From: "Christoph Heiss" <c.heiss@proxmox.com>
To: "Filip Schauer" <f.schauer@proxmox.com>
Cc: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Subject: Re: [pve-devel] [PATCH container/manager/proxmox{, -perl-rs}/storage v2 00/11] support OCI images as container templates
Date: Tue, 17 Jun 2025 10:01:57 +0200 [thread overview]
Message-ID: <DAONG2CR5KTS.35LZH120Z12RX@proxmox.com> (raw)
In-Reply-To: <20250611144903.200940-1-f.schauer@proxmox.com>
pve-container changes now need a rebase due to the perltidy
re-formatting.
Tested the series using the same setup as last time. Tested the
following images, exported with podman:
- docker.io/library/nginx:mainline-alpine
- docker.io/library/nginx:mainline-bookworm
- ghcr.io/dani-garcia/vaultwarden:1.34.1-alpine
- docker.io/library/node:24-bookworm
Can confirm that all of these started up correctly and are
reachable/usable afterwards and that the problem with the entrypoint has
been fixed.
I also test with `ghcr.io/nixos/nix:latest`, which interestingly fails
to start with
DEBUG utils - ../src/lxc/utils.c:run_buffer:560 - Script exec /usr/share/lxcfs/lxc.mount.hook 107 lxc mount produced output: /usr/share/lxcfs/lxc.mount.hook: 15: readlink: Permission denied
Not sure what is going on there, but I don't think it's directly related
to this series, rather just some OCI/Nix weirdness.
On Wed Jun 11, 2025 at 4:48 PM CEST, Filip Schauer wrote:
> Add basic support for OCI (Open Container Initiative) images [0] as
> container templates.
>
> An OCI image can be for example obtained from Docker Hub:
>
> Either using Docker:
>
> ```
> $ docker pull httpd
> $ docker save httpd > httpd.tar
> ```
>
> Or using Podman:
> When using Podman, the format needs to be explicitly specified,
> otherwise it defaults to docker-archive.
>
> ```
> $ podman pull httpd
> $ podman save --format=oci-archive httpd > httpd.tar
> ```
>
> The tarball can be uploaded to a storage as a container template and
> then used during container creation. It is automatically detected that
> the container template is an OCI image. The resulting container still
> uses the existing LXC framework.
Needs to documented in pve-docs too, this paragraph would already make a
great start tbh.
>
[..]
> # Build & install order:
>
> OCI image support:
> 1. proxmox
> 2. proxmox-perl-rs
> 3. pve-container
>
> .tar container template support:
> 1. pve-storage
> 2. pve-manager
Should be mentioned here (and ideally, on the respective pve-container
patch(es) as well) that pve-container depends on libpve-rs-perl after
this series, i.e. an appropriate entry needs to be added to d/control.
>
> [0] https://github.com/opencontainers/image-spec/blob/main/spec.md
> [1] https://lore.proxmox.com/pve-devel/20250606103719.533030-2-c.heiss@proxmox.com/
>
> Changed since v1:
> * Fix entrypoint command missing Cmd
> * Set lxc.signal.halt according to StopSignal (Fixes container shutdown)
> * setup: Ensure that both /etc/systemd/network and
> /etc/systemd/system-preset exist before writing files into them.
> * ui: storage upload: accept *.tar files as vztmpl
> * proxmox-perl-rs: rebase on latest master (3d9806cb3c7f)
> * proxmox-perl-rs: add new dependencies to debian/control
> * proxmox-oci: refactor errors and use `thiserror` to avoid boilerplate
Please also mention changes in the notes of each patch - makes reviewing
a lot easier!
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
next prev parent reply other threads:[~2025-06-17 8:02 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-06-11 14:48 Filip Schauer
2025-06-11 14:48 ` [pve-devel] [PATCH proxmox v2 01/11] add proxmox-oci crate Filip Schauer
2025-06-24 12:42 ` Wolfgang Bumiller
2025-06-25 8:13 ` Wolfgang Bumiller
2025-06-11 14:48 ` [pve-devel] [PATCH proxmox-perl-rs v2 02/11] add Perl mapping for OCI container image parser/extractor Filip Schauer
2025-06-24 12:51 ` Wolfgang Bumiller
2025-06-25 7:59 ` Filip Schauer
2025-06-25 8:10 ` Wolfgang Bumiller
2025-06-11 14:48 ` [pve-devel] [PATCH container v2 03/11] config: whitelist lxc.init.cwd Filip Schauer
2025-06-25 9:00 ` [pve-devel] applied: " Wolfgang Bumiller
2025-06-11 14:48 ` [pve-devel] [PATCH container v2 04/11] add support for OCI images as container templates Filip Schauer
2025-06-11 14:48 ` [pve-devel] [PATCH container v2 05/11] config: add entrypoint parameter Filip Schauer
2025-06-11 14:48 ` [pve-devel] [PATCH container v2 06/11] configure static IP in LXC config for custom entrypoint Filip Schauer
2025-06-25 8:26 ` Wolfgang Bumiller
2025-06-25 8:30 ` Wolfgang Bumiller
2025-06-25 8:52 ` Stefan Hanreich
2025-07-09 12:45 ` Filip Schauer
2025-06-11 14:48 ` [pve-devel] [PATCH container v2 07/11] setup: debian: create /etc/network path if missing Filip Schauer
2025-06-11 14:49 ` [pve-devel] [PATCH container v2 08/11] setup: recursively mkdir /etc/systemd/{network, system-preset} Filip Schauer
2025-06-11 14:49 ` [pve-devel] [PATCH container v2 09/11] manage DHCP for containers with custom entrypoint Filip Schauer
2025-06-25 8:50 ` Wolfgang Bumiller
2025-07-09 12:43 ` Filip Schauer
2025-07-09 13:00 ` Wolfgang Bumiller
2025-06-11 14:49 ` [pve-devel] [PATCH storage v2 10/11] allow .tar container templates Filip Schauer
2025-06-24 13:11 ` Wolfgang Bumiller
2025-06-11 14:49 ` [pve-devel] [PATCH manager v2 11/11] ui: storage upload: accept *.tar files as vztmpl Filip Schauer
2025-06-17 8:01 ` Christoph Heiss [this message]
2025-07-09 12:50 ` [pve-devel] [PATCH container/manager/proxmox{, -perl-rs}/storage v2 00/11] support OCI images as container templates Filip Schauer
2025-07-09 12:40 ` [pve-devel] superseded: " Filip Schauer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DAONG2CR5KTS.35LZH120Z12RX@proxmox.com \
--to=c.heiss@proxmox.com \
--cc=f.schauer@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal