[Podman] Re: Anyone got ZeroTier working in podman containers?

On 3/17/20 12:48, Philip Rhoades wrote: > Daniel, > > > On 2020-03-17 01:30, Daniel Walsh wrote: >> On 3/16/20 09:07, Philip Rhoades wrote: >>> People, >>> >>> I am just starting to make real use of podman containers but, for >>> one >>> particular exercise, it would be convenient if I could use zerotier >>> in >>> one of the containers but I get: >>> >>> [root@1c15d54fa274 /]# zerotier-cli info >>> zerotier-cli: missing port and zerotier-one.port not found in >>> /var/lib/zerotier-one >>> >>> - it works for other, non-container, devices - as well as VMs on >>> KVM. >>> >>> Thanks, >>> >>> Phil. >> >> How did you package up zerotier?  This looks like the installation >> within the container image failed to install /var/lib/zerotier-one? > > > I used this (which, as I said, worked fine for all the other > non-container environments): > > curl -s > 'https://raw.githubusercontent.com/zerotier/ZeroTierOne/master/doc/contact%40zerotier.com.gpg' > | gpg --import && if z=$(curl -s 'https://install.zerotier.com/' | > gpg); then echo "$z" | sudo bash; fi > > Thanks, > > Phil. I ran ##################################################### $ podman run -ti fedora sh # curl -s 'https://raw.githubusercontent.com/zerotier/ZeroTierOne/master/doc/contact%40zerotier.com.gpg' | gpg --import && if z=$(curl -s 'https://install.zerotier.com/' | gpg); then echo "$z" | sudo bash; fi ... *** Enabling and starting zerotier-one service... Created symlink /etc/systemd/system/multi-user.target.wants/zerotier-one.service → /usr/lib/systemd/system/zerotier-one.service. System has not been booted with systemd as init system (PID 1). Can't operate. Failed to connect to bus: Host is down *** Package installed but cannot start service! You may be in a Docker *** container or using a non-standard init service. # # zerotier-cli info zerotier-cli: missing port and zerotier-one.port not found in /var/lib/zerotier-one ####################################################### This looks like the script is attempting to start a service inside of the container via systemd, which does not exists.  However if I do: ##################################################### $ podman run -d fedora /sbin/init 8f841ca46ceda9d5452eca2b0459029272dc5898eb2bea4ccefa81efa076c8eb $ podman exec -ti 8f841ca46ceda9d5452eca2b0459029272dc5898eb2bea4ccefa81efa076c8eb # curl -s 'https://raw.githubusercontent.com/zerotier/ZeroTierOne/master/doc/contact%40zerotier.com.gpg' | gpg --import && if z=$(curl -s 'https://install.zerotier.com/' | gpg); then echo "$z" | sudo bash; fi ... *** Enabling and starting zerotier-one service... Created symlink /etc/systemd/system/multi-user.target.wants/zerotier-one.service → /usr/lib/systemd/system/zerotier-one.service. *** Waiting for identity generation... *** Success! You are ZeroTier address [ a8057b16e9 ]. #  zerotier-cli info 200 info a8057b16e9 1.4.6 OFFLINE # systemctl status zerotier-one ● zerotier-one.service - ZeroTier One    Loaded: loaded (/usr/lib/systemd/system/zerotier-one.service; enabled; vendor preset: disabled)    Active: active (running) since Tue 2020-03-17 17:33:23 UTC; 4min 23s ago  Main PID: 145 (zerotier-one)    CGroup: /user.slice/user-3267.slice/user(a)3267.service/apps.slice/apps-org.gnome.Terminal.slice/vte-spawn-6856c47f-79c0-49a8-8004-771d446b888b.scope/8f841ca46ceda9d5452eca2b0459029272dc589 8eb2bea4ccefa81efa076c8eb/system.slice/zerotier-one.service            └─145 /usr/sbin/zerotier-one Mar 17 17:33:23 8f841ca46ced systemd[1]: Started ZeroTier One. Mar 17 17:33:23 8f841ca46ced zerotier-one[145]: /usr/sbin/zerotier-one: WARNING: failed to drop privileges (kernel may not support required prctl features), running as root Mar 17 17:33:41 8f841ca46ced zerotier-one[145]: recv: Connection reset by peer Mar 17 17:33:41 8f841ca46ced zerotier-one[145]: recv: Connection reset by peer Mar 17 17:33:41 8f841ca46ced zerotier-one[145]: recv: Connection reset by peer Mar 17 17:33:41 8f841ca46ced zerotier-one[145]: recv: Connection reset by peer Mar 17 17:33:41 8f841ca46ced zerotier-one[145]: recv: Connection reset by peer Mar 17 17:33:41 8f841ca46ced zerotier-one[145]: recv: Connection reset by peer ###################################################### If you run the container with systemd running inside it and then exec into the container your script will work, since it will communicate with systemd to start the service