From: Arshad Hussain Date: Tue, 15 Mar 2022 08:28:23 +0000 (+0530) Subject: LU-15626 tests: Fix "error" reported by shellcheck for setup-kerberos X-Git-Tag: 2.15.0-RC3~12 X-Git-Url: https://git.whamcloud.com/gitweb?a=commitdiff_plain;h=f41b961a9f984e6afee12064d3c1a8c61011f740;p=fs%2Flustre-release.git LU-15626 tests: Fix "error" reported by shellcheck for setup-kerberos This patch fixes "error" issues reported by shellcheck for file lustre/tests/setup_kerberos.sh. This patch also moves spaces to tabs. Change-Id: I803c35b5fc0470a9eeb9ef3c230a0a01adc5b16c Test-Parameters: envdefinitions=SHARED_KEY=true testlist=sanity Signed-off-by: Arshad Hussain Reviewed-on: https://review.whamcloud.com/46822 Tested-by: jenkins Tested-by: Maloo Reviewed-by: Jian Yu Reviewed-by: Andreas Dilger --- diff --git a/lustre/tests/setup_kerberos.sh b/lustre/tests/setup_kerberos.sh index 370c974..dc55b5b 100755 --- a/lustre/tests/setup_kerberos.sh +++ b/lustre/tests/setup_kerberos.sh @@ -13,7 +13,7 @@ # usage my_usage() { - cat < [:MDS_node:...] [:OSS_node:...] [:CLIENT_node:...] @@ -55,9 +55,9 @@ MY_CLIENTNODES=$6 MY_KDC_DISTRO=$(echo $MY_KDC_DISTRO | tr '[A-Z]' '[a-z]') if [ -z "$MY_KDC_DISTRO" -o -z "$MY_KDCNODE" -o -z "$MY_MDSNODES" -o \ - -z "$MY_OSSNODES" -o -z "$MY_CLIENTNODES" -o -z "$MY_MGSNODE" ]; then - my_usage - exit 1 + -z "$MY_OSSNODES" -o -z "$MY_CLIENTNODES" -o -z "$MY_MGSNODE" ]; then + my_usage + exit 1 fi LUSTRE=${LUSTRE:-$(dirname $0)/..} @@ -105,92 +105,90 @@ MY_CLIENTNODES=${MY_CLIENTNODES//:/ } KRB5PKG_SVR="krb5-server" KRB5PKG_DEV="krb5-devel" case $MY_KDC_DISTRO in - rhel5) - KRB5PKG_CLI="krb5-workstation" - KRB5PKG_LIB="krb5-libs" - KDC_CONF_DIR="/var/kerberos/krb5kdc" - ;; - sles10) - KRB5PKG_CLI="krb5-client" - KRB5PKG_LIB="krb5" - KDC_CONF_DIR="/var/lib/kerberos/krb5kdc" - ;; - *) - echo "Unsupported KDC distro: $MY_KDC_DISTRO!" - exit 1 + rhel5) + KRB5PKG_CLI="krb5-workstation" + KRB5PKG_LIB="krb5-libs" + KDC_CONF_DIR="/var/kerberos/krb5kdc" + ;; + sles10) + KRB5PKG_CLI="krb5-client" + KRB5PKG_LIB="krb5" + KDC_CONF_DIR="/var/lib/kerberos/krb5kdc" + ;; + *) + echo "Unsupported KDC distro: $MY_KDC_DISTRO!" + exit 1 esac KDC_CONF="$KDC_CONF_DIR/kdc.conf" KDC_ACL="$KDC_CONF_DIR/kadm5.acl" # ******************************** Functions ******************************** # is_part_of() { - local name="$1" - shift - local list="$@" - - if [ -z "$name" -o -z "$list" ]; then - false - return - fi - - if [[ " $list " == *" $name "* ]]; then - true - else - false - fi - - return + local name="$1" + shift + local list="$@" + + if [ -z "$name" -o -z "$list" ]; then + false + return + fi + + if [[ " $list " == *" $name "* ]]; then + true + else + false + fi + + return } my_do_node() { - local node=$1 - shift - local nodename=${node%.$KRB5_DOMAIN} - do_node $node "PATH=\$PATH:/usr/kerberos/sbin:/usr/kerberos/bin:\ -/usr/lib/mit/sbin:/usr/lib/mit/bin $@" | sed "s/^${nodename}: //" - return ${PIPESTATUS[0]} + local node=$1 + shift + local nodename=${node%.$KRB5_DOMAIN} + do_node $node "PATH=\$PATH:/usr/kerberos/sbin:/usr/kerberos/bin:\ +/usr/lib/mit/sbin:/usr/lib/mit/bin $*" | sed "s/^${nodename}: //" + return ${PIPESTATUS[0]} } do_node_mute() { - local output - output=$(my_do_node "$@" 2>&1) - return ${PIPESTATUS[0]} + local output + output=$(my_do_node "$@" 2>&1) + return ${PIPESTATUS[0]} } do_kdc() { - my_do_node $MY_KDCNODE "$@" - return ${PIPESTATUS[0]} + my_do_node $MY_KDCNODE "$@" + return ${PIPESTATUS[0]} } do_kdc_mute() { - do_node_mute $MY_KDCNODE "$@" - return ${PIPESTATUS[0]} + do_node_mute $MY_KDCNODE "$@" + return ${PIPESTATUS[0]} } # # convert a space-delimited node name list to a canonical name list # get_fqdn() { - local nodename_list="$@" - local fqdn_list="" - local name - local fqdn - local rc - - for name in $nodename_list; do - fqdn=$(do_kdc "gethostip -n $name 2>&1") - rc=${PIPESTATUS[0]} - if [ $rc -ne 0 ]; then - echo "Can not get the FQDN of node $name: $fqdn" - return $rc - fi - [ -z "$fqdn_list" ] && fqdn_list="$fqdn" \ - || fqdn_list="$fqdn_list $fqdn" - - done - - echo "$fqdn_list" - return 0 + local nodename_list="$@" + local fqdn_list="" + local name + local fqdn + local rc + + for name in $nodename_list; do + fqdn=$(do_kdc "gethostip -n $name 2>&1") + rc=${PIPESTATUS[0]} + if [ $rc -ne 0 ]; then + echo "Can not get the FQDN of node $name: $fqdn" + return $rc + fi + [ -z "$fqdn_list" ] && fqdn_list="$fqdn" || + fqdn_list="$fqdn_list $fqdn" + done + echo "$fqdn_list" + return 0 } # @@ -199,70 +197,70 @@ get_fqdn() { # node name comparison easier # normalize_names() { - local rc - - # KDC - MY_KDCNODE=$(get_fqdn $MY_KDCNODE) - rc=${PIPESTATUS[0]} - if [ $rc -ne 0 ]; then - echo $MY_KDCNODE - return $rc - fi - - # MGS node - MY_MGSNODE=$(get_fqdn $MY_MGSNODE) - rc=${PIPESTATUS[0]} - if [ $rc -ne 0 ]; then - echo $MY_MGSNODE - return $rc - fi - - # MDS nodes - MY_MDSNODES=$(get_fqdn $MY_MDSNODES) - rc=${PIPESTATUS[0]} - if [ $rc -ne 0 ]; then - echo $MY_MDSNODES - return $rc - fi - - # OSS nodes - MY_OSSNODES=$(get_fqdn $MY_OSSNODES) - rc=${PIPESTATUS[0]} - if [ $rc -ne 0 ]; then - echo $MY_OSSNODES - return $rc - fi - - # client nodes - MY_CLIENTNODES=$(get_fqdn $MY_CLIENTNODES) - rc=${PIPESTATUS[0]} - if [ $rc -ne 0 ]; then - echo $MY_CLIENTNODES - return $rc - fi - - return 0 + local rc + + # KDC + MY_KDCNODE=$(get_fqdn $MY_KDCNODE) + rc=${PIPESTATUS[0]} + if [ $rc -ne 0 ]; then + echo $MY_KDCNODE + return $rc + fi + + # MGS node + MY_MGSNODE=$(get_fqdn $MY_MGSNODE) + rc=${PIPESTATUS[0]} + if [ $rc -ne 0 ]; then + echo $MY_MGSNODE + return $rc + fi + + # MDS nodes + MY_MDSNODES=$(get_fqdn $MY_MDSNODES) + rc=${PIPESTATUS[0]} + if [ $rc -ne 0 ]; then + echo $MY_MDSNODES + return $rc + fi + + # OSS nodes + MY_OSSNODES=$(get_fqdn $MY_OSSNODES) + rc=${PIPESTATUS[0]} + if [ $rc -ne 0 ]; then + echo $MY_OSSNODES + return $rc + fi + + # client nodes + MY_CLIENTNODES=$(get_fqdn $MY_CLIENTNODES) + rc=${PIPESTATUS[0]} + if [ $rc -ne 0 ]; then + echo $MY_CLIENTNODES + return $rc + fi + + return 0 } # # verify remote shell works on all nodes # check_rsh() { - local checked="" - local node + local checked="" + local node - echo "+++ Checking remote shell" + echo "+++ Checking remote shell" - for node in $MY_KDCNODE $MY_MGSNODE $MY_OSSNODES $MY_MDSNODES $MY_CLIENTNODES - do - is_part_of $node $checked && continue + for node in $MY_KDCNODE $MY_MGSNODE $MY_OSSNODES $MY_MDSNODES $MY_CLIENTNODES + do + is_part_of $node $checked && continue - echo -n "Checking remote shell on $node..." - do_node_mute $node true || return ${PIPESTATUS[0]} - echo "OK!" + echo -n "Checking remote shell on $node..." + do_node_mute $node true || return ${PIPESTATUS[0]} + echo "OK!" - checked="$checked $node" - done + checked="$checked $node" + done } # @@ -270,193 +268,193 @@ check_rsh() { # used by kdb5_util to create Kerberos database # check_entropy() { - local limit=170 - local avail - - echo "+++ Checking the entropy on the KDC" - - echo -n "Checking $MY_KDCNODE..." - avail=$(do_kdc "sysctl -n kernel.random.entropy_avail") - local rc=${PIPESTATUS[0]} - if [ $rc -eq 0 ]; then - if [ $avail -lt $limit ]; then - echo -e "\nWarning: The entropy on the KDC node is only $avail, \ -which is not enough for kdb5_util to create Kerberos database! \ -Let's use /dev/urandom!" - do_kdc "rm -f /dev/random.bak && mv /dev/random{,.bak} && \ -mknod /dev/random c 1 9" - return ${PIPESTATUS[0]} - fi - else - echo "Can not get the entropy on the KDC node!" - return $rc - fi - echo "OK!" + local limit=170 + local avail + + echo "+++ Checking the entropy on the KDC" + + echo -n "Checking $MY_KDCNODE..." + avail=$(do_kdc "sysctl -n kernel.random.entropy_avail") + local rc=${PIPESTATUS[0]} + if [ $rc -eq 0 ]; then + if [ $avail -lt $limit ]; then + echo -e "\nWarning: The entropy on the KDC node is only $avail, \ + which is not enough for kdb5_util to create Kerberos database! \ + Let's use /dev/urandom!" + do_kdc "rm -f /dev/random.bak && mv /dev/random{,.bak} && \ + mknod /dev/random c 1 9" + return ${PIPESTATUS[0]} + fi + else + echo "Can not get the entropy on the KDC node!" + return $rc + fi + echo "OK!" } # # verify runas users and groups # check_users() { - local checked="" - local node - local id - local user + local checked="" + local node + local id + local user - echo "+++ Checking users and groups" + echo "+++ Checking users and groups" - for node in $MY_KDCNODE $MY_MGSNODE $MY_MDSNODES $MY_CLIENTNODES; do - is_part_of $node $checked && continue + for node in $MY_KDCNODE $MY_MGSNODE $MY_MDSNODES $MY_CLIENTNODES; do + is_part_of $node $checked && continue - for id in $LOCAL_UIDS; do - echo -n "Checking uid/gid $id/$id on $node..." - user=$(my_do_node $node getent passwd | grep :$id:$id: | cut -d: -f1) - if [ -z "$user" ]; then + for id in $LOCAL_UIDS; do + echo -n "Checking uid/gid $id/$id on $node..." + user=$(my_do_node $node getent passwd | grep :$id:$id: | cut -d: -f1) + if [ -z "$user" ]; then echo -e "\nPlease set LOCAL_UIDS to some users \ -which exist on KDC, MDS and client or add user/group $id/$id on these nodes." - return 1 - fi - echo "OK!" - done - checked="$checked $node" - done + which exist on KDC, MDS and client or add user/group $id/$id on these nodes." + return 1 + fi + echo "OK!" + done + checked="$checked $node" + done } cfg_mount() { - local node=$1 - local dev=$2 - local dir=$3 - - echo -n "Checking $dev mount on $node..." - if do_node_mute $node "grep -q $dir' ' /proc/mounts"; then - echo "OK!" - return 0 - fi - - if ! do_node_mute $node "grep -q ^$dev /etc/fstab"; then - my_do_node $node "echo '$dev $dir $dev defaults 0 0' >> /etc/fstab" || \ - return ${PIPESTATUS[0]} - fi - my_do_node $node "mkdir -p $dir && mount $dir" || true - - if ! do_node_mute $node "grep -q $dir' ' /proc/mounts"; then - echo "Failed to mount fs $dev at $dir!" - return 1 - fi - echo "OK!" + local node=$1 + local dev=$2 + local dir=$3 + + echo -n "Checking $dev mount on $node..." + if do_node_mute $node "grep -q $dir' ' /proc/mounts"; then + echo "OK!" + return 0 + fi + + if ! do_node_mute $node "grep -q ^$dev /etc/fstab"; then + my_do_node $node "echo '$dev $dir $dev defaults 0 0' >> /etc/fstab" || \ + return ${PIPESTATUS[0]} + fi + my_do_node $node "mkdir -p $dir && mount $dir" || true + + if ! do_node_mute $node "grep -q $dir' ' /proc/mounts"; then + echo "Failed to mount fs $dev at $dir!" + return 1 + fi + echo "OK!" } # # configure nfsd mount on MDS and OSS nodes # cfg_nfs_mount() { - local checked="" - local node + local checked="" + local node - echo "+++ Configuring nfsd mount" + echo "+++ Configuring nfsd mount" - for node in $MY_MGSNODE $MY_OSSNODES $MY_MDSNODES; do - is_part_of $node $checked && continue - cfg_mount $node nfsd /proc/fs/nfsd || return ${PIPESTATUS[0]} - checked="$checked $node" - done + for node in $MY_MGSNODE $MY_OSSNODES $MY_MDSNODES; do + is_part_of $node $checked && continue + cfg_mount $node nfsd /proc/fs/nfsd || return ${PIPESTATUS[0]} + checked="$checked $node" + done } get_pkgname() { - local node=$1 - local pkg=$2 + local node=$1 + local pkg=$2 - my_do_node $node "rpm -q $pkg 2>&1" | tail -n1 - return ${PIPESTATUS[0]} + my_do_node $node "rpm -q $pkg 2>&1" | tail -n1 + return ${PIPESTATUS[0]} } get_krb5pkgname() { - local node=$1 - local flavor=$2 - - my_do_node $node cat /etc/SuSE-release 2>/dev/null | \ - grep -q 'Enterprise Server 10' - if [ ${PIPESTATUS[1]} -eq 0 ]; then - case $flavor in - cli) echo "krb5-client";; - lib) echo "krb5";; - esac - else - case $flavor in - cli) echo "krb5-workstation";; - lib) echo "krb5-libs";; - esac - fi + local node=$1 + local flavor=$2 + + my_do_node $node cat /etc/SuSE-release 2>/dev/null | \ + grep -q 'Enterprise Server 10' + if [ ${PIPESTATUS[1]} -eq 0 ]; then + case $flavor in + cli) echo "krb5-client";; + lib) echo "krb5";; + esac + else + case $flavor in + cli) echo "krb5-workstation";; + lib) echo "krb5-libs";; + esac + fi } check_kdc() { - local pkg - local rc - - echo "+++ Checking KDC installation" - - echo -n "Checking $MY_KDCNODE..." - pkg=$(get_pkgname $MY_KDCNODE $KRB5PKG_SVR) - rc=${PIPESTATUS[0]} - if [ $rc -ne 0 ]; then - echo -e "\nCan not find $KRB5PKG_SVR package on $MY_KDCNODE: $pkg" - return $rc - fi - echo "OK!" + local pkg + local rc + + echo "+++ Checking KDC installation" + + echo -n "Checking $MY_KDCNODE..." + pkg=$(get_pkgname $MY_KDCNODE $KRB5PKG_SVR) + rc=${PIPESTATUS[0]} + if [ $rc -ne 0 ]; then + echo -e "\nCan not find $KRB5PKG_SVR package on $MY_KDCNODE: $pkg" + return $rc + fi + echo "OK!" } check_krb5() { - local checked="" - local pkg - local rc - local krb5pkg_cli - - echo "+++ Checking Kerberos 5 installation" - for node in $MY_MGSNODE $MY_OSSNODES $MY_MDSNODES $MY_CLIENTNODES; do - is_part_of $node $checked && continue - - echo -n "Checking $node..." - krb5pkg_cli=$(get_krb5pkgname $node cli) - - pkg=$(get_pkgname $node $krb5pkg_cli) - rc=${PIPESTATUS[0]} - if [ $rc -ne 0 ]; then - echo -e "\nCan not find $krb5pkg_cli package on $node: $pkg" - return $rc - fi - echo "OK!" - checked="$checked $node" - done + local checked="" + local pkg + local rc + local krb5pkg_cli + + echo "+++ Checking Kerberos 5 installation" + for node in $MY_MGSNODE $MY_OSSNODES $MY_MDSNODES $MY_CLIENTNODES; do + is_part_of $node $checked && continue + + echo -n "Checking $node..." + krb5pkg_cli=$(get_krb5pkgname $node cli) + + pkg=$(get_pkgname $node $krb5pkg_cli) + rc=${PIPESTATUS[0]} + if [ $rc -ne 0 ]; then + echo -e "\nCan not find $krb5pkg_cli package on $node: $pkg" + return $rc + fi + echo "OK!" + checked="$checked $node" + done } check_libgssapi() { - local checked="" - local node - local pkg - local rc - - echo "+++ Checking libgssapi installation" - - LIBGSSAPI=$(get_pkgname $MY_KDCNODE libgssapi) - rc=${PIPESTATUS[0]} - if [ $rc -ne 0 ]; then - echo "Can not find libgssapi package on $MY_KDCNODE: $LIBGSSAPI" - return $rc - fi - - for node in $MY_MGSNODE $MY_OSSNODES $MY_MDSNODES $MY_CLIENTNODES; do - is_part_of $node $checked && continue - - echo -n "Checking $node..." - pkg=$(get_pkgname $node libgssapi) - rc=${PIPESTATUS[0]} - if [ $rc -ne 0 ]; then - echo -e "\nCan not find libgssapi package on $node: $pkg" - return $rc - fi - echo "OK!" - checked="$checked $node" - done + local checked="" + local node + local pkg + local rc + + echo "+++ Checking libgssapi installation" + + LIBGSSAPI=$(get_pkgname $MY_KDCNODE libgssapi) + rc=${PIPESTATUS[0]} + if [ $rc -ne 0 ]; then + echo "Can not find libgssapi package on $MY_KDCNODE: $LIBGSSAPI" + return $rc + fi + + for node in $MY_MGSNODE $MY_OSSNODES $MY_MDSNODES $MY_CLIENTNODES; do + is_part_of $node $checked && continue + + echo -n "Checking $node..." + pkg=$(get_pkgname $node libgssapi) + rc=${PIPESTATUS[0]} + if [ $rc -ne 0 ]; then + echo -e "\nCan not find libgssapi package on $node: $pkg" + return $rc + fi + echo "OK!" + checked="$checked $node" + done } # @@ -464,115 +462,115 @@ check_libgssapi() { # We only support MIT Kerberos 5 GSS-API mechanism. # cfg_libgssapi() { - local checked="" - local node - local pkg - local rc - local krb5pkg_lib - local krb5_lib - - echo "+++ Updating $GSSAPI_MECH_CONF" - - for node in $MY_KDCNODE $MY_MGSNODE $MY_OSSNODES $MY_MDSNODES $MY_CLIENTNODES - do - is_part_of $node $checked && continue - - krb5pkg_lib=$(get_krb5pkgname $node lib) - pkg=$(get_pkgname $node $krb5pkg_lib) - rc=${PIPESTATUS[0]} - if [ $rc -ne 0 ]; then - echo -e "\nCan not find $krb5pkg_lib package on $node: $pkg" - return $rc - fi - - krb5_lib=$(my_do_node $node "rpm -ql $pkg" | \ - grep libgssapi_krb5.so | head -n1) - - if ! do_node_mute $node \ -"egrep -q \\\"^$krb5_lib|^$(basename $krb5_lib)\\\" $GSSAPI_MECH_CONF"; then - do_node_mute $node \ -"echo '$krb5_lib mechglue_internal_krb5_init' >> $GSSAPI_MECH_CONF" - fi - checked="$checked $node" - done - echo "OK!" + local checked="" + local node + local pkg + local rc + local krb5pkg_lib + local krb5_lib + + echo "+++ Updating $GSSAPI_MECH_CONF" + + for node in $MY_KDCNODE $MY_MGSNODE $MY_OSSNODES $MY_MDSNODES $MY_CLIENTNODES + do + is_part_of $node $checked && continue + + krb5pkg_lib=$(get_krb5pkgname $node lib) + pkg=$(get_pkgname $node $krb5pkg_lib) + rc=${PIPESTATUS[0]} + if [ $rc -ne 0 ]; then + echo -e "\nCan not find $krb5pkg_lib package on $node: $pkg" + return $rc + fi + + krb5_lib=$(my_do_node $node "rpm -ql $pkg" | + grep libgssapi_krb5.so | head -n1) + + if ! do_node_mute $node \ + "egrep -q \\\"^$krb5_lib|^$(basename $krb5_lib)\\\" $GSSAPI_MECH_CONF"; then + do_node_mute $node \ + "echo '$krb5_lib mechglue_internal_krb5_init' >> $GSSAPI_MECH_CONF" + fi + checked="$checked $node" + done + echo "OK!" } # # check and update the /etc/request-key.conf file on each MDS and client node # cfg_keyutils() { - local checked="" - local node - local lgss_keyring - - echo "+++ Updating $REQUEST_KEY_CONF" - - for node in $MY_OSSNODES $MY_MDSNODES $MY_CLIENTNODES; do - is_part_of $node $checked && continue - lgss_keyring=$(my_do_node $node "which lgss_keyring") || \ - return ${PIPESTATUS[0]} - - if ! do_node_mute $node \ -"grep -q \\\"^create.*$lgss_keyring\\\" $REQUEST_KEY_CONF"; then - do_node_mute $node \ -"echo 'create lgssc * * $lgss_keyring %o %k %t %d %c %u %g %T %P %S' \ ->> $REQUEST_KEY_CONF" - fi - checked="$checked $node" - done - echo "OK!" + local checked="" + local node + local lgss_keyring + + echo "+++ Updating $REQUEST_KEY_CONF" + + for node in $MY_OSSNODES $MY_MDSNODES $MY_CLIENTNODES; do + is_part_of $node $checked && continue + lgss_keyring=$(my_do_node $node "which lgss_keyring") || \ + return ${PIPESTATUS[0]} + + if ! do_node_mute $node \ + "grep -q \\\"^create.*$lgss_keyring\\\" $REQUEST_KEY_CONF"; then + do_node_mute $node \ + "echo 'create lgssc * * $lgss_keyring %o %k %t %d %c %u %g %T %P %S' \ + >> $REQUEST_KEY_CONF" + fi + checked="$checked $node" + done + echo "OK!" } add_svc_princ() { - local fqdn=$1 - local type=$2 + local fqdn=$1 + local type=$2 - echo -n "Creating service principal lustre_$type/$fqdn@$KRB5_REALM..." - do_kdc_mute "kadmin.local -r $KRB5_REALM < $tmpcfg + local tmpdir="$TMP/krb5_cfg_tmp_$UID" + local tmpcfg=$tmpdir/kdc.conf + local tmpacl=$tmpdir/kadm5.acl + + echo "+++ Configuring KDC on $MY_KDCNODE" + echo "Warning: old KDC setting on $MY_KDCNODE will be destroied!!!" + + echo -n "Checking the existence of KDC config dir..." + do_kdc_mute "[ -d $KDC_CONF_DIR ]" + if [ ${PIPESTATUS[0]} -ne 0 ]; then + echo -e "\nUnrecognized krb5 distribution!" + return 1 + else + echo "OK!" + fi + + # stop KDC daemon + do_kdc_mute "/etc/init.d/krb5kdc stop < /dev/null" || true + + echo -n "Removing old KDC configurations..." + do_kdc_mute "rm -f $KDC_CONF_DIR/*" + echo "OK!" + + # create kdc.conf locally + rm -rf $tmpdir + mkdir -p $tmpdir || return ${PIPESTATUS[0]} + cat < $tmpcfg [kdcdefaults] acl_file = $KDC_ACL @@ -656,34 +654,35 @@ cfg_kdc() { } EOF - # install kdc.conf remotely - echo -n "Installing kdc.conf on $MY_KDCNODE..." - $SCP $tmpcfg root@$MY_KDCNODE:$KDC_CONF || return ${PIPESTATUS[0]} - echo "OK!" - - # initialize KDC database - echo -n "Creating Kerberos database on $MY_KDCNODE..." - do_kdc_mute "kdb5_util create -r $KRB5_REALM -s -P 111111" - local rc=${PIPESTATUS[0]} - if [ $rc -ne 0 ]; then - echo "Failed!" - return $rc - else - echo "OK!" - fi - - # create ACL file locally & install remotely - cat < $tmpacl + # install kdc.conf remotely + echo -n "Installing kdc.conf on $MY_KDCNODE..." + $SCP $tmpcfg root@$MY_KDCNODE:$KDC_CONF || return ${PIPESTATUS[0]} + echo "OK!" + + # initialize KDC database + echo -n "Creating Kerberos database on $MY_KDCNODE..." + do_kdc_mute "kdb5_util create -r $KRB5_REALM -s -P 111111" + local rc=${PIPESTATUS[0]} + if [ $rc -ne 0 ]; then + echo "Failed!" + return $rc + else + echo "OK!" + fi + + # create ACL file locally & install remotely + cat < $tmpacl */admin@$KRB5_REALM * root@$KRB5_REALM * EOF - echo -n "Installing kadm5.acl on $MY_KDCNODE..." - $SCP $tmpacl root@$MY_KDCNODE:$KDC_ACL || return ${PIPESTATUS[0]} - echo "OK!" - rm -rf $tmpdir || true - - # start KDC daemon - do_kdc "/etc/init.d/krb5kdc restart < /dev/null" || return ${PIPESTATUS[0]} + echo -n "Installing kadm5.acl on $MY_KDCNODE..." + $SCP $tmpacl root@$MY_KDCNODE:$KDC_ACL || return ${PIPESTATUS[0]} + echo "OK!" + rm -rf $tmpdir || true + + # start KDC daemon + do_kdc "/etc/init.d/krb5kdc restart < /dev/null" || + return ${PIPESTATUS[0]} } # @@ -691,16 +690,16 @@ EOF # client, MDS and OSS # cfg_krb5_conf() { - local tmpdir="$TMP/krb5_cfg_tmp_$UID" - local tmpcfg="$tmpdir/krb5.conf" - local checked="" + local tmpdir="$TMP/krb5_cfg_tmp_$UID" + local tmpcfg="$tmpdir/krb5.conf" + local checked="" - echo "+++ Installing krb5.conf on all nodes" + echo "+++ Installing krb5.conf on all nodes" - # create krb5.conf locally - rm -rf $tmpdir - mkdir -p $tmpdir || return ${PIPESTATUS[0]} - cat < $tmpcfg + # create krb5.conf locally + rm -rf $tmpdir + mkdir -p $tmpdir || return ${PIPESTATUS[0]} + cat < $tmpcfg [libdefaults] default_realm = $KRB5_REALM dns_lookup_realm = false @@ -730,52 +729,52 @@ cfg_krb5_conf() { } EOF - # install krb5.conf remotely - for node in $MY_KDCNODE $MY_MGSNODE $MY_OSSNODES $MY_MDSNODES $MY_CLIENTNODES - do - is_part_of $node $checked && continue + # install krb5.conf remotely + for node in $MY_KDCNODE $MY_MGSNODE $MY_OSSNODES $MY_MDSNODES $MY_CLIENTNODES + do + is_part_of $node $checked && continue - echo -n "Installing krb5.conf on $node..." - $SCP $tmpcfg root@$node:$KRB5_CONF || return ${PIPESTATUS[0]} - echo "OK!" + echo -n "Installing krb5.conf on $node..." + $SCP $tmpcfg root@$node:$KRB5_CONF || return ${PIPESTATUS[0]} + echo "OK!" - checked="$checked $node" - done - rm -rf $tmpdir || true + checked="$checked $node" + done + rm -rf $tmpdir || true } add_keytab() { - local tab=$1 - local princ=$2 - local enctype=$3 + local tab=$1 + local princ=$2 + local enctype=$3 - do_kdc_mute "kadmin.local -r $KRB5_REALM </dev/null && $LCTL list_nids" 2>&1 | head -n1 -exit ${PIPESTATUS[0]}) - rc=${PIPESTATUS[0]} - if [ $rc -ne 0 ]; then - echo "Failed to get the nid for node $node: $nid" - return $rc - fi - [ -z "$client_nids" ] && client_nids="$nid" \ - || client_nids="$client_nids $nid" - - my_do_node $node "$LCTL net down 1>/dev/null" || true - done - - echo "$client_nids" - return 0 + local client_nids="" + local node + local nid + local local_fqdn + local rc + + # get the fqdn of the local host + local_fqdn=$(get_fqdn $HOSTNAME) + rc=${PIPESTATUS[0]} + if [ $rc -ne 0 ]; then + echo $local_fqdn + return $rc + fi + + for node in $MY_CLIENTNODES; do + my_do_node $node lsmod | grep -q lnet || \ + my_do_node $node "modprobe lnet" || { + if [ "$node" = "$local_fqdn" ]; then + lsmod | grep -q lnet || load_modules + else + echo "Failed to load lnet module on node $node!" + return 1 + fi + } + + check_acceptor_port $node $ACCEPTOR_PORT || + return ${PIPESTATUS[0]} + + nid=$(set +x; my_do_node $node \ + "$LCTL net up 1>/dev/null && $LCTL list_nids" 2>&1 | head -n1 + exit ${PIPESTATUS[0]}) + rc=${PIPESTATUS[0]} + if [ $rc -ne 0 ]; then + echo "Failed to get the nid for node $node: $nid" + return $rc + fi + [ -z "$client_nids" ] && client_nids="$nid" || + client_nids="$client_nids $nid" + + my_do_node $node "$LCTL net down 1>/dev/null" || true + done + + echo "$client_nids" + return 0 } # ******************************** Main Flow ******************************** # @@ -997,7 +1000,7 @@ check_rsh || exit ${PIPESTATUS[0]} check_entropy || exit ${PIPESTATUS[0]} if $CFG_RUNAS; then - check_users || exit ${PIPESTATUS[0]} + check_users || exit ${PIPESTATUS[0]} fi check_kdc || exit ${PIPESTATUS[0]} @@ -1024,8 +1027,8 @@ cfg_libgssapi || exit ${PIPESTATUS[0]} cfg_keyutils || exit ${PIPESTATUS[0]} if $RESET_KDC; then - cfg_krb5_conf || exit ${PIPESTATUS[0]} - cfg_kdc || exit ${PIPESTATUS[0]} + cfg_krb5_conf || exit ${PIPESTATUS[0]} + cfg_kdc || exit ${PIPESTATUS[0]} fi cfg_kdc_princs || exit ${PIPESTATUS[0]}