[Podman] Re: Anyone got ZeroTier working in podman containers? - First prob resolved, next Q

On 2020-03-18 05:44, Philip Rhoades wrote: > Daniel, > > > On 2020-03-18 04:38, Daniel Walsh wrote: >> On 3/17/20 12:48, Philip Rhoades wrote: >>> Daniel, >>> >>> >>> On 2020-03-17 01:30, Daniel Walsh wrote: >>>> On 3/16/20 09:07, Philip Rhoades wrote: >>>>> People, >>>>> >>>>> I am just starting to make real use of podman containers but, for >>>>> one >>>>> particular exercise, it would be convenient if I could use >>>>> zerotier in >>>>> one of the containers but I get: >>>>> >>>>> [root@1c15d54fa274 /]# zerotier-cli info >>>>> zerotier-cli: missing port and zerotier-one.port not found in >>>>> /var/lib/zerotier-one >>>>> >>>>> - it works for other, non-container, devices - as well as VMs on >>>>> KVM. >>>>> >>>>> Thanks, >>>>> >>>>> Phil. >>>> >>>> How did you package up zerotier?  This looks like the installation >>>> within the container image failed to install /var/lib/zerotier-one? >>> >>> >>> I used this (which, as I said, worked fine for all the other >>> non-container environments): >>> >>> curl -s >>> 'https://raw.githubusercontent.com/zerotier/ZeroTierOne/master/doc/contact%40zerotier.com.gpg' >>> >>> | gpg --import && if z=$(curl -s 'https://install.zerotier.com/' | >>> gpg); then echo "$z" | sudo bash; fi >>> >>> Thanks, >>> >>> Phil. >> >> I ran >> >> ##################################################### >> >> $ podman run -ti fedora sh >> >> # curl -s >> 'https://raw.githubusercontent.com/zerotier/ZeroTierOne/master/doc/contact%40zerotier.com.gpg' >> >> | gpg --import && if z=$(curl -s 'https://install.zerotier.com/' | >> gpg); >> then echo "$z" | sudo bash; fi >> >> ... >> >> *** Enabling and starting zerotier-one service... >> Created symlink >> /etc/systemd/system/multi-user.target.wants/zerotier-one.service → >> /usr/lib/systemd/system/zerotier-one.service. >> System has not been booted with systemd as init system (PID 1). Can't >> operate. >> Failed to connect to bus: Host is down >> >> *** Package installed but cannot start service! You may be in a Docker >> *** container or using a non-standard init service. >> >> # # zerotier-cli info >> zerotier-cli: missing port and zerotier-one.port not found in >> /var/lib/zerotier-one >> >> ####################################################### >> >> >> This looks like the script is attempting to start a service inside of >> the container via systemd, which does not exists.  >> >> However if I do: >> >> >> ##################################################### >> >> $ podman run -d fedora /sbin/init >> >> 8f841ca46ceda9d5452eca2b0459029272dc5898eb2bea4ccefa81efa076c8eb >> >> $ podman exec -ti >> 8f841ca46ceda9d5452eca2b0459029272dc5898eb2bea4ccefa81efa076c8eb >> >> # curl -s >> 'https://raw.githubusercontent.com/zerotier/ZeroTierOne/master/doc/contact%40zerotier.com.gpg' >> >> | gpg --import && if z=$(curl -s 'https://install.zerotier.com/' | >> gpg); >> then echo "$z" | sudo bash; fi >> >> ... >> >> *** Enabling and starting zerotier-one service... >> Created symlink >> /etc/systemd/system/multi-user.target.wants/zerotier-one.service → >> /usr/lib/systemd/system/zerotier-one.service. >> >> *** Waiting for identity generation... >> >> *** Success! You are ZeroTier address [ a8057b16e9 ]. >> >> #  zerotier-cli info >> 200 info a8057b16e9 1.4.6 OFFLINE >> >> # systemctl status zerotier-one >> ● zerotier-one.service - ZeroTier One >>    Loaded: loaded (/usr/lib/systemd/system/zerotier-one.service; >> enabled; vendor preset: disabled) >>    Active: active (running) since Tue 2020-03-17 17:33:23 UTC; 4min >> 23s ago >>  Main PID: 145 (zerotier-one) >>    CGroup: >> /user.slice/user-3267.slice/user(a)3267.service/apps.slice/apps-org.gnome.Terminal.slice/vte-spawn-6856c47f-79c0-49a8-8004-771d446b888b.scope/8f841ca46ceda9d5452eca2b0459029272dc589 >> >> 8eb2bea4ccefa81efa076c8eb/system.slice/zerotier-one.service >>            └─145 /usr/sbin/zerotier-one >> >> Mar 17 17:33:23 8f841ca46ced systemd[1]: Started ZeroTier One. >> Mar 17 17:33:23 8f841ca46ced zerotier-one[145]: /usr/sbin/zerotier-one: >> WARNING: failed to drop privileges (kernel may not support required >> prctl features), running as root >> Mar 17 17:33:41 8f841ca46ced zerotier-one[145]: recv: Connection reset >> by peer >> Mar 17 17:33:41 8f841ca46ced zerotier-one[145]: recv: Connection reset >> by peer >> Mar 17 17:33:41 8f841ca46ced zerotier-one[145]: recv: Connection reset >> by peer >> Mar 17 17:33:41 8f841ca46ced zerotier-one[145]: recv: Connection reset >> by peer >> Mar 17 17:33:41 8f841ca46ced zerotier-one[145]: recv: Connection reset >> by peer >> Mar 17 17:33:41 8f841ca46ced zerotier-one[145]: recv: Connection reset >> by peer >> >> ###################################################### >> >> >> If you run the container with systemd running inside it and then exec >> into the container your script will work, since it will communicate >> with >> systemd to start the service > > > Oh wow!  Thanks so much for that! - and I learnt a bit more about > podman . . OK, now I should be able to use ZeroTier to ssh to the container but although I have installed and started the sshd server and allowed a root login I get: # ssh 10.147.18.191 ssh: connect to host 10.147.18.191 port 22: No route to host I can ssh to other (non container) ZT IPs OK . . Thanks, Phil.