Moving to Podman

Until recently, I used to use chroot, schroot and LXC to run my nested Linux environments. I’ve never used Docker, which has always looked like a single-purpose and quite limited tool to me. I started looking more deeply at Podman last year. I realized that this kind of technology can be mature enough now to be generally useful.

It’s important to set up the right storage driver, before containers are created in the storage, otherwise Podman would be a huge resource hog in the default setup. The best is to use Btrfs or ZFS file system, then Podman can take advantage of easy and lightweight file system cloning and works well. The storage driver to use can be configured (for a non-root user) by creating ~/.config/containers/storage.conf file with the following content (for Btrfs):

driver = "btrfs"

I’ve been trying to port some of my environments (even from virtual machines when possible) to Podman last months. It’s not without problems and it’s sometimes hacky but the benefit is that I can unify my nested environments using a single tool. Podman looks like an active project that’s hopefully not going to be abandoned anytime soon so it’s worth to invest into learning and using it.

I’ve already experienced switching from one container environment to another one in the past, when I switched from Linux-VServer to LXC. At the time, I was annoyed by missing Linux-VServer features in LXC (while LXC brought little advantages over Linux-VServer beyond being supported in kernel without patches, which was unfortunately important enough) but I could survive it. It’s different with Podman. Podman provides a lot of features although it is not that easy to use and is apparently more prone to bugs due to its complexity.

Podman has been looking promising and usable for my needs so far. I’m not yet done with conversions (partly because Podman is not yet available in Debian stable and partly following the golden rule of not touching things that work and must work) but I don’t think I’ll have to return back to (s)chroot and LXC.

Using Podman has the following advantages for me:

  • Podman works on images, which are provided for all the major distributions (not every Linux distribution has an equivalent of debootstrap to have an easy way to install it in a chroot environment).
  • Almost everything can be done from the command line, there is no need to edit configuration files.
  • Many actions can be run under a normal user, without root privileges, while still having root rights inside the container.
  • Cooperation with systemd (although not without flaws).
  • There is a lot of things that can be done with Podman.

And the following disadvantages:

  • Podman can work only on images so it’s not possible to run it simply on an unpacked directory, the other tools are still needed for that purpose.
  • Everything must be done from the command line using various commands, which is not so easy as editing a single schroot or LXC configuration file.
  • AFAIK the only official way to change a configuration of a container is to commit its image, which is an expensive operation, and to create a new container from the new image. Again, it’s simpler in schroot or LXC: Editing the configuration file and restarting the container, leaving the container file system untouched.
  • There is no Podman in current Debian stable and installing it manually is a non-trivial action.
  • It’s not very transparent, thinks are hidden behind several different components, internal arrangements of data directories and configuration, and numerous man pages (oh, good manuals are rare these days).






Leave a Reply

Your email address will not be published. Required fields are marked *