Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Run via rootless podman or singularity/apptainer? #89

Closed
yarikoptic opened this issue Jan 31, 2023 · 11 comments
Closed

Run via rootless podman or singularity/apptainer? #89

yarikoptic opened this issue Jan 31, 2023 · 11 comments
Assignees
@candleindark

Comments

@yarikoptic
Copy link
Member

We should check with @asmacdo if that would be possible to avoid possible "kill all by using docker" scenario ;)
@asmacdo
Copy link
Collaborator

asmacdo commented Jan 31, 2023
edited
Loading

Without fully understanding the use case I think the answer is yes.

With podman, we have 4 options.

  • run podman as root, run container as root
  • run podman as root, run container as non-root (specify -u someuser)
  • run podman as non-root, run the container as root (ex. UID 0 inside the container maps to UID 1000 outside)
  • run podman as non-root, run the container as non-root. safety first!

@yarikoptic
Copy link
Member Author

FWIW we have podman installed on smaug now.
In development mode we need to start db and broker from https://github.com/datalad/datalad-registry/blob/master/docker-compose.yml .
https://github.com/datalad/datalad-registry/blob/master/up is the script used for that purpose.

Can you @asmacdo work with @candleindark and research into possibility of the "non-root" execution of those instances? I think it should be feasible since really there is no need for "outside root" - ports they use are not privileged so for that root also would not be needed.

@candleindark candleindark mentioned this issue Feb 10, 2023
Merged
@candleindark
Copy link
Collaborator

@yarikoptic Podman on Smaug is currently @ 3.0.1. Can we have it updated to the current version 4.4.1?

@yarikoptic
Copy link
Member Author

I've tried to backport 4.3.1 (present in debian unstable) but "no good".

Why would we need 4.4.1? is there a way for user-space installation (attn @asmacdo)?

@asmacdo
Copy link
Collaborator

asmacdo commented Feb 13, 2023

Seems like it's possible but probably not worth the effort.

containers/podman#3100

@candleindark
Copy link
Collaborator

I've tried to backport 4.3.1 (present in debian unstable) but "no good".

Why would we need 4.4.1? is there a way for user-space installation (attn @asmacdo)?

All the documentation I have been reading is at version 4+. I was just wondering if we can upgrade to version 4+ just for consistency. It actually don't have to be 4.4.1 in particular.

@candleindark
Copy link
Collaborator

Datalad-registry has been run by Podman for more than 7 days. I think we should close this issue.

@yarikoptic
Copy link
Member Author

feel welcome to close issues you consider addressed. Where possible/relevant -- reference a commit or PR which closed it. In this case I guess it might benefit from a quick section in README.md on podman and settings to use to avoid containers being killed.

@candleindark
Copy link
Collaborator

Note:
Before closing this issue, provide a section on README.md for running registry on Podman. This section should provide the solution to avoid Podman containers being killed by systemd.

@yarikoptic
Copy link
Member Author

could we consider #102 as a replacement for this one? ;)

@candleindark
Copy link
Collaborator

Sure, let's close this one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@candleindark candleindark

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@yarikoptic @asmacdo @candleindark