Podman/Docker Installation Trouble

Hey All,

Was hoping to possibly get some direction on some trouble I'm running into when trying to install Channels using Podman. I just recently upgrade my server to a RHEL 9 machine and figured I'd try and use Podman instead of docker for my containers. I wanted to install channels this way as well but I've run into nothing but trouble getting it to install. I have a feeling it has to do with some sort of permissions or SELinux issue but don't know where to begin to diagnose the issue.

I've tried running the docker cli commands in both Root mode using Sudo and also rootless using my own non-root user. I've tried running it in --privileged mode mode that didn't seem to help either.

I'm kind of at a loss on my next steps. Anybody have any suggestion on what I could try or logs I could look at to help diagnose this better??

I run Channels under Podman with SELinux, and have no issues. I have my main storage directories set private to Podman root, and storage and content directories able to be shared between Channels and other media servers within the same pod.

Perhaps if you shared your specific issues or what you having problems with, perhaps I could help better ...

@racameron thats encouraging to hear you have it working. That sounds like exactly what I’m trying to do as well.

I’m very new to podman and even Docker not super experience so I really appreciate the your help.

At the most basic level the problem is just that I can’t connect successfully to port 8089 after I run the container. The container shows as running but can’t open the web interface. I also noticed nothing is being written to the /config directory I have set either. Beyond that I’m not sure what else to do to even start to troubleshoot this. I run Cockit and monitor my containers there but there really is nothing as far as logs to help diagnose this. The most I’ve seen from the logs is just “downloading channels dvr”, “running channels dvr”. At one point for whatever reason the logs did say just that it failed to install but that was it.

Here is the commands I ran during my latest attempt. The config directories are just for testing purposes at the moment and ultimately I’d like to run it all rootless. Once I get that all working I’d like to then bundle my other media containers in a pod like you’re doing.

sudo podman run --privileged
--detach
--name=channels-dvr
--net=host
--restart=unless-stopped
--device /dev/dri:/dev/dri
--volume /home/chris/channels-config:/channels-dvr
--volume /home/chris/Videos:/chris/Videos
fancybits/channels-dvr:tve

In your scenario, I would refrain from running a privileged container from your home directory. Instead, I would use some other base directory (such as /srv/channels, which I'll use in this example):

sudo podman run \
  --name channels \
  --network host \
  --restart unless-stopped \
  --device /dev/dri \
  --volume /srv/channels/config:/channels-dvr:Z \
  --volume /srv/channels/Videos:/dvr:z \
  docker.io/fancybits/channels-dvr:tve

I believe the "missing sauce" is the label of your volume mounts: :Z (capital Z) tells Podman that the directory should have its SELinux label set for the container's sole use; the :z (small Z) sets the label to be shared/written to by multiple contexts.

Another option is to disable SELinux entirely.

(Also, ensure that the directories you are telling Podman to mount into the container actually exist first.)

Thanks for tips! I did read a little bit about the :Z, :z labels but didn't fully understand them...I tried what you suggested though and it still seems to be behaving similar except this time when I ran what you suggested what I was seeing in the log files of Cockpit is what is printed out in the command line...it just hangs at "Running Channels DVR"...

[chris@my-server channels]$ sudo podman run
--name channels
--network host
--restart unless-stopped
--device /dev/dri
--volume /srv/channels/config:/channels-dvr:Z
--volume /srv/channels/Videos:/dvr:z
docker.io/fancybits/channels-dvr:tve
Trying to pull docker.io/fancybits/channels-dvr:tve...
Getting image source signatures
Copying blob d22c1ec9cf65 done
Copying blob 03b7306ab928 done
Copying blob 6deef34520d3 done
Copying blob fa7045767063 done
Copying config f57e32da7f done
Writing manifest to image destination
Storing signatures
Installing Channels DVR..
Downloading Channels DVR 2022.08.04.1903 (linux-x86_64) to //channels-dvr......
Channels DVR has been downloaded.
Running Channels DVR..

Looks like it is running.

Have you tried accessing it via its web UI?

Yeah I have and it just comes up with…

image1170×2114 129 KB

Port: 8089 correct?

And it was just weird cause when Running it from SSH and just stopped at Running Channels DVR…it didn’t complete and go back to an active terminal…

If you're going to use the run command, you should probably also use the --detach option to les it continue to run and return you to the shell.

Were you able to load it in a webpage while it was still running in the shell via SSH?

No, SSH was still running when I tried to connect it in the webpage

And shoot good catch on the —detach. I will try adding that. It’s been there in the past when I ran it though so not hugely confident that will make the difference

just tried it again with --detach. That's why it didn't go back to the shell previously. this time it went back to the shell but still in the same boat as before. Shows it's running but nothing...

Cockpit logs showed the exact same messages.

However, I just looked and now there is data is in the config folder...so that's a step in the right direction!

[chris@my-server config]$ pwd
/srv/channels/config
[chris@my-server config]$ ls
2022.08.04.1903 data latest

What does the container tab in Cockpit show? Or the output of podman ps?

So it's running ... so the issue looks like it's network related then.

If you've set it up with host networking, then accessing your server at port 8089 ought to work.

I suppose you can try running it with default networking and publishing the port: remove the --network host option, and replace it with -p 8089:8089.

so that worked!

for my own learning you have any idea why that might have worked but --network host didn't?

Could be the system firewall was blocking the port. (That is my first guess. I don't use the default or host networking, though. Instead, I have created a macvlan network within podman, and each pod gets its own MAC address; that way each pod is seen as a separate host on the network, and there is no need to worry about publishing ports.)

Ahh very cool!

Well I really appreciate the help!

Next question, I’d ideally like to run this rootless instead of root and also add it into a pod with some other media server containers. You think that’s fairly doable and any recommendations on adjustment to make to what I have know?

Should I mount the config and videos folders in another location than the root directories?

Rootless should be fine. Just remember that the user the container runs under would need to have access to /dev/dri device in order to have hardware transcoding. As far as a pod goes, you need to publish all of the ports that any container will need when you create the pod; you cannot publish ports later when you create the container, you have to do all of them upfront.

There are many tutorials online with rootless containers/pods that will probably give you some better direction, as that is not how I run my pods.

@racameron

I probably should've quit while I was ahead but wanted to test this out running it as rootless. When I run as rootless without sudo I get this error about referencing "setxattr"...any clues?

[chris@my-server videos]$ podman run
--detach
--name channels-dvr
-p 8089:8089
--restart unless-stopped
--device /dev/dri
--volume /srv/podman/config/channels-dvr:/config:Z
--volume /media/videos:/media/videos:z
docker.io/fancybits/channels-dvr:tve
Trying to pull docker.io/fancybits/channels-dvr:tve...
Getting image source signatures
Copying blob 03b7306ab928 done
Copying blob fa7045767063 done
Copying blob d22c1ec9cf65 done
Copying blob 6deef34520d3 done
Copying config f57e32da7f done
Writing manifest to image destination
Storing signatures
Error: setxattr /srv/podman/config/channels-dvr: operation not permitted