Category Archives: podman

How not to waste time developing long-running processes

Posted on by
Reply

Developing long running tasks might be my least favorite coding activity. I love writing and debugging code…I’d be crazy to be in this profession if I did not. But when a task takes long enough, your attention wanders and you get out of the zone.

Building the Linux Kernel takes time. Even checking the Linux Kernel out of git takes a non-trivial amount of time. The Ansible work I did back in the OpenStack days to build and tear down environments took a good bit of time as well. How do I keep from getting out of the zone while coding on these? It is hard, but here are some techniques.

Continue reading

Podman login to a secured registry

Posted on by
1

I took the container registry I ran via podman and put it behind an Apache HTTPD instance secured with mod_ssl. Now when I try to log in to it, I get:

error authenticating creds for “nuzleaf.home.younglogic.net”: error pinging docker registry nuzleaf.home.younglogic.net: invalid status code from registry 403 (Forbidden)

Here’s my debugging notes.

Continue reading

Running a Container Registry Behind Apache HTTPD

Posted on by
2

I had originally run my container registry using a self signed certificate like this:

podman run --name mirror-registry -p 4000:5000     -v /opt/registry/data:/var/lib/registry:z      -v /opt/registry/auth:/auth:z      -e "REGISTRY_AUTH=htpasswd"      -e "REGISTRY_AUTH_HTPASSWD_REALM=Registry Realm"      -e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd      -v /opt/registry/certs:/certs:z      -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt      -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key      -e REGISTRY_COMPATIBILITY_SCHEMA1_ENABLED=true -d docker.io/library/registry:2

But now that I am using FreeIPA for my Bastion host, I want to use the IPA CA cert for signing the HTTPS request. The easiest thing to do is to run the registry in the container still, but then to front it with mod_proxy.

Continue reading

Building (and running) a custom HTTPD container image

Posted on by
Reply

Having used Apache HTTPD for a good portion of my professional career, and being responsible for explaining how OpenShift works, I decided to try and build an Apache HTTPD container from scratch. For follow on work, I want to see the environment, so the container is essentially wrapping a mod_wsgi APP that dumps the environment. I took some trial and error to get it to run. Here is the end result:

Continue reading

Copying files into a container at run time

Posted on by
Reply

There are three distinct things that have to happen between installing the keystone software and running a Keystone instance. The first if management of the configuration files. Second is the database migrations, and third is the keystone bootstrap of the data base values. When coding container images to run a keystone server, not only do you need to be aware of each of these stpes, you need to make sure you are performing them in such a way that you can run scale the the Keystone server horizontally, handle zero downtime upgrades, and handle token-validating key rotations. Federated identity adds an additional twist as you need to handle the addition of httpd config changes for new identity providers.

Let’s walk through this setup in detail.

Continue reading