Remove the empty file /etc/ssh/ssh_host_dsa_key on the node, and run updatenode -k again. I have seen this issue with a failure when this file is created empty after a previous update try, but have been unable to recreate the problem. The best thing to debug is run updatenode -k -V and see the output and where it stops. You are not using service nodes correct? I expect when you remove the file, the problem may go away.
Lissa K. Valletta 2-3/T12 Poughkeepsie, NY 12601 (tie 293) 433-3102 From: Patrick Jaeger <[email protected]> To: xCAT Users Mailing list <[email protected]> Date: 06/25/2012 09:06 AM Subject: Re: [xcat-user] On install ssh_host keys are not properly set Thank you for the answer. The postscripts all have the proper rights : 755. We think the postscripts don't run because the authorized_keys has not been created in /root/.ssh, actually even directory .ssh is not created. When running updatenode -k, the authorized_keys is properly created and we can then rerun the postscripts with success. But the "updatenode -k" command loops for ever without succesfully transfering ssh_host_dsa_key. On the node /etc/ssh/ssh_host_dsa_key is an empty file, so it seems postscript remoteshell does not succed in geting the hostkey files from the master. We can't figure out why and it seems to keep trying forever. On the xCAT server in /etc/xcat/hostkeys we do have a copy of all the server ssh_host keys, the private keys have 600 and the public keys have 644. Is there some log where we could find hints as to why the transfer fails ? Thank you for your help. Bonne réception / Bests Regards Patrick 17 Avenue De L'europe Jaeger HPC I/T Bois Colombes Cedex, Specialist 92275 ECIS France 6520AA ITS e-mail: [email protected] From: Lissa Valletta <[email protected]> To: xCAT Users Mailing list <[email protected]> Cc: xCAT Users Mailing list <[email protected]> Date: 25/06/2012 14:09 Subject: Re: [xcat-user] On install ssh_host keys are not properly set The first problem is why the postscripts did not run during the install. One typical cause of this is if any file in /install/postscripts or it's subdirectories is not world-readable (0744) is a good setting for those files. On the node after the install are two files, there is a wget.log in /tmp and a file /xcatpost/mypostscript. This script is run during the install and by updatenode. Try running updatenode -P -V and see how far it gets. If you can xdsh to the node without a password prompt, we should be able to run updatenode -P -V and maybe understand why your postscripts are not running, what is hanging it. updatenode -P -V does not directly run the postscripts , it creates and runs a /xcatpost/mypostscript file which should have all the environment variables needed for the script, set. It does also sound like one possibility is the node does not have name resolution or a correct ip address for the Management node. It needs that for the wget of the postscripts from the node to the MN during the install or the updatenode. when you run the updatenode -P -V you should see an output like the following: rhsn: Internal call command: xdsh cn1 -s -v -e /install/postscripts/xcatdsklspost 1 -m 10.16.0.103 '' Is the address an address that the node can contact the management node. On the node, look in /xcatpost/mypostscript and check what are the settings of MASTER. Was a new file created when you ran updatenode -P -V, it should have been. Lissa K. Valletta 2-3/T12 Poughkeepsie, NY 12601 (tie 293) 433-3102 Inactive hide details for Patrick Jaeger ---06/22/2012 11:42:07 AM---Hello, We are installing an x3550M4 rhel6.2 cluster with xPatrick Jaeger ---06/22/2012 11:42:07 AM---Hello, We are installing an x3550M4 rhel6.2 cluster with xCAT 2.7.2. We have got From: Patrick Jaeger <[email protected]> To: xCAT Users Mailing list <[email protected]> Date: 06/22/2012 11:42 AM Subject: [xcat-user] On install ssh_host keys are not properly set Hello, We are installing an x3550M4 rhel6.2 cluster with xCAT 2.7.2. We have got to the point where rinstall causes an rhel6.2 system to be installed on a client. But the installation seems incorrect : 1/ When we try to log on to the node it asks for a password. We supplied it and discovered that directory /root/.ssh was not created. 2/ We also discovered that /etc/ssh/ssh_host* files were not the expected copies of /etc/xcat/hostkeys/ssh_host* and sshd_config and ssh_config have their original values 3/ syslog postscript was not run sot the syslog is not redirected to xcatserver 4/ syncfile did not bring any file 5/ file /tmp/ks-script-30ymnI.log contains the following error message :mv: cannot stat `xxx.xx.xxx.xxx/postscripts' No such file or directory (where xxx.xxx.xxx.xxx is my xcatserver address) 6/ During boot the console displayed : /xcatpost/updateflag.awk:22 remote host and port information (3002, installation booted) invalid We tried to see whether we could solve the issue by running updatenode -k. This did create the authorized_keys file and we can now log to the node without giving a password. But after the Setup ssh keys has completed message is displayed, updatenode remains frozen. We can log on to the node and we see that .ssh/authorized_keys has been created and some change in /etc/ssh, ssh_config and sshd_config have been updated there is an sshd_config.ORIG and ssh_host_dsa_key is now a 0 byte file. To go further, we restarted xcatd to end the frozen updatenode -k. We then tried updatenode -P syslog. It causes syslog to be redirected to @ with no address, because that postscript uses global variable MASTER to redirect syslog and that variable does not exist (it seems updatenode does not provide it). Any suggestion is welcome. Thank you for your help, Bonne réception / Bests Regards Patrick 17 Avenue De L'europe Jaeger HPC I/T Bois Colombes Cedex, Specialist 92275 ECIS France 6520AA ITS e-mail: [email protected] Sauf indication contraire ci-dessus:/ Unless stated otherwise above: Compagnie IBM France Siège Social : 17 avenue de l'Europe, 92275 Bois-Colombes Cedex RCS Nanterre 552 118 465 Forme Sociale : S.A.S. Capital Social : 639.291.962.10 € SIREN/SIRET : 552 118 465 03644 - Code NAF 6202A ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ xCAT-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/xcat-user ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ xCAT-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/xcat-user Sauf indication contraire ci-dessus:/ Unless stated otherwise above: Compagnie IBM France Siège Social : 17 avenue de l'Europe, 92275 Bois-Colombes Cedex RCS Nanterre 552 118 465 Forme Sociale : S.A.S. Capital Social : 639.291.962.10 € SIREN/SIRET : 552 118 465 03644 - Code NAF 6202A ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ xCAT-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/xcat-user
<<inline: graycol.gif>>
<<inline: ecblank.gif>>
<<inline: 3C536461.gif>>
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ xCAT-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/xcat-user
