Conversation
pkg/crc/constants/constants.go
Outdated
| return filepath.Join(MachineInstanceDir, DefaultName, "id_ecdsa") | ||
| } | ||
|
|
||
| func GetDockerSockOnHost() string { |
There was a problem hiding this comment.
maybe GetHostDockerSocketPath?
go.mod
Outdated
| k8s.io/kubectl => github.com/openshift/kubernetes-kubectl v0.0.0-20210730111826-9c6734b9d97d | ||
| ) | ||
|
|
||
| replace github.com/containers/gvisor-tap-vsock => github.com/protosam/gvisor-tap-vsock v0.3.1-0.20220114153937-6d76545f46e2 |
There was a problem hiding this comment.
I'd prefer that we delay this PR a bit until this lands upstream instead of relying on a forked repository we have no control over.
|
/hold |
28a9258 to
abb3def
Compare
|
/unhold |
cfergeau
left a comment
There was a problem hiding this comment.
Looks good, still one pending comment, I suspect Windows support will be more work.
abb3def to
1e63f68
Compare
|
Let's address crc-org/snc#506 (comment) before merging this could cause changes in this PR. |
1e63f68 to
6c79281
Compare
6c79281 to
22d859f
Compare
pkg/crc/machine/vsock.go
Outdated
| Protocol: "unix", | ||
| Local: constants.GetHostDockerSocketPath(), | ||
| Remote: fmt.Sprintf("ssh-tunnel://core@%s:%d/run/podman/podman.sock?key=%s", virtualMachineIP, internalSSHPort, constants.GetPrivateKeyPath()), | ||
| Remote: fmt.Sprintf("ssh-tunnel://core@%s:%s/run/podman/podman.sock?key=%s", virtualMachineIP, internalSSHPort, constants.GetPrivateKeyPath()), |
There was a problem hiding this comment.
This should be using net.JoinHostPort as well
There was a problem hiding this comment.
I believe you're right. I would also recommend constructing a https://pkg.go.dev/net/url#URL and setting its fields as necessary then stringifying at API boundaries. It'll handle all the weird edge cases.
bb435a3 to
dd99f84
Compare
pkg/crc/machine/vsock.go
Outdated
| Host: net.JoinHostPort(virtualMachineIP, internalSSHPort), | ||
| Path: "/run/podman/podman.sock", | ||
| ForceQuery: false, | ||
| RawQuery: fmt.Sprintf("key=%s", constants.GetPrivateKeyPath()), |
There was a problem hiding this comment.
better to run this through https://pkg.go.dev/net/url#QueryEscape, hopefully gvisor-tap-vsock accepts this.
A bit odd to introduce the fmt.Sprintf() in one commit, to change it to using url.URL in a commit which is not really related to this.
dd99f84 to
12d7428
Compare
We are dropping our fork of mdlayher/vsock since it has the API we need in the version, we are switching to. Fixes crc-org#3001
Since now gvisor-tap-vsock have the different protocol implementation like `unixTotcp`, `unixTounix`, `tcpTotcp` so those details need to be part of protocol type so that when check for the open port happen it should match with expose request type.
With this now following will happen automatic
```
✗ curl --unix-socket ~/.crc/crc-http.sock http:/unix/network/services/forwarder/all | jq .
[
{
"local": "/tmp/docker.sock",
"remote": "ssh-tunnel://core@192.168.127.2:22/run/podman/podman.sock?key=/Users/prkumar/.crc/machines/crc/id_ecdsa",
"protocol": "unix"
}
]
```
12d7428 to
d5609df
Compare
pkg/crc/machine/vsock.go
Outdated
| ForceQuery: false, | ||
| RawQuery: fmt.Sprintf("key=%s", constants.GetPrivateKeyPath()), | ||
| } | ||
| return url.QueryEscape(u.String()) |
There was a problem hiding this comment.
no, you want RawQuery: url.QueryEscape(fmt.Sprintf("key=%s, ...)), and then return url.String(). Or is it RawQuery: fmt.Sprintf("key=%s", url.QueryEscape(constants.GetPrivateKeyPath())?
There was a problem hiding this comment.
Ah my bad I misread QueryEscape escapes the string so it can be safely placed inside a URL query. this one :(
d5609df to
cd3e65e
Compare
|
Tried it on windows, currently it fails during Daemon logs: |
cd3e65e to
c6db610
Compare
cfergeau
left a comment
There was a problem hiding this comment.
Looks good to me, maybe wait for more feedback from Anjan on Windows?
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: cfergeau, praveenkumar The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@cfergeau Anjan already mentioned it failed due to the SSH key location. is that resolved @praveenkumar ? If so, @anjannath can test again. |
Anjan tested, reported it's not working, Praveen force-pushed a change which could help with what Anjan was seeing, so I was asking if Anjan can test again. |
Me and @anjannath tested this PR and in windows also it does able to map the socket but this socket docker client can't consume since it only support named pipe so we need to proxy namedpipe <=> docker sock somehow. For windows I created a new tracking issue and from this PR disable the |
With this patch following is possible for mac and linux. For windows we need to use named pipe and that needs bit more effort. ``` ✗ ./crc podman-env export PATH="/Users/prkumar/.crc/bin/oc:$PATH" export CONTAINER_SSHKEY="/Users/prkumar/.crc/machines/crc/id_ecdsa" export CONTAINER_HOST="ssh://core@127.0.0.1:2222/run/user/1000/podman/podman.sock" export DOCKER_HOST="unix:///Users/prkumar/.crc/machines/crc/docker.sock" x eval $(./crc podman-env) ✗ docker images REPOSITORY TAG IMAGE ID CREATED SIZE quay.io/crcont/gvisor-tap-vsock 3231aba53905468c22e394493a0debc1a6cc6392 f42b05e6b25e 5 months ago 6.65MB httpd 2.4 a8ea074f4566 2 weeks ago 148MB ```
It also support ipv6 if in future we need support.
c6db610 to
a29fa5f
Compare
|
New changes are detected. LGTM label has been removed. |
This is only tested on the mac. I will test it on the Linux also but we need someone who can test this windows. I think on windows
unix:///doesn't work, we do need to check if named pipe can be used.Some of the commits can be removed once the forked repo not needed.