<mikroskeem>
matthewcroughan: re: docker using more ram than podman
2021-05-16
<azazel>
matthewcroughan: I think podman it's serviceless, so probably it uses less ram than docker
<matthewcroughan>
Does anybody happen to know if docker uses more ram than podman, for example?
<matthewcroughan>
Just going to guess that buildGoModule and buildGoPackage is not the correct way to build Podman, if we want to support more than x86 or aarch64.
<matthewcroughan>
So. If they talk about cross-compilation like it's not an issue, *and* this line "# Podman does not work w/o CGO_ENABLED, except in some very specific cases", then surely it must be possible.
<{^_^}>
containers/podman#5413 (by aleks-mariusz, 1 year ago, closed): issue cross-compiling podman for armv6..
<mikroskeem>
tho my bet for the podman compilation issue is that CGO_ENABLED gets set to falsy value on cross compilation
<matthewcroughan>
We are however ignoring the cross-compiling stuff in the podman makefile, in favor of using buildGoModule, is that the right thing to do?
<matthewcroughan>
Here's an example log for Podman.
<matthewcroughan>
I mean, Docker doesn't cross-compile for armv7l because of perl. But Podman doesn't compile due to "build constraints exclude all Go files in ...", which implies, I think, that cross-compilation isn't working.
2021-04-22
<redmp_>
pennae: there are some issues on the podman github about it, so i assumed it wasn't related to the nixos wrappers or anything
<pennae>
can't immediately find anything like that in podman though
<redmp_>
hrm.. so even after overriding podman to version 3.1.0 it still leaks dbus processes with every command lol
<Synthetica>
redmp: Sorry, I meant that _I_ don't use podman
<redmp>
Synthetica: why'd you say "don't use podman"? i have to use it for a class I TA.. i'd prefer not to have docker because of the priv escalation issues
<redmp>
Synthetica: me neither.. maybe i need to add `internal = True;` to my overlaid podman package?
<Synthetica>
(don't use podman tho)
<redmp>
oh, lol. i've already tried doing this and failed.. i have an overlay in my configuration.nix which sets podman to an overridden version 3.1.0 and also overrides its src with a fetchFromGithub
<redmp>
since podman is installed as a module enabled with virtualisation.podman.enable
<redmp>
would i put the overridden podman package into the virtualisation.podman.extraPackages list?
<redmp>
since this is probably a bug in podman, not nixos, is it safe to just override the podman package in my configuration.nix with a newer version from unstable?
<redmp>
hi! i've noticed that dbus-daemon processes and fuser-overlay processes leak when i use podman on nixos-20.09
<neonfuz2>
I'm using nixos-20.09, I've enabled podman with docker emulation by wiki instructions. Trying to do a docker-build now I get "Found default OCIruntime /nix/store/...-crun-0.14.1/bin/crun path which is missing from [engine.runtimes] in containers.conf"
<neonfuz2>
I'm getting an odd error when trying to use podman
2021-04-02
<jkachmar>
for some reason I can't particularly fathom, it looks like the `docker` backend can get DNS resolution working almost instantly for a container whereas `podman` takes around about a minute and a half after the container loads up
<supersandro2000>
and why not podman? because you can't get their networking set up on Debian.
<gchristensen>
matthewcroughan: yeah, podman implements docker in a more script-like approach
<gchristensen>
podman calls so many random programs it is hard to catch them all :(
<jkachmar>
like, i would have expected ZFS + podman backend to be a common enough configuration that I wouldn't be the first person to trip this up
<supersandro2000>
jkachmar: could be that the podman binary needs to be wrapped with zfs in PATH
<jkachmar>
I got sick of trying to make `docker` work w/ the declarative firewall so I'm trying to move some of my stuff over to the `podman` backend, but I'm getting stuck at even the most basic step of spinning a container up
<jkachmar>
Anyone running `podman` as the OCI containers backend w/ ZFS as their underlying FS?
<m3thos>
sorry, won't repeat, here is the output of the systemctl status podman-hello: http://sprunge.us/Vo7f9E
<m3thos>
backend = "podman";
<m3thos>
podman = {
<m3thos>
running the container w/ podman manually works fine.. but not through the nixos systemd generated files
<m3thos>
anyone else had problems recently with running podman containers ?
<m3thos>
hey there, I'm in desperate need for help. I was using without issues podman container defined in configuration.nix and it ran fine, I've since then tinkered with my configuration and I no longer can get it to work
<jschievink>
I rebooted and now rootless podman seems to work fine
<adisbladis>
jschievink: I think you might be inheriting some env from root that confuses podman
<jschievink>
I'm just trying to run `podman run -it alpine /bin/sh`
<adisbladis>
Then you could su to the user and run podman
<adisbladis>
You might try `podman --cgroup-manager=cgroupfs`
<adisbladis>
jschievink: I think it may be related since podman assumes systemd as the cgroup manager
<jschievink>
hey folks, I'm trying to get rootless podman working, but it's failing with "lchown /etc/shadow: invalid argument" and complaining about insufficient UIDs/GIDs, despite /etc/{subuid,subgid} being set up correctly
<srk>
had similar fun with one deployment, ended up with podman and oci-containers for now
2021-02-05
<adisbladis>
crdb: I think the person most qualified to answer this is not on irc. Could you report an issue and cc the podman team? (just reference @NixOS/podman in the issue)
<microbY>
Guys, is there a tool that takes systemd.service files and outputs nix compatible systemd definition that I can paste back into configuration.xml ? I am using podman to run containers, and podman can only generate sysytemd files if I want to start the containers on startup....
2021-01-28
<adisbladis>
Siyo: Podman provides a wrapper that can more than the default set of underlying runtimes
<Siyo>
why can't I just `let backendPath = if cfg.backend == "podman" then "${pkgs.podman}/bin/podman}" else ... ?
<infinisil>
Then in the docker and podman modules
<Siyo>
Interesting, the podman service depends on /nix/store/s1fjms4140cwls29ijmvxmwskyj344sz-system-path
<lordcirth>
Siyo, ok, that is strange. I'm not familiar with podman, though
<Siyo>
lordcirth, ok to reproduce it I just enabled some completely random nixos service and it restarted all of my podman containers
<Siyo>
I guess podman must rely on some core thing that updates very often
2021-01-25
<Mic92>
podman seems to use some c libraries so
<Mic92>
Hail_Spacecake: not for me, but you can set LD_DEBUG=libs when running podman to see if it is due to dlopen
<Hail_Spacecake>
podman is written in go, right?
<Hail_Spacecake>
whenever I run `podman logs` on any container, I get an error "unable to open handle to the library"
<cloud>
It looks like libnvidia-container doesn't support the new cgroup hierarchy, which means both the docker and podman nvidia container runtime derviations will stop working without setting a specific kernel parameter to disable the hierarchy. Is it kosher to set a kernel parameter as part of a nixos module?
<{^_^}>
[nixpkgs] @cpcloud opened pull request #110701 → nomad-driver-podman: init at 0.2.0 → https://git.io/JtZfS
2021-01-18
<jkachmar>
has anyone here had luck getting the PiHole container to correctly autostart when using the Podman oci-containers backend?
2021-01-15
<sphalerite>
According to the manpage, 125 means there's an error in podman itself
<sphalerite>
I'm trying to use virtualisation.oci-containers with the podman backend, but my container is failing silently: Jan 15 09:16:23 vivo systemd[1]: podman-home-assistant.service: Main process exited, code=exited, status=125/n/a
2021-01-10
<ajs124>
does 20.10 support "modern" technologies like nftables or cgroupsv2? I've had to replace docker with podman, because it doesn't have either of them.
<{^_^}>
[nixpkgs] @cpcloud opened pull request #108547 → podman: add nvidia runtime support → https://git.io/JLNwz
2021-01-01
<mica[m]>
how can I get inside a podman container? systemd says the container is up and running, but podman doesn't list the image
2020-12-30
<astylian>
bbigras, I am using lxc some times, I haven't try podman yet...
<bbigras>
astylian: maybe you could also consider using podman. I heard it's a docker drop-in replacement without a daemon.
2020-12-23
<sphalerite>
docker or podman is probably the least-friction option. You could use virtualisation.containers to specify it in your nixos config.
2020-12-18
<tobiasBora>
bougyman: is there a quick way to run an app with podman? I love the way steam-run works, and I'd prefer not to write an image everytime I want to run a program
<simonpe^^>
hey! We use nix in my project to cross compile source code for embedded devices. Usually we use dockerTools.buildImage and deploy an OCI container but now we have a new device with only 8MB of flash so we can't afford the podman binary or even systemd on that device. An additional requirement is that the software is installed FHS-style on the device. How would we deploy this software to our new tiny
2020-11-15
<dxtr>
Hmm, so isn't there a way to run the podman api service by default?
<leonardp>
i should add: i want to use podman and want to change the location of the local image store
2020-11-09
<pta2002>
podman really needs a nix-native way to declare pods
<pta2002>
podman* thing i guess
<pta2002>
I'm trying to use virtualisation.oci-containers to manage a podman container and I want to make it connect to the system's postgresql instance
<dminuoso>
You say you want to build docker images from a dockerfile with nix, but this is with podman...
<pta2002>
i keep saying docker but i'm using podman
2020-10-30
<matthewcroughan_>
Dockerfiles output OCI compliant container images. There are other tools that output this format and can run this format. Such as Podman and Buildah, rather than Docker and Dockerd.
<matthewcroughan_>
Podman runs OCI container images. Which you can make in many ways.
<matthewcroughan_>
DigitalKiWicked: No. Podman is nothing to do with Docker :P
<DigitalKiWicked>
isn't podman a docker thing
2020-10-29
<cole-h>
matthewcroughan_: Sorry, I'm totally unfamiliar with both nix-on-droid and podman.
<matthewcroughan_>
cole-h: here's the podman error on nix-on-droid
<matthewcroughan_>
the reason is interesting, it's because podman tries to build, and the build doesn't work on non-linux platforms?
<matthewcroughan_>
cole-h: I got nix-on-droid working on my phone, but can't get Podman working
2020-10-28
<andi->
I'm now running podman within runInLinuxVM to execute code inside a container as part of my build
2020-10-27
<pheoxy>
anyone using podman got a missing cni default network issue on running containers?
2020-10-25
<matthewcroughan_>
Can you use podman on bsd?
2020-10-21
<Reiser>
Has anyone had success running podman inside a nixos-container? Running into errors regarding not finding a fuse device
2020-10-13
<{^_^}>
[nixpkgs] @zowoq pushed commit from @avdv to release-20.03 « podman: Add patch for CVE-2020-14370 »: https://git.io/JTt6x
<pheoxy>
I've read the message on the wiki that podman will have a easier install in 20.09 for nix-configs
<pheoxy>
without root works fine but I'm trying to get some containers moved over from a old ubuntu box that was using docker. I've switched most of my computers to using podman but thats on my fedora laptop and it works fine
<pheoxy>
anyone know why I keep getting "Missing CNI default network" on root podman on NixOS 20.03?
2020-09-16
<infinisil>
Those modules currently support both podman and docker
2020-09-02
<allgreed>
steveeJ: OMG thank you so much, podman worked like a charm <3 all I needed to do was add `--storage-driver=vfs`, since apparently you cannot run overlayfs over overlayfs [some warning about turtles all the way down jk]
2020-09-01
<{^_^}>
[nixpkgs] @zowoq pushed commit from @saschagrunert to master « podman: 2.0.5 -> 2.0.6 »: https://git.io/JUYL6
<steveeJ>
I've not tested any of that. could you try podman instead?
<arianvp>
It seems like a reinvention of something that is already shipped in systemd anyway. and then we don't need to jump through hoops when running podman in a systemd service because we can just use Type=simple no?
<arianvp>
Why is conmon a thing? Why do podman and cri-o use it to double fork and monitor the cgroup; instead of just running "systemd-run <command here>" to hook it into systemd's cgroup hierarchy directly?
2020-08-30
<inanimat3_r0d>
thanks bbigras, perhaps if the podman route doesn't work I'll try again under 20.03+docker
<bbigras>
I'm using it with docker, not podman.
<inanimat3_r0d>
a podman network does seem to exist (according to "podman network ls") and I changed my docker-compose file to explicitly try to use it, but... still the error above
<inanimat3_r0d>
Under 20.03, docker daemon doesn't seem to start & stay running, so I went to unstable (where virtualisation.podman.enable seems to be a thing) but I can't seem to do much more than "podman-compose build", any attempt to start those containers gives "Missing CNI default network"
<{^_^}>
[nixpkgs] @sikmir opened pull request #75093 → podman-compose: init at 0.1.5 → https://git.io/JeysA
2019-11-28
<ij>
if I have docker container defined in nix, how should I best deploy it with nixops, so I can run a systemctl service with podman? if I just use the store path of the image, it will get transported automatically, but what about importing? how do I import it once?
<arianvp>
I should ask lennart what his plan is with it; both podman and systemd are developed at Redhat :P
<adisbladis>
arianvp: podman is supposedly a drop-in replacement (without the daemon)
<adisbladis>
gchristensen: Have you looked into podman anything?
2019-08-05
<jsgrant_>
Saw podman is packaged, kinda want to look into how hard it'd be to get 'fedora-toolbox' working for it -- having an optional mutable state seems like a sweat-spot to ease into things from within NixOS 'on real hardware'; Compared to the path I see a lot of people going where they install it on an existing distro (nix) or a VM beforehand. :^P