Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Installing podman from a tarball #8788

Closed
bharath-123 opened this issue Dec 20, 2020 · 20 comments
Closed

Installing podman from a tarball #8788

bharath-123 opened this issue Dec 20, 2020 · 20 comments
Labels
kind/feature Categorizes issue or PR as related to a new feature. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. stale-issue

Comments

@bharath-123
Copy link

/kind feature

As far as i can see, the current way of installing podman is very OS specific. This can make it a bit hard to automate installations for softwares which setup kubernetes clusters like kOps, minikube etc...

Cri-o has recently started pushing releases to https://console.cloud.google.com/storage/browser/k8s-conform-cri-o/artifacts;tab=objects?prefix=crio-v&forceOnObjectsSortingFiltering=false . These are pretty easy to use to setup a working crio setup.

Can we do something similar for podman? If not, is there any specific reason or so?

@openshift-ci-robot openshift-ci-robot added the kind/feature Categorizes issue or PR as related to a new feature. label Dec 20, 2020
@eriksjolund
Copy link
Contributor

Maybe Github actions could be used for this?
I've been experimenting a bit with Github actions in the project
https://github.com/eriksjolund/build-podman
See for instance the result of a Github action
https://github.com/eriksjolund/build-podman/actions/runs/392035747
where the file
centos8-podman2.1.1-rhel-conmon2.0.20-containernetworking-plugins-version0.8.7-go1.15.3.tar
was created.

I made use of the PREFIX argument (make PREFIX=) to identify the installation directory (/home/erik.sjolund/podman), but I don't know if that is really needed. A colleague of mine tried it out and it seems to work from his home directory too.

A tip: How to use Systemd services with a home-directory Podman installation

If you want use Podman that was installed into your home directory (e.g. ~/podman/bin/podman) in a systemd service, you need to use an absolute path in the ExecStart.

ExecStart=%h/podman/bin/podman run

(It took some time before I realized that)
See the explanation "If the command is not a full (absolute) path ..." in man systemd.service

@afbjorklund
Copy link
Contributor

afbjorklund commented Dec 20, 2020

@bharath-123 :

If you like the Nix binaries, there are build instructions here:
https://podman.io/getting-started/installation#static-build

They are similar to the "static" ones built for cri-o, similarly:
https://github.com/cri-o/cri-o/blob/master/install.md#static-builds

If I understand correctly, all that is "missing" is to upload these binaries to the cloud storage, on each release ?

Possibly it would need some kind of similar "bundle" script, in order to include conmon/crun and other dependencies...

@afbjorklund
Copy link
Contributor

afbjorklund commented Dec 20, 2020

@eriksjolund : your script looks very specific to CentOS 7/8 ?

minikube currently builds podman from source (github).
using some hacks for go1.13, which isn't really supported...

sed -e 's|-mod=vendor ||' -i Makefile

Eventually buildroot will figure out how to support go modules, but right now it doesn't have a good way of storing distfiles...

Hopefully it will be sorted out before the Buildroot 2021.02 release, or maybe we will change the minikube OS before then.

Also minikube only uses sudo podman, for cri-o/kubernetes.

That means that it doesn't need any of the rootless support.

@eriksjolund
Copy link
Contributor

@afbjorklund : Yes, I forgot to mention that.

@afbjorklund
Copy link
Contributor

afbjorklund commented Dec 20, 2020

The nix build sure downloads a lot of files... 278 copied (1439.8 MiB), 330.7 MiB DL

curl -L https://nixos.org/nix/install | sh
nix build -f nix/

And then it failed, when building another go.

`builder for '/nix/store/bg4hnzq2mvkl39a31np06rx7pf5sp3jc-go-1.15.3.drv' failed with exit code 1

  FAIL
  go tool dist: Failed: exit status 1

@afbjorklund
Copy link
Contributor

afbjorklund commented Dec 20, 2020

your script looks very specific to CentOS 7/8 ?
Yes, I forgot to mention that.

Also, since CentOS already includes podman - you are now likely to have some version conflicts with the system ?

Podman is available in the default Extras repos for CentOS 7 and in the AppStream repo for CentOS 8 and Stream. Even though the available version often lags behind the latest upstream release, it’s still the preferable build for production environments.

Similar to when you mix and match the OpenSUSE Build System binaries for Ubuntu, with the system packages...

CAUTION: On Ubuntu 20.10 and newer, we highly recommend you use Buildah, Podman and Skopeo ONLY from EITHER the Kubic repo OR the official Ubuntu repos. Mixing and matching may lead to unpredictable situations including installation conflicts.

@afbjorklund
Copy link
Contributor

afbjorklund commented Dec 20, 2020

I tried to upgrade nix, but just ended up with different build errors (this time, "fontforge" failed).
Since I don't really want another distribution, I think I will just delete /nix and free up those 6G.

We normally use the OBS* for installing podman and cri-o, so will probably just continue with that...
It could be easier to set up, but added a script that sets up the needed repositories: cri-o/cri-o#4343

* https://build.opensuse.org/project/show/devel:kubic:libcontainers:stable

Previously had to build our own packages, but now back at latest/greatest

@afbjorklund
Copy link
Contributor

afbjorklund commented Dec 20, 2020

@bharath-123 : this seems to have been talked about before, in issue #5774

But it's not clear what the outcome was, the download only has podman-remote ?

There is #6402 and the nix "derivation", but I'm not sure about official binaries...

For docker there is a .tgz with all required files (including containerd and runc)

@bharath-123
Copy link
Author

@eriksjolund Thanks for your suggestion! But that seems pretty complicated to do :/ My use-case is to be set it up a stable version of podman in kubernetes clusters with automation. Would like to avoid git hooks etc in my code :/.

@afbjorklund thanks for your research here. Really appreciate it. Nix is an option but I would definitely prefer a bundled binary like what crio is doing. I am currently adding crio support for kOps. A bundled binary really makes installing easy as all we would need to do is to extract the tar and move files to /usr/bin or any other system.

It would be great if podman too has a solution like this too. Would make setting up podman really easy for cluster setup tools.

Yup have seen that only podman-remote in the binary, not sure how that would be useful without a full blown setup of podman infrastructure.

I would like to know if it would be possible for podman to support releasing bundled binaries like how crio does with every release.

@afbjorklund
Copy link
Contributor

afbjorklund commented Dec 20, 2020

Nix is an option but I would definitely prefer a bundled binary like what crio is doing.

Unless I am missing something, crio uses Nix in order to do the static builds ?

Podman

static:
        @nix build -f nix/
        mkdir -p ./bin
        cp -rfp ./result/bin/* ./bin/

CRI-O

build-static:
	$(CONTAINER_RUNTIME) run --rm --privileged -ti -v /:/mnt \
		nixos/nix cp -rfT /nix /mnt/nix
	$(CONTAINER_RUNTIME) run --rm --privileged -ti -v /nix:/nix -v ${PWD}:${PWD} -w ${PWD} \
		nixos/nix nix --print-build-logs --option cores 8 --option max-jobs 8 build --file nix/
	mkdir -p bin
	cp -r result/bin bin/static

But I have never used the static binaries, just the regular (deb/rpm) packages.

Not sure that I would set up clusters, without using proper package management ?

It is possible, and I have done it before - but I am not sure that I would do it again...


I would like to know if it would be possible for podman to support releasing bundled binaries like how crio does with every release.

The missing piece (from crio) here are the "contrib/bundle" scripts, for podman.

What they do is copy the configuration, and the binaries from those other projects:
See the shell script at https://github.com/cri-o/cri-o/blob/master/contrib/bundle/build

You need to add stuff like conmon/crun, and fuse-overlayfs/slirp4netns (for rootless)...
This would match the containerd/runc for docker, and their rootlesskit (in the "extras")

If you want details, you can look at: https://podman.io/getting-started/installation#building-from-scratch

Many of these projects in podman are the same as in crio, at least for sudo podman.
So you could probably use the same scripts, for those. And add some containers.conf ?

@afbjorklund
Copy link
Contributor

@bharath-123 :

As far as i can see, the current way of installing podman is very OS specific. This can make it a bit hard to automate installations for softwares which setup kubernetes clusters like kOps, minikube etc...

When looking at https://kops.sigs.k8s.io/operations/images/ it seems that all supported kops distributions use packages.

So it would probably be much easier to use the Kubic packages for cri-o/podman, than to try to use these Nix packages.

Do you have some links/details, to your kops addition (for cri-o support) ?

https://kops.sigs.k8s.io/cluster_spec/#containerruntime

"Alternative container runtimes can be used to run Kubernetes.

Docker is still the default container runtime, but containerd can also be selected."

For minikube we still build our own packages from source, but consider* going over to a supported Linux distribution...

We could of course also install podman and crio from binaries, like we currently are doing for docker and containerd.

* See kubernetes/minikube#9992

Packaging is boring and takes time

@github-actions
Copy link

A friendly reminder that this issue had no activity for 30 days.

@afbjorklund
Copy link
Contributor

afbjorklund commented Jan 22, 2021

The magic command seems to be: nix build -f nix/ --print-build-logs

Then it will say why the "make static" actually failed (the hidden @ nix command).

go tool dist: Failed: exit status 1

go> --- FAIL: TestChown (0.00s)
go> os_unix_test.go:58: gid: 100
go> os_unix_test.go:70: groups:  [65534 65534 65534 65534 65534 65534 65534 65534 65534 65534 65534 65534 65534 100]
go> os_unix_test.go:73: chown /tmp/_Go_TestChown173602079 -1 65534: chown /tmp/_Go_TestChown173602079: invalid argument
go> --- FAIL: TestFileChown (0.00s)
go> os_unix_test.go:101: gid: 100
go> os_unix_test.go:113: groups:  [65534 65534 65534 65534 65534 65534 65534 65534 65534 65534 65534 65534 65534 100]
go> os_unix_test.go:116: fchown /tmp/_Go_TestFileChown823311346 -1 65534: chown /tmp/_Go_TestFileChown823311346: invalid argument
go> --- FAIL: TestLchown (0.00s)
go> os_unix_test.go:153: gid: 100
go> os_unix_test.go:168: groups:  [65534 65534 65534 65534 65534 65534 65534 65534 65534 65534 65534 65534 65534 100]
go> os_unix_test.go:171: lchown /tmp/_Go_TestLchown1816669852 -1 65534: lchown /tmp/_Go_TestLchown1816669852: invalid argument
go> FAIL
go> FAIL        os      0.926s

Due to NixOS/nix#3245

$ nix build -f nix/ /nix/store/gr5g83iagi39nymy8pm7m6xji6c4mdvf-go-1.15.2.drv --option sandbox false
[1 built]
$ nix build -f nix/
warning: dumping very large path (> 256 MiB); this may run out of memory
[1 built, 0.0 MiB DL]

@afbjorklund
Copy link
Contributor

afbjorklund commented Jan 22, 2021

With that workaround, it was possible to build both releases static again:

Version:      2.1.1
API Version:  2.0.0
Go Version:   go1.15.2
Git Commit:   9f6d6ba0b314d86521b66183c9ce48eaa2da1de2-dirty
Built:        Tue Jan  1 01:00:00 1980
OS/Arch:      linux/amd64
Version:      2.2.1
API Version:  2.1.0
Go Version:   go1.15.3
Git Commit:   a0d478edea7f775b7ce32f8eb1a01e75374486cb-dirty
Built:        Tue Jan  1 01:00:00 1980
OS/Arch:      linux/amd64

The client is built more traditionally, with make podman-remote-static

Version:      2.1.1
API Version:  2.0.0
Go Version:   go1.15.5
Built:        Thu Jan  1 01:00:00 1970
OS/Arch:      linux/amd64
Version:      2.2.1
API Version:  2.1.0
Go Version:   go1.15.5
Built:        Thu Jan  1 01:00:00 1970
OS/Arch:      linux/amd64

But it still needs a static crun and a static conmon, plus catatonit.

Those can be found in their own external projects, and built separately.

@baude
Copy link
Member

baude commented Feb 3, 2021

can we close this issue?

@afbjorklund
Copy link
Contributor

afbjorklund commented Feb 3, 2021

can we close this issue?

There are still only static binaries available for podman-remote, not podman:

https://github.com/containers/podman/releases/tag/v2.1.1

https://github.com/containers/podman/releases/tag/v2.2.1

Apparently there are no binaries done for RC, so unclear if it is fixed or not ?

i.e. if there was a v3.0.0 today, would it include a podman binary ?

Note that /nix is like 10 GB, but podman is more like 40 MB

@afbjorklund
Copy link
Contributor

afbjorklund commented Feb 3, 2021

The static build seems to be failing in CI:
https://cirrus-ci.com/task/6039928757813248

************************************************************
Performing alternate build: Static build
************************************************************
Trying to pull docker.io/nixos/nix:2.3.6...
  unauthorized: authentication required
Error: Error initializing source docker://nixos/nix:2.3.6: Error reading manifest 2.3.6 in docker.io/nixos/nix: errors:
unauthorized: authentication required
unauthorized: authentication required
Exit status: 125

But worked in https://cirrus-ci.com/task/4654061322502144

@bharath-123
Copy link
Author

My apologies. My gmail account storage had filled up and I did not receive these notifications.

We have found a decent workaround installing podman for our use case. But it would be really useful if podman had static binaries available so that we can easily script server bootstrap programs with podman. Podman is useful as it is relatively agnostic to the container runtime.

We can close this issue for now. @afbjorklund Please do re-open the issue if you want to keep the discuss going on.

@afbjorklund
Copy link
Contributor

afbjorklund commented Feb 10, 2021

Same problem with 3.0.0 (RC3)

cannot build derivation '/nix/store/19vhd1mfr39acn6hv2zykzxd8szsfi4k-podman.drv': 1 dependencies couldn't be built

Same workaround works, though.

nix build -f nix/ /nix/store/sa7scdrzmwfkgsk0c883iz7xi30p8xr8-go-1.15.7.drv --option sandbox false

@afbjorklund
Copy link
Contributor

afbjorklund commented Feb 12, 2021

I uploaded the static binaries here:
https://github.com/afbjorklund/podman/releases/tag/v2.1.1
https://github.com/afbjorklund/podman/releases/tag/v2.2.1
https://github.com/afbjorklund/podman/releases/tag/v3.0.1

Client:
Version:      3.0.1
API Version:  3.0.0
Go Version:   go1.15.8
Built:        Thu Jan  1 01:00:00 1970
OS/Arch:      linux/amd64

Server:
Version:      3.0.1
API Version:  3.0.0
Go Version:   go1.15.7
Git Commit:   c640670e85c4aaaff92741691d6a854a90229d8d-dirty
Built:        Tue Jan  1 01:00:00 1980
OS/Arch:      linux/amd64

EDIT: Update to 3.0.1, since 3.0.0 release was broken

@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 22, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 22, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
kind/feature Categorizes issue or PR as related to a new feature. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. stale-issue
Projects
None yet
Development

No branches or pull requests

5 participants