Commit 31abea27 authored by Leigh B Stoller's avatar Leigh B Stoller
Browse files

Script to create openvpn certs, as for a private network for ilo

parent 21e6754b
#!/usr/bin/perl -w
#
# Copyright (c) 2008-2014 University of Utah and the Flux Group.
#
# {{{GENIPUBLIC-LICENSE
#
# GENI Public License
#
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and/or hardware specification (the "Work") to
# deal in the Work without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense,
# and/or sell copies of the Work, and to permit persons to whom the Work
# is furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Work.
#
# THE WORK IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
# HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
# WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE WORK OR THE USE OR OTHER DEALINGS
# IN THE WORK.
#
# }}}
#
use strict;
use English;
use Getopt::Std;
#
# Initialize an emulab to act as a protogeni emulab. Add optional -c
# option if this is a clearinghouse.
#
sub usage()
{
print "Usage: openvpn-setup [-r [-k]]\n";
print "Options:\n";
print " -r - Regenerate certs, replacing existing keys/certs\n";
print " -k - Reuse private keys when using -r option\n";
exit(1);
}
my $optlist = "rk";
my $regen = 0;
my $oldkeys = 0;
#
# Configure variables
#
my $TB = "@prefix@";
my $TBOPS = "@TBOPSEMAIL@";
my $OURDOMAIN = "@OURDOMAIN@";
my $PGENIDOMAIN = "@PROTOGENI_DOMAIN@";
my $PGENISUPPORT = @PROTOGENI_SUPPORT@;
my $PROTOUSER = "elabman";
my $MKSYSCERT = "$TB/sbin/mksyscert";
my $WAP = "$TB/sbin/withadminprivs";
my $SERVERCERT = "$TB/etc/openvpn-server.pem";
my $CLIENTCERT = "$TB/etc/openvpn-client.pem";
my $DHFILE = "$TB/etc/openvpn-dh.pem";
my $SUDO = "/usr/local/bin/sudo";
my $OPENSSL = "/usr/bin/openssl";
# un-taint path
$ENV{'PATH'} = '/bin:/usr/bin:/usr/local/bin:/usr/site/bin';
delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
# Protos
sub fatal($);
#
# Turn off line buffering on output
#
$| = 1;
# Load the Testbed support stuff.
use lib "@prefix@/lib";
use libtestbed;
if ($UID != 0) {
fatal("Must be root to run this script\n");
}
#
# Check args.
#
my %options = ();
if (! getopts($optlist, \%options)) {
usage();
}
if (defined($options{"r"})) {
$regen = 1;
}
if (defined($options{"k"})) {
$oldkeys = 1;
}
usage()
if (@ARGV);
if (! -e $SERVERCERT || $regen) {
my $keyopt = ($oldkeys && -e $SERVERCERT ? "-k $SERVERCERT" : "");
print "Creating OpenVPN server certificate ...\n";
system("$SUDO -u $PROTOUSER $MKSYSCERT -o $SERVERCERT $keyopt ".
"'ProtoGENI OpenVPN Server'") == 0
or fatal("Could not generate $SERVERCERT");
}
if (! -e $CLIENTCERT || $regen) {
my $keyopt = ($oldkeys && -e $CLIENTCERT ? "-k $CLIENTCERT" : "");
print "Creating OpenVPN client certificate ...\n";
system("$SUDO -u $PROTOUSER $MKSYSCERT -o $CLIENTCERT $keyopt ".
"'ProtoGENI OpenVPN Client'") == 0
or fatal("Could not generate $CLIENTCERT");
}
if (! -e $DHFILE || $regen) {
print "Creating OpenVPN Diffie Hellman key file ...\n";
system("$OPENSSL dhparam -out $DHFILE 1024")
or fatal("Could not generate $DHFILE");
}
exit(0);
sub fatal($)
{
my ($msg) = @_;
die("*** $0:\n".
" $msg\n");
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment