Assuming you have Debian 12 "bookworm" installed.
sudo apt-get -y update
sudo apt-get -y install cockpit cockpit-machines cockpit-podman
cockpit: A web console for Linuxcockpit-machines: Virtual machine manager usinglibvirtcockpid-podman: Container manager usingpodman
The VM manager is there just for my own copy-paste convenience :).
Certain containers, e.g. Homebridge, recommends using host network (docker run --net=host ...) for mDNS.
My preference is for them to have network interface with its own MAC, and acquire IP lease from the DHCP server on the network.
This is usually done by using a macvlan network type with dhcp plugin.
The macvlan network type means the container's interface will have its own MAC that is bridged to a physical interface on the host. Most container images don't have DHCP client, and the dhcp plugin would work in place of them to acquire lease from DHCP server.
The terminology could be confusing, since VM/networking and container world seem to use different jargons.
| VM/Networking | Container | Comment |
|---|---|---|
| (none) | host | Container shares host network stack |
| NAT | bridge | Container has its own network stack; host assigns IP to container; incoming = port mapping; outgoing = masquerade |
| bridge | macvlan | Container has its own network stack with individual MAC; dhcp plugin on host talks to DHCP server on behalf of container |
| (none) | ipvlan | Container has its own network stack with shared MAC, which would not work w/ common DHCP servers and I've not used it |
podman defaults to netavark starting at 4.0, as CNI is too cluster-focused. However, netavark doesn't support dhcp plugin yet, thus we need to change it back to CNI.
Reference:
- https://github.com/containers/common/blob/main/docs/containers.conf.5.md
- https://docs.podman.io/en/latest/markdown/podman-network-create.1.html
- https://www.redhat.com/sysadmin/leasing-ips-podman
Debian package containernetworking-plugins, which should have already been installed as a dependency, provides the following files:
/usr/lib/cni/dhcp/usr/lib/systemd/system/cni-dhcp.socket/usr/lib/systemd/system/cni-dhcp.service
# Use CNI backend, since Netavark doesn't support DHCP proxy yet
# Copy the template file if it did not exist:
# sudo cp /usr/share/containers/containers.conf /etc/containers/
sudo vi /etc/containers/containers.conf
# Edit:
# [network]
# network_backend = "cni"
# default_network = "podman-mac"
# The original default "podman" network uses "bridge" (i.e. NAT in VM sense)
# Add "podman-mac" network with "macvlan+dhcp" (i.e. bridge in VM sense)
cat <<EOF | sudo tee /etc/cni/net.d/99-podman-macvlan.conflist
{
"cniVersion": "0.4.0",
"name": "podman-mac",
"plugins": [
{
"type": "macvlan",
"master": "enp4s0",
"ipam": {
"type": "dhcp"
}
}
]
}
EOF
# Above config file is equivalent to below command, except for file name:
# sudo podman network create --driver macvlan --opt parent=enp4s0 podman-mac
# Enable cni-dhcp socket
sudo systemctl --now enable cni-dhcp.socket
# Set up Homebridge container
# Note sudo, as macvlan requires access to the host network interface.
# Note `--mac-address`, as we may want the DHCP server to provide a fixed IP address.
sudo docker run \
--net=podman-mac \
--mac-address=01:02:03:04:05:06 \
--name=homebridge \
--volume $/mnt/homebridge:/homebridge \
--env TZ=US/Pacific \
--env ENABLE_AVAHI=1 \
--detach \
--restart=unless-stopped \
--cap-add NET_RAW \
docker.io/homebridge/homebridge:latest
# Want the web console on port 80?
# Just edit Homebridge config!
# TODO
# systemd service to start the container at boot up
# Until then, we'll use Cockpit to manually turn it on each time