差分

このページの2つのバージョン間の差分を表示します。

--- linux:podman [2024/03/19 06:39] – [newuidmap: open of uid_map failed: Permission denied エラーが発生する] ともやん
+++ linux:podman [2024/04/11 09:01] – [レシピ] ともやん
@@ 行 301: / 行 301: @@
 <font color="#A2734C">mysql-1       | </font>2024-03-12  5:45:20 0 [Note] mysqld: ready for connections.
 <font color="#A2734C">mysql-1       | </font>Version: &apos;10.5.9-MariaDB-1:10.5.9+maria~focal&apos;  socket: &apos;/run/mysqld/mysqld.sock&apos;  port: 3306  mariadb.org binary distribution
+</pre></html></WRAP>
+</WRAP>
+==== compose provider ====
+podman compose は、docker-compose や podman-compose などの外部作成プロバイダーの薄いラッパーです。\\
+公式: [[https://docs.podman.io/en/stable/markdown/podman-compose.1.html|podman-compose — Podman documentation]] [[gtr>https://docs.podman.io/en/stable/markdown/podman-compose.1.html|翻訳]] より\\
+podman は compose provider 探して処理を引き渡す🤔\\
+見つからない場合はエラーになるので、docker-compose、podman-compose をインストールする必要がある。\\
+<WRAP color_term>
+<WRAP color_command><html><pre>
+<font color="#FF8700"><b>$</b></font> <font color="#26A269">podman</font> <font color="#A347BA">--log-level=debug</font> compose version
+</pre></html></WRAP>
+<WRAP color_result_hlong><html><pre>
+<font color="#2AA1B3">INFO</font>[0000] podman filtering at log level debug
+<font color="#D0CFCC">DEBU</font>[0000] Called compose.PersistentPreRunE(podman --log-level=debug compose version)
+<font color="#D0CFCC">DEBU</font>[0000] Using conmon: &quot;/usr/bin/conmon&quot;
+<font color="#2AA1B3">INFO</font>[0000] Using sqlite as database backend
+<font color="#D0CFCC">DEBU</font>[0000] Using graph driver overlay
+<font color="#D0CFCC">DEBU</font>[0000] Using graph root /home/tomoyan/.local/share/containers/storage
+<font color="#D0CFCC">DEBU</font>[0000] Using run root /run/user/1000/containers
+<font color="#D0CFCC">DEBU</font>[0000] Using static dir /home/tomoyan/.local/share/containers/storage/libpod
+<font color="#D0CFCC">DEBU</font>[0000] Using tmp dir /run/user/1000/libpod/tmp
+<font color="#D0CFCC">DEBU</font>[0000] Using volume path /home/tomoyan/.local/share/containers/storage/volumes
+<font color="#D0CFCC">DEBU</font>[0000] Using transient store: false
+<font color="#D0CFCC">DEBU</font>[0000] Not configuring container store
+<font color="#D0CFCC">DEBU</font>[0000] Initializing event backend journald
+<font color="#D0CFCC">DEBU</font>[0000] Configured OCI runtime krun initialization failed: no valid executable found for OCI runtime krun: invalid argument
+<font color="#D0CFCC">DEBU</font>[0000] Configured OCI runtime crun-wasm initialization failed: no valid executable found for OCI runtime crun-wasm: invalid argument
+<font color="#D0CFCC">DEBU</font>[0000] Configured OCI runtime runj initialization failed: no valid executable found for OCI runtime runj: invalid argument
+<font color="#D0CFCC">DEBU</font>[0000] Configured OCI runtime kata initialization failed: no valid executable found for OCI runtime kata: invalid argument
+<font color="#D0CFCC">DEBU</font>[0000] Configured OCI runtime runc initialization failed: no valid executable found for OCI runtime runc: invalid argument
+<font color="#D0CFCC">DEBU</font>[0000] Configured OCI runtime runsc initialization failed: no valid executable found for OCI runtime runsc: invalid argument
+<font color="#D0CFCC">DEBU</font>[0000] Configured OCI runtime youki initialization failed: no valid executable found for OCI runtime youki: invalid argument
+<font color="#D0CFCC">DEBU</font>[0000] Configured OCI runtime ocijail initialization failed: no valid executable found for OCI runtime ocijail: invalid argument
+<font color="#D0CFCC">DEBU</font>[0000] Using OCI runtime &quot;/usr/bin/crun&quot;
+<font color="#2AA1B3">INFO</font>[0000] Setting parallel job count to 25
+<font color="#D0CFCC">DEBU</font>[0000] Error looking up compose provider &quot;docker-compose&quot;: exec: &quot;docker-compose&quot;: executable file not found in $PATH
+<font color="#D0CFCC">DEBU</font>[0000] Error looking up compose provider &quot;$HOME/.docker/cli-plugins/docker-compose&quot;: exec: &quot;/home/tomoyan/.docker/cli-plugins/docker-compose&quot;: stat /home/tomoyan/.docker/cli-plugins/docker-compose: no such file or directory
+<font color="#D0CFCC">DEBU</font>[0000] Error looking up compose provider &quot;/usr/local/lib/docker/cli-plugins/docker-compose&quot;: exec: &quot;/usr/local/lib/docker/cli-plugins/docker-compose&quot;: stat /usr/local/lib/docker/cli-plugins/docker-compose: no such file or directory
+<font color="#D0CFCC">DEBU</font>[0000] Error looking up compose provider &quot;/usr/local/libexec/docker/cli-plugins/docker-compose&quot;: exec: &quot;/usr/local/libexec/docker/cli-plugins/docker-compose&quot;: stat /usr/local/libexec/docker/cli-plugins/docker-compose: no such file or directory
+<font color="#D0CFCC">DEBU</font>[0000] Error looking up compose provider &quot;/usr/lib/docker/cli-plugins/docker-compose&quot;: exec: &quot;/usr/lib/docker/cli-plugins/docker-compose&quot;: stat /usr/lib/docker/cli-plugins/docker-compose: no such file or directory
+<font color="#D0CFCC">DEBU</font>[0000] Error looking up compose provider &quot;/usr/libexec/docker/cli-plugins/docker-compose&quot;: exec: &quot;/usr/libexec/docker/cli-plugins/docker-compose&quot;: stat /usr/libexec/docker/cli-plugins/docker-compose: no such file or directory
+<font color="#D0CFCC">DEBU</font>[0000] Error looking up compose provider &quot;podman-compose&quot;: exec: &quot;podman-compose&quot;: executable file not found in $PATH
+Error: looking up compose provider failed
+errors occurred:
+	* exec: &quot;docker-compose&quot;: executable file not found in $PATH
+	* exec: &quot;/home/tomoyan/.docker/cli-plugins/docker-compose&quot;: stat /home/tomoyan/.docker/cli-plugins/docker-compose: no such file or directory
+	* exec: &quot;/usr/local/lib/docker/cli-plugins/docker-compose&quot;: stat /usr/local/lib/docker/cli-plugins/docker-compose: no such file or directory
+	* exec: &quot;/usr/local/libexec/docker/cli-plugins/docker-compose&quot;: stat /usr/local/libexec/docker/cli-plugins/docker-compose: no such file or directory
+	* exec: &quot;/usr/lib/docker/cli-plugins/docker-compose&quot;: stat /usr/lib/docker/cli-plugins/docker-compose: no such file or directory
+	* exec: &quot;/usr/libexec/docker/cli-plugins/docker-compose&quot;: stat /usr/libexec/docker/cli-plugins/docker-compose: no such file or directory
+	* exec: &quot;podman-compose&quot;: executable file not found in $PATH
+<font color="#D0CFCC">DEBU</font>[0000] Shutting down engines
+</pre></html></WRAP>
+</WRAP>
+ソースコード: [[git>containers/podman/blob/e64d81481dd0669b60cb2fc94fed9f147e90a102/cmd/podman/compose.go#L73|podman/cmd/podman/compose.go at e64d81481dd0669b60cb2fc94fed9f147e90a102 · containers/podman]]\\
+Python の podman-compose をインストールする場合🤔\\
+公式: [[git>containers/podman-compose|containers/podman-compose: a script to run docker-compose.yml using podman]]\\
+<WRAP color_term>
+<WRAP color_command><html><pre>
+<font color="#FF8700"><b>$</b></font> <font color="#26A269">pip</font> install <font color="#A347BA">--user</font> podman-compose
+</pre></html></WRAP>
+<WRAP color_result><html><pre>
+Collecting podman-compose
+  Obtaining dependency information for podman-compose from https://files.pythonhosted.org/packages/c0/99/0f3be1e471dc6a2b6feff25fc0a9e8d973b5190f227766fe9a2eb95e6d0a/podman_compose-1.0.6-py2.py3-none-any.whl.metadata
+  Using cached podman_compose-1.0.6-py2.py3-none-any.whl.metadata (5.4 kB)
+Requirement already satisfied: pyyaml in /usr/lib64/python3.12/site-packages (from podman-compose) (6.0.1)
+Requirement already satisfied: python-dotenv in ./.local/lib/python3.12/site-packages (from podman-compose) (1.0.1)
+Using cached podman_compose-1.0.6-py2.py3-none-any.whl (34 kB)
+Installing collected packages: podman-compose
+Successfully installed podman-compose-1.0.6
+</pre></html></WRAP>
+</WRAP>
+podman は Python の podman-compose を利用するようになる🤔\\
+<WRAP color_term>
+<WRAP color_command><html><pre>
+<font color="#FF8700"><b>$</b></font> <font color="#26A269">podman</font> compose version
+</pre></html></WRAP>
+<WRAP color_result><html><pre><u style="text-decoration-style:single">&gt;&gt;&gt;&gt; Executing external compose provider &quot;/home/tomoyan/.local/bin/podman-compose&quot;. Please refer to the documentation for details. &lt;&lt;&lt;&lt;</u>
+podman-compose version: 1.0.6
+[&apos;podman&apos;, &apos;--version&apos;, &apos;&apos;]
+using podman version: 4.9.3
+podman-compose version 1.0.6
+podman --version
+podman version 4.9.3
+exit code: 0
 </pre></html></WRAP>
 </WRAP>
@@ 行 306: / 行 396: @@
 ==== その他 ====
 [[python:manylinux|manylinux]]\\
+[[.:podman:fedora_ubi_micro|Fedora 版の UBI Micro を独自に作る方法 (非公式😅)]]\\
 ==== 技術情報 ====
@@ 行 320: / 行 411: @@
 [[https://wiki.almalinux.org/containers/docker-images.html#almalinux-docker-images-variants|AlmaLinux OS Docker Images | AlmaLinux Wiki]]\\
+=== カスタムレジストリの追加 ===
+公式: [[https://podman-desktop.io/docs/containers/registries|Registries | Podman Desktop]]\\
+<WRAP color_term>
+<WRAP color_command><html><pre>
+<font color="#FF8700"><b>$</b></font> <font color="#26A269"><u style="text-decoration-style:single">sudo</u></font> <font color="#26A269">bat</font> <font color="#A347BA">-n</font> <font color="#A347BA">--paging=never</font> <font color="#A347BA">-l</font> cfg <u style="text-decoration-style:single">/etc/containers/registries.conf</u>
+</pre></html></WRAP>
+<WRAP color_result_long><html><pre class=Bat>
+<font color="#444444">   1</font> <font color="#75715E"># For more information on this configuration file, see containers-registries.conf(5).</font>
+<font color="#444444">   2</font> <font color="#75715E">#</font>
+<font color="#444444">   3</font> <font color="#75715E"># NOTE: RISK OF USING UNQUALIFIED IMAGE NAMES</font>
+<font color="#444444">   4</font> <font color="#75715E"># We recommend always using fully qualified image names including the registry</font>
+<font color="#444444">   5</font> <font color="#75715E"># server (full dns name), namespace, image name, and tag</font>
+<font color="#444444">   6</font> <font color="#75715E"># (e.g., registry.redhat.io/ubi8/ubi:latest). Pulling by digest (i.e.,</font>
+<font color="#444444">   7</font> <font color="#75715E"># quay.io/repository/name@digest) further eliminates the ambiguity of tags.</font>
+<font color="#444444">   8</font> <font color="#75715E"># When using short names, there is always an inherent risk that the image being</font>
+<font color="#444444">   9</font> <font color="#75715E"># pulled could be spoofed. For example, a user wants to pull an image named</font>
+<font color="#444444">  10</font> <font color="#75715E"># `foobar` from a registry and expects it to come from myregistry.com. If</font>
+<font color="#444444">  11</font> <font color="#75715E"># myregistry.com is not first in the search list, an attacker could place a</font>
+<font color="#444444">  12</font> <font color="#75715E"># different `foobar` image at a registry earlier in the search list. The user</font>
+<font color="#444444">  13</font> <font color="#75715E"># would accidentally pull and run the attacker&apos;s image and code rather than the</font>
+<font color="#444444">  14</font> <font color="#75715E"># intended content. We recommend only adding registries which are completely</font>
+<font color="#444444">  15</font> <font color="#75715E"># trusted (i.e., registries which don&apos;t allow unknown or anonymous users to</font>
+<font color="#444444">  16</font> <font color="#75715E"># create accounts with arbitrary names). This will prevent an image from being</font>
+<font color="#444444">  17</font> <font color="#75715E"># spoofed, squatted or otherwise made insecure.  If it is necessary to use one</font>
+<font color="#444444">  18</font> <font color="#75715E"># of these registries, it should be added at the end of the list.</font>
+<font color="#444444">  19</font> <font color="#75715E">#</font>
+<font color="#444444">  20</font> <font color="#75715E"># # An array of host[:port] registries to try when pulling an unqualified image, in order.</font>
+<font color="#444444">  21</font> <font color="#F92672">unqualified-search-registries</font><font color="#F8F8F2"> = </font><font color="#E6DB74">[&quot;registry.fedoraproject.org&quot;, &quot;registry.access.redhat.com&quot;, &quot;docker.io&quot;,</font>
+<font color="#444444">    </font> <font color="#E6DB74"> &quot;quay.io&quot;]</font>
+<font color="#444444">  22</font> <font color="#75715E">#</font>
+<font color="#444444">  23</font> <font color="#75715E"># [[registry]]</font>
+<font color="#444444">  24</font> <font color="#75715E"># # The &quot;prefix&quot; field is used to choose the relevant [[registry]] TOML table;</font>
+<font color="#444444">  25</font> <font color="#75715E"># # (only) the TOML table with the longest match for the input image name</font>
+<font color="#444444">  26</font> <font color="#75715E"># # (taking into account namespace/repo/tag/digest separators) is used.</font>
+<font color="#444444">  27</font> <font color="#75715E"># #</font>
+<font color="#444444">  28</font> <font color="#75715E"># # The prefix can also be of the form: *.example.com for wildcard subdomain</font>
+<font color="#444444">  29</font> <font color="#75715E"># # matching.</font>
+<font color="#444444">  30</font> <font color="#75715E"># #</font>
+<font color="#444444">  31</font> <font color="#75715E"># # If the prefix field is missing, it defaults to be the same as the &quot;location&quot; field.</font>
+<font color="#444444">  32</font> <font color="#75715E"># prefix = &quot;example.com/foo&quot;</font>
+<font color="#444444">  33</font> <font color="#75715E">#</font>
+<font color="#444444">  34</font> <font color="#75715E"># # If true, unencrypted HTTP as well as TLS connections with untrusted</font>
+<font color="#444444">  35</font> <font color="#75715E"># # certificates are allowed.</font>
+<font color="#444444">  36</font> <font color="#75715E"># insecure = false</font>
+<font color="#444444">  37</font> <font color="#75715E">#</font>
+<font color="#444444">  38</font> <font color="#75715E"># # If true, pulling images with matching names is forbidden.</font>
+<font color="#444444">  39</font> <font color="#75715E"># blocked = false</font>
+<font color="#444444">  40</font> <font color="#75715E">#</font>
+<font color="#444444">  41</font> <font color="#75715E"># # The physical location of the &quot;prefix&quot;-rooted namespace.</font>
+<font color="#444444">  42</font> <font color="#75715E"># #</font>
+<font color="#444444">  43</font> <font color="#75715E"># # By default, this is equal to &quot;prefix&quot; (in which case &quot;prefix&quot; can be omitted</font>
+<font color="#444444">  44</font> <font color="#75715E"># # and the [[registry]] TOML table can only specify &quot;location&quot;).</font>
+<font color="#444444">  45</font> <font color="#75715E"># #</font>
+<font color="#444444">  46</font> <font color="#75715E"># # Example: Given</font>
+<font color="#444444">  47</font> <font color="#75715E"># #   prefix = &quot;example.com/foo&quot;</font>
+<font color="#444444">  48</font> <font color="#75715E"># #   location = &quot;internal-registry-for-example.com/bar&quot;</font>
+<font color="#444444">  49</font> <font color="#75715E"># # requests for the image example.com/foo/myimage:latest will actually work with the</font>
+<font color="#444444">  50</font> <font color="#75715E"># # internal-registry-for-example.com/bar/myimage:latest image.</font>
+<font color="#444444">  51</font> <font color="#75715E">#</font>
+<font color="#444444">  52</font> <font color="#75715E"># # The location can be empty if prefix is in a</font>
+<font color="#444444">  53</font> <font color="#75715E"># # wildcarded format: &quot;*.example.com&quot;. In this case, the input reference will</font>
+<font color="#444444">  54</font> <font color="#75715E"># # be used as-is without any rewrite.</font>
+<font color="#444444">  55</font> <font color="#75715E"># location = internal-registry-for-example.com/bar&quot;</font>
+<font color="#444444">  56</font> <font color="#75715E">#</font>
+<font color="#444444">  57</font> <font color="#75715E"># # (Possibly-partial) mirrors for the &quot;prefix&quot;-rooted namespace.</font>
+<font color="#444444">  58</font> <font color="#75715E"># #</font>
+<font color="#444444">  59</font> <font color="#75715E"># # The mirrors are attempted in the specified order; the first one that can be</font>
+<font color="#444444">  60</font> <font color="#75715E"># # contacted and contains the image will be used (and if none of the mirrors contains the image,</font>
+<font color="#444444">  61</font> <font color="#75715E"># # the primary location specified by the &quot;registry.location&quot; field, or using the unmodified</font>
+<font color="#444444">  62</font> <font color="#75715E"># # user-specified reference, is tried last).</font>
+<font color="#444444">  63</font> <font color="#75715E"># #</font>
+<font color="#444444">  64</font> <font color="#75715E"># # Each TOML table in the &quot;mirror&quot; array can contain the following fields, with the same semantics</font>
+<font color="#444444">  65</font> <font color="#75715E"># # as if specified in the [[registry]] TOML table directly:</font>
+<font color="#444444">  66</font> <font color="#75715E"># # - location</font>
+<font color="#444444">  67</font> <font color="#75715E"># # - insecure</font>
+<font color="#444444">  68</font> <font color="#75715E"># [[registry.mirror]]</font>
+<font color="#444444">  69</font> <font color="#75715E"># location = &quot;example-mirror-0.local/mirror-for-foo&quot;</font>
+<font color="#444444">  70</font> <font color="#75715E"># [[registry.mirror]]</font>
+<font color="#444444">  71</font> <font color="#75715E"># location = &quot;example-mirror-1.local/mirrors/foo&quot;</font>
+<font color="#444444">  72</font> <font color="#75715E"># insecure = true</font>
+<font color="#444444">  73</font> <font color="#75715E"># # Given the above, a pull of example.com/foo/image:latest will try:</font>
+<font color="#444444">  74</font> <font color="#75715E"># # 1. example-mirror-0.local/mirror-for-foo/image:latest</font>
+<font color="#444444">  75</font> <font color="#75715E"># # 2. example-mirror-1.local/mirrors/foo/image:latest</font>
+<font color="#444444">  76</font> <font color="#75715E"># # 3. internal-registry-for-example.com/bar/image:latest</font>
+<font color="#444444">  77</font> <font color="#75715E"># # in order, and use the first one that exists.</font>
+<font color="#444444">  78</font>
+<font color="#444444">  79</font> <font color="#F92672">short-name-mode</font><font color="#F8F8F2">=&quot;</font><font color="#E6DB74">enforcing</font><font color="#F8F8F2">&quot;</font>
+</pre></html></WRAP>
+</WRAP>
 ===== Buildah を使ってより無駄のない小さなコンテナを作る🤔 =====
+公式: [[https://buildah.io/|Buildah | buildah.io]] [[gtr>https://buildah.io/|翻訳]]\\
+ソースコード: [[https://github.com/containers/buildah|containers/buildah: A tool that facilitates building OCI images.]]\\
 <WRAP round tip 90%>
 [[https://opensource.com/article/18/6/getting-started-buildah|Getting started with Buildah | Opensource.com]] [[gtr>https://opensource.com/article/18/6/getting-started-buildah|翻訳]] より\\
@@ 行 562: / 行 746: @@
 </panel>
 </accordion>
+===== Overlay Filesystem =====
+公式: [[https://docs.kernel.org/filesystems/overlayfs.html|Overlay Filesystem — The Linux Kernel documentation]] [[gtr>https://docs.kernel.org/filesystems/overlayfs.html|翻訳]]\\
 ===== レシピ =====
 [[.:podman:openlitespeed|OpenLiteSpeed (Podman)]]\\
+[[.:podman:simple-container-registry|podman ローカル プライベート レジストリの構築]]\\
+[[.:podman:kali_linux|Kali Linux (Podman)]]\\
 ===== トラブルシューティング =====
@@ 行 4902: / 行 5091: @@
 </WRAP>
-動いた😅一時的なものかもしれないが原因不明😇\\
+動いた😅一時的なものかもしれないが原因不明だが <html><code>strace podman</code></html> すると治る😇\\
 <WRAP color_term>
 <WRAP color_command><html><pre>
@@ 行 4933: / 行 5122: @@
 [[https://access.redhat.com/ja/articles/5632841|Universal Base Images (UBI): イメージ、リポジトリー、パッケージ、およびソースコード - Red Hat Customer Portal]]\\
 [[https://bugzilla.redhat.com/show_bug.cgi?id=2039261|2039261 – dnf --installroot ignores gpg keys in installroot path and requires them to be present in the default path]]\\
+[[https://rheb.hatenablog.com/entry/ubi-micro|【UBI】Red Hatの新しい最軽量コンテナーイメージ：UBI Microの紹介 - 赤帽エンジニアブログ]]\\
 [[https://superuser.com/questions/688733/start-a-systemd-service-inside-chroot-from-a-non-systemd-based-rootfs|unix - Start a systemd service inside chroot from a non systemd based rootfs - Super User]] [[gtr>https://superuser.com/questions/688733/start-a-systemd-service-inside-chroot-from-a-non-systemd-based-rootfs|翻訳]]\\
@@ 行 4939: / 行 5129: @@
 [[git>containers/podman/issues/3212|rootless: allow binding privileged ports with CAP_NET_BIND_SERVICE file cap · Issue #3212 · containers/podman]] [[gtr>https://github.com/containers/podman/issues/3212|翻訳]]\\
 [[so>questions/413807/is-there-a-way-for-non-root-processes-to-bind-to-privileged-ports-on-linux|Is there a way for non-root processes to bind to "privileged" ports on Linux? - Stack Overflow]]\\
+[[https://www.redhat.com/sysadmin/speeding-container-buildah|Speeding up container image builds with Buildah | Enable Sysadmin]]\\
 ==== 付録 ====