runsisi's

technical notes

Podman

2019-09-26 runsisi#docker

Podman 的运行依赖于容器运行时和 conmon。

runc

直接在 releases 页面下载即可:

https://github.com/opencontainers/runc

conmon

在 Alpine 中构建无依赖的 conmon:

# apk add alpine-sdk
# apk add git bash glib-dev glib-static
# git clone https://github.com/containers/conmon.git
# cd conmon/
# make static
make git-vars bin/conmon PKG_CONFIG='pkg-config --static' CFLAGS='-static' LDFLAGS=' -s -w -static' LIBS='-lglib-2.0 -lintl '
make[1]: Entering directory '/conmon'
make[1]: Nothing to be done for 'git-vars'.
cc -static -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include  -DVERSION=\"2.0.2-dev\" -DGIT_COMMIT=\""422ce21f1527f7624982748a36601401887aa181"\" -o src/conmon.o -c src/conmon.c
cc -static -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include  -DVERSION=\"2.0.2-dev\" -DGIT_COMMIT=\""422ce21f1527f7624982748a36601401887aa181"\" -o src/cmsg.o -c src/cmsg.c
cc -static -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include  -DVERSION=\"2.0.2-dev\" -DGIT_COMMIT=\""422ce21f1527f7624982748a36601401887aa181"\" -o src/ctr_logging.o -c src/ctr_logging.c
cc -static -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include  -DVERSION=\"2.0.2-dev\" -DGIT_COMMIT=\""422ce21f1527f7624982748a36601401887aa181"\" -o src/utils.o -c src/utils.c
mkdir -p bin
cc -s -w -static -o bin/conmon src/conmon.o src/cmsg.o src/ctr_logging.o src/utils.o -lglib-2.0 -lintl  -lglib-2.0 -lintl -pthread -lpcre 
make[1]: Leaving directory '/conmon'
# ldd bin/conmon
        /lib/ld-musl-x86_64.so.1 (0x7fcaf7dbc000)

构建 podman

$ git clone https://github.com/containers/libpod.git
$ cd libpod/
$ make binaries
mkdir -p "/home/runsisi/working/src/libpod/_output/src/github.com/containers"
ln -sfn "/home/runsisi/working/src/libpod" "/home/runsisi/working/src/libpod/_output/src/github.com/containers/libpod"
ln -sfn "/home/runsisi/working/src/libpod/vendor/github.com/varlink" "/home/runsisi/working/src/libpod/_output/src/github.com/varlink"
touch .gopathok
GO111MODULE=on go build -mod=vendor  -gcflags 'all=-trimpath=/home/runsisi/working/src/libpod' -asmflags 'all=-trimpath=/home/runsisi/working/src/libpod' -ldflags ' -X github.com/containers/libpod/libpod.gitCommit=3ed265c520eb4cea1e9157125dbff0e6a1b0b5f8-dirty -X github.com/containers/libpod/libpod.buildInfo=1569478865 -X github.com/containers/libpod/libpod.installPrefix=/usr/local -X github.com/containers/libpod/libpod.etcDir=/etc' -tags "   containers_image_ostree_stub selinux systemd exclude_graphdriver_devicemapper seccomp varlink" -o bin/podman github.com/containers/libpod/cmd/podman
GO111MODULE=on go build -mod=vendor  -gcflags 'all=-trimpath=/home/runsisi/working/src/libpod' -asmflags 'all=-trimpath=/home/runsisi/working/src/libpod' -ldflags ' -X github.com/containers/libpod/libpod.gitCommit=3ed265c520eb4cea1e9157125dbff0e6a1b0b5f8-dirty -X github.com/containers/libpod/libpod.buildInfo=1569478871 -X github.com/containers/libpod/libpod.installPrefix=/usr/local -X github.com/containers/libpod/libpod.etcDir=/etc' -tags "   containers_image_ostree_stub selinux systemd exclude_graphdriver_devicemapper seccomp varlink remoteclient" -o bin/podman-remote github.com/containers/libpod/cmd/podman
$ ls bin/
podman  podman-remote

运行

将 runc, conmon 拷贝到 podman 所在的目录,然后运行即可:

$ ./podman --runtime $PWD/runc.amd64 --conmon $PWD/conmon version
WARN[0000] the current user namespace doesn't match the configuration in /etc/subuid or /etc/subgid 
WARN[0000] you can use `./podman system migrate` to recreate the user namespace and restart the containers 
Version:            1.6.0-dev
RemoteAPI Version:  1
Go Version:         go1.13
OS/Arch:            linux/amd64
$ ./podman --runtime $PWD/runc.amd64 --conmon $PWD/conmon system migrate
$ ./podman --runtime $PWD/runc.amd64 --conmon $PWD/conmon version
Version:            1.6.0-dev
RemoteAPI Version:  1
Go Version:         go1.13
OS/Arch:            linux/amd64

参考资料

Dockerless, part 1: Which tools to replace Docker with and why

https://mkdev.me/en/posts/dockerless-part-1-which-tools-to-replace-docker-with-and-why

Dockerless, part 2: How to build container image for Rails application without Docker and Dockerfile

https://mkdev.me/en/posts/dockerless-part-2-how-to-build-container-image-for-rails-application-without-docker-and-dockerfile

Dockerless, part 3: Moving development environment to containers with Podman

https://mkdev.me/en/posts/dockerless-part-3-moving-development-environment-to-containers-with-podman

rootless setup user: invalid argument

https://github.com/containers/libpod/blob/master/troubleshooting.md#10-rootless-setup-user-invalid-argument

subuid - the subordinate uid file

http://man7.org/linux/man-pages/man5/subuid.5.html

How does rootless Podman work?

https://opensource.com/article/19/2/how-does-rootless-podman-work

Podman and user namespaces: A marriage made in heaven

https://opensource.com/article/18/12/podman-and-user-namespaces

cmd/go: build: add -static flag

https://github.com/golang/go/issues/26492