Open yeswalrus opened 1 year ago
Thanks for reaching out, @yeswalrus!
@giuseppe @rhatdan WDYT? I am not sure the chmod -Rf
trick will work in all cases, would it?
It will require you to use fuse-overlayfs as well, as I understand it.
yes and set force_mask="shared"
in the storage.conf
file
A friendly reminder that this issue had no activity for 30 days.
@yeswalrus Interested in writing the documentation?
@giuseppe @vrothberg Should we blog on this? How do setup an additional store to be shared amongst non root users?
@giuseppe @vrothberg Should we blog on this? How do setup an additional store to be shared amongst non root users?
Absolutely. Just need to find a new blog site :´(
Just use podman.io
A friendly reminder that this issue had no activity for 30 days.
Bumping to remove stale - I'd appreciate this blog right about now, even for non-remote filesystems, thanks to how osbuild-composer embeds images for the root user only into /usr/share/containers/storage/overlay-images ...
Note that configuring a system-wide login script to set CONTAINERS_STORAGE_CONF=/etc/containers/storage.conf allows that file to act as both rootful and rootless podman storage.conf. However, I'm not part of the Podman/containers development team, so there may be a good reason to have a separate file.
However, the basic problem of needing to chmod -R a+rx
I second the request to fully document the process, and respectfully request that the chmod be integrated into "podman --root=
If users want to improve the documentation on this, go for it.
@martinfg2 please open a different discussion/issue on getting podman pull support to automatically do the chmod -R a+rx.
Feature request description
In HPC cluster environments, where there are a large number of separate users on separate colocated machines connected to a large shared file store, it is extremely valuable to be able to have an
additionalimagecache
directory located in the cluster's shared storage. This prevents every machine in the cluster needing to make a local copy, which can be time consuming and wastes space.HPC clusters are often extremely security sensitive, so it's ideal for the user account responsible for updating the shared cache to not require root access. This is possible to do right now, but is relatively undocumented. Please add official documentation & guidance for the workflow I've discovered, perhaps updating the primary blog post on using
additionalimagestores
, and support this workflow officially.Suggest potential solution
I can imagine several improvements to
podman pull
that would improve this workflow:chmod -R
after on the whole directoryHave you considered any alternatives?
Since the core request is to update the documentation & officially support this sort of workflow, the alternative is that you don't do that & we keep using this workflow, and possibly publish my own blogpost.
Additional context
The following python script, run by a non-root account, appears to work in an HPC cluster with a relatively old version of podman (2.2.1):