Building Podman with a Github actions workflow.
This project is trying to help out in the situation where you want to be able to run
podman on a CentOS compute cluster where you don't have root permission but only normal user permission. In other words
the normal installation procedure to install RPM packages (dnf install podman or yum install podman) is not possible.
The GitHub actions workflow .github/workflows/build.yml contains the names of the build configurations that should be built
strategy:
matrix:
config: [ centos7, centos8 ]
The build configurations are JSON files located under config/, for instance config/centos8.json
{
"go_version": "1.15.3",
"gitrepos": {
"podman": {
"ref": "ad1aaba8df96cb25e12fe28ec96f3c131e572e3e",
"repository": "containers/podman"
},
"conmon": {
"ref": "v2.0.27",
"repository": "containers/conmon"
},
"CNI-plugins": {
"ref": "v0.9.1",
"repository": "containernetworking/plugins"
}
},
"container": {
"dockerfile": "Dockerfile.centos",
"build_args": {
"CENTOS_VERSION": "8.3.2011"
}
},
"download": {
"crun": "0.19.1",
"slirp4netns": "v1.1.9",
"fuse-overlayfs": "v1.5.0"
},
"installprefix": "/home/erik.sjolund/podman"
}
The executables
- crun
- slirp4netns
- fuse-overlayfs
are not built but instead downloaded and added to the tar archive together with the Podman build results. The tar archive is then uploaded as an artifact to GitHub.
After uncompressing the archive, there might be a need to set file SELinux security contexts with chcon -R unconfined_u:object_r:user_home_t:s0 build-podman_* (TODO: investigate this. It seems to be a problem only when untarring outside of the home directory)
Investigate if installprefix matters at all. (Does it have to match the path where the tar archive is untarred?)
A sketch:
cd ~
unzip ~/Downloads/build-podman_ebb721f1868e408e1f82ef0edf182f8bf4641969__centos8__ad1aaba8df96cb25e12fe28ec96f3c131e572e3e__v2.0.27__v0.9.1__1.15.3__0.19.1__v1.1.9__v1.5.0.tar.zip
tar xf build-podman_ebb721f1868e408e1f82ef0edf182f8bf4641969__centos8__ad1aaba8df96cb25e12fe28ec96f3c131e572e3e__v2.0.27__v0.9.1__1.15.3__0.19.1__v1.1.9__v1.5.0.tar
ln -s build-podman_ebb721f1868e408e1f82ef0edf182f8bf4641969__centos8__ad1aaba8df96cb25e12fe28ec96f3c131e572e3e__v2.0.27__v0.9.1__1.15.3__0.19.1__v1.1.9__v1.5.0 podman
Create the configuration files ~/.config/containers/containers.conf and ~/.config/containers/storage.conf. (TODO: provide examples of how they could look like)
Run podman
podman run --rm -ti docker.io/library/alpine
If you have generated systemd services with the command podman generate systemd --new and installed them under ~/.config/systemd/user , you need to replace occurences of /usr/bin/podman with %h/podman/bin/podman
in your files ~/.config/systemd/user/*.service.
Also adjust the environment variables for the user systemd service
mkdir ~/.config
echo ~/podman/bin:~/bin:$PATH > ~/.config/EnvironmentFile.systemd_podman
(the filename EnvironmentFile.systemd_podman was arbitrarily chosen)
Then add the line
EnvironmentFile=%S/EnvironmentFile.systemd_podman
in your podman user systemd service files.
For instance the lines
ExecStartPre=/bin/rm -f %t/%n-pid %t/%n-cid
ExecStart=/usr/bin/podman run --conmon-pidfile %t/%n-pid --cidfile %t/%n-cid --cgroups=no-conmon -d -dit alpine
ExecStop=/usr/bin/podman stop --ignore --cidfile %t/%n-cid -t 10
ExecStopPost=/usr/bin/podman rm --ignore -f --cidfile %t/%n-cid
should be replaced with
EnvironmentFile=%S/EnvironmentFile.systemd_podman
ExecStartPre=/bin/rm -f %t/%n-pid %t/%n-cid
ExecStart=%h/podman/bin/podman run --conmon-pidfile %t/%n-pid --cidfile %t/%n-cid --cgroups=no-conmon -d -dit alpine
ExecStop=%h/podman/bin/podman stop --ignore --cidfile %t/%n-cid -t 10
ExecStopPost=%h/podman/bin/podman rm --ignore -f --cidfile %t/%n-cid