more docs pedantry: "Exit Status" in "podman-rmi" (and others) all underlines
by Robert P. J. Day
just noticed that some of the man pages strangely format the "Exit
Status" sections, such as this example from "podman-rmi" (v1.7.0):
Exit Status
0 if all specified images removed 1 if one of the specified
images did not exist, and no other failures 2 if one of the
specified images has child images or is being used by a con‐
tainer 125 if the command fails for a reason other than an
image did not exist or is in use
while you can't tell here, "man podman-rmi" renders that entire
section of text underlined. the markdown source is:
## Exit Status
**_0_** if all specified images removed
**_1_** if one of the specified images did not exist, and no other failures
**_2_** if one of the specified images has child images or is being used by a container
**_125_** if the command fails for a reason other than an image did not exist or is in use
it seems that any man page whose markdown under that section that
starts with:
**_###_** ...
underlines the entirety of each entry. (if it's supposed to do that,
then it kind of looks just weird, as with "man podman-rmi").
thoughts?
rday
p.s. "man podman-rmi" is slightly broken anyway because of:
Remove an image and its associated containers.
```
podman rmi --force imageID
```` [TOO MANY BACKQUOTES]
Remove multiple images by their shortened IDs.
```
but i'll submit a fix for that.
rday
4 years, 3 months
"podman images" --sort option seems awfully forgiving
by Robert P. J. Day
while "man podman-images" states that "created" is the default key
for sorting images, it apparently does not point out that *any*
invalid sort criteria you specify will use the sort criteria of
"created".
i noticed this when i mistyped the sort criteria and, to my
surprise, it worked fine, which now makes sense given the code in
images.go:
func sortImagesOutput(sortBy string, imagesOutput imagesSorted)
imagesSorted {
switch sortBy {
case "id":
sort.Sort(imagesSortedID{imagesOutput})
case "size":
sort.Sort(imagesSortedSize{imagesOutput})
case "tag":
sort.Sort(imagesSortedTag{imagesOutput})
case "repository":
sort.Sort(imagesSortedRepository{imagesOutput})
default:
// default is created time
sort.Sort(imagesSortedCreated{imagesOutput})
is that the intended behaviour? it caught me a bit off-guard.
rday
--
========================================================================
Robert P. J. Day Ottawa, Ontario, CANADA
http://crashcourse.ca
Twitter: http://twitter.com/rpjday
LinkedIn: http://ca.linkedin.com/in/rpjday
========================================================================
4 years, 3 months
Running a container built w/ uid:nobody as a system user?
by karl@touchpoint.io
Hi all.
I have created a system user on a host and I am trying to run the prometheus container under this user. The prometheus container has been built to use `nobody` for user/group:
https://github.com/prometheus/prometheus/blob/master/Dockerfile
Which on my system is:
```
$ id nobody
uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)
```
But i am not able to pull this image:
```
prometheus@my-host:/home/my-user$ /usr/bin/podman run --rm --publish 9090:9090 --volume=/etc/prometheus:/etc/prometheus --storage-opt ignore_chown_errors prom/prometheus:v2.15.2
Trying to pull docker.io/prom/prometheus:v2.15.2...
Getting image source signatures
Copying blob 777554bd8f5f done
Copying blob b1fd22a632bd done
Copying blob 0b9be5b44b0b done
Copying blob 0f8c40e1270f done
Copying blob 626a2a3fee8c done
Copying blob 2fa3c248a32e done
Copying blob 537aa55b0cd8 done
Copying blob 51148e52a043 done
Copying blob 764607aff129 done
Copying blob 340dd5e6b5d3 done
Copying blob 02800ddf4bd5 done
Copying blob 6fd47d0ba3e2 done
Copying config b715301fa5 done
Writing manifest to image destination
Storing signatures
ERRO[0005] Error while applying layer: ApplyLayer exit status 1 stdout: stderr: there might not be enough IDs available in the namespace (requested 65534:65534 for /home): lchown /home: invalid argument
ApplyLayer exit status 1 stdout: stderr: there might not be enough IDs available in the namespace (requested 65534:65534 for /home): lchown /home: invalid argument
Error: unable to pull prom/prometheus:v2.15.2: 1 error occurred:
* Error committing the finished image: error adding layer with blob "sha256:0f8c40e1270f10d085dda8ce12b7c5b17cd808f055df5a7222f54837ca0feae0": ApplyLayer exit status 1 stdout: stderr: there might not be enough IDs available in the namespace (requested 65534:65534 for /home): lchown /home: invalid argument
```
Note: The same error happens w/ and w/o the `--storage-opt ignore_chown_error` which i picked up from
https://www.redhat.com/sysadmin/rootless-podman
while trying to understand/fix the error.
The user:
```
prometheus@my-host:/home/my-user$ whoami
prometheus
prometheus@my-host:/home/my-user$ id
uid=995(prometheus) gid=1008(prometheus) groups=1008(prometheus)
prometheus@my-host:/home/my-user$
```
The u/gid maps:
```
prometheus@my-host:/home/my-user$ cat /etc/subuid
lxd:100000:65536
root:100000:65536
my-user:165536:65536
prometheus:231072:65536
prometheus@my-host:/home/my-user$ cat /etc/subgid
lxd:100000:65536
root:100000:65536
my-user:165536:65536
prometheus:231072:65536
```
What am I missing?
4 years, 3 months
weird behaviour with "podman inspect", "--size" option
by Robert P. J. Day
not sure what that option should do related to that command, but the
man page reads:
--size, -s
Display the total file size if the type is a container
however, i tried this with a running container:
$ podman inspect --size -t=container d1218680819b
and got what appears to be full output regarding that container. what
output should i expect with "podman inspect --size <containerID>"? am
i misreading something?
rday
--
========================================================================
Robert P. J. Day Ottawa, Ontario, CANADA
http://crashcourse.ca
Twitter: http://twitter.com/rpjday
LinkedIn: http://ca.linkedin.com/in/rpjday
========================================================================
4 years, 3 months
how podman differs from docker in ctr process running as root?
by Robert P. J. Day
colleague just presented me with this question ... he was following
an example that showed how, when started with docker, a process
running as root in the container was also running as root on the host.
the example he showed me was to fire up an alpine image, verify that
the user account was root inside the container, then start a "sleep
100" command, open another terminal on the host, and check the
properties of running sleep commands, whereupon he saw:
$ ps -fC sleep
UID ... CMD
root sleep 100
$
i did exactly the same thing on my fedora 31 system but i have docker
aliased to podman, and when i did the same thing, back on the host, i
got:
$ ps -fC sleep
UID PID PPID C STIME TTY TIME CMD
rpjday 24268 21319 0 08:23 pts/0 00:00:00 sleep 42
in short, while the sleep process was owned by root in the container,
on the host, it is clearly owned by me.
i wasn't sure how to explain that, other than to suggest that
podman, by default, doesn't map root in container to root on host. is
there an explanation i could point him to to understand why running
under podman behaved differently? thanks.
rday
4 years, 3 months
[OT?] how to market an intro "docker" course that uses podman/buildah?
by Robert P. J. Day
[DISCLAIMER: i hope this question isn't terribly inappropriate for
this list, as it's about my wondering how to write/market an intro
"docker" course but using podman and buildah instead, and i'm open to
suggestions.]
i'm a long-time trainer, teaching both my own courses and for others
(red hat, for instance). a couple of my course reps have recently
asked me if i have a docker course as some of their clients have been
asking for one, and i'm torn as i don't quite know how to answer that.
when i ask for more details as to what the client is really after, i
generally get little more than, "they just want introductory docker."
*sigh*. so here's my dilemma.
a 1-day intro docker course is pretty straightforward, stuff like:
* what's a container (as opposed to a VM)?
* running an image
* using Dockerfiles
* volumes
that sort of thing ... covering the above in reasonable detail can
easily fill a day.
but me being a red hat/fedora person, i'd much rather teach using
podman and buildah, but then it's not really a "docker" course, is it?
(one of the questions i ask my reps is whether the client really and
truly wants "docker", or whether they want general container training?
asking that question never ends well. :-P
even when something is superior and cutting-edge technology, that
may not be the selling point -- managers understand the word "docker"
and, by god, that's what they want their engineers to get.
one argument for podman is that, with the release of centos 8 back
in sept of 2019, i can at least point at an enterprise-level OS that
supports podman out of the box, which will certainly increase the
comfort level, but it's still no guarantee.
so, thoughts? for a 1-day intro course, the differences between
docker and podman are probably negligible -- for advanced courses,
yes, the differences will become more pronounced, but intro-level
stuff should be safe.
perhaps a proper title would be "introductory container technology
using docker and podman", or something suitably all-encompassing. for
people who do this kind of training, what do *you* do these days? the
course itself is easy enough to write -- i'm just trying to figure out
how to title and position this.
rday
p.s. if there are folks on this list who already do this sort of thing
and have courseware and are willing to license it, i could be talked
into that as well, so drop me a note.
4 years, 3 months
rootless podman run container as user rather than root
by bryan.hepworth@gmail.com
Hi All
Been looking at this one for a good few days, I think I might have the wrong idea of how it works so I'd like some advice.
I created my container image - bioconda that all works nicely, and I can run it from my /home directory as follows: -
podman run -v /home/bryan/data:/home/bryan:z -it bioconda
This starts it up and I can create Directories and Files ok within it and they retain the correct uid and gid's, however some of my other images warn that you are running as root which I'd like to stop happening. Is it possible to use the userns=keep-uid to do this? I can't seem to make it work correctly if this is the way I'm interpreting it to do so.
Thank you
Bryan
4 years, 3 months
Support for multi-arch containers
by Paulo Matos
Hi all,
In docker, there is currently through buildx the possibility of building and running a container in several architectures other than the host one through the use of binfmt and qemu.
Is there currently any support in podman to do this?
Kind regards,
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
4 years, 3 months
