-
Notifications
You must be signed in to change notification settings - Fork 262
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ghostunnel multi-connect. #106
Comments
Spoke with @mcpherrinm about this over Slack, but we'd love to have this so that we can secure comms between the servers in our ZooKeeper ensemble without requiring us to spin up N-1 ghostunnels (where N = number of ZK servers in ensemble) co-located alongside every individual ZooKeeper server. Without this we'll most likely use stunnel which has a whole set of problems in and of itself. |
Either reading from file or accepting multiple arguments could work. |
I would also appreciate such enhancement very much! |
I've previously tried to implement this in ghostunnel but decided to can it as a feature because it makes the codebase much more complicated and more prone to bugs. This is something that is much better handled by service managers which are commonplace these days. Service managers like systemd, launchd, runit, kubernetes, etc. can easily handle scheduling of multiple instances of the same program on a machine or cluster of machines. Plus, that way you can have each tunnel isolated in its own process, with its own privileges, you can apply resource limits for different instances, etc. etc. There's no way we can replicate all of that in ghostunnel. |
Add a new ghostunnel command to read client/servers from a file, and allow multiples of each.
This will allow easier connections for services which need multiple tunnels from the client (eg, when using sharded redis).
It also enables some other usages, like bidirectional tunnels, or meshes, which may prove useful in redis replication setups.
stunnel supports this, so this will unblock moving some remaining stunnels to ghostunnel
The text was updated successfully, but these errors were encountered: