[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [oonib/master] Update initialize.sh script for MLAB deployment
commit c02b4a1770ed965067980f277e9d22a2671d9ddb
Author: aagbsn <aagbsn@xxxxxxxx>
Date: Tue May 14 20:20:51 2013 +0000
Update initialize.sh script for MLAB deployment
* Sets the UID and GID to drop privileges to in oonib.conf
* Randomly selects either the tcp or http helper service to bind on port 80
* Removes the iptables rules that are no longer needed.
---
scripts/init/initialize.sh | 39 +++++++++++++++++++++------------------
1 files changed, 21 insertions(+), 18 deletions(-)
diff --git a/scripts/init/initialize.sh b/scripts/init/initialize.sh
index c15fdc5..3196f16 100755
--- a/scripts/init/initialize.sh
+++ b/scripts/init/initialize.sh
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
# 1. Fetch any dependencies
# we should have everything in the virtualenv? Or do we need to also get some
@@ -28,35 +28,38 @@ openssl x509 -req -days 365 -in server.csr -signkey private.key -out certificate
rm private.key.org
rm cert.pass
-# Set up our firewall rules
-# XXX: Confirm that sudo will work with MLAB.
-# Map port 80 to config.helpers.http_return_request.port (default: 57001)
-sudo iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 57001
-# Map port 443 to config.helpers.ssl.port (default: 57006)
-sudo iptables -t nat -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 57006
-# Map port 53 udp to config.helpers.dns.udp_port (default: 57004)
-sudo iptables -t nat -A PREROUTING -p udp -m udp --dport 53 -j REDIRECT --to-ports 57004
-# Map port 53 tcp to config.helpers.dns.tcp_port (default: 57005)
-sudo iptables -t nat -A PREROUTING -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 57005
+# get the UID and GID to drop privileges to
+OONIB_UID=`id -u $SLICENAME`
+OONIB_GID=`id -g $SLICENAME`
+
+# randomly select either a tcp backend helper or a http backend helper to listen on port 80. Otherwise, bind to port 81
+coin=$[$RANDOM % 2]
+if [[ $coin > 0 ]]; then
+ TCP_ECHO_PORT=80
+ HTTP_ECHO_PORT=81
+else
+ TCP_ECHO_PORT=81
+ HTTP_ECHO_PORT=80
+fi
# drop a config in $SCRIPT_ROOT
echo "
main:
report_dir: '/var/spool/$SLICENAME'
tor_datadir:
- database_uri: 'sqlite:"$SCRIPT_ROOT"//oonib_test_db.db'
+ database_uri: 'sqlite://"$SCRIPT_ROOT"/oonib_test_db.db'
db_threadpool_size: 10
tor_binary: '"$SCRIPT_ROOT"/bin/tor'
tor2webmode: true
pidfile: 'oonib.pid'
- nodaemon: true
+ nodaemon: false
originalname: Null
chroot: Null
rundir: .
umask: Null
euid: Null
- uid: Null
- gid: Null
+ uid: $OONIB_UID
+ gid: $OONIB_GID
uuid: Null
no_save: true
profile: Null
@@ -64,11 +67,11 @@ main:
helpers:
http_return_request:
- port: 57001
+ port: $HTTP_ECHO_PORT
server_version: Apache
tcp_echo:
- port: 57002
+ port: $TCP_ECHO_PORT
daphn3:
yaml_file: Null
@@ -82,4 +85,4 @@ helpers:
ssl:
private_key: '"$SCRIPT_ROOT"/private.key'
certificate: '"$SCRIPT_ROOT"/certificate.crt'
- port: 57006" > $SCRIPT_ROOT/oonib.conf
+ port: 443" > $SCRIPT_ROOT/oonib.conf
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits