Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

devcontainer fail to start when using podman instead of docker #15001

Closed
loynoir opened this issue Jul 21, 2022 · 9 comments · May be fixed by algorand-devrel/bootcamp#30
Closed

devcontainer fail to start when using podman instead of docker #15001

loynoir opened this issue Jul 21, 2022 · 9 comments · May be fixed by algorand-devrel/bootcamp#30
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.

Comments

@loynoir
Copy link

loynoir commented Jul 21, 2022
edited
Loading

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

devcontainer fail to start when using podman instead of docker

Steps to reproduce the issue:

  1. podman run hello world with normal user and root user, ensure podman is working.

  2. vscode generate ubuntu devcontainer config

All choose default

1.1. Ctrl+Shift+P

1.2. remote-containers: add dev configuration files

1.3. choose ubuntu

1.4. choose default

Generated config

.devcontainer/devcontainer.json

{
	"name": "Ubuntu",
	"build": {
		"dockerfile": "Dockerfile",
		"args": { "VARIANT": "focal" }
	},
	"settings": {},
	"extensions": [],
	"remoteUser": "vscode"
}

.devcontainer/Dockerfile

ARG VARIANT="focal"
FROM mcr.microsoft.com/vscode/devcontainers/base:0-${VARIANT}

  1. But, user settings "remote.containers.dockerPath": "podman"

Also tested failed with "remote.containers.dockerPath": "sudo-podman"

  1. click right down reopen in container button.

Describe the results you received:
Image are built using podman, but devcontainer fail to start when using podman instead of docker

Describe the results you expected:
Devcontainer using podman start up working like when using docker.

Additional information you deem important (e.g. issue happens only occasionally):

Output of podman version:

podman version 4.1.1

Output of podman info --debug:

Package info (e.g. output of rpm -q podman or apt list podman):

podman 4.1.1-2

Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide? (https://github.com/containers/podman/blob/main/troubleshooting.md)

Yes

Additional environment details (AWS, VirtualBox, physical, etc.):

Workaround
Remove "remoteUser": "vscode".

Verified mcr.microsoft.com/vscode/devcontainers/base:0-focal has user vscode.

Guess

$ podman history --no-trunc --format "{{.CreatedBy}}" localhost/vsc-xxx-uid
/bin/sh -c #(nop) USER $IMAGE_USER
...
/bin/sh -c #(nop) USER root
RUN ... bash /tmp/library-scripts/common-debian.sh "${INSTALL_ZSH}" "${USERNAME}" "${USER_UID}" "${USER_GID}" "${UPGRADE_PACKAGES}" "true" "true" ...
...

I guess podman is not switch user correctly?

Edit
Reproduce repo

https://github.com/loynoir/reproduce-podman-15001
@openshift-ci openshift-ci bot added the kind/bug Categorizes issue or PR as related to a bug. label Jul 21, 2022
@Luap99
Copy link
Member

Luap99 commented Jul 21, 2022

Can you provide the podman commands that are used to build and run the image? What are the error messages you are seeing?

Do you use it on linux, macos, windows?

@loynoir
Copy link
Author

loynoir commented Jul 21, 2022

I'm on ArchLinux.

Last error is

mkdir: cannot create directory '/root': Permission denied
Exit code 1
Command in container failed: mkdir -p '/root/.vscode-server/bin' && ln -s '/vscode/vscode-server/bin/x64/{{hashA}}' '/root/.vscode-server/bin/{{hashA}}'

@loynoir
Copy link
Author

loynoir commented Jul 21, 2022
edited
Loading

"remote.containers.dockerPath": XXX using one of below

  • docker (rootful docker + usermod)
  • podman
  • sudo-podman

All of three under similar calling.

{{XXX}} build \
  -f /path/to/.devcontainer/Dockerfile \
  -t vsc-tmp.{{hash}} \
  --build-arg VARIANT=focal \
  /path/to/.devcontainer

...

{{XXX}} build \
  -f /tmp/vsch/updateUID.Dockerfile-0.191.1 \
  -t vsc-tmp.{{hash}}-uid \
  --build-arg BASE_IMAGE=vsc-tmp.{{hash}} \
  --build-arg REMOTE_USER=vscode \
  --build-arg NEW_UID=1000 \
  --build-arg NEW_GID=1000 \
  --build-arg IMAGE_USER=root \
  /tmp/vsch

docker (rootful docker + usermod)

Start: Run in container: test -d /home/vscode/.vscode-server
Start: Run in container: test -d /home/vscode/.vscode-remote
...

podman

Start: Run in container: test -d /root/.vscode-server
Start: Run in container: test -d /root/.vscode-remote
...

sudo-podman

Start: Run in container: test -d /root/.vscode-server
Start: Run in container: test -d /root/.vscode-remote
...

@rhatdan
Copy link
Member

rhatdan commented Jul 22, 2022

First are you running both in rootful mode?
@flouthoc PTAL

@loynoir
Copy link
Author

loynoir commented Jul 22, 2022

@rhatdan

Log updated.

OK in rootful docker + usermod.

Fail in both podman and sudo-podman

@loynoir
Copy link
Author

loynoir commented Jul 22, 2022
edited
Loading

Plus, does below affect build or just shell?

It's the only kind of warning appear in podman and sudo-podman situation.

STEP 6/9: SHELL ["/bin/sh", "-c"]
WARN[0007] SHELL is not supported for OCI image format, 
[/bin/sh -c] will be ignored. Must use `docker` format

@rhatdan
Copy link
Member

rhatdan commented Jul 23, 2022

Use --format docker, to not use OCI Format.

@zephyros-dev
Copy link

zephyros-dev commented Jul 24, 2022
edited
Loading

On devcontainer you also need to specify the containerUser, something like this:

	"runArgs": [
		"--userns=keep-id"
	],
	"remoteUser": "vscode",
	"containerUser": "vscode"

Because I uses bind mount for the code, I need to add --userns=keep-id to access the user in vscode. I uses my default UID and UGID of 1000, which is the same as the vscode user inside the container, so the command map the vscode user inside the container to my user outside. If you run without that options, the bind-mounted files will be inaccessible.
Do note that I disable SELinux, so I'm not sure how it would interact with bind mounting.
Reference: https://blog.lifeishao.com/2021/12/30/replacing-docker-with-podman-for-your-vscode-devcontainers/

@loynoir
Copy link
Author

loynoir commented Jul 24, 2022
edited
Loading

Ah, get it working.

settings.json

  "remote.containers.dockerPath": "podman-devcontainer-wrapper",
  // "remote.containers.dockerComposePath": "podman-compose-devcontainer-wrapper"

devcontainer.json

    "remoteUser": "vscode",
    "containerUser": "vscode"

podman-devcontainer-wrapper

BUILDAH_FORMAT=docker \
PODMAN_USERNS=keep-id \
podman "$@"

ref

@loynoir loynoir closed this as completed Jul 24, 2022
@loynoir loynoir mentioned this issue Jul 24, 2022
Open
@hoang-himself hoang-himself mentioned this issue Mar 27, 2023
Closed
@mendo- mendo- mentioned this issue May 31, 2023
Open
@acidghost acidghost mentioned this issue Jul 19, 2023
Open
@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Sep 20, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Sep 20, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add devcontainer mendo-/bootcamp
4 participants
@rhatdan @Luap99 @zephyros-dev @loynoir