SSH wrapper to connect Scalr-managed servers

Comments

원문

It's annoying to connect one of the virtual machine managed by Scalr for various reasons. So I created small shell script for easy connection; browse the servers with its IP address, then connect to them.

Backgrounds

We created lots of Scalr managed servers. Some of them have external IP addresses, but some of them are not. So, we need to prepare a proxy machine, to connect those servers.

<pre>

Internet Firewall Cloud IaaS

--------- -----—+ ---------

Client   Proxy   Target
Machine   Server   Server
  ----–—>   ---–—>  
         
         

--------- -----—+ --------- 53.208.160.176 10.102.9.203

</pre>

For example, suppose that we've prepared the proxy machine at 53.208.160.176. Normally, you could connect to the destination server 10.102.9.203 by issuing ssh twice, like this (which is annoying): 

$ ssh 53.208.160.176
$ ssh 10.102.9.203

We are using Scalr's auto-scaling feature; this means, the number of servers are dynamically increasing/decreasing depending on the server's load. In other words, at some instance, we do not exactly know how many servers are there, and we do not exactly know what IP addresses they have.

So, I created small shell script named sssh (stands for "Scalr-ssh") to find out the list of Scalr-managed servers, and provide easy ssh connection to one of the servers. With this, you can connect a server instantly even if the server does not have external IP address.

Download & Installation

First, you'll need to download the Scalr command line tool from Scalr Command Line Tools, and you'll need to finish scalr configure step. 

$ sudo easy_install scalr
$ scalr configure -i d41d8cd98f00b204 \
    -a 3bEGXWzaoT92BMhOaqv13bEGXWzaoT92BMhOaqv13bEGXWzaoT92BMhOaqv1+0=

Above example will save your configuration in $HOME/.scalr/config.ini.

Then, you'll need to grab the source from here, and save it to some place like /usr/local/bin. Then, edit that file to update the proxy endpoint in SSH_PROXY_ENDPOINT to reflect your proxy endpoint. For example: 

SSH_PROXY_ENDPOINT=${SSH_PROXY_ENDPOINT:="root@53.208.160.176}

You can test whether the installation was successful via following command. Note that the actual output may vary depending on your Scalr configuration/usage. 

$ sssh env
  [149]  AWS-TEST-ENV
  [158]  US-EAST-9
  [161]  AP-KR-FOOBAR

Usage

If you have more than one Scalr environment, you'll need to list the environments using sssh env, then select one of the environment with the following command: 

$ # select environment with id, 158
$ sssh set-env 158

Then, you'll need to select one of your farms. First, list the farms using sssh farms, then select one of it using sssh set-farm: 

$ # list the farms
$ sssh farms
  [808]                          test-vpc (Stopped):   VPC farm for testing
  [809]      ec2-us-east-1-management-dev (Running):   None
  [814]           ec2-us-east-2-store-dev (Stopped):   None
  [953]                template-test-farm (Running):   None
$ # select one of the farm
$ sssh set-farm 809

Once the env/farm is selected, then you can browse the list of servers by sssh list: 

$ sssh list
  [ 0]   53.208.160.176    10.102.9.174  proxy-server
  [ 1]      53.84.9.110    10.102.9.135  zookeeper-3-centos6-cl
  [ 2]     53.84.76.146    10.102.9.146  zookeeper-3-centos6-cl
  [ 3]     53.84.65.212      10.102.9.7  zookeeper-3-centos6-cl
  [ 4]             None    10.102.9.203  sessionmgr-master-centos6-cl
  [ 5]     53.84.72.223    10.102.9.132  cs-sessionmgr-master-centos6-cl
  [ 6]     53.84.74.122     10.102.9.52  cs-sessionmgr-master-centos6-cl
  [ 7]     53.84.64.155    10.102.9.112  cs-frontend-centos6-cl
  [ 8]       53.84.0.88    10.102.9.106  cs-frontend-centos6-cl
  [ 9]             None    10.102.3.210  cs-datastore-centos6-cl

Each item contains 4 fields: the server index, the external IP, the internal IP, and the name of the server. In above example, 4th and 9th server do not have external IP. Remember that we configured SSH_PROXY_ENDPOINT to point 0-th server endpoint, "root@53.208.160.176". This server is used for the ssh proxy for this demonstration.

These servers belong to the farm id, 809 as we selected this farm using sssh set-farm 809. To connect one of these servers, you need to download the PEM file of this farm, and place it in your $HOME/.ssh/809.pem. Finally, you can connect to one of the servers by following command: 

$ # connect to 1st server
$ sssh connect 1
Last login: Tue Feb 11 05:32:28 2014 from 124.168.108.138

Appliance:	centos-6-scalr appliance 1.0
Hostname:	ip-10-102-9-135
IP Address:	10.102.9.135

[root@ec2-53-84-9-110 ~]# _

You can even connect to the server without external IP. For example: 

$ # connect to 9th server
$ sssh connect 9
Last login: Wed Feb 12 09:04:02 2014 from 10.102.9.174

Appliance:	centos-6-scalr appliance 1.0
Hostname:	ip-10-102-9-210
IP Address:	10.102.9.210

[root@ip-10-101-3-210 ~]# _

Note that from the first message of the command; it says that the connection was from 10.102.9.174, which is the internal IP address of the 0-th server, which is used for the ssh proxy.

Internally, when we specify a server without external IP address, sssh will indirectly connect to the server via the pre-configured ssh proxy server using ssh ProxyCommand option with netcat(1): 

ssh -i "$pem" -o "ProxyCommand ssh -i $pem $SSH_PROXY_ENDPOINT nc %h %p" root@${iip}

If you have interest on this, read the nice article Configure openssh to tunnel through another server using SSH.

댓글

Comments powered by Disqus