Tom Sweeney, Brent Baude, Anders Björklund (afbjorklund), Greg Shomo, sshnaidm, Jordan Christiansen (xordspar0), Ralf Haferkamp, Paul Holzinger, Giuseppe Scrivano, Shenghao Yang, Ashley Cui, Brett Tofel, Alex Litvak, Nalin Dahyabhai, Qi Wang, Scott McCarty, Lokesh Mandvekar, Ed Haynes, Valentin Rothberg, Christian Felder, Holger Gantikow, James Cassell, Dan Walsh, Peter Hunt, Urvashi Mohnani
Anders talked about his work in containers starting with chroot to jails, to zones, to openVZ, to LX and finally to Docker. Slide Deck here.
Within Docker, runc, containerd and Moby project.
What was very interesting to him was the boot2docker, a lightweight distribution based on Tiny Core Linux made specifically to run Docker containers. This was productized into the Docker toolbox.
Base.Tiny Core Linux which runs on multiple architectures.
His boot2podman project was to try and emulate boot2docker. Used a custom kernel, add-on initrd and build tools.
When running containers from scratch you need kernel, build, packages (runc, Podman, conmon, cni-plugins, varlink Buildah, Skopeo) and others such as ssh. Varlink was used to run remote connections for Podman.
Varlink tool and library talks to different interfaces and runs on a socket.
Machine lets you create Podman hosts on computer, it creates servers with Podman on them, then configures the Podman client to talk to them.
boot2docker was recently deprecated and move to unmaintained image. boot2podman also deprecated due to varlink being replaced with REST API.
Anders then ran a demo (16:00 in video). He does not yet have support for V2 Podman, but in the works.
The following is not a commitment from Red Hat, but what we think and hope to do.
How we work
Short Names (see next topic)
Volume plugins * Ongoing requirement from users and customers * Compatible with Docker
Docker compose * Ongoing requirement from users and customers * podman-compose * Getting close * Podman generate and play kube is strategic future.
* Longstanding upstream request
podman run --network-alias foo1 ...
* Wired into dnsname plugin.
* Backend and Frontend WIP PR’s exist.
* Opens up network connect and disconnect.
* Work is ongoing and needed for docker-compose.
Clone (rename) containers * Longstanding upstream request * Challenges our architecture where container description are immutable.
Secrets * Add “secrets” to a container * Lots of open-ended questions here yet, but design meeting pending. Ashley Cui driving.
Mount image into container * Convenience command to allwo mounting of an image into a container in a single step.
(Note for Brent: Look into docker log drivers.)
Valentin took over in the middle of Brent’s talk. “debian” vs fully qualified “docker.io/library/debian:latest”
Ambiguity when completing short names, uses /etc/containers/registries.conf to determine where to pull from.
Risk of hitting a malicious repository
Solution: short name aliasing and prompting
https://github.com/containers/shortnames for more info.
Valentin ran a demo on short names.
This is to ship with Podman v2.2 along with a blog post describing it.
(A number of questions in bluejeans chat on shortnames, see below.)
None suggested, happy to take some! (email@example.com)
tsweeney10:56 AM HackMD for notes and questions, please sign in there at the top! https://hackmd.io/fc1zraYdS0-klJ2KJcfC7w Scott McCarty11:05 AM Hello everyone! Christian Felder11:27 AM I don't want to interrupt the current session, but I've a question regarding boot2podman: If you publish a port is it published just on box or on the host as well? DAN (ME)11:29 AM We connect via ssh tunnel, so no open ports on the VM by default. Other then ssh port. Podman v2 listens on local unix domain socket, and podman-remote uses ssh under the covers to connect to this unix domain socket. Christian Felder11:29 AM ok... that's a bit different from the docker experience... if you use docker run -p it is published on the host although there is this vm behind the scenes afbjorklund11:30 AM docker-machine opens 22 and 2376, but podman-machine does everything over 22 - although tunneled to a random local port DAN (ME)11:30 AM You can setup Podman to listen on random ports, but we discourage this because of the security risks. afbjorklund11:30 AM there is no publishing on the laptop, that is docker desktop rather than docker toolbox (when using docker-machine that was) mheon11:31 AM @Christian - ports are only published on the VM now. I think Dan is confusing port mapping and the API port DAN (ME)11:31 AM afbjorklund nice job on the presentation. afbjorklund11:31 AM thanks! it'll be on the blog site eventually DAN (ME)11:31 AM mheon I am talking about which port the podman socket listens on Christian Felder11:32 AM ok from my experience I could telnet to a port on localhost (on the host machine) when using the docker-cli, e.g. docker run -p ... mheon11:32 AM @Dan I'm fairly certain the question is about `-p` for podman run @Christian - yes, that's not implemented yet Christian Felder11:32 AM alright thanks mheon11:33 AM I'd love to get it working, but there are only so many engineers on the project right now afbjorklund11:33 AM when you use this docker-machine/podman-machine setup, anything that you publish is available on the VM IP (rather than 127.0.0.1) Christian Felder11:33 AM thanks afbjorklund that was what i expected. I did a similar setup with podman-remote and a custom vm afbjorklund11:34 AM some details are on https://github.com/boot2podman/machine Alex Litvak11:35 AM missed previous speaker, will the video be posted ? DAN (ME)11:35 AM yes Me11:35 AM Alex, yes it will. At least a link on podman.io Alex Litvak11:35 AM thanks Christian Felder11:37 AM docker.io/mariadb:latest -> docker.io/library/mariadb:latest (is the first a shortname as well?) mheon11:38 AM @Christian - It has a repository in it explicitly, so I would say no James Cassell11:39 AM does it support cascading configs? can a user override only part of the system config? mheon11:39 AM I'll leave that one to Valentin DAN (ME)11:40 AM James we will leave it to distros to choose which shortnames they want to ship by default. Valentin Rothberg11:40 AM @Christian: Matt is right. docker.io/foo is a special case as Docker normalizes with library/ @James: the registries.conf supports drop-in config files that allow to override previous entries DAN (ME)11:41 AM github.com/contaiers/shortnames, is just for disto based images at this point. If fedora wants to defaul mariadb to a fedora version, then this is up to fedora. Valentin Rothberg11:41 AM `man containers-registries.conf.d` is the place to look Christian Felder11:42 AM I just stumbled accross this when using podman_image modules for ansible which checks for the image name because the code checks for the image name which changes when pulling from the shorter url which resolves to docker.io/library/... thanks for your answers James Cassell11:43 AM thanks! drop-ins are great James Cassell11:45 AM if docker-compose compat REST API works, does it make podman-compose irrelevant, since folks can just use the docker-compose binary to talk to podman? James Cassell11:45 AM https://hackmd.io/fc1zraYdS0-klJ2KJcfC7w (reposting link from start) Christian11:46 AM do you have an example of what won't be possible with docker-compose / docker-py ? mheon11:46 AM For docker-py - anything in the Swarm APIs Renaming containers Those are the big two Networking will have some limits for now but I think we can work through those Alex Litvak11:47 AM are docker log drivers a part ofthe picture? Christian11:48 AM thanks! afbjorklund11:57 AM podman-py, not to be confused with pypodman :-) mheon11:57 AM Lesson here: Don't let engineers name things Sagi Shnaidman11:59 AM You can demonstrate podman modules for Ansible, for example :) afbjorklund12:00 PM it should be noted that minikube has support for podman, so you can use podman in order to run "real" kubernetes too (both podman v1 and v2 as of lately) `minikube start --driver=podman` Greg Shomo (Northeastern University)12:03 PM thank you all for your time Erik Bernoth12:11 PM thanks for the greet meeting, have to leave. Bye afbjorklund12:13 PM Posted slides and demos on the boot2podman site Me12:13 PM Thanks AB!