source: fedkit/port_forward.pl @ 88dd6cc

axis_examplecompt_changesinfo-opsversion-3.01version-3.02
Last change on this file since 88dd6cc was 479a7d9, checked in by Ted Faber <faber@…>, 15 years ago

Confirm that remote redirection reaches nodes (an lets this script find them
rather than making fedd do it). Also make sure there are no dupes in the ports
to forward.

  • Property mode set to 100644
File size: 3.3 KB
RevLine 
[7e50f69]1#!/usr/bin/perl
2
3use strict;
4
5use gateway_lib;
6
7use IO::File;
8
9use Getopt::Long;
10
11my $ssh_pubkey;
12my $ssh_privkey;
13my $tunnelip;
14my $peer;
15my @ports;
16my $fedkit_dir= "/usr/local/federation";
17my $perl = "/usr/bin/perl";
18my $iface_file;
19my $ssh = "/usr/bin/ssh";
20my $use_file;
21my $ssh_port=22;
22my %opts = (
23    'ssh_pubkey=s' => \$ssh_pubkey,
24    'ssh_privkey=s' => \$ssh_privkey,
25    'tunnelip' => \$tunnelip,
26    'peer=s' => \$peer,
27    'port=s', \@ports,
28    'fedkit=s' => \$fedkit_dir,
29    'perl=s' => \$perl,
30    'ssh=s' => \$ssh,
31    'ssh_port=s' => \$ssh_port,
32    'use_file' => \$use_file,
33);
34
35exit(20) unless GetOptions(%opts);
36
[97edf0d]37gateway_lib::read_config(gateway_lib::config_filename(), \%opts)
[7e50f69]38    if $use_file;
39
40my $tunnelparam = $tunnelip ? '--tunnelip' : '';
41
42system("$perl -I$fedkit_dir/lib $fedkit_dir/bin/prep_gateway.pl --peer=$peer " .
43    "--ssh_pubkey=$ssh_pubkey $tunnelparam");
44exit(20) if $?;
45
[479a7d9]46# Remove dupes from ports
47my %mark;
48@ports = grep($mark{$_}++, @ports);
49
[7e50f69]50foreach my $p (@ports) {
51    my ($type, $port, $host, $eport) = split(":", $p);
52    $eport = $port unless $eport;
[479a7d9]53    if ($type ne "local") {
54        # We will need to resolve this host name.  Make sure we can.
55        if (!gateway_lib::get_ip($host)) {
56            # the short form isn't resovable. Try the full domain that the
57            # portal is in.  If that doesn't work assume the user knows better
58            # and leave $host untouched.
59            chomp (my $hn = `hostname`);
60            (my $try = $hn) =~ s/^[^\.]+/$host/;
61
62            $host = $try if gateway_lib::get_ip($try);
63        }
64    }
[7e50f69]65    my $fopt =  ($type eq 'local'  ? "-L" : "-R") . " :$port:$host:$eport";
66    my $cmd = "$ssh -N $fopt -p $ssh_port -o \"StrictHostKeyChecking no\" " .
67        "-i $ssh_privkey $peer &";
68    system($cmd);
69    die if $?;
70}
71
72exit(0);
73
74=pod
75
76=head1 NAME
77
78B<port_forward.pl> - Do ssh service port forwarding.
79
80=head1 OPTIONS
81
82=over 8
83
84=item B<fedkit=>I<install_dir>
85
86Directory in which this software is installed.  Generally not needed.
87
88=item B<peer=>I<hostname>
89
90The other gateway providing forwarding.
91
92=item B<perl=>I<perl_binary>
93 
94Location of the perl binary.  Usually unneeded.
95
96=item B<port=>I<port_spec>
97
98Forward the given port.  Each port is given as type:lport:host:rport where
99type can be "local" or "remote".  These correspont to B<-L> and B<-R> ssh
100port forwarding, respectively.  The remaining parameters are exactly as for
101those parameters to ssh.
102
103=item B<ssh=>I<ssh_binary>
104
105The pathname of the ssh binary.  Unusally unnecessary.
106
107=item B<ssh_pubkey=>I<keyfile>
108
109A public to install as authorized.
110
111=item B<ssh_privkey=>I<identity_file>
112
113The identity to use for remote access
114
115=item B<tunnelip>
116
117True if the testbed uses the DETER tunnelip extension to provide external
118connectivity information
119
120=item B<use_file>
121
122If given read additional parameters from the file in
123/proj/I<project>/exp/I<experiment/tmp/I<hostname>.gw/conf where those are the
124current testbed project and experiment and the hostname is before the first
125dot.  The file is option: value.
126
127
128=back
129
130=head1 SYNOPSIS
131
132In addition to providing the key initialization and DETER routing setup for a
133gateway without external access as B<active_config.pl> does, B<forward_port.pl>
134forwards the given ports using ssh.  B<forward_port.pl> does not establish low
135level connectivity tunnels.
136
137
138=head1 AUTHORS
139
140Ted Faber <faber@isi.edu>
141
142=cut
Note: See TracBrowser for help on using the repository browser.