qdevice-net-certutil: Implement scp wrapper

author Jan Friesse <jfriesse@redhat.com>

Wed, 8 Aug 2018 13:20:02 +0000 (09:20 -0400)

committer Jan Friesse <jfriesse@redhat.com>

Thu, 9 Aug 2018 11:59:44 +0000 (13:59 +0200)
author Jan Friesse <jfriesse@redhat.com>
Wed, 8 Aug 2018 13:20:02 +0000 (09:20 -0400)
committer Jan Friesse <jfriesse@redhat.com>
Thu, 9 Aug 2018 11:59:44 +0000 (13:59 +0200)
diff --git a/qdevices/corosync-qdevice-net-certutil.sh b/qdevices/corosync-qdevice-net-certutil.sh

index 27fd2d5bab7087a5a7e1623de66e33466594b49b..45f191acbc1157b6850c752cfb0d67720d118dc7 100644 (file)
--- a/qdevices/corosync-qdevice-net-certutil.sh
+++ b/qdevices/corosync-qdevice-net-certutil.sh
@@ -1,7 +1,7 @@
  #!@BASHPATH@
  
  #
-# Copyright (c) 2015-2016 Red Hat, Inc.
+# Copyright (c) 2015-2018 Red Hat, Inc.
  #
  # All rights reserved.
  #
@@ -207,6 +207,19 @@ import_pk12() {
      pk12util -i "$CERTIFICATE_FILE" -d "$DB_DIR" -W ""
  }
  
+# Wrapper on top of scp which first copies (scp) file to local machine saving to
+# temporary file and then copies to another remote machine. Standard scp doesn't
+# handle situation with two hosts in one command very well when agent forwarding
+# is used and there is no key between two machines.
+remote_scp() {
+    tmp_file=`mktemp`
+
+    scp "$1" "$tmp_file"
+    scp "$tmp_file" "$2"
+
+    rm -f "$tmp_file"
+}
+
  quick_start() {
      qnetd_addr="$1"
      master_node="$2"
@@ -232,7 +245,7 @@ quick_start() {
  
      # Copy CA cert to all nodes and initialize them
      for node in "$master_node" $other_nodes;do
-        scp "root@$qnetd_addr:$CA_EXPORT_FILE" "$node:/tmp"
+        remote_scp "root@$qnetd_addr:$CA_EXPORT_FILE" "root@$node:/tmp/`basename $CA_EXPORT_FILE`"
          ssh "root@$node" "$0 -i -c \"/tmp/`basename $CA_EXPORT_FILE`\" && rm /tmp/`basename $CA_EXPORT_FILE`"
      done
  
@@ -240,20 +253,21 @@ quick_start() {
      ssh "root@$master_node" "$0 -r -n \"$CLUSTER_NAME\""
  
      # Copy exported cert request to qnetd server
-    scp "root@$master_node:$DB_DIR_NODE/$CRQ_FILE_BASE" "root@$qnetd_addr:/tmp"
+    remote_scp "root@$master_node:$DB_DIR_NODE/$CRQ_FILE_BASE" "root@$qnetd_addr:/tmp/$CRQ_FILE_BASE"
  
      # Sign and export cluster certificate
      ssh "root@$qnetd_addr" "$QNETD_CERTUTIL_CMD -s -c \"/tmp/$CRQ_FILE_BASE\" -n \"$CLUSTER_NAME\""
  
      # Copy exported CRT to master node
-    scp "root@$qnetd_addr:$DB_DIR_QNETD/cluster-$CLUSTER_NAME.crt" "root@$master_node:$DB_DIR_NODE"
+    remote_scp "root@$qnetd_addr:$DB_DIR_QNETD/cluster-$CLUSTER_NAME.crt" \
+        "root@$master_node:$DB_DIR_NODE/cluster-$CLUSTER_NAME.crt"
  
      # Import certificate
      ssh "root@$master_node" "$0 -M -c \"$DB_DIR_NODE/cluster-$CLUSTER_NAME.crt\""
  
      # Copy pk12 cert to all nodes and import it
      for node in $other_nodes;do
-        scp "root@$master_node:$DB_DIR_NODE/$P12_FILE" "$node:$DB_DIR_NODE/$P12_FILE"
+        remote_scp "root@$master_node:$DB_DIR_NODE/$P12_FILE" "$node:$DB_DIR_NODE/$P12_FILE"
          ssh "root@$node" "$0 -m -c \"$DB_DIR_NODE/$P12_FILE\""
      done
  }
author	Jan Friesse <jfriesse@redhat.com>
	Wed, 8 Aug 2018 13:20:02 +0000 (09:20 -0400)
committer	Jan Friesse <jfriesse@redhat.com>
	Thu, 9 Aug 2018 11:59:44 +0000 (13:59 +0200)