[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Remote execution in pods in OpenShift v3



`exec` makes use of the `proxy` verb directly to a node.  By default
only cluster admins (we make one for you called system:admin) have the
power to proxy, so only cluster admins can exec into pods.



On Wed, 2015-03-18 at 20:00 +0100, Akram Ben Aissi wrote:
> That's greatly powerful !
> 
> Can we set a policy yet to allow or disallow it?
> 
> Sent from mobile
> 
> > On 18 mars 2015, at 19:51, Clayton Coleman <ccoleman redhat com> wrote:
> > 
> > Remote execution to containers and pods is now part of the 'osc' command - big thanks to Andy for driving that upstream in Kube and into OpenShift.  Some examples:
> > 
> >    # get a remote shell to a pod called 'test'
> >    $ osc exec -itp test -- /bin/bash
> > 
> >    # list a file
> >    $ osc exec -p test -- ls /var/log
> > 
> >    # rsync using osc as netcat
> >    $ rsync -av -e 'osc exec -ip test -- /bin/bash' mylocalfolder/ /tmp/remote/folder
> > 
> > And even SSH, using the ProxyCommand directive and SSHD's inetd support to an image with sshd installed and the default root user having no password.
> > 
> >    $ cat ~/.ssh/config
> >    Host testpod
> >      User root
> >      ProxyCommand osc exec -ip test -- /bin/bash -c "sshd-keygen && $(which sshd) -o 'AuthenticationMethods password' -o 'permitemptypasswords yes' -o 'UsePAM no' -o 'UsePrivilegeSeparation no' -ddd -i -u 256 -E /tmp/log"
> > 
> >    $ ssh testpod
> >    root pod's password: 
> >    Last login: Wed Mar 18 18:28:47 2015 from UNKNOWN
> >    [root test ~]# ps
> >      PID TTY          TIME CMD
> >       24 pts/0    00:00:00 bash
> >       77 pts/0    00:00:00 yum
> >      541 pts/0    00:00:00 bash
> >      557 pts/0    00:00:00 ps
> > 
> > There's still some edge cases around command execution we are testing (sometimes CTRL+C can result in the tty not being reset, so you have to run 'stty sane' or close your shell).  But hopefully you'll start seeing these patterns crop up so you can integrate existing tools and workflows into your OpenShift 3 applications.
> > 
> > _______________________________________________
> > dev mailing list
> > dev lists openshift redhat com
> > http://lists.openshift.redhat.com/openshiftmm/listinfo/dev
> 
> _______________________________________________
> dev mailing list
> dev lists openshift redhat com
> http://lists.openshift.redhat.com/openshiftmm/listinfo/dev



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]