User Tools

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
gentoo:containers [2024/07/30 09:45] – [Podman containers autostart] willygentoo:containers [2025/03/13 13:25] (current) – [Using Containers on Gentoo] willy
Line 1: Line 1:
-====== Using Containers on Gentoo ======+====== F) Using Containers on Gentoo ======
  
 Containers are a great tool that caters to some specific, and important, needs. But be aware that //containers// are not **the** solution to selfhosting-made-easy and, specifically, **containers have been created to solve different issues than self-hosting!**  Containers are a great tool that caters to some specific, and important, needs. But be aware that //containers// are not **the** solution to selfhosting-made-easy and, specifically, **containers have been created to solve different issues than self-hosting!** 
Line 79: Line 79:
 which i suggest to run as un-priviledged user to verify everything is working as non-root too. which i suggest to run as un-priviledged user to verify everything is working as non-root too.
  
-Now, install **podman-compose** which is bit more complex because at this time there is no official ebuild yet.+Now, install **podman-compose**, and thanks to few user contributed inputs (see [[https://bugs.gentoo.org/717748]]), mine included, it's not part of portage gentoo tree, so: 
 +<code bash> 
 +emerge -vp podman-compose 
 +</code>
  
-Follow my [[gentoo:repositories|repo guide]] to create a custom repo (or use your already existing custom repo) to add the following ebuild: +beware that it might be masked for your arch, in this case, just unmask it with your keyword, ex ~amd64.
-<file - podman-compose-1.0.6.ebuild> +
-# Copyright 2024 Gentoo Authors +
-# Distributed under the terms of the GNU General Public License v2+
  
-EAPI=8+=== Podman rootless users ===
  
-DISTUTILS_USE_SETUPTOOLS=rdepend +When running a container rootless, which is the main point behind Podman, you might end up having some issues with user IDs.
-PYTHON_COMPAT=( python3_{10..11} )+
  
-inherit distutils-r1+[[https://blog.christophersmart.com/2021/01/26/user-ids-and-rootless-containers-with-podman/|This]] article is a very good read on the topic.
  
-DESCRIPTION="Run docker-compose files without root with podman" +In shortwhen running rootless, the //user 0//, or root, of the container, will be mapped to your user ID, and any //additional// user will be remapped according to the content of **/etc/subuid** and **/etc/subgid** files. This means that if the container defines additioanl users, they will __not__ map to your user but to a different UID that is also sub-mapped to your user, but Linux itself will not recognize that and any files and folders created by the container will belog to this strange user.
-HOMEPAGE="https://pypi.org/project/podman-compose https://github.com/containers/podman-compose" +
-SRC_URI="https://files.pythonhosted.org/packages/65/a8/d77d2eaa85414d013047584d3aa10fac47edb328f5180ca54a13543af03a/podman-compose-1.0.6.tar.gz" +
-#SRC_URI="mirror://pypi/${PN:0:1}/${PN}/${P}.tar.gz" +
- +
-LICENSE="GPL-2" +
-SLOT="0" +
-KEYWORDS="~amd64" +
- +
-DEPEND="" +
-RDEPEND=" +
-        ${DEPEND} +
-        dev-python/pyyaml[${PYTHON_USEDEP}] +
-        dev-python/python-dotenv[${PYTHON_USEDEP}] +
-+
-BDEPEND="" +
-</file>+
  
-as //app-containers/podman-compose-1.0.6.ebuild// and then emerge it (see [[https://bugs.gentoo.org/717748]]).+The easiest way to fix it, is to force your container to run... **as user 0**! In fact, since we are using rootless podman, that only means **as your own user** nad not actually root.
  
-I hope that this ebuild will be merged to Gentoo official repo soon. 
  
 ==== Podman networks ==== ==== Podman networks ====
Line 121: Line 103:
 To create a Podman subnet you need to run the following command after each reboot, as root: To create a Podman subnet you need to run the following command after each reboot, as root:
 <code bash> <code bash>
- >   podman network create my-container-net+podman network create my-container-net
 </code> </code>
  
Line 141: Line 123:
 networks: networks:
   my-container-net: {}   my-container-net: {}
-  </code>+</code>
      
-  I strongly suggest that you edit your docker compose files and ensure each service has it's own independent network. I will give more details for each service on it's respective page.+I strongly suggest that you edit your docker compose files and ensure each service has it's own independent network. I will give more details for each service on it's respective page.
  
  
Line 162: Line 144:
 UC_SLOT="${SVCNAME#user-containers.}" UC_SLOT="${SVCNAME#user-containers.}"
 UC_USER=${USER:-${UC_SLOT}} UC_USER=${USER:-${UC_SLOT}}
 +UC_COMPOSER_FILE=${COMPOSER_FILE:-docker-compose.yml}
 +UC_CHOWN_DIR=${CHOWN_DIR}
 if [ "${UC_SLOT}" != "user-containers" ] if [ "${UC_SLOT}" != "user-containers" ]
 then then
         UC_HOME=${HOME:-$(su - ${UC_USER} -c "pwd")}         UC_HOME=${HOME:-$(su - ${UC_USER} -c "pwd")}
 fi fi
 +
 +extra_commands="update"
 +update() {
 +        if [ "${UC_SLOT}" != "user-containers" ]
 +        then
 +                COMMAND="$(which podman)"
 +                stop
 +                ebegin "Running podman compose pull..."
 +                su - ${UC_USER} -c "${COMMAND} compose -f ${UC_COMPOSER_FILE} pull"
 +                start
 +        else
 +                ebegin "Error: do not run this script, run a link to it!"
 +                eend 255
 +        fi
 +}
  
 description=${DESCRIPTION:-You forgot to describe your container} description=${DESCRIPTION:-You forgot to describe your container}
Line 171: Line 170:
  
 start_pre() { start_pre() {
-        test -e "${UC_LOG_PATH}" || mkdir "${UC_LOG_PATH}" +        if [ "${UC_SLOT}" != "user-containers"
-        test -e "${UC_LOG_PATH}/${UC_SLOT}" || { +        then 
-                mkdir "${UC_LOG_PATH}/${UC_SLOT}" +                test -e "${UC_LOG_PATH}" || mkdir "${UC_LOG_PATH}" 
-        } && chown -R ${UC_USER} "${UC_LOG_PATH}/${UC_SLOT}"+                test -e "${UC_LOG_PATH}/${UC_SLOT}" || { 
 +                        mkdir "${UC_LOG_PATH}/${UC_SLOT}" 
 +                } && chown -R ${UC_USER} "${UC_LOG_PATH}/${UC_SLOT}" 
 +                if [ -n "${UC_CHOWN_DIR}" -a -e ${UC_CHOWN_DIR} ] 
 +                then 
 +                        chown -R ${UC_USER} ${UC_CHOWN_DIR} 
 +                fi 
 +        else 
 +                ebegin "Error: do not run this script, run a link to it!" 
 +                eend 255 
 +        fi
 } }
 +
  
 start() { start() {
         ebegin "Starting container '${UC_SLOT}' for user '${UC_USER}' (${UC_HOME})"         ebegin "Starting container '${UC_SLOT}' for user '${UC_USER}' (${UC_HOME})"
         COMMAND="$(which podman)"         COMMAND="$(which podman)"
-        ARGUMENTS=(compose up)+        ARGUMENTS=(compose -f ${UC_COMPOSER_FILE} up)
         ebegin " ... ensuring nat table is loaded ..."         ebegin " ... ensuring nat table is loaded ..."
         iptables -L -t nat &> /dev/null         iptables -L -t nat &> /dev/null
         ebegin " ... creating '${UC_SLOT}-net' ..."         ebegin " ... creating '${UC_SLOT}-net' ..."
         podman network create ${UC_SLOT}-net &> /dev/null         podman network create ${UC_SLOT}-net &> /dev/null
-        ebegin " ... running a 'podman compose down' just in case ..." 
         su - "${UC_USER}" -c "$(which podman) compose down" &> /dev/null         su - "${UC_USER}" -c "$(which podman) compose down" &> /dev/null
         start-stop-daemon -p ${pidfile} \         start-stop-daemon -p ${pidfile} \
Line 200: Line 209:
 stop() { stop() {
         ebegin " ... running 'podman compose down' ..."         ebegin " ... running 'podman compose down' ..."
-        su - "${UC_USER}" -c "$(which podman) compose down" &> /dev/null+        su - "${UC_USER}" -c "$(which podman) compose -f ${UC_COMPOSER_FILE} down" &> /dev/null
         start-stop-daemon -p ${pidfile} \         start-stop-daemon -p ${pidfile} \
                           -u ${UC_USER} \                           -u ${UC_USER} \
Line 227: Line 236:
 </code> </code>
  
-That's it.+That's it.  
 + 
 +The above script also provide an "update" commnand that will update your containers automatically. 
  
 ==== Using Podman for new containers ==== ==== Using Podman for new containers ====

This website uses technical cookies only. No information is shared with anybody or used in any way but provide the website in your browser.

More information