{"id":130641,"date":"2022-12-19T08:00:00","date_gmt":"2022-12-19T08:00:00","guid":{"rendered":"https:\/\/fedoramagazine.org\/?p=37442"},"modified":"2022-12-19T08:00:00","modified_gmt":"2022-12-19T08:00:00","slug":"setting-up-fedora-iot-on-raspberry-pi-and-rootless-podman-containers","status":"publish","type":"post","link":"https:\/\/sickgaming.net\/blog\/2022\/12\/19\/setting-up-fedora-iot-on-raspberry-pi-and-rootless-podman-containers\/","title":{"rendered":"Setting up Fedora IoT on Raspberry Pi and rootless Podman containers"},"content":{"rendered":"<h2>Introduction<\/h2>\n<p>Fedora IoT is a foundation for Internet of Things (IoT) and Device Edge ecosystems. It\u2019s a secure, immutable, and image-based operating system that supports the deployment of containerized applications. We\u2019ll discuss how you can run Fedora IoT on a Raspberry Pi to deploy a rootless Podman container.<\/p>\n<h2>Running Fedora IoT on Raspberry Pi<\/h2>\n<p>Prerequisites:<\/p>\n<ul>\n<li>PC (with Fedora)<\/li>\n<li>SD-Card and SD-Card Reader<\/li>\n<li>Raspberry Pi 3 or 4<\/li>\n<\/ul>\n<p>Download the IoT image &amp; CHECKSUM for your CPU from <a href=\"https:\/\/getfedora.org\/en\/iot\/download\/\">getfedora.org<\/a>. <\/p>\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/fedoramagazine.org\/wp-content\/uploads\/2022\/12\/image.png\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"416\" src=\"https:\/\/www.sickgaming.net\/blog\/wp-content\/uploads\/2022\/12\/setting-up-fedora-iot-on-raspberry-pi-and-rootless-podman-containers.png\" alt=\"Screenshot of Fedora IoT image download.\" class=\"wp-image-37445\" \/><\/a><\/figure>\n<p>After you download your Fedora IoT image, click <em>Verify your Download<\/em> to download the CHECKSUM file.<\/p>\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/www.sickgaming.net\/blog\/wp-content\/uploads\/2022\/12\/setting-up-fedora-iot-on-raspberry-pi-and-rootless-podman-containers-1.png\"><img decoding=\"async\" loading=\"lazy\" width=\"567\" height=\"229\" src=\"https:\/\/www.sickgaming.net\/blog\/wp-content\/uploads\/2022\/12\/setting-up-fedora-iot-on-raspberry-pi-and-rootless-podman-containers-1.png\" alt=\"Screenshot to show where to find the &quot;Verify your download.&quot; button.\" class=\"wp-image-37447\" \/><\/a><\/figure>\n<p>Place the CHECKSUM file in the same location where you downloaded your Fedora IoT image. <\/p>\n<p>Then, install gnupg and the arm image installer:<\/p>\n<pre class=\"wp-block-preformatted\">dnf install gnupg2 arm-image-installer<\/pre>\n<p>Next, import Fedora&#8217;s GPG keys to verify the image you downloaded: <\/p>\n<pre class=\"wp-block-preformatted\">$ curl -O https:\/\/getfedora.org\/static\/fedora.gpg<\/pre>\n<p>Then, verify the CHECKSUM file has a good signature:<\/p>\n<pre class=\"wp-block-preformatted\">$ gpgv --keyring .\/fedora.gpg *-CHECKSUM<\/pre>\n<p>You should see something similar to the following in the output:<\/p>\n<pre class=\"wp-block-preformatted\">$ gpgv --keyring .\/fedora.gpg *-CHECKSUM\ngpgv: Signature made Fri 19 Mar 2021 10:10:28 AM EDT\ngpgv: using RSA key 8C5BA6990BDB26E19F2A1A801161AE6945719A39\ngpgv: Good signature from \"Fedora (34) &lt;fedora-34-primary@fedoraproject.org&gt;\"<\/pre>\n<p>Lastly, verify the checksum of your download to verify that the signature matches:<\/p>\n<pre class=\"wp-block-preformatted\">$ sha256sum -c *-CHECKSUM<\/pre>\n<p>Now, find the name of the SD-Card. You can use various tools, but in this article, we recommend using udisks command line tool udiskctl. First, verify that you have NOT inserted your SD-Card into your SD-Card reader.<\/p>\n<p>Then, enter the following command:<\/p>\n<pre class=\"wp-block-preformatted\">udisksctl status <\/pre>\n<p>The output displays all the connected devices on your machine. Review what devices are currently displayed. Next, plug in your SD-Card and enter the command again. Write down the name of the device that\u2019s been added to the previous list.<\/p>\n<p><strong>Use caution when flashing your SD-Card. If you choose the wrong device, you might overwrite your hard drive.<\/strong><\/p>\n<p>Flash the image onto the SD-Card.<\/p>\n<pre class=\"wp-block-preformatted\">$ arm-image-installer --image=&lt;\/path\/to\/fedora_image&gt; \\ --target=&lt;RPi_Version&gt; --media=\/dev\/&lt;sd_card_device&gt; \\ --addkey=\/path\/to\/pubkey \\ --resizefs<\/pre>\n<ul>\n<li><em>Image <\/em>&#8211; File path to the image you downloaded.<\/li>\n<li><em>target<\/em> &#8211; Type of arm board you are using (in this example it would be either the Raspberry Pi 3 or 4).<\/li>\n<li><em>media <\/em>&#8211; SD-Card path you identified. <\/li>\n<li><em>addkey <\/em>&#8211; Your SSH key. <\/li>\n<li><em>resizefs <\/em>&#8211; Resizes the image to the full SD-Card unless you have another partition to add. <\/li>\n<\/ul>\n<p>The image won&#8217;t have a per-configured user or password. <\/p>\n<p><a href=\"https:\/\/docs.fedoraproject.org\/en-US\/iot\/ignition\/\" target=\"_blank\" rel=\"noreferrer noopener\">Zezere<\/a> is a provisioning service that can deploy devices without a physical console. Use Zezere to set up and deploy your device. <\/p>\n<p>Navigate to<a href=\"http:\/\/provision.fedoraproject.org\"> provision.fedoraproject.org<\/a>, then click the <em>Claim Unowned Devices<\/em> tab, and claim your device (i.e. your SD-Card). Click the <em>Home<\/em> tab to view your claimed device, then click the SSH Key Management tab to add your SSH key. This allows you to copy your SSH key to any of your Fedora IoT devices. The keys generated in the <em>SSH Key Management<\/em> tab are public, so they can be shared without risk to the security of your devices.<\/p>\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/www.sickgaming.net\/blog\/wp-content\/uploads\/2022\/12\/setting-up-fedora-iot-on-raspberry-pi-and-rootless-podman-containers-2.png\"><img decoding=\"async\" loading=\"lazy\" width=\"968\" height=\"209\" src=\"https:\/\/www.sickgaming.net\/blog\/wp-content\/uploads\/2022\/12\/setting-up-fedora-iot-on-raspberry-pi-and-rootless-podman-containers-2.png\" alt=\"Image of Zezere to use as reference for instructions on how to deploy your device.\" class=\"wp-image-37454\" \/><\/a><\/figure>\n<p>Return to the <em>Home <\/em>tab and click <em>Submit provision request<\/em> on your SD-Card to set up a provisioning request. Select <em>fedora-iot-stable <\/em>from the drop-down and click <em>Schedule<\/em> to copy your SSH Key onto your Fedora IoT device.<\/p>\n<p>You\u2019re now ready to run your applications.<\/p>\n<h2>Setting up rootless Podman containers<\/h2>\n<p>Fedora IoT uses Podman to develop, manage, and run Open Container Initiative (OCI) containers. Rootless containers can be run by unprivileged users, adding security against hackers to ensure they\u2019re safe to share between machines.<\/p>\n<p>Install <em>slirpfnetns<\/em> and <em>fuse-overlays<\/em> to begin setup of a rootless Podman container:<\/p>\n<pre class=\"wp-block-preformatted\"> sudo dnf -y install slirp4netns fuse-overlayfs shadow-utils<\/pre>\n<p>Rootless Podman containers require the root user to have a range of UIDs\/GIDs listed in the <em>\/etc\/subuid<\/em> and <em>\/etc\/subgid <\/em>files<em>.<\/em> Update the <em>\/etc\/subuid<\/em> and <em>\/etc\/subgid<\/em> for each non-root user.<\/p>\n<pre class=\"wp-block-preformatted\">sudo usermod --add-subuids START-RANGE --add-subgids START-RANGE USERNAME <\/pre>\n<ul>\n<li><em>START<\/em> &#8211; Starting UID (ex. 1000)<\/li>\n<li><em>RANGE<\/em> &#8211; Range for you UID (ex. if you put 100, then your UID will range from 1000 to 1100)<\/li>\n<li><em>USERNAME<\/em> &#8211; The username you&#8217;re updating.<\/li>\n<\/ul>\n<p>Podman is now set up to run rootless containers.<\/p>\n<h2>More setup recommendations<\/h2>\n<p>View the following resources for additional ways you can improve the setup of your containers:<\/p>\n<ul>\n<li><a href=\"https:\/\/fedoramagazine.org\/using-ansible-to-configure-podman-containers\/\">Using Ansible to configure Podman containers<\/a><\/li>\n<li><a href=\"https:\/\/fedoramagazine.org\/auto-updating-podman-containers-with-systemd\/\">Auto-updating Podman containers with systemd<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Introduction Fedora IoT is a foundation for Internet of Things (IoT) and Device Edge ecosystems. It\u2019s a secure, immutable, and image-based operating system that supports the deployment of containerized applications. We\u2019ll discuss how you can run Fedora IoT on a Raspberry Pi to deploy a rootless Podman container. Running Fedora IoT on Raspberry Pi Prerequisites: [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":130642,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[48],"tags":[45,61,46,47],"class_list":["post-130641","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-fedora-os","tag-fedora","tag-fedora-project-community","tag-magazine","tag-news"],"_links":{"self":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/posts\/130641","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/comments?post=130641"}],"version-history":[{"count":0,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/posts\/130641\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/media\/130642"}],"wp:attachment":[{"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/media?parent=130641"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/categories?post=130641"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sickgaming.net\/blog\/wp-json\/wp\/v2\/tags?post=130641"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}