Skip to content

Add development container for usage with Podman #317

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Add development container for usage with Podman #317

wants to merge 1 commit into from

Conversation

d4nuu8
Copy link
Contributor

@d4nuu8 d4nuu8 commented Nov 15, 2021

This patch adds a development container for usage with Podman.

This new container provides a few improvements compared to the already
existing one:

  • The new container image is based on the official Debian Bullseye image
    in the slim variant. The existing container is using a three years old
    image based on Debian Stretch.

  • The new container image only contains a minimal set of Debian packages
    which are needed to run ELBE from the Git sources.

    The container image has a size of 329 MB.
    The already existing image has a size of 1.15 GB.

  • To build and run the container image / instance Podman is used. The
    main reason to switch from Docker to Podman - in this case - is the
    usage of systemd inside the container.

    With Docker it is not that easy to run systemd in a container. This
    can be seen at the already existing container.

    With Podman it is very easy to achieve this.

    See
    https://developers.redhat.com/blog/2019/04/24/how-to-run-systemd-in-a-container
    for detailed information.

Right now there is one downside of the new container: the container
instance is started as rootful container in privileged mode.

Podman's rootless mode cannot be used, because the CAP_SYS_ADMIN
capability is needed which is only granted in rootful mode.

The privileged mode is used right now, because I wasn't able the create
and use an initvm without it. Dumb copying of the security settings
from the existing container was not working unfortunately.

This is something which should be optimized in the future.

Signed-off-by: Daniel Braunwarth [email protected]

@d4nuu8
Add development container for usage with Podman
28a3ae4 
This patch adds a development container for usage with Podman.

This new container provides a few improvements compared to the already
existing one:

- The new container image is based on the official Debian Bullseye image
  in the slim variant. The existing container is using a three years old
  image based on Debian Stretch.

- The new container image only contains a minimal set of Debian packages
  which are needed to run ELBE from the Git sources.

  The container image has a size of 329 MB.
  The already existing image has a size of 1.15 GB.

- To build and run the container image / instance Podman is used. The
  main reason to switch from Docker to Podman - in this case - is the
  usage of systemd inside the container.

  With Docker it is not that easy to run systemd in a container. This
  can be seen at the already existing container.

  With Podman it is very easy to achieve this.

  See
  https://developers.redhat.com/blog/2019/04/24/how-to-run-systemd-in-a-container
  for detailed information.

Right now there is one downside of the new container: the container
instance is started as rootful container in privileged mode.

Podman's rootless mode cannot be used, because the CAP_SYS_ADMIN
capability is needed which is only granted in rootful mode.

The privileged mode is used right now, because I wasn't able the create
and use an initvm without it. Dumb copying of the security settings
from the existing container was not working unfortunately.

This is something which should be optimized in the future.

Signed-off-by: Daniel Braunwarth <[email protected]>
@d4nuu8 d4nuu8 force-pushed the podman_dev_container branch from 1c32cf4 to 28a3ae4 Compare January 20, 2022 06:00
@d4nuu8 d4nuu8 closed this Jan 20, 2022
@d4nuu8 d4nuu8 mentioned this pull request Oct 12, 2022
Closed
@Taumille
Copy link
Contributor

Hello,
I came across your Pull Request while trying to use the currently existing (broken) Docker container, after updating your work and doing some minor modifications it works flawlessly !

Why did you close your PR ?

@d4nuu8
Copy link
Contributor Author

d4nuu8 commented Feb 13, 2025

After two months without any reaction I decided to keep it in my own branch. Doesn't seems to be wanted.

@Taumille
Copy link
Contributor

I feel like it should be upstreamed... Can I try to upstream the modifications I've done on my side ? I'll obviously keep you Sob.

@t-8ch
Copy link
Contributor

t-8ch commented Feb 14, 2025

Hi everybody, sorry this didn't go anywhere before.

There is also #407 which does not need root, but does a lot of hacky things.
In general my goal is to make it possible to run elbe without root or a VM,
but alas that didn't progress as much as I'd like.
So I like this approach a bit better than than #407.

There are a few requests, though:

  • If the new container can be made to work with Docker somehow, that would be great.
  • If the current container image is broken, remove it.
  • ELBE now supports a QEMU mode, which does not use libvirt. It should be easier to run unprivileged than libvirt.
  • It would be nice to have containers for both development, using elbe from git and for production, running it from packages. The dev container could be built on top of the prod container.
  • Debian bookworm should be used :-)

@d4nuu8
Copy link
Contributor Author

d4nuu8 commented Feb 15, 2025

I'm going to update to container and push an update.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@d4nuu8 @Taumille @t-8ch