Episode: 3511
Title: HPR3511: Podman like Vagrant
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr3511/hpr3511.mp3
Transcribed: 2025-10-25 00:45:34

---

This is Haka Public Radio episode 3,511 for Monday the 17th of January 2022.
Today's show is entitled, Potomans-like Vagrant and is part of the series, Virtualization.
It is hosted by Klaatu and is about 19 minutes long and carries a clean flag.
The summary is, this is how I use Potomans on the first top.
Hey everyone, this is Klaatu. Remember back in episode 1522 how I talked about
docker and Linux containers? That was a long time ago and lately I've been using podman,
which is a demonless container engine. A lot like docker in that its command structure is exactly
like docker. It can be a drop-in replacement for docker. So I've been using that quite a lot
and I also quite like the licensing of podman. It's a lot clearer and I feel like it's a lot more
stable like the licensing policy than docker. Docker has always confused me in terms of what's
open source, what's not open source, what's mobi, what's docker, kind of difficult to be sure.
So podman doesn't really have that confusion. Podman is an open source project. That's what it is.
You don't have to navigate any exceptions or swarms or anything that you're not clear about.
So podman has been really nice for me and lately the reason I've been using it a lot is because
Vagrant kind of fell over for me or I shouldn't say that. Vagrant didn't fall over.
The platform upon which I am running Vagrant and Vagrant itself have decided to disagree.
It's something to do with the local SSL library that Vagrant ships with their
distribute with the package that they that they provide which normally I would just ignore
but I want to use typically a libvert plugin with Vagrant and so I have to use the current
hashy core version of Vagrant in order for that plugin to work but there's a conflict with my system
SSL versus Vagrant SSL or Ruby rather that Vagrant uses. So and that's the embedded Ruby in the
Vagrant package rather than the Ruby on my system. So there's a lot of kind of local things that
Vagrant apparently does that if you get it onto the wrong system it just won't work because
they did like this sort of partial almost all there but not quite all their distribution of
the application. So I guess it is Vagrant's fault actually. And I had been using Vagrant to
fire up quick virtual machines to just run a test you know like if I don't know how something
works on say Debian but I want to see you know I don't want to compare how it works on
my Fedora machine then then I would just use Vagrant to grab a Debian image a Debian box I guess
in Vagrant terms and then and then drop into a Debian terminal it's pretty quick because it's
very minimal it was one of the nice features about Vagrant and that just hasn't been working lately.
So I spent a day trying to fix the the Vagrant issue but I I finally decided after
wasting a day on it that it was not worth it and that what this really was was a note for me to
start using containers for stuff other than Kubernetes like actually just start using desktop
containers which I kind of started doing anyway with Fedora Silver Blue in a way so I felt like
containers were probably the right and the easy answer so here's what I do here's the workflow
with podman I mean it's really just a question of workflow podman more or less and Linux containers
I mean if you're used to them then they probably are already working for you if you're not though
podman actually is a really easy entry point into actually useful containers because it is an
interesting quirk of containers that if you're not running a server with a bunch of what would
have been normally virtual machines running on that server then you probably haven't replaced
those virtual machines with or you probably have replaced those virtual machines or you may have
replaced them with with containers but if you're not doing that if you're not running a server
then containers you know for a desktop user they're quite possibly just not useful so I mean certainly
for me as a desktop user like the the thing I would use virtual machines for was when some new
distribution came out and I just couldn't couldn't stand to not see what its desktop library desktop
wallpaper was so I would fire up a virtual machine install the the distro go through the install
steps just to kind of get a feel for what they're doing for their install and look at the wallpaper
and then close the the virtual machine and never reopen it again containers doesn't it doesn't
generally unless you go to a lot of trouble they don't give you that sort of satisfaction so you're
you're probably just running a minimal environment in a container and why do you do that as a desktop
user I mean you've got a you've got an environment it's your terminal you don't need a container
for this so containers kind of I think are a little bit that they kind of languish on on on a lot
of desktop users desktops because you just don't use them but podman and a minimal container
it can actually be apparently really useful for like I say if you if you just want to compare hey
does this does this thing work also on this other distro that I'm not running well a container can
tell you that or if you want to try something that could potentially be rather destructive to your
actual system then you could fire up a container and do your crazy experiment in that container
maybe mess it up who cares doesn't matter when you close it it's going to be gone anyway or maybe
it'll work and now you've confirmed that the crazy experiment that you want to try indeed does
does function so couple of different steps one is to install podman gotta do that first second one
is to configure podman and then the third step is of course to to run a container and and do
something in it to actually put it to use so the first first step installing podman that's easy
if you're on fedora or sentos or rel or whatever podman's probably already there to be honest
other distributions magia something like that you might have to do like a pseudo DNF install podman
on debian or Ubuntu apt to get no not apt to get apt pseudo apt install neither there's a cadence
there just forgot to start with pseudo pseudo apt install podman I don't know if you have to add a
repository for that these days or not but it's it's a pretty quick install like I say podman is
open source so there's no weird then people don't have to hide it away in some offshore
repository it's just it's just a container engine that's open source so grab that from your
repository and now you need to configure it you can try to see if it gets auto configured
correctly by just running podman space run space dash it space busy box that is the podman well
the podman runs dash it is the podman and docker command to run a container and to open a
an interactive terminal or an interactive prompt into that container if you if you don't have the
dash it then you'll run a container the container detects that it has nothing to do and it closes
immediately so that's not very useful so podman space run space dash it is kind of the incantation
you'll want to remember the the busy box there at the end just says for tells podman to reference
its little list of short names and to resolve busy box busy box is a common enough container
that it lives on several different container registries online and podman is it is able to
reference that short name discover valid busy box image out there on the internet and it'll pull
it down very quickly it's a very small container and and it'll run it for you so you'll be dropped
into a little root prompt in a busy box container you type in exit to leave that container but you
now know that podman does indeed work if that does not work and I'd say there's a good 50 to 70%
chance that that doesn't work then you need to add some additional UIDs and GIDs group IDs to your
user so naturally generally the way users are created on on Linux you get one UID and and that is
the one that you've been assigned usually by default when creating your account so usually it's
like a thousand but I mean maybe you maybe you put in your own UID whatever it is it's an UID it's
one UID so you need more for podman because podman is going to want to run a bunch of things that
as a user you normally don't launch yourself so to do that you can do pseudo space user mod space
dash dash add dash sub UIDs and I usually start at 200,000 so 200,000-265536 there's some reason
that's 65,536 is sort of a not a magical number but it's a magical number it's it's there's some
significance to that number I forget what it is and it hasn't really annoyed me enough to actually
look it up but it's some upper limit of some attribute probably a syscuddle thing anyway space
dash dash add dash sub GIDs 200,000-265-536 space your user ID so or your your user name sorry
clatu or whatever your user name is so that pseudo user mod dash dash add sub UIDs 200,000-265-536 space
dash dash add sub GIDs 200,000-265-536 space clatu you do that and what that actually does is add
and it adds an entry to slash Etsy slash sub UID and slash Etsy slash sub GID with essentially the
starting number 200,000 and then the upper limit which is 65,536 so yeah you can actually just
if you wanted to you could just edit that file cat Etsy sub UID yeah so clatu colon 200,000,
colon 65,536 just colon separated values with user name starting point upper limit and do that
slash Etsy sub UID and slash Etsy sub GID either way once those once that has been established
then you can either reboot or log out and log back in whatever gives you confidence that the
the modifications to your user have been have been integrated and then you can finally use
really use pod man and again the quickest easiest test for that is just pod man space run
space dash IT space busy box if you get a prompt a little root prompt in a busy box environment
and then you know that you're you're you're good you're gold so you again type exit if you got
yourself there so that you're back out into your normal environment and we've now done two of
the three steps so one was get pod man two was configure pod man three is run it run run pod man
and i mean technically you've already done that but i'm going to talk about how i do it because it
is a little bit not different but i mean it's specific it is specific to to the sort of the use case
that i'm describing here so what i do is i do pod man pod man space run space dash IT no actually
you know what first i'm going to do this pod man search devian and that looks all over the internet
so a couple of different known container registries like docker and key.io and fedora project. something
or another couple of them out there that searches all those for an image called devian and the top
hit here which i'll just accept is docker.io slash library slash a slash devian and i don't know
version of devian it doesn't really say but it doesn't matter for this for this example so what
i'm going to do here is i'm going to make a directory in my current i'm i'm in a minifolder
that i call pod scratch p-o-d-s-c-r-a-t-c-h because it's just kind of a scratch area for my pod man
activities and i'm going to make a directory here called data d-a-t-a it's an empty directory and
you'll see why in a moment and then i'm going to do pod man space run space slash it space space
volume dot slash data colon slash storage colon capital Z or Z space and then what was it docker.io
slash library slash devian so i'm running that command and what that is is doing while i'll talk
while it's pulling down the devian image what that does is it the dash dash volume at your
option looks it finds my local data directory which i just because i told it to dot slash data
that's that's that directory and then colon slash storage so what that does is tell it tells pod man
to create a slash storage directory in the container that i'm running and to mirror that directory
locally in the data directory so i just made that data directory so i know that it's empty devian
has now been pulled down so i'm i'm i'm now sitting at a root prompt in a container with a
randomized or a pseudo randomized name and i could do an ls i could do an ls no i don't
enough to do that yep just ls and there i see there is a storage directory here at the root
of my container environment so i'm going to do a touch hello no not touch hello i'm going to
do a touch storage hello and then i'm going to i guess exit because that mean that was it that was
running pod man um but now if i if i look in my data directory which previously was empty so this
is my local environment i have a data directory that i just made before running pod man there's a
hello file in that data directory now and and that's only there because i associated my local data
directory with the storage container in my with the storage directory in my container the colon
z at the end the capital z that is for se linux it makes it ensures that the file contexts are
adjusted to allow the container to put data into a local directory outside of its own namespace
normally this should never happen but the colon capital z ensures that all the permissions are
adjusted automatically for me so that's how i run my my my containers as if though they were
virtual machines and because of that little portal that volume portal i can i can put in i can put
files in in data and then grab them from my container so for instance i'll touch
fubar in the data directory so touch data fubar and then i'm going to just i'm going to run the same
command again pod man run it dash it dash dash volume dot slash data colon slash storage
colon or i could even call it um set a storage i'll call it penguin colon capital z docker.io
library devian okay instantly i get my root prompt at some random looking host name i do an
ls and this time instead of a storage directory there's a penguin directory let's look in the penguin
directory this time instead of just hold well previously there was nothing now there's a fubar
file and a hello file confirming once again that that that data location is completely shared
between the container and the local host so i'm going to type exit again the container is destroyed
if i generated any data outside of the storage directory in that container it would be it's gone
now i guess i can demonstrate that really quick so if i do a pod man run it volume data blah then
here i am in in a new container i'll touch a file called hacker public radio so now i've got a
big empty file in the root of my container called hacker public radio i'll do an exit looking data
just to make sure i didn't accidentally put it there i didn't it's fubar hello is still just
in there run pod man again i get yet a new container new host name i do an ls there's a penguin
directory but there's no hacker public radio directory because of course that was destroyed
along with the container after i typed exit so this is a great way like if you're if if you do
any kind of testing on on more than one distribution pod man is a great way to get admittedly
minimal environment of that of that container of that distribution running unique as a container
you can interact with it in a couple of different ways i say a couple of ways just meaning you
could run it and do some stuff or you could run it with that little data that volume option
and that way you have a sort of a data portal between your local host and the container but i
mean there's also i mean there's lots of languages out there that talk to pod man you know there
are modules for python and others i'm just kind of making stuff up now i mean i'm sure there are
others java i know java python and there's probably a oh ruby there's definitely a ruby
whatever they call it a gem for pod man so yeah there are lots of different ways that you could
interact with this this environment with this container and yeah for my for my money of zero
dollars it's been fantastic i mean it's it has made that sort of like that just that quick impulse
of like does this command work exactly the same way on debian oh yes it does okay cool exit never
think about it again until i have that question again fire up the container and it's just so quick
it's it's actually i would i would have to say it's easier than than my old vagrant workflow so that's
pod man for your desktop maybe if if that's the kind of things that you do on your desktop that is
i would say that has been the first sort of real like desktop-y kind of use case that i've had
for a container so far like that's that's really been aside from just i guess i guess you could argue
making a little virtual network and you know kind of routing things in your virtual network that's
that's a desktop activity as well but this this feels very desktop-y like like it could just be
something as simple as you're writing a shell script and you're just not 100% sure whether this
location that's on your machine it would also exist by default on a debian machine or something
like that then container it's there you can check and then it's gone easy quick convenient light
wait give it a shot i think you might like it thanks for listening i'll talk to you next time
you've been listening to hacker public radio at hackerpublicradio.org today's show was
contributed by an hbr listener like yourself if you ever thought of recording a podcast then click
on our contributing to find out how easy it really is hosting for hbr this kindly provided by
an honesthost.com the internet archive and our sync.net unless otherwise stated today's show
is released under creative comments, attribution, share like 3.0 license