containers
Podman (5.2.2, win32) can not remote to Podman (5.0.3, Alpine)
Issue Description
I followed the instructions given here: https://github.com/containers/podman/blob/main/docs/tutorials/mac_win_client.md and configured my Windows maschine and the RasPi4 running Alpine 3.20 appropriately:
PS C:\Users\ingwersenk> podman system connection ls
Name URI Identity Default ReadWrite
podman-machine-default ssh://[email protected]:65112/run/user/1000/podman/podman.sock C:\Users\ingwersenk\.local\share\containers\podman\machine\machine false true
podman-machine-default-root ssh://[email protected]:65112/run/podman/podman.sock C:\Users\ingwersenk\.local\share\containers\podman\machine\machine false true
senst-sv-vpnbro ssh://[email protected]:22/run/podman/podman.sock C:\Users\ingwersenk\.ssh\id_rsa true true
PS C:\Users\ingwersenk> ssh [email protected] ls -l /run/podman/podman.sock
srw------- 1 root root 0 Sep 17 08:54 /run/podman/podman.sock
So far, so good. However, this fails:
> podman --remote --connection=senst-sv-vpnbro --log-level=debug info
time="2024-09-17T09:04:15+02:00" level=info msg="C:\\Program Files\\RedHat\\Podman\\podman.exe filtering at log level debug"
time="2024-09-17T09:04:15+02:00" level=debug msg="Called info.PersistentPreRunE(C:\\Program Files\\RedHat\\Podman\\podman.exe --remote --connection=senst-sv-vpnbro --log-level=debug info)"
time="2024-09-17T09:04:15+02:00" level=debug msg="SSH Ident Key \"C:\\\\Users\\\\ingwersenk\\\\.ssh\\\\id_rsa\" SHA256:6CKksrhbQCnaqw5LxSe7dwBKKaU/eFJqb5ZKlf01Gdg ssh-rsa"
time="2024-09-17T09:04:15+02:00" level=debug msg="DoRequest Method: GET URI: http://d/v5.2.2/libpod/_ping"
time="2024-09-17T09:04:15+02:00" level=debug msg="Using Podman machine with `wsl` virtualization provider"
OS: windows/amd64
provider: wsl
version: 5.2.2
Cannot connect to Podman. Please verify your connection to the Linux system using `podman system connection list`, or try `podman machine init` and `podman machine start` to manage a new Linux VM
Error: unable to connect to Podman socket: Get "http://d/v5.2.2/libpod/_ping": ssh: rejected: connect failed (open failed)
time="2024-09-17T09:04:15+02:00" level=debug msg="Shutting down engines"
As far as I can tell, it can log in, but not open the socket. And I assume that it can not -L-map the UNIX socket into Windows - because, well, it's Windows. ;)
Steps to reproduce the issue
Steps to reproduce the issue
- Follow the instructions from the guide
- Add the connection, keys and settings
- Validate
/etc/containers/containers.conf - Attempt to query the info or run a container.
Describe the results you received
Describe the results you received
Describe the results you expected
As shown in the log above, I received an error. The assumption is that the UNIX socket can not be properly mapped.
podman info output
Local:
> podman --connection=podman-machine-default-root info
host:
arch: amd64
buildahVersion: 1.35.4
cgroupControllers:
- cpuset
- cpu
- cpuacct
- blkio
- memory
- devices
- freezer
- net_cls
- perf_event
- net_prio
- hugetlb
- pids
- rdma
- misc
cgroupManager: cgroupfs
cgroupVersion: v1
conmon:
package: conmon-2.1.10-1.fc40.x86_64
path: /usr/bin/conmon
version: 'conmon version 2.1.10, commit: '
cpuUtilization:
idlePercent: 99.37
systemPercent: 0.2
userPercent: 0.43
cpus: 12
databaseBackend: sqlite
distribution:
distribution: fedora
variant: container
version: "40"
eventLogger: journald
freeLocks: 2034
hostname: SENST-NB-KEIN
idMappings:
gidmap: null
uidmap: null
kernel: 5.15.146.1-microsoft-standard-WSL2
linkmode: dynamic
logDriver: journald
memFree: 567418880
memTotal: 8161320960
networkBackend: netavark
networkBackendInfo:
backend: netavark
dns:
package: aardvark-dns-1.10.0-1.fc40.x86_64
path: /usr/libexec/podman/aardvark-dns
version: aardvark-dns 1.10.0
package: netavark-1.10.3-3.fc40.x86_64
path: /usr/libexec/podman/netavark
version: netavark 1.10.3
ociRuntime:
name: crun
package: crun-1.15-1.fc40.x86_64
path: /usr/bin/crun
version: |-
crun version 1.15
commit: e6eacaf4034e84185fd8780ac9262bbf57082278
rundir: /run/crun
spec: 1.0.0
+SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
os: linux
pasta:
executable: /usr/bin/pasta
package: passt-0^20240510.g7288448-1.fc40.x86_64
version: |
pasta 0^20240510.g7288448-1.fc40.x86_64
Copyright Red Hat
GNU General Public License, version 2 or later
<https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
remoteSocket:
exists: true
path: /run/podman/podman.sock
rootlessNetworkCmd: ""
security:
apparmorEnabled: false
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: false
seccompEnabled: true
seccompProfilePath: /usr/share/containers/seccomp.json
selinuxEnabled: false
serviceIsRemote: true
slirp4netns:
executable: ""
package: ""
version: ""
swapFree: 2147483648
swapTotal: 2147483648
uptime: 1h 18m 52.00s (Approximately 0.04 days)
variant: ""
plugins:
authorization: null
log:
- k8s-file
- none
- passthrough
- journald
network:
- bridge
- macvlan
- ipvlan
volume:
- local
registries:
search:
- docker.io
store:
configFile: /usr/share/containers/storage.conf
containerStore:
number: 11
paused: 0
running: 2
stopped: 9
graphDriverName: overlay
graphOptions:
overlay.imagestore: /usr/lib/containers/storage
overlay.mountopt: nodev,metacopy=on
graphRoot: /var/lib/containers/storage
graphRootAllocated: 1081101176832
graphRootUsed: 17415852032
graphStatus:
Backing Filesystem: extfs
Native Overlay Diff: "false"
Supports d_type: "true"
Supports shifting: "false"
Supports volatile: "true"
Using metacopy: "true"
imageCopyTmpDir: /var/tmp
imageStore:
number: 19
runRoot: /run/containers/storage
transientStore: false
volumePath: /var/lib/containers/storage/volumes
version:
APIVersion: 5.0.3
Built: 1715299200
BuiltTime: Fri May 10 02:00:00 2024
GitCommit: ""
GoVersion: go1.22.2
Os: linux
OsArch: linux/amd64
Version: 5.0.3
(I used --connection here pointing to the local Podman machine. It otherwise runs into the authentication error from above.)
Remote:
# podman info
host:
arch: arm64
buildahVersion: 1.35.4
cgroupControllers:
- cpuset
- cpu
- io
- pids
cgroupManager: cgroupfs
cgroupVersion: v2
conmon:
package: conmon-2.1.12-r0
path: /usr/bin/conmon
version: 'conmon version 2.1.12, commit: unknown'
cpuUtilization:
idlePercent: 99.37
systemPercent: 0.36
userPercent: 0.27
cpus: 4
databaseBackend: sqlite
distribution:
distribution: alpine
version: 3.20.3
eventLogger: file
freeLocks: 2013
hostname: senst-nd-vpnbro
idMappings:
gidmap: null
uidmap: null
kernel: 6.6.49-0-rpi
linkmode: dynamic
logDriver: k8s-file
memFree: 3495817216
memTotal: 3977048064
networkBackend: netavark
networkBackendInfo:
backend: netavark
dns:
package: aardvark-dns-1.10.0-r0
path: /usr/libexec/podman/aardvark-dns
version: aardvark-dns 1.10.0
package: netavark-1.10.3-r0
path: /usr/libexec/podman/netavark
version: netavark 1.10.3
ociRuntime:
name: crun
package: crun-1.15-r0
path: /usr/bin/crun
version: |-
crun version 1.15
commit: e6eacaf4034e84185fd8780ac9262bbf57082278
rundir: /run/crun
spec: 1.0.0
+SELINUX +APPARMOR +CAP +SECCOMP +EBPF +YAJL
os: linux
pasta:
executable: /usr/bin/pasta
package: passt-2024.06.07-r0
version: |
pasta unknown version
Copyright Red Hat
GNU General Public License, version 2 or later
<https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
remoteSocket:
exists: true
path: /run/podman/podman.sock
security:
apparmorEnabled: false
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: false
seccompEnabled: true
seccompProfilePath: /etc/containers/seccomp.json
selinuxEnabled: false
serviceIsRemote: false
slirp4netns:
executable: ""
package: ""
version: ""
swapFree: 0
swapTotal: 0
uptime: 1h 4m 27.00s (Approximately 0.04 days)
variant: v8
plugins:
authorization: null
log:
- k8s-file
- none
- passthrough
network:
- bridge
- macvlan
- ipvlan
volume:
- local
registries:
search:
- docker.io
store:
configFile: /etc/containers/storage.conf
containerStore:
number: 3
paused: 0
running: 2
stopped: 1
graphDriverName: overlay
graphOptions:
overlay.mountopt: nodev
graphRoot: /var/lib/containers/storage
graphRootAllocated: 62227574784
graphRootUsed: 17312555008
graphStatus:
Backing Filesystem: extfs
Native Overlay Diff: "true"
Supports d_type: "true"
Supports shifting: "true"
Supports volatile: "true"
Using metacopy: "false"
imageCopyTmpDir: /var/tmp
imageStore:
number: 8
runRoot: /run/containers/storage
transientStore: false
volumePath: /var/lib/containers/storage/volumes
version:
APIVersion: 5.0.3
Built: 1720373660
BuiltTime: Sun Jul 7 19:34:20 2024
GitCommit: ""
GoVersion: go1.22.5
Os: linux
OsArch: linux/arm64
Version: 5.0.3
### Podman in a container
No
### Privileged Or Rootless
Privileged
### Upstream Latest Release
No
### Additional environment details
Windows: Podman installed via `winget`
winget show podman Gefunden Podman [RedHat.Podman] Version: 5.2.2 Herausgeber: Red Hat Herausgeber-URL: https://podman.io Herausgeber-Support-URL: https://podman.io/community Autor: Red Hat Inc. Beschreibung: Podman is a daemonless, open source, Linux native tool designed to make it easy to find, run, build, share and deploy applications using Open Containers Initiative (OCI) Containers and Container Images. Podman provides a command line interface (CLI) familiar to anyone who has used the Docker Container Engine. Most users can simply alias Docker to Podman (alias docker=podman) without any problems. Similar to other common Container Engines (Docker, CRI-O, containerd), Podman relies on an OCI compliant Container Runtime (runc, crun, runv, etc) to interface with the operating system and create the running containers. This makes the running containers created by Podman nearly indistinguishable from those created by any other common container engine. Startseite: https://podman.io Lizenz: Apache-2.0 Lizenz-URL: https://github.com/containers/podman/blob/main/LICENSE Versionshinweise: Bugfixes
- Fixed a bug where rootless Podman could fail to validate the runtime's volume path on systems with a symlinked /home (#23515). Misc
- Updated Buildah to v1.37.2
- Updated the containers/common library to v0.60.2
- Updated the containers/image library to v5.32.2 URL der Versionshinweise: https://github.com/containers/podman/releases/tag/v5.2.2 Dokumentation: Documentation: https://podman.io/docs Markierungen: container docker image pod Installationsprogramm: Installertyp: burn Installer-URL: https://github.com/containers/podman/releases/download/v5.2.2/podman-5.2.2-setup.exe Sha256-Installer: 6f0657682e44408d3f9d140abd3e122ba728eda2591e0721f810ea8749358cdc Freigabedatum: 2024-08-21 Unterstützte Offlineverteilung: true
Alpine: Podman installed via `apk`
apk info podman
podman-5.0.3-r2 description: Simple management tool for pods, containers and images
podman-5.0.3-r2 webpage: https://podman.io/
podman-5.0.3-r2 installed size: 44 MiB
### Additional information
Because of the way our AD is structured and set up, and the fact that host-to-container mounts from Windows into Podman are a little sucky-wucky, I want to run Podman remotely on a bare-metal Linux system. So, I grabbed a generic RasPi4, put Alpine on it, installed Podman, added it to the default services...and hope to use it as a better Podman maschine. :)
on the alpine host, does /run/podman/podman.sock exist?
Nice writeup by the way.
Yep, it exists with 600 permissions (-rw-------).
Thanks! =)
EDIT:
# ls -l /run/podman/podman.sock
srw------- 1 root root 0 Sep 17 08:54 /run/podman/podman.sock=
and if you pop into the machine (podman machine os), can you use curl to interact with the socket?
A friendly reminder that this issue had no activity for 30 days.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}