mgoltzsche / podman-static Goto Github PK
View Code? Open in Web Editor NEWstatic podman binaries and container image
License: Apache License 2.0
static podman binaries and container image
License: Apache License 2.0
I installed podman in ubuntu22.04 and compared it to Podman-static
Can I modify it as follows:
#ignore_chown_errors = "false"
#mount_program = "/usr/bin/fuse-overlayfs"
mountopt = "nodev,metacopy=on"
Hi,
searched for podman static binary and found your repository! Sounds great!
Are that the minimal dependencies?
# Install iptables & new-uidmap
RUN apk add --no-cache ca-certificates iptables ip6tables shadow-uidmap
# Copy binaries from other images
COPY --from=runc /usr/local/bin/runc /usr/local/bin/runc
COPY --from=podman /usr/local/bin/podman /usr/local/bin/podman
COPY --from=conmon /usr/libexec/podman/conmon /usr/libexec/podman/conmon
COPY --from=cniplugins /usr/libexec/cni /usr/libexec/cni
COPY --from=skopeo /usr/local/bin/skopeo /usr/local/bin/skopeo
COPY --from=fuse-overlayfs /usr/bin/fuse-overlayfs /usr/local/bin/fuse-overlayfs
COPY --from=slirp4netns /slirp4netns/slirp4netns /usr/local/bin/slirp4netns
COPY --from=buildah /usr/local/bin/buildah /usr/local/bin/buildah
Or could buildah, skopeo (, ...?) dropped to just use podman (pull and run images)?
run the code as non-root user:
podman run -it --rm --cap-add=sys_admin,mknod --device=/dev/fuse --security-opt label=disable mgoltzsche/podman:latest podman run alpine ip a
Error: failed to set the loopback adapter up: operation not permitted
podman/stable
work fine.
podman run -it --rm --cap-add=sys_admin,mknod --device=/dev/fuse --security-opt label=disable quay.io/podman/stable podman run alpine ip a
Resolved "alpine" as an alias (/etc/containers/registries.conf.d/000-shortnames.conf)
Trying to pull docker.io/library/alpine:latest...
Getting image source signatures
Copying blob sha256:8a49fdb3b6a5ff2bd8ec6a86c05b2922a0f7454579ecc07637e94dfd1d0639b6
Copying config sha256:5e2b554c1c45d22c9d1aa836828828e320a26011b76c08631ac896cbc3625e3e
Writing manifest to image destination
Storing signatures
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: tap0: <BROADCAST,UP,LOWER_UP> mtu 65520 qdisc fq_codel state UNKNOWN qlen 1000
link/ether 86:fb:8c:82:d2:26 brd ff:ff:ff:ff:ff:ff
inet 10.0.2.100/24 brd 10.0.2.255 scope global tap0
valid_lft forever preferred_lft forever
inet6 fd00::84fb:8cff:fe82:d226/64 scope global dynamic flags 100
valid_lft 86399sec preferred_lft 14399sec
inet6 fe80::84fb:8cff:fe82:d226/64 scope link
valid_lft forever preferred_lft forever
podman v4.6.0 released
installed podman as suggested in readme file but unable launch podman in defined user. but with the root user podman perfectly executing . even tried to change the storage config file but no luck . binarys and file have user permission .
how to run these binary in rootless ( even without sudo)
cmd :- podman --version
error :-
Failed to read /etc/containers/storage.conf stat /etc/containers/storage.conf: permission denied
ERRO[0000] finding config on system: lstat /etc/containers/containers.conf.d: permission denied
storage config:-
"'
[storage]
driver = "overlay"
#runroot = "/var/run/containers/storage"
runroot = "/opt/podman/run/containers/storage"
#graphroot = "/var/lib/containers/storage"
graphroot = "/opt/podman/lib/containers/storage"
[storage.options]
additionalimagestores = [
]
[storage.options.overlay]
ignore_chown_errors = "true"
mount_program = "/usr/local/bin/fuse-overlayfs"
mountopt = "nodev,fsync=0"
[storage.options.thinpool]
pvcreate --metadatasize
options when'"
I built podman image for ARM64 using your project and qemu(I added ARM64V8 / prefix for basic images to DockerFile) using these commands:
$docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
$docker build --force-rm --platform=linux/arm64/v8 -t arm64-podman .
After successful building, I launched a container:
#docker run --privileged -it mgoltzsche/podman
Inside the container, I tried to test several commands:
#podman --version
returned:
ERRO[0000] failure getting variant error="getCPUInfo for pattern: Cpu architecture: not found"
podman version 3.2.1
``
#podman -info
, `#podman run` and others returned the same error as in containers/podman#9164:
ERRO[0000] failure getting variant error="getCPUInfo for pattern: Cpu architecture: not found"
Error: failed to get new shm lock manager: failed to create 2048 locks in /libpod_lock: function not implemented
Do I need any changes in the configuration files? Maybe I build an image with incorrect flags, or incorrectly start it?
Is there a reason you limited the plugin to CNI to just bridge and portmap?
To make things easier, it would be nice to have the tuning and firewall plugins (since these are used by podman by default when creating a new network), but I see no reason not to build all of them.
Will you entertain a pull-request to add more plugins?
When trying to run it on k8s, getting the error Error: cannot setup namespace using newuidmap: exit status 1
@mgoltzsche this is more of question. Is it possible to use release files with AlmaLinux
instead of Alpine
, what would be prereqeust packages required.
Hello!
Thx for your great job, this is awesome!
I have a problem with memory restriction for nested container. For example, let's create a golang app which consumes 400mb ram:
package main
import "fmt"
func main() {
lim := 400 << 20
mem := make([]byte, lim)
for i := 0; i < lim; i++ {
mem[i] = '0'
}
fmt.Println("400mb")
}
compile and run it:
go build -o 400 ./main.go && command time --verbose ./400 2>&1 >/dev/null | grep "Maximum resident set size (kbytes)"
The output is (on my machine):
Maximum resident set size (kbytes): 422192
which is 412.29 mb
Now, run this app in container, using minimal
tag:
docker run --privileged --rm -w /workdir -v ./400:/workdir/400 mgoltzsche/podman:minimal \
podman run -v /workdir/400:/bin/400 -m 100m docker.io/alpine /bin/400
The output is (on my machine):
Trying to pull docker.io/library/alpine:latest...
Getting image source signatures
Copying blob sha256:7264a8db6415046d36d16ba98b79778e18accee6ffa71850405994cffa9be7de
Copying config sha256:7e01a0d0a1dcd9e539f8e9bbd80106d59efbdf97293b3d38f5d7a34501526cdb
Writing manifest to image destination
400mb
The app was executed correctly and printed 400mb
, but limit was -m 100m
.
Howewer
If we will use image 4.6.1
the app exited with 137 code, which is (i guess) correct.
command time --verbose \
docker run --privileged --rm -w /workdir -v ./400:/workdir/400 mgoltzsche/podman:4.6.1 \
podman run -v /workdir/400:/bin/400 -m 100m docker.io/alpine /bin/400 \
2>&1 >/dev/null | grep "Exit status"
The output is: Exit status: 137
Let's rise limit (100 mb -> 500mb):
command time --verbose \
docker run --privileged --rm -w /workdir -v ./400:/workdir/400 mgoltzsche/podman:4.6.1 \
podman run -v /workdir/400:/bin/400 -m 500m docker.io/alpine /bin/400 \
2>&1 >/dev/null | grep "Exit status"
The output is: Exit status: 0
My question is: Why memory limit is ignored when using minimal
tag image?
@mgoltzsche This is not an issue. Request to add static buildah
and skopeo
packages, might be as another package like podman-tools
or build-tools
https://github.com/containers/buildah
https://github.com/containers/skopeo
General question:
Is rootless docker-compose a feature, which should be included in these binaries/container images?
With containers/podman#9169 there is (not yet complete) support for running docker-compose with rootless podman, but podman-static is missing some CNI plugins to make it work.
The problably needed plugins were removed in dc8ec32.
For the static-build, it would be preferable to move the cni plugins on conmon to /usr/local/libexec instead of /usr/libexec to further segregate this from files managed by the package manager. /usr/local/libexec is already in the search path, so no additional action should be needed.
podman-static 4.4.3 error
root@node01:~# cephadm bootstrap --mon-ip 192.168.72.40
Verifying podman|docker is present...
Verifying lvm2 is present...
Verifying time synchronization is in place...
Unit chrony.service is enabled and running
Repeating the final host check...
podman (/usr/local/bin/podman) version 4.4.3 is present
systemctl is present
lvcreate is present
Unit chrony.service is enabled and running
Host looks OK
Cluster fsid: fd0ccf44-d176-11ed-bad6-d1da98c13f11
Verifying IP 192.168.72.40 port 3300 ...
Verifying IP 192.168.72.40 port 6789 ...
Mon IP `192.168.72.40` is in CIDR network `192.168.72.0/24`
Mon IP `192.168.72.40` is in CIDR network `192.168.72.0/24`
Internal network (--cluster-network) has not been provided, OSD replication will default to the public_network
Pulling container image quay.io/ceph/ceph:v17...
Ceph version: ceph version 17.2.5 (98318ae89f1a893a6ded3a640405cdbb33e08757) quincy (stable)
Extracting ceph user uid/gid from container image...
Creating initial keys...
Creating initial monmap...
Creating mon...
Non-zero exit code 1 from systemctl start [email protected]
systemctl: stderr Job for [email protected] failed because the control process exited with error code.
systemctl: stderr See "systemctl status [email protected]" and "journalctl -xeu [email protected]" for details.
Traceback (most recent call last):
File "/usr/local/bin/cephadm", line 9653, in <module>
main()
File "/usr/local/bin/cephadm", line 9641, in main
r = ctx.func(ctx)
File "/usr/local/bin/cephadm", line 2205, in _default_image
return func(ctx)
File "/usr/local/bin/cephadm", line 5692, in command_bootstrap
create_mon(ctx, uid, gid, fsid, mon_id)
File "/usr/local/bin/cephadm", line 5146, in create_mon
deploy_daemon(ctx, fsid, 'mon', mon_id, mon_c, uid, gid,
File "/usr/local/bin/cephadm", line 3317, in deploy_daemon
deploy_daemon_units(ctx, fsid, uid, gid, daemon_type, daemon_id,
File "/usr/local/bin/cephadm", line 3573, in deploy_daemon_units
call_throws(ctx, ['systemctl', 'start', unit_name])
File "/usr/local/bin/cephadm", line 1852, in call_throws
raise RuntimeError(f'Failed command: {" ".join(command)}: {s}')
RuntimeError: Failed command: systemctl start [email protected]: Job for [email protected] failed because the control process exited with error code.
See "systemctl status [email protected]" and "journalctl -xeu [email protected]" for details.
root@node01:~# /bin/bash /var/lib/ceph/4162dd60-d176-11ed-bad6-d1da98c13f11/mon.node01/unit.run
[conmon:e] Include journald in compilation path to log to systemd journal
Error: exit status 1
root@node01:~#
root@node01:~# podman run --name test --log-driver journald -d alpine sleep 1000
[conmon:e] Include journald in compilation path to log to systemd journal
Error: write child: broken pipe
root@node01:~#
root@node01:~# podman info --debug
host:
arch: amd64
buildahVersion: 1.29.0
cgroupControllers:
- cpuset
- cpu
- io
- memory
- hugetlb
- pids
- rdma
- misc
cgroupManager: systemd
cgroupVersion: v2
conmon:
package: Unknown
path: /usr/local/lib/podman/conmon
version: 'conmon version 2.1.7, commit: f633919178f6c8ee4fb41b848a056ec33f8d707d'
cpuUtilization:
idlePercent: 97.58
systemPercent: 0.76
userPercent: 1.66
cpus: 4
distribution:
codename: jammy
distribution: ubuntu
version: "22.04"
eventLogger: file
hostname: node01
idMappings:
gidmap: null
uidmap: null
kernel: 5.15.0-27-generic
linkmode: dynamic
logDriver: k8s-file
memFree: 4623376384
memTotal: 8337428480
networkBackend: cni
ociRuntime:
name: runc
package: Unknown
path: /usr/local/bin/runc
version: |-
runc version 1.1.4
commit: v1.1.4-0-g5fd4c4d
spec: 1.0.2-dev
go: go1.18.10
libseccomp: 2.5.4
os: linux
remoteSocket:
path: /run/podman/podman.sock
security:
apparmorEnabled: true
capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: false
seccompEnabled: true
seccompProfilePath: ""
selinuxEnabled: false
serviceIsRemote: false
slirp4netns:
executable: /usr/local/bin/slirp4netns
package: Unknown
version: |-
slirp4netns version 1.2.0
commit: 656041d45cfca7a4176f6b7eed9e4fe6c11e8383
libslirp: 4.7.0
SLIRP_CONFIG_VERSION_MAX: 4
libseccomp: 2.5.4
swapFree: 4115656704
swapTotal: 4115656704
uptime: 0h 28m 50.00s
plugins:
authorization: null
log:
- k8s-file
- none
- passthrough
network:
- bridge
- macvlan
- ipvlan
volume:
- local
registries:
search:
- docker.io
- registry.fedoraproject.org
- registry.access.redhat.com
store:
configFile: /etc/containers/storage.conf
containerStore:
number: 1
paused: 0
running: 0
stopped: 1
graphDriverName: overlay
graphOptions:
overlay.ignore_chown_errors: "true"
overlay.mount_program:
Executable: /usr/local/bin/fuse-overlayfs
Package: Unknown
Version: |-
fuse-overlayfs: version 1.10
fusermount3 version: 3.10.5
FUSE library version 3.14.0
using FUSE kernel interface version 7.38
overlay.mountopt: nodev,fsync=0
graphRoot: /var/lib/containers/storage
graphRootAllocated: 105223553024
graphRootUsed: 9119862784
graphStatus:
Backing Filesystem: btrfs
Native Overlay Diff: "false"
Supports d_type: "true"
Using metacopy: "false"
imageCopyTmpDir: /var/tmp
imageStore:
number: 3
runRoot: /var/run/containers/storage
transientStore: false
volumePath: /var/lib/containers/storage/volumes
version:
APIVersion: 4.4.3
Built: 0
BuiltTime: Thu Jan 1 08:00:00 1970
GitCommit: ""
GoVersion: go1.18.10
Os: linux
OsArch: linux/amd64
Version: 4.4.3
releated: containers/podman#9481
When I use it in github actions, I get the following error.
cannot clone: Operation not permitted
Error: cannot re-exec process
Workflow configuration file cd.yml:
name: test podman
on:
push:
branches:
- main
# Publish `v1.2.3` tags as releases.
tags:
- v*
jobs:
build:
runs-on: ubuntu-latest
container:
# image: gitlab/gitlab-runner:alpine3.18
# image: mgoltzsche/podman:rootless
# image: mgoltzsche/podman:minimal
image: mgoltzsche/podman:latest
options: --privileged
# --user podman:podman
env:
FORCE_COLOR: 1
steps:
- run: echo "🎉 The job was automatically triggered by a ${{ gitea.event_name }} event."
- name: test podman
run: |
whoami
podman info
Adding --depth=1
param to git checkout
steps results in faster checkout and shorter build time. @mgoltzsche if you agree, I can work on a PR.
Current checkout log; 82MB
download
$ git clone -c 'advice.detachedHead=false' --branch v3.3.1 https://github.com/containers/podman p2
Cloning into 'pod1'...
remote: Enumerating objects: 129375, done.
remote: Counting objects: 100% (102/102), done.
remote: Compressing objects: 100% (90/90), done.
remote: Total 129375 (delta 42), reused 18 (delta 6), pack-reused 129273
Receiving objects: 100% (129375/129375), 82.13 MiB | 1.50 MiB/s, done.
Resolving deltas: 100% (91638/91638), done.
Updating files: 100% (6192/6192), done.
Proposed --depth=1
param checkout log; 11MB
download
$ git clone -c 'advice.detachedHead=false' --depth=1 --branch v3.3.1 https://github.com/containers/podman p1 Cloning into 'pod2'...
remote: Enumerating objects: 7139, done.
remote: Counting objects: 100% (7139/7139), done.
remote: Compressing objects: 100% (5992/5992), done.
remote: Total 7139 (delta 1035), reused 3617 (delta 630), pack-reused 0
Receiving objects: 100% (7139/7139), 10.80 MiB | 2.05 MiB/s, done.
Resolving deltas: 100% (1035/1035), done.
Updating files: 100% (6192/6192), done.
Can I install binary in user-level mode, for example, service is installed in ~/.config/systemd/user/, binary is installed in ~/.local/bin, etc. is installed in ~/.config/podman
Hi 👋,
Thanks for this great effort. I wanted to try and get podman running on my router. Yes, this is probably mad because of the limited OS and resources, but the host should comply to all minimal requirements, so why not? For this I was trying to botch together podman as an entware package, so my paths may seem a bit weird. But now I've seem to hit a wall that I cannot seem to get around.
I've whipped up some basic installation instructions to install your binaries and get them on path:
# NOTE: /tmp/mnt/router/ is an USB device which is the installation target for entware
# First we install the required packages and create the required directories
opkg install curl nsenter shadow-newuidmap
mkdir -p /tmp/mnt/router/podman
cd /tmp/mnt/router/podman/
# Then we download your podman binaries and extract them to the entware locations, which are in PATH
curl -fsSL -O https://github.com/mgoltzsche/podman-static/releases/latest/download/podman-linux-arm64.tar.gz
tar -xzf podman-linux-arm64.tar.gz
cp -r podman-linux-arm64/usr/local podman-linux-arm64/etc ../entware/
# Just a little cleanup
rm podman-linux-arm64.tar.gz
rm -f podman-linux-arm64
# Create the necessary directories and symlink everything to our USB pen drive
mkdir -p /tmp/mnt/router/podman/temp/containers/storage /tmp/mnt/router/podman/share/containers/storage /var/lib/containers/ ~/.local/share/co
ntainers/ /var/run/containers
ln -s /tmp/mnt/router/podman/share/containers/storage /var/lib/containers/storage
ln -s /tmp/mnt/router/podman/share/containers/storage ~/.local/share/containers/storage
ln -s /tmp/mnt/router/podman/temp/containers/storage /var/run/containers/storage
# Set the correct fuse-overlayfs location in storage.json
vim /tmp/mnt/router/entware/etc/containers/storage.conf
# mount_program = "/usr/local/bin/fuse-overlayfs" > mount_program = "/tmp/mnt/router/entware/usr/bin/fuse-overlayfs"
# Optionally create an alias for podman to use as Docker
ln -s /tmp/mnt/router/entware/usr/bin/podman /tmp/mnt/router/entware/bin/docker
First of all podman is found and I can get it running with podman --version
🥳
admin@Router:/tmp/home/root# podman --version
podman version 4.1.1
But any other command will result in the same error:
admin@Router:/tmp/home/root# podman info
Error: no such file or directory
admin@Router:/tmp/home/root# podman images
Error: no such file or directory
admin@Router:/tmp/home/root# podman run --rm -it alpine /bin/sh
Error: no such file or directory
I guess it has something to do with the directory where images should be stored. But I'm unsure how to configure or debug this.
I would appreciatie some help in getting podman running on this very limited device. So if you can point me in the right direction that would be great. Also please feel free to use any of this as documentation if you want to. Thanks again ❤️.
Some files are dynamically linked: conmon, fuse-overlayfs, fusermount3, slirp4netns
podman verson
root@podman:~# podman version
Client: Podman Engine
Version: 4.4.1
API Version: 4.4.1
Go Version: go1.18.10
Built: Thu Jan 1 08:00:00 1970
OS/Arch: linux/amd64
os version
root@podman:~# cat /etc/os-release
PRETTY_NAME="Ubuntu 22.04.1 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.1 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy
repoduce
root@podman:~# podman run --name docker-nginx -p 8080:80 docker.io/nginx
Trying to pull docker.io/library/nginx:latest...
Getting image source signatures
Copying blob 7e9b29976cce done
Copying blob 258f176fd226 done
Copying blob bb263680fed1 done
Copying blob 077b9569ff86 done
Copying blob a0bc35e70773 done
Copying blob 3082a16f3b61 done
Copying config 3f8a00f137 done
Writing manifest to image destination
Storing signatures
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2023/02/11 04:25:18 [notice] 1#1: using the "epoll" event method
2023/02/11 04:25:18 [notice] 1#1: nginx/1.23.3
2023/02/11 04:25:18 [notice] 1#1: built by gcc 10.2.1 20210110 (Debian 10.2.1-6)
2023/02/11 04:25:18 [notice] 1#1: OS: Linux 5.15.0-58-generic
2023/02/11 04:25:18 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2023/02/11 04:25:18 [notice] 1#1: start worker processes
2023/02/11 04:25:18 [notice] 1#1: start worker process 28
2023/02/11 04:25:18 [notice] 1#1: start worker process 29
in another host access 8080 failed, and can not access nginx web in brower.
root@client:~# telnet 192.168.72.16 8080
Trying 192.168.72.16...
^C
root@client:~#
can access in localhost
root@podman:~# ss -antulp |grep 8080
tcp LISTEN 0 4096 0.0.0.0:8080 0.0.0.0:* users:(("conmon",pid=1532273,fd=5))
root@podman:~# telnet 192.168.72.16 8080
Trying 192.168.72.16...
Connected to 192.168.72.16.
Escape character is '^]'.
podman ps
ERRO[0000] running `/usr/bin/newuidmap 420 0 1000 1 1 100000 65536`: newuidmap: write to uid_map failed: Operation not permitted
Error: cannot set up namespace using "/usr/bin/newuidmap": exit status 1
I tried to update podman 1.0.0 to 1.3.1, but get an error message with my build.
Error: error creating libpod runtime: failed to get new shm lock manager: failed to create 2048 locks in /libpod_lock: no such file or directory
time="2022-01-07T00:05:51Z" level=warning msg="Error validating CNI config file /etc/cni/net.d/87-podman.conflist: [failed to find plugin \"bridge\" in path [/usr/local/libexec/cni /usr/libexec/cni /usr/local/lib/cni /usr/lib/cni /opt/cni/bin] failed to find plugin \"portmap\" in path [/usr/local/libexec/cni /usr/libexec/cni /usr/local/lib/cni /usr/lib/cni /opt/cni/bin] failed to find plugin \"firewall\" in path [/usr/local/libexec/cni /usr/libexec/cni /usr/local/lib/cni /usr/lib/cni /opt/cni/bin] failed to find plugin \"tuning\" in path [/usr/local/libexec/cni /usr/libexec/cni /usr/local/lib/cni /usr/lib/cni /opt/cni/bin]]"
this is an amazing project. It works well in K8S, I can run container in pod. but can we get rid of the above warning message?
I am using the latest minimal docker image,
Right now journald is not available as a logging driver, which makes running rootless podman in Nomad difficult.
I assume for journald logging driver to be available, the lib needs to be available when building.
background: kubernetes-sigs/kind#2998
the podman-restart.service should be included on Podman 4.4.0 and onwards
https://github.com/containers/podman/pull/16672
https://github.com/containers/podman/issues/16669
So I guess two works need to be done:
(1) upgrade podman from 4.2.1 to 4.4.0
(2) include the podman-restart
service in static release
The package downloaded from this link(https://github.com/mgoltzsche/podman-static/releases/tag/v4.4.4) does not include crun/catatonit, Do I need to download from 2 links (https://github.com/containers/crun / https://github.com/openSUSE/catatonit)
This Dockerfile can correctly compile static files of the X86 architecture, but I don't know if it is possible to compile it into a static file of the ARM architecture. Can you give me some suggestions?
Using the usual setting on enterprise systems that use FreeIPA end up with a message that the specified uid range is not allowed. Is there anything that we can do to enable compatibility in this situation?
Error when running the example from a WSL2 distribution created from mgoltzsche/podman image:
podman run --privileged -u podman:podman mgoltzsche/podman:minimal docker run alpine:latest echo hello from nested container
Error: crun: executable file
echo
not found in $PATH: No such file or directory: OCI runtime attempted to invoke a command that was not found
podman run --privileged -u podman:podman mgoltzsche/podman:minimal docker run alpine:latest echo hello from nested container
✔ docker.io/mgoltzsche/podman:minimal
Trying to pull docker.io/mgoltzsche/podman:minimal...
Getting image source signatures
Copying blob 25853141089f done
Copying blob da7721c87691 done
Copying blob 0fd7171ccc3f done
Copying blob 9c34b30f84c2 done
Copying blob 78804a79c8a1 done
Copying blob 8663204ce13b done
Copying blob b48929a82346 done
Copying blob b528f4445737 done
Copying blob 504eb5f0286c done
Copying blob 7997e3cea3a0 done
Copying blob ea26d82999fc done
Copying blob 583eb3a94444 done
Copying config 01b32fda28 done
Writing manifest to image destination
Storing signatures
time="2022-06-21T03:16:07Z" level=warning msg="\"/\" is not a shared mount, this could cause issues or missing mounts with rootless containers"
Resolving "alpine" using unqualified-search registries (/etc/containers/registries.conf)
Trying to pull docker.io/library/alpine:latest...
Getting image source signatures
Copying blob sha256:2408cc74d12b6cd092bb8b516ba7d5e290f485d3eb9672efc00f0583730179e8
Copying blob sha256:2408cc74d12b6cd092bb8b516ba7d5e290f485d3eb9672efc00f0583730179e8
Copying config sha256:e66264b98777e12192600bf9b4d663655c98a090072e1bab49e233d7531d1294
Writing manifest to image destination
Storing signatures
Error: crun: executable file `echo` not found in $PATH: No such file or directory: OCI runtime attempted to invoke a command that was not found
Checking the container:
docker run --privileged -it -u podman:podman mgoltzsche/podman:minimal ash
docker run --privileged -it -u podman:podman mgoltzsche/podman:minimal ash
Resolved "mgoltzsche/podman" as an alias (/var/cache/containers/short-name-aliases.conf)
Trying to pull docker.io/mgoltzsche/podman:minimal...
Getting image source signatures
Copying blob 0fd7171ccc3f done
Copying blob 78804a79c8a1 done
Copying blob da7721c87691 done
Copying blob 25853141089f done
Copying blob 8663204ce13b done
Copying blob 9c34b30f84c2 done
Copying blob b48929a82346 done
Copying blob 504eb5f0286c done
Copying blob b528f4445737 done
Copying blob 7997e3cea3a0 done
Copying blob ea26d82999fc done
Copying blob 583eb3a94444 done
Copying config 01b32fda28 done
Writing manifest to image destination
Storing signatures
/ $ env
_CONTAINERS_USERNS_CONFIGURED=
HOSTNAME=62687cb69b68
SHLVL=1
BUILDAH_ISOLATION=chroot
HOME=/podman
container=oci
TERM=xterm
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
PWD=/
/ $ docker ps
WARN[0000] "/" is not a shared mount, this could cause issues or missing mounts with rootless containers
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
/ $ whoami
podman
/ $ docker run -it alpine:latest ash
✔ docker.io/library/alpine:latest
Trying to pull docker.io/library/alpine:latest...
Getting image source signatures
Copying blob 2408cc74d12b done
Copying config e66264b987 done
Writing manifest to image destination
Storing signatures
Error: crun: executable file `ash` not found in $PATH: No such file or directory: OCI runtime attempted to invoke a command that was not found
/ $ docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/alpine latest e66264b98777 4 weeks ago 5.82 MB
/ $ docker container ls -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
cb9ee0597032 docker.io/library/alpine:latest ash 44 seconds ago Created crazy_franklin
/ $ docker run -it alpine:latest
Error: crun: executable file `/bin/sh` not found in $PATH: No such file or directory: OCI runtime attempted to invoke a command that was not found
/ $ exit
Edited - System Info on the host podman (root user)
ls -la /usr/local/bin
-rwxr-xr-x 1 root root 497728 May 8 07:27 fuse-overlayfs
-rwsr-xr-x 1 root root 79336 May 8 07:26 fusermount3
-rwxr-xr-x 1 root root 34777672 May 8 07:27 podman
-rwxr-xr-x 1 root root 12761432 May 8 07:26 runc
-rwxr-xr-x 1 root root 4717296 May 8 07:26 slirp4netns
ls -la /usr/bin/docker
lrwxrwxrwx 1 root root 21 May 8 07:28 /usr/bin/docker -> /usr/local/bin/podman
docker version
Client: Podman Engine
Version: 4.1.0
API Version: 4.1.0
Go Version: go1.16.15
Built: Thu Jan 1 07:30:00 1970
OS/Arch: linux/amd64
docker -v
docker version 4.1.0
podman version
Client: Podman Engine
Version: 4.1.0
API Version: 4.1.0
Go Version: go1.16.15
Built: Thu Jan 1 07:30:00 1970
OS/Arch: linux/amd64
docker info
host:
arch: amd64
buildahVersion: 1.26.1
cgroupControllers:
- cpuset
- cpu
- cpuacct
- blkio
- memory
- devices
- freezer
- net_cls
- perf_event
- net_prio
- hugetlb
- pids
- rdma
cgroupManager: cgroupfs
cgroupVersion: v1
conmon:
package: Unknown
path: /usr/local/lib/podman/conmon
version: 'conmon version 2.1.0, commit: bdb4f6e56cd193d40b75ffc9725d4b74a18cb33c'
cpuUtilization:
idlePercent: 99.75
systemPercent: 0.14
userPercent: 0.11
cpus: 4
distribution:
distribution: alpine
version: 3.14.6
eventLogger: file
hostname: myPortege
idMappings:
gidmap: null
uidmap: null
kernel: 5.10.102.1-microsoft-standard-WSL2
linkmode: dynamic
logDriver: k8s-file
memFree: 1320599552
memTotal: 1505017856
networkBackend: cni
ociRuntime:
name: runc
package: Unknown
path: /usr/local/bin/runc
version: |-
runc version 1.1.1
commit: v1.1.1-0-g52de29d
spec: 1.0.2-dev
go: go1.16.15
libseccomp: 2.5.1
os: linux
remoteSocket:
path: /run/podman/podman.sock
security:
apparmorEnabled: false
capabilities: CAP_AUDIT_WRITE,CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_MKNOD,CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
rootless: false
seccompEnabled: true
seccompProfilePath: ""
selinuxEnabled: false
serviceIsRemote: false
slirp4netns:
executable: /usr/local/bin/slirp4netns
package: Unknown
version: |-
slirp4netns version 1.1.12
commit: 7a104a101aa3278a2152351a082a6df71f57c9a3
libslirp: 4.6.1
SLIRP_CONFIG_VERSION_MAX: 3
libseccomp: 2.5.1
swapFree: 524288000
swapTotal: 524288000
uptime: 1h 29m 14.36s (Approximately 0.04 days)
plugins:
log:
- k8s-file
- none
- passthrough
network:
- bridge
- macvlan
- ipvlan
volume:
- local
registries:
search:
- docker.io
- registry.fedoraproject.org
- registry.access.redhat.com
store:
configFile: /etc/containers/storage.conf
containerStore:
number: 0
paused: 0
running: 0
stopped: 0
graphDriverName: overlay
graphOptions:
overlay.ignore_chown_errors: "true"
overlay.mount_program:
Executable: /usr/local/bin/fuse-overlayfs
Package: Unknown
Version: |-
fuse-overlayfs: version 1.8.2
fusermount3 version: 3.11.0
FUSE library version 3.11.0
using FUSE kernel interface version 7.31
overlay.mountopt: nodev,fsync=0
graphRoot: /var/lib/containers/storage
graphRootAllocated: 269490393088
graphRootUsed: 407048192
graphStatus:
Backing Filesystem: extfs
Native Overlay Diff: "false"
Supports d_type: "true"
Using metacopy: "false"
imageCopyTmpDir: /var/tmp
imageStore:
number: 1
runRoot: /var/run/containers/storage
volumePath: /var/lib/containers/storage/volumes
version:
APIVersion: 4.1.0
Built: 0
BuiltTime: Thu Jan 1 07:30:00 1970
GitCommit: ""
GoVersion: go1.16.15
Os: linux
OsArch: linux/amd64
Version: 4.1.0
Is the above version of podman consistent with this link(https://github.com/containers/podman/tree/v4.8.2)
This is a Q/A, not an issue.
Using yourmgoltzsche/podman
docker image, in Jenkin pipeline. Podman was able to access the public registries but fails on internal registry servername:5000
. Internal registry is a docker/registry
using self signed certificate. I have added servername:5000
to registries.conf and using option --add-host servername:ip-addr
, still not able to connect.
Hey, what I am trying to do is setup podman without sudo. So What I am doing step-by-step:
curl -fsSL -o podman-linux-amd64.tar.gz https://github.com/mgoltzsche/podman-static/releases/latest/download/podman-linux-amd64.tar.gz
tar -xzf podman-linux-amd64.tar.gz
sudo cp -r podman-linux-amd64/usr podman-linux-amd64/etc /
./podman-linux-amd64/usr/local/bin/podman version
Error: could not find a working conmon binary (configured options: [/usr/libexec/podman/conmon /usr/local/libexec/podman/conmon /usr/local/lib/podman/conmon /usr/bin/conmon /usr/sbin/conmon /usr/local/bin/conmon /usr/local/sbin/conmon /run/current-system/sw/bin/conmon]: invalid argument)
is there something I can do to fix this without having sudo / root ?
Thank you for building and sharing this.
version 3.3.1
All commands I have tried other than -v
give me:
Error: error configuring CNI network plugin: exec: "nsenter": executable file not found in $PATH
So I need to separately install the nsenter CNI plugin?
why podman-static not include catatonit?
root@node01:~# podman version
Client: Podman Engine
Version: 4.4.2
API Version: 4.4.2
Go Version: go1.18.10
Built: Thu Jan 1 08:00:00 1970
OS/Arch: linux/amd64
this work
curl -sLo /usr/libexec/podman/catatonit https://github.com/openSUSE/catatonit/releases/download/v0.1.7/catatonit.x86_64
chmod +x /usr/libexec/podman/catatonit
podman v4.5.1 released
Would you be open to a PR to add netavark and aardvark-dns?
When running podman run --rm --privileged mgoltzsche/podman:4.9.4 podman system info | grep seccompProfile
the output is
seccompProfilePath: ""
but with the official (?) podman image podman run --rm --privileged podman:latest podman system info | grep seccompProfile
the output is
seccompProfilePath: /usr/share/containers/seccomp.json
Does this mean there is no seccomp profile in effect? I read through the podman source code and I couldn't find a hard-coded default so I think it might be relying on this file to exist (might be worth double-checking my reading of the code though!)
Description
The bottom layer of the Android architecture is based on the Linux kernel, so I want to run container on the Android-x86 platform, just for fun.
I added the Linux kernel compilation option to make Android-x86 support Linux container features. I copied all Docker static executable files (such as docker, dockerd, docker-init, docker-proxy, containerd, containerd-shim, runc ...) to Android-x86. After configuration, I can be Run Docker perfectly on Android-x86.
I think Podman is better than Docker, so I hope to use Podman on Android-x86. Similar to before, I get all statically compiled executable files through the podman-static project(https://github.com/mgoltzsche/podman-static). After compiling, I got statically compiled files: podman, buildah, comon, slirp4netns, cniplugins, runc, fuse-overlayfs, fusermount3 ... Then, I configured these files correctly. However, when I ran podman info
, I encountered the error "failed to create 2048 locks in / libpod_lock"
Steps to reproduce the issue:
1.Statically compile all x86_64 executable files related to podman.
2.Use the adb push
command to copy the file into Android-x86.
3.Run podman --log-level debug info
command.
Describe the results you received:
DEBU[0000] Found deprecated file /etc/containers/libpod.conf, please remove. Use /etc/containers/containers.conf to override defaults.
DEBU[0000] Reading configuration file "/etc/containers/libpod.conf"
DEBU[0000] Using conmon: "/usr/libexec/podman/conmon"
DEBU[0000] Initializing boltdb state at /var/lib/containers/storage/libpod/bolt_state.db
DEBU[0000] Using graph driver
DEBU[0000] Using graph root /var/lib/containers/storage
DEBU[0000] Using run root /var/run/containers/storage
DEBU[0000] Using static dir /var/lib/containers/storage/libpod
DEBU[0000] Using tmp dir /var/run/libpod
DEBU[0000] Using volume path /var/lib/containers/storage/volumes
DEBU[0000] Set libpod namespace to ""
DEBU[0000] cached value indicated that overlay is supported
DEBU[0000] cached value indicated that metacopy is being used
DEBU[0000] cached value indicated that native-diff is not being used
WARN[0000] Not using native diff for overlay, this may cause degraded performance for building images: kernel has CONFIG_OVERLAY_FS_REDIRECT_DIR enabled
DEBU[0000] backingFs=tmpfs, projectQuotaSupported=false, useNativeDiff=false, usingMetacopy=true
INFO[0000] [graphdriver] using prior storage driver: overlay
DEBU[0000] Initializing event backend file
DEBU[0000] using runtime "/usr/local/bin/runc"
DEBU[0000] using runtime "/bin/crun"
WARN[0000] Error initializing configured OCI runtime kata: no valid executable found for OCI runtime kata: invalid argument
INFO[0000] Found CNI network podman (type=bridge) at /etc/cni/net.d/87-podman-bridge.conflist
WARN[0000] Default CNI network name podman is unchangeable
ERRO[0000] could not get runtime: failed to get new shm lock manager: failed to create 2048 locks in /libpod_lock: no such file or directory
Describe the results you expected:
I hope podman will work fine under Android-x86.
Output of podman version
:
Version: 1.9.0
RemoteAPI Version: 1
Go Version: go1.14.2
OS/Arch: linux/amd64
Output of podman info --debug
:
Error: could not get runtime: failed to get new shm lock manager: failed to create 2048 locks in /libpod_lock: no such file or directory
Package info (e.g. output of rpm -q podman
or apt list podman
):
RUNC_VERSION=v1.0.0-rc10
PODMAN_VERSION=v1.9.0
CONMON_VERSION=v2.0.15
CNI_PLUGIN_VERSION=v0.8.5
SLIRP4NETNS_VERSION=v0.4.4
LIBFUSE_VERSION=fuse-3.9.1
FUSEOVERLAYFS_VERSION=v0.4.1
BUILDAH_VERSION=v1.14.8
Additional environment details (AWS, VirtualBox, physical, etc.):
My machine: macOS High Sierra v10.13.6
Android-x86 runs in Virtualbox VM, and the Android version is Andoird 9.0 (Pie).
The Linux kernel information for Android-x86 is:
Linux localhost 4.19.80-android-x86_64-g914c6a31d738-dirty # 13 SMP PREEMPT Fri Dec 20 17:16:20 CST 2019 x86_64
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.