发布于 4年前

CentOS8 安装和使用podman

使用rootless用户pull ubuntu镜像,竟然报这种错误。
发现错误:

[javadm@instance-2 ~]$ docker pull ubuntu
ERRO[0000] cannot find mappings for user javadm: No subuid ranges found for user "javadm" in /etc/subuid
ERRO[0000] cannot find mappings for user javadm: No subuid ranges found for user "javadm" in /etc/subuid
Trying to pull registry.access.redhat.com/ubuntu...
  name unknown: Repo not found
Trying to pull registry.fedoraproject.org/ubuntu...
  manifest unknown: manifest unknown
Trying to pull registry.centos.org/ubuntu...
  manifest unknown: manifest unknown
Trying to pull docker.io/library/ubuntu...
Getting image source signatures
Copying blob 6154df8ff988 done
Copying blob d51af753c3d3 done
Copying blob fee5db0ff82f done
Copying blob fc878cd0a91c done
Copying config 1d622ef86b done
Writing manifest to image destination
Storing signatures
  Error processing tar file(exit status 1): there might not be enough IDs available in the namespace (requested 0:42 for /etc/gshadow): lchown /etc/gshadow: invalid argument
Error: error pulling image "ubuntu": unable to pull ubuntu: 4 errors occurred:
        * Error initializing source docker://registry.access.redhat.com/ubuntu:latest: Error reading manifest latest in registry.access.redhat.com/ubuntu: name unknown: Repo not found
        * Error initializing source docker://registry.fedoraproject.org/ubuntu:latest: Error reading manifest latest in registry.fedoraproject.org/ubuntu: manifest unknown: manifest unknown
        * Error initializing source docker://registry.centos.org/ubuntu:latest: Error reading manifest latest in registry.centos.org/ubuntu: manifest unknown: manifest unknown
        * Error committing the finished image: error adding layer with blob "sha256:d51af753c3d3a984351448ec0f85ddafc580680fd6dfce9f4b09fdb367ee1e3e": Error processing tar file(exit status 1): there might not be enough IDs available in the namespace (requested 0:42 for /etc/gshadow): lchown /etc/gshadow: invalid argument

如何解决:
1./etc/subuid和/etc/subgid 增加子用户映射

[root@instance-2 ~]# echo javadm:200000:300006666 >> /etc/subuid
[root@instance-2 ~]# echo javadm:300000:400006666 >> /etc/subgid
[root@instance-2 ~]# cat /etc/subuid
robin:100000:65536
javadm:200000:300006666
[root@instance-2 ~]# cat /etc/subgid
robin:100000:65536
javadm:300000:400006666

验证发现还报错:

[root@instance-2 ~]# su - javadm
Last login: Fri Apr 24 13:15:11 UTC 2020 on pts/0
[javadm@instance-2 ~]$ docker pull ubuntu
Trying to pull registry.access.redhat.com/ubuntu...
  name unknown: Repo not found
Trying to pull registry.fedoraproject.org/ubuntu...
  manifest unknown: manifest unknown
Trying to pull registry.centos.org/ubuntu...
  manifest unknown: manifest unknown
Trying to pull docker.io/library/ubuntu...
Getting image source signatures
Copying blob fee5db0ff82f done
Copying blob fc878cd0a91c done
Copying blob 6154df8ff988 done
Copying blob d51af753c3d3 done
Copying config 1d622ef86b done
Writing manifest to image destination
Storing signatures
  Error processing tar file(exit status 1): there might not be enough IDs available in the namespace (requested 0:42 for /etc/gshadow): lchown /etc/gshadow: invalid argument
Error: error pulling image "ubuntu": unable to pull ubuntu: 4 errors occurred:
        * Error initializing source docker://registry.access.redhat.com/ubuntu:latest: Error reading manifest latest in registry.access.redhat.com/ubuntu: name unknown: Repo not found
        * Error initializing source docker://registry.fedoraproject.org/ubuntu:latest: Error reading manifest latest in registry.fedoraproject.org/ubuntu: manifest unknown: manifest unknown
        * Error initializing source docker://registry.centos.org/ubuntu:latest: Error reading manifest latest in registry.centos.org/ubuntu: manifest unknown: manifest unknown
        * Error committing the finished image: error adding layer with blob "sha256:d51af753c3d3a984351448ec0f85ddafc580680fd6dfce9f4b09fdb367ee1e3e": Error processing tar file(exit status 1): there might not be enough IDs available in the namespace (requested 0:42 for /etc/gshadow): lchown /etc/gshadow: invalid argument

2.再次修改

[javadm@instance-2 ~]$ cat /etc/subuid
robin:100000:65536
javadm:200000:300006666

[javadm@instance-2 ~]$ cat /etc/subgid
robin:100000:65536
javadm:400000000:400006666

错误依旧:

[javadm@instance-2 ~]$ docker pull ubuntu
Trying to pull registry.access.redhat.com/ubuntu...
  name unknown: Repo not found
Trying to pull registry.fedoraproject.org/ubuntu...
  manifest unknown: manifest unknown
Trying to pull registry.centos.org/ubuntu...
  manifest unknown: manifest unknown
Trying to pull docker.io/library/ubuntu...
Getting image source signatures
Copying blob 6154df8ff988 done
Copying blob fc878cd0a91c done
Copying blob fee5db0ff82f done
Copying blob d51af753c3d3 done
Copying config 1d622ef86b done
Writing manifest to image destination
Storing signatures
  Error processing tar file(exit status 1): there might not be enough IDs available in the namespace (requested 0:42 for /etc/gshadow): lchown /etc/gshadow: invalid argument
Error: error pulling image "ubuntu": unable to pull ubuntu: 4 errors occurred:
        * Error initializing source docker://registry.access.redhat.com/ubuntu:latest: Error reading manifest latest in registry.access.redhat.com/ubuntu: name unknown: Repo not found
        * Error initializing source docker://registry.fedoraproject.org/ubuntu:latest: Error reading manifest latest in registry.fedoraproject.org/ubuntu: manifest unknown: manifest unknown
        * Error initializing source docker://registry.centos.org/ubuntu:latest: Error reading manifest latest in registry.centos.org/ubuntu: manifest unknown: manifest unknown
        * Error committing the finished image: error adding layer with blob "sha256:d51af753c3d3a984351448ec0f85ddafc580680fd6dfce9f4b09fdb367ee1e3e": Error processing tar file(exit status 1): there might not be enough IDs available in the namespace (requested 0:42 for /etc/gshadow): lchown /etc/gshadow: invalid argument

3.再想办法。

  121  cd /etc/sysctl.d/
  122  ll
  123  touch podman.conf
  124  echo user.max_user_namespaces = 900000000 >>podman.conf
  125  cat podman.conf
  126  reboot

错误依旧:

[javadm@instance-2 ~]$ docker pull ubuntu
Trying to pull registry.access.redhat.com/ubuntu...
  name unknown: Repo not found
Trying to pull registry.fedoraproject.org/ubuntu...
  manifest unknown: manifest unknown
Trying to pull registry.centos.org/ubuntu...
  manifest unknown: manifest unknown
Trying to pull docker.io/library/ubuntu...
Getting image source signatures
Copying blob fee5db0ff82f done
Copying blob fc878cd0a91c done
Copying blob d51af753c3d3 done
Copying blob 6154df8ff988 done
Copying config 1d622ef86b done
Writing manifest to image destination
Storing signatures
  Error processing tar file(exit status 1): there might not be enough IDs available in the namespace (requested 0:42 for /etc/gshadow): lchown /etc/gshadow: invalid argument
Error: error pulling image "ubuntu": unable to pull ubuntu: 4 errors occurred:
        * Error initializing source docker://registry.access.redhat.com/ubuntu:latest: Error reading manifest latest in registry.access.redhat.com/ubuntu: name unknown: Repo not found
        * Error initializing source docker://registry.fedoraproject.org/ubuntu:latest: Error reading manifest latest in registry.fedoraproject.org/ubuntu: manifest unknown: manifest unknown
        * Error initializing source docker://registry.centos.org/ubuntu:latest: Error reading manifest latest in registry.centos.org/ubuntu: manifest unknown: manifest unknown
        * Error committing the finished image: error adding layer with blob "sha256:d51af753c3d3a984351448ec0f85ddafc580680fd6dfce9f4b09fdb367ee1e3e": Error processing tar file(exit status 1): there might not be enough IDs available in the namespace (requested 0:42 for /etc/gshadow): lchown /etc/gshadow: invalid argument

4.再想办法。

[javadm@instance-2 ~]$ getcap /usr/bin/newuidmap
/usr/bin/newuidmap = cap_setuid+ep
podman system migrate

5.再想办法。

[root@instance-2 ~]# setenforce 0
[root@instance-2 ~]# su - javadm
Last login: Fri Apr 24 14:21:15 UTC 2020 on pts/0
[javadm@instance-2 ~]$ getenforce
Permissive

6.回退


[javadm@instance-2 ~]$ cat /etc/subuid
robin:100000:65536
javadm:200000:300006666
[javadm@instance-2 ~]$ cat /etc/subgid
robin:100000:65536
javadm:400000000:400006666
[javadm@instance-2 ~]$

7.做一些更改,最重要的!

echo user.max_user_namespaces=900000000  >> /etc/sysctl.d/userns.conf

**[javadm@instance-2 ~]$ cat /etc/subuid
robin:100000:65536
javadm:165536:65536
[javadm@instance-2 ~]$ cat /etc/subgid
robin:100000:65536
javadm:165536:65536**
[javadm@instance-2 ~]$

podman system migrate

[javadm@instance-2 ~]$ docker pull ubuntu
Trying to pull registry.access.redhat.com/ubuntu...
  name unknown: Repo not found
Trying to pull registry.fedoraproject.org/ubuntu...
  manifest unknown: manifest unknown
Trying to pull registry.centos.org/ubuntu...
  manifest unknown: manifest unknown
Trying to pull docker.io/library/ubuntu...
Getting image source signatures
Copying blob 6154df8ff988 done
Copying blob d51af753c3d3 done
Copying blob fc878cd0a91c done
Copying blob fee5db0ff82f done
Copying config 1d622ef86b done
Writing manifest to image destination
Storing signatures
1d622ef86b138c7e96d4f797bf5e4baca3249f030c575b9337638594f2b63f01
[javadm@instance-2 ~]$

FAQ:

[javadm@instance-2 proc]$ podman image list
ERRO[0000] open /proc/2364/ns/user: no such file or directory
[javadm@instance-2 proc]$ cd /tmp/
[javadm@instance-2 tmp]$ docker image list
ERRO[0000] open /proc/2364/ns/user: no such file or directory
[javadm@instance-2 tmp]$ history

podman system migrate
CentOS8 podman
上一篇: 基于Centos7.6和Hadoop3.13环境下安装Hive3.12 下一篇: JS字符串操作方法扩展string-extension.js

相关文章

纯净的上网主页

热门推荐

©2020 edoou.com   京ICP备16001874号-3