Skip to content

Instantly share code, notes, and snippets.

@usrbinkat

usrbinkat/rootless-pull-ubi.md

Last active July 19, 2021 16:47
Show Gist options
  • Save usrbinkat/26c088a404de9b6fbf59fa4575df497b to your computer and use it in GitHub Desktop.
Save usrbinkat/26c088a404de9b6fbf59fa4575df497b to your computer and use it in GitHub Desktop.
Download ZIP
Rootless Koffer Nested Podman
Raw
rootless-pull-ubi.md

Rootless nested catalog image build objective

Working towards rootless nested podman in support of Koffer operator catalob automation

REF:

BUG:

Image Pull Failure

podman --log-level debug pull registry.access.redhat.com/ubi8/ubi
...
DEBU[0008] Using original blob without modification     
Copying config 063b2549dd done  
Writing manifest to image destination
Storing signatures
DEBU[0008] Applying tar in /var/lib/containers/storage/overlay/cf09fa03a4b3905664ab9bf9833759d3290581695e31f9ed363953e36053eebc/diff 
DEBU[0014] Applying tar in /var/lib/containers/storage/overlay/4fd35816aae38df0bfa381c22e59f0e3234818dae4b5c38f199f9194d973a80c/diff 
DEBU[0014] Error pulling image ref //registry.access.redhat.com/ubi7/ubi:latest: Error committing the finished image: error adding layer with blob "sha256:be73321c79565b4e2fdf9f55ba6333e5d50a1bcf583db3b41be45a9be7d82431": Error processing tar file(exit status 1): open /root/buildinfo/.wh..wh..opq: invalid argument 
  Error processing tar file(exit status 1): open /root/buildinfo/.wh..wh..opq: invalid argument
Error: unable to pull registry.access.redhat.com/ubi7/ubi: Error committing the finished image: error adding layer with blob "sha256:be73321c79565b4e2fdf9f55ba6333e5d50a1bcf583db3b41be45a9be7d82431": Error processing tar file(exit status 1): open /root/buildinfo/.wh..wh..opq: invalid argument

bash-4.4# podman images
REPOSITORY                TAG     IMAGE ID      CREATED      SIZE
docker.io/library/fedora  latest  a78267678b7e  2 days ago   182 MB
docker.io/library/centos  latest  300e315adb2f  7 weeks ago  217 MB

Image Run Failure:

bash-4.4# podman run -it quay.io/cloudctl/ubi:minimal 
ERRO[0000] Error preparing container 4ef0188727757f0f267e739c9c0df3502179165ca246390b6436720962e58c36: error creating network namespace for container 4ef0188727757f0f267e739c9c0df3502179165ca246390b6436720962e58c36: failed to create namespace: open /proc/1136/task/1170/ns/net: permission denied 
Error: failed to mount shm tmpfs "/var/lib/containers/storage/overlay-containers/4ef0188727757f0f267e739c9c0df3502179165ca246390b6436720962e58c36/userdata/shm": permission denied

Broot Force Rootful container:

  • does not work
sudo podman run -it --cap-add=all --pull always --rm --entrypoint bash --device /dev/fuse quay.io/cloudctl/koffer:extra
bash-4.4# podman run -it --rm docker.io/library/busybox
...
ERRO[0000] Error preparing container ba4feee3525af0724764d7df82c6d586a0b837d8baa1c330bed4a95c1afff8f1: error creating network namespace for container ba4feee3525af0724764d7df82c6d586a0b837d8baa1c330bed4a95c1afff8f1: failed to create namespace: open /proc/8/task/48/ns/net: permission denied 
Error: failed to mount shm tmpfs "/var/lib/containers/storage/overlay-containers/ba4feee3525af0724764d7df82c6d586a0b837d8baa1c330bed4a95c1afff8f1/userdata/shm": permission denied
  • does work
sudo podman run -it --privileged --pull always --rm --entrypoint bash --device /dev/fuse quay.io/cloudctl/koffer:extra
bash-4.4# podman run -it --rm docker.io/library/busybox
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment