Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RFE] Access docker api on a mac #2995

Closed
praveenkumar opened this issue Feb 9, 2022 · 3 comments
Closed

[RFE] Access docker api on a mac #2995

praveenkumar opened this issue Feb 9, 2022 · 3 comments
Assignees
@praveenkumar

Comments

@praveenkumar
Copy link
Member

This is same issue containers/podman#11397 but on crc side. Parent issue have lot of discussion and mostly podman4.x will solve it but in the mean time we can do something following and make it work.

<--- On the VM ---->
$ podman system service --time=0 tcp:0.0.0.0:62341 &
<--- On the host ---->
$ curl -X POST -d '{"protocol": "unix", "local": "/tmp/docker.sock", "remote": "192.168.127.2:62341"}'  --unix-socket ~/.crc/crc-http.sock http:/unix/network/services/forwarder/expose
$ export DOCKER_HOST=unix:///tmp/docker.sock
$ docker run  -d -p 8081:80 docker.io/httpd:2.4
Unable to find image 'httpd:2.4' locally
5eb5b503b376: Download complete 
942bd346e7f7: Download complete 
a43a76ccc967: Download complete 
cdb155854ae6: Download complete 
10c4d45228bf: Download complete 
a8ea074f4566: Download complete 
56e77241f81d8daf33eacb43cc8a53df9ec8fa12b6dec795f952ac10f6706ee3
$  curl localhost:8081
<html><body><h1>It works!</h1></body></html>
@praveenkumar
Copy link
Member Author

We have to understand if podman system service --time=0 tcp:0.0.0.0:62341 & have any impose on security side or we have to wait till 4.x to see how it is handled on podman machine side.

@praveenkumar
Copy link
Member Author

So with podman (master branch) if we compile the remote binary for macOS with enablement of ssh forwarder then we can expose the unix socket from the VM to host.

diff --git a/pkg/machine/qemu/machine.go b/pkg/machine/qemu/machine.go
index eb7b35ece..9a91c808f 100644
--- a/pkg/machine/qemu/machine.go
+++ b/pkg/machine/qemu/machine.go
@@ -875,6 +875,8 @@ func (v *MachineVM) startHostNetworking() error {
        cmd = append(cmd, []string{"-listen-qemu", fmt.Sprintf("unix://%s", qemuSocket), "-pid-file", pidFile}...)
        // Add the ssh port
        cmd = append(cmd, []string{"-ssh-port", fmt.Sprintf("%d", v.Port)}...)
+       // Add the unix socket expose
+       cmd = append(cmd, []string{"-forward-dest", "/var/run/docker.sock", "-forward-identity", v.IdentityPath, "-forward-sock", "/tmp/docker.sock", "-forward-user", "root"}...)
        if logrus.GetLevel() == logrus.DebugLevel {
                cmd = append(cmd, "--debug")
                fmt.Println(cmd)
$ /usr/local/opt/podman/libexec/gvproxy -listen-qemu unix:///var/folders/hl/p_pkz0w54knbpst8jgfjj_lw0000gn/T/podman/qemu_podman-machine-default.sock -pid-file /var/folders/hl/p_pkz0w54knbpst8jgfjj_lw0000gn/T/podman/podman-machine-default.pid -ssh-port 49508 -forward-dest /var/run/docker.sock -forward-identity /Users/prkumar/.ssh/podman-machine-default -forward-sock /tmp/docker.sock -forward-user root

$ export DOCKER_HOST=unix:///tmp/docker.sock
➜  ~ docker run  -d -p 8081:80 docker.io/httpd:2.4
Unable to find image 'httpd:2.4' locally
a43a76ccc967: Download complete 
942bd346e7f7: Download complete 
cdb155854ae6: Download complete 
10c4d45228bf: Download complete 
5eb5b503b376: Download complete 
a8ea074f4566: Download complete 
c64bfcb2b7e3197238c15cf5e7d138002871f17baf663ab0957e5cb74193c1fc
➜  ~ curl localhost:8081
<html><body><h1>It works!</h1></body></html>

@praveenkumar praveenkumar self-assigned this Feb 11, 2022
@praveenkumar
Copy link
Member Author

This is now part of dev branch.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@praveenkumar praveenkumar

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@praveenkumar