-
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add podman support #4982
base: nightly
Are you sure you want to change the base?
Add podman support #4982
Conversation
Hi, thanks for that. I'm not 100% convinced that we'll implement this into the mailcow source code soon. There too many differences or changes regarding the container engine in my opinion. The problem here is that you've only tested this on Fedora Systems which (of course work as Podman is a RedHat created utility) if you test this on more OSes (those which are definately supported like Ubuntu etc.) we can think about it. What we can do in general is a Guide in our Documentation which is similary done like the mailman guide in that documentation so that users can do that if they want without breaking anything for all non interested users. |
Hi @DerLinkman, thanks for replying!
I am curious about your experience with podman/RedHat based systems (honestly interested!). My container world experience started with Docker for quite a long time, but recently I am converting/updating parts of my home setup to podman. When using the CLI, most users even have The same goes for the Docker API. Podman is created to be a replacement of Docker with a compatible API. Some parts (e.g. the
Good idea, that is indeed something I did not do. Based on your suggestion I setup an Ubuntu 22.04 VM with I followed the steps and didn't have to make any manual changes. See my test log below. Test log of 'add-podman-support' branch on UbuntuPreconditions:
root@ubuntu-vm3:~# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=22.04
DISTRIB_CODENAME=jammy
DISTRIB_DESCRIPTION="Ubuntu 22.04.1 LTS"
root@ubuntu-vm3:~# docker --version
Docker version 20.10.22, build 3a2c30b
root@ubuntu-vm3:~# docker-compose --version
Docker Compose version v2.15.1
root@ubuntu-vm3:~# ufw status
Status: inactive
root@ubuntu-vm3:~# cd /opt
root@ubuntu-vm3:/opt# git clone https://github.com/mailcow/mailcow-dockerized.git
root@ubuntu-vm3:/opt# cd mailcow-dockerized/
root@ubuntu-vm3:/opt/mailcow-dockerized# git remote add rlenferink https://github.com/rlenferink/mailcow-dockerized.git
root@ubuntu-vm3:/opt/mailcow-dockerized# git remote -v
origin https://github.com/mailcow/mailcow-dockerized (fetch)
origin https://github.com/mailcow/mailcow-dockerized (push)
rlenferink https://github.com/rlenferink/mailcow-dockerized.git (fetch)
rlenferink https://github.com/rlenferink/mailcow-dockerized.git (push)
root@ubuntu-vm3:/opt/mailcow-dockerized# git fetch --all
root@ubuntu-vm3:/opt/mailcow-dockerized# git checkout add-podman-support
# Required because we want to test the podman branch and not automatically switch to master
root@ubuntu-vm3:/opt/mailcow-dockerized# export MAILCOW_BRANCH=add-podman-support
root@ubuntu-vm3:/opt/mailcow-dockerized# ./generate_config.sh
Found Docker container engine.
Found Docker Compose Standalone.
Setting the DOCKER_COMPOSE_VERSION Variable to standalone
Notice: For an automatic update of docker-compose please use the update_compose.sh scripts located at the helper-scripts folder.
Press enter to confirm the detected value '[value]' where applicable or enter a custom value.
Mail server hostname (FQDN) - this is not your mail domain, but your mail servers hostname: mail.ubuntu-vm3.loc
Timezone [Etc/UTC]: Europe/Amsterdam
Which branch of mailcow do you want to use?
Available Branches:
- master branch (stable updates) | default, recommended [1]
- nightly branch (unstable updates, testing) | not-production ready [2]
Fetching origin
Fetching rlenferink
Already on 'add-podman-support'
Your branch is up to date with 'rlenferink/add-podman-support'.
Generating snake-oil certificate...
....+..<snip>
-----
Copying snake-oil certificate...
# Intentionally use the docker compose commands below (instead of the mailcow-compose.sh wrapper)
# to demonstrate that the changes in this pull request are backwards compatible
root@ubuntu-vm3:/opt/mailcow-dockerized# docker-compose pull
root@ubuntu-vm3:/opt/mailcow-dockerized# docker-compose up -d
[+] Running 32/33
⠿ Network mailcowdockerized_mailcow-network Created 0.2s
⠿ Volume "mailcowdockerized_vmail-vol-1" Created 0.1s
⠿ Volume "mailcowdockerized_vmail-index-vol-1" Created 0.0s
⠿ Volume "mailcowdockerized_mysql-vol-1" Created 0.0s
⠿ Volume "mailcowdockerized_clamd-db-vol-1" Created 0.1s
⠿ Volume "mailcowdockerized_redis-vol-1" Created 0.3s
⠿ Volume "mailcowdockerized_postfix-vol-1" Created 0.0s
⠿ Volume "mailcowdockerized_mysql-socket-vol-1" Created 0.0s
⠿ Volume "mailcowdockerized_sogo-web-vol-1" Created 0.0s
⠿ Volume "mailcowdockerized_sogo-userdata-backup-vol-1" Created 0.0s
⠿ Volume "mailcowdockerized_crypt-vol-1" Created 0.0s
⠿ Volume "mailcowdockerized_rspamd-vol-1" Created 0.0s
⠿ Volume "mailcowdockerized_solr-vol-1" Created 0.0s
⠿ Container mailcowdockerized-memcached-mailcow-1 Started 19.6s
⠿ Container mailcowdockerized-redis-mailcow-1 Started 15.9s
⠿ Container mailcowdockerized-unbound-mailcow-1 Started 13.9s
⠿ Container mailcowdockerized-watchdog-mailcow-1 Started 15.1s
⠿ Container mailcowdockerized-dockerapi-mailcow-1 Started 18.1s
⠿ Container mailcowdockerized-olefy-mailcow-1 Started 15.2s
⠿ Container mailcowdockerized-sogo-mailcow-1 Started 16.9s
⠿ Container mailcowdockerized-solr-mailcow-1 Started 17.5s
⠇ dockerapi-mailcow Your kernel does not support OomKillDisable. OomKillDisable discarded. 0.0s
⠿ Container mailcowdockerized-php-fpm-mailcow-1 Started 18.1s
⠿ Container mailcowdockerized-mysql-mailcow-1 Started 16.1s
⠿ Container mailcowdockerized-clamd-mailcow-1 Started 18.4s
⠿ Container mailcowdockerized-dovecot-mailcow-1 Started 18.2s
⠿ Container mailcowdockerized-postfix-mailcow-1 Started 17.5s
⠿ Container mailcowdockerized-nginx-mailcow-1 Started 21.2s
⠿ Container mailcowdockerized-acme-mailcow-1 Started 21.8s
⠿ Container mailcowdockerized-ofelia-mailcow-1 Started 21.0s
⠿ Container mailcowdockerized-rspamd-mailcow-1 Started 21.4s
⠿ Container mailcowdockerized-netfilter-mailcow-1 Started 18.6s
⠿ Container mailcowdockerized-ipv6nat-mailcow-1 Started 21.1s
# Execute the update script (to demonstrate it still works).
#
# There are some git errors in it below, but that is because a custom branch and
# non-origin upstream (rlenferink) is used
root@ubuntu-vm3:/opt/mailcow-dockerized# ./update.sh
Checking internet connection... OK
Detecting which build your mailcow runs on...
You are receiving updates from a unsupported branch.
The mailcow stack might still work but it is recommended to switch to the master branch (stable builds).
To change that run the update.sh Script one time with the --stable parameter to switch to stable builds.
Checking for newer update script...
error: pathspec 'origin/add-podman-support' did not match any file(s) known to git
Are you sure you want to update mailcow: dockerized? All containers will be stopped. [y/N] y
Native IPv6 implementation available.
This will enable experimental features in the Docker daemon and configure Docker to do the IPv6 NATing instead of ipv6nat-mailcow.
!!! This step is recommended !!!
mailcow will try to roll back the changes if starting Docker fails after modifying the daemon.json configuration file.
Should we try to enable the native IPv6 implementation in Docker now (recommended)? [y/N] n
OK, skipping this step.
Validating docker-compose stack configuration...
Executing: docker-compose config -q
Checking for conflicting bridges...
# Warning: iptables-legacy tables present, use iptables-legacy to see them
Saving diff to update_diffs/diff_before_update_2023-01-14-11-23-13...
Prefetching images...
fatal: invalid object name 'origin/add-podman-support'.
Stopping mailcow...
Executing: docker-compose down
[+] Running 20/20
⠿ Container mailcowdockerized-olefy-mailcow-1 Removed 10.3s
⠿ Container mailcowdockerized-ipv6nat-mailcow-1 Removed 0.1s
⠿ Container mailcowdockerized-ofelia-mailcow-1 Removed 0.3s
⠿ Container mailcowdockerized-watchdog-mailcow-1 Removed 0.5s
⠿ Container mailcowdockerized-netfilter-mailcow-1 Removed 0.5s
⠿ Container mailcowdockerized-rspamd-mailcow-1 Removed 0.7s
⠿ Container mailcowdockerized-acme-mailcow-1 Removed 0.6s
⠿ Container mailcowdockerized-memcached-mailcow-1 Removed 1.0s
⠿ Container mailcowdockerized-solr-mailcow-1 Removed 1.1s
⠿ Container mailcowdockerized-clamd-mailcow-1 Removed 0.7s
⠿ Container mailcowdockerized-dockerapi-mailcow-1 Removed 10.4s
⠿ Container mailcowdockerized-postfix-mailcow-1 Removed 2.3s
⠿ Container mailcowdockerized-nginx-mailcow-1 Removed 0.5s
⠿ Container mailcowdockerized-dovecot-mailcow-1 Removed 2.3s
⠿ Container mailcowdockerized-php-fpm-mailcow-1 Removed 0.3s
⠿ Container mailcowdockerized-sogo-mailcow-1 Removed 6.6s
⠿ Container mailcowdockerized-redis-mailcow-1 Removed 0.3s
⠿ Container mailcowdockerized-mysql-mailcow-1 Removed 0.9s
⠿ Container mailcowdockerized-unbound-mailcow-1 Removed 0.2s
⠿ Network mailcowdockerized_mailcow-network Removed 0.1s
Checking for remaining containers...
Committing current status...
Fetching updated code from remote...
Merging local with remote code (recursive, strategy: "theirs", options: "patience"...
Already up to date.
Fetching new images, if any...
Executing: docker-compose pull
[+] Running 19/19
⠿ unbound-mailcow Pulled 1.0s
⠿ nginx-mailcow Pulled 1.4s
⠿ mysql-mailcow Pulled 1.4s
⠿ ofelia-mailcow Pulled 1.5s
⠿ watchdog-mailcow Pulled 1.0s
⠿ clamd-mailcow Pulled 1.4s
⠿ sogo-mailcow Pulled 1.4s
⠿ redis-mailcow Pulled 1.5s
⠿ rspamd-mailcow Pulled 1.3s
⠿ postfix-mailcow Pulled 1.3s
⠿ olefy-mailcow Pulled 1.3s
⠿ netfilter-mailcow Pulled 1.4s
⠿ solr-mailcow Pulled 1.4s
⠿ ipv6nat-mailcow Pulled 1.5s
⠿ acme-mailcow Pulled 1.3s
⠿ dovecot-mailcow Pulled 1.3s
⠿ dockerapi-mailcow Pulled 1.4s
⠿ memcached-mailcow Pulled 1.5s
⠿ php-fpm-mailcow Pulled 1.4s
Checking IPv6 settings...
Starting mailcow...
Executing: docker-compose up -d --remove-orphans
[+] Running 20/21
⠿ Network mailcowdockerized_mailcow-network Created 0.0s
⠿ Container mailcowdockerized-watchdog-mailcow-1 Started 1.8s
⠿ Container mailcowdockerized-sogo-mailcow-1 Started 1.8s
⠿ Container mailcowdockerized-redis-mailcow-1 Started 1.3s
⠿ Container mailcowdockerized-solr-mailcow-1 Started 1.6s
⠿ Container mailcowdockerized-memcached-mailcow-1 Started 1.1s
⠿ Container mailcowdockerized-dockerapi-mailcow-1 Started 1.7s
⠿ Container mailcowdockerized-unbound-mailcow-1 Started 1.5s
⠿ Container mailcowdockerized-olefy-mailcow-1 Started 1.3s
⠼ dockerapi-mailcow Your kernel does not support OomKillDisable. OomKillDisable discarded. 0.0s
⠿ Container mailcowdockerized-mysql-mailcow-1 Started 2.3s
⠿ Container mailcowdockerized-clamd-mailcow-1 Started 2.1s
⠿ Container mailcowdockerized-php-fpm-mailcow-1 Started 1.8s
⠿ Container mailcowdockerized-dovecot-mailcow-1 Started 3.3s
⠿ Container mailcowdockerized-postfix-mailcow-1 Started 3.4s
⠿ Container mailcowdockerized-nginx-mailcow-1 Started 2.3s
⠿ Container mailcowdockerized-acme-mailcow-1 Started 3.2s
⠿ Container mailcowdockerized-rspamd-mailcow-1 Started 4.0s
⠿ Container mailcowdockerized-ofelia-mailcow-1 Started 4.0s
⠿ Container mailcowdockerized-netfilter-mailcow-1 Started 3.4s
⠿ Container mailcowdockerized-ipv6nat-mailcow-1 Started 4.0s
Collecting garbage... After all containers run and mailcow can be used.
To be honest, since this change is backwards compatible (the extra functionality is not used in case of Docker and therefore this change is backwards compatible) I am feeling more to have this added to mailcow. This to make it easier for users (myself included) to keep using mailcow and update to newer versions later on. We could add a note to the |
Hi, thank you for testing and giving feedback on my concerns. To be honest with you i havn't tested podman with mailcow on any system yet. But i will of course before approving this.
That sounds like a good idea which i'll be fine with :) |
Also fixed indentation issues
This prevents extreme long docker-compose commands
eec03de
to
34b2e12
Compare
Do you need/want instructions on how I got mailcow running (rootless) on e.g. Fedora? (or Rocky Linux) (fresh installation)
Done! Also rebased on top of 'staging' due to merge conflicts. |
Here the steps I executed for running mailcow on a fresh Rocky Linux 9.1 installation. Steps for running mailcow using podman on Rocky Linux 9.1Prerequisites
Note: some steps below are the volatile options (e.g. setting environment variables or sysctl options). # Install git and patch
[root@rocky-vm2 ~]# dnf install git patch
# Install podman + docker-compose
[root@rocky-vm2 ~]# dnf install podman
[root@rocky-vm2 ~]# curl -SL https://github.com/docker/compose/releases/download/v2.15.1/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose
[root@rocky-vm2 ~]# chmod 755 /usr/local/bin/docker-compose
# Set the correct sysctl options (volatile; if persistence is needed the internet definetely has tutorials for it :-) )
[root@rocky-vm2 ~]# sysctl net.ipv4.ip_unprivileged_port_start=25
[root@rocky-vm2 ~]# sysctl net.core.somaxconn=4096
# For this demo, don't configure a firewall and just stop it
[root@rocky-vm2 ~]# systemctl stop firewalld
# Test podman (root user)
[root@rocky-vm2 ~]# podman run --rm hello-world
# Enable lingering (to 'login' the user automatically after system startup)
[root@rocky-vm2 ~]# loginctl enable-linger rlenferink
# Further steps are executed as rootless user
[root@rocky-vm2 ~]# sudo su - rlenferink
# Re-test whether podman works for the rootless user (separate storage directories per user)
[rlenferink@rocky-vm2 ~]$ podman run --rm hello-world
# Ensure the podman.sock is available for usage for mailcow
[rlenferink@rocky-vm2 ~]$ export XDG_RUNTIME_DIR=/run/user/$(id -u)
[rlenferink@rocky-vm2 ~]$ systemctl --user enable --now podman.socket
[rlenferink@rocky-vm2 ~]$ export DOCKER_HOST=unix:///run/user/$(id -u)/podman/podman.sock
# Start with the mailcow steps (store things in the home directory, but this can be any directory readable/writable by the user)
[rlenferink@rocky-vm2 ~]$ mkdir ~/mailcow-data
[rlenferink@rocky-vm2 ~]$ git clone https://github.com/mailcow/mailcow-dockerized.git
[rlenferink@rocky-vm2 ~]$ cd mailcow-dockerized/
[rlenferink@rocky-vm2 mailcow-dockerized]$ git remote add rlenferink https://github.com/rlenferink/mailcow-dockerized.git
[rlenferink@rocky-vm2 mailcow-dockerized]$ git fetch --all
[rlenferink@rocky-vm2 mailcow-dockerized]$ git checkout add-podman-support
[rlenferink@rocky-vm2 mailcow-dockerized]$ ./generate_config.sh --dev
Found Podman container engine.
NOTE: Support for Podman is experimental, consider this before deploying to production!
Found Docker Compose Standalone.
Setting the DOCKER_COMPOSE_VERSION Variable to standalone
Notice: For an automatic update of docker-compose please use the update_compose.sh scripts located at the helper-scripts folder.
Press enter to confirm the detected value '[value]' where applicable or enter a custom value.
Mail server hostname (FQDN) - this is not your mail domain, but your mail servers hostname: mail.rocky-vm2.loc
Timezone [Europe/Amsterdam]:
Enabled Dev Mode.
Not checking out a different branch!
patching file docker-compose.yml
Generating snake-oil certificate...
...+........<snip>
-----
Copying snake-oil certificate...
[rlenferink@rocky-vm2 mailcow-dockerized]$ ./mailcow-compose.sh pull
[rlenferink@rocky-vm2 mailcow-dockerized]$ ./mailcow-compose.sh up -d Hope it helps you :) |
Thanks. You can try with the latest version by dnf copr enable rhcontainerbot/podman-next -y
dnf install podman podman-py -y |
Still interested, don't get me wrong! I was thinking about the implementation phase... what if we start to enroll this for all nightly users first. With this we can get reports of bugs without risking critical issues on productive used systems. I could image to enroll the nightly demo with podman to gave the public (who don't want or can't install a dedicated nightly build) the chance to search for bugs ui/systemwise. That would make the most sense i think. Similar as we did the upgrade of the UI to Bootstrap 5. And you/we have the possibilities to commit those changes in here to have a clean cut later for the production branch. |
I was not completely sure about the Mailcow branching flow. I noticed an automated job from staging to nightly, so that was my reason to target the mailcow:staging branch. But I understand it is I surely am okay with merging this in the Just for my information: how often is @DerLinkman how do we continue with this? Probably I have to solve the merge conflicts :), after that change the target branch to |
Thanks! I also noticed the PR adding the However, I think it might be good to start with what @DerLinkman suggested and get this PR into the |
@DerLinkman I resolved the merge conflicts and changed the base branch to |
Yes that's normal. Thanks next week we can plan the integration process. |
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
Is there any Progress? Can i help to Test? |
@DerLinkman currently this PR has some merge conflicts which (again) need to be resolved. I am willing to do that, but it would help me if there is a known date where this will reviewed/tested. In #4982 (comment) we said 'somewhere next week' which at the moment is already two months ago. Since resolving these conflicts and retesting is quite time consuming for me I would appreciate a timeline. @mnaggatz I definitely welcome testers of this PR, thanks for offering! For testing |
I would like to test the changes because I also want to use mailcow with podman. But unfortunately I cannot help fixing the merge conflicts. |
Any news on this? Podman support would be super useful! |
Not planned for now :/ |
d410a6f
to
4014683
Compare
Is there any plans for work on podman support any time soon? |
I'm evaluating mailcow right now and I really would like to use it with podman and not docker. |
We need tests, tests tests. I have no time currently (maybe soon) to experiment around with this pr. |
It actually is compatible. The problem is more that podman and podman-compose version can vary drastically between different OS |
Then if, we made it podman compatible and only if we need to "force" a way to install podman like we did with docker (from their repos etc.). But again, no promises, that mailcow will ever be podman ready so to say. |
Well, requiring a non-ancient version shouldn't be a big deal. |
Hi,
This pull request extends the mailcow scripts to be able to use podman as container engine instead of Docker. This pull request is related to #2614.
Podman is an open-source tool originally created by RedHat for managing containers. It is daemon-less and allows user to run containers rootless. Podman has an Docker API compatibility layer, which means the mailcow docker-compose stack works with podman as well, al be it with minor modifications.
Since podman originated by RedHat it is fairly simple to get podman working on different distributions part of the RedHat family (RHEL, CentOS, Rocky Linux, Fedora...).
The environment I used for testing:
This pull request:
security_opt
setting to disable SELinux within the container. Note: I still have SELinux enabled on the host in enforcing mode. I couldn't get it to work without this option.CONTAINER_ENGINE_PODMAN
docker-compose override which can be included in case podman is used. This overrides e.g. the/var/run/docker.sock
host mount to the Podman socket (e.g./run/user/1000/podman/podman.sock
).CUSTOM_STORAGE_LOCATION
docker-compose override which can be included to write data to a folder on disk instead of a Docker/Podman volume. TheMAILCOW_STORAGE_DIR
is the directory where the data is stored in case this override is used.docker-compose-v2 -f docker-compose.yml -f helper-scripts/docker-compose.override.yml.d/CONTAINER_ENGINE_PODMAN/docker-compose.override.yml -f helper-scripts/docker-compose.override.yml.d/CUSTOM_STORAGE_LOCATION/docker-compose.override.yml up -d --remove-orphans
). That is why I created amailcow-compose.sh
wrapper which respects theDOCKER_COMPOSE_EXTRA_OVERRIDES
option. Some logic in theupdate.sh
script is moved to this wrapper script.my.cnf
file, since now I can easily append a bind_address using echo.sysctls
andoom_kill_disable
options, since those also don't work. Having the sysctl options set is a prerequisite anyways, since otherwise rootless users are not allowed to bind to port 25. This might be something to document on the website.The generate_config, reset-admin, reset-learns, update_compose scripts all work for me with Podman and I have mailcow running on my system as we speak 😃
I think if this is merged, that this needs to be described somewhere on the mailcow website as well.