Unable to connect to rootless podman socket

Question

Unable to connect to rootless podman socket

Closed this issue 3 months ago · 8 comments

Hi,

Amazing project, I'm very happy to try it. Though I'm a bit struggling to get it to work. I'm using rootless podman, which 'should be' compatible, but often has challenges :-)

$ curl --unix-socket /run/user/1006/podman/podman.sock -H 'content-type: application/json' http://localhost/_ping
OK
$ podman run cup --version
cup 1.1.2
$ podman run -v /run/user/1006/podman/podman.sock:/var/run/docker.sock cup check
https://localhost/v2/: Connection Failed: Connect error: Connection refused (os error 111)

I suspect the different of 'http' versus 'https' here is the problem.

$ curl --unix-socket /run/user/1006/podman/podman.sock -H 'content-type: application/json' https://localhost/_ping
curl: (35) error:0A00010B:SSL routines::wrong version number

Would you consider adding support for plain http?

Answer 1 · 2024-07-15T11:22:05.000Z

Hello @ElmerLastdrager! Thanks for opening this issue.

I haven't tested Cup with Podman yet and this issue will require some debugging. All communications with the Docker/Podman daemon are handled by the bollard crate. I haven't explicitly requested communication with the daemon over HTTPS, so I'll look into it and update you. Sorry for the inconvenience!

Answer 2 · 2024-07-15T12:09:01.000Z

Hello again @ElmerLastdrager! Sorry for constantly pinging you but I think the problem here isn't about SSL.

I created an empty VM and installed Podman in there. I set it up to run rootless and then ran systemctl --user start podman.socket. I then used the following command to run Cup: podman run -v /run/user/1001/podman/podman.sock:/var/run/docker.sock -t ghcr.io/sergi0g/cup check. It worked without any problems. I can't understand why your system tries to initiate an HTTPS connection to the socket.

It would be very helpful if you could share details of your system and maybe some instructions to reproduce. I am not familiar with Podman and I might not be setting it up correctly, resulting in ...the expected behavior 😂!

Answer 3 · 2024-07-16T08:17:26.000Z

Thanks for your very fast reply.

I'll setup things from scratch and see whether I can debug this a little further. Might be next week though.

Answer 4 · 2024-07-25T14:25:44.000Z

Hello @sergi0g,

Sorry for taking so long (insert joke about Europeans randomly taking days off during summer).

The good news: i've installed two VM's. One Ubuntu 24.04, installed podman from repo. All works good.
I've installed a second VM to replicate the server I'm having difficulties on (Ubuntu 22.04) and installed podman from source. This also works, using the same versions of podman/netavark/aardvark-dns.

The bad news: so now i'm stuck with two VM's where everything works, and a server-VM where it doesn't. Epic.

So i've continued debugging this on the problematic server. I'm intercepting traffic from the socket:

socat -t100 -v UNIX-LISTEN:/tmp/x,mode=777,reuseaddr,fork UNIX-CONNECT:/run/user/1006/podman/podman.sock

That, interestingly, shows that things work. A request is there, and a response too. If I run the same socat command on a working VM, I get the same output. The output is valid JSON.

Anyhow, I'm closing this issue as 'unable to reproduce' and/or 'mystery' so as to get it off your backlog. If I get any further on debugging this (it greatly annoys me that I'm unable to reproduce), I'll write you.

Answer 5 · 2024-08-12T09:59:27.000Z

Hi @sergi0g,

I've finally managed to debug the issue as it appeared on another (clean, Ubuntu 24.04) server.
The main problem are podman pods creating an images that references 'localhost'. cup tries to find the latest version, but fails.

Reproduce on a clean ubuntu 24.04 VM, install podman from repositories and run systemctl --user start podman.socket. Then:

$ podman images
REPOSITORY  TAG         IMAGE ID    CREATED     SIZE

$ podman pod create

$ podman images
REPOSITORY              TAG         IMAGE ID      CREATED             SIZE
localhost/podman-pause  4.9.3-0     0b3f4e83069f  About a minute ago  835 kB

$ podman run -v /run/user/1000/podman/podman.sock:/var/run/docker.sock ghcr.io/sergi0g/cup check
Trying to pull ghcr.io/sergi0g/cup:latest...
Getting image source signatures
Copying blob 260be9d15afc done   | 
Copying config c3cba7715d done   | 
Writing manifest to image destination
https://localhost/v2/: Connection Failed: Connect error: Connection refused (os error 111)

I hope this helps.
Elmer

Answer 6 · 2024-08-12T12:26:28.000Z

@ElmerLastdrager thanks for the extra info! You're experiencing the same issue as #12. I have very limited free time, so I don't know when this will be fixed.

Answer 7 · 2024-08-30T15:30:39.000Z

(Closing and will be tracked in #12)

Answer 8 · 2024-08-31T17:28:27.000Z

@ElmerLastdrager the latest release adds support for insecure registries. Update Cup and check out the docs to set it up! Tell me if your problem was solved!