Exec should work even on servers without public IP

[shouze]

PAIN POINT

ATM we can't scw exec on some machine with no public IP attached.

DIAGNOSTIC

exec CMD looks to rely on a call to utils.SSHExec.
So... we could use some ssh tunneling to keep it working under this kind of circumstances.

PROPOSALS

1. Scaleway brings a very secured SSH Gateway for all of its customers. scw uses this ssh gateway for all machines without public IP. Cons: it's not easy to provide & maintain a very secured service of that kind.
2. Customers can use one of their machines with public IP to access to their backend machine. This is probably the best solution.

Whatever the solution, exec can have an option -g, --gateway=SERVER. Also, a general exec_gateway config parameter could be set to avoid passing this parameter at each exec call.

[edouardb]

👍 for option 2

[aimxhaisse]

also 👍 for option 2

[moul]

👍 for option 2

[moul]

@shouze, can you try again ?

We need to add some minor fixes, but you should be able to use it right now

[shouze]

@moul it works like a charm! Just a design feedback: the -g option value should be a server hash reference imho.

Why?

If we accept an IPv4 value we pretty kill the beauty of the thing. Moreover, we can't pass a public IP of a gateway outside of Scaleway network so a reference is to me a definitive way to not have to manage this problem. The reference hash need to be resolved the same way the hash of the endpoint machine is resolved of course.

[moul]

yes 👍

[moul]

@shouze, can you try again with: scw exec --gateway=myotherserver myserver bash ?

[shouze]

@moul works like a charm!

[moul]

Those options are now available in the release v1.3.0 version