modules/portforwarder/templates/authorized_keys.erb

   1 <%=
   2 def getportforwarderkey(host)
   3         key = nil
   4         begin
   5                 facts = YAML.load(File.open("/var/lib/puppet/yaml/facts/#{host}.yaml").read)
   6                 return facts.values['portforwarder_key']
   7         rescue Exception => e
   8         end
   9         return key
  10 end
  11
  12
  13 lines = []
  14 config = YAML.load(File.open('/etc/puppet/modules/portforwarder/misc/config.yaml').read)
  15 config.each_pair do |sourcehost, services|
  16         allowed_ports = []
  17
  18         ##lines << "# sourcehost is #{sourcehost}"
  19         services.each do |service|
  20                 ##lines << "# targethost is #{service['target_host']}, my hostname #{hostname}, fqdn is #{fqdn}"
  21                 next if service['target_host'] != fqdn
  22                 allowed_ports << service['target_port'] if service['target_port']
  23         end
  24
  25         if allowed_ports.length > 0
  26                 sshkey = getportforwarderkey(sourcehost)
  27                 remote_ip = keyinfo[sourcehost][0]['ipHostNumber'].join(',')
  28                 local_bind = '127.101.%d.%d'%[ (sourcehost.hash / 256 % 256), sourcehost.hash % 256 ]
  29
  30                 lines << "# from #{sourcehost}"
  31                 if sshkey.nil? or remote_ip.nil? or local_bind.nil?
  32                         lines << "# insufficient config values"
  33                 else
  34                         command = "/usr/bin/portforwarder-ssh-wrap #{sourcehost} #{local_bind} #{allowed_ports.join(' ')}"
  35                         lines << "from=\"#{remote_ip}\",command=\"#{command}\",no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding #{sshkey}"
  36                 end
  37         end
  38 end
  39 lines.join("\n")
  40 %>