Docker compose -> oci container - how to migrate docker-compose sections

JonBoyleCoding · March 2, 2024, 7:41pm

I have some docker containers that are managed by docker-compose that I would like to (if possible) move to using virtualization.oci-containers. I’m still learning about them so apologies if it’s something obvious.

I have a container setup which is based on a template for the specific container. This has two sections I’m not sure how to migrate across: cap_add and sysctls. This comes from the template.

    cap_add:
      - NET_ADMIN
      - SYS_MODULE #optional
    sysctls:
      - net.ipv4.conf.all.src_valid_mark=1

Any thoughts?

ius · March 4, 2024, 8:26am

Most configuration attrsets that end up being converted to an external configuration have an extra attribute for any configuration parameters not explicitly defined. virtualization.oci-containers is no exception.

I think you should be able to use extraOptions to cover both of those options: virtualization.oci-containers.<name>.extraOptions

As it takes podman run arguments, I guess you’ll need --sysctl and --cap-add.

JonBoyleCoding · March 4, 2024, 11:20pm

Thanks! That works - however it only seems to work when using the docker backend and not the podman one.

The podman backend seems to not get the full permissions through, as I’m getting an error for permission denied. But the docker one works fine for my purposes.