source: fedkit/prep_gateway.pl

Last change on this file was 2c16731, checked in by Ted Faber <faber@…>, 6 years ago

Ping hosts on tap establishment

  • Property mode set to 100644
File size: 3.7 KB
Line 
1#!/usr/bin/perl
2
3use strict;
4
5use gateway_lib;
6
7use Getopt::Long;
8use File::Copy;
9use IO::File;
10
11my $ssh_pubkey;
12my $tunnelip;
13my $peer;
14my $use_file;
15my $fed_dir = "/usr/local/federation/";
16my %opts = (
17    'ssh_pubkey=s' => \$ssh_pubkey,
18    'tunnelip' => \$tunnelip,
19    'peer=s' => \$peer,
20    'use_file' => \$use_file,
21);
22
23exit(20) unless GetOptions(%opts);
24
25if ($use_file) {
26    gateway_lib::read_config(gateway_lib::config_filename(), \%opts)
27}
28
29my $uname = `uname`;
30chomp $uname;
31
32# on portals make sure client.conf is in the override position (in fed_dir).
33my $client_conf = gateway_lib::client_conf_filename();
34
35copy($client_conf, "$fed_dir/etc/client.conf") 
36    unless $client_conf =~ /^$fed_dir/;
37
38if ($uname =~ /Linux/) {
39    # Restart sshd with tunnel params
40    gateway_lib::set_sshd_params( 
41        { 'GatewayPorts' => 'yes', 'PermitTunnel' => 'yes' } );
42    if ( -x "/etc/init.d/sshd") {
43        system("/etc/init.d/sshd restart");
44    }
45    elsif (-x "/etc/init.d/ssh") {
46        # XXX should look for service
47        system("/etc/init.d/ssh restart");
48    }
49    else {
50        print "Cannot figure out how to restart sshd\n";
51    }
52    gateway_lib::import_key($ssh_pubkey,'/root/.ssh/authorized_keys')
53        if $ssh_pubkey;
54    # Make sure the tap interface is available
55    system('modprobe tun');
56    # Install bridging software if not present
57    if ( -x '/usr/bin/yum' ) {
58        system('/usr/bin/yum -y install bridge-utils');
59    }
60    elsif (-x '/usr/bin/apt-get') {
61        system('/usr/bin/apt-get -y update');
62        system('/usr/bin/apt-get -y install bridge-utils');
63    }
64    else {
65        print "Cannot install bridge utils, hope they're here.\n"
66    }
67}
68elsif ($uname =~ /FreeBSD/ ){
69    gateway_lib::set_sshd_params( 
70        { 'GatewayPorts' => 'yes', 'PermitTunnel' => 'yes' } );
71    system("/etc/rc.d/sshd restart");
72
73    gateway_lib::import_key($ssh_pubkey,'/root/.ssh/authorized_keys')
74        if $ssh_pubkey;
75
76    # Need these to make the Ethernet tap and bridge work.
77    system("kldload /boot/kernel/bridgestp.ko") 
78        if -r "/boot/kernel/bridgestp.ko"; 
79    system("kldload /boot/kernel/if_bridge.ko");
80    system("kldload /boot/kernel/if_tap.ko");
81}
82
83if ( $tunnelip ) {
84    my ($interface, $ip, $netmask, $mac, $router) = 
85        gateway_lib::deter_tunnelip();
86
87    gateway_lib::configure_outgoing_iface($interface, $ip, $netmask);
88    # Add the route to a peer.  Wait up to an hour for the peer's IP address to
89    # appear in the DNS.
90    foreach my $p (split(/\s*,\s*/, $peer)) {
91        if ($p && $router ) {
92            gateway_lib::add_route($p, $router, 1, 60 *60);
93            # grease the skids
94            gateway_lib::ping_peer($p);
95        }
96    }
97}
98my $coord_fn = "$fed_dir/etc/prep_done";
99my $coord_file = new IO::File(">$coord_fn") || die "Cannot open $coord_fn";
100
101print $coord_file `date`;
102$coord_file->close();
103
104exit(0);
105
106=pod
107
108=head1 NAME
109
110B<prep_tunnel.pl> - Prepare a tunnel node for use as either a service or connectivity gateway.
111
112=head1 OPTIONS
113
114=over 8
115
116=item B<peer=>I<hostname>
117
118The other gateway providing forwarding.
119
120=item B<ssh_pubkey=>I<keyfile>
121
122A public to install as authorized.
123
124=item B<tunnelip>
125
126True if the testbed uses the DETER tunnelip extension to provide external
127connectivity information
128
129=item B<use_file>
130
131If given read additional parameters from the file in
132/proj/I<project>/exp/I<experiment>/tmp/I<hostname>.gw/conf where those are the
133current testbed project and experiment and the hostname is before the first
134dot.  The file is option: value.
135
136
137=back
138
139=head1 SYNOPSIS
140
141B<prep_gateway.pl> laods the necessary kernel modules for low-level bridging
142configures the local sshd to allow it, restarts that sshd, and installs the
143given key in root's authorized keys.
144
145If the gateway supports DETER gateway, it setablishes outside connectivity and
146adds a host rout to the given peer.
147
148=head1 AUTHORS
149
150Ted Faber <faber@isi.edu>
151
152=cut
Note: See TracBrowser for help on using the repository browser.