source: fedkit/prep_gateway.pl @ 062b991

#!/usr/bin/perl

use strict;

use gateway_lib;

use Getopt::Long;
use File::Copy;
use IO::File;

my $ssh_pubkey;
my $tunnelip;
my $peer;
my $use_file;
my %opts = (
    'ssh_pubkey=s' => \$ssh_pubkey,
    'tunnelip' => \$tunnelip,
    'peer=s' => \$peer,
    'use_file' => \$use_file,
);

exit(20) unless GetOptions(%opts);

if ($use_file) {
    gateway_lib::read_config(gateway_lib::config_filename(), \%opts)
}

my $uname = `uname`;
chomp $uname;

if ($uname =~ /Linux/) {
    # Right now the only gateway nodes that are Linux nodes are ProtoGENI
    # nodes.  They need a bunch of custom updates to get into the 21st century,
    # but they are on the network.
    if ( -x '/usr/local/federation/bin/sshd' && 
            -e '/usr/local/federation/etc/sshd_config') {
        # Start our modern sshd if one is there
        system("/usr/local/federation/bin/sshd -p 20200 -f " .
            "/usr/local/federation/etc/sshd_config");
    }
    # fix yum.conf
    copy("/etc/yum.conf", "/etc/yum.conf.bak");
    my $from = new IO::File("/etc/yum.conf.bak");
    my $to = new IO::File(">/etc/yum.conf");
    while (<$from>) {
        s/download.fedoralegacy.org/fedoralegacy.lsu.edu/g;
        print $to $_;
    }
    $from->close();
    $to->close();
    # Now, bridging
    system('/usr/bin/yum -y install bridge-utils');
    #and keys
    gateway_lib::import_key($ssh_pubkey,'/root/.ssh/authorized_keys')
        if $ssh_pubkey;
}
elsif ($uname =~ /FreeBSD/ ){
    gateway_lib::set_sshd_params( 
        { 'GatewayPorts' => 'yes', 'PermitTunnel' => 'yes' } );
    system("/etc/rc.d/sshd restart");

    gateway_lib::import_key($ssh_pubkey,'/root/.ssh/authorized_keys')
        if $ssh_pubkey;

    # Need these to make the Ethernet tap and bridge work.
    system("kldload /boot/kernel/bridgestp.ko") 
        if -r "/boot/kernel/bridgestp.ko"; 
    system("kldload /boot/kernel/if_bridge.ko");
    system("kldload /boot/kernel/if_tap.ko");
}

if ( $tunnelip ) {
    my ($interface, $ip, $netmask, $mac, $router) = 
        gateway_lib::deter_tunnelip();

    gateway_lib::configure_outgoing_iface($interface, $ip, $netmask);
    # Add the route to a peer.  Wait up to an hour for the peer's IP address to
    # appear in the DNS.
    gateway_lib::add_route($peer, $router, 1, 60 *60) 
        if $peer && $router;
}

exit(0);

=pod

=head1 NAME

B<prep_tunnel.pl> - Prepare a tunnel node for use as either a service or connectivity gateway.

=head1 OPTIONS

=over 8

=item B<peer=>I<hostname>

The other gateway providing forwarding.

=item B<ssh_pubkey=>I<keyfile>

A public to install as authorized.

=item B<tunnelip>

True if the testbed uses the DETER tunnelip extension to provide external
connectivity information

=item B<use_file>

If given read additional parameters from the file in
/proj/I<project>/exp/I<experiment/tmp/I<hostname>.gw/conf where those are the
current testbed project and experiment and the hostname is before the first
dot.  The file is option: value.


=back

=head1 SYNOPSIS

B<prep_gateway.pl> laods the necessary kernel modules for low-level bridging
configures the local sshd to allow it, restarts that sshd, and installs the
given key in root's authorized keys.

If the gateway supports DETER gateway, it setablishes outside connectivity and
adds a host rout to the given peer.

=head1 AUTHORS

Ted Faber <faber@isi.edu>

=cut