source: fedkit/fed-tun.pl @ c9f5490

axis_examplecompt_changesinfo-opsversion-1.30version-2.00version-3.01version-3.02
Last change on this file since c9f5490 was c9f5490, checked in by Kevin Lahey <lahey@…>, 17 years ago

Script used to establish tunnels for early prototype federation.
  • Property mode set to 100755
File size: 6.1 KB
Line 
1#!/usr/bin/perl -w
2
3# Kevin Lahey, lahey@isi.edu
4# July 11, 2007
5
6# Set up ssh tunnel infrastructure for federation:
7#
8# * Set up the synchronization system
9#
10# * Figure out our location.
11#   From DETER:
12#       + bring up em0 and assign the appropriate address (with only one
13#         tunnel node, this'll be static)
14#       + ssh out to WAIL node using the experiment name, creating a tunnel
15#       for each of the experimental interfaces that is up (one, for now)
16#
17#   From WAIL:
18#       + exit and wait for the ssh from DETER, which'll trigger the
19#       setup of everything else
20#
21# * pick out the experimental interface, remove the IP address
22#
23# * identify the tun interface created, and bridge it to the
24#   experimental interface
25
26use strict;
27use Getopt::Std;
28use POSIX qw(strftime);
29use Sys::Hostname;
30
31my $TMCC = "/usr/local/etc/emulab/tmcc";
32my $SSH = "/usr/local/bin/ssh";
33my $HOME = "/users/lahey";
34
35# Where are we gonna get this info from!?  Hardcoding is definitely not
36# gonna happen!
37
38my $tunnel_ip = "206.117.25.26";
39my $tunnel_iface = "em0";
40my $remote_node = "detertunnel.";
41my $remote_node_domain = ".deter.emulab.net";
42my $ssh_port_fwds = "-R :139:users.isi.deterlab.net:139 -R :7777:boss.isi.deterlab.net:7777";
43
44my $debug = 1;
45my $remote;
46
47my $count;
48my $addr;
49
50sub find_new_tun;
51sub setup_network($; $; $; $);
52
53# Option use is as follows:
54#    -r         remote execution on WAIL;  set up as appropriate
55
56my $usage = "Usage: fed-tun.pl [-t remote-testbed-fqdn] [-r hostname count]\n";
57
58my %opts;
59if ($#ARGV != 0 && !getopts('rt:', \%opts)) {
60    die "$usage";
61}
62
63
64if (defined($opts{'t'})) {
65    $remote_node_domain = $opts{'t'};
66}
67
68if (defined($opts{'r'})) {
69    $remote = 1;
70    die "$usage" if ($#ARGV != 1);
71   
72    $count = pop @ARGV;
73    $addr = pop @ARGV;
74}
75
76# Set up synchronization, so that the various user machines won't try to
77# contact boss before the tunnels are set up.
78
79# XXX:  put off for now
80
81# Need these to make the Ethernet tap and bridge to work...
82
83system("kldload /boot/kernel/if_bridge.ko");
84system("kldload /boot/kernel/if_tap.ko");
85
86# Ask tmcd to figure out experiment and project;  these should
87# be available as environment variables (PID, EID, and NODE) for
88# a startup script, but if run explicitly, we might not have 'em.
89
90my $project;
91my $experiment;
92my $node_id;
93
94open(TMCD, "$TMCC status |") || die "tmcc failed\n";
95while (<TMCD>) {
96    print if ($debug);
97    if (/ALLOCATED=([\w\-]+)\/([\w\-]+) NICKNAME=([\w\-]+)/) {
98        $project = $1;
99        $experiment = $2;
100        $node_id = $3;
101    }
102}
103close(TMCD);
104
105die "Didn't find experiment or project name\n" if (!$project || !$experiment);
106
107print "project $project experiment $experiment node $node_id\n" if ($debug);
108
109
110# Figure out whether we're sourcing the tunnel or sinking it.  For now
111# I'll do something ugly and use the hostname.
112
113my $hostname = hostname();
114my @names = split(/\./, $hostname);
115
116if ($#names > 1) {
117    my $domain = $names[$#names - 1];
118    if (!$remote && $domain ne "deterlab") {
119        # Fix up ssh (ugh!)
120        system("sed 's/tunnel.simplefed/wailtunnel.$experiment/' $HOME/root-id_rsa.pub >> /root/.ssh/authorized_keys");
121        die "Not on DETER;  exiting for now\n";
122    }
123} else {
124    die "Failed to find a name for this host;  exiting\n";
125}
126
127if (!$remote) {
128    # If we're at DETER, open up a separate tunnel to the remote host for
129    # each of the different experiment net interfaces on this machine.
130    # Execute this startup script on the far end, but with the -r option
131    # to indicate that it's getting invoked remotely and should start
132    # setting up.
133
134    # Lame DETER setup hacks:
135
136    system("ifconfig $tunnel_iface $tunnel_ip");
137    system("route add -net 198.133.225.59 -netmask 0xffffff00 206.117.25.1");
138    system("route add -net 155.98.33.0 -netmask 0xfffff000 206.117.25.1");
139    system("route add 128.9.160.161 206.117.25.1");
140
141    # XXX:  fix up ssh.  Ugh.
142
143    system("cp $HOME/root-id_rsa /root/.ssh/id_rsa");
144    system("cp $HOME/root-id_rsa.pub /root/.ssh/id_rsa.pub");
145
146    # XXX:  Do we need to clear out previously created bridge interfaces?
147
148    my $remote_name = $remote_node . $experiment . $remote_node_domain;
149    my $count = 0;
150
151    open(IFFILE, "/var/emulab/boot/ifmap") || die "couldn't open ifmap\n";
152    while (<IFFILE>) {
153        my @a = split(' ');
154        my $iface = $a[0];
155        my $addr = $a[1];
156        my $bridge = "bridge" . $count;
157        my $tun = "tap" . $count;
158
159        print "Found $iface, $addr, to bridge on $bridge\n" if ($debug);
160
161        system("$SSH -w $count:$count $ssh_port_fwds $remote_name \"$HOME/fed-tun.pl -r $addr $count\" &");
162
163        # XXX:  Ack, ssh will never return, since it's doing tunneling.
164        #       Unfortunately, though, it also could take quite a few seconds
165        #       to do the DNS lookup and actually run the command on the
166        #       other side.  Hence, the delay.  Shudder:
167
168        sleep 10;
169
170        setup_network($tun, $bridge, $iface, $addr);
171        $count++;
172    }
173    close(IFFILE);
174} else {
175    # We're on the remote system;  for now, we just grab and use
176    # the one experimental interface.  Later, we'll actually look
177    # at the address passed to match up the appropriate interfaces.
178
179    my $iter = 0;
180
181    open(IFFILE, "/var/emulab/boot/ifmap") || die "couldn't open ifmap\n";
182    while (<IFFILE>) {
183        die "Argh, too many experimental interfaces!" if ($iter > 0);
184        my @a = split(' ');
185        my $iface = $a[0];
186        my $addr = $a[1];
187        my $bridge = "bridge" . $count;
188        my $tun = "tap" . $count;
189
190        setup_network($tun, $bridge, $iface, $addr);
191        $iter++;
192    }
193    close(IFFILE);
194}
195
196print "all done!\n" if ($debug);
197exit;
198
199# XXX:  Unused.  Find the name of the new tunnel interface
200
201my %tuns_used;
202
203sub find_new_tun {
204    my @tuns = split(/ /, `ifconfig -l`);
205    my $tun;
206
207    print @tuns . "\n";
208
209    foreach my $tun (@tuns) {
210        print "Looking at $tun\n";
211        if (!$tuns_used{$tun}) {
212            $tuns_used{$tun} = 1;
213            print "Found $tun\n";
214            return $tun;
215        }
216    }
217}
218
219# Set up the bridging for the new stuff...
220
221sub setup_network($; $; $; $) {
222    my ($tun, $bridge, $iface, $addr) = @_;
223
224    print "Got new $tun\n" if ($debug);
225    print "setting up $bridge with $iface and nuking $addr\n" if ($debug);
226
227    system("ifconfig $bridge create");
228    system("ifconfig $iface delete $addr");
229    system("ifconfig $bridge addm $iface up");
230    system("ifconfig $bridge addm $tun");
231}
Note: See TracBrowser for help on using the repository browser.