From: indi <win...@gm...> - 2015-07-02 18:22:24
|
Added root pub certificate to the pureflex account, made passwordless authentication. Removed password from mpa/passwd tables. rspconfig works for some options, but not for all. Pureflex event log shows successful authentication event. I think worth to review xcat code. Regards, Igor С уважением, Игорь On Thu, Jul 2, 2015 at 12:43 PM, <xca...@li...> wrote: > Send xCAT-user mailing list submissions to > xca...@li... > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.sourceforge.net/lists/listinfo/xcat-user > or, via email, send a message with subject or body 'help' to > xca...@li... > > You can reach the person managing the list at > xca...@li... > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of xCAT-user digest..." > > > Today's Topics: > > 1. Re: xCAT-user Digest, Vol 71, Issue 4 (indi) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Thu, 2 Jul 2015 12:43:28 +0300 > From: indi <win...@gm...> > Subject: Re: [xcat-user] xCAT-user Digest, Vol 71, Issue 4 > To: "xca...@li..." > <xca...@li...> > Message-ID: > <CAFg3m7RzKfBh7AHik7Kq0= > Xo-...@ma...> > Content-Type: text/plain; charset="utf-8" > > Hi, > > mpa table looks like > #mpa,username,password,displayname,slots,urlpath,comments,disable > "cmm01","user","passw0rd",,,,, > > > > > ? ?????????, > ????? > > On Thu, Jul 2, 2015 at 3:48 AM, <xca...@li...> > wrote: > > > Send xCAT-user mailing list submissions to > > xca...@li... > > > > To subscribe or unsubscribe via the World Wide Web, visit > > https://lists.sourceforge.net/lists/listinfo/xcat-user > > or, via email, send a message with subject or body 'help' to > > xca...@li... > > > > You can reach the person managing the list at > > xca...@li... > > > > When replying, please edit your Subject line so it is more specific > > than "Re: Contents of xCAT-user digest..." > > > > > > Today's Topics: > > > > 1. Re: how to validate gpg key. (Jonathan Hermann) > > 2. pureflex cmm error (indi) > > 3. Re: how to validate gpg key. (Christopher Samuel) > > 4. Re: pureflex cmm error (Xiao Peng Wang) > > > > > > ---------------------------------------------------------------------- > > > > Message: 1 > > Date: Wed, 1 Jul 2015 10:24:39 +0200 > > From: Jonathan Hermann <jon...@de...> > > Subject: Re: [xcat-user] how to validate gpg key. > > To: xCAT Users Mailing list <xca...@li...> > > Message-ID: > > < > > OF1...@de...> > > Content-Type: text/plain; charset="utf-8" > > > > Just thinking out loud: if Marc-Andr?'s purpose is to validate content > that > > was downloaded via insecure http, then a gpg key downloaded via insecure > > http is somewhat pointless. I mean, statistically, chances are a bit > better > > that only one of both connections gets manipulated (if at all), but > still, > > the whole process in itself is vulnerable. > > > > > > Mit freundlichen Gr??en / Kind regards > > > > Jonathan (Nathan) Hermann > > IT Specialist HPC and HPSS > > Global Technology Services / Data Center Services > > > > IBM Deutschland > > IBM-Allee 1 > > 71139 Ehningen > > Phone: +49-160-98976942 > > E-Mail: jon...@de... > > > > IBM Deutschland Infrastructure Technology Services GmbH > > Gesch?ftsf?hrung: Hendrik Meyer > > Sitz der Gesellschaft: Ehningen / Registergericht: Amtsgericht Stuttgart, > > HRB 727973 > > > > > > > > From: Xiao Peng Wang <wx...@cn...> > > To: xCAT Users Mailing list <xca...@li...> > > Date: 01.07.2015 04:32 > > Subject: Re: [xcat-user] how to validate gpg key. > > > > > > > > There's one here: > > http://sourceforge.net/projects/xcat/files/ubuntu/apt.key/download > > > > Thanks > > Best Regards > > ---------------------------------------------------------------------- > > Wang Xiaopeng (???) > > IBM China System Technology Laboratory > > Tel: 86-10-82453455 > > Email: wx...@cn... > > Address: 28,ZhongGuanCun Software Park,No.8 Dong Bei Wang West Road, > > Haidian District Beijing P.R.China 100193 > > > > (Embedded image moved to file: pic52496.gif)Inactive hide details for > > Marc-andr? Labont? ---2015/06/30 01:38:35---Hi all, I have downloaded > > xcat-core and xcat-dep tar ballMarc-andr? Labont? ---2015/06/30 > > 01:38:35---Hi all, I have downloaded xcat-core and xcat-dep tar balls > and i > > am trying to > > > > From: Marc-andr? Labont? <mar...@ma...> > > To: <xca...@li...> > > Date: 2015/06/30 01:38 > > Subject: [xcat-user] how to validate gpg key. > > > > > > > > Hi all, > > > > I have downloaded xcat-core and xcat-dep tar balls and i am trying to > > find a way to authenticate them prior using them. > > > > First, the downloads are being done over http so they can be manipulated > > by whoever has access to my traffic. I was unsuccessful with trying to > > use https download links. There is always the possibility i might be > > getting a slightly different (compromised) tar ball. > > > > I've found a gpg key located in repodata (repomd.xml.key) in both tar > > balls. > > > > The key i've got has the following ID and fingerprint: > > > > gpg --fingerprint C6565BC9 > > pub 1024D/C6565BC9 2015-01-07 > > Key fingerprint = F75B 1BF6 78B6 44FD F3AA CFC8 60A3 E9AC C656 5BC9 > > uid xCAT Security Key <xc...@cn...> > > > > It can also validate the repomd.xml signature and rpm -K on files do > > report the same key id to be missing: > > > > rpm -K xCAT-server-2.9.1-snap201503190325.noarch.rpm > > xCAT-server-2.9.1-snap201503190325.noarch.rpm: (SHA1) DSA sha1 md5 (GPG) > > NOT OK (MISSING KEYS: GPG#c6565bc9) > > > > Good news, once i know i've got the right key, i should be able to > > proceed with installing the rpms. > > > > Does everyone here is also getting key ID C6565BC9 with the tar balls? > > > > Could xCAT security key be published on the web site, preferably on a > > page that can be accessed over https to increase the level of confidence > > our downloads are not being tampered with? > > > > > > I already published the key i've got to Fedora's public key server here > > so others can compare: > > > > https://keys.fedoraproject.org/pks/lookup?search=0xC6565BC9&op=vindex > > > > regards > > > > Marc-andre > > > > > > > ------------------------------------------------------------------------------ > > > > Don't Limit Your Business. Reach for the Cloud. > > GigeNET's Cloud Solutions provide you with the tools and support that > > you need to offload your IT needs and focus on growing your business. > > Configured For All Businesses. Start Your Cloud Today. > > https://www.gigenetcloud.com/ > > _______________________________________________ > > xCAT-user mailing list > > xCA...@li... > > https://lists.sourceforge.net/lists/listinfo/xcat-user > > > > > > > ------------------------------------------------------------------------------ > > > > Don't Limit Your Business. Reach for the Cloud. > > GigeNET's Cloud Solutions provide you with the tools and support that > > you need to offload your IT needs and focus on growing your business. > > Configured For All Businesses. Start Your Cloud Today. > > https://www.gigenetcloud.com/ > > _______________________________________________ > > xCAT-user mailing list > > xCA...@li... > > https://lists.sourceforge.net/lists/listinfo/xcat-user > > > > -------------- next part -------------- > > A non-text attachment was scrubbed... > > Name: pic52496.gif > > Type: image/gif > > Size: 105 bytes > > Desc: not available > > > > ------------------------------ > > > > Message: 2 > > Date: Wed, 1 Jul 2015 16:34:37 +0300 > > From: indi <win...@gm...> > > Subject: [xcat-user] pureflex cmm error > > To: "xca...@li..." > > <xca...@li...> > > Message-ID: > > <CAFg3m7SnCqnFf5Mqvi5QCsw9mGcUV-QMxaQv+= > > R3i...@ma...> > > Content-Type: text/plain; charset="utf-8" > > > > Hi All, > > > > i'm getting error when trying to configure CMM using rspconfig. Password > > for ipmi in passwd table looks correct. Error looks like that. > > > > rspconfig cmm01 sshcfg snmpcfg > > cmm01: Incorrect Password at /opt/xcat/lib/perl/xCAT/SSHInteract.pm line > > 74. > > cmm01: SNMP: disabled > > > > or > > > > rspconfig cmm sshcfg=enable snmpcfg=enable > > cmm01: Failed to login to cmm01 > > > > Regards, > > Igor > > -------------- next part -------------- > > An HTML attachment was scrubbed... > > > > ------------------------------ > > > > Message: 3 > > Date: Thu, 02 Jul 2015 10:10:57 +1000 > > From: Christopher Samuel <sa...@un...> > > Subject: Re: [xcat-user] how to validate gpg key. > > To: xca...@li... > > Message-ID: <559...@un...> > > Content-Type: text/plain; charset=windows-1252 > > > > On 01/07/15 18:24, Jonathan Hermann wrote: > > > > > Just thinking out loud: if Marc-Andr?'s purpose is to validate content > > that > > > was downloaded via insecure http, then a gpg key downloaded via > insecure > > > http is somewhat pointless. I mean, statistically, chances are a bit > > better > > > that only one of both connections gets manipulated (if at all), but > > still, > > > the whole process in itself is vulnerable. > > > > However, even using https is not necessarily a great thing given the > > recent history of CA security and the general level of (mis)trust in > > centralised PKI systems these days. > > > > There's a nice LWN article on this issue from earlier this year on the > > whole issue (focused mainly on distros, but the issues are the same for > > any open source package): > > > > https://lwn.net/Articles/637595/ > > > > My feeling is that you have to set and clearly state the level of > > paranoia/threat that you are willing to try and work to address and try > > and avoid the temptation to go beyond that level (without updating your > > statement first). > > > > All the best, > > Chris > > -- > > Christopher Samuel Senior Systems Administrator > > VLSCI - Victorian Life Sciences Computation Initiative > > Email: sa...@un... Phone: +61 (0)3 903 55545 > > http://www.vlsci.org.au/ http://twitter.com/vlsci > > > > > > > > > > ------------------------------ > > > > Message: 4 > > Date: Thu, 2 Jul 2015 08:47:33 +0800 > > From: Xiao Peng Wang <wx...@cn...> > > Subject: Re: [xcat-user] pureflex cmm error > > To: xCAT Users Mailing list <xca...@li...> > > Message-ID: > > < > > OF8...@cn...> > > Content-Type: text/plain; charset="gb2312" > > > > Did you set the password for the cmm in the mpa table? This should be the > > require of password of cmm. > > > > Thanks > > Best Regards > > ---------------------------------------------------------------------- > > Wang Xiaopeng (???) > > IBM China System Technology Laboratory > > Tel: 86-10-82453455 > > Email: wx...@cn... > > Address: 28,ZhongGuanCun Software Park,No.8 Dong Bei Wang West Road, > > Haidian District Beijing P.R.China 100193 > > > > > > > > From: indi <win...@gm...> > > To: "xca...@li..." > > <xca...@li...> > > Date: 2015/07/01 21:38 > > Subject: [xcat-user] pureflex cmm error > > > > > > > > Hi All, > > > > i'm getting error when trying to configure CMM using rspconfig. Password > > for ipmi in passwd table looks correct. Error looks like that. > > > > rspconfig cmm01 sshcfg snmpcfg > > cmm01: Incorrect Password at /opt/xcat/lib/perl/xCAT/SSHInteract.pm line > > 74. > > cmm01: SNMP: disabled > > > > or > > > > rspconfig cmm sshcfg=enable snmpcfg=enable > > cmm01: Failed to login to cmm01 > > > > Regards, > > Igor > > > > > ------------------------------------------------------------------------------ > > > > Don't Limit Your Business. Reach for the Cloud. > > GigeNET's Cloud Solutions provide you with the tools and support that > > you need to offload your IT needs and focus on growing your business. > > Configured For All Businesses. Start Your Cloud Today. > > https://www.gigenetcloud.com/ > > _______________________________________________ > > xCAT-user mailing list > > xCA...@li... > > https://lists.sourceforge.net/lists/listinfo/xcat-user > > -------------- next part -------------- > > An HTML attachment was scrubbed... > > -------------- next part -------------- > > A non-text attachment was scrubbed... > > Name: graycol.gif > > Type: image/gif > > Size: 105 bytes > > Desc: not available > > > > ------------------------------ > > > > > > > ------------------------------------------------------------------------------ > > Don't Limit Your Business. Reach for the Cloud. > > GigeNET's Cloud Solutions provide you with the tools and support that > > you need to offload your IT needs and focus on growing your business. > > Configured For All Businesses. Start Your Cloud Today. > > https://www.gigenetcloud.com/ > > > > ------------------------------ > > > > _______________________________________________ > > xCAT-user mailing list > > xCA...@li... > > https://lists.sourceforge.net/lists/listinfo/xcat-user > > > > > > End of xCAT-user Digest, Vol 71, Issue 4 > > **************************************** > > > -------------- next part -------------- > An HTML attachment was scrubbed... > > ------------------------------ > > > ------------------------------------------------------------------------------ > Don't Limit Your Business. Reach for the Cloud. > GigeNET's Cloud Solutions provide you with the tools and support that > you need to offload your IT needs and focus on growing your business. > Configured For All Businesses. Start Your Cloud Today. > https://www.gigenetcloud.com/ > > ------------------------------ > > _______________________________________________ > xCAT-user mailing list > xCA...@li... > https://lists.sourceforge.net/lists/listinfo/xcat-user > > > End of xCAT-user Digest, Vol 71, Issue 8 > **************************************** > |