Document needed tweaks for podman-in-docker (#2762)

I'm fulfilling my promise from #2714 (comment) by documenting specific stuff learned from containers/buildah#2175 (comment).
ansible · Jul 29, 2020 · a172d48 · a172d48
1 parent 280055c
commit a172d48
Showing 1 changed file with 67 additions and 0 deletions.
diff --git a/docs/examples.rst b/docs/examples.rst
@@ -112,6 +112,73 @@ Now the task will succeed.
 
 Don't forget to run ``molecule destroy`` if image has already been created.
 
+Podman inside Docker
+====================
+
+Sometimes your CI system comes prepared to run with Docker but you want to
+test podman into it. This ``prepare.yml`` playbook would let podman run inside
+a privileged Docker host by adding some required settings:
+
+.. code-block:: yaml
+
+    - name: prepare
+      hosts: podman-in-docker
+      tasks:
+        - name: install fuse-overlayfs
+          package:
+            name:
+              - fuse-overlayfs
+
+        - name: create containers config dir
+          file:
+            group: root
+            mode: a=rX,u+w
+            owner: root
+            path: /etc/containers
+            state: directory
+
+        - name: make podman use fuse-overlayfs storage
+          copy:
+            content: |
+              # See man 5 containers-storage.conf for more information
+              [storage]
+              driver = "overlay"
+              [storage.options.overlay]
+              mount_program = "/usr/bin/fuse-overlayfs"
+              mountopt = "nodev,metacopy=on"
+            dest: /etc/containers/storage.conf
+            group: root
+            mode: a=r,u+w
+            owner: root
+
+        - name: make podman use cgroupfs cgroup manager
+          copy:
+            content: |
+              # See man 5 libpod.conf for more information
+              cgroup_manager = "cgroupfs"
+            dest: /etc/containers/libpod.conf
+            group: root
+            mode: a=r,u+w
+            owner: root
+
+Another option is to configure the same settings directly into the ``molecule.yml``
+definition:
+
+.. code-block:: yaml
+
+        driver:
+          name: podman
+        platforms:
+          - name: podman-in-docker
+            # ... other options
+            cgroup_manager: cgroupfs
+            storage_opt: overlay.mount_program=/usr/bin/fuse-overlayfs
+            storage_driver: overlay
+
+At the time of writing, `Gitlab CI shared runners run privileged Docker hosts
+<https://docs.gitlab.com/ee/user/gitlab_com/#shared-runners>`__
+and are suitable for these workarounds.
+
 Systemd Container
 =================