From d6df4819499ca0c39743c698292308218e94b59e Mon Sep 17 00:00:00 2001 From: SStar1314 <1010133787@qq.com> Date: Thu, 20 Aug 2015 20:57:44 +0800 Subject: [PATCH 1/3] xCAT provision Sles11.2 will hang-on when excuting remoteshell script xCAT provision Sles11.2 will hang-on and wait for input passphrase when executing "ssh-keygen -y -f /etc/ssh/ssh_host_ecdsa_key > /etc/ssh/ssh_host_ecdsa_key.pub" command in remoteshell script. Root Cause: Sles11.2 install openssh-5.1p1-41.57.1 build-in package, and this version openssh don't support ecdsa key type. So there needs a openssh support check before ecdsa key generation. In remoteshell script, line 283, we will add "ssh-keygen -t ecdsa -y -f /etc/ssh/ssh_host_ecdsa_key -P "" " command and check the result to judge support or not. --- xCAT/postscripts/remoteshell | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/xCAT/postscripts/remoteshell b/xCAT/postscripts/remoteshell index 8177bee88..19250d036 100755 --- a/xCAT/postscripts/remoteshell +++ b/xCAT/postscripts/remoteshell @@ -281,9 +281,14 @@ if [ -f /etc/ssh/ssh_host_ecdsa_key ]; then if ! grep "PRIVATE KEY" /etc/ssh/ssh_host_ecdsa_key > /dev/null 2>&1 ; then rm /etc/ssh/ssh_host_ecdsa_key else - ssh-keygen -y -f /etc/ssh/ssh_host_ecdsa_key > /etc/ssh/ssh_host_ecdsa_key.pub - chmod 644 /etc/ssh/ssh_host_ecdsa_key.pub - chown root /etc/ssh/ssh_host_ecdsa_key.pub + ssh-keygen -t ecdsa -y -f /etc/ssh/ssh_host_ecdsa_key -P "" + if [ "x$?" = "x0" ]; then + ssh-keygen -y -f /etc/ssh/ssh_host_ecdsa_key > /etc/ssh/ssh_host_ecdsa_key.pub + chmod 644 /etc/ssh/ssh_host_ecdsa_key.pub + chown root /etc/ssh/ssh_host_ecdsa_key.pub + else + rm -fr /etc/ssh/ssh_host_ecdsa_key + fi fi else #This is an error message From 229ee3966c1e79b24d28d075e39bd8cdae8f07ac Mon Sep 17 00:00:00 2001 From: SStar1314 <1010133787@qq.com> Date: Tue, 25 Aug 2015 22:25:24 +0800 Subject: [PATCH 2/3] Update remoteshell --- xCAT/postscripts/remoteshell | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/xCAT/postscripts/remoteshell b/xCAT/postscripts/remoteshell index 19250d036..fb8124440 100755 --- a/xCAT/postscripts/remoteshell +++ b/xCAT/postscripts/remoteshell @@ -281,8 +281,7 @@ if [ -f /etc/ssh/ssh_host_ecdsa_key ]; then if ! grep "PRIVATE KEY" /etc/ssh/ssh_host_ecdsa_key > /dev/null 2>&1 ; then rm /etc/ssh/ssh_host_ecdsa_key else - ssh-keygen -t ecdsa -y -f /etc/ssh/ssh_host_ecdsa_key -P "" - if [ "x$?" = "x0" ]; then + if ssh-keygen -t ecdsa -y -f /etc/ssh/ssh_host_ecdsa_key -P "" &>/dev/null ; then ssh-keygen -y -f /etc/ssh/ssh_host_ecdsa_key > /etc/ssh/ssh_host_ecdsa_key.pub chmod 644 /etc/ssh/ssh_host_ecdsa_key.pub chown root /etc/ssh/ssh_host_ecdsa_key.pub From 745cf10422f66cfedee5ccec1a5abcae338a58ac Mon Sep 17 00:00:00 2001 From: SStar1314 <1010133787@qq.com> Date: Wed, 2 Sep 2015 09:20:28 +0800 Subject: [PATCH 3/3] Add comments to the remoteshell ecdsa key generate produrce. --- xCAT/postscripts/remoteshell | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/xCAT/postscripts/remoteshell b/xCAT/postscripts/remoteshell index fb8124440..bc56b49a7 100755 --- a/xCAT/postscripts/remoteshell +++ b/xCAT/postscripts/remoteshell @@ -281,6 +281,10 @@ if [ -f /etc/ssh/ssh_host_ecdsa_key ]; then if ! grep "PRIVATE KEY" /etc/ssh/ssh_host_ecdsa_key > /dev/null 2>&1 ; then rm /etc/ssh/ssh_host_ecdsa_key else + # Because of openssh version differs, provisioning errors may happen when MN support ecdsa while CN don't ecdsa. + # Judge CN support ecdsa or not. "-t ecdsa" indicate the key type, "-P "" " avoid hang-on and wait for input passphrase when CN don't support ecdsa. + # If ture, means support ecdsa, then generate corresponding key.pub. + # If false, remove ssh_host_ecdsa_key useless file, to avoid future errors. if ssh-keygen -t ecdsa -y -f /etc/ssh/ssh_host_ecdsa_key -P "" &>/dev/null ; then ssh-keygen -y -f /etc/ssh/ssh_host_ecdsa_key > /etc/ssh/ssh_host_ecdsa_key.pub chmod 644 /etc/ssh/ssh_host_ecdsa_key.pub