From 21dc4d7fadaa80c9f87805b46693a52b7c08c767 Mon Sep 17 00:00:00 2001 From: Eric Thibodeau Date: Fri, 22 Aug 2008 00:15:47 -0400 Subject: Pull out most of config_ssh() into it's own stand-alone script - it's to be called by users to set up passwordless login to the nodes A simple call to /usr/sbin/setup-pwdless-ssh and it works NOTES: - No claims are made to this approache's security - Placement of the script in /usr/sbin is questionnable since regular users don't have that in their regular $PATH --- .../livecd/2008.0/overlay/usr/sbin/cluster-setup | 41 ++++++++-------------- 1 file changed, 14 insertions(+), 27 deletions(-) diff --git a/catalyst/livecd/2008.0/overlay/usr/sbin/cluster-setup b/catalyst/livecd/2008.0/overlay/usr/sbin/cluster-setup index fe163ee..e60bf05 100755 --- a/catalyst/livecd/2008.0/overlay/usr/sbin/cluster-setup +++ b/catalyst/livecd/2008.0/overlay/usr/sbin/cluster-setup @@ -1,12 +1,12 @@ #!/bin/bash # Copyright 2008 Eric Thibodeau # All rights reserved. Released under the GPL v2 license. -# This script is written so parts can be reused for liveCD mounting...eventually ;) . /mnt/livecd/sbin/functions.sh CONFDIR="/etc/gentoo" CLUSTER_CONF="$CONFDIR/cluster.conf" LDAP_CONF="$CONFDIR/ldap_auth.conf" +DEFAULT_PWD="test" conf_error() { eerror "CONFIG_OK is not set to 'yes' in $1" @@ -61,37 +61,22 @@ einfo "Checking config files.." # Required external vars: # CLUSTER_CONF:NFSROOT config_ssh(){ + # KEY_NAME has to be the same as defined in setup-pwdless-ssh for this to work KEY_NAME="node_dsa" - NETADDR="$(sipcalc ${CLUSTER_ETH} | egrep 'Network address' | cut -d- -f2)" # The following is needed because $HOME is set to / on the livecd console for some reason - HDIR="/root" - pushd $PWD - - einfo "Setting up passwordless ssh for root between master and the nodes" - mkdir -p $HDIR/.ssh/ $NFSROOT/root/.ssh/ - cd $HDIR/.ssh/ - ssh-keygen -t dsa -b 1024 -f $KEY_NAME -N "" - cat $KEY_NAME.pub >> $NFSROOT/root/.ssh/authorized_keys - cat >> $HDIR/.ssh/config <<-EOF - # Auto-generated by $0 to ease the use of passwordless logins for all users - # Although this approach is questionnable, it's also one of the only way - # to automate some of the master-node configuration/discovery process - # until an Avahi-style approach is implemented. - Host *.gentoo.local ${NETADDR%.[09]*}.* node* - IdentityFile $HDIR/.ssh/$KEY_NAME - StrictHostKeyChecking no - UserKnownHostsFile /dev/null - CheckHostIP no - Compression no - EOF + /usr/sbin/setup-pwdless-ssh + + # the user root is the only one not to share his $HOME...this could change with nfsv4 but we'll copy + # the files to NFSROOT for the moment. + mkdir -p $NFSROOT/root/.ssh/ + cat $HOME/$KEY_NAME.pub >> $NFSROOT/root/.ssh/authorized_keys echo "# we don't use IPV6, the following setting removes undue delays that would be added" >> /etc/ssh/ssh_config echo "AddressFamily inet" >> /etc/ssh/ssh_config - chmod 600 $HDIR/.ssh/* $NFSROOT/root/.ssh/* - chmod 700 $HDIR/.ssh $NFSROOT/root/.ssh - popd + chmod 600 $NFSROOT/root/.ssh/* + chmod 700 $NFSROOT/root/.ssh } ####### Main ######### @@ -109,7 +94,7 @@ if [[ "$1" == "--test" ]]; then # End of 'added by cluster-setup --test' EOF /etc/init.d/net.eth1 restart - echo root:test | chpasswd + echo root:$DEFAULT_PWD | chpasswd /etc/init.d/sshd start sed -i -e's:CONFIG_OK="no":CONFIG_OK="yes":' $CONFDIR/*.conf fi @@ -174,11 +159,13 @@ do_conf $LDAP_CONF "emerge --config =net-nds/ldap-auth-0.1" /etc/init.d/slapd start || ewarn "Slapd did not start! See above for error messages...continuing" einfo "Setting up auth on the $NFSROOT" USE=-authmaster ROOT="$NFSROOT" emerge --config =net-nds/ldap-auth-0.1 +einfo "Tweaking diradm to start UID at 1001 since gentoo user is 1000" +sed -e "s:UIDNUMBERMIN=*:UIDNUMBERMIN=1001" -i /etc/diradm.conf [[ $? == 0 ]] && einfo "Once you have nodes going, restart Torque (pbs_server)" if [[ $1 == "--test" ]]; then echo "Using --test implies the following:" - echo '- root password is "test" and can log on (passwordless) onto nodes !!!!' + echo "- root password is '$DEFAULT_PWD' and can log on (passwordless) onto nodes !!!!" echo '- ldap admin password is "default" !!!!(again)' echo "- eth1 is the cluster's NIC and is set to 10.0.0.1/24" echo '- eth0 is the public nic' -- cgit v1.2.3-65-gdbad