http://sourceforge.net/mailarchive/forum.php?thread_id=14178525&forum_id=10334
From: [EMAIL PROTECTED] on behalf of mike _
Sent: Tue 27/06/2006 01:29
To: [email protected]
Subject: Re: [Sisuite-users] Deploy image over ssh
I thought I sent this message on the 23rd. I'm not convinced it
went
out though since it doesn't appear in the archives at
http://sourceforge.net/mailarchive/forum.php?forum=sisuite-users
whilst
more recent messages do.
So I'm sending it again.
> It appears that
one important file regarding SSH support is missing from the
> RPM
package, the file is README.ssh_support and you can read it here:
> http://svn.systemimager.org/filedetails.php?repname=systemimager&path=%2Ftrunk%2FREADME.ssh_support&rev=0&sc=1
I
built 3.6.3 from source and had seen that file. It confused me at
the time
though because nowhere had I found reference to the need to
be running a web
server on the systemimager server for ssh installs
and I didn't see why I
needed to.
> These 2 files should also provide you with hints
regarding how SSH support
> works. Basically you need to enable the
DHCP option and then the script
> will realize that and grab the files via
wget (I assume via https?) instead
> of via rsync:
> http://svn.systemimager.org/filedetails.php?repname=systemimager&path=%2Ftrunk%2Finitrd_source%2Fskel%2Fetc%2Finit.d%2Ffunctions&rev=0&sc=1
>
http://svn.systemimager.org/filedetails.php?repname=systemimager&path=%2Ftrunk%2Finitrd_source%2Fskel%2Fetc%2Finit.d%2FrcS&rev=0&sc=1
Yes,
reading those files was very helpful, thanks.
The bit about needing to
enable the DHCP option - I didn't do that
because there is already a DHCP
server on the network which the
clients use and will need to use if I start
using systemimager to
deploy and manage machines where I work. (a decision
which is not
entirely up to me.)
Anyway I now have imaging a machine
over ssh working in addition to
being able to retrieve the image of the
golden client over ssh as
previously mentioned.
To get image
deployment over ssh to work I had to to make an
alteration to the source file
initrd_source/skel/etc/init.d/rcS,
recompile, install (make clean &&
make install_initrd) and make a new
boot cd with si_mkautoinstallcd.
I
had to do this because by default the imaging process (or whatever
you call
it) tries to do an rsync operation before the call to
start_ssh which opens
the ssh tunnel to the systemimager server and I
have the rsync port on the
systemimager server firewalled off -
-----begin snip of
initrd_source/build_dir/etc/init.d/rcS-----
get_scripts_directory
autodetect_hardware_and_load_modules
if
[ ! -z $SSH_DOWNLOAD_URL ]; then
echo
echo start_ssh
start_ssh
fi
-----end snip of
initrd_source/build_dir/etc/init.d/rcS-----
Whilst
get_boel_binaries_tarball looks to see SSH_DOWNLOAD_URL has
been specified
and then uses wget instead of rsync,
get_scripts_directory doesn't, it just
uses rsync regardless. So if
the rsync port is firewalled it fails.
So
I moved the call to get_scripts_directory to after the if [ !
-z
$SSH_DOWNLOAD_URL ] bit. That way the rsync command
in
get_scripts_directory succeeds because the ssh tunnel is already
open.
I guess that i could also have altered get_scripts_directory to
use
wget if $SSH_DOWNLOAD_URL is specified but just moving the
function
call was easier :)
Having get_scripts_directory called before
start_ssh seems like a bug
to me. By my logic if you are doing the image
installs over ssh you
will have the rsync port on the image server firewalled
off. What's
the point of running it all over ssh if you still leave the rsync
port
open for anyone who finds it to pull the image files out
through?
Next up is making si_updateclient work over ssh which will have
to
wait until next week. If it's going over ssh it'll mean having
a
private ssh key on the client. Currently I'm pulling the images off
the
server by connecting as root. Putting a private ssh key for root
on the
clients seems like a Bad Idea, even if they do have sensible
permissions set.
Maybe I'll set up another user with permission to
read the image files...
hmmmm. Maybe in practice doing si_updateclient
over ssh isn't necessary.
(Maybe doing any of it over ssh isn't
necessary but it's nice to try :)
)
I'll try and make my notes easier to read and put them
online
somewhere at some point.
regards,
mike
Using
Tomcat but need to do more? Need to support web services, security?
Get stuff
done quickly with pre-integrated technology to make your job easier
Download
IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Sisuite-users
mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/sisuite-users
Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Sisuite-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/sisuite-users
