[CRIU] [PATCH 2/2] p.haul: use ssh tunneling and controll it with ssh* cmdline opts

Ruslan Kuprieiev kupruser at gmail.com
Mon Oct 27 14:33:30 PDT 2014 

On 27.10.2014 21:51, Pavel Emelyanov wrote:
> On 10/27/2014 11:53 PM, Ruslan Kuprieiev wrote:
>> On 27.10.2014 20:39, Pavel Emelyanov wrote:
>>> 		_rpc_proxy_caller(self._rpc_sk, RPC_CMD, "init_rpc")(args)
>>>>>> @@ -51,7 +57,17 @@ class rpc_proxy:
>>>>>>     
>>>>>>     	def _make_sk(self):
>>>>>>     		sk = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
>>>>>> -		sk.connect((self._srv, rpc_port))
>>>>>> +		# ssh tunnel needs some time to start working, so lets
>>>>>> +		# make CONNECT_ATTEMPTS attempts to connect.
>>>>> I don't like it. Can you shed more light on what's going on here?
>>>> We have no way to check if ssh tunnel is created other than try to connect.
>>> Yes, and AFAIU when you connect to local ssh, it "blocks" the
>>> connection and goes to connect remotely. I don't see the need
>>> in retries.
>> There is a race condition happening, ssh can't bind to local port so fast.
> Ah, I see. Anyway strange. There should be a race-free way of
> asking ssh to report back smth when the socket is created and
> ready to serve.

Hm, maybe I could ask ssh to execute  -t "echo hello; bash -i", so it
says hello and continues to work. Might work. But it just tells us that
ssh connection for tunnel is working and doesn't say anything about
local bind. Well, establishing ssh connection might be the longest
thing there. Will try to experiment with it.

Btw, I think leaving non-ssh option is wrong, because it is very unsafe.
Especially it is unsafe to bind p.haul-service to 0.0.0.0 and if we leave
both ssh and non-ssh options, we would have to tell server whether
use 0.0.0.0(non-ssh) or 127.0.0.1(ssh), which might be confusing
for user.
Why should be leave non-ssh anyway?

>> So we need to try to connect a bunch of times(not using connection timeout)
>> and only then fail.
>>
>>>> But I should have used connection timeout here =). Will fix.
>>>>
>>>>>> +		for n in xrange(CONNECT_ATTEMPTS):
>>>>>> +			try:
>>>>>> +				sk.connect(self._srv)
>>>>>> +			except socket.error as e:
>>>>>> +				if e.errno != errno.ECONNREFUSED or n == CONNECT_ATTEMPTS - 1:
>>>>>> +					raise e
>>>>>> +				else:
>>>>>> +					continue
>>>>>> +			break
>>>>>>     		host = _rpc_proxy_caller(sk, RPC_CMD, "get_name")()
>>>>>>     		return (sk, host)
>>>>>>     
>> .
>>

More information about the CRIU mailing list