#!@BASHPATH@
#
-# Copyright (c) 2015-2016 Red Hat, Inc.
+# Copyright (c) 2015-2018 Red Hat, Inc.
#
# All rights reserved.
#
pk12util -i "$CERTIFICATE_FILE" -d "$DB_DIR" -W ""
}
+# Wrapper on top of scp which first copies (scp) file to local machine saving to
+# temporary file and then copies to another remote machine. Standard scp doesn't
+# handle situation with two hosts in one command very well when agent forwarding
+# is used and there is no key between two machines.
+remote_scp() {
+ tmp_file=`mktemp`
+
+ scp "$1" "$tmp_file"
+ scp "$tmp_file" "$2"
+
+ rm -f "$tmp_file"
+}
+
quick_start() {
qnetd_addr="$1"
master_node="$2"
# Copy CA cert to all nodes and initialize them
for node in "$master_node" $other_nodes;do
- scp "root@$qnetd_addr:$CA_EXPORT_FILE" "$node:/tmp"
+ remote_scp "root@$qnetd_addr:$CA_EXPORT_FILE" "root@$node:/tmp/`basename $CA_EXPORT_FILE`"
ssh "root@$node" "$0 -i -c \"/tmp/`basename $CA_EXPORT_FILE`\" && rm /tmp/`basename $CA_EXPORT_FILE`"
done
ssh "root@$master_node" "$0 -r -n \"$CLUSTER_NAME\""
# Copy exported cert request to qnetd server
- scp "root@$master_node:$DB_DIR_NODE/$CRQ_FILE_BASE" "root@$qnetd_addr:/tmp"
+ remote_scp "root@$master_node:$DB_DIR_NODE/$CRQ_FILE_BASE" "root@$qnetd_addr:/tmp/$CRQ_FILE_BASE"
# Sign and export cluster certificate
ssh "root@$qnetd_addr" "$QNETD_CERTUTIL_CMD -s -c \"/tmp/$CRQ_FILE_BASE\" -n \"$CLUSTER_NAME\""
# Copy exported CRT to master node
- scp "root@$qnetd_addr:$DB_DIR_QNETD/cluster-$CLUSTER_NAME.crt" "root@$master_node:$DB_DIR_NODE"
+ remote_scp "root@$qnetd_addr:$DB_DIR_QNETD/cluster-$CLUSTER_NAME.crt" \
+ "root@$master_node:$DB_DIR_NODE/cluster-$CLUSTER_NAME.crt"
# Import certificate
ssh "root@$master_node" "$0 -M -c \"$DB_DIR_NODE/cluster-$CLUSTER_NAME.crt\""
# Copy pk12 cert to all nodes and import it
for node in $other_nodes;do
- scp "root@$master_node:$DB_DIR_NODE/$P12_FILE" "$node:$DB_DIR_NODE/$P12_FILE"
+ remote_scp "root@$master_node:$DB_DIR_NODE/$P12_FILE" "$node:$DB_DIR_NODE/$P12_FILE"
ssh "root@$node" "$0 -m -c \"$DB_DIR_NODE/$P12_FILE\""
done
}