{"id":2718,"date":"2024-05-13T21:12:23","date_gmt":"2024-05-13T12:12:23","guid":{"rendered":"https:\/\/mattyan.net\/blog\/?p=2718"},"modified":"2024-05-13T21:14:50","modified_gmt":"2024-05-13T12:14:50","slug":"cockpit-podman%e3%82%92%e8%a9%a6%e3%81%97%e3%81%a6%e3%81%bf%e3%81%9f","status":"publish","type":"post","link":"https:\/\/mattyan.net\/blog\/?p=2718","title":{"rendered":"cockpit-podman\u3092\u8a66\u3057\u3066\u307f\u305f"},"content":{"rendered":"\n

cockpit\u306b\u306f\u30b3\u30f3\u30c6\u30ca\u7ba1\u7406\u306e\u30d7\u30e9\u30b0\u30a4\u30f3\u304c\u3042\u308b\u3088\u3046\u306a\u306e\u3067\u8a66\u3057\u3066\u307f\u305f\u3002<\/p>\n\n\n\n\n\n\n\n

cockpit\u306b\u306fcockpit-docker\u3068\u3044\u3046\u3001docker\u30b3\u30f3\u30c6\u30ca\u306e\u7ba1\u7406\u30c4\u30fc\u30eb\u304c\u3042\u3063\u305f<\/strong>\u3088\u3046\u3060\u304c\u3001\u30d1\u30c3\u30b1\u30fc\u30b8\u304c\u306a\u3044\u3002\u3069\u3046\u3082Redhat\u304c\u958b\u767a\u3057\u3066\u3044\u308b\u540c\u3058\u3088\u3046\u306a\u30b7\u30b9\u30c6\u30e0\u3067\u3042\u308bPodman\u306b\u79fb\u884c\u3057\u305f\u3088\u3046\u3060\u3002<\/p>\n\n\n\n

podman\u306b\u3064\u3044\u3066\u7c21\u5358\u306b\u8abf\u3079\u305f\u611f\u3058\u3001\u30b3\u30de\u30f3\u30c9\u306f\u307b\u307cdocker\u4e92\u63db\u3067\u3044\u3044\u3063\u307d\u3044\u3002Dockerfile\u304b\u3089\u4f5c\u308c\u308b\u306e\u3067\u3001\u30b3\u30f3\u30c6\u30ca\u4f5c\u308b\u7a0b\u5ea6\u306a\u3089\u56f0\u3089\u306a\u3055\u305d\u3046\u3002<\/p>\n\n\n\n

\u7269\u306f\u8a66\u3057\u3067cockpit\u306eWebUI\u3092\u30b3\u30f3\u30c6\u30ca\u306b\u3057\u3066\u3001\u540c\u3058\u304f\u30b3\u30f3\u30c6\u30ca\u306b\u5165\u308c\u305fnginx\u304b\u3089\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308b\u3088\u3046\u306b\u69cb\u7bc9\u3057\u3066\u307f\u305f\u3002<\/p>\n\n\n\n

nginx\u306e\u30b3\u30f3\u30c6\u30ca<\/h2>\n\n\n\n

nginx\u306e\u30b3\u30f3\u30c6\u30ca\u306f\u3001\u516c\u5f0f\u306e\u30b3\u30f3\u30c6\u30ca\u306b\u3061\u3087\u3063\u3068\u3060\u3051\u8a2d\u5b9a\u3092\u5165\u308c\u3066\u5b8c\u6210<\/p>\n\n\n\n

FROM nginx:mainline-alpine\n\nCOPY default.conf \/etc\/nginx\/conf.d\/default.conf\nCOPY index.html \/var\/www\/html\/index.html\nCOPY 0-self-signed.key \/etc\/cockpit\/ws-certs.d\/\nCOPY 0-self-signed.cert \/etc\/cockpit\/ws-certs.d\/\n\nEXPOSE 443<\/code><\/pre>\n\n\n\n
\u9014\u4e2d\u3067COPY\u3057\u3066\u308b0-self-signed.key\u30680-self-signed.cert\u306fcockpit\u5b9f\u884c\u6642\u306b\u81ea\u52d5\u751f\u6210\u3055\u308c\u308b\u81ea\u5df1\u7f72\u540d\u8a3c\u660e\u66f8\u3002cockpit\u306f\u8a2d\u5b9a\u3067HTTP\u3067\u3082\u63a5\u7d9a\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u308b\u304c\u3001Cookie\u304cHTTPS\u524d\u63d0\u306e\u8a2d\u5b9a\u3067\u9001\u308a\u4ed8\u3051\u3066\u304d\u3066chromium\u304c\u6368\u3066\u3061\u3083\u3046\u306e\u3067\u3001\u81ea\u5df1\u7f72\u540d\u8a3c\u660e\u66f8\u3067https\u3067\u304d\u308b\u3088\u3046\u306b\u3057\u305f\u3002<\/p>\n\n\n\n
server {\n    listen 80 default_server;\n    listen [::]:80 default_server;\n\n    location \/ {\n        return 301 https:\/\/$host$request_uri;\n    }\n}\nserver {\n    listen 443 ssl;\n    listen [::]:443 ssl;\n\n    ssl_certificate \/etc\/cockpit\/ws-certs.d\/0-self-signed.cert;\n    ssl_certificate_key \/etc\/cockpit\/ws-certs.d\/0-self-signed.key;\n    client_max_body_size 2G;\n    index index.html index.php;\n    location \/ {\n        root \/var\/www\/html;\n        index index.html;\n    }\n    location \/private\/cp\/ {\n        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;\n        proxy_set_header Host $http_host;\n        proxy_set_header X-CSRF-Token $http_x_csrf_token;\n        proxy_set_header X-Real-IP $remote_addr;\n        proxy_set_header X-Forwarded-Proto $scheme;\n\n        proxy_http_version 1.1;\n        proxy_buffering off;\n        proxy_set_header Upgrade $http_upgrade;\n        proxy_set_header Connection "upgrade";\n\n        gzip off;\n        proxy_pass http:\/\/cockpit:9090;\n    }\n}<\/code><\/pre>\n\n\n\n
default.conf\u306fhttps\u306e\u8a2d\u5b9a\u3068\u30eb\u30fc\u30c6\u30a3\u30f3\u30b0\u306e\u8a2d\u5b9a\u3002cockpit\u306fwebsocker\u3082\u4f7f\u3046\u306e\u3067\u3001proxy_set_header\u3067\u305d\u308c\u7528\u306e\u30d8\u30c3\u30c0\u3082\u6e21\u3055\u306a\u3044\u3068\u52d5\u304b\u306a\u304f\u306a\u308b<\/a>\u3002<\/p>\n\n\n\n
cockpit\u306e\u30b3\u30f3\u30c6\u30ca<\/h2>\n\n\n\n
FROM debian:bookworm-slim\n\nRUN apt-get update && \\\n    apt-get upgrade -y && apt-get install -y cockpit locales && \\\n    rm -rf \/var\/lib\/apt\/lists\/* && \\\n    \/usr\/lib\/cockpit\/cockpit-certificate-ensure && \\\n    localedef -i ja_JP -c -f UTF-8 -A \/usr\/share\/locale\/locale.alias ja_JP.UTF-8\n\nRUN groupadd -g 1000 user && useradd -m -s \/bin\/sh -u 1000 -g 1000 -G sudo mattyan && echo mattyan:password | chpasswd && echo "mattyan   ALL=(ALL) NOPASSWD:ALL" >> \/etc\/sudoers\n\nENV LANG ja_JP.utf8\nADD config.conf \/etc\/cockpit\/cockpit.conf\nEXPOSE 9090\nENTRYPOINT ["\/usr\/lib\/cockpit\/cockpit-ws"]<\/code><\/pre>\n\n\n\n
\u6700\u521dalpine linux\u3067\u7d44\u3082\u3046\u304b\u3068\u601d\u3063\u305f\u304c\u3001alpine linux\u306e\u30d1\u30c3\u30b1\u30fc\u30b8\u306bcockpit\u304c\u7121\u304b\u3063\u305f(systemd\u306b\u4f9d\u5b58\u3057\u3066\u308b\u3089\u3057\u3044)\u306e\u3067\u3001debian:bookworm-slim\u3067\u69cb\u7bc9\u3002<\/p>\n\n\n\n
\u30d1\u30c3\u30b1\u30fc\u30b8\u3092\u5165\u308c\u3066\u3001\u65e5\u672c\u8a9e\u8a2d\u5b9a\u3002<\/p>\n\n\n\n
\u9014\u4e2d\u3067groupadd\u3068useradd\u3057\u3066\u3044\u308b\u306e\u306f\u3001cockpit\u306f\u300c\u305d\u306eLinux\u6a5f\u306e\u30e6\u30fc\u30b6\u30fc\u30a2\u30ab\u30a6\u30f3\u30c8\u3067\u30ed\u30b0\u30a4\u30f3\u3059\u308b\u300d\u305f\u3081\u3002Docker\u3060\u3068\u30e6\u30fc\u30b6\u30fc\u304c\u7121\u304f\u3066\u5165\u308c\u306a\u3044\u306e\u3067\u4e8b\u524d\u306b\u4f5c\u3063\u3066\u304a\u304f\u3002<\/p>\n\n\n\n
[WebService]\nAllowUnencrypted=true\nUrlRoot=\/private\/cp\/\nProtocolHeader=X-Forwarded-Proto<\/code><\/pre>\n\n\n\n
AllowUnencrypted\u306e\u8a2d\u5b9a\u3067\u3001HTTP\u3067\u306e\u30a2\u30af\u30bb\u30b9\u3092\u8a31\u53ef\u3002
UrlRoot\u306fURL\u306e\u30d7\u30ec\u30d5\u30a3\u30c3\u30af\u30b9\u3092\u8a2d\u5b9a\u3002
ProtocolHeader\u3067\u306fnginx\u304b\u3089\u6e21\u3055\u308c\u308b\u30d8\u30c3\u30c0\u3092\u6307\u5b9a\u3002<\/p>\n\n\n\n
\u3053\u308c\u3089\u306e\u6e96\u5099\u304c\u7d42\u308f\u3063\u305f\u3068\u3053\u308d\u3067<\/p>\n\n\n\n
podman build -t nginx_server --rm .\n# \u3068\npodman build -t cockpit --rm .<\/code><\/pre>\n\n\n\n
\u3067\u30b3\u30f3\u30c6\u30ca\u3092\u4f5c\u6210<\/p>\n\n\n\n
\"\"
cockpit podman\u306e\u753b\u9762<\/figcaption><\/figure>\n\n\n\n
\u30a4\u30e1\u30fc\u30b8\u4e00\u89a7\u306b\u30d3\u30eb\u30c9\u3057\u305f\u30a4\u30e1\u30fc\u30b8\u304c\u8868\u793a\u3055\u308c\u308b\u306e\u3067\u3001Pod\u3092\u4f5c\u6210\u3057\u3066\u30b3\u30f3\u30c6\u30ca\u4f5c\u6210\u3057\u3066\u5b9f\u884c\u3002<\/p>\n\n\n\n
podman generate kube\u30b3\u30de\u30f3\u30c9\u3067Kubernetes\u7528yaml\u30d5\u30a1\u30a4\u30eb\u3092\u51fa\u305b\u308b\u307f\u305f\u3044\u306a\u306e\u3067\u3001\u304a\u8a66\u3057\u3067\u51fa\u3057\u3066\u307f\u305f<\/p>\n\n\n\n
mattyan@mattyannetstg:~\/test_cockpit$ podman generate kube test_cockpit\n# Save the output of this file and use kubectl create -f to import\n# it into Kubernetes.\n#\n# Created with podman-4.9.3\napiVersion: v1\nkind: Pod\nmetadata:\n  creationTimestamp: "2024-05-13T11:54:33Z"\n  labels:\n    app: testcockpit\n  name: testcockpit\nspec:\n  containers:\n  - args:\n    - nginx\n    - -g\n    - daemon off;\n    env:\n    - name: TERM\n      value: xterm\n    image: localhost\/nginx_server:latest\n    name: blissfulhertz\n    ports:\n    - containerPort: 443\n      hostIP: 0.0.0.0\n      hostPort: 8443\n    tty: true\n  - env:\n    - name: TERM\n      value: xterm\n    image: localhost\/cockpit:latest\n    name: cockpit\n    tty: true<\/code><\/pre>\n\n\n\n
\u306a\u304a\u3001\u8aad\u307f\u65b9\u306f\u3088\u304f\u308f\u304b\u3089\u306a\u3044\u3002\u3053\u308c\u3092\u5b9f\u884c\u3059\u308b\u3068Pod\u304c\u7acb\u3061\u4e0a\u304c\u308b\u3093\u3060\u308d\u3046\u3051\u3069\u3001cockpit-podman\u306e\u753b\u9762\u3067\u306f\u3053\u308c\u3092\u53d6\u308a\u8fbc\u3080\u3068\u3053\u308d\u304c\u7121\u3055\u305d\u3046\u306a\u306e\u3067\u3001<\/p>\n\n\n\n
podman play kube test_cockpit.yaml<\/code><\/pre>\n\n\n\n
\u3067\u5b9f\u884c\u3057\u3066\u307f\u305f\u3068\u3053\u308d<\/p>\n\n\n\n
\"\"
Pod\u304c\u5897\u3048\u305f<\/figcaption><\/figure>\n\n\n\n
\u3061\u3083\u3093\u3068\u65b0\u3057\u3044Pod\u304c\u8868\u793a\u3055\u308c\u305f\u3002<\/p>\n\n\n\n
\u30d6\u30e9\u30a6\u30b6\u3067\u30a2\u30af\u30bb\u30b9\u3057\u3066\u307f\u305f\u3089<\/p>\n\n\n\n
\"\"
Pod\u5185\u90e8\u306ecockpit\u306b\u30a2\u30af\u30bb\u30b9<\/figcaption><\/figure>\n\n\n\n
Cockpit\u306e\u753b\u9762\u306b\u5230\u9054\u3067\u304d\u305f\u3002\u305f\u3060\u3001\u3053\u3053\u3067\u898b\u3048\u3066\u308b\u306e\u306fDocker\u30b3\u30f3\u30c6\u30ca\u5185\u90e8\u306a\u306e\u3067\u3001\u3053\u3053\u304b\u3089SSH\u3067\u30db\u30b9\u30c8\u306b\u63a5\u7d9a\u3057\u3066\u30c7\u30fc\u30bf\u53d6\u308a\u51fa\u3057\u3066\u2026\u2026\u3063\u3066\u3067\u304d\u308c\u3070\u697d\u3057\u3044\u3093\u3060\u3051\u3069\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"
cockpit\u306b\u306f\u30b3\u30f3\u30c6\u30ca\u7ba1\u7406\u306e\u30d7\u30e9\u30b0\u30a4\u30f3\u304c\u3042\u308b\u3088\u3046\u306a\u306e\u3067\u8a66\u3057\u3066\u307f\u305f\u3002<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-2718","post","type-post","status-publish","format-standard","hentry","category-3"],"_links":{"self":[{"href":"https:\/\/mattyan.net\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2718","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mattyan.net\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mattyan.net\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mattyan.net\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mattyan.net\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2718"}],"version-history":[{"count":9,"href":"https:\/\/mattyan.net\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2718\/revisions"}],"predecessor-version":[{"id":2732,"href":"https:\/\/mattyan.net\/blog\/index.php?rest_route=\/wp\/v2\/posts\/2718\/revisions\/2732"}],"wp:attachment":[{"href":"https:\/\/mattyan.net\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2718"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mattyan.net\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2718"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mattyan.net\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2718"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}