keydirectory set to /etc/nlvmi
This commit is contained in:
parent
f19fa974bd
commit
cc7161d7a2
8
nlvmi
8
nlvmi
|
@ -104,7 +104,7 @@ function createdb {
|
||||||
}
|
}
|
||||||
#create signing key
|
#create signing key
|
||||||
function createkey {
|
function createkey {
|
||||||
openssl req -nodes -x509 -sha256 -newkey rsa:4096 -keyout "nlvmi_priv.key" -out "nlvmi_sign.crt" -days 9999 -subj "/CN=nlvmi_signing"
|
openssl req -nodes -x509 -sha256 -newkey rsa:4096 -keyout "/etc/nlvmi/nlvmi_priv.key" -out "/etc/nlvmi/nlvmi_sign.crt" -days 9999 -subj "/CN=nlvmi_signing"
|
||||||
}
|
}
|
||||||
#autostart VMs
|
#autostart VMs
|
||||||
function vmautostart {
|
function vmautostart {
|
||||||
|
@ -163,7 +163,7 @@ function vmstart {
|
||||||
if [ ! -z "${array[34]}" ]; then
|
if [ ! -z "${array[34]}" ]; then
|
||||||
echo "chmod g+w $RUNDIRECTORY/${array[1]}.mon" >>$TMPF
|
echo "chmod g+w $RUNDIRECTORY/${array[1]}.mon" >>$TMPF
|
||||||
echo "chmod g+r $RUNDIRECTORY/${array[1]}.pid" >>$TMPF
|
echo "chmod g+r $RUNDIRECTORY/${array[1]}.pid" >>$TMPF
|
||||||
openssl dgst -sha512 -sign "/nlvmi/nlvmi_priv.key" -out /home/nlvmi/${array[1]}.tmp.sha512 $TMPF
|
openssl dgst -sha512 -sign "/etc/nlvmi/nlvmi_priv.key" -out /home/nlvmi/${array[1]}.tmp.sha512 $TMPF
|
||||||
su nlvmi -c "scp $TMPF* ${array[34]}:/home/nlvmi/"
|
su nlvmi -c "scp $TMPF* ${array[34]}:/home/nlvmi/"
|
||||||
su nlvmi -c "ssh ${array[34]} \"/usr/bin/nlvmi remote $TMPF run\""
|
su nlvmi -c "ssh ${array[34]} \"/usr/bin/nlvmi remote $TMPF run\""
|
||||||
su nlvmi -c "ssh ${array[34]} \"rm $TMPF $TMPF.sha512\""
|
su nlvmi -c "ssh ${array[34]} \"rm $TMPF $TMPF.sha512\""
|
||||||
|
@ -199,7 +199,7 @@ function vmstop {
|
||||||
else
|
else
|
||||||
TMPF=/home/nlvmi/${array[1]}.tmp
|
TMPF=/home/nlvmi/${array[1]}.tmp
|
||||||
echo "kill \$(<\"$RUNDIRECTORY/${array[1]}.pid\")" >$TMPF
|
echo "kill \$(<\"$RUNDIRECTORY/${array[1]}.pid\")" >$TMPF
|
||||||
openssl dgst -sha512 -sign "/nlvmi/nlvmi_priv.key" -out $TMPF.sha512 $TMPF
|
openssl dgst -sha512 -sign "/etc/nlvmi/nlvmi_priv.key" -out $TMPF.sha512 $TMPF
|
||||||
su nlvmi -c "scp $TMPF* ${array[2]}:/home/nlvmi/"
|
su nlvmi -c "scp $TMPF* ${array[2]}:/home/nlvmi/"
|
||||||
# su nlvmi -c "ssh ${array[2]} \"echo \\\"kill \\\$(<\\\"$RUNDIRECTORY/${array[1]}.pid\\\")\\\" >/home/nlvmi/${array[1]}.tmp\""
|
# su nlvmi -c "ssh ${array[2]} \"echo \\\"kill \\\$(<\\\"$RUNDIRECTORY/${array[1]}.pid\\\")\\\" >/home/nlvmi/${array[1]}.tmp\""
|
||||||
su nlvmi -c "ssh ${array[2]} \"/usr/bin/nlvmi remote /home/nlvmi/${array[1]}.tmp stop\""
|
su nlvmi -c "ssh ${array[2]} \"/usr/bin/nlvmi remote /home/nlvmi/${array[1]}.tmp stop\""
|
||||||
|
@ -294,7 +294,7 @@ if [ $# -gt 0 ]; then
|
||||||
if [ ! -z $MASTERSERVER ]; then
|
if [ ! -z $MASTERSERVER ]; then
|
||||||
if `echo $SSH_CLIENT | grep "$MASTERSERVER " &>/dev/null`; then
|
if `echo $SSH_CLIENT | grep "$MASTERSERVER " &>/dev/null`; then
|
||||||
if [ -e $2 ]; then
|
if [ -e $2 ]; then
|
||||||
openssl dgst -sha512 -verify <(openssl x509 -in "/nlvmi/nlvmi_sign.crt" -pubkey -noout) -signature $2.sha512 $2 >/dev/null && /bin/bash $2 || echo "signature failed!!"
|
openssl dgst -sha512 -verify <(openssl x509 -in "/etc/nlvmi/nlvmi_sign.crt" -pubkey -noout) -signature $2.sha512 $2 >/dev/null && /bin/bash $2 || echo "signature failed!!"
|
||||||
# /bin/bash $2;
|
# /bin/bash $2;
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
|
|
Loading…
Reference in New Issue