public inbox for pve-devel@lists.proxmox.com
 help / color / mirror / Atom feed
From: "Christoph Heiss" <c.heiss@proxmox.com>
To: "Filip Schauer" <f.schauer@proxmox.com>
Cc: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Subject: Re: [pve-devel] [PATCH container/manager/proxmox{, -perl-rs}/storage v2 00/11] support OCI images as container templates
Date: Tue, 17 Jun 2025 10:01:57 +0200	[thread overview]
Message-ID: <DAONG2CR5KTS.35LZH120Z12RX@proxmox.com> (raw)
In-Reply-To: <20250611144903.200940-1-f.schauer@proxmox.com>

pve-container changes now need a rebase due to the perltidy
re-formatting.

Tested the series using the same setup as last time. Tested the
following images, exported with podman:

- docker.io/library/nginx:mainline-alpine
- docker.io/library/nginx:mainline-bookworm
- ghcr.io/dani-garcia/vaultwarden:1.34.1-alpine
- docker.io/library/node:24-bookworm

Can confirm that all of these started up correctly and are
reachable/usable afterwards and that the problem with the entrypoint has
been fixed.

I also test with `ghcr.io/nixos/nix:latest`, which interestingly fails
to start with

DEBUG    utils - ../src/lxc/utils.c:run_buffer:560 - Script exec /usr/share/lxcfs/lxc.mount.hook 107 lxc mount produced output: /usr/share/lxcfs/lxc.mount.hook: 15: readlink: Permission denied

Not sure what is going on there, but I don't think it's directly related
to this series, rather just some OCI/Nix weirdness.

On Wed Jun 11, 2025 at 4:48 PM CEST, Filip Schauer wrote:
> Add basic support for OCI (Open Container Initiative) images [0] as
> container templates.
>
> An OCI image can be for example obtained from Docker Hub:
>
> Either using Docker:
>
> ```
> $ docker pull httpd
> $ docker save httpd > httpd.tar
> ```
>
> Or using Podman:
> When using Podman, the format needs to be explicitly specified,
> otherwise it defaults to docker-archive.
>
> ```
> $ podman pull httpd
> $ podman save --format=oci-archive httpd > httpd.tar
> ```
>
> The tarball can be uploaded to a storage as a container template and
> then used during container creation. It is automatically detected that
> the container template is an OCI image. The resulting container still
> uses the existing LXC framework.

Needs to documented in pve-docs too, this paragraph would already make a
great start tbh.

>
[..]
> # Build & install order:
>
> OCI image support:
> 1. proxmox
> 2. proxmox-perl-rs
> 3. pve-container
>
> .tar container template support:
> 1. pve-storage
> 2. pve-manager

Should be mentioned here (and ideally, on the respective pve-container
patch(es) as well) that pve-container depends on libpve-rs-perl after
this series, i.e. an appropriate entry needs to be added to d/control.

>
> [0] https://github.com/opencontainers/image-spec/blob/main/spec.md
> [1] https://lore.proxmox.com/pve-devel/20250606103719.533030-2-c.heiss@proxmox.com/
>
> Changed since v1:
> * Fix entrypoint command missing Cmd
> * Set lxc.signal.halt according to StopSignal (Fixes container shutdown)
> * setup: Ensure that both /etc/systemd/network and
>   /etc/systemd/system-preset exist before writing files into them.
> * ui: storage upload: accept *.tar files as vztmpl
> * proxmox-perl-rs: rebase on latest master (3d9806cb3c7f)
> * proxmox-perl-rs: add new dependencies to debian/control
> * proxmox-oci: refactor errors and use `thiserror` to avoid boilerplate

Please also mention changes in the notes of each patch - makes reviewing
a lot easier!


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel


  parent reply	other threads:[~2025-06-17  8:02 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-06-11 14:48 Filip Schauer
2025-06-11 14:48 ` [pve-devel] [PATCH proxmox v2 01/11] add proxmox-oci crate Filip Schauer
2025-06-24 12:42   ` Wolfgang Bumiller
2025-06-25  8:13   ` Wolfgang Bumiller
2025-06-11 14:48 ` [pve-devel] [PATCH proxmox-perl-rs v2 02/11] add Perl mapping for OCI container image parser/extractor Filip Schauer
2025-06-24 12:51   ` Wolfgang Bumiller
2025-06-25  7:59     ` Filip Schauer
2025-06-25  8:10       ` Wolfgang Bumiller
2025-06-11 14:48 ` [pve-devel] [PATCH container v2 03/11] config: whitelist lxc.init.cwd Filip Schauer
2025-06-25  9:00   ` [pve-devel] applied: " Wolfgang Bumiller
2025-06-11 14:48 ` [pve-devel] [PATCH container v2 04/11] add support for OCI images as container templates Filip Schauer
2025-06-11 14:48 ` [pve-devel] [PATCH container v2 05/11] config: add entrypoint parameter Filip Schauer
2025-06-11 14:48 ` [pve-devel] [PATCH container v2 06/11] configure static IP in LXC config for custom entrypoint Filip Schauer
2025-06-25  8:26   ` Wolfgang Bumiller
2025-06-25  8:30     ` Wolfgang Bumiller
2025-06-25  8:52       ` Stefan Hanreich
2025-07-09 12:45     ` Filip Schauer
2025-06-11 14:48 ` [pve-devel] [PATCH container v2 07/11] setup: debian: create /etc/network path if missing Filip Schauer
2025-06-11 14:49 ` [pve-devel] [PATCH container v2 08/11] setup: recursively mkdir /etc/systemd/{network, system-preset} Filip Schauer
2025-06-11 14:49 ` [pve-devel] [PATCH container v2 09/11] manage DHCP for containers with custom entrypoint Filip Schauer
2025-06-25  8:50   ` Wolfgang Bumiller
2025-07-09 12:43     ` Filip Schauer
2025-07-09 13:00       ` Wolfgang Bumiller
2025-06-11 14:49 ` [pve-devel] [PATCH storage v2 10/11] allow .tar container templates Filip Schauer
2025-06-24 13:11   ` Wolfgang Bumiller
2025-06-11 14:49 ` [pve-devel] [PATCH manager v2 11/11] ui: storage upload: accept *.tar files as vztmpl Filip Schauer
2025-06-17  8:01 ` Christoph Heiss [this message]
2025-07-09 12:50   ` [pve-devel] [PATCH container/manager/proxmox{, -perl-rs}/storage v2 00/11] support OCI images as container templates Filip Schauer
2025-07-09 12:40 ` [pve-devel] superseded: " Filip Schauer

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=DAONG2CR5KTS.35LZH120Z12RX@proxmox.com \
    --to=c.heiss@proxmox.com \
    --cc=f.schauer@proxmox.com \
    --cc=pve-devel@lists.proxmox.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal