Bridging DRb UNIX socket services on two hosts

I

Ilmari Heikkinen

Hi,

I have two computers, both running a bunch of DRb services on them. The
services run on UNIX sockets with drbunix in order to use the OS file
permissions for access control.

How would I go about bridging the computers in a secure fashion so that
one computer's services can talk to the other? Preferably without
exposing the services to the network or using a NFS/Samba mount.

One way I am thinking about is using an SSH tunnel between the
computers (again, to benefit from the existing access controls in the
OS), and run a proxy service that proxies calls between the hosts.

Is that sensible? How would I go about writing that? Start proxy
service on both hosts, set up the tunnel to make them talk to each
other, set up new proxy object for each method call, wrap all
DRbObjects? Is there a better way?

Any pointers appreciated.
 
E

Eric Hodel

Hi,

I have two computers, both running a bunch of DRb services on them.
The services run on UNIX sockets with drbunix in order to use the OS
file permissions for access control.

How would I go about bridging the computers in a secure fashion so
that one computer's services can talk to the other? Preferably without
exposing the services to the network or using a NFS/Samba mount.
Click to expand...

You can use DRb over SSL:

http://segment7.net/projects/ruby/drb/DRbSSL/
One way I am thinking about is using an SSH tunnel between the
computers (again, to benefit from the existing access controls in the
OS), and run a proxy service that proxies calls between the hosts.
Click to expand...

You can use GWIdConv to link process (Gateway id Converter)

http://segment7.net/projects/ruby/drb/idconv.html
Is that sensible? How would I go about writing that? Start proxy
service on both hosts, set up the tunnel to make them talk to each
other, set up new proxy object for each method call, wrap all
DRbObjects? Is there a better way?
Click to expand...

You don't need to write anything, its all built in :)
 
I

Ilmari Heikkinen

Eric, Masatoshi, thank you for the tips.
and Japanese version is here.

* http://www.druby.org/ilikeruby/drbssh.html
Click to expand...

It seems that the gateway approach would need extra work (translating
DRbObject uris) to pass DRbObjects through it?

As an example:

# ...
# Set up gateway on remote host from unix socket to tcp socket.
#
# def remote_object.hello(x); "Hello, " + x.to_s; end
# def remote_object.self; self; end
# ...

#local:
DRb.start_service('drbunix:/tmp/local')
ro = DRbObject.new_with_uri(remote_uri)
ro[:unix].hello "Foo" #=> "Hello, Foo"

a = Object.new
a.extend DRbUndumped
def a.to_s; "Bar"; end

ro.hello a #=> DRb::DRbConnError: drbunix:/tmp/local -
#<Errno::ENOENT: No such file or directory -
/tmp/local>

# Which is fixed by switching to a TCP socket instead of the UNIX socket
# for the local service.

DRb.stop_service
DRb.start_service
ro.hello a #=> "Hello, Bar"

# But:

ro.self.hello "Foo" #=> DRb::DRbConnError: drbunix:/tmp/gw_c -
#<Errno::ENOENT: No such file or directory -
/tmp/gw_c>


Or am I missing something?



I got it somewhat working by using socat with ssh to tunnel between two
unix sockets. It doesn't need extra TCP sockets for communication, but
would require writing some connection handling code to automatically set
up the tunnels.

Using the objects from above:


First, start services on both hosts:
------------------------------------
#remote:
DRb.start_service('drbunix:/tmp/remote', remote_object)

#local:
DRb.start_service('drbunix:/tmp/local')


Next, set up tunnels:
---------------------
# Connect remote /tmp/remote to local /tmp/remote
local$ socat UNIX-LISTEN:/tmp/remote \
EXEC:'ssh remote socat STDIO UNIX-CONNECT:/tmp/remote'

# Connect local /tmp/local to remote /tmp/local
remote$ socat UNIX-LISTEN:/tmp/local \
EXEC:'ssh local socat STDIO UNIX-CONNECT:/tmp/local'


Ready to go:
------------
#local:
ro = DRbObject.new_with_uri('drbunix:/tmp/remote')
ro.hello "Foo" #=> "Hello, Foo"
ro.hello a #=> "Hello, Bar"
ro.self.hello a #=> "Hello, Bar"

# But, this doesn't work:
ro.hello ro #=> DRb::DRbConnError: drbunix:/tmp/remote -
#<Errno::ECONNREFUSED: Connection refused -
/tmp/remote>
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Socket programming in Web services 0
Xah's Edu Corner: Unix Pipe As Functional Language 0
Accessing Symbolic Links on Unix File Shares 0
Web Services client software has substantial delay on startup 9
ASP.NET service providers using Samba+Unix 3
Expose firewall protected web apps and web services to the INTERNET securely and cost-effectively 0
Starting exe application on server side using web services doesn't work. 4
confusion on HTTP and SOAP 6

Members online

No members online now.
Total: 65 (members: 1, guests: 64)
Robots: 31

Forum statistics

Threads
473,813
Messages
2,569,696
Members
45,480
Latest member
CrazyMember

Latest Threads

Top