[Podman] Re: Unable to connect to container using varlink

On Tue, Aug 13, 2019, at 12:44 AM, Brent Baude wrote: > You can manually do this quite easily. Example, in one terminal run > podman varlink as a regular user to setup the endpoint: > > bin/podman --log-level=debug varlink --timeout 0 > unix:/run/user/1000/io.podman > > i think people favor the endpoint to be /run/user/num/podman/io.podman > if you prefer that. > > In another terminal window, you can verify the endpoint like: > > varlink call unix:/run/user/1000/io.podman/io.podman.GetVersion > { > "built": "1969-12-31T18:00:00-06:00", > "git_commit": "", > "go_version": "go1.12.7", > "os_arch": "linux/amd64", > "remote_api_version": 1, > "version": "1.5.1-dev" > } > > I'm not familiar enough with systemd to do the setup as a regular user > but this should be possible as well. > On my RHEL8 system with podman (verison:podman-1.0.0-2.git921f98f.module+el8+2785+ff8a053f.x86_64) I get error when i do the below: $ podman --log-level=debug varlink --timeout=0 unix:/run/user/11567/io.podman INFO[0000] running as rootless Command "varlink" not found. See `podman --help`. Is there a specific version of podman that i should be using ? > On Mon, 2019-08-12 at 08:55 -0400, Daniel Walsh wrote: >> You need to have podman varlink running locally in your homedir for >> this to work. I know their is effort to make this happen seamlessly. >> >> I know that the Cockpit team have been working on making this happen, >> but I need Jhon or Brent or Martin to chime in on how it works (Or >> doesn't) >> >> On 8/12/19 2:37 AM, niranjan(a)ashoo.in wrote: >>> On Fri, Aug 9, 2019, at 11:54 AM, niranjan(a)ashoo.in wrote: >>>> On Fri, Aug 9, 2019, at 11:44 AM, Alex Jia wrote: >>>>> Hi Niranjan, >>>>> >>>>> default access permission is 0600 on /run/podman/io.podman >>>>> directory, so you can't use non-root user >>>>> to access this listening directory, but you may modify >>>>> permission before starting io.podman.socket, >>>>> good luck! >>>> Ah thanks, Since the container was started by non-root user, >>>> when i tried with sudo it failed >>>> >>>> $ sudo varlink call -m >>>> unix:/run/podman/io.podman/io.podman.ListContainerProcesses >>>> '{"name": "mysssd", "opts": []}' >>>> Unable to connect: CannotConnect >>>> >>>> Probably because the root user doesn't see the container . >>>> >>>>> [root@ajia-rhel-8 ajia]# ls -lad /run/podman/io.podman >>>>> srw-------. 1 root root 0 Aug 9 01:42 /run/podman/io.podman >>>>> >>>>> [root@ajia-rhel-8 ajia]# cat >>>>> /usr/lib/systemd/system/io.podman.socket >>>>> [Unit] >>>>> Description=Podman Remote API Socket >>>>> Documentation=man:podman-varlink(1) >>>>> >>>>> [Socket] >>>>> ListenStream=/run/podman/io.podman >>>>> SocketMode=0600 >>>>> >>>>> [Install] >>>>> WantedBy=sockets.target >>>>> >>>>> Sincerely, >>>>> Alex Jia >>>> When i tried to change the SocketMode to 0666 >>>> >>>> [root@mniranja ~]# cat /usr/lib/systemd/system/io.podman.socket >>>> [Unit] >>>> Description=Podman Remote API Socket >>>> Documentation=man:podman-varlink(1) >>>> >>>> [Socket] >>>> ListenStream=/run/podman/io.podman >>>> SocketMode=0666 >>>> >>>> [Install] >>>> WantedBy=sockets.target >>>> [root@mniranja ~]# ls -l /var/run/podman/io.podman >>>> srw-rw-rw-. 1 root root 0 Aug 9 11:51 /var/run/podman/io.podman >>>> >>>> $ varlink call -m >>>> unix:/run/podman/io.podman/io.podman.ListContainerProcesses >>>> '{"name": "mysssd", "opts": []}' >>>> Unable to connect: CannotConnect >>>> (venv) [mniranja@mniranja ad]$ sudo systemctl status >>>> io.podman.socket >>>> ● io.podman.socket - Podman Remote API Socket >>>> Loaded: loaded (/usr/lib/systemd/system/io.podman.socket; >>>> enabled; vendor preset: disabled) >>>> Active: active (listening) since Fri 2019-08-09 11:51:21 IST; >>>> 1min 12s ago >>>> Docs: man:podman-varlink(1) >>>> Listen: /run/podman/io.podman (Stream) >>>> CGroup: /system.slice/io.podman.socket >>>> >>>> (venv) [mniranja@mniranja ad]$ podman ps >>>> CONTAINER ID IMAGE COMMAND >>>> CREATED STATUS PORTS NAMES >>>> de27f6bd7c59 docker.io/library/fedora:latest /usr/sbin/init 24 >>>> hours ago Up 24 hours ago mysssd >>>> (venv) [mniranja@mniranja ad]$ >>> Even after changing the permissions to 0666, as non root user i am >>> still unable to use varlink to access the container. Any info on >>> how i could use varlink as non root user to access containers >>> created using non-root user. >>> >>> >>> >>>>> On Fri, Aug 9, 2019 at 1:16 PM <niranjan(a)ashoo.in&gt; wrote: >>>>>> Greetings, >>>>>> >>>>>> I have a container running on RHEL8 , The container was >>>>>> started as non root user using podman cli. I am trying to >>>>>> connect to container using varlink and it's unable to >>>>>> connect. >>>>>> >>>>>> $ podman ps >>>>>> CONTAINER ID IMAGE COMMAND >>>>>> CREATED STATUS PORTS NAMES >>>>>> de27f6bd7c59 docker.io/library/fedora:latest >>>>>> /usr/sbin/init 22 hours ago Up 22 hours ago mysssd >>>>>> >>>>>> >>>>>> $ sudo systemctl restart io.podman.socket >>>>>> $ sudo systemctl status io.podman.socket >>>>>> ● io.podman.socket - Podman Remote API Socket >>>>>> Loaded: loaded (/usr/lib/systemd/system/io.podman.socket; >>>>>> enabled; vendor preset: disabled) >>>>>> Active: active (listening) since Fri 2019-08-09 10:38:38 >>>>>> IST; 1s ago >>>>>> Docs: man:podman-varlink(1) >>>>>> Listen: /run/podman/io.podman (Stream) >>>>>> CGroup: /system.slice/io.podman.socket >>>>>> >>>>>> >>>>>> $varlink call -m >>>>>> unix:/run/podman/io.podman/io.podman.ListContainerProcesses >>>>>> '{"name": "mysssd", "opts": []}' >>>>>> Unable to connect: CannotConnect >>>>>> >>>>>> >>>>>> Version: >>>>>> podman-1.0.0-2.git921f98f.module+el8+2785+ff8a053f.x86_64 >>>>>> libvarlink-16-1.el8.x86_64 >>>>>> libvarlink-util-16-1.el8.x86_64 >>>>>> >>>>>> Regards >>>>>> Niranjan >>>>>> _______________________________________________ >>>>>> Podman mailing list -- podman(a)lists.podman.io >>>>>> To unsubscribe send an email to podman-leave(a)lists.podman.io >>>> _______________________________________________ >>>> Podman mailing list -- podman(a)lists.podman.io >>>> To unsubscribe send an email to podman-leave(a)lists.podman.io >>>> >>> >>> >>> _______________________________________________ >>> Podman mailing list -- podman(a)lists.podman.io >>> To unsubscribe send an email to podman-leave(a)lists.podman.io >> >> _______________________________________________ >> Podman mailing list -- podman(a)lists.podman.io >> To unsubscribe send an email to podman-leave(a)lists.podman.io > _______________________________________________ > Podman mailing list -- podman(a)lists.podman.io > To unsubscribe send an email to podman-leave(a)lists.podman.io > _______________________________________________ Podman mailing list -- podman(a)lists.podman.io To unsubscribe send an email to podman-leave(a)lists.podman.io