From fe2d074608d9be4e6023987df4f39cf81e2ab1c7 Mon Sep 17 00:00:00 2001 From: Axel Obermeier Date: Mon, 6 May 2019 07:44:45 +0200 Subject: Update installation instructions Signed-off-by: h-vetinari --- docs/tutorials/podman_tutorial.md | 111 +-------------------- install.md | 198 ++++++++++++++++++++++++++------------ 2 files changed, 139 insertions(+), 170 deletions(-) diff --git a/docs/tutorials/podman_tutorial.md b/docs/tutorials/podman_tutorial.md index f972853e6..032b7c851 100644 --- a/docs/tutorials/podman_tutorial.md +++ b/docs/tutorials/podman_tutorial.md @@ -8,114 +8,9 @@ commands with Podman. **NOTE**: the code samples are intended to be run as a non-root user, and use `sudo` where root escalation is required. -## Install Podman on Fedora from RPM Repositories -Fedora 27 and later provide Podman via the package manager. -```console -sudo dnf install -y podman -``` - -*Optional*: If you've already installed podman on Fedora and you're feeling -adventerous, you can test the very latest podman in Fedora's `updates-testing` -repository before it goes out to all Fedora users. -```console -sudo yum distro-sync --enablerepo=updates-testing podman -``` - -If you use a newer podman package from Fedora's `updates-testing`, we would -appreciate your `+1` feedback in [Bodhi, Fedora's update management -system](https://bodhi.fedoraproject.org/updates/?packages=podman). - -## Install Podman on Fedora from Source -Many of the basic components to run Podman are readily available from the Fedora RPM repositories. -In this section, we will help you install all the runtime and build dependencies for Podman, -acquire the source, and build it. - -### Installing build and runtime dependencies -```console -sudo dnf install -y git runc libassuan-devel golang golang-github-cpuguy83-go-md2man glibc-static \ - gpgme-devel glib2-devel device-mapper-devel libseccomp-devel \ - atomic-registries iptables containers-common containernetworking-cni \ - conmon ostree-devel -``` -### Building and installing podman - -First, configure a `GOPATH` (if you are using go1.8 or later, this defaults to `~/go`), then clone -and make libpod. - -```console -export GOPATH=~/go -mkdir -p $GOPATH -git clone https://github.com/containers/libpod/ $GOPATH/src/github.com/containers/libpod -cd $GOPATH/src/github.com/containers/libpod -make -sudo make install PREFIX=/usr -``` - -You now have a working podman environment. Jump to [Familiarizing yourself with Podman](#familiarizing-yourself-with-podman) -to begin using Podman. - -## Install podman on Ubuntu - -The default Ubuntu cloud image size will not allow for the following exercise to be done without increasing its -capacity. Be sure to add at least 5GB to the image. Instructions to do this are outside the scope of this -tutorial. For this tutorial, the Ubuntu **artful-server-cloudimg** image was used. +## Installing Podman -### Installing build and runtime dependencies - -#### Installing base packages -```console -sudo apt-get update -sudo apt-get install libdevmapper-dev libglib2.0-dev libgpgme11-dev golang libseccomp-dev libostree-dev \ - go-md2man libprotobuf-dev libprotobuf-c0-dev libseccomp-dev python3-setuptools -``` -#### Building and installing conmon -First, configure a `GOPATH` (if you are using go1.8 or later, this defaults to `~/go`), then clone -and make libpod. - -```console -export GOPATH=~/go -mkdir -p $GOPATH -git clone https://github.com/kubernetes-sigs/cri-o $GOPATH/src/github.com/kubernetes-sigs/cri-o -cd $GOPATH/src/github.com/kubernetes-sigs/cri-o -mkdir bin -make bin/conmon -sudo install -D -m 755 bin/conmon /usr/libexec/podman/conmon -``` -#### Adding required configuration files -```console -sudo mkdir -p /etc/containers -sudo curl https://raw.githubusercontent.com/projectatomic/registries/master/registries.fedora -o /etc/containers/registries.conf -sudo curl https://raw.githubusercontent.com/containers/skopeo/master/default-policy.json -o /etc/containers/policy.json -``` -#### Installing CNI plugins -```console -git clone https://github.com/containernetworking/plugins.git $GOPATH/src/github.com/containernetworking/plugins -cd $GOPATH/src/github.com/containernetworking/plugins -./build_linux.sh -sudo mkdir -p /usr/libexec/cni -sudo cp bin/* /usr/libexec/cni -``` -#### Installing CNI config -Add a most basic network config -```console -mkdir -p /etc/cni/net.d -curl -qsSL https://raw.githubusercontent.com/containers/libpod/master/cni/87-podman-bridge.conflist | sudo tee /etc/cni/net.d/99-loopback.conf -``` -#### Installing runc -```console -git clone https://github.com/opencontainers/runc.git $GOPATH/src/github.com/opencontainers/runc -cd $GOPATH/src/github.com/opencontainers/runc -make BUILDTAGS="seccomp" -sudo cp runc /usr/bin/runc -``` - -### Building and installing Podman -```console -git clone https://github.com/containers/libpod/ $GOPATH/src/github.com/containers/libpod -cd $GOPATH/src/github.com/containers/libpod -make -sudo make install PREFIX=/usr -``` +For installing or building Podman, please see the [installation instructions](install.md). ## Familiarizing yourself with Podman @@ -128,7 +23,7 @@ podman run -dt -p 8080:8080/tcp -e HTTPD_VAR_RUN=/var/run/httpd -e HTTPD_MAIN_CO -e HTTPD_CONTAINER_SCRIPTS_PATH=/usr/share/container-scripts/httpd/ \ registry.fedoraproject.org/f27/httpd /usr/bin/run-httpd ``` -Because the container is being run in detached mode, represented by the *-d* in the podman run command, podman +Because the container is being run in detached mode, represented by the *-d* in the `podman run` command, Podman will print the container ID after it has run. Note that we use port forwarding to be able to access the HTTP server. For successful running at least slirp4netns v0.3.0 is needed. diff --git a/install.md b/install.md index bd7f326c3..82dd4c36a 100644 --- a/install.md +++ b/install.md @@ -8,7 +8,7 @@ sudo pacman -S podman ``` -If you have problems when running podman in [rootless](README.md#rootless) mode follow [these instructions](https://wiki.archlinux.org/index.php/Linux_Containers#Enable_support_to_run_unprivileged_containers_(optional)) +If you have problems when running Podman in [rootless](README.md#rootless) mode follow the instructions [here](https://wiki.archlinux.org/index.php/Linux_Containers#Enable_support_to_run_unprivileged_containers_(optional)) #### [Fedora](https://www.fedoraproject.org), [CentOS](https://www.centos.org) @@ -16,7 +16,6 @@ If you have problems when running podman in [rootless](README.md#rootless) mode sudo yum -y install podman ``` - #### [Fedora-CoreOS](https://coreos.fedoraproject.org), [Fedora SilverBlue](https://silverblue.fedoraproject.org) Built-in, no need to install @@ -39,7 +38,7 @@ Built-in, no need to install #### [RHEL7](https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux) -Subscribe, then enable Extras channel and install podman. +Subscribe, then enable Extras channel and install Podman. ```bash sudo subscription-manager repos --enable=rhel-7-server-extras-rpms @@ -53,8 +52,12 @@ sudo yum module enable -y container-tools:1.0 sudo yum module install -y container-tools:1.0 ``` +### Installing development versions of Podman + #### [Ubuntu](https://www.ubuntu.com) +The latest builds are available in a PPA. Take note of the [Build and Run Dependencies](#build-and-run-dependencies) listed below if you run into any issues. + ```bash sudo apt-get update -qq sudo apt-get install -qq -y software-properties-common uidmap @@ -63,25 +66,20 @@ sudo apt-get update -qq sudo apt-get -qq -y install podman ``` -Take note of the [Build and Run Dependencies](#build-and-run-dependencies) listed below if you run into any issues. - -## Building from scratch +#### Fedora -### Prerequisites +You can test the very latest Podman in Fedora's `updates-testing` +repository before it goes out to all Fedora users. -#### runc installed - -The latest version of `runc` is expected to be installed on the system. It is picked up as the default runtime by podman. - -#### conmon installed - -The latest version of `conmon` is expected to be installed on the system. Conmon is used to monitor OCI Runtimes. +```console +sudo yum distro-sync --enablerepo=updates-testing podman +``` -#### Setup CNI networking +If you use a newer Podman package from Fedora's `updates-testing`, we would +appreciate your `+1` feedback in [Bodhi, Fedora's update management +system](https://bodhi.fedoraproject.org/updates/?packages=podman). -A proper description of setting up CNI networking is given in the [`cni` README](cni/README.md). -But the gist is that you need to have some basic network configurations enabled and -CNI plugins installed on your system. +## Building from scratch ### Build and Run Dependencies @@ -90,7 +88,7 @@ CNI plugins installed on your system. Fedora, CentOS, RHEL, and related distributions: ```bash -yum install -y \ +sudo yum install -y \ atomic-registries \ btrfs-progs-devel \ conmon \ @@ -118,42 +116,133 @@ yum install -y \ Debian, Ubuntu, and related distributions: ```bash -apt-get install -y \ +sudo apt-get install \ btrfs-tools \ git \ golang-go \ go-md2man \ iptables \ libassuan-dev \ + libc6-dev \ libdevmapper-dev \ libglib2.0-dev \ - libc6-dev \ - libgpgme11-dev \ + libgpgme-dev \ libgpg-error-dev \ + libostree-dev \ libprotobuf-dev \ libprotobuf-c0-dev \ libseccomp-dev \ libselinux1-dev \ + libsystemd-dev \ pkg-config \ + runc \ uidmap ``` -Debian, Ubuntu, and related distributions will also need to do the following setup: +### Building missing dependencies - * A copy of the development libraries for `ostree`, either in the form of the `libostree-dev` package from the [flatpak](https://launchpad.net/~alexlarsson/+archive/ubuntu/flatpak) PPA, or built [from source](https://github.com/ostreedev/ostree) (more on that [here](https://ostree.readthedocs.io/en/latest/#building)). As of Ubuntu 18.04, `libostree-dev` is available in the main repositories, and the PPA is no longer required. - * [Add required configuration files](https://github.com/containers/libpod/blob/master/docs/tutorials/podman_tutorial.md#adding-required-configuration-files) - * Install conmon, CNI plugins and runc - * [Install conmon](https://github.com/containers/libpod/blob/master/docs/tutorials/podman_tutorial.md#building-and-installing-conmon) - * [Install CNI plugins](https://github.com/containers/libpod/blob/master/docs/tutorials/podman_tutorial.md#installing-cni-plugins) - * [runc Installation](https://github.com/containers/libpod/blob/master/docs/tutorials/podman_tutorial.md#installing-runc) - Although installable, the latest runc is not available in the Ubuntu repos. Version 1.0.0-rc4 is the minimal requirement. +If any dependencies cannot be installed or are not sufficiently current, they have to be built from source. +This will mainly affect Debian, Ubuntu, and related distributions, or RHEL where no subscription is active (e.g. Cloud VMs). -**NOTE** +#### ostree -If using an older release or a long-term support release, be careful to double-check that the version of `runc` is new enough (running `runc --version` should produce `spec: 1.0.0`), or else [build](https://github.com/containers/libpod/blob/master/docs/tutorials/podman_tutorial.md#installing-runc) your own. +A copy of the development libraries for `ostree` is necessary, either in the form of the `libostree-dev` package +from the [flatpak](https://launchpad.net/~alexlarsson/+archive/ubuntu/flatpak) PPA, +or built [from source](https://github.com/ostreedev/ostree/blob/master/docs/contributing-tutorial.md) +(see also [here](https://ostree.readthedocs.io/en/latest/#building)). As of Ubuntu 18.04, `libostree-dev` is available in the main repositories, +and the PPA is no longer required. -Be careful to double-check that the version of golang is new enough, version 1.10.x or higher is required. If needed, golang kits are available at https://golang.org/dl/ +To build, use the following (running `make` can take a while): +```bash +git clone https://github.com/ostreedev/ostree ~/ostree +cd ~/ostree +git submodule update --init +# for Fedora, CentOS, RHEL +sudo yum install -y automake bison e2fsprogs-devel fuse-devel libtool xz-devel zlib-devel +# for Debian, Ubuntu etc. +sudo apt-get install -y automake bison e2fsprogs fuse liblzma-dev libtool zlib1g + +./autogen.sh --prefix=/usr --libdir=/usr/lib64 --sysconfdir=/etc +# remove --nonet option due to https:/github.com/ostreedev/ostree/issues/1374 +sed -i '/.*--nonet.*/d' ./Makefile-man.am +make +sudo make install +``` + +#### golang + +Be careful to double-check that the version of golang is new enough (i.e. `go version`), version 1.10.x or higher is required. +If needed, golang kits are available at https://golang.org/dl/. Alternatively, go can be built from source as follows +(it's helpful to leave the system-go installed, to avoid having to [bootstrap go](https://golang.org/doc/install/source): + +```bash +export GOPATH=~/go +git clone https://go.googlesource.com/go $GOPATH +cd $GOPATH +git checkout tags/go1.10.8 # optional +cd src +./all.bash +export PATH=$GOPATH/bin:$PATH +``` -**Optional** +#### conmon + +The latest version of `conmon` is expected to be installed on the system. Conmon is used to monitor OCI Runtimes. +To build from source, use the following (if not already executed above, run `export GOPATH=~/go && mkdir -p $GOPATH`): + +```bash +git clone https://github.com/cri-o/cri-o $GOPATH/src/github.com/cri-o/cri-o +cd $GOPATH/src/github.com/cri-o/cri-o +mkdir bin +make bin/conmon +sudo install -D -m 755 bin/conmon /usr/libexec/podman/conmon +``` + +#### runc + +The latest version of `runc` is expected to be installed on the system. It is picked up as the default runtime by Podman. +Version 1.0.0-rc4 is the minimal requirement, which is available in Ubuntu 18.04 already. +To double-check, `runc --version` should produce at least `spec: 1.0.1`, otherwise build your own: + +```bash +git clone https://github.com/opencontainers/runc.git $GOPATH/src/github.com/opencontainers/runc +cd $GOPATH/src/github.com/opencontainers/runc +make BUILDTAGS="selinux seccomp" +sudo cp runc /usr/bin/runc +``` + +#### CNI plugins + +```bash +git clone https://github.com/containernetworking/plugins.git $GOPATH/src/github.com/containernetworking/plugins +cd $GOPATH/src/github.com/containernetworking/plugins +./build_linux.sh +sudo mkdir -p /usr/libexec/cni +sudo cp bin/* /usr/libexec/cni +``` + +#### Setup CNI networking + +A proper description of setting up CNI networking is given in the [`cni` README](cni/README.md). + +Using the CNI plugins from above, a more basic network config is achieved with: + +```bash +mkdir -p /etc/cni/net.d +curl -qsSL https://raw.githubusercontent.com/containers/libpod/master/cni/87-podman-bridge.conflist | sudo tee /etc/cni/net.d/99-loopback.conf +``` + + +#### Add configuration + +```bash +sudo mkdir -p /etc/containers +sudo curl https://raw.githubusercontent.com/projectatomic/registries/master/registries.fedora -o /etc/containers/registries.conf +sudo curl https://raw.githubusercontent.com/containers/skopeo/master/default-policy.json -o /etc/containers/policy.json +``` + + +#### Optional packages Fedora, CentOS, RHEL, and related distributions: @@ -168,53 +257,38 @@ apt-get install -y \ ### Get Source Code -As with other Go projects, PODMAN must be cloned into a directory structure like: +As with other Go projects, Podman must be cloned into a directory structure like: ``` GOPATH └── src └── github.com - └── containers - └── libpod -``` - -First, configure a `GOPATH` (if you are using go1.8 or later, this defaults to `~/go`) -and then add $GOPATH/bin to your $PATH environment variable. - -```bash -export GOPATH=~/go -mkdir -p $GOPATH -export PATH=$PATH:$GOPATH/bin + └── containers + └── libpod ``` -Next, clone the source code using: +First, ensure that the go version that is found first on the $PATH (in case you built your own; see [above](#golang)) is sufficiently recent - +`go version` must be higher than 1.10.x). Then we can finally build Podman (assuming we already have a `$GOPATH` and the corresponding folder, +`export GOPATH=~/go && mkdir -p $GOPATH`): ```bash -mkdir -p $GOPATH/src/github.com/containers -cd $_ # or cd $GOPATH/src/github.com/containers -git clone https://github.com/containers/libpod # or your fork -cd libpod +git clone https://github.com/containers/libpod/ $GOPATH/src/github.com/containers/libpod +cd $GOPATH/src/github.com/containers/libpod +make BUILDTAGS="selinux seccomp" +sudo make install PREFIX= ``` -### Build - -```bash -make install.tools -make -sudo make install -``` +#### Build Tags -Otherwise, if you do not want to build `podman` with seccomp support you can add `BUILDTAGS=""` when running make. +Otherwise, if you do not want to build Podman with seccomp or selinux support you can add `BUILDTAGS=""` when running make. ```bash make BUILDTAGS="" sudo make install ``` -#### Build Tags - -`podman` supports optional build tags for compiling support of various features. -To add build tags to the make option the `BUILDTAGS` variable must be set. +Podman supports optional build tags for compiling support of various features. +To add build tags to the make option the `BUILDTAGS` variable must be set, for example: ```bash make BUILDTAGS='seccomp apparmor' -- cgit v1.2.3-54-g00ecf