如何从容器内运行 podman? [英] How to run podman from inside a container?

问题描述

我想将 podman 作为容器运行以运行 CI/CD 管道.但是，我不断从 podman 容器中收到此错误:

I want to run podman as a container to run CI/CD pipelines. However, I keep getting this error from the podman container:

$ podman info
ERRO[0000] 'overlay' is not supported over overlayfs
Error: could not get runtime: 'overlay' is not supported over overlayfs: backing file system is unsupported for this graph driver

我正在使用 Jenkins Kubernetes 插件来编写作为容器运行的 CI/CD 管道一个 Kubernetes 集群.我已经成功编写了使用 Docker-in-Docker 容器运行 docker build 和 docker push 命令的管道.

I am using the Jenkins Kubernetes plugin to write CI/CD pipelines that run as containers within a Kubernetes cluster. I've been successful at writing pipelines that use a Docker-in-Docker container to run docker build and docker push commands.

但是，在容器内运行 Docker 客户端和 Docker 守护程序会使 CI/CD 环境变得非常臃肿、难以配置，而且不适合使用.所以我想我可以使用 podman 从 Dockerfiles 构建 Docker 映像，而无需使用胖 Docker 守护进程.

However, running a Docker client and a Docker Daemon inside a container makes the CI/CD environment very bloated, hard to configure, and just not ideal to work with. So I figured I could use podman to build Docker images from Dockerfiles without using a fat Docker daemon.

问题是 podman 太新了，我以前没有见过任何人尝试过这个，我也没有足够的 podman 专家来正确执行这个.

The problem is that podman is so new that I have not seen anyone attempt this before, nor I am enough of a podman expert to properly execute this.

所以，我使用 podman 安装 Ubuntu 说明创建了以下 Dockerfile:

So, using the podman installation instructions for Ubuntu I created the following Dockerfile:

FROM ubuntu:16.04

RUN apt-get update -qq 
    && apt-get install -qq -y software-properties-common uidmap 
    && add-apt-repository -y ppa:projectatomic/ppa 
    && apt-get update -qq 
    && apt-get -qq -y install podman

# To keep it running
CMD tail -f /dev/null

所以我构建了图像并按如下方式运行它:

So I built the image and ran it as follows:

# Build
docker build -t podman:ubuntu-16.04 .

# Run
docker run --name podman -d podman:ubuntu-16.04

然后在正在运行的容器上运行这个命令时，我得到一个错误:

Then when running this command on the running container, I get an error:

$ docker exec -ti podman bash -c "podman info"

ERRO[0000] 'overlay' is not supported over overlayfs
Error: could not get runtime: 'overlay' is not supported over overlayfs: backing file system is unsupported for this graph driver

我在我拥有的 Ubuntu 16.04 机器上安装了 podman，并运行了相同的 podman info 命令，我得到了预期的结果:

I install podman on an Ubuntu 16.04 machine I had and ran the same podman info command I got the expected results:

host:
  BuildahVersion: 1.8-dev
  Conmon:
    package: 'conmon: /usr/libexec/crio/conmon'
    path: /usr/libexec/crio/conmon
    version: 'conmon version , commit: '
  Distribution:
    distribution: ubuntu
    version: "16.04"
  MemFree: 2275770368
  MemTotal: 4142137344
  OCIRuntime:
    package: 'cri-o-runc: /usr/lib/cri-o-runc/sbin/runc'
    path: /usr/lib/cri-o-runc/sbin/runc
    version: 'runc version spec: 1.0.1-dev'
  SwapFree: 2146758656
  SwapTotal: 2146758656
  arch: amd64
  cpus: 2
  hostname: jumpbox-4b3620b3
  kernel: 4.4.0-141-generic
  os: linux
  rootless: false
  uptime: 222h 46m 33.48s (Approximately 9.25 days)
insecure registries:
  registries: []
registries:
  registries:
  - docker.io
store:
  ConfigFile: /etc/containers/storage.conf
  ContainerStore:
    number: 0
  GraphDriverName: overlay
  GraphOptions: null
  GraphRoot: /var/lib/containers/storage
  GraphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Using metacopy: "false"
  ImageStore:
    number: 15
  RunRoot: /var/run/containers/storage
  VolumePath: /var/lib/containers/storage/volumes

有谁知道我可以如何修复这个错误并让 podman 从容器中工作?

Does anyone know how I can fix this error and get podman working from a container?

推荐答案

你的 Dockerfile 也应该安装 iptables:

Your Dockerfile should install iptables as well:

FROM ubuntu:16.04

RUN apt-get update -qq 
    && apt-get install -qq -y software-properties-common uidmap 
    && add-apt-repository -y ppa:projectatomic/ppa 
    && apt-get update -qq 
    && apt-get -qq -y install podman 
    && apt-get install -y iptables

# To keep it running
CMD tail -f /dev/null

然后运行命令:

docker run -ti --rm podman:test bash -c "podman --storage-driver=vfs info"

这应该会给您预期的响应.

This should give you the response you expect.

这篇关于如何从容器内运行 podman?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！