source: fedkit/prep_gateway.pl @ 5e71d34

#!/usr/bin/perl

use strict;

use gateway_lib;

use Getopt::Long;
use File::Copy;
use IO::File;

my $ssh_pubkey;
my $tunnelip;
my $peer;
my $use_file;
my $fed_dir = "/usr/local/federation/";
my %opts = (
    'ssh_pubkey=s' => \$ssh_pubkey,
    'tunnelip' => \$tunnelip,
    'peer=s' => \$peer,
    'use_file' => \$use_file,
);

exit(20) unless GetOptions(%opts);

if ($use_file) {
    gateway_lib::read_config(gateway_lib::config_filename(), \%opts)
}

my $uname = `uname`;
chomp $uname;

# on portals make sure client.conf is in the override position (in fed_dir).
my $client_conf = gateway_lib::client_conf_filename();

copy($client_conf, "$fed_dir/etc/client.conf") 
    unless $client_conf =~ /^$fed_dir/;

if ($uname =~ /Linux/) {
    # Restart sshd with tunnel params
    gateway_lib::set_sshd_params( 
        { 'GatewayPorts' => 'yes', 'PermitTunnel' => 'yes' } );
    if ( -x "/etc/init.d/sshd") {
        system("/etc/init.d/sshd restart");
    }
    elsif (-x "/etc/init.d/ssh") {
        # XXX should look for service
        system("/etc/init.d/ssh restart");
    }
    else {
        print "Cannot figure out how to restart sshd\n";
    }
    gateway_lib::import_key($ssh_pubkey,'/root/.ssh/authorized_keys')
        if $ssh_pubkey;
    # Install bridging software if not present
    if ( -x '/usr/bin/yum' ) {
        system('/usr/bin/yum -y install bridge-utils');
    }
    elsif (-x '/usr/bin/apt-get') {
        system('/usr/bin/apt-get -y update');
        system('/usr/bin/apt-get -y install bridge-utils');
    }
    else {
        print "Cannot install bridge utils, hope they're here.\n"
    }
}
elsif ($uname =~ /FreeBSD/ ){
    gateway_lib::set_sshd_params( 
        { 'GatewayPorts' => 'yes', 'PermitTunnel' => 'yes' } );
    system("/etc/rc.d/sshd restart");

    gateway_lib::import_key($ssh_pubkey,'/root/.ssh/authorized_keys')
        if $ssh_pubkey;

    # Need these to make the Ethernet tap and bridge work.
    system("kldload /boot/kernel/bridgestp.ko") 
        if -r "/boot/kernel/bridgestp.ko"; 
    system("kldload /boot/kernel/if_bridge.ko");
    system("kldload /boot/kernel/if_tap.ko");
}

if ( $tunnelip ) {
    my ($interface, $ip, $netmask, $mac, $router) = 
        gateway_lib::deter_tunnelip();

    gateway_lib::configure_outgoing_iface($interface, $ip, $netmask);
    # Add the route to a peer.  Wait up to an hour for the peer's IP address to
    # appear in the DNS.
    foreach my $p (split(/\s*,\s*/, $peer)) {
        gateway_lib::add_route($p, $router, 1, 60 *60) 
            if $p && $router;
    }
}
my $coord_fn = "$fed_dir/etc/prep_done";
my $coord_file = new IO::File(">$coord_fn") || die "Cannot open $coord_fn";

print $coord_file `date`;
$coord_file->close();

exit(0);

=pod

=head1 NAME

B<prep_tunnel.pl> - Prepare a tunnel node for use as either a service or connectivity gateway.

=head1 OPTIONS

=over 8

=item B<peer=>I<hostname>

The other gateway providing forwarding.

=item B<ssh_pubkey=>I<keyfile>

A public to install as authorized.

=item B<tunnelip>

True if the testbed uses the DETER tunnelip extension to provide external
connectivity information

=item B<use_file>

If given read additional parameters from the file in
/proj/I<project>/exp/I<experiment>/tmp/I<hostname>.gw/conf where those are the
current testbed project and experiment and the hostname is before the first
dot.  The file is option: value.


=back

=head1 SYNOPSIS

B<prep_gateway.pl> laods the necessary kernel modules for low-level bridging
configures the local sshd to allow it, restarts that sshd, and installs the
given key in root's authorized keys.

If the gateway supports DETER gateway, it setablishes outside connectivity and
adds a host rout to the given peer.

=head1 AUTHORS

Ted Faber <faber@isi.edu>

=cut