Changeset 22bb7f8


Ignore:
Timestamp:
Nov 11, 2007 5:05:10 PM (17 years ago)
Author:
Ted Faber <faber@…>
Branches:
axis_example, compt_changes, info-ops, master, version-1.30, version-2.00, version-3.01, version-3.02
Children:
906c763
Parents:
e5fee75
Message:

Auto generate the ssh keys used to coordinate gateways.

Location:
fedkit
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • fedkit/splitter.conf.example

    re5fee75 r22bb7f8  
    77ScriptDir: /users/faber/testbed/federation
    88
    9 # These will go away, but for now should be password-free ssh keys.  Format is
    10 # unimportant (dsa vs. rsa)
    11 GatewayPubkey: /users/faber/fed_dsa.pub
    12 GatewaySecretKey: /users/faber/fed_dsa
     9# These will be honored if used, but automatically generating the keys by
     10# leaving these commented is probably better, but for now should be
     11# password-free ssh keys.  Format is unimportant (dsa vs. rsa)
     12# GatewayPubkey: /users/faber/fed_dsa.pub
     13# GatewaySecretKey: /users/faber/fed_dsa
     14
     15# Type of key to auto generate.  RSA and DSA are valid choices, leaving it
     16# unspecified gives you RSA keys (as long as GatewayPubKey and GatewaySecretKey
     17# are not specified.
     18
     19GatewayKeyType: rsa
    1320
    1421# These are the SMB share to export and the user to export them as.  They
     
    1825SMBShare: USERS
    1926SMBUser: jhickey
     27
     28
     29# The number of experiment links or lans that can be multiplexed over one
     30# gateway pair.
     31MuxLimit: 2
     32
     33
  • fedkit/splitter.pl

    re5fee75 r22bb7f8  
    2626my($gw_secretkey, $gw_secretkey_base);# Connector secret key (full path &
    2727                                # basename)
     28my($keytype);                   # Type (DSA or RSA) of generated gateway keys
    2829my $tcl_splitter;               # tcl program to split experiments
    2930                                # (changed during devel)
     
    139140}
    140141
     142# Generate SSH keys for use by the gateways.  The parameters are the type and
     143# the filename for the private key.  The pubkey will be stored in a filename
     144# with the same name as the private key but with .pub appended.  Type can be
     145# dsa or rsa.
     146
     147sub generate_ssh_keys {
     148    my($type, $dest) = @_;
     149
     150    $type =~ tr/A-Z/a-z/;
     151    return 0 if $type !~ /(rsa|dsa)/;
     152    system("/usr/bin/ssh-keygen -t $type -N \"\" -f $dest");
     153    return $@ ? 0 : 1;
     154}
    141155
    142156# use scp to transfer a file, reporting true if successful and false otherwise.
     
    453467    die "Must give an SMB user\n";
    454468
    455 # For now specify these.  We may want to generate them later.
    456 $gw_pubkey = $opts{'gatewaypubkey'};
    457 ($gw_pubkey_base = $gw_pubkey) =~ s#.*/##;
    458 $gw_secretkey = $opts{'gatewaysecretkey'};
    459 ($gw_secretkey_base = $gw_secretkey) =~ s#.*/##;
    460 
    461469# tcl program to split experiments (changed during devel)
    462470$tcl_splitter = $opts{'tclparse'} || "/usr/testbed/lib/ns2ir/parse.tcl";
     
    472480    mkdir("$tmpdir") || die "Can't create $tmpdir: $!";
    473481}
     482
     483# If the keys are given, use them.  Otherwise create a set under $tmpdir
     484
     485if ( $opts{'gatewatpubkey'} && $opts{'gatewaysecretkey'}) {
     486    $gw_pubkey = $opts{'gatewaypubkey'};
     487    $gw_secretkey = $opts{'gatewaysecretkey'};
     488}
     489else {
     490    $keytype = $opts{'gatewaykeytype'} || "rsa";
     491    mkdir("$tmpdir/keys") || die "Can't create temoprary key dir: $!\n";
     492    $gw_pubkey = "$tmpdir/keys/fed.$keytype.pub";
     493    $gw_secretkey = "$tmpdir/keys/fed.$keytype";
     494    print "Generating $keytype keys\n" if $verbose;
     495    generate_ssh_keys($keytype, $gw_secretkey) ||
     496        die "Cannot generate kets:$@\n";
     497}
     498# Generate the basenames
     499($gw_pubkey_base = $gw_pubkey) =~ s#.*/##;
     500($gw_secretkey_base = $gw_secretkey) =~ s#.*/##;
     501
     502
    474503
    475504# Validate scripts directory
     
    916945
    917946The names of the files containing secret and public keys to use in setting up
    918 tunnels between testbeds.  These will eventually be automatically generated.
     947tunnels between testbeds.  If given they are used, otherwise keys are generated.
     948
     949=item GatewayKeyType
     950
     951This controls the kind of SSH keys generated to configure the geatways.  If
     952given this must be B<dsa> or B<rsa>, and it defaults to B<rsa>.  The parameter
     953is csase insensitive.
    919954
    920955=item TmpDir
Note: See TracChangeset for help on using the changeset viewer.