@@ -8,16 +8,15 @@ unique template features/ssh/ce;
88
99# If CE_USE_SSH is undef, check NFS configuration to determine
1010# if it is required
11- variable SSH_HOSTBASED_AUTH? =
12- if ( ! exists (CE_USE_SSH) || ! is_defined (CE_USE_SSH) ) {
11+ variable SSH_HOSTBASED_AUTH? = if ( ! exists (CE_USE_SSH) || ! is_defined (CE_USE_SSH) ) {
1312 if ( exists (CE_SHARED_HOMES) && is_defined (CE_SHARED_HOMES) && CE_SHARED_HOMES ) {
14- return (false);
13+ return (false);
1514 } else {
16- return (true);
15+ return (true);
1716 };
18- } else {
17+ } else {
1918 return (CE_USE_SSH);
20- };
19+ };
2120
2221# Configure also RSH hosts.equiv. Default : false.
2322# 3 possible values :
@@ -27,162 +26,158 @@ variable SSH_HOSTBASED_AUTH ?=
2726# There is normally no need to create hosts.equiv.
2827variable VAR_EXISTSexists (RSH_HOSTS_EQUIV);
2928variable RSH_HOSTS_EQUIV? = if (VAR_EXISTS) {
30- return (RSH_HOSTS_EQUIV);
31- } else {
32- return (false);
33- };
29+ return (RSH_HOSTS_EQUIV);
30+ } else {
31+ return (false);
32+ };
3433
3534# If true allow hostauthentification for localhost only
3635variable SSH_HOSTBASED_AUTH_LOCAL? = false;
3736
3837# Used to set the value of SSH configuration options in SSH configuration files
39- variable SSH_HOSTBASED_CONFIG
40- if ( SSH_HOSTBASED_AUTH ) {
38+ variable SSH_HOSTBASED_CONFIGif ( SSH_HOSTBASED_AUTH ) {
4139 return (" yes" ;
42- } else {
40+ } else {
4341 return (" no" ;
44- };
42+ };
4543
4644# Build list of WNs + CE + TORQUE_SERVER_CLIENTS to be used to produce hosts.equiv and shosts.equiv.
4745# Set it to an empty list if SSH_HOSTBASED_CONFIG is false.
4846
4947variable CE_HOST_LIST
50- value = ' ' ;
51-
52- # CE hosts
53- foreach (i; ce; CE_HOSTS) {
54- value = value + ce + " \n" ;
55- };
56- if (exists (CE_PRIV_HOST) && is_defined (CE_PRIV_HOST)) {
57- value = value + CE_PRIV_HOST + " \n" ;
58- };
59-
60- # Worker nodes
61- wns = WORKER_NODES;
62- ok = first (wns,k, v);
63- while (ok) {
64- value = value + v + " \n" ;
65- ok = next (wns,k, v);
66- };
67-
68- # Additional Torque clients
69- if (exists (TORQUE_SERVER_CLIENTS) && is_defined (TORQUE_SERVER_CLIENTS)) {
70- torallow = TORQUE_SERVER_CLIENTS;
71- ok = first (torallow,k, v);
72- while (ok) {
73- value = value + v + " \n" ;
74- ok = next (torallow,k, v);
75- };
76- };
77- value ;
48+ value = ' ' ;
49+
50+ # CE hosts
51+ foreach (i; ce; CE_HOSTS) {
52+ value = value + ce + " \n" ;
53+ };
54+ if (exists (CE_PRIV_HOST) && is_defined (CE_PRIV_HOST)) {
55+ value = value + CE_PRIV_HOST + " \n" ;
56+ };
57+
58+ # Worker nodes
59+ wns = WORKER_NODES;
60+ ok = first (wns, k, v);
61+ while (ok) {
62+ value = value + v + " \n" ;
63+ ok = next (wns, k, v);
64+ };
65+
66+ # Additional Torque clients
67+ if (exists (TORQUE_SERVER_CLIENTS) && is_defined (TORQUE_SERVER_CLIENTS)) {
68+ torallow = TORQUE_SERVER_CLIENTS;
69+ ok = first (torallow, k, v);
70+ while (ok) {
71+ value = value + v + " \n" ;
72+ ok = next (torallow, k, v);
73+ };
74+ };
75+ value ;
7876};
7977
80- variable SHOSTS_EQUIV_LIST
81- if ( SSH_HOSTBASED_AUTH ) {
78+ variable SHOSTS_EQUIV_LISTif ( SSH_HOSTBASED_AUTH ) {
8279 return (CE_HOST_LIST);
83- } else if ( SSH_HOSTBASED_AUTH_LOCAL ) {
80+ } else if ( SSH_HOSTBASED_AUTH_LOCAL ) {
8481 # return(FULL_HOSTNAME + "\n" + CE_HOST);
8582 return (FULL_HOSTNAME);
86- } else {
83+ } else {
8784 return (" " ;
88- };
85+ };
8986
9087# If RSH_HOSTS_EQUIV is false, add at least CEs which are not the LRMS
9188# master if configuring the LRMS master node.
9289# This is required for authorizing their use of Torque client commands.
9390variable HOSTS_EQUIV_LIST
94- if ( is_defined (RSH_HOSTS_EQUIV) && RSH_HOSTS_EQUIV ) {
95- contents = CE_HOST_LIST;
96- } else if ( FULL_HOSTNAME == LRMS_SERVER_HOST ) {
97- contents = ' ' ;
98- foreach (i; ce; CE_HOSTS) {
99- if ( ce ! = FULL_HOSTNAME ) {
100- contents = contents + ce + " \n" ;
101- };
91+ if ( is_defined (RSH_HOSTS_EQUIV) && RSH_HOSTS_EQUIV ) {
92+ contents = CE_HOST_LIST;
93+ } else if ( FULL_HOSTNAME == LRMS_SERVER_HOST ) {
94+ contents = ' ' ;
95+ foreach (i; ce; CE_HOSTS) {
96+ if ( ce ! = FULL_HOSTNAME ) {
97+ contents = contents + ce + " \n" ;
98+ };
99+ };
100+ } else {
101+ contents = ' ' ;
102102 };
103- } else {
104- contents = ' ' ;
105- };
106- contents;
103+ contents;
107104};
108105
109106
110107# ----------------------------------------------------------------------------
111108# Build SSH client configuration
112109# ----------------------------------------------------------------------------
113- include { ' components/filecopy/config' } ;
110+ include ' components/filecopy/config' ;
114111
115- variable SSH_HOSTBASED_CONFIG
116- if (( SSH_HOSTBASED_AUTH) || (SSH_HOSTBASED_AUTH_LOCAL))
117- return (" yes" ;
118- } else {
119- return (" no" ;
120- };
112+ variable SSH_HOSTBASED_CONFIGif (( SSH_HOSTBASED_AUTH) || (SSH_HOSTBASED_AUTH_LOCAL))
113+ return (" yes" ;
114+ } else {
115+ return (" no" ;
116+ };
121117
122118variable CONTENTS<< EOF ;
123119Host *
124120Protocol 2,1
125- RhostsRSAAuthentication yes
126- RSAAuthentication yes
127- PasswordAuthentication yes
128- EnableSSHKeysign yes
121+ RhostsRSAAuthentication yes
122+ RSAAuthentication yes
123+ PasswordAuthentication yes
124+ EnableSSHKeysign yes
129125EOF
130- variable CONTENTS
131- " HostbasedAuthentication " " \n" ;
126+ variable CONTENTS" HostbasedAuthentication " " \n" ;
132127
133128
134- " /software/components/filecopy/services"
135- npush( escape (" /etc/ssh/ssh_config"
136- nlist( " config"
137- ' owner' ' root:root'
138- ' perms' ' 0644'
139- ),
140- );
129+ " /software/components/filecopy/services" npush(
130+ escape (" /etc/ssh/ssh_config" dict (
131+ " config"
132+ ' owner' ' root:root'
133+ ' perms' ' 0644'
134+ ),
135+ );
141136
142137
143138# ----------------------------------------------------------------------------
144139# Build SSH server configuration
145140# ----------------------------------------------------------------------------
146- include { ' components/filecopy/config' } ;
147- include { ' components/ssh/config' } ;
141+ include ' components/filecopy/config' ;
142+ include ' components/ssh/config' ;
148143
149144# Configure ssh for host-based authentication.
150145" /software/components/ssh/daemon/options"
151- debug (' SSH_DAEMON_SITE_CONFIG=' + to_string (SSH_DAEMON_SITE_CONFIG));
152- if (is_defined (SSH_DAEMON_SITE_CONFIG) || is_null (SSH_DAEMON_SITE_CONFIG) ) {
153- SSH_DAEMON_SITE_CONFIG;
154- } else {
146+ debug (' SSH_DAEMON_SITE_CONFIG=' + to_string (SSH_DAEMON_SITE_CONFIG));
147+ if (is_defined (SSH_DAEMON_SITE_CONFIG) || is_null (SSH_DAEMON_SITE_CONFIG) ) {
148+ SSH_DAEMON_SITE_CONFIG;
149+ } else {
155150 SELF[' IgnoreUserKnownHosts' ' yes' ;
156151 SELF[' HostbasedAuthentication' ;
157152 SELF[' IgnoreRhosts' ' yes' ;
158153 SELF[' RhostsRSAAuthentication' ' no' ;
159- # SELF['KeepAlive'] = 'yes';
160- SELF;
161- };
154+ # SELF['KeepAlive'] = 'yes';
155+ SELF;
156+ };
162157};
163158
164159# Create shosts.equiv file.
165- ' /software/components/filecopy/services'
166- npush( escape (' /etc/ssh/shosts.equiv'
167- nlist( ' config'
168- ' owner' ' root:root'
169- ' perms' ' 0644'
170- ),
171- );
160+ ' /software/components/filecopy/services' npush(
161+ escape (' /etc/ssh/shosts.equiv' dict (
162+ ' config'
163+ ' owner' ' root:root'
164+ ' perms' ' 0644'
165+ ),
166+ );
172167
173168
174169# ----------------------------------------------------------------------------
175170# Create RSH hosts.equiv if requested
176171# ----------------------------------------------------------------------------
177172
178- ' /software/components/filecopy/services'
179- if ( is_defined (RSH_HOSTS_EQUIV) ) {
180- npush( escape (' /etc/hosts.equiv'
181- nlist( ' config'
173+ ' /software/components/filecopy/services' if ( is_defined (RSH_HOSTS_EQUIV) ) {
174+ npush(
175+ escape (' /etc/hosts.equiv' dict (
176+ ' config'
182177 ' owner' ' root:root'
183178 ' perms' ' 0644'
184- ),
185- );
186- } else {
179+ ),
180+ );
181+ } else {
187182 return (SELF);
188- };
183+ };
0 commit comments