Commit 102f5c7b by iv

re6st: merge the grdn-cfg and grdn-run in a single script grandenet.

1 parent a6678438
#!/bin/bash
# interactively run re6stnet on NayuOS
mountpoint="/media/removable"
configdir="/home/chronos/user/.re6stconf"
configfile="${configdir}/re6stnet.conf"
# shill should not care about these interfaces
blacklist_option="re6stnet-tcp,re6stnet10,re6stnet9,re6stnet8,re6stnet7,re6stnet6,re6stnet5,re6stnet4,re6stnet3,re6stnet2,re6stnet1,tun0,tun1,tun2"
function configure {
configoptions=()
echo "You are going to generate all the files needed to be able to join the Grandenet network, based on re6st: a resilient overlay mesh network providing IPv6 over IPv4."
read -p "token (you can get one on http://www.grandenet.cn): " token
if [ "${token}" == "" ] ; then
echo "No token given. Exiting."
exit 1
fi
read -p "registry [http://re6stnet.grandenet.cn]: " registry
if [ "${registry}" == "" ] ; then
registry="http://re6stnet.grandenet.cn"
fi
read -p "set re6st route as default [Y/n]? " default
if [ "${default}" != "n" -a "${default}" != "N" ] ; then
configoptions+=('default')
fi
re6st-conf --registry "${registry}" --token "${token}" --dir "${configdir}"
printf '%s\n' "${configoptions[@]}" >> "${configfile}"
echo "
:FORWARD ACCEPT [0:0]
:OUTPUT DROP [0:0]
-A INPUT -p udp -m udp --dport 6696 -j ACCEPT
-A INPUT -p udp -m udp --dport 326 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9684 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 50005 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 6696 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 326 -j ACCEPT
" > "${configdir}/ip6tables.conf"
read -p "save configuration on an external device [Y/n]? " save
if [ "$save" != "n" -a "$save" != "N" ] ; then
save=1
if [[ $(ls -d "${mountpoint}"/*) ]]; then
echo "Detected external partitions:"
for mnt in "${mountpoint}"/* ; do
echo " * $mnt"
done
else
echo "no external device partition mounted on ${mountpoint}"
fi
read -e -p "Where the configuration directory should be saved (use tabulation for autocompletion): " place
place+="/re6stconf"
echo "configuration will be saved in $place"
install -d "${place}"
for file in "${configdir}"/* ; do
install "${file}" "${place}"
done
else
echo "Configuration will be placed in ${configfile}, please do a manual backup later or you could lose your access to this network."
fi
}
echo "After answering a few questions, you will connect to the Grandenet network, based on re6st, a resilient overlay mesh network providing IPv6."
if [[ $(pgrep re6stnet) ]] ; then
read -p "re6stnet is already running. Stop it [y/N] ?" stop
if [ "$stop" == "y" -o "$stop" == "Y" ] ; then
echo "Killing re6stnet process..."
killall re6stnet
else
echo "Exiting."
exit 0
fi
fi
# there may be a configuration already installed
usefound="n"
path=""
if [ -r "${configfile}" -a -r "${configdir}/cert.crt" -a -r "${configdir}/cert.key" -a -r "${configdir}/ca.crt" ]; then
read -p "Configuration was found in '${configdir}'. Use it: [Y/n]? (answering n will delete the previous config) " usefound
if [ "$usefound" != "n" -a "$usefound" != "N" ]; then
path=${configdir}
else
rm -R "${configdir}"
fi
fi
# try to find a saved configuration
if [ ! -r "${configfile}" ] ; then
echo "Looking for configuration directory on external devices..."
if [[ $(find "${mountpoint}" -type d | grep re6stconf) ]] ; then
path=$(find "${mountpoint}" -type d | grep -m 1 re6stconf)
read -p "Use configuration directory found at: ${path} [Y/n]? " usefound
else
echo "No configuration directory was found."
fi
fi
install -d "${configdir}"
# don't use possibly found configuration(s)
if [ "$usefound" == "n" -o "$usefound" == "N" ]; then
read -p "Manually give the path (p) or generate new (n) configuration [p/N]? " action
if [ "${action}" == "P" -o "${action}" == "p" ] ; then
read -e -p "Please give a path to the directory containing the re6stnet configuration if you already generated one: " path
if [ "$path" == "" ] ; then
echo "No configuration path given. Exiting."
exit 1
fi
else
configure || ( echo "Problem occured while generating new configuration. Exiting." && exit 1 )
path=${configdir}
fi
fi
# copy the config if needed got by previous steps
if [ ${path}=${configdir} ]; then
echo "Using configuration in place."
elif [ ! -d "$path" ] ; then
echo "Invalid path '${path}'. Exiting."
exit 1
elif [ -r "${path}/re6stnet.conf" -a -r "${path}/cert.crt" -a -r "${path}/cert.key" -a -r "${path}/ca.crt" ]; then
echo "Copying config to '${configdir}'."
for file in "${path}"/* ; do
install -m 600 "${file}" "${configdir}"
done
else
echo "Missing some configuration files in '${path}'. Exiting."
exit 1
fi
# saving current firewall configuration
ip6tables-save > "${configdir}/ip6tables.save"
cp "${configdir}/ip6tables.save" "${configdir}/current_ip6tables.conf"
# function to clean up and exit
cleanup() {
printf "\nCleaning up and exiting...\n"
if [ -r "${configdir}/ip6tables.save" ] ; then
echo "Removing changes in ip6tables rules"
ip6tables-restore < "${configdir}/ip6tables.save"
rm "${configdir}/ip6tables.save"
rm "${configdir}/current_ip6tables.conf"
fi
echo ""
exit 0
}
trap cleanup SIGHUP SIGINT SIGTERM
# firewall configuration
if [ -r "${configdir}/ip6tables.conf" ] ; then
# remove line containing "COMMIT"
sed -i '/COMMIT/d' "${configdir}/current_ip6tables.conf"
# add few rules
cat "${configdir}/ip6tables.conf" >> "${configdir}/current_ip6tables.conf"
# putting "COMMIT" line back
echo "COMMIT" >> "${configdir}/current_ip6tables.conf"
ip6tables-restore < "${configdir}/current_ip6tables.conf"
else
# accept ports needed for re6stnet
ip6tables -P FORWARD ACCEPT
ip6tables -A OUTPUT -p udp --dport 6696 -j ACCEPT
ip6tables -A OUTPUT -p udp --dport 326 -j ACCEPT
ip6tables -A INPUT -p udp --dport 6696 -j ACCEPT
ip6tables -A INPUT -p udp --dport 326 -j ACCEPT
# Accept ports needed for running any webrunner
ip6tables -A INPUT -p tcp --dport 9684 -j ACCEPT
ip6tables -A INPUT -p tcp --dport 50005 -j ACCEPT
fi
# setup shill network manager
if [[ $( pgrep -a shill | grep ${blacklist_option} ) ]] ; then
echo "shill was started with the right blacklist."
else
read -p "The network manager shill was not started with the right blacklisted devices list. Restart it [Y/n]? " confirm
if [ "$confirm" != "n" -a "$confirm" != "N" ] ; then
if [[ $( status shill_respawn | grep running ) ]] ; then
# shill_respawn job does not allow to pass arguments to shill
stop shill_respawn
fi
if [[ $( status shill | grep running ) ]] ; then
stop shill
fi
start shill BLACKLISTED_DEVICES="${blacklist_option}"
# wait a bit for the interfaces to be back
for i in {0..4} ; do
echo -n "." ; sleep 1
done
echo ""
fi
fi
read -p "Should the interface accept router advertisement via IPv6 [y/N]? " accept_ra
interface="$( ip -o link show | grep 'state UP' | awk -F': ' '{print $2}')"
read -p "Is '${interface}' the name of the interface that is used to access the Internet (via IPv4) [Y/n]? " confirm
if [ "$confirm" != "y" -a "$confirm" != "Y" -a "$confirm" != "" ] ; then
echo "running interfaces found:"
echo "$( ip -o link show | awk -F': ' '{print $2}' )"
read -p "name of the interface used to access the Internet (via IPv4): " interface
fi
if [ accept_ra == "y" -o accept_ra == "Y" ] ; then
sysctl net.ipv6.conf."${interface}".accept_ra=1
else
sysctl net.ipv6.conf."${interface}".accept_ra=0
fi
echo "re6st will start, it may take a few minutes before beeing usable"
# wait a bit, so the user can see it and the message is not lost among re6st log
for i in {0..2} ; do
echo -n "." ; sleep 1
done
echo ""
while [[ $( grep default "${configfile}" ) && $( ip -6 r | grep default ) ]] ; do
printf "Default route was found for interface '${interface}':\n $( ip -6 r | grep default )\nwhereas option 'default' is in ${configfile}.\n"
read -p "Use ip route (i) or try restarting shill (s) [I/s]: " choice
if [ "$choice" != "s" -a "$confirm" != "S" ] ; then
route="$( ip -6 r | grep default | sed 's/ dev .*//' )"
ip -6 route del ${route}
echo removed route: "${route}"
else
restart shill BLACKLISTED_DEVICES="${blacklist_option}"
fi
done
# join re6st network
cd "${configdir}"
re6stnet @re6stnet.conf
#!/bin/bash
# interactively generate configuration for re6st on NayuOS
mountpoint="/media/removable"
configdir="/home/chronos/user/.re6stconf"
configfile="${configdir}/re6stnet.conf"
options=()
install -d "${configdir}"
echo "After having run this script, you will be able to join the Grandenet network, based on re6st, a resilient overlay mesh network providing IPv6."
read -p "token (you can get one on http://www.grandenet.cn): " token
read -p "registry [http://re6stnet.grandenet.cn]: " registry
if [ "${registry}" == "" ] ; then
registry="http://re6stnet.grandenet.cn"
fi
read -p "set re6st route as default [Y/n]? " default
if [ "${default}" == "y" -o "${default}" == "Y" -o "${default}" == "" ] ; then
options+=('default')
fi
read -p "save configuration on an external device [Y/n]? " save
if [ "$save" == "y" -o "$save" == "Y" -o "$save" == "" ] ; then
save=1
if [[ $(ls -d "${mountpoint}"/*) ]]; then
echo "Detected external partitions:"
for mnt in /media/removable/* ; do
echo " * $mnt"
done
else
echo "no external device partition mounted on /media/removable"
fi
read -e -p "Where the configuration directory should be saved (use tabulation for autocompletion): " place
place+="/re6stconf"
echo "configuration will be saved in $place"
else
save=0
echo "Configuration will be placed in ${configfile}, please do manually backup later or you could lose your access."
fi
re6st-conf --registry "${registry}" --token "${token}" --dir "${configdir}"
printf '%s\n' "${options[@]}" >> "${configfile}"
echo "
:FORWARD ACCEPT [0:0]
:OUTPUT DROP [0:0]
-A INPUT -p udp -m udp --dport 6696 -j ACCEPT
-A INPUT -p udp -m udp --dport 326 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9684 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 50005 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 6696 -j ACCEPT
-A OUTPUT -p udp -m udp --dport 326 -j ACCEPT
" > "${configdir}/ip6tables.conf"
if [ $save -a $place ] ; then
sudo install -d "${place}"
for file in "${configdir}"/* ; do
install "${file}" "${place}"
done
fi
echo "Use grdn-run command to run re6st."
#!/bin/bash
# interactively run re6stnet on NayuOS
mountpoint="/media/removable"
configdir="/home/chronos/user/.re6stconf"
configfile="${configdir}/re6stnet.conf"
# shill should not care about these devices
blacklist_option="re6stnet-tcp,re6stnet10,re6stnet9,re6stnet8,re6stnet7,re6stnet6,re6stnet5,re6stnet4,re6stnet3,re6stnet2,re6stnet1,tun0,tun1,tun2"
echo "After having run this script, you will connect to the Grandenet network, based on re6st, a resilient overlay mesh network providing IPv6."
if [[ $(pgrep re6stnet) ]] ; then
read -p "re6stnet is already running. Stop it [y/N] ?" stop
if [ "$stop" == "y" -o "$stop" == "Y" ] ; then
echo "Killing re6stnet process..."
killall re6stnet
else
echo "Exiting."
exit 0
fi
fi
# get configuration
if [ -r "${configfile}" -a -r "${configdir}/cert.crt" -a -r "${configdir}/cert.key" -a -r "${configdir}/ca.crt" ]; then
echo "configuration was found in ${configdir}"
else
echo "no configuration was found in ${configdir}, looking for it elsewhere..."
path=""
if [[ $(find "${mountpoint}" -type d | grep re6stconf) ]] ; then
tempath=$(find "${mountpoint}" -type d | grep -m 1 re6stconf)
read -p "Use configuration directory found at: ${tempath} [Y/n]? " confirm
if [ "${confirm}" == "y" -o "${confirm}" == "Y" -o "${confirm}" == "" ] ; then
path=$tempath
fi
else
echo "no configuration directory was found"
fi
if [ "$path" == "" ] ; then
read -e -p "please give a path to the directory containing the re6stnet configuration if you already generated one: " path
if [ "$path" == "" ] ; then
echo "No configuration given, you can generate one using grdn-cfg command. Exiting."
exit 1
fi
fi
if [ ! -d "$path" ] ; then
echo "Invalid path ${path}, you can generate a valid configuration using grdn-cfg command. Exiting."
exit 1
fi
if [ -r "${path}/re6stnet.conf" -a -r "${path}/cert.crt" -a -r "${path}/cert.key" -a -r "${path}/ca.crt" ]; then
install -d "${configdir}"
for file in "${path}"/* ; do
install -m 600 "${file}" "${configdir}"
done
else
echo "Missing some configuration files in ${path}, you can generate a valid configuration using grdn-cfg command. Exiting."
exit 1
fi
fi
# setup
# saving firewall configuration
ip6tables-save > "${configdir}/ip6tables.save"
cp "${configdir}/ip6tables.save" "${configdir}/current_ip6tables.conf"
# clean before exiting
cleanup() {
printf "\nCleaning up and exiting...\n"
if [ -r "${configdir}/ip6tables.save" ] ; then
echo "Removing changes in ip6tables rules"
ip6tables-restore < "${configdir}/ip6tables.save"
rm "${configdir}/ip6tables.save"
rm "${configdir}/current_ip6tables.conf"
fi
echo ""
exit 0
}
trap cleanup SIGHUP SIGINT SIGTERM
# firewall configuration
if [ -r "${configdir}/ip6tables.conf" ] ; then
# remove line containing "COMMIT"
sed -i '/COMMIT/d' "${configdir}/current_ip6tables.conf"
# add few rules
cat "${configdir}/ip6tables.conf" >> "${configdir}/current_ip6tables.conf"
# putting "COMMIT" line back
echo "COMMIT" >> "${configdir}/current_ip6tables.conf"
ip6tables-restore < "${configdir}/current_ip6tables.conf"
else
# accept ports needed for re6stnet
ip6tables -P FORWARD ACCEPT
ip6tables -A OUTPUT -p udp --dport 6696 -j ACCEPT
ip6tables -A OUTPUT -p udp --dport 326 -j ACCEPT
ip6tables -A INPUT -p udp --dport 6696 -j ACCEPT
ip6tables -A INPUT -p udp --dport 326 -j ACCEPT
# Accept ports needed for running any webrunner
ip6tables -A INPUT -p tcp --dport 9684 -j ACCEPT
ip6tables -A INPUT -p tcp --dport 50005 -j ACCEPT
fi
# setup shill network manager
if [[ $( pgrep -a shill | grep ${blacklist_option} ) ]] ; then
echo "shill was started with the right blacklist."
else
read -p "The network manager shill was not started with the right blacklisted devices list. Restart it [Y/n]? " confirm
if [ "$confirm" != "n" -a "$confirm" != "N" ] ; then
if [[ $( status shill_respawn | grep running ) ]] ; then
# shill_respawn job does not allow to pass arguments to shill
stop shill_respawn
fi
if [[ $( status shill | grep running ) ]] ; then
stop shill
fi
start shill BLACKLISTED_DEVICES="${blacklist_option}"
# wait a bit for the interfaces to be back
for i in {0..4} ; do
echo -n "." ; sleep 1
done
echo ""
fi
fi
read -p "Should the interface accept router advertisement via IPv6 [y/N]? " accept_ra
interface="$( ip -o link show | grep 'state UP' | awk -F': ' '{print $2}')"
read -p "Is '${interface}' the name of the interface that is used to access the Internet (via IPv4) [Y/n]? " confirm
if [ "$confirm" != "y" -a "$confirm" != "Y" -a "$confirm" != "" ] ; then
echo "running interfaces found:"
echo "$( ip -o link show | awk -F': ' '{print $2}' )"
read -p "name of the interface used to access the Internet (via IPv4): " interface
fi
if [ accept_ra == "y" -o accept_ra == "Y" ] ; then
sysctl net.ipv6.conf."${interface}".accept_ra=1
else
sysctl net.ipv6.conf."${interface}".accept_ra=0
fi
echo "re6st will start, it may take a few minutes before beeing usable"
# wait a bit, so the user can see it and the message is not lost among re6st log
for i in {0..2} ; do
echo -n "." ; sleep 1
done
echo ""
while [[ $( grep default "${configfile}" ) && $( ip -6 r | grep default ) ]] ; do
printf "Default route was found for interface '${interface}':\n $( ip -6 r | grep default )\nwhereas option 'default' is in ${configfile}.\n"
read -p "Use ip route (i) or try restarting shill (s) [I/s]: " choice
if [ "$choice" != "s" -a "$confirm" != "S" ] ; then
route="$( ip -6 r | grep default | sed 's/ dev .*//' )"
ip -6 route del ${route}
echo removed route: "${route}"
else
restart shill BLACKLISTED_DEVICES="${blacklist_option}"
fi
done
# join re6st network
cd "${configdir}"
re6stnet @re6stnet.conf
......@@ -42,6 +42,6 @@ python_compile() {
}
python_install() {
dobin "${FILESDIR}"/grdn-cfg "${FILESDIR}"/grdn-run
dobin "${FILESDIR}"/grandenet
distutils-r1_python_install
}
Styling with Markdown is supported
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!