source: fedkit/prep_gateway.pl @ 64e774d

axis_examplecompt_changesinfo-opsversion-3.01version-3.02
Last change on this file since 64e774d was 64e774d, checked in by Ted Faber <faber@…>, 10 years ago

More careful synchronization of reconfigured sshd's

  • Property mode set to 100644
File size: 3.1 KB
Line 
1#!/usr/bin/perl
2
3use strict;
4
5use gateway_lib;
6
7use Getopt::Long;
8use File::Copy;
9use IO::File;
10
11my $ssh_pubkey;
12my $tunnelip;
13my $peer;
14my $use_file;
15my $fed_dir = "/usr/local/federation/";
16my %opts = (
17    'ssh_pubkey=s' => \$ssh_pubkey,
18    'tunnelip' => \$tunnelip,
19    'peer=s' => \$peer,
20    'use_file' => \$use_file,
21);
22
23exit(20) unless GetOptions(%opts);
24
25if ($use_file) {
26    gateway_lib::read_config(gateway_lib::config_filename(), \%opts)
27}
28
29my $uname = `uname`;
30chomp $uname;
31
32# on portals make sure client.conf is in the override position (in fed_dir).
33my $client_conf = gateway_lib::client_conf_filename();
34
35copy($client_conf, "$fed_dir/etc/client.conf") 
36    unless $client_conf =~ /^$fed_dir/;
37
38if ($uname =~ /Linux/) {
39    # Restart sshd with tunnel params
40    gateway_lib::set_sshd_params( 
41        { 'GatewayPorts' => 'yes', 'PermitTunnel' => 'yes' } );
42    system("/etc/init.d/sshd restart");
43    gateway_lib::import_key($ssh_pubkey,'/root/.ssh/authorized_keys')
44        if $ssh_pubkey;
45    # Install bridging software if not present
46    system('/usr/bin/yum -y install bridge-utils');
47}
48elsif ($uname =~ /FreeBSD/ ){
49    gateway_lib::set_sshd_params( 
50        { 'GatewayPorts' => 'yes', 'PermitTunnel' => 'yes' } );
51    system("/etc/rc.d/sshd restart");
52
53    gateway_lib::import_key($ssh_pubkey,'/root/.ssh/authorized_keys')
54        if $ssh_pubkey;
55
56    # Need these to make the Ethernet tap and bridge work.
57    system("kldload /boot/kernel/bridgestp.ko") 
58        if -r "/boot/kernel/bridgestp.ko"; 
59    system("kldload /boot/kernel/if_bridge.ko");
60    system("kldload /boot/kernel/if_tap.ko");
61}
62
63if ( $tunnelip ) {
64    my ($interface, $ip, $netmask, $mac, $router) = 
65        gateway_lib::deter_tunnelip();
66
67    gateway_lib::configure_outgoing_iface($interface, $ip, $netmask);
68    # Add the route to a peer.  Wait up to an hour for the peer's IP address to
69    # appear in the DNS.
70    gateway_lib::add_route($peer, $router, 1, 60 *60) 
71        if $peer && $router;
72}
73my $coord_fn = "$fed_dir/etc/prep_done";
74my $coord_file = new IO::File(">$coord_fn") || die "Cannot open $coord_fn";
75
76print $coord_file `date`;
77$coord_file->close();
78
79exit(0);
80
81=pod
82
83=head1 NAME
84
85B<prep_tunnel.pl> - Prepare a tunnel node for use as either a service or connectivity gateway.
86
87=head1 OPTIONS
88
89=over 8
90
91=item B<peer=>I<hostname>
92
93The other gateway providing forwarding.
94
95=item B<ssh_pubkey=>I<keyfile>
96
97A public to install as authorized.
98
99=item B<tunnelip>
100
101True if the testbed uses the DETER tunnelip extension to provide external
102connectivity information
103
104=item B<use_file>
105
106If given read additional parameters from the file in
107/proj/I<project>/exp/I<experiment/tmp/I<hostname>.gw/conf where those are the
108current testbed project and experiment and the hostname is before the first
109dot.  The file is option: value.
110
111
112=back
113
114=head1 SYNOPSIS
115
116B<prep_gateway.pl> laods the necessary kernel modules for low-level bridging
117configures the local sshd to allow it, restarts that sshd, and installs the
118given key in root's authorized keys.
119
120If the gateway supports DETER gateway, it setablishes outside connectivity and
121adds a host rout to the given peer.
122
123=head1 AUTHORS
124
125Ted Faber <faber@isi.edu>
126
127=cut
Note: See TracBrowser for help on using the repository browser.