|
So, I spent the last weekend trying out microos on my new practice machine.It is pretty cool. Switching to the transactional mode worked well and was easy. SE-Linux on the other hand does not work well and is not easy. I suspect I have to give up on using rootless podman, or switch off SELinux. Or spend a stupid amount of time learning that stuff. Considering that microos had defaulted to reserve 400Gb for root containers and 20Gb for home including rootless containers, I can guess what they want. Though that isn't documented anywhere. Speaking of stupid time, I also finally managed to get quadlets to function well enough to start understanding them. After around 2 years of bouncing off their terrible documentation. They are pretty cool, and probably even more fun for those people who actually remember the systemd syntax. I still don't understand why I had to convert my self-built container to a kube instead of a container. And I don't understand how or even if I can use other backends with the volume unit system.
|
#
?
May 6, 2024 19:18
|
|
|
|
| # ? May 7, 2024 11:39 |
|
|
On a related note, I've been playing with podman on FreeBSD. It seems very close to usable - random linux containers will fail at step 4/11 when pulling them, and then the same container works fine if I build it locally. The truly custom things, like the ZFS storage backend, seem to work fine? Of course I did all this in service of booting Fedora CoreOS over PXE because I want to test running a small cluster on our retired servers and workstations - but that doesn't mean I can't use FreeBSD as the DHCP/DNS/PXE server.
|
|
#
?
May 6, 2024 22:02
|
|
|
The biggest downside to podman is it's still in rapid development and has a lot of quirks and poor documentation. Early on it was pretty clearly a gateway drug into k8s (that redhat hoped they could turn into an openshift sale) but that's tapered recently. With RHEL9 and derivatives it's a pretty painless container service. I like it a lot more than docker (which is still totally fine, it just feels like it's getting crushed under the weight of its age). Quadlets are a really cool idea.
|
|
#
?
May 6, 2024 22:15
|
|
|
xzzy posted:Quadlets Oh, rad, this will let me get rid of runit and my dozen+ permutations of a "run this container in podman" startup script.
|
|
#
?
May 6, 2024 22:28
|
|
|
VictualSquid posted:So, I spent the last weekend trying out microos on my new practice machine.It is pretty cool. Switching to the transactional mode worked well and was easy. I really recommend against turning off SELinux. If you do you can never turn it back on. Just use the code:
|
|
#
?
May 6, 2024 22:31
|
|
|
I even have users using quadlets to run rootless elasticsearch containers. The best of all worlds.. I don't have to keep ES running, and I don't have to give out root so they can maintain it.
|
|
#
?
May 6, 2024 22:33
|
|
|
Quadlet has undergone a lot of improvement lately. The most recent version of podman should let you define pods for quadlets without having to use kube files. Which makes it dramatically easier to group a stack of containers that need to work together nicely.
|
|
#
?
May 6, 2024 22:45
|
|
|
I'm excited to see that Linux 6.9 will have support for larger console fonts. Is it possible to see if 6.9 actually includes the larger fonts or is it up to someone else (distros?) to provide them now that the support is there? https://www.phoronix.com/news/Linux-6.9-Larger-FBCON-Fonts
|
|
#
?
May 6, 2024 22:54
|
|
|
VictualSquid posted:SE-Linux on the other hand does not work well and is not easy. I suspect I have to give up on using rootless podman, or switch off SELinux. Or spend a stupid amount of time learning that stuff. Considering that microos had defaulted to reserve 400Gb for root containers and 20Gb for home including rootless containers, I can guess what they want. Though that isn't documented anywhere. Do you want to learn SElinux in particular? It looks like microos can use either SE or apparmor, and normally uses apparmor (also what suse defaults to for their other distros). The "container host" role is what picks SE. And if you picked container host that also might be why the storage reserve. Mantle posted:I'm excited to see that Linux 6.9 will have support for larger console fonts. Is it possible to see if 6.9 actually includes the larger fonts or is it up to someone else (distros?) to provide them now that the support is there? It'll be up to distros to ship bigger fonts (easy enough, for high-res fonts you can just bitmap a real font). And then it'll be up to you to set one of the new big fonts to be used.
|
|
#
?
May 6, 2024 23:23
|
|
|
Nitrousoxide posted:Quadlet has undergone a lot of improvement lately. The most recent version of podman should let you define pods for quadlets without having to use kube files. Which makes it dramatically easier to group a stack of containers that need to work together nicely. I've been migrating over from compose files to quadlet pods lately and it's amazing how painless it is.
|
|
#
?
May 7, 2024 01:23
|
|
|
The systemd dependencies you can set up are super slick too. Tired of nginx barfing because a reverse proxy backend isn't running? Systemd will start that for you.  By far my biggest complaint is that rhel9 has deprecated iptables and podman doesn't speak nftables yet. Everything works but it makes managing rules a stupid(er) chore because we converted all our configuration management to use nftables.
|
|
#
?
May 7, 2024 01:59
|
|
|
Inceltown posted:I've been migrating over from compose files to quadlet pods lately and it's amazing how painless it is. I like how it handles auto-updates too. Brings down the current container, pulls the new one, spins it up then, and most importantly, if the healthcheck for the container fails, rolls back to the previous image for the container. Obviously things could still be wrong in a way that don't completely bork the container after an update, but that check is already significantly superior to updates that docker does.
|
|
#
?
May 7, 2024 02:05
|
|
|
You guys are really starting to sell me on podman over docker for my fast-approaching server build
|
|
#
?
May 7, 2024 02:07
|
|
|
FAT32 SHAMER posted:You guys are really starting to sell me on podman over docker for my fast-approaching server build 
|
|
#
?
May 7, 2024 02:32
|
|
|
Computer viking posted:For which combination of OSes? BlankSystemDaemon posted:As computer viking was hinting, it's gonna depend on the OS. Sorry for abandoning this, I figured it out. And, for the record, Rocky Linux 8.9 on both server and client. I eventually figured it out. It was easy, actually, I think I got fooled by a combination of inexperience, firewall rules and services not being started. Full solution here: https://serverfault.com/a/1158965/600891
|
|
#
?
May 7, 2024 07:08
|
|
|
Klyith posted:Do you want to learn SElinux in particular? It looks like microos can use either SE or apparmor, and normally uses apparmor (also what suse defaults to for their other distros). The "container host" role is what picks SE. Yes I picked container host. Though like I said I was mostly surprised that it ships with podman in a configuration that makes rootless hard. When I moved the rootless container storage to /var I needed to copy some selinux rules. So I assumed it was selinux. Unless those commands are identical.
|
|
#
?
May 7, 2024 09:47
|
|
|
|
| # ? May 7, 2024 11:39 |
|
|
FAT32 SHAMER posted:You guys are really starting to sell me on podman over docker for my fast-approaching server build Do it. I was using an app called podlet to convert my commands to quadlets and it worked great. Use it before it becomes outdated. Just remember to set the install option. Which doesn't do what you think, it enables the quadlets. E: add Android's spellcheck to people who hate podman and quadlets. VictualSquid fucked around with this message at 09:55 on May 7, 2024 |
|
#
?
May 7, 2024 09:52
|
|