Hi,
This is running xCAT 2.8.2 and installing CentOS 5.9 and 6.4.
getpostscript.awk is not returning postscripts, but we got them working again
by patching post.xcat so that getpostscripts.awk is no longer called.
Can anyone suggest how I can find out why getpostscript.awk isn't returning
postscripts?
Thanks
Notes:
Several changes were made including deploying service nodes, renaming the
management node, and setting site.precreatemypostscripts=yes. The policy
table wasn't changed, and the original certificates and ssh keys are still in
use. Normal xCAT commands work. Mknb has been run.
Postscripts weren't being run until the following changes were made to:
/opt/xcat/share/xcat/install/scripts/post.xcat
[root@drdxcatm scripts]# diff -c post.xcat.orig post.xcat
*** post.xcat.orig 2013-10-23 20:35:56.880161267 -0400
--- post.xcat 2013-10-23 18:14:33.159644728 -0400
***************
*** 30,35 ****
--- 30,36 ----
rm -rf /xcatpost/mypostscript
export NODE=#TABLE:nodelist:THISNODE:node#
wget -N --waitretry=10 --random-wait -T 60
http://$i$TFTPDIR/mypostscripts/mypostscript.$NODE -P /xcatpost 2>
/tmp/wget.log
+ chmod +x /xcatpost/* # GP
mv /xcatpost/mypostscript.$NODE /xcatpost/mypostscript
if [ ! -x /usr/bin/openssl ]; then #Stop if no openssl to
help the next bit
***************
*** 39,46 ****
export USEOPENSSLFORXCAT
XCATSERVER=$i:3001
export XCATSERVER
! mv $i/postscripts /xcatpost
! rm -rf $i
# If mypostscript doesn't exist, we will get it through
getpostscript.awk
if [ ! -x /xcatpost/mypostscript ]; then
--- 40,47 ----
export USEOPENSSLFORXCAT
XCATSERVER=$i:3001
export XCATSERVER
! #GP mv $i/postscripts /xcatpost
! #GP rm -rf $i
# If mypostscript doesn't exist, we will get it through
getpostscript.awk
if [ ! -x /xcatpost/mypostscript ]; then
Postscripts are being installed now, however I'm guessing the reason they
stopped working in the first place was because getpostscript.awk stopped
working. It's still not working, but the patch above prevents it from being
called. Below is the output from getpostscript.awk. The output is the same
whether or not an argument is provided.
export USEOPENSSLFORXCAT=1
export XCATSERVER=149.77.53.252:3001
bash-4.1# ./getpostscript.awk restore-fqdn
<xcatresponse>
<serverdone></serverdone>
</xcatresponse>
Running the openssl command manually produces the error below, which I believe
is a "normal" warning whenever self-signed certificates are used.
#!/bin/bash
export XCATSERVER=149.77.53.252:3001
openssl s_client -connect $XCATSERVER<<!
<xcatrequest>
<command>getpostscript</command>
</xcatrequest>
!
depth=1 CN = xCAT CA
verify error:num=19:self signed certificate in certificate chain
verify return:0
DONE
BTW. The output above is the error output. The standard output from the
openssl command is copied below. The original management node name was
"drdkvm0003". The new name is drdxcatm:
CONNECTED(00000003)
---
Certificate chain
0 s:/CN=drdkvm0003.nyc.desres.deshaw.com
i:/CN=xCAT CA
1 s:/CN=xCAT CA
i:/CN=xCAT CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDMzCCAhugAwIBAgIBATANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd4Q0FU
IENBMB4XDTEyMDQxMjEzNDY1MVoXDTMyMDQwNzEzNDY1MVowKzEpMCcGA1UEAxMg
ZHJka3ZtMDAwMy5ueWMuZGVzcmVzLmRlc2hhdy5jb20wggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQC+Go5rqsQOLme5xrx8yIIwRr2voAD4nqf5FhLYrr3R
xDEVZRkZw43Fw/ZVCSZRsmIq5/V544Hqk+qb8dDo0KrMOtOXzz+mSwkyw0VGN5FH
8RPKQ+BRCISNFkgzX790lN5/4EaPxtC/nDggSHIRiRpMz7F6iEKHDqtu8gPBJcDz
sJcxc593Sry4Q/SjstMrEmrBTHkQKdbfMwf+eE6b4Q155VcQt5COcqQ+bxNrOzrq
OwV4zNn8syy+GxHbZ3691QN4PUiJlVIYOsOULNKtTQ4Je79qhf/bKNtU6odi8MmB
fbQSNjm4gwmm4eWoOZzuu5tJBshTC4Ou7WBFt3QkkDHjAgMBAAGjezB5MAkGA1Ud
EwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmlj
YXRlMB0GA1UdDgQWBBTz9285iV/08D7XzWVoAnyet2fxhzAfBgNVHSMEGDAWgBQx
ggCAcpGVHau7y/tpGPV6pyNYJzANBgkqhkiG9w0BAQUFAAOCAQEAeUaCn8W+ZK5a
kSH3wTVOpvi+2xvFMwox7mIvwoA7FETMUTerp9sNpL/Q60d2IfcuPC06NDKPKB/x
qpxfLnF0WxBFba/8yAA+s8GrpvZJQUkQCFJtBkLp0C5PLqgkGDWDXA/RhNFxj/h/
Ctkistwp/7oxUcbGGCgCT+YeKQRx7TdNPXgCgA2XDBIPYxOXhivFTksSXCOQn0+C
EO0tSrdbZJr+1e7MxBe4jJ3wqOZ4Y2eKbHCF5a6LXNngLe27Y2pLRDguEX7s+Mao
tLhUYuCm9b9iXGPg4dpYhKnAedwH0VALLbSWSZfJd0os+LLrtgD3mNYjWMoFfTQA
4YrVFpf3/A==
-----END CERTIFICATE-----
subject=/CN=drdkvm0003.nyc.desres.deshaw.com
issuer=/CN=xCAT CA
---
No client certificate CA names sent
---
SSL handshake has read 1949 bytes and written 451 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
Protocol : TLSv1
Cipher : AES256-SHA
Session-ID:
27B4EE0FCC14B149BD95DE683A3DC4A774146E574345F6E1EA76FA66E00C827B
Session-ID-ctx:
Master-Key:
3840BEDB1A50D43AB61A932ECF6243C228BFCD37C57809F555C99B4A9AB5157B630CF6376E1247F56A2A48E2D480F17A
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket:
0000 - 3c f3 c4 61 86 de a0 67-e9 b8 e1 87 0c f5 b4 41
<..a...g.......A
0010 - 80 cc 73 ff d1 62 cf 22-0e 43 0f 7e c6 2c c2 d4
..s..b.".C.~.,..
0020 - b0 5b a7 a5 7a da 58 c8-3c 3a 44 8e 47 48 87 4b
.[..z.X.<:D.GH.K
0030 - f7 0f 2e ea 51 d0 32 90-19 f9 c4 98 92 c4 12 ae
....Q.2.........
0040 - 4b 3e 69 ef a1 a9 a6 a3-6e dd 05 35 e7 d1 ec 3c
K>i.....n..5...<
0050 - d4 87 14 54 24 b4 3f 30-ec 9e 7e 74 a7 51 21 29
...T$.?0..~t.Q!)
0060 - 90 b1 c5 80 0f 75 ec 0c-a8 98 d3 bd dd 33 51 14
.....u.......3Q.
0070 - 75 da d1 18 cd f0 f2 64-7d ac 72 fb 91 9c d0 9b
u......d}.r.....
0080 - 55 be f1 b4 e0 75 ec 3d-8a b2 71 0f c3 57 bb 11
U....u.=..q..W..
0090 - 4f 75 dd ee 72 70 2d 3d-61 f4 91 b1 e6 b1 9b 0c
Ou..rp-=a.......
Compression: 1 (zlib compression)
Start Time: 1382711249
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate
chain)
---
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
_______________________________________________
xCAT-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/xcat-user
