[Podman] Re: Unable to connect to container using varlink

On Tue, Aug 13, 2019 at 1:19 PM Daniel Walsh <dwalsh(a)redhat.com&gt; wrote: I think you mean: dnf install libvarlink and/or dnf install python3-varlink and both libvarlink and python3-varlink were included in the RHEL 8.0 GA. josh > > On 8/13/19 12:26 PM, niranjan(a)ashoo.in wrote: > > > > On Tue, Aug 13, 2019, at 12:44 AM, Brent Baude wrote: > >> You can manually do this quite easily. Example, in one terminal run > >> podman varlink as a regular user to setup the endpoint: > >> > >> bin/podman --log-level=debug varlink --timeout 0 > >> unix:/run/user/1000/io.podman > >> > >> i think people favor the endpoint to be /run/user/num/podman/io.podman > >> if you prefer that. > >> > >> In another terminal window, you can verify the endpoint like: > >> > >> varlink call unix:/run/user/1000/io.podman/io.podman.GetVersion > >> { > >> "built": "1969-12-31T18:00:00-06:00", > >> "git_commit": "", > >> "go_version": "go1.12.7", > >> "os_arch": "linux/amd64", > >> "remote_api_version": 1, > >> "version": "1.5.1-dev" > >> } > >> > >> I'm not familiar enough with systemd to do the setup as a regular user > >> but this should be possible as well. > >> > > On my RHEL8 system with podman (verison:podman-1.0.0-2.git921f98f.module+el8+2785+ff8a053f.x86_64) I get error when i do the below: > > > > $ podman --log-level=debug varlink --timeout=0 unix:/run/user/11567/io.podman > > INFO[0000] running as rootless > > Command "varlink" not found. > > See `podman --help`. > > > > Is there a specific version of podman that i should be using ? > > > > > > > >> On Mon, 2019-08-12 at 08:55 -0400, Daniel Walsh wrote: > >>> You need to have podman varlink running locally in your homedir for > >>> this to work. I know their is effort to make this happen seamlessly. > >>> > >>> I know that the Cockpit team have been working on making this happen, > >>> but I need Jhon or Brent or Martin to chime in on how it works (Or > >>> doesn't) > >>> > >>> On 8/12/19 2:37 AM, niranjan(a)ashoo.in wrote: > >>>> On Fri, Aug 9, 2019, at 11:54 AM, niranjan(a)ashoo.in wrote: > >>>>> On Fri, Aug 9, 2019, at 11:44 AM, Alex Jia wrote: > >>>>>> Hi Niranjan, > >>>>>> > >>>>>> default access permission is 0600 on /run/podman/io.podman > >>>>>> directory, so you can't use non-root user > >>>>>> to access this listening directory, but you may modify > >>>>>> permission before starting io.podman.socket, > >>>>>> good luck! > >>>>> Ah thanks, Since the container was started by non-root user, > >>>>> when i tried with sudo it failed > >>>>> > >>>>> $ sudo varlink call -m > >>>>> unix:/run/podman/io.podman/io.podman.ListContainerProcesses > >>>>> '{"name": "mysssd", "opts": []}' > >>>>> Unable to connect: CannotConnect > >>>>> > >>>>> Probably because the root user doesn't see the container . > >>>>> > >>>>>> [root@ajia-rhel-8 ajia]# ls -lad /run/podman/io.podman > >>>>>> srw-------. 1 root root 0 Aug 9 01:42 /run/podman/io.podman > >>>>>> > >>>>>> [root@ajia-rhel-8 ajia]# cat > >>>>>> /usr/lib/systemd/system/io.podman.socket > >>>>>> [Unit] > >>>>>> Description=Podman Remote API Socket > >>>>>> Documentation=man:podman-varlink(1) > >>>>>> > >>>>>> [Socket] > >>>>>> ListenStream=/run/podman/io.podman > >>>>>> SocketMode=0600 > >>>>>> > >>>>>> [Install] > >>>>>> WantedBy=sockets.target > >>>>>> > >>>>>> Sincerely, > >>>>>> Alex Jia > >>>>> When i tried to change the SocketMode to 0666 > >>>>> > >>>>> [root@mniranja ~]# cat /usr/lib/systemd/system/io.podman.socket > >>>>> [Unit] > >>>>> Description=Podman Remote API Socket > >>>>> Documentation=man:podman-varlink(1) > >>>>> > >>>>> [Socket] > >>>>> ListenStream=/run/podman/io.podman > >>>>> SocketMode=0666 > >>>>> > >>>>> [Install] > >>>>> WantedBy=sockets.target > >>>>> [root@mniranja ~]# ls -l /var/run/podman/io.podman > >>>>> srw-rw-rw-. 1 root root 0 Aug 9 11:51 /var/run/podman/io.podman > >>>>> > >>>>> $ varlink call -m > >>>>> unix:/run/podman/io.podman/io.podman.ListContainerProcesses > >>>>> '{"name": "mysssd", "opts": []}' > >>>>> Unable to connect: CannotConnect > >>>>> (venv) [mniranja@mniranja ad]$ sudo systemctl status > >>>>> io.podman.socket > >>>>> ● io.podman.socket - Podman Remote API Socket > >>>>> Loaded: loaded (/usr/lib/systemd/system/io.podman.socket; > >>>>> enabled; vendor preset: disabled) > >>>>> Active: active (listening) since Fri 2019-08-09 11:51:21 IST; > >>>>> 1min 12s ago > >>>>> Docs: man:podman-varlink(1) > >>>>> Listen: /run/podman/io.podman (Stream) > >>>>> CGroup: /system.slice/io.podman.socket > >>>>> > >>>>> (venv) [mniranja@mniranja ad]$ podman ps > >>>>> CONTAINER ID IMAGE COMMAND > >>>>> CREATED STATUS PORTS NAMES > >>>>> de27f6bd7c59 docker.io/library/fedora:latest /usr/sbin/init 24 > >>>>> hours ago Up 24 hours ago mysssd > >>>>> (venv) [mniranja@mniranja ad]$ > >>>> Even after changing the permissions to 0666, as non root user i am > >>>> still unable to use varlink to access the container. Any info on > >>>> how i could use varlink as non root user to access containers > >>>> created using non-root user. > >>>> > >>>> > >>>> > >>>>>> On Fri, Aug 9, 2019 at 1:16 PM <niranjan(a)ashoo.in&gt; wrote: > >>>>>>> Greetings, > >>>>>>> > >>>>>>> I have a container running on RHEL8 , The container was > >>>>>>> started as non root user using podman cli. I am trying to > >>>>>>> connect to container using varlink and it's unable to > >>>>>>> connect. > >>>>>>> > >>>>>>> $ podman ps > >>>>>>> CONTAINER ID IMAGE COMMAND > >>>>>>> CREATED STATUS PORTS NAMES > >>>>>>> de27f6bd7c59 docker.io/library/fedora:latest > >>>>>>> /usr/sbin/init 22 hours ago Up 22 hours ago mysssd > >>>>>>> > >>>>>>> > >>>>>>> $ sudo systemctl restart io.podman.socket > >>>>>>> $ sudo systemctl status io.podman.socket > >>>>>>> ● io.podman.socket - Podman Remote API Socket > >>>>>>> Loaded: loaded (/usr/lib/systemd/system/io.podman.socket; > >>>>>>> enabled; vendor preset: disabled) > >>>>>>> Active: active (listening) since Fri 2019-08-09 10:38:38 > >>>>>>> IST; 1s ago > >>>>>>> Docs: man:podman-varlink(1) > >>>>>>> Listen: /run/podman/io.podman (Stream) > >>>>>>> CGroup: /system.slice/io.podman.socket > >>>>>>> > >>>>>>> > >>>>>>> $varlink call -m > >>>>>>> unix:/run/podman/io.podman/io.podman.ListContainerProcesses > >>>>>>> '{"name": "mysssd", "opts": []}' > >>>>>>> Unable to connect: CannotConnect > >>>>>>> > >>>>>>> > >>>>>>> Version: > >>>>>>> podman-1.0.0-2.git921f98f.module+el8+2785+ff8a053f.x86_64 > >>>>>>> libvarlink-16-1.el8.x86_64 > >>>>>>> libvarlink-util-16-1.el8.x86_64 > >>>>>>> > >>>>>>> Regards > >>>>>>> Niranjan > >>>>>>> _______________________________________________ > >>>>>>> Podman mailing list -- podman(a)lists.podman.io > >>>>>>> To unsubscribe send an email to podman-leave(a)lists.podman.io > >>>>> _______________________________________________ > >>>>> Podman mailing list -- podman(a)lists.podman.io > >>>>> To unsubscribe send an email to podman-leave(a)lists.podman.io > >>>>> > >>>> > >>>> > >>>> _______________________________________________ > >>>> Podman mailing list -- podman(a)lists.podman.io > >>>> To unsubscribe send an email to podman-leave(a)lists.podman.io > >>> > >>> _______________________________________________ > >>> Podman mailing list -- podman(a)lists.podman.io > >>> To unsubscribe send an email to podman-leave(a)lists.podman.io > >> _______________________________________________ > >> Podman mailing list -- podman(a)lists.podman.io > >> To unsubscribe send an email to podman-leave(a)lists.podman.io > >> > > _______________________________________________ > > Podman mailing list -- podman(a)lists.podman.io > > To unsubscribe send an email to podman-leave(a)lists.podman.io > > _______________________________________________ > Podman mailing list -- podman(a)lists.podman.io > To unsubscribe send an email to podman-leave(a)lists.podman.io