[debian-lan-devel] [debian-lan] 05/05: Improved kerberos machine key distribution.
Andreas B. Mundt
andi at moszumanska.debian.org
Fri Apr 4 15:46:17 UTC 2014
This is an automated email from the git hooks/post-receive script.
andi pushed a commit to branch wheezy
in repository debian-lan.
commit 121728365f4b58c2992f211a2e213d35c6e12369
Author: Andreas B. Mundt <andi at debian.org>
Date: Sun Mar 30 16:22:16 2014 +0200
Improved kerberos machine key distribution.
If a kerberos machine key could not be copied during installation, try
again at first boot of the installed machine.
(cherry picked from commit 1b2e11fa24f91b75830fabcbe2e5bb2f86f5d6b5)
---
.../files/usr/local/sbin/dhcpd-keytab/SERVER_A | 33 ++++++++++++++--------
1 file changed, 22 insertions(+), 11 deletions(-)
diff --git a/fai/config/files/usr/local/sbin/dhcpd-keytab/SERVER_A b/fai/config/files/usr/local/sbin/dhcpd-keytab/SERVER_A
index 80a4571..a714fe1 100755
--- a/fai/config/files/usr/local/sbin/dhcpd-keytab/SERVER_A
+++ b/fai/config/files/usr/local/sbin/dhcpd-keytab/SERVER_A
@@ -36,6 +36,13 @@ cleanup(){
exit 0
}
+activated(){
+ echo "$DATADIR/${MACHINE}.keytab copied to ${MACHINE}."
+ DATE=`date +%Y%m%d`
+ mv -v $DATADIR/${MACHINE}.keytab $DATADIR/${MACHINE}.keytab_$DATE
+ cleanup "Success! ${MACHINE} activated."
+}
+
## Make chroot accessible to root:
if [ ! -e ${NFSROOT}/root/.ssh/authorized_keys ] ; then
echo $MACHINE `date`
@@ -45,23 +52,27 @@ if [ ! -e ${NFSROOT}/root/.ssh/authorized_keys ] ; then
done
fi
+echo "==================== $MACHINE `date` ===================="
+echo "Trying to copy keytab to $MACHINE in $WAIT seconds."
sleep $WAIT
for i in `seq 8` ; do
echo $MACHINE `date`
echo "Copying keytab to $MACHINE: $i try."
## Do not check host ID and do not add the host ID to known_hosts,
- ## as the host will have a differen ID after installation:
- if ! scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=\"$STAMP\" -p \
- $DATADIR/${MACHINE}.keytab root@${MACHINE}:/target/etc/krb5.keytab ; then
- echo "Copying failed, sleeping $WAIT s."
- sleep $WAIT
- ping -c 2 $MACHINE > /dev/null || cleanup "Cannot ping $MACHINE, exiting."
- continue
+ ## as the host will have a differen ID after installation.
+ if ERR=$(LC_ALL=C scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=\"$STAMP\" -p \
+ $DATADIR/${MACHINE}.keytab root@${MACHINE}:/target/etc/krb5.keytab 2>&1) ; then
+ activated
+ elif echo "$ERR" | grep -q "scp: /target/etc/krb5.keytab: No such file or directory" ; then
+ echo "Copying to '/target/etc/krb5.key' failed, try already installed machine."
+ if scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=\"$STAMP\" -p \
+ $DATADIR/${MACHINE}.keytab root@${MACHINE}:/etc/krb5.keytab ; then
+ activated
+ fi
fi
- echo "$DATADIR/${MACHINE}.keytab copied to ${MACHINE}."
- DATE=`date +%Y%m%d`
- mv -v $DATADIR/${MACHINE}.keytab $DATADIR/${MACHINE}.keytab_$DATE
- cleanup "Success! ${MACHINE} activated."
+ echo "Copying failed, sleeping $WAIT s."
+ sleep $WAIT
+ ping -c 2 $MACHINE > /dev/null || cleanup "Cannot ping $MACHINE, exiting."
done
cleanup "Failed to activate ${MACHINE}. Run 'debian-lan key2machine ${MACHINE}' manually."
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/collab-maint/debian-lan.git
More information about the debian-lan-devel
mailing list