$ podman ps
Cannot connect to Podman. Please verify your connection to the Linux system using `podman system connection list`, or try `podman machine init` and `podman machine start` to manage a new Linux VM
Error: unable to connect to Podman socket: failed to connect: ssh: handshake failed: knownhosts: /Users/prologic/.ssh/known_hosts:43: address [host=tcp:]: missing port in address
$ podman ps
Cannot connect to Podman. Please verify your connection to the Linux system using `podman system connection list`, or try `podman machine init` and `podman machine start` to manage a new Linux VM
Error: unable to connect to Podman socket: failed to connect: ssh: handshake failed: knownhosts: /Users/prologic/.ssh/known_hosts:43: address [host=tcp:]: missing port in address
$ podman ps
Cannot connect to Podman. Please verify your connection to the Linux system using `podman system connection list`, or try `podman machine init` and `podman machine start` to manage a new Linux VM
Error: unable to connect to Podman socket: failed to connect: ssh: handshake failed: knownhosts: /Users/prologic/.ssh/known_hosts:43: address [host=tcp:]: missing port in address
$ podman system connection add "host=tcp://localhost:2376,ca=$HOME/.docker/certs.d/localhost/ca.pem,key=$HOME/.docker/certs.d/localhost/key.pem,cert=$HOME/.docker/certs.d/localhost/cert.pem"
Error: accepts 2 arg(s), received 1
I think this should be:
$ podman system connection add localhost "host=tcp://localhost:2376,ca=$HOME/.docker/certs.d/localhost/ca.pem,key=$HOME/.docker/certs.d/localhost/key.pem,cert=$HOME/.docker/certs.d/localhost/cert.pem"
But now:
$ podman system connection list
Name URI Identity Default
localhost ssh://@[host=tcp:]:22 true
And this doesn't work 😢
$ podman system connection add "host=tcp://localhost:2376,ca=$HOME/.docker/certs.d/localhost/ca.pem,key=$HOME/.docker/certs.d/localhost/key.pem,cert=$HOME/.docker/certs.d/localhost/cert.pem"
Error: accepts 2 arg(s), received 1
I think this should be:
$ podman system connection add localhost "host=tcp://localhost:2376,ca=$HOME/.docker/certs.d/localhost/ca.pem,key=$HOME/.docker/certs.d/localhost/key.pem,cert=$HOME/.docker/certs.d/localhost/cert.pem"
But now:
$ podman system connection list
Name URI Identity Default
localhost ssh://@[host=tcp:]:22 true
And this doesn't work 😢
$ podman system connection add "host=tcp://localhost:2376,ca=$HOME/.docker/certs.d/localhost/ca.pem,key=$HOME/.docker/certs.d/localhost/key.pem,cert=$HOME/.docker/certs.d/localhost/cert.pem"
Error: accepts 2 arg(s), received 1
I think this should be:
$ podman system connection add localhost "host=tcp://localhost:2376,ca=$HOME/.docker/certs.d/localhost/ca.pem,key=$HOME/.docker/certs.d/localhost/key.pem,cert=$HOME/.docker/certs.d/localhost/cert.pem"
But now:
$ podman system connection list
Name URI Identity Default
localhost ssh://@[host=tcp:]:22 true
And this doesn't work 😢
#!/bin/sh
set -e
alias docker=podman
if [ ! command -v docker > /dev/null 2>&1 ]; then
echo "docker not found"
exit 1
fi
mkdir -p $HOME/.docker/certs.d/cas
## key stuff omitted
# DO NOT DO THIS docker context create cas --docker "host=tcp://cas.run:2376,ca=$HOME/.docker/certs.d/cas/ca.pem,key=$HOME/.docker/certs.d/cas/key.pem,cert=$HOME/.docker/certs.d/cas/cert.pem"
# DO THIS:
podman system connection add "host=tcp://cas.run:2376,ca=$HOME/.docker/certs.d/cas/ca.pem,key=$HOME/.docker/certs.d/cas/key.pem,cert=$HOME/.docker/certs.d/cas/cert.pem"
# DO NOT DO THIS docker context use cas
# DO THIS:
podman system connection default cas
docker context create does.
docker context create does.
docker context create does.
$ podman context create --help
Record destination for the Podman service
Description:
Add destination to podman configuration.
"destination" is one of the form:
[user@]hostname (will default to ssh)
ssh://[user@]hostname[:port][/path] (will obtain socket path from service, if not given.)
tcp://hostname:port (not secured)
unix://path (absolute path required)
Usage:
podman context create [options] NAME DESTINATION
Options:
--default-stack-orchestrator string Ignored. Just for script compatibility
--description string Ignored. Just for script compatibility
--docker string Description of the context
--from string Ignored. Just for script compatibility
--kubernetes string Ignored. Just for script compatibility
$ podman context create --help
Record destination for the Podman service
Description:
Add destination to podman configuration.
"destination" is one of the form:
[user@]hostname (will default to ssh)
ssh://[user@]hostname[:port][/path] (will obtain socket path from service, if not given.)
tcp://hostname:port (not secured)
unix://path (absolute path required)
Usage:
podman context create [options] NAME DESTINATION
Options:
--default-stack-orchestrator string Ignored. Just for script compatibility
--description string Ignored. Just for script compatibility
--docker string Description of the context
--from string Ignored. Just for script compatibility
--kubernetes string Ignored. Just for script compatibility
$ podman context create --help
Record destination for the Podman service
Description:
Add destination to podman configuration.
"destination" is one of the form:
[user@]hostname (will default to ssh)
ssh://[user@]hostname[:port][/path] (will obtain socket path from service, if not given.)
tcp://hostname:port (not secured)
unix://path (absolute path required)
Usage:
podman context create [options] NAME DESTINATION
Options:
--default-stack-orchestrator string Ignored. Just for script compatibility
--description string Ignored. Just for script compatibility
--docker string Description of the context
--from string Ignored. Just for script compatibility
--kubernetes string Ignored. Just for script compatibility
$ podman --docker
Error: unknown flag: --docker
Why are you using a flag that
podman doesn't have?
[22:51:47] <prologic> bkhl you misunderstand what I'm asking :( I'm asking whether we can add TLS support to Podman the CLI / client? It looks like it doesn't understand how to connect to a typical Docker TCP service over TLS
[22:52:52] <prologic> e.g: Error: --docker additional options "ca=/Users/prologic/.docker/certs.d/localhost/ca.pem,key=/Users/prologic/.docker/certs.d/localhost/key.pem,cert=/Users/prologic/.docker/certs.d/localhost/cert.pem" not supported
[22:53:03] <prologic> When running: podman context create localhost --docker "host=tcp://localhost:2376,ca=$HOME/.docker/certs.d/localhost/ca.pem,key=$HOME/.docker/certs.d/localhost/key.pem,cert=$HOME/.docker/certs.d/localhost/cert.pem"
[22:51:47] <prologic> bkhl you misunderstand what I'm asking :( I'm asking whether we can add TLS support to Podman the CLI / client? It looks like it doesn't understand how to connect to a typical Docker TCP service over TLS
[22:52:52] <prologic> e.g: Error: --docker additional options "ca=/Users/prologic/.docker/certs.d/localhost/ca.pem,key=/Users/prologic/.docker/certs.d/localhost/key.pem,cert=/Users/prologic/.docker/certs.d/localhost/cert.pem" not supported
[22:53:03] <prologic> When running: podman context create localhost --docker "host=tcp://localhost:2376,ca=$HOME/.docker/certs.d/localhost/ca.pem,key=$HOME/.docker/certs.d/localhost/key.pem,cert=$HOME/.docker/certs.d/localhost/cert.pem"
[22:51:47] <prologic> bkhl you misunderstand what I'm asking :( I'm asking whether we can add TLS support to Podman the CLI / client? It looks like it doesn't understand how to connect to a typical Docker TCP service over TLS
[22:52:52] <prologic> e.g: Error: --docker additional options "ca=/Users/prologic/.docker/certs.d/localhost/ca.pem,key=/Users/prologic/.docker/certs.d/localhost/key.pem,cert=/Users/prologic/.docker/certs.d/localhost/cert.pem" not supported
[22:53:03] <prologic> When running: podman context create localhost --docker "host=tcp://localhost:2376,ca=$HOME/.docker/certs.d/localhost/ca.pem,key=$HOME/.docker/certs.d/localhost/key.pem,cert=$HOME/.docker/certs.d/localhost/cert.pem"
podman conforms to *some* of Docker's APIs and it's unclear to me which one you say it's *not* conforming to.You just have to Google "podman Docker API" and you find stuff like this: https://www.redhat.com/sysadmin/podman-rest-api
## What is Podman's REST API?
Podman's REST API consists of two components:
- A Docker-compatible portion called Compat API
- A native portion called Libpod API that provides access to additional features not available in Docker, including pods
Or this: https://docs.podman.io/en/latest/markdown/podman-system-service.1.html
> The REST API provided by podman system service is split into two parts: a compatibility layer offering support for the Docker v1.40 API, and a Podman-native Libpod layer.
#cycling
#cycling
#cycling
#cycling
$ dke -t 6cf690c08e6b /bin/sh
unable to upgrade to tcp, received 500
I'll try to fix this today 👌
$ dke -t 6cf690c08e6b /bin/sh
unable to upgrade to tcp, received 500
I'll try to fix this today 👌
$ dke -t 6cf690c08e6b /bin/sh
unable to upgrade to tcp, received 500
I'll try to fix this today 👌
docker exec ... right into an existing container? 🤔
docker exec ... right into an existing container? 🤔
docker exec ... right into an existing container? 🤔
http://jmlj.cas.run pinting at this service.
http://jmlj.cas.run pinting at this service.
http://jmlj.cas.run pinting at this service.
docker stack deploy -c jmlj.yml jlmjWhere
jmlj.yml is:l
---
version: "3.8"
services:
prologic:
image: r.mills.io/prologic/zs
networks:
- traefik
deploy:
mode: replicated
replicas: 1
labels:
- "traefik.enable=true"
- "traefik.http.services.prologic.loadbalancer.server.port=8000"
resources:
reservations:
memory: 16M
limits:
memory: 32M
restart_policy:
condition: any
networks:
traefik:
external: true
docker stack deploy -c jmlj.yml jlmjWhere
jmlj.yml is:l
---
version: "3.8"
services:
prologic:
image: r.mills.io/prologic/zs
networks:
- traefik
deploy:
mode: replicated
replicas: 1
labels:
- "traefik.enable=true"
- "traefik.http.services.prologic.loadbalancer.server.port=8000"
resources:
reservations:
memory: 16M
limits:
memory: 32M
restart_policy:
condition: any
networks:
traefik:
external: true
docker stack deploy -c jmlj.yml jlmjWhere
jmlj.yml is:l
---
version: "3.8"
services:
prologic:
image: r.mills.io/prologic/zs
networks:
- traefik
deploy:
mode: replicated
replicas: 1
labels:
- "traefik.enable=true"
- "traefik.http.services.prologic.loadbalancer.server.port=8000"
resources:
reservations:
memory: 16M
limits:
memory: 32M
restart_policy:
condition: any
networks:
traefik:
external: true
#pormdn on IRC and this is what they said:
[01:47:58] <Remco> prologic: The podman executable doesn't understand anything docker, but podman does offer a compatibility api for the docker executable. So it would be the second in your or statement
I don't think Podman is compatible with the Docker API, onl the Docker CLI.
#pormdn on IRC and this is what they said:
[01:47:58] <Remco> prologic: The podman executable doesn't understand anything docker, but podman does offer a compatibility api for the docker executable. So it would be the second in your or statement
I don't think Podman is compatible with the Docker API, onl the Docker CLI.
#pormdn on IRC and this is what they said:
[01:47:58] <Remco> prologic: The podman executable doesn't understand anything docker, but podman does offer a compatibility api for the docker executable. So it would be the second in your or statement
I don't think Podman is compatible with the Docker API, onl the Docker CLI.
podman works with TLS. It does not have the "--docker" siwtch so you have to remove that and use the exact replacement commands that were in that github comment.
prologic@JamessMacStudio
Tue Aug 08 01:20:43
~/Projects/docker-proxy
(main) 0 0
$ podman context list
Name URI Identity Default
localhost tcp://localhost:2376 true
prologic@JamessMacStudio
Tue Aug 08 01:20:57
~/Projects/docker-proxy
(main) 0
$ podman --help | grep id
--identity string path to SSH identity file, (CONTAINER_SSHKEY)
I was never able to get the SSH version of the intercepting proxy working. I spent a couple of years on/off trying to get it to work, but there are limitations with the standard library and/or the ssh library or something that prevented the SSH Proxy from fully working See Issue #2 which I've now closed as "won't fix".
I guess Podman needs to learn how to do TLS?
prologic@JamessMacStudio
Tue Aug 08 01:20:43
~/Projects/docker-proxy
(main) 0 0
$ podman context list
Name URI Identity Default
localhost tcp://localhost:2376 true
prologic@JamessMacStudio
Tue Aug 08 01:20:57
~/Projects/docker-proxy
(main) 0
$ podman --help | grep id
--identity string path to SSH identity file, (CONTAINER_SSHKEY)
I was never able to get the SSH version of the intercepting proxy working. I spent a couple of years on/off trying to get it to work, but there are limitations with the standard library and/or the ssh library or something that prevented the SSH Proxy from fully working See Issue #2 which I've now closed as "won't fix".
I guess Podman needs to learn how to do TLS?
prologic@JamessMacStudio
Tue Aug 08 01:20:43
~/Projects/docker-proxy
(main) 0 0
$ podman context list
Name URI Identity Default
localhost tcp://localhost:2376 true
prologic@JamessMacStudio
Tue Aug 08 01:20:57
~/Projects/docker-proxy
(main) 0
$ podman --help | grep id
--identity string path to SSH identity file, (CONTAINER_SSHKEY)
I was never able to get the SSH version of the intercepting proxy working. I spent a couple of years on/off trying to get it to work, but there are limitations with the standard library and/or the ssh library or something that prevented the SSH Proxy from fully working See Issue #2 which I've now closed as "won't fix".
I guess Podman needs to learn how to do TLS?
$ sh setup.sh
Error: --docker additional options "ca=/Users/prologic/.docker/certs.d/localhost/ca.pem,key=/Users/prologic/.docker/certs.d/localhost/key.pem,cert=/Users/prologic/.docker/certs.d/localhost/cert.pem" not supported
Not support for TLS?
$ sh setup.sh
Error: --docker additional options "ca=/Users/prologic/.docker/certs.d/localhost/ca.pem,key=/Users/prologic/.docker/certs.d/localhost/key.pem,cert=/Users/prologic/.docker/certs.d/localhost/cert.pem" not supported
Not support for TLS?
$ sh setup.sh
Error: --docker additional options "ca=/Users/prologic/.docker/certs.d/localhost/ca.pem,key=/Users/prologic/.docker/certs.d/localhost/key.pem,cert=/Users/prologic/.docker/certs.d/localhost/cert.pem" not supported
Not support for TLS?
podman can talk to the Docker Engine API. It's just that the commands sometimes have different names in the podmanverse. I think--never used those features.
dockerd is 96M and has to run all the time. You can't use docker without it running, so you have to count both. docker + dockerd is 131M, which is over 3x the size of podman. Plus you have this daemon running all the time, which eats system resources podman doesn't use, *and* docker fucks with your network configuration right on install, which podman doesn't do unless you tell it to.That's way fat as far as I'm concerned.
As far as corporate goes,
podman is free and open source software, the end. docker is a company with a pricing model. It was founded as a startup, which suggests to me that, like almost all startups, they are seeking an exit and if they ever face troubles in generating that exit they'll throw out all niceties and abuse their users (see Reddit, the drama with spyware in Audacity, 10,000 other examples). Sure you can use it free for many purposes, and the container bits are open source, but that doesn't change that it's always been a corporate entity, that they can change their policies at any time, that they can spy on you if they want, etc etc etc.That's way too corporate as far as I'm concerned.
I mean, all of this might not matter to you, and that's fine! Nothing wrong with that. But you can't have an alternate reality--these things I said are just facts. You can find them on Wikipedia or docker.com for that matter.
root@proxy:~# ls -lah /usr/bin/docker /usr/bin/dockerd
-rwxr-xr-x 1 root root 35M Jul 21 20:35 /usr/bin/docker
-rwxr-xr-x 1 root root 96M Jul 21 20:35 /usr/bin/dockerd
root@proxy:~#
Compared with Podman:
$ ls -lah /opt/homebrew/Cellar/podman/4.6.0/bin/podman-remote
-r-xr-xr-x 1 prologic admin 39M Jul 21 06:13 /opt/homebrew/Cellar/podman/4.6.0/bin/podman-remote
As you can see the Docker
docker client (CLI) and the Podman tool is roughly the same "weight".The difference is that Docker is a Server<->Client with a daemon architecture, whereas Podman runs containers directly, which is why only Linux is supported. Podman is a bit like my box project.~
root@proxy:~# ls -lah /usr/bin/docker /usr/bin/dockerd
-rwxr-xr-x 1 root root 35M Jul 21 20:35 /usr/bin/docker
-rwxr-xr-x 1 root root 96M Jul 21 20:35 /usr/bin/dockerd
root@proxy:~#
Compared with Podman:
$ ls -lah /opt/homebrew/Cellar/podman/4.6.0/bin/podman-remote
-r-xr-xr-x 1 prologic admin 39M Jul 21 06:13 /opt/homebrew/Cellar/podman/4.6.0/bin/podman-remote
As you can see the Docker
docker client (CLI) and the Podman tool is roughly the same "weight".The difference is that Docker is a Server<->Client with a daemon architecture, whereas Podman runs containers directly, which is why only Linux is supported. Podman is a bit like my box project.~
root@proxy:~# ls -lah /usr/bin/docker /usr/bin/dockerd
-rwxr-xr-x 1 root root 35M Jul 21 20:35 /usr/bin/docker
-rwxr-xr-x 1 root root 96M Jul 21 20:35 /usr/bin/dockerd
root@proxy:~#
Compared with Podman:
$ ls -lah /opt/homebrew/Cellar/podman/4.6.0/bin/podman-remote
-r-xr-xr-x 1 prologic admin 39M Jul 21 06:13 /opt/homebrew/Cellar/podman/4.6.0/bin/podman-remote
As you can see the Docker
docker client (CLI) and the Podman tool is roughly the same "weight".The difference is that Docker is a Server<->Client with a daemon architecture, whereas Podman runs containers directly, which is why only Linux is supported. Podman is a bit like my box project.~