-
Notifications
You must be signed in to change notification settings - Fork 50
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for static unix socket forwarding over ssh #58
Conversation
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: n1hility The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
4f14754
to
78137af
Compare
eaffd0e
to
483a685
Compare
13b3269
to
227286f
Compare
Looks like you have to rebase. |
LGTM |
Minor comments for me, lgtm Sorry for the conflicts.. |
@guillaumerose np, I moved it over. I did need to add one method to virtualnetwork (DialContextTCP), so the impact is minimal there. I have not had a chance to repeat manual testing/verification will do that today. |
/hold |
@guillaumerose just got a few mins to do some extra manual testing after the package change and all looks good. |
/remove-hold |
Thanks a lot! lgtm 👍 |
@n1hility what is the next step now. |
@n1hility [Have you added | will you add] call to this new functionality in |
@matejvasek yes i am just doing the windows PR now, will next propose a change for mac consuming this pr. I will post an update comment to containers/podman#11462 |
Implements static Unix socket forward over ssh. The primary use case is forwarding docker API clients that do not support SSH and need to forward traffic to the VM.
This PR adds 4 command line parameters, which can be called out by podman machine to create a single unix socket forward:
--forward-sock
,--forward-dest
,--forward-user
, and--forward-identity
As is the case with the previous podman specific prototype, this implementation supports auto-reconnecting in the case of connection failures and timeouts.
This implementation temporarily utilizes a modified version of the podman ssh client connection code. Ideally, this would be replaced with a future shared vendor module.
While this should function on Windows, properly handling win Docker API clients will require Named Pipe support. I will look at contributing that in a future PR after Mac is fully operational.