Created
October 10, 2014 17:14
-
-
Save robbwagoner/8b43f86065bf30342d4f to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # vim: autoindent tabstop=2 shiftwidth=2 expandtab softtabstop=2 filetype=sh | |
| # -------------------------------------------- | |
| # Firewall Knock Operator wrapper script | |
| # -------------------------------------------- | |
| # Robb Wagoner <[email protected]> | |
| # | |
| # TODO: Use getopt to process arguments | |
| # TODO: Add function to print script usage | |
| # | |
| # | |
| # Usage: | |
| # | |
| # simple: execute with the first argument the name of the FWKnop/SPA server | |
| PROGNAME=$(basename $0) | |
| GPG=false # default: don't do gpg | |
| SPA=true # default: use SPA - fwknop | |
| COLOR=true # default: color tabs for the terminal windows | |
| # Teminal program-specific | |
| case $TERM_PROGRAM in | |
| ( iTerm.app ) COLOR_COMMAND="iTerm2-tab-color.sh" ;; | |
| ( * ) COLOR_COMMAND=true ;; # no-op | |
| esac | |
| function tab-color() { | |
| declare COLOR=$1 | |
| if which $COLOR_COMMAND >/dev/null ; then | |
| $COLOR_COMMAND $COLOR | |
| fi | |
| } | |
| # ---------------------------------------- | |
| # What FWKnop Server are we connecting to? | |
| # ---------------------------------------- | |
| shopt -s extglob # do extended globbing for matching patterns | |
| case $PROGNAME in | |
| # ------------------------------------ | |
| # Shortcut names using symlinks | |
| # ------------------------------------ | |
| # us, us-east, prod, production | |
| us?(-east) | prod | production ) | |
| FWKNOP_SERVER=meta.us-east.fabricww.com | |
| ;; | |
| us-vpc ) | |
| FWKNOP_SERVER=meta-vpc.us-east.fabricww.com | |
| ;; | |
| eu?(-west) ) | |
| FWKNOP_SERVER=meta.eu-west.fabricww.com | |
| ;; | |
| eu-vpc ) | |
| FWKNOP_SERVER=meta-vpc.eu-west.fabricww.com | |
| ;; | |
| integ | integration ) | |
| FWKNOP_SERVER=meta.us-east.integration.fabricww.com | |
| ;; | |
| mtech ) | |
| FWKNOP_SERVER=meta.us-east.$PROGNAME.fabricww.com | |
| SPA=false # for now | |
| ;; | |
| dev | dev2 ) | |
| FWKNOP_SERVER=meta.$PROGNAME.fabricww.com | |
| ;; | |
| # ------------------------------------ | |
| # Normal way: pass server hostname as argument | |
| # ------------------------------------ | |
| connect ) # the default name of this script | |
| FWKNOP_SERVER=$1 | |
| shift | |
| ;; | |
| * ) | |
| echo "ERROR: unknown connection name '$PROGNAME'." | |
| exit 1 | |
| ;; | |
| esac | |
| # ---------------------------------------- | |
| # User Settings | |
| # ---------------------------------------- | |
| # There are two ways to configure: | |
| # 1. Set Key id via GnuPG configuration file: ~/.gnupg/options => 'default-key = ABABABAB' | |
| # 2. Use the GPG_SIGNING_KEY environment variable | |
| # | |
| #GPG_SIGNING_KEY= | |
| # Open SSH port | |
| FWKNOP_OPTS="--source-IP --Destination $FWKNOP_SERVER --Access tcp/22" | |
| ${DEBUG:=false} && FWKNKOP_OPTS="$FWKNOP_OPTS --debug" | |
| # ---------------------------------------- | |
| # GPG parameters, per server | |
| # ---------------------------------------- | |
| shopt -s extglob | |
| # Each fwknop server has its own GPG key | |
| case $FWKNOP_SERVER in | |
| # - Production - | |
| meta?(.production).us-east.fabricww.com ) GPG_RECIPIENT=6EEF7365 ; GPG=true ; tab-color red ;; | |
| meta?(.production).eu-west.fabricww.com ) GPG_RECIPIENT=5A4B57AD ; GPG=true ; tab-color red ;; | |
| meta-vpc.us-east.fabricww.com ) GPG_RECIPIENT=A097D995 ; GPG=true ; tab-color red ;; | |
| meta-vpc.eu-west.fabricww.com ) GPG_RECIPIENT=B681BA48 ; GPG=true ; tab-color red ;; | |
| # - Stage - | |
| meta.stage?(.us-east).fabricww.com ) GPG_RECIPIENT=tbd ; tab-color orange ;; | |
| # - Integration - | |
| meta.us-east.integration.fabricww.com ) GPG_RECIPIENT=0C93BF00 ; GPG=true ; tab-color yellow ;; | |
| meta.integration?(.us-east).fabricww.com ) GPG_RECIPIENT=0C5BDB35 ; GPG=true ; tab-color yellow ;; | |
| # - MTech | |
| meta.us-east.mtech.fabricww.com ) GPG_RECIPIENT=tbd ; tab-color green ;; | |
| # - Dev - | |
| meta.dev?(.us-east).fabricww.com ) GPG_RECIPIENT=tbd ; tab-color blue ;; | |
| meta.dev2.fabricww.com ) GPG_RECIPIENT=tbd ; tab-color blue ;; | |
| * ) echo "ERROR: unknown FWKnop server '$FWKNOP_SERVER'." && exit 1 ;; | |
| esac | |
| if $GPG ; then | |
| FWKNOP_OPTS="$FWKNOP_OPTS --gpg-default-key --gpg-recipient=$GPG_RECIPIENT" | |
| if [[ $GPG_AGENT_INFO ]] ; then | |
| FWKNOP_OPTS="$FWKNOP_OPTS --gpg-agent --gpg-verbose" # fwknop 1.9.12 +gpg-agent seems to need gpg-verbose option to work correctly | |
| fi | |
| fi | |
| # ---------------------------------------- | |
| # SSH Key Authentication | |
| # ---------------------------------------- | |
| if [ -z "$SSH_AUTH_SOCK" ] ; then | |
| eval $(ssh-agent) | |
| ssh-add | |
| fi | |
| # ---------------------------------------- | |
| # Connect | |
| # ---------------------------------------- | |
| if $SPA ; then | |
| if fwknop $FWKNOP_OPTS ; then | |
| echo "." && sleep 1 | |
| else | |
| echo "ERROR: fwknop error code $?" 1>&2 | |
| exit 10 | |
| fi | |
| fi | |
| echo "Opening SSH connection to $FWKNOP_SERVER: " | |
| ssh $@ $FWKNOP_SERVER | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment