Skip to content

Trace rootless #414

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Mar 21, 2024
Merged

Trace rootless #414

merged 2 commits into from
Mar 21, 2024

Conversation

cgwalters
Copy link
Collaborator

This builds on #413

This will catch rootless podman cases even more reliably (assuming
we were invoked with --pid=host).

jeckersb and others added 2 commits March 21, 2024 16:11
@jeckersb
Correctly populate container environment rootless status
cf11ed2 
Previously this was just always None via Default.

Also updated trace logging to show the entire container_info struct.
All of those fields are potentially useful, not just engine.

Signed-off-by: John Eckersberg <jeckersb@redhat.com>
@cgwalters
install: Verify userns for /proc/1 early on
38480ce 
This will catch rootless podman cases even more reliably (assuming
we were invoked with `--pid=host`).

Signed-off-by: Colin Walters <walters@verbum.org>
@github-actions github-actions bot added the area/install Issues related to `bootc install` label Mar 21, 2024
jeckersb
jeckersb approved these changes Mar 21, 2024
View reviewed changes
Copy link
Collaborator

@jeckersb jeckersb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sanity checked this catches the case I was seeing:

⬢[jeckersb@toolbox ~]$ env BOOTC_INSTALL_LOG=trace podman-bootc run quay.io/jeckersb/centos-bootc-jeckersb:latest
TRACE starting
TRACE Preparing install
TRACE Verified uid 0 with CAP_SYS_ADMIN
TRACE OK: we're not pid 1
ERROR Installing to disk: /proc/1 is owned by 65534, not zero; this command must be run in the root user namespace (e.g. not rootless podman)
Error: unable to install bootc image: failed to create disk image: failed to run bootc install

@cgwalters cgwalters marked this pull request as ready for review March 21, 2024 21:09
@cgwalters cgwalters enabled auto-merge March 21, 2024 21:09
@jeckersb
Copy link
Collaborator

Test failure looks like an AWS flake?

+ greenprint 'Install centos-stream-9 bootc system'
++ date -Isecond
+ echo -e '\033[1;32m[2024-03-21T16:59:17-04:00] Install centos-stream-9 bootc system\033[0m'
�[1;32m[2024-03-21T16:59:17-04:00] Install centos-stream-9 bootc system�[0m
+ ansible-playbook -v -i /tmp/tmp.JzrW00HDAJ/inventory -e test_image_url=quay.io/redhat_emp1/centos-bootc-dev-test:j8qu playbooks/install.yaml
[WARNING]: Found both group and host with same name: guest
Using /var/ARTIFACTS/work-awsz91uao0l/plans/install-upgrade/aws/discover/default-0/tests/tests/integration/playbooks/ansible.cfg as config file

PLAY [guest] *******************************************************************

TASK [Gathering Facts] *********************************************************
fatal: [guest]: UNREACHABLE! => changed=false 
  msg: |-
    Data could not be sent to remote host "3.231.155.52". Make sure this host can be reached over ssh: ssh: connect to host 3.231.155.52 port 22: Connection timed out
  unreachable: true

@cgwalters cgwalters merged commit 907b61a into bootc-dev:main Mar 21, 2024
@cgwalters
Copy link
Collaborator Author

cgwalters commented Mar 22, 2024
edited
Loading

Test failure looks like an AWS flake?

Yeah, right now we aren't always gating on these, though we probably should. But...I would also like to change the testing framework to inject testing code into the OS image, instead of being ssh-push based as it is now. The former is much more in line with the philosophy here 😄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jeckersb jeckersb jeckersb approved these changes

Assignees

No one assigned

Labels

area/install Issues related to `bootc install`

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@cgwalters @jeckersb