nawanp
/
wiki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
wiki/podman.myco

54 lines
4.2 KiB
Plaintext
Raw Blame History

**Podman** adalah alat untuk mengelola kontainer dan gambar kontainer. Berbeda dengan [[enwiki>Docker]], Podman memungkinkan pengguna untuk membuat, menjalankan, menghentikan, dan menghapus kontainer tanpa perlu //daemon// atau layanan latar belakang.
= Izinkan //host loopback//
Kontainer //rootless// atau kontainer secara //default// tidak bisa mengakses IP //host loopback// sehingga, semua aplikasi seperti //database// dan //web server// yang berjalan di host tidak bisa mengakses aplikasi yang berjalan di dalam kontainer. Akses //host loopback// bisa diberikan ke kontainer dengan menyertakan opsi `--net slirp4netns:allow_host_loopback=true` saat menjalankan perintah `podman run`.
= Error validating CNI config file(s)
Masalah ini diketahui merupakan [[https://bugs.launchpad.net/ubuntu/+source/libpod/+bug/2024394 | bug]] di Podman versi 3.4.4 di Ubuntu. Seorang [[https://bugs.launchpad.net/ubuntu/+source/libpod/+bug/2024394/comments/2 | pengguna]] menyarankan untuk mengupgrade paket `containernetwork-plugins`.
```
wget http://archive.ubuntu.com/ubuntu/pool/universe/g/golang-github-containernetworking-plugins/containernetworking-plugins_1.1.1+ds1-3_amd64.deb
sudo apt install ./containernetworking-plugins_1.1.1+ds1-3_amd64.deb
```
Sedangkan [[https://bugs.launchpad.net/ubuntu/+source/libpod/+bug/2024394/comments/12 | pengguna lain]] menyebut bahwa mengupgrade podman ke versi terbaru menggunakan repo Kubic dapat juga mengatasi masalah ini untuk sementara.
```
sudo mkdir -p /etc/apt/keyrings
curl -fsSL "https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_$(lsb_release -rs)/Release.key" \
| gpg --dearmor \
| sudo tee /etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg > /dev/null
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/devel_kubic_libcontainers_unstable.gpg]\
https://download.opensuse.org/repositories/devel:kubic:libcontainers:unstable/xUbuntu_$(lsb_release -rs)/ /" \
| sudo tee /etc/apt/sources.list.d/devel:kubic:libcontainers:unstable.list > /dev/null
sudo apt-get update -qq
sudo apt-get -qq -y install podman
```
= docker-compose: permission denied
Kesalahan ini disebabkan oleh `docker-compose` tidak bisa mengakses //socket Podman//.
```
echo 'export DOCKER_HOST=unix:///run/user/$UID/podman/podman.sock' >> .bashrc
source .bashrc
```
= Kontainer tidak dapat terhubung ke host
```
mkdir -p ~/.config/containers
nano containers.conf
```
Kemudian masukkan:
```
[containers]
rootless_networking = "cni"
```
= Kenapa tidak bisa menggunakan sudo dengan Podman //rootless//?
> All of this still doesn't explain why you cannot use sudo and su with rootless containers. The answer is that sudo and su do not create a login session. There are many historical reasons for this, most stemming from the fact that sudo and su are somewhat irregular (one user becoming another user, instead of a fresh login). See this GitHub issue for details. Given this, rootless Podman cannot be used with sudo and su unless loginctl enable-linger is used to force a persistent user session to be created for the user.
-- [[https://www.redhat.com/sysadmin/sudo-rootless-podman | Why can't I use sudo with rootless Podman?]]
= Tidak bisa //mount// volume ke //rootless container//, izin ditolak
Dari [[https://github.com/containers/podman/blob/main/troubleshooting.md#2-cant-use-volume-mount-get-permission-denied]] disebutkan:
> Labeling systems like SELinux require that proper labels are placed on volume content mounted into a container. Without a label, the security system might prevent the processes running inside the container from using the content. By default, Podman does not change the labels set by the OS.
>
> To change a label in the container context, you can add either of two suffixes :z or :Z to the volume mount. These suffixes tell Podman to relabel file objects on the shared volumes. The z option tells Podman that two containers share the volume content. As a result, Podman labels the content with a shared content label. Shared volume labels allow all containers to read/write content. The Z option tells Podman to label the content with a private unshared label. Only the current container can use a private volume.
Reference in New Issue View Git Blame Copy Permalink