main.sh


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149

#!/bin/bash

function usage() {
    echo "SYNOPSYS
    $0 [OPTIONS]
DESCRIPTION
    Spawn TCP tunnels between your computer and a remote SSH server. If the
    connection fail for some reason, the script will try to re-create the
    tunnels automatically every TIMEOUT seconds.
OPTIONS
    -S,--server=HOST
        Set the tunnel host. HOST can be either the IP or hostname of the
        server to tunnel to, as seen from the ssh host.

    -t, --tunnel=TUNNELPORT
        Specify the ports to tunnel.

    -i, --interface=IF
        Specify the interface to listen on.

    -H,--host=SSHHOST
        Set the ssh host. SSHHOST can be either the full hostname as you would
        specify it on the ssh command-line (e.g. user@example.com or hostname
        if it is set up in your ssh config).

    -p, --port=SSHPORT
        Set the ssh remote port if different from the default.

    -f
        Fork the script to the background.

    -h,--help
        Print this help and exit.
"
}

# Help argument
if [[ " $@" = *" -h"* || " $@" = *" --help"* ]]; then
    usage
    exit 0
fi

#if [[ -z "$@" || " $@" != *" --ok"* ]]; then
#    echo 'This script will only do something if `--ok` is provided'
#    echo ''
#    usage
#    echo ''
#    echo 'Nothing has been done. Exiting.'
#    exit 1
#fi

# Logfile location
# comment to use stdout/stderr
LOGFILE=proxy.log
LOGFILE_ERR=proxy.log

# Local bind address
#   - Use 127.0.0.1 for local computer only;
#   - Use 0.0.0.0 to give access to other computers (but be careful who can
#   reach your computer in that case, if you do not have a firewall, your LAN
#   (at least) normally has access to all your ports (most routers, through
#   NAT, provide basic firewall functionality))
#LOCAL_BIND_ADDR=0.0.0.0
LOCAL_BIND_ADDR=127.0.0.1

# License host and ports
REMOTE_LICENSE_HOST=licence.inl90.ec-lyon.fr
DASHBOARD_PORT=8095
FLEX_PORT=27011
LUMERICAL_VENDOR_PORT=42128

# ssh host
HOST=sshgate

# set default log to stdout/stderr
LOGFILE=${LOGFILE:-/dev/stdout}
LOGFILE_ERR=${LOGFILE_ERR:-/dev/stderr}

function start_and_monitor_tunnels() {
    # This function takes port numbers as arguments and creates as many TCP
    # tunnels like so:
    #   LOCAL_BIND_ADDR:$port <--> HOST <--> REMOTE_LICENSE_HOST:$port
    # If the tunnel fails or ssh exits, we either:
    #   - try again after a timeout if exit code is not 0
    #   - exit if exit code is 0
    # NOTE: for now we just **always** try again after timeout
    local ports=$@
    local timeout_sec=10

    declare -a ssh_tunnel_opt
    for port in ${ports}; do
        ssh_tunnel_opt+=("-L")
        ssh_tunnel_opt+=("${LOCAL_BIND_ADDR}:${port}:${REMOTE_LICENSE_HOST}:${port}")
    done

    while true; do
        # Try establishing the tunnel
        echo "Starting tunnel for ports ${ports[@]}"
        ssh -N \
            ${ssh_tunnel_opt[@]} \
            -o "ServerAliveInterval 10" \
            -o "ServerAliveCountMax 3" \
            -o "ExitOnForwardFailure yes" \
            ${HOST} &
        local pid="$!"
        # make sure to kill ssh when killed/parent exits
        trap "kill '$pid'" EXIT
        wait

        local exit_code="$?"
        echo "ssh exited with exit code ${exit_code}"
        #if [[ ${exit_code} != 0 ]]; then
        if true; then
            # If ssh exited with non-zero code, wait a bit and retry
            echo "restarting in ${timeout_sec}s..."
            sleep ${timeout_sec}
        else
            echo "exiting."
            return 0
        fi
    done
}

# Start the tunnels and redirect outputs
echo "Setting up tunnels.
Logs will be redirected to:
    stdout --> ${LOGFILE}
    stderr --> ${LOGFILE_ERR}
"

# In the following block, the following redirections are set up:
#   - 777 goes to stdout of current script (and not global /dev/stdout)
#   - 1 goes to $LOGFILE
#   - 2 goes to $LOGFILE_ERR
{
    # Enable trace
    set -x

    # Set up CTRL-C callback (write to stdout of script, not log)
    trap_ctrl_c_callback="
        echo 'Interrupt signal received, exiting...' 1>&777
        exit 130
    "
    trap "${trap_ctrl_c_callback}" SIGINT

    ports=(${DASHBOARD_PORT} ${FLEX_PORT} ${LUMERICAL_VENDOR_PORT})
    start_and_monitor_tunnels ${ports[@]}

} 777>&1 1>>${LOGFILE} 2>>${LOGFILE_ERR}