can not run ubi7-init systemd container, fedora systemd container works fine
by Jan Hutař
Hello!
I have an issue with running "ubi7-init" based container. When I base mine
container on "fedora", it works fine:
$ cat Containerfile
FROM fedora
RUN dnf -y install httpd; dnf clean all; systemctl enable httpd
EXPOSE 80
CMD [ "/sbin/init" ]
and then:
$ sudo podman build -f Containerfile
$ sudo podman run -ti -p 80:80 20185593d0f96c4dee56e351eae4754cdd429679c1b645dae1b6f24880ce33fc
systemd v246.6-3.fc33 running in system mode. (+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +ZSTD +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=unified)
[...]
[ OK ] Started The Apache HTTP Server.
[...]
But when I try the same with ubi7-init based container (or rhel7-init):
$ cat Containerfile
FROM registry.access.redhat.com/ubi7/ubi-init
RUN echo -e "[repo1]\nname=repo1\nbaseurl=http://repos.example.com/RHEL-7/7.9/Server/x8..." >/etc/yum.repos.d/repo1.repo; yum -y install httpd; yum clean all; systemctl enable httpd
EXPOSE 80
CMD [ "/sbin/init" ]
it fails:
$ sudo podman run -ti -p 80:80 d872b16b8d0f9718c60420e3569cb4d5ddd16053fb72903e70d7b62ba3f34964
Failed to mount cgroup at /sys/fs/cgroup/systemd: Operation not permitted
[!!!!!!] Failed to mount API filesystems, freezing.
And same with privileged:
$ sudo podman run -ti -p 80:80 --privileged=true d872b16b8d0f9718c60420e3569cb4d5ddd16053fb72903e70d7b62ba3f34964
Failed to mount cgroup at /sys/fs/cgroup/systemd: Operation not permitted
[!!!!!!] Failed to mount API filesystems, freezing.
I have these versions:
$ rpm -q fedora-release-common podman
fedora-release-common-33-3.noarch
podman-2.2.1-1.fc33.x86_64
$ sudo podman version
Version: 2.2.1
API Version: 2.1.0
Go Version: go1.15.5
Built: Tue Dec 8 15:37:50 2020
OS/Arch: linux/amd64
Running very similar container on RHEL7 with docker-1.10.3-59.el7.x86_64
(there is 1.13.1 available, but have not tried) works fine.
Please, any idea on what I'm doing wrong?
Thank you in advance and happy new year!
Regards,
Jan
--
Jan Hutar Performance Engineering
jhutar(a)redhat.com Red Hat, Inc.
4 years, 1 month
Next Podman Community Meeting, Tuesday February 2, 2021, 11:00 a.m. (UTC-5)
by Tom Sweeney
Happy New Year All!
It was just pointed out to me that I had not cancelled the meeting
invite for the January Podman Community Meeting in Blue Jeans. I have
just done so as we decided to not hold the January meeting given how
close to the holidays it was.
We will meet next at 11:00 a.m. Eastern (UTC-5) on Tuesday February 2,
2021. I'll send out an agenda about two weeks prior to the meeting, if
you have any topics that you would like to present or discuss, please
let me know.
Best Wishes,
t
4 years, 1 month
Single pod,multiple networks
by fugkco
Hello all,
I have a pod that has a service running that has to run on a VPN. I've been able to make this setup work and I'm able to access the service on my local network too.
The set up is:
> podman pod create --name=mypod --share net -p 8080:8080
> podman run -d --name=vpn --cap-add=NET_ADMIN --device /dev/net/tun --restart unless-stopped openvpn
> podman run -d --name=myservice --restart unless-stopped myservice
I've now figured out that the container `myservice` may also need a non-vpn connection. Therefore I'd like to add an additional nic to the container, that _isn't_ running over the VPN.
Is there a solution at all for this?
Failing that, I can setup a small proxy within the same pod that I can point `myservice` to. Would it be possible to ensure said proxy doesn't run over the VPN?
Note, I'm aware that I could potentially run aforementioned proxy on a separate pod, and then point myservice to the proxy pod, though I'd like to avoid that if possible.
Happy to provide additional clarifications.
Thanks
4 years, 1 month
