podman

podman rootless (and docker rootless) - bits and bobs

backstory Recently I helped someone out online (by providing a tiny pointer) with rootless containers and I realized that I might have some useful pointers (bits and bobs). These are somewhat related to my previous blogpost about JFrog - Xray and Insight. In the last couple of years, I have had experience with running OCI (Open Container Initiative) compliant rootless containers with podman rootless and sometimes with docker rootless. Most docker-compose files and how to’s online focus on the root full variants, which you definately do not want.

JFrog - Xray and Insight - rootless

JFrog is probably mostly known, because of their software product: Artifactory (artifact management software). But they also provide other pieces of software which integrate with Artifactory. For example they have XRay (security essentials) and Insight (DevOps intelligence tool). Recently I was able to play around with both XRay and Insight (together with a good friend) to get those Java tools to run on a hardened Linux server, as a proof of concept.

podman unshare - docker rootless - nsenter

Ever since I switched to podman, I really appreciated the rootless setup. Something about increased security. Recently I had to help someone out with docker rootless and I was really missing podman unshare. Which basically is the unshare subcommand. Luckily something similar exists, which can be used for docker rootless, namely nsenter. To execute a command in the namespace of the docker rootless daemon, you can use this: nsenter -U --preserve-credentials -n -t $(pgrep dockerd) somecommand

Small issues (and fixes) when moving to Ubuntu 23.04

Recently I upgraded my main Ubuntu system from 22.10 (Kinetic Kudu) to 23.04 (Lunar Lobster). I’m used to having little downtime and only minor issues. The same applies now, except that I had some small issues. Since I can not be the only one, I wanted to share these (YMMV). pipewire Sound worked fine after the update, except for the volume knob of my Das Keyboard 4 (Ultimate Edition). Controlling the volume via the GUI worked fine by the way.

Podman volume - Permission denied

Recently I was using podman and started prometheus and was unpleasantly surprised with the following errors: ts=2022-07-13T06:35:38.724Z caller=query_logger.go:113 level=error component=activeQueryTracker msg="Failed to create directory for logging active queries" ts=2022-07-13T06:35:38.724Z caller=query_logger.go:91 level=error component=activeQueryTracker msg="Error opening query log file" file=/prometheus/data/queries.active err="open data/queries.active: no such file or directory" panic: Unable to create mmap-ed active query log goroutine 1 [running]: github.com/prometheus/prometheus/promql.NewActiveQueryTracker({0x336d549, 0x5}, 0x14, {0x3d8ba20, 0xc0004e3590}) /app/promql/query_logger.go:121 +0x3cd main.main() /app/cmd/prometheus/main.go:618 +0x69d3 exit code: 2 At first I focused on the mmap-ed panic message, but that was the result of an earlier error.