-Try to eliminate stunnel requirement in SLES11. This approach is cleaner and I would like to switch completely to it across the board when less risky

git-svn-id: https://svn.code.sf.net/p/xcat/code/xcat-core/trunk@3131 8638fb3e-16cb-4fca-ae20-7b5d299a9bcd

xCAT-server/share/xcat/install/scripts/post.sles11

@@ -75,21 +75,26 @@ do
 
 		if [ "$?" = "0" ]
 		then
-	 rpm -ivh $i/post/otherpkgs/sles11/$NODE_ARCH/stunnel*.rpm
-	 mkdir -p /usr/var/run/stunnel
-         mkdir -p /var/stunnel
-         if [ -x /usr/sbin/stunnel ]; then #Stop if no stunnel to help the next bit
-            echo client=yes > /etc/stunnel/stunnel.conf
-            echo foreground=no >> /etc/stunnel/stunnel.conf
-            echo output=/dev/null >> /etc/stunnel/stunnel.conf
-            echo verify=0 >> /etc/stunnel/stunnel.conf
-            echo '[xcatd]' >> /etc/stunnel/stunnel.conf
-            echo accept=400 >> /etc/stunnel/stunnel.conf
-            echo connect=$i:3001 >> /etc/stunnel/stunnel.conf
+            if [ -x  /usr/bin/stunnel ]; then
+                USEOPENSSLFORXCAT=1
+                export USEOPENSSLFORXCAT
+            else
+                 rpm -ivh $i/post/otherpkgs/sles11/$NODE_ARCH/stunnel*.rpm
+                 mkdir -p /usr/var/run/stunnel
+                     mkdir -p /var/stunnel
+                     if [ -x /usr/sbin/stunnel ]; then #Stop if no stunnel to help the next bit
+                        echo client=yes > /etc/stunnel/stunnel.conf
+                        echo foreground=no >> /etc/stunnel/stunnel.conf
+                        echo output=/dev/null >> /etc/stunnel/stunnel.conf
+                        echo verify=0 >> /etc/stunnel/stunnel.conf
+                        echo '[xcatd]' >> /etc/stunnel/stunnel.conf
+                        echo accept=400 >> /etc/stunnel/stunnel.conf
+                        echo connect=$i:3001 >> /etc/stunnel/stunnel.conf
 
-            stunnel
-            STUN_PID=$!
-            sleep 1
+                        stunnel
+                        STUN_PID=$!
+                        sleep 1
+                     fi
          fi
          mv $i/postscripts /xcatpost
          rm -rf $i
@@ -122,7 +127,9 @@ cd /
 /xcatpost/#TABLE:nodelist:$NODE:node#
 rm -Rf /xcatpost
 rm -f /tmp/mypostscript
-rm -f /etc/stunnel/stunnel.conf
+if [ ! -x /usr/bin/stunnel ]; then 
+    rm -f /etc/stunnel/stunnel.conf
+fi
 rmdir /xcatpost
 ]]>
 

xCAT-server/share/xcat/install/sles/compute.sles11.tmpl

@@ -0,0 +1,85 @@
+<?xml version="1.0"?>
+<!DOCTYPE profile SYSTEM "/usr/share/YaST2/include/autoinstall/profile.dtd">
+<profile xmlns="http://www.suse.com/1.0/yast2ns" xmlns:config="http://www.suse.com/1.0/configns">
+  <install>
+    <bootloader>
+      <write_bootloader config:type="boolean">true</write_bootloader>
+      <activate config:type="boolean">true</activate>
+      <kernel_parameters></kernel_parameters>
+      <lba_support config:type="boolean">false</lba_support>
+      <linear config:type="boolean">false</linear>
+      <location>mbr</location>
+    </bootloader>
+    <general>
+      <clock>
+        <hwclock>GMT</hwclock>
+        <timezone>#TABLE:site:key=timezone:value#</timezone>
+      </clock>
+      <keyboard>
+        <keymap>english-us</keymap>
+      </keyboard>
+      <language>en_US</language>
+      <mode>
+        <confirm config:type="boolean">false</confirm>
+        <forceboot config:type="boolean">false</forceboot>
+        <interactive_boot config:type="boolean">false</interactive_boot>
+        <reboot config:type="boolean">true</reboot>
+      </mode>
+      <mouse>
+        <id>non</id>
+      </mouse>
+    </general>
+    <partitioning config:type="list">
+      <drive>
+        <device>/dev/sda</device>
+        <initialize config:type="boolean">true</initialize>
+        <use>all</use>
+      </drive>
+    </partitioning>
+    <software>
+      <patterns config:type="list">
+        <pattern>base</pattern>
+	    <pattern>x11</pattern>
+      </patterns>
+      <packages config:type="list">
+        <package>xntp</package>
+        <package>rsync</package>
+      </packages>
+    </software>
+  </install>
+  <configure>
+    <users config:type="list">
+      <user>
+        <username>root</username>
+        <user_password>#CRYPT:passwd:key=system,username=root:password#</user_password>
+        <encrypted config:type="boolean">true</encrypted>
+        <forename/>
+        <surname/>
+      </user>
+    </users>
+    <networking>
+      <dns>
+        <dhcp_hostname config:type="boolean">true</dhcp_hostname>
+        <dhcp_resolv config:type="boolean">true</dhcp_resolv>
+        <domain>local</domain>
+        <hostname>linux</hostname>
+      </dns>
+      <interfaces config:type="list">
+        <interface>
+          <bootproto>dhcp</bootproto>
+          <device>eth0</device>
+          <startmode>onboot</startmode>
+        </interface>
+      </interfaces>
+      <routing>
+        <ip_forward config:type="boolean">false</ip_forward>
+        <routes config:type="list"/>
+      </routing>
+    </networking>
+    <scripts>
+   #INCLUDE:../scripts/pre.sles#
+   #INCLUDE:../scripts/chroot.sles#
+   #INCLUDE:../scripts/post.sles11#
+    </scripts>
+  </configure>
+</profile>

xCAT/postscripts/getcredentials.awk

@@ -1,6 +1,10 @@
 #!/usr/bin/awk -f
 BEGIN {
-        server = "/inet/tcp/0/127.0.0.1/400"
+        if (ENVIRON["USEOPENSSLFORXCAT"]) {
+            server = "openssl s_client -quiet -connect " ENVIRON["XCATSERVER"]
+        } else {
+            server = "/inet/tcp/0/127.0.0.1/400"
+        }
         quit = "no"
 
 

xCAT/postscripts/getpostscript.awk

@@ -1,5 +1,12 @@
 #!/usr/bin/awk -f
 BEGIN {
+        if (ENVIRON["USEOPENSSLFORXCAT"]) {
+            server = "openssl s_client -quiet -connect " ENVIRON["XCATSERVER"]
+        } else {
+            server = "/inet/tcp/0/127.0.0.1/400"
+        }
+
+
         server = "/inet/tcp/0/127.0.0.1/400"
         quit = "no"
 

xCAT/postscripts/remoteshell

@@ -38,7 +38,12 @@ fi
 #	cp /xcatpost/hostkeys/*_key /etc/ssh/
 #fi
 if [ ! -x /usr/sbin/stunnel -a ! -x /usr/bin/stunnel ]; then #Stop if no stunnel to help the next bit
-   exit 0
+   if [ -x /usr/bin/openssl ]; then
+      USEOPENSSLFORXCAT=1
+      export USEOPENSSLFORXCAT
+   else 
+       exit 0
+   fi
 fi
 allowcred.awk &
 CREDPID=$!

xCAT/postscripts/xcatclient

@@ -5,8 +5,13 @@
 #
 
 if [ ! -x /usr/sbin/stunnel -a ! -x /usr/bin/stunnel ]; then #Stop if no stunnel to help the next bit
-   exit 0
+   if [ -x /usr/bin/openssl ]; then #Unless we have openssl, then instruct awk scripts to do that instead of stunnel
+      USEOPENSSLFORXCAT=1
+      export USEOPENSSLFORXCAT
+   else 
+       exit 0
    fi
+fi
    allowcred.awk &
    CREDPID=$!
    sleep 1

xCAT/postscripts/xcatdsklspost

@@ -38,10 +38,11 @@ if grep 'rw /rw tmpfs ' /proc/mounts  >& /dev/null; then
 fi
 
 
-mkdir -p /etc/stunnel
-mkdir -p /var/stunnel
-mkdir -p /usr/var/run/stunnel   #at least for SLES11
-
+if [ -x /usr/bin/stunnel -o -x /usr/sbin/stunnel ]; then 
+    mkdir -p /etc/stunnel
+    mkdir -p /var/stunnel
+    mkdir -p /usr/var/run/stunnel   #at least for SLES11
+    
 cat > /etc/stunnel/stunnel.conf << EOF
 client=yes
 foreground=no
@@ -54,6 +55,12 @@ EOF
 echo "connect=$SIP:3001" >> /etc/stunnel/stunnel.conf
 stunnel; 
 sleep 1; 
+elif [ -x /usr/bin/openssl ]; then
+     XCATSERVER="$SIP:3001"
+     export XCATSERVER
+     USEOPENSSLFORXCAT=1
+     export USEOPENSSLFORXCAT
+fi
 mkdir -p /xcatpost; 
 mkdir -p /tmp/postage
 rm -R -f /xcatpost/*
@@ -109,8 +116,10 @@ if [ -x /tmp/mypostscript ];then
 fi
 rm -f /tmp/mypostscript
 
+if [ -x /usr/bin/stunnel -o -x /usr/sbin/stunnel ]; then 
 killall stunnel
 rm -rf /etc/stunnel
+fi
 
 #tell user it is done when this is called by updatenode command
 if [ $# -gt 0 ]; then

xCAT/postscripts/xcatserver

@@ -5,8 +5,13 @@
 #
 
 if [ ! -x /usr/sbin/stunnel -a ! -x /usr/bin/stunnel ]; then #Stop if no stunnel to help the next bit
-   exit 0
+   if [ -x /usr/bin/openssl ]; then
+      USEOPENSSLFORXCAT=1
+      export USEOPENSSLFORXCAT
+   else 
+       exit 0
    fi
+fi
    allowcred.awk &
    CREDPID=$!
    sleep 1