#!/usr/bin/env python # -*- coding: utf-8 -*- # kpov_random_helpers should be imported by add_assignment.py instructions = { 'si':u""" Postavi dva navidezna računalnika - SimpleArbiter z diska SimpleArbiterVPN ter VPNClient, ki jima nastavite pravilne mrežne nastavitve (medsebojna povezava in povezava na splet). Na oba računalnika namestite OpenVPN in program za nadzor nad virtualnimi napravami (s katerim kreirate napravo tap). Strežnik SimpleArbiterVPN naj generira skupno skrivnost (*.key), ki jo na VPNCLient uporabite skupaj z konfiguracijsko datoteko za OpenVPN povezavo. Nato poskrbite, da bo VPNClient na navideznem omrežju prek NFS omogočil dostop do imenika /home/test/IME_IMENIKA, pri čemer IME_IMENIKA preberite na SimpleArbiter. V ta imenik skopirajte datoteke, ki so prek SMB dostopne na SimpleArbiter. """ } computers = { 'SimpleArbiter': { 'disks': [ { 'name': 'SimpleArbiterVPN', # attempt automount }, #{ 'name': 'CDROM', # 'options': {'readonly': True}, # 'parts': [{'dev': 'b1', 'path': '/cdrom'}], #}, ], 'network_interfaces': [ { 'network': 'test-net' }, { 'network': 'net1' } ], 'flavor': 'm1.tiny', 'config_drive': False }, 'VPNClient1': { 'disks': [ { 'name': 'VPNClient1', }, #{ 'name': 'CDROM', # 'options':{'readonly': True}, # 'parts': [],# no parts, no mounting. #} ], 'network_interfaces': [ { 'network': 'net1' } }, 'flavor': 'm1.tiny', 'config_drive': False }, 'VPNClient2': { 'disks': [ { 'name': 'VPNClient2', }, #{ 'name': 'CDROM', # 'options':{'readonly': True}, # 'parts': [],# no parts, no mounting. #} ], 'network_interfaces': [ { 'network': 'net1' } }, 'flavor': 'm1.tiny', 'config_drive': False } } networks = { 'test-net': { 'public': True }, # Used for the VPN tunnel 'net1': { 'public': False } } params_meta = { 'IP_SimpleArbiterVPN': { 'descriptions': { 'si': 'Naslov SimpleArbiter' }, 'w': False, 'public': True, 'type': 'IP', 'generated': True }, 'DNS_SimpleArbiterVPN': { 'descriptions': { 'si': 'DNS za SimpleArbiter' }, 'w': False, 'public': True, 'type': 'IP', 'generated': True }, 'IP_VPNClient1': { 'descriptions': { 'si': 'Naslov VPNClient1' }, 'w': False, 'public': True, 'type': 'IP', 'generated': True }, 'DNS_VPNClient1': { 'descriptions': { 'si': 'DNS za VPNClient1' }, 'w': False, 'public': True, 'type': 'IP', 'generated': True }, 'IP_VPNClient2': { 'descriptions': { 'si': 'Naslov VPNClient2' }, 'w': False, 'public': True, 'type': 'IP', 'generated': True }, 'DNS_VPNClient2': { 'descriptions': { 'si': 'DNS za VPNClient2' }, 'w': False, 'public': True, 'type': 'IP', 'generated': True } } def task(IP_NM, DNS_NM, IP_static, DNS_static): import pxssh # Used to set up an SSH connection to a remote machine import pexpect # Allows the script to spawn a child application and control it as if a human were typing commands # the necessary things we need to check if the task was performed correctly results = dict() # The login params (these must be used on the machines!) peer_user = 'student' peer_passwd = 'vaje' # Sets up the SSH connections to the machines sA = pxssh.pxssh() sB = pxssh.pxssh() # Logs in to the machines with the default login params sA.login(IP_NM, peer_user, peer_passwd) sB.login(IP_static, peer_user, peer_passwd) ###### # sA ###### # TODO what is this exactly? # Make sure NM is not handling eth0 results['NM_nmcli'] = sA.run('nmcli d') # Get the IP of the network as per a DNS server results['NM_nslookup'] = sA.run('nslookup www.arnes.si') ###### # sB ###### # check whether NM is handling eth0 results['static_nmcli'] = sB.run('nmcli d') # Get the IP of the network as per a DNS server results['static_nslookup'] = sB.run('nslookup www.arnes.si') # Check if the tap exists # Must return a non-empty string results['is_tap_exists'] = sA.run('ls /sys/class/net | grep "tap0"'); # Check if the VPN server is running # Must return a non-empty string results['is_VPN_running'] = sA.run('ls /sys/class/net | grep "tun0"'); # TODO # Check if both clients are connected #sB.run('sudo apt-get install nmap --assume-yes') #sB.run('sudo nmap -sP 10.8.0.0/24') # TODO # Check if both clients are connected to the correct VPN (check if first 24 bits of IP addr are the same as the server's) # Pings each of the clients # 10.8.0.6 and 10.8.0.10 are the first two default addresses distributed by OpenVPN sA.logout() sB.logout() return results def gen_params(user_id, params_meta): alpha = "abcdefghijklmnoprstuvzxyqw" alphaupp = "ABCDEFGHIJKLMNOPRSTUVZQWXY" alpha2 = ['$','?','!',"%","&"] alpha3 = ['IT','DH','JF','PO','LZ'] temp = datetime.datetime.now().strftime("%Y%m%d%H%M%S") hash = "" for x in temp: for i in x: if int(i)<5: hash+=random.choice(alpha)+alpha2[int(i)] else: hash+=random.choice(alphaupp)+alpha3[int(i)-5] hash+=":"+temp params = dict() r = random.Random(user_id) # IP_NM, DNS_NM, IP_static, DNS_static) dns_servers = ['193.2.1.66', '193.2.1.72', '8.8.8.8', '8.8.4.4', '208.67.222.222', '208.67.220.220'] net = kpov_random_helpers.IPv4_subnet_gen(r, '172.23.128.0/18', 24) params['DNS_NM'] = r.choice(dns_servers) params['IP_NM'], params['IP_static'] = kpov_random_helpers.IPv4_addr_gen(r, net, 2) params['DNS_static'] = r.choice(dns_servers) params[user_id] = hash return params def task_check(results, params): import re score = -9 if results['NM_nslookup'].find('Server:\t\t{0}\r'.format(params['DNS_NM'])) > -1: score += 3 if results['static_nslookup'].find('Server:\t\t{0}\r'.format(params['DNS_static'])) > -1: score += 3 if re.search(r'eth0 +802-.*connected', results['NM_nmcli']): score += 2 if not re.search(r'eth0 +802-.*connected', results['static_nmcli']): score += 2 score = 0 return score def prepare_disks(templates, params): #d = templates['simpleArbiterDhcp'] #guestmount -a d -m /dev/VG/LV -m /dev/sda1:/boot --ro /mnt #asistent je pocasnela :) pass