[Podman] Re: Why do use podman machine on Mac?
by Jason Greene
That’s right Darren. The short answer is “containers are Linux”. The
longer answer is you need two key elements: a Kernel name-spacing facility,
and second a user-land ecosystem. On the former MacOS doesn’t have
something comparable. The closest is App Sandbox, but that is primarily a
syscall/ permission filtering mechanism (something also important for
containers, but only part of the problem). On the latter, this is what we
know of as containers, the user-land is the OS without the kernel, and as
such is very much tied to the kernel implementation. Darwin libraries and
apps use a different ABI and syscall interface than Linux, so basically
every container you use today would be incompatible even if there was
kernel support.
This is the situation with Windows containers (not to be confused with
using Podman on Windows or other container envs that run Linux containers).
Windows containers have kernel support and a win32 user-land, so to produce
them you have to port everything in the image to be native windows code.
They are useful but not anywhere near as predominant, since a big part of
the value is the portability a Linux container brings.
In contrast, WSL2 does run a Linux kernel in a shared VM, and internally it
is using Linux namespaces itself, with all distributions of a user sharing
the same Kernel. They ultimately abandoned the previous syscall emulation
approach since the NT kernel and Linux are just too different and the
behaviors don’t map cleanly. We leverage WSL2 for the Podman on Windows
implementation.
On Sep 7, 2023, at 11:51 AM, Darren Dupre <darren.dupre(a)gmail.com> wrote:
OS X has a Mach kernel and a BSD user land. Don’t think Apple is interested
in adding containers framework to that. I guess someone could write a
kernel extension but it’s a niche use case.
WSL 2 uses a real Linux kernel doesn’t it? But it’s still a VM inside of
Hyper V so I don’t think the performance is any different. WSL 1 is a posix
emulation with binary compatibility but no container support under the
hood.
Correct me if I'm wrong about that.
- Darren
On Thu, Sep 7, 2023 at 11:19 Mehdi Haghgoo via Podman <
podman(a)lists.podman.io> wrote:
> The container experience with podman machine on Windows and mac is not
> optimal because the containers are slow.
> Mac is a Linux-based OS. So, why can't we create native containers on it
> as we do on Linux?
>
> That applies to WSL. It's kind of Linux. Why cannot we create native Linux
> containers on it without resorting to Podman machine and podman clients?
>
>
> _______________________________________________
> Podman mailing list -- podman(a)lists.podman.io
> To unsubscribe send an email to podman-leave(a)lists.podman.io
>
_______________________________________________
Podman mailing list -- podman(a)lists.podman.io
To unsubscribe send an email to podman-leave(a)lists.podman.io
2 years, 1 month
[Podman] scp'ing a podman image to another host
by Matthias Apitz
I have an image on RH 8.x which runs fine (containing a SuSE SLES and
PostgreSQL server):
$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
localhost/suse latest c87c80c0911a 26 hours ago 6.31 GB
registry.suse.com/bci/bci-base 15.4 5bd0e4152d92 2 weeks ago 123 MB
I created a connection to another host as:
$ podman system connection list
Name URI Identity Default
srap57 ssh://apitzm@srap57dxr1.dev.xxxxxx.org:22/run/user/200007/podman/podman.sock true
To the other host I can SSH fine based on RSA public/private keys and
podman is installed there to:
$ ssh apitzm(a)srap57dxr1.dev.xxxxxx.org
Last login: Wed Jan 10 14:05:12 2024 from 10.201.64.28
apitzm@srap57dxr1:~> podman version
Client: Podman Engine
Version: 4.7.2
API Version: 4.7.2
Go Version: go1.21.4
Built: Wed Nov 1 13:00:00 2023
When I now copy over the image with:
$ podman image scp c87c80c0911a srap57::
it transfers the ~6 GByte (I can see them in /tmp as a big tar file of
tar files) and at the end it says:
...
Writing manifest to image destination
$
(i.e. the shell prompt is there again)
But on srap57dxr1.dev.xxxxxx.org I can't see anything of the image at the
end.
What I've done wrong?
Thanks
matthias
--
Matthias Apitz, ✉ guru(a)unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
I am not at war with Russia. Я не воюю с Россией.
Ich bin nicht im Krieg mit Russland.
1 year, 9 months
[Podman] Re: lsetxattr /dev/initctl: operation not permitted
by Valentin Rothberg
Hi GHui,
Thanks for reaching out.
Can you please share the output of `podman info`? As I've mentioned in
earlier threads, we really need some environment and podman information to
better help debug and analyze such issues.
Kind regards,
Valentin
On Thu, Mar 2, 2023 at 10:57 AM GHui Wu via Podman <podman(a)lists.podman.io>
wrote:
> When I pull mysql, there is error "lsetxattr /dev/initctl: operation not
> permitted". But I pull centos successfully.
>
> $ podman pull docker.io/library/mysql:8.0.30
> Trying to pull docker.io/library/mysql:8.0.30...
> Getting image source signatures
> Copying blob 48d3d73d1704 done
> Copying blob b8cf360b4a14 done
> Copying blob 295ca2342728 done
> Copying blob 79af4312a7e0 done
> Copying blob 0115482cc006 done
> Copying blob 521b8724b397 done
> Copying blob a360b08917ea done
> Copying blob 12deeb3c1323 done
> Copying blob ee1dc10db1e9 done
> Copying blob 64be404ad29c done
> Copying blob 1921fe8879a2 done
> Error: writing blob: adding layer with blob
> "sha256:295ca23427284cb123fd4c132a1ecb521e7f787ac75dadec342f744a343efec4":
> Error processing tar file(exit status 1): lsetxattr /dev/initctl: operation
> not permitted
>
> $ podman pull docker.io/library/centos
> Trying to pull docker.io/library/centos:latest...
> Getting image source signatures
> Copying blob a1d0c7532777 done
> Copying config 5d0da3dc97 done
> Writing manifest to image destination
> Storing signatures
> 5d0da3dc976460b72c77d94c8a1ad043720b0416bfc16c52c45d4847e53fadb6
> _______________________________________________
> Podman mailing list -- podman(a)lists.podman.io
> To unsubscribe send an email to podman-leave(a)lists.podman.io
>
2 years, 8 months
[Podman] Re: Container health check from another container
by Daniel Walsh
On 11/21/23 09:33, Михаил Иванов wrote:
> Hallo Valentin, the actual case is to wait until oracle container
> is in healthy state and only then allow to access it from the other
> container. Currently I loop on oracle container health check before
> running the second container. This approach is possible when I run
> containers from shell script, but probably will not work in eg. kubernetes.
> Rgrds,
This sounds exactly like a systemd use case, have you investigated using
quadlet for this?
> On 21.11.2023 11:49, Valentin Rothberg wrote:
>> Thanks for reaching out, Michael.
>>
>> On Tue, Nov 21, 2023 at 9:45 AM Михаил Иванов <ivans(a)isle.spb.ru> wrote:
>>
>> Hi, is it possible to run health check on a container from another container in same pod?
>>
>>
>> The answer is probably no, but I want to make sure to understand your
>> use case. Can you elaborate on it in more detail?
>>
>> --
>>
>> Michael Ivanov
>>
>> _______________________________________________
>> Podman mailing list -- podman(a)lists.podman.io
>> To unsubscribe send an email to podman-leave(a)lists.podman.io
>>
>>
>> _______________________________________________
>> Podman mailing list --podman(a)lists.podman.io
>> To unsubscribe send an email topodman-leave(a)lists.podman.io
>
> _______________________________________________
> Podman mailing list --podman(a)lists.podman.io
> To unsubscribe send an email topodman-leave(a)lists.podman.io
1 year, 11 months
[Podman] Re: Podman support for Docker Compose V2
by Mehdi Haghgoo
Hi Johannes,
Thanks. You are right. I have used docker-compose with Podman backend and it is nice. What i meant was Docker Compose V2 which allows running "docker compose up/down" (separate, all using docker cli alone, without using the docker-compose executable). It appears to require implementing a new subset of features for Podman.
Is there such an implementation on agenda for podman or not?
On Thu, Apr 6, 2023 at 7:19, Johannes Kastl<kastl(a)b1-systems.de> wrote: On 05.04.23 at 20:21 Mehdi Haghgoo via Podman wrote:
> Hi,
> Does Podman support Compose V2? Like Docker Compose V2, it could be possible to run "podman compose up/down". I tried with podman 4.4.2 and failed.
> I think it would be a cool feature. Is that support on the agenda or not?
There is podman-compose, which is limited and does not support all features of
docker-compose AFAIK.
However, AFAIK you can use the docker executables together with the
podman.socket (i.e. you do not start and run the docker systemd service). You
need to set an environment variable DOCKER_HOST to point the docker tooling at
the podman socket.
Kind Regards,
Johannes
--
Johannes Kastl
Linux Consultant & Trainer
Tel.: +49 (0) 151 2372 5802
Mail: kastl(a)b1-systems.de
B1 Systems GmbH
Osterfeldstraße 7 / 85088 Vohburg
http://www.b1-systems.de
GF: Ralph Dehner
Unternehmenssitz: Vohburg / AG: Ingolstadt,HRB 3537
_______________________________________________
Podman mailing list -- podman(a)lists.podman.io
To unsubscribe send an email to podman-leave(a)lists.podman.io
2 years, 7 months
[Podman] Re: Follow-up: Rootless storage usage
by Reinhard Tartler
On Tue, Jan 3, 2023 at 10:27 AM Daniel Walsh <dwalsh(a)redhat.com> wrote:
> On 12/30/22 08:35, Михаил Иванов wrote:
>
> > You could do a podman system reset and then remove all content
> > from the storage with
> > rm -rf ~/.local/share/containers
> > To make sure there is nothing hidden there,
>
> But that's almost exactly what I did:
>
> > I just purged the whole storage using podman system reset.
> > I verified that ~/.local/share/containers became empty
> > (only bolt database was still remaining using about 200Mb space)
>
> I'm using whatever storage was provided by default podman install
> (debian sid/bookworm) podman is 4.3.1 How can I reconfigure it to
> different type? I assumed this has to be done in storage.conf but
> this file is not present anywhere at all.
>
> I have no idea why debian would be choosing VFS, unless this is an older
> version of debian and did not support rootless overaly. You could try
> installling fuse-overlayfs and doing another reset, then Podman info should
> show you using overlay with fuse-overlayfs.
>
Dan,
In Debian, I've chosen to just go with the upstream defaults:
https://github.com/containers/storage/blob/8428fad6d0d3c4cded8fd7702af36a...
This file is installed verbatim to /usr/share/containers/storage.conf.
Is there a better choice? Does Fedora/Redhat provide a default storage.conf
from somewhere else?
Thanks,
-rt
2 years, 9 months
[Podman] Re: $TMPDIR in rootless_storage_path?
by Rahaman, Ronald O
Thanks, Daniel. We’re configuring Podman on our shared-tenant HPC cluster with a job scheduler (Slurm), and we want to manage the local storage on compute nodes correctly. In particular, we want to make sure Podman usage doesn’t fill up node-local storage and interrupt other users. We already have these mechanisms to reclaim node-local storage:
* At the end of each job, the job scheduler will flush TMPDIR
* For persistent node-local storage (in /scratch), we have a daemon script that deletes the oldest files when /scratch starts to fill up.
It’s good to know that podman uses TMPDIR, as our job scheduler will manage that. However, for rootless container storage, I feel like we will need to have subdirectories for each user (something like /scratch/containers/storage/$UID) and adapt our daemon to clear those out as needed.
From: Daniel Walsh <dwalsh(a)redhat.com>
Date: Wednesday, October 11, 2023 at 2:47 PM
To: podman(a)lists.podman.io <podman(a)lists.podman.io>
Subject: [Podman] Re: $TMPDIR in rootless_storage_path?
On 10/11/23 15:22, Rahaman, Ronald O wrote:
I’ve read that the rootless_storage_path setting interprets $HOME and $UID. Does it interpret $TMPDIR or any other variables?
Podman uses $TMPDIR if set, but this has nothing to do with the rootless_storage_path.
Thanks,
Ron
--------
Ron Rahaman
Research Scientist II, Research Software Engineer
Partnership for an Advanced Computing Environment (PACE)
Georgia Institute of Technology
_______________________________________________
Podman mailing list -- podman(a)lists.podman.io<mailto:podman@lists.podman.io>
To unsubscribe send an email to podman-leave(a)lists.podman.io<mailto:podman-leave@lists.podman.io>
2 years
[Podman] Re: Podman 4.7.2 can't run imported containers by a service user. Is it a bug?
by Hans F
Hi Paul,
Thank you very much for the answer.
> full qualified name
... | podman load
podman image ls --no-trunc
podman run -d sha256:387a183d0e809fdd76f510681234e4c8e6d9afedcd10782a60302c245dc26ceb sleep infinity
fe05652e56f4b9721a55158b1e2002933c1687a99dfd35a0dd7afb9c8c196825
podman run -d 387a183d0e80 sleep infinity
Error: mkdir /var/empty/.cache: operation not permitted
Full sha256 solved the problem. Thank you!
> XDG_CACHE_HOME
Good to know. Thank you!
> looks like a bug so please file a issue
Will do. Thank you!
Kind regards,
Hans
On Monday, December 4th, 2023 at 10:28 AM, Paul Holzinger <pholzing(a)redhat.com> wrote:
> Hi Hans,
>
> yes this looks like a bug so please file a issue. I don't think we must write this file. It should be safe for podman to ignore this error.
>
> Did you try to use the full qualified name instated of the ID? Also I think you can set XDG_CACHE_HOME env to a writable location as workaround.
>
> Thanks, Paul
>
>
>
> On 03/12/2023 18:20, Hans F via Podman wrote:
>
> > Hi folks,
> > My storage config looks like:
> >
> > # /etc/containers/storage.conf
> > [storage]
> > driver = "overlay"
> > graphroot = "/custom/path/root/data"
> > rootless_storage_path = "/custom/path/$USER/data"
> > runroot = "/run/containers/storage
> >
> > And I have "service" users (that are not to supposed to be used as normal users) with such config:
> >
> > # /etc/passwd
> > foobar:x:5000:100::/var/empty:/usr/sbin/nologin
> >
> > I can run a container like this:
> >
> > su foobar
> > podman run -d docker.io/library/debian:bookworm sleep infinity
> >
> > but I can't import a container and run it:
> >
> > podman load < /tmp/image.tar.gz
> > podman image ls
> > podman run -d 9ff9136eaaab sleep infinity
> > Error: mkdir /var/empty/.cache: operation not permitted
> >
> > Testing this as a "normal" user (user with writable home directory) I noticed that Podman creates the following file:
> >
> > ls -lA .cache/containers/short-name-aliases.conf.lock
> > -rw-r--r-- 1 me users 0 Dec 3 16:45 .cache/containers/short-name-aliases.conf.lock
> >
> > Obviously that can't work with a "service" user since it doesn't have writable home.
> >
> > Could you please advise is this a bug? Should I create an issue on github?
> >
> > Thank you.
> >
> > Hans
> >
> >
> > _______________________________________________
> > Podman mailing list -- podman(a)lists.podman.io
> > To unsubscribe send an email to podman-leave(a)lists.podman.io
>
> --
> Paul Holzinger
> Software Engineer
> Red Hat
> pholzing(a)redhat.com
>
> Red Hat GmbH, Registered seat: Werner-von-Siemens-Ring 12, D-85630 Grasbrunn, Germany
> Commercial register: Amtsgericht München/Munich, HRB 153243,
> Managing Directors: Ryan Barnhart, Charles Cachera, Michael O'Neill, Amy Ross
1 year, 11 months
[Podman] Re: Why do use podman machine on Mac?
by Daniel Walsh
On 9/7/23 12:51, Darren Dupre wrote:
> OS X has a Mach kernel and a BSD user land. Don’t think Apple is
> interested in adding containers framework to that. I guess someone
> could write a kernel extension but it’s a niche use case.
>
> WSL 2 uses a real Linux kernel doesn’t it? But it’s still a VM inside
> of Hyper V so I don’t think the performance is any different. WSL 1 is
> a posix emulation with binary compatibility but no container support
> under the hood.
>
Podman uses WSL 2 and is about to release HyperV support.
> Correct me if I'm wrong about that.
>
> - Darren
>
> On Thu, Sep 7, 2023 at 11:19 Mehdi Haghgoo via Podman
> <podman(a)lists.podman.io> wrote:
>
> The container experience with podman machine on Windows and mac is
> not optimal because the containers are slow.
> Mac is a Linux-based OS. So, why can't we create native containers
> on it as we do on Linux?
>
> That applies to WSL. It's kind of Linux. Why cannot we create
> native Linux containers on it without resorting to Podman machine
> and podman clients?
>
>
> _______________________________________________
> Podman mailing list -- podman(a)lists.podman.io
> To unsubscribe send an email to podman-leave(a)lists.podman.io
>
>
> _______________________________________________
> Podman mailing list --podman(a)lists.podman.io
> To unsubscribe send an email topodman-leave(a)lists.podman.io
2 years, 1 month
[Podman] Re: How to build image for own jar file
by Михаил Иванов
On 05.12.2023 08:34, Александр Илюшкин wrote:
> TLDR: You will not be able to run graphical applications in containers.
Why? For me the following options to "podman run" command allow to run kdevelop
inside the container:
podman run ..... --env DISPLAY=unix$DISPLAY --volume /tmp/.X11-unix:/tmp/.X11-unix .....
Alternatively I can also run vnc server inside the container.
Rgrds,
--
Михаил Иванов
> What do you expect to see as a result of launching the gui
> application? There is no graphics system in alpine by default, even if
> you add it there, the graphics window somehow needs to be displayed on
> your local machine, this will require certain settings to broadcast
> the graphics system over the network.
>
> containers usually contain services that are accessible over the
> network through an open network port
>
> С уважением, А. И.
>
> пн, 4 дек. 2023 г., 21:34 Thomas <t.schneider(a)getgoogleoff.me>:
>
> Hello,
>
> I need more guidance on this task, and I think one should restart
> from
> scratch.
> This java app "masterpassword-gui" is obviously a graphical frontend,
> but I think I didn't reflect this in my dockerfile.
>
> Currently I'm using this dockerfile to build the image:
> # Filename: mpw-gui
> FROM alpine:latest
> RUN apk add openjdk17-jre-headless openjdk17-jre
> COPY files/masterpassword-gui.jar
> /home/thomas/Software/masterpassword-gui.jar
> CMD ["java", "-jar", "/home/thomas/Software/masterpassword-gui.jar"]
>
> tree /home/thomas/Software/container/mpg-gui/
> Software/container/mpg-gui/
> ├── Dockerfile
> └── files
> └── masterpassword-gui.jar
>
> 1 directories, 2 files
>
> The build is successful, but running the container fails.
>
> Could you please advise how to complete this task?
>
> THX
>
>
> Am 28.11.23 um 05:20 schrieb Александр Илюшкин:
> > Hi, mate.
> >
> > I believe you can use this answer on SO
> > https://stackoverflow.com/a/35062090 replacing `docker` with
> `podman`
> > as it fully supports docker API.
> >
> > So I would write a file named `Dockerfile`:
> >
> > FROM openjdk:11
> > MAINTAINER t.schneider(a)getgoogleoff.me
> > COPY~/.mpw-gui/masterpassword-gui.jar /home/masterpassword-gui.jar
> > CMD ["java","-jar","/home/masterpassword-gui.jar"]
> >
> > Notice that I used FROM openjdk:11, you don't have to build your own
> > separate openjdk image as it's already built by guys from openjdk,
> > please use your current project version of JDK for it:
> > https://hub.docker.com/_/openjdk
> >
> > Build your image:
> >
> > podman build -t imageName .
> >
> > Now invoke your program inside a container:
> >
> > podman run --name myProgram imageName
> >
> > Now restart your program by restarting the container:
> >
> > podman restart myProgram
> >
> > Your program changed? Rebuild the image!:
> >
> > podman rmi imageName
> > podman build -t imageName .
> >
> > Additionally, usually we don't build images by hand, we use maven or
> > gradle for this.
> >
> > For instance, google created a tool called JIB, which creates OCI
> > images with java programs automatically:
> > https://cloud.google.com/java/getting-started/jib
> >
> > Also, we use this maven plugin to build docker image with jar
> file of
> > our project without writing Dockerfile at all:
> https://dmp.fabric8.io/
> >
> > It should work the same way with both docker and podman.
> >
> > вт, 28 нояб. 2023 г. в 02:02, Thomas <t.schneider(a)getgoogleoff.me>:
> >> Hello,
> >>
> >> I have successfully build docker image "sapmachine", a build of
> OpenJDK.
> >>
> >> Now I want to build my own image to run my own jar file.
> >> This jar file is located in ~/.mpw-gui/masterpassword-gui.jar,
> and with
> >> locally installed OpenJDK I would run this command: java -jar
> >> .mpw-gui/masterpassword-gui.jar
> >>
> >> Could you please advise how to build my own image for this java
> application?
> >>
> >> THX
> >> _______________________________________________
> >> Podman mailing list -- podman(a)lists.podman.io
> >> To unsubscribe send an email to podman-leave(a)lists.podman.io
> >
> >
>
>
> _______________________________________________
> Podman mailing list --podman(a)lists.podman.io
> To unsubscribe send an email topodman-leave(a)lists.podman.io
1 year, 11 months