feat(scripts): add interactive podman rootless setup#485
feat(scripts): add interactive podman rootless setup#485keithy wants to merge 2 commits intonextlevelbuilder:mainfrom
Conversation
|
When running rootless using podman we want files/permissions to be the invoking user/group. We do not want the container to change user, because then podman will map that container-only-user to some other unhelpful uid/gid. With userns=keep-id set, this injects the running user/uid/gid into the containers /etc/passwd and starts the container with that user, not root for real, and not root-inside-container. If you do set --user 0:0 (or override in compose with user: 0:0) then that will run as the rootless user (outside the container) but root-inside-container 0:0. Presently scripts written for docker will then kick in to change this and suexec. (Generally we don't want this) |
keithy
force-pushed
the
feature/podman-setup-script
branch
from
0cb3a8a to
ad8c36c
Compare
|
resolver issue now fixed #550 (switch nginx.conf to use, default.conf.template, the official containers templateing system with envsubst). Good to go. |
keithy
force-pushed
the
feature/podman-setup-script
branch
3 times, most recently
from
6bb47fa to
b0f0975
Compare
keithy
force-pushed
the
feature/podman-setup-script
branch
2 times, most recently
from
caf7cf5 to
886a833
Compare
- setup.sh: Interactive config installer with explanatory prompts - keep-id userns: Container UID 0 maps to host user via containers.conf - NGINX_DNS_RESOLVER: Set via env var (podman uses aardvark-dns, not 127.0.0.11) - Storage at /opt/storage on external volume (e.g. ZFS) - Network fix overlay for podman compose See options/podman/README.md for documentation. 💘 Generated with Crush
keithy
force-pushed
the
feature/podman-setup-script
branch
from
886a833 to
7a30640
Compare
- Reorganize config/containers/ to mirror destination path - Add oci-hook.d/poststop for auto-commit on exit 42 - Simplify setup.sh to single recursive copy - Update README with hook documentation 💘 Generated with Crush Assisted-by: MiniMax-M2.7 via Crush <crush@charm.land>
|
how can I help get this change merged? Looks like there is a CI check failing |
|
the check failing is nothing to do with this PR, there is an update coming, that I hope will be liked. |
2 participants
Summary
options/podman/setup.shscript~/.config/containers/.envNOTE: switch to use selfservice conf.d/default.conf.template to allow for NGINX_DNS_RESOLVER to be set.