mirror of
https://github.com/containers/podman.git
synced 2025-10-12 16:56:32 +08:00
feb36e4fe6
* Added flags to point to TLS PEM files to use for exposing and connecting to an encrypted remote API socket with server and client authentication. * Added TLS fields for system connection ls templates. * Added special "tls" format for system connection ls to list TLS fields in human-readable table format. * Updated remote integration and system tests to allow specifying a "transport" to run the full suite against a unix, tcp, tls, or mtls system service. * Added system tests to verify basic operation of unix, tcp, tls, and mtls services, clients, and connections. Signed-off-by: Andrew Melnick <meln5674.5674@gmail.com>
64 lines
2.1 KiB
Go
64 lines
2.1 KiB
Go
//go:build remote
|
|
|
|
package infra
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"sync"
|
|
|
|
"github.com/containers/podman/v5/pkg/bindings"
|
|
"github.com/containers/podman/v5/pkg/domain/entities"
|
|
"github.com/containers/podman/v5/pkg/domain/infra/tunnel"
|
|
)
|
|
|
|
var (
|
|
connectionMutex = &sync.Mutex{}
|
|
connection *context.Context
|
|
)
|
|
|
|
func newConnection(uri string, identity, tlsCertFile, tlsKeyFile, tlsCAFile, farmNodeName string, machine bool) (context.Context, error) {
|
|
connectionMutex.Lock()
|
|
defer connectionMutex.Unlock()
|
|
|
|
// if farmNodeName given, then create a connection with the node so that we can send builds there
|
|
if connection == nil || farmNodeName != "" {
|
|
ctx, err := bindings.NewConnectionWithOptions(context.Background(), bindings.Options{
|
|
URI: uri,
|
|
Identity: identity,
|
|
TLSCertFile: tlsCertFile,
|
|
TLSKeyFile: tlsKeyFile,
|
|
TLSCAFile: tlsCAFile,
|
|
Machine: machine,
|
|
})
|
|
if err != nil {
|
|
return ctx, err
|
|
}
|
|
connection = &ctx
|
|
}
|
|
return *connection, nil
|
|
}
|
|
|
|
func NewContainerEngine(facts *entities.PodmanConfig) (entities.ContainerEngine, error) {
|
|
switch facts.EngineMode {
|
|
case entities.ABIMode:
|
|
return nil, fmt.Errorf("direct runtime not supported")
|
|
case entities.TunnelMode:
|
|
ctx, err := newConnection(facts.URI, facts.Identity, facts.TLSCertFile, facts.TLSKeyFile, facts.TLSCAFile, "", facts.MachineMode)
|
|
return &tunnel.ContainerEngine{ClientCtx: ctx}, err
|
|
}
|
|
return nil, fmt.Errorf("runtime mode '%v' is not supported", facts.EngineMode)
|
|
}
|
|
|
|
// NewImageEngine factory provides a libpod runtime for image-related operations
|
|
func NewImageEngine(facts *entities.PodmanConfig) (entities.ImageEngine, error) {
|
|
switch facts.EngineMode {
|
|
case entities.ABIMode:
|
|
return nil, fmt.Errorf("direct image runtime not supported")
|
|
case entities.TunnelMode:
|
|
ctx, err := newConnection(facts.URI, facts.Identity, facts.TLSCertFile, facts.TLSKeyFile, facts.TLSCAFile, facts.FarmNodeName, facts.MachineMode)
|
|
return &tunnel.ImageEngine{ClientCtx: ctx, FarmNode: tunnel.FarmNode{NodeName: facts.FarmNodeName}}, err
|
|
}
|
|
return nil, fmt.Errorf("runtime mode '%v' is not supported", facts.EngineMode)
|
|
}
|