Possibility to install podman?

Hi,

I was wondering, is podman something that has been considered for running containers on the HPC systems?
It looks like it is drag and drop in terms of replacing docker, but without needing root access and without a daemon, and can even build from Dockerfiles directly (unlike singularity, which can only convert containers).

Cheers,
Johnny

1 Like

Hi @John.Raine we never thought about Podman as (at least I) weren’t aware about this software.

It seems interesting indeed. Do others users have some pros/cons about this software?

Here is a discussion about the differences between Singularity and Podman

Best

Yann

Hi Yann,

I only became aware of it recently myself! But it looks like a nice alternative to test - I’m curious to see the impact on speed, as I imagine singularity will have the edge there.

But my main interest application would be building OCIs, and it would massively simplify IDE workflows with, for example, VS Code.
Podman works perfectly for running dev containers from VS Code on baobab/yggdrasil, whereas at the moment we have a cumbersome workaround for singularity (which isn’t natively supported).

Johnny

Hi Yann,

in spite of the lack of replies from others, would this be something that can be installed?

Cheers,
Johnny

Hi,

I would put this as a priority as a workaround with singularity I have been running has started to become unreliable, impacting my workflow.
I know others e.g. @Manuel.Guth have experienced this too.

Is there any information regarding installing podman on baobab?

Johnny

1 Like

Hi,

please check: New software installed: podman 1.6.4

If someone had time to write a simple “hello world” on the forum as we did for Singularity that would be great and may be of interest for other users.

If of interest for other users, would you mind to describe the issue you have with Singularity and the workaround you used?

Best

Hi Yann,

that’s fantastic, thanks! And having it without module is even better for the application!

The problem with singularity is that we were using it for the environment in which a node.js server was running for VS code remote development. Unfortunately, with vs code remote when one server instance is running, it will not start a new one but instead forward traffic to the currently running server.
This was problematic as to use the IDE for notebooks, debugging, with intellisense and linting we needed vs code to run in different containers depending on which project was being worked on, and is something that could not be supported. It was also often the case that the servers would seemingly partially save their state and so future connections would try to connect to the now not running singularity container, and ignore attempts to run in a new container.

With podman we can use the native docker compatibility, and instead of having the server run within a container, have the server then run commands through the container itself. And with podman having no daemon, this should hopefully not have too large a footprint.
This also means we no longer need to have a wrapper script around ssh to use vs code remotely with singularity, but can instead use the standard ssh exe and let vs code manage the docker (podman) commands itself.

It will also hopefully let us build docker containers on the cluster, which can subsequently be used with singularity. Previously we used gitlab CI for this.

Do you have a link to the example thread, I will see if I can write one.

Thanks again!
Cheers,
Johnny

Hi,

looks like I’m getting thrown a few errors regarding /etc/subuid and /etc/subgid, e.g.

ERRO[0000] cannot find mappings for user raine: No subuid ranges found for user "raine" in /etc/subuid

I suppose I need these for the unprivaleged access in building the pods or docker containers?
I see there are other users in the files already, but it looks like many may be users from quite a while ago, judging by their uid.

Cheers,
Johnny

Hi,

indeed this seems to be needed for stuff such as fakeroot. For singularity we are using a setuid binary so we don’t need to have this files and we don’t manage them centrally. According to this page, if we want to use them we must synchronize them on each node. I’ll check that.

Can you let us know a simple podman command that you try to run so I can reproduce the issue?

Best

Hi Yann,

with

podman pull fedora:latest

I get the error, as well as when using build with a Dockerfile, or run with an existing container. But this is possible the most general to test.

Cheers,
Johnny

Hi,

I’ve populated /etc/subuid and /etc/subgid on login2.baobab and tried the command:

[sagon@login2 ~] $ podman pull fedora:latest
Trying to pull registry.access.redhat.com/fedora:latest...
  name unknown: Repo not found
Trying to pull registry.redhat.io/fedora:latest...
  unable to retrieve auth token: invalid username/password: unauthorized: Please login to the Red Hat Registry using your Customer Portal credentials. Further instructions can be found here: https://access.redhat.com/RegistryAuthentication
Trying to pull docker.io/library/fedora:latest...
Getting image source signatures
Copying blob edad61c68e67 done
Copying config b78af7a836 done
Writing manifest to image destination
Storing signatures
b78af7a836928efd44317e82c8f2f9c86bb83ae915deef1b58dc6465dfa5436e

it seems it worked. Can you confirm? If this is the case, we should find a way to synchronize those files.