rehaul appliance to use podman containers

[a3s7p]

No description provided.

[a3s7p]

@JedMeister

Re RCE API: it’s working as long as TLS is either valid or disabled (as expected). FWIW if there are any errors you can usually see them in the devtools console in the browser.

Re LE support: the LE confconsole plugin does not like conmon (Podman service) listening on port 80 as it doesn’t know how to handle that. However this worked flawlessly:

1. Stop Podman pod
2. Obtain cert with confconsole plugin
3. Start Podman pod

Should be easy to update the plugin so it knows how to bring down the pod itself.

Re TKLBAM: profile changes won’t cut it as the Postgres-related code is actually in tklbam itself and has some hardcoded assumptions. I looked into „shimming“ that but it wasn’t very practical… So the options are:

1. Update tklbam code.
2. Backup the pgdata directory from FS.
3. Use a hook to handle the dump and restore logic for container DBs.

Downsides for 2. are e.g. possible inconsistencies when restoring to different versions as mentioned before and 3 is basically 1 but more hacky so I’m tending towards 1.

Alternatively, we might want to have a compatibility layer for DBs so that after they are dumped they are treated just like the rest of the FS and not specially like currently. This would make supporting different scenarios like backing up containerized DBs or even remote DBs easier. But might be too ambitious. Anyway, just an idea I had.

So it looks like there may be changes to confconsole and tklbam needed but the Canvas part itself shouldn't need more work, other than maybe porting some trivial improvements from the new Odoo appliance based on feedback there.

What do you think?