enabling-fuse-for-all-workspaces.adoc

Enabling fuse-overlayfs for all workspaces

For Podman 5.x, the /home/user/.config must be owned by the current user for Podman to function correctly. The storage.conf file for Podman is typically stored in this folder. This document explains how to configure the workspace’s container entrypoint script for the workspace so that fuse-overlayfs is being used for all workspaces using that container. The Universal Developer Image (UDI) already contains the necessary configuration by default.

Prerequisites

• For OpenShift versions 4.14 and lower, the administration-guide:enabling-access-to-dev-fuse-for-openshift.adoc section has been completed.

• An active {orch-cli} session with administrative permissions to the destination OpenShift cluster. See {orch-cli-link}.

Procedure

1. Set the necessary annotation in the spec.devEnvironments.workspacesPodAnnotations field of the CheCluster custom resource.

   kind: CheCluster
   apiVersion: org.eclipse.che/v2
   spec:
     devEnvironments:
       workspacesPodAnnotations:
         io.kubernetes.cri-o.Devices: /dev/fuse

   Note	For OpenShift versions 4.14 and lower, the io.openshift.podman-fuse: "" annotation is also required.

2. Optional: If you are using a custom image for the workspace container, create the /home/user/.config folder and configure the storage.conf file on runtime via the entrypoint. To do this, add the following to the workspace container image’s entrypoint script before building the image.

   # Configure container builds to use vfs or fuse-overlayfs
   if [ ! -d "${HOME}/.config/containers" ]; then
     mkdir -p ${HOME}/.config/containers
     if [ -c "/dev/fuse" ] && [ -f "/usr/bin/fuse-overlayfs" ]; then
       (echo '[storage]';echo 'driver = "overlay"';echo '[storage.options.overlay]';echo 'mount_program = "/usr/bin/fuse-overlayfs"') > ${HOME}/.config/containers/storage.conf
     else
       (echo '[storage]';echo 'driver = "vfs"') > "${HOME}"/.config/containers/storage.conf
     fi
   fi

   This ensures that if the /home/user/.config doesn’t already exist, the folder is created and owned by user. The /home/user/.config may already exist for example, if it was stored in a persistent volume.

   Note	This is configured in the UDI by default. Therefore this step is only required if you are using a custom image for the workspace container.

Verification steps

1. Start a workspace and verify that the owner for /home/user/.config is user.

   $ ls -la /home/user

   Example output:

   ...
   drwxrwsr-x.  3 user 1000660000   24 Dec 24 15:40 .config

2. Verify that the storage driver is overlay.

   $ podman info | grep overlay

   Example output:

   graphDriverName: overlay
     overlay.mount_program:
       Executable: /usr/bin/fuse-overlayfs
       Package: fuse-overlayfs-1.14-1.el9.x86_64
         fuse-overlayfs: version 1.13-dev
     Backing Filesystem: overlayfs

   Note

   The following error might occur for existing workspaces: ERRO[0000] User-selected graph driver "overlay" overwritten by graph driver "vfs" from database - delete libpod local files ("/home/user/.local/share/containers/storage") to resolve. May prevent use of images created by other tools In this case, delete the libpod local files as mentioned in the error message.