source: fedkit/prep_gateway.pl @ 7e55a14

compt_changes
Last change on this file since 7e55a14 was 7e55a14, checked in by Ted Faber <faber@…>, 12 years ago

Left of paren. Swear word.

  • Property mode set to 100644
File size: 3.1 KB
Line 
1#!/usr/bin/perl
2
3use strict;
4
5use gateway_lib;
6
7use Getopt::Long;
8use File::Copy;
9use IO::File;
10
11my $ssh_pubkey;
12my $tunnelip;
13my $peer;
14my $use_file;
15my $fed_dir = "/usr/local/federation/";
16my %opts = (
17    'ssh_pubkey=s' => \$ssh_pubkey,
18    'tunnelip' => \$tunnelip,
19    'peer=s' => \$peer,
20    'use_file' => \$use_file,
21);
22
23exit(20) unless GetOptions(%opts);
24
25if ($use_file) {
26    gateway_lib::read_config(gateway_lib::config_filename(), \%opts)
27}
28
29my $uname = `uname`;
30chomp $uname;
31
32# on portals make sure client.conf is in the override position (in fed_dir).
33my $client_conf = gateway_lib::client_conf_filename();
34
35copy($client_conf, "$fed_dir/etc/client.conf") 
36    unless $client_conf =~ /^$fed_dir/;
37
38if ($uname =~ /Linux/) {
39    # Restart sshd with tunnel params
40    gateway_lib::set_sshd_params( 
41        { 'GatewayPorts' => 'yes', 'PermitTunnel' => 'yes' } );
42    system("/etc/init.d/sshd restart");
43    gateway_lib::import_key($ssh_pubkey,'/root/.ssh/authorized_keys')
44        if $ssh_pubkey;
45    # Install bridging software if not present
46    system('/usr/bin/yum -y install bridge-utils');
47}
48elsif ($uname =~ /FreeBSD/ ){
49    gateway_lib::set_sshd_params( 
50        { 'GatewayPorts' => 'yes', 'PermitTunnel' => 'yes' } );
51    system("/etc/rc.d/sshd restart");
52
53    gateway_lib::import_key($ssh_pubkey,'/root/.ssh/authorized_keys')
54        if $ssh_pubkey;
55
56    # Need these to make the Ethernet tap and bridge work.
57    system("kldload /boot/kernel/bridgestp.ko") 
58        if -r "/boot/kernel/bridgestp.ko"; 
59    system("kldload /boot/kernel/if_bridge.ko");
60    system("kldload /boot/kernel/if_tap.ko");
61}
62
63if ( $tunnelip ) {
64    my ($interface, $ip, $netmask, $mac, $router) = 
65        gateway_lib::deter_tunnelip();
66
67    gateway_lib::configure_outgoing_iface($interface, $ip, $netmask);
68    # Add the route to a peer.  Wait up to an hour for the peer's IP address to
69    # appear in the DNS.
70    foreach my $p (split(/\s*,\s*/, $peer)) {
71        gateway_lib::add_route($p, $router, 1, 60 *60) 
72            if $p && $router;
73    }
74}
75my $coord_fn = "$fed_dir/etc/prep_done";
76my $coord_file = new IO::File(">$coord_fn") || die "Cannot open $coord_fn";
77
78print $coord_file `date`;
79$coord_file->close();
80
81exit(0);
82
83=pod
84
85=head1 NAME
86
87B<prep_tunnel.pl> - Prepare a tunnel node for use as either a service or connectivity gateway.
88
89=head1 OPTIONS
90
91=over 8
92
93=item B<peer=>I<hostname>
94
95The other gateway providing forwarding.
96
97=item B<ssh_pubkey=>I<keyfile>
98
99A public to install as authorized.
100
101=item B<tunnelip>
102
103True if the testbed uses the DETER tunnelip extension to provide external
104connectivity information
105
106=item B<use_file>
107
108If given read additional parameters from the file in
109/proj/I<project>/exp/I<experiment>/tmp/I<hostname>.gw/conf where those are the
110current testbed project and experiment and the hostname is before the first
111dot.  The file is option: value.
112
113
114=back
115
116=head1 SYNOPSIS
117
118B<prep_gateway.pl> laods the necessary kernel modules for low-level bridging
119configures the local sshd to allow it, restarts that sshd, and installs the
120given key in root's authorized keys.
121
122If the gateway supports DETER gateway, it setablishes outside connectivity and
123adds a host rout to the given peer.
124
125=head1 AUTHORS
126
127Ted Faber <faber@isi.edu>
128
129=cut
Note: See TracBrowser for help on using the repository browser.