But it isn't missing, nor empty: # cat /etc/xcat/hostkeys/ssh_host_dsa_key -----BEGIN DSA PRIVATE KEY----- MIIBvAIBAAKBgQCPWuNyJmvv5cbM4fziswR5RT/boZooaFQdXz7jJw8zhx/Y+V3R K8C5ikBQuzJtm0nOy+C1J4sT9ncP4m04R5y3OCqCX60ka5x1N3DAtv2JMoBCu3uZ ...excerpted... 8084a+DNMO/TWcDU4m4IZeLgkVHIe/jg7tInjfTX6JFQlGwtuYGGs2NQP/LrYYZ8 QnnvHLm4615PKcgxOBltXUSzbEW4H180vS+ZmA8y2yOxfJtMDB+3+wkCFQDjSxJQ i7D2jHnS+6W0imBUvge1ng== -----END DSA PRIVATE KEY-----
I will try a regenerate, but there doesn't appear to be anything wrong with the exists contents of /etc/xcat/hostkeys. On 09/12/2013 02:49 PM, Lissa Valletta wrote: > One suggestion is that the hostkey we are trying to download, is no > longer there or is there and the file is empty. Look in your > /etc/xcat/hostkeys directory on the Management Node. > You can regenerate them by running xcatconfig -s on the management node. > > Thanks for pointing out the infinite loop though. I have opened a defect. > https://sourceforge.net/p/xcat/bugs/3781/ > > > > > Lissa K. Valletta > 8-3/B10 > Poughkeepsie, NY 12601 > (tie 293) 433-3102 > > > > Inactive hide details for Jonathan Mills ---09/12/2013 12:13:35 PM---I'm > looking at a real problem with my xCAT installation whJonathan Mills > ---09/12/2013 12:13:35 PM---I'm looking at a real problem with my xCAT > installation where the remoteshell postscript is failing > > From: Jonathan Mills <jonmi...@renci.org> > To: xCAT Users Mailing list <xcat-user@lists.sourceforge.net>, > Date: 09/12/2013 12:13 PM > Subject: [xcat-user] xCAT 2.8.2: Remoteshell postscript infinite loop > with getcredentials.awk failure > > ------------------------------------------------------------------------ > > > > I'm looking at a real problem with my xCAT installation where the > remoteshell postscript is failing to work. > > Digging into the script (line numbers on left), here it spawns a > listener on port 300: > > 66 allowcred.awk & > > You can see the result of that command like so: > # netstat -tulpn | grep awk > tcp 0 0 0.0.0.0:300 0.0.0.0:* > LISTEN 3119/awk > > Then in line 75 of remoteshell it runs getcredentials.awk with the > parameter 'ssh_dsa_hostkey', redirecting the output to /tmp/ssh_dsa_hostkey: > > 75 getcredentials.awk ssh_dsa_hostkey | grep -E -v > '</{0,1}xcatresponse>|</{0,1}serverdone>' | sed -e 's/</</' -e > 's/>/>/' -e 's/&/&/' -e 's/&qu ot/"/' -e "s/'/'/" > > /tmp/ssh_dsa_hostkey > > > What the getcredentials.awk script does is: > "openssl s_client -quiet -connect XCATSERVER:3001" and tells xCATd to > respond on port 300 (opened above from allowcred.awk). > > A correct interaction of these parts has output that looks like: > > # ./getcredentials.awk ssh_dsa_hostkey > <xcatresponse> > <data> > <content> > -----BEGIN DSA PRIVATE KEY----- > MIIBuwIBAAKBgQCzrhm0rTC9FcCnTjuI5QGh7MV2oczIwqBWhBlid7748dcdF23M > KLwbuopN1y2/6l1XmyS2ama+vtbUnpFZ4yQcdX99QXZq3UgZPsVayKmPjgjNmV99 > xm+RMuoMBCkh12dL5JVc1auJKGupaz+yVEol4hCkRAYb/E4Ft/5GroP/jQIVAMHB > .....excerpt...... > dxEhemsBz9FwP7e3VB8yc8T/vXTswuYrDzslGL22Z3Il87MtHXO5pdO5HFLnmPan > w0NyyWKdxfSSwfxbTNRRTVDi7XTg3CfWnsIRI98EsIwmxUe0QcV6lwIVAJdtvPLA > Blck9nPWNaBqTbpBznj+ > -----END DSA PRIVATE KEY----- > </content> > <desc>ssh_dsa_hostkey</desc> > </data> > <errorcode>0</errorcode> > </xcatresponse> > <xcatresponse> > <serverdone></serverdone> > </xcatresponse> > > > However, on my faulty xCAT 2.8.2 install, here is what happens: > > # ./getcredentials.awk ssh_dsa_hostkey > <xcatresponse> > <serverdone></serverdone> > </xcatresponse> > > This leaves /tmp/ssh_dsa_hostkey empty. At line 81 of remoteshell, it > tries to populate /etc/ssh/ssh_host_dsa_key with the value of > /tmp/ssh_dsa_hostkey: > > 81 cat /tmp/ssh_dsa_hostkey | grep -E -v > '</{0,1}data>|</{0,1}content>|</{0,1}desc>' >/etc/ssh/ssh_host_dsa_key > > Then at lines 83 & 84 of remoteshell, it does this: > > 83 MYCONT=`cat /etc/ssh/ssh_host_dsa_key` > 84 while [ -z "$MYCONT" ]; do > > So $MYCONT is always an empty value, thus dropping that while loop into > an infinite loop. > > > Moreover, please note that on my faulty xCAT install, the policy table > is set to allow 'getcredentials': > # tabdump policy > #priority,name,host,commands,noderange,parameters,time,rule,comments,disable > "1","root",,,,,,"allow",, > ......excerpted > "4.4",,,"getpostscript",,,,"allow",, > "4.5",,,"getcredentials",,,,"allow",, > ....etc > > And in /var/log/messages on the XCATMASTER, I can even see where xCATd > is granting these requests: > Sep 8 03:10:59 <xcatmaster_hostname> xCAT: xCAT: Allowing > getcredentials ssh_dsa_hostkey from <hostname> > > > It must be the case that there is a subtle misconfiguration in this xCAT > 2.8.2 installation, as I have other installs of 2.8.2 where this is > working. I would appreciate it if anyone can help me understand why > xCATd is failing to return the ssh_dsa_hostkey. > > -- > Jonathan Mills > Systems Administrator > Renaissance Computing Institute > UNC-Chapel Hill > > ------------------------------------------------------------------------------ > How ServiceNow helps IT people transform IT departments: > 1. Consolidate legacy IT systems to a single system of record for IT > 2. Standardize and globalize service processes across IT > 3. Implement zero-touch automation to replace manual, redundant tasks > http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk > _______________________________________________ > xCAT-user mailing list > xCAT-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/xcat-user > > -- Jonathan Mills Systems Administrator Renaissance Computing Institute UNC-Chapel Hill ------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. Consolidate legacy IT systems to a single system of record for IT 2. Standardize and globalize service processes across IT 3. Implement zero-touch automation to replace manual, redundant tasks http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk _______________________________________________ xCAT-user mailing list xCAT-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xcat-user
