Fedora VM for podman
TL;DR: jump into the running VM with tools ready.
# run and provision the VM vagrant up # enter the VM vagrant ssh
Note: It is crucial to have at least 1 GB of RAM allocated for the VM. Otherwise, you might encounter strange behaviour caused by OOM kill.
All-in-One Vagrant setup
This directory is a reference cloud image with container tools
installed. This Vagrantfile creates a VM with
nfs-tools installed so you can use the VM for independent builds with an option to share artefacts using NFS.
extracted from https://docs.fedoraproject.org/en-US/iot/buildah/
buildah from fedora buildah run fedora-working-container dnf install httpd -y echo "<html />" >index.html buildah copy fedora-working-container index.html /var/www/html/index.html buildah config --entrypoint "/usr/sbin/httpd -DFOREGROUND" fedora-working-container buildah commit fedora-working-container fedora-myhttpd buildah images podman run fedora-myhttpd
Step by step explained
buildah from fedoracreates fedora-working-container (the actual name is shown in CLI)
buildah run fedora-working-container dnf install httpd -ysimple install, note the familiar
dnf install httpd -y(forced install of httpd aka apache 2.4).
echo "<html />" >index.htmlmake the simplest HTML page.
buildah copy fedora-working-container index.html /var/www/html/index.htmlput created index.html into proper place inside the container.
buildah commit fedora-working-container fedora-myhttpdbake the container into permanent image (per user though)
buildah imageslist the images available (you should see fedora-httpd listed among them).
podman run -p 8080:80 fedora-myhttpdrun the container and redirect local port of 8080 to the container port 80 (privileged port).
Some details that you might find useful when doing experiments with this repo and guide.
In case you do not have
vagrant, but only the
virsh go to sub-directory usingVirsh. This directory contains few scripts that can help you to achieve the same but using virsh (libvirt-bin package on Ubuntu).
Provisioning the VM
The few commands that you have to run as root
sudo -i to get it working when you have vanilla Fedora running somewhere. In the
Vagrantfile the packages are squashed into one line.
Note: If you do not need the NFS, then leave out the
nfs-tools package and
rpcbind service start and enable.
# switch to root account sudo -i # start with updating the system yum update -y # install semanage yum install policycoreutils-python-utils -y # then install the container tools yum install podman buildah skopeo -y # also install the NFS client yum install nfs-tools -y # turn on rpcbind systemctl start rpcbind systemctl enable rpcbind
Debugging the SE Linux
You might find it useful to turn off SE Linux or better-said switching it into permissive. When that done, you should then spot all issue that would block the execution as log messages.
# disable at runtime = switch permissive setenforce 0 # fix the context, strange labeling that was seen on F30 semanage fcontext -a -t container_file_t /var/lib/containers\(/.*\)\? # apply it to the filesystem restorecon -R /var/lib/containers # disable in config to keep it permissive after reboot sed -i 's/^\s*SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config # check state sestatus