Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Trace rootless #414

Merged
merged 2 commits into from
Mar 21, 2024
Merged

Trace rootless #414

merged 2 commits into from
Mar 21, 2024

Conversation

cgwalters
Copy link
Collaborator

This builds on #413

This will catch rootless podman cases even more reliably (assuming
we were invoked with --pid=host).

jeckersb and others added 2 commits March 21, 2024 16:11
@jeckersb
Correctly populate container environment rootless status
cf11ed2 
Previously this was just always None via Default.

Also updated trace logging to show the entire container_info struct.
All of those fields are potentially useful, not just engine.

Signed-off-by: John Eckersberg <jeckersb@redhat.com>
@cgwalters
install: Verify userns for /proc/1 early on
38480ce 
This will catch rootless podman cases even more reliably (assuming
we were invoked with `--pid=host`).

Signed-off-by: Colin Walters <walters@verbum.org>
@github-actions github-actions bot added the area/install Issues related to `bootc install` label Mar 21, 2024
jeckersb
jeckersb approved these changes Mar 21, 2024
View reviewed changes
Copy link
Contributor

@jeckersb jeckersb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sanity checked this catches the case I was seeing:

⬢[jeckersb@toolbox ~]$ env BOOTC_INSTALL_LOG=trace podman-bootc run quay.io/jeckersb/centos-bootc-jeckersb:latest
TRACE starting
TRACE Preparing install
TRACE Verified uid 0 with CAP_SYS_ADMIN
TRACE OK: we're not pid 1
ERROR Installing to disk: /proc/1 is owned by 65534, not zero; this command must be run in the root user namespace (e.g. not rootless podman)
Error: unable to install bootc image: failed to create disk image: failed to run bootc install

@cgwalters cgwalters marked this pull request as ready for review March 21, 2024 21:09
@jeckersb
Copy link
Contributor

Test failure looks like an AWS flake?

+ greenprint 'Install centos-stream-9 bootc system'
++ date -Isecond
+ echo -e '\033[1;32m[2024-03-21T16:59:17-04:00] Install centos-stream-9 bootc system\033[0m'
�[1;32m[2024-03-21T16:59:17-04:00] Install centos-stream-9 bootc system�[0m
+ ansible-playbook -v -i /tmp/tmp.JzrW00HDAJ/inventory -e test_image_url=quay.io/redhat_emp1/centos-bootc-dev-test:j8qu playbooks/install.yaml
[WARNING]: Found both group and host with same name: guest
Using /var/ARTIFACTS/work-awsz91uao0l/plans/install-upgrade/aws/discover/default-0/tests/tests/integration/playbooks/ansible.cfg as config file

PLAY [guest] *******************************************************************

TASK [Gathering Facts] *********************************************************
fatal: [guest]: UNREACHABLE! => changed=false 
  msg: |-
    Data could not be sent to remote host "3.231.155.52". Make sure this host can be reached over ssh: ssh: connect to host 3.231.155.52 port 22: Connection timed out
  unreachable: true

@cgwalters cgwalters merged commit 907b61a into containers:main Mar 21, 2024
15 checks passed
@cgwalters
Copy link
Collaborator Author

cgwalters commented Mar 22, 2024
edited
Loading

Test failure looks like an AWS flake?

Yeah, right now we aren't always gating on these, though we probably should. But...I would also like to change the testing framework to inject testing code into the OS image, instead of being ssh-push based as it is now. The former is much more in line with the philosophy here 😄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jeckersb jeckersb jeckersb approved these changes

Assignees
No one assigned
Labels
area/install Issues related to `bootc install`
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@cgwalters @jeckersb