4

1. Summarize the problem

I am following this simple tutorial from Developers RedHat to get a simple node/express container working.

I cannot get a container to run under a CentOS 7 VM on GCE.

I have a CentOS 7 GCE virtual machine, where I have Docker installed.

I am able to successfully build and run Docker containers and push them to Google's container registry with no problem.

Now I am trying to build podman/buildah containers, and do the same. I have buildman/podman installed. When I run this:

podman build -t hello-world-nodejs .

I get the following error message:

cannot clone: Invalid argument user namespaces are not enabled in /proc/sys/user/max_user_namespaces Error: could not get runtime: cannot re-exec process

any ideas?

Additionally, if there are any guides into getting this image into Google's container registry, and running under Cloud Run, it would be greatly appreciated.

Ultimately the destination for some containers is a cloud service.

2. Provide background including what you've already tried

I have tried doing a web search for a solution, nothing found that has solved the problem so far.

3. Show some code

podman build -t hello-world-nodejs .

4. Describe expected and actual results including any error messages

I can create and run docker images/containers on this GCE VM, I am trying to do the same with buildah/podman.

Toshi Warraich
  • 107
  • 6
user10664542
  • 642
  • 6
  • 24
  • `podman` by default tries to run the containers in rootless mode (unlike Docker). This requires some initial configuration, see [this tutorial](https://github.com/containers/libpod/blob/master/docs/tutorials/rootless_tutorial.md#enable-user-namespaces-on-rhel7-machines) for details. Your error is caused by the fact that you did not perform this configuration. – Danila Kiver Sep 12 '19 at 07:38
  • With fedora you get a newer kernel, which doesn't require all these steps and configs. Rootless podman works out of box. – DominiCane Oct 10 '19 at 12:44
  • For Cloud Run create a separate question. Try to limit your questions to one topic and one service. – John Hanley Oct 24 '19 at 18:33

2 Answers2

3

The following solved this issue for me:

sudo bash -c 'echo 10000 > /proc/sys/user/max_user_namespaces'
sudo bash -c "echo $(whoami):110000:65536 > /etc/subuid"
sudo bash -c "echo $(whoami):110000:65536 > /etc/subgid"

And then if you encounter an errors related to lchown run the following:

sudo rm -rf ~/.{config,local/share}/containers /run/user/$(id -u)/{libpod,runc,vfs-*}
omricoco
  • 613
  • 4
  • 13
1

I have spun up a CentOS 7 VM on GCE and got same issue. The issue is caused because User Namespaces is not enabled on the kernel by default. You have 2 options, either running podman as root (or using sudo) or enabling User Namespaces in your CentOS VM (the hard way).

According to the post here, the use of user namespace and the allocations of uid and gid’s that are required to make rootless containers work securely in your environment.

Probably StackOverflow is not the best place to ask this question. It's better to ask in the ServerFault site since it's a server and not coding problem.

Sandro G
  • 150
  • 10