Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement sshfs volumes for podman machine #12584

Closed
wants to merge 7 commits into from

Conversation

afbjorklund
Copy link
Contributor

What this PR does / why we need it:

This adds sshfs volume support through sshocker, for platforms without virtfs.

https://github.com/lima-vm/sshocker

It also works for remote servers, beyond those created by podman machine

For #8016

How to verify it

No tests for podman machine yet. Test manually using --volume-driver=sshfs

Which issue(s) this PR fixes:

None

Special notes for your reviewer:

Continuation of PR #11454 which should go first, but has been waiting for a while.

@openshift-ci
Copy link
Contributor

openshift-ci bot commented Dec 13, 2021

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: afbjorklund
To complete the pull request process, please assign giuseppe after the PR has been reviewed.
You can assign the PR to them by writing /assign @giuseppe in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@afbjorklund
Copy link
Contributor Author

afbjorklund commented Dec 17, 2021

The dependency on an internal sshocker binary could be replaced,
with a library dependency on "github.com/lima-vm/sshocker/pkg/sshocker"

https://github.com/lima-vm/sshocker/blob/master/cmd/sshocker/run.go

But the ssh config file is still needed, for populating "ssh.SSHConfig" struct

@afbjorklund

This comment has been minimized.

@AkihiroSuda
Copy link
Collaborator

Seems like the license for osxfuse has changed: Homebrew/homebrew-core#64491

cc @baude

How is it relevant to this PR?
sshocker doesn’t use osxfuse

@afbjorklund
Copy link
Contributor Author

afbjorklund commented Dec 17, 2021

sshocker doesn’t use osxfuse

Sorry, my bad. Confused the "sshfs" and the "reverse-sshfs" again, after the renaming.

I think it was relevant for docker-machine mount and podman-machine mount, only...

@openshift-ci openshift-ci bot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Dec 26, 2021
Allow using the built-in 9pfs feature of qemu,
mounting host directories into vm mountpoints.

The volumes are generic, the mounts are specific.

Wait for the machine to be "running", otherwise
the SSH function might throw an error instead.

Increase the default msize from 8 KiB to 128 KiB

[NO NEW TESTS NEEDED]

Signed-off-by: Anders F Björklund <[email protected]>
There are other mount types available, such as NFS or SMB,
or one could use reverse sshfs for better compatibility.

It could either be a global option, or it could perhaps be
overridden for each volume (like the container volumes).

Refactor the creation of the options string or array.

Allow specifying the volume as read-only, if desired.

[NO NEW TESTS NEEDED]

Signed-off-by: Anders F Björklund <[email protected]>
@openshift-ci openshift-ci bot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Dec 30, 2021
Use the same type of mounts for all the machine volumes.

The default could change in the future, depending on OS.

[NO NEW TESTS NEEDED]

Signed-off-by: Anders F Björklund <[email protected]>
This uses sshocker and reverse sshfs fusemount.

[NO NEW TESTS NEEDED]

Signed-off-by: Anders F Björklund <[email protected]>
Prepare for moving into a more central place.

[NO NEW TESTS NEEDED]

Signed-off-by: Anders F Björklund <[email protected]>
@afbjorklund
Copy link
Contributor Author

afbjorklund commented Dec 30, 2021

Apparently this does not work out-of-the-box with Fedora CoreOS, since it only allows user:

[root@localhost ~]# more /etc/fuse.conf
# mount_max = 1000
# user_allow_other
[root@localhost ~]# ls -l /mnt/
ls: cannot access '/mnt/podman': Permission denied
total 0
d????????? ? ? ? ?            ? podman

Also have to special-case /mnt, since it is a symbolic link (which sshocker doesn't handle)


For lima, this FUSE configuration is handled with cloud-init:

https://github.com/lima-vm/lima/blob/v0.8.0/pkg/cidata/cidata.TEMPLATE.d/boot/30-install-packages.sh#L4_L11

	# Modify /etc/fuse.conf to allow "-o allow_root"
	if [ "${LIMA_CIDATA_MOUNTS}" -gt 0 ]; then
		if ! grep -q "^user_allow_other" /etc/fuse.conf; then
			echo "user_allow_other" >>/etc/fuse.conf
		fi
	fi

Avoids having to install an extra helper bin.

[NO NEW TESTS NEEDED]

Signed-off-by: Anders F Björklund <[email protected]>
The library only handles the absolute paths.

[NO NEW TESTS NEEDED]

Signed-off-by: Anders F Björklund <[email protected]>
@afbjorklund
Copy link
Contributor Author

afbjorklund commented Dec 30, 2021

Apparently the library only supports Run, and not Start. But maybe can use other ssh flags ? (like -n)

package exec // import "os/exec"

func (c *Cmd) Run() error
    Run starts the specified command and waits for it to complete.

func (c *Cmd) Start() error
    Start starts the specified command but does not wait for it to complete.

func (c *Cmd) Wait() error
    Wait waits for the command to exit and waits for any copying to stdin or
    copying from stdout or stderr to complete.

    The command must have been started by Start.

https://github.com/lima-vm/sshocker/blob/master/pkg/sshocker/sshocker.go

EDIT: Needs more support, like keeping track of the sleeping ssh connection and so on.

In lima, there are "agents" running on the host and in the guest that keeps track of this.

@afbjorklund
Copy link
Contributor Author

afbjorklund commented Dec 30, 2021

Will revisit next year, once the basic volume support is in. Too much hassle handle multiple long-lived branches.

The sshocker call is pretty basic, the main issue is that the ssh config is hidden behind the podman "connection".

ssh -F ~/.config/containers/podman/machine/qemu/podman-machine-default.config \
    podman-machine-default

sshocker -F ~/.config/containers/podman/machine/qemu/podman-machine-default.config \
         -v /tmp/podman:/var/mnt/podman podman-machine-default

Currently "host:port" is required, rather than "name":

@afbjorklund
Copy link
Contributor Author

afbjorklund commented Dec 30, 2021

Opened bugs on sshocker for the outstanding issues, you can use lima for podman meanwhile.

limactl start https://raw.githubusercontent.com/lima-vm/lima/master/examples/podman.yaml

@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 22, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 22, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants