Documentation fix: we need port forwarding to access a rootless containers TCP port. #2817
Conversation
|
Hi @tkrypton. Thanks for your PR. I'm waiting for a containers or openshift member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
openshift-ci-robot
added
the
needs-ok-to-test
|
Can one of the admins verify this patch?
|
|
bot, test pull request |
| ```console | ||
| $ sudo podman inspect -l | grep IPAddress\": | ||
| "IPAddress": "10.88.6.140", | ||
| "SecondaryIPAddresses": null, | ||
| "IPAddress": "", |
There was a problem hiding this comment.
this command runs as root. Containers created by root get an IP
There was a problem hiding this comment.
Lets update the docs to state that.
There was a problem hiding this comment.
Look again. The container in the tutorial gets started rootless and gets no IP. I have not changed that, just took it as it was.
There was a problem hiding this comment.
Need to kill the sudo then. We don't share containers between Root and Rootless Podman, so sudo podman inspect won't find a container created without using sudo
openshift-ci-robot
added
the
approved
|
/approve LGTM |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: giuseppe, tkrypton The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
docs/tutorials/podman_tutorial.md
Outdated
| @@ -140,10 +141,11 @@ podman ps | |||
| Note: If you add *-a* to the *ps* command, Podman will show all containers. | |||
| ### Inspecting a running container | |||
| You can "inspect" a running container for metadata and details about itself. We can even use | |||
| the inspect subcommand to see what IP address was assigned to the container. | |||
| the inspect subcommand to see what IP address was assigned to the container (none): | |||
There was a problem hiding this comment.
can we say "(none, as rootless containers do not receive an IP address)"?
There was a problem hiding this comment.
I'd prefer making it a new sentence, but we certainly should add a bit more than '(none)' here. I'd suggest something like:
"As the container is running in rootless mode, an IP address is not assigned and the value will be listed as "none" in the output from inspect."
There was a problem hiding this comment.
I wonder how that tutorial started? Probably all commands were run as root? Should this be split into a root and a rootless tutorial? I'd be happy to add that sentence, though.
There was a problem hiding this comment.
Yes, when the tutorial was first created, rootless was not an option at that time.
| @@ -123,13 +123,14 @@ sudo make install PREFIX=/usr | |||
| This sample container will run a very basic httpd server that serves only its index | |||
| page. | |||
| ```console | |||
| podman run -dt -e HTTPD_VAR_RUN=/var/run/httpd -e HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \ | |||
| podman run -dt -p 8080:8080/tcp -e HTTPD_VAR_RUN=/var/run/httpd -e HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \ | |||
| -e HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \ | |||
| -e HTTPD_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/httpd/ \ | |||
| registry.fedoraproject.org/f27/httpd /usr/bin/run-httpd | |||
| ``` | |||
There was a problem hiding this comment.
This command worked for me as root, but failed as rootless:
$ podman run -dt -p 8080:8080/tcp -e HTTPD_VAR_RUN=/var/run/httpd -e HTTPD_MAIN_CONF_D_PATH=/etc/httpd/conf.d \
> -e HTTPD_MAIN_CONF_PATH=/etc/httpd/conf \
> -e HTTPD_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/httpd/ \
> registry.fedoraproject.org/f27/httpd /usr/bin/run-httpd
Trying to pull registry.fedoraproject.org/f27/httpd...Getting image source signatures
Copying blob ff3dab903f92 [==================================] 80.7MiB / 80.7MiB
Copying blob 9347d6e9d864 [====================================] 7.3MiB / 7.3MiB
Copying blob 2fc5c44251d4 [==================================] 44.8MiB / 44.8MiB
Copying config 18f01f6f77 [====================================] 6.6KiB / 6.6KiB
Writing manifest to image destination
Storing signatures
Error: error from slirp4netns while setting up port redirection: map[desc:bad request: add_hostfwd: slirp_add_hostfwd failed]
@giuseppe do we have a slirp4netns dependency that we need to document in here? I'm running podman 1.1.2
There was a problem hiding this comment.
That didn't come directly in with the 1.1.2 kit, will it with 1.2? Do we need to add anything here in the the tutorial?
There was a problem hiding this comment.
Hmmm... As I started out I just wanted to fix one issue as I ran into a brick wall by just trying out this tutorial. But I can add a hint that this rootless command needs at least slirp4netns v0.3.0.
There was a problem hiding this comment.
@tkrypton thanks, that would be good. I was hoping to not have to do that, but I don't think there's a better way to do so.
|
Docs LGTM, but Gitvalidation is complaining about your commit - it's missing a signoff ( |
|
/ok-to-test |
openshift-ci-robot
added
ok-to-test
and removed
needs-ok-to-test
|
Yeah, added the missing signoff and splitted the commit message. |
|
@tkrypton Sorry, one more thing - The Papr failures aren't your fault, so ignore those - infrastructure issues with the CI |
|
@tkrypton Can you squash your commits together with |
Signed-off-by: Ulrich Teichert <516052+tkrypton@users.noreply.github.com>
|
I'll give it a try... |
|
I think after rebasing this has lost all labels... |
|
We're green. LGTM |
|
/lgtm |
github-actions
bot
added
the
locked - please file new issue/PR
The tutorial fools new users; the output listed does not fit the output the user will get. This commit uses port forwarding in the example command, so that the curl command will work.