From a8754ad470923367b39ca3a36c301786ef106957 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Anders=20F=20Bj=C3=B6rklund?= Date: Sat, 24 Oct 2020 10:43:05 +0200 Subject: [PATCH] Upgrade podman to version 2.1.1 and remove varlink Add the podman group, to remove "sudo varlink bridge" Use the podman socket /run/podman/podman.sock instead --- deploy/kicbase/Dockerfile | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/deploy/kicbase/Dockerfile b/deploy/kicbase/Dockerfile index 66e6fd7bbe7a..4970738ab4d1 100644 --- a/deploy/kicbase/Dockerfile +++ b/deploy/kicbase/Dockerfile @@ -110,7 +110,7 @@ RUN sh -c "echo 'deb https://download.docker.com/linux/ubuntu focal stable' > /e RUN sh -c "echo 'deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list" && \ curl -LO https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/xUbuntu_20.04/Release.key && \ apt-key add - < Release.key && \ - clean-install containers-common catatonit conmon containernetworking-plugins cri-tools podman-plugins varlink + clean-install containers-common catatonit conmon containernetworking-plugins cri-tools podman-plugins # install cri-o based on https://github.com/cri-o/cri-o/blob/release-1.18/README.md#installing-cri-o RUN sh -c "echo 'deb https://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable:/cri-o:/1.18/xUbuntu_20.04/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable:cri-o:1.18.list" && \ @@ -119,10 +119,17 @@ RUN sh -c "echo 'deb https://download.opensuse.org/repositories/devel:/kubic:/li clean-install cri-o cri-o-runc # install podman -RUN sh -c "echo 'deb https://dl.bintray.com/afbjorklund/podman focal main' > /etc/apt/sources.list.d/podman.list" && \ - curl -L https://bintray.com/user/downloadSubjectPublicKey?username=afbjorklund -o afbjorklund-public.key.asc && \ - apt-key add - < afbjorklund-public.key.asc && \ - clean-install podman=1.9.3~1 +RUN sh -c "echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/xUbuntu_20.04/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list" && \ + curl -LO https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/xUbuntu_20.04/Release.key && \ + apt-key add - < Release.key && \ + clean-install podman && \ + addgroup --system podman && \ + mkdir -p /etc/systemd/system/podman.socket.d && \ + printf "[Socket]\nSocketMode=0660\nSocketUser=root\nSocketGroup=podman\n" \ + > /etc/systemd/system/podman.socket.d/override.conf && \ + mkdir -p /etc/tmpfiles.d && \ + echo "d /run/podman 0770 root podman" > /etc/tmpfiles.d/podman.conf && \ + systemd-tmpfiles --create # automount service COPY automount/minikube-automount /usr/sbin/minikube-automount @@ -133,7 +140,7 @@ RUN ln -fs /usr/lib/systemd/system/minikube-automount.service \ # disable non-docker runtimes by default RUN systemctl disable containerd && systemctl disable crio && rm /etc/crictl.yaml # enable docker which is default -RUN systemctl enable docker +RUN systemctl enable docker.service && systemctl enable podman.socket # making SSH work for docker container # based on https://github.com/rastasheep/ubuntu-sshd/blob/master/18.04/Dockerfile RUN mkdir /var/run/sshd @@ -148,6 +155,7 @@ EXPOSE 22 # create docker user for minikube ssh. to match VM using "docker" as username RUN adduser --ingroup docker --disabled-password --gecos '' docker RUN adduser docker sudo +RUN adduser docker podman RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers USER docker RUN mkdir /home/docker/.ssh