Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Podman section for documentation #1882

Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open

Podman section for documentation #1882

wants to merge 7 commits into from

Conversation

Tronde
Copy link

@Tronde Tronde commented Aug 29, 2022

There seems to be some interest in a Podman section for the documentation. With this PR I'd like to provide one to close #1874.

@Tronde
Create Podman.md
d04945b 
It's work in progress. Following issues exist:

- There is no `release` tag in the docker image. See [shaarli#1875](shaarli#1875)
- Example NGINX reverse proxy config is missing
- Example of generating systemd unit files and install them is missing
@Tronde
Update Podman.md
274bfdc 
* Make a note regarding the broken `release` tag
* Add systemd section
@Tronde
Merge branch 'shaarli:master' into master
12b834b
@nodiscc nodiscc added this to the backlog to the future milestone Sep 12, 2022
@nodiscc nodiscc self-requested a review September 12, 2022 23:11
ArthurHoaro
ArthurHoaro reviewed Sep 14, 2022
View reviewed changes
Copy link
Member

@ArthurHoaro ArthurHoaro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's really nice!
Maybe it could benefit a small mention in Installation.md?

nodiscc
nodiscc reviewed Sep 22, 2022
View reviewed changes
doc/md/Podman.md Outdated Show resolved Hide resolved
doc/md/Podman.md Outdated Show resolved Hide resolved
doc/md/Podman.md Show resolved Hide resolved
@nodiscc nodiscc self-requested a review October 14, 2022 16:08
nodiscc
nodiscc requested changes Dec 12, 2022
View reviewed changes
doc/md/Podman.md Outdated Show resolved Hide resolved
doc/md/Podman.md Outdated Show resolved Hide resolved
doc/md/Podman.md Show resolved Hide resolved
doc/md/Podman.md Show resolved Hide resolved
Tronde and others added 4 commits December 13, 2022 20:20
@Tronde @nodiscc
Use full qualified path with release tag
f8ba780 
Co-authored-by: nodiscc <[email protected]>
@Tronde @nodiscc
Use full qualified path with release tag
407e40e 
Co-authored-by: nodiscc <[email protected]>
@Tronde
Merge branch 'shaarli:master' into master
8619dd9
@Tronde
Set correct file ownership for podman volumes
4a59c91 
Since the NGINX process in the container is running with UID 100 and GID 101 the file ownership for the podman volumes have to be adjusted in the user namespace of the container/pod.

This is done with the `podman unshare` command in line 50.
@Tronde Tronde requested a review from nodiscc December 18, 2022 10:45
@nodiscc
Copy link
Member

nodiscc commented Mar 1, 2023

Sorry for the delay, this is still on my radar, I think my last attempt to deploy it with the updated instructions/podman unshare was successful, I will have another look and check if there is a simpler method.

@nodiscc nodiscc mentioned this pull request Jul 26, 2023
Open
@nodiscc nodiscc self-assigned this Oct 6, 2023
@nodiscc
Copy link
Member

nodiscc commented Oct 26, 2023

Hi, I now have a working Shaarli deployment using rootless podman. Most of what is documented in this PR is correct but could be simplified.

In short, there are 4 possible ways [1] [2] [3] [4] [5] [6] to run podman containers:

  • root outside the container/root inside the container
  • root outside the container/non-root inside the container
  • non-root outside the container/root inside the container
  • non-root outside the container/non-root inside the container`

We are obviously aiming for the last solution which provides the most isolation/security.

A non-root user will not have privileges to run chown to alter permissions for the data/cache directory and make them r/w by nginx/php-fpm inside the container, hence the use of podman unshare to accomplish this through user namespaces/UID remapping. However I'd like the user running the container to be a dedicated user account (e.g. shaarli-podman) instead of the interactive user account I'm using to administrate the server - and sudo -u shaarli-podman podman unshare fails as podman unshare cannot be run through sudo (even when sudoing to an unprivileged user...). The alternative would be creating directories on the host, and sudo chown them as 100:101 on the host - but this is not ideal, as it gives 100:101 on the host r/w access to these directories in the container. Once I find how to overcome this limitation I will be able to document a clean and easy way to run Shaarli in rootless podman. I will try to get it working soon.

Also I did a bit of refactoring on the documentation in #2025 (migration to sphinx + reorganization and cleanup). I'd like to merge https://shaarli.readthedocs.io/en/master/Docker.html into https://shaarli.readthedocs.io/en/master/Installation.html as it's just another installation method, and it can be shortened. Once this is done, and as Podman setup steps are extremely similar to Docker, I'd like the podman documentation to also be found on the Installation page. So I'll provide the required changes on top of this PR.

Keeping this open until then.

@Tronde
Copy link
Author

Tronde commented Jul 25, 2024

Hi @nodiscc,
It has been a while since your last update on this PR.
Are you still working on it?
Is there something you could use a helping hand with? Something to test or verify, mabe?

@nodiscc
Copy link
Member

nodiscc commented Jul 25, 2024

Hi @Tronde, I did a bit of work on this some time ago, made a crude ansible role excerpt here to install a shaarli instance using podman, mostly based on your instructions, I think it was mostly working, so I'd say it's almost good to merge.

What needs to be done here, is merging the podman documentation with the docker one, so that we don't end up with two pages that are 90% duplicates of each other.

I had started working on this a while ago but my draft seems to have been lost 😭 . If you want, you can have a go at it in this PR. The https://shaarli.readthedocs.io/en/master/Docker.html page has a lot of extra (and possibly outdated) information, don't be afraid of removing/cleaning up things.

@Tronde
Copy link
Author

Tronde commented Aug 8, 2024

What needs to be done here, is merging the podman documentation with the docker one, so that we don't end up with two pages that are 90% duplicates of each other.

…If you want, you can have a go at it in this PR. The https://shaarli.readthedocs.io/en/master/Docker.html page has a lot of extra (and possibly outdated) information, don't be afraid of removing/cleaning up things.

Hi @nodiscc,
I need to think about it. My experience with docker is not as good as with podman. So it could be tricky for me to merge the pages. So please don't wait for me. Anyway when I have some spare time I will look into it. But here we are talking month rather than weeks. :-/

@nodiscc nodiscc modified the milestones: backlog to the future, 0.15.0 Nov 15, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ArthurHoaro ArthurHoaro ArthurHoaro approved these changes

@nodiscc nodiscc Awaiting requested review from nodiscc

Assignees

@nodiscc nodiscc

Labels
docker containers & cloud documentation in review
Projects
None yet
Milestone
0.15.0
Development

Successfully merging this pull request may close these issues.

Do you like the idea of having a section for Podman in the docs?
3 participants
@Tronde @nodiscc @ArthurHoaro