Project

General

Profile

Actions

Feature #17657

closed

[container shell] support SSH port forwarding

Added by Tom Clegg over 1 year ago. Updated over 1 year ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Category:
-
Target version:
Start date:
05/10/2021
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Story points:
-
Release relationship:
Auto

Description

If a running container has a service listening on TCP port 80, a user with permission to get an interactive shell with "arvados-client shell" should also be able to forward traffic to it:

arvados-client shell $containerUUID -L12345:localhost:80 -N

Subtasks 1 (0 open1 closed)

Task #17658: Review 17657-ssh-port-forwardResolvedWard Vandewege05/10/2021

Actions

Related issues

Related to Arvados Epics - Story #17207: External access to web services running in containersNew12/01/202203/31/2023

Actions
Related to Arvados - Feature #17668: [Documentation] Container shell accessResolvedWard Vandewege05/14/2021

Actions
Actions #1

Updated by Tom Clegg over 1 year ago

  • Related to Story #17207: External access to web services running in containers added
Actions #2

Updated by Tom Clegg over 1 year ago

  • Target version set to 2021-05-12 sprint
  • Assigned To set to Tom Clegg
  • Status changed from New to In Progress
Actions #4

Updated by Ward Vandewege over 1 year ago

Tom Clegg wrote:

17657-ssh-port-forward @ 97227aa7827c0dfe471fd617e333f1228c5381ae -- developer-run-tests: #2465

The code seems good, if docker specific. It works, I tested it! I have no comments.

I think we need to document the ShellAccess feature. I know we don't have doc yet for arvados-client, but I think this feature should be documented separately.

We should add a note about firewalling to the configuration reference, at a minimum. And something in the user guide on how to use the feature (under "debugging containers", perhaps).

It would be nice to have a page in the architecture section, under "Computation with crunch" that describes how the feature works (the interaction between a-d-c and controller and crunch-run), why it is secure, and how to use it.

Actions #5

Updated by Tom Clegg over 1 year ago

  • Related to Feature #17668: [Documentation] Container shell access added
Actions #6

Updated by Tom Clegg over 1 year ago

  • Status changed from In Progress to Resolved
Actions #7

Updated by Peter Amstutz over 1 year ago

  • Release set to 38
Actions

Also available in: Atom PDF