+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git
+##
+
<%=
+
+require 'digest/sha1'
+def get_local_ip_addr(host)
+ hash = Digest::SHA1.digest(host)
+ return '127.101.%d.%d'%[hash[0].ord, hash[1].ord]
+end
+
+def getportforwarderkey(host)
+ key = nil
+ begin
+ facts = YAML.load(File.open("/var/lib/puppet/yaml/facts/#{host}.yaml").read)
+ return facts.values['portforwarder_key']
+ rescue Exception => e
+ end
+ return key
+end
+
+
lines = []
config = YAML.load(File.open('/etc/puppet/modules/portforwarder/misc/config.yaml').read)
config.each_pair do |sourcehost, services|
- lines << "# sourcehost is #{sourcehost}"
+ allowed_ports = []
+
+ ##lines << "# sourcehost is #{sourcehost}"
services.each do |service|
- lines << "# targethost is #{service['target_host']}, my hostname #{hostname}, fqdn is #{fqdn}"
+ ##lines << "# targethost is #{service['target_host']}, my hostname #{hostname}, fqdn is #{fqdn}"
next if service['target_host'] != fqdn
+ allowed_ports << service['target_port'] if service['target_port']
+ end
- sshkey = nil
- remote_ip = keyinfo[sourcehost][0]['ipHostNumber'].join(',')
- forward_to_port = service['target_port']
- local_bind = '127.0.0.2'
+ if allowed_ports.length > 0
+ sshkey = getportforwarderkey(sourcehost)
+ remote_ip = scope.lookupvar('site::allnodeinfo')[sourcehost]['ipHostNumber'].join(',')
+ local_bind = get_local_ip_addr(sourcehost)
- lines << "# from #{sourcehost} on local port #{service['source_bind_port']}"
- if remote_ip.nil? or forward_to_port.nil? or local_bind.nil?
- #if sshkey.nil? or remote_ip.nil? or forward_to_port.nil? or local_bind.nil?
+ lines << "# from #{sourcehost}"
+ if sshkey.nil? or remote_ip.nil? or local_bind.nil?
lines << "# insufficient config values"
else
- #lines << "from=\"#{remote_ip}\",command=\"/bin/nc -s #{local_bind} 127.0.0.1 #{forward_to_port}\",no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding #{sshkey}"
- lines << "#from=\"#{remote_ip}\",command=\"/bin/nc -s #{local_bind} 127.0.0.1 #{forward_to_port}\",no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding <sshkey here>"
+ command = "/usr/bin/portforwarder-ssh-wrap #{sourcehost} #{local_bind} #{allowed_ports.join(' ')}"
+ lines << "from=\"#{remote_ip}\",command=\"#{command}\",no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding #{sshkey}"
end
end
end