cyteen
/
sanoid
mirror of https://github.com/jimsalterjrs/sanoid
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

implemented option for direct connection via socat and busybox nc

This commit is contained in:
Christoph Klaffl 2020-02-21 20:34:28 +01:00
parent 487693993b
commit 84bc3164f0
No known key found for this signature in database
GPG Key ID: 8FC1D76EED4970D2
2 changed files with 48 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@ -262,6 +262,11 @@ As of 1.4.18, syncoid also automatically supports and enables resume of interrup
Use specified identity file as per ssh -i. Use specified identity file as per ssh -i.
+ --insecure-direct-connection=IP:PORT[,IP:PORT]
WARNING: This is an insecure option as the data is not encrypted while being sent over the network. Only use if you trust the complete network path.
Use a direct tcp connection (with socat and busybox nc) for the actual zfs send/recv stream. All control commands are still executed via the ssh connection. The first address pair is used for connecting to the target host from the source host and the second pair is for listening on the target host. If the later isn't provided the same as the former is used. This can be used for saturating high throughput connection like >= 10GBe network which isn't easy with the overhead off ssh. It can also be useful for encrypted datasets to lower the cpu usage needed for replication but be aware that metadata is NOT ENCRYPTED in this case. (This option can't be used for relaying between two remote hosts)
+ --quiet + --quiet
Supress non-error output. Supress non-error output.

44
syncoid
View File

@ -25,7 +25,7 @@ GetOptions(\%args, "no-command-checks", "monitor-version", "compress=s", "dumpsn
"source-bwlimit=s", "target-bwlimit=s", "sshkey=s", "sshport=i", "sshcipher|c=s", "sshoption|o=s@", "source-bwlimit=s", "target-bwlimit=s", "sshkey=s", "sshport=i", "sshcipher|c=s", "sshoption|o=s@",
"debug", "quiet", "no-stream", "no-sync-snap", "no-resume", "exclude=s@", "skip-parent", "identifier=s", "debug", "quiet", "no-stream", "no-sync-snap", "no-resume", "exclude=s@", "skip-parent", "identifier=s",
"no-clone-handling", "no-privilege-elevation", "force-delete", "no-clone-rollback", "no-rollback", "no-clone-handling", "no-privilege-elevation", "force-delete", "no-clone-rollback", "no-rollback",
"create-bookmark", "pv-options=s" => \$pvoptions, "create-bookmark", "pv-options=s" => \$pvoptions, "insecure-direct-connection=s",
"mbuffer-size=s" => \$mbuffer_size) or pod2usage(2); "mbuffer-size=s" => \$mbuffer_size) or pod2usage(2);
my %compressargs = %{compressargset($args{'compress'} || 'default')}; # Can't be done with GetOptions arg, as default still needs to be set my %compressargs = %{compressargset($args{'compress'} || 'default')}; # Can't be done with GetOptions arg, as default still needs to be set
@ -120,6 +120,31 @@ if ($debug) { print "DEBUG: SSHCMD: $sshcmd\n"; }
my ($sourcehost,$sourcefs,$sourceisroot) = getssh($rawsourcefs); my ($sourcehost,$sourcefs,$sourceisroot) = getssh($rawsourcefs);
my ($targethost,$targetfs,$targetisroot) = getssh($rawtargetfs); my ($targethost,$targetfs,$targetisroot) = getssh($rawtargetfs);
# handle insecure direct connection arguments
my $directconnect = "";
my $directlisten = "";
if (length $args{'insecure-direct-connection'}) {
if ($sourcehost ne '' && $targethost ne '') {
print("CRITICAL: relaying between remote hosts is not supported with insecure direct connection!\n");
pod2usage(2);
exit 127;
}
my @parts = split(',', $args{'insecure-direct-connection'});
if (scalar @parts > 2) {
print("CRITICAL: invalid insecure-direct-connection argument!\n");
pod2usage(2);
exit 127;
} elsif (scalar @parts == 2) {
$directconnect = $parts[0];
$directlisten = $parts[1];
} else {
$directconnect = $args{'insecure-direct-connection'};
$directlisten = $args{'insecure-direct-connection'};
}
}
my $sourcesudocmd = $sourceisroot ? '' : $sudocmd; my $sourcesudocmd = $sourceisroot ? '' : $sudocmd;
my $targetsudocmd = $targetisroot ? '' : $sudocmd; my $targetsudocmd = $targetisroot ? '' : $sudocmd;
@ -1250,9 +1275,17 @@ sub buildsynccmd {
if ($avail{'localpv'} && !$quiet) { $synccmd .= " $pvcmd $pvoptions -s $pvsize |"; } if ($avail{'localpv'} && !$quiet) { $synccmd .= " $pvcmd $pvoptions -s $pvsize |"; }
if ($avail{'compress'}) { $synccmd .= " $compressargs{'cmd'} |"; } if ($avail{'compress'}) { $synccmd .= " $compressargs{'cmd'} |"; }
if ($avail{'sourcembuffer'}) { $synccmd .= " $mbuffercmd $args{'source-bwlimit'} $mbufferoptions |"; } if ($avail{'sourcembuffer'}) { $synccmd .= " $mbuffercmd $args{'source-bwlimit'} $mbufferoptions |"; }
if (length $directconnect) {
# try 10 times over 10 seconds to connect
$synccmd .= " socat - TCP:" . $directconnect . ",retry=10,interval=1 |";
}
$synccmd .= " $sshcmd $targethost "; $synccmd .= " $sshcmd $targethost ";
my $remotecmd = ""; my $remotecmd = "";
if (length $directlisten) {
# wait up to 10 seconds for a connection or error out
$remotecmd .= " busybox nc -l " . $directlisten . " -w 10 |";
}
if ($avail{'targetmbuffer'}) { $remotecmd .= " $mbuffercmd $args{'target-bwlimit'} $mbufferoptions |"; } if ($avail{'targetmbuffer'}) { $remotecmd .= " $mbuffercmd $args{'target-bwlimit'} $mbufferoptions |"; }
if ($avail{'compress'}) { $remotecmd .= " $compressargs{'decomcmd'} |"; } if ($avail{'compress'}) { $remotecmd .= " $compressargs{'decomcmd'} |"; }
$remotecmd .= " $recvcmd"; $remotecmd .= " $recvcmd";
@ -1265,9 +1298,17 @@ sub buildsynccmd {
my $remotecmd = $sendcmd; my $remotecmd = $sendcmd;
if ($avail{'compress'}) { $remotecmd .= " | $compressargs{'cmd'}"; } if ($avail{'compress'}) { $remotecmd .= " | $compressargs{'cmd'}"; }
if ($avail{'sourcembuffer'}) { $remotecmd .= " | $mbuffercmd $args{'source-bwlimit'} $mbufferoptions"; } if ($avail{'sourcembuffer'}) { $remotecmd .= " | $mbuffercmd $args{'source-bwlimit'} $mbufferoptions"; }
if (length $directconnect) {
# try 10 times over 10 seconds to connect
$remotecmd .= " | socat - TCP:" . $directconnect . ",retry=10,interval=1";
}
$synccmd = "$sshcmd $sourcehost " . escapeshellparam($remotecmd); $synccmd = "$sshcmd $sourcehost " . escapeshellparam($remotecmd);
$synccmd .= " | "; $synccmd .= " | ";
if (length $directlisten) {
# wait up to 10 seconds for a connection or error out
$synccmd .= " busybox nc -l " . $directlisten . " -w 10 |";
}
if ($avail{'targetmbuffer'}) { $synccmd .= "$mbuffercmd $args{'target-bwlimit'} $mbufferoptions | "; } if ($avail{'targetmbuffer'}) { $synccmd .= "$mbuffercmd $args{'target-bwlimit'} $mbufferoptions | "; }
if ($avail{'compress'}) { $synccmd .= "$compressargs{'decomcmd'} | "; } if ($avail{'compress'}) { $synccmd .= "$compressargs{'decomcmd'} | "; }
if ($avail{'localpv'} && !$quiet) { $synccmd .= "$pvcmd $pvoptions -s $pvsize | "; } if ($avail{'localpv'} && !$quiet) { $synccmd .= "$pvcmd $pvoptions -s $pvsize | "; }
@ -1911,6 +1952,7 @@ Options:
--sshport=PORT Connects to remote on a particular port --sshport=PORT Connects to remote on a particular port
--sshcipher|c=CIPHER Passes CIPHER to ssh to use a particular cipher set --sshcipher|c=CIPHER Passes CIPHER to ssh to use a particular cipher set
--sshoption|o=OPTION Passes OPTION to ssh for remote usage. Can be specified multiple times --sshoption|o=OPTION Passes OPTION to ssh for remote usage. Can be specified multiple times
--insecure-direct-connection=IP:PORT[,IP:PORT] WARNING: DATA IS NOT ENCRYPTED. First address pair is for connecting to the target and the second for listening at the target
--help Prints this helptext --help Prints this helptext
--version Prints the version number --version Prints the version number