[tor-commits] [oonib/master] Update initialize.sh script for MLAB deployment

isis at torproject.org isis at torproject.org
Wed May 15 22:53:57 UTC 2013 

commit c02b4a1770ed965067980f277e9d22a2671d9ddb
Author: aagbsn <aagbsn at extc.org>
Date:   Tue May 14 20:20:51 2013 +0000

    Update initialize.sh script for MLAB deployment
    
    * Sets the UID and GID to drop privileges to in oonib.conf
    * Randomly selects either the tcp or http helper service to bind on port 80
    * Removes the iptables rules that are no longer needed.
---
 scripts/init/initialize.sh |   39 +++++++++++++++++++++------------------
 1 files changed, 21 insertions(+), 18 deletions(-)

diff --git a/scripts/init/initialize.sh b/scripts/init/initialize.sh
index c15fdc5..3196f16 100755
--- a/scripts/init/initialize.sh
+++ b/scripts/init/initialize.sh
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash
 
 # 1. Fetch any dependencies
 # we should have everything in the virtualenv? Or do we need to also get some
@@ -28,35 +28,38 @@ openssl x509 -req -days 365 -in server.csr -signkey private.key -out certificate
 rm private.key.org
 rm cert.pass
 
-# Set up our firewall rules
-# XXX: Confirm that sudo will work with MLAB.
-# Map port 80 to config.helpers.http_return_request.port  (default: 57001)
-sudo iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 57001
-# Map port 443 to config.helpers.ssl.port  (default: 57006)
-sudo iptables -t nat -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 57006
-# Map port 53 udp to config.helpers.dns.udp_port (default: 57004)
-sudo iptables -t nat -A PREROUTING -p udp -m udp --dport 53 -j REDIRECT --to-ports 57004
-# Map port 53 tcp to config.helpers.dns.tcp_port (default: 57005)
-sudo iptables -t nat -A PREROUTING -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 57005
+# get the UID and GID to drop privileges to
+OONIB_UID=`id -u $SLICENAME`
+OONIB_GID=`id -g $SLICENAME`
+
+# randomly select either a tcp backend helper or a http backend helper to listen on port 80. Otherwise, bind to port 81
+coin=$[$RANDOM % 2]
+if [[ $coin > 0 ]]; then
+  TCP_ECHO_PORT=80
+  HTTP_ECHO_PORT=81
+else
+  TCP_ECHO_PORT=81
+  HTTP_ECHO_PORT=80
+fi
 
 # drop a config in $SCRIPT_ROOT
 echo "
 main:
     report_dir: '/var/spool/$SLICENAME'
     tor_datadir: 
-    database_uri: 'sqlite:"$SCRIPT_ROOT"//oonib_test_db.db'
+    database_uri: 'sqlite://"$SCRIPT_ROOT"/oonib_test_db.db'
     db_threadpool_size: 10
     tor_binary: '"$SCRIPT_ROOT"/bin/tor'
     tor2webmode: true
     pidfile: 'oonib.pid'
-    nodaemon: true
+    nodaemon: false
     originalname: Null
     chroot: Null
     rundir: .
     umask: Null
     euid: Null
-    uid: Null
-    gid: Null
+    uid: $OONIB_UID
+    gid: $OONIB_GID
     uuid: Null
     no_save: true
     profile: Null
@@ -64,11 +67,11 @@ main:
 
 helpers:
     http_return_request:
-        port: 57001
+        port: $HTTP_ECHO_PORT
         server_version: Apache
 
     tcp_echo:
-        port: 57002
+        port: $TCP_ECHO_PORT
 
     daphn3:
         yaml_file: Null
@@ -82,4 +85,4 @@ helpers:
     ssl:
         private_key: '"$SCRIPT_ROOT"/private.key'
         certificate: '"$SCRIPT_ROOT"/certificate.crt'
-        port: 57006" > $SCRIPT_ROOT/oonib.conf
+        port: 443" > $SCRIPT_ROOT/oonib.conf

More information about the tor-commits mailing list