Installing OASIS with podman

MarDiehl · May 21, 2025, 12:02pm

I’m trying to install the Nomad Oasis with podman and podman-compose on a shared system where I don’t have root privileges.
I get permission errors of the type PermissionError: [Errno 13] Permission denied: '.volumes/fs/public' even though I’ve adjusted the user mapping and made .volumes accessible (read+write_ to everyone.

Did anyone succeeded with that?

In any case, I would suggest to use fully qualified names in images in ops/docker-compose/nomad-oasis/docker-compose.yaml · 2187-improved-serialization-of-config · nomad-lab / nomad-FAIR · GitLab.
That would mean to change the following (sorry, I cannot upload a file as a new user).

diff docker-compose.original.yaml docker-compose.new.yaml

5c5
<     image: rabbitmq:4
---
>     image: docker.io/rabbitmq:4
24c24
<     image: elasticsearch:7.17.24
---
>     image: docker.elastic.co/elasticsearch:7.17.24
41c41
<     image: mongo:5
---
>     image: docker.io/mongo:5
144c144
<     image: nginx:stable-alpine
---
>     image: docker.io/nginx:stable-alpin

laurih · May 22, 2025, 5:55am

Hi MarDiehl!

From the looks of it it does certainly look like an issue with the folder permissions. Note that you will also need to give execution permission to folders: this makes sure you can enter the folder and access files inside it.

Also I would encourage you to use our distribution template, as recommended by our most recent documentation on setting up an Oasis: the link you provided leads to an old configuration file that we probably should remove altogether.

Is there a certain benefit for using the fully qualified names for the images?

MarDiehl · May 22, 2025, 7:52am

many thanks.

I’ve followed the instructions from Install an Oasis - Documentation and downloaded the zipped template. I was not aware that the code is on GitHub and therefore searched for a Nomad repository.

It is indeed a permission error. The advantage of podman over Docker is that it can run rootless, which is beneficial for shared environments. But not having root permission also means that I can’t change the owner to arbitrary users, but step 3 requires that. As far as I see, the reason is that 1000 is hardcoded in the Dockerfile. I believe that user remapping is somehow possible and solves the issue. In docker-compose.yaml there is the user key for north which I’ve adjusted to my user and group ID. Maybe similar things are needed for the other images.

For someone knowledgeable with containers/Docker/podman this is probably easy to solve. But for me the interaction between user IDs in Dockerfile and docker-compose.yaml is not really clear at the moment

laurih · May 22, 2025, 9:12am

In that documentation you linked, the zipped template is indeed just downloaded from the nomad-distro-template repo, so this is fine.

As for podman: unfortunately we do not have any experience with it and cannot really help much there… Some users in our Discord server might have more experience.

MarDiehl · May 22, 2025, 10:35am

thanks.

In the meantime, I will try out different to understand how permissions are currently handled. For that, I have several questions to the Dockerfile:

Is there a reason to have UID as an ARG for two images, but hardcode 1000 later on?
What is NB_UID? It’s for jovyan}

Finally, should this be discussed here or on GitHub?

laurih · May 22, 2025, 10:49am

You could write your last questions as an issue in GitHub: GitHub · Where software is built

This way we can involve the right people in the discussion more easily.