Implement SSH tunnels between client and podman server

* client currently forks ssh client pending finding a well maintained ssh library for python. Including support for AF_UNIX forwarding. Signed-off-by: Jhon Honce <jhonce@redhat.com>
author: Jhon Honce <jhonce@redhat.com> 2018-06-18 20:33:20 -0700
committer: Jhon Honce <jhonce@redhat.com> 2018-06-19 20:08:20 -0700
commit: 7ea95a6afa28ab6fc993a26170f15b73946ab39d (patch)
tree: aab22c6ca4048934a6be30cd5f26a76caf6d352c /contrib/python/podman/libs
parent: f228cf73e0318f48c94ec4cd1b9b3115cfbb763a (diff)
download: podman-7ea95a6afa28ab6fc993a26170f15b73946ab39d.tar.gz
podman-7ea95a6afa28ab6fc993a26170f15b73946ab39d.tar.bz2
podman-7ea95a6afa28ab6fc993a26170f15b73946ab39d.zip
1 files changed, 131 insertions, 0 deletions
diff --git a/contrib/python/podman/libs/tunnel.py b/contrib/python/podman/libs/tunnel.py
new file mode 100644
index 000000000..2cb178644
--- /dev/null
+++ b/contrib/python/podman/libs/tunnel.py
@@ -0,0 +1,131 @@
+"""Cache for SSH tunnels."""
+import collections
+import os
+import subprocess
+import threading
+import time
+import weakref
+
+Context = collections.namedtuple('Context', (
+    'uri',
+    'interface',
+    'local_socket',
+    'remote_socket',
+    'username',
+    'hostname',
+    'identity_file',
+))
+
+
+class Portal(collections.MutableMapping):
+    """Expiring container for tunnels."""
+
+    def __init__(self, sweap=25):
+        """Construct portal, reap tunnels every sweap seconds."""
+        self.data = collections.OrderedDict()
+        self.sweap = sweap
+        self.ttl = sweap * 2
+        self.lock = threading.RLock()
+
+    def __getitem__(self, key):
+        """Given uri return tunnel and update TTL."""
+        with self.lock:
+            value, _ = self.data[key]
+            self.data[key] = (value, time.time() + self.ttl)
+            self.data.move_to_end(key)
+            return value
+
+    def __setitem__(self, key, value):
+        """Store given tunnel keyed with uri."""
+        if not isinstance(value, Tunnel):
+            raise ValueError('Portals only support Tunnels.')
+
+        with self.lock:
+            self.data[key] = (value, time.time() + self.ttl)
+            self.data.move_to_end(key)
+
+    def __delitem__(self, key):
+        """Remove and close tunnel from portal."""
+        with self.lock:
+            value, _ = self.data[key]
+            del self.data[key]
+            value.close(key)
+            del value
+
+    def __iter__(self):
+        """Iterate tunnels."""
+        with self.lock:
+            values = self.data.values()
+
+        for tunnel, _ in values:
+            yield tunnel
+
+    def __len__(self):
+        """Return number of tunnels in portal."""
+        with self.lock:
+            return len(self.data)
+
+    def _schedule_reaper(self):
+        timer = threading.Timer(interval=self.sweap, function=self.reap)
+        timer.setName('PortalReaper')
+        timer.setDaemon(True)
+        timer.start()
+
+    def reap(self):
+        """Remove tunnels who's TTL has expired."""
+        with self.lock:
+            now = time.time()
+            for entry, timeout in self.data:
+                if timeout < now:
+                    self.__delitem__(entry)
+                else:
+                    # StopIteration as soon as possible
+                    break
+            self._schedule_reaper()
+
+
+class Tunnel(object):
+    """SSH tunnel."""
+
+    def __init__(self, context):
+        """Construct Tunnel."""
+        self.context = context
+        self._tunnel = None
+
+    def bore(self, id):
+        """Create SSH tunnel from given context."""
+        cmd = [
+            'ssh',
+            '-nNT',
+            '-L',
+            '{}:{}'.format(self.context.local_socket,
+                           self.context.remote_socket),
+            '-i',
+            self.context.identity_file,
+            'ssh://{}@{}'.format(self.context.username, self.context.hostname),
+        ]
+
+        if os.environ.get('PODMAN_DEBUG'):
+            cmd.append('-vvv')
+
+        self._tunnel = subprocess.Popen(cmd, close_fds=True)
+        for i in range(5):
+            if os.path.exists(self.context.local_socket):
+                break
+            time.sleep(1)
+        else:
+            raise TimeoutError('Failed to create tunnel using: {}'.format(
+                ' '.join(cmd)))
+        weakref.finalize(self, self.close, id)
+        return self
+
+    def close(self, id):
+        """Close SSH tunnel."""
+        print('Tunnel collapsed!')
+        if self._tunnel is None:
+            return
+
+        self._tunnel.kill()
+        self._tunnel.wait(300)
+        os.remove(self.context.local_socket)
+        self._tunnel = None
author	Jhon Honce <jhonce@redhat.com>	2018-06-18 20:33:20 -0700
committer	Jhon Honce <jhonce@redhat.com>	2018-06-19 20:08:20 -0700
commit	7ea95a6afa28ab6fc993a26170f15b73946ab39d (patch)
tree	aab22c6ca4048934a6be30cd5f26a76caf6d352c /contrib/python/podman/libs
parent	f228cf73e0318f48c94ec4cd1b9b3115cfbb763a (diff)
download	podman-7ea95a6afa28ab6fc993a26170f15b73946ab39d.tar.gz podman-7ea95a6afa28ab6fc993a26170f15b73946ab39d.tar.bz2 podman-7ea95a6afa28ab6fc993a26170f15b73946ab39d.zip