Tools to create podman containers

denna · September 19, 2021, 3:33pm

I am wondering if there are tools to create podman containers like dockerTools.

The idea comes from the fact that it would be good for my container to run systemd.

danieldk · September 19, 2021, 5:37pm

Podman supports OCI and Docker images, so you can create an image with dockerTools and import it with podman import.

denna · September 26, 2021, 2:21pm

I tried to build a minimal container that starts systemd.

{ pkgs ? import <nixpkgs> { } }:
pkgs.dockerTools.buildImage {
  name = "hello-podman";
  tag = "lastest";
  config = {
    systemd = {
      enable = true;
    };
    Cmd = [ "${pkgs.systemd}/bin/init" ];
  };
}

than i run the following commands:
nix-build ; podman load < result ; podman run -ti --systemd=always --privileged hello-podman:lastest

and i get this output:

/nix/store/2nhfd8bw32pjsfv94mgvm39fsm55ag22-docker-image-hello-podman.tar.gz
Getting image source signatures
Copying blob 875c67102f59 [--------------------------------------] 0.0b / 0.0b
Copying config 5bcb8aeebf done  
Writing manifest to image destination
Storing signatures
Loaded image(s): localhost/hello-podman:lastest
systemd 247 running in system mode. (+PAM +AUDIT -SELINUX +IMA +APPARMOR +SMACK -SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT -GNUTLS +ACL +XZ +LZ4 -ZSTD +SECCOMP +BLKID -ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=unified)
Detected virtualization podman.
Detected architecture x86-64.
Detected first boot.

Welcome to Linux!

Set hostname to <ab684c5d8b1e>.
Initializing machine ID from random generator.
Populated /etc with preset unit settings.
Unit default.target not found.
Falling back to rescue.target.
Unit rescue.target not found.
[!!!!!!] Failed to load rescue.target.
Exiting PID 1...

It seems I need to take care of some basic configuration but I don’t know where to look for documentation.

colemickens · September 30, 2021, 10:47pm

What did you expect to happen?

denna · October 2, 2021, 6:56am

I was expecting that I can start systemd in such a minimally defined container.
And my question is where do I have to define default or rescue target?
Or more broadly do i need to look at specific concept to make this work.

roberth · October 4, 2021, 6:08pm

You could use arion, which even recommends podman instead of docker for running NixOS containers nowadays.
It uses dockerTools, represents the docker compose file in the module system and it uses NixOS and docker-compose underneath.

If you think arion does too much for you, you could use the arion.eval Nix function to get the images out.

TLATER · October 5, 2021, 2:06am

GitHub - cloudwatt/nix-container-images: Write container images as NixOS machines uses s6 to provide some basic systemd-like support for some services, and manages to get a workable nixos inside docker images that way without ballooning image sizes.