From Fedora Project Wiki

(Rootless and privileged modes matrix)
Line 6: Line 6:
 
|actions=
 
|actions=
 
<ol>
 
<ol>
<li>Using `podman`, build `fcct` from a Dockerfile, which is the tool you've used to convert FCCs to Ignition configs. To do this:
+
<li>Using rootless `podman`, build `fcct` from a Dockerfile, which is the tool you've used to convert FCCs to Ignition configs. To do this:
 
<pre>
 
<pre>
git clone https://github.com/coreos/fcct
+
git clone https://github.com/coreos/fcct /tmp/fcct
cd fcct
+
cd /tmp/fcct
podman build -t fcct .
+
podman build -t rootless-test-fcct .
 +
</pre>
 +
<li> Try running the container, e.g. `podman run -ti --rm rootless-test-fcct --help`.
 +
<li> Now try to build the same container, using privileged `podman`:
 +
<pre>
 +
cd /tmp/fcct
 +
sudo podman build -t privileged-test-fcct .
 
</pre>
 
</pre>
<li> Try running the container, e.g. `podman run -ti --rm fcct --help`.
+
<li> Try running the container, e.g. `sudo podman run -ti --rm privileged-test-fcct --help`.
<li> Now, use `docker` to build the container. Note that it might be easier to use a new host since there are [https://docs.fedoraproject.org/en-US/fedora-coreos/faq/#_can_i_run_containers_via_docker_and_podman_at_the_same_time known conflicts between `podman` and `docker`]:
+
 
 +
<li> Now, use privileged `docker` to build the container. Note that this should be performed on a different fresh Fedora CoreOS machine since there are [https://docs.fedoraproject.org/en-US/fedora-coreos/faq/#_can_i_run_containers_via_docker_and_podman_at_the_same_time known conflicts between `podman` and `docker`]:
 
<pre>
 
<pre>
 
git clone https://github.com/coreos/fcct
 
git clone https://github.com/coreos/fcct
cd fcct
+
cd /tmp/fcct
docker build -t fcct .
+
sudo docker build -t docker-fcct .
 
</pre>
 
</pre>
<li> Try running the container, e.g. `docker run -ti --rm fcct --help`.
+
<li> Try running the container, e.g. `sudo docker run -ti --rm docker-fcct --help`.
 
</ol>
 
</ol>
  
 
|results=
 
|results=
# You can build a container using both podman and docker.
+
# You can build a container using podman in rootless mode.
# You can run a built container using podman and docker.
+
# You can run a built container using podman in rootless mode.
 +
# You can build a container using podman in privileged mode.
 +
# You can run a built container using podman in privileged mode.
 +
# You can build a container using docker in privileged mode.
 +
# You can run a built container using docker in privileged mode.
  
 
|optional=
 
|optional=

Revision as of 09:48, 8 June 2020

Description

Install Fedora CoreOS and build and run containers.

Setup

  1. Have access to a (or install a new) FCOS instance running the next stream.

How to test

  1. Using rootless podman, build fcct from a Dockerfile, which is the tool you've used to convert FCCs to Ignition configs. To do this:
    git clone https://github.com/coreos/fcct /tmp/fcct
    cd /tmp/fcct
    podman build -t rootless-test-fcct .
    
  2. Try running the container, e.g. podman run -ti --rm rootless-test-fcct --help.
  3. Now try to build the same container, using privileged podman:
    cd /tmp/fcct
    sudo podman build -t privileged-test-fcct .
    
  4. Try running the container, e.g. sudo podman run -ti --rm privileged-test-fcct --help.
  5. Now, use privileged docker to build the container. Note that this should be performed on a different fresh Fedora CoreOS machine since there are known conflicts between podman and docker:
    git clone https://github.com/coreos/fcct
    cd /tmp/fcct
    sudo docker build -t docker-fcct .
    
  6. Try running the container, e.g. sudo docker run -ti --rm docker-fcct --help.

Expected Results

  1. You can build a container using podman in rootless mode.
  2. You can run a built container using podman in rootless mode.
  3. You can build a container using podman in privileged mode.
  4. You can run a built container using podman in privileged mode.
  5. You can build a container using docker in privileged mode.
  6. You can run a built container using docker in privileged mode.

Optional

  1. If you're familiar with other containerized software, try building and running them too.