[cfarm-users] Install podman on gcc120.fsffrance.org

Gregor Riepl onitake at gmail.com
Sun Jul 28 08:53:25 CEST 2024 

Kind reminder: I kicked off a discussion about installing podman on all supported cfarm machines last November: https://lists.tetaneutral.net/pipermail/cfarm-users/2023-November/001020.html

Unfortunately, it didn't get very far...

I also asked the cfarm-admins before contacting the users list. Baptiste Jonglez' questions and my answers are attached below.

One little addendum: The overlay driver is used by default from podman 4.6 onwards. It was necessary to configure it explicitly before that version. See this bug for some context: https://github.com/containers/podman/issues/19811

----

> Hi Baptiste,
> 
> I've opened a discussion thread on cfarm-users, but I'm responding to your questions here. I can forward these to the user list as well, if you think it makes sense.
>> Some considerations though:
>>
>> - it needs to be clear that this should be used to build/test/debug free
>>    software (aka the purpose of the farm), not as a way to run long-running
>>    services
> 
> I don't have an idea if it's possible to enforce killing user's containers on logout, but any leftover processes will show up in the system's global process list. They could be killed like any other long-running process if needed.
> 
>> - do you know if it is required to map a range of UID/GID for each user?
>>    The simplest approach for us would be to run all containers as the
>>    existing farm user UID/GID.
> 
> Yes, Podman makes use of so-called subuids and subgids, which must be configured: https://github.com/containers/podman/blob/main/docs/tutorials/rootless_tutorial.md#etcsubuid-and-etcsubgid-configuration
> 
> Debian provides a default configuration, but it may require some tweaking for the cfarm environment.
> 
>> - storing containers in home directory is a good thing, this is where we
>>    have available space
>>
>> - can we easily setup a retention policy across all user containers, for
>>    instance "delete all images and containers that were not used in the
>>    last X months?"
> 
> I suppose it's possible, but there is a caveat: The VFS and OverlayFS drivers store the actual files and directories as-is on disk, which means that a simple file-based retention policy could potentially cripple containers and images, instead of cleaning them up completely.
> 
> There is a podman-system-prune command that supports a date filter, though: https://docs.podman.io/en/latest/markdown/podman-system-prune.1.html
> 
> It sounds like this is a local command that must be executed for each user individually (despite the name).
> 
>> - it looks like overlayFS requires a pretty recent kernel: that would
>>    limit it to bookworm and later, and seemingly exclude CentOS 8 hosts
>>    such as cfarm185
> 
> Debian has had fuse-overlayfs as a dependency of podman since bullseye, despite not actually using OverlayFS by default. The native driver has been in Linux since kernel 5.5 (which, incidentally, includes Debian bullseye and CentOS 8). I don't know if there are any disadvantages in using the Fuse driver, and I haven't tested OverlayFS before Debian trixie.
> 
> Regards,
> Gregor
>

More information about the cfarm-users mailing list