@bender@twtxt.net Dud! you should see the updated version! 😂 I have just discovered the scratch #container image and decided I wanted to play with it… I’m probably going to end up rebuilding a LOT of images.

~/htwtxt » podman image list htwtxt
REPOSITORY                TAG            IMAGE ID      CREATED             SIZE
localhost/htwtxt          1.0.7-scratch  2d5c6fb7862f  About a minute ago  12 MB
localhost/htwtxt          1.0.5-alpine   13610a37e347  4 weeks ago         20.1 MB
localhost/htwtxt          1.0.7-alpine   2a5c560ee6b7  4 weeks ago         20.1 MB
docker.io/buckket/htwtxt  latest         c0e33b2913c6  8 years ago         778 MB

@discoverbsdthebsdcommunitylinklog@feeds.twtxt.net This is interesting. Not giving up on #FreeBSD #jails yet but definitely have to give this a try; and if my #podman workflow goes as smooth as it does on #Linux I might just end up installing FreeBSD on the #RaspberryPi too! 🥳

P.S:

~/remote/htwtxt » podman image list htwtxt                                                                                the@wks
REPOSITORY                TAG           IMAGE ID      CREATED      SIZE
localhost/htwtxt          1.0.5-alpine  13610a37e347  3 hours ago  20.1 MB
localhost/htwtxt          1.0.7-alpine  2a5c560ee6b7  3 hours ago  20.1 MB
docker.io/buckket/htwtxt  latest        c0e33b2913c6  8 years ago  778 MB

@prx@si3t.ch If you were to read this, I would’ve suggested that you gave Podman a try… alas, you won’t.

QOTD: What do you host on your home server? How do you host it? Are you using containers? VMs? Did you install any management interface or do you just SSH in? What OS does it run?

Mine runs Arch (btw) and hosts a handful of things using Docker. Adguard Home, http://mckinley2nxomherwpsff5w37zrl6fqetvlfayk2qjnenifxmw5i4wyd.onion/, and some other things. NFS, Flexo, and Wireguard (peer and bounce server in my personal network) are outside Docker. I have a hotkey in my window manager that spawns a terminal on my server using SSH. It makes things very easy and I highly recommend it.

I am thinking about replacing Docker with Podman because the Common Wisdom seems to say it’s better. I don’t really know if it is or isn’t.

Also, how much of your personal infrastructure is on IPv6? I think all the software I use supports both, but I’ve mostly been using IPv4 because it’s easier to remember the addresses. I’ve been working for the last couple days on making it IPv6-only.

@prologic@twtxt.net hmm, bummer. I was hoping that translating the docker commands to podman syntax would work but it looks like it’s more subtle than that. Thanks for trying!

The weird thing was I wasn’t getting errors like that on my end when I tried it. podman thought the connection was created, and it set it as the default. But I don’t think it was sending anything over the wire. When I have more time to tinker with it maybe I’ll play around and see if I can figure out what’s up.

@prologic@twtxt.net Change your script to this:

#!/bin/sh

set -e

alias docker=podman

if [ ! command -v docker > /dev/null 2>&1 ]; then
  echo "docker not found"
  exit 1
fi

mkdir -p $HOME/.docker/certs.d/cas

## key stuff omitted

# DO NOT DO THIS docker context create cas --docker "host=tcp://cas.run:2376,ca=$HOME/.docker/certs.d/cas/ca.pem,key=$HOME/.docker/certs.d/cas/key.pem,cert=$HOME/.docker/certs.d/cas/cert.pem"
# DO THIS:
podman system connection add "host=tcp://cas.run:2376,ca=$HOME/.docker/certs.d/cas/ca.pem,key=$HOME/.docker/certs.d/cas/key.pem,cert=$HOME/.docker/certs.d/cas/cert.pem"
# DO NOT DO THIS docker context use cas
# DO THIS: 
podman system connection default cas

@prologic@twtxt.net

$ podman --docker                                                                                                                                                        
Error: unknown flag: --docker

Why are you using a flag that podman doesn’t have?

@prologic@twtxt.net podman supports TLS.

@prologic@twtxt.net what do you mean when you say “Docker API”? There are multiple possible meanings for that. podman conforms to some of Docker’s APIs and it’s unclear to me which one you say it’s not conforming to.

You just have to Google “podman Docker API” and you find stuff like this: https://www.redhat.com/sysadmin/podman-rest-api

Podman’s REST API consists of two components:

• A Docker-compatible portion called Compat API
  
• A native portion called Libpod API that provides access to additional features not available in Docker, including pods
  

Or this: https://docs.podman.io/en/latest/markdown/podman-system-service.1.html

The REST API provided by podman system service is split into two parts: a compatibility layer offering support for the Docker v1.40 API, and a Podman-native Libpod layer.

@prologic@twtxt.net I don’t understand what you’re saying. podman works with TLS. It does not have the “–docker” siwtch so you have to remove that and use the exact replacement commands that were in that github comment.

@prologic@twtxt.net My understanding is that podman can talk to the Docker Engine API. It’s just that the commands sometimes have different names in the podmanverse. I think–never used those features.

@prologic@twtxt.net I don’t get your objection. dockerd is 96M and has to run all the time. You can’t use docker without it running, so you have to count both. docker + dockerd is 131M, which is over 3x the size of podman. Plus you have this daemon running all the time, which eats system resources podman doesn’t use, and docker fucks with your network configuration right on install, which podman doesn’t do unless you tell it to.

That’s way fat as far as I’m concerned.

As far as corporate goes, podman is free and open source software, the end. docker is a company with a pricing model. It was founded as a startup, which suggests to me that, like almost all startups, they are seeking an exit and if they ever face troubles in generating that exit they’ll throw out all niceties and abuse their users (see Reddit, the drama with spyware in Audacity, 10,000 other examples). Sure you can use it free for many purposes, and the container bits are open source, but that doesn’t change that it’s always been a corporate entity, that they can change their policies at any time, that they can spy on you if they want, etc etc etc.

That’s way too corporate as far as I’m concerned.

I mean, all of this might not matter to you, and that’s fine! Nothing wrong with that. But you can’t have an alternate reality–these things I said are just facts. You can find them on Wikipedia or docker.com for that matter.

@prologic@twtxt.net I had a feeling my container was not running remotely. It was too crisp.

podman is definitely capable of it. I’ve never used those features though so I’d have to play around with it awhile to understand how it works and then maybe I’d have a better idea of whether it’s possible to get it to work with cas.run.

There’s a podman-specific way of allowing remote container execution that wouldn’t be too hard to support alongside docker if you wanted to go that route. Personally I don’t use docker–too fat, too corporate. podman is lightweight and does virtually everything I’d want to use docker to do.

@prologic@twtxt.net @jmjl@tilde.green
It looks like there’s a podman issue for adding the context subcommand that docker has. Currently podman does not have this subcommand, although this comment has a translation to podman commands that are similar-ish.

It looks like that’s all you need to do to support podman right now! Though I’m not 100% sure the containers I tried really are running remotely. Details below.

I manually edited the shell script that cas.run add returns, changing all the docker commands to podman commands. Specifically, I put alias docker=podman at the top so the check for docker would pass, and then I replaced the last two lines of the script with these:

podman system connection add cas  "host=tcp://cas.run..."
podman system connection default cas

(that … after cas.run is a bunch of connection-specific stuff)

I ran the script and it exited with no output. It did create a connection named “cas”, and made that the default. I’m not super steeped in how podman works but I believe that’s what you need to do to get podman to run containers remotely.

I ran some containers using podman and I think they are running remotely but I don’t know the right juju to verify. It looks right though!

This means you could probably make minor modifications to the generated shell script to support podman. Maybe when the check for docker fails, check for podman, and then later in the script use the podman equivalents to the docker context commands.