On Wed, Aug 29, 2012 at 4:02 PM, Dan Kegel <d...@kegel.com> wrote:
> Is my easiest path to steal that code from lxc-start-ephemeral
> and create a command lxc-ssh that ssh's into a container given
> its name?
Seems to work, but requires sudo:
#!/bin/sh
usage() {
echo "usage: lxc-ssh NAME [COMMAND ...]"
}
help() {
usage
echo
echo "Runs ssh to connect to the given container"
echo
echo "Arguments:"
echo "NAME : name of the original container. Replaced with
the IP address of the container."
echo "COMMAND : optional command to pass to ssh"
}
get_ip()
{
# Get init's PID
PID=$(sudo lxc-info -n $1 -p | awk '{print $2}')
[ "$PID" = "-1" ] && return 1
# Get some unique path
DST=$(sudo mktemp -u --tmpdir=/run/netns/)
NAME=$(basename $DST)
# Prepare the /run/netns entry for "ip netns"
sudo mkdir -p /run/netns
sudo ln -s /proc/$PID/ns/net $DST
# Grab all the public globally routed IPv4 and IPv6 addresses
(sudo ip netns exec $NAME ip -4 addr show scope global && \
sudo ip netns exec $NAME ip -6 addr show scope global) | grep
inet | while read line; do
ip=$(echo $line | awk '{print $2}' | cut -d '/' -f1)
echo "$ip"
done
sudo rm $DST
}
do_ssh()
{
sudo lxc-wait -s RUNNING -n $LXC_NAME
# Use get_ip to wait for container's network to be up
# and to obtain the ip address, then we can ssh to the lxc.
TRIES=60
FAILED=1
# Repeatedly try to connect over SSH until we either succeed
# or time out.
for i in $(seq 1 $TRIES); do
# We call get_ip inside the loop to ensure the correct ip
# is retrieved even in the case the DHCP ip assignment
# changes during the process.
IP_ADDRESS=$(get_ip $LXC_NAME)
if [ -z "$IP_ADDRESS" ]; then
sleep 1
continue
fi
# Iterate through all the addresses (if multiple)
for ip in $IP_ADDRESS; do
ssh -n -o StrictHostKeyChecking=no \
-o UserKnownHostsFile=/dev/null \
$IP_ADDRESS -- "$@"
if [ ! 255 -eq $? ]; then
# If ssh returns 255 then its connection failed.
# Anything else is either success (status 0) or a
# failure from whatever we ran over the SSH connection.
# In those cases we want to stop looping, so we break
# here
FAILED=0
break;
fi
done
if [ "$FAILED" = "0" ]; then
break
fi
sleep 1
done
if [ "$FAILED" = "1" ]; then
echo "could not get IP address - aborting." >&2
fi
}
if test "$1" = ""
then
usage
exit 1
fi
LXC_NAME=$1
shift
do_ssh "$@"
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
