[Podman] Re: --dns=ipaddr - no effect of it
by lejeczek
On 30/05/2023 15:38, Paul Holzinger wrote:
> This was a bug in 4.4 I think, you need to update to
> podman v4.5
> (https://github.com/containers/podman/issues/17499).
>
> If you use a network with dns enabled we will now always
> use the aardvark-dns resolver in resolv.conf and then
> aardvark-dns forwards to the correct --dns ip when the
> query was not a container name.
>
> Paul
>
> On Tue, May 30, 2023 at 3:32 PM Daniel Walsh
> <dwalsh(a)redhat.com> wrote:
>
> On 5/30/23 09:14, lejeczek via Podman wrote:
>>
>>
>> On 30/05/2023 14:00, Daniel Walsh wrote:
>>> On 5/29/23 05:59, lejeczek via Podman wrote:
>>>> Hi guys.
>>>>
>>>> --dns=none renders what expected but with an actual
>>>> server, say: --dns=10.3.1.200
>>>> resolve.conf seems to be the one of the host's, as
>>>> if --dns did not happen.
>>>> Can anybody else say that is the case? Am I missing
>>>> something?
>>>> I'm on Centos 9 stream with all bits up-to-date.
>>>> many thanks, L.
>>>>
>>>> _______________________________________________
>>>> Podman mailing list --podman(a)lists.podman.io
>>>> To unsubscribe send an email topodman-leave(a)lists.podman.io
>>>
>>> Here is what I am getting?
>>>
>>> ```
>>> # podman run --dns=10.3.1.200 alpine cat
>>> /etc/resolv.conf
>>> nameserver 10.3.1.200
>>> # podman run --dns=none alpine cat /etc/resolv.conf
>>> cat: can't open '/etc/resolv.conf': No such file or
>>> directory
>>> ```
>>>
>>> Rootless
>>>
>>> ```
>>> $ podman run --dns=10.3.1.200 alpine cat
>>> /etc/resolv.conf
>>> nameserver 10.3.1.200
>>> $ podman run --dns=none alpine cat /etc/resolv.conf
>>> cat: can't open '/etc/resolv.conf': No such file or
>>> directory
>>> ```
>>>
>> I'm trying, for production setup, Centos 9 (perhaps
>> all official, available versions?)
>>
>> podman run -dt --network=off-host --ip=${_IP}
>> --dns=10.3.1.200 --hostname ${_H}.${_DOM} --name
>> ${_NAME} localhost/centos9-mine
>> ...
>> [root@centos-whale /]# cat /etc/resolv.conf
>> search mine.priv mszczonow.vectranet.pl
>> <http://mszczonow.vectranet.pl>
>> nameserver 10.3.1.254
>> nameserver 89.228.4.126
>> nameserver 31.11.173.2
>> nameserver 10.1.1.254
>> options timeout:1
>>
>> that 'resolv.conf' is an exactl copy off the host, this:
>>
>> podman run -dt --network=off-host --ip=${_IP}
>> --dns=none --hostname ${_H}.${_DOM} --name ${_NAME}
>> localhost/centos9-mine
>>
>> [root@centos-whale /]# cat /etc/resolv.conf
>> # Generated by NetworkManager
>> nameserver 192.168.122.1
>>
>> Perhaps the issue(s) is with centos?
>> centos9-mine is done off the 'quay.io/centos/centos
>> <http://quay.io/centos/centos>' with only a couple
>> add rpm packages.
>>
>>
With what is in 'copr' - though there are issues with
packages dependencies + latest 'crun' "breaks" - which is
4.6.0-dev, I still end up with '--dns=10.3.1.200' having no
effect.
2 years, 3 months
[Podman] Re: podman slowly shows logs on windows
by Александр Илюшкин
Slow means I am getting this batched output at the speed of one screen
in 0.5 - 1 second.
It means that docker image has already ended with exit code 0 but its
logs are still updating like it is still working.
пт, 21 июл. 2023 г. в 22:19, Daniel Walsh <dwalsh(a)redhat.com>:
>
> On 7/21/23 02:54, Александр Илюшкин wrote:
> > Hey guys, I've switched from docker to podman and I noticed that command
> >
> > podman logs <container name> works extremely slow
> >
> > What should be done to fix this?
> >
> I guess we would need to know what extremely slow means.
>
> Jason, any ideas?
> _______________________________________________
> Podman mailing list -- podman(a)lists.podman.io
> To unsubscribe send an email to podman-leave(a)lists.podman.io
--
С уважением,
А.И.
2 years, 1 month
[Podman] Re: Announcement: New Podman pre-release - v4.7.0-rc1
by Tom Sweeney
On 9/15/23 19:42, Neal Gompa wrote:
> On Fri, Sep 15, 2023 at 7:40 PM Tom Sweeney <tom.sweeney(a)redhat.com> wrote:
>>> means of stitching Podman instances across machines together on the roadmap?
>> Not that I know of at this point, but just in case I'm not thinking about the right thing, could you expound a little bit more on what "stiching Podman instances" would mean in your thinking?
>>
> I'm thinking more along the lines of being able to have Podman deploy
> run containers/pods/etc. across different machines and centrally
> manage them from a single interface. Particularly where I've got a
> main x86 node and a bunch of crappy ARM SBCs to run stuff on.
>
>
>
That would be nice. Sounds like something Podman Desktop could possibly
handle....
t
2 years
[Podman] Re: How does podman set rootfs ownership to root when using --userns keep-id ?
by Fabio
Hi all again,
I noticed podman is fast, very fast even, at copying and chowning the rootfs, when firing up a new container. How can it be that fast? I tried to recursively chown, with some code of mine, an OverlayFS-based rootfs but it's pretty slow. metacopy=on significantly improves the performance yet podman does not leverage metacopy since it's incompatible with userxattr.
Thanks,
Fabio.
Il 4 maggio 2023 21:20:37 CEST, Daniel Walsh <dwalsh(a)redhat.com> ha scritto:
>On 5/4/23 04:29, Paul Holzinger wrote:
>> Hi Fabio,
>>
>> My understanding is that the image is copied and chown-ed to the correct uids when running rootless.
>> There is also the concept of idmapped mounts in the kernel but the kernel only allows this as root at the moment.
>>
>> Paul
>>
>> On Thu, May 4, 2023 at 8:56 AM Fabio <fabio(a)redaril.me> wrote:
>>
>> Hi all,
>>
>> I'm trying to understand some of the internals of namespace-based
>> Linux
>> containers and I'm kindly asking you for help.
>>
>> When launching `podman run -it --rm -v ~/Downloads:/dwn
>> docker.io/library/ubuntu <http://docker.io/library/ubuntu>
>> /bin/bash`, the inside user is root. That is
>> expected, and without any surprise the /proc/self/uid_map is:
>> 0 1000 1
>> 1 100000 65536
>>
>> When launching `podman run -it --rm -v ~/Downloads:/dwn --userns
>> keep-id
>> docker.io/library/ubuntu <http://docker.io/library/ubuntu>
>> /bin/bash` instead, the /proc/self/uid_map is:
>> 0 1 1000
>> 1000 0 1
>> 1001 1001 64536
>>
>> If I'm understanding it well, in the latter case there is a double
>> mapping: to keep host UID and GID, podman fires two user namespaces,
>> where the inner namespace maps its IDs the outer namespace, which
>> finally maps to the host (that is, 1000 -> 0 -> 1000 again).
>>
>Correct.
>>
>> The mechanism I don't get is how podman manages to make the rootfs
>> owned
>> by root inside the inner namespace, while assigning volumes to the
>> unprivileged inner user:
>> dr-xr-xr-x. 1 root root 18 May 4 06:33 .
>> dr-xr-xr-x. 1 root root 18 May 4 06:33 ..
>> lrwxrwxrwx. 1 root root 7 Mar 8 02:05 bin -> usr/bin
>> drwxr-xr-x. 1 root root 0 Apr 18 2022 boot
>> [...]
>> drwxr-xr-x. 1 myuser 1000 2.1K May 3 15:07 dwn
>>
>> What is the algorithm here? I have a feeling there is some clever
>> combination of syscalls here I don't get. When I tried to
>> reproduce this
>> double namespace situation, the rootfs of the inner namespace was all
>> owned by 1000, not 0.
>>
>> Thank you so so much for your time if you're willing to help me,
>> Fabio.
>> _______________________________________________
>> Podman mailing list -- podman(a)lists.podman.io
>> To unsubscribe send an email to podman-leave(a)lists.podman.io
>>
>>
>> _______________________________________________
>> Podman mailing list --podman(a)lists.podman.io
>> To unsubscribe send an email topodman-leave(a)lists.podman.io
>
2 years, 3 months
[Podman] Re: podman && modify images
by Matthias Apitz
El día lunes, octubre 21, 2024 a las 02:44:05 +0200, Paul Holzinger escribió:
> Hi Matthias,
>
> yes use podman commit
>
> https://docs.podman.io/en/latest/markdown/podman-commit.1.html
Hi Paul,
After reading the above page and the help of different podman sub
commands, I was able to clone (commit) our container. See the recording
of the various commands below. And the resulting container can be
started fine, SSH'ed into and the software (PostgreSQL server, our
application server, etc.) seems to run fine.
As always, new questions remain:
1)
Why is the old container not found by its image name
"localhost/sles15-sp6-v73:latest"?
2)
What are these 57 (!) repositories with the name "<none>"? Can I just
remove them with "podman rmi ...." based on their IMAGE ID?
3)
I expect that I could also clone (commit) "localhost/sles15-sp6-v73-000"
later to "localhost/sles15-sp6-v73-001", ... , true?
Thanks
matthias
$ podman container list
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d586c31f5eb8 localhost/sles15-sp6-v73:latest 3 days ago Up 3 days 0.0.0.0:2022->22/tcp, 0.0.0.0:21443->1443/tcp, 0.0.0.0:23045->3045/tcp, 0.0.0.0:28076->8076/tcp jovial_almeida
$ podman commit localhost/sles15-sp6-v73:latest sles15-sp6-v73-000
Error: no container with name or ID "localhost/sles15-sp6-v73:latest" found: no such container
$ podman commit jovial_almeida sles15-sp6-v73-000
WARN[0028] archive: skipping "/home/cups/.local/share/containers/storage/overlay/d7fbaae69910272d8b7207d23a110264c30c793ce8a335eea4b6e6a91eff3723/diff/tmp/.s.PGSQL.5432" since it is a socket
Getting image source signatures
Copying blob af3b0a719a67 skipped: already exists
Copying blob 62d2e4d7b3f8 skipped: already exists
Copying blob 6cfc2baee765 skipped: already exists
...
Copying blob 02102dcad304 skipped: already exists
Copying blob a178d1697ddc skipped: already exists
Copying blob f09d7f8b475a skipped: already exists
Copying blob a7c4c2d4ff39 skipped: already exists
Copying blob 0361dd92970a done |
Copying config 078a42eddc done |
Writing manifest to image destination
078a42eddc7379eba5b0a36b1673c6ec1d582b4088c5ea74cbe63ac91061842a
$ podman> podman image list
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/sles15-sp6-v73-000 latest 078a42eddc73 5 minutes ago 23.8 GB
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
localhost/sles15-sp6-v73 latest e84f83f1637c 3 days ago 20.2 GB
<none> <none> d3921b019185 3 days ago 18.3 GB
<none> <none> 976bf9911a25 3 days ago 13.7 GB
<none> <none> affda5f588bb 3 days ago 13.6 GB
<none> <none> 7f50df452888 3 days ago 13.6 GB
$ podman run -d -p 2023:22 sles15-sp6-v73-000
160afefea69b168706802d5532f7446c6829eb55c76576e645c34f827308b362
ssh -p 2023 root@localhost
root@localhost's password:
Last login: Tue Oct 22 06:37:45 2024 from 10.0.2.100
160afefea69b:~ #
160afefea69b:~ # /etc/init.d/SunRiseServer_v73 start
SunRiseServer: start SISIS-SunRise servers
Okt 22 06:44:06 DbServer_sisis: OK: start S99avserver (sisis / 8076)
Okt 22 06:44:06 DbServer_sisis: OK: start S99catserver (sisis / 3045)
Okt 22 06:44:06 DbServer_sisis: OK: start S99opserver (sisis / 3025)
Okt 22 06:44:08 DbServer_sisis: OK: start siaddae
Okt 22 06:44:09 DbServer_sisis: OK: start S99z39oserver (sisis / )
Okt 22 06:44:10 DbServer_sisis: OK: start S99sikom
$ podman container list
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
d586c31f5eb8 localhost/sles15-sp6-v73:latest 3 days ago Up 3 days 0.0.0.0:2022->22/tcp, 0.0.0.0:21443->1443/tcp, 0.0.0.0:23045->3045/tcp, 0.0.0.0:28076->8076/tcp jovial_almeida
160afefea69b localhost/sles15-sp6-v73-000:latest 10 minutes ago Up 10 minutes 0.0.0.0:2023->22/tcp
xenodochial_ganguly
cups@srap57dxr1:~/sisisbase/podman> podman kill 160afefea69b
160afefea69b
$ podman rm 160afefea69b
160afefea69b
$ podman image list
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/sles15-sp6-v73-000 latest 078a42eddc73 20 minutes ago 23.8 GB
localhost/sles15-sp6-v73 latest e84f83f1637c 3 days ago 20.2 GB
<none> <none> d3921b019185 3 days ago 18.3 GB
...
$ podman rmi 078a42eddc73
Untagged: localhost/sles15-sp6-v73-000:latest
Deleted: 078a42eddc7379eba5b0a36b1673c6ec1d582b4088c5ea74cbe63ac91061842a
$ podman image list
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/sles15-sp6-v73 latest e84f83f1637c 3 days ago 20.2 GB
<none> <none> d3921b019185 3 days ago 18.3 GB
<none> <none> 976bf9911a25 3 days ago 13.7 GB
...
$ podman image list | grep '<none>' | wc -l
57
--
Matthias Apitz, ✉ guru(a)unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
10 months, 4 weeks
[Podman] Re: Podman for Android
by Valentin Rothberg
Hi Mehdi,
There are no official Podman binaries or packages provided by upstream for
Android. But as you've mentioned: Android is based on Linux, so it should
be technically possible to run Podman there.
Happy hacking and kind regards,
Valentin
On Thu, May 4, 2023 at 12:45 AM Mehdi Haghgoo via Podman <
podman(a)lists.podman.io> wrote:
> Hey all,
>
> I have recently been interested in running as much of my software tools on
> Android as possible. I already find lots of packages installable on Termux
> app (via its package manager "pkg").
>
> Being able to run containerized apps seems very tempting to me.
> I wonder if Podman has Arm binaries for Android. Is it possible for Podman
> to run on Android? Android is Linux after all, and Podman can run rootless.
> Am I missing something here?
>
> M
> _______________________________________________
> Podman mailing list -- podman(a)lists.podman.io
> To unsubscribe send an email to podman-leave(a)lists.podman.io
>
2 years, 4 months
[Podman] Re: dnf update
by Robin Lee Powell
Looks like you have two invalid repos; look in /etc/yum.repos.d/
One of them appears to be
https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/
, but pointing to the wrong place
On Sun, Apr 30, 2023 at 08:09:39AM +0300, Dewayne Branch wrote:
> Every time i do dnf update I can not download or update podman
>
>
> Error: Failed to download metadata for repo 'shiftkey': Cannot download
> repomd.xml: Cannot download repodata/repomd.xml: All mirrors were tried
> Copr repo for podman4 owned by rhcontainerbot 135 B/s | 341 B 00:02
>
> Errors during downloading metadata for repository
> 'copr:copr.fedorainfracloud.org:rhcontainerbot:podman4':
> - Status code: 404 for
> https://download.copr.fedorainfracloud.org/results/rhcontainerbot/podman4...
> (IP: 18.66.161.75)
> Error: Failed to download metadata for repo
> 'copr:copr.fedorainfracloud.org:rhcontainerbot:podman4':
> Cannot download repomd.xml: Cannot download repodata/repomd.xml: All
> mirrors were tried
> _______________________________________________
> Podman mailing list -- podman(a)lists.podman.io
> To unsubscribe send an email to podman-leave(a)lists.podman.io
2 years, 4 months
[Podman] Re: docker registry token authentication and podman
by Miloslav Trmac
st 6. 12. 2023 v 15:08 odesílatel Daniel Walsh <dwalsh(a)redhat.com> napsal:
> On 12/5/23 07:16, Михаил Иванов wrote:
>
> I'm trying to set up a token authentication for docker registry and using
> podman login to test it. As per description podman should receive
> '401 Unauthorized' error and headers in the reply should contain
> 'Www-Authenticate:' entry. As far as I understand, podman should then
> automatically try to access url, specified in this entry to get the token.
> But it just terminates with 401 error. I verified registry access with curl
> and I see, that Www-Authenticate is present.
>
> Should podman actually request the token automatically or do I misunderstand this?
>
> I don’t know, please provide the full HTTP request/response dumps, and
Podman’s --log-level=debug logs.
At the very least, note that the initial /v2/ “API presence check” request
must fail with a 401, not just individual accesses to specific data.
Mirek
1 year, 9 months
[Podman] Re: # in environment ?
by Ed Santiago
On Tue, Aug 08, 2023 at 08:34:31PM +0200, lejeczek via Podman wrote:
> Hi guys.
>
> Do you use # in your envs?
> I wonder if it's just me having issues with those.
> For a test, to reproduce the issue, 'ghost' web solution would be easy &
> quick:
>
> -> $ podman run -dt ...................... --env database__client=mysql
> --env database__connection__host=11.1.0.1 --env
> database__connection__user=ghostadm --env
> database__connection__password='xyz#admghost' --env
> database__connection__database=ghost_xyz --env url=https://ghost.xyz
>
> So far all I've tried with 'database__connection__password' failed, quoting
> &| escaping.
Interesting. Looks like a bug in option parsing. Would you mind
filing an issue here?
https://github.com/containers/podman/issues/new/choose
> I often use # - does anybody have a way to make it work?
A workaround is to define & export in your environment, then
use the no-equals form of '-e':
$ export foo='abc#defg'
$ podman run --env foo <--- Just 'foo', not 'foo=anything'
E
--
Ed Santiago [he/him] Toolsmith santiago(a)redhat.com
2 years, 1 month
[Podman] Re: Announcement: New Podman pre-release - v4.7.0-rc1
by Neal Gompa
On Fri, Sep 15, 2023 at 7:15 PM Lokesh Mandvekar <lsm5(a)fedoraproject.org>
wrote:
> Happy late Friday all,
>
> Podman v4.7.0-rc1 is now available.
>
> v4.7.0-rc1 brings two shiny new commands:
> 1. `podman farm` to "farm" out builds to machines running Podman for
> different architectures.
> 2. `podman compose` as a thin wrapper around an external compose provider
> such as docker-compose or podman-compose.
>
> along with a host of enhancements to `podman kube`, support for more
> Quadlet fields, and lots of bugfixes.
>
> Check out the release page for a full list of features, changes and
> bugfixes.
> https://github.com/containers/podman/releases/tag/v4.7.0-rc1
>
> Enjoy!
>
Congratulations on the new release! I'm looking forward to this! Question
though: is there some means of stitching Podman instances across machines
together on the roadmap?
It seems like you're halfway there with the podman farm...
--
真実はいつも一つ!/ Always, there's only one truth!
2 years
