I have followed the getting started section for setting up a Fedora CoreOS bare metal installation. I’m past the ignition piece and I can successfully ssh and get a bash prompt. I am interested in using toolbox from here to create mutable containers.
I am doing something wrong because when I try to run toolbox enter i get the error:
toolbox: failed to start container fedora-toolbox-32
Is there some additional configuration that is needed for toolbox to work OOTB?
Podman seems to be working fine I ran this sample from podman’s website:
$ podman run -dt -p 8080:8080/tcp registry.fedoraproject.org/f29/httpd
I can connect to apache on port 8080 without any issues.
I removed the fedora-toolbox-32 container using podman and re-ran toolbox create but it still fails when I run toolbox enter
I also tried running sudo toolbox enter even though I realize that defeats the purpose of podman. This gave me a different error:
toolbox: unable to migrate containers: runtime directory not created
What am I doing wrong? Should I not be using toolbox?
I tried to run the container with podman start fedora-toolbox-32 and now I think I found the underlying error.
Error: unable to start container "fedora-toolbox-32": error looking up supplemental groups for container 1145d9b3e64a8be5e99c9e88bd64829fc455a080036bb14dbd889a3f69e14118: Unable to find group sudo
Does this mean that I need to add a sudoers group in my ignition configuration? I did notice that the sudo command works with the default ‘core’ user for tasks such as restarting the machine.
I don’t understand the issue but from what I’m reading I should probably be using docker files or buildah when I want to create a new container / image. If that’s correct, I wonder what the use cases are for toolbox in CoreOS.
The first thing I was going to try and do was create a bind9 server container and I’d rather do it the old fashioned way by using a package manager and writing zone files, etc… then snapshot the image as I make those changes. It seems like this is exactly what buildah is for.
However, toolbox is only meant as a last-resort debugging tool and should not be used for running real services.
Please directly use podman for that, possibly within a dedicated systemd service unit. There a few examples in our docs at Running Containers :: Fedora Docs. However, you’ll need to tweak those to suit the actual container image (and configuration/resources) you are targeting.
The problem has been put aside with many others because Toolbox was being rewritten from Shell to Go and that took most of the time. The rewrite is more-or-less done now so the bug could be fixed relatively soon.
I apologize for all inconveniences caused by this.