Every once in a while the puerile makes me laugh

Like these random container names that podman generated:

# podman ps
 CONTAINER ID  IMAGE                               COMMAND               CREATED        STATUS            PORTS                 NAMES
 b83a26bb2c5d  docker.io/library/mysql:5.6         mysqld                2 minutes ago  Up 2 minutes ago  0.0.0.0:8081->80/tcp  hungry_wilson
 f35ec64d3b3c  docker.io/pierrecdn/phpipam:latest  apache2-foregrounā€¦  2 minutes ago  Up 2 minutes ago  0.0.0.0:8081->80/tcp  nice_johnson

Makes me think perhaps there should be a list of adjectives and names that shouldn’t go together?

Can Docker and Podman both run on the same machine?

I’ve been hearing about Podman for a while now – at Red Hat Summit and at various local Red Hat presentations. I’ve seen the slides where the RHEL presenter (it’s always the same guy, but I’m terrible with names – after a bit of research, I think it’s Dan Walsh) asks you to pledge to call them container images, not Docker images, etc. But up until now, even though I’m a huge Red Hat fan, I’ve continued to use Docker as my container engine because I am just running a few containers for myself. I don’t even use a one-machine Docker Swarm. I use docker-compose. And that’s just not something that Podman is ever going to officially support. This makes sense because Red Hat is thinking enterprise. And in the enterprise there are two scenarios: 1) Orchestration – vanilla Kubernetes, OpenShift, etc – and 2) are devs running docker run (or podman run) to test the images before putting them into the orchestrator. I’m an anti-pattern, even if I’m not the only one doing things this way.

Recently I’ve been thinking of converting over to Podman from Docker. There are a few reasons. First of all, Docker requires running a daemon. Not only does that use more resources, but it provides a target for exploitation. In fact, there’s currently a crypto-miner worm workings its way through vulnerable Docker servers. Also, the daemon runs as root and that makes it dangerous if there’s an escape. Podman doesn’t have a daemon. And it is built to be able to be run by users. Again, remember that the use case for Podman that Red Hat is targeting is the dev on his own computer or laptop that’s testing something that will eventually be put onto an orchestrator. So they want them to be able to run Podman as a regular user.

But there’s another reason and it’s something so subtle that it’s been escaping me until this week. If you look at all of Red Hat’s material convincing folks to use Podman, it’s all around how it’s a drop-in replacement for Docker. But recently it’s dawned on me, as I’ve read a bit more about podman and reflected on various talks I’ve heard about it, there’s something hidden right there in the name. Why is it “pod” man and not “container” man? Well, besides containerman being a much longer command to type, it’s because while on the surface podman is about RHEL’s Docker replacement, under the hood it’s related to Kubernetes. In Kubernetes (from now on referred to as k8s) the smallest unit of management is the pod (which can have 1 to many containers). So when you run Podman as a drop-in for Docker (Red Hat even mentions using alias to help with muscle memory), it’s just creating 1-container pods. But you could actually use podman to create multi-container pods. And, in the same way that docker-compose.yml is used both for Docker Compose and Docker Swarm, the yaml that you get from Podman can be used for Kubernetes distros.

So, then comes the reason for the question that is the title of this blog post. If I’m going to transition from Docker to Podman, I’m pretty sure it’s not going to happen perfectly without any issues. After all, the Podman as drop-in replacement for Docker works in the simplest of use-cases. But some of the containers I’m using – like Calibre-web – may be making use of Docker-isms rather than standard OCI container features. So I’d like to be able to do a phased transition so that I don’t have to either take an entire day off from work or spend a weekend trying to get everything working. A weekend in which the family is upset that things aren’t working because my homelab runs the house’s tech.

To test this, I fired up a Fedora 30 server edition VM and an isolated network where I would install Docker and make sure that was working and then try and install Podman at the same time and see if that would work. Why Fedora 30 when 31 is already out? Because another reason I’ve become interested in Podman is because Fedora 31 moves on to cgroupsv2 and Docker doesn’t support that yet. There’s a command that can be used to turn it off, but if I have any issues, I’d rather not have it be because of an extra variable. So Fedora 30 it is.

I went to Docker, downloaded their repo and installed via instructions here. And containers were up and running.

Cockpit showing the hello-world image.

I went ahead and picked PHP IPAM.

PHP IPam running in Docker (as shown in Cockpit)

And I went through the config scripts. Here we are:

PHP Admin running in Docker

OK, now that I know I have a working Docker VM, it’s time to set up Podman. I’ve found one easy way to set it up AND have it working in Cockpit is to install the package cockpit-podman. This leads to the following Cockpit screen for Podman:

Cockpit-Podman: Service is not active

This is as far as I’d gotten on my production system. I was afraid that turning on the service would wreck Docker. ALSO, what service? I thought Podman ran without a daemon? As this page explains, it’s basically using systemd to do your container management. So I clicked on Start Podman.

Cockpit-podman: service active

I clicked around in my Docker PHP admin website and it still worked. So running Podman didn’t kill Docker. Huzzah! That’s great to know if you’re doing migrations. You can see that the images aren’t there. This is because Podman stores images in a different directory than Docker does. I’m going to try and create a pod with phpIPAM and MYSQL that can run on a different set of ports in parallel.

To start off, I ran

podman run -dt --pod new:phpIPAM -e MYSQL_ROOT_PASSWORD=my-secret-pw -v /root/phpipam-podman:/var/lib/mysql -d mysql:5.6

This would have put it into a pod named phpIPAM and saved /var/lib/mysql into the directory /root/phpipam-podman.

And if we do:

# podman pod ps
 POD ID         NAME      STATUS    CREATED              # OF CONTAINERS   INFRA ID
 3040956968bd   phpIPAM   Running   About a minute ago   2                 ca94fe7c5a5e

I’m *slightly* concerned at this point that they both supposedly expose the same port, but I didn’t explicitly expose it to the box, so maybe it’ll be OK. Now let’s add the phpIPAM part to that pod. Unlike with the Docker example, I couldn’t run the exact command from Docker Hub because the –link command was unrecognized. I’m hoping that having them in the same pod mitigates that. Command was:

podman run -dt --pod phpIPAM -p 8080:80 -e MYSQL_ENV_MYSQL_ROOT_PASSWORD=my-secret-pw pierrecdn/phpipam

I notice that putting containers into pods takes slightly longer than starting up Docker containers.

I got the error:

Error: cannot set port bindings on an existing container network namespace

So maybe I needed to set the port when first creating the pod. A quick search on the net seemed to suggest this was true. I couldn’t figure out how to remove the pod because it complained about having containers inside it. So for now, since this is a VM I can just throw away, I’m going to make a phpIPAM2 pod.

# podman pod create --name phpIPAM2 -p 8080
# podman run -dt --pod phpIPAM2 -e MYSQL_ROOT_PASSWORD=my-secret-pw -v /root/phpipam-podman:/var/lib/mysql -d mysql:5.6
# podman run -dt --pod phpIPAM2 -e MYSQL_ENV_MYSQL_ROOT_PASSWORD=my-secret-pw pierrecdn/phpipam

After that:

# podman pod ps
 POD ID         NAME       STATUS    CREATED          # OF CONTAINERS   INFRA ID
 5387ffc281ae   phpIPAM2   Running   4 minutes ago    3                 e2c6c36682a0
 3040956968bd   phpIPAM    Running   18 minutes ago   3                 ca94fe7c5a5e

But I wasn’t QUITE where I needed to be as you can see here:

Podman pods proliferating

A few things to note here:

  1. It’s doing 8080->8080
  2. There’s a “pause” container represented in here per each pod. But otherwise the Podman view in Cockpit is kind of unhelpful for creating pods. It is fine if you’re just doing things the Docker way.
  3. At least it’s a decent list of your images.

OK, let’s try this ONE MORE TIME!

# podman pod create --name phpIPAM3 -p 8081:80
# podman run -dt --pod phpIPAM3 -e MYSQL_ROOT_PASSWORD=my-secret-pw -v /root/phpipam-podman:/var/lib/mysql -d mysql:5.6
# podman run -dt --pod phpIPAM3 -e MYSQL_ENV_MYSQL_ROOT_PASSWORD=my-secret-pw pierrecdn/phpipam
# podman pod ps
POD ID         NAME       STATUS    CREATED          # OF CONTAINERS   INFRA ID
 9a83c0ea0089   phpIPAM3   Running   2 minutes ago    3                 ddc4589ba911
 5387ffc281ae   phpIPAM2   Running   11 minutes ago   3                 e2c6c36682a0
 3040956968bd   phpIPAM    Running   26 minutes ago   3                 ca94fe7c5a5e

I’m closer, but it doesn’t answer on 8081.

Ah, it turns out that, unlike Docker, Podman does not punch hole through the firewall. I had to open up Port 8081. Now the only problem is that the mysql container in that pod exited. So now what? Hmm….this time it was SELinux causing problems. I couldn’t tried just a little to figure it out, but for the sake of getting things running and the fact that this VM is on on isolated network, I just turned SELinux off. (But it’s good to know that SELinux helps protect the system when using Podman). After all this it still wasn’t working because the phpIPAM container was complaining it couldn’t get to the SQL database. So I figured I’d try one more thing – name sure I use the “name” directive in the container creation.

# podman pod create --name phpIPAM4 -p 8081:80
# podman run -dt --pod phpIPAM4 --name phpipam-mysql -e MYSQL_ROOT_PASSWORD=my-secret-pw -v /root/phpipam-podman:/var/lib/mysql -d mysql:5.6
# podman run -dt --pod phpIPAM4 -e MYSQL_ENV_MYSQL_ROOT_PASSWORD=my-secret-pw --name ipam  pierrecdn/phpipam

When I issued the following command:

podman generate kube phpIPAM4 > phpIPAM4.yaml

I think I may have figured out the issue. Because it looks like:

image: docker.io/library/mysql:5.6
     name: phpipam-mysql
     ports:
     - containerPort: 80
       hostPort: 8081
       protocol: TCP

And I’m pretty sure that should belong to the phpIPAM container, not the MySQL container. I wonder if creation order matters?

One.more.time.:

# podman pod create --name phpIPAM5 -p 8081:80
# podman run -dt --pod phpIPAM5 -e MYSQL_ENV_MYSQL_ROOT_PASSWORD=my-secret-pw pierrecdn/phpipam
# podman run -dt --pod phpIPAM5 -e MYSQL_ROOT_PASSWORD=my-secret-pw -v /root/phpipam-podman:/var/lib/mysql -d mysql:5.6

And then…….IT WORKED. IT FREAKIN’ WORKED! So the port that’s exposed should go to the first container you add. Hmm… could be annoying for complex pods.

Well, it didn’t 100% work because it’s expecting a certain name for the MySQL container and since we couldn’t provide the –link, that didn’t happen. But I could probably fix that by giving the MySQL container the right name. I’ll try that tomorrow. It’s been an interesting 2 hours already.

Daisy (laptop) upgrade to Fedora 31

When I tried to upgrade the laptop a couple days ahead of the Tuesday release date, assuming that the sources were as good as gold at that point, the upgrade process complained about the Kdevelop Python plugin and didn’t want to proceed. I figured if this persisted past Tuesday I would just use it as an opportunity to try out PyCharm Community Edition. But once Tuesday came around I was able to upgrade to Fedora 31 with nary a problem. So that was probably the smoothest upgrade I’ve had since Fedora Core 1.

Fedora 31 is coming; Getting on Fedora 30

Back when Fedora 30 came out, I updated my laptop, but I left my main computer and the HTPC on Fedora 29. The former because I was busy with something at the time and didn’t want the disruption of an upgrade; the latter because the family depends on it for entertainment. However, with Fedora 31 coming out next Tuesday, the support window of Fedora 29 is over. The HTPC didn’t give any issues when I started the upgrade (at of this time it’s still running the upgrade), but my main computer did. This time it complaint about ripright and whois-mkpasswd.

I removed ripright and it didn’t seem to affect anything else. I also removed whois-mkpasswd. I can always try and reinstall them later. This allowed the download to proceed. Afterwards it was able to boot into Fedora 30 without any issues. whois-mkpasswd turned out to also be an issue when upgrading my server. When I checked in Fedora 30, ripright was not something that could be installed. whois-mkpasswd had reinstalled itself as part of the upgrade process. Looks like everything is running alright.

Dracula Theme

Just in time for Halloween I discovered the Dracula set of dark themes.They’ve got themes for nearly every code editor and shell/console program you can think of. Here’s Yakuake with the Dracula Konsole theme:

Yakuake with Dracula theme

And here’s Kate with the Dracula theme:

Kate with Dracula theme

I like the color scheme, but the font’s a bit small, so I might make a variant theme with a slightly larger font size.

Unity 2D Game 3: Block Destroyer

My journey through 2D game development using the Unity engine continued with our third project: a clone of Brick Breaker or Arkanoid. In case you’ve never seen it before, this is Arkanoid:

Arkanoid

It’s got a pretty important legacy, Breakout, the version that Atari created, was an important stepping stone for the two Steves of Apple (Steve Jobs and Steve Wozniak).

So it makes sense that this would be one of the games we would use on our learning journey. This is what my first level looks like:

Block Destroyer

In many ways, this was only the second game we’d created. The Number Wizard “game” is really more of a tech demo – based on a concept that everyone uses for doing searches in CS101. And this was the first dynamic game we created. This made it incredibly fun to work on. Each day I got home I couldn’t wait to work on it – I wanted to create this game more than I wanted to play any commercial games.

I document all the things I learned on my github page for Block Destroyer, but some of the coolest techniques involved using the Singleton Pattern to persist the score from level to level and learning how to make the game play itself for playtesting. In fact, you can watch the game play itself here:

Block Destroyer plays itself for playtesting

After the official lecture was over, I wanted to take things to the next level so I added a few challenges for myself. I created a few levels (as you can see above) and also I added the ability to have a level title that changes with each level. (Because of the Singleton Pattern, that turned out to be a little more challenging than it might otherwise have been). I still want to add the ability to use an XBox One controller, but that was a little trickier than I could figure out on my own and when I asked around on their forums, it turns out that they will cover using controllers on the next game. So after I learn that, I will probably come back to this game and add it in.

If you want to play in a browser via WebGL (you need the latest browser and it most likely will not work well on a tablet), you can visit: http://server.ericsbinaryworld.com/WebGL/BlockDestroyerWebGL/

If you would like to play it on your Windows or 64bit Linux computer, you can go to the releases page of my Github repo: https://github.com/djotaku/BlockDestroyer/releases

I’ve become so excited while taking this class that I can’t wait to work on some of my own ideas for games! Well, onto the next class!

Discovering new git GUIs

When I wrote about checking out KDevelop, I mentioned that it was due to a blog post by the Kate developers about how to evolve Kate going forward. Last night I came across a new article in the same vein in which they looked at potential git GUIs to use from within Kate. In my KDevelop post, I mentioned that I use QGit, but it can look a bit small in the screenshot of my 3 monitor desktop. So this is my typical QGit setup:

My usual QGit setup

and this is the most information it could display:

Information-dense QGit

Overall I’m happy with it, even though it seems to be stuck in KDE3 (see the icons, for example). But the second article mentioned a couple candidates for a git GUI and included GitQlient, a fork of QGit and Gitahead. I am a huge fan of the way GitQlient looks and would love to have that as my GUI git client.

Right now it looks like GitQlient was only started a few weeks ago, so we’ll see where it goes as it doesn’t even have comprehensive build instructions, but I wanted to share this for others on QT desktops who would also like a git GUI.

Learning how to make 2D Games in Unity

I’ve been playing video games since I was somewhere around 5 or 6 years old and got a Nintendo Entertainment System for my birthday from one of my aunts. I also inherited a Tandy computer from my dad when I was younger. We had a bunch of edutainment games – like this Sesame Street game (that unfortunately a quick search on Google Images does not turn up) where you had to suck the Tweedles (bugs from Ernie’s flower box) to solve math problems. I also, and I’ve mentioned this before in several places on the net, learned to program from a book on BASIC and made myself a bunch of simple games, including Madlibs clones.

I continued making games here and there, including in college when we had to program Moon Lander on an Atmel, somewhat coming closer to what it was like to make games on the Atari. When Linux Format Magazine had a series of Python PyGame tutorials, I made a bunch of games. One of the games I made was a Space Invaders clone.

PyInvaders

I’ve attempted to start a few more ambitious games a few times. I got relatively far in designing a game engine for a Parcheesi/Ludo game, but the implementing the graphics got a bit tough. I’ve also started RPG engines a few times, but never got that far.

A few years ago, I bought RPG Maker and I did a 5 minute Demo, but I couldn’t think of a concept I wanted to create. So that’s gathering digital dust. I probably would have gone further if there had been a class that went along with it. I’ve come to realize that’s closer to my ideal learning style. So when Humble Bundle recently did a Unity Bundle that mostly conisted of Udemy classes by some guys named Rick and Ben, I went ahead and jumped in feet first. I’ve already learned a lot with their Unity and Git class, which I did first, since it was the easiest and quickest. After that I decided to do their 2D class since I figured if there was something I was going to maybe attempt and complete after doing the class, it would be a 2D game. Also, it’s a fun chance to dive back in to C#. I hadn’t done anything in C# since a series of Linux Format Magazine tutorials in 2007. While I really, really love Python, I think it helps keep the programmer’s head sharp to learn new languages. I’ve been using Visual Studio and boy has that thing really come far from way back 20ish years ago when one of my little brothers was using it for a class in middle or high school. It’s like everything I love about KDevelop, plus a few other neat issues. Like the other day in one of the Udemy lessons, they highlighted a line of code in the “Update” method and then right-clicked and clicked on something that said “refactor” (or thereabouts) and it automatically made a new method and linked to it from within “Update”.

So far we’ve done a couple toy “games”. I’ll link to what I’ve done so far, but first I wanted to point out that one thing I’m doing in each ReadMe is adding in what I learned during that unit of the class. The first one was called Text101 and we rendered it to WebGL so you can play it here. It’s a Choose Your Own Adventure, but the lessons I learned there could very easily be ported over to a visual novel. (Not that Steam needs many more of those šŸ˜‰ Although, I really did love Analog: A Hate Story. The second “game”, Number Wizard, used a sort algorithm I remember learning in CS class to try and guess the player’s number. (At least until we updated it to make slightly more random guesses) I put “game” in quotes because the player isn’t really doing anything fun, just letting the computer know if they need to go higher or lower. My eight-year-old likes it, but that’s mostly a factor of the fact she’s impressed at what the computer is doing, not because it’s actually fun in a game sort of way. I compiled both Windows and Linux 64bit binaries for the game, so you can play it if you go to the releases section of my git repo.

The first REAL game we’re making is a clone of Arkanoid/Brick Breaker. You can tell that this is a real game in comparison to the previous games because the first two sets of lectures are each about 1-2 hours. This one is 6 hours long! AND they’re telling us a lot of what to do because it’s a class. Yes, they have challenge slides, but those depend on the student pausing the video. So if you never pause and just do what they say, it’s a 6 hour process. It also has given me a LOT more respect for the original games. Steve Jobs and Steve Wozniak programmed the original Brick Breaker for Atari and that involved programming in assembly and having various chips to interface with. With Unity, friction and gravity are taken care of. Bricks can be copy-pasted and colors easily changed. Adding sound is as easy as adding an mp3, ogg, or wave to Unity. You draw boxes that are easy to see to make your “walls” and “fail” areas. And you don’t even need to compile it to see if it is working. Just clicking on “play” in Unity will allow you to test most of the functionality of your game! Speaking of that, I’d like to share with you a fun video from the lesson where they showed us the 2D physics engine in Unity. I don’t know why this cracked me up so much, but the fact that the paddle was not a perfect rectangle led to this happening:

Spinning ball is spinning

Anyway, I’m having a blast and I’ll keep you up to date as I progress.

New Dishes I cooked in August 2019

Lots of Mexican food and a some other neat, ambitious dishes in August. The by this point the chicken chilaquiles were one of the oldest chicken dishes on my To-Make list. I just never happened to have the ingredients around and I wasn’t sure if it was going to be a hit or a flop. Finally, I decided to do it! I went overly ambitious and made my own corn tortillas, which I then toasted in the oven to create chips which I then put into the chilaquilas. It was quite delicious. On the other hand I was not a fan of “Dave’s Fish Tacos” from the Weber Charcoal Grilling book. But, redemption came in the form of Easy Weeknight Chicken Tacos, one of the newest additions to my To-Make list from America’s Test Kitchen’s Cook it in your Dutch Oven. It had a good blend of citrus and Mexican flavors. I’d definitely like to make it again.

The fried tofu with cabbage salad was a nice little vegetarian respite and was quite, quite tasty. It was a general hit. The pecan-crusted fish also redeemed fish for the month.

Then it was time for my more ambitious recipes. Great grilled pizza required a bit of planning as it had two types of cheeses, a dough that has to ferment in the fridge overnight, and a charcoal grill to keep hot. It turned out to be a HUGE, HUGE hit. Another one of those where my wife was in doubt until she ate it and then requested it again a few weeks later. As for the fluffiest dinner rolls, that involved quite a bit, including getting a bit of flour parcooking in the microwave first. But darn if they weren’t so incredibly delicious! And look at how fluffy they were!

So fluffy……

New Dishes I cooked in July 2019

I finally made bacon from scratch for the first time, so that deserves its own gallery:

One of the things that had been stopping me was the fact that Costco only sold pork bellies already sliced for Korean dishes. Then, the weekend I was going to ask them if I could buy a full pork belly, they had one there. They said customers had been asking for it so they were going to start selling some whole. It was a pretty neat experience making my own bacon. I can see why it’s so expensive – it involves a lot of waiting and a lot of labor.

As for the rest of my food:

The beef fajita burger was another burger from the Weber Big Book of Burgers. That book continues to be hit and miss with the Missus and this one was a big miss. I thought it was OK. I wasn’t dying to make it again, but by the same token, I didn’t hate it.

A coworker was always raving about getting sausages from Binkerts. So on the way back from NYC I stopped there and bought some weisswurst so I coudl make currywurst. It was SO GOOD. It’s definitely something we try and buy whenever we’re on our way back from NY now. The weisswurst, which has some lemon and parsley provides a nice contrast to the curry ketchup. (Which I made from a recipe). The casing, when nicely crisped up also provides another nice contrast.

Calamari was on sale at Costco and Danielle wanted to try grilling some. I looked at a few websites to get a good feel for what to watch out for. More or less you want to grill them until they inflate, then flip for a quick minute or so to ensure to get some char on that side.

The grilled cauliflower with tahini was something I was anticipating since reading about it in the book Vegetables on Fire. I’ve never been a huge tahini person, so it was a gamble. But it worked rather well.

Finally, I continued to experiment with grilling stone fruit when I grilled some peaches. They tasted quite lovely with some Wegmans Vanilla Ice Cream.