January 2020 - Podman - Podman List Archives

podman 1.7.0: "man podman-system-df" seems badly formatted

by Robert P. J. Day

just upgraded to podman 1.7.0 on my fedora 31 box, and the output of "man podman-system-df" (EXAMPLE section) seems really misformatted. rday

4 years, 11 months

3
3
0 / 0

more docs pedantry: "Exit Status" in "podman-rmi" (and others) all underlines

by Robert P. J. Day

just noticed that some of the man pages strangely format the "Exit Status" sections, such as this example from "podman-rmi" (v1.7.0): Exit Status 0 if all specified images removed 1 if one of the specified images did not exist, and no other failures 2 if one of the specified images has child images or is being used by a con‐ tainer 125 if the command fails for a reason other than an image did not exist or is in use while you can't tell here, "man podman-rmi" renders that entire section of text underlined. the markdown source is: ## Exit Status **_0_** if all specified images removed **_1_** if one of the specified images did not exist, and no other failures **_2_** if one of the specified images has child images or is being used by a container **_125_** if the command fails for a reason other than an image did not exist or is in use it seems that any man page whose markdown under that section that starts with: **_###_** ... underlines the entirety of each entry. (if it's supposed to do that, then it kind of looks just weird, as with "man podman-rmi"). thoughts? rday p.s. "man podman-rmi" is slightly broken anyway because of: Remove an image and its associated containers. ``` podman rmi --force imageID ```` [TOO MANY BACKQUOTES] Remove multiple images by their shortened IDs. ``` but i'll submit a fix for that. rday

4 years, 11 months

2
2
0 / 0

"podman images" --sort option seems awfully forgiving

by Robert P. J. Day

while "man podman-images" states that "created" is the default key for sorting images, it apparently does not point out that *any* invalid sort criteria you specify will use the sort criteria of "created". i noticed this when i mistyped the sort criteria and, to my surprise, it worked fine, which now makes sense given the code in images.go: func sortImagesOutput(sortBy string, imagesOutput imagesSorted) imagesSorted { switch sortBy { case "id": sort.Sort(imagesSortedID{imagesOutput}) case "size": sort.Sort(imagesSortedSize{imagesOutput}) case "tag": sort.Sort(imagesSortedTag{imagesOutput}) case "repository": sort.Sort(imagesSortedRepository{imagesOutput}) default: // default is created time sort.Sort(imagesSortedCreated{imagesOutput}) is that the intended behaviour? it caught me a bit off-guard. rday -- ======================================================================== Robert P. J. Day Ottawa, Ontario, CANADA http://crashcourse.ca Twitter: http://twitter.com/rpjday LinkedIn: http://ca.linkedin.com/in/rpjday ========================================================================

4 years, 11 months

3
3
0 / 0

Running a container built w/ uid:nobody as a system user?

by karl＠touchpoint.io

Hi all. I have created a system user on a host and I am trying to run the prometheus container under this user. The prometheus container has been built to use `nobody` for user/group: https://github.com/prometheus/prometheus/blob/master/Dockerfile Which on my system is: ``` $ id nobody uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup) ``` But i am not able to pull this image: ``` prometheus@my-host:/home/my-user$ /usr/bin/podman run --rm --publish 9090:9090 --volume=/etc/prometheus:/etc/prometheus --storage-opt ignore_chown_errors prom/prometheus:v2.15.2 Trying to pull docker.io/prom/prometheus:v2.15.2... Getting image source signatures Copying blob 777554bd8f5f done Copying blob b1fd22a632bd done Copying blob 0b9be5b44b0b done Copying blob 0f8c40e1270f done Copying blob 626a2a3fee8c done Copying blob 2fa3c248a32e done Copying blob 537aa55b0cd8 done Copying blob 51148e52a043 done Copying blob 764607aff129 done Copying blob 340dd5e6b5d3 done Copying blob 02800ddf4bd5 done Copying blob 6fd47d0ba3e2 done Copying config b715301fa5 done Writing manifest to image destination Storing signatures ERRO[0005] Error while applying layer: ApplyLayer exit status 1 stdout: stderr: there might not be enough IDs available in the namespace (requested 65534:65534 for /home): lchown /home: invalid argument ApplyLayer exit status 1 stdout: stderr: there might not be enough IDs available in the namespace (requested 65534:65534 for /home): lchown /home: invalid argument Error: unable to pull prom/prometheus:v2.15.2: 1 error occurred: * Error committing the finished image: error adding layer with blob "sha256:0f8c40e1270f10d085dda8ce12b7c5b17cd808f055df5a7222f54837ca0feae0": ApplyLayer exit status 1 stdout: stderr: there might not be enough IDs available in the namespace (requested 65534:65534 for /home): lchown /home: invalid argument ``` Note: The same error happens w/ and w/o the `--storage-opt ignore_chown_error` which i picked up from https://www.redhat.com/sysadmin/rootless-podman while trying to understand/fix the error. The user: ``` prometheus@my-host:/home/my-user$ whoami prometheus prometheus@my-host:/home/my-user$ id uid=995(prometheus) gid=1008(prometheus) groups=1008(prometheus) prometheus@my-host:/home/my-user$ ``` The u/gid maps: ``` prometheus@my-host:/home/my-user$ cat /etc/subuid lxd:100000:65536 root:100000:65536 my-user:165536:65536 prometheus:231072:65536 prometheus@my-host:/home/my-user$ cat /etc/subgid lxd:100000:65536 root:100000:65536 my-user:165536:65536 prometheus:231072:65536 ``` What am I missing?

4 years, 11 months

2
4
0 / 0

"Error: cannot mount using driver overlay in rootless mode"

by Robert P. J. Day

moving on to adding a demo of "podman mount" to my course and, whoops: $ podman mount -a Error: cannot mount using driver overlay in rootless mode $ quick google brings me here: https://github.com/containers/libpod/issues/2739 but while i peruse that to try to understand it, it's worth noting that "man podman-mount" gives no warning about this possible outcome. should it? rday -- ======================================================================== Robert P. J. Day Ottawa, Ontario, CANADA http://crashcourse.ca Twitter: http://twitter.com/rpjday LinkedIn: http://ca.linkedin.com/in/rpjday ========================================================================

4 years, 11 months

2
2
0 / 0

weird behaviour with "podman inspect", "--size" option

by Robert P. J. Day

not sure what that option should do related to that command, but the man page reads: --size, -s Display the total file size if the type is a container however, i tried this with a running container: $ podman inspect --size -t=container d1218680819b and got what appears to be full output regarding that container. what output should i expect with "podman inspect --size <containerID>"? am i misreading something? rday -- ======================================================================== Robert P. J. Day Ottawa, Ontario, CANADA http://crashcourse.ca Twitter: http://twitter.com/rpjday LinkedIn: http://ca.linkedin.com/in/rpjday ========================================================================

4 years, 11 months

2
2
0 / 0

how podman differs from docker in ctr process running as root?

by Robert P. J. Day

colleague just presented me with this question ... he was following an example that showed how, when started with docker, a process running as root in the container was also running as root on the host. the example he showed me was to fire up an alpine image, verify that the user account was root inside the container, then start a "sleep 100" command, open another terminal on the host, and check the properties of running sleep commands, whereupon he saw: $ ps -fC sleep UID ... CMD root sleep 100 $ i did exactly the same thing on my fedora 31 system but i have docker aliased to podman, and when i did the same thing, back on the host, i got: $ ps -fC sleep UID PID PPID C STIME TTY TIME CMD rpjday 24268 21319 0 08:23 pts/0 00:00:00 sleep 42 in short, while the sleep process was owned by root in the container, on the host, it is clearly owned by me. i wasn't sure how to explain that, other than to suggest that podman, by default, doesn't map root in container to root on host. is there an explanation i could point him to to understand why running under podman behaved differently? thanks. rday

4 years, 11 months

2
1
0 / 0

[OT?] how to market an intro "docker" course that uses podman/buildah?

by Robert P. J. Day

[DISCLAIMER: i hope this question isn't terribly inappropriate for this list, as it's about my wondering how to write/market an intro "docker" course but using podman and buildah instead, and i'm open to suggestions.] i'm a long-time trainer, teaching both my own courses and for others (red hat, for instance). a couple of my course reps have recently asked me if i have a docker course as some of their clients have been asking for one, and i'm torn as i don't quite know how to answer that. when i ask for more details as to what the client is really after, i generally get little more than, "they just want introductory docker." *sigh*. so here's my dilemma. a 1-day intro docker course is pretty straightforward, stuff like: * what's a container (as opposed to a VM)? * running an image * using Dockerfiles * volumes that sort of thing ... covering the above in reasonable detail can easily fill a day. but me being a red hat/fedora person, i'd much rather teach using podman and buildah, but then it's not really a "docker" course, is it? (one of the questions i ask my reps is whether the client really and truly wants "docker", or whether they want general container training? asking that question never ends well. :-P even when something is superior and cutting-edge technology, that may not be the selling point -- managers understand the word "docker" and, by god, that's what they want their engineers to get. one argument for podman is that, with the release of centos 8 back in sept of 2019, i can at least point at an enterprise-level OS that supports podman out of the box, which will certainly increase the comfort level, but it's still no guarantee. so, thoughts? for a 1-day intro course, the differences between docker and podman are probably negligible -- for advanced courses, yes, the differences will become more pronounced, but intro-level stuff should be safe. perhaps a proper title would be "introductory container technology using docker and podman", or something suitably all-encompassing. for people who do this kind of training, what do *you* do these days? the course itself is easy enough to write -- i'm just trying to figure out how to title and position this. rday p.s. if there are folks on this list who already do this sort of thing and have courseware and are willing to license it, i could be talked into that as well, so drop me a note.

4 years, 11 months

3
5
0 / 0

Re: rootless podman run container as user rather than root

by Bryan Hepworth

Hi Tom Be delighted to! Feel quite honoured being asked as I didn't think it was anything special, but know that the work will pay dividends for all concerned. Bryan

4 years, 11 months

3
2
0 / 0

rootless podman run container as user rather than root

by bryan.hepworth＠gmail.com

Hi All Been looking at this one for a good few days, I think I might have the wrong idea of how it works so I'd like some advice. I created my container image - bioconda that all works nicely, and I can run it from my /home directory as follows: - podman run -v /home/bryan/data:/home/bryan:z -it bioconda This starts it up and I can create Directories and Files ok within it and they retain the correct uid and gid's, however some of my other images warn that you are running as root which I'd like to stop happening. Is it possible to use the userns=keep-uid to do this? I can't seem to make it work correctly if this is the way I'm interpreting it to do so. Thank you Bryan

4 years, 11 months

3
5
0 / 0

2024

2023

2022

2021

2020

2019

Podman January 2020