Podman: Difference between revisions

From Alpine Linux
(Update for podman on 3.15)
m (add if container use vfs driver)
 
(7 intermediate revisions by 4 users not shown)
Line 1: Line 1:
== Installation ==
== Installation ==


Podman can be installed via `podman` package in the community repository.
Podman can be installed via {{Pkg|podman}} package in the community repository.


  # apk add podman
{{Cmd|# apk add podman}}


To run podman you'll need to enable the cgroups service, consider enabling [[OpenRC#cgroups v2|cgroups v2]].
=== Running as root ===


  # rc-update add cgroups
To run podman you'll need to enable the <code>cgroups</code> service, consider enabling [[OpenRC#cgroups v2|cgroups v2]].
  # rc-service cgroups start
 
{{Cmd|# rc-update add cgroups}}
{{Cmd|# rc-service cgroups start}}


You might need to restart your machine for this to work properly.
You might need to restart your machine for this to work properly.


If you are running on top of btrfs, consider setting driver to btrfs:
If you are running on top of [[Btrfs]], consider setting storage driver to <code>btrfs</code>:
 
{{Cmd|$ cat /etc/containers/storage.conf | grep 'driver ='}}
 
driver = "btrfs"
 
If you're running inside a container, change the storage driver to <code>vfs</code>


  +  $ cat /etc/containers/storage.conf | grep 'driver ='
=== Running in rootless mode ===
  driver = "btrfs"


For rootless support (replace <USER> with your username):
For rootless support (replace <USER> with your username):


  # modprobe tun
{{Cmd|# modprobe tun
  # echo tun >>/etc/modules
&#35; echo tun >>/etc/modules
  # echo <USER>:100000:65536 >/etc/subuid
&#35; echo <USER>:100000:65536 >/etc/subuid
  # echo <USER>:100000:65536 >/etc/subgid
&#35; echo <USER>:100000:65536 >/etc/subgid}}


Run an example container to verify everything works:
Run an example container to verify everything works:


  $ podman run --rm hello-world
{{Cmd|$ podman run --rm hello-world}}
 
==== Shared mount ====
 
Containers on linux might require filesystems to be mounted with different propagation than the kernel default of 'private'. If you see a warning:
 
: WARN[0000] "/" is not a shared mount, this could cause issues or missing mounts with rootless containers
 
you might want to fix this temporarily, for currently running system:
 
{{Cmd|# mount --make-rshared /}}
 
and try the command that caused the warning again.
 
Alternatively, you could use following command:
 
{{Cmd|# findmnt -o PROPAGATION /}}
 
which should print:
 
    PROPAGATION
    shared
 
For a permanent fix (after a [https://github.com/OpenRC/openrc/pull/526 OpenRC PR#526] is released - in newer version than 0.54.2-r1), edit {{path|/etc/fstab}}:
 
  {{cmd|# $EDITOR /etc/fstab}}
 
Add <code>shared</code> option to the root partition:
 
  /dev/sda2 / ext4 rw,relatime,shared 0 1
 
and after a reboot test it out similarly as above.
 
=== Docker compose ===
 
Podman provides a drop-in replacement for docker compose. The {{Pkg|podman-compose}} package provides this.
 
Each time that docker compose is used, a warning will remind that this is using podman under the hood. This warning can be squelched permanently by running:
 
{{cmd|# touch /etc/containers/nodocker}}
 
[[Category:Virtualization]]

Latest revision as of 19:47, 24 August 2024

Installation

Podman can be installed via podman package in the community repository.

# apk add podman

Running as root

To run podman you'll need to enable the cgroups service, consider enabling cgroups v2.

# rc-update add cgroups

# rc-service cgroups start

You might need to restart your machine for this to work properly.

If you are running on top of Btrfs, consider setting storage driver to btrfs:

$ cat /etc/containers/storage.conf

driver = "btrfs"

If you're running inside a container, change the storage driver to vfs

Running in rootless mode

For rootless support (replace <USER> with your username):

# modprobe tun # echo tun >>/etc/modules # echo <USER>:100000:65536 >/etc/subuid # echo <USER>:100000:65536 >/etc/subgid

Run an example container to verify everything works:

$ podman run --rm hello-world

Shared mount

Containers on linux might require filesystems to be mounted with different propagation than the kernel default of 'private'. If you see a warning:

WARN[0000] "/" is not a shared mount, this could cause issues or missing mounts with rootless containers

you might want to fix this temporarily, for currently running system:

# mount --make-rshared /

and try the command that caused the warning again.

Alternatively, you could use following command:

# findmnt -o PROPAGATION /

which should print:

   PROPAGATION
   shared

For a permanent fix (after a OpenRC PR#526 is released - in newer version than 0.54.2-r1), edit /etc/fstab:

# $EDITOR /etc/fstab

Add shared option to the root partition:

  /dev/sda2 / ext4 rw,relatime,shared 0 1

and after a reboot test it out similarly as above.

Docker compose

Podman provides a drop-in replacement for docker compose. The podman-compose package provides this.

Each time that docker compose is used, a warning will remind that this is using podman under the hood. This warning can be squelched permanently by running:

# touch /etc/containers/nodocker