Podman (5.2.2, win32) can not remote to Podman (5.0.3, Alpine)

[senpro-ingwersenk]

Issue Description

I followed the instructions given here: https://github.com/containers/podman/blob/main/docs/tutorials/mac_win_client.md and configured my Windows maschine and the RasPi4 running Alpine 3.20 appropriately:

PS C:\Users\ingwersenk> podman system connection ls
Name                         URI                                                          Identity                                                            Default     ReadWrite
podman-machine-default       ssh://user@127.0.0.1:65112/run/user/1000/podman/podman.sock  C:\Users\ingwersenk\.local\share\containers\podman\machine\machine  false       true
podman-machine-default-root  ssh://root@127.0.0.1:65112/run/podman/podman.sock            C:\Users\ingwersenk\.local\share\containers\podman\machine\machine  false       true
senst-sv-vpnbro              ssh://root@192.168.28.107:22/run/podman/podman.sock          C:\Users\ingwersenk\.ssh\id_rsa                                     true        true
PS C:\Users\ingwersenk> ssh root@192.168.28.107 ls -l /run/podman/podman.sock
srw------- 1 root root 0 Sep 17 08:54 /run/podman/podman.sock

So far, so good. However, this fails:

> podman --remote --connection=senst-sv-vpnbro --log-level=debug info
time="2024-09-17T09:04:15+02:00" level=info msg="C:\\Program Files\\RedHat\\Podman\\podman.exe filtering at log level debug"
time="2024-09-17T09:04:15+02:00" level=debug msg="Called info.PersistentPreRunE(C:\\Program Files\\RedHat\\Podman\\podman.exe --remote --connection=senst-sv-vpnbro --log-level=debug info)"
time="2024-09-17T09:04:15+02:00" level=debug msg="SSH Ident Key \"C:\\\\Users\\\\ingwersenk\\\\.ssh\\\\id_rsa\" SHA256:6CKksrhbQCnaqw5LxSe7dwBKKaU/eFJqb5ZKlf01Gdg ssh-rsa"
time="2024-09-17T09:04:15+02:00" level=debug msg="DoRequest Method: GET URI: http://d/v5.2.2/libpod/_ping"
time="2024-09-17T09:04:15+02:00" level=debug msg="Using Podman machine with `wsl` virtualization provider"
OS: windows/amd64
provider: wsl
version: 5.2.2

Cannot connect to Podman. Please verify your connection to the Linux system using `podman system connection list`, or try `podman machine init` and `podman machine start` to manage a new Linux VM
Error: unable to connect to Podman socket: Get "http://d/v5.2.2/libpod/_ping": ssh: rejected: connect failed (open failed)
time="2024-09-17T09:04:15+02:00" level=debug msg="Shutting down engines"

As far as I can tell, it can log in, but not open the socket. And I assume that it can not -L-map the UNIX socket into Windows - because, well, it's Windows. ;)

Steps to reproduce the issue

Steps to reproduce the issue

1. Follow the instructions from the guide
2. Add the connection, keys and settings
3. Validate /etc/containers/containers.conf
4. Attempt to query the info or run a container.

Describe the results you received

Describe the results you received

Describe the results you expected

As shown in the log above, I received an error. The assumption is that the UNIX socket can not be properly mapped.

podman info output

Local:

> podman --connection=podman-machine-default-root info
host:
  arch: amd64
  buildahVersion: 1.35.4
  cgroupControllers:
  - cpuset
  - cpu
  - cpuacct
  - blkio
  - memory
  - devices
  - freezer
  - net_cls
  - perf_event
  - net_prio
  - hugetlb
  - pids
  - rdma
  - misc
  cgroupManager: cgroupfs
  cgroupVersion: v1
  conmon:
    package: conmon-2.1.10-1.fc40.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.10, commit: '
  cpuUtilization:
    idlePercent: 99.37
    systemPercent: 0.2
    userPercent: 0.43
  cpus: 12
  databaseBackend: sqlite
  distribution:
    distribution: fedora
    variant: container
    version: "40"
  eventLogger: journald
  freeLocks: 2034
  hostname: SENST-NB-KEIN
  idMappings:
    gidmap: null
    uidmap: null
  kernel: 5.15.146.1-microsoft-standard-WSL2
  linkmode: dynamic
  logDriver: journald
  memFree: 567418880
  memTotal: 8161320960
  networkBackend: netavark
  networkBackendInfo:
    backend: netavark
    dns:
      package: aardvark-dns-1.10.0-1.fc40.x86_64
      path: /usr/libexec/podman/aardvark-dns
      version: aardvark-dns 1.10.0
    package: netavark-1.10.3-3.fc40.x86_64
    path: /usr/libexec/podman/netavark
    version: netavark 1.10.3
  ociRuntime:
    name: crun
    package: crun-1.15-1.fc40.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 1.15
      commit: e6eacaf4034e84185fd8780ac9262bbf57082278
      rundir: /run/crun
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +LIBKRUN +WASM:wasmedge +YAJL
  os: linux
  pasta:
    executable: /usr/bin/pasta
    package: passt-0^20240510.g7288448-1.fc40.x86_64
    version: |
      pasta 0^20240510.g7288448-1.fc40.x86_64
      Copyright Red Hat
      GNU General Public License, version 2 or later
        <https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
      This is free software: you are free to change and redistribute it.
      There is NO WARRANTY, to the extent permitted by law.
  remoteSocket:
    exists: true
    path: /run/podman/podman.sock
  rootlessNetworkCmd: ""
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: false
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: false
  serviceIsRemote: true
  slirp4netns:
    executable: ""
    package: ""
    version: ""
  swapFree: 2147483648
  swapTotal: 2147483648
  uptime: 1h 18m 52.00s (Approximately 0.04 days)
  variant: ""
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
  - docker.io
store:
  configFile: /usr/share/containers/storage.conf
  containerStore:
    number: 11
    paused: 0
    running: 2
    stopped: 9
  graphDriverName: overlay
  graphOptions:
    overlay.imagestore: /usr/lib/containers/storage
    overlay.mountopt: nodev,metacopy=on
  graphRoot: /var/lib/containers/storage
  graphRootAllocated: 1081101176832
  graphRootUsed: 17415852032
  graphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Supports shifting: "false"
    Supports volatile: "true"
    Using metacopy: "true"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 19
  runRoot: /run/containers/storage
  transientStore: false
  volumePath: /var/lib/containers/storage/volumes
version:
  APIVersion: 5.0.3
  Built: 1715299200
  BuiltTime: Fri May 10 02:00:00 2024
  GitCommit: ""
  GoVersion: go1.22.2
  Os: linux
  OsArch: linux/amd64
  Version: 5.0.3

(I used --connection here pointing to the local Podman machine. It otherwise runs into the authentication error from above.)

Remote:

# podman info
host:
  arch: arm64
  buildahVersion: 1.35.4
  cgroupControllers:
  - cpuset
  - cpu
  - io
  - pids
  cgroupManager: cgroupfs
  cgroupVersion: v2
  conmon:
    package: conmon-2.1.12-r0
    path: /usr/bin/conmon
    version: 'conmon version 2.1.12, commit: unknown'
  cpuUtilization:
    idlePercent: 99.37
    systemPercent: 0.36
    userPercent: 0.27
  cpus: 4
  databaseBackend: sqlite
  distribution:
    distribution: alpine
    version: 3.20.3
  eventLogger: file
  freeLocks: 2013
  hostname: senst-nd-vpnbro
  idMappings:
    gidmap: null
    uidmap: null
  kernel: 6.6.49-0-rpi
  linkmode: dynamic
  logDriver: k8s-file
  memFree: 3495817216
  memTotal: 3977048064
  networkBackend: netavark
  networkBackendInfo:
    backend: netavark
    dns:
      package: aardvark-dns-1.10.0-r0
      path: /usr/libexec/podman/aardvark-dns
      version: aardvark-dns 1.10.0
    package: netavark-1.10.3-r0
    path: /usr/libexec/podman/netavark
    version: netavark 1.10.3
  ociRuntime:
    name: crun
    package: crun-1.15-r0
    path: /usr/bin/crun
    version: |-
      crun version 1.15
      commit: e6eacaf4034e84185fd8780ac9262bbf57082278
      rundir: /run/crun
      spec: 1.0.0
      +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +YAJL
  os: linux
  pasta:
    executable: /usr/bin/pasta
    package: passt-2024.06.07-r0
    version: |
      pasta unknown version
      Copyright Red Hat
      GNU General Public License, version 2 or later
        <https://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
      This is free software: you are free to change and redistribute it.
      There is NO WARRANTY, to the extent permitted by law.
  remoteSocket:
    exists: true
    path: /run/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: false
    seccompEnabled: true
    seccompProfilePath: /etc/containers/seccomp.json
    selinuxEnabled: false
  serviceIsRemote: false
  slirp4netns:
    executable: ""
    package: ""
    version: ""
  swapFree: 0
  swapTotal: 0
  uptime: 1h 4m 27.00s (Approximately 0.04 days)
  variant: v8
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
  - docker.io
store:
  configFile: /etc/containers/storage.conf
  containerStore:
    number: 3
    paused: 0
    running: 2
    stopped: 1
  graphDriverName: overlay
  graphOptions:
    overlay.mountopt: nodev
  graphRoot: /var/lib/containers/storage
  graphRootAllocated: 62227574784
  graphRootUsed: 17312555008
  graphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Supports shifting: "true"
    Supports volatile: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore:
    number: 8
  runRoot: /run/containers/storage
  transientStore: false
  volumePath: /var/lib/containers/storage/volumes
version:
  APIVersion: 5.0.3
  Built: 1720373660
  BuiltTime: Sun Jul  7 19:34:20 2024
  GitCommit: ""
  GoVersion: go1.22.5
  Os: linux
  OsArch: linux/arm64
  Version: 5.0.3

### Podman in a container

No

### Privileged Or Rootless

Privileged

### Upstream Latest Release

No

### Additional environment details

Windows: Podman installed via `winget`

winget show podman Gefunden Podman [RedHat.Podman] Version: 5.2.2 Herausgeber: Red Hat Herausgeber-URL: https://podman.io Herausgeber-Support-URL: https://podman.io/community Autor: Red Hat Inc. Beschreibung: Podman is a daemonless, open source, Linux native tool designed to make it easy to find, run, build, share and deploy applications using Open Containers Initiative (OCI) Containers and Container Images. Podman provides a command line interface (CLI) familiar to anyone who has used the Docker Container Engine. Most users can simply alias Docker to Podman (alias docker=podman) without any problems. Similar to other common Container Engines (Docker, CRI-O, containerd), Podman relies on an OCI compliant Container Runtime (runc, crun, runv, etc) to interface with the operating system and create the running containers. This makes the running containers created by Podman nearly indistinguishable from those created by any other common container engine. Startseite: https://podman.io Lizenz: Apache-2.0 Lizenz-URL: https://github.com/containers/podman/blob/main/LICENSE Versionshinweise: Bugfixes

• Fixed a bug where rootless Podman could fail to validate the runtime's volume path on systems with a symlinked /home (#23515). Misc
• Updated Buildah to v1.37.2
• Updated the containers/common library to v0.60.2
• Updated the containers/image library to v5.32.2 URL der Versionshinweise: https://github.com/containers/podman/releases/tag/v5.2.2 Dokumentation: Documentation: https://podman.io/docs Markierungen: container docker image pod Installationsprogramm: Installertyp: burn Installer-URL: https://github.com/containers/podman/releases/download/v5.2.2/podman-5.2.2-setup.exe Sha256-Installer: 6f0657682e44408d3f9d140abd3e122ba728eda2591e0721f810ea8749358cdc Freigabedatum: 2024-08-21 Unterstützte Offlineverteilung: true

Alpine: Podman installed via apk

# apk info podman
podman-5.0.3-r2 description:
Simple management tool for pods, containers and images

podman-5.0.3-r2 webpage:
https://podman.io/

podman-5.0.3-r2 installed size:
44 MiB

Additional information

Because of the way our AD is structured and set up, and the fact that host-to-container mounts from Windows into Podman are a little sucky-wucky, I want to run Podman remotely on a bare-metal Linux system. So, I grabbed a generic RasPi4, put Alpine on it, installed Podman, added it to the default services...and hope to use it as a better Podman maschine. :)

[baude]

on the alpine host, does /run/podman/podman.sock exist?

Nice writeup by the way.

[senpro-ingwersenk]

Yep, it exists with 600 permissions (-rw-------).

Thanks! =)

EDIT:

# ls -l /run/podman/podman.sock
srw------- 1 root root 0 Sep 17 08:54 /run/podman/podman.sock=

[baude]

and if you pop into the machine (podman machine os), can you use curl to interact with the socket?