Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Exclude /run/host-services When Using Docker Desktop on MacOS #1293

Open
wants to merge 1 commit into
base: devel
Choose a base branch
from
Open

Exclude /run/host-services When Using Docker Desktop on MacOS #1293

wants to merge 1 commit into from

Conversation

timway
Copy link

@timway timway commented Aug 10, 2023
edited

  • Docker Desktop takes care of setting up ssh-agent forwarding from MacOS but does in a way that is only allowed to root inside the container
  • As documented at the time of commit at https://docs.docker.com/desktop/networking/#ssh-agent-forwarding
  • Move the None check ahead of the path checking with a specific error message to clearly differentiate that error from path checking errors

Partially addresses #1292 by exempting paths starting with /run/host-services in containerized mode on docker from the source path check.

I'd like to hear feedback on making --user root the default for docker possibly when a volume mount has a path sourced in /run/host-services on docker or in all cases on docker.

A similar fix like this one will be required in order to resolve ansible/ansible-navigator#1593 after/if this is merged into ansible-runner as well.

@timway
Exclude /run/host-services When Using Docker Desktop on MacOS
f042704 
* Docker Desktop takes care of setting up ssh-agent forwarding from MacOS but does in a way that is only allowed to `root` inside the container
* As documented at the time of commit at https://docs.docker.com/desktop/networking/#ssh-agent-forwarding
* Move the `None` check ahead of the path checking with a specific error message to clearly differentiate that error from path checking errors
@timway timway requested a review from a team as a code owner August 10, 2023 06:25
@timway timway mentioned this pull request Aug 10, 2023
Open
@timway
Copy link
Author

timway commented Aug 22, 2023

Just checking in on this issue. What should I be doing to advance this?

I wrote a very targeted fix for the issue but I noticed it may be better to look holistically at the project. Would it be better to design an interface various process isolation methods could implement? That would make it easier to implement the various scenarios that runner is getting leveraged in these days. I'd be willing to take a shot at the initial design and see where it goes if necessary. I'd need to know where maintainers see things before spending substantial time on something like that though.

@ekartsonakis ekartsonakis mentioned this pull request Oct 6, 2023
Open
@wmudge
Copy link

wmudge commented Oct 19, 2023

@timway - would be a +1 if this could be an option for ansible-runner, as other container engines like Colima provide the SSH socket in other paths. See abiosoft/colima#127

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

SSH Agent Forwarding With VS Code Remote-SSH
2 participants
@timway @wmudge