Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
emulab
emulab-devel
Commits
31abea27
Commit
31abea27
authored
May 21, 2014
by
Leigh B Stoller
Browse files
Script to create openvpn certs, as for a private network for ilo
parent
21e6754b
Changes
1
Hide whitespace changes
Inline
Side-by-side
protogeni/scripts/openvpn-setup.in
0 → 100644
View file @
31abea27
#!/usr/bin/perl -w
#
# Copyright (c) 2008-2014 University of Utah and the Flux Group.
#
# {{{GENIPUBLIC-LICENSE
#
# GENI Public License
#
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and/or hardware specification (the "Work") to
# deal in the Work without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense,
# and/or sell copies of the Work, and to permit persons to whom the Work
# is furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Work.
#
# THE WORK IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
# HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
# WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE WORK OR THE USE OR OTHER DEALINGS
# IN THE WORK.
#
# }}}
#
use
strict
;
use
English
;
use
Getopt::
Std
;
#
# Initialize an emulab to act as a protogeni emulab. Add optional -c
# option if this is a clearinghouse.
#
sub
usage
()
{
print
"
Usage: openvpn-setup [-r [-k]]
\n
";
print
"
Options:
\n
";
print
"
-r - Regenerate certs, replacing existing keys/certs
\n
";
print
"
-k - Reuse private keys when using -r option
\n
";
exit
(
1
);
}
my
$optlist
=
"
rk
";
my
$regen
=
0
;
my
$oldkeys
=
0
;
#
# Configure variables
#
my
$TB
=
"
@prefix
@
";
my
$TBOPS
=
"
@TBOPSEMAIL
@
";
my
$OURDOMAIN
=
"
@OURDOMAIN
@
";
my
$PGENIDOMAIN
=
"
@PROTOGENI_DOMAIN
@
";
my
$PGENISUPPORT
=
@PROTOGENI_SUPPORT@
;
my
$PROTOUSER
=
"
elabman
";
my
$MKSYSCERT
=
"
$TB
/sbin/mksyscert
";
my
$WAP
=
"
$TB
/sbin/withadminprivs
";
my
$SERVERCERT
=
"
$TB
/etc/openvpn-server.pem
";
my
$CLIENTCERT
=
"
$TB
/etc/openvpn-client.pem
";
my
$DHFILE
=
"
$TB
/etc/openvpn-dh.pem
";
my
$SUDO
=
"
/usr/local/bin/sudo
";
my
$OPENSSL
=
"
/usr/bin/openssl
";
# un-taint path
$ENV
{'
PATH
'}
=
'
/bin:/usr/bin:/usr/local/bin:/usr/site/bin
';
delete
@ENV
{'
IFS
',
'
CDPATH
',
'
ENV
',
'
BASH_ENV
'};
# Protos
sub
fatal
($);
#
# Turn off line buffering on output
#
$|
=
1
;
# Load the Testbed support stuff.
use
lib
"
@prefix
@/lib
";
use
libtestbed
;
if
(
$UID
!=
0
)
{
fatal
("
Must be root to run this script
\n
");
}
#
# Check args.
#
my
%options
=
();
if
(
!
getopts
(
$optlist
,
\
%options
))
{
usage
();
}
if
(
defined
(
$options
{"
r
"}))
{
$regen
=
1
;
}
if
(
defined
(
$options
{"
k
"}))
{
$oldkeys
=
1
;
}
usage
()
if
(
@ARGV
);
if
(
!
-
e
$SERVERCERT
||
$regen
)
{
my
$keyopt
=
(
$oldkeys
&&
-
e
$SERVERCERT
?
"
-k
$SERVERCERT
"
:
"");
print
"
Creating OpenVPN server certificate ...
\n
";
system
("
$SUDO
-u
$PROTOUSER
$MKSYSCERT
-o
$SERVERCERT
$keyopt
"
.
"
'ProtoGENI OpenVPN Server'
")
==
0
or
fatal
("
Could not generate
$SERVERCERT
");
}
if
(
!
-
e
$CLIENTCERT
||
$regen
)
{
my
$keyopt
=
(
$oldkeys
&&
-
e
$CLIENTCERT
?
"
-k
$CLIENTCERT
"
:
"");
print
"
Creating OpenVPN client certificate ...
\n
";
system
("
$SUDO
-u
$PROTOUSER
$MKSYSCERT
-o
$CLIENTCERT
$keyopt
"
.
"
'ProtoGENI OpenVPN Client'
")
==
0
or
fatal
("
Could not generate
$CLIENTCERT
");
}
if
(
!
-
e
$DHFILE
||
$regen
)
{
print
"
Creating OpenVPN Diffie Hellman key file ...
\n
";
system
("
$OPENSSL
dhparam -out
$DHFILE
1024
")
or
fatal
("
Could not generate
$DHFILE
");
}
exit
(
0
);
sub
fatal
($)
{
my
(
$msg
)
=
@_
;
die
("
*** $0:
\n
"
.
"
$msg
\n
");
}
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment