Red Hatã§ã‚½ãƒªãƒ¥ãƒ¼ã‚·ãƒ§ãƒ³ã‚¢ãƒ¼ã‚テクトをã—ã¦ã„ã‚‹ç”°ä¸å¸æ©(@tnk4on)ã§ã™ã€‚
Red Hat Enterprise Linux(以下ã€RHEL) 8å‘ã‘Podmanã®æ–°ã—ã„パッケージ(v3.2.3)ãŒå…¬é–‹ã•ã‚Œã€ãƒ«ãƒ¼ãƒˆãƒ¬ã‚¹ãƒ¢ãƒ¼ãƒ‰ã§docker-composeãŒä½¿ç”¨ã§ãるよã†ã«ãªã‚Šã¾ã—ãŸã€‚以å‰ã®è¨˜äº‹ã§ã¯rootモードã§docker-composeã‚’å‹•ã‹ã™æ–¹æ³•ã‚’紹介ã—ã¾ã—ãŸã€‚
今回ã¯Podman v3.2以é™ã§å¯¾å¿œã—ãŸãƒ«ãƒ¼ãƒˆãƒ¬ã‚¹ãƒ¢ãƒ¼ãƒ‰ã§docker-composeを実行ã™ã‚‹æ–¹æ³•ã«ã¤ã„ã¦ç´¹ä»‹ã—ã¾ã™ã€‚
- Podman v3.2.3ã®ã‚¢ãƒƒãƒ—デート
- ルートレスã§podman.socketサービスを起動ã™ã‚‹
- docker-composeコマンドをコンテナã§å®Ÿè¡Œã™ã‚‹
- ルートレスã§docker-composeを実行ã—ã¦ã¿ã‚‹
- ルートレスモードã¨podman network
- ルートレスモードã«ãŠã‘る所有権ã®å•é¡Œ
- ã¾ã¨ã‚
Podman v3.2.3ã®ã‚¢ãƒƒãƒ—デート
2021å¹´8月10æ—¥ã«RHEL 8 å‘ã‘ã®container-toolsã®ã‚¢ãƒƒãƒ—デートãŒå…¬é–‹ã•ã‚Œã¦ã„ã¾ã™ã€‚
Podman v3.2.3ã®ãƒ‘ãƒƒã‚±ãƒ¼ã‚¸æƒ…å ±ã¯ã“ã¡ã‚‰ã€‚
アップデート後ã®Podmanã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã¯ä¸‹è¨˜ã®ã‚ˆã†ã«ãªã£ã¦ã„ã¾ã™ã€‚
$ podman version Version: 3.2.3 API Version: 3.2.3 Go Version: go1.15.7 Built: Tue Jul 27 16:29:39 2021 OS/Arch: linux/amd64
Podman v3.2.3ã¸ã‚¢ãƒƒãƒ—デートã™ã‚‹ã«ã¯dnfコマンドã§container-toolsã¾ãŸã¯podmanå˜ä½“ã®ã‚¢ãƒƒãƒ—デートを実施ã—ã¦ä¸‹ã•ã„。
$ sudo dnf update podman
ã¾ãŸã¯
$ sudo dnf module update container-tools
ルートレスã§podman.socketサービスを起動ã™ã‚‹
ルートレスã§docker-composeを実行ã™ã‚‹å ´åˆã‚‚rootモードã¨åŒã˜ãPodman APIソケット(podman.socketサービス)ã®èµ·å‹•ãŒå¿…è¦ã§ã™ã€‚èµ·å‹•ã™ã‚‹ã«ã¯ä¸€èˆ¬ãƒ¦ãƒ¼ã‚¶ãƒ¼ã§ä¸‹è¨˜ã‚³ãƒžãƒ³ãƒ‰ã‚’実行ã—ã¾ã™ã€‚
パッケージã®ã‚¢ãƒƒãƒ—デート後ã€å¿µã®ç‚ºsystemd マãƒãƒ¼ã‚¸ãƒ£ãƒ¼è¨å®šã‚’å†èªã¿è¾¼ã¿
$ systemctl --user daemon-reload
podman.socketサービスを有効ã«ã—ã€ã™ãã«ã‚µãƒ¼ãƒ“スを起動
$ systemctl --user enable --now podman.socket Created symlink /home/user/.config/systemd/user/sockets.target.wants/podman.socket → /usr/lib/systemd/user/podman.socket.
サービスãŒèµ·å‹•ã—ã¦ã„ã‚‹ã‹ç¢ºèª
$ systemctl --user status podman.socket
â— podman.socket - Podman API Socket
Loaded: loaded (/usr/lib/systemd/user/podman.socket; enabled; vendor preset: enabled)
Active: active (listening) since Mon 2021-08-16 01:16:36 JST; 26s ago
Docs: man:podman-system-service(1)
Listen: /run/user/1000/podman/podman.sock (Stream)
CGroup: /user.slice/user-1000.slice/[email protected]/podman.socket
8月 16 01:16:36 localhost.localdomain systemd[12425]: Listening on Podman API Socket.
Podman APIã®å‹•ä½œç¢ºèª
$ curl -s --unix-socket /run/user/1000/podman/podman.sock http://d/v3.0.0/libpod/info | jq .version
出力çµæžœã‚’é–‹ã
{
"APIVersion": "3.2.3",
"Version": "3.2.3",
"GoVersion": "go1.15.7",
"GitCommit": "",
"BuiltTime": "Tue Jul 27 16:29:39 2021",
"Built": 1627370979,
"OsArch": "linux/amd64"
}
- ルートレスモードã®Podman APIソケットã®ãƒ‘スã¯
systemctl --user status podman.socketã®å‡ºåŠ›å†…容をå‚ç…§ - Podman APIソケットã®è©³ç´°ã«ã¤ã„ã¦ã¯ä»¥å‰ã®è¨˜äº‹ã‚’å‚考ã«ã—ã¦ãã ã•ã„
次ã¯docker-composeコマンドã®æº–備を行ã„ã¾ã™ã€‚
(å‚考)RHEL 8製å“ドã‚ュメントã®è©²å½“é …ç›®ã«ã¤ã„ã¦
RHEL 8ã®è£½å“ドã‚ュメントã«ã‚‚è©²å½“é …ç›®ãŒã‚ã‚Šã¾ã™ãŒå†…容ãŒå¤ã„ã®ã§ã‚ã¾ã‚Šå‚考ã«ãªã‚Šã¾ã›ã‚“。ç¾æ™‚点ã§ã¯å‚考程度ã«ã”å‚照下ã•ã„。
-
- RHEL 8.4 + Podman v3ã§ã¯
podman.socketã‚„podman.serviceã®æ‰‹å‹•ä½œæˆã¯ä¸è¦ - æ¤œè¨¼æ‰‹é †ã®
podman-remoteã®å°Žå…¥ä¸è¦
- RHEL 8.4 + Podman v3ã§ã¯
docker-composeコマンドをコンテナã§å®Ÿè¡Œã™ã‚‹
以å‰ã®è¨˜äº‹ã§ã¯docker-composeã®ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã«pipを使用ã—ã¾ã—ãŸãŒã€Python/pipã®ç’°å¢ƒã«ä½™è¨ˆãªã‚‚ã®ã‚’入れãŸããªã„å ´åˆã‚‚ã‚ã‚‹ã¨æ€ã„ã¾ã™ã€‚ã¾ãŸã€Dockerå…¬å¼ãƒ‰ã‚ュメントã§ã¯GitHubリãƒã‚¸ãƒˆãƒªã‹ã‚‰docker-composeãƒã‚¤ãƒŠãƒªã‚’入手ã—ã¦ä½¿ç”¨ã™ã‚‹æ–¹æ³•ãŒç´¹ä»‹ã•ã‚Œã¦ã„ã¾ã™ã€‚*1
ã“れらã®æ–¹æ³•ã«ä»£ã‚ã‚Šã€docker-compose自体をコンテナã§å®Ÿè¡Œã™ã‚‹ã“ã¨ã§ä¸è¦ãªã‚‚ã®ã‚’è¿½åŠ ã›ãšã«docker-composeコマンドを実行ã™ã‚‹ã“ã¨ãŒå¯èƒ½ã¨ãªã‚Šã¾ã™ã€‚コンテナイメージã¯Dockerå…¬å¼ãŒå…¬é–‹ã—ã¦ã„ã‚‹ã‚‚ã®ãŒã‚ã‚‹ã®ã§ãã¡ã‚‰ã‚’利用ã—ã¾ã™ã€‚
コンテナã§docker-composeを実行ã™ã‚‹æ™‚ã®æ§‹æˆã¯ä¸‹è¨˜ã®ã‚ˆã†ã«ãªã‚Šã¾ã™ã€‚
下記ã®å†…容を~/.bashrcã«è¿½è¨˜ã™ã‚‹ã“ã¨ã§ã€ã‚³ãƒ³ãƒ†ãƒŠå®Ÿè¡Œã®ã‚³ãƒžãƒ³ãƒ‰ã‚’docker-composeã®ã‚¨ã‚¤ãƒªã‚¢ã‚¹ã¨ã—ã¦ä½¿ç”¨ã§ãã¾ã™ã€‚
alias docker-compose='podman run --rm \
-v /run/user/1000/podman/podman.sock:/var/run/docker.sock:z \
-v "$PWD:/$PWD:z" \
-w "/$PWD" \
docker/compose:1.29.2'
- オプションã®è£œè¶³
-v /run/user/1000/podman/podman.sock:/var/run/docker.sock:z:ルートレスモードã®APIソケットをコンテナ内ã®docker.sockã«ãƒžã‚¦ãƒ³ãƒˆã™ã‚‹-v "$PWD:/$PWD:z":カレントディレクトリをコンテナ内ã®WORKDIRã«ãƒžã‚¦ãƒ³ãƒˆã™ã‚‹-w "/$PWD":コンテナ内ã®WORKDIRを指定docker/compose:1.29.2:実行ã™ã‚‹docker-composeã®ã‚¤ãƒ¡ãƒ¼ã‚¸ã‚¿ã‚°ã‚’指定。最新ã¯1.29.2。
編集後ã€ãƒ•ã‚¡ã‚¤ãƒ«ã®å†èªã¿è¾¼ã¿
$ source ~/.bashrc
åˆå›žå®Ÿè¡Œæ™‚ã®ã¿ã‚³ãƒ³ãƒ†ãƒŠã‚¤ãƒ¡ãƒ¼ã‚¸ã‚’å…ˆã«å–å¾—ã—ã¦ãŠã(2回目以é™ã®å®Ÿè¡Œã¯ä¸è¦ï¼‰
$ podman pull docker.io/docker/compose:1.29.2
docker-composeã®å‹•ä½œç¢ºèª
1) 作æ¥ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã‚’作æˆã—ã€SELinuxコンテã‚ストを変更ã™ã‚‹
$ mkdir test && cd test $ chcon -R -t container_file_t . $ ls -lZ ../ åˆè¨ˆ 0 drwxrwxr-x. 2 user user unconfined_u:object_r:container_file_t:s0 6 8月 16 21:02 test
- docker-composeã®ã‚¨ã‚¤ãƒªã‚¢ã‚¹å®Ÿè¡Œæ™‚ã«ã‚«ãƒ¬ãƒ³ãƒˆãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã‚’マウントã™ã‚‹ãŸã‚ã€
container_file_tã®ãƒ©ãƒ™ãƒ«ãŒè¨å®šã•ã‚Œã¦ã„ã‚‹ã“ã¨ãŒå¿…è¦ã§ã™
2) docker-compose versionを実行ã—ã€æ£å¸¸ã«ã‚³ãƒžãƒ³ãƒ‰ãŒå®Ÿè¡Œã§ãã‚‹ã“ã¨ã‚’確èª
$ docker-compose version docker-compose version 1.29.2, build 5becea4 docker-py version: 5.0.0 CPython version: 3.7.10 OpenSSL version: OpenSSL 1.1.1k 25 Mar 2021
ã“ã‚Œã§ãƒ«ãƒ¼ãƒˆãƒ¬ã‚¹ã§docker-composeを実行ã™ã‚‹ç’°å¢ƒãŒæ•´ã„ã¾ã—ãŸã€‚
ルートレスã§docker-composeを実行ã—ã¦ã¿ã‚‹
以å‰ã®è¨˜äº‹ã¨åŒã˜ãdocker-composeã§WordPressを実行ã—ã¾ã™ã€‚ docker-compose.ymlã‚‚åŒæ§˜ã«Docker Hubã«è¨˜è¼‰ã®ã‚µãƒ³ãƒ—ルを使用ã—ã¾ã™ã€‚
作æ¥ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã‚’作æˆã—ã€docker-compose.ymlファイルを作æˆ
$ mkdir wordpress && cd wordpress $ chcon -R -t container_file_t . $ vi docker-compose.yml
docker-compose.ymlã®å†…容
version: '3.1'
services:
wordpress:
image: wordpress
restart: always
ports:
- 8080:80
environment:
WORDPRESS_DB_HOST: db
WORDPRESS_DB_USER: exampleuser
WORDPRESS_DB_PASSWORD: examplepass
WORDPRESS_DB_NAME: exampledb
volumes:
- wordpress:/var/www/html
db:
image: mysql:5.7
restart: always
environment:
MYSQL_DATABASE: exampledb
MYSQL_USER: exampleuser
MYSQL_PASSWORD: examplepass
MYSQL_RANDOM_ROOT_PASSWORD: '1'
volumes:
- db:/var/lib/mysql
volumes:
wordpress:
db:
docker-compose upã®å®Ÿè¡Œï¼ˆâ€»SELinuxã®ã‚¨ãƒ©ãƒ¼ãŒå‡ºãŸå ´åˆã¯æ¬¡é …ã®å¯¾å¿œã‚’実施)
$ docker-compose up -d Creating network "wordpress_default" with the default driver Creating volume "wordpress_wordpress" with default driver Creating volume "wordpress_db" with default driver Pulling wordpress (wordpress:)... Pulling db (mysql:5.7)... Creating wordpress_wordpress_1 ... Creating wordpress_db_1 ... Creating wordpress_db_1 ... done Creating wordpress_wordpress_1 ... done
- エイリアスコマンドã«Podman APIソケット(åŠã³docker.sock)を直接指定ã—ã¦ã„ã‚‹ã®ã§äº‹å‰ã«DOCKER_HOST環境変数ã®è¨å®šã¯ä¸è¦ã§ã™
èµ·å‹•ã—ãŸã‚³ãƒ³ãƒ†ãƒŠã®ç¢ºèª
$ podman ps -a CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 6098cc19a0d7 docker.io/library/mysql:5.7 mysqld 8 seconds ago Up 7 seconds ago wordpress_db_1 6f6d0aa34eb0 docker.io/library/wordpress:latest apache2-foregroun... 8 seconds ago Up 7 seconds ago 0.0.0.0:8080->80/tcp wordpress_wordpress_1
ブラウザã§http://<ホストã®IPアドレス>:8080ã¸ã‚¢ã‚¯ã‚»ã‚¹ã—ã¦WordPressã®ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ç”»é¢ãŒè¡¨ç¤ºã•ã‚ŒãŸã‚‰OKã§ã™ã€‚
SELinuxエラーã®å¯¾å¿œ
docker-compose up時ã«ä¸‹è¨˜ã®ã‚ˆã†ãªã‚¨ãƒ©ãƒ¼ãŒå‡ºãŸå ´åˆã¯SELinuxã®ãƒãƒªã‚·ãƒ¼ã«å¼•ã£ã‹ã‹ã£ã¦ã„ã¾ã™
$ docker-compose up -d [8] Failed to execute script docker-compose Traceback (most recent call last): File "urllib3/connectionpool.py", line 677, in urlopen File "urllib3/connectionpool.py", line 392, in _make_request File "http/client.py", line 1277, in request File "http/client.py", line 1323, in _send_request File "http/client.py", line 1272, in endheaders File "http/client.py", line 1032, in _send_output File "http/client.py", line 972, in send File "docker/transport/unixconn.py", line 43, in connect PermissionError: [Errno 13] Permission denied (以下çœç•¥ï¼‰
audit2allowコマンドを使ã£ã¦ãƒ¢ã‚¸ãƒ¥ãƒ¼ãƒ«ã®ä½œæˆã¨ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã‚’è¡Œã„ã¾ã™
$ sudo ausearch -c 'docker-compose' --raw | audit2allow -M my-dockercompose $ sudo semodule -i my-dockercompose.pp
my-dockercompose.te ã®å†…容
$ cat my-dockercompose.te
module my-dockercompose 1.0;
require {
type container_t;
type container_runtime_t;
class unix_stream_socket connectto;
}
#============= container_t ==============
allow container_t container_runtime_t:unix_stream_socket connectto;
å†åº¦docker-compose upを実行ã—ã¦ã‚¨ãƒ©ãƒ¼ãŒå‡ºãªã„ã“ã¨ã‚’確èªã—ã¾ã™ã€‚
ルートレスモードã¨podman network
ルートレスモードã§docker-composeãŒä½¿ãˆã‚‹ã‚ˆã†ã«ãªã£ãŸèƒŒæ™¯ã«ã¯ã€ãƒ«ãƒ¼ãƒˆãƒ¬ã‚¹ãƒ¢ãƒ¼ãƒ‰ã§ã®ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯æ§‹æˆæ©Ÿèƒ½ã®è¿½åŠ ãŒã‚ã‚Šã¾ã™ï¼ˆä¸‹è¨˜ã®RFEã‚’å‚照)。
ルートレスモードã§docker-compose実行時ã®ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯æ§‹æˆã®å¤‰åŒ–を確èªã—ã¦ã¿ã¾ã™ã€‚
docker-composeèµ·å‹•å‰
$ podman network ls NETWORK ID NAME VERSION PLUGINS
docker-compose起動後
$ podman network ls NETWORK ID NAME VERSION PLUGINS b089aa3ab1f2 wordpress_default 0.4.0 bridge,portmap,firewall,tuning
$ podman network inspect wordpress_default
出力çµæžœã‚’é–‹ã
[
{
"args": {
"podman_labels": {
"com.docker.compose.network": "default",
"com.docker.compose.project": "wordpress",
"com.docker.compose.version": "1.29.2"
}
},
"cniVersion": "0.4.0",
"name": "wordpress_default",
"plugins": [
{
"bridge": "cni-podman1",
"hairpinMode": true,
"ipMasq": true,
"ipam": {
"ranges": [
[
{
"gateway": "10.89.0.1",
"subnet": "10.89.0.0/24"
}
]
],
"routes": [
{
"dst": "0.0.0.0/0"
}
],
"type": "host-local"
},
"isGateway": true,
"type": "bridge"
},
{
"capabilities": {
"portMappings": true
},
"type": "portmap"
},
{
"backend": "",
"type": "firewall"
},
{
"type": "tuning"
}
]
}
]
ã“ã®ã‚ˆã†ã«docker-compose upã¨åŒæ™‚ã«æ–°ã—ããƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯æ§‹æˆãŒä½œæˆã•ã‚ŒãŸã“ã¨ãŒç¢ºèªã§ãã¾ã™ã€‚ãªãŠã€docker-compose downを実行ã™ã‚‹ã¨ã“ã®ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯æ§‹æˆã¯å‰Šé™¤ã•ã‚Œã¾ã™ã€‚
ルートレスモードã«ãŠã‘る所有権ã®å•é¡Œ
ルートレスモードã§ã‚³ãƒ³ãƒ†ãƒŠå®Ÿè¡Œæ™‚ã®èª²é¡Œã¨ã—ã¦ã€ã‚³ãƒ³ãƒ†ãƒŠå†…ã«ãƒ›ã‚¹ãƒˆã®ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã‚’マウントã—ã¦ä½¿ç”¨ã™ã‚‹å ´åˆã®æ‰€æœ‰æ¨©ã®å•é¡ŒãŒã‚ã‚Šã¾ã™ã€‚ ãªãŠã€Podmanã®ãƒ«ãƒ¼ãƒˆãƒ¬ã‚¹ãƒ¢ãƒ¼ãƒ‰ã«ãŠã‘ã‚‹UIDã®å–り扱ã„ã«ã¤ã„ã¦ã¯ã“ã®è¨˜äº‹ã§ã¯è©³ç´°ã«ã¯è§¦ã‚Œã¾ã›ã‚“ãŒã€éŽåŽ»ã®ç¿»è¨³è¨˜äº‹ãŒå‚考ã«ãªã‚Šã¾ã™ã€‚
例ãˆã°WordPressを使用ã™ã‚‹å ´åˆã€wordpressãŠã‚ˆã³mysqlコンテナã«ãƒžã‚¦ãƒ³ãƒˆã™ã‚‹ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã‚’ホスト上ã«ä½œæˆã—ã€å†åº¦docker-compose upã—ã¦ã¿ã‚‹ã¨ä½œæˆã—ãŸãƒ•ã‚©ãƒ«ãƒ€ã®ãƒ‘ーミッションãŒãƒ¦ãƒ¼ã‚¶ãƒ¼è‡ªèº«ã®ã‚‚ã®ã‹ã‚‰å¤‰æ›´ã•ã‚Œã¦ã„ã‚‹ã“ã¨ãŒç¢ºèªã§ãã¾ã™ã€‚
å†ç¾æ‰‹é †
先程ã®wordpressフォルダã®ä¸ã«wordpressã¨dbã®2ã¤ã®ãƒ•ã‚©ãƒ«ãƒ€ã‚’作æˆã™ã‚‹
$ mkdir wordpress db $ chmod 777 wordpress db $ vi docker-compose.yml
docker-compose.ymlã®å†…容
version: '3.1'
services:
wordpress:
image: wordpress
restart: always
ports:
- 8080:80
environment:
WORDPRESS_DB_HOST: db
WORDPRESS_DB_USER: exampleuser
WORDPRESS_DB_PASSWORD: examplepass
WORDPRESS_DB_NAME: exampledb
volumes:
- ./wordpress:/var/www/html
db:
image: mysql:5.7
restart: always
environment:
MYSQL_DATABASE: exampledb
MYSQL_USER: exampleuser
MYSQL_PASSWORD: examplepass
MYSQL_RANDOM_ROOT_PASSWORD: '1'
volumes:
- ./db:/var/lib/mysql
#volumes:
# wordpress:
# db:
docker-compose up後ã®ã‚«ãƒ¬ãƒ³ãƒˆãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã®æ‰€æœ‰æ¨©ã‚’確èª
$ ls -l åˆè¨ˆ 12 drwxrwxrwx. 6 100998 user 4096 8月 17 01:15 db -rw-rw-r--. 1 user user 585 8月 17 01:12 docker-compose.yml drwxr-xr-x. 5 100032 100032 4096 8月 17 01:15 wordpress
ã“ã®å ´åˆã€UIDã®100998ã¨100032ã¯ã‚³ãƒ³ãƒ†ãƒŠå†…ã§å®Ÿè¡Œã—ã¦ã„るプãƒã‚»ã‚¹ã®ãƒ›ã‚¹ãƒˆä¸Šã®UIDã§ã™ã€‚下記ã§ã¯www-dataã¨mysqlãŒè©²å½“ã—ã¾ã™ã€‚
$ podman top wordpress_wordpress_1 user huser USER HUSER root 1000 www-data 100032 www-data 100032 www-data 100032 www-data 100032 www-data 100032 $ podman top wordpress_db_1 user huser USER HUSER mysql 100998
ホスト上ã§ã¯ä¸€èˆ¬ãƒ¦ãƒ¼ã‚¶ãƒ¼ã¨ã—ã¦userã€UID:1000ã§å®Ÿè¡Œã•ã‚Œã¦ã„ã¾ã™ã®ã§ç•°ãªã‚‹æ‰€æœ‰æ¨©ã®ãƒ•ã‚¡ã‚¤ãƒ«/フォルダã¯ç›´æŽ¥æ“作ãŒä¸å¯ã¨ãªã‚Šã¾ã™ã€‚
$ rm -rf db wordpress rm: 'db/mysql' を削除ã§ãã¾ã›ã‚“: 許å¯ãŒã‚ã‚Šã¾ã›ã‚“ rm: 'db/performance_schema' を削除ã§ãã¾ã›ã‚“: 許å¯ãŒã‚ã‚Šã¾ã›ã‚“ rm: 'db/sys' を削除ã§ãã¾ã›ã‚“: 許å¯ãŒã‚ã‚Šã¾ã›ã‚“ rm: 'db/exampledb' を削除ã§ãã¾ã›ã‚“: 許å¯ãŒã‚ã‚Šã¾ã›ã‚“ rm: 'wordpress/.htaccess' を削除ã§ãã¾ã›ã‚“: 許å¯ãŒã‚ã‚Šã¾ã›ã‚“ (以下ã€çœç•¥ï¼‰
ホストå´ã¨ãƒ•ã‚¡ã‚¤ãƒ«ã®ã‚„ã‚Šå–ã‚Šã‚’è¡Œã†ã«ã—ã¦ã‚‚都度sudoコマンドを使用ã™ã‚Œã°ã§ããªãã‚‚ç„¡ã„ã§ã™ãŒã€æ‰€æœ‰æ¨©ã‚’æ„è˜ã—ãªãŒã‚‰ã®æ“作ã¨ãªã‚‹ã®ã§ã‹ãªã‚Šæ‰‹é–“ã§ã™ã€‚
対処ã¨ã—ã¦ã¯Podmanã«ã¯podman unshareã¨ã„ã†ä¾¿åˆ©ãªã‚³ãƒžãƒ³ãƒ‰ãŒç”¨æ„ã•ã‚Œã¦ã„ã¾ã™ã€‚
$ podman unshare # ls -l åˆè¨ˆ 12 drwxrwxrwx. 6 systemd-coredump root 4096 8月 17 01:15 db -rw-rw-r--. 1 root root 585 8月 17 01:12 docker-compose.yml drwxr-xr-x. 5 33 tape4096 8月 17 01:15 wordpress
podman unshareコマンドを使用ã™ã‚‹å®Ÿè¡Œã™ã‚‹ä¸€èˆ¬ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®User Namespaceã«å…¥ã£ãŸçŠ¶æ…‹ã«ãªã‚‹- 先程ã®UID
100998ã¨100032ã‹ã‚‰æ‰€æœ‰è€…ã®è¡¨ç¤ºãŒå¤‰æ›´ã•ã‚Œã¦ã„ã‚‹ã“ã¨ãŒç¢ºèªã§ãã‚‹
ã“ã®ã‚ˆã†ã«podman unshareを使ã†ã“ã¨ã§sudoを使ã‚ãšã«User Namespace内ã§ç›´æŽ¥ãƒ•ã‚¡ã‚¤ãƒ«ã€ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã®æ“作ãŒè¡Œã†ã“ã¨ãŒã§ãるよã†ã«ãªã‚Šã¾ã™ã€‚
podman unshareã«ã¤ã„ã¦ã¯ä¸‹è¨˜ã®ãƒ–ãƒã‚°ã‚‚å‚考ã«ã—ã¦ãã ã•ã„。
- Running rootless Podman as a non-root user | Enable Sysadmin
- Dealing with user namespaces and SELinux on rootless containers | Enable Sysadmin
ã¾ã¨ã‚
Podman v3.2以é™ã§å¯¾å¿œã—ãŸãƒ«ãƒ¼ãƒˆãƒ¬ã‚¹ã§docker-composeを実行ã™ã‚‹æ–¹æ³•ã‚’紹介ã—ã¾ã—ãŸã€‚
RHEL 8å‘ã‘ã®Podmanパッケージもv3.2.3ã¸ã¨æ›´æ–°ã•ã‚ŒãŸã®ã§RHEL 8ã§ã‚‚ã™ãã«ä½¿ã†ã“ã¨ãŒå¯èƒ½ã§ã™ã€‚
docker-composeã®å®Ÿè¡Œã«ã¤ã„ã¦ã¯ã‚³ãƒ³ãƒ†ãƒŠã¨ã—ã¦å®Ÿè¡Œã™ã‚‹æ–¹æ³•ã‚’紹介ã—ã¾ã—ãŸã€‚ã“ã‚Œã«ã‚ˆã‚Šå®Ÿè¡Œå…ƒãƒ›ã‚¹ãƒˆã«è¿½åŠ ã§ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ä½œæ¥ãŒä¸ç”¨ã«ãªã‚Šã¾ã™ã€‚
ã¾ãŸã€ãƒ«ãƒ¼ãƒˆãƒ¬ã‚¹ãƒ¢ãƒ¼ãƒ‰ã®èª²é¡Œã¨ã—ã¦ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªãƒžã‚¦ãƒ³ãƒˆæ™‚ã«æ‰€æœ‰æ¨©ã®å•é¡Œã‚’紹介ã—ã¾ã—ãŸã€‚podman unshareを使ã†ã“ã¨ã§ä¸€èˆ¬ãƒ¦ãƒ¼ã‚¶ãƒ¼ã®ã¾ã¾ãƒ›ã‚¹ãƒˆå´ã¨ã‚³ãƒ³ãƒ†ãƒŠé–“ã§ã®ãƒ•ã‚¡ã‚¤ãƒ«æ“作ãªã©ãŒå®¹æ˜“ã«ãªã‚Šã¾ã™ã€‚
ãªãŠã€docker-composeを使用ã›ãšã«podman runã§ç›´æŽ¥ã‚³ãƒ³ãƒ†ãƒŠã‚’èµ·å‹•ã™ã‚‹å ´åˆã¯--userns keep-idã¨ã„ã†ä¾¿åˆ©ãªã‚ªãƒ—ションãŒä½¿ãˆã¾ã™ã€‚ã—ã‹ã—ãªãŒã‚‰ã“ã‚Œã¯Podman固有ã®ã‚ªãƒ—ションã®ãŸã‚Dockerã®ãŸã‚ã®ã‚¢ãƒ—リã§ã‚ã‚‹docker-composeã§ã¯å®Ÿè£…ã•ã‚Œã¦ãŠã‚‰ãšä½¿ç”¨ã§ãã¾ã›ã‚“。複数ã®ã‚³ãƒ³ãƒ†ãƒŠã‚’実行ã—ã¤ã¤ãƒ›ã‚¹ãƒˆå´ã®ãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã‚’マウントã™ã‚‹å ´åˆã¯Podman podsã®åˆ©ç”¨ã‚’推奨ã—ã¾ã™ã€‚
docker-compose ã‹ã‚‰ Podman podsã¸ç§»è¡Œã™ã‚‹æ–¹æ³•ã«ã¤ã„ã¦ã¯ã¾ãŸåˆ¥ã®æ©Ÿä¼šã«ç´¹ä»‹ã—ãŸã„ã¨æ€ã„ã¾ã™ã€‚
*1:pipã§ã®ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«ã¯ä»£æ›¿ãˆæ‰‹æ®µã¨ã—ã¦æ›¸ã‹ã‚Œã¦ã„ã‚‹ã®ã§ã€æœ¬æ¥ã¯ã“ã¡ã‚‰ãŒãƒ¡ã‚¤ãƒ³ã®ã‚¤ãƒ³ã‚¹ãƒˆãƒ¼ãƒ«æ–¹æ³•ã®æ¨¡æ§˜
