Get rid of Linux Podman Machine requirement and instead run escalated privileged CLI command. #623
Assignees
Labels
kind/feature 💡
Issue for requesting a new feature
Comments
|
So, I have a pretty strong opinion that this project should not be implementing its own logic here in the medium/long term but should just be a GUI around a CLI (and maybe that CLI exposes a language API). There's a lot of related threads on the podman-bootc CLI for this, see: containers/podman-bootc#9 I feel strongly enough about this that I think this issue should be closed as a duplicate of #166 |
|
I agree with @cgwalters. If we get podman-bootc into a state where it can run on Linux without a machine and get the bootc-extension to use podman-bootc, it's a huge win. Requires some organization and good planning along with commitments to meet deadlines. |
For this issue I'm referring to the building image fix / removing the podman machine requirement as Linux builds aren't working right now. Not with regards to running the resulting image in a VM. From my understanding https://github.com/containers/podman-bootc helps (at the moment) with regards to spinning up the VM / using the resulting built image. From my understanding there's no other features implemented yet (issues opened for them though regarding bib). I agree that we should get this in medium/long-term, but this issue should focus on the short-term fix of linux builds. EDIT: I see containers/podman-bootc#58 which is awesome and a lot more new PR's. But I believe again that a temporary fix should go in under we switch 100% to podman-bootc for all build logic across mac / windows / linux. |
|
I would prefer it as a wrapper around a cli too, but I think it would depend on the timeline? i.e. when would podman-bootc support windows and be the preferred approach enough so that pages like https://osbuild.org/docs/bootc/ would change? If that was in the pipe/'soonish' then we should just wait and focus on that, but if not we'll likely need to do something in the meantime. |
|
@germag WDYT? |
|
Another caveat too is how Podman Machine on Podman Desktop is by default root / rootful on macOS and Windows when creating the machine, but non-root on Linux (since it requires no podman machine). From the PR: containers/podman-bootc#58 we will be hardcoding: /var/lib/containers/storage (https://github.com/containers/podman-bootc/pull/58/files#diff-b617e9b9c374b3eb34e1995a6010fadc91cfaa59baba743b40bec8163eec0ed0R158). But bootc-image-builder requires root to function due to filesystem requirements. What the current workflow looks like: macOS & Windows:
But the current cycle for Linux is:
What I'm proposing for Linux is as a short-term fix until we are at 100% feature parity with bib for podman-bootc is:
TLDR; Linux builds are failing at the moment, due to very old Podman versions on different machines (openSUSE tumbleweed, fedora 40, etc.) using flakey podman machine's and we should fix them with this solution until Linux support is better. |
This was referenced Jul 26, 2024
cdrage
added a commit
to cdrage/podman-desktop-extension-bootc
that referenced
this issue
Jul 30, 2024
### What does this PR do? * Switches to using native podman building for Linux rather than using podman machine * Tested against using a manifest as well as a normal image. * Uses CLI commands the equivalant of doing `sudo podman run`. PD does not support running / viewing / using sudo root connections. So we use the CLI instead * Uses CLI commands for saving the image / importing as well. The reasoning is that importing requires `sudo` / privileged and retrieving via image ID does not work for saving via the API. ### Screenshot / video of UI <!-- If this PR is changing UI, please include screenshots or screencasts showing the difference --> ### What issues does this PR fix or reference? <!-- Include any related issues from Podman Desktop repository (or from another issue tracker). --> Closes containers#623 ### How to test this PR? <!-- Please explain steps to reproduce --> 1. Try on Linux (Fedora 40 or above) 2. Go to build and it should ask for credentials after a few moments of building 3. Successful image build Signed-off-by: Charlie Drage <[email protected]>
cdrage
added a commit
to cdrage/podman-desktop-extension-bootc
that referenced
this issue
Jul 30, 2024
### What does this PR do? * Switches to using native podman building for Linux rather than using podman machine * Tested against using a manifest as well as a normal image. * Uses CLI commands the equivalant of doing `sudo podman run`. PD does not support running / viewing / using sudo root connections. So we use the CLI instead * Uses CLI commands for saving the image / importing as well. The reasoning is that importing requires `sudo` / privileged and retrieving via image ID does not work for saving via the API. ### Screenshot / video of UI <!-- If this PR is changing UI, please include screenshots or screencasts showing the difference --> ### What issues does this PR fix or reference? <!-- Include any related issues from Podman Desktop repository (or from another issue tracker). --> Closes containers#623 ### How to test this PR? <!-- Please explain steps to reproduce --> 1. Try on Linux (Fedora 40 or above) 2. Go to build and it should ask for credentials after a few moments of building 3. Successful image build Signed-off-by: Charlie Drage <[email protected]>
cdrage
added a commit
to cdrage/podman-desktop-extension-bootc
that referenced
this issue
Jul 31, 2024
### What does this PR do? * Switches to using native podman building for Linux rather than using podman machine * Tested against using a manifest as well as a normal image. * Uses CLI commands the equivalant of doing `sudo podman run`. PD does not support running / viewing / using sudo root connections. So we use the CLI instead * Uses CLI commands for saving the image / importing as well. The reasoning is that importing requires `sudo` / privileged and retrieving via image ID does not work for saving via the API. ### Screenshot / video of UI <!-- If this PR is changing UI, please include screenshots or screencasts showing the difference --> ### What issues does this PR fix or reference? <!-- Include any related issues from Podman Desktop repository (or from another issue tracker). --> Closes containers#623 ### How to test this PR? <!-- Please explain steps to reproduce --> 1. Try on Linux (Fedora 40 or above) 2. Go to build and it should ask for credentials after a few moments of building 3. Successful image build Signed-off-by: Charlie Drage <[email protected]>
cdrage
added a commit
to cdrage/podman-desktop-extension-bootc
that referenced
this issue
Jul 31, 2024
### What does this PR do? * Switches to using native podman building for Linux rather than using podman machine * Tested against using a manifest as well as a normal image. * Uses CLI commands the equivalant of doing `sudo podman run`. PD does not support running / viewing / using sudo root connections. So we use the CLI instead * Uses CLI commands for saving the image / importing as well. The reasoning is that importing requires `sudo` / privileged and retrieving via image ID does not work for saving via the API. ### Screenshot / video of UI <!-- If this PR is changing UI, please include screenshots or screencasts showing the difference --> ### What issues does this PR fix or reference? <!-- Include any related issues from Podman Desktop repository (or from another issue tracker). --> Closes containers#623 ### How to test this PR? <!-- Please explain steps to reproduce --> 1. Try on Linux (Fedora 40 or above) 2. Go to build and it should ask for credentials after a few moments of building 3. Successful image build Signed-off-by: Charlie Drage <[email protected]>
cdrage
added a commit
to cdrage/podman-desktop-extension-bootc
that referenced
this issue
Jul 31, 2024
### What does this PR do? * Switches to using native podman building for Linux rather than using podman machine * Tested against using a manifest as well as a normal image. * Uses CLI commands the equivalant of doing `sudo podman run`. PD does not support running / viewing / using sudo root connections. So we use the CLI instead * Uses CLI commands for saving the image / importing as well. The reasoning is that importing requires `sudo` / privileged and retrieving via image ID does not work for saving via the API. ### Screenshot / video of UI <!-- If this PR is changing UI, please include screenshots or screencasts showing the difference --> ### What issues does this PR fix or reference? <!-- Include any related issues from Podman Desktop repository (or from another issue tracker). --> Closes containers#623 ### How to test this PR? <!-- Please explain steps to reproduce --> 1. Try on Linux (Fedora 40 or above) 2. Go to build and it should ask for credentials after a few moments of building 3. Successful image build Signed-off-by: Charlie Drage <[email protected]>
cdrage
added a commit
to cdrage/podman-desktop-extension-bootc
that referenced
this issue
Jul 31, 2024
### What does this PR do? * Switches to using native podman building for Linux rather than using podman machine * Tested against using a manifest as well as a normal image. * Uses CLI commands the equivalant of doing `sudo podman run`. PD does not support running / viewing / using sudo root connections. So we use the CLI instead * Uses CLI commands for saving the image / importing as well. The reasoning is that importing requires `sudo` / privileged and retrieving via image ID does not work for saving via the API. ### Screenshot / video of UI <!-- If this PR is changing UI, please include screenshots or screencasts showing the difference --> ### What issues does this PR fix or reference? <!-- Include any related issues from Podman Desktop repository (or from another issue tracker). --> Closes containers#623 ### How to test this PR? <!-- Please explain steps to reproduce --> 1. Try on Linux (Fedora 40 or above) 2. Go to build and it should ask for credentials after a few moments of building 3. Successful image build Signed-off-by: Charlie Drage <[email protected]>
cdrage
added a commit
to cdrage/podman-desktop-extension-bootc
that referenced
this issue
Jul 31, 2024
### What does this PR do? * Switches to using native podman building for Linux rather than using podman machine * Tested against using a manifest as well as a normal image. * Uses CLI commands the equivalant of doing `sudo podman run`. PD does not support running / viewing / using sudo root connections. So we use the CLI instead * Uses CLI commands for saving the image / importing as well. The reasoning is that importing requires `sudo` / privileged and retrieving via image ID does not work for saving via the API. ### Screenshot / video of UI <!-- If this PR is changing UI, please include screenshots or screencasts showing the difference --> ### What issues does this PR fix or reference? <!-- Include any related issues from Podman Desktop repository (or from another issue tracker). --> Closes containers#623 ### How to test this PR? <!-- Please explain steps to reproduce --> 1. Try on Linux (Fedora 40 or above) 2. Go to build and it should ask for credentials after a few moments of building 3. Successful image build Signed-off-by: Charlie Drage <[email protected]>
cdrage
added a commit
to cdrage/podman-desktop-extension-bootc
that referenced
this issue
Jul 31, 2024
### What does this PR do? * Switches to using native podman building for Linux rather than using podman machine * Tested against using a manifest as well as a normal image. * Uses CLI commands the equivalant of doing `sudo podman run`. PD does not support running / viewing / using sudo root connections. So we use the CLI instead * Uses CLI commands for saving the image / importing as well. The reasoning is that importing requires `sudo` / privileged and retrieving via image ID does not work for saving via the API. ### Screenshot / video of UI <!-- If this PR is changing UI, please include screenshots or screencasts showing the difference --> ### What issues does this PR fix or reference? <!-- Include any related issues from Podman Desktop repository (or from another issue tracker). --> Closes containers#623 ### How to test this PR? <!-- Please explain steps to reproduce --> 1. Try on Linux (Fedora 40 or above) 2. Go to build and it should ask for credentials after a few moments of building 3. Successful image build Signed-off-by: Charlie Drage <[email protected]>
cdrage
added a commit
to cdrage/podman-desktop-extension-bootc
that referenced
this issue
Jul 31, 2024
### What does this PR do? * Switches to using native podman building for Linux rather than using podman machine * Tested against using a manifest as well as a normal image. * Uses CLI commands the equivalant of doing `sudo podman run`. PD does not support running / viewing / using sudo root connections. So we use the CLI instead * Uses CLI commands for saving the image / importing as well. The reasoning is that importing requires `sudo` / privileged and retrieving via image ID does not work for saving via the API. ### Screenshot / video of UI <!-- If this PR is changing UI, please include screenshots or screencasts showing the difference --> ### What issues does this PR fix or reference? <!-- Include any related issues from Podman Desktop repository (or from another issue tracker). --> Closes containers#623 ### How to test this PR? <!-- Please explain steps to reproduce --> 1. Try on Linux (Fedora 40 or above) 2. Go to build and it should ask for credentials after a few moments of building 3. Successful image build Signed-off-by: Charlie Drage <[email protected]>
cdrage
added a commit
to cdrage/podman-desktop-extension-bootc
that referenced
this issue
Jul 31, 2024
### What does this PR do? * Switches to using native podman building for Linux rather than using podman machine * Tested against using a manifest as well as a normal image. * Uses CLI commands the equivalant of doing `sudo podman run`. PD does not support running / viewing / using sudo root connections. So we use the CLI instead * Uses CLI commands for saving the image / importing as well. The reasoning is that importing requires `sudo` / privileged and retrieving via image ID does not work for saving via the API. ### Screenshot / video of UI <!-- If this PR is changing UI, please include screenshots or screencasts showing the difference --> ### What issues does this PR fix or reference? <!-- Include any related issues from Podman Desktop repository (or from another issue tracker). --> Closes containers#623 ### How to test this PR? <!-- Please explain steps to reproduce --> 1. Try on Linux (Fedora 40 or above) 2. Go to build and it should ask for credentials after a few moments of building 3. Successful image build Signed-off-by: Charlie Drage <[email protected]>
cdrage
added a commit
to cdrage/podman-desktop-extension-bootc
that referenced
this issue
Aug 1, 2024
### What does this PR do? * Switches to using native podman building for Linux rather than using podman machine * Tested against using a manifest as well as a normal image. * Uses CLI commands the equivalant of doing `sudo podman run`. PD does not support running / viewing / using sudo root connections. So we use the CLI instead * Uses CLI commands for saving the image / importing as well. The reasoning is that importing requires `sudo` / privileged and retrieving via image ID does not work for saving via the API. ### Screenshot / video of UI <!-- If this PR is changing UI, please include screenshots or screencasts showing the difference --> ### What issues does this PR fix or reference? <!-- Include any related issues from Podman Desktop repository (or from another issue tracker). --> Closes containers#623 ### How to test this PR? <!-- Please explain steps to reproduce --> 1. Try on Linux (Fedora 40 or above) 2. Go to build and it should ask for credentials after a few moments of building 3. Successful image build Signed-off-by: Charlie Drage <[email protected]>
cdrage
added a commit
to cdrage/podman-desktop-extension-bootc
that referenced
this issue
Aug 1, 2024
### What does this PR do? * Switches to using native podman building for Linux rather than using podman machine * Tested against using a manifest as well as a normal image. * Uses CLI commands the equivalant of doing `sudo podman run`. PD does not support running / viewing / using sudo root connections. So we use the CLI instead * Uses CLI commands for saving the image / importing as well. The reasoning is that importing requires `sudo` / privileged and retrieving via image ID does not work for saving via the API. ### Screenshot / video of UI <!-- If this PR is changing UI, please include screenshots or screencasts showing the difference --> ### What issues does this PR fix or reference? <!-- Include any related issues from Podman Desktop repository (or from another issue tracker). --> Closes containers#623 ### How to test this PR? <!-- Please explain steps to reproduce --> 1. Try on Linux (Fedora 40 or above) 2. Go to build and it should ask for credentials after a few moments of building 3. Successful image build Signed-off-by: Charlie Drage <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe
Podman Machine is a requirement in order to run this extension which causes inconveniences for Linux users.
It requires us create a separate podman machine, use it, as well as make sure that it also has the correct image too.
There have been numerous cases where Podman Machine isn't detected (it is not officially supported and a hidden feature of PD) and requires PD to be restarted to "use" the podman machine.
Why this is possible now:
There are also other cases:
Describe the solution you'd like
Instead, our extension could use the exec command / process command of PD extension to run a privileged command (https://github.com/containers/podman-desktop/blob/main/packages/extension-api/src/extension-api.d.ts#L4114) and run the following example command:
sudo podman run \ --name httpd-bootc-image-builder \ --tty \ --privileged \ --security-opt label=type:unconfined_t \ -v /home/testuser/bootc/test123:/output/ \ -v $HOME/.local/share/containers/storage:/var/lib/containers/storage \ --label bootc.image.builder=true \ quay.io/centos-bootc/bootc-image-builder:latest-1720185748 \ quay.io/bootc-extension/httpd:latest \ --output \ /output/ \ --local \ --type \ raw \ --target-arch \ amd64Note that this is running the SUDO command but uses
$HOME/.local/share/containers/storage/.for the storage. This means that the user can use podman rootless like normal, but just for building, it will use SUDO.Describe alternatives you've considered
No response
Additional context
No response
The text was updated successfully, but these errors were encountered: