Skip to content

Instantly share code, notes, and snippets.

@tom-tan
Last active January 19, 2021 14:27
Show Gist options
  • Save tom-tan/b5669b6dc1f1b897a39dd4eedecfbb9b to your computer and use it in GitHub Desktop.
Save tom-tan/b5669b6dc1f1b897a39dd4eedecfbb9b to your computer and use it in GitHub Desktop.
podman を Alpine 内で動かそうとしたメモ

基本的には以下を参照: https://github.com/containers/libpod/blob/master/docs/tutorials/podman_tutorial.md

  • 以下の作業はすべて docker コンテナ内
    • podman に --network=none をつけるなら --cap-add NET_ADMIN は不要
$ docker run --rm -it --cap-add SYS_ADMIN --cap-add NET_ADMIN alpine:latest sh

Installing base packages

apk add --no-cache runc git go make libc-dev linux-headers glib-dev bash gpgme-dev libseccomp-dev ip6tables ostree-dev

Building and installing conmon

export GOPATH=~/go
mkdir -p $GOPATH
git clone https://github.com/kubernetes-sigs/cri-o $GOPATH/src/github.com/kubernetes-sigs/cri-o
cd $GOPATH/src/github.com/kubernetes-sigs/cri-o
mkdir bin
make bin/conmon
install -D -m 755 bin/conmon /usr/libexec/podman/conmon
cd

Adding required configuration files

mkdir -p /etc/containers
wget https://raw.githubusercontent.com/projectatomic/registries/master/registries.conf -O /etc/containers/registries.conf
wget https://raw.githubusercontent.com/containers/skopeo/master/default-policy.json -O /etc/containers/policy.json

Installing CNI plugins

git clone https://github.com/containernetworking/plugins.git $GOPATH/src/github.com/containernetworking/plugins
cd $GOPATH/src/github.com/containernetworking/plugins
./build_linux.sh
mkdir -p /usr/libexec/cni
cp bin/* /usr/libexec/cni
cd

Installing CNI config

以下の make install.cni で同じことをするので省略。

Building and installing Podman

git clone https://github.com/containers/libpod/ $GOPATH/src/github.com/containers/libpod
cd $GOPATH/src/github.com/containers/libpod
make binaries
make install.bin install.config install.cni PREFIX=/usr SHAREDIR_CONTAINERS=/etc/containers

Installing podman configure

cat <<EOS > /etc/containers/storage.conf
[storage]
driver = "vfs"
EOS

Run podman!

# podman info # 最初の一回だけ何故か失敗する
Error: could not get runtime: no storage root specified: missing necessary StoreOptions
# podman info
host:
  BuildahVersion: 1.8-dev
  Conmon:
    package: Unknown
    path: /usr/libexec/podman/conmon
    version: 'conmon version 1.14.0-dev, commit: 26eea49cc1aea36ec7e4d06d186f718a3bd6677e'
  Distribution:
    distribution: alpine
    version: 3.9.2
  MemFree: 1775857664
  MemTotal: 4139118592
  OCIRuntime:
    package: Unknown
    path: /usr/bin/runc
    version: |-
      runc version 1.0.0-rc6+dev
      commit: 6635b4f0c6af3810594d2770f662f34ddc15b40d
      spec: 1.0.1-dev
  SwapFree: 1052471296
  SwapTotal: 1073737728
  arch: amd64
  cpus: 4
  hostname: 331eb16ef8c4
  kernel: 4.9.125-linuxkit
  os: linux
  rootless: false
  uptime: 3h 34m 24.27s (Approximately 0.12 days)
insecure registries:
  registries: []
registries:
  registries:
  - docker.io
store:
  ConfigFile: /etc/containers/storage.conf
  ContainerStore:
    number: 0
  GraphDriverName: vfs
  GraphOptions: null
  GraphRoot: /var/lib/containers/storage
  GraphStatus: {}
  ImageStore:
    number: 0
  RunRoot: /var/run/containers/storage
  VolumePath: volumes
# podman ps
CONTAINER ID  IMAGE  COMMAND  CREATED  STATUS  PORTS  NAMES
# podman run docker/whalesay cowsay hello!
Trying to pull docker.io/docker/whalesay...Getting image source signatures
...
Storing signatures
Error: container create failed: systemd cgroup flag passed, but systemd support for managing cgroups is not available
: internal libpod error

後少しに見えるががが

追記

/etc/containers/libpod.conf 中の CgroupManagersystemd から cgroupfs に変更してみる。

# podman run docker/whalesay cowsay hello!
Error: container create failed: container_linux.go:344: starting container process caused "process_linux.go:275: applying cgroup configuration for process caused \"mkdir /sys/fs/cgroup/cpuset/libpod_parent: read-only file system\""
: internal libpod error

うごご

@TechComSpot
Copy link

Ok, I get it :) thank you for your replay. Will try to do as you adviced. Tnx.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment