opuppet/module-sshd
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Merge branch 'autossh' into 'master'

Browse source 
autossh support

this series of commits adds support for autossh, to automatically create a tunnel with port forwarding.

we use this to login to *really* remote servers reliably, behind multiple NATs and satellite connexions.

it rocks.

See merge request !18
This commit is contained in:
Micah 2015-10-09 19:02:41 +00:00
commit b3e81589ee
2 changed files with 204 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

164
files/autossh.init.d Normal file
View file

@ -0,0 +1,164 @@
#!/bin/sh
### BEGIN INIT INFO
# Provides: AutoSSH
# Required-Start: $local_fs $network $remote_fs $syslog
# Required-Stop: $local_fs $network $remote_fs $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: start the autossh daemon
# Description: start the autossh daemon
### END INIT INFO
# Author: Antoine Beaupré <anarcat@koumbit.org>
# Do NOT "set -e"
# PATH should only include /usr/* if it runs after the mountnfs.sh script
PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC="autossh"
NAME=autossh
USER=$NAME
DAEMON=/usr/bin/autossh
DAEMON_ARGS="-f"
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
# Read configuration variable file if it is present
[ -r /etc/default/$NAME ] && . /etc/default/$NAME
AUTOSSH_PIDFILE=$PIDFILE
export AUTOSSH_PIDFILE
# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0
# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh
# Define LSB log_* functions.
# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
# and status_of_proc is working.
. /lib/lsb/init-functions
#
# Function that starts the daemon/service
#
do_start()
{
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
start-stop-daemon --start --quiet --user $USER --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
|| return 1
start-stop-daemon --start --quiet --user $USER --chuid $USER --pidfile $PIDFILE --exec $DAEMON -- \
$DAEMON_ARGS \
|| return 2
# The above code will not work for interpreted scripts, use the next
# six lines below instead (Ref: #643337, start-stop-daemon(8) )
#start-stop-daemon --start --quiet --pidfile $PIDFILE --startas $DAEMON \
# --name $NAME --test > /dev/null \
# || return 1
#start-stop-daemon --start --quiet --pidfile $PIDFILE --startas $DAEMON \
# --name $NAME -- $DAEMON_ARGS \
# || return 2
# Add code here, if necessary, that waits for the process to be ready
# to handle requests from services started subsequently which depend
# on this one. As a last resort, sleep for some time.
}
#
# Function that stops the daemon/service
#
do_stop()
{
# Return
# 0 if daemon has been stopped
# 1 if daemon was already stopped
# 2 if daemon could not be stopped
# other if a failure occurred
start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --user $USER --name $NAME
RETVAL="$?"
[ "$RETVAL" = 2 ] && return 2
# Wait for children to finish too if this is a daemon that forks
# and if the daemon is only ever run from this initscript.
# If the above conditions are not satisfied then add some other code
# that waits for the process to drop all resources that could be
# needed by services started subsequently. A last resort is to
# sleep for some time.
start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --user $USER --exec $DAEMON
[ "$?" = 2 ] && return 2
# Many daemons don't delete their pidfiles when they exit.
rm -f $PIDFILE
return "$RETVAL"
}
#
# Function that sends a SIGHUP to the daemon/service
#
do_reload() {
#
# If the daemon can reload its configuration without
# restarting (for example, when it is sent a SIGHUP),
# then implement that here.
#
start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME
return 0
}
case "$1" in
start)
[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
do_start
case "$?" in
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
;;
stop)
[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
do_stop
case "$?" in
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
;;
status)
status_of_proc -p "$PIDFILE" "$DAEMON" "$NAME" && exit 0 || exit $?
;;
reload|force-reload)
log_daemon_msg "Reloading $DESC" "$NAME"
do_reload
log_end_msg $?
;;
restart)
#
# If the "reload" option is implemented then remove the
# 'force-reload' alias
#
log_daemon_msg "Restarting $DESC" "$NAME"
do_stop
case "$?" in
0|1)
do_start
case "$?" in
0) log_end_msg 0 ;;
1) log_end_msg 1 ;; # Old process is still running
*) log_end_msg 1 ;; # Failed to start
esac
;;
*)
# Failed to stop
log_end_msg 1
;;
esac
;;
*)
#echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
exit 3
;;
esac
:

40
manifests/autossh.pp Normal file
View file

@ -0,0 +1,40 @@
class sshd::autossh($host,
$port = undef, # this should be a remote->local hash
$remote_user = undef,
$user = 'root',
$pidfile = '/var/run/autossh.pid',
) {
if $port {
$port_ensure = $port
}
else {
# random port between 10000 and 20000
$port_ensure = fqdn_rand(10000) + 10000
}
if $remote_user {
$remote_user_ensure = $remote_user
}
else {
$remote_user_ensure = "host-$fqdn"
}
file {
'/etc/init.d/autossh':
mode => '0555',
source => 'puppet:///modules/sshd/autossh.init.d';
'/etc/default/autossh':
mode => '0444',
content => "USER=$user\nPIDFILE=$pidfile\nDAEMON_ARGS='-M0 -f -o ServerAliveInterval=15 -o ServerAliveCountMax=4 -q -N -R $port_ensure:localhost:22 $remote_user_ensure@$host'\n";
}
package { 'autossh':
ensure => present,
}
service { 'autossh':
ensure => running,
enable => true,
subscribe => [
File['/etc/init.d/autossh'],
File['/etc/default/autossh'],
Package['autossh'],
],
}
}