#!/usr/bin/env python # -*- coding: utf-8 -*- # kpov_random_helpers should be imported by add_assignment.py instructions = { 'si':u""" Postavi tri navidezne racunalnike - SimpleArbiter z diska SimpleArbiterVPN ter VPNClient1 in VPNClient2, ki jima nastavite pravilne mrežne nastavitve (medsebojna povezava in povezava na splet). Na vse racunalnike namestite OpenVPN in program za nadzor nad virtualnimi napravami (s katerim kreirate napravo tap). Strežnik SimpleArbiterVPN naj generira skupno skrivnost (*.key),katero shranite v imenik /vpn in jo na VPNCLient uporabite skupaj z konfiguracijsko datoteko za OpenVPN povezavo. Nato poskrbite, da bo VPNClient na navideznem omrežju prek NFS omogočil dostop do imenika /home/test/IME_IMENIKA, pri čemer IME_IMENIKA preberite na SimpleArbiter. V ta imenik skopirajte datoteke, ki so prek SMB dostopne na SimpleArbiter. """ } computers = { 'SimpleArbiter': { 'disks': [ { 'name': 'SimpleArbiterVPN', # attempt automount }, #{ 'name': 'CDROM', # 'options': {'readonly': True}, # 'parts': [{'dev': 'b1', 'path': '/cdrom'}], #}, ], 'network_interfaces': [ { 'network': 'test-net' }, { 'network': 'net1' } ], 'flavor': 'm1.tiny', 'config_drive': False }, 'VPNClient1': { 'disks': [ { 'name': 'VPNClient1', }, #{ 'name': 'CDROM', # 'options':{'readonly': True}, # 'parts': [],# no parts, no mounting. #} ], 'network_interfaces': [ { 'network': 'net1' } }, 'flavor': 'm1.tiny', 'config_drive': False }, 'VPNClient2': { 'disks': [ { 'name': 'VPNClient2', }, #{ 'name': 'CDROM', # 'options':{'readonly': True}, # 'parts': [],# no parts, no mounting. #} ], 'network_interfaces': [ { 'network': 'net1' } }, 'flavor': 'm1.tiny', 'config_drive': False } } networks = { 'test-net': { 'public': True }, # Used for the VPN tunnel 'net1': { 'public': False } } params_meta = { 'IP_SimpleArbiterVPN': { 'descriptions': { 'si': 'Naslov SimpleArbiter' }, 'w': False, 'public': True, 'type': 'IP', 'generated': True }, 'DNS_SimpleArbiterVPN': { 'descriptions': { 'si': 'DNS za SimpleArbiter' }, 'w': False, 'public': True, 'type': 'IP', 'generated': True }, 'IP_VPNClient1': { 'descriptions': { 'si': 'Naslov VPNClient1' }, 'w': False, 'public': True, 'type': 'IP', 'generated': True }, 'DNS_VPNClient1': { 'descriptions': { 'si': 'DNS za VPNClient1' }, 'w': False, 'public': True, 'type': 'IP', 'generated': True }, 'IP_VPNClient2': { 'descriptions': { 'si': 'Naslov VPNClient2' }, 'w': False, 'public': True, 'type': 'IP', 'generated': True }, 'DNS_VPNClient2': { 'descriptions': { 'si': 'DNS za VPNClient2' }, 'w': False, 'public': True, 'type': 'IP', 'generated': True } } def task(IP_SimpleArbiterVPN, DNS_SimpleArbiterVPN, IP_VPNClient1, DNS_VPNClient1, IP_VPNClient2, DNS_VPNClient2): import pxssh # Used to set up an SSH connection to a remote machine #import pexpect # Allows the script to spawn a child application and control it as if a human were typing commands # the necessary things we need to check if the task was performed correctly results = dict() # The login params (these must be used on the machines!) peer_user = 'student' peer_passwd = 'vaje' ### # Sets up the SSH connections to the machines ### # SimpleArbiter sA = pxssh.pxssh() # VPNClient1 sC1 = pxssh.pxssh() # VPNClient2 sC2 = pxssh.pxssh() # Logs in to the machines with the default login params sA.login( IP_SimpleArbiterVPN, peer_user, peer_passwd ) sC1.login( IP_VPNClient1, peer_user, peer_passwd ) sC2.login( IP_VPNClient2, peer_user, peer_passwd ) ###### # sA ###### # TODO: (polz) you can remove nmcli and nslookup - these were only used in the task that # was used as the template for other taps # Make sure NM is not handling eth0 results['SimpleArbiter_nmcli'] = sA.run('nmcli d') # Get the IP of the network as per a DNS server (used to check if all computers are on the same network) results['SimpleArbiter_nslookup'] = sA.run('nslookup www.arnes.si') # Check if the VPN is set up # Returns 1 if ok, else 0 sA.sendline('ls /sys/class/net/ | grep "tap0"') sA.prompt() output = sA.before output.split('\n')[1] results['SimpleArbiter_is_VPN_set_up'] = output # Check if the VPN server is running # Returns 1 if ok, else 0 sA.sendline('ls /sys/class/net | grep "tun0"') sA.prompt() output = sA.before output.split('\n')[1] results['SimpleArbiter_is_VPN_running'] = output # Pings each of the clients # 10.8.0.6 and 10.8.0.10 are the first two default addresses distributed by OpenVPN # Will output everything ping outputs (set to ping 3 times) sA.sendLine('ping -c 3 10.8.0.6') sA.prompt() output = sA.before results['SimpleArbiter_ping_C1'] = output sA.sendLine('ping -c 3 10.8.0.10') sA.prompt() output = sA.before results['SimpleArbiter_ping_C2'] = output ### # Check if both clients are connected to the correct VPN # (check if first 24 bits of IP addr are the same as the server's) # a.k.a. the YES WE CAN method of checking things # really, really hoping it has root privileges too ### ### Install nmap # TODO: (polz) Don't install nmap here - tell me that you # need nmap to be present on simpleArbiter and I'll install it. # Check if root sA.sendline('id -u') sA.prompt() uid = sA.before.split('\n') uid = uid[1].rstrip() #print uid # If is isn't root if ( uid != "0" ): print "SimpleArbiter user must be root to continue with this step (installing nmap mostly)" # If it is, we continue else: ### Install the nmap package # Check if nmap is already installed sA.sendline('dpkg-query -W nmap') sA.prompt() lines = sA.before.split('\n') line = lines[1] # If it isn't if ( len(line.rstrip()) == 4 ): # returns "nmap\r\n" if package isn't installed sA.sendline('apt-get install nmap --assume-yes') # If it is else: sA.sendline('') #sA.wait() # For some reason this hangs sA.expect(".*#") # Expecting a new line prompt (root's prompt ends with a #) # Run nmap on the VPN network sA.sendline('nmap -sP 10.8.0.0/24') sA.prompt() results['SimpleArbiter_nmap_results'] = sA.before ###### # sC1 ###### # TODO: (polz) again, no need for this results['VPNClient1_nmcli'] = sC1.run('nmcli d') results['VPNClient1_nslookup'] = sC1.run('nslookup www.arnes.si') # Ping the VPN server sC1.sendLine( 'ping -c 3 {0}'.format( DNS_SimpleArbiterVPN ) ) sC1.prompt() output = sC1.before results['VPNClient1_ping_VPN_server'] = output ###### # sC2 ###### results['VPNClient2_nmcli'] = sC2.run('nmcli d') results['VPNClient2_nslookup'] = sC2.run('nslookup www.arnes.si') # Ping the VPN server sC2.sendLine( 'ping -c 3 {0}'.format( DNS_SimpleArbiterVPN ) ) sC2.prompt() output = sC2.before results['VPNClient2_ping_VPN_server'] = output sA.logout() sC1.logout() sC2.logout() # TODO: (polz) please, add some sort of check to verify that the user created the neccessarry keys. # return results def gen_params(user_id, params_meta): alpha = "abcdefghijklmnoprstuvzxyqw" alphaupp = "ABCDEFGHIJKLMNOPRSTUVZQWXY" alpha2 = ['$','?','!',"%","&"] alpha3 = ['IT','DH','JF','PO','LZ'] temp = datetime.datetime.now().strftime("%Y%m%d%H%M%S") hash = "" for x in temp: for i in x: if int(i)<5: hash+=random.choice(alpha)+alpha2[int(i)] else: hash+=random.choice(alphaupp)+alpha3[int(i)-5] hash+=":"+temp params = dict() r = random.Random(user_id) # IP_NM, DNS_NM, IP_static, DNS_static) dns_servers = ['193.2.1.66', '193.2.1.72', '8.8.8.8', '8.8.4.4', '208.67.222.222', '208.67.220.220'] net = kpov_random_helpers.IPv4_subnet_gen(r, '172.23.128.0/18', 24) params['DNS_NM'] = r.choice(dns_servers) params['IP_NM'], params['IP_static'] = kpov_random_helpers.IPv4_addr_gen(r, net, 2) params['DNS_static'] = r.choice(dns_servers) params[user_id] = hash return params def task_check(results, params): import re #nastavil score na 0 iz -9 score = 0 if results['NM_nslookup'].find('Server:\t\t{0}\r'.format(params['DNS_NM'])) > -1: score += 3 if results['SimpleArbiter_VPN_is_set_up'] == 1: score += 3 if results['SimpleArbiter_VPN_is_running'] == 1: score +=3 #zal si se nisem prišla na jasno s pingi #if results['SimpleArbiter_ping_C1'] .find(Server:\t\t{0}\r'.format(params[]) if results['static_nslookup'].find('Server:\t\t{0}\r'.format(params['DNS_static'])) > -1: score += 3 if re.search(r'eth0 +802-.*connected', results['NM_nmcli']): score += 2 if not re.search(r'eth0 +802-.*connected', results['static_nmcli']): score += 2 # to stran # score = 0 return score def prepare_disks(templates, params): #d = templates['simpleArbiterDhcp'] #guestmount -a d -m /dev/VG/LV -m /dev/sda1:/boot --ro /mnt #asistent je pocasnela :) pass