podman on FreeBSD (at 2025/02)

どこでも動くコンテナはないものか - podman -

• podman を ubuntu で動かすのは簡単です。 そもそも linux だからですね。
• Windows で podman を動かすのは可能ですが、どこか使いにくいトコロが出てきます。 wsl/hyper-vを経由するからですね。
• じゃあ、FreeBSDならどうでしょうか？　今日はこれを試してみます。
• 読んでおくものは以下の通り：

FreeBSD の podman 実装

• goの環境で OS依存性の低いところは取り敢えず動きます。
• podmanは ocijail https://github.com/dfr/ocijail に依存します。
• ocijail on FreeBSD:

Experimental, proof-of-concept OCI-compatible runtime for jails

というところで、PoCレベルで以下の機能がないことが分かります。

$ podman ps
Error: Rootless mode is not supported on FreeBSD - run podman as root

現状は、rootless mode がないのです。ちょっと動かすのはまだまだ先だということですね。 FreeBSDに Linux/cgroup V2 実装レベルのモノを持ってくることが出来るかどうかになります。

• FreeBSD/jail ”だけで” rootless コンテナは、おそらく「可能」ではあっても PoCレベルです。

動かしてみる

• FreeBSD "latest" repo から入るのは　version 5.3.2 と ubuntu24.04 よりも進んだバージョンになっていました。

The FreeBSD port of the Podman container engine is experimental and should be
used for evaluation and testing purposes only.

$ sudo podman run --rm docker.io/dougrabson/hello

Podman can restart containers after a host is rebooted. To enable this, use:

$ sudo sysrc podman_enable=YES

and start the container with a restart policy:

$ sudo podman run -d --restart=always myimage

It is possible to run many Linux container images using FreeBSD's Linux emulation:

$ sudo sysrc linux_enable=YES
$ sudo service linux start
$ sudo podman run --rm --os=linux alpine cat /etc/os-release | head -1
NAME="Alpine Linux"

• 実際に動かします。

$ sudo podman run --rm docker.io/dougrabson/hello

Trying to pull docker.io/dougrabson/hello:latest...
Getting image source signatures
Copying blob b13a5ec7f3d2 skipped: already exists  
Copying config f81c971736 done   | 
Writing manifest to image destination
!... Hello Podman World ...!

         .--"--.           
       / -     - \         
      / (O)   (O) \        
   ~~~| -=(,Y,)=- |         
    .---. /`  \   |~~      
 ~/  o  o \~~~~.----. ~~   
  | =(X)= |~  / (O (O) \   
   ~~~~~~~  ~| =(Y_)=-  |   
  ~~~~    ~~~|   U      |~~ 

Project:   https://github.com/containers/podman
Website:   https://podman.io
Documents: https://docs.podman.io
Twitter:   @Podman_io

FreeBSD14.2-small をうごかす。

• pullしておきます。　あまりに重いので何度かリトライした結果・・・

$ sudo podman pull docker.io/dougrabson/freebsd14-small 
Trying to pull docker.io/dougrabson/freebsd14-small:latest...
Getting image source signatures
Copying blob 15578af53d27 done   | 
Copying blob 9d2fd27acba5 skipped: already exists  
Copying blob f71862837cd2 skipped: already exists  
Copying blob 214ced2b7f04 skipped: already exists  
Copying blob ffe2c6cc85f4 skipped: already exists  
Copying config c198ae7740 done   | 
Writing manifest to image destination
c198ae7740c28a0e6021cd4629737c4ed78ce4914fd795967e2194fd9d61d48a

• コンテナを開いてみます。最小限で動くコンテナです。

$ sudo podman run -it docker.io/dougrabson/freebsd14-small /bin/sh

渋いので、様子を見に行きました。原因はzpool のクローニング・・・

68711 10  Ss        0:00.00 sudo podman run -it docker.io/dougrabson/freebsd14-small /bin/sh
68910 10  S+        0:00.06 podman run -it docker.io/dougrabson/freebsd14-small /bin/sh
70503 10  D+        0:00.01 zfs clone -p -o mountpoint=legacy zroot/ROOT/default/a480e6db4206ae867168980b3cd09c6d9b41b8c9b69f7ea64a85bf5a97f9d02c@959793645 zroot/ROOT/default/468660990be34c85e04aaf3274e85a86a8a5e786605b0d382debd2ac29e2642a

# uname -a
FreeBSD 87228bab36b4 14.2-RELEASE FreeBSD 14.2-RELEASE releng/14.2-n269506-c8918d6c7412 GENERIC amd64
# freebsd-version 
14.1-STABLE
# cd /
# du -d1 -h
6.5M	./lib
512B	./rescue
2.2M	./sbin
512B	./net
1.3M	./etc
 57M	./usr
624K	./bin
 82K	./libexec
 10K	./root
512B	./proc
1.0K	./dev
1.1M	./var
 15K	./boot
512B	./mnt
512B	./tmp
512B	./media
 69M	.
 # arp -a
host.containers.internal (10.88.0.1) at 58:9c:fc:10:ff:ae on eth0 expires in 1180 seconds [ethernet]
87228bab36b4 (10.88.0.4) at 02:59:d9:e0:96:0b on eth0 permanent [ethernet]
 

• podman(ocijail) は VNETでネットワークを分離しています。デフォルトがこんな感じになっていました・・・

cni-podman0: flags=1008843 metric 0 mtu 1500
	options=0
	ether 58:9c:fc:10:ff:ae
	inet 10.88.0.1 netmask 0xffff0000 broadcast 10.88.255.255
	id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
	maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
	root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
	member: vnet2a9ebcc3 flags=143
	        ifmaxaddr 0 port 65 priority 128 path cost 2000
	groups: bridge
	nd6 options=9
vnet2a9ebcc3: flags=1008943 metric 0 mtu 1500
	description: associated with jail: 87228bab36b44f559bd6d4b3e7e531d20adf3518c2c8ebbe43716675c1c189f8 as nic: eth0
	options=8
	ether 02:59:d9:e0:96:0a
	groups: epair
	media: Ethernet 10Gbase-T (10Gbase-T )
	status: active
	nd6 options=29

• pfで設定をしないとコンテナは外界と通信できないので ホスト側の /etc/pf.conf を編集します・・・

podman_net=10.88.0.0/16"

# podman
nat from $podman_net to any -> $ext_net static-port

• コンテナ内は vi すらないので・・・vim を入れるところまでやってみます・・

# echo nameserver 8.8.8.8 >>/etc/resolv.conf
# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=58 time=5.295 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=58 time=3.767 ms
^C
--- 8.8.8.8 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 3.767/4.531/5.295/0.764 ms
# pkg bootstrap -f
pkg(8) is already installed. Forcing reinstallation through pkg(7).
The package management tool is not yet installed on your system.
Do you want to fetch and install it now? [y/N]: y
Bootstrapping pkg from pkg+https://pkg.freebsd.org/FreeBSD:14:amd64/base_latest, please wait...
pkg: Error fetching https://pkg.freebsd.org/FreeBSD:14:amd64/base_latest/Latest/pkg.txz: Not Found
A pre-built version of pkg could not be found for your system.
Consider changing PACKAGESITE or installing it from ports: 'ports-mgmt/pkg'.
# pkg-static install -f pkg
Updating FreeBSD repository catalogue...
[87228bab36b4] Fetching meta.conf: 100%    179 B   0.2kB/s    00:01    
[87228bab36b4] Fetching data.pkg: 100%   10 MiB  10.5MB/s    00:01    
Processing entries: 100%
FreeBSD repository update completed. 35884 packages processed.
Updating FreeBSD-base repository catalogue...
[87228bab36b4] Fetching meta.conf: 100%    179 B   0.2kB/s    00:01    
[87228bab36b4] Fetching data.pkg: 100%   46 KiB  46.8kB/s    00:01    
Processing entries:   0%
Newer FreeBSD version for package FreeBSD-yp-man:
To ignore this error set IGNORE_OSVERSION=yes
- package: 1402501
- running kernel: 1401502
Ignore the mismatch and continue? [y/N]: y
Processing entries: 100%
FreeBSD-base repository update completed. 525 packages processed.
All repositories are up to date.
New version of pkg detected; it needs to be installed first.
The following 1 package(s) will be affected (of 0 checked):

Installed packages to be UPGRADED:
	pkg: 1.21.3 -> 2.0.6 [FreeBSD]

Number of packages to be upgraded: 1

12 MiB to be downloaded.

Proceed with this action? [y/N]: y
[87228bab36b4] [1/1] Fetching pkg-2.0.6.pkg: 100%   12 MiB  12.5MB/s    00:01    
Checking integrity... done (0 conflicting)
[87228bab36b4] [1/1] Upgrading pkg from 1.21.3 to 2.0.6...
[87228bab36b4] [1/1] Extracting pkg-2.0.6: 100%
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
Updating FreeBSD-base repository catalogue...
FreeBSD-base repository is up to date.
All repositories are up to date.
Checking integrity... done (0 conflicting)
The following 1 package(s) will be affected (of 0 checked):

Installed packages to be REINSTALLED:
	pkg-2.0.6 [FreeBSD]

Number of packages to be reinstalled: 1

Proceed with this action? [y/N]: y
[87228bab36b4] [1/1] Reinstalling pkg-2.0.6...
[87228bab36b4] [1/1] Extracting pkg-2.0.6: 100%

# pkg install editors/vim
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
Updating FreeBSD-base repository catalogue...
FreeBSD-base repository is up to date.
All repositories are up to date.
The following 109 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	FreeBSD-devmatch: 14.snap20250222025446 [FreeBSD-base]
	adwaita-icon-theme: 42.0 [FreeBSD]
	at-spi2-core: 2.54.1 [FreeBSD]
	avahi-app: 0.8_2 [FreeBSD]
	brotli: 1.1.0,1 [FreeBSD]
	cairo: 1.18.2,3 [FreeBSD]
	colord: 1.4.7_2 [FreeBSD]
	cups: 2.4.11 [FreeBSD]
	dbus: 1.14.10_5,1 [FreeBSD]
	dbus-glib: 0.112_1 [FreeBSD]
	desktop-file-utils: 0.28 [FreeBSD]
	duktape-lib: 2.7.0 [FreeBSD]
	expat: 2.6.4 [FreeBSD]
	fontconfig: 2.15.0_3,1 [FreeBSD]
	freetype2: 2.13.3 [FreeBSD]
	fribidi: 1.0.16 [FreeBSD]
	gdbm: 1.24 [FreeBSD]
	gdk-pixbuf2: 2.42.10_3 [FreeBSD]
	gettext-runtime: 0.23.1 [FreeBSD]
	glib: 2.80.5_1,2 [FreeBSD]
	gmp: 6.3.0 [FreeBSD]
	gnome_subr: 1.0 [FreeBSD]
	gnutls: 3.8.9 [FreeBSD]
	gobject-introspection: 1.78.1_2,1 [FreeBSD]
	graphite2: 1.3.14 [FreeBSD]
	gsettings-desktop-schemas: 42.0 [FreeBSD]
	gtk-update-icon-cache: 3.24.31_1 [FreeBSD]
	gtk2: 2.24.33_1 [FreeBSD]
	gtk3: 3.24.43 [FreeBSD]
	harfbuzz: 10.2.0 [FreeBSD]
	hicolor-icon-theme: 0.18 [FreeBSD]
	hwdata: 0.392,1 [FreeBSD]
	indexinfo: 0.3.1 [FreeBSD]
	jbigkit: 2.1_3 [FreeBSD]
	jpeg-turbo: 3.1.0 [FreeBSD]
	json-glib: 1.10.6 [FreeBSD]
	lcms2: 2.17 [FreeBSD]
	lerc: 4.0.0 [FreeBSD]
	libICE: 1.1.1,1 [FreeBSD]
	libSM: 1.2.4,1 [FreeBSD]
	libX11: 1.8.9,1 [FreeBSD]
	libXau: 1.0.11 [FreeBSD]
	libXaw: 1.0.16,2 [FreeBSD]
	libXcomposite: 0.4.6_1,1 [FreeBSD]
	libXcursor: 1.2.2 [FreeBSD]
	libXdamage: 1.1.6 [FreeBSD]
	libXdmcp: 1.1.5 [FreeBSD]
	libXext: 1.3.6,1 [FreeBSD]
	libXfixes: 6.0.1 [FreeBSD]
	libXft: 2.3.8 [FreeBSD]
	libXi: 1.8.1,1 [FreeBSD]
	libXinerama: 1.1.5,1 [FreeBSD]
	libXmu: 1.1.4,1 [FreeBSD]
	libXpm: 3.5.17_1 [FreeBSD]
	libXrandr: 1.5.4 [FreeBSD]
	libXrender: 0.9.11 [FreeBSD]
	libXt: 1.3.0,1 [FreeBSD]
	libXtst: 1.2.4 [FreeBSD]
	libdaemon: 0.14_1 [FreeBSD]
	libdatrie: 0.2.13_2 [FreeBSD]
	libdeflate: 1.22 [FreeBSD]
	libedit: 3.1.20240808,1 [FreeBSD]
	libepoll-shim: 0.0.20240608 [FreeBSD]
	libepoxy: 1.5.10 [FreeBSD]
	libevent: 2.1.12 [FreeBSD]
	libffi: 3.4.6 [FreeBSD]
	libglvnd: 1.7.0 [FreeBSD]
	libgudev: 237 [FreeBSD]
	libgusb: 0.4.9_1 [FreeBSD]
	libiconv: 1.17_1 [FreeBSD]
	libidn2: 2.3.7 [FreeBSD]
	liblz4: 1.10.0,1 [FreeBSD]
	libpaper: 1.1.28_1 [FreeBSD]
	librsvg2-rust: 2.58.5_4 [FreeBSD]
	libtasn1: 4.20.0_1 [FreeBSD]
	libthai: 0.1.29_1 [FreeBSD]
	libudev-devd: 0.6.0 [FreeBSD]
	libunistring: 1.3 [FreeBSD]
	libxcb: 1.17.0 [FreeBSD]
	libxkbcommon: 1.7.0_1 [FreeBSD]
	libxml2: 2.11.9 [FreeBSD]
	lzo2: 2.10_1 [FreeBSD]
	mpdecimal: 4.0.0 [FreeBSD]
	nettle: 3.10.1 [FreeBSD]
	open-motif: 2.3.8_8 [FreeBSD]
	p11-kit: 0.25.5 [FreeBSD]
	pango: 1.56.1 [FreeBSD]
	pcre2: 10.45 [FreeBSD]
	pixman: 0.44.2 [FreeBSD]
	png: 1.6.45 [FreeBSD]
	polkit: 125 [FreeBSD]
	py311-packaging: 24.2 [FreeBSD]
	python311: 3.11.11 [FreeBSD]
	readline: 8.2.13_2 [FreeBSD]
	shared-mime-info: 2.4_1 [FreeBSD]
	sqlite3: 3.46.1_1,1 [FreeBSD]
	tiff: 4.7.0 [FreeBSD]
	vim: 9.1.1117 [FreeBSD]
	vim-gtk2: 9.1.1117 [FreeBSD]
	vim-gtk3: 9.1.1117 [FreeBSD]
	vim-motif: 9.1.1117 [FreeBSD]
	vim-tiny: 9.1.1117 [FreeBSD]
	vim-x11: 9.1.1117 [FreeBSD]
	wayland: 1.23.1 [FreeBSD]
	xbitmaps: 1.1.2 [FreeBSD]
	xkeyboard-config: 2.41_4 [FreeBSD]
	xorgproto: 2024.1 [FreeBSD]
	xxd: 9.1.1117 [FreeBSD]
	zstd: 1.5.6 [FreeBSD]

Number of packages to be installed: 109

The process will require 812 MiB more space.
150 MiB to be downloaded.

Proceed with this action? [y/N]: 
-- snip --

87228bab36b4] [1/2] Fetching FreeBSD-runtime-14.snap20250222025446.pkg: 100%    2 MiB   2.6MB/s    00:01    
[87228bab36b4] [2/2] Fetching FreeBSD-clibs-14.snap20250222025446.pkg: 100%    2 MiB   1.6MB/s    00:01    
Checking integrity... done (0 conflicting)
[87228bab36b4] [1/106] Upgrading FreeBSD-clibs from 14.snap20240925214047 to 14.snap20250222025446...
[87228bab36b4] [1/106] Extracting FreeBSD-clibs-14.snap20250222025446: 100%
[87228bab36b4] [2/106] Installing FreeBSD-devmatch-14.snap20250222025446...
[87228bab36b4] [2/106] Extracting FreeBSD-devmatch-14.snap20250222025446: 100%
[87228bab36b4] [3/106] Upgrading FreeBSD-runtime from 14.snap20240925214047 to 14.snap20250222025446...
[87228bab36b4] [3/106] Extracting FreeBSD-runtime-14.snap20250222025446: 100%
pkg: Fail to rename /etc/.pkgtemp.hosts.RV8xIkCu9D1e -> /etc/hosts:Cross-device link

• 結論： 普通のOSコンテナのようには出来てないため、コンテナ内からpkgで追加するのは難しいようです・・・

---

今日のところはココまで

• すでに podman-compose も port されてるので、近いうち postgresql-server が動くくらいのイメージを作れるところまで試します・・・