-
Notifications
You must be signed in to change notification settings - Fork 138
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update Readme with information about Docker container #242
Conversation
2a4d0c1
to
73349ec
Compare
docker run --rm --interactive --tty --device /dev/kvm --user $(id -u) --workdir /recipes --mount "type=bind,source=$(pwd),destination=/recipes" --security-opt label=disable godebos/debos <RECIPE.yaml> | ||
docker run --rm --interactive --tty \ | ||
--device /dev/kvm \ | ||
--user $(id -u):$(id -g) \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
that's typically not needed
docker run --rm --interactive --tty \ | ||
--device /dev/kvm \ | ||
--user $(id -u):$(id -g) \ | ||
--group-add $(getent group kvm | cut -d: -f3) \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
kvm has uaccess tagged on modern systems so this is also not needed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
right, just having a look at this again since i don't fully understand the permissions here.
kvm has uaccess tagged on my system, and my user is part of the kvm group:
$ ls -la /dev/kvm
crw-rw----+ 1 root kvm 10, 232 Jan 28 09:36 /dev/kvm
$ getfacl /dev/kvm
getfacl: Removing leading '/' from absolute path names
# file: dev/kvm
# owner: root
# group: kvm
user::rw-
user:obbardc:rw-
group::rw-
mask::rw-
other::---
debos with kvm backend runs when i run it locally outside of docker, but not inside a container it breaks without this hunk of the patch:
$ docker run --rm --interactive --tty --device /dev/kvm --user $(id -u) --workdir /recipes --mount "type=bind,source=$(pwd),destination=/recipes" --security-opt label=disable godebos/debos:bullseye doc/examples/example.yaml
Could not access KVM kernel module: Permission denied
qemu-system-x86_64: failed to initialize kvm: Permission denied
error starting kvm backend: <nil>
i am probably doing something wrong here, or my system is configured incorrectly!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hm seems like if i remove the --user
arg from docker then it works fine, but then i loose the file permissions on the recipies bind mount
README.md
Outdated
builds a basic Debian tarball. | ||
|
||
A collection of user-submitted recipes are available under the [debos-recipes](https://github.com/go-debos/debos-recipes) | ||
repository. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd just removed that as debos-recipes isn't actually actively maintained at the moment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
see notes :)
The docker command misses adding the kvm group to the container. This is required otherwise the container can't access /dev/kvm Signed-off-by: Christopher Obbard <chris.obbard@collabora.com>
Signed-off-by: Christopher Obbard <chris.obbard@collabora.com>
73349ec
to
342f263
Compare
``` | ||
docker pull godebos/debos | ||
``` | ||
A Docker container containing the latest version of Debos is available from [Docker Hub](https://hub.docker.com/r/godebos/debos). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we should point to ghcr first
docker pull godebos/debos | ||
``` | ||
A Docker container containing the latest version of Debos is available from [Docker Hub](https://hub.docker.com/r/godebos/debos). | ||
See [docker/README.md](https://github.com/go-debos/debos/blob/master/docker/README.md) for more information and usage. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
also the links in this file need to be modified
See [docker/README.md](https://github.com/go-debos/debos/blob/master/docker/README.md) for usage. | ||
|
||
## Installation (under Debian) | ||
## Installation from source (under Debian) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
add a section about installing from packages in debian
--workdir /recipes \ | ||
--mount "type=bind,source=$(pwd),destination=/recipes" \ | ||
--security-opt label=disable \ | ||
godebos/debos recipe.yaml |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
use ghcr
Closing in favour of #468 |
fix some documentation and the examples