We have a document on changing the management node name / ip address. It will also tell you how to generate new SSL certificates to match the new name.
https://sourceforge.net/apps/mediawiki/xcat/index.php?title=Changing_the_Management_Node_Hostname_and/or_IP A few things that can help is run updatenode <n> -k to your service nodes and then your nodes. You also might want to run updatenode -s to the servicenodes and your nodes. ( see man updatenode). Test with updatenode <nodename> -V -P mytest where you create a simple my test postscript in /install/postscripts. getpostscript.awk would not actually be used if you have precreatemypostscripts=yes and the wget succeeds. Check /tmp/wget.log on the nodes and see if there are any failures after running updatenode. After all you changes have you run a new nodeset for your node. Is this a diskfull or diskless install. If you are running with precreatemypostscripts=yes, then you should have in /tftpboot/mypostscripts/mypostscript.<nodename> file. That will be generated by nodeset or updatenode. Lissa K. Valletta 8-3/B10 Poughkeepsie, NY 12601 (tie 293) 433-3102 From: "Pocina, Goran" <[email protected]> To: "'xCAT Users Mailing list'" <[email protected]>, Date: 10/25/2013 12:03 PM Subject: [xcat-user] getpostscripts.awk & management node rename Hi, This is running xCAT 2.8.2 and installing CentOS 5.9 and 6.4. getpostscript.awk is not returning postscripts, but we got them working again by patching post.xcat so that getpostscripts.awk is no longer called. Can anyone suggest how I can find out why getpostscript.awk isn't returning postscripts? Thanks Notes: Several changes were made including deploying service nodes, renaming the management node, and setting site.precreatemypostscripts=yes. The policy table wasn't changed, and the original certificates and ssh keys are still in use. Normal xCAT commands work. Mknb has been run. Postscripts weren't being run until the following changes were made to: /opt/xcat/share/xcat/install/scripts/post.xcat [root@drdxcatm scripts]# diff -c post.xcat.orig post.xcat *** post.xcat.orig 2013-10-23 20:35:56.880161267 -0400 --- post.xcat 2013-10-23 18:14:33.159644728 -0400 *************** *** 30,35 **** --- 30,36 ---- rm -rf /xcatpost/mypostscript export NODE=#TABLE:nodelist:THISNODE:node# wget -N --waitretry=10 --random-wait -T 60 http://$i $TFTPDIR/mypostscripts/mypostscript.$NODE -P /xcatpost 2> /tmp/wget.log + chmod +x /xcatpost/* # GP mv /xcatpost/mypostscript.$NODE /xcatpost/mypostscript if [ ! -x /usr/bin/openssl ]; then #Stop if no openssl to help the next bit *************** *** 39,46 **** export USEOPENSSLFORXCAT XCATSERVER=$i:3001 export XCATSERVER ! mv $i/postscripts /xcatpost ! rm -rf $i # If mypostscript doesn't exist, we will get it through getpostscript.awk if [ ! -x /xcatpost/mypostscript ]; then --- 40,47 ---- export USEOPENSSLFORXCAT XCATSERVER=$i:3001 export XCATSERVER ! #GP mv $i/postscripts /xcatpost ! #GP rm -rf $i # If mypostscript doesn't exist, we will get it through getpostscript.awk if [ ! -x /xcatpost/mypostscript ]; then Postscripts are being installed now, however I'm guessing the reason they stopped working in the first place was because getpostscript.awk stopped working. It's still not working, but the patch above prevents it from being called. Below is the output from getpostscript.awk. The output is the same whether or not an argument is provided. export USEOPENSSLFORXCAT=1 export XCATSERVER=149.77.53.252:3001 bash-4.1# ./getpostscript.awk restore-fqdn <xcatresponse> <serverdone></serverdone> </xcatresponse> Running the openssl command manually produces the error below, which I believe is a "normal" warning whenever self-signed certificates are used. #!/bin/bash export XCATSERVER=149.77.53.252:3001 openssl s_client -connect $XCATSERVER<<! <xcatrequest> <command>getpostscript</command> </xcatrequest> ! depth=1 CN = xCAT CA verify error:num=19:self signed certificate in certificate chain verify return:0 DONE BTW. The output above is the error output. The standard output from the openssl command is copied below. The original management node name was "drdkvm0003". The new name is drdxcatm: CONNECTED(00000003) --- Certificate chain 0 s:/CN=drdkvm0003.nyc.desres.deshaw.com i:/CN=xCAT CA 1 s:/CN=xCAT CA i:/CN=xCAT CA --- Server certificate -----BEGIN CERTIFICATE----- MIIDMzCCAhugAwIBAgIBATANBgkqhkiG9w0BAQUFADASMRAwDgYDVQQDEwd4Q0FU IENBMB4XDTEyMDQxMjEzNDY1MVoXDTMyMDQwNzEzNDY1MVowKzEpMCcGA1UEAxMg ZHJka3ZtMDAwMy5ueWMuZGVzcmVzLmRlc2hhdy5jb20wggEiMA0GCSqGSIb3DQEB AQUAA4IBDwAwggEKAoIBAQC+Go5rqsQOLme5xrx8yIIwRr2voAD4nqf5FhLYrr3R xDEVZRkZw43Fw/ZVCSZRsmIq5/V544Hqk+qb8dDo0KrMOtOXzz+mSwkyw0VGN5FH 8RPKQ+BRCISNFkgzX790lN5/4EaPxtC/nDggSHIRiRpMz7F6iEKHDqtu8gPBJcDz sJcxc593Sry4Q/SjstMrEmrBTHkQKdbfMwf+eE6b4Q155VcQt5COcqQ+bxNrOzrq OwV4zNn8syy+GxHbZ3691QN4PUiJlVIYOsOULNKtTQ4Je79qhf/bKNtU6odi8MmB fbQSNjm4gwmm4eWoOZzuu5tJBshTC4Ou7WBFt3QkkDHjAgMBAAGjezB5MAkGA1Ud EwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmlj YXRlMB0GA1UdDgQWBBTz9285iV/08D7XzWVoAnyet2fxhzAfBgNVHSMEGDAWgBQx ggCAcpGVHau7y/tpGPV6pyNYJzANBgkqhkiG9w0BAQUFAAOCAQEAeUaCn8W+ZK5a kSH3wTVOpvi+2xvFMwox7mIvwoA7FETMUTerp9sNpL/Q60d2IfcuPC06NDKPKB/x qpxfLnF0WxBFba/8yAA+s8GrpvZJQUkQCFJtBkLp0C5PLqgkGDWDXA/RhNFxj/h/ Ctkistwp/7oxUcbGGCgCT+YeKQRx7TdNPXgCgA2XDBIPYxOXhivFTksSXCOQn0+C EO0tSrdbZJr+1e7MxBe4jJ3wqOZ4Y2eKbHCF5a6LXNngLe27Y2pLRDguEX7s+Mao tLhUYuCm9b9iXGPg4dpYhKnAedwH0VALLbSWSZfJd0os+LLrtgD3mNYjWMoFfTQA 4YrVFpf3/A== -----END CERTIFICATE----- subject=/CN=drdkvm0003.nyc.desres.deshaw.com issuer=/CN=xCAT CA --- No client certificate CA names sent --- SSL handshake has read 1949 bytes and written 451 bytes --- New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: zlib compression Expansion: zlib compression SSL-Session: Protocol : TLSv1 Cipher : AES256-SHA Session-ID: 27B4EE0FCC14B149BD95DE683A3DC4A774146E574345F6E1EA76FA66E00C827B Session-ID-ctx: Master-Key: 3840BEDB1A50D43AB61A932ECF6243C228BFCD37C57809F555C99B4A9AB5157B630CF6376E1247F56A2A48E2D480F17A Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None TLS session ticket: 0000 - 3c f3 c4 61 86 de a0 67-e9 b8 e1 87 0c f5 b4 41 <..a...g.......A 0010 - 80 cc 73 ff d1 62 cf 22-0e 43 0f 7e c6 2c c2 d4 ..s..b.".C.~.,.. 0020 - b0 5b a7 a5 7a da 58 c8-3c 3a 44 8e 47 48 87 4b .[..z.X.<:D.GH.K 0030 - f7 0f 2e ea 51 d0 32 90-19 f9 c4 98 92 c4 12 ae ....Q.2......... 0040 - 4b 3e 69 ef a1 a9 a6 a3-6e dd 05 35 e7 d1 ec 3c K>i.....n..5...< 0050 - d4 87 14 54 24 b4 3f 30-ec 9e 7e 74 a7 51 21 29 ...T $.?0..~t.Q!) 0060 - 90 b1 c5 80 0f 75 ec 0c-a8 98 d3 bd dd 33 51 14 .....u.......3Q. 0070 - 75 da d1 18 cd f0 f2 64-7d ac 72 fb 91 9c d0 9b u......d}.r..... 0080 - 55 be f1 b4 e0 75 ec 3d-8a b2 71 0f c3 57 bb 11 U....u.=..q..W.. 0090 - 4f 75 dd ee 72 70 2d 3d-61 f4 91 b1 e6 b1 9b 0c Ou..rp-=a....... Compression: 1 (zlib compression) Start Time: 1382711249 Timeout : 300 (sec) Verify return code: 19 (self signed certificate in certificate chain) --- ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk _______________________________________________ xCAT-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/xcat-user
<<inline: graycol.gif>>
------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60135991&iu=/4140/ostg.clktrk
_______________________________________________ xCAT-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/xcat-user
