source: fedkit/prep_gateway.pl @ a65a65a

axis_examplecompt_changesinfo-opsversion-3.01version-3.02
Last change on this file since a65a65a was 4e9719b, checked in by Ted Faber <faber@…>, 15 years ago

SEER stuff

  • Property mode set to 100644
File size: 3.5 KB
Line 
1#!/usr/bin/perl
2
3use strict;
4
5use gateway_lib;
6
7use Getopt::Long;
8use File::Copy;
9use IO::File;
10
11my $ssh_pubkey;
12my $tunnelip;
13my $peer;
14my $use_file;
15my $fed_dir = "/usr/local/federation/";
16my %opts = (
17    'ssh_pubkey=s' => \$ssh_pubkey,
18    'tunnelip' => \$tunnelip,
19    'peer=s' => \$peer,
20    'use_file' => \$use_file,
21);
22
23exit(20) unless GetOptions(%opts);
24
25if ($use_file) {
26    gateway_lib::read_config(gateway_lib::config_filename(), \%opts)
27}
28
29my $uname = `uname`;
30chomp $uname;
31
32# on portals make sure client.conf is in the override position (in fed_dir).
33my $client_conf = gateway_lib::client_conf_filename();
34
35copy($client_conf, "$fed_dir/etc/client.conf") 
36    unless $client_conf =~ /^$fed_dir/;
37
38if ($uname =~ /Linux/) {
39    # Right now the only gateway nodes that are Linux nodes are ProtoGENI
40    # nodes.  They need a bunch of custom updates to get into the 21st century,
41    # but they are on the network.
42    if ( -x '/usr/local/federation/bin/sshd' && 
43            -e '/usr/local/federation/etc/sshd_config') {
44        # Start our modern sshd if one is there
45        system("/usr/local/federation/bin/sshd -p 20200 -f " .
46            "/usr/local/federation/etc/sshd_config");
47    }
48    # fix yum.conf
49    copy("/etc/yum.conf", "/etc/yum.conf.bak");
50    my $from = new IO::File("/etc/yum.conf.bak");
51    my $to = new IO::File(">/etc/yum.conf");
52    while (<$from>) {
53        s/download.fedoralegacy.org/fedoralegacy.lsu.edu/g;
54        print $to $_;
55    }
56    $from->close();
57    $to->close();
58    # Now, bridging (use old python...)
59    system('/usr/bin/python2.2 /usr/bin/yum -y install bridge-utils');
60    #and keys
61    gateway_lib::import_key($ssh_pubkey,'/root/.ssh/authorized_keys')
62        if $ssh_pubkey;
63}
64elsif ($uname =~ /FreeBSD/ ){
65    gateway_lib::set_sshd_params( 
66        { 'GatewayPorts' => 'yes', 'PermitTunnel' => 'yes' } );
67    system("/etc/rc.d/sshd restart");
68
69    gateway_lib::import_key($ssh_pubkey,'/root/.ssh/authorized_keys')
70        if $ssh_pubkey;
71
72    # Need these to make the Ethernet tap and bridge work.
73    system("kldload /boot/kernel/bridgestp.ko") 
74        if -r "/boot/kernel/bridgestp.ko"; 
75    system("kldload /boot/kernel/if_bridge.ko");
76    system("kldload /boot/kernel/if_tap.ko");
77}
78
79if ( $tunnelip ) {
80    my ($interface, $ip, $netmask, $mac, $router) = 
81        gateway_lib::deter_tunnelip();
82
83    gateway_lib::configure_outgoing_iface($interface, $ip, $netmask);
84    # Add the route to a peer.  Wait up to an hour for the peer's IP address to
85    # appear in the DNS.
86    gateway_lib::add_route($peer, $router, 1, 60 *60) 
87        if $peer && $router;
88}
89
90exit(0);
91
92=pod
93
94=head1 NAME
95
96B<prep_tunnel.pl> - Prepare a tunnel node for use as either a service or connectivity gateway.
97
98=head1 OPTIONS
99
100=over 8
101
102=item B<peer=>I<hostname>
103
104The other gateway providing forwarding.
105
106=item B<ssh_pubkey=>I<keyfile>
107
108A public to install as authorized.
109
110=item B<tunnelip>
111
112True if the testbed uses the DETER tunnelip extension to provide external
113connectivity information
114
115=item B<use_file>
116
117If given read additional parameters from the file in
118/proj/I<project>/exp/I<experiment/tmp/I<hostname>.gw/conf where those are the
119current testbed project and experiment and the hostname is before the first
120dot.  The file is option: value.
121
122
123=back
124
125=head1 SYNOPSIS
126
127B<prep_gateway.pl> laods the necessary kernel modules for low-level bridging
128configures the local sshd to allow it, restarts that sshd, and installs the
129given key in root's authorized keys.
130
131If the gateway supports DETER gateway, it setablishes outside connectivity and
132adds a host rout to the given peer.
133
134=head1 AUTHORS
135
136Ted Faber <faber@isi.edu>
137
138=cut
Note: See TracBrowser for help on using the repository browser.