"use strict";(self.webpackChunkdocs_openc3_com=self.webpackChunkdocs_openc3_com||[]).push([[3942],{7628:(e,n,o)=>{o.r(n),o.d(n,{assets:()=>c,contentTitle:()=>i,default:()=>h,frontMatter:()=>a,metadata:()=>r,toc:()=>l});var s=o(1085),t=o(1184);const a={sidebar_position:7,title:"Podman"},i=void 0,r={id:"getting-started/podman",title:"Podman",description:"OpenC3 COSMOS Using Rootless Podman and Docker-Compose",source:"@site/docs/getting-started/podman.md",sourceDirName:"getting-started",slug:"/getting-started/podman",permalink:"/tools/staticdocs/docs/getting-started/podman",draft:!1,unlisted:!1,editUrl:"https://github.com/OpenC3/cosmos/tree/main/docs.openc3.com/docs/getting-started/podman.md",tags:[],version:"current",sidebarPosition:7,frontMatter:{sidebar_position:7,title:"Podman"},sidebar:"defaultSidebar",previous:{title:"Requirements and Design",permalink:"/tools/staticdocs/docs/getting-started/requirements"},next:{title:"Configuration",permalink:"/tools/staticdocs/docs/configuration"}},c={},l=[{value:"OpenC3 COSMOS Using Rootless Podman and Docker-Compose",id:"openc3-cosmos-using-rootless-podman-and-docker-compose",level:3},{value:"MacOS Instructions",id:"macos-instructions",level:2}];function d(e){const n={a:"a",admonition:"admonition",code:"code",h1:"h1",h2:"h2",h3:"h3",li:"li",ol:"ol",p:"p",pre:"pre",...(0,t.R)(),...e.components};return(0,s.jsxs)(s.Fragment,{children:[(0,s.jsx)(n.h3,{id:"openc3-cosmos-using-rootless-podman-and-docker-compose",children:"OpenC3 COSMOS Using Rootless Podman and Docker-Compose"}),"\n",(0,s.jsx)(n.admonition,{title:"Optional Installation Option",type:"info",children:(0,s.jsx)(n.p,{children:"These directions are for installing and running COSMOS using Podman instead of Docker. If you have Docker available, that is a simpler method."})}),"\n",(0,s.jsx)(n.p,{children:"Podman is an alternative container technology to Docker that is actively promoted by RedHat. The key benefit is that Podman can run without a root-level daemon service, making it significantly more secure by design, over standard Docker. However, it is a little more complicated to use. These directions will get you up and running with Podman. The following directions have been tested against RHEL 8.8, and RHEL 9.2, but should be similar on other operating systems."}),"\n",(0,s.jsx)(n.admonition,{title:"Rootless Podman Does Not Work (Directly) with NFS Home Directories",type:"warning",children:(0,s.jsxs)(n.p,{children:["NFS does not work for holding container storage due to issues with user ids and group ids. There are workarounds available but they all involve moving container storage to another location: either a different partition on the host local disk, or into a special mounted disk image. See: [",(0,s.jsx)(n.a,{href:"https://www.redhat.com/sysadmin/rootless-podman-nfs",children:"https://www.redhat.com/sysadmin/rootless-podman-nfs"}),"]",(0,s.jsx)(n.a,{href:"https://www.redhat.com/sysadmin/rootless-podman-nfs",children:"https://www.redhat.com/sysadmin/rootless-podman-nfs"}),"). Note that there is also a newish Podman setting that allows you to more easily change where the storage location is in /etc/containers/storage.conf called rootless_storage_path. See ",(0,s.jsx)(n.a,{href:"https://www.redhat.com/sysadmin/nfs-rootless-podman",children:"https://www.redhat.com/sysadmin/nfs-rootless-podman"})]})}),"\n",(0,s.jsx)(n.h1,{id:"redhat-88-and-92-instructions",children:"Redhat 8.8 and 9.2 Instructions"}),"\n",(0,s.jsxs)(n.ol,{children:["\n",(0,s.jsxs)(n.li,{children:["\n",(0,s.jsx)(n.p,{children:"Install Prerequisite Packages"}),"\n",(0,s.jsx)(n.p,{children:"Note: This downloads and installs docker-compose from the latest 2.x release on Github. If your operating system has a docker-compose package, it will be easier to install using that instead. RHEL8 does not have a docker-compose package."}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:"sudo yum update\nsudo yum install git podman-docker netavark\ncurl -SL https://github.com/docker/compose/releases/download/v2.16.0/docker-compose-linux-x86_64 -o docker-compose\nsudo mv docker-compose /usr/local/bin/docker-compose\nsudo chmod +x /usr/local/bin/docker-compose\nsudo ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose\n"})}),"\n"]}),"\n",(0,s.jsxs)(n.li,{children:["\n",(0,s.jsx)(n.p,{children:"Configure Host OS for Redis"}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:"sudo su\necho never > /sys/kernel/mm/transparent_hugepage/enabled\necho never > /sys/kernel/mm/transparent_hugepage/defrag\nsysctl -w vm.max_map_count=262144\nexit\n"})}),"\n"]}),"\n",(0,s.jsxs)(n.li,{children:["\n",(0,s.jsx)(n.p,{children:"Configure Podman to use Netavark for DNS"}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:"sudo cp /usr/share/containers/containers.conf /etc/containers/.\nsudo vi /etc/containers/containers.conf\n"})}),"\n",(0,s.jsx)(n.p,{children:'Then edit the network_backend line to be "netavark" instead of "cni"'}),"\n"]}),"\n",(0,s.jsxs)(n.li,{children:["\n",(0,s.jsx)(n.p,{children:"Start rootless podman socket service"}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:"systemctl enable --now --user podman.socket\n"})}),"\n"]}),"\n",(0,s.jsxs)(n.li,{children:["\n",(0,s.jsx)(n.p,{children:"Put the following into your .bashrc file (or .bash_profile or whatever)"}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:'export DOCKER_HOST="unix://$XDG_RUNTIME_DIR/podman/podman.sock"\n'})}),"\n"]}),"\n",(0,s.jsxs)(n.li,{children:["\n",(0,s.jsx)(n.p,{children:"Source the profile file for your current terminal"}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:"source .bashrc\n"})}),"\n"]}),"\n",(0,s.jsxs)(n.li,{children:["\n",(0,s.jsx)(n.p,{children:"Get COSMOS - A release or the current main branch (main branch shown)"}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:"git clone https://github.com/OpenC3/cosmos.git\n"})}),"\n"]}),"\n",(0,s.jsxs)(n.li,{children:["\n",(0,s.jsx)(n.p,{children:"Optional - Set Default Container Registry"}),"\n",(0,s.jsx)(n.p,{children:"If you don't want podman to keep querying you for which registry to use, you can create a $HOME/.config/containers/registries.conf and modify to just have the main docker registry (or modify the /etc/containers/registries.conf file directly)"}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:"mkdir -p $HOME/.config/containers\ncp /etc/containers/registries.conf $HOME/.config/containers/.\nvi $HOME/.config/containers/registries.conf\n"})}),"\n",(0,s.jsx)(n.p,{children:"Then edit the unqualified-search-registries = line to just have the registry you care about (probably docker.io)"}),"\n"]}),"\n",(0,s.jsxs)(n.li,{children:["\n",(0,s.jsx)(n.p,{children:"Edit cosmos/compose.yaml"}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:"cd cosmos\nvi compose.yaml\n"})}),"\n",(0,s.jsxs)(n.p,{children:["Edit compose.yaml and uncomment the user: 0:0 lines and comment the user: ",(0,s.jsx)(n.code,{children:'"${OPENC3_USER_ID}:${OPENC3_GROUP_ID}"'})," lines.\nYou may also want to update the traefik configuration to allow access from the internet by removing 127.0.0.1 and probably switching to either an SSL config file, or the allow http one. Also make sure your firewall allows\nwhatever port you choose to use in. Rootless podman will need to use a higher numbered port (not 1-1023)."]}),"\n"]}),"\n",(0,s.jsxs)(n.li,{children:["\n",(0,s.jsx)(n.p,{children:"Run COSMOS"}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:"./openc3.sh run\n"})}),"\n"]}),"\n",(0,s.jsxs)(n.li,{children:["\n",(0,s.jsxs)(n.p,{children:["Wait until everything is built and running and then goto ",(0,s.jsx)(n.a,{href:"http://localhost:2900",children:"http://localhost:2900"})," in your browser"]}),"\n"]}),"\n"]}),"\n",(0,s.jsx)(n.admonition,{title:"Podman on MacOS",type:"info",children:(0,s.jsx)(n.p,{children:"Podman can also be used on MacOS, though we still generally recommend Docker Desktop"})}),"\n",(0,s.jsx)(n.h2,{id:"macos-instructions",children:"MacOS Instructions"}),"\n",(0,s.jsxs)(n.ol,{children:["\n",(0,s.jsxs)(n.li,{children:["\n",(0,s.jsx)(n.p,{children:"Install podman"}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:"brew install podman\n"})}),"\n"]}),"\n",(0,s.jsxs)(n.li,{children:["\n",(0,s.jsx)(n.p,{children:"Start the podman virtual machine"}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:"podman machine init\npodman machine start\n# Note: update to your username in the next line or copy paste from what 'podman machine start' says\nexport DOCKER_HOST='unix:///Users/ryanmelt/.local/share/containers/podman/machine/qemu/podman.sock'\n"})}),"\n"]}),"\n",(0,s.jsxs)(n.li,{children:["\n",(0,s.jsx)(n.p,{children:"Install docker-compose"}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:"brew install docker-compose # Optional if you already have Docker Desktop\n"})}),"\n"]}),"\n",(0,s.jsxs)(n.li,{children:["\n",(0,s.jsx)(n.p,{children:"Edit cosmos/compose.yaml"}),"\n",(0,s.jsxs)(n.p,{children:["Edit compose.yaml and uncomment the user: 0:0 lines and comment the user: ",(0,s.jsx)(n.code,{children:'"${OPENC3_USER_ID}:${OPENC3_GROUP_ID}"'})," lines."]}),"\n",(0,s.jsxs)(n.p,{children:["Important: on MacOS you must also remove all ",":z"," from the volume mount lines"]}),"\n",(0,s.jsx)(n.p,{children:"You may also want to update the traefik configuration to allow access from the internet."}),"\n"]}),"\n",(0,s.jsxs)(n.li,{children:["\n",(0,s.jsx)(n.p,{children:"Run COSMOS"}),"\n",(0,s.jsx)(n.pre,{children:(0,s.jsx)(n.code,{className:"language-bash",children:"cd cosmos\n./openc3.sh run\n"})}),"\n"]}),"\n"]})]})}function h(e={}){const{wrapper:n}={...(0,t.R)(),...e.components};return n?(0,s.jsx)(n,{...e,children:(0,s.jsx)(d,{...e})}):d(e)}},1184:(e,n,o)=>{o.d(n,{R:()=>i,x:()=>r});var s=o(4041);const t={},a=s.createContext(t);function i(e){const n=s.useContext(a);return s.useMemo((function(){return"function"==typeof e?e(n):{...n,...e}}),[n,e])}function r(e){let n;return n=e.disableParentContext?"function"==typeof e.components?e.components(t):e.components||t:i(e.components),s.createElement(a.Provider,{value:n},e.children)}}}]);