[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

comp.lang.ruby

Bridging DRb UNIX socket services on two hosts

Ilmari Heikkinen

12/11/2004 7:10:00 AM

Hi,

I have two computers, both running a bunch of DRb services on them. The
services run on UNIX sockets with drbunix in order to use the OS file
permissions for access control.

How would I go about bridging the computers in a secure fashion so that
one computer's services can talk to the other? Preferably without
exposing the services to the network or using a NFS/Samba mount.

One way I am thinking about is using an SSH tunnel between the
computers (again, to benefit from the existing access controls in the
OS), and run a proxy service that proxies calls between the hosts.

Is that sensible? How would I go about writing that? Start proxy
service on both hosts, set up the tunnel to make them talk to each
other, set up new proxy object for each method call, wrap all
DRbObjects? Is there a better way?

Any pointers appreciated.

--
-Ilmari
3 Answers

Eric Hodel

12/11/2004 7:13:00 AM

0


On 10 Dec 2004, at 23:09, Ilmari Heikkinen wrote:

> Hi,
>
> I have two computers, both running a bunch of DRb services on them.
> The services run on UNIX sockets with drbunix in order to use the OS
> file permissions for access control.
>
> How would I go about bridging the computers in a secure fashion so
> that one computer's services can talk to the other? Preferably without
> exposing the services to the network or using a NFS/Samba mount.

You can use DRb over SSL:

http://segment7.net/projects/ruby/d...

> One way I am thinking about is using an SSH tunnel between the
> computers (again, to benefit from the existing access controls in the
> OS), and run a proxy service that proxies calls between the hosts.

You can use GWIdConv to link process (Gateway id Converter)

http://segment7.net/projects/ruby/drb/i...

> Is that sensible? How would I go about writing that? Start proxy
> service on both hosts, set up the tunnel to make them talk to each
> other, set up new proxy object for each method call, wrap all
> DRbObjects? Is there a better way?

You don't need to write anything, its all built in :)

Masatoshi SEKI

12/11/2004 7:34:00 AM

0

Thank you, Eric.

On 2004/12/11, at 16:12, Eric Hodel wrote:

>> One way I am thinking about is using an SSH tunnel between the
>> computers (again, to benefit from the existing access controls in the
>> OS), and run a proxy service that proxies calls between the hosts.
>
> You can use GWIdConv to link process (Gateway id Converter)
>
> http://segment7.net/projects/ruby/drb/i...

and Japanese version is here.

* http://www.druby.org/ilikeruby/d...
== 10.2 dRuby gateway

Ilmari Heikkinen

12/11/2004 5:42:00 PM

0

Eric, Masatoshi, thank you for the tips.

> > You can use GWIdConv to link process (Gateway id Converter)
> >
> > http://segment7.net/projects/ruby/drb/i...
>
> and Japanese version is here.
>
> * http://www.druby.org/ilikeruby/d...
>

It seems that the gateway approach would need extra work (translating
DRbObject uris) to pass DRbObjects through it?

As an example:

# ...
# Set up gateway on remote host from unix socket to tcp socket.
#
# def remote_object.hello(x); "Hello, " + x.to_s; end
# def remote_object.self; self; end
# ...

#local:
DRb.start_service('drbunix:/tmp/local')
ro = DRbObject.new_with_uri(remote_uri)
ro[:unix].hello "Foo" #=> "Hello, Foo"

a = Object.new
a.extend DRbUndumped
def a.to_s; "Bar"; end

ro.hello a #=> DRb::DRbConnError: drbunix:/tmp/local -
#<Errno::ENOENT: No such file or directory -
/tmp/local>

# Which is fixed by switching to a TCP socket instead of the UNIX socket
# for the local service.

DRb.stop_service
DRb.start_service
ro.hello a #=> "Hello, Bar"

# But:

ro.self.hello "Foo" #=> DRb::DRbConnError: drbunix:/tmp/gw_c -
#<Errno::ENOENT: No such file or directory -
/tmp/gw_c>


Or am I missing something?



I got it somewhat working by using socat with ssh to tunnel between two
unix sockets. It doesn't need extra TCP sockets for communication, but
would require writing some connection handling code to automatically set
up the tunnels.

Using the objects from above:


First, start services on both hosts:
------------------------------------
#remote:
DRb.start_service('drbunix:/tmp/remote', remote_object)

#local:
DRb.start_service('drbunix:/tmp/local')


Next, set up tunnels:
---------------------
# Connect remote /tmp/remote to local /tmp/remote
local$ socat UNIX-LISTEN:/tmp/remote EXEC:'ssh remote socat STDIO UNIX-CONNECT:/tmp/remote'

# Connect local /tmp/local to remote /tmp/local
remote$ socat UNIX-LISTEN:/tmp/local EXEC:'ssh local socat STDIO UNIX-CONNECT:/tmp/local'


Ready to go:
------------
#local:
ro = DRbObject.new_with_uri('drbunix:/tmp/remote')
ro.hello "Foo" #=> "Hello, Foo"
ro.hello a #=> "Hello, Bar"
ro.self.hello a #=> "Hello, Bar"

# But, this doesn't work:
ro.hello ro #=> DRb::DRbConnError: drbunix:/tmp/remote -
#<Errno::ECONNREFUSED: Connection refused -
/tmp/remote>