[2edec46] | 1 | #!/usr/bin/perl |
---|
| 2 | |
---|
| 3 | use strict; |
---|
| 4 | |
---|
| 5 | use gateway_lib; |
---|
| 6 | |
---|
| 7 | use IO::File; |
---|
| 8 | |
---|
| 9 | use Getopt::Long; |
---|
| 10 | |
---|
| 11 | my $ssh_pubkey; |
---|
| 12 | my $ssh_privkey; |
---|
| 13 | my $tunnelip; |
---|
| 14 | my $peer; |
---|
| 15 | my $fedkit_dir= "/usr/local/federation"; |
---|
| 16 | my $perl = "/usr/bin/perl"; |
---|
[8d4e4fb] | 17 | my $iface_file = "/var/emulab/boot/ifmap"; |
---|
[2edec46] | 18 | my $ssh = "/usr/bin/ssh"; |
---|
[64e774d] | 19 | my $scp = "/usr/bin/scp"; |
---|
[f8fa72b] | 20 | my $ssh_port = 22; |
---|
[73e0a61] | 21 | my $use_file; |
---|
[2edec46] | 22 | |
---|
[8d4e4fb] | 23 | my %opts = ( |
---|
[2edec46] | 24 | 'ssh_pubkey=s' => \$ssh_pubkey, |
---|
| 25 | 'ssh_privkey=s' => \$ssh_privkey, |
---|
| 26 | 'tunnelip' => \$tunnelip, |
---|
| 27 | 'peer=s' => \$peer, |
---|
| 28 | 'fedkit=s' => \$fedkit_dir, |
---|
| 29 | 'perl=s' => \$perl, |
---|
| 30 | 'interfaces=s' => \$iface_file, |
---|
| 31 | 'ssh=s' => \$ssh, |
---|
[64e774d] | 32 | 'scp=s' => \$scp, |
---|
[f8fa72b] | 33 | 'ssh_port=s' => \$ssh_port, |
---|
[8d4e4fb] | 34 | 'use_file' => \$use_file, |
---|
[2edec46] | 35 | ); |
---|
| 36 | |
---|
[8d4e4fb] | 37 | exit(20) unless GetOptions(%opts); |
---|
| 38 | |
---|
[f8fa72b] | 39 | gateway_lib::read_config(gateway_lib::config_filename(), \%opts) |
---|
[8d4e4fb] | 40 | if $use_file; |
---|
[2edec46] | 41 | |
---|
| 42 | my $tunnelparam = $tunnelip ? '--tunnelip' : ''; |
---|
| 43 | |
---|
| 44 | system("$perl -I$fedkit_dir/lib $fedkit_dir/bin/prep_gateway.pl --peer=$peer " . |
---|
| 45 | "--ssh_pubkey=$ssh_pubkey $tunnelparam"); |
---|
| 46 | exit(20) if $?; |
---|
| 47 | |
---|
| 48 | |
---|
[1899afd] | 49 | print "Waiting for ssh on $peer\n"; |
---|
| 50 | gateway_lib::wait_for_port($peer, 22, 60*60) || |
---|
| 51 | die "ssh never came up on $peer\n"; |
---|
[64e774d] | 52 | my $coord_fn = "$fedkit_dir/etc/prep_done"; |
---|
| 53 | print "Making sure ssh permissions are reset (fetching $coord_fn)\n"; |
---|
| 54 | gateway_lib::testcmd_repeat("$scp -o \"StrictHostKeyChecking no\" " . |
---|
| 55 | "-i $ssh_privkey $peer:$coord_fn /tmp", 5*60); |
---|
[1899afd] | 56 | |
---|
[55779d4] | 57 | if (my $f = new IO::File($iface_file)) { |
---|
| 58 | my $ifnum = 0; |
---|
| 59 | while (<$f>) { |
---|
| 60 | /([[:alnum:]]+)\s+([\d\.]+)/ && do { |
---|
| 61 | my ($iface, $addr) = ($1, $2); |
---|
| 62 | |
---|
[f8fa72b] | 63 | my $cmd = "$ssh -w $ifnum:$ifnum -p $ssh_port " . |
---|
| 64 | "-o \"Tunnel ethernet\" -o \"StrictHostKeyChecking no\" " . |
---|
| 65 | "-i $ssh_privkey $peer perl -I$fedkit_dir/lib ". |
---|
| 66 | "$fedkit_dir/bin/setup_bridge.pl --tapno=$ifnum --dest=$addr &"; |
---|
[55779d4] | 67 | system($cmd); |
---|
| 68 | die if $?; |
---|
| 69 | gateway_lib::bind_tap_to_iface($ifnum, $iface, $addr); |
---|
| 70 | $ifnum++; |
---|
| 71 | }; |
---|
| 72 | } |
---|
| 73 | $f->close(); |
---|
| 74 | } |
---|
| 75 | else { |
---|
| 76 | warn "Can't open $iface_file: $!\n"; |
---|
[2edec46] | 77 | } |
---|
| 78 | exit(0); |
---|
[2b35261] | 79 | |
---|
| 80 | =pod |
---|
| 81 | |
---|
| 82 | =head1 NAME |
---|
| 83 | |
---|
| 84 | B<active_config.pl> - Configure an active connectivity gateway under the DETER Federation Architecture |
---|
| 85 | |
---|
| 86 | =head1 OPTIONS |
---|
| 87 | |
---|
| 88 | =over 8 |
---|
| 89 | |
---|
| 90 | =item B<fedkit=>I<install_dir> |
---|
| 91 | |
---|
| 92 | Directory in which this software is installed. Generally not needed. |
---|
| 93 | |
---|
| 94 | =item B<interfaces=>I<interface table> |
---|
| 95 | |
---|
| 96 | A list of interfaces to forward data on of the form: |
---|
| 97 | |
---|
| 98 | =begin text |
---|
| 99 | |
---|
| 100 | iface ip_addr |
---|
| 101 | |
---|
| 102 | =end text |
---|
| 103 | |
---|
| 104 | The interface is the operating system name of the interface and the IP address |
---|
| 105 | is given in standard dotted decimal notation. Other characters on a line are |
---|
| 106 | ignored. |
---|
| 107 | |
---|
| 108 | =item B<peer=>I<hostname> |
---|
| 109 | |
---|
| 110 | The other gateway providing forwarding. |
---|
| 111 | |
---|
| 112 | =item B<perl=>I<perl_binary> |
---|
| 113 | |
---|
| 114 | Location of the perl binary. Usually unneeded. |
---|
| 115 | |
---|
| 116 | =item B<ssh=>I<ssh_binary> |
---|
| 117 | |
---|
| 118 | The pathname of the ssh binary. Unusally unnecessary. |
---|
| 119 | |
---|
| 120 | =item B<ssh_pubkey=>I<keyfile> |
---|
| 121 | |
---|
| 122 | A public to install as authorized. |
---|
| 123 | |
---|
| 124 | =item B<ssh_privkey=>I<identity_file> |
---|
| 125 | |
---|
| 126 | The identity to use for remote access |
---|
| 127 | |
---|
| 128 | =item B<tunnelip> |
---|
| 129 | |
---|
| 130 | True if the testbed uses the DETER tunnelip extension to provide external |
---|
| 131 | connectivity information |
---|
| 132 | |
---|
[8d4e4fb] | 133 | =item B<use_file> |
---|
| 134 | |
---|
| 135 | If given read additional parameters from the file in |
---|
[c6d6c43] | 136 | /proj/I<project>/exp/I<experiment>/tmp/I<hostname>.gw/conf where those are the |
---|
[8d4e4fb] | 137 | current testbed project and experiment and the hostname is before the first |
---|
| 138 | dot. The file is option: value. |
---|
| 139 | |
---|
| 140 | |
---|
[2b35261] | 141 | =back |
---|
| 142 | |
---|
| 143 | =head1 SYNOPSIS |
---|
| 144 | |
---|
| 145 | B<active_config.pl> initiates the active side of the connectivity connection, |
---|
| 146 | which is to say that it: |
---|
| 147 | |
---|
| 148 | =over 4 |
---|
| 149 | |
---|
| 150 | =item * |
---|
| 151 | |
---|
| 152 | Installs local keys and reconfigures that local ssh system to do link layer |
---|
| 153 | tunneling. |
---|
| 154 | |
---|
| 155 | =item * |
---|
| 156 | |
---|
| 157 | Starts a tunnel for each interface in the given interface table, both locally |
---|
| 158 | and remotely. |
---|
| 159 | |
---|
| 160 | =back |
---|
| 161 | |
---|
| 162 | =head1 AUTHORS |
---|
| 163 | |
---|
| 164 | Ted Faber <faber@isi.edu> |
---|
| 165 | |
---|
| 166 | =cut |
---|