From 32b2856e7a6d5a5e6c51b58a223be00828258981 Mon Sep 17 00:00:00 2001 From: Anders F Björklund Date: Tue, 1 Oct 2019 19:38:58 +0200 Subject: Allow changing IdentityFile and to IgnoreHosts MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Anders F Björklund --- cmd/podman/cliconfig/config.go | 2 ++ cmd/podman/main_remote.go | 2 ++ cmd/podman/remoteclientconfig/config.go | 10 ++++++---- cmd/podman/remoteclientconfig/configfile_test.go | 6 +++--- docs/podman-remote.conf.5.md | 6 ++++++ pkg/adapter/client.go | 2 +- pkg/adapter/client_unix.go | 11 +++++++++-- 7 files changed, 29 insertions(+), 10 deletions(-) diff --git a/cmd/podman/cliconfig/config.go b/cmd/podman/cliconfig/config.go index b8796f9b3..5b5225f02 100644 --- a/cmd/podman/cliconfig/config.go +++ b/cmd/podman/cliconfig/config.go @@ -42,6 +42,8 @@ type MainFlags struct { ConnectionName string RemoteConfigFilePath string Port int + IdentityFile string + IgnoreHosts bool } type AttachValues struct { diff --git a/cmd/podman/main_remote.go b/cmd/podman/main_remote.go index f617422e6..569a5c006 100644 --- a/cmd/podman/main_remote.go +++ b/cmd/podman/main_remote.go @@ -21,6 +21,8 @@ func init() { rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.RemoteUserName, "username", username, "username on the remote host") rootCmd.PersistentFlags().IntVar(&MainGlobalOpts.Port, "port", 22, "port on remote host") rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.RemoteHost, "remote-host", "", "remote host") + rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.IdentityFile, "identity-file", "", "identity-file") + rootCmd.PersistentFlags().BoolVar(&MainGlobalOpts.IgnoreHosts, "ignore-hosts", false, "ignore hosts") // TODO maybe we allow the altering of this for bridge connections? // rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.VarlinkAddress, "varlink-address", adapter.DefaultAddress, "address of the varlink socket") rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.LogLevel, "log-level", "error", "Log messages above specified level: debug, info, warn, error, fatal or panic. Logged to ~/.config/containers/podman.log") diff --git a/cmd/podman/remoteclientconfig/config.go b/cmd/podman/remoteclientconfig/config.go index 13880a868..3faa7954a 100644 --- a/cmd/podman/remoteclientconfig/config.go +++ b/cmd/podman/remoteclientconfig/config.go @@ -9,10 +9,12 @@ type RemoteConfig struct { // RemoteConnection describes the attributes of a podman-remote endpoint type RemoteConnection struct { - Destination string `toml:"destination"` - Username string `toml:"username"` - IsDefault bool `toml:"default"` - Port int `toml:"port"` + Destination string `toml:"destination"` + Username string `toml:"username"` + IsDefault bool `toml:"default"` + Port int `toml:"port"` + IdentityFile string `toml:"identity_file"` + IgnoreHosts bool `toml:"ignore_hosts"` } // GetConfigFilePath is a simple helper to export the configuration file's diff --git a/cmd/podman/remoteclientconfig/configfile_test.go b/cmd/podman/remoteclientconfig/configfile_test.go index ea2224ea7..0bcac29a8 100644 --- a/cmd/podman/remoteclientconfig/configfile_test.go +++ b/cmd/podman/remoteclientconfig/configfile_test.go @@ -143,7 +143,7 @@ func TestRemoteConfig_GetDefault(t *testing.T) { wantErr bool }{ // A good toml should return the connection that is marked isDefault - {"good", fields{Connections: makeGoodResult().Connections}, &RemoteConnection{"192.168.1.1", "myuser", true, 22}, false}, + {"good", fields{Connections: makeGoodResult().Connections}, &RemoteConnection{"192.168.1.1", "myuser", true, 22, "", false}, false}, // If nothing is marked as isDefault and there is more than one connection, error should occur {"nodefault", fields{Connections: noDefault}, nil, true}, // if nothing is marked as isDefault but there is only one connection, the one connection is considered the default @@ -183,9 +183,9 @@ func TestRemoteConfig_GetRemoteConnection(t *testing.T) { wantErr bool }{ // Good connection - {"goodhomer", fields{Connections: makeGoodResult().Connections}, args{name: "homer"}, &RemoteConnection{"192.168.1.1", "myuser", true, 22}, false}, + {"goodhomer", fields{Connections: makeGoodResult().Connections}, args{name: "homer"}, &RemoteConnection{"192.168.1.1", "myuser", true, 22, "", false}, false}, // Good connection - {"goodbart", fields{Connections: makeGoodResult().Connections}, args{name: "bart"}, &RemoteConnection{"foobar.com", "root", false, 22}, false}, + {"goodbart", fields{Connections: makeGoodResult().Connections}, args{name: "bart"}, &RemoteConnection{"foobar.com", "root", false, 22, "", false}, false}, // Getting an unknown connection should result in error {"noexist", fields{Connections: makeGoodResult().Connections}, args{name: "foobar"}, nil, true}, // Getting a connection when there are none should result in an error diff --git a/docs/podman-remote.conf.5.md b/docs/podman-remote.conf.5.md index 3c8a1a801..e9cc05989 100644 --- a/docs/podman-remote.conf.5.md +++ b/docs/podman-remote.conf.5.md @@ -25,6 +25,12 @@ of the user's remote connections. **port** = int Use an alternative port for the ssh connections. The default port is 22. +**identity_file** = "" + Use an alternative location for the ssh private key + +**ignore_hosts** = bool + Don't match the remote ssh host key with known hosts + ## EXAMPLE diff --git a/pkg/adapter/client.go b/pkg/adapter/client.go index 1805c758d..da4670892 100644 --- a/pkg/adapter/client.go +++ b/pkg/adapter/client.go @@ -35,7 +35,7 @@ func (r RemoteRuntime) RemoteEndpoint() (remoteEndpoint *Endpoint, err error) { if len(r.cmd.RemoteUserName) < 1 { return nil, errors.New("you must provide a username when providing a remote host name") } - rc := remoteclientconfig.RemoteConnection{r.cmd.RemoteHost, r.cmd.RemoteUserName, false, r.cmd.Port} + rc := remoteclientconfig.RemoteConnection{r.cmd.RemoteHost, r.cmd.RemoteUserName, false, r.cmd.Port, r.cmd.IdentityFile, r.cmd.IgnoreHosts} remoteEndpoint, err = newBridgeConnection("", &rc, r.cmd.LogLevel) // if the user has a config file with connections in it } else if len(remoteConfigConnections.Connections) > 0 { diff --git a/pkg/adapter/client_unix.go b/pkg/adapter/client_unix.go index a7bc7c1c0..2bf71295f 100644 --- a/pkg/adapter/client_unix.go +++ b/pkg/adapter/client_unix.go @@ -14,7 +14,14 @@ func formatDefaultBridge(remoteConn *remoteclientconfig.RemoteConnection, logLev if port == 0 { port = 22 } + options := "" + if remoteConn.IdentityFile != "" { + options += " -i " + remoteConn.IdentityFile + } + if remoteConn.IgnoreHosts { + options += " -q -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" + } return fmt.Sprintf( - `ssh -p %d -T %s@%s -- /usr/bin/varlink -A \'/usr/bin/podman --log-level=%s varlink \\\$VARLINK_ADDRESS\' bridge`, - port, remoteConn.Username, remoteConn.Destination, logLevel) + `ssh -p %d -T%s %s@%s -- /usr/bin/varlink -A \'/usr/bin/podman --log-level=%s varlink \\\$VARLINK_ADDRESS\' bridge`, + port, options, remoteConn.Username, remoteConn.Destination, logLevel) } -- cgit v1.2.3-54-g00ecf From db694f13ba515d04d6f5a42e85472ed8e66f7220 Mon Sep 17 00:00:00 2001 From: Anders F Björklund Date: Tue, 1 Oct 2019 19:39:50 +0200 Subject: Avoid hard-coding path to varlink and podman MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Anders F Björklund --- pkg/adapter/client_unix.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/adapter/client_unix.go b/pkg/adapter/client_unix.go index 2bf71295f..7af8b24c6 100644 --- a/pkg/adapter/client_unix.go +++ b/pkg/adapter/client_unix.go @@ -22,6 +22,6 @@ func formatDefaultBridge(remoteConn *remoteclientconfig.RemoteConnection, logLev options += " -q -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" } return fmt.Sprintf( - `ssh -p %d -T%s %s@%s -- /usr/bin/varlink -A \'/usr/bin/podman --log-level=%s varlink \\\$VARLINK_ADDRESS\' bridge`, + `ssh -p %d -T%s %s@%s -- varlink -A \'podman --log-level=%s varlink \\\$VARLINK_ADDRESS\' bridge`, port, options, remoteConn.Username, remoteConn.Destination, logLevel) } -- cgit v1.2.3-54-g00ecf From 23ae7604c9301f8e1ab1dbc125db6b7b724a8db2 Mon Sep 17 00:00:00 2001 From: Anders F Björklund Date: Tue, 1 Oct 2019 19:42:14 +0200 Subject: Allow setting default parameters with env vars MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Anders F Björklund --- cmd/podman/main_remote.go | 32 +++++++++++++++++++++++++------- 1 file changed, 25 insertions(+), 7 deletions(-) diff --git a/cmd/podman/main_remote.go b/cmd/podman/main_remote.go index 569a5c006..623f4098e 100644 --- a/cmd/podman/main_remote.go +++ b/cmd/podman/main_remote.go @@ -3,9 +3,11 @@ package main import ( - "github.com/pkg/errors" + "os" "os/user" + "strconv" + "github.com/pkg/errors" "github.com/spf13/cobra" ) @@ -13,16 +15,32 @@ const remote = true func init() { var username string - if curruser, err := user.Current(); err == nil { - username = curruser.Username + if username = os.Getenv("PODMAN_USER"); username == "" { + if curruser, err := user.Current(); err == nil { + username = curruser.Username + } + } + host := os.Getenv("PODMAN_HOST") + port := 22 + if portstr := os.Getenv("PODMAN_PORT"); portstr != "" { + if p, err := strconv.Atoi(portstr); err == nil { + port = p + } + } + key := os.Getenv("PODMAN_IDENTITY_FILE") + ignore := false + if ignorestr := os.Getenv("PODMAN_IGNORE_HOSTS"); ignorestr != "" { + if b, err := strconv.ParseBool(ignorestr); err == nil { + ignore = b + } } rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.ConnectionName, "connection", "", "remote connection name") rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.RemoteConfigFilePath, "remote-config-path", "", "alternate path for configuration file") rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.RemoteUserName, "username", username, "username on the remote host") - rootCmd.PersistentFlags().IntVar(&MainGlobalOpts.Port, "port", 22, "port on remote host") - rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.RemoteHost, "remote-host", "", "remote host") - rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.IdentityFile, "identity-file", "", "identity-file") - rootCmd.PersistentFlags().BoolVar(&MainGlobalOpts.IgnoreHosts, "ignore-hosts", false, "ignore hosts") + rootCmd.PersistentFlags().IntVar(&MainGlobalOpts.Port, "port", port, "port on remote host") + rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.RemoteHost, "remote-host", host, "remote host") + rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.IdentityFile, "identity-file", key, "identity-file") + rootCmd.PersistentFlags().BoolVar(&MainGlobalOpts.IgnoreHosts, "ignore-hosts", ignore, "ignore hosts") // TODO maybe we allow the altering of this for bridge connections? // rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.VarlinkAddress, "varlink-address", adapter.DefaultAddress, "address of the varlink socket") rootCmd.PersistentFlags().StringVar(&MainGlobalOpts.LogLevel, "log-level", "error", "Log messages above specified level: debug, info, warn, error, fatal or panic. Logged to ~/.config/containers/podman.log") -- cgit v1.2.3-54-g00ecf From c831a64bb1dbce86109d1c2e00535e89a7fc5f81 Mon Sep 17 00:00:00 2001 From: Anders F Björklund Date: Wed, 2 Oct 2019 20:47:29 +0200 Subject: Apply changes also to the windows implementation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Anders F Björklund --- pkg/adapter/client_windows.go | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/pkg/adapter/client_windows.go b/pkg/adapter/client_windows.go index 31e5d9830..32302a600 100644 --- a/pkg/adapter/client_windows.go +++ b/pkg/adapter/client_windows.go @@ -9,7 +9,18 @@ import ( ) func formatDefaultBridge(remoteConn *remoteclientconfig.RemoteConnection, logLevel string) string { + port := remoteConn.Port + if port == 0 { + port = 22 + } + options := "" + if remoteConn.IdentityFile != "" { + options += " -i " + remoteConn.IdentityFile + } + if remoteConn.IgnoreHosts { + options += " -q -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null" + } return fmt.Sprintf( - `ssh -T %s@%s -- /usr/bin/varlink -A '/usr/bin/podman --log-level=%s varlink $VARLINK_ADDRESS' bridge`, - remoteConn.Username, remoteConn.Destination, logLevel) + `ssh -p %d -T%s %s@%s -- varlink -A 'podman --log-level=%s varlink $VARLINK_ADDRESS' bridge`, + port, options, remoteConn.Username, remoteConn.Destination, logLevel) } -- cgit v1.2.3-54-g00ecf