Monday, 4 October 2021

Podman and Homebrew and Docker - Permission to launch ...

Following my earlier post: -

Podman - my first time

and harking back to an older post: -

Homebrew on macOS - Docker says "No" - well, kinda

I thought I'd update Homebrew: -

brew upgrade

Updating Homebrew...
==> Auto-updated Homebrew!
Updated 2 taps (homebrew/core and homebrew/cask).
==> New Formulae
ca-certificates                            clickhouse-odbc                            cmake-docs                                 texlive
==> Updated Formulae
Updated 187 formulae.
==> New Casks
plistedplus
==> Updated Casks
Updated 116 casks.
==> Upgrading 14 outdated packages:
git-lfs 2.13.3 -> 3.0.1
coreutils 8.32 -> 9.0
podman 3.4.0 -> 3.4.0_1
yq 4.9.6 -> 4.13.3
putty 0.75 -> 0.76
maven 3.8.1 -> 3.8.2
htop 3.0.5 -> 3.1.0
openjdk 16.0.1 -> 17
openssl@1.1 1.1.1l -> 1.1.1l_1
kubernetes-cli 1.21.2 -> 1.22.2
fltk 1.3.6 -> 1.3.7
libzip 1.8.0 -> 1.8.0_1
helm 3.6.1 -> 3.7.0
jpeg-turbo 2.1.0 -> 2.1.1
...
Removing: /Users/hayd/Library/Caches/Homebrew/libidn2_bottle_manifest--2.3.1... (5.2KB)
Removing: /Users/hayd/Library/Caches/Homebrew/guile_bottle_manifest--3.0.7... (6.3KB)
Removing: /Users/hayd/Library/Caches/Homebrew/rust_bottle_manifest--1.51.0... (6.4KB)
Removing: /Users/hayd/Library/Caches/Homebrew/node_bottle_manifest--16.2.0... (9.6KB)
Removing: /Users/hayd/Library/Caches/Homebrew/fltk_bottle_manifest--1.3.6... (4.9KB)
Removing: /Users/hayd/Library/Caches/Homebrew/yq_bottle_manifest--4.9.3... (4.3KB)
Removing: /Users/hayd/Library/Caches/Homebrew/python@3.8_bottle_manifest--3.8.10... (13.7KB)
Removing: /Users/hayd/Library/Caches/Homebrew/node_bottle_manifest--16.1.0... (9KB)
Removing: /Users/hayd/Library/Caches/Homebrew/libtasn1_bottle_manifest--4.17.0... (4.5KB)
Removing: /Users/hayd/Library/Caches/Homebrew/yq_bottle_manifest--4.8.0... (4.3KB)
Removing: /Users/hayd/Library/Caches/Homebrew/gnutls_bottle_manifest--3.6.16... (11KB)
Removing: /Users/hayd/Library/Caches/Homebrew/putty_bottle_manifest--0.75... (4.2KB)
Removing: /Users/hayd/Library/Caches/Homebrew/pyenv_bottle_manifest--1.2.27... (16.0KB)
Removing: /Users/hayd/Library/Caches/Homebrew/kubernetes-cli_bottle_manifest--1.21.1... (4.3KB)
Removing: /Users/hayd/Library/Caches/Homebrew/python@3.9_bottle_manifest--3.9.5... (12.5KB)
Removing: /Users/hayd/Library/Caches/Homebrew/pyenv_bottle_manifest--2.0.0... (16.6KB)
Removing: /Users/hayd/Library/Caches/Homebrew/libssh2_bottle_manifest--1.9.0_1... (5.8KB)
Removing: /Users/hayd/Library/Logs/Homebrew/fdupes... (64B)
Removing: /Users/hayd/Library/Logs/Homebrew/pcre2... (64B)
Error: Permission denied @ apply2files - /usr/local/lib/docker/cli-plugins

The computer said "No".

So we've got some hangover from Docker Desktop, which I'd uninstalled by dragging Docker.app from the Applications folder to the Trashcan.

Thankfully, I remembered the previous incident of this on my 2014 Mac mini.

Knowing that this was permission-related, I checked the offending folder - /usr/local/lib/docker - as follows: -

ls -al /usr/local/lib/docker/

total 0
drwxr-xr-x    3 root  admin    96 15 Sep 17:25 .
drwxrwxr-x  294 hayd  admin  9408  1 Oct 14:52 ..
lrwxr-xr-x    1 root  admin    55 15 Sep 17:25 cli-plugins -> /Applications/Docker.app/Contents/Resources/cli-plugins

and just fixed up the permissions: -

sudo chown -R hayd:admin /usr/local/lib

and then re-ran the Brew upgrade: -

brew upgrade

and now it's happy: -

Bash completion has been installed to:
  /usr/local/etc/bash_completion.d
==> coreutils
Commands also provided by macOS and the commands dir, dircolors, vdir have been installed with the prefix "g".
If you need to use these commands with their normal names, you can add a "gnubin" directory to your PATH with:
  PATH="/usr/local/opt/coreutils/libexec/gnubin:$PATH"

Sadly, despite the supposed upgraded to podman the version still reports as before: -

podman --version

podman version 3.4.0

podman version

Client:
Version:      3.4.0
API Version:  3.4.0
Go Version:   go1.17.1
Built:        Thu Sep 30 19:44:31 2021
OS/Arch:      darwin/amd64

Server:
Version:      3.3.1
API Version:  3.3.1
Go Version:   go1.16.6
Built:        Mon Aug 30 21:46:36 2021
OS/Arch:      linux/amd64

and the initial JSON-related issue persists: -

podman run hello-world

Error: error preparing container c30900631b5e91c564a3c8093dc11ff975bd09b02d156b95f6ef243844548320 for attach: error configuring network namespace for container c30900631b5e91c564a3c8093dc11ff975bd09b02d156b95f6ef243844548320: error adding pod musing_kirch_musing_kirch to CNI network "podman": unexpected end of JSON input

Sigh!!!

6 comments:

Joakim said...

Hey Dave! How did you go about solving this issue? Experiencing the exact same symptoms over here on macOS with Homebrew. I've tried looking through trace-level logs, upgrading podman, setting up a new podman machine, inspected the podman-network, purging my ~/.config/containers.. Bleh!

Dave Hay said...

Hey Joakim

To check, are you referring to the "unexpected end of JSON input" issue ?

If so, I did cover that in another post - Podman - my first time

TL;DR; it's a bug in Podman, which, currently, can be mitigated by publishing a port list, whether/not your container actually exposes ports to the outside world.

For example, whilst podman run hello-world fails with "unexpected end of JSON input", adding a -p 8080:8080 works.

This should get fixed in a future version of Podman Machine, but the circumvention works ( for me, and others ) for now.

Cheers, Dave

Joakim said...

That's the issue I was referring to, yeah! I noticed that I was able to run
several containers with explicit port-mapping, but couldn't for the life of me
figure out why the "hello-world"-image wouldn't work.

Thanks for the explanation! My podman-vm is, like you mentioned, still running
podman 3.3.1, so perhaps when that catches up we'll see more consistent
behavior.

Again, thanks, the blog-posts were really helpful!

Joakim

Dave Hay said...

Thanks for the feedback; let's also keep an eye on https://github.com/containers/podman-machine-cni/pull/3 as that may provide some daylight once we get podman 3.4 in coreOS

Unknown said...

I was also having the permissions issue, after uninstall Docker Desktop. Thanks for this blog post! 👏

Dave Hay said...

Awesome, thanks for letting me know :-)

TIL - read-only variables in Linux

 A co-worker was seeing an exception: -  line 8: TMOUT: readonly variable when trying to SCP a file from a remote Linux box. I did some digg...