Controls/gitea-pages
0
2
Fork 0
Code Pull Requests Actions Activity
Files
40bcbbb1d3de7287cb700a5baf6800d2ece24efd
gitea-pages/admin-guide/container.md
Konrad Bucheli 1effb4b305 allow for uid
2024-09-09 15:06:36 +02:00

58 lines
2.1 KiB
Markdown
Raw Blame History

# Container
```{warning}
Although we enable you to use both container runtimes Podman and Docker it is important to note that only Podman is supported by RedHat. So if you have a critical application and need/want to also rely on Redhat third level support you'd have to use Podman!
Also be aware that _compose_ files and _commands_ can vary between docker-ce and podman!
```
## Docker
Docker-CE will have always the latest features in docker engine and docker compose.
The docker repo is enabled by default and the packages can be installed by using follwing code in hiera.
```
base::pkg_group::extra:
- 'docker-ce'
```
## Podman
Podman engine runs "rootless" without any further configuration and is supported by Redhat Enterprise Support.
The Hiera configuration to install docker-podman with hiera would look like this:
```
base::pkg_group::extra:
- 'docker'
```
This will install podman from the appstream repository.
### Subuids and Subgids
To be able to run rootless containers with podman you need to define a subuid/subgid range for each user which should be able to launch containers with `podman` in `/etc/subuid` and `/etc/subgid`.
To be able to have these ids consistent PSI wide there is a small central database/API to register and lookup such IDs.
The API endpoint is `https://sysdb.psi.ch/subid/v1/config` and allows for one or more `user` parameters. Valid are numeric user ids (uid) or any username listed in our AD. It will then return the line(s) you need to add to `/etc/subuid` and `/etc/subgid`.
Note that the ID is now reserved for 2 years. With every lookup with the API the reservation gets renewed. After it timed out the ID range will be freed and will be used by someone else.
**Examples:**
This will get the ID range (the same for both subuid and subgid) for your user.
```
curl "https://sysdb.psi.ch/subid/v1/config?user=$USER"
```
This will get the ID range (the same for both subuid and subgid) for your user.
And for several users:
```
USER1=...
USER2=...
USER3=...
curl "https://sysdb.psi.ch/subid/v1/config?user=$USER1&user=$USER2&user=$USER3"
```
**Future Work**:
- Puppet integration
- automatic refresh on login
View Git Blame Copy Permalink