Blog: 2024-02-09: Difference between revisions

From razwiki
Jump to navigation Jump to search
(Created page with "Ok rather than any of the nice projects I talked about on 2/7, I now have... the idea of making a ronin alternative, that uses podman instead of qemu. Coincidentally, I can see this converging, as I dig into the implementation of podman and see qemu. <pre> $ podman system connection list Name URI Identity Default podman-machine-default ssh://[email protected]....")
 
No edit summary
Line 27: Line 27:
/Users/razzi/.local/share/containers/podman/machine/qemu/podman.sock
/Users/razzi/.local/share/containers/podman/machine/qemu/podman.sock
/Users/razzi/.config/containers/podman/machine/qemu/podman-machine-default.json
/Users/razzi/.config/containers/podman/machine/qemu/podman-machine-default.json
</pre>Oh right, I'm thinking of calling this podman-based tool po. Like https://en.wikipedia.org/wiki/B%C5%8D
</pre>

Getting this helpful message upon startup<pre>
$ podman machine start
Starting machine "podman-machine-default"
Waiting for VM ...
Mounting volume... /Users:/Users
Mounting volume... /private:/private
Mounting volume... /var/folders:/var/folders

This machine is currently configured in rootless mode. If your containers
require root permissions (e.g. ports < 1024), or if you run into compatibility
issues with non-podman clients, you can switch using the following command:

podman machine set --rootful

API forwarding listening on: /Users/razzi/.local/share/containers/podman/machine/qemu/podman.sock

The system helper service is not installed; the default Docker API socket
address can't be used by podman. If you would like to install it, run the following commands:

sudo /usr/local/Cellar/podman/4.8.2/bin/podman-mac-helper install
podman machine stop; podman machine start

You can still connect Docker API clients by setting DOCKER_HOST using the
following command in your terminal session:

export DOCKER_HOST='unix:///Users/razzi/.local/share/containers/podman/machine/qemu/podman.sock'

Machine "podman-machine-default" started successfully

</pre>Sure enough<pre>
$ docker ps
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
$ env DOCKER_HOST='unix:///Users/razzi/.local/share/containers/podman/machine/qemu/podman.sock' docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
</pre>Ok I added a po user but when I switched to it I got no sudo! Looks like it's not installed by default. Here are the packages before any updates/installs<pre>
root@123bc29e561f:/# apt list
Listing... Done
adduser/now 3.134 all [installed,local]
apt/now 2.6.1 amd64 [installed,local]
base-files/now 12.4+deb12u4 amd64 [installed,local]
base-passwd/now 3.6.1 amd64 [installed,local]
bash/now 5.2.15-2+b2 amd64 [installed,local]
bsdutils/now 1:2.38.1-5+b1 amd64 [installed,local]
coreutils/now 9.1-1 amd64 [installed,local]
dash/now 0.5.12-2 amd64 [installed,local]
debconf/now 1.5.82 all [installed,local]
debian-archive-keyring/now 2023.3+deb12u1 all [installed,local]
debianutils/now 5.7-0.5~deb12u1 amd64 [installed,local]
diffutils/now 1:3.8-4 amd64 [installed,local]
dpkg/now 1.21.22 amd64 [installed,local]
e2fsprogs/now 1.47.0-2 amd64 [installed,local]
findutils/now 4.9.0-4 amd64 [installed,local]
gcc-12-base/now 12.2.0-14 amd64 [installed,local]
gpgv/now 2.2.40-1.1 amd64 [installed,local]
grep/now 3.8-5 amd64 [installed,local]
gzip/now 1.12-1 amd64 [installed,local]
hostname/now 3.23+nmu1 amd64 [installed,local]
init-system-helpers/now 1.65.2 all [installed,local]
libacl1/now 2.3.1-3 amd64 [installed,local]
libapt-pkg6.0/now 2.6.1 amd64 [installed,local]
libattr1/now 1:2.5.1-4 amd64 [installed,local]
libaudit-common/now 1:3.0.9-1 all [installed,local]
libaudit1/now 1:3.0.9-1 amd64 [installed,local]
libblkid1/now 2.38.1-5+b1 amd64 [installed,local]
libbz2-1.0/now 1.0.8-5+b1 amd64 [installed,local]
libc-bin/now 2.36-9+deb12u4 amd64 [installed,local]
libc6/now 2.36-9+deb12u4 amd64 [installed,local]
libcap-ng0/now 0.8.3-1+b3 amd64 [installed,local]
libcap2/now 1:2.66-4 amd64 [installed,local]
libcom-err2/now 1.47.0-2 amd64 [installed,local]
libcrypt1/now 1:4.4.33-2 amd64 [installed,local]
libdb5.3/now 5.3.28+dfsg2-1 amd64 [installed,local]
libdebconfclient0/now 0.270 amd64 [installed,local]
libext2fs2/now 1.47.0-2 amd64 [installed,local]
libffi8/now 3.4.4-1 amd64 [installed,local]
libgcc-s1/now 12.2.0-14 amd64 [installed,local]
libgcrypt20/now 1.10.1-3 amd64 [installed,local]
libgmp10/now 2:6.2.1+dfsg1-1.1 amd64 [installed,local]
libgnutls30/now 3.7.9-2+deb12u1 amd64 [installed,local]
libgpg-error0/now 1.46-1 amd64 [installed,local]
libhogweed6/now 3.8.1-2 amd64 [installed,local]
libidn2-0/now 2.3.3-1+b1 amd64 [installed,local]
liblz4-1/now 1.9.4-1 amd64 [installed,local]
liblzma5/now 5.4.1-0.2 amd64 [installed,local]
libmd0/now 1.0.4-2 amd64 [installed,local]
libmount1/now 2.38.1-5+b1 amd64 [installed,local]
libnettle8/now 3.8.1-2 amd64 [installed,local]
libp11-kit0/now 0.24.1-2 amd64 [installed,local]
libpam-modules-bin/now 1.5.2-6+deb12u1 amd64 [installed,local]
libpam-modules/now 1.5.2-6+deb12u1 amd64 [installed,local]
libpam-runtime/now 1.5.2-6+deb12u1 all [installed,local]
libpam0g/now 1.5.2-6+deb12u1 amd64 [installed,local]
libpcre2-8-0/now 10.42-1 amd64 [installed,local]
libseccomp2/now 2.5.4-1+b3 amd64 [installed,local]
libselinux1/now 3.4-1+b6 amd64 [installed,local]
libsemanage-common/now 3.4-1 all [installed,local]
libsemanage2/now 3.4-1+b5 amd64 [installed,local]
libsepol2/now 3.4-2.1 amd64 [installed,local]
libsmartcols1/now 2.38.1-5+b1 amd64 [installed,local]
libss2/now 1.47.0-2 amd64 [installed,local]
libstdc++6/now 12.2.0-14 amd64 [installed,local]
libsystemd0/now 252.19-1~deb12u1 amd64 [installed,local]
libtasn1-6/now 4.19.0-2 amd64 [installed,local]
libtinfo6/now 6.4-4 amd64 [installed,local]
libudev1/now 252.19-1~deb12u1 amd64 [installed,local]
libunistring2/now 1.0-2 amd64 [installed,local]
libuuid1/now 2.38.1-5+b1 amd64 [installed,local]
libxxhash0/now 0.8.1-1 amd64 [installed,local]
libzstd1/now 1.5.4+dfsg2-5 amd64 [installed,local]
login/now 1:4.13+dfsg1-1+b1 amd64 [installed,local]
logsave/now 1.47.0-2 amd64 [installed,local]
mawk/now 1.3.4.20200120-3.1 amd64 [installed,local]
mount/now 2.38.1-5+b1 amd64 [installed,local]
ncurses-base/now 6.4-4 all [installed,local]
ncurses-bin/now 6.4-4 amd64 [installed,local]
passwd/now 1:4.13+dfsg1-1+b1 amd64 [installed,local]
perl-base/now 5.36.0-7+deb12u1 amd64 [installed,local]
sed/now 4.9-1 amd64 [installed,local]
sysvinit-utils/now 3.06-4 amd64 [installed,local]
tar/now 1.34+dfsg-1.2 amd64 [installed,local]
tzdata/now 2023c-5+deb12u1 all [installed,local]
usr-is-merged/now 35 all [installed,local]
util-linux-extra/now 2.38.1-5+b1 amd64 [installed,local]
util-linux/now 2.38.1-5+b1 amd64 [installed,local]
zlib1g/now 1:1.2.13.dfsg-1 amd64 [installed,local]
</pre>Merrily proceeding along, I installed doas and enabled `permit po as root` into /etc/doas.conf

I modified this to be `permit nopass po as root`; no nano or vim, just used echo again.

Then I thought "I'll set up fish" but I got a huge dependency tree:<pre>
po@123bc29e561f:/$ doas apt install fish
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
bsdextrautils bzip2 ca-certificates file fish-common groff-base krb5-locales libbsd0 libexpat1
libgdbm-compat4 libgdbm6 libgpm2 libgssapi-krb5-2 libk5crypto3 libkeyutils1 libkrb5-3
libkrb5support0 libmagic-mgc libmagic1 libncursesw6 libnsl2 libpcre2-32-0 libperl5.36
libpipeline1 libproc2-0 libpython3-stdlib libpython3.11-minimal libpython3.11-stdlib libreadline8
libsqlite3-0 libssl3 libtirpc-common libtirpc3 libuchardet0 libx11-6 libx11-data libxau6 libxcb1
libxdmcp6 lynx lynx-common mailcap man-db media-types netbase openssl perl perl-modules-5.36
procps psmisc python3 python3-minimal python3.11 python3.11-minimal readline-common xsel xz-utils
Suggested packages:
bzip2-doc doc-base groff gdbm-l10n gpm krb5-doc krb5-user sensible-utils apparmor less perl-doc
libterm-readline-gnu-perl | libterm-readline-perl-perl make libtap-harness-archive-perl
python3-doc python3-tk python3-venv python3.11-venv python3.11-doc binutils binfmt-support
readline-doc
The following NEW packages will be installed:
bsdextrautils bzip2 ca-certificates file fish fish-common groff-base krb5-locales libbsd0
libexpat1 libgdbm-compat4 libgdbm6 libgpm2 libgssapi-krb5-2 libk5crypto3 libkeyutils1 libkrb5-3
libkrb5support0 libmagic-mgc libmagic1 libncursesw6 libnsl2 libpcre2-32-0 libperl5.36
libpipeline1 libproc2-0 libpython3-stdlib libpython3.11-minimal libpython3.11-stdlib libreadline8
libsqlite3-0 libssl3 libtirpc-common libtirpc3 libuchardet0 libx11-6 libx11-data libxau6 libxcb1
libxdmcp6 lynx lynx-common mailcap man-db media-types netbase openssl perl perl-modules-5.36
procps psmisc python3 python3-minimal python3.11 python3.11-minimal readline-common xsel xz-utils
0 upgraded, 58 newly installed, 0 to remove and 0 not upgraded.
Need to get 29.0 MB of archives.
After this operation, 135 MB of additional disk space will be used.
Do you want to continue? [Y/n]
</pre>Lunchtime!

Revision as of 13:16, 9 February 2024

Ok rather than any of the nice projects I talked about on 2/7, I now have... the idea of making a ronin alternative, that uses podman instead of qemu. Coincidentally, I can see this converging, as I dig into the implementation of podman and see qemu. 

$ podman system connection list
Name                         URI                                                         Identity                                  Default
podman-machine-default       ssh://[email protected]:50117/run/user/501/podman/podman.sock  /Users/razzi/.ssh/podman-machine-default  true
podman-machine-default-root  ssh://[email protected]:50117/run/podman/podman.sock           /Users/razzi/.ssh/podman-machine-default  false
$ podman machine list
NAME                     VM TYPE     CREATED       LAST UP       CPUS        MEMORY      DISK SIZE
podman-machine-default*  qemu        5 months ago  3 months ago  1           2GiB        100GiB
$ podman machine start
Starting machine "podman-machine-default"
Waiting for VM ...
Error: qemu exited unexpectedly with exit code 1, stderr: qemu-system-x86_64: -drive if=virtio,file=/Users/razzi/.local/share/containers/podman/machine/qemu/podman-machine-default_fedora-coreos-38.20230819.2.0-qemu.x86_64.qcow2: Could not open '/Users/razzi/.local/share/containers/podman/machine/qemu/podman-machine-default_fedora-coreos-38.20230819.2.0-qemu.x86_64.qcow2': No such file or directory

$ podman machine list
NAME                     VM TYPE     CREATED       LAST UP       CPUS        MEMORY      DISK SIZE
podman-machine-default*  qemu        5 months ago  3 months ago  1           2GiB        100GiB
$ podman machine rm podman-machine-default 

The following files will be deleted:

/Users/razzi/.ssh/podman-machine-default
/Users/razzi/.ssh/podman-machine-default.pub
/Users/razzi/.config/containers/podman/machine/qemu/podman-machine-default.ign
/Users/razzi/.local/share/containers/podman/machine/qemu/podman-machine-default_fedora-coreos-38.20230819.2.0-qemu.x86_64.qcow2
/Users/razzi/.local/share/containers/podman/machine/qemu/podman.sock
/Users/razzi/.config/containers/podman/machine/qemu/podman-machine-default.json

Oh right, I'm thinking of calling this podman-based tool po. Like https://en.wikipedia.org/wiki/B%C5%8D Getting this helpful message upon startup

$ podman machine start
Starting machine "podman-machine-default"
Waiting for VM ...
Mounting volume... /Users:/Users
Mounting volume... /private:/private
Mounting volume... /var/folders:/var/folders

This machine is currently configured in rootless mode. If your containers
require root permissions (e.g. ports < 1024), or if you run into compatibility
issues with non-podman clients, you can switch using the following command:

        podman machine set --rootful

API forwarding listening on: /Users/razzi/.local/share/containers/podman/machine/qemu/podman.sock

The system helper service is not installed; the default Docker API socket
address can't be used by podman. If you would like to install it, run the following commands:

        sudo /usr/local/Cellar/podman/4.8.2/bin/podman-mac-helper install
        podman machine stop; podman machine start

                You can still connect Docker API clients by setting DOCKER_HOST using the
following command in your terminal session:

        export DOCKER_HOST='unix:///Users/razzi/.local/share/containers/podman/machine/qemu/podman.sock'

Machine "podman-machine-default" started successfully

Sure enough

$ docker ps
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
$ env DOCKER_HOST='unix:///Users/razzi/.local/share/containers/podman/machine/qemu/podman.sock' docker ps
CONTAINER ID   IMAGE     COMMAND   CREATED   STATUS    PORTS     NAMES

Ok I added a po user but when I switched to it I got no sudo! Looks like it's not installed by default. Here are the packages before any updates/installs

root@123bc29e561f:/# apt list
Listing... Done
adduser/now 3.134 all [installed,local]
apt/now 2.6.1 amd64 [installed,local]
base-files/now 12.4+deb12u4 amd64 [installed,local]
base-passwd/now 3.6.1 amd64 [installed,local]
bash/now 5.2.15-2+b2 amd64 [installed,local]
bsdutils/now 1:2.38.1-5+b1 amd64 [installed,local]
coreutils/now 9.1-1 amd64 [installed,local]
dash/now 0.5.12-2 amd64 [installed,local]
debconf/now 1.5.82 all [installed,local]
debian-archive-keyring/now 2023.3+deb12u1 all [installed,local]
debianutils/now 5.7-0.5~deb12u1 amd64 [installed,local]
diffutils/now 1:3.8-4 amd64 [installed,local]
dpkg/now 1.21.22 amd64 [installed,local]
e2fsprogs/now 1.47.0-2 amd64 [installed,local]
findutils/now 4.9.0-4 amd64 [installed,local]
gcc-12-base/now 12.2.0-14 amd64 [installed,local]
gpgv/now 2.2.40-1.1 amd64 [installed,local]
grep/now 3.8-5 amd64 [installed,local]
gzip/now 1.12-1 amd64 [installed,local]
hostname/now 3.23+nmu1 amd64 [installed,local]
init-system-helpers/now 1.65.2 all [installed,local]
libacl1/now 2.3.1-3 amd64 [installed,local]
libapt-pkg6.0/now 2.6.1 amd64 [installed,local]
libattr1/now 1:2.5.1-4 amd64 [installed,local]
libaudit-common/now 1:3.0.9-1 all [installed,local]
libaudit1/now 1:3.0.9-1 amd64 [installed,local]
libblkid1/now 2.38.1-5+b1 amd64 [installed,local]
libbz2-1.0/now 1.0.8-5+b1 amd64 [installed,local]
libc-bin/now 2.36-9+deb12u4 amd64 [installed,local]
libc6/now 2.36-9+deb12u4 amd64 [installed,local]
libcap-ng0/now 0.8.3-1+b3 amd64 [installed,local]
libcap2/now 1:2.66-4 amd64 [installed,local]
libcom-err2/now 1.47.0-2 amd64 [installed,local]
libcrypt1/now 1:4.4.33-2 amd64 [installed,local]
libdb5.3/now 5.3.28+dfsg2-1 amd64 [installed,local]
libdebconfclient0/now 0.270 amd64 [installed,local]
libext2fs2/now 1.47.0-2 amd64 [installed,local]
libffi8/now 3.4.4-1 amd64 [installed,local]
libgcc-s1/now 12.2.0-14 amd64 [installed,local]
libgcrypt20/now 1.10.1-3 amd64 [installed,local]
libgmp10/now 2:6.2.1+dfsg1-1.1 amd64 [installed,local]
libgnutls30/now 3.7.9-2+deb12u1 amd64 [installed,local]
libgpg-error0/now 1.46-1 amd64 [installed,local]
libhogweed6/now 3.8.1-2 amd64 [installed,local]
libidn2-0/now 2.3.3-1+b1 amd64 [installed,local]
liblz4-1/now 1.9.4-1 amd64 [installed,local]
liblzma5/now 5.4.1-0.2 amd64 [installed,local]
libmd0/now 1.0.4-2 amd64 [installed,local]
libmount1/now 2.38.1-5+b1 amd64 [installed,local]
libnettle8/now 3.8.1-2 amd64 [installed,local]
libp11-kit0/now 0.24.1-2 amd64 [installed,local]
libpam-modules-bin/now 1.5.2-6+deb12u1 amd64 [installed,local]
libpam-modules/now 1.5.2-6+deb12u1 amd64 [installed,local]
libpam-runtime/now 1.5.2-6+deb12u1 all [installed,local]
libpam0g/now 1.5.2-6+deb12u1 amd64 [installed,local]
libpcre2-8-0/now 10.42-1 amd64 [installed,local]
libseccomp2/now 2.5.4-1+b3 amd64 [installed,local]
libselinux1/now 3.4-1+b6 amd64 [installed,local]
libsemanage-common/now 3.4-1 all [installed,local]
libsemanage2/now 3.4-1+b5 amd64 [installed,local]
libsepol2/now 3.4-2.1 amd64 [installed,local]
libsmartcols1/now 2.38.1-5+b1 amd64 [installed,local]
libss2/now 1.47.0-2 amd64 [installed,local]
libstdc++6/now 12.2.0-14 amd64 [installed,local]
libsystemd0/now 252.19-1~deb12u1 amd64 [installed,local]
libtasn1-6/now 4.19.0-2 amd64 [installed,local]
libtinfo6/now 6.4-4 amd64 [installed,local]
libudev1/now 252.19-1~deb12u1 amd64 [installed,local]
libunistring2/now 1.0-2 amd64 [installed,local]
libuuid1/now 2.38.1-5+b1 amd64 [installed,local]
libxxhash0/now 0.8.1-1 amd64 [installed,local]
libzstd1/now 1.5.4+dfsg2-5 amd64 [installed,local]
login/now 1:4.13+dfsg1-1+b1 amd64 [installed,local]
logsave/now 1.47.0-2 amd64 [installed,local]
mawk/now 1.3.4.20200120-3.1 amd64 [installed,local]
mount/now 2.38.1-5+b1 amd64 [installed,local]
ncurses-base/now 6.4-4 all [installed,local]
ncurses-bin/now 6.4-4 amd64 [installed,local]
passwd/now 1:4.13+dfsg1-1+b1 amd64 [installed,local]
perl-base/now 5.36.0-7+deb12u1 amd64 [installed,local]
sed/now 4.9-1 amd64 [installed,local]
sysvinit-utils/now 3.06-4 amd64 [installed,local]
tar/now 1.34+dfsg-1.2 amd64 [installed,local]
tzdata/now 2023c-5+deb12u1 all [installed,local]
usr-is-merged/now 35 all [installed,local]
util-linux-extra/now 2.38.1-5+b1 amd64 [installed,local]
util-linux/now 2.38.1-5+b1 amd64 [installed,local]
zlib1g/now 1:1.2.13.dfsg-1 amd64 [installed,local]

Merrily proceeding along, I installed doas and enabled `permit po as root` into /etc/doas.conf

I modified this to be `permit nopass po as root`; no nano or vim, just used echo again.

Then I thought "I'll set up fish" but I got a huge dependency tree:

po@123bc29e561f:/$ doas apt install fish
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  bsdextrautils bzip2 ca-certificates file fish-common groff-base krb5-locales libbsd0 libexpat1
  libgdbm-compat4 libgdbm6 libgpm2 libgssapi-krb5-2 libk5crypto3 libkeyutils1 libkrb5-3
  libkrb5support0 libmagic-mgc libmagic1 libncursesw6 libnsl2 libpcre2-32-0 libperl5.36
  libpipeline1 libproc2-0 libpython3-stdlib libpython3.11-minimal libpython3.11-stdlib libreadline8
  libsqlite3-0 libssl3 libtirpc-common libtirpc3 libuchardet0 libx11-6 libx11-data libxau6 libxcb1
  libxdmcp6 lynx lynx-common mailcap man-db media-types netbase openssl perl perl-modules-5.36
  procps psmisc python3 python3-minimal python3.11 python3.11-minimal readline-common xsel xz-utils
Suggested packages:
  bzip2-doc doc-base groff gdbm-l10n gpm krb5-doc krb5-user sensible-utils apparmor less perl-doc
  libterm-readline-gnu-perl | libterm-readline-perl-perl make libtap-harness-archive-perl
  python3-doc python3-tk python3-venv python3.11-venv python3.11-doc binutils binfmt-support
  readline-doc
The following NEW packages will be installed:
  bsdextrautils bzip2 ca-certificates file fish fish-common groff-base krb5-locales libbsd0
  libexpat1 libgdbm-compat4 libgdbm6 libgpm2 libgssapi-krb5-2 libk5crypto3 libkeyutils1 libkrb5-3
  libkrb5support0 libmagic-mgc libmagic1 libncursesw6 libnsl2 libpcre2-32-0 libperl5.36
  libpipeline1 libproc2-0 libpython3-stdlib libpython3.11-minimal libpython3.11-stdlib libreadline8
  libsqlite3-0 libssl3 libtirpc-common libtirpc3 libuchardet0 libx11-6 libx11-data libxau6 libxcb1
  libxdmcp6 lynx lynx-common mailcap man-db media-types netbase openssl perl perl-modules-5.36
  procps psmisc python3 python3-minimal python3.11 python3.11-minimal readline-common xsel xz-utils
0 upgraded, 58 newly installed, 0 to remove and 0 not upgraded.
Need to get 29.0 MB of archives.
After this operation, 135 MB of additional disk space will be used.
Do you want to continue? [Y/n]

Lunchtime!

Retrieved from "https://wiki.abuissa.net/index.php?title=Blog:_2024-02-09&oldid=1011"