mailcow in Debian12 podman

[LeifSec]

Contribution guidelines

• I've read the contribution guidelines and wholeheartedly agree

I've found a bug and checked that ...

• ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
• ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
• ... I have understood that answers are voluntary and community-driven, and not commercial support.
• ... I have verified that my issue has not been already answered in the past. I also checked previous issues.

Description

I am trying to use mailcow in Debian 12 using podman.

I follow the instructions for RHEL8 from [issue](#2614).
In addition I have modified the docker-compose version check in `generate_config.sh` so that it accepts version 1.X and succeeded. I choose the stable version.

podman version 4.3.1
podman-compose version 1.0.7

Running `podman-compose --in-pod true up` results in the attached logs.
And running `docker-compose up` 

services.nginx-mailcow.ports contains an invalid type, it should be a number, or an object
services.nginx-mailcow.ports contains an invalid type, it should be a number, or an object

### Logs:

```plain text
podman-compose version: 1.0.7
['podman', '--version', '']
using podman version: 4.3.1
** excluding:  set()
['podman', 'ps', '--filter', 'label=io.podman.compose.project=mailcowdockerized', '-a', '--format', '{{ index .Labels "io.podman.compose.config-hash"}}']
podman pod create --name=pod_mailcowdockerized --infra=false --share=
Error: adding pod to state: name "pod_mailcowdockerized" is in use: pod already exists
exit code: 125
['podman', 'network', 'exists', 'mailcowdockerized_mailcow-network']
['podman', 'network', 'create', '--label', 'io.podman.compose.project=mailcowdockerized', '--label', 'com.docker.compose.project=mailcowdockerized', '--driver', 'bridge', '--opt', 'com.docker.network.bridge.name=br-mailcow', '--ipam-driver', 'default', '--subnet', '172.22.1.0/24', '--subnet', 'fd4d:6169:6c63:6f77::/64', 'mailcowdockerized_mailcow-network']
Error: unsupported ipam driver "default"
Traceback (most recent call last):
  File "/usr/local/lib/python3.11/dist-packages/podman_compose.py", line 736, in assert_cnt_nets
    compose.podman.output([], "network", ["exists", net_name])
  File "/usr/local/lib/python3.11/dist-packages/podman_compose.py", line 1169, in output
    return subprocess.check_output(cmd_ls)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/subprocess.py", line 466, in check_output
    return run(*popenargs, stdout=PIPE, timeout=timeout, check=True,
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/subprocess.py", line 571, in run
    raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '['podman', 'network', 'exists', 'mailcowdockerized_mailcow-network']' returned non-zero exit status 1.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/bin/podman-compose", line 33, in <module>
    sys.exit(load_entry_point('podman-compose==1.0.3', 'console_scripts', 'podman-compose')())
             ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/podman_compose.py", line 3205, in main
    podman_compose.run()
  File "/usr/local/lib/python3.11/dist-packages/podman_compose.py", line 1524, in run
    retcode = cmd(self, args)
              ^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/podman_compose.py", line 1920, in wrapped
    return func(*args, **kw)
           ^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/podman_compose.py", line 2254, in compose_up
    podman_args = container_to_args(compose, cnt, detached=args.detach)
                  ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/dist-packages/podman_compose.py", line 960, in container_to_args
    assert_cnt_nets(compose, cnt)
  File "/usr/local/lib/python3.11/dist-packages/podman_compose.py", line 779, in assert_cnt_nets
    compose.podman.output([], "network", args)
  File "/usr/local/lib/python3.11/dist-packages/podman_compose.py", line 1169, in output
    return subprocess.check_output(cmd_ls)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/subprocess.py", line 466, in check_output
    return run(*popenargs, stdout=PIPE, timeout=timeout, check=True,
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3.11/subprocess.py", line 571, in run
    raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '['podman', 'network', 'create', '--label', 'io.podman.compose.project=mailcowdockerized', '--label', 'com.docker.compose.project=mailcowdockerized', '--driver', 'bridge', '--opt', 'com.docker.network.bridge.name=br-mailcow', '--ipam-driver', 'default', '--subnet', '172.22.1.0/24', '--subnet', 'fd4d:6169:6c63:6f77::/64', 'mailcowdockerized_mailcow-network']' returned non-zero exit status 125.

Steps to reproduce:

1. #2614
2. change docker-compose version check in `generate_config.sh`
3. `generate_config.sh`  (stable version chosen)
4. `podman-compose --in-pod true up` or 
5. `docker-compose up`

Which branch are you using?

master

Operating System:

Debian 12

Server/VM specifications:

24 GB 8 Cores

Is Apparmor, SELinux or similar active?

no

Virtualization technology:

KVM (Proxmox)

Docker version:

Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg. Client: Podman Engine Version: 4.3.1 API Version: 4.3.1 Go Version: go1.19.8 Built: Thu Jan 1 01:00:00 1970 OS/Arch: linux/amd64

docker-compose version or docker compose version:

docker-compose version 1.29.2, build unknown docker-py version: 5.0.3 CPython version: 3.11.2 OpenSSL version: OpenSSL 3.0.11 19 Sep 2023

mailcow version:

2023-10a

Reverse proxy:

not relevant

Logs of git diff:

diff --git a/data/assets/ssl-example/cert.pem b/data/assets/ssl-example/cert.pem

...

Logs of iptables -L -vn:

Debian is using `nftables` since Debain10.

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Logs of ip6tables -L -vn:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Logs of iptables -L -vn -t nat:

Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

Logs of ip6tables -L -vn -t nat:

Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination

DNS check:

Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg.
Error: no container with name or ID "dig" found: no such container

[DerLinkman]

mailcow does not support podman. Everything you saw is not officially supported

[richardweinberger]

@DerLinkman Since podman is these days de-facto standard on most distros and docker no longer, are there plans to support podman?
I mean, podman is a drop-in replacement for docker, what is missing?

[mkuron]

@richardweinberger, the main incompatibility is going to be in the dockerapi container, which runs a Python script that exposes certain Docker functionality to various of our other containers. Extending that for podman compatibility isn't going to be too difficult, but hasn't been done. Installing Docker instead of Podman is usually quite easy, so there hasn't really been a need for Podman support in Mailcow.

[DerLinkman]

Since podman is these days de-facto standard on most distros and docker no longer

Were did you read this?

[LeifSec]

• https://truelist.co/blog/linux-statistics/
• Ubuntu + Debian + Cent-OS > 59 %.
• At least these 3 distribution have Podman as default / in standard repository.

[DerLinkman]

You mean the OS usage with that?

I was talking about the podman usage in comparison to docker.

We do not recommend installing the repo version of docker either (which can be read inside our docs) so this fact is irrelevant.

But yeah like @mkuron said, coreapi has to be rewritten for that, at least now there is no need from our side. Use mailcow or leave it, depending on your choice and needs. We cannot fullfill all personal requirements someone has.