NOMAD-236 userns podman configuration option #212
Conversation
- add userns to task config - add parsing for userns config option - add the driver configuration, uncomment api portion - tests
acornies
changed the title
driver_test.go
Outdated
| // check userns mode configuration (single value) | ||
| func TestPodmanDriver_UsernsMode(t *testing.T) { | ||
| taskCfg := newTaskConfig("", busyboxLongRunningCmd) | ||
| taskCfg.UserNS = "host" | ||
| inspectData := startDestroyInspect(t, taskCfg, "userns") | ||
|
|
||
| require.Equal(t, "host", inspectData.HostConfig.UsernsMode) | ||
| } | ||
|
|
||
| // check userns mode configuration (parsed value) | ||
| func TestPodmanDriver_UsernsModeParsed(t *testing.T) { | ||
| taskCfg := newTaskConfig("", busyboxLongRunningCmd) | ||
| taskCfg.UserNS = "keep-id:uid=200,gid=210" | ||
| inspectData := startDestroyInspect(t, taskCfg, "userns") | ||
|
|
||
| require.Equal(t, "keep-id:uid=200,gid=210", inspectData.HostConfig.UsernsMode) | ||
| } |
There was a problem hiding this comment.
I'm not sure why the Github Action didn't run (it does this some times 😞), but I ran it locally and I think these need to run with Podman in rootless mode? The first test always returns an empty string:
--- FAIL: TestPodmanDriver_UsernsMode (6.28s)
driver_test.go:1494:
Error Trace: /Users/laoqui/go/src/github.com/hashicorp/nomad-driver-podman/driver_test.go:1494
Error: Not equal:
expected: "host"
actual : ""
Diff:
--- Expected
+++ Actual
@@ -1 +1 @@
-host
+
Test: TestPodmanDriver_UsernsMode
FAIL
FAIL github.com/hashicorp/nomad-driver-podman 6.313s
FAIL
The second test says the mode is not supported:
--- FAIL: TestPodmanDriver_UsernsModeParsed (4.11s)
driver_test.go:2253:
Error Trace: /Users/laoqui/go/src/github.com/hashicorp/nomad-driver-podman/driver_test.go:2253
/Users/laoqui/go/src/github.com/hashicorp/nomad-driver-podman/driver_test.go:1501
Error: Received unexpected error:
rpc error: code = Unknown desc = failed to start task, could not create container: cannot create container, status code: 500: {"cause":"keep-id is only supported in rootless mode","message":"keep-id is only supported in rootless mode","response":500}
Test: TestPodmanDriver_UsernsModeParsed
I think our tests run as root so we may need to skip these in CI.
There was a problem hiding this comment.
Part of the problem is I'm running a Macbook M1 so let me figure this out...
There was a problem hiding this comment.
Same 😅
I've been using Lima with this configuration, and so far it has been working well:
https://gist.github.com/lgfa29/f24eec7bb39f4bda28d7765bec8740cc#file-podman-yaml
I think you may need to run the tests as sudo.
Used suggested changes from Luis - clearer intention Co-authored-by: Luiz Aoqui <luiz@hashicorp.com>
- remove redundant mapping code to map NamespaceMode - Switch to SplitN usage to limit split operation
There was a problem hiding this comment.
Thanks for the updates @acornies. I fixed a CI issue and also set the tests to skip for now since our CI runs them in rootful mode and userns seems to be "" unless Podman is running in rootless mode.
Is there anything else missing before we merge this? 🙂
|
Thanks @lgfa29 you beat me to it (skipping the tests). I don't think there's anything else atm. It's an effort to iterate on additional config options that would be useful to podman users. The referenced internal issue has some other stuff that might be useful but those can happen in another PR. |
|
Cool, thanks! Feel free to open more PRs in the future as needed 😄 |
I haven't been able to run the tests locally, but I want to get a general sense on if this is the right approach or not.