Podman based local host #1240
Podman based local host #1240
Conversation
pducolin
force-pushed
the
pducolin/docker-localhost
branch
from
3ef9706
to
7c44225
Compare
![datadog-datadog-prod-us1[bot]](https://avatars.githubusercontent.com/u/365230?s=60&v=4){kind=small}
|
|
||
| RUN service ssh start | ||
|
|
||
| EXPOSE 22 |
There was a problem hiding this comment.
🟠 Code Vulnerability
do not expose ssh service from your container (...read more)
Never expose admin ports such as the SSH port 22 in your container. It increases the surface of attack of your containers.
There was a problem hiding this comment.
This docker file is meant only for local development
pducolin
force-pushed
the
pducolin/docker-localhost
branch
from
7c44225
to
5039a6b
Compare
pducolin
force-pushed
the
pducolin/docker-localhost
branch
from
5039a6b
to
33d6206
Compare
pducolin
force-pushed
the
pducolin/docker-localhost
branch
from
28aba8f
to
d31d113
Compare
|
|
||
| RUN service ssh start | ||
|
|
||
| EXPOSE 22 |
There was a problem hiding this comment.
🟠 Code Vulnerability
do not expose ssh service from your container (...read more)
Never expose admin ports such as the SSH port 22 in your container. It increases the surface of attack of your containers.
pducolin
force-pushed
the
pducolin/docker-localhost
branch
from
b23d2a7
to
1f661af
Compare
| @@ -285,7 +285,7 @@ func WithIntakeHostname(hostname string) func(*Params) error { | |||
| func WithFakeintake(fakeintake *fakeintake.Fakeintake) func(*Params) error { | |||
| return func(p *Params) error { | |||
| p.ResourceOptions = append(p.ResourceOptions, utils.PulumiDependsOn(fakeintake)) | |||
| return withIntakeHostname(fakeintake.Host)(p) | |||
| return withIntakeHostname(fakeintake.Host, fakeintake.Port)(p) | |||
There was a problem hiding this comment.
It will change the behavior because currently we always use port 80. We might end up with the config using port 443 when the fakeintake is deployed in ECS. Are we sure it still works as expected?
| return e.InfraConfig.Get(DDInfraDefaultPublicKeyPath) | ||
| } | ||
|
|
||
| func (e *Environment) GetCommonEnvironment() *config.CommonEnvironment { |
There was a problem hiding this comment.
Do you really need to access the underlying common environment? I do not expect it to be used since we introduced the config.Env interface
| // NewVM creates an localpodman Ubuntu VM Instance and returns a Remote component. | ||
| // Without any parameter it creates an Ubuntu VM on AMD64 architecture. |
There was a problem hiding this comment.
Maybe we could make it more clear that it does not really create a VM but rather a container that is supposed to behave like a VM.
The second line is also a bit strange because we cannot pass any parameter. We can just indicate that it creates a Ubuntu container with AMD64 architecture
What does this PR do?
Add a
dockerpodman based host scenario, to be used locally to run e2e tests with the agent installed on a local docker container.Which scenarios this will impact?
VM scenarios are impacted by some refactoring commits
Motivation
This PR takes over #829 work by @carlosroman and adds support to use a local Ubuntu instance running on a docker container as it was a host.
The instance is configured to talk through SSH, with the user's public key uploaded at setup up time.
Why podman? Podman is a container management tool that supports running systemd on containers. For more details see https://developers.redhat.com/blog/2019/04/24/how-to-run-systemd-in-a-container
Additional Notes
I plan to follow up with a refactoring to move
Runnerto an interface with aRemoteRunnerandLocalRunnerimplementation, to allow re-using all the cross-platform helpers we have for files management.Once that is done, I will write the dockerfile within pulumi, so that we clean it up at stack destroy
Performance
From local tests, it takes ~1 minute to create an environment with fakeintake and agent installed on the host and 2 seconds to destroy it.