<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 29.10.2014 10:03, Pavel Emelyanov
wrote:<br>
</div>
<blockquote cite="mid:54509F46.6070505@parallels.com" type="cite">
<pre wrap="">On 10/28/2014 01:18 AM, Ruslan Kuprieiev wrote:
</pre>
<blockquote type="cite">
<pre wrap="">v2, use ssh tunnel by default, enhanced opts handling
v3, send addr to the client
v4, use rpc to send socket name
v5, add --no-ssh option
Ruslan Kuprieiev (3):
p.haul: do not use getsockname() as a hash_name, v4
p.haul: add --port option to p.haul-service
p.haul: use ssh tunneling and controll it with ssh* cmdline opts, v2
p.haul | 17 +++++++++++++++--
p.haul-service | 15 ++++++++++++++-
p_haul_iters.py | 6 +++---
ssh_tunnel.py | 36 ++++++++++++++++++++++++++++++++++++
util.py | 10 ++++++++++
xem_rpc.py | 53 ++++++++++++++++++++++++++++++++++++++---------------
6 files changed, 116 insertions(+), 21 deletions(-)
create mode 100644 ssh_tunnel.py
</pre>
</blockquote>
<pre wrap="">
I'm still not happy with the fact the spawned ssh with port forwarding
takes time to prepare and we have to retry connecting to it.
I was today told about the paramiko package -- <a class="moz-txt-link-freetext" href="https://pypi.python.org/pypi/paramiko/">https://pypi.python.org/pypi/paramiko/</a>
Isn't it better to utilize this one?
</pre>
</blockquote>
<br>
I've tried to use paramiko, but it is pretty slow and for port
forwarding <a
href="https://github.com/paramiko/paramiko/blob/master/demos/forward.py">requires<br>
writing own local server</a> in python. It is flexible, but it
looks like an overkill to me.<br>
<br>
<blockquote cite="mid:54509F46.6070505@parallels.com" type="cite">
<pre wrap="">
Another question -- how does this machinery works in qemu? Can you find out?
</pre>
</blockquote>
<br>
Qemu? Ok, i'll try.<br>
<br>
<blockquote cite="mid:54509F46.6070505@parallels.com" type="cite">
<pre wrap="">
And the last thing. Our vzmigrate guys tell, that in Python it might be
MUCH simpler to do this another way. First, you connect to ssh, authorize
yourself, then generate an openssl sertificate and then use one to establish
other connections between p.haul and p.haul-service. Maybe RPC control
socket can just re-use the ssh channel, but data socket is better to work
over openssl. Can you research this too?
</pre>
</blockquote>
<br>
Well, the problem here is we will still need to do some kind of
forwarding,<br>
because page-server uses splice(), but openssl sockets are not meant
to<br>
be used with it. They can't be even used with regular read(sk...)
call.<br>
I mean, you cant just get fd of ssl socket and use regular calls.<br>
<br>
Btw, i'm not sure that:<br>
1) authorizing through ssh<br>
2) gen ssl keys<br>
3) transfer ssl keys<br>
4) create ssl socket<br>
5) transfer data<br>
is faster than:<br>
1) create ssh tunnel<br>
2) transfer data<br>
<br>
I think, that using ssh tunneling is the most suitable way here.<br>
<br>
<blockquote cite="mid:54509F46.6070505@parallels.com" type="cite">
<pre wrap="">
Thanks,
Pavel
</pre>
</blockquote>
<br>
</body>
</html>