What Linux users and packagers need to know about Podman 4.0 on Fedora

New Podman features offer better support for containers and improved performance.
4 readers like this.

 

 

The newly released Podman 4.0 features a complete rewrite of the network stack based on Netavark and Aardvark, which will function alongside the existing Container Networking Interface (CNI) stack.

Netavark is a Rust-based tool for configuring networking for Linux containers that serves as a replacement for CNI plugins (containernetworking-plugins on Fedora). Aardvark-dns is now the authoritative DNS server for container records. Along with the new stack comes distro packaging changes along with repository availability changes for Fedora 35.

For Fedora users

Podman v4 is available as an official Fedora package on Fedora 36 and Rawhide. Both Netavark and Aardvark-dns are available as official Fedora packages on Fedora 35 and newer versions and form the default network stack for new installations of Podman 4.0.

On Fedora 36 and newer, fresh installations of Podman v4 will automatically install Aardvark-dns along with Netavark.

To install Podman v4:

$ sudo dnf install podman

To update Podman from an older version to v4:

$ sudo dnf update podman

Because Podman v4 features some breaking changes from Podman v3, Fedora 35 users cannot install Podman v4 using the default repositories. However, if you're eager to give it a try, you can use a Copr repository instead:

$ sudo dnf copr enable rhcontainerbot/podman4

# install or update per your needs
$ sudo dnf install podman

After installation, if you would like to migrate all your containers to use Netavark, you must set network_backend = "netavark" under the [network] section in your containers.conf, typically located at /usr/share/containers/containers.conf.

Testing the latest development version

If you would like to test the latest unreleased upstream code, try the podman-next Copr:

$ sudo dnf copr enable rhcontainerbot/podman-next

$ sudo dnf install podman

CAUTION: The podman-next Copr provides the latest unreleased sources of Podman, Netavark, and Aardvark-dns as RPM Package Managers (RPMs). These will override the versions supplied by the official packages.

For Fedora packagers

The Fedora packaging sources for Podman are available in Fedora's repository for package maintenance. The main Podman package no longer explicitly depends on containernetworking-plugins. The network stack dependencies are now handled in the containers-common package, which allows for a single point of dependency maintenance for Podman and Buildah.

- containers-common
Requires: container-network-stack
Recommends: netavark

- netavark
Provides: container-network-stack = 2

- containernetworking-plugins
Provides: container-network-stack = 1

This configuration ensures that:

  • New installations of Podman will always install Netavark by default.
  • The containernetworking-plugins package will not conflict with Netavark, and users can install them together.

Listing bundled dependencies

If you need to list the bundled dependencies in your packaging sources, you can process the go.mod file in the upstream source. For example, Fedora's packaging source uses:

$ awk '{print "Provides: bundled(golang("$1")) = "$2}' go.mod | \
sort | uniq | sed -e 's/-/_/g' -e '/bundled(golang())/d' -e '/bundled(golang(go\
|module\|replace\|require))/d'

Netavark and Aardvark-dns

The .tar vendored sources for Netavark and Aardvark-dns will be attached as an upstream release artifact. Then you can create a Cargo config file to point it to the vendor directory:

tar xvf %{SOURCE}
mkdir -p .cargo
cat >.cargo/config << EOF
[source.crates-io]
replace-with = "vendored-sources"

[source.vendored-sources]
directory = "vendor"
EOF

The Fedora packaging sources for Netavark and Aardvark-dns are also available in the Fedora Project's repository.

The Fedora packaged versions of the Rust crates that Netavark and Aardvark-dns depend on are frequently out of date (for example, rtnetlink, sha2, zbus, and zvariant) at the time of initial package creation. As a result, Netavark and Aardvark-dns are built using the dependencies vendored upstream, found in the vendor subdirectory.

The netavark binary is installed to /usr/libexec/podman/netavark, while the aardvark-dns binary is installed to /usr/libexec/podman/aardvark-dns.

The netavark package has a Recommends on the aardvark-dns package. The aardvark-dns package will be installed by default with Netavark, but Netavark will be functional without it.

Listing bundled dependencies

If you need to list the bundled dependencies in your packaging sources, you can run the cargo tree command in the upstream source. For example, Fedora's packaging source uses:

$ cargo tree --prefix none |  \
awk '{print "Provides: bundled(crate("$1")) = "$2}' | \
sort | uniq

To learn more

I hope you found these updates helpful. If you have any questions please feel free to open a discussion on GitHub, or contact me or the other Podman maintainers through Slack, IRC, Matrx, or Discord. Better still, we’d love for you to join our community as a contributor!

Tags
Linux
Containers
Lokesh Mandvekar
Avatar
Lokesh Mandvekar is a Senior Software Engineer in the containers team at Red Hat.
More about me

Comments are closed.

Related Content

Creative Commons LicenseThis work is licensed under a Creative Commons Attribution-Share Alike 4.0 International License.