Difference between revisions of "Podman VM"
Jump to navigation
Jump to search
Michael.mast (talk | contribs) (Created page with "==Purpose== I wanted to run my containers in a dedicated VM on my system. This was to reduce complexity on the host. KVM was already configured and the process can be found he...") |
Michael.mast (talk | contribs) |
||
| Line 16: | Line 16: | ||
-p 192.168.11.99:80:80 steamcache/monolithic:latest | -p 192.168.11.99:80:80 steamcache/monolithic:latest | ||
</pre> | </pre> | ||
| + | Further research is needed to get the following working on CentOS8<ref>https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/sect-managing_confined_services-nfs-configuration_examples</ref> | ||
Latest revision as of 10:17, 20 January 2020
Purpose
I wanted to run my containers in a dedicated VM on my system. This was to reduce complexity on the host. KVM was already configured and the process can be found here.
General Process
- Using virtmanager, I created an isolated network to allow for NFS sharing from the host to the container VM. I then removed SSH from firewalld on the libvirt zone, obviously while here I added NFS.
- Created the NFS share on the host
- Mounted NFS share to VM.
Starting the containers was a real pain with SELinux and the NFS mount. I could not get podman to be allowed to relabel the context away from the standard NFS label. So in the end I disabled this feature which is really annoying. I don't like the idea of a compromised container being able to jump around to other directories.
--security-opt label=disable
podman run --security-opt label=disable --name steamcache / --restart=always -d -v /mnt/sitefiles/steamcache:/data/cache / -v /mnt/sitefiles/steamcache/logs:/data/logs / -p 192.168.11.99:80:80 steamcache/monolithic:latest
Further research is needed to get the following working on CentOS8[2]
