I wonder in how many ways this will blow up

diff --git a/manifests/site.pp b/manifests/site.pp
index 66d1622..d6ec89f 100644 (file)
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -93,4 +93,7 @@ node default {
     case $hoster {
         "ubcece", "darmstadt", "ftcollins", "grnet":  { include resolv }
     }
+    case $portforwarder_user_exists {
+        "true":    { include portforwarder }
+    }
 }

diff --git a/modules/portforwarder/manifests/init.pp b/modules/portforwarder/manifests/init.pp
new file mode 100644 (file)
index 0000000..54dedb8
--- /dev/null
+++ b/modules/portforwarder/manifests/init.pp
@@ -0,0 +1,30 @@
+class portforwarder {
+    # do not depend on xinetd, yet.  it might uninstall other inetds
+    # for now this will have to be done manually
+    file {
+        "/etc/ssh/userkeys/portforwarder":
+            content => template("portforwarder/authorized_keys.erb"),
+            mode    => 444,
+            ;
+        "/etc/xined.d":
+            ensure  => directory,
+            owner   => root,
+            group   => root,
+            mode    => 755,
+            ;
+        #"/etc/xinetd.d/dsa-portforwader":
+        #    content => template("portforwarder/xinetd.erb"),
+        #    notify  => Exec["xinetd reload"]
+        #    ;
+    }
+
+    exec {
+        "xinetd reload":
+            path        => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
+            refreshonly => true,
+            ;
+    }
+}
+# vim:set et:
+# vim:set ts=4:
+# vim:set shiftwidth=4:

diff --git a/modules/portforwarder/misc/config.yaml b/modules/portforwarder/misc/config.yaml
new file mode 100644 (file)
index 0000000..3f42ecd
--- /dev/null
+++ b/modules/portforwarder/misc/config.yaml
@@ -0,0 +1,9 @@
+--- 
+
+# from host:port to host:port
+master.debian.org:
+  - source_bind_port: 5442
+    target_host: samosa.debian.org
+    target_port: 5441
+
+

diff --git a/modules/portforwarder/templates/authorized_keys.erb b/modules/portforwarder/templates/authorized_keys.erb
new file mode 100644 (file)
index 0000000..fe4ac47
--- /dev/null
+++ b/modules/portforwarder/templates/authorized_keys.erb
@@ -0,0 +1,24 @@
+<%=
+config = YAML.load(File.open('/etc/puppet/modules/portforwarder/misc/config.yaml').read)
+config.each_pair do |sourcehost, services|
+       services.each do |service|
+               next if service['target_host'] != hostname
+
+               sshkey = nil
+               remote_ip = keyinfo[sourcehost][0]['ipHostNumber'].join(',')
+               forward_to_port = service['target_port']
+               local_bind = 127.0.0.2
+
+               lines << "# from #{sourcehost} on local port #{service['source_bind_port']}"
+               if remote_ip.nil? or forward_to_port.nil? or local_bind.nil?
+               #if sshkey.nil? or remote_ip.nil? or forward_to_port.nil? or local_bind.nil?
+                       lines << "# insufficient config values"
+               else
+                       #lines << "from=\"#{remote_ip}\",command=\"/bin/nc -s #{local_bind} 127.0.0.1 #{forward_to_port}\",no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding #{sshkey}"
+                       lines << "#from=\"#{remote_ip}\",command=\"/bin/nc -s #{local_bind} 127.0.0.1 #{forward_to_port}\",no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding <sshkey here>"
+               end
+       end
+end
+lines = []
+lines.join("\n")
+%>