#Dagger on WSL2 but with custom CA certificates

1 messages · Page 1 of 1 (latest)

lilac citrus
#

Probably a more difficult setup, because in a corporate environment I tried to run dagger in a WSL2 setup using Podman and behind an SSL inspecting firewall, which necessitates custom TLS certificates. I followed the documentation on custom root certs, however I builded my own container image from dagger's as base image and adding the certs in the documented path. The container starts up properly using the commands from the docs. When running the dagger command from inside another WSL2 distro (Ubuntu) it connects to the dagger services but that get's killed and is replace by the original dagger container (hence without the necessary certs).

What should be the proper way to work around this?

native zinc
#

hey there @lilac citrus
Just to clarify something.
Did you set the env var _EXPERIMENTAL_DAGGER_RUNNER_HOST as explained here in the Docs ?

Custom Runner | Dagger

Learn how to set up and configure a custom Dagger runner for executing workflows in your environment.

lilac citrus
#

I did not! I'll try that first ... thanks!
I see it even supports podman, so should be helpful already ...

native zinc
#

let me know if you managed to solve the issue 🙂

zinc cape
lilac citrus
#

Just tried to see if I can get this working according to the docs referenced above ... I get the following error:

> dagger call build
✘ connect 0.0s ERROR
! start engine: no driver for scheme "podman-container" found
Error: start engine: no driver for scheme "podman-container" found
#

Docs don't explain how to "install drivers"?

zinc cape
#

since the podman and docker API are the same, Dagger will just work

#

so in summary, what you need to do is set _EXPERIMENTAL_DAGGER_RUNNER_HOST=docker-image://$image_name and that should be it

lilac citrus
#

OK was able to get 1 step further:

  • I installed docker-remote inside my wsl distro and hooked it to my podman setup via the unix socket
  • started my custom engine dagger-engine-ca via podman run --rm -v ...
  • configured the experimental env var to use docker-container://dagger-engine-ca
  • now dagger call build runs without errors, however fails on module requires dagger v0.18.17, but you have v0.18.16

It does seem CLI and engine can get in touch now ...

#

I just rebuild my image using 0.18.17 as my base image, but that still results in that same error of version incompat ... will have to look into this a bit more

#

Thanks already for pointing me in the right direction!

#muchappreciated

zinc cape
lilac citrus
lilac citrus
zinc cape
#

otherwise it'll get started again

zinc cape
lilac citrus
#

I'll do a look up for the docs later and provide you the info ... have to head out for now ... Later!

zinc cape
lilac citrus
#

Sorry ... I made a mistake above regarding how to combine docker and podman in a Windows+WSL2 setup ... it is not about docker-remote but podman-remote!

Here is how it is set up:

  • You install podman on the windows side, such that podman machine init drops a new podman machine in WSL as a distribution
  • For easy configuration of docker and podman cohabitation, install Podman desktop and enable the System socket; this will also inject the socket in compatible Linux distributions on WSL, a.o. all the Ubuntu flavors
  • in your favourite Linux distribution in WSL, e.g. Ubuntu,
    • you install podman-remote so that you can easily work with your containers from your Linux environment
    • you install apt install docker-ce-cli to only have the docker command available, not the engine
    • you can set DOCKER_HOST to point to the Podman socket, or alternatively create a docker context

From here on, you can just use any docker clients, like the docker CLI, but also VSCode, to just talk to Podman as if it was the docker engine. Compatibility is much better guaranteed.

Managing Docker compatibility | Podman Desktop

Covers configurations available to manage docker compatibility

lilac citrus
#

FYI dagger setup is working now