source: fedkit/prep_gateway.pl @ e777dab

axis_examplecompt_changesinfo-opsversion-3.01version-3.02
Last change on this file since e777dab was f8fa72b, checked in by Ted Faber <faber@…>, 15 years ago

More ProtoGENI accomodation

  • Property mode set to 100644
File size: 3.2 KB
RevLine 
[2edec46]1#!/usr/bin/perl
2
3use strict;
4
5use gateway_lib;
6
7use Getopt::Long;
[f8fa72b]8use File::Copy;
9use IO::File;
[2edec46]10
11my $ssh_pubkey;
12my $tunnelip;
13my $peer;
[8d4e4fb]14my $use_file;
15my %opts = (
16    'ssh_pubkey=s' => \$ssh_pubkey,
[2edec46]17    'tunnelip' => \$tunnelip,
18    'peer=s' => \$peer,
[8d4e4fb]19    'use_file' => \$use_file,
[2edec46]20);
21
[8d4e4fb]22exit(20) unless GetOptions(%opts);
23
[f8fa72b]24if ($use_file) {
25    gateway_lib::read_config(gateway_lib::config_filename(), \%opts)
26}
27
28my $uname = `uname`;
29chomp $uname;
[8d4e4fb]30
[f8fa72b]31if ($uname =~ /Linux/) {
32    # Right now the only gateway nodes that are Linux nodes are ProtoGENI
33    # nodes.  They need a bunch of custom updates to get into the 21st century,
34    # but they are on the network.
35    if ( -x '/usr/local/federation/bin/sshd' && 
36            -e '/usr/local/federation/etc/sshd_config') {
37        # Start our modern sshd if one is there
38        system("/usr/local/federation/bin/sshd -p 20200 -f " .
39            "/usr/local/federation/etc/sshd_config");
40    }
41    # fix yum.conf
42    copy("/etc/yum.conf", "/etc/yum.conf.bak");
43    my $from = new IO::File("/etc/yum.conf.bak");
44    my $to = new IO::File(">/etc/yum.conf");
45    while (<$from>) {
46        s/download.fedoralegacy.org/fedoralegacy.lsu.edu/g;
47        print $to $_;
48    }
49    $from->close();
50    $to->close();
51    # Now, bridging
52    system('/usr/bin/yum -y install bridge-utils');
53    #and keys
54    gateway_lib::import_key($ssh_pubkey,'/root/.ssh/authorized_keys')
55        if $ssh_pubkey;
56}
57elsif ($uname =~ /FreeBSD/ ){
58    gateway_lib::set_sshd_params( 
59        { 'GatewayPorts' => 'yes', 'PermitTunnel' => 'yes' } );
60    system("/etc/rc.d/sshd restart");
[2edec46]61
[f8fa72b]62    gateway_lib::import_key($ssh_pubkey,'/root/.ssh/authorized_keys')
63        if $ssh_pubkey;
[2edec46]64
[f8fa72b]65    # Need these to make the Ethernet tap and bridge work.
66    system("kldload /boot/kernel/bridgestp.ko") 
67        if -r "/boot/kernel/bridgestp.ko"; 
68    system("kldload /boot/kernel/if_bridge.ko");
69    system("kldload /boot/kernel/if_tap.ko");
70}
[2edec46]71
72if ( $tunnelip ) {
73    my ($interface, $ip, $netmask, $mac, $router) = 
74        gateway_lib::deter_tunnelip();
75
[2b35261]76    gateway_lib::configure_outgoing_iface($interface, $ip, $netmask);
[2edec46]77    # Add the route to a peer.  Wait up to an hour for the peer's IP address to
78    # appear in the DNS.
[55779d4]79    gateway_lib::add_route($peer, $router, 1, 60 *60) 
80        if $peer && $router;
[2edec46]81}
82
83exit(0);
[2b35261]84
85=pod
86
87=head1 NAME
88
89B<prep_tunnel.pl> - Prepare a tunnel node for use as either a service or connectivity gateway.
90
91=head1 OPTIONS
92
93=over 8
94
95=item B<peer=>I<hostname>
96
97The other gateway providing forwarding.
98
99=item B<ssh_pubkey=>I<keyfile>
100
101A public to install as authorized.
102
103=item B<tunnelip>
104
105True if the testbed uses the DETER tunnelip extension to provide external
106connectivity information
107
[8d4e4fb]108=item B<use_file>
109
110If given read additional parameters from the file in
111/proj/I<project>/exp/I<experiment/tmp/I<hostname>.gw/conf where those are the
112current testbed project and experiment and the hostname is before the first
113dot.  The file is option: value.
114
115
[2b35261]116=back
117
118=head1 SYNOPSIS
119
120B<prep_gateway.pl> laods the necessary kernel modules for low-level bridging
121configures the local sshd to allow it, restarts that sshd, and installs the
122given key in root's authorized keys.
123
124If the gateway supports DETER gateway, it setablishes outside connectivity and
125adds a host rout to the given peer.
126
127=head1 AUTHORS
128
129Ted Faber <faber@isi.edu>
130
131=cut
Note: See TracBrowser for help on using the repository browser.