jmtd → log → podman generate
I've been working with and on container technology for seven years, but I still learn new things every day. Recently I read the excellent LWN article Docker and the OCI container ecosystem and this was news to me:
Running the docker CLI under a process supervisor only results in supervising the CLI process. This has a variety of consequences for users of these tools. For example, any attempt to limit a container's memory usage by running the CLI as a systemd service will fail; the limits will only apply to the CLI and its non-existent children. In addition, attempts to terminate a client process may not result in terminating all of the processes in the container.
Huh — of course! I hadn't really thought about that. I run a small number of
containers on my home system via docker
(since I was using it at work) and
systemd
, and sometimes I have weird consistency issues. This explains them.
Later:
As a result, Podman plays nicely with tools like systemd; using podman run with a process supervisor works as expected, because the processes inside the container are children of podman run. The developers of Podman encourage people to use it in this way by a command to generate systemd units for Podman containers.
Given the above, it seemed like a good idea to migrate my few local containers
over to Podman. This was easy. The first part is copying the images from
Docker's storage to Podman's. To do this, I used the skopeo
tool:
sudo skopeo copy {docker-daemon,containers-storage}:octoprint/octoprint:latest
(I want to launch these as a superuser, rather than use root-less containers, to isolate the containers from each other: rootless ones are forced to share a common namespace.)
Once the images were copied over, I needed to start up a container instance via Podman. For most of them, running under Docker, I had volume-mounted the important bits for persistent data. I can do the same with Podman:
# podman run -d --rm \
--name octoprint \
-p 8080:80 \
-v /archive/octoprint:/octoprint \
--device /dev/ttyACM0:/dev/ttyACM0 \
octoprint/octoprint
Once an instance was running, I can use podman generate
to create a Systemd
unit file which describes creating an equivalent container:
# cd /etc/systemd/system
# podman generate systemd octoprint \
--new \
--name \
--files
For some of the containers I was running, there are a few more steps required: migrating docker volumes and configuring equivalents for private docker networks. But Podman's versions of those concepts are largely identical. Running a mixture of Podman and Docker containers side-by-side also meant renumbering some private addresses for migrated hosts whilst the original network was still up.
Comments