Nutanix.dev

Setup Hourly Remote Support Tunnel

May 27, 2021

by James Wolfe

Intended Audience Level: Intermediate

Code Sample Type: Complete Script

Nutanix Technologies: nCLI

Minimum Product Version: N/A

Script/Code Language: Bash Shell

REST API Sample? No

REST API Version: N/A

This script will setup an hourly cron schedule that will open a Nutanix remote support tunnel and expire based on user defined input.

Code Sample Details

This section may be empty if additional code sample details are not available.
echo -e "${BLUE}███╗   ██╗██╗   ██╗████████╗ █████╗ ███╗   ██╗██╗${GREEN}██╗ ${BLUE} ██╗"
echo -e "${BLUE}████╗  ██║██║   ██║╚══██╔══╝██╔══██╗████╗  ██║██║${GREEN}╚██╗${BLUE}██╔╝"
echo -e "${BLUE}██╔██╗ ██║██║   ██║   ██║   ███████║██╔██╗ ██║██║${GREEN} ╚███${BLUE}╔╝ "
echo -e "${BLUE}██║╚██╗██║██║   ██║   ██║   ██╔══██║██║╚██╗██║██║${GREEN} ██╔${BLUE}██╗ "
echo -e "${BLUE}██║ ╚████║╚██████╔╝   ██║   ██║  ██║██║ ╚████║██║${GREEN}██╔╝${BLUE} ██╗"
echo -e "${BLUE}╚═╝  ╚═══╝ ╚═════╝    ╚═╝   ╚═╝  ╚═╝╚═╝  ╚═══╝╚═╝${GREEN}╚═╝ ${BLUE} ╚═╝"
echo -e "$BREAK" 
}
#####################
### INITIAL SETUP ###
#####################
SET_TUNNEL () {
# Initial prompt
while [[ -z $DAYS ]] || [[ ($DAYS -lt 1)  ||  ($DAYS -gt 30) ]];do
clear;BANNER
echo "This script is used to setup remote tunnel support for a duration longer than 24 hours"
read -p "How many days would you like to keep the tunnel open [ 1-30 ] [ e to exit ]: " DAYS
        if [[ $DAYS == "e" ]];then
                clear;exit
        fi
done
SET_EXPIRE=`date -d +${DAYS}days +%a\ %b\ %d\ %Y\ %I\ %p`
NETWORK_CHECKS
}
######################
### NETWORK CHECKS ###
######################
NETWORK_CHECKS () {
## Check if networking allows for tunnel
clear;BANNER
echo  "Checking network..."
sleep 1
TUN01 () {
#Check nsc01.nutanix.net connectability
nc -vw1 nsc01.nutanix.net 80 2>/dev/null </dev/null
if [ $? != 0 ];then
        TUN01_EXIT80="failed"
fi
nc -vw1 nsc01.nutanix.net 8443 2>/dev/null </dev/null
if [ $? != 0 ];then
        TUN01_EXIT8443="failed"
fi
if ! [[ (-z "$TUN01_EXIT80") || (-z "$TUN01_EXIT8443") ]];then
        TUN02
else
        CHECK_EXISTING_DEPLOYMENT
fi
}
TUN02 () {
#Check nsc02.nutanix.net connectability
nc -vw1 nsc02.nutanix.net 80 2>/dev/null </dev/null
if [ $? != 0 ];then
        TUN02_EXIT80="failed"
fi
nc -vw1 nsc02.nutanix.net 8443 2>/dev/null </dev/null
if [ $? != 0 ];then
        TUN02_EXIT8443="failed"
fi
if ! [[ (-z "$TUN02_EXIT80") || (-z "$TUN02_EXIT8443") ]];then
        clear;BANNER
        echo -e "${RED}ERROR: Connection to nsc02.nutanix.net and nsc02.nutanix.net failed"
        echo    "        Check firewall connections for port 80 and 8443"
        echo    "        Use KB 1044 (http://portal.nutanix.com/kb/1044) for further troubleshooting${BREAK}"
        echo
else
        CHECK_EXISTING_DEPLOYMENT
fi
}
TUN01
}
#################################
### CHECK IF ALREADY DEPLOYED ###
#################################
CHECK_EXISTING_DEPLOYMENT () {
## Check if file already exists
clear;BANNER
echo "Checking for previous instances..."
NODE_IPS1=`/usr/local/nutanix/cluster/bin/svmips` >/dev/null
IP_ARRY=(`echo $NODE_IPS1`)
for ((i=0;i<${#IP_ARRY[@]};i++));do
        ssh -q ${IP_ARRY[$i]} "sudo ls /etc/cron.hourly/|grep remote-tunnel" >/dev/null
                if [ "$?" == "0" ];then
                PULL_EXPIRE=`ssh -q ${IP_ARRY[$i]} "sudo grep EXPIRES= /etc/cron.hourly/remote-tunnel"`
                CURRENT=`date -d +0days +%a\ %b\ %d\ %Y\ %I\ %p`
                        while [[ -z "$REDEPLOY" ]] || [[ "$REDEPLOY" != "y" ]] &&  [[ "$REDEPLOY" != "n" ]];do
                                clear;BANNER
                                echo -e "${RED}WARN: Remote tunnel is already enabled${BREAK}"
                                echo "Node:" ${IP_ARRY[$i]}"  "$PULL_EXPIRE
                                echo 
                                echo "Current date:        "$CURRENT
                                echo "New expiration date: "$SET_EXPIRE
                                echo 
                                read -p "Would you like to adjust the tunnel expiration date? [ y/n ] " REDEPLOY
                        done
                                if [ "$REDEPLOY" == "y" ];then
                                        clear;BANNER
                                        echo "Updating expiration date..."
                                        ssh -q ${IP_ARRY[$i]} "sudo rm -f /etc/cron.hourly/remote-tunnel"
                                        SET_CRONJOB
                                else
                                        clear;BANNER
                                        echo "Exiting setup..."
                                        sleep 2;clear;exit
                                fi
                fi
done
SET_CRONJOB
}
######################
### DEPLOY CRONJOB ###
######################
SET_CRONJOB () {
# Setup and deploy cron.daily script
clear;BANNER
echo "Deploying tunnel..."
tee <<EOF > ~/tmp/remote-tunnel
#!/bin/bash
EXPIRES="$SET_EXPIRE"
EOF
tee <<'EOF' >> ~/tmp/remote-tunnel
GET_CURRENT=`date -d +0days +%a\ %b\ %d\ %Y\ %I\ %p`
if ! [ "$GET_CURRENT" == "$EXPIRES" ];then
        bash -lc "/home/nutanix/prism/cli/ncli cluster start-remote-support" >/dev/null 2>&1
else
        bash -lc "/home/nutanix/prism/cli/ncli cluster stop-remote-support" >/dev/null 2>&1
        sudo rm -f /etc/cron.hourly/remote-tunnel
fi
EOF
sudo chmod +x ~/tmp/remote-tunnel
sudo mv ~/tmp/remote-tunnel /etc/cron.hourly/
DEFAULT_PASS_CHECK
}
##############################
### CHECK DEFAULT PASSWORD ###
##############################
DEFAULT_PASS_CHECK () {
# Default password check
clear;BANNER
echo "Checking for default password..."
sleep 2
NUTANIX_PASSWD=`sudo cat /etc/shadow|grep nutanix|awk -F: '{print $2}'`
NUTANIX_SALT=`echo $NUTANIX_PASSWD|awk -F$ '{print $3}'`
CRYPT_SALT=`echo '$6$'${NUTANIX_SALT}`
export CRYPT_SALT
NUTANIX_DEFAULT=`python -c 'import os;cryptSalt=(os.environ["CRYPT_SALT"]);import crypt;print crypt.crypt("nutanix/4u", cryptSalt)'`
if [ $NUTANIX_PASSWD != $NUTANIX_DEFAULT ];then
        clear;BANNER
        echo -e "${GREEN}INFO: Tunnel is successfully enabled."
        echo    "      Tunnel Expires: "$SET_EXPIRE${BREAK}
        echo
        echo -e "${RED}INFO: Nutanix password is not default. An SSH keypair will need to be created"
        echo    "      Use KB 1044 (http://portal.nutanix.com/kb/1044) for more information on SSH keypairs${BREAK}"
        echo;sleep 2;exit
else
        clear;BANNER
        echo -e "${GREEN}INFO: Tunnel is successfully enabled."
        echo    "      Tunnel Expires: "$SET_EXPIRE${BREAK}
        echo
        echo -e "${BLUE}INFO: nutanix user password is default.${BREAK}"
        echo;sleep 2; exit
fi
}
################
### Kickoff  ###
################
trap '' 2
SET_TUNNEL
trap 2
Go To Code Sample