From b176fc3d15a745778e0d6cd9bebacbf42b327d44 Mon Sep 17 00:00:00 2001 From: immarvin Date: Fri, 13 Oct 2017 04:59:14 -0400 Subject: [PATCH 1/4] fix [OpenBMC] rspconfig sshcfg issue where keys are not copied seems to be in xCAT #4074 --- xCAT-server/lib/xcat/plugins/openbmc.pm | 72 ++++++++++++++++++------- 1 file changed, 53 insertions(+), 19 deletions(-) diff --git a/xCAT-server/lib/xcat/plugins/openbmc.pm b/xCAT-server/lib/xcat/plugins/openbmc.pm index 408a4b0fc..1940a0bf8 100644 --- a/xCAT-server/lib/xcat/plugins/openbmc.pm +++ b/xCAT-server/lib/xcat/plugins/openbmc.pm @@ -20,9 +20,11 @@ use HTTP::Async; use HTTP::Cookies; use File::Basename; use File::Spec; +use File::Copy qw/copy cp mv move/; use Data::Dumper; use Getopt::Long; use xCAT::OPENBMC; +use xCAT::RemoteShellExp; use xCAT::Utils; use xCAT::Table; use xCAT::Usage; @@ -1912,38 +1914,70 @@ sub rspconfig_sshcfg_response { my $response_info = decode_json $response->content; - use xCAT::RShellAPI; if ($node_info{$node}{cur_status} eq "RSPCONFIG_SSHCFG_RESPONSE") { my $bmcip = $node_info{$node}{bmc}; my $userid = $node_info{$node}{username}; my $userpw = $node_info{$node}{password}; - my $filename = "/root/.ssh/id_rsa.pub"; - # Read in contents of the id_rsa.pub file - open my $fh, '<', $filename or die "Error opening $filename: $!"; - my $id_rsa_pub_contents = do { local $/; <$fh> }; + my $home = xCAT::Utils->getHomeDir("root"); + #generate the copy.sh to do real work on target bmc + open(FILE, ">$home/.ssh/copy.sh") + or die "cannot open file $home/.ssh/copy.sh\n"; + print FILE "#!/bin/sh +umask 0077 +home=`egrep \"^$userid:\" /etc/passwd | cut -f6 -d :` +if [ -n \"\$home\" ]; then + dest_dir=\"\$home/.ssh\" +else + home=`su - root -c pwd` + dest_dir=\"\$home/.ssh\" +fi +mkdir -p \$dest_dir +cat /tmp/$userid/.ssh/id_rsa.pub >> \$home/.ssh/authorized_keys 2>&1 +rm -f /tmp/$userid/.ssh/* 2>&1 +rmdir \"/tmp/$userid/.ssh\" +rmdir \"/tmp/$userid\" \n"; + close FILE; + chmod 0700, "$home/.ssh/copy.sh"; - # Login and append content of the read in id_rsa.pub file to the authorized_keys file on BMC - my $output = xCAT::RShellAPI::run_remote_shell_api($bmcip, $userid, $userpw, 0, 0, "mkdir -p ~/.ssh; echo \"$id_rsa_pub_contents\" >> ~/.ssh/authorized_keys"); - - # If error was returned from executing command above. Display it to the user. - # output[0] contains 1 is error, output[1] contains error messages - if (@$output[0] == 1) { - xCAT::SvrUtils::sendmsg("Error copying ssh keys to $bmcip:\n" . @$output[1], $callback, $node); + mkdir "$home/.ssh/tmp"; + # create authorized_keys file to be appended to target + if (-f "/etc/xCATMN") { # if on Management Node + copy("$home/.ssh/id_rsa.pub","$home/.ssh/tmp/authorized_keys"); + } else { + copy("$home/.ssh/authorized_keys","$home/.ssh/tmp/authorized_keys"); } - # For unknown reason, "echo" command above can fail (1 in 5), but return code 0 still returned. - # There is nothing we can do but to just test if authorized_keys file was not created - # and ask the user to rerun the command - my $file_test_output = xCAT::RShellAPI::run_remote_shell_api($bmcip, $userid, $userpw, 0, 0, "[ ! -f ~/.ssh/authorized_keys ] && uptime"); - if (@$file_test_output[1] =~ "load average") { - # If file was not there, we run "uptime" command and then look for "load average" in the output. - # If file was there, "uptime" command is not executed + + + #backup the previous $ENV{DSH_REMOTE_PASSWORD},$ENV{'DSH_FROM_USERID'} + my $bak_DSH_REMOTE_PASSWORD=$ENV{'DSH_REMOTE_PASSWORD'}; + my $bak_DSH_FROM_USERID=$ENV{'DSH_FROM_USERID'}; + + #xCAT::RemoteShellExp->remoteshellexp dependes on environment + #variables $ENV{DSH_REMOTE_PASSWORD},$ENV{'DSH_FROM_USERID'} + $ENV{'DSH_REMOTE_PASSWORD'}=$userpw; + $ENV{'DSH_FROM_USERID'}=$userid; + + #send ssh public key from MN to bmc + my $rc=xCAT::RemoteShellExp->remoteshellexp("s",$callback,"/usr/bin/ssh",$bmcip,10); + if ($rc) { + xCAT::SvrUtils::sendmsg("Error copying ssh keys to $bmcip\n", $callback, $node); + } + + #check whether the ssh keys has been sent successfully + $rc=xCAT::RemoteShellExp->remoteshellexp("t",$callback,"/usr/bin/ssh",$bmcip,10); + if ($rc) { xCAT::SvrUtils::sendmsg("Error copying ssh keys to $bmcip Rerun rspconfig command.", $callback, $node); } else { xCAT::SvrUtils::sendmsg("ssh keys copied to $bmcip", $callback, $node); } + + #restore env variables + $ENV{'DSH_REMOTE_PASSWORD'}=$bak_DSH_REMOTE_PASSWORD; + $ENV{'DSH_FROM_USERID'}=$bak_DSH_FROM_USERID; } + if ($next_status{ $node_info{$node}{cur_status} }) { $node_info{$node}{cur_status} = $next_status{ $node_info{$node}{cur_status} }; gen_send_request($node); From d7d56ddd7b34f44ddc263a76a8bd5cee43d12131 Mon Sep 17 00:00:00 2001 From: immarvin Date: Mon, 16 Oct 2017 03:41:23 -0400 Subject: [PATCH 2/4] remove intermidiate files after rspconfig --- xCAT-server/lib/xcat/plugins/openbmc.pm | 3 +++ 1 file changed, 3 insertions(+) diff --git a/xCAT-server/lib/xcat/plugins/openbmc.pm b/xCAT-server/lib/xcat/plugins/openbmc.pm index 1940a0bf8..3d98d3b4c 100644 --- a/xCAT-server/lib/xcat/plugins/openbmc.pm +++ b/xCAT-server/lib/xcat/plugins/openbmc.pm @@ -1976,6 +1976,9 @@ rmdir \"/tmp/$userid\" \n"; #restore env variables $ENV{'DSH_REMOTE_PASSWORD'}=$bak_DSH_REMOTE_PASSWORD; $ENV{'DSH_FROM_USERID'}=$bak_DSH_FROM_USERID; + + #remove intermediate files + unlink "$home/.ssh/copy.sh","$home/.ssh/tmp/authorized_keys"; } if ($next_status{ $node_info{$node}{cur_status} }) { From 1b1e2267a8ecc485d2a6600fbc8b37f3d0108ab2 Mon Sep 17 00:00:00 2001 From: immarvin Date: Tue, 17 Oct 2017 23:18:04 -0400 Subject: [PATCH 3/4] remove /.ssh/tmp/ directory --- xCAT-server/lib/xcat/plugins/openbmc.pm | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/xCAT-server/lib/xcat/plugins/openbmc.pm b/xCAT-server/lib/xcat/plugins/openbmc.pm index 3d98d3b4c..5ce89416f 100644 --- a/xCAT-server/lib/xcat/plugins/openbmc.pm +++ b/xCAT-server/lib/xcat/plugins/openbmc.pm @@ -21,6 +21,7 @@ use HTTP::Cookies; use File::Basename; use File::Spec; use File::Copy qw/copy cp mv move/; +use File::Path; use Data::Dumper; use Getopt::Long; use xCAT::OPENBMC; @@ -1978,7 +1979,8 @@ rmdir \"/tmp/$userid\" \n"; $ENV{'DSH_FROM_USERID'}=$bak_DSH_FROM_USERID; #remove intermediate files - unlink "$home/.ssh/copy.sh","$home/.ssh/tmp/authorized_keys"; + unlink "$home/.ssh/copy.sh"; + File::Path->remove_tree("$home/.ssh/tmp/"); } if ($next_status{ $node_info{$node}{cur_status} }) { From 2e63607c8c4bfe13e516000dff0ae05c374e8839 Mon Sep 17 00:00:00 2001 From: immarvin Date: Wed, 18 Oct 2017 02:46:56 -0400 Subject: [PATCH 4/4] refine the message in rspconfig sshcfg --- perl-xCAT/xCAT/RemoteShellExp.pm | 8 ++++---- xCAT-server/lib/xcat/plugins/openbmc.pm | 18 +++++++++--------- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/perl-xCAT/xCAT/RemoteShellExp.pm b/perl-xCAT/xCAT/RemoteShellExp.pm index 19ee11541..fd4ecef22 100755 --- a/perl-xCAT/xCAT/RemoteShellExp.pm +++ b/perl-xCAT/xCAT/RemoteShellExp.pm @@ -466,7 +466,7 @@ sub testkeys return 0; } else { my $rsp = {}; - $rsp->{error}->[0] = $msg; + $rsp->{error}->[0] = "Testing the ssh connection to $nodes failed:".$msg; xCAT::MsgUtils->message("E", $rsp, $::CALLBACK); return 1; } @@ -598,7 +598,7 @@ sub sendnodeskeys $rc = 0; } else { my $rsp = {}; - $rsp->{error}->[0] = "mkdir:$node has error,$msg"; + $rsp->{error}->[0] = "Failed to run \"/bin/mkdir -p /tmp/$to_userid/.ssh\" on $node: $msg"; xCAT::MsgUtils->message("E", $rsp, $::CALLBACK); $rc = 1; } @@ -686,7 +686,7 @@ sub sendnodeskeys $rc = 0; } else { my $rsp = {}; - $rsp->{error}->[0] = "copykeys:$node has error,$msg"; + $rsp->{error}->[0] = "Failed to copy ssh credentials and helper script to $node: $msg"; xCAT::MsgUtils->message("E", $rsp, $::CALLBACK); $rc = 1; } @@ -771,7 +771,7 @@ sub sendnodeskeys $rc = 0; } else { my $rsp = {}; - $rsp->{error}->[0] = "copy.sh:$node has error,$msg"; + $rsp->{error}->[0] = "Failed to apply the ssh keys on $node:$msg"; xCAT::MsgUtils->message("E", $rsp, $::CALLBACK); $rc = 1; } diff --git a/xCAT-server/lib/xcat/plugins/openbmc.pm b/xCAT-server/lib/xcat/plugins/openbmc.pm index 5ce89416f..5c5b2f318 100644 --- a/xCAT-server/lib/xcat/plugins/openbmc.pm +++ b/xCAT-server/lib/xcat/plugins/openbmc.pm @@ -1963,15 +1963,15 @@ rmdir \"/tmp/$userid\" \n"; my $rc=xCAT::RemoteShellExp->remoteshellexp("s",$callback,"/usr/bin/ssh",$bmcip,10); if ($rc) { xCAT::SvrUtils::sendmsg("Error copying ssh keys to $bmcip\n", $callback, $node); - } - - #check whether the ssh keys has been sent successfully - $rc=xCAT::RemoteShellExp->remoteshellexp("t",$callback,"/usr/bin/ssh",$bmcip,10); - if ($rc) { - xCAT::SvrUtils::sendmsg("Error copying ssh keys to $bmcip Rerun rspconfig command.", $callback, $node); - } - else { - xCAT::SvrUtils::sendmsg("ssh keys copied to $bmcip", $callback, $node); + }else{ + #check whether the ssh keys has been sent successfully + $rc=xCAT::RemoteShellExp->remoteshellexp("t",$callback,"/usr/bin/ssh",$bmcip,10); + if ($rc) { + xCAT::SvrUtils::sendmsg("Testing the ssh connection to $bmcip failed. Please rerun rspconfig command.", $callback, $node); + } + else { + xCAT::SvrUtils::sendmsg("ssh keys copied to $bmcip", $callback, $node); + } } #restore env variables