On Wed, Aug 29, 2012 at 4:02 PM, Dan Kegel <d...@kegel.com> wrote:
> Is my easiest path to steal that code from lxc-start-ephemeral
> and create a command lxc-ssh that ssh's into a container given
> its name?

Seems to work, but requires sudo:

#!/bin/sh

usage() {
    echo "usage: lxc-ssh NAME [COMMAND ...]"
}

help() {
    usage
    echo
    echo "Runs ssh to connect to the given container"
    echo
    echo "Arguments:"
    echo "NAME        : name of the original container.  Replaced with
the IP address of the container."
    echo "COMMAND     : optional command to pass to ssh"
}

get_ip()
{
    # Get init's PID
    PID=$(sudo lxc-info -n $1 -p | awk '{print $2}')
    [ "$PID" = "-1" ] && return 1

    # Get some unique path
    DST=$(sudo mktemp -u --tmpdir=/run/netns/)
    NAME=$(basename $DST)

    # Prepare the /run/netns entry for "ip netns"
    sudo mkdir -p /run/netns
    sudo ln -s /proc/$PID/ns/net $DST

    # Grab all the public globally routed IPv4 and IPv6 addresses
    (sudo ip netns exec $NAME ip -4 addr show scope global && \
     sudo ip netns exec $NAME ip -6 addr show scope global) | grep
inet | while read line; do
        ip=$(echo $line | awk '{print $2}' | cut -d '/' -f1)
        echo "$ip"
    done

    sudo rm $DST
}

do_ssh()
{
    sudo lxc-wait -s RUNNING -n $LXC_NAME

    # Use get_ip to wait for container's network to be up
    # and to obtain the ip address, then we can ssh to the lxc.
    TRIES=60
    FAILED=1

    # Repeatedly try to connect over SSH until we either succeed
    # or time out.
    for i in $(seq 1 $TRIES); do
        # We call get_ip inside the loop to ensure the correct ip
        # is retrieved even in the case the DHCP ip assignment
        # changes during the process.
        IP_ADDRESS=$(get_ip $LXC_NAME)
        if [ -z "$IP_ADDRESS" ]; then
            sleep 1
            continue
        fi

        # Iterate through all the addresses (if multiple)
        for ip in $IP_ADDRESS; do
            ssh -n -o StrictHostKeyChecking=no \
                -o UserKnownHostsFile=/dev/null \
                $IP_ADDRESS -- "$@"
            if [ ! 255 -eq $? ]; then
                # If ssh returns 255 then its connection failed.
                # Anything else is either success (status 0) or a
                # failure from whatever we ran over the SSH connection.
                # In those cases we want to stop looping, so we break
                # here

                FAILED=0
                break;
            fi
        done

        if [ "$FAILED" = "0" ]; then
            break
        fi
        sleep 1
    done

    if [ "$FAILED" = "1" ]; then
        echo "could not get IP address - aborting." >&2
    fi
}

if test "$1" = ""
then
    usage
    exit 1
fi

LXC_NAME=$1
shift
do_ssh "$@"

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users

Reply via email to