Hello , we have removed the empty file /etc/ssh/ssh_host_dsa_key on the node after : we rerun the updatenode -k -V command
the file /etc/ssh/ssh_host_dsa_key is created but empty ... and a the end of the -V ... we seen this command : xcatsmp2: Internal call command: xdsh nsdgen07-adm -s -v -e /install/postscripts/xcatdsklspost 5 -m 172.16.162.202 'remoteshell,servicenode' why servicenode ? thanks see below the output : [root@xcatsmp2-adm postscripts]# updatenode nsdgen07-adm -k -V Enter the password for the userid: root on the node where the ssh keys will be updated: Running command on xcatsmp2-adm: /bin/hostname 2>&1 Running command on xcatsmp2-adm: ifconfig -a| grep "inet" 2>&1 Running internal xCAT command: makeknownhosts ... Running command on xcatsmp2-adm: cat /root/.ssh/known_hosts > /root/.ssh/known_hosts.backup 2>&1 Running command on xcatsmp2-adm: /bin/sed -e "/^nsdgen07-adm[,| ]/d; /^172.16.162.7[,| ]/d;" /root/.ssh/known_hosts > /tmp/13416 2>&1 Running command on xcatsmp2-adm: cat /tmp/13416 > /root/.ssh/known_hosts 2>&1 Running command on xcatsmp2-adm: rm -f /tmp/13416 2>&1 xcatsmp2: run makeknownhosts to clean known_hosts file for nodes: nsdgen07-adm Running internal xCAT command: xdsh ... Running command on xcatsmp2-adm: /bin/hostname 2>&1 Running command on xcatsmp2-adm: ifconfig -a| grep "inet" 2>&1 xcatsmp2: Internal call command: xdsh -K. nodes = nsdgen07-adm, arguments = -K, env = DSH_TO_USERID=root DSH_FROM_USERID=root XCATROOT=/opt/xcat DSH_REMOTE_PASSWORD=sdflkj xcatsmp2: return messages of last command: Copying SSH Keys Running command on xcatsmp2-adm: cp /root/.ssh/id_rsa.pub /install/postscripts/_ssh/authorized_keys 2>&1 cp /root/.ssh/id_rsa.pub /install/postscripts/_ssh/authorized_keys succeeded. Running command on xcatsmp2-adm: cp /root/.ssh/id_rsa.pub /root/.ssh/tmp/authorized_keys 2>&1 cp /root/.ssh/id_rsa.pub /root/.ssh/tmp/authorized_keys succeeded. Running command on xcatsmp2-adm: cp /root/.ssh/copy.sh /install/postscripts/_ssh/copy.sh 2>&1 /usr/bin/ssh setup is complete. return code = 0 nsdgen07-adm: Setup ssh keys has completed. xcatsmp2: Internal call command: xdsh nsdgen07-adm -s -v -e /install/postscripts/xcatdsklspost 5 -m 172.16.162.202 'remoteshell,servicenode' Running command on xcatsmp2-adm: /opt/xcat/bin/pping nsdgen07-adm 2>&1 Bonne réception / Bests Regards Patrick Jaeger 17 Avenue De L'europe HPC I/T Specialist Bois Colombes Cedex, 92275 ECIS 6520AA France ITS Phone: +33-1-5875-2455 Mobile: +33-6.7192.2077 e-mail: [email protected] From: Lissa Valletta <[email protected]> To: xCAT Users Mailing list <[email protected]> Cc: xCAT Users Mailing list <[email protected]> Date: 25/06/2012 15:46 Subject: Re: [xcat-user] On install ssh_host keys are not properly set Remove the empty file /etc/ssh/ssh_host_dsa_key on the node, and run updatenode -k again. I have seen this issue with a failure when this file is created empty after a previous update try, but have been unable to recreate the problem. The best thing to debug is run updatenode -k -V and see the output and where it stops. You are not using service nodes correct? I expect when you remove the file, the problem may go away. Lissa K. Valletta 2-3/T12 Poughkeepsie, NY 12601 (tie 293) 433-3102 Patrick Jaeger ---06/25/2012 09:06:19 AM---Thank you for the answer. The postscripts all have the proper rights : 755. From: Patrick Jaeger <[email protected]> To: xCAT Users Mailing list <[email protected]> Date: 06/25/2012 09:06 AM Subject: Re: [xcat-user] On install ssh_host keys are not properly set Thank you for the answer. The postscripts all have the proper rights : 755. We think the postscripts don't run because the authorized_keys has not been created in /root/.ssh, actually even directory .ssh is not created. When running updatenode -k, the authorized_keys is properly created and we can then rerun the postscripts with success. But the "updatenode -k" command loops for ever without succesfully transfering ssh_host_dsa_key. On the node /etc/ssh/ssh_host_dsa_key is an empty file, so it seems postscript remoteshell does not succed in geting the hostkey files from the master. We can't figure out why and it seems to keep trying forever. On the xCAT server in /etc/xcat/hostkeys we do have a copy of all the server ssh_host keys, the private keys have 600 and the public keys have 644. Is there some log where we could find hints as to why the transfer fails ? Thank you for your help. Bonne réception / Bests Regards Patrick Jaeger 17 Avenue De L'europe HPC I/T Specialist Bois Colombes Cedex, 92275 ECIS 6520AA France ITS e-mail: [email protected] From: Lissa Valletta <[email protected]> To: xCAT Users Mailing list <[email protected]> Cc: xCAT Users Mailing list <[email protected]> Date: 25/06/2012 14:09 Subject: Re: [xcat-user] On install ssh_host keys are not properly set The first problem is why the postscripts did not run during the install. One typical cause of this is if any file in /install/postscripts or it's subdirectories is not world-readable (0744) is a good setting for those files. On the node after the install are two files, there is a wget.log in /tmp and a file /xcatpost/mypostscript. This script is run during the install and by updatenode. Try running updatenode -P -V and see how far it gets. If you can xdsh to the node without a password prompt, we should be able to run updatenode -P -V and maybe understand why your postscripts are not running, what is hanging it. updatenode -P -V does not directly run the postscripts , it creates and runs a /xcatpost/mypostscript file which should have all the environment variables needed for the script, set. It does also sound like one possibility is the node does not have name resolution or a correct ip address for the Management node. It needs that for the wget of the postscripts from the node to the MN during the install or the updatenode. when you run the updatenode -P -V you should see an output like the following: rhsn: Internal call command: xdsh cn1 -s -v -e /install/postscripts/xcatdsklspost 1 -m 10.16.0.103 '' Is the address an address that the node can contact the management node. On the node, look in /xcatpost/mypostscript and check what are the settings of MASTER. Was a new file created when you ran updatenode -P -V, it should have been. Lissa K. Valletta 2-3/T12 Poughkeepsie, NY 12601 (tie 293) 433-3102 Patrick Jaeger ---06/22/2012 11:42:07 AM---Hello, We are installing an x3550M4 rhel6.2 cluster with xCAT 2.7.2. We have got From: Patrick Jaeger <[email protected]> To: xCAT Users Mailing list <[email protected]> Date: 06/22/2012 11:42 AM Subject: [xcat-user] On install ssh_host keys are not properly set Hello, We are installing an x3550M4 rhel6.2 cluster with xCAT 2.7.2. We have got to the point where rinstall causes an rhel6.2 system to be installed on a client. But the installation seems incorrect : 1/ When we try to log on to the node it asks for a password. We supplied it and discovered that directory /root/.ssh was not created. 2/ We also discovered that /etc/ssh/ssh_host* files were not the expected copies of /etc/xcat/hostkeys/ssh_host* and sshd_config and ssh_config have their original values 3/ syslog postscript was not run sot the syslog is not redirected to xcatserver 4/ syncfile did not bring any file 5/ file /tmp/ks-script-30ymnI.log contains the following error message :mv: cannot stat `xxx.xx.xxx.xxx/postscripts' No such file or directory (where xxx.xxx.xxx.xxx is my xcatserver address) 6/ During boot the console displayed : /xcatpost/updateflag.awk:22 remote host and port information (3002, installation booted) invalid We tried to see whether we could solve the issue by running updatenode -k. This did create the authorized_keys file and we can now log to the node without giving a password. But after the Setup ssh keys has completed message is displayed, updatenode remains frozen. We can log on to the node and we see that .ssh/authorized_keys has been created and some change in /etc/ssh, ssh_config and sshd_config have been updated there is an sshd_config.ORIG and ssh_host_dsa_key is now a 0 byte file. To go further, we restarted xcatd to end the frozen updatenode -k. We then tried updatenode -P syslog. It causes syslog to be redirected to @ with no address, because that postscript uses global variable MASTER to redirect syslog and that variable does not exist (it seems updatenode does not provide it). Any suggestion is welcome. Thank you for your help, Bonne réception / Bests Regards Patrick Jaeger 17 Avenue De L'europe HPC I/T Specialist Bois Colombes Cedex, 92275 ECIS 6520AA France ITS e-mail: [email protected] Sauf indication contraire ci-dessus:/ Unless stated otherwise above: Compagnie IBM France Siège Social : 17 avenue de l'Europe, 92275 Bois-Colombes Cedex RCS Nanterre 552 118 465 Forme Sociale : S.A.S. Capital Social : 639.291.962.10 ? SIREN/SIRET : 552 118 465 03644 - Code NAF 6202A ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ xCAT-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/xcat-user ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ xCAT-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/xcat-user Sauf indication contraire ci-dessus:/ Unless stated otherwise above: Compagnie IBM France Siège Social : 17 avenue de l'Europe, 92275 Bois-Colombes Cedex RCS Nanterre 552 118 465 Forme Sociale : S.A.S. Capital Social : 639.291.962.10 ? SIREN/SIRET : 552 118 465 03644 - Code NAF 6202A ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ xCAT-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/xcat-user ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ xCAT-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/xcat-user Sauf indication contraire ci-dessus:/ Unless stated otherwise above: Compagnie IBM France Siège Social : 17 avenue de l'Europe, 92275 Bois-Colombes Cedex RCS Nanterre 552 118 465 Forme Sociale : S.A.S. Capital Social : 639.291.962.10 ? SIREN/SIRET : 552 118 465 03644 - Code NAF 6202A
<<image/gif>>
<<image/gif>>
<<image/gif>>
<<image/gif>>
<<image/gif>>
<<image/gif>>
<<image/gif>>
<<image/gif>>
<<image/gif>>
<<image/gif>>
<<image/gif>>
<<image/gif>>
<<image/gif>>
<<image/gif>>
<<image/gif>>
<<image/gif>>
<<image/gif>>
<<image/gif>>
<<image/gif>>
<<image/gif>>
<<image/gif>>
<<image/gif>>
<<image/gif>>
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ xCAT-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/xcat-user
