Static IP For Container in Rootless Pod? And Other n00b Questions
Just hand-built a pod from the docker-compose.yaml for mailu/postfix. But two problems: - Is the correct way to set the CIDR for a pod: --network=slirp4netns:cidr=10.2.21.0/24 ? - One of the containers in the pod is unbound, which provides DNS for the other containers. So it must have a static IP, but in pod run --ip= does not work. "Error: invalid config provided: rootless containers and pods cannot be assigned static IP addresses" What do you do about this? - How does unbound get its queries out of the pod to an authoritatative nameserver? - The pod is not auto-starting on boot. There is no --restart-always when creating a pod, so systemd? -
On 2021/03/07 14:28, colony.three@protonmail.ch wrote:
Just hand-built a pod from the docker-compose.yaml for mailu/postfix. But two problems:
A pod? What is a pod? Only place I've heard that term is meaing 'Plain-Old-Documentation' as used in perl. It seems it is not a bootable or autostart-able image as you talk about it being "rootless" as well as "not auto-starting on boot". Are you talking about some type of VM? Using docker? with some specific SW (mailu/postfix)? Is it designed to be an "App-only" container that isn't runnable on its own (i.e. no root or boot ability)? If that's the case wouldn't it need to be started as part of booting the hosting PC (or server) where you created the VM?
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ On Monday, March 8, 2021 1:39 PM, L A Walsh <suse@tlinx.org> wrote:
A pod? What is a pod? Only place I've heard that term is meaning 'Plain-Old-Documentation' as used in perl.
I run MicroOS, which is a highly secure project of OpenSuse --an immutable OS--, and it is designed to run podman containers. One of the innovations of podman is the ability to create secure 'pods', which are a container-of-containers with its own internal network. I've since discovered that the pod's internal localhost network obviates the need to assign a static IP for my email pod's DNS server container. It simply listens on the pod's localhost.
It seems it is not a bootable or autostart-able image as you talk about it being "rootless" as well as "not auto-starting on boot".
Starting a pod and its containers 'rootless' (as a user) enhances security further. I've since discovered that there's a function in podman which will generate a systemd service specific to a pod or container, which can be en/disabled.
Are you talking about some type of VM? Using docker? with some specific SW (mailu/postfix)?
I'm running MicroOS in a KVM VM, and am translating Docker's advanced mailu/postfix image to run in Podman as a pod with containers in it running the various functions like postfix, dovecot, spamd, clamav, unbound, etc, all interacting within the pod, and with only strictly necessary interaction with the outside. So this VM will be my new email server, IF I can figure out how to make it work. I already have notes of what I believe to be 80% of the procedure. A caution about MicroOS -- almost no one knows the secrets to making it perform work. #suse is clueless as is this listserv, and there is no #microos yet. I hear I should join the Discord discussion, but Discord has always been too finicky to use for me. Literally everything I know I've had to figure out on my own. There is a learning curve to MicroOS. But My God... It's Full Of Stars.
participants (2)
-
colony.three@protonmail.ch -
L A Walsh