initial

setups/gateway.sh

@@ -0,0 +1,45 @@
+#!/bin/bash
+dpkg-reconfigure openssh-server
+
+# the "northbound" interface connecting the gateway to the "real" server/clab hypervisor (NOT management-interface!)
+ip addr replace dev eth1 10.192.40.2/29
+
+# the "southbound" interface towards all the clients that we are DHCP server for
+ip addr replace dev eth2 192.168.0.1/24 
+
+# "eastbound" gw<->jumphost1 eth3 and 172.16.200/23 behind jumphost1
+ip addr replace dev eth3 172.16.202.32/31
+# ip route replace 172.16.200/23 via 172.16.202.33
+
+echo "nameserver 192.168.0.1" > /etc/resolv.conf
+
+
+# ----------------------------------------------------------------------
+# Run the long pipeline in the background, but start it only after 60 s.
+# The rest of the script continues immediately.
+# ----------------------------------------------------------------------
+
+(
+    # wait 60 seconds first
+    sleep 60
+    # cat /var/lib/misc/dnsmasq.leases | while read line; do loctet=$(echo $line | cut -f 4 -d . | cut -f 1 -d " "); printf "${line}\t"; sed -n "$loctet{p;q}" < <(tr ":" "," < /etc/workshopnames.yml | cut -f 1,3 -d, | tr , "\t") ; done | cut -b 30- | sort -b -k 2,2V | column -t
+    cat /var/lib/misc/dnsmasq.leases | cut -d' ' -f3-4 |
+    while read -r line; do
+        loctet=$(echo "$line" | cut -d'.' -f4 | cut -d' ' -f1)
+        printf '%s\t' "$line"
+        sed -n "${loctet}{p;q}" < <(
+            tr ':' ',' < /etc/workshopnames.yml |
+            cut -d',' -f1,3 |
+            tr ',' '\t'
+        )
+    done |
+    # cut -b30- |
+    sort -b -k2,2V |
+    column -t
+) > /online-users.txt &   # ← background the whole subshell
+
+
+# launch dnsmasq (automatically backgrounds)
+dnsmasq --no-daemon 
+
+# /usr/sbin/sshd -D

setups/jumphost.sh

@@ -0,0 +1,59 @@
+#!/bin/bash
+dpkg-reconfigure openssh-server
+create_user_from_shared_names_list () {
+    my_last_octet=$1
+    my_username_pwhash=$(sed -n "${my_last_octet}{p;q}" /etc/workshopnames.yml)
+    my_username="${my_username_pwhash%%:*}"
+    my_pwhash_pwd="${my_username_pwhash#*: }"
+    my_pwhash=${my_pwhash_pwd%%,*}
+    my_pwd=${my_pwhash_pwd#*,}
+    useradd -m ${my_username} -p "${my_pwhash}" -s /bin/bash
+    # su - ${my_username} -c 'mkdir -p .ssh'
+    echo "$my_pwd" > /home/${my_username}/PASSWORD
+}
+
+
+case $(hostname) in 
+    jumphost1)
+    useradd -m devops -s /bin/bash
+    # the "westbound" interface gw<->jumphost1
+    ip addr replace dev eth0 172.16.202.33/31
+    ip route replace 192.168/16 via 172.16.202.32
+
+    # the "southbound" interface towards webserver1 (also named webserver, defaults to ipv4 in /etc/hosts)
+    ip addr replace dev eth1 172.16.200.1/24
+    ip addr replace dev eth1 fd4c:00a6:b6a7::ae/127
+
+    # eastbound jumphost1-eth2<->eth0-jumphost2
+    ip addr replace dev eth2 172.16.202.34/31
+    printf "172.16.202.35\tjumphost2\n" >> /etc/hosts
+    printf "172.16.200.11\twebserver webserver-ipv4 webserver1 webserver1-ipv4\n" >> /etc/hosts
+    printf "fd4c:00a6:b6a7::af\twebserver-ipv6 webserver1-ipv6\n" >> /etc/hosts
+
+    for user_no in $(seq 10 200); do
+        create_user_from_shared_names_list ${user_no}
+    done
+    ;;
+
+    jumphost2)
+    # jumphost2 will have a forward-only authorized keys
+    # cert-authority,no-pty,command="" <key>
+    useradd -m dbadmin
+    mkdir -p /home/dbadmin/.ssh
+    echo "cert-authority,no-pty,command=\"\" " > /home/dbadmin/.ssh/authorized_keys
+    # the "westbound" interface jumphost1-eth2<->eth0-jumphost2
+    ip addr replace dev eth0 172.16.202.35/31
+
+    # the "southbound" interface towards webserver2 (which I want to name "webserver" as well in order to confuse known_hosts. Also, defaults to ipv6 in /etc/hosts)
+    ip addr replace dev eth1 172.16.201.1/24
+    ip addr replace dev eth1 fd4c:00a6:b6a7::ce/127
+
+    printf "172.16.202.34\tjumphost1\n" >> /etc/hosts
+    printf "fd4c:00a6:b6a7::cf\twebserver webserver-ipv6 webserver2 webserver2-ipv6\n" >> /etc/hosts
+    printf "172.16.201.12\twebserver-ipv4 webserver2-ipv4\n" >> /etc/hosts
+    ;;
+esac
+
+# launch dnsmasq (automatically backgrounds)
+
+/usr/sbin/sshd -D

setups/linux.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+dpkg-reconfigure openssh-server
+# my_username=$(shuf -n 1 /etc/workshopnames.yml | cut -b 3-)
+udhcpc -i eth0 -x hostname:$(hostname) -F $(hostname)
+# once we have our IP, create the matching user.
+my_last_octet=$(ip -4 a s dev eth0 | grep / | cut -f 4 -d . | cut -f 1 -d /)
+my_username_pwhash=$(sed -n "${my_last_octet}{p;q}" /etc/workshopnames.yml)
+my_username="${my_username_pwhash%%:*}"
+my_pwhash_pwd="${my_username_pwhash#*: }"
+my_pwhash=${my_pwhash_pwd%%,*}
+my_pwd=${my_pwhash_pwd#*,}
+useradd -m ${my_username} -p "${my_pwhash}" -s /bin/bash
+su - ${my_username} -c 'mkdir .ssh'
+echo "$my_pwd" > /home/${my_username}/PASSWORD
+# cp /root/.ssh/authorized_keys /home/${my_username}/.ssh/ && chown ${my_username}:${my_username} /home/${my_username}/.ssh/authorized_keys
+printf "172.16.202.33\tjumphost1\n" >> /etc/hosts
+/usr/sbin/sshd -D

setups/webserver.sh

@@ -0,0 +1,30 @@
+#!/bin/bash
+dpkg-reconfigure openssh-server
+useradd -m nginx
+case $(hostname) in 
+    webserver1)
+    # the "northbound" interface towards jumphost1-eth1<->eth1-webserver1
+    ip addr replace dev eth1 172.16.200.11/24
+    ip addr replace dev eth1 fd4c:00a6:b6a7::af/127
+    # create a test file to view/download
+    su - nginx -c 'echo "welcome!" > /home/nginx/webserver1.txt'
+    # spawn python3 http server (with ipv6 support)
+    # su - nginx -c 'python3 -m http.server 31337 --bind ::'
+    (su - nginx -c 'python3 /usr/local/bin/webserver.py 31337') &
+    ;;
+
+    webserver2)
+    # the "northbound" interface towards jumphost2-eth1<->eth1-webserver2
+    ip addr replace dev eth1 172.16.201.12/24
+    ip addr replace dev eth1 fd4c:00a6:b6a7::cf/127
+    # create a test file to view/download
+    su - nginx -c 'echo "welcome (again)!" > /home/nginx/webserver2.txt'
+    su - nginx -c 'echo "...is a lie." > /home/nginx/CAKE'
+    # spawn python3 http server (with ipv6 support)
+    # su - nginx -c 'python3 -m http.server 41337 --bind ::'
+    (su - nginx -c 'python3 /usr/local/bin/webserver.py 41337') &
+    ;;
+esac
+
+# service started in case above
+/usr/sbin/sshd -D