-
Notifications
You must be signed in to change notification settings - Fork 90
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Switch between local and remote podman connections #1824
Comments
Im not sure if this would be subject to the same vulnerabilities as host switching, but if not, it would fill one of voids left by it and in general centralize some management flows |
Can you provide a bit more information about podman engines? This is the first time I have heard about this. The second follow up question would be, does the podman REST API expose this? As everything we do (listing containers, creating, etc.) is done via the podman REST API. |
Definitely. The podman CLI allows you to control remote connections, and those can be preconfigured in I do not think it is possible to reach a remote connection via another socket, however, I was looking in the code, and it seems that the function getAddress() could be refactored to select from a list of available engines rather than just the system or user socket. I dont think there is currently ssh support in the package, but in my brief research, I learned the VS-Code dev container extension documents how to connect to a remote socket over ssh, and it relies on the SSH Remote extension which in turn uses the ssh2 npm package, so there are other examples of this same functionality EDIT: I've been saying "engines", but what I mean are actually "service connections" |
I don't want podman container run as current cockpit user, that user have too many privileges. Now this plugin will not work if cockpit user's "podman.socket" not listening. I Really don't want any container run by this user. (this is why I comes here) I think "the podman REST API" has no way to expose this. Because this config is actually tells podman "where is the REST API", you can't call any API before know where to connect, of course. BTW, there is two file can configure remote uri, |
I think we should not try to implement this, Cockpit is a per host solution. So if you want to list containers from a different host you can connect with Cockpit to that remote host over ssh with for example Cockpit Client. Showing remote containers means we would have to re-architect the UI to be able to show where a container or image is from which makes things more complicated. |
That makes sense to me. Thank you for the consideration! |
Add a drop-down menu to select between remote podman engines configured in
containers.conf
Selecting a remote engine would show all of the containers running through that engine, allowing an admin to control the containers as if they were running on the host.
The text was updated successfully, but these errors were encountered: