generic driver: support additional SSH options for service instance

Bug #1944980 reported by Arturo Borrero Gonzalez
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Shared File Systems Service (Manila)
New
Low
Unassigned

Bug Description

Dear Manila developers,

thanks for your good work with the project, really appreciated.

This is a feature request. In our environment, SSH to virtual machines need to be proxyed using an intermediate SSH host.

When the generic driver creates a service instance, manila-share is unable to contact the VM because it wont use the SSH proxy.

I've read the source code and I found at least 3 places where this would need to be supported:

* on the utils module, the SSHPool class https://opendev.org/openstack/manila/src/branch/master/manila/utils.py#L105
* on the generic driver, the _ssh_exec() method https://opendev.org/openstack/manila/src/branch/master/manila/share/drivers/generic.py#L142
* on the service_instance module, the _test_server_connection() method https://opendev.org/openstack/manila/src/branch/master/manila/share/drivers/service_instance.py#L666

Moreover, the _test_server_connection() uses a raw connection to TCP/22. Assuming TCP/22 for SSH is in general fine, but perhaps it should be allowed to be configured.
Instead of a raw connection, I would suggest moving that logic somehow into the SSHPool class in the utils module, so if a proxy is configured, it can reuse such configuration for the connectivity test.

In summary I'm suggesting at least the following new configuration options:

* ssh_proxy_host = <FQDN, defaults to None>
* ssh_proxy_user = <String, defaults to None>
* ssh_tcp_port = <Integer, defaults to 22>

Then build a connection similar to what this SSH config would do:

* ProxyCommand ssh -a -W %h:%p <email address hidden>

I'm also open to follow other instructions to workaround this SSH limitation we're experiencing.

Tags: driver generic
Vida Haririan (vhariria)
tags: added: gene
tags: added: generic
removed: gene
tags: added: driver
Vida Haririan (vhariria)
Changed in manila:
importance: Undecided → Medium
Revision history for this message
Vida Haririan (vhariria) wrote :

Hi Arturo,

Thank you for raising this bug.

The bug was discussed at the community weekly IRC call. Please review additional comments at https://meetings.opendev.org/meetings/manila/2021/manila.2021-09-30-15.01.log.html and let us know if you would like to contribute to this fix.

Revision history for this message
Arturo Borrero Gonzalez (arturoborrero) wrote :

I'm sorry I don't have time at the moment to work on a patch. However, depending on how long it takes for someone to create one, I could contribute by testing the patch on my deployment.

Idea: it seems paramiko supports parsing and loading configuration from a file. Perhaps the easiest way to address this is to simply allow users to specify a paramiko configuration file.
So, instead of adding a bunch of config options to manila.conf, simply add something like tihs:

# load paramiko SSH configuration file
# see http://docs.paramiko.org/en/stable/api/config.html for format & available options
ssh_paramiko_config_file = /path/to/a/file.conf

Revision history for this message
Vida Haririan (vhariria) wrote :
Changed in manila:
importance: Medium → Low
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers