Create ssh tunnel via intranet and extranet.

asked 2016-12-12 17:42:15 -0500

Hello,

I'm running puppet 3.8.6

I need help to establish some kind of tunnel between our intranet and the extranet that we have in our environment. Basic idea is this:

Puppet Master (inside our intranet) ------> Puppet Client (in the azure cloud)

Notes: The puppet master can ping and ssh into the Puppet Client but the Puppet Client can not ssh nor ping the Puppet Master.

I had the idea to create some kind of ssh tunnel from my Puppet Master back to the client and forward the necessary ports back to the master. So far my attempts have failed. Has anyone been able to create a successful connection from a Intranet to a Extranet using some kind of ssh tunneling?

Here is a basic bash file that I cooked to install puppet client and point it the master. cat Node_Deployment.sh

#!/bin/sh

#  Puppet-Client.sh
#  
#
#  Created by Natas on 12/7/16.
#

CENTOS_VER=`rpm -qi --whatprovides /etc/redhat-release | awk '/Version/ {print $3}'`
MASTER=`cat /etc/hosts |grep 'puppet-master'`

# Install Epel according to CentOS Version
epelInstall () {
    echo -e "\nChecking CentOS version...\n...CentOS $CENTOS_VER found\n" ;
    echo -e "\nStarting...\n...Preparing ingredients\n";
    sleep 1 | echo -e "\nSearching for EPEL Repository...";
    rpm -qa | grep epel-release

    RETVAL=$?
    if [ $RETVAL -eq 0 ]; then
        sleep 1 | echo -e "No need to install EPEL repository!";
    else
        sleep 1 | echo -e "\nIs necessary to install the EPEL repositories\nInstalling...";
        yum install epel-release.noarch -y
        sleep 1 | echo -e "Updating packages";
        yum update -y
    fi
}

puppetInstall () {
    # Install puppet
    sleep 1 | echo -e "\nInstalling the Puppet Client\nInstalling...";

    if [ "`grep /etc/redhat-release -ie 'centos linux release 7'`" != "" ]; then
            echo "LOTS 7";
            yum -y install https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm
    elif [ "`grep /etc/redhat-release -ie 'centos release 6'`" != "" ]; then
            echo "LOTS 6";
            yum install https://yum.puppetlabs.com/puppetlabs-release-el-6.noarch.rpm
    elif [ "`grep /etc/redhat-release -ie 'centos release 5'`" != "" ]; then
            echo "LOTS 5";
            wget -O /root/puppetlabs-release-el-5.noarch.rpm https://yum.puppetlabs.com/puppetlabs-release-el-5.noarch.rpm
            yum --nogpgcheck localinstall /root/puppetlabs-release-el-5.noarch.rpm
    else echo "NO OS Found";
    fi;

    sleep 1 | yum install puppet -y
    if [ -e "/etc/puppet/puppet.conf" ]; then
        echo "  server = george-dev.helium.test" >> /etc/puppet/puppet.conf
        echo " 127.0.0.1 puppet.master.com">> /etc/hosts;
    sleep 1 | puppet agent --test
    fi; 
}

firewallD () {
    systemctl start firewalld
    systemctl enable firewalld
    firewall-cmd --permanent --zone=public --add-service=http
    firewall-cmd --permanent --zone=public --add-service=https
    firewall-cmd --permanent --zone=public --add-port=8443/tcp
    firewall-cmd --reload
}

adduserAutossh(){
USER=autossh
getent passwd $USER > /dev/null 2&>1
results=$?;

if [ $results -eq 0 ]; then
    echo "Yes, the user autossh already exits..."
else
    echo "Adding autossh user..."
    useradd autossh
    mkdir -pv /home/autossh/.ssh
    chown -R autossh:autossh /home/autossh
    echo "ssh-rsa  Secret_keys_Goes_Here= autossh@puppet_master" > /home/autossh/.ssh/authorized_keys
    chmod 0600 /home/autossh/.ssh/authorized_keys
    chown autossh:autossh /home/autossh/.ssh/authorized_keys
fi;
}

#START THE CODE FROM HERE
epelInstall;
adduserAutossh;
puppetInstall;
firewallD;
edit retag flag offensive close merge delete