Bridging DRb UNIX socket services on two hosts

Discussion in 'Ruby' started by Ilmari Heikkinen, Dec 11, 2004.

  1. Hi,

    I have two computers, both running a bunch of DRb services on them. The
    services run on UNIX sockets with drbunix in order to use the OS file
    permissions for access control.

    How would I go about bridging the computers in a secure fashion so that
    one computer's services can talk to the other? Preferably without
    exposing the services to the network or using a NFS/Samba mount.

    One way I am thinking about is using an SSH tunnel between the
    computers (again, to benefit from the existing access controls in the
    OS), and run a proxy service that proxies calls between the hosts.

    Is that sensible? How would I go about writing that? Start proxy
    service on both hosts, set up the tunnel to make them talk to each
    other, set up new proxy object for each method call, wrap all
    DRbObjects? Is there a better way?

    Any pointers appreciated.

    --
    -Ilmari
     
    Ilmari Heikkinen, Dec 11, 2004
    #1
    1. Advertising

  2. Ilmari Heikkinen

    Eric Hodel Guest

    On 10 Dec 2004, at 23:09, Ilmari Heikkinen wrote:

    > Hi,
    >
    > I have two computers, both running a bunch of DRb services on them.
    > The services run on UNIX sockets with drbunix in order to use the OS
    > file permissions for access control.
    >
    > How would I go about bridging the computers in a secure fashion so
    > that one computer's services can talk to the other? Preferably without
    > exposing the services to the network or using a NFS/Samba mount.


    You can use DRb over SSL:

    http://segment7.net/projects/ruby/drb/DRbSSL/

    > One way I am thinking about is using an SSH tunnel between the
    > computers (again, to benefit from the existing access controls in the
    > OS), and run a proxy service that proxies calls between the hosts.


    You can use GWIdConv to link process (Gateway id Converter)

    http://segment7.net/projects/ruby/drb/idconv.html

    > Is that sensible? How would I go about writing that? Start proxy
    > service on both hosts, set up the tunnel to make them talk to each
    > other, set up new proxy object for each method call, wrap all
    > DRbObjects? Is there a better way?


    You don't need to write anything, its all built in :)
     
    Eric Hodel, Dec 11, 2004
    #2
    1. Advertising

  3. Thank you, Eric.

    On 2004/12/11, at 16:12, Eric Hodel wrote:

    >> One way I am thinking about is using an SSH tunnel between the
    >> computers (again, to benefit from the existing access controls in the
    >> OS), and run a proxy service that proxies calls between the hosts.

    >
    > You can use GWIdConv to link process (Gateway id Converter)
    >
    > http://segment7.net/projects/ruby/drb/idconv.html


    and Japanese version is here.

    * http://www.druby.org/ilikeruby/drbssh.html
    == 10.2 dRuby gateway
     
    Masatoshi SEKI, Dec 11, 2004
    #3
  4. Eric, Masatoshi, thank you for the tips.

    > > You can use GWIdConv to link process (Gateway id Converter)
    > >
    > > http://segment7.net/projects/ruby/drb/idconv.html

    >
    > and Japanese version is here.
    >
    > * http://www.druby.org/ilikeruby/drbssh.html
    >


    It seems that the gateway approach would need extra work (translating
    DRbObject uris) to pass DRbObjects through it?

    As an example:

    # ...
    # Set up gateway on remote host from unix socket to tcp socket.
    #
    # def remote_object.hello(x); "Hello, " + x.to_s; end
    # def remote_object.self; self; end
    # ...

    #local:
    DRb.start_service('drbunix:/tmp/local')
    ro = DRbObject.new_with_uri(remote_uri)
    ro[:unix].hello "Foo" #=> "Hello, Foo"

    a = Object.new
    a.extend DRbUndumped
    def a.to_s; "Bar"; end

    ro.hello a #=> DRb::DRbConnError: drbunix:/tmp/local -
    #<Errno::ENOENT: No such file or directory -
    /tmp/local>

    # Which is fixed by switching to a TCP socket instead of the UNIX socket
    # for the local service.

    DRb.stop_service
    DRb.start_service
    ro.hello a #=> "Hello, Bar"

    # But:

    ro.self.hello "Foo" #=> DRb::DRbConnError: drbunix:/tmp/gw_c -
    #<Errno::ENOENT: No such file or directory -
    /tmp/gw_c>


    Or am I missing something?



    I got it somewhat working by using socat with ssh to tunnel between two
    unix sockets. It doesn't need extra TCP sockets for communication, but
    would require writing some connection handling code to automatically set
    up the tunnels.

    Using the objects from above:


    First, start services on both hosts:
    ------------------------------------
    #remote:
    DRb.start_service('drbunix:/tmp/remote', remote_object)

    #local:
    DRb.start_service('drbunix:/tmp/local')


    Next, set up tunnels:
    ---------------------
    # Connect remote /tmp/remote to local /tmp/remote
    local$ socat UNIX-LISTEN:/tmp/remote \
    EXEC:'ssh remote socat STDIO UNIX-CONNECT:/tmp/remote'

    # Connect local /tmp/local to remote /tmp/local
    remote$ socat UNIX-LISTEN:/tmp/local \
    EXEC:'ssh local socat STDIO UNIX-CONNECT:/tmp/local'


    Ready to go:
    ------------
    #local:
    ro = DRbObject.new_with_uri('drbunix:/tmp/remote')
    ro.hello "Foo" #=> "Hello, Foo"
    ro.hello a #=> "Hello, Bar"
    ro.self.hello a #=> "Hello, Bar"

    # But, this doesn't work:
    ro.hello ro #=> DRb::DRbConnError: drbunix:/tmp/remote -
    #<Errno::ECONNREFUSED: Connection refused -
    /tmp/remote>
     
    Ilmari Heikkinen, Dec 11, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Bla
    Replies:
    0
    Views:
    2,883
  2. Chris Stiles
    Replies:
    0
    Views:
    469
    Chris Stiles
    Nov 2, 2005
  3. Replies:
    2
    Views:
    2,065
    Jeffrey Schwab
    Nov 28, 2005
  4. J. Wook
    Replies:
    16
    Views:
    299
    Robert Klemme
    May 16, 2007
  5. Bla
    Replies:
    1
    Views:
    239
    Tad McClellan
    Apr 10, 2005
Loading...

Share This Page