[Podman] Re: 'system reset' makes things weird - ?
by Paul Holzinger
To clarify as I am the guy who wrote that code:
> The existence of any config. file in /etc/cni/net.d tells podman to use
> the "old" CNI networking system.
This is not correct. If you only have the default "podman" cni config file
it will be ignored by the backend detection and choose netavark.
The reason you see the warning is because the code first tries to init the
cni backend to check how many networks are configured.
This init will also validate the files and thus throw the warning. When we
know that you only have the default config we configure
netavark and then store this decision in the `defaultNetworkBackend` file
in graphroot. SO that is why the warning will only be displayed
for the first command.
As mentioned the correct way to fix this is to either remove the config
file or configure the network backend in containers.conf to not go
through the auto detection logic. You could also install
containernetworking-plugins to make the warning go away but this isn't
needed
because you use netavark.
Basically the whole idea behind this logic was to support upgrades from 3.X
to 4.0 without forcing netavark on them while new installs
should default to netavark.
---
Paul
On Tue, May 9, 2023 at 10:31 PM Chris Evich <cevich(a)redhat.com> wrote:
> On 5/9/23 14:30, lejeczek via Podman wrote:
> > It seems that this: /etc/cni/net.d/87-podman.conflist is some remainer
> > of some previous installation
>
> Ahh, that explains perfectly what you're seeing. You're right, it must
> be a leftover from a previous setup, using an older version of podman.
> The existence of any config. file in /etc/cni/net.d tells podman to use
> the "old" CNI networking system. When the directory is empty, you get
> the "new" netavark system. The two are _NOT_ compatible, forward or
> backward with each other.
>
> When upgrading (and system reset-ing) podman doesn't touch these files -
> It does the "safe" thing, and assumes there could be some valuable
> settings inside. It's up to you (when upgrading / switching systems) to
> migrate the configuration manually (if applicable).
>
> Unfortunately, this is not made very clear by the error messages and
> behaviors. However, what you've found is working as intended -
> moving/removing those files THEN resetting will put you on the new
> netavark system - where you'll no longer see the errors.
>
> Hope that helps.
>
> ---
> Chris Evich (he/him), RHCA III
> Senior Quality Assurance Engineer
> If it ain't broke, your hammer isn't wide 'nough.
> _______________________________________________
> Podman mailing list -- podman(a)lists.podman.io
> To unsubscribe send an email to podman-leave(a)lists.podman.io
>
2 years, 1 month
[Podman] Re: podman image for ngninx
by Matthias Apitz
El día martes, enero 02, 2024 a las 03:20:46 +0530, Manish Srivastava escribió:
> It seems like your system is attempting to connect to Debian repositories (
> deb.debian.org) to fetch packages while running a SUSE Linux distribution.
> This could be due to misconfigured package repositories or a specific
> configuration pointing to Debian repositories rather than SUSE's.
>
> Verify your package repository configuration in /etc/zypp/repos.d/. Ensure
> that only SUSE repositories are listed there. Remove any Debian repository
> entries if present.
>
> If the problem persists, reviewing the logs in /var/log/zypper.log or
> /var/log/messages might provide more details on what's causing the
> attempted connections to Debian repositories.
Hello Manish,
Thanks for your reply. You are referencing an old outdated mail from
December 6. The described problem was solved and I've had to move
meanwhile to a RH server:
# cat /etc/os-release
NAME="Red Hat Enterprise Linux"
VERSION="8.8 (Ootpa)"
ID="rhel"
ID_LIKE="fedora"
VERSION_ID="8.8"
...
matthias
> On Wed, Dec 6, 2023 at 10:06 PM Matthias Apitz <guru(a)unixarea.de> wrote:
>
> >
> > Hello,
> >
> > I'm trying to build a podman image as described here:
> >
> > https://docs.podman.io/en/latest/Introduction.html
> >
> > with the command:
> >
> > podman build -t nginx https://git.io/Jf8ol
> >
> > on SuSE LINUX SLES 15 SP5. This fails with the attached nohup log. It
> > fails mostly due to this:
> > ...
> > Adding system user `nginx' (UID 101) ...
> > Adding new user `nginx' (UID 101) with group `nginx' ...
> > Not creating home directory `/nonexistent'.
> > + apt-get update
> > Err:1 http://deb.debian.org/debian buster InRelease
> > Connection failed [IP: 146.75.118.132 80]
> > Err:2 http://deb.debian.org/debian-security buster/updates InRelease
> > Connection failed [IP: 146.75.118.132 80]
> > Err:3 http://deb.debian.org/debian buster-updates InRelease
> > Connection failed [IP: 146.75.118.132 80]
> > Reading package lists...
> > W: Failed to fetch http://deb.debian.org/debian/dists/buster/InRelease
> > Connection failed [IP: 146.75.118.132 80]
> > ...
> >
> > What can I do?
> >
> > Thanks
> >
> > matthias
> >
> > --
> > Matthias Apitz, ✉ guru(a)unixarea.de, http://www.unixarea.de/
> > +49-176-38902045
> > Public GnuPG key: http://www.unixarea.de/key.pub
> > _______________________________________________
> > Podman mailing list -- podman(a)lists.podman.io
> > To unsubscribe send an email to podman-leave(a)lists.podman.io
> >
> _______________________________________________
> Podman mailing list -- podman(a)lists.podman.io
> To unsubscribe send an email to podman-leave(a)lists.podman.io
--
Matthias Apitz, ✉ guru(a)unixarea.de, http://www.unixarea.de/ +49-176-38902045
Public GnuPG key: http://www.unixarea.de/key.pub
I am not at war with Russia. Я не воюю с Россией.
Ich bin nicht im Krieg mit Russland.
1 year, 6 months
[Podman] Re: HELP! recover files from a deleted container
by Александр Илюшкин
Hey, Alvin.
Sorry to read about that. But anyways I'm glad that you've lost only your
personal work, not a production one.
*> One in particular had a month of work in it (I was using it as a
development environment), and it turns out only part of it was backed up.
I’m desperate!*
It was painful but good experience to remember that the main idea of
containers consists in stateless approach. In general, there is no
guarantees that your container and its data will be available for a long
time, but there is a guarantee that it can be quickly started up again,
scaled to a number of instances.
So, if you work under container environment, you have to store your data
outside, whether it's a database, or a file storage.
С уважением, А. И.
пн, 4 сент. 2023 г., 13:27 Alvin Thompson <alvin(a)thompsonlogic.com>:
> Help!
>
> Is there any way to recover files from a deleted container? Long story
> short, I found the behavior of `podman network rm -f` unexpected, and it
> wound up deleting most of my containers. One in particular had a month of
> work in it (I was using it as a development environment), and it turns out
> only part of it was backed up. I’m desperate!
>
> This is Podman for Windows, so most of the files on the “host” are in the
> WSL environment. I can get into that no problem with `wsl -d
> podman-machine-default`.
>
> As an added wrinkle, my default connection was
> `podman-machine-default-root`, but I was was not running Podman rootful.
> I’m not sure this is particularly relevant.
>
> grep-ing for strings which are unique to the development environment shows
> one hit in Windows, in
> %HOME%/.local/containers/podman/machine/wsl/wsldist/podman-machine-default/ext4.vhdx
> - which I assume is the file system for the WSL layer itself. I made a copy
> of it.
>
> A grep within WSL itself doesn’t show so any hits, so it’s possible the
> files were deleted as far as WSL is concerned. I tried searching for an
> EXT4 undelete tool, but the only one I found (extundelete) is from 10+
> years ago and doesn’t appear to work anymore.
>
> I haven’t stopped WSL (I’m using /tmp as a staging area) or restarted the
> computer.
>
> I’m at wit’s end. I really don’t know where to begin or look to recover
> these files, which I really, really need. Any recovery suggestions (no
> matter how tedious) would be welcome.
>
> I know it’s too late to change now, but man, the behavior of `podman
> network remove` is unexpected.
>
> Thanks,
> Alvin
> _______________________________________________
> Podman mailing list -- podman(a)lists.podman.io
> To unsubscribe send an email to podman-leave(a)lists.podman.io
>
1 year, 10 months
[Podman] Re: What to use instead of RemapUsers/RemapUid/RemapGid in Quadlet now?
by Erik Sjölund
I think the directive "PodmanArgs" can be used to set podman arguments
that don't have any
container option counterpart.
See man page:
https://docs.podman.io/en/latest/markdown/podman-systemd.unit.5.html
Maybe something like this could work?
PodmanArgs=--uidmap 0:0:1 --uidmap 100:1:1 --gidmap 0:0:1 --gidmap 65534:1:1
(untested)
Erik
On Mon, Sep 4, 2023 at 7:03 PM jklaiho(a)iki.fi <jklaiho(a)iki.fi> wrote:
>>
>> Nonetheless, I would really appreciate help with how to express these old style mappings with the new UserNS option in Quadlet:
>>
>> RemapUsers=manual
>> RemapUid=0:0:1
>> RemapUid=100:1:1
>> RemapGid=0:0:1
>> RemapGid=65534:1:1
>>
> The syntax is `container ID: host ID: range`. So `100:1:1` means that container UID 100 is mapped to host UID 1 for the range of length 1. `100:1:10` would mean that 10 UIDs starting at 100 inside the container are mapped to 10 outside the container at UID 1.
>
> That being said, are you sure what you specified above is correct? In case you are not sure, can you elaborate why you want to achieve? I am hesitant to give an answer as the ranges look strange to me.
>
>
> See this thread: https://lists.podman.io/archives/list/podman@lists.podman.io/thread/3ZN4U...
>
> It describes the original issue I had, and how I arrived at those numbers. Remember, this is a rootless container being run by a regular user. According to Erik Sjölund's post in the thread, the middle number is only a host UID in a rootful container – otherwise it's an "intermediate UID", a term Erik says he invented for explanatory purposes. ("Positional index", he later also called it; so AFAIK, an index to the subordinate UIDs of the host user.)
>
> As for what I'm trying to achieve:
>
> RemapUid=0:0:1 and RemapGid=0:0:1 just make it so that the container root appears to the host as the regular host user, for purposes of host file permissions for bind mounted volumes. (A file created into the mounted volume as the container's root shows up on the host side as being created by the regular user, etc.)
>
> RemapUid=100:1:1 and RemapGid=65534:1:1 fix the apt-related error described in the thread, and have no other purpose for me. If (if!) I understood anything from Erik's and Guiseppe Scrivano's explanations in that thread, this gives the container one extra UID and GID to work with when performing seteuid/setegid/setgroups operations. It seems to need those when the container root drops privileges to become the container _apt user during package installation.
>
> Phew :-D. With all that said, I hope the correct UserNS invocation can be determined.
>
> - JK
>
> _______________________________________________
> Podman mailing list -- podman(a)lists.podman.io
> To unsubscribe send an email to podman-leave(a)lists.podman.io
1 year, 10 months
[Podman] Re: How to build image for own jar file
by Thomas
Hello,
I need more guidance on this task, and I think one should restart from
scratch.
This java app "masterpassword-gui" is obviously a graphical frontend,
but I think I didn't reflect this in my dockerfile.
Currently I'm using this dockerfile to build the image:
# Filename: mpw-gui
FROM alpine:latest
RUN apk add openjdk17-jre-headless openjdk17-jre
COPY files/masterpassword-gui.jar
/home/thomas/Software/masterpassword-gui.jar
CMD ["java", "-jar", "/home/thomas/Software/masterpassword-gui.jar"]
tree /home/thomas/Software/container/mpg-gui/
Software/container/mpg-gui/
├── Dockerfile
└── files
└── masterpassword-gui.jar
1 directories, 2 files
The build is successful, but running the container fails.
Could you please advise how to complete this task?
THX
Am 28.11.23 um 05:20 schrieb Александр Илюшкин:
> Hi, mate.
>
> I believe you can use this answer on SO
> https://stackoverflow.com/a/35062090 replacing `docker` with `podman`
> as it fully supports docker API.
>
> So I would write a file named `Dockerfile`:
>
> FROM openjdk:11
> MAINTAINER t.schneider(a)getgoogleoff.me
> COPY~/.mpw-gui/masterpassword-gui.jar /home/masterpassword-gui.jar
> CMD ["java","-jar","/home/masterpassword-gui.jar"]
>
> Notice that I used FROM openjdk:11, you don't have to build your own
> separate openjdk image as it's already built by guys from openjdk,
> please use your current project version of JDK for it:
> https://hub.docker.com/_/openjdk
>
> Build your image:
>
> podman build -t imageName .
>
> Now invoke your program inside a container:
>
> podman run --name myProgram imageName
>
> Now restart your program by restarting the container:
>
> podman restart myProgram
>
> Your program changed? Rebuild the image!:
>
> podman rmi imageName
> podman build -t imageName .
>
> Additionally, usually we don't build images by hand, we use maven or
> gradle for this.
>
> For instance, google created a tool called JIB, which creates OCI
> images with java programs automatically:
> https://cloud.google.com/java/getting-started/jib
>
> Also, we use this maven plugin to build docker image with jar file of
> our project without writing Dockerfile at all: https://dmp.fabric8.io/
>
> It should work the same way with both docker and podman.
>
> вт, 28 нояб. 2023 г. в 02:02, Thomas <t.schneider(a)getgoogleoff.me>:
>> Hello,
>>
>> I have successfully build docker image "sapmachine", a build of OpenJDK.
>>
>> Now I want to build my own image to run my own jar file.
>> This jar file is located in ~/.mpw-gui/masterpassword-gui.jar, and with
>> locally installed OpenJDK I would run this command: java -jar
>> .mpw-gui/masterpassword-gui.jar
>>
>> Could you please advise how to build my own image for this java application?
>>
>> THX
>> _______________________________________________
>> Podman mailing list -- podman(a)lists.podman.io
>> To unsubscribe send an email to podman-leave(a)lists.podman.io
>
>
1 year, 7 months
[Podman] Re: exec - shell functions ?
by lejeczek
On 19/06/2023 11:21, Daniel Walsh wrote:
> On 6/18/23 10:57, lejeczek via Podman wrote:
>> Hi guys.
>>
>> How do you 'exec' your container shell functions without
>> going into shell interactively?
>>
>> many thanks, L.
>>
Apologies as perhaps I did not make it clear - user shell
function I meant
As in my last message, I can exec those now, I was a bit
naive/lazy thinking that just giving function-name as an arg
to the 'podman' will do, say: .. exec my-cont
my-shell-function(declared in container user rc/profile)
But it works - as I shared in my last message - so it's
good, many! thanks.
L.
2 years
