1 | #!/usr/bin/perl |
---|
2 | |
---|
3 | use strict; |
---|
4 | |
---|
5 | use gateway_lib; |
---|
6 | |
---|
7 | use Getopt::Long; |
---|
8 | use File::Copy; |
---|
9 | use IO::File; |
---|
10 | |
---|
11 | my $ssh_pubkey; |
---|
12 | my $tunnelip; |
---|
13 | my $peer; |
---|
14 | my $use_file; |
---|
15 | my $fed_dir = "/usr/local/federation/"; |
---|
16 | my %opts = ( |
---|
17 | 'ssh_pubkey=s' => \$ssh_pubkey, |
---|
18 | 'tunnelip' => \$tunnelip, |
---|
19 | 'peer=s' => \$peer, |
---|
20 | 'use_file' => \$use_file, |
---|
21 | ); |
---|
22 | |
---|
23 | exit(20) unless GetOptions(%opts); |
---|
24 | |
---|
25 | if ($use_file) { |
---|
26 | gateway_lib::read_config(gateway_lib::config_filename(), \%opts) |
---|
27 | } |
---|
28 | |
---|
29 | my $uname = `uname`; |
---|
30 | chomp $uname; |
---|
31 | |
---|
32 | # on portals make sure client.conf is in the override position (in fed_dir). |
---|
33 | my $client_conf = gateway_lib::client_conf_filename(); |
---|
34 | |
---|
35 | copy($client_conf, "$fed_dir/etc/client.conf") |
---|
36 | unless $client_conf =~ /^$fed_dir/; |
---|
37 | |
---|
38 | if ($uname =~ /Linux/) { |
---|
39 | # Restart sshd with tunnel params |
---|
40 | gateway_lib::set_sshd_params( |
---|
41 | { 'GatewayPorts' => 'yes', 'PermitTunnel' => 'yes' } ); |
---|
42 | if ( -x "/etc/init.d/sshd") { |
---|
43 | system("/etc/init.d/sshd restart"); |
---|
44 | } |
---|
45 | elsif (-x "/etc/init.d/ssh") { |
---|
46 | # XXX should look for service |
---|
47 | system("/etc/init.d/ssh restart"); |
---|
48 | } |
---|
49 | else { |
---|
50 | print "Cannot figure out how to restart sshd\n"; |
---|
51 | } |
---|
52 | gateway_lib::import_key($ssh_pubkey,'/root/.ssh/authorized_keys') |
---|
53 | if $ssh_pubkey; |
---|
54 | # Make sure the tap interface is available |
---|
55 | system('modprobe tun'); |
---|
56 | # Install bridging software if not present |
---|
57 | if ( -x '/usr/bin/yum' ) { |
---|
58 | system('/usr/bin/yum -y install bridge-utils'); |
---|
59 | } |
---|
60 | elsif (-x '/usr/bin/apt-get') { |
---|
61 | system('/usr/bin/apt-get -y update'); |
---|
62 | system('/usr/bin/apt-get -y install bridge-utils'); |
---|
63 | } |
---|
64 | else { |
---|
65 | print "Cannot install bridge utils, hope they're here.\n" |
---|
66 | } |
---|
67 | } |
---|
68 | elsif ($uname =~ /FreeBSD/ ){ |
---|
69 | gateway_lib::set_sshd_params( |
---|
70 | { 'GatewayPorts' => 'yes', 'PermitTunnel' => 'yes' } ); |
---|
71 | system("/etc/rc.d/sshd restart"); |
---|
72 | |
---|
73 | gateway_lib::import_key($ssh_pubkey,'/root/.ssh/authorized_keys') |
---|
74 | if $ssh_pubkey; |
---|
75 | |
---|
76 | # Need these to make the Ethernet tap and bridge work. |
---|
77 | system("kldload /boot/kernel/bridgestp.ko") |
---|
78 | if -r "/boot/kernel/bridgestp.ko"; |
---|
79 | system("kldload /boot/kernel/if_bridge.ko"); |
---|
80 | system("kldload /boot/kernel/if_tap.ko"); |
---|
81 | } |
---|
82 | |
---|
83 | if ( $tunnelip ) { |
---|
84 | my ($interface, $ip, $netmask, $mac, $router) = |
---|
85 | gateway_lib::deter_tunnelip(); |
---|
86 | |
---|
87 | gateway_lib::configure_outgoing_iface($interface, $ip, $netmask); |
---|
88 | # Add the route to a peer. Wait up to an hour for the peer's IP address to |
---|
89 | # appear in the DNS. |
---|
90 | foreach my $p (split(/\s*,\s*/, $peer)) { |
---|
91 | if ($p && $router ) { |
---|
92 | gateway_lib::add_route($p, $router, 1, 60 *60); |
---|
93 | # grease the skids |
---|
94 | gateway_lib::ping_peer($p); |
---|
95 | } |
---|
96 | } |
---|
97 | } |
---|
98 | my $coord_fn = "$fed_dir/etc/prep_done"; |
---|
99 | my $coord_file = new IO::File(">$coord_fn") || die "Cannot open $coord_fn"; |
---|
100 | |
---|
101 | print $coord_file `date`; |
---|
102 | $coord_file->close(); |
---|
103 | |
---|
104 | exit(0); |
---|
105 | |
---|
106 | =pod |
---|
107 | |
---|
108 | =head1 NAME |
---|
109 | |
---|
110 | B<prep_tunnel.pl> - Prepare a tunnel node for use as either a service or connectivity gateway. |
---|
111 | |
---|
112 | =head1 OPTIONS |
---|
113 | |
---|
114 | =over 8 |
---|
115 | |
---|
116 | =item B<peer=>I<hostname> |
---|
117 | |
---|
118 | The other gateway providing forwarding. |
---|
119 | |
---|
120 | =item B<ssh_pubkey=>I<keyfile> |
---|
121 | |
---|
122 | A public to install as authorized. |
---|
123 | |
---|
124 | =item B<tunnelip> |
---|
125 | |
---|
126 | True if the testbed uses the DETER tunnelip extension to provide external |
---|
127 | connectivity information |
---|
128 | |
---|
129 | =item B<use_file> |
---|
130 | |
---|
131 | If given read additional parameters from the file in |
---|
132 | /proj/I<project>/exp/I<experiment>/tmp/I<hostname>.gw/conf where those are the |
---|
133 | current testbed project and experiment and the hostname is before the first |
---|
134 | dot. The file is option: value. |
---|
135 | |
---|
136 | |
---|
137 | =back |
---|
138 | |
---|
139 | =head1 SYNOPSIS |
---|
140 | |
---|
141 | B<prep_gateway.pl> laods the necessary kernel modules for low-level bridging |
---|
142 | configures the local sshd to allow it, restarts that sshd, and installs the |
---|
143 | given key in root's authorized keys. |
---|
144 | |
---|
145 | If the gateway supports DETER gateway, it setablishes outside connectivity and |
---|
146 | adds a host rout to the given peer. |
---|
147 | |
---|
148 | =head1 AUTHORS |
---|
149 | |
---|
150 | Ted Faber <faber@isi.edu> |
---|
151 | |
---|
152 | =cut |
---|