Bug 1750907
Summary: | UBI7 - Request for openssh-server package in UBI7 image | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Heath Lord <heath.lord> |
Component: | ubi7-container | Assignee: | Scott McCarty <smccarty> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Martin Jenner <mjenner> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.7 | CC: | dornelas, it.niraj, jeffrey_olsen, jnovy, jpazdziora, jwboyer, rbender, rob.eden, smccarty, vashirov |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-04-17 20:36:37 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Heath Lord
2019-09-10 17:36:56 UTC
Heath, Typically, we don't add daemons to UBI. Could you give me a little more information about your use case? Specifically, I am trying to understand why/how a user would use ssh-server in a cloud native way on the service network in OpenShift (aka with the Kubernetes service layer)? Scott, In our environment, we are utilizing a containerized PostgreSQL instance for our database backend, and then utilizing a backrest pod for backup and restore functionality in a separate container. The current issue is that the backrest container relies on having an ssh server running to communicate between itself and the PostgreSQL container’s server that is running. This is how backrest sends the necessary commands to the PostgreSQL database in order to perform both backup and restore operations on the database. While we can understand why this may not necessarily ideal from Red Hat’s perspective, we are currently leveraging this functionality, and we would have to consider some re-architecture on our side if we need to drop this dependency. That is our main reason for requesting the openssh-server package to be added to UBI. Thank you so much for getting back to us so quickly and I apologize for taking so long to reply. Thanks, Heath Hi, I am facing this problem with ubi-8. I can't find openssh-server package. I need to enable and allow incoming sftp connection to the pod. In my use case, external systems will send data files to the pod over sftp. Thank you for reaching out with this request. We appreciate your interest in Red Hat Universal Base Image. Today, UBI is really targeted towards cloud native, application developers working with languages like Java, Node.js, Golang, .Net, Perl, Python, Ruby, and PHP [1]. Currently, this request does not fall within the currently approved use cases for inclusion in UBI. The scope of UBI will likely grow and we will keep this use case in mind. [1]: https://developers.redhat.com/blog/2019/10/09/what-is-red-hat-universal-base-image/ Best Regards Scott McCarty, RHCA Product Management - Containers, Red Hat Enterprise Linux & OpenShift Email: smccarty I am using UBI with Docker on my Mac to develop and test solutions prior to deployment on RHEL. My test cases would be simplified by having the Docker container run sshd -D then letting my test scripts ssh in to run the different scenarios. One use case for SSH in UBI for which we would greatly benefit is allowing us to create a "debug" image/container, which can be remotely accessed to for troubleshooting. Is there another way to accomplish SSH running in UBI without using openssh-server? Thanks! SFTP is an important mechanism for passing data in certain scenarios such as a situation where another service is dropping (for processing) or picking up data (after processing). While this could be split into two images (processing and SFTP server), it is sometimes beneficial for packaging/distribution reasons to keep a "complete" solution in a single image. Logically in this scenario, the SFTP server is no different than an embedded web server serving as the transport mechanism. I would user reconsideration on this because there are other reasons RedHat images may be preferred (policy, being one) for general usage, but this is currently impossible or very difficult to accomplish due to the omission of openssl-server. Thank you for your continued interest in UBI. We have re-evaluated and openssh-server is now included in ubi7 and ubi8 [jwboyer@vader input2]$ podman run -it --rm registry.access.redhat.com/ubi7 Trying to pull registry.access.redhat.com/ubi7:latest... Getting image source signatures Checking if image destination supports signatures Copying blob 6f643dcd4108 done Copying blob 9657f8408390 done Copying config 416acb3112 done Writing manifest to image destination Storing signatures [root@7bb3d89de27c /]# yum --disablerepo=rhel* install openssh-server Loaded plugins: ovl, product-id, search-disabled-repos, subscription-manager ubi-7 | 3.8 kB 00:00 ubi-7-rhah | 3.7 kB 00:00 ubi-7-server-extras-rpms | 3.7 kB 00:00 ubi-7-server-optional-rpms | 3.8 kB 00:00 ubi-server-rhscl-7-rpms | 3.8 kB 00:00 (1/15): ubi-7/x86_64/group | 124 B 00:00 (2/15): ubi-7/x86_64/updateinfo | 92 B 00:00 (3/15): ubi-7/x86_64/primary_db | 801 kB 00:00 (4/15): ubi-7-rhah/x86_64/group | 124 B 00:00 (5/15): ubi-7-rhah/x86_64/primary_db | 2.5 kB 00:00 (6/15): ubi-7-rhah/x86_64/updateinfo | 92 B 00:00 (7/15): ubi-7-server-extras-rpms/x86_64/group | 124 B 00:00 (8/15): ubi-7-server-extras-rpms/x86_64/primary_db | 6.8 kB 00:00 (9/15): ubi-7-server-extras-rpms/x86_64/updateinfo | 92 B 00:00 (10/15): ubi-7-server-optional-rpms/x86_64/group | 124 B 00:00 (11/15): ubi-7-server-optional-rpms/x86_64/primary_db | 14 kB 00:00 (12/15): ubi-7-server-optional-rpms/x86_64/updateinfo | 92 B 00:00 (13/15): ubi-server-rhscl-7-rpms/x86_64/group | 124 B 00:00 (14/15): ubi-server-rhscl-7-rpms/x86_64/updateinfo | 92 B 00:00 (15/15): ubi-server-rhscl-7-rpms/x86_64/primary_db | 397 kB 00:00 Resolving Dependencies --> Running transaction check ---> Package openssh-server.x86_64 0:7.4p1-21.el7 will be installed --> Processing Dependency: openssh = 7.4p1-21.el7 for package: openssh-server-7.4p1-21.el7.x86_64 --> Processing Dependency: fipscheck-lib(x86-64) >= 1.3.0 for package: openssh-server-7.4p1-21.el7.x86_64 --> Processing Dependency: libfipscheck.so.1()(64bit) for package: openssh-server-7.4p1-21.el7.x86_64 --> Processing Dependency: libwrap.so.0()(64bit) for package: openssh-server-7.4p1-21.el7.x86_64 --> Running transaction check ---> Package fipscheck-lib.x86_64 0:1.4.1-6.el7 will be installed --> Processing Dependency: /usr/bin/fipscheck for package: fipscheck-lib-1.4.1-6.el7.x86_64 ---> Package openssh.x86_64 0:7.4p1-21.el7 will be installed ---> Package tcp_wrappers-libs.x86_64 0:7.6-77.el7 will be installed --> Running transaction check ---> Package fipscheck.x86_64 0:1.4.1-6.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: openssh-server x86_64 7.4p1-21.el7 ubi-7 459 k Installing for dependencies: fipscheck x86_64 1.4.1-6.el7 ubi-7 21 k fipscheck-lib x86_64 1.4.1-6.el7 ubi-7 11 k openssh x86_64 7.4p1-21.el7 ubi-7 510 k tcp_wrappers-libs x86_64 7.6-77.el7 ubi-7 66 k Transaction Summary ================================================================================ Install 1 Package (+4 Dependent packages) Total download size: 1.0 M Installed size: 3.0 M Is this ok [y/d/N]: |