podman-desktop icon indicating copy to clipboard operation
podman-desktop copied to clipboard

Published 20 hours ago verified publisher icon containers

Support air-gapped environment

Open bwgjoseph opened this issue 2 years ago • 2 comments

Is your feature request related to a problem? Please describe

Does not support installation on air-gapped environment and non WSL Windows setup. See https://github.com/containers/podman-desktop/discussions/180

Describe the solution you'd like

  • [ ] To allow for installation in air-gapped environment
  • [ ] To optionally support non WSL Windows (Hyper-V setup)

Describe alternatives you've considered

No response

Additional context

No response

bwgjoseph avatar Jun 09 '22 11:06 bwgjoseph

To optionally support non WSL Windows (Hyper-V setup)

The Hyper-V installation flow is performed using crc. This installs a VM prepared for podman and has the same settings, but also has a userspace networking stack that can work with route-all VPNs.

gbraad avatar Jul 21 '22 05:07 gbraad

This is not clearly specified, but believe this is a Windows specific issue? This partially applies to macOS too.

To allow for installation in air-gapped environment

On Windows with the introduction of https://github.com/containers/podman/commit/0f53abd093d171fe134fb5aa00f1679f0efed370 the issue https://github.com/containers/podman/issues/14698 has been resolved. Images are downloaded from: https://github.com/containers/podman-wsl-fedora. The init flow automatically determines the latest version. But they can be embedded in an installer or manually provided and used as podman machine init --image-path [rootfs.tar.xz]

gbraad avatar Jul 21 '22 05:07 gbraad

@gbraad Can they optionally be embedded in the installer than along with the podman CLI to support this issue? Or at least docs on the method users should do.

braunsonm avatar Nov 09 '22 23:11 braunsonm

For non-Windows platforms this is more problematic as the installation flow expects to run an ignition installation description, which pulls packages from the internet. To optimize this we can use a similar way by using prepped images. The Podman team prefers to be flexible as the ignition file allows more customization. I think we can have both; a generic image deployment (which will always succeed and result in the same setup) and the ignition flow as an advanced usecase. Note; prepping images is also an involved; automation is possible as we have seen with WSL. I remember running tests to even convert the WSL images to bootable ones, though this is not the approach we wanna take; too involved. Best to run ignition on a pipeline and package an image.

I understand that the ignition file does not pull packages anymore, but instead only removes a specific package. So the deployment on non-Windows should also be possible in an air-gapped setup.

gbraad avatar Nov 29 '22 13:11 gbraad

@braunsonm Will put this discussion on the agenda again. A fallback image for an airgapped/network failure might be an option.

gbraad avatar Nov 29 '22 13:11 gbraad

@braunsonm for docs, a possible FAQ or doc entry would be possible. The steps are something along the lines of:

  1. download a rootfs.tar.xz from a release at https://github.com/containers/podman-wsl-fedora/releases/
  2. run podman machine init --image-path pointing to this image

Ref: https://github.com/containers/podman/issues/16670

gbraad avatar Nov 29 '22 13:11 gbraad

AI: break down into sub-tasks. It will be possible to include the VM image (for podman-machine) as part of the binaries for Windows and Mac and automatically configure podman+podman desktop to use that image. So it will be an all-in-one air gapped package.

slemeur avatar Nov 30 '22 15:11 slemeur

thanks for working on this feature.

May I know if there's a user doc on how to do it on user end? i.e caching the binaries and installing it on airgap machine?

I don't see it listed anywhere in https://podman-desktop.io/docs/Installation/windows-install

bwgjoseph avatar Jan 11 '23 12:01 bwgjoseph

hello @bwgjoseph the binaries will only produced for the "releases" and not for the "pre-releases"

You can build the binaries on your own for now to try it out

Follow all pre-requisites to build Podman Desktop and call:

AIRGAP_DOWNLOAD=1 yarn compile:current

on Windows or macOS to have .exe or dmg airgapped files.

benoitf avatar Jan 11 '23 13:01 benoitf

Hi @benoitf,

What do you mean by "releases" and not "pre-releases"?

I just cloned and followed the instruction to build, and this is what is in the dist directory

image

Do I bring everything to airgap machine to install podman-desktop? Or can I just bring podman-desktop-airgap-0.11.0-next-setup.exe? And what's the difference between this and podman-desktop-airgap-0.11.0-next.exe?

Thanks!

bwgjoseph avatar Jan 12 '23 17:01 bwgjoseph

@bwgjoseph

pre-releases = push to github releases new artifacts on each commits to the main branch

releases = only when we create a tag

You've everything you need with these Windows assemblies.

-next.exe = self-contained unpacked executable. On each start it's unpacking content and then run from a temporary directory -next-setup.exe = installer. You install it once and then you run Podman Desktop from Program Files

benoitf avatar Jan 12 '23 17:01 benoitf

ah, thanks! To further clarify, you mentioned that it produces "release", but the filename shows ~next which sounds more like a "pre-release" executable/installer.

Anyhow, I will test it on airgap machine soon, and see if it has any issue installing and running it. Will report back once I am done tested it

bwgjoseph avatar Jan 12 '23 17:01 bwgjoseph

I have tested installing on an air-gapped machine and the installation is looking good! I just realize that the installer is also provided as part of the release binaries.

Thanks!

bwgjoseph avatar Feb 18 '23 05:02 bwgjoseph