The redhat article on using docker-compose with podman on fedora is sparse and incomplete. And forces you to run podman with sudo. Moreover it didn't work for me. If you are in the same boat, hopefully this guide helps you.
Original article: https://www.redhat.com/sysadmin/podman-docker-compose
> sudo dnf install podman-docker
This package does two things. Firstly it gives you smart auto-completion if you choose to alias docker="podman"
. But it also places a file podman-docker.conf which creates the docker.sock
that docker-compose will talk to. But with the wrong permissions for our needs.
I found this file on my system and deleted it.
> ls usr/lib/tmpfiles.d/podman-docker.conf
> sudo rm usr/lib/tmpfiles.d/podman-docker.conf
> sudo dnf install docker-compose
First we'll enable the podman service so it starts on startup.
> sudo systemctl enable podman.service
To get docker-compose to work with it I had to change the permissions on the socket and service files and also add the socket to the docker group. If you do this and spin up something with docker-compose you'll end up having to use sudo podman
to see the containers because the containers aren't under your user's namespace. See below:
> podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
> sudo podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
111bcd0d9bd2 docker.io/library/vault:1.2.3 server -dev 43 minutes ago Up 43 minutes ago 0.0.0.0:8200->8200/tcp
Yikes. Don't set it up this way. You may as well just use docker at this point.
Luckily there is a better way which includes the advertised benefits of podman, namely not needing to run anything with root. We're going to start the podman api service in userland instead.
To do this we will need to edit the systemd podman socket and service files to specify our user and personal group.
The file we are looking for is /usr/lib/systemd/system/podman.socket
. We'll also need your username, the result of echo $USER
. Replace <user>
with this below.
podman.socket
[Unit]
Description=Podman API Socket
Documentation=man:podman-system-service(1)
[Socket]
ListenStream=%t/docker.sock
SocketMode=0660
SocketUser=<user>
SocketGroup=<user>
[Install]
WantedBy=sockets.target
Changes we made
After | Explanation |
---|---|
ListenStream=%t/docker.sock |
We deleted the podman-docker.conf file that symlinked podman/podman.sock to docker.sock . So we'll just put the socket there to begin with. |
SocketMode=0660 |
To use the socket, those in the group must be able to read and write to it |
SocketUser=<user> |
The owner of the socket should be you |
SocketGroup=<user> |
The group of the socket should be you |
The file we are looking for is /usr/lib/systemd/system/podman.socket
. We'll also need your username, the result of echo $USER
. Replace <user>
with this below.
podman.service
[Unit]
Description=Podman API Service
Requires=podman.socket
After=podman.socket
Documentation=man:podman-system-service(1)
StartLimitIntervalSec=0
[Service]
Type=exec
KillMode=process
User=<user>
Group=<user>
Environment=LOGGING="--log-level=info"
ExecStart=/usr/bin/podman $LOGGING system service
[Install]
WantedBy=multi-user.target
Changes we made
Change | Explanation |
---|---|
User=<user> |
The owner of the service should be you |
Group=<user> |
The group of the service should be you |
> sudo systemctl daemon-reload
> sudo systemctl restart podman.service
> sudo systemctl restart podman.socket
See the result
> docker-compose up
...
> sudo podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
> podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
0d9bd21bd11c docker.io/library/vault:1.2.3 server -dev 2 minutes ago Up 2 minutes ago 0.0.0.0:8200->8200/tcp