mirror of https://github.com/jimsalterjrs/sanoid
direct connection will default to busybox nc again but can be switched to mbuffer
This commit is contained in:
Christoph Klaffl
parent
fcae918ffa
commit
e1a6507455
|
|
@ -262,10 +262,10 @@ As of 1.4.18, syncoid also automatically supports and enables resume of interrup
|
|||
|
||||
Use specified identity file as per ssh -i.
|
||||
|
||||
+ --insecure-direct-connection=IP:PORT[,IP:PORT]
|
||||
+ --insecure-direct-connection=IP:PORT[,IP:PORT,[TIMEOUT,[mbuffer]]]
|
||||
|
||||
WARNING: This is an insecure option as the data is not encrypted while being sent over the network. Only use if you trust the complete network path.
|
||||
Use a direct tcp connection (with socat and mbuffer) for the actual zfs send/recv stream. All control commands are still executed via the ssh connection. The first address pair is used for connecting to the target host from the source host and the second pair is for listening on the target host. If the later isn't provided the same as the former is used. This can be used for saturating high throughput connection like >= 10GBe network which isn't easy with the overhead off ssh. It can also be useful for encrypted datasets to lower the cpu usage needed for replication but be aware that metadata is NOT ENCRYPTED in this case. (This option can't be used for relaying between two remote hosts)
|
||||
Use a direct tcp connection (with socat and busybox nc/mbuffer) for the actual zfs send/recv stream. All control commands are still executed via the ssh connection. The first address pair is used for connecting to the target host from the source host and the second pair is for listening on the target host. If the later isn't provided the same as the former is used. This can be used for saturating high throughput connection like >= 10GBe network which isn't easy with the overhead off ssh. It can also be useful for encrypted datasets to lower the cpu usage needed for replication but be aware that metadata is NOT ENCRYPTED in this case. The default timeout is 60 seconds and can be overridden by providing it as third argument. By default busybox nc is used for the listeing tcp socket, if mbuffer is preferred specify its name as fourth argument but be aware that mbuffer listens on all interfaces and uses an optionally provided ip address for access restriction (This option can't be used for relaying between two remote hosts)
|
||||
|
||||
+ --quiet
|
||||
|
||||
|
|
|
|||
66
syncoid
66
syncoid
|
|
@ -124,14 +124,14 @@ my ($targethost,$targetfs,$targetisroot) = getssh($rawtargetfs);
|
|||
my $sourcesudocmd = $sourceisroot ? '' : $sudocmd;
|
||||
my $targetsudocmd = $targetisroot ? '' : $sudocmd;
|
||||
|
||||
# figure out whether compression, mbuffering, pv
|
||||
# are available on source, target, local machines.
|
||||
# warn user of anything missing, then continue with sync.
|
||||
my %avail = checkcommands();
|
||||
if (!defined $sourcehost) { $sourcehost = ''; }
|
||||
if (!defined $targethost) { $targethost = ''; }
|
||||
|
||||
# handle insecure direct connection arguments
|
||||
my $directconnect = "";
|
||||
my $directlisten = "";
|
||||
my $directtimeout = 60;
|
||||
my $directmbuffer = 0;
|
||||
|
||||
if (length $args{'insecure-direct-connection'}) {
|
||||
if ($sourcehost ne '' && $targethost ne '') {
|
||||
|
|
@ -141,19 +141,34 @@ if (length $args{'insecure-direct-connection'}) {
|
|||
}
|
||||
|
||||
my @parts = split(',', $args{'insecure-direct-connection'});
|
||||
if (scalar @parts > 2) {
|
||||
if (scalar @parts > 4) {
|
||||
print("CRITICAL: invalid insecure-direct-connection argument!\n");
|
||||
pod2usage(2);
|
||||
exit 127;
|
||||
} elsif (scalar @parts == 2) {
|
||||
} elsif (scalar @parts >= 2) {
|
||||
$directconnect = $parts[0];
|
||||
$directlisten = $parts[1];
|
||||
} else {
|
||||
$directconnect = $args{'insecure-direct-connection'};
|
||||
$directlisten = $args{'insecure-direct-connection'};
|
||||
}
|
||||
|
||||
if (scalar @parts == 3) {
|
||||
$directtimeout = $parts[2];
|
||||
}
|
||||
|
||||
if (scalar @parts == 4) {
|
||||
if ($parts[3] eq "mbuffer") {
|
||||
$directmbuffer = 1;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
# figure out whether compression, mbuffering, pv
|
||||
# are available on source, target, local machines.
|
||||
# warn user of anything missing, then continue with sync.
|
||||
my %avail = checkcommands();
|
||||
|
||||
my %snaps;
|
||||
my $exitcode = 0;
|
||||
|
||||
|
|
@ -965,9 +980,6 @@ sub checkcommands {
|
|||
return %avail;
|
||||
}
|
||||
|
||||
if (!defined $sourcehost) { $sourcehost = ''; }
|
||||
if (!defined $targethost) { $targethost = ''; }
|
||||
|
||||
if ($sourcehost ne '') { $sourcessh = "$sshcmd $sourcehost"; } else { $sourcessh = ''; }
|
||||
if ($targethost ne '') { $targetssh = "$sshcmd $targethost"; } else { $targetssh = ''; }
|
||||
|
||||
|
|
@ -1039,6 +1051,14 @@ sub checkcommands {
|
|||
if ($socatAvailable eq '') {
|
||||
die "CRIT: $socatcmd is needed on source for insecure direct connection!\n";
|
||||
}
|
||||
|
||||
if (!$directmbuffer) {
|
||||
if ($debug) { print "DEBUG: checking availability of busybox (for nc) on target...\n"; }
|
||||
my $busyboxAvailable = `$targetssh $checkcmd busybox 2>/dev/null`;
|
||||
if ($busyboxAvailable eq '') {
|
||||
die "CRIT: busybox is needed on target for insecure direct connection!\n";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($debug) { print "DEBUG: checking availability of $mbuffercmd on source...\n"; }
|
||||
|
|
@ -1053,7 +1073,7 @@ sub checkcommands {
|
|||
if ($debug) { print "DEBUG: checking availability of $mbuffercmd on target...\n"; }
|
||||
$avail{'targetmbuffer'} = `$targetssh $checkcmd $mbuffercmd 2>/dev/null`;
|
||||
if ($avail{'targetmbuffer'} eq '') {
|
||||
if (length $args{'insecure-direct-connection'}) {
|
||||
if ($directmbuffer) {
|
||||
die "CRIT: $mbuffercmd is needed on target for insecure direct connection!\n";
|
||||
}
|
||||
if (!$quiet) { print "WARN: $mbuffercmd not available on target $t - sync will continue without target buffering.\n"; }
|
||||
|
|
@ -1288,19 +1308,18 @@ sub buildsynccmd {
|
|||
if ($avail{'compress'}) { $synccmd .= " $compressargs{'cmd'} |"; }
|
||||
if ($avail{'sourcembuffer'}) { $synccmd .= " $mbuffercmd $args{'source-bwlimit'} $mbufferoptions |"; }
|
||||
if (length $directconnect) {
|
||||
# try 10 times over 10 seconds to connect
|
||||
$synccmd .= " $socatcmd - TCP:" . $directconnect . ",retry=10,interval=1 |";
|
||||
$synccmd .= " $socatcmd - TCP:" . $directconnect . ",retry=$directtimeout,interval=1 |";
|
||||
}
|
||||
$synccmd .= " $sshcmd $targethost ";
|
||||
|
||||
my $remotecmd = "";
|
||||
if (length $directlisten) {
|
||||
# wait up to 10 seconds for a connection or error out
|
||||
$remotecmd .= " $mbuffercmd $args{'target -bwlimit'} -W 10 -I " . $directlisten . " $mbufferoptions |";
|
||||
} else {
|
||||
if ($avail{'targetmbuffer'}) { $remotecmd .= " $mbuffercmd $args{'target-bwlimit'} $mbufferoptions |"; }
|
||||
if ($directmbuffer) {
|
||||
$remotecmd .= " $mbuffercmd $args{'target -bwlimit'} -W $directtimeout -I " . $directlisten . " $mbufferoptions |";
|
||||
} elsif (length $directlisten) {
|
||||
$remotecmd .= " busybox nc -l " . $directlisten . " -w $directtimeout |";
|
||||
}
|
||||
|
||||
if ($avail{'targetmbuffer'} && !$directmbuffer) { $remotecmd .= " $mbuffercmd $args{'target-bwlimit'} $mbufferoptions |"; }
|
||||
if ($avail{'compress'}) { $remotecmd .= " $compressargs{'decomcmd'} |"; }
|
||||
$remotecmd .= " $recvcmd";
|
||||
|
||||
|
|
@ -1313,19 +1332,18 @@ sub buildsynccmd {
|
|||
if ($avail{'compress'}) { $remotecmd .= " | $compressargs{'cmd'}"; }
|
||||
if ($avail{'sourcembuffer'}) { $remotecmd .= " | $mbuffercmd $args{'source-bwlimit'} $mbufferoptions"; }
|
||||
if (length $directconnect) {
|
||||
# try 10 times over 10 seconds to connect
|
||||
$remotecmd .= " | $socatcmd - TCP:" . $directconnect . ",retry=10,interval=1";
|
||||
$remotecmd .= " | $socatcmd - TCP:" . $directconnect . ",retry=$directtimeout,interval=1";
|
||||
}
|
||||
|
||||
$synccmd = "$sshcmd $sourcehost " . escapeshellparam($remotecmd);
|
||||
$synccmd .= " | ";
|
||||
if (length $directlisten) {
|
||||
# wait up to 10 seconds for a connection or error out
|
||||
$synccmd .= "$mbuffercmd $args{'target-bwlimit'} -W 10 -I " . $directlisten . " $mbufferoptions | ";
|
||||
} else {
|
||||
if ($avail{'targetmbuffer'}) { $synccmd .= "$mbuffercmd $args{'target-bwlimit'} $mbufferoptions | "; }
|
||||
if ($directmbuffer) {
|
||||
$synccmd .= "$mbuffercmd $args{'target-bwlimit'} -W $directtimeout -I " . $directlisten . " $mbufferoptions | ";
|
||||
} elsif (length $directlisten) {
|
||||
$synccmd .= " busybox nc -l " . $directlisten . " -w $directtimeout | ";
|
||||
}
|
||||
|
||||
if ($avail{'targetmbuffer'} && !$directmbuffer) { $synccmd .= "$mbuffercmd $args{'target-bwlimit'} $mbufferoptions | "; }
|
||||
if ($avail{'compress'}) { $synccmd .= "$compressargs{'decomcmd'} | "; }
|
||||
if ($avail{'localpv'} && !$quiet) { $synccmd .= "$pvcmd $pvoptions -s $pvsize | "; }
|
||||
$synccmd .= "$recvcmd";
|
||||
|
|
|
|||
Loading…
Reference in New Issue