feat(platform): support socks5 proxy (tkestack#2206)

* feat(platform): support socks5 proxy

* feat(platform): support socks5 proxy

api/platform/cluster.go

@@ -52,6 +52,12 @@ func (in *ClusterMachine) SSH() (*ssh.SSH, error) {
  proxy.DialTimeOut = time.Second
  proxy.Retry = 0
  sshConfig.Proxy = proxy
+ case SOCKS5:
+ proxy := ssh.SOCKS5{}
+ proxy.Host = in.Proxy.IP
+ proxy.Port = int(in.Proxy.Port)
+ proxy.DialTimeOut = time.Second
+ sshConfig.Proxy = proxy
  }
  return ssh.New(sshConfig)
 }

api/platform/types.go

@@ -97,7 +97,8 @@ type ProxyType string
 const (
  // SSH jumper server proxy
  SSHJumpServer ProxyType = "SSHJumpServer"
- // SOCKS5 ProxyType = "SOCKS5"
+ // SOCKS5 proxy
+ SOCKS5 ProxyType = "SOCKS5"
 )
 
 const (

api/platform/v1/cluster.go

@@ -55,6 +55,12 @@ func (in *ClusterMachine) SSH() (*ssh.SSH, error) {
  proxy.DialTimeOut = time.Second
  proxy.Retry = 0
  sshConfig.Proxy = proxy
+ case SOCKS5:
+ proxy := ssh.SOCKS5{}
+ proxy.Host = in.Proxy.IP
+ proxy.Port = int(in.Proxy.Port)
+ proxy.DialTimeOut = time.Second
+ sshConfig.Proxy = proxy
  }
  return ssh.New(sshConfig)
 }

api/platform/v1/types.go

@@ -108,7 +108,8 @@ type ProxyType string
 const (
  // SSH jumper server proxy
  SSHJumpServer ProxyType = "SSHJumpServer"
- // SOCKS5 ProxyType = "SOCKS5"
+ // SOCKS5 proxy
+ SOCKS5 ProxyType = "SOCKS5"
 )
 
 const (

pkg/platform/provider/baremetal/validation/cluster.go

@@ -217,6 +217,12 @@ func ValidateClusterMachines(cls *platform.Cluster, fldPath *field.Path) field.E
  sshproxy.DialTimeOut = time.Second
  sshproxy.Retry = 0
  proxy = sshproxy
+ case platform.SOCKS5:
+ socks5proxy := ssh.SOCKS5{}
+ socks5proxy.Host = one.Proxy.IP
+ socks5proxy.Port = int(one.Proxy.Port)
+ socks5proxy.DialTimeOut = time.Second
+ proxy = socks5proxy
  }
  if isNeedValidateForDynamicItem(AnywhereValidateItemTunnelConnectivity, cls) {
  proxyErrs = append(proxyErrs, ValidateProxy(fldPath.Index(i), proxy)...)

pkg/util/ssh/socks5_proxy.go

@@ -0,0 +1,76 @@
+/*
+ * Tencent is pleased to support the open source community by making TKEStack
+ * available.
+ *
+ * Copyright (C) 2012-2022 Tencent. All Rights Reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may not use
+ * this file except in compliance with the License. You may obtain a copy of the
+ * License at
+ *
+ * https://opensource.org/licenses/Apache-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OF ANY KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations under the License.
+ */
+
+package ssh
+
+import (
+ "fmt"
+ "net"
+ "time"
+
+ "golang.org/x/net/proxy"
+ "tkestack.io/tke/pkg/util/log"
+)
+
+type SOCKS5 struct {
+ Host string
+ Port int
+ User string
+ Password string
+ DialTimeOut time.Duration
+}
+
+func (sk SOCKS5) ProxyConn(targetAddr string) (net.Conn, func(), error) {
+ addr := net.JoinHostPort(sk.Host, fmt.Sprintf("%d", sk.Port))
+ dialer, err := proxy.SOCKS5("tcp", addr, nil, proxy.Direct)
+ if err != nil {
+ log.Errorf("get socks5 dialer to %s failed: %v", addr, err)
+ return nil, nil, err
+ }
+
+ type result struct {
+ conn net.Conn
+ err error
+ }
+ ch := make(chan result, 1)
+ go func() {
+ conn, err := dialer.Dial("tcp", targetAddr)
+ if err != nil {
+ log.Errorf("proxy %s dial %s failed: %v", addr, targetAddr)
+ } else {
+ log.Debugf("proxy %s dial %s sucess", addr, targetAddr)
+ }
+ r := result{conn: conn, err: err}
+ ch <- r
+ }()
+ select {
+ case r := <-ch:
+ return r.conn,
+ func() {
+ r.conn.Close()
+ },
+ r.err
+ case <-time.After(sk.DialTimeOut):
+ return nil, nil, fmt.Errorf("proxy %s dial %s time out in %s", addr, targetAddr, sk.DialTimeOut.String())
+ }
+}
+
+func (sk SOCKS5) CheckTunnel() error {
+ _, err := proxy.SOCKS5("tcp", net.JoinHostPort(sk.Host, fmt.Sprintf("%d", sk.Port)), nil, proxy.Direct)
+ return err
+}