From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
by lore.proxmox.com (Postfix) with ESMTPS id 44A6D1FF191
for <inbox@lore.proxmox.com>; Mon, 2 Jun 2025 18:27:07 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
by firstgate.proxmox.com (Proxmox) with ESMTP id 1A1AD8570;
Mon, 2 Jun 2025 18:27:24 +0200 (CEST)
Message-ID: <8238e2a7-60a7-4225-a171-62e7ae3bc0f8@proxmox.com>
Date: Mon, 2 Jun 2025 18:26:49 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>,
Filip Schauer <f.schauer@proxmox.com>
References: <20250520124257.165949-1-f.schauer@proxmox.com>
From: =?UTF-8?Q?Michael_K=C3=B6ppl?= <m.koeppl@proxmox.com>
Content-Language: en-US
In-Reply-To: <20250520124257.165949-1-f.schauer@proxmox.com>
X-SPAM-LEVEL: Spam detection results: 0
AWL -0.121 Adjusted score from AWL reputation of From: address
BAYES_00 -1.9 Bayes spam probability is 0 to 1%
DMARC_MISSING 0.1 Missing DMARC policy
KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
KAM_LOTSOFHASH 0.25 Emails with lots of hash-like gibberish
SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record
SPF_PASS -0.001 SPF: sender matches SPF record
Subject: Re: [pve-devel] [PATCH container/proxmox{,
-perl-rs}/storage 0/9] support OCI images as container templates
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>,
<mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>,
<mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>
Thanks for tackling this! I tested setting up containers based on
various OCI images. Apart from the UI not allowing upload of .tar files
(see my comment on the pve-storage patch), the uploading worked as
expected. I encountered some problems with various images during my
testing. I used docker save to get the .tar files (as per your example).
Tested the following with that setup:
- httpd image (as per your example): worked as expected, was able to
reach the httpd "It works!" page
- redis:latest: connection reset by peer on start, fails to start
- debian:bookworm: `sync_wait: 34 An error occurred in another process
(expected sequence number 7)` on start
- alpine:latest: worked as expected, landed in shell
- fedora:latest: unable to open file
'/etc/systemd/system-preset/00-pve.preset.tmp.85271' - No such file or
directory on create, cannot create container
- ubuntu:latest: `unable to open file
'/etc/systemd/network/eth0.network.tmp.89496' - No such file or directory`
- Supplying an SSH key does not seem to work (tested with alpine OCI image)
- Images with a CMD in their Dockerfile that does not call a shell (i.e.
last line is not CMD ["/bin/bash"]) will not display anything in the
console view. This is not unexpected, but UX-wise it might make sense to
inform users about this in some way (maybe by disabling the console view
and displaying an informational message)
I also tested with .tar files created by podman. Those only worked when
created with --format=oci-archive, otherwise os-release and architecture
can seemingly not be detected during startup, falling back to
'unmanaged' and 'amd64'. Might be worth mentioning in future
documentation for this feature.
On 5/20/25 14:42, Filip Schauer wrote:
> Add basic support for OCI (Open Container Initiative) images [0] as
> container templates.
>
> An OCI image can be for example obtained from Docker Hub:
>
> ```
> $ docker pull httpd
> $ docker save httpd > httpd.tar
> ```
>
> The tarball can be uploaded to a storage as a container template and
> then used during container creation. It is automatically detected that
> the container template is an OCI image. The resulting container still
> uses the existing LXC framework.
>
> # Dependencies:
>
> Since the `oci-spec` crate is not in any Debian repository at the time
> of writing, it needs to be downloaded from crates.io, in order to be
> able to build `proxmox-oci`.
>
> Here is a little script to download the `oci-spec` crate along with its
> dependencies:
>
> ```sh
> download_crate() {
> CRATE_NAME=$1
> CRATE_VERSION=$2
> CRATE_SHA256=$3
>
> wget https://crates.io/api/v1/crates/$CRATE_NAME/$CRATE_VERSION/download
>
> COMPUTED_SHA256=$(sha256sum download | awk '{ print $1 }')
> if [ "$COMPUTED_SHA256" != "$CRATE_SHA256" ]; then
> echo "Checksum mismatch"; exit 1
> fi
>
> tar -xf download
> rm download
> mv $CRATE_NAME-$CRATE_VERSION /usr/share/cargo/registry/
> echo "{\"package\":\"$CRATE_SHA256\",\"files\":{}}" > /usr/share/cargo/registry/$CRATE_NAME-$CRATE_VERSION/.cargo-checksum.json
> }
>
> download_crate strsim 0.11.1 7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f
> download_crate ident_case 1.0.1 b9e0384b61958566e926dc50660321d12159025e767c18e043daf26b70104c39
> download_crate darling_macro 0.20.11 fc34b93ccb385b40dc71c6fceac4b2ad23662c7eeb248cf10d529b7e055b6ead
> download_crate darling_core 0.20.11 0d00b9596d185e565c2207a0b01f8bd1a135483d02d9b7b0a54b11da8d53412e
> download_crate darling 0.20.11 fc7f46116c46ff9ab3eb1597a45688b6715c6e628b5c133e288e709a29bcb4ee
> download_crate proc-macro-error-attr2 2.0.0 96de42df36bb9bba5542fe9f1a054b8cc87e172759a1868aa05c1f3acc89dfc5
> download_crate derive_builder_core 0.20.2 2d5bcf7b024d6835cfb3d473887cd966994907effbe9227e8c8219824d06c4e8
> download_crate thiserror-impl 2.0.0 22efd00f33f93fa62848a7cab956c3d38c8d43095efda1decfc2b3a5dc0b8972
> download_crate rustversion 1.0.20 eded382c5f5f786b989652c49544c4877d9f015cc22e145a5ea8ea66c2921cd2
> download_crate heck 0.5.0 2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea
> download_crate proc-macro-error2 2.0.1 11ec05c52be0a07b08061f7dd003e7d7092e0472bc731b4af7bb1ef876109802
> download_crate derive_builder_macro 0.20.2 ab63b0e2bf4d5928aff72e83a7dace85d7bba5fe12dcc3c5a572d78caffd3f3c
> download_crate thiserror 2.0.0 15291287e9bff1bc6f9ff3409ed9af665bec7a5fc8ac079ea96be07bca0e2668
> download_crate strum_macros 0.27.1 c77a8c5abcaf0f9ce05d62342b7d298c346515365c36b673df4ebe3ced01fde8
> download_crate strum 0.27.1 f64def088c51c9510a8579e3c5d67c65349dcf755e5479ad3d010aa6454e2c32
> download_crate getset 0.1.5 f3586f256131df87204eb733da72e3d3eb4f343c639f4b7be279ac7c48baeafe
> download_crate derive_builder 0.20.2 507dfb09ea8b7fa618fcf76e953f4f5e192547945816d5358edffe39f6f94947
> download_crate oci-spec 0.8.1 57e9beda9d92fac7bf4904c34c83340ef1024159faee67179a04e0277523da33
> ```
>
> Since librust-oci-spec-dev is in the proxmox-oci/debian/control file, a
> dummy package needs to be installed, so dpkg-checkbuilddeps does not
> complain.
>
> dummy_librust_oci_spec.equivs:
>
> ```
> Package: librust-oci-spec-dev
> Version: 0.8.1
> Provides: librust-oci-spec-0.8+default-dev (= 0.8.1-1)
> ```
>
> ```
> $ equivs-build dummy_librust_oci_spec.equivs
> $ dpkg -i ./librust-oci-spec-dev_0.8.1_all.deb
> ```
>
> # Build & install order:
>
> 1. proxmox
> 2. proxmox-perl-rs
> 3. pve-container
> * pve-storage (no particular order there)
>
> [0] https://github.com/opencontainers/image-spec/blob/main/spec.md
>
> proxmox:
>
> Filip Schauer (1):
> add proxmox-oci crate
>
> Cargo.toml | 1 +
> proxmox-oci/Cargo.toml | 21 ++++
> proxmox-oci/debian/changelog | 5 +
> proxmox-oci/debian/control | 45 ++++++++
> proxmox-oci/debian/debcargo.toml | 7 ++
> proxmox-oci/src/lib.rs | 165 +++++++++++++++++++++++++++++
> proxmox-oci/src/oci_tar_image.rs | 173 +++++++++++++++++++++++++++++++
> 7 files changed, 417 insertions(+)
> create mode 100644 proxmox-oci/Cargo.toml
> create mode 100644 proxmox-oci/debian/changelog
> create mode 100644 proxmox-oci/debian/control
> create mode 100644 proxmox-oci/debian/debcargo.toml
> create mode 100644 proxmox-oci/src/lib.rs
> create mode 100644 proxmox-oci/src/oci_tar_image.rs
>
>
> proxmox-perl-rs:
>
> Filip Schauer (1):
> add Perl mapping for OCI container image parser
>
> pve-rs/Cargo.toml | 2 ++
> pve-rs/Makefile | 1 +
> pve-rs/src/lib.rs | 1 +
> pve-rs/src/oci.rs | 20 ++++++++++++++++++++
> 4 files changed, 24 insertions(+)
> create mode 100644 pve-rs/src/oci.rs
>
>
> pve-storage:
>
> Filip Schauer (1):
> allow .tar container templates
>
> src/PVE/Storage.pm | 2 +-
> src/PVE/Storage/Plugin.pm | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
>
> pve-container:
>
> Filip Schauer (6):
> config: whitelist lxc.init.cwd
> add support for OCI images as container templates
> config: add entrypoint parameter
> configure static IP in LXC config for custom entrypoint
> setup: debian: create /etc/network path if missing
> manage DHCP for containers with custom entrypoint
>
> src/PVE/API2/LXC.pm | 53 ++++++++++++++++++++--
> src/PVE/LXC.pm | 88 ++++++++++++++++++++++++++++++++++---
> src/PVE/LXC/Config.pm | 19 +++++++-
> src/PVE/LXC/Setup/Debian.pm | 1 +
> 4 files changed, 152 insertions(+), 9 deletions(-)
>
>
> Summary over all repositories:
> 17 files changed, 595 insertions(+), 11 deletions(-)
>
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel