shmick/wiki
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

docs: add all untracked content

Browse Source
This commit is contained in:
Matan Horovitz
2022-04-30 23:14:42 +03:00
parent c32feec22b
commit c83b847568
24 changed files with 1314 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

104
podman.md Normal file
View File

@@ -0,0 +1,104 @@
---
title: Podman
description: Podman - the sleek, daemonless, rootless container engine. We'll get there!
published: true
date: 2022-04-30T20:10:55.242Z
tags: docker, container, podman
editor: markdown
dateCreated: 2022-02-14T21:19:25.267Z
---
# Podman Tips, Tricks, Shenanigans
I've had my eye on transitioning to Podman for a good while. It does not require a *big **phat** daemon* and can run containers rootless - perfect!
Unfortunately, Docker is so, so easy, and unlike what Red Hat claim, `alias docker=podman` is not nearly enough.
So what does it take to get Podman working?
## Installation
Quite obvious - install the `podman` package.
What is *not* obvious is that you *also* need the `podman-docker` package, and it does not live with Docker.
> Lesson 1: Docker and Podman do not live together. Sorry!
{.info}
## Rootfull or rootless?
Podman has a `rootfull` mode - which closely resembles Docker. However, it also has a `rootless` mode which is much less invasive - with caveats
1. No ping
2. No ports below `<1024` by default
3. Some configuration for DNS
4. Containers do not get their own IP and can only talk via the host
These limitations can be problematic - but the internet claims
> Lesson 2: Podman can do rootfull *and* rootless at once!
{.info}
Still need to confirm this, but should be good.
## Run the Podman Socket
What? another thing that runs and we are dependent on?
Fear not - 'tis a mere schewpid Unix socket. You can run Podman without it, but then the `docker-compose` command does not work which forces you to
1. Write Kubernetes YAML
or
2. Just run containers from the commandline
Both options are high treason, so the socket it is.
> Rootfull:
`systemctl enable --now podman.socket`
Rootless:
`systemctl --user enable --now podman.socket`
{.is-info}
To confirm the socket is working, run `curl -H "Content-Type: application/json" --unix-socket /var/run/docker.sock http://localhost/_ping` **as root**.
You should recieve a cute little `OK`:
```fish
# curl -H "Content-Type: application/json" --unix-socket /var/run/docker.sock http://localhost/_ping
OK
```
Cute arrow courtesy of the `fish` shell.
Speaking of `fish`:
> Podman rootless commands will not work on `fish` because it screws up the `$DOCKER_HOST` variable. This is likely because I am stupid.
{.is-warning}
Okay, we have a socket!
If running rootless, you should also run:
`export DOCKER_HOST="unix:///run/user/$UID/podman/podman.sock"`
else stuff will not work with cryptic, menacing Python errors.
(`fish` screws up the `$UID` bit there. Good times.)
## Going Rootless
If you're rootfull, life is pretty good right now. Us little guys need to work a little harder.
First, DNS will not work unless you install the `dnsname` plugin:
`sudo zypper install cni-plugin-dnsname`
Now, erase all networks and run a container (which will create a default bridge).
You can see if it stuck by editing `/etc/cni/net.d/87-podman-bridge.conflist`:
```
{
"type": "dnsname",
"domainName": "pukeko.xyz"
}
```
If you run `podman network ls`, you should also see `dnsname` under `plugins`.
> DNS will not resolve unless the *first* entry in your `/etc/resolv.conf` is valid!
{.is-warning}
At this stage, containers may complain about `dnsmasq` permissions - if so, you need to run:
`sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.dnsmasq`
Still have not found a permanent fix but I think it goes away.
Anyways, that's it for now. I've yet to Podmanize everything - but it will all be here.