forked from flaupretre/terraform-ssh-tunnel
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathtunnel.sh
executable file
·171 lines (148 loc) · 5.83 KB
/
tunnel.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
TUNNEL_TF_PID="$1"
ret=0
#---
ps_is_busybox()
{
[ "$(readlink /bin/ps)" = "/bin/busybox" ]
}
#---
process_is_up()
{
local pid ret
pid="$1"
if ps_is_busybox ; then
ps -o pid | awk '{ print $1 }' | grep "^$pid\$" >/dev/null 2>&1
ret=$?
else
ps -p "$pid" >/dev/null 2>&1
ret=$?
fi
return $ret
}
#---
if [ -z "$TUNNEL_TF_PID" ] ; then
if [ -n "$TUNNEL_DEBUG" ] ; then
exec 2>/tmp/t1.$$
set -x
env >&2
fi
TUNNEL_ABSPATH=$(cd "$(dirname "$0")"; pwd -P)
export TUNNEL_ABSPATH
query="$(dd 2>/dev/null)"
[ -n "$TUNNEL_DEBUG" ] && echo "query: <$query>" >&2
TUNNEL_CREATE="$(echo "$query" | sed -e 's/^.*\"create\": *\"//' -e 's/\",.*$//g' -e 's/\\\"/\"/g')"
export TUNNEL_CREATE
TUNNEL_TYPE="$(echo "$query" | sed -e 's/^.*\"type\": *\"//' -e 's/\".*$//g')"
export TUNNEL_TYPE
TUNNEL_ENV="$(echo "$query" | sed -e 's/^.*\"env\": *\"//' -e 's/\",.*$//g' -e 's/\\\"/\"/g')"
export TUNNEL_ENV
TUNNEL_EXTERNAL_SCRIPT="$(echo "$query" | sed -e 's/^.*\"external_script\": *\"//' -e 's/\",.*$//g' -e 's/\\\"/\"/g')"
export TUNNEL_EXTERNAL_SCRIPT
TUNNEL_GATEWAY_HOST="$(echo "$query" | sed -e 's/^.*\"gateway_host\": *\"//' -e 's/\".*$//g')"
export TUNNEL_GATEWAY_HOST
TUNNEL_GATEWAY_PORT="$(echo "$query" | sed -e 's/^.*\"gateway_port\": *\"//' -e 's/\".*$//g')"
export TUNNEL_GATEWAY_PORT
TUNNEL_GATEWAY_USER="$(echo "$query" | sed -e 's/^.*\"gateway_user\": *\"//' -e 's/\".*$//g')"
export TUNNEL_GATEWAY_USER
TUNNEL_IAP_GCP_PROJECT="$(echo "$query" | sed -e 's/^.*\"iap_project\": *\"//' -e 's/\",.*$//g' -e 's/\\\"/\"/g')"
export TUNNEL_IAP_PROJECT
TUNNEL_IAP_GCP_ZONE="$(echo "$query" | sed -e 's/^.*\"iap_zone\": *\"//' -e 's/\",.*$//g' -e 's/\\\"/\"/g')"
export TUNNEL_IAP_ZONE
TUNNEL_GCLOUD_CMD="$(echo "$query" | sed -e 's/^.*\"gcloud_cmd\": *\"//' -e 's/\",.*$//g' -e 's/\\\"/\"/g')"
export TUNNEL_GCLOUD_CMD
TUNNEL_KUBECTL_CMD="$(echo "$query" | sed -e 's/^.*\"kubectl_cmd\": *\"//' -e 's/\",.*$//g' -e 's/\\\"/\"/g')"
export TUNNEL_KUBECTL_CMD
TUNNEL_KUBECTL_CONTEXT="$(echo "$query" | sed -e 's/^.*\"kubectl_context\": *\"//' -e 's/\",.*$//g' -e 's/\\\"/\"/g')"
export TUNNEL_KUBECTL_CONTEXT
TUNNEL_KUBECTL_NAMESPACE="$(echo "$query" | sed -e 's/^.*\"kubectl_namespace\": *\"//' -e 's/\",.*$//g' -e 's/\\\"/\"/g')"
export TUNNEL_KUBECTL_NAMESPACE
TUNNEL_LOCAL_HOST="$(echo "$query" | sed -e 's/^.*\"local_host\": *\"//' -e 's/\".*$//g')"
export TUNNEL_LOCAL_HOST
TUNNEL_LOCAL_PORT="$(echo "$query" | sed -e 's/^.*\"local_port\": *\"//' -e 's/\".*$//g')"
export TUNNEL_LOCAL_PORT
TUNNEL_PARENT_WAIT_SLEEP="$(echo "$query" | sed -e 's/^.*\"parent_wait_sleep\": *\"//' -e 's/\",.*$//g' -e 's/\\\"/\"/g')"
export TUNNEL_PARENT_WAIT_SLEEP
TUNNEL_SHELL_CMD="$(echo "$query" | sed -e 's/^.*\"shell_cmd\": *\"//' -e 's/\",.*$//g' -e 's/\\\"/\"/g')"
export TUNNEL_SHELL_CMD
TUNNEL_SSH_CMD="$(echo "$query" | sed -e 's/^.*\"ssh_cmd\": *\"//' -e 's/\",.*$//g' -e 's/\\\"/\"/g')"
export TUNNEL_SSH_CMD
TUNNEL_SSM_DOCUMENT_NAME="$(echo "$query" | sed -e 's/^.*\"ssm_document_name\": *\"//' -e 's/\",.*$//g' -e 's/\\\"/\"/g')"
export TUNNEL_SSM_DOCUMENT_NAME
TUNNEL_SSM_OPTIONS="$(echo "$query" | sed -e 's/^.*\"ssm_options\": *\"//' -e 's/\",.*$//g' -e 's/\\\"/\"/g')"
export TUNNEL_SSM_OPTIONS
TUNNEL_TARGET_HOST="$(echo "$query" | sed -e 's/^.*\"target_host\": *\"//' -e 's/\".*$//g')"
export TUNNEL_TARGET_HOST
TUNNEL_TARGET_PORT="$(echo "$query" | sed -e 's/^.*\"target_port\": *\"//' -e 's/\".*$//g')"
export TUNNEL_TARGET_PORT
TUNNEL_TIMEOUT="$(echo "$query" | sed -e 's/^.*\"timeout\": *\"//' -e 's/\".*$//g')"
export TUNNEL_TIMEOUT
TUNNEL_CHECK_SLEEP="$(echo "$query" | sed -e 's/^.*\"tunnel_check_sleep\": *\"//' -e 's/\",.*$//g' -e 's/\\\"/\"/g')"
export TUNNEL_CHECK_SLEEP
TUNNEL_SSM_PROFILE="$(echo "$query" | sed -e 's/^.*\"ssm_profile\": *\"//' -e 's/\",.*$//g' -e 's/\\\"/\"/g')"
export TUNNEL_SSM_PROFILE
TUNNEL_SSM_ROLE="$(echo "$query" | sed -e 's/^.*\"ssm_role\": *\"//' -e 's/\",.*$//g' -e 's/\\\"/\"/g')"
export TUNNEL_SSM_ROLE
if [ "X$TUNNEL_CREATE" = X -o "X$TUNNEL_GATEWAY_HOST" = X ] ; then
# No tunnel - connect directly to target host
do_tunnel=''
cnx_host="$TUNNEL_TARGET_HOST"
cnx_port="$TUNNEL_TARGET_PORT"
else
do_tunnel='y'
cnx_host="$TUNNEL_LOCAL_HOST"
cnx_port="$TUNNEL_LOCAL_PORT"
fi
echo "{ \"host\": \"$cnx_host\", \"port\": \"$cnx_port\" }"
if [ -n "$do_tunnel" ] ; then
if ps_is_busybox ; then
p=$PPID
else
p=$(ps p $PPID -o "ppid=" | sed 's/ //g')
fi
clog=$(mktemp)
nohup timeout "$TUNNEL_TIMEOUT" "$TUNNEL_SHELL_CMD" "$TUNNEL_ABSPATH/tunnel.sh" "$p" <&- >&- 2>"$clog" &
TUNNEL_CHILD_PID=$!
# A little time for the SSH tunnel process to start or fail
sleep "$TUNNEL_PARENT_WAIT_SLEEP"
# If the child process does not exist anymore after this delay, report failure
if ! process_is_up "$TUNNEL_CHILD_PID" ; then
echo "Child process ($TUNNEL_CHILD_PID) failure - Aborting" >&2
echo "Child diagnostics follow:" >&2
cat "$clog" >&2
rm -f "$clog"
ret=1
fi
rm -f "$clog"
fi
else
#------ Child
if [ -n "$TUNNEL_DEBUG" ] ; then
exec 2>/tmp/t2.$$
set -x
env >&2
fi
TUNNEL_PID=""
TUNNEL_TODELETE=""
script="$TUNNEL_ABSPATH/gateways/$TUNNEL_TYPE.sh"
if [ ! -f "$script" ]; then
echo "$script: file not found"
fi
if [ -n "$TUNNEL_ENV" ]; then
eval "$TUNNEL_ENV"
fi
# Script must set $TUNNEL_PID
. "$script"
sleep "$TUNNEL_CHECK_SLEEP"
while true ; do
if ! process_is_up "$TUNNEL_PID" ; then
echo "SSH process ($TUNNEL_PID) failure - Aborting" >&2
[ -n "$TUNNEL_TODELETE" ] && /bin/rm -rf $TUNNEL_TODELETE
exit 1
fi
process_is_up "$TUNNEL_TF_PID" || break
sleep 1
done
kill $TUNNEL_PID
[ -n "$TUNNEL_TODELETE" ] && /bin/rm -rf $TUNNEL_TODELETE
fi
exit $ret