Search

CN-122027678-A - Remote access method, device, equipment and storage medium of container instance host

CN122027678ACN 122027678 ACN122027678 ACN 122027678ACN-122027678-A

Abstract

The application provides a remote access method, device, equipment and storage medium of a container instance host, which are applied to a management platform and comprise the steps of responding to a remote command execution request of a user client to a target container instance host, carrying out authorization verification on the user client, determining a corresponding target persistent network connection from a plurality of persistent network connections pre-established with the management platform based on the identification of the target container instance host after the authorization verification is passed, forwarding the remote command execution request to a proxy service on the target container instance host through the target persistent network connection so as to trigger the proxy service to execute a corresponding command, receiving a command execution result returned by the proxy service through the target persistent network connection, and returning the command execution result to the user client.

Inventors

  • Yang Aohan

Assignees

  • 北京金山云网络技术有限公司

Dates

Publication Date
20260512
Application Date
20260225

Claims (10)

  1. 1. A method for remote access by a container instance host, applied to a management platform, the method comprising: responding to a remote command execution request of a user client to a target container instance host, and carrying out authorization verification on the user client; After authorization verification is passed, determining corresponding target persistent network connections from a plurality of persistent network connections pre-established with the management platform based on the identification of the target container instance host, wherein each of the persistent network connections is actively initiated and maintained to the management platform by a proxy service on the respective corresponding container instance host; Forwarding the remote command execution request to a proxy service located on the target container instance host through the target persistent network connection to trigger the proxy service to execute a corresponding command; And receiving a command execution result returned by the proxy service through the target persistent network connection, and returning the command execution result to the user client.
  2. 2. The method of claim 1, further comprising, prior to said responding to the user client execution request for the remote command to the target container instance host: In response to a network connection request initiated by a proxy service on a container instance host, authenticating the proxy service; After passing the identity authentication, establishing a persistent network connection with the proxy service; And binding and storing the persistent network connection and the identification of the container instance host.
  3. 3. The method according to claim 2, wherein the method further comprises: Determining a request type of the network connection request; and determining an access strategy for the container instance host according to the request type.
  4. 4. A method according to claim 3, wherein the request types include a failback type for characterizing network connection requests initiated by proxy services initiated by the container instance host upon monitoring for an abnormal exit of the primary service process; the determining the access strategy to the container instance host according to the request type comprises the following steps: And setting an access policy of the container instance host to a fault debugging mode in the case that the request type is the fault recovery type, wherein in the fault debugging mode, a remote command execution request passing authorization verification is allowed to be accessed, and the access is limited to a preset command set for system diagnosis.
  5. 5. A method according to claim 3, wherein the request type includes a user authorization type, the user authorization type being used for characterizing a network connection request initiated by a proxy service loaded and operated by a main service process after receiving a debug authorization instruction issued by the management platform by a container instance host; the determining the access strategy to the container instance host according to the request type comprises the following steps: And setting the access strategy of the container instance host machine into an authorized debugging mode under the condition that the request type is user authorization, wherein in the authorized debugging mode, the remote command execution request passing the authorization verification is allowed to be accessed, and the access provides a complete interactive command line interface.
  6. 6. The method of claim 1, wherein the remote command execution request is an interactive session request; said forwarding said remote command execution request to a proxy service located on said target container instance host over said target persistent network connection, comprising: sending an instruction to initiate an interactive session to the proxy service over the target persistent network connection; And after the interactive session is started, forwarding an input command from the user client to the proxy service in real time through the target persistent network connection.
  7. 7. The method of claim 6, wherein receiving the command execution results returned by the proxy service over the target persistent network connection comprises: Continuously receiving command execution data generated by the proxy service in the interactive session through the target persistent network connection, wherein the command execution data comprises normal result data and abnormal result data; and returning the command execution data to the user client as a real-time output data stream.
  8. 8. A remote access device for a container instance host, the device comprising: The verification module is used for responding to a remote command execution request of a user client to a target container instance host and carrying out authorization verification on the user client; The first determining module is used for determining corresponding target persistent network connections from a plurality of persistent network connections pre-established with the management platform based on the identification of the target container instance host after the authorization verification is passed, wherein each persistent network connection is actively initiated and maintained to the management platform by a proxy service on the corresponding container instance host; The forwarding module is used for forwarding the remote command execution request to a proxy service positioned on the target container instance host machine through the target persistent network connection so as to trigger the proxy service to execute a corresponding command; and the receiving module is used for receiving a command execution result returned by the proxy service through the target persistent network connection and returning the command execution result to the user client.
  9. 9. An electronic device comprising a processor and a memory, the processor configured to execute a remote access program of a container instance host stored in the memory to implement the remote access method of the container instance host of any one of claims 1-7.
  10. 10. A storage medium storing one or more programs executable by one or more processors to implement the method of remote access of a container instance host of any of claims 1-7.

Description

Remote access method, device, equipment and storage medium of container instance host Technical Field The present application relates to the field of cloud computing technologies, and in particular, to a method, an apparatus, a device, and a storage medium for remote access of a container instance host. Background In the field of cloud computing, the Container instance service (Container INSTANCE SERVICE) has been widely adopted as an efficient application deployment model. In this model, the user's application container runs on top of the underlying virtualization host provided by the cloud service provider. When troubleshooting or system debugging is required, the operation and maintenance personnel must be able to remotely log in to these hosts to execute commands inside, which places extremely high demands on the reliability of the operation and maintenance channel. Currently, a common approach to achieving such remote access is to employ a connection architecture that is initiated by the control platform on demand. Specifically, when a user needs to access a host, the central management platform may attempt to initiate a temporary network connection, such as a Secure Shell (Secure Shell) based connection, to the target virtual machine. After the connection is successfully established, the user can execute the command on the target host through the session. Normal operation of this mode is entirely dependent on the corresponding service process on the target host being in an active and healthy state, capable of receiving and responding to connection requests from outside. However, the "connection on demand" mode in the prior art schemes described above is inherently unreliable, and any network fluctuations or system load can cause connection setup failure, such that the remote command execution channel cannot be reliably enabled when needed. Disclosure of Invention The application provides a remote access method, a device, equipment and a storage medium of a container instance host machine, which are used for solving the problem that the connection establishment failure can be caused by any network fluctuation or system load in the prior art because of inherent unreliability of an on-demand connection mode, so that a remote command execution channel can not be reliably started when needed. In a first aspect, the present application provides a remote access method for a container instance host, applied to a management platform, including: responding to a remote command execution request of a user client to a target container instance host, and carrying out authorization verification on the user client; After authorization verification is passed, determining corresponding target persistent network connections from a plurality of persistent network connections pre-established with the management platform based on the identification of the target container instance host, wherein each of the persistent network connections is actively initiated and maintained to the management platform by a proxy service on the respective corresponding container instance host; Forwarding the remote command execution request to a proxy service located on the target container instance host through the target persistent network connection to trigger the proxy service to execute a corresponding command; And receiving a command execution result returned by the proxy service through the target persistent network connection, and returning the command execution result to the user client. In one possible implementation manner, before the responding to the remote command execution request of the target container instance host by the user client, the method further comprises: In response to a network connection request initiated by a proxy service on a container instance host, authenticating the proxy service; After passing the identity authentication, establishing a persistent network connection with the proxy service; And binding and storing the persistent network connection and the identification of the container instance host. In one possible embodiment, the method further comprises: Determining a request type of the network connection request; and determining an access strategy for the container instance host according to the request type. In one possible implementation, the request type includes a fault recovery type, where the fault recovery type is used to characterize a network connection request initiated by a proxy service initiated by the container instance host after detecting an abnormal exit of the main service process; the determining the access strategy to the container instance host according to the request type comprises the following steps: And setting an access policy of the container instance host to a fault debugging mode in the case that the request type is the fault recovery type, wherein in the fault debugging mode, a remote command execution request passing authorization verification is allowed to be accessed,