Feature #17657

[container shell] support SSH port forwarding

Added by Tom Clegg 8 months ago. Updated 8 months ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Category:
-
Target version:
Start date:
05/10/2021
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Story points:
-
Release relationship:
Auto

Description

If a running container has a service listening on TCP port 80, a user with permission to get an interactive shell with "arvados-client shell" should also be able to forward traffic to it:

arvados-client shell $containerUUID -L12345:localhost:80 -N

Subtasks

Task #17658: Review 17657-ssh-port-forwardResolvedWard Vandewege


Related issues

Related to Arvados Epics - Story #17207: External access to web services running in containersNew03/01/202206/30/2022

Related to Arvados - Feature #17668: [Documentation] Container shell accessResolved05/14/2021

Associated revisions

Revision 12b7a5c3
Added by Tom Clegg 8 months ago

Merge branch '17657-ssh-port-forward'

refs #17657

Arvados-DCO-1.1-Signed-off-by: Tom Clegg <>

History

#1 Updated by Tom Clegg 8 months ago

  • Related to Story #17207: External access to web services running in containers added

#2 Updated by Tom Clegg 8 months ago

  • Target version set to 2021-05-12 sprint
  • Assigned To set to Tom Clegg
  • Status changed from New to In Progress

#4 Updated by Ward Vandewege 8 months ago

Tom Clegg wrote:

17657-ssh-port-forward @ 97227aa7827c0dfe471fd617e333f1228c5381ae -- https://ci.arvados.org/view/Developer/job/developer-run-tests/2465/

The code seems good, if docker specific. It works, I tested it! I have no comments.

I think we need to document the ShellAccess feature. I know we don't have doc yet for arvados-client, but I think this feature should be documented separately.

We should add a note about firewalling to the configuration reference, at a minimum. And something in the user guide on how to use the feature (under "debugging containers", perhaps).

It would be nice to have a page in the architecture section, under "Computation with crunch" that describes how the feature works (the interaction between a-d-c and controller and crunch-run), why it is secure, and how to use it.

#5 Updated by Tom Clegg 8 months ago

  • Related to Feature #17668: [Documentation] Container shell access added

#6 Updated by Tom Clegg 8 months ago

  • Status changed from In Progress to Resolved

#7 Updated by Peter Amstutz 8 months ago

  • Release set to 38

Also available in: Atom PDF