[macOS] Running podman with docker-compose #11389

Jarvvski · 2021-09-01T11:44:07Z

/kind bug

Description

What is the expected method to use docker-compose on macOS? I see examples of running it on linux, or even linux with a remote host. However the podman-docker package isn't available for macOS to handle creating the right symlinks.

I assume I can't just symlink the local /var/docker/docker.sock or set DOCKER_HOST and it just work?

Steps to reproduce the issue:

install podman
Install docker-compose
try running docker-compose up on a compose file

Describe the results you received:

Connection aborted error from compose, due to the socket connection issues

Describe the results you expected:

Ideally, compose to 'just work'

Additional information you deem important (e.g. issue happens only occasionally):

Output of podman version:

Client:
Version:      3.3.0
API Version:  3.3.0
Go Version:   go1.16.6
Built:        Fri Aug 20 18:47:23 2021
OS/Arch:      darwin/amd64

Server:
Version:      3.3.0
API Version:  3.3.0
Go Version:   go1.16.6
Built:        Fri Aug 20 20:36:14 2021
OS/Arch:      linux/amd64

Output of podman info --debug:

host:
  arch: amd64
  buildahVersion: 1.22.3
  cgroupControllers: []
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: conmon-2.0.29-2.fc34.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.0.29, commit: '
  cpus: 1
  distribution:
    distribution: fedora
    version: "34"
  eventLogger: journald
  hostname: localhost
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
  kernel: 5.13.12-200.fc34.x86_64
  linkmode: dynamic
  memFree: 857587712
  memTotal: 2061852672
  ociRuntime:
    name: crun
    package: crun-0.21-1.fc34.x86_64
    path: /usr/bin/crun
    version: |-
      crun version 0.21
      commit: c4c3cdf2ce408ed44a9e027c618473e6485c635b
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +CRIU +YAJL
  os: linux
  remoteSocket:
    exists: true
    path: /run/user/1000/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: true
  serviceIsRemote: true
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: slirp4netns-1.1.9-1.fc34.x86_64
    version: |-
      slirp4netns version 1.1.8+dev
      commit: 6dc0186e020232ae1a6fcc1f7afbc3ea02fd3876
      libslirp: 4.4.0
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.0
  swapFree: 0
  swapTotal: 0
  uptime: 2h 7m 19.16s (Approximately 0.08 days)
registries:
  search:
  - registry.fedoraproject.org
  - registry.access.redhat.com
  - docker.io
  - quay.io
store:
  configFile: /var/home/core/.config/containers/storage.conf
  containerStore:
    number: 1
    paused: 0
    running: 0
    stopped: 1
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /var/home/core/.local/share/containers/storage
  graphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Using metacopy: "false"
  imageStore:
    number: 9
  runRoot: /run/user/1000/containers
  volumePath: /var/home/core/.local/share/containers/storage/volumes
version:
  APIVersion: 3.3.0
  Built: 1629488174
  BuiltTime: Fri Aug 20 19:36:14 2021
  GitCommit: ""
  GoVersion: go1.16.6
  OsArch: linux/amd64
  Version: 3.3.0

Package info (homebrew):

podman: stable 3.3.0 (bottled), HEAD
Tool for managing OCI containers and pods
https://podman.io/
/usr/local/Cellar/podman/3.3.0 (170 files, 40.3MB) *
  Poured from bottle on 2021-09-01 at 12:42:37
From: https://github.com/Homebrew/homebrew-core/blob/HEAD/Formula/podman.rb
License: Apache-2.0
==> Dependencies
Build: go ✘, go-md2man ✘
Required: qemu ✔
==> Options
--HEAD
	Install HEAD version
==> Caveats
zsh completions have been installed to:
  /usr/local/share/zsh/site-functions
==> Analytics
install: 3,262 (30 days), 11,211 (90 days), 36,370 (365 days)
install-on-request: 3,264 (30 days), 11,202 (90 days), 35,921 (365 days)
build-error: 0 (30 days)

Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/master/troubleshooting.md)

Yes

Additional environment details (AWS, VirtualBox, physical, etc.):

macOS, no virtualbox etc

The text was updated successfully, but these errors were encountered:

Luap99 · 2021-09-01T11:51:57Z

Setting DOCKER_HOST should work

Jarvvski · 2021-09-01T11:54:11Z

but setting it to what?

The output of the remote sock from podman info after doing a podman machine init && podman machine start?

In testing, I saw it was /var/user/1000/podman/podman.sock

Trying export DOCKER_HOST=unix///var/user/1000/podman/podman.sock didn't seem to get me anywhere

Luap99 · 2021-09-01T11:57:58Z

Can you paste the output of podman system connection ls, this should contain the address to the remote connection.

Jarvvski · 2021-09-01T12:02:02Z

Sure

Name                         Identity                                        URI
podman-machine-default*      /Users/adam.jarvis/.ssh/podman-machine-default  ssh://core@localhost:61047/run/user/1000/podman/podman.sock
podman-machine-default-root  /Users/adam.jarvis/.ssh/podman-machine-default  ssh://root@localhost:61047/run/podman/podman.sock

Jarvvski · 2021-09-01T12:02:46Z

Is the 1000 the pid? If so, this means DOCKER_HOST would need changing on each subsequent restart, correct?

Luap99 · 2021-09-01T12:08:22Z

1000 is the user so it does not change. I just tried this and it looks like you cannot set ssh with the path only DOCKER_HOST=ssh://root@localhost:61047 worked for me.

Jarvvski · 2021-09-01T12:48:23Z

Doing that gets past the error, but then I run into key related issues

❯ docker-compose up -d
The authenticity of host '[localhost]:61047 ([::1]:61047)' can't be established.
ECDSA key fingerprint is SHA256:H5pruEaLVbLBbVkmVQYLtMf5CpoHz4CKBIsCFT1zhpM.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[localhost]:61047' (ECDSA) to the list of known hosts.
root@localhost: Permission denied (publickey,gssapi-keyex,gssapi-with-mic).

Is this expected?

Luap99 · 2021-09-01T12:56:10Z

I don't think this is expected.
@baude @ashley-cui PTAL

baude · 2021-09-01T13:09:29Z

is that the correct ssh key?

Jarvvski · 2021-09-01T16:43:39Z

Yes @baude. In my ssh config, I've tried adding

Host localhost:61047
        IdentityFile ~/.ssh/podman-machine-default

The above key is what's referenced in the output of podman system connection ls

baude · 2021-09-01T19:20:36Z

add the key to the keychain (i.e. ssh add ~/.ssh/podman-machine-default). this worked for me. i then threw docker-compose on and it connects ... but ... it wont work because the underlying image has moby on it. i would need to mess with it to see if i can make that work.

baude · 2021-09-01T19:21:40Z

cc @rhatdan see previous comment...we need to push for that slimmer fcos

Luap99 · 2021-09-02T07:31:45Z

#11397 has more discussion on this topic

edeandrea · 2021-09-07T12:57:58Z

I also tried the export DOCKER_HOST=ssh://root@localhost:54581 and then docker-compose up and did not work:

error during connect: Get "http://docker/v1.24/containers/json?all=1&filters=%7B%22label%22%3A%7B%22com.docker.compose.project%3Dchapter-5-quarkus-kafka-streams%22%3Atrue%7D%7D&limit=0": command [ssh -l root -p 54581 -- localhost docker system dial-stdio] has exited with exit status 255, please make sure the URL is valid, and Docker 18.09 or later is installed on the remote host: stderr=Host key verification failed.

github-actions · 2021-10-08T00:03:57Z