From e8791aafa1cfdd415048760d047cda467b5814b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20F=20Bj=C3=B6rklund?= Date: Sat, 24 Oct 2020 10:43:05 +0200 Subject: [PATCH] Upgrade podman to version 2.1.1 and remove varlink Add the podman group, to remove "sudo varlink bridge" Use the podman socket /run/podman/podman.sock instead --- deploy/kicbase/Dockerfile | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/deploy/kicbase/Dockerfile b/deploy/kicbase/Dockerfile index 13bd51a0e0c7..1ff973425813 100644 --- a/deploy/kicbase/Dockerfile +++ b/deploy/kicbase/Dockerfile @@ -110,7 +110,7 @@ RUN sh -c "echo 'deb https://download.docker.com/linux/ubuntu focal stable' > /e RUN sh -c "echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list" && \ curl -LO https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/xUbuntu_20.04/Release.key && \ apt-key add - < Release.key && \ - clean-install containers-common catatonit conmon containernetworking-plugins cri-tools podman-plugins varlink + clean-install containers-common catatonit conmon containernetworking-plugins cri-tools podman-plugins # install cri-o based on https://github.com/cri-o/cri-o/commit/96b0c34b31a9fc181e46d7d8e34fb8ee6c4dc4e1#diff-04c6e90faac2675aa89e2176d2eec7d8R128 RUN sh -c "echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/1.18:/1.18.3/xUbuntu_20.04/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list" && \ @@ -119,10 +119,17 @@ RUN sh -c "echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/lib clean-install cri-o=1.18.3~3 # install podman -RUN sh -c "echo 'deb https://dl.bintray.com/afbjorklund/podman focal main' > /etc/apt/sources.list.d/podman.list" && \ - curl -L https://bintray.com/user/downloadSubjectPublicKey?username=afbjorklund -o afbjorklund-public.key.asc && \ - apt-key add - < afbjorklund-public.key.asc && \ - clean-install podman=1.9.3~1 +RUN sh -c "echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list" && \ + curl -LO https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/xUbuntu_20.04/Release.key && \ + apt-key add - < Release.key && \ + clean-install podman && \ + addgroup --system podman && \ + mkdir -p /etc/systemd/system/podman.socket.d && \ + printf "[Socket]\nSocketMode=0660\nSocketUser=root\nSocketGroup=podman\n" \ + > /etc/systemd/system/podman.socket.d/override.conf && \ + mkdir -p /etc/tmpfiles.d && \ + echo "d /run/podman 0770 root podman" > /etc/tmpfiles.d/podman.conf && \ + systemd-tmpfiles --create RUN mkdir -p /usr/lib/cri-o-runc/sbin && cp /usr/bin/runc /usr/lib/cri-o-runc/sbin/runc @@ -135,7 +142,7 @@ RUN ln -fs /usr/lib/systemd/system/minikube-automount.service \ # disable non-docker runtimes by default RUN systemctl disable containerd && systemctl disable crio && rm /etc/crictl.yaml # enable docker which is default -RUN systemctl enable docker +RUN systemctl enable docker.service && systemctl enable podman.socket # making SSH work for docker container # based on https://github.com/rastasheep/ubuntu-sshd/blob/master/18.04/Dockerfile RUN mkdir /var/run/sshd @@ -150,6 +157,7 @@ EXPOSE 22 # create docker user for minikube ssh. to match VM using "docker" as username RUN adduser --ingroup docker --disabled-password --gecos '' docker RUN adduser docker sudo +RUN adduser docker podman RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers USER docker RUN mkdir /home/docker/.ssh