This repository has been archived by the owner on Aug 9, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2
/
ssh-jump
executable file
·64 lines (52 loc) · 2.21 KB
/
ssh-jump
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
#!/usr/bin/python
"""
ssh-jump: 'netcat' that finds a nova instance, and jumps
into its namespace.
"""
import traceback, sys
import os, sys
import prctl
import shlex
import find_ns
from datetime import datetime
if (len(sys.argv) == 1):
sys.argv.extend(shlex.split(sys.stdin.readline()))
args = find_ns.do_args()
try:
# This allows our app to get into a network namespace other than the default.
# to do so, open /var/run/netns/<file>, and then have @ it with the fd using
# the setns(2) call. E.g. f=open('/var/run/netns/x'); setns(f)
prctl.cap_permitted.sys_admin = True
prctl.cap_effective.sys_admin = True
# If testing, delete cache to be certain we know right value
if (args.test):
find_ns.uncache_host(args.tenant,args.host)
h, ns,floating = find_ns.find_host(args.user, args.tenant, args.password, args.host, args.auth_url, args.shared_subnet_id, args.shared_router_id)
if (args.test):
# In this case, we want to just check that namespace is up
print >> sys.stderr, ("Testing primary routed interface/router for host <<%s>> in tenant <<%s>>" % (args.host,args.tenant))
print >> sys.stderr, (" Routed Namespace: <<%s>>, ip: <<%s>>" % (ns, h))
if (h == None or ns == None):
print >> sys.stderr, (" Error: one of host/routed-namespace is empty")
sys.exit(1)
try:
_ns = find_ns.NS(ns)
except:
print >> sys.stderr, (" Error: router <<%s>> does not exist (yet)" % ns)
sys.exit(1)
else:
# Now we should be able to ping h
os.execv('/bin/ping',['/bin/ping', '-q','-c','1', h])
elif (len(ns)):
_ns = find_ns.NS(ns)
os.execv('/bin/nc',['/bin/nc', h, '22'])
except:
if (not args.test):
dt = datetime.now()
print("TIMESTAMP: %s" % dt.isoformat("T"))
traceback.print_exc()
print >> sys.stderr, ("Usage: -user <USER> -password <PASSWORD> -tenant <TENANT> -host <HOST>")
print >> sys.stderr, ("where USER/PASSWORD/TENANT/HOST are all as per this OpenStack deployment")
print >> sys.stderr, ("and may not be a Unix login")
print >> sys.stderr, ("You gave: <<%s>>" % sys.argv)
sys.exit(1)