You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@aurora.apache.org by Giulio Eulisse <gi...@cern.ch> on 2016/08/25 10:15:49 UTC
SOCKS proxy
Hi,
I\u2019ve a working Aurora installation which I am evaluating. Since the
setup is behind a SSH gateway, I would like to use the aurora client on
my mac and use a SOCKS proxy. This works well for the web GUI, but I
could not find a way to get the cli to work. I see there is an issue
open:
https://issues.apache.org/jira/browse/AURORA-861
but no progress. Is it possible at all?
--
Ciao,
Giulio
Re: SOCKS proxy
Posted by Giulio Eulisse <gi...@cern.ch>.
Ciao,
for the record in the end I did something different.
Given our authentication frontend allows us authenticate by passing time
limited cookies in the request [1], I added cookie based authentication
in the aurora client.
See https://reviews.apache.org/r/51893/ if you are interested.
Thanks again for the help.
--
Ciao,
Giulio
[1]: http://linux.web.cern.ch/linux/docs/cernssocookie.shtml
On 27 Aug 2016, at 18:50, Stephan Erb wrote:
> I had a short look at the code. It seems like there is no support for
> SOCKS proxies, at least not out of the box.
>
> Our client speaks to the scheduler using HTTP. It supports two
> connections mechanisms, both realized via subclasses of
> SchedulerClient
> [1]:
>
> * ZookeeperSchedulerClient: It gets the leading scheduler from the
> configured Zookeeper ensemble.
> * DirectSchedulerClient: Uses the 'scheduler_uri' from our client
> cluster configuration [2]
>
> If you can point your 'scheduler_uri' to a HTTP reverse proxy which
> routes through your firewall, you should be able to make it work.
>
> If you need true support for SOCKS, you will have to play around with
> the proxy settings of 'requests' which we use for connecting with the
> scheduler [3]. You'll probably need to bump our requests version to
> get
> the SOCKS support in.
>
> Best Regards,
> Stephan
>
> [1] https://github.com/apache/aurora/blob/b24619b28c4dbb35188871bacd0091a9e01218e3/src/main/python/apache/aurora/client/api/scheduler_client.py#L62
> [2] https://github.com/apache/aurora/blob/master/docs/reference/client-cluster-configuration.md
> [3] http://docs.python-requests.org/en/master/user/advanced/#proxies
>
> On Do, 2016-08-25 at 12:15 +0200, Giulio Eulisse wrote:
>> Hi,
>>
>> I’ve a working Aurora installation which I am evaluating. Since
>> the
>> setup is behind a SSH gateway, I would like to use the aurora client
>> on
>> my mac and use a SOCKS proxy. This works well for the web GUI, but
>> I
>> could not find a way to get the cli to work. I see there is an
>> issue
>> open:
>>
>> https://issues.apache.org/jira/browse/AURORA-861
>>
>> but no progress. Is it possible at all?
>>
Re: SOCKS proxy
Posted by Giulio Eulisse <gi...@cern.ch>.
Dear Stephan,
thank you for your reply. I guess the proper solution is simply to do
the reverse proxy, as you suggest.
I’ve a separate question, though. In our setup username and group are
passed as HTTP headers, for historical reasons. I guess I need a custom
Shiro Realm to read those from the headers and map it to aurora users,
correct? Do you know if there is anything already available for that?
Thank you again for your time.
--
Ciao,
Giulio
On 27 Aug 2016, at 18:50, Stephan Erb wrote:
> I had a short look at the code. It seems like there is no support for
> SOCKS proxies, at least not out of the box.
>
> Our client speaks to the scheduler using HTTP. It supports two
> connections mechanisms, both realized via subclasses of
> SchedulerClient
> [1]:
>
> * ZookeeperSchedulerClient: It gets the leading scheduler from the
> configured Zookeeper ensemble.
> * DirectSchedulerClient: Uses the 'scheduler_uri' from our client
> cluster configuration [2]
>
> If you can point your 'scheduler_uri' to a HTTP reverse proxy which
> routes through your firewall, you should be able to make it work.
>
> If you need true support for SOCKS, you will have to play around with
> the proxy settings of 'requests' which we use for connecting with the
> scheduler [3]. You'll probably need to bump our requests version to
> get
> the SOCKS support in.
>
>
> Best Regards,
> Stephan
>
>
> [1] https://github.com/apache/aurora/blob/b24619b28c4dbb35188871bacd0091a9e01218e3/src/main/python/apache/aurora/client/api/scheduler_client.py#L62
> [2] https://github.com/apache/aurora/blob/master/docs/reference/client-cluster-configuration.md
> [3] http://docs.python-requests.org/en/master/user/advanced/#proxies
>
> On Do, 2016-08-25 at 12:15 +0200, Giulio Eulisse wrote:
>> Hi,
>>
>> I’ve a working Aurora installation which I am evaluating. Since
>> the
>> setup is behind a SSH gateway, I would like to use the aurora client
>> on
>> my mac and use a SOCKS proxy. This works well for the web GUI, but
>> I
>> could not find a way to get the cli to work. I see there is an
>> issue
>> open:
>>
>> https://issues.apache.org/jira/browse/AURORA-861
>>
>> but no progress. Is it possible at all?
>>
Re: SOCKS proxy
Posted by Stephan Erb <se...@apache.org>.
I had a short look at the code. It seems like there is no support for
SOCKS proxies, at least not out of the box.
Our client speaks to the scheduler using HTTP. It supports two
connections mechanisms, both realized via subclasses of SchedulerClient
[1]:�
* ZookeeperSchedulerClient: It gets the leading scheduler from the
configured Zookeeper ensemble.
* DirectSchedulerClient: Uses the 'scheduler_uri' from our client
cluster configuration [2]
If you can point your 'scheduler_uri' to a HTTP reverse proxy which
routes through your firewall, you should be able to make it work.
If you need true support for SOCKS, you will have to play around with
the proxy settings of 'requests' which we use for connecting with the
scheduler [3]. You'll probably need to bump our requests version to get
the SOCKS support in.
Best Regards,
Stephan
[1]�https://github.com/apache/aurora/blob/b24619b28c4dbb35188871bacd0091a9e01218e3/src/main/python/apache/aurora/client/api/scheduler_client.py#L62
[2]�https://github.com/apache/aurora/blob/master/docs/reference/client-cluster-configuration.md
[3]�http://docs.python-requests.org/en/master/user/advanced/#proxies
On Do, 2016-08-25 at 12:15 +0200, Giulio Eulisse wrote:
> Hi,
>
> I\u2019ve a working Aurora installation which I am evaluating. Since the�
> setup is behind a SSH gateway, I would like to use the aurora client
> on�
> my mac and use a SOCKS proxy. This works well for the web GUI, but I�
> could not find a way to get the cli to work. I see there is an issue�
> open:
>
> https://issues.apache.org/jira/browse/AURORA-861
>
> but no progress. Is it possible at all?
>