Re: [libvirt PATCH 0/9] remote: introduce a custom netcat impl for ssh tunnelling

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 7/9/20 8:36 PM, Daniel P. Berrangé wrote:
We have long had a problem with use of netcat for ssh tunnelling because
there's no guarantee the UNIX socket path the client builds will match
the UNIX socket path the remote host uses. We don't even allow session
mode SSH tunnelling for this reason. We also can't easily auto-spawn
libvirtd in session mode.

With the introduction of modular daemons we also have potential for two
completely different UNIX socket paths even for system mode, and the
client can't know which to use.

The solution to all these problems is to introduce a custom netcat impl.
Instead passing the UNIX socket path, we pass the libvirt driver URI.
The custom netcat then decides which socket path to use based on the
remote build host environment.

We still have to support netcat for interoperability with legacy libvirt
versions, but we can default to the new virt-nc.

Daniel P. Berrangé (9):
   rpc: merge logic for generating remote SSH shell script
   remote: split off enums into separate source file
   remote: split out function for parsing URI scheme
   remote: parse the remote transport string earlier
   remote: split out function for constructing socket path
   remote: extract logic for determining daemon to connect to
   remote: introduce virtd-nc helper binary
   rpc: switch order of args in virNetClientNewSSH
   rpc: use new virt-nc binary for remote tunnelling

  build-aux/syntax-check.mk   |   2 +-
  docs/uri.html.in            |  18 ++
  po/POTFILES.in              |   2 +
  src/libvirt_remote.syms     |   1 +
  src/remote/Makefile.inc.am  |  32 +++
  src/remote/remote_driver.c  | 323 +++++----------------------
  src/remote/remote_nc.c      | 424 ++++++++++++++++++++++++++++++++++++
  src/remote/remote_sockets.c | 277 +++++++++++++++++++++++
  src/remote/remote_sockets.h |  70 ++++++
  src/rpc/virnetclient.c      | 151 ++++++++-----
  src/rpc/virnetclient.h      |  29 ++-
  src/rpc/virnetsocket.c      |  37 +---
  src/rpc/virnetsocket.h      |   4 +-
  tests/virnetsockettest.c    |  12 +-
  14 files changed, 1018 insertions(+), 364 deletions(-)
  create mode 100644 src/remote/remote_nc.c
  create mode 100644 src/remote/remote_sockets.c
  create mode 100644 src/remote/remote_sockets.h


If you fix small problems I've raised then:

Reviewed-by: Michal Privoznik <mprivozn@xxxxxxxxxx>

Michal




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux