "/etc/redhat-release") - { - - # on Redhat look for "ZONE" - $tz = `grep ^ZONE /etc/sysconfig/clock|cut -d= -f 2|sed -e 's/"//g'`; - } - else - { - - # on SuSE look for "TIMEZONE" - $tz = - `grep ^TIMEZONE /etc/sysconfig/clock|cut -d= -f 2|sed -e 's/"//g'`; - } - $timezone = $tz; -} - -chomp $timezone; -chomp $master; -chomp $domain; - -# create basic site definition -if ((!-r "/etc/xcat/site.sqlite") || $::FORCE) -{ - my $chtabcmds; - $chtabcmds = "$::XCATROOT/sbin/chtab key=xcatdport site.value=$xcatport;"; - $chtabcmds .= "$::XCATROOT/sbin/chtab key=xcatiport site.value=$xcatiport;"; - $chtabcmds .= "$::XCATROOT/sbin/chtab key=tftpdir site.value=$tftpdir;"; - $chtabcmds .= - "$::XCATROOT/sbin/chtab key=installdir site.value=$installdir;"; - $chtabcmds .= "$::XCATROOT/sbin/chtab key=master site.value=$master;"; - $chtabcmds .= "$::XCATROOT/sbin/chtab key=domain site.value=$domain;"; - if ($::osname eq 'Linux') - { - $chtabcmds .= - "$::XCATROOT/sbin/chtab key=timezone site.value=$timezone"; - } - if ($::osname eq 'AIX') - { - $chtabcmds .= "$::XCATROOT/sbin/chtab key=useSSHonAIX site.value=yes;"; - $chtabcmds .= - "$::XCATROOT/sbin/chtab key=consoleondemand site.value=yes;"; - } - - my $outref = xCAT::Utils->runcmd("$chtabcmds", 0); - if ($::RUNCMD_RC != 0) - { - xCAT::MsgUtils->message('E', "Could not create site definition.\n"); - } - else - { - xCAT::MsgUtils->message('I', "Updated cluster site definition.\n"); - } -} - -# create default postscript list in postscripts table -if ((!-r "/etc/xcat/postscripts.sqlite") || $::FORCE) -{ - my $chtabcmds; - if ($::osname eq 'AIX') - { - $chtabcmds = - "$::XCATROOT/sbin/chtab node=xcatdefaults postscripts.postscripts='syslog,aixremoteshell';"; - } - else - { - $chtabcmds = - "$::XCATROOT/sbin/chtab node=xcatdefaults postscripts.postscripts='syslog,remoteshell';"; - } - - $chtabcmds .= - "$::XCATROOT/sbin/chtab node=service postscripts.postscripts='servicenode';"; - - my $outref = xCAT::Utils->runcmd("$chtabcmds", 0); - if ($::RUNCMD_RC != 0) - { - xCAT::MsgUtils->message('E', - "Could not create postscripts definition.\n"); - } - else - { - xCAT::MsgUtils->message('I', "Created postscripts definition.\n"); - } -} - -# create basic policy definition. -if ((!-r "/etc/xcat/policy.sqlite") || $::FORCE) -{ - my $chtabcmds; - if ($::osname eq 'AIX') - { - $chtabcmds = - "$::XCATROOT/sbin/chtab priority=1 policy.name=root policy.rule=allow;"; - $chtabcmds .= - "$::XCATROOT/sbin/chtab priority=1.2 policy.name=$hname policy.rule=allow;"; - $chtabcmds .= - "$::XCATROOT/sbin/chtab priority=4.4 policy.commands=getpostscript policy.rule=allow;"; - $chtabcmds .= - "$::XCATROOT/sbin/chtab priority=4.5 policy.commands=getcredentials policy.rule=allow;"; - $chtabcmds .= - "$::XCATROOT/sbin/chtab priority=4.6 policy.commands=syncfiles policy.rule=allow"; - } - else - { - $chtabcmds = - "$::XCATROOT/sbin/chtab priority=1 policy.name=root policy.rule=allow;"; - $chtabcmds .= - "$::XCATROOT/sbin/chtab priority=2 policy.commands=getbmcconfig policy.rule=allow;"; - $chtabcmds .= - "$::XCATROOT/sbin/chtab priority=3 policy.commands=nextdestiny policy.rule=allow;"; - $chtabcmds .= - "$::XCATROOT/sbin/chtab priority=4 policy.commands=getdestiny policy.rule=allow;"; - $chtabcmds .= - "$::XCATROOT/sbin/chtab priority=4.4 policy.commands=getpostscript policy.rule=allow;"; - $chtabcmds .= - "$::XCATROOT/sbin/chtab priority=4.5 policy.commands=getcredentials policy.rule=allow;"; - $chtabcmds .= - "$::XCATROOT/sbin/chtab priority=4.6 policy.commands=syncfiles policy.rule=allow"; - } - my $outref = xCAT::Utils->runcmd("$chtabcmds", 0); - if ($::RUNCMD_RC != 0) - { - xCAT::MsgUtils->message('E', "Could not create policy definition.\n"); - } - else - { - xCAT::MsgUtils->message('I', "Created policy definition.\n"); - } -} - -# -# set up syslog -# -# (use postscript to set up syslog -- leaving old code for now in case it -# did something differnt) -my $cmd = "/install/postscripts/syslog"; -my $outref = xCAT::Utils->runcmd("$cmd", 0); -if ($::RUNCMD_RC != 0) -{ - xCAT::MsgUtils->message('E', "Could not set up syslog.\n"); -} -else -{ - xCAT::MsgUtils->message('I', "syslog has been set up.\n"); -} - -# -# if backup file exists assume it's already set up -#if (( ! -r "/etc/syslog.conf.ORIG" ) || $::FORCE) { -# my $syslogcmds; -# $syslogcmds = "cp /etc/syslog.conf /etc/syslog.conf.ORIG;"; -# $syslogcmds .= "echo '*.debug /var/log/localmessages' > /etc/test.tmp;"; -# $syslogcmds .= "echo '*.crit /var/log/localmessages' >> /etc/test.tmp;"; -# $syslogcmds .= "cat /etc/test.tmp >> /etc/syslog.conf;"; -# $syslogcmds .= "rm /etc/test.tmp;"; -# $syslogcmds .= "touch /var/log/localmessages;"; -# if ($::osname eq 'AIX') { -# $syslogcmds .= "stopsrc -s syslogd;"; -# $syslogcmds .= "startsrc -s syslogd;"; -# } else { -# $syslogcmds .= "/etc/init.d/syslog stop;"; -# $syslogcmds .= "/etc/init.d/syslog start;"; -# } -# -# my $outref = xCAT::Utils->runcmd("$syslogcmds", 0); -# if ($::RUNCMD_RC != 0) -# { -# xCAT::MsgUtils->message('E', "Could not set up syslog.\n"); -# } else { -# xCAT::MsgUtils->message('I', "Started syslog daemon.\n"); -# } -#} - -# -# set up the certificates for xcatd -# -if ((!-d "/etc/xcat/ca") || $::FORCE) -{ - xCAT::MsgUtils->message( - 'I', - "\nSetting up basic certificates. Respond with a \'y\' when prompted.\n\n" - ); - my $cmd = - "echo 'y\ny\ny\ny' |$::XCATROOT/share/xcat/scripts/setup-xcat-ca.sh 'xCAT CA'"; - xCAT::MsgUtils->message('I', "Running $cmd\n"); - my $rc = system($cmd); - if ($rc >> 8) - { - xCAT::MsgUtils->message('E', - "Could not create xCAT certificate in /etc/xcat/ca.\n"); - } - else - { - xCAT::MsgUtils->message('I', "Created xCAT certificate.\n"); - } -} - -# copy to postscript directory -my $cmd = "/bin/rm -rf /install/postscripts/ca >/dev/null 2>&1"; -my $outref = xCAT::Utils->runcmd("$cmd", 0); -my $cmd = "/bin/mkdir -p /install/postscripts/ca/certs"; -my $outref = xCAT::Utils->runcmd("$cmd", 0); -if ($::RUNCMD_RC != 0) -{ - xCAT::MsgUtils->message('E', - "Could not create /install/postscripts/ca/certs directory.\n"); -} -else -{ - xCAT::MsgUtils->message('I', - "Created /install/postscripts/ca/certs directory.\n"); -} -my $cmd = "/bin/cp -r /etc/xcat/ca/* /install/postscripts/ca"; -my $outref = xCAT::Utils->runcmd("$cmd", 0); -if ($::RUNCMD_RC != 0) -{ - xCAT::MsgUtils->message( - 'E', - "Could not copy /etc/xcat/ca/* to /install/postscripts/ca directory.\n" - ); -} -else -{ - xCAT::MsgUtils->message('I', - "Copied /etc/xcat/ca/* to /install/postscripts/ca directory.\n"); -} - -if ((!-d "/etc/xcat/cert") || $::FORCE) -{ - my $cmd = - "echo 'y\ny\ny\ny' |$::XCATROOT/share/xcat/scripts/setup-server-cert.sh $hname"; - xCAT::MsgUtils->message('I', "Running $cmd\n"); - my $rc = system($cmd); - if ($rc >> 8) - { - xCAT::MsgUtils->message('E', - "Could not create xCAT certificate in /etc/xcat/cert.\n"); - } - else - { - xCAT::MsgUtils->message('I', "Created xCAT certificate.\n"); - } -} - -# copy to postscript directory -my $cmd = "/bin/rm -rf /install/postscripts/cert >/dev/null 2>&1"; -my $outref = xCAT::Utils->runcmd("$cmd", 0); -my $cmd = "/bin/mkdir -p /install/postscripts/cert"; -my $outref = xCAT::Utils->runcmd("$cmd", 0); -if ($::RUNCMD_RC != 0) -{ - xCAT::MsgUtils->message('E', - "Could not create /install/postscripts/cert directory.\n"); -} -else -{ - xCAT::MsgUtils->message('I', - "Created /install/postscripts/cert directory.\n"); -} -my $cmd = "/bin/cp -r /etc/xcat/cert/* /install/postscripts/cert"; -my $outref = xCAT::Utils->runcmd("$cmd", 0); -if ($::RUNCMD_RC != 0) -{ - xCAT::MsgUtils->message( - 'E', - "Could not copy /etc/xcat/cert/* to /install/postscripts/cert directory.\n" - ); -} -else -{ - xCAT::MsgUtils->message('I', - "Copied /etc/xcat/cert/* to /install/postscripts/cert directory.\n"); -} - -if ((!-r "$::root/.xcat/client-key.pem") || $::FORCE) -{ - - my $cmd = - "echo 'y\ny\ny\ny' |$::XCATROOT/share/xcat/scripts/setup-local-client.sh root"; - xCAT::MsgUtils->message('I', "Running $cmd\n"); - my $rc = system($cmd); - if ($rc >> 8) - { - xCAT::MsgUtils->message('E', - "Could not create xCAT certificate in /.xcat/client-key.pem.\n"); - } - else - { - xCAT::MsgUtils->message('I', "Created xCAT certificate.\n"); - } -} - -# copy to postscript directory -my $cmd = "/bin/rm -rf /install/postscripts/_xcat >/dev/null 2>&1"; -my $outref = xCAT::Utils->runcmd("$cmd", 0); -my $cmd = "/bin/mkdir -p /install/postscripts/_xcat"; -my $outref = xCAT::Utils->runcmd("$cmd", 0); -if ($::RUNCMD_RC != 0) -{ - xCAT::MsgUtils->message('E', - "Could not create /install/postscripts/_xcat directory.\n"); -} -else -{ - xCAT::MsgUtils->message('I', - "Created /install/postscripts/_xcat directory.\n"); -} -my $cmd = "/bin/cp -r $::root/.xcat/* /install/postscripts/_xcat"; -my $outref = xCAT::Utils->runcmd("$cmd", 0); -if ($::RUNCMD_RC != 0) -{ - xCAT::MsgUtils->message( - 'E', - "Could not copy $::root/.xcat/* to /install/postscripts/_xcat directory.\n" - ); -} -else -{ - xCAT::MsgUtils->message('I', - "Copied $::root/.xcat/* to /install/postscripts/_xcat directory.\n"); -} -my $cmd = "/bin/cp -r /etc/xcat/ca/certs/* /install/postscripts/ca/certs"; -my $outref = xCAT::Utils->runcmd("$cmd", 0); -if ($::RUNCMD_RC != 0) -{ - xCAT::MsgUtils->message( - 'E', - "Could not copy /etc/xcat/ca/certs/* to /install/postscripts/ca/certs directory.\n" - ); -} -else -{ - xCAT::MsgUtils->message( - 'I', - "Copied /etc/xcat/ca/certs* to /install/postscripts/ca/certs directory.\n" - ); -} - -# -# if there are xcatd processes then stop them -# -my @xpids = xCAT::Utils->runcmd("ps -ef\|grep \"xcatd\"", 0); -if ($#xpids >= 1) -{ # will have at least "0" for the grep - xCAT::MsgUtils->message('I', "Stopping xcatd processes....\n"); - foreach $ps (@xpids) - { - - $ps =~ s/^\s+//; # strip any leading spaces - my ($uid, $pid, $ppid, $desc) = split /\s+/, $ps; - - # if $ps contains "grep" then it's not one of the daemon processes - if ($ps !~ /grep/) - { - - # print "pid=$pid\n"; - my $cmd = "/bin/kill -9 $pid"; - xCAT::Utils->runcmd($cmd, 0); - if ($::RUNCMD_RC != 0) - { - xCAT::MsgUtils->message('E', - "Could not stop xcatd process $pid.\n"); - } - } - } -} - -# -# start xcatd -# -xCAT::MsgUtils->message('I', "Starting xcatd.....\n"); -my $xcmd; -if ($::osname eq 'AIX') -{ - $xcmd = "$::XCATROOT/sbin/xcatd &"; -} -else -{ - $xcmd = "/etc/init.d/xcatd start"; -} - -my $outref = xCAT::Utils->runcmd("$xcmd", 0); -if ($::RUNCMD_RC != 0) -{ - xCAT::MsgUtils->message('E', "Could not start xcatd.\n"); -} - -# for AIX systems add xcatd to the /etc/inittab file -# and add /install/postscripts to /etc/exports -if ($::osname eq 'AIX') -{ - my $mkitab_cmd = - 'mkitab "xcatd:2:once:/opt/xcat/sbin/xcatd > /dev/console 2>&1" > /dev/null 2>&1'; - my $rc = system($mkitab_cmd); - - # check if /install/postscripts is in /etc/exports - my $catcmd = - "/bin/cat /etc/exports 2>&1 | grep '/install/postscripts ' >/dev/null 2>&1"; - my $outref = xCAT::Utils->runcmd("$catcmd", -1); - if ($::RUNCMD_RC != 0) - { - - # if not add it and make sure it is exported - my $ecmd = - "echo '/install/postscripts -ro' >> /etc/exports; exportfs -a"; - my $outref2 = xCAT::Utils->runcmd("$ecmd", -1); - if ($::RUNCMD_RC != 0) - { - xCAT::MsgUtils->message('E', - "Could not update the /etc/exports file.\n"); - } - } -} - -# more - Linux-only config -if ($::osname eq 'Linux') -{ - - #Zap the almost certainly wrong pxelinux.cfg file - if (-f "/tftpboot/pxelinux.cfg/default") - { - $cmd = "/bin/rm /tftpboot/pxelinux.cfg/default"; + my $cmd = "/usr/sbin/exportfs -a"; my $outref = xCAT::Utils->runcmd("$cmd", 0); if ($::RUNCMD_RC != 0) { - xCAT::MsgUtils->message('E', - "Could not remove /tftpboot/pxelinux.cfg/default\n"); + xCAT::MsgUtils->message('E', "Error with $cmd.\n"); } else { - xCAT::MsgUtils->message('I', - "Removed /tftpboot/pxelinux.cfg/default.\n"); + xCAT::MsgUtils->message('I', "Ran $cmd.\n"); } } +} - # run mknb - only needed for Intel platforms for now +#----------------------------------------------------------------------------- + +=head3 mknb + + creates a network boot root image on Linux + +=cut + +#----------------------------------------------------------------------------- +sub mknb +{ if ($::arch eq "x86_64" || $::arch eq "x86") { foreach my $ar (qw(x86 x86_64 ppc64)) @@ -1237,6 +1375,20 @@ if ($::osname eq 'Linux') } } +} + +#----------------------------------------------------------------------------- + +=head3 makenetworks + + Runs makenetworks and initializes http on Linux + +=cut + +#----------------------------------------------------------------------------- +sub makenetworks +{ + # run makenetworks my $cmd = "$::XCATROOT/sbin/makenetworks"; my $outref = xCAT::Utils->runcmd("$cmd", 0); @@ -1308,25 +1460,4 @@ if ($::osname eq 'Linux') { xCAT::MsgUtils->message('I', "httpd has been enabled.\n"); } - - my $linux_note = - "xCAT is now installed, it is recommended to tabedit networks \nand set a dynamic ip address range on any networks where nodes \nare to be discovered. Then, run makedhcp -n to create a new dhcpd \nconfiguration file, and \/etc\/init.d\/dhcpd restart. Either examine sample \nconfiguration templates, or write your own, or specify a value per \nnode with nodeadd or tabedit.\n"; - xCAT::MsgUtils->message('I', $linux_note); - -} #End - more - Linux-only config - -exit; - -##################################### -# subroutines -##################################### - -sub usage -{ - xCAT::MsgUtils->message('I', "Usage:\n"); - xCAT::MsgUtils->message( - 'I', - "xcatconfig - Performs basic xCAT configuration on an xCAT management node.\n\n" - ); - xCAT::MsgUtils->message('I', " xcatconfig [-h|--help] [-f|--force]\n\n"); }