Podman support

[jdoss]

Is your feature request related to a problem? Please describe.
I want Podman support in Waypoint! 🤠

Describe the solution you'd like
Podman supports a local socket that can be used with Docker compose. It would be super cool to be able to use the rootless Podman socket with Waypoint.

Describe alternatives you've considered

Try to install waypoint

$ waypoint install -platform=docker -accept-tos
❌ Checking for existing installation...
! Error installing server into docker: Got permission denied while trying to connect to the Docker daemon socket at
  unix:///var/run/docker.sock: Get
  "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/containers/json?all=1&filters=%7B%22label%22%3A%7B%22waypoint-type%3Dserver%22%3Atrue%7D%7D&limit=0":
  dial unix /var/run/docker.sock: connect: permission denied

Enable rootless podman socket

$ systemctl --user enable podman.socket
$ systemctl --user start podman.socket
$ ls -al $XDG_RUNTIME_DIR/podman/podman.sock
srw-rw----. 1 jdoss jdoss 0 Aug 31 10:05 /run/user/1000/podman/podman.sock

Tell Waypoint to use it

$ export DOCKER_HOST=unix://$XDG_RUNTIME_DIR/podman/podman.sock
$ waypoint install -platform=docker -accept-tos
✓ Pulling image: hashicorp/waypoint:latest
 │ e338015c18dd: Download complete
 │ 3a0d753041d6: Download complete
 │ 583006983478: Download complete
 │ b1709af6d764: Downloading [==================>                                ]
 │  41.75MB/114.2MBlling fs layer
 │ b1709af6d764: Downloading [====================================>              ]
 │ b1709af6d764: Download complete
 │ f098031ccdab: Download complete
 │ d5243211887c: Download complete
 │ 
✓ Installing Waypoint server to docker
✓ Server container started!
✓ Server installed and configured!
✓ Successfully connected to Waypoint server in Docker!
❌ Installing runner...
❌ Initializing Docker client...
! Error installing the runner: Error response from daemon: container create: statfs /var/run/docker.sock:
  permission denied
  
  The Waypoint runner failed to install. This error occurred after the
  Waypoint server was successfully installed. Your CLI is configured to
  use the installed server. If you want to retry, you must uninstall the
  server first.

It looks like the server install respects DOCKER_HOST but the client install does not.

[briancain]

Hey there @jdoss - at this time, we don't plan on supporting podman as a Waypoint server as a platform for the install CLI helper. We recommend running the server and runner directly with podman rather than using the CLI install helper.

Can you speak to what your expected use-case is for using podman for running Waypoint server? If it were implemented, what behavior would you expect the waypoint install command to do?

[jdoss]

Hey @briancain thanks for the response and sorry for the delay in response on my end. Do you have documentation on how to run the server and runner directly?

As for my expected use-case I do not use Docker on my workstation and server instances. It looks like I can run waypoint with podman as root.

$ sudo waypoint install -platform=docker -accept-tos
⚠️ Detected existing Waypoint server.
✓ Container "/waypoint-server" started!
✓ Configured server connection
✓ Successfully connected to Waypoint server in Docker!
✓ Server installed and configured!
✓ Runner "static" installed
✓ Registered ondemand runner!
✓ Waypoint runner installed and started!
✓ Runner "static" adopted successfully.
Waypoint server successfully installed and configured!

The CLI has been configured to connect to the server automatically. This
connection information is saved in the CLI context named "install-1663699959".
Use the "waypoint context" CLI to manage CLI contexts.

The server has been configured to advertise the following address for
entrypoint communications. This must be a reachable address for all your
deployments. If this is incorrect, manually set it using the CLI command
"waypoint server config-set".

To launch and authenticate into the Web UI, run:
waypoint ui -authenticate

Advertise Address: waypoint-server:9701
Web UI Address: https://localhost:9702

Which is pretty great. I think maybe this issue should be renamed Rootless Podman support as the waypoint install command half supports rootless podman. The waypoint-server container starts but the way waypoint-static-runner container does not. It seems that the runner install doesn't respect setting DOCKER_HOST=unix://$XDG_RUNTIME_DIR/podman/podman.sock

[jdoss]

Trying to use rootful podman on the Ruby waypoint example results in failure however.

 │ 2022/09/20 14:08:26.885871 DEBUG:  Pulling image buildpacksio/lifecycle:0.14.1
 │ 4f80531f7622: Already exists
 │ 36698cfa5275: Already exists
 │ 0fc9d7cf1104: Download complete
 │ 2022/09/20 14:08:28.086485 DEBUG:  Using build cache volume pack-cache-library_e
 │ xample-ruby_latest-0b6bcd68502c.build
 │ 2022/09/20 14:08:28.086506 INFO:   ===> DETECTING
 │ 2022/09/20 14:08:28.086529 DEBUG:  Running the detector on OS linux with:
 │ 2022/09/20 14:08:28.086536 DEBUG:  Container Settings:
 │ 2022/09/20 14:08:28.086540 DEBUG:    Args: /cnb/lifecycle/detector -app /workspa
 │ ce
 │ 2022/09/20 14:08:28.086546 DEBUG:    System Envs: CNB_PLATFORM_API=0.6
 │ 2022/09/20 14:08:28.086554 DEBUG:    Image: pack.local/builder/7563636e776b71716
 │ f6c:latest
 │ 2022/09/20 14:08:28.086559 DEBUG:    User:
 │ 2022/09/20 14:08:28.086569 DEBUG:    Labels: map[author:pack]
 │ 2022/09/20 14:08:28.086573 DEBUG:  Host Settings:
 │ 2022/09/20 14:08:28.086579 DEBUG:    Binds: pack-layers-wvdkowmfos:/layers pack-
 │ app-sigcuhsvjg:/workspace
 │ 2022/09/20 14:08:28.086586 DEBUG:    Network Mode:
 │ [detector] heroku/ruby     0.1.3
 │ [detector] heroku/procfile 1.0.2
 │ 2022/09/20 14:08:28.936737 INFO:   ===> ANALYZING
 │ 2022/09/20 14:08:28.936785 DEBUG:  Running the analyzer on OS linux with:
 │ 2022/09/20 14:08:28.936798 DEBUG:  Container Settings:
 │ 2022/09/20 14:08:28.936803 DEBUG:    Args: /cnb/lifecycle/analyzer -gid 0 -daemo
 │ n -cache-dir /cache example-ruby
 │ 2022/09/20 14:08:28.936809 DEBUG:    System Envs: CNB_USER_ID=1000 CNB_GROUP_ID=
 │ 1000 CNB_PLATFORM_API=0.6
 │ 2022/09/20 14:08:28.936814 DEBUG:    Image: buildpacksio/lifecycle:0.14.1
 │ 2022/09/20 14:08:28.936826 DEBUG:    User: root
 │ 2022/09/20 14:08:28.936854 DEBUG:    Labels: map[author:pack]
 │ 2022/09/20 14:08:28.936862 DEBUG:  Host Settings:
 │ 2022/09/20 14:08:28.936877 DEBUG:    Binds: /var/run/docker.sock:/var/run/docker
 │ .sock pack-cache-library_example-ruby_latest-0b6bcd68502c.build:/cache pack-laye
 │ rs-wvdkowmfos:/layers pack-app-sigcuhsvjg:/workspace
 │ 2022/09/20 14:08:28.936886 DEBUG:    Network Mode:
 │ [analyzer] ERROR: getting previous image: Got permission denied while trying to
 │ connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://
 │ %2Fvar%2Frun%2Fdocker.sock/v1.24/info": dial unix /var/run/docker.sock: connect:
 │  permission denied
! executing lifecycle. This may be the result of using an untrusted builder:
  failed with status code: 1

I am not sure why it says it cannot connect to the docker socket. I can curl it just fine as the root user.

Please note that Podman symlinks the Docker socket to the Podman socket.

# ls -lah /var/run/docker.sock
lrwxrwxrwx. 1 root root 23 Sep 20 10:25 /var/run/docker.sock -> /run/podman/podman.sock

$ sudo curl -s -XGET --unix-socket /var/run/docker.sock http://localhost/v1.24/info
{"ID":"5669010b-329d-442e-90b5-cc8f5575e9cc","Containers":4,"ContainersRunning":2,"ContainersPaused":0,"ContainersStopped":1,"Images":166,"Driver":"overlay","DriverStatus":[["Using metacopy","true"],["Backing Filesystem","btrfs"],["Supports d_type","true"],["Native Overlay Diff","false"]],"Plugins":{"Volume":["local"],"Network":["bridge","macvlan"],"Authorization":null,"Log":["k8s-file","none","passthrough","journald"]},"MemoryLimit":true,"SwapLimit":false,"KernelMemory":false,"KernelMemoryTCP":false,"CpuCfsPeriod":false,"CpuCfsQuota":false,"CPUShares":false,"CPUSet":false,"PidsLimit":true,"IPv4Forwarding":true,"BridgeNfIptables":false,"BridgeNfIp6tables":false,"Debug":false,"NFd":16,"OomKillDisable":false,"NGoroutines":11,"SystemTime":"2022-09-20T14:09:23.151357143-05:00","LoggingDriver":"","CgroupDriver":"systemd","NEventsListener":0,"KernelVersion":"5.19.9-300.fc37.x86_64","OperatingSystem":"fedora","OSVersion":"37","OSType":"linux","Architecture":"amd64","IndexServerAddress":"","RegistryConfig":{"AllowNondistributableArtifactsCIDRs":[],"AllowNondistributableArtifactsHostnames":[],"InsecureRegistryCIDRs":[],"IndexConfigs":{},"Mirrors":[]},"NCPU":64,"MemTotal":270067052544,"GenericResources":null,"DockerRootDir":"/var/lib/containers/storage","HttpProxy":"","HttpsProxy":"","NoProxy":"","Name":"sw-0608","Labels":null,"ExperimentalBuild":true,"ServerVersion":"4.2.1","Runtimes":{"crun":{"path":"/usr/bin/crun"},"kata":{"path":"/usr/bin/kata-runtime"},"krun":{"path":"/usr/bin/krun"},"runc":{"path":"/usr/bin/runc"},"runj":{"path":"/usr/local/bin/runj"},"runsc":{"path":"/usr/bin/runsc"}},"DefaultRuntime":"crun","Swarm":{"NodeID":"","NodeAddr":"","LocalNodeState":"inactive","ControlAvailable":false,"Error":"","RemoteManagers":null},"LiveRestoreEnabled":false,"Isolation":"","InitBinary":"","ContainerdCommit":{"ID":"","Expected":""},"RuncCommit":{"ID":"","Expected":""},"InitCommit":{"ID":"","Expected":""},"SecurityOptions":["name=seccomp,profile=default"],"ProductLicense":"Apache-2.0","Warnings":[],"BuildahVersion":"1.27.0","CPURealtimePeriod":false,"CPURealtimeRuntime":false,"CgroupVersion":"2","Rootless":false,"SwapFree":8589930496,"SwapTotal":8589930496,"Uptime":"3h 46m 39.00s (Approximately 0.12 days)"}

[briancain]

Do you have documentation on how to run the server and runner directly?

Yes! You can find those here:

• https://waypointproject.io/docs/server/run
• https://waypointproject.io/docs/runner/run-manual

As far as your podman issues go, the output you shared is from the heroku/buildpack plugin. It is likely that pack might require docker to work, given the output. pack might require docker for its host settings:

2022/09/20 14:08:28.936862 DEBUG:  Host Settings:
 │ 2022/09/20 14:08:28.936877 DEBUG:    Binds: /var/run/docker.sock:/var/run/docker
 │ .sock pack-cache-library_example-ruby_latest-0b6bcd68502c.build:/cache pack-laye
 │ rs-wvdkowmfos:/layers pack-app-sigcuhsvjg:/workspace
 │ 2022/09/20 14:08:28.936886 DEBUG:    Network Mode:
 │ [analyzer] ERROR: getting previous image: Got permission denied while trying to
 │ connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://
 │ %2Fvar%2Frun%2Fdocker.sock/v1.24/info": dial unix /var/run/docker.sock: connect:
 │  permission denied