mirror of https://github.com/containers/podman
[CI:DOCS] Migrate podman container image
Moved to: https://github.com/containers/image_build Signed-off-by: Chris Evich <cevich@redhat.com>pull/21950/head
parent
7f9f384c8a
commit
d6d2601742
|
@ -1,88 +1,2 @@
|
|||
[comment]: <> (***ATTENTION*** ***WARNING*** ***ALERT*** ***CAUTION*** ***DANGER***)
|
||||
[comment]: <> ()
|
||||
[comment]: <> (ANY changes made to this file, once committed/merged must)
|
||||
[comment]: <> (be manually copy/pasted -in markdown- into the description)
|
||||
[comment]: <> (field on Quay at the following locations:)
|
||||
[comment]: <> ()
|
||||
[comment]: <> (https://quay.io/repository/containers/podman)
|
||||
[comment]: <> (https://quay.io/repository/podman/stable)
|
||||
[comment]: <> (https://quay.io/repository/podman/testing)
|
||||
[comment]: <> (https://quay.io/repository/podman/upstream)
|
||||
[comment]: <> ()
|
||||
[comment]: <> (***ATTENTION*** ***WARNING*** ***ALERT*** ***CAUTION*** ***DANGER***)
|
||||
|
||||
![PODMAN logo](https://raw.githubusercontent.com/containers/common/main/logos/podman-logo-full-vert.png)
|
||||
|
||||
# podmanimage
|
||||
|
||||
## Overview
|
||||
|
||||
This directory contains the Containerfiles necessary to create the podmanimage container
|
||||
images that are housed on quay.io under the Podman account. All repositories where
|
||||
the images live are public and can be pulled without credentials. These container images are secured and the
|
||||
resulting containers can run safely with privileges within the container.
|
||||
|
||||
The container images are built using the latest Fedora and then Podman is installed into them.
|
||||
The PATH in the container images is set to the default PATH provided by Fedora. Also, the
|
||||
ENTRYPOINT and the WORKDIR variables are not set within these container images, as such they
|
||||
default to `/`.
|
||||
|
||||
The container images are:
|
||||
|
||||
* `quay.io/containers/podman:<version>` and `quay.io/podman/stable:<version>` -
|
||||
These images are built daily. They are intended to contain an unchanging
|
||||
and stable version of podman. For the most recent `<version>` tags (`vX`,
|
||||
`vX.Y`, and `vX.Y.Z`) the image contents will be updated daily to incorporate
|
||||
(especially) security upgrades. For build details, please [see the
|
||||
configuration file](stable/Containerfile).
|
||||
* `quay.io/containers/podman:latest` and `quay.io/podman/stable:latest` -
|
||||
Built daily using the same Containerfile as above. The Podman version
|
||||
will remain the "latest" available in Fedora, however the other image
|
||||
contents may vary compared to the version-tagged images.
|
||||
* `quay.io/podman/testing:latest` - This image is built daily, using the
|
||||
latest version of Podman that was in the Fedora `updates-testing` repository.
|
||||
The image is Built with [the testing Containerfile](testing/Containerfile).
|
||||
* `quay.io/podman/upstream:latest` - This image is built daily using the latest
|
||||
code found in this GitHub repository. Due to the image changing frequently,
|
||||
it's not guaranteed to be stable or even executable. The image is built with
|
||||
[the upstream Containerfile](upstream/Containerfile). Note the actual compilation
|
||||
of upstream podman [occurs continuously in
|
||||
COPR](https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/).
|
||||
|
||||
## Sample Usage
|
||||
|
||||
|
||||
```
|
||||
podman pull docker://quay.io/podman/stable:latest
|
||||
|
||||
podman run --privileged stable podman version
|
||||
|
||||
# Create a directory on the host to mount the container's
|
||||
# /var/lib/container directory to so containers can be
|
||||
# run within the container.
|
||||
mkdir /var/lib/mycontainer
|
||||
|
||||
# Run the image detached using the host's network in a container name
|
||||
# podmanctr, turn off label and seccomp confinement in the container
|
||||
# and then do a little shell hackery to keep the container up and running.
|
||||
podman run --detach --name=podmanctr --net=host --security-opt label=disable --security-opt seccomp=unconfined --device /dev/fuse:rw -v /var/lib/mycontainer:/var/lib/containers:Z --privileged stable sh -c 'while true ;do sleep 100000 ; done'
|
||||
|
||||
podman exec -it podmanctr /bin/sh
|
||||
|
||||
# Now inside of the container
|
||||
|
||||
podman pull alpine
|
||||
|
||||
podman images
|
||||
|
||||
exit
|
||||
```
|
||||
|
||||
**Note:** If you encounter a `fuse: device not found` error when running the container image, it is likely that
|
||||
the fuse kernel module has not been loaded on your host system. Use the command `modprobe fuse` to load the
|
||||
module and then run the container image. To enable this automatically at boot time, you can add a configuration
|
||||
file to `/etc/modules.load.d`. See `man modules-load.d` for more details.
|
||||
|
||||
### Blog Post with Details
|
||||
|
||||
Dan Walsh wrote a blog post on the [Enable Sysadmin](https://www.redhat.com/sysadmin/) site titled [How to use Podman inside of a container](https://www.redhat.com/sysadmin/podman-inside-container). In it, he details how to use these images as a rootful and as a rootless user. Please refer to this blog for more detailed information.
|
||||
The podman container image build context and automation have been
|
||||
moved to [https://github.com/containers/image_build/tree/main/podman](https://github.com/containers/image_build/tree/main/podman)
|
||||
|
|
|
@ -1,61 +0,0 @@
|
|||
# stable/Containerfile
|
||||
#
|
||||
# Build a Podman container image from the latest
|
||||
# stable version of Podman on the Fedoras Updates System.
|
||||
# https://bodhi.fedoraproject.org/updates/?search=podman
|
||||
# This image can be used to create a secured container
|
||||
# that runs safely with privileges within the container.
|
||||
#
|
||||
FROM registry.fedoraproject.org/fedora:latest
|
||||
|
||||
# Don't include container-selinux and remove
|
||||
# directories used by dnf that are just taking
|
||||
# up space.
|
||||
# TODO: rpm --setcaps... needed due to Fedora (base) image builds
|
||||
# being (maybe still?) affected by
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1995337#c3
|
||||
RUN dnf -y update && \
|
||||
rpm --setcaps shadow-utils 2>/dev/null && \
|
||||
dnf -y install podman fuse-overlayfs openssh-clients \
|
||||
--exclude container-selinux && \
|
||||
dnf clean all && \
|
||||
rm -rf /var/cache /var/log/dnf* /var/log/yum.*
|
||||
|
||||
RUN useradd podman; \
|
||||
echo -e "podman:1:999\npodman:1001:64535" > /etc/subuid; \
|
||||
echo -e "podman:1:999\npodman:1001:64535" > /etc/subgid;
|
||||
|
||||
ARG _REPO_URL="https://raw.githubusercontent.com/containers/podman/main/contrib/podmanimage/stable"
|
||||
ADD $_REPO_URL/containers.conf /etc/containers/containers.conf
|
||||
ADD $_REPO_URL/podman-containers.conf /home/podman/.config/containers/containers.conf
|
||||
|
||||
RUN mkdir -p /home/podman/.local/share/containers && \
|
||||
chown podman:podman -R /home/podman && \
|
||||
chmod 644 /etc/containers/containers.conf
|
||||
|
||||
# Copy & modify the defaults to provide reference if runtime changes needed.
|
||||
# Changes here are required for running with fuse-overlay storage inside container.
|
||||
RUN sed -e 's|^#mount_program|mount_program|g' \
|
||||
-e '/additionalimage.*/a "/var/lib/shared",' \
|
||||
-e 's|^mountopt[[:space:]]*=.*$|mountopt = "nodev,fsync=0"|g' \
|
||||
/usr/share/containers/storage.conf \
|
||||
> /etc/containers/storage.conf
|
||||
|
||||
# Setup internal Podman to pass subscriptions down from host to internal container
|
||||
RUN printf '/run/secrets/etc-pki-entitlement:/run/secrets/etc-pki-entitlement\n/run/secrets/rhsm:/run/secrets/rhsm\n' > /etc/containers/mounts.conf
|
||||
|
||||
# Note VOLUME options must always happen after the chown call above
|
||||
# RUN commands can not modify existing volumes
|
||||
VOLUME /var/lib/containers
|
||||
VOLUME /home/podman/.local/share/containers
|
||||
|
||||
RUN mkdir -p /var/lib/shared/overlay-images \
|
||||
/var/lib/shared/overlay-layers \
|
||||
/var/lib/shared/vfs-images \
|
||||
/var/lib/shared/vfs-layers && \
|
||||
touch /var/lib/shared/overlay-images/images.lock && \
|
||||
touch /var/lib/shared/overlay-layers/layers.lock && \
|
||||
touch /var/lib/shared/vfs-images/images.lock && \
|
||||
touch /var/lib/shared/vfs-layers/layers.lock
|
||||
|
||||
ENV _CONTAINERS_USERNS_CONFIGURED=""
|
|
@ -1,12 +0,0 @@
|
|||
[containers]
|
||||
netns="host"
|
||||
userns="host"
|
||||
ipcns="host"
|
||||
utsns="host"
|
||||
cgroupns="host"
|
||||
cgroups="disabled"
|
||||
log_driver = "k8s-file"
|
||||
[engine]
|
||||
cgroup_manager = "cgroupfs"
|
||||
events_logger="file"
|
||||
runtime="crun"
|
|
@ -1,5 +0,0 @@
|
|||
[containers]
|
||||
volumes = [
|
||||
"/proc:/proc",
|
||||
]
|
||||
default_sysctls = []
|
|
@ -1,66 +0,0 @@
|
|||
# testing/Containerfile
|
||||
#
|
||||
# Build a Podman container image from the latest
|
||||
# stable version of Podman on the Fedoras Updates System.
|
||||
# https://bodhi.fedoraproject.org/updates/?search=podman
|
||||
# This image can be used to create a secured container
|
||||
# that runs safely with privileges within the container.
|
||||
#
|
||||
FROM registry.fedoraproject.org/fedora:latest
|
||||
|
||||
# Don't include container-selinux and remove
|
||||
# directories used by dnf that are just taking
|
||||
# up space.
|
||||
# TODO: rpm --setcaps... needed due to Fedora (base) image builds
|
||||
# being (maybe still?) affected by
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1995337#c3
|
||||
RUN dnf -y update && \
|
||||
rpm --setcaps shadow-utils 2>/dev/null && \
|
||||
dnf -y install podman fuse-overlayfs openssh-clients \
|
||||
--exclude container-selinux --enablerepo updates-testing && \
|
||||
dnf clean all && \
|
||||
rm -rf /var/cache /var/log/dnf* /var/log/yum.*
|
||||
|
||||
RUN useradd podman; \
|
||||
echo -e "podman:1:999\npodman:1001:64535" > /etc/subuid; \
|
||||
echo -e "podman:1:999\npodman:1001:64535" > /etc/subgid;
|
||||
|
||||
ARG _REPO_URL="https://raw.githubusercontent.com/containers/podman/main/contrib/podmanimage/stable"
|
||||
ADD $_REPO_URL/containers.conf /etc/containers/containers.conf
|
||||
ADD $_REPO_URL/podman-containers.conf /home/podman/.config/containers/containers.conf
|
||||
|
||||
RUN mkdir -p /home/podman/.local/share/containers && \
|
||||
chown podman:podman -R /home/podman
|
||||
|
||||
# Copy & modify the defaults to provide reference if runtime changes needed.
|
||||
# Changes here are required for running with fuse-overlay storage inside container.
|
||||
RUN sed -e 's|^#mount_program|mount_program|g' \
|
||||
-e '/additionalimage.*/a "/var/lib/shared",' \
|
||||
-e 's|^mountopt[[:space:]]*=.*$|mountopt = "nodev,fsync=0"|g' \
|
||||
/usr/share/containers/storage.conf \
|
||||
> /etc/containers/storage.conf
|
||||
|
||||
# Setup internal Podman to pass secrets/subscriptions down from host to internal container
|
||||
RUN printf '/run/secrets/etc-pki-entitlement:/run/secrets/etc-pki-entitlement\n/run/secrets/rhsm:/run/secrets/rhsm\n' > /etc/containers/mounts.conf
|
||||
|
||||
# Note VOLUME options must always happen after the chown call above
|
||||
# RUN commands can not modify existing volumes
|
||||
VOLUME /var/lib/containers
|
||||
VOLUME /home/podman/.local/share/containers
|
||||
|
||||
# chmod containers.conf and adjust storage.conf to enable Fuse storage.
|
||||
RUN chmod 644 /etc/containers/containers.conf && \
|
||||
sed -i -e 's|^#mount_program|mount_program|g' \
|
||||
-e '/additionalimage.*/a "/var/lib/shared",' \
|
||||
-e 's|^mountopt[[:space:]]*=.*$|mountopt = "nodev,fsync=0"|g' \
|
||||
/etc/containers/storage.conf
|
||||
RUN mkdir -p /var/lib/shared/overlay-images \
|
||||
/var/lib/shared/overlay-layers \
|
||||
/var/lib/shared/vfs-images \
|
||||
/var/lib/shared/vfs-layers && \
|
||||
touch /var/lib/shared/overlay-images/images.lock && \
|
||||
touch /var/lib/shared/overlay-layers/layers.lock && \
|
||||
touch /var/lib/shared/vfs-images/images.lock && \
|
||||
touch /var/lib/shared/vfs-layers/layers.lock
|
||||
|
||||
ENV _CONTAINERS_USERNS_CONFIGURED=""
|
|
@ -1,68 +0,0 @@
|
|||
# upstream/Containerfile
|
||||
#
|
||||
# Build a Podman container image from the latest
|
||||
# upstream version of Podman on GitHub.
|
||||
# https://github.com/containers/podman
|
||||
# This image can be used to create a secured container
|
||||
# that runs safely with privileges within the container.
|
||||
# The containers created by this image also come with a
|
||||
# Podman development environment in /root/podman.
|
||||
#
|
||||
FROM registry.fedoraproject.org/fedora:latest
|
||||
|
||||
# Don't include container-selinux and remove
|
||||
# directories used by dnf that are just taking
|
||||
# up space. The latest podman + deps. come from
|
||||
# https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/
|
||||
# TODO: rpm --setcaps... needed due to Fedora (base) image builds
|
||||
# being (maybe still?) affected by
|
||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1995337#c3
|
||||
RUN dnf -y update && \
|
||||
rpm --setcaps shadow-utils 2>/dev/null && \
|
||||
dnf -y install 'dnf-command(copr)' --enablerepo=updates-testing && \
|
||||
dnf -y copr enable rhcontainerbot/podman-next && \
|
||||
dnf -y install podman fuse-overlayfs openssh-clients \
|
||||
--exclude container-selinux \
|
||||
--enablerepo=updates-testing && \
|
||||
dnf clean all && \
|
||||
rm -rf /var/cache /var/log/dnf* /var/log/yum.*
|
||||
|
||||
RUN useradd podman; \
|
||||
echo -e "podman:1:999\npodman:1001:64535" > /etc/subuid; \
|
||||
echo -e "podman:1:999\npodman:1001:64535" > /etc/subgid;
|
||||
|
||||
ARG _REPO_URL="https://raw.githubusercontent.com/containers/podman/main/contrib/podmanimage/stable"
|
||||
ADD $_REPO_URL/containers.conf /etc/containers/containers.conf
|
||||
ADD $_REPO_URL/podman-containers.conf /home/podman/.config/containers/containers.conf
|
||||
|
||||
RUN mkdir -p /home/podman/.local/share/containers && \
|
||||
chown podman:podman -R /home/podman && \
|
||||
chmod 644 /etc/containers/containers.conf
|
||||
|
||||
# Copy & modify the defaults to provide reference if runtime changes needed.
|
||||
# Changes here are required for running with fuse-overlay storage inside container.
|
||||
RUN sed -e 's|^#mount_program|mount_program|g' \
|
||||
-e '/additionalimage.*/a "/var/lib/shared",' \
|
||||
-e 's|^mountopt[[:space:]]*=.*$|mountopt = "nodev,fsync=0"|g' \
|
||||
/usr/share/containers/storage.conf \
|
||||
> /etc/containers/storage.conf
|
||||
|
||||
# Setup internal Podman to pass secrets/subscriptions down from host to internal container
|
||||
RUN printf '/run/secrets/etc-pki-entitlement:/run/secrets/etc-pki-entitlement\n/run/secrets/rhsm:/run/secrets/rhsm\n' > /etc/containers/mounts.conf
|
||||
|
||||
# Note VOLUME options must always happen after the chown call above
|
||||
# RUN commands can not modify existing volumes
|
||||
VOLUME /var/lib/containers
|
||||
VOLUME /home/podman/.local/share/containers
|
||||
|
||||
RUN mkdir -p /var/lib/shared/overlay-images \
|
||||
/var/lib/shared/overlay-layers \
|
||||
/var/lib/shared/vfs-images \
|
||||
/var/lib/shared/vfs-layers && \
|
||||
touch /var/lib/shared/overlay-images/images.lock && \
|
||||
touch /var/lib/shared/overlay-layers/layers.lock && \
|
||||
touch /var/lib/shared/vfs-images/images.lock && \
|
||||
touch /var/lib/shared/vfs-layers/layers.lock
|
||||
|
||||
ENV _CONTAINERS_USERNS_CONFIGURED="" \
|
||||
BUILDAH_ISOLATION=chroot
|
Loading…
Reference in New Issue