shmick/wiki
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
master
wiki/podman.md

105 lines
3.5 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
title: Podman
description: Podman - the sleek, daemonless, rootless container engine. We'll get there!
published: true
date: 2022-04-30T20:10:55.242Z
tags: docker, container, podman
editor: markdown
dateCreated: 2022-02-14T21:19:25.267Z
---
# Podman Tips, Tricks, Shenanigans
I've had my eye on transitioning to Podman for a good while. It does not require a *big **phat** daemon* and can run containers rootless - perfect!
Unfortunately, Docker is so, so easy, and unlike what Red Hat claim, `alias docker=podman` is not nearly enough.
So what does it take to get Podman working?
## Installation
Quite obvious - install the `podman` package.
What is *not* obvious is that you *also* need the `podman-docker` package, and it does not live with Docker.
> Lesson 1: Docker and Podman do not live together. Sorry!
{.info}
## Rootfull or rootless?
Podman has a `rootfull` mode - which closely resembles Docker. However, it also has a `rootless` mode which is much less invasive - with caveats
1. No ping
2. No ports below `<1024` by default
3. Some configuration for DNS
4. Containers do not get their own IP and can only talk via the host
These limitations can be problematic - but the internet claims
> Lesson 2: Podman can do rootfull *and* rootless at once!
{.info}
Still need to confirm this, but should be good.
## Run the Podman Socket
What? another thing that runs and we are dependent on?
Fear not - 'tis a mere schewpid Unix socket. You can run Podman without it, but then the `docker-compose` command does not work which forces you to
1. Write Kubernetes YAML
or
2. Just run containers from the commandline
Both options are high treason, so the socket it is.
> Rootfull:
`systemctl enable --now podman.socket`
Rootless:
`systemctl --user enable --now podman.socket`
{.is-info}
To confirm the socket is working, run `curl -H "Content-Type: application/json" --unix-socket /var/run/docker.sock http://localhost/_ping` **as root**.
You should recieve a cute little `OK`:
```fish
# curl -H "Content-Type: application/json" --unix-socket /var/run/docker.sock http://localhost/_ping
OK
```
Cute arrow courtesy of the `fish` shell.
Speaking of `fish`:
> Podman rootless commands will not work on `fish` because it screws up the `$DOCKER_HOST` variable. This is likely because I am stupid.
{.is-warning}
Okay, we have a socket!
If running rootless, you should also run:
`export DOCKER_HOST="unix:///run/user/$UID/podman/podman.sock"`
else stuff will not work with cryptic, menacing Python errors.
(`fish` screws up the `$UID` bit there. Good times.)
## Going Rootless
If you're rootfull, life is pretty good right now. Us little guys need to work a little harder.
First, DNS will not work unless you install the `dnsname` plugin:
`sudo zypper install cni-plugin-dnsname`
Now, erase all networks and run a container (which will create a default bridge).
You can see if it stuck by editing `/etc/cni/net.d/87-podman-bridge.conflist`:
```
{
"type": "dnsname",
"domainName": "pukeko.xyz"
}
```
If you run `podman network ls`, you should also see `dnsname` under `plugins`.
> DNS will not resolve unless the *first* entry in your `/etc/resolv.conf` is valid!
{.is-warning}
At this stage, containers may complain about `dnsmasq` permissions - if so, you need to run:
`sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.dnsmasq`
Still have not found a permanent fix but I think it goes away.
Anyways, that's it for now. I've yet to Podmanize everything - but it will all be here.
Reference in New Issue View Git Blame Copy Permalink