Alfresco platform is built using containerization technology. Alfresco can utilize containerization platforms like Docker, which provide the necessary tools and infrastructure to create, manage, and run containers.

Alfresco Community Docker Images are built with Docker and published in Docker Hub Registry. ACS platform includes a set of containers that are deployed together to provide Content Services.

Docker Images are produced and used in Alfresco development in several ways:

• Extending default Alfresco Docker Images using docker build command
• Producing Alfresco Docker Images using Maven projects (like acs-community-packaging or Alfresco Maven SDK) using plugins like docker-maven-plugin
• Running Docker Compose templates for development or testing purposes

In addition to the use of Docker products, this blog post explores the alternative to use Podman for containers management.

Docker alternatives (some)

Despite there are many alternatives to manage containers, the most used products are Podman (by Red Hat) and Rancher (by SUSE). Both products are using QEMU for virtualization purposes and both products are Open Source projects licensed with Apache License 2.0.

Podman includes a set of tools to perform different containers operations:

• Buildah can be used to create and modify container images using a Dockerfile-like syntax
• Skopeo allows users to inspect, copy, and manage container images in various formats and registries
• Podman serves as a container runtime, providing the ability to run and manage containers and pods without a daemon
• QEMU assists in executing containers across different architectures by providing hardware emulation and virtualization capabilities

Alternatively, by combining Rancher container management capabilities with Lima lightweight virtualization and QEMU hardware emulation, container clusters can be run across different architectures and environments.

Both products can be integrated with Alfresco development workflow, despite we're exploring only Podman alternative in this blog post.

Some technical differences between Podman and Docker

Docker and Podman are used to download pre-built Container Images from a Registry, to build locally Container Images and to run Containers inside a Container Runtime enviroment.

However, they differ in some key aspects:

• Architecture: Docker relies on a client-server architecture, where the Docker daemon (dockerd) runs as a background service and manages container operations. The Docker CLI interacts with the daemon to build, run, and manage containers. In contrast, Podman operates without a daemon. It uses a daemonless architecture, where container operations are performed directly through the Podman CLI. This makes Podman more lightweight and eliminates the need for a separate daemon process.
• Rootless Containers: Podman provides built-in support for running containers as non-root users, commonly referred to as "rootless containers". This means that users can run containers without requiring root privileges. Docker, on the other hand, traditionally requires root privileges to execute container operations.
• Compatibility: Docker has been around longer and has a more extensive ecosystem and community support. It has a large number of pre-built images available on Docker Hub, making it convenient for users to find and use existing container images. Podman aims to be compatible with the Docker CLI, allowing users to transition from Docker to Podman seamlessly. Podman can run existing Docker images and uses the same Dockerfile format for building images, making it relatively easy to migrate existing Docker workflows to Podman.
• User Namespace: Podman utilizes user namespaces, a Linux kernel feature, to enhance security and isolate container operations within the user session. Each container runs with a unique user and process namespace, providing an additional layer of security. Docker, on the other hand, primarily relies on Linux cgroups and namespaces for resource isolation but does not make use of user namespaces by default.
• Networking: Docker typically creates its own virtual network interface called docker0 to enable communication between containers and the host. In Podman, by default, containers share the network namespace with the host system, meaning they use the host's network interface directly.
• Performance: Docker may have a slight advantage in startup time due to its client-server architecture (that can keep the runtime components preloaded), the overall performance differences between Docker and Podman are typically minimal

Since we are evaluating the use of Podman only for Alfresco development purposes, these differences don't impact much in the common workflow.

Installing Podman on Mac

Follow official documentation to install Podman in Windows or some Linux distribution.

For Mac, Podman is provided through Homebrew. Once you have set up brew, you can use the brew install command to install Podman products.

1. Install podman (as replacement of docker command)

$ brew install podman

2. Create podman machine with 5 CPUs and 16 GB of RAM

 $ podman machine init --cpus 5 --memory=16384
 $ podman machine start
 $ podman machine ls
 NAME                     VM TYPE     CPUS        MEMORY
 podman-machine-default*  qemu        5          17.18GB

3. Install podman-compose (as replacement of docker compose)

$ brew install podman-compose

4. Install podman-desktop (as replacement of Docker Desktop app)

$ brew install podman-desktop

5. Since Podman provides a command line interface similar to that of Docker, some aliases can be defined to ensure the compatibility with scripting files and other existing resources.

$ vi ~/.zshrc
 alias docker=podman
 alias docker-compose=podman-compose

$ source ~/.zshrc

Testing Podman features

Let's create a simple extension for alfresco-search-services container that enables cross locale indexing to test the building process.

$ cat Dockerfile
FROM alfresco/alfresco-search-services:2.0.7
RUN sed -i '/^bash.*/i sed -i "'"/alfresco.cross.locale.datatype/s/^#//g"'" $DIST_DIR/solrhome/conf/shared.properties\n' \
    ${DIST_DIR}/solr/bin/search_config_setup.sh;

Building command is equivalent to docker one and it's working as expected.

$ docker build . -t podman-search:2.0.7
Successfully tagged localhost/podman-search:2.0.7

$ docker image ls podman-search
localhost/podman-search    2.0.7    b36544bbcf8a

Creating an Alfresco Docker Compose template can be done using the Alfresco Docker Installer command.

$ yo alfresco-docker-installer

? Which ACS version do you want to use? 7.4
? Do you want to deploy Alfresco in ARCH64 computer (like Apple Silicon)? No
? How may GB RAM are available for Alfresco (16 is minimum required)? 16
? Do you want to use HTTPs for Web Proxy? No
? What is the name of your server? localhost
? Choose the password for your admin user admin
? What HTTP port do you want to use (all the services are using the same port)? 8080
? Do you want to use FTP (port 2121)? No
? Do you want to use MariaDB instead of PostgreSQL? No
? Are you using different languages (this is the most common scenario)? Yes
? Do you want to search in the content of the documents? Yes
? Would you like to use Shared Secret or HTTPs for Alfresco-SOLR communication? secret
? Do you want to use the Events service (ActiveMQ)? No
? Do you want to create an internal SMTP server? No
? Do you want to create an internal LDAP server? No
? Select the addons to be installed:
? Are you using a Windows host to run Docker? Yes
? Do you want to use a start script? No
? Do you want to get the script to create host volumes? No

Once Docker Compose is ready, starting ACS platform can be achieved using default docker command.

$ docker-compose up --build --force-recreate

Podman Desktop, in the same way Docker Desktop does, provides access to container resources (like images, containers and volumes).

When using AARCH64 processors (like Apple Silicon), Docker Desktop adds an orange label to AMD64 containers. That makes easier to identify Docker Images that need to be re-built or that may be working wrong. Despite Podman Desktop doesn't provide this option, using the Container Terminal allows to check container architecture.

Building Container Images for AARCH64 with Podman

Since Podman and Docker don't share the Local Container Registry, it's required to build AARCH64 Images by using podman. The project Alfresco Dockerx Builder provides a command line tool to build Alfresco AARCH64 Images and supports the use of podman to build these images. Just add the podman argument to store the image on the Local Container Registry for Podman.

$ ./buildx.sh podman search 2.0.7

$ docker image ls alfresco-search-services
localhost/alfresco/alfresco-search-services    2.0.7    3072cb241cca

Final remarks

From the experience adquired in this simple test, both Docker and Podman can be used effectively for Alfresco development. So consider your familiarity with the tools, preferred workflow, ecosystem support, security requirements, and any specific performance considerations to make the best choice for your Alfresco development needs.

Video recording

Additional details and live demo are available in this video recording.