Using a REST-Based Pipe to Keep Systems Connected

You’ll eventually need a bidirectional pipe/bridge between environments/subnets, and an infrastructure-level pipe/VPN connection would be overkill. You might consider using SSH multiplexing, which allows you to:

• Track the state of a named SSH connection.
• Reuse the same connection for subsequent calls into the same server.

However, multiplexing has two fairly large disadvantages:

• In order to get bidirectional communication, you’ll have to start stacking forward- and reverse-tunnels on top of the connection, and this gets complicated.
• If you need to access the pipe from an application, then there’s a degree of risk in depending on an elaborately-configured console utility in order for your application to work correctly. There is no API.

To a lesser degree, you might also have to adhere to certain security restrictions. For example, you might only allowed to connect in one direction, to one port.

Instead of writing your own socket server, forming your own socket protocol, writing your own heartbeat mechanism, and writing adapters for your applications on both the client and server systems, you might consider RestPipe.

RestPipe

RestPipe is a solution that aggressively maintains a bidirectional connection from one or more client machines to a single server. If the client needs to talk to the server, the client talks to a local webserver that translates the request to a message over an SSL-authenticated socket (written using coroutines/greenlets and Protocol Buffers), the server passes the request to your event-handler, and the response is forwarded back as a response to the original web-request. The same process also works in reverse if the server wants to talk to the client, and provides the hostname as a part of the URL.

Setup

The documentation is fairly complete. To get it going quickly on a development system:

1. Use CaKit to generate a CA identity, server identity, and client identity.
2. Install the restpipe package using PyPI.
3. Start the server.
4. Start the client.
5. Use cURL to make a request to either the server (which will query the client), or the client (which will query the server).

Examples Queries (Available by Default)

• $ curl http://rpclient.local/server/time && echo
  {"time_from_server": 1402897823.882672}
  

• $ curl http://rpserver.local/client/localhost/time && echo
  {"time_from_client": 1402897843.879908}
  

• $ curl http://rpclient.local/server/cat//hello%20/world && echo
  {"result_from_server": "hello world"}
  

• $ curl http://rpserver.local/client/localhost/cat//hello%20/world && echo
  {"result_from_client": "hello world"}