Re: [xcat-user] getcredentials not working

Xiao Peng Wang Tue, 26 Jan 2016 06:59:47 -0800

Could you try following steps on your compute node?

1. Enable mini server

/xcatpost/allowcred.awk &

2.Try to get rsa hostkey

USEOPENSSLFORXCAT=yes XCATSERVER=<MNIP>:3001 /xcatpost/getcredentials.awk ssh_rsa_hostkey

The output should like:

<xcatresponse>
<data>
<content>
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEArEGTY9i8D/n6Ojtaumwwb0G5ICndNQ9ZcV7LRfcQXGZUcrX9
CyECeechqdlATbMS8gRNrPoKvvrCSvgEvc9m+u7zVn5m/uajWDzn+A/HBtrw0Ksy
hIJ1kgP4iw4qJVC9UJhanjISu9AaMvSuGaf82DjJd1jOYiK7geRS7RCk4nqnagcv
7HbOVnqtd1sb6EP0NaZPzde2IADk+EKaOHqCmPaQs+9O7IqQdVn3kYsqEaNVSwLy
24Tx+7i9ePbOjl+SpFSYp75dXiOGbdQ1WHOaajZ2V4GuJwpWpBrp1hqrokw1+qB8
1XjyZtAuZjHMqZcA9FPMuiKTlSEm8tjsBnoVNQIDAQABAoIBAHcg8tn+rjEuZIuZ
OOnsoKKRBYLk8QMdFnJ9aH9+mmYMryKWEeZ8ccX0vydEBGC4E8Yki8OxOXVS3sQS
OtU6drHcR5Xt3TU0NIt1s8euwapQCHOHsmxJ/R16eY1RwnwEFqmCdEkrwCD7juLm
rPE5aHfw7gQH+tOLybnPOjqRZDbsEhghRKhrJNeECdmxGbd+IQbA9cXkbyivKBiW
o5MderbXJJ4yc9QFY8utMa54NSoOJxCi5nPVYWXuc9xx0nbHXO9v5QiO+jFyeR1p
Jwj3hMMxEHxNs07fqw8kRtN4XVazSFMO2W6yZx8lpRdpuAjkLpjfQ8nbI6PW789K
sAwMABECgYEA1L+Lyb99jEIQ1kDQLJ3DJUHgUJEKSEpM2FRIJYJvCEE8GtQRfl1e
NWZ6xjWgkJkMZV6aJnxCYzpRv1UMvnM5euQzRbxE41J6Dhw3TxQWsQ0gbUgUQlZc
hLS1Zf2amlE5nWsm/q1EeMW7bjTp6CvaaQl816xCMAjURl9NLJoxpM8CgYEAz0ag
BIrTXNwhLJq5ulpAU0vf3OceJcHUwmyiBsOjye+E/HPmepoZ8YsU+pK9GXg1mcic
c2iRt1YQeXVf76jF9i8rZc4O+x3HGO6qc+PPIaZYMG6TiZynQdgswCXFwxr7VK2e
P6gJVcP7lLfCqlhMjuWWbaBI08uXTNn59acurrsCgYB/FIfAlCS/YjtCb+apr/cA
S1Bdb7XPpqouUnHiDf6a1LS9Zc2pSMZcaYGO4juuA+3Wo2K6+GCDezOXcYsyPAuq
r6M81Y/kpcCIqywSjXJcgfXLsVGAqquLDZKJgKoX4crjkDzzxbXv2lTyKKNL7t4A
/gzXm2rR3IRIIOctbFGZGwKBgAlWHQ8XUb31DGl97q++MPePi13f6zO4L2Uyj3nO
hioqZ8sXTWJoXpLKuP8wbOQgzglHSATKyQWBEuzlpJSe/YvBRCspxPL6vGUbGwJt
WH8jhwVnda3VKJOGsT1Wdjn7lSaTS3WClCkQ0tw4CsSxhYFKRiRZ++3OVdpYVzIB
fdDRAoGBAM1zWmMvxxnmxVNFEQr5WaQvlzKNS9JNq8M2RXHP/JmABvgMpZnOUF1F
sT3KAczKGplDx7JcNeeSdW9yjVPWWOQTK6Rb80RUBOu9aad6MD5ZG3jdgeHUW1dZ
mbIpuyBUi3+hd2Dr0VzH2/rK+x5I/6wKGiqaYvAemQ81iwG/xcCW
-----END RSA PRIVATE KEY-----
</content>
<desc>ssh_rsa_hostkey</desc>
</data>
<errorcode>0</errorcode>
</xcatresponse>
<xcatresponse>
<serverdone></serverdone>
</xcatresponse>

Thanks
Best Regards
----------------------------------------------------------------------
Wang Xiaopeng (王晓朋)
IBM China System Technology Laboratory
Tel: 86-10-82453455
Email: [email protected]
Address: 28,ZhongGuanCun Software Park,No.8 Dong Bei Wang West Road, Haidian District Beijing P.R.China 100193

----- Original message -----
From: "Hollizeck, Sebastian" <[email protected]>
To: xCAT Users Mailing list <[email protected]>
Cc:
Subject: Re: [xcat-user] getcredentials not working
Date: Tue, Jan 26, 2016 5:40 PM

the hostkeys are present on the xCAT MN
   ll /etc/xcat/hostkeys/
   total 32
   -rw------- 1 root root 668 Jan 21 16:02 ssh_host_dsa_key
   -rw-r--r-- 1 root root 590 Jan 21 16:02 ssh_host_dsa_key.pub
   -rw------- 1 root root 227 Jan 21 16:02 ssh_host_ecdsa_key
   -rw-r--r-- 1 root root 162 Jan 21 16:02 ssh_host_ecdsa_key.pub
   -rw------- 1 root root 965 Jan 21 16:02 ssh_host_key
   -rw-r--r-- 1 root root 630 Jan 21 16:02 ssh_host_key.pub
   -rw------- 1 root root 1679 Jan 21 16:02 ssh_host_rsa_key
   -rw-r--r-- 1 root root 382 Jan 21 16:02 ssh_host_rsa_key.pub

and i also have a credentials.pm in /opt/xcat/lib/perl/xCAT_plugin/credentials.pm

Regards
Sebastian

________________________________________
From: Xiao Peng Wang [[email protected]]
Sent: 26 January 2016 06:13
To: [email protected]
Cc: [email protected]
Subject: Re: [xcat-user] getcredentials not working

Refer to the following part of code in credentials.pm. You can get more messages in the /var/log/messages on you xCAT MN. xCAT is trying to send the file /etc/xcat/hostkeys/ssh_host_dsa_key to compute node. This file is generated during install xCAT. Could verify this file is existed?

   } elsif ($parm =~ /ssh_dsa_hostkey/) {
   `logger -t xcat -p local4.info "credentials: sending $parm"` ;
   if (-r "/etc/xcat/hostkeys/$client/ssh_host_dsa_key") {
   $tfilename="/etc/xcat/hostkeys/$client/ssh_host_dsa_key";
   } elsif (-r "/etc/xcat/hostkeys/ssh_host_dsa_key") {
   $tfilename="/etc/xcat/hostkeys/ssh_host_dsa_key";
   } else {
   push @{$rsp->{'error'}},"Unable to read private DSA key from /etc/xcat/hostkeys";
   `logger -t xcat -p local4.info "credentials: Unable to read private DSA key"` ;
   next;
   }
   } elsif ($parm =~ /ssh_rsa_hostkey/) {
   `logger -t xcat -p local4.info "credentials: sending $parm"` ;
   if (-r "/etc/xcat/hostkeys/$client/ssh_host_rsa_key") {
   $tfilename="/etc/xcat/hostkeys/$client/ssh_host_rsa_key";
   } elsif (-r "/etc/xcat/hostkeys/ssh_host_rsa_key") {
   $tfilename="/etc/xcat/hostkeys/ssh_host_rsa_key";
   } else {
   push @{$rsp->{'error'}},"Unable to read private RSA key from /etc/xcat/hostkeys";
   `logger -t xcat -p local4.info "credentials: Unable to read private RSA key"` ;
   next;
   }
   }

Thanks
Best Regards
----------------------------------------------------------------------
Wang Xiaopeng (王晓朋)
IBM China System Technology Laboratory
Tel: 86-10-82453455
Email: [email protected]
Address: 28,ZhongGuanCun Software Park,No.8 Dong Bei Wang West Road, Haidian District Beijing P.R.China 100193

----- Original message -----
From: "Hollizeck, Sebastian" <[email protected]>
To: "[email protected]" <[email protected]>
Cc:
Subject: [xcat-user] getcredentials not working
Date: Mon, Jan 25, 2016 11:23 PM

Hallo,

i am very pleased with xCAT in general and only have a small problem, which i could work around, but id rather it worked as intended.

I have a bunch of diskless nodes, which i manage and everything is working as i wish apart from the host key transfer. the xcat.log on the nodes shows the postscript "remoteshell" takes about 20 min to execute
and if i have a look at the log on the managing node i get this

Jan 25 14:46:48 xcat xcat[19066]: xCAT: Allowing getcredentials ssh_dsa_hostkey from cpn02
Jan 25 14:47:06 xcat xcat[19070]: xCAT: Allowing getcredentials ssh_dsa_hostkey from cpn02
Jan 25 14:47:17 xcat xcat[19073]: xCAT: Allowing getcredentials ssh_dsa_hostkey from cpn02
Jan 25 14:47:35 xcat xcat[19076]: xCAT: Allowing getcredentials ssh_dsa_hostkey from cpn02
Jan 25 14:47:52 xcat xcat[19078]: xCAT: Allowing getcredentials ssh_dsa_hostkey from cpn02
Jan 25 14:48:08 xcat xcat[19081]: xCAT: Allowing getcredentials ssh_dsa_hostkey from cpn02
Jan 25 14:48:19 xcat xcat[19083]: xCAT: Allowing getcredentials ssh_dsa_hostkey from cpn02
Jan 25 14:48:36 xcat xcat[19086]: xCAT: Allowing getcredentials ssh_dsa_hostkey from cpn02
Jan 25 14:48:47 xcat xcat[19088]: xCAT: Allowing getcredentials ssh_dsa_hostkey from cpn02
Jan 25 14:49:01 xcat xcat[19091]: xCAT: Allowing getcredentials ssh_dsa_hostkey from cpn02
Jan 25 14:49:17 xcat xcat[19093]: xCAT: Allowing getcredentials ssh_rsa_hostkey from cpn02
Jan 25 14:49:33 xcat xcat[19096]: xCAT: Allowing getcredentials ssh_rsa_hostkey from cpn02
Jan 25 14:49:45 xcat xcat[19098]: xCAT: Allowing getcredentials ssh_rsa_hostkey from cpn02
Jan 25 14:49:55 xcat xcat[19100]: xCAT: Allowing getcredentials ssh_rsa_hostkey from cpn02
Jan 25 14:50:09 xcat xcat[19102]: xCAT: Allowing getcredentials ssh_rsa_hostkey from cpn02
Jan 25 14:50:28 xcat xcat[19104]: xCAT: Allowing getcredentials ssh_rsa_hostkey from cpn02
Jan 25 14:50:42 xcat xcat[19106]: xCAT: Allowing getcredentials ssh_rsa_hostkey from cpn02
Jan 25 14:50:57 xcat xcat[19108]: xCAT: Allowing getcredentials ssh_rsa_hostkey from cpn02
Jan 25 14:51:14 xcat xcat[19110]: xCAT: Allowing getcredentials ssh_rsa_hostkey from cpn02
Jan 25 14:51:28 xcat xcat[19112]: xCAT: Allowing getcredentials ssh_rsa_hostkey from cpn02

which looks like the node cannot access the keys and after the 10 tries it generates a new key.
This is very unfortunate and i am out of guesses, where this problem originates from.

Could you give me a hint!?

Regards
Sebastian Hollizeck

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
xCAT-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/xcat-user

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
xCAT-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/xcat-user

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140

_______________________________________________
xCAT-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/xcat-user

Re: [xcat-user] getcredentials not working

Reply via email to