October 2021 - Podman - Podman List Archives

by Michael Ivanov

Hallo! I'm trying to run my application in podman rootless container and I stumble on following problem: my program needs /proc/sys/fs/mqueue/msg_max to be at least 256, but in running container this value is just 10. When I try to specify this parameter while running the image (--sysctl 'fs.mqueue.msg_max=256') I get the following error: Error: open /proc/sys/fs/mqueue/msg_max: Permission denied: OCI permission denied and container is not created. My host where container is being run has this parameter set to 256. How can I expose current host setting for msg_max to my container? Best regards, -- \ / | | (OvO) | Михаил Иванов | (^^^) | | \^/ | E-mail: ivans(a)isle.spb.ru | ^ ^ | |

12 months

4
10
0 / 0

Support for WireGuard interface and multiple network interfaces

by Maximilian Ehlers

Helo everyone, for a while I have been using containers that join themselves into a VPN via their entrypoint script. Only a small CIDR is forwarded to that private network and all other traffic gets routed over the bridged network via the host. In my exact use case the containers use WireGuard and need the following configurations: - private key (public keys can be derived) - public key of an endpoint - network routable IP of an endpoint - Port of the endpoint - CIDR to route to endpoint Optionally multiple endpoints could be specified. As this hack inside the entrypoint is not the most elegant way (DRY) and so on, I would like to ask whether or not it would be possible to integrate this functionality into podman. Specifically to integrate support for a WireGuard interface configurable via CLI flags/config && together with this giving a container multiple network interfaces at spawn with the ability to specify which CIDR should route to which interface. Implementing this would be an interesting challenge for me if it is at all possible (or am I wasting my time here?)/ Any hints as to how I could proceed in implementing and testing this in a fork of the project would be much appreciated! Thanks alot Max <b-m-f>

3 years

4
4
0 / 0

Podman Community Cabal Meeting Time Change and Podman Community Meeting reminder

by Tom Sweeney

Hi All, Just a quick note on a couple of meeting updates. The Podman Community Cabal Meetings have been happening at 10:00 a.m. EDT (UTC-4) on the third Thursday of each month. Due to a conflicting meeting for a number of the key maintainers, we have decided to move the meeting from 10:00 a.m. to 11:00 a.m. EDT, still on the third Thursday of the month. Secondly, the next Podman Community Meeting snuck up on me and is happening this coming Tuesday November 2, 2021 at 11:00 a.m. EDT (UTC-4). We don't have a lot of topics for next week, so if you have something you'd like to present, or a topic that you'd like to hear about, please drop me a note. Thanks All! t

3 years

2
1
0 / 0

is podman (and friends) reasonably complete under recent ubuntu?

by Robert P. J. Day

current colleague wants to set up as complete a podman-based environment as possible, and corporate policy dictates must be ubuntu, but can be as recent an ubuntu version as desired (even brand new 21.10). predictably, i suggested fedora would be a better choice, but that's not an option given corporate choice of ubuntu for dev boxes. so the question is, will that still provide a reasonably complete set of container tools relative to fedora using just standard packages? rday

3 years

4
6
0 / 0

How to setup internal and external networking for rootless containers with podman

by Gerben Venekamp

I am trying to setup networking in rootless containers. What I would like to have is both internal, i.e. container to container, and external, e.g. ping 8.8.8.8, inside a single container. I get internal working as well as external, however never both at the same time within a single container. I have raised this question on stackoverflow as well. The question on stackoverflow can be found at: https://stackoverflow.com/questions/69636101/how-to-setup-internal-and-ex... Regards, Gerben

3 years

3
6
0 / 0

Q: Slightly uncomplicating manifest-lists

by Chris Evich

All, Recently I wrote a blog article that touches on a few podman (and buildah) commands which are bound to catch people off-guard: https://podman.io/blogs/2021/10/11/multiarch.html Unfortunately the reason for the "Ugh! What? Really?" of 'rm' and 'push' is "maintaining compatibility" - hence, unlikely to change. See https://github.com/containers/podman/issues/11899 So my thinking was, if we can't change the CLI can we make the feedback to users better? At least then, people would be alerted when it comes to surprising 'rm'/'push' behavior. For example: $ podman images REPOSITORY TAG IMAGE ID CREATED SIZE docker.io/library/redis latest 7faaec683238 7 days 116 MB reg.fed.org/fedora 34 191682d67252 2 weeks 184 MB ex.co/foo/bar latest [M]123456576b54 1 second 123 GB reg.acc.red.c/ubi8-init latest 670b0e87da3c 4 weeks 251 MB quay.io/libpod/alpine latest 961769676411 2 years 5.85 MB Indicating 'ex.co/foo/bar' is a manifest list not a regular image, and so needs special handling by the user. Alternatively it could be it's own column. I was just wanted to be sensitive to anyone who may be scraping the space-separated data for some purpose. What are your opinions/concerns/alternatives for something like this? -- Chris Evich (he/him), RHCA III Senior Quality Assurance Engineer My personal robot overlord told me to include this signature line.

3 years, 1 month

3
5
0 / 0

Podman Community Cabal meeting in one hour!

by Tom Sweeney

Hi All! The Podman Community Cabal Meeting is happening an hour from now. We will be talking about Netavark, Podman System Monitor for Mac, quadlet, ARM Testing, and more! Video Conference link in the agenda: https://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both Hope to see you there! t

3 years, 1 month

1
0
0 / 0

Upcoming Podman Community Cabal Meeting - Thursday Oct 21, 2021

by Tom Sweeney

Hi All, Just a quick reminder that the Podman Community Cabal meeting will be happening in about 6 days and 20 hours from now, at 10:00 a.m. EDT (UTC-4) next Thursday October 21, 2021. Only one agenda item at the moment to be discussed, happy to take more. The video conference link is at the top of the agenda: https://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both Hope to see you there! t

3 years, 1 month

2
1
0 / 0

Container documentation

by Michael Ivanov

Hallo, One small question strictly not related to podman: are there any means to bundle container-related documentation to container itself, similar to perl's embedded POD) and to query it in some generic way? (say like 'podman docs <container name>')? Best regards, -- \ / | | (OvO) | Михаил Иванов | (^^^) | | \^/ | E-mail: ivans(a)isle.spb.ru | ^ ^ | |

3 years, 1 month

2
1
0 / 0

permissions issues to host filesystem when running rootless Vs rootful and question on opening port on container/host

by Christopher.Miller＠gd-ms.com

First time poster. Coming from Docker background, using Podman since May of this year. Help me make sense of this. I am testing applying certs to a container in our dev environment, before replicating it to our production container. It was running as expected, and now I'm having issues when running the same commands (I've deleted the old container 1st before starting the work again). If I run the following command: sudo podman run -d -name hosta-nexus -p 8081:80 -v /opt/nexus:/nexus-data:Z -v /data/storage:/storage:Z docker.io/sonatype/nexus.3:30.0 [usera@hosta /]$ sudo podman run --name hosta-nexus -p 8081:80 -v /opt/nexus:/nexus-data:Z -v /data/storage:/storage:Z docker.io/sonatype/nexus3:3.30.0 mkdir: cannot create directory '../sonatype-work/nexus3': Permission denied mkdir: cannot create directory '../sonatype-work/nexus3': Permission denied Warning: Cannot open log file: ../sonatype-work/nexus3/log/jvm.log Warning: Forcing option -XX:LogFile=/tmp/jvm.log OpenJDK 64-Bit Server VM warning: Cannot open file ../sonatype-work/nexus3/log/jvm.log due to Permission denied java.io.FileNotFoundException: ../sonatype-work/nexus3/tmp/i4j_ZTDnGON8hezynsMX2ZCYAVDtQog=.lock (Permission denied) at java.io.RandomAccessFile.open0(Native Method) at java.io.RandomAccessFile.open(RandomAccessFile.java:316) at java.io.RandomAccessFile.<init>(RandomAccessFile.java:243) at com.install4j.runtime.launcher.util.SingleInstance.check(SingleInstance.java:72) at com.install4j.runtime.launcher.util.SingleInstance.checkForCurrentLauncher(SingleInstance.java:31) at com.install4j.runtime.launcher.UnixLauncher.checkSingleInstance(UnixLauncher.java:88) at com.install4j.runtime.launcher.UnixLauncher.main(UnixLauncher.java:67) java.io.FileNotFoundException: /nexus-data/karaf.pid (Permission denied) at java.io.FileOutputStream.open0(Native Method) at java.io.FileOutputStream.open(FileOutputStream.java:270) at java.io.FileOutputStream.<init>(FileOutputStream.java:213) at java.io.FileOutputStream.<init>(FileOutputStream.java:101) at org.apache.karaf.main.InstanceHelper.writePid(InstanceHelper.java:127) at org.apache.karaf.main.Main.launch(Main.java:243) at org.sonatype.nexus.karaf.NexusMain.launch(NexusMain.java:113) at org.sonatype.nexus.karaf.NexusMain.main(NexusMain.java:52) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at com.exe4j.runtime.LauncherEngine.launch(LauncherEngine.java:85) at com.install4j.runtime.launcher.UnixLauncher.main(UnixLauncher.java:69) java.lang.RuntimeException: /nexus-data/log/karaf.log (Permission denied) at org.apache.karaf.main.util.BootstrapLogManager.getDefaultHandlerInternal(BootstrapLogManager.java:102) at org.apache.karaf.main.util.BootstrapLogManager.getDefaultHandlersInternal(BootstrapLogManager.java:137) at org.apache.karaf.main.util.BootstrapLogManager.getDefaultHandlers(BootstrapLogManager.java:70) at org.apache.karaf.main.util.BootstrapLogManager.configureLogger(BootstrapLogManager.java:75) at org.apache.karaf.main.Main.launch(Main.java:244) at org.sonatype.nexus.karaf.NexusMain.launch(NexusMain.java:113) at org.sonatype.nexus.karaf.NexusMain.main(NexusMain.java:52) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at com.exe4j.runtime.LauncherEngine.launch(LauncherEngine.java:85) at com.install4j.runtime.launcher.UnixLauncher.main(UnixLauncher.java:69) Caused by: java.io.FileNotFoundException: /nexus-data/log/karaf.log (Permission denied) at java.io.FileOutputStream.open0(Native Method) at java.io.FileOutputStream.open(FileOutputStream.java:270) at java.io.FileOutputStream.<init>(FileOutputStream.java:213) at org.apache.karaf.main.util.BootstrapLogManager$SimpleFileHandler.open(BootstrapLogManager.java:193) at org.apache.karaf.main.util.BootstrapLogManager$SimpleFileHandler.<init>(BootstrapLogManager.java:182) at org.apache.karaf.main.util.BootstrapLogManager.getDefaultHandlerInternal(BootstrapLogManager.java:100) ... 12 more Error creating bundle cache. Unable to update instance pid: Unable to create directory /nexus-data/instances Exception in thread "Thread-2" java.lang.SecurityException: Could not lock User prefs. Lock file access denied. at java.util.prefs.FileSystemPreferences.checkLockFile0ErrorCode(FileSystemPreferences.java:949) at java.util.prefs.FileSystemPreferences.lockFile(FileSystemPreferences.java:937) at java.util.prefs.FileSystemPreferences.sync(FileSystemPreferences.java:741) at java.util.prefs.FileSystemPreferences.flush(FileSystemPreferences.java:836) at java.util.prefs.FileSystemPreferences.syncWorld(FileSystemPreferences.java:476) at java.util.prefs.FileSystemPreferences.access$1200(FileSystemPreferences.java:50) at java.util.prefs.FileSystemPreferences$4$1.run(FileSystemPreferences.java:454) The following directories already exist on the host: /opt/nexus and /data/storage and are owned by nexus:nexus and the file permissions are 755. BUT, if I run the following command (with user 0): sudo podman run -dit --name hosta-nexus -u 0 -p 8081:80 -v /opt/nexus:/nexus-data:Z -v /data/storage:/storage:Z docker.io/sonatype/nexus3:3.30.0 Why was the container running without the -u 0, and now I'm getting permission denied at rootless? Is there something, somewhere that is persisting that is causing the issue? Also to clear things up, I'm opening the following port on the Container to the Host: 8081:80 , but if I type in localhost:8081 or localhost:80, the UI won't come up. I have to inspect the running container, get the IP address, and then put in that ip address:8081 and then the web pages comes up. I'm not sure what I'm doing incorrectly here. Thanks Chris

3 years, 1 month

3
19
0 / 0

2024

2023

2022

2021

2020

2019

Podman October 2021