Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding supported quadlet vars mappings #667

Merged
merged 2 commits into from
Nov 27, 2024
Merged

Adding supported quadlet vars mappings #667

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0294700
Adding supported quadlet vars mappings
Yarboa Nov 26, 2024
dadca76
Merge branch 'main' into move-extra-params-quad
dougsland Nov 27, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
39 changes: 39 additions & 0 deletions docs/devel/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
- [Copying files to QM partition](#copying-files-to-qm-partition)
- [Listing QM service](#listing-qm-service)
- [List QM container via podman](#list-qm-container-via-podman)
- [Extend QM quadlet managed by podman](#extend-qm-quadlet-managed-by-podman)
- [Connecting to QM container via podman](#connecting-to-qm-container-via-podman)
- [SSH guest CentOS Automotive Stream Distro](#ssh-guest-centos-automotive-stream-distro)
- [Check if HOST and Container are using different network namespace](#check-if-host-and-container-are-using-different-network-namespace)
Expand Down Expand Up @@ -179,6 +180,44 @@ CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS
a83253ae278d /sbin/init 38 seconds ago Up 38 seconds qm
```

### Extend QM quadlet managed by podman

QM quadlet file is shipped through rpm, refer the following file.
qm.container which is installed to /usr/share/containers/systemd/qm.container
Please refer `man quadlet` for the supported value and how to.

In case a change needed in quadlet file, do not update systemd/qm.container file
As per `man quadlet` do the following:

```console
if ! test -e /etc/containers/systemd/qm.container.d ; then
mkdir -p /etc/containers/systemd/qm.container.d
fi
cat > "/etc/containers/systemd/qm.container.d/expose-dev.conf" <<EOF
[Container]
# Expose host device /dev/net/tun
AddDevice=-/dev/net/tun
# In case parameter override needed, add empty value before the required key
Unmask=
Unmask=ALL
EOF
```

To verify the result use the following command:

```console
/usr/lib/systemd/system-generators/podman-system-generator --dryrun
```

Once the result is satisfied, apply the following

```console
systemctl daemon-reload
systemctl restart qm
systemctl is-active qm
active
```

### Connecting to QM container via podman

```console
Expand Down
5 changes: 4 additions & 1 deletion qm.container
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,10 @@ TasksMax=50%

[Container]
AddCapability=all
Unmask=ALL
SecurityLabelNested=true
SeccompProfile=/usr/share/qm/seccomp.json
PidsLimit=-1

# Comment DropCapability this will allow FFI Tools to surpass their defaults.
DropCapability=sys_resource
Expand All @@ -45,7 +49,6 @@ AddDevice=-/dev/fuse
ContainerName=qm
Exec=/sbin/init
Network=private
PodmanArgs=--pids-limit=-1 --security-opt seccomp=/usr/share/qm/seccomp.json --security-opt label=nested --security-opt unmask=all
ReadOnly=true
Rootfs=${ROOTFS}

Expand Down
Loading