[CRIU] [PATCH 2/4] p.haul: enable ssh tunneling with --ssh* cmdline options

Ruslan Kuprieiev kupruser at gmail.com
Mon Oct 13 03:12:45 PDT 2014 

This allows us to easily encrypt and compress traffic using ssh tunnel.
Compressing is useful only when connection is very slow, but will only
slow down things on fast networks.
Using _ssh_ tunnel allows us to solve keys\certificates management problem
in a very common way that is familiar to any system administrator. 

Signed-off-by: Ruslan Kuprieiev <kupruser at gmail.com>
---
 p.haul | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/p.haul b/p.haul
index 129bc4f..dfda984 100755
--- a/p.haul
+++ b/p.haul
@@ -1,5 +1,6 @@
 #!/bin/env python
 import sys
+import os
 import argparse
 import p_haul_iters as ph_iters
 import images
@@ -18,6 +19,8 @@ import xem_rpc
 # # p.haul lxc myct 10.0.0.2
 #
 
+default_ssh_forward_port = 54321
+
 def parse_dest(dest):
 	# parse string IP:PORT into tuple (ip,port)
 	spl = dest.split(":", 1)
@@ -39,13 +42,34 @@ parser.add_argument("--dst-rpid", help = "Write pidfile on restore", default = N
 parser.add_argument("--img-path", help = "Dirctory where to put images", default = images.def_path)
 parser.add_argument("--pid-root", help = "Path to tree's FS root")
 parser.add_argument("--force", help = "Don't do any sanity (CPU compat) checks", default = False, action = 'store_true')
+parser.add_argument("--ssh", help = "Use ssh tunnel to encrypt data", action = "store_true", default = False)
+parser.add_argument("--ssh-user", help = "Remote username", default = None)
+parser.add_argument("--ssh-compression", help = "Use compression in the tunnel", action = "store_true", default = False)
 
 args = vars(parser.parse_args())
 
 ph_type = (args.pop("type"), args.pop("id"))
 dst = parse_dest(args.pop("to"))
 
+use_ssh = args.pop("ssh")
+ssh_user = args.pop("ssh_user")
+use_compression = args.pop("ssh_compression")
+ssh_cmd = ""
+
+if use_ssh:
+	ssh_cmd = "ssh -f -N "
+	if use_compression:
+		ssh_cmd += "-C "
+	ssh_cmd += "-L " + str(default_ssh_forward_port) + ":localhost:" + str(dst[1]) + " "
+	if ssh_user:
+		ssh_cmd += ssh_user + "@"
+	ssh_cmd += dst[0]
+	os.system(ssh_cmd)
+
 # Start the migration
 worker = ph_iters.phaul_iter_worker(ph_type, dst)
 worker.set_options(args)
 worker.start_migration()
+
+if use_ssh:
+	os.system("pkill -f \""+ssh_cmd+"\"")
-- 
1.9.3

More information about the CRIU mailing list