podman

1
#!/bin/bash -e
2
# Execute podman while capturing the API stream
3
#
4
# Script will run an instance of podman sand-boxed, the API stream will be captured and then formatted for readability.
5

6
if [[ $(id -u) != 0 ]]; then
7
    echo >&2 "$0 must be run as root."
8
    exit 2
9
fi
10

11
if ! command -v socat >/dev/null 2>&1; then
12
    echo 1>&2 "socat not found on PATH"
13
fi
14

15
PODMAN=${PODMAN:-podman}
16
if ! command -v "$PODMAN" >/dev/null 2>&1; then
17
    echo 1>&2 "$PODMAN not found on PATH"
18
fi
19

20
function usage() {
21
    echo 1>&2 $0 '[-v] [-h]'
22
}
23

24
while getopts "vh" arg; do
25
    case $arg in
26
    v)
27
        VERBOSE='-v'
28
        export PODMAN_LOG_LEVEL=debug
29
        ;;
30
    h)
31
        usage
32
        exit 0
33
        ;;
34
    \?)
35
        usage
36
        exit 2
37
        ;;
38
    esac
39
done
40
shift $((OPTIND - 1))
41

42
function cleanup() {
43
    set +xeuo pipefail
44
    rm -r "$1"
45
    kill -9 $REAP_PIDS
46

47
    sed -e 's/^> /\nClient Request> /' -e 's/^< /\nServer Response< /' -i /tmp/podman-socat.log
48
}
49

50
# Create temporary directory for storage
51
export TMPDIR=$(mktemp -d /tmp/podman.XXXXXXXXXX)
52
trap "cleanup $TMPDIR" EXIT
53

54
# Need locations to store stuff
55
mkdir -p "${TMPDIR}"/{podman,crio,crio-run,cni/net.d,ctnr,tunnel}
56

57
export CONTAINERS_REGISTRIES_CONF=${TMPDIR}/registry.conf
58
cat >"$CONTAINERS_REGISTRIES_CONF" <<-EOT
59
  [registries.search]
60
    registries = ['docker.io']
61
  [registries.insecure]
62
    registries = []
63
  [registries.block]
64
    registries = []
65
EOT
66

67
export CNI_CONFIG_PATH=${TMPDIR}/cni/net.d
68
cat >"$CNI_CONFIG_PATH"/87-podman-bridge.conflist <<-EOT
69
{
70
  "cniVersion": "0.3.0",
71
  "name": "podman",
72
  "plugins": [{
73
      "type": "bridge",
74
      "bridge": "cni0",
75
      "isGateway": true,
76
      "ipMasq": true,
77
      "ipam": {
78
        "type": "host-local",
79
        "subnet": "10.88.0.0/16",
80
        "routes": [{
81
          "dst": "0.0.0.0/0"
82
        }]
83
      }
84
    },
85
    {
86
      "type": "portmap",
87
      "capabilities": {
88
        "portMappings": true
89
      }
90
    }
91
  ]
92
}
93
EOT
94

95
PODMAN_ARGS="--storage-driver=vfs \
96
  --root=${TMPDIR}/crio \
97
  --runroot=${TMPDIR}/crio-run \
98
  --network-config-dir=$CNI_CONFIG_PATH \
99
  --cgroup-manager=systemd \
100
  "
101
if [[ -n $VERBOSE ]]; then
102
    PODMAN_ARGS="$PODMAN_ARGS --log-level=$PODMAN_LOG_LEVEL --syslog=true"
103
fi
104
PODMAN="$PODMAN $PODMAN_ARGS"
105

106
PODMAN_HOST="${TMPDIR}/podman/podman-socat.sock"
107
SOCAT_HOST="${TMPDIR}/podman/podman.sock"
108

109
cat <<-EOT
110
Podman service running at unix://$SOCAT_HOST
111
See /tmp/podman-socat.log for API stream capture
112
See /tmp/podman-service.log for service logging
113

114
usage: sudo bin/podman-remote --url unix://$SOCAT_HOST images
115

116
^C to exit
117
EOT
118

119
$PODMAN system service --timeout=0 "unix://$PODMAN_HOST" >/tmp/podman-service.log 2>&1 &
120
REAP_PIDS=$!
121

122
socat -v "UNIX-LISTEN:$SOCAT_HOST",fork,reuseaddr,unlink-early "UNIX-CONNECT:$PODMAN_HOST" >/tmp/podman-socat.log 2>&1
123