[Podman] Re: What to use instead of RemapUsers/RemapUid/RemapGid in Quadlet now?
by jklaiho@iki.fi
Hi,
Thanks for the commit ref for context, Valentin.
Nonetheless, I would really appreciate help with how to express these old style mappings with the new UserNS option in Quadlet:
RemapUsers=manual
RemapUid=0:0:1
RemapUid=100:1:1
RemapGid=0:0:1
RemapGid=65534:1:1
Like I said, I arrived to these with trial and error, not properly understanding what I'm doing, and would rather not try to convert from one poorly understood syntax to another.
- JK
> On Monday, Sep 04, 2023 at 10:05 AM, Valentin Rothberg <vrothberg(a)redhat.com (mailto:vrothberg@redhat.com)> wrote:
> Thanks for reaching out!
>
> The following commit has removed the fields from the documentation: https://github.com/containers/podman/commit/f6a50311c56d
>
> The fields have been deprecated in favor of the new `UserNS` field which is more symmetric to the CLI. The old fields are still functional but we decided to drop them from the docs to not encourage use.
>
> Kind regards,
> Valentin
1 year, 8 months
[Podman-desktop] Re: [Podman] Announcement: New Podman pre-release - v4.7.0-rc1
by Neal Gompa
On Fri, Sep 15, 2023 at 7:15 PM Lokesh Mandvekar <lsm5(a)fedoraproject.org>
wrote:
> Happy late Friday all,
>
> Podman v4.7.0-rc1 is now available.
>
> v4.7.0-rc1 brings two shiny new commands:
> 1. `podman farm` to "farm" out builds to machines running Podman for
> different architectures.
> 2. `podman compose` as a thin wrapper around an external compose provider
> such as docker-compose or podman-compose.
>
> along with a host of enhancements to `podman kube`, support for more
> Quadlet fields, and lots of bugfixes.
>
> Check out the release page for a full list of features, changes and
> bugfixes.
> https://github.com/containers/podman/releases/tag/v4.7.0-rc1
>
> Enjoy!
>
Congratulations on the new release! I'm looking forward to this! Question
though: is there some means of stitching Podman instances across machines
together on the roadmap?
It seems like you're halfway there with the podman farm...
--
真実はいつも一つ!/ Always, there's only one truth!
1 year, 8 months
[Podman] Re: Upgrade podman to 4.6?
by Stevan Le Meur
Hi Jochen,
Podman Desktop 1.2.1 does not yet provide the upgrade to Podman 4.6. This
will be available with Podman Desktop 1.3.0:
https://github.com/containers/podman-desktop/pull/3306
If you want to test the upcoming version, you can get the latest build
here: https://github.com/containers/podman-desktop/releases and downloading
the asset you need from the release.
Hope this helps!
Stévan
On Wed, Aug 2, 2023 at 11:35 AM Jochen Wiedmann <jochen.wiedmann(a)gmail.com>
wrote:
> Hi,
>
> I am using podman desktop 1.2.1. Noticed, that it is using podman
> 4.5.1. Latest release is podman 4.6. Should I upgrade? If so, are
> there any instructions on what to do. (Simply running the Installer
> doesn't seem to do the trick.)
>
> Thanks,
>
> Jochen
>
>
> --
> The woman was born in a full-blown thunderstorm. She probably told it
> to be quiet. It probably did. (Robert Jordan, Winter's heart)
> _______________________________________________
> Podman mailing list -- podman(a)lists.podman.io
> To unsubscribe send an email to podman-leave(a)lists.podman.io
>
1 year, 10 months
[Podman] Re: How to build image for own jar file
by Michael Traxler
Hello,
I have to say that I run many graphical applications via podman and this saves
my a...
The problem are for example CAD-software vendors. Their (very powerful and
expensive) software *only* runs on e.g. RHEL7.
Then containers are your saviour!
Just use the centos7 container and "yum" the needed packages for a graphical
system and your in business (while keeping your desktop machine bleeded edge).
Much less overhead than a full virtual machine.
I love podman and the possibility to also run graphical applications in them.
(normally in a vnc-server, as vnc is also such a great tool to improve your
life).
Viele Grüße
Michael
---------------------------------------
On Tue, 5 Dec 2023, Александр Илюшкин wrote:
> TLDR: You will not be able to run graphical applications in containers.
>
> What do you expect to see as a result of launching the gui application?
> There is no graphics system in alpine by default, even if you add it there,
> the graphics window somehow needs to be displayed on your local machine,
> this will require certain settings to broadcast the graphics system over
> the network.
>
> containers usually contain services that are accessible over the network
> through an open network port
>
> С уважением, А. И.
>
> пн, 4 дек. 2023 г., 21:34 Thomas <t.schneider(a)getgoogleoff.me>:
>
>> Hello,
>>
>> I need more guidance on this task, and I think one should restart from
>> scratch.
>> This java app "masterpassword-gui" is obviously a graphical frontend,
>> but I think I didn't reflect this in my dockerfile.
>>
>> Currently I'm using this dockerfile to build the image:
>> # Filename: mpw-gui
>> FROM alpine:latest
>> RUN apk add openjdk17-jre-headless openjdk17-jre
>> COPY files/masterpassword-gui.jar
>> /home/thomas/Software/masterpassword-gui.jar
>> CMD ["java", "-jar", "/home/thomas/Software/masterpassword-gui.jar"]
>>
>> tree /home/thomas/Software/container/mpg-gui/
>> Software/container/mpg-gui/
>> ├── Dockerfile
>> └── files
>> └── masterpassword-gui.jar
>>
>> 1 directories, 2 files
>>
>> The build is successful, but running the container fails.
>>
>> Could you please advise how to complete this task?
>>
>> THX
>>
>>
>> Am 28.11.23 um 05:20 schrieb Александр Илюшкин:
>>> Hi, mate.
>>>
>>> I believe you can use this answer on SO
>>> https://stackoverflow.com/a/35062090 replacing `docker` with `podman`
>>> as it fully supports docker API.
>>>
>>> So I would write a file named `Dockerfile`:
>>>
>>> FROM openjdk:11
>>> MAINTAINER t.schneider(a)getgoogleoff.me
>>> COPY~/.mpw-gui/masterpassword-gui.jar /home/masterpassword-gui.jar
>>> CMD ["java","-jar","/home/masterpassword-gui.jar"]
>>>
>>> Notice that I used FROM openjdk:11, you don't have to build your own
>>> separate openjdk image as it's already built by guys from openjdk,
>>> please use your current project version of JDK for it:
>>> https://hub.docker.com/_/openjdk
>>>
>>> Build your image:
>>>
>>> podman build -t imageName .
>>>
>>> Now invoke your program inside a container:
>>>
>>> podman run --name myProgram imageName
>>>
>>> Now restart your program by restarting the container:
>>>
>>> podman restart myProgram
>>>
>>> Your program changed? Rebuild the image!:
>>>
>>> podman rmi imageName
>>> podman build -t imageName .
>>>
>>> Additionally, usually we don't build images by hand, we use maven or
>>> gradle for this.
>>>
>>> For instance, google created a tool called JIB, which creates OCI
>>> images with java programs automatically:
>>> https://cloud.google.com/java/getting-started/jib
>>>
>>> Also, we use this maven plugin to build docker image with jar file of
>>> our project without writing Dockerfile at all: https://dmp.fabric8.io/
>>>
>>> It should work the same way with both docker and podman.
>>>
>>> вт, 28 нояб. 2023 г. в 02:02, Thomas <t.schneider(a)getgoogleoff.me>:
>>>> Hello,
>>>>
>>>> I have successfully build docker image "sapmachine", a build of OpenJDK.
>>>>
>>>> Now I want to build my own image to run my own jar file.
>>>> This jar file is located in ~/.mpw-gui/masterpassword-gui.jar, and with
>>>> locally installed OpenJDK I would run this command: java -jar
>>>> .mpw-gui/masterpassword-gui.jar
>>>>
>>>> Could you please advise how to build my own image for this java
>> application?
>>>>
>>>> THX
>>>> _______________________________________________
>>>> Podman mailing list -- podman(a)lists.podman.io
>>>> To unsubscribe send an email to podman-leave(a)lists.podman.io
>>>
>>>
>>
>>
>
1 year, 5 months
[Podman] Re: Container health check from another container
by Михаил Иванов
Hallo Valentin, the actual case is to wait until oracle container
is in healthy state and only then allow to access it from the other
container. Currently I loop on oracle container health check before
running the second container. This approach is possible when I run
containers from shell script, but probably will not work in eg. kubernetes.
Rgrds,
On 21.11.2023 11:49, Valentin Rothberg wrote:
> Thanks for reaching out, Michael.
>
> On Tue, Nov 21, 2023 at 9:45 AM Михаил Иванов <ivans(a)isle.spb.ru> wrote:
>
> Hi, is it possible to run health check on a container from another container in same pod?
>
>
> The answer is probably no, but I want to make sure to understand your
> use case. Can you elaborate on it in more detail?
>
> --
>
> Michael Ivanov
>
> _______________________________________________
> Podman mailing list -- podman(a)lists.podman.io
> To unsubscribe send an email to podman-leave(a)lists.podman.io
>
>
> _______________________________________________
> Podman mailing list --podman(a)lists.podman.io
> To unsubscribe send an email topodman-leave(a)lists.podman.io
1 year, 6 months
[Podman] Re: is it possible to add all subcommand from buildah into podman?
by Brent Baude
Sure it is possible as it is only programming work. However there could be
some downsides, like binary size, complicating user experience, and more
pragmatically we'd likely have a lot more bugs, issues, and requests being
added to podman where it should go to buildah.
What do others think?
On Mon, Oct 2, 2023 at 8:28 AM Larry Cai <larry.caiyu(a)gmail.com> wrote:
> Hi:
>
> Normally I install & use podman only since I know podman uses the codebase
> of buildah.
>
> Recently I start to learn how to use Redhat UBI micro image
> https://www.redhat.com/en/blog/introduction-ubi-micro, which needs
> buildah command
>
> So I wonder whether it is possible to add all sub commands from buildah
> into podman? then I don't need to install buildah besides podman. I treat
> podman is all-in-one tool
>
> Rgs, Larry
>
>
>
> _______________________________________________
> Podman mailing list -- podman(a)lists.podman.io
> To unsubscribe send an email to podman-leave(a)lists.podman.io
>
1 year, 8 months
[Podman] Re: Use host proxy inside container
by Mehdi Haghgoo
Daniel I looked up some SOCKS protocol information(https://www.rfc-editor.org/rfc/rfc1928) and there is no explicit mention of using a socket file to make the connection. I have no idea how it would be possible to use SOCKS with Podman.
By the way, does Podman or Podman Desktop support using a HTTP proxy like Minikube does?
On Saturday, February 4, 2023 at 02:42:45 AM GMT+3:30, Daniel Walsh <dwalsh(a)redhat.com> wrote:
On 2/3/23 16:33, Mehdi Haghgoo via Podman wrote:
Hello,
I need to use a network proxy running with socks as socks5://127.0.0.1:1090 on my host system, inside the container running with podman.
How can I tell Podman to use that proxy inside the container as well? Does Podman support this?
_______________________________________________
Podman mailing list -- podman(a)lists.podman.io
To unsubscribe send an email to podman-leave(a)lists.podman.io
I am not that familiar with socks, does it create a socket file to communicate with? If so then this socket can be volume mounted into the container and be used, although you will probaly need to disable SELinux separation.
_______________________________________________
Podman mailing list -- podman(a)lists.podman.io
To unsubscribe send an email to podman-leave(a)lists.podman.io
2 years, 3 months
[Podman] Re: podman issue inside github actions
by Valentin Rothberg
Hi Aleksandar,
Thank you for reaching out!
On Mon, Feb 13, 2023 at 8:34 PM Aleksandar Kostadinov
<akostadi(a)redhat.com> wrote:
>
> Hello, I have an issue starting a container in the background inside github actions.
>
> The image for the container was just built by the buildah action and is not yet pushed.
>
> The idea is to smoke-test the image before pushing to the repository.
>
> What I see is
>
> > podman run -d --name=searchd --rm -u 14:0 -p 9306:9306 --platform=linux/amd64 ghcr.io/3scale/searchd:porta
> > Trying to pull ghcr.io/3scale/searchd:porta...
> > Error: initializing source docker://ghcr.io/3scale/searchd:porta: reading manifest porta in ghcr.io/3scale/searchd: manifest unknown
> > Error: Process completed with exit code 125.
>
> You can see the full pipeline here:
> https://github.com/3scale/searchd/actions/runs/4147557472/jobs/7174577031
Please open an issue on github.com/containers/podman with a
reproducer. You may be hitting some form of
https://github.com/containers/podman/issues/17063 but I'd need more
data to be sure.
Kind regards,
Valentin
> Thank you!
> _______________________________________________
> Podman mailing list -- podman(a)lists.podman.io
> To unsubscribe send an email to podman-leave(a)lists.podman.io
2 years, 3 months
[Podman] Re: Why do use podman machine on Mac?
by Darren Dupre
OS X has a Mach kernel and a BSD user land. Don’t think Apple is interested
in adding containers framework to that. I guess someone could write a
kernel extension but it’s a niche use case.
WSL 2 uses a real Linux kernel doesn’t it? But it’s still a VM inside of
Hyper V so I don’t think the performance is any different. WSL 1 is a posix
emulation with binary compatibility but no container support under the
hood.
Correct me if I'm wrong about that.
- Darren
On Thu, Sep 7, 2023 at 11:19 Mehdi Haghgoo via Podman <
podman(a)lists.podman.io> wrote:
> The container experience with podman machine on Windows and mac is not
> optimal because the containers are slow.
> Mac is a Linux-based OS. So, why can't we create native containers on it
> as we do on Linux?
>
> That applies to WSL. It's kind of Linux. Why cannot we create native Linux
> containers on it without resorting to Podman machine and podman clients?
>
>
> _______________________________________________
> Podman mailing list -- podman(a)lists.podman.io
> To unsubscribe send an email to podman-leave(a)lists.podman.io
>
1 year, 8 months
[Podman] Re: Installation & First Pull
by Chris Evich
On 8/1/23 13:28, jimsaxton1(a)comcast.net wrote:
> Adding this debug info... PS C:\Users\<xxUSERxx>> podman login quay.io
> Authenticating with existing credentials for quay.io
> Existing credentials are valid. Already logged in to quay.io
I'm pretty sure you wouldn't get that 'credentials are valid' success
message if the networking was broken. IIRC it's just http basic auth
being used.
> time="2023-08-01T13:20:12-04:00" level=debug msg="DoRequest Method: POST URI: http://d/v4.4.4/libpod/images/pull"
> Trying to pull quay.io/quay/busybox:latest...
> Error: initializing source docker://quay.io/quay/busybox:latest: pinging container registry quay.io: Get https://quay.io/v2/: proxyconnect tcp: dial tcp 10.164.200.30:8080: i/o timeout
> time="2023-08-01T13:24:15-04:00" level=debug msg="Shutting down engines"
This is very odd, since the login worked. You original mail mentioned
"I've added the proxies and...". The behavior strikes me as something
that could come from a bad/broken http proxy setup, by chance are you
using one?
If you ssh into the machine, are you able to use curl or wget to fetch
anything over http? For example http://www.quay.io ?
Note: I get a redirect page when doing this, "301 Moved Permanently".
This is expected.
1 year, 10 months