Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Switch between local and remote podman connections #1824

Closed
benniekiss opened this issue Aug 16, 2024 · 6 comments
Closed

Switch between local and remote podman connections #1824

benniekiss opened this issue Aug 16, 2024 · 6 comments
Labels
enhancement New feature or request

Comments

@benniekiss
Copy link
Contributor

Add a drop-down menu to select between remote podman engines configured in containers.conf

Selecting a remote engine would show all of the containers running through that engine, allowing an admin to control the containers as if they were running on the host.

@benniekiss benniekiss added the enhancement New feature or request label Aug 16, 2024
@benniekiss benniekiss changed the title Switch between local and remote podman connects Switch between local and remote podman connections Aug 16, 2024
@benniekiss
Copy link
Contributor Author

Im not sure if this would be subject to the same vulnerabilities as host switching, but if not, it would fill one of voids left by it and in general centralize some management flows

@jelly
Copy link
Member

jelly commented Aug 19, 2024

Can you provide a bit more information about podman engines? This is the first time I have heard about this. The second follow up question would be, does the podman REST API expose this? As everything we do (listing containers, creating, etc.) is done via the podman REST API.

@benniekiss
Copy link
Contributor Author

benniekiss commented Aug 19, 2024

Definitely. The podman CLI allows you to control remote connections, and those can be preconfigured in containers.conf. The remote connections are just locations of other podman sockets, which can even be reached via SSH. Podman Desktop actually exposes these in the UI if they are configured in containers.conf and the option is on in preferences.

I do not think it is possible to reach a remote connection via another socket, however, I was looking in the code, and it seems that the function getAddress() could be refactored to select from a list of available engines rather than just the system or user socket.

I dont think there is currently ssh support in the package, but in my brief research, I learned the VS-Code dev container extension documents how to connect to a remote socket over ssh, and it relies on the SSH Remote extension which in turn uses the ssh2 npm package, so there are other examples of this same functionality

EDIT: I've been saying "engines", but what I mean are actually "service connections"

@GongT
Copy link

GongT commented Sep 9, 2024

I don't want podman container run as current cockpit user, that user have too many privileges. Now this plugin will not work if cockpit user's "podman.socket" not listening. I Really don't want any container run by this user. (this is why I comes here)

I think "the podman REST API" has no way to expose this. Because this config is actually tells podman "where is the REST API", you can't call any API before know where to connect, of course.

BTW, there is two file can configure remote uri, containers.conf(5), and podman-connections.json (document in podman-system-connection(1)).

@jelly
Copy link
Member

jelly commented Jan 14, 2025

I think we should not try to implement this, Cockpit is a per host solution. So if you want to list containers from a different host you can connect with Cockpit to that remote host over ssh with for example Cockpit Client.

Showing remote containers means we would have to re-architect the UI to be able to show where a container or image is from which makes things more complicated.

@benniekiss
Copy link
Contributor Author

That makes sense to me. Thank you for the consideration!

@benniekiss benniekiss closed this as not planned Won't fix, can't repro, duplicate, stale Jan 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

3 participants