Inquiry About Nested Podman/Docker Support for Development Environments

[jcastillopro]

I'm seeking guidance on setting up nested instances of Podman or Docker within Vanilla OS for development purposes. My goal is to establish isolated development environments. Could you provide insights or documentation on how to integrate Podman or Docker into subsystems or stacks within Vanilla OS? I'm particularly interested in understanding the steps or best practices for configuring nested container environments to maintain separate development spaces.
I found this guide, but I still haven't managed to implement it in Vanilla OS:
Thank you for your assistance!

[lukas-kasticky]

There's documentation for setting up podman inside distrobox, but there doesn't seem to be a way to pass these options to apx or to run distrobox directly instead.

---

Creating a subsystem with systemd doesn't work either:

apx subsystem new --stack opensuse --name pods --init
apx pods enter

sudo usermod --add-subuids 10000-65536 $USER
sudo usermod --add-subgids 10000-65536 $USER
# Skipping a step because we can't access `/etc/containers/containers.conf`
# (see docs linked above)

podman run --rm -ti alpine

ERRO[0000] running `/usr/bin/newuidmap 23915 0 1001 1 1 10000 55537`: newuidmap: write to uid_map failed: Operation not permitted 
ERRO[0000] invalid internal status, try resetting the pause process with "podman system migrate": cannot set up namespace using "/usr/bin/newuidmap": should have setuid or have filecaps setuid: exit status 1 

[taukakao]

I would recommend just installing distrobox on the host as well for this usecase.

In VanillaOS, you would do that with:
abroot pkg add distrobox
abroot pkg apply
reboot

[lukas-kasticky]

Interesting, that leaves a few questions :)

Would a box created like that be visible in apx?

And if I have to install distrobox anyways, what's the purpose of apx? Having subsystems, stacks etc. seem to be very useful, but is there a reason distrobox isn't exposed to the user with apx "just" as a configuration tool?

[taukakao]

That box would not be visible in apx, no.

And apx serves a specific workflow. Your workflow (nested containers) is rather specific so it's outside of the scope of apx.

[jcastillopro]

Thank you very much @taukakao for the clarification. If I skip using Distrobox, how can I set up a development environment using Podman or Docker with the Docker extension for Visual Studio Code? I know there's a guide in the documentation, but it mentions that it doesn’t work for Vanilla OS 2 (Orchid).

[taukakao]

I would recommend just making a symlink to /usr/bin/host-shell as /usr/bin/podman
ln -s host-shell /usr/bin/podman

This will allow you to use podman as if it was installed inside the cotainer.

I'm not sure what the VSCode extension needs for it to work. My workflow here is to install VSCode inside the development container, so it's as integrated as possible.

[jcastillopro]

@taukakao thank you very much for the support and for sharing that trick. After executing the command in the terminal, it works super well in the terminal, but I haven't had success in vscode. This is the recommended configuration:

{
    "docker.environment": {
        "docker.host": "unix:///run/user/1001/podman/podman.sock",
        "docker.dockerPath":"/usr/bin/podman"
    },
}

I have been testing with the vscode version from the store and in vso-pico, and I don't quite understand how the podman client from the store works perfectly, but the vscode from the store does not. I will keep checking.

Thank you very much.

[taukakao]

Try setting the socket to unix:///run/host/run/user/1001/podman/podman.sock

The VSCode version for the store is a flatpak and that has a lot of drawbacks for an IDE so I would not recommend it.