From dwalsh at redhat.com Wed Oct 23 20:31:16 2019
Content-Type: multipart/mixed; boundary="===============3706940670918483298=="
MIME-Version: 1.0
From: Daniel Walsh <dwalsh at redhat.com>
To: podman at lists.podman.io
Subject: [Podman] Re: Sharing blob-info-cache-v1.boltdb across multiple
 machines
Date: Wed, 23 Oct 2019 16:24:40 -0400
Message-ID: <ea24d072-fd5f-fc3f-b17a-fe100c6fb777@redhat.com>
In-Reply-To: 20191023183101.GI28864@lisas.de

--===============3706940670918483298==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

On 10/23/19 2:31 PM, Adrian Reber wrote:
> On Wed, Oct 23, 2019 at 04:16:17PM -0000, eae(a)us.ibm.com wrote:
>> We have a cluster of machines where /home is a remote gluster mount. Run=
ning podman rootless nicely solves the problem of accessing the remote file=
system with user credentials. Since remote filesystems do not currently sup=
port namespaces, podman is run with --root, --runroot, and --tmpdir set to =
be /tmp/$USER. All works well on the first client machine, but an image pul=
led successfully on one machine will fail to pull on a second. For example,=
 on the second machine:
>>
>> $ podman run --rm -it ubuntu
>> Trying to pull docker.io/library/ubuntu...Getting image source signatures
>> Copying blob c58094023a2e done
>> Copying blob 079b6d2a1e53 done
>> Copying blob 11048ebae908 done
>> Copying blob 22e816666fd6 done
>> Copying config cf0f3ca922 done
>> Writing manifest to image destination
>> Storing signatures
>> ERRO[0168] Error while applying layer: ApplyLayer exit status 1 stdout: =
 stderr: lchown /etc/gshadow: operation not permitted =

>> ERRO[0200] Error pulling image ref //ubuntu:latest: Error committing the=
 finished image: error adding layer with blob "sha256:22e816666fd6516bccd19=
765947232debc14a5baf2418b2202fd67b3807b6b91": ApplyLayer exit status 1 stdo=
ut:  stderr: lchown /etc/gshadow: operation not permitted =

>> Failed
>> Trying to pull registry.fedoraproject.org/ubuntu...ERRO[0200] Error pull=
ing image ref //registry.fedoraproject.org/ubuntu:latest: Error initializin=
g source docker://registry.fedoraproject.org/ubuntu:latest: Error reading m=
anifest latest in registry.fedoraproject.org/ubuntu: manifest unknown: mani=
fest unknown =

>> Failed
>> Trying to pull quay.io/ubuntu...ERRO[0201] Error pulling image ref //qua=
y.io/ubuntu:latest: Error initializing source docker://quay.io/ubuntu:lates=
t: Error reading manifest latest in quay.io/ubuntu: error parsing HTTP 404 =
response body: invalid character '<' looking for beginning of value: "<!DOC=
TYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\">\n<title>404 Not Found<=
/title>\n<h1>Not Found</h1>\n<p>The requested URL was not found on the serv=
er. If you entered the URL manually please check your spelling and try agai=
n.</p>\n" =

>> Failed
>> Trying to pull registry.centos.org/ubuntu...ERRO[0201] Error pulling ima=
ge ref //registry.centos.org/ubuntu:latest: Error initializing source docke=
r://registry.centos.org/ubuntu:latest: Error reading manifest latest in reg=
istry.centos.org/ubuntu: manifest unknown: manifest unknown =

>> Failed
>> Error: unable to pull ubuntu: 4 errors occurred:
>> 	* Error committing the finished image: error adding layer with blob "sh=
a256:22e816666fd6516bccd19765947232debc14a5baf2418b2202fd67b3807b6b91": App=
lyLayer exit status 1 stdout:  stderr: lchown /etc/gshadow: operation not p=
ermitted
>> 	* Error initializing source docker://registry.fedoraproject.org/ubuntu:=
latest: Error reading manifest latest in registry.fedoraproject.org/ubuntu:=
 manifest unknown: manifest unknown
>> 	* Error initializing source docker://quay.io/ubuntu:latest: Error readi=
ng manifest latest in quay.io/ubuntu: error parsing HTTP 404 response body:=
 invalid character '<' looking for beginning of value: "<!DOCTYPE HTML PUBL=
IC \"-//W3C//DTD HTML 3.2 Final//EN\">\n<title>404 Not Found</title>\n<h1>N=
ot Found</h1>\n<p>The requested URL was not found on the server. If you ent=
ered the URL manually please check your spelling and try again.</p>\n"
>> 	* Error initializing source docker://registry.centos.org/ubuntu:latest:=
 Error reading manifest latest in registry.centos.org/ubuntu: manifest unkn=
own: manifest unknown
>>
>> Our guess is that this is happening because blob-info-cache-v1.boltdb is=
 in the shared /home filesystem.
>>
>> Is there a suggested approach to running rootless podman on multiple mac=
hines with a shared /home directory?
> To run Podman in an HPC like environment with /home on NFS, I am doing
> the following steps to set up Podman for each user:
>
> $ podman info
> $ sed -e "s,graphroot.*$,graphroot =3D \"/tmp/container\",g" -i .config/c=
ontainers/storage.conf'
> $ rm -f ./.local/share/containers/storage/libpod/bolt_state.db ./.local/s=
hare/containers/cache/blob-info-cache-v1.boltdb"
>
> If a user now uses Podman it just works. This is for a CentOS 7.7 based
> system. Maybe that helps for your use case also.
>
> 		Adrian
> _______________________________________________
> Podman mailing list -- podman(a)lists.podman.io
> To unsubscribe send an email to podman-leave(a)lists.podman.io

I think a nice blog on how to run podman on an NFS Homedir would be
something people could use.

--===============3706940670918483298==--