search

containers / podman

Podman: A tool for managing OCI containers and pods.
https://podman.io
Apache License 2.0
23.27k stars 2.37k forks source link

Converting docker-compose.yaml to Podman Pod -- Nonfunctional in Several Ways #9644

Closed quantum77 closed 3 years ago

quantum77 commented 3 years ago

cat /usr/bin/docker

!/bin/sh

[ -f /etc/containers/nodocker ] || \ echo "Emulate Docker CLI using podman. Create /etc/containers/nodocker to quiet msg." >&2 exec /usr/bin/podman "$@"

The first issue is that creation of the /run symlink in the podman-docker package... is backwards.

cat /etc/tmpfiles.d/podman-docker.conf

L+ /run/docker.sock - - - - /run/podman/podman.sock

L+ /run/podman/podman.sock - - - - /run/docker.sock

But the corrected directive does in fact put the proper symlink in /run/podman/ .

That is, until the systemd service podman.socket is started. This steps on the symlink, replacing it with the podman.sock socket again, as I explained on IRC before I was banned by bbaude.

Each of the above, mean that the process of converting a docker-compose.yaml to a podman pod could never have worked. No, it has never worked and could not have.

But there's a worse problem. Even while podman.socket is running, if you delete /run/podman/podman.sock and put in the symlink to /run/docker.sock named podman.sock... podman still can not see the running docker containers. # systemd status confirms that it is listening on /run/docker.sock. Docker sees them just fine and has full control over them, but podman is blind to them.

I even copied podman.socket to /etc/systemd/system/ and modified these lines thus: ListenStream=%t/docker.sock

SocketMode=0660

... nevertheless podman remains blind to the docker containers.

Since podman is blind to the docker containers, there can be no conversion from docker-compose.yaml to a podman pod, rootless or otherwise. podman generate does not and can not work.

I explained this as clearly and politely as I could, but was banned. The problem is with podman. Not me.

Given the way I've been treated thusfar I expect this issue will not be addressed, so I will just move on and make my own containers and pods rather than trying to use anything Docker-premade. At least I tried.

/kind bug

mheon commented 3 years ago

Can you clarify what exactly you're trying to do here?

It sounds as though you're attempting to point a Podman client at a Docker server. That has never been a supported configuration, and is not something we intend to support - Podman uses the new Libpod APIs, not the compatible Docker APIs. A Podman client can only work against a Podman server - so there's no way to run podman generate systemd against a Docker container. I don't think they store the metadata we need to reconstruct the original run command, so it's likely not possible even if one were to attempt to re-implement using the Docker API. The intent of our compatibility promise with Docker is to allow easy migration to Podman, not direct interoperation between Docker and Podman.

quantum77 commented 3 years ago

As I say, I am trying to convert a docker-compose.yaml... -into- a podman pod. I want a podman pod, to run these services which the docker-compose.yaml was built to run, but you can not use a docker-compose.yaml directly in podman so it has to be converted.

Or more accurately the docker structure is stood up, then podman generate reads from that its characteristics... and makes its own pod yaml.

I am trying to convert docker hub mailu/postfix into a podman pod yaml.

The first file you see above is part of the official podman-docker package, as noted, which I was told by bbaude is mandatory for this sort of conversion, and I am sure comes from him. /usr/bin/docker is actually a script which substitutes podman for docker.

The second file above, /etc/tmpfiles.d/podman-docker.conf, is also part of the official podman-docker package, as noted, and inserts into /run/podman/ a symlink -- except it doesn't because the arguments are backwards first of all. And the second problem is then when podman.service is invoked by podman.socket, it steps on this symlink so it is no more. This will happen every time the podman.service is invoked, so a symlink created on boot is no match for a running service. I got banned from the IRC for politely raising this issue. Somebody's emotional.

And all of these issues have never been caught because this process has never. been. done. before, and couldn't have been. These three issues prove it. I assiduously used the instructions here: https://www.redhat.com/sysadmin/compose-kubernetes-podman

But finally, even with podman.socket calling podman.service to listen in on /run/docker.sock -- so it can garner its characteristics to build a podman generate pod -- it doesn't as podman can not see the docker containers or images.

I say again: podman... can. not. see. the docker containers or images.

If it's still not clear I just don't know how to say it any simpler. I am trying to convert a docker-compose.yaml... into a podman pod. No one has never done this before, because everything is busted.

Talk down to me and ban me, but the above are just facts, however powerful the devs may be. I tried to tell you but was banned for it.

mheon commented 3 years ago

I'm still extremely confused over here. The blog you're linking is about directly running Docker Compose against Podman - there is no converting occurring in it. The tmpfiles.d directive also looks correct from my (admittedly limited) understanding of the syntax - create a link from /run/docker.sock to the Podman API socket at /run/podman/podman.sock, to enable Docker applications to access Docker as if it were Podman. There are no issues with symlinks being stomped by Podman in this case, either, because /run/podman.sock is the link target, not the link itself.

I'm also confused by your comment that "Podman cannot see the Docker containers or images" - what do you mean by this? Do you mean the containers/images managed by Compose?

mheon commented 3 years ago

Sorry, wording correction: should have said "to enable Docker applications to access Podman as if it were Docker". What I get for writing this late at night.

quantum77 commented 3 years ago

All I can say it Try It. Use the article to try and convert mailu/postfix, or Hell any docker image with multiple interacting containers. Just follow the instructions and see what happens. I don't know what else to say.

rhatdan commented 3 years ago

The goal is to eliminate the need of the Docker daemon from the system. The podman service can be setup to listen on /run/docker.sock or in the case of the podman-docker package, it creates a link from /run/docker.sock-> /run/podman/podman.sock. This then allows you to run the docker-compose tool and have it create podman containers.

If you want to convert to pods from compose, then you could first run compose and then use podman generate kube to take the compose containers and build kubernetes based yaml files to support it.

As described here:

https://www.redhat.com/sysadmin/compose-kubernetes-podman

This will be further described in containersplumbing.org this week.

I don't see this as an issue, I am closing.

quantum77 commented 3 years ago

If you want to convert to pods from compose, then you could first run compose and then use podman generate kube to take the compose containers and build kubernetes based yaml files to support it. https://www.redhat.com/sysadmin/compose-kubernetes-podman

You haven't understood my posts. This is what I -did- do and these are the instructions I -did- follow. No one has actually bothered to -try- this process though obviously, including bbaude. And evidently no one can understand what I'm talking about.

I don't care, go ahead and close. Leave it non-functional for others to deal with. I've gone another direction. I tried to tell you.

rhatdan commented 3 years ago

Well I really have no idea what you are talking about. Could you try explaining it again.

Semo commented 3 years ago

My personal guess is and correct me if I'm wrong, that @quantum77 was simply trying to find a automated way to translate a docker-compose.ymlfile into something that podman can understand and use the YAML file's contents to specify "how to run" a pod/container. 3rd post:

As I say, I am trying to convert a docker-compose.yaml... -into- a podman pod. I want a podman pod, to run these services which the docker-compose.yaml was built to run, but you can not use a docker-compose.yaml directly in podman so it has to be converted.

But it seems he/she lacks a bit on focussing and clarification. He/she references some chat on an IRC nobody knows of.

quantum77 commented 3 years ago

This is indeed what I was trying to do, however the podman procedure simply can not cope with docker containers which have more advanced features. Further, documentation on the mechanics of this process is non-existent, so I gave up.

Now I am happily creating my own images with buildah, the way I want them. Documentation on this complete procedure is also non-existent but I've figured it out.

It'll be a long time before this is taken up in general unless somebody with actual communications skills makes howto's. I am a busy real estate developer and simply do not have the time. Not inclined to either after the treatment I got from bbaude.