Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Documentation: Some missing details for running in podman #1256

Open
3 tasks done
BixelPitch opened this issue Oct 18, 2024 · 1 comment
Open
3 tasks done

Documentation: Some missing details for running in podman #1256

BixelPitch opened this issue Oct 18, 2024 · 1 comment
Labels
kind/docs

Comments

@BixelPitch
Copy link

BixelPitch commented Oct 18, 2024
edited by crazy-max
Loading

Support guidelines

I've found a bug and checked that ...

  • ... the documentation does not mention anything about my problem
  • ... there are no open or closed issues that are related to my problem

Description

Hi!
I have encountered the following error message in the logs right at startup:

Fri, 18 Oct 2024 08:56:02 UTC ERR Cannot create Docker client error="permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get \"http://%2Fvar%2Frun%2Fdocker.sock/v1.44/version\": dial unix /var/run/docker.sock: connect: permission denied" provider=docker

I followed the documentation for running DIUN under docker and also had a look on the section of podman:
https://crazymax.dev/diun/install/docker/

I use diun in a rootless podman setup.

At first I thought there must be a bug, because I correctly set everything up according to the docs. But then I compared the settings with the ones I had in place for my traefik container - which is also relying on the docker.sock/podman.sock. I had similar issues there until I added the security flag:

--security-opt label=type:container_runtime_t

Which enables the container in actually read the docker sock while not being a completely privileged container. So I would propose to update the documentation on the doc website to add/mention this.

Expected behaviour

Proposed documentation:

version: "3.5"

services:
  diun_app:
    image: docker.io/crazymax/diun:latest
    # security_opt is neccessary if you use podman in rootless mode to apply the correct SELinux rules
    security_opt:
      - "label=type:container_runtime_t"
    volumes:
      - "./data:/data:z"
      # root mode
      - "/run/podman/podman.sock:/var/run/docker.sock:ro"
      # rootless mode
      #- "$XDG_RUNTIME_DIR/podman/podman.sock:/var/run/docker.sock:ro"
      # or
      #- "/run/user/1000/podman/podman.sock:/var/run/docker.sock:ro"
    environment:
      - "TZ=Europe/Paris"
      - "DIUN_WATCH_WORKERS=20"
      - "DIUN_WATCH_SCHEDULE=0 */6 * * *"
      - "DIUN_WATCH_JITTER=30s"
      - "DIUN_PROVIDERS_DOCKER=true"
    labels:
      - "diun.enable=true"
    restart: always

Actual behaviour

Current documentation:

version: "3.5"

services:
  diun_app:
    image: docker.io/crazymax/diun:latest
    volumes:
      - "./data:/data"
      # root mode
      - "/run/podman/podman.sock:/var/run/docker.sock"
      # rootless mode
      #- "$XDG_RUNTIME_DIR/podman/podman.sock:/var/run/docker.sock"
      #- "/run/user/1000/podman/podman.sock:/var/run/docker.sock"
    environment:
      - "TZ=Europe/Paris"
      - "DIUN_WATCH_WORKERS=20"
      - "DIUN_WATCH_SCHEDULE=0 */6 * * *"
      - "DIUN_WATCH_JITTER=30s"
      - "DIUN_PROVIDERS_DOCKER=true"
    labels:
      - "diun.enable=true"
    restart: always

Steps to reproduce

  1. https://crazymax.dev/diun/install/docker/#podman

Diun version

v4.28.0

Docker info

$ podman version
Client:       Podman Engine
Version:      4.9.4-rhel
API Version:  4.9.4-rhel
Go Version:   go1.21.13 (Red Hat 1.21.13-4.el9_4)
Built:        Mon Oct 14 03:26:59 2024
OS/Arch:      linux/arm64

Docker Compose config

No response

Logs

Fri, 18 Oct 2024 08:56:02 UTC INF Starting Diun version=v4.28.0
Fri, 18 Oct 2024 08:56:02 UTC INF Configuration loaded from 8 environment variable(s)
Fri, 18 Oct 2024 08:56:02 UTC INF Cron triggered
Fri, 18 Oct 2024 08:56:02 UTC ERR Cannot create Docker client error="permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get \"http://%2Fvar%2Frun%2Fdocker.sock/v1.44/version\": dial unix /var/run/docker.sock: connect: permission denied" provider=docker
Fri, 18 Oct 2024 08:56:02 UTC WRN No image found
Fri, 18 Oct 2024 08:56:02 UTC INF Jobs completed added=0 failed=0 skipped=0 unchanged=0 updated=0
Fri, 18 Oct 2024 08:56:02 UTC INF Cron initialized with schedule 0 */6 * * *
Fri, 18 Oct 2024 08:56:02 UTC INF Next run in 3 hours 4 minutes (2024-10-18 12:00:07.199599131 +0000 UTC)

Additional info

No response
@crazy-max
Copy link
Owner

Feel free to open a PR thanks!

BixelPitch added a commit to BixelPitch/diun that referenced this issue Jan 12, 2025
@BixelPitch
docs(crazy-max#1256): add correction for podman setup
304d912
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/docs
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@crazy-max @BixelPitch