summaryrefslogtreecommitdiff
path: root/contrib/python/podman/libs/tunnel.py
diff options
context:
space:
mode:
authorJhon Honce <jhonce@redhat.com>2018-06-18 20:33:20 -0700
committerJhon Honce <jhonce@redhat.com>2018-06-19 20:08:20 -0700
commit7ea95a6afa28ab6fc993a26170f15b73946ab39d (patch)
treeaab22c6ca4048934a6be30cd5f26a76caf6d352c /contrib/python/podman/libs/tunnel.py
parentf228cf73e0318f48c94ec4cd1b9b3115cfbb763a (diff)
downloadpodman-7ea95a6afa28ab6fc993a26170f15b73946ab39d.tar.gz
podman-7ea95a6afa28ab6fc993a26170f15b73946ab39d.tar.bz2
podman-7ea95a6afa28ab6fc993a26170f15b73946ab39d.zip
Implement SSH tunnels between client and podman server
* client currently forks ssh client pending finding a well maintained ssh library for python. Including support for AF_UNIX forwarding. Signed-off-by: Jhon Honce <jhonce@redhat.com>
Diffstat (limited to 'contrib/python/podman/libs/tunnel.py')
-rw-r--r--contrib/python/podman/libs/tunnel.py131
1 files changed, 131 insertions, 0 deletions
diff --git a/contrib/python/podman/libs/tunnel.py b/contrib/python/podman/libs/tunnel.py
new file mode 100644
index 000000000..2cb178644
--- /dev/null
+++ b/contrib/python/podman/libs/tunnel.py
@@ -0,0 +1,131 @@
+"""Cache for SSH tunnels."""
+import collections
+import os
+import subprocess
+import threading
+import time
+import weakref
+
+Context = collections.namedtuple('Context', (
+ 'uri',
+ 'interface',
+ 'local_socket',
+ 'remote_socket',
+ 'username',
+ 'hostname',
+ 'identity_file',
+))
+
+
+class Portal(collections.MutableMapping):
+ """Expiring container for tunnels."""
+
+ def __init__(self, sweap=25):
+ """Construct portal, reap tunnels every sweap seconds."""
+ self.data = collections.OrderedDict()
+ self.sweap = sweap
+ self.ttl = sweap * 2
+ self.lock = threading.RLock()
+
+ def __getitem__(self, key):
+ """Given uri return tunnel and update TTL."""
+ with self.lock:
+ value, _ = self.data[key]
+ self.data[key] = (value, time.time() + self.ttl)
+ self.data.move_to_end(key)
+ return value
+
+ def __setitem__(self, key, value):
+ """Store given tunnel keyed with uri."""
+ if not isinstance(value, Tunnel):
+ raise ValueError('Portals only support Tunnels.')
+
+ with self.lock:
+ self.data[key] = (value, time.time() + self.ttl)
+ self.data.move_to_end(key)
+
+ def __delitem__(self, key):
+ """Remove and close tunnel from portal."""
+ with self.lock:
+ value, _ = self.data[key]
+ del self.data[key]
+ value.close(key)
+ del value
+
+ def __iter__(self):
+ """Iterate tunnels."""
+ with self.lock:
+ values = self.data.values()
+
+ for tunnel, _ in values:
+ yield tunnel
+
+ def __len__(self):
+ """Return number of tunnels in portal."""
+ with self.lock:
+ return len(self.data)
+
+ def _schedule_reaper(self):
+ timer = threading.Timer(interval=self.sweap, function=self.reap)
+ timer.setName('PortalReaper')
+ timer.setDaemon(True)
+ timer.start()
+
+ def reap(self):
+ """Remove tunnels who's TTL has expired."""
+ with self.lock:
+ now = time.time()
+ for entry, timeout in self.data:
+ if timeout < now:
+ self.__delitem__(entry)
+ else:
+ # StopIteration as soon as possible
+ break
+ self._schedule_reaper()
+
+
+class Tunnel(object):
+ """SSH tunnel."""
+
+ def __init__(self, context):
+ """Construct Tunnel."""
+ self.context = context
+ self._tunnel = None
+
+ def bore(self, id):
+ """Create SSH tunnel from given context."""
+ cmd = [
+ 'ssh',
+ '-nNT',
+ '-L',
+ '{}:{}'.format(self.context.local_socket,
+ self.context.remote_socket),
+ '-i',
+ self.context.identity_file,
+ 'ssh://{}@{}'.format(self.context.username, self.context.hostname),
+ ]
+
+ if os.environ.get('PODMAN_DEBUG'):
+ cmd.append('-vvv')
+
+ self._tunnel = subprocess.Popen(cmd, close_fds=True)
+ for i in range(5):
+ if os.path.exists(self.context.local_socket):
+ break
+ time.sleep(1)
+ else:
+ raise TimeoutError('Failed to create tunnel using: {}'.format(
+ ' '.join(cmd)))
+ weakref.finalize(self, self.close, id)
+ return self
+
+ def close(self, id):
+ """Close SSH tunnel."""
+ print('Tunnel collapsed!')
+ if self._tunnel is None:
+ return
+
+ self._tunnel.kill()
+ self._tunnel.wait(300)
+ os.remove(self.context.local_socket)
+ self._tunnel = None