Fedora VM for podman

TL;DR: jump into the running VM with tools ready.

# run and provision the VM
vagrant up

# enter the VM
vagrant ssh

Note: It is crucial to have at least 1 GB of RAM allocated for the VM. Otherwise, you might encounter strange behaviour caused by OOM kill.

All-in-One Vagrant setup

This directory is a reference cloud image with container tools podman, skopeo and buildah installed. This Vagrantfile creates a VM with nfs-tools installed so you can use the VM for independent builds with an option to share artefacts using NFS.

Test it

extracted from https://docs.fedoraproject.org/en-US/iot/buildah/

buildah from fedora
buildah run fedora-working-container dnf install httpd -y
echo "<html />" >index.html
buildah copy fedora-working-container index.html /var/www/html/index.html
buildah config --entrypoint "/usr/sbin/httpd -DFOREGROUND" fedora-working-container
buildah commit fedora-working-container fedora-myhttpd
buildah images
podman run fedora-myhttpd

Step by step explained

1. buildah from fedora creates fedora-working-container (the actual name is shown in CLI)
2. buildah run fedora-working-container dnf install httpd -y simple install, note the familiar dnf install httpd -y (forced install of httpd aka apache 2.4).
3. echo "<html />" >index.html make the simplest HTML page.
4. buildah copy fedora-working-container index.html /var/www/html/index.html put created index.html into proper place inside the container.
5. buildah commit fedora-working-container fedora-myhttpd bake the container into permanent image (per user though)
6. buildah images list the images available (you should see fedora-httpd listed among them).
7. podman run -p 8080:80 fedora-myhttpd run the container and redirect local port of 8080 to the container port 80 (privileged port).

Builder notes

Some details that you might find useful when doing experiments with this repo and guide.

Alternative Virsh

In case you do not have vagrant, but only the virsh go to sub-directory usingVirsh. This directory contains few scripts that can help you to achieve the same but using virsh (libvirt-bin package on Ubuntu).

Provisioning the VM

The few commands that you have to run as root sudo -i to get it working when you have vanilla Fedora running somewhere. In the Vagrantfile the packages are squashed into one line.

Note: If you do not need the NFS, then leave out the nfs-tools package and rpcbind service start and enable.

# switch to root account
sudo -i

# start with updating the system
yum update -y

# install semanage
yum install policycoreutils-python-utils -y

# then install the container tools
yum install podman buildah skopeo -y

# also install the NFS client
yum install nfs-tools -y

# turn on rpcbind
systemctl start rpcbind
systemctl enable rpcbind

Debugging the SE Linux

You might find it useful to turn off SE Linux or better-said switching it into permissive. When that done, you should then spot all issue that would block the execution as log messages.

# disable at runtime = switch permissive
setenforce 0

# fix the context, strange labeling that was seen on F30
semanage fcontext -a -t container_file_t /var/lib/containers\(/.*\)\?

# apply it to the filesystem
restorecon -R /var/lib/containers

# disable in config to keep it permissive after reboot
sed -i 's/^\s*SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config

# check state
sestatus