Document Support for podman v2

[dfreilich]

Summary

We should document how you can use podman v2 to build images.

We should follow the steps shown in buildpacks/pack#966 (comment)

What questions should this documentation answer?

• How can I use podman?
• What are common or uncommon gotchas?

Who is the target audience for this documentation?

• App Developer
• Buildpack Author
• Operator
• Other:

Additional Information

[frenzymadness]

I will gladly test everything related to podman on Fedora/RHEL/Centos.

[micahyoung]

If it's helpful (and I realize this is somewhat orthogonal), here's some existing experiments I did a couple weeks ago with a containerized podman + --docker-host: https://gist.github.com/micahyoung/1b2d750226265b0fae607e89cade7385#pack-within-podman-container

But as an example, maybe only useful as a reference as it's everything running in a privileged, Docker container so pretty unaligned for your standard RHEL + podman user, I expect.

[matejvasek]

I am not sure if v2 in the title is correct, latest podman is v3, v2 doesn't support docker API well enough to work with pack.

[fatherlinux]

I wrote a quick blog which demonstrates how to run this on Fedora in a way in which a Podman + Fedora/RHEL user would think of it. To get it to work, I have to disable SELinux. I "tried" messing with the --publish flag to see if that would preclude the need to push the image into the local image store, but I forgot that with Docker this isn't really possible.

http://crunchtools.com/testing-cloud-native-buildpacks-on-fedora-with-podman/

Is there a way with pack to pass "docker" a flag like --privileged? I think it would be worth doing that to make it explicit that a user is in fact running a privileged container. Also, if I had a way to do this, I could probably do this rootless and still be "decently" secure.

[fatherlinux]

@micahyoung also, we did add the pack CLI to Fedora recently, so all you have to do is run "yum install pack"

[jromero]

@matejvasek and I are working on something here: https://hackmd.io/v59Gb3GaQVqPb-ojkvaJxw

Debating on whether it should be a blog post of docs... 🤔

[dfreilich]

@jromero That looks awesome!

[dmikusa]

@jromero Your instructions worked for me on my MBP. The only issue I had is that after running pack build and then running podman images, I didn't see any images. They were clearly somewhere because pack build ran normally.

For me the difference was the default podman system connection. For me, after brew install, it was set like this:

> podman system connection ls
Name                         Identity                                    URI
podman-machine-default*      /Users/dmikusa/.ssh/podman-machine-default  ssh://core@localhost:60014/run/user/1000/podman/podman.sock
podman-machine-default-root  /Users/dmikusa/.ssh/podman-machine-default  ssh://root@localhost:60014/run/podman/podman.sock

The command you have to set DOCKER_HOST for pack is using the root connection, but I was looking at the default which for me was set to the non-root connection. Thus podman images returned nothing.

I had to run podman system connection default podman-machine-default-root so that I could see the images. Maybe worth mentioning in your doc.

I also tried setting DOCKER_HOST to the non-root context, but had build issues. Not sure if that's something worth explaining in the doc also.

[jromero]

I had to run podman system connection default podman-machine-default-root so that I could see the images. Maybe worth mentioning in your doc.

Created PR: #456

I also tried setting DOCKER_HOST to the non-root context, but had build issues. Not sure if that's something worth explaining in the doc also.

We should be getting rid of the need to use the root context once this issue is complete. I added a mention to it in the docs.

Thank you for the feedback and report.