Containers terminate on shell logout
by Ryan Wilson
Hi podman team,
I wanted to try out Fedora CoreOS for a couple of upcoming projects so I
installed it on bare metal and logged in via ssh. I can start a container
detached (as my logged in user) and then verify that the server is running
but when I logout of the ssh session, the container stops. From looking at
the logs, it appears that the container process is getting SIGTERM Which I
assume means the container was stopped gracefully. But by what? How do I
stop this behavior? If I detach a container, I would like it to outlive my
session. This doesn’t happen when I sudo to root and start the container,
only when running as the non-root user. Any suggestions?
Ryan
4 years, 8 months
Podman build and commit does not seem to use overlayfs
by Alvin Sebastian
Hi,
I run podman as root, but it seems that the build and commit commands always create images that double the size on every change.
I run podman on ArchLinux with F2FS disk. Is F2FS not supported? I could not find anything on the web that mentions this.
# podman info
host:
arch: amd64
buildahVersion: 1.14.8
cgroupVersion: v1
conmon:
package: Unknown
path: /usr/bin/conmon
version: 'conmon version 2.0.15, commit: 1bddbf7051a973f4a4fecf06faa0c48e82f1e9e1'
cpus: 8
distribution:
distribution: arch
version: unknown
eventLogger: file
hostname: archasw
idMappings:
gidmap: null
uidmap: null
kernel: 5.6.10-arch1-1
memFree: 8687009792
memTotal: 16554958848
ociRuntime:
name: runc
package: Unknown
path: /usr/bin/runc
version: |-
runc version 1.0.0-rc10
commit: dc9208a3303feef5b3839f4323d9beb36df0a9dd
spec: 1.0.1-dev
os: linux
rootless: false
slirp4netns:
executable: ""
package: ""
version: ""
swapFree: 0
swapTotal: 0
uptime: 20h 4m 31.66s (Approximately 0.83 days)
registries:
search:
- docker.io
- registry.fedoraproject.org
- quay.io
- registry.access.redhat.com
- registry.centos.org
store:
configFile: /etc/containers/storage.conf
containerStore:
number: 3
paused: 0
running: 0
stopped: 3
graphDriverName: overlay
graphOptions:
overlay.mountopt: nodev
graphRoot: /var/lib/containers/storage
graphStatus:
Backing Filesystem: f2fs
Native Overlay Diff: "false"
Supports d_type: "true"
Using metacopy: "true"
imageStore:
number: 5
runRoot: /var/run/containers/storage
volumePath: /var/lib/containers/storage/volumes
Example with commit:
# podman image tree centos7-systemd
Image ID: 0cd1f34a88bc
Tags: [localhost/centos7-systemd:latest]
Size: 227.7MB
Image Layers
└── ID: 913cda0bf08e Size: 227.7MB Top Layer of: [localhost/centos7-systemd:latest]
# podman run -it centos7-systemd /bin/bash
# yum update
# exit
# podman commit inspiring_ganguly inspiring_ganguly
# podman image tree inspiring_ganguly
Image ID: feb029dfb122
Tags: [localhost/inspiring_ganguly:latest]
Size: 436.4MB
Image Layers
├── ID: 913cda0bf08e Size: 227.7MB Top Layer of: [localhost/centos7-systemd:latest]
└── ID: 3ff0a6be06fa Size: 208.7MB Top Layer of: [localhost/inspiring_ganguly:latest]
Regards,
Alvin
4 years, 8 months
why is --ip limited to the default network
by Gordon Messmer
I'd like to use containers for services that overlap in the ports they
use. For example, I'd like to run FreeIPA and also a caching DNS
server. (Or FreeIPA with Windows auth and Samba, which both use 137-139
and 445.)
My preferred setup for this is bridged networking without NAT, and I've
got that set up. I manually configured a bridge device with the
Ethernet interface as a member, and I've configured a CNI network with
"host-local" IPAM. I can create containers attached to that network,
and they'll get an address that's on the host's network. Clients can
connect to them. All of that is working as expected.
However, especially in the case of running a DNS server, I'd really like
to have a fixed address for the container, and I don't see a way to do
that (other than creating another network definition with "static" IPAM,
which would require a network definition for every container with a
fixed address). The documentation for podman-run says that --ip can't
be used when a container is joined to an "additional" network, and I
don't understand that. The container is only connected to one network,
as indicated by the output of "podman inspect".
So, to the question in the subject, why is --ip only allowed on the
default network? Is there any other mechanism for assigning a fixed IP
address to a container that's on a user-defined network?
4 years, 8 months
Re: Can't access ports outside host machine
by Daniel Walsh
On 5/8/20 09:18, Navdeep Uniyal wrote:
>
> Hi guys,
>
>
> I am seeing a behavior:
> When I run a container without root, I can reach the exposed ports
> from outside the host machine. But, when I run the same container
> using root access, I can't reach the port from outside.Is this an
> expected behavior. If yes, please help me how can I access the ports
> outside host while running using root access:
> I am using following command:
>
>
> podman run -dit -p=8000:8000 --privileged --name coa apache:latest
>
> Â
>
> Kind Regards,
>
> Navdeep
>
>
> _______________________________________________
> Podman mailing list -- podman(a)lists.podman.io
> To unsubscribe send an email to podman-leave(a)lists.podman.io
I would expect them to behave the same, and in neither case be
accessible from outside of the machine.
We believe that modifications of the firewall rules should be done by
the admin and not be done by podman for external access to ports.
4 years, 8 months
Can't access ports outside host machine
by Navdeep Uniyal
Hi guys,
I am seeing a behavior:
When I run a container without root, I can reach the exposed ports from outside the host machine. But, when I run the same container using root access, I can't reach the port from outside.Is this an expected behavior. If yes, please help me how can I access the ports outside host while running using root access:
I am using following command:
podman run -dit -p=8000:8000 --privileged --name coa apache:latest
Kind Regards,
Navdeep
4 years, 8 months
