The path mentioned above is linked in the sysadmin
article on running podman inside containers. The content
has since been moved and users are getting a 404 there now.
Add the path back with a readme pointing to the new location
of the content.
Signed-off-by: Urvashi Mohnani <umohnani@redhat.com>
This change will allow RHEL subscriptions from the host to flow
to internal containers.
Fixes: https://github.com/containers/common/issues/1735
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Drop a reference as to why the `rpm --setcaps...` line is needed, along
with a `TODO` reminder to check if it's still needed.
Signed-off-by: Chris Evich <cevich@redhat.com>
The Containerfiles were built with sed -i, which is leading to empty
storage.conf files. This will cause Podman in a container to print
warning information about storage.driver not being set to something.
[NO NEW TESTS REQUIRED]
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This was an accidental leftover from an in-development implementation.
The `sed` command further down entirely replaces the file in the image.
Strip out the unnecessary 'storage.conf' ADD instruction.
Signed-off-by: Chris Evich <cevich@redhat.com>
@cevich recently renamed all the files named Dockerfile to Containerfile
in this directory. Touching up the README.md to reflect that.
Also, as I was doing the submit, I noticed a couple of nits in the PR
request template and cleaned those up.
Signed-off-by: tomsweeneyredhat <tsweeney@redhat.com>
As of Fedora 36, `/etc/containers/storage.conf` with defaults is
installed under `/usr/share/containers/`. This was causing builds
to fail in the necessary `sed` command that enables fuse-overlayfs.
Fix this by using sed on the new location with an output redirect
into the `etc` location.
Also, perform a mass-cleanup of the three files to make them easier
to read/maintain. Including renaming them to `Containerfile`,
since all native build tooling is now used to produce them.
Lastly, take advantage of the `podman-next` copr repository to install
the latest/greatest podman from `main`, rather than building it from
scratch. This will greatly speed up the image build speed.
Signed-off-by: Chris Evich <cevich@redhat.com>
This reverts commit cc3790f332d989440eb1720e24e3619fc97c74ee.
We can't change rootful to rootfull because `rootful` is written into the machine config. Changing this will break json unmarshalling, which will break existing machines.
[NO NEW TESTS NEEDED]
Signed-off-by: Ashley Cui <acui@redhat.com>
We are inconsistent on the name, we should stick with rootfull.
[NO NEW TESTS NEEDED] Existing tests should handle this and no tests for
machines exists yet.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
This new VM image brings in two important updates to multi-arch
image build operations:
1. Future operational changes will no-longer require also updating VM
images. Updates to build-push made in `containers/automation_images`
will automatically be picked up at runtime.
ref: https://github.com/containers/automation_images/pull/123
2. On the next run, both `vX` and `vX.Y` tagged manifest-lists will be
pushed. This is now also reflected in the README.
ref: https://github.com/containers/automation_images/pull/125
Signed-off-by: Chris Evich <cevich@redhat.com>
I have noticed that the containers.conf file in the /home/podman
directory is owned by root and not Podman. This change fixes the
ownership.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Podman and Docker will not commit changes via RUN command
of a VOLUME directory, so we need to chown path first.
Not doing do will cause: https://bugzilla.redhat.com/show_bug.cgi?id=2009266
Signed-off-by: Jindrich Novy <jnovy@redhat.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Add a link to the podman images readme.md to Dan's recent post
on Enable Sysadm about running containers inside of Podman
Fixes: https://github.com/containers/buildah/issues/3119
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
The automation workflow was altered in recent history to build images
daily, even if the podman version didn't change. This was is necessary
so that any updates/security vulnerabilities in ancillary packages are
incorporated quickly. However, documentation was never updated to
reflect this change. This commit puts the two in sync.
Signed-off-by: Chris Evich <cevich@redhat.com>
There seems to be a bug in rpm, where it fails silently if you specify
rpm --restore --quiet shadow-utils.
rpm --restore shadow-utils 2> /dev/null
Does the right thing.
[NO TESTS NEEDED] Might add tests from buildah, once we have them
working correctly.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Rather then reinstalling shadow-utils to fix permissions,
just restore the correct permissions.
[NO TESTS NEEDED] Since this does not affect Podman, just the prebuilt
images on quay.io/podman.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Docker VOLUMEs will inherit permissions from an existing directory at the same
path. If the path does not exist, the directory will be owned by root which
makes this image unusable in rootless mode.
Signed-off-by: Blake Burkhart <blake.burkhart@us.af.mil>
Commit 7f2c27d43fc5 added an invalid value for the log_driver in the
containers.conf file inside the podman image.
Fixes#10312
Signed-off-by: Paul Holzinger <paul.holzinger@web.de>
Update the order of image documentation to be from most to least stable.
Similarly, avoid depending on execution of upstream podman, when
building/pushing. It's easily possible for this build to function but
execution to fail due to some partially implemented feature.
Also, ensure images tagged `latest` are pushed for every matrix
item. For 'upstream' and 'testing', this replaces use of the
'master' tag.
Lastly, update workflow comments and split the 'podman' and 'containers'
FQIN steps and outputs to improve readability.
Signed-off-by: Chris Evich <cevich@redhat.com>
[NO TEST NEEDED] Can not test this in CI/CD system since it needs to be
merged in order for the Dockerfiles to even work.
Modified the /etc/subuid and /etc/subgid to be able to run in rootless
containers. The Range can not be the same as on the host.
Add /home/podman/.config/containers/containers.conf to automatically
mount /proc on /proc while inside of the container. This prevents
additional permissions being required that are blocked when not in
--privileged mode.
Setup volumes for /var/lib/containers and
/home/podman/.local/share/containwers
This will prevent the errors where people are doing overlay on overlay.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
We've recently had a number of issues reported against our
pre-fabricated images on quay.io and a couple of rhel repositories
throwing a fuse error when run:
```
fuse: device not found, try 'modprobe fuse' first
```
The tip on modprobe fuse is not always seen by or displayed to
the end user. Adding a couple of doc pointers to hopefully help.
Arises from this BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1867892
and several others.
Replaces: 7453 where I was going crazy with whitespace and merge issues.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Updates to the README.md for the contrib/podmanimages directory.
This completes the changes to answer this Buildah issue: https://github.com/containers/buildah/issues/1693
and then also adds the quay.io/conatiners/podman images to the list of images.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
In the Buildah images, we had a problem where the testing image
was installed with an older version of Buildah than the stable
image. This was apparently due to quay.io using Docker and Dockerhub
which has a version of Fedora that did not let testing
version of Buildah to be installed as it should have been.
This change fully specifies the name of the fedora image to
use. This has not been a problem in Podman, but I'm carrying
this change here to avoid future problems.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Adding the changes to the Podman image Docker/Containerfiles similar
to @rhatdan 's changes in https://github.com/containers/buildah/pull/2332
In short it changes the perms on containers.conf so it can be used by a
rootless user.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
The podmanimage/upstream/Dockerfile had two rpms in its
build procedure that are no longer available. The atomic-registries
has been removed and the md2man has been renamed. In addtion
conmon was not being installed and I've added that.
I've been using a Containerfile to build or rebuild a
specific version of the podmanimage stored in the stable
repository with a version tag. As the other Containerfiles
have been updated by others, and in case anyone else needs
to build it, I've added it to the repo and have also updated
the readme.md.
FWIW, the builds in the quay.io/podman/upstream have been failing for a while due to missing rpms.
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
(Stealing from: @rhatdan 's https://github.com/containers/buildah/pull/2038 )
1 We need to update all packages in the podman image to make sure they are
up2date.
2 reinstall shadow-utils. For some reason the fedora base image does not
include the file capabilities assigned to /usr/bin/newuidmap and
/usr/bin/newgidmap. Reinstalling shadow-utils, brings them back.
3 Add a default user build to the system. This will create the
/etc/subuid and /etc/subgid maps get created correctly.
Once we have this we should be able to build a container starting with a non
privileged user
podman run -ti --user build --device=/dev/fuse -v ./Dockerfile:/Dockerfile:z quay.io/podman/stable podman buildd /
Addresses: #4741
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
