Remote management of podman hosts

[gbakeman]

Is your feature request related to a problem? Please describe

I can't seem to find a way to connect to a remote machine. This would be a great feature in place of a web GUI running on the remote host, like Portainer.

Describe the solution you'd like

Ability to connect to remote podman hosts (similar to podman-remote).

Describe alternatives you've considered

Portainer apparently does have rudimentary support for podman, but several basic features are broken or not working.

Additional context

This would be a very cool feature for managing remote hosts that are running podman.

[slemeur]

Thanks @gbakeman for reporting this requirement! This is indeed interesting.

I'm having some more question with regards to your specific needs. Once connected to the remote host, what would be the key main use cases you would see?

• Is it monitoring?
• Is it debugging purposes?
• Is it configuring the host?

[gbakeman]

Thanks for getting back to me @slemeur . How about all of the above? :) I'm not sure if you're familiar with Portainer, but I've found it super helpful for creating & configuring containers on the management system (e.g Docker). It would be great if Podman Desktop could do something similar, where we can connect to a remote podman instance like podman-remote for management purposes - starting up containers, configuring them, networks, storage, etc. I don't think it should have to manage much of the host OS its self as I think that would be out of scope for this project. Just the Podman instance would be fantastic.

For what it's worth, podman desktop companion also has an issue tracking a similar feature.

[RobVerduijn]

Hi, just read about podman-desktop and jumped right in. The first thing I looked for was podman-remote functionality. Hope you can add this soon.

Cheers Rob

[benoitf]

Hello @RobVerduijn could you describe your use-case ? Connect through ssh to your remote podman containers ?

[RhavinX]

@benoitf Hi Florent, I also am looking for this functionality, similar to this project: podman-desktop-companion. Although they do not yet have the remote functionality implemented, the placeholder for it is there.

For my own use case, being able to:

• Create networks and mange podman networks (bridged, etc. and be able to set the options, such as enable dns, etc.) eg:

  [
  {
      "cniVersion": "0.4.0",
      "name": "media",
      "plugins": [
          {
              "bridge": "cni-podman0",
              "hairpinMode": true,
              "ipMasq": true,
              "ipam": {
                  "ranges": [
                      [
                          {
                              "gateway": "10.88.2.1",
                              "subnet": "10.88.2.0/24"
                          }
                      ]
                  ],
                  "routes": [
                      {
                          "dst": "0.0.0.0/0"
                      }
                  ],
                  "type": "host-local"
              },
              "isGateway": true,
              "type": "bridge"
          },
          {
              "capabilities": {
                  "portMappings": true
              },
              "type": "portmap"
          },
          {
              "backend": "",
              "type": "firewall"
          },
          {
              "type": "tuning"
          },
          {
              "capabilities": {
                  "aliases": true
              },
              "domainName": "dns.podman",
              "type": "dnsname"
          }
      ]
  }
  ]

• Create pods and connect them to networks, other than the default podman network. Expose ports, etc.

• Create and manage containers, and being able to have them run in pods.

Typically my containers are docker style, so I have just started to use podman-compose, altho at this point I am not sure how to have podman-compose put a container into a pod.

Previously I used a script to do this, which worked. I had 2 pods, 1/ea on a different server. The containers in the pods were able to talk to each other across servers. eg:

#!/bin/bash

podname="media"
network="media"

podman pod rm -f ${podname}
podman pod create --name ${podname} --network ${network} -p 7979:7979

podman run --name=radarr -d --pod=${podname} -e UID=1000 -e GID=1000 -e TZ=America/Somecity-e UMASK_SET=022 -v /path/to/radarr/data:/config -v /path/to:/media-v /path/to/downloads:/downloads --restart unless-stopped lscr.io/linuxserver/radarr:latest

I am just starting to learn Ansible, so will also be looking into how to work with podman.

Thanks.

[fritzfranzke]

Also very keen on such a feature. Alternatively: Is it possible to run podman-desktop as a server installation? IIRC portainer can be self-hosted and accessed via web ui. This would be even more appealing to me, as I could access it from any machine w/o prior setup.

[denMaier]

shouldn't this be easily doable by adding a connection with 'podman system connection add ...' and then just aliasing all the podman commands with 'podman -r' ?

[cdrage]

We should have documentation for this too as this is a cool feature 💯

[mmm8955405]

We should have documentation for this too as this is a cool feature 💯

Managing remote podman is like local. In addition, the local image is directly deployed to the remote podman host for operation. If the program wants to do CI/CD, I believe this is a very necessary function. Docker is already doing this, so beat it.

[codesalatdev]

shouldn't this be easily doable by adding a connection with 'podman system connection add ...' and then just aliasing all the podman commands with 'podman -r' ?

The problem with this is, as far as I can see, that podman desktop expects to find the podman socket. If not, it tries to execute podman system service. Both won't work, since podman refuses to create the socket due to being configured to use remote, but since podman desktop doesn't use the commands themselves, it doesn't recognize this and errors out.

What I'm currently doing is using ssh to forward the socket ssh -L /var/run/user/1000/podman/podman.sock:/var/run/user/1000/podman/podman.sock user@IP. This works for what I am doing, but calling it "hacky" would be an understatement.

[spmfox]

Hello @RobVerduijn could you describe your use-case ? Connect through ssh to your remote podman containers ?

I'd like to chime in here, recently I've been involved with customers that are not approved to use certain container images (Fedora CoreOS) in their environment. They are on Windows for the desktop.

I've been doing the work trying to create a custom container image (for a podman machine) using an approved OS, however ran into several problems during "podman machine init" such as the SSH key generation being difficult (due to FIPS) among other things. Still a work in progress.

It occurred to me to try and use a existing "approved" server and just connect via SSH - I was so excited to see that podman.exe would work in this method, however I quickly found that the desktop client did not honor the connection settings and there was no way to connect to a remote server.

It seems like most of the plumbing is done for this, or at least to support it in a limited fashion. If podman.exe can fully utilize a remote connection then my thought is the desktop client should also?

WSL is great, however it needs admin rights to install if its not there already (at least on Windows 10) and its my belief that forcing the use of WSL may limit adoption in strict environments - at least until it can be installed without admin rights.

Either way, I love this project and please everyone keep up the good work.

[trymeouteh]

This would be an amazing feature.

On your home laptop, one can install podman desktop (not need podman cli) and setup a VPS with podman cli and then manage the podman containers, images, etc on the VPS with a graphical interface.

And have a web client feature were on your home laptop, one can install nothing and setup a VPS with podman cli and podman desktop and have podman desktop enable a web client that can be accessed on any remote computer in the browser.

I think it is already possible to manage podman cli on a vps on your home laptop using ssh in the terninal to connect to the vps and then use podman cli from there. This feature will allow Podman Desktop, a GUI to control and manage containers easily on a VPS and allow you to control remote computers with a web browser.

And to have a side panel on what device you have saved. There will always be a "Local" tab, but users can add/remove devices which will be saved in this side panel.

Many use cases. I would like these two things for managing game servers easily.

[ikke-t]

Would be great if one could setup the podman system remotes, and podman desktop would know to use them. Like instructed in this blog https://blog.while-true-do.io/podman-remote-management/

[techcomplit]

Hello, guys! See, I have a microservices architecture created with mongodb, apollo graphql, graphql, angular, node, express, nestjs. I've installed it in REHL8, using podman in combination with Docker. Everything is installed in two virtual machines, however, I cannot do CURL between both machines, and even though TCP is enables, I can't seem to make my microservices connect via NATS. Any idea on why port 80 is responding in the local network interface IP but not the other ports?

[baodrate]

@techcomplit I do not believe this issue is the appropriate place for your question, which does not seem to have to do with either this feature request nor podman-desktop in general. You might want to try stackoverflow

[JPBarringer]

Throwing in another use-case here / another +1:

I'm running a VPS with copilot, which includes and encourages podman use. They have an installable web UI for managing pods and containers, but I would love to be able to use the podman-desktop UI to manage containers locally (using podman-remote or similar).

I tried setting up podman-remote and using the remote system as the default via command line but it's hanging up, and it still tries to set up a local podman-machine instance which shouldn't be necessary if using the remote. (I'm on MacOS)

I also wonder if enabling a remote setup like this might also allow more advanced local installations like managing containers on CoLiMa (or any other arbitrary local linux instance)

[JPBarringer]

Two More thoughts: 1) I am pretty sure that most of us are talking about using podman-desktop as a UI to manage a remote linux instance (as in https://docs.podman.io/en/latest/markdown/podman-remote.1.html). This is as opposed to the "normal" way, using podman-machine locally. Ideally, it should be possible to use podman-desktop with podman-remote instead of podman-machine. (An example of what this looks like from the command line can be found here https://github.com/containers/podman/blob/main/docs/tutorials/mac_win_client.md)

2) This feature request seems to have a lot more followers than the others on the board. It would be a popular addition.

[afbjorklund]

Lima can soon support external machines, so you can use that to access the remote podman (or docker) socket:

• https://github.com/lima-vm/lima/issues/2109

It handles the unix socket forwarding for you, and also sets up tcp port forwarding and filesystem access (mounts).

You can mix remote with local: https://podman-desktop.io/docs/lima

[peedy2495]

+1 I need to manage remote service nodes. IMHO the best solution would be podman desktop as a web service handling those remote service nodes ;-)

[James-Mat]

A web-interface for Podman-Desktop would be great. If I understood the requirements of my previous speakers correctly, the management of remote podman instances with a GUI is the main request, and deploying Podman-Desktop on a remote host and exposing its features through a web interface would effectively retain all its capabilities. This also wouldn’t complicate the development of new features, which otherwise might only work for local podman instances or would require manually exposing more from the remote host / adding them to podman-remote.

A downside of not incorporating built-in remote functionality into Podman-Desktop would be the inability to manage multiple podman instances from a single GUI, like with a remote and local tab as was previously mentioned. For me, the ability to manage remote instances equivalently to local ones is far more important and being able to do so without additional software on the client (even on smartphones and the like when on the go) outweighs this drawback. Also, management of mutliple podman instances from one GUI appears to be more of a separate concern, which could be implemented independently from a solution for remote-gui-management if the demand is there.

[deboer-tim]

The majority of requests on this issue are for a local Podman Desktop to manage remote Podman machines. Although that could be done by having a web interface on those machines, that's fundamentally a different thing. If that is what you want I'd recommend taking a look at Cockpit (https://github.com/cockpit-project/cockpit-podman) or opening a separate issue.

[James-Mat]

@deboer-tim While it is a different thing, I still think this approach would fit the issue given that it addresses similar problems. I skimmed the request again and many do mention a web interface as a possible solution, also comparing to portainer. If I'm mistaken and this issue should indeed only be about adding remote management capabilities to a local Podman-Desktop, I'll readily open a new issue for a web interface specifically!

I've also taken Cockpit into consideration and have integrated it into some installations. However, in terms of features, it still falls short, and I believe the API approach would bring it, at most, to parity with Portainer on Docker. By exposing Podman Desktop through a web interface, remote management could onsistently match local capabilities.