You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the Issue
Some tasks are checking ansible_connection and ansible_virtualization_type to be docker. This fails in Podman containers.
Expected Behavior
The tasks not meant to work in container environments should be skipped in both Docker and Podman containers.
Both Docker and Podman should behave the same way, no hardcoding for one or the other.
Actual Behavior
Tasks that are not expected to work in containerized environments are failing. Mostly those related to kernel, drivers, filesystems, etc.
Environment (please complete the following information):
Ansible Version: 5.6.0
Host Python Version: 3.9.x
Ansible Server Python Version: 3.9.x
Using branch: tested with main, but the same code is in develop as well
Additional Details: not related to any runtime versions, it is the code of this role itself.
$ molecule --versionmolecule 3.6.1 using python 3.9 ansible:2.12.4 delegated:3.6.1 from molecule podman:2.0.0 from molecule_podman requiring collections: containers.podman>=1.7.0 ansible.posix>=1.3.0
$ pip show ansible | grep VersionVersion: 5.6.0
Additional Notes
The same problem applies to RHEL7-CIS role. Do you want me to create the same issue in there as well?
Possible Solution
Use rhel[7|8]cis_system_is_container variable only.
Consider auto-detecting a reasonable default value based on (some or all of) the following:
ansible_virtualization_tech_guest contains container (and docker or podman)
ansible_virtualization_type is docker or podman
lookup('env', 'container') is podman
/run/.containerenv or /.dockerenv exists, but probably already used to set ansible_virtualization_*
It should be OK to do this detection outside of this role just by passing the right value for *_is_container though.
We're doing the same with system_is_ec2 anyway...
The text was updated successfully, but these errors were encountered:
thanks to @ztmr
Describe the Issue
Some tasks are checking
ansible_connection
andansible_virtualization_type
to bedocker
. This fails in Podman containers.Expected Behavior
The tasks not meant to work in container environments should be skipped in both Docker and Podman containers.
Both Docker and Podman should behave the same way, no hardcoding for one or the other.
Actual Behavior
Tasks that are not expected to work in containerized environments are failing. Mostly those related to kernel, drivers, filesystems, etc.
Control(s) Affected
Environment (please complete the following information):
Additional Notes
The same problem applies to RHEL7-CIS role. Do you want me to create the same issue in there as well?
Possible Solution
Use
rhel[7|8]cis_system_is_container
variable only.Consider auto-detecting a reasonable default value based on (some or all of) the following:
ansible_virtualization_tech_guest
containscontainer
(anddocker
orpodman
)ansible_virtualization_type
isdocker
orpodman
lookup('env', 'container')
ispodman
/run/.containerenv
or/.dockerenv
exists, but probably already used to setansible_virtualization_*
It should be OK to do this detection outside of this role just by passing the right value for
*_is_container
though.We're doing the same with
system_is_ec2
anyway...The text was updated successfully, but these errors were encountered: