Also if remoteshell is invoked directly as a postscript ('updatenode
node0086c -V -P remoteshell') it produces the same result, but does not
prompt for a password (like invoking xdsh -K directly doesn't), and copies
everything over except id_rsa. So actually the prompting for a password is
specific to updatenode -k, not xdsh -K or the remoteshell postscript (which
run that). So I'm not sure if that is relevant to the underlying problem or
not, but if I do invoke updatenode -k and supply it the password it copies
the id_rsa to the node.
On Mon, Mar 7, 2016 at 2:12 PM, Josh Nielsen <[email protected]>
wrote:
> Hello,
>
> When we freshly deploy a node from the kickstart and run our postscripts
> we noticed that for some reason the /root/.ssh/id_rsa file which allows
> passwordless login from that node to other nodes is missing, though this
> was not the case just a few months ago. When I try to generate the key
> manually it prompts for a password, after which it will copy/create that
> file successfully (see below), but there are a few odd things connected to
> this.
>
> The error is:
> updatenode node0087c -k
> Enter the password for the userid: root on the node where the ssh keys
> will be updated:
>
> The first oddity is that even after supplying the password once for a
> particular node it will prompt for the password every time if I run it
> again, as well as the related problem that this never used to happen before
> and the key used to be created without issue or prompting for a password.
> The 'passwd' xCAT table has the password for root (if that is where it
> looks for this command).
>
> Secondly I have done several manual debugging steps (and poking around
> source code to see what is happening) and I have run the actual xdsh
> command that is called, shown from the -V verbose output (which it prints
> two of, the first apparently to prep the SNs and run the 'remoteshell'
> postscript on them, and the second to actually do the same to the node
> specified).
>
> xdsh sn1,sn2 --nodestatus -s -v -e /install/postscripts/xcatdsklspost 5 -m
> [MN_IP] 'remoteshell,servicenode' --tftp /tftpboot --installdir /install
> --nfsv4 no -c -V
>
> xdsh node0086c --nodestatus -s -v -e /install/postscripts/xcatdsklspost 5
> -m [SN1_IP] 'remoteshell' --tftp /tftpboot --installdir /install --nfsv4 no
> -c -V
>
> This did not reveal anything useful, except that when invoked directly
> like this no password is prompted for and it runs, but still leaves out the
> id_rsa file. I followed also the suggestion by Wang Xaiopeng in this thread
> (*http://tinyurl.com/jz2jzmb <http://tinyurl.com/jz2jzmb>)* to test the
> getcredentials call with:
>
> 1. Enable mini server
> /xcatpost/allowcred.awk &
>
> 2.Try to get rsa hostkey
> USEOPENSSLFORXCAT=yes XCATSERVER=<MNIP>:3001 /xcatpost/getcredentials.awk
> ssh_rsa_hostkey
> This returned ssh_rsa_hostkey sucessfully. When remoteshell is run
> (whether with updatenode -k or xdsh -K) it actually does copy over the key
> files into /etc/ssh/ and it copies known_hosts, copy.sh, and
> authorized_keys into /root/.ssh on the compute node but omits id_rsa. What
> could be going wrong here?
>
> Regards,
> Josh Nielsen
>
>
>
------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://makebettercode.com/inteldaal-eval
_______________________________________________
xCAT-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/xcat-user
