4:22 a.m.
Hello,
I have setup 3 rootless containers in a pod and now want to expose ports on two containers
to the outside world.
I have tried:
podman pod create \
--name "${ABCPOD}" \
--label "${ABCPOD}" \
--network slirp4netns:port_handler=slirp4netns \
--publish 8080:8080
but now the container exposing port 8080 is failing to get created.
How do I create rootless pods and then expose the networking?
Thank you in advance.
Regards
S
Sent with [Proton Mail](https://proton.me/mail/home) secure email.
9:51 a.m.
I don't think I have enough information to give you a definitive answer,
especially because you don't provide the commands for creating/running the
containers. If you do so, maybe we can give better answers. That said, I
don't tend to think of containers exposing ports inside the pod; I
prefer to just think that the pod exposes the ports. And remember to
configure the ports on the creation of the pod for all your needs.
On Sat, Oct 26, 2024 at 3:23 AM openbidaaz via Podman <
podman(a)lists.podman.io> wrote:
Hello,
I have setup 3 rootless containers in a pod and now want to expose ports
on two containers to the outside world.
I have tried:
podman pod create \
--name "${ABCPOD}" \
--label "${ABCPOD}" \
--network slirp4netns:port_handler=slirp4netns \
--publish 8080:8080
but now the container exposing port 8080 is failing to get created.
How do I create rootless pods and then expose the networking?
Thank you in advance.
Regards
S
Sent with Proton Mail <https://proton.me/mail/home> secure email.
_______________________________________________
Podman mailing list -- podman(a)lists.podman.io
To unsubscribe send an email to podman-leave(a)lists.podman.io
--
Brent Baude
Container Runtimes, Podman Architect
https://github.com/containers/podman
11:36 a.m.
Hello,
Thank you for your response.
I based my Podman script upon this Docker script:
https://www.kennethballard.com/?p=9410
So the Rootful scripts which works is:
____________________
#!/bin/bash
#---------------------- Set Variables ----------------------
# Set MySQL Docker Container Version
#MYSQL="docker.io/mysql:lts-oraclelinux9"
MYSQL="docker.io/mysql"
# Set MySWL Volune Name
MYSQLVOLUMEID="guacamole-sql-data"
# Set Containers Network Subnet
CONTAINERSUBNET=192.168.33.0/24
# Set Containers Network Gateway
CONTAINERGATEWAY=192.168.33.1
# Set Container Network Name
CONTAINERNETWORKNAME="guacnet"
# Set MySQL Root Password
SQLRTPASSWORD="Obix01@"
# Set MYSQL User Name
SQLUSRNAME="xibo"
# Set MYSQL User Password
echo Contacting Random.org for new 16-character passwords for MySQL root and Guacamole
users.
root_secure_password=$(curl -s
"https://www.random.org/strings/?num=1&len=16&digits=on&upperalpha=on&loweralpha=on&unique=on&format=plain&rnd=new")
guac_secure_password=$(curl -s
"https://www.random.org/strings/?num=1&len=16&digits=on&upperalpha=on&loweralpha=on&unique=on&format=plain&rnd=new")
SQLRTPASSWORD=$root_secure_password
# SQL Create Command
sql_create="\
ALTER USER 'root'@'localhost' \
IDENTIFIED BY '$SQLRTPASSWORD'; \
CREATE DATABASE guacamole_db; \
CREATE USER 'guacamole_user'@'%' \
IDENTIFIED BY '$guac_secure_password'; \
GRANT SELECT,INSERT,UPDATE,DELETE \
ON guacamole_db.* \
TO 'guacamole_user'@'%'; \
FLUSH PRIVILEGES;"
# Set Database Container IP Address
DBCIP=192.168.33.2
#---------------------- Create Local Container Volumes ----------------------
echo Create MySQL Volume
sudo podman volume create $MYSQLVOLUMEID
#---------------------- Create Local Container Network ----------------------
echo Create Container Network
sudo podman network create --subnet $CONTAINERSUBNET --gateway $CONTAINERGATEWAY --label
mykey=$CONTAINERNETWORKNAME $CONTAINERNETWORKNAME
#---------------------- Pull Official MySQL Image From Docker Hub ----------------------
echo Pulling latest stable Docker image for MySQL.
sudo podman pull $MYSQL
#---------------------- Create MYSQL Container ----------------------
sudo podman run -d \
--name guacmysql \
-e MYSQL_ROOT_PASSWORD=$SQLRTPASSWORD \
-v guacmysql-data:/var/lib/mysql \
--network $CONTAINERNETWORKNAME \
--ip 192.168.33.2 \
--restart unless-stopped \
$MYSQL
echo Wait 30 seconds for MySQL to complete start up.
sudo sleep 30
echo Initialise MySQL database
echo sql_create
# sudo podman exec guacmysql \
# mysql --user=root --password=$SQLRTPASSWORD -e "$sql_create"
sudo podman exec guacmysql \
mysql --user=root --password=$SQLRTPASSWORD -e "$sql_create"
echo init
sudo podman exec guacmysql \
mysql --user=root --password=$SQLRTPASSWORD \
--database=guacamole_db \
-e "$(sudo podman run --rm $GUACAMOLE /opt/guacamole/bin/initdb.sh --mysql)"
echo SQL Root Password = $SQLRTPASSWORD
echo guac usr = $guac_secure_password
echo Done.
____________________
Then I adjusted and tried rootless with a Pod:
____________________
#!/bin/bash
#---------------------- Set Variables ----------------------
# Set Guacamole Docker Container Version
GUACAMOLE="docker.io/guacamole/guacamole:1.5.5"
# Set GuacD Docker Container Version
GUACD="docker.io/guacamole/guacd:1.5.5"
# Set MySQL Docker Container Version
MYSQL="docker.io/mysql:lts"
#MYSQL="docker.io/mysql"
# Set MySWL Volune Name
MYSQLVOLUMEID="guacamole-sql-data"
# Set Containers Network Subnet
CONTAINERSUBNET=192.168.33.0/24
# Set Containers Network Gateway
CONTAINERGATEWAY=192.168.33.1
# Set Container Network Name
CONTAINERNETWORKNAME="guacnet"
# Set Database Container IP Address
DBCIP=192.168.33.2
# Set MySQL Root Password
SQLRTPASSWORD="Obix01@"
# Set MYSQL User Name
SQLUSRNAME="guacamole_user"
# Set MYSQL User Password
# SQLUSRPASSWORD="Xibo01@"
# Set MYSQL User Password
echo Contacting Random.org for new 16-character passwords for MySQL root and Guacamole
users.
root_secure_password=$(curl -s
"https://www.random.org/strings/?num=1&len=16&digits=on&upperalpha=on&loweralpha=on&unique=on&format=plain&rnd=new")
guac_secure_password=$(curl -s
"https://www.random.org/strings/?num=1&len=16&digits=on&upperalpha=on&loweralpha=on&unique=on&format=plain&rnd=new")
SQLRTPASSWORD=$root_secure_password
# SQL Create Command
sql_create="\
ALTER USER 'root'@'localhost' \
IDENTIFIED BY '$SQLRTPASSWORD'; \
CREATE DATABASE guacamole_db; \
CREATE USER 'guacamole_user'@'%' \
IDENTIFIED BY '$guac_secure_password'; \
GRANT SELECT,INSERT,UPDATE,DELETE \
ON guacamole_db.* \
TO 'guacamole_user'@'%'; \
FLUSH PRIVILEGES;"
# Set Database Container IP Address
DBCIP=192.168.33.2
# Set GuacD Container IP Address
GUACDIP=192.168.33.3
# Set Guacamole Container IP Address
GUACIP=192.168.33.4
# Pod Name
export GuacPOD="GuacPod01"
#---------------------- Create Local Container Volumes ----------------------
echo Create MySQL Volume
podman volume create $MYSQLVOLUMEID
#---------------------- Create Local Container Network ----------------------
echo Create Container Network
podman network create --subnet $CONTAINERSUBNET --gateway $CONTAINERGATEWAY --label
mykey=$CONTAINERNETWORKNAME $CONTAINERNETWORKNAME
#---------------------- Create Pod ----------------------
echo Create Pod
podman pod create \
--name "${GuacPOD}" \
--label "${GuacPOD}" \
--network slirp4netns:port_handler=slirp4netns \
--publish 9090:8080
echo Start Pod
podman pod start "${GuacPOD}"
#---------------------- Pull Official Guacamole Image From Docker Hub
----------------------
echo Pulling latest stable Docker image for Guacamole.
podman pull $GUACAMOLE
#---------------------- Pull Official GuacD Image From Docker Hub ----------------------
echo Pulling latest stable Docker image for Guacd.
podman pull $GUACD
#---------------------- Pull Official MySQL Image From Docker Hub ----------------------
echo Pulling latest stable Docker image for MySQL.
podman pull $MYSQL
#---------------------- Create MYSQL Container ----------------------
podman run -d \
--name guac-mysql \
-e MYSQL_ROOT_PASSWORD=$SQLRTPASSWORD \
-v guac-mysql-data:/var/lib/mysql \
--network $CONTAINERNETWORKNAME \
--ip 192.168.33.2 \
--restart unless-stopped \
-p 3306:3306 \
--pod="${GuacPOD}" \
$MYSQL
echo Wait 60 seconds for MySQL to complete start up.
sleep 60
echo Initialise MySQL database
# podman exec guac-mysql \
# mysql --user=root --password=$SQLRTPASSWORD -e "$sql_create"
podman exec guac-mysql \
mysql --user=root --password=$SQLRTPASSWORD -e "$sql_create"
podman exec guac-mysql \
mysql --user=root --password=$SQLRTPASSWORD \
--database=guacamole_db \
-e "$(podman run --rm $GUACAMOLE /opt/guacamole/bin/initdb.sh --mysql)"
echo Creating GuacD container
podman run -d \
--name guacd \
--network $CONTAINERNETWORKNAME \
--ip 192.168.33.3 \
--restart unless-stopped \
-p 4822:4822 \
--pod="${GuacPOD}" \
$GUACD
echo Creating Guacamole container
podman run -d \
--name guacamole \
--network $CONTAINERNETWORKNAME \
--ip 192.168.33.4 \
--restart unless-stopped \
-e GUACD_HOSTNAME=192.168.33.3 \
-e GUACD_PORT=4822 \
-e MYSQL_HOSTNAME=192.168.33.2 \
-e MYSQL_DATABASE=guacamole_db \
-e MYSQL_USER='root'@'localhost' \
-e MYSQL_PASSWORD=$SQLRTPASSWORD \
-e TOTP_ENABLED='true' \
-p 8080:8080 \
--pod="${GuacPOD}" \
$GUACAMOLE
echo SQL Root Password = $SQLRTPASSWORD
echo guac usr = $guac_secure_password
echo Done.
____________________
I also tried with the default Pasta networking:
____________________
#!/bin/bash
#---------------------- Set Variables ----------------------
# Set Guacamole Docker Container Version
GUACAMOLE="docker.io/guacamole/guacamole:1.5.5"
# Set GuacD Docker Container Version
GUACD="docker.io/guacamole/guacd:1.5.5"
# Set MySQL Docker Container Version
MYSQL="docker.io/mysql:lts"
#MYSQL="docker.io/mysql"
# Set MySWL Volune Name
MYSQLVOLUMEID="guacamole-sql-data"
# Set Containers Network Subnet
CONTAINERSUBNET=192.168.33.0/24
# Set Containers Network Gateway
CONTAINERGATEWAY=192.168.33.1
# Set Container Network Name
CONTAINERNETWORKNAME="guacnet"
# Set Database Container IP Address
DBCIP=192.168.33.2
# Set MySQL Root Password
SQLRTPASSWORD="Obix01@"
# Set MYSQL User Name
SQLUSRNAME="guacamole_user"
# Set MYSQL User Password
# SQLUSRPASSWORD="Xibo01@"
# Set MYSQL User Password
echo Contacting Random.org for new 16-character passwords for MySQL root and Guacamole
users.
root_secure_password=$(curl -s
"https://www.random.org/strings/?num=1&len=16&digits=on&upperalpha=on&loweralpha=on&unique=on&format=plain&rnd=new")
guac_secure_password=$(curl -s
"https://www.random.org/strings/?num=1&len=16&digits=on&upperalpha=on&loweralpha=on&unique=on&format=plain&rnd=new")
SQLRTPASSWORD=$root_secure_password
# SQL Create Command
sql_create="\
ALTER USER 'root'@'localhost' \
IDENTIFIED BY '$SQLRTPASSWORD'; \
CREATE DATABASE guacamole_db; \
CREATE USER 'guacamole_user'@'%' \
IDENTIFIED BY '$guac_secure_password'; \
GRANT SELECT,INSERT,UPDATE,DELETE \
ON guacamole_db.* \
TO 'guacamole_user'@'%'; \
FLUSH PRIVILEGES;"
# Set Database Container IP Address
DBCIP=192.168.33.2
# Set GuacD Container IP Address
GUACDIP=192.168.33.3
# Set Guacamole Container IP Address
GUACIP=192.168.33.4
# Pod Name
export GuacPOD="GuacPod01"
#---------------------- Create Local Container Volumes ----------------------
echo Create MySQL Volume
podman volume create $MYSQLVOLUMEID
#---------------------- Create Local Container Network ----------------------
echo Create Container Network
podman network create --subnet $CONTAINERSUBNET --gateway $CONTAINERGATEWAY --label
mykey=$CONTAINERNETWORKNAME $CONTAINERNETWORKNAME
#---------------------- Create Pod ----------------------
echo Create Pod
podman pod create \
--name "${GuacPOD}" \
--label "${GuacPOD}" \
--publish 9090:8080
echo Start Pod
podman pod start "${GuacPOD}"
#---------------------- Pull Official Guacamole Image From Docker Hub
----------------------
echo Pulling latest stable Docker image for Guacamole.
podman pull $GUACAMOLE
#---------------------- Pull Official GuacD Image From Docker Hub ----------------------
echo Pulling latest stable Docker image for Guacd.
podman pull $GUACD
#---------------------- Pull Official MySQL Image From Docker Hub ----------------------
echo Pulling latest stable Docker image for MySQL.
podman pull $MYSQL
#---------------------- Create MYSQL Container ----------------------
podman run -d \
--name guac-mysql \
-e MYSQL_ROOT_PASSWORD=$SQLRTPASSWORD \
-v guac-mysql-data:/var/lib/mysql \
--network $CONTAINERNETWORKNAME \
--ip 192.168.33.2 \
--restart unless-stopped \
-p 3306:3306 \
--pod="${GuacPOD}" \
$MYSQL
echo Wait 60 seconds for MySQL to complete start up.
sleep 60
echo Initialise MySQL database
# podman exec guac-mysql \
# mysql --user=root --password=$SQLRTPASSWORD -e "$sql_create"
podman exec guac-mysql \
mysql --user=root --password=$SQLRTPASSWORD -e "$sql_create"
podman exec guac-mysql \
mysql --user=root --password=$SQLRTPASSWORD \
--database=guacamole_db \
-e "$(podman run --rm $GUACAMOLE /opt/guacamole/bin/initdb.sh --mysql)"
echo Creating GuacD container
podman run -d \
--name guacd \
--network $CONTAINERNETWORKNAME \
--ip 192.168.33.3 \
--restart unless-stopped \
-p 4822:4822 \
--pod="${GuacPOD}" \
$GUACD
echo Creating Guacamole container
podman run -d \
--name guacamole \
--network $CONTAINERNETWORKNAME \
--ip 192.168.33.4 \
--restart unless-stopped \
-e GUACD_HOSTNAME=192.168.33.3 \
-e GUACD_PORT=4822 \
-e MYSQL_HOSTNAME=192.168.33.2 \
-e MYSQL_DATABASE=guacamole_db \
-e MYSQL_USER=$SQLUSRNAME \
-e MYSQL_PASSWORD=$guac_secure_password \
-e TOTP_ENABLED='true' \
-p 8080:8080 \
--pod="${GuacPOD}" \
$GUACAMOLE
echo SQL Root Password = $SQLRTPASSWORD
echo guac usr = $guac_secure_password
echo Done.
____________________
I have tried accessing Guacamole from http://<host ip address>:8080/guacamole/
I also tried http://<host ip address>:9090/guacamole/
I assume I need to use Pasta ahead of slirp4netns as the latter maybe deprecated.
Thank you in advance for your help.
Regards,
2:35 a.m.
Once you've exposed ports from the *pod*, that port is exposed from all
containers in that pod; you can't specify --publish on the individual
containers.
On Sat, Oct 26, 2024 at 1:23 AM openbidaaz via Podman <
podman(a)lists.podman.io> wrote:
Hello,
I have setup 3 rootless containers in a pod and now want to expose ports
on two containers to the outside world.
I have tried:
podman pod create \
--name "${ABCPOD}" \
--label "${ABCPOD}" \
--network slirp4netns:port_handler=slirp4netns \
--publish 8080:8080
but now the container exposing port 8080 is failing to get created.
How do I create rootless pods and then expose the networking?
Thank you in advance.
Regards
S
Sent with Proton Mail <https://proton.me/mail/home> secure email.
_______________________________________________
Podman mailing list -- podman(a)lists.podman.io
To unsubscribe send an email to podman-leave(a)lists.podman.io
16
days inactive
19
days old
3 comments
4 participants
participants (4)
-
Brent Baude -
openbidaaz -
openbidaaz@protonmail.com
-
Robin Powell