#use podman instead of docker

Hi,
I'm trying the get started from the website https://docs.dagger.io/sdk/go/959738/get-started but it's only working with Docker.
Can someone help me to setup dagger in order to use podman instead of Docker?

👋 @exotic hare Here's something to get you started!
https://gist.github.com/jpadams/789b259cb0cf7d2a166dc4f2fa588cc5

Thanks to @zealous locust for the tips!

Podman is working great for me 🙂

$ podman ps                                                           git:main
CONTAINER ID  IMAGE                             COMMAND     CREATED       STATUS       PORTS       NAMES
000dfc73577c  registry.dagger.io/engine:v0.5.0  --debug     47 hours ago  Up 47 hours              dagger

We'll look to get this into the official docs
cc @river summit

Interesting. Have many users asked for this @dreamy quest ?

Several, @river summit. It's really part of a larger pattern mentioned previously

So would be great to show how do this, which is pretty simple really, and give a couple of examples: perhaps podman, and nerdctl, for example.

I'm happy to help with this!

another relevant thread: https://discord.com/channels/707636530424053791/1073859480560865360

it has been discussed multiple times already. Since it seems quite some users are using podman, it might be useful to add into the docs. cc @river summit

Yup, I'll create an issue and add a guide for this

https://github.com/dagger/dagger/issues/5017

nice!

Shouldn’t it work out of the box with podman aliased to docker? i remember we had that problem and fixed it

Doesn't work for me via simple alias since I think we assume docker unless you are using _EXPERIMENTAL_DAGGER_RUNNER_HOST with one of these: https://github.com/dagger/dagger/blob/main/core/docs/d7yxc-operator_manual.md?plain=1#L148-L149 perhaps.

This example is for folks without Docker, but with Podman.

Here's what I get after stopping Docker Desktop and with Podman working.

First let's show that Podman works. I'm running the Dagger Engine in Podman using my Gist above.

export _EXPERIMENTAL_DAGGER_RUNNER_HOST=podman-container://dagger
go run main.go

success 🎉

Turn off any Podman stuff that I'd prepared, but leave Podman running and ready:

unset _EXPERIMENTAL_DAGGER_RUNNER_HOST
$ podman ps
CONTAINER ID  IMAGE                             COMMAND     CREATED     STATUS      PORTS       NAMES
c7a2651ed68d  registry.dagger.io/engine:v0.5.0  --debug     2 days ago  Up 2 days               dagger
$ podman rm -f c7a2651ed68d
c7a2651ed68d
$ podman ps
CONTAINER ID  IMAGE       COMMAND     CREATED     STATUS      PORTS       NAMES

$ alias docker=podman
$ which docker
docker: aliased to podman
$ go run main.go
failed to list containers: exit status 1
Error: failed to run container: docker: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?.
See 'docker run --help'.
: exit status 125
panic: EOF: failed to list containers: exit status 1
Error: failed to run container: docker: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?.
See 'docker run --help'.
: exit status 125

Please visit https://dagger.io/help#go for troubleshooting guidance.

goroutine 1 [running]:
main.main()
    /Users/jeremyadams/src/examples/go/db-service/main.go:17 +0x8b0
exit status 2

Perhaps the connection drivers pick up where the Dagger Engine is running based on the "protocol" in the _EXPERIMENTAL_DAGGER_RUNNER_HOST, for example podman-container:// or kube-pod://
and these kick in: https://github.com/dagger/dagger/blob/main/internal/engine/client.go#L16-L17

this seems to still run the real docker CLI. alias only works in the context of the current shell. It’s not inherited by your go run. Instead you want to make sure it’s symlinked (or whatever the podman docs recommend)

yep. You're correct 🙂 It works if I move my docker binary out of the way (PATH precedence wasn't working as I expected, or if I didn't have one in the first place, even easier) and make a symlink:

ln -s `which podman` /Users/jeremyadams/bin/docker

$ docker version
Client:       Podman Engine
Version:      4.5.0
...

@dreamy quest thanks for sharing.
The dagger engine doesn't start correctly with podman, I see this error message:

    /usr/local/go/src/runtime/asm_amd64.s:1598
time="2023-04-25T07:04:30Z" level=info msg="detected mtu 1500 via interface eth0"
time="2023-04-25T07:04:30Z" level=debug msg="setting up engine tracing"
time="2023-04-25T07:04:30Z" level=debug msg="creating engine GRPC server"
time="2023-04-25T07:04:30Z" level=debug msg="creating engine lockfile"
time="2023-04-25T07:04:30Z" level=debug msg="creating engine controller"
time="2023-04-25T07:04:30Z" level=info msg="auto snapshotter: using overlayfs"
time="2023-04-25T07:04:30Z" level=debug msg="creating new network namespace np1vjo9j24ksvsavm0j2a2ezl"
time="2023-04-25T07:04:30Z" level=debug msg="releasing cni network namespace n6lc8dgvhrxpawzq8a8tk55fl"
time="2023-04-25T07:04:30Z" level=debug msg="finished creating network namespace np1vjo9j24ksvsavm0j2a2ezl"
time="2023-04-25T07:04:30Z" level=warning msg="failed to release network namespace \"n6lc8dgvhrxpawzq8a8tk55fl\" left over from previous run: plugin type=\"loopback\" failed (delete): unknown FS magic on \"/var/lib/dagger/net/cni/n6lc8dgvhrxpawzq8a8tk55fl\": ef53"
buildkitd: plugin type="bridge" failed (add): failed to list chains: running [/sbin/iptables -t nat -S --wait]: exit status 3: modprobe: can't change directory to '/lib/modules': No such file or directory
iptables v1.8.8 (legacy): can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

CNI setup error```

I'm running podman on RHEL 8.7

running modprobe iptable_nat on the host solved the issue.

everything seems to work correctly, I can start testing dagger 🥳

@flint arch yes, you helped me with that a while ago, but then noticed that I was getting errors bc of podman not able to mount to the default mnt dir (I am on Fedora Silverblue)

see here
#general message

I recall working on that one together @zealous locust 💪

ohh.. sorry @wraith turtle , yeah.. we were planning a debugging session back then also 😄

👋 closing this. Feel free to re-open if needed 🙏

I have the same problem but I'm not using podman, just regular docker. Indeed enabling the iptable_nat module fixed it. Is it a hard must?

which distro are you using? I'm usurprised Docker doesn't complain about this as well. Maybe it has a fallback for these cases

Centos stream 8 with kernel 4.18

oh right! that's because docker has a fallback client-side proxy to bypass the iptables thing... So yes, for services to work is a hard must currently

Was anyone here using podman-only (no docker binary, only symlink to podman), and if so, did you get dagger engine to run? See the issue I just posted. Thanks!

it should work. Just replied in the thread you linked

yeah, I have been using Podman to run the dagger engine since forever. Could you post the errors?

@zealous locust curious if you've seen something related to this https://github.com/dagger/dagger/issues/8059 and if you're also using wsl2 in your case.

not using wsl2 (Fedora Silverblue) but I am wondering what output you get if you manually run the engine with --debug

script example

#!/bin/bash

set -eoux pipefail
engine_version=${1:-v0.12.3}
dagger_runner="dagger"

usage() {
  echo "Usage: $0 [ -n NAME ] [ -t TIMES ]" 1>&2
  exit 1
}

while getopts ":he:" o; do
  case "${o}" in
  e)
    engine_version=${OPTARG}
    ;;
  :)
    echo "Error: -${OPTARG} requires an argument."
    usage
    ;;
  *)
    usage
    ;;
  esac
done

podman rm -f $dagger_runner || true

podman run \
  --name $dagger_runner \
  --restart always \
  -d \
  --privileged \
  ghcr.io/dagger/engine:"$engine_version" --debug

podman logs -f dagger

then run

_EXPERIMENTAL_DAGGER_RUNNER_HOST=podman-container://dagger dagger init --sdk=$sdk