# README
ContainerSSH Docker Backend Library
This library implements a backend that connects to a Docker socket and launches a new container for each connection, then runs executes a separate command per channel using docker exec. It replaces the legacy dockerrun backend.
⚠⚠⚠ Warning: This is a developer documentation. ⚠⚠⚠
The user documentation for ContainerSSH is located at containerssh.io.
Using this library
This library implements a NetworkConnectionHandler from the sshserver library. This can be embedded into a connection handler.
The network connection handler can be created with the New() method:
var client net.TCPAddr
connectionID := "0123456789ABCDEF"
config := docker.Config{
//...
}
collector := metrics.New()
dr, err := docker.New(
client,
connectionID,
config,
logger,
collector.MustCreateCounter("backend_requests", "", ""),
collector.MustCreateCounter("backend_failures", "", ""),
)
if err != nil {
// Handle error
}
The logger parameter is a logger from the ContainerSSH logger library.
The dr variable can then be used to create a container on finished handshake:
ssh, err := dr.OnHandshakeSuccess("provided-connection-username")
Conversely, on disconnect you must call dr.OnDisconnect(). The ssh variable can then be used to create session channels:
var channelID uint64 = 0
extraData := []byte{}
session, err := ssh.OnSessionChannel(channelID, extraData)
Finally, the session can be used to launch programs:
var requestID uint64 = 0
err = session.OnEnvRequest(requestID, "foo", "bar")
// ...
requestID = 1
var stdin io.Reader
var stdout, stderr io.Writer
err = session.OnShell(
requestID,
stdin,
stdout,
stderr,
func(exitStatus ExitStatus) {
// ...
},
)
Operating modes
This library supports several operating modes:
connectioncreates a container per connection and uses thedocker execmechanism to launch SSH programs inside the container. This mode ignores theCMDof the container image and uses theidleProgramsetting to launch inside the container.sessioncreates a container per session and potentially results in multiple containers for a single SSH connection. This mode uses theCMDof the container image or from the configuration.
# Functions
New creates a new NetworkConnectionHandler for a specific client.
NewDockerRun creates a new NetworkConnectionHandler based on the deprecated "dockerrun" config structure.
# Constants
The ContainerSSH Docker module failed to deliver a signal because [ContainerSSH Guest Agent](https://github.com/containerssh/agent) support is disabled.
The ContainerSSH Docker module detected a configuration error.
The ContainerSSH Docker module could not fetch the exit code from the program because the container is restarting.
The ContainerSSH Docker module failed to stop the container.
This message indicates that you are still using the deprecated DockerRun backend.
The ContainerSSH Docker module failed to read from the ContainerSSH agent.
The ContainerSSH Docker module has failed to attach to a container in session mode.
The ContainerSSH Docker module failed to create a container.
The ContainerSSH Docker module could not remove the container.
The ContainerSSH Docker module has failed to send a signal to the container.
The ContainerSSH docker module failed to start the container.
The ContainerSSH Docker module could not attach to the previously-created execution.
The ContainerSSH Docker module has failed to create an execution.
The ContainerSSH Docker module failed to deliver a signal.
The ContainerSSH Docker module failed to list the images present in the local Docker daemon.
The ContainerSSH Docker module failed to pull the specified container image.
The ContainerSSH Docker module attempted to close the input (stdin) for reading but failed to do so.
The ContainerSSH Docker module failed to stream stdin to the Docker engine.
The ContainerSSH Docker module attempted to close the output (stdout and stderr) for writing but failed to do so.
The ContainerSSH Docker module failed to stream stdout and stderr from the Docker engine.
The ContainerSSH Docker module has failed to read the process ID from the [ContainerSSH Guest Agent](https://github.com/containerssh/agent).
The ContainerSSH Docker module failed to resize the console.
The ContainerSSH Docker module can't deliver a signal because no PID has been recorded.
The ContainerSSH Docker module has failed to fetch the exit code of the program.
The [ContainerSSH Guest Agent](https://github.com/containerssh/agent) has been disabled, which is strongly discouraged.
The ContainerSSH Docker module has received a negative exit code from Docker.
The ContainerSSH Docker module can't execute the request because the program is already running.
This message indicates that the user tried to execute a program, but program execution is disabled in the legacy DockerRun configuration.
This message indicates that the user requested an action that can only be performed when a program is running, but there is currently no program running.
The ContainerSSH Docker module is shutting down a container.
The ContainerSSH Docker module could not fetch the program exit code because the program is still running.
The ContainerSSH Docker module is not configured to run the requested subsystem.
ExecutionModeConnection launches one container per SSH connection.
ExecutionModeSession launches one container per SSH session (multiple containers per connection).
ImagePullPolicyAlways means that the container image will be pulled on every connection.
ImagePullPolicyIfNotPresent means the image will be pulled if the image is not present locally, an empty tag, or the "latest" tag was specified.
ImagePullPolicyNever means that the image will be never pulled, and if the image is not available locally the connection will fail.
The ContainerSSH Docker module is attaching to a container in session mode.
The ContainerSSH Docker module is creating a container.
The ContainerSSH Docker module os removing the container.
The ContainerSSH Docker module has successfully removed the container.
The ContainerSSH Docker module is sending a signal to the container.
The ContainerSSH Docker module is starting the previously-created container.
The ContainerSSH Docker module is stopping the container.
The ContainerSSH Docker module is creating an execution.
The ContainerSSH Docker module is attaching to the previously-created execution.
The ContainerSSH Docker module is creating an execution.
The ContainerSSH Docker module is delivering a signal in container mode.
The ContainerSSH Docker module successfully delivered the requested signal.
The ContainerSSH Docker module is fetching the exit code from the program.
The ContainerSSH Docker module is listing the locally present container images to determine if the specified container image needs to be pulled.
The ContainerSSH Docker module is pulling the container image.
The ContainerSSH Docker module is checking if an image pull is needed.
The ContainerSSH Docker module is resizing the console.
This message is the user-visible message if the Docker initialization fails.
# Structs
Config is the base configuration structure of the DockerRun backend.
ConnectionConfig configures how to connect to dockerd.
DockerRunConfig describes the old ContainerSSH 0.3 configuration format that can still be read and used.Deprecated: Switch to the more generic "docker" backend.goland:noinspection GoNameStartsWithPackageName,GoDeprecation.
Deprecated: Switch to the more generic "docker" backend.goland:noinspection GoNameStartsWithPackageName,GoDeprecation.
ExecutionConfig contains the configuration of what container to run in Docker.goland:noinspection GoVetStructTag.
LaunchConfig contains the container configuration for the Docker client version 20.
TimeoutConfig drives the various timeouts in the Docker backend.
# Type aliases
ExecutionMode determines when a container is launched.
ImagePullPolicy drives how and when images are pulled.