Podman-introduction!
I would like share my experience with mariadb rootless podman installation based on redhat.blog.
The blog’s explains how to podman with rootless permission.
In this short blog, i will emphasis the differences for rootless.
Benefits and difference of Podman vs Docker described in opensource.com In addition to security advantages, running podman in rootless show its maturity and reliability.
Installation RHEL/Centos 7.X
Refer the following centos/podman guide
Set and check host config
sudo -i
echo "user.max_user_namespaces=28633" > /etc/sysctl.d/userns.conf
sysctl -p /etc/sysctl.d/userns.conf
Set and check rootless user
podman unshare cat /proc/self/uid_map
podman unshare cat /proc/self/gid_map
output:
0 1001 1
1 165536 65536
#### Verify the following:
(undercloud) [stack@undercloud-0 ~]$ cat .config/containers/storage.conf
[storage]
driver = "overlay"
runroot = "/run/user/1001"
Use mysql-data as local directory for data persistency. Add mysql permision mysql to access the directory
mkdir mysql-data
podman unshare chown 27:27 $(pwd)/mysql-data
ls -ltr of mysql-data
165562 165562 ... mysql-data
Run container
podman run -i -v $(pwd)/mysql-data:/var/lib/mysql/data:Z -e MYSQL_USER=user -e MYSQL_PASSWORD=pass -e MYSQL_DATABASE=db -p 3306:3306 -P registry.access.redhat.com/rhscl/mariadb-102-rhel7
container will run till stopped
Test it with python connection
netstat -nap | grep 3306
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 17783/slirp4netns
connect pip install mysql # in your python virtualene
>>> import mysql \
>>> db = MySQLdb.connect(host="127.0.0.1", \
... user="user", \
... password="pass", \
... db="db") \
>>> cur = db.cursor() \
>>> cur.execute("CREATE TABLE users( \
... id INT NOT NULL, name VARCHAR(20) \
... NOT NULL, PRIMARY KEY (id) )")
Further reading
rh.dev.blog, opensource.com, redhat.blog, redhat.blog
