Podman 4.3 on Artix Linux: Install

nabbisen - Jan 27 '23 - - Dev Community

Summary

Podman is an engine for virtualization to create and maintain containers on virtual machines. It is developed by Red Hat and published as an open source software (OSS) under Apache License v2.0. The source code is written in Golang.

As I wrote before, it is cross-platform and also developed with mind to make it highly compatible with Docker.

This post shows how to install Podman on Artix Linux, based on Arch Linux and systemd-free.

Environment

Tutorial

* doas (OpenDoas) can be replaced with sudo.

Install via Pacman

Thanks to their package management system, pacman delivers Podman with a simple command line.

$ doas pacman -Sy podman
Enter fullscreen mode Exit fullscreen mode

Printed as below to ask you. I chose the default:

:: Synchronizing package databases...
 (...)
resolving dependencies...
:: There are 3 providers available for container-network-stack:
:: Repository galaxy
   1) cni-plugins
:: Repository community
   2) cni-plugins  3) netavark

Enter a number (default=1): 
Enter fullscreen mode Exit fullscreen mode

Then followed by:

looking for conflicting packages...

Packages (14) catatonit-0.1.7-2  cni-plugins-1.2.0-2  conmon-1:2.1.5-1  containers-common-1:0.50.1-2
              criu-3.17.1-1  crun-1.7.2-1  libslirp-4.7.0-1  nftables-1:1.0.6-1  protobuf-c-1.4.1-1
              python-protobuf-21.12-1  python-six-1.16.0-6  slirp4netns-1.2.0-1  yajl-2.1.0-5
              podman-4.3.1-2

Total Download Size:    30.62 MiB
Total Installed Size:  177.23 MiB

:: Proceed with installation? [Y/n] y
Enter fullscreen mode Exit fullscreen mode

The installation started and the output was:

:: Retrieving packages...
 podman-4.3.1-2-x86_64             16.2 MiB  2.51 MiB/s 00:06 [#################################] 100%
 (...)
 Total (14/14)                     30.6 MiB  1457 KiB/s 00:22 [#################################] 100%
(14/14) checking keys in keyring                              [#################################] 100%
(...)
(14/14) checking available disk space                         [#################################] 100%
:: Processing package changes...
( 1/14) installing catatonit                                  [#################################] 100%
(...)
(14/14) installing podman                                     [#################################] 100%
Optional dependencies for podman
    apparmor: for AppArmor support
    btrfs-progs: support btrfs backend devices [installed]
    cni-plugins: for an alternative container-network-stack implementation [installed]
    podman-compose: for docker-compose compatibility
    podman-docker: for Docker-compatible CLI
:: Running post-transaction hooks...
(1/1) Creating temporary files...
Enter fullscreen mode Exit fullscreen mode

Confirm Kernel parameters

kernel.unprivileged_userns_clone must be enabled.

Check unprivileged_userns_clone is set to 1 instead of 0:

sysctl kernel.unprivileged_userns_clone
Enter fullscreen mode Exit fullscreen mode

The output was:

kernel.unprivileged_userns_clone = 1
Enter fullscreen mode Exit fullscreen mode

OK.

Install QEMU

To manage Podman virtual machines, QEMU, a "generic and open source machine emulator and virtualizer", is required.

It's available via Pacman, too. Let's install it:

$ doas pacman -Sy qemu-base
Enter fullscreen mode Exit fullscreen mode

Printed as below to ask you. It's all right to choose the default:

:: Synchronizing package databases...
 (...)
:: There are 2 providers available for libwolfssl.so=35-64:
:: Repository world
   1) wolfssl
:: Repository extra
   2) wolfssl

Enter a number (default=1): 
Enter fullscreen mode Exit fullscreen mode

The output was:

looking for conflicting packages...

Packages (44) capstone-4.0.2-6  dtc-1.6.1-4  edk2-ovmf-202211-3  libcacard-2.7.0-2.1  libnfs-5.0.2-1
              liburing-2.3-1  multipath-tools-0.9.4-1  numactl-2.0.16-1  qemu-audio-spice-7.2.0-3
              qemu-block-curl-7.2.0-3  qemu-block-dmg-7.2.0-3  qemu-block-nfs-7.2.0-3
              qemu-block-ssh-7.2.0-3  qemu-chardev-spice-7.2.0-3  qemu-common-7.2.0-3
              qemu-hw-display-qxl-7.2.0-3  qemu-hw-display-virtio-gpu-7.2.0-3
              qemu-hw-display-virtio-gpu-gl-7.2.0-3  qemu-hw-display-virtio-gpu-pci-7.2.0-3
              qemu-hw-display-virtio-gpu-pci-gl-7.2.0-3  qemu-hw-display-virtio-vga-7.2.0-3
              qemu-hw-display-virtio-vga-gl-7.2.0-3  qemu-hw-s390x-virtio-gpu-ccw-7.2.0-3
              qemu-hw-usb-host-7.2.0-3  qemu-hw-usb-redirect-7.2.0-3  qemu-hw-usb-smartcard-7.2.0-3
              qemu-img-7.2.0-3  qemu-pr-helper-7.2.0-3  qemu-system-x86-7.2.0-3
              qemu-system-x86-firmware-7.2.0-3  qemu-tools-7.2.0-3  qemu-ui-curses-7.2.0-3
              qemu-ui-opengl-7.2.0-3  qemu-ui-spice-app-7.2.0-3  qemu-ui-spice-core-7.2.0-3
              qemu-virtiofsd-7.2.0-3  seabios-1.16.1-1  snappy-1.1.9-2  spice-0.15.1-1
              usbredir-0.13.0-1  vde2-2.3.3-3  virglrenderer-0.10.4-1  wolfssl-5.5.4-1
              qemu-base-7.2.0-3

Total Download Size:    30.00 MiB
Total Installed Size:  138.25 MiB

:: Proceed with installation? [Y/n] y
:: Retrieving packages...
 edk2-ovmf-202211-3-any            15.2 MiB  2.11 MiB/s 00:07 [#################################] 100%
 (...)
 Total (44/44)                     30.0 MiB   528 KiB/s 00:58 [#################################] 100%
(44/44) checking keys in keyring                              [#################################] 100%
(...)
(44/44) checking available disk space                         [#################################] 100%
:: Processing package changes...
( 1/44) installing numactl                                    [#################################] 100%
(...)
(44/44) installing qemu-base                                  [#################################] 100%
Optional dependencies for qemu-base
    qemu-audio-alsa: for ALSA audio driver
    (...)
    qemu-virtiofsd: for virtio-fs shared filesystem daemon [installed]
    samba: for SMB/CIFS server support
:: Running post-transaction hooks...
(1/5) Creating system user accounts...
Creating group 'qemu' with GID 973.
Creating user 'qemu' (QEMU user) with UID 973 and GID 973.
(2/5) Creating temporary files...
(3/5) Reloading device manager configuration...
(4/5) Updating icon theme caches...
(5/5) Updating the desktop file MIME type cache...
Enter fullscreen mode Exit fullscreen mode

Troubleshooting

QEMU base installation above probably prevents the error below:

$ podman machine init
Error: exec: "qemu-system-x86_64": executable file not found in $PATH
Enter fullscreen mode Exit fullscreen mode

Install additional dependencies

According to Arch Linux's Podman wiki, it is necessary to install fuse-overlayfs, "FUSE implementation of overlayfs", and slirp4netns, "User-mode networking for unprivileged network namespaces".

The latter came with Podman installation, but the former didn't. So let's install it:

$ doas pacman -Sy fuse-overlayfs
Enter fullscreen mode Exit fullscreen mode

The output was:

:: Synchronizing package databases...
(...)
resolving dependencies...
looking for conflicting packages...

Packages (1) fuse-overlayfs-1.10-1

Total Installed Size:  0.11 MiB

:: Proceed with installation? [Y/n] y
(...)
(1/1) installing fuse-overlayfs                                    [#####################################] 100%
Enter fullscreen mode Exit fullscreen mode

Configure Podman

containers.conf

Artix is systemd-free. So, we have to tell Podman containers so. Edit the conf:

$ # make a backup
$ doas cp -p /etc/containers/containers.conf /etc/containers/containers.conf.org

$ # edit
$ doas nvim /etc/containers/containers.conf
Enter fullscreen mode Exit fullscreen mode

to write as below in [engine] section:

  #cgroup_manager = "systemd"
+ cgroup_manager = "cgroupfs"
Enter fullscreen mode Exit fullscreen mode

uid / gid

Since Podman works in rootless mode by default, you have to prepare user / group for it.

/etc/subuid and /etc/subgid are the configuration files. Append your login user definition to them like:

+ {your-user}:100000:65536
Enter fullscreen mode Exit fullscreen mode

Podman system migration

Run:

$ podman system migrate
Enter fullscreen mode Exit fullscreen mode

The output was:

WARN[0000] "/" is not a shared mount, this could cause issues or missing mounts with rootless containers
Enter fullscreen mode Exit fullscreen mode

The warning occurred because of lack of buildah of Containers. It can be fixed by installing it beforehand.

Initialize virtual machine

Now podman is ready to create your first virtual machine !! Run:

$ podman machine init
Enter fullscreen mode Exit fullscreen mode

The output was:

Downloading VM image: fedora-coreos-37.20230110.2.0-qemu.x86_64.qcow2.xz: done  
Extracting compressed file
Image resized.
Error: exec: "timedatectl": executable file not found in $PATH
Enter fullscreen mode Exit fullscreen mode

The error above was due to that OpenRC doesn't have timedatectl of systemd to customize Timezone 😅

How in the world is the current situation ?
The virtual machine was created but its ignition file was not due to the error above.
It is fatal, not always but sometimes. It's better to fix it. I'll show how to do it in another post.

Manage container images

Now you can pull container images from hosting services. For example, let's get Alpine Linux, one of the most popular, from Docher Hub:

$ podman pull docker.io/alpine
Enter fullscreen mode Exit fullscreen mode

Got 😉 ? In my case, the output was:

Trying to pull docker.io/library/alpine:latest...
Getting image source signatures
Copying blob (...)
Copying config (...)
Writing manifest to image destination
Storing signatures
(...)
Enter fullscreen mode Exit fullscreen mode

Can make it a bit more convenient

Besides, if you want to omit docker.io/, edit registries.conf:

$ # make a backup
$ doas cp -p /etc/containers/registries.conf /etc/containers/registries.conf.org

$ # edit
$ doas nvim /etc/containers/registries.conf
Enter fullscreen mode Exit fullscreen mode

to append the lines to the bottom:

+ [registries.search]
+ registries = ['docker.io']
Enter fullscreen mode Exit fullscreen mode

Run web server for testing

We are ready although there are some which it's better to fix. Let's run a container and have fun.

Get Apache httpd server on Alpine:

$ podman pull docker.io/httpd:alpine
Enter fullscreen mode Exit fullscreen mode

Then run it:

$ podman run -p 8080:80 httpd:alpine
Enter fullscreen mode Exit fullscreen mode

Access to http://127.0.0.1:8080 with your browser.
You will see... 😄

podman container: httpd works

Conclusion

Podman is developed with mind of security and stablity. First, Podman is daemon-less. The containers on the virtual machine benefit from it, for they are not often affected by another. Additionally, they are rootless by default, which makes running them more secure.

Hope that Podman brings environments which are reusable and isolated as possible, and you get advanced productivity or operation.

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .