Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support podman as container runtime by upgrading debian container image #1925

Open
ericzolf opened this issue Feb 23, 2022 · 4 comments
Open

Support podman as container runtime by upgrading debian container image #1925

ericzolf opened this issue Feb 23, 2022 · 4 comments

Comments

@ericzolf
Copy link

issue

when trying to start the containers front, pusher, back, uploader, messages as described in docker-compose.single-domain.yaml using podman, they fail all with exactly the same logs message:

sudo: unable to send audit message
sudo: pam_open_session: System error
sudo: policy plugin failed session initialization

There is probably one unique thing to fix to make it work under podman, which would simplify development on Fedora, CentOS and RHEL.

reproduce

There are multiple ways but here is mine under Fedora 35:

  1. install ansible-core and podman
  2. install containers.podman collection (ansible-galaxy collection install containers.podman)
  3. start in a separate console sudo podman system service --time=0
  4. source .env.template
  5. run ansible-playbook -K workadventure.single-domain.up.yml using
    workadventure.single-domain.up.yml placed in the root directory of the workadventure Git repo
  6. sudo podman ps -a resp sudo podman logs front (for example) show the issue described above

comments
@ericzolf
Copy link
Author

I saw the comment about (allowPrivilegeEscalation under Kubernetes](https://hub.docker.com/r/thecodingmachine/nodejs), but it's not the same error message, and other images don't have an issue with sudo without special parameter (which I wouldn't know the equivalent for podman). For example docker.io/thecodingmachine/php:8.1-v4-apache-node12 doesn't show the issue, a sudo is possible without issue.

The main difference I see betwen both images is that the failing one uses debian-slim where the other uses ubuntu, but that doesn't tell me how to fix the issue.

@ericzolf
Copy link
Author

I can reproduce the issue with the base image:

$ sudo podman run -it --rm debian:stretch-slim
# apt update
# apt install sudo
# sudo -i

@ericzolf
Copy link
Author

The above steps succeed on debian:bullseye-slim so the solution might be as "simple" as bumping the base image version everywhere.

@ericzolf ericzolf changed the title Support podman as container runtime Support podman as container runtime by upgrading debian container image Feb 24, 2022
@lukashass
Copy link
Collaborator

Have you seen thecodingmachine/docker-images-nodejs#14?

On another note: As far as I can see it would be possible to replace most of the development images (except maps) with official node images.

@ericzolf ericzolf mentioned this issue Mar 2, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ericzolf @lukashass