keydirectory set to /etc/nlvmi

This commit is contained in:
nativemad 2018-10-10 10:54:38 +02:00
parent f19fa974bd
commit cc7161d7a2
1 changed files with 4 additions and 4 deletions

8
nlvmi
View File

@ -104,7 +104,7 @@ function createdb {
} }
#create signing key #create signing key
function createkey { function createkey {
openssl req -nodes -x509 -sha256 -newkey rsa:4096 -keyout "nlvmi_priv.key" -out "nlvmi_sign.crt" -days 9999 -subj "/CN=nlvmi_signing" openssl req -nodes -x509 -sha256 -newkey rsa:4096 -keyout "/etc/nlvmi/nlvmi_priv.key" -out "/etc/nlvmi/nlvmi_sign.crt" -days 9999 -subj "/CN=nlvmi_signing"
} }
#autostart VMs #autostart VMs
function vmautostart { function vmautostart {
@ -163,7 +163,7 @@ function vmstart {
if [ ! -z "${array[34]}" ]; then if [ ! -z "${array[34]}" ]; then
echo "chmod g+w $RUNDIRECTORY/${array[1]}.mon" >>$TMPF echo "chmod g+w $RUNDIRECTORY/${array[1]}.mon" >>$TMPF
echo "chmod g+r $RUNDIRECTORY/${array[1]}.pid" >>$TMPF echo "chmod g+r $RUNDIRECTORY/${array[1]}.pid" >>$TMPF
openssl dgst -sha512 -sign "/nlvmi/nlvmi_priv.key" -out /home/nlvmi/${array[1]}.tmp.sha512 $TMPF openssl dgst -sha512 -sign "/etc/nlvmi/nlvmi_priv.key" -out /home/nlvmi/${array[1]}.tmp.sha512 $TMPF
su nlvmi -c "scp $TMPF* ${array[34]}:/home/nlvmi/" su nlvmi -c "scp $TMPF* ${array[34]}:/home/nlvmi/"
su nlvmi -c "ssh ${array[34]} \"/usr/bin/nlvmi remote $TMPF run\"" su nlvmi -c "ssh ${array[34]} \"/usr/bin/nlvmi remote $TMPF run\""
su nlvmi -c "ssh ${array[34]} \"rm $TMPF $TMPF.sha512\"" su nlvmi -c "ssh ${array[34]} \"rm $TMPF $TMPF.sha512\""
@ -199,7 +199,7 @@ function vmstop {
else else
TMPF=/home/nlvmi/${array[1]}.tmp TMPF=/home/nlvmi/${array[1]}.tmp
echo "kill \$(<\"$RUNDIRECTORY/${array[1]}.pid\")" >$TMPF echo "kill \$(<\"$RUNDIRECTORY/${array[1]}.pid\")" >$TMPF
openssl dgst -sha512 -sign "/nlvmi/nlvmi_priv.key" -out $TMPF.sha512 $TMPF openssl dgst -sha512 -sign "/etc/nlvmi/nlvmi_priv.key" -out $TMPF.sha512 $TMPF
su nlvmi -c "scp $TMPF* ${array[2]}:/home/nlvmi/" su nlvmi -c "scp $TMPF* ${array[2]}:/home/nlvmi/"
# su nlvmi -c "ssh ${array[2]} \"echo \\\"kill \\\$(<\\\"$RUNDIRECTORY/${array[1]}.pid\\\")\\\" >/home/nlvmi/${array[1]}.tmp\"" # su nlvmi -c "ssh ${array[2]} \"echo \\\"kill \\\$(<\\\"$RUNDIRECTORY/${array[1]}.pid\\\")\\\" >/home/nlvmi/${array[1]}.tmp\""
su nlvmi -c "ssh ${array[2]} \"/usr/bin/nlvmi remote /home/nlvmi/${array[1]}.tmp stop\"" su nlvmi -c "ssh ${array[2]} \"/usr/bin/nlvmi remote /home/nlvmi/${array[1]}.tmp stop\""
@ -294,7 +294,7 @@ if [ $# -gt 0 ]; then
if [ ! -z $MASTERSERVER ]; then if [ ! -z $MASTERSERVER ]; then
if `echo $SSH_CLIENT | grep "$MASTERSERVER " &>/dev/null`; then if `echo $SSH_CLIENT | grep "$MASTERSERVER " &>/dev/null`; then
if [ -e $2 ]; then if [ -e $2 ]; then
openssl dgst -sha512 -verify <(openssl x509 -in "/nlvmi/nlvmi_sign.crt" -pubkey -noout) -signature $2.sha512 $2 >/dev/null && /bin/bash $2 || echo "signature failed!!" openssl dgst -sha512 -verify <(openssl x509 -in "/etc/nlvmi/nlvmi_sign.crt" -pubkey -noout) -signature $2.sha512 $2 >/dev/null && /bin/bash $2 || echo "signature failed!!"
# /bin/bash $2; # /bin/bash $2;
fi fi
else else