source: fedkit/prep_gateway.pl @ 2b35261

#!/usr/bin/perl

use strict;

use gateway_lib;

use Getopt::Long;

my $ssh_pubkey;
my $tunnelip;
my $peer;

exit(20) unless GetOptions('ssh_pubkey=s' => \$ssh_pubkey,
    'tunnelip' => \$tunnelip,
    'peer=s' => \$peer,
);

gateway_lib::set_sshd_params( 
    { 'GatewayPorts' => 'yes', 'PermitTunnel' => 'yes' } );
system("/etc/rc.d/sshd restart");

gateway_lib::import_key($ssh_pubkey,'/root/.ssh/authorized_keys')
    if $ssh_pubkey;

# Need these to make the Ethernet tap and bridge work.
system("kldload /boot/kernel/bridgestp.ko") 
    if -r "/boot/kernel/bridgestp.ko"; 
system("kldload /boot/kernel/if_bridge.ko");
system("kldload /boot/kernel/if_tap.ko");

if ( $tunnelip ) {
    my ($interface, $ip, $netmask, $mac, $router) = 
        gateway_lib::deter_tunnelip();

    gateway_lib::configure_outgoing_iface($interface, $ip, $netmask);
    # Add the route to a peer.  Wait up to an hour for the peer's IP address to
    # appear in the DNS.
    gateway_lib::add_route($peer, $router, 1, 60 *60);
}

exit(0);

=pod

=head1 NAME

B<prep_tunnel.pl> - Prepare a tunnel node for use as either a service or connectivity gateway.

=head1 OPTIONS

=over 8

=item B<peer=>I<hostname>

The other gateway providing forwarding.

=item B<ssh_pubkey=>I<keyfile>

A public to install as authorized.

=item B<tunnelip>

True if the testbed uses the DETER tunnelip extension to provide external
connectivity information

=back

=head1 SYNOPSIS

B<prep_gateway.pl> laods the necessary kernel modules for low-level bridging
configures the local sshd to allow it, restarts that sshd, and installs the
given key in root's authorized keys.

If the gateway supports DETER gateway, it setablishes outside connectivity and
adds a host rout to the given peer.

=head1 AUTHORS

Ted Faber <faber@isi.edu>

=cut