Add bridge support, for the varlink connection #2149
Conversation
|
Changed $ varlink call io.podman.GetInfo
{
"info": {
"host": {
"arch": "amd64",
"buildah_version": "1.6-dev",
"cpus": 1,
"distribution": {
"distribution": "fedora",
"version": "29"
},
"hostname": "localhost",
"kernel": "4.19.8-300.fc29.x86_64",
"mem_free": 175480832,
"mem_total": 1029746688,
"os": "linux",
"swap_free": 0,
"swap_total": 0,
"uptime": "24m 58.09s"
},
"insecure_registries": [],
"podman": {
"compiler": "gc",
"git_commit": "\"0c9259a2c84f6234a29dcd78674c3f4837fd3101\"",
"go_version": "go1.11.2",
"podman_version": "0.12.1.1"
},
"registries": [
"docker.io",
"registry.fedoraproject.org",
"quay.io",
"registry.access.redhat.com",
"registry.centos.org"
],
"store": {
"containers": 0,
"graph_driver_name": "overlay",
"graph_driver_options": "",
"graph_root": "/var/lib/containers/storage",
"graph_status": {
"backing_filesystem": "xfs",
"native_overlay_diff": "true",
"supports_d_type": "true"
},
"images": 0,
"run_root": "/var/run/containers/storage"
}
}
}
$ podman-remote info
host:
arch: amd64
buildah_version: 1.6-dev
cpus: 1
distribution:
distribution: fedora
version: "29"
hostname: localhost
kernel: 4.19.8-300.fc29.x86_64
mem_free: 172511232
mem_total: 1029746688
os: linux
swap_free: 0
swap_total: 0
uptime: 25m 3.85s
insecure registries:
registries: []
registries:
registries:
- docker.io
- registry.fedoraproject.org
- quay.io
- registry.access.redhat.com
- registry.centos.org
store:
containers: 0
graph_driver_name: overlay
graph_driver_options: ""
graph_root: /var/lib/containers/storage
graph_status:
backing_filesystem: xfs
native_overlay_diff: "true"
supports_d_type: "true"
images: 0
run_root: /var/run/containers/storage
And keeps the podman environment variables neatly prefixed (with |
|
Note that this approach is slightly different from Here the remote socket path is hardcoded, where |
libpod/adapter/client.go
Outdated
| if bridge := os.Getenv("PODMAN_VARLINK_BRIDGE"); bridge != "" { | ||
| connection, err = varlink.NewBridge(bridge) | ||
| } else { | ||
| socket := "unix:/run/podman/io.podman" |
There was a problem hiding this comment.
should we define this as a const?
There was a problem hiding this comment.
That is probably a good idea
|
I added a few comments. Thanks for the excellent PR. |
|
I think it is OK to provide the socket for now, similar to using 127.0.0.1 instead of localhost... But if I understand correctly, one is supposed to ask the varlink resolver for the address: $ varlink call org.varlink.resolver.Resolve '{ "interface": "io.podman" }'
{
"address": "unix:/run/podman/io.podman;mode=0600"
}There seems to be a go implementation: func (r *Resolver) Resolve(iface string) (string, error) It also seems that some people prefer to tunnel sockets, rather than using the bridge: $ ssh -L 127.0.0.1:1234:/run/podman/io.podman 192.168.122.29
$ python -m varlink.cli call tcp:127.0.0.1:1234/io.podman.Ping {}
{
"ping": {
"message": "OK"
}
}So it should probably be both a (default) const, as well as an actual parameter ? |
Read the $PODMAN_VARLINK_BRIDGE environment variable (normally looks like: "ssh user@host varlink bridge") Also respect $PODMAN_VARLINK_ADDRESS as an override, if using a different podman socket than the default. Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
I like idea of both. Covers more use cases. |
|
@afbjorklund @jwhonce @baude What is the state of this PR Now? |
|
I think @afbjorklund needs to address the comment from @jwhonce and we are good to go. |
|
I only saw "like idea of both", and think I addressed the import/logrus/const feedback already ? Currently having both alternatives, either the Not sure if you want to do your own ssh tunneling, or only support the "address" and the "bridge" ? The address parameter only allows sockets, so either |
|
Like so: $ podman-machine config
--username=root
--host=127.0.0.1
--port=37114
--identity-file=/home/anders/.local/machine/machines/box/id_rsa
$ podman-machine env
export PODMAN_USER="root"
export PODMAN_HOST="127.0.0.1"
export PODMAN_PORT="37114"
export PODMAN_IDENTITY_FILE="/home/anders/.local/machine/machines/box/id_rsa"
export PODMAN_IGNORE_HOSTS="true"
export PODMAN_MACHINE_NAME="box"
# Run this command to configure your shell:
# eval $(podman-machine env)
$ podman-machine env --varlink
export VARLINK_BRIDGE="/usr/bin/ssh -F /dev/null -o ConnectionAttempts=3 -o ConnectTimeout=10 -o ControlMaster=no -o ControlPath=none -o LogLevel=quiet -o PasswordAuthentication=no -o ServerAliveInterval=60 -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null root@127.0.0.1 -o IdentitiesOnly=yes -i /home/anders/.local/machine/machines/box/id_rsa -p 37114 varlink bridge"
export PODMAN_VARLINK_BRIDGE="$VARLINK_BRIDGE"
# Run this command to configure your shell:
# eval $(podman-machine env --varlink)But I dunno, the only thing I wanted was to be able to run the commands and it "just worked". So that you don't have to be saying "ssh user@host" or socket locations, every single command...
|
|
/approve |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: baude The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
the
approved
github-actions
bot
added
the
locked - please file new issue/PR
Read the $PODMAN_VARLINK_BRIDGE environment variable
Similar to the one in: varlink/libvarlink#10
Works OK, with the command available in
podman-machine:Looking forward to seeing more commands available remote!