diff --git a/404.html b/404.html index b9c39228b..90b007ba6 100644 --- a/404.html +++ b/404.html @@ -4,13 +4,13 @@ Page Not Found | Podman - +
Skip to main content

Page Not Found

We could not find what you were looking for.

Please contact the owner of the site that linked you to the original URL and let them know their link is broken.

- + \ No newline at end of file diff --git a/assets/js/57b59cd4.31c398d5.js b/assets/js/57b59cd4.48e3774b.js similarity index 98% rename from assets/js/57b59cd4.31c398d5.js rename to assets/js/57b59cd4.48e3774b.js index 72f0313b0..c2ff98ba6 100644 --- a/assets/js/57b59cd4.31c398d5.js +++ b/assets/js/57b59cd4.48e3774b.js @@ -1 +1 @@ -"use strict";(self.webpackChunkpodman=self.webpackChunkpodman||[]).push([[849],{3905:(e,t,n)=>{n.d(t,{Zo:()=>d,kt:()=>p});var a=n(7294);function o(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function s(e){for(var t=1;t=0||(o[n]=e[n]);return o}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(o[n]=e[n])}return o}var l=a.createContext({}),h=function(e){var t=a.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},d=function(e){var t=h(e.components);return a.createElement(l.Provider,{value:t},e.children)},u="mdxType",m={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},c=a.forwardRef((function(e,t){var n=e.components,o=e.mdxType,i=e.originalType,l=e.parentName,d=r(e,["components","mdxType","originalType","parentName"]),u=h(n),c=o,p=u["".concat(l,".").concat(c)]||u[c]||m[c]||i;return n?a.createElement(p,s(s({ref:t},d),{},{components:n})):a.createElement(p,s({ref:t},d))}));function p(e,t){var n=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var i=n.length,s=new Array(i);s[0]=c;var r={};for(var l in t)hasOwnProperty.call(t,l)&&(r[l]=t[l]);r.originalType=e,r[u]="string"==typeof e?e:o,s[1]=r;for(var h=2;h{n.d(t,{Z:()=>s});var a=n(7294),o=n(1954);const i={title:"Basic Resources",buttons:[{text:"Installation Instructions",path:"docs/installation",icon:"fa6-solid:book"},{text:"Documentation",path:"https://docs.podman.io/en/latest/",icon:"fa6-solid:book"},{text:"Podman Troubleshooting Guide",path:"https://github.com/containers/podman/blob/main/troubleshooting.md",icon:"fa6-solid:book"}]},s=()=>a.createElement("div",{className:"mt-4 lg:my-0"},a.createElement("header",{className:"container mb-6 text-center xl:mb-8 xl:text-start"},a.createElement("h3",{className:"font-medium text-blue-700 dark:text-blue-500"},i.title)),a.createElement("div",null,a.createElement("ul",{className:"mb-10 mt-4 flex flex-col gap-6 lg:mb-16 lg:mt-8 lg:gap-4 xl:flex-col"},i.buttons.map(((e,t)=>a.createElement("li",{key:t},a.createElement("a",{href:e.path,className:"no-underline hover:no-underline leading-none mx-auto flex h-32 max-w-lg flex-col items-center justify-center gap-4 rounded-md bg-gray-100 p-4 text-center text-purple-700 underline-offset-4 transition duration-150 ease-linear hover:bg-purple-700 hover:text-purple-50 hover:shadow-md dark:bg-gray-700 dark:hover:bg-purple-900 dark:hover:text-white lg:h-auto lg:flex-row xl:justify-start"},a.createElement("span",{className:"text-left"},e.text),a.createElement(o.JO,{icon:e.icon,className:"order-first hidden lg:block"}))))))))},1320:(e,t,n)=>{n.d(t,{Z:()=>m});var a=n(7294),o=n(1954),i=n(2074),s=n(8201),r=n(1372);const l=e=>{let{grid:t,display:n,layout:o,title:i,description:r}=e;return a.createElement("div",{className:`${t} ${n} ${o}`},a.createElement("h1",{className:"mb-6 max-w-sm text-purple-700 dark:text-purple-500 lg:max-w-lg "},i),a.createElement(s.Z,{text:r,styles:"leading-relaxed"}))},h=e=>{let{grid:t,display:n,layout:o,image:i={path:"images/raw/podman-2-196w-172h.png",alt:"Podman Logo"}}=e;return a.createElement("div",null,a.createElement("img",{src:i.path,alt:i.alt,className:`${t} ${n} ${o}`}))};function d(e){let{image:t,basicResources:n}=e;return n?a.createElement(r.Z,null):a.createElement(h,{image:t,layout:"mb-8 lg:mb-0"})}function u(e){let{instructions:t}=e;return t?a.createElement("div",null,a.createElement("h3",{className:"text-gray-700 mb-4"},t.title),a.createElement("p",null,t.subtitle),a.createElement("ul",{className:"mb-10 mt-4 flex flex-col gap-6 sm:flex-row lg:mb-16 lg:gap-4 xl:flex-col"},a.createElement("li",null,a.createElement("a",{href:t.button.path,className:"no-underline hover:no-underline flex h-32 max-w-lg flex-col items-center justify-center gap-4 rounded-md bg-gray-100 p-4 text-center text-purple-700 underline-offset-4 transition duration-150 ease-linear hover:bg-purple-700 hover:text-purple-50 hover:shadow-md dark:bg-gray-700 dark:hover:bg-purple-900 dark:hover:text-white lg:h-auto lg:flex-row xl:justify-start"},a.createElement("span",null,t.button.text),a.createElement(o.JO,{icon:t.button.icon,className:"order-first hidden lg:block"}))))):null}const m=function(e){let{title:t,description:n,image:o,lightColor:s="white",darkColor:r="gray-900",basicResources:h,instructions:m}=e;return a.createElement("header",{className:`bg-${s} dark:bg-${r}`},a.createElement("div",{className:"bg-gradient-to-r from-blue-500 to-purple-700 dark:from-blue-700 dark:to-purple-900 lg:pt-8"},a.createElement(i.Z,null)),a.createElement("div",{className:"container flex flex-col md:flex-row justify-around"},a.createElement("div",null,a.createElement(l,{title:t,description:n,layout:"mt-12 lg:mt-0 mb-8"}),a.createElement(u,{instructions:m})),a.createElement("div",{className:"w-[50%] ml-24"},a.createElement(d,{basicResources:h}))))}},3198:(e,t,n)=>{n.d(t,{Z:()=>i});var a=n(7294),o=n(8201);const i=function(e){let{title:t,description:n,textGradientStops:i="from-blue-700 via-blue-700 to-blue-900 dark:from-blue-500 dark:to-blue-700",textGradient:s=!1,textColor:r="text-gray-900",fontWeight:l,layout:h,bgColor:d}=e;const u=s?`bg-gradient-radial bg-clip-text text-transparent dark:bg-gradient-radial dark:text-transparent ${i}`:`${r}`;return a.createElement("header",{className:`${d} ${h}`},a.createElement("div",{className:"container mx-auto mb-4 mt-12 text-center lg:mt-16"},a.createElement("h2",{className:`${u} ${l}`},t),a.createElement(o.Z,{text:n,styles:"mx-auto my-4 max-w-4xl leading-relaxed text-gray-700 dark:text-gray-100"})))}},2074:(e,t,n)=>{n.d(t,{Z:()=>o});var a=n(7294);const o=function(e){let{light:t="fill-white",dark:n="dark:fill-gray-900",width:o="100",height:i="130",grid:s,layout:r}=e;return a.createElement("svg",{xmlns:"http://www.w3.org/2000/svg",className:`${s} ${r}`,width:`${o}%`,viewBox:`-8620 -1968 1400 ${i}`},a.createElement("path",{className:`${t} ${n}`,d:"M-8629-1935v-10.614s78.25-20.752 155.47-20.752c131.788 0 169.95 23.309 233.125 23.309 108.108 0 138.56-21.268 208.573-21.268s108.701 25.151 233.283 25.151c124.581 0 120.881-43.085 251.082-22.031 112.227 18.148 187.023 22.031 264.45 7.825 76.957-14.12 79.117 14.113 79.014 18.38l.003 258h-1425v-258Z"}))}},7528:(e,t,n)=>{n.d(t,{Z:()=>s});var a=n(7294),o=n(1954),i=n(8201);const s=function(e){let{title:t,description:n,image:s,styles:r,icon:l,bgColor:h="from-blue-700 via-blue-700 to-blue-900 dark:from-blue-500 dark:to-blue-700",titleColor:d="text-purple-700 dark:text-purple-500",marginHeight:u="mt-8 lg:mt-16"}=e;return a.createElement("section",{className:`${r} ${h} ${u} mx-auto w-full`},a.createElement("div",{className:"mx-auto flex max-w-3xl flex-wrap items-center justify-center gap-4 py-4 md:py-8 lg:gap-8 xl:max-w-fit"},a.createElement("div",null,l?a.createElement(o.JO,{icon:l,className:"text-4xl text-white dark:text-gray-50"}):s?a.createElement("img",{src:s.src,alt:s.alt}):a.createElement("p",null,"No image or icon")),t?a.createElement("div",{className:"mx-auto text-center md:text-start lg:pl-4"},a.createElement("h3",{className:`mx-auto mb-4 text-3xl font-bold ${d}`},t),a.createElement(i.Z,{text:n,styles:"mx-auto max-w-4xl leading-relaxed text-gray-700"})):a.createElement(i.Z,{text:n,styles:"mx-auto leading-relaxed"})))}},4307:(e,t,n)=>{n.d(t,{Z:()=>i});var a=n(7294),o=n(1954);const i=function(e){let{as:t="link",outline:n,colors:i,icon:s,text:r,method:l,path:h}=e;const d="text-xl h-fit my-2 block max-w-fit cursor-pointer rounded-md px-6 py-2 font-semibold transition duration-150 ease-in-out hover:no-underline hover:shadow-md whitespace-nowrap",u=n?` no-underline outline dark:bg-white dark:text-purple-700 text-purple-700 dark:text-purple-900 dark:hover:bg-purple-900 dark:hover:text-white ${i}`:`bg-purple-700 dark:bg-purple-900 text-white dark:text-white hover:bg-purple-900 no-underline hover:no-underline dark:hover:text-gray-50 dark:hover:bg-purple-700 hover:text-white ${i}`;return"button"===t?a.createElement("button",{onClick:l,className:`${d} ${u}`},s?a.createElement("span",{className:"flex items-center gap-2"},r," ",a.createElement(o.JO,{icon:s})):a.createElement("span",null,r)):a.createElement("a",{href:h,className:`${d} ${u}`},s?a.createElement("span",{className:"flex items-center gap-2"},r," ",a.createElement(o.JO,{icon:s})):a.createElement("span",null,r))}},4544:(e,t,n)=>{n.d(t,{Z:()=>i});var a=n(7294),o=n(1954);const i=function(e){const t=(0,a.useRef)(),[n,i]=(0,a.useState)(!1);var s,r;return s=t,r=()=>i(!1),(0,a.useEffect)((()=>{const e=e=>{s.current&&!s.current.contains(e.target)&&r(e)};return document.addEventListener("mousedown",e),document.addEventListener("touchstart",e),()=>{document.removeEventListener("mousedown",e),document.removeEventListener("touchstart",e)}}),[s,r]),a.createElement("div",{ref:t},a.createElement("button",{"data-dropdown-toggle":"dropdown",onClick:()=>i((e=>!e)),className:"my-2 flex items-center gap-2 rounded-md bg-white px-4 py-2 font-bold text-purple-700 transition duration-150 ease-linear hover:bg-purple-700 hover:text-white focus:shadow-md dark:text-purple-900 dark:hover:text-white"},a.createElement("span",null,e.text),a.createElement(o.JO,{icon:"ion:caret-down-outline"})),n&&a.createElement("div",{className:"absolute mt-2 max-w-fit rounded-md bg-white shadow-md dark:bg-gray-900"},e.option))}},8201:(e,t,n)=>{n.d(t,{Z:()=>s});var a=n(7294),o=n(1262);const i=(0,a.lazy)((()=>n.e(195).then(n.bind(n,1195))));const s=function(e){let{text:t,styles:n}=e;return a.createElement(o.Z,null,(()=>a.createElement(a.Suspense,{fallback:a.createElement("p",null,"text loading...")},a.createElement(i,{children:t,className:n}))))}},1150:(e,t,n)=>{n.r(t),n.d(t,{default:()=>Bi});var a={};n.r(a),n.d(a,{contentTitle:()=>pe,default:()=>we,frontMatter:()=>ce,toc:()=>ge});var o={};n.r(o),n.d(o,{contentTitle:()=>be,default:()=>Ie,frontMatter:()=>fe,toc:()=>ve});var i={};n.r(i),n.d(i,{contentTitle:()=>Se,default:()=>xe,frontMatter:()=>Te,toc:()=>Ne});var s={};n.r(s),n.d(s,{contentTitle:()=>Be,default:()=>Le,frontMatter:()=>De,toc:()=>Ee});var r={};n.r(r),n.d(r,{contentTitle:()=>Re,default:()=>Ge,frontMatter:()=>He,toc:()=>Je});var l={};n.r(l),n.d(l,{contentTitle:()=>Ye,default:()=>Ke,frontMatter:()=>Ue,toc:()=>ze});var h={};n.r(h),n.d(h,{contentTitle:()=>Qe,default:()=>et,frontMatter:()=>Ze,toc:()=>_e});var d={};n.r(d),n.d(d,{contentTitle:()=>nt,default:()=>st,frontMatter:()=>tt,toc:()=>at});var u={};n.r(u),n.d(u,{contentTitle:()=>lt,default:()=>mt,frontMatter:()=>rt,toc:()=>ht});var m={};n.r(m),n.d(m,{contentTitle:()=>pt,default:()=>wt,frontMatter:()=>ct,toc:()=>gt});var c={};n.r(c),n.d(c,{contentTitle:()=>bt,default:()=>It,frontMatter:()=>ft,toc:()=>vt});var p={};n.r(p),n.d(p,{contentTitle:()=>St,default:()=>xt,frontMatter:()=>Tt,toc:()=>Nt});var g={};n.r(g),n.d(g,{contentTitle:()=>Bt,default:()=>Lt,frontMatter:()=>Dt,toc:()=>Et});var k={};n.r(k),n.d(k,{contentTitle:()=>Rt,default:()=>Gt,frontMatter:()=>Ht,toc:()=>Jt});var y={};n.r(y),n.d(y,{contentTitle:()=>Yt,default:()=>Kt,frontMatter:()=>Ut,toc:()=>zt});var w={};n.r(w),n.d(w,{contentTitle:()=>Qt,default:()=>en,frontMatter:()=>Zt,toc:()=>_t});var f={};n.r(f),n.d(f,{contentTitle:()=>nn,default:()=>rn,frontMatter:()=>tn,toc:()=>an});var b={};n.r(b),n.d(b,{contentTitle:()=>hn,default:()=>cn,frontMatter:()=>ln,toc:()=>dn});var v={};n.r(v),n.d(v,{contentTitle:()=>gn,default:()=>fn,frontMatter:()=>pn,toc:()=>kn});var M={};n.r(M),n.d(M,{contentTitle:()=>vn,default:()=>Tn,frontMatter:()=>bn,toc:()=>Mn});var A={};n.r(A),n.d(A,{contentTitle:()=>Nn,default:()=>Dn,frontMatter:()=>Sn,toc:()=>Cn});var I={};n.r(I),n.d(I,{contentTitle:()=>En,default:()=>Hn,frontMatter:()=>Bn,toc:()=>Wn});var T={};n.r(T),n.d(T,{contentTitle:()=>Jn,default:()=>Un,frontMatter:()=>Rn,toc:()=>On});var S={};n.r(S),n.d(S,{contentTitle:()=>zn,default:()=>Zn,frontMatter:()=>Yn,toc:()=>qn});var N={};n.r(N),n.d(N,{contentTitle:()=>_n,default:()=>ta,frontMatter:()=>Qn,toc:()=>Xn});var C={};n.r(C),n.d(C,{contentTitle:()=>aa,default:()=>ra,frontMatter:()=>na,toc:()=>oa});var P={};n.r(P),n.d(P,{contentTitle:()=>ha,default:()=>ca,frontMatter:()=>la,toc:()=>da});var x={};n.r(x),n.d(x,{contentTitle:()=>ga,default:()=>fa,frontMatter:()=>pa,toc:()=>ka});var D={};n.r(D),n.d(D,{contentTitle:()=>va,default:()=>Ta,frontMatter:()=>ba,toc:()=>Ma});var B={};n.r(B),n.d(B,{contentTitle:()=>Na,default:()=>Da,frontMatter:()=>Sa,toc:()=>Ca});var E={};n.r(E),n.d(E,{contentTitle:()=>Ea,default:()=>Ha,frontMatter:()=>Ba,toc:()=>Wa});var W={};n.r(W),n.d(W,{contentTitle:()=>Ja,default:()=>Ua,frontMatter:()=>Ra,toc:()=>Oa});var j={};n.r(j),n.d(j,{contentTitle:()=>za,default:()=>Za,frontMatter:()=>Ya,toc:()=>qa});var L={};n.r(L),n.d(L,{contentTitle:()=>_a,default:()=>to,frontMatter:()=>Qa,toc:()=>Xa});var H={};n.r(H),n.d(H,{contentTitle:()=>ao,default:()=>ro,frontMatter:()=>no,toc:()=>oo});var R={};n.r(R),n.d(R,{contentTitle:()=>ho,default:()=>po,frontMatter:()=>lo,toc:()=>uo});var J={};n.r(J),n.d(J,{contentTitle:()=>ko,default:()=>bo,frontMatter:()=>go,toc:()=>yo});var O={};n.r(O),n.d(O,{contentTitle:()=>Mo,default:()=>So,frontMatter:()=>vo,toc:()=>Ao});var F={};n.r(F),n.d(F,{contentTitle:()=>Co,default:()=>Bo,frontMatter:()=>No,toc:()=>Po});var G={};n.r(G),n.d(G,{contentTitle:()=>Wo,default:()=>Ro,frontMatter:()=>Eo,toc:()=>jo});var U={};n.r(U),n.d(U,{contentTitle:()=>Oo,default:()=>Yo,frontMatter:()=>Jo,toc:()=>Fo});var Y={};n.r(Y),n.d(Y,{contentTitle:()=>qo,default:()=>Qo,frontMatter:()=>zo,toc:()=>Vo});var z={};n.r(z),n.d(z,{contentTitle:()=>Xo,default:()=>ni,frontMatter:()=>_o,toc:()=>$o});var q={};n.r(q),n.d(q,{contentTitle:()=>oi,default:()=>li,frontMatter:()=>ai,toc:()=>ii});var V={};n.r(V),n.d(V,{F20201006:()=>a,F20201103:()=>u,F20201201:()=>f,F20210202:()=>N,F20210302:()=>j,F20210406:()=>o,F20210504:()=>m,F20210601:()=>b,F20210715:()=>C,F20210803:()=>L,F20210819:()=>i,F20210907:()=>c,F20210916:()=>v,F20211005:()=>P,F20211021:()=>H,F20211102:()=>s,F20211118:()=>p,F20211207:()=>M,F20211216:()=>x,F20220120:()=>R,F20220201:()=>r,F20220217:()=>g,F20220317:()=>A,F20220405:()=>D,F20220421:()=>J,F20220519:()=>l,F20220607:()=>k,F20220721:()=>I,F20220802:()=>B,F20220915:()=>O,F20221004:()=>h,F20221117:()=>y,F20221206:()=>T,F20230119:()=>E,F20230207:()=>F,F20230216:()=>d,F20230316:()=>w,F20230404:()=>S,F20230420:()=>W,F20230518:()=>G,F20230606:()=>U,F20230615:()=>Y,F20230720:()=>z,F20230921:()=>q});var K=n(7462),Z=n(7294),Q=n(7961),_=n(1954),X=n(8201),$=n(1320),ee=n(3198);const te=[{label:"Red Hat",href:"https://www.redhat.com/",src:"logos/raw/red-hat-120w-77h.png",alt:"Red Hat Logo"},{label:"Amadeus",href:"https://www.amadeus.com/",src:"logos/raw/amadeus-171w-22h.png",alt:"Amadeus Logo"},{label:"Suse",href:"https://www.suse.com",src:"logos/raw/suse-167w-30h.png",alt:"Suse Logo"},{label:"Motorola",href:"https://www.motorolasolutions.com/",src:"logos/raw/motorola-solutions-128w-110h.png",alt:"Motorola Solutions Logo"},{label:"NTT",href:"https://www.global.ntt",src:"logos/raw/ntt-145w-50h.png",alt:"NTT Logo"},{label:"IBM",href:"https://www.ibm.com",src:"logos/raw/ibm-92w-37h.png",alt:"IBM Logo"},{label:"Debian",href:"https://www.debian.org/",src:"logos/raw/debian-68w-90h.png",alt:"Debian Logo"}];const ne=function(){const[e,t,n,a,o,i,s]=te;return Z.createElement("section",{className:"my-8 lg:my-12"},Z.createElement("header",{className:"container my-4 text-center lg:my-8"},Z.createElement("h2",{className:"mb-3 text-blue-700 dark:text-purple-500"},"Special thanks to our contributors"),Z.createElement("p",{className:"text-gray-900"},"The Podman community has contributors from many different organizations, including:")),Z.createElement("div",{className:"relative mx-auto my-8 flex items-center"},Z.createElement("button",{onClick:()=>{const e=document.getElementById("slider");e.scrollLeft=e.scrollLeft-500},className:"lg:hidden"},Z.createElement(_.JO,{icon:"fa-solid:arrow-circle-left",className:"text-4xl text-gray-500 opacity-25 transition duration-150 ease-linear hover:text-purple-900 hover:opacity-100 dark:hover:text-purple-700"})),Z.createElement("div",{id:"slider",className:"justify-center mx-auto h-full w-full place-items-center gap-6 overflow-x-scroll scroll-smooth whitespace-nowrap scrollbar scrollbar-track-purple-500 lg:container lg:grid"},Z.createElement("a",{href:e.href,target:"_blank",className:"mx-4 mb-4 inline-block rounded-md p-4 dark:bg-gray-100 lg:row-span-2 lg:row-start-1 lg:mb-0"},Z.createElement("img",(0,K.Z)({},e,{className:"mx-auto p-4"}))),Z.createElement("a",{href:t.href,target:"_blank",className:"mx-4 mb-4 inline-block rounded-md p-4 dark:bg-gray-100 lg:mb-0 lg:flex lg:h-28 lg:w-80 lg:items-center"},Z.createElement("img",(0,K.Z)({},t,{className:"object-fit mx-auto max-w-sm p-4 "}))),Z.createElement("a",{href:n.href,target:"_blank",className:"mx-4 mb-4 inline-block rounded-md p-4 dark:bg-gray-100 lg:mb-0 lg:flex lg:h-28 lg:w-80 lg:items-center"},Z.createElement("img",(0,K.Z)({},n,{className:"object-fit mx-auto max-w-sm p-4 "}))),Z.createElement("a",{href:a.href,target:"_blank",className:"mx-4 mb-4 inline-block rounded-md p-4 dark:bg-gray-100 lg:row-span-2 lg:row-start-1 lg:mb-0"},Z.createElement("img",(0,K.Z)({},a,{className:"mx-auto p-4"}))),Z.createElement("a",{href:o.href,target:"_blank",className:"mx-4 mb-4 inline-block rounded-md p-4 dark:bg-gray-100 lg:mb-0 lg:flex lg:h-28 lg:w-80 lg:items-center"},Z.createElement("img",(0,K.Z)({},o,{className:"object-fit mx-auto max-w-sm p-4 "}))),Z.createElement("a",{href:i.href,target:"_blank",className:"col-span-3 mx-4 mb-4 inline-block rounded-md p-4 dark:bg-gray-100 lg:mb-0 lg:flex lg:h-28 lg:w-80 lg:items-center"},Z.createElement("img",(0,K.Z)({},i,{className:"object-fit mx-auto max-w-sm p-4 "}))),Z.createElement("a",{href:s.href,target:"_blank",className:"mx-4 mb-4 inline-block rounded-md p-4 dark:bg-gray-100 lg:row-span-2 lg:row-start-1 lg:mb-0"},Z.createElement("img",(0,K.Z)({},s,{className:"mx-auto p-4"})))),Z.createElement("button",{onClick:()=>{const e=document.getElementById("slider");e.scrollLeft=e.scrollLeft+500},className:"lg:hidden"},Z.createElement(_.JO,{icon:"fa-solid:arrow-circle-right",className:"dark:hover-text-purple-700 text-4xl text-gray-500 opacity-25 transition duration-150 ease-linear hover:text-purple-900 hover:opacity-100"}))))};var ae=n(4307);const oe=function(){return Z.createElement("svg",{width:"74.667",xmlns:"http://www.w3.org/2000/svg",className:"film-icon",height:"56",id:"screenshot-f22025ed-2924-807f-8002-a2aff9654955",viewBox:"0 0 74.667 56",fill:"none",version:"1.1"},Z.createElement("g",{id:"shape-f22025ed-2924-807f-8002-a2aff9654955",rx:"0",ry:"0"},Z.createElement("g",{id:"shape-f22025ed-2924-807f-8002-a2af748c75a7",className:"svg-inline--fa fa-film fa-w-16",rx:"0",ry:"0",fill:"url(#fill-0-rumext-id-2)"},Z.createElement("defs",null,Z.createElement("radialGradient",{id:"fill-color-gradient_rumext-id-2_0",cx:"0.5",cy:"0.5",r:"0.5",gradientTransform:"matrix(-1.000000, 0.000000, -0.000000, -1.000000, 1.000000, 1.000000)"},Z.createElement("stop",{offset:"0",stopColor:"#68c6f7",stopOpacity:"1"}),Z.createElement("stop",{offset:"1",stopColor:"#3799cc",stopOpacity:"1"})),Z.createElement("pattern",{patternUnits:"userSpaceOnUse",x:"0.0000022199039904080564",y:"0.0000025210333660652395",height:"56.00000799999998",width:"74.66667200000188","data-loading":"false",id:"fill-0-rumext-id-2"},Z.createElement("g",null,Z.createElement("rect",{width:"74.66667200000188",height:"56.00000799999998",fill:"url(#fill-color-gradient_rumext-id-2_0)"})))),Z.createElement("g",{id:"shape-f22025ed-2924-807f-8002-a2af748c75a8"},Z.createElement("defs",null,Z.createElement("radialGradient",{id:"fill-color-gradient_rumext-id-3_0",cx:"0.5",cy:"0.5",r:"0.5",gradientTransform:"matrix(-1.000000, 0.000000, -0.000000, -1.000000, 1.000000, 1.000000)"},Z.createElement("stop",{offset:"0",stopColor:"#68c6f7",stopOpacity:"1"}),Z.createElement("stop",{offset:"1",stopColor:"#3799cc",stopOpacity:"1"})),Z.createElement("pattern",{patternUnits:"userSpaceOnUse",x:"-0.10779549147923717",y:"0.000006515896984637948",height:"56.000000000000455",width:"75.00000000000205","data-loading":"false",patternTransform:"matrix(1.000000, 0.000000, 0.000000, 1.000000, 0.000000, -0.000000)",id:"fill-0-rumext-id-3"},Z.createElement("g",null,Z.createElement("rect",{width:"75.00000000000205",height:"56.000000000000455",fill:"url(#fill-color-gradient_rumext-id-3_0)"})))),Z.createElement("g",{className:"fills",id:"fills-f22025ed-2924-807f-8002-a2af748c75a8"},Z.createElement("path",{fill:"url(#fill-0-rumext-id-3)",rx:"0",ry:"0",d:"M71.167,0.000L70.000,0.000L70.000,2.917C70.000,3.879,69.213,4.667,68.250,4.667L62.417,4.667C61.454,4.667,60.667,3.879,60.667,2.917L60.667,0.000L14.000,0.000L14.000,2.917C14.000,3.879,13.213,4.667,12.250,4.667L6.417,4.667C5.454,4.667,4.667,3.879,4.667,2.917L4.667,0.000L3.500,0.000C1.560,0.000,0.000,1.560,0.000,3.500L0.000,52.500C0.000,54.440,1.560,56.000,3.500,56.000L4.667,56.000L4.667,53.083C4.667,52.121,5.454,51.333,6.417,51.333L12.250,51.333C13.213,51.333,14.000,52.121,14.000,53.083L14.000,56.000L60.667,56.000L60.667,53.083C60.667,52.121,61.454,51.333,62.417,51.333L68.250,51.333C69.213,51.333,70.000,52.121,70.000,53.083L70.000,56.000L71.167,56.000C73.106,56.000,74.667,54.440,74.667,52.500L74.667,3.500C74.667,1.560,73.106,0.000,71.167,0.000ZZM14.000,44.917C14.000,45.879,13.213,46.667,12.250,46.667L6.417,46.667C5.454,46.667,4.667,45.879,4.667,44.917L4.667,39.083C4.667,38.121,5.454,37.333,6.417,37.333L12.250,37.333C13.213,37.333,14.000,38.121,14.000,39.083L14.000,44.917ZZM14.000,30.917C14.000,31.879,13.213,32.667,12.250,32.667L6.417,32.667C5.454,32.667,4.667,31.879,4.667,30.917L4.667,25.083C4.667,24.121,5.454,23.333,6.417,23.333L12.250,23.333C13.213,23.333,14.000,24.121,14.000,25.083L14.000,30.917ZZM14.000,16.917C14.000,17.879,13.213,18.667,12.250,18.667L6.417,18.667C5.454,18.667,4.667,17.879,4.667,16.917L4.667,11.083C4.667,10.121,5.454,9.333,6.417,9.333L12.250,9.333C13.213,9.333,14.000,10.121,14.000,11.083L14.000,16.917ZZM53.667,47.250C53.667,48.213,52.879,49.000,51.917,49.000L22.750,49.000C21.788,49.000,21.000,48.213,21.000,47.250L21.000,33.250C21.000,32.288,21.788,31.500,22.750,31.500L51.917,31.500C52.879,31.500,53.667,32.288,53.667,33.250L53.667,47.250ZZM53.667,22.750C53.667,23.713,52.879,24.500,51.917,24.500L22.750,24.500C21.788,24.500,21.000,23.713,21.000,22.750L21.000,8.750C21.000,7.788,21.788,7.000,22.750,7.000L51.917,7.000C52.879,7.000,53.667,7.788,53.667,8.750L53.667,22.750ZZM70.000,44.917C70.000,45.879,69.213,46.667,68.250,46.667L62.417,46.667C61.454,46.667,60.667,45.879,60.667,44.917L60.667,39.083C60.667,38.121,61.454,37.333,62.417,37.333L68.250,37.333C69.213,37.333,70.000,38.121,70.000,39.083L70.000,44.917ZZM70.000,30.917C70.000,31.879,69.213,32.667,68.250,32.667L62.417,32.667C61.454,32.667,60.667,31.879,60.667,30.917L60.667,25.083C60.667,24.121,61.454,23.333,62.417,23.333L68.250,23.333C69.213,23.333,70.000,24.121,70.000,25.083L70.000,30.917ZZM70.000,16.917C70.000,17.879,69.213,18.667,68.250,18.667L62.417,18.667C61.454,18.667,60.667,17.879,60.667,16.917L60.667,11.083C60.667,10.121,61.454,9.333,62.417,9.333L68.250,9.333C69.213,9.333,70.000,10.121,70.000,11.083L70.000,16.917ZZ"})))),Z.createElement("g",{id:"shape-f22025ed-2924-807f-8002-a2af7f162a3b",className:"svg-inline--fa fa-film fa-w-16",rx:"0",ry:"0",fill:"url(#fill-0-rumext-id-4)"},Z.createElement("defs",null,Z.createElement("radialGradient",{id:"fill-color-gradient_rumext-id-4_0",cx:"0.5",cy:"0.5",r:"0.5",gradientTransform:"matrix(-1.000000, 0.000000, -0.000000, -1.000000, 1.000000, 1.000000)"},Z.createElement("stop",{offset:"0",stopColor:"#68c6f7",stopOpacity:"1"}),Z.createElement("stop",{offset:"1",stopColor:"#3799cc",stopOpacity:"1"})),Z.createElement("pattern",{patternUnits:"userSpaceOnUse",x:"0.0000022199039904080564",y:"56.000002521033366",height:"56.00000799999998",width:"74.66667200000188","data-loading":"false",id:"fill-0-rumext-id-4"},Z.createElement("g",null,Z.createElement("rect",{width:"74.66667200000188",height:"56.00000799999998",fill:"url(#fill-color-gradient_rumext-id-4_0)"})))),Z.createElement("g",{id:"shape-f22025ed-2924-807f-8002-a2af7f162a3c"},Z.createElement("defs",null,Z.createElement("radialGradient",{id:"fill-color-gradient_rumext-id-5_0",cx:"0.5",cy:"0.5",r:"0.5",gradientTransform:"matrix(-1.000000, 0.000000, -0.000000, -1.000000, 1.000000, 1.000000)"},Z.createElement("stop",{offset:"0",stopColor:"#68c6f7",stopOpacity:"1"}),Z.createElement("stop",{offset:"1",stopColor:"#3799cc",stopOpacity:"1"})),Z.createElement("pattern",{patternUnits:"userSpaceOnUse",x:"-0.10779549147923717",y:"56.000006515896985",height:"56.000000000000455",width:"75.00000000000205","data-loading":"false",patternTransform:"matrix(1.000000, 0.000000, 0.000000, 1.000000, 0.000000, -0.000000)",id:"fill-0-rumext-id-5"},Z.createElement("g",null,Z.createElement("rect",{width:"75.00000000000205",height:"56.000000000000455",fill:"url(#fill-color-gradient_rumext-id-5_0)"})))),Z.createElement("g",{className:"fills",id:"fills-f22025ed-2924-807f-8002-a2af7f162a3c"},Z.createElement("path",{fill:"url(#fill-0-rumext-id-5)",rx:"0",ry:"0",d:"M71.167,56.000L70.000,56.000L70.000,58.917C70.000,59.879,69.213,60.667,68.250,60.667L62.417,60.667C61.454,60.667,60.667,59.879,60.667,58.917L60.667,56.000L14.000,56.000L14.000,58.917C14.000,59.879,13.213,60.667,12.250,60.667L6.417,60.667C5.454,60.667,4.667,59.879,4.667,58.917L4.667,56.000L3.500,56.000C1.560,56.000,0.000,57.560,0.000,59.500L0.000,108.500C0.000,110.440,1.560,112.000,3.500,112.000L4.667,112.000L4.667,109.083C4.667,108.121,5.454,107.333,6.417,107.333L12.250,107.333C13.213,107.333,14.000,108.121,14.000,109.083L14.000,112.000L60.667,112.000L60.667,109.083C60.667,108.121,61.454,107.333,62.417,107.333L68.250,107.333C69.213,107.333,70.000,108.121,70.000,109.083L70.000,112.000L71.167,112.000C73.106,112.000,74.667,110.440,74.667,108.500L74.667,59.500C74.667,57.560,73.106,56.000,71.167,56.000ZZM14.000,100.917C14.000,101.879,13.213,102.667,12.250,102.667L6.417,102.667C5.454,102.667,4.667,101.879,4.667,100.917L4.667,95.083C4.667,94.121,5.454,93.333,6.417,93.333L12.250,93.333C13.213,93.333,14.000,94.121,14.000,95.083L14.000,100.917ZZM14.000,86.917C14.000,87.879,13.213,88.667,12.250,88.667L6.417,88.667C5.454,88.667,4.667,87.879,4.667,86.917L4.667,81.083C4.667,80.121,5.454,79.333,6.417,79.333L12.250,79.333C13.213,79.333,14.000,80.121,14.000,81.083L14.000,86.917ZZM14.000,72.917C14.000,73.879,13.213,74.667,12.250,74.667L6.417,74.667C5.454,74.667,4.667,73.879,4.667,72.917L4.667,67.083C4.667,66.121,5.454,65.333,6.417,65.333L12.250,65.333C13.213,65.333,14.000,66.121,14.000,67.083L14.000,72.917ZZM53.667,103.250C53.667,104.213,52.879,105.000,51.917,105.000L22.750,105.000C21.788,105.000,21.000,104.213,21.000,103.250L21.000,89.250C21.000,88.288,21.788,87.500,22.750,87.500L51.917,87.500C52.879,87.500,53.667,88.288,53.667,89.250L53.667,103.250ZZM53.667,78.750C53.667,79.713,52.879,80.500,51.917,80.500L22.750,80.500C21.788,80.500,21.000,79.713,21.000,78.750L21.000,64.750C21.000,63.788,21.788,63.000,22.750,63.000L51.917,63.000C52.879,63.000,53.667,63.788,53.667,64.750L53.667,78.750ZZM70.000,100.917C70.000,101.879,69.213,102.667,68.250,102.667L62.417,102.667C61.454,102.667,60.667,101.879,60.667,100.917L60.667,95.083C60.667,94.121,61.454,93.333,62.417,93.333L68.250,93.333C69.213,93.333,70.000,94.121,70.000,95.083L70.000,100.917ZZM70.000,86.917C70.000,87.879,69.213,88.667,68.250,88.667L62.417,88.667C61.454,88.667,60.667,87.879,60.667,86.917L60.667,81.083C60.667,80.121,61.454,79.333,62.417,79.333L68.250,79.333C69.213,79.333,70.000,80.121,70.000,81.083L70.000,86.917ZZM70.000,72.917C70.000,73.879,69.213,74.667,68.250,74.667L62.417,74.667C61.454,74.667,60.667,73.879,60.667,72.917L60.667,67.083C60.667,66.121,61.454,65.333,62.417,65.333L68.250,65.333C69.213,65.333,70.000,66.121,70.000,67.083L70.000,72.917ZZ"}))))))};function ie(e){const{title:t,subtitle:n,details:a}=e;return Z.createElement("div",{className:"mx-2 mb-10 mt-4 text-center"},Z.createElement("h3",{className:"mb-3 whitespace-nowrap font-bold text-gray-700 dark:text-gray-50"},t),Z.createElement(X.Z,{text:n,styles:"text-gray-700"}),Z.createElement(X.Z,{text:a,styles:"text-gray-700"}))}function se(e){const{text:t}=e;return Z.createElement("div",{className:"mx-2 my-6 overflow-y-auto lg:my-8"},Z.createElement("p",{id:"cardBody-parsed",className:"text-gray-700 dark:text-gray-100"},Z.createElement(X.Z,{text:t})))}function re(e){const{data:t=[{text:"button text",markDown:Z.createElement(Z.Fragment,null,"No MarkDown to Display!")}],primary:n=!1,method:a=(()=>{console.error("No callback method passed")})}=e;return Z.createElement("div",{className:"align-center mb-4 mt-8 flex flex-row flex-wrap justify-center gap-4 lg:mb-8 2xl:px-10"},n?t.map(((e,t)=>Z.createElement("div",{key:t},0==t?Z.createElement(ae.Z,(0,K.Z)({as:"link"},e)):Z.createElement(ae.Z,(0,K.Z)({as:"link",outline:!0},e))))):t.map(((e,t)=>Z.createElement("div",{key:t},0==t?Z.createElement(ae.Z,(0,K.Z)({as:"link",outline:!0},e)):Z.createElement(ae.Z,(0,K.Z)({as:"button",method:()=>{a(e)},outline:!0},e))))))}const le=function(e){return Z.createElement("article",{style:e.primary?{maxHeight:"550px",flex:1}:{},className:"flex w-11/12 flex-col rounded-lg bg-gray-50 p-4 shadow-xl dark:bg-gray-700 dark:shadow-none lg:mx-8 lg:my-4"},Z.createElement(ie,e),e?.icon?Z.createElement(oe,null):Z.createElement(se,e),Z.createElement(re,e))};const he=function(e){let{cards:t,toggleIsModalOpen:n}=e;return Z.createElement("div",{className:"mb-4 flex lg:mb-6"},t?.map(((e,t)=>{let a=new Date(e.date).getDay();return Z.createElement(le,{key:t,title:e.date,subtitle:(o=a,["Sunday","Monday","Tuesday","Wednesday","Thursday","Friday","Saturday"][o]),details:e.timeZone,text:e.subtitle,data:e.buttons,icon:e.icon,method:t=>{n(t,e.date)}});var o})))};const de=function(e){const{dropdownRef:t}=e,[n,a]=(0,Z.useState)(!1);var o,i;return o=t,i=()=>a(!1),(0,Z.useEffect)((()=>{const e=e=>{o.current&&!o.current.contains(e.target)&&i(e)};return document.addEventListener("mousedown",e),document.addEventListener("touchstart",e),()=>{document.removeEventListener("mousedown",e),document.removeEventListener("touchstart",e)}}),[o,i]),Z.createElement("div",{ref:t},Z.createElement("div",{"data-dropdown-toggle":"dropdown",onClick:()=>a((e=>!e)),className:"my-2 flex cursor-pointer items-center gap-1 py-2 pl-12 font-bold text-purple-700 dark:text-purple-500"},Z.createElement("div",{className:`transition duration-150 ease-linear ${n&&"rotate-90"}`},Z.createElement(_.JO,{icon:"bi:caret-right-square-fill"})),Z.createElement("span",null,e.text)),Z.createElement("div",{className:"dropdown-options absolute mt-2 flex flex-col overflow-y-auto overflow-x-hidden shadow-md scrollbar-thin scrollbar-track-gray-100 scrollbar-thumb-gray-300 dark:bg-gray-900 md:max-h-full lg:max-h-96"},n&&e?.options.map((e=>e))))};const ue=function(e){const{classNames:t}=e;return Z.createElement("svg",{width:"33",xmlns:"http://www.w3.org/2000/svg",height:"33",id:"screenshot-6dbb9699-50de-8051-8002-b160b2203dcd",viewBox:"-0.5 -0.5 33 33",fill:"rgb(177, 178, 181)",version:"1.1",className:t},Z.createElement("g",{id:"shape-6dbb9699-50de-8051-8002-b160b2203dcd",rx:"0",ry:"0"},Z.createElement("g",{id:"shape-6dbb9699-50de-8051-8002-b15f80612846"},Z.createElement("g",{className:"fills",id:"fills-6dbb9699-50de-8051-8002-b15f80612846"},Z.createElement("path",{d:"M5,0 h22 a5,5 0 0 1 5,5 v22 a5,5 0 0 1 -5,5 h-22 a5,5 0 0 1 -5,-5 v-22 a5,5 0 0 1 5,-5 z",x:"0",y:"0",transform:"matrix(1.000000, 0.000000, 0.000000, 1.000000, 0.000000, 0.000000)",width:"32",height:"32"})),Z.createElement("g",{id:"strokes-6dbb9699-50de-8051-8002-b15f80612846",className:"strokes"},Z.createElement("g",{className:"stroke-shape"},Z.createElement("path",{d:"M5,0 h22 a5,5 0 0 1 5,5 v22 a5,5 0 0 1 -5,5 h-22 a5,5 0 0 1 -5,-5 v-22 a5,5 0 0 1 5,-5 z",x:"0",y:"0",transform:"matrix(1.000000, 0.000000, 0.000000, 1.000000, 0.000000, 0.000000)",width:"32",height:"32",opacity:"0.5",fill:"none",strokeWidth:"1",stroke:"rgb(0, 0, 0)",strokeOpacity:"1"})))),Z.createElement("g",{id:"shape-6dbb9699-50de-8051-8002-b16031b36494"},Z.createElement("g",{className:"fills",id:"fills-6dbb9699-50de-8051-8002-b16031b36494"},Z.createElement("path",{rx:"0",ry:"0",d:"M28.500,3.500L3.500,29.500"})),Z.createElement("g",{id:"strokes-6dbb9699-50de-8051-8002-b16031b36494",className:"strokes"},Z.createElement("g",{className:"stroke-shape"},Z.createElement("path",{rx:"0",ry:"0",d:"M28.500,3.500L3.500,29.500",fill:"none",strokeWidth:"2",stroke:"rgb(0, 0, 0)",strokeOpacity:"1"})))),Z.createElement("g",{id:"shape-6dbb9699-50de-8051-8002-b1604c231d3e"},Z.createElement("g",{className:"fills",id:"fills-6dbb9699-50de-8051-8002-b1604c231d3e"},Z.createElement("path",{rx:"0",ry:"0",d:"M28.500,28.500L2.500,3.500"})),Z.createElement("g",{id:"strokes-6dbb9699-50de-8051-8002-b1604c231d3e",className:"strokes"},Z.createElement("g",{className:"stroke-shape"},Z.createElement("path",{rx:"0",ry:"0",d:"M28.500,28.500L2.500,3.500",fill:"none",strokeWidth:"2",stroke:"rgb(0, 0, 0)",strokeOpacity:"1"}))))))};var me=n(3905);const ce={layout:"default",title:"Podman Community Meeting"},pe=void 0,ge=[{value:"October 6, 2020 11:00 a.m. Eastern",id:"october-6-2020-1100-am-eastern",level:2},{value:"Attendees (34 total)",id:"attendees-34-total",level:3},{value:"Introductions",id:"introductions",level:2},{value:"Upcoming",id:"upcoming",level:2},{value:"Podman v3.0 Planning",id:"podman-v30-planning",level:2},{value:"HPC",id:"hpc",level:2},{value:"Questions?",id:"questions",level:2},{value:"Topics for Next Meeting",id:"topics-for-next-meeting",level:2},{value:"Next Meeting: Tuesday, November 3, 2020, 11:00 a.m. Eastern",id:"next-meeting-tuesday-november-3-2020-1100-am-eastern",level:2},{value:"BlueJeans Chat raw copy/paste:",id:"bluejeans-chat-raw-copypaste",level:2}],ke={toc:ge},ye="wrapper";function we(e){let{components:t,...a}=e;return(0,me.kt)(ye,(0,K.Z)({},ke,a,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("p",null,(0,me.kt)("img",{alt:"Podman logo",src:n(1382).Z,width:"228",height:"61"})),(0,me.kt)("h1",{id:"-pagetitle-"},"{{ page.title }}"),(0,me.kt)("h2",{id:"october-6-2020-1100-am-eastern"},"October 6, 2020 11:00 a.m. Eastern"),(0,me.kt)("h3",{id:"attendees-34-total"},"Attendees (34 total)"),(0,me.kt)("p",null,"Tom Sweeney, Alex Litvak, Chris Evich, Christian Felder, Douglas, Ed Santaigo, Josep Gooch, Joe Doss, Lokesh Mand, Manish, Matt Heon, Reinhard Tartler, Valentin Rothberg, Wolfgang K, Nalin Dahyabhai, Dusty Mabe, Urvashi Mohnani, Sally O'Malley, Eduardo Santiago, Anders, Miloslav Trma\u010d, Jhon Honce, Parker Van Roy, Brent Baude, James Alt, Greg Shomo, Paul Holzinger, Ralf Haferkamp, Giuseppe Scrivano, Scott McCarty, Anders Bj\xf6rklund (afbjorklund), Balamurugan, Brian Smith, Drew Baily"),(0,me.kt)("h2",{id:"introductions"},"Introductions"),(0,me.kt)("p",null,"Each of the attendees gave a quick introduction."),(0,me.kt)("h2",{id:"upcoming"},"Upcoming"),(0,me.kt)("p",null,"Matt Heon discussed the upcoming releases and some of their content. He said, v2.1 came out a little over a week ago, v2.1.1 coming with bug fixes in the next week or so.\nAiming v3.0 towards sometime in February, which will include the removal of the varlink api as it has been deprecated. The big changes for v3.0 will be the removal of varlink and it will include improvements in handling short image names."),(0,me.kt)("p",null,"Trying to get additional commands such as ",(0,me.kt)("inlineCode",{parentName:"p"},"podman container clone")," and other commands in as well. Also improvements to the REST API, including new endpoints to more closely mimic what Podman locally does."),(0,me.kt)("p",null,"Lots of effort currently being put into fixing reported bugs and moving people from established Docker shops who want to transition."),(0,me.kt)("h2",{id:"podman-v30-planning"},"Podman v3.0 Planning"),(0,me.kt)("p",null,"Dan Walsh led the discussion on Podman v3.0 planning. Short names of images will be added. This will help prevent spoofing of images. ",(0,me.kt)("inlineCode",{parentName:"p"},"podman pull foo")," will go to all the defined registries and you'll be given a choice to pick from a list. If you pull later, it will repull that same pick. Similar to known hosts in ssh. Better support for Kata containers. More documentation and enhancements in usernamespace. Auto-selection of usernamespace is one such area of improvement. Also kubernetes integration enhancements, currently underway from a number of community members."),(0,me.kt)("h2",{id:"hpc"},"HPC"),(0,me.kt)("p",null,"Dan talked in general about the HPC community and that the development team would like to work closely with that community. Valentin talked about the differences in that environment. The goal is to generalize the problems and make them more usable."),(0,me.kt)("h2",{id:"questions"},"Questions?"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Any plans for improved systemd integration with rootless? Specifically running systemd units with the ",(0,me.kt)("inlineCode",{parentName:"li"},"User=")," directive calling podman rootless.\n(jdoss)")),(0,me.kt)("p",null,"Podman team has talked to the systemd team and the systemd team was somewhat confused about why someone would want that. Further talks had about ways to use it are ongoing, but no support from systemd team at the moment. We'd like to get it in, but rely on the systemd team's help."),(0,me.kt)("ol",{start:2},(0,me.kt)("li",{parentName:"ol"},"Could you elaborate on the timing of integration of podman 2.x and 3.x into certain RHEL 8.x releases? (JA)")),(0,me.kt)("p",null,"Podman 2.0 is 8.3.0, Podman 2.1 in 8.3.1. Not sure about 3.0 yet - perhaps 8.4.0 if we make the deadline there."),(0,me.kt)("ol",{start:3},(0,me.kt)("li",{parentName:"ol"},"What versions of podman/buildah/skopeo can we expect to end up in RHEL7 (RHEL8)? (R. Tartier)")),(0,me.kt)("p",null,"RHEL7 is now frozen on 1.6.4"),(0,me.kt)("ol",{start:4},(0,me.kt)("li",{parentName:"ol"},"Will this go into another module stream though? (C Felder)")),(0,me.kt)("p",null,"Yes. Nevertheless, RHEL8 stream is always rolling to the latest."),(0,me.kt)("ol",{start:5},(0,me.kt)("li",{parentName:"ol"},'Does "kind" work with Podman?')),(0,me.kt)("p",null,"It should work now for Podman running as root in Podman 2.0."),(0,me.kt)("ol",{start:6},(0,me.kt)("li",{parentName:"ol"},"Does the podman team work with the Quay team about registry interactions - access control features? ability to move older images to a different registry with different permissions? maybe these are quay questions...")),(0,me.kt)("p",null,"We'd like to work closer with Quay, but they've been overloaded since onboarding with Red Hat. We'd love any feedback that we can get. The majority of the answers to this question would have to come from the Quay team."),(0,me.kt)("ol",{start:7},(0,me.kt)("li",{parentName:"ol"},"podman go api -- any updates around ",(0,me.kt)("a",{parentName:"li",href:"https://github.com/containers/podman/issues/6866"},"https://github.com/containers/podman/issues/6866"))),(0,me.kt)("p",null,"Brent Baude answered. The best I can say is this is on the roadmap. Brent discussed that we've been bug fixing mostly as of late, but that it is on our road map."),(0,me.kt)("ol",{start:8},(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Do you folks plan on publishing a public road map that shows community and Red Hat needs/wants for features/bug?"),(0,me.kt)("p",{parentName:"li"},"Scott is working on this for the RHEL side of things. Brent is using Jira for our \"internal\" work. He'd like to share the Jira cards, but he's not sure about the timing of getting them done. Dusty suggested on grouping which are near term items vs more future items."))),(0,me.kt)("h2",{id:"topics-for-next-meeting"},"Topics for Next Meeting"),(0,me.kt)("p",null,"Is support for different logging drivers is on the road map in the future?"),(0,me.kt)("p",null,"What Red Hat Thinks - Design directions - Brent Baude"),(0,me.kt)("p",null,"I could do a summary of boot2podman/podman-machine (basically a varlink post-mortem) - Anders Bj\xf6rklund (Sold! and thanks!)\nCurrently involved in a little project to make a vagrant shell wrapper similar to it."),(0,me.kt)("h2",{id:"next-meeting-tuesday-november-3-2020-1100-am-eastern"},"Next Meeting: Tuesday, November 3, 2020, 11:00 a.m. Eastern"),(0,me.kt)("h2",{id:"bluejeans-chat-raw-copypaste"},"BlueJeans Chat raw copy/paste:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Christian Felder10:57 AM\nHi, this is Christian from Munich\nReinhard Tartler10:57 AM\nHi, this is Reinhard from New York!\nAlex Litvak10:57 AM\nHi this is Alex from Chicago\nMe10:58 AM\nHowdy All! Tom from Leominster, MA. We'll be starting shortly\nLokesh S Mandvekar11:00 AM\nHello everyone\nnice to put faces to some of the names finally :)\nGreg Shomo11:00 AM\nhello, world\nJoe Doss (jdoss)11:00 AM\nHello! Joe Doss from Chicago I work for DEV Community Inc https://dev.to / forem.com\nDusty Mabe11:01 AM\nhey All, I'm Dusty Mabe - work for Red Hat on Fedora CoreOS and RHCOS. Good to meet everyone.\nMe11:01 AM\nMeeting Notes: https://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\nmanish11:02 AM\nhello , i am manish\nMe11:02 AM\nPlease add yourself to the attendees list if I didn't get you there.\nafbjorklund11:04 AM\nI am Anders Bj\xf6rklund, and I was doing boot2podman. Might have to drop out today since I am joining from car\nBalamurugan11:08 AM\nyes\nDusty Mabe11:09 AM\nthere can be only one Dan\nLokesh S Mandvekar11:15 AM\n@tom: ManIsh, not ManUsh\nScott McCarty11:15 AM\nMight be worth sharing with this group. Red Hat has a community program called Red Hat Accelerators which gives you access to Red Hat engineering and leadership. I believe it was just announced today: https://access.redhat.com/accelerators#overview\nReinhard Tartler11:17 AM\nHi, I'm Reinhard, long-term Debian and Ubuntu Core Developer (13 years), and I've integrated podman 2.0.6 into the upcoming Debian 11 and Ubuntu 20.10 releases. I'm located in New York and work at Bloomberg leading a team working on a firmwide integration build system\nBrent Baude11:17 AM\n@Reinhard, please to meet you\nScott McCarty11:20 AM\n@Reinhard, that is super exciting to hear!\nLokesh S Mandvekar11:21 AM\nthanks a ton Reinhard :)\nJoe Doss (jdoss)11:24 AM\nAny plans for improved systemd integration with rootless?\nBrent Baude11:25 AM\nid encourage you to ask ... and specify what exactly you want\nJoe Doss (jdoss)11:25 AM\nSpecifically running systemd units with the User= directive calling podman rootless.\nJA11:27 AM\nCould you elaborate on the timing of integration of podman 2.x and 3.x into certain RHEL 8.x releases?\nmheon11:27 AM\n@JA - Podman 2.0 is 8.3.0, Podman 2.1 in 8.3.1\nNot sure about 3.0 yet - perhaps 8.4.0 if we make the deadline there\nReinhard Tartler11:28 AM\nQ: What versions of podman/buildah/skopeo can we expect to end up in RHEL7 (RHEL8)? - I'm asking because I need to decide what version to integrate for Debian 11, and would love to hear some opinions.\nChristian Felder11:29 AM\nfollow up on JA's question. Will this go into another module stream though?\nmheon11:30 AM\n@Reinhard - RHEL7 is now frozen on 1.6.4\nRHEL8 has two streams, one rolling steadily to the latest release, one with long-term-support releases\nBalamurugan11:30 AM\nwhat is the latest podman stable release for rhel 8.2\nDouglas11:30 AM\nHey Tom, what's the current status of running kind on top of podman?\nmheon11:31 AM\nTragically, the 2.0 module does not have Podman 2.0\nWe may have made a naming error, there...\nChristian Felder11:32 AM\nalright, to get the latest stuf just stay on rhel8 stream though\nmheon11:33 AM\n@Douglas - RHEL 8.2 has 1.6.4 in both streams. 8.2.1 has the fast-moving stream upgraded from 1.6.4 to 1.9.3\n@Christian - yes, RHEL8 stream is rolling to the latest\nChristian Felder11:33 AM\nthanks\nReinhard Tartler11:34 AM\nI'd love to see the Debian images added to the \"well-known\" list :-)\nDouglas11:34 AM\nnot sure if I follow mheon :(\nmy question is regarding kind - kubernetes\nmheon11:35 AM\nOh, sorry, replied to the wrong person\nThat was re: Balamurugan\nDouglas11:35 AM\nno worries\nAlex Litvak11:35 AM\nReinhard, is there a chance of podman backported to 20.04 LTS on ubuntu ?\nBalamurugan11:35 AM\nthanks @mheon\nAlex Litvak11:36 AM\nspeaking of a package of course\nDouglas11:39 AM\nthanks. Going to retest in a fresh git clone.\nmanish11:40 AM\ngvisor with podman.? is possible near future?\nBrent Baude11:41 AM\n@Tom, can I ask questions?\nmheon11:41 AM\n@manish - Should work fine as root. Rootless would require support from the gvisor folks\nJust need to add it as a runtime to containers.conf\nAlex Litvak11:42 AM\nany comments on the future logging support similar to docker?\nmanish11:43 AM\nthanks mheon.\nJA11:43 AM\nDoes the podman team work with the Quay team about registry interactions - access control features? ability to move older images to a different registry with different permissions? maybe these are quay questions...\nDrew Bailey11:43 AM\npodman go api -- any updates around https://github.com/containers/podman/issues/6866\nBrent Baude11:44 AM\nDrew, let's sdiscuss now!\nJoe Doss (jdoss)11:48 AM\nDo you folks plan on publishing a pubic road map that shows community and Red Hat needs/wants for features/bug?\nMe11:48 AM\nTopics for next time? Please add to: https://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\nDrew Bailey11:52 AM\n\ud83d\udc4d awesome thanks, will help us get off varlink :D\nJoe Doss (jdoss)11:57 AM\nI think it would be nice for the community to have insights into what is important for the RH Podman Team and maybe the community can help. Also design direction within the roadmap would help inform community help.\nhelp guide community help**\nJoe Doss (jdoss)11:59 AM\nWe can help if we know what direction you folks want to go.\nSally O'Malley11:59 AM\nthank you everyone! i have to drop - see you all next month\nBrent Baude11:59 AM\njoe you are exactly correct.\nmanish12:00 PM\nthanks :)\nJoe Doss (jdoss)12:00 PM\nGreat call and turnout!\nValentin Rothberg12:00 PM\nThanks for joining, all!\n")))}we.isMDXComponent=!0;const fe={},be="Podman Community Meeting",ve=[{value:"April 6, 2021 08:00 p.m. Eastern (UTC-4)",id:"april-6-2021-0800-pm-eastern-utc-4",level:2},{value:"Attendees (18 total)",id:"attendees-18-total",level:3},{value:"Meeting Start: 8:00 p.m.",id:"meeting-start-800-pm",level:2},{value:"BlueJeans Recording",id:"bluejeans-recording",level:3},{value:"Podman Commit Topic Standards",id:"podman-commit-topic-standards",level:2},{value:"Matt Heon",id:"matt-heon",level:3},{value:"(2:17 in the video)",id:"217-in-the-video",level:4},{value:"Podman v3.1 Preview",id:"podman-v31-preview",level:2},{value:"Matt Heon",id:"matt-heon-1",level:3},{value:"(3:00 in the video)",id:"300-in-the-video",level:4},{value:"U volume flag to chown source volumes",id:"u-volume-flag-to-chown-source-volumes",level:2},{value:"Eduardo Vega",id:"eduardo-vega",level:3},{value:"(6:58 in the video)",id:"658-in-the-video",level:4},{value:"Demo (8:30 in the video)",id:"demo-830-in-the-video",level:5},{value:"Podman on Mac Preview",id:"podman-on-mac-preview",level:2},{value:"Brent Baude/Ashley Cui",id:"brent-baudeashley-cui",level:3},{value:"(15:20 in the video)",id:"1520-in-the-video",level:4},{value:"Demo (19:22 in the video)",id:"demo-1922-in-the-video",level:5},{value:"Questions?",id:"questions",level:2},{value:"(35:00) in the video)",id:"3500-in-the-video",level:4},{value:"Topics for Next Meeting",id:"topics-for-next-meeting",level:2},{value:"Next Meeting: Tuesday May 4, 2021, 11:00 a.m. Eastern (UTC-4)",id:"next-meeting-tuesday-may-4-2021-1100-am-eastern-utc-4",level:2},{value:"Meeting End: 8:43 p.m. Eastern (UTC-4)",id:"meeting-end-843-pm-eastern-utc-4",level:3},{value:"BlueJeans Chat copy/paste:",id:"bluejeans-chat-copypaste",level:2}],Me={toc:ve},Ae="wrapper";function Ie(e){let{components:t,...n}=e;return(0,me.kt)(Ae,(0,K.Z)({},Me,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-meeting"},"Podman Community Meeting"),(0,me.kt)("h2",{id:"april-6-2021-0800-pm-eastern-utc-4"},"April 6, 2021 08:00 p.m. Eastern (UTC-4)"),(0,me.kt)("h3",{id:"attendees-18-total"},"Attendees (18 total)"),(0,me.kt)("p",null,"Tom Sweeney, Brent Baude, Jhon Honce, Dan Walsh, Chris Evich, Lokesh Mandvekar, Urvashi Mohnani, Nalin Dahyabhai, Eduardo Santiago, Matt Heon, Ashley Cui, Sumantro Mukherjee, Scott McCarty, Shion Tanaka, Juanje Ojeda, Edward Shen, Reinhard Tartler"),(0,me.kt)("h2",{id:"meeting-start-800-pm"},"Meeting Start: 8:00 p.m."),(0,me.kt)("h3",{id:"bluejeans-recording"},"BlueJeans ",(0,me.kt)("a",{parentName:"h3",href:"https://bluejeans.com/s/@f3vA2PsK7a"},"Recording")),(0,me.kt)("h2",{id:"podman-commit-topic-standards"},"Podman Commit Topic Standards"),(0,me.kt)("h3",{id:"matt-heon"},"Matt Heon"),(0,me.kt)("h4",{id:"217-in-the-video"},"(2:17 in the video)"),(0,me.kt)("p",null,"If you're fixing a bug or an issue, please include a link to the commit message or at least in a comment."),(0,me.kt)("h2",{id:"podman-v31-preview"},"Podman v3.1 Preview"),(0,me.kt)("h3",{id:"matt-heon-1"},"Matt Heon"),(0,me.kt)("h4",{id:"300-in-the-video"},"(3:00 in the video)"),(0,me.kt)("p",null,"Matt pulled up the release notes (",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/blob/main/RELEASE_NOTES.md"},"https://github.com/containers/podman/blob/main/RELEASE_NOTES.md"),"). Matt likes to get rleases out every 6 to 8 weeks"),(0,me.kt)("p",null,"Added secrets, although not with crypto, manifest commands and prune have been added. The Podman copy command has been reworked heavily by Valentin Rothberg. Now you can copy to directories too now. You should now be able to copy anywhere in a container."),(0,me.kt)("p",null,"Also added U option for mounting volumes."),(0,me.kt)("p",null,"Matt then went over a number of bugs/issues about 50, with many fixes from the community and a small CVE."),(0,me.kt)("p",null,"More significant work in the next release coming up in"),(0,me.kt)("h2",{id:"u-volume-flag-to-chown-source-volumes"},"U volume flag to chown source volumes"),(0,me.kt)("h3",{id:"eduardo-vega"},"Eduardo Vega"),(0,me.kt)("h4",{id:"658-in-the-video"},"(6:58 in the video)"),(0,me.kt)("p",null,(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman.io/blob/main/community/meeting/notes/2021-04-06/Podman-U-Volume-Opt-06_04_2021.pptx"},"slides")),(0,me.kt)("p",null,"New Volume option."),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Podman create and Podman run with --volume."),(0,me.kt)("li",{parentName:"ul"},'"U" uppercase letter is the new option'),(0,me.kt)("li",{parentName:"ul"},"Changes ownership of source volumes on the host.",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"Based on the container owners uid and gid and maps those to th host."),(0,me.kt)("li",{parentName:"ul"},"The container and the volume will have the same owners")))),(0,me.kt)("h5",{id:"demo-830-in-the-video"},"Demo (8:30 in the video)"),(0,me.kt)("p",null,"podman run -it -v /tmp/data01:/data:Z --user 998:998 fedora sh"),(0,me.kt)("p",null,"This showed that the wrong user (root) owned directories in the container."),(0,me.kt)("p",null,"Now with 'U' added to the volume specification."),(0,me.kt)("p",null,"podman run -it -v /tmp/data01:/data:Z,U --user 998:998 fedora sh"),(0,me.kt)("p",null,"The directory and files are now owned by 998."),(0,me.kt)("p",null,"This can also be run with tmpfs volumes"),(0,me.kt)("p",null,"podman run -it --rm --tmpfs /data:Z,U --user 998:998 fedora ls -la data"),(0,me.kt)("p",null,"This also shows the directory has the right permissions. Ditto overlayfs."),(0,me.kt)("p",null,"Dan talked about some other use cases."),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Usefull when running mariadb in a container, you could volume mount /var/lib/mariadb for it with the correct permissions."),(0,me.kt)("li",{parentName:"ul"},"It's super useful for a rootless user in the usernamespace."),(0,me.kt)("li",{parentName:"ul"},"It's a really great and powerful feature that people haven't disovered yet.")),(0,me.kt)("h2",{id:"podman-on-mac-preview"},"Podman on Mac Preview"),(0,me.kt)("h3",{id:"brent-baudeashley-cui"},"Brent Baude/Ashley Cui"),(0,me.kt)("h4",{id:"1520-in-the-video"},"(15:20 in the video)"),(0,me.kt)("p",null,'Brent Baude led off. Creating a Podman on Mac using a subcommand in pocman called "machine" building upon other efforts. The code is very modular. The initial implementation is Fedora CoreOS in the vm which is configurable.'),(0,me.kt)("p",null,"Testing on X86 linux on Mac OS X8664 and aarch64."),(0,me.kt)("p",null,"Current implementation relies on qemu which currently has some platform dependencies."),(0,me.kt)("p",null,"Hurdle to resolve the networking on the VM and exposing services running in the container on the host."),(0,me.kt)("p",null,"Podman machine is upstream now and works, but no ability to expose services at this point. But you can build images and experiment with how it works."),(0,me.kt)("h5",{id:"demo-1922-in-the-video"},"Demo (19:22 in the video)"),(0,me.kt)("p",null,"Ashley did a demo running on her Mac."),(0,me.kt)("p",null,"Used the\npodman-remote machine --help command\npodman-remote machine init # pulled fedora coreos image"),(0,me.kt)("p",null,"podman-remote machine init anothername # creates with the specified name."),(0,me.kt)("p",null,"podman-remote machine ls # shows the machines create"),(0,me.kt)("p",null,"When you init the vm, it creates connections automatically."),(0,me.kt)("p",null,"podman-remote machine start # starts the VM"),(0,me.kt)("p",null,"podman-remote machine ssh podman-machine-default # sshinto the machine"),(0,me.kt)("p",null,"podman-remote pull alpine #failed with socket issue being chased."),(0,me.kt)("p",null,"Ashely tried a number of pulls and it finally worked after a number of attempts and tweaking."),(0,me.kt)("p",null,"The container runs on the VM, but you type on the Mac. It does work, but socket activation issues are being chased."),(0,me.kt)("p",null,"This is running on the Mac M1 now, and work in progress on Mac Intel based."),(0,me.kt)("p",null,"Questions on the systemd socket. The socket issue is likely due to Podman talking to systemd. Dan thinks it's fixed upstream in systemd."),(0,me.kt)("p",null,'The demo showed "podman-remote", but the final release will just be "podman".'),(0,me.kt)("p",null,'The user experience should be you would just install "podman" and everything needed will come along with that.'),(0,me.kt)("p",null,"Dan asked about install: goal user experience is\n",(0,me.kt)("inlineCode",{parentName:"p"},"brew install podman"),", ",(0,me.kt)("inlineCode",{parentName:"p"},"podman machine init"),", ",(0,me.kt)("inlineCode",{parentName:"p"},"podman machine start"),", and then you're running as if you're on a linux box."),(0,me.kt)("h2",{id:"questions"},"Questions?"),(0,me.kt)("h4",{id:"3500-in-the-video"},"(35:00) in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"What about Podman on windows? The current leaning is to use WSL2 probably Ubuntu. It's being looked at and we'd love community help."),(0,me.kt)("li",{parentName:"ol"},"Tshirts were recently available, but are not currently due to a vendoring problem. ;^("),(0,me.kt)("li",{parentName:"ol"},"For FCOS, does the machine pull stable every time? It pulls the next stream and you can use a URL if you'd like."),(0,me.kt)("li",{parentName:"ol"},"Will podman machine will work on a linux box? Yes")),(0,me.kt)("h2",{id:"topics-for-next-meeting"},"Topics for Next Meeting"),(0,me.kt)("h2",{id:"next-meeting-tuesday-may-4-2021-1100-am-eastern-utc-4"},"Next Meeting: Tuesday May 4, 2021, 11:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h3",{id:"meeting-end-843-pm-eastern-utc-4"},"Meeting End: 8:43 p.m. Eastern (UTC-4)"),(0,me.kt)("h2",{id:"bluejeans-chat-copypaste"},"BlueJeans Chat copy/paste:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Me:7:57 PM\nPlease sign in at: https://hackmd.io/fc1zraYdS0-klJ2KJcfC7w?both\nBrent Baude8:00 PM\nok, had one flicker of the power from the storm here .... three flickers and we're out\nReinhard 'siretart' Tartler8:08 PM\nFWIW, I've got the podman 3.1 package almost ready, will upload to debian/experimental later this week\nDaniel (rhatdan) Walsh8:08 PM\nThanks\nBrent Baude8:08 PM\noutstanding\njhonce8:08 PM\n@siretart Great!\nBrent Baude8:09 PM\n@siretart, maybe connect with us to make sure the latest libcap and crun are being used? we can explain.\nperhaps stay a few minutes after and we can elaborate ?\nReinhard 'siretart' Tartler8:09 PM\nsure thing!\nMatt Heon8:13 PM\nThis is *very* useful for rootless user/group mapping issues. I'm writing a blog on this right now and am definitely mentioning this.\nBrent Baude8:14 PM\n++ mheon\nMe:8:15 PM\nVery nice!\nShion Tanaka8:18 PM\nI'm interested in being able to run Podman on a Mac, since VS Code's Remote Containers feature is not available on Macs.\nsumantrom8:31 PM\nAwesome Presentation Asley, for FCOS, it pulls the latest stable everytime by default?\nsumantrom8:32 PM\nthanks!\nReinhard 'siretart' Tartler8:38 PM\nI'd love to see podman working out of the box on wsl2 and macs (at dayjob, that's what the company provides)\nawesome t-shirt. Where can I get one? :-)\nShion Tanaka8:38 PM\nThanks for the great demo!\nReinhard 'siretart' Tartler8:39 PM\n+1 -- awesome!\ndebian and ubuntu, for that matter :-)\nReinhard 'siretart' Tartler8:41 PM\nwill do\nthanks for organizing this meeting, amazing demos, really enjoyed them!\nEd8:42 PM\nGreat work, thanks!\nJuanje Ojeda8:44 PM\nGreat meeting and demos. Thanks!\nsumantrom8:44 PM\nThanks for organizing!\n\n")))}Ie.isMDXComponent=!0;const Te={},Se="Podman Community Cabal Meeting Notes",Ne=[{value:"August 19, 2021 11:00 a.m. Eastern",id:"august-19-2021-1100-am-eastern",level:2},{value:"August 19, 2021 Topics",id:"august-19-2021-topics",level:2},{value:"Open Discussion",id:"open-discussion",level:3},{value:"Meeting Notes",id:"meeting-notes",level:3},{value:"Podman v4.0 inclusions (1:22 in the video)",id:"podman-v40-inclusions-122-in-the-video",level:4},{value:"Podman on Windows (12:30 in the video)",id:"podman-on-windows-1230-in-the-video",level:4},{value:"Open discussion (39:45 in the video)",id:"open-discussion-3945-in-the-video",level:4},{value:"Next Cabal Meeting: Thursday September 16, 2021 10:00 a.m. EDT (UTC-4)",id:"next-cabal-meeting-thursday-september-16-2021-1000-am-edt-utc-4",level:3}],Ce={toc:Ne},Pe="wrapper";function xe(e){let{components:t,...n}=e;return(0,me.kt)(Pe,(0,K.Z)({},Ce,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-cabal-meeting-notes"},"Podman Community Cabal Meeting Notes"),(0,me.kt)("p",null,"Attendees (22): Tom Sweeney, Nalin Dahyabhai, Paul Holzinger, Dan WAlsh, Preethi Thomas, Valentin Rothberg, Matt Heon, Pavel Sosin, Chris Evich, Ashley Cui, Anders Bjorklund, Peter Hutn, Urvashi Mohnani, Brent Baude, Erik Bernoth, Giuseppe Scrivano, Ed Santiago, Guillaume Rose, Mehul Arora, Miloslav Trmac, Scott McCarty"),(0,me.kt)("h2",{id:"august-19-2021-1100-am-eastern"},"August 19, 2021 11:00 a.m. Eastern"),(0,me.kt)("h2",{id:"august-19-2021-topics"},"August 19, 2021 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Podman v4.0 inclusions"),(0,me.kt)("li",{parentName:"ol"},"Podman on Windows"),(0,me.kt)("li",{parentName:"ol"},"Open Discussion")),(0,me.kt)("h3",{id:"open-discussion"},"Open Discussion"),(0,me.kt)("p",null,"Save the last 15 minutes for an open floor discussion."),(0,me.kt)("h3",{id:"meeting-notes"},"Meeting Notes"),(0,me.kt)("p",null,"Video ",(0,me.kt)("a",{parentName:"p",href:"https://drive.google.com/file/d/1VOzFK0zpG4MgjQnyiGDZL3J9gMIj-msh/view"},"Recording"),"\nAttendees:"),(0,me.kt)("p",null,"Meeting start 10:05 a.m Thursday August 19, 2021"),(0,me.kt)("h4",{id:"podman-v40-inclusions-122-in-the-video"},"Podman v4.0 inclusions (1:22 in the video)"),(0,me.kt)("p",null,"Podman 4.0-dev is now upstream.\nPaul Holzinger has added a large change for Networks.\nMore performance analysis and attempting to lessen memory and CPU usage. Adopting Buildkit functionality in Buildah and thus Podman build."),(0,me.kt)("p",null,"Giuseppe is working with supporting virtual pools to retrieve just files that are not already present in local storage, to help decrease load times. It may not be Docker compatible, it may have to be OCI based only."),(0,me.kt)("p",null,"We're looking for ideas/changes that might require breaking API changes. But are hoping not to make too many at once."),(0,me.kt)("h4",{id:"podman-on-windows-1230-in-the-video"},"Podman on Windows (12:30 in the video)"),(0,me.kt)("p",null,"Currently looking into WSL possible solutions."),(0,me.kt)("p",null,"Pavel talked about his use case of using Fedora directly from the Microsoft Windows Store. Once installed, he was able to run the latest Podman on Fedora."),(0,me.kt)("p",null,"Erik asked if systemd is working? (Not likely to at the moment.) He too uses Podman on Windows and it works fine for him now."),(0,me.kt)("p",null,"WSL2 is installed on windows by default already in the latest, and then install Fedora from Microsoft store, and then Podman ran from there."),(0,me.kt)("p",null,"Docker has a GUI interface that can be used from Windows, we would probably not provide a similar out of the box."),(0,me.kt)("p",null,"If you create a container currently in Windows using the Fedora, you can't talk to the container outside of that Windows host. Something that will need looking at."),(0,me.kt)("p",null,"Fedora costs $10 for Fedora 34 distribution from the Microsoft Store."),(0,me.kt)("p",null,"Dan would like to default to just click a button somewhere once to install Podman. The issue with that is keeping it updated over time. The best case is to get the Fedora team to provide Fedora with Podman preinstalled in the Microsoft Store."),(0,me.kt)("p",null,"What should the experience be for when the podman-machine needs to be updated? What is the best case scenario? TBD."),(0,me.kt)("p",null,"Two upgrade paths in Windows per Pavel. We'd like to know how the upgrade could happen seamlessly for the end-user."),(0,me.kt)("p",null,"Docker checks the version at starti-up and then asks the user to do update. Information is stored in a small json file. They apparently do an update in a separate VM."),(0,me.kt)("p",null,"On Docker, can you do a volume mount on a Windows directory? Giuillaume says it does work."),(0,me.kt)("h4",{id:"open-discussion-3945-in-the-video"},"Open discussion (39:45 in the video)"),(0,me.kt)("p",null,"When's Podman v3.3 coming out? Hopefully Monday, Aug 23, 2021. Then we will likely be creating a Podman 3.4 for sometime later in the fall."),(0,me.kt)("p",null,"One thing to watch is that Podman v4.0 can not break Fedora 35. Fedora 36 should be in April 2022 and would be the target if we break Fedora 35, but that hopefully won't be the case."),(0,me.kt)("h3",{id:"next-cabal-meeting-thursday-september-16-2021-1000-am-edt-utc-4"},"Next Cabal Meeting: Thursday September 16, 2021 10:00 a.m. EDT (UTC-4)"),(0,me.kt)("p",null,"Raw BlueJeans:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Nalin Dahyabhai10:02 AM\nAgenda: https://hackmd.io/gQCfskDuRLm7iOsWgH2yrg\nErik Bernoth10:39 AM\nI have to go. If you do a podman on Windows issue on GH, please CC me. See you next time!\nBrent Baude10:43 AM\nhttps://www.redhat.com/sysadmin/podman-windows-wsl2\n")))}xe.isMDXComponent=!0;const De={},Be="Podman Community Meeting",Ee=[{value:"November 2, 2021 11:00 a.m. Eastern (UTC-4)",id:"november-2-2021-1100-am-eastern-utc-4",level:2},{value:"Attendees (21 total)",id:"attendees-21-total",level:3},{value:"Meeting Start: 11:03 a.m.",id:"meeting-start-1103-am",level:2},{value:"BlueJeans Recording",id:"bluejeans-recording",level:3},{value:"Buildah buildkit update",id:"buildah-buildkit-update",level:2},{value:"Aditya Rajan",id:"aditya-rajan",level:3},{value:"(2:10 in the video)",id:"210-in-the-video",level:4},{value:"Podman on Mac Status",id:"podman-on-mac-status",level:2},{value:"Ashley Cui/Brent Baude",id:"ashley-cuibrent-baude",level:3},{value:"(13:45 in the video)",id:"1345-in-the-video",level:4},{value:"netavark update",id:"netavark-update",level:2},{value:"Matt Heon/Brent Baude",id:"matt-heonbrent-baude",level:3},{value:"(15:44 in the video) 23",id:"1544-in-the-video-23",level:4},{value:"Open Forum/Questions?",id:"open-forumquestions",level:2},{value:"(18:15) in the video)",id:"1815-in-the-video",level:4},{value:"Topics for Next Meeting",id:"topics-for-next-meeting",level:2},{value:"Next Meeting: Tuesday December 7, 2021, 11:00 a.m. Eastern (UTC-5)",id:"next-meeting-tuesday-december-7-2021-1100-am-eastern-utc-5",level:2},{value:"Next Cabal Meeting: Thursday November 18, 2021, 10:00 a.m. Eastern (UTC-5)",id:"next-cabal-meeting-thursday-november-18-2021-1000-am-eastern-utc-5",level:2},{value:"Meeting End: 11: a.m. Eastern (UTC-4)",id:"meeting-end-11-am-eastern-utc-4",level:3},{value:"BlueJeans Chat copy/paste:",id:"bluejeans-chat-copypaste",level:2}],We={toc:Ee},je="wrapper";function Le(e){let{components:t,...n}=e;return(0,me.kt)(je,(0,K.Z)({},We,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-meeting"},"Podman Community Meeting"),(0,me.kt)("h2",{id:"november-2-2021-1100-am-eastern-utc-4"},"November 2, 2021 11:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h3",{id:"attendees-21-total"},"Attendees (21 total)"),(0,me.kt)("p",null,"Tom Sweeney, Jhon Honce, Chris Evich, Urvashi Mohnani, Matt Heon, Erik Bernoth, Chris Evich, Scott McCarty, Anders Bj\xf6rklund, Lokesh Mandvekar, Ashley Cui, Brent Baude, Aditya Rajan, Giuseppe Scrivan, Miloslav Trma\u010d, Rudolf Vesely, Shion Tanaka, Christian Felder"),(0,me.kt)("h2",{id:"meeting-start-1103-am"},"Meeting Start: 11:03 a.m."),(0,me.kt)("h3",{id:"bluejeans-recording"},"BlueJeans ",(0,me.kt)("a",{parentName:"h3",href:"https://bluejeans.com/s/bhRBWYOh02V"},"Recording")),(0,me.kt)("h2",{id:"buildah-buildkit-update"},"Buildah buildkit update"),(0,me.kt)("h3",{id:"aditya-rajan"},"Aditya Rajan"),(0,me.kt)("h4",{id:"210-in-the-video"},"(2:10 in the video)"),(0,me.kt)("p",null,"There are features in buildkit that are not in Buildah. New features added include --mount=type-bind, which allows performing a bind mount and scoped to current RUN statements.\nYou can also mount by stages if you would like. This is in upstream now and will be in Podman in the near future."),(0,me.kt)("p",null,"The other feature added is --mount=type=cache. This adds support for persistent caching across builds. So it could be used by other images other than the one being built."),(0,me.kt)("p",null,"Another is --mount=type=tmpfs which allows a user to mount a chunk of volatile memory instead of a persistent storage device. It looks like an actual disk for the build, but it's only temporary and doesn't persist after the build completes."),(0,me.kt)("p",null,"This is upstream in Buildah now, will likely be in Buildah v1.24.","*"," and higher and Podman v4.0. Both will be out by early next year."),(0,me.kt)("p",null,"Demo (7:11 in the video)"),(0,me.kt)("p",null,"A feature to skip stages is underway but not complete."),(0,me.kt)("p",null,"Is it possible by using --mount-type=cache to prevent a rogue/misguided Containerfile from using a cache that it should not use? We have the option to segregate cache but no way to avoid other builds from using it. Something Aditya will look into it."),(0,me.kt)("h2",{id:"podman-on-mac-status"},"Podman on Mac Status"),(0,me.kt)("h3",{id:"ashley-cuibrent-baude"},"Ashley Cui/Brent Baude"),(0,me.kt)("h4",{id:"1345-in-the-video"},"(13:45 in the video)"),(0,me.kt)("p",null,"DEMO (14:00 in the video)"),(0,me.kt)("p",null,"Ashley showed several mockups for the new Mac interface. They show the machines available and then the ability to start/stop them. She's been looking into doing this with Swift."),(0,me.kt)("p",null,"Brent noted that we're working on volumes, the Docker socket, and other sockets. In addition, rootful and rootless. The big issue with the volume mount is if you use a bind mount, it's mounted in the VM rather than the host machine itself."),(0,me.kt)("p",null,"Would it make sense to implement the GUI with Qt? Isn\u2019t Swift just available for the Mac? Yes, for now, looking at POC, then thinking about figuring out what to do with Windows. Things work well on WSL there now, and it runs in Linux there."),(0,me.kt)("h2",{id:"netavark-update"},"netavark update"),(0,me.kt)("h3",{id:"matt-heonbrent-baude"},"Matt Heon/Brent Baude"),(0,me.kt)("h4",{id:"1544-in-the-video-23"},"(15:44 in the video) 23"),(0,me.kt)("p",null,"The ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/netavark"},"netavark")," project is a new project and replaces CNI plugins. Podman would call this with JSON input, and it would handle network setup, firewalls, etc. Being written in RUST and have a basic piece of code running today for a typical setup except the JSON response and firewall rules."),(0,me.kt)("p",null,"We're doing this mainly to get the ipv6 support and DNS in play. The DNS piece will not be in place for the initial Podman v4.0 release but a later release. The team feels this will be a more supportable layer for the network."),(0,me.kt)("p",null,"The team is happy to have RUST experts come in and contribute."),(0,me.kt)("p",null,"How to understand netavark? Take a look at what CNI is doing under the covers, and that's being emulated/replaced? Also, a decent understanding of network concepts."),(0,me.kt)("p",null,"We will be supporting firewalld as a backend to support firewall tables."),(0,me.kt)("h2",{id:"open-forumquestions"},"Open Forum/Questions?"),(0,me.kt)("h4",{id:"1815-in-the-video"},"(18:15) in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Podman on Windows priority? Lower on the priority list as the WSL solution is pretty solid now. But something we're looking into.")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"IRC slack connections: ",(0,me.kt)("a",{parentName:"p",href:"https://podman.io/community/#slack-irc-matrix-and-discord"},"https://podman.io/community/#slack-irc-matrix-and-discord"))),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"We should use an interface approach for the volume drivers work per Anders. The issue now is the machine configuration is in containers/common, and that can be a bit of a dance. Brent and Anders have been looking into a few options, including ssh. There are other things they're looking at that have better speed but not as much functionality. For the ssh solution, playing with the crypto levels might help with speed."))),(0,me.kt)("h2",{id:"topics-for-next-meeting"},"Topics for Next Meeting"),(0,me.kt)("h2",{id:"next-meeting-tuesday-december-7-2021-1100-am-eastern-utc-5"},"Next Meeting: Tuesday December 7, 2021, 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h2",{id:"next-cabal-meeting-thursday-november-18-2021-1000-am-eastern-utc-5"},"Next Cabal Meeting: Thursday November 18, 2021, 10:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h3",{id:"meeting-end-11-am-eastern-utc-4"},"Meeting End: 11: a.m. Eastern (UTC-4)"),(0,me.kt)("h2",{id:"bluejeans-chat-copypaste"},"BlueJeans Chat copy/paste:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Me11:01 AM\nhttps://hackmd.io/fc1zraYdS0-klJ2KJcfC7w?both\nMiloslav Trmac11:13 AM\nIs there some scoping mechanism to the --mount-type=cache, so that a rogue/misguided Containerfile can't use a cache it shouldn't be using?\nMatt Heon11:19 AM\nMounting the Docker socket?\nChristian Felder11:21 AM\nWouldn't it make sense to implement the GUI with e.g. Qt? Isn't Swift just available for Mac?\nAnders Bj\xf6rklund11:21 AM\nI halted the Qt GUI fo rnow\nhttps://github.com/afbjorklund/podman-systray\nChristian Felder11:22 AM\nOk, I just thought about having the same GUI for Windows... So you wouldn't need to reimplement it\nAnders Bj\xf6rklund11:23 AM\nPodman doesn't really work on Windows, only on WSL (Linux)\nChristian Felder11:23 AM\nOk, thanks\nAnders Bj\xf6rklund11:23 AM\nbut I suppose you could run `wsl podman` or something\nbaude11:23 AM\nhttps://github.com/containers/netavark\nShion Tanaka11:27 AM\nIs there any other knowledge I should know to understand netavark?\nShion Tanaka11:29 AM\nOK,thanks!\nbaude11:30 AM\ncatching us on irc or the matrix bridge is probably the best approach for that\nLokesh Mandvekar11:31 AM\nhttps://podman.io/community/#slack-irc-matrix-and-discord\n\n")))}Le.isMDXComponent=!0;const He={},Re="Podman Community Meeting",Je=[{value:"February 1, 2021 11:00 a.m. Eastern (UTC-5)",id:"february-1-2021-1100-am-eastern-utc-5",level:2},{value:"Attendees (26 total)",id:"attendees-26-total",level:3},{value:"Meeting Start: 11:02 a.m. EST",id:"meeting-start-1102-am-est",level:2},{value:"BlueJeans Recording",id:"bluejeans-recording",level:3},{value:"Container Plumbing Days",id:"container-plumbing-days",level:2},{value:"Tom Sweeney",id:"tom-sweeney",level:3},{value:"(1:23 in the video)",id:"123-in-the-video",level:4},{value:"Podman on Windows Demo",id:"podman-on-windows-demo",level:2},{value:"Jason Greene",id:"jason-greene",level:3},{value:"(2:14 in the video)",id:"214-in-the-video",level:4},{value:"Podman Network",id:"podman-network",level:2},{value:"Matt Heon",id:"matt-heon",level:3},{value:"(19:15 in the video)",id:"1915-in-the-video",level:4},{value:"Open Forum/Questions?",id:"open-forumquestions",level:2},{value:"(26:53) in the video)",id:"2653-in-the-video",level:4},{value:"Podman Desktop Companion Demo",id:"podman-desktop-companion-demo",level:2},{value:"Ionut Stoicia",id:"ionut-stoicia",level:3},{value:"(34:27 in the video)",id:"3427-in-the-video",level:4},{value:"Easter Egg",id:"easter-egg",level:2},{value:"Topics for Next Meeting",id:"topics-for-next-meeting",level:2},{value:"Next Meeting: Tuesday April 5, 2021, 11:00 a.m. Eastern (UTC-4)",id:"next-meeting-tuesday-april-5-2021-1100-am-eastern-utc-4",level:2},{value:"Next Cabal Meeting: Thursday February 17, 2021, 11:00 a.m. Eastern (UTC-5)",id:"next-cabal-meeting-thursday-february-17-2021-1100-am-eastern-utc-5",level:2},{value:"Meeting End: 11:51 a.m. Eastern (UTC-5)",id:"meeting-end-1151-am-eastern-utc-5",level:3},{value:"BlueJeans Chat copy/paste:",id:"bluejeans-chat-copypaste",level:2}],Oe={toc:Je},Fe="wrapper";function Ge(e){let{components:t,...n}=e;return(0,me.kt)(Fe,(0,K.Z)({},Oe,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-meeting"},"Podman Community Meeting"),(0,me.kt)("h2",{id:"february-1-2021-1100-am-eastern-utc-5"},"February 1, 2021 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h3",{id:"attendees-26-total"},"Attendees (26 total)"),(0,me.kt)("p",null,"Tom Sweeney, Jhon Honce, Chris Evich, Urvashi Mohnani, Matt Heon, Chris Evich, Anders Bj\xf6rklund, Ashley Cui, Aditya Rajan, Eduardo Santiago, Valentin Rothberg, Paul Holzinger, Nalin Dahyabhai, Ionut Stoica, Jason Greene, Giuseppe Scrivano, Chris Evich, Lokesh Mandvekar, Niall Crowe"),(0,me.kt)("h2",{id:"meeting-start-1102-am-est"},"Meeting Start: 11:02 a.m. EST"),(0,me.kt)("h3",{id:"bluejeans-recording"},"BlueJeans ",(0,me.kt)("a",{parentName:"h3",href:"https://youtu.be/-dVK9CfqeNM"},"Recording")),(0,me.kt)("h2",{id:"container-plumbing-days"},"Container Plumbing Days"),(0,me.kt)("h3",{id:"tom-sweeney"},"Tom Sweeney"),(0,me.kt)("h4",{id:"123-in-the-video"},"(1:23 in the video)"),(0,me.kt)("p",null,"We are looking for speakers for the ",(0,me.kt)("a",{parentName:"p",href:"https://containerplumbing.org/speakers"},"Container Plumbing days"),". It is occurring on March 22 and 23, 2022, in the morning through early afternoon Eastern time. They are looking for all kinds of container-related topics. Check the website for more details."),(0,me.kt)("h2",{id:"podman-on-windows-demo"},"Podman on Windows Demo"),(0,me.kt)("h3",{id:"jason-greene"},"Jason Greene"),(0,me.kt)("h4",{id:"214-in-the-video"},"(2:14 in the video)"),(0,me.kt)("p",null,"API event forwarding is working and demonstrated that."),(0,me.kt)("p",null,"Jason started a machine on Windows under WSL. If you're using typical Docker, it expects a pipe to be opened, and Podman can now talk to that same pipe."),(0,me.kt)("p",null,"He did a number of Docker commands that ran under Podman."),(0,me.kt)("p",null,"The ",(0,me.kt)("inlineCode",{parentName:"p"},"podman machine start other")," will allow for multiple instances of podman to run on the Windows machine. If you do ",(0,me.kt)("inlineCode",{parentName:"p"},"podman ps"),', it will show only the "other machine" instances, but you can hop back to the original and see the ones running under that machine.'),(0,me.kt)("p",null,"Podman machine is starting a separate API forwarding service, and it's hooked into the windows event logging system. It's not running using .NET, but some of the .NET tools."),(0,me.kt)("p",null,"The proxy is called win-sshproxy by default."),(0,me.kt)("p",null,"He's exporting the root socket to pull this off to allow the Docker APIs to work with this. WSL is running under the user's identity, so not a security vulnerability."),(0,me.kt)("p",null,"This is all running in WSL running in the shared WSL VM. Similar to a privilged container image. It is just mapping Docker to the Podman socket."),(0,me.kt)("p",null,"Do volume mounts outside of /mnt work? i.e. /home/user/projects. That should work withing the WSL Linux environment."),(0,me.kt)("p",null,"Extend podman-py to integration with WSL podman machine windows socket."),(0,me.kt)("h2",{id:"podman-network"},"Podman Network"),(0,me.kt)("h3",{id:"matt-heon"},"Matt Heon"),(0,me.kt)("h4",{id:"1915-in-the-video"},"(19:15 in the video)"),(0,me.kt)("p",null,"A new update to the network stack. The new stack is created by ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/netavark"},"netavark")," and ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/aardvark-dns"},"aardvark-dns"),". The aardvark-dns project handles DNS, netavark takes care of the rest of the stack. It is undergoing extensive testing as of now."),(0,me.kt)("p",null,"Blog post soon on how to use the new stack."),(0,me.kt)("p",null,"If you upgrade from Podman v3 to Podman v4, you will continue to use CNI so you won't break. But you can configure up to the new stack as you wish."),(0,me.kt)("p",null,"Multiple IPs per container and IPv6 support will be provided."),(0,me.kt)("p",null,"Netavark is based on similar kernel facilities as CNI. It is going to be eventually be working in the firewald framework soon."),(0,me.kt)("h2",{id:"open-forumquestions"},"Open Forum/Questions?"),(0,me.kt)("h4",{id:"2653-in-the-video"},"(26:53) in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"For people using Fedora, Podman v4 will be on Fedora 36, but not Fedora 35 as it's a breaking change there. If you want Podman v4.0 on Fedora 35, you will need to install it. We're leaning towards not doing a parallel stream due to the connection issues with the Podman socket in that scenario.")),(0,me.kt)("h2",{id:"podman-desktop-companion-demo"},"Podman Desktop Companion Demo"),(0,me.kt)("h3",{id:"ionut-stoicia"},"Ionut Stoicia"),(0,me.kt)("h4",{id:"3427-in-the-video"},"(34:27 in the video)"),(0,me.kt)("p",null,"Slides - ",(0,me.kt)("a",{parentName:"p",href:"https://podman.io/community/meeting/notes/2022-02-01/Podman_Desktop_Companion.pdf"},"here")),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("p",{parentName:"li"},"Target - People wanting to learn about containers (Podman) and full-stack developers.")),(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("p",{parentName:"li"},"Goals - Look and feel the same on all operating systems with a familiar UI."),(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"This project supports Windows and macOS."))),(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("p",{parentName:"li"},"Trials - Native trial using Lazarus, GTK4, and QT."),(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"All looked good, but each had its hurdles.")))),(0,me.kt)("p",null,"At the end, Ionut went with the Electron Web APP and is still exploring. It's easy to develop/share ownership using it. Electron also handles many major OSs for an end product."),(0,me.kt)("p",null,"Immediate Goals: Windows and Mac binaries ASAP, then on to GitHub issues. Then need to advertise. Wants to take the 10 most useful scenarios in Podman and convert them to desktop demos."),(0,me.kt)("p",null,"Demo (41:50 in the video)"),(0,me.kt)("p",null,"Showed inspecting a container, secrets management space, and volumes. All were GUI driven."),(0,me.kt)("p",null,"Question: Are you looking to add build/pull images? Eventually, build functionality is not yet available though."),(0,me.kt)("p",null,"He's using the Podman API after talking with Anders. After seeing Jason's demo, Ionut thinks he can make progress there. It is handing only rootless there now. Anders had an update for Lima that will help."),(0,me.kt)("p",null,"Ionut aims for the main Podman functions to start, and he wants the project to handle as many functions as possible. Ionut intends to create a GUI that's very useful to the CI."),(0,me.kt)("p",null,"Ionut would like to include this project under ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers"},"containers"),". He will work with Brent and Dan to make that happen in the near future."),(0,me.kt)("h2",{id:"easter-egg"},"Easter Egg"),(0,me.kt)("p",null,(0,me.kt)("inlineCode",{parentName:"p"},"podman run quay.io/podman/hello")),(0,me.kt)("h2",{id:"topics-for-next-meeting"},"Topics for Next Meeting"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Sparsefile handling with Podman - Giuseppe Scrivano")),(0,me.kt)("h2",{id:"next-meeting-tuesday-april-5-2021-1100-am-eastern-utc-4"},"Next Meeting: Tuesday April 5, 2021, 11:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h2",{id:"next-cabal-meeting-thursday-february-17-2021-1100-am-eastern-utc-5"},"Next Cabal Meeting: Thursday February 17, 2021, 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h3",{id:"meeting-end-1151-am-eastern-utc-5"},"Meeting End: 11:51 a.m. Eastern (UTC-5)"),(0,me.kt)("h2",{id:"bluejeans-chat-copypaste"},"BlueJeans Chat copy/paste:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Me11:02 AM\nhttps://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\nScott McCarty11:07 AM\nI always love Jason's videos. I'm so jealous LOL\njhonce11:14 AM\nw00t!\nIonut Stoica11:18 AM\nI have one, do volume mounts that are not from /mnt work ? Let's say /home/user/Projects\nJason Greene11:21 AM\nthanks guys!\nIonut Stoica11:21 AM\nCan you guys hear me ?\nMatthew Heon11:26 AM\nWe can't, sorry\nJason Greene11:26 AM\nis netavark based on similar kernel facilities as cni?\nPaul Holzinger11:26 AM\nyes\nIonut Stoica11:26 AM\nswitching browsers\nPaul Holzinger11:27 AM\nhopefully better firewalld support soon\nJason Greene11:27 AM\nawesome thats great\nionut stoica11:28 AM\nI can see myself / test works, but you guys cannot\nI am in firefox\nAdi11:29 AM\ntry to open in a private tab of firefox\nEduardo Santiago11:29 AM\nI thought the reason for BJ was ease of publishing recordings?\nionut stoica11:30 AM\nI've created a google meeting, there it works https://meet.google.com/uvv-dzzg-cxa but wont be recorded\nbaude11:31 AM\n@Anders, can you stick behind after the meeting?\nMe11:32 AM\nIonut, let me try to stream that\nJason Greene11:37 AM\nwoohoo\njhonce11:47 AM\n:+1:\n\ud83d\udc4d\nJason Greene11:48 AM\nvery cool\nAdi11:49 AM\n\ud83d\udc4d\nJason Greene11:50 AM\nare you aiming for parity with the command line or just main tasks?\nMe11:51 AM\ndwalsh@redhat.com\nbaude11:52 AM\nplease include\nbbaude@redhat.com\nbc Dan is just going to fw it to me :)\nAnders11:53 AM\nWill stay\n")))}Ge.isMDXComponent=!0;const Ue={},Ye="Podman Community Cabal Meeting Notes",ze=[{value:"May 19, 2022 11:00 a.m. Eastern",id:"may-19-2022-1100-am-eastern",level:2},{value:"May 19, 2022 Topics",id:"may-19-2022-topics",level:2},{value:"Meeting Notes",id:"meeting-notes",level:3},{value:"Container Lock Contention - (1:10 in video) - Matt Heon",id:"container-lock-contention---110-in-video---matt-heon",level:3},{value:"Vendoring and release hygiene - (12:53 in video) - Reinhard Tartler",id:"vendoring-and-release-hygiene---1253-in-video---reinhard-tartler",level:3},{value:"Podman API specgen/create options - (24:47 in video) - Charlie Doern",id:"podman-api-specgencreate-options---2447-in-video---charlie-doern",level:3},{value:"Open discussion (: in video) - 45",id:"open-discussion--in-video---45",level:4},{value:"Next Meeting: Thursday June 16, 2022 11:00 a.m. EDT (UTC-5)",id:"next-meeting-thursday-june-16-2022-1100-am-edt-utc-5",level:3},{value:"June 16, 2022 Topics",id:"june-16-2022-topics",level:2},{value:"Next Community Meeting: Tuesday June 7, 2022 11:00 a.m. EDT (UTC-5)",id:"next-community-meeting-tuesday-june-7-2022-1100-am-edt-utc-5",level:3},{value:"Possible Topics:",id:"possible-topics",level:3}],qe={toc:ze},Ve="wrapper";function Ke(e){let{components:t,...n}=e;return(0,me.kt)(Ve,(0,K.Z)({},qe,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-cabal-meeting-notes"},"Podman Community Cabal Meeting Notes"),(0,me.kt)("p",null,"Attendees: Tom Sweeney, Matt Heon, Brent Baude, Nalin Dahyabhai, Paul Holzinger, Karthik Elango, Charlie Doern, Lokesh Mandvekar, Urvashi Mohnani, Niall Crowe, Lance Lovette, Zachariah Cavazos, Reinhard Tartler, Leon N, Dan Walsh, Valentin Rothberg, Miloslav Trmac, Mohan Bodu"),(0,me.kt)("h2",{id:"may-19-2022-1100-am-eastern"},"May 19, 2022 11:00 a.m. Eastern"),(0,me.kt)("h2",{id:"may-19-2022-topics"},"May 19, 2022 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Container Lock Contention - Matt Heon"),(0,me.kt)("li",{parentName:"ol"},"Vendoring and release hygiene - Reinhard Tartler"),(0,me.kt)("li",{parentName:"ol"},"Podman API specgen/create options - Charlie Doern")),(0,me.kt)("h3",{id:"meeting-notes"},"Meeting Notes"),(0,me.kt)("p",null,"Video ",(0,me.kt)("a",{parentName:"p",href:"https://youtu.be/G4pad4k2Az4"},"Recording")),(0,me.kt)("p",null,"Meeting start 11:02 a.m. Thursday May 19, 2022"),(0,me.kt)("h3",{id:"container-lock-contention---110-in-video---matt-heon"},"Container Lock Contention - (1:10 in video) - Matt Heon"),(0,me.kt)("p",null,"Issues that spun up the discussion ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/issues/11940"},"here:")),(0,me.kt)("p",null,"Restarting 100 containers at once does not take a trivial amount of time, and then ",(0,me.kt)("inlineCode",{parentName:"p"},"podman ps")," hangs. Most other commands hang at too. Matt is looking for suggestions. Looking for a fairness doctrine so other things can go on while restart is cranking."),(0,me.kt)("p",null,"Brent suggested looking into readlocks, but we're using glib locks, and they don't have one currently available. Having a daemon would help with lock contention, but something to avoid given our design model."),(0,me.kt)("p",null,"Podman restart goes to do 100 containers, and it does them in a particular order. At the same time, spin-off ps, it takes less time to run than restart, so it eventually hangs when it tries to ps a container that's locked due to the restart."),(0,me.kt)("p",null,"As ps refreshes the status of the container, it requires the lock to be held. If a container exited, ps writes to the database with that new info, so it can not use a read lock."),(0,me.kt)("p",null,"Potentially the code could be changed to use a read lock. Then if an update is needed, spin-off a thread to wait for the write lock."),(0,me.kt)("p",null,"Action item to look further."),(0,me.kt)("h3",{id:"vendoring-and-release-hygiene---1253-in-video---reinhard-tartler"},"Vendoring and release hygiene - (12:53 in video) - Reinhard Tartler"),(0,me.kt)("p",null,"Packaging dependencies up to Podman v4.1. Most of his time is spent on figuring out dependencies that need to be updated. The dependencies have caused problems for gzip in the past. Problems also occur when runtime-tools include features that are not available."),(0,me.kt)("p",null,"He's needed to update with a snapshot which hasn't made him very comfortable."),(0,me.kt)("p",null,"New versions haven't been released for image-spec. Dan will ping the folks in Red Hat who have the ability to merge things that Reinhard is required. ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/opencontainers/runtime-tools/issues/702"},"https://github.com/opencontainers/runtime-tools/issues/702")),(0,me.kt)("p",null,"A similar issue applies to image-spec: ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/opencontainers/image-spec/issues/918"},"https://github.com/opencontainers/image-spec/issues/918")),(0,me.kt)("p",null,"Podman 4.1 isn't stable yet as he needs to figure out what the dependencies are. It has, however, been uploaded to Debian/experimental today and is being built on the official Debian builders. Also, he needs to write upgrade notes for Podman v3.","*"," to v4.1. For instance, netavark is not currently available in Debian."),(0,me.kt)("p",null,"Brent says not having Netavark would be problematic. Not much bug fixing going on with CNI. Theoretically, nothing would break."),(0,me.kt)("p",null,"Reinhard will be looking to move Netavark to Debian. He'd love to have some volunteers, cf ",(0,me.kt)("a",{parentName:"p",href:"https://bugs.debian.org/1009713"},"https://bugs.debian.org/1009713"),". Lokesh asked about the golang packaging team requirements, and Reinhard says not much experience is not necessary. ",(0,me.kt)("a",{parentName:"p",href:"https://go-team.pages.debian.net/"},"https://go-team.pages.debian.net/")," for getting started."),(0,me.kt)("p",null,"Wants to avoid unreleased dependencies. Introducing libraries to Debian is not always a quick thing to do."),(0,me.kt)("p",null,"Going forward, we'll need to get Netavark/Aardvark into Debian long term."),(0,me.kt)("h3",{id:"podman-api-specgencreate-options---2447-in-video---charlie-doern"},"Podman API specgen/create options - (24:47 in video) - Charlie Doern"),(0,me.kt)("p",null,'Last year, Charlie rewired the infra container for pods to a "regular" container.'),(0,me.kt)("p",null,"The Issue"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Infra container was redesigned to automatically receive most of the pod options."),(0,me.kt)("li",{parentName:"ul"},"This means the infra spec is filled out with ",(0,me.kt)("inlineCode",{parentName:"li"},"cmd/podman")," before any remote calls kick in"),(0,me.kt)("li",{parentName:"ul"},"When a remote call happens, we cannot marshal the infra spec as that would expose far too many untested options to users that pods should not have"),(0,me.kt)("li",{parentName:"ul"},"This causes all of the work for infra to be undone only to be recreated again in infra within the remote handling code")),(0,me.kt)("p",null,"There's a difference in syntax that he's found. For instance, a SpecGenerator is attached for all types that have a creation process."),(0,me.kt)("p",null,"SpecGenerator was first designed for the REST API, primarily for consumption for the JSON API. It was meant to offset the parsing required in the front-end work."),(0,me.kt)("p",null,"Having a way to allow users to access infra spec in the API or a specific remote SpecGenerator."),(0,me.kt)("p",null,"Paul's concerned that sending the infra is duplicated attributes would be sent across the wire, slowing things down. We need a single source of truth. He suggests removing the attributes from the POD spec and adding them only to the infra container."),(0,me.kt)("p",null,"Matt is fine with that but thinks it's a Podman v5.0 delivery."),(0,me.kt)("p",null,"Paul suggests moving from the Pod spec and leave/move it in infra spec. That way, duplicate fields with different data won't have to be figured out. Currently, we at times ignore the infra spec."),(0,me.kt)("p",null,"So going foward, we'll remove resource limits from the pod spec and will expose the infra spec to the REST API. The downside is people would need to add the infra spec to the API."),(0,me.kt)("p",null,"Dan is suggesting a major release for next January, Valentin isn't sure that's a good idea. Dan asked if we could bump the version of the API. We also can't break versions of the API, especially a ",(0,me.kt)("inlineCode",{parentName:"p"},"-1")," to a ",(0,me.kt)("inlineCode",{parentName:"p"},"-2"),"."),(0,me.kt)("p",null,"Doing this would potentially detach the client and remote API versions. It's not a pretty thing to do, but possible. This is a real user issue."),(0,me.kt)("p",null,"A pod spec should be a container spec with additional fields. We'll need to change the infra spec too."),(0,me.kt)("h4",{id:"open-discussion--in-video---45"},"Open discussion (: in video) - 45"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Looking for major features for Podman for v4.2. One on the table is better ",(0,me.kt)("inlineCode",{parentName:"li"},"podman play kube"),", possibly sigstore, more mac/windows work, and maybe podman desktop."),(0,me.kt)("li",{parentName:"ol"},"Looking for Podman v4.1.1. to come out in the next few weeks, sometime in early June.")),(0,me.kt)("h3",{id:"next-meeting-thursday-june-16-2022-1100-am-edt-utc-5"},"Next Meeting: Thursday June 16, 2022 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h2",{id:"june-16-2022-topics"},"June 16, 2022 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"})),(0,me.kt)("h3",{id:"next-community-meeting-tuesday-june-7-2022-1100-am-edt-utc-5"},"Next Community Meeting: Tuesday June 7, 2022 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h3",{id:"possible-topics"},"Possible Topics:"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"})),(0,me.kt)("p",null,"Meeting finished 11:48 a.m."),(0,me.kt)("p",null,"Raw Meeting Chat:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"You\n11:00 AM\nhttps://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nYou\n11:03 AM\nhttps://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nMatt Heon\n11:04 AM\nhttps://github.com/containers/podman/issues/11940\n")))}Ke.isMDXComponent=!0;const Ze={},Qe="Podman Community Meeting Notes",_e=[{value:"October 4, 2022, 11:00 a.m. Eastern (UTC-5)",id:"october-4-2022-1100-am-eastern-utc-5",level:2},{value:"Attendees (24 total)",id:"attendees-24-total",level:3},{value:"Meeting Start: 11:02 a.m. EDT",id:"meeting-start-1102-am-edt",level:2},{value:"BlueJeans Recording",id:"bluejeans-recording",level:3},{value:"Distrobox Demo",id:"distrobox-demo",level:2},{value:"Luca Di Maio",id:"luca-di-maio",level:3},{value:"(1:37 in the video)",id:"137-in-the-video",level:4},{value:"Vault Test Suite",id:"vault-test-suite",level:2},{value:"Alex Scheel",id:"alex-scheel",level:3},{value:"(23:01 in the video)",id:"2301-in-the-video",level:4},{value:"Podman on Mac Installer Update",id:"podman-on-mac-installer-update",level:2},{value:"Ashley Cui",id:"ashley-cui",level:3},{value:"(42:50 in the video)",id:"4250-in-the-video",level:4},{value:"Open Forum/Questions?",id:"open-forumquestions",level:2},{value:"(44:34 in the video)",id:"4434-in-the-video",level:4},{value:"Topics for Next Meeting",id:"topics-for-next-meeting",level:2},{value:"Next Meeting: Tuesday December 6, 2022, 11:00 a.m. Eastern (UTC-4)",id:"next-meeting-tuesday-december-6-2022-1100-am-eastern-utc-4",level:2},{value:"Next Cabal Meeting: Thursday November 17, 2022, 11:00 a.m. Eastern (UTC-4)",id:"next-cabal-meeting-thursday-november-17-2022-1100-am-eastern-utc-4",level:2},{value:"Meeting End: 11:56 a.m. Eastern (UTC-4)",id:"meeting-end-1156-am-eastern-utc-4",level:3},{value:"BlueJeans Chat copy/paste:",id:"bluejeans-chat-copypaste",level:2}],Xe={toc:_e},$e="wrapper";function et(e){let{components:t,...n}=e;return(0,me.kt)($e,(0,K.Z)({},Xe,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-meeting-notes"},"Podman Community Meeting Notes"),(0,me.kt)("h2",{id:"october-4-2022-1100-am-eastern-utc-5"},"October 4, 2022, 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h3",{id:"attendees-24-total"},"Attendees (24 total)"),(0,me.kt)("p",null,"Tom Sweeney, Alex Scheel, Luca Di Maio Chris Evich, Ashley Cui, Paul Holzinger, Nalin Dahyabhai, Giuseppe Scrivano, Preethi Thomas, Lokesh Mandvekar, Charlie Doern, Matt Heon, Mark Russell, Miloslav Trmac, Urvashi Mohnani, Mohan Boddu, Mohan Bodu, Eduardo Santiago, Christian Felder, Marcin Skarbek, Lokesh Mandvekar, Marcin Skarbek, Puvi Ganeshar, Stevan Le Meur, Steve Clark, Tim deBoer,"),(0,me.kt)("h2",{id:"meeting-start-1102-am-edt"},"Meeting Start: 11:02 a.m. EDT"),(0,me.kt)("h3",{id:"bluejeans-recording"},"BlueJeans ",(0,me.kt)("a",{parentName:"h3",href:"https://www.youtube.com/watch?v=JNijOHL4_Ko"},"Recording")),(0,me.kt)("h2",{id:"distrobox-demo"},"Distrobox Demo"),(0,me.kt)("h3",{id:"luca-di-maio"},"Luca Di Maio"),(0,me.kt)("h4",{id:"137-in-the-video"},"(1:37 in the video)"),(0,me.kt)("p",null,(0,me.kt)("a",{parentName:"p",href:"https://podman.io/community/meeting/notes/2022-10-04/distrobox-presentation.pdf"},"Slides"),"\nDistrobox is a simple Posix Shell that wrap around Docker and Podman. It helps to remove the complexity of container runtimes. It is your entire userspace unbound and integrated with the base operating system"),(0,me.kt)("p",null,"Why not chroot over Podman?"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Simpler to use than pure chroot"),(0,me.kt)("li",{parentName:"ul"},"Battle-tested container engines"),(0,me.kt)("li",{parentName:"ul"},"Easy to use image management"),(0,me.kt)("li",{parentName:"ul"},"Healthy ecosystem of container images ready to use")),(0,me.kt)("p",null,"Host Integration:"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Wayland an X programs"),(0,me.kt)("li",{parentName:"ul"},"Audio"),(0,me.kt)("li",{parentName:"ul"},"SSH and GPG Agent"),(0,me.kt)("li",{parentName:"ul"},"Automatically Generate Desktop Entries"),(0,me.kt)("li",{parentName:"ul"},"Launch host's command from container and vice versa")),(0,me.kt)("p",null,"Usage"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Intuitive management commands:",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"create, enter, list, rm and stop"))),(0,me.kt)("li",{parentName:"ul"},"Utilities",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"Upgrade will keep all containers up to date"),(0,me.kt)("li",{parentName:"ul"},"ephemeral create, enter, destroy a temporary container"),(0,me.kt)("li",{parentName:"ul"},"generate-entry - create a desktop icon")))),(0,me.kt)("p",null,'Useful for "pet" containers that you don\'t want to remove/recreate all the time.'),(0,me.kt)("p",null,"Use Cases"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Immutable Desktop",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"Endless OS (",(0,me.kt)("a",{parentName:"li",href:"https://endlessos.com"},"https://endlessos.com"),")"),(0,me.kt)("li",{parentName:"ul"},"Fedora Silverblue/Kinoite (https:getfedora.org/it/silverblue/, ",(0,me.kt)("a",{parentName:"li",href:"https://kinoite.fedoraproject.org"},"https://kinoite.fedoraproject.org"),")"),(0,me.kt)("li",{parentName:"ul"},"OpenSuse MicroOS (",(0,me.kt)("a",{parentName:"li",href:"https://microos.opensuse.org"},"https://microos.opensuse.org"),")"),(0,me.kt)("li",{parentName:"ul"},"SteamOS 3 (https:github.com/ValveSoftware/SteamOS/)"))),(0,me.kt)("li",{parentName:"ul"},"Minimize base operating system",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"Less moving parts that can break"),(0,me.kt)("li",{parentName:"ul"},"Userland can be easily replaced"),(0,me.kt)("li",{parentName:"ul"},"Easier to make reproducible"))),(0,me.kt)("li",{parentName:"ul"},"Sudoless setups",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"Enterprise setups where you can't be sudo, but you need a package manager. Easy to use Podman rootless containers here."))),(0,me.kt)("li",{parentName:"ul"},"Mix and Match Distro",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"Custom kernel for abandoned hardware stuck on ancient distribution"),(0,me.kt)("li",{parentName:"ul"},"Access to the latest software on an LTS/Stable release distribution"),(0,me.kt)("li",{parentName:"ul"},"Access old software on a bleeding edge distribution: Distrobox ensures compatibility almost 10 years back in time.")))),(0,me.kt)("p",null,"Diversity"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Host compatiblity with all the major distributions"),(0,me.kt)("li",{parentName:"ul"},"Container compatibility with over 60 combinations of distributions and major versions"),(0,me.kt)("li",{parentName:"ul"},"Mix and match distributions and version to enhance software availability.")),(0,me.kt)("p",null,"Demo - (8:45 in the video)"),(0,me.kt)("p",null,"Using Distrobox, quickly setup a container and he showed what was going on within the container. Including the local system user getting to their systemctl."),(0,me.kt)("p",null,"The distrobox daemon starts in user space and can easily be used by the user who owns it."),(0,me.kt)("p",null,"Distrobox also supports rootful containers with the ",(0,me.kt)("inlineCode",{parentName:"p"},"--root")," option."),(0,me.kt)("p",null,"Flexibility comes from the Podman side and Distrobox simiplifies the Podman command line for those that don't want to fully invest, but want the container experience. It also includes a ",(0,me.kt)("inlineCode",{parentName:"p"},"--dry-run")," option to try the commands in advance."),(0,me.kt)("p",null,"Heavily inspired from containers tool box on SilverBlue, but he needed more than that offered and that was where Distrobox was born. Core concept is the same he thought it might be easier to do at the entrypoints and a few other options that have caused a divergence. Toolbox is Fedora oriented with a dedicated image for it to work, Distrobox works with a number of cloud images. Currently about 65 different images work with it, Debian, ClearLinux, Gentoo and more."),(0,me.kt)("p",null,"Running ClearLinux under Distrobox turned out to be faster than the host machine due to the ClearLinux optimizations."),(0,me.kt)("h2",{id:"vault-test-suite"},"Vault Test Suite"),(0,me.kt)("h3",{id:"alex-scheel"},"Alex Scheel"),(0,me.kt)("h4",{id:"2301-in-the-video"},"(23:01 in the video)"),(0,me.kt)("p",null,"Working for Hashicorp and working on the Vault project there."),(0,me.kt)("p",null,"Demo - (25:26 in the video)"),(0,me.kt)("p",null,"He had problems running Podman on a test suite and dove into it."),(0,me.kt)("p",null,"He uses Podman on Ubuntu currently, had run on Fedora and noticed that Docker was being run so, enabled the podman.socket in the test suite."),(0,me.kt)("p",null,"Some of his containers in Docker used a lot of memory and sometimes failed, yet when he changed to Podman that was no longer an issue."),(0,me.kt)("p",null,"He ran into timeouts with Podman due to networks that Podman were trying to use but docker-radius in the environment was ignoring the requests. He added a PR to docker-radius, but it has yet to be accepted."),(0,me.kt)("p",null,"His CI was spinning up Docker processes and that was failing in the environment too."),(0,me.kt)("p",null,"He used a big hammer and changed the entrypoing to docker-radius to sleep. Probably not optimal, but it does work."),(0,me.kt)("p",null,"He wanted to change Podman api calls to cli calls and the answer was to build a tarball. He built a way to create a context from code within the test case . Build the tarball, set it ups and send it along. So that removed the hack of doing the echo to the container writing the sleep."),(0,me.kt)("p",null,"He can spin up a Vault test cluster, issue certs, and drop it into an nginx container. That spawns a container with the particular info that Vault needs."),(0,me.kt)("p",null,"He's then able to copy the files that he needs into the containers, so they don't have to build the image each time. Especially so for certificates. Guven, they're on containers, they can run in parallel."),(0,me.kt)("p",null,"He'd like to expose the vault cluster to talk to the test containers. Future work for Alex. He's thinking that he may need to use another container to do that communication."),(0,me.kt)("h2",{id:"podman-on-mac-installer-update"},"Podman on Mac Installer Update"),(0,me.kt)("h3",{id:"ashley-cui"},"Ashley Cui"),(0,me.kt)("h4",{id:"4250-in-the-video"},"(42:50 in the video)"),(0,me.kt)("p",null,"We have a packages installer and our building packages on GitHub. Signed for all of our releases and unsigned for RCs. So no need for Brew. It's all in GitHub."),(0,me.kt)("h2",{id:"open-forumquestions"},"Open Forum/Questions?"),(0,me.kt)("h4",{id:"4434-in-the-video"},"(44:34 in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Puvi running Jenkin builds daily. Spins up containers on a cluster. Trying to move to Podman from Docker due to the Dockershim being deprecated. They're using the DOcker.socket and want to use Podman, as the socket isn't secure. They tried rootless, but it's much slower due to the network. Worked much better in rootful and dropped fuse."),(0,me.kt)("p",{parentName:"li"},"Luca suggested using a mount point which should help, but you have to watch if concurrent builds are in play."),(0,me.kt)("p",{parentName:"li"},"Puvi is trying NFS mounts, but in Amazon, he'd have to use AFS, which is slow and costly."),(0,me.kt)("p",{parentName:"li"},"Luca and Puvi discussed a number of configs to try, and that have been tried. Work ongoing."))),(0,me.kt)("h2",{id:"topics-for-next-meeting"},"Topics for Next Meeting"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"NA")),(0,me.kt)("h2",{id:"next-meeting-tuesday-december-6-2022-1100-am-eastern-utc-4"},"Next Meeting: Tuesday December 6, 2022, 11:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h2",{id:"next-cabal-meeting-thursday-november-17-2022-1100-am-eastern-utc-4"},"Next Cabal Meeting: Thursday November 17, 2022, 11:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h3",{id:"meeting-end-1156-am-eastern-utc-4"},"Meeting End: 11:56 a.m. Eastern (UTC-4)"),(0,me.kt)("h2",{id:"bluejeans-chat-copypaste"},"BlueJeans Chat copy/paste:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Me11:00 AM\nhttps://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\nMe11:06 AM\nhack md, please sign in: https://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\nMark Russell11:23 AM\nThis is super cool\nalegrey9111:23 AM\nGreat too!\nLokesh Mandvekar11:29 AM\nis it just me hearing choppy audio ?\nMark Russell11:29 AM\nseems ok here\nLokesh Mandvekar11:29 AM\nack, thanks\nAshley Cui11:47 AM\nhttps://github.com/containers/podman/releases/tag/v4.2.1\nChristian Felder11:49 AM\naarch64 is meant to be used on Apple Silicon M1?\nMatt Heon11:51 AM\n@Christian Felder Yes\nChristian Felder11:57 AM\nThanks!\nAlex Scheel - HCP11:57 AM\nThank you!\nMohan Boddu11:58 AM\nThanks!\n")))}et.isMDXComponent=!0;const tt={},nt="Podman Community Cabal Meeting Notes",at=[{value:"February 16, 2023 11:00 a.m. Eastern",id:"february-16-2023-1100-am-eastern",level:2},{value:"February 16, 2023 Topics",id:"february-16-2023-topics",level:2},{value:"Meeting Notes",id:"meeting-notes",level:3},{value:"Podman Default Network: Enable DNS by default (0:57 in the video) - Matt Heon",id:"podman-default-network-enable-dns-by-default-057-in-the-video---matt-heon",level:3},{value:"Open discussion (29:17 in the video)",id:"open-discussion-2917-in-the-video",level:4},{value:"Next Meeting: Thursday, March 16, 2023, 11:00 a.m. EDT (UTC-5)",id:"next-meeting-thursday-march-16-2023-1100-am-edt-utc-5",level:3},{value:"Possible Topics",id:"possible-topics",level:2},{value:"Next Community Meeting: Tuesday, April 4, 2023, 11:00 a.m. EDT (UTC-4)",id:"next-community-meeting-tuesday-april-4-2023-1100-am-edt-utc-4",level:3},{value:"Possible Topics:",id:"possible-topics-1",level:3}],ot={toc:at},it="wrapper";function st(e){let{components:t,...n}=e;return(0,me.kt)(it,(0,K.Z)({},ot,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-cabal-meeting-notes"},"Podman Community Cabal Meeting Notes"),(0,me.kt)("p",null,"Attendees: Matt Heon, Nalin Dahyabhai, Paul Holzinger, Lokesh Mandvekar, Valentin Rothberg, Eduardo Santiago, Giuseppe Scrivano, Aditya Rajan, Preethi Thomas, Ashley Cui, Brent Baude, Chris Evich, Urvashi Mohnani, Martin Jackson, Max Ehlers, Matthew McComas, Peter Buffon"),(0,me.kt)("h2",{id:"february-16-2023-1100-am-eastern"},"February 16, 2023 11:00 a.m. Eastern"),(0,me.kt)("h2",{id:"february-16-2023-topics"},"February 16, 2023 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Podman Default Network: Enable DNS by default - Matt Heon")),(0,me.kt)("h3",{id:"meeting-notes"},"Meeting Notes"),(0,me.kt)("p",null,"Video ",(0,me.kt)("a",{parentName:"p",href:"https://youtu.be/Rn8SKgubXQ4"},"Recording")),(0,me.kt)("p",null,"Meeting start: 11:02 a.m. Thursday, February 16, 2023"),(0,me.kt)("h3",{id:"podman-default-network-enable-dns-by-default-057-in-the-video---matt-heon"},"Podman Default Network: Enable DNS by default (0:57 in the video) - Matt Heon"),(0,me.kt)("p",null,"We currently don't currently start DNS on the container by default. So you can't talk to other containers by name."),(0,me.kt)("p",null,"The question is, going forward, should we turn it on by default?"),(0,me.kt)("p",null,"Paul thinks the concern might be having a DNS server running on each container."),(0,me.kt)("p",null,"Brent thinks this will be a performance hit as another service will need to be run, and an up/down check will need to be run also."),(0,me.kt)("p",null,'Docker compose on Podman currently runs on a network without DNS, so we may need to adjust. The "play kube" command may also need to be adjusted.'),(0,me.kt)("p",null,"DNS is complex, and the more enablement you do, the more problems that can be encountered. Brent is concerned."),(0,me.kt)("p",null,"Matt noted that only startup performance and shutdown performance that should be impacted the most. Paul thinks there may be extra latency for the first request."),(0,me.kt)("p",null,"Valentin thinks we have had enough questions from customers asking why DNS doesn't work out of the gate, that it is worth looking into."),(0,me.kt)("p",null,"Matt noted that changing the default network will be pretty trivial."),(0,me.kt)("p",null,"Giuseppe asked if there is a security concern with containers being able to use DNS. Paul thinks that we're only providing name resolution, but it's not that much different than allowing for IP communication between containers."),(0,me.kt)("p",null,"Paul thinks we should do a study of the plusses and minuses of the change and then make a decision from there. Regardless, we should make the selection process of the default network a be one-line change for ease of use."),(0,me.kt)("p",null,"Matt would like to do it as it's an advantage over what Docker does He thinks it's a straight enhancement over Docker."),(0,me.kt)("p",null,"Matt is proposing having Netavark set as default DNS to on, while CNI would remain as not defaulting to DNS."),(0,me.kt)("p",null,"The question is, should this change, if it goes forward, go into a Podman 4.","*"," release, or the Podman 5.0 release? Is it a breaking change? Paul leans towards 5.0."),(0,me.kt)("p",null,"Paul pointed out that we can't do this for CNI as it would break some functionality there."),(0,me.kt)("p",null,"The leaning is toward implementing this at Podman v5.0 and making it easily configurable."),(0,me.kt)("p",null,"Brent's concern is will the average user be able to update the conf file. He thinks it's easy to do, but finding it is sometimes hard to locate. Should we make it configurable from Podman itself? We could do a network-update command in Podman, or allow the user to configure it via a Podman command."),(0,me.kt)("p",null,"Plumbing work to happen in the near future, final switch on Podman v5.0?"),(0,me.kt)("h4",{id:"open-discussion-2917-in-the-video"},"Open discussion (29:17 in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Max asked about the WireGuard PR for Netavark.")),(0,me.kt)("p",null,(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/netavark/pull/472"},"Netavark PR")),(0,me.kt)("p",null,"We had marked it as experimental. Paul says he hasn't had the time to do a proper review due to the size and the lack of WireGuard experience."),(0,me.kt)("p",null,"Brent suggested that we might merge it, marking it as experimental, and then building some kind of gate around it."),(0,me.kt)("p",null,"Brent and Matt will review it and work to make it in. Brent asked if Paul thought there was enough documentation surrounding it, especially pointers to WireGuard itself."),(0,me.kt)("p",null,"Many thanks to Max for his contribution."),(0,me.kt)("h3",{id:"next-meeting-thursday-march-16-2023-1100-am-edt-utc-5"},"Next Meeting: Thursday, March 16, 2023, 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h2",{id:"possible-topics"},"Possible Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"})),(0,me.kt)("h3",{id:"next-community-meeting-tuesday-april-4-2023-1100-am-edt-utc-4"},"Next Community Meeting: Tuesday, April 4, 2023, 11:00 a.m. EDT (UTC-4)"),(0,me.kt)("h3",{id:"possible-topics-1"},"Possible Topics:"),(0,me.kt)("p",null,"Meeting finished 11:40 a.m."),(0,me.kt)("p",null,"Raw Meeting Chat:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"The raw chat was not captured.\n")))}st.isMDXComponent=!0;const rt={},lt="Podman Community Meeting",ht=[{value:"November 3, 2020 11:00 a.m. Eastern",id:"november-3-2020-1100-am-eastern",level:2},{value:"Attendees (36 total)",id:"attendees-36-total",level:3},{value:"Meeting Start: 11:03 a.m.",id:"meeting-start-1103-am",level:2},{value:"BlueJeans Recording",id:"bluejeans-recording",level:3},{value:"boot2podman/podman-machine",id:"boot2podmanpodman-machine",level:2},{value:"Anders Bj\xf6rklund",id:"anders-bj\xf6rklund",level:3},{value:"rise and fall of boot2podman",id:"rise-and-fall-of-boot2podman",level:4},{value:"Basically a varlink post-mortem",id:"basically-a-varlink-post-mortem",level:4},{value:"(1:40 in the video)",id:"140-in-the-video",level:5},{value:"What Red Hat Thinks - Design directions",id:"what-red-hat-thinks---design-directions",level:2},{value:"Brent Baude",id:"brent-baude",level:3},{value:"(20:55 in the video)",id:"2055-in-the-video",level:5},{value:"Short Image Name Pulling Demo",id:"short-image-name-pulling-demo",level:2},{value:"Valentin Rothberg",id:"valentin-rothberg",level:3},{value:"(27:30 in the video)",id:"2730-in-the-video",level:5},{value:"Questions?",id:"questions",level:2},{value:"Topics for Next Meeting",id:"topics-for-next-meeting",level:2},{value:"Next Meeting: Tuesday December 1, 2020, 11:00 a.m. Eastern (UTC-5)",id:"next-meeting-tuesday-december-1-2020-1100-am-eastern-utc-5",level:2},{value:"Meeting End: 12:14 p.m.",id:"meeting-end-1214-pm",level:2},{value:"BlueJeans Chat copy/paste:",id:"bluejeans-chat-copypaste",level:2}],dt={toc:ht},ut="wrapper";function mt(e){let{components:t,...n}=e;return(0,me.kt)(ut,(0,K.Z)({},dt,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-meeting"},"Podman Community Meeting"),(0,me.kt)("h2",{id:"november-3-2020-1100-am-eastern"},"November 3, 2020 11:00 a.m. Eastern"),(0,me.kt)("h3",{id:"attendees-36-total"},"Attendees (36 total)"),(0,me.kt)("p",null,"Tom Sweeney, Brent Baude, Anders Bj\xf6rklund (afbjorklund), Greg Shomo, sshnaidm, Jordan Christiansen (xordspar0), Ralf Haferkamp, Paul Holzinger, Giuseppe Scrivano, Shenghao Yang, Ashley Cui, Brett Tofel, Alex Litvak, Nalin Dahyabhai, Qi Wang, Scott McCarty, Lokesh Mandvekar, Ed Haynes, Valentin Rothberg, Christian Felder, Holger Gantikow, James Cassell, Dan Walsh, Peter Hunt, Urvashi Mohnani"),(0,me.kt)("h2",{id:"meeting-start-1103-am"},"Meeting Start: 11:03 a.m."),(0,me.kt)("h3",{id:"bluejeans-recording"},"BlueJeans ",(0,me.kt)("a",{parentName:"h3",href:"https://bluejeans.com/s/PwWkFkPIlI6"},"Recording")),(0,me.kt)("h2",{id:"boot2podmanpodman-machine"},"boot2podman/podman-machine"),(0,me.kt)("h3",{id:"anders-bj\xf6rklund"},"Anders Bj\xf6rklund"),(0,me.kt)("h4",{id:"rise-and-fall-of-boot2podman"},"rise and fall of boot2podman"),(0,me.kt)("p",null,(0,me.kt)("a",{parentName:"p",href:"https://boot2podman.github.io/"},"https://boot2podman.github.io/")),(0,me.kt)("h4",{id:"basically-a-varlink-post-mortem"},"Basically a varlink post-mortem"),(0,me.kt)("h5",{id:"140-in-the-video"},"(1:40 in the video)"),(0,me.kt)("p",null,"Anders talked about his work in containers starting with chroot to jails, to zones, to openVZ, to LX and finally to Docker. Slide Deck ",(0,me.kt)("a",{parentName:"p",href:"https://boot2podman.github.io/assets/Boot2PodmanProject.pdf"},"here"),"."),(0,me.kt)("p",null,"Within Docker, runc, containerd and Moby project."),(0,me.kt)("p",null,"What was very interesting to him was the boot2docker, a lightweight distribution based on Tiny Core Linux made specifically to run Docker containers. This was productized into the Docker toolbox."),(0,me.kt)("p",null,"Base.Tiny Core Linux which runs on multiple architectures."),(0,me.kt)("p",null,"His boot2podman project was to try and emulate boot2docker. Used a custom kernel, add-on initrd and build tools."),(0,me.kt)("p",null,"When running containers from scratch you need kernel, build, packages (runc, Podman, conmon, cni-plugins, varlink Buildah, Skopeo) and others such as ssh. Varlink was used to run remote connections for Podman."),(0,me.kt)("p",null,"Varlink tool and library talks to different interfaces and runs on a socket."),(0,me.kt)("p",null,"Machine lets you create Podman hosts on computer, it creates servers with Podman on them, then configures the Podman client to talk to them."),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Docker to Podman conversion"),(0,me.kt)("li",{parentName:"ul"},"Drop support for Swarm"),(0,me.kt)("li",{parentName:"ul"},"Add the driver for QEMU"),(0,me.kt)("li",{parentName:"ul"},"Drop support for cloud")),(0,me.kt)("p",null,"boot2docker was recently deprecated and move to unmaintained image. boot2podman also deprecated due to varlink being replaced with REST API."),(0,me.kt)("p",null,"Anders then ran a ",(0,me.kt)("a",{parentName:"p",href:"https://boot2podman.github.io/2020/11/03/boot2podman-project.html"},"demo")," ",(0,me.kt)("strong",{parentName:"p"},"(16:00 in video)"),". He does not yet have support for V2 Podman, but in the works."),(0,me.kt)("h2",{id:"what-red-hat-thinks---design-directions"},"What Red Hat Thinks - Design directions"),(0,me.kt)("h3",{id:"brent-baude"},"Brent Baude"),(0,me.kt)("h5",{id:"2055-in-the-video"},"(20:55 in the video)"),(0,me.kt)("p",null,"Determing priorities"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Resolve migration hurdles from Docker to Podman",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"Number 1 focus of the team at the moment."))),(0,me.kt)("li",{parentName:"ul"},"What are we hearing?"),(0,me.kt)("li",{parentName:"ul"},"What do we know?")),(0,me.kt)("p",null,"The following is not a commitment from Red Hat, but what we think and hope to do."),(0,me.kt)("p",null,"How we work"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Stakeholders",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"Upstream"),(0,me.kt)("li",{parentName:"ul"},"Product Management"),(0,me.kt)("li",{parentName:"ul"},"Distribution and OpenShfit"))),(0,me.kt)("li",{parentName:"ul"},"Agile driven",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"3 week sprints"))),(0,me.kt)("li",{parentName:"ul"},"Complications",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"No easy bugs"),(0,me.kt)("li",{parentName:"ul"},"Bug counts")))),(0,me.kt)("p",null,"Short Names (see next topic)"),(0,me.kt)("p",null,"Upcoming priorities."),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},'Possible now with "compatibilty" RESTful interface'),(0,me.kt)("li",{parentName:"ul"},"CI testing to prevent regressions",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"No obvious framework for using docker-py tests",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"Problems using swarm, working through that."))),(0,me.kt)("li",{parentName:"ul"},"Wrote testsuite but needs completion"))),(0,me.kt)("li",{parentName:"ul"},"Linchpin - Opens up possibilities for other applications.",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"Grype, for example, a vulnerbality scanner that uses docker-py that ran into an issue and has been addressed.")))),(0,me.kt)("p",null,"Volume plugins\n",(0,me.kt)("em",{parentName:"p"}," Ongoing requirement from users and customers\n")," Compatible with Docker"),(0,me.kt)("p",null,"Docker compose\n",(0,me.kt)("em",{parentName:"p"}," Ongoing requirement from users and customers\n")," podman-compose\n",(0,me.kt)("em",{parentName:"p"}," Getting close\n")," Podman generate and play kube is strategic future."),(0,me.kt)("p",null,"Network Alias\n",(0,me.kt)("em",{parentName:"p"}," Longstanding upstream request\n")," ",(0,me.kt)("inlineCode",{parentName:"p"},"podman run --network-alias foo1 ..."),"\n",(0,me.kt)("em",{parentName:"p"}," Wired into dnsname plugin.\n")," Backend and Frontend WIP PR's exist.\n",(0,me.kt)("em",{parentName:"p"}," Opens up network connect and disconnect.\n")," Work is ongoing and needed for docker-compose."),(0,me.kt)("p",null,"Clone (rename) containers\n",(0,me.kt)("em",{parentName:"p"}," Longstanding upstream request\n")," Challenges our architecture where container description are immutable."),(0,me.kt)("p",null,"Secrets\n",(0,me.kt)("em",{parentName:"p"},' Add "secrets" to a container\n')," Lots of open-ended questions here yet, but design meeting pending. Ashley Cui driving."),(0,me.kt)("p",null,"Mount image into container ","*"," Convenience command to allwo mounting of an image into a container in a single step."),(0,me.kt)("p",null,"Help Needed"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Keeping bugs below 200."),(0,me.kt)("li",{parentName:"ul"},"Need community to help us balance bugs and new features.\n",(0,me.kt)("em",{parentName:"li"}," Reproducers alone are very helpful!\n")," Answer questions\n",(0,me.kt)("em",{parentName:"li"}," Submit fixes\n")," Blogs"),(0,me.kt)("li",{parentName:"ul"},"RESTful compatibilty endpoint for archive"),(0,me.kt)("li",{parentName:"ul"},"Secure implementation of 'cp' for podman-remote"),(0,me.kt)("li",{parentName:"ul"},"podman-py")),(0,me.kt)("p",null,"(Note for Brent: Look into docker log drivers.)"),(0,me.kt)("h2",{id:"short-image-name-pulling-demo"},"Short Image Name Pulling Demo"),(0,me.kt)("h3",{id:"valentin-rothberg"},"Valentin Rothberg"),(0,me.kt)("h5",{id:"2730-in-the-video"},"(27:30 in the video)"),(0,me.kt)("p",null,'Valentin took over in the middle of Brent\'s talk.\n"debian" vs fully qualified "docker.io/library/debian:latest"'),(0,me.kt)("p",null,"Ambiguity when completing short names, uses /etc/containers/registries.conf to determine where to pull from."),(0,me.kt)("p",null,"Risk of hitting a malicious repository"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Depends on order of registries in list"),(0,me.kt)("li",{parentName:"ul"},"registry.fedorproject.io, ..., docker.io")),(0,me.kt)("p",null,"Solution: short name aliasing and prompting"),(0,me.kt)("p",null,(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/shortnames"},"https://github.com/containers/shortnames")," for more info."),(0,me.kt)("p",null,"Valentin ran a demo on short names."),(0,me.kt)("p",null,"This is to ship with Podman v2.2 along with a blog post describing it."),(0,me.kt)("p",null,"(A number of questions in bluejeans chat on shortnames, see below.)"),(0,me.kt)("h2",{id:"questions"},"Questions?"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Marcin Skarbek having problems starting a container in Podman v2.0.5. New issue incoming. Brent believes fixed by changes in upstream."),(0,me.kt)("li",{parentName:"ol"},"Jordan Christiansen asked about podman play kube volume support. Peter Hunt said to report an issue if problem found which he suspects there is."),(0,me.kt)("li",{parentName:"ol"},"Shenghao Yang asked about fuse-overlayfs to store in a NFS use case. The goal is to get there. Experimental now due to the uids that come into play. Long term goal is to get NFS to understand and use usernamespace safely.")),(0,me.kt)("h2",{id:"topics-for-next-meeting"},"Topics for Next Meeting"),(0,me.kt)("p",null,"None suggested, happy to take some! (",(0,me.kt)("a",{parentName:"p",href:"mailto:tsweeney@redhat.com"},"tsweeney@redhat.com"),")"),(0,me.kt)("h2",{id:"next-meeting-tuesday-december-1-2020-1100-am-eastern-utc-5"},"Next Meeting: Tuesday December 1, 2020, 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h2",{id:"meeting-end-1214-pm"},"Meeting End: 12:14 p.m."),(0,me.kt)("h2",{id:"bluejeans-chat-copypaste"},"BlueJeans Chat copy/paste:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"tsweeney10:56 AM\nHackMD for notes and questions, please sign in there at the top! https://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\nScott McCarty11:05 AM\nHello everyone!\nChristian Felder11:27 AM\nI don't want to interrupt the current session, but I've a question regarding boot2podman: If you publish a port is it published just on box or on the host as well?\nDAN (ME)11:29 AM\nWe connect via ssh tunnel, so no open ports on the VM by default.\nOther then ssh port.\nPodman v2 listens on local unix domain socket, and podman-remote uses ssh under the covers to connect to this unix domain socket.\nChristian Felder11:29 AM\nok... that's a bit different from the docker experience... if you use docker run -p it is published on the host although there is this vm behind the scenes\nafbjorklund11:30 AM\ndocker-machine opens 22 and 2376, but podman-machine does everything over 22 - although tunneled to a random local port\nDAN (ME)11:30 AM\nYou can setup Podman to listen on random ports, but we discourage this because of the security risks.\nafbjorklund11:30 AM\nthere is no publishing on the laptop, that is docker desktop rather than docker toolbox\n(when using docker-machine that was)\nmheon11:31 AM\n@Christian - ports are only published on the VM now.\nI think Dan is confusing port mapping and the API port\nDAN (ME)11:31 AM\nafbjorklund nice job on the presentation.\nafbjorklund11:31 AM\nthanks! it'll be on the blog site eventually\nDAN (ME)11:31 AM\nmheon I am talking about which port the podman socket listens on\nChristian Felder11:32 AM\nok from my experience I could telnet to a port on localhost (on the host machine) when using the docker-cli, e.g. docker run -p ...\nmheon11:32 AM\n@Dan I'm fairly certain the question is about `-p` for podman run\n@Christian - yes, that's not implemented yet\nChristian Felder11:32 AM\nalright thanks\nmheon11:33 AM\nI'd love to get it working, but there are only so many engineers on the project right now\nafbjorklund11:33 AM\nwhen you use this docker-machine/podman-machine setup, anything that you publish is available on the VM IP (rather than 127.0.0.1)\nChristian Felder11:33 AM\nthanks afbjorklund that was what i expected. I did a similar setup with podman-remote and a custom vm\nafbjorklund11:34 AM\nsome details are on https://github.com/boot2podman/machine\nAlex Litvak11:35 AM\nmissed previous speaker, will the video be posted ?\nDAN (ME)11:35 AM\nyes\nMe11:35 AM\nAlex, yes it will. At least a link on podman.io\nAlex Litvak11:35 AM\nthanks\nChristian Felder11:37 AM\ndocker.io/mariadb:latest -> docker.io/library/mariadb:latest (is the first a shortname as well?)\nmheon11:38 AM\n@Christian - It has a repository in it explicitly, so I would say no\nJames Cassell11:39 AM\ndoes it support cascading configs? can a user override only part of the system config?\nmheon11:39 AM\nI'll leave that one to Valentin\nDAN (ME)11:40 AM\nJames we will leave it to distros to choose which shortnames they want to ship by default.\nValentin Rothberg11:40 AM\n@Christian: Matt is right. docker.io/foo is a special case as Docker normalizes with library/\n@James: the registries.conf supports drop-in config files that allow to override previous entries\nDAN (ME)11:41 AM\ngithub.com/contaiers/shortnames, is just for disto based images at this point. If fedora wants to defaul mariadb to a fedora version, then this is up to fedora.\nValentin Rothberg11:41 AM\n`man containers-registries.conf.d` is the place to look\nChristian Felder11:42 AM\nI just stumbled accross this when using podman_image modules for ansible which checks for the image name because the code checks for the image name which changes when pulling from the shorter url which resolves to docker.io/library/...\nthanks for your answers\nJames Cassell11:43 AM\nthanks! drop-ins are great\nJames Cassell11:45 AM\nif docker-compose compat REST API works, does it make podman-compose irrelevant, since folks can just use the docker-compose binary to talk to podman?\nJames Cassell11:45 AM\nhttps://hackmd.io/fc1zraYdS0-klJ2KJcfC7w (reposting link from start)\nChristian11:46 AM\ndo you have an example of what won't be possible with docker-compose / docker-py ?\nmheon11:46 AM\nFor docker-py - anything in the Swarm APIs\nRenaming containers\nThose are the big two\nNetworking will have some limits for now but I think we can work through those\nAlex Litvak11:47 AM\nare docker log drivers a part ofthe picture?\nChristian11:48 AM\nthanks!\nafbjorklund11:57 AM\npodman-py, not to be confused with pypodman :-)\nmheon11:57 AM\nLesson here: Don't let engineers name things\nSagi Shnaidman11:59 AM\nYou can demonstrate podman modules for Ansible, for example :)\nafbjorklund12:00 PM\nit should be noted that minikube has support for podman, so you can use podman in order to run \"real\" kubernetes too\n(both podman v1 and v2 as of lately)\n`minikube start --driver=podman`\nGreg Shomo (Northeastern University)12:03 PM\nthank you all for your time\nErik Bernoth12:11 PM\nthanks for the greet meeting, have to leave. Bye\nafbjorklund12:13 PM\nPosted slides and demos on the boot2podman site\nMe12:13 PM\nThanks AB!\n")))}mt.isMDXComponent=!0;const ct={},pt="Podman Community Meeting",gt=[{value:"May 4, 2021 11:00 a.m. Eastern (UTC-4)",id:"may-4-2021-1100-am-eastern-utc-4",level:2},{value:"Attendees (36 total)",id:"attendees-36-total",level:3},{value:"May the Fourth be with You! - podman run --rm -it -e mode=stdout quay.io/tomsweeneyredhat/asciistarwars:latest",id:"may-the-fourth-be-with-you---podman-run---rm--it--e-modestdout-quayiotomsweeneyredhatasciistarwarslatest",level:4},{value:"Meeting Start: 11:05 a.m.",id:"meeting-start-1105-am",level:2},{value:"BlueJeans Recording",id:"bluejeans-recording",level:3},{value:"Podman and IPv6 Status",id:"podman-and-ipv6-status",level:2},{value:"Matt Heon",id:"matt-heon",level:3},{value:"(1:49 in the video)",id:"149-in-the-video",level:4},{value:"Running Docker, Podman, and even Kubernetes inside rootless Podman containers",id:"running-docker-podman-and-even-kubernetes-inside-rootless-podman-containers",level:2},{value:"Cesar Talledo - Nestybox",id:"cesar-talledo---nestybox",level:3},{value:"(5:10 in the video)",id:"510-in-the-video",level:4},{value:"Demo (20:55 in the video)",id:"demo-2055-in-the-video",level:5},{value:"Podman Python Client Demo",id:"podman-python-client-demo",level:2},{value:"Jhon Honce",id:"jhon-honce",level:3},{value:"(33:45 in the video)",id:"3345-in-the-video",level:4},{value:"Demo (40:32 in the video)",id:"demo-4032-in-the-video",level:5},{value:"Questions?",id:"questions",level:2},{value:"(47:30 in the video)",id:"4730-in-the-video",level:4},{value:"Topics for Next Meeting",id:"topics-for-next-meeting",level:2},{value:"Next Meeting: Tuesday June 1, 2021, 11:00 a.m. Eastern (UTC-4)",id:"next-meeting-tuesday-june-1-2021-1100-am-eastern-utc-4",level:2},{value:"Meeting End: 11:55 a.m. Eastern (UTC-4)",id:"meeting-end-1155-am-eastern-utc-4",level:3},{value:"BlueJeans Chat copy/paste:",id:"bluejeans-chat-copypaste",level:2}],kt={toc:gt},yt="wrapper";function wt(e){let{components:t,...n}=e;return(0,me.kt)(yt,(0,K.Z)({},kt,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-meeting"},"Podman Community Meeting"),(0,me.kt)("h2",{id:"may-4-2021-1100-am-eastern-utc-4"},"May 4, 2021 11:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h3",{id:"attendees-36-total"},"Attendees (36 total)"),(0,me.kt)("p",null,"Tom Sweeney, Brent Baude, Jhon Honce, Dan Walsh, Chris Evich, Lokesh Mandvekar, Urvashi Mohnani, Nalin Dahyabhai, Eduardo Santiago, Matt Heon, Ashley Cui, Giuseppe Scrivano, Anders Bj\xf6rklund, Paul Holzinger, Greg Shomo, Scott McCarty, Ed Haynes, Christian Felder, Eduardo Vega, Alex Litvak, Holger Gantikow"),(0,me.kt)("h4",{id:"may-the-fourth-be-with-you---podman-run---rm--it--e-modestdout-quayiotomsweeneyredhatasciistarwarslatest"},"May the Fourth be with You! - ",(0,me.kt)("inlineCode",{parentName:"h4"},"podman run --rm -it -e mode=stdout quay.io/tomsweeneyredhat/asciistarwars:latest")),(0,me.kt)("p",null,(0,me.kt)("a",{parentName:"p",href:"https://www.redhat.com/sysadmin/may-fourth-podman"},"May the 4th Article")),(0,me.kt)("h2",{id:"meeting-start-1105-am"},"Meeting Start: 11:05 a.m."),(0,me.kt)("h3",{id:"bluejeans-recording"},"BlueJeans ",(0,me.kt)("a",{parentName:"h3",href:"https://bluejeans.com/s/Qq_IsjrnOaG"},"Recording")),(0,me.kt)("h2",{id:"podman-and-ipv6-status"},"Podman and IPv6 Status"),(0,me.kt)("h3",{id:"matt-heon"},"Matt Heon"),(0,me.kt)("h4",{id:"149-in-the-video"},"(1:49 in the video)"),(0,me.kt)("p",null,"Working on improving Podman IPv6 support, the ability to set multiple static IP addresses for a cotainer, this will allow Podman to do --ip and --ipv6 on the same containers so you can have static IPs for both network types. Also work ongoing for different ip's at the same time for one container on different network types (one v4 and one v6 per network)."),(0,me.kt)("p",null,"Support being worked on to allow Podman to automatically set IPv6 as the default network. The current default network does not support IPv6 at all. Working on improving support IPv6 in ",(0,me.kt)("inlineCode",{parentName:"p"},"podman network")," so via configuration options, you'll be able to automatically assign using this command."),(0,me.kt)("p",null,"No work on IPv6 port forwarding in the next release, but sometime in the future. Looking at Podman v3.3 for delivery of the IPv6 improvements. Next relase v3.2 rc1 is being cut tomorrow."),(0,me.kt)("h2",{id:"running-docker-podman-and-even-kubernetes-inside-rootless-podman-containers"},"Running Docker, Podman, and even Kubernetes inside rootless Podman containers"),(0,me.kt)("h3",{id:"cesar-talledo---nestybox"},"Cesar Talledo - ",(0,me.kt)("a",{parentName:"h3",href:"https://www.nestybox.com/"},"Nestybox")),(0,me.kt)("h4",{id:"510-in-the-video"},"(5:10 in the video)"),(0,me.kt)("p",null,(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman.io/blob/main/community/meeting/notes/2021-05-04/sysbox-podman-community-meeting.pdf"},"slides")),(0,me.kt)("p",null,"Podman integrated to running system level software inside of rootless containers."),(0,me.kt)("p",null,"Developers of the Sysbox runtime, founders of Nestybox."),(0,me.kt)("p",null,"Enhance containers to run most workloads that run in VMs, seamlessly and with strong isolation."),(0,me.kt)("p",null,"systemd, Docker, Podman and K8s, etc are the system workloads they're looking to run, seamlessly and with strong isolation."),(0,me.kt)("p",null,"A command like ",(0,me.kt)("inlineCode",{parentName:"p"},"podman run --userns=auto:size=65536 -it any-image")," could run a container running any system, easy, powerful and secure."),(0,me.kt)("p",null,"They made the changes with sysbox-runc. Strong isolation (Linux User Namespace), Runs same workloads on VMs, seamlessly. No special images."),(0,me.kt)("p",null,"OpenSource software."),(0,me.kt)("p",null,"Features:\nUsernamespace on all containers\nfile-system ID shifting (shiftfs now, ID-mapped mounts soon)\nprocfs and sysfs virtualization\nsyscall interception\nInitial mount locking\nEasy preloading of inner container images\nSharing inner container images across Sysbox containers.\nEasy to load inner container images\nAllows for shared disk space of inner container images"),(0,me.kt)("p",null,"Limitations\nLinux only\nNeed 5.5+, Ubuntu 5.0+\n90% OCI compatible\nSets up container environments to enable it to run system software, for instance '--privilege' option won't work, but that makes sense.\nSome workloads don't run inside the containers\nIPvs, kernel module loading, etc.\nSysbox is a daemon that must run as root."),(0,me.kt)("p",null,"Tries not to get in the way of the syscalls"),(0,me.kt)("h5",{id:"demo-2055-in-the-video"},"Demo (20:55 in the video)"),(0,me.kt)("p",null,"Prefers Ubuntu, but deals with other linux."),(0,me.kt)("p",null,"systemctl start sysbox\nsudo podman run --runtime=sysbox-runc -it --rm --userns=auto:size=65536 --hostname=syscont nestybox/ubuntu-bionic-systemd-docker"),(0,me.kt)("p",null,"Showed the inside of the container with Docker already running, all inside the container."),(0,me.kt)("p",null,"Solving a container with limit to cgroup with certain memory, then that's what you should see. They want to hide as much info of the host from inside the container."),(0,me.kt)("p",null,(0,me.kt)("strong",{parentName:"p"},"Summary")),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Currently runing system sofware in containers requires\n Insecure (privileged) containers\n Complex container images and commands\n\nWe need to change this\n Enables powerful use cases for containers (beyond micro-service deployment)\n\nSysbox is a next-gen runc designed for this.\n\nEnterprises are using it to replace VMs in many scenarios.\n")),(0,me.kt)("p",null,(0,me.kt)("a",{parentName:"p",href:"https://github.com/nestybox/sysbox"},"Nestybox GitHub")),(0,me.kt)("h2",{id:"podman-python-client-demo"},"Podman Python Client Demo"),(0,me.kt)("h3",{id:"jhon-honce"},"Jhon Honce"),(0,me.kt)("h4",{id:"3345-in-the-video"},"(33:45 in the video)"),(0,me.kt)("p",null,"Python bindings are modeled after Docker py. Wanted to allow people to run their Docker py scripts."),(0,me.kt)("p",null,"Podman py is up on ",(0,me.kt)("a",{parentName:"p",href:"https://pypi.org/project/podman-py/"},"Pypi")," and ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman-py/blob/main/contrib/examples/demo.py"},"Demo")," on repo in GitHub."),(0,me.kt)("p",null,"Python Podman going through the packagin process for Fedora now, RHEL later."),(0,me.kt)("h5",{id:"demo-4032-in-the-video"},"Demo (40:32 in the video)"),(0,me.kt)("p",null,"Created a pod, and removed containers and pods that were created."),(0,me.kt)("p",null,"Showed code, craete client, shows version, api and min api. Pulled latest alpine image and created a pod and container in the pod, and then removes image, pod and containers. Then lists the images."),(0,me.kt)("p",null,"Used the unix domain socket, new Pull Requests for ssh in the works and also tcp sockets."),(0,me.kt)("p",null,"Bindings are now on par with ",(0,me.kt)("inlineCode",{parentName:"p"},"podman --remote")," for doing connections."),(0,me.kt)("p",null,"Can you run Docker py and Podman py at the same time? Yes! No locking preventing that. Can even run podman --remote through the compatibiltiy layer."),(0,me.kt)("h2",{id:"questions"},"Questions?"),(0,me.kt)("h4",{id:"4730-in-the-video"},"(47:30 in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"No questions asked.")),(0,me.kt)("h2",{id:"topics-for-next-meeting"},"Topics for Next Meeting"),(0,me.kt)("h2",{id:"next-meeting-tuesday-june-1-2021-1100-am-eastern-utc-4"},"Next Meeting: Tuesday June 1, 2021, 11:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h3",{id:"meeting-end-1155-am-eastern-utc-4"},"Meeting End: 11:55 a.m. Eastern (UTC-4)"),(0,me.kt)("h2",{id:"bluejeans-chat-copypaste"},"BlueJeans Chat copy/paste:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},'Me10:55 AM\nPlease sign in on HackMD https://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\nAnd "May the Fourt be with you!\nEdward Haynes11:19 AM\nI remember a few years ago Intel was working on "clear containers" to put very lightweight virt around each container for protection ... did this ever amount to anything?\nDan Walsh (rhatdan)11:20 AM\nEdward ClearContainers became Kata Containers, But they run with a virtualization layer, and their own kernel.\nRodny Molina11:21 AM\nhttps://github.com/nestybox/sysbox\nAlex Litvak11:21 AM\nbad audio\nDan Walsh (rhatdan)11:22 AM\nAlex it sounds fine here\nAlex Litvak11:23 AM\nsorry it look like a local problem\nAnders Bj\xf6rklund11:33 AM\nWhat is the biggest difference between this (product) and LXC ?\nRodny Molina11:34 AM\nSysbox is, by design, compatible with Docker, K8s and now Podman. LXC (and LXD) are not AFAIK.\nAnders Bj\xf6rklund11:35 AM\nSo a difference for the forward-looking but similar but for the backward-looking, got it. Thanks.\nRodny Molina11:38 AM\nEven for the backward-looking, Sysbox procfs/sysfs emulation goes further than what LXD is doing, so we believe you should be able to run many more system workloads in Sysbox when compared to LXD. To be fair, LXD has some features that we don\'t have.\nmanish11:39 AM\nnice cesar ... great project\nCesar Talledo11:39 AM\nthanks Manish!\nAnders Bj\xf6rklund11:39 AM\nWe originally used OpenVZ for this, which was how I got started with containers originally\nMatt Heon11:42 AM\nAh, wayland!\nLokesh Mandvekar11:43 AM\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1956841\njhonce11:45 AM\nssh ro-BRmMS9jtgcXdRW6eMRyH5zrQV@sfo2.tmate.io\nUwe11:55 AM\nthanx\nMe11:55 AM\nhttps://www.redhat.com/sysadmin/may-fourth-podman\n')))}wt.isMDXComponent=!0;const ft={},bt="Podman Community Meeting",vt=[{value:"September 7, 2021 11:00 a.m. Eastern (UTC-4)",id:"september-7-2021-1100-am-eastern-utc-4",level:2},{value:"Attendees (18 total)",id:"attendees-18-total",level:3},{value:"Meeting Start: 11:03 a.m.",id:"meeting-start-1103-am",level:2},{value:"BlueJeans Recording",id:"bluejeans-recording",level:3},{value:"Official Debian/Ubuntu Packages Updates",id:"official-debianubuntu-packages-updates",level:2},{value:"Reinhard Tartler/Lokesh Mandvekar",id:"reinhard-tartlerlokesh-mandvekar",level:3},{value:"(1:42 in the video)",id:"142-in-the-video",level:4},{value:"Podman machine Updates",id:"podman-machine-updates",level:2},{value:"Matt Heon",id:"matt-heon",level:3},{value:"(4:17 in the video)",id:"417-in-the-video",level:4},{value:"Containerized DNA Analysis",id:"containerized-dna-analysis",level:2},{value:"Erik Bernoth",id:"erik-bernoth",level:3},{value:"(8:27 in the video)",id:"827-in-the-video",level:4},{value:"Meeting notes from Erik:",id:"meeting-notes-from-erik",level:5},{value:"Using Podman in an IDE",id:"using-podman-in-an-ide",level:2},{value:"Chris Short",id:"chris-short",level:3},{value:"(23:14 in the video)",id:"2314-in-the-video",level:4},{value:"Open Forum/Questions?",id:"open-forumquestions",level:2},{value:"(32:52 in the video)",id:"3252-in-the-video",level:4},{value:"Topics for Next Meeting",id:"topics-for-next-meeting",level:2},{value:"Next Meeting: Tuesday October 5, 2021, 11:00 a.m. Eastern (UTC-4)",id:"next-meeting-tuesday-october-5-2021-1100-am-eastern-utc-4",level:2},{value:"Next Cabal Meeting: Thursday September 16, 2021, 10:00 a.m. Eastern (UTC-4)",id:"next-cabal-meeting-thursday-september-16-2021-1000-am-eastern-utc-4",level:2},{value:"Meeting End: 11:40 a.m. Eastern (UTC-4)",id:"meeting-end-1140-am-eastern-utc-4",level:3},{value:"BlueJeans Chat copy/paste:",id:"bluejeans-chat-copypaste",level:2}],Mt={toc:vt},At="wrapper";function It(e){let{components:t,...n}=e;return(0,me.kt)(At,(0,K.Z)({},Mt,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-meeting"},"Podman Community Meeting"),(0,me.kt)("h2",{id:"september-7-2021-1100-am-eastern-utc-4"},"September 7, 2021 11:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h3",{id:"attendees-18-total"},"Attendees (18 total)"),(0,me.kt)("p",null,"Tom Sweeney, Jhon Honce, Dan Walsh, Chris Evich, Urvashi Mohnani, Nalin Dahyabhai, Eduardo Santiago, Matt Heon, Paul Holzinger, Erik Bernoth, Charlie Doern, Chris Evich, Scott McCarty, Anders Bj\xf6rklund, Lokesh Mandvekar, Valentin Rothberg, Guillaume Rose, Rudolf Vesely"),(0,me.kt)("h2",{id:"meeting-start-1103-am"},"Meeting Start: 11:03 a.m."),(0,me.kt)("h3",{id:"bluejeans-recording"},"BlueJeans ",(0,me.kt)("a",{parentName:"h3",href:"https://bluejeans.com/s/16n3v6p@XWp/"},"Recording")),(0,me.kt)("h2",{id:"official-debianubuntu-packages-updates"},"Official Debian/Ubuntu Packages Updates"),(0,me.kt)("h3",{id:"reinhard-tartlerlokesh-mandvekar"},"Reinhard Tartler/Lokesh Mandvekar"),(0,me.kt)("h4",{id:"142-in-the-video"},"(1:42 in the video)"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Debian 11/bullseye ships with kernel 5.10 and Podman 3.0."),(0,me.kt)("li",{parentName:"ul"},"Podman 3.2 from Debian experimental also works well per Reinhard's local testing."),(0,me.kt)("li",{parentName:"ul"},'Debian "unstable" is now open for development. Work on shipping Podman 3.3 is currently underway.'),(0,me.kt)("li",{parentName:"ul"},"Upcoming Ubuntu 21.10 release will likely include podman 3.2"),(0,me.kt)("li",{parentName:"ul"},"Reinhard would like assistance with:",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"Identifying and upgrading package dependencies in Debian"),(0,me.kt)("li",{parentName:"ul"},"Filing bugs on what needs to be upgraded"),(0,me.kt)("li",{parentName:"ul"},"Preparing package uploads on the GitLab instance at salsa.debian.org"))),(0,me.kt)("li",{parentName:"ul"},"Reinhard's contact info: siretart AT debian DOT org, siretart on GitHub")),(0,me.kt)("h2",{id:"podman-machine-updates"},"Podman machine Updates"),(0,me.kt)("h3",{id:"matt-heon"},"Matt Heon"),(0,me.kt)("h4",{id:"417-in-the-video"},"(4:17 in the video)"),(0,me.kt)("p",null,"In the past few weeks, a number of significant developments in desktop containerization. Due to that, we've seen an upswing in activity due to Podman machine and Podman in general."),(0,me.kt)("p",null,"Two requests we're getting are the ability to mount a Docker compatible socket natively on the host. So you would not have to worry about sshing from your Mac or Windows machine into a Linux host."),(0,me.kt)("p",null,"The second request is volume mount, which is not handled automatically now in podman machine. Lots of discussion about this, but no clear path forward at the moment, and we're hoping to change that."),(0,me.kt)("p",null,"At the Cabal meeting next Thursday, September 15, at 10:00 a.m. EDT (UTC-4), we will be discussing the direction for Podman machine and volume mounts, and would love community involvement."),(0,me.kt)("h2",{id:"containerized-dna-analysis"},"Containerized DNA Analysis"),(0,me.kt)("h3",{id:"erik-bernoth"},"Erik Bernoth"),(0,me.kt)("h4",{id:"827-in-the-video"},"(8:27 in the video)"),(0,me.kt)("p",null,"Started a new project where friends are analyzing DNA. Looking to find out what the small markers are. In the picture, fly eyes colors are noted and can be used to denote the familial connections of the flies."),(0,me.kt)("p",null,"Showed a tutorial for one of the tools, one included the read for DNA. Showed FASTQ that showed all the data points, including metadata. From this, they get a quality marker."),(0,me.kt)("p",null,"The output shows a lot of dots and some char when there's a significant match. From this data, you can figure out if you have a mutation or not. Also, other essential markers that decide eye color and such. This takes a lot of computing power."),(0,me.kt)("p",null,"There are vertical and horizontal analyzers that are needed. There are tools used, and Erik showed a script his friend uses, which takes a lot of time and does some multiprocessing. It takes a long time to complete."),(0,me.kt)("p",null,"Can this be containerized? That's in his current project, and he is wondering if we have possible ways to containerize it. Erik would like input."),(0,me.kt)("p",null,"Looking to build a way to use Podman to containerize this."),(0,me.kt)("h5",{id:"meeting-notes-from-erik"},"Meeting notes from Erik:"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Intro ",(0,me.kt)("a",{parentName:"li",href:"https://github.com/ecerami/ecerami.github.io/blob/master/samtools_primer.md"},"sequencing data crunching process"),"."),(0,me.kt)("li",{parentName:"ol"},"YSEQ Specialty: ",(0,me.kt)("a",{parentName:"li",href:"https://www.yseq.net/product_info.php?products_id=175886"},"Whole Genome Sequence with 400 bases (WGS400)")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("a",{parentName:"li",href:"https://genomes.yseq.net/WGS/400SE/STR_examples/"},"STR Example")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("a",{parentName:"li",href:"https://gist.github.com/tkrahn/7dfc51c2bb97a6d654378a21ea0a96d4"},"BWA Pipeline")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("a",{parentName:"li",href:"https://genomes.yseq.net/WGS/400SE/16672/16672_result_summary.txt"},"Result Summary Example")," and ",(0,me.kt)("a",{parentName:"li",href:"https://genomes.yseq.net/WGS/400SE/16672/"},"Full Example (opt.)"),"\nFuture: ",(0,me.kt)("a",{parentName:"li",href:"https://genomebiology.biomedcentral.com/articles/10.1186/s13059-020-1935-5"},"Nanopore?"))),(0,me.kt)("h2",{id:"using-podman-in-an-ide"},"Using Podman in an IDE"),(0,me.kt)("h3",{id:"chris-short"},"Chris Short"),(0,me.kt)("h4",{id:"2314-in-the-video"},"(23:14 in the video)"),(0,me.kt)("p",null,(0,me.kt)("a",{parentName:"p",href:"https://drive.google.com/file/d/1Elb5Pb8z7tkKRaBnewRBvDsby2bWduza/view"},"Video")),(0,me.kt)("p",null,"Showed VSCode with the Remote Development extension installed, which he is running on his Mac. This can work on WSL/Windows too. In theory, you can create a container within it. It's looking at his local ssh config. He could be anywhere in the world and could run anything he wanted from his Linux machine."),(0,me.kt)("p",null,"He ssh's into his Linux machine from VSCode, and VSCode opens up what it needs to the machine. He now has a terminal instance from his Mac on the remote Fedora box. So he's in the IDE using a terminal on his Fedora box and can run Podman commands as needed."),(0,me.kt)("p",null,"Chris blurred out several data points for privacy reasons."),(0,me.kt)("p",null,"He then showed the website on his Mac that he had run via Podman."),(0,me.kt)("p",null,"Jhon Honce noted that we have people using the Docker plugin in VSCode to use Podman. It would be nice to get a Podman plugin at some point for VSCode."),(0,me.kt)("h2",{id:"open-forumquestions"},"Open Forum/Questions?"),(0,me.kt)("h4",{id:"3252-in-the-video"},"(32:52 in the video)"),(0,me.kt)("p",null,"Dan is trying to get Docker Security Bench translated into Podman Security Bench. A long-term project and community involvement would be great."),(0,me.kt)("p",null,(0,me.kt)("a",{parentName:"p",href:"https://discord.com/channels/852634929845239818/852634929845239824"},"Discord server")," is now up and bridged with the ",(0,me.kt)("a",{parentName:"p",href:"https://matrix.to/#/#podman:matrix.org"},"Podman Matrix room"),"."),(0,me.kt)("h2",{id:"topics-for-next-meeting"},"Topics for Next Meeting"),(0,me.kt)("p",null,"Rootless container networking - Paul Holzinger\nPodman Security Bench - Dan Walsh"),(0,me.kt)("h2",{id:"next-meeting-tuesday-october-5-2021-1100-am-eastern-utc-4"},"Next Meeting: Tuesday October 5, 2021, 11:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h2",{id:"next-cabal-meeting-thursday-september-16-2021-1000-am-eastern-utc-4"},"Next Cabal Meeting: Thursday September 16, 2021, 10:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h3",{id:"meeting-end-1140-am-eastern-utc-4"},"Meeting End: 11:40 a.m. Eastern (UTC-4)"),(0,me.kt)("h2",{id:"bluejeans-chat-copypaste"},"BlueJeans Chat copy/paste:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Me10:59 AM\nPlease sign in here; https://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\nMe11:06 AM\nI can't hear Lokesh, is it just me?\nValentin Rothberg11:06 AM\nI hear him\nDan Walsh11:06 AM\nI hear him fine\nLokesh Mandvekar11:06 AM\ni'm done\nDan Walsh11:06 AM\nTom back to you\nLokesh Mandvekar11:06 AM\ntom, back to you\nDan Walsh11:07 AM\nWe can not hear you tom\nMe11:07 AM\nMatt, please take it\nMatt Heon11:07 AM\nTom, no audio from you\ncevich11:07 AM\nI blame Tom's cat.\njhonce11:08 AM\nNetwork issues are now spreading...\nMe11:09 AM\nI can hear now, had to reset all the audio options.\nIt flicked off when I plugged my headset in\nErik Bernoth11:11 AM\nWe still can\u2019t hear you\nErik Bernoth11:27 AM\nThanks, Scott. Good to know that someone already knows some about this topic area. :)\nScott McCarty (fatherlinux)11:31 AM\nLOL, oh man I LOVED bioinformatics\nI miss that work\nMaybe that will be my retirement :-)\nLokesh Mandvekar11:39 AM\nMehul is pronounced May-houl :)\nErik Bernoth11:39 AM\nMatrix also works well from the browser btw\nScott McCarty (fatherlinux)11:40 AM\nhttps://discord.gg/sKgupVHaGg\n")))}It.isMDXComponent=!0;const Tt={},St="Podman Community Cabal Meeting Notes",Nt=[{value:"November 18, 2021 11:00 a.m. Eastern",id:"november-18-2021-1100-am-eastern",level:2},{value:"November 18, 2021 Topics",id:"november-18-2021-topics",level:2},{value:"Meeting Notes",id:"meeting-notes",level:3},{value:"Podman.io redesign ( 0:52 in video)",id:"podmanio-redesign--052-in-video",level:3},{value:"Forwarding Play Kube HTTP API ( 24:45 in video)",id:"forwarding-play-kube-http-api--2445-in-video",level:3},{value:"Adding docker.io as default to image name (30:54 in video)",id:"adding-dockerio-as-default-to-image-name-3054-in-video",level:3},{value:"Open discussion ( : in video)",id:"open-discussion---in-video",level:4},{value:"Next Meeting: Thursday December 16, 2021 11:00 a.m. EDT (UTC-5)",id:"next-meeting-thursday-december-16-2021-1100-am-edt-utc-5",level:3},{value:"Possible Topics:",id:"possible-topics",level:3}],Ct={toc:Nt},Pt="wrapper";function xt(e){let{components:t,...n}=e;return(0,me.kt)(Pt,(0,K.Z)({},Ct,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-cabal-meeting-notes"},"Podman Community Cabal Meeting Notes"),(0,me.kt)("p",null,"Attendees: Tom Sweeney, Aditya Rajan, Matt Heon, Brent Baude, Ashley Cui, Preethi Thomas, Urvashi Mohnani, Eduardo Santiago, Giuseppe Scrivano, Nalin Dahyabhai, Paul Holzinger, Anders Bj\xf6rklund, Dan Walsh, M\xe1ir\xedn Duffy, Michael Scherer, Lokesh Mandvekar, Shion Tanaka, Jhon Honce, Valentin Rothberg, Ed Haynes, Jakub Dzon, James Cassel, Mairin Duffy, Michael Scherer, Scott McCarty, Shion Tanaka, Mehul Arora,"),(0,me.kt)("h2",{id:"november-18-2021-1100-am-eastern"},"November 18, 2021 11:00 a.m. Eastern"),(0,me.kt)("h2",{id:"november-18-2021-topics"},"November 18, 2021 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Podman.io redesign - M\xe1ir\xedn Duffy"),(0,me.kt)("li",{parentName:"ol"},"Forwarding Play Kube HTTP API configmaps query parameter to the container engine - Urvashi Mohnani"),(0,me.kt)("li",{parentName:"ol"},"Discuss Adding docker.io to unqualified image name - ",(0,me.kt)("a",{parentName:"li",href:"https://github.com/containers/podman/pull/12321"},"https://github.com/containers/podman/pull/12321"))),(0,me.kt)("h3",{id:"meeting-notes"},"Meeting Notes"),(0,me.kt)("p",null,"Video ",(0,me.kt)("a",{parentName:"p",href:"https://www.youtube.com/watch?v=y9PxhYF-uNM"},"Recording")),(0,me.kt)("p",null,"Meeting start: 11:03 a.m. EST Thursday, November 18, 2021"),(0,me.kt)("h3",{id:"podmanio-redesign--052-in-video"},"Podman.io redesign ( 0:52 in video)"),(0,me.kt)("p",null,"At this link, use the dropdown in the upper left corner to page through the mockups (they aren't hooked up to be click-thru yet):\n",(0,me.kt)("a",{parentName:"p",href:"https://design.penpot.app/#/view/c1192050-2619-11ec-bdd0-f35c6ae458e9?page-id=c1192051-2619-11ec-bdd0-f35c6ae458e9&index=0&share-id=554e5be0-2b66-11ec-91a7-f08c5eccf3df"},"https://design.penpot.app/#/view/c1192050-2619-11ec-bdd0-f35c6ae458e9?page-id=c1192051-2619-11ec-bdd0-f35c6ae458e9&index=0&share-id=554e5be0-2b66-11ec-91a7-f08c5eccf3df")),(0,me.kt)("p",null,"(This is using Penpot.app, an open-source UX tool.)"),(0,me.kt)("p",null,'GTK as an example site. The main page redesign from some of Dan\'s talks and wondering to herself why would I want to use Podman? Prominent link to the docs, to GitHub, and more. The front page has the focus on "Give it a try". Then additional links to blogs and coloring books.'),(0,me.kt)("p",null,"Looking for help on how the other tools tie together on the front page."),(0,me.kt)("p",null,"Leaning toward GitHub pages using AsciiDoc with Jekyll. Might be able to use AsciiDoc to update contributing doc across projects. So you can pull sections from another project perhaps. This is a new process she's still working through."),(0,me.kt)("p",null,"Showed the community page too, including Code of Conduct, chat, meeting mailing lists. Javascript to show the time zones of the maintainers would be nice. At the bottom, showed how to submit pull requests."),(0,me.kt)("p",null,"Then she showed the Feature page, showing basic first steps. Getting Started, community page, find a page on the site similar to the one in GitHub."),(0,me.kt)("p",null,"Shows features of cockpit UI, blog posts, and coloring book."),(0,me.kt)("p",null,"Another page for folks just starting with Podman"),(0,me.kt)("p",null,"We might want to add pages for Mac, Windows, and how to use Podman on it."),(0,me.kt)("h3",{id:"forwarding-play-kube-http-api--2445-in-video"},"Forwarding Play Kube HTTP API ( 24:45 in video)"),(0,me.kt)("p",null,"PR in question: ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/pull/12243"},"https://github.com/containers/podman/pull/12243")),(0,me.kt)("p",null,"YAML is not getting cast correctly when sent. Jakub is wondering if the solution proposed to use a configmap is OK per the community. Paul asked how we should send the content to the server."),(0,me.kt)("p",null,"Currently, it is a configmap that points to files, but Jakub would like to expand."),(0,me.kt)("p",null,"Jhon likes it better as GoLang and other bindings wouldn't have to jump through many hoops. Brent thinks it's a reasonable approach along with Paul. Jakub will pursue."),(0,me.kt)("h3",{id:"adding-dockerio-as-default-to-image-name-3054-in-video"},"Adding docker.io as default to image name (30:54 in video)"),(0,me.kt)("p",null,"PR in question: ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/pull/12321"},"https://github.com/containers/podman/pull/12321")),(0,me.kt)("p",null,"Michael talked through the PR. Basically, it will add \"docker.io\" if the image doesn't have any in it. This will be the default, if fully qualified, docker.io wouldn't be added."),(0,me.kt)("p",null,"Docker does this and we're not fully compatible here. The full discussion in the PR at: ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/pull/12321#issuecomment-971412475"},"https://github.com/containers/podman/pull/12321#issuecomment-971412475")),(0,me.kt)("p",null,"Dan thinks too many people have stumbled across this and doesn't think we should have to have them go to registry.conf to set their default."),(0,me.kt)("p",null,"Valentin doesn't think we'll ever be compatible with Docker here as we allow aliases for image names. We also need to be compatible with atomic docker and it supports registries. Third, if we change this, we'll break current behavior. Fourth, a huge page to enforce docker.io due to the code structure in c/image. Valentin thinks registries.conf changes are the way to go to address this."),(0,me.kt)("p",null,"Matt proposed that we should support the docker.io use case. Docker on RHEL doesn't do this. He's suggesting adding a flag in containers.conf to toggle this between adding and not adding docker.io to the image."),(0,me.kt)("p",null,"Valentin warned this is likely to cause breaking changes in the code as changes in Buildah, Podman, Skopeo, c/image, and more."),(0,me.kt)("p",null,'If we had "docker.io compat mode" in the system context, that would be the easiest way to get the info down, but it\u2019s still not an insignificant amount of work.'),(0,me.kt)("p",null,"What's the chance of getting Moby to change their behavior? In the past, changes like that have been slow-moving."),(0,me.kt)("p",null,"Dan likes the flag idea, but Valentin is concerned that this will be a huge change for a simple idea."),(0,me.kt)("p",null,"Dan is concerned that if we don't make the change, we'll get bad feedback from users."),(0,me.kt)("p",null,"We've made decisions in the past to not be compatible in this space."),(0,me.kt)("p",null,"The consensus is that we want to do the right thing for the user, the hard part is figuring out the way to get this done. How is unknown. Brent doesn't want to implement something too large."),(0,me.kt)("p",null,'Matt doesn\'t think this will be as bad as Valentin believes. However, build will probably "bad", but create might not be too bad.'),(0,me.kt)("p",null,"The next step is to look at the compatibility library and see where the place is to do it."),(0,me.kt)("h4",{id:"open-discussion---in-video"},"Open discussion ( : in video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"None, we ran out of time.")),(0,me.kt)("h3",{id:"next-meeting-thursday-december-16-2021-1100-am-edt-utc-5"},"Next Meeting: Thursday December 16, 2021 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h3",{id:"possible-topics"},"Possible Topics:"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"})),(0,me.kt)("p",null,"Raw Meeting Chat:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Brent Baude11:01 AM\nstepping away for a minute\nYou11:01 AM\nhttps://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nValentin Rothberg11:01 AM\n@Dan: I muted you since you gave an echo\nYou11:02 AM\nhttps://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nLokesh Mandvekar11:07 AM\nnew site gonna rock\nChristopher Evich11:08 AM\nYou matched the background water perspective to the icon perspective *wow*\nAnders F Bj\xf6rklund11:08 AM\na common theme between the sites would be nice\ni.e. linking podman and cri-o\nBrent Baude11:09 AM\nare we going to talk about our blogging problem/isssue ?\nMichael Scherer11:10 AM\nOSPO team can also provides openshift hosting, we have a cluster for community project, and so that's just a question of building one or more containers (we did it for project atomic, with 3 git repo combined)\nYou11:16 AM\nhttps://www.youtube.com/channel/UCk8PKFfMXESWNXgGG5U_F_w\nyoutube channel ^^^\nLokesh Mandvekar11:16 AM\nfor IRC link..maybe we can just link to the libera's web ui OR we could just redirect them to the matrix room, call me biased :)\nValentin Rothberg11:22 AM\nA seal eating an apple :)\nUrvashi Mohnani11:28 AM\nhttps://github.com/containers/podman/pull/12243\nValentin Rothberg11:28 AM\nGreat work. I am looking forward to see it in action :)\nYou11:29 AM\nhttps://github.com/containers/podman/pull/12243\nPR under discussion\nM\xe1ir\xedn Duffy11:29 AM\ni'm gonna drop now but feel free to reach out any time w q's / feedback / ideas etc, I'm lurking in the podman matrix room o/\nMichael Scherer11:34 AM\nhttps://github.com/containers/podman/pull/12321\nYou11:34 AM\nhttps://github.com/containers/podman/pull/12321\nMichael Scherer11:36 AM\nhttps://github.com/containers/podman/pull/12321#issuecomment-971412475 so that's the detail\nAnders F Bj\xf6rklund11:42 AM\nwe have big problems with this in minikube, where we try to present a common API towards images from docker, cri-o (podman) and containerd (ctr and buildctl).\nUnfortunately kubernetes has no global policy on how to specify images\nAnders F Bj\xf6rklund11:45 AM\n(also includes other things, like if image ID include a \"sha256:\" prefix or not)\nMatt Heon11:47 AM\nSmall things like that, we should fix\nNo reason not to\nre: sha256 prefix\nAnders F Bj\xf6rklund11:54 AM\ncontainerd is now making the full names more visible to people, if it is any consolation\nBrent Baude11:54 AM\ngreat! but the problem exists in what has historically been set and expected\nAnders F Bj\xf6rklund11:54 AM\n(when people change their kubernetes CRI, from docker/cri-docker over to containerd)\nieq-pxhy-jbh\n")))}xt.isMDXComponent=!0;const Dt={},Bt="Podman Community Cabal Meeting Notes",Et=[{value:"February 17, 2022 11:00 a.m. Eastern",id:"february-17-2022-1100-am-eastern",level:2},{value:"February 17, 2022 Topics",id:"february-17-2022-topics",level:2},{value:"Meeting Notes",id:"meeting-notes",level:3},{value:"Meta package for manpages, config files - (0:50 in video) - Valentin Rothberg",id:"meta-package-for-manpages-config-files---050-in-video---valentin-rothberg",level:3},{value:"Open discussion (25:30 in video)",id:"open-discussion-2530-in-video",level:4},{value:"Next Meeting: Thursday March 17, 2022 11:00 a.m. EDT (UTC-5)",id:"next-meeting-thursday-march-17-2022-1100-am-edt-utc-5",level:3},{value:"Possible Topics:",id:"possible-topics",level:3}],Wt={toc:Et},jt="wrapper";function Lt(e){let{components:t,...n}=e;return(0,me.kt)(jt,(0,K.Z)({},Wt,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-cabal-meeting-notes"},"Podman Community Cabal Meeting Notes"),(0,me.kt)("p",null,"Attendees: Tom Sweeney, Aditya Rajan, Matt Heon, Brent Baude, Ashley Cui, Chris Evich, Urvashi Mohnani, Giuseppe Scrivano, Nalin Dahyabhai, Paul Holzinger, Anders Bj\xf6rklund, Dan Walsh, Valentin Rothberg, Jhon Honce, Miloslav Trma\u010d, Charlie Doern, Lokesh Mandvekar, Oleg Bulatov, Flavian Missi, Niall Crowe, F. Poirotte,"),(0,me.kt)("h2",{id:"february-17-2022-1100-am-eastern"},"February 17, 2022 11:00 a.m. Eastern"),(0,me.kt)("h2",{id:"february-17-2022-topics"},"February 17, 2022 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Meta package for manpages, config files - Valentin Rothberg")),(0,me.kt)("h3",{id:"meeting-notes"},"Meeting Notes"),(0,me.kt)("p",null,"Video ",(0,me.kt)("a",{parentName:"p",href:"https://youtu.be/ysFO1s7h-YE"},"Recording")),(0,me.kt)("p",null,"The meeting started at 11:02 a.m. Thursday, February 17, 2022"),(0,me.kt)("h3",{id:"meta-package-for-manpages-config-files---050-in-video---valentin-rothberg"},"Meta package for manpages, config files - (0:50 in video) - Valentin Rothberg"),(0,me.kt)("p",null,(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/common/issues/925"},"Issue discussed")),(0,me.kt)("p",null,"The ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/common"},"https://github.com/containers/common")," project is used for man pages, config files, and common files. Used by containers/storage, containers/image, containers/buildah, containers/podman. The containers/common package is pushed out in the containers-common package."),(0,me.kt)("p",null,"First issue: Hard for downstream packagers to know what and when to package. The common package should only ship with Podman, but it's not transparent to downstream packagers. For them, it's hard to know when to ship, especially since there are four projects of note: c/storage, c/image, c/common, c/crun."),(0,me.kt)("p",null,"Second issue: We have a high frequency of releases. I.e., recently 5 RC's of Podman. Which caused a lot of churn and problems for an arch-linux packager. The issue is ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/common/issues/925"},"here"),"."),(0,me.kt)("p",null,"Dan wonders if there's a way to add links to GitHub repos to tie them together. Valentin doesn't think there's a way to do this via GitHub, but possibly via Git itself, and he thinks it might be hairy."),(0,me.kt)("p",null,"Chris Evich mentioned ",(0,me.kt)("a",{parentName:"p",href:"https://blog.developer.atlassian.com/the-power-of-git-subtree/?_ga=2-71978451-1385799339-1568044055-1068396449-1567112770"},"git-subtree")),(0,me.kt)("p",null,"The problem remains if there's a Buildah or Podman that can use a particular version of the files in containers-common. It would be nice to have a packager grab version X of Podman, and that would then get all of the associated packages at the right versions."),(0,me.kt)("p",null,"Miloslav Trmac suggested adding something to Podman update/create the containers-common package when Podman creates its package. This would require some Makefile work."),(0,me.kt)("p",null,"Chris thinks there's an option in GitHub to create a tarball, but others pointed out it's only suitable for files in the physical repository."),(0,me.kt)("p",null,"Currently, we're grabbing things from the main branch, but we should grab from what is listed in the go.mod file."),(0,me.kt)("p",null,"Dan thinks putting Fedora's script into Podman and then working that back into the Fedora release cycles. It won't fix the issue but will at least make it obvious."),(0,me.kt)("p",null,"This is something that needs to happen for Buildah and Podman. We don't need to worry about CRI-O as they have a different setup and config files."),(0,me.kt)("p",null,"Dan and Lokesh will work together to try and make some progress in this space. This will mean moving update.sh, which will be renamed, into Podman."),(0,me.kt)("p",null,"Another concern has been the number of release candidates we had for Podman v4.0 (5 RC's). This has worked well for the development team but has caused packagers massive headaches."),(0,me.kt)("p",null,"Ideally, it would be nice if we could create a containers bundle. Lokesh has an upcoming blog that will talk about this too."),(0,me.kt)("p",null,"Tom would like to make sure we can do an RC release as it helped QE. Valentin pointed out the issue lies in that we're moving along RCs for Podman, but also point releases, rather than RCs for Buildah, Skopeo, etc., which is where the churn is."),(0,me.kt)("h4",{id:"open-discussion-2530-in-video"},"Open discussion (25:30 in video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"4.0 close to releasing. We are waiting on one last set of tests to finish successfully. Lokesh is working on documentation for netavark and aardvark-dns.")),(0,me.kt)("p",null,"The network stack will remain on CNI if Podman already exists on a system that Podman v4.0 is installed/upgraded on. If the host has no Podman presence, they will run with the new netavark stack."),(0,me.kt)("p",null,"The ",(0,me.kt)("inlineCode",{parentName:"p"},"podman system reset --force")," command should be used if moving up to Podman 4.0 with a host that used Podman v3.0 in the past."),(0,me.kt)("p",null,"Podman v4.0 will not be in Fedora 35 as it's a breaking change but will be available with Fedora 36. On Fedora 35, you will be able to update from ",(0,me.kt)("a",{parentName:"p",href:"https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman4/"},"Copr")," if you decide to."),(0,me.kt)("p",null,"Looking at a week delay until the Mac and Windows versions are available."),(0,me.kt)("p",null,"A discussion was had on how to handle a downgrade. Most likely, containers and images would have to be removed."),(0,me.kt)("ol",{start:2},(0,me.kt)("li",{parentName:"ol"},"Podman desktop update (38:37 in the video)\nDan noted that we're working with the developer on that. Potentially will merge CRC with the desktop. Meetings are coming up next week. Podman Desktop will not be released as part of Podman v4.0. Likely to be synchronized in the Fedora 36 release. The desktop the team is working on in Red Hat is Mac only via a Brew install on the side. This will pull in qemu as well.")),(0,me.kt)("p",null,"Anders noted that qemu (from brew) has a lot of architectures within it, but that's making it close to a Gigabyte in size."),(0,me.kt)("p",null,"Virtio-fs has been re-written in rust and can now be run on a Mac. There are two virtio-fs daemons, one in C, the other in Rust. The C version will be going away over time. Looking at Podman 4.2 or 4.3"),(0,me.kt)("h3",{id:"next-meeting-thursday-march-17-2022-1100-am-edt-utc-5"},"Next Meeting: Thursday March 17, 2022 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h3",{id:"possible-topics"},"Possible Topics:"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"})),(0,me.kt)("p",null,"Meeting finished 11:49"),(0,me.kt)("p",null,"Raw Meeting Chat:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},'You11:00 AM\nhttps://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nYou11:02 AM\nhttps://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nValentin Rothberg11:03 AM\nhttps://github.com/containers/common/issues/925\nValentin Rothberg11:10 AM\nhttps://git-scm.com/docs/git-submodule\nChristopher Evich11:11 AM\nThis seems to be the "new" way:\nGiuseppe Scrivano11:11 AM\ncrun is using submodules to track changes to libocispec, and libocispec uses submodules for tracking runtime-spec and image-spec\nChristopher Evich11:11 AM\nhttps://blog.developer.atlassian.com/the-power-of-git-subtree/?_ga=2-71978451-1385799339-1568044055-1068396449-1567112770\n(git subtree)\nAnders F Bj\xf6rklund11:14 AM\nwouldn\'t this use versions ? (tags)\nor is packages building from git these days ?\nLokesh Mandvekar11:15 AM\nusually from tags, but sometimes from git commits\nAnders F Bj\xf6rklund11:16 AM\nbut still tarballs, rather than git clones\nLokesh Mandvekar11:16 AM\nyup, fedora buildsys doesn\'t allow network access\nLokesh Mandvekar11:32 AM\n`rhcontainerbot/podman4`\nhttps://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman4/\nLokesh Mandvekar11:34 AM\nFedora 35 and CentOS 9 Stream users should prefer that if they want the latest podman releases (will include RCs)\nAnders F Bj\xf6rklund11:36 AM\nyup, fedora-coreos-35.20220216.dev.0-qemu.x86_64.qcow2.xz has a "dev" in it\nAnders F Bj\xf6rklund11:39 AM\nand it does have 4.0.0-rc5 in it\nieq-pxhy-jbh\n')))}Lt.isMDXComponent=!0;const Ht={},Rt="Podman Community Meeting Notes",Jt=[{value:"June 7, 2022 11:00 a.m. Eastern (UTC-5)",id:"june-7-2022-1100-am-eastern-utc-5",level:2},{value:"Attendees (27 total)",id:"attendees-27-total",level:3},{value:"Meeting Start: 11:02 a.m. EST",id:"meeting-start-1102-am-est",level:2},{value:"BlueJeans Recording",id:"bluejeans-recording",level:3},{value:"Podman on Windows Update",id:"podman-on-windows-update",level:2},{value:"Jason Greene/Tom Sweeney",id:"jason-greenetom-sweeney",level:3},{value:"(1:04 in the video)",id:"104-in-the-video",level:4},{value:"Podman Desktop Update",id:"podman-desktop-update",level:2},{value:"Florent Benoit",id:"florent-benoit",level:3},{value:"(4:00 in the video)",id:"400-in-the-video",level:4},{value:"Podman Install on MacOS",id:"podman-install-on-macos",level:2},{value:"Gerard Braad",id:"gerard-braad",level:3},{value:"(22:00 in the video)",id:"2200-in-the-video",level:4},{value:"Podman Upcoming Releases Update",id:"podman-upcoming-releases-update",level:2},{value:"Brent Baude",id:"brent-baude",level:3},{value:"(25:10 in the video)",id:"2510-in-the-video",level:4},{value:"Open Forum/Questions?",id:"open-forumquestions",level:2},{value:"(29:00 in the video)",id:"2900-in-the-video",level:4},{value:"Topics for Next Meeting",id:"topics-for-next-meeting",level:2},{value:"Next Meeting: Tuesday August 2, 2021, 11:00 a.m. Eastern (UTC-5)",id:"next-meeting-tuesday-august-2-2021-1100-am-eastern-utc-5",level:2},{value:"Next Cabal Meeting: Thursday June 16, 2021, 11:00 a.m. Eastern (UTC-5)",id:"next-cabal-meeting-thursday-june-16-2021-1100-am-eastern-utc-5",level:2},{value:"Meeting End: 11:46 a.m. Eastern (UTC-5)",id:"meeting-end-1146-am-eastern-utc-5",level:3},{value:"BlueJeans Chat copy/paste:",id:"bluejeans-chat-copypaste",level:2}],Ot={toc:Jt},Ft="wrapper";function Gt(e){let{components:t,...n}=e;return(0,me.kt)(Ft,(0,K.Z)({},Ot,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-meeting-notes"},"Podman Community Meeting Notes"),(0,me.kt)("h2",{id:"june-7-2022-1100-am-eastern-utc-5"},"June 7, 2022 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h3",{id:"attendees-27-total"},"Attendees (27 total)"),(0,me.kt)("p",null,"Tom Sweeney, Jhon Honce, Chris Evich, Matt Heon, Ashley Cui, Eduardo Santiago, Valentin Rothberg, Paul Holzinger, Nalin Dahyabhai, Giuseppe Scrivano, Preethi Thomas, Lokesh Mandvekar, Niall Crowe, Charlie Doern, Dan Walsh, Brent Baude, Aditya Rajan, Dev Kumar, Florent Benoit, Gerard Braad, Ionut Stoica, Jake Correnti, Karthik Elango, Mark Russell, Miloslav Trmac, Nalin Dahyabhai, Pavel, Preethi Thomas, Stevan Le Meur, Tim deBoer, Urvashi Mohnani"),(0,me.kt)("h2",{id:"meeting-start-1102-am-est"},"Meeting Start: 11:02 a.m. EST"),(0,me.kt)("h3",{id:"bluejeans-recording"},"BlueJeans ",(0,me.kt)("a",{parentName:"h3",href:"https://www.youtube.com/watch?v=lherM_ah3GU"},"Recording")),(0,me.kt)("h2",{id:"podman-on-windows-update"},"Podman on Windows Update"),(0,me.kt)("h3",{id:"jason-greenetom-sweeney"},"Jason Greene/Tom Sweeney"),(0,me.kt)("h4",{id:"104-in-the-video"},"(1:04 in the video)"),(0,me.kt)("p",null,"Jason was going to present today but had a recent COVID diagnosis and could not attend. Instead, Tom talked briefly about his recent blog ",(0,me.kt)("a",{parentName:"p",href:"https://www.redhat.com/sysadmin/run-podman-windows"},"post")," talking about how to install the new Podman Windows installer, which is ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/releases/download/v4.1.0/podman-v4.1.0.msi"},"here")," The Podman YouTube ",(0,me.kt)("a",{parentName:"p",href:"https://youtube.com/c/Podman"},"channel")," also has a ",(0,me.kt)("a",{parentName:"p",href:"https://www.youtube.com/watch?v=zHOC5QkhLVw"},"video")," of the process that Tom did to do the installation on Windows. Jason has also created a detailed ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/blob/main/docs/tutorials/podman-for-windows.md"},"tutorial")," for the installer and the Podman on Windows Client. Hopefully, Jason will be able to present at the next meeting."),(0,me.kt)("h2",{id:"podman-desktop-update"},"Podman Desktop Update"),(0,me.kt)("h3",{id:"florent-benoit"},"Florent Benoit"),(0,me.kt)("h4",{id:"400-in-the-video"},"(4:00 in the video)"),(0,me.kt)("p",null,"The project is located ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman-desktop"},"here")," on GitHub. The desktop lets you run in Windows or macOS."),(0,me.kt)("p",null,"Demo - 4:35 in the video"),(0,me.kt)("p",null,"Showed Gui listing Containers, Images, and Preferences. He was also able to do things on the command line, and they showed up in the desktop. He showed how he could pull an image from quay.io from the desktop."),(0,me.kt)("p",null,"Some Plugins are also available. He showed one for Podman, and now he can see more details of the images."),(0,me.kt)("p",null,'The desktop just watches the Podman Socket and is not polling all the time. You can use either rootful or rootless. You can\'t do that through the Desktop, but you can start the "podman machine" as rootful or rootless, and the Desktop will use the one available.'),(0,me.kt)("p",null,"Currently, the desktop is using a socket, so it might be possible for it to use ssh to use a podman machine on a remote host. A probable future enhancement."),(0,me.kt)("p",null,"Pods are not currently supported but are part of the future plan as a feature. Need more requests via GitHub to get it a bit more precedence."),(0,me.kt)("p",null,(0,me.kt)("a",{parentName:"p",href:"https:/github.com/containers/podman-desktop/wiki/Roadmap"},"Roadmap")," in their Wiki with the features planned. The developers are looking for more help in the development of the tool."),(0,me.kt)("p",null,"Brent wonders if there was still an open issue about machine events between the Desktop and Podman development teams. Brent will work with the Desktop team to close the loop as he thinks he has a solution."),(0,me.kt)("h2",{id:"podman-install-on-macos"},"Podman Install on MacOS"),(0,me.kt)("h3",{id:"gerard-braad"},"Gerard Braad"),(0,me.kt)("h4",{id:"2200-in-the-video"},"(22:00 in the video)"),(0,me.kt)("p",null,"Working on a test release on a different repo. Works on M1 and Intel. The current location is ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers-contribs/podman-installer/releases"},"here"),". When complete, it will be part of the regular Podman release and would be added to the assets section in Podman releases."),(0,me.kt)("h2",{id:"podman-upcoming-releases-update"},"Podman Upcoming Releases Update"),(0,me.kt)("h3",{id:"brent-baude"},"Brent Baude"),(0,me.kt)("h4",{id:"2510-in-the-video"},"(25:10 in the video)"),(0,me.kt)("p",null,'The next Release is v4.2 and likely a 4.1.x prior. Release candidates for v4.2 should be coming out in July with a target of mid-August for a final release. Quite a number of commits already. A lot of bug fixes due to a Red Hat internal bug squish week and "ToDo" fixes in the code. Updates to Podman machine and other enhancements are also included.'),(0,me.kt)("p",null,"Podman v4.1.1 sometime later this week per Matt Heon."),(0,me.kt)("h2",{id:"open-forumquestions"},"Open Forum/Questions?"),(0,me.kt)("h4",{id:"2900-in-the-video"},"(29:00 in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Can you tell when podman machine has an update? Currently no. If you have a new Podman, it will pull machine too. Brent hopes to update GUI later to show an update to the CoreOS image. The dev team knows about this, but it's not a non-trivial fix to make this happen.")),(0,me.kt)("p",null,"An issue to be created for this, Brent to create. (Issue)","[https://github.com/containers/podman/issues/14514]"),(0,me.kt)("ol",{start:2},(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Dan has opened a PR against qemu to break it up for different distro needs. This slims down the footprint of the binary. The size went from 40 MB to 4 MB. Bugzilla concerning this ",(0,me.kt)("a",{parentName:"p",href:"https://bugzilla.redhat.com/show_bug.cgi?id=2061584"},"here"))),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Pavel is having problems with Syslog from Podman. The issue isn't showing errors, and it isn't working. So it's very hard to debug. The issue is in crun and we'll have Giuseppe look into the problem."))),(0,me.kt)("p",null,"Pavel to update his (discussion](",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/discussions/12693"},"https://github.com/containers/podman/discussions/12693"),")."),(0,me.kt)("h2",{id:"topics-for-next-meeting"},"Topics for Next Meeting"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Podman on Mac installer.")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Podman on Windows"))),(0,me.kt)("h2",{id:"next-meeting-tuesday-august-2-2021-1100-am-eastern-utc-5"},"Next Meeting: Tuesday August 2, 2021, 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h2",{id:"next-cabal-meeting-thursday-june-16-2021-1100-am-eastern-utc-5"},"Next Cabal Meeting: Thursday June 16, 2021, 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h3",{id:"meeting-end-1146-am-eastern-utc-5"},"Meeting End: 11:46 a.m. Eastern (UTC-5)"),(0,me.kt)("h2",{id:"bluejeans-chat-copypaste"},"BlueJeans Chat copy/paste:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Me11:00 AM\nhttps://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\nStevan Le Meur11:05 AM\nsorry!\nStevan Le Meur11:11 AM\nFeel free to share feedback, issues, ideas on the repository: https://github.com/containers/podman-desktop\nFlorent Benoit11:20 AM\nhttps://github.com/containers/podman-desktop/wiki/Roadmap\nGerard Braad11:21 AM\nit sounbsd like the wrong mic is used\nmuch better!\nGerard Braad11:22 AM\nWould it be possible to also plug something?\nbaude11:23 AM\nplug?\nGerard Braad11:23 AM\nWe have been working on a test release of the Podman installer for macOS (Intel and M1), and would like feedback\nStevan Le Meur11:23 AM\n\ud83d\udc4d\nMe11:23 AM\nSure thing Gerard, do you want to do a quick update after this wraps?\nGerard Braad11:23 AM\nPlease\nbaude11:23 AM\nyes please\nGerard Braad11:24 AM\nhttps://github.com/containers-contribs/podman-installer/releases\n\nWe will propose it this week as a PR, but have experienced some delays on our end.\nGerard Braad11:28 AM\nThank you guys\nionut stoica11:31 AM\nI do have a Q\nCan you know preemptively when a podman machine has update ?\nMicrophone dead! :(\nGerard Braad11:32 AM\nSo this is about a 'Update notification' ?\nionut stoica11:33 AM\nYes, some users wanted to know as they certify their envs and analyze all they bring in\nGerard Braad11:34 AM\nDoes an issue exist to track this?\nLet's create?\nionut stoica11:34 AM\n:) Awesome!\nGerard Braad11:35 AM\nWe have the same issue around CRC for the image. So le's create this and I'll ping you Ionut\nGerard Braad11:38 AM\n@ionut @baude I added an issue for this: https://github.com/containers/podman/issues/14514\nDaniel (rhatdan) Walsh11:39 AM\ntom https://bugzilla.redhat.com/show_bug.cgi?id=2061584\nMe11:39 AM\nthx dan\nMe11:41 AM\nThx Gerard, added it and the BZ to the mtg notes\nGerard Braad11:41 AM\n:+1 Thanks. I remember Baude and I also talked about this particular issue in February or so. It is not an easy problem to solve, but it is worthwhile to collect the issues and possible solutions.\nbaude11:44 AM\ni have to step away\nMe11:44 AM\ngithub.com/podman/discussions\nFlorent Benoit11:44 AM\nhttps://github.com/containers/podman/discussions\nMe11:44 AM\nhttps://github.com/containers/podman/discussions\nMark Russell11:46 AM\nthanks, Tom!\n")))}Gt.isMDXComponent=!0;const Ut={},Yt="Podman Community Cabal Meeting Notes",zt=[{value:"November 17, 2022 11:00 a.m. Eastern",id:"november-17-2022-1100-am-eastern",level:2},{value:"November 17, 2022 Topics",id:"november-17-2022-topics",level:2},{value:"Meeting Notes",id:"meeting-notes",level:3},{value:"Docker Compose Support from the Command Line - (0:55 in the video) - Dan Walsh",id:"docker-compose-support-from-the-command-line---055-in-the-video---dan-walsh",level:3},{value:"Docker Socket helper on macOS enabled by default - (28:50 in the video) - Florent Benoit",id:"docker-socket-helper-on-macos-enabled-by-default---2850-in-the-video---florent-benoit",level:3},{value:"Open discussion (35:30 in the video)",id:"open-discussion-3530-in-the-video",level:4},{value:"Next Meeting: Thursday, December 15, 2022, 11:00 a.m. EDT (UTC-5)",id:"next-meeting-thursday-december-15-2022-1100-am-edt-utc-5",level:3},{value:"December 15, 2022 Topics",id:"december-15-2022-topics",level:2},{value:"Next Community Meeting: Tuesday, December 6, 2022, 11:00 a.m. EDT (UTC-5)",id:"next-community-meeting-tuesday-december-6-2022-1100-am-edt-utc-5",level:3},{value:"Possible Topics:",id:"possible-topics",level:3}],qt={toc:zt},Vt="wrapper";function Kt(e){let{components:t,...n}=e;return(0,me.kt)(Vt,(0,K.Z)({},qt,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-cabal-meeting-notes"},"Podman Community Cabal Meeting Notes"),(0,me.kt)("p",null,"Attendees: Matt Heon, Dan Walsh, Nalin Dahyabhai, Paul Holzinger, Lokesh Mandvekar, Valentin Rothberg, Mohan Boddu, Eduardo Santiago, Giuseppe Scrivano, Aditya Rajan, Urvashi Mohnani, Preethi Thomas, Ashley Cui, Florent Benoit, Martin Jackson, Charlie Drage, Lorenzo Prosseda, Luca Fuse, Steven Le Meur,"),(0,me.kt)("h2",{id:"november-17-2022-1100-am-eastern"},"November 17, 2022 11:00 a.m. Eastern"),(0,me.kt)("h2",{id:"november-17-2022-topics"},"November 17, 2022 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Docker Compose Support from the Command Line - Dan Walsh")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Docker Socket helper on macOS enabled by default - Florent Benoit"),(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"(It is enabled by default on Windows but needs an extra step on macOS")))),(0,me.kt)("h3",{id:"meeting-notes"},"Meeting Notes"),(0,me.kt)("p",null,"Video ",(0,me.kt)("a",{parentName:"p",href:"https://youtu.be/HIzZYPpE304"},"Recording")),(0,me.kt)("p",null,"Meeting start: 11:02 a.m. Thursday, November 17, 2022"),(0,me.kt)("h3",{id:"docker-compose-support-from-the-command-line---055-in-the-video---dan-walsh"},"Docker Compose Support from the Command Line - (0:55 in the video) - Dan Walsh"),(0,me.kt)("p",null,"Podman Desktop is asking to add Docker Compose. The Desktop folks are getting a lot of pull from the community about using Docker Compose from the Desktop."),(0,me.kt)("p",null,"Stevan believes Rancher supports this based on the container type."),(0,me.kt)("p",null,"We could do either Podman Compose or vendor in Docker Compose from Docker. We'd need to go to the latest version of Docker Compose with the highest available Golang to make it work with Podman."),(0,me.kt)("p",null,"Since we have to use client/server services, Dan thinks Docker Compose would be the way to go. Plus, it has good usage by the community. Podman Compose needs further work. Either way, a lot of work is necessary to make it happen."),(0,me.kt)("p",null,"Martin has been involved with Docker Compose and uses it outside of Podman. He thinks having Docker Compose would be useful. He thinks Kube support would be upgraded for Podman, too, with Docker Compose."),(0,me.kt)("p",null,"Let's say ",(0,me.kt)("inlineCode",{parentName:"p"},"podman kube")," does 75% of Docker Compose, but Docker Compose has become the deFacto standard. It's also an easy-to-understand format. Martin prefers it over Kube YAML for ease of use. He feels there would be value in having Docker Compose work under Podman."),(0,me.kt)("p",null,"The latest Docker Compose has a few new commands that aren't in the Python library. You can run the Docker Compose v2 as standalone, and you don't need Docker to run also. This makes it more likely it could be used by Podman."),(0,me.kt)("p",null,'Dan would be happiest if we could exec to Docker Compose rather than having to vendor or ingrain it into Podman. Brent is concerned about the reaction of this by our community when we note that Podman claims "Docker Compose" support, and we\'re only shipping the client. This is where the idea of using a plugin for him has come from.'),(0,me.kt)("p",null,"A plugin would just be a CLI, and Dan is worried about increasing the size of the Podman binary if we do this."),(0,me.kt)("p",null,"Matt thinks we need to ship the Docker Compose v2 client within the image, and it doesn't need to be integrated into Podman."),(0,me.kt)("p",null,"We will need to figure out how to make a supported version for RHEL/Red Hat. Currently, if there's a problem with Docker Compose, we report it upstream but don't fix it. Once we ingrain it, the onus comes onto the Red Hat team for RHEL support."),(0,me.kt)("p",null,"Dan has heard from customers is they are waiting to move to Podman Desktop until Docker Compose functionality is available."),(0,me.kt)("p",null,"Stevan is documenting these kinds of requests from customers."),(0,me.kt)("p",null,"Florent wondered which socket, Docker Compose or Podman, would be called. Matt suggests using a symlink from Podman to Docker, but this could be a problem if both were installed."),(0,me.kt)("p",null,"From a Red Hat perspective, we'll need to get \u201cbuy-in\u201d from our product management team. We'll need to build a case, but that shouldn't be too hard to do. Florent has opened an ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/issues/16548"},"issue")," to address this socket problem."),(0,me.kt)("p",null,"This is a similar situation to Dockerfile. We need to support all of the functionality there, and once we take on Docker Compose, we'll need to do that there too."),(0,me.kt)("p",null,"Docker Compose is the last piece of the Docker-controlled container world that Podman does not handle well currently."),(0,me.kt)("p",null,"Brent thinks that if we can provide Docker Compose support, the community will love it. The hard part will be finding the time to do the work and then support it over time."),(0,me.kt)("h3",{id:"docker-socket-helper-on-macos-enabled-by-default---2850-in-the-video---florent-benoit"},"Docker Socket helper on macOS enabled by default - (28:50 in the video) - Florent Benoit"),(0,me.kt)("p",null,"We have a number of people studying Podman and how it's attached to the Podman Socket. It's not working all the time with the Podman Machine in Mac. By default, the Podman socket is mounted for Windows."),(0,me.kt)("p",null,"In Windows, if it's not finding Docker being mounted, then it mounts the Podman socket. Florent would like to do similar on the mac."),(0,me.kt)("p",null,"Paul is concerned that the Mac would require root, which is not enabled by default."),(0,me.kt)("p",null,"Ashley doesn't think root will be needed for this. Homebrew doesn't, so she thinks opt might not need root-level privileges."),(0,me.kt)("p",null,"Dan suggests that we talk to Gerard to figure out a workaround. We could make the change such that at installation, it would optionally ask for a root password. Florent to open up an ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/issues/16547"},"issue")," against Podman to see if we can move this forward."),(0,me.kt)("p",null,"On Linux, we shipped Podman-Docker, which takes care of this issue. Docker has a new change in this area, and it may not require root for the socket. Further investigation/study is to be done."),(0,me.kt)("h4",{id:"open-discussion-3530-in-the-video"},"Open discussion (35:30 in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Issue Triage on Podman. (35:30 in the video)")),(0,me.kt)("p",null,"Paul has noted an increase of issues reported against much older versions of Podman and issues that are incomplete. In addition, bugs reported against RHEL are being logged as issues rather than Bugzillas, as they should be."),(0,me.kt)("p",null,"Brent thinks anything against Podman v1 and v2 should just be closed, and the people told to move up to a newer version."),(0,me.kt)("p",null,'We might add a "unable to reproduce" flag that would close an issue if it was around for 30+ days.'),(0,me.kt)("p",null,"A robot to ask for the ",(0,me.kt)("inlineCode",{parentName:"p"},"podman info")," output in an issue would also be nice."),(0,me.kt)("p",null,"Reporters don't always report the information that's needed to resolve the issue."),(0,me.kt)("p",null,"It would be nice to have AI that could move GitHub issues that should be discussions automatically."),(0,me.kt)("p",null,"It would also be nice to block comments on issues that have been closed for several months or more."),(0,me.kt)("p",null,"Podman Desktop has fields that they use in their issue template. The Podman team will look at what they're doing and see if we can align a bit better. The document is ",(0,me.kt)("a",{parentName:"p",href:"https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository#creating-issue-forms"},"here"),". Brent and Mohan will poke at this further."),(0,me.kt)("ol",{start:2},(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Podman 4.3 update (47:08 in the video)\nAbout three weeks old at this point. A new Podman v4.3.2 will come out sometime in December after an upcoming bug week."),(0,me.kt)("p",{parentName:"li"},"Then Podman v4.4 RCs are likely to come out in late January.")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},(0,me.kt)("inlineCode",{parentName:"p"},"podman kube play")," volume issue (48:30 in the video)\nMartin asked about the volume ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/pull/16420"},"issue")," with the ",(0,me.kt)("inlineCode",{parentName:"p"},"kube play")," command. Podman Kube Play doesn't work with volumes that are associated with the Kube YAML. On restart, the volumes don't work. Team to look at this for Podman v4.4 at the latest."),(0,me.kt)("p",{parentName:"li"},"Also upcoming in Podman v4.4 is a focus on performance, updates to podman machine, network improvements, podman Kube fixes, quadlet changes, a new ",(0,me.kt)("inlineCode",{parentName:"p"},"--dns")," selector option, and pasta support."))),(0,me.kt)("h3",{id:"next-meeting-thursday-december-15-2022-1100-am-edt-utc-5"},"Next Meeting: Thursday, December 15, 2022, 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h2",{id:"december-15-2022-topics"},"December 15, 2022 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"None Suggested")),(0,me.kt)("h3",{id:"next-community-meeting-tuesday-december-6-2022-1100-am-edt-utc-5"},"Next Community Meeting: Tuesday, December 6, 2022, 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h3",{id:"possible-topics"},"Possible Topics:"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"MinIO Demo - Will Dinyes"),(0,me.kt)("li",{parentName:"ol"},"Kubernetes Demo -")),(0,me.kt)("p",null,"Meeting finished at 11:57 a.m."))}Kt.isMDXComponent=!0;const Zt={},Qt="Podman Community Cabal Meeting Notes",_t=[{value:"March 16, 2023 11:00 a.m. Eastern",id:"march-16-2023-1100-am-eastern",level:2},{value:"March 16, 2023 Topics",id:"march-16-2023-topics",level:2},{value:"Meeting Notes",id:"meeting-notes",level:3},{value:"Podman and SQLite (0:45 in the video) - Matt Heon",id:"podman-and-sqlite-045-in-the-video---matt-heon",level:3},{value:"Hack/Perf Scripts (7:07 in the video) - Valentin Rothberg",id:"hackperf-scripts-707-in-the-video---valentin-rothberg",level:3},{value:"Container Tools (podman) test day (24:15 in the video) - Mohan/Lokesh/Sumantro",id:"container-tools-podman-test-day-2415-in-the-video---mohanlokeshsumantro",level:3},{value:"Open discussion (49:00 in video)",id:"open-discussion-4900-in-video",level:4},{value:"Next Meeting: Thursday, April 20, 2023, 11:00 a.m. EDT (UTC-5)",id:"next-meeting-thursday-april-20-2023-1100-am-edt-utc-5",level:3},{value:"Possible Topics",id:"possible-topics",level:2},{value:"Next Community Meeting: Tuesday, April 4, 2023, 11:00 a.m. EDT (UTC-5)",id:"next-community-meeting-tuesday-april-4-2023-1100-am-edt-utc-5",level:3},{value:"Possible Topics:",id:"possible-topics-1",level:3}],Xt={toc:_t},$t="wrapper";function en(e){let{components:t,...n}=e;return(0,me.kt)($t,(0,K.Z)({},Xt,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-cabal-meeting-notes"},"Podman Community Cabal Meeting Notes"),(0,me.kt)("p",null,"Attendees: Matt Heon, Nalin Dahyabhai, Paul Holzinger, Lokesh Mandvekar, Valentin Rothberg, Eduardo Santiago, Giuseppe Scrivano, Preethi Thomas, Ashley Cui, Brent Baude, Chris Evich, Urvashi Mohnani, Martin Jackson, Mohan Boddu, Lance Lovette, and Sumantro Mukherjee"),(0,me.kt)("h2",{id:"march-16-2023-1100-am-eastern"},"March 16, 2023 11:00 a.m. Eastern"),(0,me.kt)("h2",{id:"march-16-2023-topics"},"March 16, 2023 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Podman and SQLite - Matt Heon"),(0,me.kt)("li",{parentName:"ol"},"Hack/Perf scripts - Valentin Rothberg"),(0,me.kt)("li",{parentName:"ol"},"Container Tools (podman) test day - Mohan/Lokesh/Sumantro")),(0,me.kt)("h3",{id:"meeting-notes"},"Meeting Notes"),(0,me.kt)("p",null,"Video ",(0,me.kt)("a",{parentName:"p",href:"https://youtu.be/k_88s2RQm5Q"},"Recording")),(0,me.kt)("p",null,"Meeting start 11:03 a.m. EDT Thursday, March 16, 2023"),(0,me.kt)("h3",{id:"podman-and-sqlite-045-in-the-video---matt-heon"},"Podman and SQLite (0:45 in the video) - Matt Heon"),(0,me.kt)("p",null,'BoltDB is used currently as the database engine for Podman. We have encountered issues with BoltDB and discovered that BoltDB, for all intents and purposes, is no longer supported. The database can be corrupted after a power outage if the timing is badly "right".'),(0,me.kt)("p",null,"Matt has looked into SQLite and has worked up replacement routines. By default, starting in August, new Podman installs will get SQLite. Later, the BoltDB databases may be converted, method TBD."),(0,me.kt)("p",null,"So far, a slight performance increase with SQLite, a 30 to 40-millisecond speed up with container commands."),(0,me.kt)("p",null,"Nothing for the user to do, except maybe initialize a database conversion routine."),(0,me.kt)("p",null,"This should be out in Podman v4.5."),(0,me.kt)("p",null,"Currently, the plan is to have ",(0,me.kt)("inlineCode",{parentName:"p"},"podman system reset")," clear the database, and scripts are being looked into also, but no promises. Matt thinks he'll keep BoltDB around for at least a year."),(0,me.kt)("h3",{id:"hackperf-scripts-707-in-the-video---valentin-rothberg"},"Hack/Perf Scripts (7:07 in the video) - Valentin Rothberg"),(0,me.kt)("p",null,"Showed a configurable script that drives the test. It uses ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/sharkdp/hyperfine"},"Hyperfine"),". It shows the output of a variety of Docker and Podman commands."),(0,me.kt)("p",null,'The script consists of a "prepare" command to set things up in advance, but it does not have a post-test run process capability.'),(0,me.kt)("p",null,"The scripts are under ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/tree/main/hack/perf"},"hack/perf")," on GitHub; contributions are gratefully accepted."),(0,me.kt)("p",null,"Brent asked if you could run just one engine? No, these scripts are written in mind to compare two engines. But the scripts could be modified; or new ones created to work with just one engine."),(0,me.kt)("p",null,"For cleanup, Valentin put procedures in the startup scripts."),(0,me.kt)("p",null,"Dan thinks it would be nice to have a run.sh to feed commands into the test to check on those particular commands. Valentin likes the idea, but for cleaning/setting stuff up as you should do for a perf test, Valentin found the scripts to be easier to handle."),(0,me.kt)("p",null,"Dan would like to be able to flop the order of Docker and Podman runs. He thinks the kernel may pre-load stuff that sometimes makes the second engine faster."),(0,me.kt)("p",null,"This is helpful for not only comparing Docker/Podman but also different versions of Podman."),(0,me.kt)("h3",{id:"container-tools-podman-test-day-2415-in-the-video---mohanlokeshsumantro"},"Container Tools (podman) test day (24:15 in the video) - Mohan/Lokesh/Sumantro"),(0,me.kt)("p",null,"Similar to Fedora test days. He does FCOS test days and wants to add a cycle for when Podman has a new version to test."),(0,me.kt)("p",null,"As a requirement, we need to get Podman latest into FCOS so the team could run the tests with it."),(0,me.kt)("p",null,"They could grab Podman packages from the Fedora Test systems before it goes to stable."),(0,me.kt)("p",null,"Generally, Podman releases every two months in general, with Release Candidates two weeks prior."),(0,me.kt)("p",null,"The biggest one for us is install testing. Matt thinks running our system tests on FCOS would be good, but Brent thinks that environment might be challenging due to the packages that would have to be added to the FCOS image. Sumantro said we could instead use Workstation for the test."),(0,me.kt)("p",null,"Generally, FCOS is used as a server, while FCOS workstation is more client-side."),(0,me.kt)("p",null,"Paul is unsure of the advantage of running system tests in this environment. He thinks it would be better if we had users running tests rather than automated ones."),(0,me.kt)("p",null,"Lokesh would prefer to start this in the second week of April or later."),(0,me.kt)("p",null,"Mohan asked if they can do performance testing as well. An example test ",(0,me.kt)("a",{parentName:"p",href:"https://testdays.fedoraproject.org/events/152"},"app"),". Sumantro could write stuff up and maintain it. We could potentially use Valentin\u2019s tests, but we need to figure out how to determine baselines and retain them."),(0,me.kt)("p",null,"Mohan also asked if multiple architectures could be tested. The challenge here is to find the machines that can be used."),(0,me.kt)("p",null,"Chris pointed out that along with the test results, we need to capture the system setup, down to the kernel versions that were in play."),(0,me.kt)("p",null,"Dan noted that we don't alway get our release notes out in a timely manner, and we should in order to help this testing. The issue with that is the time necessary to put the notes together. Building a chopped version more quickly might be doable, but will need investigation. We should at least be able to get a list of issues out more quickly."),(0,me.kt)("p",null,"Paul thinks it would not be a problem to run a benchmark with a before version and then the test version of Podman."),(0,me.kt)("p",null,"FYI, here's a ",(0,me.kt)("a",{parentName:"p",href:"https://fedoraproject.org/wiki/QA:Testcase_Podman"},"Podman Test Case")," that was used in the past."),(0,me.kt)("p",null,"As far as ",(0,me.kt)("inlineCode",{parentName:"p"},"podman machine")," goes, we could test on FCOS Workstation, then the testing would be useful and valuable."),(0,me.kt)("p",null,"Mohan wondered if they had any Mac/Windows based testing. They do have some, that can be used."),(0,me.kt)("p",null,"Paul noted the big thing is writing up the test cases to see what should be tested. Most of the CI is for regression testing only. He suggests that we might ask people provide test cases within a Pull Request statement."),(0,me.kt)("p",null,"What is the next steps for moving forward with this?",(0,me.kt)("br",{parentName:"p"}),"\n","Sumantro needs a pointer to tests that are not covered. He could do so via issues on the GitHub. Targeting mid-April for the first test run."),(0,me.kt)("h4",{id:"open-discussion-4900-in-video"},"Open discussion (49:00 in video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Lance asked how the port works between the mac, machine and the container. If he publishes the port, it seems to be exposed on the mac. He wants to know if he can connect the port to the podman machine directly rather than the mac. Paul says not doable now, but we can take a feature request in GitHub and will publsh it."),(0,me.kt)("p",{parentName:"li"},"Brent asked if he wanted to publish the port beyond the machine or did he just want to hit it from the mac. Slirpnetns or passt is a bit of a black hole, and you throw something in there, then it comes out where we told it to, and it's hard to select it. The problem is your running rootless, so there are limitations."),(0,me.kt)("p",{parentName:"li"},"The virtual machine is isolated from the MacOS, ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/gvisor-tap-vsock"},"gvproxy")," is the glue that lets you do port handling."),(0,me.kt)("p",{parentName:"li"},"You will need root privs not only in the 'podman machine vm' but also on the MacOS."),(0,me.kt)("p",{parentName:"li"},(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/gvisor-tap-vsock"},"gvproxy")," is under containers on GitHub, and we contribute it."),(0,me.kt)("p",{parentName:"li"},"This ",(0,me.kt)("a",{parentName:"p",href:"https://www.redhat.com/sysadmin/run-containers-mac-podman"},"article")," was helpful to Lance for all of this."))),(0,me.kt)("p",null,"2) Brent asked if ssh keys need to be encrypted in the view of others. A ",(0,me.kt)("a",{parentName:"p",href:"https://www.redhat.com/sysadmin/run-containers-mac-podman"},"Discussion")," was started in GitHub. We had one request recently and we're leaning towards doing keychain, but there's been several challenges with that."),(0,me.kt)("p",null," If they used encrypted keys, the user would be prompted for the password with every command. Adding a key to the key ring has proven to be challenging. Paul thinks this can be done securely with ssh, Brent asked Paul to write up a proposal for the changes he's suggesting. The user may run into issue when dealing with keys for the podman machine. Brent is trying to figure out the amount of work for it all."),(0,me.kt)("h3",{id:"next-meeting-thursday-april-20-2023-1100-am-edt-utc-5"},"Next Meeting: Thursday, April 20, 2023, 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h2",{id:"possible-topics"},"Possible Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"None discussed")),(0,me.kt)("h3",{id:"next-community-meeting-tuesday-april-4-2023-1100-am-edt-utc-5"},"Next Community Meeting: Tuesday, April 4, 2023, 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h3",{id:"possible-topics-1"},"Possible Topics:"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"None discussed")),(0,me.kt)("p",null,"Meeting finished 12:08 p.m."),(0,me.kt)("p",null,"Raw Meeting Chat:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"You\n11:02\u202fAM\nhttps://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nMartin Jackson\n11:11\u202fAM\nI think the speedup was in milli-seconds, not micro-seconds? Perhaps I misheard\nMatt Heon\n11:11\u202fAM\nYeah, milliseconds\nYou\n11:12\u202fAM\nThanks for the touch up.\nMatt Heon\n11:12\u202fAM\nDB writes are ~2x as fast with SQLite. Reads are a bit slower, but those only take tens of microseconds, so it doesn't really matter.\nWrites being ~5ms for SQLite versus ~10ms for Bolt. Most of which is fsync.\nMohan Boddu\n11:19\u202fAM\nSomeone at the door, bbiab\nMohan Boddu\n11:27\u202fAM\nback\nYou\n11:29\u202fAM\nValentin, have you shared the hack/perf scripts with Yiqiao and the rest of the QE team?\nValentin Rothberg\n11:29\u202fAM\n@Tom, no, I didn't share them with QE. But I see where you're going. It's probably a good idea to let them know.\nPreethi Thomas\n11:35\u202fAM\nYou may have already talked about it as I a only half listening. How about podman-machine/podman-remote tests on FCOS?\nSumantro Mukherjee\n11:36\u202fAM\nhttps://testdays.fedoraproject.org/events/152\nSumantro Mukherjee\n11:44\u202fAM\nhttps://fedoraproject.org/wiki/QA:Testcase_Podman\nPaul Holzinger\n11:52\u202fAM\ngit log --all --grep='\\[NO NEW TESTS NEEDED\\]'\nBrent Baude\n11:52\u202fAM\ni have a question as well\nLokesh Mandvekar\n11:53\u202fAM\nbtw, if someone can back me up on the rpm side, then we don't need to wait for me to get back\nMatt Heon\n11:54\u202fAM\nCould we route the Podman subnet from OS X to the VM? That would let (root) containers be accessed directly from OS X\nLance Lovette\n12:01\u202fPM\nhttps://www.redhat.com/sysadmin/run-containers-mac-podman\nYou\n12:01\u202fPM\nTY!\nBrent Baude\n12:01\u202fPM\nhttps://github.com/containers/podman/discussions/17795\n")))}en.isMDXComponent=!0;const tn={},nn="Podman Community Meeting",an=[{value:"December 1, 2020 11:00 a.m. Eastern (UTC-5)",id:"december-1-2020-1100-am-eastern-utc-5",level:2},{value:"Attendees (35 total)",id:"attendees-35-total",level:3},{value:"Meeting Start: 11:03 a.m.",id:"meeting-start-1103-am",level:2},{value:"BlueJeans Recording",id:"bluejeans-recording",level:3},{value:"Introducing Network Aliases",id:"introducing-network-aliases",level:2},{value:"Matt Heon",id:"matt-heon",level:3},{value:"(1:50 in the video)",id:"150-in-the-video",level:4},{value:"Podman Split Brain API",id:"podman-split-brain-api",level:2},{value:"Jhon Honce",id:"jhon-honce",level:3},{value:"(12:33 in the video)",id:"1233-in-the-video",level:4},{value:"Demo containers.conf usage",id:"demo-containersconf-usage",level:2},{value:"Dan Walsh",id:"dan-walsh",level:3},{value:"(22:34 in video)",id:"2234-in-video",level:4},{value:"Podman development update",id:"podman-development-update",level:2},{value:"Brent Baude",id:"brent-baude",level:3},{value:"(38:30 in the video)",id:"3830-in-the-video",level:4},{value:"Discussion on a Podman forum.",id:"discussion-on-a-podman-forum",level:2},{value:"(44:28 in the video)",id:"4428-in-the-video",level:4},{value:"Any pain points?",id:"any-pain-points",level:2},{value:"(49:19 in the video)",id:"4919-in-the-video",level:4},{value:"systemd discussion",id:"systemd-discussion",level:2},{value:"(51:19 in the video)",id:"5119-in-the-video",level:4},{value:"Questions?",id:"questions",level:2},{value:"Topics for Next Meeting",id:"topics-for-next-meeting",level:2},{value:"NOTE no January meeting.",id:"note-no-january-meeting",level:3},{value:"(54:03 in the video)",id:"5403-in-the-video",level:4},{value:"Next Meeting: Tuesday February 2, 2020, 11:00 a.m. Eastern (UTC-5)",id:"next-meeting-tuesday-february-2-2020-1100-am-eastern-utc-5",level:2},{value:"Meeting End: 12:03 p.m. Eastern (UTC-5)",id:"meeting-end-1203-pm-eastern-utc-5",level:3},{value:"BlueJeans Chat copy/paste:",id:"bluejeans-chat-copypaste",level:2}],on={toc:an},sn="wrapper";function rn(e){let{components:t,...n}=e;return(0,me.kt)(sn,(0,K.Z)({},on,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-meeting"},"Podman Community Meeting"),(0,me.kt)("h2",{id:"december-1-2020-1100-am-eastern-utc-5"},"December 1, 2020 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h3",{id:"attendees-35-total"},"Attendees (35 total)"),(0,me.kt)("p",null,"Tom Sweeney, Brent Baude, Jhon Honce, Reinhard Tartler, Dan Walsh, Chris Evich, Lokesh Mandvekar, Anders Bj\xf6rklund, Greg Shomo, Urvashi Mohnani, Nalin Dahyabhai, Qi Wang, Eduardo Santiago, Ed Haynes, Sally O'Malley, James Cassell, Scott McCarty, Christian Felder, Valentin Rothberg, Christian Korneck, Neal Gompa, Brian Smith, Giuseppe Scrivano, Joe Crist, Joe Doss, Miloslav Trmac, Pablo Greco, Parker Van Roy, Peter Hunt, Preethi Thomas, James Ault"),(0,me.kt)("h2",{id:"meeting-start-1103-am"},"Meeting Start: 11:03 a.m."),(0,me.kt)("h3",{id:"bluejeans-recording"},"BlueJeans ",(0,me.kt)("a",{parentName:"h3",href:"https://bluejeans.com/s/aOaqCoRSJB4/"},"Recording")),(0,me.kt)("h2",{id:"introducing-network-aliases"},"Introducing Network Aliases"),(0,me.kt)("h3",{id:"matt-heon"},"Matt Heon"),(0,me.kt)("h4",{id:"150-in-the-video"},"(1:50 in the video)"),(0,me.kt)("p",null,"Podman v2.2 came out last night. Network connect lets you take an existing container and will let you connect to another containers network."),(0,me.kt)("p",null,"Still limited, calling it initial support."),(0,me.kt)("p",null,"Second thing is network aliases. Podman allows you to access other containers by its name. Supported since v1.6. Useful for database container and a http container that you want to talk to. Network alias allows you to add further names to the containers to make it even easier to communicate with."),(0,me.kt)("p",null,"A new ",(0,me.kt)("inlineCode",{parentName:"p"},"dnsname")," plugin is required. Existing networks from ",(0,me.kt)("inlineCode",{parentName:"p"},"podman network connect")," are not compatible as-is but are simple to upgrade (small change to their config)."),(0,me.kt)("p",null,"Matt started a demo (",(0,me.kt)("a",{parentName:"p",href:"https://asciinema.org/a/376554"},"https://asciinema.org/a/376554"),") ",(0,me.kt)("strong",{parentName:"p"},"(4:59 in the video)"),"."),(0,me.kt)("p",null,"The demo showed how you can use either the name of the container or its newly established alias to do a run command against."),(0,me.kt)("p",null,"He then demo'd setting up a network connection."),(0,me.kt)("h2",{id:"podman-split-brain-api"},"Podman Split Brain API"),(0,me.kt)("h3",{id:"jhon-honce"},"Jhon Honce"),(0,me.kt)("h4",{id:"1233-in-the-video"},"(12:33 in the video)"),(0,me.kt)("p",null,"Community was resistant to a new API that differed greatly from Docker. Podman v2.0 featured API v2.0.x. Split brain comes form DNS split brain . We have an api that is Docker compatible and one that is not. The two trees are versioned independently."),(0,me.kt)("p",null,"Moving to Podman and API v3.X for both in the near future. We needed improvements especially in newlines where we've run into issues with v2.0. V3.0 will complete more of the compatibility resources. It will add new commands such as network connect and disconnect. Also removal of the varlink API which will cause the size of the binary to be slimmed down."),(0,me.kt)("p",null,"Brent also talked about slimming down other areas of Podman as well in v3.0. Dan pointed out the help that the community has provided in tuning the API."),(0,me.kt)("p",null,"See ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/tree/main/test/apiv2/rest_api"},"API tests using python requests library")," for examples."),(0,me.kt)("h2",{id:"demo-containersconf-usage"},"Demo containers.conf usage"),(0,me.kt)("h3",{id:"dan-walsh"},"Dan Walsh"),(0,me.kt)("h4",{id:"2234-in-video"},"(22:34 in video)"),(0,me.kt)("p",null,"Dan talked about containers.conf which will allow for users to change the default settings for the container engine on the host."),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"/usr/share/containers/containers.conf is the main file to use."),(0,me.kt)("li",{parentName:"ul"},"/etc/containers/containers.conf is the secondary file which an admin can use to change for all container projects (Buildah, Podman, Skopeo, etc.)"),(0,me.kt)("li",{parentName:"ul"},"$HOME/.config/containers/containers.conf is used by an individual user to configure their rootless containers.")),(0,me.kt)("p",null,"The containers.conf file allows for sysctl to be configured/toggled. There are many options within the files."),(0,me.kt)("p",null,"Does rootless ignore the /etc/containers/containers.conf version? It does not per Dan."),(0,me.kt)("p",null,"Neal Gompa asked if we could provide a containers.conf.d similar to registries.conf.d which makes it even easier to tailor. Dan said it's been thought about and we'd be amiable to it being included."),(0,me.kt)("p",null,"Dan then did a demo."),(0,me.kt)("p",null,"HPC had massive amounts of containers and want to set up defaults. A blog is in the works."),(0,me.kt)("p",null,"James Cassell asked about libpod.conf. It's gone away and been replaced by containers.conf."),(0,me.kt)("h2",{id:"podman-development-update"},"Podman development update"),(0,me.kt)("h3",{id:"brent-baude"},"Brent Baude"),(0,me.kt)("h4",{id:"3830-in-the-video"},"(38:30 in the video)"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("p",{parentName:"li"},"Podman v2.2 was just cut yesterday Nov 30, 2020 and upstream was switched to v3.0 development. Varlink was removed from Fedora 33 which will have Podman 3.0. Fedora 32 will not have Podman v3.0.")),(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("p",{parentName:"li"},"Podman 2.1.1 will be in RHEL 8.3.1 to be released in Feb 2021, and RHEL 8.4 in May 2021 will have Podman v3.0.")),(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("p",{parentName:"li"},"The Debian and Ubuntu distro packages currently ship with varlink enabled at build time, and ship with systemd units."))),(0,me.kt)("h2",{id:"discussion-on-a-podman-forum"},"Discussion on a Podman forum."),(0,me.kt)("h4",{id:"4428-in-the-video"},"(44:28 in the video)"),(0,me.kt)("p",null,"Joe Doss suggested a Podman category on this forum: ",(0,me.kt)("a",{parentName:"p",href:"https://discussion.fedoraproject.org/c/server/coreos/5"},"https://discussion.fedoraproject.org/c/server/coreos/5")," like FCOS?\nTom Sweeney pointed out there is a podman wiki and the mailing list. Thought was expanding the wiki would be useful. Matt Heon would like a place to document what people are doing and how which would probably fit well with a forum or a Wiki. Tom Sweeney to look into setting up a forum in the fedoraproject.org site."),(0,me.kt)("h2",{id:"any-pain-points"},"Any pain points?"),(0,me.kt)("h4",{id:"4919-in-the-video"},"(49:19 in the video)"),(0,me.kt)("p",null,"Brent Baude asked the attendees if they had any pain points with Podman:"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("p",{parentName:"li"},"--cache-from on image building, huge pain not having that.")),(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("p",{parentName:"li"},"jitsi-meet and k3d working in podman?")),(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("p",{parentName:"li"},"we would certainly like to see integration between podman and MPI versions: e.g. mpirun podman imagename to launch a job on some HPC nodes in a rootless podman environment....")),(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("p",{parentName:"li"},"Has cgroup functionaly matured more, especially with systemd. This is still ongoing.")),(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("p",{parentName:"li"},"handling ",(0,me.kt)("inlineCode",{parentName:"p"},"isDeaultGateway")," properly in podman network create (currenlty it is hard-coded to false in NewHostLocalBridge) - I already created an issue ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/issues/8483"},"#8483")))),(0,me.kt)("h2",{id:"systemd-discussion"},"systemd discussion"),(0,me.kt)("h4",{id:"5119-in-the-video"},"(51:19 in the video)"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Joe Doss asked if the interaction between Podman and systemd in regards to cgroups is in a mature state? He's had issues with rootless Podman and systemd. Matt Heon said work has been done, but more work needed.\n\nValentin noted that \"how to\" run a rootless container with systemd is documented in the man pages, but it's not always the greatest place to find info. More blogs and how-tos would be nice to have, from both Red Hat and the community.\n\nA blog post with example config files for this example (running a rootless container with systemd) would be excellent...\n")),(0,me.kt)("h2",{id:"questions"},"Questions?"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"James Cassell asked about how libpod.conf is handled. In v2.0 we swapped out the default reading order so containers.conf is now read first. The libpod.conf file is still supported, but it is suggested to move to containers.conf which is used by more projects (Buildah, Skopeo) other than Podman. We may drop it in v3.0, something to discuss by the development team."),(0,me.kt)("li",{parentName:"ul"},"If a containers.conf has specified a volume, but it doesn't exist? The intent of the question was a way to have a container disable parts of containers.conf (or all of it) and not obey global configuration. This is not presently possible - containers.conf is intended to be a global configuration for all containers. It is possible to override individual settings manually, or for a specific user by adding a containers.conf for the user. We may reevaluate this in the future."),(0,me.kt)("li",{parentName:"ul"},"Is there a way to send a particular option to a particular container using this (containers.conf)? We don't currently have a way to do that specifically at this time.")),(0,me.kt)("h2",{id:"topics-for-next-meeting"},"Topics for Next Meeting"),(0,me.kt)("h3",{id:"note-no-january-meeting"},(0,me.kt)("strong",{parentName:"h3"},"NOTE")," no January meeting."),(0,me.kt)("h4",{id:"5403-in-the-video"},"(54:03 in the video)"),(0,me.kt)("p",null,"Two Proposed Topics:"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"systemd with containers - Valentin Rothberg"),(0,me.kt)("li",{parentName:"ul"},"Docker compose with Podman - Brent Baude")),(0,me.kt)("h2",{id:"next-meeting-tuesday-february-2-2020-1100-am-eastern-utc-5"},"Next Meeting: Tuesday February 2, 2020, 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h3",{id:"meeting-end-1203-pm-eastern-utc-5"},"Meeting End: 12:03 p.m. Eastern (UTC-5)"),(0,me.kt)("h2",{id:"bluejeans-chat-copypaste"},"BlueJeans Chat copy/paste:"),(0,me.kt)("p",null,(0,me.kt)("strong",{parentName:"p"},"Note:")," Many thanks to James Cassell for capturing the Bluejeans chat!"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Tom Sweeney10:56 AM\nPlease sign in at HackMD: https://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\nMe11:08 AM\nyes\nGuest 511:14 AM\nso the alias is for a hostname or networks? -- I'm confused on what exactly is aliased.\nBrent Baude11:14 AM\nyes\nmheon11:14 AM\nIt's basically a DNS CNAME\nGuest 511:14 AM\nbut it is bound to the network. So if the container gets disconnected, the alias is dangling?\nmheon11:15 AM\nThe alias is removed from the container when we disconnect\nGuest 511:15 AM\nthanks!\nmheon11:16 AM\nhttps://asciinema.org/a/376554\nMe11:16 AM\nlooks like 2.1.1 is the newest available in updates-testing on Fedora 33\nDaniel (rhatdan) Walsh11:16 AM\nI saw it this morning.\nBrent Baude11:16 AM\npodman-2.2.0-1.fc32 and fc33 just built\nDaniel (rhatdan) Walsh11:17 AM\nkoji latest-pkg f33-updates-candidate podman\nMe11:17 AM\ngreat! probably hasn't made it to the mirrors yet\nBrent Baude11:17 AM\nit needs bodhi first\nhttps://bodhi.fedoraproject.org/updates/FEDORA-2020-fd0574be76\nNeal Gompa11:17 AM\nhey all!\nBrent Baude11:17 AM\nhttps://bodhi.fedoraproject.org/updates/FEDORA-2020-c9a8fdbd34\nafbjorklund11:17 AM\npodman 2.2.0 is out for ubuntu (ironically enough)\nNeal Gompa11:18 AM\nwell, not for stable releases :)\nand not in the official repos\neven hirsute still only has podman 2.0.6\nafbjorklund11:18 AM\nWill there be a 2.1.2 ?\nBrent Baude11:19 AM\nno\nDaniel (rhatdan) Walsh11:19 AM\nMaster branch is now on 3.0-devel\nBrent Baude11:19 AM\nlets talk versions in wrap up?\nMe11:19 AM\npodman 2.2.0 has buildah 1.18?\nmheon11:20 AM\nYes - 1.18.0\nJoe Doss11:22 AM\n100% agree Neal\nMe11:29 AM\nDoes rootless ignore the /etc/containers/containers.conf version?\nMe11:35 AM\nlibpod.conf?\nGuest 511:35 AM\nhow to disable options on the command-line that are specified in the configuration file?\nJoe Doss11:36 AM\nOnline Documentation on containers.conf?\nBrent Baude11:36 AM\ncmds overrule conf files\nGuest 511:36 AM\nExample: if containers.conf is specifying some volume, but I have a usecase where that must not exist?\nah, ok. makes sense\nMe11:36 AM\nthanks! containers.conf sounds great\nMe11:37 AM\n\"WARN[0000] Found deprecated file /etc/containers/libpod.conf, please remove. Use /etc/containers/containers.conf to override defaults.\"\nGuest 511:39 AM\naah, thanks for the clarification. the distinction between appendable and non-appendable option wasn't obvious to me\nGuest 511:41 AM\nfor clarity, it was an explorative question, I don't have a specific use-case in mind\nGuest 511:45 AM\ndebian does right now (for better or worse)\nubuntu is following debian\nI'd love to drop it, but evidently, nomad-podman is still depending on it\nPablo Greco11:46 AM\ndid I understand correctly, there won't be podman 2.2.x in RHEL?\nChristian Korneck11:47 AM\nunrelated general question: I kind of miss an equivalent to the Docker Forum for Podman where users can exchange about their Podman usage. Stuff that can get verbose. (I think github issues are more dev related?). Would it maybe make sense to create some forum (i.e. by enabling github discussions on the gh repo)?\nBrent Baude11:47 AM\ngood question\nlets talk about it\nMe11:48 AM\nmailing list\nafbjorklund11:48 AM\nWe talked about it last meeting, but podman-machine and minikube were both using varlink. Currently frozen at podman 1.9.3\nMinikube now also supports podman2, so it will use whatever version is on the server (actually looks for \"varlink\" binary)\nChristian Korneck11:49 AM\nok, let me try and jump on the mailinglist :)\nNeal Gompa11:49 AM\nhttps://lists.podman.io\nUwe11:49 AM\nThe list is fine\nJoe Doss11:50 AM\n+1 on a single source of truth for online docs.\nNeal Gompa11:50 AM\ngotta jump off, bye y'all\nJoe Doss11:50 AM\nBye Neal\nafbjorklund11:51 AM\nI have three audio dials\nJoe Doss11:52 AM\nRegarding a forum Maybe a Podman category on https://discussion.fedoraproject.org/c/server/coreos/5 like FCOS?\nmheon11:53 AM\nWe definitely do get questions there\nJoe Doss11:53 AM\nwould be a fast and easy way to get community discussion going for Podman that is not a mailing list.\n--cache-from on image building\nhuge pain not having that.\nGuest 511:54 AM\njitsi-meet and k3d working in podman ? ;-)\nwould be my pet peeves :-)\nJA11:54 AM\nwe would certainly like to see integration between podman and MPI versions: e.g. mpirun podman imagename to launch a job on some HPC nodes....\nPablo Greco11:55 AM\nDan, nnow that gitlab-runner works, it is for me ;)\nChristian Felder11:55 AM\nhandling ``isDeaultGateway`` properly in podman network create (currenlty it is hard-coded to false in NewHostLocalBridge) - I already created an issue #8483\nBrent Baude11:56 AM\nyup got that\nJA11:57 AM\nin a rootless-podman environment...\nMe11:57 AM\nCOPY between stages in multi-stage build seems to hash every file, even if neither of the previous stages changed, which slows down cached rebuilds\nPablo Greco11:57 AM\nNeed to go, $work meeting, thanks!\nafbjorklund11:58 AM\nAbout k3d: do have crio-in-podman running with minikube (even with podman v2)\nJA12:01 PM\na blog post with example config files for this example (running a rootless container with systemd) would be excellent...\nGuest 512:03 PM\nI agree with Joe!\nGreg Shomo (Northeastern)12:03 PM\nthank you all for your time && have a good one\nJoe Doss12:03 PM\nThanks folks\nChristian Felder12:03 PM\nThanks!\nUwe12:04 PM\nthanks, cu\nTom Sweeney12:08 PM\nJames Cassell if you're still on line, could you cut/paste the bluejeans chat into the bottom of the hackmd please?\nDitto anyone else who may still be here.\nMe12:12 PM\nyes, will do\n")))}rn.isMDXComponent=!0;const ln={},hn="Podman Community Meeting",dn=[{value:"June 1, 2021 11:00 a.m. Eastern (UTC-4)",id:"june-1-2021-1100-am-eastern-utc-4",level:2},{value:"Attendees (24 total)",id:"attendees-24-total",level:3},{value:"Meeting Start: 11:03 a.m.",id:"meeting-start-1103-am",level:2},{value:"BlueJeans Recording",id:"bluejeans-recording",level:3},{value:"General Announcements",id:"general-announcements",level:2},{value:"Tom Sweeney",id:"tom-sweeney",level:3},{value:"Podman and TYE",id:"podman-and-tye",level:2},{value:"Tom Deseyn",id:"tom-deseyn",level:3},{value:"(3:00 in the video)",id:"300-in-the-video",level:4},{value:"Slides",id:"slides",level:4},{value:"Podman v3.2.0 Updates",id:"podman-v320-updates",level:2},{value:"Matt Heon",id:"matt-heon",level:3},{value:"(15:50 in the video)",id:"1550-in-the-video",level:4},{value:"Podman in Kubernetes",id:"podman-in-kubernetes",level:2},{value:"Urvashi Mohnani",id:"urvashi-mohnani",level:3},{value:"(20:18 in the video)",id:"2018-in-the-video",level:4},{value:"Podman Machine Updates",id:"podman-machine-updates",level:2},{value:"Brent Baude",id:"brent-baude",level:3},{value:"(32:00 in the video)",id:"3200-in-the-video",level:4},{value:"Slides",id:"slides-1",level:4},{value:"Questions?",id:"questions",level:2},{value:"(38:44) in the video)",id:"3844-in-the-video",level:4},{value:"Topics for Next Meeting",id:"topics-for-next-meeting",level:2},{value:"Next Meeting: Tuesday August 3, 2021, 11:00 a.m. Eastern (UTC-4)",id:"next-meeting-tuesday-august-3-2021-1100-am-eastern-utc-4",level:2},{value:"Meeting End: 11:57 a.m. Eastern (UTC-4)",id:"meeting-end-1157-am-eastern-utc-4",level:3},{value:"BlueJeans Chat copy/paste:",id:"bluejeans-chat-copypaste",level:2}],un={toc:dn},mn="wrapper";function cn(e){let{components:t,...n}=e;return(0,me.kt)(mn,(0,K.Z)({},un,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-meeting"},"Podman Community Meeting"),(0,me.kt)("h2",{id:"june-1-2021-1100-am-eastern-utc-4"},"June 1, 2021 11:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h3",{id:"attendees-24-total"},"Attendees (24 total)"),(0,me.kt)("p",null,"Tom Sweeney, Brent Baude, Jhon Honce, Dan Walsh, Chris Evich, Urvashi Mohnani, Nalin Dahyabhai, Eduardo Santiago, Matt Heon, Ashley Cui, Paul Holzinger, Greg Shomo, Tom Deseyn, Andrew Slice, Anders Bj\xf6rklund, Shion Tanaka, Alex Litvak, Juanje Ojeda, Deepak Bhole, Eduardo Vega, Falsal Rzzzak, Juanje Ojeda, Omair Majid, Peter Hunt, Preethi Thomas, Uwe Reh"),(0,me.kt)("h2",{id:"meeting-start-1103-am"},"Meeting Start: 11:03 a.m."),(0,me.kt)("h3",{id:"bluejeans-recording"},"BlueJeans ",(0,me.kt)("a",{parentName:"h3",href:"https://bluejeans.com/s/3fO@uV5g9KF"},"Recording")),(0,me.kt)("h2",{id:"general-announcements"},"General Announcements"),(0,me.kt)("h3",{id:"tom-sweeney"},"Tom Sweeney"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"No July Meeting due to holiday and vacations, we meet next on Tuesday August 3rd."),(0,me.kt)("li",{parentName:"ul"},"The Podman IRC channel is moving. We've left the Freenode server and now the #podman channel lives on the Libera server.")),(0,me.kt)("h2",{id:"podman-and-tye"},"Podman and TYE"),(0,me.kt)("h3",{id:"tom-deseyn"},"Tom Deseyn"),(0,me.kt)("h4",{id:"300-in-the-video"},"(3:00 in the video)"),(0,me.kt)("h4",{id:"slides"},(0,me.kt)("a",{parentName:"h4",href:"https://github.com/containers/podman.io/blob/main/community/meeting/notes/2021-06-01/tye_meets_podman.pdf"},"Slides")),(0,me.kt)("p",null,"Tom is working for Red Hat on .NET. His team has been building and packaging .Net on Red Hat Enterprise Linux (RHEL) and OpenShift Container Platform (OCP) for about the past five years. Focus on cloud development. TYE is from Microsoft and is meant to ease development of .NET based applications. TYE was not originally working with Podman, but he worked with the Podman team to get it to work. That was delivered earlier this year. Many of these features were also needed by Docker Compose."),(0,me.kt)("p",null,"Two use cases, Development and Deployment."),(0,me.kt)("p",null,"Development"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Run several services",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},".Net applications"),(0,me.kt)("li",{parentName:"ul"},"Containers",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"Let them find one another"))),(0,me.kt)("li",{parentName:"ul"},"Dashboard"),(0,me.kt)("li",{parentName:"ul"},"Debugging"),(0,me.kt)("li",{parentName:"ul"},"Watch")))),(0,me.kt)("p",null,"Deployment"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Containerize"),(0,me.kt)("li",{parentName:"ul"},"Generate Kubernetes manifest"),(0,me.kt)("li",{parentName:"ul"},"Service binding")),(0,me.kt)("p",null,"Demo (7:00 in the video)"),(0,me.kt)("p",null,"TYE has a command line interface. The ",(0,me.kt)("inlineCode",{parentName:"p"},"tye run")," command will bring up a dashboard of services. He can then traverse through the services in the GUI."),(0,me.kt)("p",null,"TYE started the applications and the containers for each service including the ports. Each service has a log that can be looked at and metrics from .NET within the GUI."),(0,me.kt)("p",null,"This was all done via a yaml file that defined the services. Based on this, TYE launched the applications."),(0,me.kt)("p",null,"(Demo End 11:35)"),(0,me.kt)("p",null,"Tom showed a second slide."),(0,me.kt)("p",null,"Blue boxes are containers, red boxes are regular applications running on the host."),(0,me.kt)("p",null,"TYE allows you to connect to a running application and debug it."),(0,me.kt)("p",null,"TYE started two containers. For both backend and frontend proxies uses the loopback provided by Podman. Now in .NET he can debug within the provided interface from .NET. Under the covers it's using Podman v3.0 as it was using Docker before."),(0,me.kt)("p",null,"TYE is a single host tool for developers."),(0,me.kt)("h2",{id:"podman-v320-updates"},"Podman v3.2.0 Updates"),(0,me.kt)("h3",{id:"matt-heon"},"Matt Heon"),(0,me.kt)("h4",{id:"1550-in-the-video"},"(15:50 in the video)"),(0,me.kt)("p",null,"Currently on final RC, hoping to get final release today or in the next few days."),(0,me.kt)("p",null,(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/releases/tag/v3.2.0-rc3"},"Podman v3.2.0-rc3 Release Notes")),(0,me.kt)("p",null,"Features:"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Docker compose is supported with rootless Podman."),(0,me.kt)("li",{parentName:"ul"},"Rootless CNI networking should work on any architecture."),(0,me.kt)("li",{parentName:"ul"},"Podman Machine commands to handle virtual machines, most useful for MacOS."),(0,me.kt)("li",{parentName:"ul"},"Podman generate Kube updates"),(0,me.kt)("li",{parentName:"ul"},"podman start --all now works"),(0,me.kt)("li",{parentName:"ul"},"Changes made to allow Podman to work better in a container. Blog post incoming with details.")),(0,me.kt)("h2",{id:"podman-in-kubernetes"},"Podman in Kubernetes"),(0,me.kt)("h3",{id:"urvashi-mohnani"},"Urvashi Mohnani"),(0,me.kt)("h4",{id:"2018-in-the-video"},"(20:18 in the video)"),(0,me.kt)("p",null,"Demos for running Podman inside a Kubernetes cluster. Still slightly experimental."),(0,me.kt)("p",null,"Urvashi has a local Kubernetes cluster up and is running CRI-O as her container runtime engine. Easiest way to run things is to have privileged set to true in the cluster and she ran a user set to 1000."),(0,me.kt)("p",null,'She ran a simple Podman container inside of a Kubernetes container to do a "Hello" to sysout.'),(0,me.kt)("p",null,"She then built within the Kubernetes container. Even though the Kubernetes container is privileged, the Podman container within is not and is using usernamespace."),(0,me.kt)("p",null,"Now she showed running as an unprivileged Kubernetes container, and to do that you need to set selinux to permissive mode. That's necessary as the containers can't mount all the file systems that they need to run. You also need to mount the dev fuse device as that's needed for the overlayfs file system."),(0,me.kt)("p",null,"She then ran a nonprivileged container within a nonprivileged Kubernetes containers. Showed doing builds, but errors can occur. Need to change ",(0,me.kt)("inlineCode",{parentName:"p"},"--isolation")," to chroot in the ",(0,me.kt)("inlineCode",{parentName:"p"},"podman build")," command."),(0,me.kt)("p",null,"Ran Podman in a unprivileged container, but the Podman container was run as root."),(0,me.kt)("p",null,"You can also run Podman service on your host and leave a socket entry to your container. This is done with a volume mount of the socket. You can then run ",(0,me.kt)("inlineCode",{parentName:"p"},"podman --remote")," command against that socket."),(0,me.kt)("p",null,"If you use CRI-O as your runtime engine, you can add a user and a node annotation to your runtime. But it is experimental at the moment in Kubernetes and CRI-O. However, that tells CRI-O to create your container within your usernamespace."),(0,me.kt)("p",null,"A blog coming out for running Podman in Kubernetes and it will become part of the official documentation."),(0,me.kt)("h2",{id:"podman-machine-updates"},"Podman Machine Updates"),(0,me.kt)("h3",{id:"brent-baude"},"Brent Baude"),(0,me.kt)("h4",{id:"3200-in-the-video"},"(32:00 in the video)"),(0,me.kt)("h4",{id:"slides-1"},(0,me.kt)("a",{parentName:"h4",href:"https://github.com/containers/podman.io/blob/main/community/meeting/notes/2021-06-01/podman_machine.pdf"},"Slides")),(0,me.kt)("p",null,"Why run Podman Machine on Linux rather than run it on the host? It makes sense from a MacOS. Would be good where you wanted to run containers and wanted to have some level of separation. Also good for testing on a Linux machine before moving it to Windows or Mac. Could also be good to see if Podman works with other Linux Operating Systems other than your native system."),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"What's in development?",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"Working custom images for x86_64 Linux and MacOS and aarch64 Linux and aarch MacOS"),(0,me.kt)("li",{parentName:"ul"},"Port forwarding on hot"),(0,me.kt)("li",{parentName:"ul"},"Some buggy code that needs testing"))),(0,me.kt)("li",{parentName:"ul"},"Remaining obstacles",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"Merge development code"),(0,me.kt)("li",{parentName:"ul"},"Packaging for both Linux and Brew"),(0,me.kt)("li",{parentName:"ul"},"aarch64 support for FCOS is pending (will lead with x86_64)"),(0,me.kt)("li",{parentName:"ul"},"Upstream merge of qemu support for M1"))),(0,me.kt)("li",{parentName:"ul"},"Looking forward",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"Need a reasonably performant sollution for mounting from host"),(0,me.kt)("li",{parentName:"ul"},"Work with FCOS team to reduce size of base image.")))),(0,me.kt)("p",null,"It makes sense that you'd run Linux on MacOS to create a container, but why do so on Linux? Possibly to test different archtectures, to maintain a level of separation between the host and the container, or running a separate Linux distribution. Good for proof of concept testing to make sure the container will run on Windows or Mac in the machine."),(0,me.kt)("h2",{id:"questions"},"Questions?"),(0,me.kt)("h4",{id:"3844-in-the-video"},"(38:44) in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"More general discussions during the meeting for a more general discussion? If you have an idea that you'd like discussed, talk to Tom Sweeney to setup a meeting with folks. Might do IRC meetings too for a set time.")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Kubernetes on Podman? Running Podman on Kubernetes now (see Urvashi's demo above). Using CRI-O in Podman basically. It would be nice to have a Kublet that queries Podman.")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Can you sign an image in Kubernetes then use that in Kubernetes? We have simple signing in Podman with GPG, but Kubernetes doesn't understand this."))),(0,me.kt)("h2",{id:"topics-for-next-meeting"},"Topics for Next Meeting"),(0,me.kt)("p",null,"Topic suggestion: Using Podman to sign images in k8s and then using signed images in k8s ? (Focus on GPG signing.)"),(0,me.kt)("h2",{id:"next-meeting-tuesday-august-3-2021-1100-am-eastern-utc-4"},"Next Meeting: Tuesday August 3, 2021, 11:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h3",{id:"meeting-end-1157-am-eastern-utc-4"},"Meeting End: 11:57 a.m. Eastern (UTC-4)"),(0,me.kt)("h2",{id:"bluejeans-chat-copypaste"},"BlueJeans Chat copy/paste:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Me10:56 AM\nPlease sign in https://hackmd.io/fc1zraYdS0-klJ2KJcfC7w?edit\nbaude11:01 AM\nyou have to unmute me\nit says you muted me\nMatt Heon11:23 AM\nhttps://github.com/containers/podman/releases/tag/v3.2.0-rc3\n(These are marked as preliminary but they're almost-final - just a few more changes planned)\nFaisal Razzak11:33 AM\nWill we have documentation for podman inside k8s ?\nAlex Litvak11:33 AM\npodman in lxc?\nMatt Heon11:35 AM\nAFAIK LXC is usually run rootless, which is probably going to be problematic\nLikely can be convinced to work but it's going to take effort\n@Faisal the intent is for the blog to be the documentation - we're going to host a copy on the website and keep updating it as things change\nAlex Litvak11:36 AM\nI will give it a shot and report but most of mine lxcs are privileged\nMatt Heon11:36 AM\nAh, that should be a lot easier\nMay have to add /dev/fuse to get fuse-overlayfs working\nFaisal Razzak11:48 AM\nTopic: Using podman to sign images in k8s and then using signed images in k8s ?\nI want to focus on GPG signing and not notary\nMe11:51 AM\n Fun Fact: A chef's tall hat (officially known as a \"toque\") is traditionally made with 100 pleats, meant to represent the 100 ways to cook an egg.\nFaisal Razzak11:52 AM\nThe effort to integrate podman with codesign or any other interface. Are these meetings public or can I participate ?\nFaisal Razzak11:55 AM\nok, I will\nI have background in code signing using GPG and PKCS11 interfaces\nUwe Reh11:56 AM\nby\n")))}cn.isMDXComponent=!0;const pn={},gn="Podman Community Cabal Meeting Notes",kn=[{value:"September 16, 2021 11:00 a.m. Eastern",id:"september-16-2021-1100-am-eastern",level:2},{value:"September 16, 2021 Topics",id:"september-16-2021-topics",level:2},{value:"Meeting Notes",id:"meeting-notes",level:3},{value:"Build an Image with a Template File (0:42 in video)",id:"build-an-image-with-a-template-file-042-in-video",level:4},{value:"Podman Desktop (1:30 in video)",id:"podman-desktop-130-in-video",level:4},{value:"Podman machine volume mounts (39:10 in video)",id:"podman-machine-volume-mounts-3910-in-video",level:4},{value:"Open discussion (50:20 in video)",id:"open-discussion-5020-in-video",level:4},{value:"Next Meeting: Thursday October 21, 2021 10:00 a.m. EDT (UTC-4)",id:"next-meeting-thursday-october-21-2021-1000-am-edt-utc-4",level:3},{value:"Possible Topics:",id:"possible-topics",level:3}],yn={toc:kn},wn="wrapper";function fn(e){let{components:t,...n}=e;return(0,me.kt)(wn,(0,K.Z)({},yn,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-cabal-meeting-notes"},"Podman Community Cabal Meeting Notes"),(0,me.kt)("p",null,"One-hour meeting on the third Thursday of every month at 10:00 a.m. US/Eastern (UTC-4) to deep dive into topics on the agenda. Please add your name at the end of the topic so we know who the topic owner is.\nMeeting ID: ",(0,me.kt)("a",{parentName:"p",href:"https://meet.google.com/ieq-pxhy-jbh"},"https://meet.google.com/ieq-pxhy-jbh")),(0,me.kt)("p",null,"Try out ",(0,me.kt)("a",{parentName:"p",href:"https://www.worldtimebuddy.com/?pl=1&lid=5,0&h=5&date=9/16/2021%7C3&hf=1"},"WorldTimeBuddy")),(0,me.kt)("p",null,"Attendees: Tom Sweeney, Brent Baude, Christopher Fergeau, Chris Evich, Matej Vasek, Mehul Arora, Miloslav Trmac, Nalin Dahyabhai, Scott McCarty, Urvashi Mohnani, Eduardo Santiago, Guillaume Rose, Hugh Campbell (Riot Games in a personal capacity), Dan Walsh, Anders Bj\xf6rklund, Ashley Cui, Matt Heon, Paul Holzinger, Praveen Kumar, Gerard Braad, Giuseppe Scrivano, Lokesh Mandvekar, Kerry Zamore"),(0,me.kt)("h2",{id:"september-16-2021-1100-am-eastern"},"September 16, 2021 11:00 a.m. Eastern"),(0,me.kt)("h2",{id:"september-16-2021-topics"},"September 16, 2021 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Podman Desktop"),(0,me.kt)("li",{parentName:"ol"},"Podman machine volume mounts"),(0,me.kt)("li",{parentName:"ol"},"Open Discussion")),(0,me.kt)("h3",{id:"meeting-notes"},"Meeting Notes"),(0,me.kt)("p",null,"Video ",(0,me.kt)("a",{parentName:"p",href:"https://drive.google.com/file/d/1kCm-AK0Gqpk5Eua3m26agzxIp8NLR73x/view?usp=drive_web"},"Recording")),(0,me.kt)("p",null,"Meeting start:10:04 a.m. Thursday, September 16, 2021"),(0,me.kt)("h4",{id:"build-an-image-with-a-template-file-042-in-video"},"Build an Image with a Template File (0:42 in video)"),(0,me.kt)("p",null,"Topic for next month from: ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/stellarpower"},"https://github.com/stellarpower"),"\nProposal here: ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/buildah/issues/3479"},"https://github.com/containers/buildah/issues/3479")),(0,me.kt)("h4",{id:"podman-desktop-130-in-video"},"Podman Desktop (1:30 in video)"),(0,me.kt)("p",null,"The topic has gotten very hot over the past few weeks. People want some form of desktop presence. The big focus is on stop/start and status of things running. The maintainers wanted to solicit the community to find out what they think. If we just do what Docker does, then it might not be enough. We want to make it better if possible."),(0,me.kt)("p",null,(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/issues/11494"},"https://github.com/containers/podman/issues/11494")," - Discussion in play online."),(0,me.kt)("p",null,"Dan would like Podman to remain as a CLI tool, with the Desktop as an optional wrapper that could be used."),(0,me.kt)("p",null,"Gerard - people want a desktop application that integrates well and can be considered a first-class citizen. In addition to start/stop/status, also reinitialization. Will it be a tray application or something that supplements your view?"),(0,me.kt)("p",null,"Dan - we're hearing that compose doesn't work on Mac due to the socket not being set up. Do we want to expose registry.conf and how to handle the sockets."),(0,me.kt)("p",null,"What is the initial goal? Is it a windows tray application, but that might be very information-dense with many containers. Want to be able to query logs on a container."),(0,me.kt)("p",null,"Brent's take is that knowing what users want will help us make decisions and that's part of our current process."),(0,me.kt)("p",null,"Gerard - you have to watch the scale, so there may not be a single solution. So we need to identify what it looks like at the start."),(0,me.kt)("p",null,"Scott would like to ensure functionality. He'd like to be able to run docker compose and it would just work. He also wants to be able to serve a super user along with a novice user."),(0,me.kt)("p",null,"Dan sees the desktop as managing connections. The podman that runs on a mac, is podman remote. Cockpit might be a player in this space when you're trying to look at the containers. One of our pain points on the mac was figuring out how to connect to your linux server. Most of that was solved with podman machine. So that's why he sees this as more of a management system."),(0,me.kt)("p",null,"In the future, we might have podman machine that could handle different VM types (Ubuntu, RHEL, SUSE) either local or remote to the system."),(0,me.kt)("p",null,"Anders with docker machine you could have many machines going at once, but with Docker desktop has only one machine running in the background. He anticipates the machine concept in Podman will be almost hidden, something most users wouldn't have to be aware of."),(0,me.kt)("p",null,"In chat, Gerard noted: Podman Dekstop might not be the right name, as the desktop (local VM) is just a small part of the puzzle. The key point seems the connectivity and view/status of these connections."),(0,me.kt)("p",null,"Anders thinks there might be one desktop to handle the machines, and another to handle the containers."),(0,me.kt)("p",null,"Brent asked about brew in the enterprise as we've gotten some push back from folks on its use."),(0,me.kt)("p",null,"Gerard doesn't think it will be much of a concern, but Dan noted that some enterprise customers are blocking the use."),(0,me.kt)("p",null,'We will package in brew, the question outstanding is whether or not to provide another "more trusted" place to get a hold of the podman and/or desktop software. This would be used by enterprise customers who need to load only software with more verification than brew provides.'),(0,me.kt)("p",null,"Hugh struggles with keeping his folks from running with root in containers. If he could get Podman Desktop to be like 80% of what Docker Desktop does. It would help people understand that more container tech than just Docker. At Riot, they want to get stuff done as quickly as possible, so it needs to be easy/fast."),(0,me.kt)("p",null,"For Riot, the Docker announcement caught them by surprise."),(0,me.kt)("p",null,"Is not running root in a container the most important point of interest? Hugh would like it to be there, at very least made the people aware of the badness of running as root as they started to do that. Perhaps some kind of slider to select root/non-root, eg. setting the compatibility level (security settings?)."),(0,me.kt)("p",null,"Dan can't envision why you'd need root inside most containers in a game devel environment. He thinks they might not be aware of security."),(0,me.kt)("p",null,"Will write up a Product Specification document for what Podman will provide."),(0,me.kt)("p",null,"For the tray, Brent wants to know if \u201cshift\u201d is the only way to provide it. Gerard create a tray app in go but ran into a lack of options while developing. So it held them back from being integrated with the system."),(0,me.kt)("p",null,"Their issue with not using a native application, then the product wasn't as crisp-looking and deeply integrated with the OS. Eg. Minishift tried to use Golang with a library from lantern, but this lead to issues around integration. ",(0,me.kt)("a",{parentName:"p",href:"https://www.electronjs.org/"},"Electron")," is a development environment that creates desktop applications in JavaScript and web pages. you can you CSS to make the look and feel just right. The output is usable in Linux, Mac, and Windows. GitHub Desktop, VSCode, Discord, and the Slack desktop app are based on Electron for instance. The advantage might be that some of the Cockpit components might be (re)used."),(0,me.kt)("h4",{id:"podman-machine-volume-mounts-3910-in-video"},"Podman machine volume mounts (39:10 in video)"),(0,me.kt)("p",null,"For mac volumes, no native support. Using a reverse mount with ssh to the host. Matt Heon would like to get to using a flag to the mount from the machine command. He would like to get something out quickly."),(0,me.kt)("p",null,"His target would be native support in about a year (Fall 2022)."),(0,me.kt)("p",null,"Anders has a use case where a home directory can be mounted on a root directory in the VM, but you need to add a prefix. Anders ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/pull/11454"},"PR")),(0,me.kt)("p",null,"Does Docker Desktop do what Podman should do? Per what Matt has seen, it does, but he's not sure about the performance issues. However, that's probably the same or similar issue in Docker and Podman."),(0,me.kt)("p",null,"Podman remote client will need to be a lot smarter than it is now. Anders PR is a quick startup solution, but further work will be needed from there."),(0,me.kt)("p",null,"Some of the stuff that Anders has seen in Desktop, is a little less secure than he thinks it should be."),(0,me.kt)("p",null,"SSHfs is what Gerard has used and it seems to have worked well for his environment. Something that Matt is looking into using."),(0,me.kt)("p",null,"Dan doesn't think we want mounting storage for an image from the mac to the VM."),(0,me.kt)("p",null,"The advantage of using ssh, it's ubiquitous."),(0,me.kt)("p",null,"The first pass should be using SSHfs."),(0,me.kt)("h4",{id:"open-discussion-5020-in-video"},"Open discussion (50:20 in video)"),(0,me.kt)("p",null,"1.) What's the WSL2 status?"),(0,me.kt)("p",null,"Brent said there's a document or a script to make it less painful. Dan noted that the Podman team is working with Microsoft. Gerard would like to see a document. Brent noted it should be here very soon, but the person working on it is not part of Red Hat, not in the meeting, and he doesn't want to promise things."),(0,me.kt)("p",null,"2.) Cost of Podman Desktop?"),(0,me.kt)("p",null,"We're targeting free open-source."),(0,me.kt)("p",null,"3.) What is ETA for the Desktop?"),(0,me.kt)("p",null,"Brent hopes to solve the volume, needs M1 support for qemu. Those need to be done first, then we would look at Desktop. If nodejs, we'll need help or will have to learn it."),(0,me.kt)("p",null,"We need to have an initial release by January 1, 2022. Then build from there. A full-bodied release later in 2022."),(0,me.kt)("p",null,"4.) Has anyone run into Podman Machine Build is a lot slower than Docker."),(0,me.kt)("p",null,"Matt has a link to someone reporting the issue."),(0,me.kt)("h3",{id:"next-meeting-thursday-october-21-2021-1000-am-edt-utc-4"},"Next Meeting: Thursday October 21, 2021 10:00 a.m. EDT (UTC-4)"),(0,me.kt)("h3",{id:"possible-topics"},"Possible Topics:"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Build an Image with a Template File"),(0,me.kt)("li",{parentName:"ol"},"How to handle weekly releases of Desktop, circleCI, appveyor? Desktop builds (like Electron based), install package generation, or signing on macOS required more than the usual offers that are available.")),(0,me.kt)("p",null,"Raw BlueJeans:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"You10:01 AM\nhttps://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nHugh Campbell10:02 AM\nHi everyone\nPraveen Kumar10:02 AM\nHello everyone\nGerard Braad10:03 AM\n@Praveen if you have connection issuesyou can also ping me on Slack if more is needed\nDaniel Walsh10:03 AM\nAgenda doc: https://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nGerard Braad10:06 AM\nSome form:\n * status indication (VM)\n * controls (start, stop)\nPraveen Kumar10:06 AM\nneed to rejoin, not able to hear anything :(\nGerard Braad10:13 AM\nThis is actually the same I wanna know ;-)\nGerard Braad10:15 AM\nThis means a easy switch between configurations\nand a springboard to a developer prompt for this\nGerard Braad10:17 AM\n^^ @dan @scott ^^\nGerard Braad10:20 AM\nPodman Dekstop might not be right name, as the desktop (local VM) is just a small part of the puzzle. The key point seems the connecitivity and view/status of these conections\nScott McCarty10:22 AM\nBRB\nGerard Braad10:23 AM\nthe VM is just another endpoint/another podman you can connect to.\nthe tray and/or app might have very different tasks. the application (dialogs) will show the details of the connection and the containers\nwhile the tray might show the lifecycle management and the possible connections\nHugh Campbell10:27 AM\nWe use brew here at Riot with our Macs and brew is a good solution but knowing developers here - it doesn't have to be an exact 1:1 but if 80% of Podman Desktop for Mac can be like Docker Desktop for Mac it's would help make transition so much easier\nGerard Braad10:28 AM\n^^ :+1 right. but I believe for Brew and Choco there is a docker-desktop and docker-cli package, right?\nHugh Campbell10:28 AM\nI believe so but don't quote me on that\nGerard Braad10:30 AM\nI believe on mac you have the two kinds of users; those that want a dmg/pkg, and those that want brew\nBrent Baude10:30 AM\ncorrect\nGerard Braad10:30 AM\nand on Windows you start to see the same with wanting and .exe msi or using choco inst\nAnders F Bj\xf6rklund10:30 AM\nI dunno, I wanted rpm and port :-)\nGerard Braad10:30 AM\n;-)\nGerard Braad10:31 AM\nis that PNAELV ?\nGerard Braad10:34 AM\nPretty much like the Firewall/Internet Security slider in Windows :-)\nsetting a 'compatibility level'\nAnders F Bj\xf6rklund10:39 AM\nhere is my quick last night poc for doing a cross-platform (Qt) systray in a cross-platform language (C++):\nhttps://github.com/afbjorklund/podman-systray\nso far it has the icon :-)\nHugh Campbell10:39 AM\nVSCode\nGerard Braad10:40 AM\n^^ VS Code is developeed using electron\nErik Bernoth10:40 AM\nSlack and Discord might be written in Electron, iirc\nHugh Campbell10:41 AM\nI believe they are as well for Mac\nGerard Braad10:43 AM\n@Dan the advatnage of Electron is that the Cockpit components can most likely can be reused\nGerard Braad10:44 AM\n^^^ can I add this reference to the doc?\n@Tom\nYou10:45 AM\nGerard, please and thank you!\nAnders F Bj\xf6rklund10:48 AM\nhttps://github.com/containers/podman/pull/11454\nYou10:48 AM\nty Anders!\nHugh Campbell10:49 AM\nNative would be awesome but 80-85% of what is there currently in Docker Desktop for Podman Desktop would be great for my devs\nAnders F Bj\xf6rklund10:54 AM\na lot of interesting things happening with \"macOS subsystem for Linux\" (lima)\nmight be on par with WSL, although unofficial (Apple never supports other OS)\nGerard Braad11:00 AM\n@Tom https://github.com/gbraad\nMehul Arora11:03 AM\nyes, it is\nHugh Campbell11:04 AM\nThanks everyone!\nKherry Zamore11:05 AM\nthanks\nieq-pxhy-jbh\n")))}fn.isMDXComponent=!0;const bn={},vn="Podman Community Meeting Notes",Mn=[{value:"December 7, 2021 11:00 a.m. Eastern (UTC-5)",id:"december-7-2021-1100-am-eastern-utc-5",level:2},{value:"Attendees (18 total)",id:"attendees-18-total",level:3},{value:"Meeting Start: 11:03 a.m.",id:"meeting-start-1103-am",level:2},{value:"BlueJeans Recording",id:"bluejeans-recording",level:3},{value:"Netavark Status",id:"netavark-status",level:2},{value:"Matt Heon",id:"matt-heon",level:3},{value:"(1:52 in the video)",id:"152-in-the-video",level:4},{value:"Podman on Windows Demo",id:"podman-on-windows-demo",level:2},{value:"Jason Greene via Tom Sweeney",id:"jason-greene-via-tom-sweeney",level:3},{value:"(10:12 in the video)",id:"1012-in-the-video",level:4},{value:"Meeting Announcement",id:"meeting-announcement",level:2},{value:"Open Forum/Questions?",id:"open-forumquestions",level:2},{value:"(26:00) in the video)",id:"2600-in-the-video",level:4},{value:"Topics for Next Meeting",id:"topics-for-next-meeting",level:2},{value:"Next Meeting: Tuesday February 1, 2021, 11:00 a.m. Eastern (UTC-5)",id:"next-meeting-tuesday-february-1-2021-1100-am-eastern-utc-5",level:2},{value:"Next Cabal Meeting: Thursday December 16, 2021, 11:00 a.m. Eastern (UTC-5)",id:"next-cabal-meeting-thursday-december-16-2021-1100-am-eastern-utc-5",level:2},{value:"Meeting End: 11:37 a.m. Eastern (UTC-5)",id:"meeting-end-1137-am-eastern-utc-5",level:3},{value:"BlueJeans Chat copy/paste:",id:"bluejeans-chat-copypaste",level:2}],An={toc:Mn},In="wrapper";function Tn(e){let{components:t,...n}=e;return(0,me.kt)(In,(0,K.Z)({},An,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-meeting-notes"},"Podman Community Meeting Notes"),(0,me.kt)("h2",{id:"december-7-2021-1100-am-eastern-utc-5"},"December 7, 2021 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h3",{id:"attendees-18-total"},"Attendees (18 total)"),(0,me.kt)("p",null,"Tom Sweeney, Jhon Honce, Chris Evich, Urvashi Mohnani, Matt Heon, Chris Evich, Anders Bj\xf6rklund, Ashley Cui, Aditya Rajan, Rudolf Vesely, Shion Tanaka, Eduardo Santiago, Valentin Rothberg, Paul Holzinger, Nalin Dahyabhai, Martin Jackson, Preethi Thomas, Ionut Stoica"),(0,me.kt)("h2",{id:"meeting-start-1103-am"},"Meeting Start: 11:03 a.m."),(0,me.kt)("h3",{id:"bluejeans-recording"},"BlueJeans ",(0,me.kt)("a",{parentName:"h3",href:"https://youtu.be/WUk_ZzVThd8"},"Recording")),(0,me.kt)("h2",{id:"netavark-status"},"Netavark Status"),(0,me.kt)("h3",{id:"matt-heon"},"Matt Heon"),(0,me.kt)("h4",{id:"152-in-the-video"},"(1:52 in the video)"),(0,me.kt)("p",null,(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/netavark"},"netavark")),(0,me.kt)("p",null,"Dumping the network stack for a new one in Podman 4.0, one that we will own and control. Netavark is mostly working for IPv4 and a firewall driver is close to being completed."),(0,me.kt)("p",null,"Podman with netavark GitHub repo: ",(0,me.kt)("a",{parentName:"p",href:"https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/"},"https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/")),(0,me.kt)("p",null,"Looking to replece DNS Server within Podman too with this change. The goal is to have a container with as many networks as you'd want. Testers are very welcomed. Bug reports to the netavark for network issues, against Podman in it's GitHub if more Podman related."),(0,me.kt)("h2",{id:"podman-on-windows-demo"},"Podman on Windows Demo"),(0,me.kt)("h3",{id:"jason-greene-via-tom-sweeney"},"Jason Greene via Tom Sweeney"),(0,me.kt)("h4",{id:"1012-in-the-video"},"(10:12 in the video)"),(0,me.kt)("p",null,"(We had trouble with the video sharing, Tom Sweeney narrated badly...)"),(0,me.kt)("p",null,"Jason's first video showed how to run Podman on a Windows machine using WSL. It basically has the same look, feel as the macOS variant does. Jason talked about the architecutre under the covers and things he wants to improve upon. The direct ",(0,me.kt)("a",{parentName:"p",href:"https://youtu.be/KIGeWpd91Z0"},"Video")," can be found on YouTube along with Jason's Update ",(0,me.kt)("a",{parentName:"p",href:"https://youtu.be/ub2m15yW-fg"},"Video")," which was not shown in the meeting. The update shows his progress and how Podman can be installed on a Windows machine that doesn't have WSL."),(0,me.kt)("p",null,"The quality is much better there than in the meetings recording."),(0,me.kt)("h2",{id:"meeting-announcement"},"Meeting Announcement"),(0,me.kt)("p",null,"Going to hold this meeting every other month on the first Tuesday of the month starting in Feburary (even numbered months). The Cabal meeting will remain a monthly meeting on the third Thursday of each month."),(0,me.kt)("h2",{id:"open-forumquestions"},"Open Forum/Questions?"),(0,me.kt)("h4",{id:"2600-in-the-video"},"(26:00) in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Podman on Fedora32 on Windows doesn't go easy.\nMatt thinks this is a systemd issue and more invesigation is needed.")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Ionut Stoica is working on a project to add tools for front end work. ",(0,me.kt)("a",{parentName:"p",href:"https://iongion.github.io/podman-desktop-companion/"},"https://iongion.github.io/podman-desktop-companion/")," It's kind of Cockpit like. Hopes to add more in the future. Looking at Windows and mac, but needs to work on compilation issues. Easier on the Mac, but needs to use Lima. Will check in with Jason Greene"))),(0,me.kt)("h2",{id:"topics-for-next-meeting"},"Topics for Next Meeting"),(0,me.kt)("p",null,"None specified."),(0,me.kt)("h2",{id:"next-meeting-tuesday-february-1-2021-1100-am-eastern-utc-5"},"Next Meeting: Tuesday February 1, 2021, 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h2",{id:"next-cabal-meeting-thursday-december-16-2021-1100-am-eastern-utc-5"},"Next Cabal Meeting: Thursday December 16, 2021, 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h3",{id:"meeting-end-1137-am-eastern-utc-5"},"Meeting End: 11:37 a.m. Eastern (UTC-5)"),(0,me.kt)("h2",{id:"bluejeans-chat-copypaste"},"BlueJeans Chat copy/paste:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Me10:53 AM\nPlease sign in https://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\nMatt Heon11:06 AM\nhttps://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/\nMatt Heon11:08 AM\nhttps://github.com/containers/netavark\nMe11:09 AM\nDid I share anything?\nMe11:25 AM\nOh good, I can see people talking, but I can't hear anything\nPavel11:26 AM\nI'm trying to run Podman on Fedora35 WS and it doesn't go easy: the home area concept conflicts with podman storge conf\nChris Evich11:26 AM\nTom, if you're talking we can't hear you :(\nPavel11:27 AM\nUser's home is not static - it is mounted dynamically\nMe11:27 AM\nI've lost my audio, I can't hear, trying to get it bak.\nChristian Felder11:27 AM\nI think Marin Jackson's Audio isn't working either\n(Martin Jackson) - sorry typo\niongion11:32 AM\nhttps://iongion.github.io/podman-desktop-companion/\niongion11:33 AM\nhttps://github.com/iongion/podman-desktop-companion\nMe11:35 AM\ntsweeney@redhat.com\niongion11:37 AM\nIonut Stoica\n")))}Tn.isMDXComponent=!0;const Sn={},Nn="Podman Community Cabal Meeting Notes",Cn=[{value:"March 17, 2022 11:00 a.m. Eastern",id:"march-17-2022-1100-am-eastern",level:2},{value:"March 17, 2022 Topics",id:"march-17-2022-topics",level:2},{value:"Meeting Notes",id:"meeting-notes",level:3},{value:"/etc/hosts in containers - (1:30 in video) - Paul Holzinger",id:"etchosts-in-containers---130-in-video---paul-holzinger",level:3},{value:"Mac OS Volume Mounts - (28:40 in video) - Brent Baude",id:"mac-os-volume-mounts---2840-in-video---brent-baude",level:3},{value:"Podman pod create - What happens when all containers stop... - (37:12 in the video) - Dan Walsh",id:"podman-pod-create---what-happens-when-all-containers-stop---3712-in-the-video---dan-walsh",level:3},{value:"Open discussion (45:50 in video)",id:"open-discussion-4550-in-video",level:4},{value:"Next Meeting: Thursday April 21, 2022 11:00 a.m. EDT (UTC-5)",id:"next-meeting-thursday-april-21-2022-1100-am-edt-utc-5",level:3},{value:"Next Community Meeting: Tuesday April 5, 2022 11:00 a.m. EDT (UTC-5)",id:"next-community-meeting-tuesday-april-5-2022-1100-am-edt-utc-5",level:3},{value:"Possible Topics:",id:"possible-topics",level:3}],Pn={toc:Cn},xn="wrapper";function Dn(e){let{components:t,...n}=e;return(0,me.kt)(xn,(0,K.Z)({},Pn,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-cabal-meeting-notes"},"Podman Community Cabal Meeting Notes"),(0,me.kt)("p",null,"Attendees: Tom Sweeney, Aditya Rajan, Matt Heon, Brent Baude, Ashley Cui, Chris Evich, Giuseppe Scrivano, Nalin Dahyabhai, Paul Holzinger, Anders Bj\xf6rklund, Dan Walsh, Valentin Rothberg, Jhon Honce, Miloslav Trma\u010d, Charlie Doern, Lokesh Mandvekar, Eduardo Santiago, Christian Felder, Flavian Missi, Lance Lovette, Martin Jackson, Oleg Bulatov, Preethi Thomas"),(0,me.kt)("h2",{id:"march-17-2022-1100-am-eastern"},"March 17, 2022 11:00 a.m. Eastern"),(0,me.kt)("h2",{id:"march-17-2022-topics"},"March 17, 2022 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"/etc/hosts in containers - Paul Holzinger"),(0,me.kt)("li",{parentName:"ol"},"Mac OS Volume Mounts - Brent Baude"),(0,me.kt)("li",{parentName:"ol"},"Podman pod create - Exit when containers exit? - Dan Walsh")),(0,me.kt)("h3",{id:"meeting-notes"},"Meeting Notes"),(0,me.kt)("p",null,"Video ",(0,me.kt)("a",{parentName:"p",href:"https://youtu.be/wvENxqMjuLI"},"Recording")),(0,me.kt)("p",null,"Meeting start 11:02 a.m. Thursday March 17, 2022"),(0,me.kt)("h3",{id:"etchosts-in-containers---130-in-video---paul-holzinger"},"/etc/hosts in containers - (1:30 in video) - Paul Holzinger"),(0,me.kt)("p",null,"We don't currently support network connect/disonnect with /etc/host getting updated."),(0,me.kt)("p",null,"If we generate an /etc/hosts in the container, we use the entries from the host if there are none in the container."),(0,me.kt)("p",null,"For slirp4netns we use the contaienr host name."),(0,me.kt)("p",null,"When we have several entries for the bridge network case, should we use the first, or all, or somehow pick/choose? Matt thinks we should use all that don't have duplicates. If we encounter a duplicate, we should take the first one found and ignore the rest. So a user entry should trump all, and the rest should be in priority order."),(0,me.kt)("p",null,"For pods, you must add an entry for each container. When the container is stopped, it has to remove this entry."),(0,me.kt)("p",null,"Make sure hosts.containers.internal is only added. Matt asked if we could do something other than 127.0.0.1 for the localhost value. Paul noted that's not the behavior some people expect. So Paul thinks we could use the public IP of the container."),(0,me.kt)("p",null,"Dan noted that some people want a no-host option, in which case we'll use the values found in the image."),(0,me.kt)("p",null,"There's a potential information leak if we use the entries from the hosts /etc/hosts in the container as we'd add the host\u2019s IP to the containers version of the file."),(0,me.kt)("p",null,"We should allow users to disable host.containers.internal in the containers.conf."),(0,me.kt)("p",null,"The problem Lance is running into is he's running many containers in the network. He's hoping to configure the /etc/hosts in the container at run time rather than build time. He wants to ensure that each container has a different IP for the same first name. So the /etc/hosts should be different per container."),(0,me.kt)("p",null,"He'd like a way to have a different /etc/hosts file per container. Issue on ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/aardvark-dns/issues/82"},"GitHub"),"."),(0,me.kt)("p",null,"Lance is seeing containers sharing the info. We do that for containers in a shared network namespace or containers in a Pod."),(0,me.kt)("h3",{id:"mac-os-volume-mounts---2840-in-video---brent-baude"},"Mac OS Volume Mounts - (28:40 in video) - Brent Baude"),(0,me.kt)("p",null,"Brent is working with Anders, and they're trying to get their heads around the feature. Currently, if you need to add one, you need to remove your machine and add it, which is not optimal."),(0,me.kt)("p",null,"One thought was to add the user\u2019s mount in macOS, so there'd be a direct path. Like $HOME to $HOME. This is what Docker is doing and Anders thinks this is what people expect. It also allows for other mounts to be used. You may need to reboot, but you don't have to delete the user."),(0,me.kt)("p",null,"It should be configurable in containers.conf so people can change it as wanted."),(0,me.kt)("p",null,"This should be in Podman v4.1 if things go right."),(0,me.kt)("p",null,"Lima is doing read-only by default. Dan thinks we should add a ",(0,me.kt)("inlineCode",{parentName:"p"},":ro")," option that can be added to allow this functionality."),(0,me.kt)("h3",{id:"podman-pod-create---what-happens-when-all-containers-stop---3712-in-the-video---dan-walsh"},"Podman pod create - What happens when all containers stop... - (37:12 in the video) - Dan Walsh"),(0,me.kt)("p",null,"An issue came up this week where someone was running a pod and when what they thought was the primary container exited, the pod continued running, and they didn't expect that. Dan would like to see an option that would tell Podman what to do when a container exits that is running inside of a pod."),(0,me.kt)("p",null,"There are three possible options:"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Ignore - the container exit (current default), the pod keeps running."),(0,me.kt)("li",{parentName:"ol"},"Close - if any container exits, then the pod exits"),(0,me.kt)("li",{parentName:"ol"},"Restart - if the container exits, the pod would restart it. Similar to systemd. It should be overrideable per container.")),(0,me.kt)("p",null,"Dan would like comments/thoughts? A thought that the restart policy might not work in systemd. Valentin thinks that if the last container exits, then the pod should as well."),(0,me.kt)("p",null,"Matt thinks we don't need the option, rather, we should just stop the pod when the last container stops, as Valentin noted. We currently have the restart option for a container, so if someone wanted to ensure the pod stayed up, they could use that restart option."),(0,me.kt)("p",null,"Valentin thinks we need to allow a pod to start without containers and then add containers to it. So we shouldn't stop the pod if it hasn't had a container inside of it."),(0,me.kt)("p",null,"On further reflection, Dan thinks the ignore might not be a useful case. Dan thinks if we change the default to keep the pod up unless there are no longer any containers within, then we won't need to add the options. Cleanup would need to change to verify that there aren't any containers running, and if not, then kill the pod."),(0,me.kt)("p",null,"Lance has noted catatonit orphans and wonders if this might be related. Will post a bug if he can ID a pattern."),(0,me.kt)("h4",{id:"open-discussion-4550-in-video"},"Open discussion (45:50 in video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Podman v4.0 updates. - Brent Baude\nPodman v4.0 has been going well, especially given the new content. We are now focusing on things that need to be added. A number of CI, memory, and other internal to the build systems things to add in the near term. That will be good as we'll be able to work on bugs as they arise. The Red Hat team has a bug list max, and we just hit that, so we'll be focusing on that over the next week or two."),(0,me.kt)("p",{parentName:"li"},"For features, work is ongoing for cosign. Jhon will be working on Homebrew improvements. Urvashi is working on a YAML to Kubernetes integration. Matt is working on Docker compose v2. So far, that's going very well. Also, a number of blog posts."),(0,me.kt)("p",{parentName:"li"},"The new features mentioned will be in v4.1 and v4.2. Podman v4.1 will be out roughly in late April 2022."),(0,me.kt)("p",{parentName:"li"},"Virtio-fs is being worked on with qemu, which should then be useable on Planet 9 and mac. This will allow multiple UIDs to be used on a Mac once complete. That's probably a longer-term project."),(0,me.kt)("p",{parentName:"li"},"Work is ongoing within Red Hat for a Desktop](",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/desktop"},"https://github.com/containers/desktop"),")"))),(0,me.kt)("h3",{id:"next-meeting-thursday-april-21-2022-1100-am-edt-utc-5"},"Next Meeting: Thursday April 21, 2022 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h3",{id:"next-community-meeting-tuesday-april-5-2022-1100-am-edt-utc-5"},"Next Community Meeting: Tuesday April 5, 2022 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h3",{id:"possible-topics"},"Possible Topics:"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"None")),(0,me.kt)("p",null,"Meeting finished 11:56"),(0,me.kt)("p",null,"Raw Meeting Chat:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"\nDaniel Walsh\n10:57 AM\nhttps://www.redhat.com/sysadmin/podman-transfer-container-images-without-registry\nYou\n11:00 AM\nhttps://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nLance Lovette\n11:22 AM\nhttps://github.com/containers/aardvark-dns/issues/82\nAshley Cui\n11:54 AM\nhttps://github.com/containers/desktop\n")))}Dn.isMDXComponent=!0;const Bn={},En="Podman Community Cabal Meeting Notes",Wn=[{value:"July 21, 2022 11:00 a.m. Eastern",id:"july-21-2022-1100-am-eastern",level:2},{value:"July 21, 2022 Topics",id:"july-21-2022-topics",level:2},{value:"Meeting Notes",id:"meeting-notes",level:3},{value:"Man Page Clean Up - (1:12 in video) - Ed Santiago",id:"man-page-clean-up---112-in-video---ed-santiago",level:3},{value:"Podman Desktop Update - (11:12 in video) - Stevan Le Meur && Florent Benoit",id:"podman-desktop-update---1112-in-video---stevan-le-meur--florent-benoit",level:3},{value:"crun Update - Dan Walsh and Giuseppe Scrivano (18:55 in video)",id:"crun-update---dan-walsh-and-giuseppe-scrivano-1855-in-video",level:3},{value:"Open discussion (29:18 in video)",id:"open-discussion-2918-in-video",level:4},{value:"Next Meeting: Thursday August 18, 2022 11:00 a.m. EDT (UTC-5)",id:"next-meeting-thursday-august-18-2022-1100-am-edt-utc-5",level:3},{value:"August 18, 2022 Topics",id:"august-18-2022-topics",level:2},{value:"Next Community Meeting: Tuesday August 2, 2022 11:00 a.m. EDT (UTC-5)",id:"next-community-meeting-tuesday-august-2-2022-1100-am-edt-utc-5",level:3},{value:"Possible Topics:",id:"possible-topics",level:3}],jn={toc:Wn},Ln="wrapper";function Hn(e){let{components:t,...n}=e;return(0,me.kt)(Ln,(0,K.Z)({},jn,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-cabal-meeting-notes"},"Podman Community Cabal Meeting Notes"),(0,me.kt)("p",null,"Attendees: Matt Heon, Nalin Dahyabhai, Paul Holzinger, Karthik Elango, Charlie Doern, Lokesh Mandvekar, Niall Crowe, Dan Walsh, Valentin Rothberg, Miloslav Trmac, Mohan Bodu, Florent Benoit, Stevan Le Meur, Eduardo Santiago, Giuseppe Scrivano, Aditya Rajan, Urvashi Mohnani, Preethi Thomas, Jake Correnti, Ashley Cui"),(0,me.kt)("h2",{id:"july-21-2022-1100-am-eastern"},"July 21, 2022 11:00 a.m. Eastern"),(0,me.kt)("h2",{id:"july-21-2022-topics"},"July 21, 2022 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Man Page Clean Up - Ed Santiago"),(0,me.kt)("li",{parentName:"ol"},"An update on Podman Desktop - Stevan Le Meur && Florent Benoit"),(0,me.kt)("li",{parentName:"ol"},"Possible Topics: new OCI Runtimes? WASM for example. Also Podman support for zstd and gzip format at the same time.")),(0,me.kt)("h3",{id:"meeting-notes"},"Meeting Notes"),(0,me.kt)("p",null,"Video ",(0,me.kt)("a",{parentName:"p",href:"https://youtu.be/aV6RYlF9Ocs"},"Recording")),(0,me.kt)("p",null,"Meeting start 11:02 a.m. Thursday July 21, 2022"),(0,me.kt)("h3",{id:"man-page-clean-up---112-in-video---ed-santiago"},"Man Page Clean Up - (1:12 in video) - Ed Santiago"),(0,me.kt)("p",null,"Ed has found a number of duplicate pages in the man pages. Has considered moving them from md format to rst. Ed is asking for help. Does anyone want to convert to rst? Or are there other options?"),(0,me.kt)("p",null,"Currently there's a way to changes a small number of md to md.in files. Can we leverage that? Some of the interesting challenge with this is we leverage ReadTheDocs to publish the man pages automatically. Further investigation is needed in this space. If we can just use the md.in files and get those into the ReadTheDocs, that might be doable. The thing that needs to be checked if the pages would disappear from the GitHub site."),(0,me.kt)("p",null,"So more looking needs to be done in how GitHub handles the markdown resolution. Dan thinks we should go forward with the change. This will allow coders to do an update in one place for an option that is used by more than one command."),(0,me.kt)("h3",{id:"podman-desktop-update---1112-in-video---stevan-le-meur--florent-benoit"},"Podman Desktop Update - (11:12 in video) - Stevan Le Meur && Florent Benoit"),(0,me.kt)("p",null,"0.0.5 Released:"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Onboarding sequence (to initialize and/or start podman machine)"),(0,me.kt)("li",{parentName:"ul"},"Revamp UI for containers, images"),(0,me.kt)("li",{parentName:"ul"},"Windows: Installation of podman + update of podman"),(0,me.kt)("li",{parentName:"ul"},"Proxies for linux/macos but not yet windows (will work with Podman 4.2)"),(0,me.kt)("li",{parentName:"ul"},"Help page")),(0,me.kt)("p",null,"Early Adopter Program: Accessible from ",(0,me.kt)("a",{parentName:"p",href:"https://podman-desktop.io/"},"podman-desktop.io")),(0,me.kt)("p",null,"Stevan showed how the new search functionality is working on the desktop. Help system allows one to contact the developers with questions."),(0,me.kt)("p",null,"For Windows, they are waiting for Podman v4.2 due to proxy issues on Windows. More work underway, and looking for contributors."),(0,me.kt)("p",null,"They are asking users to join the early adopter program, which is linked from the top of the web page. They especially would like to find users for the program, not just developers."),(0,me.kt)("h3",{id:"crun-update---dan-walsh-and-giuseppe-scrivano-1855-in-video"},"crun Update - Dan Walsh and Giuseppe Scrivano (18:55 in video)"),(0,me.kt)("p",null,"Latest crun ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/crun/releases/tag/1.5"},"release"),", has changes for Wasmedge 0.10 support. This is not shipped by default. Free to try it out right now, and they're looking for users to test with. They hope to find people to play with this functionality. This will help to enhance the oci runtimes so you could run different runtimes more easily, such as Wasm. Possibly this could be used for Java or Javascript. The next version of crun in Fedora will have this subpackage, but it won't be enabled. Need to get packages for Wasm into Fedora yet. Krun, similar to Kata containers with full KVM separataion. It's lighter and missing features that Kata has. Should be able to do ",(0,me.kt)("inlineCode",{parentName:"p"},"podman --run krun")," to enable. Lokesh and Dan talked aobut the packaging for krun and Podman. Dan thinks we'll have a number of packages over time. For more ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/crun/blob/main/docs/wasm-wasi-example.md"},"information")),(0,me.kt)("h4",{id:"open-discussion-2918-in-video"},"Open discussion (29:18 in video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Pushing both images on podman push. This comes into play when you're pushing partial images. If we move to this, which uses zstd instead of gzip, it could potentialy break Docker and other container engine compatibility. The thought is to give users a number of conversion formats that could be used when pushing images. This may require two images to be pushed at the same time. Likely a containers.conf setting to select compression algorithm or to allow multiple pushes at once. Valentin had thought that when selecting an image from a manifest or an oci index, many clients pick the first one. So existing clients would cointinue to work. If we want to do the cstandard search, we'd have to traverse the full list first. Very early design discussions are going on. He expects cost to be minimal as traversing the manifest list is much smaller than the images on the repository. So gzip would still be in play to keep other container engines happy, but newer versions could start pushing this new zstd format. Once we have a prototype, this will be opened up to OCI for further review. We could then create PR's in other container engines such as Docker. No current design document, but one will be added to the discussion section for Podman on GitHub")),(0,me.kt)("h3",{id:"next-meeting-thursday-august-18-2022-1100-am-edt-utc-5"},"Next Meeting: Thursday August 18, 2022 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h2",{id:"august-18-2022-topics"},"August 18, 2022 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"None Discussed")),(0,me.kt)("h3",{id:"next-community-meeting-tuesday-august-2-2022-1100-am-edt-utc-5"},"Next Community Meeting: Tuesday August 2, 2022 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h3",{id:"possible-topics"},"Possible Topics:"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"None discussed")),(0,me.kt)("p",null,"Meeting finished 11:45 a.m."),(0,me.kt)("p",null,"Raw Meeting Chat:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"You11:01 AM\nhttps://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nEd Santiago11:03 AM\nhttps://github.com/containers/podman/pull/14931\nAditya Rajan11:21 AM\nhttps://github.com/containers/crun/releases/tag/1.5\nAditya Rajan11:31 AM\nhttps://github.com/containers/crun/blob/main/docs/wasm-wasi-example.md\nPreethi Thomas11:43 AM\nlol\nvoluntell\n")))}Hn.isMDXComponent=!0;const Rn={},Jn="Podman Community Meeting Notes",On=[{value:"December 6, 2022 11:00 a.m. Eastern (UTC-5)",id:"december-6-2022-1100-am-eastern-utc-5",level:2},{value:"Attendees (16 total)",id:"attendees-16-total",level:3},{value:"Meeting Start: 11:02 a.m. EST",id:"meeting-start-1102-am-est",level:2},{value:"BlueJeans Recording",id:"bluejeans-recording",level:3},{value:"MinIO Demo",id:"minio-demo",level:2},{value:"Will Dinyes - MinIO",id:"will-dinyes---minio",level:3},{value:"(1:12 in the video)",id:"112-in-the-video",level:4},{value:"Slides",id:"slides",level:4},{value:"Demo (7:18 in the video)",id:"demo-718-in-the-video",level:4},{value:"Embedding inside an AutoSD Image",id:"embedding-inside-an-autosd-image",level:2},{value:"Ygal Blum - Red Hat",id:"ygal-blum---red-hat",level:3},{value:"(16:26 in the video)",id:"1626-in-the-video",level:4},{value:"Slides",id:"slides-1",level:4},{value:"Demo (22:45 in the video)",id:"demo-2245-in-the-video",level:4},{value:"Open Forum/Questions?",id:"open-forumquestions",level:2},{value:"(33:34 in the video)",id:"3334-in-the-video",level:4},{value:"Topics for Next Meeting",id:"topics-for-next-meeting",level:2},{value:"Next Meeting: Tuesday February 7, 2022, 11:00 a.m. Eastern (UTC-5)",id:"next-meeting-tuesday-february-7-2022-1100-am-eastern-utc-5",level:2},{value:"Next Cabal Meeting: Thursday December 15, 2022, 11:00 a.m. Eastern (UTC-5)",id:"next-cabal-meeting-thursday-december-15-2022-1100-am-eastern-utc-5",level:2},{value:"Meeting End: 11:46 a.m. Eastern (UTC-5)",id:"meeting-end-1146-am-eastern-utc-5",level:3},{value:"BlueJeans Chat copy/paste:",id:"bluejeans-chat-copypaste",level:2}],Fn={toc:On},Gn="wrapper";function Un(e){let{components:t,...a}=e;return(0,me.kt)(Gn,(0,K.Z)({},Fn,a,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-meeting-notes"},"Podman Community Meeting Notes"),(0,me.kt)("h2",{id:"december-6-2022-1100-am-eastern-utc-5"},"December 6, 2022 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h3",{id:"attendees-16-total"},"Attendees (16 total)"),(0,me.kt)("p",null,"Tom Sweeney, Will Dinyes, Ygal Blum, Chris Evich, Ashley Cui, Paul Holzinger, Nalin Dahyabhai, Giuseppe Scrivano, Preethi Thomas, Matt Heon, Miloslav Trmac, Urvashi Mohnani, Mohan Bodu, Ed Santiago, Martin Jackson, Lance L, Florent Benoit, Brent Baude"),(0,me.kt)("h2",{id:"meeting-start-1102-am-est"},"Meeting Start: 11:02 a.m. EST"),(0,me.kt)("h3",{id:"bluejeans-recording"},"BlueJeans ",(0,me.kt)("a",{parentName:"h3",href:"https://www.youtube.com/watch?v=GZNazm39wEo"},"Recording")),(0,me.kt)("h2",{id:"minio-demo"},"MinIO Demo"),(0,me.kt)("h3",{id:"will-dinyes---minio"},"Will Dinyes - MinIO"),(0,me.kt)("h4",{id:"112-in-the-video"},"(1:12 in the video)"),(0,me.kt)("h4",{id:"slides"},(0,me.kt)("a",{target:"_blank",href:n(1976).Z},"Slides")),(0,me.kt)("p",null,"MinIO\u2019s Interest in Podman is to have a platform to run test cases for their courses."),(0,me.kt)("p",null,"MinIO is an S3 compatible API, the de facto standard for Object storage"),(0,me.kt)("p",null,"MinIO includes Single Sign On, Object Locking, Encryption & Tamper-proof, Lambda Compute, Protects against code and bit rot protection, and Server Side Bucket Replication."),(0,me.kt)("p",null,"It's a small server and can be installed just about anywhere."),(0,me.kt)("p",null,"Lots of use cases.\nBig Data/Machine Learning\nHDFS replacements\nHigh-Performance Data lake/warehouse infrastructure\nCloud Native applications"),(0,me.kt)("p",null,"You can move your data without being locked into a particular platform."),(0,me.kt)("p",null,"He uses Podman and MinIO for the development environment and for quick stand-ups. MinIO is open-source and free to use. He can containerize MinIO for even further portability."),(0,me.kt)("h4",{id:"demo-718-in-the-video"},"Demo (7:18 in the video)"),(0,me.kt)("p",null,"Ran Podman on a Mac. MinIO needs to attach to actual storage. He ran 'podman machine init -v /tmp/data:/Minio/data' followed by 'podman machine start'"),(0,me.kt)("p",null,"He can now change the data in MinIO after running a large ",(0,me.kt)("inlineCode",{parentName:"p"},"podman run")," command."),(0,me.kt)("p",null,"It pulled down an image from quay.io, and it brought up the MinIO console. It showed data for his content that he was using elsewhere. All very easily and quickly."),(0,me.kt)("p",null,"Runs on less than 100 MB and can be easily migrated to the cloud."),(0,me.kt)("p",null,"Potential use cases? Could it be used for a backup situation? Yes, it fits this scenario well for S3 backups. If S3 is being used already, MinIO can actually be dropped in as a replacement. You can then back up to any cloud that you want."),(0,me.kt)("h2",{id:"embedding-inside-an-autosd-image"},"Embedding inside an AutoSD Image"),(0,me.kt)("h3",{id:"ygal-blum---red-hat"},"Ygal Blum - Red Hat"),(0,me.kt)("h4",{id:"1626-in-the-video"},"(16:26 in the video)"),(0,me.kt)("h4",{id:"slides-1"},(0,me.kt)("a",{target:"_blank",href:n(8064).Z},"Slides")),(0,me.kt)("p",null,'Taking "Build once RUn anywhere to the Edge"\nWorks on the Ecosystem Engineering and works on Red Hat team looking to envision how to run containers on automobiles.'),(0,me.kt)("p",null,"Build Once, Run Anywhere\nCoined by Sun Microsystems\nAbility to write Java code once and run it anywhere\nExpanded by the use of Container Images"),(0,me.kt)("p",null,"Two Base Elements\nContainer Image\nRunning Instructions"),(0,me.kt)("p",null,"The instructions format may vary:\nCommand line arguments\nDocker-Compose file\nKubernetes YAML"),(0,me.kt)("p",null,"Using ",(0,me.kt)("inlineCode",{parentName:"p"},"podman kube play"),", users can reuse K8S YAML file"),(0,me.kt)("p",null,"Podman is daemonless, who will monitor the container when it stops? systemd is use. Tools like ",(0,me.kt)("inlineCode",{parentName:"p"},"podman generate systemd"),', soon "Quadlet" to facilitate this.'),(0,me.kt)("p",null,"OSBuild is a tool for composing O/S images, it allows embedding files and enabling of services in the image. You can compose an image for an edge device using it."),(0,me.kt)("h4",{id:"demo-2245-in-the-video"},"Demo (22:45 in the video)"),(0,me.kt)("p",null,"Showed simulation for the engine and radio. When the engine goes in reverse, the volume decreased for the radio. The volume goes up on acceleration, and then up/down on channel changes."),(0,me.kt)("p",null,"Applied a yaml file to an openshift cluster. Created a volume and an application, then applied the engine and radio using their yaml files."),(0,me.kt)("p",null,"It shows an easy way to run Podman or Kubernetes using the same YAML file."),(0,me.kt)("p",null,"The ",(0,me.kt)("inlineCode",{parentName:"p"},"podman kube play")," command will ignore things it doesn't understand and works well with using/running things in the Kurbernetes space."),(0,me.kt)("p",null,"He used that command to get the engine, radio up in Podman, with the same messages shown. So you can reuse Kubernetes Yaml in Podman, which is especially helpful in a test environment when you don't want to use up a lot of CPU time/space."),(0,me.kt)("h2",{id:"open-forumquestions"},"Open Forum/Questions?"),(0,me.kt)("h4",{id:"3334-in-the-video"},"(33:34 in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Quadlet will that be in Podman? Yes, in Podman v4.4, and set for RHEL 8.8/9.2 is current plans but still under consideration. Martin has been looking at quadlet lately and has been impressed by it so far.")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"blog.podman.io - new blog site that was demo'd, including a couple of new articles. Lot's of link tidying up to do, and need to port older blogs.")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Matt noted that Podman v4.3 is done now. Podman v4.4 RC in mid to late January 2023."))),(0,me.kt)("h2",{id:"topics-for-next-meeting"},"Topics for Next Meeting"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"None suggested")),(0,me.kt)("h2",{id:"next-meeting-tuesday-february-7-2022-1100-am-eastern-utc-5"},"Next Meeting: Tuesday February 7, 2022, 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h2",{id:"next-cabal-meeting-thursday-december-15-2022-1100-am-eastern-utc-5"},"Next Cabal Meeting: Thursday December 15, 2022, 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h3",{id:"meeting-end-1146-am-eastern-utc-5"},"Meeting End: 11:46 a.m. Eastern (UTC-5)"),(0,me.kt)("h2",{id:"bluejeans-chat-copypaste"},"BlueJeans Chat copy/paste:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Brent Baude11:39 AM\nhttps://blog.podman.io/\n")))}Un.isMDXComponent=!0;const Yn={},zn="Podman Community Meeting Notes",qn=[{value:"April 4, 2023 11:00 a.m. Eastern (UTC-5)",id:"april-4-2023-1100-am-eastern-utc-5",level:2},{value:"Attendees (17 total)",id:"attendees-17-total",level:3},{value:"Meeting Start: 11:03 a.m. EST",id:"meeting-start-1103-am-est",level:2},{value:"Video Recording",id:"video-recording",level:3},{value:"Netavark Plugins",id:"netavark-plugins",level:2},{value:"Paul Holzinger",id:"paul-holzinger",level:3},{value:"(1:30 in the video)",id:"130-in-the-video",level:4},{value:"Demo (1:45 in the video)",id:"demo-145-in-the-video",level:4},{value:"Podman Machine OS Demo",id:"podman-machine-os-demo",level:2},{value:"Ashley Cui",id:"ashley-cui",level:3},{value:"(9:07 in the video)",id:"907-in-the-video",level:4},{value:"Demo - (9:14 in the video)",id:"demo---914-in-the-video",level:3},{value:"Podman Database Update",id:"podman-database-update",level:2},{value:"Matt Heon",id:"matt-heon",level:3},{value:"(19:18 in the video)",id:"1918-in-the-video",level:4},{value:"Open Forum/Questions?",id:"open-forumquestions",level:2},{value:"(23:45 in the video)",id:"2345-in-the-video",level:4},{value:"Topics for Next Meeting",id:"topics-for-next-meeting",level:2},{value:"Next Meeting: Tuesday, June 6, 2023, 11:00 a.m. Eastern (UTC-4)",id:"next-meeting-tuesday-june-6-2023-1100-am-eastern-utc-4",level:2},{value:"Next Cabal Meeting: Thursday, April 20, 2023, 11:00 a.m. Eastern (UTC-4)",id:"next-cabal-meeting-thursday-april-20-2023-1100-am-eastern-utc-4",level:2},{value:"Meeting End: 11:33 a.m. Eastern (UTC-4)",id:"meeting-end-1133-am-eastern-utc-4",level:3},{value:"Google Meet Chat copy/paste:",id:"google-meet-chat-copypaste",level:2},{value:"Raw Google Meet Transcription",id:"raw-google-meet-transcription",level:2}],Vn={toc:qn},Kn="wrapper";function Zn(e){let{components:t,...n}=e;return(0,me.kt)(Kn,(0,K.Z)({},Vn,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-meeting-notes"},"Podman Community Meeting Notes"),(0,me.kt)("h2",{id:"april-4-2023-1100-am-eastern-utc-5"},"April 4, 2023 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h3",{id:"attendees-17-total"},"Attendees (17 total)"),(0,me.kt)("p",null,"Ashley Cui, Brent Baude, Christopher Evich, Daniel Walsh, Ed Haynes, Ed Santiago Munoz, fpoirotte, Giuseppe Scrivano, Jake Correnti, Mark Russell, Matt Heon, Mohan Boddu, Nalin Dahyabhai, Paul Holzinger, Tom Sweeney, Urvashi Mohnani, Valentin Rothberg"),(0,me.kt)("h2",{id:"meeting-start-1103-am-est"},"Meeting Start: 11:03 a.m. EST"),(0,me.kt)("h3",{id:"video-recording"},"Video ",(0,me.kt)("a",{parentName:"h3",href:"https://youtu.be/B1OynYGBHz8"},"Recording")),(0,me.kt)("h2",{id:"netavark-plugins"},"Netavark Plugins"),(0,me.kt)("h3",{id:"paul-holzinger"},"Paul Holzinger"),(0,me.kt)("h4",{id:"130-in-the-video"},"(1:30 in the video)"),(0,me.kt)("h4",{id:"demo-145-in-the-video"},"Demo (1:45 in the video)"),(0,me.kt)("p",null,"The next Netavark will introduce plug-in support for the network. Paul showed a Rust plugin and ran through the code. He copied it to /usr/local/netavark. Now when he does podman info, it shows the plugin. He then did ",(0,me.kt)("inlineCode",{parentName:"p"},"podman network create --driver host-device-plugin --interface-name test1 test1"),", and it created the ",(0,me.kt)("inlineCode",{parentName:"p"},"test1")," network."),(0,me.kt)("p",null,"You can code what you want, and he's provided a simple Rust interface. To use, you need to define a create and teardown function in your plugin."),(0,me.kt)("p",null,"You can then do a ",(0,me.kt)("inlineCode",{parentName:"p"},"podman network inspect test1")," to show the characteristics of the plugin."),(0,me.kt)("p",null,"The goal is to allow CNI plugins to be modified into Netavark plugins using this ability in the future."),(0,me.kt)("h2",{id:"podman-machine-os-demo"},"Podman Machine OS Demo"),(0,me.kt)("h3",{id:"ashley-cui"},"Ashley Cui"),(0,me.kt)("h4",{id:"907-in-the-video"},"(9:07 in the video)"),(0,me.kt)("p",null,"A new suite of commands in ",(0,me.kt)("inlineCode",{parentName:"p"},"podman machine")," lets you build a container image and add packages into your VM on the Mac."),(0,me.kt)("h3",{id:"demo---914-in-the-video"},"Demo - (9:14 in the video)"),(0,me.kt)("p",null,"She created a machine. Then showed a Containerfile with RHCOS to build an image using a regular ",(0,me.kt)("inlineCode",{parentName:"p"},"podman build")," command."),(0,me.kt)("p",null,"She then used apply from the image to the machine, and it bumped the Podman version on the machine, which took effect after the machine was rebooted."),(0,me.kt)("p",null,"Useful for folks that want to try different versions of Podman in the machine, especially useful for testing. You only need to know about Containerfile information, rather than the VM's interfaces."),(0,me.kt)("p",null,"It supports pulling the images from anywhere. So you could push an image to a registry, then multiple users could pull the image and get the same image at each one.."),(0,me.kt)("p",null,"Brent thought of two use cases. One to run the latest Podman in the machine, great for development. Also useful for non-native arch builds in the machine."),(0,me.kt)("p",null,"Matt asked about OS reversion and whether updates would happen automatically. Ashley said it should, but she's still testing the scenarios."),(0,me.kt)("h2",{id:"podman-database-update"},"Podman Database Update"),(0,me.kt)("h3",{id:"matt-heon"},"Matt Heon"),(0,me.kt)("h4",{id:"1918-in-the-video"},"(19:18 in the video)"),(0,me.kt)("p",null,"An update that should be invisible, but just as a heads up. The database system is currently BoltDB and we thought it did what we needed. However, a number of data corruption issues with BoltDB have arisen lately, and not a lot of support from the providers."),(0,me.kt)("p",null,"The Podman team decided that it was no longer safe to use BoltDB, nor support it. So a new SQLlite interface is being used. In Podman v4.5, it will be available for use, but will not be the default. Likely that in Podman v4.6 it will be the default."),(0,me.kt)("p",null,"We expect better stability, better performance, especially in large reads of images."),(0,me.kt)("p",null,"Most people won't care about this for the near future. We will announce BoltDB deprecation and then provide scripts to change over later on."),(0,me.kt)("h2",{id:"open-forumquestions"},"Open Forum/Questions?"),(0,me.kt)("h4",{id:"2345-in-the-video"},"(23:45 in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"When is Podman v4.5 coming out?\nIdealy late next week, RC1 came out yesterday, and the final version late next week with a couple of RCs before the final.")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Next version of Podman in RHEL will be Podman v4.6 in RHEL 8.9/9.3. Podman v4.4.1 will be in RHEL 8.8/9.2."))),(0,me.kt)("h2",{id:"topics-for-next-meeting"},"Topics for Next Meeting"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Quadlet demo."),(0,me.kt)("li",{parentName:"ol"},"Podman v4.5 Demo - Matt"),(0,me.kt)("li",{parentName:"ol"},"QM quadlet - Dan"),(0,me.kt)("li",{parentName:"ol"},"Podman Desktop v1.0 - Stevan Le Meur")),(0,me.kt)("h2",{id:"next-meeting-tuesday-june-6-2023-1100-am-eastern-utc-4"},"Next Meeting: Tuesday, June 6, 2023, 11:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h2",{id:"next-cabal-meeting-thursday-april-20-2023-1100-am-eastern-utc-4"},"Next Cabal Meeting: Thursday, April 20, 2023, 11:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h3",{id:"meeting-end-1133-am-eastern-utc-4"},"Meeting End: 11:33 a.m. Eastern (UTC-4)"),(0,me.kt)("h2",{id:"google-meet-chat-copypaste"},"Google Meet Chat copy/paste:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"https://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\nYou11:04\u202fAM\nIf you have not signed in, please do so in hackmd: https://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\nBrent Baude11:10\u202fAM\nthis is awesome\nPaul Holzinger11:12\u202fAM\nnetavark plugins PR: https://github.com/containers/netavark/pull/509\nneeds someone to review and merge :)\nMatt Heon11:13\u202fAM\nI'm on it. After lunch at least.\n")),(0,me.kt)("h2",{id:"raw-google-meet-transcription"},"Raw Google Meet Transcription"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"ieq-pxhy-jbh (2023-04-04 11:02 GMT-4) - Transcript\nAttendees\nAshley Cui, Brent Baude, Christopher Evich, Daniel Walsh, Ed Haynes, Ed Santiago Munoz, fpoirotte, Giuseppe Scrivano, Jake Correnti, Mark Russell, Matt Heon, Mohan Boddu, Nalin Dahyabhai, Paul Holzinger, Tom Sweeney, Urvashi Mohnani, Valentin Rothberg\nTranscript\nThis editable transcript was computer generated and might contain errors. People can also change the text after it was created.\nTom Sweeney: Hello everybody. Welcome to the Clubman community meeting today is Tuesday, April 4, 2023. Just as a reminder, we are. We have this meeting every other month on the even numbered months, we talked about all things podman or containers with any kind of demo or discussions along those lines. Topics are driven by people sending me stuff for me asking people or people coming along and or sometimes within our groups being asked to set something here. And again, anything for pop, man, build a Scorpio or any of their Well, probably be helpful if I actually shared my screen as well.\nTom Sweeney: Build our Scorpio and related projects, I'll be taking meeting notes today within the hack. MD, If you see something that put in that's incorrect or you want to add a link or something to that, please feel free to do so. And then for today, we will be talking about net of our plugins with Paul Holzinger. Then Ashley Q, Ashley will be doing a five man, machine OS demonstration for us. And then that will be talking about podman updates for to the database that we're working on right now coming out soon. And then we'll be talking about topics for next meeting And/or. Any open discussions that you want to have So, with all that, I'm going to stop presenting and I'm going to hand it over to Paul.\nPaul Holzinger: Okay. I am going to share the screen.\nPaul Holzinger: so, none of our plugins is for a way to Manage certain extra wishes which you want in your network setup. So with C&i where you could customize a lot, you could write your own plugins and network only supported Bridge. Make VLAN and no IPV then.\nPaul Holzinger: that's, That's good, but not enough for some users. So, with the next version we gonna introduce plug-in support and network, And I'm going to show very quick. I have a small example. Written in. Rust.\nPaul Holzinger: It's so the concept is pretty simple, you're plugging can create a network config. Then it needs to do. set up, which is just, Like, set up would be. Creating an interface in a container namespace and connecting it to the host. And you can do pretty much what you want. That's whatever you call. And tear down should pretty much. Be the inverse of setup. So we moved in the face again. And yeah, that's that's pretty much it. That I can. I can link to PR afterwards where there's a documentation holder. And convict chase and looks and how it works. Pretty much. And with that, I have a simple.\nPaul Holzinger: Simple plugin here. Host device plugin. I Copied to the. User local like never Mark directory, which can be configured and containers.com. And now, if I have to. Portman info. I should see. On the network that it detected. The plugin here. and that means I should be able to do a simple portman network create Driver. And then host device plugin. And the host device. Plugin is example, is just very simple one that Most host interface into the container, and if you stop the container, we move the interface back to the host.\nPaul Holzinger: And that there's a new option. I will editor in something.\nPaul Holzinger: Interface Name and I create already created an interface like on my host. I have a test one. And then I give a network name. Also test one so I can show the interface. Just one. And if, you know, run a container, Apartment run. Network test One. Alpine. And take a look. Test one must moved in. And if I show again, it's back. So if I Run this in the background pretty quick. Just to show that. It was really moved 10 seconds. Let's see the interface is gone.\n00:05:00\nPaul Holzinger: If we made this moment,\nPaul Holzinger: no, no I'm just yeah now the container stopped it's big so,\nPaul Holzinger: Let's just a very simple example. You can. Code, whatever you want in there. And I provided a simple rust interface. To automatically take care of. the so it's a it's a external binary you have A sub command for create, for setup for teardown. And if you use the Small rust binding. It will take care of the setup and stuff and then you just Let me see if I can increase the size. Yes.\nPaul Holzinger: like the that's the pretty much what you need in your plugin and you import You import the trade? And then, you must define. a create function, a setup function, which gets the like the path for the network and Yeah, this settings like the third like the network config I can. it's You get order in for you, you can put in a network config and do whatever you're like. So if you do the\nPaul Holzinger: Network inspect.\nPaul Holzinger: So this kind of information your your plugin sees as well. And then you can decide what you want to do. And if you use the - subnet option and stuff, you have the top nets in here like like you are used to, if you Inspect, the normal network, like you have all all the information. And with that, I'm done if there are any questions, please ask them now. Or later.\nDaniel Walsh: You see people modifying CNI plugins to work with us? The goal.\nPaul Holzinger: That's that's the goal. So because we are gonna deprecate, CNI at like remove it. At some point, we are going to remove the roof to the support and to have a way for some people who are currently having their own custom work. They need to Adapt to to this new one or use a standard driver or there are many ways to set up network of even without that you can use a custom network namespace path. But with this it's pretty simple because the setup and teardown is is built into portman right in into the container life cycle with all having to manage anything as\nPaul Holzinger: and advantage to the scene icon and instead I integrated the support into Portman network Create as well. So you know we've seen eye plugins custom stuff, you need to manage your CONFIGS on there and place it in the right direction. With that, you're just network create and\nPaul Holzinger: Hey, Google.\nDaniel Walsh: Very nice.\nTom Sweeney: Any other questions?\nTom Sweeney: Right, thanks Paul. Look great. Ashley Potman Machine West, demo\nAshley Cui: Yeah, I'm gonna share my screen. I demo this already and the container plumbing days but I'm going to show it again for those who aren't that conference but basically we have a new command in podmachine called Padme Machine OS, apply or It's a suite of commands applies. The only one in there at the current moment but what it allows you to do is Ontrador Cora Space Systems which is the default OS for Padre, Machine on Mac and Linux it allows you to take a container image and\nAshley Cui: Add packages based on or build a container image from like a container file and an ad packages into your VM, through rpmos tree,\u2026\nTom Sweeney: Off.\nAshley Cui: which is the package manager for Fedora chorus. So I'm just going to play my demo over here. So I'm going to start a\u2026\n00:10:00\nTom Sweeney: because,\nAshley Cui: where I'm going to make a new podman machine and parts of these. Are sped up for four times sake but it's all like yeah. Anyway,\nAshley Cui: And then I'm going to start the machine that I just created so this is just like kind of your vanilla machine. Nothing special inside of it, just your default pond machine. And then, so I'm going to check the podman version and outside the machine. Is the server is, or the server inside the machine is 441, and then the client outside the machine is 4.5. And then. So now I have this container file, it's kind of a standard container file from, but it has Fedora Cross as the base image and what what I'm doing is I'm running rpmos tree and updating containers or podman and it's friends to the most latest upstream version on main and also removing a bunch of stuff. um, and so I'm going to use this container file and build an image.\nAshley Cui: And also tag it correctly. I assume\nAshley Cui: and then, so it's gonna this is just a standard podman build like there's nothing special in a regular podium builds command\nAshley Cui: And so now we have this image that we just built. in our, Local storage.\nAshley Cui: And then again, checking the cloud inversion inside the VM, it's 441 outside, it's 4.5. And now I'm going to do a pod machine osupply to the and specify the image that I just built and it should apply it to the default POD machine. You can use if your pottery machine is, you know, name something else. You can use that as a second argument and it will apply it to that machine. And then I for Is to take effect, you have to reboot your machine.\nAshley Cui: And then now if you take a look at diversion inside of the VM, the pod machine, it's upgraded to 4.5 dev so you can see. So this feature is like particularly useful for people who want to experiment with different packages and versions of podium inside the the pod inside the machine. So I guess like For example, like the desktop team uses this or can use this if they want the latest upstream version of podman inside of their pod machine to like, tests and stuff. And again like it allows users to customize the machine in a familiar way so you don't have to go and build new VMs and learn like VM tooling you can you can use what you know which is like container files and building images in order to customize and put whatever you need inside of the VM.\nAshley Cui: By by just building images and using problems, you know, a supply. So that's that's basically the demo if anybody has any questions.\nDaniel Walsh: Showed you updated from container storage inside of the machine. That was So could it could I call could I do that with a registry?\nAshley Cui: Yes.\nAshley Cui: Yes. So it supports anything that like podcast supports it, anything that like Scopia supports, you can pull it from a registry, you can pull it from local. You can do a bunch of stuff. Yeah.\nDaniel Walsh: So if I if I was a company I wanted to do this I could push to a right. I could push it update to a registry and then every one of my users on all the different machines automatically. Do they have do that machine update from a registry and everybody would get the same version. Correct.\nAshley Cui: Yes, absolutely. Yeah.\nDaniel Walsh: Cool.\nBrent Baude: I'll just add that. I think there were two use cases in mind. When we went through this design, and Ashley showed the one where we can run the Latest pod man inside the machine, which is great for development and testing. The other one we've had in in mind is the folks that are wanting to do various multi-arch, or non-native arts. Builds or runs or testing, where they need some commute package to be on there. Which does not come as a default. So this is a easy way to plop those on real quick and be able to do whatever it is. You you had in mind.\n00:15:00\nDaniel Walsh: so, two weeks from now with new Core or West comes out. And gets updated what happens? Then\nBrent Baude: What?\nDaniel Walsh: We have to rerun the apply is. Rebuilt with rebuild. And then do we really apply, right?\nBrent Baude: Are you wanting to revert or\u2026\nDaniel Walsh: now, I'm just saying so I've added I guess there's an example.\nBrent Baude: do you want to get done?\nDaniel Walsh: There's a question out on One of the issues, someone wanted installed QM user. You know, that's 390 and\u2026\nBrent Baude: Yep.\nDaniel Walsh: so they install it, they go through this procedure, they install it. And we're running for OS 37 and 37.1 comes out. Now they want to update,\u2026\nBrent Baude: Sure.\nDaniel Walsh: they're gonna have to go through this procedure again to\nBrent Baude: If they no longer require the 390 packages, they could just simply take, take the update. or they could just execute a rebuild, which would in the container file would have from you\u2026\nDaniel Walsh: Okay.\nBrent Baude: with latest which would mean the new version that the door chorus just made, so then A simple rebuild would be enough to do it and and ideally users would be doing a stop of CI. Type things or off of github actions. Where if a repo changes, it would just automatically build and that way they consume, and then it wouldn't be on the user's shoulders to do that manual. Work.\nMatt Heon: Question. If I were to decide to switch back from my custom OS supply, to say Standard F cost, the stable train, does that put me back on automatic updates or am I going to have to do something to get back on automatically updating?\nAshley Cui: So I'm working on the current OS revert. The way that it works right now is it should I put you back on automatic updates? Because I think the automatic update driver is called like Syncotti and that if it detects that you're on a regular stream of fedora, then it should automatically update from what I've seen. Not 100% sure, but from my testing, but it just depends on like what your base was before I believe.\nTom Sweeney: Any other questions for Ashley?\nBrent Baude: This is going to end when you the one of the things that takes a little getting used to here is we'd very much have had a feeder in Fedora chorus. But now this pivot you have to think of your OS as a container image. And then those all those things we've learned about being an image, maintenance applies,\nTom Sweeney: Pretty. I'm hearing anything else at this point, so I think I'm going to turn it over to Matt for the podman database update.\nMatt Heon: All right, so this is in updates on some internal things on podman that you should not have to care about but unfortunately, you may have to with the coming future. Uh, so podman has a back-end database and if you're just upon an user not developer you probably have no knowledge of this because it's used purely for internal things. We used to store the state of containers and figuration containers, things like that. Um and this was previously in something called Bolt DB, which is a native glen better database, very simple and we thought that it did everything we needed. However, over the last year, so we've become aware of an increasing number of reports of data corruption with both dB to the poor. I wouldn't call it common, but if you are to shut your computer down on expectantly, while Bolt is doing something, there is apparently a fairly good chance that you're going to end up with an unusual database.\n00:20:00\nMatt Heon: Which means all your containers are gone, basically, requires complete recreate. So we've been looking into this for a while now and we came to the conclusion that it was not really safe to continue using Bull TB. It was unmaintained, there was basically no error handling. There was no path to data recovery and it didn't seem like it would be reasonably possible to create or to fix it rather. So that it did not corrupt itself. So we have investigated alternative database solutions and we now have an alternative database driver written up that uses SQLite instead. So right now, this is just gonna be a tech preview thing that is going to come out with the next partner and release Pod Man. Four, five of the next couple weeks and it's not going to be default for now it's just for people who want to opt into testing it at some point in the future. Probably Paul man for six we're going to see about making it the default for new installations.\nMatt Heon: existing insulations, will continue to use both DB And at some point in the further off future, we will investigate removing multi-b completely. And basically, having only SQLite and again, primary things you can expect from this transition. One stability Pod, man will stop eating its own database in cases of unexpected power loss. That's obviously, plus two performance in some operations, especially read operations. If you have large wise of containers and you're doing something like a podman PS, you can expect a significant performance boost. And three long term stability, we feel that SQLite has a much more vibrant and large community than volt dB does and as such there's a lot more potential future growth there in terms of performance, in terms of stability.\nMatt Heon: Potentially features but we're probably not using those. It's going to be a very simple database driver still. So generally speaking, you probably should not have to care about this for this foreseeable future, but at some point in the future, we are going to be announcing a the deprecation and removable DB And when we do that, we will have steps for you to take to get on the new SQLite driver if you haven't already and you probably won't have to. Because again, new installations will be switched over to SQLite. Won't before that And that is a general summary of what to expect with our move to seek lights. Why we're doing it? What to expect\nTom Sweeney: like,\nMatt Heon: Any questions?\nTom Sweeney: Very quiet bunch today.\nTom Sweeney: Right, I'm not hearing any questions for that. So I think we'll do is go on to the open form and questions that just ask. Are there any general questions or comments that you want to make?\nDaniel Walsh: I'll guess I'll ask a question that I potentially know the answer to One is pardman Ford, our five coming out.\nMatt Heon: Ideally next week late next week, we have rc1 just came out yesterday.\nTom Sweeney: Five.\nMatt Heon: I'm expecting an rc2 later this week potentially an rc3 early. Next week. If we feel, we need it and then a final late next week.\nDaniel Walsh: Okay, and I guess the other question would be what versions are gonna be showing up in the next version of Rella?\nMatt Heon: What are five will not be one of those. We're expecting our next major. Drop into Rel /. Centos stream is going to be for six, which will probably be more of a late summer type of time frame.\nDaniel Walsh: So, I, I would follow that. So right now, apartment 4.4 that one, I think, is that, right? Tom is gonna be in real 902 in Raleigh.8.\nDaniel Walsh: As I asked loaded questions.\n00:25:00\nMatt Heon: Yeah, we're expecting a 4.6 in nine three and eight nine, I believe. And yeah. Generally speaking, we're going to continue on the same sort of cadence, we had before retargeting for ish, releases per year pot man. And two of those will end up in Ralph from here on out.\nTom Sweeney: And whatever. It's worth the 441, which will be in podman 8892 will be released. sometime in early May\nTom Sweeney: and then the fourth sixth version will be able to sometime in January. I want to say no February. Getting dates.\nDaniel Walsh: Hey.\nTom Sweeney: Yeah, did somebody popping? but the question,\nTom Sweeney: Or comment.\nTom Sweeney: Okay. Also, while we're here, anybody have any Topics Suggestions For the next meeting in June 6, we have one for a quadlet demo already.\nMatt Heon: Will probe that would not be a bad time to show off podman 4-5. We're still firming some things up right now. So we couldn't really don't want today but we should have a good summary of what's in four or five by the next meeting.\nTom Sweeney: But anybody else or any other questions otherwise we're going to quite a bit early today but that's not a bad thing.\nTom Sweeney: Okay, then we'll just I'll just remind for the next meetings. We are having a meeting on Tuesday, June 6th for the Quad Man community meeting which again is the demo, kind of meetings, and our next cabal meeting for the community will be on Thursday, April 20th, which is two weeks from this Thursday, I believe. And those meetings are used mostly for design. Kind of work for plugin or any technical discussions related to the to the code base. Pretty much. And we're always happy to have comments or suggestions or topics for other. One of those, please be afraid to send me an email directly or put stuff up in the discuss discussion forums that we have on Github for providing. And unless anybody has anything else I'm going to End the recording.\nTom Sweeney: Okay, recordings done. Anybody wants anything off offline other than Hi? Jake. Good to see you again.\nJake Correnti: Everyone's good to see you.\nDaniel Walsh: Hey, Jake. And yeah at that time Tom I probably do a QM, the qmse Linux thing that I've done internally so I can do that for the next. To explain how we're using Quad LED Auto.\nTom Sweeney: For the next demo or for the community meeting. Okay.\nDaniel Walsh: Yeah. Next next community meeting\nTom Sweeney: That.\nDaniel Walsh: and hopefully, we can get an update from five main desktop at that point since they'll be just about to go 1.0 What's the date of that?\nTom Sweeney: Not know, actually, do you know?\nAshley Cui: Many 22nd.\nDaniel Walsh: What's the date of the next cabal? I mean, the next Emma.\nTom Sweeney: Yeah, well, the next ball is April 20th. The next community meeting is June 6th.\nDaniel Walsh: Yeah, so we could have them fell just release 1.0 so he probably should have them back into a demonstration.\nTom Sweeney: I'll check with stuff on.\nTom Sweeney: Right. I'm gonna Close up the meeting. I'm not hearing anything else, folks. Enjoy your lunch dinner breakfast. Whatever. Take care.\nEd Santiago Munoz: Let's work everybody.\nMohan Boddu: Thank you.\nMeeting ended after 00:30:00 \ud83d\udc4b\n")))}Zn.isMDXComponent=!0;const Qn={},_n="Podman Community Meeting",Xn=[{value:"February 2, 2021 11:00 a.m. Eastern (UTC-5)",id:"february-2-2021-1100-am-eastern-utc-5",level:2},{value:"Attendees (49 total)",id:"attendees-49-total",level:3},{value:"Meeting Start: 11:03 a.m.",id:"meeting-start-1103-am",level:2},{value:"BlueJeans Recording",id:"bluejeans-recording",level:3},{value:"Podman v3.0 Overview",id:"podman-v30-overview",level:2},{value:"Matt Heon",id:"matt-heon",level:3},{value:"(1:50 in the video)",id:"150-in-the-video",level:4},{value:"Breaking changes.",id:"breaking-changes",level:4},{value:"Demo",id:"demo",level:4},{value:"Podman with Docker Compose Demo",id:"podman-with-docker-compose-demo",level:2},{value:"Brent Baude",id:"brent-baude",level:3},{value:"(11:20 in the video)",id:"1120-in-the-video",level:4},{value:"Misc Demos",id:"misc-demos",level:2},{value:"Tom Sweeney",id:"tom-sweeney",level:3},{value:"(18:10 in the video)",id:"1810-in-the-video",level:4},{value:"GitHub Discussions",id:"github-discussions",level:2},{value:"Questions?",id:"questions",level:2},{value:"(24:50 in the video)",id:"2450-in-the-video",level:4},{value:"Topics for Next Meeting",id:"topics-for-next-meeting",level:2},{value:"Next Meeting: Tuesday March 2, 2021, 11:00 a.m. Eastern (UTC-5)",id:"next-meeting-tuesday-march-2-2021-1100-am-eastern-utc-5",level:2},{value:"Meeting End: 11:51 a.m. Eastern (UTC-5)",id:"meeting-end-1151-am-eastern-utc-5",level:3},{value:"BlueJeans Chat copy/paste:",id:"bluejeans-chat-copypaste",level:2}],$n={toc:Xn},ea="wrapper";function ta(e){let{components:t,...n}=e;return(0,me.kt)(ea,(0,K.Z)({},$n,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-meeting"},"Podman Community Meeting"),(0,me.kt)("h2",{id:"february-2-2021-1100-am-eastern-utc-5"},"February 2, 2021 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h3",{id:"attendees-49-total"},"Attendees (49 total)"),(0,me.kt)("p",null,"Tom Sweeney, Brent Baude, Jhon Honce, Dan Walsh, Chris Evich, Lokesh Mandvekar, Urvashi Mohnani, Nalin Dahyabhai, Eduardo Santiago, Valentin Rothberg, Giuseppe Scrivano, Miloslav Trmac, Parker Van Roy, Preethi Thomas, JJ Asghar, Hendrik Haddorp, Dan Walsh, Eric The IT Guy, Ashley Cui, Greg Shomo, Lee Whitty, Anders Bj\xf6rklund, Jacob Lindgren, Christian Felder, Alex Litvak, Paul Holzinger, Rodrique Heron"),(0,me.kt)("h2",{id:"meeting-start-1103-am"},"Meeting Start: 11:03 a.m."),(0,me.kt)("h3",{id:"bluejeans-recording"},"BlueJeans ",(0,me.kt)("a",{parentName:"h3",href:"https://bluejeans.com/s/UNt8jSU7IH2"},"Recording")),(0,me.kt)("h2",{id:"podman-v30-overview"},"Podman v3.0 Overview"),(0,me.kt)("h3",{id:"matt-heon"},"Matt Heon"),(0,me.kt)("h4",{id:"150-in-the-video"},"(1:50 in the video)"),(0,me.kt)("p",null,"Podman 3.0 will be the largest ever. Expecting an RC3 later this week, 3.0 final by Wednesday of next week. Docker Compose support is a large one, along with podman rename. Copy support for remote clieantadded for copying in and out of containers using the http API. A number of network changes added by Paul Holzinger such as network reload, network ls, network create, and more. Networks now have ID's and labels. Podman checkpoint now supports with previous and checkpoint. Full details ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/blob/main/RELEASE_NOTES.md"},"here"),"."),(0,me.kt)("h4",{id:"breaking-changes"},"Breaking changes."),(0,me.kt)("p",null,"Shortnames for CI now prompts for which image you want by default. This is only on a TTY, will not break any scripts. A security feature. In the future if shortnames are set to strict in Podman, scripts will break too, but you will be able set an alias. More info ",(0,me.kt)("a",{parentName:"p",href:"https://www.redhat.com/sysadmin/container-image-short-names"},"here"),"."),(0,me.kt)("p",null,"The podman load command no longer accepts a NAME","[:TAG]",", this was incompatible with Docker prior."),(0,me.kt)("p",null,"The legacy Varlink API has been removed."),(0,me.kt)("h4",{id:"demo"},"Demo"),(0,me.kt)("p",null,"Matt started the demo (8:00 in the video):"),(0,me.kt)("p",null,"Showed how to rename a container. The functionality works on rootful and rootless."),(0,me.kt)("p",null,"Release notes for v3.0:",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/blob/main/RELEASE_NOTES.md"},"here")),(0,me.kt)("h2",{id:"podman-with-docker-compose-demo"},"Podman with Docker Compose Demo"),(0,me.kt)("h3",{id:"brent-baude"},"Brent Baude"),(0,me.kt)("h4",{id:"1120-in-the-video"},"(11:20 in the video)"),(0,me.kt)("p",null,'A number of folks told us they had not moved to Podman from Docker due to a lack of "podman compose".'),(0,me.kt)("p",null,"Docker-compose is a tool that talks to the docker.sock or podman.sock talking Docker API"),(0,me.kt)("p",null,"Podman-compose is a wrapper around podman that translates docker-compose yaml files into podman commands."),(0,me.kt)("p",null,"Now Docker-compose will just talk to podman.sock now."),(0,me.kt)("p",null,"Brent did demo (13:42 in the video):"),(0,me.kt)("p",null,"Using a yaml from Docker directly."),(0,me.kt)("p",null,'"Not terribly exciting, it just does what it does."'),(0,me.kt)("p",null,"We've had requests for Docker compoese and changes. The initial goal is to make it work rootful with Podman. it does so now. We've had requests for rootless which is feasible, but more work is necessary. It is only rootful for v3.0."),(0,me.kt)("p",null,"Docker Compose articles:"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("a",{parentName:"li",href:"https://www.redhat.com/sysadmin/podman-docker-compose"},"https://www.redhat.com/sysadmin/podman-docker-compose")),(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("a",{parentName:"li",href:"https://www.redhat.com/sysadmin/compose-kubernetes-podman"},"https://www.redhat.com/sysadmin/compose-kubernetes-podman"))),(0,me.kt)("p",null,"That second article is where Podman is heading."),(0,me.kt)("h2",{id:"misc-demos"},"Misc Demos"),(0,me.kt)("h3",{id:"tom-sweeney"},"Tom Sweeney"),(0,me.kt)("h4",{id:"1810-in-the-video"},"(18:10 in the video)"),(0,me.kt)("p",null,"Tom ran a demo to show some small new addtions that might have been lost in the shuffle. He showed the new ",(0,me.kt)("inlineCode",{parentName:"p"},"--from")," and ",(0,me.kt)("inlineCode",{parentName:"p"},"--stdin")," options for the ",(0,me.kt)("inlineCode",{parentName:"p"},"buildah bud")," and ",(0,me.kt)("inlineCode",{parentName:"p"},"podman build")," commands, plus the new ",(0,me.kt)("inlineCode",{parentName:"p"},"--list-tags")," option for the ",(0,me.kt)("inlineCode",{parentName:"p"},"podman search")," command."),(0,me.kt)("p",null,"Demo Started (18:30 in the video)"),(0,me.kt)("h2",{id:"github-discussions"},"GitHub Discussions"),(0,me.kt)("p",null,"Podman has turned on the GitHub Discussions platform for the use of the community. Ask any questions you want there, make announcements of interest, or just drop in and say hi! It's under the \"Discussions\" link on the top of Podman's GitHub page, or directly at: ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/discussions"},"https://github.com/containers/podman/discussions")),(0,me.kt)("h2",{id:"questions"},"Questions?"),(0,me.kt)("h4",{id:"2450-in-the-video"},"(24:50 in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"When will v3.0 be available. Next week upstream, should be available in Fedora shortly after that. Hoping to have it in Ubuntu or Debian a bet after that. Centos streams soon after we release and in RHEL 8.4 which is scheduled sometime at the end of May."),(0,me.kt)("p",{parentName:"li"},"Goal is to make things seamless as possible.")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Red Hat team is working on stabilization changes in the next few weeks. Focus on Mac developments. We think we're feature complete with Docker with the Podman v3.0 release. Work going on for refactoring Podman to hopefully decrease the size of the Podman library. Work continues on getting along with Kubernetest")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Static binaries will be added for v3.0, as there have been some breakage with the nixpackage. Chris has just added a fix for the nix issue.")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Containers Plumbing Conferene coming up in March, March 9 and 10 for four hours each day. Sign up here: ",(0,me.kt)("a",{parentName:"p",href:"https://containerplumbing.org/"},"https://containerplumbing.org/"))),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Difference between Podman Compose and Docker Compose. Podman compose was written by the community which Dan believes was used to wrap docker yaml files and translate them to direct Podman commands.")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Can you elaborate on the issue with renaming infra-containers ? Matt did something quickly and it has some limitations that will be removed in v3.1. But should work fine for v3.0.")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"New Podman discussions on GitHub: ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/discussions"},"https://github.com/containers/podman/discussions"))),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Journald support. We thought it was working fine with k8s file system. Should be fixed completey in v3.1.")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Brent asked for any missing features that have not been added to GitHub. Anders talked about next generation of boot2docker/boot2podman (and docker-machine/podman-machine), see ",(0,me.kt)("a",{parentName:"p",href:"https://boot2podman.github.io/"},"https://boot2podman.github.io/")," for details.")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Dan pointed out that we've moved our default run time library from runc to crun. We should still support both."))),(0,me.kt)("h2",{id:"topics-for-next-meeting"},"Topics for Next Meeting"),(0,me.kt)("h2",{id:"next-meeting-tuesday-march-2-2021-1100-am-eastern-utc-5"},"Next Meeting: Tuesday March 2, 2021, 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("p",null,"Setting goal to make April meeting in the evening East Coast, 8 to 10 pm."),(0,me.kt)("h3",{id:"meeting-end-1151-am-eastern-utc-5"},"Meeting End: 11:51 a.m. Eastern (UTC-5)"),(0,me.kt)("h2",{id:"bluejeans-chat-copypaste"},"BlueJeans Chat copy/paste:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"SETTINGS\nEVERYONEDIRECT MESSAGES\nMe10:47 AM\nPlease Sign in using the meeting notes and/or add questions at the end for the Q&A\nhttps://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\nRodrique Heron11:00 AM\nwill this be recorded?\nawesome\nValentin Rothberg11:09 AM\nMore on short-name aliasing here: https://www.redhat.com/sysadmin/container-image-short-names\nChristian Felder11:12 AM\ndoes podman rename work with rootless as well?\nthanks\nMatt Heon11:13 AM\nFYI, release notes for 3.0 live at https://github.com/containers/podman/blob/main/RELEASE_NOTES.md\nExpect a few more bugfixes to trickle in before final release\nEdward Haynes11:13 AM\nis it called Podman Compose?\nDaniel (rhatdan) Walsh11:13 AM\nNo that is a different thing.\nEdward Haynes11:13 AM\nok\nDaniel (rhatdan) Walsh11:14 AM\nDocker-compose is a tool that talks to the docker.sock or podman.sock talking Docker API\nPodman-compose is a wrapper around podman that translates docker-compose yaml files into podman commands.\nEdward Haynes11:14 AM\nSo Docker-compose will just talk to podman.sock now\nDaniel (rhatdan) Walsh11:14 AM\nyes\nEdward Haynes11:14 AM\ngotcha\nDaniel (rhatdan) Walsh11:15 AM\nAs well as docker-py.\nJacob Lindgren11:18 AM\nboring is good!\nScott McCarty11:18 AM\nVery nice!\nEdward Haynes11:18 AM\nWe don't want things TOO boring or we'd all be out of a job\nBrent Baude11:22 AM\nre: docker-compose, here are a couple of articles ...\nhttps://www.redhat.com/sysadmin/podman-docker-compose\nhttps://www.redhat.com/sysadmin/compose-kubernetes-podman\nthe latter is really a glimpse into where Podman is heading.\nJacob Lindgren11:23 AM\noh i like this. I used skopeo inspect for this before.\nBrent Baude11:25 AM\ncool, i missed tht one dan/tom\nGShomo (Northeastern)11:27 AM\nwhich distribution/releases can expect to see podman-3.0 ?\nMatt Heon11:28 AM\n@GShomo Fedora should see it quickly. We actually disabled autobuilds for Ubuntu/Debian/CentOS in OBS, though\nWe will reenable them once we have verified the release is stable\nOBS doesn't have a real process for verifying the builds are functional so we sometimes end up shipping broken packages\nAnd we'd like to avoid this\nLokesh Mandvekar11:31 AM\n@gshomo: if you can spare some resources, newer packages will be available quicker on the testing project. See: https://podman.io/getting-started/installation#installing-development-versions-of-podman\nChristian Felder11:35 AM\non our own OBS appliance we've two projects, stable and testing, and we first build in testing and our CI does something once the package has been built in testing, at the moment for our rpm packages just installing them... But basically you could run several steps afterwards in your CI if you want to ingetrate OBS into your release pipeline\nValentin Rothberg11:36 AM\nhttps://containerplumbing.org/\nGShomo (Northeastern)11:36 AM\ncan you elaborate on the issue with renaming infra-containers ?\nAnders Bj\xf6rklund11:38 AM\n\"Registration will open on February 1, 2021.\"\nMatt Heon11:40 AM\n@GShomo - I did things the quick way, instead of the right way, to get things landed in time for 3.0\nI will have this fixed for 3.1\nIt's a silly limitation from my doing things quickly :-)\nAlex Litvak11:41 AM\nwhat are the changes for journald support?\nGShomo (Northeastern)11:41 AM\nthank you !\nAlex Litvak11:44 AM\nthank you\nLudovic Cavajani11:44 AM\nThanks !\nMe11:45 AM\nFun Fact: In 1976 an LA secretary named Jannene Swift officially married a 50 pound rock in a ceremony witnessed by more than 20 people. Perhaps the first \"Pet Rock\"?\nJJ Asghar11:47 AM\nfyi: https://containerplumbing.org/register seems to say it's going to open on the 1st.... :'(\nChristian Felder11:48 AM\nI had to adjust some kernel settings in the past when I started some more containers (around 40)... - user.max_inotify_instances, fs.inotify.max_user_watches\nwould be nice to have some guidelines on that settings, although this might be not a podman only issiue...\nDevin Parrish11:49 AM\nThanks!\nJames Cassell11:49 AM\nwhere do we find recordings of this and past meetings?\n(Tom Sweeney responded verbally, podman.io under https://podman.io/community/meeting/. A link on each set of notes.)\nChristian Felder11:49 AM\nOk. I'll open an issue\nThanks\nJames Cassell11:50 AM\nthanks\nLokesh Mandvekar11:50 AM\nChristian Felder: RE: OBS, I'll be working on a change which will allow building debian packages from the rpm spec files, (thanks to Neal Gompa) ..maybe migrate that to upstream repos as well\n")))}ta.isMDXComponent=!0;const na={},aa="Podman Community Cabal Meeting",oa=[{value:"July 15, 2021 10:00 a.m. Eastern (UTC-4)",id:"july-15-2021-1000-am-eastern-utc-4",level:2},{value:"Attendees (24 total)",id:"attendees-24-total",level:3},{value:"Meeting Start: 10:05 a.m.",id:"meeting-start-1005-am",level:2},{value:"Video Recording (You'll need to request access to view, we'll try to change that for the next meeting.)",id:"video-recording-youll-need-to-request-access-to-view-well-try-to-change-that-for-the-next-meeting",level:3},{value:"Copy an image from container storage to another container storage",id:"copy-an-image-from-container-storage-to-another-container-storage",level:3},{value:"(9:50 in the video)",id:"950-in-the-video",level:4},{value:"New Features for podman play kube",id:"new-features-for-podman-play-kube",level:3},{value:"(27:25 in the video)",id:"2725-in-the-video",level:4},{value:"Discussion with Training Team",id:"discussion-with-training-team",level:3},{value:"(44:45 in the video)",id:"4445-in-the-video",level:4},{value:"Open discussion",id:"open-discussion",level:3},{value:"(48:55 in the video)",id:"4855-in-the-video",level:4},{value:"Next Meeting: Thursday August 19, 2021 10:00 a.m. EDT (UTC-4)",id:"next-meeting-thursday-august-19-2021-1000-am-edt-utc-4",level:3},{value:"Meeting End: 10:56 a.m. Eastern (UTC-4)",id:"meeting-end-1056-am-eastern-utc-4",level:3}],ia={toc:oa},sa="wrapper";function ra(e){let{components:t,...n}=e;return(0,me.kt)(sa,(0,K.Z)({},ia,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-cabal-meeting"},"Podman Community Cabal Meeting"),(0,me.kt)("h2",{id:"july-15-2021-1000-am-eastern-utc-4"},"July 15, 2021 10:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h3",{id:"attendees-24-total"},"Attendees (24 total)"),(0,me.kt)("p",null,"Matt Heon, Mehul Arora, Miloslav Trmac, Nalin Dahyabhai, Paul Holzinger, Pavel Sosin, Reinhard Tartier, Urvashi Mohnani, Valentin Rothberg, Tom Sweeney, Anders Bjorklund, Ashley Cui, Brent Baude, Charlie Doern, Chris Evich, Dan Walsh, Ed Haynes, Ed Santiago, Erik Bernoth, Lokesh Mandvekar."),(0,me.kt)("h2",{id:"meeting-start-1005-am"},"Meeting Start: 10:05 a.m."),(0,me.kt)("h3",{id:"video-recording-youll-need-to-request-access-to-view-well-try-to-change-that-for-the-next-meeting"},"Video ",(0,me.kt)("a",{parentName:"h3",href:"https://drive.google.com/file/d/1hdLMicPfI9NA_MEuGaHGtyIgw6v28Ojg/view"},"Recording")," (You'll need to request access to view, we'll try to change that for the next meeting.)"),(0,me.kt)("p",null,"Started out with general discussion of the meetings purpose going forward. We then went around and did introduction of each of the attendees."),(0,me.kt)("h3",{id:"copy-an-image-from-container-storage-to-another-container-storage"},"Copy an image from container storage to another container storage"),(0,me.kt)("h4",{id:"950-in-the-video"},"(9:50 in the video)"),(0,me.kt)("p",null,(0,me.kt)("inlineCode",{parentName:"p"},"podman image scp")," - Ed Santiago wanted an easy way to move stuff from container storage to container storage. Charlie Doern originally created a PR and after discussion, a number of options were discussed (see ",(0,me.kt)("a",{parentName:"p",href:"./Podman_Image_SCP.pdf"},"slides"),")"),(0,me.kt)("p",null,"Two thoughts are towards sticking with ",(0,me.kt)("inlineCode",{parentName:"p"},"podman image scp"),". This is doable now with bash scripting, but Dan would like it as a part of command line interface."),(0,me.kt)("p",null,"Why use \"colon colon\"? To keep it away from the ssh protocol, we're using it as a key to note it's a ssh remote call. Whereas a single colon would be looked at as a transport."),(0,me.kt)("p",null,'Erik noted he liked the feature. You don\'t need to set up registries for different users. He is concerned it might be confusing to new users. He would set aside "save" and "load" to backup types of commands.'),(0,me.kt)("p",null,"The goal is to not tranform the image, it should be exactly the same before and after. Including multi-layer images. If the target has some of the layers already in place, you might want only copy the layers that don't exist."),(0,me.kt)("p",null,'We might look at "git pull" and "git push" for possible examples.'),(0,me.kt)("p",null,"This would allow copying from one machine to another."),(0,me.kt)("p",null,'Should we use "scp" to "cp" or "copy". Anders saw a lot of bike shedding with scp versus cp in Kurbernetes. Something to consider. We started with "scp" as it does use ssh under the covers and clues the user in.'),(0,me.kt)("p",null,'Should we use "scp://" and be another transport. The problem with that is it would require another service.'),(0,me.kt)("h3",{id:"new-features-for-podman-play-kube"},"New Features for ",(0,me.kt)("inlineCode",{parentName:"h3"},"podman play kube")),(0,me.kt)("h4",{id:"2725-in-the-video"},"(27:25 in the video)"),(0,me.kt)("p",null,"The play kube command has been growing due to user command. Customers have been using yamls, find something isn't yet covered, and so we've added commands to satisfy the need."),(0,me.kt)("p",null,"It would be good to get input from the community about what futher work is needed to ",(0,me.kt)("inlineCode",{parentName:"p"},"podman play kube"),". If you have ideas, please open a discussion"),(0,me.kt)("p",null,"Dan wonders if we could look at the functionality of Docker Compose and then ingrain them into 'podman play kube'. A number of use cases have been found in yaml files used for OpenShift."),(0,me.kt)("p",null,"Looking atwo things: Be able to build similar to how Docker Compose does based on Docker files."),(0,me.kt)("p",null,"Init containers that would be run after a pod infra container. They would do init/setup jobs, then the rest of the pods would kick off. This is a standard feature in Kubernetes."),(0,me.kt)("p",null,"Any further ideas: Erik thinks this is a key feature and many are using composed. Play kube is very valuable as it moves things into kubernetes easily. We could potentially ask someone from OKD or other discussion groups."),(0,me.kt)("p",null,"Currently play kube and systemd don't play well together, so that would be a nice addition if it can. Valentin discussed the current status."),(0,me.kt)("p",null,"We currently don't have a ",(0,me.kt)("inlineCode",{parentName:"p"},"podman play kube stop"),", would that be good? Erik was asked if this would be useful. Erik thinks it would be good."),(0,me.kt)("p",null,"Podman's goal isn't to compete against Kubernetes, but to allow users to move to a single host environment."),(0,me.kt)("h3",{id:"discussion-with-training-team"},"Discussion with Training Team"),(0,me.kt)("h4",{id:"4445-in-the-video"},"(44:45 in the video)"),(0,me.kt)("p",null,"Doing training and ran into issue and couldn't debug it. Issue raised with ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/issues/10482"},"https://github.com/containers/podman/issues/10482")),(0,me.kt)("p",null,"Perhaps we could invite someone from the training team to discuss how the training can be improved/worked on. Dan thinks it might be just due to the time necessary to develop the training. May be do it in a container."),(0,me.kt)("h3",{id:"open-discussion"},"Open discussion"),(0,me.kt)("h4",{id:"4855-in-the-video"},"(48:55 in the video)"),(0,me.kt)("p",null,"Brent asked if people move on IRC to libera. Most have. Lokesh noted the IRC channel is using Matrix. ",(0,me.kt)("a",{parentName:"p",href:"https://kparal.wordpress.com/2021/06/01/connecting-to-libera-chat-through-matrix/"},"https://kparal.wordpress.com/2021/06/01/connecting-to-libera-chat-through-matrix/")),(0,me.kt)("p",null,'Cabal meetings purpose "What\'s the future of Podman" type of discussions.'),(0,me.kt)("h3",{id:"next-meeting-thursday-august-19-2021-1000-am-edt-utc-4"},"Next Meeting: Thursday August 19, 2021 10:00 a.m. EDT (UTC-4)"),(0,me.kt)("h3",{id:"meeting-end-1056-am-eastern-utc-4"},"Meeting End: 10:56 a.m. Eastern (UTC-4)"))}ra.isMDXComponent=!0;const la={},ha="Podman Community Meeting",da=[{value:"October 5, 2021 11:00 a.m. Eastern (UTC-4)",id:"october-5-2021-1100-am-eastern-utc-4",level:2},{value:"Attendees (23 total)",id:"attendees-23-total",level:3},{value:"Meeting Start: 11:03 a.m.",id:"meeting-start-1103-am",level:2},{value:"BlueJeans Recording",id:"bluejeans-recording",level:3},{value:"Podman on M1 Mac Status",id:"podman-on-m1-mac-status",level:2},{value:"Ashley Cui",id:"ashley-cui",level:3},{value:"(6:30 in the video)",id:"630-in-the-video",level:4},{value:"DIY Networking in rootless containers",id:"diy-networking-in-rootless-containers",level:2},{value:"Paul Holzinger",id:"paul-holzinger",level:3},{value:"(10:09 in the video)",id:"1009-in-the-video",level:4},{value:"Podman Security Bench",id:"podman-security-bench",level:2},{value:"Dan Walsh",id:"dan-walsh",level:3},{value:"(24:00 in the video) 27",id:"2400-in-the-video-27",level:4},{value:"Podman v3.4 Announcement",id:"podman-v34-announcement",level:2},{value:"Matt Heon",id:"matt-heon",level:3},{value:"(29:45 in the video)",id:"2945-in-the-video",level:4},{value:"Support \u2013format tables in ps output",id:"support-format-tables-in-ps-output",level:2},{value:"Jhon Honce",id:"jhon-honce",level:3},{value:"(35:40 in the video)",id:"3540-in-the-video",level:4},{value:"Podman build \u2013platform lists",id:"podman-build-platform-lists",level:2},{value:"Nalin Dahyabhai",id:"nalin-dahyabhai",level:3},{value:"(37:44 in the video)",id:"3744-in-the-video",level:4},{value:"Volume Demos",id:"volume-demos",level:2},{value:"Aditya Rajan",id:"aditya-rajan",level:3},{value:"(44:16 in the video)",id:"4416-in-the-video",level:4},{value:"Open Forum/Questions?",id:"open-forumquestions",level:2},{value:"(51:10) in the video) 55",id:"5110-in-the-video-55",level:4},{value:"Topics for Next Meeting",id:"topics-for-next-meeting",level:2},{value:"Next Meeting: Tuesday November 2, 2021, 11:00 a.m. Eastern (UTC-4)",id:"next-meeting-tuesday-november-2-2021-1100-am-eastern-utc-4",level:2},{value:"Next Cabal Meeting: Thursday October 21, 2021, 10:00 a.m. Eastern (UTC-4)",id:"next-cabal-meeting-thursday-october-21-2021-1000-am-eastern-utc-4",level:2},{value:"Meeting End: 11:59 a.m. Eastern (UTC-4)",id:"meeting-end-1159-am-eastern-utc-4",level:3},{value:"BlueJeans Chat copy/paste:",id:"bluejeans-chat-copypaste",level:2}],ua={toc:da},ma="wrapper";function ca(e){let{components:t,...n}=e;return(0,me.kt)(ma,(0,K.Z)({},ua,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-meeting"},"Podman Community Meeting"),(0,me.kt)("h2",{id:"october-5-2021-1100-am-eastern-utc-4"},"October 5, 2021 11:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h3",{id:"attendees-23-total"},"Attendees (23 total)"),(0,me.kt)("p",null,"Tom Sweeney, Jhon Honce, Dan Walsh, Chris Evich, Urvashi Mohnani, Nalin Dahyabhai, Eduardo Santiago, Matt Heon, Paul Holzinger, Erik Bernoth, Chris Evich, Scott McCarty, Anders Bj\xf6rklund, Lokesh Mandvekar, Valentin Rothberg, Guillaume Rose, Rudolf Vesely, Ashley Cui, Brent Baude, Shion Tanaka, Marcin Skarbek, Aditya Rajan, Giuseppe Scrivan, Rudolf Vesely"),(0,me.kt)("h2",{id:"meeting-start-1103-am"},"Meeting Start: 11:03 a.m."),(0,me.kt)("h3",{id:"bluejeans-recording"},"BlueJeans ",(0,me.kt)("a",{parentName:"h3",href:"https://bluejeans.com/s/X3NY6qgSlKQ"},"Recording")),(0,me.kt)("h2",{id:"podman-on-m1-mac-status"},"Podman on M1 Mac Status"),(0,me.kt)("h3",{id:"ashley-cui"},"Ashley Cui"),(0,me.kt)("h4",{id:"630-in-the-video"},"(6:30 in the video)"),(0,me.kt)("p",null,"Patch for M1 in qemu upstream, but not merged. However, it is available on homebrew at the moment. If you install qemu using homebrew, you can use Podman correctly."),(0,me.kt)("p",null,"Demo (started at 7:30)"),(0,me.kt)("p",null,"What works on an Intel Mac should now work on an M1. Now working on volumes and also trying to get a GUI together. Looking at putting together a window-bar."),(0,me.kt)("h2",{id:"diy-networking-in-rootless-containers"},"DIY Networking in rootless containers"),(0,me.kt)("h3",{id:"paul-holzinger"},"Paul Holzinger"),(0,me.kt)("h4",{id:"1009-in-the-video"},"(10:09 in the video)"),(0,me.kt)("p",null,(0,me.kt)("a",{parentName:"p",href:"https://podman.io/community/meeting/notes/2021-10-05/Podman-Rootless-Networking.pdf"},"Slides")),(0,me.kt)("p",null,"Talking rootless network without extra privileges.\nProxy into rootless is done via Slirp4netns. It uses this stack to tap into the interface in the container namespace. Supports port forwarding."),(0,me.kt)("p",null,"A few settings are used for rootless users. Can use allow_host_loopback to reach the 10.0.2.2 loopback. Off by default as it's a security hole."),(0,me.kt)("p",null,"You can also enable_ipv6 and specify the port_handler."),(0,me.kt)("p",null,"Rootless CNI networking uses an extra network namespace to execute the CNI plugins. Only works for bridge networks. Inter container communication works out of the box. The IP address assigned to the container is not reachable from the host network namespace. You need to use port forwarding."),(0,me.kt)("p",null,"DIY Networking. You can set up your own interfaces, but first, you need to create network interfaces on the host, which requires root priv. Once done, Podman can talk to them using ",(0,me.kt)("inlineCode",{parentName:"p"},"--network=none")," option with the ",(0,me.kt)("inlineCode",{parentName:"p"},"podman container init")," command."),(0,me.kt)("p",null,"Rudolf to work with Paul to update the tutorial and possibly do a demo next time."),(0,me.kt)("h2",{id:"podman-security-bench"},"Podman Security Bench"),(0,me.kt)("h3",{id:"dan-walsh"},"Dan Walsh"),(0,me.kt)("h4",{id:"2400-in-the-video-27"},"(24:00 in the video) 27"),(0,me.kt)("p",null,"Based on the security bench from Docker. Doesn't yet have all the same functionality."),(0,me.kt)("p",null,"Demo (Started at 24:54)"),(0,me.kt)("p",null,"It needs to run at root, not yet available on rootless."),(0,me.kt)("p",null,"CLI does a whole bunch of security checks. At the end, it gives you a security score. It shows where you're having trouble with each of the checks. It's now available upstream."),(0,me.kt)("p",null,"Dan would like to get it to run in rootless mode and look at containers.conf. Would love community help."),(0,me.kt)("h2",{id:"podman-v34-announcement"},"Podman v3.4 Announcement"),(0,me.kt)("h3",{id:"matt-heon"},"Matt Heon"),(0,me.kt)("h4",{id:"2945-in-the-video"},"(29:45 in the video)"),(0,me.kt)("p",null,"New 3.4 release that came out last week. We are switching focus on v4.0. Network working, pointing at January 2022 release. There will not be a 3.5.0 in between."),(0,me.kt)("p",null,"In 3.4, changes to Podman play and generate cube. Init containers are now available to run in a pod."),(0,me.kt)("p",null,"We can now build images with ",(0,me.kt)("inlineCode",{parentName:"p"},"podman play kube"),". This makes it act more like ",(0,me.kt)("inlineCode",{parentName:"p"},"docker compose"),". You can use a Containerfile to build an image with this command."),(0,me.kt)("p",null,"Yaml file can now tear down pod or pods with the ",(0,me.kt)("inlineCode",{parentName:"p"},"--down")," command, plus a number of new pod related commands. See the ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/blob/main/RELEASE_NOTES.md"},"release notes")," for more info."),(0,me.kt)("h2",{id:"support-format-tables-in-ps-output"},"Support \u2013format tables in ps output"),(0,me.kt)("h3",{id:"jhon-honce"},"Jhon Honce"),(0,me.kt)("h4",{id:"3540-in-the-video"},"(35:40 in the video)"),(0,me.kt)("p",null,"Podman uses golang tab writer and formatter for all the commands."),(0,me.kt)("p",null,"Demo (started at 36:00)"),(0,me.kt)("p",null,"Showed a number of different ways to remove headings, so you can now use table to show which fields you want."),(0,me.kt)("h2",{id:"podman-build-platform-lists"},"Podman build \u2013platform lists"),(0,me.kt)("h3",{id:"nalin-dahyabhai"},"Nalin Dahyabhai"),(0,me.kt)("h4",{id:"3744-in-the-video"},"(37:44 in the video)"),(0,me.kt)("p",null,"The ",(0,me.kt)("inlineCode",{parentName:"p"},"--platform")," option in the ",(0,me.kt)("inlineCode",{parentName:"p"},"podman build")," command to specify other platforms."),(0,me.kt)("p",null,"DEMO 37:47 in demo."),(0,me.kt)("p",null,"The ",(0,me.kt)("inlineCode",{parentName:"p"},"podman build")," command now takes multiple values for its ",(0,me.kt)("inlineCode",{parentName:"p"},"--platform")," option. The platform option lets you build for machines other than what you are currently running Podman on."),(0,me.kt)("p",null,"The ",(0,me.kt)("inlineCode",{parentName:"p"},"--manifest")," target is used too. Allow you to build a manifest list and then add the image to the list. A number of cleanups have been done on internal libraries to make this work."),(0,me.kt)("p",null,'When building multiple architectures in one build, the "STEP" output in the build will show which architecture.'),(0,me.kt)("p",null,"The ",(0,me.kt)("inlineCode",{parentName:"p"},"podman manifest list")," command will show the multiple platforms used."),(0,me.kt)("h2",{id:"volume-demos"},"Volume Demos"),(0,me.kt)("h3",{id:"aditya-rajan"},"Aditya Rajan"),(0,me.kt)("h4",{id:"4416-in-the-video"},"(44:16 in the video)"),(0,me.kt)("p",null,"Demo (Started at 44:27)"),(0,me.kt)("p",null,"First demonstrated adding an overlay over rootfs. Exported alpine and created dir for rootfs and tarred it out to a directory. So tried running with ",(0,me.kt)("inlineCode",{parentName:"p"},"--rootfs rootfs/:0")," and created a file in the container. On the host, the file is not there."),(0,me.kt)("p",null,"A new option for volumes to create overlay over Podman's volume. It created the test volume. Again made a file and found it was created on the container but not on the host due to the ",(0,me.kt)("inlineCode",{parentName:"p"},":0")," specification."),(0,me.kt)("p",null,"These are temp volumes and last only as long as the container lasts and you can't commit the data."),(0,me.kt)("h2",{id:"open-forumquestions"},"Open Forum/Questions?"),(0,me.kt)("h4",{id:"5110-in-the-video-55"},"(51:10) in the video) 55"),(0,me.kt)("p",null,"Are there any plans for an arm-on-intel/intel-on-arm for Podman machine? Not at this time, but we are willing to see if there's enough push for that. Nalin asked if you could run using a multi-platform build maybe? Brent will note it for possible futures. If the community wants to do it, we'd be happy to merge it, but not currently in the plan by the maintainers to do it themselves."),(0,me.kt)("p",null,"Will Podman support OpenZFS? Willing to take a PR."),(0,me.kt)("h2",{id:"topics-for-next-meeting"},"Topics for Next Meeting"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"DIY Networking Part II")),(0,me.kt)("h2",{id:"next-meeting-tuesday-november-2-2021-1100-am-eastern-utc-4"},"Next Meeting: Tuesday November 2, 2021, 11:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h2",{id:"next-cabal-meeting-thursday-october-21-2021-1000-am-eastern-utc-4"},"Next Cabal Meeting: Thursday October 21, 2021, 10:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h3",{id:"meeting-end-1159-am-eastern-utc-4"},"Meeting End: 11:59 a.m. Eastern (UTC-4)"),(0,me.kt)("h2",{id:"bluejeans-chat-copypaste"},"BlueJeans Chat copy/paste:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Lokesh Mandvekar10:58 AM\ned, is this the right link ?\nMe11:00 AM\nPlease sign in on the meeting notes: https://hackmd.io/fc1zraYdS0-klJ2KJcfC7w?both\nAditya11:02 AM\nwe can hear you dan\nDan Walsh11:03 AM\nGret\nGreat\nLokesh Mandvekar11:09 AM\ndo people wanna try switching to google meet if everyone's having problems?\nErik Bernoth11:10 AM\nGood idea Lokesh\nAnders Bj\xf6rklund11:11 AM\nCan you run amd64 containers on the arm64, like OOTB ?\nMatt Heon11:12 AM\nWe were discussing that, and I think the answer is not OOTB but it only requires one package to be installed\nErik Bernoth11:12 AM\nDan\u2018s screenshots seems to work. Paul, can you also try for a sec?\nAnders Bj\xf6rklund11:13 AM\nSounds good! I guess it is not related the to the VM itself, but user qemu\nMatt Heon11:15 AM\nThe perf is a little questionable, because it's nested virt, and the inner virt is also virtualizing the architecture\nBut it is definitely doable\nAnders Bj\xf6rklund11:16 AM\noh, it's like 10x slower (at least)\nbut sometimes useful\nDan Walsh11:18 AM\nPaul I can set these fields in containers.conf correct?\nAditya11:21 AM\n@tom i can go next switched to chromium\nPaul Holzinger11:27 AM\nhave to drop now, bye\nAnders Bj\xf6rklund11:46 AM\nWas there any update on volumes in podman machine ?\nbaude11:47 AM\nno updates\nAnders Bj\xf6rklund11:47 AM\n:-)\nbaude11:48 AM\nwe are making progress on the whole thing, but it is a slow march\nAnders Bj\xf6rklund11:48 AM\nlima is taking this samba detour\nMarcin Skarbek11:49 AM\nOpenZFS started working on the user/mount nanespaces support with LXC in mind, but that could be interesting in rootless context https://github.com/openzfs/zfs/pull/12263\nShion Tanaka11:54 AM\nAre there any plans for an arm-on-Intel/Intel-on-arm for the Podman machine?\nbaude11:54 AM\nno\nShion Tanaka11:54 AM\nOk, thanks\nAnders Bj\xf6rklund11:55 AM\nyou can use podman-on-fedora-on-lima, if you want to run cross-arch VM\n")))}ca.isMDXComponent=!0;const pa={},ga="Podman Community Cabal Meeting Notes",ka=[{value:"December 16, 2021 11:00 a.m. Eastern",id:"december-16-2021-1100-am-eastern",level:2},{value:"December 16, 2021 Topics",id:"december-16-2021-topics",level:2},{value:"Meeting Notes",id:"meeting-notes",level:3},{value:"Lima (0:35 in video) - Anders, Matt",id:"lima-035-in-video---anders-matt",level:3},{value:"Detect default network backend (40:40 in video) - Paul, Matt",id:"detect-default-network-backend-4040-in-video---paul-matt",level:3},{value:"Open discussion ( 50:10 in video)",id:"open-discussion--5010-in-video",level:4},{value:"Next Meeting: Thursday January 20, 2022 11:00 a.m. EDT (UTC-5)",id:"next-meeting-thursday-january-20-2022-1100-am-edt-utc-5",level:3},{value:"Possible Topics:",id:"possible-topics",level:3}],ya={toc:ka},wa="wrapper";function fa(e){let{components:t,...n}=e;return(0,me.kt)(wa,(0,K.Z)({},ya,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-cabal-meeting-notes"},"Podman Community Cabal Meeting Notes"),(0,me.kt)("p",null,"Attendees: Tom Sweeney, Aditya Rajan, Matt Heon, Brent Baude, Ashley Cui, Chris Evich, Preethi Thomas, Urvashi Mohnani, Eduardo Santiago, Giuseppe Scrivano, Nalin Dahyabhai, Paul Holzinger, Anders Bj\xf6rklund, Dan Walsh, Valentin Rothberg, Flavian Missi, Jhon Honce, Lorenzo M. Catucci, Miloslav Trmac, Scott McCarty"),(0,me.kt)("h2",{id:"december-16-2021-1100-am-eastern"},"December 16, 2021 11:00 a.m. Eastern"),(0,me.kt)("h2",{id:"december-16-2021-topics"},"December 16, 2021 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Lima - Anders, Matt"),(0,me.kt)("li",{parentName:"ol"},"How to detect default network backend (CNI or netavark) - Paul, Matt")),(0,me.kt)("h3",{id:"meeting-notes"},"Meeting Notes"),(0,me.kt)("p",null,"Video ",(0,me.kt)("a",{parentName:"p",href:"https://www.youtube.com/watch?v=f4dXfsFmDck"},"Recording")),(0,me.kt)("p",null,"Meeting start 11:02 a.m. Thursday, December 16, 2021"),(0,me.kt)("h3",{id:"lima-035-in-video---anders-matt"},"Lima (0:35 in video) - Anders, Matt"),(0,me.kt)("p",null,(0,me.kt)("a",{parentName:"p",href:"https://github.com/lima-vm/sshocker"},"Lima")),(0,me.kt)("p",null,"Podman machine is a way to launch virtual machines, mostly on OSX, to run Podman containers from. Issues with Volumes. Thinking about replacing the back end of podman machine with Lima."),(0,me.kt)("p",null,"Brent thinks it might not be a good match as there are some tech issues. For instance, he couldn't find anything related to ignition. It's a competing cloud-init tool and it doesn't play well with qemu. It also pulls in containerd code. The YAML support is tailored to containerd."),(0,me.kt)("p",null,"On the Lima project page, motivation is to promote containerd. Rancher has debranded and used Lima in the background on Mac. The big hurdle is ignition."),(0,me.kt)("p",null,"Benefits of Lima: Volumes and port forwarding. Possible to use the same solution without abandoning all of the drivers. We could potentially borrow solutions, as the backend is qemu for lima. Lima uses ssh for forwarding, so different solutions for the back end. Potentially could use Fedora in addition to CoreOS."),(0,me.kt)("p",null,"Currently, we can't use Fedora due to ignition. Cloud-init doesn't install there by default, but we could install it. Brent found it in Fedora 35, though, so it might not be there in prior versions."),(0,me.kt)("p",null,"Anders made some sample YAML files","*"," for Fedora 35. Lima works as podman machine does. The difference between Lima and podman machine now is volume support. Anders has a PR for providing sshfs volume support for podman machine."),(0,me.kt)("p",null,"*"," Examples for lima: ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/afbjorklund/fedora-lima"},"https://github.com/afbjorklund/fedora-lima")),(0,me.kt)("p",null,"To get parity with Lima/Docker in podman machine, we'd need to get Ander's ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/pull/12584"},"sshfs PR")," (and ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/pull/11454"},"virtfs PR"),") merged."),(0,me.kt)("p",null,"Dan likes the ssh solution. We might be able to do virtfs later."),(0,me.kt)("p",null,"Brent's concern with Lima is managing mounts as the containers go up and down. It might be problematic. The volume work for podman machine won't be able to use the current mount code, we need to do something in podman start."),(0,me.kt)("p",null,'We might get push back as this wouldn\'t be the Docker behavior. We are trying to make the volume handling on Mac to be as simple as possible for the end-user. Anders thinks we might be able to have an "advanced users" solution that would allow for configuration; otherwise, you\'d get a default "easy" setup. A number of possible solutions were bantered about.'),(0,me.kt)("p",null,"Big advantage, Lima can support all distros except CoreOS. Podman machine could theoretically do that via cloud-init, but an engineering effort."),(0,me.kt)("p",null,"Currently using qemu to launch machines, Lima is a layer on ssh. It is very similar to what docker machine was a while back. It doesn't support ignition. The upside is we could more easily run on Ubuntu and other distros. You might not be able to run the container on a variety of distros. Rancher nerdctl and Lima are both trying to get into this space."),(0,me.kt)("p",null,"We most likely could get volumes into podman machine than getting Lima into it. We could potentially wire Lima in later."),(0,me.kt)("p",null,"Scott talks about value creation. Would Rancher/Suse collaboration help? The other side is what the customer would get from using Lima vs. podman machine?"),(0,me.kt)("p",null,"Most of the solutions don't think sshfs is a good long-term solution but a stepping stone."),(0,me.kt)("p",null,"Dan is leaning towards doing what we're doing with sshfs. This will be at least the short term solution, will evaluate further for a longterm"),(0,me.kt)("h3",{id:"detect-default-network-backend-4040-in-video---paul-matt"},"Detect default network backend (40:40 in video) - Paul, Matt"),(0,me.kt)("p",null,"For Podman 4.0, how to detect default network backend (CNI or netavark)"),(0,me.kt)("p",null,(0,me.kt)("strong",{parentName:"p"},"Requirement:")," existing installs should continue to use CNI, new installs use netavark."),(0,me.kt)("p",null,"Working on netavark and want to install it, but with the current cni, it could cause breaking changes."),(0,me.kt)("p",null,"On the first startup, we could check for images and containers. If none, switch to netavark."),(0,me.kt)("p",null,"You can't use CNI and netavark in parallel, or things will go awry. For new or clean installs, it should be fine."),(0,me.kt)("p",null,"To switch, change the setting in network.conf to netavark. By default, it's an empty value."),(0,me.kt)("p",null,'Should we add a "nag" for people using CNI to bump up? Will we be getting bug reports on it? Matt thinks long-term, it would be good to support CNI. Matt would like to throw an error when trying to run IPv6 on CNI to let them know they\'re on netavark. We need to be careful not to overload the user with suggestions.'),(0,me.kt)("p",null,"We need to get documentation together telling folks how to convert from CNI to netavark. Probably will need some kind of reset procedure."),(0,me.kt)("h4",{id:"open-discussion--5010-in-video"},"Open discussion ( 50:10 in video)"),(0,me.kt)("p",null,"No further discussion"),(0,me.kt)("h3",{id:"next-meeting-thursday-january-20-2022-1100-am-edt-utc-5"},"Next Meeting: Thursday January 20, 2022 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h3",{id:"possible-topics"},"Possible Topics:"),(0,me.kt)("p",null,"None set."),(0,me.kt)("p",null,"Raw Meeting Chat:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"You11:00 AM\nhttps://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nYou11:03 AM\nPlease sign in: https://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nAditya Rajan11:13 AM\nhttps://github.com/qemu/qemu/blob/master/docs/specs/fw_cfg.txt\n-fw_cfg\nBrent Baude11:14 AM\n$ rpm -qa | grep cloud\nfedora-release-identity-cloud-35-33.noarch\nfedora-release-cloud-35-33.noarch\ncloud-init-20.4-7.fc35.noarch\ncloud-utils-growpart-0.31-9.fc35.noarch\nChristopher Evich11:16 AM\nya, I just double-checked too, my bad.\nAshley Cui11:20 AM\nhttps://github.com/containers/podman/pull/12584\nYou11:21 AM\nTY AC!\nAshley Cui11:21 AM\nand i guess this too: https://github.com/containers/podman/pull/11454\nValentin Rothberg11:24 AM\nbrb\nieq-pxhy-jbh\n")))}fa.isMDXComponent=!0;const ba={},va="Podman Community Meeting",Ma=[{value:"April 5, 2022 11:00 a.m. Eastern (UTC-5)",id:"april-5-2022-1100-am-eastern-utc-5",level:2},{value:"Attendees (17 total)",id:"attendees-17-total",level:3},{value:"Meeting Start: 11:02 a.m. EST",id:"meeting-start-1102-am-est",level:2},{value:"BlueJeans Recording",id:"bluejeans-recording",level:3},{value:"Docker Compose v2 and Podman v4.0.2 update",id:"docker-compose-v2-and-podman-v402-update",level:2},{value:"Matt Heon",id:"matt-heon",level:3},{value:"(1:39 in the video)",id:"139-in-the-video",level:4},{value:"Ubuntu 22.04 LTS and Stopping Kubic support",id:"ubuntu-2204-lts-and-stopping-kubic-support",level:2},{value:"Lokesh Mandvekar",id:"lokesh-mandvekar",level:3},{value:"(6:14 in the video)",id:"614-in-the-video",level:4},{value:"Podman Desktop Update",id:"podman-desktop-update",level:2},{value:"Ashley Cui",id:"ashley-cui",level:3},{value:"(14:30 in the video)",id:"1430-in-the-video",level:4},{value:"Podman Volume Mounts on Mac Demo",id:"podman-volume-mounts-on-mac-demo",level:2},{value:"Brent Baude",id:"brent-baude",level:3},{value:"(18:45 in the video)",id:"1845-in-the-video",level:4},{value:"Open Forum/Questions?",id:"open-forumquestions",level:2},{value:"(22:46 in the video)",id:"2246-in-the-video",level:4},{value:"Topics for Next Meeting",id:"topics-for-next-meeting",level:2},{value:"Next Meeting: Tuesday June 7, 2021, 11:00 a.m. Eastern (UTC-5)",id:"next-meeting-tuesday-june-7-2021-1100-am-eastern-utc-5",level:2},{value:"Next Cabal Meeting: Thursday April 21, 2021, 11:00 a.m. Eastern (UTC-5)",id:"next-cabal-meeting-thursday-april-21-2021-1100-am-eastern-utc-5",level:2},{value:"Meeting End: 11:27 a.m. Eastern (UTC-5)",id:"meeting-end-1127-am-eastern-utc-5",level:3},{value:"BlueJeans Chat copy/paste:",id:"bluejeans-chat-copypaste",level:2}],Aa={toc:Ma},Ia="wrapper";function Ta(e){let{components:t,...n}=e;return(0,me.kt)(Ia,(0,K.Z)({},Aa,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-meeting"},"Podman Community Meeting"),(0,me.kt)("h2",{id:"april-5-2022-1100-am-eastern-utc-5"},"April 5, 2022 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h3",{id:"attendees-17-total"},"Attendees (17 total)"),(0,me.kt)("p",null,"Tom Sweeney, Jhon Honce, Chris Evich, Matt Heon, Chris Evich, Ashley Cui, Eduardo Santiago, Valentin Rothberg, Paul Holzinger, Nalin Dahyabhai, Giuseppe Scrivano, Preethi Thomas, Lokesh Mandvekar, Niall Crowe"),(0,me.kt)("h2",{id:"meeting-start-1102-am-est"},"Meeting Start: 11:02 a.m. EST"),(0,me.kt)("h3",{id:"bluejeans-recording"},"BlueJeans ",(0,me.kt)("a",{parentName:"h3",href:"https://t.co/FUPhuBAE7l"},"Recording")),(0,me.kt)("h2",{id:"docker-compose-v2-and-podman-v402-update"},"Docker Compose v2 and Podman v4.0.2 update"),(0,me.kt)("h3",{id:"matt-heon"},"Matt Heon"),(0,me.kt)("h4",{id:"139-in-the-video"},"(1:39 in the video)"),(0,me.kt)("p",null,"Compose v2 just came out and will be supported in Podman v4.1 or higher. (Currently upstream). Matt shared ",(0,me.kt)("a",{parentName:"p",href:"https://asciinema.org/a/onBRxqPs9bpyvbbdeJOYXHvj5"},"Demo"),". It showed two running web servers that were brought up and then down. It was cleaned up as appropriately and Compose v2 is working rather well at this point."),(0,me.kt)("p",null,"Just released Podman 4.0.3, including a minor CVE fix. No plan for 4.0.4 yet, but we will likely go to 4.1 next. Also cutting a 3.4.5 for distributions that want to stay in Podman 3."),(0,me.kt)("h2",{id:"ubuntu-2204-lts-and-stopping-kubic-support"},"Ubuntu 22.04 LTS and Stopping Kubic support"),(0,me.kt)("h3",{id:"lokesh-mandvekar"},"Lokesh Mandvekar"),(0,me.kt)("h4",{id:"614-in-the-video"},"(6:14 in the video)"),(0,me.kt)("p",null,"First LTS release with Podman, Skopeo and Buildah in the default repositories. Podman 3.4. Buildah 1.23, and Skopeo 1.4."),(0,me.kt)("p",null,"If you're using packages from the Kubic repos, you should uninstall those before upgrading Ubuntu to 22.04 LTS and use packages from the default repositories going forward."),(0,me.kt)("p",null,"Announcement on podman.io: ",(0,me.kt)("a",{parentName:"p",href:"https://podman.io/blogs/2022/04/05/ubuntu-2204-lts-kubic.html"},"https://podman.io/blogs/2022/04/05/ubuntu-2204-lts-kubic.html")),(0,me.kt)("h2",{id:"podman-desktop-update"},"Podman Desktop Update"),(0,me.kt)("h3",{id:"ashley-cui"},"Ashley Cui"),(0,me.kt)("h4",{id:"1430-in-the-video"},"(14:30 in the video)"),(0,me.kt)("p",null,"Abandoned the UI built with swift for another UI. We're working with another group that is more web ui oriented."),(0,me.kt)("p",null,"Showed how to manage a podman machine in theory, but it is broken at the moment. You can create containers from a Dockerfile or a Containerfile or an image. Once created, the image shows in the GUI, then you can create the container from the image."),(0,me.kt)("p",null,"This GUI does a lot more than the previous. The old one worked with podman machines mostly, this one deals with images and containers too. The new GUI is also expandable, lots of work ongoing."),(0,me.kt)("p",null,"https://github/containers/Desktop is the project. Happy to have contributors."),(0,me.kt)("h2",{id:"podman-volume-mounts-on-mac-demo"},"Podman Volume Mounts on Mac Demo"),(0,me.kt)("h3",{id:"brent-baude"},"Brent Baude"),(0,me.kt)("h4",{id:"1845-in-the-video"},"(18:45 in the video)"),(0,me.kt)("p",null,"Demo"),(0,me.kt)("p",null,"Shows how to get a volume mount on a mac. He started a machine prior. The ",(0,me.kt)("inlineCode",{parentName:"p"},"-v")," option with the init command sets up the volume."),(0,me.kt)("p",null,"Many thanks to Anders Bj\xf6rklund for the work on the volumes on the mac."),(0,me.kt)("h2",{id:"open-forumquestions"},"Open Forum/Questions?"),(0,me.kt)("h4",{id:"2246-in-the-video"},"(22:46 in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"What happens with std out/in with journald? Logs, stderr and stdout in the journal? If you're running journald logging, the output doesn't get into the host journal. Could you volume map /dev/log into the container from the log to make sure it gets in the hosts journal. (10:54 in the video)")),(0,me.kt)("p",null,"Matt thinks systemd should be run into the container to help make that work. Valentin thinks you should see the output of journalctl. He's not sure if journalctl will do that by default. Further discussions to happen in Discord/IRC."),(0,me.kt)("ol",{start:2},(0,me.kt)("li",{parentName:"ol"},"Brent said that 4.1 should bring some notable enhancements including a ",(0,me.kt)("inlineCode",{parentName:"li"},"podman inspect")," command, liveness probes, and more.")),(0,me.kt)("h2",{id:"topics-for-next-meeting"},"Topics for Next Meeting"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Podman on Windows Demo/Update - Jason Green")),(0,me.kt)("h2",{id:"next-meeting-tuesday-june-7-2021-1100-am-eastern-utc-5"},"Next Meeting: Tuesday June 7, 2021, 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h2",{id:"next-cabal-meeting-thursday-april-21-2021-1100-am-eastern-utc-5"},"Next Cabal Meeting: Thursday April 21, 2021, 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h3",{id:"meeting-end-1127-am-eastern-utc-5"},"Meeting End: 11:27 a.m. Eastern (UTC-5)"),(0,me.kt)("h2",{id:"bluejeans-chat-copypaste"},"BlueJeans Chat copy/paste:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Me11:01 AM\nPlease Sign in at: https://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\nMatthew Heon11:04 AM\nhttps://asciinema.org/a/onBRxqPs9bpyvbbdeJOYXHvj5\nValentin Rothberg11:18 AM\n@Lance, can you run the following commands to test?\n1) podman run --name=test --replace ubi8 echo Hello World!\n2) journalctl --user -b CONTAINER_NAME=test\nAshley Cui11:21 AM\nhttps://github.com/containers/desktop\n")))}Ta.isMDXComponent=!0;const Sa={},Na="Podman Community Meeting",Ca=[{value:"August 2, 2022 11:00 a.m. Eastern (UTC-5)",id:"august-2-2022-1100-am-eastern-utc-5",level:2},{value:"Attendees ( total)",id:"attendees--total",level:3},{value:"Meeting Start: 11:02 a.m. EST",id:"meeting-start-1102-am-est",level:2},{value:"BlueJeans Recording",id:"bluejeans-recording",level:3},{value:"Fetchit Demo",id:"fetchit-demo",level:2},{value:"Sally O'Malley/Ryan Cook",id:"sally-omalleyryan-cook",level:3},{value:"(1:40 in the video)",id:"140-in-the-video",level:4},{value:"Moving pods and containers to Kubernetes cluster with 'podman kube apply'",id:"moving-pods-and-containers-to-kubernetes-cluster-with-podman-kube-apply",level:2},{value:"Urvashi Mohnani",id:"urvashi-mohnani",level:3},{value:"(27:38 in the video)",id:"2738-in-the-video",level:4},{value:"Podman Desktop Updates",id:"podman-desktop-updates",level:2},{value:"Florent Benoit & Stevan Le Meur",id:"florent-benoit--stevan-le-meur",level:3},{value:"(37:10 in the video)",id:"3710-in-the-video",level:4},{value:"Open Forum/Questions?",id:"open-forumquestions",level:2},{value:"(47:35 in the video)",id:"4735-in-the-video",level:4},{value:"Topics for Next Meeting",id:"topics-for-next-meeting",level:2},{value:"Next Meeting: Tuesday, October 4, 2022, 11:00 a.m. Eastern (UTC-4)",id:"next-meeting-tuesday-october-4-2022-1100-am-eastern-utc-4",level:2},{value:"Next Cabal Meeting: Thursday, September 15, 2022, 11:00 a.m. Eastern (UTC-4)",id:"next-cabal-meeting-thursday-september-15-2022-1100-am-eastern-utc-4",level:2},{value:"Meeting End: 11:54 a.m. Eastern (UTC-4)",id:"meeting-end-1154-am-eastern-utc-4",level:3},{value:"BlueJeans Chat copy/paste:",id:"bluejeans-chat-copypaste",level:2}],Pa={toc:Ca},xa="wrapper";function Da(e){let{components:t,...n}=e;return(0,me.kt)(xa,(0,K.Z)({},Pa,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-meeting"},"Podman Community Meeting"),(0,me.kt)("h2",{id:"august-2-2022-1100-am-eastern-utc-5"},"August 2, 2022 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h3",{id:"attendees--total"},"Attendees ( total)"),(0,me.kt)("p",null,"Tom Sweeney, Chris Evich, Ashley Cui, Valentin Rothberg, Paul Holzinger, Nalin Dahyabhai, Giuseppe Scrivano, Preethi Thomas, Lokesh Mandvekar, Niall Crowe, Charlie Doern, Dan Walsh, Jake Correnti, Aditya Rajan, Karthik Elango, Mark Russell, Miloslav Trmac, Stevan Le Meur, Sally O'Malley, Ryan Cook, Urvashi Mohnani, Mohan Boddu, Florent Benoit, Martin Jackson, Mohan Bodu, Stephen Adams, Joseph Sawaya"),(0,me.kt)("h2",{id:"meeting-start-1102-am-est"},"Meeting Start: 11:02 a.m. EST"),(0,me.kt)("h3",{id:"bluejeans-recording"},"BlueJeans ",(0,me.kt)("a",{parentName:"h3",href:"https://youtu.be/Ee-boJpjSvA"},"Recording")),(0,me.kt)("h2",{id:"fetchit-demo"},"Fetchit Demo"),(0,me.kt)("h3",{id:"sally-omalleyryan-cook"},"Sally O'Malley/Ryan Cook"),(0,me.kt)("h4",{id:"140-in-the-video"},"(1:40 in the video)"),(0,me.kt)("p",null,"(Slides)","[./Fetchit_demo.pdf]"),(0,me.kt)("p",null,"Fetchit allows managing container deployments at scale. The repo is ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/fetchit"},"here")),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"GitOps driven deployment"),(0,me.kt)("li",{parentName:"ul"},"Host interacts directly with Git rather than through an intermediary"),(0,me.kt)("li",{parentName:"ul"},"Podman Go bindings"),(0,me.kt)("li",{parentName:"ul"},"Not Kubernetes dependent"),(0,me.kt)("li",{parentName:"ul"},"Lift and shift hardware")),(0,me.kt)("p",null,"Podman's Go bindings helped a lot in creating containers and doing related operations."),(0,me.kt)("p",null,"How does Fetchit Happen?"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Pull in git/image assets"),(0,me.kt)("li",{parentName:"ul"},"Cron based scheduling"),(0,me.kt)("li",{parentName:"ul"},"Podman socket"),(0,me.kt)("li",{parentName:"ul"},"Dynamic reload of Fetchit configuration")),(0,me.kt)("p",null,"The Podman socket allows for either root or user access."),(0,me.kt)("p",null,"Fetchit helps to solve resource-constrained environments."),(0,me.kt)("p",null,"Fetchit runs in a Podman container, can run systemd, ansible, filetransfer, and other options."),(0,me.kt)("p",null,"Configuration reload allows to reload the configuration and uses Podman's prune command to clean up cruft."),(0,me.kt)("p",null,"What's next for Fetchit?"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"GitSign to verify commits"),(0,me.kt)("li",{parentName:"ul"},"Image verification cosign or similar solution"),(0,me.kt)("li",{parentName:"ul"},"Ansible-pull")),(0,me.kt)("p",null,"Dan noted that sigstore functionality will be baked into Podman v4.2 and Fetchit should be able to used it for signature verification."),(0,me.kt)("p",null,"Demos (12:40 in the video)"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Scale up"),(0,me.kt)("li",{parentName:"ul"},"Podman Kube + Clean up"),(0,me.kt)("li",{parentName:"ul"},"Podman systemd")),(0,me.kt)("p",null,"Showed the Fetchit config file, launched an RHEL 8 instance on Amazon, and kept it tiny. Added Podman install instructions and launched 10 instances at once. All systems up, and no touching necessary from Ryan. This runs the commands on each node, and they go to the git location to get their instructions."),(0,me.kt)("p",null,"Sally then demo'd running Fetchit as a user server as non-root. It showed the containers spinning up, doing their work, and then cleaning themselves up afterward."),(0,me.kt)("p",null,"The second demo is for the fetchit kube play method. It looks for a Yaml file in a Git repo, and Fetchit will grab them. It created containers and pods and started up Nginx. After prune runs, the images will be cleaned up."),(0,me.kt)("p",null,"They need to be careful to not reinvent Kubernets or Ansible."),(0,me.kt)("h2",{id:"moving-pods-and-containers-to-kubernetes-cluster-with-podman-kube-apply"},"Moving pods and containers to Kubernetes cluster with 'podman kube apply'"),(0,me.kt)("h3",{id:"urvashi-mohnani"},"Urvashi Mohnani"),(0,me.kt)("h4",{id:"2738-in-the-video"},"(27:38 in the video)"),(0,me.kt)("p",null,"New command ",(0,me.kt)("inlineCode",{parentName:"p"},"podman kube apply"),". Currently, there's a ",(0,me.kt)("inlineCode",{parentName:"p"},"podman kube generate")," command that lets you create your kube yaml based on your pods, containers, etc. The apply command enables you to deploy a kube yaml to a Kubernetes cluster when a kubeconfig file is given."),(0,me.kt)("p",null,"Urvashi then showed how it all worked in the demo."),(0,me.kt)("p",null,"Demo (28:20 in the video)"),(0,me.kt)("p",null,"Generated kube mypod and the did ",(0,me.kt)("inlineCode",{parentName:"p"},"podman kube apply")),(0,me.kt)("p",null,"Created a new namespace and generated a new service file and applied it. She then showed the services, and it showed the pod was created."),(0,me.kt)("p",null,"Kubeconfig file can hold info for multiple clusters."),(0,me.kt)("h2",{id:"podman-desktop-updates"},"Podman Desktop Updates"),(0,me.kt)("h3",{id:"florent-benoit--stevan-le-meur"},"Florent Benoit & Stevan Le Meur"),(0,me.kt)("h4",{id:"3710-in-the-video"},"(37:10 in the video)"),(0,me.kt)("p",null,"Podman Desktop latest new features:"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("p",{parentName:"li"},"Onboarding sequence (home page), detects if podman runs and ability to start it")),(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("p",{parentName:"li"},"Registry Support")),(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("p",{parentName:"li"},"Proxy configuration")),(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("p",{parentName:"li"},"Revamped UI for containers and images")),(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("p",{parentName:"li"},"Windows: Install of podman + Podman Desktop")),(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("p",{parentName:"li"},"Help page"),(0,me.kt)("p",{parentName:"li"},"0.0.6 will be released along with Podman 4.2\nDemo video: ",(0,me.kt)("a",{parentName:"p",href:"https://www.youtube.com/watch?v=br8b6DUHpD8"},"https://www.youtube.com/watch?v=br8b6DUHpD8")))),(0,me.kt)("p",null,"Demo (40:10 in the video)"),(0,me.kt)("p",null,"Early Adopter Program:\nAsking users to join the early adopter program, which is linked from the top of podman-desktop.io web page. Especially looking for users interesting into providing feedback and getting involved on shaping up the tool."),(0,me.kt)("p",null,"Links:"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"github.com/containers/podman-desktop"),(0,me.kt)("li",{parentName:"ul"},"podman-desktop.io")),(0,me.kt)("h2",{id:"open-forumquestions"},"Open Forum/Questions?"),(0,me.kt)("h4",{id:"4735-in-the-video"},"(47:35 in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Protections on prune in Fetchit? If you're worried about losing, you can run in an drun manually instead. The 'podman prune' does images not volume. Fetchit would only prune a volume if not images/containers used it."),(0,me.kt)("li",{parentName:"ol"},"4.2 rc3 going out soon, v4.2 on Fedora on Aug 15.")),(0,me.kt)("h2",{id:"topics-for-next-meeting"},"Topics for Next Meeting"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Podman on Mac installer.")),(0,me.kt)("h2",{id:"next-meeting-tuesday-october-4-2022-1100-am-eastern-utc-4"},"Next Meeting: Tuesday, October 4, 2022, 11:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h2",{id:"next-cabal-meeting-thursday-september-15-2022-1100-am-eastern-utc-4"},"Next Cabal Meeting: Thursday, September 15, 2022, 11:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h3",{id:"meeting-end-1154-am-eastern-utc-4"},"Meeting End: 11:54 a.m. Eastern (UTC-4)"),(0,me.kt)("h2",{id:"bluejeans-chat-copypaste"},"BlueJeans Chat copy/paste:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Me10:57 AM\nPlease sign in here: https://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\nMe11:00 AM\nPlease sign in here: https://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\nMe11:02 AM\nhttps://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\nValentin Rothberg11:02 AM\nGood to see you Sally and Ryan!\nMark Russell11:04 AM\nyay Fetchit!\nAdi11:19 AM\n@ryan: So cool. Is the process running cron which checks for consistency with repo running on each instance or just running on the controlling host ?\nDaniel (rhatdan) Walsh11:20 AM\nIt is running on each node. There is no controlling node, all nodes are going to git location and getting their instructions.\nRyan Cook11:24 AM\nDan nailed it. All nodes operate independently\nAdi11:26 AM\nAh i see nice !!! all nodes independent and git as single source of truth\nAdi11:30 AM\n@ryan: if kube is implemented is it under consideration to distribute replica of pods across nodes ? If yes I think a central API server would be needed\nSally O'Malley11:31 AM\nwe (fetchit) also closely watching this kube-apply - we'll be adding this function to fetchit - to combine w/ a minimal k8s env such as microshift\nMiloslav Trmac11:40 AM\nEither it\u2019s a personal cluster, in which case the user has a kubeconfig, or it is an enterprise shared one, in which case login can get complex (OpenID via a browser) and we probably don\u2019t want to deal with that.\nAdi11:41 AM\n@miloslav yes i meant the same\nPreethi Thomas11:47 AM\nlol\nAdi11:49 AM\n@miloslav: also if its prod or stage cluster the workload is directly moving from podman to cluster which might become issue\nRyan Cook11:54 AM\nthank you all!\nStevan Le Meur11:54 AM\nthanks all!\nFlorent Benoit11:55 AM\nthanks, bye\nMe11:55 AM\n")))}Da.isMDXComponent=!0;const Ba={},Ea="Podman Community Cabal Meeting Notes",Wa=[{value:"Jauary 19, 2023 11:00 a.m. Eastern",id:"jauary-19-2023-1100-am-eastern",level:2},{value:"January 19, 2023 Topics",id:"january-19-2023-topics",level:2},{value:"Meeting Notes",id:"meeting-notes",level:3},{value:"Podman v4.4 Update - (0:50 in the video) - Matt Heon",id:"podman-v44-update---050-in-the-video---matt-heon",level:3},{value:"Autoclosing issues in GitHub - (2:54 in the video) - Ed Santiago",id:"autoclosing-issues-in-github---254-in-the-video---ed-santiago",level:3},{value:"Time-to-merge-tool using AI - (26:12 in the video) - Aakanksha Duggal",id:"time-to-merge-tool-using-ai---2612-in-the-video---aakanksha-duggal",level:3},{value:"Open discussion (52:42 in the video)",id:"open-discussion-5242-in-the-video",level:4},{value:"Next Meeting: Thursday, February 16, 2023, 11:00 a.m. EDT (UTC-5)",id:"next-meeting-thursday-february-16-2023-1100-am-edt-utc-5",level:3},{value:"Possible Topics",id:"possible-topics",level:2},{value:"Next Community Meeting: Tuesday, February 7, 2023 11:00 a.m. EDT (UTC-5)",id:"next-community-meeting-tuesday-february-7-2023-1100-am-edt-utc-5",level:3},{value:"Possible Topics:",id:"possible-topics-1",level:3}],ja={toc:Wa},La="wrapper";function Ha(e){let{components:t,...a}=e;return(0,me.kt)(La,(0,K.Z)({},ja,a,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-cabal-meeting-notes"},"Podman Community Cabal Meeting Notes"),(0,me.kt)("p",null,"Attendees: Matt Heon, Dan Walsh, Nalin Dahyabhai, Paul Holzinger, Lokesh Mandvekar, Valentin Rothberg, Eduardo Santiago, Giuseppe Scrivano, Aditya Rajan, Preethi Thomas, Ashley Cui, Stevan Le Meur, Jeremy Buseman, Aakanksha Duggal, Brent Baude, Christopher Evich, Leon N, Thomas Gonzales, Urvashi Mohnani, Lance Lovette, Martin Jackson"),(0,me.kt)("h2",{id:"jauary-19-2023-1100-am-eastern"},"Jauary 19, 2023 11:00 a.m. Eastern"),(0,me.kt)("h2",{id:"january-19-2023-topics"},"January 19, 2023 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Podman v4.4 Update - Matt Heon")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Autoclosing issues - Ed Santiago\nA. ",(0,me.kt)("a",{parentName:"p",href:"https://issues.redhat.com/browse/RUN-1721"},"https://issues.redhat.com/browse/RUN-1721"))),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Time-to-merge-tool using AI - Aakanksha Duggal\nA. ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/redhat-et/time-to-merge-tool"},"website"),"\nB. contact : ",(0,me.kt)("a",{parentName:"p",href:"mailto:aduggal@redhat.com"},"aduggal@redhat.com")))),(0,me.kt)("h3",{id:"meeting-notes"},"Meeting Notes"),(0,me.kt)("p",null,"Video ",(0,me.kt)("a",{parentName:"p",href:"https://youtu.be/YCi6KuC9ESw"},"Recording")),(0,me.kt)("p",null,"Meeting start 11:02 a.m. Thursday, January 19, 2023"),(0,me.kt)("h3",{id:"podman-v44-update---050-in-the-video---matt-heon"},"Podman v4.4 Update - (0:50 in the video) - Matt Heon"),(0,me.kt)("p",null,"No release notes yet, working on them for the next RC. Podman v4.4 RC2 out recently, RC3 soon with release notes. Final a week or so later. It will include Quadlet support."),(0,me.kt)("h3",{id:"autoclosing-issues-in-github---254-in-the-video---ed-santiago"},"Autoclosing issues in GitHub - (2:54 in the video) - Ed Santiago"),(0,me.kt)("p",null,"Ed doesn't think we should be autoclosing issues with any of the tools. Ed proposes a possible jetsam tag which would be used to mark a potential issue to close. Issue noted ",(0,me.kt)("a",{parentName:"p",href:"https://issues.redhat.com/browse/RUN-1721"},"here"),' - "podman: spike create EOL policies for issues and PRs". Valentin concurs.'),(0,me.kt)("p",null,"If Dan sees an issue go stale after 30 days without any activity, he removes them. The ones that are getting removed are generally lower priority that the community hasn't picked up."),(0,me.kt)("p",null,"Ed is thinking about making a table to note inactive issues and wonders if it would be of help."),(0,me.kt)("p",null,"Dan thinks the table is good for features so that we can review those with a person before it gets closed."),(0,me.kt)("p",null,"Valentin thinks that, in general, humans should make the decision to close an issue, not a bot."),(0,me.kt)("p",null,"Not a lot of support for autoclosing, so Ed is abandoning the idea."),(0,me.kt)("p",null,"Paul and Brent would like to lock closed PRs or Issues after 30 days."),(0,me.kt)("p",null,"Chris said GitHub actions might be useable to resort issues into categories like look at this now. For instance this ",(0,me.kt)("a",{parentName:"p",href:"https://gist.github.com/rh-container-bot/f505b6fb78db279855862e035629f8aa#file-images-md"},"bot")),(0,me.kt)("p",null,"Paul is concerned about older versions of Podman that issues are getting reported against and the time necessary to do fix them."),(0,me.kt)("p",null,"Valentin wants to be careful with these and not just dismiss them as they might also be upstream."),(0,me.kt)("h3",{id:"time-to-merge-tool-using-ai---2612-in-the-video---aakanksha-duggal"},"Time-to-merge-tool using AI - (26:12 in the video) - Aakanksha Duggal"),(0,me.kt)("p",null,(0,me.kt)("a",{target:"_blank",href:n(7903).Z},"Slides"),"\n",(0,me.kt)("a",{parentName:"p",href:"https://github.com/redhat-et/time-to-merge-tool"},"Project on GitHub")),(0,me.kt)("p",null,"AI4CI - Open Source AIOps toolkit"),(0,me.kt)("p",null,"Lack of metrics for Open Source data."),(0,me.kt)("p",null,"The AI4CI supports CI/CD and software dev process"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Data Collection"),(0,me.kt)("li",{parentName:"ul"},"Metrics"),(0,me.kt)("li",{parentName:"ul"},"ML Services"),(0,me.kt)("li",{parentName:"ul"},"Open source AIOps template")),(0,me.kt)("p",null,"The tool measures the time to merge a PR into the GitHub Project. Can be used to id bottlenectks. Historical data of issues, commits and PRs."),(0,me.kt)("p",null,"It gives new contributors an estimate of how long a PR will take to go through the process.."),(0,me.kt)("p",null,"It Collects Data - Features - Model Building - Training Actions - Make predictions."),(0,me.kt)("p",null,"Gives project features."),(0,me.kt)("p",null,"Models service is done by GitHub actions."),(0,me.kt)("p",null,"The Workflow can be started two ways in training and inference mode."),(0,me.kt)("p",null,"It trains for each individual repository. Used currently by openshift, ansible, and others."),(0,me.kt)("p",null,"It requires an action.yaml file and a few other files."),(0,me.kt)("p",null,"Demo - (36:24 in the video)"),(0,me.kt)("p",null,"Aakanksh showed her repo and walked through the files that need to be put into place within the GitHub workflows."),(0,me.kt)("p",null,'Once setup, you can go to "Actions" and click on the training.'),(0,me.kt)("p",null,"There is also an ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/AICoE/elyra-aidevsecops-tutorial/issues/532#issuecomment-1347919300"},"autoclose")),(0,me.kt)("h4",{id:"open-discussion-5242-in-the-video"},"Open discussion (52:42 in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Podman v4.4 RC2 errors\nMartin Jackson noted an issue with CNI errors on Podman 4.4 RC2. ",(0,me.kt)("a",{parentName:"li",href:"https://bodhi.fedoraproject.org/updates/FEDORA-2023-a0f754c701"},"Issues"))),(0,me.kt)("h3",{id:"next-meeting-thursday-february-16-2023-1100-am-edt-utc-5"},"Next Meeting: Thursday, February 16, 2023, 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h2",{id:"possible-topics"},"Possible Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"None discussed.")),(0,me.kt)("h3",{id:"next-community-meeting-tuesday-february-7-2023-1100-am-edt-utc-5"},"Next Community Meeting: Tuesday, February 7, 2023 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h3",{id:"possible-topics-1"},"Possible Topics:"),(0,me.kt)("p",null,"Meeting finished 11:59 a.m."),(0,me.kt)("p",null,"Raw Meeting Chat:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"You11:00\u202fAM\nhttps://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nhttps://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nLokesh Mandvekar11:04\u202fAM\nv4.4.0-rc2 will be available in updates-testing soon https://bodhi.fedoraproject.org/updates/?packages=podman\nYou11:05\u202fAM\nhttps://issues.redhat.com/browse/RUN-1721\nMiloslav Trmac11:10\u202fAM\nI think it\u2019s fair to close stale issues on which we can take no action - bugs with information required to debug not provided, PRs (for features we don\u2019t otherwise care about) where the submitter has gone away.\nFor things that were determined to be real bugs or real features we might want, we just don\u2019t have capacity for, I can\u2019t see any benefit to closing them that couldn\u2019t just as well be obtained by sorting by recent updates, and ignoring the older ones.\nChristopher Evich11:22\u202fAM\ne.g. https://gist.github.com/rh-container-bot/f505b6fb78db279855862e035629f8aa#file-images-md\nChristopher Evich11:25\u202fAM\nmarkdown-table posted by 'exuanbo/actions-deploy-gist' github-action.\nMiloslav Trmac11:26\u202fAM\nIf we are overworked, one option is to just do less; another is to farm out some of the effort to other people. In that sense, asking reporters to reproduce on mainline might be a good tradeoff? OTOH it could very well cost us important bugs that would not reach us.\nBrent Baude11:27\u202fAM\nPaul is tugging on a good thread here ... can we get a separate cabal to talk about ubuntu?\nYou11:29\u202fAM\nAakanksha's project: https://github.com/redhat-et/time-to-merge-tool\nYou11:35\u202fAM\nI suspect Preethi is enthralled....\nYou11:42\u202fAM\nCan you ignore a particular user's PRs? I'm thinking dependabot/bot users who would potentially mess up the curve for most \"real\" people.\nYou11:51\u202fAM\nAakanksha, can you ping me by email so I can have you email address please?\nAakanksha Duggal11:52\u202fAM\nhttps://github.com/AICoE/elyra-aidevsecops-tutorial/issues/532#issuecomment-1347919300\nMiloslav Trmac11:54\u202fAM\nIs the ML model interpretable, i.e. can it give us insight into causes / correlations?\nAakanksha Duggal11:54\u202fAM\n@miloslav - not yet, but something we plan to look into.\nPreethi Thomas11:55\u202fAM\nThanks Aakansha for presenting\nLokesh Mandvekar11:56\u202fAM\nhttps://bodhi.fedoraproject.org/updates/FEDORA-2023-a0f754c701\nChristopher Evich11:57\u202fAM\nYa, thanks Aakansha, it's a really neat way to use AI/ML.\nAakanksha Duggal11:57\u202fAM\nThank you for having me. Please feel free to contact me if needed. :)\nieq-pxhy-jbh\n")))}Ha.isMDXComponent=!0;const Ra={},Ja="Podman Community Cabal Meeting Notes",Oa=[{value:"April 20, 2023 11:00 a.m. Eastern",id:"april-20-2023-1100-am-eastern",level:2},{value:"April 20, 2023 Topics",id:"april-20-2023-topics",level:2},{value:"Meeting Notes",id:"meeting-notes",level:3},{value:"Possible Podman 5 features (1:14 in the video) - Dan Walsh - 1",id:"possible-podman-5-features-114-in-the-video---dan-walsh---1",level:3},{value:"Bug Week (54:51 in the video) - Matt Heon",id:"bug-week-5451-in-the-video---matt-heon",level:3},{value:"Open discussion (49:00 in the video)",id:"open-discussion-4900-in-the-video",level:4},{value:"Next Meeting: Thursday, May 18, 2023, 11:00 a.m. EDT (UTC-5)",id:"next-meeting-thursday-may-18-2023-1100-am-edt-utc-5",level:3},{value:"Possible Topics",id:"possible-topics",level:2},{value:"Next Community Meeting: Tuesday, June 6, 2023, 11:00 a.m. EDT (UTC-5)",id:"next-community-meeting-tuesday-june-6-2023-1100-am-edt-utc-5",level:3},{value:"Possible Topics:",id:"possible-topics-1",level:3}],Fa={toc:Oa},Ga="wrapper";function Ua(e){let{components:t,...n}=e;return(0,me.kt)(Ga,(0,K.Z)({},Fa,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-cabal-meeting-notes"},"Podman Community Cabal Meeting Notes"),(0,me.kt)("p",null,"Attendees: Matt Heon, Paul Holzinger, Lokesh Mandvekar, Valentin Rothberg, Eduardo Santiago, Giuseppe Scrivano, Preethi Thomas, Ashley Cui, Brent Baude, Chris Evich, Urvashi Mohnani, Martin Jackson, Mohan Boddu, Dan Walsh, Anders Bjorklund, Shion Tanaka, Stevan Le Meur,"),(0,me.kt)("h2",{id:"april-20-2023-1100-am-eastern"},"April 20, 2023 11:00 a.m. Eastern"),(0,me.kt)("h2",{id:"april-20-2023-topics"},"April 20, 2023 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Possible Podman 5 features - Dan Walsh/All\n","*","SQLite"),(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"hyperV"),(0,me.kt)("li",{parentName:"ul"},"Mac Native Virt"),(0,me.kt)("li",{parentName:"ul"},"Drop CNI"),(0,me.kt)("li",{parentName:"ul"},"Drop Cgroup V1"),(0,me.kt)("li",{parentName:"ul"},"ZSTD By default"),(0,me.kt)("li",{parentName:"ul"},"podman build -> build farm support"),(0,me.kt)("li",{parentName:"ul"},'(refactor podman machine) <-- not "feature" but ...'),(0,me.kt)("li",{parentName:"ul"},"making manifest lists by default"),(0,me.kt)("li",{parentName:"ul"},"Use OCI images for podman machine",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"podman <-> podman machine versioning ..."))),(0,me.kt)("li",{parentName:"ul"},"assimilate podman machine services"))),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Bug week reminder/participation invitation - Matt Heon"))),(0,me.kt)("h3",{id:"meeting-notes"},"Meeting Notes"),(0,me.kt)("p",null,"Video ",(0,me.kt)("a",{parentName:"p",href:"https://youtu.be/_NnWUqyaBmw"},"Recording")),(0,me.kt)("p",null,"Meeting started at 11:02 a.m. Thursday, April 20, 2023"),(0,me.kt)("h3",{id:"possible-podman-5-features-114-in-the-video---dan-walsh---1"},"Possible Podman 5 features (1:14 in the video) - Dan Walsh - 1"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"SQLite - Works underway."),(0,me.kt)("li",{parentName:"ul"},'hyperV - Up for testing. Talk to Brent about the "decoder ring"'),(0,me.kt)("li",{parentName:"ul"},"Mac Native Virt - doing qemu not on Mac, Apple is making qemu less attractive for multi-arch, so we're looking at Mac native virtualization and working on it today, targeting Podman v4.6."),(0,me.kt)("li",{parentName:"ul"},"Drop CNI - Looking at dropping the CNI network. Currently, Netavark is the default for the latest. We are looking at dropping CNI as of RHEL 10. If we don't, then the RHEL team will need to support it for ten years or so from when RHEL 10 is released. Matt thinks the code cleanup is the most significant benefit."),(0,me.kt)("li",{parentName:"ul"},"Drop Cgroup V1 - Similar to dropping CNI and more important to Dan as systemd is about to drop support for cgroup v1. We are looking at Podman v5.0 for this too. We need to be sure that we don't mess up partners such as Ubuntu LTS. Another thing to watch for is Chromebook users use a Debian base, and that might be problematic too. Anders pointed out that his Ubuntu 22.04 has systemd/cgroups v2"),(0,me.kt)("li",{parentName:"ul"},"ZSTD By default - using the ZSTD compression algorithm instead of gzip. Older versions of Docker don't support ZSTD, so that's a bit of a concern. The thought is to let the user pick or push to versions of the image. A lot quicker downloads with ZSTD over gzip. A problem with pushing two images, people may have to pay for storing or pushing multiple images. The thought is to default to ZSTD and allow users to configure back to gzip in their containers.conf file. The compression happens only during push/pull. The format of the image on disk or in the registry remains the same. Brent would like to get buy-in from Quay, but they won't likely step up until we, or someone else, starts using ZSTD more frequently. The Moby shipped with Fedora now uses ZSTD."),(0,me.kt)("li",{parentName:"ul"},"podman build -> build farm support - Nalin is working on this to allow building of an image for multiple architectures. Nalin is making it a very easy to specify with podman build command line options. You wouldn't need to deal with manifests nor have any need to deal with a second VM running another architecture, it would just work. It will build natively, not in emulation mode. Under development at the moment."),(0,me.kt)("li",{parentName:"ul"},'(refactor podman machine) <-- not "feature" but ... - After the Apple hypervisor work is complete, some refactoring of the podman machine might be a good thing to do for speed. This might be done earlier than Podman v5. Dan also noted that we\'re thinking about moving podman machine to a separate repo. We might draw more interest in contributing if we did move it.'),(0,me.kt)("li",{parentName:"ul"},"making manifest lists by default - when you pull an image to a system, by default, you don't always get a list. If you have a multi-arch image, this can be a problem. Looking into being able to pull manifest lists down so multi-arch images could be better supported. The thinking is to turn this on by default in Podman v5 and then allow users to opt out of it. Matt is concerned that someone might get angry as manifest lists (JSON file) will show up that haven't been there before. Brent suggests we hide the lists as much as possible."),(0,me.kt)("li",{parentName:"ul"},"Use OCI images for podman machine"),(0,me.kt)("li",{parentName:"ul"},"podman <-> podman machine versioning ... This allows you to enforce that the version of the client dictates the version of the guest podman machine. That way you run only the version that is supported in your environment. This also helps the development team by not needing to supporting multi version combinations."),(0,me.kt)("li",{parentName:"ul"},"assimalate podman machine services - for running a podman machine depending on the hypervisor and the Operating System, it is required to have a number of services running due to a number of microservices. The talk is to move it all under one potentially."),(0,me.kt)("li",{parentName:"ul"},"Anders talked about some storage ideas (",(0,me.kt)("inlineCode",{parentName:"li"},"ipfs://"),") that had been kicked around in the past and is wondering if any work has gone on that. It would allow layers to be split across multiple files. This would be in c/storage. Matt thinks\n",(0,me.kt)("a",{parentName:"li",href:"https://archive.fosdem.org/2022/schedule/event/container_ipfs_image/"},"https://archive.fosdem.org/2022/schedule/event/container_ipfs_image/"))),(0,me.kt)("h3",{id:"bug-week-5451-in-the-video---matt-heon"},"Bug Week (54:51 in the video) - Matt Heon"),(0,me.kt)("p",null,"Podman/Buildah teams are doing a bug fix week next week. We're encouraging people to help or point out bugs important to you. Then stability releases after that. So afterward, we'd be at Podman v4.5.1."),(0,me.kt)("h4",{id:"open-discussion-4900-in-the-video"},"Open discussion (49:00 in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Martin was asking about Quadlet and was it going from tech preview to fully supported. Martin uses Quadlet and is really liking it. He thinks it's one of the best features in Podman. Dan noted we've gotten a lot of nice feedback, but now we need to get the word out. As we move to edge devices, Quadlet will be more critical."),(0,me.kt)("li",{parentName:"ol"},"Dan talked about Valentin's thought to never break on upgrade to a new version. For Dan it's more about pushing the envelope, otherwise you get old code. Dan has broken things in the past to secure code. Dan believes both viewpoints are valid. Matt suggests that we might support a v4.0 Podman for a while longer, but that would only have bug fixes, not new enhancements.")),(0,me.kt)("h3",{id:"next-meeting-thursday-may-18-2023-1100-am-edt-utc-5"},"Next Meeting: Thursday, May 18, 2023, 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h2",{id:"possible-topics"},"Possible Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"containersh - Dan Walsh"),(0,me.kt)("li",{parentName:"ol"},"Storage - allow layers to be split across multiple files. - Anders Bjorklund")),(0,me.kt)("h3",{id:"next-community-meeting-tuesday-june-6-2023-1100-am-edt-utc-5"},"Next Community Meeting: Tuesday, June 6, 2023, 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h3",{id:"possible-topics-1"},"Possible Topics:"),(0,me.kt)("p",null,"None Discussed"),(0,me.kt)("p",null,"Meeting finished 11:58 a.m."),(0,me.kt)("p",null,"Raw Meeting Chat:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"You11:02\u202fAM\nhttps://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nYou11:05\u202fAM\nPlease sign in or add to the meeting notes: https://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nAnders F Bj\xf6rklund11:17\u202fAM\nmy Ubuntu 22.04 has systemd/cgroups v2\nBrent Baude11:22\u202fAM\nty Anders\nBrent Baude11:51\u202fAM\ni need to drop as well\nAnders F Bj\xf6rklund11:51\u202fAM\nhttps://archive.fosdem.org/2022/schedule/event/container_ipfs_image/\nieq-pxhy-jbh\n\n")),(0,me.kt)("p",null,"Raw Transcript"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"ieq-pxhy-jbh (2023-04-20 17:03 GMT+2) - Transcript\nAttendees\nAnders F Bj\xf6rklund, Ashley Cui, Brent Baude, Christopher Evich, Daniel Walsh, Ed Santiago Munoz, Lokesh Mandvekar, Martin Jackson, Matt Heon, Mohan Boddu, Paul Holzinger, Preethi Thomas, Shion Tanaka, Stevan Le Meur, Tom Sweeney, Tom Sweeney's Presentation, Valentin Rothberg\nTranscript\nThis editable transcript was computer generated and might contain errors. People can also change the text after it was created.\nTom Sweeney: Have and there it is. Welcome everybody. This is April 20th 2023. This is the Podman Community cabal meeting for this meeting. We usually talk about design issues or thoughts for Pod, man. And today we have a good slate of stuff for Pod Man, 50 features, which is coming up. Container essay, and then also talk about Bug Week. So We have a hack MD going, I've put a link into the comments here for Google meet. Please go ahead and add your comments since there is we go along or if I'm going to try and take notes and if I mess up, please go ahead and correct me or add links as appropriate. So giving all that I have Dan walshill first with possible pod, man, 5 features and\nDaniel Walsh: Okay, can you put up the\nDaniel Walsh: You put up the feet, the slide or\u2026\nTom Sweeney: Yeah.\nDaniel Walsh: whatever. thing, everybody slides, shining it shining into\nDaniel Walsh: Okay. so, I view Major releases in two ways, and balance is going to be pushing back on this. So it could get entertainment entertaining a little bit. I view a major release as being A milestone of marketing more than just being, you know, having it like In the real world when relate. Well, nine well-10 comes out. It's not only a chance to say we have new functionality but it's also a chance for marketing. You know, isn't it great that we move this far ahead? So I'd like to, you know, over the years when we had different versions of Pod Man, Come Out. It was not only we didn't do it just for breaking changes but we also did it so much from marketing. So I think with podman 2 came out, we added\nDaniel Walsh: We moved. I think we that was the first time we added in the new API and FOD, Man, 3 came out. We added appointment, three came out, we had a new API and pod, man. 4 came out, We added, You know, some of the pipe, my machine functionality and other things like that. So when we look at now, it's been well. This is probably planned for the end of the year early next year. So it's gonna be two years since Pod, Man Full came out at that point. So the question I have is what, what did the long-range things that we'd like to see in a marketing event for five man. Five on a second thing is, is when we come up with the major release, it gives us a chance to change the defaults in such a way that potentially, they could break break people. And obviously that's something that we want to avoid.\nDaniel Walsh: If at all possible but sometimes it's it's necessary in order to move forward. So things I threw down for ideas for podman 5 and again, these don't have to wait for apartment five. They're just major things that are going on in the Pod, Man world right now.\nDaniel Walsh: That I I see moving forward and I just threw down a few ideas right now this for those. That don't know, there is a pod man, internal database right now is based on multi B and it's felt by the maintainers of the database that it was important to force to support ability. We saw a lot of corruptions happening and multi B and we felt that the upstream for both DB was not as responsive or not as active as we'd like. And so we wanted to switch to something a little more stable which was ask you a light. And so that's actually in Part-man 405 right now, you can actually test With.\nDaniel Walsh: SQLite. But I'm at apartment 5, we'd switch. The default to SQL Light. Obviously upgrades would continue in both DB, but if you did a restart reset, then you switched SQLite There's also a big effort for the lots and lots of uses on Windows cannot support.\nDaniel Walsh: Wsl. Usually it's something inside the company that says, they don't like wsl or whatever reason it is and they've asked us to support five main machine for Native virtualization. So on Windows, the first version of that is going to be Hyper-V, which is being heavily worked on right now. When Brent is there? Is that available at all right? Now for testing\n00:05:00\nBrent Baude: It's actually done.\nBrent Baude: There's some official stuff that needs to go into fossa and ignition. But and some nits to smooth over in podman. but, Yeah, you just need the secret decoder ring. For me to get the image.\nDaniel Walsh: Yeah. And I don't I mean again this you know probably obviously is going to come out probably in four six might be you know just you won't need the Dakota ring to turn it on at that point or but it's it's something that we want to again market that we have new architecture. Just are not new virtualization support.\nBrent Baude: Yep.\nDaniel Walsh: Secondarily to that is on the max right now. We support qemu for running our podman machines. And there's been a lot of requests for sporting that native virtualization. Mac apples actually, making it much more attractive or\nDaniel Walsh: Making c** you much less attractive as a solution based on some of this stuff they're doing for support of multi-atch building. So that's sort of driving us towards native virtualization Plus, we believe that we can get better performance by using Verdeo of SD instead of playing nine for volume mounting into the containers. This is something the darker currently supports. So we will be doing some time in the next six months or so we moving, or adding support for native Mac. Virtualization anything you want to say on that Brent.\nBrent Baude: Started working on it today, hope to have it done for four six.\nDaniel Walsh: Okay. The next one is, now we start to get into system controvers. So, not only three above would necessarily be breaking changes.\nDaniel Walsh: The next one would be potentially more controversial, which would be to drop CNI support right now. We if you run containers, With pod man. The default that you get on a fresh installed pod, man is neta back for networking stack. We currently also continue to support CNI, but the idea would be, Can we get rid of the CNI code? Can we get rid of the support headache of CNI? And really, this to me, is more guided towards a real 10 type release thing and that\nDaniel Walsh: when we sign up for new version of podman releases on a particular rail, we're signing up for 10 years of support. So the question is, Do we want to support? CNI 12 years from now on top of Pod, Man. Now, obviously, we can never break. We can't break REL support on Level Eight Row 9. So CNI support. But can we start to get rid of it by default? and I think that, Mainly for people on here that ends up being somewhat of a time sink. For a matte and Paul.\nDaniel Walsh: Hopefully would start to disappear as we move forward and more people use it, but it would clean up the code base to get rid of C and I altogether out of it. Any comments by Matt Paul on that.\nDaniel Walsh: Yeah, I mean the one benefit also of saying we're dropping CNI is that it can convince people to switch over to Netovac easier than feeling like they're gonna get it supported for? Forever.\nMartin Jackson: That.\nMartin Jackson: There.\nDaniel Walsh: The next one is also similar and probably more to me, more important. Is that we right now, I believe system D is about to drop support for C groups, V1, Um, so that I think, I don't know if it's Fedora 38, if there are 39 is no longer going to support sea Groups, B to be one. So can we start to look at dropping support for cigarettes for you, one for our tool chain. So I think the primary tool there would be like Seron and run c start to think about it as well as I'm not sure how much We do in Pod man for that, but it's probably they're certain flags. That would have to be start to be removed since then. All I can make sense in the cedar must be two worlds. Um, and again, I think that's just for long range support. right now, from a rel,\n00:10:00\nDaniel Walsh: point of view around 9:00 defaults to see groups V2 relate on the single three one but rallied is going into\nDaniel Walsh: Support mode. I think, either, I think in either the next release of the one after is going to be in full support mode so that We shouldn't be. Adding new features to see them to be one or in that dying out. Anybody want to comment on that?\nBrent Baude: I do proposed timing. of the podman 5, I think would have A big influence on that particular topic. I actually really like this idea.\nBrent Baude: There's some distribution benefits to this.\nBrent Baude: But I think one of the things we'll have to do is if we did it today, we'd be cutting off. The two lts's of Ubuntu, right? Is that correct? Is a mantu gone to see groups, we too. They might happen to know.\nChristopher Evich: I think the latest one is.\nAnders F Bj\xf6rklund: I think 22.\nBrent Baude: Okay. Yeah, so it's just something to contemplate as Who we lose? If we do that and but otherwise, I'm completely comfortable with this.\nChristopher Evich: But the old ubuntu's, the old lts a bunches, they just won't update. Right. They they're going to just keep running the older apartment. Should.\nBrent Baude: Yeah, it was sort being unaware that their V2 now so is our V2 lts.\nValentin Rothberg: No.\nBrent Baude: That's what we need.\nValentin Rothberg: I also think that who's is using V1 still. So, if we Cut, or if we would drop.\nDaniel Walsh: Christopher.\nMartin Jackson: A lot of Chromebook users are on old Debians\u2026\nBrent Baude: So, maybe\nMartin Jackson: because of the Chromebook Chromebook default virtualization scheme and I think they might be stuck to.\nBrent Baude: So, Dan sounds like, maybe we need to Kind of understand what everyone else is V2 plans. Sort of look like But again. we could theoretically, just Do it and\nBrent Baude: deal with the consequences.\nDaniel Walsh: Yeah.\nPaul Holzinger: I one question.\nDaniel Walsh: so,\nPaul Holzinger: how much C group code is actually important because isn't most of it done by the runtimes,\nMatt Heon: There's a fair bit of complexity involved in how we do system unit container and how we do the Pod C groups in particular Pod, resource limits involve a fair bit of, super one for C2 last, I checked those would be the big ones. I would say. It's not a huge amount of code, but it is, it is some of the most complicated code. If you've ever seen the code to set up our potsy groups, It's a horrifying massive. If statements\nDaniel Walsh: Yeah.\nBrent Baude: I like the idea. I'd sure like to keep kicking it around.\nDaniel Walsh: So the next one will get even more controversial, which is so we've been kicking around this idea of moving away from Jesus image format. to Zstd both have been supported for several years and\nMartin Jackson: it's\nDaniel Walsh: The spec. but, Docker did not release for over three years. So, Giuseppe had a pull request into Docker. Back in 2002 and that finally got merged and they released a version with it. In March. so, they had him released from March of twenty two, thousands of my 2023. The.\n00:15:00\nDaniel Walsh: We have women kicking around the idea of supporting what we've currently support both zsdd. And Jesus format for images. And it's been supported for many years. In Container D, Cryo and the rest of the world other than darker, And it's been in pod man. For I think every version of pod man, all the way back to one dot six. Maybe not 106. So which is or else seven?\nDaniel Walsh: The problem is that no one creates images with this format because Of Docker, not being able to support the older versions of darker, not being able to support it. we have ideas about potentially, Allowing you users to Check Pick which format they want to basically in containers duck off, pick which formats, that they want to push images to container registry with, and the options would be zstd gzip or a combination of both. So they could basically have but use it within have to pay the price of Pushing two versions of images to container registries and container registries, that would have to store.\nDaniel Walsh: Two versions of the same image. One compressed with each one of them and pod, man, and tools, based on Containers image would be smart enough to pick out the zestd one. If it existed. So, the benefits of their cost and benefits. And we stick with Gzip, we're stuck with the same format that we've been using for years, but old dark versions of darker support it And they can continue to use it. If we force everybody to go to Zstd then old versions of dark are don't support it but everybody in\nDaniel Walsh: The new versions of Pod Man. Not new versions of darker and all versions of our tool change. Get the benefits of better, better compression Quicker downloads in the case of Pod Man and Cryo and those tools they get you weight Grow quicker downloads since it's the pulling down individual files instead of entire images just a different false at a difference. The third option that combination of both has the Problem of you would have to if you're paying for the bandwidth of pushing images that you'd have to pay for additionals, content being pushed, as well as if you're paying for the cost of storing of images. Then you have to pay for both and we potentially could hear bad things from container. Registries who don't want, you know, who are paying the content paying to store both types of content. So,\nDaniel Walsh: the my proposal for Ralph's, for\nDaniel Walsh: Five would be to, we just switch the default to ZSTD thinking that to be a large enough install base of of dockers out there at that point and for people who don't want to use it, they could just simply change the containers that cost to point to Jesus want to to do both. And, but my fear is that we don't do this then. When Pod Man 6 comes up three years from now we're still going to be having this this debate. So you know can we push this forward?\nMatt Heon: I think risk here is a lot lower than the CNI. And what do you call it secrets? We want stuff because we're not dropping code.\nDaniel Walsh: Yeah. Also distributions can, if distributors want to ship a Canadian stock off, that stays the Gzip, then they have the full ability to do it, This just questioning what should be the default format? We go forward with at that point.\nDaniel Walsh: Any other comments?\nBrent Baude: Yeah. How does it? How does it work? In terms of you, you mentioned push but in terms of run or other actions, if, if the STD is the default, Are we saying, can you have a local container storage that has both formats?\nDaniel Walsh: So it's only I'm push and pull. So when it, when it gets put on to your desk, you don't have the format any longer. The big think of this is more pushing and\u2026\nBrent Baude: Okay.\nDaniel Walsh: this is the problem is if you've tried to pull one these images with an older version of Docker, you will fail. It'll come back with that saying,\u2026\n00:20:00\nBrent Baude: Okay, but\nDaniel Walsh: unsupported format.\nBrent Baude: But I think what you're saying is, there's, you know, both formats would still be perfectly usable. It's just be a swap.\nDaniel Walsh: Yes. Which means\u2026\nBrent Baude: So if container registries didn't\nDaniel Walsh: if I meant stats to push images, that can't be used by older versions of darker. That's that's with the dot, that's where we're gonna get. We're gonna get paid as being anti-unity or anti You know. Oci or something at that point.\nBrent Baude: So, I I would, I would be in favor of this. The one thing I would want some sort of commitment from Let's say somebody like Cui. That they would be there be a way to build. Zstd. On their end.\nBrent Baude: because, A lot of us. Use. Combinations of GITHUB and CUI. And auto building.\nDaniel Walsh: Yeah.\nBrent Baude: and one one, like one image, I can think of in particular is Fedora chorus has a\nBrent Baude: They have a image they use for building for coros. And that image is updated weekly. And it's four and a half gig. But I believe it's built, you know, hands off. So it'd be one of those. One of my questions would be If we if we switch, that would be, this would be more effective if if more people could take advantage of it,\nDaniel Walsh: Yeah, but to me to me that's this is where the check of the egg situation is sort of like the old before we force sea groups, V2. Like Oh no. One support secretly too. Why don't they support it? Because no one uses secret too. So, until we start pushing zsdd images. if you went to Cui and said, You know, will you build with CSD? They're like, well, no one uses the STD so it's sort of\nDaniel Walsh: yeah.\nValentin Rothberg: The problem with cstd is that it's in contrast to see Group C group. You fail immediately on the client. So the users. While with Csdd, it may be a silent change entirely transparent to the user. But when they pushed their images, some of their clients may break because they're still using older. so the let's say, The the error multiplication happens, much further. And much more transitively than for secret security.\nDaniel Walsh: Right.\nDaniel Walsh: Yeah. And I guess so that to follow, I mean, I would argue that we are We did this. When we started supporting OCI because older versions of darker, at the time didn't support OCI images. But at that time, Paul Man was brand new so it wasn't I guess people who would expect it to, Potentially cause more breakage than it would now.\nValentin Rothberg: But also, any any breakage can be negative marketing as well. As much as any major major version. I personally perceive major version bumps as all yet, another breaking change.\nDaniel Walsh: So we can't we can hold off on that one that argument to the end. Since that's the\nDaniel Walsh: I don't see that. I mean potentially we push both but then we're gonna get bad news, you know, by the fall but then we get bad. Press from people saying we're using up twice as much bandwidth twice, as much storage.\nDaniel Walsh: But maybe that's the value one but I don't think it valid one is. Oh, we'll just wait, Yes more before. Does anybody ever use a zdd because You know, at some point in the future, there's gonna be enough docker clients out there that Supporting an old ones and\u2026\nValentin Rothberg: Like, I think it should be a\nDaniel Walsh: I could hear you autos Old Ubuntu is an old. rails and all, well must bad shape, but\nAnders F Bj\xf6rklund: but I think,\nValentin Rothberg: I think it should be stepwise migration where, you know, since it's a containers, conflict can be configurable. So Fedora can go first and just Change the standard compression in only in Fedora to see standard without this being built-in, default, setting for Portman, which would then affect all other distributions as well. so, I think that there are ways to, you know, increase, The usage and\u2026\n00:25:00\nDaniel Walsh: Yeah.\nValentin Rothberg: the user-based step by step and not use the big hammer and switch or try to switch everybody at the same time. I think in Fedora, you know, this is probably at least in this immediate community an easier. Test that\nDaniel Walsh: It and in the movie that she and the Moby that ship by Fedora supports the format. So it's not if you live in a fedora pure environment, you're not going to be bit by this.\nDaniel Walsh: So I could go along with that. Just doing his containers.com and leave the standard. Leave it to fall to the STD for built into package, config into common. Yeah.\nBrent Baude: Yeah.\nDaniel Walsh: Okay.\nDaniel Walsh: I guess. Those that on the call right now, the next one is the concept of the build farm. And nalin. Did a demo of this? I don't know if that was an internal or external. a few weeks ago, the basic idea is as We're hearing more and more people who want to build. Images for multiple formats. So from multiple architectures, And a lot of people, it's a fairly complex. Tooling of fairly complex effort to build image for multiple architectures, especially if you're not building them with some kind of emulation mode. Um, So the the basic idea would be say you're on a Mac. You're saying, I'm too Mac and you're building.\nDaniel Walsh: I'm chips based images and then you want to build x86 image and you want to push both of those to a registry so that you create a new full buyer image and it's too architectures. While doing that is fairly complex and what? Nowlin is demonstrated with the tool. He called Build Farm was the ability to Do that automatically taking advantage of.\nDaniel Walsh: Connections. So now on you on the call,\nDaniel Walsh: Put you on the spot.\nTom Sweeney: Nobody's no way on pidgeot today.\nDaniel Walsh: That one's away on Pto. Okay? So the the basic idea would be to to you do a pod man. Build - platform equals am AMD, 64 comma. I'm calm or power and what would happen is odd, Man. Built Odd, Man client would look through its connection database to see if it has connections to the different architectures and then would launch the bills on the different architectures. So say you had set up three ssh connections to build service to be able to perform the builds on a remote system. Then it would pull the images back to the local system create a manifest list and actually assembly entire image and push it out to a registry. So it wouldn't be you wouldn't have to deal with manifest. You wouldn't have to deal with\nDaniel Walsh: Any any special needs for running multiple, you're sitting on a Mac and two and you had two VMs running two podium machines running one for X86 and one for on then if you build with a - platform I'm an x86 they would go out and to the two different VMs on the local Mac and would build the images and then reassemble them back on the default one and then push that to a registry. So that's what we're looking at for podman, builds farm support. And again, it's not looking at emulation mode. This is looking to build natively or On a native VM running an emulation mode, but as opposed then other basically allowing us to fully assemble those on it.\nDaniel Walsh: Any questions on that?\nAnders F Bj\xf6rklund: and I think that Bill Kit is doing this and I think the killer feature for Kubernetes was Windows containers, being able to build those remotely Because most of the Linux ones could be cross-compiled but not windows.\nDaniel Walsh: The problem across compilation, is, as well as twofold one, it's low, and it's potentially very buggy. I know that in the real world, Well, if you refuses to support cross compilation because it's just not this exact same as native. Now, certain architects, if you're building golang code, it's not as big a problem, but if you're building standard seat code, just to see libraries, I just felt to be way too risky to to support cross country.\n00:30:00\nAnders F Bj\xf6rklund: no, the equipment, this one was gold coat and I mean, and also You couldn't do workarounds if there was some across compilation issues but it's still a good feature. Of course, to be able to have remote bare metal, builders for performance reasons.\nDaniel Walsh: Yeah, yeah. And I'm like having what we're looking at here, Actually more of the client driven solution, then the server driven solutions so that you would just have to set up two two and more connection databases to different architectures and either run that VMs locally or remotely. It's just taking advantage of what basically what Pod man remote currently does to assemble these? I think build kid is more on the service side, so you'd have to have, you know, rely on a server. Being set up to do the multiatch builds. Um so anyways it's something that we'd like to get to match the functionality. That's in build kit now but take advantage of what we have with. Basically, the connection database empowerment.\nDaniel Walsh: So the next one, someone else put in.\nBrent Baude: Yeah, I can do that final comment.\nDaniel Walsh: So I'm gonna let that Yeah, you run the bathroom. All right, I'll be back.\nBrent Baude: Yep, final comment on the bit on that build farm though is I think there's a I've no objection with the feature. That's it's a good feature. I think also though there's A a couple of nuggets of gold on the topic of Cross architecture. Period. Throughout Potman.\nAnders F Bj\xf6rklund: and I think also now that build decks gone default that has kind of upped the competition if you\nBrent Baude: Yeah. So as I think about Batman Moore as a whole, I think there are several areas where architecture plays a role and\nBrent Baude: but, Starting with. My gripe about being able to pull the wrong architecture. And attempt to execute it.\nAnders F Bj\xf6rklund: It. Yeah but I mean there are some nice things like being able to use Kubernetes pod builders and stuff like that, that this could be a nice features to have also important.\nAnders F Bj\xf6rklund: I mean, with, with a root, let's capabilities and everything. You have a You have a whole dockering doctor, a customer to migrate. I think the life. Of course.\nBrent Baude: Indeed. Okay, so Timewise here. I'll try to be efficient. the first one was,\nBrent Baude: After that, apple hypervisor stuff is done.\nBrent Baude: Someone probably not me needs to sit down. and contemplate a refactoring of machine code, there's Plenty of duplication that can be removed. I think there's there's a couple of changes in how we do things that could be. Implemented such as factory or build type patterns.\nBrent Baude: And things along those lines. Again, that's not really a feature, it's not something that users would know about. So it could be It could be set as a goal for V5. Or it could just be done in four dot whatever. And no one be the wiser.\nDaniel Walsh: Fall. Yeah, On similar we have discussed potentially moving part man. Machine out of podman into it, separate repository whether we want to or not people are using pottery machine for uses other than just pod man. and so, it potentially could get if we moved it to a separate repo, then potentially you get more people to coming work on it as a separate project. So there are, there are thoughts going around that.\nBrent Baude: Agreed. I've been sort of asking questions around the team as many of them all know as to whether we should start. Making manifest lists more, integral to podman. So to me that's an open question. But but Dan wanted? wanted edge, sort of ideas that You know, are gonna push things a little bit and This might be one of those again, it involves. some compatibility issues as well as registry things, but I wonder if it's something we should start doing.\n00:35:00\nDaniel Walsh: Yep, for those that don't know when you pull an image right now. To a system by default. We don't have a minute. We don't necessarily pull down and manifest list with the difference between an image in a manifest list. Is that If you have a multi-atch image then you have a manifest list of defines the different arches that are in the image by default. Right? Now a very common era that we hit is people pull down a different architectures image. That becomes a default image and then if you go to run at image layer, say, Pull down Alpine for For arm and you're an x86-64. Now you go run the command. Just do a pod Man. Run commander later and you think that you're gonna re-pull a\nDaniel Walsh: X86 image and run that no you end up running the command on top of the image that you pull down. If we had a manifest list, then we could change the behavior so that if you did Pull an image for different architecture. You would get put into the manifest list, if you rent to run it and we could run the native, We pull the native one down or just have the native one available so moving to a manifest list by default again.\nDaniel Walsh: Because the world's moved pretty much when darker happened and over the last first, say eight years of container worlds. It was one architecture x86 with, you know, a tiny bit of different architectures in the world and I think over the because of what Apple has done and the rise of arm. Now we're seeing that there's two architectures out there you know better and you know if risky happens or there could be three architectures and so suddenly we'll work living in a world with Supporting multi arch should be the default as opposed to this one often. And that's what that's why I would like to see us move to manifest list as by default.\nBrent Baude: I think the last time that we talked about this, we sort of came to the conclusion that what we'd be talking about here is in rather than an opt-in. This would be an opt out. So that would be the big change is that we would just turn it on. And allow users to opt out of it. As a way to start. Getting people to use it. Kind of like SC Linux.\nBrent Baude: Anything anyone want to comment on this one or honesty, Linux?\nMatt Heon: How seriously is this going to Sorry?\nPaul Holzinger: I can.\nMatt Heon: Go go Ed.\nPaul Holzinger: No, I, I totally support the idea of having manifests because I never understood the current behavior that you just used to take from your native image and then all of the sudden, it's Like no use, I can understand what's happening here. So I I think that that makes much more sense.\nBrent Baude: I don't think they need to understand it either or should have to\nPaul Holzinger: It right, right? That's the thing. Like the current behavior never made sense to me. So,\nBrent Baude: Go ahead, Matt.\nMatt Heon: How seriously is this going to affect? Like I don't think we can change the way. Say Odd man Inspects works on images. Is this going to seriously affect my workflow? If I'm used to only using podman and spec podman history, all the image specific commands. My concern would be that suddenly I start getting different output because it's a manifest list, not an image and\nDaniel Walsh: I think it would just default to the unaid about this would allow us, I believe to always default to the native arch. So if you do a pod,\u2026\nBrent Baude: Correct.\nDaniel Walsh: man, if you do a pod man pulled - platform equals, And then you do a pod, man. Inspect Image. Without the dash dash equals it. You'd get the native format one as opposed to the one.\nMatt Heon: Okay. Yeah.\nDaniel Walsh: That's the goal and\u2026\nMatt Heon: I'm sure.\nDaniel Walsh: I'm making up since we haven't done this and I haven't experimented with it but that was that's the goal.\nBrent Baude: These are just ideas.\nMatt Heon: We're going to blow something up. We're going to make someone very angry because all of a sudden, they're making manifest list that they didn't know even were a thing. But I don't, I agree.\nDaniel Walsh: Yeah. Commitment.\nMatt Heon: That's a good idea and I don't think we can avoid us.\nBrent Baude: What did you say? We're gonna make users, make manifest lists.\n00:40:00\nDaniel Walsh: Right.\nDaniel Walsh: Those that don't know on this call, manufactless is just a JSON file on this. Yeah.\nBrent Baude: Yeah, and I would suggest that we make every bit of effort to hide that. There's a manifest list from people.\nDaniel Walsh: Yeah.\nBrent Baude: unless, People know about it and want to alter specifically the manifest list. I think there's a set of rules. We could kind of come up with that, that would allow for that. Okay, we best move on.\nBrent Baude: The the next one is around this podman machine and the OCI images. This is this is essentially where you can build your own images or we could distribute our images, or epcot's images via something like quick,\nBrent Baude: This is a pretty big advantage for us. It, it also has a few upsides, one of which I listed there, but\nBrent Baude: this is, this could be a potentially breaking visible change in the sense that we're changing how pot Padman machine gets its content So that's why I have it kind of associated with five, but I also the same time we'd be using this. My plan was that we would use this to enforce this. That the version of the client, dictates the version of the guest. And so, if you have a Mac and you're using pie man for eight, you're gonna or rather five, oh, you're gonna get a 50. You're gonna get a 50.\nBrent Baude: Guest operating environment. Inside the machine and if you're at five one, you'll get a five one. This eliminates, our problem of mismatched. Clients and servers so to speak. It's sort of a double whammy.\nDaniel Walsh: it also allows people to lock in, at a specific version, so as we, as we start to go out for\nDaniel Walsh: Enterprise customers. They're going to want to building for. You know. A specific version of the operating system. I want to build on that up that level of the operating system so they can Guarantee that this will work with the podmin for six version of odd men. For instance of say that is five five seven and they want their service are all at five three. Then they can log in and build on a five, three based image.\nBrent Baude: Yeah.\nDaniel Walsh: Test.\nAnders F Bj\xf6rklund: And what is the, what is the difference between this and having a URL for the image?\nBrent Baude: It's the the image is, is different on there. So For example. Today, we pull down a few cow for qmu. In and\u2026\nAnders F Bj\xf6rklund: Yeah.\nBrent Baude: so in the future, we would pull down an OCI image.\nBrent Baude: Not a cute girl.\nAnders F Bj\xf6rklund: Right. But I mean, if you wanted to fix the version, you could do that by providing a custom image to direct. But this would make it easier to host.\nBrent Baude: Yeah, we're\nAnders F Bj\xf6rklund: It doesn't.\nBrent Baude: It would, but we're desperately trying to stay out of the developing our own fedora chorus and having to do things outside of what Fedora chorus, the team offers.\nAnders F Bj\xf6rklund: That was just wondering if there was a benefit if you had a Web server serving images. Today, if there was a benefit of moving it to OCI images in a registry instead.\nBrent Baude: And yeah, I don't know. but the tagging of the, you know, the tagging ability there and how image, registries are organized are Quite beneficial.\nAnders F Bj\xf6rklund: Yeah, and I guess you don't have to maintain two different types of servers would be. A benefit to some.\nBrent Baude: Something like that. Yep.\nDaniel Walsh: You know.\nChristopher Evich: The city and Cdns aspect. This one.\nDaniel Walsh: Right. We'd like to get to a world where all software shipped fear. Image. It's basically image repositories which Are whether they're coming as containers or operating systems.\n00:45:00\nAnders F Bj\xf6rklund: Or packages. Yeah. Yeah.\nBrent Baude: Okay? And the last one you guys have for those that are on the team, you've heard me kick this topic around recently and it's Probably appropriate for for V5 since it theoretically is a change that users would be impacted by. But essentially right now for running Padman machine depending on the hypervisor and the operating system being used, we have to have various services. running, whether it would be traffic forwarding, whether it would be for vsoc, listening, Whether it might be for Vert. Iowa Fest. And so on.\nBrent Baude: VF Kit would be another one. so, we've talked about whether we should continue to have these microservices and try to continue to manage them as such or whether we assimilate. Into a single service with Microservices underneath it. So that's an idea.\nDaniel Walsh: Any comments on any of this, anybody else have ideas of what they would like to see us have in padman 5.\nDaniel Walsh: Good everybody.\nAnders F Bj\xf6rklund: And dance, some of those storage ideas.\nMartin Jackson: It is.\nDaniel Walsh: Go Anders.\nAnders F Bj\xf6rklund: Yeah, so and there was some talk about like IPF storage and similar. I compared to peer storage and so on. I was wondering if any of that is coming to containers image and therefore podman.\nAnders F Bj\xf6rklund: So that you could both split up your your layers into smaller files and then distribute those files. With our peer-to-peer type of registry.\nDaniel Walsh: I guess Valentin or Miller's life, if you thought about that or Giuseppe.\nAnders F Bj\xf6rklund: And also talk on Foster. I might\nMatt Heon: We have none of those people on the call. Dan Unfortunately, Valentin actively early. So I think it's a I think it's a good idea.\nDaniel Walsh: Um, yeah. Yeah, and just The Anders, could we put that in for discussion on the next Meetup? The next one of these, That seems like a decent conversation.\nAnders F Bj\xf6rklund: Yes.\nDaniel Walsh: I'll also move container shell. To the next discussion for those that don't. I've had two meetings in the last week with different customers who are looking to control users on a service. So the idea would be potentially to allow us to customize their environment. Basically imagine logging into a system, getting stuck into a, A container. And that's what I just calling a container shelf and now, but we don't have time for that. Martin, you get to talk my talk.\nMartin Jackson: Okay, sure. I was wondering, you know, with the, the kind of marketing aspect of the major rep whether Quadlet would get promoted from, you know, kind of experimental tech preview to, you know, fully supported and, and get some more marketing around it.\nDaniel Walsh: Yeah yes definitely. Although sometimes we do that that's more of a real thing than a necessarily.\nMartin Jackson: Yeah.\nDaniel Walsh: Yeah you know but yeah definitely quadlet would be police fully supported at that time, matter fact, container shell would be Also looking at extending quadlet to allow use users to define quadlets for users. As opposed to quadrant for system services. So that's\nPaul Holzinger: Speaking. And speaking for upstream, I would say Quadlet is fully supported like we five bucks, we fix bucks. People come in with ideas. So\nMartin Jackson: Oh, I'm using the heck out of quadlet and I love it. You know, I I it is it is one of the coolest things to happen in the pod, man, ecosystem, you know, in my mind like ever, I've got it running game servers, I've got it, running my automatic ripping machine and since we're being recorded, I'm not going to incriminate myself, but, you know, I love it.\n00:50:00\nDaniel Walsh: Good. we got no, we've gotten a lot of nice feedback and now now the idea is to get more of the word out to get People blogging people, it's showing, I would love to have people start to distribute quadlets and saying, This is how I run this service underneath, you know, system D. And as we move to a judge devices, I think quadlet is critical.\nMartin Jackson: I I totally agree with that thought.\nDaniel Walsh: And it's really, really simple. So that's what I think. That's what everybody likes about it.\nDaniel Walsh: So it's Valentin left. We don't have to so valentin's. I'll I'll be the devil's advocate and make myself Valentin. Now he without you is that we never break anybody, he wants He wanted to talk about\nDaniel Walsh: Sort of. Leanestabolus's idea that you never break an application by updating the kernel and i we could argue back and forth, obviously don't want to break people but we also don't want to be Carrying old crafty code for forever. So the for me, it's more about pushing the envelope. So, my concern is that when you don't, Break anybody? You end up with the same code that you had in 2012. So for instance, I pushed updates that have broken people to make things more secure, because some the false picked by darker war were bad. So my concern when we say we never break anybody is that we get stuck.\nDaniel Walsh: You know, just doing stuff the same way as we have for the last 10 years even though they're a better ways like Zstd for storing images and you know, and we have a even secretary too. It's like we get stuck. As he was three one forever. So sort of the Fedora mattress mantra is what I like which is okay. Let's push people to its these these new changes and some people are going to drag drag behind and we try to keep them as happy as possible. But we need to push the the technologies and I think this is partly why Docker was in a relief for three years is because they get stuck in this. And those quandary. So but I agree that both arguments are valid and you know, since a lot of the people in this call are supporting rel for 10 years, we're going to be stuck supporting this stuff for\nDaniel Walsh: You know many many years but I think we can push the upstream a little bit faster to take advantage of new technologies as they come along.\nMatt Heon: It would be an easier sell if we Publicly maintained long-term support branches of V4 for a longer time. I think our upstream position is that V4 is going to go out of support the very moment that V5 comes out. We do have to support it for REL for a while, but that's not really an upstream thing. So maybe we could formally announce upstream support of some degree for a long-term fee for branch just to keep people. Overall, we do the breaking change v5 thing.\nDaniel Walsh: Yeah. But people have to understand that they won't be getting new features. So if on the floor, yeah. Okay,\u2026\nMartin Jackson: I mean I think I think people kind of get that they wouldn't be getting new features with that kind of thing.\nDaniel Walsh: for example.\nMartin Jackson: But In.\nAnders F Bj\xf6rklund: I'm not sure if you seen the Ubuntu support for podman people want a stable version and the latest version at the same time in Debian, stable release. But but I viewed apartments support is not so much kernel, it's more like Python. So you would have Python 2 and I thought that were like Be around forever and then you have a Python 3 that you try to push to people and no one will take it.\nDaniel Walsh: Right. I know it took it until Fedora basically turned off by then too, right? So\nAnders F Bj\xf6rklund: Yeah. And that in a decade past or something. That's your\nTom Sweeney: And just looking at the clock I'm gonna push a little bit to wrap us up here. Matt that you want to say anything about the demo or on bookfix week before you head out.\nMatt Heon: Sure, I can keep this quick. So the Pod Man Core team is going to be doing a bug week for the next week. Not just the podman team builder and Scorpio and everyone else should be involved as well. But as part of this, we are encouraging. Anyone who wants to fix bugs or have bug fixed, please focus. And let us know that you can see or something high priority or even better. Please comment on a book and say I'd like to work on this next week and we will get it assigned to you or try and get a prioritized. And the goal is to guys make books we can fix over the next week and then do some stability releases week after\n00:55:00\nDaniel Walsh: Yeah. So what we work on the next week will be in five man four or five dot one. This is the goal. To put more.\nMatt Heon: Yeah, we'll do a\nChristopher Evich: It might be might be worth putting that invitation out on the mailing list.\nMatt Heon: Yeah, I can send an email.\nTom Sweeney: Okay, great. That word running out of clocks. So I am going to just announce real quickly that we're having our next meeting on May 18th for the Cabal and then June 6th for the community meeting. And I'd like to thank you all for being here. Today, I'm gonna hang up on the recorder.\nTom Sweeney: No recording. Anybody want to say anything other than let's go to lunch?\nTom Sweeney: Or dinner, depending on where you're at.\nTom Sweeney: Right folks, that's it. Thank you so much. Bye.\nAnders F Bj\xf6rklund: Yeah, bye.\nMeeting ended after 00:56:50 \ud83d\udc4b\n\n")))}Ua.isMDXComponent=!0;const Ya={},za="Podman Community Meeting",qa=[{value:"March 2, 2021 11:00 a.m. Eastern (UTC-5)",id:"march-2-2021-1100-am-eastern-utc-5",level:2},{value:"Attendees (35 total)",id:"attendees-35-total",level:3},{value:"Meeting Start: 11:03 a.m.",id:"meeting-start-1103-am",level:2},{value:"BlueJeans Recording",id:"bluejeans-recording",level:3},{value:"Multi-arch capabilities in Podman and Buildah",id:"multi-arch-capabilities-in-podman-and-buildah",level:2},{value:"Dan Walsh",id:"dan-walsh",level:3},{value:"(1:44 in the video)",id:"144-in-the-video",level:4},{value:"podman-py roadmap",id:"podman-py-roadmap",level:2},{value:"Jhon Honce",id:"jhon-honce",level:3},{value:"(13:45 in the video)",id:"1345-in-the-video",level:4},{value:"Podman Packages on Kubic",id:"podman-packages-on-kubic",level:2},{value:"Lokesh Mandvekar",id:"lokesh-mandvekar",level:3},{value:"(23:06 in the video)",id:"2306-in-the-video",level:4},{value:"krunvm demonstration",id:"krunvm-demonstration",level:2},{value:"Sergio Lopez",id:"sergio-lopez",level:3},{value:"(28:35 in the video)",id:"2835-in-the-video",level:4},{value:"Tent demonstration",id:"tent-demonstration",level:2},{value:"Farhan Chowdury",id:"farhan-chowdury",level:3},{value:"(40:56 in the video)",id:"4056-in-the-video",level:4},{value:"Containers Plumbing Conference -",id:"containers-plumbing-conference--",level:2},{value:"Questions?",id:"questions",level:2},{value:"(51:20) in the video)",id:"5120-in-the-video",level:4},{value:"Topics for Next Meeting",id:"topics-for-next-meeting",level:2},{value:"Next Meeting: Tuesday April 6, 2021, 8:00 p.m. Eastern (UTC-4)",id:"next-meeting-tuesday-april-6-2021-800-pm-eastern-utc-4",level:2},{value:"Meeting End: 12:01 p.m. Eastern (UTC-5)",id:"meeting-end-1201-pm-eastern-utc-5",level:3},{value:"Fun Fact:",id:"fun-fact",level:2},{value:"BlueJeans Chat copy/paste:",id:"bluejeans-chat-copypaste",level:2}],Va={toc:qa},Ka="wrapper";function Za(e){let{components:t,...n}=e;return(0,me.kt)(Ka,(0,K.Z)({},Va,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-meeting"},"Podman Community Meeting"),(0,me.kt)("h2",{id:"march-2-2021-1100-am-eastern-utc-5"},"March 2, 2021 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h3",{id:"attendees-35-total"},"Attendees (35 total)"),(0,me.kt)("p",null,"Tom Sweeney, Brent Baude, Jhon Honce, Dan Walsh, Chris Evich, Lokesh Mandvekar, Urvashi Mohnani, Nalin Dahyabhai, Eduardo Santiago, Valentin Rothberg, Giuseppe Scrivano, Miloslav Trmac, Parker Van Roy, Preethi Thomas, Neal Gompa, Matt Heon, Greg Shomo, Dan Walsh, Mayur Shetty, Ed Haynes, Juanje Ojeda, Ashley Cui, Christian Felder, Paul Holzinger, Shion Tanaka, Alex Litvak, Divyansh Kamboj, Marcin Skarbek, Sergio Lopez, James Cassell"),(0,me.kt)("h2",{id:"meeting-start-1103-am"},"Meeting Start: 11:03 a.m."),(0,me.kt)("h3",{id:"bluejeans-recording"},"BlueJeans ",(0,me.kt)("a",{parentName:"h3",href:"https://bluejeans.com/s/w9MNLQGTmf3"},"Recording")),(0,me.kt)("h2",{id:"multi-arch-capabilities-in-podman-and-buildah"},"Multi-arch capabilities in Podman and Buildah"),(0,me.kt)("h3",{id:"dan-walsh"},"Dan Walsh"),(0,me.kt)("h4",{id:"144-in-the-video"},"(1:44 in the video)"),(0,me.kt)("p",null,"Dan started with a demo on multi-arch. Highlited qemu-user-static which is required to be installed. It allows a Linux kernel to run multi-arch under qemu."),(0,me.kt)("p",null,"He showed ",(0,me.kt)("inlineCode",{parentName:"p"},"podman build --pull --manifest myimage /tmp/test")," this created a manifest image with a link to the one he's creating."),(0,me.kt)("p",null,"Then he specified an arch of arm64 ",(0,me.kt)("inlineCode",{parentName:"p"},"podman build --pull --manifest myimage --arch arm64 /tmp/test")," and then s390 ",(0,me.kt)("inlineCode",{parentName:"p"},"podman build --pull --manifest myimage --arch s390 /tmp/test")," and it pulled that architecture version of the image all while being on an x86 machine."),(0,me.kt)("p",null,(0,me.kt)("inlineCode",{parentName:"p"},"podman manifest inspect myimage")," shows it has 3 different images as part of it."),(0,me.kt)("p",null,"Let's you build and manipulate multi-arch images locally or through the tool. It's a new feature as of Podman v3.0."),(0,me.kt)("p",null,"Linux kernel is smart enough to run it under the right architecture due to qemu and a runtime binary loader. Applicable on X86 on a Raspberry Pi."),(0,me.kt)("p",null,"Used UBI for the demo, careful doing in Fedora as it can take a long time, especially in comparision to RHEL."),(0,me.kt)("p",null,"Neal asked if you could build it for multi arch and then push without having to do push by hand for each. Dan pointed out that's what the manifest flag is pointed towards. Currently in ",(0,me.kt)("inlineCode",{parentName:"p"},"buildah bud"),", ",(0,me.kt)("inlineCode",{parentName:"p"},"buildah commit")," and ",(0,me.kt)("inlineCode",{parentName:"p"},"podman build"),". That's all in Podman v3.0 and Buildah v1.19.6"),(0,me.kt)("h2",{id:"podman-py-roadmap"},"podman-py roadmap"),(0,me.kt)("h3",{id:"jhon-honce"},"Jhon Honce"),(0,me.kt)("h4",{id:"1345-in-the-video"},"(13:45 in the video)"),(0,me.kt)("p",null,"Jhon gave a road map of where we're going."),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("a",{parentName:"li",href:"https://github.com/containers/podman-py"},"https://github.com/containers/podman-py")," - Repository\n\u2022 ",(0,me.kt)("a",{parentName:"li",href:"https://docker-py.readthedocs.io/en/stable/"},"https://docker-py.readthedocs.io/en/stable/")," - Document\n\u2022 ",(0,me.kt)("a",{parentName:"li",href:"https://github.com/containers/podman-py/pull/53"},"https://github.com/containers/podman-py/pull/53")," - Committed PR1\n\u2022 ",(0,me.kt)("a",{parentName:"li",href:"https://github.com/containers/podman-py/pull/55"},"https://github.com/containers/podman-py/pull/55")," - In flight PR2")),(0,me.kt)("p",null,"Stubbed out ssh adapter, but not much code yet. If you want to drive pods, you'll be able to do so via calls to libpod from Pyton. Want to emulate success of the Podman API and hope to replicate it for Python too in this project. Will publish to python py (Jhon verify). Targeting Python 3.6 and Podman 3."),(0,me.kt)("p",null,"What's different than using docker-py?\nYou have script that works with pod. docker-py won't give you access to pods, podman-py will. So you'll be able to move docker-py script and then add pod manipulation to it."),(0,me.kt)("p",null,'How does libpod go work from python?\npodman-py communicates with Podman service via RESTful API between python and libpod go code. The URL\'s will in essence have "/libpod" embedded within.'),(0,me.kt)("p",null,"Will unprivileged access be allowed?\nYes, Using systemctl --user configuration."),(0,me.kt)("p",null,"Brent showed doc with more info: ",(0,me.kt)("a",{parentName:"p",href:"https://podman.readthedocs.io/en/latest/_static/api.html"},"https://podman.readthedocs.io/en/latest/_static/api.html")),(0,me.kt)("h2",{id:"podman-packages-on-kubic"},"Podman Packages on Kubic"),(0,me.kt)("h3",{id:"lokesh-mandvekar"},"Lokesh Mandvekar"),(0,me.kt)("h4",{id:"2306-in-the-video"},"(23:06 in the video)"),(0,me.kt)("p",null,"Applies to debian, ubuntu and raspberry. Posted a link:\n",(0,me.kt)("a",{parentName:"p",href:"https://podman.io/blogs/2021/03/02/podman-support-for-older-distros.html"},"https://podman.io/blogs/2021/03/02/podman-support-for-older-distros.html")),(0,me.kt)("p",null,"Podman v3.0 won't be supported on older variants of these distributions."),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"CentOS 8 Kubic repo will be supported only as long as CentOS 8 itself is alive.")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"CentOS Stream Kubic repo will keep going, though I highly recommend you use the packages from the default repos as they are often fairly current and are known to have passed RHEL's gating tests.")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"For Debian 11, I will not enable the Kubic repo as Debian 11 will have podman included in the default repos itself.")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"For Ubuntu, I will enable packages for Ubuntu 21.04 and 21.10 when they release. But, the 22.04 LTS release which is more than a year into the future will have podman in the base repos itself, so the plan for now is to not enable the Kubic repo for 22.04."))),(0,me.kt)("p",null,"If support is needed for older variants, Lokesh will need volunteers to help with that."),(0,me.kt)("p",null,"Packaging on official repo's."),(0,me.kt)("p",null,"Neal suggests turning off Debian Testing and Next/Unstable, he suggests turning them off now for releases that won't be supported."),(0,me.kt)("p",null,"Neal might be able to help with support with Ubuntu LTS in the Kubic repo in some instances."),(0,me.kt)("h2",{id:"krunvm-demonstration"},"krunvm demonstration"),(0,me.kt)("h3",{id:"sergio-lopez"},"Sergio Lopez"),(0,me.kt)("h4",{id:"2835-in-the-video"},"(28:35 in the video)"),(0,me.kt)("p",null,"Dynamic library that enables other programs to easily gain virtulization-based isolation capabilities with a minimum foot print."),(0,me.kt)("p",null,"Sources"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("a",{parentName:"li",href:"https://github.com/containers/libkrun"},"https://github.com/containers/libkrun")),(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("a",{parentName:"li",href:"https://github.com/containers/krunvm"},"https://github.com/containers/krunvm"))),(0,me.kt)("p",null,"COPR repo for Fedora"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("a",{parentName:"li",href:"https://copr.fedorainfracloud.org/coprs/slp/krunvm/"},"https://copr.fedorainfracloud.org/coprs/slp/krunvm/"))),(0,me.kt)("p",null,"Included in openSUSE Virtualization project"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("a",{parentName:"li",href:"https://build.opensuse.org/package/show/Virtualization/krunvm"},"https://build.opensuse.org/package/show/Virtualization/krunvm"))),(0,me.kt)("p",null,"Homebrew Tap for macOS/arm64 (M1-based devices)"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("a",{parentName:"li",href:"https://github.com/slp/homebrew-krun"},"https://github.com/slp/homebrew-krun"))),(0,me.kt)("p",null,"Demo started (29:43)"),(0,me.kt)("p",null,"On ARM Mac, used ",(0,me.kt)("inlineCode",{parentName:"p"},"krunvm create fedora"),".\n",(0,me.kt)("inlineCode",{parentName:"p"},"krunvm start fedora-podman")),(0,me.kt)("p",null,"Changed containers.conf on his linux machine and can now run the container on his Linux box."),(0,me.kt)("p",null,"He then used the podman remote service ",(0,me.kt)("inlineCode",{parentName:"p"},"krunvm changevm fedora-podman -p 55555:55555 -p 8080:80")),(0,me.kt)("p",null,"Then from the container\n'podman --log-level info system service -t -o tcp::55555'"),(0,me.kt)("p",null,"He was then able to run podman commands on the mac in the minivm."),(0,me.kt)("p",null,"Questions:\nCan you share the host filesystem with the minivm?\nYes, using krunvm."),(0,me.kt)("p",null,"Does krunvm support Intel Mac?\nIt does not support Intel Mac currently."),(0,me.kt)("p",null,"Do you plan to put libkrunvm in brew proper?\nHe does, but needs to rework the PR implementing virtio-fs attributes support in Buildah. After that's complete, he's going to try to get it accepted in brew."),(0,me.kt)("p",null,"Dan discussed that the Podman Mac effort is to do brew install podman and then ask if you want a vm to run it on. Krunvm might be a part of that solution. End goal to just do ",(0,me.kt)("inlineCode",{parentName:"p"},"podman run ...")),(0,me.kt)("h2",{id:"tent-demonstration"},"Tent demonstration"),(0,me.kt)("h3",{id:"farhan-chowdury"},"Farhan Chowdury"),(0,me.kt)("h4",{id:"4056-in-the-video"},"(40:56 in the video)"),(0,me.kt)("p",null,"Tent a development only dependency manager"),(0,me.kt)("p",null,"Solves:\nCumbersome install process\nUnavailability in a certain platform\nConflicts between multiple versions."),(0,me.kt)("p",null,"Demo (42:10)"),(0,me.kt)("p",null,"Showed ",(0,me.kt)("inlineCode",{parentName:"p"},"tent start mysql")),(0,me.kt)("p",null,"It created a mysql server on the system. He set up a sql server in the container. Now the server can be used as if mysql was installed on the system."),(0,me.kt)("p",null,"With tent you can stop/start your services."),(0,me.kt)("p",null,"Future Plans:\nFix Bugs\nAdd More services\nRefactor the code base\nImprove ovall user experience."),(0,me.kt)("p",null,"Is there a way to run systemd now? No.\nDoes this run as root or rootless? It runs as rootless only at this point."),(0,me.kt)("p",null,"Link to the slides - ",(0,me.kt)("a",{parentName:"p",href:"https://docs.google.com/presentation/d/1BRQET4UkPyPBrhSpJuFoYzLYZe1CfLI6bmhzlEcmWcY/edit?usp=sharing"},"https://docs.google.com/presentation/d/1BRQET4UkPyPBrhSpJuFoYzLYZe1CfLI6bmhzlEcmWcY/edit?usp=sharing"),"\nLink to the repo - ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/fhsinchy/tent"},"https://github.com/fhsinchy/tent")),(0,me.kt)("h2",{id:"containers-plumbing-conference--"},"Containers Plumbing Conference -"),(0,me.kt)("p",null,"March 9/10, 9:30 a.m. to 2:00 p.m. Eastern (UTC -4) Free to attend, register here: ",(0,me.kt)("a",{parentName:"p",href:"https://containerplumbing.org/"},"https://containerplumbing.org/")),(0,me.kt)("h2",{id:"questions"},"Questions?"),(0,me.kt)("h4",{id:"5120-in-the-video"},"(51:20) in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Go module issue discovered by Farhan. go.mod target for Podman is requiring a full name. Matt Heon noted it is fixed in Podman v3.0.2."),(0,me.kt)("li",{parentName:"ol"},"How to tell which version of Buildah is in Podman? Yes in ",(0,me.kt)("inlineCode",{parentName:"li"},"podman info"),", also included in API headers for /version endpoint")),(0,me.kt)("h2",{id:"topics-for-next-meeting"},"Topics for Next Meeting"),(0,me.kt)("h2",{id:"next-meeting-tuesday-april-6-2021-800-pm-eastern-utc-4"},"Next Meeting: Tuesday April 6, 2021, 8:00 p.m. Eastern (UTC-4)"),(0,me.kt)("h3",{id:"meeting-end-1201-pm-eastern-utc-5"},"Meeting End: 12:01 p.m. Eastern (UTC-5)"),(0,me.kt)("h2",{id:"fun-fact"},"Fun Fact:"),(0,me.kt)("p",null,'The initial name for the Ford Mustang, "Mustang" was rejected initially as the tie in for the name was the WWII P-51 Mustang fighter plane. The designer, John Najjar, re-pitched the name "Mustang" later, but this time with a tie in to Horses. The second pitch was accepted.'),(0,me.kt)("h2",{id:"bluejeans-chat-copypaste"},"BlueJeans Chat copy/paste:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Me10:53 AM\nPlease sign in and ask questions in hackmd: https://hackmd.io/fc1zraYdS0-klJ2KJcfC7w?both\nNeal Gompa11:00 AM\nhey all! :D\nSergio Lopez Pascual11:05 AM\nI'm here :-)\nNeal Gompa11:06 AM\nyay, multiarch through qemu :D\nJames Cassell11:10 AM\n3.0 also broke rootless overlay mounts...\nMatt Heon11:10 AM\nEh? Is there a bug for that?\nFirst I've heard of this\nJames Cassell11:11 AM\nI didn't see one in podman, but asked in #podman this morning... maybe it exists in buildah, searching now.\nJuanje Ojeda11:13 AM\nWe use this (with Buildah) quite a lot at the project CKI. We build a lot of multi-arch images.\nWe love it :-)\nMatt Heon11:14 AM\n@James - if you can't find one on Buildah please open a new one\njhonce11:17 AM\nhttps://github.com/containers/podman-py\njhonce11:21 AM\n\u2022 https://docker-py.readthedocs.io/en/stable/\n\u2022 https://github.com/containers/podman-py/pull/53\n\u2022 https://github.com/containers/podman-py/pull/55\nBrent Baude11:24 AM\nhttps://podman.readthedocs.io/en/latest/_static/api.html\n^^ i think this sort of illuminates what Jhon is saying\nnote compat buckets\nLokesh Mandvekar11:26 AM\nhttps://podman.io/blogs/2021/03/02/podman-support-for-older-distros.html\nBrent Baude11:26 AM\nalso noteworthy, your milage may vary using docker-py rootless\nJames Cassell11:34 AM\nWSL2 for Mac?\nLudo C.11:38 AM\nis there is a way to share host filesystem with the mini vm ?\nShion Tanaka11:39 AM\nDoes krunvm support Intel Mac?\nLudo C.11:41 AM\nthat's great, thanks\nAshley Cui11:42 AM\nOh I'm here\nMe11:42 AM\nyeah!\nLudo C.11:44 AM\nI find it great for Linux to have a better isolation, I will definitely try it out\nBrent Baude11:46 AM\n@sergio, do you plan to put libkrun in brew proper?\nSergio Lopez Pascual11:50 AM\n@brent I do. I need to rework the PR implementing virtio-fs attributes support in buildah, but afterwards I'll try to get libkrun/krunvm accepted.\nChristian Felder11:50 AM\nis there a way to generate systemd services for your tents?\ndo you use the current user running the containers or how do you distinguish root-/-less?\nChristian Felder11:52 AM\nthanks\njhonce11:53 AM\nCool stuff!\nNeal Gompa11:53 AM\nnice!\nBrent Baude11:55 AM\n@sergio, can you stick behind so you and I can talk a little\nSergio Lopez Pascual11:55 AM\n@brent sure\nNeal Gompa11:56 AM\nanyway folks, thanks for all this\nShion Tanaka11:56 AM\n@sergio Thanks for the answer about Intel Mac!\nNeal Gompa11:56 AM\nI gotta go now!\nbut thanks :D\nLokesh Mandvekar11:56 AM\nthanks Neal\nNeal Gompa11:57 AM\nLokesh, we should talk offline at some point about the Kubic stuff\nLokesh Mandvekar11:57 AM\nsure thing!\nGreg Shomo (NU)11:59 AM\nhttps://containerplumbing.org/schedule\nDan Walsh11:59 AM\nhttps://containerplumbing.org/\nLudo C.11:59 AM\nI'm in :)\nBrent Baude12:00 PM\ndan, please stick around\nMe12:00 PM\nFun Fact: The initial name for the Ford Mustang, \"Mustang\" was rejected initially as the tie in for the name was the WWII P-51 Mustang fighter plane. The designer, John Najjar, re-pitched the name \"Mustang\" later, but this time with a tie in to Horses. The second pitch was accepted.\nChristian Felder12:01 PM\nThanks. Have a nice day. Bye\nEd Santiago12:01 PM\nthank you! nice work!\nLudo C.12:01 PM\nThanks, bye !\nMarcin12:03 PM\nIs switching runc/curn with krunvm to run each container in separate vm wouldn't be better than using single vm and run podman on it?\nGreg Shomo (NU)12:10 PM\nthank you, everyone, for your time && have a good one !\nMe12:14 PM\n@Matt Heon, I opened the buildah bug for broken rootless overlay mounts since podman 3.0 and buildah 1.19 https://github.com/containers/buildah/issues/3051\nSergio Lopez Pascual12:18 PM\nhttps://github.com/containers/libkrun/blob/main/examples/chroot_vm.c\n\n")))}Za.isMDXComponent=!0;const Qa={},_a="Podman Community Meeting",Xa=[{value:"August 3, 2021 11:00 a.m. Eastern (UTC-4)",id:"august-3-2021-1100-am-eastern-utc-4",level:2},{value:"Attendees (22 total)",id:"attendees-22-total",level:3},{value:"Meeting Start: 11:03 a.m.",id:"meeting-start-1103-am",level:2},{value:"BlueJeans Recording",id:"bluejeans-recording",level:3},{value:"General Announcements",id:"general-announcements",level:2},{value:"Tom Sweeney",id:"tom-sweeney",level:3},{value:"Demo: podman run --requires",id:"demo-podman-run---requires",level:2},{value:"Matt Heon",id:"matt-heon",level:3},{value:"(2:30 in the video)",id:"230-in-the-video",level:4},{value:"Demo: podman image scp",id:"demo-podman-image-scp",level:2},{value:"Charlie Doern",id:"charlie-doern",level:3},{value:"(6:57 in the video)",id:"657-in-the-video",level:4},{value:"Rootless Docker Compose Status",id:"rootless-docker-compose-status",level:2},{value:"Paul Holzinger",id:"paul-holzinger",level:3},{value:"(17:20 in the video)",id:"1720-in-the-video",level:4},{value:"Demo: podman secrets --env",id:"demo-podman-secrets---env",level:2},{value:"Ashley Cui",id:"ashley-cui",level:3},{value:"(22:34 in the video)",id:"2234-in-the-video",level:4},{value:"Demos:",id:"demos",level:2},{value:"Rootless Podman with rootless overlay",id:"rootless-podman-with-rootless-overlay",level:3},{value:"podman run --group-add",id:"podman-run---group-add",level:3},{value:"podman /etc/hosts, host.containers.internal support",id:"podman-etchosts-hostcontainersinternal-support",level:3},{value:"Dan Walsh",id:"dan-walsh",level:3},{value:"(25:40 in the video)",id:"2540-in-the-video",level:4},{value:"Rootless podman with rootless overlay",id:"rootless-podman-with-rootless-overlay-1",level:5},{value:"podman run group-add",id:"podman-run-group-add",level:5},{value:"podman /etc/hosts, host.containers.internal support",id:"podman-etchosts-hostcontainersinternal-support-1",level:5},{value:"Questions?",id:"questions",level:2},{value:"(35:10) in the video)",id:"3510-in-the-video",level:4},{value:"Topics for Next Meeting",id:"topics-for-next-meeting",level:2},{value:"Next Meeting: Tuesday September 7, 2021, 11:00 a.m. Eastern (UTC-4)",id:"next-meeting-tuesday-september-7-2021-1100-am-eastern-utc-4",level:2},{value:"Next Cabal Meeting: Thursday August 19, 2021, 10:00 a.m. Eastern (UTC-4)",id:"next-cabal-meeting-thursday-august-19-2021-1000-am-eastern-utc-4",level:2},{value:"Meeting End: 11:43 a.m. Eastern (UTC-4)",id:"meeting-end-1143-am-eastern-utc-4",level:3},{value:"BlueJeans Chat copy/paste:",id:"bluejeans-chat-copypaste",level:2}],$a={toc:Xa},eo="wrapper";function to(e){let{components:t,...n}=e;return(0,me.kt)(eo,(0,K.Z)({},$a,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-meeting"},"Podman Community Meeting"),(0,me.kt)("h2",{id:"august-3-2021-1100-am-eastern-utc-4"},"August 3, 2021 11:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h3",{id:"attendees-22-total"},"Attendees (22 total)"),(0,me.kt)("p",null,"Tom Sweeney, Brent Baude, Jhon Honce, Dan Walsh, Chris Evich, Urvashi Mohnani, Nalin Dahyabhai, Eduardo Santiago, Matt Heon, Ashley Cui, Paul Holzinger, Erik Bernoth, Charlie Doern, Chris Evich, Greg Shomo, Scott McCarty, Anders Bj\xf6rklund, Lokesh Mandvekar"),(0,me.kt)("h2",{id:"meeting-start-1103-am"},"Meeting Start: 11:03 a.m."),(0,me.kt)("h3",{id:"bluejeans-recording"},"BlueJeans ",(0,me.kt)("a",{parentName:"h3",href:"https://bluejeans.com/s/KyZqj8gBg1E"},"Recording")),(0,me.kt)("h2",{id:"general-announcements"},"General Announcements"),(0,me.kt)("h3",{id:"tom-sweeney"},"Tom Sweeney"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Twitter Handles: ",(0,me.kt)("a",{parentName:"li",href:"https://twitter.com/Podman_io"},"@Podman_io"),", ",(0,me.kt)("a",{parentName:"li",href:"https://twitter.com/Buildah_io"},"@Buildah_io"))),(0,me.kt)("h2",{id:"demo-podman-run---requires"},"Demo: ",(0,me.kt)("inlineCode",{parentName:"h2"},"podman run --requires")),(0,me.kt)("h3",{id:"matt-heon"},"Matt Heon"),(0,me.kt)("h4",{id:"230-in-the-video"},"(2:30 in the video)"),(0,me.kt)("p",null,"Demo (started at 2:40)"),(0,me.kt)("p",null,"Containers can now start other related containers. This has been available prior, but now you can specify it yourself starting in Podman v3.3.0"),(0,me.kt)("p",null,"Add requires flag to ",(0,me.kt)("inlineCode",{parentName:"p"},"podman run")," command and specify another container (test1) and it started that container when (test2) started."),(0,me.kt)("p",null,"This only works for starting, it does not apply to stop. You can't rm one container without rm'ing the other."),(0,me.kt)("p",null,"Asciinema of demo can be found at ",(0,me.kt)("a",{parentName:"p",href:"https://asciinema.org/a/EBeup6xO8UDeGYYbPEYxxP3xN"},"here"),"."),(0,me.kt)("h2",{id:"demo-podman-image-scp"},"Demo: ",(0,me.kt)("inlineCode",{parentName:"h2"},"podman image scp")),(0,me.kt)("h3",{id:"charlie-doern"},"Charlie Doern"),(0,me.kt)("h4",{id:"657-in-the-video"},"(6:57 in the video)"),(0,me.kt)("p",null,"Use scp within the ",(0,me.kt)("inlineCode",{parentName:"p"},"podman image")," command to copy the image to a remote machine. It can also be used to copy from a remote host to another remote host."),(0,me.kt)("p",null,"Demo (started at 7:30)"),(0,me.kt)("p",null,"Showed the scp in action to the machine fed."),(0,me.kt)("p",null,"He then showed how to pull an image from a remote machine and loading it onto the local machine. It allows copying to or from. This can also work from remote to remote."),(0,me.kt)("p",null,"Being able to copy from root to local is something that's not working now, but being worked."),(0,me.kt)("p",null,(0,me.kt)("a",{parentName:"p",href:"https://asciinema.org/a/RuOweVQ7g4elLSyiPVS09uAxk"},"First asciinema demo")),(0,me.kt)("p",null,"Charlie then showed how to use ssh like targets, and then showed an invalid connection."),(0,me.kt)("p",null,(0,me.kt)("a",{parentName:"p",href:"https://asciinema.org/a/9pinVx16gUjlrdLN5ZEmoR6SZ"},"Second asciinema demo")),(0,me.kt)("p",null,"The double colon is needed for parsing, the code knows you're not using a tag. Should help with the readablity too."),(0,me.kt)("h2",{id:"rootless-docker-compose-status"},"Rootless Docker Compose Status"),(0,me.kt)("h3",{id:"paul-holzinger"},"Paul Holzinger"),(0,me.kt)("h4",{id:"1720-in-the-video"},"(17:20 in the video)"),(0,me.kt)("p",null,"Paul showed a series of Docker Compose commands that created a wordpress window. When connecting to a port, a rootless used can not use port 80, so port 8080 had to be specified."),(0,me.kt)("p",null,"Start and enable the podman user socket:\n",(0,me.kt)("inlineCode",{parentName:"p"},"systemctl --user enable --now podman.socket")),(0,me.kt)("p",null,"Export the ",(0,me.kt)("inlineCode",{parentName:"p"},"DOCKER_HOST")," environment variable to make sure docker-compose connects to the right socket:\n",(0,me.kt)("inlineCode",{parentName:"p"},"export DOCKER_HOST=unix://$XDG_RUNTIME_DIR/podman/podman.sock")),(0,me.kt)("p",null,"Run docker-compose up in a directory with a docker-compose.yaml file.\nThe docker-compose.yaml file used in the video:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"version: '3.7'\nservices:\n db:\n image: mysql:8.0.19\n command: '--default-authentication-plugin=mysql_native_password'\n volumes:\n - db_data:/var/lib/mysql\n restart: always\n environment:\n - MYSQL_ROOT_PASSWORD=somewordpress\n - MYSQL_DATABASE=wordpress\n - MYSQL_USER=wordpress\n - MYSQL_PASSWORD=wordpress\n expose:\n - 3306\n - 33060\n wordpress:\n image: wordpress:latest\n ports:\n - 8080:80\n restart: always\n environment:\n - WORDPRESS_DB_HOST=db\n - WORDPRESS_DB_USER=wordpress\n - WORDPRESS_DB_PASSWORD=wordpress\n - WORDPRESS_DB_NAME=wordpress\nvolumes:\n db_data:\n")),(0,me.kt)("p",null,"Make sure to use a port of 1024 or higher. Rootless users are not allowed to bind ports below 1024 by default. Now run ",(0,me.kt)("inlineCode",{parentName:"p"},"docker-compose up -d"),"."),(0,me.kt)("p",null,"To connect with curl to a running rootles container directly via ip, you need the ",(0,me.kt)("inlineCode",{parentName:"p"},"podman unshare --rootless-cni")," command and then it will work."),(0,me.kt)("h2",{id:"demo-podman-secrets---env"},"Demo: ",(0,me.kt)("inlineCode",{parentName:"h2"},"podman secrets --env")),(0,me.kt)("h3",{id:"ashley-cui"},"Ashley Cui"),(0,me.kt)("h4",{id:"2234-in-the-video"},"(22:34 in the video)"),(0,me.kt)("p",null,"Demo (started at 22:40)"),(0,me.kt)("p",null,"You can change uid, gid and mode of the secret. She created an envvar and then was able to use it. With the env option, you can get to the variable's value. It's created during creation time of the container. You can use the secret as an environment variable inside of the container. If you update the envar locally, it won't be shared."),(0,me.kt)("p",null,"The secret won't be saved to the image, it is only in the container. The value of the environment variable is saved within the container when the container is created rather than when it ran."),(0,me.kt)("h2",{id:"demos"},"Demos:"),(0,me.kt)("h3",{id:"rootless-podman-with-rootless-overlay"},"Rootless Podman with rootless overlay"),(0,me.kt)("h3",{id:"podman-run---group-add"},(0,me.kt)("inlineCode",{parentName:"h3"},"podman run --group-add")),(0,me.kt)("h3",{id:"podman-etchosts-hostcontainersinternal-support"},"podman /etc/hosts, host.containers.internal support"),(0,me.kt)("h3",{id:"dan-walsh"},"Dan Walsh"),(0,me.kt)("h4",{id:"2540-in-the-video"},"(25:40 in the video)"),(0,me.kt)("p",null,"Demo (started at 25:57)"),(0,me.kt)("h5",{id:"rootless-podman-with-rootless-overlay-1"},"Rootless podman with rootless overlay"),(0,me.kt)("p",null,'Showed how to use overlay, which is helpful as fuse-overlayfs has a lot of overhead. This is a big "quiet" feature that people probably won\'t notice.'),(0,me.kt)("h5",{id:"podman-run-group-add"},"podman run group-add"),(0,me.kt)("p",null,"Issues arised with suplemental group ids. If you created a container and tried to look at a directory with these gids, you'd get an access error."),(0,me.kt)("p",null,"How to share the content then? By default, containers drop all groups before you run them as a security precaution. When a rootless container is run, the groups are dropped for security reasons. Now you can add the groups you need with ",(0,me.kt)("inlineCode",{parentName:"p"},"podman run --group-add=keep-groups")," which copies the groups from the host into the container, but giving access only within the container."),(0,me.kt)("h5",{id:"podman-etchosts-hostcontainersinternal-support-1"},"podman /etc/hosts, host.containers.internal support"),(0,me.kt)("p",null,"A new flag, host.containers.internal, allows you to set up an entry in /etc/hosts that gives you the ip address of the host within the containers in the /etc/hosts file in the container."),(0,me.kt)("h2",{id:"questions"},"Questions?"),(0,me.kt)("h4",{id:"3510-in-the-video"},"(35:10) in the video)"),(0,me.kt)("p",null,"No questions or topics. Tom asked Matt to talk about Podman v3.3."),(0,me.kt)("p",null,"Podman v3.3 rc1 early release no release notes yet. Final realease in mid to late August. Main branch is now at Podman 4.0. Podman 4.0 to be out at in Fedora 35 at the earliest."),(0,me.kt)("h2",{id:"topics-for-next-meeting"},"Topics for Next Meeting"),(0,me.kt)("h2",{id:"next-meeting-tuesday-september-7-2021-1100-am-eastern-utc-4"},"Next Meeting: Tuesday September 7, 2021, 11:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h2",{id:"next-cabal-meeting-thursday-august-19-2021-1000-am-eastern-utc-4"},"Next Cabal Meeting: Thursday August 19, 2021, 10:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h3",{id:"meeting-end-1143-am-eastern-utc-4"},"Meeting End: 11:43 a.m. Eastern (UTC-4)"),(0,me.kt)("h2",{id:"bluejeans-chat-copypaste"},"BlueJeans Chat copy/paste:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Tom Sweeney 10:58\nWelcome! Please sign in on HackMD: https://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\n\nbaude 11:10 AM\n@mheon, does that work in pods?\n\nMatt Heon 11:14 AM\nYep. Works on any container, in or out of a pod\n\nGreg Shomo (NU) 11:42 AM\ngood to see everyeon && have a good one !\n\nErik Bernoth 11:58 AM\nI'm out, see you next time!\n\nLokesh Mandvekar 12:04 PM\nI gott bounce, later...\n")))}to.isMDXComponent=!0;const no={},ao="Podman Community Cabal Notes",oo=[{value:"October 21, 2021 11:00 a.m. Eastern",id:"october-21-2021-1100-am-eastern",level:2},{value:"October 21, 2021 Topics",id:"october-21-2021-topics",level:2},{value:"Meeting Notes",id:"meeting-notes",level:3},{value:"Podman System Monitor for Mac ( 1:30 in video)",id:"podman-system-monitor-for-mac--130-in-video",level:3},{value:"Podman netavark - Brent Baude (18:15 in video)",id:"podman-netavark---brent-baude-1815-in-video",level:3},{value:"quadlet - Alex Larsson(25:41 in video)",id:"quadlet---alex-larsson2541-in-video",level:3},{value:"ARM Testing Thoughts - Urvashi/Preethi (40:31 in video)",id:"arm-testing-thoughts---urvashipreethi-4031-in-video",level:3},{value:"CI testing for Podman Docs if stored in a separate repo - Tom (42:37 in video)",id:"ci-testing-for-podman-docs-if-stored-in-a-separate-repo---tom-4237-in-video",level:3},{value:"Open discussion (49:26 in video)",id:"open-discussion-4926-in-video",level:4},{value:"Next Meeting: Thursday November 18, 2021 11:00 a.m. EDT (UTC-5)",id:"next-meeting-thursday-november-18-2021-1100-am-edt-utc-5",level:3},{value:"Possible Topics:",id:"possible-topics",level:3}],io={toc:oo},so="wrapper";function ro(e){let{components:t,...n}=e;return(0,me.kt)(so,(0,K.Z)({},io,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-cabal-notes"},"Podman Community Cabal Notes"),(0,me.kt)("p",null,"Attendees: Tom Sweeney, Matt Heon, Brent Baude, Ashley Cui, Alex Larsson, Preethi Thomas, Urvashi Mohnani, Marcin Skarbek, Eduardo Santiago, Giuseppe Scrivano, Nalin Dahyabhai, Paul Holzinger, Anders Bj\xf6rklund, Dan Mack, Dan Walsh, Holger Gantikow, Leon N, Marcin Skarbek, Mehul Arora, Max, Paul Holzinger."),(0,me.kt)("h2",{id:"october-21-2021-1100-am-eastern"},"October 21, 2021 11:00 a.m. Eastern"),(0,me.kt)("h2",{id:"october-21-2021-topics"},"October 21, 2021 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Netavark - Matt Heon and Brent Baude"),(0,me.kt)("li",{parentName:"ol"},"Podman System Monitor for MAC - Ashley Cui and Brent Baude"),(0,me.kt)("li",{parentName:"ol"},"quadlet - Alex Larsson"),(0,me.kt)("li",{parentName:"ol"},"ARM Testing Thoughts - Preethi Thomas and Urvashi Mohnani"),(0,me.kt)("li",{parentName:"ol"},"CI testing for Podman Docs if stored on a separate repo - Tom Sweeney")),(0,me.kt)("h3",{id:"meeting-notes"},"Meeting Notes"),(0,me.kt)("p",null,"Video ",(0,me.kt)("a",{parentName:"p",href:"https://drive.google.com/drive/folders/1pDCsZFj0yDobe4OxPqAzitECGL6O0KMY"},"Recording"),"\nMeeting start: 10:04 a.m. Thursday, October 21, 2021"),(0,me.kt)("h3",{id:"podman-system-monitor-for-mac--130-in-video"},"Podman System Monitor for Mac ( 1:30 in video)"),(0,me.kt)("p",null,"Ashley showed mockups of a number of possible screens for Mac GUI. She mocked up an update, and this is not decided upon yet. This will control the VM on the Mac that Podman runs in."),(0,me.kt)("p",null,"She is thinking about having a link between this and the cockpit. This is just to manage the VM, not containers. The Gui would launch Cockpit in a browser, and then you could do container commands from the cockpit web interface."),(0,me.kt)("p",null,"It will be built for Mac look/feel. Linux and Windows designs are still up in the air."),(0,me.kt)("p",null,"Brent asked if anything was missing, no bites."),(0,me.kt)("p",null,"There is not yet an ssh button, but it could be added."),(0,me.kt)("p",null,"We've been talking about socket mapping from the VM into the host. She is leaning towards having an option to do so on start. A Boolean to leak a socket, and it would leak the default socket that Podman would define. A message would be sent to output noting the socket use."),(0,me.kt)("p",null,"An issue currently with password passing is being worked on. Possibly create a link and then pass the password. Something like: ",(0,me.kt)("a",{parentName:"p",href:"https://getcockpit.com/documentation/api/cockpit"},"https://getcockpit.com/documentation/api/cockpit"),". We are also looking into volume mount PRs."),(0,me.kt)("h3",{id:"podman-netavark---brent-baude-1815-in-video"},"Podman netavark - Brent Baude (18:15 in video)"),(0,me.kt)("p",null,"Rust implementation to replace CNI networking. A bunch of work was done, but not yet in Podman's GitHub. Looking at designing from the ground up to capture what was there, add user requests, and make it faster overall. About six weeks into development. In RUST ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/netavark"},"https://github.com/containers/netavark"),"."),(0,me.kt)("p",null,"Will this handle VPN? No plans at present, a good thought, but currently focusing on basics. Working on firewall at the moment."),(0,me.kt)("p",null,"passt (plug a simple socket transport) link for information from Marcin: ",(0,me.kt)("a",{parentName:"p",href:"https://passt.top/passt/about/"},"https://passt.top/passt/about/")),(0,me.kt)("p",null,"RUST being used for this, thoughts were binary size, speed, availability of libraries."),(0,me.kt)("h3",{id:"quadlet---alex-larsson2541-in-video"},"quadlet - Alex Larsson(25:41 in video)"),(0,me.kt)("p",null,"quadlet is a pun on kubelet. It's a systemd generator for things like fstab1. This has a customer systemd unit file. The project lives at: ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/quadlet/"},"https://github.com/containers/quadlet/")),(0,me.kt)("p",null,"Demo: (26:28 in video)"),(0,me.kt)("p",null,"Easier for a system administrator to maintain and use. Uses crun and split cgroup. It always has /dev/init, standardized names, integrates with sdnotify, journald, and various security setups."),(0,me.kt)("p",null,"The code is a C project that is living here:"),(0,me.kt)("p",null,"Can/should this be part of Podman? Dan thinks it could be a subproject of Podman that comes as part and parcel. There is podman-systemd-generate, which is great for advanced users; quadlet is suitable for users with less systemd experience."),(0,me.kt)("p",null,"It's a way to specify how a system runs. Dan would like to see auto-updates happen in containers via quadlet."),(0,me.kt)("p",null,"Blog post with more information: ",(0,me.kt)("a",{parentName:"p",href:"https://blogs.gnome.org/alexl/2021/10/12/quadlet-an-easier-way-to-run-system-containers/"},"https://blogs.gnome.org/alexl/2021/10/12/quadlet-an-easier-way-to-run-system-containers/")),(0,me.kt)("p",null,"A question on what could or could not be in the init file. So if you create a foo.container, it would create a foo.service for instance."),(0,me.kt)("h3",{id:"arm-testing-thoughts---urvashipreethi-4031-in-video"},"ARM Testing Thoughts - Urvashi/Preethi (40:31 in video)"),(0,me.kt)("p",null,"We're looking into testing for upstream for ARM, and we\u2019d like to do it when a PR is opened. We're looking for suggestions. Does anyone have pointers to this? Any experience in setting up ARM support for the CI? Cirrus which were' using now, only uses GCP, but ARM is not supported there."),(0,me.kt)("h3",{id:"ci-testing-for-podman-docs-if-stored-in-a-separate-repo---tom-4237-in-video"},"CI testing for Podman Docs if stored in a separate repo - Tom (42:37 in video)"),(0,me.kt)("p",null,"We are thinking about moving the Podman man pages to a new repo. This way to lessen the barrier of entry for folks who have small man page changes or are more doc focused and not heavy GitHub users. i.e. test requirements, signing requirements, git knowledge, etc."),(0,me.kt)("p",null,"Dan's concern is if you have a new option, you'd break bot CI's on both projects unless you did the PR's simultaneously."),(0,me.kt)("p",null,"Web UI might be used for the docs. But still, have a convention."),(0,me.kt)("p",null,"Dan/Valentin against moving the man pages, as it would create more work for users."),(0,me.kt)("p",null,"Signing might not be required for docs. Brent thought there was a way to avoid the DCO from the web browser as you were already signed in. I.e., auto-sign in if you were coming in from the web."),(0,me.kt)("h4",{id:"open-discussion-4926-in-video"},"Open discussion (49:26 in video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},'Is there value in categorizing content in the blogs that have been posted? Would a Yahoo like categorization of "how-tos", networking, macs, container-in-container, etc. It would be nice to have a categorization of topics in links.')),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Would like to add a ZFS driver without having to rebuild Podman. Something that is pluggable. Docker has something like this now."))),(0,me.kt)("h3",{id:"next-meeting-thursday-november-18-2021-1100-am-edt-utc-5"},"Next Meeting: Thursday November 18, 2021 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h3",{id:"possible-topics"},"Possible Topics:"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Podman.io redesign - Mairin")),(0,me.kt)("p",null,"Raw BlueJeans:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},'Leon N\n9:53 AM\nHey Hi, Good Morning\nSorry No mic at my end\nYou\n10:00 AM\nPlease sign in at the Attendees section in hackmd, https://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nYou\n10:05 AM\nhackmd: https://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nAnders F Bj\xf6rklund\n10:11 AM\ndid you have a "ssh" button ?\nAnders F Bj\xf6rklund\n10:13 AM\notherwise the only fancy thing I added to the Qt PoC was showing the OS version of the VM\nAshley Cui\n10:14 AM\nAnders: Good idea! I think I can fit that in the currently running info\nLeon N\n10:20 AM\nIs there any API that could generate a one-time link or something?\nfor cockpit I mean\nAnders F Bj\xf6rklund\n10:20 AM\nsure thing, just at the office again\nwill find a room :-)\nLeon N\n10:21 AM\nSomething like https://getcockpit.com/documentation/api/cockpit\nAnders F Bj\xf6rklund\n10:22 AM\ndo you guys miss your shared cubicles\nnoice cancelling just go listen in\nBrent Baude\n10:22 AM\nhttps://github.com/containers/netavark\nMarcin Skarbek\n10:24 AM\nRegarding networking, I have found recently passta - https://passt.top/passt/about/\nMax \n10:24 AM\nany plans to include VPN stacks? Was recently asking about Wireguard on the mailing list\nMarcin Skarbek\n10:25 AM\nInteresting idea that looks promising\nMax \n10:26 AM\ncheers\nMarcin Skarbek\n10:26 AM\nWireguard at least at start\nWould be very appreciated\nAlexander Larsson\n10:27 AM\nAny particular reason for picking rust?\nBrent Baude\n10:27 AM\nbinary size, speed, availability of creates (libraries)\nMatt Heon\n10:27 AM\nAnd we wanted to :-)\nAnders F Bj\xf6rklund\n10:28 AM\nstand out from the container crowd ?\n(which seems to be mostly go)\nAlexander Larsson\n10:38 AM\nhttps://blogs.gnome.org/alexl/2021/10/12/quadlet-an-easier-way-to-run-system-containers/\nAnders F Bj\xf6rklund\n10:46 AM\nI earlier suggested Raspberry Pi (for ARM), bu t only works if you run it "on-prem" (on desk)\nLeon N\n10:50 AM\nI\'m not sure but is the team looking for something like this?\nhttps://developer.arm.com/solutions/infrastructure/developer-resources/ci-cd\n\nSome people do run those arm clusters too but yeah like Anders said its on-prem\nAnders F Bj\xf6rklund\n10:51 AM\nOtherwise we had lots of fun with Equnix Metal and the bare metal arm servers\nUrvashi Mohnani\n10:52 AM\nThanks, will take a look\nAlexander Larsson\n10:54 AM\nFlatpak got donated huge arm servers from cncf. Might want to ask them.\nMax \n10:54 AM\nwould be helpful\nMehul Arora\n10:54 AM\ndefinitely worth\nBrent Baude\n10:55 AM\n@tom ? -> https://github.com/scottrigby/dco-gh-ui\nAlexander Larsson\n10:56 AM\ngotta go\nMehul Arora\n10:56 AM\ndid anyone check the new theme i suggested for the docs?\noh so should i open a PR for that?\nokay yeah ill do that\nAnders F Bj\xf6rklund\n11:00 AM\nWould CSI be an option ?\nMarcin Skarbek\n11:00 AM\nok\nDan Mack\n11:00 AM\nthanks all\nieq-pxhy-jbh\n')))}ro.isMDXComponent=!0;const lo={},ho="Podman Community Cabal Meeting Notes",uo=[{value:"January 20, 2022 11:00 a.m. Eastern",id:"january-20-2022-1100-am-eastern",level:2},{value:"January 20, 2022 Topics",id:"january-20-2022-topics",level:2},{value:"Meeting Notes",id:"meeting-notes",level:3},{value:"Volume Storage on a Mac (1:15 in video) - Brent/Ashley",id:"volume-storage-on-a-mac-115-in-video---brentashley",level:3},{value:"New Network Rollout (13:01 in video) - Paul/Matt",id:"new-network-rollout-1301-in-video---paulmatt",level:3},{value:"Podman v4.0 Rollout (32:52 in video) - Matt/Brent",id:"podman-v40-rollout-3252-in-video---mattbrent",level:3},{value:"Podman TUI (https://github.com/navidys/podman-tui) (38:11 in video) - Navid",id:"podman-tui-httpsgithubcomnavidyspodman-tui-3811-in-video---navid",level:3},{value:"Open discussion (44:57 in video)",id:"open-discussion-4457-in-video",level:4},{value:"Next Meeting: Thursday February 17, 2022 11:00 a.m. EDT (UTC-5)",id:"next-meeting-thursday-february-17-2022-1100-am-edt-utc-5",level:3},{value:"Possible Topics:",id:"possible-topics",level:3}],mo={toc:uo},co="wrapper";function po(e){let{components:t,...n}=e;return(0,me.kt)(co,(0,K.Z)({},mo,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-cabal-meeting-notes"},"Podman Community Cabal Meeting Notes"),(0,me.kt)("p",null,"Attendees: Tom Sweeney, Aditya Rajan, Matt Heon, Brent Baude, Ashley Cui, Chris Evich, Christian Felder, Urvashi Mohnani, Eduardo Santiago, Giuseppe Scrivano, Nalin Dahyabhai, Paul Holzinger, Anders Bj\xf6rklund, Dan Walsh, Valentin Rothberg, Jhon Honce, Chris Evich, Miloslav Trmac, Reinhard Tarter, Eric Van Norman, Castedo Ellerman, Charlie Doern, Urvashi Mohnani, Lokesh Mandvekar, Navid Yaghoobi, Marcin Skarbek"),(0,me.kt)("h2",{id:"january-20-2022-1100-am-eastern"},"January 20, 2022 11:00 a.m. Eastern"),(0,me.kt)("h2",{id:"january-20-2022-topics"},"January 20, 2022 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Volume Storage on a Mac - Brent/Ashley"),(0,me.kt)("li",{parentName:"ol"},"New Network Rollout - Paul/Matt"),(0,me.kt)("li",{parentName:"ol"},"Podman v4.0 Rollout - Matt/Brent"),(0,me.kt)("li",{parentName:"ol"},"Podman TUI (",(0,me.kt)("a",{parentName:"li",href:"https://github.com/navidys/podman-tui"},"https://github.com/navidys/podman-tui"),") - Navid")),(0,me.kt)("h3",{id:"meeting-notes"},"Meeting Notes"),(0,me.kt)("p",null,"Video ",(0,me.kt)("a",{parentName:"p",href:"https://www.youtube.com/watch?v=bwhDnwYyiJY&t=2729s"},"Recording")),(0,me.kt)("p",null,"Meeting start 11:02 a.m. Thursday January 20, 2022"),(0,me.kt)("h3",{id:"volume-storage-on-a-mac-115-in-video---brentashley"},"Volume Storage on a Mac (1:15 in video) - Brent/Ashley"),(0,me.kt)("p",null,"Just a chat on how to handle storage for the Mac, especially since Anders is present. Docker has an advantage due ot the daemon to be able to handle the volumes. When containers closes, the daemon can umount if necessary."),(0,me.kt)("p",null,"Asking for opinions on the direction we should take here."),(0,me.kt)("p",null,"Compared to Docker machine to Podman, VM mounts are totally unrelated to container mounts in Docker machine. VM mounts stays for an entire session, not umounted when the container goes away. Problems trying to mount high level directories such as ",(0,me.kt)("inlineCode",{parentName:"p"},"/")," or ",(0,me.kt)("inlineCode",{parentName:"p"},"/tmp"),"."),(0,me.kt)("p",null,"Note: currently mounts are defined when machine is ",(0,me.kt)("em",{parentName:"p"},"created")," (not started), so needs to be deleted to change mounts"),(0,me.kt)("p",null,"In podman machine, we use the user core, so you don't get into trouble unless there's a user \"core\" on the host. We could then just set the root of the container to the homedir of the user on the VM."),(0,me.kt)("p",null,"Have to make sure the volume provided is not outside of the home dir."),(0,me.kt)("p",null,"We need to chase this down further, and the thought is to support mounting from homedir only."),(0,me.kt)("p",null,"Some previous discussions in ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/issues/8016"},"https://github.com/containers/podman/issues/8016")),(0,me.kt)("p",null,"The virtfs implementation was in ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/pull/11454"},"https://github.com/containers/podman/pull/11454")),(0,me.kt)("h3",{id:"new-network-rollout-1301-in-video---paulmatt"},"New Network Rollout (13:01 in video) - Paul/Matt"),(0,me.kt)("p",null,"Lots of chatter on IRC about netavark and aardvark. It\u2019s the new network stack that's being put together for Podman v4.0. It will replace the CNI plugins."),(0,me.kt)("p",null,"This will allow more complex networks, as has been requested in the past. This new stack will do what CNI currently does, plus the requested functionality. It's called netavark and is written in rust. It works like the current network stack as far as the user sees. It's working well for CNI but is missing DHCP on mac VLAN. IPv6 is better than the prior offering and is faster. Believe we can optimize further. DNS resolution is handled by aardvark and replaces DNS mask and DNS name."),(0,me.kt)("p",null,"Many of the use cases that could not be done in Podman in the past but in Docker will be enabled. If you're running Podman v3.","*"," and you upgrade to Podman v4.0, your network will be CNI by default. If you're running a Podman v4.0 and no storage is around, then it will default to netavark. An entry in containers.conf will be settable to allow choosing between CNI and netavark."),(0,me.kt)("p",null,"DNS resolution has not been used by default in CNI but will be turned on for netavark."),(0,me.kt)("p",null,"Reinhard asked from a packager\u2019s perspective, what considerations do they need to take into account? We tried to set the network stack up such that nothing should be required for packaging. You will have to package netavark and aardvark, but you shouldn't need any configuration manipulation."),(0,me.kt)("p",null,"There are database changes such that if you create a container in Podman v4.0, it won't be usable in Podman v3.0 space. The database is internal to Podman."),(0,me.kt)("p",null,"Also there's a subid tag in the Makefile that should be turned on for Podman v3.0. It brings in libsubuid via shadow-utils."),(0,me.kt)("p",null,"Also, it is suggested to use ",(0,me.kt)("inlineCode",{parentName:"p"},"podman --remote")," instead of ",(0,me.kt)("inlineCode",{parentName:"p"},"podman-remote"),"."),(0,me.kt)("p",null,"For those interested in the network, please test! Reach out and talk to the Podman maintainers. Please used Podman v4.0 RC2 and later."),(0,me.kt)("h3",{id:"podman-v40-rollout-3252-in-video---mattbrent"},"Podman v4.0 Rollout (32:52 in video) - Matt/Brent"),(0,me.kt)("p",null,"Database changes and network changes. A number of API changes that will break things."),(0,me.kt)("p",null,"THe API has been migrated. The more interesting things is doing things on a Mac. Podman v3.0 will not work with Podman v4.0 and vice versa. Podman v4.0 is sloted for Fedora 36, due in May (Dan thinks). We don't have forward/backward compatibility."),(0,me.kt)("p",null,"RHCOS will have Fedora 35, but with Podman v4.0 not included. We are working with the RHCOS team to smooth this out."),(0,me.kt)("p",null,"There have been 459 commits into Podman v4.0, about twice as many as Podman v3.4. Lots of changes, we'd love to get people trying it earlier before final release."),(0,me.kt)("h3",{id:"podman-tui-httpsgithubcomnavidyspodman-tui-3811-in-video---navid"},"Podman TUI (",(0,me.kt)("a",{parentName:"h3",href:"https://github.com/navidys/podman-tui"},"https://github.com/navidys/podman-tui"),") (38:11 in video) - Navid"),(0,me.kt)("p",null,(0,me.kt)("a",{parentName:"p",href:"https://github.com/navidys/podman-tui"},"https://github.com/navidys/podman-tui")),(0,me.kt)("p",null,"Terminal User Interface for Podman."),(0,me.kt)("p",null,"Demo - (38:40 in video)\nNavid gave a demo showing pods, containers, images. Many of the commands are available to use. Can't exec into a container yet. Uses the Go bindings from Podman. Shows events, disk usage."),(0,me.kt)("p",null,"It's 100% Go."),(0,me.kt)("h4",{id:"open-discussion-4457-in-video"},"Open discussion (44:57 in video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Castedo writing a guide on ",(0,me.kt)("a",{parentName:"li",href:"https://cnest.readthedocs.org"},"cnest.readthedocs.org"),". He's put together scripts and explanation on how to use Podman. Aimed at new to Podman/containers folks. Part of his work was to look at Toolbox, but looked for a simpler solution by using just Buildah and Podman with a little glue. He's packaged this up. Wonders if for his intial work, if it makes sense to have a Toolbox type tool or guides that are aimed at first-time users.")),(0,me.kt)("p",null,"He wanted to share only a bit of his directory in his containers and worked through things like that."),(0,me.kt)("p",null,"The rootless offering was very useful in his case, and he did virtual python environments in a rootless container."),(0,me.kt)("ol",{start:2},(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Anders asked if podman compose is compatible. It's a separate project from Podman run by others, but the Podman maintainers monitor it. Podman compose doesn't use the API but execs Podman under the covers. The podman compose project has revived over the past six months in popularity after looking like it was dead over the summer.")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Will Podman v3.0 be removed from distros once Podman v4.0 comes out? That's a distro decision. In Debian Podman, v3 and v4 will not be coinstallable. They could choose to install older versions on their own, but the stable versions of Debian will have their specific version. Branches on Podman with a ",(0,me.kt)("inlineCode",{parentName:"p"},"-rhel")," ending tag are backports for older versions. Usable for long-term support of older versions. RHEL even releases such as RHEL 8.6 are supported for two years."))),(0,me.kt)("h3",{id:"next-meeting-thursday-february-17-2022-1100-am-edt-utc-5"},"Next Meeting: Thursday February 17, 2022 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h3",{id:"possible-topics"},"Possible Topics:"),(0,me.kt)("p",null,"None suggested."),(0,me.kt)("p",null,"Meeting finished 12:02"),(0,me.kt)("p",null,"Raw Meeting Chat:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},'You10:59 AM\nhttps://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nReinhard Tartler11:00 AM\nthanks for adding me!\nYou11:01 AM\nhttps://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nYou11:03 AM\nhttps://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nReinhard Tartler11:04 AM\nthanks for thinking of me, nothing from me, I\'m most intereted in the podman 4.0 rollout from a packager\'s perspective\nLokesh Mandvekar11:09 AM\nHello Reinhard, fwiw, I plan to not build 4.0 on the Kubic repos, just in case 4.0 takes a while to land on debian and ubuntu\nChristopher Evich11:10 AM\nremember aardvark and netavark too\nLokesh Mandvekar11:10 AM\nalso, would be nice to look at debian packaging for: https://github.com/containers/netavark and https://github.com/containers/aardvark-dns\nyup\nValentin Rothberg11:10 AM\nWho\'s rejecting the user from entering?\nChristopher Evich11:11 AM\nthose of us trying to chat :(\nLokesh Mandvekar11:11 AM\nreally?\nchatting interferes with letting the user in?\nChristopher Evich11:11 AM\n picks default "deny" choice :(\nLokesh Mandvekar11:11 AM\nthat\'s weird\nValentin Rothberg11:11 AM\nPlease be careful to click on "admit" :)\nYou11:11 AM\nI think keyboard focus timimg\nLokesh Mandvekar11:11 AM\nohh\nChristopher Evich11:11 AM\nbad GUI design\nYou11:12 AM\nMarcin, sorry about the rejects, we\'d some gmeet gui issues.\nChristian F11:14 AM\ncan\'t you mount on the VM in below a well-defined path. /home e.g. ends up with /podman-mounts/home ?\nAnders F Bj\xf6rklund11:20 AM\nit is possible to mount host /home under /mnt/home or something, think docker-machine used like /hosthome.\nbut normally host uses /Users and machine uses /home, so then there is no conflict\nChristian F11:22 AM\nconsidering DHCP on Macvlan: it would be nice if the systemd unit file for the CNI DHCP daemon would be shipped with podman (may disabled by default, but a systemctl enable --now should be enough)\nBrent Baude11:30 AM\n@Christian, this IS something we are considering. And also of note, the CNI packages will not change.\nReinhard Tartler11:31 AM\nit was requested here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000521 -- happy to close it :-)\nValentin Rothberg11:31 AM\n`podman --remote`\nJhon Honce11:32 AM\npodman-remote is a smaller binary if that is a concern\nAnders F Bj\xf6rklund11:33 AM\nthe documentation in minikube and lima currently use "podman-remote", but then again it also uses podman2 so is lost anyway\nI guess podman4 will delete the podman3 packages, so same story again\nAnders F Bj\xf6rklund11:39 AM\nmaybe it would be easier to always run podman --remote, also on mac. oh well.\nBrent Baude11:42 AM\ncolor me impressed!\n@anders, it wont build\nAnders F Bj\xf6rklund11:43 AM\nI guess that would actually be "podman-remote --remote" that is run on the Mac\nAditya Rajan11:44 AM\n@Navid So cool !!! Could you share repo link plz\nEd Santiago11:44 AM\nVery impressive indeed\nChristian F11:45 AM\n:+1:\nBrent Baude11:47 AM\ncould adi,paul, and matt stick behind\nE. Castedo Ellerman11:53 AM\ncnest.readthedocs.org\nNavid Yaghoobi11:53 AM\nhttps://github.com/navidys/podman-tui\nValentin Rothberg11:59 AM\n-rhel suffixed branches\nChristian F12:00 PM\nwill there be different module streams in RHEL for podman 3 vs 4?\nMatt Heon12:03 PM\nYes\nWell\nieq-pxhy-jbh\n')))}po.isMDXComponent=!0;const go={},ko="Podman Community Cabal Meeting Notes",yo=[{value:"April 21, 2022 11:00 a.m. Eastern",id:"april-21-2022-1100-am-eastern",level:2},{value:"April 21, 2022 Topics",id:"april-21-2022-topics",level:2},{value:"Meeting Notes",id:"meeting-notes",level:3},{value:"Podman Contribution Methods Discussion - (1:00 in video) - Brent Baude",id:"podman-contribution-methods-discussion---100-in-video---brent-baude",level:3},{value:"Open discussion (53:37 in video)",id:"open-discussion-5337-in-video",level:4},{value:"Next Meeting: Thursday May 16, 2022 11:00 a.m. EDT (UTC-5)",id:"next-meeting-thursday-may-16-2022-1100-am-edt-utc-5",level:3},{value:"Next Community Meeting: Tuesday June 7, 2022 11:00 a.m. EDT (UTC-5)",id:"next-community-meeting-tuesday-june-7-2022-1100-am-edt-utc-5",level:3},{value:"Possible Topics:",id:"possible-topics",level:3}],wo={toc:yo},fo="wrapper";function bo(e){let{components:t,...n}=e;return(0,me.kt)(fo,(0,K.Z)({},wo,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-cabal-meeting-notes"},"Podman Community Cabal Meeting Notes"),(0,me.kt)("p",null,"Attendees: Tom Sweeney, Aditya Rajan, Matt Heon, Brent Baude, Ashley Cui, Chris Evich, Giuseppe Scrivano, Nalin Dahyabhai, Paul Holzinger, Anders Bj\xf6rklund, Dan Walsh, Valentin Rothberg, Jhon Honce, Miloslav Trma\u010d, Charlie Doern, Lokesh Mandvekar, Eduardo Santiago, Mohan Boddu, Chris Evich, Flavian Missi, Niall Crowe, Preethi Thomas, Anders Bjorklund, Lance Lovette, Scott McCarty"),(0,me.kt)("h2",{id:"april-21-2022-1100-am-eastern"},"April 21, 2022 11:00 a.m. Eastern"),(0,me.kt)("h2",{id:"april-21-2022-topics"},"April 21, 2022 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Podman Contribution Methods Discussion - Brent Baude - (1:00 in video)")),(0,me.kt)("h3",{id:"meeting-notes"},"Meeting Notes"),(0,me.kt)("p",null,"Video ",(0,me.kt)("a",{parentName:"p",href:"https://youtu.be/DP3FAGWn48s"},"Recording")),(0,me.kt)("p",null,"Meeting start 11:02 a.m. Thursday April 21, 2022"),(0,me.kt)("h3",{id:"podman-contribution-methods-discussion---100-in-video---brent-baude"},"Podman Contribution Methods Discussion - (1:00 in video) - Brent Baude"),(0,me.kt)("p",null,"Brent talked about the number of hours that the maintainers have been grinding out lately. He's concerned that the maintainers aren't keeping up with the Pull Requests that are coming in from internal to Red Hat and, more so, externally."),(0,me.kt)("p",null,"For instance, we have not been timely in reviewing Anders code as of late. Brent is asking for input from people for any potential solutions."),(0,me.kt)("p",null,"Matt doesn't want to completely remove the Code Review process; he wants to ensure maintenance will be as painless as possible. He thinks a core set of maintainers should review code before merging. He thinks that perhaps we could use lint to help. He recognizes there's a problem but wants to limit how easy it is to get stuff in."),(0,me.kt)("p",null,"We seem to have a cycle where maintainers lose sight of the need to stay on top of it until nudged. The problem has become due to the expansion of the size and complexity of the project, making it harder to know everything easily."),(0,me.kt)("p",null,"Valentin thinks there are two goals. Make merges easier and also to expand the number of maintainers. In other projects, they leave more work to the contributors by using bots to bounce PRs if they don't have a pass a lint process per instance."),(0,me.kt)("p",null,"Valentin thinks that we're doing pretty good in comparison to other-sized projects. Time is becoming an issue in some of our projects, such as ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/image"},"containers/image")," where PRs are lagging due to a lack of maintainers/review."),(0,me.kt)("p",null,"Miloslav has seen other projects assign particular reviewers to a review and doesn't know if that's something Podman could do. Dan thinks we couldn't do that via a bot, but perhaps we could use a process as the Linux kernel does."),(0,me.kt)("p",null,"Chris pointed out that an advantage of the kernel is it's modular, and Podman is becoming monolithic. Perhaps we can break it out into pieces. That would also be useful in developing unit tests."),(0,me.kt)("p",null,"Matt has asked others to help with the Triage of issues, and since then, he has found that Valentin and Paul have kept that down quickly."),(0,me.kt)("p",null,"Valentin wonders if we're not getting to issues promptly or, for that matter, PRs."),(0,me.kt)("p",null,"Matt thinks we're falling off the radar for issues. If an issue will take a long time to fix, it gets shuffled off. Ditto PRs that are 500 lines or more. People have a hard time getting to it, then it slips off the queue."),(0,me.kt)("p",null,"Mohan wonders if we can ask contributors to add tags to help with initial triaging."),(0,me.kt)("p",null,"We have two classes of issues with PR. Some are done by developers, and others are a fix for a quick typo and then get hung up on CI. They tend not to undertake it."),(0,me.kt)("p",null,"Anders said in another ",(0,me.kt)("a",{parentName:"p",href:"https://minikube.sigs.k8s.io/community/"},"project")," they have weekly triage meetings where they use a ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/google/triage-party"},"tool")," to classify issues. But there too, after being classified, it doesn't seem to help get it solved faster."),(0,me.kt)("p",null,"Study - 26\nBrent showed an ",(0,me.kt)("a",{parentName:"p",href:"https://linearb.io/blog/the-pull-request-paradox-merge-faster-by-promoting-your-pr/"},"article")," on Pull requests. It showed that 50% of PRs were idle for 50% of their lifetime, and 33% were idle for 78% of their lifetime. The issue gets compounded when a rebase is necessary."),(0,me.kt)("p",null,"Valentin points out that code review is as much of an art as writing code. Perhaps we can get faster reviewing things."),(0,me.kt)("p",null,"Flavian has asked what the problems are that we face when getting through the backlog."),(0,me.kt)("p",null,"Brent thinks the team could work on more feature work. Also, to spend more time on PRs for issues, but we're falling behind. When we have a new feature such as podman machine, a few people attend to that, and they stay away from other PRs."),(0,me.kt)("p",null,"A number of PRs which are perfectly good to go, but they don't get reviewed due to time, and the contributors are less than happy with that."),(0,me.kt)("p",null,"Brent also thinks we often create PRs that grow larger and larger rather than be done in building blocks."),(0,me.kt)("p",null,"Dan thinks we've two problems. Handling issues. We address that by having a bug week when we get above 200 in number on GitHub. Even with the whole team on board, we're lucky to get it down into the 180 mark. A bit of a treadmill."),(0,me.kt)("p",null,"The other side is when someone opens a PR, then people looking at issues often don't break off to look at the PRs that have come in."),(0,me.kt)("p",null,"Chris noted that 45 minutes is the sweet spot for the CI completion to wrap up in. A recent review by a group of college students noted the heaviness of the CI process for contributors as being a bad mark. FOr instance, if you have a misplaced semi-colon, it can take hours to get notified. Unit tests run faster than integration tests, and system tests are faster than them. It would be good if the CI could focus on unit tests and then continue to integration tests only if the unit tests are happy. Ditto system tests."),(0,me.kt)("p",null,"Jhon pointed out that once we spin-off to a cloud system for CI, you're really not doing a unit test per se. He also briefly talked about mock tests, and Miloslav noted that they're not always the ",(0,me.kt)("a",{parentName:"p",href:"https://www.destroyallsoftware.com/screencasts/catalog/functional-core-imperative-shell"},"answer"),"."),(0,me.kt)("p",null,"Chris thinks the CI we have will take a lot of effort to make faster without a lot of retooling other stuff."),(0,me.kt)("p",null,"Anders asked if we run on VMs or containers, and we run on VMs, not really eating our own dog food. He thinks it would be more interesting to run at least some unit tests in containers."),(0,me.kt)("p",null,"Valentin noted that code coverage only handles unit tests. He thinks it would be great to have CI revamped, but we'll need more meetings to do so."),(0,me.kt)("p",null,'Urvashi thinks we need to come to a consensus on "How to code review.".'),(0,me.kt)("p",null,"Brent doesn't like to have code design debates within the PR and would like to see more peer-to-peer reviews and/or mentoring reviews."),(0,me.kt)("p",null,"Brent asked that everyone read the article he put together and would like people to come back and think about potential changes. Essentially, he just wants to have everyone on board in thinking there's a problem."),(0,me.kt)("p",null,"Articles:\n",(0,me.kt)("a",{parentName:"p",href:"https://linearb.io/blog/the-pull-request-paradox-merge-faster-by-promoting-your-pr/"},"https://linearb.io/blog/the-pull-request-paradox-merge-faster-by-promoting-your-pr/"),"\n",(0,me.kt)("a",{parentName:"p",href:"https://www.destroyallsoftware.com/screencasts/catalog/functional-core-imperative-shell"},"https://www.destroyallsoftware.com/screencasts/catalog/functional-core-imperative-shell"),"\n",(0,me.kt)("a",{parentName:"p",href:"https://www.pullrequest.com/blog/why-your-team-isnt-reviewing-pull-requests/"},"https://www.pullrequest.com/blog/why-your-team-isnt-reviewing-pull-requests/"),"\n",(0,me.kt)("a",{parentName:"p",href:"https://www.morling.dev/blog/the-code-review-pyramid/"},"https://www.morling.dev/blog/the-code-review-pyramid/")),(0,me.kt)("h4",{id:"open-discussion-5337-in-video"},"Open discussion (53:37 in video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Brent has created a 4.0.3 FCOS image in hand that he'd like people to try on the mac."),(0,me.kt)("li",{parentName:"ol"},"Podman 4.1 RC should be released later today.")),(0,me.kt)("h3",{id:"next-meeting-thursday-may-16-2022-1100-am-edt-utc-5"},"Next Meeting: Thursday May 16, 2022 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h3",{id:"next-community-meeting-tuesday-june-7-2022-1100-am-edt-utc-5"},"Next Community Meeting: Tuesday June 7, 2022 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h3",{id:"possible-topics"},"Possible Topics:"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"None")),(0,me.kt)("p",null,"Meeting finished 11:58 a.m."),(0,me.kt)("p",null,"Raw Meeting Chat:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"You11:00 AM\nhttps://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nYou11:01 AM\nhttps://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nYou11:05 AM\nUrvashi, can you send me a link to the doc in email plz?\nPreethi Thomas11:05 AM\nTom its both in the email and in gchat\nUrvashi Mohnani11:06 AM\nyup, sent it to aos-internal and its in our gchat room as well\nYou11:27 AM\nTY! UM\nFlavian Missi11:27 AM\nmaybe https://github.com/google/triage-party ?\nUrvashi Mohnani11:28 AM\nhttps://linearb.io/blog/the-pull-request-paradox-merge-faster-by-promoting-your-pr/\nlink to the article ^^\nAnders F Bj\xf6rklund11:29 AM\nRight, that is the tool\nhttps://minikube.sigs.k8s.io/community/\nYou11:32 AM\nAnders and Flavian, thx for the links, I've added them to the notes.\nMiloslav Trmac11:42 AM\n/me is on the anti-mocking side:\nhttps://www.destroyallsoftware.com/screencasts/catalog/functional-core-imperative-shell\n(CRI-O has mocks of c/storage and Podman and IMHO it\u2019s a _nightmare_, e.g. in some cases not testing the right code at all.)\nMiloslav Trmac11:46 AM\nAre there some easy wins like making the current \u201cmust include tests\u201d bot nudge users towards unit tests and discourage adding another shell script to system tests?\nPreethi Thomas11:47 AM\nhttps://www.pullrequest.com/blog/why-your-team-isnt-reviewing-pull-requests/\nBrent Baude11:48 AM\none thing our development tooling/environment needs is the ability to run the e2e tests locally but isolated ... hint: make locale2e-vagrant ...\nMatt Heon11:48 AM\nI think the no-new-tests-needed check might actually fail a PR if it only had unit tests\nIt checks the tests/ folder AFAIK\nUnit tests don't live in there\nPaul Holzinger11:48 AM\n@Matt no it also checks for _test.go\nValentin Rothberg11:50 AM\nHere's a link to the reviewing pyramid -> https://www.morling.dev/blog/the-code-review-pyramid/\nieq-pxhy-jbh\n")))}bo.isMDXComponent=!0;const vo={},Mo="Podman Community Cabal Meeting Notes",Ao=[{value:"September 15, 2022 11:00 a.m. Eastern",id:"september-15-2022-1100-am-eastern",level:2},{value:"September 15, 2022 Topics",id:"september-15-2022-topics",level:2},{value:"Meeting Notes",id:"meeting-notes",level:3},{value:"Quadlet/Kubernetes yaml support - (0:50 in video) - Valentin Rothberg",id:"quadletkubernetes-yaml-support---050-in-video---valentin-rothberg",level:3},{value:"ZSTD Support - (18:29 in video) Dan Walsh",id:"zstd-support---1829-in-video-dan-walsh",level:3},{value:"Confidential Computing - (27:05 in video) Dan Walsh",id:"confidential-computing---2705-in-video-dan-walsh",level:3},{value:"Landlock Support - (31:13 in video) Dan Walsh",id:"landlock-support---3113-in-video-dan-walsh",level:3},{value:"Podman desktop packaging - (35:52 in video) Lokesh Mandvekar",id:"podman-desktop-packaging---3552-in-video-lokesh-mandvekar",level:3},{value:"Podman kube apply - (49:42 in video) Urvashi Mohnani",id:"podman-kube-apply---4942-in-video-urvashi-mohnani",level:3},{value:"Open discussion (58:21 in video)",id:"open-discussion-5821-in-video",level:4},{value:"Next Meeting: Thursday October 20, 2022 11:00 a.m. EDT (UTC-4)",id:"next-meeting-thursday-october-20-2022-1100-am-edt-utc-4",level:3},{value:"October 20, 2022 Topics",id:"october-20-2022-topics",level:2},{value:"Next Community Meeting: Tuesday October 4, 2022 11:00 a.m. EDT (UTC-4)",id:"next-community-meeting-tuesday-october-4-2022-1100-am-edt-utc-4",level:3},{value:"Possible Topics:",id:"possible-topics",level:3}],Io={toc:Ao},To="wrapper";function So(e){let{components:t,...n}=e;return(0,me.kt)(To,(0,K.Z)({},Io,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-cabal-meeting-notes"},"Podman Community Cabal Meeting Notes"),(0,me.kt)("p",null,"Attendees: Matt Heon, Nalin Dahyabhai, Paul Holzinger, Charlie Doern, Lokesh Mandvekar, Niall Crowe, Dan Walsh, Valentin Rothberg, Miloslav Trmac, Mohan Bodu, Eduardo Santiago, Giuseppe Scrivano, Chris Evich, Aditya Rajan, Urvashi Mohnani, Preethi Thomas, Ashley Cui, Joseph Gooch, Reinhard Tartler, Sally O'Malley, Stevan Le Meur, Anders Bj\xf6rklund"),(0,me.kt)("h2",{id:"september-15-2022-1100-am-eastern"},"September 15, 2022 11:00 a.m. Eastern"),(0,me.kt)("h2",{id:"september-15-2022-topics"},"September 15, 2022 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Quadlet/Kubernetes.YAML support - Valentin Rothberg"),(0,me.kt)("li",{parentName:"ol"},"ZSTD support update - Dan Walsh"),(0,me.kt)("li",{parentName:"ol"},"Confidential Computing with Podman/crun/libkrun - Dan Walsh"),(0,me.kt)("li",{parentName:"ol"},"Landlock support - Dan Walsh"),(0,me.kt)("li",{parentName:"ol"},"Packaging for podman-desktop - Lokesh Mandvekar"),(0,me.kt)("li",{parentName:"ol"},"Overview of kube apply - Urvashi Mohnani")),(0,me.kt)("h3",{id:"meeting-notes"},"Meeting Notes"),(0,me.kt)("p",null,"Video ",(0,me.kt)("a",{parentName:"p",href:"https://youtu.be/mAUUGASnmIk"},"Recording")),(0,me.kt)("p",null,"Meeting start 11:02 a.m. Thursday October 4, 2022"),(0,me.kt)("h3",{id:"quadletkubernetes-yaml-support---050-in-video---valentin-rothberg"},"Quadlet/Kubernetes yaml support - (0:50 in video) - Valentin Rothberg"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Boils down to podman systemd integration"),(0,me.kt)("li",{parentName:"ul"},"Recently married systemd and kubenetes integration we have",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"escaping via systemd-escape and a yaml file"),(0,me.kt)("li",{parentName:"ul"},"can give simple k8s yaml files to systemd"))),(0,me.kt)("li",{parentName:"ul"},"quadlet is good for edge use cases, automotive",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"reallign quadlet with podman"),(0,me.kt)("li",{parentName:"ul"},"future would be to move to a podman generate quadlet workflow instead of generate systemd")))),(0,me.kt)("h3",{id:"zstd-support---1829-in-video-dan-walsh"},"ZSTD Support - (18:29 in video) Dan Walsh"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"We have support for this, can be specified in oci what compresion standard to use"),(0,me.kt)("li",{parentName:"ul"},"everyone uses gzip, but zstd gives better compression"),(0,me.kt)("li",{parentName:"ul"},"when only one file in an image has changed, when you go to pull the update it pulls down the whole image even thoug only one thing has changed"),(0,me.kt)("li",{parentName:"ul"},"we have added support to podman to determine what has changed and only pull down those changes and not the whole image"),(0,me.kt)("li",{parentName:"ul"},"have opened PRs to containerd and docker to support zstd format, they have bene merged but there is no official release"),(0,me.kt)("li",{parentName:"ul"},"older versions of docker will be unhappy with the newer version of compression if we start pushing this everywhere"),(0,me.kt)("li",{parentName:"ul"},"stuck in a state trying to figure out how we support older version of docker"),(0,me.kt)("li",{parentName:"ul"},"suggestion is to push both versions, gzip and zstd, to the registry and they can be stored under the same name and manifest. But add an annotation/label to the image to identify which compression is used in the image",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"penalty will be pushing two images instead of just one to support both formats"),(0,me.kt)("li",{parentName:"ul"},"if you know your environment will work with zstd no need to push both versions"),(0,me.kt)("li",{parentName:"ul"},"for older container engines, recommendation would be to push with both formats"))),(0,me.kt)("li",{parentName:"ul"},"proposal that is being worked on and we are making sure it works correctly"),(0,me.kt)("li",{parentName:"ul"},"What is the endgame",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"when enough people are no longer on the older container engines we can push for zstd only (may take about 2 years to switch the standard to ZSTD)")))),(0,me.kt)("h3",{id:"confidential-computing---2705-in-video-dan-walsh"},"Confidential Computing - (27:05 in video) Dan Walsh"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Needs to compress and encrypt the application"),(0,me.kt)("li",{parentName:"ul"},"Encrypt the image and push it, but the image should have the same name"),(0,me.kt)("li",{parentName:"ul"},"When you want to run the image in confidential mode, need to make sure you pull down the confidential image",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"the image manifest will differentiate which one is confidential and which is not"))),(0,me.kt)("li",{parentName:"ul"},"Still debating what exactly this should be but will have an article out on this soon")),(0,me.kt)("h3",{id:"landlock-support---3113-in-video-dan-walsh"},"Landlock Support - (31:13 in video) Dan Walsh"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"New security mechanism in the linux kernel"),(0,me.kt)("li",{parentName:"ul"},"it allows you to specifiy certain paths to an application in such a way that only those paths are allowed to use the app"),(0,me.kt)("li",{parentName:"ul"},"for example allows podman to say I am only going to write to /var/lib/containers and if it tries to write to any other location it will be blocked"),(0,me.kt)("li",{parentName:"ul"},"want to use this to protect podman from itself"),(0,me.kt)("li",{parentName:"ul"},"currently looking into it and researching what needs to be done"),(0,me.kt)("li",{parentName:"ul"},"There is a PR open for getting this into the runtime spec",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("a",{parentName:"li",href:"https://github.com/opencontainers/runtime-spec/pull/1111"},"https://github.com/opencontainers/runtime-spec/pull/1111")))),(0,me.kt)("li",{parentName:"ul"},"Will landlock work well with volumes? How difficult will it be to use landlock for container control?")),(0,me.kt)("h3",{id:"podman-desktop-packaging---3552-in-video-lokesh-mandvekar"},"Podman desktop packaging - (35:52 in video) Lokesh Mandvekar"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Background reading: ",(0,me.kt)("a",{parentName:"li",href:"https://github.com/containers/podman-desktop/issues/112"},"https://github.com/containers/podman-desktop/issues/112")),(0,me.kt)("li",{parentName:"ul"},"Someone has done the packaging and it is avaiable on OBS"),(0,me.kt)("li",{parentName:"ul"},"Ask is to support it on official fedora"),(0,me.kt)("li",{parentName:"ul"},"Require to package electron (RH may not want to support this)"),(0,me.kt)("li",{parentName:"ul"},'Goal is to be able to do "dnf install podman-desktop"'),(0,me.kt)("li",{parentName:"ul"},"electron is embedded in podman-desktop and we are providing the package for brew on mac")),(0,me.kt)("h3",{id:"podman-kube-apply---4942-in-video-urvashi-mohnani"},"Podman kube apply - (49:42 in video) Urvashi Mohnani"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"kube apply lets you deploy the generated kube yaml to a k8s cluster directly"),(0,me.kt)("li",{parentName:"ul"},"need to pass the kubeconfig file so that correct key and certifactes can be gathered for authentication"),(0,me.kt)("li",{parentName:"ul"},"use the k8s API endpoint to make the request to create the k8s resource"),(0,me.kt)("li",{parentName:"ul"},"supported types are pods, volumes, and services",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"this can be extended as we add more support to podman generate kube"))),(0,me.kt)("li",{parentName:"ul"},"Possible features, pass in a container or podname instead of a kube yaml to deploy to the k8s cluster"),(0,me.kt)("li",{parentName:"ul"},"get the kube yaml for something already running in a k8s cluster")),(0,me.kt)("h4",{id:"open-discussion-5821-in-video"},"Open discussion (58:21 in video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"None")),(0,me.kt)("h3",{id:"next-meeting-thursday-october-20-2022-1100-am-edt-utc-4"},"Next Meeting: Thursday October 20, 2022 11:00 a.m. EDT (UTC-4)"),(0,me.kt)("h2",{id:"october-20-2022-topics"},"October 20, 2022 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"None")),(0,me.kt)("h3",{id:"next-community-meeting-tuesday-october-4-2022-1100-am-edt-utc-4"},"Next Community Meeting: Tuesday October 4, 2022 11:00 a.m. EDT (UTC-4)"),(0,me.kt)("h3",{id:"possible-topics"},"Possible Topics:"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"None")),(0,me.kt)("p",null,"Meeting finished 12:00 p.m."),(0,me.kt)("p",null,"Raw Meeting Chat:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},'00:00:39.516,00:00:42.516\nUrvashi Mohnani: https://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\n\n00:01:17.367,00:01:20.367\nUrvashi Mohnani: https://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\n\n00:02:59.904,00:03:02.904\nUrvashi Mohnani: https://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\n\n00:04:28.274,00:04:31.274\nEd Santiago Munoz: Very choppy here too\n\n00:08:17.367,00:08:20.367\nValentin Rothberg: https://www.redhat.com/sysadmin/kubernetes-workloads-podman-systemd\n\n00:08:27.068,00:08:30.068\nUrvashi Mohnani: https://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\n\n00:12:28.550,00:12:31.550\nJoseph Gooch: static const char *supported_container_keys[] = {\n "ContainerName",\n "Image",\n "Environment",\n "Exec",\n "NoNewPrivileges",\n "DropCapability",\n "AddCapability",\n "RemapUsers",\n "RemapUidStart",\n "RemapGidStart",\n "RemapUidRanges",\n "RemapGidRanges",\n "Notify",\n "SocketActivated",\n "ExposeHostPort",\n "PublishPort",\n "KeepId",\n "User",\n "Group",\n "HostUser",\n "HostGroup",\n "Volume",\n "PodmanArgs",\n "Label",\n "Annotation",\n "RunInit",\n "VolatileTmp",\n "Timezone",\n NULL\n}\n\n00:12:40.612,00:12:43.612\nJoseph Gooch: Currently in quadlet ^^^\n\n00:14:00.468,00:14:03.468\nJoseph Gooch: https://github.com/containers/quadlet From the readme, the file formats and container setup docs are very readable (and exciting)\n\n00:16:00.536,00:16:03.536\nValentin Rothberg: Here\'s a doc: https://github.com/containers/podman/blob/main/docs/kubernetes_support.md\n\n00:16:52.968,00:16:55.968\nReinhard Tartler: I completely missed that documentation. I\'ll check whether it\'s included in the Debian package!\n\n00:18:20.409,00:18:23.409\nSally O\'Malley: Thanks, Valentin!\n\n00:18:33.328,00:18:36.328\nJoseph Gooch: Another comment on Quadlet - moving it towards golang, and introducing GoLang text templates would be pretty killer\n\n00:19:24.193,00:19:27.193\nValentin Rothberg: Thanks for the questions and feedback! Please reach out if you have any questions.\n\nFor updates, I suggest following this GitHub issue: https://github.com/containers/podman/issues/15686\n\n00:26:17.470,00:26:20.470\nSally O\'Malley: Is there a podman issue for the zstd support?\n\n00:27:16.513,00:27:19.513\nValentin Rothberg: @Sally: Podman already supports ZSTD but there is no issue (yet) for the idea of shipping an image in GZIP and ZSTD in a manifest list (or "image index" in OCI terminology)\n\n00:27:27.585,00:27:30.585\nSally O\'Malley: thanks, got it\n\n00:28:46.082,00:28:49.082\nAditya Rajan: OCI to Confidential Image https://github.com/virtee/oci2cw\n\n00:28:51.876,00:28:54.876\nFlorent Benoit: Is there support planned for SOCI as well https://github.com/awslabs/soci-snapshotter in Podman ?\n\n00:29:10.790,00:29:13.790\nUrvashi Mohnani: https://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\n\n00:33:33.010,00:33:36.010\nAditya Rajan: https://github.com/opencontainers/runtime-spec/pull/1111\n\n00:36:07.090,00:36:10.090\nLokesh Mandvekar: https://github.com/containers/podman-desktop/issues/112\n\n00:38:08.871,00:38:11.871\nChristopher Evich: For RHEL, people could use an EPEL package maybe?\n\n00:44:23.989,00:44:26.989\nFlorent Benoit: we\'re also on flathub https://flathub.org/apps/details/io.podman_desktop.PodmanDesktop\n\n00:53:20.887,00:53:23.887\nUrvashi Mohnani: https://asciinema.org/a/WCZc8x3NFkaH2v4OvlOny08Hn\n\n00:55:57.118,00:56:00.118\nAditya Rajan: Yes\n\n00:56:03.182,00:56:06.182\nAditya Rajan: kubectl edit deployment name\n\n00:57:30.545,00:57:33.545\nAditya Rajan: kubectl get -o yaml\n')))}So.isMDXComponent=!0;const No={},Co="Podman Community Meeting notes",Po=[{value:"February 7, 2023, 11:00 a.m. Eastern (UTC-5)",id:"february-7-2023-1100-am-eastern-utc-5",level:2},{value:"Attendees (17 total)",id:"attendees-17-total",level:3},{value:"Meeting Start: 11:02 a.m. EST",id:"meeting-start-1102-am-est",level:2},{value:"BlueJeans Recording",id:"bluejeans-recording",level:3},{value:"Pasta in Podman Demo",id:"pasta-in-podman-demo",level:2},{value:"Stefano Brivio",id:"stefano-brivio",level:3},{value:"(1:48 in the video)",id:"148-in-the-video",level:4},{value:"Demo - (2:30 in the video)",id:"demo---230-in-the-video",level:4},{value:"Podman v4.4 Update",id:"podman-v44-update",level:2},{value:"Ashley Cui",id:"ashley-cui",level:3},{value:"(26:40 in the video)",id:"2640-in-the-video",level:4},{value:"Podman Desktop Update",id:"podman-desktop-update",level:2},{value:"Stevan Le Meur",id:"stevan-le-meur",level:3},{value:"(31:55 in the video)",id:"3155-in-the-video",level:4},{value:"Open Forum/Questions?",id:"open-forumquestions",level:2},{value:"(47:45 in the video)",id:"4745-in-the-video",level:4},{value:"Topics for Next Meeting",id:"topics-for-next-meeting",level:2},{value:"Next Meeting: Tuesday, April 4, 2023, 11:00 a.m. Eastern (UTC-4)",id:"next-meeting-tuesday-april-4-2023-1100-am-eastern-utc-4",level:2},{value:"Next Cabal Meeting: Thursday, February 16, 2023, 11:00 a.m. Eastern (UTC-5)",id:"next-cabal-meeting-thursday-february-16-2023-1100-am-eastern-utc-5",level:2},{value:"Meeting End: 11:52 a.m. Eastern (UTC-5)",id:"meeting-end-1152-am-eastern-utc-5",level:3},{value:"BlueJeans Chat copy/paste:",id:"bluejeans-chat-copypaste",level:2}],xo={toc:Po},Do="wrapper";function Bo(e){let{components:t,...n}=e;return(0,me.kt)(Do,(0,K.Z)({},xo,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-meeting-notes"},"Podman Community Meeting notes"),(0,me.kt)("h2",{id:"february-7-2023-1100-am-eastern-utc-5"},"February 7, 2023, 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h3",{id:"attendees-17-total"},"Attendees (17 total)"),(0,me.kt)("p",null,"Tom Sweeney, Chris Evich, Ashley Cui, Paul Holzinger, Nalin Dahyabhai, Giuseppe Scrivano, Preethi Thomas, Matt Heon, Urvashi Mohnani, Ed Santiago, Brent Baude, Stefano Brivio, Lokesh Mandvekarm, Greg Shomo, Anders Bj\xf6rklund, Mateo Brisi, Tom Lezotte, Stevan Le Meur, Mehdi Haghgoo, Martin Jackson"),(0,me.kt)("h2",{id:"meeting-start-1102-am-est"},"Meeting Start: 11:02 a.m. EST"),(0,me.kt)("h3",{id:"bluejeans-recording"},"BlueJeans ",(0,me.kt)("a",{parentName:"h3",href:"https://youtu.be/qLhf-Ae4jvo"},"Recording")),(0,me.kt)("h2",{id:"pasta-in-podman-demo"},"Pasta in Podman Demo"),(0,me.kt)("h3",{id:"stefano-brivio"},"Stefano Brivio"),(0,me.kt)("h4",{id:"148-in-the-video"},"(1:48 in the video)"),(0,me.kt)("p",null,"What's Pasta? A tool that connects the network names space of the container to the host."),(0,me.kt)("h4",{id:"demo---230-in-the-video"},"Demo - (2:30 in the video)"),(0,me.kt)("p",null,"Creates a tap device that allows a quasi-native network connectivity to virtual machines in user mode without requiring any capabilities or privileges."),(0,me.kt)("p",null,"Stefano showed two shells, one where he was running Pasta, the other slipr4netns. He then created a device using Pasta."),(0,me.kt)("p",null,"Side note, Pasta shares a man page with passt (pasta (1))."),(0,me.kt)("p",null,"He then ran an alpine container with --net=slirp4netns and then one with --net=pasta."),(0,me.kt)("p",null,"The difference between them is the interface. Instead of tap0 from slipr4netns, it's enpp9s0."),(0,me.kt)("p",null,"He then showed how you could change the addresses by using the ",(0,me.kt)("inlineCode",{parentName:"p"},"podman run")," command. The ",(0,me.kt)("inlineCode",{parentName:"p"},"podman-run (1)")," man page has a number of details. Search for ",(0,me.kt)("inlineCode",{parentName:"p"},"pasta")," within it."),(0,me.kt)("p",null,"Pasta gets the ipv6 addresses from the host, while sliprnetns gets a 10.0.2.100 type of address."),(0,me.kt)("p",null,"Why choose Pasta over slirp4netns? 1. Performance 2. Smaller footprint 3. IPv6 support provided"),(0,me.kt)("p",null,"He recommends setting the default for networking to Pasta from Slirp4netns."),(0,me.kt)("p",null,"PR: ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/pull/16141"},"https://github.com/containers/podman/pull/16141"),"\nProject homepage: ",(0,me.kt)("a",{parentName:"p",href:"https://passt.top/"},"https://passt.top/"),"\nasciinema demo (Podman and stand-alone): ",(0,me.kt)("a",{parentName:"p",href:"https://passt.top/passt/about/#pasta_2"},"https://passt.top/passt/about/#pasta_2"),"\nMailing list, chat, bug tracker, weekly meetings: ",(0,me.kt)("a",{parentName:"p",href:"https://passt.top/passt/about/#contribute"},"https://passt.top/passt/about/#contribute")),(0,me.kt)("p",null,"What's the downside to switching the default to Pasta? Possibly user familiarability since Pasta is a newer project."),(0,me.kt)("p",null,"Podman rootless network integration is still a WIP at this point. Once that's done, then Paul suggests it changes to the default after that."),(0,me.kt)("p",null,"Dan would like to switch at the next full Fedora release, and he'd like it to soak for six months in Fedora before going to RHEL. Valentin thinks good timing for RHEL 10."),(0,me.kt)("h2",{id:"podman-v44-update"},"Podman v4.4 Update"),(0,me.kt)("h3",{id:"ashley-cui"},"Ashley Cui"),(0,me.kt)("h4",{id:"2640-in-the-video"},"(26:40 in the video)"),(0,me.kt)("p",null,"Around 125 user-facing changes, including features and bug fixes. We introduced Quadlet, a new systemd-related generator."),(0,me.kt)("p",null,"A lot of new ",(0,me.kt)("inlineCode",{parentName:"p"},"podman kube")," features. CNI will be deprecated soon. Advising that Netavark be used instead, and that will be the default later."),(0,me.kt)("p",null,"We're doing a Podman v4.4.1, probably tomorrow, to include the Quadlet man page, which was mistakenly left off, and a few bug fixes."),(0,me.kt)("p",null,"Several performance changes were made in this release."),(0,me.kt)("p",null,"We'll be doing a demo of Quadlet at an upcoming meeting."),(0,me.kt)("p",null,"Podman v4.4.0 should be in Fedora by default in the next few days. We also had updates for Buildah, Skopeo, and other tools."),(0,me.kt)("h2",{id:"podman-desktop-update"},"Podman Desktop Update"),(0,me.kt)("h3",{id:"stevan-le-meur"},"Stevan Le Meur"),(0,me.kt)("h4",{id:"3155-in-the-video"},"(31:55 in the video)"),(0,me.kt)("p",null,'Started with Demo. Showed "Docker Socket Compatibility" message now on the main page.'),(0,me.kt)("p",null,"There's also a new feedback button on the main page to share feedback directly with the team."),(0,me.kt)("p",null,"When creating a new machine, you can customize its path."),(0,me.kt)("p",null,"In the registries section, you can configure the ones that you have defined."),(0,me.kt)("p",null,"In the proxy, you can toggle on/off the configuration."),(0,me.kt)("p",null,"UI changes have improved the alignments through out for better readability."),(0,me.kt)("p",null,"You can press the three dots icon within the pods to get further actions."),(0,me.kt)("p",null,"You can select the namespace so you can deploy where you want to."),(0,me.kt)("p",null,"Windows and Mac installations have been added to the GitHub page."),(0,me.kt)("p",null,"New documentation to help with the transition from Docker to Podman Desktop."),(0,me.kt)("p",null,"Showed a demo on creating two containers and pushing them into a Pod on OpenShift. He created an OpenShift cluster. He chose two containers and put them into a new pod. He then opened a browser and showed a webpage being run from within the pod. He later deployed it on the OpenShift cluster. Back on Podman Desktop, it showed the status of the pod on OpenShift."),(0,me.kt)("h2",{id:"open-forumquestions"},"Open Forum/Questions?"),(0,me.kt)("h4",{id:"4745-in-the-video"},"(47:45 in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Martin ran with the new Podman 4.4 and noticed a speed improvement. Folks were very happy with Quadlet to date. Dan thinks the speed improvement is due to Kubernetes not being part of the equation, about a 30% gain in CPU.")),(0,me.kt)("h2",{id:"topics-for-next-meeting"},"Topics for Next Meeting"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Quadlet demo.")),(0,me.kt)("h2",{id:"next-meeting-tuesday-april-4-2023-1100-am-eastern-utc-4"},"Next Meeting: Tuesday, April 4, 2023, 11:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h2",{id:"next-cabal-meeting-thursday-february-16-2023-1100-am-eastern-utc-5"},"Next Cabal Meeting: Thursday, February 16, 2023, 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h3",{id:"meeting-end-1152-am-eastern-utc-5"},"Meeting End: 11:52 a.m. Eastern (UTC-5)"),(0,me.kt)("h2",{id:"bluejeans-chat-copypaste"},"BlueJeans Chat copy/paste:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Me10:58 AM\nhttps://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\nMe10:59 AM\nhttps://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\nMe11:01 AM\nhttps://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\nMehdi Haghgoo11:17 AM\nsorry I joined late. Is pasta a new container networking type?\nMe11:19 AM\nMehdi, I'll ask your question shortly.\nMehdi Haghgoo11:19 AM\nThanks\nBrent Baude11:21 AM\ni would also agree about switching it to become the default as well\nStefano Brivio11:21 AM\nhttps://github.com/containers/podman/pull/16141\nValentin Rothberg11:27 AM\nGood timing for RHEL 10\nBrent Baude11:28 AM\nimho, switching would be transparent to customers and it is feature complete, unlink the network stack for example\nStefano Brivio11:28 AM\nhttps://passt.top/\nCI-based demo: https://passt.top/passt/about/#pasta_2\nMailing list, chat, bug tracker, weekly meetings: https://passt.top/passt/about/#contribute\nStefano Brivio11:30 AM\nPull request, listing differences with slirp4netns: https://github.com/containers/podman/pull/16141\n(I'll add those to hackmd in a moment)\nMehdi Haghgoo11:31 AM\nIs quadlet a subcommand of podman?\nValentin Rothberg11:32 AM\nQuadlet docs: https://github.com/containers/podman/blob/main/docs/source/markdown/podman-systemd.unit.5.md\nMehdi Haghgoo11:36 AM\nCan one systemd unit file manage several containers? Or is it one to one?\nIn your screen of PD, why podman is not emulating /var/run/docker.sock? It was very handy\nValentin Rothberg11:36 AM\nIt's 1:1 for ordinary container and 1:N when using the Kubernetes integration.\nMehdi Haghgoo11:40 AM\nValentin, so can I migrate a docker-compose project to a systemd unit?\nValentin Rothberg11:43 AM\n@Mehdi: yes, that is a nice use case. Instead of using docker-compose, you can use Podman and systemd.\nMarkus Eisele11:44 AM\nIt might be BlueJeans blocking the port locally.\nStefano Brivio11:46 AM\nValentin, by the way, passt/pasta will be available in RHEL starting from 9.2 -- just for information, not advocating to switch the default \"too early\" :)\nMehdi Haghgoo11:47 AM\nThanks Valentin\nLokesh Mandvekar11:49 AM\ngotta drop, thanks all.. later..\nMehdi Haghgoo11:52 AM\nHow does PD remove the need for DOCKER_SOCK env var?\nGreg Shomo (Northeastern)11:52 AM\nthank you, everyone, for all the updates and glimpses into the future. much appreciated !\n")))}Bo.isMDXComponent=!0;const Eo={},Wo="Podman Community Cabal Meeting Notes",jo=[{value:"May 18, 2023 11:00 a.m. Eastern (UTC-5)",id:"may-18-2023-1100-am-eastern-utc-5",level:2},{value:"Attendees:",id:"attendees",level:3},{value:"May 18, 2023 Topics",id:"may-18-2023-topics",level:2},{value:"Meeting Notes",id:"meeting-notes",level:3},{value:"containersh (1:25 in the video) - Dan Walsh",id:"containersh-125-in-the-video---dan-walsh",level:3},{value:"Storage - allow layers to be split across multiple files. (13:20 in the video) - Anders Bjorklund",id:"storage---allow-layers-to-be-split-across-multiple-files-1320-in-the-video---anders-bjorklund",level:3},{value:"podman.io demo - (21:58 in the video) - Ashley Cui - 20",id:"podmanio-demo---2158-in-the-video---ashley-cui---20",level:3},{value:"github.com/containers/appstore (29:45 in the video) - Dan Walsh",id:"githubcomcontainersappstore-2945-in-the-video---dan-walsh",level:3},{value:"Open discussion (42:00 in the video)",id:"open-discussion-4200-in-the-video",level:4},{value:"Next Meeting: Thursday, June 15, 2023, 11:00 a.m. EDT (UTC-5)",id:"next-meeting-thursday-june-15-2023-1100-am-edt-utc-5",level:3},{value:"Possible Topics",id:"possible-topics",level:2},{value:"Next Community Meeting: Tuesday, June 6, 2023, 11:00 a.m. EDT (UTC-5)",id:"next-community-meeting-tuesday-june-6-2023-1100-am-edt-utc-5",level:3},{value:"Possible Topics:",id:"possible-topics-1",level:3}],Lo={toc:jo},Ho="wrapper";function Ro(e){let{components:t,...n}=e;return(0,me.kt)(Ho,(0,K.Z)({},Lo,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-cabal-meeting-notes"},"Podman Community Cabal Meeting Notes"),(0,me.kt)("h2",{id:"may-18-2023-1100-am-eastern-utc-5"},"May 18, 2023 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h3",{id:"attendees"},"Attendees:"),(0,me.kt)("p",null,"Anders F Bj\xf6rklund, Ashley Cui, Ashley Cui's Presentation, Brent Baude, Christopher Evich, Daniel Walsh, Ed Santiago Munoz, Lance Lovette, Leon Nunes, Lokesh Mandvekar, Martin Jackson, Matt Heon, Mohan Boddu, Nalin Dahyabhai, Preethi Thomas, Reinhard Tartler, Tom Sweeney, Tom Sweeney's Presentation, Urvashi Mohnani, ykuksenko"),(0,me.kt)("h2",{id:"may-18-2023-topics"},"May 18, 2023 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"containersh - Lokesh Mandvekar, Dan Walsh"),(0,me.kt)("li",{parentName:"ol"},"Storage - allow layers to be split across multiple files. - Anders Bjorklund"),(0,me.kt)("li",{parentName:"ol"},"podman.io - Comments/Discussion"),(0,me.kt)("li",{parentName:"ol"},"github.com/containers/appstore - Dan Walsh")),(0,me.kt)("h3",{id:"meeting-notes"},"Meeting Notes"),(0,me.kt)("p",null,"Video ",(0,me.kt)("a",{parentName:"p",href:"https://youtu.be/GYrFHoYtXDA"},"Recording")),(0,me.kt)("p",null,"Meeting start 11:02 a.m. Thursday, May 18, 2023"),(0,me.kt)("h3",{id:"containersh-125-in-the-video---dan-walsh"},"containersh (1:25 in the video) - Dan Walsh"),(0,me.kt)("p",null,"A shell account to allow an interjection into a shell. You'd interject which cgroup, image the user could have, and they would be assigned a container with those values. Useful in a government setting. It lets someone in with the appropriate privileges. Dan thinks it's a fairly small addition to Podman. The hardest part is a timing issue for execing the user environment. A bit of a race condition with the container. By using systemd, it will maintain the containers until the system goes down."),(0,me.kt)("p",null,"One thing that Lokesh has noticed is the container isn't starting. We may need to see if the container doesn't start after some time. Then systemd will stop the container and possibly retry."),(0,me.kt)("p",null,"This request came from security-oriented customers. They want the user to get on, but only to see pertinent data to them. They've used Selinux in the past, but an ls command in that environment might show them file names they shouldn't see. With a container, you can limit the scope of files they could see. Better feel than being able to see all, but get blocked from parts of it."),(0,me.kt)("p",null,"This will be a command under Podman, so it will be under the github.com/containers/podman, not likely to be a separate project."),(0,me.kt)("h3",{id:"storage---allow-layers-to-be-split-across-multiple-files-1320-in-the-video---anders-bjorklund"},"Storage - allow layers to be split across multiple files. (13:20 in the video) - Anders Bjorklund"),(0,me.kt)("p",null,"Question from the previous Podman meeting, about support for ",(0,me.kt)("inlineCode",{parentName:"p"},"ipfs://"),"."),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("a",{parentName:"li",href:"https://github.com/containerd/nerdctl/blob/main/docs/ipfs.md"},"https://github.com/containerd/nerdctl/blob/main/docs/ipfs.md")),(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("a",{parentName:"li",href:"https://github.com/containerd/stargz-snapshotter/blob/v0.10.0/docs/ipfs.md"},"https://github.com/containerd/stargz-snapshotter/blob/v0.10.0/docs/ipfs.md"))),(0,me.kt)("p",null,"I think there was some Podman version of estargz, maybe it was zstd:chunked ?"),(0,me.kt)("p",null,"Dan thinks we can handle this, but we need more work on the file system. Dan is for it, but would like Giuseppe Scrivano to take a look at it."),(0,me.kt)("p",null,"THere was a change to containers/storage by an outside of Red Hat contributor, but it wasn't completed. There were problems with the fuse file system, and the folks working for Red Hat weren't able to prioritize tracking down the issue."),(0,me.kt)("p",null,"Side note: here was the project mentioned briefly, which works in the kubernetes context for mirroring images from the registry ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/XenitAB/spegel"},"https://github.com/XenitAB/spegel")," (probably more for CRI-O)"),(0,me.kt)("h3",{id:"podmanio-demo---2158-in-the-video---ashley-cui---20"},"podman.io demo - (21:58 in the video) - Ashley Cui - 20"),(0,me.kt)("p",null,"Ashley showed the new website. Showing the options. It just went to v1.0 this week, in preparation of Red Hat Summit. The site is a combo of Podman Desktop and Podman, with the feel of Podman Desktop."),(0,me.kt)("p",null,"You can download either the CLI or the Desktop from the page. It detects the OS you're on and gives you the right choice (Mac, Windows, etc)"),(0,me.kt)("p",null,"Anders thought it might sense to not call it CLI, but perhaps Podman Engine. The download will have the engine to run, and CLI is part of that, but it could potentially be separate too."),(0,me.kt)("p",null,"Ashley thinks more documentation here on this download page to clarify things."),(0,me.kt)("p",null,"Happy to take contributors!"),(0,me.kt)("h3",{id:"githubcomcontainersappstore-2945-in-the-video---dan-walsh"},"github.com/containers/appstore (29:45 in the video) - Dan Walsh"),(0,me.kt)("p",null,'Just an idea, an area for examples on how to use different tools. Docker has "awesomecompose" to get compose examples. We\'ve been pinged for a site similar to that one.'),(0,me.kt)("p",null,"We have created the github.com/containers/appstore and have opened it up to people to add their examples. I.e. how to run mariadb inside of Kubernetes. We'd probably want to eventually set up a CI/CD system to test the scripts that are submitted to make sure they don't break, or age out."),(0,me.kt)("p",null,"Chris Evich thinks renovate can help with making sure the scripts are still viable."),(0,me.kt)("p",null,"Mark Russel has a contact, George, who has been wanting to do this and has a collection he would like to drop stuff in."),(0,me.kt)("p",null,"The problem this team in Red Hat has is were' container tool experts, not necessarily container creators/maintainers."),(0,me.kt)("p",null,'Dan wants to make sure that the apps that are dropped will actually be useful for real-world environments. Not necessarily just "Hello World".'),(0,me.kt)("p",null,"The issue is as priorities change, a contributor might not keep the app up to date. We'll need to be able to easily track the maintainer and the last time they updated the app, and also revision control. It would also be nice to be notified when an app that you grabbed gets updated later."),(0,me.kt)("p",null,"Chris thinks this is possible via renovate."),(0,me.kt)("p",null,"The project has been created. ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/appstore"},"https://github.com/containers/appstore")),(0,me.kt)("p",null,"Dan was thinking about creating directories for quadlet and Kubernetes."),(0,me.kt)("h4",{id:"open-discussion-4200-in-the-video"},"Open discussion (42:00 in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"When should you use pass-through versus journald should be used? Dan thinks pass-through is better aligned with systemd (Tom check). Across the board, Lance has defined journald for all, and wanted to know if Podman was trying to default to something else? Dan thinks it should not.")),(0,me.kt)("p",null,"Pass-through will send to stdin/stdout via systemd. It was done to integrate better with the journal log driver. If you use pass-through, podman logs gets disabled, so it's like not logging. But you get better integration with the journal."),(0,me.kt)("p",null,"If Podman goes away while being run with systemd, conmon will write to the logs."),(0,me.kt)("h3",{id:"next-meeting-thursday-june-15-2023-1100-am-edt-utc-5"},"Next Meeting: Thursday, June 15, 2023, 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h2",{id:"possible-topics"},"Possible Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"ipfs integration into Podman - Anders Bj\xf6rklund to kick off"),(0,me.kt)("li",{parentName:"ol"},"Mark Russell's contact George for appstore")),(0,me.kt)("h3",{id:"next-community-meeting-tuesday-june-6-2023-1100-am-edt-utc-5"},"Next Community Meeting: Tuesday, June 6, 2023, 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h3",{id:"possible-topics-1"},"Possible Topics:"),(0,me.kt)("p",null,"None Discussed"),(0,me.kt)("p",null,"Meeting finished 11:52 a.m."),(0,me.kt)("p",null,"Raw Meeting Chat:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Daniel Walsh10:59\u202fAM\nToday is a holiday in a lot of Europe. Ascension Thursday\nYou11:03\u202fAM\nMeeting Notes: https://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nPlease add or correct as we go along.\nDaniel Walsh11:42\u202fAM\nhttps://github.com/containers/appstore\n")),(0,me.kt)("p",null,"Raw Google Meeting Transcript:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Tom Sweeney: Okay, the recording seems to be working at this point in time. So welcome everybody to the Quad man community the ball meeting. The meeting that we generally talk about future design decisions and topics along those lines. Rather than demos, the demos meetings are generally held during the community meetings, which will be coming up. In June, I think it's June second. We'll talk about that later on today. For today we've four topics lined up. We have talked about container sage being led by Dan and Lokesh, We have another topic about storage allowing lawyers to be split across multiple files and Anders thanks for joining today. I know it's a holiday and all where you're at\n\nTom Sweeney: And I thank you started at this point and then we'll be talking about Podman.io. We've got some very exciting, new changes going on there and there are more Maureen is going to be talking about and then Dan's gonna be talking about the App Store on the containers project so given all that. Oh and you know put a link to the Hack MD, I'll be taking notes during the meeting today in hackham day. If you have any I think that add that I've messed up or you want to add a link or anything like that. Go ahead, please do it. There. And I'm trying to check on. The moment here. Given all that. I'm going to start it off with general location. I'm not sure who's doing the talk. This one for the container sh Yeah, yes.\n\nDaniel Walsh: Yeah, I guess. Who I'm getting feedback.\n\nDaniel Walsh: Are the people getting it? All right, the Echo, one way. So I don't have any presentation on it right now. And Lokesh myself and some people from the SC, Linux team have been working. as a side project on the, an idea, what we calling Pod, Man Shell And what this basically is. Will be an enhancement to podman to allow. you to configure a shell account or login account with a shell of podman shell, which would automatically Inject a user into a. Container, when it lies into the system. So think of it like a hunting pot environment, What we're trying to do is to do it as\n\nDaniel Walsh: Part of, you know, just a link off of Pod man so it won't be a new executable and that we're all gonna be taking advantage of quadlet to define a user container for that user. So imagine you create a container, a quad that podman Sheldon, quad that\n\nDaniel Walsh: Not die container. I mean you define which image you want to use it to be injected into what Cgroups you want them to be controlled fine, with what volumes, you want to make available to the user inside of the environment. Then when the user logs onto the system, he would automatically get he or she would automatically get injected into the container and be locked down With that. The container would have any rights that you wanted to expose the user. The reason we, we've had a couple of government type\n\nDaniel Walsh: Customers that have come in and talked to us about how they would like to be able to use some container technology to actually control uses that allowing into the system. So, you can imagine a, You have a sort of a system with lots and lots of data on it when you, but you want to give a use either a shell account, so he gets onto the system and only able to see certain directories on the system. Another way another idea would be You want to set up sort of more like Toolbox where you would log on to a system and have an entire suite of tools available to you, that will be different than other users logging into the system onto the same system, but have, you know, constant data that you could use to do it?\n\nDaniel Walsh: So, I think it's a fairly small enhancements to pod to Odd, Man, and most functionality, we found the most of functionalities available. Now in the system, just by using system D to start up a service for the user. And then just basically getting a pyramid exact into the into the show into the container that you're going to create. One issue we're having right now is a timing issue in that. I think there's a bit of a race condition because really what we want to have happen is when the user ssh is into the box, this container gets started. For the session. And then I think, We haven't quite figured out how to wait for the shell. For the container to get up and running before you try to exact into it. So if part Man shell\n\n00:05:00\n\nDaniel Walsh: Execs in right away. Then the shell might, the container might not be up and running at the time. So it was a race condition, the beauty of using system need to manage these. The actual containerized service is that System D will keep track of all sessions. So if you logged into the system multiple times, Um then system legal maintain the service running until you log out of all sessions and then we kill off the container. So anyways, we've talked internally about this and this is the first time we're really talking about it externally. Does anybody have any questions?\n\nBrent Baude: Dan on the problem of the container starting, that the racy part could you define a basically a bogus Dependent container and\u2026\n\nDaniel Walsh: Yeah.\n\nBrent Baude: weight on that one.\n\nBrent Baude: so, it would be Essentially,\u2026\n\nDaniel Walsh: I think.\n\nBrent Baude: you'd wait on what you'd wait on one, but you're really just using it as a indicator for the other.\n\nDaniel Walsh: well, I think the problem is apartment Shell is gonna I think this I think when you log into the system, Lokesh you, you've experienced this, right? You talk about it.\n\nLokesh Mandvekar: Uh yeah. So what the one thing of notice was if I rerun the setup, I often end up with no such Container image. Sorry no such container.\n\nDaniel Walsh: Right.\n\nLokesh Mandvekar: So And I also see a bunch of SC Linux messages about non-existent keep yourself. So, I'll figure that.\n\nDaniel Walsh: Yeah, and I think what's happening is when you log into the box as you log in System D realizes you're creating a new session. It starts the session then starts the container, but simultaneously at podman cell is running. so, I think what we need to do is to have Quad man, Shelby smart enough to retry for some period of time. you know, basically do a fallback until the container is actually exists. would be the most saying, but only do it for, you know, 10 seconds or something, I don't as we might be something that we have to configure, but\n\nBrent Baude: We do that basically a back-off as well with other stuff\u2026\n\nDaniel Walsh: Right.\n\nBrent Baude: where you know, you try and 250 milliseconds and then 500 and then one second. Yep.\n\nDaniel Walsh: Good. I think I think we do that and then it's a container doesn't start for a certain amount of time then. You know, kill the shell and drop out. I think that. but,\n\nDaniel Walsh: Any any other comments questions? Thoughts.\n\nBrent Baude: What's the primary? You know, jumping up and down. User.\n\nBrent Baude: Use case, if you will.\n\nDaniel Walsh: so, the users that first brought this up or were basically, real heavy security people who wanted to A traditional use case for um, these type of customers is that they allow a user to get onto a system that has data, that's at multi-level, so top secret data, secret data, and they want to allow the user to get on to the system and then only able to view, say, secret data and\n\nDaniel Walsh: um, traditionally they've done this with Essie Linux, but the problem with SEO Linux is that if the user just does standard commands, like LS of an environment, he's likely just to get at or ABC generation on places that he shouldn't be looking at and so becomes very complex because I like to say is a essay Linux is complex because we give you in a view of everything in the universe and then\n\nDaniel Walsh: We basically say, You know, why you're looking, you know, basically SEO is gonna say why you're looking here, why you're looking it while you're looking here, and with containers, we give you a view of almost nothing of the operating system. And then we just start opening up windows to the up the operating system through volumes. And so becomes a lot easier for people to say, You know, okay, you can get on my system. But the only thing you can see is this directory on my system. And that becomes, That's a lot more human understandable than you get. On my system, you can see everything. And then I start to block you from looking at parts.\n\n00:10:00\n\nAnders F Bj\xf6rklund: I remember we had a FTP server and when we went to Not to the same option of ftps but to Sftp, then we then we ended up running shells where you previously were just sewing files. So so that that was the use case back in the day with a custom shell,\u2026\n\nDaniel Walsh: Right.\n\nAnders F Bj\xf6rklund: that only allowed you to visit certain directories and run certain commands. That sftp. So, that could be.\n\nDaniel Walsh: Yeah, right. I mean, 10 to 15 years ago, I talked about Doing some stuff with Etsy, Linux around guests. And next guest and I just used to talk about how you could You know, imagine like you asked Machine at a at a library where you come in and Basically, will allow you to Web browsing and\n\nDaniel Walsh: You know, going. Use the printers and things like that, we'll be really nice of that. Everything you did while you were in that web, browser was destroyed. When you logged out and that, that could be a use case for someone like this as well. Where you would, you just set up a container that Allows you to do whatever you want but as soon as you log out of the system, you know, the container gets destroyed. So imagine a container that's still in a dash dash RM. So, all the content was was cleaned up after you got out. So, If you did something stupid like do online banking and have secrets stored by the Web browser and at least it would be destroyed.\n\nDaniel Walsh: And I mean, there are decent amount of use cases for something like this. I believe,\n\nTom Sweeney: some more people can look at,\n\nDaniel Walsh: Not yet. Who are not we're not trying to make this as fully separate projects from Podmin. I think it's a I think it's an enhancement department, just another command that probably can use, so my goal would be to To write documentation in pod, Man, how to do it. And Just have the command put on a system so it'll be a pod man. Shell Which is probably in shell, it will just be a symbolic link to Bod man and Maybe it'll be a sub package but I don't want to get into a whole separate project for this. because again, it's just gonna This is just something that Pod man can do.\n\nDaniel Walsh: You just have to create the Quad button.\n\nTom Sweeney: Great. Any other questions or comments?\n\nDaniel Walsh: We sometimes call it Container Shell but I've been calling it podman Shelton more recently. So Hopefully in it when we get together and do demos, we can demo it in a few weeks.\n\nTom Sweeney: That be good a couple weeks away. Um all right, even that I and the time I think I'm going to hand it off to it on Anders for the storage talk.\n\nAnders F Bj\xf6rklund: Yeah. So we had a previous meeting where I'm also asking a question, but we didn't have time for any answer, so I guess I will just ask it again. It was really about two separate. Features one is called lazy pulling where you divide a big layer into I mean, without breaking compatibility. You can divide container layer into Sub. Files, so that you can start the container without pulling all of it until it's needed. And related to that was the other question of peer-to-peer distribution of images without having to always pull it from the central registration.\n\nAnders F Bj\xf6rklund: And I guess it's would be a question for containers image, or I mean, Portman would just use the storage.\n\nAnders F Bj\xf6rklund: Object. So there's some support about anything in container D. That's why I was asking if there's any like OCI work or if it's anything that could come to. Podman on those.\n\nDaniel Walsh: Yes. Um Giuseppe's, not here, not. I believe that this\n\nDaniel Walsh: We see if I can ping Giuseppe on this. Use around early, but I'm\n\nTom Sweeney: Yeah, thank you.\n\nDaniel Walsh: forgot.\n\nTom Sweeney: Son Holiday today.\n\nDaniel Walsh: The, I believe we have some, we can handle this. From what we don't have right now is you need a fuse file system to make this thing work.\n\n00:15:00\n\nAnders F Bj\xf6rklund: Yeah.\n\nDaniel Walsh: Because the basic idea is you go. To run an image and container storage would say the image exists. And then you go, now you read Use a bin foobar and as soon as you execute, you've been full bar. The. underlying fuse file system would reach out to the registry and say Okay I need use of infobar and then User been full power. Would pull down say it needs G loop C. You pull down to your love C. And Continue on through the entire stack. I know that the person who wrote that originally are someone worked with, it opened up, pull request to get features like that into container storage. But I don't think anybody ever finalized it by putting in, you know, somehow getting the\n\nDaniel Walsh: The underlying file system to do it. And my mind it would be best to enhance. Fuse. Overlay to Be able to handle it, but it's not something that anybody at Redhead is has worked on at this point. The reason we haven't really looked at it is because the latency problem, but I I think it is a reasonable issue. We've always referred to constant. So, try to avoid the latency where you'd have an application up and running. For a little bit and then also just go into a pause mode when it's downloading. gigabytes of state and\u2026\n\nAnders F Bj\xf6rklund: Right.\n\nDaniel Walsh: as opposed to downloading everything and then you don't have any latency.\n\nAnders F Bj\xf6rklund: Okay. Yeah. So\n\nDaniel Walsh: So I I would say I'm all for it. I'm all for us getting this into the upstream project. but rather than having I I'm not sure what the fuse file system that implements it, but if we get that fuse file system merged somehow into fuse overlay,\u2026\n\nAnders F Bj\xf6rklund: Yeah. Not.\n\nDaniel Walsh: I get it to be you mode if he was overly and we don't have two foul, two fuse file systems for supporting Someone desperate that things.\n\nAnders F Bj\xf6rklund: yeah, and not exactly sure how it's implemented in the snapshot directly as it's calling continuity, but it has this, you need a, You need a special tar format in order to handle these I mean division of the horrified.\n\nDaniel Walsh: but,\n\nAnders F Bj\xf6rklund: So That was us.\n\nDaniel Walsh: It's it's related. Is. I think it's\n\nAnders F Bj\xf6rklund: And I think we had, we had two different versions, right? We had one based on said standard and that compression and we had one based on the older work with the S tar. That, I'm not sure if it was Google or something. So, It seemed to be multiple implementations of the same idea. Being able to hack one tour streaming to It's seekable portions while keeping compression.\n\nDaniel Walsh: I'm going through Google's, all right. contain a storage to figure out who opened up the pull request, but looking for a star right now,\u2026\n\nAnders F Bj\xf6rklund: Yeah.\n\nDaniel Walsh: but It's all just.\n\nAnders F Bj\xf6rklund: now, I think we took there was some talk about it, like previous container plumbing, but not this one. So maybe like you say there are other concerns that are more important, so it's not the most desired feature\n\nDaniel Walsh: yeah, what yeah, I mean I don't I just don't think that\n\nDaniel Walsh: Yeah, I can't find who wrote it now. And do you remember anything about this?\n\nNalin Dahyabhai: I would have to go digging through it as soon as you.\n\nDaniel Walsh: Yeah. But yeah,\u2026\n\nAnders F Bj\xf6rklund: It was.\n\nDaniel Walsh: as I said,\u2026\n\nAnders F Bj\xf6rklund: It was a hero talking about it. So,\n\nDaniel Walsh: I'm you know, it's just hasn't come up as an interest for You know,\u2026\n\nAnders F Bj\xf6rklund: Okay.\n\nDaniel Walsh: that the developers at Red Hat at this point to, to support this and just mainly because of the fuse vial system problem and\u2026\n\nAnders F Bj\xf6rklund: Yeah. Yeah,\u2026\n\nDaniel Walsh: Now we haven't focused on. Yeah.\n\nAnders F Bj\xf6rklund: I run into some similar issues. What while trying to promote peer-to-peer pulling over images and that is You can easily. You can easily set it to allow the private network only, but most peer-to-peer systems are public by default, which means people are terrified. So when you, when you mention an appear to pair is like mentioning Dr. Hub, you tell that to the private really stupid people and\u2026\n\nDaniel Walsh: Right.\n\nAnders F Bj\xf6rklund: they go into defensive mode and then it's for lockdown and everything. but,\n\n00:20:00\n\nDaniel Walsh: Yeah. Similar. We've been talking about that for about eight eight or ten years now. So,\n\nDaniel Walsh: Nothing. Nothing is happened in that front. And sadly,\u2026\n\nAnders F Bj\xf6rklund: Yeah. So\n\nDaniel Walsh: we don't have the people who work in containers imager here, because they're on holiday\u2026\n\nAnders F Bj\xf6rklund: I, Yeah,\u2026\n\nDaniel Walsh: because yeah. So,\n\nAnders F Bj\xf6rklund: I'm also supposed to be on holidays and relate.\n\nAnders F Bj\xf6rklund: Yeah, that's right.\n\nDaniel Walsh: So we can put that. I mean, if you don't mind, we'll put that one on hold for what.\n\nAnders F Bj\xf6rklund: Yes, you can come back to it.\n\nDaniel Walsh: Let's talk about it.\n\nTom Sweeney: Up. Yeah.\n\nDaniel Walsh: Let's talk about it next month. When\n\nAnders F Bj\xf6rklund: yeah, I think Ipfs is quite experimental anyways, so you could probably do with some more maturing That there were also some like halfway solutions\u2026\n\nDaniel Walsh: Yeah.\n\nAnders F Bj\xf6rklund: where you would not hack up the layers, but you would distribute images from your peers. So you you would talk to your peers and then And then see if anyone close to you has the image before putting it from the registry. So, so,\u2026\n\nDaniel Walsh: Yeah.\n\nAnders F Bj\xf6rklund: there were some work, like\n\nDaniel Walsh: Yeah, that would be cool. I think the the issue and they might have with that is how signing and and could you verify the image and make sure it's the Because yeah,\u2026\n\nAnders F Bj\xf6rklund: That yeah, it can assume so private.\n\nDaniel Walsh: the field comes I asked for, you know, the fedora image and someone so I got a fedora image for you. Yeah, take this one. How do you trust it? No.\n\nAnders F Bj\xf6rklund: Yeah.\n\nTom Sweeney: Right, so we're compost bone, that one. So the next meeting then gets more folks here.\n\nAnders F Bj\xf6rklund: Yeah, fun.\n\nTom Sweeney: And thanks for bringing up Anders and keep me honest, I put it on to the possible topics for the next one. I had thought the next one that we're going to do was with Maureen Duffy's and I thought She's gonna be here. So I will just do a real quick talk about it based on what I've seen Ashley here. Ashley, do you want to talk about this or give a quick little\n\nAshley Cui: so, Sorry.\n\nTom Sweeney: Appointment.\n\nAshley Cui: um, I don't have anything prepared, but I guess. Take.\n\nDaniel Walsh: Just demonstrate the website.\n\nAshley Cui: Okay. Let's see.\n\nTom Sweeney: Nothing like putting you on the spot.\n\nAshley Cui: Let me see if I can share the tab for Partner and IL.\n\nTom Sweeney: And while she's doing that, I'll just say that it's gone to be 1.0 officially, as of this morning, we're getting it ready for the summit, for Brent, for next week. So it'll be announced there more officially. She can have. A sneak preview this week.\n\nAshley Cui: Um, so we have a new website Podmanio. It's been it's nice and shiny and it looks very very good but I guess it is brand new. So we haven't gone through, we're trying to go through and take a look at anything that is broken and so we've been kind of taking a look at it, we have a bunch of Links and Other Things. I don't know what else to say about it. Other than it looks really nice but I think there's still a little bit of work that we're doing but if you have some time, feel free to click through it and see what works, what you guys like and what you don't like. And we'll see what we can do about it, I guess.\n\nTom Sweeney: Yeah, and I'll just go ahead and add a little bit more, just basically, it's on Github, container spot. is the old site was if you had happened to Clone that site Prior Appointment.io, it's now point. Automan.io underscore old. So if you try and make an update there, go to the old site and not to the new site so you'll need to reclone if you've cloned prior and please just standard issues, if you have just use a standard issue process, If you find anything go at Adam there and Maureen's been very responsive there for the ones that we found and do know that we've got a couple more. Online in there right now that you need to chase down and hoping to clear those up with the next few days, but happy to get any kind of feedback there and even if it's, you know, This doesn't work so well or Hey, this looks great. At least have.\n\nDaniel Walsh: Like, click on Get started, actually.\n\nDaniel Walsh: Like I wait. Where's the one that title spell how to download because it's going to show. Is that this one?\n\nAshley Cui: so we don't it's just on the front page, we have a little download drop down, I actually Was working on. Hold on. Let me see.\n\nAshley Cui: Let's see.\n\nDaniel Walsh: Because one of the things we we have done is sort of. There's obviously there's podman desktop and then pod man. Main. And and this website is somewhat of a combination of the two.\n\n00:25:00\n\nAshley Cui: Yep.\n\nDaniel Walsh: Because I think general users are just going to look, how do I get Pod, Man on my Mac or How do I get Bod, Man on my Windows box?\n\nDaniel Walsh: For some like Pod man. I think the Linux, she's community is a little more savvy about how you probably gonna get a package on the addition. So, we wanted to make, you know, obvious places, they go to his apartment.io and Um, make it easy for you to find.\n\nAshley Cui: Actually worked on this this morning which is now there's a CLI option so you can download desktop and you can also get the CLI. And so it's kind of a combination, you know, if it tries to point you into the desktop direction, if you want the desktop stuff and then it also gives you option of looking for CLI stuff. Yeah.\n\nDaniel Walsh: And so if you were on a Mac, you would see one that says Downloaded for a Mac I would hope.\n\nAshley Cui: Yeah, so automatically detects what OS you're on, which is pretty cool.\n\nAnders F Bj\xf6rklund: Do you want to promote the podman engine name instead of Podma CLI, which could also relate to podman remote?\n\nAshley Cui: um, sure. I think it might be confusing for people who don't know the difference between podman engine and podman desktop I think CLI. Kind of makes it obvious that this is a CLI tool, but\n\nAnders F Bj\xf6rklund: But but what so, so the primary option is downloading Padman desktop. And then quadman CLI.\n\nAshley Cui: mm-hmm.\n\nAnders F Bj\xf6rklund: Would that be the podman remote for that desktop? Or would it be the one that includes the actual running up containers? Like the full partner?\n\nAshley Cui: I think. It's just podman itself for I guess for Linux.\n\nAnders F Bj\xf6rklund: So, Yeah.\n\nAshley Cui: It is the engine but for Mac and Windows, it would just be a CLI so I guess technically it is. I think we can like change this saying like installed engine using a package manager or something like that, but If that makes it more clear.\n\nAnders F Bj\xf6rklund: Tabs. I was just wondering if yeah, I was just wondering if the Like now Portman desktop has gotten all the\n\nAnders F Bj\xf6rklund: Advertisements, if you want to call it that or my life. So something similar happened to Docker. So I mean, it's only natural. They, they have some kind of product entry for. So, we have a product entry for the Docker desktop, and you have a product entry for the docker engine, which Dumps. You straight into the Linux distributions and how to install on your server type of thing.\n\nAnders F Bj\xf6rklund: something similar could be done for pod money if you want to separate the ones while having like the podmon desk focus here and then you could have like a separate Section for how you install podman on, on your Linux machine and how you run podman, not remotely. But have ironic locally. I mean like the old site if you want to call it back, how are you?\n\nAshley Cui: Yeah. I think we could put more documentation on this stuff.\n\nAshley Cui: And clarify it. Yeah.\n\nDaniel Walsh: Yeah, it's funny. I'm not crazy about the name engine because I don't think I don't think that's a No,\u2026\n\nAnders F Bj\xf6rklund: No, no.\n\nDaniel Walsh: no. You normal user term so It's Eli.\n\nAnders F Bj\xf6rklund: It's you know, now the whole desktop is just\n\nDaniel Walsh: Is I I would prefer to say probably five minutes for Linux, but we're we're starting to blank shed at this point.\n\nAnders F Bj\xf6rklund: Yeah. Okay.\n\nDaniel Walsh: So, yeah, he's least here Icon makes it a little bit clearer\u2026\n\nAnders F Bj\xf6rklund: So, I No,\u2026\n\nDaniel Walsh: but yeah.\n\nAnders F Bj\xf6rklund: no, those are definitely someone else's words and terms. So they are just,\u2026\n\nDaniel Walsh: Yeah.\n\nAnders F Bj\xf6rklund: they are just there to make the transition easier for people if you would start out. From scratch, we will not call it.\n\nDaniel Walsh: yeah, I use I use engine all the time but I'm not sure that you know,\u2026\n\nAnders F Bj\xf6rklund: I think that even the programs this Indian I\u2026\n\nDaniel Walsh: Joe engine is and yeah,\n\nAnders F Bj\xf6rklund: if you're on Portman version, it will tell you. It's and I think so.\n\nDaniel Walsh: Okay.\n\nDaniel Walsh: That's good.\n\nTom Sweeney: Right. Yeah it does look good. Actually thank you for doing well with that. Given how much time you have to prepare?\n\nDaniel Walsh: And if anybody from community wants to contribute, we'd love to have contributions. You don't have to be. Engineer to contribute to that website.\n\nTom Sweeney: Yes.\n\nDaniel Walsh: So this this is actually Just an idea. We haven't done much work on it yet, but\n\nDaniel Walsh: People have been asking us for examples of how to use. Different tools and darker has this thing called awesome compose. And a lot of people go to awesome compose to get darker composed examples so they can sort of take and then hack on. So, a few people have been paying us about. Could we have some kind of Site like that. And I think the obvious thing for\n\n00:30:00\n\nDaniel Walsh: For us to work on would be to first grade aside and then allow people to start to contribute, say either Kubernetes Yaml files or quadlets that people might want to experiment with. So the idea was to set up, get up containers slash App Store. And then steps to sub directories underneath it, where people could start opening up. Poor request to get their favorite. you know, variant on\n\nDaniel Walsh: You know, how they want to run their WordPress inside of a quadlet, or how they would run, you know? Base Inside of Kubernetes. Now what we want to have, if we start to build out this, we probably need to have some kind of cicd system where we would continuously test. All the quadlets and Yaml files that are available against, you know, a versions of Pod man, to make sure that they continue working and then If stuff becomes stale and old, then we have to get rid of it. I think the fair with something like this is, is one stuff gets old and crusty and I also worry about, if we had image that people are putting versions of images into their examples,\n\nDaniel Walsh: People start to pull down images that the two or three years out of date. And how do we do? So It's I think we've talked about this internally. Chris is pointed out that I think renovate can actually help us out a little bit with that secondary problem and that it could go through a win actually update. Of images or open, a pull request to update version of images. So,\n\nDaniel Walsh: I just opening up to have. Anybody have any ideas or thoughts on this?\n\nBrent Baude: I do. I spoke to someone that Mark Russell. Had. been speaking with, I think they actually know each other from canonical. And the gentleman's name is George.\n\nBrent Baude: I think it's George Castro. And George has been proposing to Mark that this exact concept. Minus quadlet. Needed to get done and was looking for a home. to put all of us, he evidently has oodles of the stuff already done. And I spoke with them about an hour and 15 minutes basically. He just, He wants to do what we've we're meeting and wants a spot. Put it. That somewhat associated with containers.\n\nBrent Baude: He was going to reach out the Tom to actually get on the schedule for today, but He must not have been able to, in the short order.\n\nBrent Baude: But I think the next thing it is just having come talk. About what his ideas and\u2026\n\nDaniel Walsh: See.\n\nBrent Baude: What? He's got already.\n\nBrent Baude: And he he's looking for us just like simple.\n\nBrent Baude: It there's some stuff he hasn't figured out like you know, container wise and there's some stuff that, you know, could go this way, could go that way. He's just looking for Tyree. And advice.\n\nDaniel Walsh: Yeah.\n\nDaniel Walsh: Then we can get chat GPT to just start generating these things for us.\n\nBrent Baude: well, I think the problem that this team has Is we are?\n\nBrent Baude: Container cools. Development. And that's fundamentally different than container service or container. Creation.\n\nDaniel Walsh: Right.\n\nBrent Baude: And We probably all have our little pet projects. I'm guessing none of us are my sequel. Experts or, you know, we can get nginx running but just enough to serve a file. so,\n\nDaniel Walsh: I can get in a patchy Web server up and curl to it, and that's about it.\n\nDaniel Walsh: And basically none of us are real good systems. Yeah, at least that's not I call function.\n\n00:35:00\n\nBrent Baude: Right. So again, at my vote, I'd like to the deeper dive with George and You know, spin them off and get gone.\n\nDaniel Walsh: Yeah.\n\nDaniel Walsh: I think.\n\nBrent Baude: And it sounds like yes,\u2026\n\nBrent Baude: time bit to this.\n\nDaniel Walsh: Yeah. It'd be nice\u2026\n\nDaniel Walsh: if someone went through all of awesome, awesome compose and Wrote equivalent applications and Kubernetes YAML files. And That could run with part men. I'm trying to make sure that they don't become a General Kubernetes Yaml drop site because it might be lots. And lots of stuff that podman can't handle. That's why I like the idea of Verifying that the applications would actually ride with, but man.\n\nBrent Baude: indeed and I I know fair amount of those Apps, if you will, that are in awesome and some of them don't do anything. That just like Hello World type stuff.\n\nDaniel Walsh: Right.\n\nBrent Baude: so I think ideally what you're looking for is Put your gunk in this volume and then make sure it gets mounted.\n\nDaniel Walsh: Right.\n\nChristopher Evich: I'm guessing. That probably. Writing tests for these things. It's going to be equal to if not harder than developing them in the first place. Especially the,\u2026\n\nDaniel Walsh: Yeah.\n\nChristopher Evich: what the, what that stuff. I mean if it's simple things like curling from URL, using my SQL client to connect to A I see how container with that. Kind of stuff can probably do, but I think more complex. Can get challenging.\n\nDaniel Walsh: Yeah. but I I just start a service and then a five minute inspected to make sure that you know, the the stuff that you thought was gonna be creative, got created, then\n\nChristopher Evich: Yeah.\n\nDaniel Walsh: again, when I'm hoping, is that, if we start getting these things and images start disappearing that week and easily clean out, Applications as sort of disappear from the base of the planet, right? People's priorities change and they're not going to necessarily maintain their own. Applications that get donated to the site.\n\nBrent Baude: There's there's also this question of You know, do you tag it? Like let's say you're gonna do You know, my sequel or something? Do you\n\nBrent Baude: You know. But there's a fair amount of variety that could occur whether you depend on. Building the image. My sequel image, Do you start at like the winter level and then all the way up? Or do you grab them and use my sequel? And then how does the the versioning work because if you if you go latest, then your subject to failures in which something inside the image changes, which, which puts ed into orbit,\n\nBrent Baude: Or you say tag it to a particular version and and now you know, you have to go update that at some point.\n\nDaniel Walsh: Yeah, I mean that's what also something we have to worry about with the Cicd system. Again we're all channeling it here because in those there's nothing more unstable than container registries as far as Cicd systems. So, You know, if if 75% of the time that Test suite. Blows up because it couldn't pull down and some random image and You know, we're never gonna get it successful Testro.\n\nBrent Baude: the other little, Treat here would be that also if I was a consumer of that. Stuff. I don't think I'd want something pointing to latest either.\n\nDaniel Walsh: Right.\n\nBrent Baude: but I would like to be notified when You know, a new image comes up. In case it was security.\n\nChristopher Evich: Renovate can run away. Runaway can handle that pretty elegantly. There's You can set up regular expressions. That can extract version numbers. And it'll And then basically give it a source of where those versions come from and it'll open up yours when it finds a new one. There's also a way you can do kind of a more generic thing. That's probably more user friendly. where you set up a regular expression that searches for a comment, a special comment that says You know, get the versions from the source, use this type of versioning and the other options like that. That's probably easier. Then it's just adding this stuff is just you know, somebody putting a comment into their Code. And Renovator pick it up automatically.\n\n00:40:00\n\nDaniel Walsh: So, it seems like I think I've already created the the website. Containers. App Store. Just make sure it's\n\nDaniel Walsh: It's nice and blank right now. Has a license in a one-line. Text.\n\nDaniel Walsh: I do that a week ago and then forgot about it.\n\nTom Sweeney: Can you add a link to the chat?\n\nDaniel Walsh: I will.\n\nDaniel Walsh: My goal was to create two subdirectories underneath. It one called Kubernetes and one called What?\n\nDaniel Walsh: Github will not let you create empty directories and then check them in. You have to put content in the directories and I didn't have any content and then, Some of the sparkly light went off. And I went chasing after. Whatever. That was so.\n\nTom Sweeney: Know, did you just drop a green beans? Each Just a real quick, read me.\n\nDaniel Walsh: Could I drop could I drop one?\n\nChristopher Evich: It put a dot and put a dot MP file in.\n\nTom Sweeney: Yeah. And in the directors you want to create just put a little readme at the top.\n\nDaniel Walsh: Law. Okay, that would have been nice. But now that I have this site up You can open up a pull request to do that.\n\nDaniel Walsh: Want to become Sawyer. I want you to paint my wall. White wash my fence.\n\nDaniel Walsh: I guess we can open up the general discussion at this point.\n\nTom Sweeney: There's any questions topics that anybody has?\n\nLance Lovette: I've got one.\n\nLance Lovette: so, I've been curious that the past through log driver, It's not really clear to me when I should or would want to use that as opposed to Journal D. or if Pod Man selects a default based on where it's running,\n\nLance Lovette: At the moment, I specified Journal. D explicitly and I'm wondering if As I went down this rabbit hole where Kanman takes standard by default, well, it takes standard air and marks it red in the logs and python logs, right? Everything to standard air. So everything that Python writes shows up. In red said, I went down this rabbit hole, figure that out, and then I change this law and I figured out the issue but I was like maybe I should be using pass through instead of journal D. So anybody have any Direction or guidelines on how to decide one or the other.\n\nDaniel Walsh: I take. I take the goal of pass through is that if you're running it underneath this as a systemd service, and pass through will allow you when you do a pod man system d status, you'll be able to see it right in the Be a system D, right? And then if you run journal, you'd have to use Pod, Man command or a journal to, you wouldn't see it as part of the outputs, the unit file. I believe it's what the difference is.\n\nLance Lovette: Well, you, I believe you do. I mean well, Because I'm doing Journal D, now. And that everything, you know, journal controlled at Jeff shows everything, it all gets tagged with the with the proper.\n\nDaniel Walsh: But are you doing it on the unit file or\u2026\n\nLance Lovette: Variables.\n\nDaniel Walsh: you're doing it of the container level?\n\nLance Lovette: Well, I both I run it in the like when I run it standalone, it's I use log driver. And then when you do make system D, it captures that.\n\nDaniel Walsh: But doesn't do it.\n\nLance Lovette: So so my container. Yeah.\n\nDaniel Walsh: Does it switch to pass through at that point?\n\nLance Lovette: No, I mean not. I'm Yeah,\u2026\n\nDaniel Walsh: It's the journal? Yeah. Yeah.\n\nLance Lovette: so across the board I especially specify Log Driver Journal, D, You know, does pod men do something under the covers like Oh hey, I'm a system D service. So let's use pass through. I can't say\n\nDaniel Walsh: No. No, it does it, I don't believe it does. Matt, The original version of Quadlet was attempting to do that. I believe and I think that's all been revoked, but\n\nLance Lovette: Because I don't know what Journal D. Or what system D. Does with outputs, like I have a dove into it enough to live like are they somewhat equivalent? Like if you're if you're using all generally driver, it's still sticking in the journal and if you do it through system D, it just attaches. Standard out to the journal, like I haven't really dug into that. So it may be equivalent. when it's running under system D, then it may be a, you\u2026\n\n00:45:00\n\nDaniel Walsh: Then. But that wouldn't make that would not make sense of that passed through.\n\nLance Lovette: one of the other\n\nDaniel Walsh: That I thought pass through just meant right to stand it out standard error and all inside a unifile. But I might be mistaken. Matt, do you know?\n\nMatt Heon: That is definitely the intention pass through is basically it will have CON monologue directly to standard out standard error and since Systemd is monitoring commodity will print it directly to the journal? The intention Giuseppe is the one who added it. So I don't want to speak for necessarily because I'm not a hundred percent of why it's there, but I believe the attention was better integration into what they call it better integration with podme and inside a System D unit in certain circumstances but I'm not completely aware of what those circumstances are. There's also happened in a much earlier time at the life of the journal log driver At that point we were not well integrated with basically the journal log driver was not logging to the same.\n\nMatt Heon: You get logs, but they wouldn't show up as the associated with the unit in question, I think that has been fixed since. So it might be that some of the reasons we're using it to have gone away, I will say it, certainly simpler than the Journalty log driver and probably a lot more performance.\n\nDaniel Walsh: Yeah, I think that one of the problems would pass through is that if you do a pod, man logs then you don't see it anymore, right?\n\nLance Lovette: All right, well, maybe I'll play around with it and\n\nDaniel Walsh: But the most most likely Lance what I would say is, if you like it, what? Journal D. I would stick with General Day and not just pass through because when that Would my only thing is is if I do a status of the unit file or journal control dash u of the unit file. Do I see the the data that's coming out of the container? You know,\u2026\n\nLance Lovette: Right, right? Because now I'm trying to think.\n\nDaniel Walsh: then I would if that works with journal journal, then that's, that, probably all you really care about. So, I would just\u2026\n\nLance Lovette: Right. Yeah,\u2026\n\nDaniel Walsh: because then part\n\nLance Lovette: because I guess I guess there's some interaction with Kanmon there. Yeah, I'm not sure\u2026\n\nDaniel Walsh: Yeah.\n\nLance Lovette: who exactly is tagging. Entries with all the variables that toddman attaches.\n\nDaniel Walsh: Could you basically when you run Pod, man as a When you run pod man inside of System, D unit file and podman goes away. What system D is watching is konmon\n\nDaniel Walsh: if cotton on outputs any standard out, a standard error, that's sort of what a traditional service would do. Instead of a system to unit, follow if Con Mohan is writing directly to the journal, Then, I'm not sure if you see that, you see the same behavior, as if it was right into, stand it out and standard error. That, that would be my question.\n\nLance Lovette: Right. Yeah, it's interesting. Yeah, I mean yeah, like I said, me at the moment I get I kind of got once I fixed the Python syslog thing. It's working the way I like it to. So All right,\u2026\n\nDaniel Walsh: Yeah. We're all about flexibility here, but\n\nLance Lovette: good. yeah, all those play with it and it probably is like I said journal D's been around a while so probably some of it's been Alleviated in the last couple of years. Thanks.\n\nDaniel Walsh: yeah.\n\nTom Sweeney: Okay, any other questions or discussions? And close to the end of the meeting.\n\nTom Sweeney: I'm not hearing anything, so I'm just going to give a quick reminder for our next meetings. Our next community meeting is on Tuesday, June 6th. So that's just around the corner a couple weeks from now right after holiday in the US and then our cabal meeting will be on June 15th. And both of those meetings will be at 11, a clock. June 15th is Thursday in the Community Institute Tuesday. And so, for puzzle topic, we already have two lined up. One is the IPSS integration that Anders was talking about earlier. And then also, some more talks about the App Store. If anybody has any other topics, please let me know. These are through the hacking, these scripts, we're hacking deep site or by saying me an email, so any other questions or comments before I turn off the recording here?\n\nTom Sweeney: Right, well then, thank you for coming today and turn off the recording.\n\nTom Sweeney: and it is stopped anything you want to say before without being recorded,\n\n00:50:00\n\nTom Sweeney: Silent group about. Let's go to lunch dinner. Enjoy the rest of my holiday. If you're in Europe. Right. All thanks.\n")))}Ro.isMDXComponent=!0;const Jo={},Oo="Podman Community Meeting Notes",Fo=[{value:"June 6, 2023 11:00 a.m. Eastern (UTC-5)",id:"june-6-2023-1100-am-eastern-utc-5",level:2},{value:"Attendees ( 40 total)",id:"attendees--40-total",level:3},{value:"Topics",id:"topics",level:3},{value:"Meeting Start: 11:04 a.m. EDT",id:"meeting-start-1104-am-edt",level:2},{value:"Video Recording",id:"video-recording",level:3},{value:"ChRIS project running in Podman via Podman desktop",id:"chris-project-running-in-podman-via-podman-desktop",level:2},{value:"Jennings Zhang and Rudolph Pienaar",id:"jennings-zhang-and-rudolph-pienaar",level:3},{value:"(1:20 in the video)",id:"120-in-the-video",level:4},{value:"Podman Desktop v1.0 Update",id:"podman-desktop-v10-update",level:2},{value:"Stevan LeMeur",id:"stevan-lemeur",level:3},{value:"(30:25 in the video)",id:"3025-in-the-video",level:4},{value:"Podmansh Demo",id:"podmansh-demo",level:2},{value:"Lokesh Mandvekar",id:"lokesh-mandvekar",level:3},{value:"(41:29 in the video)",id:"4129-in-the-video",level:4},{value:"Podman v4.6 Demo",id:"podman-v46-demo",level:2},{value:"Matt Heon",id:"matt-heon",level:3},{value:"(44:47 in the video)",id:"4447-in-the-video",level:4},{value:"Open Forum/Questions?",id:"open-forumquestions",level:2},{value:"(50:06 in the video)",id:"5006-in-the-video",level:4},{value:"Topics for Next Meeting",id:"topics-for-next-meeting",level:2},{value:"Next Meeting: Tuesday, August 1, 2023, 11:00 a.m. Eastern (UTC-4)",id:"next-meeting-tuesday-august-1-2023-1100-am-eastern-utc-4",level:2},{value:"Next Cabal Meeting: Thursday, June 15, 2023, 11:00 a.m. Eastern (UTC-4)",id:"next-cabal-meeting-thursday-june-15-2023-1100-am-eastern-utc-4",level:2},{value:"Meeting End: 11:59 a.m. Eastern (UTC-4)",id:"meeting-end-1159-am-eastern-utc-4",level:3},{value:"Google Meet Chat copy/paste:",id:"google-meet-chat-copypaste",level:2},{value:"Raw Google Meet Transcription",id:"raw-google-meet-transcription",level:2}],Go={toc:Fo},Uo="wrapper";function Yo(e){let{components:t,...n}=e;return(0,me.kt)(Uo,(0,K.Z)({},Go,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-meeting-notes"},"Podman Community Meeting Notes"),(0,me.kt)("h2",{id:"june-6-2023-1100-am-eastern-utc-5"},"June 6, 2023 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h3",{id:"attendees--40-total"},"Attendees ( 40 total)"),(0,me.kt)("p",null,"Aditya Rajan, Ashley Cui, Banu Ahtam, Brent Baude, Chetan Giradkar, Christopher Evich, Ed Haynes, Ed Santiago Munoz, Gerry Seidman, gideon pinto, Hyuk Jin Yun, Jake Correnti, Jean-Francois Maury, Jennings, Jennings's Presentation, Lance Lovette, Leon Nunes, listener, Lokesh Mandvekar, Lokesh Mandvekar's Presentation, M\xe1ir\xedn Duffy, Mark Russell, Martin Jackson, Matt Heon, Miloslav Trmac, Mohan Boddu, Nalin Dahyabhai, Navaneeth krishna, Nezih Nieto Gutierrez, Paul Holzinger, Preethi Thomas, Rudolph Pienaar, sandip samal, Shion Tanaka (\u7530\u4e2d \u53f8\u6069), Stevan Le Meur, Stevan Le Meur's Presentation, Sungmin You, tasmiah chowdhury, Tim deBoer, Tim Rudenko, Tom Sweeney, Tom Sweeney's Presentation, Urvashi Mohnani"),(0,me.kt)("h3",{id:"topics"},"Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"ChRIS project running in Podman via Podman desktop - Jennings Zhang and Rudolph Pienaar"),(0,me.kt)("li",{parentName:"ol"},"Podman Desktop v1.0 Update - Stevan LeMeur"),(0,me.kt)("li",{parentName:"ol"},"Podmansh Demo - Lokesh Mandvekar"),(0,me.kt)("li",{parentName:"ol"},"Podman v4.5 Demo/Talk - Matt Heon")),(0,me.kt)("h2",{id:"meeting-start-1104-am-edt"},"Meeting Start: 11:04 a.m. EDT"),(0,me.kt)("h3",{id:"video-recording"},"Video ",(0,me.kt)("a",{parentName:"h3",href:"https://www.youtube.com/watch?v=65pE8RhCK5w&t=116s"},"Recording")),(0,me.kt)("h2",{id:"chris-project-running-in-podman-via-podman-desktop"},"ChRIS project running in Podman via Podman desktop"),(0,me.kt)("h3",{id:"jennings-zhang-and-rudolph-pienaar"},"Jennings Zhang and Rudolph Pienaar"),(0,me.kt)("h4",{id:"120-in-the-video"},"(1:20 in the video)"),(0,me.kt)("p",null,"Demo (1:35 in the video)\nShowed a picture of a fetus in a Woman's uterus. Using a lot of niche software to put the project together. It uses a Hybrid Cloud Architecture. Jennings has been using Podman Desktop for working on the project. He's a project that has yaml files that can be used by POdman Desktop. When he uses a Kubernetes manifest, he uses a script to concatenate all of his yaml's into one, and replaces key values within the concatted Yaml, replacing the Podman socket with the value from Podman info. Then the Yaml is fed into Podman Desktop."),(0,me.kt)("p",null,"It does take a minute or two to start due to init time, mostly database related."),(0,me.kt)("p",null,"It creates a number of pods, including the ChRIS pod and a ChRIS UI. It also runs ChRISmatic to do a number of setup items. He showed the Pods in the Podman Desktop and then opened up the ChRIS UI."),(0,me.kt)("p",null,"Within the UI he dispatches containers to Podman, and it goes ahead and runs it for him."),(0,me.kt)("p",null,"The UI interface allows him to build a string to be sent to the Podman socket."),(0,me.kt)("p",null,"The entire ChRIS system runs on Podman Desktop."),(0,me.kt)("p",null,"Brent asked what Podman can do better for ChRIS. So he wants to make sure that containers can be locked down. He'd also like to be able to look into the CLI at the container level from Podman Desktop."),(0,me.kt)("p",null,"A Yaml file is crafted to use as a file to run the project. That's key to them. The other thing of interest is how to deploy models of AI. There's a gulf between the Data Scientist and the Developer. They are working to shrink that gulf, and Podman is helping with that."),(0,me.kt)("p",null,"Stevan liked seeing how Desktop is being used by the project."),(0,me.kt)("p",null,"Jennings rolled back to an earlier version of ChRIS and showed how the Podman interface was used to run it."),(0,me.kt)("p",null,"The old bash scripts were up to 4 or 5K lines long. The YAML pipelines to do a fetal brain study uses declarative Yaml which is easier to comprehend by both Data Scientist and the Developer."),(0,me.kt)("p",null,"ChRIS uses OpenShift for its computing, but unfortunately, their server was down for maintenance."),(0,me.kt)("p",null,"They went from Docker Compose to this setup. Docker Compose was easier due to it being insecure, so great for development. Changing to Podman, they had to deal with the socket rather than the daemon. There were also some initial problems with rootless."),(0,me.kt)("p",null,"Also, the Kube commands didn't respawn as Kubernetes did, so he has to manually restart."),(0,me.kt)("h2",{id:"podman-desktop-v10-update"},"Podman Desktop v1.0 Update"),(0,me.kt)("h3",{id:"stevan-lemeur"},"Stevan LeMeur"),(0,me.kt)("h4",{id:"3025-in-the-video"},"(30:25 in the video)"),(0,me.kt)("p",null,"The last demo Stevan thought was a great use of Podman Desktop."),(0,me.kt)("p",null,"Showed pod view and volume views. Took a container, ran it inside of a pod after creating the pod, then ran it locally with Podman. He was then able to create a new kind cluster, and pushed an image from there into the cluster. He then deployed the pod into the kind cluster."),(0,me.kt)("p",null,"A new set of extensions have been added to v1.0, adding compatibility with Docker, Lima, Openshift Local, and Kind. You can also make use of Microshift."),(0,me.kt)("p",null,"Podman Desktop is available and free now. You can get it from ",(0,me.kt)("a",{parentName:"p",href:"https://podman.io"},"https://podman.io")," and ",(0,me.kt)("a",{parentName:"p",href:"https://podman-desktop.io."},"https://podman-desktop.io.")," You can create issues and contribute on GitHub."),(0,me.kt)("p",null,"Lots of positive feedback at Summit on Podman Desktop."),(0,me.kt)("p",null,(0,me.kt)("a",{parentName:"p",href:"https://developers.redhat.com/articles/2023/05/23/podman-desktop-now-generally-available#why_use_podman_desktop"},"https://developers.redhat.com/articles/2023/05/23/podman-desktop-now-generally-available#why_use_podman_desktop"),"_"),(0,me.kt)("h2",{id:"podmansh-demo"},"Podmansh Demo"),(0,me.kt)("h3",{id:"lokesh-mandvekar"},"Lokesh Mandvekar"),(0,me.kt)("h4",{id:"4129-in-the-video"},"(41:29 in the video)"),(0,me.kt)("p",null,"podmanssh - used in conjunction with quadlet. He showed out to ssh into a demo user on a Fedora machine, and it brought him into RHEL. Open PR: ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/pull/18739"},"https://github.com/containers/podman/pull/18739")),(0,me.kt)("h2",{id:"podman-v46-demo"},"Podman v4.6 Demo"),(0,me.kt)("h3",{id:"matt-heon"},"Matt Heon"),(0,me.kt)("h4",{id:"4447-in-the-video"},"(44:47 in the video)"),(0,me.kt)("p",null,"4.6 and maybe 4.7 out this summer."),(0,me.kt)("p",null,"4.6\nbug fixes, podman machine and qudalet updates. Sqlite as backend."),(0,me.kt)("p",null,"Working on final pieces with Netavark,. For machine two new hypervisors in flight, hyperv in Wiendos, and native mac. Both a WIP at this time, but progress nicely. Needs to get into Fedora CoreOS. A lot of that code will potentially be in v4.6. IOfs working on Apple, relatively speedily."),(0,me.kt)("p",null,"Working our documenting plans"),(0,me.kt)("p",null,"Brent will be looking for testers, but it's not quite ready at the moment due to ignition work that's ongoing and also socket mapping which hasn't been completed."),(0,me.kt)("h2",{id:"open-forumquestions"},"Open Forum/Questions?"),(0,me.kt)("h4",{id:"5006-in-the-video"},"(50:06 in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Experimental storage getting moved forward how to make it happen. Brent needs to look into this further. Gerry said it's deployed and works, he thinks s some documentation needs to be added.")),(0,me.kt)("h2",{id:"topics-for-next-meeting"},"Topics for Next Meeting"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Quadlet Demo - Dan Walsh")),(0,me.kt)("h2",{id:"next-meeting-tuesday-august-1-2023-1100-am-eastern-utc-4"},"Next Meeting: Tuesday, August 1, 2023, 11:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h2",{id:"next-cabal-meeting-thursday-june-15-2023-1100-am-eastern-utc-4"},"Next Cabal Meeting: Thursday, June 15, 2023, 11:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h3",{id:"meeting-end-1159-am-eastern-utc-4"},"Meeting End: 11:59 a.m. Eastern (UTC-4)"),(0,me.kt)("h2",{id:"google-meet-chat-copypaste"},"Google Meet Chat copy/paste:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"You11:05\u202fAM\nhttps://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\nJean-Francois Maury11:16\u202fAM\nThat is awesome\nTim deBoer11:16\u202fAM\n+1\nStevan Le Meur11:26\u202fAM\nSuper cool!\nMark Russell11:26\u202fAM\ntook the words out of my mouth, Stevan!\nLokesh Mandvekar11:27\u202fAM\nquadlet demo might not happen today\ndan's not on the call\nStevan Le Meur11:28\u202fAM\nHave you tried OpenShift Local extension available with Podman Desktop?\nYou11:30\u202fAM\nYeah, no quadlet, Dan sent me a note just after we started.\nBrent Baude11:32\u202fAM\n@urvhashi, can you comment here?\nUrvashi Mohnani11:34\u202fAM\n@brent I stepped away for a min and missed this\nYou11:42\u202fAM\nLokesh, how long will your demo/talk be about?\nLokesh Mandvekar11:42\u202fAM\nmaybe 5 mins\nStevan Le Meur11:43\u202fAM\nhttps://developers.redhat.com/articles/2023/05/23/podman-desktop-now-generally-available#why_use_podman_desktop_\nMark Russell11:44\u202fAM\nawesome update\nBrent Baude11:48\u202fAM\nwe need to do 2\nStevan Le Meur11:54\u202fAM\nTOON of things happening in Podman community right now!!!\nMark Russell11:54\u202fAM\n+1\nPreethi Thomas11:55\u202fAM\n+1\nM\xe1ir\xedn Duffy11:55\u202fAM\n+999\nPreethi Thomas11:55\u202fAM\nlol\nStevan Le Meur11:55\u202fAM\nGet podman up and adopt a seal !!\nM\xe1ir\xedn Duffy11:58\u202fAM\nthanks Jennings and Rudolph for coming :) great preso!!!\nPreethi Thomas11:58\u202fAM\nGrreat stuff\nShion Tanaka (\u7530\u4e2d \u53f8\u6069)11:59\u202fAM\nthanks\nieq-pxhy-jbh\n")),(0,me.kt)("h2",{id:"raw-google-meet-transcription"},"Raw Google Meet Transcription"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Tom Sweeney: The spinning cycles and It Looks Like It stopped. So I will welcome everybody. Today to the Podman Community Meeting Today. Thursday June 6th 2023.\nStevan Le Meur: Krishna.\nTom Sweeney: We have a large list of things to go through today. First thing that we're going to be looking at, is the Chris Project learning and podman via podman desktop from Jennings, Zinc, and Rudolph. Can you Allen? I hope I didn't butcher either of your names there for that one. Matt in, we'll be talking about the problem and 4.5, And then Dan Walsh if he's here, I'm not sure, there's kind of some question about whether or not to be able to make it today, we'll be doing a quadlet demo.\nTom Sweeney: And then the plug-in desktop, 1.0 update will be given my stuff on them here and then a portman sh demo will be given by Lokesh at the end. So we've got a pre-fold day, we will have time for questions if you have some and with all that I think I'm going to just all mine folks that we have a hack MD script, which I'll put a link to in the chat. If you I will be taking notes there. If you see that, I done something badly in the notes, please feel free to Ed and presenters. If you have links or such that you want to make sure that we have, the notes that will be posted later on the website. Please go ahead and add those to the hack. Empty. Yes we go on. So I'm going to stop presenting now and head it over to Jennings. It's gonna be talking about the curse projects.\nJennings: All right. Hi everyone.\nJennings: Alright, so my name is Jennings and I'm supervised by my Pi Rudolph Pienaar together. We're working on the Chris project at the Boston Children's Hospital. And our lab does a lot of research on fetal imaging and also newborn imaging where we use MRI to study very young patients. And so what you see on screen here is an example of what a fetus MRI looks like, while it's still in the pregnant mother seers. To do this kind of research. We need a lot of niche open source software because it's a very specialized division of medicine. And so,\nJennings: What we're working on the Chris project is helping to orchestrate the digital cyber infrastructure to actually be able to run these open source pipelines just to give a brief example of what one of these pipelines may be. We have a fetal MRI processing pipeline, which is going to take all of these multiple in Europe, images of varying quality. It's going to try to use some image processing. Algorithms such as masking and quality assessment to, finally be able to reconstruct these multiple in utero images into one high quality. Cropped volume. And what we can do, with these processed data, is we can try to quantify metrics of the brain. While it's developing in utero and this is what a fetal brain looks like. While it's still developing at 25 weeks of gestational age through 32, justational weeks of age,\nJennings: Using these open source tools. We are able to measure the growth of specific parts of the brain as well. And look at the trends as the pregnancy continues. And so the infrastructure that we have at the Boston Children's Hospital is, of course, we have these scanners. We also have open. Sorry. Not we have Some high performance computing centers. And we also have the office space where our researchers sit and what the crisp project does is it connects all of these things together. Uh, researchers can be at their desks looking at the Chris user interface, and they're able to dispatch computational jobs to both our internal high performance computing center. And we're also able to ship jobs out to our public clouds as well with the hybrid cloud architecture.\nJennings: And so that's a quick demo of or sorry. A quick introduction on what the Chris project is, something that I've been working on recently, is being able to run Chris on podman and especially using podman Desktop So, I'll jump it up.\nJennings: We have a github repository called Minicrisk Eights. And inside of here, we have several Kubernetes manifests aka Yamls and I also have a wrapper script called Minicris.sh. And what this wrapper script is going to do is it's going to bring together these animal files into something that can be consumed by podman desktop. Let's open up carbon and desktop.\nJennings: Alright, here it is. I don't have many containers running, I'm just going to delete the sky.\n00:05:00\nJennings: all right, when you want to run a Kubernetes, Manifest using Podman Desktop It Assets, a single Kubernetes file. I have my Kubernetes manifests organized as multiple Yaml files here. So this wrapper script called Mini Christ.sh is going to do two things. It's just going to simply concatenate all of my Yamls together, and it's also going to perform a said command to just replace some of the values. One key value that it needs to replace. We can take a quick look at it.\nJennings: Yeah, so the function that I'm going to run is going to call be called minicrescat All it's doing is it's going to be concatenating. All of my yaml files and then it's going to be performing a set operation on to these variables. And that's just going to replace the hard-coded podman socket address with what's actually going to be running on my system, obtained from the podman Info command. Let's try that.\nJennings: And it's just going to spit the yellow out to my standard out and I'll type it into a file. And now this file called Chris All-in-one by EML can be loaded into Podman Desktop.\nJennings: As it says here with podman desktop. This Play Queue. Command can take a few minutes to complete. And the reason why is because podman behind the scenes is going to be starting the defined services and deployment sequentially. It's also going to try running in its containers which does things like database initialization and that's going to take a little while Another functionality of my monolithic script over here. Is that it can monitor podmin for init containers. So\nJennings: that finished faster than I expected it to. I was going to say that we can look at what the unit containers are doing, but it seems like everything's up already, so let's just keep going. Yeah. So we can see we have a bunch of pods here we have. What's known as the Cube Pod? And that's our Chris backend. We have PF Khan, which is another Chris service that handles the compute that might be dispatched by Chris. We have the Chris UI which we'll take a look at later. That's our user interface. before we can take a look at Chris, I have a script called Prismatic Prismatic, which I can also run using podman, is going to initialize the Crist system with some information and that's going to create some users for testing purposes, and it's also going to\nJennings: Add some programs or what we call, Christopher's plugins to the crisp system. And you can see that this mini Crits.sh chrismatic subcommand is just a podman run alias and it's going to run a new container as part of the cubed pod.\nJennings: It's just going to run the charismatic command within the charismatic container. What that does is it reads a file called Prismatic.yaml to put a bunch of data into our Chris backend. And so what it's done here is it's created a super user called Chris and that's going to be a user that will log in as in a quick moment and it has registered a few simple programs for us to try running. To access the user interface. We can see that it's running over here on podman desktop. These logs say that it's running on port 3000 though. The port 3000 is mapped onto the host Port 8020, I believe yeah.\nJennings: So, let's take a look.\nJennings: This is the Chris user interface and from here, what we're able to do is you can click Login.\nJennings: And yeah. Great new analysis.\nJennings: In Chris, we have computational experiments organized as separate analyzes. And what I'm doing here is I'm going to create a new analysis with some uploaded data.\n00:10:00\nJennings: And now it's happening, is once I've uploaded the data into the Chris system, we can see it running in this Kris UI and I can choose to run more plugins here. When I choose to run a plugin such as this one of Click Add node, it's going to dispatch a container to podman and podman is going to run it. So if I'm lucky if I type Admin PS then it'll show the container running. I have to be kind of fast.\nJennings: I guess I lied about being the fast part.\nJennings: It always breaks during demos. I have no idea why this guy ran but this guy doesn't I'll just try it again.\nTom Sweeney: The demographic, strong.\nJennings: I'll just\nJennings: What was that? Yeah, they are.\nTom Sweeney: The demo gods are strong.\nJennings: I can do another quick explanation of what's happening here. And what's happening here is This user interface is pretty much. Helping me build a command line. string that is eventually going to be forwarded to the podman socket and so,\nJennings: This program that I'm trying to run called Simple DS. App is just a demonstration program. We have other programs as you've seen for imaging analysis and medical research. I'm just going to pass a command line parameter here, called Sleep length. 10 because I wanted to sleep for 10 seconds. Oh no, this guy failed.\nJennings: I feel like this one's also gonna fail, but yeah. Sadly, the demo gods have kicked us this time.\nJennings: Well, that's mostly what we have here. We have the entire care system running in Admin, Desktop any questions?\nBrent Baude: Yeah, I have a few.\nBrent Baude: I'm curious. Is there anything that podman could do? That would make this easier for you.\nJennings: Yeah. So Several things podman has pretty much innovated in the space of rootless containers and that's great because Chris is concerned about security and we need to make sure that these plugins aren't going to do anything malicious and if they do something malicious they can't break out of that. Container jail. a second thing is one of the key innovations of the Chris project itself, is that Chris plugins, unlike some other. Systems for computational research. Aims to be simple for developers. And I should be able to look at a terminal you here.\nJennings: I'm not sure if you guys are familiar with the App Trainer command app. Tanner is a another container runtime similar to Docker apartment. And friends. But this obtainer command could also just be a podman command and podman would be a great candidate for having people be able to run these analyzes on their own systems. Because oddman is rootless and or podman supports rootless mode.\nRudolph Pienaar: If I can just quickly jump in with a meta comma to observation here. So you guys all hear me is my mic coming through. So, one of the things we're trying to do here,\u2026\n00:15:00\nTom Sweeney: Yep, bottom plants.\nRudolph Pienaar: right? Is, you know, you're so in the Chris UI beginning of like this, this connected graph of designers, So that's kind of at the heart of what we're trying to make fun, you know, distribute, right? So you can, you can construct and arbitrary complex tree of computing. where each one of those nodes is, is obviously a container and because\nRudolph Pienaar: That's a Jennings show in the beginning. You can have multiple different computing stages as you're doing, one of the things we're trying to do is to be able to publish and bundle together, the value of that computing tree. Simply and easily, right? So you can, you can describe your entire compute as a simple yaml file. Which literally is just describes the tree of computing, your almost a directed basically graph.\nRudolph Pienaar: Mostly in research. What folks, end up, folks, end up doing right. Is they construct their workflows using bash? Scripts if they get to that level, And you know, as most of us know bash scripts are horrible to try and do anything with. And most of the coding there is is literally just coming, right? You know, it's all to do with data copying from one direction to another and stuff that all goes away in a system like this, you know, leveraging Crisps which sits above, you know, something like podman or Kubernetes, whatever the case may be, all of that goes away. Which we think is can be pretty useful for reproducible, computing and science and stuff like that. And another thing which which is maybe interesting useful to point out of here is and so I was a Red Hat summit last week.\nRudolph Pienaar: There's a whole bunch of stuff, you know, about how in industry we can. You know. Deploy models of computing. Like AI models. How do we deploy them? The first, I can tell the industry model to do that. Is you take a data scientist working in Jupiter notebook. And that's all they ever do. And then an application engineer or development comes in and takes her Python Jupiter notebook and shoves it into a flask python. Framework or fast API and that fast API thing, you then go and throw on the Web and manage with Kubernetes or partner, whatever the case. and that's if you want, most people are doing and that's, there's nothing wrong with that, of course, but it just struck me that What ends up happening there is that you kind of entrenching the separation between you the primary developer like potato scientists.\nRudolph Pienaar: Where it's going to be deployed. There's a huge gulf between them. Right. The data scientists. It doesn't know anything about flasks or fast API, they want to touch that. They don't interested in doing that. But in a system that we put together over here, the The actual thing that is deployed on the Web that is managed by Partman is managed by this whole system, is pretty much the exact code that you as a data scientists. Develop. so it's so it that that Delta between your prototype. Code, and the deploy code.\nRudolph Pienaar: Is much much shallow smaller and shallower than what it, and what is the normal way? It means. So that's another innovation where I super excited about to do you, right? You can develop your stuff, you can be a data scientists. You don't even have in this case here, you don't have to know what man. We doing it all for you without scripts, but you are developing your code and you're able to deploy it locally on your own machine. And pretty much see what it would be like, in production. Skin. Anyway, that's just a quick quick. High-end plug here.\nStevan Le Meur: Well thanks a Rudolph. I think that's exactly what we are trying to to accomplisher. It's helping the developers to be able to produce locally. Things that they would run on production. So having something as close as possible from production is super critical. Who have fast turnarounds, when you are building your application. But also, when you are consuming it, as you use, just the mode in fact so wonderful. The demo is fantastic. I think, and it's really nice to see the technology being used for such cases, as well. That's, that's very nice.\nJennings: So I was able to get what I wanted to show running, which is I just rolled back to an earlier commit. That was working. So what I tried to do was I ran a second, plugin instance here. and you can see what I did was, I was trying to run this program called Simple DS up with a parameter called Sleep Length, 20. And here we can see the output in podman desktop as well. So what the cris system did was once it received the request to run a container. It handles, all of the handles fudging with the podman interface for you, And it created a container with heels and both DS up. And here's the output, I'm not sure if we'll be able to inspect it anymore. Yeah, I can't inspect that any more because Chris decided to delete the container, once it was done running, if it was still running, then you would be able to see the flags here as well.\n00:20:00\nJennings: I also wanted to just quickly show off what Rudolph was talking about. So what I was showing here was just the stages of a biomedical compute pipeline. It often involves multiple steps and multiple programs that are going to be glued together by a bash script. If you've ever done any kind of scientific computing, you would understand what I'm talking about East Bash scripts or even CSH scripts are going to be maybe 4,000 lines long of gibberish. Whereas with Chris how we organize and orchestrate, these workflows is using a yaml schema\nJennings: over to pull up. My browse organ. this is a pipeline that I've been working on, which Extracts surfaces aka just polygonal mesh, representations of the fetal brain cortex. From a reconstructed brain image and so it does some file conversions and it processes the left and right hemisphere separately. And this is specified using a declarative yaml syntax instead of bash.\nJennings: I also wanted to add to what Stevan was talking about. We have Chris deployed and targeting Openshift container platform. Unfortunately this week we were just on Lucky our\nJennings: local cloud that we use. It's called the Massachusetts, Open Cloud and the New England Research Cloud. They are doing their yearly power down maintenance. So I can't show that off though. Typically Chris is deployed on Openshift and also uses Openshift for its public compute and one of the things about podman is it makes it easy where we can have this one set of Kubernetes, DML manifests that work on both Openshift and also just locally on my desktop\nJennings: I don't know if I'm supposed to be calling on people, but hello Matt.\nTom Sweeney: Oh sure. Go ahead.\nM\xe1ir\xedn Duffy: Hi. So my question for you because I know you guys were previously using Docker compose and I just wanted to know how was the transition been kind of coming from Docker compose into this setup?\nJennings: Yeah. Um, perhaps we should I noticed next in the schedule, someone's talking about quadlet which is something that we need to look into. I'll talk about why right now actually using Docker compose is a lot easier. For not necessarily the right reasons. It's because the her compose has a Insecure by default kind of mode of operand, which is great for developers. but, One of the things that I'm curious about is just trying to enforce the principle of least privileges here, and moving into podman was more difficult because of the Damon list thing. We need a Damon to talk which is why I'm running the podman socket and also the rootlessness thing, There were a few bugs there. But in general, the experience was somewhat good.\nJennings: There are some key differences between how podman cube play works and how the actual Kubernetes system works or how Docker compose works. The two biggest discrepancies, are going to be that.\nJennings: Podman cube play. Operates sequentially. What that means is it's going to create one pod or sorry. One container at a time and that's a problem. When you have containers depending on each other, in the world of docker, compose, or Kubernetes. These containers are going to start Asynchronously meaning If the dependencies aren't resolved, they'll just restart in a few seconds. And podman. I need to do the dependency resolution myself and how that works is. I've prefixed these with numbers denoting the order in which they are dependent. So I need my config maps first. And then I need my database and Q. Services which my backend is dependent on and then I have to run my back end near the end because it's dependent on the database and rapid MQ.\n00:25:00\nJennings: Yeah, Brent.\nBrent Baude: Let me check with Tom first on time check, how are you feeling Tom.\nTom Sweeney: And we've got all just a few more minutes. I can go five more minutes but that's gonna be pushing it.\nBrent Baude: Okay, I'm curious then. So when you say that, When you say that before with, I think it was composed and it's done. Sort of asynchronously. Are you handling?\nJennings: in docker compose, it's possible to specify the dependency order of containers. And that's not a perfect solution, but it is.\nJennings: Better than sequential.\nBrent Baude: Okay.\nJennings: I think it's also supported in podmin composed, but we've tried to move off of podman compose and into podman play cube.\nBrent Baude: Okay.\nJennings: So what you can see is when I'm running the Chris container over here, this is a docker compose file. I can increase the font size of it. This Chris service is defined with the auctions depends on, and the pens on is a list of other services, which must be started before the Chris service. This is good because we can make sure that these other services at least exist prior to Chris. This isn't a complete solution, because even though the containers themselves exist, these service might not be ready to accept connections yet, but still docker, composes able to figure out the dependency order and then start these both.\nJennings: Asynchronously. And in the order that would satisfy the dependency tree with podman currently, the dependency resolution must be handled manually. This is also somewhat deviant from the communities spec. I'm not sure if it's part of the Kubernetes spec, but I would assume. So that every resource specified in a yaml file, Or sorry, the order of resources specified in a yaml file, should not matter. So,\nJennings: What I have here is, I have a yaml file of a bunch of Kubernetes resources, they're separated by the Triple Dash syntax and in theory, or ideally the order of these services shouldn't matter. But when you're running it using podman, whether it be through podman desktop or podman cube play, the order does matter. You need to specify the dependencies before the dependence.\nBrent Baude: Okay, thank you.\nTom Sweeney: Any further questions. This has been great presentation. Great discussion.\nBrent Baude: I assume Tom has your contact information if I would want to follow up, you 'D be willing to answer some.\nJennings: Yeah. Oh, I mentioned Someone's later going to present on quadlet. I would be very interested in hearing more about quadlet because to my understanding Quad lit, is where podman uses system D as DC. Orchestrator of some sorts. And so hopefully, system D can sidestep this issue. With plodman cube in my understanding, is podman is starting these services sequentially. But if we were to define domestic D unifiles and system D does start services in parallel. I hopefully this dependency resolution problem goes away.\nTom Sweeney: Know unfortunately the speaker had to back out literally just after the meeting started. So we're not going to be discussing quality today but we can certainly get you in touch with him if you'd like to.\nBrent Baude: Who was the speaker, Tom? oh, Okay, we can. Yeah, we can do, we can arrange something for you.\n00:30:00\nTom Sweeney: Then, okay. And then not as moves, you down to the bottom of this agenda today, just so we can get to the other things too. If we don't get to the four, five update, I think we can get by without that. So next. Okay, next up. Step on me and just stop update.\nStevan Le Meur: Yeah. So I I think the demo that was just done by Jennings was a, just a very clearly illustration of how pen mendes that could be leverage for helping streamlining, container walkthroughs and streams. Most and if you can developer experience so this is great introduction. I will say so on, I'm going to share my skin. So we just announced the version 1.0 of Batman Desktop and We are really two weeks ago.\nStevan Le Meur: In this version, as you might already know, we provide a user friendly interface for managing containers and working with Kubernetes directly from the local developer machine. So that's a bunch of things that we are trying to, to do from a component desktop, like abstracting the setup and the configuration of the entire container tooling. So you can create your appointment machine directly from the UI and you have the ability to to create your machine.\nStevan Le Meur: With or without good privileges as well. And as it has been demoted as well, just capabilities to play Kubernetes yamls directly from from the UI. So you can see your buds you can see The logs, you can interact with. we said with each of the containers, And you can get the Kubernetes manifests for. Somewhere. Oh, you applications. So you can easily test that onto. Onto a unto donuts around. So I can take A container.\nStevan Le Meur: And I can say, Hey I want to run this container inside of a bud so I can create a pod on my container. I need locally with a man. and then, once I have this this environment, which is a, which is running, Once I have my bud running locally with Batman, I can easily deploy that onto Kubernetes environment. So I can test it on two different Kubernetes around and right now. From Batman Desktop, you can create a kind cluster which is a Kubernetes. Christopher running in input, man. So you can create the cluster.\nStevan Le Meur: You will, you will have that NDF there are after a few seconds, a few few minutes depending on the on the network. And when you are in the context of of your bird and your images, you will have the ability to easily insight with the cluster so you will have the ability to push an image that you build locally. With Batman and you will be able to push that image directly onto the gain cluster. To use it into a deployment or into service that you you want to try out locally? So, this is one step. One step further in some sense.\nStevan Le Meur: Once you have your game cluster, it appears as a container in your list of container. So I have it here in you. I can see the logs. And what's pretty interesting is that I can also directly from the here. I can also interact directly with a research there so I can Also, do a computer comment directly from the from here. So if I have my bud that I just create I can say, Hey, I want to deploy. That bird onto my chemical stuff so it's you use a superman coming to generate the Kubernetes manifests.\n00:35:00\nStevan Le Meur: And and then it selects the Kubernetes context and I can do the deployment. Of my bud directly on tour. Onto my calendar. So share, it's probably pulling the image and now engine is running and I can see my part running locally in Batman, but I can also see it running on Kubernetes kind of stuff here as well. So this has a type of workflow that you you can leverage to make make it easier for you to have your turn around and you to test your application. More easier. As well.\nStevan Le Meur: Coming with the version 1.0 we have a set of of extensions as you know, Batman Desktop. He's a, he's a it's open to multiple container online and Kubernetes distributions so that's compatibility with with the care Lima and for Kubernetes, we have integrated kind. But there's also the ability to run Openshift on your local developer environment. So you you can directly install the extension from from the screen. And once you have the application, the extension installed you can trade. An open shift, local environment. So I already have one. So, It's not going to.\nStevan Le Meur: Turn that you have the ability to configure your bunch of local with two different presets. So either you can use an open shift, local an open shift, single cluster single note, cluster on your local environment. Or you can also use a lightweight version of Openshift which is micro shift that you can run you locally. So this is what I am running. Here and you obviously ability to switch your Kubernetes context from gain. To Microshift. So, if I have An image that I want to deploy to Microshift. I can also do that directly from on the list of images. And I can.\nStevan Le Meur: Deploy. I can deploy you. Birds, I can deploy Kubernetes cmls directly onto a main micro shifter environment. We also integrated the capabilities for enabling the Docker compatibility mode. So this enable to map the docker circuit directly to to put men, but also use the command lines, that some developers may already be familiar with. So this is prettier pretty as well. So, it's available.\nStevan Le Meur: Today it's free. You can download it from a ferment desktop dota you open man.io. As well. And we are always looking for feedback and you new new ideas on things that we could be. We could be improving. So feel free to engage on the requisitory as well, so you can create issues. And you can also report feedbacks directly from within the application so you can share your experience. And tell us, what are your suggestions as well.\nStevan Le Meur: And with this, I think. I covered.\nStevan Le Meur: The Intel. On Badman Desktop 1.0. So the lunch was two weeks ago, we have been getting a very positive Feedback from from the community. We had a lot of blog posts and the media coverage but there is also\n00:40:00\nStevan Le Meur: Really announcements that we are. We published on a developers that had that come. So feel free to to give you to give a look, if you are interested, otherwise looking for hearing you your feedback and your thoughts. On the product.\nStevan Le Meur: Any questions?\nTom Sweeney: Another question but would you share the department.io site real quick? It's the fun. Yeah, just for a moment,\u2026\nStevan Le Meur: Sure.\nTom Sweeney: I just did want to mention that we have Mole here and That has been revamped greatly by her and other folks and it's looking phenomenal right now.\nStevan Le Meur: Yeah, it's the new website is looking fantastic. So kudos to to move what's been working on this quite easily and it's it's I think what Batman was deserving so, really cool to see.\nTom Sweeney: Yes, thank you. And thank you once again. Well, it really is great. all right, that we're going to move on to Lokesh talking about Paul man, shakes\nLokesh Mandvekar: All right, let me share my screen. Stevan, could you stop showings\nStevan Le Meur: Sure.\nLokesh Mandvekar: Well.\nLokesh Mandvekar: All right, I guess you can see my screen. Oh, all right, so first off, what's the problem at hand? So as a system administrator, I would like to confine each user to a predefined show environment and in that environment a user would have access to volumes and capabilities specify for that particular user. Now, what is Plug-inch? Odman SH is an executable user been augments h along with a container by the same name. I'm going to search now. This container is managed by a user quadley. With the login shell, set to the plug-in SH executable. When the user logs into the system, they enter the podmanus H container directly. Now, let me do a quick demo. So first, let's check the current user is\nLokesh Mandvekar: So that's the current user with the show set to bin Dash. Now I have created a demo user for this purpose. Now, this demo user has shell set to User bin podmanish. Also, with the user quadlet created for this demo user.\nLokesh Mandvekar: Books.\nLokesh Mandvekar: So this is a basic quadlet that's been created for the user. The image has been sent to Ubi-9 minimal. Now, let me first. See what posts I'm on. I'm on Fedora released 38. Now, I'll ssh into the system as gonna be user.\nLokesh Mandvekar: Okay. so I'm ssh in and as the user demo,\nLokesh Mandvekar: Environment is a real environment. As was specified in the bottled file. So, current status of this work, this is still working progress. There is an open PR, I'll link to it in Hack MD. Now this might get into 4.6, as a tech preview, but it should be ready for the release after 4.6. And that's my demo questions.\nTom Sweeney: Not hearing things.\nLokesh Mandvekar: All right. Yeah, Tom back to you.\nTom Sweeney: Right, Lokesh. Thank you. That's great. And Matt, do you want to give us a quick rundown? What's happening with four or five?\nMatt Heon: I honestly I think I'll just take the opportunity to go on to four six and future release plans because four five is, this point is two months old. so,\n00:45:00\nTom Sweeney: What?\nMatt Heon: Generally speaking, we are planning at least, one more release this summer, but there's still discussion going on in the team as to whether we're going to do two one end of this month and one somewhere in August, or just, just one release, which would be probably mid to late July. So we're not completely sure on this, but you were getting at least a four six and potentially a four seven by end of summer, we're hoping to firm this up and get an actual document out that will describe future release cadence at some point, but that's still being worked on as to what you can expect. And for six generally speaking improvements to podman machine, especially around Mac, and Windows improvements to quadlet and just general bevy of bug fixes that you usually gets also at some point, maybe not for six, but some point the future we are going to be making the new SQLite database back and the\nMatt Heon: Fault, still needs to be discussed if it's mature enough to do that and four, six. This should be only for new installation. So I don't expect any significant changes from user perspective, but that is something to look out for. And I think that's about it. I could go into four or five features again it's two months old and at our current cadence, that is a agent history.\nTom Sweeney: Now, that's fine by me. Brent, did you have anything to say? You look like you had something you wanted to sing?\nBrent Baude: You know, no, but I can add to it. We're currently just sort of looking at\u2026\nTom Sweeney: Okay.\nBrent Baude: what we're working on where Matt hit a lot of it. We're working on some final pieces for Netta Mark. Parody with CNI. And in terms of machine,\nBrent Baude: But I currently have two new hypervisors in flight. And one is Hyper-V. For windows. And the second is the apple hypervisor their native, one rather than c** you. Both are progressing nicely. Because their new platforms. For fedora coros, it does have to go through a rather. lengthy process and get into their release process, to where images would be automatically created.\nBrent Baude: On. But a lot of that code will be in four six and potentially for those chomping at the bit they can Check out if it fixes or solves any problems one. Very good thing. I'm happy to report is we have hurt Ilfs, working on the apple, Hypervisor part and it's quite fast.\nBrent Baude: I think that's it, Matt.\nMatt Heon: Yeah, science about right to me.\nBrent Baude: yes, of course, Stephen\nStevan Le Meur: you yeah, wanted to ask if you if you are looking for people who want to test, the the work on the I Native I advisors If you are seeking for, for more testers from the community here, I'm not yet.\nBrent Baude: I will but not yet on the hyper V side.\nStevan Le Meur: Okay.\nBrent Baude: We need we need ignition upstream to merge, and start creating some images. I could do one offs, but it's not something I like to do. The second piece is the\nBrent Baude: socket mapping. For Hyper-V is not been completed.\nBrent Baude: So, it would make it. More difficult for people to actually use in that regard on the habitable. On the apple side, we're still working out. I'm actually sort of faking out ignition right now, and that's how I'm doing the testing. But we're we're basically saying thing there, no socket mapping yet and we need mission to Merge when it works done.\nBrent Baude: And I'm going fishing next week, so it won't be in the next week.\nTom Sweeney: Don't catch any Celtics, please.\n00:50:00\nTom Sweeney: All right, that's it for our plan topics. We have just a few minutes left for open form. Questions, does anybody have any questions or comments? They want to make\nBrent Baude: We love to hear what we're not doing, right?\nTom Sweeney: yes. And also any topics that you'd like to see for the next meeting. Which I'll just say real quickly. Our next meeting is August 1st 2023. That's a Tuesday. That's first Tuesday of August, that'll be at 11:00 am again in our next ball. Meetings back up on me because you do that on the third floor you stay at the month and that's on the 15th this time around. So that'll be next Thursday. So, if you have any topics for either of those, let me know currently the quality demo will be on that list for the community meeting New August.\nTom Sweeney: I'm not hearing any other questions comments.\nStevan Le Meur: Comments. I think it's super cool. Everything that is happening in the Comet Padman community at the moment. So thanks everyone for your engagement involvement.\nTom Sweeney: All this.\nStevan Le Meur: It's amazing.\nTom Sweeney: this, it's been\nGerry Seidman: actually, if I can at the 11th hour, ask questions, I actually met with Ben\u2026\nTom Sweeney: there.\nGerry Seidman: At Red Hat Summit and he's very aware of this stuff we're doing with a major financial that very much wants ALS if you would be ultimate layer storage. kind of,\nGerry Seidman: Whatever dancing. Just I presented the group on it, I won't be able to, I don't know if I'll put on the 15th, but what's one after the 15th, what the meeting date after the 15th?\nTom Sweeney: um, the one is there's Department of Community meeting on August 1st with this. Another one, another Cabal meeting. And if I can get my calendar up, I tell you, it's the third Thursday, in July. You don't?\nGerry Seidman: Right. Well, I'll reach out to you, then send an email between you and I, I'll follow up on that. Um, really\u2026\nTom Sweeney: Okay.\nGerry Seidman: what I would, what my curiosity is, is right now. The ALF is considered experimental and storage in the container storage. Any suggestions on decide what the things I talked with Dan about about, Moving it forward to. Not being experimental.\nGerry Seidman: Like documentation. Things like that.\nTom Sweeney: Right? Can I throw that one in your life?\nBrent Baude: Yeah, I was just waiting to see if anyone piped up. So Gerry you're the one then.\nGerry Seidman: I'm the one if you've heard about the people thinking about it. Yeah.\nBrent Baude: I heard about him.\nBrent Baude: I guess for content. I'd have to think about that. It's an interesting question. What is I'm not deeply familiar with what's held it back? Other than the fact that it's fairly new, but not a new technology, but a new ad.\nGerry Seidman: Yeah, it's it's it's deployed, it works. In the, you know, it's it's Dan suggested Da edit, you know, submitting some documentation. The only place I could imagine to document that is in the Storage.com. Man Page because nothing, there's no commands associated with it. Maybe you have some other thoughts in that. I've written that up. I just haven't submitted it yet. um, It works.\nBrent Baude: Okay.\nGerry Seidman: Um, it's really just a matter of fear of commitment.\nGerry Seidman: because, Other than myself, a group of NT.\nGerry Seidman: And then some other miscellaneous projects, I don't think anybody, I don't know how many people using it.\nBrent Baude: let me, let me get back to you, but I wondered if there were You said there was documentation and container storage.\nGerry Seidman: Now there's there is not, I I wrote some up that I can submit and\u2026\nBrent Baude: Oh, okay. Okay.\nGerry Seidman: it really just I mean if you the other technology is the, you know, the alternate image store and that literally has two lines of documentation. I wrote A couple of paragraphs, which is probably too much but\nBrent Baude: Well regardless that would be good to have.\nBrent Baude: I think, beginning the blog about it would be smart it and we can provide a blogging resource if you're interested.\nGerry Seidman: Yeah, that's good to that but if you do you have my cut contact information?\nBrent Baude: Yeah, it's in the calendar notice, I would assume.\nGerry Seidman: okay, so I don't have your contact information, so if you could ping me out response, thank you.\nBrent Baude: Absolutely.\n00:55:00\nTom Sweeney: Right. Folks, unless there's any last questions. We're almost a time for this meeting. I'd like to very much thank all the presenters today for coming in and showing off the substance of fascinating. Look for a lot of things today. And again, we'll be meeting next on August 1st and then on July 20th. June 15th and July 20th. But I'm gonna stop the recording.\nTom Sweeney: And anybody wants to say anything and not be recorded. Otherwise, let's go to lunch.\nStevan Le Meur: Boost.\nGerry Seidman: In 30 days.\nTom Sweeney: All right, folks. Have a great day. Thanks so much.\nMeeting ended after 00:56:17 \ud83d\udc4b\n")))}Yo.isMDXComponent=!0;const zo={},qo="Podman Community Cabal Meeting Notes",Vo=[{value:"June 15, 2023 11:00 a.m. Eastern (UTC-5)",id:"june-15-2023-1100-am-eastern-utc-5",level:2},{value:"Attendees:",id:"attendees",level:2},{value:"June 15, 2023 Topics",id:"june-15-2023-topics",level:2},{value:"Meeting Notes",id:"meeting-notes",level:3},{value:"Additional Layer Storage (ALS) (0:57 in the video) - Gerry Seidman",id:"additional-layer-storage-als-057-in-the-video---gerry-seidman",level:3},{value:"AuriStorFS - The cloud file system for the 21st century",id:"auristorfs---the-cloud-file-system-for-the-21st-century",level:4},{value:"Containers as Software Deployment",id:"containers-as-software-deployment",level:4},{value:"Container Storage",id:"container-storage",level:4},{value:"Additional Image Storage (AIS)",id:"additional-image-storage-ais",level:4},{value:"Additional Layers Storage (ALS)",id:"additional-layers-storage-als",level:4},{value:"AuriStor Container Accelerator (ACA)",id:"auristor-container-accelerator-aca",level:4},{value:"Qustions",id:"qustions",level:4},{value:"ipfs integration into Podman - Anders Bj\xf6rklund",id:"ipfs-integration-into-podman---anders-bj\xf6rklund",level:3},{value:"Open discussion (54:45 in the video)",id:"open-discussion-5445-in-the-video",level:3},{value:"Next Meeting: Thursday, July 20, 2023, 11:00 a.m. EDT (UTC-5)",id:"next-meeting-thursday-july-20-2023-1100-am-edt-utc-5",level:3},{value:"Possible Topics",id:"possible-topics",level:2},{value:"Next Community Meeting: Tuesday, August 1, 2023, 11:00 a.m. EDT (UTC-5)",id:"next-community-meeting-tuesday-august-1-2023-1100-am-edt-utc-5",level:3},{value:"Possible Topics:",id:"possible-topics-1",level:3}],Ko={toc:Vo},Zo="wrapper";function Qo(e){let{components:t,...n}=e;return(0,me.kt)(Zo,(0,K.Z)({},Ko,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-cabal-meeting-notes"},"Podman Community Cabal Meeting Notes"),(0,me.kt)("h2",{id:"june-15-2023-1100-am-eastern-utc-5"},"June 15, 2023 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h2",{id:"attendees"},"Attendees:"),(0,me.kt)("p",null,"Ashley Cui, Chetan Giradkar, Christopher Evich, Daniel Walsh, Ed Santiago Munoz, Gerry Seidman, Gerry Seidman's Presentation, Giuseppe Scrivano, Jake Correnti, Lokesh Mandvekar, Martin Jackson, Matt Heon, Miloslav Trmac, Mohan Boddu, Nalin Dahyabhai, Paul Holzinger, Preethi Thomas, Tom Sweeney, Tom Sweeney's Presentation, Urvashi Mohnani, Valentin Rothberg"),(0,me.kt)("h2",{id:"june-15-2023-topics"},"June 15, 2023 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Additional Layer Storage (ALS) - Gerry Seidman"),(0,me.kt)("li",{parentName:"ol"},"ipfs integration into Podman - Anders Bj\xf6rklund to kick off")),(0,me.kt)("h3",{id:"meeting-notes"},"Meeting Notes"),(0,me.kt)("p",null,"Video ",(0,me.kt)("a",{parentName:"p",href:"https://youtu.be/GYrFHoYtXDA"},"Recording")),(0,me.kt)("p",null,"Meeting start 11:02 a.m. Thursday, June 15, 2023"),(0,me.kt)("h3",{id:"additional-layer-storage-als-057-in-the-video---gerry-seidman"},"Additional Layer Storage (ALS) (0:57 in the video) - Gerry Seidman"),(0,me.kt)("p",null,(0,me.kt)("a",{parentName:"p",href:"./AuriStor-ACA-PodmanCabal.pdf"},"Slides")),(0,me.kt)("p",null,"What is AuriStorFS\nFraming the Problem ACA Solves\nAdditional Image Store AIS\nAlternate Layer Storage ALS\nThe AuriStor Container Accelerator ACA"),(0,me.kt)("h4",{id:"auristorfs---the-cloud-file-system-for-the-21st-century"},"AuriStorFS - The cloud file system for the 21st century"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Global Namespace\nAccess Transparent\nSecure\nCache Consistency\nPlatform Independent\nAFS Volumes as Policy Containers\nHigh Availability\nWorks Well over WAN as well as LAN\nBoundless Scalability\nHybrid/Multi-Cloud\n")),(0,me.kt)("p",null,"Works with Fedora 31 and higher"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"ls /afs\ndnf install -y -q kafs-client\nsystemctl start afs.mount\nls /afs/cern.ch\n")),(0,me.kt)("p",null,"Platform independent"),(0,me.kt)("p",null,"Volume are rooted directories"),(0,me.kt)("p",null,"Examples of Volumes\nRead Only - Machine Learning, Application Binaries, Configuration files, Static Web Content\nRead/Write - Business Documents, User Home Directories, Logs"),(0,me.kt)("p",null,"Volumes are the units of Management and Policy\nAFS Volumes are named\nSpecial volume named root.cell\nVolume Directories can link to other volumes"),(0,me.kt)("p",null,"Mounting Volumes to Local File System\nDirect Mount\n\u2022 ",(0,me.kt)("inlineCode",{parentName:"p"},"mount --bind /afs/.@mount //"),"\n\u2022 ",(0,me.kt)("inlineCode",{parentName:"p"},"ln \u2013s /afs/.@mount//"),'\nDynamic Mounting\nAFS Client side "Dynamic Root"'),(0,me.kt)("p",null,"Every Volume is really an Object Store\nLocal Cache Consistency"),(0,me.kt)("h4",{id:"containers-as-software-deployment"},"Containers as Software Deployment"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Container has root file system, and you can push/pull the image.\n")),(0,me.kt)("p",null,"Costs of pulling a container image\nClock Time\nNetwork bandwidth\nCPU and I/O time spent\nDisk space"),(0,me.kt)("p",null,"Large Container Images are not uncommon\nPyton is 1GB\nGerry has seen 40GB sized custom made."),(0,me.kt)("p",null,"Large Containers can add up, and you can have many on a machine."),(0,me.kt)("h4",{id:"container-storage"},"Container Storage"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Configuration File\n /home/gerry/.config/containers/storage.conf\nWorking directory\n /home/gerry/.local/share/containers\n")),(0,me.kt)("p",null,"Podman Pull - object from container registry"),(0,me.kt)("p",null,"Layer files are found under 'overlay'"),(0,me.kt)("p",null,"Running a container adds the R/W layer"),(0,me.kt)("h4",{id:"additional-image-storage-ais"},"Additional Image Storage (AIS)"),(0,me.kt)("p",null,"Allows multiple ./storage instances\nImages are pulled into specified ./storage\nAt runtime, Images are search across AIS sequentially\nCan be share across users and machines"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"You can list images from multiple image stores\n")),(0,me.kt)("h4",{id:"additional-layers-storage-als"},"Additional Layers Storage (ALS)"),(0,me.kt)("p",null,"Stargz (Seekable Tar GZ)\nAttempt to solve the slow container start time\nSeekable allows lazy download of required image chunks\nRequires Augmented OCI Image"),(0,me.kt)("p",null,"Alternate Layer Sstorage (ALS)\nProvides Alternate sources for Layer content (Stargz, IPFS, AuriStorFS)\nIntercepts Layer Pull/Expand"),(0,me.kt)("p",null,"ALS Fuse Driver Plugin\nFor Layers it support the FUSE plugin will service paths in the form\n",(0,me.kt)("inlineCode",{parentName:"p"},"//")),(0,me.kt)("p",null,"Podman pull with ALS\nThe image size was reduced by quite a lot."),(0,me.kt)("p",null,"This is deployed by Podman, but is experimental. Gerry would like to get it promoted."),(0,me.kt)("h4",{id:"auristor-container-accelerator-aca"},"AuriStor Container Accelerator (ACA)"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"ACA Root satisified ALS Path 'Services'\nAuristor ACA finds AuriStor Volume\nACA Layer Volume Generator Service\n")),(0,me.kt)("h4",{id:"qustions"},"Qustions"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Can AFS volumes store extended attributes (i.e Selinux labels)? Not yet, but in a near future version.\n\nAre access controlled on the server or on the client? Yes, in a number of places, being refined and needs improvement.\n\nALS requires a huge file system, is it opensource? Depends on which you choose.\n\nIs there a tool that creates the additional layer stores? Yes.\n\nWhay ALS instead of AIS. The dynamic nature of ALS. He would have to try and figure out AIS mapping.\n\nIn the past others have said latency is a problem with AIS.\n")),(0,me.kt)("h3",{id:"ipfs-integration-into-podman---anders-bj\xf6rklund"},"ipfs integration into Podman - Anders Bj\xf6rklund"),(0,me.kt)("p",null,"Not discussed due to time and Anders not being able to attend."),(0,me.kt)("h3",{id:"open-discussion-5445-in-the-video"},"Open discussion (54:45 in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Podman v4.6 Release Update")),(0,me.kt)("h3",{id:"next-meeting-thursday-july-20-2023-1100-am-edt-utc-5"},"Next Meeting: Thursday, July 20, 2023, 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h2",{id:"possible-topics"},"Possible Topics"),(0,me.kt)("p",null,"ipfs integration into Podman - Anders Bj\xf6rklund to kick off\nPodman v4.7 and beyond update"),(0,me.kt)("h3",{id:"next-community-meeting-tuesday-august-1-2023-1100-am-edt-utc-5"},"Next Community Meeting: Tuesday, August 1, 2023, 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h3",{id:"possible-topics-1"},"Possible Topics:"),(0,me.kt)("p",null,"None Discussed"),(0,me.kt)("p",null,"Meeting finished 12:02 p.m."),(0,me.kt)("p",null,"Raw Meeting Chat:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Gerry Seidman11:02\u202fAM\nhttps://drive.google.com/file/d/1OjaARJayC-9Z3dQ0HdubWiyyzL3XFVcY/view?usp=sharing\nYou11:03\u202fAM\nhttps://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nChetan Giradkar11:03\u202fAM\nit requires access\nYou11:04\u202fAM\nGerry you';re muted.\nYou11:06\u202fAM\nQuestions in the chat please, Gerry can't hear.\nDaniel Walsh11:09\u202fAM\n:^(\nChristopher Evich11:12\u202fAM\nCan AFS volumes store extended-attributes (i.e. SELinux labels)?\nYou11:16\u202fAM\nI'll try to get him for questions at the end\nDaniel Walsh11:20\u202fAM\nAre access controlled on the server or on the client? Enforcement of who is allowed to chown.\nYou11:28\u202fAM\nFor those joining, Gerry can not hear us.\nNalin Dahyabhai11:45\u202fAM\nare your speakers muted?\nieq-pxhy-jbh\n")),(0,me.kt)("p",null,"Raw Google Meet Transcript"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Tom Sweeney: Wanting everybody today is Thursday June 15th, 2023. This is the Podman Community Cabal meeting. We'll be talking today about additional layer storage and we have Gerry's. I'm going to mess up your name. Jerry, is it Seidman?\nGerry Seidman: But I've been seidman. Yep.\nTom Sweeney: Seidman, And then after that we've got to talk that's kind of a generic talk. For Ipfs integration into Pod, Anders was going to delete at least take that off. I don't see offers. Yeah, so we'll see. And I know Dan had wanted to talk about that as well. And so I have hack MD set up where I'll be taking the notes today. If you have links or anything that you want to add to it or if you find that I've just described something in the notes, feel free to go ahead and change those as you see fit. And with all that, I'm gonna hand it over to Gerry's. Thanks for coming today. I'm not sure.\nGerry Seidman: somebody could just check the fact that works that Could be my presentation's life. if not, \u2026\nDaniel Walsh: He?\nGerry Seidman: because some people like to follow along and as PDF, I could have put them there. That's a good point. Right.\nGerry Seidman: Nobody's going to confirm or deny.\nTom Sweeney: While I was muted, which was very helpful. It's no like not.\nGerry Seidman: Did you get it?\nTom Sweeney: It says I need access. Question.\nGerry Seidman: All right, hold on. Anyone with the link? Not let me do it again.\nDaniel Walsh: and I was now we said, Yep.\nGerry Seidman: Got it. Excellent because you don't make it easier for everybody because I'm going to talk fast. I'm from New York and I have too many flights. so hi. I'm Gerry Seidman. I'm president or a store which is a company that has a security distributed file system. I'm going to talk about our core product and also going to talk about what we're doing the container space or doing for accelerating.\nTom Sweeney: Who's Gerry now?\nEd Santiago Munoz: Very immuted.\nDaniel Walsh: Gerrymuted.\nDaniel Walsh: I see infinity.\nGerry Seidman: All right. Can somebody now say, Yes Gerry. I fear flies and I hear you\nDaniel Walsh: Yes Gerry. I see your slides and\u2026\nTom Sweeney: Yes.\nDaniel Walsh: I hear you.\nGerry Seidman: Nobody. You.\nDaniel Walsh: Yes.\nTom Sweeney: we can hear you.\nGerry Seidman: Can you hear me? So I can't hear you for some reasons, but that's okay. If you have any questions. I'll jump out.\nGerry Seidman: I've got it. All right, so I'm gonna go very quickly through a lot of topics. What I'm going to talk about what is Orest or FS. I'm gonna fake frame, the problem that\nGerry Seidman: The ores will container Accelerator solves. I'm going to very very quickly talk about container storage internals which most of you should know better than me. I'm gonna talk about additional image or which Dan certainly knows better than me. Then I'm gonna talk about additional layer stores, that's a typo,\u2026\nTom Sweeney: Technology.\nGerry Seidman: It should be additional layer Stores, storage, and then finally, I'm going to talk about the order here accelerator Actually, I'm going to be talking about that interest first with a bunch of other stuff and specific to it. So our surprise the cloud process for the 21st century that's actually a joke because the orchestra file system has its roots in the Andrew file system, which predates NFS it was designed.\nGerry Seidman: Very presciently. but the reason or what our stores initial funding came from the Department of Energy and we got an SDAR to create a 21st Century Cloud file system that extends upon the AFS vision. so that's the joke in that. but it was designed to do a lot of things store on extends very much beyond what the open source AFS does and certainly what anybody who's AFS a long time ago, might\n00:05:00\nGerry Seidman: Remember but here's the kind of the high level points and I'm going to drill into some of them, A true global namespace on that actually can span organizations not just clouds access transparent. It's just a processing files again for definition. In this case, I'm talking about the part of the file system, Not block storage. it's highly secure. I'm not going to go into the security model at all, into the catch consistency model. What that means is that, There is a local cash on that, on the machine, on each client. And if something changes in the server, it's the server's responsibility to inform the client, which means to do polling because it's done properly. Little version has the things like that. The cash actually survives a regal.\nGerry Seidman: if platform independent, the clients were on pretty much everything. I'm going to talk more about I'm going to talk about evidence, volume separately, high availability works well over the win as well as the land boundless scalability and like I said, hybrid multicloud by default. I'm just focus for a minute on these because they're just what I mean by a global namespace is if you just take a fresh install of the Dora and anything over for 31, There's a bug answer 38. But if you do a fresh install you LS slash AFS there's nothing there you install the cast client, there's an upstream when it's client that's in the main clean line, as well as in many distributions like we're going to not yet in route but we have a fine version if you're running around.\nGerry Seidman: 9.2 Ask reach out to me and I can give you this client. you just start the afs.mount service. And then if you're running there's a bug integer at 38 where you have to stand in first, permissive you don't into door up 37 and you won't or 39 and hopefully not much longer 38.\nGerry Seidman: And then just believe you're an astrophysicist or a high energy businesses and just look at files concern, LS slash AFS last cern.ch and lo and behold it works. Zero client configuration global management. Access transparent. It just looks like a file. So I'm going to just add a file from Cerns Atlas Project. Let's go from their aspected and it just work and as I said, it's platform, independent, on the one side of windows and the other side of women. I'm going to focus on the parts that are salient for ALS, the cash consistency model and the answer findings of policy containers really more than about the air that's fine in AFS again,\u2026\nTom Sweeney: He?\nGerry Seidman: volume is highly overloaded term in AFS and abiding. It's just a rooted directory of, files And it can have, files and sim links and directories etc. an example of a volume rewrite volumes would be, for example, painting data, machine learning training that a lot models data sets application binaries, configuration files, static Web content for write, your home, directory Scratch, space log but some specific project etc.\nGerry Seidman: Volumes are the unit of management and It's the thing, you put policy upon things like quota replicas. So for example, if that's where I want high availability, I might serve it up on three fosterers in New York in Shanghai One in London. It's still globally accessible, but your client will find a closest one to get you the best performance. maximal access controls, the security thing things that you can do things like this data. Can't be the US. It's got a lot of cool stuff, but an AFS volume and the AF unit of management is called Estelle and cells have volumes in them and volumes have human readable names. so for example I could have a volume called Language Model DOT training DASH data.\nGerry Seidman: so that would be where I would put it. I didn't say that access it yet and there's also a special volume with the name Root that again there's volumes. I don't know why I have a separate. you miss, what I'm showing is that within an FS volume, you can link to another amp as volume as if you triangle are for\n00:10:00\nGerry Seidman: Yeah, the triangles are showing, you can actually have hard links, you've actually have hard links as well as SIM links within a volume. You can't do hard length. but you can do mount points of the volumes. so how are you access it in? actually gave you This is the syntax not for cast but for our proprietary client but anybody can reach out, tell you how to do it or look up online. Mount Slash cell volume name gets you to a volume. That just works. There's also a dynamic route, /, By default. It could be anything else in your system. it doesn't have a lot of our banking customers, have it.\nGerry Seidman: Only locally accessible on and that's how the global names So I'll get back to that with an example. But for example, somewhere on my file system, I might want to have my, chat ABC language training data. I want to mount it there. So I just say I could do L / blah blah\u2026\nTom Sweeney: it's\nGerry Seidman: because slash that out. / myog.com, Bush language, training directly gets me to the root of that volume. So if I link it to be there, I now have it anywhere my file system. again, that's the syntax of here, but one of the cool things is dynamic, zero, configuration Global namespace. So there is that I mentioned in passing, a slash AFS directly off of the route. That's now actually reserve name. You can't. It's\nGerry Seidman: Its official things slash AFS you can't have such anything, and the way it works, if I go AFS slash you michigan.edu or cern.edu, There are DNS service records that say, where the metadata servers are for University of Michigan or certain etc. And what happens is the client, when you say slash afs/stern.com, it goes to DNS and it finds the IP address of the metadata server. And then it dynamically mounts, the route that sell special fruit. I\nGerry Seidman: Last say the penultimate thing I want to say is afs Everything was, really, an object store. It's not really a false, Server. It's an object server where each volume is an object store and each entity in it files, links, directories etc, are objects with their unique guys object IDs. And actually the server doesn't know anything about paths, unlike NFS. the path is all the pathwork, Interpretation is always done, completely on the client.\nGerry Seidman: As I said, also said there's a cash consistency model that survives reboot so when you read from the file server, a fraction of not a copy and sync file system. it just grabs the block that you read, it stores in the cash or the least presentation you use caching on and the cash can be very very large. couple gigabytes would be a couple of terrified. So for example you doing the machine learning Up. You might want to have a very large cache. so \u2026\nTom Sweeney: Traditionals.\nGerry Seidman: point basically networks over All right, that's all we know are all experts in or restore. now I talk a little bit about containers of software,\u2026\nTom Sweeney: Gerry.\nGerry Seidman: deployment, inheriting, all the classic problems of software delivery. very quick slide. Just we all know this that at runtime you're using, you've got an overlay file system the presented to the run container at runtime where the route is the write layer. And then there's a list of We don't get players. On the local machine, if you built. A container with a bunch of layers, you have all the files locally in particular, you also have a manifest that are config file. Whatever, those are well dependent,\nGerry Seidman: it's just helps me about the container image. But when you say top, I've been push. It takes those files on the layers and creates a car.tz compressed version. And that's what goes up to the container registry, and the container regency stores them. And in fact, the container registry is basically an object store where the manifest even a io slash\n00:15:00\nGerry Seidman: Out library slash alpine, you go to the registry and say Hey, what's its unique ID? What's the idea of its manifest? That's the only time you used, It's not object like And then from there on you just bootstrap and say Give you the man give you this object ID which is the manifest. They give me this object Died ID with coming in the manifest, the layer ID to grab the layers. and when you say Pull you do the opposite, you pull the layers and you untar them locally onto your local disk. so what are the associated costs with pulling a container? There's the clock time spent downloading the entire car.g file, which for large files, can be not insignificant that the cost of the network bandwidth.\nGerry Seidman: but if any CPU and IO spent expanding, that's hard on TV onto locales and the disk space required to store them and expand them. So effectively your container start time is the download time plus the expansion time and again these costs are only incurred the first time to container the layers full I say container image but it's per large container. Images are not uncommon. Icon is 1.1 gigabyte. Before you do anything, we have I know of customers that have just taken. Legacy systems and made them into one. Giant could 40 gigabyte Container. and then an example of that would be SAS. If you remember the old statistics programs is? Yes. That's what they did. They're not a customer bars but they have one I think there's 50 or 60 gigabytes. They just\nGerry Seidman: Big one, giant container image big deal. I'm only downloading it once no problems. So if I got a one gigabyte app, I download it to my machine or my server. I got the problem is a scale this adds up. So if I'm deploying a thousand one gigabyte images to a thousand machine a thousand. And they say, if I'm delivering a single gigabyte image to a thousand machine, that means I've got to move a terabyte over my network. which is you don't ever want to start a thing with a terabyte over your network and certainly, if you're in any industry where the network has to be really, Smooth like a bank anything is doing experimentation on it. you don't want that choppiness of the network caused by a lot of pulling of images on. And again, we're running a thousand machines is an uncommon. I mean, we have enterprise customers that are running on\nGerry Seidman: It actually running applications almost 200,000 machines. Tens of thousands of applications not uncommon for a single application, to go to a thousand machines and then we just drifted across the enterprise both locally and globally and cross-cloud. So that's not uncommon and we also have customers that have HPC compute clusters, where they got a thousand nodes and they'll just, blow out the container image To the notes in the classroom so It's not unrealistic. The other thing is that if you're running lots of containers at a single machine either individually with pod man or orchestrated by a Kubernetes, you can have a lot of containers in the machine and that actually causes a bloat in the disc\nGerry Seidman: just by the way. there's the Pie Man Group, an open ship node if you configured it with a bunch of stuff. Turned on can be up to 100 gigabytes of operator interview. So when you're creating a new openshift node, you could be pulling as much as a hundred gigabytes of container images and there are many as factors in the time but it takes about 45 minutes of setup and openshift note. so okay, so now we know, can we take as bad? their respects. so an important observation and this actually goes back, is this software delivery crop, there's over deployment problem goes back to cards, and tapes, and discs, and CDs, and RPM files. and containers, that many of the files in this offer deployment, and the container image are just not used.\nGerry Seidman: They're just not used. unless somebody put a lot of work into calling their deployment. Pretty bloated. In fact, going back to a paper on back in 2016. There's link by harder.\n00:20:00\nGerry Seidman: Pulling packages accounts, for 76% of containers, start time, but only six, four percent of that data is great. That was the result of Studies their analysis over the three years ago but I suspect it's worse, not better. But There you go. So in that prior example, if I'm pushing a thousand copies of a container to, a one gig by tonight near to a thousand machines that one terabyte would go down to 6.4.\nGerry Seidman: And there's a local dishes, reduction of storage actually for more than six for more because the carballs expand again for a single image. It's not important. But I've got a machine with many images, I could have hundreds and they have hundreds of gigabytes of Actively use container images on it on a server or a coin Tom, I'm not going to dwell on this. This is from that 2006 paper, about some example slides, let me go back, What was their research was fast, distribution of lazy doctor containers, and they had this idea that if you could create an index into the target, the file you just cherry pick the\nGerry Seidman: Blocks of the Tar of the blob using HTTP get range instead of just HTTP, get all from the tainer registry. and so, their whole paper is about creating indices and creating these non -standard container images. so this is from there.\nGerry Seidman: There, non-standard implementation, but still they're getting pretty impressive, compressions and pretty significant. Start time improvement. again because it's only pulling down the files that are actually used as runtime. Or so let's not take another digression on container storage. because then this will all come together because My feeling is, never.\nGerry Seidman: Never use a technology. You don't know how to write. So I'm basically going into the internals of you understand how it works in that way? Hopefully everything is clear, container storage. again, This is talking to the choir, he's acquire or I am preaching, that you've got the storage on configuration file storage at Conf file. and then you have a local working directly where the container layers and images information stored on and at those respective paths, this is all implemented in the Storage containers slash image, subsystems,\nGerry Seidman: Just for laughs, I'm just starting with a fresh system I say podman images. And what that does is that actually populates the empty graph of the structure. I can teach drove into everything but that's the kind of the structure of storage in Edwin time with pod man. And if I look at it, when I just created empty, it's about 32k, all right. we're only going to focus on again, in these slides, the things in green are the things remind myself to talk about. There's the overall a storage and that's the storage slash over. that's what the actual files are stored for the layers and images. It's where Information about the images. is stored because again, a layer may be used by multiple image just\nGerry Seidman: All So again doing something simple like a dot pod man poll, it gives us a throws out this number which is the the layer digest of a layer outside the single layer container. this every day I'm saying works on multi-layer containers. It cools down the manifest file and then it copy signature and it goes back the id of the registry, the idea of con that's a digest of the container image and justice. So we'll see these numbers again is 31. is the layer C1, aabv is the looking inside the overlay images file. We see bear again.\n00:25:00\nGerry Seidman: Corresponding to the image ID of C1a. There's a self-direct you c1a with junk under it, but it does include the manifest file and the way you find the Sea 31 e35. that's the actually manifest ID. The digest of the compressed image, not the uncompressed image, which is actually what's used in the manifest file. so the way to find the Actual digest, that layer is doing stuff.\nGerry Seidman: But extracting stuff out of the JSON bucket advo, again, I'm not going to talk it through, but the point of making is that you cannot forget about the 31 e blah blah, because it maps to one to the seven, a 78, 8 blah blah, but we're gonna want. Again let's look at the overlay folder, we see the bear lo and behold is a directly corresponding to that layer. With some files, the saline file being the diff file which contains the files from that layer and I can go directly and see those fun. All right, so we're now and then it run time.\nGerry Seidman: Everyone at runtime. You need a we'll see a second, container layers created. That's the transient regular layer of this container. when the container ends and you remove, podman RM. that layer will go away but I just want to, be clear that I run the container and break some content in it. I can see it actually under over All right. So now We all probably were experts on this before I started talking, but now we're reminded experts. so now we're talking about an additional image store and I'm additional image store, briefly on Alicia Image Store, allows you to have multiple instances of that structure that I just talked about. and\nGerry Seidman: you specify and you have one or more of those. And those are configured in the storage. I can't follow under additional image stores. and what it worked exactly like when you do a poll it looks like any pull, but you pull into a specified copy. So you have actually that directly structure multiple times in multiple plates. All right, depending on how many you have. And so if I pull busy box into that and then I go into that directly the temp slash ais. You'll see lo and behold, I get exactly what I saw before. but the AIS will only be read only. You will never ever be, it's only for the images, the layers from\nGerry Seidman: Downloaded Images. The rewrite layers at runtime, it will always put the rebite layer in your primary route. But notice, I left something out. I just want to be very clear When I ran Alpine 7.5 megabytes just remember that number 7.5, megabytes is the size of alpine, busy boxes smaller, 4.8 megabytes. and when you do a podman images, you have an extra column with them additional restore which will tell you whether it's your store it's coming from whatever you read, only layer stores.\nGerry Seidman: so what's the value, proposition of this, you get to share only layers across multiple users. for example, if the alternate image stores is on a single box, as you know, that in podman root was podman, every user has their own directly structure. Corresponding to storage on digital, allow you to have a single place rather than having every user on a machine. Downloading, the image, they can get from a shared place. another use case is you downloaded into an NSF share. And now, you have files that are being called on your local machine from an NFS share. And so instead of having copies on every machine, you have a copies just share all of this because of the whole into the alternative.\n00:30:00\nGerry Seidman: Image store, it has to be administrative managed. Somebody's got to do something to do that, whether to do the Poland locally of the pull, into the end of the share, on if you haven't read it. There's Daniel Walsh's is article on exploring additional image tours in climate. So the bottom line is part, man, works pretty much to me. Additionally, the creamers standard. It's just allows to have more than one. Let's have extra real now to be contrasted with additional layer store. ALS.\nGerry Seidman: It would, the history of ALS goes back to that harder paper where they tried to create As I said, a way to lazy load containers by having an index into a GC file That's what the essence seekable tar tzus. But that stands for, and that's what they did. I'm not gonna dwell in it. But, the original approves, the concept for ALS was done by a group of NTT engineers, who did the heavy lifting of\nGerry Seidman: Implementing what the harder group did but in actually container slash images just in compares my storage as well as in container d. and it is now shipped. it is in padman today so, ALS provides or additional sources of layer content not about the whole structure of the storage. It's just A layer content on there are actually three examples of uses of ALS the star GC. The NTT one serum I think has one, but I think they may have walked away from it. There's an ipfs implementation, of course,\nGerry Seidman: so, the way you implement ALS is with a fuse driver on because you need some sort of RPC from the container runtime, to say, Hey, I need the thought content of the layer. Can you provide it? It's really what happens at runtime right? But before down do I have the files locally? it says Hey you use file system. Can you provide? And you specify the root of your ALS file system under additional layer stores in the configuration problem.\nGerry Seidman: And so what happens is at runtime, there's an intercept. if it doesn't already have the files, it asks, can you do it? And if you're also says, yes, It's okay, great. Give me your route and I'll get the files from you. we'll see a little bit more details. Don't here. So, in this example I have my Orestore ultimately stored fruit at Chiliary Slash Home slash Store by putting that in your config file. It's telling the container runtime to look\nGerry Seidman: We don't want to query you, it uses the fuses according language, it's kind of an RPC, your future, lash your ALS root slash the basically form of the image Layer Digest. And that's where it's expecting. You to provide. a different directory, as well as some info and info file and the RAW blog if it asks you for it never does. But alright. So again you have to satisfy the ALS RPC by being able to service these paths.\nGerry Seidman: But these paths by your driver. So let's look again. So here's the same thing. I did I have a blank fresh banana storage, the 32k. I do it with my ALS driver running. I saw a problem Paul, everything's the same. And now I look into a dis usage on it, and instead of being 7.5 megabytes, it's 1.4 kilometers. And 104 kilobyte and that's not going to change. The caching is done on AFS. That cash is any different place. so in this case we reduce the container storage size by quite a lot. And the interesting thing is, when I did this Dr. Paul nothing came over the network.\n00:35:00\nGerry Seidman: All that happened was the ALS driver, said I can provide the services. I can provide the file. You didn't answer any file. So I'm not doing anything yet but I'm saying, I can if you false at those directories. So now let's look in the store for that's actually overlay. no this is the ALS route. what my fuse Paul system is providing and my priest is a root with the base 64 encoding of I guess that's io / Alpine. Or something like that, the digest of the layer. And I have to provide.\nGerry Seidman: Basic people of the reference slash died, layer digest, slash Bob /, stiff /, info and doing a little forward. Think notice that, what am I doing in my Orestore? They also implementation. I am I'm just doing a link to a volume on the cell DVD that I mx.com blah blah. Coincidentally with the name, very similar. I'm truncating, the names just for you either use and again just to prove I did an echo of that z blah blah through based 64 decode and yes in fact it is / liver.\nGerry Seidman: going back to container storage. what I'm seeing is that A Digest ID, I see. Under the death rather than the files which I saw before. I just see a symbolic link. again, I did that's what it really is but below I kind of abbreviated so The Overlay slash Layer Digest. Glitch GIF is really a symbolic into that AFS about into that path, which in fact is Going to give you the content of the day ARS or volume.\nGerry Seidman: And I'm just kind of showing you that really works on the slash info just gives you a standard information of the information of that layer. That's a image standard. and if I do a stat - l of the blob file, it says that in fact, if Laos driver can give you the part of the file of that, layer, and it's gonna be three point four, 3.4 mega. and of course, if I run the end and if I just run it, everything runs as normal. So again, the only, I ran this and the storage size, one from seven point five megabytes, a hundred, and four kilobytes.\nGerry Seidman: So that's the trick behind ALS to be many. You can put NFS behind Ali but if the fundamental difference in ALS and AIS, is that, as has a complete replication of that complicated structure, which allows us to reuse a lot of code, it's using the same code as container storage. But,\nGerry Seidman: but with ALS, you're just grabbing the layers on the Web. All right, so this is currently Deployed in pod, You can run it today in five, but if you look in this source code, it says Experimental. And if you look the band page for storage comp, there's no reference. So one of my missions is to get it promoted. and Dan suggested the following route, give a presentation of the pod, man. Cabal, this write a blog article about it.\n00:40:00\nGerry Seidman: Update the man pages to storage account.\nGerry Seidman: Describes additional layer store and makes them create some as a test. I can be run in the continuous integration, I think for the storage fiber. So finally, yes, there are some container accelerator. again, I really want to already All it is a fuse driver at runtime, it's a fuse driver. That maps, those munched names of lake of container image references slash layers to AF volume names in a well-defined manner. How is it configured? Actually look at this actually have in a cell\nGerry Seidman: I have this layer volume that file so actually that path is the same path. That I put in Assuming I'm sorry configuration storage account in the ALS client configuration, give it a path that they bootstrap I don't want Put information on I'm a distributed file system. I might as well have to configuration where it should be. and what that's saying is that The cell name ABC Direct ids.com will service layers.\nGerry Seidman: these are from these repos and you will find it in that cell under the layer name, J-1 Underscore Blah, where the blood and I strip out this shot to pick the same. so that's the mapping to find the air or volume, from from the image and Up. Why does it work where these layers coming from? There's a service called the oyster layer.\nGerry Seidman: Volume generation service that either can be hooked by a webhooks for your container registry or through. A command line tool where you say L V I'll be c Ingest docker.io slash Alpine and all it does does it goes to the container registry, it grabs the manifest? And then, for each of the DIP layers, it says, If I haven't already created an IFS volume corresponding to that in the appropriate cell. I download it and I untar it and then I create an Amazon volume with that. and so that's what the later generation service does, that's it. So now I'm gonna stop sharing and I think I was not too over and I haven't heard anything. So hopefully\nDaniel Walsh: Can you hear us now?\nGerry Seidman: Hopefully people here, it might get presentation. Good can't hear you.\nDaniel Walsh: Yes.\nGerry Seidman: Could somebody say something our speakers muted?\nDaniel Walsh: we're trying to talk, you can't\nGerry Seidman: No, they're not. Okay, so people are speaking. I'm gonna just\nDaniel Walsh: Can you hear us now?\nGerry Seidman: Okay. Tom. You raise his hands.\nGerry Seidman: Are you speaking time? And hold on a second,\u2026\nTom Sweeney: Can you hear anything? At all during\nGerry Seidman: I'm sorry.\nTom Sweeney: Can you check chat?\nTom Sweeney: And here's\nGerry Seidman: My Bluetooth. I'm having technology problems. I apologize.\nEd Santiago Munoz: first past,\nGerry Seidman: and so,\nTom Sweeney: I don't think he's on board yet. you can hear us. Okay.\nGerry Seidman: I can hear you now. Yeah, my Bluetooth. Down.\nGerry Seidman: Who knows all these screen sharing things do weird,\u2026\nTom Sweeney: I'll be.\nGerry Seidman: things that Bluetooth and it turns out the speakers on my laptop don't work. So I had to put an external speaker.\nTom Sweeney: Okay, so We do have a couple questions that were queued up while you were talking,\u2026\nGerry Seidman: I apologize.\nTom Sweeney: and we couldn't get your attention. So Chris had one that was can volume store extended attributes,\u2026\nGerry Seidman: Absolutely.\n00:45:00\nTom Sweeney: ie SE Linux labels\nGerry Seidman: extended attributes're currently not supported, they will be supported in the next release of our store. and I'm guessing you asked that because the overlay file system wants speaks so it turns out pod man is good Kubernet. Openshift is bad because POD Man default to fuse overlay at this. I refuse every AFS I can provide them the dot, the white app files But in the next version of Aura Store, we'll be able to do that. We're actually doing some other stuff. We're also doing verities checking and things like that which will make us the only just distributed file system that can do that. That's already if and when you care on etc.\nDaniel Walsh: Gerry. I asked Access control. Is that done on the server side,\u2026\nGerry Seidman: Yes. there,\u2026\nDaniel Walsh: or the client side?\nGerry Seidman: there's a problem. Ask the control of an interesting thing, because there's actually three different places where your Baptist control. You have the Unix bits that are in the container images. Those are preserved by container of the standard pipeline, there's the permission to download the layers on the container registry. And then there's the permission to access the AFS volume.\nGerry Seidman: All right, three different places We can restrict.\nGerry Seidman: A runtime application to access the files in an AFS volume. We can do that. We can put access control on the volume. We can't do it on the per file because I can't be worth that. Can't be represented, we actually can but it makes no sense in the whole container model. but if you would really want to do that, you would want to have a container registry that would never serve the product PZ.\nDaniel Walsh: yeah, yeah, because we've been in the past if I put stores on And network file store. For instance, NFS. It doesn't understand username space. So if I'm in using a space and I tried to chone a file, the service says, no because it doesn't want, UID the Walsh to Jones. Uid 100,000 Yeah.\nGerry Seidman: Got it. Yeah. Yeah, I don't think yeah, good.\nDaniel Walsh: I think it Would AFS work same way.\nGerry Seidman: And that's the book. No, I guess would work. I don't,\u2026\nDaniel Walsh: What?\nGerry Seidman: I don't know why it's out of my pay grade but if I \u2026\nDaniel Walsh: So, you think Andrew would allow that?\nGerry Seidman: I believe. So I could run a quick check, but I believe it does. But take that as a qualified. Yes.\nDaniel Walsh: All right, so yeah, when you were showing the additional layer store, you have a tool.\nGerry Seidman: And hopefully, I'll play it in this representational image store.\nDaniel Walsh: No, no additional. But I liked a lot of lights and it'd probably be helpful. If we got some of those slides up to basically describe all this stuff all works the ALS Though.\nGerry Seidman: Every.\nDaniel Walsh: You say there's a fuse file system that's required, we is that fuse file system open source at this point.\nGerry Seidman: It's an implementation specific thing, the start the MTT one, the star gz one is the orcer.\nDaniel Walsh: Right. Okay.\nGerry Seidman: One is not but\nGerry Seidman: It's a Long story. As to why or store is not open source? We'd love to be.\nDaniel Walsh: Right.\nGerry Seidman: We just can't eat and build in source.\nDaniel Walsh: That's fine. So, you have a tool that is creating these additional layer stores.\nDaniel Walsh: in a format that we can get some to buy making consume. Hi.\nGerry Seidman: Yep.\nGerry Seidman: Yeah, yeah, I think it's that the image layer digest to layer, the orcer layer volume. Configuration is, this is shared by the server and the service that creates them as well as the client. yeah.\nDaniel Walsh: and lastly, the\nGerry Seidman: Anything and there's a little thing I want it. Also mentioned Big organizations that have a lot of apps over. A lot of time have a lot of problems with Cullen. when when you call something and our customers are always asking what can we do to help and it's not a lot we can do to help because you can only at best in for certain things, but and the container images you have this an even worse problem because you are Ask you be, cashed far away, and have it for a long time. And so we posited that we could get some some users metrics from our ALS drunk from our fuse driver. Of the weather layers are being used, would you?\n00:50:00\nDaniel Walsh: Yeah. So if he had a layer that has been used in three years that you can get rid of it.\nGerry Seidman: Right. Exactly.\nDaniel Walsh: other questions, anybody?\nDaniel Walsh: So, why would you prefer to use ALS rather than just doing? Ais.\nGerry Seidman: This. One is the dynamic nature of it that there's no pull. The other with. Areas is, I would have to figure out how to do it. Because I'm mapping, I'd have to do something in image store, to do From. The appropriate path where ALS jumps off. where was storage? as it's just the standard storage, overlay slash blah. I don't know how I would even look into that without doing some. Plumbing. In story. Right.\nDaniel Walsh: I guess, lastly, the reason've people have said they won't use Ais in the past has been laden. so that you're running a container, it's running fine for a long period of time and\u2026\nGerry Seidman: Okay.\nDaniel Walsh: then all of a sudden decides to access some piece of data that is in cash. And It goes into a pause.\nGerry Seidman: Yeah, I mean but yes the answer is one of the events of a alsover. Over AIS in that regard is the cash. If you hit something, you haven't hit the long time. it may still be in the cash for the NFS. You're always doing it whether you voted it recently or not. Could be cashing is much.\nGerry Seidman: And not as good. which,\nGerry Seidman: and one of the things they did in East RG, the Star Gz project which we have talked about doing as well to That problem is to create a manifest of files to pull the pold to populate to feed the cash. When I was at Redhead Summit, I spoke extensively with somebody who works as a cruise line and a ship is one giant. Open ship cluster. And they have a lot of pain bouncing that off of a satellite network. That's extensive and slow and loss and unreliable.\nGerry Seidman: So to meet their needs, we talked about adding functionality of, like I said, a seat a seed, set of these are files, you should preload and those can be obtained by observing fire runs of the application on. That's already implemented again in Star Gz, You look at there's a way to somehow I forget how but somehow specify however how to pre-pull Anyway this is funny because it sounds the fast start but by default it then lazy loads the whole image. So you're going to fast start, but eventually you have all the fossils.\nTom Sweeney: Okay, I'm gonna have to hold questions here because we are way over time and\u2026\nGerry Seidman: So sorry.\nTom Sweeney: yeah, no problem. but thank you Gerry's, very interesting. And if we'd love to have you back in the future,\nGerry Seidman: Okay, I'm gonna post that I post. Only I possibly, you guys have. Yeah. Hopefully that wasn't too fast.\nTom Sweeney: Yeah, we have the link.\nTom Sweeney: That briefly.\nMatt Heon: That's delay until Monday. Four minutes is a little late to talk about this and I don't want pushes. or without we'll delay this,\u2026\nTom Sweeney: Okay.\nMatt Heon: until next time we can\nTom Sweeney: Okay, yeah, it's gonna be a couple.\nDaniel Walsh: I get.\nTom Sweeney: Yeah. This.\nDaniel Walsh: Yeah, just for those I guess we're not gonna start for another week for that sex is what bottom line, right?\nMatt Heon: Yeah, at this point I would like to get things rolling but we can probably get the ball rolling during the planning on Tuesday and then see things roll from there. I would hope to have an RC out in two weeks maximum.\n00:55:00\nTom Sweeney: Yeah, and our end goal for four sixes to have something out by mid to late August.\nMatt Heon: No, that's four seven and go for four,\u2026\nMatt Heon: six is to have something out very early July. Hopefully\nTom Sweeney: But much more expedient that I had Given that I think I'm going to wrap up this meeting and just I do.\nGerry Seidman: I'm going to question\u2026\nTom Sweeney: No, I do the Sure.\nGerry Seidman: if I make is really advanced when we met you, we talked about there should be a man page other than storage on Conf Where would man information go? I can't think of any place because there's no just storage.com Good.\nDaniel Walsh: Right. You're going to Storage.com. Yeah.\nGerry Seidman: Okay, I just wanted to confirm that. Thank you.\nTom Sweeney: Okay, so our next cabal meeting will be on July 20th. Same time, 11 o'clock in the morning eastern time and then our next community meeting will be happening on Tuesday, August 1st. I'd like to thank Gerry very much for coming here. Presenting today is great information and for everybody participating and with that, I'm going to turn off the recording.\nTom Sweeney: And so many buttons to click to turn off the recording, Anybody want to say anything or comment anything? Without recording going on.\nTom Sweeney: Because a big fat no and say let's go get some lunch dinner and get out of here. Right.\nDaniel Walsh: Nope. Gerry I'm glad I could attend but I was supposed to be on a flight out to Europe and never made\u2026\nGerry Seidman: I'm glad you got made it\u2026\nDaniel Walsh: So, I'm stuck in DC right now. So,\nGerry Seidman: hopefully, it clarified a little bit more what we're doing.\nDaniel Walsh: Yeah, know I found an interesting. It's\nGerry Seidman: Yeah. This scary thing is how incredibly simple it is. and\u2026\nDaniel Walsh: yeah.\nGerry Seidman: it works because we have a million lines of code of a really good secure distribution policy system underneath but the ALS part and\u2026\nDaniel Walsh: Right.\nGerry Seidman: they container part it's trivial.\nDaniel Walsh: What was AFS first introduced,\nGerry Seidman: It isn't a history of the brief history. once upon a time, There were no computer science departments, there were math, departments at ED Departments, and back in 1982, CMU was forming a computer science department and IBM. And if you want to start a department, you need researchers to pull it in. So, I'd be able to length and seven of the researchers, when IBM did real research and gave them 35 million dollars and said, Focus on distributed computing. And that was the start of the CMU Department and the start of the Andrew project.\nGerry Seidman: And many things came out of the Andrew Project. IBM's distributed transaction processing system came out of that and they made a billion dollars on that. So they got their money back in spades and the end system came out of it, too. the intention was to spin off companies FS on into plans are IBM, which was a product. No idea in real life, AFS doesn't sell hardware and they decided sunset, it and ended up and open source. and it struggled in open source and forest formed by them primary open source, people to Make it good. And he mentioned,\u2026\nDaniel Walsh: It's cool.\nGerry Seidman: who's using it, by the Department of Defense is used by Horn of Energy. She's my major banks, many different use cases.\nTom Sweeney: The PCE back in the day. Also, Do you know was a part of DCE distributed computing environment.\nGerry Seidman: it was,\u2026\nTom Sweeney: That was a\nGerry Seidman: There was a fork of it. That went into that, I think. Again, that's way before my time. You\u2026\nDaniel Walsh: Thank you.\nGerry Seidman: I'm relatively new to this world. In historical.\nDaniel Walsh: Dte DC came a few years later. So,\nGerry Seidman: Yeah.\nTom Sweeney: There are some early 90s.\nDaniel Walsh: but,\nGerry Seidman: Yeah. What happened was got Guam density, Athena project. If you remember the Athena project MIT, which you did okay.\nDaniel Walsh: I worked on it being a project, so\nGerry Seidman: Which led to some licensing issues and it issues and questions that Dot, It was a different world. But how software was?\nGerry Seidman: Used by different people.\nTom Sweeney: Banner,\u2026\nDaniel Walsh: Yeah.\nTom Sweeney: you're making it to check. Are you coming back to me?\nDaniel Walsh: I am making it to check and flying out at 5:30 tonight. And Mandela,\u2026\nTom Sweeney: Choices.\nDaniel Walsh: I'm right outside of Dulles airport right now. Waiting to Have any extended stay at a hotel room.\nDaniel Walsh: Late. Check out.\nTom Sweeney: Yikes.\nDaniel Walsh: alright. Good Gerry, good step, one done. I need step two, three four. And we'll\nGerry Seidman: Okay, I've written the documentation, but the problem is that, I think I wrote too much For the Man page but I'll run that by you.\n01:00:00\nDaniel Walsh: Yeah, you're probably confused the all right.\nGerry Seidman: Excuse me.\nDaniel Walsh: You'll probably confuse everybody by putting a huge section. Yeah.\nGerry Seidman: The Man page for AIS is one line. Put stuff here.\nGerry Seidman: I could do that too.\nDaniel Walsh: Alright.\nGerry Seidman: Thank you guys. Have a great afternoon.\n")))}Qo.isMDXComponent=!0;const _o={},Xo="Podman Community Cabal Meeting Notes",$o=[{value:"July 20, 2023 11:00 a.m. Eastern (UTC-5)",id:"july-20-2023-1100-am-eastern-utc-5",level:2},{value:"Attendees:",id:"attendees",level:2},{value:"July 20, 2023 Topics",id:"july-20-2023-topics",level:2},{value:"Meeting Notes",id:"meeting-notes",level:3},{value:"Passwd and group entry handling with --user, etc. issue (0:354 in the video) - Justin Jereza",id:"passwd-and-group-entry-handling-with---user-etc-issue-0354-in-the-video---justin-jereza",level:3},{value:"ipfs integration into Podman - Anders Bjorklund",id:"ipfs-integration-into-podman---anders-bjorklund",level:3},{value:"Podman Release (32:33 in the video) - Matt Heon",id:"podman-release-3233-in-the-video---matt-heon",level:3},{value:"Open discussion (: in the video)",id:"open-discussion--in-the-video",level:4},{value:"Next Meeting: Thursday, August 16, 2023, 11:00 a.m. EDT (UTC-5)",id:"next-meeting-thursday-august-16-2023-1100-am-edt-utc-5",level:3},{value:"Possible Topics",id:"possible-topics",level:2},{value:"Next Community Meeting: Tuesday, August 1, 2023, 11:00 a.m. EDT (UTC-5)",id:"next-community-meeting-tuesday-august-1-2023-1100-am-edt-utc-5",level:3},{value:"Possible Topics:",id:"possible-topics-1",level:3},{value:"Raw Meeting Chat:",id:"raw-meeting-chat",level:3},{value:"Raw Google Meet Transcript",id:"raw-google-meet-transcript",level:3}],ei={toc:$o},ti="wrapper";function ni(e){let{components:t,...n}=e;return(0,me.kt)(ti,(0,K.Z)({},ei,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-cabal-meeting-notes"},"Podman Community Cabal Meeting Notes"),(0,me.kt)("h2",{id:"july-20-2023-1100-am-eastern-utc-5"},"July 20, 2023 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h2",{id:"attendees"},"Attendees:"),(0,me.kt)("p",null,"Aditya Rajan, Anders F Bj\xf6rklund, Ashley Cui, Ed Santiago Munoz, Jake Correnti, Justin Jereza, Lokesh Mandvekar, Martin Jackson, Matt Heon, Miloslav Trmac, Mohan Boddu, Nalin Dahyabhai, Paul Holzinger, Tom Sweeney, Valentin Rothberg"),(0,me.kt)("h2",{id:"july-20-2023-topics"},"July 20, 2023 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"passwd and group entry handling with ",(0,me.kt)("inlineCode",{parentName:"li"},"--user"),", etc. ",(0,me.kt)("a",{parentName:"li",href:"https://github.com/containers/podman/issues/18903"},"issue")," - Justin Jereza"),(0,me.kt)("li",{parentName:"ol"},"ipfs integration into Podman - Anders Bj\xf6rklund to kick off",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"See ",(0,me.kt)("a",{parentName:"li",href:"https://github.com/containerd/nerdctl/blob/main/docs/ipfs.md"},"https://github.com/containerd/nerdctl/blob/main/docs/ipfs.md"),"\nit is about peer-to-peer image distribution, using OCI ",(0,me.kt)("a",{parentName:"li",href:"https://github.com/containerd/stargz-snapshotter/blob/main/docs/INSTALL.md#install-stargz-store-for-cri-opodman-with-systemd"},"estargz")," format"),(0,me.kt)("li",{parentName:"ul"},"Question for containers/image, fallback is ",(0,me.kt)("inlineCode",{parentName:"li"},"localhost:5050/ipfs/"),"\n(proxy server from IPFS, started with ",(0,me.kt)("inlineCode",{parentName:"li"},"nerdctl ipfs registry serve"),")")))),(0,me.kt)("h3",{id:"meeting-notes"},"Meeting Notes"),(0,me.kt)("p",null,"Video ",(0,me.kt)("a",{parentName:"p",href:"https://youtu.be/O-6RWIcIvqk"},"Recording")),(0,me.kt)("p",null,"Meeting start 11:05 a.m. Thursday, July 20, 2023"),(0,me.kt)("h3",{id:"passwd-and-group-entry-handling-with---user-etc-issue-0354-in-the-video---justin-jereza"},"Passwd and group entry handling with ",(0,me.kt)("inlineCode",{parentName:"h3"},"--user"),", etc. ",(0,me.kt)("a",{parentName:"h3",href:"https://github.com/containers/podman/issues/18903"},"issue")," (0:354 in the video) - Justin Jereza"),(0,me.kt)("p",null,"Docker wasn't able to create the uid/gid correctly, but Podman was. Justin showed a script that showed the steps used to test Docker and Podman to show the issue. Docker doesn't create the entries in user/passwd files, while Podman does."),(0,me.kt)("p",null,"He ran through a number of man pages for Podman, showing where this was going on."),(0,me.kt)("p",null,"Just is suggesting adding/modifying these options:"),(0,me.kt)("h1",{id:"do-these-options-continue-to-add-a-passwdgroup-entry-or-is-it-a-bug-because-it-doesnt-follow-the-docker-behavior-exactly"},"Do these options continue to add a passwd/group entry or is it a bug because it doesn't follow the Docker behavior exactly?"),(0,me.kt)("h1",{id:"docker-behavior-doesnt-add-passwdgroup-entry"},"Docker behavior doesn't add passwd/group entry"),(0,me.kt)("p",null,"--user\n--group"),(0,me.kt)("h1",{id:"retain-these-and-add-passwdgroup-entry-to-the-container-from-the-host"},"Retain these and add passwd/group entry to the container from the host"),(0,me.kt)("p",null,"--userhost\n--usergroup"),(0,me.kt)("h1",{id:"these-continue-to-function-as-they-currently-do"},"These continue to function as they currently do."),(0,me.kt)("p",null,"--passwd-entry $(getent passwd $UID)\n--group-entry $(getent group $GID)"),(0,me.kt)("p",null,"Using these options he's proposing adding to the pertinent files on the host for each of these options."),(0,me.kt)("p",null,"The discussion started in the issue noted in the title. Please review and add comments there."),(0,me.kt)("p",null,"Matt in concerned that there may be resistance about moving some of this functionality away from the system."),(0,me.kt)("p",null,"Split the problem into to fixes. Make --user/--group work as Docker does."),(0,me.kt)("p",null,"Paul asked if the difference in user/group between Docker/Podman is a problem? Justin doesn't see a bad effect to that. He's OK with it as is. Paul's worried that changing that now for user/group might cause a change in behavior that others would not be happy with. Justin is brining this difference up only due to it being different, not necessarily that it's wrong. "),(0,me.kt)("p",null,"Matt believes the current functionality was added as a convenience sometime in the past. He also think we could firm up the documentation here as to the whys of the behavior."),(0,me.kt)("p",null,"Justin is OK with retaining the current user/group behavior."),(0,me.kt)("p",null,"Just says we're using a groupID in a groupName field, and Miloslav said that's a bug if that's happening. We should be creating a name if one is not getting there."),(0,me.kt)("p",null,"This is a food for thought, and he'd like people to consider it going forward."),(0,me.kt)("p",null,"Issue of note: ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/issues/18903#issuecomment-1595048047"},"https://github.com/containers/podman/issues/18903#issuecomment-1595048047")),(0,me.kt)("p",null,"Matt is going to tag Dan Walsh on the GitHub issue to see if he can comment on this."),(0,me.kt)("p",null,"Jason is Teminus in Matrix/IRC."),(0,me.kt)("h3",{id:"ipfs-integration-into-podman---anders-bjorklund"},"ipfs integration into Podman - Anders Bjorklund"),(0,me.kt)("p",null,"Postponed"),(0,me.kt)("h3",{id:"podman-release-3233-in-the-video---matt-heon"},"Podman Release (32:33 in the video) - Matt Heon"),(0,me.kt)("p",null,"Podman v4.6 RC2 now, final today. Podman v4.6.0 today. Planning to do Podman v4.7 in early fall. Then a Podman v4.8 in a February 2024 time frame."),(0,me.kt)("p",null,"Podman v4.6 is a relatively large release. A number of podman machine fixes/stabilizations. Podman v4.6.1 should be out in a couple of weeks, in early/mid-August. V4.7 should have some Hyper-V improvements for the podman machine. Also, podman compose improvements."),(0,me.kt)("p",null,"Usually, a 4 to 6-week process to get into CoreOS via the stabilization soak process for any Podman release."),(0,me.kt)("h4",{id:"open-discussion--in-the-video"},"Open discussion (: in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"None")),(0,me.kt)("h3",{id:"next-meeting-thursday-august-16-2023-1100-am-edt-utc-5"},"Next Meeting: Thursday, August 16, 2023, 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h2",{id:"possible-topics"},"Possible Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"None Discussed")),(0,me.kt)("h3",{id:"next-community-meeting-tuesday-august-1-2023-1100-am-edt-utc-5"},"Next Community Meeting: Tuesday, August 1, 2023, 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h3",{id:"possible-topics-1"},"Possible Topics:"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"None Discussed")),(0,me.kt)("p",null,"Meeting finished 11:43 a.m."),(0,me.kt)("h3",{id:"raw-meeting-chat"},"Raw Meeting Chat:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Justin Jereza10:56\u202fAM\ncan you here me ok?\nYou10:56\u202fAM\nI can not hear you at all\nJustin Jereza10:56\u202fAM\ngonna see if i can fix it.\nYou10:56\u202fAM\nI can see you just fine.\nJustin Jereza10:58\u202fAM\ni'll just use a phone for audio. mic doesn't seem to be working well on fedora.\noh wait, that only works in the US. heh\nJustin Jereza10:59\u202fAM\ni'll reconnect and see if it works.\nJustin Jereza11:01\u202fAM\nis my audio working now?\nEd Santiago Munoz11:01\u202fAM\n@Justin I see your lips moving, and you're unmuted, but do not hear you.\nEd Santiago Munoz11:06\u202fAM\nAudio is very very bad\nYou11:16\u202fAM\nhttps://github.com/containers/podman/issues/18903\nValentin Rothberg11:28\u202fAM\ntime check\nPaul Holzinger11:28\u202fAM\nI have to drop\nYou11:31\u202fAM\nI'm going to go to 40 past the hour on this, then on to Matt, we have no other topics.\nJustin Jereza11:34\u202fAM\nhttps://github.com/containers/podman/issues/18903#issuecomment-1595048047\nJustin Jereza11:35\u202fAM\nTerminus in #podman IRC/matrix channel.\nYou11:43\u202fAM\nhttps://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nAditya Rajan11:44\u202fAM\nthanks justin !\nMohan Boddu11:44\u202fAM\nThanks Justin\nxrq-uemd-bzy\n")),(0,me.kt)("h3",{id:"raw-google-meet-transcript"},"Raw Google Meet Transcript"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Transcript\nThis editable transcript was computer generated and might contain errors. People can also change the text after it was created.\nTom Sweeney: Okay, everybody. Welcome to the Batman Community. Cabal meeting today is Thursday. July 20th, 2023. We have two topics for today. The first one is about password and group country handling with desktop user and etc. That on Justin's gonna be leaving us on. We also had a discussion about Ipfs integration department lined up over, Dan and Brent are both not here and Anders, who would kind of kicking that off for us, was kind of saying that. Maybe we ought to wait off for that. Once I think we're not going to discuss that much. We have Somebody with strong opinions to do so today. And then Matt you wanted to talk a little bit about pot Versions coming out to\nMatt Heon: Sure I can give us another video that's\nTom Sweeney: Okay, go and talk about that after Justin finishes. So with all that, just welcome to the meetings. Nice to have you here. And please leave it off.\nJustin Jereza: just, Going forward.\nJustin Jereza: Okay, so I said, put my plug in the issue that she could make up to the hospital and said. It's scary. And\nValentin Rothberg: No.\nTom Sweeney: Yes, it looks good.\nJustin Jereza: Happens. Is that\nJustin Jereza: but,\nJustin Jereza: Okay, so what happens?\nJustin Jereza: create password and the bottoman base. So that's\nJustin Jereza: so he followed by the office, why\nJustin Jereza: The problems. Where he?\nJustin Jereza: So, you can see here.\nJustin Jereza: That's the problem. so,\nJustin Jereza: so this thing that we'll find it. And it's a series of Department of events that you.\nJustin Jereza: That's the senior, and File. And finally,\nJustin Jereza: So that's even presentation. There. Yes.\nJustin Jereza: And I think Chris also got the supposed and that this Are almost.\nJustin Jereza: presentation. and finally,\n00:05:00\nJustin Jereza: that's US Open. before, like, He?\nJustin Jereza: post and with just\nJustin Jereza: And that's what he\nJustin Jereza: so we know for acceptable commandments.\nJustin Jereza: In this case, 25 with the possibility of adding something either. Which were I don't do the same thing. This user host was just take the bathroom people that are so moving experiment. I think we can actually useful person in certainly. And just did and just innovation somewhere that you can do the classroom and password you.\nJustin Jereza: And that would eliminate those three. And so far, I hope the industry much\nJustin Jereza: So that's the community. What? It boils down to we have These six options and how do we move forward from there? And the presentation give him what's mentioned in the issue and what\nJustin Jereza: the status.\nJustin Jereza: So I don't I think that's it. You guys have any comments on this?\nTom Sweeney: I have a hard time following a little bit as well just know, because the audio was kind of Creaky or monthly I guess. I don't know. Any Valentin or Matt. Do you have any thoughts based on this or the discussion that's been going on? And issues.\nValentin Rothberg: no, I did not follow the issue, so I guess it will be hard To, I guess find consensus now in the meeting. on how to move forward, but thanks a lot for the problem. how would you prefer to move forward? Justin?\nTom Sweeney: Ation.\nJustin Jereza: He mentioned in.\nTom Sweeney: Ation.\nTom Sweeney: Ation.\nJustin Jereza: Okay.\n00:10:00\nJustin Jereza: There are.\nJustin Jereza: Of what he? About where as the corresponding. Password entries into the container energy that Doctor doesn't have.\nJustin Jereza: The second part.\nJustin Jereza: You Want to show you often a different example.\nJustin Jereza: What he\nJustin Jereza: and create a course on YouTube option, that would be the same for groups. Even. We place the objects or remove the entirely and need able to presentation. that you\nJustin Jereza: I said,\nJustin Jereza: The time.\nMatt Heon: Comments after everything.\nJustin Jereza: sorry, I\nTom Sweeney: I've just added it.\nJustin Jereza: saw the Side. And\nTom Sweeney: It's in the.\nTom Sweeney: Yeah, it is in the agenda, not just added it into the Google meet chat as well\u2026\nJustin Jereza: yeah.\nTom Sweeney: if that's easier.\nMatt Heon: I will say that there's going to be resistance to the idea of moving any functionality away from existing, I can use this. That is The reason we added a lot of this was for convenience and we recognize that it's not necessarily completely compatible Maybe it's not been cases The ability to just do and use your smile user and gets a fairly musical session is important. So I think that we don't necessarily want to take\nJustin Jereza: so, I'm thinking basically how about just organizations down here. So,\nJustin Jereza: okay, reduce to lose you.\nJustin Jereza: and Then for user Presentation says, but he\nJustin Jereza: And that's\nJustin Jereza: then finally, He?\nMatt Heon: I don't know if we want to stream sleep system behavior. You can definitely additional offense that are going to guarantee creation of guarantee modification. The password, I'm not at all close to that, thought it always that. If we were to modify the behavior of existing usually group options, we are going to break people. It is hardly\n00:15:00\nJustin Jereza: The user options. Anything like you just and us and that's what.\nJustin Jereza: lead to, I just\nJustin Jereza: Completely others are how? And yeah.\nJustin Jereza: You thought so then?\nPaul Holzinger: So, maybe the question is What does the problem with? Adding the Entry, it is then actual problem, like something preventing you from getting us to work. Or it's just a different in, if you look at the fire because I don't, See. Why your container image would care that much,\nJustin Jereza: yes, I don't think. That he needs it from how God, it deserves as an impact. Okay. Yes if\nJustin Jereza: I don't really see any. So, If you guys inside that, Hector, and it's okay. But I think that, okay.\nPaul Holzinger: Yeah, because if we would remove adding the entry, then stuff could change behavior, right? If you ask what's your username in the container? If there's no entry Then You cannot know. So, for Portman uses that, it's a potential recreation and we try to avoid making this change. And if there's no reason for this change, just other than toca compat, but there is no one who breaks. I don't see why Be sure to change it at all,\nJustin Jereza: It's yes, a difference in behavior, not that I really believe that. it's 25 anything wrong with And differently. The problem that's handled.\nMatt Heon: If I remember correctly, this was originally added as convenience functionality, or ruthless pot man. I don't remember the exact context of that that there is a reason why we put it in the first place. if I had an opinion here would be that it's That it's not consistent because I'm 90 I don't have the code in front of me, but I kind of remember what it looks like. And I'm pretty sure the 90% of circumstances were not going to change password and group, but in the 10% circumstances that we do, it could be confusing. So we definitely have a documentation problem It's not going to be clear to users. Why these changes? Have. But what do you call it? I don't necessarily know.\n00:20:00\nPaul Holzinger: Seen the big use case, I think is the user anders keep which sets your user ID and then in the container you want, the classic Toolbox use case basically so, You want your user copied in and\u2026\nJustin Jereza: He?\nPaul Holzinger: and behave it, The same. I think it was probably edit because of something like that.\nJustin Jereza: I think that basically just thoughts, and in the editor that I can see, And I think that's the three box situation where you would want it. That's inviting so, I did where it's a reason. Why this in You should increase. so,\nJustin Jereza: I think that's a good.\nJustin Jereza: Within the big nation. Yeah.\nJustin Jereza: The next thing happened. we're getting the functionality of the group. the other thing is,\nJustin Jereza: I like this. Okay.\nJustin Jereza: The name of the user. And so it's the line that shows you. And in this case instead of coffee, which I believe in this case, yes, that's the name of the house. He?\nJustin Jereza: Said.\nJustin Jereza: I did, he just\nJustin Jereza: I mean problems and\nJustin Jereza: Keep. I just\nMiloslav Trmac: Okay, I think using group ID in the Group Name. Field is just not going to work. So if we are doing that, I don't know whether it's about that we can always fix. I'm not familiar with the code but there's definitely something\nJustin Jereza: So let's\n00:25:00\nJustin Jereza: Know.\nMiloslav Trmac: Bottle bubbly. I mean we kind of invent an entirely new random name. Just the principle of the thing is that there has to be a name India.\nMiloslav Trmac: Or. Maybe actually not. I'm sorry\u2026\nJustin Jereza: So I guess one way to think about this,\u2026\nMiloslav Trmac: if you are Edina and entry.\nJustin Jereza: this will you mind space on whether they're actually?\nJustin Jereza: So in the case of, I think that options they should follow you in this case, The. Saves me. But he accepts and happening on both. when it comes into the containment and not presentation,\nJustin Jereza: and then,\nJustin Jereza: that's,\nJustin Jereza: But if we did have that, then both of these will also look at the host.\nJustin Jereza: Coffee here. It's probably really the last two. Which should allow me to. I\nJustin Jereza: And so password, and something that has books\nJustin Jereza: You and the same, it's good for you to hold and Just talking.\nJustin Jereza: the wheels are the people who really\nJustin Jereza: Wow, happy and the post.\nJustin Jereza: Silently as well.\nJustin Jereza: But I think if\nJustin Jereza: and the issue I\nJustin Jereza: Specifically. And whether they should be probably from the host or not,\nJustin Jereza: It's here.\nTom Sweeney: So I'm hearing a bit of silence here and I think people need some time to digest and take a look at the issue on Github and we probably ought to wrap this up in a few more minutes just in. Is there anything else you'd like to ask her say\n00:30:00\nJustin Jereza: It just something that has to solved immediately, it's just\nJustin Jereza: it's right education.\nJustin Jereza: and there are matrix. so,\nMatt Heon: I'm going to tag Dan Walsh on this issue. That is like, he's not in the meeting right now, but I think it was the original instigator behind Ad.\nJustin Jereza: Yeah. So if you have any more and protectively, we're done.\nJustin Jereza: if you guys think I've been right, yeah.\nJustin Jereza: that's,\nTom Sweeney: Sorry, I'm talking away on mute which isn't very helpful at all. Justin, thank you so much for coming today and getting this discussion going and I'm sure it will continue on inside Github and I RC and Matrix going forward. Matt's, you have plot, Coming up pretty soon. You want talked about that a little bit.\nMatt Heon: Let's see. So we are getting ready for for six. We are in Rc2 right now and Ashley correct me if I'm wrong but I expect a final release and\u2026\nJustin Jereza: E.\nMatt Heon: sometime early next week. Is that what we were planning or am I wrong?\nAshley Cui: I thought we were putting the release today.\nMatt Heon: Okay, that's early that I was expecting but that gives everyone something to look forward to after this so pod, 4 6, final probably. Today, we are still expecting to do a four seven. We were expected to do with this summer, but honestly, at this point, it's probably gonna slip into September, but I would expect a four seven in early fall, I would call it and then a four eight somewhere in the February ish timeframe. four six it's a moderately large release, it's a fairly substantial feature release. It's been a while since I looked at the, What do you call the voice notes? But it's gonna have some interesting things. I think this is not\nMatt Heon: Is this one of the bigger releases for what? I call it Admin Machine? I'm thinking we added something big there at the point is slipping my mind.\nAshley Cui: Not a big feature, but a big fix. I think for stabilization.\nMatt Heon: That's worse. Yeah, we have a lot of bug fixes in system service. We have a spattering of each releases everywhere and generally speaking, I am expecting a 461 and a week or so that'll have a bunch of public fixes it based on any issues, the release happens. And then of course seven maybe six weeks thereafter and four seven is going to include a couple other interesting features. I'm hopeful that we can get some additional windows support in the pot and machine, especially man on hyper-b. We're putting a lot of work in there and I don't want to speak for Brett because he's not here. Maybe we will also have some things. osx native virtualization. let's see. and that's probably the odd, man, composed work that Valentin has been working on the other that just landed. So, feel free to look at that comments.\n00:35:00\nMatt Heon: Yeah, that's about it Wise any questions?\nTom Sweeney: I'm hearing silence.\nAnders F Bj\xf6rklund: When would this come to the apartment machine or core OS?\nMatt Heon: Usually, we expect that poor to six week. Basically, we have to get into fedora. Then we have to work our way through the fedora core os, unstable, streams until it's in stable. So, we usually expect to lag by about a month six weeks. It could easily be faster on that, but it usually takes this year or a couple weeks beyond that, so you get at Paul's compose. Exactly. So there is a substantial time.\nTom Sweeney: Must not this particular Pac-Man release but any partner released in general, right?\nMatt Heon: Yeah. If it is a particularly important noise, if we had some absolutely critical bug fixed in, there are ways we can expedite, but we prefer not to do that because it puts more workload on us, it with your work, run the F cost team. And generally speaking, no one likes doing this. So, if we do not have something extremely urgent, we're going to go through the soap process which\nTom Sweeney: It sounds good. Right, I'm not sure if I mentioned this after I started the recording but we're going to pass on the ipfs integration into Pod man topic that we had on the agenda today we're going to push that out later or perhaps even postpone it further discussions to go offline on that and then given that I am going to open up to any topics or questions at this point in the open discussion session. If I have anything they want to talk about or ask questions about\nTom Sweeney: It's two centigrate equipment. you're considering I'll just note when our next For the Cabal again will be Thursday. August 16th 2023 at 11am in our community meeting is coming up very soon. It's actually just a little under two weeks now, I guess. And that's going to be on Tuesday, August 1st. Also at 11:00 am. I would love to have topics for other? I have one topic for the community meeting at what it is right now but I don't have any flickable at this point. So if you have suggestions for topics that you'd like to see or presentation better yet present on Friday, those meetings, I'd love to hear one last call. Any further questions, comments. Why is I'll stop the recording?\nJustin Jereza: And sorry guys. I\nMeeting ended after 00:38:36 \ud83d\udc4b\n")))}ni.isMDXComponent=!0;const ai={},oi="Podman Community Cabal Meeting Notes",ii=[{value:"September 21, 2023 11:00 a.m. Eastern (UTC-5)",id:"september-21-2023-1100-am-eastern-utc-5",level:2},{value:"Attendees:",id:"attendees",level:2},{value:"September 21, 2023 Topics",id:"september-21-2023-topics",level:2},{value:"Meeting Notes",id:"meeting-notes",level:3},{value:"Default settings for Podman 4.7",id:"default-settings-for-podman-47",level:4},{value:"Open discussion",id:"open-discussion",level:4},{value:"Next Meeting: Thursday, October 19, 2023, 11:00 a.m. EDT (UTC-5)",id:"next-meeting-thursday-october-19-2023-1100-am-edt-utc-5",level:3},{value:"Possible Topics",id:"possible-topics",level:4},{value:"Next Community Meeting: Tuesday, October 4, 2023, 11:00 a.m. EDT (UTC-5)",id:"next-community-meeting-tuesday-october-4-2023-1100-am-edt-utc-5",level:3},{value:"Possible Topics:",id:"possible-topics-1",level:4},{value:"Raw Google Meet Transcript",id:"raw-google-meet-transcript",level:3}],si={toc:ii},ri="wrapper";function li(e){let{components:t,...n}=e;return(0,me.kt)(ri,(0,K.Z)({},si,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-cabal-meeting-notes"},"Podman Community Cabal Meeting Notes"),(0,me.kt)("h2",{id:"september-21-2023-1100-am-eastern-utc-5"},"September 21, 2023 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h2",{id:"attendees"},"Attendees:"),(0,me.kt)("p",null,"Aditya Rajan, Anders F Bj\xf6rklund, Ashley Cui, Ed Santiago Munoz, Jake Correnti, Justin Jereza, Lokesh Mandvekar, Martin Jackson, Matt Heon, Miloslav Trmac, Mohan Boddu, Nalin Dahyabhai, Paul Holzinger, Tom Sweeney, Valentin Rothberg"),(0,me.kt)("h2",{id:"september-21-2023-topics"},"September 21, 2023 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Default settings for Podman 4.7",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"zstd:chunked + gzip by default"),(0,me.kt)("li",{parentName:"ul"},'default_rootless_network_cmd = "pasta" by default'),(0,me.kt)("li",{parentName:"ul"},"Deprecate podman generate systemd"),(0,me.kt)("li",{parentName:"ul"},"Deprecate CNI"),(0,me.kt)("li",{parentName:"ul"},"Others")))),(0,me.kt)("h3",{id:"meeting-notes"},"Meeting Notes"),(0,me.kt)("p",null,"Video ",(0,me.kt)("a",{parentName:"p",href:"https://youtu.be/By7wb1tOvLc"},"Recording")),(0,me.kt)("p",null,"Meeting start 11:02 a.m. Thursday, September 21, 2023"),(0,me.kt)("h4",{id:"default-settings-for-podman-47"},"Default settings for Podman 4.7"),(0,me.kt)("p",null,"RC1 is out now, possibly RC2 this week, and Podman v4.7 final next week.",(0,me.kt)("br",{parentName:"p"}),"\n","Configuration changes discussion. SQLite DB is not default but is available. Matt would like to swap the default DB to SQLite for the v4.7 code. Not currently in the main branch, but can be done easily."),(0,me.kt)("p",null,"Tom asked if it could be done for RC2. Might be too soon to release. Could we do Podman v4.8 in late Fall, then v4.9 in January 2024?"),(0,me.kt)("p",null,"OK for 4.8, maybe to do for late November/Early December and then target RHEL 4.9 for RHEL."),(0,me.kt)("p",null,"For 4.8 we will do SQLite, and then plan around what else will fit in there."),(0,me.kt)("p",null,'Valentin brought up that there is work to be done before just flipping it. He also thinks we should not merge "features" into any RC. Can be toggled by containers.conf setting.'),(0,me.kt)("p",null,"Podman v4.7 has branched, and changes to main can be done now with SQLite being the default."),(0,me.kt)("p",null,"zstd:chunked not ready for primetime. Giuseppe says to push out for now and not deliver. Hopefully to be completed in the next few weeks. Maybe in time for RHEL 4.8. However, Valentin is concerned this might break existing images and it should be pushed to Podman v5.0. Risk management needs to be completed before we add it in."),(0,me.kt)("p",null,"zstd:chunked needs a lot of soak before we deliver for RHEL. It won't be ready by Podman v4.8. A meeting to be held later to discuss delivery in more detail."),(0,me.kt)("p",null,'Default network to "pasta". Paul doesn\'t think this is stable enough now. He wants to wait for networking stuff to get working. Mostly work to do in Podman, a little from the pasta project folks. We will need to get a prioritized card for pasta development. '),(0,me.kt)("p",null,"About a week of coding for Paul, then dealing with port forwarding and adjusting from there. That's harder to estimate the time necessary. The team needs to prioritize this. Matt would like to see this in Podman v5.0. Users are using it now, and are fixing bugs and stabilizing."),(0,me.kt)("p",null,"Podman v5.0 delivery sometime in early summer is current thinking, but not a commitment."),(0,me.kt)("p",null,"A lot of the breaking changes anticipated for Podman v5.0 are 'podman machine' related, and less likely to be in the Podman commands."),(0,me.kt)("p",null,"Podman v5.0 list of features doc to be put together by Matt in the next week or two."),(0,me.kt)("p",null,"Deprecate podman generate systemd is deprecated, but not dropped. A warning is issued now, no new features only. It could be kept as deprecated for Podman v5.0."),(0,me.kt)("p",null,"Matt talked about dropping CNI in Podman v4.8, Tom questioned if it should be Podman v5.0. Matt will put a deprecated notice in soon. Then Brent is fine with dropping on Podman v5.0, Brent to put it together."),(0,me.kt)("p",null,"Ideally, Brent thinks Podman v5.0 in the early Spring 2024, then v5.1 before Summit in May 2024. Paul is concerned about showing too many warnings during runtime for CNI but is good with documenting."),(0,me.kt)("p",null,"Tom to run down the deprecation notice of CNI in RHEL 9.3."),(0,me.kt)("p",null,"Anything else to be changed in Podman v4.8? Brent would like a containers.conf version 2. Brent would like JSON.config to be the same for all providers in podman machine. Also, a transition from v4 to v5 of podman machine would not be a thing, to be debated."),(0,me.kt)("p",null,"Brent is looking to not overtax the team on machine migration issues."),(0,me.kt)("p",null,'Specgen work is also being considered for remote capabilities. We may also need code refactoring between "local" and "remote" within the code.'),(0,me.kt)("p",null,"A discussion to be put into GitHub after the initial changes are identified by Brent, Mark, and Matt for what changes should be in Podman v5.0. So the community can add their own thoughts and requests there."),(0,me.kt)("h4",{id:"open-discussion"},"Open discussion"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"None")),(0,me.kt)("h3",{id:"next-meeting-thursday-october-19-2023-1100-am-edt-utc-5"},"Next Meeting: Thursday, October 19, 2023, 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h4",{id:"possible-topics"},"Possible Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"None discussed")),(0,me.kt)("h3",{id:"next-community-meeting-tuesday-october-4-2023-1100-am-edt-utc-5"},"Next Community Meeting: Tuesday, October 4, 2023, 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h4",{id:"possible-topics-1"},"Possible Topics:"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"None discussed")),(0,me.kt)("p",null,"Meeting finished 11:54 a.m."),(0,me.kt)("p",null,"Raw Meeting Chat:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Brent Baude11:04\u202fAM\nis it the default in main branch ?\nYou11:06\u202fAM\nAnders, sorry about dropping you the first time, hit the wrong button\nMartin Jackson11:08\u202fAM\nThis was something we talked about previously doing for the 4.7 release\nMatt Heon11:09\u202fAM\nAnd then, unfortunately, completely forgot about... Other priorities intervened\nBrent Baude11:32\u202fAM\nno\nJake Correnti11:42\u202fAM\nget rid of migrateVM in machine. already tagged on gh\nBrent Baude11:54\u202fAM\ni have a question for the team ... but can go last, should be quick\n\n")),(0,me.kt)("h3",{id:"raw-google-meet-transcript"},"Raw Google Meet Transcript"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"xrq-uemd-bzy (2023-09-21 11:02 GMT-4) - Transcript\nAttendees\n\nAnders F Bj\xf6rklund, Ashley Cui, Brent Baude, Chetan Giradkar, Christopher Evich, Ed Santiago Munoz, Giuseppe Scrivano, Jake Correnti, Leon N, Lokesh Mandvekar, Martin Jackson, Matt Heon, Mohan Boddu, Nalin Dahyabhai, Paul Holzinger, Shion Tanaka (\u7530\u4e2d \u53f8\u6069), Tom Sweeney, Tom Sweeney's Presentation, Urvashi Mohnani, Valentin Rothberg\nTranscript\n\nThis editable transcript was computer generated and might contain errors. People can also change the text after it was created.\n\nTom Sweeney: Good morning This is Thursday, September 21st, 2023 already just a few days away from fall. This is the Podman Community, Cabal meeting. We have just one discussion point today. So I hope people brought good questions for. So we can fill up some of the time that I'm sure we'll have. And with that said, I'm just going to turn it over to our one topic and Matt had decided to eat that and I'm sure Brent can also jump in. Also And let's talk about default settings for appointment 4.7 which just came up Matt.\n\nMatt Heon: Okay, so we have podman 4.7 rc1 out. Now we're looking for in RC\n\nMatt Heon: We might do an rc2 this week, I'll put it that way. And then we are definitely doing a 47 final next week just to get schedule out the way. And we're at a very late point in this release but it's still not too late for us to discuss certain configuration changes that we'd like to make because we'd like them to soak in Victor or for a while before we put them in Frankly but also because we'd like to get these out as soon as possible. So actually start using them. the more important ones here is switching default database. We had the SQLite driver added in odd, man for six, but we haven't made it default yet. We've been letting it sit and I think at this point, we're pretty happy with how stable it is. We've been running it through I extensively. We haven't had issues. So we would like to swap the default database from both DB to seek light for new installations only in 4.7\n\nMatt Heon: Going to be supporting the BOLD database and if you have a existing volt database you'll keep using it. But SQLite will be the default for new installs and four seven or at least we'd like it to be.\n\nMatt Heon: And I believe there were some other things called out in the default features.\n\nTom Sweeney: Before we go there, Brent had a question in the chat, Matt.\n\nMatt Heon: Sure, it is not the default in the main branch bread. So we would have to get this developed in over the next week. But at this point, this is an hours worth of code. So this is not a difficult thing to get.\n\nBrent Baude: I'm the only reason I asked is it would seem? I mean I want to make the change to so I'm supportive of whatever decision, the team makes, but it was seen reasonable That. For one development cycle, it would be the default in the main branch.\n\nBrent Baude: while we work on for eight or whatever ends up to be, Just so that. We have a little bit of silk time on our own hands.\n\nTom Sweeney: No, would it be possible to do that before our C2?\n\nMatt Heon: We were not initially planning on an rc2. If I worked on it this afternoon I think there's a decent chance we could get it all done. But it would be cutting it very close. Paul and Valentin. You and your answer.\n\nPaul Holzinger: And in my opinion doing this no is not in the purpose of doing an rc1 and it's not expectation and we say we are feature of frozen and we decide to change a critical default which the database is critical. So I,\n\nMatt Heon: Honestly, I don't know when this agenda item was added. I feel like it was intended to be discussed a lot sooner. So I think you're right about that. A lot of these are going to end up being 4.8. Regardless, we are too late in the cycles. Do major things. I don't necessarily view the sequel database as a major thing, just because how much we've tested it. But I agree with you that we are very late.\n\nBrent Baude: Can we not just we branched, right? So do the work and\u2026\n\nMatt Heon: Yeah, we're branch. We can easily throw all this stuff in main right now.\n\nBrent Baude: flick it now and make it a 4-8 target. That would mean, I'm kind of agreeing with Paul here in the sense that Maybelline features is sort of naughty on a release candidates. So, what's the downside of waiting other than it doesn't get out there?\n\nMatt Heon: I think that is the big downside. It's first release will be,\u2026\n\nBrent Baude: Okay.\n\nMatt Heon: it'll go out everywhere. Basically it'll go out to send stream rel etc.\n\nBrent Baude: But it would seem reasonable to me that if we want to soak it at the door, we should have soaked it in Maine. At least that's my Justin. I'll check out after that.\n\nMatt Heon: I'm not going to push too hard for making changes this late in the game. I mean, it's small enough that I would say it's doable but that doable and sensible are different things.\n\n00:05:00\n\nMatt Heon: Given that are we? Okay with saying, No big changes for seven? Let's just change this agenda item to say four, eight, because four eight is looking like our next big release.\n\nTom Sweeney: I have slight concerns of doing that, kind of change for real without it soaking Infidor first. Then we target a 48. Yeah, in between Here in Rome in February.\n\nMatt Heon: Let's see. We're gonna have four eight or four seven out late, September. If we want to do a 4/8 or late November early December, We could do that. It wasn't on the plan, but As long as it's just an upstream release. It doesn't add that much burden. To what we're doing. Does everyone agree with that?\n\nBrent Baude: This is I guess the downside of the forced March schedule. That we've In the past,\u2026\n\nTom Sweeney: Yeah.\n\nBrent Baude: we've Released when we're ready.\n\nBrent Baude: At this point. I could make a strong argument because Hypervy just missed. For seven. I can make a strong argument that I would want to if I was Making decisions and releases were easy. I'd want to 48 in a month.\n\nBrent Baude: but, that's a quicker cadence than we've done as quick and so we've done in a while, but it makes sense. So, that maybe what we need to do is say, before we will Do sequel light. And we need to go back now and talk about a release schedule for eight.\n\nMatt Heon: Valentin.\n\nValentin Rothberg: I think we need to start doing notes because we had this conversation multiple times and in this year, What we said for fedora or discussed was to just make it a conf setting and default it there. So we don't necessarily need to do that in the main garage but one thing we didn't test yet is I don't think we tested it. Is. We need to make sure that even more existing deployments even if we default to make sure that the existing policy database continues to be used. This is something that have not been done yet to my knowledge so we are not ready. To just flip it now. There's still some work to be done. on this front. With respect to.\n\nValentin Rothberg: Merging things into RC and I would block every feature into our RC's. it has a number of times and we came up with the document to never Merge features during RC base, and I think we should continue to stick to it. Otherwise, we just keep on Budding us in the mail. There's a specialty for things that haven't been properly tested or bigger things. They will always introduce regressions. And that is what makes the release process and in the past to make it hard. just a reminder on this front.\n\nTom Sweeney: So Europe, are you okay with doing the changes in a 4-8 for this going?\n\nValentin Rothberg: And sure as long as we're ready and as long as upgrade scenarios work. So what needs to work is that unless being specified in containers, where a user explicitly says I want to use SQLite or explicitly things set on the CLI, if the internal default from memory SQLite, there's an existing wall TP database we need to use this multi beat database, otherwise, On update users will not see any of their objects, containers, volumes networks, etc anymore.\n\nMatt Heon: contested, in my view, I\n\nValentin Rothberg: Our absolutely but it's an item that hasn't been done for many months now and it's something we need to do before, flipping the default and before refreshing it. It'm not saying it's hard, I'm just saying it needs to be done.\n\n00:10:00\n\nTom Sweeney: Yeah, where does 47 live? It's still up in Maine. Is the branch. Okay.\n\nMatt Heon: That's branched already. We branched before RCS.\n\nTom Sweeney: So we could make the changes of main at any point in time.\n\nMatt Heon: at this point after thinking about 4/8, the sooner the better otherwise we will forget about\n\nTom Sweeney: Yeah. That's my thinking as well.\n\nMatt Heon: Are I think we've come to a general decision here? That we're going to do The only question is how we're going to do for it, whether it's going to be in earlier release. We have a guaranteed release coming out in February, are going to do it release for that and have February before nine. So I think we can move on the assumption that the release schedule will be decided. Later is everyone comfortable?\n\nMatt Heon: All right, the next default we wanted to talk about was Z standard chunked. Plus Gzip split compression. We do not have any in the room. Discuss Anyone else here? Sufficiently comfortable with Formatting to talk about this because frankly, I'm not as up to speed on this as I should be.\n\nTom Sweeney: Giuseppe would be our other person, perhaps.\n\nValentin Rothberg: Yeah would also point to Giuseppe which Giuseppe you mentioned at least chunked isn't yet? Ready for prime time, right?\n\nGiuseppe Scrivano: Yeah, it's not really. There is still an open issue in continuous image, that needs to be merged. So I think we should postpone it for now.\n\nPaul Holzinger: I think what then was throwing around was always like that. You push this multi manifest thing with Statistity and Jesus. By default, I think that was what then wanted so that, new clients can benefit from the faster. So that's really pulls.\n\nGiuseppe Scrivano: Yeah, but still then first of all the feature it needs to be manually enabled and second it's not ready without The changes that the containers image, it's kind of broken.\n\nGiuseppe Scrivano: So, I mean it's fine for our performance, but Without that changes, it's not really usable, right?\n\nTom Sweeney: This is something that you think will be ready by a late November or February timeframe Giuseppe or beyond that.\n\nGiuseppe Scrivano: I'm working on that. I mean, I hope this will be done in the next. Few weeks.\n\nTom Sweeney: Okay.\n\nValentin Rothberg: I think this is something very critical. because,\n\nValentin Rothberg: Whatman is being used. So if the goal is to compress images by default with C standards with C standard compression, this can break a lot of deployments.\n\nValentin Rothberg: So I think in my opinion this is something important. Because imagine\u2026\n\nTom Sweeney: August.\n\nValentin Rothberg: if you have a build plan, you use the apartment, let's say department knowledge or you updated or on your server people pipeline, you build the image, you push it. And suddenly Your clients or your deployments outside in a while. Start to break because they do not support these standard yet, maybe all the versions of docker, maybe very, very old versions of Scorpio appointment or build up this. This can break.\n\nPaul Holzinger: but the ideas to push both compression formats now 12 a period where you push set the city in Jesus which of course is Ben Roeth more expensive and time but I think that was what then was always suggesting\n\nValentin Rothberg: This could in theory break as well, if the deployments expect a single image manifest and not an OCI index on the registry. So, I guess we're pointing at this.\n\nValentin Rothberg: Before deciding this default. I think we need to do some I don't find a better word. Sorry risk management of which things may put everything on the desk and then look at all potential risks and then check whether you're comfortable doing. But this changes. One, or how images look like in the nature of images? And this is something we're\n\n00:15:00\n\nValentin Rothberg: feeling uncomfortable.\n\nTom Sweeney: I think it's valid concerns, but are you comfortable with delivering automaton 5.0? in real next year, just worth waiting, not long for the zsd chunk, and we can push back, if it's not in before then.\n\nValentin Rothberg: I would even challenge whether it's reasonable for apartment image, push to push a manifest, if there is a portman manifest push. So I think we're at the risk of conflating or breaking things. So, I would even question whether we should do it or not. So, I can't really answer that. That's all.\n\nTom Sweeney: Okay, that's fair.\n\nMatt Heon: What I am hearing here is that we are extremely uncomfortable with this going into Rel first. So, this absolutely. I mean, even if we do a four, eight four hand, it sounds like it's probably not going to be ready. This does sound like It's a lot of additional testing. So this is if we're doing something between the February release and the next little release that this is potentially good time frame for that sound I mean, assuming that we can make it work.\n\nValentin Rothberg: I think we should follow up on this soon. So that we make sure that, The thinking continues about the issues or about this particular issues, how do we want it to behave? What are we trying to achieve in? What are we at risk of breaking?\n\nValentin Rothberg: At the moment it's just me throwing my foot in the door\u2026\n\nMatt Heon: Okay.\n\nValentin Rothberg: but I would be curious. I don't see. Minnows left in the meeting but nalin has to build specialist. what are you feeling about this?\n\nNalin Dahyabhai: Again.\n\nValentin Rothberg: How do you feel about the idea of just pushing these multicompressed image manifests that are a single image on apartment push?\n\nNalin Dahyabhai: No. I don't think I have any thoughts that haven't already been waste about additional bandwidth and I mean I'm not really worried about compatibility with registries at this point.\n\nNalin Dahyabhai: the bandwidth is the compute for compression because when you're building a cluster it's Compression actually is one of the more expensive parts.\n\nChristopher Evich: This should work with the new.\n\nNalin Dahyabhai: but,\n\nChristopher Evich: I mean zooming gets into pod It should work with the new Farm builds, right?\n\nChristopher Evich: Listen Theory.\n\nNalin Dahyabhai: I thought we did this push time, so we didn't actually modify the images when they were on disc because they're not compressed on disk when you build them.\n\nValentin Rothberg: Form build is something awful about this Creating Multi-arch Manifest Lists easier. But it doesn't address. The issue of compression, algorithms. US trying to push for C standard as the new standard.\n\nMatt Heon: I definitely. Are we comfortable leaving this here? And doing a follow-up later with more? I think we're really suffering. We're missing. less. Love and Audi, and Dan. Would be okay with having a meeting later. We'll have more people who actually know a lot about this in the\n\nTom Sweeney: Yeah, I think that's a good idea.\n\nMatt Heon: All right, in that case, I propose that we move on to the next one, which is setting default network command to pasta by default.\n\nMatt Heon: Paul. This one is mostly Feelings on it. Are we stable enough to do this?\n\nPaul Holzinger: No. I mean, it depends. The biggest problem is that the outstanding work that we need to deliver the ruthlessness logic if you use named networks, And that's still hard coded to Slurp. So as long as that isn't the rest that I don't see a pointed defaulting to Pastor for the normal problem. Because then, that means that every distribution. Definitely needs to require both SD product for example. it's\n\n00:20:00\n\nPaul Holzinger: yeah, I don't particularly you see the benefits of switching it before. The networking stuff works really.\n\nMatt Heon: Okay, and this is mostly the pasta. Maintainers not us.\n\nPaul Holzinger: Know that would be me and also a bit on pasta but The thing how it works is that we have these intermediate namespace and inside of namespace, we just use But never work with pitch networking, but to connect this intermediate namespace, with those namespace, you need and the ruthless networking tool. So, I love or pasta and since this was written, two and a half years ago, that it just uses slow. And now I need to convert this code and that's not particularly\n\nPaul Holzinger: evie, I would say that there are Their corner case of everywhere, basically. And then assumptions And, when I touched the code, I try to make it better. So A bit of a longer process. To get this done.\n\nPaul Holzinger: Thought of I always have it in my queue, but it's always something comes on top of it usually. So, I didn't progress in the last week.\n\nBrent Baude: Why are we coughing with my name?\n\nTom Sweeney: How much time?\n\nMatt Heon: Really, it sounds like this switching to pasta by default is enough work that we're going to need. It's not going to get done unless it's prioritize is what I'm hearing from Paul. Does that sound Acc?\n\nPaul Holzinger: It would make it much faster. If we say that the priority, but,\n\nBrent Baude: But you guys get the prioritize as much as I do.\n\nTom Sweeney: sometimes you think Paul,\u2026\n\nMatt Heon: All right.\n\nTom Sweeney: if you were just single way devoted to wrap it up, You talking?\n\nPaul Holzinger: the problem is coding, not like I know what needs to be done and writing a code. That's maybe a week of work. But then making sure that all comes together. and Everything works. one outstanding problem. Why? I haven't devoted more time on it. If port forwarding problem. So right now, what really happens. Is that with forwarding? We use the routers port process. So that's a process that respond to a container.\n\nPaul Holzinger: And the problem is that this process is it's a dumb. Proxy basically and it makes it source IP. So that's the biggest complaint with ruthless networking and the port forwarding, We have My Source IP and in your website a lot. That's Not very good for auditing stuff. but someone's compromised and you don't have to iPS and I don't have a good answer to the port forwarding problem with possibly can do port forwarding. But it's missing the option to do this dynamically. So as we As respawn. we would only have one part of the process in this rootless, networking scenario. and that means we need to Forwarding capabilities\n\nPaul Holzinger: And that's not impossible. I talk to the person maintenance day. we are on an agreement that can be done and They accept pensions, but it's like, somebody needs to prioritize and make the work and So it's kind of stuff.\n\nMatt Heon: Fair enough. Personally, I would love to see this in Fibo, so That gives us a fair bit of time, but it would be very nice to have fivo with the improved networking.\n\nPaul Holzinger: Yeah, definitely. And I mean, Right now, we have a lot of Users trying it out just a regular pasta with Putman, Run Dash network pasta. and there we are able to, Fix the many bugs already. So I think it's getting in it to a point where it's definitely stated enough to say we do this before. So,\n\n00:25:00\n\nMatt Heon: Anything else on this? I think we know what needs to be done. We know it is a lot of work and it's probably going to need to be bubbled up in priorities at some point. But anything else\n\nTom Sweeney: I don't know. I don't need a hard answer to this, but what are you thinking for? Five, vogue delivery timeframe. Are you thinking next summer?\n\nMatt Heon: Yeah. Sometime early summer issue.\n\nTom Sweeney: Okay.\n\nMatt Heon: think we were thinking about this was potentially the next release after the February drop. Although we have options here again if we've really feel like we need some soak before five. we can give it less time and have an intermediate.\n\nValentin Rothberg: I think if we really want to push 50 through and it should be for or before relative Because I guess in 9. I think we can't ship five.\n\nTom Sweeney: So you're thinking a 501 say early spring and then five one for real 10, possibly.\n\nValentin Rothberg: I don't know. But it would make what makes sense to have? some sort of time or five hour and fedora before throwing into\n\nTom Sweeney: Yeah.\n\nMatt Heon: And for reference here, a lot of the breaking changes. We're thinking about in five though, we're going to be machine stuff so not directly relevant to the rail schedule. This is mostly getting podman machine in a more sane position than it is right now.\n\nValentin Rothberg: A couple of comments in our code and upstream issues that would impact Rel as well.\n\nMatt Heon: Yeah, of course, we have a lot of accumulated, 50.\n\nPaul Holzinger: Yeah, I find that. More useful to make a list of what we want to do for five and maybe we're talking the speaker about containers comfort, for example. and I've find out how to set a deadline without seeing what we want to do first,\n\nMatt Heon: But I'm really hearing is that we probably need a 50 doc at some point like this or next week that we can just start accumulating. What needs to be done and from there, we can figure out exactly what's out and\u2026\n\nTom Sweeney: Yeah. This next one, but\n\nMatt Heon: what the schedule is.\n\nMatt Heon: I'll take responsibility for making that. I can do it after lunch. anyways, if we are okay with saying that 50 planning can wait, I think we have a couple things that are slam dunks before eight. Those being cni and deprecating on man Generate system D. Of Valentin. Did we already deprecate generate system D or was that just being discussed?\n\nValentin Rothberg: It is already deprecated, but not dropped. So, deprecation Since there are multiple interpretations of what In this case, we said deprecation to just encourage users. That will be a warning now being emitted and using it pointing users to qualit. known your features will be added only, important bug fixes will be edit, we could consider dropping it entirely with Botman 5 adult, but it's used generate system. D is used in many pipelines.\n\nValentin Rothberg: And personally, I don't think it hurts to keep it around if we can spare some Edmonds, some very hard time for sure. I would love people to jump on quadland but the duplication will at least or hopefully be sufficiently annoying at some point that people will jump to it and we also didn't, because Internet System has been out for a long long while. So even experienced popmen users,\n\nMatt Heon: So I think that deprecate what you said emitting warnings and putting in the man pages that it's going to be dropped, at some point is sufficient. at this point, the only question is whether we do that to CNI as well and now that we have the plugin system and net of arc, I think the answer is yes.\n\n00:30:00\n\nTom Sweeney: For 5.0.\n\nMatt Heon: I for eight. Potentially drop an entirely in 50.\n\nTom Sweeney: Yeah.\n\nMatt Heon: Brent's.\n\nTom Sweeney: Doesn't mean to Matt.\n\nBrent Baude: No. Both of you to No, I don't think we should drop. Until? The net filter stuff is done. Or was it Nettables or whatever? It is the one that we haven't done needs to be done?\n\nMatt Heon: We are no worse than them in that respect. They do not have.\n\nBrent Baude: At the same matter.\n\nMatt Heon: I'm thinking about this in terms of, Can we get it out before Rel 10?\n\nBrent Baude: All what's the real question?\n\nPaul Holzinger: Yesterday.\n\nMatt Heon: I think.\n\nBrent Baude: What are you really asking to do?\n\nMatt Heon: one prop, C, and put a deprecated notice in Maine right now, do it today,\u2026\n\nBrent Baude: Yes, that's fine.\n\nMatt Heon: Two. Figure out what the first release going into rallies and drop CNI before that, or at least conditional compile. and don't compile it into 10. Because if we put it in 10, we are guarantee. We have to support that for the next 10 years.\n\nBrent Baude: No, there's no doubt about that. So 50 to me would be the drop time. I had to excuse me myself but I was able to hear the conversation. I had an interruption here.\n\nBrent Baude: So that's fine On the podman 5 other thing. I'm gonna start a document here shortly. The problem that I'm having is that we have yet undefined requirements from the desktop team, On what this needs to be done, on And as far as five timing, In the most ideal world. Five, all gone out in early spring.\n\nBrent Baude: Five one will be. Something. That's real or 505. Pending on. How we do coming out the door, but something like the second release. Coming just before. Red Hat Summit. So, If I had mine, most ideal schedule, that would be it. And there should Not spend a lot of time thinking about why I would want it that way. The desktop team is going to do some splashes probably there. and it may very likely require some Change in our behalf to be able to support them to do that.\n\nBrent Baude: But that's all undefined right now, so that makes it a little fuzzy. But we should start final adopt that starts, talking about things. We're going to We already know that that's unrelated to machine. And anything else? Also, talked about containers Comp. Evolution. So there's plenty of things we could, put in there right now and start talking about. It probably warrants. A series of short conversations about things and then we can dont in a document. the folks are okay with that, and I'm happy to leave that effort.\n\nTom Sweeney: It matters talked about doing similar thing, but sounds like it's a combination.\n\nBrent Baude: Yeah, I heard that I probably should own it since the decisions are probably in the end to Mark and I'm on some of the stuff,\u2026\n\nTom Sweeney: Yep.\n\nBrent Baude: yeah. That. But otherwise, I think everything else is online. Matt, I mean, we're right on top of it. And at this point, late in the 48 game. Let's get the deprecation notices on things and we'll contemplate the actual drop or compile out. Type approach. For five.\n\nPaul Holzinger: What are you talking about? When you talk about deprecation, notice In the code.\n\nBrent Baude: I think we needed to display some sort of cnis going away.\n\nPaul Holzinger: Yeah, and that's where I'm like. That means a warning on every command, if Everywhere really touches the United.\n\nBrent Baude: we can do a suppress thing too to and we know\n\nMatt Heon: Just network create maybe. I mean.\n\nBrent Baude: Yeah.\n\nMatt Heon: Ultimately I would definitely want to see in the man pages and I want to see it on any Korean that creates a new network that is using the old tech.\n\n00:35:00\n\nBrent Baude: That's fair. And then we can get the usual docs and social.\n\nBrent Baude: Social media stuff out there, getting that idea ever out and I wonder too does RPM even maybe have a deprecation approach? when it gets installed to say, Hey, this is Not a thing. Anyways.\n\nLokesh Mandvekar: We can admit warnings maybe when something is installed or updated.\n\nBrent Baude: Paul. I don't know exactly what it means, but it's something along those lines. We don't want to spam people which I think is your concern.\n\nPaul Holzinger: Yeah. Yeah, it's just like putting it in dots is totally fine, but it will miss a lot of people just running in some deployment. So That makes.\n\nBrent Baude: Understood.\n\nPaul Holzinger: It's difficult line to navigate too much spam and not reaching the users. So\n\nBrent Baude: Indeed.\n\nMatt Heon: Going to be gone is critical.\n\nBrent Baude: we can also,\u2026\n\nPaul Holzinger: Will be.\n\nBrent Baude: Probably could do,\u2026\n\nPaul Holzinger: We needed.\n\nBrent Baude: we could do the message on everyone and in the message touch a file here to suppress this warning, so give them an out. There's lots of options.\n\nTom Sweeney: I wonder if.\n\nPaul Holzinger: do we need to change proposal for Fedora or something like that?\n\nBrent Baude: I don't believe so we may need to talk to F cost. But as far as I'm concerned, This doesn't affect them toolbox at me, impact.\n\nPaul Holzinger: No, it doesn't affect two books. They use,\u2026\n\nBrent Baude: Okay.\n\nPaul Holzinger: they use host networking exclusively. So\n\nBrent Baude: Okay, that's even better.\n\nMatt Heon: Realistically speaking, I think that we're going to need a change request for Pod Man, 5, obviously, but I don't think we need to be more specific than that, I I think we can just do one broad. We're upgrading Department 5, It'll have the following changes.\n\nTom Sweeney: I just wanted to, if we should put in early Deprecation, notice into the eight, nine, nine three, docs before it goes out.\n\nMatt Heon: It's not going to be deprecated in eight. Nine CNI.\n\nTom Sweeney: Like Christopher Warn.\n\nMatt Heon: CNI is going to be the standard on eight for the lifetime. I wonder if we already did it in nine I almost feel like we were discussing that at some point but\n\nTom Sweeney: All right, let me run down nine.\n\nMatt Heon: That's another part of why we can actually get away with this. if we're looking at the last major code, drop into related, the next in the very near future. And once that's done, we can actually think about getting rid of a lot of stuff. We were keeping around for eight.\n\nBrent Baude: So, can we Podman into rust. But 50.\n\nMatt Heon: Sure, We're just gonna have to drop machine and compose and I don't know, we'll choose 50% of the code base where we write that that's what you\n\nBrent Baude: Okay, so I guess, I took the ball on the 50 stuff and We'll just do some Meetings to carve out some basic time and some meetings to get Everyone's thoughts for at least written down and then we can begin to evaluate document.\n\nTom Sweeney: Should we move on to the generate system D?\n\nMatt Heon: Sounds good to.\n\nTom Sweeney: Or did we kind of discuss that? Yeah. Yeah.\n\nMatt Heon: That's already.\n\nBrent Baude: in terms of deprecating, it\n\nMatt Heon: It's already deprecated. wonderful thing.\n\nBrent Baude: it's been marked.\n\nTom Sweeney: We just went out of order and I'm just looking at the order here of the agenda. So we're all set there.\n\nBrent Baude: In terms of moving on, I'd be happy to move on to the next thing to talk about.\n\nMatt Heon: The next thing is others, so I guess Does anyone else have anything? They would want deprecated for a potential removal or adjustment in 50. We're not even deprecated. Does anyone have anything they want changed in the future to prepare for?\n\nBrent Baude: I would like a containers comp V2. Do we have that? Written down.\n\nMatt Heon: I don't think it's captured. Yeah.\n\nBrent Baude: Okay.\n\nBrent Baude: I think that there's a submitted one thing for a machine is I'm probably not going to sell this team very hard, but I think that we need to probably make every JSON. Config that keeps track of the machines resources and where everything sits the same across all providers. It is not today.\n\n00:40:00\n\nMatt Heon: I think we really just need to write down major machine refactor and then figure out what stems off of that.\n\nBrent Baude: I think a lot of that will be done in the four versions so specifically, because this may be a breaking change is one of them.\n\nMatt Heon: Yeah yeah we're discussing for eight as well as 50 so I'm like four eight four nine whatever we do before five I think we have to do a lot of refactoring to get ready five.\n\nBrent Baude: Particular one.\n\nBrent Baude: yeah, and I'm also seriously contemplating a proposal that would Make transition from four to five in the machine world. Not a thing. In other words, it's breaking machine release. Over action by users, will have to be taken.\n\nBrent Baude: So that's something that we need to debate the ups and downs of that. But I have good reasons which I know really want to go into right now, but That's a thing. Go ahead Paul.\n\nPaul Holzinger: and just not explicitly related to machine but General, I think we shouldn't Change things just because we've all benefit, We have a chance to break something that's fine, but that doesn't mean we need to break everything, right? So it's\n\nBrent Baude: Correct.\n\nBrent Baude: And I'm probably trying to dig out a little more space than we need. So that we're not pulling ourselves into migration scenarios that may over tax us. For the simple. Recovery of cloud, man, machine remote padman machine, and your backup. And, running, you just don't have your content. So,\n\nPaul Holzinger: Yeah I mean I think that's a fine assumption for a lot of things but it would be good to know document such as solutions. And anyway if there's a lot of you that later and the machine that's just gone, And I think some users might not really understand the concept If you're a butt reports,\u2026\n\nBrent Baude: Yep.\n\nPaul Holzinger: if you ask the judge recreate the machine and oops.\n\nBrent Baude: And the other bit is, we may be able to do some pinky around. Just\n\nBrent Baude: without some ideas on how we can potentially get around us. I think a Matt there was some stuff which I can't remember around Spec Gen. That we also had contemplated that we're breaking, so it needs somebody that crawl through the spectrum and take a look.\n\nPaul Holzinger: So, the important part is to have a way to define defaults on the server side, with that, comes together with containers.com somehow. because we want defaults on the server side,\u2026\n\nBrent Baude: Yes.\n\nPaul Holzinger: for the most part,\n\nMatt Heon: I think the ideal way to do this would be to refactor. the defaults are set in a common way across local and remote the spectrum gets pretty populated in a sensible way and\u2026\n\nBrent Baude: Yep.\n\nMatt Heon: it's those defaults that get displayed via the command line but that's a lot of work.\n\nBrent Baude: I mean That's kind of what we did when we went from whatever prior to specina. I forget what it was called but To Spec Jen. As we did we did some of that rearranging twisting. So it seems like that. We have to do that again. To deal with remote.\n\nMatt Heon: That is not. Echoical.\n\nPaul Holzinger: And what I would really love. Is some research during around, And what's local? In the code, the separation of concern in these packages, It's a mess. and to be honest, there's a pretty big buck in a lot of things that this rootless checks, we have plenty of them on the client where it makes no sense at all.\n\nBrent Baude: Fair enough. Matt, There's one other big one which is system connection.\n\nMatt Heon: Is this?\n\nBrent Baude: Is going to need to be rehammered out because it was not when John designed that. It was designed for remote and local. Basically, Yeah, I want to add a remote connection, I don't want to type it every time. And then we started using that for machine. so now we've got system connection. That is remote in every sense but it also could be different depending on the provider of the vert machine.\n\n00:45:00\n\nBrent Baude: And so the name of the connection is something like Podman Machine. Default when you don't name your VM, And it's theoretically possible to have Padman machine default with multiple providers. And then we get system connection collisions.\n\nBrent Baude: So we'll probably need to build some robustness into system connection, that allows a provider to be specified.\n\nPaul Holzinger: I would label this and containers.com free, right? And we don't want this in containers that All as you talked about, we don't run to write a containers of confile because that rewrites a personal config file of and you lose all comments. And so on what we mentioned,\n\nBrent Baude: Yep. Agreed.\n\nBrent Baude: Yeah, and maybe more of that needs to go into that world, so that's something and that theoretically could be breaking if we can't figure. To me, that's gonna probably be a breaking change, or we're gonna figure out. If machines are breaking changes, then there's no reason to try to compensate for system connections in my opinion. So,\n\nPaul Holzinger: I had a fun one today. Another interesting thing that's in our flagparticle, there's a thing called strength, light and string array. And I bet only a few people know what that means. what the difference is because if your past a gray flex, you have to chance to at the slice, you can call my separate values and there's an array. You just like I mean that's multiple times. And as it turns out, comma separated values are passed the field three and That is not heavy. If you pass in quotes and other stuff here. Yeah, if you have a regular t35, basically there are rules. And just today usually like this, incredible stupid syntax that you need to use.\n\nPaul Holzinger: If you have this dislike things and we have defined everywhere, for options that accept the five path, that means you cannot have a comma on the fire path and stuff like that.\n\nMatt Heon: We really should just have a litter to detect that. There are very few cases where you actually want string SL.\n\nPaul Holzinger: But the problem is ever noted on the issue, we cannot change. That's what operating somebody because the fees if you figure out the piece and text then you escape it with quotes and so on. but then that means the value, as soon as I change it to array, it's no longer the same That you get when you stream flies.\n\nMatt Heon: Five of stuff. we can break the small portion people who actually do these things. If I know this is the kind of thing where I would say I would argue. It's about Not even a breaking change but we can do it in five hours so we can do it anyway.\n\nPaul Holzinger: Yeah. That's\u2026\n\nTom Sweeney: Yep. Just looking at the clock and\u2026\n\nPaul Holzinger: where I'm getting it.\n\nTom Sweeney: we're seeming to grind on this just a little bit. do we have anything else? Major that needs to get in Can we create a discussion? Perhaps on the Github site for things you'd like to see in 5.0 or has one been created already?\n\nMatt Heon: I don't think we ever get up discussion. That's a good point. I think that we should probably have our internal discussions first, so we can populate. But once that's done, we can get something up and see what people think.\n\nMatt Heon: Completed also probably should have a blog about this, but yeah.\n\nTom Sweeney: Even myself have a place where people can just go ahead and put their ideas and go from there.\n\nPaul Holzinger: Yeah. What one thing if you say we have a deadline next summer, Then I think it's important to focus on stuff that require us some dragging changes because if they talk about features, we can add features at any point, if there are true features like a new command or something, that I think it would be important to allocate resources correctly so that we can get stuff that needs to happen forward and that cannot wait for\n\nPaul Holzinger: if I've got one more whatever.\n\nMatt Heon: Fair enough. We really need to get the docs start before we can start clarifying this. But yeah, I will see how soon I can carve us into the schedule because I think this is an important one start talking about,\n\nTom Sweeney: Like a girl. I think I'm gonna wrap up this particular discussion, Matt, unless you need to talk about anything else and just open up for any questions. Before we wrap up for the day that anybody else said related to this or anything else for that matter.\n\n00:50:00\n\nTom Sweeney: Very quiet. Last chance. Otherwise, I'll start.\n\nBrent Baude: Whether they come on,\u2026\n\nBrent Baude: you waited this long.\n\nTom Sweeney: Yeah. I'll just put in.\n\nTom Sweeney: Just a note for one. Our next meeting Got one coming up pretty quickly for the community meeting that's happening on Tuesday October 4th. I'm not sure that if any topics at this point for that one. So if you'd like to demo something there would love to have people do so. and then, The next cabal meeting will be on Thursday October 19th and both of those meetings will be on at 11 AM Eastern time and both will be daylight savings time. Still, I don't think we flip over until November for Daylight savings time. In this country anyway. And one last chance for questions comments.\n\nTom Sweeney: but otherwise, I'm gonna turn off the recording and we'll wrap that up.\n\nTom Sweeney: Right folks.\n\nTom Sweeney: That is the end of the recording.\n\nMeeting ended after 00:51:17 \ud83d\udc4b\n")))}li.isMDXComponent=!0;const hi=function(e){let{cards:t}=e,n=[],a=[];const[o,i]=(0,Z.useState)(!1),[s,r]=(0,Z.useState)(void 0),[l,h]=(0,Z.useState)(void 0),d=[(0,Z.useRef)(),(0,Z.useRef)()],u=(0,Z.useRef)();var m,c;m=u,c=()=>i(!1),(0,Z.useEffect)((()=>{const e=e=>{m?.current?.contains(e.target)||c(e)};return document.addEventListener("mousedown",e),document.addEventListener("touchstart",e),()=>{document.removeEventListener("mousedown",e),document.removeEventListener("touchstart",e)}}),[m,c]);const p=function(){for(var e=arguments.length,t=new Array(e),n=0;ni(!1)},Z.createElement(ue,null)))),i(!0)};function g(e){const{meeting_minutes:t,meeting_recording:n,date:a}=e;return Z.createElement("div",{className:"inline-flex justify-around bg-white px-8 py-1 dark:bg-gray-700 dark:shadow-none"},Z.createElement("h3",{className:"flex-1 pl-1 text-base text-gray-700 dark:text-gray-50"},a),Z.createElement("a",{className:"flex-1 no-underline hover:no-underline",href:n?.link},n?.text),Z.createElement("a",{onClick:()=>{p(t,a)},className:"cursor-pointer"},t?.text))}Object.values(V)?.forEach((e=>{let t=e?.default((0,Z.useRef)());t?.props?.children?.forEach((o=>{let i=o?.props?.children[0],s=o?.props?.children[1];"string"==typeof i&&(i.includes("BlueJeans")||i.includes("Video"))&&(e?.contentTitle?.includes("Cabal")?n.unshift({date:(e?.toc?.[0]?.value).split(/[0-9]{2}:[0-9]{2}/)[0],meeting_minutes:{markDown:t,modalHeaderData:e.contentTitle,text:"Meeting Minutes"},meeting_recording:{link:s?.props?.href,text:"Watch Recording"}}):a.unshift({date:(e?.toc?.[0]?.value).split(/[0-9]{2}:[0-9]{2}/)[0],meeting_minutes:{markDown:t,modalHeaderData:e.contentTitle,text:"Meeting Minutes"},meeting_recording:{link:s?.props?.href,text:"Watch Recording"}}))}))}));let k=[],y=[];for(let w=0;w<2;w++){let e=a.shift();k.push({date:e?.date,icon:"film-icon",buttons:[{path:e?.meeting_recording?.link,text:e?.meeting_recording?.text},{...e?.meeting_minutes}]}),e=n.shift(),y.push({date:e?.date,icon:"film-icon",buttons:[{path:e?.meeting_recording?.link,text:e?.meeting_recording?.text},{...e?.meeting_minutes}]})}return Z.createElement("div",{className:"justify-content-center align-items-center custom-card-grid-root flex"},t.map(((e,t)=>{let i=1==t?y:k;return Z.createElement("div",{key:`card-container-${t}`,className:"align-items-center card-container mb-4 flex flex-1 flex-col flex-wrap justify-center transition duration-150 ease-linear lg:mb-6"},Z.createElement(le,{key:`custom-card-${t}`,title:e?.title,subtitle:e?.date,details:e?.timeZone,text:e?.subtitle,data:e?.buttons,primary:!0}),Z.createElement(ee.Z,{title:"",description:"Most Recent meetings",textGradientStops:"from-purple-500 to-purple-700 dark:text-purple-500",textGradient:!1}),Z.createElement(he,{key:`subcard-grid-${t}`,cards:i,toggleIsModalOpen:p}),Z.createElement(de,{options:(r=1==t?[...n]:[...a],r.map((e=>Z.createElement(g,e)))),dropdownRef:d[t],text:"Older meeting details"}),Z.createElement("dialog",{className:"bg-stone-200 w-90-screen h-80-screen fixed top-20 z-50 max-h-screen w-fit border-4 border-purple-100",open:o,ref:u},Z.createElement("div",{className:"modal-content flex flex-col"},s,Z.createElement("div",{className:"md-wrapper overflow-y-auto scrollbar-thin scrollbar-track-gray-100 scrollbar-thumb-gray-300 dark:bg-gray-700 dark:text-gray-50 dark:shadow-none"},l))));var r})))};const di=function(e){const{title:t,subtitle:n,button:a}=e;return Z.createElement("article",{className:" my-4 flex max-w-xs flex-col justify-between"},Z.createElement("h4",{className:"text-gray-700"},t),Z.createElement(X.Z,{text:n,styles:"mb-4 mt-2 w-[198px] md:w-64"}),Z.createElement(ae.Z,(0,K.Z)({outline:!0,as:"link"},a)))};const ui=function(){const e=new Date,t=[e.toLocaleString("en-US",{timeZone:"Europe/Paris",hour:"numeric",minute:"numeric",hour12:!1}),Intl.DateTimeFormat("en-US",{timeZone:"Europe/Paris",timeZoneName:"long"}).format().split(",")[1]],n=[e.toLocaleString("en-US",{timeZone:"America/New_York",hour:"numeric",minute:"numeric",hour12:!1}),Intl.DateTimeFormat("en-US",{timeZone:"America/New_York",timeZoneName:"long"}).format().split(",")[1]];return Z.createElement("article",{className:"mb-10 max-w-lg rounded-lg bg-aqua shadow-md dark:bg-purple-900"},Z.createElement("div",{className:"m-4 grid grid-cols-2 gap-x-4 lg:m-8"},Z.createElement("div",{className:"col-span-full mb-5 text-center"},Z.createElement("h3",{className:"font-bold text-gray-300 dark:text-gray-100"},"Current Time")),Z.createElement("div",{className:"text-center"},Z.createElement("h4",{className:"mb-2 text-3xl font-extrabold text-purple-500 dark:text-gray-100"},t[0]),Z.createElement("p",{className:"w-40 font-bold text-blue-900"},t[1])),Z.createElement("div",{className:"text-center"},Z.createElement("h4",{className:"mb-2 text-3xl font-extrabold text-purple-500 dark:text-gray-100"},n[0]),Z.createElement("p",{className:"w-40 font-bold text-blue-900"},n[1]))))};const mi=function(e){let{title:t,text:n,darkBg:a="dark:bg-purple-900"}=e;return Z.createElement("aside",{className:`rounded-lg bg-aqua ${a} max-w-lg px-6 py-8 text-gray-700 shadow-xl dark:shadow-md dark:shadow-gray-900`},Z.createElement("h4",{className:"mx-auto mb-2 max-w-md font-bold dark:text-gray-50"},t),Z.createElement("p",{className:"mx-auto max-w-md dark:text-gray-100"},n))};var ci=n(7528);const pi=function(e){let{text:t,path:n,icon:a,image:o,textLogo:i}=e;return Z.createElement("a",{href:n,className:"mx-auto flex flex-col items-center text-center"},Z.createElement("div",{className:"max-w-fit rounded-full bg-white p-8 shadow-sm dark:bg-gray-900"},a?Z.createElement(_.JO,{icon:a,className:"text-5xl"}):i?Z.createElement("span",{className:"block py-2 font-display text-4xl font-extrabold"},i):Z.createElement("img",{src:o.path,alt:o.alt,className:"w-16"})),Z.createElement("span",{className:"underline-offset-6 duration-149 mt-4 block text-blue-700 underline transition ease-linear hover:text-blue-900"},t))};var gi=n(4544),ki=n(2074),yi=n(6547);const wi="Community",fi="We want your feedback, issues, patches, and involvement in the development of Podman. **Chat** with us on Slack, IRC, or on our **mailing list**. Submit **issues & pull requests** (see our [CONTRIBUTING guide](https://github.com/containers/podman/blob/main/CONTRIBUTING.md) on how.) Participate in one of our twice-monthly community meetings. You are welcome in our community!",bi={text:"To help ensure all feel welcome in the Podman community, we expect all who participate to adhere to our [Code of Conduct](https://github.com/containers/common/blob/main/CODE-OF-CONDUCT.md)",icon:"fa6-regular:handshake"},vi={title:"Chat with the Podman community",subtitle:"The Podman developers are generally around during CEST and Eastern Time business hours, so please be patient if you\u2019re in another time zone!",links:[{text:"#podman:matrix.org",path:"https://matrix.to/#/#podman:fedoraproject.org",image:{path:"logos/raw/element-56w-59h.png",alt:"Element Matrix Logo"}},{text:"#podman on libera.chat",path:"https://web.libera.chat/#podman-desktop",textLogo:"IRC"},{text:"Podman Discord",path:"https://discord.gg/vwpj7K6gW5",icon:"logos:discord-icon"},{text:"Slack",path:"https://slack.k8s.io/",icon:"logos:slack-icon"}]},Mi={title:"Podman Community Meetings",subtitle:"Many of the maintainers for the Podman project attend both of these meetings, so it's a great chance for community members like you to ask them questions or address concerns directly. If you have a topic that you\u2019d like to propose for either meeting, please send a note to the [Mailing List]().",image:{path:"images/optimized/community-call-554w-219h.webp",alt:"An image of podman team members in a virtual meeting"},cards:[{title:"Podman Community Meeting",subtitle:"This meeting is used to show demos for or to have general discussions about Podman or other related container technologies. It is also used to make announcements about Podman and the other projects in the [Containers repository on GitHub](https://github.com/containers).",date:"**1st Tuesday** of even numbered months",timeZone:"11 AM US ET /5 PM CET",buttons:[{text:"Join Meeting",path:yi.wz},{text:"Meeting Agenda",path:"https://hackmd.io/fc1zraYdS0-klJ2KJcfC7w"}]},{title:"Podman Community Cabal",subtitle:"The focus of the cabal meeting is the planning and discussion of possible future changes to Podman or the [related Containers projects](https://github.com/containers) and discussing any outstanding issues that might need solving.",date:"**3rd Thursday** every month",timeZone:"11 AM US ET /5 PM CET",buttons:[{text:"Join Meeting",path:yi.wz},{text:"Meeting Agenda",path:"https://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both"}]}]},Ai={title:"Mailing List",subtitle:"The Podman Mailing list is available for your questions, concerns or comments about Podman.",browseInfo:{title:"Browse the mailing list",subtitle:"Simply visit [the Podman mailing list website](https://lists.podman.io/) to browse or search previous postings to the Podman mailing list."},subscribeInfo:{title:"Subscribe or post to the mailing list",subtitle:"Simply visit [the Podman mailing list website](https://lists.podman.io/) to browse or search previous postings to the Podman mailing list.",description:"Regardless of which method you use, a confirmation email will be sent to you. After you reply back to that confirmation email, you'll then be able to send mail directly to podman@lists.podman.io Send an email to [podman-join@lists.podman.io](mailto:podman-join@lists.podman.io). You can then also go to [the web page](https://lists.podman.io) and manage your subscription.",options:[{title:"Option 1",subtitle:'Send an email to [podman-join@lists.podman.io](mailto:podman-join@lists.podman.io) with the word "Subscribe" in the subject.',button:{text:"Send email",path:"mailto:podman-join@lists.podman.io"}},{title:"Option 2",subtitle:'Enter your email at the bottom of [the mailing list sign up page](https://lists.podman.io/admin/lists/podman.lists.podman.io/), and hit the "Subscribe" button.',button:{text:"Sign up page",path:"https://lists.podman.io/admin/lists/podman.lists.podman.io/"}}]},extraInfo:{image:{path:"images/optimized/mailing-list-screenshot-580w-376h.webp",alt:"A screenshot of the Podman mailing list home screen."},note:{title:"Please note:",text:"If you have a bug that you\u2019d like to report, it\u2019s best to report it here by creating a \u201cNew issue\u201d rather than sending an email to the list."}}},Ii=[{title:"Submitting Issues & Pull Requests",subtitle:"The following is a quick cheat-sheet of sorts on how to submit issues and pull requests to the Podman project. For the most up-to-date and more comprehensive information, please take a look at [CONTRIBUTING.md](https://github.com/containers/common/blob/main/CONTRIBUTING.md) in the Podman repo."},{title:"Submitting Issues",subtitle:"Don't include private / sensitive info in issues!",sections:[{text:"**Before reporting an issue**, [check our backlog of open issues](https://github.com/containers/podman/issues) to see if someone else has already reported it. If so:",checkList:["Feel free to add your scenario, or additional information, to the discussion.","Subscribe to the issue to be notified when it is updated."],button:{text:"Check Open Issues",links:[{text:"Check open Podman issues",path:"https://github.com/containers/podman/issues"},{text:"Check open Podman Desktop issues",path:"https://github.com/containers/podman-desktop/issues"},{text:"Check open Buildah issues",path:"https://github.com/containers/buildah/issues"},{text:"Check open Skopeo issues",path:"https://github.com/containers/skopeo/issues"},{text:"Check open Cri-o issues",path:"https://github.com/cri-o/cri-o/issues"}]}},{text:"**If you find a new issue**, we'd love to hear about it! The most important aspect of a bug report is that it includes enough information for us to reproduce it. So, please:",checkList:["Include as much detail as possible","Try to remove any extra stuff that doesn't really relate to the issue itself"],button:{text:"File a New Issue",links:[{text:"File a new Podman issue",path:"https://github.com/containers/podman/issues/new/choose"},{text:"File a new Podman Desktop issue",path:"https://github.com/containers/podman-desktop/issues/new/choose"},{text:"File a new Buildah issue",path:"https://github.com/containers/buildah/issues/new/choose"},{text:"File a new Skopeo issue",path:"https://github.com/containers/skopeo/issues/new/choose"},{text:"File a new Cri-o issue",path:"https://github.com/cri-o/cri-o/issues"}]}}]},{title:"Submitting Pull Requets",subtitle:"No Pull Request (PR) is too small! Typos, additional comments in the code, new test cases, bug fixes, new features, more documentation, **...it's all welcome!** ",description:['While bug fixes can first be identified via an "issue", that is not required. It\'s ok to just open up a PR with the fix, but make sure you include the same information you would have included in an issue - like how to reproduce it.',"PRs for new features should include some background on what use cases the new code is trying to address. When possible and when it makes sense, try to break-up larger PRs into smaller ones - it's easier to review smaller code changes. But only if those smaller ones make sense as stand-alone PRs. Regardless of the type of PR, all PRs should include:"],checkList:["Well-documented code changes.","Additional testcases. Ideally m they should fail w/o your code change applied.","Documentation changes."],button:{text:"More PR Submission Details",path:"https://github.com/containers/podman/blob/main/CONTRIBUTING.md#submitting-pull-requests"}}],Ti=()=>{const e=vi.links.map((e=>e));return Z.createElement("ul",{className:"mb-12 flex flex-wrap items-end justify-around gap-8 lg:gap-16"},e.map(((e,t)=>Z.createElement("li",{key:t},Z.createElement(pi,e)))))},Si=()=>Z.createElement("section",{className:"bg-gray-50 dark:bg-gradient-to-t dark:from-gray-700 dark:via-gray-900 dark:to-gray-900 "},Z.createElement(ee.Z,{textGradient:!0,title:vi.title}),Z.createElement("div",{className:"mx-4 mt-8 flex flex-wrap justify-around gap-4 sm:mx-8 lg:mx-auto lg:mt-16 lg:max-w-6xl"},Z.createElement("div",{className:""},Z.createElement("p",{className:"max-w-sm text-center text-gray-700 md:max-w-md md:text-start lg:max-w-xl"},vi.subtitle)),Z.createElement(ui,null)),Z.createElement("div",{className:"container pt-12 lg:pt-20"},Z.createElement(Ti,null)),Z.createElement(ki.Z,null)),Ni=()=>Z.createElement("section",{className:"bg-gradient-to-b from-white via-gray-50 to-gray-100 pb-8 dark:from-gray-900 dark:to-gray-900"},Z.createElement("div",{className:"container flex flex-col"},Z.createElement(ee.Z,{title:Mi.title,description:Mi.subtitle,textGradientStops:"from-purple-500 to-purple-700 dark:text-purple-500",textGradient:!0}),Z.createElement("img",{src:Mi.image.path,alt:Mi.image.alt,className:"order-first mx-auto object-cover lg:max-w-lg"}),Z.createElement(hi,{cards:Mi.cards}))),Ci=()=>Z.createElement("section",null,Z.createElement("div",{className:"container grid gap-4 lg:grid-cols-2"},Z.createElement(ee.Z,{title:Ai.title,description:Ai.subtitle,layout:"col-span-full",textColor:"dark:text-blue-700"}),Z.createElement("section",{className:"container mb-8"},Z.createElement("h3",{className:"mb-2 font-medium text-purple-700 dark:text-purple-500"},Ai.browseInfo.title),Z.createElement("p",{className:"max-w-prose text-gray-500"},Ai.browseInfo.subtitle)),Z.createElement("section",{className:"container mb-8"},Z.createElement("h3",{className:"mb-2 font-medium text-purple-700 dark:text-purple-500"},Ai.subscribeInfo.title),Z.createElement(X.Z,{text:Ai.subscribeInfo.subtitle,styles:"max-w-prose "}),Z.createElement("div",{className:"flex flex-wrap gap-6"},Ai.subscribeInfo.options.map(((e,t)=>Z.createElement(di,(0,K.Z)({},e,{key:t}))))),Z.createElement("div",{className:"my-4 max-w-prose"},Z.createElement(X.Z,{text:Ai.subscribeInfo.description}))),Z.createElement("section",{className:"mb-8 lg:col-start-2 lg:row-span-2 lg:row-start-2"},Z.createElement("div",null,Z.createElement("img",{src:Ai.extraInfo.image.path,alt:Ai.extraInfo.image.alt,className:"w-full object-cover"})),Z.createElement("div",{className:"ml-8 xl:ml-10"},Z.createElement(mi,{title:Ai.extraInfo.note.title,text:Ai.extraInfo.note.text}))))),Pi=()=>Z.createElement("section",{className:"max-w-lg rounded-md bg-white px-10 pt-10 shadow-lg dark:bg-gray-900"},Z.createElement("header",{className:"mb-10"},Z.createElement("h3",{className:"mb-4 text-center text-blue-700 dark:text-blue-500"},Ii[1].title),Z.createElement("div",{className:"bg-blue-100/25 px-3 py-2"},Z.createElement("p",{className:"flex items-center gap-2 rounded-md"},Z.createElement(_.JO,{icon:"fa-solid:exclamation-circle",className:"text-purple-700"}),Z.createElement("span",null,Ii[1].subtitle)))),Z.createElement("div",null,Ii[1].sections.map(((e,t)=>{return Z.createElement("div",{key:t,className:"mb-12"},Z.createElement(X.Z,{text:e.text}),Z.createElement("ul",{className:"mb-8 ml-5 mt-4 list-disc"},e.checkList.map(((e,t)=>Z.createElement("li",{key:t},e)))),Z.createElement(gi.Z,{text:e.button.text,option:(n=e.button.links,Z.createElement("div",{className:"rounded-md p-4 shadow-md"},Z.createElement("ul",null,n.map(((e,t)=>Z.createElement("li",{className:"my-2 rounded-md px-2 transition duration-150 ease-linear hover:bg-purple-700 hover:text-white"},Z.createElement("a",{href:e.path,className:" w-full hover:text-white hover:no-underline"},e.text)))))))}));var n})))),xi=()=>Z.createElement("section",{className:"max-w-lg rounded-md bg-white p-10 shadow-lg dark:bg-gray-900"},Z.createElement("header",{className:"mx-auto mb-10"},Z.createElement("h3",{className:"mb-3 text-center text-blue-700 dark:text-blue-500"},Ii[2].title),Z.createElement(X.Z,{text:Ii[2].subtitle})),Z.createElement("div",null,Ii[2].description.map(((e,t)=>Z.createElement("p",{key:t,className:"my-3"},e))),Z.createElement("ul",{className:"my-4 ml-5 list-disc"},Ii[2].checkList.map(((e,t)=>Z.createElement("li",{key:t},e)))),Z.createElement(ae.Z,{as:"link",outline:!0,text:Ii[2].button.text}))),Di=()=>Z.createElement("section",{className:"bg-gradient-to-b from-gray-50 to-gray-100 dark:from-gray-900 dark:via-blue-900 dark:to-purple-900"},Z.createElement(ee.Z,{title:Ii[0].title,description:Ii[0].subtitle,textGradientStops:"from-purple-500 to-purple-700 dark:text-blue-700",textGradient:!0}),Z.createElement("div",{className:"mx-auto mb-20 mt-16 flex flex-wrap justify-center gap-20 px-8 lg:container"},Z.createElement(Pi,null),Z.createElement(xi,null)));const Bi=function(){return Z.createElement(Q.Z,null,Z.createElement($.Z,{title:wi,description:fi}),Z.createElement(ci.Z,{description:bi.text,icon:bi.icon,styles:"bg-purple-500 dark:bg-purple-700 text-white"}),Z.createElement(Si,null),Z.createElement(Ni,null),Z.createElement(Ci,null),Z.createElement(Di,null),Z.createElement(ne,null))}},6547:(e,t,n)=>{n.d(t,{_o:()=>o,kq:()=>a,wz:()=>s,yw:()=>i});const a="4.6.2",o="1.4.0",i="https://podman-desktop.io/blog/podman-desktop-release-1.4",s="https://meet.google.com/xrq-uemd-bzy"},1976:(e,t,n)=>{n.d(t,{Z:()=>a});const a=n.p+"assets/files/Podman_and_MinIO_RH_Webniar-c67aa1a014e2cc8f0cafbed016d26a56.pdf"},8064:(e,t,n)=>{n.d(t,{Z:()=>a});const a=n.p+"assets/files/Podman_in_the_Edge-15a870660e3632b751765efbc3f5ff3b.pdf"},7903:(e,t,n)=>{n.d(t,{Z:()=>a});const a=n.p+"assets/files/Time_To_Merge_Tool-9a9d827b0b8a73df826d96926f35b850.pdf"},1382:(e,t,n)=>{n.d(t,{Z:()=>a});const a=n.p+"assets/images/podman-ce586c2894883ad9c353492b5e1893a8.svg"}}]); \ No newline at end of file +"use strict";(self.webpackChunkpodman=self.webpackChunkpodman||[]).push([[849],{3905:(e,t,n)=>{n.d(t,{Zo:()=>d,kt:()=>p});var a=n(7294);function o(e,t,n){return t in e?Object.defineProperty(e,t,{value:n,enumerable:!0,configurable:!0,writable:!0}):e[t]=n,e}function i(e,t){var n=Object.keys(e);if(Object.getOwnPropertySymbols){var a=Object.getOwnPropertySymbols(e);t&&(a=a.filter((function(t){return Object.getOwnPropertyDescriptor(e,t).enumerable}))),n.push.apply(n,a)}return n}function s(e){for(var t=1;t=0||(o[n]=e[n]);return o}(e,t);if(Object.getOwnPropertySymbols){var i=Object.getOwnPropertySymbols(e);for(a=0;a=0||Object.prototype.propertyIsEnumerable.call(e,n)&&(o[n]=e[n])}return o}var l=a.createContext({}),h=function(e){var t=a.useContext(l),n=t;return e&&(n="function"==typeof e?e(t):s(s({},t),e)),n},d=function(e){var t=h(e.components);return a.createElement(l.Provider,{value:t},e.children)},u="mdxType",m={inlineCode:"code",wrapper:function(e){var t=e.children;return a.createElement(a.Fragment,{},t)}},c=a.forwardRef((function(e,t){var n=e.components,o=e.mdxType,i=e.originalType,l=e.parentName,d=r(e,["components","mdxType","originalType","parentName"]),u=h(n),c=o,p=u["".concat(l,".").concat(c)]||u[c]||m[c]||i;return n?a.createElement(p,s(s({ref:t},d),{},{components:n})):a.createElement(p,s({ref:t},d))}));function p(e,t){var n=arguments,o=t&&t.mdxType;if("string"==typeof e||o){var i=n.length,s=new Array(i);s[0]=c;var r={};for(var l in t)hasOwnProperty.call(t,l)&&(r[l]=t[l]);r.originalType=e,r[u]="string"==typeof e?e:o,s[1]=r;for(var h=2;h{n.d(t,{Z:()=>s});var a=n(7294),o=n(1954);const i={title:"Basic Resources",buttons:[{text:"Installation Instructions",path:"docs/installation",icon:"fa6-solid:book"},{text:"Documentation",path:"https://docs.podman.io/en/latest/",icon:"fa6-solid:book"},{text:"Podman Troubleshooting Guide",path:"https://github.com/containers/podman/blob/main/troubleshooting.md",icon:"fa6-solid:book"}]},s=()=>a.createElement("div",{className:"mt-4 lg:my-0"},a.createElement("header",{className:"container mb-6 text-center xl:mb-8 xl:text-start"},a.createElement("h3",{className:"font-medium text-blue-700 dark:text-blue-500"},i.title)),a.createElement("div",null,a.createElement("ul",{className:"mb-10 mt-4 flex flex-col gap-6 lg:mb-16 lg:mt-8 lg:gap-4 xl:flex-col"},i.buttons.map(((e,t)=>a.createElement("li",{key:t},a.createElement("a",{href:e.path,className:"no-underline hover:no-underline leading-none mx-auto flex h-32 max-w-lg flex-col items-center justify-center gap-4 rounded-md bg-gray-100 p-4 text-center text-purple-700 underline-offset-4 transition duration-150 ease-linear hover:bg-purple-700 hover:text-purple-50 hover:shadow-md dark:bg-gray-700 dark:hover:bg-purple-900 dark:hover:text-white lg:h-auto lg:flex-row xl:justify-start"},a.createElement("span",{className:"text-left"},e.text),a.createElement(o.JO,{icon:e.icon,className:"order-first hidden lg:block"}))))))))},1320:(e,t,n)=>{n.d(t,{Z:()=>m});var a=n(7294),o=n(1954),i=n(2074),s=n(8201),r=n(1372);const l=e=>{let{grid:t,display:n,layout:o,title:i,description:r}=e;return a.createElement("div",{className:`${t} ${n} ${o}`},a.createElement("h1",{className:"mb-6 max-w-sm text-purple-700 dark:text-purple-500 lg:max-w-lg "},i),a.createElement(s.Z,{text:r,styles:"leading-relaxed"}))},h=e=>{let{grid:t,display:n,layout:o,image:i={path:"images/raw/podman-2-196w-172h.png",alt:"Podman Logo"}}=e;return a.createElement("div",null,a.createElement("img",{src:i.path,alt:i.alt,className:`${t} ${n} ${o}`}))};function d(e){let{image:t,basicResources:n}=e;return n?a.createElement(r.Z,null):a.createElement(h,{image:t,layout:"mb-8 lg:mb-0"})}function u(e){let{instructions:t}=e;return t?a.createElement("div",null,a.createElement("h3",{className:"text-gray-700 mb-4"},t.title),a.createElement("p",null,t.subtitle),a.createElement("ul",{className:"mb-10 mt-4 flex flex-col gap-6 sm:flex-row lg:mb-16 lg:gap-4 xl:flex-col"},a.createElement("li",null,a.createElement("a",{href:t.button.path,className:"no-underline hover:no-underline flex h-32 max-w-lg flex-col items-center justify-center gap-4 rounded-md bg-gray-100 p-4 text-center text-purple-700 underline-offset-4 transition duration-150 ease-linear hover:bg-purple-700 hover:text-purple-50 hover:shadow-md dark:bg-gray-700 dark:hover:bg-purple-900 dark:hover:text-white lg:h-auto lg:flex-row xl:justify-start"},a.createElement("span",null,t.button.text),a.createElement(o.JO,{icon:t.button.icon,className:"order-first hidden lg:block"}))))):null}const m=function(e){let{title:t,description:n,image:o,lightColor:s="white",darkColor:r="gray-900",basicResources:h,instructions:m}=e;return a.createElement("header",{className:`bg-${s} dark:bg-${r}`},a.createElement("div",{className:"bg-gradient-to-r from-blue-500 to-purple-700 dark:from-blue-700 dark:to-purple-900 lg:pt-8"},a.createElement(i.Z,null)),a.createElement("div",{className:"container flex flex-col md:flex-row justify-around"},a.createElement("div",null,a.createElement(l,{title:t,description:n,layout:"mt-12 lg:mt-0 mb-8"}),a.createElement(u,{instructions:m})),a.createElement("div",{className:"w-[50%] ml-24"},a.createElement(d,{basicResources:h}))))}},3198:(e,t,n)=>{n.d(t,{Z:()=>i});var a=n(7294),o=n(8201);const i=function(e){let{title:t,description:n,textGradientStops:i="from-blue-700 via-blue-700 to-blue-900 dark:from-blue-500 dark:to-blue-700",textGradient:s=!1,textColor:r="text-gray-900",fontWeight:l,layout:h,bgColor:d}=e;const u=s?`bg-gradient-radial bg-clip-text text-transparent dark:bg-gradient-radial dark:text-transparent ${i}`:`${r}`;return a.createElement("header",{className:`${d} ${h}`},a.createElement("div",{className:"container mx-auto mb-4 mt-12 text-center lg:mt-16"},a.createElement("h2",{className:`${u} ${l}`},t),a.createElement(o.Z,{text:n,styles:"mx-auto my-4 max-w-4xl leading-relaxed text-gray-700 dark:text-gray-100"})))}},2074:(e,t,n)=>{n.d(t,{Z:()=>o});var a=n(7294);const o=function(e){let{light:t="fill-white",dark:n="dark:fill-gray-900",width:o="100",height:i="130",grid:s,layout:r}=e;return a.createElement("svg",{xmlns:"http://www.w3.org/2000/svg",className:`${s} ${r}`,width:`${o}%`,viewBox:`-8620 -1968 1400 ${i}`},a.createElement("path",{className:`${t} ${n}`,d:"M-8629-1935v-10.614s78.25-20.752 155.47-20.752c131.788 0 169.95 23.309 233.125 23.309 108.108 0 138.56-21.268 208.573-21.268s108.701 25.151 233.283 25.151c124.581 0 120.881-43.085 251.082-22.031 112.227 18.148 187.023 22.031 264.45 7.825 76.957-14.12 79.117 14.113 79.014 18.38l.003 258h-1425v-258Z"}))}},7528:(e,t,n)=>{n.d(t,{Z:()=>s});var a=n(7294),o=n(1954),i=n(8201);const s=function(e){let{title:t,description:n,image:s,styles:r,icon:l,bgColor:h="from-blue-700 via-blue-700 to-blue-900 dark:from-blue-500 dark:to-blue-700",titleColor:d="text-purple-700 dark:text-purple-500",marginHeight:u="mt-8 lg:mt-16"}=e;return a.createElement("section",{className:`${r} ${h} ${u} mx-auto w-full`},a.createElement("div",{className:"mx-auto flex max-w-3xl flex-wrap items-center justify-center gap-4 py-4 md:py-8 lg:gap-8 xl:max-w-fit"},a.createElement("div",null,l?a.createElement(o.JO,{icon:l,className:"text-4xl text-white dark:text-gray-50"}):s?a.createElement("img",{src:s.src,alt:s.alt}):a.createElement("p",null,"No image or icon")),t?a.createElement("div",{className:"mx-auto text-center md:text-start lg:pl-4"},a.createElement("h3",{className:`mx-auto mb-4 text-3xl font-bold ${d}`},t),a.createElement(i.Z,{text:n,styles:"mx-auto max-w-4xl leading-relaxed text-gray-700"})):a.createElement(i.Z,{text:n,styles:"mx-auto leading-relaxed"})))}},4307:(e,t,n)=>{n.d(t,{Z:()=>i});var a=n(7294),o=n(1954);const i=function(e){let{as:t="link",outline:n,colors:i,icon:s,text:r,method:l,path:h}=e;const d="text-xl h-fit my-2 block max-w-fit cursor-pointer rounded-md px-6 py-2 font-semibold transition duration-150 ease-in-out hover:no-underline hover:shadow-md whitespace-nowrap",u=n?` no-underline outline dark:bg-white dark:text-purple-700 text-purple-700 dark:text-purple-900 dark:hover:bg-purple-900 dark:hover:text-white ${i}`:`bg-purple-700 dark:bg-purple-900 text-white dark:text-white hover:bg-purple-900 no-underline hover:no-underline dark:hover:text-gray-50 dark:hover:bg-purple-700 hover:text-white ${i}`;return"button"===t?a.createElement("button",{onClick:l,className:`${d} ${u}`},s?a.createElement("span",{className:"flex items-center gap-2"},r," ",a.createElement(o.JO,{icon:s})):a.createElement("span",null,r)):a.createElement("a",{href:h,className:`${d} ${u}`},s?a.createElement("span",{className:"flex items-center gap-2"},r," ",a.createElement(o.JO,{icon:s})):a.createElement("span",null,r))}},4544:(e,t,n)=>{n.d(t,{Z:()=>i});var a=n(7294),o=n(1954);const i=function(e){const t=(0,a.useRef)(),[n,i]=(0,a.useState)(!1);var s,r;return s=t,r=()=>i(!1),(0,a.useEffect)((()=>{const e=e=>{s.current&&!s.current.contains(e.target)&&r(e)};return document.addEventListener("mousedown",e),document.addEventListener("touchstart",e),()=>{document.removeEventListener("mousedown",e),document.removeEventListener("touchstart",e)}}),[s,r]),a.createElement("div",{ref:t},a.createElement("button",{"data-dropdown-toggle":"dropdown",onClick:()=>i((e=>!e)),className:"my-2 flex items-center gap-2 rounded-md bg-white px-4 py-2 font-bold text-purple-700 transition duration-150 ease-linear hover:bg-purple-700 hover:text-white focus:shadow-md dark:text-purple-900 dark:hover:text-white"},a.createElement("span",null,e.text),a.createElement(o.JO,{icon:"ion:caret-down-outline"})),n&&a.createElement("div",{className:"absolute mt-2 max-w-fit rounded-md bg-white shadow-md dark:bg-gray-900"},e.option))}},8201:(e,t,n)=>{n.d(t,{Z:()=>s});var a=n(7294),o=n(1262);const i=(0,a.lazy)((()=>n.e(195).then(n.bind(n,1195))));const s=function(e){let{text:t,styles:n}=e;return a.createElement(o.Z,null,(()=>a.createElement(a.Suspense,{fallback:a.createElement("p",null,"text loading...")},a.createElement(i,{children:t,className:n}))))}},1150:(e,t,n)=>{n.r(t),n.d(t,{default:()=>Bi});var a={};n.r(a),n.d(a,{contentTitle:()=>pe,default:()=>we,frontMatter:()=>ce,toc:()=>ge});var o={};n.r(o),n.d(o,{contentTitle:()=>be,default:()=>Ie,frontMatter:()=>fe,toc:()=>ve});var i={};n.r(i),n.d(i,{contentTitle:()=>Se,default:()=>xe,frontMatter:()=>Te,toc:()=>Ne});var s={};n.r(s),n.d(s,{contentTitle:()=>Be,default:()=>Le,frontMatter:()=>De,toc:()=>Ee});var r={};n.r(r),n.d(r,{contentTitle:()=>Re,default:()=>Ge,frontMatter:()=>He,toc:()=>Je});var l={};n.r(l),n.d(l,{contentTitle:()=>Ye,default:()=>Ke,frontMatter:()=>Ue,toc:()=>ze});var h={};n.r(h),n.d(h,{contentTitle:()=>Qe,default:()=>et,frontMatter:()=>Ze,toc:()=>_e});var d={};n.r(d),n.d(d,{contentTitle:()=>nt,default:()=>st,frontMatter:()=>tt,toc:()=>at});var u={};n.r(u),n.d(u,{contentTitle:()=>lt,default:()=>mt,frontMatter:()=>rt,toc:()=>ht});var m={};n.r(m),n.d(m,{contentTitle:()=>pt,default:()=>wt,frontMatter:()=>ct,toc:()=>gt});var c={};n.r(c),n.d(c,{contentTitle:()=>bt,default:()=>It,frontMatter:()=>ft,toc:()=>vt});var p={};n.r(p),n.d(p,{contentTitle:()=>St,default:()=>xt,frontMatter:()=>Tt,toc:()=>Nt});var g={};n.r(g),n.d(g,{contentTitle:()=>Bt,default:()=>Lt,frontMatter:()=>Dt,toc:()=>Et});var k={};n.r(k),n.d(k,{contentTitle:()=>Rt,default:()=>Gt,frontMatter:()=>Ht,toc:()=>Jt});var y={};n.r(y),n.d(y,{contentTitle:()=>Yt,default:()=>Kt,frontMatter:()=>Ut,toc:()=>zt});var w={};n.r(w),n.d(w,{contentTitle:()=>Qt,default:()=>en,frontMatter:()=>Zt,toc:()=>_t});var f={};n.r(f),n.d(f,{contentTitle:()=>nn,default:()=>rn,frontMatter:()=>tn,toc:()=>an});var b={};n.r(b),n.d(b,{contentTitle:()=>hn,default:()=>cn,frontMatter:()=>ln,toc:()=>dn});var v={};n.r(v),n.d(v,{contentTitle:()=>gn,default:()=>fn,frontMatter:()=>pn,toc:()=>kn});var M={};n.r(M),n.d(M,{contentTitle:()=>vn,default:()=>Tn,frontMatter:()=>bn,toc:()=>Mn});var A={};n.r(A),n.d(A,{contentTitle:()=>Nn,default:()=>Dn,frontMatter:()=>Sn,toc:()=>Cn});var I={};n.r(I),n.d(I,{contentTitle:()=>En,default:()=>Hn,frontMatter:()=>Bn,toc:()=>Wn});var T={};n.r(T),n.d(T,{contentTitle:()=>Jn,default:()=>Un,frontMatter:()=>Rn,toc:()=>On});var S={};n.r(S),n.d(S,{contentTitle:()=>zn,default:()=>Zn,frontMatter:()=>Yn,toc:()=>qn});var N={};n.r(N),n.d(N,{contentTitle:()=>_n,default:()=>ta,frontMatter:()=>Qn,toc:()=>Xn});var C={};n.r(C),n.d(C,{contentTitle:()=>aa,default:()=>ra,frontMatter:()=>na,toc:()=>oa});var P={};n.r(P),n.d(P,{contentTitle:()=>ha,default:()=>ca,frontMatter:()=>la,toc:()=>da});var x={};n.r(x),n.d(x,{contentTitle:()=>ga,default:()=>fa,frontMatter:()=>pa,toc:()=>ka});var D={};n.r(D),n.d(D,{contentTitle:()=>va,default:()=>Ta,frontMatter:()=>ba,toc:()=>Ma});var B={};n.r(B),n.d(B,{contentTitle:()=>Na,default:()=>Da,frontMatter:()=>Sa,toc:()=>Ca});var E={};n.r(E),n.d(E,{contentTitle:()=>Ea,default:()=>Ha,frontMatter:()=>Ba,toc:()=>Wa});var W={};n.r(W),n.d(W,{contentTitle:()=>Ja,default:()=>Ua,frontMatter:()=>Ra,toc:()=>Oa});var j={};n.r(j),n.d(j,{contentTitle:()=>za,default:()=>Za,frontMatter:()=>Ya,toc:()=>qa});var L={};n.r(L),n.d(L,{contentTitle:()=>_a,default:()=>to,frontMatter:()=>Qa,toc:()=>Xa});var H={};n.r(H),n.d(H,{contentTitle:()=>ao,default:()=>ro,frontMatter:()=>no,toc:()=>oo});var R={};n.r(R),n.d(R,{contentTitle:()=>ho,default:()=>po,frontMatter:()=>lo,toc:()=>uo});var J={};n.r(J),n.d(J,{contentTitle:()=>ko,default:()=>bo,frontMatter:()=>go,toc:()=>yo});var O={};n.r(O),n.d(O,{contentTitle:()=>Mo,default:()=>So,frontMatter:()=>vo,toc:()=>Ao});var F={};n.r(F),n.d(F,{contentTitle:()=>Co,default:()=>Bo,frontMatter:()=>No,toc:()=>Po});var G={};n.r(G),n.d(G,{contentTitle:()=>Wo,default:()=>Ro,frontMatter:()=>Eo,toc:()=>jo});var U={};n.r(U),n.d(U,{contentTitle:()=>Oo,default:()=>Yo,frontMatter:()=>Jo,toc:()=>Fo});var Y={};n.r(Y),n.d(Y,{contentTitle:()=>qo,default:()=>Qo,frontMatter:()=>zo,toc:()=>Vo});var z={};n.r(z),n.d(z,{contentTitle:()=>Xo,default:()=>ni,frontMatter:()=>_o,toc:()=>$o});var q={};n.r(q),n.d(q,{contentTitle:()=>oi,default:()=>li,frontMatter:()=>ai,toc:()=>ii});var V={};n.r(V),n.d(V,{F20201006:()=>a,F20201103:()=>u,F20201201:()=>f,F20210202:()=>N,F20210302:()=>j,F20210406:()=>o,F20210504:()=>m,F20210601:()=>b,F20210715:()=>C,F20210803:()=>L,F20210819:()=>i,F20210907:()=>c,F20210916:()=>v,F20211005:()=>P,F20211021:()=>H,F20211102:()=>s,F20211118:()=>p,F20211207:()=>M,F20211216:()=>x,F20220120:()=>R,F20220201:()=>r,F20220217:()=>g,F20220317:()=>A,F20220405:()=>D,F20220421:()=>J,F20220519:()=>l,F20220607:()=>k,F20220721:()=>I,F20220802:()=>B,F20220915:()=>O,F20221004:()=>h,F20221117:()=>y,F20221206:()=>T,F20230119:()=>E,F20230207:()=>F,F20230216:()=>d,F20230316:()=>w,F20230404:()=>S,F20230420:()=>W,F20230518:()=>G,F20230606:()=>U,F20230615:()=>Y,F20230720:()=>z,F20230921:()=>q});var K=n(7462),Z=n(7294),Q=n(7961),_=n(1954),X=n(8201),$=n(1320),ee=n(3198);const te=[{label:"Red Hat",href:"https://www.redhat.com/",src:"logos/raw/red-hat-120w-77h.png",alt:"Red Hat Logo"},{label:"Amadeus",href:"https://www.amadeus.com/",src:"logos/raw/amadeus-171w-22h.png",alt:"Amadeus Logo"},{label:"Suse",href:"https://www.suse.com",src:"logos/raw/suse-167w-30h.png",alt:"Suse Logo"},{label:"Motorola",href:"https://www.motorolasolutions.com/",src:"logos/raw/motorola-solutions-128w-110h.png",alt:"Motorola Solutions Logo"},{label:"NTT",href:"https://www.global.ntt",src:"logos/raw/ntt-145w-50h.png",alt:"NTT Logo"},{label:"IBM",href:"https://www.ibm.com",src:"logos/raw/ibm-92w-37h.png",alt:"IBM Logo"},{label:"Debian",href:"https://www.debian.org/",src:"logos/raw/debian-68w-90h.png",alt:"Debian Logo"}];const ne=function(){const[e,t,n,a,o,i,s]=te;return Z.createElement("section",{className:"my-8 lg:my-12"},Z.createElement("header",{className:"container my-4 text-center lg:my-8"},Z.createElement("h2",{className:"mb-3 text-blue-700 dark:text-purple-500"},"Special thanks to our contributors"),Z.createElement("p",{className:"text-gray-900"},"The Podman community has contributors from many different organizations, including:")),Z.createElement("div",{className:"relative mx-auto my-8 flex items-center"},Z.createElement("button",{onClick:()=>{const e=document.getElementById("slider");e.scrollLeft=e.scrollLeft-500},className:"lg:hidden"},Z.createElement(_.JO,{icon:"fa-solid:arrow-circle-left",className:"text-4xl text-gray-500 opacity-25 transition duration-150 ease-linear hover:text-purple-900 hover:opacity-100 dark:hover:text-purple-700"})),Z.createElement("div",{id:"slider",className:"justify-center mx-auto h-full w-full place-items-center gap-6 overflow-x-scroll scroll-smooth whitespace-nowrap scrollbar scrollbar-track-purple-500 lg:container lg:grid"},Z.createElement("a",{href:e.href,target:"_blank",className:"mx-4 mb-4 inline-block rounded-md p-4 dark:bg-gray-100 lg:row-span-2 lg:row-start-1 lg:mb-0"},Z.createElement("img",(0,K.Z)({},e,{className:"mx-auto p-4"}))),Z.createElement("a",{href:t.href,target:"_blank",className:"mx-4 mb-4 inline-block rounded-md p-4 dark:bg-gray-100 lg:mb-0 lg:flex lg:h-28 lg:w-80 lg:items-center"},Z.createElement("img",(0,K.Z)({},t,{className:"object-fit mx-auto max-w-sm p-4 "}))),Z.createElement("a",{href:n.href,target:"_blank",className:"mx-4 mb-4 inline-block rounded-md p-4 dark:bg-gray-100 lg:mb-0 lg:flex lg:h-28 lg:w-80 lg:items-center"},Z.createElement("img",(0,K.Z)({},n,{className:"object-fit mx-auto max-w-sm p-4 "}))),Z.createElement("a",{href:a.href,target:"_blank",className:"mx-4 mb-4 inline-block rounded-md p-4 dark:bg-gray-100 lg:row-span-2 lg:row-start-1 lg:mb-0"},Z.createElement("img",(0,K.Z)({},a,{className:"mx-auto p-4"}))),Z.createElement("a",{href:o.href,target:"_blank",className:"mx-4 mb-4 inline-block rounded-md p-4 dark:bg-gray-100 lg:mb-0 lg:flex lg:h-28 lg:w-80 lg:items-center"},Z.createElement("img",(0,K.Z)({},o,{className:"object-fit mx-auto max-w-sm p-4 "}))),Z.createElement("a",{href:i.href,target:"_blank",className:"col-span-3 mx-4 mb-4 inline-block rounded-md p-4 dark:bg-gray-100 lg:mb-0 lg:flex lg:h-28 lg:w-80 lg:items-center"},Z.createElement("img",(0,K.Z)({},i,{className:"object-fit mx-auto max-w-sm p-4 "}))),Z.createElement("a",{href:s.href,target:"_blank",className:"mx-4 mb-4 inline-block rounded-md p-4 dark:bg-gray-100 lg:row-span-2 lg:row-start-1 lg:mb-0"},Z.createElement("img",(0,K.Z)({},s,{className:"mx-auto p-4"})))),Z.createElement("button",{onClick:()=>{const e=document.getElementById("slider");e.scrollLeft=e.scrollLeft+500},className:"lg:hidden"},Z.createElement(_.JO,{icon:"fa-solid:arrow-circle-right",className:"dark:hover-text-purple-700 text-4xl text-gray-500 opacity-25 transition duration-150 ease-linear hover:text-purple-900 hover:opacity-100"}))))};var ae=n(4307);const oe=function(){return Z.createElement("svg",{width:"74.667",xmlns:"http://www.w3.org/2000/svg",className:"film-icon",height:"56",id:"screenshot-f22025ed-2924-807f-8002-a2aff9654955",viewBox:"0 0 74.667 56",fill:"none",version:"1.1"},Z.createElement("g",{id:"shape-f22025ed-2924-807f-8002-a2aff9654955",rx:"0",ry:"0"},Z.createElement("g",{id:"shape-f22025ed-2924-807f-8002-a2af748c75a7",className:"svg-inline--fa fa-film fa-w-16",rx:"0",ry:"0",fill:"url(#fill-0-rumext-id-2)"},Z.createElement("defs",null,Z.createElement("radialGradient",{id:"fill-color-gradient_rumext-id-2_0",cx:"0.5",cy:"0.5",r:"0.5",gradientTransform:"matrix(-1.000000, 0.000000, -0.000000, -1.000000, 1.000000, 1.000000)"},Z.createElement("stop",{offset:"0",stopColor:"#68c6f7",stopOpacity:"1"}),Z.createElement("stop",{offset:"1",stopColor:"#3799cc",stopOpacity:"1"})),Z.createElement("pattern",{patternUnits:"userSpaceOnUse",x:"0.0000022199039904080564",y:"0.0000025210333660652395",height:"56.00000799999998",width:"74.66667200000188","data-loading":"false",id:"fill-0-rumext-id-2"},Z.createElement("g",null,Z.createElement("rect",{width:"74.66667200000188",height:"56.00000799999998",fill:"url(#fill-color-gradient_rumext-id-2_0)"})))),Z.createElement("g",{id:"shape-f22025ed-2924-807f-8002-a2af748c75a8"},Z.createElement("defs",null,Z.createElement("radialGradient",{id:"fill-color-gradient_rumext-id-3_0",cx:"0.5",cy:"0.5",r:"0.5",gradientTransform:"matrix(-1.000000, 0.000000, -0.000000, -1.000000, 1.000000, 1.000000)"},Z.createElement("stop",{offset:"0",stopColor:"#68c6f7",stopOpacity:"1"}),Z.createElement("stop",{offset:"1",stopColor:"#3799cc",stopOpacity:"1"})),Z.createElement("pattern",{patternUnits:"userSpaceOnUse",x:"-0.10779549147923717",y:"0.000006515896984637948",height:"56.000000000000455",width:"75.00000000000205","data-loading":"false",patternTransform:"matrix(1.000000, 0.000000, 0.000000, 1.000000, 0.000000, -0.000000)",id:"fill-0-rumext-id-3"},Z.createElement("g",null,Z.createElement("rect",{width:"75.00000000000205",height:"56.000000000000455",fill:"url(#fill-color-gradient_rumext-id-3_0)"})))),Z.createElement("g",{className:"fills",id:"fills-f22025ed-2924-807f-8002-a2af748c75a8"},Z.createElement("path",{fill:"url(#fill-0-rumext-id-3)",rx:"0",ry:"0",d:"M71.167,0.000L70.000,0.000L70.000,2.917C70.000,3.879,69.213,4.667,68.250,4.667L62.417,4.667C61.454,4.667,60.667,3.879,60.667,2.917L60.667,0.000L14.000,0.000L14.000,2.917C14.000,3.879,13.213,4.667,12.250,4.667L6.417,4.667C5.454,4.667,4.667,3.879,4.667,2.917L4.667,0.000L3.500,0.000C1.560,0.000,0.000,1.560,0.000,3.500L0.000,52.500C0.000,54.440,1.560,56.000,3.500,56.000L4.667,56.000L4.667,53.083C4.667,52.121,5.454,51.333,6.417,51.333L12.250,51.333C13.213,51.333,14.000,52.121,14.000,53.083L14.000,56.000L60.667,56.000L60.667,53.083C60.667,52.121,61.454,51.333,62.417,51.333L68.250,51.333C69.213,51.333,70.000,52.121,70.000,53.083L70.000,56.000L71.167,56.000C73.106,56.000,74.667,54.440,74.667,52.500L74.667,3.500C74.667,1.560,73.106,0.000,71.167,0.000ZZM14.000,44.917C14.000,45.879,13.213,46.667,12.250,46.667L6.417,46.667C5.454,46.667,4.667,45.879,4.667,44.917L4.667,39.083C4.667,38.121,5.454,37.333,6.417,37.333L12.250,37.333C13.213,37.333,14.000,38.121,14.000,39.083L14.000,44.917ZZM14.000,30.917C14.000,31.879,13.213,32.667,12.250,32.667L6.417,32.667C5.454,32.667,4.667,31.879,4.667,30.917L4.667,25.083C4.667,24.121,5.454,23.333,6.417,23.333L12.250,23.333C13.213,23.333,14.000,24.121,14.000,25.083L14.000,30.917ZZM14.000,16.917C14.000,17.879,13.213,18.667,12.250,18.667L6.417,18.667C5.454,18.667,4.667,17.879,4.667,16.917L4.667,11.083C4.667,10.121,5.454,9.333,6.417,9.333L12.250,9.333C13.213,9.333,14.000,10.121,14.000,11.083L14.000,16.917ZZM53.667,47.250C53.667,48.213,52.879,49.000,51.917,49.000L22.750,49.000C21.788,49.000,21.000,48.213,21.000,47.250L21.000,33.250C21.000,32.288,21.788,31.500,22.750,31.500L51.917,31.500C52.879,31.500,53.667,32.288,53.667,33.250L53.667,47.250ZZM53.667,22.750C53.667,23.713,52.879,24.500,51.917,24.500L22.750,24.500C21.788,24.500,21.000,23.713,21.000,22.750L21.000,8.750C21.000,7.788,21.788,7.000,22.750,7.000L51.917,7.000C52.879,7.000,53.667,7.788,53.667,8.750L53.667,22.750ZZM70.000,44.917C70.000,45.879,69.213,46.667,68.250,46.667L62.417,46.667C61.454,46.667,60.667,45.879,60.667,44.917L60.667,39.083C60.667,38.121,61.454,37.333,62.417,37.333L68.250,37.333C69.213,37.333,70.000,38.121,70.000,39.083L70.000,44.917ZZM70.000,30.917C70.000,31.879,69.213,32.667,68.250,32.667L62.417,32.667C61.454,32.667,60.667,31.879,60.667,30.917L60.667,25.083C60.667,24.121,61.454,23.333,62.417,23.333L68.250,23.333C69.213,23.333,70.000,24.121,70.000,25.083L70.000,30.917ZZM70.000,16.917C70.000,17.879,69.213,18.667,68.250,18.667L62.417,18.667C61.454,18.667,60.667,17.879,60.667,16.917L60.667,11.083C60.667,10.121,61.454,9.333,62.417,9.333L68.250,9.333C69.213,9.333,70.000,10.121,70.000,11.083L70.000,16.917ZZ"})))),Z.createElement("g",{id:"shape-f22025ed-2924-807f-8002-a2af7f162a3b",className:"svg-inline--fa fa-film fa-w-16",rx:"0",ry:"0",fill:"url(#fill-0-rumext-id-4)"},Z.createElement("defs",null,Z.createElement("radialGradient",{id:"fill-color-gradient_rumext-id-4_0",cx:"0.5",cy:"0.5",r:"0.5",gradientTransform:"matrix(-1.000000, 0.000000, -0.000000, -1.000000, 1.000000, 1.000000)"},Z.createElement("stop",{offset:"0",stopColor:"#68c6f7",stopOpacity:"1"}),Z.createElement("stop",{offset:"1",stopColor:"#3799cc",stopOpacity:"1"})),Z.createElement("pattern",{patternUnits:"userSpaceOnUse",x:"0.0000022199039904080564",y:"56.000002521033366",height:"56.00000799999998",width:"74.66667200000188","data-loading":"false",id:"fill-0-rumext-id-4"},Z.createElement("g",null,Z.createElement("rect",{width:"74.66667200000188",height:"56.00000799999998",fill:"url(#fill-color-gradient_rumext-id-4_0)"})))),Z.createElement("g",{id:"shape-f22025ed-2924-807f-8002-a2af7f162a3c"},Z.createElement("defs",null,Z.createElement("radialGradient",{id:"fill-color-gradient_rumext-id-5_0",cx:"0.5",cy:"0.5",r:"0.5",gradientTransform:"matrix(-1.000000, 0.000000, -0.000000, -1.000000, 1.000000, 1.000000)"},Z.createElement("stop",{offset:"0",stopColor:"#68c6f7",stopOpacity:"1"}),Z.createElement("stop",{offset:"1",stopColor:"#3799cc",stopOpacity:"1"})),Z.createElement("pattern",{patternUnits:"userSpaceOnUse",x:"-0.10779549147923717",y:"56.000006515896985",height:"56.000000000000455",width:"75.00000000000205","data-loading":"false",patternTransform:"matrix(1.000000, 0.000000, 0.000000, 1.000000, 0.000000, -0.000000)",id:"fill-0-rumext-id-5"},Z.createElement("g",null,Z.createElement("rect",{width:"75.00000000000205",height:"56.000000000000455",fill:"url(#fill-color-gradient_rumext-id-5_0)"})))),Z.createElement("g",{className:"fills",id:"fills-f22025ed-2924-807f-8002-a2af7f162a3c"},Z.createElement("path",{fill:"url(#fill-0-rumext-id-5)",rx:"0",ry:"0",d:"M71.167,56.000L70.000,56.000L70.000,58.917C70.000,59.879,69.213,60.667,68.250,60.667L62.417,60.667C61.454,60.667,60.667,59.879,60.667,58.917L60.667,56.000L14.000,56.000L14.000,58.917C14.000,59.879,13.213,60.667,12.250,60.667L6.417,60.667C5.454,60.667,4.667,59.879,4.667,58.917L4.667,56.000L3.500,56.000C1.560,56.000,0.000,57.560,0.000,59.500L0.000,108.500C0.000,110.440,1.560,112.000,3.500,112.000L4.667,112.000L4.667,109.083C4.667,108.121,5.454,107.333,6.417,107.333L12.250,107.333C13.213,107.333,14.000,108.121,14.000,109.083L14.000,112.000L60.667,112.000L60.667,109.083C60.667,108.121,61.454,107.333,62.417,107.333L68.250,107.333C69.213,107.333,70.000,108.121,70.000,109.083L70.000,112.000L71.167,112.000C73.106,112.000,74.667,110.440,74.667,108.500L74.667,59.500C74.667,57.560,73.106,56.000,71.167,56.000ZZM14.000,100.917C14.000,101.879,13.213,102.667,12.250,102.667L6.417,102.667C5.454,102.667,4.667,101.879,4.667,100.917L4.667,95.083C4.667,94.121,5.454,93.333,6.417,93.333L12.250,93.333C13.213,93.333,14.000,94.121,14.000,95.083L14.000,100.917ZZM14.000,86.917C14.000,87.879,13.213,88.667,12.250,88.667L6.417,88.667C5.454,88.667,4.667,87.879,4.667,86.917L4.667,81.083C4.667,80.121,5.454,79.333,6.417,79.333L12.250,79.333C13.213,79.333,14.000,80.121,14.000,81.083L14.000,86.917ZZM14.000,72.917C14.000,73.879,13.213,74.667,12.250,74.667L6.417,74.667C5.454,74.667,4.667,73.879,4.667,72.917L4.667,67.083C4.667,66.121,5.454,65.333,6.417,65.333L12.250,65.333C13.213,65.333,14.000,66.121,14.000,67.083L14.000,72.917ZZM53.667,103.250C53.667,104.213,52.879,105.000,51.917,105.000L22.750,105.000C21.788,105.000,21.000,104.213,21.000,103.250L21.000,89.250C21.000,88.288,21.788,87.500,22.750,87.500L51.917,87.500C52.879,87.500,53.667,88.288,53.667,89.250L53.667,103.250ZZM53.667,78.750C53.667,79.713,52.879,80.500,51.917,80.500L22.750,80.500C21.788,80.500,21.000,79.713,21.000,78.750L21.000,64.750C21.000,63.788,21.788,63.000,22.750,63.000L51.917,63.000C52.879,63.000,53.667,63.788,53.667,64.750L53.667,78.750ZZM70.000,100.917C70.000,101.879,69.213,102.667,68.250,102.667L62.417,102.667C61.454,102.667,60.667,101.879,60.667,100.917L60.667,95.083C60.667,94.121,61.454,93.333,62.417,93.333L68.250,93.333C69.213,93.333,70.000,94.121,70.000,95.083L70.000,100.917ZZM70.000,86.917C70.000,87.879,69.213,88.667,68.250,88.667L62.417,88.667C61.454,88.667,60.667,87.879,60.667,86.917L60.667,81.083C60.667,80.121,61.454,79.333,62.417,79.333L68.250,79.333C69.213,79.333,70.000,80.121,70.000,81.083L70.000,86.917ZZM70.000,72.917C70.000,73.879,69.213,74.667,68.250,74.667L62.417,74.667C61.454,74.667,60.667,73.879,60.667,72.917L60.667,67.083C60.667,66.121,61.454,65.333,62.417,65.333L68.250,65.333C69.213,65.333,70.000,66.121,70.000,67.083L70.000,72.917ZZ"}))))))};function ie(e){const{title:t,subtitle:n,details:a}=e;return Z.createElement("div",{className:"mx-2 mb-10 mt-4 text-center"},Z.createElement("h3",{className:"mb-3 whitespace-nowrap font-bold text-gray-700 dark:text-gray-50"},t),Z.createElement(X.Z,{text:n,styles:"text-gray-700"}),Z.createElement(X.Z,{text:a,styles:"text-gray-700"}))}function se(e){const{text:t}=e;return Z.createElement("div",{className:"mx-2 my-6 overflow-y-auto lg:my-8"},Z.createElement("p",{id:"cardBody-parsed",className:"text-gray-700 dark:text-gray-100"},Z.createElement(X.Z,{text:t})))}function re(e){const{data:t=[{text:"button text",markDown:Z.createElement(Z.Fragment,null,"No MarkDown to Display!")}],primary:n=!1,method:a=(()=>{console.error("No callback method passed")})}=e;return Z.createElement("div",{className:"align-center mb-4 mt-8 flex flex-row flex-wrap justify-center gap-4 lg:mb-8 2xl:px-10"},n?t.map(((e,t)=>Z.createElement("div",{key:t},0==t?Z.createElement(ae.Z,(0,K.Z)({as:"link"},e)):Z.createElement(ae.Z,(0,K.Z)({as:"link",outline:!0},e))))):t.map(((e,t)=>Z.createElement("div",{key:t},0==t?Z.createElement(ae.Z,(0,K.Z)({as:"link",outline:!0},e)):Z.createElement(ae.Z,(0,K.Z)({as:"button",method:()=>{a(e)},outline:!0},e))))))}const le=function(e){return Z.createElement("article",{style:e.primary?{maxHeight:"550px",flex:1}:{},className:"flex w-11/12 flex-col rounded-lg bg-gray-50 p-4 shadow-xl dark:bg-gray-700 dark:shadow-none lg:mx-8 lg:my-4"},Z.createElement(ie,e),e?.icon?Z.createElement(oe,null):Z.createElement(se,e),Z.createElement(re,e))};const he=function(e){let{cards:t,toggleIsModalOpen:n}=e;return Z.createElement("div",{className:"mb-4 flex lg:mb-6"},t?.map(((e,t)=>{let a=new Date(e.date).getDay();return Z.createElement(le,{key:t,title:e.date,subtitle:(o=a,["Sunday","Monday","Tuesday","Wednesday","Thursday","Friday","Saturday"][o]),details:e.timeZone,text:e.subtitle,data:e.buttons,icon:e.icon,method:t=>{n(t,e.date)}});var o})))};const de=function(e){const{dropdownRef:t}=e,[n,a]=(0,Z.useState)(!1);var o,i;return o=t,i=()=>a(!1),(0,Z.useEffect)((()=>{const e=e=>{o.current&&!o.current.contains(e.target)&&i(e)};return document.addEventListener("mousedown",e),document.addEventListener("touchstart",e),()=>{document.removeEventListener("mousedown",e),document.removeEventListener("touchstart",e)}}),[o,i]),Z.createElement("div",{ref:t},Z.createElement("div",{"data-dropdown-toggle":"dropdown",onClick:()=>a((e=>!e)),className:"my-2 flex cursor-pointer items-center gap-1 py-2 pl-12 font-bold text-purple-700 dark:text-purple-500"},Z.createElement("div",{className:`transition duration-150 ease-linear ${n&&"rotate-90"}`},Z.createElement(_.JO,{icon:"bi:caret-right-square-fill"})),Z.createElement("span",null,e.text)),Z.createElement("div",{className:"dropdown-options absolute mt-2 flex flex-col overflow-y-auto overflow-x-hidden shadow-md scrollbar-thin scrollbar-track-gray-100 scrollbar-thumb-gray-300 dark:bg-gray-900 md:max-h-full lg:max-h-96"},n&&e?.options.map((e=>e))))};const ue=function(e){const{classNames:t}=e;return Z.createElement("svg",{width:"33",xmlns:"http://www.w3.org/2000/svg",height:"33",id:"screenshot-6dbb9699-50de-8051-8002-b160b2203dcd",viewBox:"-0.5 -0.5 33 33",fill:"rgb(177, 178, 181)",version:"1.1",className:t},Z.createElement("g",{id:"shape-6dbb9699-50de-8051-8002-b160b2203dcd",rx:"0",ry:"0"},Z.createElement("g",{id:"shape-6dbb9699-50de-8051-8002-b15f80612846"},Z.createElement("g",{className:"fills",id:"fills-6dbb9699-50de-8051-8002-b15f80612846"},Z.createElement("path",{d:"M5,0 h22 a5,5 0 0 1 5,5 v22 a5,5 0 0 1 -5,5 h-22 a5,5 0 0 1 -5,-5 v-22 a5,5 0 0 1 5,-5 z",x:"0",y:"0",transform:"matrix(1.000000, 0.000000, 0.000000, 1.000000, 0.000000, 0.000000)",width:"32",height:"32"})),Z.createElement("g",{id:"strokes-6dbb9699-50de-8051-8002-b15f80612846",className:"strokes"},Z.createElement("g",{className:"stroke-shape"},Z.createElement("path",{d:"M5,0 h22 a5,5 0 0 1 5,5 v22 a5,5 0 0 1 -5,5 h-22 a5,5 0 0 1 -5,-5 v-22 a5,5 0 0 1 5,-5 z",x:"0",y:"0",transform:"matrix(1.000000, 0.000000, 0.000000, 1.000000, 0.000000, 0.000000)",width:"32",height:"32",opacity:"0.5",fill:"none",strokeWidth:"1",stroke:"rgb(0, 0, 0)",strokeOpacity:"1"})))),Z.createElement("g",{id:"shape-6dbb9699-50de-8051-8002-b16031b36494"},Z.createElement("g",{className:"fills",id:"fills-6dbb9699-50de-8051-8002-b16031b36494"},Z.createElement("path",{rx:"0",ry:"0",d:"M28.500,3.500L3.500,29.500"})),Z.createElement("g",{id:"strokes-6dbb9699-50de-8051-8002-b16031b36494",className:"strokes"},Z.createElement("g",{className:"stroke-shape"},Z.createElement("path",{rx:"0",ry:"0",d:"M28.500,3.500L3.500,29.500",fill:"none",strokeWidth:"2",stroke:"rgb(0, 0, 0)",strokeOpacity:"1"})))),Z.createElement("g",{id:"shape-6dbb9699-50de-8051-8002-b1604c231d3e"},Z.createElement("g",{className:"fills",id:"fills-6dbb9699-50de-8051-8002-b1604c231d3e"},Z.createElement("path",{rx:"0",ry:"0",d:"M28.500,28.500L2.500,3.500"})),Z.createElement("g",{id:"strokes-6dbb9699-50de-8051-8002-b1604c231d3e",className:"strokes"},Z.createElement("g",{className:"stroke-shape"},Z.createElement("path",{rx:"0",ry:"0",d:"M28.500,28.500L2.500,3.500",fill:"none",strokeWidth:"2",stroke:"rgb(0, 0, 0)",strokeOpacity:"1"}))))))};var me=n(3905);const ce={layout:"default",title:"Podman Community Meeting"},pe=void 0,ge=[{value:"October 6, 2020 11:00 a.m. Eastern",id:"october-6-2020-1100-am-eastern",level:2},{value:"Attendees (34 total)",id:"attendees-34-total",level:3},{value:"Introductions",id:"introductions",level:2},{value:"Upcoming",id:"upcoming",level:2},{value:"Podman v3.0 Planning",id:"podman-v30-planning",level:2},{value:"HPC",id:"hpc",level:2},{value:"Questions?",id:"questions",level:2},{value:"Topics for Next Meeting",id:"topics-for-next-meeting",level:2},{value:"Next Meeting: Tuesday, November 3, 2020, 11:00 a.m. Eastern",id:"next-meeting-tuesday-november-3-2020-1100-am-eastern",level:2},{value:"BlueJeans Chat raw copy/paste:",id:"bluejeans-chat-raw-copypaste",level:2}],ke={toc:ge},ye="wrapper";function we(e){let{components:t,...a}=e;return(0,me.kt)(ye,(0,K.Z)({},ke,a,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("p",null,(0,me.kt)("img",{alt:"Podman logo",src:n(1382).Z,width:"228",height:"61"})),(0,me.kt)("h1",{id:"-pagetitle-"},"{{ page.title }}"),(0,me.kt)("h2",{id:"october-6-2020-1100-am-eastern"},"October 6, 2020 11:00 a.m. Eastern"),(0,me.kt)("h3",{id:"attendees-34-total"},"Attendees (34 total)"),(0,me.kt)("p",null,"Tom Sweeney, Alex Litvak, Chris Evich, Christian Felder, Douglas, Ed Santaigo, Josep Gooch, Joe Doss, Lokesh Mand, Manish, Matt Heon, Reinhard Tartler, Valentin Rothberg, Wolfgang K, Nalin Dahyabhai, Dusty Mabe, Urvashi Mohnani, Sally O'Malley, Eduardo Santiago, Anders, Miloslav Trma\u010d, Jhon Honce, Parker Van Roy, Brent Baude, James Alt, Greg Shomo, Paul Holzinger, Ralf Haferkamp, Giuseppe Scrivano, Scott McCarty, Anders Bj\xf6rklund (afbjorklund), Balamurugan, Brian Smith, Drew Baily"),(0,me.kt)("h2",{id:"introductions"},"Introductions"),(0,me.kt)("p",null,"Each of the attendees gave a quick introduction."),(0,me.kt)("h2",{id:"upcoming"},"Upcoming"),(0,me.kt)("p",null,"Matt Heon discussed the upcoming releases and some of their content. He said, v2.1 came out a little over a week ago, v2.1.1 coming with bug fixes in the next week or so.\nAiming v3.0 towards sometime in February, which will include the removal of the varlink api as it has been deprecated. The big changes for v3.0 will be the removal of varlink and it will include improvements in handling short image names."),(0,me.kt)("p",null,"Trying to get additional commands such as ",(0,me.kt)("inlineCode",{parentName:"p"},"podman container clone")," and other commands in as well. Also improvements to the REST API, including new endpoints to more closely mimic what Podman locally does."),(0,me.kt)("p",null,"Lots of effort currently being put into fixing reported bugs and moving people from established Docker shops who want to transition."),(0,me.kt)("h2",{id:"podman-v30-planning"},"Podman v3.0 Planning"),(0,me.kt)("p",null,"Dan Walsh led the discussion on Podman v3.0 planning. Short names of images will be added. This will help prevent spoofing of images. ",(0,me.kt)("inlineCode",{parentName:"p"},"podman pull foo")," will go to all the defined registries and you'll be given a choice to pick from a list. If you pull later, it will repull that same pick. Similar to known hosts in ssh. Better support for Kata containers. More documentation and enhancements in usernamespace. Auto-selection of usernamespace is one such area of improvement. Also kubernetes integration enhancements, currently underway from a number of community members."),(0,me.kt)("h2",{id:"hpc"},"HPC"),(0,me.kt)("p",null,"Dan talked in general about the HPC community and that the development team would like to work closely with that community. Valentin talked about the differences in that environment. The goal is to generalize the problems and make them more usable."),(0,me.kt)("h2",{id:"questions"},"Questions?"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Any plans for improved systemd integration with rootless? Specifically running systemd units with the ",(0,me.kt)("inlineCode",{parentName:"li"},"User=")," directive calling podman rootless.\n(jdoss)")),(0,me.kt)("p",null,"Podman team has talked to the systemd team and the systemd team was somewhat confused about why someone would want that. Further talks had about ways to use it are ongoing, but no support from systemd team at the moment. We'd like to get it in, but rely on the systemd team's help."),(0,me.kt)("ol",{start:2},(0,me.kt)("li",{parentName:"ol"},"Could you elaborate on the timing of integration of podman 2.x and 3.x into certain RHEL 8.x releases? (JA)")),(0,me.kt)("p",null,"Podman 2.0 is 8.3.0, Podman 2.1 in 8.3.1. Not sure about 3.0 yet - perhaps 8.4.0 if we make the deadline there."),(0,me.kt)("ol",{start:3},(0,me.kt)("li",{parentName:"ol"},"What versions of podman/buildah/skopeo can we expect to end up in RHEL7 (RHEL8)? (R. Tartier)")),(0,me.kt)("p",null,"RHEL7 is now frozen on 1.6.4"),(0,me.kt)("ol",{start:4},(0,me.kt)("li",{parentName:"ol"},"Will this go into another module stream though? (C Felder)")),(0,me.kt)("p",null,"Yes. Nevertheless, RHEL8 stream is always rolling to the latest."),(0,me.kt)("ol",{start:5},(0,me.kt)("li",{parentName:"ol"},'Does "kind" work with Podman?')),(0,me.kt)("p",null,"It should work now for Podman running as root in Podman 2.0."),(0,me.kt)("ol",{start:6},(0,me.kt)("li",{parentName:"ol"},"Does the podman team work with the Quay team about registry interactions - access control features? ability to move older images to a different registry with different permissions? maybe these are quay questions...")),(0,me.kt)("p",null,"We'd like to work closer with Quay, but they've been overloaded since onboarding with Red Hat. We'd love any feedback that we can get. The majority of the answers to this question would have to come from the Quay team."),(0,me.kt)("ol",{start:7},(0,me.kt)("li",{parentName:"ol"},"podman go api -- any updates around ",(0,me.kt)("a",{parentName:"li",href:"https://github.com/containers/podman/issues/6866"},"https://github.com/containers/podman/issues/6866"))),(0,me.kt)("p",null,"Brent Baude answered. The best I can say is this is on the roadmap. Brent discussed that we've been bug fixing mostly as of late, but that it is on our road map."),(0,me.kt)("ol",{start:8},(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Do you folks plan on publishing a public road map that shows community and Red Hat needs/wants for features/bug?"),(0,me.kt)("p",{parentName:"li"},"Scott is working on this for the RHEL side of things. Brent is using Jira for our \"internal\" work. He'd like to share the Jira cards, but he's not sure about the timing of getting them done. Dusty suggested on grouping which are near term items vs more future items."))),(0,me.kt)("h2",{id:"topics-for-next-meeting"},"Topics for Next Meeting"),(0,me.kt)("p",null,"Is support for different logging drivers is on the road map in the future?"),(0,me.kt)("p",null,"What Red Hat Thinks - Design directions - Brent Baude"),(0,me.kt)("p",null,"I could do a summary of boot2podman/podman-machine (basically a varlink post-mortem) - Anders Bj\xf6rklund (Sold! and thanks!)\nCurrently involved in a little project to make a vagrant shell wrapper similar to it."),(0,me.kt)("h2",{id:"next-meeting-tuesday-november-3-2020-1100-am-eastern"},"Next Meeting: Tuesday, November 3, 2020, 11:00 a.m. Eastern"),(0,me.kt)("h2",{id:"bluejeans-chat-raw-copypaste"},"BlueJeans Chat raw copy/paste:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Christian Felder10:57 AM\nHi, this is Christian from Munich\nReinhard Tartler10:57 AM\nHi, this is Reinhard from New York!\nAlex Litvak10:57 AM\nHi this is Alex from Chicago\nMe10:58 AM\nHowdy All! Tom from Leominster, MA. We'll be starting shortly\nLokesh S Mandvekar11:00 AM\nHello everyone\nnice to put faces to some of the names finally :)\nGreg Shomo11:00 AM\nhello, world\nJoe Doss (jdoss)11:00 AM\nHello! Joe Doss from Chicago I work for DEV Community Inc https://dev.to / forem.com\nDusty Mabe11:01 AM\nhey All, I'm Dusty Mabe - work for Red Hat on Fedora CoreOS and RHCOS. Good to meet everyone.\nMe11:01 AM\nMeeting Notes: https://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\nmanish11:02 AM\nhello , i am manish\nMe11:02 AM\nPlease add yourself to the attendees list if I didn't get you there.\nafbjorklund11:04 AM\nI am Anders Bj\xf6rklund, and I was doing boot2podman. Might have to drop out today since I am joining from car\nBalamurugan11:08 AM\nyes\nDusty Mabe11:09 AM\nthere can be only one Dan\nLokesh S Mandvekar11:15 AM\n@tom: ManIsh, not ManUsh\nScott McCarty11:15 AM\nMight be worth sharing with this group. Red Hat has a community program called Red Hat Accelerators which gives you access to Red Hat engineering and leadership. I believe it was just announced today: https://access.redhat.com/accelerators#overview\nReinhard Tartler11:17 AM\nHi, I'm Reinhard, long-term Debian and Ubuntu Core Developer (13 years), and I've integrated podman 2.0.6 into the upcoming Debian 11 and Ubuntu 20.10 releases. I'm located in New York and work at Bloomberg leading a team working on a firmwide integration build system\nBrent Baude11:17 AM\n@Reinhard, please to meet you\nScott McCarty11:20 AM\n@Reinhard, that is super exciting to hear!\nLokesh S Mandvekar11:21 AM\nthanks a ton Reinhard :)\nJoe Doss (jdoss)11:24 AM\nAny plans for improved systemd integration with rootless?\nBrent Baude11:25 AM\nid encourage you to ask ... and specify what exactly you want\nJoe Doss (jdoss)11:25 AM\nSpecifically running systemd units with the User= directive calling podman rootless.\nJA11:27 AM\nCould you elaborate on the timing of integration of podman 2.x and 3.x into certain RHEL 8.x releases?\nmheon11:27 AM\n@JA - Podman 2.0 is 8.3.0, Podman 2.1 in 8.3.1\nNot sure about 3.0 yet - perhaps 8.4.0 if we make the deadline there\nReinhard Tartler11:28 AM\nQ: What versions of podman/buildah/skopeo can we expect to end up in RHEL7 (RHEL8)? - I'm asking because I need to decide what version to integrate for Debian 11, and would love to hear some opinions.\nChristian Felder11:29 AM\nfollow up on JA's question. Will this go into another module stream though?\nmheon11:30 AM\n@Reinhard - RHEL7 is now frozen on 1.6.4\nRHEL8 has two streams, one rolling steadily to the latest release, one with long-term-support releases\nBalamurugan11:30 AM\nwhat is the latest podman stable release for rhel 8.2\nDouglas11:30 AM\nHey Tom, what's the current status of running kind on top of podman?\nmheon11:31 AM\nTragically, the 2.0 module does not have Podman 2.0\nWe may have made a naming error, there...\nChristian Felder11:32 AM\nalright, to get the latest stuf just stay on rhel8 stream though\nmheon11:33 AM\n@Douglas - RHEL 8.2 has 1.6.4 in both streams. 8.2.1 has the fast-moving stream upgraded from 1.6.4 to 1.9.3\n@Christian - yes, RHEL8 stream is rolling to the latest\nChristian Felder11:33 AM\nthanks\nReinhard Tartler11:34 AM\nI'd love to see the Debian images added to the \"well-known\" list :-)\nDouglas11:34 AM\nnot sure if I follow mheon :(\nmy question is regarding kind - kubernetes\nmheon11:35 AM\nOh, sorry, replied to the wrong person\nThat was re: Balamurugan\nDouglas11:35 AM\nno worries\nAlex Litvak11:35 AM\nReinhard, is there a chance of podman backported to 20.04 LTS on ubuntu ?\nBalamurugan11:35 AM\nthanks @mheon\nAlex Litvak11:36 AM\nspeaking of a package of course\nDouglas11:39 AM\nthanks. Going to retest in a fresh git clone.\nmanish11:40 AM\ngvisor with podman.? is possible near future?\nBrent Baude11:41 AM\n@Tom, can I ask questions?\nmheon11:41 AM\n@manish - Should work fine as root. Rootless would require support from the gvisor folks\nJust need to add it as a runtime to containers.conf\nAlex Litvak11:42 AM\nany comments on the future logging support similar to docker?\nmanish11:43 AM\nthanks mheon.\nJA11:43 AM\nDoes the podman team work with the Quay team about registry interactions - access control features? ability to move older images to a different registry with different permissions? maybe these are quay questions...\nDrew Bailey11:43 AM\npodman go api -- any updates around https://github.com/containers/podman/issues/6866\nBrent Baude11:44 AM\nDrew, let's sdiscuss now!\nJoe Doss (jdoss)11:48 AM\nDo you folks plan on publishing a pubic road map that shows community and Red Hat needs/wants for features/bug?\nMe11:48 AM\nTopics for next time? Please add to: https://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\nDrew Bailey11:52 AM\n\ud83d\udc4d awesome thanks, will help us get off varlink :D\nJoe Doss (jdoss)11:57 AM\nI think it would be nice for the community to have insights into what is important for the RH Podman Team and maybe the community can help. Also design direction within the roadmap would help inform community help.\nhelp guide community help**\nJoe Doss (jdoss)11:59 AM\nWe can help if we know what direction you folks want to go.\nSally O'Malley11:59 AM\nthank you everyone! i have to drop - see you all next month\nBrent Baude11:59 AM\njoe you are exactly correct.\nmanish12:00 PM\nthanks :)\nJoe Doss (jdoss)12:00 PM\nGreat call and turnout!\nValentin Rothberg12:00 PM\nThanks for joining, all!\n")))}we.isMDXComponent=!0;const fe={},be="Podman Community Meeting",ve=[{value:"April 6, 2021 08:00 p.m. Eastern (UTC-4)",id:"april-6-2021-0800-pm-eastern-utc-4",level:2},{value:"Attendees (18 total)",id:"attendees-18-total",level:3},{value:"Meeting Start: 8:00 p.m.",id:"meeting-start-800-pm",level:2},{value:"BlueJeans Recording",id:"bluejeans-recording",level:3},{value:"Podman Commit Topic Standards",id:"podman-commit-topic-standards",level:2},{value:"Matt Heon",id:"matt-heon",level:3},{value:"(2:17 in the video)",id:"217-in-the-video",level:4},{value:"Podman v3.1 Preview",id:"podman-v31-preview",level:2},{value:"Matt Heon",id:"matt-heon-1",level:3},{value:"(3:00 in the video)",id:"300-in-the-video",level:4},{value:"U volume flag to chown source volumes",id:"u-volume-flag-to-chown-source-volumes",level:2},{value:"Eduardo Vega",id:"eduardo-vega",level:3},{value:"(6:58 in the video)",id:"658-in-the-video",level:4},{value:"Demo (8:30 in the video)",id:"demo-830-in-the-video",level:5},{value:"Podman on Mac Preview",id:"podman-on-mac-preview",level:2},{value:"Brent Baude/Ashley Cui",id:"brent-baudeashley-cui",level:3},{value:"(15:20 in the video)",id:"1520-in-the-video",level:4},{value:"Demo (19:22 in the video)",id:"demo-1922-in-the-video",level:5},{value:"Questions?",id:"questions",level:2},{value:"(35:00) in the video)",id:"3500-in-the-video",level:4},{value:"Topics for Next Meeting",id:"topics-for-next-meeting",level:2},{value:"Next Meeting: Tuesday May 4, 2021, 11:00 a.m. Eastern (UTC-4)",id:"next-meeting-tuesday-may-4-2021-1100-am-eastern-utc-4",level:2},{value:"Meeting End: 8:43 p.m. Eastern (UTC-4)",id:"meeting-end-843-pm-eastern-utc-4",level:3},{value:"BlueJeans Chat copy/paste:",id:"bluejeans-chat-copypaste",level:2}],Me={toc:ve},Ae="wrapper";function Ie(e){let{components:t,...n}=e;return(0,me.kt)(Ae,(0,K.Z)({},Me,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-meeting"},"Podman Community Meeting"),(0,me.kt)("h2",{id:"april-6-2021-0800-pm-eastern-utc-4"},"April 6, 2021 08:00 p.m. Eastern (UTC-4)"),(0,me.kt)("h3",{id:"attendees-18-total"},"Attendees (18 total)"),(0,me.kt)("p",null,"Tom Sweeney, Brent Baude, Jhon Honce, Dan Walsh, Chris Evich, Lokesh Mandvekar, Urvashi Mohnani, Nalin Dahyabhai, Eduardo Santiago, Matt Heon, Ashley Cui, Sumantro Mukherjee, Scott McCarty, Shion Tanaka, Juanje Ojeda, Edward Shen, Reinhard Tartler"),(0,me.kt)("h2",{id:"meeting-start-800-pm"},"Meeting Start: 8:00 p.m."),(0,me.kt)("h3",{id:"bluejeans-recording"},"BlueJeans ",(0,me.kt)("a",{parentName:"h3",href:"https://bluejeans.com/s/@f3vA2PsK7a"},"Recording")),(0,me.kt)("h2",{id:"podman-commit-topic-standards"},"Podman Commit Topic Standards"),(0,me.kt)("h3",{id:"matt-heon"},"Matt Heon"),(0,me.kt)("h4",{id:"217-in-the-video"},"(2:17 in the video)"),(0,me.kt)("p",null,"If you're fixing a bug or an issue, please include a link to the commit message or at least in a comment."),(0,me.kt)("h2",{id:"podman-v31-preview"},"Podman v3.1 Preview"),(0,me.kt)("h3",{id:"matt-heon-1"},"Matt Heon"),(0,me.kt)("h4",{id:"300-in-the-video"},"(3:00 in the video)"),(0,me.kt)("p",null,"Matt pulled up the release notes (",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/blob/main/RELEASE_NOTES.md"},"https://github.com/containers/podman/blob/main/RELEASE_NOTES.md"),"). Matt likes to get rleases out every 6 to 8 weeks"),(0,me.kt)("p",null,"Added secrets, although not with crypto, manifest commands and prune have been added. The Podman copy command has been reworked heavily by Valentin Rothberg. Now you can copy to directories too now. You should now be able to copy anywhere in a container."),(0,me.kt)("p",null,"Also added U option for mounting volumes."),(0,me.kt)("p",null,"Matt then went over a number of bugs/issues about 50, with many fixes from the community and a small CVE."),(0,me.kt)("p",null,"More significant work in the next release coming up in"),(0,me.kt)("h2",{id:"u-volume-flag-to-chown-source-volumes"},"U volume flag to chown source volumes"),(0,me.kt)("h3",{id:"eduardo-vega"},"Eduardo Vega"),(0,me.kt)("h4",{id:"658-in-the-video"},"(6:58 in the video)"),(0,me.kt)("p",null,(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman.io/blob/main/community/meeting/notes/2021-04-06/Podman-U-Volume-Opt-06_04_2021.pptx"},"slides")),(0,me.kt)("p",null,"New Volume option."),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Podman create and Podman run with --volume."),(0,me.kt)("li",{parentName:"ul"},'"U" uppercase letter is the new option'),(0,me.kt)("li",{parentName:"ul"},"Changes ownership of source volumes on the host.",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"Based on the container owners uid and gid and maps those to th host."),(0,me.kt)("li",{parentName:"ul"},"The container and the volume will have the same owners")))),(0,me.kt)("h5",{id:"demo-830-in-the-video"},"Demo (8:30 in the video)"),(0,me.kt)("p",null,"podman run -it -v /tmp/data01:/data:Z --user 998:998 fedora sh"),(0,me.kt)("p",null,"This showed that the wrong user (root) owned directories in the container."),(0,me.kt)("p",null,"Now with 'U' added to the volume specification."),(0,me.kt)("p",null,"podman run -it -v /tmp/data01:/data:Z,U --user 998:998 fedora sh"),(0,me.kt)("p",null,"The directory and files are now owned by 998."),(0,me.kt)("p",null,"This can also be run with tmpfs volumes"),(0,me.kt)("p",null,"podman run -it --rm --tmpfs /data:Z,U --user 998:998 fedora ls -la data"),(0,me.kt)("p",null,"This also shows the directory has the right permissions. Ditto overlayfs."),(0,me.kt)("p",null,"Dan talked about some other use cases."),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Usefull when running mariadb in a container, you could volume mount /var/lib/mariadb for it with the correct permissions."),(0,me.kt)("li",{parentName:"ul"},"It's super useful for a rootless user in the usernamespace."),(0,me.kt)("li",{parentName:"ul"},"It's a really great and powerful feature that people haven't disovered yet.")),(0,me.kt)("h2",{id:"podman-on-mac-preview"},"Podman on Mac Preview"),(0,me.kt)("h3",{id:"brent-baudeashley-cui"},"Brent Baude/Ashley Cui"),(0,me.kt)("h4",{id:"1520-in-the-video"},"(15:20 in the video)"),(0,me.kt)("p",null,'Brent Baude led off. Creating a Podman on Mac using a subcommand in pocman called "machine" building upon other efforts. The code is very modular. The initial implementation is Fedora CoreOS in the vm which is configurable.'),(0,me.kt)("p",null,"Testing on X86 linux on Mac OS X8664 and aarch64."),(0,me.kt)("p",null,"Current implementation relies on qemu which currently has some platform dependencies."),(0,me.kt)("p",null,"Hurdle to resolve the networking on the VM and exposing services running in the container on the host."),(0,me.kt)("p",null,"Podman machine is upstream now and works, but no ability to expose services at this point. But you can build images and experiment with how it works."),(0,me.kt)("h5",{id:"demo-1922-in-the-video"},"Demo (19:22 in the video)"),(0,me.kt)("p",null,"Ashley did a demo running on her Mac."),(0,me.kt)("p",null,"Used the\npodman-remote machine --help command\npodman-remote machine init # pulled fedora coreos image"),(0,me.kt)("p",null,"podman-remote machine init anothername # creates with the specified name."),(0,me.kt)("p",null,"podman-remote machine ls # shows the machines create"),(0,me.kt)("p",null,"When you init the vm, it creates connections automatically."),(0,me.kt)("p",null,"podman-remote machine start # starts the VM"),(0,me.kt)("p",null,"podman-remote machine ssh podman-machine-default # sshinto the machine"),(0,me.kt)("p",null,"podman-remote pull alpine #failed with socket issue being chased."),(0,me.kt)("p",null,"Ashely tried a number of pulls and it finally worked after a number of attempts and tweaking."),(0,me.kt)("p",null,"The container runs on the VM, but you type on the Mac. It does work, but socket activation issues are being chased."),(0,me.kt)("p",null,"This is running on the Mac M1 now, and work in progress on Mac Intel based."),(0,me.kt)("p",null,"Questions on the systemd socket. The socket issue is likely due to Podman talking to systemd. Dan thinks it's fixed upstream in systemd."),(0,me.kt)("p",null,'The demo showed "podman-remote", but the final release will just be "podman".'),(0,me.kt)("p",null,'The user experience should be you would just install "podman" and everything needed will come along with that.'),(0,me.kt)("p",null,"Dan asked about install: goal user experience is\n",(0,me.kt)("inlineCode",{parentName:"p"},"brew install podman"),", ",(0,me.kt)("inlineCode",{parentName:"p"},"podman machine init"),", ",(0,me.kt)("inlineCode",{parentName:"p"},"podman machine start"),", and then you're running as if you're on a linux box."),(0,me.kt)("h2",{id:"questions"},"Questions?"),(0,me.kt)("h4",{id:"3500-in-the-video"},"(35:00) in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"What about Podman on windows? The current leaning is to use WSL2 probably Ubuntu. It's being looked at and we'd love community help."),(0,me.kt)("li",{parentName:"ol"},"Tshirts were recently available, but are not currently due to a vendoring problem. ;^("),(0,me.kt)("li",{parentName:"ol"},"For FCOS, does the machine pull stable every time? It pulls the next stream and you can use a URL if you'd like."),(0,me.kt)("li",{parentName:"ol"},"Will podman machine will work on a linux box? Yes")),(0,me.kt)("h2",{id:"topics-for-next-meeting"},"Topics for Next Meeting"),(0,me.kt)("h2",{id:"next-meeting-tuesday-may-4-2021-1100-am-eastern-utc-4"},"Next Meeting: Tuesday May 4, 2021, 11:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h3",{id:"meeting-end-843-pm-eastern-utc-4"},"Meeting End: 8:43 p.m. Eastern (UTC-4)"),(0,me.kt)("h2",{id:"bluejeans-chat-copypaste"},"BlueJeans Chat copy/paste:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Me:7:57 PM\nPlease sign in at: https://hackmd.io/fc1zraYdS0-klJ2KJcfC7w?both\nBrent Baude8:00 PM\nok, had one flicker of the power from the storm here .... three flickers and we're out\nReinhard 'siretart' Tartler8:08 PM\nFWIW, I've got the podman 3.1 package almost ready, will upload to debian/experimental later this week\nDaniel (rhatdan) Walsh8:08 PM\nThanks\nBrent Baude8:08 PM\noutstanding\njhonce8:08 PM\n@siretart Great!\nBrent Baude8:09 PM\n@siretart, maybe connect with us to make sure the latest libcap and crun are being used? we can explain.\nperhaps stay a few minutes after and we can elaborate ?\nReinhard 'siretart' Tartler8:09 PM\nsure thing!\nMatt Heon8:13 PM\nThis is *very* useful for rootless user/group mapping issues. I'm writing a blog on this right now and am definitely mentioning this.\nBrent Baude8:14 PM\n++ mheon\nMe:8:15 PM\nVery nice!\nShion Tanaka8:18 PM\nI'm interested in being able to run Podman on a Mac, since VS Code's Remote Containers feature is not available on Macs.\nsumantrom8:31 PM\nAwesome Presentation Asley, for FCOS, it pulls the latest stable everytime by default?\nsumantrom8:32 PM\nthanks!\nReinhard 'siretart' Tartler8:38 PM\nI'd love to see podman working out of the box on wsl2 and macs (at dayjob, that's what the company provides)\nawesome t-shirt. Where can I get one? :-)\nShion Tanaka8:38 PM\nThanks for the great demo!\nReinhard 'siretart' Tartler8:39 PM\n+1 -- awesome!\ndebian and ubuntu, for that matter :-)\nReinhard 'siretart' Tartler8:41 PM\nwill do\nthanks for organizing this meeting, amazing demos, really enjoyed them!\nEd8:42 PM\nGreat work, thanks!\nJuanje Ojeda8:44 PM\nGreat meeting and demos. Thanks!\nsumantrom8:44 PM\nThanks for organizing!\n\n")))}Ie.isMDXComponent=!0;const Te={},Se="Podman Community Cabal Meeting Notes",Ne=[{value:"August 19, 2021 11:00 a.m. Eastern",id:"august-19-2021-1100-am-eastern",level:2},{value:"August 19, 2021 Topics",id:"august-19-2021-topics",level:2},{value:"Open Discussion",id:"open-discussion",level:3},{value:"Meeting Notes",id:"meeting-notes",level:3},{value:"Podman v4.0 inclusions (1:22 in the video)",id:"podman-v40-inclusions-122-in-the-video",level:4},{value:"Podman on Windows (12:30 in the video)",id:"podman-on-windows-1230-in-the-video",level:4},{value:"Open discussion (39:45 in the video)",id:"open-discussion-3945-in-the-video",level:4},{value:"Next Cabal Meeting: Thursday September 16, 2021 10:00 a.m. EDT (UTC-4)",id:"next-cabal-meeting-thursday-september-16-2021-1000-am-edt-utc-4",level:3}],Ce={toc:Ne},Pe="wrapper";function xe(e){let{components:t,...n}=e;return(0,me.kt)(Pe,(0,K.Z)({},Ce,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-cabal-meeting-notes"},"Podman Community Cabal Meeting Notes"),(0,me.kt)("p",null,"Attendees (22): Tom Sweeney, Nalin Dahyabhai, Paul Holzinger, Dan WAlsh, Preethi Thomas, Valentin Rothberg, Matt Heon, Pavel Sosin, Chris Evich, Ashley Cui, Anders Bjorklund, Peter Hutn, Urvashi Mohnani, Brent Baude, Erik Bernoth, Giuseppe Scrivano, Ed Santiago, Guillaume Rose, Mehul Arora, Miloslav Trmac, Scott McCarty"),(0,me.kt)("h2",{id:"august-19-2021-1100-am-eastern"},"August 19, 2021 11:00 a.m. Eastern"),(0,me.kt)("h2",{id:"august-19-2021-topics"},"August 19, 2021 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Podman v4.0 inclusions"),(0,me.kt)("li",{parentName:"ol"},"Podman on Windows"),(0,me.kt)("li",{parentName:"ol"},"Open Discussion")),(0,me.kt)("h3",{id:"open-discussion"},"Open Discussion"),(0,me.kt)("p",null,"Save the last 15 minutes for an open floor discussion."),(0,me.kt)("h3",{id:"meeting-notes"},"Meeting Notes"),(0,me.kt)("p",null,"Video ",(0,me.kt)("a",{parentName:"p",href:"https://drive.google.com/file/d/1VOzFK0zpG4MgjQnyiGDZL3J9gMIj-msh/view"},"Recording"),"\nAttendees:"),(0,me.kt)("p",null,"Meeting start 10:05 a.m Thursday August 19, 2021"),(0,me.kt)("h4",{id:"podman-v40-inclusions-122-in-the-video"},"Podman v4.0 inclusions (1:22 in the video)"),(0,me.kt)("p",null,"Podman 4.0-dev is now upstream.\nPaul Holzinger has added a large change for Networks.\nMore performance analysis and attempting to lessen memory and CPU usage. Adopting Buildkit functionality in Buildah and thus Podman build."),(0,me.kt)("p",null,"Giuseppe is working with supporting virtual pools to retrieve just files that are not already present in local storage, to help decrease load times. It may not be Docker compatible, it may have to be OCI based only."),(0,me.kt)("p",null,"We're looking for ideas/changes that might require breaking API changes. But are hoping not to make too many at once."),(0,me.kt)("h4",{id:"podman-on-windows-1230-in-the-video"},"Podman on Windows (12:30 in the video)"),(0,me.kt)("p",null,"Currently looking into WSL possible solutions."),(0,me.kt)("p",null,"Pavel talked about his use case of using Fedora directly from the Microsoft Windows Store. Once installed, he was able to run the latest Podman on Fedora."),(0,me.kt)("p",null,"Erik asked if systemd is working? (Not likely to at the moment.) He too uses Podman on Windows and it works fine for him now."),(0,me.kt)("p",null,"WSL2 is installed on windows by default already in the latest, and then install Fedora from Microsoft store, and then Podman ran from there."),(0,me.kt)("p",null,"Docker has a GUI interface that can be used from Windows, we would probably not provide a similar out of the box."),(0,me.kt)("p",null,"If you create a container currently in Windows using the Fedora, you can't talk to the container outside of that Windows host. Something that will need looking at."),(0,me.kt)("p",null,"Fedora costs $10 for Fedora 34 distribution from the Microsoft Store."),(0,me.kt)("p",null,"Dan would like to default to just click a button somewhere once to install Podman. The issue with that is keeping it updated over time. The best case is to get the Fedora team to provide Fedora with Podman preinstalled in the Microsoft Store."),(0,me.kt)("p",null,"What should the experience be for when the podman-machine needs to be updated? What is the best case scenario? TBD."),(0,me.kt)("p",null,"Two upgrade paths in Windows per Pavel. We'd like to know how the upgrade could happen seamlessly for the end-user."),(0,me.kt)("p",null,"Docker checks the version at starti-up and then asks the user to do update. Information is stored in a small json file. They apparently do an update in a separate VM."),(0,me.kt)("p",null,"On Docker, can you do a volume mount on a Windows directory? Giuillaume says it does work."),(0,me.kt)("h4",{id:"open-discussion-3945-in-the-video"},"Open discussion (39:45 in the video)"),(0,me.kt)("p",null,"When's Podman v3.3 coming out? Hopefully Monday, Aug 23, 2021. Then we will likely be creating a Podman 3.4 for sometime later in the fall."),(0,me.kt)("p",null,"One thing to watch is that Podman v4.0 can not break Fedora 35. Fedora 36 should be in April 2022 and would be the target if we break Fedora 35, but that hopefully won't be the case."),(0,me.kt)("h3",{id:"next-cabal-meeting-thursday-september-16-2021-1000-am-edt-utc-4"},"Next Cabal Meeting: Thursday September 16, 2021 10:00 a.m. EDT (UTC-4)"),(0,me.kt)("p",null,"Raw BlueJeans:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Nalin Dahyabhai10:02 AM\nAgenda: https://hackmd.io/gQCfskDuRLm7iOsWgH2yrg\nErik Bernoth10:39 AM\nI have to go. If you do a podman on Windows issue on GH, please CC me. See you next time!\nBrent Baude10:43 AM\nhttps://www.redhat.com/sysadmin/podman-windows-wsl2\n")))}xe.isMDXComponent=!0;const De={},Be="Podman Community Meeting",Ee=[{value:"November 2, 2021 11:00 a.m. Eastern (UTC-4)",id:"november-2-2021-1100-am-eastern-utc-4",level:2},{value:"Attendees (21 total)",id:"attendees-21-total",level:3},{value:"Meeting Start: 11:03 a.m.",id:"meeting-start-1103-am",level:2},{value:"BlueJeans Recording",id:"bluejeans-recording",level:3},{value:"Buildah buildkit update",id:"buildah-buildkit-update",level:2},{value:"Aditya Rajan",id:"aditya-rajan",level:3},{value:"(2:10 in the video)",id:"210-in-the-video",level:4},{value:"Podman on Mac Status",id:"podman-on-mac-status",level:2},{value:"Ashley Cui/Brent Baude",id:"ashley-cuibrent-baude",level:3},{value:"(13:45 in the video)",id:"1345-in-the-video",level:4},{value:"netavark update",id:"netavark-update",level:2},{value:"Matt Heon/Brent Baude",id:"matt-heonbrent-baude",level:3},{value:"(15:44 in the video) 23",id:"1544-in-the-video-23",level:4},{value:"Open Forum/Questions?",id:"open-forumquestions",level:2},{value:"(18:15) in the video)",id:"1815-in-the-video",level:4},{value:"Topics for Next Meeting",id:"topics-for-next-meeting",level:2},{value:"Next Meeting: Tuesday December 7, 2021, 11:00 a.m. Eastern (UTC-5)",id:"next-meeting-tuesday-december-7-2021-1100-am-eastern-utc-5",level:2},{value:"Next Cabal Meeting: Thursday November 18, 2021, 10:00 a.m. Eastern (UTC-5)",id:"next-cabal-meeting-thursday-november-18-2021-1000-am-eastern-utc-5",level:2},{value:"Meeting End: 11: a.m. Eastern (UTC-4)",id:"meeting-end-11-am-eastern-utc-4",level:3},{value:"BlueJeans Chat copy/paste:",id:"bluejeans-chat-copypaste",level:2}],We={toc:Ee},je="wrapper";function Le(e){let{components:t,...n}=e;return(0,me.kt)(je,(0,K.Z)({},We,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-meeting"},"Podman Community Meeting"),(0,me.kt)("h2",{id:"november-2-2021-1100-am-eastern-utc-4"},"November 2, 2021 11:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h3",{id:"attendees-21-total"},"Attendees (21 total)"),(0,me.kt)("p",null,"Tom Sweeney, Jhon Honce, Chris Evich, Urvashi Mohnani, Matt Heon, Erik Bernoth, Chris Evich, Scott McCarty, Anders Bj\xf6rklund, Lokesh Mandvekar, Ashley Cui, Brent Baude, Aditya Rajan, Giuseppe Scrivan, Miloslav Trma\u010d, Rudolf Vesely, Shion Tanaka, Christian Felder"),(0,me.kt)("h2",{id:"meeting-start-1103-am"},"Meeting Start: 11:03 a.m."),(0,me.kt)("h3",{id:"bluejeans-recording"},"BlueJeans ",(0,me.kt)("a",{parentName:"h3",href:"https://bluejeans.com/s/bhRBWYOh02V"},"Recording")),(0,me.kt)("h2",{id:"buildah-buildkit-update"},"Buildah buildkit update"),(0,me.kt)("h3",{id:"aditya-rajan"},"Aditya Rajan"),(0,me.kt)("h4",{id:"210-in-the-video"},"(2:10 in the video)"),(0,me.kt)("p",null,"There are features in buildkit that are not in Buildah. New features added include --mount=type-bind, which allows performing a bind mount and scoped to current RUN statements.\nYou can also mount by stages if you would like. This is in upstream now and will be in Podman in the near future."),(0,me.kt)("p",null,"The other feature added is --mount=type=cache. This adds support for persistent caching across builds. So it could be used by other images other than the one being built."),(0,me.kt)("p",null,"Another is --mount=type=tmpfs which allows a user to mount a chunk of volatile memory instead of a persistent storage device. It looks like an actual disk for the build, but it's only temporary and doesn't persist after the build completes."),(0,me.kt)("p",null,"This is upstream in Buildah now, will likely be in Buildah v1.24.","*"," and higher and Podman v4.0. Both will be out by early next year."),(0,me.kt)("p",null,"Demo (7:11 in the video)"),(0,me.kt)("p",null,"A feature to skip stages is underway but not complete."),(0,me.kt)("p",null,"Is it possible by using --mount-type=cache to prevent a rogue/misguided Containerfile from using a cache that it should not use? We have the option to segregate cache but no way to avoid other builds from using it. Something Aditya will look into it."),(0,me.kt)("h2",{id:"podman-on-mac-status"},"Podman on Mac Status"),(0,me.kt)("h3",{id:"ashley-cuibrent-baude"},"Ashley Cui/Brent Baude"),(0,me.kt)("h4",{id:"1345-in-the-video"},"(13:45 in the video)"),(0,me.kt)("p",null,"DEMO (14:00 in the video)"),(0,me.kt)("p",null,"Ashley showed several mockups for the new Mac interface. They show the machines available and then the ability to start/stop them. She's been looking into doing this with Swift."),(0,me.kt)("p",null,"Brent noted that we're working on volumes, the Docker socket, and other sockets. In addition, rootful and rootless. The big issue with the volume mount is if you use a bind mount, it's mounted in the VM rather than the host machine itself."),(0,me.kt)("p",null,"Would it make sense to implement the GUI with Qt? Isn\u2019t Swift just available for the Mac? Yes, for now, looking at POC, then thinking about figuring out what to do with Windows. Things work well on WSL there now, and it runs in Linux there."),(0,me.kt)("h2",{id:"netavark-update"},"netavark update"),(0,me.kt)("h3",{id:"matt-heonbrent-baude"},"Matt Heon/Brent Baude"),(0,me.kt)("h4",{id:"1544-in-the-video-23"},"(15:44 in the video) 23"),(0,me.kt)("p",null,"The ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/netavark"},"netavark")," project is a new project and replaces CNI plugins. Podman would call this with JSON input, and it would handle network setup, firewalls, etc. Being written in RUST and have a basic piece of code running today for a typical setup except the JSON response and firewall rules."),(0,me.kt)("p",null,"We're doing this mainly to get the ipv6 support and DNS in play. The DNS piece will not be in place for the initial Podman v4.0 release but a later release. The team feels this will be a more supportable layer for the network."),(0,me.kt)("p",null,"The team is happy to have RUST experts come in and contribute."),(0,me.kt)("p",null,"How to understand netavark? Take a look at what CNI is doing under the covers, and that's being emulated/replaced? Also, a decent understanding of network concepts."),(0,me.kt)("p",null,"We will be supporting firewalld as a backend to support firewall tables."),(0,me.kt)("h2",{id:"open-forumquestions"},"Open Forum/Questions?"),(0,me.kt)("h4",{id:"1815-in-the-video"},"(18:15) in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Podman on Windows priority? Lower on the priority list as the WSL solution is pretty solid now. But something we're looking into.")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"IRC slack connections: ",(0,me.kt)("a",{parentName:"p",href:"https://podman.io/community/#slack-irc-matrix-and-discord"},"https://podman.io/community/#slack-irc-matrix-and-discord"))),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"We should use an interface approach for the volume drivers work per Anders. The issue now is the machine configuration is in containers/common, and that can be a bit of a dance. Brent and Anders have been looking into a few options, including ssh. There are other things they're looking at that have better speed but not as much functionality. For the ssh solution, playing with the crypto levels might help with speed."))),(0,me.kt)("h2",{id:"topics-for-next-meeting"},"Topics for Next Meeting"),(0,me.kt)("h2",{id:"next-meeting-tuesday-december-7-2021-1100-am-eastern-utc-5"},"Next Meeting: Tuesday December 7, 2021, 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h2",{id:"next-cabal-meeting-thursday-november-18-2021-1000-am-eastern-utc-5"},"Next Cabal Meeting: Thursday November 18, 2021, 10:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h3",{id:"meeting-end-11-am-eastern-utc-4"},"Meeting End: 11: a.m. Eastern (UTC-4)"),(0,me.kt)("h2",{id:"bluejeans-chat-copypaste"},"BlueJeans Chat copy/paste:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Me11:01 AM\nhttps://hackmd.io/fc1zraYdS0-klJ2KJcfC7w?both\nMiloslav Trmac11:13 AM\nIs there some scoping mechanism to the --mount-type=cache, so that a rogue/misguided Containerfile can't use a cache it shouldn't be using?\nMatt Heon11:19 AM\nMounting the Docker socket?\nChristian Felder11:21 AM\nWouldn't it make sense to implement the GUI with e.g. Qt? Isn't Swift just available for Mac?\nAnders Bj\xf6rklund11:21 AM\nI halted the Qt GUI fo rnow\nhttps://github.com/afbjorklund/podman-systray\nChristian Felder11:22 AM\nOk, I just thought about having the same GUI for Windows... So you wouldn't need to reimplement it\nAnders Bj\xf6rklund11:23 AM\nPodman doesn't really work on Windows, only on WSL (Linux)\nChristian Felder11:23 AM\nOk, thanks\nAnders Bj\xf6rklund11:23 AM\nbut I suppose you could run `wsl podman` or something\nbaude11:23 AM\nhttps://github.com/containers/netavark\nShion Tanaka11:27 AM\nIs there any other knowledge I should know to understand netavark?\nShion Tanaka11:29 AM\nOK,thanks!\nbaude11:30 AM\ncatching us on irc or the matrix bridge is probably the best approach for that\nLokesh Mandvekar11:31 AM\nhttps://podman.io/community/#slack-irc-matrix-and-discord\n\n")))}Le.isMDXComponent=!0;const He={},Re="Podman Community Meeting",Je=[{value:"February 1, 2021 11:00 a.m. Eastern (UTC-5)",id:"february-1-2021-1100-am-eastern-utc-5",level:2},{value:"Attendees (26 total)",id:"attendees-26-total",level:3},{value:"Meeting Start: 11:02 a.m. EST",id:"meeting-start-1102-am-est",level:2},{value:"BlueJeans Recording",id:"bluejeans-recording",level:3},{value:"Container Plumbing Days",id:"container-plumbing-days",level:2},{value:"Tom Sweeney",id:"tom-sweeney",level:3},{value:"(1:23 in the video)",id:"123-in-the-video",level:4},{value:"Podman on Windows Demo",id:"podman-on-windows-demo",level:2},{value:"Jason Greene",id:"jason-greene",level:3},{value:"(2:14 in the video)",id:"214-in-the-video",level:4},{value:"Podman Network",id:"podman-network",level:2},{value:"Matt Heon",id:"matt-heon",level:3},{value:"(19:15 in the video)",id:"1915-in-the-video",level:4},{value:"Open Forum/Questions?",id:"open-forumquestions",level:2},{value:"(26:53) in the video)",id:"2653-in-the-video",level:4},{value:"Podman Desktop Companion Demo",id:"podman-desktop-companion-demo",level:2},{value:"Ionut Stoicia",id:"ionut-stoicia",level:3},{value:"(34:27 in the video)",id:"3427-in-the-video",level:4},{value:"Easter Egg",id:"easter-egg",level:2},{value:"Topics for Next Meeting",id:"topics-for-next-meeting",level:2},{value:"Next Meeting: Tuesday April 5, 2021, 11:00 a.m. Eastern (UTC-4)",id:"next-meeting-tuesday-april-5-2021-1100-am-eastern-utc-4",level:2},{value:"Next Cabal Meeting: Thursday February 17, 2021, 11:00 a.m. Eastern (UTC-5)",id:"next-cabal-meeting-thursday-february-17-2021-1100-am-eastern-utc-5",level:2},{value:"Meeting End: 11:51 a.m. Eastern (UTC-5)",id:"meeting-end-1151-am-eastern-utc-5",level:3},{value:"BlueJeans Chat copy/paste:",id:"bluejeans-chat-copypaste",level:2}],Oe={toc:Je},Fe="wrapper";function Ge(e){let{components:t,...n}=e;return(0,me.kt)(Fe,(0,K.Z)({},Oe,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-meeting"},"Podman Community Meeting"),(0,me.kt)("h2",{id:"february-1-2021-1100-am-eastern-utc-5"},"February 1, 2021 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h3",{id:"attendees-26-total"},"Attendees (26 total)"),(0,me.kt)("p",null,"Tom Sweeney, Jhon Honce, Chris Evich, Urvashi Mohnani, Matt Heon, Chris Evich, Anders Bj\xf6rklund, Ashley Cui, Aditya Rajan, Eduardo Santiago, Valentin Rothberg, Paul Holzinger, Nalin Dahyabhai, Ionut Stoica, Jason Greene, Giuseppe Scrivano, Chris Evich, Lokesh Mandvekar, Niall Crowe"),(0,me.kt)("h2",{id:"meeting-start-1102-am-est"},"Meeting Start: 11:02 a.m. EST"),(0,me.kt)("h3",{id:"bluejeans-recording"},"BlueJeans ",(0,me.kt)("a",{parentName:"h3",href:"https://youtu.be/-dVK9CfqeNM"},"Recording")),(0,me.kt)("h2",{id:"container-plumbing-days"},"Container Plumbing Days"),(0,me.kt)("h3",{id:"tom-sweeney"},"Tom Sweeney"),(0,me.kt)("h4",{id:"123-in-the-video"},"(1:23 in the video)"),(0,me.kt)("p",null,"We are looking for speakers for the ",(0,me.kt)("a",{parentName:"p",href:"https://containerplumbing.org/speakers"},"Container Plumbing days"),". It is occurring on March 22 and 23, 2022, in the morning through early afternoon Eastern time. They are looking for all kinds of container-related topics. Check the website for more details."),(0,me.kt)("h2",{id:"podman-on-windows-demo"},"Podman on Windows Demo"),(0,me.kt)("h3",{id:"jason-greene"},"Jason Greene"),(0,me.kt)("h4",{id:"214-in-the-video"},"(2:14 in the video)"),(0,me.kt)("p",null,"API event forwarding is working and demonstrated that."),(0,me.kt)("p",null,"Jason started a machine on Windows under WSL. If you're using typical Docker, it expects a pipe to be opened, and Podman can now talk to that same pipe."),(0,me.kt)("p",null,"He did a number of Docker commands that ran under Podman."),(0,me.kt)("p",null,"The ",(0,me.kt)("inlineCode",{parentName:"p"},"podman machine start other")," will allow for multiple instances of podman to run on the Windows machine. If you do ",(0,me.kt)("inlineCode",{parentName:"p"},"podman ps"),', it will show only the "other machine" instances, but you can hop back to the original and see the ones running under that machine.'),(0,me.kt)("p",null,"Podman machine is starting a separate API forwarding service, and it's hooked into the windows event logging system. It's not running using .NET, but some of the .NET tools."),(0,me.kt)("p",null,"The proxy is called win-sshproxy by default."),(0,me.kt)("p",null,"He's exporting the root socket to pull this off to allow the Docker APIs to work with this. WSL is running under the user's identity, so not a security vulnerability."),(0,me.kt)("p",null,"This is all running in WSL running in the shared WSL VM. Similar to a privilged container image. It is just mapping Docker to the Podman socket."),(0,me.kt)("p",null,"Do volume mounts outside of /mnt work? i.e. /home/user/projects. That should work withing the WSL Linux environment."),(0,me.kt)("p",null,"Extend podman-py to integration with WSL podman machine windows socket."),(0,me.kt)("h2",{id:"podman-network"},"Podman Network"),(0,me.kt)("h3",{id:"matt-heon"},"Matt Heon"),(0,me.kt)("h4",{id:"1915-in-the-video"},"(19:15 in the video)"),(0,me.kt)("p",null,"A new update to the network stack. The new stack is created by ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/netavark"},"netavark")," and ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/aardvark-dns"},"aardvark-dns"),". The aardvark-dns project handles DNS, netavark takes care of the rest of the stack. It is undergoing extensive testing as of now."),(0,me.kt)("p",null,"Blog post soon on how to use the new stack."),(0,me.kt)("p",null,"If you upgrade from Podman v3 to Podman v4, you will continue to use CNI so you won't break. But you can configure up to the new stack as you wish."),(0,me.kt)("p",null,"Multiple IPs per container and IPv6 support will be provided."),(0,me.kt)("p",null,"Netavark is based on similar kernel facilities as CNI. It is going to be eventually be working in the firewald framework soon."),(0,me.kt)("h2",{id:"open-forumquestions"},"Open Forum/Questions?"),(0,me.kt)("h4",{id:"2653-in-the-video"},"(26:53) in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"For people using Fedora, Podman v4 will be on Fedora 36, but not Fedora 35 as it's a breaking change there. If you want Podman v4.0 on Fedora 35, you will need to install it. We're leaning towards not doing a parallel stream due to the connection issues with the Podman socket in that scenario.")),(0,me.kt)("h2",{id:"podman-desktop-companion-demo"},"Podman Desktop Companion Demo"),(0,me.kt)("h3",{id:"ionut-stoicia"},"Ionut Stoicia"),(0,me.kt)("h4",{id:"3427-in-the-video"},"(34:27 in the video)"),(0,me.kt)("p",null,"Slides - ",(0,me.kt)("a",{parentName:"p",href:"https://podman.io/community/meeting/notes/2022-02-01/Podman_Desktop_Companion.pdf"},"here")),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("p",{parentName:"li"},"Target - People wanting to learn about containers (Podman) and full-stack developers.")),(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("p",{parentName:"li"},"Goals - Look and feel the same on all operating systems with a familiar UI."),(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"This project supports Windows and macOS."))),(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("p",{parentName:"li"},"Trials - Native trial using Lazarus, GTK4, and QT."),(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"All looked good, but each had its hurdles.")))),(0,me.kt)("p",null,"At the end, Ionut went with the Electron Web APP and is still exploring. It's easy to develop/share ownership using it. Electron also handles many major OSs for an end product."),(0,me.kt)("p",null,"Immediate Goals: Windows and Mac binaries ASAP, then on to GitHub issues. Then need to advertise. Wants to take the 10 most useful scenarios in Podman and convert them to desktop demos."),(0,me.kt)("p",null,"Demo (41:50 in the video)"),(0,me.kt)("p",null,"Showed inspecting a container, secrets management space, and volumes. All were GUI driven."),(0,me.kt)("p",null,"Question: Are you looking to add build/pull images? Eventually, build functionality is not yet available though."),(0,me.kt)("p",null,"He's using the Podman API after talking with Anders. After seeing Jason's demo, Ionut thinks he can make progress there. It is handing only rootless there now. Anders had an update for Lima that will help."),(0,me.kt)("p",null,"Ionut aims for the main Podman functions to start, and he wants the project to handle as many functions as possible. Ionut intends to create a GUI that's very useful to the CI."),(0,me.kt)("p",null,"Ionut would like to include this project under ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers"},"containers"),". He will work with Brent and Dan to make that happen in the near future."),(0,me.kt)("h2",{id:"easter-egg"},"Easter Egg"),(0,me.kt)("p",null,(0,me.kt)("inlineCode",{parentName:"p"},"podman run quay.io/podman/hello")),(0,me.kt)("h2",{id:"topics-for-next-meeting"},"Topics for Next Meeting"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Sparsefile handling with Podman - Giuseppe Scrivano")),(0,me.kt)("h2",{id:"next-meeting-tuesday-april-5-2021-1100-am-eastern-utc-4"},"Next Meeting: Tuesday April 5, 2021, 11:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h2",{id:"next-cabal-meeting-thursday-february-17-2021-1100-am-eastern-utc-5"},"Next Cabal Meeting: Thursday February 17, 2021, 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h3",{id:"meeting-end-1151-am-eastern-utc-5"},"Meeting End: 11:51 a.m. Eastern (UTC-5)"),(0,me.kt)("h2",{id:"bluejeans-chat-copypaste"},"BlueJeans Chat copy/paste:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Me11:02 AM\nhttps://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\nScott McCarty11:07 AM\nI always love Jason's videos. I'm so jealous LOL\njhonce11:14 AM\nw00t!\nIonut Stoica11:18 AM\nI have one, do volume mounts that are not from /mnt work ? Let's say /home/user/Projects\nJason Greene11:21 AM\nthanks guys!\nIonut Stoica11:21 AM\nCan you guys hear me ?\nMatthew Heon11:26 AM\nWe can't, sorry\nJason Greene11:26 AM\nis netavark based on similar kernel facilities as cni?\nPaul Holzinger11:26 AM\nyes\nIonut Stoica11:26 AM\nswitching browsers\nPaul Holzinger11:27 AM\nhopefully better firewalld support soon\nJason Greene11:27 AM\nawesome thats great\nionut stoica11:28 AM\nI can see myself / test works, but you guys cannot\nI am in firefox\nAdi11:29 AM\ntry to open in a private tab of firefox\nEduardo Santiago11:29 AM\nI thought the reason for BJ was ease of publishing recordings?\nionut stoica11:30 AM\nI've created a google meeting, there it works https://meet.google.com/uvv-dzzg-cxa but wont be recorded\nbaude11:31 AM\n@Anders, can you stick behind after the meeting?\nMe11:32 AM\nIonut, let me try to stream that\nJason Greene11:37 AM\nwoohoo\njhonce11:47 AM\n:+1:\n\ud83d\udc4d\nJason Greene11:48 AM\nvery cool\nAdi11:49 AM\n\ud83d\udc4d\nJason Greene11:50 AM\nare you aiming for parity with the command line or just main tasks?\nMe11:51 AM\ndwalsh@redhat.com\nbaude11:52 AM\nplease include\nbbaude@redhat.com\nbc Dan is just going to fw it to me :)\nAnders11:53 AM\nWill stay\n")))}Ge.isMDXComponent=!0;const Ue={},Ye="Podman Community Cabal Meeting Notes",ze=[{value:"May 19, 2022 11:00 a.m. Eastern",id:"may-19-2022-1100-am-eastern",level:2},{value:"May 19, 2022 Topics",id:"may-19-2022-topics",level:2},{value:"Meeting Notes",id:"meeting-notes",level:3},{value:"Container Lock Contention - (1:10 in video) - Matt Heon",id:"container-lock-contention---110-in-video---matt-heon",level:3},{value:"Vendoring and release hygiene - (12:53 in video) - Reinhard Tartler",id:"vendoring-and-release-hygiene---1253-in-video---reinhard-tartler",level:3},{value:"Podman API specgen/create options - (24:47 in video) - Charlie Doern",id:"podman-api-specgencreate-options---2447-in-video---charlie-doern",level:3},{value:"Open discussion (: in video) - 45",id:"open-discussion--in-video---45",level:4},{value:"Next Meeting: Thursday June 16, 2022 11:00 a.m. EDT (UTC-5)",id:"next-meeting-thursday-june-16-2022-1100-am-edt-utc-5",level:3},{value:"June 16, 2022 Topics",id:"june-16-2022-topics",level:2},{value:"Next Community Meeting: Tuesday June 7, 2022 11:00 a.m. EDT (UTC-5)",id:"next-community-meeting-tuesday-june-7-2022-1100-am-edt-utc-5",level:3},{value:"Possible Topics:",id:"possible-topics",level:3}],qe={toc:ze},Ve="wrapper";function Ke(e){let{components:t,...n}=e;return(0,me.kt)(Ve,(0,K.Z)({},qe,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-cabal-meeting-notes"},"Podman Community Cabal Meeting Notes"),(0,me.kt)("p",null,"Attendees: Tom Sweeney, Matt Heon, Brent Baude, Nalin Dahyabhai, Paul Holzinger, Karthik Elango, Charlie Doern, Lokesh Mandvekar, Urvashi Mohnani, Niall Crowe, Lance Lovette, Zachariah Cavazos, Reinhard Tartler, Leon N, Dan Walsh, Valentin Rothberg, Miloslav Trmac, Mohan Bodu"),(0,me.kt)("h2",{id:"may-19-2022-1100-am-eastern"},"May 19, 2022 11:00 a.m. Eastern"),(0,me.kt)("h2",{id:"may-19-2022-topics"},"May 19, 2022 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Container Lock Contention - Matt Heon"),(0,me.kt)("li",{parentName:"ol"},"Vendoring and release hygiene - Reinhard Tartler"),(0,me.kt)("li",{parentName:"ol"},"Podman API specgen/create options - Charlie Doern")),(0,me.kt)("h3",{id:"meeting-notes"},"Meeting Notes"),(0,me.kt)("p",null,"Video ",(0,me.kt)("a",{parentName:"p",href:"https://youtu.be/G4pad4k2Az4"},"Recording")),(0,me.kt)("p",null,"Meeting start 11:02 a.m. Thursday May 19, 2022"),(0,me.kt)("h3",{id:"container-lock-contention---110-in-video---matt-heon"},"Container Lock Contention - (1:10 in video) - Matt Heon"),(0,me.kt)("p",null,"Issues that spun up the discussion ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/issues/11940"},"here:")),(0,me.kt)("p",null,"Restarting 100 containers at once does not take a trivial amount of time, and then ",(0,me.kt)("inlineCode",{parentName:"p"},"podman ps")," hangs. Most other commands hang at too. Matt is looking for suggestions. Looking for a fairness doctrine so other things can go on while restart is cranking."),(0,me.kt)("p",null,"Brent suggested looking into readlocks, but we're using glib locks, and they don't have one currently available. Having a daemon would help with lock contention, but something to avoid given our design model."),(0,me.kt)("p",null,"Podman restart goes to do 100 containers, and it does them in a particular order. At the same time, spin-off ps, it takes less time to run than restart, so it eventually hangs when it tries to ps a container that's locked due to the restart."),(0,me.kt)("p",null,"As ps refreshes the status of the container, it requires the lock to be held. If a container exited, ps writes to the database with that new info, so it can not use a read lock."),(0,me.kt)("p",null,"Potentially the code could be changed to use a read lock. Then if an update is needed, spin-off a thread to wait for the write lock."),(0,me.kt)("p",null,"Action item to look further."),(0,me.kt)("h3",{id:"vendoring-and-release-hygiene---1253-in-video---reinhard-tartler"},"Vendoring and release hygiene - (12:53 in video) - Reinhard Tartler"),(0,me.kt)("p",null,"Packaging dependencies up to Podman v4.1. Most of his time is spent on figuring out dependencies that need to be updated. The dependencies have caused problems for gzip in the past. Problems also occur when runtime-tools include features that are not available."),(0,me.kt)("p",null,"He's needed to update with a snapshot which hasn't made him very comfortable."),(0,me.kt)("p",null,"New versions haven't been released for image-spec. Dan will ping the folks in Red Hat who have the ability to merge things that Reinhard is required. ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/opencontainers/runtime-tools/issues/702"},"https://github.com/opencontainers/runtime-tools/issues/702")),(0,me.kt)("p",null,"A similar issue applies to image-spec: ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/opencontainers/image-spec/issues/918"},"https://github.com/opencontainers/image-spec/issues/918")),(0,me.kt)("p",null,"Podman 4.1 isn't stable yet as he needs to figure out what the dependencies are. It has, however, been uploaded to Debian/experimental today and is being built on the official Debian builders. Also, he needs to write upgrade notes for Podman v3.","*"," to v4.1. For instance, netavark is not currently available in Debian."),(0,me.kt)("p",null,"Brent says not having Netavark would be problematic. Not much bug fixing going on with CNI. Theoretically, nothing would break."),(0,me.kt)("p",null,"Reinhard will be looking to move Netavark to Debian. He'd love to have some volunteers, cf ",(0,me.kt)("a",{parentName:"p",href:"https://bugs.debian.org/1009713"},"https://bugs.debian.org/1009713"),". Lokesh asked about the golang packaging team requirements, and Reinhard says not much experience is not necessary. ",(0,me.kt)("a",{parentName:"p",href:"https://go-team.pages.debian.net/"},"https://go-team.pages.debian.net/")," for getting started."),(0,me.kt)("p",null,"Wants to avoid unreleased dependencies. Introducing libraries to Debian is not always a quick thing to do."),(0,me.kt)("p",null,"Going forward, we'll need to get Netavark/Aardvark into Debian long term."),(0,me.kt)("h3",{id:"podman-api-specgencreate-options---2447-in-video---charlie-doern"},"Podman API specgen/create options - (24:47 in video) - Charlie Doern"),(0,me.kt)("p",null,'Last year, Charlie rewired the infra container for pods to a "regular" container.'),(0,me.kt)("p",null,"The Issue"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Infra container was redesigned to automatically receive most of the pod options."),(0,me.kt)("li",{parentName:"ul"},"This means the infra spec is filled out with ",(0,me.kt)("inlineCode",{parentName:"li"},"cmd/podman")," before any remote calls kick in"),(0,me.kt)("li",{parentName:"ul"},"When a remote call happens, we cannot marshal the infra spec as that would expose far too many untested options to users that pods should not have"),(0,me.kt)("li",{parentName:"ul"},"This causes all of the work for infra to be undone only to be recreated again in infra within the remote handling code")),(0,me.kt)("p",null,"There's a difference in syntax that he's found. For instance, a SpecGenerator is attached for all types that have a creation process."),(0,me.kt)("p",null,"SpecGenerator was first designed for the REST API, primarily for consumption for the JSON API. It was meant to offset the parsing required in the front-end work."),(0,me.kt)("p",null,"Having a way to allow users to access infra spec in the API or a specific remote SpecGenerator."),(0,me.kt)("p",null,"Paul's concerned that sending the infra is duplicated attributes would be sent across the wire, slowing things down. We need a single source of truth. He suggests removing the attributes from the POD spec and adding them only to the infra container."),(0,me.kt)("p",null,"Matt is fine with that but thinks it's a Podman v5.0 delivery."),(0,me.kt)("p",null,"Paul suggests moving from the Pod spec and leave/move it in infra spec. That way, duplicate fields with different data won't have to be figured out. Currently, we at times ignore the infra spec."),(0,me.kt)("p",null,"So going foward, we'll remove resource limits from the pod spec and will expose the infra spec to the REST API. The downside is people would need to add the infra spec to the API."),(0,me.kt)("p",null,"Dan is suggesting a major release for next January, Valentin isn't sure that's a good idea. Dan asked if we could bump the version of the API. We also can't break versions of the API, especially a ",(0,me.kt)("inlineCode",{parentName:"p"},"-1")," to a ",(0,me.kt)("inlineCode",{parentName:"p"},"-2"),"."),(0,me.kt)("p",null,"Doing this would potentially detach the client and remote API versions. It's not a pretty thing to do, but possible. This is a real user issue."),(0,me.kt)("p",null,"A pod spec should be a container spec with additional fields. We'll need to change the infra spec too."),(0,me.kt)("h4",{id:"open-discussion--in-video---45"},"Open discussion (: in video) - 45"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Looking for major features for Podman for v4.2. One on the table is better ",(0,me.kt)("inlineCode",{parentName:"li"},"podman play kube"),", possibly sigstore, more mac/windows work, and maybe podman desktop."),(0,me.kt)("li",{parentName:"ol"},"Looking for Podman v4.1.1. to come out in the next few weeks, sometime in early June.")),(0,me.kt)("h3",{id:"next-meeting-thursday-june-16-2022-1100-am-edt-utc-5"},"Next Meeting: Thursday June 16, 2022 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h2",{id:"june-16-2022-topics"},"June 16, 2022 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"})),(0,me.kt)("h3",{id:"next-community-meeting-tuesday-june-7-2022-1100-am-edt-utc-5"},"Next Community Meeting: Tuesday June 7, 2022 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h3",{id:"possible-topics"},"Possible Topics:"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"})),(0,me.kt)("p",null,"Meeting finished 11:48 a.m."),(0,me.kt)("p",null,"Raw Meeting Chat:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"You\n11:00 AM\nhttps://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nYou\n11:03 AM\nhttps://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nMatt Heon\n11:04 AM\nhttps://github.com/containers/podman/issues/11940\n")))}Ke.isMDXComponent=!0;const Ze={},Qe="Podman Community Meeting Notes",_e=[{value:"October 4, 2022, 11:00 a.m. Eastern (UTC-5)",id:"october-4-2022-1100-am-eastern-utc-5",level:2},{value:"Attendees (24 total)",id:"attendees-24-total",level:3},{value:"Meeting Start: 11:02 a.m. EDT",id:"meeting-start-1102-am-edt",level:2},{value:"BlueJeans Recording",id:"bluejeans-recording",level:3},{value:"Distrobox Demo",id:"distrobox-demo",level:2},{value:"Luca Di Maio",id:"luca-di-maio",level:3},{value:"(1:37 in the video)",id:"137-in-the-video",level:4},{value:"Vault Test Suite",id:"vault-test-suite",level:2},{value:"Alex Scheel",id:"alex-scheel",level:3},{value:"(23:01 in the video)",id:"2301-in-the-video",level:4},{value:"Podman on Mac Installer Update",id:"podman-on-mac-installer-update",level:2},{value:"Ashley Cui",id:"ashley-cui",level:3},{value:"(42:50 in the video)",id:"4250-in-the-video",level:4},{value:"Open Forum/Questions?",id:"open-forumquestions",level:2},{value:"(44:34 in the video)",id:"4434-in-the-video",level:4},{value:"Topics for Next Meeting",id:"topics-for-next-meeting",level:2},{value:"Next Meeting: Tuesday December 6, 2022, 11:00 a.m. Eastern (UTC-4)",id:"next-meeting-tuesday-december-6-2022-1100-am-eastern-utc-4",level:2},{value:"Next Cabal Meeting: Thursday November 17, 2022, 11:00 a.m. Eastern (UTC-4)",id:"next-cabal-meeting-thursday-november-17-2022-1100-am-eastern-utc-4",level:2},{value:"Meeting End: 11:56 a.m. Eastern (UTC-4)",id:"meeting-end-1156-am-eastern-utc-4",level:3},{value:"BlueJeans Chat copy/paste:",id:"bluejeans-chat-copypaste",level:2}],Xe={toc:_e},$e="wrapper";function et(e){let{components:t,...n}=e;return(0,me.kt)($e,(0,K.Z)({},Xe,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-meeting-notes"},"Podman Community Meeting Notes"),(0,me.kt)("h2",{id:"october-4-2022-1100-am-eastern-utc-5"},"October 4, 2022, 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h3",{id:"attendees-24-total"},"Attendees (24 total)"),(0,me.kt)("p",null,"Tom Sweeney, Alex Scheel, Luca Di Maio Chris Evich, Ashley Cui, Paul Holzinger, Nalin Dahyabhai, Giuseppe Scrivano, Preethi Thomas, Lokesh Mandvekar, Charlie Doern, Matt Heon, Mark Russell, Miloslav Trmac, Urvashi Mohnani, Mohan Boddu, Mohan Bodu, Eduardo Santiago, Christian Felder, Marcin Skarbek, Lokesh Mandvekar, Marcin Skarbek, Puvi Ganeshar, Stevan Le Meur, Steve Clark, Tim deBoer,"),(0,me.kt)("h2",{id:"meeting-start-1102-am-edt"},"Meeting Start: 11:02 a.m. EDT"),(0,me.kt)("h3",{id:"bluejeans-recording"},"BlueJeans ",(0,me.kt)("a",{parentName:"h3",href:"https://www.youtube.com/watch?v=JNijOHL4_Ko"},"Recording")),(0,me.kt)("h2",{id:"distrobox-demo"},"Distrobox Demo"),(0,me.kt)("h3",{id:"luca-di-maio"},"Luca Di Maio"),(0,me.kt)("h4",{id:"137-in-the-video"},"(1:37 in the video)"),(0,me.kt)("p",null,(0,me.kt)("a",{parentName:"p",href:"https://podman.io/community/meeting/notes/2022-10-04/distrobox-presentation.pdf"},"Slides"),"\nDistrobox is a simple Posix Shell that wrap around Docker and Podman. It helps to remove the complexity of container runtimes. It is your entire userspace unbound and integrated with the base operating system"),(0,me.kt)("p",null,"Why not chroot over Podman?"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Simpler to use than pure chroot"),(0,me.kt)("li",{parentName:"ul"},"Battle-tested container engines"),(0,me.kt)("li",{parentName:"ul"},"Easy to use image management"),(0,me.kt)("li",{parentName:"ul"},"Healthy ecosystem of container images ready to use")),(0,me.kt)("p",null,"Host Integration:"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Wayland an X programs"),(0,me.kt)("li",{parentName:"ul"},"Audio"),(0,me.kt)("li",{parentName:"ul"},"SSH and GPG Agent"),(0,me.kt)("li",{parentName:"ul"},"Automatically Generate Desktop Entries"),(0,me.kt)("li",{parentName:"ul"},"Launch host's command from container and vice versa")),(0,me.kt)("p",null,"Usage"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Intuitive management commands:",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"create, enter, list, rm and stop"))),(0,me.kt)("li",{parentName:"ul"},"Utilities",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"Upgrade will keep all containers up to date"),(0,me.kt)("li",{parentName:"ul"},"ephemeral create, enter, destroy a temporary container"),(0,me.kt)("li",{parentName:"ul"},"generate-entry - create a desktop icon")))),(0,me.kt)("p",null,'Useful for "pet" containers that you don\'t want to remove/recreate all the time.'),(0,me.kt)("p",null,"Use Cases"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Immutable Desktop",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"Endless OS (",(0,me.kt)("a",{parentName:"li",href:"https://endlessos.com"},"https://endlessos.com"),")"),(0,me.kt)("li",{parentName:"ul"},"Fedora Silverblue/Kinoite (https:getfedora.org/it/silverblue/, ",(0,me.kt)("a",{parentName:"li",href:"https://kinoite.fedoraproject.org"},"https://kinoite.fedoraproject.org"),")"),(0,me.kt)("li",{parentName:"ul"},"OpenSuse MicroOS (",(0,me.kt)("a",{parentName:"li",href:"https://microos.opensuse.org"},"https://microos.opensuse.org"),")"),(0,me.kt)("li",{parentName:"ul"},"SteamOS 3 (https:github.com/ValveSoftware/SteamOS/)"))),(0,me.kt)("li",{parentName:"ul"},"Minimize base operating system",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"Less moving parts that can break"),(0,me.kt)("li",{parentName:"ul"},"Userland can be easily replaced"),(0,me.kt)("li",{parentName:"ul"},"Easier to make reproducible"))),(0,me.kt)("li",{parentName:"ul"},"Sudoless setups",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"Enterprise setups where you can't be sudo, but you need a package manager. Easy to use Podman rootless containers here."))),(0,me.kt)("li",{parentName:"ul"},"Mix and Match Distro",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"Custom kernel for abandoned hardware stuck on ancient distribution"),(0,me.kt)("li",{parentName:"ul"},"Access to the latest software on an LTS/Stable release distribution"),(0,me.kt)("li",{parentName:"ul"},"Access old software on a bleeding edge distribution: Distrobox ensures compatibility almost 10 years back in time.")))),(0,me.kt)("p",null,"Diversity"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Host compatiblity with all the major distributions"),(0,me.kt)("li",{parentName:"ul"},"Container compatibility with over 60 combinations of distributions and major versions"),(0,me.kt)("li",{parentName:"ul"},"Mix and match distributions and version to enhance software availability.")),(0,me.kt)("p",null,"Demo - (8:45 in the video)"),(0,me.kt)("p",null,"Using Distrobox, quickly setup a container and he showed what was going on within the container. Including the local system user getting to their systemctl."),(0,me.kt)("p",null,"The distrobox daemon starts in user space and can easily be used by the user who owns it."),(0,me.kt)("p",null,"Distrobox also supports rootful containers with the ",(0,me.kt)("inlineCode",{parentName:"p"},"--root")," option."),(0,me.kt)("p",null,"Flexibility comes from the Podman side and Distrobox simiplifies the Podman command line for those that don't want to fully invest, but want the container experience. It also includes a ",(0,me.kt)("inlineCode",{parentName:"p"},"--dry-run")," option to try the commands in advance."),(0,me.kt)("p",null,"Heavily inspired from containers tool box on SilverBlue, but he needed more than that offered and that was where Distrobox was born. Core concept is the same he thought it might be easier to do at the entrypoints and a few other options that have caused a divergence. Toolbox is Fedora oriented with a dedicated image for it to work, Distrobox works with a number of cloud images. Currently about 65 different images work with it, Debian, ClearLinux, Gentoo and more."),(0,me.kt)("p",null,"Running ClearLinux under Distrobox turned out to be faster than the host machine due to the ClearLinux optimizations."),(0,me.kt)("h2",{id:"vault-test-suite"},"Vault Test Suite"),(0,me.kt)("h3",{id:"alex-scheel"},"Alex Scheel"),(0,me.kt)("h4",{id:"2301-in-the-video"},"(23:01 in the video)"),(0,me.kt)("p",null,"Working for Hashicorp and working on the Vault project there."),(0,me.kt)("p",null,"Demo - (25:26 in the video)"),(0,me.kt)("p",null,"He had problems running Podman on a test suite and dove into it."),(0,me.kt)("p",null,"He uses Podman on Ubuntu currently, had run on Fedora and noticed that Docker was being run so, enabled the podman.socket in the test suite."),(0,me.kt)("p",null,"Some of his containers in Docker used a lot of memory and sometimes failed, yet when he changed to Podman that was no longer an issue."),(0,me.kt)("p",null,"He ran into timeouts with Podman due to networks that Podman were trying to use but docker-radius in the environment was ignoring the requests. He added a PR to docker-radius, but it has yet to be accepted."),(0,me.kt)("p",null,"His CI was spinning up Docker processes and that was failing in the environment too."),(0,me.kt)("p",null,"He used a big hammer and changed the entrypoing to docker-radius to sleep. Probably not optimal, but it does work."),(0,me.kt)("p",null,"He wanted to change Podman api calls to cli calls and the answer was to build a tarball. He built a way to create a context from code within the test case . Build the tarball, set it ups and send it along. So that removed the hack of doing the echo to the container writing the sleep."),(0,me.kt)("p",null,"He can spin up a Vault test cluster, issue certs, and drop it into an nginx container. That spawns a container with the particular info that Vault needs."),(0,me.kt)("p",null,"He's then able to copy the files that he needs into the containers, so they don't have to build the image each time. Especially so for certificates. Guven, they're on containers, they can run in parallel."),(0,me.kt)("p",null,"He'd like to expose the vault cluster to talk to the test containers. Future work for Alex. He's thinking that he may need to use another container to do that communication."),(0,me.kt)("h2",{id:"podman-on-mac-installer-update"},"Podman on Mac Installer Update"),(0,me.kt)("h3",{id:"ashley-cui"},"Ashley Cui"),(0,me.kt)("h4",{id:"4250-in-the-video"},"(42:50 in the video)"),(0,me.kt)("p",null,"We have a packages installer and our building packages on GitHub. Signed for all of our releases and unsigned for RCs. So no need for Brew. It's all in GitHub."),(0,me.kt)("h2",{id:"open-forumquestions"},"Open Forum/Questions?"),(0,me.kt)("h4",{id:"4434-in-the-video"},"(44:34 in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Puvi running Jenkin builds daily. Spins up containers on a cluster. Trying to move to Podman from Docker due to the Dockershim being deprecated. They're using the DOcker.socket and want to use Podman, as the socket isn't secure. They tried rootless, but it's much slower due to the network. Worked much better in rootful and dropped fuse."),(0,me.kt)("p",{parentName:"li"},"Luca suggested using a mount point which should help, but you have to watch if concurrent builds are in play."),(0,me.kt)("p",{parentName:"li"},"Puvi is trying NFS mounts, but in Amazon, he'd have to use AFS, which is slow and costly."),(0,me.kt)("p",{parentName:"li"},"Luca and Puvi discussed a number of configs to try, and that have been tried. Work ongoing."))),(0,me.kt)("h2",{id:"topics-for-next-meeting"},"Topics for Next Meeting"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"NA")),(0,me.kt)("h2",{id:"next-meeting-tuesday-december-6-2022-1100-am-eastern-utc-4"},"Next Meeting: Tuesday December 6, 2022, 11:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h2",{id:"next-cabal-meeting-thursday-november-17-2022-1100-am-eastern-utc-4"},"Next Cabal Meeting: Thursday November 17, 2022, 11:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h3",{id:"meeting-end-1156-am-eastern-utc-4"},"Meeting End: 11:56 a.m. Eastern (UTC-4)"),(0,me.kt)("h2",{id:"bluejeans-chat-copypaste"},"BlueJeans Chat copy/paste:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Me11:00 AM\nhttps://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\nMe11:06 AM\nhack md, please sign in: https://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\nMark Russell11:23 AM\nThis is super cool\nalegrey9111:23 AM\nGreat too!\nLokesh Mandvekar11:29 AM\nis it just me hearing choppy audio ?\nMark Russell11:29 AM\nseems ok here\nLokesh Mandvekar11:29 AM\nack, thanks\nAshley Cui11:47 AM\nhttps://github.com/containers/podman/releases/tag/v4.2.1\nChristian Felder11:49 AM\naarch64 is meant to be used on Apple Silicon M1?\nMatt Heon11:51 AM\n@Christian Felder Yes\nChristian Felder11:57 AM\nThanks!\nAlex Scheel - HCP11:57 AM\nThank you!\nMohan Boddu11:58 AM\nThanks!\n")))}et.isMDXComponent=!0;const tt={},nt="Podman Community Cabal Meeting Notes",at=[{value:"February 16, 2023 11:00 a.m. Eastern",id:"february-16-2023-1100-am-eastern",level:2},{value:"February 16, 2023 Topics",id:"february-16-2023-topics",level:2},{value:"Meeting Notes",id:"meeting-notes",level:3},{value:"Podman Default Network: Enable DNS by default (0:57 in the video) - Matt Heon",id:"podman-default-network-enable-dns-by-default-057-in-the-video---matt-heon",level:3},{value:"Open discussion (29:17 in the video)",id:"open-discussion-2917-in-the-video",level:4},{value:"Next Meeting: Thursday, March 16, 2023, 11:00 a.m. EDT (UTC-5)",id:"next-meeting-thursday-march-16-2023-1100-am-edt-utc-5",level:3},{value:"Possible Topics",id:"possible-topics",level:2},{value:"Next Community Meeting: Tuesday, April 4, 2023, 11:00 a.m. EDT (UTC-4)",id:"next-community-meeting-tuesday-april-4-2023-1100-am-edt-utc-4",level:3},{value:"Possible Topics:",id:"possible-topics-1",level:3}],ot={toc:at},it="wrapper";function st(e){let{components:t,...n}=e;return(0,me.kt)(it,(0,K.Z)({},ot,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-cabal-meeting-notes"},"Podman Community Cabal Meeting Notes"),(0,me.kt)("p",null,"Attendees: Matt Heon, Nalin Dahyabhai, Paul Holzinger, Lokesh Mandvekar, Valentin Rothberg, Eduardo Santiago, Giuseppe Scrivano, Aditya Rajan, Preethi Thomas, Ashley Cui, Brent Baude, Chris Evich, Urvashi Mohnani, Martin Jackson, Max Ehlers, Matthew McComas, Peter Buffon"),(0,me.kt)("h2",{id:"february-16-2023-1100-am-eastern"},"February 16, 2023 11:00 a.m. Eastern"),(0,me.kt)("h2",{id:"february-16-2023-topics"},"February 16, 2023 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Podman Default Network: Enable DNS by default - Matt Heon")),(0,me.kt)("h3",{id:"meeting-notes"},"Meeting Notes"),(0,me.kt)("p",null,"Video ",(0,me.kt)("a",{parentName:"p",href:"https://youtu.be/Rn8SKgubXQ4"},"Recording")),(0,me.kt)("p",null,"Meeting start: 11:02 a.m. Thursday, February 16, 2023"),(0,me.kt)("h3",{id:"podman-default-network-enable-dns-by-default-057-in-the-video---matt-heon"},"Podman Default Network: Enable DNS by default (0:57 in the video) - Matt Heon"),(0,me.kt)("p",null,"We currently don't currently start DNS on the container by default. So you can't talk to other containers by name."),(0,me.kt)("p",null,"The question is, going forward, should we turn it on by default?"),(0,me.kt)("p",null,"Paul thinks the concern might be having a DNS server running on each container."),(0,me.kt)("p",null,"Brent thinks this will be a performance hit as another service will need to be run, and an up/down check will need to be run also."),(0,me.kt)("p",null,'Docker compose on Podman currently runs on a network without DNS, so we may need to adjust. The "play kube" command may also need to be adjusted.'),(0,me.kt)("p",null,"DNS is complex, and the more enablement you do, the more problems that can be encountered. Brent is concerned."),(0,me.kt)("p",null,"Matt noted that only startup performance and shutdown performance that should be impacted the most. Paul thinks there may be extra latency for the first request."),(0,me.kt)("p",null,"Valentin thinks we have had enough questions from customers asking why DNS doesn't work out of the gate, that it is worth looking into."),(0,me.kt)("p",null,"Matt noted that changing the default network will be pretty trivial."),(0,me.kt)("p",null,"Giuseppe asked if there is a security concern with containers being able to use DNS. Paul thinks that we're only providing name resolution, but it's not that much different than allowing for IP communication between containers."),(0,me.kt)("p",null,"Paul thinks we should do a study of the plusses and minuses of the change and then make a decision from there. Regardless, we should make the selection process of the default network a be one-line change for ease of use."),(0,me.kt)("p",null,"Matt would like to do it as it's an advantage over what Docker does He thinks it's a straight enhancement over Docker."),(0,me.kt)("p",null,"Matt is proposing having Netavark set as default DNS to on, while CNI would remain as not defaulting to DNS."),(0,me.kt)("p",null,"The question is, should this change, if it goes forward, go into a Podman 4.","*"," release, or the Podman 5.0 release? Is it a breaking change? Paul leans towards 5.0."),(0,me.kt)("p",null,"Paul pointed out that we can't do this for CNI as it would break some functionality there."),(0,me.kt)("p",null,"The leaning is toward implementing this at Podman v5.0 and making it easily configurable."),(0,me.kt)("p",null,"Brent's concern is will the average user be able to update the conf file. He thinks it's easy to do, but finding it is sometimes hard to locate. Should we make it configurable from Podman itself? We could do a network-update command in Podman, or allow the user to configure it via a Podman command."),(0,me.kt)("p",null,"Plumbing work to happen in the near future, final switch on Podman v5.0?"),(0,me.kt)("h4",{id:"open-discussion-2917-in-the-video"},"Open discussion (29:17 in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Max asked about the WireGuard PR for Netavark.")),(0,me.kt)("p",null,(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/netavark/pull/472"},"Netavark PR")),(0,me.kt)("p",null,"We had marked it as experimental. Paul says he hasn't had the time to do a proper review due to the size and the lack of WireGuard experience."),(0,me.kt)("p",null,"Brent suggested that we might merge it, marking it as experimental, and then building some kind of gate around it."),(0,me.kt)("p",null,"Brent and Matt will review it and work to make it in. Brent asked if Paul thought there was enough documentation surrounding it, especially pointers to WireGuard itself."),(0,me.kt)("p",null,"Many thanks to Max for his contribution."),(0,me.kt)("h3",{id:"next-meeting-thursday-march-16-2023-1100-am-edt-utc-5"},"Next Meeting: Thursday, March 16, 2023, 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h2",{id:"possible-topics"},"Possible Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"})),(0,me.kt)("h3",{id:"next-community-meeting-tuesday-april-4-2023-1100-am-edt-utc-4"},"Next Community Meeting: Tuesday, April 4, 2023, 11:00 a.m. EDT (UTC-4)"),(0,me.kt)("h3",{id:"possible-topics-1"},"Possible Topics:"),(0,me.kt)("p",null,"Meeting finished 11:40 a.m."),(0,me.kt)("p",null,"Raw Meeting Chat:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"The raw chat was not captured.\n")))}st.isMDXComponent=!0;const rt={},lt="Podman Community Meeting",ht=[{value:"November 3, 2020 11:00 a.m. Eastern",id:"november-3-2020-1100-am-eastern",level:2},{value:"Attendees (36 total)",id:"attendees-36-total",level:3},{value:"Meeting Start: 11:03 a.m.",id:"meeting-start-1103-am",level:2},{value:"BlueJeans Recording",id:"bluejeans-recording",level:3},{value:"boot2podman/podman-machine",id:"boot2podmanpodman-machine",level:2},{value:"Anders Bj\xf6rklund",id:"anders-bj\xf6rklund",level:3},{value:"rise and fall of boot2podman",id:"rise-and-fall-of-boot2podman",level:4},{value:"Basically a varlink post-mortem",id:"basically-a-varlink-post-mortem",level:4},{value:"(1:40 in the video)",id:"140-in-the-video",level:5},{value:"What Red Hat Thinks - Design directions",id:"what-red-hat-thinks---design-directions",level:2},{value:"Brent Baude",id:"brent-baude",level:3},{value:"(20:55 in the video)",id:"2055-in-the-video",level:5},{value:"Short Image Name Pulling Demo",id:"short-image-name-pulling-demo",level:2},{value:"Valentin Rothberg",id:"valentin-rothberg",level:3},{value:"(27:30 in the video)",id:"2730-in-the-video",level:5},{value:"Questions?",id:"questions",level:2},{value:"Topics for Next Meeting",id:"topics-for-next-meeting",level:2},{value:"Next Meeting: Tuesday December 1, 2020, 11:00 a.m. Eastern (UTC-5)",id:"next-meeting-tuesday-december-1-2020-1100-am-eastern-utc-5",level:2},{value:"Meeting End: 12:14 p.m.",id:"meeting-end-1214-pm",level:2},{value:"BlueJeans Chat copy/paste:",id:"bluejeans-chat-copypaste",level:2}],dt={toc:ht},ut="wrapper";function mt(e){let{components:t,...n}=e;return(0,me.kt)(ut,(0,K.Z)({},dt,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-meeting"},"Podman Community Meeting"),(0,me.kt)("h2",{id:"november-3-2020-1100-am-eastern"},"November 3, 2020 11:00 a.m. Eastern"),(0,me.kt)("h3",{id:"attendees-36-total"},"Attendees (36 total)"),(0,me.kt)("p",null,"Tom Sweeney, Brent Baude, Anders Bj\xf6rklund (afbjorklund), Greg Shomo, sshnaidm, Jordan Christiansen (xordspar0), Ralf Haferkamp, Paul Holzinger, Giuseppe Scrivano, Shenghao Yang, Ashley Cui, Brett Tofel, Alex Litvak, Nalin Dahyabhai, Qi Wang, Scott McCarty, Lokesh Mandvekar, Ed Haynes, Valentin Rothberg, Christian Felder, Holger Gantikow, James Cassell, Dan Walsh, Peter Hunt, Urvashi Mohnani"),(0,me.kt)("h2",{id:"meeting-start-1103-am"},"Meeting Start: 11:03 a.m."),(0,me.kt)("h3",{id:"bluejeans-recording"},"BlueJeans ",(0,me.kt)("a",{parentName:"h3",href:"https://bluejeans.com/s/PwWkFkPIlI6"},"Recording")),(0,me.kt)("h2",{id:"boot2podmanpodman-machine"},"boot2podman/podman-machine"),(0,me.kt)("h3",{id:"anders-bj\xf6rklund"},"Anders Bj\xf6rklund"),(0,me.kt)("h4",{id:"rise-and-fall-of-boot2podman"},"rise and fall of boot2podman"),(0,me.kt)("p",null,(0,me.kt)("a",{parentName:"p",href:"https://boot2podman.github.io/"},"https://boot2podman.github.io/")),(0,me.kt)("h4",{id:"basically-a-varlink-post-mortem"},"Basically a varlink post-mortem"),(0,me.kt)("h5",{id:"140-in-the-video"},"(1:40 in the video)"),(0,me.kt)("p",null,"Anders talked about his work in containers starting with chroot to jails, to zones, to openVZ, to LX and finally to Docker. Slide Deck ",(0,me.kt)("a",{parentName:"p",href:"https://boot2podman.github.io/assets/Boot2PodmanProject.pdf"},"here"),"."),(0,me.kt)("p",null,"Within Docker, runc, containerd and Moby project."),(0,me.kt)("p",null,"What was very interesting to him was the boot2docker, a lightweight distribution based on Tiny Core Linux made specifically to run Docker containers. This was productized into the Docker toolbox."),(0,me.kt)("p",null,"Base.Tiny Core Linux which runs on multiple architectures."),(0,me.kt)("p",null,"His boot2podman project was to try and emulate boot2docker. Used a custom kernel, add-on initrd and build tools."),(0,me.kt)("p",null,"When running containers from scratch you need kernel, build, packages (runc, Podman, conmon, cni-plugins, varlink Buildah, Skopeo) and others such as ssh. Varlink was used to run remote connections for Podman."),(0,me.kt)("p",null,"Varlink tool and library talks to different interfaces and runs on a socket."),(0,me.kt)("p",null,"Machine lets you create Podman hosts on computer, it creates servers with Podman on them, then configures the Podman client to talk to them."),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Docker to Podman conversion"),(0,me.kt)("li",{parentName:"ul"},"Drop support for Swarm"),(0,me.kt)("li",{parentName:"ul"},"Add the driver for QEMU"),(0,me.kt)("li",{parentName:"ul"},"Drop support for cloud")),(0,me.kt)("p",null,"boot2docker was recently deprecated and move to unmaintained image. boot2podman also deprecated due to varlink being replaced with REST API."),(0,me.kt)("p",null,"Anders then ran a ",(0,me.kt)("a",{parentName:"p",href:"https://boot2podman.github.io/2020/11/03/boot2podman-project.html"},"demo")," ",(0,me.kt)("strong",{parentName:"p"},"(16:00 in video)"),". He does not yet have support for V2 Podman, but in the works."),(0,me.kt)("h2",{id:"what-red-hat-thinks---design-directions"},"What Red Hat Thinks - Design directions"),(0,me.kt)("h3",{id:"brent-baude"},"Brent Baude"),(0,me.kt)("h5",{id:"2055-in-the-video"},"(20:55 in the video)"),(0,me.kt)("p",null,"Determing priorities"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Resolve migration hurdles from Docker to Podman",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"Number 1 focus of the team at the moment."))),(0,me.kt)("li",{parentName:"ul"},"What are we hearing?"),(0,me.kt)("li",{parentName:"ul"},"What do we know?")),(0,me.kt)("p",null,"The following is not a commitment from Red Hat, but what we think and hope to do."),(0,me.kt)("p",null,"How we work"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Stakeholders",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"Upstream"),(0,me.kt)("li",{parentName:"ul"},"Product Management"),(0,me.kt)("li",{parentName:"ul"},"Distribution and OpenShfit"))),(0,me.kt)("li",{parentName:"ul"},"Agile driven",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"3 week sprints"))),(0,me.kt)("li",{parentName:"ul"},"Complications",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"No easy bugs"),(0,me.kt)("li",{parentName:"ul"},"Bug counts")))),(0,me.kt)("p",null,"Short Names (see next topic)"),(0,me.kt)("p",null,"Upcoming priorities."),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},'Possible now with "compatibilty" RESTful interface'),(0,me.kt)("li",{parentName:"ul"},"CI testing to prevent regressions",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"No obvious framework for using docker-py tests",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"Problems using swarm, working through that."))),(0,me.kt)("li",{parentName:"ul"},"Wrote testsuite but needs completion"))),(0,me.kt)("li",{parentName:"ul"},"Linchpin - Opens up possibilities for other applications.",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"Grype, for example, a vulnerbality scanner that uses docker-py that ran into an issue and has been addressed.")))),(0,me.kt)("p",null,"Volume plugins\n",(0,me.kt)("em",{parentName:"p"}," Ongoing requirement from users and customers\n")," Compatible with Docker"),(0,me.kt)("p",null,"Docker compose\n",(0,me.kt)("em",{parentName:"p"}," Ongoing requirement from users and customers\n")," podman-compose\n",(0,me.kt)("em",{parentName:"p"}," Getting close\n")," Podman generate and play kube is strategic future."),(0,me.kt)("p",null,"Network Alias\n",(0,me.kt)("em",{parentName:"p"}," Longstanding upstream request\n")," ",(0,me.kt)("inlineCode",{parentName:"p"},"podman run --network-alias foo1 ..."),"\n",(0,me.kt)("em",{parentName:"p"}," Wired into dnsname plugin.\n")," Backend and Frontend WIP PR's exist.\n",(0,me.kt)("em",{parentName:"p"}," Opens up network connect and disconnect.\n")," Work is ongoing and needed for docker-compose."),(0,me.kt)("p",null,"Clone (rename) containers\n",(0,me.kt)("em",{parentName:"p"}," Longstanding upstream request\n")," Challenges our architecture where container description are immutable."),(0,me.kt)("p",null,"Secrets\n",(0,me.kt)("em",{parentName:"p"},' Add "secrets" to a container\n')," Lots of open-ended questions here yet, but design meeting pending. Ashley Cui driving."),(0,me.kt)("p",null,"Mount image into container ","*"," Convenience command to allwo mounting of an image into a container in a single step."),(0,me.kt)("p",null,"Help Needed"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Keeping bugs below 200."),(0,me.kt)("li",{parentName:"ul"},"Need community to help us balance bugs and new features.\n",(0,me.kt)("em",{parentName:"li"}," Reproducers alone are very helpful!\n")," Answer questions\n",(0,me.kt)("em",{parentName:"li"}," Submit fixes\n")," Blogs"),(0,me.kt)("li",{parentName:"ul"},"RESTful compatibilty endpoint for archive"),(0,me.kt)("li",{parentName:"ul"},"Secure implementation of 'cp' for podman-remote"),(0,me.kt)("li",{parentName:"ul"},"podman-py")),(0,me.kt)("p",null,"(Note for Brent: Look into docker log drivers.)"),(0,me.kt)("h2",{id:"short-image-name-pulling-demo"},"Short Image Name Pulling Demo"),(0,me.kt)("h3",{id:"valentin-rothberg"},"Valentin Rothberg"),(0,me.kt)("h5",{id:"2730-in-the-video"},"(27:30 in the video)"),(0,me.kt)("p",null,'Valentin took over in the middle of Brent\'s talk.\n"debian" vs fully qualified "docker.io/library/debian:latest"'),(0,me.kt)("p",null,"Ambiguity when completing short names, uses /etc/containers/registries.conf to determine where to pull from."),(0,me.kt)("p",null,"Risk of hitting a malicious repository"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Depends on order of registries in list"),(0,me.kt)("li",{parentName:"ul"},"registry.fedorproject.io, ..., docker.io")),(0,me.kt)("p",null,"Solution: short name aliasing and prompting"),(0,me.kt)("p",null,(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/shortnames"},"https://github.com/containers/shortnames")," for more info."),(0,me.kt)("p",null,"Valentin ran a demo on short names."),(0,me.kt)("p",null,"This is to ship with Podman v2.2 along with a blog post describing it."),(0,me.kt)("p",null,"(A number of questions in bluejeans chat on shortnames, see below.)"),(0,me.kt)("h2",{id:"questions"},"Questions?"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Marcin Skarbek having problems starting a container in Podman v2.0.5. New issue incoming. Brent believes fixed by changes in upstream."),(0,me.kt)("li",{parentName:"ol"},"Jordan Christiansen asked about podman play kube volume support. Peter Hunt said to report an issue if problem found which he suspects there is."),(0,me.kt)("li",{parentName:"ol"},"Shenghao Yang asked about fuse-overlayfs to store in a NFS use case. The goal is to get there. Experimental now due to the uids that come into play. Long term goal is to get NFS to understand and use usernamespace safely.")),(0,me.kt)("h2",{id:"topics-for-next-meeting"},"Topics for Next Meeting"),(0,me.kt)("p",null,"None suggested, happy to take some! (",(0,me.kt)("a",{parentName:"p",href:"mailto:tsweeney@redhat.com"},"tsweeney@redhat.com"),")"),(0,me.kt)("h2",{id:"next-meeting-tuesday-december-1-2020-1100-am-eastern-utc-5"},"Next Meeting: Tuesday December 1, 2020, 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h2",{id:"meeting-end-1214-pm"},"Meeting End: 12:14 p.m."),(0,me.kt)("h2",{id:"bluejeans-chat-copypaste"},"BlueJeans Chat copy/paste:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"tsweeney10:56 AM\nHackMD for notes and questions, please sign in there at the top! https://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\nScott McCarty11:05 AM\nHello everyone!\nChristian Felder11:27 AM\nI don't want to interrupt the current session, but I've a question regarding boot2podman: If you publish a port is it published just on box or on the host as well?\nDAN (ME)11:29 AM\nWe connect via ssh tunnel, so no open ports on the VM by default.\nOther then ssh port.\nPodman v2 listens on local unix domain socket, and podman-remote uses ssh under the covers to connect to this unix domain socket.\nChristian Felder11:29 AM\nok... that's a bit different from the docker experience... if you use docker run -p it is published on the host although there is this vm behind the scenes\nafbjorklund11:30 AM\ndocker-machine opens 22 and 2376, but podman-machine does everything over 22 - although tunneled to a random local port\nDAN (ME)11:30 AM\nYou can setup Podman to listen on random ports, but we discourage this because of the security risks.\nafbjorklund11:30 AM\nthere is no publishing on the laptop, that is docker desktop rather than docker toolbox\n(when using docker-machine that was)\nmheon11:31 AM\n@Christian - ports are only published on the VM now.\nI think Dan is confusing port mapping and the API port\nDAN (ME)11:31 AM\nafbjorklund nice job on the presentation.\nafbjorklund11:31 AM\nthanks! it'll be on the blog site eventually\nDAN (ME)11:31 AM\nmheon I am talking about which port the podman socket listens on\nChristian Felder11:32 AM\nok from my experience I could telnet to a port on localhost (on the host machine) when using the docker-cli, e.g. docker run -p ...\nmheon11:32 AM\n@Dan I'm fairly certain the question is about `-p` for podman run\n@Christian - yes, that's not implemented yet\nChristian Felder11:32 AM\nalright thanks\nmheon11:33 AM\nI'd love to get it working, but there are only so many engineers on the project right now\nafbjorklund11:33 AM\nwhen you use this docker-machine/podman-machine setup, anything that you publish is available on the VM IP (rather than 127.0.0.1)\nChristian Felder11:33 AM\nthanks afbjorklund that was what i expected. I did a similar setup with podman-remote and a custom vm\nafbjorklund11:34 AM\nsome details are on https://github.com/boot2podman/machine\nAlex Litvak11:35 AM\nmissed previous speaker, will the video be posted ?\nDAN (ME)11:35 AM\nyes\nMe11:35 AM\nAlex, yes it will. At least a link on podman.io\nAlex Litvak11:35 AM\nthanks\nChristian Felder11:37 AM\ndocker.io/mariadb:latest -> docker.io/library/mariadb:latest (is the first a shortname as well?)\nmheon11:38 AM\n@Christian - It has a repository in it explicitly, so I would say no\nJames Cassell11:39 AM\ndoes it support cascading configs? can a user override only part of the system config?\nmheon11:39 AM\nI'll leave that one to Valentin\nDAN (ME)11:40 AM\nJames we will leave it to distros to choose which shortnames they want to ship by default.\nValentin Rothberg11:40 AM\n@Christian: Matt is right. docker.io/foo is a special case as Docker normalizes with library/\n@James: the registries.conf supports drop-in config files that allow to override previous entries\nDAN (ME)11:41 AM\ngithub.com/contaiers/shortnames, is just for disto based images at this point. If fedora wants to defaul mariadb to a fedora version, then this is up to fedora.\nValentin Rothberg11:41 AM\n`man containers-registries.conf.d` is the place to look\nChristian Felder11:42 AM\nI just stumbled accross this when using podman_image modules for ansible which checks for the image name because the code checks for the image name which changes when pulling from the shorter url which resolves to docker.io/library/...\nthanks for your answers\nJames Cassell11:43 AM\nthanks! drop-ins are great\nJames Cassell11:45 AM\nif docker-compose compat REST API works, does it make podman-compose irrelevant, since folks can just use the docker-compose binary to talk to podman?\nJames Cassell11:45 AM\nhttps://hackmd.io/fc1zraYdS0-klJ2KJcfC7w (reposting link from start)\nChristian11:46 AM\ndo you have an example of what won't be possible with docker-compose / docker-py ?\nmheon11:46 AM\nFor docker-py - anything in the Swarm APIs\nRenaming containers\nThose are the big two\nNetworking will have some limits for now but I think we can work through those\nAlex Litvak11:47 AM\nare docker log drivers a part ofthe picture?\nChristian11:48 AM\nthanks!\nafbjorklund11:57 AM\npodman-py, not to be confused with pypodman :-)\nmheon11:57 AM\nLesson here: Don't let engineers name things\nSagi Shnaidman11:59 AM\nYou can demonstrate podman modules for Ansible, for example :)\nafbjorklund12:00 PM\nit should be noted that minikube has support for podman, so you can use podman in order to run \"real\" kubernetes too\n(both podman v1 and v2 as of lately)\n`minikube start --driver=podman`\nGreg Shomo (Northeastern University)12:03 PM\nthank you all for your time\nErik Bernoth12:11 PM\nthanks for the greet meeting, have to leave. Bye\nafbjorklund12:13 PM\nPosted slides and demos on the boot2podman site\nMe12:13 PM\nThanks AB!\n")))}mt.isMDXComponent=!0;const ct={},pt="Podman Community Meeting",gt=[{value:"May 4, 2021 11:00 a.m. Eastern (UTC-4)",id:"may-4-2021-1100-am-eastern-utc-4",level:2},{value:"Attendees (36 total)",id:"attendees-36-total",level:3},{value:"May the Fourth be with You! - podman run --rm -it -e mode=stdout quay.io/tomsweeneyredhat/asciistarwars:latest",id:"may-the-fourth-be-with-you---podman-run---rm--it--e-modestdout-quayiotomsweeneyredhatasciistarwarslatest",level:4},{value:"Meeting Start: 11:05 a.m.",id:"meeting-start-1105-am",level:2},{value:"BlueJeans Recording",id:"bluejeans-recording",level:3},{value:"Podman and IPv6 Status",id:"podman-and-ipv6-status",level:2},{value:"Matt Heon",id:"matt-heon",level:3},{value:"(1:49 in the video)",id:"149-in-the-video",level:4},{value:"Running Docker, Podman, and even Kubernetes inside rootless Podman containers",id:"running-docker-podman-and-even-kubernetes-inside-rootless-podman-containers",level:2},{value:"Cesar Talledo - Nestybox",id:"cesar-talledo---nestybox",level:3},{value:"(5:10 in the video)",id:"510-in-the-video",level:4},{value:"Demo (20:55 in the video)",id:"demo-2055-in-the-video",level:5},{value:"Podman Python Client Demo",id:"podman-python-client-demo",level:2},{value:"Jhon Honce",id:"jhon-honce",level:3},{value:"(33:45 in the video)",id:"3345-in-the-video",level:4},{value:"Demo (40:32 in the video)",id:"demo-4032-in-the-video",level:5},{value:"Questions?",id:"questions",level:2},{value:"(47:30 in the video)",id:"4730-in-the-video",level:4},{value:"Topics for Next Meeting",id:"topics-for-next-meeting",level:2},{value:"Next Meeting: Tuesday June 1, 2021, 11:00 a.m. Eastern (UTC-4)",id:"next-meeting-tuesday-june-1-2021-1100-am-eastern-utc-4",level:2},{value:"Meeting End: 11:55 a.m. Eastern (UTC-4)",id:"meeting-end-1155-am-eastern-utc-4",level:3},{value:"BlueJeans Chat copy/paste:",id:"bluejeans-chat-copypaste",level:2}],kt={toc:gt},yt="wrapper";function wt(e){let{components:t,...n}=e;return(0,me.kt)(yt,(0,K.Z)({},kt,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-meeting"},"Podman Community Meeting"),(0,me.kt)("h2",{id:"may-4-2021-1100-am-eastern-utc-4"},"May 4, 2021 11:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h3",{id:"attendees-36-total"},"Attendees (36 total)"),(0,me.kt)("p",null,"Tom Sweeney, Brent Baude, Jhon Honce, Dan Walsh, Chris Evich, Lokesh Mandvekar, Urvashi Mohnani, Nalin Dahyabhai, Eduardo Santiago, Matt Heon, Ashley Cui, Giuseppe Scrivano, Anders Bj\xf6rklund, Paul Holzinger, Greg Shomo, Scott McCarty, Ed Haynes, Christian Felder, Eduardo Vega, Alex Litvak, Holger Gantikow"),(0,me.kt)("h4",{id:"may-the-fourth-be-with-you---podman-run---rm--it--e-modestdout-quayiotomsweeneyredhatasciistarwarslatest"},"May the Fourth be with You! - ",(0,me.kt)("inlineCode",{parentName:"h4"},"podman run --rm -it -e mode=stdout quay.io/tomsweeneyredhat/asciistarwars:latest")),(0,me.kt)("p",null,(0,me.kt)("a",{parentName:"p",href:"https://www.redhat.com/sysadmin/may-fourth-podman"},"May the 4th Article")),(0,me.kt)("h2",{id:"meeting-start-1105-am"},"Meeting Start: 11:05 a.m."),(0,me.kt)("h3",{id:"bluejeans-recording"},"BlueJeans ",(0,me.kt)("a",{parentName:"h3",href:"https://bluejeans.com/s/Qq_IsjrnOaG"},"Recording")),(0,me.kt)("h2",{id:"podman-and-ipv6-status"},"Podman and IPv6 Status"),(0,me.kt)("h3",{id:"matt-heon"},"Matt Heon"),(0,me.kt)("h4",{id:"149-in-the-video"},"(1:49 in the video)"),(0,me.kt)("p",null,"Working on improving Podman IPv6 support, the ability to set multiple static IP addresses for a cotainer, this will allow Podman to do --ip and --ipv6 on the same containers so you can have static IPs for both network types. Also work ongoing for different ip's at the same time for one container on different network types (one v4 and one v6 per network)."),(0,me.kt)("p",null,"Support being worked on to allow Podman to automatically set IPv6 as the default network. The current default network does not support IPv6 at all. Working on improving support IPv6 in ",(0,me.kt)("inlineCode",{parentName:"p"},"podman network")," so via configuration options, you'll be able to automatically assign using this command."),(0,me.kt)("p",null,"No work on IPv6 port forwarding in the next release, but sometime in the future. Looking at Podman v3.3 for delivery of the IPv6 improvements. Next relase v3.2 rc1 is being cut tomorrow."),(0,me.kt)("h2",{id:"running-docker-podman-and-even-kubernetes-inside-rootless-podman-containers"},"Running Docker, Podman, and even Kubernetes inside rootless Podman containers"),(0,me.kt)("h3",{id:"cesar-talledo---nestybox"},"Cesar Talledo - ",(0,me.kt)("a",{parentName:"h3",href:"https://www.nestybox.com/"},"Nestybox")),(0,me.kt)("h4",{id:"510-in-the-video"},"(5:10 in the video)"),(0,me.kt)("p",null,(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman.io/blob/main/community/meeting/notes/2021-05-04/sysbox-podman-community-meeting.pdf"},"slides")),(0,me.kt)("p",null,"Podman integrated to running system level software inside of rootless containers."),(0,me.kt)("p",null,"Developers of the Sysbox runtime, founders of Nestybox."),(0,me.kt)("p",null,"Enhance containers to run most workloads that run in VMs, seamlessly and with strong isolation."),(0,me.kt)("p",null,"systemd, Docker, Podman and K8s, etc are the system workloads they're looking to run, seamlessly and with strong isolation."),(0,me.kt)("p",null,"A command like ",(0,me.kt)("inlineCode",{parentName:"p"},"podman run --userns=auto:size=65536 -it any-image")," could run a container running any system, easy, powerful and secure."),(0,me.kt)("p",null,"They made the changes with sysbox-runc. Strong isolation (Linux User Namespace), Runs same workloads on VMs, seamlessly. No special images."),(0,me.kt)("p",null,"OpenSource software."),(0,me.kt)("p",null,"Features:\nUsernamespace on all containers\nfile-system ID shifting (shiftfs now, ID-mapped mounts soon)\nprocfs and sysfs virtualization\nsyscall interception\nInitial mount locking\nEasy preloading of inner container images\nSharing inner container images across Sysbox containers.\nEasy to load inner container images\nAllows for shared disk space of inner container images"),(0,me.kt)("p",null,"Limitations\nLinux only\nNeed 5.5+, Ubuntu 5.0+\n90% OCI compatible\nSets up container environments to enable it to run system software, for instance '--privilege' option won't work, but that makes sense.\nSome workloads don't run inside the containers\nIPvs, kernel module loading, etc.\nSysbox is a daemon that must run as root."),(0,me.kt)("p",null,"Tries not to get in the way of the syscalls"),(0,me.kt)("h5",{id:"demo-2055-in-the-video"},"Demo (20:55 in the video)"),(0,me.kt)("p",null,"Prefers Ubuntu, but deals with other linux."),(0,me.kt)("p",null,"systemctl start sysbox\nsudo podman run --runtime=sysbox-runc -it --rm --userns=auto:size=65536 --hostname=syscont nestybox/ubuntu-bionic-systemd-docker"),(0,me.kt)("p",null,"Showed the inside of the container with Docker already running, all inside the container."),(0,me.kt)("p",null,"Solving a container with limit to cgroup with certain memory, then that's what you should see. They want to hide as much info of the host from inside the container."),(0,me.kt)("p",null,(0,me.kt)("strong",{parentName:"p"},"Summary")),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Currently runing system sofware in containers requires\n Insecure (privileged) containers\n Complex container images and commands\n\nWe need to change this\n Enables powerful use cases for containers (beyond micro-service deployment)\n\nSysbox is a next-gen runc designed for this.\n\nEnterprises are using it to replace VMs in many scenarios.\n")),(0,me.kt)("p",null,(0,me.kt)("a",{parentName:"p",href:"https://github.com/nestybox/sysbox"},"Nestybox GitHub")),(0,me.kt)("h2",{id:"podman-python-client-demo"},"Podman Python Client Demo"),(0,me.kt)("h3",{id:"jhon-honce"},"Jhon Honce"),(0,me.kt)("h4",{id:"3345-in-the-video"},"(33:45 in the video)"),(0,me.kt)("p",null,"Python bindings are modeled after Docker py. Wanted to allow people to run their Docker py scripts."),(0,me.kt)("p",null,"Podman py is up on ",(0,me.kt)("a",{parentName:"p",href:"https://pypi.org/project/podman-py/"},"Pypi")," and ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman-py/blob/main/contrib/examples/demo.py"},"Demo")," on repo in GitHub."),(0,me.kt)("p",null,"Python Podman going through the packagin process for Fedora now, RHEL later."),(0,me.kt)("h5",{id:"demo-4032-in-the-video"},"Demo (40:32 in the video)"),(0,me.kt)("p",null,"Created a pod, and removed containers and pods that were created."),(0,me.kt)("p",null,"Showed code, craete client, shows version, api and min api. Pulled latest alpine image and created a pod and container in the pod, and then removes image, pod and containers. Then lists the images."),(0,me.kt)("p",null,"Used the unix domain socket, new Pull Requests for ssh in the works and also tcp sockets."),(0,me.kt)("p",null,"Bindings are now on par with ",(0,me.kt)("inlineCode",{parentName:"p"},"podman --remote")," for doing connections."),(0,me.kt)("p",null,"Can you run Docker py and Podman py at the same time? Yes! No locking preventing that. Can even run podman --remote through the compatibiltiy layer."),(0,me.kt)("h2",{id:"questions"},"Questions?"),(0,me.kt)("h4",{id:"4730-in-the-video"},"(47:30 in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"No questions asked.")),(0,me.kt)("h2",{id:"topics-for-next-meeting"},"Topics for Next Meeting"),(0,me.kt)("h2",{id:"next-meeting-tuesday-june-1-2021-1100-am-eastern-utc-4"},"Next Meeting: Tuesday June 1, 2021, 11:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h3",{id:"meeting-end-1155-am-eastern-utc-4"},"Meeting End: 11:55 a.m. Eastern (UTC-4)"),(0,me.kt)("h2",{id:"bluejeans-chat-copypaste"},"BlueJeans Chat copy/paste:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},'Me10:55 AM\nPlease sign in on HackMD https://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\nAnd "May the Fourt be with you!\nEdward Haynes11:19 AM\nI remember a few years ago Intel was working on "clear containers" to put very lightweight virt around each container for protection ... did this ever amount to anything?\nDan Walsh (rhatdan)11:20 AM\nEdward ClearContainers became Kata Containers, But they run with a virtualization layer, and their own kernel.\nRodny Molina11:21 AM\nhttps://github.com/nestybox/sysbox\nAlex Litvak11:21 AM\nbad audio\nDan Walsh (rhatdan)11:22 AM\nAlex it sounds fine here\nAlex Litvak11:23 AM\nsorry it look like a local problem\nAnders Bj\xf6rklund11:33 AM\nWhat is the biggest difference between this (product) and LXC ?\nRodny Molina11:34 AM\nSysbox is, by design, compatible with Docker, K8s and now Podman. LXC (and LXD) are not AFAIK.\nAnders Bj\xf6rklund11:35 AM\nSo a difference for the forward-looking but similar but for the backward-looking, got it. Thanks.\nRodny Molina11:38 AM\nEven for the backward-looking, Sysbox procfs/sysfs emulation goes further than what LXD is doing, so we believe you should be able to run many more system workloads in Sysbox when compared to LXD. To be fair, LXD has some features that we don\'t have.\nmanish11:39 AM\nnice cesar ... great project\nCesar Talledo11:39 AM\nthanks Manish!\nAnders Bj\xf6rklund11:39 AM\nWe originally used OpenVZ for this, which was how I got started with containers originally\nMatt Heon11:42 AM\nAh, wayland!\nLokesh Mandvekar11:43 AM\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1956841\njhonce11:45 AM\nssh ro-BRmMS9jtgcXdRW6eMRyH5zrQV@sfo2.tmate.io\nUwe11:55 AM\nthanx\nMe11:55 AM\nhttps://www.redhat.com/sysadmin/may-fourth-podman\n')))}wt.isMDXComponent=!0;const ft={},bt="Podman Community Meeting",vt=[{value:"September 7, 2021 11:00 a.m. Eastern (UTC-4)",id:"september-7-2021-1100-am-eastern-utc-4",level:2},{value:"Attendees (18 total)",id:"attendees-18-total",level:3},{value:"Meeting Start: 11:03 a.m.",id:"meeting-start-1103-am",level:2},{value:"BlueJeans Recording",id:"bluejeans-recording",level:3},{value:"Official Debian/Ubuntu Packages Updates",id:"official-debianubuntu-packages-updates",level:2},{value:"Reinhard Tartler/Lokesh Mandvekar",id:"reinhard-tartlerlokesh-mandvekar",level:3},{value:"(1:42 in the video)",id:"142-in-the-video",level:4},{value:"Podman machine Updates",id:"podman-machine-updates",level:2},{value:"Matt Heon",id:"matt-heon",level:3},{value:"(4:17 in the video)",id:"417-in-the-video",level:4},{value:"Containerized DNA Analysis",id:"containerized-dna-analysis",level:2},{value:"Erik Bernoth",id:"erik-bernoth",level:3},{value:"(8:27 in the video)",id:"827-in-the-video",level:4},{value:"Meeting notes from Erik:",id:"meeting-notes-from-erik",level:5},{value:"Using Podman in an IDE",id:"using-podman-in-an-ide",level:2},{value:"Chris Short",id:"chris-short",level:3},{value:"(23:14 in the video)",id:"2314-in-the-video",level:4},{value:"Open Forum/Questions?",id:"open-forumquestions",level:2},{value:"(32:52 in the video)",id:"3252-in-the-video",level:4},{value:"Topics for Next Meeting",id:"topics-for-next-meeting",level:2},{value:"Next Meeting: Tuesday October 5, 2021, 11:00 a.m. Eastern (UTC-4)",id:"next-meeting-tuesday-october-5-2021-1100-am-eastern-utc-4",level:2},{value:"Next Cabal Meeting: Thursday September 16, 2021, 10:00 a.m. Eastern (UTC-4)",id:"next-cabal-meeting-thursday-september-16-2021-1000-am-eastern-utc-4",level:2},{value:"Meeting End: 11:40 a.m. Eastern (UTC-4)",id:"meeting-end-1140-am-eastern-utc-4",level:3},{value:"BlueJeans Chat copy/paste:",id:"bluejeans-chat-copypaste",level:2}],Mt={toc:vt},At="wrapper";function It(e){let{components:t,...n}=e;return(0,me.kt)(At,(0,K.Z)({},Mt,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-meeting"},"Podman Community Meeting"),(0,me.kt)("h2",{id:"september-7-2021-1100-am-eastern-utc-4"},"September 7, 2021 11:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h3",{id:"attendees-18-total"},"Attendees (18 total)"),(0,me.kt)("p",null,"Tom Sweeney, Jhon Honce, Dan Walsh, Chris Evich, Urvashi Mohnani, Nalin Dahyabhai, Eduardo Santiago, Matt Heon, Paul Holzinger, Erik Bernoth, Charlie Doern, Chris Evich, Scott McCarty, Anders Bj\xf6rklund, Lokesh Mandvekar, Valentin Rothberg, Guillaume Rose, Rudolf Vesely"),(0,me.kt)("h2",{id:"meeting-start-1103-am"},"Meeting Start: 11:03 a.m."),(0,me.kt)("h3",{id:"bluejeans-recording"},"BlueJeans ",(0,me.kt)("a",{parentName:"h3",href:"https://bluejeans.com/s/16n3v6p@XWp/"},"Recording")),(0,me.kt)("h2",{id:"official-debianubuntu-packages-updates"},"Official Debian/Ubuntu Packages Updates"),(0,me.kt)("h3",{id:"reinhard-tartlerlokesh-mandvekar"},"Reinhard Tartler/Lokesh Mandvekar"),(0,me.kt)("h4",{id:"142-in-the-video"},"(1:42 in the video)"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Debian 11/bullseye ships with kernel 5.10 and Podman 3.0."),(0,me.kt)("li",{parentName:"ul"},"Podman 3.2 from Debian experimental also works well per Reinhard's local testing."),(0,me.kt)("li",{parentName:"ul"},'Debian "unstable" is now open for development. Work on shipping Podman 3.3 is currently underway.'),(0,me.kt)("li",{parentName:"ul"},"Upcoming Ubuntu 21.10 release will likely include podman 3.2"),(0,me.kt)("li",{parentName:"ul"},"Reinhard would like assistance with:",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"Identifying and upgrading package dependencies in Debian"),(0,me.kt)("li",{parentName:"ul"},"Filing bugs on what needs to be upgraded"),(0,me.kt)("li",{parentName:"ul"},"Preparing package uploads on the GitLab instance at salsa.debian.org"))),(0,me.kt)("li",{parentName:"ul"},"Reinhard's contact info: siretart AT debian DOT org, siretart on GitHub")),(0,me.kt)("h2",{id:"podman-machine-updates"},"Podman machine Updates"),(0,me.kt)("h3",{id:"matt-heon"},"Matt Heon"),(0,me.kt)("h4",{id:"417-in-the-video"},"(4:17 in the video)"),(0,me.kt)("p",null,"In the past few weeks, a number of significant developments in desktop containerization. Due to that, we've seen an upswing in activity due to Podman machine and Podman in general."),(0,me.kt)("p",null,"Two requests we're getting are the ability to mount a Docker compatible socket natively on the host. So you would not have to worry about sshing from your Mac or Windows machine into a Linux host."),(0,me.kt)("p",null,"The second request is volume mount, which is not handled automatically now in podman machine. Lots of discussion about this, but no clear path forward at the moment, and we're hoping to change that."),(0,me.kt)("p",null,"At the Cabal meeting next Thursday, September 15, at 10:00 a.m. EDT (UTC-4), we will be discussing the direction for Podman machine and volume mounts, and would love community involvement."),(0,me.kt)("h2",{id:"containerized-dna-analysis"},"Containerized DNA Analysis"),(0,me.kt)("h3",{id:"erik-bernoth"},"Erik Bernoth"),(0,me.kt)("h4",{id:"827-in-the-video"},"(8:27 in the video)"),(0,me.kt)("p",null,"Started a new project where friends are analyzing DNA. Looking to find out what the small markers are. In the picture, fly eyes colors are noted and can be used to denote the familial connections of the flies."),(0,me.kt)("p",null,"Showed a tutorial for one of the tools, one included the read for DNA. Showed FASTQ that showed all the data points, including metadata. From this, they get a quality marker."),(0,me.kt)("p",null,"The output shows a lot of dots and some char when there's a significant match. From this data, you can figure out if you have a mutation or not. Also, other essential markers that decide eye color and such. This takes a lot of computing power."),(0,me.kt)("p",null,"There are vertical and horizontal analyzers that are needed. There are tools used, and Erik showed a script his friend uses, which takes a lot of time and does some multiprocessing. It takes a long time to complete."),(0,me.kt)("p",null,"Can this be containerized? That's in his current project, and he is wondering if we have possible ways to containerize it. Erik would like input."),(0,me.kt)("p",null,"Looking to build a way to use Podman to containerize this."),(0,me.kt)("h5",{id:"meeting-notes-from-erik"},"Meeting notes from Erik:"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Intro ",(0,me.kt)("a",{parentName:"li",href:"https://github.com/ecerami/ecerami.github.io/blob/master/samtools_primer.md"},"sequencing data crunching process"),"."),(0,me.kt)("li",{parentName:"ol"},"YSEQ Specialty: ",(0,me.kt)("a",{parentName:"li",href:"https://www.yseq.net/product_info.php?products_id=175886"},"Whole Genome Sequence with 400 bases (WGS400)")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("a",{parentName:"li",href:"https://genomes.yseq.net/WGS/400SE/STR_examples/"},"STR Example")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("a",{parentName:"li",href:"https://gist.github.com/tkrahn/7dfc51c2bb97a6d654378a21ea0a96d4"},"BWA Pipeline")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("a",{parentName:"li",href:"https://genomes.yseq.net/WGS/400SE/16672/16672_result_summary.txt"},"Result Summary Example")," and ",(0,me.kt)("a",{parentName:"li",href:"https://genomes.yseq.net/WGS/400SE/16672/"},"Full Example (opt.)"),"\nFuture: ",(0,me.kt)("a",{parentName:"li",href:"https://genomebiology.biomedcentral.com/articles/10.1186/s13059-020-1935-5"},"Nanopore?"))),(0,me.kt)("h2",{id:"using-podman-in-an-ide"},"Using Podman in an IDE"),(0,me.kt)("h3",{id:"chris-short"},"Chris Short"),(0,me.kt)("h4",{id:"2314-in-the-video"},"(23:14 in the video)"),(0,me.kt)("p",null,(0,me.kt)("a",{parentName:"p",href:"https://drive.google.com/file/d/1Elb5Pb8z7tkKRaBnewRBvDsby2bWduza/view"},"Video")),(0,me.kt)("p",null,"Showed VSCode with the Remote Development extension installed, which he is running on his Mac. This can work on WSL/Windows too. In theory, you can create a container within it. It's looking at his local ssh config. He could be anywhere in the world and could run anything he wanted from his Linux machine."),(0,me.kt)("p",null,"He ssh's into his Linux machine from VSCode, and VSCode opens up what it needs to the machine. He now has a terminal instance from his Mac on the remote Fedora box. So he's in the IDE using a terminal on his Fedora box and can run Podman commands as needed."),(0,me.kt)("p",null,"Chris blurred out several data points for privacy reasons."),(0,me.kt)("p",null,"He then showed the website on his Mac that he had run via Podman."),(0,me.kt)("p",null,"Jhon Honce noted that we have people using the Docker plugin in VSCode to use Podman. It would be nice to get a Podman plugin at some point for VSCode."),(0,me.kt)("h2",{id:"open-forumquestions"},"Open Forum/Questions?"),(0,me.kt)("h4",{id:"3252-in-the-video"},"(32:52 in the video)"),(0,me.kt)("p",null,"Dan is trying to get Docker Security Bench translated into Podman Security Bench. A long-term project and community involvement would be great."),(0,me.kt)("p",null,(0,me.kt)("a",{parentName:"p",href:"https://discord.com/channels/852634929845239818/852634929845239824"},"Discord server")," is now up and bridged with the ",(0,me.kt)("a",{parentName:"p",href:"https://matrix.to/#/#podman:matrix.org"},"Podman Matrix room"),"."),(0,me.kt)("h2",{id:"topics-for-next-meeting"},"Topics for Next Meeting"),(0,me.kt)("p",null,"Rootless container networking - Paul Holzinger\nPodman Security Bench - Dan Walsh"),(0,me.kt)("h2",{id:"next-meeting-tuesday-october-5-2021-1100-am-eastern-utc-4"},"Next Meeting: Tuesday October 5, 2021, 11:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h2",{id:"next-cabal-meeting-thursday-september-16-2021-1000-am-eastern-utc-4"},"Next Cabal Meeting: Thursday September 16, 2021, 10:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h3",{id:"meeting-end-1140-am-eastern-utc-4"},"Meeting End: 11:40 a.m. Eastern (UTC-4)"),(0,me.kt)("h2",{id:"bluejeans-chat-copypaste"},"BlueJeans Chat copy/paste:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Me10:59 AM\nPlease sign in here; https://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\nMe11:06 AM\nI can't hear Lokesh, is it just me?\nValentin Rothberg11:06 AM\nI hear him\nDan Walsh11:06 AM\nI hear him fine\nLokesh Mandvekar11:06 AM\ni'm done\nDan Walsh11:06 AM\nTom back to you\nLokesh Mandvekar11:06 AM\ntom, back to you\nDan Walsh11:07 AM\nWe can not hear you tom\nMe11:07 AM\nMatt, please take it\nMatt Heon11:07 AM\nTom, no audio from you\ncevich11:07 AM\nI blame Tom's cat.\njhonce11:08 AM\nNetwork issues are now spreading...\nMe11:09 AM\nI can hear now, had to reset all the audio options.\nIt flicked off when I plugged my headset in\nErik Bernoth11:11 AM\nWe still can\u2019t hear you\nErik Bernoth11:27 AM\nThanks, Scott. Good to know that someone already knows some about this topic area. :)\nScott McCarty (fatherlinux)11:31 AM\nLOL, oh man I LOVED bioinformatics\nI miss that work\nMaybe that will be my retirement :-)\nLokesh Mandvekar11:39 AM\nMehul is pronounced May-houl :)\nErik Bernoth11:39 AM\nMatrix also works well from the browser btw\nScott McCarty (fatherlinux)11:40 AM\nhttps://discord.gg/sKgupVHaGg\n")))}It.isMDXComponent=!0;const Tt={},St="Podman Community Cabal Meeting Notes",Nt=[{value:"November 18, 2021 11:00 a.m. Eastern",id:"november-18-2021-1100-am-eastern",level:2},{value:"November 18, 2021 Topics",id:"november-18-2021-topics",level:2},{value:"Meeting Notes",id:"meeting-notes",level:3},{value:"Podman.io redesign ( 0:52 in video)",id:"podmanio-redesign--052-in-video",level:3},{value:"Forwarding Play Kube HTTP API ( 24:45 in video)",id:"forwarding-play-kube-http-api--2445-in-video",level:3},{value:"Adding docker.io as default to image name (30:54 in video)",id:"adding-dockerio-as-default-to-image-name-3054-in-video",level:3},{value:"Open discussion ( : in video)",id:"open-discussion---in-video",level:4},{value:"Next Meeting: Thursday December 16, 2021 11:00 a.m. EDT (UTC-5)",id:"next-meeting-thursday-december-16-2021-1100-am-edt-utc-5",level:3},{value:"Possible Topics:",id:"possible-topics",level:3}],Ct={toc:Nt},Pt="wrapper";function xt(e){let{components:t,...n}=e;return(0,me.kt)(Pt,(0,K.Z)({},Ct,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-cabal-meeting-notes"},"Podman Community Cabal Meeting Notes"),(0,me.kt)("p",null,"Attendees: Tom Sweeney, Aditya Rajan, Matt Heon, Brent Baude, Ashley Cui, Preethi Thomas, Urvashi Mohnani, Eduardo Santiago, Giuseppe Scrivano, Nalin Dahyabhai, Paul Holzinger, Anders Bj\xf6rklund, Dan Walsh, M\xe1ir\xedn Duffy, Michael Scherer, Lokesh Mandvekar, Shion Tanaka, Jhon Honce, Valentin Rothberg, Ed Haynes, Jakub Dzon, James Cassel, Mairin Duffy, Michael Scherer, Scott McCarty, Shion Tanaka, Mehul Arora,"),(0,me.kt)("h2",{id:"november-18-2021-1100-am-eastern"},"November 18, 2021 11:00 a.m. Eastern"),(0,me.kt)("h2",{id:"november-18-2021-topics"},"November 18, 2021 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Podman.io redesign - M\xe1ir\xedn Duffy"),(0,me.kt)("li",{parentName:"ol"},"Forwarding Play Kube HTTP API configmaps query parameter to the container engine - Urvashi Mohnani"),(0,me.kt)("li",{parentName:"ol"},"Discuss Adding docker.io to unqualified image name - ",(0,me.kt)("a",{parentName:"li",href:"https://github.com/containers/podman/pull/12321"},"https://github.com/containers/podman/pull/12321"))),(0,me.kt)("h3",{id:"meeting-notes"},"Meeting Notes"),(0,me.kt)("p",null,"Video ",(0,me.kt)("a",{parentName:"p",href:"https://www.youtube.com/watch?v=y9PxhYF-uNM"},"Recording")),(0,me.kt)("p",null,"Meeting start: 11:03 a.m. EST Thursday, November 18, 2021"),(0,me.kt)("h3",{id:"podmanio-redesign--052-in-video"},"Podman.io redesign ( 0:52 in video)"),(0,me.kt)("p",null,"At this link, use the dropdown in the upper left corner to page through the mockups (they aren't hooked up to be click-thru yet):\n",(0,me.kt)("a",{parentName:"p",href:"https://design.penpot.app/#/view/c1192050-2619-11ec-bdd0-f35c6ae458e9?page-id=c1192051-2619-11ec-bdd0-f35c6ae458e9&index=0&share-id=554e5be0-2b66-11ec-91a7-f08c5eccf3df"},"https://design.penpot.app/#/view/c1192050-2619-11ec-bdd0-f35c6ae458e9?page-id=c1192051-2619-11ec-bdd0-f35c6ae458e9&index=0&share-id=554e5be0-2b66-11ec-91a7-f08c5eccf3df")),(0,me.kt)("p",null,"(This is using Penpot.app, an open-source UX tool.)"),(0,me.kt)("p",null,'GTK as an example site. The main page redesign from some of Dan\'s talks and wondering to herself why would I want to use Podman? Prominent link to the docs, to GitHub, and more. The front page has the focus on "Give it a try". Then additional links to blogs and coloring books.'),(0,me.kt)("p",null,"Looking for help on how the other tools tie together on the front page."),(0,me.kt)("p",null,"Leaning toward GitHub pages using AsciiDoc with Jekyll. Might be able to use AsciiDoc to update contributing doc across projects. So you can pull sections from another project perhaps. This is a new process she's still working through."),(0,me.kt)("p",null,"Showed the community page too, including Code of Conduct, chat, meeting mailing lists. Javascript to show the time zones of the maintainers would be nice. At the bottom, showed how to submit pull requests."),(0,me.kt)("p",null,"Then she showed the Feature page, showing basic first steps. Getting Started, community page, find a page on the site similar to the one in GitHub."),(0,me.kt)("p",null,"Shows features of cockpit UI, blog posts, and coloring book."),(0,me.kt)("p",null,"Another page for folks just starting with Podman"),(0,me.kt)("p",null,"We might want to add pages for Mac, Windows, and how to use Podman on it."),(0,me.kt)("h3",{id:"forwarding-play-kube-http-api--2445-in-video"},"Forwarding Play Kube HTTP API ( 24:45 in video)"),(0,me.kt)("p",null,"PR in question: ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/pull/12243"},"https://github.com/containers/podman/pull/12243")),(0,me.kt)("p",null,"YAML is not getting cast correctly when sent. Jakub is wondering if the solution proposed to use a configmap is OK per the community. Paul asked how we should send the content to the server."),(0,me.kt)("p",null,"Currently, it is a configmap that points to files, but Jakub would like to expand."),(0,me.kt)("p",null,"Jhon likes it better as GoLang and other bindings wouldn't have to jump through many hoops. Brent thinks it's a reasonable approach along with Paul. Jakub will pursue."),(0,me.kt)("h3",{id:"adding-dockerio-as-default-to-image-name-3054-in-video"},"Adding docker.io as default to image name (30:54 in video)"),(0,me.kt)("p",null,"PR in question: ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/pull/12321"},"https://github.com/containers/podman/pull/12321")),(0,me.kt)("p",null,"Michael talked through the PR. Basically, it will add \"docker.io\" if the image doesn't have any in it. This will be the default, if fully qualified, docker.io wouldn't be added."),(0,me.kt)("p",null,"Docker does this and we're not fully compatible here. The full discussion in the PR at: ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/pull/12321#issuecomment-971412475"},"https://github.com/containers/podman/pull/12321#issuecomment-971412475")),(0,me.kt)("p",null,"Dan thinks too many people have stumbled across this and doesn't think we should have to have them go to registry.conf to set their default."),(0,me.kt)("p",null,"Valentin doesn't think we'll ever be compatible with Docker here as we allow aliases for image names. We also need to be compatible with atomic docker and it supports registries. Third, if we change this, we'll break current behavior. Fourth, a huge page to enforce docker.io due to the code structure in c/image. Valentin thinks registries.conf changes are the way to go to address this."),(0,me.kt)("p",null,"Matt proposed that we should support the docker.io use case. Docker on RHEL doesn't do this. He's suggesting adding a flag in containers.conf to toggle this between adding and not adding docker.io to the image."),(0,me.kt)("p",null,"Valentin warned this is likely to cause breaking changes in the code as changes in Buildah, Podman, Skopeo, c/image, and more."),(0,me.kt)("p",null,'If we had "docker.io compat mode" in the system context, that would be the easiest way to get the info down, but it\u2019s still not an insignificant amount of work.'),(0,me.kt)("p",null,"What's the chance of getting Moby to change their behavior? In the past, changes like that have been slow-moving."),(0,me.kt)("p",null,"Dan likes the flag idea, but Valentin is concerned that this will be a huge change for a simple idea."),(0,me.kt)("p",null,"Dan is concerned that if we don't make the change, we'll get bad feedback from users."),(0,me.kt)("p",null,"We've made decisions in the past to not be compatible in this space."),(0,me.kt)("p",null,"The consensus is that we want to do the right thing for the user, the hard part is figuring out the way to get this done. How is unknown. Brent doesn't want to implement something too large."),(0,me.kt)("p",null,'Matt doesn\'t think this will be as bad as Valentin believes. However, build will probably "bad", but create might not be too bad.'),(0,me.kt)("p",null,"The next step is to look at the compatibility library and see where the place is to do it."),(0,me.kt)("h4",{id:"open-discussion---in-video"},"Open discussion ( : in video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"None, we ran out of time.")),(0,me.kt)("h3",{id:"next-meeting-thursday-december-16-2021-1100-am-edt-utc-5"},"Next Meeting: Thursday December 16, 2021 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h3",{id:"possible-topics"},"Possible Topics:"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"})),(0,me.kt)("p",null,"Raw Meeting Chat:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Brent Baude11:01 AM\nstepping away for a minute\nYou11:01 AM\nhttps://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nValentin Rothberg11:01 AM\n@Dan: I muted you since you gave an echo\nYou11:02 AM\nhttps://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nLokesh Mandvekar11:07 AM\nnew site gonna rock\nChristopher Evich11:08 AM\nYou matched the background water perspective to the icon perspective *wow*\nAnders F Bj\xf6rklund11:08 AM\na common theme between the sites would be nice\ni.e. linking podman and cri-o\nBrent Baude11:09 AM\nare we going to talk about our blogging problem/isssue ?\nMichael Scherer11:10 AM\nOSPO team can also provides openshift hosting, we have a cluster for community project, and so that's just a question of building one or more containers (we did it for project atomic, with 3 git repo combined)\nYou11:16 AM\nhttps://www.youtube.com/channel/UCk8PKFfMXESWNXgGG5U_F_w\nyoutube channel ^^^\nLokesh Mandvekar11:16 AM\nfor IRC link..maybe we can just link to the libera's web ui OR we could just redirect them to the matrix room, call me biased :)\nValentin Rothberg11:22 AM\nA seal eating an apple :)\nUrvashi Mohnani11:28 AM\nhttps://github.com/containers/podman/pull/12243\nValentin Rothberg11:28 AM\nGreat work. I am looking forward to see it in action :)\nYou11:29 AM\nhttps://github.com/containers/podman/pull/12243\nPR under discussion\nM\xe1ir\xedn Duffy11:29 AM\ni'm gonna drop now but feel free to reach out any time w q's / feedback / ideas etc, I'm lurking in the podman matrix room o/\nMichael Scherer11:34 AM\nhttps://github.com/containers/podman/pull/12321\nYou11:34 AM\nhttps://github.com/containers/podman/pull/12321\nMichael Scherer11:36 AM\nhttps://github.com/containers/podman/pull/12321#issuecomment-971412475 so that's the detail\nAnders F Bj\xf6rklund11:42 AM\nwe have big problems with this in minikube, where we try to present a common API towards images from docker, cri-o (podman) and containerd (ctr and buildctl).\nUnfortunately kubernetes has no global policy on how to specify images\nAnders F Bj\xf6rklund11:45 AM\n(also includes other things, like if image ID include a \"sha256:\" prefix or not)\nMatt Heon11:47 AM\nSmall things like that, we should fix\nNo reason not to\nre: sha256 prefix\nAnders F Bj\xf6rklund11:54 AM\ncontainerd is now making the full names more visible to people, if it is any consolation\nBrent Baude11:54 AM\ngreat! but the problem exists in what has historically been set and expected\nAnders F Bj\xf6rklund11:54 AM\n(when people change their kubernetes CRI, from docker/cri-docker over to containerd)\nieq-pxhy-jbh\n")))}xt.isMDXComponent=!0;const Dt={},Bt="Podman Community Cabal Meeting Notes",Et=[{value:"February 17, 2022 11:00 a.m. Eastern",id:"february-17-2022-1100-am-eastern",level:2},{value:"February 17, 2022 Topics",id:"february-17-2022-topics",level:2},{value:"Meeting Notes",id:"meeting-notes",level:3},{value:"Meta package for manpages, config files - (0:50 in video) - Valentin Rothberg",id:"meta-package-for-manpages-config-files---050-in-video---valentin-rothberg",level:3},{value:"Open discussion (25:30 in video)",id:"open-discussion-2530-in-video",level:4},{value:"Next Meeting: Thursday March 17, 2022 11:00 a.m. EDT (UTC-5)",id:"next-meeting-thursday-march-17-2022-1100-am-edt-utc-5",level:3},{value:"Possible Topics:",id:"possible-topics",level:3}],Wt={toc:Et},jt="wrapper";function Lt(e){let{components:t,...n}=e;return(0,me.kt)(jt,(0,K.Z)({},Wt,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-cabal-meeting-notes"},"Podman Community Cabal Meeting Notes"),(0,me.kt)("p",null,"Attendees: Tom Sweeney, Aditya Rajan, Matt Heon, Brent Baude, Ashley Cui, Chris Evich, Urvashi Mohnani, Giuseppe Scrivano, Nalin Dahyabhai, Paul Holzinger, Anders Bj\xf6rklund, Dan Walsh, Valentin Rothberg, Jhon Honce, Miloslav Trma\u010d, Charlie Doern, Lokesh Mandvekar, Oleg Bulatov, Flavian Missi, Niall Crowe, F. Poirotte,"),(0,me.kt)("h2",{id:"february-17-2022-1100-am-eastern"},"February 17, 2022 11:00 a.m. Eastern"),(0,me.kt)("h2",{id:"february-17-2022-topics"},"February 17, 2022 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Meta package for manpages, config files - Valentin Rothberg")),(0,me.kt)("h3",{id:"meeting-notes"},"Meeting Notes"),(0,me.kt)("p",null,"Video ",(0,me.kt)("a",{parentName:"p",href:"https://youtu.be/ysFO1s7h-YE"},"Recording")),(0,me.kt)("p",null,"The meeting started at 11:02 a.m. Thursday, February 17, 2022"),(0,me.kt)("h3",{id:"meta-package-for-manpages-config-files---050-in-video---valentin-rothberg"},"Meta package for manpages, config files - (0:50 in video) - Valentin Rothberg"),(0,me.kt)("p",null,(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/common/issues/925"},"Issue discussed")),(0,me.kt)("p",null,"The ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/common"},"https://github.com/containers/common")," project is used for man pages, config files, and common files. Used by containers/storage, containers/image, containers/buildah, containers/podman. The containers/common package is pushed out in the containers-common package."),(0,me.kt)("p",null,"First issue: Hard for downstream packagers to know what and when to package. The common package should only ship with Podman, but it's not transparent to downstream packagers. For them, it's hard to know when to ship, especially since there are four projects of note: c/storage, c/image, c/common, c/crun."),(0,me.kt)("p",null,"Second issue: We have a high frequency of releases. I.e., recently 5 RC's of Podman. Which caused a lot of churn and problems for an arch-linux packager. The issue is ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/common/issues/925"},"here"),"."),(0,me.kt)("p",null,"Dan wonders if there's a way to add links to GitHub repos to tie them together. Valentin doesn't think there's a way to do this via GitHub, but possibly via Git itself, and he thinks it might be hairy."),(0,me.kt)("p",null,"Chris Evich mentioned ",(0,me.kt)("a",{parentName:"p",href:"https://blog.developer.atlassian.com/the-power-of-git-subtree/?_ga=2-71978451-1385799339-1568044055-1068396449-1567112770"},"git-subtree")),(0,me.kt)("p",null,"The problem remains if there's a Buildah or Podman that can use a particular version of the files in containers-common. It would be nice to have a packager grab version X of Podman, and that would then get all of the associated packages at the right versions."),(0,me.kt)("p",null,"Miloslav Trmac suggested adding something to Podman update/create the containers-common package when Podman creates its package. This would require some Makefile work."),(0,me.kt)("p",null,"Chris thinks there's an option in GitHub to create a tarball, but others pointed out it's only suitable for files in the physical repository."),(0,me.kt)("p",null,"Currently, we're grabbing things from the main branch, but we should grab from what is listed in the go.mod file."),(0,me.kt)("p",null,"Dan thinks putting Fedora's script into Podman and then working that back into the Fedora release cycles. It won't fix the issue but will at least make it obvious."),(0,me.kt)("p",null,"This is something that needs to happen for Buildah and Podman. We don't need to worry about CRI-O as they have a different setup and config files."),(0,me.kt)("p",null,"Dan and Lokesh will work together to try and make some progress in this space. This will mean moving update.sh, which will be renamed, into Podman."),(0,me.kt)("p",null,"Another concern has been the number of release candidates we had for Podman v4.0 (5 RC's). This has worked well for the development team but has caused packagers massive headaches."),(0,me.kt)("p",null,"Ideally, it would be nice if we could create a containers bundle. Lokesh has an upcoming blog that will talk about this too."),(0,me.kt)("p",null,"Tom would like to make sure we can do an RC release as it helped QE. Valentin pointed out the issue lies in that we're moving along RCs for Podman, but also point releases, rather than RCs for Buildah, Skopeo, etc., which is where the churn is."),(0,me.kt)("h4",{id:"open-discussion-2530-in-video"},"Open discussion (25:30 in video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"4.0 close to releasing. We are waiting on one last set of tests to finish successfully. Lokesh is working on documentation for netavark and aardvark-dns.")),(0,me.kt)("p",null,"The network stack will remain on CNI if Podman already exists on a system that Podman v4.0 is installed/upgraded on. If the host has no Podman presence, they will run with the new netavark stack."),(0,me.kt)("p",null,"The ",(0,me.kt)("inlineCode",{parentName:"p"},"podman system reset --force")," command should be used if moving up to Podman 4.0 with a host that used Podman v3.0 in the past."),(0,me.kt)("p",null,"Podman v4.0 will not be in Fedora 35 as it's a breaking change but will be available with Fedora 36. On Fedora 35, you will be able to update from ",(0,me.kt)("a",{parentName:"p",href:"https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman4/"},"Copr")," if you decide to."),(0,me.kt)("p",null,"Looking at a week delay until the Mac and Windows versions are available."),(0,me.kt)("p",null,"A discussion was had on how to handle a downgrade. Most likely, containers and images would have to be removed."),(0,me.kt)("ol",{start:2},(0,me.kt)("li",{parentName:"ol"},"Podman desktop update (38:37 in the video)\nDan noted that we're working with the developer on that. Potentially will merge CRC with the desktop. Meetings are coming up next week. Podman Desktop will not be released as part of Podman v4.0. Likely to be synchronized in the Fedora 36 release. The desktop the team is working on in Red Hat is Mac only via a Brew install on the side. This will pull in qemu as well.")),(0,me.kt)("p",null,"Anders noted that qemu (from brew) has a lot of architectures within it, but that's making it close to a Gigabyte in size."),(0,me.kt)("p",null,"Virtio-fs has been re-written in rust and can now be run on a Mac. There are two virtio-fs daemons, one in C, the other in Rust. The C version will be going away over time. Looking at Podman 4.2 or 4.3"),(0,me.kt)("h3",{id:"next-meeting-thursday-march-17-2022-1100-am-edt-utc-5"},"Next Meeting: Thursday March 17, 2022 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h3",{id:"possible-topics"},"Possible Topics:"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"})),(0,me.kt)("p",null,"Meeting finished 11:49"),(0,me.kt)("p",null,"Raw Meeting Chat:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},'You11:00 AM\nhttps://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nYou11:02 AM\nhttps://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nValentin Rothberg11:03 AM\nhttps://github.com/containers/common/issues/925\nValentin Rothberg11:10 AM\nhttps://git-scm.com/docs/git-submodule\nChristopher Evich11:11 AM\nThis seems to be the "new" way:\nGiuseppe Scrivano11:11 AM\ncrun is using submodules to track changes to libocispec, and libocispec uses submodules for tracking runtime-spec and image-spec\nChristopher Evich11:11 AM\nhttps://blog.developer.atlassian.com/the-power-of-git-subtree/?_ga=2-71978451-1385799339-1568044055-1068396449-1567112770\n(git subtree)\nAnders F Bj\xf6rklund11:14 AM\nwouldn\'t this use versions ? (tags)\nor is packages building from git these days ?\nLokesh Mandvekar11:15 AM\nusually from tags, but sometimes from git commits\nAnders F Bj\xf6rklund11:16 AM\nbut still tarballs, rather than git clones\nLokesh Mandvekar11:16 AM\nyup, fedora buildsys doesn\'t allow network access\nLokesh Mandvekar11:32 AM\n`rhcontainerbot/podman4`\nhttps://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman4/\nLokesh Mandvekar11:34 AM\nFedora 35 and CentOS 9 Stream users should prefer that if they want the latest podman releases (will include RCs)\nAnders F Bj\xf6rklund11:36 AM\nyup, fedora-coreos-35.20220216.dev.0-qemu.x86_64.qcow2.xz has a "dev" in it\nAnders F Bj\xf6rklund11:39 AM\nand it does have 4.0.0-rc5 in it\nieq-pxhy-jbh\n')))}Lt.isMDXComponent=!0;const Ht={},Rt="Podman Community Meeting Notes",Jt=[{value:"June 7, 2022 11:00 a.m. Eastern (UTC-5)",id:"june-7-2022-1100-am-eastern-utc-5",level:2},{value:"Attendees (27 total)",id:"attendees-27-total",level:3},{value:"Meeting Start: 11:02 a.m. EST",id:"meeting-start-1102-am-est",level:2},{value:"BlueJeans Recording",id:"bluejeans-recording",level:3},{value:"Podman on Windows Update",id:"podman-on-windows-update",level:2},{value:"Jason Greene/Tom Sweeney",id:"jason-greenetom-sweeney",level:3},{value:"(1:04 in the video)",id:"104-in-the-video",level:4},{value:"Podman Desktop Update",id:"podman-desktop-update",level:2},{value:"Florent Benoit",id:"florent-benoit",level:3},{value:"(4:00 in the video)",id:"400-in-the-video",level:4},{value:"Podman Install on MacOS",id:"podman-install-on-macos",level:2},{value:"Gerard Braad",id:"gerard-braad",level:3},{value:"(22:00 in the video)",id:"2200-in-the-video",level:4},{value:"Podman Upcoming Releases Update",id:"podman-upcoming-releases-update",level:2},{value:"Brent Baude",id:"brent-baude",level:3},{value:"(25:10 in the video)",id:"2510-in-the-video",level:4},{value:"Open Forum/Questions?",id:"open-forumquestions",level:2},{value:"(29:00 in the video)",id:"2900-in-the-video",level:4},{value:"Topics for Next Meeting",id:"topics-for-next-meeting",level:2},{value:"Next Meeting: Tuesday August 2, 2021, 11:00 a.m. Eastern (UTC-5)",id:"next-meeting-tuesday-august-2-2021-1100-am-eastern-utc-5",level:2},{value:"Next Cabal Meeting: Thursday June 16, 2021, 11:00 a.m. Eastern (UTC-5)",id:"next-cabal-meeting-thursday-june-16-2021-1100-am-eastern-utc-5",level:2},{value:"Meeting End: 11:46 a.m. Eastern (UTC-5)",id:"meeting-end-1146-am-eastern-utc-5",level:3},{value:"BlueJeans Chat copy/paste:",id:"bluejeans-chat-copypaste",level:2}],Ot={toc:Jt},Ft="wrapper";function Gt(e){let{components:t,...n}=e;return(0,me.kt)(Ft,(0,K.Z)({},Ot,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-meeting-notes"},"Podman Community Meeting Notes"),(0,me.kt)("h2",{id:"june-7-2022-1100-am-eastern-utc-5"},"June 7, 2022 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h3",{id:"attendees-27-total"},"Attendees (27 total)"),(0,me.kt)("p",null,"Tom Sweeney, Jhon Honce, Chris Evich, Matt Heon, Ashley Cui, Eduardo Santiago, Valentin Rothberg, Paul Holzinger, Nalin Dahyabhai, Giuseppe Scrivano, Preethi Thomas, Lokesh Mandvekar, Niall Crowe, Charlie Doern, Dan Walsh, Brent Baude, Aditya Rajan, Dev Kumar, Florent Benoit, Gerard Braad, Ionut Stoica, Jake Correnti, Karthik Elango, Mark Russell, Miloslav Trmac, Nalin Dahyabhai, Pavel, Preethi Thomas, Stevan Le Meur, Tim deBoer, Urvashi Mohnani"),(0,me.kt)("h2",{id:"meeting-start-1102-am-est"},"Meeting Start: 11:02 a.m. EST"),(0,me.kt)("h3",{id:"bluejeans-recording"},"BlueJeans ",(0,me.kt)("a",{parentName:"h3",href:"https://www.youtube.com/watch?v=lherM_ah3GU"},"Recording")),(0,me.kt)("h2",{id:"podman-on-windows-update"},"Podman on Windows Update"),(0,me.kt)("h3",{id:"jason-greenetom-sweeney"},"Jason Greene/Tom Sweeney"),(0,me.kt)("h4",{id:"104-in-the-video"},"(1:04 in the video)"),(0,me.kt)("p",null,"Jason was going to present today but had a recent COVID diagnosis and could not attend. Instead, Tom talked briefly about his recent blog ",(0,me.kt)("a",{parentName:"p",href:"https://www.redhat.com/sysadmin/run-podman-windows"},"post")," talking about how to install the new Podman Windows installer, which is ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/releases/download/v4.1.0/podman-v4.1.0.msi"},"here")," The Podman YouTube ",(0,me.kt)("a",{parentName:"p",href:"https://youtube.com/c/Podman"},"channel")," also has a ",(0,me.kt)("a",{parentName:"p",href:"https://www.youtube.com/watch?v=zHOC5QkhLVw"},"video")," of the process that Tom did to do the installation on Windows. Jason has also created a detailed ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/blob/main/docs/tutorials/podman-for-windows.md"},"tutorial")," for the installer and the Podman on Windows Client. Hopefully, Jason will be able to present at the next meeting."),(0,me.kt)("h2",{id:"podman-desktop-update"},"Podman Desktop Update"),(0,me.kt)("h3",{id:"florent-benoit"},"Florent Benoit"),(0,me.kt)("h4",{id:"400-in-the-video"},"(4:00 in the video)"),(0,me.kt)("p",null,"The project is located ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman-desktop"},"here")," on GitHub. The desktop lets you run in Windows or macOS."),(0,me.kt)("p",null,"Demo - 4:35 in the video"),(0,me.kt)("p",null,"Showed Gui listing Containers, Images, and Preferences. He was also able to do things on the command line, and they showed up in the desktop. He showed how he could pull an image from quay.io from the desktop."),(0,me.kt)("p",null,"Some Plugins are also available. He showed one for Podman, and now he can see more details of the images."),(0,me.kt)("p",null,'The desktop just watches the Podman Socket and is not polling all the time. You can use either rootful or rootless. You can\'t do that through the Desktop, but you can start the "podman machine" as rootful or rootless, and the Desktop will use the one available.'),(0,me.kt)("p",null,"Currently, the desktop is using a socket, so it might be possible for it to use ssh to use a podman machine on a remote host. A probable future enhancement."),(0,me.kt)("p",null,"Pods are not currently supported but are part of the future plan as a feature. Need more requests via GitHub to get it a bit more precedence."),(0,me.kt)("p",null,(0,me.kt)("a",{parentName:"p",href:"https:/github.com/containers/podman-desktop/wiki/Roadmap"},"Roadmap")," in their Wiki with the features planned. The developers are looking for more help in the development of the tool."),(0,me.kt)("p",null,"Brent wonders if there was still an open issue about machine events between the Desktop and Podman development teams. Brent will work with the Desktop team to close the loop as he thinks he has a solution."),(0,me.kt)("h2",{id:"podman-install-on-macos"},"Podman Install on MacOS"),(0,me.kt)("h3",{id:"gerard-braad"},"Gerard Braad"),(0,me.kt)("h4",{id:"2200-in-the-video"},"(22:00 in the video)"),(0,me.kt)("p",null,"Working on a test release on a different repo. Works on M1 and Intel. The current location is ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers-contribs/podman-installer/releases"},"here"),". When complete, it will be part of the regular Podman release and would be added to the assets section in Podman releases."),(0,me.kt)("h2",{id:"podman-upcoming-releases-update"},"Podman Upcoming Releases Update"),(0,me.kt)("h3",{id:"brent-baude"},"Brent Baude"),(0,me.kt)("h4",{id:"2510-in-the-video"},"(25:10 in the video)"),(0,me.kt)("p",null,'The next Release is v4.2 and likely a 4.1.x prior. Release candidates for v4.2 should be coming out in July with a target of mid-August for a final release. Quite a number of commits already. A lot of bug fixes due to a Red Hat internal bug squish week and "ToDo" fixes in the code. Updates to Podman machine and other enhancements are also included.'),(0,me.kt)("p",null,"Podman v4.1.1 sometime later this week per Matt Heon."),(0,me.kt)("h2",{id:"open-forumquestions"},"Open Forum/Questions?"),(0,me.kt)("h4",{id:"2900-in-the-video"},"(29:00 in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Can you tell when podman machine has an update? Currently no. If you have a new Podman, it will pull machine too. Brent hopes to update GUI later to show an update to the CoreOS image. The dev team knows about this, but it's not a non-trivial fix to make this happen.")),(0,me.kt)("p",null,"An issue to be created for this, Brent to create. (Issue)","[https://github.com/containers/podman/issues/14514]"),(0,me.kt)("ol",{start:2},(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Dan has opened a PR against qemu to break it up for different distro needs. This slims down the footprint of the binary. The size went from 40 MB to 4 MB. Bugzilla concerning this ",(0,me.kt)("a",{parentName:"p",href:"https://bugzilla.redhat.com/show_bug.cgi?id=2061584"},"here"))),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Pavel is having problems with Syslog from Podman. The issue isn't showing errors, and it isn't working. So it's very hard to debug. The issue is in crun and we'll have Giuseppe look into the problem."))),(0,me.kt)("p",null,"Pavel to update his (discussion](",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/discussions/12693"},"https://github.com/containers/podman/discussions/12693"),")."),(0,me.kt)("h2",{id:"topics-for-next-meeting"},"Topics for Next Meeting"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Podman on Mac installer.")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Podman on Windows"))),(0,me.kt)("h2",{id:"next-meeting-tuesday-august-2-2021-1100-am-eastern-utc-5"},"Next Meeting: Tuesday August 2, 2021, 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h2",{id:"next-cabal-meeting-thursday-june-16-2021-1100-am-eastern-utc-5"},"Next Cabal Meeting: Thursday June 16, 2021, 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h3",{id:"meeting-end-1146-am-eastern-utc-5"},"Meeting End: 11:46 a.m. Eastern (UTC-5)"),(0,me.kt)("h2",{id:"bluejeans-chat-copypaste"},"BlueJeans Chat copy/paste:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Me11:00 AM\nhttps://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\nStevan Le Meur11:05 AM\nsorry!\nStevan Le Meur11:11 AM\nFeel free to share feedback, issues, ideas on the repository: https://github.com/containers/podman-desktop\nFlorent Benoit11:20 AM\nhttps://github.com/containers/podman-desktop/wiki/Roadmap\nGerard Braad11:21 AM\nit sounbsd like the wrong mic is used\nmuch better!\nGerard Braad11:22 AM\nWould it be possible to also plug something?\nbaude11:23 AM\nplug?\nGerard Braad11:23 AM\nWe have been working on a test release of the Podman installer for macOS (Intel and M1), and would like feedback\nStevan Le Meur11:23 AM\n\ud83d\udc4d\nMe11:23 AM\nSure thing Gerard, do you want to do a quick update after this wraps?\nGerard Braad11:23 AM\nPlease\nbaude11:23 AM\nyes please\nGerard Braad11:24 AM\nhttps://github.com/containers-contribs/podman-installer/releases\n\nWe will propose it this week as a PR, but have experienced some delays on our end.\nGerard Braad11:28 AM\nThank you guys\nionut stoica11:31 AM\nI do have a Q\nCan you know preemptively when a podman machine has update ?\nMicrophone dead! :(\nGerard Braad11:32 AM\nSo this is about a 'Update notification' ?\nionut stoica11:33 AM\nYes, some users wanted to know as they certify their envs and analyze all they bring in\nGerard Braad11:34 AM\nDoes an issue exist to track this?\nLet's create?\nionut stoica11:34 AM\n:) Awesome!\nGerard Braad11:35 AM\nWe have the same issue around CRC for the image. So le's create this and I'll ping you Ionut\nGerard Braad11:38 AM\n@ionut @baude I added an issue for this: https://github.com/containers/podman/issues/14514\nDaniel (rhatdan) Walsh11:39 AM\ntom https://bugzilla.redhat.com/show_bug.cgi?id=2061584\nMe11:39 AM\nthx dan\nMe11:41 AM\nThx Gerard, added it and the BZ to the mtg notes\nGerard Braad11:41 AM\n:+1 Thanks. I remember Baude and I also talked about this particular issue in February or so. It is not an easy problem to solve, but it is worthwhile to collect the issues and possible solutions.\nbaude11:44 AM\ni have to step away\nMe11:44 AM\ngithub.com/podman/discussions\nFlorent Benoit11:44 AM\nhttps://github.com/containers/podman/discussions\nMe11:44 AM\nhttps://github.com/containers/podman/discussions\nMark Russell11:46 AM\nthanks, Tom!\n")))}Gt.isMDXComponent=!0;const Ut={},Yt="Podman Community Cabal Meeting Notes",zt=[{value:"November 17, 2022 11:00 a.m. Eastern",id:"november-17-2022-1100-am-eastern",level:2},{value:"November 17, 2022 Topics",id:"november-17-2022-topics",level:2},{value:"Meeting Notes",id:"meeting-notes",level:3},{value:"Docker Compose Support from the Command Line - (0:55 in the video) - Dan Walsh",id:"docker-compose-support-from-the-command-line---055-in-the-video---dan-walsh",level:3},{value:"Docker Socket helper on macOS enabled by default - (28:50 in the video) - Florent Benoit",id:"docker-socket-helper-on-macos-enabled-by-default---2850-in-the-video---florent-benoit",level:3},{value:"Open discussion (35:30 in the video)",id:"open-discussion-3530-in-the-video",level:4},{value:"Next Meeting: Thursday, December 15, 2022, 11:00 a.m. EDT (UTC-5)",id:"next-meeting-thursday-december-15-2022-1100-am-edt-utc-5",level:3},{value:"December 15, 2022 Topics",id:"december-15-2022-topics",level:2},{value:"Next Community Meeting: Tuesday, December 6, 2022, 11:00 a.m. EDT (UTC-5)",id:"next-community-meeting-tuesday-december-6-2022-1100-am-edt-utc-5",level:3},{value:"Possible Topics:",id:"possible-topics",level:3}],qt={toc:zt},Vt="wrapper";function Kt(e){let{components:t,...n}=e;return(0,me.kt)(Vt,(0,K.Z)({},qt,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-cabal-meeting-notes"},"Podman Community Cabal Meeting Notes"),(0,me.kt)("p",null,"Attendees: Matt Heon, Dan Walsh, Nalin Dahyabhai, Paul Holzinger, Lokesh Mandvekar, Valentin Rothberg, Mohan Boddu, Eduardo Santiago, Giuseppe Scrivano, Aditya Rajan, Urvashi Mohnani, Preethi Thomas, Ashley Cui, Florent Benoit, Martin Jackson, Charlie Drage, Lorenzo Prosseda, Luca Fuse, Steven Le Meur,"),(0,me.kt)("h2",{id:"november-17-2022-1100-am-eastern"},"November 17, 2022 11:00 a.m. Eastern"),(0,me.kt)("h2",{id:"november-17-2022-topics"},"November 17, 2022 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Docker Compose Support from the Command Line - Dan Walsh")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Docker Socket helper on macOS enabled by default - Florent Benoit"),(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"(It is enabled by default on Windows but needs an extra step on macOS")))),(0,me.kt)("h3",{id:"meeting-notes"},"Meeting Notes"),(0,me.kt)("p",null,"Video ",(0,me.kt)("a",{parentName:"p",href:"https://youtu.be/HIzZYPpE304"},"Recording")),(0,me.kt)("p",null,"Meeting start: 11:02 a.m. Thursday, November 17, 2022"),(0,me.kt)("h3",{id:"docker-compose-support-from-the-command-line---055-in-the-video---dan-walsh"},"Docker Compose Support from the Command Line - (0:55 in the video) - Dan Walsh"),(0,me.kt)("p",null,"Podman Desktop is asking to add Docker Compose. The Desktop folks are getting a lot of pull from the community about using Docker Compose from the Desktop."),(0,me.kt)("p",null,"Stevan believes Rancher supports this based on the container type."),(0,me.kt)("p",null,"We could do either Podman Compose or vendor in Docker Compose from Docker. We'd need to go to the latest version of Docker Compose with the highest available Golang to make it work with Podman."),(0,me.kt)("p",null,"Since we have to use client/server services, Dan thinks Docker Compose would be the way to go. Plus, it has good usage by the community. Podman Compose needs further work. Either way, a lot of work is necessary to make it happen."),(0,me.kt)("p",null,"Martin has been involved with Docker Compose and uses it outside of Podman. He thinks having Docker Compose would be useful. He thinks Kube support would be upgraded for Podman, too, with Docker Compose."),(0,me.kt)("p",null,"Let's say ",(0,me.kt)("inlineCode",{parentName:"p"},"podman kube")," does 75% of Docker Compose, but Docker Compose has become the deFacto standard. It's also an easy-to-understand format. Martin prefers it over Kube YAML for ease of use. He feels there would be value in having Docker Compose work under Podman."),(0,me.kt)("p",null,"The latest Docker Compose has a few new commands that aren't in the Python library. You can run the Docker Compose v2 as standalone, and you don't need Docker to run also. This makes it more likely it could be used by Podman."),(0,me.kt)("p",null,'Dan would be happiest if we could exec to Docker Compose rather than having to vendor or ingrain it into Podman. Brent is concerned about the reaction of this by our community when we note that Podman claims "Docker Compose" support, and we\'re only shipping the client. This is where the idea of using a plugin for him has come from.'),(0,me.kt)("p",null,"A plugin would just be a CLI, and Dan is worried about increasing the size of the Podman binary if we do this."),(0,me.kt)("p",null,"Matt thinks we need to ship the Docker Compose v2 client within the image, and it doesn't need to be integrated into Podman."),(0,me.kt)("p",null,"We will need to figure out how to make a supported version for RHEL/Red Hat. Currently, if there's a problem with Docker Compose, we report it upstream but don't fix it. Once we ingrain it, the onus comes onto the Red Hat team for RHEL support."),(0,me.kt)("p",null,"Dan has heard from customers is they are waiting to move to Podman Desktop until Docker Compose functionality is available."),(0,me.kt)("p",null,"Stevan is documenting these kinds of requests from customers."),(0,me.kt)("p",null,"Florent wondered which socket, Docker Compose or Podman, would be called. Matt suggests using a symlink from Podman to Docker, but this could be a problem if both were installed."),(0,me.kt)("p",null,"From a Red Hat perspective, we'll need to get \u201cbuy-in\u201d from our product management team. We'll need to build a case, but that shouldn't be too hard to do. Florent has opened an ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/issues/16548"},"issue")," to address this socket problem."),(0,me.kt)("p",null,"This is a similar situation to Dockerfile. We need to support all of the functionality there, and once we take on Docker Compose, we'll need to do that there too."),(0,me.kt)("p",null,"Docker Compose is the last piece of the Docker-controlled container world that Podman does not handle well currently."),(0,me.kt)("p",null,"Brent thinks that if we can provide Docker Compose support, the community will love it. The hard part will be finding the time to do the work and then support it over time."),(0,me.kt)("h3",{id:"docker-socket-helper-on-macos-enabled-by-default---2850-in-the-video---florent-benoit"},"Docker Socket helper on macOS enabled by default - (28:50 in the video) - Florent Benoit"),(0,me.kt)("p",null,"We have a number of people studying Podman and how it's attached to the Podman Socket. It's not working all the time with the Podman Machine in Mac. By default, the Podman socket is mounted for Windows."),(0,me.kt)("p",null,"In Windows, if it's not finding Docker being mounted, then it mounts the Podman socket. Florent would like to do similar on the mac."),(0,me.kt)("p",null,"Paul is concerned that the Mac would require root, which is not enabled by default."),(0,me.kt)("p",null,"Ashley doesn't think root will be needed for this. Homebrew doesn't, so she thinks opt might not need root-level privileges."),(0,me.kt)("p",null,"Dan suggests that we talk to Gerard to figure out a workaround. We could make the change such that at installation, it would optionally ask for a root password. Florent to open up an ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/issues/16547"},"issue")," against Podman to see if we can move this forward."),(0,me.kt)("p",null,"On Linux, we shipped Podman-Docker, which takes care of this issue. Docker has a new change in this area, and it may not require root for the socket. Further investigation/study is to be done."),(0,me.kt)("h4",{id:"open-discussion-3530-in-the-video"},"Open discussion (35:30 in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Issue Triage on Podman. (35:30 in the video)")),(0,me.kt)("p",null,"Paul has noted an increase of issues reported against much older versions of Podman and issues that are incomplete. In addition, bugs reported against RHEL are being logged as issues rather than Bugzillas, as they should be."),(0,me.kt)("p",null,"Brent thinks anything against Podman v1 and v2 should just be closed, and the people told to move up to a newer version."),(0,me.kt)("p",null,'We might add a "unable to reproduce" flag that would close an issue if it was around for 30+ days.'),(0,me.kt)("p",null,"A robot to ask for the ",(0,me.kt)("inlineCode",{parentName:"p"},"podman info")," output in an issue would also be nice."),(0,me.kt)("p",null,"Reporters don't always report the information that's needed to resolve the issue."),(0,me.kt)("p",null,"It would be nice to have AI that could move GitHub issues that should be discussions automatically."),(0,me.kt)("p",null,"It would also be nice to block comments on issues that have been closed for several months or more."),(0,me.kt)("p",null,"Podman Desktop has fields that they use in their issue template. The Podman team will look at what they're doing and see if we can align a bit better. The document is ",(0,me.kt)("a",{parentName:"p",href:"https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository#creating-issue-forms"},"here"),". Brent and Mohan will poke at this further."),(0,me.kt)("ol",{start:2},(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Podman 4.3 update (47:08 in the video)\nAbout three weeks old at this point. A new Podman v4.3.2 will come out sometime in December after an upcoming bug week."),(0,me.kt)("p",{parentName:"li"},"Then Podman v4.4 RCs are likely to come out in late January.")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},(0,me.kt)("inlineCode",{parentName:"p"},"podman kube play")," volume issue (48:30 in the video)\nMartin asked about the volume ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/pull/16420"},"issue")," with the ",(0,me.kt)("inlineCode",{parentName:"p"},"kube play")," command. Podman Kube Play doesn't work with volumes that are associated with the Kube YAML. On restart, the volumes don't work. Team to look at this for Podman v4.4 at the latest."),(0,me.kt)("p",{parentName:"li"},"Also upcoming in Podman v4.4 is a focus on performance, updates to podman machine, network improvements, podman Kube fixes, quadlet changes, a new ",(0,me.kt)("inlineCode",{parentName:"p"},"--dns")," selector option, and pasta support."))),(0,me.kt)("h3",{id:"next-meeting-thursday-december-15-2022-1100-am-edt-utc-5"},"Next Meeting: Thursday, December 15, 2022, 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h2",{id:"december-15-2022-topics"},"December 15, 2022 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"None Suggested")),(0,me.kt)("h3",{id:"next-community-meeting-tuesday-december-6-2022-1100-am-edt-utc-5"},"Next Community Meeting: Tuesday, December 6, 2022, 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h3",{id:"possible-topics"},"Possible Topics:"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"MinIO Demo - Will Dinyes"),(0,me.kt)("li",{parentName:"ol"},"Kubernetes Demo -")),(0,me.kt)("p",null,"Meeting finished at 11:57 a.m."))}Kt.isMDXComponent=!0;const Zt={},Qt="Podman Community Cabal Meeting Notes",_t=[{value:"March 16, 2023 11:00 a.m. Eastern",id:"march-16-2023-1100-am-eastern",level:2},{value:"March 16, 2023 Topics",id:"march-16-2023-topics",level:2},{value:"Meeting Notes",id:"meeting-notes",level:3},{value:"Podman and SQLite (0:45 in the video) - Matt Heon",id:"podman-and-sqlite-045-in-the-video---matt-heon",level:3},{value:"Hack/Perf Scripts (7:07 in the video) - Valentin Rothberg",id:"hackperf-scripts-707-in-the-video---valentin-rothberg",level:3},{value:"Container Tools (podman) test day (24:15 in the video) - Mohan/Lokesh/Sumantro",id:"container-tools-podman-test-day-2415-in-the-video---mohanlokeshsumantro",level:3},{value:"Open discussion (49:00 in video)",id:"open-discussion-4900-in-video",level:4},{value:"Next Meeting: Thursday, April 20, 2023, 11:00 a.m. EDT (UTC-5)",id:"next-meeting-thursday-april-20-2023-1100-am-edt-utc-5",level:3},{value:"Possible Topics",id:"possible-topics",level:2},{value:"Next Community Meeting: Tuesday, April 4, 2023, 11:00 a.m. EDT (UTC-5)",id:"next-community-meeting-tuesday-april-4-2023-1100-am-edt-utc-5",level:3},{value:"Possible Topics:",id:"possible-topics-1",level:3}],Xt={toc:_t},$t="wrapper";function en(e){let{components:t,...n}=e;return(0,me.kt)($t,(0,K.Z)({},Xt,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-cabal-meeting-notes"},"Podman Community Cabal Meeting Notes"),(0,me.kt)("p",null,"Attendees: Matt Heon, Nalin Dahyabhai, Paul Holzinger, Lokesh Mandvekar, Valentin Rothberg, Eduardo Santiago, Giuseppe Scrivano, Preethi Thomas, Ashley Cui, Brent Baude, Chris Evich, Urvashi Mohnani, Martin Jackson, Mohan Boddu, Lance Lovette, and Sumantro Mukherjee"),(0,me.kt)("h2",{id:"march-16-2023-1100-am-eastern"},"March 16, 2023 11:00 a.m. Eastern"),(0,me.kt)("h2",{id:"march-16-2023-topics"},"March 16, 2023 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Podman and SQLite - Matt Heon"),(0,me.kt)("li",{parentName:"ol"},"Hack/Perf scripts - Valentin Rothberg"),(0,me.kt)("li",{parentName:"ol"},"Container Tools (podman) test day - Mohan/Lokesh/Sumantro")),(0,me.kt)("h3",{id:"meeting-notes"},"Meeting Notes"),(0,me.kt)("p",null,"Video ",(0,me.kt)("a",{parentName:"p",href:"https://youtu.be/k_88s2RQm5Q"},"Recording")),(0,me.kt)("p",null,"Meeting start 11:03 a.m. EDT Thursday, March 16, 2023"),(0,me.kt)("h3",{id:"podman-and-sqlite-045-in-the-video---matt-heon"},"Podman and SQLite (0:45 in the video) - Matt Heon"),(0,me.kt)("p",null,'BoltDB is used currently as the database engine for Podman. We have encountered issues with BoltDB and discovered that BoltDB, for all intents and purposes, is no longer supported. The database can be corrupted after a power outage if the timing is badly "right".'),(0,me.kt)("p",null,"Matt has looked into SQLite and has worked up replacement routines. By default, starting in August, new Podman installs will get SQLite. Later, the BoltDB databases may be converted, method TBD."),(0,me.kt)("p",null,"So far, a slight performance increase with SQLite, a 30 to 40-millisecond speed up with container commands."),(0,me.kt)("p",null,"Nothing for the user to do, except maybe initialize a database conversion routine."),(0,me.kt)("p",null,"This should be out in Podman v4.5."),(0,me.kt)("p",null,"Currently, the plan is to have ",(0,me.kt)("inlineCode",{parentName:"p"},"podman system reset")," clear the database, and scripts are being looked into also, but no promises. Matt thinks he'll keep BoltDB around for at least a year."),(0,me.kt)("h3",{id:"hackperf-scripts-707-in-the-video---valentin-rothberg"},"Hack/Perf Scripts (7:07 in the video) - Valentin Rothberg"),(0,me.kt)("p",null,"Showed a configurable script that drives the test. It uses ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/sharkdp/hyperfine"},"Hyperfine"),". It shows the output of a variety of Docker and Podman commands."),(0,me.kt)("p",null,'The script consists of a "prepare" command to set things up in advance, but it does not have a post-test run process capability.'),(0,me.kt)("p",null,"The scripts are under ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/tree/main/hack/perf"},"hack/perf")," on GitHub; contributions are gratefully accepted."),(0,me.kt)("p",null,"Brent asked if you could run just one engine? No, these scripts are written in mind to compare two engines. But the scripts could be modified; or new ones created to work with just one engine."),(0,me.kt)("p",null,"For cleanup, Valentin put procedures in the startup scripts."),(0,me.kt)("p",null,"Dan thinks it would be nice to have a run.sh to feed commands into the test to check on those particular commands. Valentin likes the idea, but for cleaning/setting stuff up as you should do for a perf test, Valentin found the scripts to be easier to handle."),(0,me.kt)("p",null,"Dan would like to be able to flop the order of Docker and Podman runs. He thinks the kernel may pre-load stuff that sometimes makes the second engine faster."),(0,me.kt)("p",null,"This is helpful for not only comparing Docker/Podman but also different versions of Podman."),(0,me.kt)("h3",{id:"container-tools-podman-test-day-2415-in-the-video---mohanlokeshsumantro"},"Container Tools (podman) test day (24:15 in the video) - Mohan/Lokesh/Sumantro"),(0,me.kt)("p",null,"Similar to Fedora test days. He does FCOS test days and wants to add a cycle for when Podman has a new version to test."),(0,me.kt)("p",null,"As a requirement, we need to get Podman latest into FCOS so the team could run the tests with it."),(0,me.kt)("p",null,"They could grab Podman packages from the Fedora Test systems before it goes to stable."),(0,me.kt)("p",null,"Generally, Podman releases every two months in general, with Release Candidates two weeks prior."),(0,me.kt)("p",null,"The biggest one for us is install testing. Matt thinks running our system tests on FCOS would be good, but Brent thinks that environment might be challenging due to the packages that would have to be added to the FCOS image. Sumantro said we could instead use Workstation for the test."),(0,me.kt)("p",null,"Generally, FCOS is used as a server, while FCOS workstation is more client-side."),(0,me.kt)("p",null,"Paul is unsure of the advantage of running system tests in this environment. He thinks it would be better if we had users running tests rather than automated ones."),(0,me.kt)("p",null,"Lokesh would prefer to start this in the second week of April or later."),(0,me.kt)("p",null,"Mohan asked if they can do performance testing as well. An example test ",(0,me.kt)("a",{parentName:"p",href:"https://testdays.fedoraproject.org/events/152"},"app"),". Sumantro could write stuff up and maintain it. We could potentially use Valentin\u2019s tests, but we need to figure out how to determine baselines and retain them."),(0,me.kt)("p",null,"Mohan also asked if multiple architectures could be tested. The challenge here is to find the machines that can be used."),(0,me.kt)("p",null,"Chris pointed out that along with the test results, we need to capture the system setup, down to the kernel versions that were in play."),(0,me.kt)("p",null,"Dan noted that we don't alway get our release notes out in a timely manner, and we should in order to help this testing. The issue with that is the time necessary to put the notes together. Building a chopped version more quickly might be doable, but will need investigation. We should at least be able to get a list of issues out more quickly."),(0,me.kt)("p",null,"Paul thinks it would not be a problem to run a benchmark with a before version and then the test version of Podman."),(0,me.kt)("p",null,"FYI, here's a ",(0,me.kt)("a",{parentName:"p",href:"https://fedoraproject.org/wiki/QA:Testcase_Podman"},"Podman Test Case")," that was used in the past."),(0,me.kt)("p",null,"As far as ",(0,me.kt)("inlineCode",{parentName:"p"},"podman machine")," goes, we could test on FCOS Workstation, then the testing would be useful and valuable."),(0,me.kt)("p",null,"Mohan wondered if they had any Mac/Windows based testing. They do have some, that can be used."),(0,me.kt)("p",null,"Paul noted the big thing is writing up the test cases to see what should be tested. Most of the CI is for regression testing only. He suggests that we might ask people provide test cases within a Pull Request statement."),(0,me.kt)("p",null,"What is the next steps for moving forward with this?",(0,me.kt)("br",{parentName:"p"}),"\n","Sumantro needs a pointer to tests that are not covered. He could do so via issues on the GitHub. Targeting mid-April for the first test run."),(0,me.kt)("h4",{id:"open-discussion-4900-in-video"},"Open discussion (49:00 in video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Lance asked how the port works between the mac, machine and the container. If he publishes the port, it seems to be exposed on the mac. He wants to know if he can connect the port to the podman machine directly rather than the mac. Paul says not doable now, but we can take a feature request in GitHub and will publsh it."),(0,me.kt)("p",{parentName:"li"},"Brent asked if he wanted to publish the port beyond the machine or did he just want to hit it from the mac. Slirpnetns or passt is a bit of a black hole, and you throw something in there, then it comes out where we told it to, and it's hard to select it. The problem is your running rootless, so there are limitations."),(0,me.kt)("p",{parentName:"li"},"The virtual machine is isolated from the MacOS, ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/gvisor-tap-vsock"},"gvproxy")," is the glue that lets you do port handling."),(0,me.kt)("p",{parentName:"li"},"You will need root privs not only in the 'podman machine vm' but also on the MacOS."),(0,me.kt)("p",{parentName:"li"},(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/gvisor-tap-vsock"},"gvproxy")," is under containers on GitHub, and we contribute it."),(0,me.kt)("p",{parentName:"li"},"This ",(0,me.kt)("a",{parentName:"p",href:"https://www.redhat.com/sysadmin/run-containers-mac-podman"},"article")," was helpful to Lance for all of this."))),(0,me.kt)("p",null,"2) Brent asked if ssh keys need to be encrypted in the view of others. A ",(0,me.kt)("a",{parentName:"p",href:"https://www.redhat.com/sysadmin/run-containers-mac-podman"},"Discussion")," was started in GitHub. We had one request recently and we're leaning towards doing keychain, but there's been several challenges with that."),(0,me.kt)("p",null," If they used encrypted keys, the user would be prompted for the password with every command. Adding a key to the key ring has proven to be challenging. Paul thinks this can be done securely with ssh, Brent asked Paul to write up a proposal for the changes he's suggesting. The user may run into issue when dealing with keys for the podman machine. Brent is trying to figure out the amount of work for it all."),(0,me.kt)("h3",{id:"next-meeting-thursday-april-20-2023-1100-am-edt-utc-5"},"Next Meeting: Thursday, April 20, 2023, 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h2",{id:"possible-topics"},"Possible Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"None discussed")),(0,me.kt)("h3",{id:"next-community-meeting-tuesday-april-4-2023-1100-am-edt-utc-5"},"Next Community Meeting: Tuesday, April 4, 2023, 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h3",{id:"possible-topics-1"},"Possible Topics:"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"None discussed")),(0,me.kt)("p",null,"Meeting finished 12:08 p.m."),(0,me.kt)("p",null,"Raw Meeting Chat:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"You\n11:02\u202fAM\nhttps://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nMartin Jackson\n11:11\u202fAM\nI think the speedup was in milli-seconds, not micro-seconds? Perhaps I misheard\nMatt Heon\n11:11\u202fAM\nYeah, milliseconds\nYou\n11:12\u202fAM\nThanks for the touch up.\nMatt Heon\n11:12\u202fAM\nDB writes are ~2x as fast with SQLite. Reads are a bit slower, but those only take tens of microseconds, so it doesn't really matter.\nWrites being ~5ms for SQLite versus ~10ms for Bolt. Most of which is fsync.\nMohan Boddu\n11:19\u202fAM\nSomeone at the door, bbiab\nMohan Boddu\n11:27\u202fAM\nback\nYou\n11:29\u202fAM\nValentin, have you shared the hack/perf scripts with Yiqiao and the rest of the QE team?\nValentin Rothberg\n11:29\u202fAM\n@Tom, no, I didn't share them with QE. But I see where you're going. It's probably a good idea to let them know.\nPreethi Thomas\n11:35\u202fAM\nYou may have already talked about it as I a only half listening. How about podman-machine/podman-remote tests on FCOS?\nSumantro Mukherjee\n11:36\u202fAM\nhttps://testdays.fedoraproject.org/events/152\nSumantro Mukherjee\n11:44\u202fAM\nhttps://fedoraproject.org/wiki/QA:Testcase_Podman\nPaul Holzinger\n11:52\u202fAM\ngit log --all --grep='\\[NO NEW TESTS NEEDED\\]'\nBrent Baude\n11:52\u202fAM\ni have a question as well\nLokesh Mandvekar\n11:53\u202fAM\nbtw, if someone can back me up on the rpm side, then we don't need to wait for me to get back\nMatt Heon\n11:54\u202fAM\nCould we route the Podman subnet from OS X to the VM? That would let (root) containers be accessed directly from OS X\nLance Lovette\n12:01\u202fPM\nhttps://www.redhat.com/sysadmin/run-containers-mac-podman\nYou\n12:01\u202fPM\nTY!\nBrent Baude\n12:01\u202fPM\nhttps://github.com/containers/podman/discussions/17795\n")))}en.isMDXComponent=!0;const tn={},nn="Podman Community Meeting",an=[{value:"December 1, 2020 11:00 a.m. Eastern (UTC-5)",id:"december-1-2020-1100-am-eastern-utc-5",level:2},{value:"Attendees (35 total)",id:"attendees-35-total",level:3},{value:"Meeting Start: 11:03 a.m.",id:"meeting-start-1103-am",level:2},{value:"BlueJeans Recording",id:"bluejeans-recording",level:3},{value:"Introducing Network Aliases",id:"introducing-network-aliases",level:2},{value:"Matt Heon",id:"matt-heon",level:3},{value:"(1:50 in the video)",id:"150-in-the-video",level:4},{value:"Podman Split Brain API",id:"podman-split-brain-api",level:2},{value:"Jhon Honce",id:"jhon-honce",level:3},{value:"(12:33 in the video)",id:"1233-in-the-video",level:4},{value:"Demo containers.conf usage",id:"demo-containersconf-usage",level:2},{value:"Dan Walsh",id:"dan-walsh",level:3},{value:"(22:34 in video)",id:"2234-in-video",level:4},{value:"Podman development update",id:"podman-development-update",level:2},{value:"Brent Baude",id:"brent-baude",level:3},{value:"(38:30 in the video)",id:"3830-in-the-video",level:4},{value:"Discussion on a Podman forum.",id:"discussion-on-a-podman-forum",level:2},{value:"(44:28 in the video)",id:"4428-in-the-video",level:4},{value:"Any pain points?",id:"any-pain-points",level:2},{value:"(49:19 in the video)",id:"4919-in-the-video",level:4},{value:"systemd discussion",id:"systemd-discussion",level:2},{value:"(51:19 in the video)",id:"5119-in-the-video",level:4},{value:"Questions?",id:"questions",level:2},{value:"Topics for Next Meeting",id:"topics-for-next-meeting",level:2},{value:"NOTE no January meeting.",id:"note-no-january-meeting",level:3},{value:"(54:03 in the video)",id:"5403-in-the-video",level:4},{value:"Next Meeting: Tuesday February 2, 2020, 11:00 a.m. Eastern (UTC-5)",id:"next-meeting-tuesday-february-2-2020-1100-am-eastern-utc-5",level:2},{value:"Meeting End: 12:03 p.m. Eastern (UTC-5)",id:"meeting-end-1203-pm-eastern-utc-5",level:3},{value:"BlueJeans Chat copy/paste:",id:"bluejeans-chat-copypaste",level:2}],on={toc:an},sn="wrapper";function rn(e){let{components:t,...n}=e;return(0,me.kt)(sn,(0,K.Z)({},on,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-meeting"},"Podman Community Meeting"),(0,me.kt)("h2",{id:"december-1-2020-1100-am-eastern-utc-5"},"December 1, 2020 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h3",{id:"attendees-35-total"},"Attendees (35 total)"),(0,me.kt)("p",null,"Tom Sweeney, Brent Baude, Jhon Honce, Reinhard Tartler, Dan Walsh, Chris Evich, Lokesh Mandvekar, Anders Bj\xf6rklund, Greg Shomo, Urvashi Mohnani, Nalin Dahyabhai, Qi Wang, Eduardo Santiago, Ed Haynes, Sally O'Malley, James Cassell, Scott McCarty, Christian Felder, Valentin Rothberg, Christian Korneck, Neal Gompa, Brian Smith, Giuseppe Scrivano, Joe Crist, Joe Doss, Miloslav Trmac, Pablo Greco, Parker Van Roy, Peter Hunt, Preethi Thomas, James Ault"),(0,me.kt)("h2",{id:"meeting-start-1103-am"},"Meeting Start: 11:03 a.m."),(0,me.kt)("h3",{id:"bluejeans-recording"},"BlueJeans ",(0,me.kt)("a",{parentName:"h3",href:"https://bluejeans.com/s/aOaqCoRSJB4/"},"Recording")),(0,me.kt)("h2",{id:"introducing-network-aliases"},"Introducing Network Aliases"),(0,me.kt)("h3",{id:"matt-heon"},"Matt Heon"),(0,me.kt)("h4",{id:"150-in-the-video"},"(1:50 in the video)"),(0,me.kt)("p",null,"Podman v2.2 came out last night. Network connect lets you take an existing container and will let you connect to another containers network."),(0,me.kt)("p",null,"Still limited, calling it initial support."),(0,me.kt)("p",null,"Second thing is network aliases. Podman allows you to access other containers by its name. Supported since v1.6. Useful for database container and a http container that you want to talk to. Network alias allows you to add further names to the containers to make it even easier to communicate with."),(0,me.kt)("p",null,"A new ",(0,me.kt)("inlineCode",{parentName:"p"},"dnsname")," plugin is required. Existing networks from ",(0,me.kt)("inlineCode",{parentName:"p"},"podman network connect")," are not compatible as-is but are simple to upgrade (small change to their config)."),(0,me.kt)("p",null,"Matt started a demo (",(0,me.kt)("a",{parentName:"p",href:"https://asciinema.org/a/376554"},"https://asciinema.org/a/376554"),") ",(0,me.kt)("strong",{parentName:"p"},"(4:59 in the video)"),"."),(0,me.kt)("p",null,"The demo showed how you can use either the name of the container or its newly established alias to do a run command against."),(0,me.kt)("p",null,"He then demo'd setting up a network connection."),(0,me.kt)("h2",{id:"podman-split-brain-api"},"Podman Split Brain API"),(0,me.kt)("h3",{id:"jhon-honce"},"Jhon Honce"),(0,me.kt)("h4",{id:"1233-in-the-video"},"(12:33 in the video)"),(0,me.kt)("p",null,"Community was resistant to a new API that differed greatly from Docker. Podman v2.0 featured API v2.0.x. Split brain comes form DNS split brain . We have an api that is Docker compatible and one that is not. The two trees are versioned independently."),(0,me.kt)("p",null,"Moving to Podman and API v3.X for both in the near future. We needed improvements especially in newlines where we've run into issues with v2.0. V3.0 will complete more of the compatibility resources. It will add new commands such as network connect and disconnect. Also removal of the varlink API which will cause the size of the binary to be slimmed down."),(0,me.kt)("p",null,"Brent also talked about slimming down other areas of Podman as well in v3.0. Dan pointed out the help that the community has provided in tuning the API."),(0,me.kt)("p",null,"See ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/tree/main/test/apiv2/rest_api"},"API tests using python requests library")," for examples."),(0,me.kt)("h2",{id:"demo-containersconf-usage"},"Demo containers.conf usage"),(0,me.kt)("h3",{id:"dan-walsh"},"Dan Walsh"),(0,me.kt)("h4",{id:"2234-in-video"},"(22:34 in video)"),(0,me.kt)("p",null,"Dan talked about containers.conf which will allow for users to change the default settings for the container engine on the host."),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"/usr/share/containers/containers.conf is the main file to use."),(0,me.kt)("li",{parentName:"ul"},"/etc/containers/containers.conf is the secondary file which an admin can use to change for all container projects (Buildah, Podman, Skopeo, etc.)"),(0,me.kt)("li",{parentName:"ul"},"$HOME/.config/containers/containers.conf is used by an individual user to configure their rootless containers.")),(0,me.kt)("p",null,"The containers.conf file allows for sysctl to be configured/toggled. There are many options within the files."),(0,me.kt)("p",null,"Does rootless ignore the /etc/containers/containers.conf version? It does not per Dan."),(0,me.kt)("p",null,"Neal Gompa asked if we could provide a containers.conf.d similar to registries.conf.d which makes it even easier to tailor. Dan said it's been thought about and we'd be amiable to it being included."),(0,me.kt)("p",null,"Dan then did a demo."),(0,me.kt)("p",null,"HPC had massive amounts of containers and want to set up defaults. A blog is in the works."),(0,me.kt)("p",null,"James Cassell asked about libpod.conf. It's gone away and been replaced by containers.conf."),(0,me.kt)("h2",{id:"podman-development-update"},"Podman development update"),(0,me.kt)("h3",{id:"brent-baude"},"Brent Baude"),(0,me.kt)("h4",{id:"3830-in-the-video"},"(38:30 in the video)"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("p",{parentName:"li"},"Podman v2.2 was just cut yesterday Nov 30, 2020 and upstream was switched to v3.0 development. Varlink was removed from Fedora 33 which will have Podman 3.0. Fedora 32 will not have Podman v3.0.")),(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("p",{parentName:"li"},"Podman 2.1.1 will be in RHEL 8.3.1 to be released in Feb 2021, and RHEL 8.4 in May 2021 will have Podman v3.0.")),(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("p",{parentName:"li"},"The Debian and Ubuntu distro packages currently ship with varlink enabled at build time, and ship with systemd units."))),(0,me.kt)("h2",{id:"discussion-on-a-podman-forum"},"Discussion on a Podman forum."),(0,me.kt)("h4",{id:"4428-in-the-video"},"(44:28 in the video)"),(0,me.kt)("p",null,"Joe Doss suggested a Podman category on this forum: ",(0,me.kt)("a",{parentName:"p",href:"https://discussion.fedoraproject.org/c/server/coreos/5"},"https://discussion.fedoraproject.org/c/server/coreos/5")," like FCOS?\nTom Sweeney pointed out there is a podman wiki and the mailing list. Thought was expanding the wiki would be useful. Matt Heon would like a place to document what people are doing and how which would probably fit well with a forum or a Wiki. Tom Sweeney to look into setting up a forum in the fedoraproject.org site."),(0,me.kt)("h2",{id:"any-pain-points"},"Any pain points?"),(0,me.kt)("h4",{id:"4919-in-the-video"},"(49:19 in the video)"),(0,me.kt)("p",null,"Brent Baude asked the attendees if they had any pain points with Podman:"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("p",{parentName:"li"},"--cache-from on image building, huge pain not having that.")),(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("p",{parentName:"li"},"jitsi-meet and k3d working in podman?")),(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("p",{parentName:"li"},"we would certainly like to see integration between podman and MPI versions: e.g. mpirun podman imagename to launch a job on some HPC nodes in a rootless podman environment....")),(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("p",{parentName:"li"},"Has cgroup functionaly matured more, especially with systemd. This is still ongoing.")),(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("p",{parentName:"li"},"handling ",(0,me.kt)("inlineCode",{parentName:"p"},"isDeaultGateway")," properly in podman network create (currenlty it is hard-coded to false in NewHostLocalBridge) - I already created an issue ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/issues/8483"},"#8483")))),(0,me.kt)("h2",{id:"systemd-discussion"},"systemd discussion"),(0,me.kt)("h4",{id:"5119-in-the-video"},"(51:19 in the video)"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Joe Doss asked if the interaction between Podman and systemd in regards to cgroups is in a mature state? He's had issues with rootless Podman and systemd. Matt Heon said work has been done, but more work needed.\n\nValentin noted that \"how to\" run a rootless container with systemd is documented in the man pages, but it's not always the greatest place to find info. More blogs and how-tos would be nice to have, from both Red Hat and the community.\n\nA blog post with example config files for this example (running a rootless container with systemd) would be excellent...\n")),(0,me.kt)("h2",{id:"questions"},"Questions?"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"James Cassell asked about how libpod.conf is handled. In v2.0 we swapped out the default reading order so containers.conf is now read first. The libpod.conf file is still supported, but it is suggested to move to containers.conf which is used by more projects (Buildah, Skopeo) other than Podman. We may drop it in v3.0, something to discuss by the development team."),(0,me.kt)("li",{parentName:"ul"},"If a containers.conf has specified a volume, but it doesn't exist? The intent of the question was a way to have a container disable parts of containers.conf (or all of it) and not obey global configuration. This is not presently possible - containers.conf is intended to be a global configuration for all containers. It is possible to override individual settings manually, or for a specific user by adding a containers.conf for the user. We may reevaluate this in the future."),(0,me.kt)("li",{parentName:"ul"},"Is there a way to send a particular option to a particular container using this (containers.conf)? We don't currently have a way to do that specifically at this time.")),(0,me.kt)("h2",{id:"topics-for-next-meeting"},"Topics for Next Meeting"),(0,me.kt)("h3",{id:"note-no-january-meeting"},(0,me.kt)("strong",{parentName:"h3"},"NOTE")," no January meeting."),(0,me.kt)("h4",{id:"5403-in-the-video"},"(54:03 in the video)"),(0,me.kt)("p",null,"Two Proposed Topics:"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"systemd with containers - Valentin Rothberg"),(0,me.kt)("li",{parentName:"ul"},"Docker compose with Podman - Brent Baude")),(0,me.kt)("h2",{id:"next-meeting-tuesday-february-2-2020-1100-am-eastern-utc-5"},"Next Meeting: Tuesday February 2, 2020, 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h3",{id:"meeting-end-1203-pm-eastern-utc-5"},"Meeting End: 12:03 p.m. Eastern (UTC-5)"),(0,me.kt)("h2",{id:"bluejeans-chat-copypaste"},"BlueJeans Chat copy/paste:"),(0,me.kt)("p",null,(0,me.kt)("strong",{parentName:"p"},"Note:")," Many thanks to James Cassell for capturing the Bluejeans chat!"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Tom Sweeney10:56 AM\nPlease sign in at HackMD: https://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\nMe11:08 AM\nyes\nGuest 511:14 AM\nso the alias is for a hostname or networks? -- I'm confused on what exactly is aliased.\nBrent Baude11:14 AM\nyes\nmheon11:14 AM\nIt's basically a DNS CNAME\nGuest 511:14 AM\nbut it is bound to the network. So if the container gets disconnected, the alias is dangling?\nmheon11:15 AM\nThe alias is removed from the container when we disconnect\nGuest 511:15 AM\nthanks!\nmheon11:16 AM\nhttps://asciinema.org/a/376554\nMe11:16 AM\nlooks like 2.1.1 is the newest available in updates-testing on Fedora 33\nDaniel (rhatdan) Walsh11:16 AM\nI saw it this morning.\nBrent Baude11:16 AM\npodman-2.2.0-1.fc32 and fc33 just built\nDaniel (rhatdan) Walsh11:17 AM\nkoji latest-pkg f33-updates-candidate podman\nMe11:17 AM\ngreat! probably hasn't made it to the mirrors yet\nBrent Baude11:17 AM\nit needs bodhi first\nhttps://bodhi.fedoraproject.org/updates/FEDORA-2020-fd0574be76\nNeal Gompa11:17 AM\nhey all!\nBrent Baude11:17 AM\nhttps://bodhi.fedoraproject.org/updates/FEDORA-2020-c9a8fdbd34\nafbjorklund11:17 AM\npodman 2.2.0 is out for ubuntu (ironically enough)\nNeal Gompa11:18 AM\nwell, not for stable releases :)\nand not in the official repos\neven hirsute still only has podman 2.0.6\nafbjorklund11:18 AM\nWill there be a 2.1.2 ?\nBrent Baude11:19 AM\nno\nDaniel (rhatdan) Walsh11:19 AM\nMaster branch is now on 3.0-devel\nBrent Baude11:19 AM\nlets talk versions in wrap up?\nMe11:19 AM\npodman 2.2.0 has buildah 1.18?\nmheon11:20 AM\nYes - 1.18.0\nJoe Doss11:22 AM\n100% agree Neal\nMe11:29 AM\nDoes rootless ignore the /etc/containers/containers.conf version?\nMe11:35 AM\nlibpod.conf?\nGuest 511:35 AM\nhow to disable options on the command-line that are specified in the configuration file?\nJoe Doss11:36 AM\nOnline Documentation on containers.conf?\nBrent Baude11:36 AM\ncmds overrule conf files\nGuest 511:36 AM\nExample: if containers.conf is specifying some volume, but I have a usecase where that must not exist?\nah, ok. makes sense\nMe11:36 AM\nthanks! containers.conf sounds great\nMe11:37 AM\n\"WARN[0000] Found deprecated file /etc/containers/libpod.conf, please remove. Use /etc/containers/containers.conf to override defaults.\"\nGuest 511:39 AM\naah, thanks for the clarification. the distinction between appendable and non-appendable option wasn't obvious to me\nGuest 511:41 AM\nfor clarity, it was an explorative question, I don't have a specific use-case in mind\nGuest 511:45 AM\ndebian does right now (for better or worse)\nubuntu is following debian\nI'd love to drop it, but evidently, nomad-podman is still depending on it\nPablo Greco11:46 AM\ndid I understand correctly, there won't be podman 2.2.x in RHEL?\nChristian Korneck11:47 AM\nunrelated general question: I kind of miss an equivalent to the Docker Forum for Podman where users can exchange about their Podman usage. Stuff that can get verbose. (I think github issues are more dev related?). Would it maybe make sense to create some forum (i.e. by enabling github discussions on the gh repo)?\nBrent Baude11:47 AM\ngood question\nlets talk about it\nMe11:48 AM\nmailing list\nafbjorklund11:48 AM\nWe talked about it last meeting, but podman-machine and minikube were both using varlink. Currently frozen at podman 1.9.3\nMinikube now also supports podman2, so it will use whatever version is on the server (actually looks for \"varlink\" binary)\nChristian Korneck11:49 AM\nok, let me try and jump on the mailinglist :)\nNeal Gompa11:49 AM\nhttps://lists.podman.io\nUwe11:49 AM\nThe list is fine\nJoe Doss11:50 AM\n+1 on a single source of truth for online docs.\nNeal Gompa11:50 AM\ngotta jump off, bye y'all\nJoe Doss11:50 AM\nBye Neal\nafbjorklund11:51 AM\nI have three audio dials\nJoe Doss11:52 AM\nRegarding a forum Maybe a Podman category on https://discussion.fedoraproject.org/c/server/coreos/5 like FCOS?\nmheon11:53 AM\nWe definitely do get questions there\nJoe Doss11:53 AM\nwould be a fast and easy way to get community discussion going for Podman that is not a mailing list.\n--cache-from on image building\nhuge pain not having that.\nGuest 511:54 AM\njitsi-meet and k3d working in podman ? ;-)\nwould be my pet peeves :-)\nJA11:54 AM\nwe would certainly like to see integration between podman and MPI versions: e.g. mpirun podman imagename to launch a job on some HPC nodes....\nPablo Greco11:55 AM\nDan, nnow that gitlab-runner works, it is for me ;)\nChristian Felder11:55 AM\nhandling ``isDeaultGateway`` properly in podman network create (currenlty it is hard-coded to false in NewHostLocalBridge) - I already created an issue #8483\nBrent Baude11:56 AM\nyup got that\nJA11:57 AM\nin a rootless-podman environment...\nMe11:57 AM\nCOPY between stages in multi-stage build seems to hash every file, even if neither of the previous stages changed, which slows down cached rebuilds\nPablo Greco11:57 AM\nNeed to go, $work meeting, thanks!\nafbjorklund11:58 AM\nAbout k3d: do have crio-in-podman running with minikube (even with podman v2)\nJA12:01 PM\na blog post with example config files for this example (running a rootless container with systemd) would be excellent...\nGuest 512:03 PM\nI agree with Joe!\nGreg Shomo (Northeastern)12:03 PM\nthank you all for your time && have a good one\nJoe Doss12:03 PM\nThanks folks\nChristian Felder12:03 PM\nThanks!\nUwe12:04 PM\nthanks, cu\nTom Sweeney12:08 PM\nJames Cassell if you're still on line, could you cut/paste the bluejeans chat into the bottom of the hackmd please?\nDitto anyone else who may still be here.\nMe12:12 PM\nyes, will do\n")))}rn.isMDXComponent=!0;const ln={},hn="Podman Community Meeting",dn=[{value:"June 1, 2021 11:00 a.m. Eastern (UTC-4)",id:"june-1-2021-1100-am-eastern-utc-4",level:2},{value:"Attendees (24 total)",id:"attendees-24-total",level:3},{value:"Meeting Start: 11:03 a.m.",id:"meeting-start-1103-am",level:2},{value:"BlueJeans Recording",id:"bluejeans-recording",level:3},{value:"General Announcements",id:"general-announcements",level:2},{value:"Tom Sweeney",id:"tom-sweeney",level:3},{value:"Podman and TYE",id:"podman-and-tye",level:2},{value:"Tom Deseyn",id:"tom-deseyn",level:3},{value:"(3:00 in the video)",id:"300-in-the-video",level:4},{value:"Slides",id:"slides",level:4},{value:"Podman v3.2.0 Updates",id:"podman-v320-updates",level:2},{value:"Matt Heon",id:"matt-heon",level:3},{value:"(15:50 in the video)",id:"1550-in-the-video",level:4},{value:"Podman in Kubernetes",id:"podman-in-kubernetes",level:2},{value:"Urvashi Mohnani",id:"urvashi-mohnani",level:3},{value:"(20:18 in the video)",id:"2018-in-the-video",level:4},{value:"Podman Machine Updates",id:"podman-machine-updates",level:2},{value:"Brent Baude",id:"brent-baude",level:3},{value:"(32:00 in the video)",id:"3200-in-the-video",level:4},{value:"Slides",id:"slides-1",level:4},{value:"Questions?",id:"questions",level:2},{value:"(38:44) in the video)",id:"3844-in-the-video",level:4},{value:"Topics for Next Meeting",id:"topics-for-next-meeting",level:2},{value:"Next Meeting: Tuesday August 3, 2021, 11:00 a.m. Eastern (UTC-4)",id:"next-meeting-tuesday-august-3-2021-1100-am-eastern-utc-4",level:2},{value:"Meeting End: 11:57 a.m. Eastern (UTC-4)",id:"meeting-end-1157-am-eastern-utc-4",level:3},{value:"BlueJeans Chat copy/paste:",id:"bluejeans-chat-copypaste",level:2}],un={toc:dn},mn="wrapper";function cn(e){let{components:t,...n}=e;return(0,me.kt)(mn,(0,K.Z)({},un,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-meeting"},"Podman Community Meeting"),(0,me.kt)("h2",{id:"june-1-2021-1100-am-eastern-utc-4"},"June 1, 2021 11:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h3",{id:"attendees-24-total"},"Attendees (24 total)"),(0,me.kt)("p",null,"Tom Sweeney, Brent Baude, Jhon Honce, Dan Walsh, Chris Evich, Urvashi Mohnani, Nalin Dahyabhai, Eduardo Santiago, Matt Heon, Ashley Cui, Paul Holzinger, Greg Shomo, Tom Deseyn, Andrew Slice, Anders Bj\xf6rklund, Shion Tanaka, Alex Litvak, Juanje Ojeda, Deepak Bhole, Eduardo Vega, Falsal Rzzzak, Juanje Ojeda, Omair Majid, Peter Hunt, Preethi Thomas, Uwe Reh"),(0,me.kt)("h2",{id:"meeting-start-1103-am"},"Meeting Start: 11:03 a.m."),(0,me.kt)("h3",{id:"bluejeans-recording"},"BlueJeans ",(0,me.kt)("a",{parentName:"h3",href:"https://bluejeans.com/s/3fO@uV5g9KF"},"Recording")),(0,me.kt)("h2",{id:"general-announcements"},"General Announcements"),(0,me.kt)("h3",{id:"tom-sweeney"},"Tom Sweeney"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"No July Meeting due to holiday and vacations, we meet next on Tuesday August 3rd."),(0,me.kt)("li",{parentName:"ul"},"The Podman IRC channel is moving. We've left the Freenode server and now the #podman channel lives on the Libera server.")),(0,me.kt)("h2",{id:"podman-and-tye"},"Podman and TYE"),(0,me.kt)("h3",{id:"tom-deseyn"},"Tom Deseyn"),(0,me.kt)("h4",{id:"300-in-the-video"},"(3:00 in the video)"),(0,me.kt)("h4",{id:"slides"},(0,me.kt)("a",{parentName:"h4",href:"https://github.com/containers/podman.io/blob/main/community/meeting/notes/2021-06-01/tye_meets_podman.pdf"},"Slides")),(0,me.kt)("p",null,"Tom is working for Red Hat on .NET. His team has been building and packaging .Net on Red Hat Enterprise Linux (RHEL) and OpenShift Container Platform (OCP) for about the past five years. Focus on cloud development. TYE is from Microsoft and is meant to ease development of .NET based applications. TYE was not originally working with Podman, but he worked with the Podman team to get it to work. That was delivered earlier this year. Many of these features were also needed by Docker Compose."),(0,me.kt)("p",null,"Two use cases, Development and Deployment."),(0,me.kt)("p",null,"Development"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Run several services",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},".Net applications"),(0,me.kt)("li",{parentName:"ul"},"Containers",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"Let them find one another"))),(0,me.kt)("li",{parentName:"ul"},"Dashboard"),(0,me.kt)("li",{parentName:"ul"},"Debugging"),(0,me.kt)("li",{parentName:"ul"},"Watch")))),(0,me.kt)("p",null,"Deployment"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Containerize"),(0,me.kt)("li",{parentName:"ul"},"Generate Kubernetes manifest"),(0,me.kt)("li",{parentName:"ul"},"Service binding")),(0,me.kt)("p",null,"Demo (7:00 in the video)"),(0,me.kt)("p",null,"TYE has a command line interface. The ",(0,me.kt)("inlineCode",{parentName:"p"},"tye run")," command will bring up a dashboard of services. He can then traverse through the services in the GUI."),(0,me.kt)("p",null,"TYE started the applications and the containers for each service including the ports. Each service has a log that can be looked at and metrics from .NET within the GUI."),(0,me.kt)("p",null,"This was all done via a yaml file that defined the services. Based on this, TYE launched the applications."),(0,me.kt)("p",null,"(Demo End 11:35)"),(0,me.kt)("p",null,"Tom showed a second slide."),(0,me.kt)("p",null,"Blue boxes are containers, red boxes are regular applications running on the host."),(0,me.kt)("p",null,"TYE allows you to connect to a running application and debug it."),(0,me.kt)("p",null,"TYE started two containers. For both backend and frontend proxies uses the loopback provided by Podman. Now in .NET he can debug within the provided interface from .NET. Under the covers it's using Podman v3.0 as it was using Docker before."),(0,me.kt)("p",null,"TYE is a single host tool for developers."),(0,me.kt)("h2",{id:"podman-v320-updates"},"Podman v3.2.0 Updates"),(0,me.kt)("h3",{id:"matt-heon"},"Matt Heon"),(0,me.kt)("h4",{id:"1550-in-the-video"},"(15:50 in the video)"),(0,me.kt)("p",null,"Currently on final RC, hoping to get final release today or in the next few days."),(0,me.kt)("p",null,(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/releases/tag/v3.2.0-rc3"},"Podman v3.2.0-rc3 Release Notes")),(0,me.kt)("p",null,"Features:"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Docker compose is supported with rootless Podman."),(0,me.kt)("li",{parentName:"ul"},"Rootless CNI networking should work on any architecture."),(0,me.kt)("li",{parentName:"ul"},"Podman Machine commands to handle virtual machines, most useful for MacOS."),(0,me.kt)("li",{parentName:"ul"},"Podman generate Kube updates"),(0,me.kt)("li",{parentName:"ul"},"podman start --all now works"),(0,me.kt)("li",{parentName:"ul"},"Changes made to allow Podman to work better in a container. Blog post incoming with details.")),(0,me.kt)("h2",{id:"podman-in-kubernetes"},"Podman in Kubernetes"),(0,me.kt)("h3",{id:"urvashi-mohnani"},"Urvashi Mohnani"),(0,me.kt)("h4",{id:"2018-in-the-video"},"(20:18 in the video)"),(0,me.kt)("p",null,"Demos for running Podman inside a Kubernetes cluster. Still slightly experimental."),(0,me.kt)("p",null,"Urvashi has a local Kubernetes cluster up and is running CRI-O as her container runtime engine. Easiest way to run things is to have privileged set to true in the cluster and she ran a user set to 1000."),(0,me.kt)("p",null,'She ran a simple Podman container inside of a Kubernetes container to do a "Hello" to sysout.'),(0,me.kt)("p",null,"She then built within the Kubernetes container. Even though the Kubernetes container is privileged, the Podman container within is not and is using usernamespace."),(0,me.kt)("p",null,"Now she showed running as an unprivileged Kubernetes container, and to do that you need to set selinux to permissive mode. That's necessary as the containers can't mount all the file systems that they need to run. You also need to mount the dev fuse device as that's needed for the overlayfs file system."),(0,me.kt)("p",null,"She then ran a nonprivileged container within a nonprivileged Kubernetes containers. Showed doing builds, but errors can occur. Need to change ",(0,me.kt)("inlineCode",{parentName:"p"},"--isolation")," to chroot in the ",(0,me.kt)("inlineCode",{parentName:"p"},"podman build")," command."),(0,me.kt)("p",null,"Ran Podman in a unprivileged container, but the Podman container was run as root."),(0,me.kt)("p",null,"You can also run Podman service on your host and leave a socket entry to your container. This is done with a volume mount of the socket. You can then run ",(0,me.kt)("inlineCode",{parentName:"p"},"podman --remote")," command against that socket."),(0,me.kt)("p",null,"If you use CRI-O as your runtime engine, you can add a user and a node annotation to your runtime. But it is experimental at the moment in Kubernetes and CRI-O. However, that tells CRI-O to create your container within your usernamespace."),(0,me.kt)("p",null,"A blog coming out for running Podman in Kubernetes and it will become part of the official documentation."),(0,me.kt)("h2",{id:"podman-machine-updates"},"Podman Machine Updates"),(0,me.kt)("h3",{id:"brent-baude"},"Brent Baude"),(0,me.kt)("h4",{id:"3200-in-the-video"},"(32:00 in the video)"),(0,me.kt)("h4",{id:"slides-1"},(0,me.kt)("a",{parentName:"h4",href:"https://github.com/containers/podman.io/blob/main/community/meeting/notes/2021-06-01/podman_machine.pdf"},"Slides")),(0,me.kt)("p",null,"Why run Podman Machine on Linux rather than run it on the host? It makes sense from a MacOS. Would be good where you wanted to run containers and wanted to have some level of separation. Also good for testing on a Linux machine before moving it to Windows or Mac. Could also be good to see if Podman works with other Linux Operating Systems other than your native system."),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"What's in development?",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"Working custom images for x86_64 Linux and MacOS and aarch64 Linux and aarch MacOS"),(0,me.kt)("li",{parentName:"ul"},"Port forwarding on hot"),(0,me.kt)("li",{parentName:"ul"},"Some buggy code that needs testing"))),(0,me.kt)("li",{parentName:"ul"},"Remaining obstacles",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"Merge development code"),(0,me.kt)("li",{parentName:"ul"},"Packaging for both Linux and Brew"),(0,me.kt)("li",{parentName:"ul"},"aarch64 support for FCOS is pending (will lead with x86_64)"),(0,me.kt)("li",{parentName:"ul"},"Upstream merge of qemu support for M1"))),(0,me.kt)("li",{parentName:"ul"},"Looking forward",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"Need a reasonably performant sollution for mounting from host"),(0,me.kt)("li",{parentName:"ul"},"Work with FCOS team to reduce size of base image.")))),(0,me.kt)("p",null,"It makes sense that you'd run Linux on MacOS to create a container, but why do so on Linux? Possibly to test different archtectures, to maintain a level of separation between the host and the container, or running a separate Linux distribution. Good for proof of concept testing to make sure the container will run on Windows or Mac in the machine."),(0,me.kt)("h2",{id:"questions"},"Questions?"),(0,me.kt)("h4",{id:"3844-in-the-video"},"(38:44) in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"More general discussions during the meeting for a more general discussion? If you have an idea that you'd like discussed, talk to Tom Sweeney to setup a meeting with folks. Might do IRC meetings too for a set time.")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Kubernetes on Podman? Running Podman on Kubernetes now (see Urvashi's demo above). Using CRI-O in Podman basically. It would be nice to have a Kublet that queries Podman.")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Can you sign an image in Kubernetes then use that in Kubernetes? We have simple signing in Podman with GPG, but Kubernetes doesn't understand this."))),(0,me.kt)("h2",{id:"topics-for-next-meeting"},"Topics for Next Meeting"),(0,me.kt)("p",null,"Topic suggestion: Using Podman to sign images in k8s and then using signed images in k8s ? (Focus on GPG signing.)"),(0,me.kt)("h2",{id:"next-meeting-tuesday-august-3-2021-1100-am-eastern-utc-4"},"Next Meeting: Tuesday August 3, 2021, 11:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h3",{id:"meeting-end-1157-am-eastern-utc-4"},"Meeting End: 11:57 a.m. Eastern (UTC-4)"),(0,me.kt)("h2",{id:"bluejeans-chat-copypaste"},"BlueJeans Chat copy/paste:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Me10:56 AM\nPlease sign in https://hackmd.io/fc1zraYdS0-klJ2KJcfC7w?edit\nbaude11:01 AM\nyou have to unmute me\nit says you muted me\nMatt Heon11:23 AM\nhttps://github.com/containers/podman/releases/tag/v3.2.0-rc3\n(These are marked as preliminary but they're almost-final - just a few more changes planned)\nFaisal Razzak11:33 AM\nWill we have documentation for podman inside k8s ?\nAlex Litvak11:33 AM\npodman in lxc?\nMatt Heon11:35 AM\nAFAIK LXC is usually run rootless, which is probably going to be problematic\nLikely can be convinced to work but it's going to take effort\n@Faisal the intent is for the blog to be the documentation - we're going to host a copy on the website and keep updating it as things change\nAlex Litvak11:36 AM\nI will give it a shot and report but most of mine lxcs are privileged\nMatt Heon11:36 AM\nAh, that should be a lot easier\nMay have to add /dev/fuse to get fuse-overlayfs working\nFaisal Razzak11:48 AM\nTopic: Using podman to sign images in k8s and then using signed images in k8s ?\nI want to focus on GPG signing and not notary\nMe11:51 AM\n Fun Fact: A chef's tall hat (officially known as a \"toque\") is traditionally made with 100 pleats, meant to represent the 100 ways to cook an egg.\nFaisal Razzak11:52 AM\nThe effort to integrate podman with codesign or any other interface. Are these meetings public or can I participate ?\nFaisal Razzak11:55 AM\nok, I will\nI have background in code signing using GPG and PKCS11 interfaces\nUwe Reh11:56 AM\nby\n")))}cn.isMDXComponent=!0;const pn={},gn="Podman Community Cabal Meeting Notes",kn=[{value:"September 16, 2021 11:00 a.m. Eastern",id:"september-16-2021-1100-am-eastern",level:2},{value:"September 16, 2021 Topics",id:"september-16-2021-topics",level:2},{value:"Meeting Notes",id:"meeting-notes",level:3},{value:"Build an Image with a Template File (0:42 in video)",id:"build-an-image-with-a-template-file-042-in-video",level:4},{value:"Podman Desktop (1:30 in video)",id:"podman-desktop-130-in-video",level:4},{value:"Podman machine volume mounts (39:10 in video)",id:"podman-machine-volume-mounts-3910-in-video",level:4},{value:"Open discussion (50:20 in video)",id:"open-discussion-5020-in-video",level:4},{value:"Next Meeting: Thursday October 21, 2021 10:00 a.m. EDT (UTC-4)",id:"next-meeting-thursday-october-21-2021-1000-am-edt-utc-4",level:3},{value:"Possible Topics:",id:"possible-topics",level:3}],yn={toc:kn},wn="wrapper";function fn(e){let{components:t,...n}=e;return(0,me.kt)(wn,(0,K.Z)({},yn,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-cabal-meeting-notes"},"Podman Community Cabal Meeting Notes"),(0,me.kt)("p",null,"One-hour meeting on the third Thursday of every month at 10:00 a.m. US/Eastern (UTC-4) to deep dive into topics on the agenda. Please add your name at the end of the topic so we know who the topic owner is.\nMeeting ID: ",(0,me.kt)("a",{parentName:"p",href:"https://meet.google.com/ieq-pxhy-jbh"},"https://meet.google.com/ieq-pxhy-jbh")),(0,me.kt)("p",null,"Try out ",(0,me.kt)("a",{parentName:"p",href:"https://www.worldtimebuddy.com/?pl=1&lid=5,0&h=5&date=9/16/2021%7C3&hf=1"},"WorldTimeBuddy")),(0,me.kt)("p",null,"Attendees: Tom Sweeney, Brent Baude, Christopher Fergeau, Chris Evich, Matej Vasek, Mehul Arora, Miloslav Trmac, Nalin Dahyabhai, Scott McCarty, Urvashi Mohnani, Eduardo Santiago, Guillaume Rose, Hugh Campbell (Riot Games in a personal capacity), Dan Walsh, Anders Bj\xf6rklund, Ashley Cui, Matt Heon, Paul Holzinger, Praveen Kumar, Gerard Braad, Giuseppe Scrivano, Lokesh Mandvekar, Kerry Zamore"),(0,me.kt)("h2",{id:"september-16-2021-1100-am-eastern"},"September 16, 2021 11:00 a.m. Eastern"),(0,me.kt)("h2",{id:"september-16-2021-topics"},"September 16, 2021 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Podman Desktop"),(0,me.kt)("li",{parentName:"ol"},"Podman machine volume mounts"),(0,me.kt)("li",{parentName:"ol"},"Open Discussion")),(0,me.kt)("h3",{id:"meeting-notes"},"Meeting Notes"),(0,me.kt)("p",null,"Video ",(0,me.kt)("a",{parentName:"p",href:"https://drive.google.com/file/d/1kCm-AK0Gqpk5Eua3m26agzxIp8NLR73x/view?usp=drive_web"},"Recording")),(0,me.kt)("p",null,"Meeting start:10:04 a.m. Thursday, September 16, 2021"),(0,me.kt)("h4",{id:"build-an-image-with-a-template-file-042-in-video"},"Build an Image with a Template File (0:42 in video)"),(0,me.kt)("p",null,"Topic for next month from: ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/stellarpower"},"https://github.com/stellarpower"),"\nProposal here: ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/buildah/issues/3479"},"https://github.com/containers/buildah/issues/3479")),(0,me.kt)("h4",{id:"podman-desktop-130-in-video"},"Podman Desktop (1:30 in video)"),(0,me.kt)("p",null,"The topic has gotten very hot over the past few weeks. People want some form of desktop presence. The big focus is on stop/start and status of things running. The maintainers wanted to solicit the community to find out what they think. If we just do what Docker does, then it might not be enough. We want to make it better if possible."),(0,me.kt)("p",null,(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/issues/11494"},"https://github.com/containers/podman/issues/11494")," - Discussion in play online."),(0,me.kt)("p",null,"Dan would like Podman to remain as a CLI tool, with the Desktop as an optional wrapper that could be used."),(0,me.kt)("p",null,"Gerard - people want a desktop application that integrates well and can be considered a first-class citizen. In addition to start/stop/status, also reinitialization. Will it be a tray application or something that supplements your view?"),(0,me.kt)("p",null,"Dan - we're hearing that compose doesn't work on Mac due to the socket not being set up. Do we want to expose registry.conf and how to handle the sockets."),(0,me.kt)("p",null,"What is the initial goal? Is it a windows tray application, but that might be very information-dense with many containers. Want to be able to query logs on a container."),(0,me.kt)("p",null,"Brent's take is that knowing what users want will help us make decisions and that's part of our current process."),(0,me.kt)("p",null,"Gerard - you have to watch the scale, so there may not be a single solution. So we need to identify what it looks like at the start."),(0,me.kt)("p",null,"Scott would like to ensure functionality. He'd like to be able to run docker compose and it would just work. He also wants to be able to serve a super user along with a novice user."),(0,me.kt)("p",null,"Dan sees the desktop as managing connections. The podman that runs on a mac, is podman remote. Cockpit might be a player in this space when you're trying to look at the containers. One of our pain points on the mac was figuring out how to connect to your linux server. Most of that was solved with podman machine. So that's why he sees this as more of a management system."),(0,me.kt)("p",null,"In the future, we might have podman machine that could handle different VM types (Ubuntu, RHEL, SUSE) either local or remote to the system."),(0,me.kt)("p",null,"Anders with docker machine you could have many machines going at once, but with Docker desktop has only one machine running in the background. He anticipates the machine concept in Podman will be almost hidden, something most users wouldn't have to be aware of."),(0,me.kt)("p",null,"In chat, Gerard noted: Podman Dekstop might not be the right name, as the desktop (local VM) is just a small part of the puzzle. The key point seems the connectivity and view/status of these connections."),(0,me.kt)("p",null,"Anders thinks there might be one desktop to handle the machines, and another to handle the containers."),(0,me.kt)("p",null,"Brent asked about brew in the enterprise as we've gotten some push back from folks on its use."),(0,me.kt)("p",null,"Gerard doesn't think it will be much of a concern, but Dan noted that some enterprise customers are blocking the use."),(0,me.kt)("p",null,'We will package in brew, the question outstanding is whether or not to provide another "more trusted" place to get a hold of the podman and/or desktop software. This would be used by enterprise customers who need to load only software with more verification than brew provides.'),(0,me.kt)("p",null,"Hugh struggles with keeping his folks from running with root in containers. If he could get Podman Desktop to be like 80% of what Docker Desktop does. It would help people understand that more container tech than just Docker. At Riot, they want to get stuff done as quickly as possible, so it needs to be easy/fast."),(0,me.kt)("p",null,"For Riot, the Docker announcement caught them by surprise."),(0,me.kt)("p",null,"Is not running root in a container the most important point of interest? Hugh would like it to be there, at very least made the people aware of the badness of running as root as they started to do that. Perhaps some kind of slider to select root/non-root, eg. setting the compatibility level (security settings?)."),(0,me.kt)("p",null,"Dan can't envision why you'd need root inside most containers in a game devel environment. He thinks they might not be aware of security."),(0,me.kt)("p",null,"Will write up a Product Specification document for what Podman will provide."),(0,me.kt)("p",null,"For the tray, Brent wants to know if \u201cshift\u201d is the only way to provide it. Gerard create a tray app in go but ran into a lack of options while developing. So it held them back from being integrated with the system."),(0,me.kt)("p",null,"Their issue with not using a native application, then the product wasn't as crisp-looking and deeply integrated with the OS. Eg. Minishift tried to use Golang with a library from lantern, but this lead to issues around integration. ",(0,me.kt)("a",{parentName:"p",href:"https://www.electronjs.org/"},"Electron")," is a development environment that creates desktop applications in JavaScript and web pages. you can you CSS to make the look and feel just right. The output is usable in Linux, Mac, and Windows. GitHub Desktop, VSCode, Discord, and the Slack desktop app are based on Electron for instance. The advantage might be that some of the Cockpit components might be (re)used."),(0,me.kt)("h4",{id:"podman-machine-volume-mounts-3910-in-video"},"Podman machine volume mounts (39:10 in video)"),(0,me.kt)("p",null,"For mac volumes, no native support. Using a reverse mount with ssh to the host. Matt Heon would like to get to using a flag to the mount from the machine command. He would like to get something out quickly."),(0,me.kt)("p",null,"His target would be native support in about a year (Fall 2022)."),(0,me.kt)("p",null,"Anders has a use case where a home directory can be mounted on a root directory in the VM, but you need to add a prefix. Anders ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/pull/11454"},"PR")),(0,me.kt)("p",null,"Does Docker Desktop do what Podman should do? Per what Matt has seen, it does, but he's not sure about the performance issues. However, that's probably the same or similar issue in Docker and Podman."),(0,me.kt)("p",null,"Podman remote client will need to be a lot smarter than it is now. Anders PR is a quick startup solution, but further work will be needed from there."),(0,me.kt)("p",null,"Some of the stuff that Anders has seen in Desktop, is a little less secure than he thinks it should be."),(0,me.kt)("p",null,"SSHfs is what Gerard has used and it seems to have worked well for his environment. Something that Matt is looking into using."),(0,me.kt)("p",null,"Dan doesn't think we want mounting storage for an image from the mac to the VM."),(0,me.kt)("p",null,"The advantage of using ssh, it's ubiquitous."),(0,me.kt)("p",null,"The first pass should be using SSHfs."),(0,me.kt)("h4",{id:"open-discussion-5020-in-video"},"Open discussion (50:20 in video)"),(0,me.kt)("p",null,"1.) What's the WSL2 status?"),(0,me.kt)("p",null,"Brent said there's a document or a script to make it less painful. Dan noted that the Podman team is working with Microsoft. Gerard would like to see a document. Brent noted it should be here very soon, but the person working on it is not part of Red Hat, not in the meeting, and he doesn't want to promise things."),(0,me.kt)("p",null,"2.) Cost of Podman Desktop?"),(0,me.kt)("p",null,"We're targeting free open-source."),(0,me.kt)("p",null,"3.) What is ETA for the Desktop?"),(0,me.kt)("p",null,"Brent hopes to solve the volume, needs M1 support for qemu. Those need to be done first, then we would look at Desktop. If nodejs, we'll need help or will have to learn it."),(0,me.kt)("p",null,"We need to have an initial release by January 1, 2022. Then build from there. A full-bodied release later in 2022."),(0,me.kt)("p",null,"4.) Has anyone run into Podman Machine Build is a lot slower than Docker."),(0,me.kt)("p",null,"Matt has a link to someone reporting the issue."),(0,me.kt)("h3",{id:"next-meeting-thursday-october-21-2021-1000-am-edt-utc-4"},"Next Meeting: Thursday October 21, 2021 10:00 a.m. EDT (UTC-4)"),(0,me.kt)("h3",{id:"possible-topics"},"Possible Topics:"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Build an Image with a Template File"),(0,me.kt)("li",{parentName:"ol"},"How to handle weekly releases of Desktop, circleCI, appveyor? Desktop builds (like Electron based), install package generation, or signing on macOS required more than the usual offers that are available.")),(0,me.kt)("p",null,"Raw BlueJeans:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"You10:01 AM\nhttps://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nHugh Campbell10:02 AM\nHi everyone\nPraveen Kumar10:02 AM\nHello everyone\nGerard Braad10:03 AM\n@Praveen if you have connection issuesyou can also ping me on Slack if more is needed\nDaniel Walsh10:03 AM\nAgenda doc: https://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nGerard Braad10:06 AM\nSome form:\n * status indication (VM)\n * controls (start, stop)\nPraveen Kumar10:06 AM\nneed to rejoin, not able to hear anything :(\nGerard Braad10:13 AM\nThis is actually the same I wanna know ;-)\nGerard Braad10:15 AM\nThis means a easy switch between configurations\nand a springboard to a developer prompt for this\nGerard Braad10:17 AM\n^^ @dan @scott ^^\nGerard Braad10:20 AM\nPodman Dekstop might not be right name, as the desktop (local VM) is just a small part of the puzzle. The key point seems the connecitivity and view/status of these conections\nScott McCarty10:22 AM\nBRB\nGerard Braad10:23 AM\nthe VM is just another endpoint/another podman you can connect to.\nthe tray and/or app might have very different tasks. the application (dialogs) will show the details of the connection and the containers\nwhile the tray might show the lifecycle management and the possible connections\nHugh Campbell10:27 AM\nWe use brew here at Riot with our Macs and brew is a good solution but knowing developers here - it doesn't have to be an exact 1:1 but if 80% of Podman Desktop for Mac can be like Docker Desktop for Mac it's would help make transition so much easier\nGerard Braad10:28 AM\n^^ :+1 right. but I believe for Brew and Choco there is a docker-desktop and docker-cli package, right?\nHugh Campbell10:28 AM\nI believe so but don't quote me on that\nGerard Braad10:30 AM\nI believe on mac you have the two kinds of users; those that want a dmg/pkg, and those that want brew\nBrent Baude10:30 AM\ncorrect\nGerard Braad10:30 AM\nand on Windows you start to see the same with wanting and .exe msi or using choco inst\nAnders F Bj\xf6rklund10:30 AM\nI dunno, I wanted rpm and port :-)\nGerard Braad10:30 AM\n;-)\nGerard Braad10:31 AM\nis that PNAELV ?\nGerard Braad10:34 AM\nPretty much like the Firewall/Internet Security slider in Windows :-)\nsetting a 'compatibility level'\nAnders F Bj\xf6rklund10:39 AM\nhere is my quick last night poc for doing a cross-platform (Qt) systray in a cross-platform language (C++):\nhttps://github.com/afbjorklund/podman-systray\nso far it has the icon :-)\nHugh Campbell10:39 AM\nVSCode\nGerard Braad10:40 AM\n^^ VS Code is developeed using electron\nErik Bernoth10:40 AM\nSlack and Discord might be written in Electron, iirc\nHugh Campbell10:41 AM\nI believe they are as well for Mac\nGerard Braad10:43 AM\n@Dan the advatnage of Electron is that the Cockpit components can most likely can be reused\nGerard Braad10:44 AM\n^^^ can I add this reference to the doc?\n@Tom\nYou10:45 AM\nGerard, please and thank you!\nAnders F Bj\xf6rklund10:48 AM\nhttps://github.com/containers/podman/pull/11454\nYou10:48 AM\nty Anders!\nHugh Campbell10:49 AM\nNative would be awesome but 80-85% of what is there currently in Docker Desktop for Podman Desktop would be great for my devs\nAnders F Bj\xf6rklund10:54 AM\na lot of interesting things happening with \"macOS subsystem for Linux\" (lima)\nmight be on par with WSL, although unofficial (Apple never supports other OS)\nGerard Braad11:00 AM\n@Tom https://github.com/gbraad\nMehul Arora11:03 AM\nyes, it is\nHugh Campbell11:04 AM\nThanks everyone!\nKherry Zamore11:05 AM\nthanks\nieq-pxhy-jbh\n")))}fn.isMDXComponent=!0;const bn={},vn="Podman Community Meeting Notes",Mn=[{value:"December 7, 2021 11:00 a.m. Eastern (UTC-5)",id:"december-7-2021-1100-am-eastern-utc-5",level:2},{value:"Attendees (18 total)",id:"attendees-18-total",level:3},{value:"Meeting Start: 11:03 a.m.",id:"meeting-start-1103-am",level:2},{value:"BlueJeans Recording",id:"bluejeans-recording",level:3},{value:"Netavark Status",id:"netavark-status",level:2},{value:"Matt Heon",id:"matt-heon",level:3},{value:"(1:52 in the video)",id:"152-in-the-video",level:4},{value:"Podman on Windows Demo",id:"podman-on-windows-demo",level:2},{value:"Jason Greene via Tom Sweeney",id:"jason-greene-via-tom-sweeney",level:3},{value:"(10:12 in the video)",id:"1012-in-the-video",level:4},{value:"Meeting Announcement",id:"meeting-announcement",level:2},{value:"Open Forum/Questions?",id:"open-forumquestions",level:2},{value:"(26:00) in the video)",id:"2600-in-the-video",level:4},{value:"Topics for Next Meeting",id:"topics-for-next-meeting",level:2},{value:"Next Meeting: Tuesday February 1, 2021, 11:00 a.m. Eastern (UTC-5)",id:"next-meeting-tuesday-february-1-2021-1100-am-eastern-utc-5",level:2},{value:"Next Cabal Meeting: Thursday December 16, 2021, 11:00 a.m. Eastern (UTC-5)",id:"next-cabal-meeting-thursday-december-16-2021-1100-am-eastern-utc-5",level:2},{value:"Meeting End: 11:37 a.m. Eastern (UTC-5)",id:"meeting-end-1137-am-eastern-utc-5",level:3},{value:"BlueJeans Chat copy/paste:",id:"bluejeans-chat-copypaste",level:2}],An={toc:Mn},In="wrapper";function Tn(e){let{components:t,...n}=e;return(0,me.kt)(In,(0,K.Z)({},An,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-meeting-notes"},"Podman Community Meeting Notes"),(0,me.kt)("h2",{id:"december-7-2021-1100-am-eastern-utc-5"},"December 7, 2021 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h3",{id:"attendees-18-total"},"Attendees (18 total)"),(0,me.kt)("p",null,"Tom Sweeney, Jhon Honce, Chris Evich, Urvashi Mohnani, Matt Heon, Chris Evich, Anders Bj\xf6rklund, Ashley Cui, Aditya Rajan, Rudolf Vesely, Shion Tanaka, Eduardo Santiago, Valentin Rothberg, Paul Holzinger, Nalin Dahyabhai, Martin Jackson, Preethi Thomas, Ionut Stoica"),(0,me.kt)("h2",{id:"meeting-start-1103-am"},"Meeting Start: 11:03 a.m."),(0,me.kt)("h3",{id:"bluejeans-recording"},"BlueJeans ",(0,me.kt)("a",{parentName:"h3",href:"https://youtu.be/WUk_ZzVThd8"},"Recording")),(0,me.kt)("h2",{id:"netavark-status"},"Netavark Status"),(0,me.kt)("h3",{id:"matt-heon"},"Matt Heon"),(0,me.kt)("h4",{id:"152-in-the-video"},"(1:52 in the video)"),(0,me.kt)("p",null,(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/netavark"},"netavark")),(0,me.kt)("p",null,"Dumping the network stack for a new one in Podman 4.0, one that we will own and control. Netavark is mostly working for IPv4 and a firewall driver is close to being completed."),(0,me.kt)("p",null,"Podman with netavark GitHub repo: ",(0,me.kt)("a",{parentName:"p",href:"https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/"},"https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/")),(0,me.kt)("p",null,"Looking to replece DNS Server within Podman too with this change. The goal is to have a container with as many networks as you'd want. Testers are very welcomed. Bug reports to the netavark for network issues, against Podman in it's GitHub if more Podman related."),(0,me.kt)("h2",{id:"podman-on-windows-demo"},"Podman on Windows Demo"),(0,me.kt)("h3",{id:"jason-greene-via-tom-sweeney"},"Jason Greene via Tom Sweeney"),(0,me.kt)("h4",{id:"1012-in-the-video"},"(10:12 in the video)"),(0,me.kt)("p",null,"(We had trouble with the video sharing, Tom Sweeney narrated badly...)"),(0,me.kt)("p",null,"Jason's first video showed how to run Podman on a Windows machine using WSL. It basically has the same look, feel as the macOS variant does. Jason talked about the architecutre under the covers and things he wants to improve upon. The direct ",(0,me.kt)("a",{parentName:"p",href:"https://youtu.be/KIGeWpd91Z0"},"Video")," can be found on YouTube along with Jason's Update ",(0,me.kt)("a",{parentName:"p",href:"https://youtu.be/ub2m15yW-fg"},"Video")," which was not shown in the meeting. The update shows his progress and how Podman can be installed on a Windows machine that doesn't have WSL."),(0,me.kt)("p",null,"The quality is much better there than in the meetings recording."),(0,me.kt)("h2",{id:"meeting-announcement"},"Meeting Announcement"),(0,me.kt)("p",null,"Going to hold this meeting every other month on the first Tuesday of the month starting in Feburary (even numbered months). The Cabal meeting will remain a monthly meeting on the third Thursday of each month."),(0,me.kt)("h2",{id:"open-forumquestions"},"Open Forum/Questions?"),(0,me.kt)("h4",{id:"2600-in-the-video"},"(26:00) in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Podman on Fedora32 on Windows doesn't go easy.\nMatt thinks this is a systemd issue and more invesigation is needed.")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Ionut Stoica is working on a project to add tools for front end work. ",(0,me.kt)("a",{parentName:"p",href:"https://iongion.github.io/podman-desktop-companion/"},"https://iongion.github.io/podman-desktop-companion/")," It's kind of Cockpit like. Hopes to add more in the future. Looking at Windows and mac, but needs to work on compilation issues. Easier on the Mac, but needs to use Lima. Will check in with Jason Greene"))),(0,me.kt)("h2",{id:"topics-for-next-meeting"},"Topics for Next Meeting"),(0,me.kt)("p",null,"None specified."),(0,me.kt)("h2",{id:"next-meeting-tuesday-february-1-2021-1100-am-eastern-utc-5"},"Next Meeting: Tuesday February 1, 2021, 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h2",{id:"next-cabal-meeting-thursday-december-16-2021-1100-am-eastern-utc-5"},"Next Cabal Meeting: Thursday December 16, 2021, 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h3",{id:"meeting-end-1137-am-eastern-utc-5"},"Meeting End: 11:37 a.m. Eastern (UTC-5)"),(0,me.kt)("h2",{id:"bluejeans-chat-copypaste"},"BlueJeans Chat copy/paste:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Me10:53 AM\nPlease sign in https://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\nMatt Heon11:06 AM\nhttps://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/\nMatt Heon11:08 AM\nhttps://github.com/containers/netavark\nMe11:09 AM\nDid I share anything?\nMe11:25 AM\nOh good, I can see people talking, but I can't hear anything\nPavel11:26 AM\nI'm trying to run Podman on Fedora35 WS and it doesn't go easy: the home area concept conflicts with podman storge conf\nChris Evich11:26 AM\nTom, if you're talking we can't hear you :(\nPavel11:27 AM\nUser's home is not static - it is mounted dynamically\nMe11:27 AM\nI've lost my audio, I can't hear, trying to get it bak.\nChristian Felder11:27 AM\nI think Marin Jackson's Audio isn't working either\n(Martin Jackson) - sorry typo\niongion11:32 AM\nhttps://iongion.github.io/podman-desktop-companion/\niongion11:33 AM\nhttps://github.com/iongion/podman-desktop-companion\nMe11:35 AM\ntsweeney@redhat.com\niongion11:37 AM\nIonut Stoica\n")))}Tn.isMDXComponent=!0;const Sn={},Nn="Podman Community Cabal Meeting Notes",Cn=[{value:"March 17, 2022 11:00 a.m. Eastern",id:"march-17-2022-1100-am-eastern",level:2},{value:"March 17, 2022 Topics",id:"march-17-2022-topics",level:2},{value:"Meeting Notes",id:"meeting-notes",level:3},{value:"/etc/hosts in containers - (1:30 in video) - Paul Holzinger",id:"etchosts-in-containers---130-in-video---paul-holzinger",level:3},{value:"Mac OS Volume Mounts - (28:40 in video) - Brent Baude",id:"mac-os-volume-mounts---2840-in-video---brent-baude",level:3},{value:"Podman pod create - What happens when all containers stop... - (37:12 in the video) - Dan Walsh",id:"podman-pod-create---what-happens-when-all-containers-stop---3712-in-the-video---dan-walsh",level:3},{value:"Open discussion (45:50 in video)",id:"open-discussion-4550-in-video",level:4},{value:"Next Meeting: Thursday April 21, 2022 11:00 a.m. EDT (UTC-5)",id:"next-meeting-thursday-april-21-2022-1100-am-edt-utc-5",level:3},{value:"Next Community Meeting: Tuesday April 5, 2022 11:00 a.m. EDT (UTC-5)",id:"next-community-meeting-tuesday-april-5-2022-1100-am-edt-utc-5",level:3},{value:"Possible Topics:",id:"possible-topics",level:3}],Pn={toc:Cn},xn="wrapper";function Dn(e){let{components:t,...n}=e;return(0,me.kt)(xn,(0,K.Z)({},Pn,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-cabal-meeting-notes"},"Podman Community Cabal Meeting Notes"),(0,me.kt)("p",null,"Attendees: Tom Sweeney, Aditya Rajan, Matt Heon, Brent Baude, Ashley Cui, Chris Evich, Giuseppe Scrivano, Nalin Dahyabhai, Paul Holzinger, Anders Bj\xf6rklund, Dan Walsh, Valentin Rothberg, Jhon Honce, Miloslav Trma\u010d, Charlie Doern, Lokesh Mandvekar, Eduardo Santiago, Christian Felder, Flavian Missi, Lance Lovette, Martin Jackson, Oleg Bulatov, Preethi Thomas"),(0,me.kt)("h2",{id:"march-17-2022-1100-am-eastern"},"March 17, 2022 11:00 a.m. Eastern"),(0,me.kt)("h2",{id:"march-17-2022-topics"},"March 17, 2022 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"/etc/hosts in containers - Paul Holzinger"),(0,me.kt)("li",{parentName:"ol"},"Mac OS Volume Mounts - Brent Baude"),(0,me.kt)("li",{parentName:"ol"},"Podman pod create - Exit when containers exit? - Dan Walsh")),(0,me.kt)("h3",{id:"meeting-notes"},"Meeting Notes"),(0,me.kt)("p",null,"Video ",(0,me.kt)("a",{parentName:"p",href:"https://youtu.be/wvENxqMjuLI"},"Recording")),(0,me.kt)("p",null,"Meeting start 11:02 a.m. Thursday March 17, 2022"),(0,me.kt)("h3",{id:"etchosts-in-containers---130-in-video---paul-holzinger"},"/etc/hosts in containers - (1:30 in video) - Paul Holzinger"),(0,me.kt)("p",null,"We don't currently support network connect/disonnect with /etc/host getting updated."),(0,me.kt)("p",null,"If we generate an /etc/hosts in the container, we use the entries from the host if there are none in the container."),(0,me.kt)("p",null,"For slirp4netns we use the contaienr host name."),(0,me.kt)("p",null,"When we have several entries for the bridge network case, should we use the first, or all, or somehow pick/choose? Matt thinks we should use all that don't have duplicates. If we encounter a duplicate, we should take the first one found and ignore the rest. So a user entry should trump all, and the rest should be in priority order."),(0,me.kt)("p",null,"For pods, you must add an entry for each container. When the container is stopped, it has to remove this entry."),(0,me.kt)("p",null,"Make sure hosts.containers.internal is only added. Matt asked if we could do something other than 127.0.0.1 for the localhost value. Paul noted that's not the behavior some people expect. So Paul thinks we could use the public IP of the container."),(0,me.kt)("p",null,"Dan noted that some people want a no-host option, in which case we'll use the values found in the image."),(0,me.kt)("p",null,"There's a potential information leak if we use the entries from the hosts /etc/hosts in the container as we'd add the host\u2019s IP to the containers version of the file."),(0,me.kt)("p",null,"We should allow users to disable host.containers.internal in the containers.conf."),(0,me.kt)("p",null,"The problem Lance is running into is he's running many containers in the network. He's hoping to configure the /etc/hosts in the container at run time rather than build time. He wants to ensure that each container has a different IP for the same first name. So the /etc/hosts should be different per container."),(0,me.kt)("p",null,"He'd like a way to have a different /etc/hosts file per container. Issue on ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/aardvark-dns/issues/82"},"GitHub"),"."),(0,me.kt)("p",null,"Lance is seeing containers sharing the info. We do that for containers in a shared network namespace or containers in a Pod."),(0,me.kt)("h3",{id:"mac-os-volume-mounts---2840-in-video---brent-baude"},"Mac OS Volume Mounts - (28:40 in video) - Brent Baude"),(0,me.kt)("p",null,"Brent is working with Anders, and they're trying to get their heads around the feature. Currently, if you need to add one, you need to remove your machine and add it, which is not optimal."),(0,me.kt)("p",null,"One thought was to add the user\u2019s mount in macOS, so there'd be a direct path. Like $HOME to $HOME. This is what Docker is doing and Anders thinks this is what people expect. It also allows for other mounts to be used. You may need to reboot, but you don't have to delete the user."),(0,me.kt)("p",null,"It should be configurable in containers.conf so people can change it as wanted."),(0,me.kt)("p",null,"This should be in Podman v4.1 if things go right."),(0,me.kt)("p",null,"Lima is doing read-only by default. Dan thinks we should add a ",(0,me.kt)("inlineCode",{parentName:"p"},":ro")," option that can be added to allow this functionality."),(0,me.kt)("h3",{id:"podman-pod-create---what-happens-when-all-containers-stop---3712-in-the-video---dan-walsh"},"Podman pod create - What happens when all containers stop... - (37:12 in the video) - Dan Walsh"),(0,me.kt)("p",null,"An issue came up this week where someone was running a pod and when what they thought was the primary container exited, the pod continued running, and they didn't expect that. Dan would like to see an option that would tell Podman what to do when a container exits that is running inside of a pod."),(0,me.kt)("p",null,"There are three possible options:"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Ignore - the container exit (current default), the pod keeps running."),(0,me.kt)("li",{parentName:"ol"},"Close - if any container exits, then the pod exits"),(0,me.kt)("li",{parentName:"ol"},"Restart - if the container exits, the pod would restart it. Similar to systemd. It should be overrideable per container.")),(0,me.kt)("p",null,"Dan would like comments/thoughts? A thought that the restart policy might not work in systemd. Valentin thinks that if the last container exits, then the pod should as well."),(0,me.kt)("p",null,"Matt thinks we don't need the option, rather, we should just stop the pod when the last container stops, as Valentin noted. We currently have the restart option for a container, so if someone wanted to ensure the pod stayed up, they could use that restart option."),(0,me.kt)("p",null,"Valentin thinks we need to allow a pod to start without containers and then add containers to it. So we shouldn't stop the pod if it hasn't had a container inside of it."),(0,me.kt)("p",null,"On further reflection, Dan thinks the ignore might not be a useful case. Dan thinks if we change the default to keep the pod up unless there are no longer any containers within, then we won't need to add the options. Cleanup would need to change to verify that there aren't any containers running, and if not, then kill the pod."),(0,me.kt)("p",null,"Lance has noted catatonit orphans and wonders if this might be related. Will post a bug if he can ID a pattern."),(0,me.kt)("h4",{id:"open-discussion-4550-in-video"},"Open discussion (45:50 in video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Podman v4.0 updates. - Brent Baude\nPodman v4.0 has been going well, especially given the new content. We are now focusing on things that need to be added. A number of CI, memory, and other internal to the build systems things to add in the near term. That will be good as we'll be able to work on bugs as they arise. The Red Hat team has a bug list max, and we just hit that, so we'll be focusing on that over the next week or two."),(0,me.kt)("p",{parentName:"li"},"For features, work is ongoing for cosign. Jhon will be working on Homebrew improvements. Urvashi is working on a YAML to Kubernetes integration. Matt is working on Docker compose v2. So far, that's going very well. Also, a number of blog posts."),(0,me.kt)("p",{parentName:"li"},"The new features mentioned will be in v4.1 and v4.2. Podman v4.1 will be out roughly in late April 2022."),(0,me.kt)("p",{parentName:"li"},"Virtio-fs is being worked on with qemu, which should then be useable on Planet 9 and mac. This will allow multiple UIDs to be used on a Mac once complete. That's probably a longer-term project."),(0,me.kt)("p",{parentName:"li"},"Work is ongoing within Red Hat for a Desktop](",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/desktop"},"https://github.com/containers/desktop"),")"))),(0,me.kt)("h3",{id:"next-meeting-thursday-april-21-2022-1100-am-edt-utc-5"},"Next Meeting: Thursday April 21, 2022 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h3",{id:"next-community-meeting-tuesday-april-5-2022-1100-am-edt-utc-5"},"Next Community Meeting: Tuesday April 5, 2022 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h3",{id:"possible-topics"},"Possible Topics:"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"None")),(0,me.kt)("p",null,"Meeting finished 11:56"),(0,me.kt)("p",null,"Raw Meeting Chat:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"\nDaniel Walsh\n10:57 AM\nhttps://www.redhat.com/sysadmin/podman-transfer-container-images-without-registry\nYou\n11:00 AM\nhttps://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nLance Lovette\n11:22 AM\nhttps://github.com/containers/aardvark-dns/issues/82\nAshley Cui\n11:54 AM\nhttps://github.com/containers/desktop\n")))}Dn.isMDXComponent=!0;const Bn={},En="Podman Community Cabal Meeting Notes",Wn=[{value:"July 21, 2022 11:00 a.m. Eastern",id:"july-21-2022-1100-am-eastern",level:2},{value:"July 21, 2022 Topics",id:"july-21-2022-topics",level:2},{value:"Meeting Notes",id:"meeting-notes",level:3},{value:"Man Page Clean Up - (1:12 in video) - Ed Santiago",id:"man-page-clean-up---112-in-video---ed-santiago",level:3},{value:"Podman Desktop Update - (11:12 in video) - Stevan Le Meur && Florent Benoit",id:"podman-desktop-update---1112-in-video---stevan-le-meur--florent-benoit",level:3},{value:"crun Update - Dan Walsh and Giuseppe Scrivano (18:55 in video)",id:"crun-update---dan-walsh-and-giuseppe-scrivano-1855-in-video",level:3},{value:"Open discussion (29:18 in video)",id:"open-discussion-2918-in-video",level:4},{value:"Next Meeting: Thursday August 18, 2022 11:00 a.m. EDT (UTC-5)",id:"next-meeting-thursday-august-18-2022-1100-am-edt-utc-5",level:3},{value:"August 18, 2022 Topics",id:"august-18-2022-topics",level:2},{value:"Next Community Meeting: Tuesday August 2, 2022 11:00 a.m. EDT (UTC-5)",id:"next-community-meeting-tuesday-august-2-2022-1100-am-edt-utc-5",level:3},{value:"Possible Topics:",id:"possible-topics",level:3}],jn={toc:Wn},Ln="wrapper";function Hn(e){let{components:t,...n}=e;return(0,me.kt)(Ln,(0,K.Z)({},jn,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-cabal-meeting-notes"},"Podman Community Cabal Meeting Notes"),(0,me.kt)("p",null,"Attendees: Matt Heon, Nalin Dahyabhai, Paul Holzinger, Karthik Elango, Charlie Doern, Lokesh Mandvekar, Niall Crowe, Dan Walsh, Valentin Rothberg, Miloslav Trmac, Mohan Bodu, Florent Benoit, Stevan Le Meur, Eduardo Santiago, Giuseppe Scrivano, Aditya Rajan, Urvashi Mohnani, Preethi Thomas, Jake Correnti, Ashley Cui"),(0,me.kt)("h2",{id:"july-21-2022-1100-am-eastern"},"July 21, 2022 11:00 a.m. Eastern"),(0,me.kt)("h2",{id:"july-21-2022-topics"},"July 21, 2022 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Man Page Clean Up - Ed Santiago"),(0,me.kt)("li",{parentName:"ol"},"An update on Podman Desktop - Stevan Le Meur && Florent Benoit"),(0,me.kt)("li",{parentName:"ol"},"Possible Topics: new OCI Runtimes? WASM for example. Also Podman support for zstd and gzip format at the same time.")),(0,me.kt)("h3",{id:"meeting-notes"},"Meeting Notes"),(0,me.kt)("p",null,"Video ",(0,me.kt)("a",{parentName:"p",href:"https://youtu.be/aV6RYlF9Ocs"},"Recording")),(0,me.kt)("p",null,"Meeting start 11:02 a.m. Thursday July 21, 2022"),(0,me.kt)("h3",{id:"man-page-clean-up---112-in-video---ed-santiago"},"Man Page Clean Up - (1:12 in video) - Ed Santiago"),(0,me.kt)("p",null,"Ed has found a number of duplicate pages in the man pages. Has considered moving them from md format to rst. Ed is asking for help. Does anyone want to convert to rst? Or are there other options?"),(0,me.kt)("p",null,"Currently there's a way to changes a small number of md to md.in files. Can we leverage that? Some of the interesting challenge with this is we leverage ReadTheDocs to publish the man pages automatically. Further investigation is needed in this space. If we can just use the md.in files and get those into the ReadTheDocs, that might be doable. The thing that needs to be checked if the pages would disappear from the GitHub site."),(0,me.kt)("p",null,"So more looking needs to be done in how GitHub handles the markdown resolution. Dan thinks we should go forward with the change. This will allow coders to do an update in one place for an option that is used by more than one command."),(0,me.kt)("h3",{id:"podman-desktop-update---1112-in-video---stevan-le-meur--florent-benoit"},"Podman Desktop Update - (11:12 in video) - Stevan Le Meur && Florent Benoit"),(0,me.kt)("p",null,"0.0.5 Released:"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Onboarding sequence (to initialize and/or start podman machine)"),(0,me.kt)("li",{parentName:"ul"},"Revamp UI for containers, images"),(0,me.kt)("li",{parentName:"ul"},"Windows: Installation of podman + update of podman"),(0,me.kt)("li",{parentName:"ul"},"Proxies for linux/macos but not yet windows (will work with Podman 4.2)"),(0,me.kt)("li",{parentName:"ul"},"Help page")),(0,me.kt)("p",null,"Early Adopter Program: Accessible from ",(0,me.kt)("a",{parentName:"p",href:"https://podman-desktop.io/"},"podman-desktop.io")),(0,me.kt)("p",null,"Stevan showed how the new search functionality is working on the desktop. Help system allows one to contact the developers with questions."),(0,me.kt)("p",null,"For Windows, they are waiting for Podman v4.2 due to proxy issues on Windows. More work underway, and looking for contributors."),(0,me.kt)("p",null,"They are asking users to join the early adopter program, which is linked from the top of the web page. They especially would like to find users for the program, not just developers."),(0,me.kt)("h3",{id:"crun-update---dan-walsh-and-giuseppe-scrivano-1855-in-video"},"crun Update - Dan Walsh and Giuseppe Scrivano (18:55 in video)"),(0,me.kt)("p",null,"Latest crun ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/crun/releases/tag/1.5"},"release"),", has changes for Wasmedge 0.10 support. This is not shipped by default. Free to try it out right now, and they're looking for users to test with. They hope to find people to play with this functionality. This will help to enhance the oci runtimes so you could run different runtimes more easily, such as Wasm. Possibly this could be used for Java or Javascript. The next version of crun in Fedora will have this subpackage, but it won't be enabled. Need to get packages for Wasm into Fedora yet. Krun, similar to Kata containers with full KVM separataion. It's lighter and missing features that Kata has. Should be able to do ",(0,me.kt)("inlineCode",{parentName:"p"},"podman --run krun")," to enable. Lokesh and Dan talked aobut the packaging for krun and Podman. Dan thinks we'll have a number of packages over time. For more ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/crun/blob/main/docs/wasm-wasi-example.md"},"information")),(0,me.kt)("h4",{id:"open-discussion-2918-in-video"},"Open discussion (29:18 in video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Pushing both images on podman push. This comes into play when you're pushing partial images. If we move to this, which uses zstd instead of gzip, it could potentialy break Docker and other container engine compatibility. The thought is to give users a number of conversion formats that could be used when pushing images. This may require two images to be pushed at the same time. Likely a containers.conf setting to select compression algorithm or to allow multiple pushes at once. Valentin had thought that when selecting an image from a manifest or an oci index, many clients pick the first one. So existing clients would cointinue to work. If we want to do the cstandard search, we'd have to traverse the full list first. Very early design discussions are going on. He expects cost to be minimal as traversing the manifest list is much smaller than the images on the repository. So gzip would still be in play to keep other container engines happy, but newer versions could start pushing this new zstd format. Once we have a prototype, this will be opened up to OCI for further review. We could then create PR's in other container engines such as Docker. No current design document, but one will be added to the discussion section for Podman on GitHub")),(0,me.kt)("h3",{id:"next-meeting-thursday-august-18-2022-1100-am-edt-utc-5"},"Next Meeting: Thursday August 18, 2022 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h2",{id:"august-18-2022-topics"},"August 18, 2022 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"None Discussed")),(0,me.kt)("h3",{id:"next-community-meeting-tuesday-august-2-2022-1100-am-edt-utc-5"},"Next Community Meeting: Tuesday August 2, 2022 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h3",{id:"possible-topics"},"Possible Topics:"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"None discussed")),(0,me.kt)("p",null,"Meeting finished 11:45 a.m."),(0,me.kt)("p",null,"Raw Meeting Chat:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"You11:01 AM\nhttps://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nEd Santiago11:03 AM\nhttps://github.com/containers/podman/pull/14931\nAditya Rajan11:21 AM\nhttps://github.com/containers/crun/releases/tag/1.5\nAditya Rajan11:31 AM\nhttps://github.com/containers/crun/blob/main/docs/wasm-wasi-example.md\nPreethi Thomas11:43 AM\nlol\nvoluntell\n")))}Hn.isMDXComponent=!0;const Rn={},Jn="Podman Community Meeting Notes",On=[{value:"December 6, 2022 11:00 a.m. Eastern (UTC-5)",id:"december-6-2022-1100-am-eastern-utc-5",level:2},{value:"Attendees (16 total)",id:"attendees-16-total",level:3},{value:"Meeting Start: 11:02 a.m. EST",id:"meeting-start-1102-am-est",level:2},{value:"BlueJeans Recording",id:"bluejeans-recording",level:3},{value:"MinIO Demo",id:"minio-demo",level:2},{value:"Will Dinyes - MinIO",id:"will-dinyes---minio",level:3},{value:"(1:12 in the video)",id:"112-in-the-video",level:4},{value:"Slides",id:"slides",level:4},{value:"Demo (7:18 in the video)",id:"demo-718-in-the-video",level:4},{value:"Embedding inside an AutoSD Image",id:"embedding-inside-an-autosd-image",level:2},{value:"Ygal Blum - Red Hat",id:"ygal-blum---red-hat",level:3},{value:"(16:26 in the video)",id:"1626-in-the-video",level:4},{value:"Slides",id:"slides-1",level:4},{value:"Demo (22:45 in the video)",id:"demo-2245-in-the-video",level:4},{value:"Open Forum/Questions?",id:"open-forumquestions",level:2},{value:"(33:34 in the video)",id:"3334-in-the-video",level:4},{value:"Topics for Next Meeting",id:"topics-for-next-meeting",level:2},{value:"Next Meeting: Tuesday February 7, 2022, 11:00 a.m. Eastern (UTC-5)",id:"next-meeting-tuesday-february-7-2022-1100-am-eastern-utc-5",level:2},{value:"Next Cabal Meeting: Thursday December 15, 2022, 11:00 a.m. Eastern (UTC-5)",id:"next-cabal-meeting-thursday-december-15-2022-1100-am-eastern-utc-5",level:2},{value:"Meeting End: 11:46 a.m. Eastern (UTC-5)",id:"meeting-end-1146-am-eastern-utc-5",level:3},{value:"BlueJeans Chat copy/paste:",id:"bluejeans-chat-copypaste",level:2}],Fn={toc:On},Gn="wrapper";function Un(e){let{components:t,...a}=e;return(0,me.kt)(Gn,(0,K.Z)({},Fn,a,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-meeting-notes"},"Podman Community Meeting Notes"),(0,me.kt)("h2",{id:"december-6-2022-1100-am-eastern-utc-5"},"December 6, 2022 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h3",{id:"attendees-16-total"},"Attendees (16 total)"),(0,me.kt)("p",null,"Tom Sweeney, Will Dinyes, Ygal Blum, Chris Evich, Ashley Cui, Paul Holzinger, Nalin Dahyabhai, Giuseppe Scrivano, Preethi Thomas, Matt Heon, Miloslav Trmac, Urvashi Mohnani, Mohan Bodu, Ed Santiago, Martin Jackson, Lance L, Florent Benoit, Brent Baude"),(0,me.kt)("h2",{id:"meeting-start-1102-am-est"},"Meeting Start: 11:02 a.m. EST"),(0,me.kt)("h3",{id:"bluejeans-recording"},"BlueJeans ",(0,me.kt)("a",{parentName:"h3",href:"https://www.youtube.com/watch?v=GZNazm39wEo"},"Recording")),(0,me.kt)("h2",{id:"minio-demo"},"MinIO Demo"),(0,me.kt)("h3",{id:"will-dinyes---minio"},"Will Dinyes - MinIO"),(0,me.kt)("h4",{id:"112-in-the-video"},"(1:12 in the video)"),(0,me.kt)("h4",{id:"slides"},(0,me.kt)("a",{target:"_blank",href:n(1976).Z},"Slides")),(0,me.kt)("p",null,"MinIO\u2019s Interest in Podman is to have a platform to run test cases for their courses."),(0,me.kt)("p",null,"MinIO is an S3 compatible API, the de facto standard for Object storage"),(0,me.kt)("p",null,"MinIO includes Single Sign On, Object Locking, Encryption & Tamper-proof, Lambda Compute, Protects against code and bit rot protection, and Server Side Bucket Replication."),(0,me.kt)("p",null,"It's a small server and can be installed just about anywhere."),(0,me.kt)("p",null,"Lots of use cases.\nBig Data/Machine Learning\nHDFS replacements\nHigh-Performance Data lake/warehouse infrastructure\nCloud Native applications"),(0,me.kt)("p",null,"You can move your data without being locked into a particular platform."),(0,me.kt)("p",null,"He uses Podman and MinIO for the development environment and for quick stand-ups. MinIO is open-source and free to use. He can containerize MinIO for even further portability."),(0,me.kt)("h4",{id:"demo-718-in-the-video"},"Demo (7:18 in the video)"),(0,me.kt)("p",null,"Ran Podman on a Mac. MinIO needs to attach to actual storage. He ran 'podman machine init -v /tmp/data:/Minio/data' followed by 'podman machine start'"),(0,me.kt)("p",null,"He can now change the data in MinIO after running a large ",(0,me.kt)("inlineCode",{parentName:"p"},"podman run")," command."),(0,me.kt)("p",null,"It pulled down an image from quay.io, and it brought up the MinIO console. It showed data for his content that he was using elsewhere. All very easily and quickly."),(0,me.kt)("p",null,"Runs on less than 100 MB and can be easily migrated to the cloud."),(0,me.kt)("p",null,"Potential use cases? Could it be used for a backup situation? Yes, it fits this scenario well for S3 backups. If S3 is being used already, MinIO can actually be dropped in as a replacement. You can then back up to any cloud that you want."),(0,me.kt)("h2",{id:"embedding-inside-an-autosd-image"},"Embedding inside an AutoSD Image"),(0,me.kt)("h3",{id:"ygal-blum---red-hat"},"Ygal Blum - Red Hat"),(0,me.kt)("h4",{id:"1626-in-the-video"},"(16:26 in the video)"),(0,me.kt)("h4",{id:"slides-1"},(0,me.kt)("a",{target:"_blank",href:n(8064).Z},"Slides")),(0,me.kt)("p",null,'Taking "Build once RUn anywhere to the Edge"\nWorks on the Ecosystem Engineering and works on Red Hat team looking to envision how to run containers on automobiles.'),(0,me.kt)("p",null,"Build Once, Run Anywhere\nCoined by Sun Microsystems\nAbility to write Java code once and run it anywhere\nExpanded by the use of Container Images"),(0,me.kt)("p",null,"Two Base Elements\nContainer Image\nRunning Instructions"),(0,me.kt)("p",null,"The instructions format may vary:\nCommand line arguments\nDocker-Compose file\nKubernetes YAML"),(0,me.kt)("p",null,"Using ",(0,me.kt)("inlineCode",{parentName:"p"},"podman kube play"),", users can reuse K8S YAML file"),(0,me.kt)("p",null,"Podman is daemonless, who will monitor the container when it stops? systemd is use. Tools like ",(0,me.kt)("inlineCode",{parentName:"p"},"podman generate systemd"),', soon "Quadlet" to facilitate this.'),(0,me.kt)("p",null,"OSBuild is a tool for composing O/S images, it allows embedding files and enabling of services in the image. You can compose an image for an edge device using it."),(0,me.kt)("h4",{id:"demo-2245-in-the-video"},"Demo (22:45 in the video)"),(0,me.kt)("p",null,"Showed simulation for the engine and radio. When the engine goes in reverse, the volume decreased for the radio. The volume goes up on acceleration, and then up/down on channel changes."),(0,me.kt)("p",null,"Applied a yaml file to an openshift cluster. Created a volume and an application, then applied the engine and radio using their yaml files."),(0,me.kt)("p",null,"It shows an easy way to run Podman or Kubernetes using the same YAML file."),(0,me.kt)("p",null,"The ",(0,me.kt)("inlineCode",{parentName:"p"},"podman kube play")," command will ignore things it doesn't understand and works well with using/running things in the Kurbernetes space."),(0,me.kt)("p",null,"He used that command to get the engine, radio up in Podman, with the same messages shown. So you can reuse Kubernetes Yaml in Podman, which is especially helpful in a test environment when you don't want to use up a lot of CPU time/space."),(0,me.kt)("h2",{id:"open-forumquestions"},"Open Forum/Questions?"),(0,me.kt)("h4",{id:"3334-in-the-video"},"(33:34 in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Quadlet will that be in Podman? Yes, in Podman v4.4, and set for RHEL 8.8/9.2 is current plans but still under consideration. Martin has been looking at quadlet lately and has been impressed by it so far.")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"blog.podman.io - new blog site that was demo'd, including a couple of new articles. Lot's of link tidying up to do, and need to port older blogs.")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Matt noted that Podman v4.3 is done now. Podman v4.4 RC in mid to late January 2023."))),(0,me.kt)("h2",{id:"topics-for-next-meeting"},"Topics for Next Meeting"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"None suggested")),(0,me.kt)("h2",{id:"next-meeting-tuesday-february-7-2022-1100-am-eastern-utc-5"},"Next Meeting: Tuesday February 7, 2022, 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h2",{id:"next-cabal-meeting-thursday-december-15-2022-1100-am-eastern-utc-5"},"Next Cabal Meeting: Thursday December 15, 2022, 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h3",{id:"meeting-end-1146-am-eastern-utc-5"},"Meeting End: 11:46 a.m. Eastern (UTC-5)"),(0,me.kt)("h2",{id:"bluejeans-chat-copypaste"},"BlueJeans Chat copy/paste:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Brent Baude11:39 AM\nhttps://blog.podman.io/\n")))}Un.isMDXComponent=!0;const Yn={},zn="Podman Community Meeting Notes",qn=[{value:"April 4, 2023 11:00 a.m. Eastern (UTC-5)",id:"april-4-2023-1100-am-eastern-utc-5",level:2},{value:"Attendees (17 total)",id:"attendees-17-total",level:3},{value:"Meeting Start: 11:03 a.m. EST",id:"meeting-start-1103-am-est",level:2},{value:"Video Recording",id:"video-recording",level:3},{value:"Netavark Plugins",id:"netavark-plugins",level:2},{value:"Paul Holzinger",id:"paul-holzinger",level:3},{value:"(1:30 in the video)",id:"130-in-the-video",level:4},{value:"Demo (1:45 in the video)",id:"demo-145-in-the-video",level:4},{value:"Podman Machine OS Demo",id:"podman-machine-os-demo",level:2},{value:"Ashley Cui",id:"ashley-cui",level:3},{value:"(9:07 in the video)",id:"907-in-the-video",level:4},{value:"Demo - (9:14 in the video)",id:"demo---914-in-the-video",level:3},{value:"Podman Database Update",id:"podman-database-update",level:2},{value:"Matt Heon",id:"matt-heon",level:3},{value:"(19:18 in the video)",id:"1918-in-the-video",level:4},{value:"Open Forum/Questions?",id:"open-forumquestions",level:2},{value:"(23:45 in the video)",id:"2345-in-the-video",level:4},{value:"Topics for Next Meeting",id:"topics-for-next-meeting",level:2},{value:"Next Meeting: Tuesday, June 6, 2023, 11:00 a.m. Eastern (UTC-4)",id:"next-meeting-tuesday-june-6-2023-1100-am-eastern-utc-4",level:2},{value:"Next Cabal Meeting: Thursday, April 20, 2023, 11:00 a.m. Eastern (UTC-4)",id:"next-cabal-meeting-thursday-april-20-2023-1100-am-eastern-utc-4",level:2},{value:"Meeting End: 11:33 a.m. Eastern (UTC-4)",id:"meeting-end-1133-am-eastern-utc-4",level:3},{value:"Google Meet Chat copy/paste:",id:"google-meet-chat-copypaste",level:2},{value:"Raw Google Meet Transcription",id:"raw-google-meet-transcription",level:2}],Vn={toc:qn},Kn="wrapper";function Zn(e){let{components:t,...n}=e;return(0,me.kt)(Kn,(0,K.Z)({},Vn,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-meeting-notes"},"Podman Community Meeting Notes"),(0,me.kt)("h2",{id:"april-4-2023-1100-am-eastern-utc-5"},"April 4, 2023 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h3",{id:"attendees-17-total"},"Attendees (17 total)"),(0,me.kt)("p",null,"Ashley Cui, Brent Baude, Christopher Evich, Daniel Walsh, Ed Haynes, Ed Santiago Munoz, fpoirotte, Giuseppe Scrivano, Jake Correnti, Mark Russell, Matt Heon, Mohan Boddu, Nalin Dahyabhai, Paul Holzinger, Tom Sweeney, Urvashi Mohnani, Valentin Rothberg"),(0,me.kt)("h2",{id:"meeting-start-1103-am-est"},"Meeting Start: 11:03 a.m. EST"),(0,me.kt)("h3",{id:"video-recording"},"Video ",(0,me.kt)("a",{parentName:"h3",href:"https://youtu.be/B1OynYGBHz8"},"Recording")),(0,me.kt)("h2",{id:"netavark-plugins"},"Netavark Plugins"),(0,me.kt)("h3",{id:"paul-holzinger"},"Paul Holzinger"),(0,me.kt)("h4",{id:"130-in-the-video"},"(1:30 in the video)"),(0,me.kt)("h4",{id:"demo-145-in-the-video"},"Demo (1:45 in the video)"),(0,me.kt)("p",null,"The next Netavark will introduce plug-in support for the network. Paul showed a Rust plugin and ran through the code. He copied it to /usr/local/netavark. Now when he does podman info, it shows the plugin. He then did ",(0,me.kt)("inlineCode",{parentName:"p"},"podman network create --driver host-device-plugin --interface-name test1 test1"),", and it created the ",(0,me.kt)("inlineCode",{parentName:"p"},"test1")," network."),(0,me.kt)("p",null,"You can code what you want, and he's provided a simple Rust interface. To use, you need to define a create and teardown function in your plugin."),(0,me.kt)("p",null,"You can then do a ",(0,me.kt)("inlineCode",{parentName:"p"},"podman network inspect test1")," to show the characteristics of the plugin."),(0,me.kt)("p",null,"The goal is to allow CNI plugins to be modified into Netavark plugins using this ability in the future."),(0,me.kt)("h2",{id:"podman-machine-os-demo"},"Podman Machine OS Demo"),(0,me.kt)("h3",{id:"ashley-cui"},"Ashley Cui"),(0,me.kt)("h4",{id:"907-in-the-video"},"(9:07 in the video)"),(0,me.kt)("p",null,"A new suite of commands in ",(0,me.kt)("inlineCode",{parentName:"p"},"podman machine")," lets you build a container image and add packages into your VM on the Mac."),(0,me.kt)("h3",{id:"demo---914-in-the-video"},"Demo - (9:14 in the video)"),(0,me.kt)("p",null,"She created a machine. Then showed a Containerfile with RHCOS to build an image using a regular ",(0,me.kt)("inlineCode",{parentName:"p"},"podman build")," command."),(0,me.kt)("p",null,"She then used apply from the image to the machine, and it bumped the Podman version on the machine, which took effect after the machine was rebooted."),(0,me.kt)("p",null,"Useful for folks that want to try different versions of Podman in the machine, especially useful for testing. You only need to know about Containerfile information, rather than the VM's interfaces."),(0,me.kt)("p",null,"It supports pulling the images from anywhere. So you could push an image to a registry, then multiple users could pull the image and get the same image at each one.."),(0,me.kt)("p",null,"Brent thought of two use cases. One to run the latest Podman in the machine, great for development. Also useful for non-native arch builds in the machine."),(0,me.kt)("p",null,"Matt asked about OS reversion and whether updates would happen automatically. Ashley said it should, but she's still testing the scenarios."),(0,me.kt)("h2",{id:"podman-database-update"},"Podman Database Update"),(0,me.kt)("h3",{id:"matt-heon"},"Matt Heon"),(0,me.kt)("h4",{id:"1918-in-the-video"},"(19:18 in the video)"),(0,me.kt)("p",null,"An update that should be invisible, but just as a heads up. The database system is currently BoltDB and we thought it did what we needed. However, a number of data corruption issues with BoltDB have arisen lately, and not a lot of support from the providers."),(0,me.kt)("p",null,"The Podman team decided that it was no longer safe to use BoltDB, nor support it. So a new SQLlite interface is being used. In Podman v4.5, it will be available for use, but will not be the default. Likely that in Podman v4.6 it will be the default."),(0,me.kt)("p",null,"We expect better stability, better performance, especially in large reads of images."),(0,me.kt)("p",null,"Most people won't care about this for the near future. We will announce BoltDB deprecation and then provide scripts to change over later on."),(0,me.kt)("h2",{id:"open-forumquestions"},"Open Forum/Questions?"),(0,me.kt)("h4",{id:"2345-in-the-video"},"(23:45 in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"When is Podman v4.5 coming out?\nIdealy late next week, RC1 came out yesterday, and the final version late next week with a couple of RCs before the final.")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Next version of Podman in RHEL will be Podman v4.6 in RHEL 8.9/9.3. Podman v4.4.1 will be in RHEL 8.8/9.2."))),(0,me.kt)("h2",{id:"topics-for-next-meeting"},"Topics for Next Meeting"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Quadlet demo."),(0,me.kt)("li",{parentName:"ol"},"Podman v4.5 Demo - Matt"),(0,me.kt)("li",{parentName:"ol"},"QM quadlet - Dan"),(0,me.kt)("li",{parentName:"ol"},"Podman Desktop v1.0 - Stevan Le Meur")),(0,me.kt)("h2",{id:"next-meeting-tuesday-june-6-2023-1100-am-eastern-utc-4"},"Next Meeting: Tuesday, June 6, 2023, 11:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h2",{id:"next-cabal-meeting-thursday-april-20-2023-1100-am-eastern-utc-4"},"Next Cabal Meeting: Thursday, April 20, 2023, 11:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h3",{id:"meeting-end-1133-am-eastern-utc-4"},"Meeting End: 11:33 a.m. Eastern (UTC-4)"),(0,me.kt)("h2",{id:"google-meet-chat-copypaste"},"Google Meet Chat copy/paste:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"https://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\nYou11:04\u202fAM\nIf you have not signed in, please do so in hackmd: https://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\nBrent Baude11:10\u202fAM\nthis is awesome\nPaul Holzinger11:12\u202fAM\nnetavark plugins PR: https://github.com/containers/netavark/pull/509\nneeds someone to review and merge :)\nMatt Heon11:13\u202fAM\nI'm on it. After lunch at least.\n")),(0,me.kt)("h2",{id:"raw-google-meet-transcription"},"Raw Google Meet Transcription"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"ieq-pxhy-jbh (2023-04-04 11:02 GMT-4) - Transcript\nAttendees\nAshley Cui, Brent Baude, Christopher Evich, Daniel Walsh, Ed Haynes, Ed Santiago Munoz, fpoirotte, Giuseppe Scrivano, Jake Correnti, Mark Russell, Matt Heon, Mohan Boddu, Nalin Dahyabhai, Paul Holzinger, Tom Sweeney, Urvashi Mohnani, Valentin Rothberg\nTranscript\nThis editable transcript was computer generated and might contain errors. People can also change the text after it was created.\nTom Sweeney: Hello everybody. Welcome to the Clubman community meeting today is Tuesday, April 4, 2023. Just as a reminder, we are. We have this meeting every other month on the even numbered months, we talked about all things podman or containers with any kind of demo or discussions along those lines. Topics are driven by people sending me stuff for me asking people or people coming along and or sometimes within our groups being asked to set something here. And again, anything for pop, man, build a Scorpio or any of their Well, probably be helpful if I actually shared my screen as well.\nTom Sweeney: Build our Scorpio and related projects, I'll be taking meeting notes today within the hack. MD, If you see something that put in that's incorrect or you want to add a link or something to that, please feel free to do so. And then for today, we will be talking about net of our plugins with Paul Holzinger. Then Ashley Q, Ashley will be doing a five man, machine OS demonstration for us. And then that will be talking about podman updates for to the database that we're working on right now coming out soon. And then we'll be talking about topics for next meeting And/or. Any open discussions that you want to have So, with all that, I'm going to stop presenting and I'm going to hand it over to Paul.\nPaul Holzinger: Okay. I am going to share the screen.\nPaul Holzinger: so, none of our plugins is for a way to Manage certain extra wishes which you want in your network setup. So with C&i where you could customize a lot, you could write your own plugins and network only supported Bridge. Make VLAN and no IPV then.\nPaul Holzinger: that's, That's good, but not enough for some users. So, with the next version we gonna introduce plug-in support and network, And I'm going to show very quick. I have a small example. Written in. Rust.\nPaul Holzinger: It's so the concept is pretty simple, you're plugging can create a network config. Then it needs to do. set up, which is just, Like, set up would be. Creating an interface in a container namespace and connecting it to the host. And you can do pretty much what you want. That's whatever you call. And tear down should pretty much. Be the inverse of setup. So we moved in the face again. And yeah, that's that's pretty much it. That I can. I can link to PR afterwards where there's a documentation holder. And convict chase and looks and how it works. Pretty much. And with that, I have a simple.\nPaul Holzinger: Simple plugin here. Host device plugin. I Copied to the. User local like never Mark directory, which can be configured and containers.com. And now, if I have to. Portman info. I should see. On the network that it detected. The plugin here. and that means I should be able to do a simple portman network create Driver. And then host device plugin. And the host device. Plugin is example, is just very simple one that Most host interface into the container, and if you stop the container, we move the interface back to the host.\nPaul Holzinger: And that there's a new option. I will editor in something.\nPaul Holzinger: Interface Name and I create already created an interface like on my host. I have a test one. And then I give a network name. Also test one so I can show the interface. Just one. And if, you know, run a container, Apartment run. Network test One. Alpine. And take a look. Test one must moved in. And if I show again, it's back. So if I Run this in the background pretty quick. Just to show that. It was really moved 10 seconds. Let's see the interface is gone.\n00:05:00\nPaul Holzinger: If we made this moment,\nPaul Holzinger: no, no I'm just yeah now the container stopped it's big so,\nPaul Holzinger: Let's just a very simple example. You can. Code, whatever you want in there. And I provided a simple rust interface. To automatically take care of. the so it's a it's a external binary you have A sub command for create, for setup for teardown. And if you use the Small rust binding. It will take care of the setup and stuff and then you just Let me see if I can increase the size. Yes.\nPaul Holzinger: like the that's the pretty much what you need in your plugin and you import You import the trade? And then, you must define. a create function, a setup function, which gets the like the path for the network and Yeah, this settings like the third like the network config I can. it's You get order in for you, you can put in a network config and do whatever you're like. So if you do the\nPaul Holzinger: Network inspect.\nPaul Holzinger: So this kind of information your your plugin sees as well. And then you can decide what you want to do. And if you use the - subnet option and stuff, you have the top nets in here like like you are used to, if you Inspect, the normal network, like you have all all the information. And with that, I'm done if there are any questions, please ask them now. Or later.\nDaniel Walsh: You see people modifying CNI plugins to work with us? The goal.\nPaul Holzinger: That's that's the goal. So because we are gonna deprecate, CNI at like remove it. At some point, we are going to remove the roof to the support and to have a way for some people who are currently having their own custom work. They need to Adapt to to this new one or use a standard driver or there are many ways to set up network of even without that you can use a custom network namespace path. But with this it's pretty simple because the setup and teardown is is built into portman right in into the container life cycle with all having to manage anything as\nPaul Holzinger: and advantage to the scene icon and instead I integrated the support into Portman network Create as well. So you know we've seen eye plugins custom stuff, you need to manage your CONFIGS on there and place it in the right direction. With that, you're just network create and\nPaul Holzinger: Hey, Google.\nDaniel Walsh: Very nice.\nTom Sweeney: Any other questions?\nTom Sweeney: Right, thanks Paul. Look great. Ashley Potman Machine West, demo\nAshley Cui: Yeah, I'm gonna share my screen. I demo this already and the container plumbing days but I'm going to show it again for those who aren't that conference but basically we have a new command in podmachine called Padme Machine OS, apply or It's a suite of commands applies. The only one in there at the current moment but what it allows you to do is Ontrador Cora Space Systems which is the default OS for Padre, Machine on Mac and Linux it allows you to take a container image and\nAshley Cui: Add packages based on or build a container image from like a container file and an ad packages into your VM, through rpmos tree,\u2026\nTom Sweeney: Off.\nAshley Cui: which is the package manager for Fedora chorus. So I'm just going to play my demo over here. So I'm going to start a\u2026\n00:10:00\nTom Sweeney: because,\nAshley Cui: where I'm going to make a new podman machine and parts of these. Are sped up for four times sake but it's all like yeah. Anyway,\nAshley Cui: And then I'm going to start the machine that I just created so this is just like kind of your vanilla machine. Nothing special inside of it, just your default pond machine. And then, so I'm going to check the podman version and outside the machine. Is the server is, or the server inside the machine is 441, and then the client outside the machine is 4.5. And then. So now I have this container file, it's kind of a standard container file from, but it has Fedora Cross as the base image and what what I'm doing is I'm running rpmos tree and updating containers or podman and it's friends to the most latest upstream version on main and also removing a bunch of stuff. um, and so I'm going to use this container file and build an image.\nAshley Cui: And also tag it correctly. I assume\nAshley Cui: and then, so it's gonna this is just a standard podman build like there's nothing special in a regular podium builds command\nAshley Cui: And so now we have this image that we just built. in our, Local storage.\nAshley Cui: And then again, checking the cloud inversion inside the VM, it's 441 outside, it's 4.5. And now I'm going to do a pod machine osupply to the and specify the image that I just built and it should apply it to the default POD machine. You can use if your pottery machine is, you know, name something else. You can use that as a second argument and it will apply it to that machine. And then I for Is to take effect, you have to reboot your machine.\nAshley Cui: And then now if you take a look at diversion inside of the VM, the pod machine, it's upgraded to 4.5 dev so you can see. So this feature is like particularly useful for people who want to experiment with different packages and versions of podium inside the the pod inside the machine. So I guess like For example, like the desktop team uses this or can use this if they want the latest upstream version of podman inside of their pod machine to like, tests and stuff. And again like it allows users to customize the machine in a familiar way so you don't have to go and build new VMs and learn like VM tooling you can you can use what you know which is like container files and building images in order to customize and put whatever you need inside of the VM.\nAshley Cui: By by just building images and using problems, you know, a supply. So that's that's basically the demo if anybody has any questions.\nDaniel Walsh: Showed you updated from container storage inside of the machine. That was So could it could I call could I do that with a registry?\nAshley Cui: Yes.\nAshley Cui: Yes. So it supports anything that like podcast supports it, anything that like Scopia supports, you can pull it from a registry, you can pull it from local. You can do a bunch of stuff. Yeah.\nDaniel Walsh: So if I if I was a company I wanted to do this I could push to a right. I could push it update to a registry and then every one of my users on all the different machines automatically. Do they have do that machine update from a registry and everybody would get the same version. Correct.\nAshley Cui: Yes, absolutely. Yeah.\nDaniel Walsh: Cool.\nBrent Baude: I'll just add that. I think there were two use cases in mind. When we went through this design, and Ashley showed the one where we can run the Latest pod man inside the machine, which is great for development and testing. The other one we've had in in mind is the folks that are wanting to do various multi-arch, or non-native arts. Builds or runs or testing, where they need some commute package to be on there. Which does not come as a default. So this is a easy way to plop those on real quick and be able to do whatever it is. You you had in mind.\n00:15:00\nDaniel Walsh: so, two weeks from now with new Core or West comes out. And gets updated what happens? Then\nBrent Baude: What?\nDaniel Walsh: We have to rerun the apply is. Rebuilt with rebuild. And then do we really apply, right?\nBrent Baude: Are you wanting to revert or\u2026\nDaniel Walsh: now, I'm just saying so I've added I guess there's an example.\nBrent Baude: do you want to get done?\nDaniel Walsh: There's a question out on One of the issues, someone wanted installed QM user. You know, that's 390 and\u2026\nBrent Baude: Yep.\nDaniel Walsh: so they install it, they go through this procedure, they install it. And we're running for OS 37 and 37.1 comes out. Now they want to update,\u2026\nBrent Baude: Sure.\nDaniel Walsh: they're gonna have to go through this procedure again to\nBrent Baude: If they no longer require the 390 packages, they could just simply take, take the update. or they could just execute a rebuild, which would in the container file would have from you\u2026\nDaniel Walsh: Okay.\nBrent Baude: with latest which would mean the new version that the door chorus just made, so then A simple rebuild would be enough to do it and and ideally users would be doing a stop of CI. Type things or off of github actions. Where if a repo changes, it would just automatically build and that way they consume, and then it wouldn't be on the user's shoulders to do that manual. Work.\nMatt Heon: Question. If I were to decide to switch back from my custom OS supply, to say Standard F cost, the stable train, does that put me back on automatic updates or am I going to have to do something to get back on automatically updating?\nAshley Cui: So I'm working on the current OS revert. The way that it works right now is it should I put you back on automatic updates? Because I think the automatic update driver is called like Syncotti and that if it detects that you're on a regular stream of fedora, then it should automatically update from what I've seen. Not 100% sure, but from my testing, but it just depends on like what your base was before I believe.\nTom Sweeney: Any other questions for Ashley?\nBrent Baude: This is going to end when you the one of the things that takes a little getting used to here is we'd very much have had a feeder in Fedora chorus. But now this pivot you have to think of your OS as a container image. And then those all those things we've learned about being an image, maintenance applies,\nTom Sweeney: Pretty. I'm hearing anything else at this point, so I think I'm going to turn it over to Matt for the podman database update.\nMatt Heon: All right, so this is in updates on some internal things on podman that you should not have to care about but unfortunately, you may have to with the coming future. Uh, so podman has a back-end database and if you're just upon an user not developer you probably have no knowledge of this because it's used purely for internal things. We used to store the state of containers and figuration containers, things like that. Um and this was previously in something called Bolt DB, which is a native glen better database, very simple and we thought that it did everything we needed. However, over the last year, so we've become aware of an increasing number of reports of data corruption with both dB to the poor. I wouldn't call it common, but if you are to shut your computer down on expectantly, while Bolt is doing something, there is apparently a fairly good chance that you're going to end up with an unusual database.\n00:20:00\nMatt Heon: Which means all your containers are gone, basically, requires complete recreate. So we've been looking into this for a while now and we came to the conclusion that it was not really safe to continue using Bull TB. It was unmaintained, there was basically no error handling. There was no path to data recovery and it didn't seem like it would be reasonably possible to create or to fix it rather. So that it did not corrupt itself. So we have investigated alternative database solutions and we now have an alternative database driver written up that uses SQLite instead. So right now, this is just gonna be a tech preview thing that is going to come out with the next partner and release Pod Man. Four, five of the next couple weeks and it's not going to be default for now it's just for people who want to opt into testing it at some point in the future. Probably Paul man for six we're going to see about making it the default for new installations.\nMatt Heon: existing insulations, will continue to use both DB And at some point in the further off future, we will investigate removing multi-b completely. And basically, having only SQLite and again, primary things you can expect from this transition. One stability Pod, man will stop eating its own database in cases of unexpected power loss. That's obviously, plus two performance in some operations, especially read operations. If you have large wise of containers and you're doing something like a podman PS, you can expect a significant performance boost. And three long term stability, we feel that SQLite has a much more vibrant and large community than volt dB does and as such there's a lot more potential future growth there in terms of performance, in terms of stability.\nMatt Heon: Potentially features but we're probably not using those. It's going to be a very simple database driver still. So generally speaking, you probably should not have to care about this for this foreseeable future, but at some point in the future, we are going to be announcing a the deprecation and removable DB And when we do that, we will have steps for you to take to get on the new SQLite driver if you haven't already and you probably won't have to. Because again, new installations will be switched over to SQLite. Won't before that And that is a general summary of what to expect with our move to seek lights. Why we're doing it? What to expect\nTom Sweeney: like,\nMatt Heon: Any questions?\nTom Sweeney: Very quiet bunch today.\nTom Sweeney: Right, I'm not hearing any questions for that. So I think we'll do is go on to the open form and questions that just ask. Are there any general questions or comments that you want to make?\nDaniel Walsh: I'll guess I'll ask a question that I potentially know the answer to One is pardman Ford, our five coming out.\nMatt Heon: Ideally next week late next week, we have rc1 just came out yesterday.\nTom Sweeney: Five.\nMatt Heon: I'm expecting an rc2 later this week potentially an rc3 early. Next week. If we feel, we need it and then a final late next week.\nDaniel Walsh: Okay, and I guess the other question would be what versions are gonna be showing up in the next version of Rella?\nMatt Heon: What are five will not be one of those. We're expecting our next major. Drop into Rel /. Centos stream is going to be for six, which will probably be more of a late summer type of time frame.\nDaniel Walsh: So, I, I would follow that. So right now, apartment 4.4 that one, I think, is that, right? Tom is gonna be in real 902 in Raleigh.8.\nDaniel Walsh: As I asked loaded questions.\n00:25:00\nMatt Heon: Yeah, we're expecting a 4.6 in nine three and eight nine, I believe. And yeah. Generally speaking, we're going to continue on the same sort of cadence, we had before retargeting for ish, releases per year pot man. And two of those will end up in Ralph from here on out.\nTom Sweeney: And whatever. It's worth the 441, which will be in podman 8892 will be released. sometime in early May\nTom Sweeney: and then the fourth sixth version will be able to sometime in January. I want to say no February. Getting dates.\nDaniel Walsh: Hey.\nTom Sweeney: Yeah, did somebody popping? but the question,\nTom Sweeney: Or comment.\nTom Sweeney: Okay. Also, while we're here, anybody have any Topics Suggestions For the next meeting in June 6, we have one for a quadlet demo already.\nMatt Heon: Will probe that would not be a bad time to show off podman 4-5. We're still firming some things up right now. So we couldn't really don't want today but we should have a good summary of what's in four or five by the next meeting.\nTom Sweeney: But anybody else or any other questions otherwise we're going to quite a bit early today but that's not a bad thing.\nTom Sweeney: Okay, then we'll just I'll just remind for the next meetings. We are having a meeting on Tuesday, June 6th for the Quad Man community meeting which again is the demo, kind of meetings, and our next cabal meeting for the community will be on Thursday, April 20th, which is two weeks from this Thursday, I believe. And those meetings are used mostly for design. Kind of work for plugin or any technical discussions related to the to the code base. Pretty much. And we're always happy to have comments or suggestions or topics for other. One of those, please be afraid to send me an email directly or put stuff up in the discuss discussion forums that we have on Github for providing. And unless anybody has anything else I'm going to End the recording.\nTom Sweeney: Okay, recordings done. Anybody wants anything off offline other than Hi? Jake. Good to see you again.\nJake Correnti: Everyone's good to see you.\nDaniel Walsh: Hey, Jake. And yeah at that time Tom I probably do a QM, the qmse Linux thing that I've done internally so I can do that for the next. To explain how we're using Quad LED Auto.\nTom Sweeney: For the next demo or for the community meeting. Okay.\nDaniel Walsh: Yeah. Next next community meeting\nTom Sweeney: That.\nDaniel Walsh: and hopefully, we can get an update from five main desktop at that point since they'll be just about to go 1.0 What's the date of that?\nTom Sweeney: Not know, actually, do you know?\nAshley Cui: Many 22nd.\nDaniel Walsh: What's the date of the next cabal? I mean, the next Emma.\nTom Sweeney: Yeah, well, the next ball is April 20th. The next community meeting is June 6th.\nDaniel Walsh: Yeah, so we could have them fell just release 1.0 so he probably should have them back into a demonstration.\nTom Sweeney: I'll check with stuff on.\nTom Sweeney: Right. I'm gonna Close up the meeting. I'm not hearing anything else, folks. Enjoy your lunch dinner breakfast. Whatever. Take care.\nEd Santiago Munoz: Let's work everybody.\nMohan Boddu: Thank you.\nMeeting ended after 00:30:00 \ud83d\udc4b\n")))}Zn.isMDXComponent=!0;const Qn={},_n="Podman Community Meeting",Xn=[{value:"February 2, 2021 11:00 a.m. Eastern (UTC-5)",id:"february-2-2021-1100-am-eastern-utc-5",level:2},{value:"Attendees (49 total)",id:"attendees-49-total",level:3},{value:"Meeting Start: 11:03 a.m.",id:"meeting-start-1103-am",level:2},{value:"BlueJeans Recording",id:"bluejeans-recording",level:3},{value:"Podman v3.0 Overview",id:"podman-v30-overview",level:2},{value:"Matt Heon",id:"matt-heon",level:3},{value:"(1:50 in the video)",id:"150-in-the-video",level:4},{value:"Breaking changes.",id:"breaking-changes",level:4},{value:"Demo",id:"demo",level:4},{value:"Podman with Docker Compose Demo",id:"podman-with-docker-compose-demo",level:2},{value:"Brent Baude",id:"brent-baude",level:3},{value:"(11:20 in the video)",id:"1120-in-the-video",level:4},{value:"Misc Demos",id:"misc-demos",level:2},{value:"Tom Sweeney",id:"tom-sweeney",level:3},{value:"(18:10 in the video)",id:"1810-in-the-video",level:4},{value:"GitHub Discussions",id:"github-discussions",level:2},{value:"Questions?",id:"questions",level:2},{value:"(24:50 in the video)",id:"2450-in-the-video",level:4},{value:"Topics for Next Meeting",id:"topics-for-next-meeting",level:2},{value:"Next Meeting: Tuesday March 2, 2021, 11:00 a.m. Eastern (UTC-5)",id:"next-meeting-tuesday-march-2-2021-1100-am-eastern-utc-5",level:2},{value:"Meeting End: 11:51 a.m. Eastern (UTC-5)",id:"meeting-end-1151-am-eastern-utc-5",level:3},{value:"BlueJeans Chat copy/paste:",id:"bluejeans-chat-copypaste",level:2}],$n={toc:Xn},ea="wrapper";function ta(e){let{components:t,...n}=e;return(0,me.kt)(ea,(0,K.Z)({},$n,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-meeting"},"Podman Community Meeting"),(0,me.kt)("h2",{id:"february-2-2021-1100-am-eastern-utc-5"},"February 2, 2021 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h3",{id:"attendees-49-total"},"Attendees (49 total)"),(0,me.kt)("p",null,"Tom Sweeney, Brent Baude, Jhon Honce, Dan Walsh, Chris Evich, Lokesh Mandvekar, Urvashi Mohnani, Nalin Dahyabhai, Eduardo Santiago, Valentin Rothberg, Giuseppe Scrivano, Miloslav Trmac, Parker Van Roy, Preethi Thomas, JJ Asghar, Hendrik Haddorp, Dan Walsh, Eric The IT Guy, Ashley Cui, Greg Shomo, Lee Whitty, Anders Bj\xf6rklund, Jacob Lindgren, Christian Felder, Alex Litvak, Paul Holzinger, Rodrique Heron"),(0,me.kt)("h2",{id:"meeting-start-1103-am"},"Meeting Start: 11:03 a.m."),(0,me.kt)("h3",{id:"bluejeans-recording"},"BlueJeans ",(0,me.kt)("a",{parentName:"h3",href:"https://bluejeans.com/s/UNt8jSU7IH2"},"Recording")),(0,me.kt)("h2",{id:"podman-v30-overview"},"Podman v3.0 Overview"),(0,me.kt)("h3",{id:"matt-heon"},"Matt Heon"),(0,me.kt)("h4",{id:"150-in-the-video"},"(1:50 in the video)"),(0,me.kt)("p",null,"Podman 3.0 will be the largest ever. Expecting an RC3 later this week, 3.0 final by Wednesday of next week. Docker Compose support is a large one, along with podman rename. Copy support for remote clieantadded for copying in and out of containers using the http API. A number of network changes added by Paul Holzinger such as network reload, network ls, network create, and more. Networks now have ID's and labels. Podman checkpoint now supports with previous and checkpoint. Full details ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/blob/main/RELEASE_NOTES.md"},"here"),"."),(0,me.kt)("h4",{id:"breaking-changes"},"Breaking changes."),(0,me.kt)("p",null,"Shortnames for CI now prompts for which image you want by default. This is only on a TTY, will not break any scripts. A security feature. In the future if shortnames are set to strict in Podman, scripts will break too, but you will be able set an alias. More info ",(0,me.kt)("a",{parentName:"p",href:"https://www.redhat.com/sysadmin/container-image-short-names"},"here"),"."),(0,me.kt)("p",null,"The podman load command no longer accepts a NAME","[:TAG]",", this was incompatible with Docker prior."),(0,me.kt)("p",null,"The legacy Varlink API has been removed."),(0,me.kt)("h4",{id:"demo"},"Demo"),(0,me.kt)("p",null,"Matt started the demo (8:00 in the video):"),(0,me.kt)("p",null,"Showed how to rename a container. The functionality works on rootful and rootless."),(0,me.kt)("p",null,"Release notes for v3.0:",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/blob/main/RELEASE_NOTES.md"},"here")),(0,me.kt)("h2",{id:"podman-with-docker-compose-demo"},"Podman with Docker Compose Demo"),(0,me.kt)("h3",{id:"brent-baude"},"Brent Baude"),(0,me.kt)("h4",{id:"1120-in-the-video"},"(11:20 in the video)"),(0,me.kt)("p",null,'A number of folks told us they had not moved to Podman from Docker due to a lack of "podman compose".'),(0,me.kt)("p",null,"Docker-compose is a tool that talks to the docker.sock or podman.sock talking Docker API"),(0,me.kt)("p",null,"Podman-compose is a wrapper around podman that translates docker-compose yaml files into podman commands."),(0,me.kt)("p",null,"Now Docker-compose will just talk to podman.sock now."),(0,me.kt)("p",null,"Brent did demo (13:42 in the video):"),(0,me.kt)("p",null,"Using a yaml from Docker directly."),(0,me.kt)("p",null,'"Not terribly exciting, it just does what it does."'),(0,me.kt)("p",null,"We've had requests for Docker compoese and changes. The initial goal is to make it work rootful with Podman. it does so now. We've had requests for rootless which is feasible, but more work is necessary. It is only rootful for v3.0."),(0,me.kt)("p",null,"Docker Compose articles:"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("a",{parentName:"li",href:"https://www.redhat.com/sysadmin/podman-docker-compose"},"https://www.redhat.com/sysadmin/podman-docker-compose")),(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("a",{parentName:"li",href:"https://www.redhat.com/sysadmin/compose-kubernetes-podman"},"https://www.redhat.com/sysadmin/compose-kubernetes-podman"))),(0,me.kt)("p",null,"That second article is where Podman is heading."),(0,me.kt)("h2",{id:"misc-demos"},"Misc Demos"),(0,me.kt)("h3",{id:"tom-sweeney"},"Tom Sweeney"),(0,me.kt)("h4",{id:"1810-in-the-video"},"(18:10 in the video)"),(0,me.kt)("p",null,"Tom ran a demo to show some small new addtions that might have been lost in the shuffle. He showed the new ",(0,me.kt)("inlineCode",{parentName:"p"},"--from")," and ",(0,me.kt)("inlineCode",{parentName:"p"},"--stdin")," options for the ",(0,me.kt)("inlineCode",{parentName:"p"},"buildah bud")," and ",(0,me.kt)("inlineCode",{parentName:"p"},"podman build")," commands, plus the new ",(0,me.kt)("inlineCode",{parentName:"p"},"--list-tags")," option for the ",(0,me.kt)("inlineCode",{parentName:"p"},"podman search")," command."),(0,me.kt)("p",null,"Demo Started (18:30 in the video)"),(0,me.kt)("h2",{id:"github-discussions"},"GitHub Discussions"),(0,me.kt)("p",null,"Podman has turned on the GitHub Discussions platform for the use of the community. Ask any questions you want there, make announcements of interest, or just drop in and say hi! It's under the \"Discussions\" link on the top of Podman's GitHub page, or directly at: ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/discussions"},"https://github.com/containers/podman/discussions")),(0,me.kt)("h2",{id:"questions"},"Questions?"),(0,me.kt)("h4",{id:"2450-in-the-video"},"(24:50 in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"When will v3.0 be available. Next week upstream, should be available in Fedora shortly after that. Hoping to have it in Ubuntu or Debian a bet after that. Centos streams soon after we release and in RHEL 8.4 which is scheduled sometime at the end of May."),(0,me.kt)("p",{parentName:"li"},"Goal is to make things seamless as possible.")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Red Hat team is working on stabilization changes in the next few weeks. Focus on Mac developments. We think we're feature complete with Docker with the Podman v3.0 release. Work going on for refactoring Podman to hopefully decrease the size of the Podman library. Work continues on getting along with Kubernetest")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Static binaries will be added for v3.0, as there have been some breakage with the nixpackage. Chris has just added a fix for the nix issue.")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Containers Plumbing Conferene coming up in March, March 9 and 10 for four hours each day. Sign up here: ",(0,me.kt)("a",{parentName:"p",href:"https://containerplumbing.org/"},"https://containerplumbing.org/"))),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Difference between Podman Compose and Docker Compose. Podman compose was written by the community which Dan believes was used to wrap docker yaml files and translate them to direct Podman commands.")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Can you elaborate on the issue with renaming infra-containers ? Matt did something quickly and it has some limitations that will be removed in v3.1. But should work fine for v3.0.")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"New Podman discussions on GitHub: ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/discussions"},"https://github.com/containers/podman/discussions"))),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Journald support. We thought it was working fine with k8s file system. Should be fixed completey in v3.1.")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Brent asked for any missing features that have not been added to GitHub. Anders talked about next generation of boot2docker/boot2podman (and docker-machine/podman-machine), see ",(0,me.kt)("a",{parentName:"p",href:"https://boot2podman.github.io/"},"https://boot2podman.github.io/")," for details.")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Dan pointed out that we've moved our default run time library from runc to crun. We should still support both."))),(0,me.kt)("h2",{id:"topics-for-next-meeting"},"Topics for Next Meeting"),(0,me.kt)("h2",{id:"next-meeting-tuesday-march-2-2021-1100-am-eastern-utc-5"},"Next Meeting: Tuesday March 2, 2021, 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("p",null,"Setting goal to make April meeting in the evening East Coast, 8 to 10 pm."),(0,me.kt)("h3",{id:"meeting-end-1151-am-eastern-utc-5"},"Meeting End: 11:51 a.m. Eastern (UTC-5)"),(0,me.kt)("h2",{id:"bluejeans-chat-copypaste"},"BlueJeans Chat copy/paste:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"SETTINGS\nEVERYONEDIRECT MESSAGES\nMe10:47 AM\nPlease Sign in using the meeting notes and/or add questions at the end for the Q&A\nhttps://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\nRodrique Heron11:00 AM\nwill this be recorded?\nawesome\nValentin Rothberg11:09 AM\nMore on short-name aliasing here: https://www.redhat.com/sysadmin/container-image-short-names\nChristian Felder11:12 AM\ndoes podman rename work with rootless as well?\nthanks\nMatt Heon11:13 AM\nFYI, release notes for 3.0 live at https://github.com/containers/podman/blob/main/RELEASE_NOTES.md\nExpect a few more bugfixes to trickle in before final release\nEdward Haynes11:13 AM\nis it called Podman Compose?\nDaniel (rhatdan) Walsh11:13 AM\nNo that is a different thing.\nEdward Haynes11:13 AM\nok\nDaniel (rhatdan) Walsh11:14 AM\nDocker-compose is a tool that talks to the docker.sock or podman.sock talking Docker API\nPodman-compose is a wrapper around podman that translates docker-compose yaml files into podman commands.\nEdward Haynes11:14 AM\nSo Docker-compose will just talk to podman.sock now\nDaniel (rhatdan) Walsh11:14 AM\nyes\nEdward Haynes11:14 AM\ngotcha\nDaniel (rhatdan) Walsh11:15 AM\nAs well as docker-py.\nJacob Lindgren11:18 AM\nboring is good!\nScott McCarty11:18 AM\nVery nice!\nEdward Haynes11:18 AM\nWe don't want things TOO boring or we'd all be out of a job\nBrent Baude11:22 AM\nre: docker-compose, here are a couple of articles ...\nhttps://www.redhat.com/sysadmin/podman-docker-compose\nhttps://www.redhat.com/sysadmin/compose-kubernetes-podman\nthe latter is really a glimpse into where Podman is heading.\nJacob Lindgren11:23 AM\noh i like this. I used skopeo inspect for this before.\nBrent Baude11:25 AM\ncool, i missed tht one dan/tom\nGShomo (Northeastern)11:27 AM\nwhich distribution/releases can expect to see podman-3.0 ?\nMatt Heon11:28 AM\n@GShomo Fedora should see it quickly. We actually disabled autobuilds for Ubuntu/Debian/CentOS in OBS, though\nWe will reenable them once we have verified the release is stable\nOBS doesn't have a real process for verifying the builds are functional so we sometimes end up shipping broken packages\nAnd we'd like to avoid this\nLokesh Mandvekar11:31 AM\n@gshomo: if you can spare some resources, newer packages will be available quicker on the testing project. See: https://podman.io/getting-started/installation#installing-development-versions-of-podman\nChristian Felder11:35 AM\non our own OBS appliance we've two projects, stable and testing, and we first build in testing and our CI does something once the package has been built in testing, at the moment for our rpm packages just installing them... But basically you could run several steps afterwards in your CI if you want to ingetrate OBS into your release pipeline\nValentin Rothberg11:36 AM\nhttps://containerplumbing.org/\nGShomo (Northeastern)11:36 AM\ncan you elaborate on the issue with renaming infra-containers ?\nAnders Bj\xf6rklund11:38 AM\n\"Registration will open on February 1, 2021.\"\nMatt Heon11:40 AM\n@GShomo - I did things the quick way, instead of the right way, to get things landed in time for 3.0\nI will have this fixed for 3.1\nIt's a silly limitation from my doing things quickly :-)\nAlex Litvak11:41 AM\nwhat are the changes for journald support?\nGShomo (Northeastern)11:41 AM\nthank you !\nAlex Litvak11:44 AM\nthank you\nLudovic Cavajani11:44 AM\nThanks !\nMe11:45 AM\nFun Fact: In 1976 an LA secretary named Jannene Swift officially married a 50 pound rock in a ceremony witnessed by more than 20 people. Perhaps the first \"Pet Rock\"?\nJJ Asghar11:47 AM\nfyi: https://containerplumbing.org/register seems to say it's going to open on the 1st.... :'(\nChristian Felder11:48 AM\nI had to adjust some kernel settings in the past when I started some more containers (around 40)... - user.max_inotify_instances, fs.inotify.max_user_watches\nwould be nice to have some guidelines on that settings, although this might be not a podman only issiue...\nDevin Parrish11:49 AM\nThanks!\nJames Cassell11:49 AM\nwhere do we find recordings of this and past meetings?\n(Tom Sweeney responded verbally, podman.io under https://podman.io/community/meeting/. A link on each set of notes.)\nChristian Felder11:49 AM\nOk. I'll open an issue\nThanks\nJames Cassell11:50 AM\nthanks\nLokesh Mandvekar11:50 AM\nChristian Felder: RE: OBS, I'll be working on a change which will allow building debian packages from the rpm spec files, (thanks to Neal Gompa) ..maybe migrate that to upstream repos as well\n")))}ta.isMDXComponent=!0;const na={},aa="Podman Community Cabal Meeting",oa=[{value:"July 15, 2021 10:00 a.m. Eastern (UTC-4)",id:"july-15-2021-1000-am-eastern-utc-4",level:2},{value:"Attendees (24 total)",id:"attendees-24-total",level:3},{value:"Meeting Start: 10:05 a.m.",id:"meeting-start-1005-am",level:2},{value:"Video Recording (You'll need to request access to view, we'll try to change that for the next meeting.)",id:"video-recording-youll-need-to-request-access-to-view-well-try-to-change-that-for-the-next-meeting",level:3},{value:"Copy an image from container storage to another container storage",id:"copy-an-image-from-container-storage-to-another-container-storage",level:3},{value:"(9:50 in the video)",id:"950-in-the-video",level:4},{value:"New Features for podman play kube",id:"new-features-for-podman-play-kube",level:3},{value:"(27:25 in the video)",id:"2725-in-the-video",level:4},{value:"Discussion with Training Team",id:"discussion-with-training-team",level:3},{value:"(44:45 in the video)",id:"4445-in-the-video",level:4},{value:"Open discussion",id:"open-discussion",level:3},{value:"(48:55 in the video)",id:"4855-in-the-video",level:4},{value:"Next Meeting: Thursday August 19, 2021 10:00 a.m. EDT (UTC-4)",id:"next-meeting-thursday-august-19-2021-1000-am-edt-utc-4",level:3},{value:"Meeting End: 10:56 a.m. Eastern (UTC-4)",id:"meeting-end-1056-am-eastern-utc-4",level:3}],ia={toc:oa},sa="wrapper";function ra(e){let{components:t,...n}=e;return(0,me.kt)(sa,(0,K.Z)({},ia,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-cabal-meeting"},"Podman Community Cabal Meeting"),(0,me.kt)("h2",{id:"july-15-2021-1000-am-eastern-utc-4"},"July 15, 2021 10:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h3",{id:"attendees-24-total"},"Attendees (24 total)"),(0,me.kt)("p",null,"Matt Heon, Mehul Arora, Miloslav Trmac, Nalin Dahyabhai, Paul Holzinger, Pavel Sosin, Reinhard Tartier, Urvashi Mohnani, Valentin Rothberg, Tom Sweeney, Anders Bjorklund, Ashley Cui, Brent Baude, Charlie Doern, Chris Evich, Dan Walsh, Ed Haynes, Ed Santiago, Erik Bernoth, Lokesh Mandvekar."),(0,me.kt)("h2",{id:"meeting-start-1005-am"},"Meeting Start: 10:05 a.m."),(0,me.kt)("h3",{id:"video-recording-youll-need-to-request-access-to-view-well-try-to-change-that-for-the-next-meeting"},"Video ",(0,me.kt)("a",{parentName:"h3",href:"https://drive.google.com/file/d/1hdLMicPfI9NA_MEuGaHGtyIgw6v28Ojg/view"},"Recording")," (You'll need to request access to view, we'll try to change that for the next meeting.)"),(0,me.kt)("p",null,"Started out with general discussion of the meetings purpose going forward. We then went around and did introduction of each of the attendees."),(0,me.kt)("h3",{id:"copy-an-image-from-container-storage-to-another-container-storage"},"Copy an image from container storage to another container storage"),(0,me.kt)("h4",{id:"950-in-the-video"},"(9:50 in the video)"),(0,me.kt)("p",null,(0,me.kt)("inlineCode",{parentName:"p"},"podman image scp")," - Ed Santiago wanted an easy way to move stuff from container storage to container storage. Charlie Doern originally created a PR and after discussion, a number of options were discussed (see ",(0,me.kt)("a",{parentName:"p",href:"./Podman_Image_SCP.pdf"},"slides"),")"),(0,me.kt)("p",null,"Two thoughts are towards sticking with ",(0,me.kt)("inlineCode",{parentName:"p"},"podman image scp"),". This is doable now with bash scripting, but Dan would like it as a part of command line interface."),(0,me.kt)("p",null,"Why use \"colon colon\"? To keep it away from the ssh protocol, we're using it as a key to note it's a ssh remote call. Whereas a single colon would be looked at as a transport."),(0,me.kt)("p",null,'Erik noted he liked the feature. You don\'t need to set up registries for different users. He is concerned it might be confusing to new users. He would set aside "save" and "load" to backup types of commands.'),(0,me.kt)("p",null,"The goal is to not tranform the image, it should be exactly the same before and after. Including multi-layer images. If the target has some of the layers already in place, you might want only copy the layers that don't exist."),(0,me.kt)("p",null,'We might look at "git pull" and "git push" for possible examples.'),(0,me.kt)("p",null,"This would allow copying from one machine to another."),(0,me.kt)("p",null,'Should we use "scp" to "cp" or "copy". Anders saw a lot of bike shedding with scp versus cp in Kurbernetes. Something to consider. We started with "scp" as it does use ssh under the covers and clues the user in.'),(0,me.kt)("p",null,'Should we use "scp://" and be another transport. The problem with that is it would require another service.'),(0,me.kt)("h3",{id:"new-features-for-podman-play-kube"},"New Features for ",(0,me.kt)("inlineCode",{parentName:"h3"},"podman play kube")),(0,me.kt)("h4",{id:"2725-in-the-video"},"(27:25 in the video)"),(0,me.kt)("p",null,"The play kube command has been growing due to user command. Customers have been using yamls, find something isn't yet covered, and so we've added commands to satisfy the need."),(0,me.kt)("p",null,"It would be good to get input from the community about what futher work is needed to ",(0,me.kt)("inlineCode",{parentName:"p"},"podman play kube"),". If you have ideas, please open a discussion"),(0,me.kt)("p",null,"Dan wonders if we could look at the functionality of Docker Compose and then ingrain them into 'podman play kube'. A number of use cases have been found in yaml files used for OpenShift."),(0,me.kt)("p",null,"Looking atwo things: Be able to build similar to how Docker Compose does based on Docker files."),(0,me.kt)("p",null,"Init containers that would be run after a pod infra container. They would do init/setup jobs, then the rest of the pods would kick off. This is a standard feature in Kubernetes."),(0,me.kt)("p",null,"Any further ideas: Erik thinks this is a key feature and many are using composed. Play kube is very valuable as it moves things into kubernetes easily. We could potentially ask someone from OKD or other discussion groups."),(0,me.kt)("p",null,"Currently play kube and systemd don't play well together, so that would be a nice addition if it can. Valentin discussed the current status."),(0,me.kt)("p",null,"We currently don't have a ",(0,me.kt)("inlineCode",{parentName:"p"},"podman play kube stop"),", would that be good? Erik was asked if this would be useful. Erik thinks it would be good."),(0,me.kt)("p",null,"Podman's goal isn't to compete against Kubernetes, but to allow users to move to a single host environment."),(0,me.kt)("h3",{id:"discussion-with-training-team"},"Discussion with Training Team"),(0,me.kt)("h4",{id:"4445-in-the-video"},"(44:45 in the video)"),(0,me.kt)("p",null,"Doing training and ran into issue and couldn't debug it. Issue raised with ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/issues/10482"},"https://github.com/containers/podman/issues/10482")),(0,me.kt)("p",null,"Perhaps we could invite someone from the training team to discuss how the training can be improved/worked on. Dan thinks it might be just due to the time necessary to develop the training. May be do it in a container."),(0,me.kt)("h3",{id:"open-discussion"},"Open discussion"),(0,me.kt)("h4",{id:"4855-in-the-video"},"(48:55 in the video)"),(0,me.kt)("p",null,"Brent asked if people move on IRC to libera. Most have. Lokesh noted the IRC channel is using Matrix. ",(0,me.kt)("a",{parentName:"p",href:"https://kparal.wordpress.com/2021/06/01/connecting-to-libera-chat-through-matrix/"},"https://kparal.wordpress.com/2021/06/01/connecting-to-libera-chat-through-matrix/")),(0,me.kt)("p",null,'Cabal meetings purpose "What\'s the future of Podman" type of discussions.'),(0,me.kt)("h3",{id:"next-meeting-thursday-august-19-2021-1000-am-edt-utc-4"},"Next Meeting: Thursday August 19, 2021 10:00 a.m. EDT (UTC-4)"),(0,me.kt)("h3",{id:"meeting-end-1056-am-eastern-utc-4"},"Meeting End: 10:56 a.m. Eastern (UTC-4)"))}ra.isMDXComponent=!0;const la={},ha="Podman Community Meeting",da=[{value:"October 5, 2021 11:00 a.m. Eastern (UTC-4)",id:"october-5-2021-1100-am-eastern-utc-4",level:2},{value:"Attendees (23 total)",id:"attendees-23-total",level:3},{value:"Meeting Start: 11:03 a.m.",id:"meeting-start-1103-am",level:2},{value:"BlueJeans Recording",id:"bluejeans-recording",level:3},{value:"Podman on M1 Mac Status",id:"podman-on-m1-mac-status",level:2},{value:"Ashley Cui",id:"ashley-cui",level:3},{value:"(6:30 in the video)",id:"630-in-the-video",level:4},{value:"DIY Networking in rootless containers",id:"diy-networking-in-rootless-containers",level:2},{value:"Paul Holzinger",id:"paul-holzinger",level:3},{value:"(10:09 in the video)",id:"1009-in-the-video",level:4},{value:"Podman Security Bench",id:"podman-security-bench",level:2},{value:"Dan Walsh",id:"dan-walsh",level:3},{value:"(24:00 in the video) 27",id:"2400-in-the-video-27",level:4},{value:"Podman v3.4 Announcement",id:"podman-v34-announcement",level:2},{value:"Matt Heon",id:"matt-heon",level:3},{value:"(29:45 in the video)",id:"2945-in-the-video",level:4},{value:"Support \u2013format tables in ps output",id:"support-format-tables-in-ps-output",level:2},{value:"Jhon Honce",id:"jhon-honce",level:3},{value:"(35:40 in the video)",id:"3540-in-the-video",level:4},{value:"Podman build \u2013platform lists",id:"podman-build-platform-lists",level:2},{value:"Nalin Dahyabhai",id:"nalin-dahyabhai",level:3},{value:"(37:44 in the video)",id:"3744-in-the-video",level:4},{value:"Volume Demos",id:"volume-demos",level:2},{value:"Aditya Rajan",id:"aditya-rajan",level:3},{value:"(44:16 in the video)",id:"4416-in-the-video",level:4},{value:"Open Forum/Questions?",id:"open-forumquestions",level:2},{value:"(51:10) in the video) 55",id:"5110-in-the-video-55",level:4},{value:"Topics for Next Meeting",id:"topics-for-next-meeting",level:2},{value:"Next Meeting: Tuesday November 2, 2021, 11:00 a.m. Eastern (UTC-4)",id:"next-meeting-tuesday-november-2-2021-1100-am-eastern-utc-4",level:2},{value:"Next Cabal Meeting: Thursday October 21, 2021, 10:00 a.m. Eastern (UTC-4)",id:"next-cabal-meeting-thursday-october-21-2021-1000-am-eastern-utc-4",level:2},{value:"Meeting End: 11:59 a.m. Eastern (UTC-4)",id:"meeting-end-1159-am-eastern-utc-4",level:3},{value:"BlueJeans Chat copy/paste:",id:"bluejeans-chat-copypaste",level:2}],ua={toc:da},ma="wrapper";function ca(e){let{components:t,...n}=e;return(0,me.kt)(ma,(0,K.Z)({},ua,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-meeting"},"Podman Community Meeting"),(0,me.kt)("h2",{id:"october-5-2021-1100-am-eastern-utc-4"},"October 5, 2021 11:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h3",{id:"attendees-23-total"},"Attendees (23 total)"),(0,me.kt)("p",null,"Tom Sweeney, Jhon Honce, Dan Walsh, Chris Evich, Urvashi Mohnani, Nalin Dahyabhai, Eduardo Santiago, Matt Heon, Paul Holzinger, Erik Bernoth, Chris Evich, Scott McCarty, Anders Bj\xf6rklund, Lokesh Mandvekar, Valentin Rothberg, Guillaume Rose, Rudolf Vesely, Ashley Cui, Brent Baude, Shion Tanaka, Marcin Skarbek, Aditya Rajan, Giuseppe Scrivan, Rudolf Vesely"),(0,me.kt)("h2",{id:"meeting-start-1103-am"},"Meeting Start: 11:03 a.m."),(0,me.kt)("h3",{id:"bluejeans-recording"},"BlueJeans ",(0,me.kt)("a",{parentName:"h3",href:"https://bluejeans.com/s/X3NY6qgSlKQ"},"Recording")),(0,me.kt)("h2",{id:"podman-on-m1-mac-status"},"Podman on M1 Mac Status"),(0,me.kt)("h3",{id:"ashley-cui"},"Ashley Cui"),(0,me.kt)("h4",{id:"630-in-the-video"},"(6:30 in the video)"),(0,me.kt)("p",null,"Patch for M1 in qemu upstream, but not merged. However, it is available on homebrew at the moment. If you install qemu using homebrew, you can use Podman correctly."),(0,me.kt)("p",null,"Demo (started at 7:30)"),(0,me.kt)("p",null,"What works on an Intel Mac should now work on an M1. Now working on volumes and also trying to get a GUI together. Looking at putting together a window-bar."),(0,me.kt)("h2",{id:"diy-networking-in-rootless-containers"},"DIY Networking in rootless containers"),(0,me.kt)("h3",{id:"paul-holzinger"},"Paul Holzinger"),(0,me.kt)("h4",{id:"1009-in-the-video"},"(10:09 in the video)"),(0,me.kt)("p",null,(0,me.kt)("a",{parentName:"p",href:"https://podman.io/community/meeting/notes/2021-10-05/Podman-Rootless-Networking.pdf"},"Slides")),(0,me.kt)("p",null,"Talking rootless network without extra privileges.\nProxy into rootless is done via Slirp4netns. It uses this stack to tap into the interface in the container namespace. Supports port forwarding."),(0,me.kt)("p",null,"A few settings are used for rootless users. Can use allow_host_loopback to reach the 10.0.2.2 loopback. Off by default as it's a security hole."),(0,me.kt)("p",null,"You can also enable_ipv6 and specify the port_handler."),(0,me.kt)("p",null,"Rootless CNI networking uses an extra network namespace to execute the CNI plugins. Only works for bridge networks. Inter container communication works out of the box. The IP address assigned to the container is not reachable from the host network namespace. You need to use port forwarding."),(0,me.kt)("p",null,"DIY Networking. You can set up your own interfaces, but first, you need to create network interfaces on the host, which requires root priv. Once done, Podman can talk to them using ",(0,me.kt)("inlineCode",{parentName:"p"},"--network=none")," option with the ",(0,me.kt)("inlineCode",{parentName:"p"},"podman container init")," command."),(0,me.kt)("p",null,"Rudolf to work with Paul to update the tutorial and possibly do a demo next time."),(0,me.kt)("h2",{id:"podman-security-bench"},"Podman Security Bench"),(0,me.kt)("h3",{id:"dan-walsh"},"Dan Walsh"),(0,me.kt)("h4",{id:"2400-in-the-video-27"},"(24:00 in the video) 27"),(0,me.kt)("p",null,"Based on the security bench from Docker. Doesn't yet have all the same functionality."),(0,me.kt)("p",null,"Demo (Started at 24:54)"),(0,me.kt)("p",null,"It needs to run at root, not yet available on rootless."),(0,me.kt)("p",null,"CLI does a whole bunch of security checks. At the end, it gives you a security score. It shows where you're having trouble with each of the checks. It's now available upstream."),(0,me.kt)("p",null,"Dan would like to get it to run in rootless mode and look at containers.conf. Would love community help."),(0,me.kt)("h2",{id:"podman-v34-announcement"},"Podman v3.4 Announcement"),(0,me.kt)("h3",{id:"matt-heon"},"Matt Heon"),(0,me.kt)("h4",{id:"2945-in-the-video"},"(29:45 in the video)"),(0,me.kt)("p",null,"New 3.4 release that came out last week. We are switching focus on v4.0. Network working, pointing at January 2022 release. There will not be a 3.5.0 in between."),(0,me.kt)("p",null,"In 3.4, changes to Podman play and generate cube. Init containers are now available to run in a pod."),(0,me.kt)("p",null,"We can now build images with ",(0,me.kt)("inlineCode",{parentName:"p"},"podman play kube"),". This makes it act more like ",(0,me.kt)("inlineCode",{parentName:"p"},"docker compose"),". You can use a Containerfile to build an image with this command."),(0,me.kt)("p",null,"Yaml file can now tear down pod or pods with the ",(0,me.kt)("inlineCode",{parentName:"p"},"--down")," command, plus a number of new pod related commands. See the ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/blob/main/RELEASE_NOTES.md"},"release notes")," for more info."),(0,me.kt)("h2",{id:"support-format-tables-in-ps-output"},"Support \u2013format tables in ps output"),(0,me.kt)("h3",{id:"jhon-honce"},"Jhon Honce"),(0,me.kt)("h4",{id:"3540-in-the-video"},"(35:40 in the video)"),(0,me.kt)("p",null,"Podman uses golang tab writer and formatter for all the commands."),(0,me.kt)("p",null,"Demo (started at 36:00)"),(0,me.kt)("p",null,"Showed a number of different ways to remove headings, so you can now use table to show which fields you want."),(0,me.kt)("h2",{id:"podman-build-platform-lists"},"Podman build \u2013platform lists"),(0,me.kt)("h3",{id:"nalin-dahyabhai"},"Nalin Dahyabhai"),(0,me.kt)("h4",{id:"3744-in-the-video"},"(37:44 in the video)"),(0,me.kt)("p",null,"The ",(0,me.kt)("inlineCode",{parentName:"p"},"--platform")," option in the ",(0,me.kt)("inlineCode",{parentName:"p"},"podman build")," command to specify other platforms."),(0,me.kt)("p",null,"DEMO 37:47 in demo."),(0,me.kt)("p",null,"The ",(0,me.kt)("inlineCode",{parentName:"p"},"podman build")," command now takes multiple values for its ",(0,me.kt)("inlineCode",{parentName:"p"},"--platform")," option. The platform option lets you build for machines other than what you are currently running Podman on."),(0,me.kt)("p",null,"The ",(0,me.kt)("inlineCode",{parentName:"p"},"--manifest")," target is used too. Allow you to build a manifest list and then add the image to the list. A number of cleanups have been done on internal libraries to make this work."),(0,me.kt)("p",null,'When building multiple architectures in one build, the "STEP" output in the build will show which architecture.'),(0,me.kt)("p",null,"The ",(0,me.kt)("inlineCode",{parentName:"p"},"podman manifest list")," command will show the multiple platforms used."),(0,me.kt)("h2",{id:"volume-demos"},"Volume Demos"),(0,me.kt)("h3",{id:"aditya-rajan"},"Aditya Rajan"),(0,me.kt)("h4",{id:"4416-in-the-video"},"(44:16 in the video)"),(0,me.kt)("p",null,"Demo (Started at 44:27)"),(0,me.kt)("p",null,"First demonstrated adding an overlay over rootfs. Exported alpine and created dir for rootfs and tarred it out to a directory. So tried running with ",(0,me.kt)("inlineCode",{parentName:"p"},"--rootfs rootfs/:0")," and created a file in the container. On the host, the file is not there."),(0,me.kt)("p",null,"A new option for volumes to create overlay over Podman's volume. It created the test volume. Again made a file and found it was created on the container but not on the host due to the ",(0,me.kt)("inlineCode",{parentName:"p"},":0")," specification."),(0,me.kt)("p",null,"These are temp volumes and last only as long as the container lasts and you can't commit the data."),(0,me.kt)("h2",{id:"open-forumquestions"},"Open Forum/Questions?"),(0,me.kt)("h4",{id:"5110-in-the-video-55"},"(51:10) in the video) 55"),(0,me.kt)("p",null,"Are there any plans for an arm-on-intel/intel-on-arm for Podman machine? Not at this time, but we are willing to see if there's enough push for that. Nalin asked if you could run using a multi-platform build maybe? Brent will note it for possible futures. If the community wants to do it, we'd be happy to merge it, but not currently in the plan by the maintainers to do it themselves."),(0,me.kt)("p",null,"Will Podman support OpenZFS? Willing to take a PR."),(0,me.kt)("h2",{id:"topics-for-next-meeting"},"Topics for Next Meeting"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"DIY Networking Part II")),(0,me.kt)("h2",{id:"next-meeting-tuesday-november-2-2021-1100-am-eastern-utc-4"},"Next Meeting: Tuesday November 2, 2021, 11:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h2",{id:"next-cabal-meeting-thursday-october-21-2021-1000-am-eastern-utc-4"},"Next Cabal Meeting: Thursday October 21, 2021, 10:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h3",{id:"meeting-end-1159-am-eastern-utc-4"},"Meeting End: 11:59 a.m. Eastern (UTC-4)"),(0,me.kt)("h2",{id:"bluejeans-chat-copypaste"},"BlueJeans Chat copy/paste:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Lokesh Mandvekar10:58 AM\ned, is this the right link ?\nMe11:00 AM\nPlease sign in on the meeting notes: https://hackmd.io/fc1zraYdS0-klJ2KJcfC7w?both\nAditya11:02 AM\nwe can hear you dan\nDan Walsh11:03 AM\nGret\nGreat\nLokesh Mandvekar11:09 AM\ndo people wanna try switching to google meet if everyone's having problems?\nErik Bernoth11:10 AM\nGood idea Lokesh\nAnders Bj\xf6rklund11:11 AM\nCan you run amd64 containers on the arm64, like OOTB ?\nMatt Heon11:12 AM\nWe were discussing that, and I think the answer is not OOTB but it only requires one package to be installed\nErik Bernoth11:12 AM\nDan\u2018s screenshots seems to work. Paul, can you also try for a sec?\nAnders Bj\xf6rklund11:13 AM\nSounds good! I guess it is not related the to the VM itself, but user qemu\nMatt Heon11:15 AM\nThe perf is a little questionable, because it's nested virt, and the inner virt is also virtualizing the architecture\nBut it is definitely doable\nAnders Bj\xf6rklund11:16 AM\noh, it's like 10x slower (at least)\nbut sometimes useful\nDan Walsh11:18 AM\nPaul I can set these fields in containers.conf correct?\nAditya11:21 AM\n@tom i can go next switched to chromium\nPaul Holzinger11:27 AM\nhave to drop now, bye\nAnders Bj\xf6rklund11:46 AM\nWas there any update on volumes in podman machine ?\nbaude11:47 AM\nno updates\nAnders Bj\xf6rklund11:47 AM\n:-)\nbaude11:48 AM\nwe are making progress on the whole thing, but it is a slow march\nAnders Bj\xf6rklund11:48 AM\nlima is taking this samba detour\nMarcin Skarbek11:49 AM\nOpenZFS started working on the user/mount nanespaces support with LXC in mind, but that could be interesting in rootless context https://github.com/openzfs/zfs/pull/12263\nShion Tanaka11:54 AM\nAre there any plans for an arm-on-Intel/Intel-on-arm for the Podman machine?\nbaude11:54 AM\nno\nShion Tanaka11:54 AM\nOk, thanks\nAnders Bj\xf6rklund11:55 AM\nyou can use podman-on-fedora-on-lima, if you want to run cross-arch VM\n")))}ca.isMDXComponent=!0;const pa={},ga="Podman Community Cabal Meeting Notes",ka=[{value:"December 16, 2021 11:00 a.m. Eastern",id:"december-16-2021-1100-am-eastern",level:2},{value:"December 16, 2021 Topics",id:"december-16-2021-topics",level:2},{value:"Meeting Notes",id:"meeting-notes",level:3},{value:"Lima (0:35 in video) - Anders, Matt",id:"lima-035-in-video---anders-matt",level:3},{value:"Detect default network backend (40:40 in video) - Paul, Matt",id:"detect-default-network-backend-4040-in-video---paul-matt",level:3},{value:"Open discussion ( 50:10 in video)",id:"open-discussion--5010-in-video",level:4},{value:"Next Meeting: Thursday January 20, 2022 11:00 a.m. EDT (UTC-5)",id:"next-meeting-thursday-january-20-2022-1100-am-edt-utc-5",level:3},{value:"Possible Topics:",id:"possible-topics",level:3}],ya={toc:ka},wa="wrapper";function fa(e){let{components:t,...n}=e;return(0,me.kt)(wa,(0,K.Z)({},ya,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-cabal-meeting-notes"},"Podman Community Cabal Meeting Notes"),(0,me.kt)("p",null,"Attendees: Tom Sweeney, Aditya Rajan, Matt Heon, Brent Baude, Ashley Cui, Chris Evich, Preethi Thomas, Urvashi Mohnani, Eduardo Santiago, Giuseppe Scrivano, Nalin Dahyabhai, Paul Holzinger, Anders Bj\xf6rklund, Dan Walsh, Valentin Rothberg, Flavian Missi, Jhon Honce, Lorenzo M. Catucci, Miloslav Trmac, Scott McCarty"),(0,me.kt)("h2",{id:"december-16-2021-1100-am-eastern"},"December 16, 2021 11:00 a.m. Eastern"),(0,me.kt)("h2",{id:"december-16-2021-topics"},"December 16, 2021 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Lima - Anders, Matt"),(0,me.kt)("li",{parentName:"ol"},"How to detect default network backend (CNI or netavark) - Paul, Matt")),(0,me.kt)("h3",{id:"meeting-notes"},"Meeting Notes"),(0,me.kt)("p",null,"Video ",(0,me.kt)("a",{parentName:"p",href:"https://www.youtube.com/watch?v=f4dXfsFmDck"},"Recording")),(0,me.kt)("p",null,"Meeting start 11:02 a.m. Thursday, December 16, 2021"),(0,me.kt)("h3",{id:"lima-035-in-video---anders-matt"},"Lima (0:35 in video) - Anders, Matt"),(0,me.kt)("p",null,(0,me.kt)("a",{parentName:"p",href:"https://github.com/lima-vm/sshocker"},"Lima")),(0,me.kt)("p",null,"Podman machine is a way to launch virtual machines, mostly on OSX, to run Podman containers from. Issues with Volumes. Thinking about replacing the back end of podman machine with Lima."),(0,me.kt)("p",null,"Brent thinks it might not be a good match as there are some tech issues. For instance, he couldn't find anything related to ignition. It's a competing cloud-init tool and it doesn't play well with qemu. It also pulls in containerd code. The YAML support is tailored to containerd."),(0,me.kt)("p",null,"On the Lima project page, motivation is to promote containerd. Rancher has debranded and used Lima in the background on Mac. The big hurdle is ignition."),(0,me.kt)("p",null,"Benefits of Lima: Volumes and port forwarding. Possible to use the same solution without abandoning all of the drivers. We could potentially borrow solutions, as the backend is qemu for lima. Lima uses ssh for forwarding, so different solutions for the back end. Potentially could use Fedora in addition to CoreOS."),(0,me.kt)("p",null,"Currently, we can't use Fedora due to ignition. Cloud-init doesn't install there by default, but we could install it. Brent found it in Fedora 35, though, so it might not be there in prior versions."),(0,me.kt)("p",null,"Anders made some sample YAML files","*"," for Fedora 35. Lima works as podman machine does. The difference between Lima and podman machine now is volume support. Anders has a PR for providing sshfs volume support for podman machine."),(0,me.kt)("p",null,"*"," Examples for lima: ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/afbjorklund/fedora-lima"},"https://github.com/afbjorklund/fedora-lima")),(0,me.kt)("p",null,"To get parity with Lima/Docker in podman machine, we'd need to get Ander's ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/pull/12584"},"sshfs PR")," (and ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/pull/11454"},"virtfs PR"),") merged."),(0,me.kt)("p",null,"Dan likes the ssh solution. We might be able to do virtfs later."),(0,me.kt)("p",null,"Brent's concern with Lima is managing mounts as the containers go up and down. It might be problematic. The volume work for podman machine won't be able to use the current mount code, we need to do something in podman start."),(0,me.kt)("p",null,'We might get push back as this wouldn\'t be the Docker behavior. We are trying to make the volume handling on Mac to be as simple as possible for the end-user. Anders thinks we might be able to have an "advanced users" solution that would allow for configuration; otherwise, you\'d get a default "easy" setup. A number of possible solutions were bantered about.'),(0,me.kt)("p",null,"Big advantage, Lima can support all distros except CoreOS. Podman machine could theoretically do that via cloud-init, but an engineering effort."),(0,me.kt)("p",null,"Currently using qemu to launch machines, Lima is a layer on ssh. It is very similar to what docker machine was a while back. It doesn't support ignition. The upside is we could more easily run on Ubuntu and other distros. You might not be able to run the container on a variety of distros. Rancher nerdctl and Lima are both trying to get into this space."),(0,me.kt)("p",null,"We most likely could get volumes into podman machine than getting Lima into it. We could potentially wire Lima in later."),(0,me.kt)("p",null,"Scott talks about value creation. Would Rancher/Suse collaboration help? The other side is what the customer would get from using Lima vs. podman machine?"),(0,me.kt)("p",null,"Most of the solutions don't think sshfs is a good long-term solution but a stepping stone."),(0,me.kt)("p",null,"Dan is leaning towards doing what we're doing with sshfs. This will be at least the short term solution, will evaluate further for a longterm"),(0,me.kt)("h3",{id:"detect-default-network-backend-4040-in-video---paul-matt"},"Detect default network backend (40:40 in video) - Paul, Matt"),(0,me.kt)("p",null,"For Podman 4.0, how to detect default network backend (CNI or netavark)"),(0,me.kt)("p",null,(0,me.kt)("strong",{parentName:"p"},"Requirement:")," existing installs should continue to use CNI, new installs use netavark."),(0,me.kt)("p",null,"Working on netavark and want to install it, but with the current cni, it could cause breaking changes."),(0,me.kt)("p",null,"On the first startup, we could check for images and containers. If none, switch to netavark."),(0,me.kt)("p",null,"You can't use CNI and netavark in parallel, or things will go awry. For new or clean installs, it should be fine."),(0,me.kt)("p",null,"To switch, change the setting in network.conf to netavark. By default, it's an empty value."),(0,me.kt)("p",null,'Should we add a "nag" for people using CNI to bump up? Will we be getting bug reports on it? Matt thinks long-term, it would be good to support CNI. Matt would like to throw an error when trying to run IPv6 on CNI to let them know they\'re on netavark. We need to be careful not to overload the user with suggestions.'),(0,me.kt)("p",null,"We need to get documentation together telling folks how to convert from CNI to netavark. Probably will need some kind of reset procedure."),(0,me.kt)("h4",{id:"open-discussion--5010-in-video"},"Open discussion ( 50:10 in video)"),(0,me.kt)("p",null,"No further discussion"),(0,me.kt)("h3",{id:"next-meeting-thursday-january-20-2022-1100-am-edt-utc-5"},"Next Meeting: Thursday January 20, 2022 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h3",{id:"possible-topics"},"Possible Topics:"),(0,me.kt)("p",null,"None set."),(0,me.kt)("p",null,"Raw Meeting Chat:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"You11:00 AM\nhttps://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nYou11:03 AM\nPlease sign in: https://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nAditya Rajan11:13 AM\nhttps://github.com/qemu/qemu/blob/master/docs/specs/fw_cfg.txt\n-fw_cfg\nBrent Baude11:14 AM\n$ rpm -qa | grep cloud\nfedora-release-identity-cloud-35-33.noarch\nfedora-release-cloud-35-33.noarch\ncloud-init-20.4-7.fc35.noarch\ncloud-utils-growpart-0.31-9.fc35.noarch\nChristopher Evich11:16 AM\nya, I just double-checked too, my bad.\nAshley Cui11:20 AM\nhttps://github.com/containers/podman/pull/12584\nYou11:21 AM\nTY AC!\nAshley Cui11:21 AM\nand i guess this too: https://github.com/containers/podman/pull/11454\nValentin Rothberg11:24 AM\nbrb\nieq-pxhy-jbh\n")))}fa.isMDXComponent=!0;const ba={},va="Podman Community Meeting",Ma=[{value:"April 5, 2022 11:00 a.m. Eastern (UTC-5)",id:"april-5-2022-1100-am-eastern-utc-5",level:2},{value:"Attendees (17 total)",id:"attendees-17-total",level:3},{value:"Meeting Start: 11:02 a.m. EST",id:"meeting-start-1102-am-est",level:2},{value:"BlueJeans Recording",id:"bluejeans-recording",level:3},{value:"Docker Compose v2 and Podman v4.0.2 update",id:"docker-compose-v2-and-podman-v402-update",level:2},{value:"Matt Heon",id:"matt-heon",level:3},{value:"(1:39 in the video)",id:"139-in-the-video",level:4},{value:"Ubuntu 22.04 LTS and Stopping Kubic support",id:"ubuntu-2204-lts-and-stopping-kubic-support",level:2},{value:"Lokesh Mandvekar",id:"lokesh-mandvekar",level:3},{value:"(6:14 in the video)",id:"614-in-the-video",level:4},{value:"Podman Desktop Update",id:"podman-desktop-update",level:2},{value:"Ashley Cui",id:"ashley-cui",level:3},{value:"(14:30 in the video)",id:"1430-in-the-video",level:4},{value:"Podman Volume Mounts on Mac Demo",id:"podman-volume-mounts-on-mac-demo",level:2},{value:"Brent Baude",id:"brent-baude",level:3},{value:"(18:45 in the video)",id:"1845-in-the-video",level:4},{value:"Open Forum/Questions?",id:"open-forumquestions",level:2},{value:"(22:46 in the video)",id:"2246-in-the-video",level:4},{value:"Topics for Next Meeting",id:"topics-for-next-meeting",level:2},{value:"Next Meeting: Tuesday June 7, 2021, 11:00 a.m. Eastern (UTC-5)",id:"next-meeting-tuesday-june-7-2021-1100-am-eastern-utc-5",level:2},{value:"Next Cabal Meeting: Thursday April 21, 2021, 11:00 a.m. Eastern (UTC-5)",id:"next-cabal-meeting-thursday-april-21-2021-1100-am-eastern-utc-5",level:2},{value:"Meeting End: 11:27 a.m. Eastern (UTC-5)",id:"meeting-end-1127-am-eastern-utc-5",level:3},{value:"BlueJeans Chat copy/paste:",id:"bluejeans-chat-copypaste",level:2}],Aa={toc:Ma},Ia="wrapper";function Ta(e){let{components:t,...n}=e;return(0,me.kt)(Ia,(0,K.Z)({},Aa,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-meeting"},"Podman Community Meeting"),(0,me.kt)("h2",{id:"april-5-2022-1100-am-eastern-utc-5"},"April 5, 2022 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h3",{id:"attendees-17-total"},"Attendees (17 total)"),(0,me.kt)("p",null,"Tom Sweeney, Jhon Honce, Chris Evich, Matt Heon, Chris Evich, Ashley Cui, Eduardo Santiago, Valentin Rothberg, Paul Holzinger, Nalin Dahyabhai, Giuseppe Scrivano, Preethi Thomas, Lokesh Mandvekar, Niall Crowe"),(0,me.kt)("h2",{id:"meeting-start-1102-am-est"},"Meeting Start: 11:02 a.m. EST"),(0,me.kt)("h3",{id:"bluejeans-recording"},"BlueJeans ",(0,me.kt)("a",{parentName:"h3",href:"https://t.co/FUPhuBAE7l"},"Recording")),(0,me.kt)("h2",{id:"docker-compose-v2-and-podman-v402-update"},"Docker Compose v2 and Podman v4.0.2 update"),(0,me.kt)("h3",{id:"matt-heon"},"Matt Heon"),(0,me.kt)("h4",{id:"139-in-the-video"},"(1:39 in the video)"),(0,me.kt)("p",null,"Compose v2 just came out and will be supported in Podman v4.1 or higher. (Currently upstream). Matt shared ",(0,me.kt)("a",{parentName:"p",href:"https://asciinema.org/a/onBRxqPs9bpyvbbdeJOYXHvj5"},"Demo"),". It showed two running web servers that were brought up and then down. It was cleaned up as appropriately and Compose v2 is working rather well at this point."),(0,me.kt)("p",null,"Just released Podman 4.0.3, including a minor CVE fix. No plan for 4.0.4 yet, but we will likely go to 4.1 next. Also cutting a 3.4.5 for distributions that want to stay in Podman 3."),(0,me.kt)("h2",{id:"ubuntu-2204-lts-and-stopping-kubic-support"},"Ubuntu 22.04 LTS and Stopping Kubic support"),(0,me.kt)("h3",{id:"lokesh-mandvekar"},"Lokesh Mandvekar"),(0,me.kt)("h4",{id:"614-in-the-video"},"(6:14 in the video)"),(0,me.kt)("p",null,"First LTS release with Podman, Skopeo and Buildah in the default repositories. Podman 3.4. Buildah 1.23, and Skopeo 1.4."),(0,me.kt)("p",null,"If you're using packages from the Kubic repos, you should uninstall those before upgrading Ubuntu to 22.04 LTS and use packages from the default repositories going forward."),(0,me.kt)("p",null,"Announcement on podman.io: ",(0,me.kt)("a",{parentName:"p",href:"https://podman.io/blogs/2022/04/05/ubuntu-2204-lts-kubic.html"},"https://podman.io/blogs/2022/04/05/ubuntu-2204-lts-kubic.html")),(0,me.kt)("h2",{id:"podman-desktop-update"},"Podman Desktop Update"),(0,me.kt)("h3",{id:"ashley-cui"},"Ashley Cui"),(0,me.kt)("h4",{id:"1430-in-the-video"},"(14:30 in the video)"),(0,me.kt)("p",null,"Abandoned the UI built with swift for another UI. We're working with another group that is more web ui oriented."),(0,me.kt)("p",null,"Showed how to manage a podman machine in theory, but it is broken at the moment. You can create containers from a Dockerfile or a Containerfile or an image. Once created, the image shows in the GUI, then you can create the container from the image."),(0,me.kt)("p",null,"This GUI does a lot more than the previous. The old one worked with podman machines mostly, this one deals with images and containers too. The new GUI is also expandable, lots of work ongoing."),(0,me.kt)("p",null,"https://github/containers/Desktop is the project. Happy to have contributors."),(0,me.kt)("h2",{id:"podman-volume-mounts-on-mac-demo"},"Podman Volume Mounts on Mac Demo"),(0,me.kt)("h3",{id:"brent-baude"},"Brent Baude"),(0,me.kt)("h4",{id:"1845-in-the-video"},"(18:45 in the video)"),(0,me.kt)("p",null,"Demo"),(0,me.kt)("p",null,"Shows how to get a volume mount on a mac. He started a machine prior. The ",(0,me.kt)("inlineCode",{parentName:"p"},"-v")," option with the init command sets up the volume."),(0,me.kt)("p",null,"Many thanks to Anders Bj\xf6rklund for the work on the volumes on the mac."),(0,me.kt)("h2",{id:"open-forumquestions"},"Open Forum/Questions?"),(0,me.kt)("h4",{id:"2246-in-the-video"},"(22:46 in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"What happens with std out/in with journald? Logs, stderr and stdout in the journal? If you're running journald logging, the output doesn't get into the host journal. Could you volume map /dev/log into the container from the log to make sure it gets in the hosts journal. (10:54 in the video)")),(0,me.kt)("p",null,"Matt thinks systemd should be run into the container to help make that work. Valentin thinks you should see the output of journalctl. He's not sure if journalctl will do that by default. Further discussions to happen in Discord/IRC."),(0,me.kt)("ol",{start:2},(0,me.kt)("li",{parentName:"ol"},"Brent said that 4.1 should bring some notable enhancements including a ",(0,me.kt)("inlineCode",{parentName:"li"},"podman inspect")," command, liveness probes, and more.")),(0,me.kt)("h2",{id:"topics-for-next-meeting"},"Topics for Next Meeting"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Podman on Windows Demo/Update - Jason Green")),(0,me.kt)("h2",{id:"next-meeting-tuesday-june-7-2021-1100-am-eastern-utc-5"},"Next Meeting: Tuesday June 7, 2021, 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h2",{id:"next-cabal-meeting-thursday-april-21-2021-1100-am-eastern-utc-5"},"Next Cabal Meeting: Thursday April 21, 2021, 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h3",{id:"meeting-end-1127-am-eastern-utc-5"},"Meeting End: 11:27 a.m. Eastern (UTC-5)"),(0,me.kt)("h2",{id:"bluejeans-chat-copypaste"},"BlueJeans Chat copy/paste:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Me11:01 AM\nPlease Sign in at: https://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\nMatthew Heon11:04 AM\nhttps://asciinema.org/a/onBRxqPs9bpyvbbdeJOYXHvj5\nValentin Rothberg11:18 AM\n@Lance, can you run the following commands to test?\n1) podman run --name=test --replace ubi8 echo Hello World!\n2) journalctl --user -b CONTAINER_NAME=test\nAshley Cui11:21 AM\nhttps://github.com/containers/desktop\n")))}Ta.isMDXComponent=!0;const Sa={},Na="Podman Community Meeting",Ca=[{value:"August 2, 2022 11:00 a.m. Eastern (UTC-5)",id:"august-2-2022-1100-am-eastern-utc-5",level:2},{value:"Attendees ( total)",id:"attendees--total",level:3},{value:"Meeting Start: 11:02 a.m. EST",id:"meeting-start-1102-am-est",level:2},{value:"BlueJeans Recording",id:"bluejeans-recording",level:3},{value:"Fetchit Demo",id:"fetchit-demo",level:2},{value:"Sally O'Malley/Ryan Cook",id:"sally-omalleyryan-cook",level:3},{value:"(1:40 in the video)",id:"140-in-the-video",level:4},{value:"Moving pods and containers to Kubernetes cluster with 'podman kube apply'",id:"moving-pods-and-containers-to-kubernetes-cluster-with-podman-kube-apply",level:2},{value:"Urvashi Mohnani",id:"urvashi-mohnani",level:3},{value:"(27:38 in the video)",id:"2738-in-the-video",level:4},{value:"Podman Desktop Updates",id:"podman-desktop-updates",level:2},{value:"Florent Benoit & Stevan Le Meur",id:"florent-benoit--stevan-le-meur",level:3},{value:"(37:10 in the video)",id:"3710-in-the-video",level:4},{value:"Open Forum/Questions?",id:"open-forumquestions",level:2},{value:"(47:35 in the video)",id:"4735-in-the-video",level:4},{value:"Topics for Next Meeting",id:"topics-for-next-meeting",level:2},{value:"Next Meeting: Tuesday, October 4, 2022, 11:00 a.m. Eastern (UTC-4)",id:"next-meeting-tuesday-october-4-2022-1100-am-eastern-utc-4",level:2},{value:"Next Cabal Meeting: Thursday, September 15, 2022, 11:00 a.m. Eastern (UTC-4)",id:"next-cabal-meeting-thursday-september-15-2022-1100-am-eastern-utc-4",level:2},{value:"Meeting End: 11:54 a.m. Eastern (UTC-4)",id:"meeting-end-1154-am-eastern-utc-4",level:3},{value:"BlueJeans Chat copy/paste:",id:"bluejeans-chat-copypaste",level:2}],Pa={toc:Ca},xa="wrapper";function Da(e){let{components:t,...n}=e;return(0,me.kt)(xa,(0,K.Z)({},Pa,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-meeting"},"Podman Community Meeting"),(0,me.kt)("h2",{id:"august-2-2022-1100-am-eastern-utc-5"},"August 2, 2022 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h3",{id:"attendees--total"},"Attendees ( total)"),(0,me.kt)("p",null,"Tom Sweeney, Chris Evich, Ashley Cui, Valentin Rothberg, Paul Holzinger, Nalin Dahyabhai, Giuseppe Scrivano, Preethi Thomas, Lokesh Mandvekar, Niall Crowe, Charlie Doern, Dan Walsh, Jake Correnti, Aditya Rajan, Karthik Elango, Mark Russell, Miloslav Trmac, Stevan Le Meur, Sally O'Malley, Ryan Cook, Urvashi Mohnani, Mohan Boddu, Florent Benoit, Martin Jackson, Mohan Bodu, Stephen Adams, Joseph Sawaya"),(0,me.kt)("h2",{id:"meeting-start-1102-am-est"},"Meeting Start: 11:02 a.m. EST"),(0,me.kt)("h3",{id:"bluejeans-recording"},"BlueJeans ",(0,me.kt)("a",{parentName:"h3",href:"https://youtu.be/Ee-boJpjSvA"},"Recording")),(0,me.kt)("h2",{id:"fetchit-demo"},"Fetchit Demo"),(0,me.kt)("h3",{id:"sally-omalleyryan-cook"},"Sally O'Malley/Ryan Cook"),(0,me.kt)("h4",{id:"140-in-the-video"},"(1:40 in the video)"),(0,me.kt)("p",null,"(Slides)","[./Fetchit_demo.pdf]"),(0,me.kt)("p",null,"Fetchit allows managing container deployments at scale. The repo is ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/fetchit"},"here")),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"GitOps driven deployment"),(0,me.kt)("li",{parentName:"ul"},"Host interacts directly with Git rather than through an intermediary"),(0,me.kt)("li",{parentName:"ul"},"Podman Go bindings"),(0,me.kt)("li",{parentName:"ul"},"Not Kubernetes dependent"),(0,me.kt)("li",{parentName:"ul"},"Lift and shift hardware")),(0,me.kt)("p",null,"Podman's Go bindings helped a lot in creating containers and doing related operations."),(0,me.kt)("p",null,"How does Fetchit Happen?"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Pull in git/image assets"),(0,me.kt)("li",{parentName:"ul"},"Cron based scheduling"),(0,me.kt)("li",{parentName:"ul"},"Podman socket"),(0,me.kt)("li",{parentName:"ul"},"Dynamic reload of Fetchit configuration")),(0,me.kt)("p",null,"The Podman socket allows for either root or user access."),(0,me.kt)("p",null,"Fetchit helps to solve resource-constrained environments."),(0,me.kt)("p",null,"Fetchit runs in a Podman container, can run systemd, ansible, filetransfer, and other options."),(0,me.kt)("p",null,"Configuration reload allows to reload the configuration and uses Podman's prune command to clean up cruft."),(0,me.kt)("p",null,"What's next for Fetchit?"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"GitSign to verify commits"),(0,me.kt)("li",{parentName:"ul"},"Image verification cosign or similar solution"),(0,me.kt)("li",{parentName:"ul"},"Ansible-pull")),(0,me.kt)("p",null,"Dan noted that sigstore functionality will be baked into Podman v4.2 and Fetchit should be able to used it for signature verification."),(0,me.kt)("p",null,"Demos (12:40 in the video)"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Scale up"),(0,me.kt)("li",{parentName:"ul"},"Podman Kube + Clean up"),(0,me.kt)("li",{parentName:"ul"},"Podman systemd")),(0,me.kt)("p",null,"Showed the Fetchit config file, launched an RHEL 8 instance on Amazon, and kept it tiny. Added Podman install instructions and launched 10 instances at once. All systems up, and no touching necessary from Ryan. This runs the commands on each node, and they go to the git location to get their instructions."),(0,me.kt)("p",null,"Sally then demo'd running Fetchit as a user server as non-root. It showed the containers spinning up, doing their work, and then cleaning themselves up afterward."),(0,me.kt)("p",null,"The second demo is for the fetchit kube play method. It looks for a Yaml file in a Git repo, and Fetchit will grab them. It created containers and pods and started up Nginx. After prune runs, the images will be cleaned up."),(0,me.kt)("p",null,"They need to be careful to not reinvent Kubernets or Ansible."),(0,me.kt)("h2",{id:"moving-pods-and-containers-to-kubernetes-cluster-with-podman-kube-apply"},"Moving pods and containers to Kubernetes cluster with 'podman kube apply'"),(0,me.kt)("h3",{id:"urvashi-mohnani"},"Urvashi Mohnani"),(0,me.kt)("h4",{id:"2738-in-the-video"},"(27:38 in the video)"),(0,me.kt)("p",null,"New command ",(0,me.kt)("inlineCode",{parentName:"p"},"podman kube apply"),". Currently, there's a ",(0,me.kt)("inlineCode",{parentName:"p"},"podman kube generate")," command that lets you create your kube yaml based on your pods, containers, etc. The apply command enables you to deploy a kube yaml to a Kubernetes cluster when a kubeconfig file is given."),(0,me.kt)("p",null,"Urvashi then showed how it all worked in the demo."),(0,me.kt)("p",null,"Demo (28:20 in the video)"),(0,me.kt)("p",null,"Generated kube mypod and the did ",(0,me.kt)("inlineCode",{parentName:"p"},"podman kube apply")),(0,me.kt)("p",null,"Created a new namespace and generated a new service file and applied it. She then showed the services, and it showed the pod was created."),(0,me.kt)("p",null,"Kubeconfig file can hold info for multiple clusters."),(0,me.kt)("h2",{id:"podman-desktop-updates"},"Podman Desktop Updates"),(0,me.kt)("h3",{id:"florent-benoit--stevan-le-meur"},"Florent Benoit & Stevan Le Meur"),(0,me.kt)("h4",{id:"3710-in-the-video"},"(37:10 in the video)"),(0,me.kt)("p",null,"Podman Desktop latest new features:"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("p",{parentName:"li"},"Onboarding sequence (home page), detects if podman runs and ability to start it")),(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("p",{parentName:"li"},"Registry Support")),(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("p",{parentName:"li"},"Proxy configuration")),(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("p",{parentName:"li"},"Revamped UI for containers and images")),(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("p",{parentName:"li"},"Windows: Install of podman + Podman Desktop")),(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("p",{parentName:"li"},"Help page"),(0,me.kt)("p",{parentName:"li"},"0.0.6 will be released along with Podman 4.2\nDemo video: ",(0,me.kt)("a",{parentName:"p",href:"https://www.youtube.com/watch?v=br8b6DUHpD8"},"https://www.youtube.com/watch?v=br8b6DUHpD8")))),(0,me.kt)("p",null,"Demo (40:10 in the video)"),(0,me.kt)("p",null,"Early Adopter Program:\nAsking users to join the early adopter program, which is linked from the top of podman-desktop.io web page. Especially looking for users interesting into providing feedback and getting involved on shaping up the tool."),(0,me.kt)("p",null,"Links:"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"github.com/containers/podman-desktop"),(0,me.kt)("li",{parentName:"ul"},"podman-desktop.io")),(0,me.kt)("h2",{id:"open-forumquestions"},"Open Forum/Questions?"),(0,me.kt)("h4",{id:"4735-in-the-video"},"(47:35 in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Protections on prune in Fetchit? If you're worried about losing, you can run in an drun manually instead. The 'podman prune' does images not volume. Fetchit would only prune a volume if not images/containers used it."),(0,me.kt)("li",{parentName:"ol"},"4.2 rc3 going out soon, v4.2 on Fedora on Aug 15.")),(0,me.kt)("h2",{id:"topics-for-next-meeting"},"Topics for Next Meeting"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Podman on Mac installer.")),(0,me.kt)("h2",{id:"next-meeting-tuesday-october-4-2022-1100-am-eastern-utc-4"},"Next Meeting: Tuesday, October 4, 2022, 11:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h2",{id:"next-cabal-meeting-thursday-september-15-2022-1100-am-eastern-utc-4"},"Next Cabal Meeting: Thursday, September 15, 2022, 11:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h3",{id:"meeting-end-1154-am-eastern-utc-4"},"Meeting End: 11:54 a.m. Eastern (UTC-4)"),(0,me.kt)("h2",{id:"bluejeans-chat-copypaste"},"BlueJeans Chat copy/paste:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Me10:57 AM\nPlease sign in here: https://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\nMe11:00 AM\nPlease sign in here: https://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\nMe11:02 AM\nhttps://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\nValentin Rothberg11:02 AM\nGood to see you Sally and Ryan!\nMark Russell11:04 AM\nyay Fetchit!\nAdi11:19 AM\n@ryan: So cool. Is the process running cron which checks for consistency with repo running on each instance or just running on the controlling host ?\nDaniel (rhatdan) Walsh11:20 AM\nIt is running on each node. There is no controlling node, all nodes are going to git location and getting their instructions.\nRyan Cook11:24 AM\nDan nailed it. All nodes operate independently\nAdi11:26 AM\nAh i see nice !!! all nodes independent and git as single source of truth\nAdi11:30 AM\n@ryan: if kube is implemented is it under consideration to distribute replica of pods across nodes ? If yes I think a central API server would be needed\nSally O'Malley11:31 AM\nwe (fetchit) also closely watching this kube-apply - we'll be adding this function to fetchit - to combine w/ a minimal k8s env such as microshift\nMiloslav Trmac11:40 AM\nEither it\u2019s a personal cluster, in which case the user has a kubeconfig, or it is an enterprise shared one, in which case login can get complex (OpenID via a browser) and we probably don\u2019t want to deal with that.\nAdi11:41 AM\n@miloslav yes i meant the same\nPreethi Thomas11:47 AM\nlol\nAdi11:49 AM\n@miloslav: also if its prod or stage cluster the workload is directly moving from podman to cluster which might become issue\nRyan Cook11:54 AM\nthank you all!\nStevan Le Meur11:54 AM\nthanks all!\nFlorent Benoit11:55 AM\nthanks, bye\nMe11:55 AM\n")))}Da.isMDXComponent=!0;const Ba={},Ea="Podman Community Cabal Meeting Notes",Wa=[{value:"Jauary 19, 2023 11:00 a.m. Eastern",id:"jauary-19-2023-1100-am-eastern",level:2},{value:"January 19, 2023 Topics",id:"january-19-2023-topics",level:2},{value:"Meeting Notes",id:"meeting-notes",level:3},{value:"Podman v4.4 Update - (0:50 in the video) - Matt Heon",id:"podman-v44-update---050-in-the-video---matt-heon",level:3},{value:"Autoclosing issues in GitHub - (2:54 in the video) - Ed Santiago",id:"autoclosing-issues-in-github---254-in-the-video---ed-santiago",level:3},{value:"Time-to-merge-tool using AI - (26:12 in the video) - Aakanksha Duggal",id:"time-to-merge-tool-using-ai---2612-in-the-video---aakanksha-duggal",level:3},{value:"Open discussion (52:42 in the video)",id:"open-discussion-5242-in-the-video",level:4},{value:"Next Meeting: Thursday, February 16, 2023, 11:00 a.m. EDT (UTC-5)",id:"next-meeting-thursday-february-16-2023-1100-am-edt-utc-5",level:3},{value:"Possible Topics",id:"possible-topics",level:2},{value:"Next Community Meeting: Tuesday, February 7, 2023 11:00 a.m. EDT (UTC-5)",id:"next-community-meeting-tuesday-february-7-2023-1100-am-edt-utc-5",level:3},{value:"Possible Topics:",id:"possible-topics-1",level:3}],ja={toc:Wa},La="wrapper";function Ha(e){let{components:t,...a}=e;return(0,me.kt)(La,(0,K.Z)({},ja,a,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-cabal-meeting-notes"},"Podman Community Cabal Meeting Notes"),(0,me.kt)("p",null,"Attendees: Matt Heon, Dan Walsh, Nalin Dahyabhai, Paul Holzinger, Lokesh Mandvekar, Valentin Rothberg, Eduardo Santiago, Giuseppe Scrivano, Aditya Rajan, Preethi Thomas, Ashley Cui, Stevan Le Meur, Jeremy Buseman, Aakanksha Duggal, Brent Baude, Christopher Evich, Leon N, Thomas Gonzales, Urvashi Mohnani, Lance Lovette, Martin Jackson"),(0,me.kt)("h2",{id:"jauary-19-2023-1100-am-eastern"},"Jauary 19, 2023 11:00 a.m. Eastern"),(0,me.kt)("h2",{id:"january-19-2023-topics"},"January 19, 2023 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Podman v4.4 Update - Matt Heon")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Autoclosing issues - Ed Santiago\nA. ",(0,me.kt)("a",{parentName:"p",href:"https://issues.redhat.com/browse/RUN-1721"},"https://issues.redhat.com/browse/RUN-1721"))),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Time-to-merge-tool using AI - Aakanksha Duggal\nA. ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/redhat-et/time-to-merge-tool"},"website"),"\nB. contact : ",(0,me.kt)("a",{parentName:"p",href:"mailto:aduggal@redhat.com"},"aduggal@redhat.com")))),(0,me.kt)("h3",{id:"meeting-notes"},"Meeting Notes"),(0,me.kt)("p",null,"Video ",(0,me.kt)("a",{parentName:"p",href:"https://youtu.be/YCi6KuC9ESw"},"Recording")),(0,me.kt)("p",null,"Meeting start 11:02 a.m. Thursday, January 19, 2023"),(0,me.kt)("h3",{id:"podman-v44-update---050-in-the-video---matt-heon"},"Podman v4.4 Update - (0:50 in the video) - Matt Heon"),(0,me.kt)("p",null,"No release notes yet, working on them for the next RC. Podman v4.4 RC2 out recently, RC3 soon with release notes. Final a week or so later. It will include Quadlet support."),(0,me.kt)("h3",{id:"autoclosing-issues-in-github---254-in-the-video---ed-santiago"},"Autoclosing issues in GitHub - (2:54 in the video) - Ed Santiago"),(0,me.kt)("p",null,"Ed doesn't think we should be autoclosing issues with any of the tools. Ed proposes a possible jetsam tag which would be used to mark a potential issue to close. Issue noted ",(0,me.kt)("a",{parentName:"p",href:"https://issues.redhat.com/browse/RUN-1721"},"here"),' - "podman: spike create EOL policies for issues and PRs". Valentin concurs.'),(0,me.kt)("p",null,"If Dan sees an issue go stale after 30 days without any activity, he removes them. The ones that are getting removed are generally lower priority that the community hasn't picked up."),(0,me.kt)("p",null,"Ed is thinking about making a table to note inactive issues and wonders if it would be of help."),(0,me.kt)("p",null,"Dan thinks the table is good for features so that we can review those with a person before it gets closed."),(0,me.kt)("p",null,"Valentin thinks that, in general, humans should make the decision to close an issue, not a bot."),(0,me.kt)("p",null,"Not a lot of support for autoclosing, so Ed is abandoning the idea."),(0,me.kt)("p",null,"Paul and Brent would like to lock closed PRs or Issues after 30 days."),(0,me.kt)("p",null,"Chris said GitHub actions might be useable to resort issues into categories like look at this now. For instance this ",(0,me.kt)("a",{parentName:"p",href:"https://gist.github.com/rh-container-bot/f505b6fb78db279855862e035629f8aa#file-images-md"},"bot")),(0,me.kt)("p",null,"Paul is concerned about older versions of Podman that issues are getting reported against and the time necessary to do fix them."),(0,me.kt)("p",null,"Valentin wants to be careful with these and not just dismiss them as they might also be upstream."),(0,me.kt)("h3",{id:"time-to-merge-tool-using-ai---2612-in-the-video---aakanksha-duggal"},"Time-to-merge-tool using AI - (26:12 in the video) - Aakanksha Duggal"),(0,me.kt)("p",null,(0,me.kt)("a",{target:"_blank",href:n(7903).Z},"Slides"),"\n",(0,me.kt)("a",{parentName:"p",href:"https://github.com/redhat-et/time-to-merge-tool"},"Project on GitHub")),(0,me.kt)("p",null,"AI4CI - Open Source AIOps toolkit"),(0,me.kt)("p",null,"Lack of metrics for Open Source data."),(0,me.kt)("p",null,"The AI4CI supports CI/CD and software dev process"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Data Collection"),(0,me.kt)("li",{parentName:"ul"},"Metrics"),(0,me.kt)("li",{parentName:"ul"},"ML Services"),(0,me.kt)("li",{parentName:"ul"},"Open source AIOps template")),(0,me.kt)("p",null,"The tool measures the time to merge a PR into the GitHub Project. Can be used to id bottlenectks. Historical data of issues, commits and PRs."),(0,me.kt)("p",null,"It gives new contributors an estimate of how long a PR will take to go through the process.."),(0,me.kt)("p",null,"It Collects Data - Features - Model Building - Training Actions - Make predictions."),(0,me.kt)("p",null,"Gives project features."),(0,me.kt)("p",null,"Models service is done by GitHub actions."),(0,me.kt)("p",null,"The Workflow can be started two ways in training and inference mode."),(0,me.kt)("p",null,"It trains for each individual repository. Used currently by openshift, ansible, and others."),(0,me.kt)("p",null,"It requires an action.yaml file and a few other files."),(0,me.kt)("p",null,"Demo - (36:24 in the video)"),(0,me.kt)("p",null,"Aakanksh showed her repo and walked through the files that need to be put into place within the GitHub workflows."),(0,me.kt)("p",null,'Once setup, you can go to "Actions" and click on the training.'),(0,me.kt)("p",null,"There is also an ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/AICoE/elyra-aidevsecops-tutorial/issues/532#issuecomment-1347919300"},"autoclose")),(0,me.kt)("h4",{id:"open-discussion-5242-in-the-video"},"Open discussion (52:42 in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Podman v4.4 RC2 errors\nMartin Jackson noted an issue with CNI errors on Podman 4.4 RC2. ",(0,me.kt)("a",{parentName:"li",href:"https://bodhi.fedoraproject.org/updates/FEDORA-2023-a0f754c701"},"Issues"))),(0,me.kt)("h3",{id:"next-meeting-thursday-february-16-2023-1100-am-edt-utc-5"},"Next Meeting: Thursday, February 16, 2023, 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h2",{id:"possible-topics"},"Possible Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"None discussed.")),(0,me.kt)("h3",{id:"next-community-meeting-tuesday-february-7-2023-1100-am-edt-utc-5"},"Next Community Meeting: Tuesday, February 7, 2023 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h3",{id:"possible-topics-1"},"Possible Topics:"),(0,me.kt)("p",null,"Meeting finished 11:59 a.m."),(0,me.kt)("p",null,"Raw Meeting Chat:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"You11:00\u202fAM\nhttps://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nhttps://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nLokesh Mandvekar11:04\u202fAM\nv4.4.0-rc2 will be available in updates-testing soon https://bodhi.fedoraproject.org/updates/?packages=podman\nYou11:05\u202fAM\nhttps://issues.redhat.com/browse/RUN-1721\nMiloslav Trmac11:10\u202fAM\nI think it\u2019s fair to close stale issues on which we can take no action - bugs with information required to debug not provided, PRs (for features we don\u2019t otherwise care about) where the submitter has gone away.\nFor things that were determined to be real bugs or real features we might want, we just don\u2019t have capacity for, I can\u2019t see any benefit to closing them that couldn\u2019t just as well be obtained by sorting by recent updates, and ignoring the older ones.\nChristopher Evich11:22\u202fAM\ne.g. https://gist.github.com/rh-container-bot/f505b6fb78db279855862e035629f8aa#file-images-md\nChristopher Evich11:25\u202fAM\nmarkdown-table posted by 'exuanbo/actions-deploy-gist' github-action.\nMiloslav Trmac11:26\u202fAM\nIf we are overworked, one option is to just do less; another is to farm out some of the effort to other people. In that sense, asking reporters to reproduce on mainline might be a good tradeoff? OTOH it could very well cost us important bugs that would not reach us.\nBrent Baude11:27\u202fAM\nPaul is tugging on a good thread here ... can we get a separate cabal to talk about ubuntu?\nYou11:29\u202fAM\nAakanksha's project: https://github.com/redhat-et/time-to-merge-tool\nYou11:35\u202fAM\nI suspect Preethi is enthralled....\nYou11:42\u202fAM\nCan you ignore a particular user's PRs? I'm thinking dependabot/bot users who would potentially mess up the curve for most \"real\" people.\nYou11:51\u202fAM\nAakanksha, can you ping me by email so I can have you email address please?\nAakanksha Duggal11:52\u202fAM\nhttps://github.com/AICoE/elyra-aidevsecops-tutorial/issues/532#issuecomment-1347919300\nMiloslav Trmac11:54\u202fAM\nIs the ML model interpretable, i.e. can it give us insight into causes / correlations?\nAakanksha Duggal11:54\u202fAM\n@miloslav - not yet, but something we plan to look into.\nPreethi Thomas11:55\u202fAM\nThanks Aakansha for presenting\nLokesh Mandvekar11:56\u202fAM\nhttps://bodhi.fedoraproject.org/updates/FEDORA-2023-a0f754c701\nChristopher Evich11:57\u202fAM\nYa, thanks Aakansha, it's a really neat way to use AI/ML.\nAakanksha Duggal11:57\u202fAM\nThank you for having me. Please feel free to contact me if needed. :)\nieq-pxhy-jbh\n")))}Ha.isMDXComponent=!0;const Ra={},Ja="Podman Community Cabal Meeting Notes",Oa=[{value:"April 20, 2023 11:00 a.m. Eastern",id:"april-20-2023-1100-am-eastern",level:2},{value:"April 20, 2023 Topics",id:"april-20-2023-topics",level:2},{value:"Meeting Notes",id:"meeting-notes",level:3},{value:"Possible Podman 5 features (1:14 in the video) - Dan Walsh - 1",id:"possible-podman-5-features-114-in-the-video---dan-walsh---1",level:3},{value:"Bug Week (54:51 in the video) - Matt Heon",id:"bug-week-5451-in-the-video---matt-heon",level:3},{value:"Open discussion (49:00 in the video)",id:"open-discussion-4900-in-the-video",level:4},{value:"Next Meeting: Thursday, May 18, 2023, 11:00 a.m. EDT (UTC-5)",id:"next-meeting-thursday-may-18-2023-1100-am-edt-utc-5",level:3},{value:"Possible Topics",id:"possible-topics",level:2},{value:"Next Community Meeting: Tuesday, June 6, 2023, 11:00 a.m. EDT (UTC-5)",id:"next-community-meeting-tuesday-june-6-2023-1100-am-edt-utc-5",level:3},{value:"Possible Topics:",id:"possible-topics-1",level:3}],Fa={toc:Oa},Ga="wrapper";function Ua(e){let{components:t,...n}=e;return(0,me.kt)(Ga,(0,K.Z)({},Fa,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-cabal-meeting-notes"},"Podman Community Cabal Meeting Notes"),(0,me.kt)("p",null,"Attendees: Matt Heon, Paul Holzinger, Lokesh Mandvekar, Valentin Rothberg, Eduardo Santiago, Giuseppe Scrivano, Preethi Thomas, Ashley Cui, Brent Baude, Chris Evich, Urvashi Mohnani, Martin Jackson, Mohan Boddu, Dan Walsh, Anders Bjorklund, Shion Tanaka, Stevan Le Meur,"),(0,me.kt)("h2",{id:"april-20-2023-1100-am-eastern"},"April 20, 2023 11:00 a.m. Eastern"),(0,me.kt)("h2",{id:"april-20-2023-topics"},"April 20, 2023 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Possible Podman 5 features - Dan Walsh/All\n","*","SQLite"),(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"hyperV"),(0,me.kt)("li",{parentName:"ul"},"Mac Native Virt"),(0,me.kt)("li",{parentName:"ul"},"Drop CNI"),(0,me.kt)("li",{parentName:"ul"},"Drop Cgroup V1"),(0,me.kt)("li",{parentName:"ul"},"ZSTD By default"),(0,me.kt)("li",{parentName:"ul"},"podman build -> build farm support"),(0,me.kt)("li",{parentName:"ul"},'(refactor podman machine) <-- not "feature" but ...'),(0,me.kt)("li",{parentName:"ul"},"making manifest lists by default"),(0,me.kt)("li",{parentName:"ul"},"Use OCI images for podman machine",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"podman <-> podman machine versioning ..."))),(0,me.kt)("li",{parentName:"ul"},"assimilate podman machine services"))),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Bug week reminder/participation invitation - Matt Heon"))),(0,me.kt)("h3",{id:"meeting-notes"},"Meeting Notes"),(0,me.kt)("p",null,"Video ",(0,me.kt)("a",{parentName:"p",href:"https://youtu.be/_NnWUqyaBmw"},"Recording")),(0,me.kt)("p",null,"Meeting started at 11:02 a.m. Thursday, April 20, 2023"),(0,me.kt)("h3",{id:"possible-podman-5-features-114-in-the-video---dan-walsh---1"},"Possible Podman 5 features (1:14 in the video) - Dan Walsh - 1"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"SQLite - Works underway."),(0,me.kt)("li",{parentName:"ul"},'hyperV - Up for testing. Talk to Brent about the "decoder ring"'),(0,me.kt)("li",{parentName:"ul"},"Mac Native Virt - doing qemu not on Mac, Apple is making qemu less attractive for multi-arch, so we're looking at Mac native virtualization and working on it today, targeting Podman v4.6."),(0,me.kt)("li",{parentName:"ul"},"Drop CNI - Looking at dropping the CNI network. Currently, Netavark is the default for the latest. We are looking at dropping CNI as of RHEL 10. If we don't, then the RHEL team will need to support it for ten years or so from when RHEL 10 is released. Matt thinks the code cleanup is the most significant benefit."),(0,me.kt)("li",{parentName:"ul"},"Drop Cgroup V1 - Similar to dropping CNI and more important to Dan as systemd is about to drop support for cgroup v1. We are looking at Podman v5.0 for this too. We need to be sure that we don't mess up partners such as Ubuntu LTS. Another thing to watch for is Chromebook users use a Debian base, and that might be problematic too. Anders pointed out that his Ubuntu 22.04 has systemd/cgroups v2"),(0,me.kt)("li",{parentName:"ul"},"ZSTD By default - using the ZSTD compression algorithm instead of gzip. Older versions of Docker don't support ZSTD, so that's a bit of a concern. The thought is to let the user pick or push to versions of the image. A lot quicker downloads with ZSTD over gzip. A problem with pushing two images, people may have to pay for storing or pushing multiple images. The thought is to default to ZSTD and allow users to configure back to gzip in their containers.conf file. The compression happens only during push/pull. The format of the image on disk or in the registry remains the same. Brent would like to get buy-in from Quay, but they won't likely step up until we, or someone else, starts using ZSTD more frequently. The Moby shipped with Fedora now uses ZSTD."),(0,me.kt)("li",{parentName:"ul"},"podman build -> build farm support - Nalin is working on this to allow building of an image for multiple architectures. Nalin is making it a very easy to specify with podman build command line options. You wouldn't need to deal with manifests nor have any need to deal with a second VM running another architecture, it would just work. It will build natively, not in emulation mode. Under development at the moment."),(0,me.kt)("li",{parentName:"ul"},'(refactor podman machine) <-- not "feature" but ... - After the Apple hypervisor work is complete, some refactoring of the podman machine might be a good thing to do for speed. This might be done earlier than Podman v5. Dan also noted that we\'re thinking about moving podman machine to a separate repo. We might draw more interest in contributing if we did move it.'),(0,me.kt)("li",{parentName:"ul"},"making manifest lists by default - when you pull an image to a system, by default, you don't always get a list. If you have a multi-arch image, this can be a problem. Looking into being able to pull manifest lists down so multi-arch images could be better supported. The thinking is to turn this on by default in Podman v5 and then allow users to opt out of it. Matt is concerned that someone might get angry as manifest lists (JSON file) will show up that haven't been there before. Brent suggests we hide the lists as much as possible."),(0,me.kt)("li",{parentName:"ul"},"Use OCI images for podman machine"),(0,me.kt)("li",{parentName:"ul"},"podman <-> podman machine versioning ... This allows you to enforce that the version of the client dictates the version of the guest podman machine. That way you run only the version that is supported in your environment. This also helps the development team by not needing to supporting multi version combinations."),(0,me.kt)("li",{parentName:"ul"},"assimalate podman machine services - for running a podman machine depending on the hypervisor and the Operating System, it is required to have a number of services running due to a number of microservices. The talk is to move it all under one potentially."),(0,me.kt)("li",{parentName:"ul"},"Anders talked about some storage ideas (",(0,me.kt)("inlineCode",{parentName:"li"},"ipfs://"),") that had been kicked around in the past and is wondering if any work has gone on that. It would allow layers to be split across multiple files. This would be in c/storage. Matt thinks\n",(0,me.kt)("a",{parentName:"li",href:"https://archive.fosdem.org/2022/schedule/event/container_ipfs_image/"},"https://archive.fosdem.org/2022/schedule/event/container_ipfs_image/"))),(0,me.kt)("h3",{id:"bug-week-5451-in-the-video---matt-heon"},"Bug Week (54:51 in the video) - Matt Heon"),(0,me.kt)("p",null,"Podman/Buildah teams are doing a bug fix week next week. We're encouraging people to help or point out bugs important to you. Then stability releases after that. So afterward, we'd be at Podman v4.5.1."),(0,me.kt)("h4",{id:"open-discussion-4900-in-the-video"},"Open discussion (49:00 in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Martin was asking about Quadlet and was it going from tech preview to fully supported. Martin uses Quadlet and is really liking it. He thinks it's one of the best features in Podman. Dan noted we've gotten a lot of nice feedback, but now we need to get the word out. As we move to edge devices, Quadlet will be more critical."),(0,me.kt)("li",{parentName:"ol"},"Dan talked about Valentin's thought to never break on upgrade to a new version. For Dan it's more about pushing the envelope, otherwise you get old code. Dan has broken things in the past to secure code. Dan believes both viewpoints are valid. Matt suggests that we might support a v4.0 Podman for a while longer, but that would only have bug fixes, not new enhancements.")),(0,me.kt)("h3",{id:"next-meeting-thursday-may-18-2023-1100-am-edt-utc-5"},"Next Meeting: Thursday, May 18, 2023, 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h2",{id:"possible-topics"},"Possible Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"containersh - Dan Walsh"),(0,me.kt)("li",{parentName:"ol"},"Storage - allow layers to be split across multiple files. - Anders Bjorklund")),(0,me.kt)("h3",{id:"next-community-meeting-tuesday-june-6-2023-1100-am-edt-utc-5"},"Next Community Meeting: Tuesday, June 6, 2023, 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h3",{id:"possible-topics-1"},"Possible Topics:"),(0,me.kt)("p",null,"None Discussed"),(0,me.kt)("p",null,"Meeting finished 11:58 a.m."),(0,me.kt)("p",null,"Raw Meeting Chat:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"You11:02\u202fAM\nhttps://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nYou11:05\u202fAM\nPlease sign in or add to the meeting notes: https://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nAnders F Bj\xf6rklund11:17\u202fAM\nmy Ubuntu 22.04 has systemd/cgroups v2\nBrent Baude11:22\u202fAM\nty Anders\nBrent Baude11:51\u202fAM\ni need to drop as well\nAnders F Bj\xf6rklund11:51\u202fAM\nhttps://archive.fosdem.org/2022/schedule/event/container_ipfs_image/\nieq-pxhy-jbh\n\n")),(0,me.kt)("p",null,"Raw Transcript"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"ieq-pxhy-jbh (2023-04-20 17:03 GMT+2) - Transcript\nAttendees\nAnders F Bj\xf6rklund, Ashley Cui, Brent Baude, Christopher Evich, Daniel Walsh, Ed Santiago Munoz, Lokesh Mandvekar, Martin Jackson, Matt Heon, Mohan Boddu, Paul Holzinger, Preethi Thomas, Shion Tanaka, Stevan Le Meur, Tom Sweeney, Tom Sweeney's Presentation, Valentin Rothberg\nTranscript\nThis editable transcript was computer generated and might contain errors. People can also change the text after it was created.\nTom Sweeney: Have and there it is. Welcome everybody. This is April 20th 2023. This is the Podman Community cabal meeting for this meeting. We usually talk about design issues or thoughts for Pod, man. And today we have a good slate of stuff for Pod Man, 50 features, which is coming up. Container essay, and then also talk about Bug Week. So We have a hack MD going, I've put a link into the comments here for Google meet. Please go ahead and add your comments since there is we go along or if I'm going to try and take notes and if I mess up, please go ahead and correct me or add links as appropriate. So giving all that I have Dan walshill first with possible pod, man, 5 features and\nDaniel Walsh: Okay, can you put up the\nDaniel Walsh: You put up the feet, the slide or\u2026\nTom Sweeney: Yeah.\nDaniel Walsh: whatever. thing, everybody slides, shining it shining into\nDaniel Walsh: Okay. so, I view Major releases in two ways, and balance is going to be pushing back on this. So it could get entertainment entertaining a little bit. I view a major release as being A milestone of marketing more than just being, you know, having it like In the real world when relate. Well, nine well-10 comes out. It's not only a chance to say we have new functionality but it's also a chance for marketing. You know, isn't it great that we move this far ahead? So I'd like to, you know, over the years when we had different versions of Pod Man, Come Out. It was not only we didn't do it just for breaking changes but we also did it so much from marketing. So I think with podman 2 came out, we added\nDaniel Walsh: We moved. I think we that was the first time we added in the new API and FOD, Man, 3 came out. We added appointment, three came out, we had a new API and pod, man. 4 came out, We added, You know, some of the pipe, my machine functionality and other things like that. So when we look at now, it's been well. This is probably planned for the end of the year early next year. So it's gonna be two years since Pod, Man Full came out at that point. So the question I have is what, what did the long-range things that we'd like to see in a marketing event for five man. Five on a second thing is, is when we come up with the major release, it gives us a chance to change the defaults in such a way that potentially, they could break break people. And obviously that's something that we want to avoid.\nDaniel Walsh: If at all possible but sometimes it's it's necessary in order to move forward. So things I threw down for ideas for podman 5 and again, these don't have to wait for apartment five. They're just major things that are going on in the Pod, Man world right now.\nDaniel Walsh: That I I see moving forward and I just threw down a few ideas right now this for those. That don't know, there is a pod man, internal database right now is based on multi B and it's felt by the maintainers of the database that it was important to force to support ability. We saw a lot of corruptions happening and multi B and we felt that the upstream for both DB was not as responsive or not as active as we'd like. And so we wanted to switch to something a little more stable which was ask you a light. And so that's actually in Part-man 405 right now, you can actually test With.\nDaniel Walsh: SQLite. But I'm at apartment 5, we'd switch. The default to SQL Light. Obviously upgrades would continue in both DB, but if you did a restart reset, then you switched SQLite There's also a big effort for the lots and lots of uses on Windows cannot support.\nDaniel Walsh: Wsl. Usually it's something inside the company that says, they don't like wsl or whatever reason it is and they've asked us to support five main machine for Native virtualization. So on Windows, the first version of that is going to be Hyper-V, which is being heavily worked on right now. When Brent is there? Is that available at all right? Now for testing\n00:05:00\nBrent Baude: It's actually done.\nBrent Baude: There's some official stuff that needs to go into fossa and ignition. But and some nits to smooth over in podman. but, Yeah, you just need the secret decoder ring. For me to get the image.\nDaniel Walsh: Yeah. And I don't I mean again this you know probably obviously is going to come out probably in four six might be you know just you won't need the Dakota ring to turn it on at that point or but it's it's something that we want to again market that we have new architecture. Just are not new virtualization support.\nBrent Baude: Yep.\nDaniel Walsh: Secondarily to that is on the max right now. We support qemu for running our podman machines. And there's been a lot of requests for sporting that native virtualization. Mac apples actually, making it much more attractive or\nDaniel Walsh: Making c** you much less attractive as a solution based on some of this stuff they're doing for support of multi-atch building. So that's sort of driving us towards native virtualization Plus, we believe that we can get better performance by using Verdeo of SD instead of playing nine for volume mounting into the containers. This is something the darker currently supports. So we will be doing some time in the next six months or so we moving, or adding support for native Mac. Virtualization anything you want to say on that Brent.\nBrent Baude: Started working on it today, hope to have it done for four six.\nDaniel Walsh: Okay. The next one is, now we start to get into system controvers. So, not only three above would necessarily be breaking changes.\nDaniel Walsh: The next one would be potentially more controversial, which would be to drop CNI support right now. We if you run containers, With pod man. The default that you get on a fresh installed pod, man is neta back for networking stack. We currently also continue to support CNI, but the idea would be, Can we get rid of the CNI code? Can we get rid of the support headache of CNI? And really, this to me, is more guided towards a real 10 type release thing and that\nDaniel Walsh: when we sign up for new version of podman releases on a particular rail, we're signing up for 10 years of support. So the question is, Do we want to support? CNI 12 years from now on top of Pod, Man. Now, obviously, we can never break. We can't break REL support on Level Eight Row 9. So CNI support. But can we start to get rid of it by default? and I think that, Mainly for people on here that ends up being somewhat of a time sink. For a matte and Paul.\nDaniel Walsh: Hopefully would start to disappear as we move forward and more people use it, but it would clean up the code base to get rid of C and I altogether out of it. Any comments by Matt Paul on that.\nDaniel Walsh: Yeah, I mean the one benefit also of saying we're dropping CNI is that it can convince people to switch over to Netovac easier than feeling like they're gonna get it supported for? Forever.\nMartin Jackson: That.\nMartin Jackson: There.\nDaniel Walsh: The next one is also similar and probably more to me, more important. Is that we right now, I believe system D is about to drop support for C groups, V1, Um, so that I think, I don't know if it's Fedora 38, if there are 39 is no longer going to support sea Groups, B to be one. So can we start to look at dropping support for cigarettes for you, one for our tool chain. So I think the primary tool there would be like Seron and run c start to think about it as well as I'm not sure how much We do in Pod man for that, but it's probably they're certain flags. That would have to be start to be removed since then. All I can make sense in the cedar must be two worlds. Um, and again, I think that's just for long range support. right now, from a rel,\n00:10:00\nDaniel Walsh: point of view around 9:00 defaults to see groups V2 relate on the single three one but rallied is going into\nDaniel Walsh: Support mode. I think, either, I think in either the next release of the one after is going to be in full support mode so that We shouldn't be. Adding new features to see them to be one or in that dying out. Anybody want to comment on that?\nBrent Baude: I do proposed timing. of the podman 5, I think would have A big influence on that particular topic. I actually really like this idea.\nBrent Baude: There's some distribution benefits to this.\nBrent Baude: But I think one of the things we'll have to do is if we did it today, we'd be cutting off. The two lts's of Ubuntu, right? Is that correct? Is a mantu gone to see groups, we too. They might happen to know.\nChristopher Evich: I think the latest one is.\nAnders F Bj\xf6rklund: I think 22.\nBrent Baude: Okay. Yeah, so it's just something to contemplate as Who we lose? If we do that and but otherwise, I'm completely comfortable with this.\nChristopher Evich: But the old ubuntu's, the old lts a bunches, they just won't update. Right. They they're going to just keep running the older apartment. Should.\nBrent Baude: Yeah, it was sort being unaware that their V2 now so is our V2 lts.\nValentin Rothberg: No.\nBrent Baude: That's what we need.\nValentin Rothberg: I also think that who's is using V1 still. So, if we Cut, or if we would drop.\nDaniel Walsh: Christopher.\nMartin Jackson: A lot of Chromebook users are on old Debians\u2026\nBrent Baude: So, maybe\nMartin Jackson: because of the Chromebook Chromebook default virtualization scheme and I think they might be stuck to.\nBrent Baude: So, Dan sounds like, maybe we need to Kind of understand what everyone else is V2 plans. Sort of look like But again. we could theoretically, just Do it and\nBrent Baude: deal with the consequences.\nDaniel Walsh: Yeah.\nPaul Holzinger: I one question.\nDaniel Walsh: so,\nPaul Holzinger: how much C group code is actually important because isn't most of it done by the runtimes,\nMatt Heon: There's a fair bit of complexity involved in how we do system unit container and how we do the Pod C groups in particular Pod, resource limits involve a fair bit of, super one for C2 last, I checked those would be the big ones. I would say. It's not a huge amount of code, but it is, it is some of the most complicated code. If you've ever seen the code to set up our potsy groups, It's a horrifying massive. If statements\nDaniel Walsh: Yeah.\nBrent Baude: I like the idea. I'd sure like to keep kicking it around.\nDaniel Walsh: So the next one will get even more controversial, which is so we've been kicking around this idea of moving away from Jesus image format. to Zstd both have been supported for several years and\nMartin Jackson: it's\nDaniel Walsh: The spec. but, Docker did not release for over three years. So, Giuseppe had a pull request into Docker. Back in 2002 and that finally got merged and they released a version with it. In March. so, they had him released from March of twenty two, thousands of my 2023. The.\n00:15:00\nDaniel Walsh: We have women kicking around the idea of supporting what we've currently support both zsdd. And Jesus format for images. And it's been supported for many years. In Container D, Cryo and the rest of the world other than darker, And it's been in pod man. For I think every version of pod man, all the way back to one dot six. Maybe not 106. So which is or else seven?\nDaniel Walsh: The problem is that no one creates images with this format because Of Docker, not being able to support the older versions of darker, not being able to support it. we have ideas about potentially, Allowing you users to Check Pick which format they want to basically in containers duck off, pick which formats, that they want to push images to container registry with, and the options would be zstd gzip or a combination of both. So they could basically have but use it within have to pay the price of Pushing two versions of images to container registries and container registries, that would have to store.\nDaniel Walsh: Two versions of the same image. One compressed with each one of them and pod, man, and tools, based on Containers image would be smart enough to pick out the zestd one. If it existed. So, the benefits of their cost and benefits. And we stick with Gzip, we're stuck with the same format that we've been using for years, but old dark versions of darker support it And they can continue to use it. If we force everybody to go to Zstd then old versions of dark are don't support it but everybody in\nDaniel Walsh: The new versions of Pod Man. Not new versions of darker and all versions of our tool change. Get the benefits of better, better compression Quicker downloads in the case of Pod Man and Cryo and those tools they get you weight Grow quicker downloads since it's the pulling down individual files instead of entire images just a different false at a difference. The third option that combination of both has the Problem of you would have to if you're paying for the bandwidth of pushing images that you'd have to pay for additionals, content being pushed, as well as if you're paying for the cost of storing of images. Then you have to pay for both and we potentially could hear bad things from container. Registries who don't want, you know, who are paying the content paying to store both types of content. So,\nDaniel Walsh: the my proposal for Ralph's, for\nDaniel Walsh: Five would be to, we just switch the default to ZSTD thinking that to be a large enough install base of of dockers out there at that point and for people who don't want to use it, they could just simply change the containers that cost to point to Jesus want to to do both. And, but my fear is that we don't do this then. When Pod Man 6 comes up three years from now we're still going to be having this this debate. So you know can we push this forward?\nMatt Heon: I think risk here is a lot lower than the CNI. And what do you call it secrets? We want stuff because we're not dropping code.\nDaniel Walsh: Yeah. Also distributions can, if distributors want to ship a Canadian stock off, that stays the Gzip, then they have the full ability to do it, This just questioning what should be the default format? We go forward with at that point.\nDaniel Walsh: Any other comments?\nBrent Baude: Yeah. How does it? How does it work? In terms of you, you mentioned push but in terms of run or other actions, if, if the STD is the default, Are we saying, can you have a local container storage that has both formats?\nDaniel Walsh: So it's only I'm push and pull. So when it, when it gets put on to your desk, you don't have the format any longer. The big think of this is more pushing and\u2026\nBrent Baude: Okay.\nDaniel Walsh: this is the problem is if you've tried to pull one these images with an older version of Docker, you will fail. It'll come back with that saying,\u2026\n00:20:00\nBrent Baude: Okay, but\nDaniel Walsh: unsupported format.\nBrent Baude: But I think what you're saying is, there's, you know, both formats would still be perfectly usable. It's just be a swap.\nDaniel Walsh: Yes. Which means\u2026\nBrent Baude: So if container registries didn't\nDaniel Walsh: if I meant stats to push images, that can't be used by older versions of darker. That's that's with the dot, that's where we're gonna get. We're gonna get paid as being anti-unity or anti You know. Oci or something at that point.\nBrent Baude: So, I I would, I would be in favor of this. The one thing I would want some sort of commitment from Let's say somebody like Cui. That they would be there be a way to build. Zstd. On their end.\nBrent Baude: because, A lot of us. Use. Combinations of GITHUB and CUI. And auto building.\nDaniel Walsh: Yeah.\nBrent Baude: and one one, like one image, I can think of in particular is Fedora chorus has a\nBrent Baude: They have a image they use for building for coros. And that image is updated weekly. And it's four and a half gig. But I believe it's built, you know, hands off. So it'd be one of those. One of my questions would be If we if we switch, that would be, this would be more effective if if more people could take advantage of it,\nDaniel Walsh: Yeah, but to me to me that's this is where the check of the egg situation is sort of like the old before we force sea groups, V2. Like Oh no. One support secretly too. Why don't they support it? Because no one uses secret too. So, until we start pushing zsdd images. if you went to Cui and said, You know, will you build with CSD? They're like, well, no one uses the STD so it's sort of\nDaniel Walsh: yeah.\nValentin Rothberg: The problem with cstd is that it's in contrast to see Group C group. You fail immediately on the client. So the users. While with Csdd, it may be a silent change entirely transparent to the user. But when they pushed their images, some of their clients may break because they're still using older. so the let's say, The the error multiplication happens, much further. And much more transitively than for secret security.\nDaniel Walsh: Right.\nDaniel Walsh: Yeah. And I guess so that to follow, I mean, I would argue that we are We did this. When we started supporting OCI because older versions of darker, at the time didn't support OCI images. But at that time, Paul Man was brand new so it wasn't I guess people who would expect it to, Potentially cause more breakage than it would now.\nValentin Rothberg: But also, any any breakage can be negative marketing as well. As much as any major major version. I personally perceive major version bumps as all yet, another breaking change.\nDaniel Walsh: So we can't we can hold off on that one that argument to the end. Since that's the\nDaniel Walsh: I don't see that. I mean potentially we push both but then we're gonna get bad news, you know, by the fall but then we get bad. Press from people saying we're using up twice as much bandwidth twice, as much storage.\nDaniel Walsh: But maybe that's the value one but I don't think it valid one is. Oh, we'll just wait, Yes more before. Does anybody ever use a zdd because You know, at some point in the future, there's gonna be enough docker clients out there that Supporting an old ones and\u2026\nValentin Rothberg: Like, I think it should be a\nDaniel Walsh: I could hear you autos Old Ubuntu is an old. rails and all, well must bad shape, but\nAnders F Bj\xf6rklund: but I think,\nValentin Rothberg: I think it should be stepwise migration where, you know, since it's a containers, conflict can be configurable. So Fedora can go first and just Change the standard compression in only in Fedora to see standard without this being built-in, default, setting for Portman, which would then affect all other distributions as well. so, I think that there are ways to, you know, increase, The usage and\u2026\n00:25:00\nDaniel Walsh: Yeah.\nValentin Rothberg: the user-based step by step and not use the big hammer and switch or try to switch everybody at the same time. I think in Fedora, you know, this is probably at least in this immediate community an easier. Test that\nDaniel Walsh: It and in the movie that she and the Moby that ship by Fedora supports the format. So it's not if you live in a fedora pure environment, you're not going to be bit by this.\nDaniel Walsh: So I could go along with that. Just doing his containers.com and leave the standard. Leave it to fall to the STD for built into package, config into common. Yeah.\nBrent Baude: Yeah.\nDaniel Walsh: Okay.\nDaniel Walsh: I guess. Those that on the call right now, the next one is the concept of the build farm. And nalin. Did a demo of this? I don't know if that was an internal or external. a few weeks ago, the basic idea is as We're hearing more and more people who want to build. Images for multiple formats. So from multiple architectures, And a lot of people, it's a fairly complex. Tooling of fairly complex effort to build image for multiple architectures, especially if you're not building them with some kind of emulation mode. Um, So the the basic idea would be say you're on a Mac. You're saying, I'm too Mac and you're building.\nDaniel Walsh: I'm chips based images and then you want to build x86 image and you want to push both of those to a registry so that you create a new full buyer image and it's too architectures. While doing that is fairly complex and what? Nowlin is demonstrated with the tool. He called Build Farm was the ability to Do that automatically taking advantage of.\nDaniel Walsh: Connections. So now on you on the call,\nDaniel Walsh: Put you on the spot.\nTom Sweeney: Nobody's no way on pidgeot today.\nDaniel Walsh: That one's away on Pto. Okay? So the the basic idea would be to to you do a pod man. Build - platform equals am AMD, 64 comma. I'm calm or power and what would happen is odd, Man. Built Odd, Man client would look through its connection database to see if it has connections to the different architectures and then would launch the bills on the different architectures. So say you had set up three ssh connections to build service to be able to perform the builds on a remote system. Then it would pull the images back to the local system create a manifest list and actually assembly entire image and push it out to a registry. So it wouldn't be you wouldn't have to deal with manifest. You wouldn't have to deal with\nDaniel Walsh: Any any special needs for running multiple, you're sitting on a Mac and two and you had two VMs running two podium machines running one for X86 and one for on then if you build with a - platform I'm an x86 they would go out and to the two different VMs on the local Mac and would build the images and then reassemble them back on the default one and then push that to a registry. So that's what we're looking at for podman, builds farm support. And again, it's not looking at emulation mode. This is looking to build natively or On a native VM running an emulation mode, but as opposed then other basically allowing us to fully assemble those on it.\nDaniel Walsh: Any questions on that?\nAnders F Bj\xf6rklund: and I think that Bill Kit is doing this and I think the killer feature for Kubernetes was Windows containers, being able to build those remotely Because most of the Linux ones could be cross-compiled but not windows.\nDaniel Walsh: The problem across compilation, is, as well as twofold one, it's low, and it's potentially very buggy. I know that in the real world, Well, if you refuses to support cross compilation because it's just not this exact same as native. Now, certain architects, if you're building golang code, it's not as big a problem, but if you're building standard seat code, just to see libraries, I just felt to be way too risky to to support cross country.\n00:30:00\nAnders F Bj\xf6rklund: no, the equipment, this one was gold coat and I mean, and also You couldn't do workarounds if there was some across compilation issues but it's still a good feature. Of course, to be able to have remote bare metal, builders for performance reasons.\nDaniel Walsh: Yeah, yeah. And I'm like having what we're looking at here, Actually more of the client driven solution, then the server driven solutions so that you would just have to set up two two and more connection databases to different architectures and either run that VMs locally or remotely. It's just taking advantage of what basically what Pod man remote currently does to assemble these? I think build kid is more on the service side, so you'd have to have, you know, rely on a server. Being set up to do the multiatch builds. Um so anyways it's something that we'd like to get to match the functionality. That's in build kit now but take advantage of what we have with. Basically, the connection database empowerment.\nDaniel Walsh: So the next one, someone else put in.\nBrent Baude: Yeah, I can do that final comment.\nDaniel Walsh: So I'm gonna let that Yeah, you run the bathroom. All right, I'll be back.\nBrent Baude: Yep, final comment on the bit on that build farm though is I think there's a I've no objection with the feature. That's it's a good feature. I think also though there's A a couple of nuggets of gold on the topic of Cross architecture. Period. Throughout Potman.\nAnders F Bj\xf6rklund: and I think also now that build decks gone default that has kind of upped the competition if you\nBrent Baude: Yeah. So as I think about Batman Moore as a whole, I think there are several areas where architecture plays a role and\nBrent Baude: but, Starting with. My gripe about being able to pull the wrong architecture. And attempt to execute it.\nAnders F Bj\xf6rklund: It. Yeah but I mean there are some nice things like being able to use Kubernetes pod builders and stuff like that, that this could be a nice features to have also important.\nAnders F Bj\xf6rklund: I mean, with, with a root, let's capabilities and everything. You have a You have a whole dockering doctor, a customer to migrate. I think the life. Of course.\nBrent Baude: Indeed. Okay, so Timewise here. I'll try to be efficient. the first one was,\nBrent Baude: After that, apple hypervisor stuff is done.\nBrent Baude: Someone probably not me needs to sit down. and contemplate a refactoring of machine code, there's Plenty of duplication that can be removed. I think there's there's a couple of changes in how we do things that could be. Implemented such as factory or build type patterns.\nBrent Baude: And things along those lines. Again, that's not really a feature, it's not something that users would know about. So it could be It could be set as a goal for V5. Or it could just be done in four dot whatever. And no one be the wiser.\nDaniel Walsh: Fall. Yeah, On similar we have discussed potentially moving part man. Machine out of podman into it, separate repository whether we want to or not people are using pottery machine for uses other than just pod man. and so, it potentially could get if we moved it to a separate repo, then potentially you get more people to coming work on it as a separate project. So there are, there are thoughts going around that.\nBrent Baude: Agreed. I've been sort of asking questions around the team as many of them all know as to whether we should start. Making manifest lists more, integral to podman. So to me that's an open question. But but Dan wanted? wanted edge, sort of ideas that You know, are gonna push things a little bit and This might be one of those again, it involves. some compatibility issues as well as registry things, but I wonder if it's something we should start doing.\n00:35:00\nDaniel Walsh: Yep, for those that don't know when you pull an image right now. To a system by default. We don't have a minute. We don't necessarily pull down and manifest list with the difference between an image in a manifest list. Is that If you have a multi-atch image then you have a manifest list of defines the different arches that are in the image by default. Right? Now a very common era that we hit is people pull down a different architectures image. That becomes a default image and then if you go to run at image layer, say, Pull down Alpine for For arm and you're an x86-64. Now you go run the command. Just do a pod Man. Run commander later and you think that you're gonna re-pull a\nDaniel Walsh: X86 image and run that no you end up running the command on top of the image that you pull down. If we had a manifest list, then we could change the behavior so that if you did Pull an image for different architecture. You would get put into the manifest list, if you rent to run it and we could run the native, We pull the native one down or just have the native one available so moving to a manifest list by default again.\nDaniel Walsh: Because the world's moved pretty much when darker happened and over the last first, say eight years of container worlds. It was one architecture x86 with, you know, a tiny bit of different architectures in the world and I think over the because of what Apple has done and the rise of arm. Now we're seeing that there's two architectures out there you know better and you know if risky happens or there could be three architectures and so suddenly we'll work living in a world with Supporting multi arch should be the default as opposed to this one often. And that's what that's why I would like to see us move to manifest list as by default.\nBrent Baude: I think the last time that we talked about this, we sort of came to the conclusion that what we'd be talking about here is in rather than an opt-in. This would be an opt out. So that would be the big change is that we would just turn it on. And allow users to opt out of it. As a way to start. Getting people to use it. Kind of like SC Linux.\nBrent Baude: Anything anyone want to comment on this one or honesty, Linux?\nMatt Heon: How seriously is this going to Sorry?\nPaul Holzinger: I can.\nMatt Heon: Go go Ed.\nPaul Holzinger: No, I, I totally support the idea of having manifests because I never understood the current behavior that you just used to take from your native image and then all of the sudden, it's Like no use, I can understand what's happening here. So I I think that that makes much more sense.\nBrent Baude: I don't think they need to understand it either or should have to\nPaul Holzinger: It right, right? That's the thing. Like the current behavior never made sense to me. So,\nBrent Baude: Go ahead, Matt.\nMatt Heon: How seriously is this going to affect? Like I don't think we can change the way. Say Odd man Inspects works on images. Is this going to seriously affect my workflow? If I'm used to only using podman and spec podman history, all the image specific commands. My concern would be that suddenly I start getting different output because it's a manifest list, not an image and\nDaniel Walsh: I think it would just default to the unaid about this would allow us, I believe to always default to the native arch. So if you do a pod,\u2026\nBrent Baude: Correct.\nDaniel Walsh: man, if you do a pod man pulled - platform equals, And then you do a pod, man. Inspect Image. Without the dash dash equals it. You'd get the native format one as opposed to the one.\nMatt Heon: Okay. Yeah.\nDaniel Walsh: That's the goal and\u2026\nMatt Heon: I'm sure.\nDaniel Walsh: I'm making up since we haven't done this and I haven't experimented with it but that was that's the goal.\nBrent Baude: These are just ideas.\nMatt Heon: We're going to blow something up. We're going to make someone very angry because all of a sudden, they're making manifest list that they didn't know even were a thing. But I don't, I agree.\nDaniel Walsh: Yeah. Commitment.\nMatt Heon: That's a good idea and I don't think we can avoid us.\nBrent Baude: What did you say? We're gonna make users, make manifest lists.\n00:40:00\nDaniel Walsh: Right.\nDaniel Walsh: Those that don't know on this call, manufactless is just a JSON file on this. Yeah.\nBrent Baude: Yeah, and I would suggest that we make every bit of effort to hide that. There's a manifest list from people.\nDaniel Walsh: Yeah.\nBrent Baude: unless, People know about it and want to alter specifically the manifest list. I think there's a set of rules. We could kind of come up with that, that would allow for that. Okay, we best move on.\nBrent Baude: The the next one is around this podman machine and the OCI images. This is this is essentially where you can build your own images or we could distribute our images, or epcot's images via something like quick,\nBrent Baude: This is a pretty big advantage for us. It, it also has a few upsides, one of which I listed there, but\nBrent Baude: this is, this could be a potentially breaking visible change in the sense that we're changing how pot Padman machine gets its content So that's why I have it kind of associated with five, but I also the same time we'd be using this. My plan was that we would use this to enforce this. That the version of the client, dictates the version of the guest. And so, if you have a Mac and you're using pie man for eight, you're gonna or rather five, oh, you're gonna get a 50. You're gonna get a 50.\nBrent Baude: Guest operating environment. Inside the machine and if you're at five one, you'll get a five one. This eliminates, our problem of mismatched. Clients and servers so to speak. It's sort of a double whammy.\nDaniel Walsh: it also allows people to lock in, at a specific version, so as we, as we start to go out for\nDaniel Walsh: Enterprise customers. They're going to want to building for. You know. A specific version of the operating system. I want to build on that up that level of the operating system so they can Guarantee that this will work with the podmin for six version of odd men. For instance of say that is five five seven and they want their service are all at five three. Then they can log in and build on a five, three based image.\nBrent Baude: Yeah.\nDaniel Walsh: Test.\nAnders F Bj\xf6rklund: And what is the, what is the difference between this and having a URL for the image?\nBrent Baude: It's the the image is, is different on there. So For example. Today, we pull down a few cow for qmu. In and\u2026\nAnders F Bj\xf6rklund: Yeah.\nBrent Baude: so in the future, we would pull down an OCI image.\nBrent Baude: Not a cute girl.\nAnders F Bj\xf6rklund: Right. But I mean, if you wanted to fix the version, you could do that by providing a custom image to direct. But this would make it easier to host.\nBrent Baude: Yeah, we're\nAnders F Bj\xf6rklund: It doesn't.\nBrent Baude: It would, but we're desperately trying to stay out of the developing our own fedora chorus and having to do things outside of what Fedora chorus, the team offers.\nAnders F Bj\xf6rklund: That was just wondering if there was a benefit if you had a Web server serving images. Today, if there was a benefit of moving it to OCI images in a registry instead.\nBrent Baude: And yeah, I don't know. but the tagging of the, you know, the tagging ability there and how image, registries are organized are Quite beneficial.\nAnders F Bj\xf6rklund: Yeah, and I guess you don't have to maintain two different types of servers would be. A benefit to some.\nBrent Baude: Something like that. Yep.\nDaniel Walsh: You know.\nChristopher Evich: The city and Cdns aspect. This one.\nDaniel Walsh: Right. We'd like to get to a world where all software shipped fear. Image. It's basically image repositories which Are whether they're coming as containers or operating systems.\n00:45:00\nAnders F Bj\xf6rklund: Or packages. Yeah. Yeah.\nBrent Baude: Okay? And the last one you guys have for those that are on the team, you've heard me kick this topic around recently and it's Probably appropriate for for V5 since it theoretically is a change that users would be impacted by. But essentially right now for running Padman machine depending on the hypervisor and the operating system being used, we have to have various services. running, whether it would be traffic forwarding, whether it would be for vsoc, listening, Whether it might be for Vert. Iowa Fest. And so on.\nBrent Baude: VF Kit would be another one. so, we've talked about whether we should continue to have these microservices and try to continue to manage them as such or whether we assimilate. Into a single service with Microservices underneath it. So that's an idea.\nDaniel Walsh: Any comments on any of this, anybody else have ideas of what they would like to see us have in padman 5.\nDaniel Walsh: Good everybody.\nAnders F Bj\xf6rklund: And dance, some of those storage ideas.\nMartin Jackson: It is.\nDaniel Walsh: Go Anders.\nAnders F Bj\xf6rklund: Yeah, so and there was some talk about like IPF storage and similar. I compared to peer storage and so on. I was wondering if any of that is coming to containers image and therefore podman.\nAnders F Bj\xf6rklund: So that you could both split up your your layers into smaller files and then distribute those files. With our peer-to-peer type of registry.\nDaniel Walsh: I guess Valentin or Miller's life, if you thought about that or Giuseppe.\nAnders F Bj\xf6rklund: And also talk on Foster. I might\nMatt Heon: We have none of those people on the call. Dan Unfortunately, Valentin actively early. So I think it's a I think it's a good idea.\nDaniel Walsh: Um, yeah. Yeah, and just The Anders, could we put that in for discussion on the next Meetup? The next one of these, That seems like a decent conversation.\nAnders F Bj\xf6rklund: Yes.\nDaniel Walsh: I'll also move container shell. To the next discussion for those that don't. I've had two meetings in the last week with different customers who are looking to control users on a service. So the idea would be potentially to allow us to customize their environment. Basically imagine logging into a system, getting stuck into a, A container. And that's what I just calling a container shelf and now, but we don't have time for that. Martin, you get to talk my talk.\nMartin Jackson: Okay, sure. I was wondering, you know, with the, the kind of marketing aspect of the major rep whether Quadlet would get promoted from, you know, kind of experimental tech preview to, you know, fully supported and, and get some more marketing around it.\nDaniel Walsh: Yeah yes definitely. Although sometimes we do that that's more of a real thing than a necessarily.\nMartin Jackson: Yeah.\nDaniel Walsh: Yeah you know but yeah definitely quadlet would be police fully supported at that time, matter fact, container shell would be Also looking at extending quadlet to allow use users to define quadlets for users. As opposed to quadrant for system services. So that's\nPaul Holzinger: Speaking. And speaking for upstream, I would say Quadlet is fully supported like we five bucks, we fix bucks. People come in with ideas. So\nMartin Jackson: Oh, I'm using the heck out of quadlet and I love it. You know, I I it is it is one of the coolest things to happen in the pod, man, ecosystem, you know, in my mind like ever, I've got it running game servers, I've got it, running my automatic ripping machine and since we're being recorded, I'm not going to incriminate myself, but, you know, I love it.\n00:50:00\nDaniel Walsh: Good. we got no, we've gotten a lot of nice feedback and now now the idea is to get more of the word out to get People blogging people, it's showing, I would love to have people start to distribute quadlets and saying, This is how I run this service underneath, you know, system D. And as we move to a judge devices, I think quadlet is critical.\nMartin Jackson: I I totally agree with that thought.\nDaniel Walsh: And it's really, really simple. So that's what I think. That's what everybody likes about it.\nDaniel Walsh: So it's Valentin left. We don't have to so valentin's. I'll I'll be the devil's advocate and make myself Valentin. Now he without you is that we never break anybody, he wants He wanted to talk about\nDaniel Walsh: Sort of. Leanestabolus's idea that you never break an application by updating the kernel and i we could argue back and forth, obviously don't want to break people but we also don't want to be Carrying old crafty code for forever. So the for me, it's more about pushing the envelope. So, my concern is that when you don't, Break anybody? You end up with the same code that you had in 2012. So for instance, I pushed updates that have broken people to make things more secure, because some the false picked by darker war were bad. So my concern when we say we never break anybody is that we get stuck.\nDaniel Walsh: You know, just doing stuff the same way as we have for the last 10 years even though they're a better ways like Zstd for storing images and you know, and we have a even secretary too. It's like we get stuck. As he was three one forever. So sort of the Fedora mattress mantra is what I like which is okay. Let's push people to its these these new changes and some people are going to drag drag behind and we try to keep them as happy as possible. But we need to push the the technologies and I think this is partly why Docker was in a relief for three years is because they get stuck in this. And those quandary. So but I agree that both arguments are valid and you know, since a lot of the people in this call are supporting rel for 10 years, we're going to be stuck supporting this stuff for\nDaniel Walsh: You know many many years but I think we can push the upstream a little bit faster to take advantage of new technologies as they come along.\nMatt Heon: It would be an easier sell if we Publicly maintained long-term support branches of V4 for a longer time. I think our upstream position is that V4 is going to go out of support the very moment that V5 comes out. We do have to support it for REL for a while, but that's not really an upstream thing. So maybe we could formally announce upstream support of some degree for a long-term fee for branch just to keep people. Overall, we do the breaking change v5 thing.\nDaniel Walsh: Yeah. But people have to understand that they won't be getting new features. So if on the floor, yeah. Okay,\u2026\nMartin Jackson: I mean I think I think people kind of get that they wouldn't be getting new features with that kind of thing.\nDaniel Walsh: for example.\nMartin Jackson: But In.\nAnders F Bj\xf6rklund: I'm not sure if you seen the Ubuntu support for podman people want a stable version and the latest version at the same time in Debian, stable release. But but I viewed apartments support is not so much kernel, it's more like Python. So you would have Python 2 and I thought that were like Be around forever and then you have a Python 3 that you try to push to people and no one will take it.\nDaniel Walsh: Right. I know it took it until Fedora basically turned off by then too, right? So\nAnders F Bj\xf6rklund: Yeah. And that in a decade past or something. That's your\nTom Sweeney: And just looking at the clock I'm gonna push a little bit to wrap us up here. Matt that you want to say anything about the demo or on bookfix week before you head out.\nMatt Heon: Sure, I can keep this quick. So the Pod Man Core team is going to be doing a bug week for the next week. Not just the podman team builder and Scorpio and everyone else should be involved as well. But as part of this, we are encouraging. Anyone who wants to fix bugs or have bug fixed, please focus. And let us know that you can see or something high priority or even better. Please comment on a book and say I'd like to work on this next week and we will get it assigned to you or try and get a prioritized. And the goal is to guys make books we can fix over the next week and then do some stability releases week after\n00:55:00\nDaniel Walsh: Yeah. So what we work on the next week will be in five man four or five dot one. This is the goal. To put more.\nMatt Heon: Yeah, we'll do a\nChristopher Evich: It might be might be worth putting that invitation out on the mailing list.\nMatt Heon: Yeah, I can send an email.\nTom Sweeney: Okay, great. That word running out of clocks. So I am going to just announce real quickly that we're having our next meeting on May 18th for the Cabal and then June 6th for the community meeting. And I'd like to thank you all for being here. Today, I'm gonna hang up on the recorder.\nTom Sweeney: No recording. Anybody want to say anything other than let's go to lunch?\nTom Sweeney: Or dinner, depending on where you're at.\nTom Sweeney: Right folks, that's it. Thank you so much. Bye.\nAnders F Bj\xf6rklund: Yeah, bye.\nMeeting ended after 00:56:50 \ud83d\udc4b\n\n")))}Ua.isMDXComponent=!0;const Ya={},za="Podman Community Meeting",qa=[{value:"March 2, 2021 11:00 a.m. Eastern (UTC-5)",id:"march-2-2021-1100-am-eastern-utc-5",level:2},{value:"Attendees (35 total)",id:"attendees-35-total",level:3},{value:"Meeting Start: 11:03 a.m.",id:"meeting-start-1103-am",level:2},{value:"BlueJeans Recording",id:"bluejeans-recording",level:3},{value:"Multi-arch capabilities in Podman and Buildah",id:"multi-arch-capabilities-in-podman-and-buildah",level:2},{value:"Dan Walsh",id:"dan-walsh",level:3},{value:"(1:44 in the video)",id:"144-in-the-video",level:4},{value:"podman-py roadmap",id:"podman-py-roadmap",level:2},{value:"Jhon Honce",id:"jhon-honce",level:3},{value:"(13:45 in the video)",id:"1345-in-the-video",level:4},{value:"Podman Packages on Kubic",id:"podman-packages-on-kubic",level:2},{value:"Lokesh Mandvekar",id:"lokesh-mandvekar",level:3},{value:"(23:06 in the video)",id:"2306-in-the-video",level:4},{value:"krunvm demonstration",id:"krunvm-demonstration",level:2},{value:"Sergio Lopez",id:"sergio-lopez",level:3},{value:"(28:35 in the video)",id:"2835-in-the-video",level:4},{value:"Tent demonstration",id:"tent-demonstration",level:2},{value:"Farhan Chowdury",id:"farhan-chowdury",level:3},{value:"(40:56 in the video)",id:"4056-in-the-video",level:4},{value:"Containers Plumbing Conference -",id:"containers-plumbing-conference--",level:2},{value:"Questions?",id:"questions",level:2},{value:"(51:20) in the video)",id:"5120-in-the-video",level:4},{value:"Topics for Next Meeting",id:"topics-for-next-meeting",level:2},{value:"Next Meeting: Tuesday April 6, 2021, 8:00 p.m. Eastern (UTC-4)",id:"next-meeting-tuesday-april-6-2021-800-pm-eastern-utc-4",level:2},{value:"Meeting End: 12:01 p.m. Eastern (UTC-5)",id:"meeting-end-1201-pm-eastern-utc-5",level:3},{value:"Fun Fact:",id:"fun-fact",level:2},{value:"BlueJeans Chat copy/paste:",id:"bluejeans-chat-copypaste",level:2}],Va={toc:qa},Ka="wrapper";function Za(e){let{components:t,...n}=e;return(0,me.kt)(Ka,(0,K.Z)({},Va,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-meeting"},"Podman Community Meeting"),(0,me.kt)("h2",{id:"march-2-2021-1100-am-eastern-utc-5"},"March 2, 2021 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h3",{id:"attendees-35-total"},"Attendees (35 total)"),(0,me.kt)("p",null,"Tom Sweeney, Brent Baude, Jhon Honce, Dan Walsh, Chris Evich, Lokesh Mandvekar, Urvashi Mohnani, Nalin Dahyabhai, Eduardo Santiago, Valentin Rothberg, Giuseppe Scrivano, Miloslav Trmac, Parker Van Roy, Preethi Thomas, Neal Gompa, Matt Heon, Greg Shomo, Dan Walsh, Mayur Shetty, Ed Haynes, Juanje Ojeda, Ashley Cui, Christian Felder, Paul Holzinger, Shion Tanaka, Alex Litvak, Divyansh Kamboj, Marcin Skarbek, Sergio Lopez, James Cassell"),(0,me.kt)("h2",{id:"meeting-start-1103-am"},"Meeting Start: 11:03 a.m."),(0,me.kt)("h3",{id:"bluejeans-recording"},"BlueJeans ",(0,me.kt)("a",{parentName:"h3",href:"https://bluejeans.com/s/w9MNLQGTmf3"},"Recording")),(0,me.kt)("h2",{id:"multi-arch-capabilities-in-podman-and-buildah"},"Multi-arch capabilities in Podman and Buildah"),(0,me.kt)("h3",{id:"dan-walsh"},"Dan Walsh"),(0,me.kt)("h4",{id:"144-in-the-video"},"(1:44 in the video)"),(0,me.kt)("p",null,"Dan started with a demo on multi-arch. Highlited qemu-user-static which is required to be installed. It allows a Linux kernel to run multi-arch under qemu."),(0,me.kt)("p",null,"He showed ",(0,me.kt)("inlineCode",{parentName:"p"},"podman build --pull --manifest myimage /tmp/test")," this created a manifest image with a link to the one he's creating."),(0,me.kt)("p",null,"Then he specified an arch of arm64 ",(0,me.kt)("inlineCode",{parentName:"p"},"podman build --pull --manifest myimage --arch arm64 /tmp/test")," and then s390 ",(0,me.kt)("inlineCode",{parentName:"p"},"podman build --pull --manifest myimage --arch s390 /tmp/test")," and it pulled that architecture version of the image all while being on an x86 machine."),(0,me.kt)("p",null,(0,me.kt)("inlineCode",{parentName:"p"},"podman manifest inspect myimage")," shows it has 3 different images as part of it."),(0,me.kt)("p",null,"Let's you build and manipulate multi-arch images locally or through the tool. It's a new feature as of Podman v3.0."),(0,me.kt)("p",null,"Linux kernel is smart enough to run it under the right architecture due to qemu and a runtime binary loader. Applicable on X86 on a Raspberry Pi."),(0,me.kt)("p",null,"Used UBI for the demo, careful doing in Fedora as it can take a long time, especially in comparision to RHEL."),(0,me.kt)("p",null,"Neal asked if you could build it for multi arch and then push without having to do push by hand for each. Dan pointed out that's what the manifest flag is pointed towards. Currently in ",(0,me.kt)("inlineCode",{parentName:"p"},"buildah bud"),", ",(0,me.kt)("inlineCode",{parentName:"p"},"buildah commit")," and ",(0,me.kt)("inlineCode",{parentName:"p"},"podman build"),". That's all in Podman v3.0 and Buildah v1.19.6"),(0,me.kt)("h2",{id:"podman-py-roadmap"},"podman-py roadmap"),(0,me.kt)("h3",{id:"jhon-honce"},"Jhon Honce"),(0,me.kt)("h4",{id:"1345-in-the-video"},"(13:45 in the video)"),(0,me.kt)("p",null,"Jhon gave a road map of where we're going."),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("a",{parentName:"li",href:"https://github.com/containers/podman-py"},"https://github.com/containers/podman-py")," - Repository\n\u2022 ",(0,me.kt)("a",{parentName:"li",href:"https://docker-py.readthedocs.io/en/stable/"},"https://docker-py.readthedocs.io/en/stable/")," - Document\n\u2022 ",(0,me.kt)("a",{parentName:"li",href:"https://github.com/containers/podman-py/pull/53"},"https://github.com/containers/podman-py/pull/53")," - Committed PR1\n\u2022 ",(0,me.kt)("a",{parentName:"li",href:"https://github.com/containers/podman-py/pull/55"},"https://github.com/containers/podman-py/pull/55")," - In flight PR2")),(0,me.kt)("p",null,"Stubbed out ssh adapter, but not much code yet. If you want to drive pods, you'll be able to do so via calls to libpod from Pyton. Want to emulate success of the Podman API and hope to replicate it for Python too in this project. Will publish to python py (Jhon verify). Targeting Python 3.6 and Podman 3."),(0,me.kt)("p",null,"What's different than using docker-py?\nYou have script that works with pod. docker-py won't give you access to pods, podman-py will. So you'll be able to move docker-py script and then add pod manipulation to it."),(0,me.kt)("p",null,'How does libpod go work from python?\npodman-py communicates with Podman service via RESTful API between python and libpod go code. The URL\'s will in essence have "/libpod" embedded within.'),(0,me.kt)("p",null,"Will unprivileged access be allowed?\nYes, Using systemctl --user configuration."),(0,me.kt)("p",null,"Brent showed doc with more info: ",(0,me.kt)("a",{parentName:"p",href:"https://podman.readthedocs.io/en/latest/_static/api.html"},"https://podman.readthedocs.io/en/latest/_static/api.html")),(0,me.kt)("h2",{id:"podman-packages-on-kubic"},"Podman Packages on Kubic"),(0,me.kt)("h3",{id:"lokesh-mandvekar"},"Lokesh Mandvekar"),(0,me.kt)("h4",{id:"2306-in-the-video"},"(23:06 in the video)"),(0,me.kt)("p",null,"Applies to debian, ubuntu and raspberry. Posted a link:\n",(0,me.kt)("a",{parentName:"p",href:"https://podman.io/blogs/2021/03/02/podman-support-for-older-distros.html"},"https://podman.io/blogs/2021/03/02/podman-support-for-older-distros.html")),(0,me.kt)("p",null,"Podman v3.0 won't be supported on older variants of these distributions."),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"CentOS 8 Kubic repo will be supported only as long as CentOS 8 itself is alive.")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"CentOS Stream Kubic repo will keep going, though I highly recommend you use the packages from the default repos as they are often fairly current and are known to have passed RHEL's gating tests.")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"For Debian 11, I will not enable the Kubic repo as Debian 11 will have podman included in the default repos itself.")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"For Ubuntu, I will enable packages for Ubuntu 21.04 and 21.10 when they release. But, the 22.04 LTS release which is more than a year into the future will have podman in the base repos itself, so the plan for now is to not enable the Kubic repo for 22.04."))),(0,me.kt)("p",null,"If support is needed for older variants, Lokesh will need volunteers to help with that."),(0,me.kt)("p",null,"Packaging on official repo's."),(0,me.kt)("p",null,"Neal suggests turning off Debian Testing and Next/Unstable, he suggests turning them off now for releases that won't be supported."),(0,me.kt)("p",null,"Neal might be able to help with support with Ubuntu LTS in the Kubic repo in some instances."),(0,me.kt)("h2",{id:"krunvm-demonstration"},"krunvm demonstration"),(0,me.kt)("h3",{id:"sergio-lopez"},"Sergio Lopez"),(0,me.kt)("h4",{id:"2835-in-the-video"},"(28:35 in the video)"),(0,me.kt)("p",null,"Dynamic library that enables other programs to easily gain virtulization-based isolation capabilities with a minimum foot print."),(0,me.kt)("p",null,"Sources"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("a",{parentName:"li",href:"https://github.com/containers/libkrun"},"https://github.com/containers/libkrun")),(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("a",{parentName:"li",href:"https://github.com/containers/krunvm"},"https://github.com/containers/krunvm"))),(0,me.kt)("p",null,"COPR repo for Fedora"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("a",{parentName:"li",href:"https://copr.fedorainfracloud.org/coprs/slp/krunvm/"},"https://copr.fedorainfracloud.org/coprs/slp/krunvm/"))),(0,me.kt)("p",null,"Included in openSUSE Virtualization project"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("a",{parentName:"li",href:"https://build.opensuse.org/package/show/Virtualization/krunvm"},"https://build.opensuse.org/package/show/Virtualization/krunvm"))),(0,me.kt)("p",null,"Homebrew Tap for macOS/arm64 (M1-based devices)"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("a",{parentName:"li",href:"https://github.com/slp/homebrew-krun"},"https://github.com/slp/homebrew-krun"))),(0,me.kt)("p",null,"Demo started (29:43)"),(0,me.kt)("p",null,"On ARM Mac, used ",(0,me.kt)("inlineCode",{parentName:"p"},"krunvm create fedora"),".\n",(0,me.kt)("inlineCode",{parentName:"p"},"krunvm start fedora-podman")),(0,me.kt)("p",null,"Changed containers.conf on his linux machine and can now run the container on his Linux box."),(0,me.kt)("p",null,"He then used the podman remote service ",(0,me.kt)("inlineCode",{parentName:"p"},"krunvm changevm fedora-podman -p 55555:55555 -p 8080:80")),(0,me.kt)("p",null,"Then from the container\n'podman --log-level info system service -t -o tcp::55555'"),(0,me.kt)("p",null,"He was then able to run podman commands on the mac in the minivm."),(0,me.kt)("p",null,"Questions:\nCan you share the host filesystem with the minivm?\nYes, using krunvm."),(0,me.kt)("p",null,"Does krunvm support Intel Mac?\nIt does not support Intel Mac currently."),(0,me.kt)("p",null,"Do you plan to put libkrunvm in brew proper?\nHe does, but needs to rework the PR implementing virtio-fs attributes support in Buildah. After that's complete, he's going to try to get it accepted in brew."),(0,me.kt)("p",null,"Dan discussed that the Podman Mac effort is to do brew install podman and then ask if you want a vm to run it on. Krunvm might be a part of that solution. End goal to just do ",(0,me.kt)("inlineCode",{parentName:"p"},"podman run ...")),(0,me.kt)("h2",{id:"tent-demonstration"},"Tent demonstration"),(0,me.kt)("h3",{id:"farhan-chowdury"},"Farhan Chowdury"),(0,me.kt)("h4",{id:"4056-in-the-video"},"(40:56 in the video)"),(0,me.kt)("p",null,"Tent a development only dependency manager"),(0,me.kt)("p",null,"Solves:\nCumbersome install process\nUnavailability in a certain platform\nConflicts between multiple versions."),(0,me.kt)("p",null,"Demo (42:10)"),(0,me.kt)("p",null,"Showed ",(0,me.kt)("inlineCode",{parentName:"p"},"tent start mysql")),(0,me.kt)("p",null,"It created a mysql server on the system. He set up a sql server in the container. Now the server can be used as if mysql was installed on the system."),(0,me.kt)("p",null,"With tent you can stop/start your services."),(0,me.kt)("p",null,"Future Plans:\nFix Bugs\nAdd More services\nRefactor the code base\nImprove ovall user experience."),(0,me.kt)("p",null,"Is there a way to run systemd now? No.\nDoes this run as root or rootless? It runs as rootless only at this point."),(0,me.kt)("p",null,"Link to the slides - ",(0,me.kt)("a",{parentName:"p",href:"https://docs.google.com/presentation/d/1BRQET4UkPyPBrhSpJuFoYzLYZe1CfLI6bmhzlEcmWcY/edit?usp=sharing"},"https://docs.google.com/presentation/d/1BRQET4UkPyPBrhSpJuFoYzLYZe1CfLI6bmhzlEcmWcY/edit?usp=sharing"),"\nLink to the repo - ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/fhsinchy/tent"},"https://github.com/fhsinchy/tent")),(0,me.kt)("h2",{id:"containers-plumbing-conference--"},"Containers Plumbing Conference -"),(0,me.kt)("p",null,"March 9/10, 9:30 a.m. to 2:00 p.m. Eastern (UTC -4) Free to attend, register here: ",(0,me.kt)("a",{parentName:"p",href:"https://containerplumbing.org/"},"https://containerplumbing.org/")),(0,me.kt)("h2",{id:"questions"},"Questions?"),(0,me.kt)("h4",{id:"5120-in-the-video"},"(51:20) in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Go module issue discovered by Farhan. go.mod target for Podman is requiring a full name. Matt Heon noted it is fixed in Podman v3.0.2."),(0,me.kt)("li",{parentName:"ol"},"How to tell which version of Buildah is in Podman? Yes in ",(0,me.kt)("inlineCode",{parentName:"li"},"podman info"),", also included in API headers for /version endpoint")),(0,me.kt)("h2",{id:"topics-for-next-meeting"},"Topics for Next Meeting"),(0,me.kt)("h2",{id:"next-meeting-tuesday-april-6-2021-800-pm-eastern-utc-4"},"Next Meeting: Tuesday April 6, 2021, 8:00 p.m. Eastern (UTC-4)"),(0,me.kt)("h3",{id:"meeting-end-1201-pm-eastern-utc-5"},"Meeting End: 12:01 p.m. Eastern (UTC-5)"),(0,me.kt)("h2",{id:"fun-fact"},"Fun Fact:"),(0,me.kt)("p",null,'The initial name for the Ford Mustang, "Mustang" was rejected initially as the tie in for the name was the WWII P-51 Mustang fighter plane. The designer, John Najjar, re-pitched the name "Mustang" later, but this time with a tie in to Horses. The second pitch was accepted.'),(0,me.kt)("h2",{id:"bluejeans-chat-copypaste"},"BlueJeans Chat copy/paste:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Me10:53 AM\nPlease sign in and ask questions in hackmd: https://hackmd.io/fc1zraYdS0-klJ2KJcfC7w?both\nNeal Gompa11:00 AM\nhey all! :D\nSergio Lopez Pascual11:05 AM\nI'm here :-)\nNeal Gompa11:06 AM\nyay, multiarch through qemu :D\nJames Cassell11:10 AM\n3.0 also broke rootless overlay mounts...\nMatt Heon11:10 AM\nEh? Is there a bug for that?\nFirst I've heard of this\nJames Cassell11:11 AM\nI didn't see one in podman, but asked in #podman this morning... maybe it exists in buildah, searching now.\nJuanje Ojeda11:13 AM\nWe use this (with Buildah) quite a lot at the project CKI. We build a lot of multi-arch images.\nWe love it :-)\nMatt Heon11:14 AM\n@James - if you can't find one on Buildah please open a new one\njhonce11:17 AM\nhttps://github.com/containers/podman-py\njhonce11:21 AM\n\u2022 https://docker-py.readthedocs.io/en/stable/\n\u2022 https://github.com/containers/podman-py/pull/53\n\u2022 https://github.com/containers/podman-py/pull/55\nBrent Baude11:24 AM\nhttps://podman.readthedocs.io/en/latest/_static/api.html\n^^ i think this sort of illuminates what Jhon is saying\nnote compat buckets\nLokesh Mandvekar11:26 AM\nhttps://podman.io/blogs/2021/03/02/podman-support-for-older-distros.html\nBrent Baude11:26 AM\nalso noteworthy, your milage may vary using docker-py rootless\nJames Cassell11:34 AM\nWSL2 for Mac?\nLudo C.11:38 AM\nis there is a way to share host filesystem with the mini vm ?\nShion Tanaka11:39 AM\nDoes krunvm support Intel Mac?\nLudo C.11:41 AM\nthat's great, thanks\nAshley Cui11:42 AM\nOh I'm here\nMe11:42 AM\nyeah!\nLudo C.11:44 AM\nI find it great for Linux to have a better isolation, I will definitely try it out\nBrent Baude11:46 AM\n@sergio, do you plan to put libkrun in brew proper?\nSergio Lopez Pascual11:50 AM\n@brent I do. I need to rework the PR implementing virtio-fs attributes support in buildah, but afterwards I'll try to get libkrun/krunvm accepted.\nChristian Felder11:50 AM\nis there a way to generate systemd services for your tents?\ndo you use the current user running the containers or how do you distinguish root-/-less?\nChristian Felder11:52 AM\nthanks\njhonce11:53 AM\nCool stuff!\nNeal Gompa11:53 AM\nnice!\nBrent Baude11:55 AM\n@sergio, can you stick behind so you and I can talk a little\nSergio Lopez Pascual11:55 AM\n@brent sure\nNeal Gompa11:56 AM\nanyway folks, thanks for all this\nShion Tanaka11:56 AM\n@sergio Thanks for the answer about Intel Mac!\nNeal Gompa11:56 AM\nI gotta go now!\nbut thanks :D\nLokesh Mandvekar11:56 AM\nthanks Neal\nNeal Gompa11:57 AM\nLokesh, we should talk offline at some point about the Kubic stuff\nLokesh Mandvekar11:57 AM\nsure thing!\nGreg Shomo (NU)11:59 AM\nhttps://containerplumbing.org/schedule\nDan Walsh11:59 AM\nhttps://containerplumbing.org/\nLudo C.11:59 AM\nI'm in :)\nBrent Baude12:00 PM\ndan, please stick around\nMe12:00 PM\nFun Fact: The initial name for the Ford Mustang, \"Mustang\" was rejected initially as the tie in for the name was the WWII P-51 Mustang fighter plane. The designer, John Najjar, re-pitched the name \"Mustang\" later, but this time with a tie in to Horses. The second pitch was accepted.\nChristian Felder12:01 PM\nThanks. Have a nice day. Bye\nEd Santiago12:01 PM\nthank you! nice work!\nLudo C.12:01 PM\nThanks, bye !\nMarcin12:03 PM\nIs switching runc/curn with krunvm to run each container in separate vm wouldn't be better than using single vm and run podman on it?\nGreg Shomo (NU)12:10 PM\nthank you, everyone, for your time && have a good one !\nMe12:14 PM\n@Matt Heon, I opened the buildah bug for broken rootless overlay mounts since podman 3.0 and buildah 1.19 https://github.com/containers/buildah/issues/3051\nSergio Lopez Pascual12:18 PM\nhttps://github.com/containers/libkrun/blob/main/examples/chroot_vm.c\n\n")))}Za.isMDXComponent=!0;const Qa={},_a="Podman Community Meeting",Xa=[{value:"August 3, 2021 11:00 a.m. Eastern (UTC-4)",id:"august-3-2021-1100-am-eastern-utc-4",level:2},{value:"Attendees (22 total)",id:"attendees-22-total",level:3},{value:"Meeting Start: 11:03 a.m.",id:"meeting-start-1103-am",level:2},{value:"BlueJeans Recording",id:"bluejeans-recording",level:3},{value:"General Announcements",id:"general-announcements",level:2},{value:"Tom Sweeney",id:"tom-sweeney",level:3},{value:"Demo: podman run --requires",id:"demo-podman-run---requires",level:2},{value:"Matt Heon",id:"matt-heon",level:3},{value:"(2:30 in the video)",id:"230-in-the-video",level:4},{value:"Demo: podman image scp",id:"demo-podman-image-scp",level:2},{value:"Charlie Doern",id:"charlie-doern",level:3},{value:"(6:57 in the video)",id:"657-in-the-video",level:4},{value:"Rootless Docker Compose Status",id:"rootless-docker-compose-status",level:2},{value:"Paul Holzinger",id:"paul-holzinger",level:3},{value:"(17:20 in the video)",id:"1720-in-the-video",level:4},{value:"Demo: podman secrets --env",id:"demo-podman-secrets---env",level:2},{value:"Ashley Cui",id:"ashley-cui",level:3},{value:"(22:34 in the video)",id:"2234-in-the-video",level:4},{value:"Demos:",id:"demos",level:2},{value:"Rootless Podman with rootless overlay",id:"rootless-podman-with-rootless-overlay",level:3},{value:"podman run --group-add",id:"podman-run---group-add",level:3},{value:"podman /etc/hosts, host.containers.internal support",id:"podman-etchosts-hostcontainersinternal-support",level:3},{value:"Dan Walsh",id:"dan-walsh",level:3},{value:"(25:40 in the video)",id:"2540-in-the-video",level:4},{value:"Rootless podman with rootless overlay",id:"rootless-podman-with-rootless-overlay-1",level:5},{value:"podman run group-add",id:"podman-run-group-add",level:5},{value:"podman /etc/hosts, host.containers.internal support",id:"podman-etchosts-hostcontainersinternal-support-1",level:5},{value:"Questions?",id:"questions",level:2},{value:"(35:10) in the video)",id:"3510-in-the-video",level:4},{value:"Topics for Next Meeting",id:"topics-for-next-meeting",level:2},{value:"Next Meeting: Tuesday September 7, 2021, 11:00 a.m. Eastern (UTC-4)",id:"next-meeting-tuesday-september-7-2021-1100-am-eastern-utc-4",level:2},{value:"Next Cabal Meeting: Thursday August 19, 2021, 10:00 a.m. Eastern (UTC-4)",id:"next-cabal-meeting-thursday-august-19-2021-1000-am-eastern-utc-4",level:2},{value:"Meeting End: 11:43 a.m. Eastern (UTC-4)",id:"meeting-end-1143-am-eastern-utc-4",level:3},{value:"BlueJeans Chat copy/paste:",id:"bluejeans-chat-copypaste",level:2}],$a={toc:Xa},eo="wrapper";function to(e){let{components:t,...n}=e;return(0,me.kt)(eo,(0,K.Z)({},$a,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-meeting"},"Podman Community Meeting"),(0,me.kt)("h2",{id:"august-3-2021-1100-am-eastern-utc-4"},"August 3, 2021 11:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h3",{id:"attendees-22-total"},"Attendees (22 total)"),(0,me.kt)("p",null,"Tom Sweeney, Brent Baude, Jhon Honce, Dan Walsh, Chris Evich, Urvashi Mohnani, Nalin Dahyabhai, Eduardo Santiago, Matt Heon, Ashley Cui, Paul Holzinger, Erik Bernoth, Charlie Doern, Chris Evich, Greg Shomo, Scott McCarty, Anders Bj\xf6rklund, Lokesh Mandvekar"),(0,me.kt)("h2",{id:"meeting-start-1103-am"},"Meeting Start: 11:03 a.m."),(0,me.kt)("h3",{id:"bluejeans-recording"},"BlueJeans ",(0,me.kt)("a",{parentName:"h3",href:"https://bluejeans.com/s/KyZqj8gBg1E"},"Recording")),(0,me.kt)("h2",{id:"general-announcements"},"General Announcements"),(0,me.kt)("h3",{id:"tom-sweeney"},"Tom Sweeney"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Twitter Handles: ",(0,me.kt)("a",{parentName:"li",href:"https://twitter.com/Podman_io"},"@Podman_io"),", ",(0,me.kt)("a",{parentName:"li",href:"https://twitter.com/Buildah_io"},"@Buildah_io"))),(0,me.kt)("h2",{id:"demo-podman-run---requires"},"Demo: ",(0,me.kt)("inlineCode",{parentName:"h2"},"podman run --requires")),(0,me.kt)("h3",{id:"matt-heon"},"Matt Heon"),(0,me.kt)("h4",{id:"230-in-the-video"},"(2:30 in the video)"),(0,me.kt)("p",null,"Demo (started at 2:40)"),(0,me.kt)("p",null,"Containers can now start other related containers. This has been available prior, but now you can specify it yourself starting in Podman v3.3.0"),(0,me.kt)("p",null,"Add requires flag to ",(0,me.kt)("inlineCode",{parentName:"p"},"podman run")," command and specify another container (test1) and it started that container when (test2) started."),(0,me.kt)("p",null,"This only works for starting, it does not apply to stop. You can't rm one container without rm'ing the other."),(0,me.kt)("p",null,"Asciinema of demo can be found at ",(0,me.kt)("a",{parentName:"p",href:"https://asciinema.org/a/EBeup6xO8UDeGYYbPEYxxP3xN"},"here"),"."),(0,me.kt)("h2",{id:"demo-podman-image-scp"},"Demo: ",(0,me.kt)("inlineCode",{parentName:"h2"},"podman image scp")),(0,me.kt)("h3",{id:"charlie-doern"},"Charlie Doern"),(0,me.kt)("h4",{id:"657-in-the-video"},"(6:57 in the video)"),(0,me.kt)("p",null,"Use scp within the ",(0,me.kt)("inlineCode",{parentName:"p"},"podman image")," command to copy the image to a remote machine. It can also be used to copy from a remote host to another remote host."),(0,me.kt)("p",null,"Demo (started at 7:30)"),(0,me.kt)("p",null,"Showed the scp in action to the machine fed."),(0,me.kt)("p",null,"He then showed how to pull an image from a remote machine and loading it onto the local machine. It allows copying to or from. This can also work from remote to remote."),(0,me.kt)("p",null,"Being able to copy from root to local is something that's not working now, but being worked."),(0,me.kt)("p",null,(0,me.kt)("a",{parentName:"p",href:"https://asciinema.org/a/RuOweVQ7g4elLSyiPVS09uAxk"},"First asciinema demo")),(0,me.kt)("p",null,"Charlie then showed how to use ssh like targets, and then showed an invalid connection."),(0,me.kt)("p",null,(0,me.kt)("a",{parentName:"p",href:"https://asciinema.org/a/9pinVx16gUjlrdLN5ZEmoR6SZ"},"Second asciinema demo")),(0,me.kt)("p",null,"The double colon is needed for parsing, the code knows you're not using a tag. Should help with the readablity too."),(0,me.kt)("h2",{id:"rootless-docker-compose-status"},"Rootless Docker Compose Status"),(0,me.kt)("h3",{id:"paul-holzinger"},"Paul Holzinger"),(0,me.kt)("h4",{id:"1720-in-the-video"},"(17:20 in the video)"),(0,me.kt)("p",null,"Paul showed a series of Docker Compose commands that created a wordpress window. When connecting to a port, a rootless used can not use port 80, so port 8080 had to be specified."),(0,me.kt)("p",null,"Start and enable the podman user socket:\n",(0,me.kt)("inlineCode",{parentName:"p"},"systemctl --user enable --now podman.socket")),(0,me.kt)("p",null,"Export the ",(0,me.kt)("inlineCode",{parentName:"p"},"DOCKER_HOST")," environment variable to make sure docker-compose connects to the right socket:\n",(0,me.kt)("inlineCode",{parentName:"p"},"export DOCKER_HOST=unix://$XDG_RUNTIME_DIR/podman/podman.sock")),(0,me.kt)("p",null,"Run docker-compose up in a directory with a docker-compose.yaml file.\nThe docker-compose.yaml file used in the video:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"version: '3.7'\nservices:\n db:\n image: mysql:8.0.19\n command: '--default-authentication-plugin=mysql_native_password'\n volumes:\n - db_data:/var/lib/mysql\n restart: always\n environment:\n - MYSQL_ROOT_PASSWORD=somewordpress\n - MYSQL_DATABASE=wordpress\n - MYSQL_USER=wordpress\n - MYSQL_PASSWORD=wordpress\n expose:\n - 3306\n - 33060\n wordpress:\n image: wordpress:latest\n ports:\n - 8080:80\n restart: always\n environment:\n - WORDPRESS_DB_HOST=db\n - WORDPRESS_DB_USER=wordpress\n - WORDPRESS_DB_PASSWORD=wordpress\n - WORDPRESS_DB_NAME=wordpress\nvolumes:\n db_data:\n")),(0,me.kt)("p",null,"Make sure to use a port of 1024 or higher. Rootless users are not allowed to bind ports below 1024 by default. Now run ",(0,me.kt)("inlineCode",{parentName:"p"},"docker-compose up -d"),"."),(0,me.kt)("p",null,"To connect with curl to a running rootles container directly via ip, you need the ",(0,me.kt)("inlineCode",{parentName:"p"},"podman unshare --rootless-cni")," command and then it will work."),(0,me.kt)("h2",{id:"demo-podman-secrets---env"},"Demo: ",(0,me.kt)("inlineCode",{parentName:"h2"},"podman secrets --env")),(0,me.kt)("h3",{id:"ashley-cui"},"Ashley Cui"),(0,me.kt)("h4",{id:"2234-in-the-video"},"(22:34 in the video)"),(0,me.kt)("p",null,"Demo (started at 22:40)"),(0,me.kt)("p",null,"You can change uid, gid and mode of the secret. She created an envvar and then was able to use it. With the env option, you can get to the variable's value. It's created during creation time of the container. You can use the secret as an environment variable inside of the container. If you update the envar locally, it won't be shared."),(0,me.kt)("p",null,"The secret won't be saved to the image, it is only in the container. The value of the environment variable is saved within the container when the container is created rather than when it ran."),(0,me.kt)("h2",{id:"demos"},"Demos:"),(0,me.kt)("h3",{id:"rootless-podman-with-rootless-overlay"},"Rootless Podman with rootless overlay"),(0,me.kt)("h3",{id:"podman-run---group-add"},(0,me.kt)("inlineCode",{parentName:"h3"},"podman run --group-add")),(0,me.kt)("h3",{id:"podman-etchosts-hostcontainersinternal-support"},"podman /etc/hosts, host.containers.internal support"),(0,me.kt)("h3",{id:"dan-walsh"},"Dan Walsh"),(0,me.kt)("h4",{id:"2540-in-the-video"},"(25:40 in the video)"),(0,me.kt)("p",null,"Demo (started at 25:57)"),(0,me.kt)("h5",{id:"rootless-podman-with-rootless-overlay-1"},"Rootless podman with rootless overlay"),(0,me.kt)("p",null,'Showed how to use overlay, which is helpful as fuse-overlayfs has a lot of overhead. This is a big "quiet" feature that people probably won\'t notice.'),(0,me.kt)("h5",{id:"podman-run-group-add"},"podman run group-add"),(0,me.kt)("p",null,"Issues arised with suplemental group ids. If you created a container and tried to look at a directory with these gids, you'd get an access error."),(0,me.kt)("p",null,"How to share the content then? By default, containers drop all groups before you run them as a security precaution. When a rootless container is run, the groups are dropped for security reasons. Now you can add the groups you need with ",(0,me.kt)("inlineCode",{parentName:"p"},"podman run --group-add=keep-groups")," which copies the groups from the host into the container, but giving access only within the container."),(0,me.kt)("h5",{id:"podman-etchosts-hostcontainersinternal-support-1"},"podman /etc/hosts, host.containers.internal support"),(0,me.kt)("p",null,"A new flag, host.containers.internal, allows you to set up an entry in /etc/hosts that gives you the ip address of the host within the containers in the /etc/hosts file in the container."),(0,me.kt)("h2",{id:"questions"},"Questions?"),(0,me.kt)("h4",{id:"3510-in-the-video"},"(35:10) in the video)"),(0,me.kt)("p",null,"No questions or topics. Tom asked Matt to talk about Podman v3.3."),(0,me.kt)("p",null,"Podman v3.3 rc1 early release no release notes yet. Final realease in mid to late August. Main branch is now at Podman 4.0. Podman 4.0 to be out at in Fedora 35 at the earliest."),(0,me.kt)("h2",{id:"topics-for-next-meeting"},"Topics for Next Meeting"),(0,me.kt)("h2",{id:"next-meeting-tuesday-september-7-2021-1100-am-eastern-utc-4"},"Next Meeting: Tuesday September 7, 2021, 11:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h2",{id:"next-cabal-meeting-thursday-august-19-2021-1000-am-eastern-utc-4"},"Next Cabal Meeting: Thursday August 19, 2021, 10:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h3",{id:"meeting-end-1143-am-eastern-utc-4"},"Meeting End: 11:43 a.m. Eastern (UTC-4)"),(0,me.kt)("h2",{id:"bluejeans-chat-copypaste"},"BlueJeans Chat copy/paste:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Tom Sweeney 10:58\nWelcome! Please sign in on HackMD: https://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\n\nbaude 11:10 AM\n@mheon, does that work in pods?\n\nMatt Heon 11:14 AM\nYep. Works on any container, in or out of a pod\n\nGreg Shomo (NU) 11:42 AM\ngood to see everyeon && have a good one !\n\nErik Bernoth 11:58 AM\nI'm out, see you next time!\n\nLokesh Mandvekar 12:04 PM\nI gott bounce, later...\n")))}to.isMDXComponent=!0;const no={},ao="Podman Community Cabal Notes",oo=[{value:"October 21, 2021 11:00 a.m. Eastern",id:"october-21-2021-1100-am-eastern",level:2},{value:"October 21, 2021 Topics",id:"october-21-2021-topics",level:2},{value:"Meeting Notes",id:"meeting-notes",level:3},{value:"Podman System Monitor for Mac ( 1:30 in video)",id:"podman-system-monitor-for-mac--130-in-video",level:3},{value:"Podman netavark - Brent Baude (18:15 in video)",id:"podman-netavark---brent-baude-1815-in-video",level:3},{value:"quadlet - Alex Larsson(25:41 in video)",id:"quadlet---alex-larsson2541-in-video",level:3},{value:"ARM Testing Thoughts - Urvashi/Preethi (40:31 in video)",id:"arm-testing-thoughts---urvashipreethi-4031-in-video",level:3},{value:"CI testing for Podman Docs if stored in a separate repo - Tom (42:37 in video)",id:"ci-testing-for-podman-docs-if-stored-in-a-separate-repo---tom-4237-in-video",level:3},{value:"Open discussion (49:26 in video)",id:"open-discussion-4926-in-video",level:4},{value:"Next Meeting: Thursday November 18, 2021 11:00 a.m. EDT (UTC-5)",id:"next-meeting-thursday-november-18-2021-1100-am-edt-utc-5",level:3},{value:"Possible Topics:",id:"possible-topics",level:3}],io={toc:oo},so="wrapper";function ro(e){let{components:t,...n}=e;return(0,me.kt)(so,(0,K.Z)({},io,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-cabal-notes"},"Podman Community Cabal Notes"),(0,me.kt)("p",null,"Attendees: Tom Sweeney, Matt Heon, Brent Baude, Ashley Cui, Alex Larsson, Preethi Thomas, Urvashi Mohnani, Marcin Skarbek, Eduardo Santiago, Giuseppe Scrivano, Nalin Dahyabhai, Paul Holzinger, Anders Bj\xf6rklund, Dan Mack, Dan Walsh, Holger Gantikow, Leon N, Marcin Skarbek, Mehul Arora, Max, Paul Holzinger."),(0,me.kt)("h2",{id:"october-21-2021-1100-am-eastern"},"October 21, 2021 11:00 a.m. Eastern"),(0,me.kt)("h2",{id:"october-21-2021-topics"},"October 21, 2021 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Netavark - Matt Heon and Brent Baude"),(0,me.kt)("li",{parentName:"ol"},"Podman System Monitor for MAC - Ashley Cui and Brent Baude"),(0,me.kt)("li",{parentName:"ol"},"quadlet - Alex Larsson"),(0,me.kt)("li",{parentName:"ol"},"ARM Testing Thoughts - Preethi Thomas and Urvashi Mohnani"),(0,me.kt)("li",{parentName:"ol"},"CI testing for Podman Docs if stored on a separate repo - Tom Sweeney")),(0,me.kt)("h3",{id:"meeting-notes"},"Meeting Notes"),(0,me.kt)("p",null,"Video ",(0,me.kt)("a",{parentName:"p",href:"https://drive.google.com/drive/folders/1pDCsZFj0yDobe4OxPqAzitECGL6O0KMY"},"Recording"),"\nMeeting start: 10:04 a.m. Thursday, October 21, 2021"),(0,me.kt)("h3",{id:"podman-system-monitor-for-mac--130-in-video"},"Podman System Monitor for Mac ( 1:30 in video)"),(0,me.kt)("p",null,"Ashley showed mockups of a number of possible screens for Mac GUI. She mocked up an update, and this is not decided upon yet. This will control the VM on the Mac that Podman runs in."),(0,me.kt)("p",null,"She is thinking about having a link between this and the cockpit. This is just to manage the VM, not containers. The Gui would launch Cockpit in a browser, and then you could do container commands from the cockpit web interface."),(0,me.kt)("p",null,"It will be built for Mac look/feel. Linux and Windows designs are still up in the air."),(0,me.kt)("p",null,"Brent asked if anything was missing, no bites."),(0,me.kt)("p",null,"There is not yet an ssh button, but it could be added."),(0,me.kt)("p",null,"We've been talking about socket mapping from the VM into the host. She is leaning towards having an option to do so on start. A Boolean to leak a socket, and it would leak the default socket that Podman would define. A message would be sent to output noting the socket use."),(0,me.kt)("p",null,"An issue currently with password passing is being worked on. Possibly create a link and then pass the password. Something like: ",(0,me.kt)("a",{parentName:"p",href:"https://getcockpit.com/documentation/api/cockpit"},"https://getcockpit.com/documentation/api/cockpit"),". We are also looking into volume mount PRs."),(0,me.kt)("h3",{id:"podman-netavark---brent-baude-1815-in-video"},"Podman netavark - Brent Baude (18:15 in video)"),(0,me.kt)("p",null,"Rust implementation to replace CNI networking. A bunch of work was done, but not yet in Podman's GitHub. Looking at designing from the ground up to capture what was there, add user requests, and make it faster overall. About six weeks into development. In RUST ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/netavark"},"https://github.com/containers/netavark"),"."),(0,me.kt)("p",null,"Will this handle VPN? No plans at present, a good thought, but currently focusing on basics. Working on firewall at the moment."),(0,me.kt)("p",null,"passt (plug a simple socket transport) link for information from Marcin: ",(0,me.kt)("a",{parentName:"p",href:"https://passt.top/passt/about/"},"https://passt.top/passt/about/")),(0,me.kt)("p",null,"RUST being used for this, thoughts were binary size, speed, availability of libraries."),(0,me.kt)("h3",{id:"quadlet---alex-larsson2541-in-video"},"quadlet - Alex Larsson(25:41 in video)"),(0,me.kt)("p",null,"quadlet is a pun on kubelet. It's a systemd generator for things like fstab1. This has a customer systemd unit file. The project lives at: ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/quadlet/"},"https://github.com/containers/quadlet/")),(0,me.kt)("p",null,"Demo: (26:28 in video)"),(0,me.kt)("p",null,"Easier for a system administrator to maintain and use. Uses crun and split cgroup. It always has /dev/init, standardized names, integrates with sdnotify, journald, and various security setups."),(0,me.kt)("p",null,"The code is a C project that is living here:"),(0,me.kt)("p",null,"Can/should this be part of Podman? Dan thinks it could be a subproject of Podman that comes as part and parcel. There is podman-systemd-generate, which is great for advanced users; quadlet is suitable for users with less systemd experience."),(0,me.kt)("p",null,"It's a way to specify how a system runs. Dan would like to see auto-updates happen in containers via quadlet."),(0,me.kt)("p",null,"Blog post with more information: ",(0,me.kt)("a",{parentName:"p",href:"https://blogs.gnome.org/alexl/2021/10/12/quadlet-an-easier-way-to-run-system-containers/"},"https://blogs.gnome.org/alexl/2021/10/12/quadlet-an-easier-way-to-run-system-containers/")),(0,me.kt)("p",null,"A question on what could or could not be in the init file. So if you create a foo.container, it would create a foo.service for instance."),(0,me.kt)("h3",{id:"arm-testing-thoughts---urvashipreethi-4031-in-video"},"ARM Testing Thoughts - Urvashi/Preethi (40:31 in video)"),(0,me.kt)("p",null,"We're looking into testing for upstream for ARM, and we\u2019d like to do it when a PR is opened. We're looking for suggestions. Does anyone have pointers to this? Any experience in setting up ARM support for the CI? Cirrus which were' using now, only uses GCP, but ARM is not supported there."),(0,me.kt)("h3",{id:"ci-testing-for-podman-docs-if-stored-in-a-separate-repo---tom-4237-in-video"},"CI testing for Podman Docs if stored in a separate repo - Tom (42:37 in video)"),(0,me.kt)("p",null,"We are thinking about moving the Podman man pages to a new repo. This way to lessen the barrier of entry for folks who have small man page changes or are more doc focused and not heavy GitHub users. i.e. test requirements, signing requirements, git knowledge, etc."),(0,me.kt)("p",null,"Dan's concern is if you have a new option, you'd break bot CI's on both projects unless you did the PR's simultaneously."),(0,me.kt)("p",null,"Web UI might be used for the docs. But still, have a convention."),(0,me.kt)("p",null,"Dan/Valentin against moving the man pages, as it would create more work for users."),(0,me.kt)("p",null,"Signing might not be required for docs. Brent thought there was a way to avoid the DCO from the web browser as you were already signed in. I.e., auto-sign in if you were coming in from the web."),(0,me.kt)("h4",{id:"open-discussion-4926-in-video"},"Open discussion (49:26 in video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},'Is there value in categorizing content in the blogs that have been posted? Would a Yahoo like categorization of "how-tos", networking, macs, container-in-container, etc. It would be nice to have a categorization of topics in links.')),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Would like to add a ZFS driver without having to rebuild Podman. Something that is pluggable. Docker has something like this now."))),(0,me.kt)("h3",{id:"next-meeting-thursday-november-18-2021-1100-am-edt-utc-5"},"Next Meeting: Thursday November 18, 2021 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h3",{id:"possible-topics"},"Possible Topics:"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Podman.io redesign - Mairin")),(0,me.kt)("p",null,"Raw BlueJeans:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},'Leon N\n9:53 AM\nHey Hi, Good Morning\nSorry No mic at my end\nYou\n10:00 AM\nPlease sign in at the Attendees section in hackmd, https://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nYou\n10:05 AM\nhackmd: https://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nAnders F Bj\xf6rklund\n10:11 AM\ndid you have a "ssh" button ?\nAnders F Bj\xf6rklund\n10:13 AM\notherwise the only fancy thing I added to the Qt PoC was showing the OS version of the VM\nAshley Cui\n10:14 AM\nAnders: Good idea! I think I can fit that in the currently running info\nLeon N\n10:20 AM\nIs there any API that could generate a one-time link or something?\nfor cockpit I mean\nAnders F Bj\xf6rklund\n10:20 AM\nsure thing, just at the office again\nwill find a room :-)\nLeon N\n10:21 AM\nSomething like https://getcockpit.com/documentation/api/cockpit\nAnders F Bj\xf6rklund\n10:22 AM\ndo you guys miss your shared cubicles\nnoice cancelling just go listen in\nBrent Baude\n10:22 AM\nhttps://github.com/containers/netavark\nMarcin Skarbek\n10:24 AM\nRegarding networking, I have found recently passta - https://passt.top/passt/about/\nMax \n10:24 AM\nany plans to include VPN stacks? Was recently asking about Wireguard on the mailing list\nMarcin Skarbek\n10:25 AM\nInteresting idea that looks promising\nMax \n10:26 AM\ncheers\nMarcin Skarbek\n10:26 AM\nWireguard at least at start\nWould be very appreciated\nAlexander Larsson\n10:27 AM\nAny particular reason for picking rust?\nBrent Baude\n10:27 AM\nbinary size, speed, availability of creates (libraries)\nMatt Heon\n10:27 AM\nAnd we wanted to :-)\nAnders F Bj\xf6rklund\n10:28 AM\nstand out from the container crowd ?\n(which seems to be mostly go)\nAlexander Larsson\n10:38 AM\nhttps://blogs.gnome.org/alexl/2021/10/12/quadlet-an-easier-way-to-run-system-containers/\nAnders F Bj\xf6rklund\n10:46 AM\nI earlier suggested Raspberry Pi (for ARM), bu t only works if you run it "on-prem" (on desk)\nLeon N\n10:50 AM\nI\'m not sure but is the team looking for something like this?\nhttps://developer.arm.com/solutions/infrastructure/developer-resources/ci-cd\n\nSome people do run those arm clusters too but yeah like Anders said its on-prem\nAnders F Bj\xf6rklund\n10:51 AM\nOtherwise we had lots of fun with Equnix Metal and the bare metal arm servers\nUrvashi Mohnani\n10:52 AM\nThanks, will take a look\nAlexander Larsson\n10:54 AM\nFlatpak got donated huge arm servers from cncf. Might want to ask them.\nMax \n10:54 AM\nwould be helpful\nMehul Arora\n10:54 AM\ndefinitely worth\nBrent Baude\n10:55 AM\n@tom ? -> https://github.com/scottrigby/dco-gh-ui\nAlexander Larsson\n10:56 AM\ngotta go\nMehul Arora\n10:56 AM\ndid anyone check the new theme i suggested for the docs?\noh so should i open a PR for that?\nokay yeah ill do that\nAnders F Bj\xf6rklund\n11:00 AM\nWould CSI be an option ?\nMarcin Skarbek\n11:00 AM\nok\nDan Mack\n11:00 AM\nthanks all\nieq-pxhy-jbh\n')))}ro.isMDXComponent=!0;const lo={},ho="Podman Community Cabal Meeting Notes",uo=[{value:"January 20, 2022 11:00 a.m. Eastern",id:"january-20-2022-1100-am-eastern",level:2},{value:"January 20, 2022 Topics",id:"january-20-2022-topics",level:2},{value:"Meeting Notes",id:"meeting-notes",level:3},{value:"Volume Storage on a Mac (1:15 in video) - Brent/Ashley",id:"volume-storage-on-a-mac-115-in-video---brentashley",level:3},{value:"New Network Rollout (13:01 in video) - Paul/Matt",id:"new-network-rollout-1301-in-video---paulmatt",level:3},{value:"Podman v4.0 Rollout (32:52 in video) - Matt/Brent",id:"podman-v40-rollout-3252-in-video---mattbrent",level:3},{value:"Podman TUI (https://github.com/navidys/podman-tui) (38:11 in video) - Navid",id:"podman-tui-httpsgithubcomnavidyspodman-tui-3811-in-video---navid",level:3},{value:"Open discussion (44:57 in video)",id:"open-discussion-4457-in-video",level:4},{value:"Next Meeting: Thursday February 17, 2022 11:00 a.m. EDT (UTC-5)",id:"next-meeting-thursday-february-17-2022-1100-am-edt-utc-5",level:3},{value:"Possible Topics:",id:"possible-topics",level:3}],mo={toc:uo},co="wrapper";function po(e){let{components:t,...n}=e;return(0,me.kt)(co,(0,K.Z)({},mo,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-cabal-meeting-notes"},"Podman Community Cabal Meeting Notes"),(0,me.kt)("p",null,"Attendees: Tom Sweeney, Aditya Rajan, Matt Heon, Brent Baude, Ashley Cui, Chris Evich, Christian Felder, Urvashi Mohnani, Eduardo Santiago, Giuseppe Scrivano, Nalin Dahyabhai, Paul Holzinger, Anders Bj\xf6rklund, Dan Walsh, Valentin Rothberg, Jhon Honce, Chris Evich, Miloslav Trmac, Reinhard Tarter, Eric Van Norman, Castedo Ellerman, Charlie Doern, Urvashi Mohnani, Lokesh Mandvekar, Navid Yaghoobi, Marcin Skarbek"),(0,me.kt)("h2",{id:"january-20-2022-1100-am-eastern"},"January 20, 2022 11:00 a.m. Eastern"),(0,me.kt)("h2",{id:"january-20-2022-topics"},"January 20, 2022 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Volume Storage on a Mac - Brent/Ashley"),(0,me.kt)("li",{parentName:"ol"},"New Network Rollout - Paul/Matt"),(0,me.kt)("li",{parentName:"ol"},"Podman v4.0 Rollout - Matt/Brent"),(0,me.kt)("li",{parentName:"ol"},"Podman TUI (",(0,me.kt)("a",{parentName:"li",href:"https://github.com/navidys/podman-tui"},"https://github.com/navidys/podman-tui"),") - Navid")),(0,me.kt)("h3",{id:"meeting-notes"},"Meeting Notes"),(0,me.kt)("p",null,"Video ",(0,me.kt)("a",{parentName:"p",href:"https://www.youtube.com/watch?v=bwhDnwYyiJY&t=2729s"},"Recording")),(0,me.kt)("p",null,"Meeting start 11:02 a.m. Thursday January 20, 2022"),(0,me.kt)("h3",{id:"volume-storage-on-a-mac-115-in-video---brentashley"},"Volume Storage on a Mac (1:15 in video) - Brent/Ashley"),(0,me.kt)("p",null,"Just a chat on how to handle storage for the Mac, especially since Anders is present. Docker has an advantage due ot the daemon to be able to handle the volumes. When containers closes, the daemon can umount if necessary."),(0,me.kt)("p",null,"Asking for opinions on the direction we should take here."),(0,me.kt)("p",null,"Compared to Docker machine to Podman, VM mounts are totally unrelated to container mounts in Docker machine. VM mounts stays for an entire session, not umounted when the container goes away. Problems trying to mount high level directories such as ",(0,me.kt)("inlineCode",{parentName:"p"},"/")," or ",(0,me.kt)("inlineCode",{parentName:"p"},"/tmp"),"."),(0,me.kt)("p",null,"Note: currently mounts are defined when machine is ",(0,me.kt)("em",{parentName:"p"},"created")," (not started), so needs to be deleted to change mounts"),(0,me.kt)("p",null,"In podman machine, we use the user core, so you don't get into trouble unless there's a user \"core\" on the host. We could then just set the root of the container to the homedir of the user on the VM."),(0,me.kt)("p",null,"Have to make sure the volume provided is not outside of the home dir."),(0,me.kt)("p",null,"We need to chase this down further, and the thought is to support mounting from homedir only."),(0,me.kt)("p",null,"Some previous discussions in ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/issues/8016"},"https://github.com/containers/podman/issues/8016")),(0,me.kt)("p",null,"The virtfs implementation was in ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/pull/11454"},"https://github.com/containers/podman/pull/11454")),(0,me.kt)("h3",{id:"new-network-rollout-1301-in-video---paulmatt"},"New Network Rollout (13:01 in video) - Paul/Matt"),(0,me.kt)("p",null,"Lots of chatter on IRC about netavark and aardvark. It\u2019s the new network stack that's being put together for Podman v4.0. It will replace the CNI plugins."),(0,me.kt)("p",null,"This will allow more complex networks, as has been requested in the past. This new stack will do what CNI currently does, plus the requested functionality. It's called netavark and is written in rust. It works like the current network stack as far as the user sees. It's working well for CNI but is missing DHCP on mac VLAN. IPv6 is better than the prior offering and is faster. Believe we can optimize further. DNS resolution is handled by aardvark and replaces DNS mask and DNS name."),(0,me.kt)("p",null,"Many of the use cases that could not be done in Podman in the past but in Docker will be enabled. If you're running Podman v3.","*"," and you upgrade to Podman v4.0, your network will be CNI by default. If you're running a Podman v4.0 and no storage is around, then it will default to netavark. An entry in containers.conf will be settable to allow choosing between CNI and netavark."),(0,me.kt)("p",null,"DNS resolution has not been used by default in CNI but will be turned on for netavark."),(0,me.kt)("p",null,"Reinhard asked from a packager\u2019s perspective, what considerations do they need to take into account? We tried to set the network stack up such that nothing should be required for packaging. You will have to package netavark and aardvark, but you shouldn't need any configuration manipulation."),(0,me.kt)("p",null,"There are database changes such that if you create a container in Podman v4.0, it won't be usable in Podman v3.0 space. The database is internal to Podman."),(0,me.kt)("p",null,"Also there's a subid tag in the Makefile that should be turned on for Podman v3.0. It brings in libsubuid via shadow-utils."),(0,me.kt)("p",null,"Also, it is suggested to use ",(0,me.kt)("inlineCode",{parentName:"p"},"podman --remote")," instead of ",(0,me.kt)("inlineCode",{parentName:"p"},"podman-remote"),"."),(0,me.kt)("p",null,"For those interested in the network, please test! Reach out and talk to the Podman maintainers. Please used Podman v4.0 RC2 and later."),(0,me.kt)("h3",{id:"podman-v40-rollout-3252-in-video---mattbrent"},"Podman v4.0 Rollout (32:52 in video) - Matt/Brent"),(0,me.kt)("p",null,"Database changes and network changes. A number of API changes that will break things."),(0,me.kt)("p",null,"THe API has been migrated. The more interesting things is doing things on a Mac. Podman v3.0 will not work with Podman v4.0 and vice versa. Podman v4.0 is sloted for Fedora 36, due in May (Dan thinks). We don't have forward/backward compatibility."),(0,me.kt)("p",null,"RHCOS will have Fedora 35, but with Podman v4.0 not included. We are working with the RHCOS team to smooth this out."),(0,me.kt)("p",null,"There have been 459 commits into Podman v4.0, about twice as many as Podman v3.4. Lots of changes, we'd love to get people trying it earlier before final release."),(0,me.kt)("h3",{id:"podman-tui-httpsgithubcomnavidyspodman-tui-3811-in-video---navid"},"Podman TUI (",(0,me.kt)("a",{parentName:"h3",href:"https://github.com/navidys/podman-tui"},"https://github.com/navidys/podman-tui"),") (38:11 in video) - Navid"),(0,me.kt)("p",null,(0,me.kt)("a",{parentName:"p",href:"https://github.com/navidys/podman-tui"},"https://github.com/navidys/podman-tui")),(0,me.kt)("p",null,"Terminal User Interface for Podman."),(0,me.kt)("p",null,"Demo - (38:40 in video)\nNavid gave a demo showing pods, containers, images. Many of the commands are available to use. Can't exec into a container yet. Uses the Go bindings from Podman. Shows events, disk usage."),(0,me.kt)("p",null,"It's 100% Go."),(0,me.kt)("h4",{id:"open-discussion-4457-in-video"},"Open discussion (44:57 in video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Castedo writing a guide on ",(0,me.kt)("a",{parentName:"li",href:"https://cnest.readthedocs.org"},"cnest.readthedocs.org"),". He's put together scripts and explanation on how to use Podman. Aimed at new to Podman/containers folks. Part of his work was to look at Toolbox, but looked for a simpler solution by using just Buildah and Podman with a little glue. He's packaged this up. Wonders if for his intial work, if it makes sense to have a Toolbox type tool or guides that are aimed at first-time users.")),(0,me.kt)("p",null,"He wanted to share only a bit of his directory in his containers and worked through things like that."),(0,me.kt)("p",null,"The rootless offering was very useful in his case, and he did virtual python environments in a rootless container."),(0,me.kt)("ol",{start:2},(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Anders asked if podman compose is compatible. It's a separate project from Podman run by others, but the Podman maintainers monitor it. Podman compose doesn't use the API but execs Podman under the covers. The podman compose project has revived over the past six months in popularity after looking like it was dead over the summer.")),(0,me.kt)("li",{parentName:"ol"},(0,me.kt)("p",{parentName:"li"},"Will Podman v3.0 be removed from distros once Podman v4.0 comes out? That's a distro decision. In Debian Podman, v3 and v4 will not be coinstallable. They could choose to install older versions on their own, but the stable versions of Debian will have their specific version. Branches on Podman with a ",(0,me.kt)("inlineCode",{parentName:"p"},"-rhel")," ending tag are backports for older versions. Usable for long-term support of older versions. RHEL even releases such as RHEL 8.6 are supported for two years."))),(0,me.kt)("h3",{id:"next-meeting-thursday-february-17-2022-1100-am-edt-utc-5"},"Next Meeting: Thursday February 17, 2022 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h3",{id:"possible-topics"},"Possible Topics:"),(0,me.kt)("p",null,"None suggested."),(0,me.kt)("p",null,"Meeting finished 12:02"),(0,me.kt)("p",null,"Raw Meeting Chat:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},'You10:59 AM\nhttps://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nReinhard Tartler11:00 AM\nthanks for adding me!\nYou11:01 AM\nhttps://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nYou11:03 AM\nhttps://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nReinhard Tartler11:04 AM\nthanks for thinking of me, nothing from me, I\'m most intereted in the podman 4.0 rollout from a packager\'s perspective\nLokesh Mandvekar11:09 AM\nHello Reinhard, fwiw, I plan to not build 4.0 on the Kubic repos, just in case 4.0 takes a while to land on debian and ubuntu\nChristopher Evich11:10 AM\nremember aardvark and netavark too\nLokesh Mandvekar11:10 AM\nalso, would be nice to look at debian packaging for: https://github.com/containers/netavark and https://github.com/containers/aardvark-dns\nyup\nValentin Rothberg11:10 AM\nWho\'s rejecting the user from entering?\nChristopher Evich11:11 AM\nthose of us trying to chat :(\nLokesh Mandvekar11:11 AM\nreally?\nchatting interferes with letting the user in?\nChristopher Evich11:11 AM\n picks default "deny" choice :(\nLokesh Mandvekar11:11 AM\nthat\'s weird\nValentin Rothberg11:11 AM\nPlease be careful to click on "admit" :)\nYou11:11 AM\nI think keyboard focus timimg\nLokesh Mandvekar11:11 AM\nohh\nChristopher Evich11:11 AM\nbad GUI design\nYou11:12 AM\nMarcin, sorry about the rejects, we\'d some gmeet gui issues.\nChristian F11:14 AM\ncan\'t you mount on the VM in below a well-defined path. /home e.g. ends up with /podman-mounts/home ?\nAnders F Bj\xf6rklund11:20 AM\nit is possible to mount host /home under /mnt/home or something, think docker-machine used like /hosthome.\nbut normally host uses /Users and machine uses /home, so then there is no conflict\nChristian F11:22 AM\nconsidering DHCP on Macvlan: it would be nice if the systemd unit file for the CNI DHCP daemon would be shipped with podman (may disabled by default, but a systemctl enable --now should be enough)\nBrent Baude11:30 AM\n@Christian, this IS something we are considering. And also of note, the CNI packages will not change.\nReinhard Tartler11:31 AM\nit was requested here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000521 -- happy to close it :-)\nValentin Rothberg11:31 AM\n`podman --remote`\nJhon Honce11:32 AM\npodman-remote is a smaller binary if that is a concern\nAnders F Bj\xf6rklund11:33 AM\nthe documentation in minikube and lima currently use "podman-remote", but then again it also uses podman2 so is lost anyway\nI guess podman4 will delete the podman3 packages, so same story again\nAnders F Bj\xf6rklund11:39 AM\nmaybe it would be easier to always run podman --remote, also on mac. oh well.\nBrent Baude11:42 AM\ncolor me impressed!\n@anders, it wont build\nAnders F Bj\xf6rklund11:43 AM\nI guess that would actually be "podman-remote --remote" that is run on the Mac\nAditya Rajan11:44 AM\n@Navid So cool !!! Could you share repo link plz\nEd Santiago11:44 AM\nVery impressive indeed\nChristian F11:45 AM\n:+1:\nBrent Baude11:47 AM\ncould adi,paul, and matt stick behind\nE. Castedo Ellerman11:53 AM\ncnest.readthedocs.org\nNavid Yaghoobi11:53 AM\nhttps://github.com/navidys/podman-tui\nValentin Rothberg11:59 AM\n-rhel suffixed branches\nChristian F12:00 PM\nwill there be different module streams in RHEL for podman 3 vs 4?\nMatt Heon12:03 PM\nYes\nWell\nieq-pxhy-jbh\n')))}po.isMDXComponent=!0;const go={},ko="Podman Community Cabal Meeting Notes",yo=[{value:"April 21, 2022 11:00 a.m. Eastern",id:"april-21-2022-1100-am-eastern",level:2},{value:"April 21, 2022 Topics",id:"april-21-2022-topics",level:2},{value:"Meeting Notes",id:"meeting-notes",level:3},{value:"Podman Contribution Methods Discussion - (1:00 in video) - Brent Baude",id:"podman-contribution-methods-discussion---100-in-video---brent-baude",level:3},{value:"Open discussion (53:37 in video)",id:"open-discussion-5337-in-video",level:4},{value:"Next Meeting: Thursday May 16, 2022 11:00 a.m. EDT (UTC-5)",id:"next-meeting-thursday-may-16-2022-1100-am-edt-utc-5",level:3},{value:"Next Community Meeting: Tuesday June 7, 2022 11:00 a.m. EDT (UTC-5)",id:"next-community-meeting-tuesday-june-7-2022-1100-am-edt-utc-5",level:3},{value:"Possible Topics:",id:"possible-topics",level:3}],wo={toc:yo},fo="wrapper";function bo(e){let{components:t,...n}=e;return(0,me.kt)(fo,(0,K.Z)({},wo,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-cabal-meeting-notes"},"Podman Community Cabal Meeting Notes"),(0,me.kt)("p",null,"Attendees: Tom Sweeney, Aditya Rajan, Matt Heon, Brent Baude, Ashley Cui, Chris Evich, Giuseppe Scrivano, Nalin Dahyabhai, Paul Holzinger, Anders Bj\xf6rklund, Dan Walsh, Valentin Rothberg, Jhon Honce, Miloslav Trma\u010d, Charlie Doern, Lokesh Mandvekar, Eduardo Santiago, Mohan Boddu, Chris Evich, Flavian Missi, Niall Crowe, Preethi Thomas, Anders Bjorklund, Lance Lovette, Scott McCarty"),(0,me.kt)("h2",{id:"april-21-2022-1100-am-eastern"},"April 21, 2022 11:00 a.m. Eastern"),(0,me.kt)("h2",{id:"april-21-2022-topics"},"April 21, 2022 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Podman Contribution Methods Discussion - Brent Baude - (1:00 in video)")),(0,me.kt)("h3",{id:"meeting-notes"},"Meeting Notes"),(0,me.kt)("p",null,"Video ",(0,me.kt)("a",{parentName:"p",href:"https://youtu.be/DP3FAGWn48s"},"Recording")),(0,me.kt)("p",null,"Meeting start 11:02 a.m. Thursday April 21, 2022"),(0,me.kt)("h3",{id:"podman-contribution-methods-discussion---100-in-video---brent-baude"},"Podman Contribution Methods Discussion - (1:00 in video) - Brent Baude"),(0,me.kt)("p",null,"Brent talked about the number of hours that the maintainers have been grinding out lately. He's concerned that the maintainers aren't keeping up with the Pull Requests that are coming in from internal to Red Hat and, more so, externally."),(0,me.kt)("p",null,"For instance, we have not been timely in reviewing Anders code as of late. Brent is asking for input from people for any potential solutions."),(0,me.kt)("p",null,"Matt doesn't want to completely remove the Code Review process; he wants to ensure maintenance will be as painless as possible. He thinks a core set of maintainers should review code before merging. He thinks that perhaps we could use lint to help. He recognizes there's a problem but wants to limit how easy it is to get stuff in."),(0,me.kt)("p",null,"We seem to have a cycle where maintainers lose sight of the need to stay on top of it until nudged. The problem has become due to the expansion of the size and complexity of the project, making it harder to know everything easily."),(0,me.kt)("p",null,"Valentin thinks there are two goals. Make merges easier and also to expand the number of maintainers. In other projects, they leave more work to the contributors by using bots to bounce PRs if they don't have a pass a lint process per instance."),(0,me.kt)("p",null,"Valentin thinks that we're doing pretty good in comparison to other-sized projects. Time is becoming an issue in some of our projects, such as ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/image"},"containers/image")," where PRs are lagging due to a lack of maintainers/review."),(0,me.kt)("p",null,"Miloslav has seen other projects assign particular reviewers to a review and doesn't know if that's something Podman could do. Dan thinks we couldn't do that via a bot, but perhaps we could use a process as the Linux kernel does."),(0,me.kt)("p",null,"Chris pointed out that an advantage of the kernel is it's modular, and Podman is becoming monolithic. Perhaps we can break it out into pieces. That would also be useful in developing unit tests."),(0,me.kt)("p",null,"Matt has asked others to help with the Triage of issues, and since then, he has found that Valentin and Paul have kept that down quickly."),(0,me.kt)("p",null,"Valentin wonders if we're not getting to issues promptly or, for that matter, PRs."),(0,me.kt)("p",null,"Matt thinks we're falling off the radar for issues. If an issue will take a long time to fix, it gets shuffled off. Ditto PRs that are 500 lines or more. People have a hard time getting to it, then it slips off the queue."),(0,me.kt)("p",null,"Mohan wonders if we can ask contributors to add tags to help with initial triaging."),(0,me.kt)("p",null,"We have two classes of issues with PR. Some are done by developers, and others are a fix for a quick typo and then get hung up on CI. They tend not to undertake it."),(0,me.kt)("p",null,"Anders said in another ",(0,me.kt)("a",{parentName:"p",href:"https://minikube.sigs.k8s.io/community/"},"project")," they have weekly triage meetings where they use a ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/google/triage-party"},"tool")," to classify issues. But there too, after being classified, it doesn't seem to help get it solved faster."),(0,me.kt)("p",null,"Study - 26\nBrent showed an ",(0,me.kt)("a",{parentName:"p",href:"https://linearb.io/blog/the-pull-request-paradox-merge-faster-by-promoting-your-pr/"},"article")," on Pull requests. It showed that 50% of PRs were idle for 50% of their lifetime, and 33% were idle for 78% of their lifetime. The issue gets compounded when a rebase is necessary."),(0,me.kt)("p",null,"Valentin points out that code review is as much of an art as writing code. Perhaps we can get faster reviewing things."),(0,me.kt)("p",null,"Flavian has asked what the problems are that we face when getting through the backlog."),(0,me.kt)("p",null,"Brent thinks the team could work on more feature work. Also, to spend more time on PRs for issues, but we're falling behind. When we have a new feature such as podman machine, a few people attend to that, and they stay away from other PRs."),(0,me.kt)("p",null,"A number of PRs which are perfectly good to go, but they don't get reviewed due to time, and the contributors are less than happy with that."),(0,me.kt)("p",null,"Brent also thinks we often create PRs that grow larger and larger rather than be done in building blocks."),(0,me.kt)("p",null,"Dan thinks we've two problems. Handling issues. We address that by having a bug week when we get above 200 in number on GitHub. Even with the whole team on board, we're lucky to get it down into the 180 mark. A bit of a treadmill."),(0,me.kt)("p",null,"The other side is when someone opens a PR, then people looking at issues often don't break off to look at the PRs that have come in."),(0,me.kt)("p",null,"Chris noted that 45 minutes is the sweet spot for the CI completion to wrap up in. A recent review by a group of college students noted the heaviness of the CI process for contributors as being a bad mark. FOr instance, if you have a misplaced semi-colon, it can take hours to get notified. Unit tests run faster than integration tests, and system tests are faster than them. It would be good if the CI could focus on unit tests and then continue to integration tests only if the unit tests are happy. Ditto system tests."),(0,me.kt)("p",null,"Jhon pointed out that once we spin-off to a cloud system for CI, you're really not doing a unit test per se. He also briefly talked about mock tests, and Miloslav noted that they're not always the ",(0,me.kt)("a",{parentName:"p",href:"https://www.destroyallsoftware.com/screencasts/catalog/functional-core-imperative-shell"},"answer"),"."),(0,me.kt)("p",null,"Chris thinks the CI we have will take a lot of effort to make faster without a lot of retooling other stuff."),(0,me.kt)("p",null,"Anders asked if we run on VMs or containers, and we run on VMs, not really eating our own dog food. He thinks it would be more interesting to run at least some unit tests in containers."),(0,me.kt)("p",null,"Valentin noted that code coverage only handles unit tests. He thinks it would be great to have CI revamped, but we'll need more meetings to do so."),(0,me.kt)("p",null,'Urvashi thinks we need to come to a consensus on "How to code review.".'),(0,me.kt)("p",null,"Brent doesn't like to have code design debates within the PR and would like to see more peer-to-peer reviews and/or mentoring reviews."),(0,me.kt)("p",null,"Brent asked that everyone read the article he put together and would like people to come back and think about potential changes. Essentially, he just wants to have everyone on board in thinking there's a problem."),(0,me.kt)("p",null,"Articles:\n",(0,me.kt)("a",{parentName:"p",href:"https://linearb.io/blog/the-pull-request-paradox-merge-faster-by-promoting-your-pr/"},"https://linearb.io/blog/the-pull-request-paradox-merge-faster-by-promoting-your-pr/"),"\n",(0,me.kt)("a",{parentName:"p",href:"https://www.destroyallsoftware.com/screencasts/catalog/functional-core-imperative-shell"},"https://www.destroyallsoftware.com/screencasts/catalog/functional-core-imperative-shell"),"\n",(0,me.kt)("a",{parentName:"p",href:"https://www.pullrequest.com/blog/why-your-team-isnt-reviewing-pull-requests/"},"https://www.pullrequest.com/blog/why-your-team-isnt-reviewing-pull-requests/"),"\n",(0,me.kt)("a",{parentName:"p",href:"https://www.morling.dev/blog/the-code-review-pyramid/"},"https://www.morling.dev/blog/the-code-review-pyramid/")),(0,me.kt)("h4",{id:"open-discussion-5337-in-video"},"Open discussion (53:37 in video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Brent has created a 4.0.3 FCOS image in hand that he'd like people to try on the mac."),(0,me.kt)("li",{parentName:"ol"},"Podman 4.1 RC should be released later today.")),(0,me.kt)("h3",{id:"next-meeting-thursday-may-16-2022-1100-am-edt-utc-5"},"Next Meeting: Thursday May 16, 2022 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h3",{id:"next-community-meeting-tuesday-june-7-2022-1100-am-edt-utc-5"},"Next Community Meeting: Tuesday June 7, 2022 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h3",{id:"possible-topics"},"Possible Topics:"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"None")),(0,me.kt)("p",null,"Meeting finished 11:58 a.m."),(0,me.kt)("p",null,"Raw Meeting Chat:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"You11:00 AM\nhttps://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nYou11:01 AM\nhttps://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nYou11:05 AM\nUrvashi, can you send me a link to the doc in email plz?\nPreethi Thomas11:05 AM\nTom its both in the email and in gchat\nUrvashi Mohnani11:06 AM\nyup, sent it to aos-internal and its in our gchat room as well\nYou11:27 AM\nTY! UM\nFlavian Missi11:27 AM\nmaybe https://github.com/google/triage-party ?\nUrvashi Mohnani11:28 AM\nhttps://linearb.io/blog/the-pull-request-paradox-merge-faster-by-promoting-your-pr/\nlink to the article ^^\nAnders F Bj\xf6rklund11:29 AM\nRight, that is the tool\nhttps://minikube.sigs.k8s.io/community/\nYou11:32 AM\nAnders and Flavian, thx for the links, I've added them to the notes.\nMiloslav Trmac11:42 AM\n/me is on the anti-mocking side:\nhttps://www.destroyallsoftware.com/screencasts/catalog/functional-core-imperative-shell\n(CRI-O has mocks of c/storage and Podman and IMHO it\u2019s a _nightmare_, e.g. in some cases not testing the right code at all.)\nMiloslav Trmac11:46 AM\nAre there some easy wins like making the current \u201cmust include tests\u201d bot nudge users towards unit tests and discourage adding another shell script to system tests?\nPreethi Thomas11:47 AM\nhttps://www.pullrequest.com/blog/why-your-team-isnt-reviewing-pull-requests/\nBrent Baude11:48 AM\none thing our development tooling/environment needs is the ability to run the e2e tests locally but isolated ... hint: make locale2e-vagrant ...\nMatt Heon11:48 AM\nI think the no-new-tests-needed check might actually fail a PR if it only had unit tests\nIt checks the tests/ folder AFAIK\nUnit tests don't live in there\nPaul Holzinger11:48 AM\n@Matt no it also checks for _test.go\nValentin Rothberg11:50 AM\nHere's a link to the reviewing pyramid -> https://www.morling.dev/blog/the-code-review-pyramid/\nieq-pxhy-jbh\n")))}bo.isMDXComponent=!0;const vo={},Mo="Podman Community Cabal Meeting Notes",Ao=[{value:"September 15, 2022 11:00 a.m. Eastern",id:"september-15-2022-1100-am-eastern",level:2},{value:"September 15, 2022 Topics",id:"september-15-2022-topics",level:2},{value:"Meeting Notes",id:"meeting-notes",level:3},{value:"Quadlet/Kubernetes yaml support - (0:50 in video) - Valentin Rothberg",id:"quadletkubernetes-yaml-support---050-in-video---valentin-rothberg",level:3},{value:"ZSTD Support - (18:29 in video) Dan Walsh",id:"zstd-support---1829-in-video-dan-walsh",level:3},{value:"Confidential Computing - (27:05 in video) Dan Walsh",id:"confidential-computing---2705-in-video-dan-walsh",level:3},{value:"Landlock Support - (31:13 in video) Dan Walsh",id:"landlock-support---3113-in-video-dan-walsh",level:3},{value:"Podman desktop packaging - (35:52 in video) Lokesh Mandvekar",id:"podman-desktop-packaging---3552-in-video-lokesh-mandvekar",level:3},{value:"Podman kube apply - (49:42 in video) Urvashi Mohnani",id:"podman-kube-apply---4942-in-video-urvashi-mohnani",level:3},{value:"Open discussion (58:21 in video)",id:"open-discussion-5821-in-video",level:4},{value:"Next Meeting: Thursday October 20, 2022 11:00 a.m. EDT (UTC-4)",id:"next-meeting-thursday-october-20-2022-1100-am-edt-utc-4",level:3},{value:"October 20, 2022 Topics",id:"october-20-2022-topics",level:2},{value:"Next Community Meeting: Tuesday October 4, 2022 11:00 a.m. EDT (UTC-4)",id:"next-community-meeting-tuesday-october-4-2022-1100-am-edt-utc-4",level:3},{value:"Possible Topics:",id:"possible-topics",level:3}],Io={toc:Ao},To="wrapper";function So(e){let{components:t,...n}=e;return(0,me.kt)(To,(0,K.Z)({},Io,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-cabal-meeting-notes"},"Podman Community Cabal Meeting Notes"),(0,me.kt)("p",null,"Attendees: Matt Heon, Nalin Dahyabhai, Paul Holzinger, Charlie Doern, Lokesh Mandvekar, Niall Crowe, Dan Walsh, Valentin Rothberg, Miloslav Trmac, Mohan Bodu, Eduardo Santiago, Giuseppe Scrivano, Chris Evich, Aditya Rajan, Urvashi Mohnani, Preethi Thomas, Ashley Cui, Joseph Gooch, Reinhard Tartler, Sally O'Malley, Stevan Le Meur, Anders Bj\xf6rklund"),(0,me.kt)("h2",{id:"september-15-2022-1100-am-eastern"},"September 15, 2022 11:00 a.m. Eastern"),(0,me.kt)("h2",{id:"september-15-2022-topics"},"September 15, 2022 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Quadlet/Kubernetes.YAML support - Valentin Rothberg"),(0,me.kt)("li",{parentName:"ol"},"ZSTD support update - Dan Walsh"),(0,me.kt)("li",{parentName:"ol"},"Confidential Computing with Podman/crun/libkrun - Dan Walsh"),(0,me.kt)("li",{parentName:"ol"},"Landlock support - Dan Walsh"),(0,me.kt)("li",{parentName:"ol"},"Packaging for podman-desktop - Lokesh Mandvekar"),(0,me.kt)("li",{parentName:"ol"},"Overview of kube apply - Urvashi Mohnani")),(0,me.kt)("h3",{id:"meeting-notes"},"Meeting Notes"),(0,me.kt)("p",null,"Video ",(0,me.kt)("a",{parentName:"p",href:"https://youtu.be/mAUUGASnmIk"},"Recording")),(0,me.kt)("p",null,"Meeting start 11:02 a.m. Thursday October 4, 2022"),(0,me.kt)("h3",{id:"quadletkubernetes-yaml-support---050-in-video---valentin-rothberg"},"Quadlet/Kubernetes yaml support - (0:50 in video) - Valentin Rothberg"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Boils down to podman systemd integration"),(0,me.kt)("li",{parentName:"ul"},"Recently married systemd and kubenetes integration we have",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"escaping via systemd-escape and a yaml file"),(0,me.kt)("li",{parentName:"ul"},"can give simple k8s yaml files to systemd"))),(0,me.kt)("li",{parentName:"ul"},"quadlet is good for edge use cases, automotive",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"reallign quadlet with podman"),(0,me.kt)("li",{parentName:"ul"},"future would be to move to a podman generate quadlet workflow instead of generate systemd")))),(0,me.kt)("h3",{id:"zstd-support---1829-in-video-dan-walsh"},"ZSTD Support - (18:29 in video) Dan Walsh"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"We have support for this, can be specified in oci what compresion standard to use"),(0,me.kt)("li",{parentName:"ul"},"everyone uses gzip, but zstd gives better compression"),(0,me.kt)("li",{parentName:"ul"},"when only one file in an image has changed, when you go to pull the update it pulls down the whole image even thoug only one thing has changed"),(0,me.kt)("li",{parentName:"ul"},"we have added support to podman to determine what has changed and only pull down those changes and not the whole image"),(0,me.kt)("li",{parentName:"ul"},"have opened PRs to containerd and docker to support zstd format, they have bene merged but there is no official release"),(0,me.kt)("li",{parentName:"ul"},"older versions of docker will be unhappy with the newer version of compression if we start pushing this everywhere"),(0,me.kt)("li",{parentName:"ul"},"stuck in a state trying to figure out how we support older version of docker"),(0,me.kt)("li",{parentName:"ul"},"suggestion is to push both versions, gzip and zstd, to the registry and they can be stored under the same name and manifest. But add an annotation/label to the image to identify which compression is used in the image",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"penalty will be pushing two images instead of just one to support both formats"),(0,me.kt)("li",{parentName:"ul"},"if you know your environment will work with zstd no need to push both versions"),(0,me.kt)("li",{parentName:"ul"},"for older container engines, recommendation would be to push with both formats"))),(0,me.kt)("li",{parentName:"ul"},"proposal that is being worked on and we are making sure it works correctly"),(0,me.kt)("li",{parentName:"ul"},"What is the endgame",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"when enough people are no longer on the older container engines we can push for zstd only (may take about 2 years to switch the standard to ZSTD)")))),(0,me.kt)("h3",{id:"confidential-computing---2705-in-video-dan-walsh"},"Confidential Computing - (27:05 in video) Dan Walsh"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Needs to compress and encrypt the application"),(0,me.kt)("li",{parentName:"ul"},"Encrypt the image and push it, but the image should have the same name"),(0,me.kt)("li",{parentName:"ul"},"When you want to run the image in confidential mode, need to make sure you pull down the confidential image",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"the image manifest will differentiate which one is confidential and which is not"))),(0,me.kt)("li",{parentName:"ul"},"Still debating what exactly this should be but will have an article out on this soon")),(0,me.kt)("h3",{id:"landlock-support---3113-in-video-dan-walsh"},"Landlock Support - (31:13 in video) Dan Walsh"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"New security mechanism in the linux kernel"),(0,me.kt)("li",{parentName:"ul"},"it allows you to specifiy certain paths to an application in such a way that only those paths are allowed to use the app"),(0,me.kt)("li",{parentName:"ul"},"for example allows podman to say I am only going to write to /var/lib/containers and if it tries to write to any other location it will be blocked"),(0,me.kt)("li",{parentName:"ul"},"want to use this to protect podman from itself"),(0,me.kt)("li",{parentName:"ul"},"currently looking into it and researching what needs to be done"),(0,me.kt)("li",{parentName:"ul"},"There is a PR open for getting this into the runtime spec",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("a",{parentName:"li",href:"https://github.com/opencontainers/runtime-spec/pull/1111"},"https://github.com/opencontainers/runtime-spec/pull/1111")))),(0,me.kt)("li",{parentName:"ul"},"Will landlock work well with volumes? How difficult will it be to use landlock for container control?")),(0,me.kt)("h3",{id:"podman-desktop-packaging---3552-in-video-lokesh-mandvekar"},"Podman desktop packaging - (35:52 in video) Lokesh Mandvekar"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"Background reading: ",(0,me.kt)("a",{parentName:"li",href:"https://github.com/containers/podman-desktop/issues/112"},"https://github.com/containers/podman-desktop/issues/112")),(0,me.kt)("li",{parentName:"ul"},"Someone has done the packaging and it is avaiable on OBS"),(0,me.kt)("li",{parentName:"ul"},"Ask is to support it on official fedora"),(0,me.kt)("li",{parentName:"ul"},"Require to package electron (RH may not want to support this)"),(0,me.kt)("li",{parentName:"ul"},'Goal is to be able to do "dnf install podman-desktop"'),(0,me.kt)("li",{parentName:"ul"},"electron is embedded in podman-desktop and we are providing the package for brew on mac")),(0,me.kt)("h3",{id:"podman-kube-apply---4942-in-video-urvashi-mohnani"},"Podman kube apply - (49:42 in video) Urvashi Mohnani"),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},"kube apply lets you deploy the generated kube yaml to a k8s cluster directly"),(0,me.kt)("li",{parentName:"ul"},"need to pass the kubeconfig file so that correct key and certifactes can be gathered for authentication"),(0,me.kt)("li",{parentName:"ul"},"use the k8s API endpoint to make the request to create the k8s resource"),(0,me.kt)("li",{parentName:"ul"},"supported types are pods, volumes, and services",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"this can be extended as we add more support to podman generate kube"))),(0,me.kt)("li",{parentName:"ul"},"Possible features, pass in a container or podname instead of a kube yaml to deploy to the k8s cluster"),(0,me.kt)("li",{parentName:"ul"},"get the kube yaml for something already running in a k8s cluster")),(0,me.kt)("h4",{id:"open-discussion-5821-in-video"},"Open discussion (58:21 in video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"None")),(0,me.kt)("h3",{id:"next-meeting-thursday-october-20-2022-1100-am-edt-utc-4"},"Next Meeting: Thursday October 20, 2022 11:00 a.m. EDT (UTC-4)"),(0,me.kt)("h2",{id:"october-20-2022-topics"},"October 20, 2022 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"None")),(0,me.kt)("h3",{id:"next-community-meeting-tuesday-october-4-2022-1100-am-edt-utc-4"},"Next Community Meeting: Tuesday October 4, 2022 11:00 a.m. EDT (UTC-4)"),(0,me.kt)("h3",{id:"possible-topics"},"Possible Topics:"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"None")),(0,me.kt)("p",null,"Meeting finished 12:00 p.m."),(0,me.kt)("p",null,"Raw Meeting Chat:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},'00:00:39.516,00:00:42.516\nUrvashi Mohnani: https://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\n\n00:01:17.367,00:01:20.367\nUrvashi Mohnani: https://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\n\n00:02:59.904,00:03:02.904\nUrvashi Mohnani: https://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\n\n00:04:28.274,00:04:31.274\nEd Santiago Munoz: Very choppy here too\n\n00:08:17.367,00:08:20.367\nValentin Rothberg: https://www.redhat.com/sysadmin/kubernetes-workloads-podman-systemd\n\n00:08:27.068,00:08:30.068\nUrvashi Mohnani: https://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\n\n00:12:28.550,00:12:31.550\nJoseph Gooch: static const char *supported_container_keys[] = {\n "ContainerName",\n "Image",\n "Environment",\n "Exec",\n "NoNewPrivileges",\n "DropCapability",\n "AddCapability",\n "RemapUsers",\n "RemapUidStart",\n "RemapGidStart",\n "RemapUidRanges",\n "RemapGidRanges",\n "Notify",\n "SocketActivated",\n "ExposeHostPort",\n "PublishPort",\n "KeepId",\n "User",\n "Group",\n "HostUser",\n "HostGroup",\n "Volume",\n "PodmanArgs",\n "Label",\n "Annotation",\n "RunInit",\n "VolatileTmp",\n "Timezone",\n NULL\n}\n\n00:12:40.612,00:12:43.612\nJoseph Gooch: Currently in quadlet ^^^\n\n00:14:00.468,00:14:03.468\nJoseph Gooch: https://github.com/containers/quadlet From the readme, the file formats and container setup docs are very readable (and exciting)\n\n00:16:00.536,00:16:03.536\nValentin Rothberg: Here\'s a doc: https://github.com/containers/podman/blob/main/docs/kubernetes_support.md\n\n00:16:52.968,00:16:55.968\nReinhard Tartler: I completely missed that documentation. I\'ll check whether it\'s included in the Debian package!\n\n00:18:20.409,00:18:23.409\nSally O\'Malley: Thanks, Valentin!\n\n00:18:33.328,00:18:36.328\nJoseph Gooch: Another comment on Quadlet - moving it towards golang, and introducing GoLang text templates would be pretty killer\n\n00:19:24.193,00:19:27.193\nValentin Rothberg: Thanks for the questions and feedback! Please reach out if you have any questions.\n\nFor updates, I suggest following this GitHub issue: https://github.com/containers/podman/issues/15686\n\n00:26:17.470,00:26:20.470\nSally O\'Malley: Is there a podman issue for the zstd support?\n\n00:27:16.513,00:27:19.513\nValentin Rothberg: @Sally: Podman already supports ZSTD but there is no issue (yet) for the idea of shipping an image in GZIP and ZSTD in a manifest list (or "image index" in OCI terminology)\n\n00:27:27.585,00:27:30.585\nSally O\'Malley: thanks, got it\n\n00:28:46.082,00:28:49.082\nAditya Rajan: OCI to Confidential Image https://github.com/virtee/oci2cw\n\n00:28:51.876,00:28:54.876\nFlorent Benoit: Is there support planned for SOCI as well https://github.com/awslabs/soci-snapshotter in Podman ?\n\n00:29:10.790,00:29:13.790\nUrvashi Mohnani: https://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\n\n00:33:33.010,00:33:36.010\nAditya Rajan: https://github.com/opencontainers/runtime-spec/pull/1111\n\n00:36:07.090,00:36:10.090\nLokesh Mandvekar: https://github.com/containers/podman-desktop/issues/112\n\n00:38:08.871,00:38:11.871\nChristopher Evich: For RHEL, people could use an EPEL package maybe?\n\n00:44:23.989,00:44:26.989\nFlorent Benoit: we\'re also on flathub https://flathub.org/apps/details/io.podman_desktop.PodmanDesktop\n\n00:53:20.887,00:53:23.887\nUrvashi Mohnani: https://asciinema.org/a/WCZc8x3NFkaH2v4OvlOny08Hn\n\n00:55:57.118,00:56:00.118\nAditya Rajan: Yes\n\n00:56:03.182,00:56:06.182\nAditya Rajan: kubectl edit deployment name\n\n00:57:30.545,00:57:33.545\nAditya Rajan: kubectl get -o yaml\n')))}So.isMDXComponent=!0;const No={},Co="Podman Community Meeting notes",Po=[{value:"February 7, 2023, 11:00 a.m. Eastern (UTC-5)",id:"february-7-2023-1100-am-eastern-utc-5",level:2},{value:"Attendees (17 total)",id:"attendees-17-total",level:3},{value:"Meeting Start: 11:02 a.m. EST",id:"meeting-start-1102-am-est",level:2},{value:"BlueJeans Recording",id:"bluejeans-recording",level:3},{value:"Pasta in Podman Demo",id:"pasta-in-podman-demo",level:2},{value:"Stefano Brivio",id:"stefano-brivio",level:3},{value:"(1:48 in the video)",id:"148-in-the-video",level:4},{value:"Demo - (2:30 in the video)",id:"demo---230-in-the-video",level:4},{value:"Podman v4.4 Update",id:"podman-v44-update",level:2},{value:"Ashley Cui",id:"ashley-cui",level:3},{value:"(26:40 in the video)",id:"2640-in-the-video",level:4},{value:"Podman Desktop Update",id:"podman-desktop-update",level:2},{value:"Stevan Le Meur",id:"stevan-le-meur",level:3},{value:"(31:55 in the video)",id:"3155-in-the-video",level:4},{value:"Open Forum/Questions?",id:"open-forumquestions",level:2},{value:"(47:45 in the video)",id:"4745-in-the-video",level:4},{value:"Topics for Next Meeting",id:"topics-for-next-meeting",level:2},{value:"Next Meeting: Tuesday, April 4, 2023, 11:00 a.m. Eastern (UTC-4)",id:"next-meeting-tuesday-april-4-2023-1100-am-eastern-utc-4",level:2},{value:"Next Cabal Meeting: Thursday, February 16, 2023, 11:00 a.m. Eastern (UTC-5)",id:"next-cabal-meeting-thursday-february-16-2023-1100-am-eastern-utc-5",level:2},{value:"Meeting End: 11:52 a.m. Eastern (UTC-5)",id:"meeting-end-1152-am-eastern-utc-5",level:3},{value:"BlueJeans Chat copy/paste:",id:"bluejeans-chat-copypaste",level:2}],xo={toc:Po},Do="wrapper";function Bo(e){let{components:t,...n}=e;return(0,me.kt)(Do,(0,K.Z)({},xo,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-meeting-notes"},"Podman Community Meeting notes"),(0,me.kt)("h2",{id:"february-7-2023-1100-am-eastern-utc-5"},"February 7, 2023, 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h3",{id:"attendees-17-total"},"Attendees (17 total)"),(0,me.kt)("p",null,"Tom Sweeney, Chris Evich, Ashley Cui, Paul Holzinger, Nalin Dahyabhai, Giuseppe Scrivano, Preethi Thomas, Matt Heon, Urvashi Mohnani, Ed Santiago, Brent Baude, Stefano Brivio, Lokesh Mandvekarm, Greg Shomo, Anders Bj\xf6rklund, Mateo Brisi, Tom Lezotte, Stevan Le Meur, Mehdi Haghgoo, Martin Jackson"),(0,me.kt)("h2",{id:"meeting-start-1102-am-est"},"Meeting Start: 11:02 a.m. EST"),(0,me.kt)("h3",{id:"bluejeans-recording"},"BlueJeans ",(0,me.kt)("a",{parentName:"h3",href:"https://youtu.be/qLhf-Ae4jvo"},"Recording")),(0,me.kt)("h2",{id:"pasta-in-podman-demo"},"Pasta in Podman Demo"),(0,me.kt)("h3",{id:"stefano-brivio"},"Stefano Brivio"),(0,me.kt)("h4",{id:"148-in-the-video"},"(1:48 in the video)"),(0,me.kt)("p",null,"What's Pasta? A tool that connects the network names space of the container to the host."),(0,me.kt)("h4",{id:"demo---230-in-the-video"},"Demo - (2:30 in the video)"),(0,me.kt)("p",null,"Creates a tap device that allows a quasi-native network connectivity to virtual machines in user mode without requiring any capabilities or privileges."),(0,me.kt)("p",null,"Stefano showed two shells, one where he was running Pasta, the other slipr4netns. He then created a device using Pasta."),(0,me.kt)("p",null,"Side note, Pasta shares a man page with passt (pasta (1))."),(0,me.kt)("p",null,"He then ran an alpine container with --net=slirp4netns and then one with --net=pasta."),(0,me.kt)("p",null,"The difference between them is the interface. Instead of tap0 from slipr4netns, it's enpp9s0."),(0,me.kt)("p",null,"He then showed how you could change the addresses by using the ",(0,me.kt)("inlineCode",{parentName:"p"},"podman run")," command. The ",(0,me.kt)("inlineCode",{parentName:"p"},"podman-run (1)")," man page has a number of details. Search for ",(0,me.kt)("inlineCode",{parentName:"p"},"pasta")," within it."),(0,me.kt)("p",null,"Pasta gets the ipv6 addresses from the host, while sliprnetns gets a 10.0.2.100 type of address."),(0,me.kt)("p",null,"Why choose Pasta over slirp4netns? 1. Performance 2. Smaller footprint 3. IPv6 support provided"),(0,me.kt)("p",null,"He recommends setting the default for networking to Pasta from Slirp4netns."),(0,me.kt)("p",null,"PR: ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/pull/16141"},"https://github.com/containers/podman/pull/16141"),"\nProject homepage: ",(0,me.kt)("a",{parentName:"p",href:"https://passt.top/"},"https://passt.top/"),"\nasciinema demo (Podman and stand-alone): ",(0,me.kt)("a",{parentName:"p",href:"https://passt.top/passt/about/#pasta_2"},"https://passt.top/passt/about/#pasta_2"),"\nMailing list, chat, bug tracker, weekly meetings: ",(0,me.kt)("a",{parentName:"p",href:"https://passt.top/passt/about/#contribute"},"https://passt.top/passt/about/#contribute")),(0,me.kt)("p",null,"What's the downside to switching the default to Pasta? Possibly user familiarability since Pasta is a newer project."),(0,me.kt)("p",null,"Podman rootless network integration is still a WIP at this point. Once that's done, then Paul suggests it changes to the default after that."),(0,me.kt)("p",null,"Dan would like to switch at the next full Fedora release, and he'd like it to soak for six months in Fedora before going to RHEL. Valentin thinks good timing for RHEL 10."),(0,me.kt)("h2",{id:"podman-v44-update"},"Podman v4.4 Update"),(0,me.kt)("h3",{id:"ashley-cui"},"Ashley Cui"),(0,me.kt)("h4",{id:"2640-in-the-video"},"(26:40 in the video)"),(0,me.kt)("p",null,"Around 125 user-facing changes, including features and bug fixes. We introduced Quadlet, a new systemd-related generator."),(0,me.kt)("p",null,"A lot of new ",(0,me.kt)("inlineCode",{parentName:"p"},"podman kube")," features. CNI will be deprecated soon. Advising that Netavark be used instead, and that will be the default later."),(0,me.kt)("p",null,"We're doing a Podman v4.4.1, probably tomorrow, to include the Quadlet man page, which was mistakenly left off, and a few bug fixes."),(0,me.kt)("p",null,"Several performance changes were made in this release."),(0,me.kt)("p",null,"We'll be doing a demo of Quadlet at an upcoming meeting."),(0,me.kt)("p",null,"Podman v4.4.0 should be in Fedora by default in the next few days. We also had updates for Buildah, Skopeo, and other tools."),(0,me.kt)("h2",{id:"podman-desktop-update"},"Podman Desktop Update"),(0,me.kt)("h3",{id:"stevan-le-meur"},"Stevan Le Meur"),(0,me.kt)("h4",{id:"3155-in-the-video"},"(31:55 in the video)"),(0,me.kt)("p",null,'Started with Demo. Showed "Docker Socket Compatibility" message now on the main page.'),(0,me.kt)("p",null,"There's also a new feedback button on the main page to share feedback directly with the team."),(0,me.kt)("p",null,"When creating a new machine, you can customize its path."),(0,me.kt)("p",null,"In the registries section, you can configure the ones that you have defined."),(0,me.kt)("p",null,"In the proxy, you can toggle on/off the configuration."),(0,me.kt)("p",null,"UI changes have improved the alignments through out for better readability."),(0,me.kt)("p",null,"You can press the three dots icon within the pods to get further actions."),(0,me.kt)("p",null,"You can select the namespace so you can deploy where you want to."),(0,me.kt)("p",null,"Windows and Mac installations have been added to the GitHub page."),(0,me.kt)("p",null,"New documentation to help with the transition from Docker to Podman Desktop."),(0,me.kt)("p",null,"Showed a demo on creating two containers and pushing them into a Pod on OpenShift. He created an OpenShift cluster. He chose two containers and put them into a new pod. He then opened a browser and showed a webpage being run from within the pod. He later deployed it on the OpenShift cluster. Back on Podman Desktop, it showed the status of the pod on OpenShift."),(0,me.kt)("h2",{id:"open-forumquestions"},"Open Forum/Questions?"),(0,me.kt)("h4",{id:"4745-in-the-video"},"(47:45 in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Martin ran with the new Podman 4.4 and noticed a speed improvement. Folks were very happy with Quadlet to date. Dan thinks the speed improvement is due to Kubernetes not being part of the equation, about a 30% gain in CPU.")),(0,me.kt)("h2",{id:"topics-for-next-meeting"},"Topics for Next Meeting"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Quadlet demo.")),(0,me.kt)("h2",{id:"next-meeting-tuesday-april-4-2023-1100-am-eastern-utc-4"},"Next Meeting: Tuesday, April 4, 2023, 11:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h2",{id:"next-cabal-meeting-thursday-february-16-2023-1100-am-eastern-utc-5"},"Next Cabal Meeting: Thursday, February 16, 2023, 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h3",{id:"meeting-end-1152-am-eastern-utc-5"},"Meeting End: 11:52 a.m. Eastern (UTC-5)"),(0,me.kt)("h2",{id:"bluejeans-chat-copypaste"},"BlueJeans Chat copy/paste:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Me10:58 AM\nhttps://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\nMe10:59 AM\nhttps://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\nMe11:01 AM\nhttps://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\nMehdi Haghgoo11:17 AM\nsorry I joined late. Is pasta a new container networking type?\nMe11:19 AM\nMehdi, I'll ask your question shortly.\nMehdi Haghgoo11:19 AM\nThanks\nBrent Baude11:21 AM\ni would also agree about switching it to become the default as well\nStefano Brivio11:21 AM\nhttps://github.com/containers/podman/pull/16141\nValentin Rothberg11:27 AM\nGood timing for RHEL 10\nBrent Baude11:28 AM\nimho, switching would be transparent to customers and it is feature complete, unlink the network stack for example\nStefano Brivio11:28 AM\nhttps://passt.top/\nCI-based demo: https://passt.top/passt/about/#pasta_2\nMailing list, chat, bug tracker, weekly meetings: https://passt.top/passt/about/#contribute\nStefano Brivio11:30 AM\nPull request, listing differences with slirp4netns: https://github.com/containers/podman/pull/16141\n(I'll add those to hackmd in a moment)\nMehdi Haghgoo11:31 AM\nIs quadlet a subcommand of podman?\nValentin Rothberg11:32 AM\nQuadlet docs: https://github.com/containers/podman/blob/main/docs/source/markdown/podman-systemd.unit.5.md\nMehdi Haghgoo11:36 AM\nCan one systemd unit file manage several containers? Or is it one to one?\nIn your screen of PD, why podman is not emulating /var/run/docker.sock? It was very handy\nValentin Rothberg11:36 AM\nIt's 1:1 for ordinary container and 1:N when using the Kubernetes integration.\nMehdi Haghgoo11:40 AM\nValentin, so can I migrate a docker-compose project to a systemd unit?\nValentin Rothberg11:43 AM\n@Mehdi: yes, that is a nice use case. Instead of using docker-compose, you can use Podman and systemd.\nMarkus Eisele11:44 AM\nIt might be BlueJeans blocking the port locally.\nStefano Brivio11:46 AM\nValentin, by the way, passt/pasta will be available in RHEL starting from 9.2 -- just for information, not advocating to switch the default \"too early\" :)\nMehdi Haghgoo11:47 AM\nThanks Valentin\nLokesh Mandvekar11:49 AM\ngotta drop, thanks all.. later..\nMehdi Haghgoo11:52 AM\nHow does PD remove the need for DOCKER_SOCK env var?\nGreg Shomo (Northeastern)11:52 AM\nthank you, everyone, for all the updates and glimpses into the future. much appreciated !\n")))}Bo.isMDXComponent=!0;const Eo={},Wo="Podman Community Cabal Meeting Notes",jo=[{value:"May 18, 2023 11:00 a.m. Eastern (UTC-5)",id:"may-18-2023-1100-am-eastern-utc-5",level:2},{value:"Attendees:",id:"attendees",level:3},{value:"May 18, 2023 Topics",id:"may-18-2023-topics",level:2},{value:"Meeting Notes",id:"meeting-notes",level:3},{value:"containersh (1:25 in the video) - Dan Walsh",id:"containersh-125-in-the-video---dan-walsh",level:3},{value:"Storage - allow layers to be split across multiple files. (13:20 in the video) - Anders Bjorklund",id:"storage---allow-layers-to-be-split-across-multiple-files-1320-in-the-video---anders-bjorklund",level:3},{value:"podman.io demo - (21:58 in the video) - Ashley Cui - 20",id:"podmanio-demo---2158-in-the-video---ashley-cui---20",level:3},{value:"github.com/containers/appstore (29:45 in the video) - Dan Walsh",id:"githubcomcontainersappstore-2945-in-the-video---dan-walsh",level:3},{value:"Open discussion (42:00 in the video)",id:"open-discussion-4200-in-the-video",level:4},{value:"Next Meeting: Thursday, June 15, 2023, 11:00 a.m. EDT (UTC-5)",id:"next-meeting-thursday-june-15-2023-1100-am-edt-utc-5",level:3},{value:"Possible Topics",id:"possible-topics",level:2},{value:"Next Community Meeting: Tuesday, June 6, 2023, 11:00 a.m. EDT (UTC-5)",id:"next-community-meeting-tuesday-june-6-2023-1100-am-edt-utc-5",level:3},{value:"Possible Topics:",id:"possible-topics-1",level:3}],Lo={toc:jo},Ho="wrapper";function Ro(e){let{components:t,...n}=e;return(0,me.kt)(Ho,(0,K.Z)({},Lo,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-cabal-meeting-notes"},"Podman Community Cabal Meeting Notes"),(0,me.kt)("h2",{id:"may-18-2023-1100-am-eastern-utc-5"},"May 18, 2023 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h3",{id:"attendees"},"Attendees:"),(0,me.kt)("p",null,"Anders F Bj\xf6rklund, Ashley Cui, Ashley Cui's Presentation, Brent Baude, Christopher Evich, Daniel Walsh, Ed Santiago Munoz, Lance Lovette, Leon Nunes, Lokesh Mandvekar, Martin Jackson, Matt Heon, Mohan Boddu, Nalin Dahyabhai, Preethi Thomas, Reinhard Tartler, Tom Sweeney, Tom Sweeney's Presentation, Urvashi Mohnani, ykuksenko"),(0,me.kt)("h2",{id:"may-18-2023-topics"},"May 18, 2023 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"containersh - Lokesh Mandvekar, Dan Walsh"),(0,me.kt)("li",{parentName:"ol"},"Storage - allow layers to be split across multiple files. - Anders Bjorklund"),(0,me.kt)("li",{parentName:"ol"},"podman.io - Comments/Discussion"),(0,me.kt)("li",{parentName:"ol"},"github.com/containers/appstore - Dan Walsh")),(0,me.kt)("h3",{id:"meeting-notes"},"Meeting Notes"),(0,me.kt)("p",null,"Video ",(0,me.kt)("a",{parentName:"p",href:"https://youtu.be/GYrFHoYtXDA"},"Recording")),(0,me.kt)("p",null,"Meeting start 11:02 a.m. Thursday, May 18, 2023"),(0,me.kt)("h3",{id:"containersh-125-in-the-video---dan-walsh"},"containersh (1:25 in the video) - Dan Walsh"),(0,me.kt)("p",null,"A shell account to allow an interjection into a shell. You'd interject which cgroup, image the user could have, and they would be assigned a container with those values. Useful in a government setting. It lets someone in with the appropriate privileges. Dan thinks it's a fairly small addition to Podman. The hardest part is a timing issue for execing the user environment. A bit of a race condition with the container. By using systemd, it will maintain the containers until the system goes down."),(0,me.kt)("p",null,"One thing that Lokesh has noticed is the container isn't starting. We may need to see if the container doesn't start after some time. Then systemd will stop the container and possibly retry."),(0,me.kt)("p",null,"This request came from security-oriented customers. They want the user to get on, but only to see pertinent data to them. They've used Selinux in the past, but an ls command in that environment might show them file names they shouldn't see. With a container, you can limit the scope of files they could see. Better feel than being able to see all, but get blocked from parts of it."),(0,me.kt)("p",null,"This will be a command under Podman, so it will be under the github.com/containers/podman, not likely to be a separate project."),(0,me.kt)("h3",{id:"storage---allow-layers-to-be-split-across-multiple-files-1320-in-the-video---anders-bjorklund"},"Storage - allow layers to be split across multiple files. (13:20 in the video) - Anders Bjorklund"),(0,me.kt)("p",null,"Question from the previous Podman meeting, about support for ",(0,me.kt)("inlineCode",{parentName:"p"},"ipfs://"),"."),(0,me.kt)("ul",null,(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("a",{parentName:"li",href:"https://github.com/containerd/nerdctl/blob/main/docs/ipfs.md"},"https://github.com/containerd/nerdctl/blob/main/docs/ipfs.md")),(0,me.kt)("li",{parentName:"ul"},(0,me.kt)("a",{parentName:"li",href:"https://github.com/containerd/stargz-snapshotter/blob/v0.10.0/docs/ipfs.md"},"https://github.com/containerd/stargz-snapshotter/blob/v0.10.0/docs/ipfs.md"))),(0,me.kt)("p",null,"I think there was some Podman version of estargz, maybe it was zstd:chunked ?"),(0,me.kt)("p",null,"Dan thinks we can handle this, but we need more work on the file system. Dan is for it, but would like Giuseppe Scrivano to take a look at it."),(0,me.kt)("p",null,"THere was a change to containers/storage by an outside of Red Hat contributor, but it wasn't completed. There were problems with the fuse file system, and the folks working for Red Hat weren't able to prioritize tracking down the issue."),(0,me.kt)("p",null,"Side note: here was the project mentioned briefly, which works in the kubernetes context for mirroring images from the registry ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/XenitAB/spegel"},"https://github.com/XenitAB/spegel")," (probably more for CRI-O)"),(0,me.kt)("h3",{id:"podmanio-demo---2158-in-the-video---ashley-cui---20"},"podman.io demo - (21:58 in the video) - Ashley Cui - 20"),(0,me.kt)("p",null,"Ashley showed the new website. Showing the options. It just went to v1.0 this week, in preparation of Red Hat Summit. The site is a combo of Podman Desktop and Podman, with the feel of Podman Desktop."),(0,me.kt)("p",null,"You can download either the CLI or the Desktop from the page. It detects the OS you're on and gives you the right choice (Mac, Windows, etc)"),(0,me.kt)("p",null,"Anders thought it might sense to not call it CLI, but perhaps Podman Engine. The download will have the engine to run, and CLI is part of that, but it could potentially be separate too."),(0,me.kt)("p",null,"Ashley thinks more documentation here on this download page to clarify things."),(0,me.kt)("p",null,"Happy to take contributors!"),(0,me.kt)("h3",{id:"githubcomcontainersappstore-2945-in-the-video---dan-walsh"},"github.com/containers/appstore (29:45 in the video) - Dan Walsh"),(0,me.kt)("p",null,'Just an idea, an area for examples on how to use different tools. Docker has "awesomecompose" to get compose examples. We\'ve been pinged for a site similar to that one.'),(0,me.kt)("p",null,"We have created the github.com/containers/appstore and have opened it up to people to add their examples. I.e. how to run mariadb inside of Kubernetes. We'd probably want to eventually set up a CI/CD system to test the scripts that are submitted to make sure they don't break, or age out."),(0,me.kt)("p",null,"Chris Evich thinks renovate can help with making sure the scripts are still viable."),(0,me.kt)("p",null,"Mark Russel has a contact, George, who has been wanting to do this and has a collection he would like to drop stuff in."),(0,me.kt)("p",null,"The problem this team in Red Hat has is were' container tool experts, not necessarily container creators/maintainers."),(0,me.kt)("p",null,'Dan wants to make sure that the apps that are dropped will actually be useful for real-world environments. Not necessarily just "Hello World".'),(0,me.kt)("p",null,"The issue is as priorities change, a contributor might not keep the app up to date. We'll need to be able to easily track the maintainer and the last time they updated the app, and also revision control. It would also be nice to be notified when an app that you grabbed gets updated later."),(0,me.kt)("p",null,"Chris thinks this is possible via renovate."),(0,me.kt)("p",null,"The project has been created. ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/appstore"},"https://github.com/containers/appstore")),(0,me.kt)("p",null,"Dan was thinking about creating directories for quadlet and Kubernetes."),(0,me.kt)("h4",{id:"open-discussion-4200-in-the-video"},"Open discussion (42:00 in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"When should you use pass-through versus journald should be used? Dan thinks pass-through is better aligned with systemd (Tom check). Across the board, Lance has defined journald for all, and wanted to know if Podman was trying to default to something else? Dan thinks it should not.")),(0,me.kt)("p",null,"Pass-through will send to stdin/stdout via systemd. It was done to integrate better with the journal log driver. If you use pass-through, podman logs gets disabled, so it's like not logging. But you get better integration with the journal."),(0,me.kt)("p",null,"If Podman goes away while being run with systemd, conmon will write to the logs."),(0,me.kt)("h3",{id:"next-meeting-thursday-june-15-2023-1100-am-edt-utc-5"},"Next Meeting: Thursday, June 15, 2023, 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h2",{id:"possible-topics"},"Possible Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"ipfs integration into Podman - Anders Bj\xf6rklund to kick off"),(0,me.kt)("li",{parentName:"ol"},"Mark Russell's contact George for appstore")),(0,me.kt)("h3",{id:"next-community-meeting-tuesday-june-6-2023-1100-am-edt-utc-5"},"Next Community Meeting: Tuesday, June 6, 2023, 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h3",{id:"possible-topics-1"},"Possible Topics:"),(0,me.kt)("p",null,"None Discussed"),(0,me.kt)("p",null,"Meeting finished 11:52 a.m."),(0,me.kt)("p",null,"Raw Meeting Chat:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Daniel Walsh10:59\u202fAM\nToday is a holiday in a lot of Europe. Ascension Thursday\nYou11:03\u202fAM\nMeeting Notes: https://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nPlease add or correct as we go along.\nDaniel Walsh11:42\u202fAM\nhttps://github.com/containers/appstore\n")),(0,me.kt)("p",null,"Raw Google Meeting Transcript:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Tom Sweeney: Okay, the recording seems to be working at this point in time. So welcome everybody to the Quad man community the ball meeting. The meeting that we generally talk about future design decisions and topics along those lines. Rather than demos, the demos meetings are generally held during the community meetings, which will be coming up. In June, I think it's June second. We'll talk about that later on today. For today we've four topics lined up. We have talked about container sage being led by Dan and Lokesh, We have another topic about storage allowing lawyers to be split across multiple files and Anders thanks for joining today. I know it's a holiday and all where you're at\n\nTom Sweeney: And I thank you started at this point and then we'll be talking about Podman.io. We've got some very exciting, new changes going on there and there are more Maureen is going to be talking about and then Dan's gonna be talking about the App Store on the containers project so given all that. Oh and you know put a link to the Hack MD, I'll be taking notes during the meeting today in hackham day. If you have any I think that add that I've messed up or you want to add a link or anything like that. Go ahead, please do it. There. And I'm trying to check on. The moment here. Given all that. I'm going to start it off with general location. I'm not sure who's doing the talk. This one for the container sh Yeah, yes.\n\nDaniel Walsh: Yeah, I guess. Who I'm getting feedback.\n\nDaniel Walsh: Are the people getting it? All right, the Echo, one way. So I don't have any presentation on it right now. And Lokesh myself and some people from the SC, Linux team have been working. as a side project on the, an idea, what we calling Pod, Man Shell And what this basically is. Will be an enhancement to podman to allow. you to configure a shell account or login account with a shell of podman shell, which would automatically Inject a user into a. Container, when it lies into the system. So think of it like a hunting pot environment, What we're trying to do is to do it as\n\nDaniel Walsh: Part of, you know, just a link off of Pod man so it won't be a new executable and that we're all gonna be taking advantage of quadlet to define a user container for that user. So imagine you create a container, a quad that podman Sheldon, quad that\n\nDaniel Walsh: Not die container. I mean you define which image you want to use it to be injected into what Cgroups you want them to be controlled fine, with what volumes, you want to make available to the user inside of the environment. Then when the user logs onto the system, he would automatically get he or she would automatically get injected into the container and be locked down With that. The container would have any rights that you wanted to expose the user. The reason we, we've had a couple of government type\n\nDaniel Walsh: Customers that have come in and talked to us about how they would like to be able to use some container technology to actually control uses that allowing into the system. So, you can imagine a, You have a sort of a system with lots and lots of data on it when you, but you want to give a use either a shell account, so he gets onto the system and only able to see certain directories on the system. Another way another idea would be You want to set up sort of more like Toolbox where you would log on to a system and have an entire suite of tools available to you, that will be different than other users logging into the system onto the same system, but have, you know, constant data that you could use to do it?\n\nDaniel Walsh: So, I think it's a fairly small enhancements to pod to Odd, Man, and most functionality, we found the most of functionalities available. Now in the system, just by using system D to start up a service for the user. And then just basically getting a pyramid exact into the into the show into the container that you're going to create. One issue we're having right now is a timing issue in that. I think there's a bit of a race condition because really what we want to have happen is when the user ssh is into the box, this container gets started. For the session. And then I think, We haven't quite figured out how to wait for the shell. For the container to get up and running before you try to exact into it. So if part Man shell\n\n00:05:00\n\nDaniel Walsh: Execs in right away. Then the shell might, the container might not be up and running at the time. So it was a race condition, the beauty of using system need to manage these. The actual containerized service is that System D will keep track of all sessions. So if you logged into the system multiple times, Um then system legal maintain the service running until you log out of all sessions and then we kill off the container. So anyways, we've talked internally about this and this is the first time we're really talking about it externally. Does anybody have any questions?\n\nBrent Baude: Dan on the problem of the container starting, that the racy part could you define a basically a bogus Dependent container and\u2026\n\nDaniel Walsh: Yeah.\n\nBrent Baude: weight on that one.\n\nBrent Baude: so, it would be Essentially,\u2026\n\nDaniel Walsh: I think.\n\nBrent Baude: you'd wait on what you'd wait on one, but you're really just using it as a indicator for the other.\n\nDaniel Walsh: well, I think the problem is apartment Shell is gonna I think this I think when you log into the system, Lokesh you, you've experienced this, right? You talk about it.\n\nLokesh Mandvekar: Uh yeah. So what the one thing of notice was if I rerun the setup, I often end up with no such Container image. Sorry no such container.\n\nDaniel Walsh: Right.\n\nLokesh Mandvekar: So And I also see a bunch of SC Linux messages about non-existent keep yourself. So, I'll figure that.\n\nDaniel Walsh: Yeah, and I think what's happening is when you log into the box as you log in System D realizes you're creating a new session. It starts the session then starts the container, but simultaneously at podman cell is running. so, I think what we need to do is to have Quad man, Shelby smart enough to retry for some period of time. you know, basically do a fallback until the container is actually exists. would be the most saying, but only do it for, you know, 10 seconds or something, I don't as we might be something that we have to configure, but\n\nBrent Baude: We do that basically a back-off as well with other stuff\u2026\n\nDaniel Walsh: Right.\n\nBrent Baude: where you know, you try and 250 milliseconds and then 500 and then one second. Yep.\n\nDaniel Walsh: Good. I think I think we do that and then it's a container doesn't start for a certain amount of time then. You know, kill the shell and drop out. I think that. but,\n\nDaniel Walsh: Any any other comments questions? Thoughts.\n\nBrent Baude: What's the primary? You know, jumping up and down. User.\n\nBrent Baude: Use case, if you will.\n\nDaniel Walsh: so, the users that first brought this up or were basically, real heavy security people who wanted to A traditional use case for um, these type of customers is that they allow a user to get onto a system that has data, that's at multi-level, so top secret data, secret data, and they want to allow the user to get on to the system and then only able to view, say, secret data and\n\nDaniel Walsh: um, traditionally they've done this with Essie Linux, but the problem with SEO Linux is that if the user just does standard commands, like LS of an environment, he's likely just to get at or ABC generation on places that he shouldn't be looking at and so becomes very complex because I like to say is a essay Linux is complex because we give you in a view of everything in the universe and then\n\nDaniel Walsh: We basically say, You know, why you're looking, you know, basically SEO is gonna say why you're looking here, why you're looking it while you're looking here, and with containers, we give you a view of almost nothing of the operating system. And then we just start opening up windows to the up the operating system through volumes. And so becomes a lot easier for people to say, You know, okay, you can get on my system. But the only thing you can see is this directory on my system. And that becomes, That's a lot more human understandable than you get. On my system, you can see everything. And then I start to block you from looking at parts.\n\n00:10:00\n\nAnders F Bj\xf6rklund: I remember we had a FTP server and when we went to Not to the same option of ftps but to Sftp, then we then we ended up running shells where you previously were just sewing files. So so that that was the use case back in the day with a custom shell,\u2026\n\nDaniel Walsh: Right.\n\nAnders F Bj\xf6rklund: that only allowed you to visit certain directories and run certain commands. That sftp. So, that could be.\n\nDaniel Walsh: Yeah, right. I mean, 10 to 15 years ago, I talked about Doing some stuff with Etsy, Linux around guests. And next guest and I just used to talk about how you could You know, imagine like you asked Machine at a at a library where you come in and Basically, will allow you to Web browsing and\n\nDaniel Walsh: You know, going. Use the printers and things like that, we'll be really nice of that. Everything you did while you were in that web, browser was destroyed. When you logged out and that, that could be a use case for someone like this as well. Where you would, you just set up a container that Allows you to do whatever you want but as soon as you log out of the system, you know, the container gets destroyed. So imagine a container that's still in a dash dash RM. So, all the content was was cleaned up after you got out. So, If you did something stupid like do online banking and have secrets stored by the Web browser and at least it would be destroyed.\n\nDaniel Walsh: And I mean, there are decent amount of use cases for something like this. I believe,\n\nTom Sweeney: some more people can look at,\n\nDaniel Walsh: Not yet. Who are not we're not trying to make this as fully separate projects from Podmin. I think it's a I think it's an enhancement department, just another command that probably can use, so my goal would be to To write documentation in pod, Man, how to do it. And Just have the command put on a system so it'll be a pod man. Shell Which is probably in shell, it will just be a symbolic link to Bod man and Maybe it'll be a sub package but I don't want to get into a whole separate project for this. because again, it's just gonna This is just something that Pod man can do.\n\nDaniel Walsh: You just have to create the Quad button.\n\nTom Sweeney: Great. Any other questions or comments?\n\nDaniel Walsh: We sometimes call it Container Shell but I've been calling it podman Shelton more recently. So Hopefully in it when we get together and do demos, we can demo it in a few weeks.\n\nTom Sweeney: That be good a couple weeks away. Um all right, even that I and the time I think I'm going to hand it off to it on Anders for the storage talk.\n\nAnders F Bj\xf6rklund: Yeah. So we had a previous meeting where I'm also asking a question, but we didn't have time for any answer, so I guess I will just ask it again. It was really about two separate. Features one is called lazy pulling where you divide a big layer into I mean, without breaking compatibility. You can divide container layer into Sub. Files, so that you can start the container without pulling all of it until it's needed. And related to that was the other question of peer-to-peer distribution of images without having to always pull it from the central registration.\n\nAnders F Bj\xf6rklund: And I guess it's would be a question for containers image, or I mean, Portman would just use the storage.\n\nAnders F Bj\xf6rklund: Object. So there's some support about anything in container D. That's why I was asking if there's any like OCI work or if it's anything that could come to. Podman on those.\n\nDaniel Walsh: Yes. Um Giuseppe's, not here, not. I believe that this\n\nDaniel Walsh: We see if I can ping Giuseppe on this. Use around early, but I'm\n\nTom Sweeney: Yeah, thank you.\n\nDaniel Walsh: forgot.\n\nTom Sweeney: Son Holiday today.\n\nDaniel Walsh: The, I believe we have some, we can handle this. From what we don't have right now is you need a fuse file system to make this thing work.\n\n00:15:00\n\nAnders F Bj\xf6rklund: Yeah.\n\nDaniel Walsh: Because the basic idea is you go. To run an image and container storage would say the image exists. And then you go, now you read Use a bin foobar and as soon as you execute, you've been full bar. The. underlying fuse file system would reach out to the registry and say Okay I need use of infobar and then User been full power. Would pull down say it needs G loop C. You pull down to your love C. And Continue on through the entire stack. I know that the person who wrote that originally are someone worked with, it opened up, pull request to get features like that into container storage. But I don't think anybody ever finalized it by putting in, you know, somehow getting the\n\nDaniel Walsh: The underlying file system to do it. And my mind it would be best to enhance. Fuse. Overlay to Be able to handle it, but it's not something that anybody at Redhead is has worked on at this point. The reason we haven't really looked at it is because the latency problem, but I I think it is a reasonable issue. We've always referred to constant. So, try to avoid the latency where you'd have an application up and running. For a little bit and then also just go into a pause mode when it's downloading. gigabytes of state and\u2026\n\nAnders F Bj\xf6rklund: Right.\n\nDaniel Walsh: as opposed to downloading everything and then you don't have any latency.\n\nAnders F Bj\xf6rklund: Okay. Yeah. So\n\nDaniel Walsh: So I I would say I'm all for it. I'm all for us getting this into the upstream project. but rather than having I I'm not sure what the fuse file system that implements it, but if we get that fuse file system merged somehow into fuse overlay,\u2026\n\nAnders F Bj\xf6rklund: Yeah. Not.\n\nDaniel Walsh: I get it to be you mode if he was overly and we don't have two foul, two fuse file systems for supporting Someone desperate that things.\n\nAnders F Bj\xf6rklund: yeah, and not exactly sure how it's implemented in the snapshot directly as it's calling continuity, but it has this, you need a, You need a special tar format in order to handle these I mean division of the horrified.\n\nDaniel Walsh: but,\n\nAnders F Bj\xf6rklund: So That was us.\n\nDaniel Walsh: It's it's related. Is. I think it's\n\nAnders F Bj\xf6rklund: And I think we had, we had two different versions, right? We had one based on said standard and that compression and we had one based on the older work with the S tar. That, I'm not sure if it was Google or something. So, It seemed to be multiple implementations of the same idea. Being able to hack one tour streaming to It's seekable portions while keeping compression.\n\nDaniel Walsh: I'm going through Google's, all right. contain a storage to figure out who opened up the pull request, but looking for a star right now,\u2026\n\nAnders F Bj\xf6rklund: Yeah.\n\nDaniel Walsh: but It's all just.\n\nAnders F Bj\xf6rklund: now, I think we took there was some talk about it, like previous container plumbing, but not this one. So maybe like you say there are other concerns that are more important, so it's not the most desired feature\n\nDaniel Walsh: yeah, what yeah, I mean I don't I just don't think that\n\nDaniel Walsh: Yeah, I can't find who wrote it now. And do you remember anything about this?\n\nNalin Dahyabhai: I would have to go digging through it as soon as you.\n\nDaniel Walsh: Yeah. But yeah,\u2026\n\nAnders F Bj\xf6rklund: It was.\n\nDaniel Walsh: as I said,\u2026\n\nAnders F Bj\xf6rklund: It was a hero talking about it. So,\n\nDaniel Walsh: I'm you know, it's just hasn't come up as an interest for You know,\u2026\n\nAnders F Bj\xf6rklund: Okay.\n\nDaniel Walsh: that the developers at Red Hat at this point to, to support this and just mainly because of the fuse vial system problem and\u2026\n\nAnders F Bj\xf6rklund: Yeah. Yeah,\u2026\n\nDaniel Walsh: Now we haven't focused on. Yeah.\n\nAnders F Bj\xf6rklund: I run into some similar issues. What while trying to promote peer-to-peer pulling over images and that is You can easily. You can easily set it to allow the private network only, but most peer-to-peer systems are public by default, which means people are terrified. So when you, when you mention an appear to pair is like mentioning Dr. Hub, you tell that to the private really stupid people and\u2026\n\nDaniel Walsh: Right.\n\nAnders F Bj\xf6rklund: they go into defensive mode and then it's for lockdown and everything. but,\n\n00:20:00\n\nDaniel Walsh: Yeah. Similar. We've been talking about that for about eight eight or ten years now. So,\n\nDaniel Walsh: Nothing. Nothing is happened in that front. And sadly,\u2026\n\nAnders F Bj\xf6rklund: Yeah. So\n\nDaniel Walsh: we don't have the people who work in containers imager here, because they're on holiday\u2026\n\nAnders F Bj\xf6rklund: I, Yeah,\u2026\n\nDaniel Walsh: because yeah. So,\n\nAnders F Bj\xf6rklund: I'm also supposed to be on holidays and relate.\n\nAnders F Bj\xf6rklund: Yeah, that's right.\n\nDaniel Walsh: So we can put that. I mean, if you don't mind, we'll put that one on hold for what.\n\nAnders F Bj\xf6rklund: Yes, you can come back to it.\n\nDaniel Walsh: Let's talk about it.\n\nTom Sweeney: Up. Yeah.\n\nDaniel Walsh: Let's talk about it next month. When\n\nAnders F Bj\xf6rklund: yeah, I think Ipfs is quite experimental anyways, so you could probably do with some more maturing That there were also some like halfway solutions\u2026\n\nDaniel Walsh: Yeah.\n\nAnders F Bj\xf6rklund: where you would not hack up the layers, but you would distribute images from your peers. So you you would talk to your peers and then And then see if anyone close to you has the image before putting it from the registry. So, so,\u2026\n\nDaniel Walsh: Yeah.\n\nAnders F Bj\xf6rklund: there were some work, like\n\nDaniel Walsh: Yeah, that would be cool. I think the the issue and they might have with that is how signing and and could you verify the image and make sure it's the Because yeah,\u2026\n\nAnders F Bj\xf6rklund: That yeah, it can assume so private.\n\nDaniel Walsh: the field comes I asked for, you know, the fedora image and someone so I got a fedora image for you. Yeah, take this one. How do you trust it? No.\n\nAnders F Bj\xf6rklund: Yeah.\n\nTom Sweeney: Right, so we're compost bone, that one. So the next meeting then gets more folks here.\n\nAnders F Bj\xf6rklund: Yeah, fun.\n\nTom Sweeney: And thanks for bringing up Anders and keep me honest, I put it on to the possible topics for the next one. I had thought the next one that we're going to do was with Maureen Duffy's and I thought She's gonna be here. So I will just do a real quick talk about it based on what I've seen Ashley here. Ashley, do you want to talk about this or give a quick little\n\nAshley Cui: so, Sorry.\n\nTom Sweeney: Appointment.\n\nAshley Cui: um, I don't have anything prepared, but I guess. Take.\n\nDaniel Walsh: Just demonstrate the website.\n\nAshley Cui: Okay. Let's see.\n\nTom Sweeney: Nothing like putting you on the spot.\n\nAshley Cui: Let me see if I can share the tab for Partner and IL.\n\nTom Sweeney: And while she's doing that, I'll just say that it's gone to be 1.0 officially, as of this morning, we're getting it ready for the summit, for Brent, for next week. So it'll be announced there more officially. She can have. A sneak preview this week.\n\nAshley Cui: Um, so we have a new website Podmanio. It's been it's nice and shiny and it looks very very good but I guess it is brand new. So we haven't gone through, we're trying to go through and take a look at anything that is broken and so we've been kind of taking a look at it, we have a bunch of Links and Other Things. I don't know what else to say about it. Other than it looks really nice but I think there's still a little bit of work that we're doing but if you have some time, feel free to click through it and see what works, what you guys like and what you don't like. And we'll see what we can do about it, I guess.\n\nTom Sweeney: Yeah, and I'll just go ahead and add a little bit more, just basically, it's on Github, container spot. is the old site was if you had happened to Clone that site Prior Appointment.io, it's now point. Automan.io underscore old. So if you try and make an update there, go to the old site and not to the new site so you'll need to reclone if you've cloned prior and please just standard issues, if you have just use a standard issue process, If you find anything go at Adam there and Maureen's been very responsive there for the ones that we found and do know that we've got a couple more. Online in there right now that you need to chase down and hoping to clear those up with the next few days, but happy to get any kind of feedback there and even if it's, you know, This doesn't work so well or Hey, this looks great. At least have.\n\nDaniel Walsh: Like, click on Get started, actually.\n\nDaniel Walsh: Like I wait. Where's the one that title spell how to download because it's going to show. Is that this one?\n\nAshley Cui: so we don't it's just on the front page, we have a little download drop down, I actually Was working on. Hold on. Let me see.\n\nAshley Cui: Let's see.\n\nDaniel Walsh: Because one of the things we we have done is sort of. There's obviously there's podman desktop and then pod man. Main. And and this website is somewhat of a combination of the two.\n\n00:25:00\n\nAshley Cui: Yep.\n\nDaniel Walsh: Because I think general users are just going to look, how do I get Pod, Man on my Mac or How do I get Bod, Man on my Windows box?\n\nDaniel Walsh: For some like Pod man. I think the Linux, she's community is a little more savvy about how you probably gonna get a package on the addition. So, we wanted to make, you know, obvious places, they go to his apartment.io and Um, make it easy for you to find.\n\nAshley Cui: Actually worked on this this morning which is now there's a CLI option so you can download desktop and you can also get the CLI. And so it's kind of a combination, you know, if it tries to point you into the desktop direction, if you want the desktop stuff and then it also gives you option of looking for CLI stuff. Yeah.\n\nDaniel Walsh: And so if you were on a Mac, you would see one that says Downloaded for a Mac I would hope.\n\nAshley Cui: Yeah, so automatically detects what OS you're on, which is pretty cool.\n\nAnders F Bj\xf6rklund: Do you want to promote the podman engine name instead of Podma CLI, which could also relate to podman remote?\n\nAshley Cui: um, sure. I think it might be confusing for people who don't know the difference between podman engine and podman desktop I think CLI. Kind of makes it obvious that this is a CLI tool, but\n\nAnders F Bj\xf6rklund: But but what so, so the primary option is downloading Padman desktop. And then quadman CLI.\n\nAshley Cui: mm-hmm.\n\nAnders F Bj\xf6rklund: Would that be the podman remote for that desktop? Or would it be the one that includes the actual running up containers? Like the full partner?\n\nAshley Cui: I think. It's just podman itself for I guess for Linux.\n\nAnders F Bj\xf6rklund: So, Yeah.\n\nAshley Cui: It is the engine but for Mac and Windows, it would just be a CLI so I guess technically it is. I think we can like change this saying like installed engine using a package manager or something like that, but If that makes it more clear.\n\nAnders F Bj\xf6rklund: Tabs. I was just wondering if yeah, I was just wondering if the Like now Portman desktop has gotten all the\n\nAnders F Bj\xf6rklund: Advertisements, if you want to call it that or my life. So something similar happened to Docker. So I mean, it's only natural. They, they have some kind of product entry for. So, we have a product entry for the Docker desktop, and you have a product entry for the docker engine, which Dumps. You straight into the Linux distributions and how to install on your server type of thing.\n\nAnders F Bj\xf6rklund: something similar could be done for pod money if you want to separate the ones while having like the podmon desk focus here and then you could have like a separate Section for how you install podman on, on your Linux machine and how you run podman, not remotely. But have ironic locally. I mean like the old site if you want to call it back, how are you?\n\nAshley Cui: Yeah. I think we could put more documentation on this stuff.\n\nAshley Cui: And clarify it. Yeah.\n\nDaniel Walsh: Yeah, it's funny. I'm not crazy about the name engine because I don't think I don't think that's a No,\u2026\n\nAnders F Bj\xf6rklund: No, no.\n\nDaniel Walsh: no. You normal user term so It's Eli.\n\nAnders F Bj\xf6rklund: It's you know, now the whole desktop is just\n\nDaniel Walsh: Is I I would prefer to say probably five minutes for Linux, but we're we're starting to blank shed at this point.\n\nAnders F Bj\xf6rklund: Yeah. Okay.\n\nDaniel Walsh: So, yeah, he's least here Icon makes it a little bit clearer\u2026\n\nAnders F Bj\xf6rklund: So, I No,\u2026\n\nDaniel Walsh: but yeah.\n\nAnders F Bj\xf6rklund: no, those are definitely someone else's words and terms. So they are just,\u2026\n\nDaniel Walsh: Yeah.\n\nAnders F Bj\xf6rklund: they are just there to make the transition easier for people if you would start out. From scratch, we will not call it.\n\nDaniel Walsh: yeah, I use I use engine all the time but I'm not sure that you know,\u2026\n\nAnders F Bj\xf6rklund: I think that even the programs this Indian I\u2026\n\nDaniel Walsh: Joe engine is and yeah,\n\nAnders F Bj\xf6rklund: if you're on Portman version, it will tell you. It's and I think so.\n\nDaniel Walsh: Okay.\n\nDaniel Walsh: That's good.\n\nTom Sweeney: Right. Yeah it does look good. Actually thank you for doing well with that. Given how much time you have to prepare?\n\nDaniel Walsh: And if anybody from community wants to contribute, we'd love to have contributions. You don't have to be. Engineer to contribute to that website.\n\nTom Sweeney: Yes.\n\nDaniel Walsh: So this this is actually Just an idea. We haven't done much work on it yet, but\n\nDaniel Walsh: People have been asking us for examples of how to use. Different tools and darker has this thing called awesome compose. And a lot of people go to awesome compose to get darker composed examples so they can sort of take and then hack on. So, a few people have been paying us about. Could we have some kind of Site like that. And I think the obvious thing for\n\n00:30:00\n\nDaniel Walsh: For us to work on would be to first grade aside and then allow people to start to contribute, say either Kubernetes Yaml files or quadlets that people might want to experiment with. So the idea was to set up, get up containers slash App Store. And then steps to sub directories underneath it, where people could start opening up. Poor request to get their favorite. you know, variant on\n\nDaniel Walsh: You know, how they want to run their WordPress inside of a quadlet, or how they would run, you know? Base Inside of Kubernetes. Now what we want to have, if we start to build out this, we probably need to have some kind of cicd system where we would continuously test. All the quadlets and Yaml files that are available against, you know, a versions of Pod man, to make sure that they continue working and then If stuff becomes stale and old, then we have to get rid of it. I think the fair with something like this is, is one stuff gets old and crusty and I also worry about, if we had image that people are putting versions of images into their examples,\n\nDaniel Walsh: People start to pull down images that the two or three years out of date. And how do we do? So It's I think we've talked about this internally. Chris is pointed out that I think renovate can actually help us out a little bit with that secondary problem and that it could go through a win actually update. Of images or open, a pull request to update version of images. So,\n\nDaniel Walsh: I just opening up to have. Anybody have any ideas or thoughts on this?\n\nBrent Baude: I do. I spoke to someone that Mark Russell. Had. been speaking with, I think they actually know each other from canonical. And the gentleman's name is George.\n\nBrent Baude: I think it's George Castro. And George has been proposing to Mark that this exact concept. Minus quadlet. Needed to get done and was looking for a home. to put all of us, he evidently has oodles of the stuff already done. And I spoke with them about an hour and 15 minutes basically. He just, He wants to do what we've we're meeting and wants a spot. Put it. That somewhat associated with containers.\n\nBrent Baude: He was going to reach out the Tom to actually get on the schedule for today, but He must not have been able to, in the short order.\n\nBrent Baude: But I think the next thing it is just having come talk. About what his ideas and\u2026\n\nDaniel Walsh: See.\n\nBrent Baude: What? He's got already.\n\nBrent Baude: And he he's looking for us just like simple.\n\nBrent Baude: It there's some stuff he hasn't figured out like you know, container wise and there's some stuff that, you know, could go this way, could go that way. He's just looking for Tyree. And advice.\n\nDaniel Walsh: Yeah.\n\nDaniel Walsh: Then we can get chat GPT to just start generating these things for us.\n\nBrent Baude: well, I think the problem that this team has Is we are?\n\nBrent Baude: Container cools. Development. And that's fundamentally different than container service or container. Creation.\n\nDaniel Walsh: Right.\n\nBrent Baude: And We probably all have our little pet projects. I'm guessing none of us are my sequel. Experts or, you know, we can get nginx running but just enough to serve a file. so,\n\nDaniel Walsh: I can get in a patchy Web server up and curl to it, and that's about it.\n\nDaniel Walsh: And basically none of us are real good systems. Yeah, at least that's not I call function.\n\n00:35:00\n\nBrent Baude: Right. So again, at my vote, I'd like to the deeper dive with George and You know, spin them off and get gone.\n\nDaniel Walsh: Yeah.\n\nDaniel Walsh: I think.\n\nBrent Baude: And it sounds like yes,\u2026\n\nBrent Baude: time bit to this.\n\nDaniel Walsh: Yeah. It'd be nice\u2026\n\nDaniel Walsh: if someone went through all of awesome, awesome compose and Wrote equivalent applications and Kubernetes YAML files. And That could run with part men. I'm trying to make sure that they don't become a General Kubernetes Yaml drop site because it might be lots. And lots of stuff that podman can't handle. That's why I like the idea of Verifying that the applications would actually ride with, but man.\n\nBrent Baude: indeed and I I know fair amount of those Apps, if you will, that are in awesome and some of them don't do anything. That just like Hello World type stuff.\n\nDaniel Walsh: Right.\n\nBrent Baude: so I think ideally what you're looking for is Put your gunk in this volume and then make sure it gets mounted.\n\nDaniel Walsh: Right.\n\nChristopher Evich: I'm guessing. That probably. Writing tests for these things. It's going to be equal to if not harder than developing them in the first place. Especially the,\u2026\n\nDaniel Walsh: Yeah.\n\nChristopher Evich: what the, what that stuff. I mean if it's simple things like curling from URL, using my SQL client to connect to A I see how container with that. Kind of stuff can probably do, but I think more complex. Can get challenging.\n\nDaniel Walsh: Yeah. but I I just start a service and then a five minute inspected to make sure that you know, the the stuff that you thought was gonna be creative, got created, then\n\nChristopher Evich: Yeah.\n\nDaniel Walsh: again, when I'm hoping, is that, if we start getting these things and images start disappearing that week and easily clean out, Applications as sort of disappear from the base of the planet, right? People's priorities change and they're not going to necessarily maintain their own. Applications that get donated to the site.\n\nBrent Baude: There's there's also this question of You know, do you tag it? Like let's say you're gonna do You know, my sequel or something? Do you\n\nBrent Baude: You know. But there's a fair amount of variety that could occur whether you depend on. Building the image. My sequel image, Do you start at like the winter level and then all the way up? Or do you grab them and use my sequel? And then how does the the versioning work because if you if you go latest, then your subject to failures in which something inside the image changes, which, which puts ed into orbit,\n\nBrent Baude: Or you say tag it to a particular version and and now you know, you have to go update that at some point.\n\nDaniel Walsh: Yeah, I mean that's what also something we have to worry about with the Cicd system. Again we're all channeling it here because in those there's nothing more unstable than container registries as far as Cicd systems. So, You know, if if 75% of the time that Test suite. Blows up because it couldn't pull down and some random image and You know, we're never gonna get it successful Testro.\n\nBrent Baude: the other little, Treat here would be that also if I was a consumer of that. Stuff. I don't think I'd want something pointing to latest either.\n\nDaniel Walsh: Right.\n\nBrent Baude: but I would like to be notified when You know, a new image comes up. In case it was security.\n\nChristopher Evich: Renovate can run away. Runaway can handle that pretty elegantly. There's You can set up regular expressions. That can extract version numbers. And it'll And then basically give it a source of where those versions come from and it'll open up yours when it finds a new one. There's also a way you can do kind of a more generic thing. That's probably more user friendly. where you set up a regular expression that searches for a comment, a special comment that says You know, get the versions from the source, use this type of versioning and the other options like that. That's probably easier. Then it's just adding this stuff is just you know, somebody putting a comment into their Code. And Renovator pick it up automatically.\n\n00:40:00\n\nDaniel Walsh: So, it seems like I think I've already created the the website. Containers. App Store. Just make sure it's\n\nDaniel Walsh: It's nice and blank right now. Has a license in a one-line. Text.\n\nDaniel Walsh: I do that a week ago and then forgot about it.\n\nTom Sweeney: Can you add a link to the chat?\n\nDaniel Walsh: I will.\n\nDaniel Walsh: My goal was to create two subdirectories underneath. It one called Kubernetes and one called What?\n\nDaniel Walsh: Github will not let you create empty directories and then check them in. You have to put content in the directories and I didn't have any content and then, Some of the sparkly light went off. And I went chasing after. Whatever. That was so.\n\nTom Sweeney: Know, did you just drop a green beans? Each Just a real quick, read me.\n\nDaniel Walsh: Could I drop could I drop one?\n\nChristopher Evich: It put a dot and put a dot MP file in.\n\nTom Sweeney: Yeah. And in the directors you want to create just put a little readme at the top.\n\nDaniel Walsh: Law. Okay, that would have been nice. But now that I have this site up You can open up a pull request to do that.\n\nDaniel Walsh: Want to become Sawyer. I want you to paint my wall. White wash my fence.\n\nDaniel Walsh: I guess we can open up the general discussion at this point.\n\nTom Sweeney: There's any questions topics that anybody has?\n\nLance Lovette: I've got one.\n\nLance Lovette: so, I've been curious that the past through log driver, It's not really clear to me when I should or would want to use that as opposed to Journal D. or if Pod Man selects a default based on where it's running,\n\nLance Lovette: At the moment, I specified Journal. D explicitly and I'm wondering if As I went down this rabbit hole where Kanman takes standard by default, well, it takes standard air and marks it red in the logs and python logs, right? Everything to standard air. So everything that Python writes shows up. In red said, I went down this rabbit hole, figure that out, and then I change this law and I figured out the issue but I was like maybe I should be using pass through instead of journal D. So anybody have any Direction or guidelines on how to decide one or the other.\n\nDaniel Walsh: I take. I take the goal of pass through is that if you're running it underneath this as a systemd service, and pass through will allow you when you do a pod man system d status, you'll be able to see it right in the Be a system D, right? And then if you run journal, you'd have to use Pod, Man command or a journal to, you wouldn't see it as part of the outputs, the unit file. I believe it's what the difference is.\n\nLance Lovette: Well, you, I believe you do. I mean well, Because I'm doing Journal D, now. And that everything, you know, journal controlled at Jeff shows everything, it all gets tagged with the with the proper.\n\nDaniel Walsh: But are you doing it on the unit file or\u2026\n\nLance Lovette: Variables.\n\nDaniel Walsh: you're doing it of the container level?\n\nLance Lovette: Well, I both I run it in the like when I run it standalone, it's I use log driver. And then when you do make system D, it captures that.\n\nDaniel Walsh: But doesn't do it.\n\nLance Lovette: So so my container. Yeah.\n\nDaniel Walsh: Does it switch to pass through at that point?\n\nLance Lovette: No, I mean not. I'm Yeah,\u2026\n\nDaniel Walsh: It's the journal? Yeah. Yeah.\n\nLance Lovette: so across the board I especially specify Log Driver Journal, D, You know, does pod men do something under the covers like Oh hey, I'm a system D service. So let's use pass through. I can't say\n\nDaniel Walsh: No. No, it does it, I don't believe it does. Matt, The original version of Quadlet was attempting to do that. I believe and I think that's all been revoked, but\n\nLance Lovette: Because I don't know what Journal D. Or what system D. Does with outputs, like I have a dove into it enough to live like are they somewhat equivalent? Like if you're if you're using all generally driver, it's still sticking in the journal and if you do it through system D, it just attaches. Standard out to the journal, like I haven't really dug into that. So it may be equivalent. when it's running under system D, then it may be a, you\u2026\n\n00:45:00\n\nDaniel Walsh: Then. But that wouldn't make that would not make sense of that passed through.\n\nLance Lovette: one of the other\n\nDaniel Walsh: That I thought pass through just meant right to stand it out standard error and all inside a unifile. But I might be mistaken. Matt, do you know?\n\nMatt Heon: That is definitely the intention pass through is basically it will have CON monologue directly to standard out standard error and since Systemd is monitoring commodity will print it directly to the journal? The intention Giuseppe is the one who added it. So I don't want to speak for necessarily because I'm not a hundred percent of why it's there, but I believe the attention was better integration into what they call it better integration with podme and inside a System D unit in certain circumstances but I'm not completely aware of what those circumstances are. There's also happened in a much earlier time at the life of the journal log driver At that point we were not well integrated with basically the journal log driver was not logging to the same.\n\nMatt Heon: You get logs, but they wouldn't show up as the associated with the unit in question, I think that has been fixed since. So it might be that some of the reasons we're using it to have gone away, I will say it, certainly simpler than the Journalty log driver and probably a lot more performance.\n\nDaniel Walsh: Yeah, I think that one of the problems would pass through is that if you do a pod, man logs then you don't see it anymore, right?\n\nLance Lovette: All right, well, maybe I'll play around with it and\n\nDaniel Walsh: But the most most likely Lance what I would say is, if you like it, what? Journal D. I would stick with General Day and not just pass through because when that Would my only thing is is if I do a status of the unit file or journal control dash u of the unit file. Do I see the the data that's coming out of the container? You know,\u2026\n\nLance Lovette: Right, right? Because now I'm trying to think.\n\nDaniel Walsh: then I would if that works with journal journal, then that's, that, probably all you really care about. So, I would just\u2026\n\nLance Lovette: Right. Yeah,\u2026\n\nDaniel Walsh: because then part\n\nLance Lovette: because I guess I guess there's some interaction with Kanmon there. Yeah, I'm not sure\u2026\n\nDaniel Walsh: Yeah.\n\nLance Lovette: who exactly is tagging. Entries with all the variables that toddman attaches.\n\nDaniel Walsh: Could you basically when you run Pod, man as a When you run pod man inside of System, D unit file and podman goes away. What system D is watching is konmon\n\nDaniel Walsh: if cotton on outputs any standard out, a standard error, that's sort of what a traditional service would do. Instead of a system to unit, follow if Con Mohan is writing directly to the journal, Then, I'm not sure if you see that, you see the same behavior, as if it was right into, stand it out and standard error. That, that would be my question.\n\nLance Lovette: Right. Yeah, it's interesting. Yeah, I mean yeah, like I said, me at the moment I get I kind of got once I fixed the Python syslog thing. It's working the way I like it to. So All right,\u2026\n\nDaniel Walsh: Yeah. We're all about flexibility here, but\n\nLance Lovette: good. yeah, all those play with it and it probably is like I said journal D's been around a while so probably some of it's been Alleviated in the last couple of years. Thanks.\n\nDaniel Walsh: yeah.\n\nTom Sweeney: Okay, any other questions or discussions? And close to the end of the meeting.\n\nTom Sweeney: I'm not hearing anything, so I'm just going to give a quick reminder for our next meetings. Our next community meeting is on Tuesday, June 6th. So that's just around the corner a couple weeks from now right after holiday in the US and then our cabal meeting will be on June 15th. And both of those meetings will be at 11, a clock. June 15th is Thursday in the Community Institute Tuesday. And so, for puzzle topic, we already have two lined up. One is the IPSS integration that Anders was talking about earlier. And then also, some more talks about the App Store. If anybody has any other topics, please let me know. These are through the hacking, these scripts, we're hacking deep site or by saying me an email, so any other questions or comments before I turn off the recording here?\n\nTom Sweeney: Right, well then, thank you for coming today and turn off the recording.\n\nTom Sweeney: and it is stopped anything you want to say before without being recorded,\n\n00:50:00\n\nTom Sweeney: Silent group about. Let's go to lunch dinner. Enjoy the rest of my holiday. If you're in Europe. Right. All thanks.\n")))}Ro.isMDXComponent=!0;const Jo={},Oo="Podman Community Meeting Notes",Fo=[{value:"June 6, 2023 11:00 a.m. Eastern (UTC-5)",id:"june-6-2023-1100-am-eastern-utc-5",level:2},{value:"Attendees ( 40 total)",id:"attendees--40-total",level:3},{value:"Topics",id:"topics",level:3},{value:"Meeting Start: 11:04 a.m. EDT",id:"meeting-start-1104-am-edt",level:2},{value:"Video Recording",id:"video-recording",level:3},{value:"ChRIS project running in Podman via Podman desktop",id:"chris-project-running-in-podman-via-podman-desktop",level:2},{value:"Jennings Zhang and Rudolph Pienaar",id:"jennings-zhang-and-rudolph-pienaar",level:3},{value:"(1:20 in the video)",id:"120-in-the-video",level:4},{value:"Podman Desktop v1.0 Update",id:"podman-desktop-v10-update",level:2},{value:"Stevan LeMeur",id:"stevan-lemeur",level:3},{value:"(30:25 in the video)",id:"3025-in-the-video",level:4},{value:"Podmansh Demo",id:"podmansh-demo",level:2},{value:"Lokesh Mandvekar",id:"lokesh-mandvekar",level:3},{value:"(41:29 in the video)",id:"4129-in-the-video",level:4},{value:"Podman v4.6 Demo",id:"podman-v46-demo",level:2},{value:"Matt Heon",id:"matt-heon",level:3},{value:"(44:47 in the video)",id:"4447-in-the-video",level:4},{value:"Open Forum/Questions?",id:"open-forumquestions",level:2},{value:"(50:06 in the video)",id:"5006-in-the-video",level:4},{value:"Topics for Next Meeting",id:"topics-for-next-meeting",level:2},{value:"Next Meeting: Tuesday, August 1, 2023, 11:00 a.m. Eastern (UTC-4)",id:"next-meeting-tuesday-august-1-2023-1100-am-eastern-utc-4",level:2},{value:"Next Cabal Meeting: Thursday, June 15, 2023, 11:00 a.m. Eastern (UTC-4)",id:"next-cabal-meeting-thursday-june-15-2023-1100-am-eastern-utc-4",level:2},{value:"Meeting End: 11:59 a.m. Eastern (UTC-4)",id:"meeting-end-1159-am-eastern-utc-4",level:3},{value:"Google Meet Chat copy/paste:",id:"google-meet-chat-copypaste",level:2},{value:"Raw Google Meet Transcription",id:"raw-google-meet-transcription",level:2}],Go={toc:Fo},Uo="wrapper";function Yo(e){let{components:t,...n}=e;return(0,me.kt)(Uo,(0,K.Z)({},Go,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-meeting-notes"},"Podman Community Meeting Notes"),(0,me.kt)("h2",{id:"june-6-2023-1100-am-eastern-utc-5"},"June 6, 2023 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h3",{id:"attendees--40-total"},"Attendees ( 40 total)"),(0,me.kt)("p",null,"Aditya Rajan, Ashley Cui, Banu Ahtam, Brent Baude, Chetan Giradkar, Christopher Evich, Ed Haynes, Ed Santiago Munoz, Gerry Seidman, gideon pinto, Hyuk Jin Yun, Jake Correnti, Jean-Francois Maury, Jennings, Jennings's Presentation, Lance Lovette, Leon Nunes, listener, Lokesh Mandvekar, Lokesh Mandvekar's Presentation, M\xe1ir\xedn Duffy, Mark Russell, Martin Jackson, Matt Heon, Miloslav Trmac, Mohan Boddu, Nalin Dahyabhai, Navaneeth krishna, Nezih Nieto Gutierrez, Paul Holzinger, Preethi Thomas, Rudolph Pienaar, sandip samal, Shion Tanaka (\u7530\u4e2d \u53f8\u6069), Stevan Le Meur, Stevan Le Meur's Presentation, Sungmin You, tasmiah chowdhury, Tim deBoer, Tim Rudenko, Tom Sweeney, Tom Sweeney's Presentation, Urvashi Mohnani"),(0,me.kt)("h3",{id:"topics"},"Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"ChRIS project running in Podman via Podman desktop - Jennings Zhang and Rudolph Pienaar"),(0,me.kt)("li",{parentName:"ol"},"Podman Desktop v1.0 Update - Stevan LeMeur"),(0,me.kt)("li",{parentName:"ol"},"Podmansh Demo - Lokesh Mandvekar"),(0,me.kt)("li",{parentName:"ol"},"Podman v4.5 Demo/Talk - Matt Heon")),(0,me.kt)("h2",{id:"meeting-start-1104-am-edt"},"Meeting Start: 11:04 a.m. EDT"),(0,me.kt)("h3",{id:"video-recording"},"Video ",(0,me.kt)("a",{parentName:"h3",href:"https://www.youtube.com/watch?v=65pE8RhCK5w&t=116s"},"Recording")),(0,me.kt)("h2",{id:"chris-project-running-in-podman-via-podman-desktop"},"ChRIS project running in Podman via Podman desktop"),(0,me.kt)("h3",{id:"jennings-zhang-and-rudolph-pienaar"},"Jennings Zhang and Rudolph Pienaar"),(0,me.kt)("h4",{id:"120-in-the-video"},"(1:20 in the video)"),(0,me.kt)("p",null,"Demo (1:35 in the video)\nShowed a picture of a fetus in a Woman's uterus. Using a lot of niche software to put the project together. It uses a Hybrid Cloud Architecture. Jennings has been using Podman Desktop for working on the project. He's a project that has yaml files that can be used by POdman Desktop. When he uses a Kubernetes manifest, he uses a script to concatenate all of his yaml's into one, and replaces key values within the concatted Yaml, replacing the Podman socket with the value from Podman info. Then the Yaml is fed into Podman Desktop."),(0,me.kt)("p",null,"It does take a minute or two to start due to init time, mostly database related."),(0,me.kt)("p",null,"It creates a number of pods, including the ChRIS pod and a ChRIS UI. It also runs ChRISmatic to do a number of setup items. He showed the Pods in the Podman Desktop and then opened up the ChRIS UI."),(0,me.kt)("p",null,"Within the UI he dispatches containers to Podman, and it goes ahead and runs it for him."),(0,me.kt)("p",null,"The UI interface allows him to build a string to be sent to the Podman socket."),(0,me.kt)("p",null,"The entire ChRIS system runs on Podman Desktop."),(0,me.kt)("p",null,"Brent asked what Podman can do better for ChRIS. So he wants to make sure that containers can be locked down. He'd also like to be able to look into the CLI at the container level from Podman Desktop."),(0,me.kt)("p",null,"A Yaml file is crafted to use as a file to run the project. That's key to them. The other thing of interest is how to deploy models of AI. There's a gulf between the Data Scientist and the Developer. They are working to shrink that gulf, and Podman is helping with that."),(0,me.kt)("p",null,"Stevan liked seeing how Desktop is being used by the project."),(0,me.kt)("p",null,"Jennings rolled back to an earlier version of ChRIS and showed how the Podman interface was used to run it."),(0,me.kt)("p",null,"The old bash scripts were up to 4 or 5K lines long. The YAML pipelines to do a fetal brain study uses declarative Yaml which is easier to comprehend by both Data Scientist and the Developer."),(0,me.kt)("p",null,"ChRIS uses OpenShift for its computing, but unfortunately, their server was down for maintenance."),(0,me.kt)("p",null,"They went from Docker Compose to this setup. Docker Compose was easier due to it being insecure, so great for development. Changing to Podman, they had to deal with the socket rather than the daemon. There were also some initial problems with rootless."),(0,me.kt)("p",null,"Also, the Kube commands didn't respawn as Kubernetes did, so he has to manually restart."),(0,me.kt)("h2",{id:"podman-desktop-v10-update"},"Podman Desktop v1.0 Update"),(0,me.kt)("h3",{id:"stevan-lemeur"},"Stevan LeMeur"),(0,me.kt)("h4",{id:"3025-in-the-video"},"(30:25 in the video)"),(0,me.kt)("p",null,"The last demo Stevan thought was a great use of Podman Desktop."),(0,me.kt)("p",null,"Showed pod view and volume views. Took a container, ran it inside of a pod after creating the pod, then ran it locally with Podman. He was then able to create a new kind cluster, and pushed an image from there into the cluster. He then deployed the pod into the kind cluster."),(0,me.kt)("p",null,"A new set of extensions have been added to v1.0, adding compatibility with Docker, Lima, Openshift Local, and Kind. You can also make use of Microshift."),(0,me.kt)("p",null,"Podman Desktop is available and free now. You can get it from ",(0,me.kt)("a",{parentName:"p",href:"https://podman.io"},"https://podman.io")," and ",(0,me.kt)("a",{parentName:"p",href:"https://podman-desktop.io."},"https://podman-desktop.io.")," You can create issues and contribute on GitHub."),(0,me.kt)("p",null,"Lots of positive feedback at Summit on Podman Desktop."),(0,me.kt)("p",null,(0,me.kt)("a",{parentName:"p",href:"https://developers.redhat.com/articles/2023/05/23/podman-desktop-now-generally-available#why_use_podman_desktop"},"https://developers.redhat.com/articles/2023/05/23/podman-desktop-now-generally-available#why_use_podman_desktop"),"_"),(0,me.kt)("h2",{id:"podmansh-demo"},"Podmansh Demo"),(0,me.kt)("h3",{id:"lokesh-mandvekar"},"Lokesh Mandvekar"),(0,me.kt)("h4",{id:"4129-in-the-video"},"(41:29 in the video)"),(0,me.kt)("p",null,"podmanssh - used in conjunction with quadlet. He showed out to ssh into a demo user on a Fedora machine, and it brought him into RHEL. Open PR: ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/pull/18739"},"https://github.com/containers/podman/pull/18739")),(0,me.kt)("h2",{id:"podman-v46-demo"},"Podman v4.6 Demo"),(0,me.kt)("h3",{id:"matt-heon"},"Matt Heon"),(0,me.kt)("h4",{id:"4447-in-the-video"},"(44:47 in the video)"),(0,me.kt)("p",null,"4.6 and maybe 4.7 out this summer."),(0,me.kt)("p",null,"4.6\nbug fixes, podman machine and qudalet updates. Sqlite as backend."),(0,me.kt)("p",null,"Working on final pieces with Netavark,. For machine two new hypervisors in flight, hyperv in Wiendos, and native mac. Both a WIP at this time, but progress nicely. Needs to get into Fedora CoreOS. A lot of that code will potentially be in v4.6. IOfs working on Apple, relatively speedily."),(0,me.kt)("p",null,"Working our documenting plans"),(0,me.kt)("p",null,"Brent will be looking for testers, but it's not quite ready at the moment due to ignition work that's ongoing and also socket mapping which hasn't been completed."),(0,me.kt)("h2",{id:"open-forumquestions"},"Open Forum/Questions?"),(0,me.kt)("h4",{id:"5006-in-the-video"},"(50:06 in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Experimental storage getting moved forward how to make it happen. Brent needs to look into this further. Gerry said it's deployed and works, he thinks s some documentation needs to be added.")),(0,me.kt)("h2",{id:"topics-for-next-meeting"},"Topics for Next Meeting"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Quadlet Demo - Dan Walsh")),(0,me.kt)("h2",{id:"next-meeting-tuesday-august-1-2023-1100-am-eastern-utc-4"},"Next Meeting: Tuesday, August 1, 2023, 11:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h2",{id:"next-cabal-meeting-thursday-june-15-2023-1100-am-eastern-utc-4"},"Next Cabal Meeting: Thursday, June 15, 2023, 11:00 a.m. Eastern (UTC-4)"),(0,me.kt)("h3",{id:"meeting-end-1159-am-eastern-utc-4"},"Meeting End: 11:59 a.m. Eastern (UTC-4)"),(0,me.kt)("h2",{id:"google-meet-chat-copypaste"},"Google Meet Chat copy/paste:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"You11:05\u202fAM\nhttps://hackmd.io/fc1zraYdS0-klJ2KJcfC7w\nJean-Francois Maury11:16\u202fAM\nThat is awesome\nTim deBoer11:16\u202fAM\n+1\nStevan Le Meur11:26\u202fAM\nSuper cool!\nMark Russell11:26\u202fAM\ntook the words out of my mouth, Stevan!\nLokesh Mandvekar11:27\u202fAM\nquadlet demo might not happen today\ndan's not on the call\nStevan Le Meur11:28\u202fAM\nHave you tried OpenShift Local extension available with Podman Desktop?\nYou11:30\u202fAM\nYeah, no quadlet, Dan sent me a note just after we started.\nBrent Baude11:32\u202fAM\n@urvhashi, can you comment here?\nUrvashi Mohnani11:34\u202fAM\n@brent I stepped away for a min and missed this\nYou11:42\u202fAM\nLokesh, how long will your demo/talk be about?\nLokesh Mandvekar11:42\u202fAM\nmaybe 5 mins\nStevan Le Meur11:43\u202fAM\nhttps://developers.redhat.com/articles/2023/05/23/podman-desktop-now-generally-available#why_use_podman_desktop_\nMark Russell11:44\u202fAM\nawesome update\nBrent Baude11:48\u202fAM\nwe need to do 2\nStevan Le Meur11:54\u202fAM\nTOON of things happening in Podman community right now!!!\nMark Russell11:54\u202fAM\n+1\nPreethi Thomas11:55\u202fAM\n+1\nM\xe1ir\xedn Duffy11:55\u202fAM\n+999\nPreethi Thomas11:55\u202fAM\nlol\nStevan Le Meur11:55\u202fAM\nGet podman up and adopt a seal !!\nM\xe1ir\xedn Duffy11:58\u202fAM\nthanks Jennings and Rudolph for coming :) great preso!!!\nPreethi Thomas11:58\u202fAM\nGrreat stuff\nShion Tanaka (\u7530\u4e2d \u53f8\u6069)11:59\u202fAM\nthanks\nieq-pxhy-jbh\n")),(0,me.kt)("h2",{id:"raw-google-meet-transcription"},"Raw Google Meet Transcription"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Tom Sweeney: The spinning cycles and It Looks Like It stopped. So I will welcome everybody. Today to the Podman Community Meeting Today. Thursday June 6th 2023.\nStevan Le Meur: Krishna.\nTom Sweeney: We have a large list of things to go through today. First thing that we're going to be looking at, is the Chris Project learning and podman via podman desktop from Jennings, Zinc, and Rudolph. Can you Allen? I hope I didn't butcher either of your names there for that one. Matt in, we'll be talking about the problem and 4.5, And then Dan Walsh if he's here, I'm not sure, there's kind of some question about whether or not to be able to make it today, we'll be doing a quadlet demo.\nTom Sweeney: And then the plug-in desktop, 1.0 update will be given my stuff on them here and then a portman sh demo will be given by Lokesh at the end. So we've got a pre-fold day, we will have time for questions if you have some and with all that I think I'm going to just all mine folks that we have a hack MD script, which I'll put a link to in the chat. If you I will be taking notes there. If you see that, I done something badly in the notes, please feel free to Ed and presenters. If you have links or such that you want to make sure that we have, the notes that will be posted later on the website. Please go ahead and add those to the hack. Empty. Yes we go on. So I'm going to stop presenting now and head it over to Jennings. It's gonna be talking about the curse projects.\nJennings: All right. Hi everyone.\nJennings: Alright, so my name is Jennings and I'm supervised by my Pi Rudolph Pienaar together. We're working on the Chris project at the Boston Children's Hospital. And our lab does a lot of research on fetal imaging and also newborn imaging where we use MRI to study very young patients. And so what you see on screen here is an example of what a fetus MRI looks like, while it's still in the pregnant mother seers. To do this kind of research. We need a lot of niche open source software because it's a very specialized division of medicine. And so,\nJennings: What we're working on the Chris project is helping to orchestrate the digital cyber infrastructure to actually be able to run these open source pipelines just to give a brief example of what one of these pipelines may be. We have a fetal MRI processing pipeline, which is going to take all of these multiple in Europe, images of varying quality. It's going to try to use some image processing. Algorithms such as masking and quality assessment to, finally be able to reconstruct these multiple in utero images into one high quality. Cropped volume. And what we can do, with these processed data, is we can try to quantify metrics of the brain. While it's developing in utero and this is what a fetal brain looks like. While it's still developing at 25 weeks of gestational age through 32, justational weeks of age,\nJennings: Using these open source tools. We are able to measure the growth of specific parts of the brain as well. And look at the trends as the pregnancy continues. And so the infrastructure that we have at the Boston Children's Hospital is, of course, we have these scanners. We also have open. Sorry. Not we have Some high performance computing centers. And we also have the office space where our researchers sit and what the crisp project does is it connects all of these things together. Uh, researchers can be at their desks looking at the Chris user interface, and they're able to dispatch computational jobs to both our internal high performance computing center. And we're also able to ship jobs out to our public clouds as well with the hybrid cloud architecture.\nJennings: And so that's a quick demo of or sorry. A quick introduction on what the Chris project is, something that I've been working on recently, is being able to run Chris on podman and especially using podman Desktop So, I'll jump it up.\nJennings: We have a github repository called Minicrisk Eights. And inside of here, we have several Kubernetes manifests aka Yamls and I also have a wrapper script called Minicris.sh. And what this wrapper script is going to do is it's going to bring together these animal files into something that can be consumed by podman desktop. Let's open up carbon and desktop.\nJennings: Alright, here it is. I don't have many containers running, I'm just going to delete the sky.\n00:05:00\nJennings: all right, when you want to run a Kubernetes, Manifest using Podman Desktop It Assets, a single Kubernetes file. I have my Kubernetes manifests organized as multiple Yaml files here. So this wrapper script called Mini Christ.sh is going to do two things. It's just going to simply concatenate all of my Yamls together, and it's also going to perform a said command to just replace some of the values. One key value that it needs to replace. We can take a quick look at it.\nJennings: Yeah, so the function that I'm going to run is going to call be called minicrescat All it's doing is it's going to be concatenating. All of my yaml files and then it's going to be performing a set operation on to these variables. And that's just going to replace the hard-coded podman socket address with what's actually going to be running on my system, obtained from the podman Info command. Let's try that.\nJennings: And it's just going to spit the yellow out to my standard out and I'll type it into a file. And now this file called Chris All-in-one by EML can be loaded into Podman Desktop.\nJennings: As it says here with podman desktop. This Play Queue. Command can take a few minutes to complete. And the reason why is because podman behind the scenes is going to be starting the defined services and deployment sequentially. It's also going to try running in its containers which does things like database initialization and that's going to take a little while Another functionality of my monolithic script over here. Is that it can monitor podmin for init containers. So\nJennings: that finished faster than I expected it to. I was going to say that we can look at what the unit containers are doing, but it seems like everything's up already, so let's just keep going. Yeah. So we can see we have a bunch of pods here we have. What's known as the Cube Pod? And that's our Chris backend. We have PF Khan, which is another Chris service that handles the compute that might be dispatched by Chris. We have the Chris UI which we'll take a look at later. That's our user interface. before we can take a look at Chris, I have a script called Prismatic Prismatic, which I can also run using podman, is going to initialize the Crist system with some information and that's going to create some users for testing purposes, and it's also going to\nJennings: Add some programs or what we call, Christopher's plugins to the crisp system. And you can see that this mini Crits.sh chrismatic subcommand is just a podman run alias and it's going to run a new container as part of the cubed pod.\nJennings: It's just going to run the charismatic command within the charismatic container. What that does is it reads a file called Prismatic.yaml to put a bunch of data into our Chris backend. And so what it's done here is it's created a super user called Chris and that's going to be a user that will log in as in a quick moment and it has registered a few simple programs for us to try running. To access the user interface. We can see that it's running over here on podman desktop. These logs say that it's running on port 3000 though. The port 3000 is mapped onto the host Port 8020, I believe yeah.\nJennings: So, let's take a look.\nJennings: This is the Chris user interface and from here, what we're able to do is you can click Login.\nJennings: And yeah. Great new analysis.\nJennings: In Chris, we have computational experiments organized as separate analyzes. And what I'm doing here is I'm going to create a new analysis with some uploaded data.\n00:10:00\nJennings: And now it's happening, is once I've uploaded the data into the Chris system, we can see it running in this Kris UI and I can choose to run more plugins here. When I choose to run a plugin such as this one of Click Add node, it's going to dispatch a container to podman and podman is going to run it. So if I'm lucky if I type Admin PS then it'll show the container running. I have to be kind of fast.\nJennings: I guess I lied about being the fast part.\nJennings: It always breaks during demos. I have no idea why this guy ran but this guy doesn't I'll just try it again.\nTom Sweeney: The demographic, strong.\nJennings: I'll just\nJennings: What was that? Yeah, they are.\nTom Sweeney: The demo gods are strong.\nJennings: I can do another quick explanation of what's happening here. And what's happening here is This user interface is pretty much. Helping me build a command line. string that is eventually going to be forwarded to the podman socket and so,\nJennings: This program that I'm trying to run called Simple DS. App is just a demonstration program. We have other programs as you've seen for imaging analysis and medical research. I'm just going to pass a command line parameter here, called Sleep length. 10 because I wanted to sleep for 10 seconds. Oh no, this guy failed.\nJennings: I feel like this one's also gonna fail, but yeah. Sadly, the demo gods have kicked us this time.\nJennings: Well, that's mostly what we have here. We have the entire care system running in Admin, Desktop any questions?\nBrent Baude: Yeah, I have a few.\nBrent Baude: I'm curious. Is there anything that podman could do? That would make this easier for you.\nJennings: Yeah. So Several things podman has pretty much innovated in the space of rootless containers and that's great because Chris is concerned about security and we need to make sure that these plugins aren't going to do anything malicious and if they do something malicious they can't break out of that. Container jail. a second thing is one of the key innovations of the Chris project itself, is that Chris plugins, unlike some other. Systems for computational research. Aims to be simple for developers. And I should be able to look at a terminal you here.\nJennings: I'm not sure if you guys are familiar with the App Trainer command app. Tanner is a another container runtime similar to Docker apartment. And friends. But this obtainer command could also just be a podman command and podman would be a great candidate for having people be able to run these analyzes on their own systems. Because oddman is rootless and or podman supports rootless mode.\nRudolph Pienaar: If I can just quickly jump in with a meta comma to observation here. So you guys all hear me is my mic coming through. So, one of the things we're trying to do here,\u2026\n00:15:00\nTom Sweeney: Yep, bottom plants.\nRudolph Pienaar: right? Is, you know, you're so in the Chris UI beginning of like this, this connected graph of designers, So that's kind of at the heart of what we're trying to make fun, you know, distribute, right? So you can, you can construct and arbitrary complex tree of computing. where each one of those nodes is, is obviously a container and because\nRudolph Pienaar: That's a Jennings show in the beginning. You can have multiple different computing stages as you're doing, one of the things we're trying to do is to be able to publish and bundle together, the value of that computing tree. Simply and easily, right? So you can, you can describe your entire compute as a simple yaml file. Which literally is just describes the tree of computing, your almost a directed basically graph.\nRudolph Pienaar: Mostly in research. What folks, end up, folks, end up doing right. Is they construct their workflows using bash? Scripts if they get to that level, And you know, as most of us know bash scripts are horrible to try and do anything with. And most of the coding there is is literally just coming, right? You know, it's all to do with data copying from one direction to another and stuff that all goes away in a system like this, you know, leveraging Crisps which sits above, you know, something like podman or Kubernetes, whatever the case may be, all of that goes away. Which we think is can be pretty useful for reproducible, computing and science and stuff like that. And another thing which which is maybe interesting useful to point out of here is and so I was a Red Hat summit last week.\nRudolph Pienaar: There's a whole bunch of stuff, you know, about how in industry we can. You know. Deploy models of computing. Like AI models. How do we deploy them? The first, I can tell the industry model to do that. Is you take a data scientist working in Jupiter notebook. And that's all they ever do. And then an application engineer or development comes in and takes her Python Jupiter notebook and shoves it into a flask python. Framework or fast API and that fast API thing, you then go and throw on the Web and manage with Kubernetes or partner, whatever the case. and that's if you want, most people are doing and that's, there's nothing wrong with that, of course, but it just struck me that What ends up happening there is that you kind of entrenching the separation between you the primary developer like potato scientists.\nRudolph Pienaar: Where it's going to be deployed. There's a huge gulf between them. Right. The data scientists. It doesn't know anything about flasks or fast API, they want to touch that. They don't interested in doing that. But in a system that we put together over here, the The actual thing that is deployed on the Web that is managed by Partman is managed by this whole system, is pretty much the exact code that you as a data scientists. Develop. so it's so it that that Delta between your prototype. Code, and the deploy code.\nRudolph Pienaar: Is much much shallow smaller and shallower than what it, and what is the normal way? It means. So that's another innovation where I super excited about to do you, right? You can develop your stuff, you can be a data scientists. You don't even have in this case here, you don't have to know what man. We doing it all for you without scripts, but you are developing your code and you're able to deploy it locally on your own machine. And pretty much see what it would be like, in production. Skin. Anyway, that's just a quick quick. High-end plug here.\nStevan Le Meur: Well thanks a Rudolph. I think that's exactly what we are trying to to accomplisher. It's helping the developers to be able to produce locally. Things that they would run on production. So having something as close as possible from production is super critical. Who have fast turnarounds, when you are building your application. But also, when you are consuming it, as you use, just the mode in fact so wonderful. The demo is fantastic. I think, and it's really nice to see the technology being used for such cases, as well. That's, that's very nice.\nJennings: So I was able to get what I wanted to show running, which is I just rolled back to an earlier commit. That was working. So what I tried to do was I ran a second, plugin instance here. and you can see what I did was, I was trying to run this program called Simple DS up with a parameter called Sleep Length, 20. And here we can see the output in podman desktop as well. So what the cris system did was once it received the request to run a container. It handles, all of the handles fudging with the podman interface for you, And it created a container with heels and both DS up. And here's the output, I'm not sure if we'll be able to inspect it anymore. Yeah, I can't inspect that any more because Chris decided to delete the container, once it was done running, if it was still running, then you would be able to see the flags here as well.\n00:20:00\nJennings: I also wanted to just quickly show off what Rudolph was talking about. So what I was showing here was just the stages of a biomedical compute pipeline. It often involves multiple steps and multiple programs that are going to be glued together by a bash script. If you've ever done any kind of scientific computing, you would understand what I'm talking about East Bash scripts or even CSH scripts are going to be maybe 4,000 lines long of gibberish. Whereas with Chris how we organize and orchestrate, these workflows is using a yaml schema\nJennings: over to pull up. My browse organ. this is a pipeline that I've been working on, which Extracts surfaces aka just polygonal mesh, representations of the fetal brain cortex. From a reconstructed brain image and so it does some file conversions and it processes the left and right hemisphere separately. And this is specified using a declarative yaml syntax instead of bash.\nJennings: I also wanted to add to what Stevan was talking about. We have Chris deployed and targeting Openshift container platform. Unfortunately this week we were just on Lucky our\nJennings: local cloud that we use. It's called the Massachusetts, Open Cloud and the New England Research Cloud. They are doing their yearly power down maintenance. So I can't show that off though. Typically Chris is deployed on Openshift and also uses Openshift for its public compute and one of the things about podman is it makes it easy where we can have this one set of Kubernetes, DML manifests that work on both Openshift and also just locally on my desktop\nJennings: I don't know if I'm supposed to be calling on people, but hello Matt.\nTom Sweeney: Oh sure. Go ahead.\nM\xe1ir\xedn Duffy: Hi. So my question for you because I know you guys were previously using Docker compose and I just wanted to know how was the transition been kind of coming from Docker compose into this setup?\nJennings: Yeah. Um, perhaps we should I noticed next in the schedule, someone's talking about quadlet which is something that we need to look into. I'll talk about why right now actually using Docker compose is a lot easier. For not necessarily the right reasons. It's because the her compose has a Insecure by default kind of mode of operand, which is great for developers. but, One of the things that I'm curious about is just trying to enforce the principle of least privileges here, and moving into podman was more difficult because of the Damon list thing. We need a Damon to talk which is why I'm running the podman socket and also the rootlessness thing, There were a few bugs there. But in general, the experience was somewhat good.\nJennings: There are some key differences between how podman cube play works and how the actual Kubernetes system works or how Docker compose works. The two biggest discrepancies, are going to be that.\nJennings: Podman cube play. Operates sequentially. What that means is it's going to create one pod or sorry. One container at a time and that's a problem. When you have containers depending on each other, in the world of docker, compose, or Kubernetes. These containers are going to start Asynchronously meaning If the dependencies aren't resolved, they'll just restart in a few seconds. And podman. I need to do the dependency resolution myself and how that works is. I've prefixed these with numbers denoting the order in which they are dependent. So I need my config maps first. And then I need my database and Q. Services which my backend is dependent on and then I have to run my back end near the end because it's dependent on the database and rapid MQ.\n00:25:00\nJennings: Yeah, Brent.\nBrent Baude: Let me check with Tom first on time check, how are you feeling Tom.\nTom Sweeney: And we've got all just a few more minutes. I can go five more minutes but that's gonna be pushing it.\nBrent Baude: Okay, I'm curious then. So when you say that, When you say that before with, I think it was composed and it's done. Sort of asynchronously. Are you handling?\nJennings: in docker compose, it's possible to specify the dependency order of containers. And that's not a perfect solution, but it is.\nJennings: Better than sequential.\nBrent Baude: Okay.\nJennings: I think it's also supported in podmin composed, but we've tried to move off of podman compose and into podman play cube.\nBrent Baude: Okay.\nJennings: So what you can see is when I'm running the Chris container over here, this is a docker compose file. I can increase the font size of it. This Chris service is defined with the auctions depends on, and the pens on is a list of other services, which must be started before the Chris service. This is good because we can make sure that these other services at least exist prior to Chris. This isn't a complete solution, because even though the containers themselves exist, these service might not be ready to accept connections yet, but still docker, composes able to figure out the dependency order and then start these both.\nJennings: Asynchronously. And in the order that would satisfy the dependency tree with podman currently, the dependency resolution must be handled manually. This is also somewhat deviant from the communities spec. I'm not sure if it's part of the Kubernetes spec, but I would assume. So that every resource specified in a yaml file, Or sorry, the order of resources specified in a yaml file, should not matter. So,\nJennings: What I have here is, I have a yaml file of a bunch of Kubernetes resources, they're separated by the Triple Dash syntax and in theory, or ideally the order of these services shouldn't matter. But when you're running it using podman, whether it be through podman desktop or podman cube play, the order does matter. You need to specify the dependencies before the dependence.\nBrent Baude: Okay, thank you.\nTom Sweeney: Any further questions. This has been great presentation. Great discussion.\nBrent Baude: I assume Tom has your contact information if I would want to follow up, you 'D be willing to answer some.\nJennings: Yeah. Oh, I mentioned Someone's later going to present on quadlet. I would be very interested in hearing more about quadlet because to my understanding Quad lit, is where podman uses system D as DC. Orchestrator of some sorts. And so hopefully, system D can sidestep this issue. With plodman cube in my understanding, is podman is starting these services sequentially. But if we were to define domestic D unifiles and system D does start services in parallel. I hopefully this dependency resolution problem goes away.\nTom Sweeney: Know unfortunately the speaker had to back out literally just after the meeting started. So we're not going to be discussing quality today but we can certainly get you in touch with him if you'd like to.\nBrent Baude: Who was the speaker, Tom? oh, Okay, we can. Yeah, we can do, we can arrange something for you.\n00:30:00\nTom Sweeney: Then, okay. And then not as moves, you down to the bottom of this agenda today, just so we can get to the other things too. If we don't get to the four, five update, I think we can get by without that. So next. Okay, next up. Step on me and just stop update.\nStevan Le Meur: Yeah. So I I think the demo that was just done by Jennings was a, just a very clearly illustration of how pen mendes that could be leverage for helping streamlining, container walkthroughs and streams. Most and if you can developer experience so this is great introduction. I will say so on, I'm going to share my skin. So we just announced the version 1.0 of Batman Desktop and We are really two weeks ago.\nStevan Le Meur: In this version, as you might already know, we provide a user friendly interface for managing containers and working with Kubernetes directly from the local developer machine. So that's a bunch of things that we are trying to, to do from a component desktop, like abstracting the setup and the configuration of the entire container tooling. So you can create your appointment machine directly from the UI and you have the ability to to create your machine.\nStevan Le Meur: With or without good privileges as well. And as it has been demoted as well, just capabilities to play Kubernetes yamls directly from from the UI. So you can see your buds you can see The logs, you can interact with. we said with each of the containers, And you can get the Kubernetes manifests for. Somewhere. Oh, you applications. So you can easily test that onto. Onto a unto donuts around. So I can take A container.\nStevan Le Meur: And I can say, Hey I want to run this container inside of a bud so I can create a pod on my container. I need locally with a man. and then, once I have this this environment, which is a, which is running, Once I have my bud running locally with Batman, I can easily deploy that onto Kubernetes environment. So I can test it on two different Kubernetes around and right now. From Batman Desktop, you can create a kind cluster which is a Kubernetes. Christopher running in input, man. So you can create the cluster.\nStevan Le Meur: You will, you will have that NDF there are after a few seconds, a few few minutes depending on the on the network. And when you are in the context of of your bird and your images, you will have the ability to easily insight with the cluster so you will have the ability to push an image that you build locally. With Batman and you will be able to push that image directly onto the gain cluster. To use it into a deployment or into service that you you want to try out locally? So, this is one step. One step further in some sense.\nStevan Le Meur: Once you have your game cluster, it appears as a container in your list of container. So I have it here in you. I can see the logs. And what's pretty interesting is that I can also directly from the here. I can also interact directly with a research there so I can Also, do a computer comment directly from the from here. So if I have my bud that I just create I can say, Hey, I want to deploy. That bird onto my chemical stuff so it's you use a superman coming to generate the Kubernetes manifests.\n00:35:00\nStevan Le Meur: And and then it selects the Kubernetes context and I can do the deployment. Of my bud directly on tour. Onto my calendar. So share, it's probably pulling the image and now engine is running and I can see my part running locally in Batman, but I can also see it running on Kubernetes kind of stuff here as well. So this has a type of workflow that you you can leverage to make make it easier for you to have your turn around and you to test your application. More easier. As well.\nStevan Le Meur: Coming with the version 1.0 we have a set of of extensions as you know, Batman Desktop. He's a, he's a it's open to multiple container online and Kubernetes distributions so that's compatibility with with the care Lima and for Kubernetes, we have integrated kind. But there's also the ability to run Openshift on your local developer environment. So you you can directly install the extension from from the screen. And once you have the application, the extension installed you can trade. An open shift, local environment. So I already have one. So, It's not going to.\nStevan Le Meur: Turn that you have the ability to configure your bunch of local with two different presets. So either you can use an open shift, local an open shift, single cluster single note, cluster on your local environment. Or you can also use a lightweight version of Openshift which is micro shift that you can run you locally. So this is what I am running. Here and you obviously ability to switch your Kubernetes context from gain. To Microshift. So, if I have An image that I want to deploy to Microshift. I can also do that directly from on the list of images. And I can.\nStevan Le Meur: Deploy. I can deploy you. Birds, I can deploy Kubernetes cmls directly onto a main micro shifter environment. We also integrated the capabilities for enabling the Docker compatibility mode. So this enable to map the docker circuit directly to to put men, but also use the command lines, that some developers may already be familiar with. So this is prettier pretty as well. So, it's available.\nStevan Le Meur: Today it's free. You can download it from a ferment desktop dota you open man.io. As well. And we are always looking for feedback and you new new ideas on things that we could be. We could be improving. So feel free to engage on the requisitory as well, so you can create issues. And you can also report feedbacks directly from within the application so you can share your experience. And tell us, what are your suggestions as well.\nStevan Le Meur: And with this, I think. I covered.\nStevan Le Meur: The Intel. On Badman Desktop 1.0. So the lunch was two weeks ago, we have been getting a very positive Feedback from from the community. We had a lot of blog posts and the media coverage but there is also\n00:40:00\nStevan Le Meur: Really announcements that we are. We published on a developers that had that come. So feel free to to give you to give a look, if you are interested, otherwise looking for hearing you your feedback and your thoughts. On the product.\nStevan Le Meur: Any questions?\nTom Sweeney: Another question but would you share the department.io site real quick? It's the fun. Yeah, just for a moment,\u2026\nStevan Le Meur: Sure.\nTom Sweeney: I just did want to mention that we have Mole here and That has been revamped greatly by her and other folks and it's looking phenomenal right now.\nStevan Le Meur: Yeah, it's the new website is looking fantastic. So kudos to to move what's been working on this quite easily and it's it's I think what Batman was deserving so, really cool to see.\nTom Sweeney: Yes, thank you. And thank you once again. Well, it really is great. all right, that we're going to move on to Lokesh talking about Paul man, shakes\nLokesh Mandvekar: All right, let me share my screen. Stevan, could you stop showings\nStevan Le Meur: Sure.\nLokesh Mandvekar: Well.\nLokesh Mandvekar: All right, I guess you can see my screen. Oh, all right, so first off, what's the problem at hand? So as a system administrator, I would like to confine each user to a predefined show environment and in that environment a user would have access to volumes and capabilities specify for that particular user. Now, what is Plug-inch? Odman SH is an executable user been augments h along with a container by the same name. I'm going to search now. This container is managed by a user quadley. With the login shell, set to the plug-in SH executable. When the user logs into the system, they enter the podmanus H container directly. Now, let me do a quick demo. So first, let's check the current user is\nLokesh Mandvekar: So that's the current user with the show set to bin Dash. Now I have created a demo user for this purpose. Now, this demo user has shell set to User bin podmanish. Also, with the user quadlet created for this demo user.\nLokesh Mandvekar: Books.\nLokesh Mandvekar: So this is a basic quadlet that's been created for the user. The image has been sent to Ubi-9 minimal. Now, let me first. See what posts I'm on. I'm on Fedora released 38. Now, I'll ssh into the system as gonna be user.\nLokesh Mandvekar: Okay. so I'm ssh in and as the user demo,\nLokesh Mandvekar: Environment is a real environment. As was specified in the bottled file. So, current status of this work, this is still working progress. There is an open PR, I'll link to it in Hack MD. Now this might get into 4.6, as a tech preview, but it should be ready for the release after 4.6. And that's my demo questions.\nTom Sweeney: Not hearing things.\nLokesh Mandvekar: All right. Yeah, Tom back to you.\nTom Sweeney: Right, Lokesh. Thank you. That's great. And Matt, do you want to give us a quick rundown? What's happening with four or five?\nMatt Heon: I honestly I think I'll just take the opportunity to go on to four six and future release plans because four five is, this point is two months old. so,\n00:45:00\nTom Sweeney: What?\nMatt Heon: Generally speaking, we are planning at least, one more release this summer, but there's still discussion going on in the team as to whether we're going to do two one end of this month and one somewhere in August, or just, just one release, which would be probably mid to late July. So we're not completely sure on this, but you were getting at least a four six and potentially a four seven by end of summer, we're hoping to firm this up and get an actual document out that will describe future release cadence at some point, but that's still being worked on as to what you can expect. And for six generally speaking improvements to podman machine, especially around Mac, and Windows improvements to quadlet and just general bevy of bug fixes that you usually gets also at some point, maybe not for six, but some point the future we are going to be making the new SQLite database back and the\nMatt Heon: Fault, still needs to be discussed if it's mature enough to do that and four, six. This should be only for new installation. So I don't expect any significant changes from user perspective, but that is something to look out for. And I think that's about it. I could go into four or five features again it's two months old and at our current cadence, that is a agent history.\nTom Sweeney: Now, that's fine by me. Brent, did you have anything to say? You look like you had something you wanted to sing?\nBrent Baude: You know, no, but I can add to it. We're currently just sort of looking at\u2026\nTom Sweeney: Okay.\nBrent Baude: what we're working on where Matt hit a lot of it. We're working on some final pieces for Netta Mark. Parody with CNI. And in terms of machine,\nBrent Baude: But I currently have two new hypervisors in flight. And one is Hyper-V. For windows. And the second is the apple hypervisor their native, one rather than c** you. Both are progressing nicely. Because their new platforms. For fedora coros, it does have to go through a rather. lengthy process and get into their release process, to where images would be automatically created.\nBrent Baude: On. But a lot of that code will be in four six and potentially for those chomping at the bit they can Check out if it fixes or solves any problems one. Very good thing. I'm happy to report is we have hurt Ilfs, working on the apple, Hypervisor part and it's quite fast.\nBrent Baude: I think that's it, Matt.\nMatt Heon: Yeah, science about right to me.\nBrent Baude: yes, of course, Stephen\nStevan Le Meur: you yeah, wanted to ask if you if you are looking for people who want to test, the the work on the I Native I advisors If you are seeking for, for more testers from the community here, I'm not yet.\nBrent Baude: I will but not yet on the hyper V side.\nStevan Le Meur: Okay.\nBrent Baude: We need we need ignition upstream to merge, and start creating some images. I could do one offs, but it's not something I like to do. The second piece is the\nBrent Baude: socket mapping. For Hyper-V is not been completed.\nBrent Baude: So, it would make it. More difficult for people to actually use in that regard on the habitable. On the apple side, we're still working out. I'm actually sort of faking out ignition right now, and that's how I'm doing the testing. But we're we're basically saying thing there, no socket mapping yet and we need mission to Merge when it works done.\nBrent Baude: And I'm going fishing next week, so it won't be in the next week.\nTom Sweeney: Don't catch any Celtics, please.\n00:50:00\nTom Sweeney: All right, that's it for our plan topics. We have just a few minutes left for open form. Questions, does anybody have any questions or comments? They want to make\nBrent Baude: We love to hear what we're not doing, right?\nTom Sweeney: yes. And also any topics that you'd like to see for the next meeting. Which I'll just say real quickly. Our next meeting is August 1st 2023. That's a Tuesday. That's first Tuesday of August, that'll be at 11:00 am again in our next ball. Meetings back up on me because you do that on the third floor you stay at the month and that's on the 15th this time around. So that'll be next Thursday. So, if you have any topics for either of those, let me know currently the quality demo will be on that list for the community meeting New August.\nTom Sweeney: I'm not hearing any other questions comments.\nStevan Le Meur: Comments. I think it's super cool. Everything that is happening in the Comet Padman community at the moment. So thanks everyone for your engagement involvement.\nTom Sweeney: All this.\nStevan Le Meur: It's amazing.\nTom Sweeney: this, it's been\nGerry Seidman: actually, if I can at the 11th hour, ask questions, I actually met with Ben\u2026\nTom Sweeney: there.\nGerry Seidman: At Red Hat Summit and he's very aware of this stuff we're doing with a major financial that very much wants ALS if you would be ultimate layer storage. kind of,\nGerry Seidman: Whatever dancing. Just I presented the group on it, I won't be able to, I don't know if I'll put on the 15th, but what's one after the 15th, what the meeting date after the 15th?\nTom Sweeney: um, the one is there's Department of Community meeting on August 1st with this. Another one, another Cabal meeting. And if I can get my calendar up, I tell you, it's the third Thursday, in July. You don't?\nGerry Seidman: Right. Well, I'll reach out to you, then send an email between you and I, I'll follow up on that. Um, really\u2026\nTom Sweeney: Okay.\nGerry Seidman: what I would, what my curiosity is, is right now. The ALF is considered experimental and storage in the container storage. Any suggestions on decide what the things I talked with Dan about about, Moving it forward to. Not being experimental.\nGerry Seidman: Like documentation. Things like that.\nTom Sweeney: Right? Can I throw that one in your life?\nBrent Baude: Yeah, I was just waiting to see if anyone piped up. So Gerry you're the one then.\nGerry Seidman: I'm the one if you've heard about the people thinking about it. Yeah.\nBrent Baude: I heard about him.\nBrent Baude: I guess for content. I'd have to think about that. It's an interesting question. What is I'm not deeply familiar with what's held it back? Other than the fact that it's fairly new, but not a new technology, but a new ad.\nGerry Seidman: Yeah, it's it's it's deployed, it works. In the, you know, it's it's Dan suggested Da edit, you know, submitting some documentation. The only place I could imagine to document that is in the Storage.com. Man Page because nothing, there's no commands associated with it. Maybe you have some other thoughts in that. I've written that up. I just haven't submitted it yet. um, It works.\nBrent Baude: Okay.\nGerry Seidman: Um, it's really just a matter of fear of commitment.\nGerry Seidman: because, Other than myself, a group of NT.\nGerry Seidman: And then some other miscellaneous projects, I don't think anybody, I don't know how many people using it.\nBrent Baude: let me, let me get back to you, but I wondered if there were You said there was documentation and container storage.\nGerry Seidman: Now there's there is not, I I wrote some up that I can submit and\u2026\nBrent Baude: Oh, okay. Okay.\nGerry Seidman: it really just I mean if you the other technology is the, you know, the alternate image store and that literally has two lines of documentation. I wrote A couple of paragraphs, which is probably too much but\nBrent Baude: Well regardless that would be good to have.\nBrent Baude: I think, beginning the blog about it would be smart it and we can provide a blogging resource if you're interested.\nGerry Seidman: Yeah, that's good to that but if you do you have my cut contact information?\nBrent Baude: Yeah, it's in the calendar notice, I would assume.\nGerry Seidman: okay, so I don't have your contact information, so if you could ping me out response, thank you.\nBrent Baude: Absolutely.\n00:55:00\nTom Sweeney: Right. Folks, unless there's any last questions. We're almost a time for this meeting. I'd like to very much thank all the presenters today for coming in and showing off the substance of fascinating. Look for a lot of things today. And again, we'll be meeting next on August 1st and then on July 20th. June 15th and July 20th. But I'm gonna stop the recording.\nTom Sweeney: And anybody wants to say anything and not be recorded. Otherwise, let's go to lunch.\nStevan Le Meur: Boost.\nGerry Seidman: In 30 days.\nTom Sweeney: All right, folks. Have a great day. Thanks so much.\nMeeting ended after 00:56:17 \ud83d\udc4b\n")))}Yo.isMDXComponent=!0;const zo={},qo="Podman Community Cabal Meeting Notes",Vo=[{value:"June 15, 2023 11:00 a.m. Eastern (UTC-5)",id:"june-15-2023-1100-am-eastern-utc-5",level:2},{value:"Attendees:",id:"attendees",level:2},{value:"June 15, 2023 Topics",id:"june-15-2023-topics",level:2},{value:"Meeting Notes",id:"meeting-notes",level:3},{value:"Additional Layer Storage (ALS) (0:57 in the video) - Gerry Seidman",id:"additional-layer-storage-als-057-in-the-video---gerry-seidman",level:3},{value:"AuriStorFS - The cloud file system for the 21st century",id:"auristorfs---the-cloud-file-system-for-the-21st-century",level:4},{value:"Containers as Software Deployment",id:"containers-as-software-deployment",level:4},{value:"Container Storage",id:"container-storage",level:4},{value:"Additional Image Storage (AIS)",id:"additional-image-storage-ais",level:4},{value:"Additional Layers Storage (ALS)",id:"additional-layers-storage-als",level:4},{value:"AuriStor Container Accelerator (ACA)",id:"auristor-container-accelerator-aca",level:4},{value:"Qustions",id:"qustions",level:4},{value:"ipfs integration into Podman - Anders Bj\xf6rklund",id:"ipfs-integration-into-podman---anders-bj\xf6rklund",level:3},{value:"Open discussion (54:45 in the video)",id:"open-discussion-5445-in-the-video",level:3},{value:"Next Meeting: Thursday, July 20, 2023, 11:00 a.m. EDT (UTC-5)",id:"next-meeting-thursday-july-20-2023-1100-am-edt-utc-5",level:3},{value:"Possible Topics",id:"possible-topics",level:2},{value:"Next Community Meeting: Tuesday, August 1, 2023, 11:00 a.m. EDT (UTC-5)",id:"next-community-meeting-tuesday-august-1-2023-1100-am-edt-utc-5",level:3},{value:"Possible Topics:",id:"possible-topics-1",level:3}],Ko={toc:Vo},Zo="wrapper";function Qo(e){let{components:t,...n}=e;return(0,me.kt)(Zo,(0,K.Z)({},Ko,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-cabal-meeting-notes"},"Podman Community Cabal Meeting Notes"),(0,me.kt)("h2",{id:"june-15-2023-1100-am-eastern-utc-5"},"June 15, 2023 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h2",{id:"attendees"},"Attendees:"),(0,me.kt)("p",null,"Ashley Cui, Chetan Giradkar, Christopher Evich, Daniel Walsh, Ed Santiago Munoz, Gerry Seidman, Gerry Seidman's Presentation, Giuseppe Scrivano, Jake Correnti, Lokesh Mandvekar, Martin Jackson, Matt Heon, Miloslav Trmac, Mohan Boddu, Nalin Dahyabhai, Paul Holzinger, Preethi Thomas, Tom Sweeney, Tom Sweeney's Presentation, Urvashi Mohnani, Valentin Rothberg"),(0,me.kt)("h2",{id:"june-15-2023-topics"},"June 15, 2023 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Additional Layer Storage (ALS) - Gerry Seidman"),(0,me.kt)("li",{parentName:"ol"},"ipfs integration into Podman - Anders Bj\xf6rklund to kick off")),(0,me.kt)("h3",{id:"meeting-notes"},"Meeting Notes"),(0,me.kt)("p",null,"Video ",(0,me.kt)("a",{parentName:"p",href:"https://youtu.be/GYrFHoYtXDA"},"Recording")),(0,me.kt)("p",null,"Meeting start 11:02 a.m. Thursday, June 15, 2023"),(0,me.kt)("h3",{id:"additional-layer-storage-als-057-in-the-video---gerry-seidman"},"Additional Layer Storage (ALS) (0:57 in the video) - Gerry Seidman"),(0,me.kt)("p",null,(0,me.kt)("a",{parentName:"p",href:"./AuriStor-ACA-PodmanCabal.pdf"},"Slides")),(0,me.kt)("p",null,"What is AuriStorFS\nFraming the Problem ACA Solves\nAdditional Image Store AIS\nAlternate Layer Storage ALS\nThe AuriStor Container Accelerator ACA"),(0,me.kt)("h4",{id:"auristorfs---the-cloud-file-system-for-the-21st-century"},"AuriStorFS - The cloud file system for the 21st century"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Global Namespace\nAccess Transparent\nSecure\nCache Consistency\nPlatform Independent\nAFS Volumes as Policy Containers\nHigh Availability\nWorks Well over WAN as well as LAN\nBoundless Scalability\nHybrid/Multi-Cloud\n")),(0,me.kt)("p",null,"Works with Fedora 31 and higher"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"ls /afs\ndnf install -y -q kafs-client\nsystemctl start afs.mount\nls /afs/cern.ch\n")),(0,me.kt)("p",null,"Platform independent"),(0,me.kt)("p",null,"Volume are rooted directories"),(0,me.kt)("p",null,"Examples of Volumes\nRead Only - Machine Learning, Application Binaries, Configuration files, Static Web Content\nRead/Write - Business Documents, User Home Directories, Logs"),(0,me.kt)("p",null,"Volumes are the units of Management and Policy\nAFS Volumes are named\nSpecial volume named root.cell\nVolume Directories can link to other volumes"),(0,me.kt)("p",null,"Mounting Volumes to Local File System\nDirect Mount\n\u2022 ",(0,me.kt)("inlineCode",{parentName:"p"},"mount --bind /afs/.@mount //"),"\n\u2022 ",(0,me.kt)("inlineCode",{parentName:"p"},"ln \u2013s /afs/.@mount//"),'\nDynamic Mounting\nAFS Client side "Dynamic Root"'),(0,me.kt)("p",null,"Every Volume is really an Object Store\nLocal Cache Consistency"),(0,me.kt)("h4",{id:"containers-as-software-deployment"},"Containers as Software Deployment"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Container has root file system, and you can push/pull the image.\n")),(0,me.kt)("p",null,"Costs of pulling a container image\nClock Time\nNetwork bandwidth\nCPU and I/O time spent\nDisk space"),(0,me.kt)("p",null,"Large Container Images are not uncommon\nPyton is 1GB\nGerry has seen 40GB sized custom made."),(0,me.kt)("p",null,"Large Containers can add up, and you can have many on a machine."),(0,me.kt)("h4",{id:"container-storage"},"Container Storage"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Configuration File\n /home/gerry/.config/containers/storage.conf\nWorking directory\n /home/gerry/.local/share/containers\n")),(0,me.kt)("p",null,"Podman Pull - object from container registry"),(0,me.kt)("p",null,"Layer files are found under 'overlay'"),(0,me.kt)("p",null,"Running a container adds the R/W layer"),(0,me.kt)("h4",{id:"additional-image-storage-ais"},"Additional Image Storage (AIS)"),(0,me.kt)("p",null,"Allows multiple ./storage instances\nImages are pulled into specified ./storage\nAt runtime, Images are search across AIS sequentially\nCan be share across users and machines"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"You can list images from multiple image stores\n")),(0,me.kt)("h4",{id:"additional-layers-storage-als"},"Additional Layers Storage (ALS)"),(0,me.kt)("p",null,"Stargz (Seekable Tar GZ)\nAttempt to solve the slow container start time\nSeekable allows lazy download of required image chunks\nRequires Augmented OCI Image"),(0,me.kt)("p",null,"Alternate Layer Sstorage (ALS)\nProvides Alternate sources for Layer content (Stargz, IPFS, AuriStorFS)\nIntercepts Layer Pull/Expand"),(0,me.kt)("p",null,"ALS Fuse Driver Plugin\nFor Layers it support the FUSE plugin will service paths in the form\n",(0,me.kt)("inlineCode",{parentName:"p"},"//")),(0,me.kt)("p",null,"Podman pull with ALS\nThe image size was reduced by quite a lot."),(0,me.kt)("p",null,"This is deployed by Podman, but is experimental. Gerry would like to get it promoted."),(0,me.kt)("h4",{id:"auristor-container-accelerator-aca"},"AuriStor Container Accelerator (ACA)"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"ACA Root satisified ALS Path 'Services'\nAuristor ACA finds AuriStor Volume\nACA Layer Volume Generator Service\n")),(0,me.kt)("h4",{id:"qustions"},"Qustions"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Can AFS volumes store extended attributes (i.e Selinux labels)? Not yet, but in a near future version.\n\nAre access controlled on the server or on the client? Yes, in a number of places, being refined and needs improvement.\n\nALS requires a huge file system, is it opensource? Depends on which you choose.\n\nIs there a tool that creates the additional layer stores? Yes.\n\nWhay ALS instead of AIS. The dynamic nature of ALS. He would have to try and figure out AIS mapping.\n\nIn the past others have said latency is a problem with AIS.\n")),(0,me.kt)("h3",{id:"ipfs-integration-into-podman---anders-bj\xf6rklund"},"ipfs integration into Podman - Anders Bj\xf6rklund"),(0,me.kt)("p",null,"Not discussed due to time and Anders not being able to attend."),(0,me.kt)("h3",{id:"open-discussion-5445-in-the-video"},"Open discussion (54:45 in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Podman v4.6 Release Update")),(0,me.kt)("h3",{id:"next-meeting-thursday-july-20-2023-1100-am-edt-utc-5"},"Next Meeting: Thursday, July 20, 2023, 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h2",{id:"possible-topics"},"Possible Topics"),(0,me.kt)("p",null,"ipfs integration into Podman - Anders Bj\xf6rklund to kick off\nPodman v4.7 and beyond update"),(0,me.kt)("h3",{id:"next-community-meeting-tuesday-august-1-2023-1100-am-edt-utc-5"},"Next Community Meeting: Tuesday, August 1, 2023, 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h3",{id:"possible-topics-1"},"Possible Topics:"),(0,me.kt)("p",null,"None Discussed"),(0,me.kt)("p",null,"Meeting finished 12:02 p.m."),(0,me.kt)("p",null,"Raw Meeting Chat:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Gerry Seidman11:02\u202fAM\nhttps://drive.google.com/file/d/1OjaARJayC-9Z3dQ0HdubWiyyzL3XFVcY/view?usp=sharing\nYou11:03\u202fAM\nhttps://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nChetan Giradkar11:03\u202fAM\nit requires access\nYou11:04\u202fAM\nGerry you';re muted.\nYou11:06\u202fAM\nQuestions in the chat please, Gerry can't hear.\nDaniel Walsh11:09\u202fAM\n:^(\nChristopher Evich11:12\u202fAM\nCan AFS volumes store extended-attributes (i.e. SELinux labels)?\nYou11:16\u202fAM\nI'll try to get him for questions at the end\nDaniel Walsh11:20\u202fAM\nAre access controlled on the server or on the client? Enforcement of who is allowed to chown.\nYou11:28\u202fAM\nFor those joining, Gerry can not hear us.\nNalin Dahyabhai11:45\u202fAM\nare your speakers muted?\nieq-pxhy-jbh\n")),(0,me.kt)("p",null,"Raw Google Meet Transcript"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Tom Sweeney: Wanting everybody today is Thursday June 15th, 2023. This is the Podman Community Cabal meeting. We'll be talking today about additional layer storage and we have Gerry's. I'm going to mess up your name. Jerry, is it Seidman?\nGerry Seidman: But I've been seidman. Yep.\nTom Sweeney: Seidman, And then after that we've got to talk that's kind of a generic talk. For Ipfs integration into Pod, Anders was going to delete at least take that off. I don't see offers. Yeah, so we'll see. And I know Dan had wanted to talk about that as well. And so I have hack MD set up where I'll be taking the notes today. If you have links or anything that you want to add to it or if you find that I've just described something in the notes, feel free to go ahead and change those as you see fit. And with all that, I'm gonna hand it over to Gerry's. Thanks for coming today. I'm not sure.\nGerry Seidman: somebody could just check the fact that works that Could be my presentation's life. if not, \u2026\nDaniel Walsh: He?\nGerry Seidman: because some people like to follow along and as PDF, I could have put them there. That's a good point. Right.\nGerry Seidman: Nobody's going to confirm or deny.\nTom Sweeney: While I was muted, which was very helpful. It's no like not.\nGerry Seidman: Did you get it?\nTom Sweeney: It says I need access. Question.\nGerry Seidman: All right, hold on. Anyone with the link? Not let me do it again.\nDaniel Walsh: and I was now we said, Yep.\nGerry Seidman: Got it. Excellent because you don't make it easier for everybody because I'm going to talk fast. I'm from New York and I have too many flights. so hi. I'm Gerry Seidman. I'm president or a store which is a company that has a security distributed file system. I'm going to talk about our core product and also going to talk about what we're doing the container space or doing for accelerating.\nTom Sweeney: Who's Gerry now?\nEd Santiago Munoz: Very immuted.\nDaniel Walsh: Gerrymuted.\nDaniel Walsh: I see infinity.\nGerry Seidman: All right. Can somebody now say, Yes Gerry. I fear flies and I hear you\nDaniel Walsh: Yes Gerry. I see your slides and\u2026\nTom Sweeney: Yes.\nDaniel Walsh: I hear you.\nGerry Seidman: Nobody. You.\nDaniel Walsh: Yes.\nTom Sweeney: we can hear you.\nGerry Seidman: Can you hear me? So I can't hear you for some reasons, but that's okay. If you have any questions. I'll jump out.\nGerry Seidman: I've got it. All right, so I'm gonna go very quickly through a lot of topics. What I'm going to talk about what is Orest or FS. I'm gonna fake frame, the problem that\nGerry Seidman: The ores will container Accelerator solves. I'm going to very very quickly talk about container storage internals which most of you should know better than me. I'm gonna talk about additional image or which Dan certainly knows better than me. Then I'm gonna talk about additional layer stores, that's a typo,\u2026\nTom Sweeney: Technology.\nGerry Seidman: It should be additional layer Stores, storage, and then finally, I'm going to talk about the order here accelerator Actually, I'm going to be talking about that interest first with a bunch of other stuff and specific to it. So our surprise the cloud process for the 21st century that's actually a joke because the orchestra file system has its roots in the Andrew file system, which predates NFS it was designed.\nGerry Seidman: Very presciently. but the reason or what our stores initial funding came from the Department of Energy and we got an SDAR to create a 21st Century Cloud file system that extends upon the AFS vision. so that's the joke in that. but it was designed to do a lot of things store on extends very much beyond what the open source AFS does and certainly what anybody who's AFS a long time ago, might\n00:05:00\nGerry Seidman: Remember but here's the kind of the high level points and I'm going to drill into some of them, A true global namespace on that actually can span organizations not just clouds access transparent. It's just a processing files again for definition. In this case, I'm talking about the part of the file system, Not block storage. it's highly secure. I'm not going to go into the security model at all, into the catch consistency model. What that means is that, There is a local cash on that, on the machine, on each client. And if something changes in the server, it's the server's responsibility to inform the client, which means to do polling because it's done properly. Little version has the things like that. The cash actually survives a regal.\nGerry Seidman: if platform independent, the clients were on pretty much everything. I'm going to talk more about I'm going to talk about evidence, volume separately, high availability works well over the win as well as the land boundless scalability and like I said, hybrid multicloud by default. I'm just focus for a minute on these because they're just what I mean by a global namespace is if you just take a fresh install of the Dora and anything over for 31, There's a bug answer 38. But if you do a fresh install you LS slash AFS there's nothing there you install the cast client, there's an upstream when it's client that's in the main clean line, as well as in many distributions like we're going to not yet in route but we have a fine version if you're running around.\nGerry Seidman: 9.2 Ask reach out to me and I can give you this client. you just start the afs.mount service. And then if you're running there's a bug integer at 38 where you have to stand in first, permissive you don't into door up 37 and you won't or 39 and hopefully not much longer 38.\nGerry Seidman: And then just believe you're an astrophysicist or a high energy businesses and just look at files concern, LS slash AFS last cern.ch and lo and behold it works. Zero client configuration global management. Access transparent. It just looks like a file. So I'm going to just add a file from Cerns Atlas Project. Let's go from their aspected and it just work and as I said, it's platform, independent, on the one side of windows and the other side of women. I'm going to focus on the parts that are salient for ALS, the cash consistency model and the answer findings of policy containers really more than about the air that's fine in AFS again,\u2026\nTom Sweeney: He?\nGerry Seidman: volume is highly overloaded term in AFS and abiding. It's just a rooted directory of, files And it can have, files and sim links and directories etc. an example of a volume rewrite volumes would be, for example, painting data, machine learning training that a lot models data sets application binaries, configuration files, static Web content for write, your home, directory Scratch, space log but some specific project etc.\nGerry Seidman: Volumes are the unit of management and It's the thing, you put policy upon things like quota replicas. So for example, if that's where I want high availability, I might serve it up on three fosterers in New York in Shanghai One in London. It's still globally accessible, but your client will find a closest one to get you the best performance. maximal access controls, the security thing things that you can do things like this data. Can't be the US. It's got a lot of cool stuff, but an AFS volume and the AF unit of management is called Estelle and cells have volumes in them and volumes have human readable names. so for example I could have a volume called Language Model DOT training DASH data.\nGerry Seidman: so that would be where I would put it. I didn't say that access it yet and there's also a special volume with the name Root that again there's volumes. I don't know why I have a separate. you miss, what I'm showing is that within an FS volume, you can link to another amp as volume as if you triangle are for\n00:10:00\nGerry Seidman: Yeah, the triangles are showing, you can actually have hard links, you've actually have hard links as well as SIM links within a volume. You can't do hard length. but you can do mount points of the volumes. so how are you access it in? actually gave you This is the syntax not for cast but for our proprietary client but anybody can reach out, tell you how to do it or look up online. Mount Slash cell volume name gets you to a volume. That just works. There's also a dynamic route, /, By default. It could be anything else in your system. it doesn't have a lot of our banking customers, have it.\nGerry Seidman: Only locally accessible on and that's how the global names So I'll get back to that with an example. But for example, somewhere on my file system, I might want to have my, chat ABC language training data. I want to mount it there. So I just say I could do L / blah blah\u2026\nTom Sweeney: it's\nGerry Seidman: because slash that out. / myog.com, Bush language, training directly gets me to the root of that volume. So if I link it to be there, I now have it anywhere my file system. again, that's the syntax of here, but one of the cool things is dynamic, zero, configuration Global namespace. So there is that I mentioned in passing, a slash AFS directly off of the route. That's now actually reserve name. You can't. It's\nGerry Seidman: Its official things slash AFS you can't have such anything, and the way it works, if I go AFS slash you michigan.edu or cern.edu, There are DNS service records that say, where the metadata servers are for University of Michigan or certain etc. And what happens is the client, when you say slash afs/stern.com, it goes to DNS and it finds the IP address of the metadata server. And then it dynamically mounts, the route that sell special fruit. I\nGerry Seidman: Last say the penultimate thing I want to say is afs Everything was, really, an object store. It's not really a false, Server. It's an object server where each volume is an object store and each entity in it files, links, directories etc, are objects with their unique guys object IDs. And actually the server doesn't know anything about paths, unlike NFS. the path is all the pathwork, Interpretation is always done, completely on the client.\nGerry Seidman: As I said, also said there's a cash consistency model that survives reboot so when you read from the file server, a fraction of not a copy and sync file system. it just grabs the block that you read, it stores in the cash or the least presentation you use caching on and the cash can be very very large. couple gigabytes would be a couple of terrified. So for example you doing the machine learning Up. You might want to have a very large cache. so \u2026\nTom Sweeney: Traditionals.\nGerry Seidman: point basically networks over All right, that's all we know are all experts in or restore. now I talk a little bit about containers of software,\u2026\nTom Sweeney: Gerry.\nGerry Seidman: deployment, inheriting, all the classic problems of software delivery. very quick slide. Just we all know this that at runtime you're using, you've got an overlay file system the presented to the run container at runtime where the route is the write layer. And then there's a list of We don't get players. On the local machine, if you built. A container with a bunch of layers, you have all the files locally in particular, you also have a manifest that are config file. Whatever, those are well dependent,\nGerry Seidman: it's just helps me about the container image. But when you say top, I've been push. It takes those files on the layers and creates a car.tz compressed version. And that's what goes up to the container registry, and the container regency stores them. And in fact, the container registry is basically an object store where the manifest even a io slash\n00:15:00\nGerry Seidman: Out library slash alpine, you go to the registry and say Hey, what's its unique ID? What's the idea of its manifest? That's the only time you used, It's not object like And then from there on you just bootstrap and say Give you the man give you this object ID which is the manifest. They give me this object Died ID with coming in the manifest, the layer ID to grab the layers. and when you say Pull you do the opposite, you pull the layers and you untar them locally onto your local disk. so what are the associated costs with pulling a container? There's the clock time spent downloading the entire car.g file, which for large files, can be not insignificant that the cost of the network bandwidth.\nGerry Seidman: but if any CPU and IO spent expanding, that's hard on TV onto locales and the disk space required to store them and expand them. So effectively your container start time is the download time plus the expansion time and again these costs are only incurred the first time to container the layers full I say container image but it's per large container. Images are not uncommon. Icon is 1.1 gigabyte. Before you do anything, we have I know of customers that have just taken. Legacy systems and made them into one. Giant could 40 gigabyte Container. and then an example of that would be SAS. If you remember the old statistics programs is? Yes. That's what they did. They're not a customer bars but they have one I think there's 50 or 60 gigabytes. They just\nGerry Seidman: Big one, giant container image big deal. I'm only downloading it once no problems. So if I got a one gigabyte app, I download it to my machine or my server. I got the problem is a scale this adds up. So if I'm deploying a thousand one gigabyte images to a thousand machine a thousand. And they say, if I'm delivering a single gigabyte image to a thousand machine, that means I've got to move a terabyte over my network. which is you don't ever want to start a thing with a terabyte over your network and certainly, if you're in any industry where the network has to be really, Smooth like a bank anything is doing experimentation on it. you don't want that choppiness of the network caused by a lot of pulling of images on. And again, we're running a thousand machines is an uncommon. I mean, we have enterprise customers that are running on\nGerry Seidman: It actually running applications almost 200,000 machines. Tens of thousands of applications not uncommon for a single application, to go to a thousand machines and then we just drifted across the enterprise both locally and globally and cross-cloud. So that's not uncommon and we also have customers that have HPC compute clusters, where they got a thousand nodes and they'll just, blow out the container image To the notes in the classroom so It's not unrealistic. The other thing is that if you're running lots of containers at a single machine either individually with pod man or orchestrated by a Kubernetes, you can have a lot of containers in the machine and that actually causes a bloat in the disc\nGerry Seidman: just by the way. there's the Pie Man Group, an open ship node if you configured it with a bunch of stuff. Turned on can be up to 100 gigabytes of operator interview. So when you're creating a new openshift node, you could be pulling as much as a hundred gigabytes of container images and there are many as factors in the time but it takes about 45 minutes of setup and openshift note. so okay, so now we know, can we take as bad? their respects. so an important observation and this actually goes back, is this software delivery crop, there's over deployment problem goes back to cards, and tapes, and discs, and CDs, and RPM files. and containers, that many of the files in this offer deployment, and the container image are just not used.\nGerry Seidman: They're just not used. unless somebody put a lot of work into calling their deployment. Pretty bloated. In fact, going back to a paper on back in 2016. There's link by harder.\n00:20:00\nGerry Seidman: Pulling packages accounts, for 76% of containers, start time, but only six, four percent of that data is great. That was the result of Studies their analysis over the three years ago but I suspect it's worse, not better. But There you go. So in that prior example, if I'm pushing a thousand copies of a container to, a one gig by tonight near to a thousand machines that one terabyte would go down to 6.4.\nGerry Seidman: And there's a local dishes, reduction of storage actually for more than six for more because the carballs expand again for a single image. It's not important. But I've got a machine with many images, I could have hundreds and they have hundreds of gigabytes of Actively use container images on it on a server or a coin Tom, I'm not going to dwell on this. This is from that 2006 paper, about some example slides, let me go back, What was their research was fast, distribution of lazy doctor containers, and they had this idea that if you could create an index into the target, the file you just cherry pick the\nGerry Seidman: Blocks of the Tar of the blob using HTTP get range instead of just HTTP, get all from the tainer registry. and so, their whole paper is about creating indices and creating these non -standard container images. so this is from there.\nGerry Seidman: There, non-standard implementation, but still they're getting pretty impressive, compressions and pretty significant. Start time improvement. again because it's only pulling down the files that are actually used as runtime. Or so let's not take another digression on container storage. because then this will all come together because My feeling is, never.\nGerry Seidman: Never use a technology. You don't know how to write. So I'm basically going into the internals of you understand how it works in that way? Hopefully everything is clear, container storage. again, This is talking to the choir, he's acquire or I am preaching, that you've got the storage on configuration file storage at Conf file. and then you have a local working directly where the container layers and images information stored on and at those respective paths, this is all implemented in the Storage containers slash image, subsystems,\nGerry Seidman: Just for laughs, I'm just starting with a fresh system I say podman images. And what that does is that actually populates the empty graph of the structure. I can teach drove into everything but that's the kind of the structure of storage in Edwin time with pod man. And if I look at it, when I just created empty, it's about 32k, all right. we're only going to focus on again, in these slides, the things in green are the things remind myself to talk about. There's the overall a storage and that's the storage slash over. that's what the actual files are stored for the layers and images. It's where Information about the images. is stored because again, a layer may be used by multiple image just\nGerry Seidman: All So again doing something simple like a dot pod man poll, it gives us a throws out this number which is the the layer digest of a layer outside the single layer container. this every day I'm saying works on multi-layer containers. It cools down the manifest file and then it copy signature and it goes back the id of the registry, the idea of con that's a digest of the container image and justice. So we'll see these numbers again is 31. is the layer C1, aabv is the looking inside the overlay images file. We see bear again.\n00:25:00\nGerry Seidman: Corresponding to the image ID of C1a. There's a self-direct you c1a with junk under it, but it does include the manifest file and the way you find the Sea 31 e35. that's the actually manifest ID. The digest of the compressed image, not the uncompressed image, which is actually what's used in the manifest file. so the way to find the Actual digest, that layer is doing stuff.\nGerry Seidman: But extracting stuff out of the JSON bucket advo, again, I'm not going to talk it through, but the point of making is that you cannot forget about the 31 e blah blah, because it maps to one to the seven, a 78, 8 blah blah, but we're gonna want. Again let's look at the overlay folder, we see the bear lo and behold is a directly corresponding to that layer. With some files, the saline file being the diff file which contains the files from that layer and I can go directly and see those fun. All right, so we're now and then it run time.\nGerry Seidman: Everyone at runtime. You need a we'll see a second, container layers created. That's the transient regular layer of this container. when the container ends and you remove, podman RM. that layer will go away but I just want to, be clear that I run the container and break some content in it. I can see it actually under over All right. So now We all probably were experts on this before I started talking, but now we're reminded experts. so now we're talking about an additional image store and I'm additional image store, briefly on Alicia Image Store, allows you to have multiple instances of that structure that I just talked about. and\nGerry Seidman: you specify and you have one or more of those. And those are configured in the storage. I can't follow under additional image stores. and what it worked exactly like when you do a poll it looks like any pull, but you pull into a specified copy. So you have actually that directly structure multiple times in multiple plates. All right, depending on how many you have. And so if I pull busy box into that and then I go into that directly the temp slash ais. You'll see lo and behold, I get exactly what I saw before. but the AIS will only be read only. You will never ever be, it's only for the images, the layers from\nGerry Seidman: Downloaded Images. The rewrite layers at runtime, it will always put the rebite layer in your primary route. But notice, I left something out. I just want to be very clear When I ran Alpine 7.5 megabytes just remember that number 7.5, megabytes is the size of alpine, busy boxes smaller, 4.8 megabytes. and when you do a podman images, you have an extra column with them additional restore which will tell you whether it's your store it's coming from whatever you read, only layer stores.\nGerry Seidman: so what's the value, proposition of this, you get to share only layers across multiple users. for example, if the alternate image stores is on a single box, as you know, that in podman root was podman, every user has their own directly structure. Corresponding to storage on digital, allow you to have a single place rather than having every user on a machine. Downloading, the image, they can get from a shared place. another use case is you downloaded into an NSF share. And now, you have files that are being called on your local machine from an NFS share. And so instead of having copies on every machine, you have a copies just share all of this because of the whole into the alternative.\n00:30:00\nGerry Seidman: Image store, it has to be administrative managed. Somebody's got to do something to do that, whether to do the Poland locally of the pull, into the end of the share, on if you haven't read it. There's Daniel Walsh's is article on exploring additional image tours in climate. So the bottom line is part, man, works pretty much to me. Additionally, the creamers standard. It's just allows to have more than one. Let's have extra real now to be contrasted with additional layer store. ALS.\nGerry Seidman: It would, the history of ALS goes back to that harder paper where they tried to create As I said, a way to lazy load containers by having an index into a GC file That's what the essence seekable tar tzus. But that stands for, and that's what they did. I'm not gonna dwell in it. But, the original approves, the concept for ALS was done by a group of NTT engineers, who did the heavy lifting of\nGerry Seidman: Implementing what the harder group did but in actually container slash images just in compares my storage as well as in container d. and it is now shipped. it is in padman today so, ALS provides or additional sources of layer content not about the whole structure of the storage. It's just A layer content on there are actually three examples of uses of ALS the star GC. The NTT one serum I think has one, but I think they may have walked away from it. There's an ipfs implementation, of course,\nGerry Seidman: so, the way you implement ALS is with a fuse driver on because you need some sort of RPC from the container runtime, to say, Hey, I need the thought content of the layer. Can you provide it? It's really what happens at runtime right? But before down do I have the files locally? it says Hey you use file system. Can you provide? And you specify the root of your ALS file system under additional layer stores in the configuration problem.\nGerry Seidman: And so what happens is at runtime, there's an intercept. if it doesn't already have the files, it asks, can you do it? And if you're also says, yes, It's okay, great. Give me your route and I'll get the files from you. we'll see a little bit more details. Don't here. So, in this example I have my Orestore ultimately stored fruit at Chiliary Slash Home slash Store by putting that in your config file. It's telling the container runtime to look\nGerry Seidman: We don't want to query you, it uses the fuses according language, it's kind of an RPC, your future, lash your ALS root slash the basically form of the image Layer Digest. And that's where it's expecting. You to provide. a different directory, as well as some info and info file and the RAW blog if it asks you for it never does. But alright. So again you have to satisfy the ALS RPC by being able to service these paths.\nGerry Seidman: But these paths by your driver. So let's look again. So here's the same thing. I did I have a blank fresh banana storage, the 32k. I do it with my ALS driver running. I saw a problem Paul, everything's the same. And now I look into a dis usage on it, and instead of being 7.5 megabytes, it's 1.4 kilometers. And 104 kilobyte and that's not going to change. The caching is done on AFS. That cash is any different place. so in this case we reduce the container storage size by quite a lot. And the interesting thing is, when I did this Dr. Paul nothing came over the network.\n00:35:00\nGerry Seidman: All that happened was the ALS driver, said I can provide the services. I can provide the file. You didn't answer any file. So I'm not doing anything yet but I'm saying, I can if you false at those directories. So now let's look in the store for that's actually overlay. no this is the ALS route. what my fuse Paul system is providing and my priest is a root with the base 64 encoding of I guess that's io / Alpine. Or something like that, the digest of the layer. And I have to provide.\nGerry Seidman: Basic people of the reference slash died, layer digest, slash Bob /, stiff /, info and doing a little forward. Think notice that, what am I doing in my Orestore? They also implementation. I am I'm just doing a link to a volume on the cell DVD that I mx.com blah blah. Coincidentally with the name, very similar. I'm truncating, the names just for you either use and again just to prove I did an echo of that z blah blah through based 64 decode and yes in fact it is / liver.\nGerry Seidman: going back to container storage. what I'm seeing is that A Digest ID, I see. Under the death rather than the files which I saw before. I just see a symbolic link. again, I did that's what it really is but below I kind of abbreviated so The Overlay slash Layer Digest. Glitch GIF is really a symbolic into that AFS about into that path, which in fact is Going to give you the content of the day ARS or volume.\nGerry Seidman: And I'm just kind of showing you that really works on the slash info just gives you a standard information of the information of that layer. That's a image standard. and if I do a stat - l of the blob file, it says that in fact, if Laos driver can give you the part of the file of that, layer, and it's gonna be three point four, 3.4 mega. and of course, if I run the end and if I just run it, everything runs as normal. So again, the only, I ran this and the storage size, one from seven point five megabytes, a hundred, and four kilobytes.\nGerry Seidman: So that's the trick behind ALS to be many. You can put NFS behind Ali but if the fundamental difference in ALS and AIS, is that, as has a complete replication of that complicated structure, which allows us to reuse a lot of code, it's using the same code as container storage. But,\nGerry Seidman: but with ALS, you're just grabbing the layers on the Web. All right, so this is currently Deployed in pod, You can run it today in five, but if you look in this source code, it says Experimental. And if you look the band page for storage comp, there's no reference. So one of my missions is to get it promoted. and Dan suggested the following route, give a presentation of the pod, man. Cabal, this write a blog article about it.\n00:40:00\nGerry Seidman: Update the man pages to storage account.\nGerry Seidman: Describes additional layer store and makes them create some as a test. I can be run in the continuous integration, I think for the storage fiber. So finally, yes, there are some container accelerator. again, I really want to already All it is a fuse driver at runtime, it's a fuse driver. That maps, those munched names of lake of container image references slash layers to AF volume names in a well-defined manner. How is it configured? Actually look at this actually have in a cell\nGerry Seidman: I have this layer volume that file so actually that path is the same path. That I put in Assuming I'm sorry configuration storage account in the ALS client configuration, give it a path that they bootstrap I don't want Put information on I'm a distributed file system. I might as well have to configuration where it should be. and what that's saying is that The cell name ABC Direct ids.com will service layers.\nGerry Seidman: these are from these repos and you will find it in that cell under the layer name, J-1 Underscore Blah, where the blood and I strip out this shot to pick the same. so that's the mapping to find the air or volume, from from the image and Up. Why does it work where these layers coming from? There's a service called the oyster layer.\nGerry Seidman: Volume generation service that either can be hooked by a webhooks for your container registry or through. A command line tool where you say L V I'll be c Ingest docker.io slash Alpine and all it does does it goes to the container registry, it grabs the manifest? And then, for each of the DIP layers, it says, If I haven't already created an IFS volume corresponding to that in the appropriate cell. I download it and I untar it and then I create an Amazon volume with that. and so that's what the later generation service does, that's it. So now I'm gonna stop sharing and I think I was not too over and I haven't heard anything. So hopefully\nDaniel Walsh: Can you hear us now?\nGerry Seidman: Hopefully people here, it might get presentation. Good can't hear you.\nDaniel Walsh: Yes.\nGerry Seidman: Could somebody say something our speakers muted?\nDaniel Walsh: we're trying to talk, you can't\nGerry Seidman: No, they're not. Okay, so people are speaking. I'm gonna just\nDaniel Walsh: Can you hear us now?\nGerry Seidman: Okay. Tom. You raise his hands.\nGerry Seidman: Are you speaking time? And hold on a second,\u2026\nTom Sweeney: Can you hear anything? At all during\nGerry Seidman: I'm sorry.\nTom Sweeney: Can you check chat?\nTom Sweeney: And here's\nGerry Seidman: My Bluetooth. I'm having technology problems. I apologize.\nEd Santiago Munoz: first past,\nGerry Seidman: and so,\nTom Sweeney: I don't think he's on board yet. you can hear us. Okay.\nGerry Seidman: I can hear you now. Yeah, my Bluetooth. Down.\nGerry Seidman: Who knows all these screen sharing things do weird,\u2026\nTom Sweeney: I'll be.\nGerry Seidman: things that Bluetooth and it turns out the speakers on my laptop don't work. So I had to put an external speaker.\nTom Sweeney: Okay, so We do have a couple questions that were queued up while you were talking,\u2026\nGerry Seidman: I apologize.\nTom Sweeney: and we couldn't get your attention. So Chris had one that was can volume store extended attributes,\u2026\nGerry Seidman: Absolutely.\n00:45:00\nTom Sweeney: ie SE Linux labels\nGerry Seidman: extended attributes're currently not supported, they will be supported in the next release of our store. and I'm guessing you asked that because the overlay file system wants speaks so it turns out pod man is good Kubernet. Openshift is bad because POD Man default to fuse overlay at this. I refuse every AFS I can provide them the dot, the white app files But in the next version of Aura Store, we'll be able to do that. We're actually doing some other stuff. We're also doing verities checking and things like that which will make us the only just distributed file system that can do that. That's already if and when you care on etc.\nDaniel Walsh: Gerry. I asked Access control. Is that done on the server side,\u2026\nGerry Seidman: Yes. there,\u2026\nDaniel Walsh: or the client side?\nGerry Seidman: there's a problem. Ask the control of an interesting thing, because there's actually three different places where your Baptist control. You have the Unix bits that are in the container images. Those are preserved by container of the standard pipeline, there's the permission to download the layers on the container registry. And then there's the permission to access the AFS volume.\nGerry Seidman: All right, three different places We can restrict.\nGerry Seidman: A runtime application to access the files in an AFS volume. We can do that. We can put access control on the volume. We can't do it on the per file because I can't be worth that. Can't be represented, we actually can but it makes no sense in the whole container model. but if you would really want to do that, you would want to have a container registry that would never serve the product PZ.\nDaniel Walsh: yeah, yeah, because we've been in the past if I put stores on And network file store. For instance, NFS. It doesn't understand username space. So if I'm in using a space and I tried to chone a file, the service says, no because it doesn't want, UID the Walsh to Jones. Uid 100,000 Yeah.\nGerry Seidman: Got it. Yeah. Yeah, I don't think yeah, good.\nDaniel Walsh: I think it Would AFS work same way.\nGerry Seidman: And that's the book. No, I guess would work. I don't,\u2026\nDaniel Walsh: What?\nGerry Seidman: I don't know why it's out of my pay grade but if I \u2026\nDaniel Walsh: So, you think Andrew would allow that?\nGerry Seidman: I believe. So I could run a quick check, but I believe it does. But take that as a qualified. Yes.\nDaniel Walsh: All right, so yeah, when you were showing the additional layer store, you have a tool.\nGerry Seidman: And hopefully, I'll play it in this representational image store.\nDaniel Walsh: No, no additional. But I liked a lot of lights and it'd probably be helpful. If we got some of those slides up to basically describe all this stuff all works the ALS Though.\nGerry Seidman: Every.\nDaniel Walsh: You say there's a fuse file system that's required, we is that fuse file system open source at this point.\nGerry Seidman: It's an implementation specific thing, the start the MTT one, the star gz one is the orcer.\nDaniel Walsh: Right. Okay.\nGerry Seidman: One is not but\nGerry Seidman: It's a Long story. As to why or store is not open source? We'd love to be.\nDaniel Walsh: Right.\nGerry Seidman: We just can't eat and build in source.\nDaniel Walsh: That's fine. So, you have a tool that is creating these additional layer stores.\nDaniel Walsh: in a format that we can get some to buy making consume. Hi.\nGerry Seidman: Yep.\nGerry Seidman: Yeah, yeah, I think it's that the image layer digest to layer, the orcer layer volume. Configuration is, this is shared by the server and the service that creates them as well as the client. yeah.\nDaniel Walsh: and lastly, the\nGerry Seidman: Anything and there's a little thing I want it. Also mentioned Big organizations that have a lot of apps over. A lot of time have a lot of problems with Cullen. when when you call something and our customers are always asking what can we do to help and it's not a lot we can do to help because you can only at best in for certain things, but and the container images you have this an even worse problem because you are Ask you be, cashed far away, and have it for a long time. And so we posited that we could get some some users metrics from our ALS drunk from our fuse driver. Of the weather layers are being used, would you?\n00:50:00\nDaniel Walsh: Yeah. So if he had a layer that has been used in three years that you can get rid of it.\nGerry Seidman: Right. Exactly.\nDaniel Walsh: other questions, anybody?\nDaniel Walsh: So, why would you prefer to use ALS rather than just doing? Ais.\nGerry Seidman: This. One is the dynamic nature of it that there's no pull. The other with. Areas is, I would have to figure out how to do it. Because I'm mapping, I'd have to do something in image store, to do From. The appropriate path where ALS jumps off. where was storage? as it's just the standard storage, overlay slash blah. I don't know how I would even look into that without doing some. Plumbing. In story. Right.\nDaniel Walsh: I guess, lastly, the reason've people have said they won't use Ais in the past has been laden. so that you're running a container, it's running fine for a long period of time and\u2026\nGerry Seidman: Okay.\nDaniel Walsh: then all of a sudden decides to access some piece of data that is in cash. And It goes into a pause.\nGerry Seidman: Yeah, I mean but yes the answer is one of the events of a alsover. Over AIS in that regard is the cash. If you hit something, you haven't hit the long time. it may still be in the cash for the NFS. You're always doing it whether you voted it recently or not. Could be cashing is much.\nGerry Seidman: And not as good. which,\nGerry Seidman: and one of the things they did in East RG, the Star Gz project which we have talked about doing as well to That problem is to create a manifest of files to pull the pold to populate to feed the cash. When I was at Redhead Summit, I spoke extensively with somebody who works as a cruise line and a ship is one giant. Open ship cluster. And they have a lot of pain bouncing that off of a satellite network. That's extensive and slow and loss and unreliable.\nGerry Seidman: So to meet their needs, we talked about adding functionality of, like I said, a seat a seed, set of these are files, you should preload and those can be obtained by observing fire runs of the application on. That's already implemented again in Star Gz, You look at there's a way to somehow I forget how but somehow specify however how to pre-pull Anyway this is funny because it sounds the fast start but by default it then lazy loads the whole image. So you're going to fast start, but eventually you have all the fossils.\nTom Sweeney: Okay, I'm gonna have to hold questions here because we are way over time and\u2026\nGerry Seidman: So sorry.\nTom Sweeney: yeah, no problem. but thank you Gerry's, very interesting. And if we'd love to have you back in the future,\nGerry Seidman: Okay, I'm gonna post that I post. Only I possibly, you guys have. Yeah. Hopefully that wasn't too fast.\nTom Sweeney: Yeah, we have the link.\nTom Sweeney: That briefly.\nMatt Heon: That's delay until Monday. Four minutes is a little late to talk about this and I don't want pushes. or without we'll delay this,\u2026\nTom Sweeney: Okay.\nMatt Heon: until next time we can\nTom Sweeney: Okay, yeah, it's gonna be a couple.\nDaniel Walsh: I get.\nTom Sweeney: Yeah. This.\nDaniel Walsh: Yeah, just for those I guess we're not gonna start for another week for that sex is what bottom line, right?\nMatt Heon: Yeah, at this point I would like to get things rolling but we can probably get the ball rolling during the planning on Tuesday and then see things roll from there. I would hope to have an RC out in two weeks maximum.\n00:55:00\nTom Sweeney: Yeah, and our end goal for four sixes to have something out by mid to late August.\nMatt Heon: No, that's four seven and go for four,\u2026\nMatt Heon: six is to have something out very early July. Hopefully\nTom Sweeney: But much more expedient that I had Given that I think I'm going to wrap up this meeting and just I do.\nGerry Seidman: I'm going to question\u2026\nTom Sweeney: No, I do the Sure.\nGerry Seidman: if I make is really advanced when we met you, we talked about there should be a man page other than storage on Conf Where would man information go? I can't think of any place because there's no just storage.com Good.\nDaniel Walsh: Right. You're going to Storage.com. Yeah.\nGerry Seidman: Okay, I just wanted to confirm that. Thank you.\nTom Sweeney: Okay, so our next cabal meeting will be on July 20th. Same time, 11 o'clock in the morning eastern time and then our next community meeting will be happening on Tuesday, August 1st. I'd like to thank Gerry very much for coming here. Presenting today is great information and for everybody participating and with that, I'm going to turn off the recording.\nTom Sweeney: And so many buttons to click to turn off the recording, Anybody want to say anything or comment anything? Without recording going on.\nTom Sweeney: Because a big fat no and say let's go get some lunch dinner and get out of here. Right.\nDaniel Walsh: Nope. Gerry I'm glad I could attend but I was supposed to be on a flight out to Europe and never made\u2026\nGerry Seidman: I'm glad you got made it\u2026\nDaniel Walsh: So, I'm stuck in DC right now. So,\nGerry Seidman: hopefully, it clarified a little bit more what we're doing.\nDaniel Walsh: Yeah, know I found an interesting. It's\nGerry Seidman: Yeah. This scary thing is how incredibly simple it is. and\u2026\nDaniel Walsh: yeah.\nGerry Seidman: it works because we have a million lines of code of a really good secure distribution policy system underneath but the ALS part and\u2026\nDaniel Walsh: Right.\nGerry Seidman: they container part it's trivial.\nDaniel Walsh: What was AFS first introduced,\nGerry Seidman: It isn't a history of the brief history. once upon a time, There were no computer science departments, there were math, departments at ED Departments, and back in 1982, CMU was forming a computer science department and IBM. And if you want to start a department, you need researchers to pull it in. So, I'd be able to length and seven of the researchers, when IBM did real research and gave them 35 million dollars and said, Focus on distributed computing. And that was the start of the CMU Department and the start of the Andrew project.\nGerry Seidman: And many things came out of the Andrew Project. IBM's distributed transaction processing system came out of that and they made a billion dollars on that. So they got their money back in spades and the end system came out of it, too. the intention was to spin off companies FS on into plans are IBM, which was a product. No idea in real life, AFS doesn't sell hardware and they decided sunset, it and ended up and open source. and it struggled in open source and forest formed by them primary open source, people to Make it good. And he mentioned,\u2026\nDaniel Walsh: It's cool.\nGerry Seidman: who's using it, by the Department of Defense is used by Horn of Energy. She's my major banks, many different use cases.\nTom Sweeney: The PCE back in the day. Also, Do you know was a part of DCE distributed computing environment.\nGerry Seidman: it was,\u2026\nTom Sweeney: That was a\nGerry Seidman: There was a fork of it. That went into that, I think. Again, that's way before my time. You\u2026\nDaniel Walsh: Thank you.\nGerry Seidman: I'm relatively new to this world. In historical.\nDaniel Walsh: Dte DC came a few years later. So,\nGerry Seidman: Yeah.\nTom Sweeney: There are some early 90s.\nDaniel Walsh: but,\nGerry Seidman: Yeah. What happened was got Guam density, Athena project. If you remember the Athena project MIT, which you did okay.\nDaniel Walsh: I worked on it being a project, so\nGerry Seidman: Which led to some licensing issues and it issues and questions that Dot, It was a different world. But how software was?\nGerry Seidman: Used by different people.\nTom Sweeney: Banner,\u2026\nDaniel Walsh: Yeah.\nTom Sweeney: you're making it to check. Are you coming back to me?\nDaniel Walsh: I am making it to check and flying out at 5:30 tonight. And Mandela,\u2026\nTom Sweeney: Choices.\nDaniel Walsh: I'm right outside of Dulles airport right now. Waiting to Have any extended stay at a hotel room.\nDaniel Walsh: Late. Check out.\nTom Sweeney: Yikes.\nDaniel Walsh: alright. Good Gerry, good step, one done. I need step two, three four. And we'll\nGerry Seidman: Okay, I've written the documentation, but the problem is that, I think I wrote too much For the Man page but I'll run that by you.\n01:00:00\nDaniel Walsh: Yeah, you're probably confused the all right.\nGerry Seidman: Excuse me.\nDaniel Walsh: You'll probably confuse everybody by putting a huge section. Yeah.\nGerry Seidman: The Man page for AIS is one line. Put stuff here.\nGerry Seidman: I could do that too.\nDaniel Walsh: Alright.\nGerry Seidman: Thank you guys. Have a great afternoon.\n")))}Qo.isMDXComponent=!0;const _o={},Xo="Podman Community Cabal Meeting Notes",$o=[{value:"July 20, 2023 11:00 a.m. Eastern (UTC-5)",id:"july-20-2023-1100-am-eastern-utc-5",level:2},{value:"Attendees:",id:"attendees",level:2},{value:"July 20, 2023 Topics",id:"july-20-2023-topics",level:2},{value:"Meeting Notes",id:"meeting-notes",level:3},{value:"Passwd and group entry handling with --user, etc. issue (0:354 in the video) - Justin Jereza",id:"passwd-and-group-entry-handling-with---user-etc-issue-0354-in-the-video---justin-jereza",level:3},{value:"ipfs integration into Podman - Anders Bjorklund",id:"ipfs-integration-into-podman---anders-bjorklund",level:3},{value:"Podman Release (32:33 in the video) - Matt Heon",id:"podman-release-3233-in-the-video---matt-heon",level:3},{value:"Open discussion (: in the video)",id:"open-discussion--in-the-video",level:4},{value:"Next Meeting: Thursday, August 16, 2023, 11:00 a.m. EDT (UTC-5)",id:"next-meeting-thursday-august-16-2023-1100-am-edt-utc-5",level:3},{value:"Possible Topics",id:"possible-topics",level:2},{value:"Next Community Meeting: Tuesday, August 1, 2023, 11:00 a.m. EDT (UTC-5)",id:"next-community-meeting-tuesday-august-1-2023-1100-am-edt-utc-5",level:3},{value:"Possible Topics:",id:"possible-topics-1",level:3},{value:"Raw Meeting Chat:",id:"raw-meeting-chat",level:3},{value:"Raw Google Meet Transcript",id:"raw-google-meet-transcript",level:3}],ei={toc:$o},ti="wrapper";function ni(e){let{components:t,...n}=e;return(0,me.kt)(ti,(0,K.Z)({},ei,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-cabal-meeting-notes"},"Podman Community Cabal Meeting Notes"),(0,me.kt)("h2",{id:"july-20-2023-1100-am-eastern-utc-5"},"July 20, 2023 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h2",{id:"attendees"},"Attendees:"),(0,me.kt)("p",null,"Aditya Rajan, Anders F Bj\xf6rklund, Ashley Cui, Ed Santiago Munoz, Jake Correnti, Justin Jereza, Lokesh Mandvekar, Martin Jackson, Matt Heon, Miloslav Trmac, Mohan Boddu, Nalin Dahyabhai, Paul Holzinger, Tom Sweeney, Valentin Rothberg"),(0,me.kt)("h2",{id:"july-20-2023-topics"},"July 20, 2023 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"passwd and group entry handling with ",(0,me.kt)("inlineCode",{parentName:"li"},"--user"),", etc. ",(0,me.kt)("a",{parentName:"li",href:"https://github.com/containers/podman/issues/18903"},"issue")," - Justin Jereza"),(0,me.kt)("li",{parentName:"ol"},"ipfs integration into Podman - Anders Bj\xf6rklund to kick off",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"See ",(0,me.kt)("a",{parentName:"li",href:"https://github.com/containerd/nerdctl/blob/main/docs/ipfs.md"},"https://github.com/containerd/nerdctl/blob/main/docs/ipfs.md"),"\nit is about peer-to-peer image distribution, using OCI ",(0,me.kt)("a",{parentName:"li",href:"https://github.com/containerd/stargz-snapshotter/blob/main/docs/INSTALL.md#install-stargz-store-for-cri-opodman-with-systemd"},"estargz")," format"),(0,me.kt)("li",{parentName:"ul"},"Question for containers/image, fallback is ",(0,me.kt)("inlineCode",{parentName:"li"},"localhost:5050/ipfs/"),"\n(proxy server from IPFS, started with ",(0,me.kt)("inlineCode",{parentName:"li"},"nerdctl ipfs registry serve"),")")))),(0,me.kt)("h3",{id:"meeting-notes"},"Meeting Notes"),(0,me.kt)("p",null,"Video ",(0,me.kt)("a",{parentName:"p",href:"https://youtu.be/O-6RWIcIvqk"},"Recording")),(0,me.kt)("p",null,"Meeting start 11:05 a.m. Thursday, July 20, 2023"),(0,me.kt)("h3",{id:"passwd-and-group-entry-handling-with---user-etc-issue-0354-in-the-video---justin-jereza"},"Passwd and group entry handling with ",(0,me.kt)("inlineCode",{parentName:"h3"},"--user"),", etc. ",(0,me.kt)("a",{parentName:"h3",href:"https://github.com/containers/podman/issues/18903"},"issue")," (0:354 in the video) - Justin Jereza"),(0,me.kt)("p",null,"Docker wasn't able to create the uid/gid correctly, but Podman was. Justin showed a script that showed the steps used to test Docker and Podman to show the issue. Docker doesn't create the entries in user/passwd files, while Podman does."),(0,me.kt)("p",null,"He ran through a number of man pages for Podman, showing where this was going on."),(0,me.kt)("p",null,"Just is suggesting adding/modifying these options:"),(0,me.kt)("h1",{id:"do-these-options-continue-to-add-a-passwdgroup-entry-or-is-it-a-bug-because-it-doesnt-follow-the-docker-behavior-exactly"},"Do these options continue to add a passwd/group entry or is it a bug because it doesn't follow the Docker behavior exactly?"),(0,me.kt)("h1",{id:"docker-behavior-doesnt-add-passwdgroup-entry"},"Docker behavior doesn't add passwd/group entry"),(0,me.kt)("p",null,"--user\n--group"),(0,me.kt)("h1",{id:"retain-these-and-add-passwdgroup-entry-to-the-container-from-the-host"},"Retain these and add passwd/group entry to the container from the host"),(0,me.kt)("p",null,"--userhost\n--usergroup"),(0,me.kt)("h1",{id:"these-continue-to-function-as-they-currently-do"},"These continue to function as they currently do."),(0,me.kt)("p",null,"--passwd-entry $(getent passwd $UID)\n--group-entry $(getent group $GID)"),(0,me.kt)("p",null,"Using these options he's proposing adding to the pertinent files on the host for each of these options."),(0,me.kt)("p",null,"The discussion started in the issue noted in the title. Please review and add comments there."),(0,me.kt)("p",null,"Matt in concerned that there may be resistance about moving some of this functionality away from the system."),(0,me.kt)("p",null,"Split the problem into to fixes. Make --user/--group work as Docker does."),(0,me.kt)("p",null,"Paul asked if the difference in user/group between Docker/Podman is a problem? Justin doesn't see a bad effect to that. He's OK with it as is. Paul's worried that changing that now for user/group might cause a change in behavior that others would not be happy with. Justin is brining this difference up only due to it being different, not necessarily that it's wrong. "),(0,me.kt)("p",null,"Matt believes the current functionality was added as a convenience sometime in the past. He also think we could firm up the documentation here as to the whys of the behavior."),(0,me.kt)("p",null,"Justin is OK with retaining the current user/group behavior."),(0,me.kt)("p",null,"Just says we're using a groupID in a groupName field, and Miloslav said that's a bug if that's happening. We should be creating a name if one is not getting there."),(0,me.kt)("p",null,"This is a food for thought, and he'd like people to consider it going forward."),(0,me.kt)("p",null,"Issue of note: ",(0,me.kt)("a",{parentName:"p",href:"https://github.com/containers/podman/issues/18903#issuecomment-1595048047"},"https://github.com/containers/podman/issues/18903#issuecomment-1595048047")),(0,me.kt)("p",null,"Matt is going to tag Dan Walsh on the GitHub issue to see if he can comment on this."),(0,me.kt)("p",null,"Jason is Teminus in Matrix/IRC."),(0,me.kt)("h3",{id:"ipfs-integration-into-podman---anders-bjorklund"},"ipfs integration into Podman - Anders Bjorklund"),(0,me.kt)("p",null,"Postponed"),(0,me.kt)("h3",{id:"podman-release-3233-in-the-video---matt-heon"},"Podman Release (32:33 in the video) - Matt Heon"),(0,me.kt)("p",null,"Podman v4.6 RC2 now, final today. Podman v4.6.0 today. Planning to do Podman v4.7 in early fall. Then a Podman v4.8 in a February 2024 time frame."),(0,me.kt)("p",null,"Podman v4.6 is a relatively large release. A number of podman machine fixes/stabilizations. Podman v4.6.1 should be out in a couple of weeks, in early/mid-August. V4.7 should have some Hyper-V improvements for the podman machine. Also, podman compose improvements."),(0,me.kt)("p",null,"Usually, a 4 to 6-week process to get into CoreOS via the stabilization soak process for any Podman release."),(0,me.kt)("h4",{id:"open-discussion--in-the-video"},"Open discussion (: in the video)"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"None")),(0,me.kt)("h3",{id:"next-meeting-thursday-august-16-2023-1100-am-edt-utc-5"},"Next Meeting: Thursday, August 16, 2023, 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h2",{id:"possible-topics"},"Possible Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"None Discussed")),(0,me.kt)("h3",{id:"next-community-meeting-tuesday-august-1-2023-1100-am-edt-utc-5"},"Next Community Meeting: Tuesday, August 1, 2023, 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h3",{id:"possible-topics-1"},"Possible Topics:"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"None Discussed")),(0,me.kt)("p",null,"Meeting finished 11:43 a.m."),(0,me.kt)("h3",{id:"raw-meeting-chat"},"Raw Meeting Chat:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Justin Jereza10:56\u202fAM\ncan you here me ok?\nYou10:56\u202fAM\nI can not hear you at all\nJustin Jereza10:56\u202fAM\ngonna see if i can fix it.\nYou10:56\u202fAM\nI can see you just fine.\nJustin Jereza10:58\u202fAM\ni'll just use a phone for audio. mic doesn't seem to be working well on fedora.\noh wait, that only works in the US. heh\nJustin Jereza10:59\u202fAM\ni'll reconnect and see if it works.\nJustin Jereza11:01\u202fAM\nis my audio working now?\nEd Santiago Munoz11:01\u202fAM\n@Justin I see your lips moving, and you're unmuted, but do not hear you.\nEd Santiago Munoz11:06\u202fAM\nAudio is very very bad\nYou11:16\u202fAM\nhttps://github.com/containers/podman/issues/18903\nValentin Rothberg11:28\u202fAM\ntime check\nPaul Holzinger11:28\u202fAM\nI have to drop\nYou11:31\u202fAM\nI'm going to go to 40 past the hour on this, then on to Matt, we have no other topics.\nJustin Jereza11:34\u202fAM\nhttps://github.com/containers/podman/issues/18903#issuecomment-1595048047\nJustin Jereza11:35\u202fAM\nTerminus in #podman IRC/matrix channel.\nYou11:43\u202fAM\nhttps://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both\nAditya Rajan11:44\u202fAM\nthanks justin !\nMohan Boddu11:44\u202fAM\nThanks Justin\nxrq-uemd-bzy\n")),(0,me.kt)("h3",{id:"raw-google-meet-transcript"},"Raw Google Meet Transcript"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Transcript\nThis editable transcript was computer generated and might contain errors. People can also change the text after it was created.\nTom Sweeney: Okay, everybody. Welcome to the Batman Community. Cabal meeting today is Thursday. July 20th, 2023. We have two topics for today. The first one is about password and group country handling with desktop user and etc. That on Justin's gonna be leaving us on. We also had a discussion about Ipfs integration department lined up over, Dan and Brent are both not here and Anders, who would kind of kicking that off for us, was kind of saying that. Maybe we ought to wait off for that. Once I think we're not going to discuss that much. We have Somebody with strong opinions to do so today. And then Matt you wanted to talk a little bit about pot Versions coming out to\nMatt Heon: Sure I can give us another video that's\nTom Sweeney: Okay, go and talk about that after Justin finishes. So with all that, just welcome to the meetings. Nice to have you here. And please leave it off.\nJustin Jereza: just, Going forward.\nJustin Jereza: Okay, so I said, put my plug in the issue that she could make up to the hospital and said. It's scary. And\nValentin Rothberg: No.\nTom Sweeney: Yes, it looks good.\nJustin Jereza: Happens. Is that\nJustin Jereza: but,\nJustin Jereza: Okay, so what happens?\nJustin Jereza: create password and the bottoman base. So that's\nJustin Jereza: so he followed by the office, why\nJustin Jereza: The problems. Where he?\nJustin Jereza: So, you can see here.\nJustin Jereza: That's the problem. so,\nJustin Jereza: so this thing that we'll find it. And it's a series of Department of events that you.\nJustin Jereza: That's the senior, and File. And finally,\nJustin Jereza: So that's even presentation. There. Yes.\nJustin Jereza: And I think Chris also got the supposed and that this Are almost.\nJustin Jereza: presentation. and finally,\n00:05:00\nJustin Jereza: that's US Open. before, like, He?\nJustin Jereza: post and with just\nJustin Jereza: And that's what he\nJustin Jereza: so we know for acceptable commandments.\nJustin Jereza: In this case, 25 with the possibility of adding something either. Which were I don't do the same thing. This user host was just take the bathroom people that are so moving experiment. I think we can actually useful person in certainly. And just did and just innovation somewhere that you can do the classroom and password you.\nJustin Jereza: And that would eliminate those three. And so far, I hope the industry much\nJustin Jereza: So that's the community. What? It boils down to we have These six options and how do we move forward from there? And the presentation give him what's mentioned in the issue and what\nJustin Jereza: the status.\nJustin Jereza: So I don't I think that's it. You guys have any comments on this?\nTom Sweeney: I have a hard time following a little bit as well just know, because the audio was kind of Creaky or monthly I guess. I don't know. Any Valentin or Matt. Do you have any thoughts based on this or the discussion that's been going on? And issues.\nValentin Rothberg: no, I did not follow the issue, so I guess it will be hard To, I guess find consensus now in the meeting. on how to move forward, but thanks a lot for the problem. how would you prefer to move forward? Justin?\nTom Sweeney: Ation.\nJustin Jereza: He mentioned in.\nTom Sweeney: Ation.\nTom Sweeney: Ation.\nJustin Jereza: Okay.\n00:10:00\nJustin Jereza: There are.\nJustin Jereza: Of what he? About where as the corresponding. Password entries into the container energy that Doctor doesn't have.\nJustin Jereza: The second part.\nJustin Jereza: You Want to show you often a different example.\nJustin Jereza: What he\nJustin Jereza: and create a course on YouTube option, that would be the same for groups. Even. We place the objects or remove the entirely and need able to presentation. that you\nJustin Jereza: I said,\nJustin Jereza: The time.\nMatt Heon: Comments after everything.\nJustin Jereza: sorry, I\nTom Sweeney: I've just added it.\nJustin Jereza: saw the Side. And\nTom Sweeney: It's in the.\nTom Sweeney: Yeah, it is in the agenda, not just added it into the Google meet chat as well\u2026\nJustin Jereza: yeah.\nTom Sweeney: if that's easier.\nMatt Heon: I will say that there's going to be resistance to the idea of moving any functionality away from existing, I can use this. That is The reason we added a lot of this was for convenience and we recognize that it's not necessarily completely compatible Maybe it's not been cases The ability to just do and use your smile user and gets a fairly musical session is important. So I think that we don't necessarily want to take\nJustin Jereza: so, I'm thinking basically how about just organizations down here. So,\nJustin Jereza: okay, reduce to lose you.\nJustin Jereza: and Then for user Presentation says, but he\nJustin Jereza: And that's\nJustin Jereza: then finally, He?\nMatt Heon: I don't know if we want to stream sleep system behavior. You can definitely additional offense that are going to guarantee creation of guarantee modification. The password, I'm not at all close to that, thought it always that. If we were to modify the behavior of existing usually group options, we are going to break people. It is hardly\n00:15:00\nJustin Jereza: The user options. Anything like you just and us and that's what.\nJustin Jereza: lead to, I just\nJustin Jereza: Completely others are how? And yeah.\nJustin Jereza: You thought so then?\nPaul Holzinger: So, maybe the question is What does the problem with? Adding the Entry, it is then actual problem, like something preventing you from getting us to work. Or it's just a different in, if you look at the fire because I don't, See. Why your container image would care that much,\nJustin Jereza: yes, I don't think. That he needs it from how God, it deserves as an impact. Okay. Yes if\nJustin Jereza: I don't really see any. So, If you guys inside that, Hector, and it's okay. But I think that, okay.\nPaul Holzinger: Yeah, because if we would remove adding the entry, then stuff could change behavior, right? If you ask what's your username in the container? If there's no entry Then You cannot know. So, for Portman uses that, it's a potential recreation and we try to avoid making this change. And if there's no reason for this change, just other than toca compat, but there is no one who breaks. I don't see why Be sure to change it at all,\nJustin Jereza: It's yes, a difference in behavior, not that I really believe that. it's 25 anything wrong with And differently. The problem that's handled.\nMatt Heon: If I remember correctly, this was originally added as convenience functionality, or ruthless pot man. I don't remember the exact context of that that there is a reason why we put it in the first place. if I had an opinion here would be that it's That it's not consistent because I'm 90 I don't have the code in front of me, but I kind of remember what it looks like. And I'm pretty sure the 90% of circumstances were not going to change password and group, but in the 10% circumstances that we do, it could be confusing. So we definitely have a documentation problem It's not going to be clear to users. Why these changes? Have. But what do you call it? I don't necessarily know.\n00:20:00\nPaul Holzinger: Seen the big use case, I think is the user anders keep which sets your user ID and then in the container you want, the classic Toolbox use case basically so, You want your user copied in and\u2026\nJustin Jereza: He?\nPaul Holzinger: and behave it, The same. I think it was probably edit because of something like that.\nJustin Jereza: I think that basically just thoughts, and in the editor that I can see, And I think that's the three box situation where you would want it. That's inviting so, I did where it's a reason. Why this in You should increase. so,\nJustin Jereza: I think that's a good.\nJustin Jereza: Within the big nation. Yeah.\nJustin Jereza: The next thing happened. we're getting the functionality of the group. the other thing is,\nJustin Jereza: I like this. Okay.\nJustin Jereza: The name of the user. And so it's the line that shows you. And in this case instead of coffee, which I believe in this case, yes, that's the name of the house. He?\nJustin Jereza: Said.\nJustin Jereza: I did, he just\nJustin Jereza: I mean problems and\nJustin Jereza: Keep. I just\nMiloslav Trmac: Okay, I think using group ID in the Group Name. Field is just not going to work. So if we are doing that, I don't know whether it's about that we can always fix. I'm not familiar with the code but there's definitely something\nJustin Jereza: So let's\n00:25:00\nJustin Jereza: Know.\nMiloslav Trmac: Bottle bubbly. I mean we kind of invent an entirely new random name. Just the principle of the thing is that there has to be a name India.\nMiloslav Trmac: Or. Maybe actually not. I'm sorry\u2026\nJustin Jereza: So I guess one way to think about this,\u2026\nMiloslav Trmac: if you are Edina and entry.\nJustin Jereza: this will you mind space on whether they're actually?\nJustin Jereza: So in the case of, I think that options they should follow you in this case, The. Saves me. But he accepts and happening on both. when it comes into the containment and not presentation,\nJustin Jereza: and then,\nJustin Jereza: that's,\nJustin Jereza: But if we did have that, then both of these will also look at the host.\nJustin Jereza: Coffee here. It's probably really the last two. Which should allow me to. I\nJustin Jereza: And so password, and something that has books\nJustin Jereza: You and the same, it's good for you to hold and Just talking.\nJustin Jereza: the wheels are the people who really\nJustin Jereza: Wow, happy and the post.\nJustin Jereza: Silently as well.\nJustin Jereza: But I think if\nJustin Jereza: and the issue I\nJustin Jereza: Specifically. And whether they should be probably from the host or not,\nJustin Jereza: It's here.\nTom Sweeney: So I'm hearing a bit of silence here and I think people need some time to digest and take a look at the issue on Github and we probably ought to wrap this up in a few more minutes just in. Is there anything else you'd like to ask her say\n00:30:00\nJustin Jereza: It just something that has to solved immediately, it's just\nJustin Jereza: it's right education.\nJustin Jereza: and there are matrix. so,\nMatt Heon: I'm going to tag Dan Walsh on this issue. That is like, he's not in the meeting right now, but I think it was the original instigator behind Ad.\nJustin Jereza: Yeah. So if you have any more and protectively, we're done.\nJustin Jereza: if you guys think I've been right, yeah.\nJustin Jereza: that's,\nTom Sweeney: Sorry, I'm talking away on mute which isn't very helpful at all. Justin, thank you so much for coming today and getting this discussion going and I'm sure it will continue on inside Github and I RC and Matrix going forward. Matt's, you have plot, Coming up pretty soon. You want talked about that a little bit.\nMatt Heon: Let's see. So we are getting ready for for six. We are in Rc2 right now and Ashley correct me if I'm wrong but I expect a final release and\u2026\nJustin Jereza: E.\nMatt Heon: sometime early next week. Is that what we were planning or am I wrong?\nAshley Cui: I thought we were putting the release today.\nMatt Heon: Okay, that's early that I was expecting but that gives everyone something to look forward to after this so pod, 4 6, final probably. Today, we are still expecting to do a four seven. We were expected to do with this summer, but honestly, at this point, it's probably gonna slip into September, but I would expect a four seven in early fall, I would call it and then a four eight somewhere in the February ish timeframe. four six it's a moderately large release, it's a fairly substantial feature release. It's been a while since I looked at the, What do you call the voice notes? But it's gonna have some interesting things. I think this is not\nMatt Heon: Is this one of the bigger releases for what? I call it Admin Machine? I'm thinking we added something big there at the point is slipping my mind.\nAshley Cui: Not a big feature, but a big fix. I think for stabilization.\nMatt Heon: That's worse. Yeah, we have a lot of bug fixes in system service. We have a spattering of each releases everywhere and generally speaking, I am expecting a 461 and a week or so that'll have a bunch of public fixes it based on any issues, the release happens. And then of course seven maybe six weeks thereafter and four seven is going to include a couple other interesting features. I'm hopeful that we can get some additional windows support in the pot and machine, especially man on hyper-b. We're putting a lot of work in there and I don't want to speak for Brett because he's not here. Maybe we will also have some things. osx native virtualization. let's see. and that's probably the odd, man, composed work that Valentin has been working on the other that just landed. So, feel free to look at that comments.\n00:35:00\nMatt Heon: Yeah, that's about it Wise any questions?\nTom Sweeney: I'm hearing silence.\nAnders F Bj\xf6rklund: When would this come to the apartment machine or core OS?\nMatt Heon: Usually, we expect that poor to six week. Basically, we have to get into fedora. Then we have to work our way through the fedora core os, unstable, streams until it's in stable. So, we usually expect to lag by about a month six weeks. It could easily be faster on that, but it usually takes this year or a couple weeks beyond that, so you get at Paul's compose. Exactly. So there is a substantial time.\nTom Sweeney: Must not this particular Pac-Man release but any partner released in general, right?\nMatt Heon: Yeah. If it is a particularly important noise, if we had some absolutely critical bug fixed in, there are ways we can expedite, but we prefer not to do that because it puts more workload on us, it with your work, run the F cost team. And generally speaking, no one likes doing this. So, if we do not have something extremely urgent, we're going to go through the soap process which\nTom Sweeney: It sounds good. Right, I'm not sure if I mentioned this after I started the recording but we're going to pass on the ipfs integration into Pod man topic that we had on the agenda today we're going to push that out later or perhaps even postpone it further discussions to go offline on that and then given that I am going to open up to any topics or questions at this point in the open discussion session. If I have anything they want to talk about or ask questions about\nTom Sweeney: It's two centigrate equipment. you're considering I'll just note when our next For the Cabal again will be Thursday. August 16th 2023 at 11am in our community meeting is coming up very soon. It's actually just a little under two weeks now, I guess. And that's going to be on Tuesday, August 1st. Also at 11:00 am. I would love to have topics for other? I have one topic for the community meeting at what it is right now but I don't have any flickable at this point. So if you have suggestions for topics that you'd like to see or presentation better yet present on Friday, those meetings, I'd love to hear one last call. Any further questions, comments. Why is I'll stop the recording?\nJustin Jereza: And sorry guys. I\nMeeting ended after 00:38:36 \ud83d\udc4b\n")))}ni.isMDXComponent=!0;const ai={},oi="Podman Community Cabal Meeting Notes",ii=[{value:"September 21, 2023 11:00 a.m. Eastern (UTC-5)",id:"september-21-2023-1100-am-eastern-utc-5",level:2},{value:"Attendees:",id:"attendees",level:2},{value:"September 21, 2023 Topics",id:"september-21-2023-topics",level:2},{value:"Meeting Notes",id:"meeting-notes",level:3},{value:"Default settings for Podman 4.7",id:"default-settings-for-podman-47",level:4},{value:"Open discussion",id:"open-discussion",level:4},{value:"Next Meeting: Thursday, October 19, 2023, 11:00 a.m. EDT (UTC-5)",id:"next-meeting-thursday-october-19-2023-1100-am-edt-utc-5",level:3},{value:"Possible Topics",id:"possible-topics",level:4},{value:"Next Community Meeting: Tuesday, October 4, 2023, 11:00 a.m. EDT (UTC-5)",id:"next-community-meeting-tuesday-october-4-2023-1100-am-edt-utc-5",level:3},{value:"Possible Topics:",id:"possible-topics-1",level:4},{value:"Raw Google Meet Transcript",id:"raw-google-meet-transcript",level:3}],si={toc:ii},ri="wrapper";function li(e){let{components:t,...n}=e;return(0,me.kt)(ri,(0,K.Z)({},si,n,{components:t,mdxType:"MDXLayout"}),(0,me.kt)("h1",{id:"podman-community-cabal-meeting-notes"},"Podman Community Cabal Meeting Notes"),(0,me.kt)("h2",{id:"september-21-2023-1100-am-eastern-utc-5"},"September 21, 2023 11:00 a.m. Eastern (UTC-5)"),(0,me.kt)("h2",{id:"attendees"},"Attendees:"),(0,me.kt)("p",null,"Aditya Rajan, Anders F Bj\xf6rklund, Ashley Cui, Ed Santiago Munoz, Jake Correnti, Justin Jereza, Lokesh Mandvekar, Martin Jackson, Matt Heon, Miloslav Trmac, Mohan Boddu, Nalin Dahyabhai, Paul Holzinger, Tom Sweeney, Valentin Rothberg"),(0,me.kt)("h2",{id:"september-21-2023-topics"},"September 21, 2023 Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"Default settings for Podman 4.7",(0,me.kt)("ul",{parentName:"li"},(0,me.kt)("li",{parentName:"ul"},"zstd:chunked + gzip by default"),(0,me.kt)("li",{parentName:"ul"},'default_rootless_network_cmd = "pasta" by default'),(0,me.kt)("li",{parentName:"ul"},"Deprecate podman generate systemd"),(0,me.kt)("li",{parentName:"ul"},"Deprecate CNI"),(0,me.kt)("li",{parentName:"ul"},"Others")))),(0,me.kt)("h3",{id:"meeting-notes"},"Meeting Notes"),(0,me.kt)("p",null,"Video ",(0,me.kt)("a",{parentName:"p",href:"https://youtu.be/By7wb1tOvLc"},"Recording")),(0,me.kt)("p",null,"Meeting start 11:02 a.m. Thursday, September 21, 2023"),(0,me.kt)("h4",{id:"default-settings-for-podman-47"},"Default settings for Podman 4.7"),(0,me.kt)("p",null,"RC1 is out now, possibly RC2 this week, and Podman v4.7 final next week.",(0,me.kt)("br",{parentName:"p"}),"\n","Configuration changes discussion. SQLite DB is not default but is available. Matt would like to swap the default DB to SQLite for the v4.7 code. Not currently in the main branch, but can be done easily."),(0,me.kt)("p",null,"Tom asked if it could be done for RC2. Might be too soon to release. Could we do Podman v4.8 in late Fall, then v4.9 in January 2024?"),(0,me.kt)("p",null,"OK for 4.8, maybe to do for late November/Early December and then target RHEL 4.9 for RHEL."),(0,me.kt)("p",null,"For 4.8 we will do SQLite, and then plan around what else will fit in there."),(0,me.kt)("p",null,'Valentin brought up that there is work to be done before just flipping it. He also thinks we should not merge "features" into any RC. Can be toggled by containers.conf setting.'),(0,me.kt)("p",null,"Podman v4.7 has branched, and changes to main can be done now with SQLite being the default."),(0,me.kt)("p",null,"zstd:chunked not ready for primetime. Giuseppe says to push out for now and not deliver. Hopefully to be completed in the next few weeks. Maybe in time for RHEL 4.8. However, Valentin is concerned this might break existing images and it should be pushed to Podman v5.0. Risk management needs to be completed before we add it in."),(0,me.kt)("p",null,"zstd:chunked needs a lot of soak before we deliver for RHEL. It won't be ready by Podman v4.8. A meeting to be held later to discuss delivery in more detail."),(0,me.kt)("p",null,'Default network to "pasta". Paul doesn\'t think this is stable enough now. He wants to wait for networking stuff to get working. Mostly work to do in Podman, a little from the pasta project folks. We will need to get a prioritized card for pasta development. '),(0,me.kt)("p",null,"About a week of coding for Paul, then dealing with port forwarding and adjusting from there. That's harder to estimate the time necessary. The team needs to prioritize this. Matt would like to see this in Podman v5.0. Users are using it now, and are fixing bugs and stabilizing."),(0,me.kt)("p",null,"Podman v5.0 delivery sometime in early summer is current thinking, but not a commitment."),(0,me.kt)("p",null,"A lot of the breaking changes anticipated for Podman v5.0 are 'podman machine' related, and less likely to be in the Podman commands."),(0,me.kt)("p",null,"Podman v5.0 list of features doc to be put together by Matt in the next week or two."),(0,me.kt)("p",null,"Deprecate podman generate systemd is deprecated, but not dropped. A warning is issued now, no new features only. It could be kept as deprecated for Podman v5.0."),(0,me.kt)("p",null,"Matt talked about dropping CNI in Podman v4.8, Tom questioned if it should be Podman v5.0. Matt will put a deprecated notice in soon. Then Brent is fine with dropping on Podman v5.0, Brent to put it together."),(0,me.kt)("p",null,"Ideally, Brent thinks Podman v5.0 in the early Spring 2024, then v5.1 before Summit in May 2024. Paul is concerned about showing too many warnings during runtime for CNI but is good with documenting."),(0,me.kt)("p",null,"Tom to run down the deprecation notice of CNI in RHEL 9.3."),(0,me.kt)("p",null,"Anything else to be changed in Podman v4.8? Brent would like a containers.conf version 2. Brent would like JSON.config to be the same for all providers in podman machine. Also, a transition from v4 to v5 of podman machine would not be a thing, to be debated."),(0,me.kt)("p",null,"Brent is looking to not overtax the team on machine migration issues."),(0,me.kt)("p",null,'Specgen work is also being considered for remote capabilities. We may also need code refactoring between "local" and "remote" within the code.'),(0,me.kt)("p",null,"A discussion to be put into GitHub after the initial changes are identified by Brent, Mark, and Matt for what changes should be in Podman v5.0. So the community can add their own thoughts and requests there."),(0,me.kt)("h4",{id:"open-discussion"},"Open discussion"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"None")),(0,me.kt)("h3",{id:"next-meeting-thursday-october-19-2023-1100-am-edt-utc-5"},"Next Meeting: Thursday, October 19, 2023, 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h4",{id:"possible-topics"},"Possible Topics"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"None discussed")),(0,me.kt)("h3",{id:"next-community-meeting-tuesday-october-4-2023-1100-am-edt-utc-5"},"Next Community Meeting: Tuesday, October 4, 2023, 11:00 a.m. EDT (UTC-5)"),(0,me.kt)("h4",{id:"possible-topics-1"},"Possible Topics:"),(0,me.kt)("ol",null,(0,me.kt)("li",{parentName:"ol"},"None discussed")),(0,me.kt)("p",null,"Meeting finished 11:54 a.m."),(0,me.kt)("p",null,"Raw Meeting Chat:"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"Brent Baude11:04\u202fAM\nis it the default in main branch ?\nYou11:06\u202fAM\nAnders, sorry about dropping you the first time, hit the wrong button\nMartin Jackson11:08\u202fAM\nThis was something we talked about previously doing for the 4.7 release\nMatt Heon11:09\u202fAM\nAnd then, unfortunately, completely forgot about... Other priorities intervened\nBrent Baude11:32\u202fAM\nno\nJake Correnti11:42\u202fAM\nget rid of migrateVM in machine. already tagged on gh\nBrent Baude11:54\u202fAM\ni have a question for the team ... but can go last, should be quick\n\n")),(0,me.kt)("h3",{id:"raw-google-meet-transcript"},"Raw Google Meet Transcript"),(0,me.kt)("pre",null,(0,me.kt)("code",{parentName:"pre"},"xrq-uemd-bzy (2023-09-21 11:02 GMT-4) - Transcript\nAttendees\n\nAnders F Bj\xf6rklund, Ashley Cui, Brent Baude, Chetan Giradkar, Christopher Evich, Ed Santiago Munoz, Giuseppe Scrivano, Jake Correnti, Leon N, Lokesh Mandvekar, Martin Jackson, Matt Heon, Mohan Boddu, Nalin Dahyabhai, Paul Holzinger, Shion Tanaka (\u7530\u4e2d \u53f8\u6069), Tom Sweeney, Tom Sweeney's Presentation, Urvashi Mohnani, Valentin Rothberg\nTranscript\n\nThis editable transcript was computer generated and might contain errors. People can also change the text after it was created.\n\nTom Sweeney: Good morning This is Thursday, September 21st, 2023 already just a few days away from fall. This is the Podman Community, Cabal meeting. We have just one discussion point today. So I hope people brought good questions for. So we can fill up some of the time that I'm sure we'll have. And with that said, I'm just going to turn it over to our one topic and Matt had decided to eat that and I'm sure Brent can also jump in. Also And let's talk about default settings for appointment 4.7 which just came up Matt.\n\nMatt Heon: Okay, so we have podman 4.7 rc1 out. Now we're looking for in RC\n\nMatt Heon: We might do an rc2 this week, I'll put it that way. And then we are definitely doing a 47 final next week just to get schedule out the way. And we're at a very late point in this release but it's still not too late for us to discuss certain configuration changes that we'd like to make because we'd like them to soak in Victor or for a while before we put them in Frankly but also because we'd like to get these out as soon as possible. So actually start using them. the more important ones here is switching default database. We had the SQLite driver added in odd, man for six, but we haven't made it default yet. We've been letting it sit and I think at this point, we're pretty happy with how stable it is. We've been running it through I extensively. We haven't had issues. So we would like to swap the default database from both DB to seek light for new installations only in 4.7\n\nMatt Heon: Going to be supporting the BOLD database and if you have a existing volt database you'll keep using it. But SQLite will be the default for new installs and four seven or at least we'd like it to be.\n\nMatt Heon: And I believe there were some other things called out in the default features.\n\nTom Sweeney: Before we go there, Brent had a question in the chat, Matt.\n\nMatt Heon: Sure, it is not the default in the main branch bread. So we would have to get this developed in over the next week. But at this point, this is an hours worth of code. So this is not a difficult thing to get.\n\nBrent Baude: I'm the only reason I asked is it would seem? I mean I want to make the change to so I'm supportive of whatever decision, the team makes, but it was seen reasonable That. For one development cycle, it would be the default in the main branch.\n\nBrent Baude: while we work on for eight or whatever ends up to be, Just so that. We have a little bit of silk time on our own hands.\n\nTom Sweeney: No, would it be possible to do that before our C2?\n\nMatt Heon: We were not initially planning on an rc2. If I worked on it this afternoon I think there's a decent chance we could get it all done. But it would be cutting it very close. Paul and Valentin. You and your answer.\n\nPaul Holzinger: And in my opinion doing this no is not in the purpose of doing an rc1 and it's not expectation and we say we are feature of frozen and we decide to change a critical default which the database is critical. So I,\n\nMatt Heon: Honestly, I don't know when this agenda item was added. I feel like it was intended to be discussed a lot sooner. So I think you're right about that. A lot of these are going to end up being 4.8. Regardless, we are too late in the cycles. Do major things. I don't necessarily view the sequel database as a major thing, just because how much we've tested it. But I agree with you that we are very late.\n\nBrent Baude: Can we not just we branched, right? So do the work and\u2026\n\nMatt Heon: Yeah, we're branch. We can easily throw all this stuff in main right now.\n\nBrent Baude: flick it now and make it a 4-8 target. That would mean, I'm kind of agreeing with Paul here in the sense that Maybelline features is sort of naughty on a release candidates. So, what's the downside of waiting other than it doesn't get out there?\n\nMatt Heon: I think that is the big downside. It's first release will be,\u2026\n\nBrent Baude: Okay.\n\nMatt Heon: it'll go out everywhere. Basically it'll go out to send stream rel etc.\n\nBrent Baude: But it would seem reasonable to me that if we want to soak it at the door, we should have soaked it in Maine. At least that's my Justin. I'll check out after that.\n\nMatt Heon: I'm not going to push too hard for making changes this late in the game. I mean, it's small enough that I would say it's doable but that doable and sensible are different things.\n\n00:05:00\n\nMatt Heon: Given that are we? Okay with saying, No big changes for seven? Let's just change this agenda item to say four, eight, because four eight is looking like our next big release.\n\nTom Sweeney: I have slight concerns of doing that, kind of change for real without it soaking Infidor first. Then we target a 48. Yeah, in between Here in Rome in February.\n\nMatt Heon: Let's see. We're gonna have four eight or four seven out late, September. If we want to do a 4/8 or late November early December, We could do that. It wasn't on the plan, but As long as it's just an upstream release. It doesn't add that much burden. To what we're doing. Does everyone agree with that?\n\nBrent Baude: This is I guess the downside of the forced March schedule. That we've In the past,\u2026\n\nTom Sweeney: Yeah.\n\nBrent Baude: we've Released when we're ready.\n\nBrent Baude: At this point. I could make a strong argument because Hypervy just missed. For seven. I can make a strong argument that I would want to if I was Making decisions and releases were easy. I'd want to 48 in a month.\n\nBrent Baude: but, that's a quicker cadence than we've done as quick and so we've done in a while, but it makes sense. So, that maybe what we need to do is say, before we will Do sequel light. And we need to go back now and talk about a release schedule for eight.\n\nMatt Heon: Valentin.\n\nValentin Rothberg: I think we need to start doing notes because we had this conversation multiple times and in this year, What we said for fedora or discussed was to just make it a conf setting and default it there. So we don't necessarily need to do that in the main garage but one thing we didn't test yet is I don't think we tested it. Is. We need to make sure that even more existing deployments even if we default to make sure that the existing policy database continues to be used. This is something that have not been done yet to my knowledge so we are not ready. To just flip it now. There's still some work to be done. on this front. With respect to.\n\nValentin Rothberg: Merging things into RC and I would block every feature into our RC's. it has a number of times and we came up with the document to never Merge features during RC base, and I think we should continue to stick to it. Otherwise, we just keep on Budding us in the mail. There's a specialty for things that haven't been properly tested or bigger things. They will always introduce regressions. And that is what makes the release process and in the past to make it hard. just a reminder on this front.\n\nTom Sweeney: So Europe, are you okay with doing the changes in a 4-8 for this going?\n\nValentin Rothberg: And sure as long as we're ready and as long as upgrade scenarios work. So what needs to work is that unless being specified in containers, where a user explicitly says I want to use SQLite or explicitly things set on the CLI, if the internal default from memory SQLite, there's an existing wall TP database we need to use this multi beat database, otherwise, On update users will not see any of their objects, containers, volumes networks, etc anymore.\n\nMatt Heon: contested, in my view, I\n\nValentin Rothberg: Our absolutely but it's an item that hasn't been done for many months now and it's something we need to do before, flipping the default and before refreshing it. It'm not saying it's hard, I'm just saying it needs to be done.\n\n00:10:00\n\nTom Sweeney: Yeah, where does 47 live? It's still up in Maine. Is the branch. Okay.\n\nMatt Heon: That's branched already. We branched before RCS.\n\nTom Sweeney: So we could make the changes of main at any point in time.\n\nMatt Heon: at this point after thinking about 4/8, the sooner the better otherwise we will forget about\n\nTom Sweeney: Yeah. That's my thinking as well.\n\nMatt Heon: Are I think we've come to a general decision here? That we're going to do The only question is how we're going to do for it, whether it's going to be in earlier release. We have a guaranteed release coming out in February, are going to do it release for that and have February before nine. So I think we can move on the assumption that the release schedule will be decided. Later is everyone comfortable?\n\nMatt Heon: All right, the next default we wanted to talk about was Z standard chunked. Plus Gzip split compression. We do not have any in the room. Discuss Anyone else here? Sufficiently comfortable with Formatting to talk about this because frankly, I'm not as up to speed on this as I should be.\n\nTom Sweeney: Giuseppe would be our other person, perhaps.\n\nValentin Rothberg: Yeah would also point to Giuseppe which Giuseppe you mentioned at least chunked isn't yet? Ready for prime time, right?\n\nGiuseppe Scrivano: Yeah, it's not really. There is still an open issue in continuous image, that needs to be merged. So I think we should postpone it for now.\n\nPaul Holzinger: I think what then was throwing around was always like that. You push this multi manifest thing with Statistity and Jesus. By default, I think that was what then wanted so that, new clients can benefit from the faster. So that's really pulls.\n\nGiuseppe Scrivano: Yeah, but still then first of all the feature it needs to be manually enabled and second it's not ready without The changes that the containers image, it's kind of broken.\n\nGiuseppe Scrivano: So, I mean it's fine for our performance, but Without that changes, it's not really usable, right?\n\nTom Sweeney: This is something that you think will be ready by a late November or February timeframe Giuseppe or beyond that.\n\nGiuseppe Scrivano: I'm working on that. I mean, I hope this will be done in the next. Few weeks.\n\nTom Sweeney: Okay.\n\nValentin Rothberg: I think this is something very critical. because,\n\nValentin Rothberg: Whatman is being used. So if the goal is to compress images by default with C standards with C standard compression, this can break a lot of deployments.\n\nValentin Rothberg: So I think in my opinion this is something important. Because imagine\u2026\n\nTom Sweeney: August.\n\nValentin Rothberg: if you have a build plan, you use the apartment, let's say department knowledge or you updated or on your server people pipeline, you build the image, you push it. And suddenly Your clients or your deployments outside in a while. Start to break because they do not support these standard yet, maybe all the versions of docker, maybe very, very old versions of Scorpio appointment or build up this. This can break.\n\nPaul Holzinger: but the ideas to push both compression formats now 12 a period where you push set the city in Jesus which of course is Ben Roeth more expensive and time but I think that was what then was always suggesting\n\nValentin Rothberg: This could in theory break as well, if the deployments expect a single image manifest and not an OCI index on the registry. So, I guess we're pointing at this.\n\nValentin Rothberg: Before deciding this default. I think we need to do some I don't find a better word. Sorry risk management of which things may put everything on the desk and then look at all potential risks and then check whether you're comfortable doing. But this changes. One, or how images look like in the nature of images? And this is something we're\n\n00:15:00\n\nValentin Rothberg: feeling uncomfortable.\n\nTom Sweeney: I think it's valid concerns, but are you comfortable with delivering automaton 5.0? in real next year, just worth waiting, not long for the zsd chunk, and we can push back, if it's not in before then.\n\nValentin Rothberg: I would even challenge whether it's reasonable for apartment image, push to push a manifest, if there is a portman manifest push. So I think we're at the risk of conflating or breaking things. So, I would even question whether we should do it or not. So, I can't really answer that. That's all.\n\nTom Sweeney: Okay, that's fair.\n\nMatt Heon: What I am hearing here is that we are extremely uncomfortable with this going into Rel first. So, this absolutely. I mean, even if we do a four, eight four hand, it sounds like it's probably not going to be ready. This does sound like It's a lot of additional testing. So this is if we're doing something between the February release and the next little release that this is potentially good time frame for that sound I mean, assuming that we can make it work.\n\nValentin Rothberg: I think we should follow up on this soon. So that we make sure that, The thinking continues about the issues or about this particular issues, how do we want it to behave? What are we trying to achieve in? What are we at risk of breaking?\n\nValentin Rothberg: At the moment it's just me throwing my foot in the door\u2026\n\nMatt Heon: Okay.\n\nValentin Rothberg: but I would be curious. I don't see. Minnows left in the meeting but nalin has to build specialist. what are you feeling about this?\n\nNalin Dahyabhai: Again.\n\nValentin Rothberg: How do you feel about the idea of just pushing these multicompressed image manifests that are a single image on apartment push?\n\nNalin Dahyabhai: No. I don't think I have any thoughts that haven't already been waste about additional bandwidth and I mean I'm not really worried about compatibility with registries at this point.\n\nNalin Dahyabhai: the bandwidth is the compute for compression because when you're building a cluster it's Compression actually is one of the more expensive parts.\n\nChristopher Evich: This should work with the new.\n\nNalin Dahyabhai: but,\n\nChristopher Evich: I mean zooming gets into pod It should work with the new Farm builds, right?\n\nChristopher Evich: Listen Theory.\n\nNalin Dahyabhai: I thought we did this push time, so we didn't actually modify the images when they were on disc because they're not compressed on disk when you build them.\n\nValentin Rothberg: Form build is something awful about this Creating Multi-arch Manifest Lists easier. But it doesn't address. The issue of compression, algorithms. US trying to push for C standard as the new standard.\n\nMatt Heon: I definitely. Are we comfortable leaving this here? And doing a follow-up later with more? I think we're really suffering. We're missing. less. Love and Audi, and Dan. Would be okay with having a meeting later. We'll have more people who actually know a lot about this in the\n\nTom Sweeney: Yeah, I think that's a good idea.\n\nMatt Heon: All right, in that case, I propose that we move on to the next one, which is setting default network command to pasta by default.\n\nMatt Heon: Paul. This one is mostly Feelings on it. Are we stable enough to do this?\n\nPaul Holzinger: No. I mean, it depends. The biggest problem is that the outstanding work that we need to deliver the ruthlessness logic if you use named networks, And that's still hard coded to Slurp. So as long as that isn't the rest that I don't see a pointed defaulting to Pastor for the normal problem. Because then, that means that every distribution. Definitely needs to require both SD product for example. it's\n\n00:20:00\n\nPaul Holzinger: yeah, I don't particularly you see the benefits of switching it before. The networking stuff works really.\n\nMatt Heon: Okay, and this is mostly the pasta. Maintainers not us.\n\nPaul Holzinger: Know that would be me and also a bit on pasta but The thing how it works is that we have these intermediate namespace and inside of namespace, we just use But never work with pitch networking, but to connect this intermediate namespace, with those namespace, you need and the ruthless networking tool. So, I love or pasta and since this was written, two and a half years ago, that it just uses slow. And now I need to convert this code and that's not particularly\n\nPaul Holzinger: evie, I would say that there are Their corner case of everywhere, basically. And then assumptions And, when I touched the code, I try to make it better. So A bit of a longer process. To get this done.\n\nPaul Holzinger: Thought of I always have it in my queue, but it's always something comes on top of it usually. So, I didn't progress in the last week.\n\nBrent Baude: Why are we coughing with my name?\n\nTom Sweeney: How much time?\n\nMatt Heon: Really, it sounds like this switching to pasta by default is enough work that we're going to need. It's not going to get done unless it's prioritize is what I'm hearing from Paul. Does that sound Acc?\n\nPaul Holzinger: It would make it much faster. If we say that the priority, but,\n\nBrent Baude: But you guys get the prioritize as much as I do.\n\nTom Sweeney: sometimes you think Paul,\u2026\n\nMatt Heon: All right.\n\nTom Sweeney: if you were just single way devoted to wrap it up, You talking?\n\nPaul Holzinger: the problem is coding, not like I know what needs to be done and writing a code. That's maybe a week of work. But then making sure that all comes together. and Everything works. one outstanding problem. Why? I haven't devoted more time on it. If port forwarding problem. So right now, what really happens. Is that with forwarding? We use the routers port process. So that's a process that respond to a container.\n\nPaul Holzinger: And the problem is that this process is it's a dumb. Proxy basically and it makes it source IP. So that's the biggest complaint with ruthless networking and the port forwarding, We have My Source IP and in your website a lot. That's Not very good for auditing stuff. but someone's compromised and you don't have to iPS and I don't have a good answer to the port forwarding problem with possibly can do port forwarding. But it's missing the option to do this dynamically. So as we As respawn. we would only have one part of the process in this rootless, networking scenario. and that means we need to Forwarding capabilities\n\nPaul Holzinger: And that's not impossible. I talk to the person maintenance day. we are on an agreement that can be done and They accept pensions, but it's like, somebody needs to prioritize and make the work and So it's kind of stuff.\n\nMatt Heon: Fair enough. Personally, I would love to see this in Fibo, so That gives us a fair bit of time, but it would be very nice to have fivo with the improved networking.\n\nPaul Holzinger: Yeah, definitely. And I mean, Right now, we have a lot of Users trying it out just a regular pasta with Putman, Run Dash network pasta. and there we are able to, Fix the many bugs already. So I think it's getting in it to a point where it's definitely stated enough to say we do this before. So,\n\n00:25:00\n\nMatt Heon: Anything else on this? I think we know what needs to be done. We know it is a lot of work and it's probably going to need to be bubbled up in priorities at some point. But anything else\n\nTom Sweeney: I don't know. I don't need a hard answer to this, but what are you thinking for? Five, vogue delivery timeframe. Are you thinking next summer?\n\nMatt Heon: Yeah. Sometime early summer issue.\n\nTom Sweeney: Okay.\n\nMatt Heon: think we were thinking about this was potentially the next release after the February drop. Although we have options here again if we've really feel like we need some soak before five. we can give it less time and have an intermediate.\n\nValentin Rothberg: I think if we really want to push 50 through and it should be for or before relative Because I guess in 9. I think we can't ship five.\n\nTom Sweeney: So you're thinking a 501 say early spring and then five one for real 10, possibly.\n\nValentin Rothberg: I don't know. But it would make what makes sense to have? some sort of time or five hour and fedora before throwing into\n\nTom Sweeney: Yeah.\n\nMatt Heon: And for reference here, a lot of the breaking changes. We're thinking about in five though, we're going to be machine stuff so not directly relevant to the rail schedule. This is mostly getting podman machine in a more sane position than it is right now.\n\nValentin Rothberg: A couple of comments in our code and upstream issues that would impact Rel as well.\n\nMatt Heon: Yeah, of course, we have a lot of accumulated, 50.\n\nPaul Holzinger: Yeah, I find that. More useful to make a list of what we want to do for five and maybe we're talking the speaker about containers comfort, for example. and I've find out how to set a deadline without seeing what we want to do first,\n\nMatt Heon: But I'm really hearing is that we probably need a 50 doc at some point like this or next week that we can just start accumulating. What needs to be done and from there, we can figure out exactly what's out and\u2026\n\nTom Sweeney: Yeah. This next one, but\n\nMatt Heon: what the schedule is.\n\nMatt Heon: I'll take responsibility for making that. I can do it after lunch. anyways, if we are okay with saying that 50 planning can wait, I think we have a couple things that are slam dunks before eight. Those being cni and deprecating on man Generate system D. Of Valentin. Did we already deprecate generate system D or was that just being discussed?\n\nValentin Rothberg: It is already deprecated, but not dropped. So, deprecation Since there are multiple interpretations of what In this case, we said deprecation to just encourage users. That will be a warning now being emitted and using it pointing users to qualit. known your features will be added only, important bug fixes will be edit, we could consider dropping it entirely with Botman 5 adult, but it's used generate system. D is used in many pipelines.\n\nValentin Rothberg: And personally, I don't think it hurts to keep it around if we can spare some Edmonds, some very hard time for sure. I would love people to jump on quadland but the duplication will at least or hopefully be sufficiently annoying at some point that people will jump to it and we also didn't, because Internet System has been out for a long long while. So even experienced popmen users,\n\nMatt Heon: So I think that deprecate what you said emitting warnings and putting in the man pages that it's going to be dropped, at some point is sufficient. at this point, the only question is whether we do that to CNI as well and now that we have the plugin system and net of arc, I think the answer is yes.\n\n00:30:00\n\nTom Sweeney: For 5.0.\n\nMatt Heon: I for eight. Potentially drop an entirely in 50.\n\nTom Sweeney: Yeah.\n\nMatt Heon: Brent's.\n\nTom Sweeney: Doesn't mean to Matt.\n\nBrent Baude: No. Both of you to No, I don't think we should drop. Until? The net filter stuff is done. Or was it Nettables or whatever? It is the one that we haven't done needs to be done?\n\nMatt Heon: We are no worse than them in that respect. They do not have.\n\nBrent Baude: At the same matter.\n\nMatt Heon: I'm thinking about this in terms of, Can we get it out before Rel 10?\n\nBrent Baude: All what's the real question?\n\nPaul Holzinger: Yesterday.\n\nMatt Heon: I think.\n\nBrent Baude: What are you really asking to do?\n\nMatt Heon: one prop, C, and put a deprecated notice in Maine right now, do it today,\u2026\n\nBrent Baude: Yes, that's fine.\n\nMatt Heon: Two. Figure out what the first release going into rallies and drop CNI before that, or at least conditional compile. and don't compile it into 10. Because if we put it in 10, we are guarantee. We have to support that for the next 10 years.\n\nBrent Baude: No, there's no doubt about that. So 50 to me would be the drop time. I had to excuse me myself but I was able to hear the conversation. I had an interruption here.\n\nBrent Baude: So that's fine On the podman 5 other thing. I'm gonna start a document here shortly. The problem that I'm having is that we have yet undefined requirements from the desktop team, On what this needs to be done, on And as far as five timing, In the most ideal world. Five, all gone out in early spring.\n\nBrent Baude: Five one will be. Something. That's real or 505. Pending on. How we do coming out the door, but something like the second release. Coming just before. Red Hat Summit. So, If I had mine, most ideal schedule, that would be it. And there should Not spend a lot of time thinking about why I would want it that way. The desktop team is going to do some splashes probably there. and it may very likely require some Change in our behalf to be able to support them to do that.\n\nBrent Baude: But that's all undefined right now, so that makes it a little fuzzy. But we should start final adopt that starts, talking about things. We're going to We already know that that's unrelated to machine. And anything else? Also, talked about containers Comp. Evolution. So there's plenty of things we could, put in there right now and start talking about. It probably warrants. A series of short conversations about things and then we can dont in a document. the folks are okay with that, and I'm happy to leave that effort.\n\nTom Sweeney: It matters talked about doing similar thing, but sounds like it's a combination.\n\nBrent Baude: Yeah, I heard that I probably should own it since the decisions are probably in the end to Mark and I'm on some of the stuff,\u2026\n\nTom Sweeney: Yep.\n\nBrent Baude: yeah. That. But otherwise, I think everything else is online. Matt, I mean, we're right on top of it. And at this point, late in the 48 game. Let's get the deprecation notices on things and we'll contemplate the actual drop or compile out. Type approach. For five.\n\nPaul Holzinger: What are you talking about? When you talk about deprecation, notice In the code.\n\nBrent Baude: I think we needed to display some sort of cnis going away.\n\nPaul Holzinger: Yeah, and that's where I'm like. That means a warning on every command, if Everywhere really touches the United.\n\nBrent Baude: we can do a suppress thing too to and we know\n\nMatt Heon: Just network create maybe. I mean.\n\nBrent Baude: Yeah.\n\nMatt Heon: Ultimately I would definitely want to see in the man pages and I want to see it on any Korean that creates a new network that is using the old tech.\n\n00:35:00\n\nBrent Baude: That's fair. And then we can get the usual docs and social.\n\nBrent Baude: Social media stuff out there, getting that idea ever out and I wonder too does RPM even maybe have a deprecation approach? when it gets installed to say, Hey, this is Not a thing. Anyways.\n\nLokesh Mandvekar: We can admit warnings maybe when something is installed or updated.\n\nBrent Baude: Paul. I don't know exactly what it means, but it's something along those lines. We don't want to spam people which I think is your concern.\n\nPaul Holzinger: Yeah. Yeah, it's just like putting it in dots is totally fine, but it will miss a lot of people just running in some deployment. So That makes.\n\nBrent Baude: Understood.\n\nPaul Holzinger: It's difficult line to navigate too much spam and not reaching the users. So\n\nBrent Baude: Indeed.\n\nMatt Heon: Going to be gone is critical.\n\nBrent Baude: we can also,\u2026\n\nPaul Holzinger: Will be.\n\nBrent Baude: Probably could do,\u2026\n\nPaul Holzinger: We needed.\n\nBrent Baude: we could do the message on everyone and in the message touch a file here to suppress this warning, so give them an out. There's lots of options.\n\nTom Sweeney: I wonder if.\n\nPaul Holzinger: do we need to change proposal for Fedora or something like that?\n\nBrent Baude: I don't believe so we may need to talk to F cost. But as far as I'm concerned, This doesn't affect them toolbox at me, impact.\n\nPaul Holzinger: No, it doesn't affect two books. They use,\u2026\n\nBrent Baude: Okay.\n\nPaul Holzinger: they use host networking exclusively. So\n\nBrent Baude: Okay, that's even better.\n\nMatt Heon: Realistically speaking, I think that we're going to need a change request for Pod Man, 5, obviously, but I don't think we need to be more specific than that, I I think we can just do one broad. We're upgrading Department 5, It'll have the following changes.\n\nTom Sweeney: I just wanted to, if we should put in early Deprecation, notice into the eight, nine, nine three, docs before it goes out.\n\nMatt Heon: It's not going to be deprecated in eight. Nine CNI.\n\nTom Sweeney: Like Christopher Warn.\n\nMatt Heon: CNI is going to be the standard on eight for the lifetime. I wonder if we already did it in nine I almost feel like we were discussing that at some point but\n\nTom Sweeney: All right, let me run down nine.\n\nMatt Heon: That's another part of why we can actually get away with this. if we're looking at the last major code, drop into related, the next in the very near future. And once that's done, we can actually think about getting rid of a lot of stuff. We were keeping around for eight.\n\nBrent Baude: So, can we Podman into rust. But 50.\n\nMatt Heon: Sure, We're just gonna have to drop machine and compose and I don't know, we'll choose 50% of the code base where we write that that's what you\n\nBrent Baude: Okay, so I guess, I took the ball on the 50 stuff and We'll just do some Meetings to carve out some basic time and some meetings to get Everyone's thoughts for at least written down and then we can begin to evaluate document.\n\nTom Sweeney: Should we move on to the generate system D?\n\nMatt Heon: Sounds good to.\n\nTom Sweeney: Or did we kind of discuss that? Yeah. Yeah.\n\nMatt Heon: That's already.\n\nBrent Baude: in terms of deprecating, it\n\nMatt Heon: It's already deprecated. wonderful thing.\n\nBrent Baude: it's been marked.\n\nTom Sweeney: We just went out of order and I'm just looking at the order here of the agenda. So we're all set there.\n\nBrent Baude: In terms of moving on, I'd be happy to move on to the next thing to talk about.\n\nMatt Heon: The next thing is others, so I guess Does anyone else have anything? They would want deprecated for a potential removal or adjustment in 50. We're not even deprecated. Does anyone have anything they want changed in the future to prepare for?\n\nBrent Baude: I would like a containers comp V2. Do we have that? Written down.\n\nMatt Heon: I don't think it's captured. Yeah.\n\nBrent Baude: Okay.\n\nBrent Baude: I think that there's a submitted one thing for a machine is I'm probably not going to sell this team very hard, but I think that we need to probably make every JSON. Config that keeps track of the machines resources and where everything sits the same across all providers. It is not today.\n\n00:40:00\n\nMatt Heon: I think we really just need to write down major machine refactor and then figure out what stems off of that.\n\nBrent Baude: I think a lot of that will be done in the four versions so specifically, because this may be a breaking change is one of them.\n\nMatt Heon: Yeah yeah we're discussing for eight as well as 50 so I'm like four eight four nine whatever we do before five I think we have to do a lot of refactoring to get ready five.\n\nBrent Baude: Particular one.\n\nBrent Baude: yeah, and I'm also seriously contemplating a proposal that would Make transition from four to five in the machine world. Not a thing. In other words, it's breaking machine release. Over action by users, will have to be taken.\n\nBrent Baude: So that's something that we need to debate the ups and downs of that. But I have good reasons which I know really want to go into right now, but That's a thing. Go ahead Paul.\n\nPaul Holzinger: and just not explicitly related to machine but General, I think we shouldn't Change things just because we've all benefit, We have a chance to break something that's fine, but that doesn't mean we need to break everything, right? So it's\n\nBrent Baude: Correct.\n\nBrent Baude: And I'm probably trying to dig out a little more space than we need. So that we're not pulling ourselves into migration scenarios that may over tax us. For the simple. Recovery of cloud, man, machine remote padman machine, and your backup. And, running, you just don't have your content. So,\n\nPaul Holzinger: Yeah I mean I think that's a fine assumption for a lot of things but it would be good to know document such as solutions. And anyway if there's a lot of you that later and the machine that's just gone, And I think some users might not really understand the concept If you're a butt reports,\u2026\n\nBrent Baude: Yep.\n\nPaul Holzinger: if you ask the judge recreate the machine and oops.\n\nBrent Baude: And the other bit is, we may be able to do some pinky around. Just\n\nBrent Baude: without some ideas on how we can potentially get around us. I think a Matt there was some stuff which I can't remember around Spec Gen. That we also had contemplated that we're breaking, so it needs somebody that crawl through the spectrum and take a look.\n\nPaul Holzinger: So, the important part is to have a way to define defaults on the server side, with that, comes together with containers.com somehow. because we want defaults on the server side,\u2026\n\nBrent Baude: Yes.\n\nPaul Holzinger: for the most part,\n\nMatt Heon: I think the ideal way to do this would be to refactor. the defaults are set in a common way across local and remote the spectrum gets pretty populated in a sensible way and\u2026\n\nBrent Baude: Yep.\n\nMatt Heon: it's those defaults that get displayed via the command line but that's a lot of work.\n\nBrent Baude: I mean That's kind of what we did when we went from whatever prior to specina. I forget what it was called but To Spec Jen. As we did we did some of that rearranging twisting. So it seems like that. We have to do that again. To deal with remote.\n\nMatt Heon: That is not. Echoical.\n\nPaul Holzinger: And what I would really love. Is some research during around, And what's local? In the code, the separation of concern in these packages, It's a mess. and to be honest, there's a pretty big buck in a lot of things that this rootless checks, we have plenty of them on the client where it makes no sense at all.\n\nBrent Baude: Fair enough. Matt, There's one other big one which is system connection.\n\nMatt Heon: Is this?\n\nBrent Baude: Is going to need to be rehammered out because it was not when John designed that. It was designed for remote and local. Basically, Yeah, I want to add a remote connection, I don't want to type it every time. And then we started using that for machine. so now we've got system connection. That is remote in every sense but it also could be different depending on the provider of the vert machine.\n\n00:45:00\n\nBrent Baude: And so the name of the connection is something like Podman Machine. Default when you don't name your VM, And it's theoretically possible to have Padman machine default with multiple providers. And then we get system connection collisions.\n\nBrent Baude: So we'll probably need to build some robustness into system connection, that allows a provider to be specified.\n\nPaul Holzinger: I would label this and containers.com free, right? And we don't want this in containers that All as you talked about, we don't run to write a containers of confile because that rewrites a personal config file of and you lose all comments. And so on what we mentioned,\n\nBrent Baude: Yep. Agreed.\n\nBrent Baude: Yeah, and maybe more of that needs to go into that world, so that's something and that theoretically could be breaking if we can't figure. To me, that's gonna probably be a breaking change, or we're gonna figure out. If machines are breaking changes, then there's no reason to try to compensate for system connections in my opinion. So,\n\nPaul Holzinger: I had a fun one today. Another interesting thing that's in our flagparticle, there's a thing called strength, light and string array. And I bet only a few people know what that means. what the difference is because if your past a gray flex, you have to chance to at the slice, you can call my separate values and there's an array. You just like I mean that's multiple times. And as it turns out, comma separated values are passed the field three and That is not heavy. If you pass in quotes and other stuff here. Yeah, if you have a regular t35, basically there are rules. And just today usually like this, incredible stupid syntax that you need to use.\n\nPaul Holzinger: If you have this dislike things and we have defined everywhere, for options that accept the five path, that means you cannot have a comma on the fire path and stuff like that.\n\nMatt Heon: We really should just have a litter to detect that. There are very few cases where you actually want string SL.\n\nPaul Holzinger: But the problem is ever noted on the issue, we cannot change. That's what operating somebody because the fees if you figure out the piece and text then you escape it with quotes and so on. but then that means the value, as soon as I change it to array, it's no longer the same That you get when you stream flies.\n\nMatt Heon: Five of stuff. we can break the small portion people who actually do these things. If I know this is the kind of thing where I would say I would argue. It's about Not even a breaking change but we can do it in five hours so we can do it anyway.\n\nPaul Holzinger: Yeah. That's\u2026\n\nTom Sweeney: Yep. Just looking at the clock and\u2026\n\nPaul Holzinger: where I'm getting it.\n\nTom Sweeney: we're seeming to grind on this just a little bit. do we have anything else? Major that needs to get in Can we create a discussion? Perhaps on the Github site for things you'd like to see in 5.0 or has one been created already?\n\nMatt Heon: I don't think we ever get up discussion. That's a good point. I think that we should probably have our internal discussions first, so we can populate. But once that's done, we can get something up and see what people think.\n\nMatt Heon: Completed also probably should have a blog about this, but yeah.\n\nTom Sweeney: Even myself have a place where people can just go ahead and put their ideas and go from there.\n\nPaul Holzinger: Yeah. What one thing if you say we have a deadline next summer, Then I think it's important to focus on stuff that require us some dragging changes because if they talk about features, we can add features at any point, if there are true features like a new command or something, that I think it would be important to allocate resources correctly so that we can get stuff that needs to happen forward and that cannot wait for\n\nPaul Holzinger: if I've got one more whatever.\n\nMatt Heon: Fair enough. We really need to get the docs start before we can start clarifying this. But yeah, I will see how soon I can carve us into the schedule because I think this is an important one start talking about,\n\nTom Sweeney: Like a girl. I think I'm gonna wrap up this particular discussion, Matt, unless you need to talk about anything else and just open up for any questions. Before we wrap up for the day that anybody else said related to this or anything else for that matter.\n\n00:50:00\n\nTom Sweeney: Very quiet. Last chance. Otherwise, I'll start.\n\nBrent Baude: Whether they come on,\u2026\n\nBrent Baude: you waited this long.\n\nTom Sweeney: Yeah. I'll just put in.\n\nTom Sweeney: Just a note for one. Our next meeting Got one coming up pretty quickly for the community meeting that's happening on Tuesday October 4th. I'm not sure that if any topics at this point for that one. So if you'd like to demo something there would love to have people do so. and then, The next cabal meeting will be on Thursday October 19th and both of those meetings will be on at 11 AM Eastern time and both will be daylight savings time. Still, I don't think we flip over until November for Daylight savings time. In this country anyway. And one last chance for questions comments.\n\nTom Sweeney: but otherwise, I'm gonna turn off the recording and we'll wrap that up.\n\nTom Sweeney: Right folks.\n\nTom Sweeney: That is the end of the recording.\n\nMeeting ended after 00:51:17 \ud83d\udc4b\n")))}li.isMDXComponent=!0;const hi=function(e){let{cards:t}=e,n=[],a=[];const[o,i]=(0,Z.useState)(!1),[s,r]=(0,Z.useState)(void 0),[l,h]=(0,Z.useState)(void 0),d=[(0,Z.useRef)(),(0,Z.useRef)()],u=(0,Z.useRef)();var m,c;m=u,c=()=>i(!1),(0,Z.useEffect)((()=>{const e=e=>{m?.current?.contains(e.target)||c(e)};return document.addEventListener("mousedown",e),document.addEventListener("touchstart",e),()=>{document.removeEventListener("mousedown",e),document.removeEventListener("touchstart",e)}}),[m,c]);const p=function(){for(var e=arguments.length,t=new Array(e),n=0;ni(!1)},Z.createElement(ue,null)))),i(!0)};function g(e){const{meeting_minutes:t,meeting_recording:n,date:a}=e;return Z.createElement("div",{className:"inline-flex justify-around bg-white px-8 py-1 dark:bg-gray-700 dark:shadow-none"},Z.createElement("h3",{className:"flex-1 pl-1 text-base text-gray-700 dark:text-gray-50"},a),Z.createElement("a",{className:"flex-1 no-underline hover:no-underline",href:n?.link},n?.text),Z.createElement("a",{onClick:()=>{p(t,a)},className:"cursor-pointer"},t?.text))}Object.values(V)?.forEach((e=>{let t=e?.default((0,Z.useRef)());t?.props?.children?.forEach((o=>{let i=o?.props?.children[0],s=o?.props?.children[1];"string"==typeof i&&(i.includes("BlueJeans")||i.includes("Video"))&&(e?.contentTitle?.includes("Cabal")?n.unshift({date:(e?.toc?.[0]?.value).split(/[0-9]{2}:[0-9]{2}/)[0],meeting_minutes:{markDown:t,modalHeaderData:e.contentTitle,text:"Meeting Minutes"},meeting_recording:{link:s?.props?.href,text:"Watch Recording"}}):a.unshift({date:(e?.toc?.[0]?.value).split(/[0-9]{2}:[0-9]{2}/)[0],meeting_minutes:{markDown:t,modalHeaderData:e.contentTitle,text:"Meeting Minutes"},meeting_recording:{link:s?.props?.href,text:"Watch Recording"}}))}))}));let k=[],y=[];for(let w=0;w<2;w++){let e=a.shift();k.push({date:e?.date,icon:"film-icon",buttons:[{path:e?.meeting_recording?.link,text:e?.meeting_recording?.text},{...e?.meeting_minutes}]}),e=n.shift(),y.push({date:e?.date,icon:"film-icon",buttons:[{path:e?.meeting_recording?.link,text:e?.meeting_recording?.text},{...e?.meeting_minutes}]})}return Z.createElement("div",{className:"justify-content-center align-items-center custom-card-grid-root flex"},t.map(((e,t)=>{let i=1==t?y:k;return Z.createElement("div",{key:`card-container-${t}`,className:"align-items-center card-container mb-4 flex flex-1 flex-col flex-wrap justify-center transition duration-150 ease-linear lg:mb-6"},Z.createElement(le,{key:`custom-card-${t}`,title:e?.title,subtitle:e?.date,details:e?.timeZone,text:e?.subtitle,data:e?.buttons,primary:!0}),Z.createElement(ee.Z,{title:"",description:"Most Recent meetings",textGradientStops:"from-purple-500 to-purple-700 dark:text-purple-500",textGradient:!1}),Z.createElement(he,{key:`subcard-grid-${t}`,cards:i,toggleIsModalOpen:p}),Z.createElement(de,{options:(r=1==t?[...n]:[...a],r.map((e=>Z.createElement(g,e)))),dropdownRef:d[t],text:"Older meeting details"}),Z.createElement("dialog",{className:"bg-stone-200 w-90-screen h-80-screen fixed top-20 z-50 max-h-screen w-fit border-4 border-purple-100",open:o,ref:u},Z.createElement("div",{className:"modal-content flex flex-col"},s,Z.createElement("div",{className:"md-wrapper overflow-y-auto scrollbar-thin scrollbar-track-gray-100 scrollbar-thumb-gray-300 dark:bg-gray-700 dark:text-gray-50 dark:shadow-none"},l))));var r})))};const di=function(e){const{title:t,subtitle:n,button:a}=e;return Z.createElement("article",{className:" my-4 flex max-w-xs flex-col justify-between"},Z.createElement("h4",{className:"text-gray-700"},t),Z.createElement(X.Z,{text:n,styles:"mb-4 mt-2 w-[198px] md:w-64"}),Z.createElement(ae.Z,(0,K.Z)({outline:!0,as:"link"},a)))};const ui=function(){const e=new Date,t=[e.toLocaleString("en-US",{timeZone:"Europe/Paris",hour:"numeric",minute:"numeric",hour12:!1}),Intl.DateTimeFormat("en-US",{timeZone:"Europe/Paris",timeZoneName:"long"}).format().split(",")[1]],n=[e.toLocaleString("en-US",{timeZone:"America/New_York",hour:"numeric",minute:"numeric",hour12:!1}),Intl.DateTimeFormat("en-US",{timeZone:"America/New_York",timeZoneName:"long"}).format().split(",")[1]];return Z.createElement("article",{className:"mb-10 max-w-lg rounded-lg bg-aqua shadow-md dark:bg-purple-900"},Z.createElement("div",{className:"m-4 grid grid-cols-2 gap-x-4 lg:m-8"},Z.createElement("div",{className:"col-span-full mb-5 text-center"},Z.createElement("h3",{className:"font-bold text-gray-300 dark:text-gray-100"},"Current Time")),Z.createElement("div",{className:"text-center"},Z.createElement("h4",{className:"mb-2 text-3xl font-extrabold text-purple-500 dark:text-gray-100"},t[0]),Z.createElement("p",{className:"w-40 font-bold text-blue-900"},t[1])),Z.createElement("div",{className:"text-center"},Z.createElement("h4",{className:"mb-2 text-3xl font-extrabold text-purple-500 dark:text-gray-100"},n[0]),Z.createElement("p",{className:"w-40 font-bold text-blue-900"},n[1]))))};const mi=function(e){let{title:t,text:n,darkBg:a="dark:bg-purple-900"}=e;return Z.createElement("aside",{className:`rounded-lg bg-aqua ${a} max-w-lg px-6 py-8 text-gray-700 shadow-xl dark:shadow-md dark:shadow-gray-900`},Z.createElement("h4",{className:"mx-auto mb-2 max-w-md font-bold dark:text-gray-50"},t),Z.createElement("p",{className:"mx-auto max-w-md dark:text-gray-100"},n))};var ci=n(7528);const pi=function(e){let{text:t,path:n,icon:a,image:o,textLogo:i}=e;return Z.createElement("a",{href:n,className:"mx-auto flex flex-col items-center text-center"},Z.createElement("div",{className:"max-w-fit rounded-full bg-white p-8 shadow-sm dark:bg-gray-900"},a?Z.createElement(_.JO,{icon:a,className:"text-5xl"}):i?Z.createElement("span",{className:"block py-2 font-display text-4xl font-extrabold"},i):Z.createElement("img",{src:o.path,alt:o.alt,className:"w-16"})),Z.createElement("span",{className:"underline-offset-6 duration-149 mt-4 block text-blue-700 underline transition ease-linear hover:text-blue-900"},t))};var gi=n(4544),ki=n(2074),yi=n(6547);const wi="Community",fi="We want your feedback, issues, patches, and involvement in the development of Podman. **Chat** with us on Slack, IRC, or on our **mailing list**. Submit **issues & pull requests** (see our [CONTRIBUTING guide](https://github.com/containers/podman/blob/main/CONTRIBUTING.md) on how.) Participate in one of our twice-monthly community meetings. You are welcome in our community!",bi={text:"To help ensure all feel welcome in the Podman community, we expect all who participate to adhere to our [Code of Conduct](https://github.com/containers/common/blob/main/CODE-OF-CONDUCT.md)",icon:"fa6-regular:handshake"},vi={title:"Chat with the Podman community",subtitle:"The Podman developers are generally around during CEST and Eastern Time business hours, so please be patient if you\u2019re in another time zone!",links:[{text:"#podman:matrix.org",path:"https://matrix.to/#/#podman:fedoraproject.org",image:{path:"logos/raw/element-56w-59h.png",alt:"Element Matrix Logo"}},{text:"#podman on libera.chat",path:"https://web.libera.chat/#podman-desktop",textLogo:"IRC"},{text:"Podman GitHub Discussions",path:"https://github.com/containers/podman/discussions",image:{path:"vectors/raw/github.svg",alt:"GitHub Logo"}},{text:"Podman Discord",path:"https://discord.gg/vwpj7K6gW5",icon:"logos:discord-icon"},{text:"Slack",path:"https://slack.k8s.io/",icon:"logos:slack-icon"}]},Mi={title:"Podman Community Meetings",subtitle:"Many of the maintainers for the Podman project attend both of these meetings, so it's a great chance for community members like you to ask them questions or address concerns directly. If you have a topic that you\u2019d like to propose for either meeting, please send a note to the [Mailing List]().",image:{path:"images/optimized/community-call-554w-219h.webp",alt:"An image of podman team members in a virtual meeting"},cards:[{title:"Podman Community Meeting",subtitle:"This meeting is used to show demos for or to have general discussions about Podman or other related container technologies. It is also used to make announcements about Podman and the other projects in the [Containers repository on GitHub](https://github.com/containers).",date:"**1st Tuesday** of even numbered months",timeZone:"11 AM US ET /5 PM CET",buttons:[{text:"Join Meeting",path:yi.wz},{text:"Meeting Agenda",path:"https://hackmd.io/fc1zraYdS0-klJ2KJcfC7w"}]},{title:"Podman Community Cabal",subtitle:"The focus of the cabal meeting is the planning and discussion of possible future changes to Podman or the [related Containers projects](https://github.com/containers) and discussing any outstanding issues that might need solving.",date:"**3rd Thursday** every month",timeZone:"11 AM US ET /5 PM CET",buttons:[{text:"Join Meeting",path:yi.wz},{text:"Meeting Agenda",path:"https://hackmd.io/gQCfskDuRLm7iOsWgH2yrg?both"}]}]},Ai={title:"Mailing List",subtitle:"The Podman Mailing list is available for your questions, concerns or comments about Podman.",browseInfo:{title:"Browse the mailing list",subtitle:"Simply visit [the Podman mailing list website](https://lists.podman.io/) to browse or search previous postings to the Podman mailing list."},subscribeInfo:{title:"Subscribe or post to the mailing list",subtitle:"Simply visit [the Podman mailing list website](https://lists.podman.io/) to browse or search previous postings to the Podman mailing list.",description:"Regardless of which method you use, a confirmation email will be sent to you. After you reply back to that confirmation email, you'll then be able to send mail directly to podman@lists.podman.io Send an email to [podman-join@lists.podman.io](mailto:podman-join@lists.podman.io). You can then also go to [the web page](https://lists.podman.io) and manage your subscription.",options:[{title:"Option 1",subtitle:'Send an email to [podman-join@lists.podman.io](mailto:podman-join@lists.podman.io) with the word "Subscribe" in the subject.',button:{text:"Send email",path:"mailto:podman-join@lists.podman.io"}},{title:"Option 2",subtitle:'Enter your email at the bottom of [the mailing list sign up page](https://lists.podman.io/admin/lists/podman.lists.podman.io/), and hit the "Subscribe" button.',button:{text:"Sign up page",path:"https://lists.podman.io/admin/lists/podman.lists.podman.io/"}}]},extraInfo:{image:{path:"images/optimized/mailing-list-screenshot-580w-376h.webp",alt:"A screenshot of the Podman mailing list home screen."},note:{title:"Please note:",text:"If you have a bug that you\u2019d like to report, it\u2019s best to report it here by creating a \u201cNew issue\u201d rather than sending an email to the list."}}},Ii=[{title:"Submitting Issues & Pull Requests",subtitle:"The following is a quick cheat-sheet of sorts on how to submit issues and pull requests to the Podman project. For the most up-to-date and more comprehensive information, please take a look at [CONTRIBUTING.md](https://github.com/containers/common/blob/main/CONTRIBUTING.md) in the Podman repo."},{title:"Submitting Issues",subtitle:"Don't include private / sensitive info in issues!",sections:[{text:"**Before reporting an issue**, [check our backlog of open issues](https://github.com/containers/podman/issues) to see if someone else has already reported it. If so:",checkList:["Feel free to add your scenario, or additional information, to the discussion.","Subscribe to the issue to be notified when it is updated."],button:{text:"Check Open Issues",links:[{text:"Check open Podman issues",path:"https://github.com/containers/podman/issues"},{text:"Check open Podman Desktop issues",path:"https://github.com/containers/podman-desktop/issues"},{text:"Check open Buildah issues",path:"https://github.com/containers/buildah/issues"},{text:"Check open Skopeo issues",path:"https://github.com/containers/skopeo/issues"},{text:"Check open Cri-o issues",path:"https://github.com/cri-o/cri-o/issues"}]}},{text:"**If you find a new issue**, we'd love to hear about it! The most important aspect of a bug report is that it includes enough information for us to reproduce it. So, please:",checkList:["Include as much detail as possible","Try to remove any extra stuff that doesn't really relate to the issue itself"],button:{text:"File a New Issue",links:[{text:"File a new Podman issue",path:"https://github.com/containers/podman/issues/new/choose"},{text:"File a new Podman Desktop issue",path:"https://github.com/containers/podman-desktop/issues/new/choose"},{text:"File a new Buildah issue",path:"https://github.com/containers/buildah/issues/new/choose"},{text:"File a new Skopeo issue",path:"https://github.com/containers/skopeo/issues/new/choose"},{text:"File a new Cri-o issue",path:"https://github.com/cri-o/cri-o/issues"}]}}]},{title:"Submitting Pull Requets",subtitle:"No Pull Request (PR) is too small! Typos, additional comments in the code, new test cases, bug fixes, new features, more documentation, **...it's all welcome!** ",description:['While bug fixes can first be identified via an "issue", that is not required. It\'s ok to just open up a PR with the fix, but make sure you include the same information you would have included in an issue - like how to reproduce it.',"PRs for new features should include some background on what use cases the new code is trying to address. When possible and when it makes sense, try to break-up larger PRs into smaller ones - it's easier to review smaller code changes. But only if those smaller ones make sense as stand-alone PRs. Regardless of the type of PR, all PRs should include:"],checkList:["Well-documented code changes.","Additional testcases. Ideally m they should fail w/o your code change applied.","Documentation changes."],button:{text:"More PR Submission Details",path:"https://github.com/containers/podman/blob/main/CONTRIBUTING.md#submitting-pull-requests"}}],Ti=()=>{const e=vi.links.map((e=>e));return Z.createElement("ul",{className:"mb-12 flex flex-wrap items-end justify-around gap-8 lg:gap-16"},e.map(((e,t)=>Z.createElement("li",{key:t},Z.createElement(pi,e)))))},Si=()=>Z.createElement("section",{className:"bg-gray-50 dark:bg-gradient-to-t dark:from-gray-700 dark:via-gray-900 dark:to-gray-900 "},Z.createElement(ee.Z,{textGradient:!0,title:vi.title}),Z.createElement("div",{className:"mx-4 mt-8 flex flex-wrap justify-around gap-4 sm:mx-8 lg:mx-auto lg:mt-16 lg:max-w-6xl"},Z.createElement("div",{className:""},Z.createElement("p",{className:"max-w-sm text-center text-gray-700 md:max-w-md md:text-start lg:max-w-xl"},vi.subtitle)),Z.createElement(ui,null)),Z.createElement("div",{className:"container pt-12 lg:pt-20"},Z.createElement(Ti,null)),Z.createElement(ki.Z,null)),Ni=()=>Z.createElement("section",{className:"bg-gradient-to-b from-white via-gray-50 to-gray-100 pb-8 dark:from-gray-900 dark:to-gray-900"},Z.createElement("div",{className:"container flex flex-col"},Z.createElement(ee.Z,{title:Mi.title,description:Mi.subtitle,textGradientStops:"from-purple-500 to-purple-700 dark:text-purple-500",textGradient:!0}),Z.createElement("img",{src:Mi.image.path,alt:Mi.image.alt,className:"order-first mx-auto object-cover lg:max-w-lg"}),Z.createElement(hi,{cards:Mi.cards}))),Ci=()=>Z.createElement("section",null,Z.createElement("div",{className:"container grid gap-4 lg:grid-cols-2"},Z.createElement(ee.Z,{title:Ai.title,description:Ai.subtitle,layout:"col-span-full",textColor:"dark:text-blue-700"}),Z.createElement("section",{className:"container mb-8"},Z.createElement("h3",{className:"mb-2 font-medium text-purple-700 dark:text-purple-500"},Ai.browseInfo.title),Z.createElement("p",{className:"max-w-prose text-gray-500"},Ai.browseInfo.subtitle)),Z.createElement("section",{className:"container mb-8"},Z.createElement("h3",{className:"mb-2 font-medium text-purple-700 dark:text-purple-500"},Ai.subscribeInfo.title),Z.createElement(X.Z,{text:Ai.subscribeInfo.subtitle,styles:"max-w-prose "}),Z.createElement("div",{className:"flex flex-wrap gap-6"},Ai.subscribeInfo.options.map(((e,t)=>Z.createElement(di,(0,K.Z)({},e,{key:t}))))),Z.createElement("div",{className:"my-4 max-w-prose"},Z.createElement(X.Z,{text:Ai.subscribeInfo.description}))),Z.createElement("section",{className:"mb-8 lg:col-start-2 lg:row-span-2 lg:row-start-2"},Z.createElement("div",null,Z.createElement("img",{src:Ai.extraInfo.image.path,alt:Ai.extraInfo.image.alt,className:"w-full object-cover"})),Z.createElement("div",{className:"ml-8 xl:ml-10"},Z.createElement(mi,{title:Ai.extraInfo.note.title,text:Ai.extraInfo.note.text}))))),Pi=()=>Z.createElement("section",{className:"max-w-lg rounded-md bg-white px-10 pt-10 shadow-lg dark:bg-gray-900"},Z.createElement("header",{className:"mb-10"},Z.createElement("h3",{className:"mb-4 text-center text-blue-700 dark:text-blue-500"},Ii[1].title),Z.createElement("div",{className:"bg-blue-100/25 px-3 py-2"},Z.createElement("p",{className:"flex items-center gap-2 rounded-md"},Z.createElement(_.JO,{icon:"fa-solid:exclamation-circle",className:"text-purple-700"}),Z.createElement("span",null,Ii[1].subtitle)))),Z.createElement("div",null,Ii[1].sections.map(((e,t)=>{return Z.createElement("div",{key:t,className:"mb-12"},Z.createElement(X.Z,{text:e.text}),Z.createElement("ul",{className:"mb-8 ml-5 mt-4 list-disc"},e.checkList.map(((e,t)=>Z.createElement("li",{key:t},e)))),Z.createElement(gi.Z,{text:e.button.text,option:(n=e.button.links,Z.createElement("div",{className:"rounded-md p-4 shadow-md"},Z.createElement("ul",null,n.map(((e,t)=>Z.createElement("li",{className:"my-2 rounded-md px-2 transition duration-150 ease-linear hover:bg-purple-700 hover:text-white"},Z.createElement("a",{href:e.path,className:" w-full hover:text-white hover:no-underline"},e.text)))))))}));var n})))),xi=()=>Z.createElement("section",{className:"max-w-lg rounded-md bg-white p-10 shadow-lg dark:bg-gray-900"},Z.createElement("header",{className:"mx-auto mb-10"},Z.createElement("h3",{className:"mb-3 text-center text-blue-700 dark:text-blue-500"},Ii[2].title),Z.createElement(X.Z,{text:Ii[2].subtitle})),Z.createElement("div",null,Ii[2].description.map(((e,t)=>Z.createElement("p",{key:t,className:"my-3"},e))),Z.createElement("ul",{className:"my-4 ml-5 list-disc"},Ii[2].checkList.map(((e,t)=>Z.createElement("li",{key:t},e)))),Z.createElement(ae.Z,{as:"link",outline:!0,text:Ii[2].button.text}))),Di=()=>Z.createElement("section",{className:"bg-gradient-to-b from-gray-50 to-gray-100 dark:from-gray-900 dark:via-blue-900 dark:to-purple-900"},Z.createElement(ee.Z,{title:Ii[0].title,description:Ii[0].subtitle,textGradientStops:"from-purple-500 to-purple-700 dark:text-blue-700",textGradient:!0}),Z.createElement("div",{className:"mx-auto mb-20 mt-16 flex flex-wrap justify-center gap-20 px-8 lg:container"},Z.createElement(Pi,null),Z.createElement(xi,null)));const Bi=function(){return Z.createElement(Q.Z,null,Z.createElement($.Z,{title:wi,description:fi}),Z.createElement(ci.Z,{description:bi.text,icon:bi.icon,styles:"bg-purple-500 dark:bg-purple-700 text-white"}),Z.createElement(Si,null),Z.createElement(Ni,null),Z.createElement(Ci,null),Z.createElement(Di,null),Z.createElement(ne,null))}},6547:(e,t,n)=>{n.d(t,{_o:()=>o,kq:()=>a,wz:()=>s,yw:()=>i});const a="4.6.2",o="1.4.0",i="https://podman-desktop.io/blog/podman-desktop-release-1.4",s="https://meet.google.com/xrq-uemd-bzy"},1976:(e,t,n)=>{n.d(t,{Z:()=>a});const a=n.p+"assets/files/Podman_and_MinIO_RH_Webniar-c67aa1a014e2cc8f0cafbed016d26a56.pdf"},8064:(e,t,n)=>{n.d(t,{Z:()=>a});const a=n.p+"assets/files/Podman_in_the_Edge-15a870660e3632b751765efbc3f5ff3b.pdf"},7903:(e,t,n)=>{n.d(t,{Z:()=>a});const a=n.p+"assets/files/Time_To_Merge_Tool-9a9d827b0b8a73df826d96926f35b850.pdf"},1382:(e,t,n)=>{n.d(t,{Z:()=>a});const a=n.p+"assets/images/podman-ce586c2894883ad9c353492b5e1893a8.svg"}}]); \ No newline at end of file diff --git a/assets/js/runtime~main.c7dc9fe5.js b/assets/js/runtime~main.d4f3f62e.js similarity index 50% rename from assets/js/runtime~main.c7dc9fe5.js rename to assets/js/runtime~main.d4f3f62e.js index c32de12d4..47622b217 100644 --- a/assets/js/runtime~main.c7dc9fe5.js +++ b/assets/js/runtime~main.d4f3f62e.js @@ -1 +1 @@ -(()=>{"use strict";var e,t,r,o,a,n={},f={};function d(e){var t=f[e];if(void 0!==t)return t.exports;var r=f[e]={id:e,loaded:!1,exports:{}};return n[e].call(r.exports,r,r.exports,d),r.loaded=!0,r.exports}d.m=n,d.c=f,e=[],d.O=(t,r,o,a)=>{if(!r){var n=1/0;for(u=0;u=a)&&Object.keys(d.O).every((e=>d.O[e](r[c])))?r.splice(c--,1):(f=!1,a0&&e[u-1][2]>a;u--)e[u]=e[u-1];e[u]=[r,o,a]},d.n=e=>{var t=e&&e.__esModule?()=>e.default:()=>e;return d.d(t,{a:t}),t},r=Object.getPrototypeOf?e=>Object.getPrototypeOf(e):e=>e.__proto__,d.t=function(e,o){if(1&o&&(e=this(e)),8&o)return e;if("object"==typeof e&&e){if(4&o&&e.__esModule)return e;if(16&o&&"function"==typeof e.then)return e}var a=Object.create(null);d.r(a);var n={};t=t||[null,r({}),r([]),r(r)];for(var f=2&o&&e;"object"==typeof f&&!~t.indexOf(f);f=r(f))Object.getOwnPropertyNames(f).forEach((t=>n[t]=()=>e[t]));return n.default=()=>e,d.d(a,n),a},d.d=(e,t)=>{for(var r in t)d.o(t,r)&&!d.o(e,r)&&Object.defineProperty(e,r,{enumerable:!0,get:t[r]})},d.f={},d.e=e=>Promise.all(Object.keys(d.f).reduce(((t,r)=>(d.f[r](e,t),t)),[])),d.u=e=>"assets/js/"+({24:"bf01e4e0",26:"4c5e3d0c",53:"935f2afb",66:"a0e6b5c2",185:"799df3c7",217:"3b8c55ea",237:"1df93b7f",514:"1be78505",554:"2b4e7f11",658:"bf7df328",849:"57b59cd4",918:"17896441",964:"7ab81c4a",971:"c377a04b"}[e]||e)+"."+{24:"09aa5384",26:"4459ce60",53:"846c7c3c",66:"0de1a2fd",185:"cfd55f18",195:"2c074549",217:"59e45ce7",237:"53589650",514:"00fe1f9c",554:"857de93e",658:"674ca634",840:"bc2f8ae7",849:"31c398d5",900:"ac0e5cef",918:"dce46ec9",935:"a89b458a",964:"473f7cb9",971:"523e5112",972:"9dae1b53"}[e]+".js",d.miniCssF=e=>{},d.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window)return window}}(),d.o=(e,t)=>Object.prototype.hasOwnProperty.call(e,t),o={},a="podman:",d.l=(e,t,r,n)=>{if(o[e])o[e].push(t);else{var f,c;if(void 0!==r)for(var i=document.getElementsByTagName("script"),u=0;u{f.onerror=f.onload=null,clearTimeout(s);var a=o[e];if(delete o[e],f.parentNode&&f.parentNode.removeChild(f),a&&a.forEach((e=>e(r))),t)return t(r)},s=setTimeout(b.bind(null,void 0,{type:"timeout",target:f}),12e4);f.onerror=b.bind(null,f.onerror),f.onload=b.bind(null,f.onload),c&&document.head.appendChild(f)}},d.r=e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},d.p="/",d.gca=function(e){return e={17896441:"918",bf01e4e0:"24","4c5e3d0c":"26","935f2afb":"53",a0e6b5c2:"66","799df3c7":"185","3b8c55ea":"217","1df93b7f":"237","1be78505":"514","2b4e7f11":"554",bf7df328:"658","57b59cd4":"849","7ab81c4a":"964",c377a04b:"971"}[e]||e,d.p+d.u(e)},(()=>{var e={303:0,532:0};d.f.j=(t,r)=>{var o=d.o(e,t)?e[t]:void 0;if(0!==o)if(o)r.push(o[2]);else if(/^(303|532)$/.test(t))e[t]=0;else{var a=new Promise(((r,a)=>o=e[t]=[r,a]));r.push(o[2]=a);var n=d.p+d.u(t),f=new Error;d.l(n,(r=>{if(d.o(e,t)&&(0!==(o=e[t])&&(e[t]=void 0),o)){var a=r&&("load"===r.type?"missing":r.type),n=r&&r.target&&r.target.src;f.message="Loading chunk "+t+" failed.\n("+a+": "+n+")",f.name="ChunkLoadError",f.type=a,f.request=n,o[1](f)}}),"chunk-"+t,t)}},d.O.j=t=>0===e[t];var t=(t,r)=>{var o,a,n=r[0],f=r[1],c=r[2],i=0;if(n.some((t=>0!==e[t]))){for(o in f)d.o(f,o)&&(d.m[o]=f[o]);if(c)var u=c(d)}for(t&&t(r);i{"use strict";var e,t,r,o,a,n={},f={};function c(e){var t=f[e];if(void 0!==t)return t.exports;var r=f[e]={id:e,loaded:!1,exports:{}};return n[e].call(r.exports,r,r.exports,c),r.loaded=!0,r.exports}c.m=n,c.c=f,e=[],c.O=(t,r,o,a)=>{if(!r){var n=1/0;for(u=0;u=a)&&Object.keys(c.O).every((e=>c.O[e](r[d])))?r.splice(d--,1):(f=!1,a0&&e[u-1][2]>a;u--)e[u]=e[u-1];e[u]=[r,o,a]},c.n=e=>{var t=e&&e.__esModule?()=>e.default:()=>e;return c.d(t,{a:t}),t},r=Object.getPrototypeOf?e=>Object.getPrototypeOf(e):e=>e.__proto__,c.t=function(e,o){if(1&o&&(e=this(e)),8&o)return e;if("object"==typeof e&&e){if(4&o&&e.__esModule)return e;if(16&o&&"function"==typeof e.then)return e}var a=Object.create(null);c.r(a);var n={};t=t||[null,r({}),r([]),r(r)];for(var f=2&o&&e;"object"==typeof f&&!~t.indexOf(f);f=r(f))Object.getOwnPropertyNames(f).forEach((t=>n[t]=()=>e[t]));return n.default=()=>e,c.d(a,n),a},c.d=(e,t)=>{for(var r in t)c.o(t,r)&&!c.o(e,r)&&Object.defineProperty(e,r,{enumerable:!0,get:t[r]})},c.f={},c.e=e=>Promise.all(Object.keys(c.f).reduce(((t,r)=>(c.f[r](e,t),t)),[])),c.u=e=>"assets/js/"+({24:"bf01e4e0",26:"4c5e3d0c",53:"935f2afb",66:"a0e6b5c2",185:"799df3c7",217:"3b8c55ea",237:"1df93b7f",514:"1be78505",554:"2b4e7f11",658:"bf7df328",849:"57b59cd4",918:"17896441",964:"7ab81c4a",971:"c377a04b"}[e]||e)+"."+{24:"09aa5384",26:"4459ce60",53:"846c7c3c",66:"0de1a2fd",185:"cfd55f18",195:"2c074549",217:"59e45ce7",237:"53589650",514:"00fe1f9c",554:"857de93e",658:"674ca634",840:"bc2f8ae7",849:"48e3774b",900:"ac0e5cef",918:"dce46ec9",935:"a89b458a",964:"473f7cb9",971:"523e5112",972:"9dae1b53"}[e]+".js",c.miniCssF=e=>{},c.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window)return window}}(),c.o=(e,t)=>Object.prototype.hasOwnProperty.call(e,t),o={},a="podman:",c.l=(e,t,r,n)=>{if(o[e])o[e].push(t);else{var f,d;if(void 0!==r)for(var i=document.getElementsByTagName("script"),u=0;u{f.onerror=f.onload=null,clearTimeout(s);var a=o[e];if(delete o[e],f.parentNode&&f.parentNode.removeChild(f),a&&a.forEach((e=>e(r))),t)return t(r)},s=setTimeout(b.bind(null,void 0,{type:"timeout",target:f}),12e4);f.onerror=b.bind(null,f.onerror),f.onload=b.bind(null,f.onload),d&&document.head.appendChild(f)}},c.r=e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},c.p="/",c.gca=function(e){return e={17896441:"918",bf01e4e0:"24","4c5e3d0c":"26","935f2afb":"53",a0e6b5c2:"66","799df3c7":"185","3b8c55ea":"217","1df93b7f":"237","1be78505":"514","2b4e7f11":"554",bf7df328:"658","57b59cd4":"849","7ab81c4a":"964",c377a04b:"971"}[e]||e,c.p+c.u(e)},(()=>{var e={303:0,532:0};c.f.j=(t,r)=>{var o=c.o(e,t)?e[t]:void 0;if(0!==o)if(o)r.push(o[2]);else if(/^(303|532)$/.test(t))e[t]=0;else{var a=new Promise(((r,a)=>o=e[t]=[r,a]));r.push(o[2]=a);var n=c.p+c.u(t),f=new Error;c.l(n,(r=>{if(c.o(e,t)&&(0!==(o=e[t])&&(e[t]=void 0),o)){var a=r&&("load"===r.type?"missing":r.type),n=r&&r.target&&r.target.src;f.message="Loading chunk "+t+" failed.\n("+a+": "+n+")",f.name="ChunkLoadError",f.type=a,f.request=n,o[1](f)}}),"chunk-"+t,t)}},c.O.j=t=>0===e[t];var t=(t,r)=>{var o,a,n=r[0],f=r[1],d=r[2],i=0;if(n.some((t=>0!==e[t]))){for(o in f)c.o(f,o)&&(c.m[o]=f[o]);if(d)var u=d(c)}for(t&&t(r);i Podman - +
-

Community

Podman Logo

Chat with the Podman community

The Podman developers are generally around during CEST and Eastern Time business hours, so please be patient if you’re in another time zone!

Current Time

19:26

Central European Summer Time

13:26

Eastern Daylight Time

Podman Community Meetings

An image of podman team members in a virtual meeting

Older meeting details

Older meeting details

Mailing List

Browse the mailing list

Simply visit [the Podman mailing list website](https://lists.podman.io/) to browse or search previous postings to the Podman mailing list.

Subscribe or post to the mailing list

A screenshot of the Podman mailing list home screen.

Submitting Issues & Pull Requests

Submitting Issues

Don't include private / sensitive info in issues!

  • Feel free to add your scenario, or additional information, to the discussion.
  • Subscribe to the issue to be notified when it is updated.
  • Include as much detail as possible
  • Try to remove any extra stuff that doesn't really relate to the issue itself

Submitting Pull Requets

While bug fixes can first be identified via an "issue", that is not required. It's ok to just open up a PR with the fix, but make sure you include the same information you would have included in an issue - like how to reproduce it.

PRs for new features should include some background on what use cases the new code is trying to address. When possible and when it makes sense, try to break-up larger PRs into smaller ones - it's easier to review smaller code changes. But only if those smaller ones make sense as stand-alone PRs. Regardless of the type of PR, all PRs should include:

  • Well-documented code changes.
  • Additional testcases. Ideally m they should fail w/o your code change applied.
  • Documentation changes.
More PR Submission Details

Special thanks to our contributors

The Podman community has contributors from many different organizations, including:

Red Hat LogoAmadeus LogoSuse LogoMotorola Solutions LogoNTT LogoIBM LogoDebian Logo
- +

Community

Podman Logo

Chat with the Podman community

The Podman developers are generally around during CEST and Eastern Time business hours, so please be patient if you’re in another time zone!

Current Time

23:33

Central European Summer Time

17:33

Eastern Daylight Time

Podman Community Meetings

An image of podman team members in a virtual meeting

Older meeting details

Older meeting details

Mailing List

Browse the mailing list

Simply visit [the Podman mailing list website](https://lists.podman.io/) to browse or search previous postings to the Podman mailing list.

Subscribe or post to the mailing list

A screenshot of the Podman mailing list home screen.

Submitting Issues & Pull Requests

Submitting Issues

Don't include private / sensitive info in issues!

  • Feel free to add your scenario, or additional information, to the discussion.
  • Subscribe to the issue to be notified when it is updated.
  • Include as much detail as possible
  • Try to remove any extra stuff that doesn't really relate to the issue itself

Submitting Pull Requets

While bug fixes can first be identified via an "issue", that is not required. It's ok to just open up a PR with the fix, but make sure you include the same information you would have included in an issue - like how to reproduce it.

PRs for new features should include some background on what use cases the new code is trying to address. When possible and when it makes sense, try to break-up larger PRs into smaller ones - it's easier to review smaller code changes. But only if those smaller ones make sense as stand-alone PRs. Regardless of the type of PR, all PRs should include:

  • Well-documented code changes.
  • Additional testcases. Ideally m they should fail w/o your code change applied.
  • Documentation changes.
More PR Submission Details

Special thanks to our contributors

The Podman community has contributors from many different organizations, including:

Red Hat LogoAmadeus LogoSuse LogoMotorola Solutions LogoNTT LogoIBM LogoDebian Logo
+ \ No newline at end of file diff --git a/data/community.ts b/data/community.ts index 820e24256..aa7b1ed05 100644 --- a/data/community.ts +++ b/data/community.ts @@ -28,6 +28,14 @@ const communityChat = { path: 'https://web.libera.chat/#podman-desktop', textLogo: 'IRC', }, + { + text: 'Podman GitHub Discussions', + path: 'https://github.com/containers/podman/discussions', + image: { + path: 'vectors/raw/github.svg', + alt: 'GitHub Logo', + }, + }, { text: 'Podman Discord', path: 'https://discord.gg/vwpj7K6gW5', diff --git a/docs.html b/docs.html index 8e3da586b..697a2aa49 100644 --- a/docs.html +++ b/docs.html @@ -4,7 +4,7 @@ Getting Started with Podman | Podman - + @@ -43,7 +43,7 @@ README.md.

More information

For more information on Podman and its subcommands, checkout the asciiart demos on the README.md page.

- + \ No newline at end of file diff --git a/docs/checkpoint.html b/docs/checkpoint.html index e27b6d42b..d887f442c 100644 --- a/docs/checkpoint.html +++ b/docs/checkpoint.html @@ -4,7 +4,7 @@ Podman Checkpoint | Podman - + @@ -24,7 +24,7 @@ transferring the checkpoint, it is possible to specify an output-file.

On the source system:

$ sudo podman container checkpoint <container_id> -e /tmp/checkpoint.tar.gz
$ scp /tmp/checkpoint.tar.gz <destination_system>:/tmp

On the destination system:

$ sudo podman container restore -i /tmp/checkpoint.tar.gz

After being restored, the container will answer requests again as it did before checkpointing. This time the container will continue to run on the destination system.

$ curl http://<IP_address>:8080
- + \ No newline at end of file diff --git a/docs/documentation.html b/docs/documentation.html index cba00e6be..46569fefb 100644 --- a/docs/documentation.html +++ b/docs/documentation.html @@ -4,13 +4,13 @@ Visit The Official Podman Documentation | Podman - + - + \ No newline at end of file diff --git a/docs/installation.html b/docs/installation.html index e26d863c2..a117e51be 100644 --- a/docs/installation.html +++ b/docs/installation.html @@ -4,7 +4,7 @@ Podman Installation | Podman - + @@ -70,7 +70,7 @@ also available to automate the installation of the above statically linked binary on its supported OS:

sudo su -
mkdir -p ~/.ansible/roles
cd ~/.ansible/roles
git clone https://github.com/alvistack/ansible-role-podman.git podman
cd ~/.ansible/roles/podman
pip3 install --upgrade --ignore-installed --requirement requirements.txt
molecule converge
molecule verify

Configuration files

registries.conf

Man Page: registries.conf.5

/etc/containers/registries.conf

registries.conf is the configuration file which specifies which container registries should be consulted when completing image names which do not include a registry or domain portion.

Example from the Fedora containers-common package

$ cat /etc/containers/registries.conf
# For more information on this configuration file, see containers-registries.conf(5).
#
# NOTE: RISK OF USING UNQUALIFIED IMAGE NAMES
# We recommend always using fully qualified image names including the registry
# server (full dns name), namespace, image name, and tag
# (e.g., registry.redhat.io/ubi8/ubi:latest). Pulling by digest (i.e.,
# quay.io/repository/name@digest) further eliminates the ambiguity of tags.
# When using short names, there is always an inherent risk that the image being
# pulled could be spoofed. For example, a user wants to pull an image named
# `foobar` from a registry and expects it to come from myregistry.com. If
# myregistry.com is not first in the search list, an attacker could place a
# different `foobar` image at a registry earlier in the search list. The user
# would accidentally pull and run the attacker's image and code rather than the
# intended content. We recommend only adding registries which are completely
# trusted (i.e., registries which don't allow unknown or anonymous users to
# create accounts with arbitrary names). This will prevent an image from being
# spoofed, squatted or otherwise made insecure. If it is necessary to use one
# of these registries, it should be added at the end of the list.
#
# # An array of host[:port] registries to try when pulling an unqualified image, in order.
unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "docker.io"]
#
# [[registry]]
# # The "prefix" field is used to choose the relevant [[registry]] TOML table;
# # (only) the TOML table with the longest match for the input image name
# # (taking into account namespace/repo/tag/digest separators) is used.
# #
# # If the prefix field is missing, it defaults to be the same as the "location" field.
# prefix = "example.com/foo"
#
# # If true, unencrypted HTTP as well as TLS connections with untrusted
# # certificates are allowed.
# insecure = false
#
# # If true, pulling images with matching names is forbidden.
# blocked = false
#
# # The physical location of the "prefix"-rooted namespace.
# #
# # By default, this equal to "prefix" (in which case "prefix" can be omitted
# # and the [[registry]] TOML table can only specify "location").
# #
# # Example: Given
# # prefix = "example.com/foo"
# # location = "internal-registry-for-example.net/bar"
# # requests for the image example.com/foo/myimage:latest will actually work with the
# # internal-registry-for-example.net/bar/myimage:latest image.
# location = "internal-registry-for-example.com/bar"
#
# # (Possibly-partial) mirrors for the "prefix"-rooted namespace.
# #
# # The mirrors are attempted in the specified order; the first one that can be
# # contacted and contains the image will be used (and if none of the mirrors contains the image,
# # the primary location specified by the "registry.location" field, or using the unmodified
# # user-specified reference, is tried last).
# #
# # Each TOML table in the "mirror" array can contain the following fields, with the same semantics
# # as if specified in the [[registry]] TOML table directly:
# # - location
# # - insecure
# [[registry.mirror]]
# location = "example-mirror-0.local/mirror-for-foo"
# [[registry.mirror]]
# location = "example-mirror-1.local/mirrors/foo"
# insecure = true
# # Given the above, a pull of example.com/foo/image:latest will try:
# # 1. example-mirror-0.local/mirror-for-foo/image:latest
# # 2. example-mirror-1.local/mirrors/foo/image:latest
# # 3. internal-registry-for-example.net/bar/image:latest
# # in order, and use the first one that exists.
#
# short-name-mode="enforcing"

[[registry]]
location="localhost:5000"
insecure=true

mounts.conf

/usr/share/containers/mounts.conf and optionally /etc/containers/mounts.conf

The mounts.conf files specify volume mount directories that are automatically mounted inside containers when executing the podman run or podman build commands. Container process can then use this content. The volume mount content does not get committed to the final image.

Usually these directories are used for passing secrets or credentials required by the package software to access remote package repositories.

For example, a mounts.conf with the line "/usr/share/rhel/secrets:/run/secrets", the content of /usr/share/rhel/secrets directory is mounted on /run/secrets inside the container. This mountpoint allows Red Hat Enterprise Linux subscriptions from the host to be used within the container.

Note this is not a volume mount. The content of the volumes is copied into container storage, not bind mounted directly from the host.

Example from the Fedora containers-common package:

cat /usr/share/containers/mounts.conf
/usr/share/rhel/secrets:/run/secrets

seccomp.json

/usr/share/containers/seccomp.json

seccomp.json contains the whitelist of seccomp rules to be allowed inside of containers. This file is usually provided by the containers-common package.

The link above takes you to the seccomp.json

policy.json

/etc/containers/policy.json

Man Page: policy.json.5

Example from the Fedora containers-common package:

cat /etc/containers/policy.json
{
"default": [
{
"type": "insecureAcceptAnything"
}
],
"transports":
{
"docker-daemon":
{
"": [{"type":"insecureAcceptAnything"}]
}
}
}
- + \ No newline at end of file diff --git a/features.html b/features.html index a7c937d2a..dcde050f0 100644 --- a/features.html +++ b/features.html @@ -4,13 +4,13 @@ Podman - +

Podman Features

Podman Logo

Getting to know Podman

Quick dive into Podman

A seal diving into the water

Join Podman's Community

A group of seals swimming.

Need some help?

A confused seal.

Podman Desktop is Podman's graphical application that makes it easy to install and work with Podman (and other container engines) on Windows, MacOS, and Linux.

Manage containers (not just Podman.)

Podman Desktop allows you to list, view, and manage containers from multiple supported container engines* in a single unified view.

Gain easy access to a shell inside the container, logs, and basic controls.

* Supported engines and orchestrators include Podman, Docker, Lima, kind, Red Hat OpenShift, Red Hat OpenShift Developer Sandbox.

Build, pull, and push images.

Build containers from a Dockerfile / Containerfile, or pull images from remote repositories to run.

Manage accounts for and push your images to multiple container registries.

Podify containers into pods.

Create pods by selecting containers to run together. View unified logs for your pods and inspect the containers inside each.

Play Kubernetes YAML locally, without Kubernetes, and generate Kubernetes YAML from Pods.

Deploy to Kubernetes.

Deploy pods from Podman Desktop to local or remote Kubernetes contexts using automatically-generated YAML config.

Podman Command-Line

Podman's command-line interface allows you to find, run, build, and share containers.

Find and pull down containers no matter where they are.

  • podman search
  • podman pull

Find and pull down containers whether they are on dockerhub.io or quay.io, an internal registry server, or direct from a vendor.

example of podman commands

Want to learn more?

Recent Podman Blog Posts

Check out more posts about Podman on our Blog!

Have fun coloring and learn about Podman!

A decentralized team of open source container tool superheroes comes to the rescue when an asteroid storm threatens the planet. Learn about each tool—Podman, CRI-O, Buildah, Skopeo, and OpenShift—as they redesign the planet's protective shields' container deployment to protect Earth.

Download
A collection of pages from the Podman coloring book.
- + \ No newline at end of file diff --git a/get-started.html b/get-started.html index c4f5aa3bd..c29d2963c 100644 --- a/get-started.html +++ b/get-started.html @@ -4,13 +4,13 @@ Podman - +

Get Started with Podman

First Things First: Installing Podman

For installing or building Podman, please see the installation instructions:

Getting Help

Help & manpages

For more details, you can review the manpages:

$ podman --help # get a list of all commands 
$ podman subcommand --help # get info on a command

To get some help and find out how Podman is working, you can use the help.

$ man podman 
$ man podman subcommand

Please also reference the Podman Troubleshooting Guide to find known issues and tips on how to solve common configuration mistakes.

Searching, pulling, and listing images

$ podman search httpd 
INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
docker.io docker.io/library/httpd The Apache HTTP Server Project 3762 [OK]
docker.io docker.io/centos/httpd-24-centos7 Platform for running Apache h... 40
quay.io quay.io/centos7/httpd-24-centos-7 Platform for running Apache h... 0 [OK]
docker.io docker.io/centos/httpd 34 [OK]
redhat.com registry.access.redhat.com/ubi8/httpd 0
quay.io quay.io/redhattraining/httpd-parent 0 [OK]



$ podman search httpd --filter=is-official
INDEX NAME DESCRIPTION STARS OFFICIAL AUTOMATED
docker.io docker.io/library/httpd The Apache HTTP Server Project 3762 [OK]
$ podman pull docker.io/library/httpd
Trying to pull docker.io/library/httpd:latest...
Getting image source signatures
Copying blob ab86dc02235d done
Copying blob ba1caf8ba86c done
Copying blob eff15d958d66 done
Copying blob 635a49ba2501 done
Copying blob 600feb748d3c done
Copying config d294bb32c2 done
Writing manifest to image destination
Storing signatures
d294bb32c2073ecb5fb27e7802a1e5bec334af69cac361c27e6cb8546fdd14e7



$ podman images
REPOSITORY TAG IMAGE ID CREATED SIZE
docker.io/library/httpd latest d294bb32c207 12 hours ago 148 MB

Running a container & listing running containers

This sample container will run a very basic httpd server that serves only its index page.

Running a container

$ podman run -dt -p 8080:80/tcp docker.io/library/httpd 
Note:

Because the container is being run in detached mode, represented by the -d in the podman run command, Podman will run the container in the background and print the container ID after it has executed the command. The -t also adds a pseudo-tty to run arbitrary commands in an interactive shell.

Also, we use port forwarding to be able to access the HTTP server. For successful running at least slirp4netns v0.3.0 is needed.

Listing running containers

The podman ps command is used to list created and running containers.

$ podman ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
01c44968199f docker.io/library/httpd:latest httpd-foreground 1 minute ago Up 1 minute 0.0.0.0:8080->80/tcp laughing_bob
Note:

If you add -a to the podman ps command, Podman will show all containers (created, exited, running, etc.).

Testing the httpd container

As you are able to see, the container does not have an IP Address assigned. The container is reachable via its published port on your local machine.

$ curl http://localhost:8080

From another machine, you need to use the IP Address of the host, running the container.

$ curl http://<IP_Address>:8080
Note:

Instead of using curl, you can also point a browser to http://localhost:8080.

- + \ No newline at end of file diff --git a/getting-started/installation.html b/getting-started/installation.html index 8c422c239..5ac360f96 100644 --- a/getting-started/installation.html +++ b/getting-started/installation.html @@ -4,13 +4,13 @@ Redirect to Podman Docs - +
- + \ No newline at end of file diff --git a/index.html b/index.html index 58a944053..09ddc7d61 100644 --- a/index.html +++ b/index.html @@ -4,13 +4,13 @@ Podman - +

The best free & open source container tools

Manage containers, pods, and images with Podman. Seamlessly work with containers and Kubernetes from your local environment.

Latest stable Podman 4.6.2-Latest stable Podman Desktop 1.4.0-Apache License 2.0

Supported Platforms

  • Fast and light.

  • Secure.

  • Open.

  • Compatible.

Kubernetes Logo

Kubernetes Ready

A growing set of compatible tools

Visual Studio code includes Podman support

VS Code Logo

Cirrus CLI allows you to reproducibly run containerized tasks with Podman

Cirrus Logo

GitHub Actions include support for Podman, as well as friends buildah and skopeo

Github Logo

Kind's ability to run local Kubernetes clusters via container nodes includes support for Podman

Kind Logo

What people are saying about Podman

Ananth Iyer

@mrananthiyer
user avatar

I am using @Podman_io for Magento 2 and it is super fast than other container tools. You must try it. #Podman #Magento #magento2

Latest Podman News

Have fun coloring and learn about Podman!

A decentralized team of open source container tool superheroes comes to the rescue when an asteroid storm threatens the planet. Learn about each tool—Podman, CRI-O, Buildah, Skopeo, and OpenShift—as they redesign the planet's protective shields' container deployment to protect Earth.

Download
A collection of pages from the Podman coloring book.
- + \ No newline at end of file diff --git a/vectors/raw/github.svg b/vectors/raw/github.svg new file mode 100644 index 000000000..e7c9b004d --- /dev/null +++ b/vectors/raw/github.svg @@ -0,0 +1,4 @@ + + + \ No newline at end of file