From af9a57b88f9c8de557d447d60797f31544ed1b6b Mon Sep 17 00:00:00 2001 From: immarvin Date: Thu, 12 Feb 2015 00:23:18 -0800 Subject: [PATCH 01/12] there should be only 1 local package directory speicified in pkgdir attribute, the removed code slice seems unnecessary --- xCAT-server/lib/xcat/plugins/debian.pm | 5 ----- 1 file changed, 5 deletions(-) diff --git a/xCAT-server/lib/xcat/plugins/debian.pm b/xCAT-server/lib/xcat/plugins/debian.pm index 199e99ca6..630f7f012 100755 --- a/xCAT-server/lib/xcat/plugins/debian.pm +++ b/xCAT-server/lib/xcat/plugins/debian.pm @@ -739,11 +739,6 @@ sub mkinstall my $initrdpath; my $maxmem; - # only first value is adopted, please see tabdump linuximage, section pkgdir. - my @pkgdirs = split(/,/, $pkgdir); - if (scalar(@pkgdirs) > 1) { - $pkgdir = @pkgdirs[0]; - } if ( ( From 2a2664720b0e6079e1e984a170c84adef0145007 Mon Sep 17 00:00:00 2001 From: daniceexi Date: Thu, 12 Feb 2015 09:42:41 -0500 Subject: [PATCH 02/12] Add default value for attribute site.xcatsslversion=TLSv1 to avoid using sslv3 which might cause POODLE Attach --- perl-xCAT/xCAT/Client.pm | 5 +++++ xCAT-client/xCAT-client.spec | 8 ++++++++ xCAT-server/sbin/xcatconfig | 11 +++++++++++ 3 files changed, 24 insertions(+) diff --git a/perl-xCAT/xCAT/Client.pm b/perl-xCAT/xCAT/Client.pm index 2fa624ba3..422e32acc 100644 --- a/perl-xCAT/xCAT/Client.pm +++ b/perl-xCAT/xCAT/Client.pm @@ -237,6 +237,10 @@ if (ref($request) eq 'HASH') { # the request is an array, not pure XML } } my $client; + my %sslargs; + if (defined($ENV{'XCATSSLVER'})) { + $sslargs{SSL_version} = $ENV{'XCATSSLVER'}; + } if (-r $keyfile and -r $certfile and -r $cafile) { $client = IO::Socket::SSL->start_SSL($pclient, SSL_key_file => $keyfile, @@ -245,6 +249,7 @@ if (ref($request) eq 'HASH') { # the request is an array, not pure XML SSL_verify_mode => SSL_VERIFY_PEER, SSL_use_cert => 1, Timeout => 0, + %sslargs, ); } else { $client = IO::Socket::SSL->start_SSL($pclient, diff --git a/xCAT-client/xCAT-client.spec b/xCAT-client/xCAT-client.spec index fc7ffcbb8..116e4d369 100644 --- a/xCAT-client/xCAT-client.spec +++ b/xCAT-client/xCAT-client.spec @@ -294,6 +294,14 @@ export XCATROOT PATH MANPATH export PERL_BADLANG=0 EOF +# export XCATSSLVER for sles11. Others OS can work without this setting. +if [ -r /etc/SuSE-release ]; then + ver=`grep 'VERSION' /etc/SuSE-release | awk -F= '{print $2}' | sed 's/ //g'` + if [ "$ver" = "11" ]; then + echo 'export XCATSSLVER=TLSv1' >> /etc/profile.d/xcat.sh + fi +fi + cat << EOF > /etc/profile.d/xcat.csh setenv XCATROOT "$RPM_INSTALL_PREFIX0" setenv PATH \${XCATROOT}/bin:\${XCATROOT}/sbin:\${XCATROOT}/share/xcat/tools:\${PATH} diff --git a/xCAT-server/sbin/xcatconfig b/xCAT-server/sbin/xcatconfig index 4440a7753..3dcc2c344 100755 --- a/xCAT-server/sbin/xcatconfig +++ b/xCAT-server/sbin/xcatconfig @@ -1250,6 +1250,7 @@ sub initDB $chtabcmds .= "$::XCATROOT/sbin/chtab key=cleanupxcatpost site.value=no;"; $chtabcmds .= "$::XCATROOT/sbin/chtab key=dhcplease site.value=43200;"; $chtabcmds .= "$::XCATROOT/sbin/chtab key=auditnosyslog site.value=0;"; + $chtabcmds .= "$::XCATROOT/sbin/chtab key=xcatsslversion site.value=TLSv1;"; #$chtabcmds .= "$::XCATROOT/sbin/chtab key=useflowcontrol site.value=yes;"; # need to fix 4031 if ($::osname eq 'AIX') @@ -1504,6 +1505,16 @@ sub initDB } } + # add default value to site.xcatsslversion + $cmds = "$::XCATROOT/sbin/chtab key=xcatsslversion site.value=TLSv1;"; + $outref = xCAT::Utils->runcmd("$cmds", 0); + if ($::RUNCMD_RC != 0) + { + xCAT::MsgUtils->message('E',"Could not add default value for site.xcatsslversion."); + } + + + } # remove xcatserver,xcatclient # from the postscripts. They are now called by servicenode From 7f60fa1979607dcaf1477f3814a68fbb1234340d Mon Sep 17 00:00:00 2001 From: daniceexi Date: Thu, 12 Feb 2015 20:19:00 -0500 Subject: [PATCH 03/12] Continue the fix to avoid sslv3 in xcatd. In this commit, all the calling to [openssl s_client] in xcat code which used to connect to xcatd will add arguments [-no_ssl3 -no_ssl2] to avoid the using of sslv2/3 --- xCAT-server/share/xcat/netboot/add-on/statelite/rc.localdisk | 4 ++-- xCAT-server/share/xcat/netboot/add-on/statelite/rc.statelite | 2 +- .../xcat/netboot/add-on/statelite/rc.statelite.ppc.redhat | 2 +- xCAT/postscripts/getcredentials.awk | 2 +- xCAT/postscripts/getpostscript.awk | 2 +- xCAT/postscripts/startsyncfiles.awk | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/xCAT-server/share/xcat/netboot/add-on/statelite/rc.localdisk b/xCAT-server/share/xcat/netboot/add-on/statelite/rc.localdisk index 84244eb9c..3cce58804 100755 --- a/xCAT-server/share/xcat/netboot/add-on/statelite/rc.localdisk +++ b/xCAT-server/share/xcat/netboot/add-on/statelite/rc.localdisk @@ -68,9 +68,9 @@ xCATCmd () { # $2 is the command ARCH=`uname -m` if [ x$ARCH = x"ppc64" -a x$OS = x"rh" ]; then - echo "\n${2}\n" | /usr/sbin/chroot ${MNTDIR} /usr/bin/openssl s_client -quiet -connect ${1} -rand /bin/nice 2>/dev/null + echo "\n${2}\n" | /usr/sbin/chroot ${MNTDIR} /usr/bin/openssl s_client -quiet -no_ssl3 -no_ssl2 -connect ${1} -rand /bin/nice 2>/dev/null else - echo "\n${2}\n" | LD_LIBRARY_PATH=${MNTDIR}/lib64:${MNTDIR}/usr/lib64 ${MNTDIR}/usr/bin/openssl s_client -quiet -connect ${1} -rand /bin/nice 2>/dev/null + echo "\n${2}\n" | LD_LIBRARY_PATH=${MNTDIR}/lib64:${MNTDIR}/usr/lib64 ${MNTDIR}/usr/bin/openssl s_client -quiet -no_ssl3 -no_ssl2 -connect ${1} -rand /bin/nice 2>/dev/null fi } diff --git a/xCAT-server/share/xcat/netboot/add-on/statelite/rc.statelite b/xCAT-server/share/xcat/netboot/add-on/statelite/rc.statelite index 6989fb57d..1fc3f2222 100755 --- a/xCAT-server/share/xcat/netboot/add-on/statelite/rc.statelite +++ b/xCAT-server/share/xcat/netboot/add-on/statelite/rc.statelite @@ -128,7 +128,7 @@ GetSyncInfo () { xCATCmd () { # $1 is the xCAT server # $2 is the command - echo "\n${2}\n" | LD_LIBRARY_PATH=${MNTDIR}/lib64:${MNTDIR}/usr/lib64 ${MNTDIR}/usr/bin/openssl s_client -quiet -connect ${1} -rand /bin/nice 2>/dev/null + echo "\n${2}\n" | LD_LIBRARY_PATH=${MNTDIR}/lib64:${MNTDIR}/usr/lib64 ${MNTDIR}/usr/bin/openssl s_client -quiet -no_ssl3 -no_ssl2 -connect ${1} -rand /bin/nice 2>/dev/null } diff --git a/xCAT-server/share/xcat/netboot/add-on/statelite/rc.statelite.ppc.redhat b/xCAT-server/share/xcat/netboot/add-on/statelite/rc.statelite.ppc.redhat index 0e1ef8027..2ea270de6 100755 --- a/xCAT-server/share/xcat/netboot/add-on/statelite/rc.statelite.ppc.redhat +++ b/xCAT-server/share/xcat/netboot/add-on/statelite/rc.statelite.ppc.redhat @@ -128,7 +128,7 @@ GetSyncInfo () { xCATCmd () { # $1 is the xCAT server # $2 is the command - echo "\n${2}\n" | /usr/sbin/chroot ${MNTDIR} /usr/bin/openssl s_client -quiet -connect ${1} -rand /bin/nice 2>/dev/null + echo "\n${2}\n" | /usr/sbin/chroot ${MNTDIR} /usr/bin/openssl s_client -quiet -no_ssl3 -no_ssl2 -connect ${1} -rand /bin/nice 2>/dev/null } diff --git a/xCAT/postscripts/getcredentials.awk b/xCAT/postscripts/getcredentials.awk index 5ffb85d2b..0701204fa 100755 --- a/xCAT/postscripts/getcredentials.awk +++ b/xCAT/postscripts/getcredentials.awk @@ -1,7 +1,7 @@ #!/usr/bin/awk -f BEGIN { if ((ENVIRON["USEOPENSSLFORXCAT"]) || (ENVIRON["AIX"])) { - server = "openssl s_client -quiet -connect " ENVIRON["XCATSERVER"] " -rand /bin/nice 2> /dev/null" + server = "openssl s_client -quiet -no_ssl3 -no_ssl2 -connect " ENVIRON["XCATSERVER"] " -rand /bin/nice 2> /dev/null" } else { server = "/inet/tcp/0/127.0.0.1/400" } diff --git a/xCAT/postscripts/getpostscript.awk b/xCAT/postscripts/getpostscript.awk index efb90e2a0..99725d4a4 100755 --- a/xCAT/postscripts/getpostscript.awk +++ b/xCAT/postscripts/getpostscript.awk @@ -1,7 +1,7 @@ #!/usr/bin/awk -f BEGIN { if (ENVIRON["USEOPENSSLFORXCAT"]) { - server = "openssl s_client -connect " ENVIRON["XCATSERVER"] " -rand /bin/nice 2> /dev/null" + server = "openssl s_client -no_ssl3 -no_ssl2 -connect " ENVIRON["XCATSERVER"] " -rand /bin/nice 2> /dev/null" } else { server = "/inet/tcp/0/127.0.0.1/400" } diff --git a/xCAT/postscripts/startsyncfiles.awk b/xCAT/postscripts/startsyncfiles.awk index 697ae8a40..a7975410d 100755 --- a/xCAT/postscripts/startsyncfiles.awk +++ b/xCAT/postscripts/startsyncfiles.awk @@ -1,7 +1,7 @@ #!/usr/bin/awk -f BEGIN { if (ENVIRON["USEOPENSSLFORXCAT"]) { - server = "openssl s_client -connect " ENVIRON["XCATSERVER"] " 2> /dev/null" + server = "openssl s_client -no_ssl3 -no_ssl2 -connect " ENVIRON["XCATSERVER"] " 2> /dev/null" } else { server = "/inet/tcp/0/127.0.0.1/400" } From 50286e7bce01108637460bc41fc527a72aafeeb2 Mon Sep 17 00:00:00 2001 From: daniceexi Date: Thu, 12 Feb 2015 22:42:19 -0500 Subject: [PATCH 04/12] Ubuntu/genimage: support multiple local mirror in osimage.pkgdir. The first one will be used to create bootstraps. The procedure to create osimage is: 1. create bootstrap with local/remote mirror; 2. add all mirror in osimage.pkgdir to sourcelist; 3. do osimage update; 4. install kernel; 5 install otherpkgs. --- xCAT-server/lib/xcat/plugins/genimage.pm | 8 +- .../share/xcat/netboot/ubuntu/genimage | 108 ++++++++++-------- 2 files changed, 64 insertions(+), 52 deletions(-) diff --git a/xCAT-server/lib/xcat/plugins/genimage.pm b/xCAT-server/lib/xcat/plugins/genimage.pm index fc54f0619..3f068bb3f 100644 --- a/xCAT-server/lib/xcat/plugins/genimage.pm +++ b/xCAT-server/lib/xcat/plugins/genimage.pm @@ -170,12 +170,6 @@ sub process_request { $pkglist = $ref_linuximage_tab->{'pkglist'}; $srcdir = $ref_linuximage_tab->{'pkgdir'}; - my @pkgarray = split(/,/, $ref_linuximage_tab->{'pkgdir'}); - if(scalar(@pkgarray) > 1) - { - $srcdir = @pkgarray[0]; - } - $srcdir_otherpkgs = $ref_linuximage_tab->{'otherpkgdir'}; $otherpkglist = $ref_linuximage_tab->{'otherpkglist'}; @@ -299,7 +293,7 @@ sub process_request { if ($interactive) { $cmd .= " --interactive" } if ($onlyinitrd) { $cmd .= " --onlyinitrd" } - if ($srcdir) { $cmd .= " --srcdir $srcdir";} + if ($srcdir) { $cmd .= " --srcdir \"$srcdir\"";} if ($pkglist) { $cmd .= " --pkglist $pkglist";} if ($srcdir_otherpkgs) { $cmd .= " --otherpkgdir \"$srcdir_otherpkgs\""; } if ($otherpkglist) { $cmd .= " --otherpkglist $otherpkglist"; } diff --git a/xCAT-server/share/xcat/netboot/ubuntu/genimage b/xCAT-server/share/xcat/netboot/ubuntu/genimage index 4ae2c2f19..a35c2033f 100755 --- a/xCAT-server/share/xcat/netboot/ubuntu/genimage +++ b/xCAT-server/share/xcat/netboot/ubuntu/genimage @@ -228,10 +228,12 @@ unless ($onlyinitrd) { # Get the ubuntu repo path from osimage.pkgdir my @srcdirs = split(',', $srcdir); - my $pkgdir_internet; #only support one http mirror which will be used to create bootstrap + + my @pkgdir_internet; #Put all the http mirror in ths array, but only the first http mirror which will be used to create bootstrap + $srcdir = undef; foreach my $dir (@srcdirs) { if ($dir =~ /^http.*/){ - $pkgdir_internet = $dir; + push @pkgdir_internet, $dir; } else { $srcdir = $dir; #set $srcdir to be the one which is not http path find(\&isaptdir, <$dir/>); @@ -259,14 +261,14 @@ unless ($onlyinitrd) { $repnum-=1; # Add the internet mirror - if ($pkgdir_internet) { - print $aptconfig "deb $pkgdir_internet\n\n"; + if (@pkgdir_internet) { + foreach (@pkgdir_internet) { + print $aptconfig "deb $_\n\n"; + } } close($aptconfig); mkpath "$rootimg_dir/etc"; - - my $fd; open($fd,">>","$rootimg_dir/etc/fstab"); print $fd "#Dummy fstab for dpkg postscripts to see\n"; @@ -292,11 +294,18 @@ unless ($onlyinitrd) { my $aptcmd2; # Check whether a local Ubuntu mirror is specified - # if linuximage.pkgdir has second mirror is set, we consider the second mirror as a full Ubuntu mirror - if ($pkgdir_internet) { - my $mirrorurl = $pkgdir_internet; - $mirrorurl =~ s/ .*$//g; # get the url part of mirror path - $aptcmd2 = "--verbose --arch $uarch $dist $rootimg_dir $mirrorurl"; + # if linuximage.pkgdir has http mirror is set, we consider the first http mirror + # as a full Ubuntu mirror which will be used to create bootstrap + if (@pkgdir_internet) { + my $mirrorurl = $pkgdir_internet[0]; + if ($pkgdir_internet[0] =~ /(http.*?) +([^ ]+)/) { + $mirrorurl = $1; + $dist = $2; + $aptcmd2 = "--verbose --arch $uarch $dist $rootimg_dir $mirrorurl"; + } else { + print "Error: In pkgdir, the first http mirror path must includes http URL and distribute name."; + exit 1; + } } else { if ($uarch eq 'ppc64el') { $aptcmd2 = "--verbose --arch $uarch $dist $rootimg_dir http://ports.ubuntu.com/ubuntu-ports/"; @@ -305,9 +314,36 @@ unless ($onlyinitrd) { } } - mkpath("$rootimg_dir/var/lib/dpkg"); - mkpath("$rootimg_dir/var/lib/apt"); + print "Run cmd [$aptcmd1 $aptcmd2] to create rootimage bootstraps\n"; + my $rc = system("$aptcmd1 $aptcmd2"); + if ($rc) { + print "Error: cannnot create bootstraps for rootimage. Make sure you specified full http mirror path.\n"; + exit 1; + } + + # Prepare the installation mirror for the package install + print("Mount /proc, /dev, /sys, pkgdir and otherpkgdir to the rootimg.\n"); + mount_chroot($rootimg_dir, $otherpkgsdir_local, $srcdir, $kerneldir); + + # Add mirrors from pkgdir attributes to rootimage for the pkg install from pkglist + open($aptconfig,">","$rootimg_dir/etc/apt/sources.list"); + if ($srcdir) { + my $master = xCAT::TableUtils->get_site_Master(); + print $aptconfig "deb http://$master$srcdir $dist main\n"; + } + + foreach (@pkgdir_internet) { + print $aptconfig "deb $_\n"; + } + + close($aptconfig); + + # run apt-get upgrade to update any installed debs + my $aptgetcmd_update = $aptgetcmd . "&&". $aptgetcmdby . " upgrade "; + $rc = system("$aptgetcmd_update"); + + # Start to install pkgs in pkglist unless ($imagename) { $pkglist= imgutils::get_profile_def_filename($osver, $profile, $arch, $customdir, "pkglist"); unless ($pkglist) { @@ -370,40 +406,22 @@ unless ($onlyinitrd) { push @npa, $p; } } - $pkgnames .= join(',', @npa); + $pkgnames .= join(' ', @npa); } my $envlist; if(exists $pkg_hash{$pass}{ENVLIST}){ $envlist = join(',', @{$pkg_hash{$pass}{ENVLIST}}); } - print "$envlist $aptcmd1 --include=$pkgnames $aptcmd2\n"; - my $rc = system("$envlist $aptcmd1 --include=$pkgnames $aptcmd2"); + print "$envlist $aptgetcmdby install $pkgnames\n"; + my $rc = system("$envlist $aptgetcmdby install --allow-unauthenticated $pkgnames"); if ($rc) { - print "apt invocation failed\n"; + print "Failed to install packages $pkgnames\n"; exit 1; } } - print("Mount /proc, /dev, /sys, pkgdir and otherpkgdir to the rootimg.\n"); - mount_chroot($rootimg_dir, $otherpkgsdir_local, $srcdir, $kerneldir); - - # Add the local repo from MN temporarily for apt-get update/upgrade - open($aptconfig,">","$rootimg_dir/etc/apt/sources.list"); - print $aptconfig "deb file:///mnt/pkgdir/ $dist main\n"; - if (-d "$rootimage_dir/mnt/kerneldir") { - print $aptconfig "deb file:///mnt/kerneldir/ $dist main\n"; - } - close($aptconfig); - { - # run apt-get upgrade to update any installed debs - # needed when running genimage again after updating software in repositories - #my $aptgetcmd_update = $yumcmd_base . " upgrade "; - my $aptgetcmd_update = $aptgetcmd . "&&". $aptgetcmdby . " upgrade "; - $rc = system("$aptgetcmd_update"); - - ############################################################# # The section below is used to install kernel base and extra# ############################################################# @@ -411,10 +429,9 @@ unless ($onlyinitrd) { if ($kernelver) { $kernelimage = "linux-image-$kernelver linux-image-extra-$kernelver linux-firmware"; } - my $aptgetcmd_install = $aptgetcmd . "&&". $aptgetcmdby. " install --no-install-recommends ".$kernelimage; + my $aptgetcmd_install = $aptgetcmdby. " install --no-install-recommends ".$kernelimage; $rc = system("$aptgetcmd_install"); } - } #add the other package directory to for apt-get install @@ -555,11 +572,6 @@ unless ($onlyinitrd) { print("Umount /proc, /dev, /sys, pkgdir and otherpkgdir to the rootimg.\n"); umount_chroot($rootimg_dir); - # Add the local repo from MN - my $master = xCAT::TableUtils->get_site_Master(); - open($aptconfig,">","$rootimg_dir/etc/apt/sources.list"); - print $aptconfig "deb http://$master$srcdir $dist main\n"; - close($aptconfig); `rm -fr $rootimg_dir/etc/apt/sources.list.d/genimage1.apt.list`; #recover the /etc/hosts & /etc/reslov.conf @@ -1857,12 +1869,17 @@ sub mount_chroot { my $otherpkgdir = shift; my $pkgdir = shift; my $kerneldir = shift; - mkdir("$rootimage_dir/mnt/pkgdir"); - mkdir("$rootimage_dir/mnt/otherpkgdir"); #system("mount -o bind /dev $rootimage_dir/dev"); #system("mount -o bind /proc $rootimage_dir/proc"); #system("mount -o bind /sys $rootimage_dir/sys"); - system("mount -o bind $pkgdir $rootimage_dir/mnt/pkgdir"); + if ($pkgdir) { + if (-d $pkgdir) { + mkdir("$rootimage_dir/mnt/pkgdir"); + system("mount -o bind $pkgdir $rootimage_dir/mnt/pkgdir"); + } else { + print "The specified pkgdir $pkgdir does not exist!\n" + } + } if ($kerneldir){ if(-d $kerneldir){ mkdir("$rootimage_dir/mnt/kerneldir"); @@ -1873,6 +1890,7 @@ sub mount_chroot { } if ($otherpkgdir){ + mkdir("$rootimage_dir/mnt/otherpkgdir"); if(-d $otherpkgdir){ system("mount --rbind $otherpkgdir $rootimage_dir/mnt/otherpkgdir"); }else{ From 700a192025cc042c51a1f6d345c588995fabf1c8 Mon Sep 17 00:00:00 2001 From: baiyuan Date: Thu, 12 Feb 2015 22:55:34 -0500 Subject: [PATCH 05/12] defect 4571 /etc/network/interfaces overwriten after firstboot --- xCAT-server/share/xcat/install/ubuntu/compute.tmpl | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/xCAT-server/share/xcat/install/ubuntu/compute.tmpl b/xCAT-server/share/xcat/install/ubuntu/compute.tmpl index a0d3fa0cc..746ba7152 100644 --- a/xCAT-server/share/xcat/install/ubuntu/compute.tmpl +++ b/xCAT-server/share/xcat/install/ubuntu/compute.tmpl @@ -131,5 +131,6 @@ d-i preseed/late_command string wget http://`cat /tmp/xcatserver`/install/autoin mount -o bind /dev /target/dev; \ mount -o bind /dev/pts /target/dev/pts -t devpts; \ mount -o bind /sys /target/sys; \ - chroot /target /root/post.script + chroot /target /root/post.script; \ + cp /target/etc/network/interfaces /etc/network/interfaces From 59d1f82f9b82215eea224249d8ea35601429f8b1 Mon Sep 17 00:00:00 2001 From: baiyuan Date: Thu, 12 Feb 2015 22:55:47 -0500 Subject: [PATCH 06/12] defect 4571 /etc/network/interfaces overwriten after firstboot --- xCAT-server/share/xcat/install/ubuntu/service.tmpl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/xCAT-server/share/xcat/install/ubuntu/service.tmpl b/xCAT-server/share/xcat/install/ubuntu/service.tmpl index ca87469ee..ec6ef2d77 100644 --- a/xCAT-server/share/xcat/install/ubuntu/service.tmpl +++ b/xCAT-server/share/xcat/install/ubuntu/service.tmpl @@ -131,5 +131,5 @@ d-i preseed/late_command string wget http://`cat /tmp/xcatserver`/install/autoin mount -o bind /dev /target/dev; \ mount -o bind /dev/pts /target/dev/pts -t devpts; \ mount -o bind /sys /target/sys; \ - chroot /target /root/post.script - + chroot /target /root/post.script; \ + cp /target/etc/network/interfaces /etc/network/interfaces From 355bea4aa4788df6fda167c935420ddde90d8e58 Mon Sep 17 00:00:00 2001 From: daniceexi Date: Fri, 13 Feb 2015 03:07:51 -0500 Subject: [PATCH 07/12] Continue the change for avoiding sslv3 --- xCAT-client/bin/pping | 6 ++++++ xCAT-client/bin/ppping | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/xCAT-client/bin/pping b/xCAT-client/bin/pping index 40af26b2e..66f5f6231 100755 --- a/xCAT-client/bin/pping +++ b/xCAT-client/bin/pping @@ -59,6 +59,11 @@ if ($::NOEXPAND) { # this is when ppping is calling us and has already expanded @nodes = split(/,/, $noderange); } else { # the normal case of the user running the cmd - expand the noderange using xcatd + my %sslargs; + if (defined($ENV{'XCATSSLVER'})) { + $sslargs{SSL_version} = $ENV{'XCATSSLVER'}; + } + my $client = IO::Socket::SSL->new( PeerAddr=>$xcathost, SSL_key_file=> xCAT::Utils->getHomeDir()."/.xcat/client-cred.pem", @@ -66,6 +71,7 @@ else { # the normal case of the user running the cmd - expand the noderange us SSL_ca_file => xCAT::Utils->getHomeDir()."/.xcat/ca.pem", SSL_use_cert => 1, SSL_verify_mode => 1, + %sslargs, ); die "Connection failure: $!\n" unless ($client); my %cmdref = (command => 'noderange', noderange => $noderange); diff --git a/xCAT-client/bin/ppping b/xCAT-client/bin/ppping index 1dcad30ad..f570d3c02 100755 --- a/xCAT-client/bin/ppping +++ b/xCAT-client/bin/ppping @@ -77,12 +77,18 @@ my $noderange = $ARGV[0]; my @user = getpwuid($>); my $homedir=$user[7]; +my %sslargs; +if (defined($ENV{'XCATSSLVER'})) { + $sslargs{SSL_version} = $ENV{'XCATSSLVER'}; +} + my $client = IO::Socket::SSL->new( PeerAddr=>$xcathost, SSL_key_file=>$homedir."/.xcat/client-cred.pem", SSL_cert_file=>$homedir."/.xcat/client-cred.pem", SSL_ca_file => $homedir."/.xcat/ca.pem", SSL_use_cert => 1, + %sslargs, #SSL_verify_mode => 1, ); die "Connection failure: $!\n" unless ($client); From 58015df28ebdb3672436ae236254bbc8d7ca269e Mon Sep 17 00:00:00 2001 From: daniceexi Date: Fri, 13 Feb 2015 03:31:30 -0500 Subject: [PATCH 08/12] Temporarily removed the autoset sslversion to TLSv1 in 2.9 since it's not stable. But customer can enable it manually --- xCAT-client/xCAT-client.spec | 3 ++- xCAT-server/sbin/xcatconfig | 12 ++++++------ 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/xCAT-client/xCAT-client.spec b/xCAT-client/xCAT-client.spec index 116e4d369..d0a716eca 100644 --- a/xCAT-client/xCAT-client.spec +++ b/xCAT-client/xCAT-client.spec @@ -298,7 +298,8 @@ EOF if [ -r /etc/SuSE-release ]; then ver=`grep 'VERSION' /etc/SuSE-release | awk -F= '{print $2}' | sed 's/ //g'` if [ "$ver" = "11" ]; then - echo 'export XCATSSLVER=TLSv1' >> /etc/profile.d/xcat.sh + echo + #echo 'export XCATSSLVER=TLSv1' >> /etc/profile.d/xcat.sh fi fi diff --git a/xCAT-server/sbin/xcatconfig b/xCAT-server/sbin/xcatconfig index 3dcc2c344..6a4f785cf 100755 --- a/xCAT-server/sbin/xcatconfig +++ b/xCAT-server/sbin/xcatconfig @@ -1250,7 +1250,7 @@ sub initDB $chtabcmds .= "$::XCATROOT/sbin/chtab key=cleanupxcatpost site.value=no;"; $chtabcmds .= "$::XCATROOT/sbin/chtab key=dhcplease site.value=43200;"; $chtabcmds .= "$::XCATROOT/sbin/chtab key=auditnosyslog site.value=0;"; - $chtabcmds .= "$::XCATROOT/sbin/chtab key=xcatsslversion site.value=TLSv1;"; + #$chtabcmds .= "$::XCATROOT/sbin/chtab key=xcatsslversion site.value=TLSv1;"; #$chtabcmds .= "$::XCATROOT/sbin/chtab key=useflowcontrol site.value=yes;"; # need to fix 4031 if ($::osname eq 'AIX') @@ -1507,11 +1507,11 @@ sub initDB # add default value to site.xcatsslversion $cmds = "$::XCATROOT/sbin/chtab key=xcatsslversion site.value=TLSv1;"; - $outref = xCAT::Utils->runcmd("$cmds", 0); - if ($::RUNCMD_RC != 0) - { - xCAT::MsgUtils->message('E',"Could not add default value for site.xcatsslversion."); - } + #$outref = xCAT::Utils->runcmd("$cmds", 0); + #if ($::RUNCMD_RC != 0) + #{ + # xCAT::MsgUtils->message('E',"Could not add default value for site.xcatsslversion."); + #} From f0f850daa07baae99ecdf8aa41a9fc72632eda19 Mon Sep 17 00:00:00 2001 From: daniceexi Date: Fri, 13 Feb 2015 03:44:04 -0500 Subject: [PATCH 09/12] changed the definition of installnic and primarynic in Schema.pm:noderes table --- perl-xCAT/xCAT/Schema.pm | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/perl-xCAT/xCAT/Schema.pm b/perl-xCAT/xCAT/Schema.pm index 0a1666b63..a89f9c508 100755 --- a/perl-xCAT/xCAT/Schema.pm +++ b/perl-xCAT/xCAT/Schema.pm @@ -649,8 +649,8 @@ noderes => { nfsserver => 'The NFS or HTTP server for this node (as known by this node).', monserver => 'The monitoring aggregation point for this node. The format is "x,y" where x is the ip address as known by the management node and y is the ip address as known by the node.', nfsdir => 'The path that should be mounted from the NFS server.', - installnic => 'The network adapter on the node that will be used for OS deployment, the installnic can be set to the network adapter name or the mac address or the keyword "mac" which means that the network interface specified by the mac address in the mac table will be used. If not set, primarynic will be used.', - primarynic => 'The network adapter on the node that will be used for xCAT management, the primarynic can be set to the network adapter name or the mac address or the keyword "mac" which means that the network interface specified by the mac address in the mac table will be used. Default is eth0.', + installnic => 'The network adapter on the node that will be used for OS deployment, the installnic can be set to the network adapter name or the mac address or the keyword "mac" which means that the network interface specified by the mac address in the mac table will be used. If not set, primarynic will be used. If primarynic is not set too, the keyword "mac" will be used as default.', + primarynic => 'This attribute will be deprecated. All the used network interface will be determined by installnic. The network adapter on the node that will be used for xCAT management, the primarynic can be set to the network adapter name or the mac address or the keyword "mac" which means that the network interface specified by the mac address in the mac table will be used. Default is eth0.', discoverynics => 'If specified, force discovery to occur on specific network adapters only, regardless of detected connectivity. Syntax can be simply "eth2,eth3" to restrict discovery to whatever happens to come up as eth2 and eth3, or by driver name such as "bnx2:0,bnx2:1" to specify the first two adapters managed by the bnx2 driver', cmdinterface => 'Not currently used.', xcatmaster => 'The hostname of the xCAT service node (as known by this node). This acts as the default value for nfsserver and tftpserver, if they are not set. If xcatmaster is not set, the node will use whoever responds to its boot request as its master. For the directed bootp case for POWER, it will use the management node if xcatmaster is not set.', @@ -756,7 +756,7 @@ linuximage => { boottarget => 'The name of the boottarget definition. When this attribute is set, xCAT will use the kernel, initrd and kernel params defined in the boottarget definition instead of the default.', addkcmdline=> 'User specified arguments to be passed to the kernel. The user arguments are appended to xCAT.s default kernel arguments. This attribute is ignored if linuximage.boottarget is set.', pkglist => 'The fully qualified name of the file that stores the distro packages list that will be included in the image. Make sure that if the pkgs in the pkglist have dependency pkgs, the dependency pkgs should be found in one of the pkgdir', - pkgdir => 'The name of the directory where the distro packages are stored. It could be set multiple paths.The multiple paths must be seperated by ",". The first path in the value of osimage.pkgdir must be the OS base pkg dir path, such as pkgdir=/install/rhels6.2/x86_64,/install/updates . In the os base pkg path, there are default repository data. And in the other pkg path(s), the users should make sure there are repository data. If not, use "createrepo" command to create them. For ubuntu, multiple mirrors can be specified in the pkgdir attribute, the mirrors must be prefixed by the protocol(http/ssh) and delimited with "," between each other', + pkgdir => 'The name of the directory where the distro packages are stored. It could be set multiple paths.The multiple paths must be seperated by ",". The first path in the value of osimage.pkgdir must be the OS base pkg dir path, such as pkgdir=/install/rhels6.2/x86_64,/install/updates . In the os base pkg path, there are default repository data. And in the other pkg path(s), the users should make sure there are repository data. If not, use "createrepo" command to create them. For ubuntu, multiple mirrors can be specified in the pkgdir attribute, the mirrors must be prefixed by the protocol(http/ssh) and delimited with "," between each other.', otherpkglist => 'The fully qualified name of the file that stores non-distro package lists that will be included in the image.', otherpkgdir => 'The base directory where the non-distro packages are stored. Only 1 local directory supported at present.', exlist => 'The fully qualified name of the file that stores the file names and directory names that will be excluded from the image during packimage command. It is used for diskless image only.', From 0d9fa3e9da0054ce0b010802b6efe8d55fa95f30 Mon Sep 17 00:00:00 2001 From: ertaozh Date: Sat, 14 Feb 2015 22:07:40 -0500 Subject: [PATCH 10/12] fix bug 4434 :mkvm vm --full could not add all the resource to vm --- perl-xCAT/xCAT/FSPvm.pm | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/perl-xCAT/xCAT/FSPvm.pm b/perl-xCAT/xCAT/FSPvm.pm index 28eaea952..3eb86ea01 100644 --- a/perl-xCAT/xCAT/FSPvm.pm +++ b/perl-xCAT/xCAT/FSPvm.pm @@ -1738,7 +1738,7 @@ sub parse_part_get_info { $hash->{process_units_avail} = $2; } elsif ($line =~ /Authority Lpar id:(\w+)/i) { $hash->{service_lparid} = $1; - } elsif ($line =~ /(\d+),(\d+),[^,]*,(\w+),\w*\(([\w| |-|_]*)\)/) { + } elsif ($line =~ /(\d+),(\d+),[^,]*,(\w+),\w*\(([\w| |-|_|\/]*)\)/) { $hash->{bus}->{$3}->{cur_lparid} = $1; $hash->{bus}->{$3}->{bus_slot} = $2; $hash->{bus}->{$3}->{des} = $4; @@ -2001,7 +2001,7 @@ sub query_cec_info { last; } #push @result, [@td[3], $rethash, 0]; - push @result, @$rethash; + #push @result, @$rethash; } } if ($args->{updatedb} and %lpar_hash) { From 8c1c62d93f1fe9c7765099094e007de5de2e9212 Mon Sep 17 00:00:00 2001 From: ertaozh Date: Sat, 14 Feb 2015 22:21:53 -0500 Subject: [PATCH 11/12] fix bug 4433: chvm CN add_physlots= returns "Can not get hypervisor information" --- perl-xCAT/xCAT/FSPvm.pm | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/perl-xCAT/xCAT/FSPvm.pm b/perl-xCAT/xCAT/FSPvm.pm index 3eb86ea01..16d310bac 100644 --- a/perl-xCAT/xCAT/FSPvm.pm +++ b/perl-xCAT/xCAT/FSPvm.pm @@ -928,7 +928,7 @@ sub do_op_extra_cmds { } if (@query_array) { my $rethash = query_cec_info_actions($request, $name, $d, 1, \@query_array); - unless (scalar keys(%$memhash)) { + unless (scalar keys(%$rethash)) { push @values, [$mtms, "Can not get hypervisor information", 1]; next; } From 05bf778e6c7763953f7096ccac9af203f274926e Mon Sep 17 00:00:00 2001 From: litingt Date: Sat, 14 Feb 2015 20:43:46 -0800 Subject: [PATCH 12/12] remove enter character which causes failure in some cases --- xCAT-test/autotest/testcase/xcatstanzafile/cases0 | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/xCAT-test/autotest/testcase/xcatstanzafile/cases0 b/xCAT-test/autotest/testcase/xcatstanzafile/cases0 index f55632a5f..0ce9b052f 100644 --- a/xCAT-test/autotest/testcase/xcatstanzafile/cases0 +++ b/xCAT-test/autotest/testcase/xcatstanzafile/cases0 @@ -16,8 +16,7 @@ end start:xcatstanzafile_normal os:Aix description:xcatstanzafile in normal format -cmd:echo "default-node:\n groups=all,compute\n testnode:\n objtype=node\n xcatmaster=MS02.ppd.pok.com\n nfsserver=IS227.p -pd.pok.com" > testfile +cmd:echo "default-node:\n groups=all,compute\n testnode:\n objtype=node\n xcatmaster=MS02.ppd.pok.com\n nfsserver=IS227.ppd.pok.com" > testfile check:rc==0 cmd:cat testfile|chdef -z check:rc==0 @@ -105,8 +104,7 @@ end start:xcatstanzafile_tab os:Aix description:xcatstanzafile,line with tab and space -cmd:echo "default-node:\n groups=all,compute\n testnode:\n objtype=node\n xcatmaster = MS02.ppd.pok.com\n nfsserver= -IS227.ppd.pok.com" > testfile +cmd:echo "default-node:\n groups=all,compute\n testnode:\n objtype=node\n xcatmaster = MS02.ppd.pok.com\n nfsserver=IS227.ppd.pok.com" > testfile check:rc==0 cmd:cat testfile|mkdef -z check:rc==0 @@ -131,8 +129,7 @@ end start:xcatstanzafile_multattr os:Aix description:xcatstanzafile,line with multiple attribute -cmd:echo "default-node:\n groups=all,compute\n testnode:\n objtype=node\n xcatmaster= MS02.ppd.pok.com nfsserver=IS227.ppd.pok. -com" > testfile +cmd:echo "default-node:\n groups=all,compute\n testnode:\n objtype=node\n xcatmaster= MS02.ppd.pok.com nfsserver=IS227.ppd.pok.com" > testfile check:rc==0 cmd:cat testfile|mkdef -z check:rc==0 @@ -161,8 +158,7 @@ start:xcatstanzafile_defaultvalue os:Aix description:xcatstanzafile,If the header name is ``default-:'' the attribute values in the stanza are considered default va lues for subsequent definitions in the file that are the same object type. -cmd:echo "default-node:\n groups=all,compute\n testnode:\n objtype=node\n xcatmaster= MS02.ppd.pok.com\n nfsserver=IS227. -ppd.pok.com" > testfile +cmd:echo "default-node:\n groups=all,compute\n testnode:\n objtype=node\n xcatmaster= MS02.ppd.pok.com\n nfsserver=IS227.ppd.pok.com" > testfile check:rc==0 cmd:cat testfile|mkdef -z check:rc==0