Add --compat option to machine start for docker compatiblity sock

Use half-close for each forwarding direction Signed-off-by: Jason Greene <jason.greene@redhat.com>
containers · Sep 23, 2021 · b828779 · b828779
1 parent a99fd0e
commit b828779
Show file tree

Hide file tree

Showing 4 changed files with 89 additions and 18 deletions.
diff --git a/cmd/podman/machine/start.go b/cmd/podman/machine/start.go
@@ -12,21 +12,25 @@ import (
 
 var (
 	startCmd = &cobra.Command{
-		Use:               "start [MACHINE]",
+		Use:               "start [options] [MACHINE]",
 		Short:             "Start an existing machine",
 		Long:              "Start a managed virtual machine ",
 		RunE:              start,
 		Args:              cobra.MaximumNArgs(1),
 		Example:           `podman machine start myvm`,
 		ValidArgsFunction: autocompleteMachine,
 	}
+
+	startOptions machine.StartOptions
 )
 
 func init() {
 	registry.Commands = append(registry.Commands, registry.CliCommand{
 		Command: startCmd,
 		Parent:  machineCmd,
 	})
+	flags := startCmd.Flags()
+	flags.BoolVar(&startOptions.Compat, "compat", false, "Create compatibility links for docker.sock")
 }
 
 func start(cmd *cobra.Command, args []string) error {
@@ -58,7 +62,7 @@ func start(cmd *cobra.Command, args []string) error {
 	if err != nil {
 		return err
 	}
-	if err := vm.Start(vmName, machine.StartOptions{}); err != nil {
+	if err := vm.Start(vmName, startOptions); err != nil {
 		return err
 	}
 	return nil

diff --git a/cmd/podman/system/unixproxy.go b/cmd/podman/system/unixproxy.go
@@ -19,6 +19,7 @@ import (
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"github.com/spf13/cobra"
+	"golang.org/x/crypto/ssh"
 )
 
 var (
@@ -42,6 +43,12 @@ var (
 	}{}
 )
 
+type CloseWriteStream interface {
+	io.Reader
+	io.WriteCloser
+	CloseWrite() error
+}
+
 func init() {
 	registry.Commands = append(registry.Commands, registry.CliCommand{
 		Command: upCmd,
@@ -94,17 +101,17 @@ func proxy(cmd *cobra.Command, args []string) error {
 	return setupProxy(uri)
 }
 
-func connectForward(bastion *bindings.Bastion) (net.Conn, error) {
+func connectForward(bastion *bindings.Bastion) (CloseWriteStream, error) {
 	for retries := 1; ; retries++ {
 		forward, err := bastion.Client.Dial("unix", bastion.URI.Path)
 		if err == nil {
-			return forward, nil
+			return forward.(ssh.Channel), nil
 		}
 		// Check if ssh connection is still alive
 		_, _, err2 := bastion.Client.Conn.SendRequest("alive@podman", true, nil)
-		if err2 == nil || retries > 2 {
+		if err2 != nil || retries > 2 {
 			// couldn't reconnect ssh tunnel, or the destination is unreachable
-			return forward, errors.Wrapf(err, "Couldn't reestablish ssh connection: %s", bastion.URI)
+			return nil, errors.Wrapf(err, "Couldn't reestablish ssh connection: %s", bastion.URI)
 		}
 
 		bastion.Reconnect()
@@ -161,15 +168,21 @@ func acceptConnection(listener net.Listener, bastion *bindings.Bastion, socketUR
 		return errors.Wrapf(err, "Error accepting on socket: %s", socketURI.Path)
 	}
 
+	src, ok := con.(CloseWriteStream)
+	if !ok {
+		con.Close()
+		return errors.Wrapf(err, "Underlying socket does not support half-close %s", socketURI.Path)
+	}
+
 	dest, err := connectForward(bastion)
 	if err != nil {
 		con.Close()
 		logrus.Error(err)
 		return nil // eat
 	}
 
-	go forward(con, dest)
-	go forward(dest, con)
+	go forward(src, dest)
+	go forward(dest, src)
 
 	return nil
 }
@@ -196,8 +209,8 @@ func accept(listener net.Listener) (net.Conn, error) {
 	return con, err
 }
 
-func forward(src io.Reader, dest io.WriteCloser) {
-	defer dest.Close()
+func forward(src io.Reader, dest CloseWriteStream) {
+	defer dest.CloseWrite()
 	io.Copy(dest, src)
 }
 

diff --git a/pkg/machine/config.go b/pkg/machine/config.go
@@ -64,7 +64,9 @@ type SSHOptions struct {
 	Username string
 	Args     []string
 }
-type StartOptions struct{}
+type StartOptions struct {
+	Compat bool
+}
 
 type StopOptions struct{}
 

diff --git a/pkg/machine/qemu/machine.go b/pkg/machine/qemu/machine.go
@@ -23,6 +23,7 @@ import (
 	"github.com/containers/podman/v3/utils"
 	"github.com/containers/storage/pkg/homedir"
 	"github.com/digitalocean/go-qemu/qmp"
+	"github.com/moby/term"
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 )
@@ -240,13 +241,17 @@ func (v *MachineVM) Init(opts machine.InitOptions) error {
 }
 
 // Start executes the qemu command line and forks it
-func (v *MachineVM) Start(name string, _ machine.StartOptions) error {
+func (v *MachineVM) Start(name string, startOptions machine.StartOptions) error {
 	var (
 		conn           net.Conn
 		err            error
 		qemuSocketConn net.Conn
 	)
 
+	if startOptions.Compat && !term.IsTerminal(os.Stdin.Fd()) {
+		return errors.Errorf("Launching with compatibility socket requires a terminal for sudo")
+	}
+
 	if err := v.startHostNetworking(); err != nil {
 		return errors.Errorf("unable to start host networking: %q", err)
 	}
@@ -339,21 +344,68 @@ func (v *MachineVM) Start(name string, _ machine.StartOptions) error {
 	rootfullSocket, _, _ := v.getUnixSocketAndPID(true)
 
 	for _, s := range []string{rootfullSocket, rootlessSocket} {
-		v.verifyProxyConnection(s)
+		err := v.verifyProxyConnection(s)
 		if err != nil {
 			return err
 		}
 	}
 
-	fmt.Printf("Machine %q started successfully!\n", v.Name)
+	if startOptions.Compat {
+		err := createDockerSock(rootfullSocket, attr)
+		if err != nil {
+			return errors.Errorf("Unable to create docker.sock compatibility link: %q", err)
+		}
+	}
+
+	fmt.Printf("Machine %q started successfully!\n\n", v.Name)
+	fmt.Printf("Podman Clients\n")
+	fmt.Printf("--------------\n")
+	fmt.Printf("Podman clients can now access this machine using standard podman commands.\n")
+	fmt.Printf("For example, to run a date command on a *rootless* container:\n")
+	fmt.Printf("\n    podman run ubi8/ubi-micro date\n")
+	fmt.Printf("\nTo bind port 80 using a *root* container:\n")
+	fmt.Printf("\n    podman -c podman-machine-default-root run -dt -p 80:80/tcp docker.io/library/httpd\n\n")
 
-	fmt.Printf("\nNon-podman clients can access rootless podman with the following environment:\n\n")
-	fmt.Printf("export DOCKER_HOST=unix://%s\n\n", rootlessSocket)
-	fmt.Printf("  or for root containers:\n\n")
-	fmt.Printf("export DOCKER_HOST=unix://%s\n\n", rootfullSocket)
+	fmt.Printf("Docker API Clients\n")
+	fmt.Printf("------------------\n")
+	if startOptions.Compat {
+		fmt.Printf("Compatibility socket is active. Docker API clients require no special environment for *root* containers.\n")
+	}
+
+	fmt.Printf("Docker API clients can access *rootless* podman with the following environment:\n\n")
+	fmt.Printf("    export DOCKER_HOST=unix://%s\n\n", rootlessSocket)
+
+	if !startOptions.Compat {
+		fmt.Printf("Or for *root* containers:\n\n")
+		fmt.Printf("    export DOCKER_HOST=unix://%s\n\n", rootfullSocket)
+	}
 
 	return nil
 }
+
+func createDockerSock(rootfullSocket string, attr *os.ProcAttr) error {
+	var (
+		err     error
+		process *os.Process
+		state   *os.ProcessState
+	)
+
+	if dest, _ := os.Readlink("/var/run/docker.sock"); dest == rootfullSocket {
+		fmt.Println("Compatibility symlink already points to correct location, skipping!")
+	} else {
+		fmt.Println("Creating /var/run/docker.sock compatibility link (you might be prompted for your password)")
+		process, err = os.StartProcess("/usr/bin/sudo", []string{"/usr/bin/sudo", "/bin/ln", "-fs", rootfullSocket, "/var/run/docker.sock"}, attr)
+		if err == nil {
+			state, err = process.Wait()
+			if state.ExitCode() != 0 {
+				err = errors.Errorf("Sudo failed creating link.")
+			}
+		}
+	}
+
+	return err
+}
+
 func socketWait(socket string, close bool) (net.Conn, error) {
 	return socketWaitS("unix", socket, close, false)
 }