[Podman] Re: Anyone got ZeroTier working in podman containers? - First prob resolved, next Q

On 3/17/20 23:26, Philip Rhoades wrote: > On 2020-03-18 05:44, Philip Rhoades wrote: >> Daniel, >> >> >> On 2020-03-18 04:38, Daniel Walsh wrote: >>> On 3/17/20 12:48, Philip Rhoades wrote: >>>> Daniel, >>>> >>>> >>>> On 2020-03-17 01:30, Daniel Walsh wrote: >>>>> On 3/16/20 09:07, Philip Rhoades wrote: >>>>>> People, >>>>>> >>>>>> I am just starting to make real use of podman containers but, for >>>>>> one >>>>>> particular exercise, it would be convenient if I could use >>>>>> zerotier in >>>>>> one of the containers but I get: >>>>>> >>>>>> [root@1c15d54fa274 /]# zerotier-cli info >>>>>> zerotier-cli: missing port and zerotier-one.port not found in >>>>>> /var/lib/zerotier-one >>>>>> >>>>>> - it works for other, non-container, devices - as well as VMs on >>>>>> KVM. >>>>>> >>>>>> Thanks, >>>>>> >>>>>> Phil. >>>>> >>>>> How did you package up zerotier?  This looks like the installation >>>>> within the container image failed to install >>>>> /var/lib/zerotier-one? >>>> >>>> >>>> I used this (which, as I said, worked fine for all the other >>>> non-container environments): >>>> >>>> curl -s >>>> 'https://raw.githubusercontent.com/zerotier/ZeroTierOne/master/doc/contact%40zerotier.com.gpg' >>>> >>>> | gpg --import && if z=$(curl -s 'https://install.zerotier.com/' | >>>> gpg); then echo "$z" | sudo bash; fi >>>> >>>> Thanks, >>>> >>>> Phil. >>> >>> I ran >>> >>> ##################################################### >>> >>> $ podman run -ti fedora sh >>> >>> # curl -s >>> 'https://raw.githubusercontent.com/zerotier/ZeroTierOne/master/doc/contact%40zerotier.com.gpg' >>> >>> | gpg --import && if z=$(curl -s 'https://install.zerotier.com/' | >>> gpg); >>> then echo "$z" | sudo bash; fi >>> >>> ... >>> >>> *** Enabling and starting zerotier-one service... >>> Created symlink >>> /etc/systemd/system/multi-user.target.wants/zerotier-one.service → >>> /usr/lib/systemd/system/zerotier-one.service. >>> System has not been booted with systemd as init system (PID 1). >>> Can't >>> operate. >>> Failed to connect to bus: Host is down >>> >>> *** Package installed but cannot start service! You may be in a >>> Docker >>> *** container or using a non-standard init service. >>> >>> # # zerotier-cli info >>> zerotier-cli: missing port and zerotier-one.port not found in >>> /var/lib/zerotier-one >>> >>> ####################################################### >>> >>> >>> This looks like the script is attempting to start a service inside >>> of >>> the container via systemd, which does not exists.  >>> >>> However if I do: >>> >>> >>> ##################################################### >>> >>> $ podman run -d fedora /sbin/init >>> >>> 8f841ca46ceda9d5452eca2b0459029272dc5898eb2bea4ccefa81efa076c8eb >>> >>> $ podman exec -ti >>> 8f841ca46ceda9d5452eca2b0459029272dc5898eb2bea4ccefa81efa076c8eb >>> >>> # curl -s >>> 'https://raw.githubusercontent.com/zerotier/ZeroTierOne/master/doc/contact%40zerotier.com.gpg' >>> >>> | gpg --import && if z=$(curl -s 'https://install.zerotier.com/' | >>> gpg); >>> then echo "$z" | sudo bash; fi >>> >>> ... >>> >>> *** Enabling and starting zerotier-one service... >>> Created symlink >>> /etc/systemd/system/multi-user.target.wants/zerotier-one.service → >>> /usr/lib/systemd/system/zerotier-one.service. >>> >>> *** Waiting for identity generation... >>> >>> *** Success! You are ZeroTier address [ a8057b16e9 ]. >>> >>> #  zerotier-cli info >>> 200 info a8057b16e9 1.4.6 OFFLINE >>> >>> # systemctl status zerotier-one >>> ● zerotier-one.service - ZeroTier One >>>    Loaded: loaded (/usr/lib/systemd/system/zerotier-one.service; >>> enabled; vendor preset: disabled) >>>    Active: active (running) since Tue 2020-03-17 17:33:23 UTC; 4min >>> 23s ago >>>  Main PID: 145 (zerotier-one) >>>    CGroup: >>> /user.slice/user-3267.slice/user(a)3267.service/apps.slice/apps-org.gnome.Terminal.slice/vte-spawn-6856c47f-79c0-49a8-8004-771d446b888b.scope/8f841ca46ceda9d5452eca2b0459029272dc589 >>> >>> 8eb2bea4ccefa81efa076c8eb/system.slice/zerotier-one.service >>>            └─145 /usr/sbin/zerotier-one >>> >>> Mar 17 17:33:23 8f841ca46ced systemd[1]: Started ZeroTier One. >>> Mar 17 17:33:23 8f841ca46ced zerotier-one[145]: >>> /usr/sbin/zerotier-one: >>> WARNING: failed to drop privileges (kernel may not support required >>> prctl features), running as root >>> Mar 17 17:33:41 8f841ca46ced zerotier-one[145]: recv: Connection >>> reset >>> by peer >>> Mar 17 17:33:41 8f841ca46ced zerotier-one[145]: recv: Connection >>> reset >>> by peer >>> Mar 17 17:33:41 8f841ca46ced zerotier-one[145]: recv: Connection >>> reset >>> by peer >>> Mar 17 17:33:41 8f841ca46ced zerotier-one[145]: recv: Connection >>> reset >>> by peer >>> Mar 17 17:33:41 8f841ca46ced zerotier-one[145]: recv: Connection >>> reset >>> by peer >>> Mar 17 17:33:41 8f841ca46ced zerotier-one[145]: recv: Connection >>> reset >>> by peer >>> >>> ###################################################### >>> >>> >>> If you run the container with systemd running inside it and then >>> exec >>> into the container your script will work, since it will communicate >>> with >>> systemd to start the service >> >> >> Oh wow!  Thanks so much for that! - and I learnt a bit more about >> podman . . > > > OK, now I should be able to use ZeroTier to ssh to the container but > although I have installed and started the sshd server and allowed a > root login I get: > > # ssh 10.147.18.191 > ssh: connect to host 10.147.18.191 port 22: No route to host > > I can ssh to other (non container) ZT IPs OK . . > > Thanks, > > Phil. > Why do you want to ssh into a container?  You can just podman exec into the container?