-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsshTunnel.sh
More file actions
executable file
·319 lines (285 loc) · 11.6 KB
/
sshTunnel.sh
File metadata and controls
executable file
·319 lines (285 loc) · 11.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
#!/usr/bin/env bash
TUNNEL='/tmp/ssh_tunnel'
SSHD='/etc/ssh/sshd_config'
DMGR_NODE='node14'
ABS=$(readlink -f $0)
DIRNAME=$(dirname ${ABS})
SUDO="sudo /home/j30wu/software/myscript/sudo.sh"
realLabName=''
function start() {
local id=${1}
if [ ${2} == "--monitor" ]; then
prepareEnv ${id} "node05"
createMonitorTunnel "clab${id}node05"
elif [ $2 == "--ntcapp" ]; then
prepareEnv ${id} "node05" "node06"
createNtcappLTunnel "clab${id}node05"
createNtcappRTunnel "clab${id}node06"
elif [ $2 == '--bodong' ];then
createBodongLTunnel
addHostToLocal "git.bodong.tech"
elif [ $2 == '--svw' ]; then
createSvwTunnel
else
usage
exit 1
fi
}
function isAutoLoginEnable() {
local hostName=${1}
grep "${hostName}" ~/.ssh/known_clab.txt 2>&1 > /dev/null
return $?
}
#param: (dev_name, ipaddr)
function createVirtualNetwork() {
local vn_dev_name=$1
local vn_ip_addr=$2
${SUDO} sudo ip link add name ${vn_dev_name} type dummy
${SUDO} sudo ip addr add ${vn_ip_addr}/24 brd + dev ${vn_dev_name}
${SUDO} sudo ip link set ${vn_dev_name} up
}
#param: (dev_name)
function deleteVirtualNetwork() {
local vn_dev_name=$1
${SUDO} sudo ip link set ${vn_dev_name} down
${SUDO} sudo ip link delete ${vn_dev_name}
}
function prepareEnv() {
mkdir -p ${TUNNEL}
echo "close all exiting tunnel"
closeAllTunnel
local id=${1}
shift
for node in $@; do
if ! isAutoLoginEnable clab"${id}"${node}; then
copySshKey root@clab"${id}"${node}.netact.nsn-rdnet.net
getRealLabName clab"${id}"${node}
fi
configServer clab"${id}"${node}
getRealLabName clab"${id}"${node}
done
configLocal ${realLabName}
}
function copySshKey() {
local login=${1}
if [ ! -e "$HOME/.ssh/id_rsa.pub" ]; then
echo "[2clab] ssh key file not found, try to generate"
ssh-keygen -t rsa
if [[ $? -eq 0 ]]; then
echo "[2clab] generate ssh-key successful"
else
echo "[2clab] generate ssh-key failed"
exit 1
fi
fi
#ssh-copy-id -o StrictHostKeyChecking=no -oCheckHostIP=no -i ~/.ssh/id_rsa.pub $LOGIN_ADDR
copyKey ${login}
if [ $? -ne 0 ]; then
ssh-copy-id -o StrictHostKeyChecking=no -oCheckHostIP=no -i ~/.ssh/id_rsa.pub ${login}
fi
echo ${login} >> ~/.ssh/known_clab.txt
}
function copyKey() {
(${DIRNAME}/copykey_expect.sh $1 ~/.ssh/id_rsa.pub)
(${SUDO} ${DIRNAME}/copykey_expect.sh $1 /root/.ssh/id_rsa.pub)
return $?
}
function configLocal() {
local name=${1}
cleanHostFile
addHosts "${name}"
}
function cleanHostFile() {
echo "clean up /etc/hosts file"
${SUDO} "sed '/127.0.0.1 *clab/'d -i /etc/hosts" 1>&2 >>/dev/null
}
function addHosts() {
local name=${1}
addHostToLocal "${name}lbwas.netact.nsn-rdnet.net"
addHostToLocal "${name}lbjbi.netact.nsn-rdnet.net"
addHostToLocal "${name}${DMGR_NODE}.netact.nsn-rdnet.net"
addHostToLocal "${name}node15.netact.nsn-rdnet.net"
addHostToLocal "${name}node02.netact.nsn-rdnet.net"
}
function addHostToLocal() {
local host=$1
local line="127.0.0.1 ${host} ${host%%.*}"
${SUDO} "echo ${line} >> /etc/hosts"
echo "add /etc/hosts: ${line}"
}
function getRealLabName() {
local lab=$(ssh -q -oStrictHostKeyChecking=no -o CheckHostIP=no root@"${1}".netact.nsn-rdnet.net "hostname");
if [[ -z ${lab} ]]; then
echo "this lab is not accessbal";
exit 1;
fi
realLabName=${lab%node*};
}
function configServer() {
echo "config ssh server for ${1}, enabel AllowTcpForwarding";
ssh -q -oStrictHostKeyChecking=no -o CheckHostIP=no root@"${1}".netact.nsn-rdnet.net "sed -i -e '/AllowTcpForwarding/d' -e '/AllowAgentForwarding/i AllowTcpForwarding yes' ${SSHD} && systemctl restart sshd;"
}
function createSvwTunnel() {
mkdir -p ${TUNNEL}
# # mos-be 10443
# ssh -S ${TUNNEL}/tunnel-10443-mos-lsif-test.kong.hycs.sitc:443 -NqfML 10443:mos-lsif-test.kong.hycs.sitc:443 -o StrictHostKeyChecking=no -o CheckHostIP=no j30wu@192.168.56.101
# bidp-kafka-dev
#ssh -S ${TUNNEL}/tunnel-10.160.244.119:9092-10.160.244.119:9092 -NqfML 10.160.244.119:9092:10.160.244.119:9092 -o StrictHostKeyChecking=no -o CheckHostIP=no j30wu@192.168.56.101 #kafka servre
#echo "Tunnel: ${TUNNEL}/tunnel-10.160.244.119:9092-10.160.244.119:9092 created"
#createVirtualNetwork veth0 10.160.244.119
ssh -S ${TUNNEL}/tunnel-3306-rm-uf6p5hor74v945z82.mysql.rds.aliyuncs.com:3306 -NqfML 3306:rm-uf6p5hor74v945z82.mysql.rds.aliyuncs.com:3306 -o StrictHostKeyChecking=no -o CheckHostIP=no j30wu@192.168.56.101 #client connection
echo "Tunnel: ${TUNNEL}/tunnel-3306-rm-uf6p5hor74v945z82.mysql.rds.aliyuncs.com:3306 created"
}
function createBodongLTunnel() {
mkdir -p ${TUNNEL}
# mongosh tunnel
ssh -S ${TUNNEL}/tunnel-"27017"-"hanghai.cloud.bodong.tech:27017" -NqfML 27017:hanghai.cloud.bodong.tech:27017 -o StrictHostKeyChecking=no -o CheckHostIP=no -i /home/j30wu/.ssh/id_rsa.pub -p 8400 ubuntu@dev.bodong.pro
echo "Tunnel: tunnel-27017-hanghai.cloud.bodong.tech:27017 created"
ssh -S ${TUNNEL}/tunnel-"27018"-"mongodb.cloud.bodong.tech:27017" -NqfML 27018:mongodb.cloud.bodong.tech:27017 -o StrictHostKeyChecking=no -o CheckHostIP=no -i /home/j30wu/.ssh/id_rsa.pub -p 8400 ubuntu@dev.bodong.pro
echo "Tunnel: tunnel-27018-mongodb.cloud.bodong.tech:27017 created"
# git
ssh -S ${TUNNEL}/tunnel-"9418"-"mongodb.cloud.bodong.tech:9418" -NqfML 9418:git.bodong.tech:9418 -o StrictHostKeyChecking=no -o CheckHostIP=no -i /home/j30wu/.ssh/id_rsa.pub -p 8400 ubuntu@dev.bodong.pro
echo "Tunnel: tunnel-9418-git.bodong.tech:9418 created"
# socks5
ssh -S ${TUNNEL}/tunnel-"1083"-"socks5" -NqfMD 127.0.0.1:1083 -o StrictHostKeyChecking=no -o CheckHostIP=no -i /home/j30wu/.ssh/id_rsa.pub -p 8400 ubuntu@dev.bodong.pro
echo "Tunnel: sock5-1083 created"
}
function createNtcappLTunnel() {
createLTunnel 17443 "${realLabName}lbwas.netact.nsn-rdnet.net:17443" "${1}.netact.nsn-rdnet.net" #NTACAPP public port for CBAM
createLTunnel 10448 "${realLabName}lbwas.netact.nsn-rdnet.net:10448" "${1}.netact.nsn-rdnet.net" #keyclock public port for OAUTH2.0
createLTunnel 17001 "${realLabName}lbjbi.netact.nsn-rdnet.net:17001" "${1}.netact.nsn-rdnet.net"
createLTunnel 17002 "${realLabName}lbjbi.netact.nsn-rdnet.net:17002" "${1}.netact.nsn-rdnet.net"
createLTunnel 17003 "${realLabName}lbjbi.netact.nsn-rdnet.net:17003" "${1}.netact.nsn-rdnet.net"
createLTunnel 1521 "${realLabName}node02.netact.nsn-rdnet.net:1521" "${1}.netact.nsn-rdnet.net" #ORACLE
createLTunnelSudo 443 "${realLabName}lbwas.netact.nsn-rdnet.net:443" "${1}.netact.nsn-rdnet.net" #LB HTTPS
createLTunnelSudo 80 "${realLabName}lbwas.netact.nsn-rdnet.net:80" "${1}.netact.nsn-rdnet.net" #LB HTTPS
}
function createNtcappRTunnel() {
createRTunnel 9010 "localhost:9010" "${1}.netact.nsn-rdnet.net"
createRTunnel 9020 "localhost:9020" "${1}.netact.nsn-rdnet.net"
createRTunnel 8081 "localhost:8081" "${1}.netact.nsn-rdnet.net"
}
function createMonitorTunnel() {
createLTunnelSudo 443 "${realLabName}lbwas.netact.nsn-rdnet.net:443" "${1}.netact.nsn-rdnet.net" #LB HTTPS
createLTunnelSudo 80 "${realLabName}lbwas.netact.nsn-rdnet.net:80" "${1}.netact.nsn-rdnet.net" #LB HTTPS
createLTunnel 10443 "${realLabName}lbwas.netact.nsn-rdnet.net:10443" "${1}.netact.nsn-rdnet.net" #LB HTTPS
createLTunnel 9810 "${realLabName}lbwas.netact.nsn-rdnet.net:9810" "${1}.netact.nsn-rdnet.net" #LB EJB
createLTunnel 9416 "${realLabName}${DMGR_NODE}.netact.nsn-rdnet.net:9416" "${1}.netact.nsn-rdnet.net" #WAS EJB
createLTunnel 9108 "${realLabName}${DMGR_NODE}.netact.nsn-rdnet.net:9108" "${1}.netact.nsn-rdnet.net" #WAS ORB
createLTunnel 9202 "${realLabName}${DMGR_NODE}.netact.nsn-rdnet.net:9202" "${1}.netact.nsn-rdnet.net" #WAS MUTUALAUTH
createLTunnel 9413 "${realLabName}${DMGR_NODE}.netact.nsn-rdnet.net:9413" "${1}.netact.nsn-rdnet.net" #WAS MUTUALAUTH
createLTunnel 9418 "${realLabName}${DMGR_NODE}.netact.nsn-rdnet.net:9418" "${1}.netact.nsn-rdnet.net" #WAS MUTUALAUTH
createLTunnel 7285 "${realLabName}${DMGR_NODE}.netact.nsn-rdnet.net:7285" "${1}.netact.nsn-rdnet.net" #SIB WAS
createLTunnel 7280 "${realLabName}${DMGR_NODE}.netact.nsn-rdnet.net:7280" "${1}.netact.nsn-rdnet.net" #SIB WAS
}
function createLTunnel() {
local entrance=$1
local exit=$2
local sshServer=$3
ssh -S ${TUNNEL}/tunnel-"${entrance}"-"${exit}" -NqfML ${entrance}:${exit} -o StrictHostKeyChecking=no -o CheckHostIP=no root@${sshServer};
echo "Tunnel: tunnel-${entrance}-${exit} created"
}
function createLTunnelSudo() {
local entrance=$1
local exit=$2
local sshServer=$3
${SUDO} ssh -S ${TUNNEL}/tunnel-"${entrance}"-"${exit}" -NqfML ${entrance}:${exit} -o StrictHostKeyChecking=no -o CheckHostIP=no root@${sshServer}
echo "Tunnel: tunnel-${entrance}-${exit} created"
}
function createRTunnel() {
local entrance=$1
local exit=$2
local sshServer=$3
ssh -S ${TUNNEL}/tunnel-${entrance}-${exit} -NqfMR ${entrance}:${exit} -o StrictHostKeyChecking=no -o CheckHostIP=no root@${sshServer}
echo "Tunnel: tunnel-${entrance}-${exit} created"
}
function stop() {
cleanHostFile
closeAllTunnel
closeVirtualNetwork
}
function closeAllTunnel() {
cd ${TUNNEL} || echo "folder ${TUNNEL} not exist"
tunnels=$(echo *)
cd - 1>&2 >> /dev/null || echo "folder ${TUNNEL} not exist"
if [[ ${tunnels} != "*" ]]; then
#the folder is not empty
for i in ${tunnels}; do
closeTunnel "${i}"
status=$?
if [[ ${status} -ne 0 ]]; then
closeTunnelSudo "${i}"
fi
done
fi
}
function closeTunnelSudo() {
local IFS="-"
local content=($1)
local host=${content[1]}
local port=${content[2]}
IFS=" "
${SUDO} "ssh -S ${TUNNEL}/${1} -O exit root@${host}.netact.nsn-rdnet.net" 2>>/dev/null
local ret=$?
if [[ ${ret} -eq 0 ]]; then
echo "Tunnel: tunnel-$host-$port closed"
fi
return ${ret}
}
function closeVirtualNetwork() {
deleteVirtualNetwork veth0 #for bidp kafka
echo "delete dev veth0 success"
}
function closeTunnel() {
local IFS="-"
local content=($1)
local host=${content[1]}
local port=${content[2]}
ssh -S ${TUNNEL}/"${1}" -O exit root@"${host}".netact.nsn-rdnet.net 2>>/dev/null
local ret=$?
if [[ ${ret} -eq 0 ]]; then
echo "Tunnel: tunnel-$host-$port closed"
fi
return ${ret}
}
function usage() {
cat << endl
This script is used to setup the ssh tunnel ntcapp swm TA
Syntax:
$0
start [lab id] <--monitor|--ntcapp|--bodong|--svw>: start the ssh tunnel between local laptop and clonepool for specific purpose
stop: clear all existing ssh tunnel
[-h|--help]: print the help message
Example:
$0 start 2564: create 3 ssh tunnel for clab2564
$0 stop
endl
}
function main() {
while [[ -n "$1" ]]; do
case $1 in
-h| --help )
usage
exit 0
;;
start ) shift
if [[ -z $1 ]]; then
echo "invalid command, need assign lab id"
usage
exit 1
fi
start $@
exit $?
;;
stop ) shift
stop $@
exit $?
;;
* ) shift
echo "unknow command"
usage
exit 1
esac
done
}
main $@