Podman: Difference between revisions

From Alpine Linux
m (Formatting and added category)
m (add if container use vfs driver)
 
(5 intermediate revisions by 2 users not shown)
Line 4: Line 4:


{{Cmd|# apk add podman}}
{{Cmd|# apk add podman}}
=== Running as root ===


To run podman you'll need to enable the <code>cgroups</code> service, consider enabling [[OpenRC#cgroups v2|cgroups v2]].
To run podman you'll need to enable the <code>cgroups</code> service, consider enabling [[OpenRC#cgroups v2|cgroups v2]].
Line 17: Line 19:


  driver = "btrfs"
  driver = "btrfs"
If you're running inside a container, change the storage driver to <code>vfs</code>
=== Running in rootless mode ===


For rootless support (replace <USER> with your username):
For rootless support (replace <USER> with your username):
Line 28: Line 34:


{{Cmd|$ podman run --rm hello-world}}
{{Cmd|$ podman run --rm hello-world}}
==== Shared mount ====
Containers on linux might require filesystems to be mounted with different propagation than the kernel default of 'private'. If you see a warning:
: WARN[0000] "/" is not a shared mount, this could cause issues or missing mounts with rootless containers
you might want to fix this temporarily, for currently running system:
{{Cmd|# mount --make-rshared /}}
and try the command that caused the warning again.
Alternatively, you could use following command:
{{Cmd|# findmnt -o PROPAGATION /}}
which should print:
    PROPAGATION
    shared
For a permanent fix (after a [https://github.com/OpenRC/openrc/pull/526 OpenRC PR#526] is released - in newer version than 0.54.2-r1), edit {{path|/etc/fstab}}:
  {{cmd|# $EDITOR /etc/fstab}}
Add <code>shared</code> option to the root partition:
  /dev/sda2 / ext4 rw,relatime,shared 0 1
and after a reboot test it out similarly as above.
=== Docker compose ===
Podman provides a drop-in replacement for docker compose. The {{Pkg|podman-compose}} package provides this.
Each time that docker compose is used, a warning will remind that this is using podman under the hood. This warning can be squelched permanently by running:
{{cmd|# touch /etc/containers/nodocker}}


[[Category:Virtualization]]
[[Category:Virtualization]]

Latest revision as of 19:47, 24 August 2024

Installation

Podman can be installed via podman package in the community repository.

# apk add podman

Running as root

To run podman you'll need to enable the cgroups service, consider enabling cgroups v2.

# rc-update add cgroups

# rc-service cgroups start

You might need to restart your machine for this to work properly.

If you are running on top of Btrfs, consider setting storage driver to btrfs:

$ cat /etc/containers/storage.conf

driver = "btrfs"

If you're running inside a container, change the storage driver to vfs

Running in rootless mode

For rootless support (replace <USER> with your username):

# modprobe tun # echo tun >>/etc/modules # echo <USER>:100000:65536 >/etc/subuid # echo <USER>:100000:65536 >/etc/subgid

Run an example container to verify everything works:

$ podman run --rm hello-world

Shared mount

Containers on linux might require filesystems to be mounted with different propagation than the kernel default of 'private'. If you see a warning:

WARN[0000] "/" is not a shared mount, this could cause issues or missing mounts with rootless containers

you might want to fix this temporarily, for currently running system:

# mount --make-rshared /

and try the command that caused the warning again.

Alternatively, you could use following command:

# findmnt -o PROPAGATION /

which should print:

   PROPAGATION
   shared

For a permanent fix (after a OpenRC PR#526 is released - in newer version than 0.54.2-r1), edit /etc/fstab:

# $EDITOR /etc/fstab

Add shared option to the root partition:

  /dev/sda2 / ext4 rw,relatime,shared 0 1

and after a reboot test it out similarly as above.

Docker compose

Podman provides a drop-in replacement for docker compose. The podman-compose package provides this.

Each time that docker compose is used, a warning will remind that this is using podman under the hood. This warning can be squelched permanently by running:

# touch /etc/containers/nodocker