From eae at us.ibm.com Wed Oct 23 16:16:24 2019
Content-Type: multipart/mixed; boundary="===============0243615190657594014=="
MIME-Version: 1.0
From: eae at us.ibm.com
To: podman at lists.podman.io
Subject: [Podman] Sharing blob-info-cache-v1.boltdb across multiple machines
Date: Wed, 23 Oct 2019 16:16:17 +0000
Message-ID: <20191023161617.27175.75732@lists.podman.io>
--===============0243615190657594014==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
We have a cluster of machines where /home is a remote gluster mount. Runnin=
g podman rootless nicely solves the problem of accessing the remote filesys=
tem with user credentials. Since remote filesystems do not currently suppor=
t namespaces, podman is run with --root, --runroot, and --tmpdir set to be =
/tmp/$USER. All works well on the first client machine, but an image pulled=
successfully on one machine will fail to pull on a second. For example, on=
the second machine:
$ podman run --rm -it ubuntu
Trying to pull docker.io/library/ubuntu...Getting image source signatures
Copying blob c58094023a2e done
Copying blob 079b6d2a1e53 done
Copying blob 11048ebae908 done
Copying blob 22e816666fd6 done
Copying config cf0f3ca922 done
Writing manifest to image destination
Storing signatures
ERRO[0168] Error while applying layer: ApplyLayer exit status 1 stdout: st=
derr: lchown /etc/gshadow: operation not permitted =
ERRO[0200] Error pulling image ref //ubuntu:latest: Error committing the fi=
nished image: error adding layer with blob "sha256:22e816666fd6516bccd19765=
947232debc14a5baf2418b2202fd67b3807b6b91": ApplyLayer exit status 1 stdout:=
stderr: lchown /etc/gshadow: operation not permitted =
Failed
Trying to pull registry.fedoraproject.org/ubuntu...ERRO[0200] Error pulling=
image ref //registry.fedoraproject.org/ubuntu:latest: Error initializing s=
ource docker://registry.fedoraproject.org/ubuntu:latest: Error reading mani=
fest latest in registry.fedoraproject.org/ubuntu: manifest unknown: manifes=
t unknown =
Failed
Trying to pull quay.io/ubuntu...ERRO[0201] Error pulling image ref //quay.i=
o/ubuntu:latest: Error initializing source docker://quay.io/ubuntu:latest: =
Error reading manifest latest in quay.io/ubuntu: error parsing HTTP 404 res=
ponse body: invalid character '<' looking for beginning of value: "\n404 Not Found</ti=
tle>\n<h1>Not Found</h1>\n<p>The requested URL was not found on the server.=
If you entered the URL manually please check your spelling and try again.<=
/p>\n" =
Failed
Trying to pull registry.centos.org/ubuntu...ERRO[0201] Error pulling image =
ref //registry.centos.org/ubuntu:latest: Error initializing source docker:/=
/registry.centos.org/ubuntu:latest: Error reading manifest latest in regist=
ry.centos.org/ubuntu: manifest unknown: manifest unknown =
Failed
Error: unable to pull ubuntu: 4 errors occurred:
* Error committing the finished image: error adding layer with blob "sha25=
6:22e816666fd6516bccd19765947232debc14a5baf2418b2202fd67b3807b6b91": ApplyL=
ayer exit status 1 stdout: stderr: lchown /etc/gshadow: operation not perm=
itted
* Error initializing source docker://registry.fedoraproject.org/ubuntu:lat=
est: Error reading manifest latest in registry.fedoraproject.org/ubuntu: ma=
nifest unknown: manifest unknown
* Error initializing source docker://quay.io/ubuntu:latest: Error reading =
manifest latest in quay.io/ubuntu: error parsing HTTP 404 response body: in=
valid character '<' looking for beginning of value: "<!DOCTYPE HTML PUBLIC =
\"-//W3C//DTD HTML 3.2 Final//EN\">\n<title>404 Not Found\nNot =
Found
\nThe requested URL was not found on the server. If you entere=
d the URL manually please check your spelling and try again.
\n"
* Error initializing source docker://registry.centos.org/ubuntu:latest: Er=
ror reading manifest latest in registry.centos.org/ubuntu: manifest unknown=
: manifest unknown
Our guess is that this is happening because blob-info-cache-v1.boltdb is in=
the shared /home filesystem.
Is there a suggested approach to running rootless podman on multiple machin=
es with a shared /home directory?
Thanks,
Eddie
--===============0243615190657594014==--