proxmox-mirrors/mirror_corosync-qdevice
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_corosync-qdevice synced 2025-08-13 14:09:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

qdevice-net-certutil: Implement scp wrapper

Browse Source 
Standard scp doesn't handle copy of file from remote machine to remote
machine very well when agent forwarding is used and no key exists
between the machines.

Signed-off-by: Jan Friesse <jfriesse@redhat.com>
This commit is contained in:
Jan Friesse 2018-08-08 09:20:02 -04:00
parent b561a902f7
commit a6b587c1ef
1 changed files with 19 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
qdevices/corosync-qdevice-net-certutil.sh
View File

@ -1,7 +1,7 @@
#!@BASHPATH@
#
# Copyright (c) 2015-2016 Red Hat, Inc.
# Copyright (c) 2015-2018 Red Hat, Inc.
#
# All rights reserved.
#
@ -207,6 +207,19 @@ import_pk12() {
pk12util -i "$CERTIFICATE_FILE" -d "$DB_DIR" -W ""
}
# Wrapper on top of scp which first copies (scp) file to local machine saving to
# temporary file and then copies to another remote machine. Standard scp doesn't
# handle situation with two hosts in one command very well when agent forwarding
# is used and there is no key between two machines.
remote_scp() {
tmp_file=`mktemp`
scp "$1" "$tmp_file"
scp "$tmp_file" "$2"
rm -f "$tmp_file"
}
quick_start() {
qnetd_addr="$1"
master_node="$2"
@ -232,7 +245,7 @@ quick_start() {
# Copy CA cert to all nodes and initialize them
for node in "$master_node" $other_nodes;do
scp "root@$qnetd_addr:$CA_EXPORT_FILE" "$node:/tmp"
remote_scp "root@$qnetd_addr:$CA_EXPORT_FILE" "root@$node:/tmp/`basename $CA_EXPORT_FILE`"
ssh "root@$node" "$0 -i -c \"/tmp/`basename $CA_EXPORT_FILE`\" && rm /tmp/`basename $CA_EXPORT_FILE`"
done
@ -240,20 +253,21 @@ quick_start() {
ssh "root@$master_node" "$0 -r -n \"$CLUSTER_NAME\""
# Copy exported cert request to qnetd server
scp "root@$master_node:$DB_DIR_NODE/$CRQ_FILE_BASE" "root@$qnetd_addr:/tmp"
remote_scp "root@$master_node:$DB_DIR_NODE/$CRQ_FILE_BASE" "root@$qnetd_addr:/tmp/$CRQ_FILE_BASE"
# Sign and export cluster certificate
ssh "root@$qnetd_addr" "$QNETD_CERTUTIL_CMD -s -c \"/tmp/$CRQ_FILE_BASE\" -n \"$CLUSTER_NAME\""
# Copy exported CRT to master node
scp "root@$qnetd_addr:$DB_DIR_QNETD/cluster-$CLUSTER_NAME.crt" "root@$master_node:$DB_DIR_NODE"
remote_scp "root@$qnetd_addr:$DB_DIR_QNETD/cluster-$CLUSTER_NAME.crt" \
"root@$master_node:$DB_DIR_NODE/cluster-$CLUSTER_NAME.crt"
# Import certificate
ssh "root@$master_node" "$0 -M -c \"$DB_DIR_NODE/cluster-$CLUSTER_NAME.crt\""
# Copy pk12 cert to all nodes and import it
for node in $other_nodes;do
scp "root@$master_node:$DB_DIR_NODE/$P12_FILE" "$node:$DB_DIR_NODE/$P12_FILE"
remote_scp "root@$master_node:$DB_DIR_NODE/$P12_FILE" "$node:$DB_DIR_NODE/$P12_FILE"
ssh "root@$node" "$0 -m -c \"$DB_DIR_NODE/$P12_FILE\""
done
}