source: fedkit/active_config.pl @ 64e774d

axis_examplecompt_changesinfo-opsversion-3.01version-3.02
Last change on this file since 64e774d was 64e774d, checked in by Ted Faber <faber@…>, 10 years ago

More careful synchronization of reconfigured sshd's

  • Property mode set to 100644
File size: 3.6 KB
Line 
1#!/usr/bin/perl
2
3use strict;
4
5use gateway_lib;
6
7use IO::File;
8
9use Getopt::Long;
10
11my $ssh_pubkey;
12my $ssh_privkey;
13my $tunnelip;
14my $peer;
15my $fedkit_dir= "/usr/local/federation";
16my $perl = "/usr/bin/perl";
17my $iface_file = "/var/emulab/boot/ifmap";
18my $ssh = "/usr/bin/ssh";
19my $scp = "/usr/bin/scp";
20my $ssh_port = 22;
21my $use_file;
22
23my %opts = (
24    'ssh_pubkey=s' => \$ssh_pubkey,
25    'ssh_privkey=s' => \$ssh_privkey,
26    'tunnelip' => \$tunnelip,
27    'peer=s' => \$peer,
28    'fedkit=s' => \$fedkit_dir,
29    'perl=s' => \$perl,
30    'interfaces=s' => \$iface_file,
31    'ssh=s' => \$ssh,
32    'scp=s' => \$scp,
33    'ssh_port=s' => \$ssh_port,
34    'use_file' => \$use_file,
35);
36
37exit(20) unless GetOptions(%opts);
38
39gateway_lib::read_config(gateway_lib::config_filename(), \%opts)
40    if $use_file;
41
42my $tunnelparam = $tunnelip ? '--tunnelip' : '';
43
44system("$perl -I$fedkit_dir/lib $fedkit_dir/bin/prep_gateway.pl --peer=$peer " .
45    "--ssh_pubkey=$ssh_pubkey $tunnelparam");
46exit(20) if $?;
47
48
49print "Waiting for ssh on $peer\n";
50gateway_lib::wait_for_port($peer, 22, 60*60) || 
51    die "ssh never came up on $peer\n";
52my $coord_fn = "$fedkit_dir/etc/prep_done";
53print "Making sure ssh permissions are reset (fetching $coord_fn)\n";
54gateway_lib::testcmd_repeat("$scp -o \"StrictHostKeyChecking no\" " .
55    "-i $ssh_privkey $peer:$coord_fn /tmp", 5*60);
56
57if (my $f = new IO::File($iface_file)) {
58    my $ifnum = 0;
59    while (<$f>) {
60        /([[:alnum:]]+)\s+([\d\.]+)/ && do {
61            my ($iface, $addr) = ($1, $2);
62
63            my $cmd = "$ssh -w $ifnum:$ifnum -p $ssh_port " . 
64                "-o \"Tunnel ethernet\" -o \"StrictHostKeyChecking no\" " .
65                "-i $ssh_privkey $peer perl -I$fedkit_dir/lib ".
66                "$fedkit_dir/bin/setup_bridge.pl --tapno=$ifnum --dest=$addr &";
67            system($cmd);
68            die if $?;
69            gateway_lib::bind_tap_to_iface($ifnum, $iface, $addr);
70            $ifnum++;
71        };
72    }
73    $f->close();
74}
75else {
76    warn "Can't open $iface_file: $!\n";
77}
78exit(0);
79
80=pod
81
82=head1 NAME
83
84B<active_config.pl> - Configure an active connectivity gateway under the DETER Federation Architecture
85
86=head1 OPTIONS
87
88=over 8
89
90=item B<fedkit=>I<install_dir>
91
92Directory in which this software is installed.  Generally not needed.
93
94=item B<interfaces=>I<interface table>
95
96A list of interfaces to forward data on of the form:
97
98=begin text
99
100iface ip_addr
101
102=end text
103
104The interface is the operating system name of the interface and the IP address
105is given in standard dotted decimal notation.  Other characters on a line are
106ignored.
107
108=item B<peer=>I<hostname>
109
110The other gateway providing forwarding.
111
112=item B<perl=>I<perl_binary>
113 
114Location of the perl binary.  Usually unneeded.
115
116=item B<ssh=>I<ssh_binary>
117
118The pathname of the ssh binary.  Unusally unnecessary.
119
120=item B<ssh_pubkey=>I<keyfile>
121
122A public to install as authorized.
123
124=item B<ssh_privkey=>I<identity_file>
125
126The identity to use for remote access
127
128=item B<tunnelip>
129
130True if the testbed uses the DETER tunnelip extension to provide external
131connectivity information
132
133=item B<use_file>
134
135If given read additional parameters from the file in
136/proj/I<project>/exp/I<experiment/tmp/I<hostname>.gw/conf where those are the
137current testbed project and experiment and the hostname is before the first
138dot.  The file is option: value.
139
140
141=back
142
143=head1 SYNOPSIS
144
145B<active_config.pl> initiates the active side of the connectivity connection,
146which is to say that it:
147
148=over 4
149
150=item *
151
152Installs local keys and reconfigures that local ssh system to do link layer
153tunneling.
154
155=item *
156
157Starts a tunnel for each interface in the given interface table, both locally
158and remotely.
159
160=back
161
162=head1 AUTHORS
163
164Ted Faber <faber@isi.edu>
165
166=cut
Note: See TracBrowser for help on using the repository browser.