From: Peter Palfrader <peter@palfrader.org>
Date: Sun, 21 Feb 2010 14:02:15 +0000 (+0100)
Subject: I wonder in how many ways this will blow up
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=571572f372320efab5230dc52f7591ba0d2831ef;p=mirror%2Fdsa-puppet.git

I wonder in how many ways this will blow up
---

diff --git a/manifests/site.pp b/manifests/site.pp
index 66d16224d..d6ec89f64 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -93,4 +93,7 @@ node default {
     case $hoster {
         "ubcece", "darmstadt", "ftcollins", "grnet":  { include resolv }
     }
+    case $portforwarder_user_exists {
+        "true":    { include portforwarder }
+    }
 }
diff --git a/modules/portforwarder/manifests/init.pp b/modules/portforwarder/manifests/init.pp
new file mode 100644
index 000000000..54dedb854
--- /dev/null
+++ b/modules/portforwarder/manifests/init.pp
@@ -0,0 +1,30 @@
+class portforwarder {
+    # do not depend on xinetd, yet.  it might uninstall other inetds
+    # for now this will have to be done manually
+    file {
+        "/etc/ssh/userkeys/portforwarder":
+            content => template("portforwarder/authorized_keys.erb"),
+            mode    => 444,
+            ;
+        "/etc/xined.d":
+            ensure  => directory,
+            owner   => root,
+            group   => root,
+            mode    => 755,
+            ;
+        #"/etc/xinetd.d/dsa-portforwader":
+        #    content => template("portforwarder/xinetd.erb"),
+        #    notify  => Exec["xinetd reload"]
+        #    ;
+    }
+
+    exec {
+        "xinetd reload":
+            path        => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
+            refreshonly => true,
+            ;
+    }
+}
+# vim:set et:
+# vim:set ts=4:
+# vim:set shiftwidth=4:
diff --git a/modules/portforwarder/misc/config.yaml b/modules/portforwarder/misc/config.yaml
new file mode 100644
index 000000000..3f42ecde8
--- /dev/null
+++ b/modules/portforwarder/misc/config.yaml
@@ -0,0 +1,9 @@
+--- 
+
+# from host:port to host:port
+master.debian.org:
+  - source_bind_port: 5442
+    target_host: samosa.debian.org
+    target_port: 5441
+
+
diff --git a/modules/portforwarder/templates/authorized_keys.erb b/modules/portforwarder/templates/authorized_keys.erb
new file mode 100644
index 000000000..fe4ac4745
--- /dev/null
+++ b/modules/portforwarder/templates/authorized_keys.erb
@@ -0,0 +1,24 @@
+<%=
+config = YAML.load(File.open('/etc/puppet/modules/portforwarder/misc/config.yaml').read)
+config.each_pair do |sourcehost, services|
+	services.each do |service|
+		next if service['target_host'] != hostname
+
+		sshkey = nil
+		remote_ip = keyinfo[sourcehost][0]['ipHostNumber'].join(',')
+		forward_to_port = service['target_port']
+		local_bind = 127.0.0.2
+
+		lines << "# from #{sourcehost} on local port #{service['source_bind_port']}"
+		if remote_ip.nil? or forward_to_port.nil? or local_bind.nil?
+		#if sshkey.nil? or remote_ip.nil? or forward_to_port.nil? or local_bind.nil?
+			lines << "# insufficient config values"
+		else
+			#lines << "from=\"#{remote_ip}\",command=\"/bin/nc -s #{local_bind} 127.0.0.1 #{forward_to_port}\",no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding #{sshkey}"
+			lines << "#from=\"#{remote_ip}\",command=\"/bin/nc -s #{local_bind} 127.0.0.1 #{forward_to_port}\",no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding <sshkey here>"
+		end
+	end
+end
+lines = []
+lines.join("\n")
+%>