podman search does not return results unless registry specified

[SuperFluffy]

/kind bug

Description

Running podman search returns nothing, even though three registries are configured.

Steps to reproduce the issue:

1. Configure /etc/containers/registries.conf in VERSION 2 format:

# /etc/containers/registries.conf
[[registry]]
location = "docker.io"

[[registry]]
location = "registry.fedoraproject.org"

[[registry]]
location = "registry.access.redhat.com"

2. Verify that the registries are detected:

$ podman info

[...]
registries:
  docker.io:
    Blocked: false
    Insecure: false
    Location: docker.io
    MirrorByDigestOnly: false
    Mirrors: null
    Prefix: docker.io
  registry.access.redhat.com:
    Blocked: false
    Insecure: false
    Location: registry.access.redhat.com
    MirrorByDigestOnly: false
    Mirrors: null
    Prefix: registry.access.redhat.com
  registry.fedoraproject.org:
    Blocked: false
    Insecure: false
    Location: registry.fedoraproject.org
    MirrorByDigestOnly: false
    Mirrors: null
    Prefix: registry.fedoraproject.org
[...]

3. Search for an image:

$ podman search httpd
# Nothing here

Search on a specific repository to verify that it can actually find something:

$ podman search --limit 3 docker.io/httpd
INDEX      NAME                               DESCRIPTION                                      STARS   OFFICIAL  AUTOMATED
docker.io  docker.io/library/httpd            The Apache HTTP Server Project                   3310    [OK]
docker.io  docker.io/centos/httpd-24-centos7  Platform for running Apache httpd 2.4 or bui...  36
docker.io  docker.io/manageiq/httpd           Container with httpd, built on CentOS for Ma...  0                 [OK]

Describe the results you received:

Empty result

Describe the results you expected:

Search results from all configured registries.

Additional information you deem important (e.g. issue happens only occasionally):

Podman is running rootless using cgroups v2.

Output of podman version:

podman version 2.2.1

Output of podman info --debug:

host:
  arch: amd64
  buildahVersion: 1.18.0
  cgroupManager: systemd
  cgroupVersion: v2
  conmon:
    package: Unknown
    path: /usr/bin/conmon
    version: 'conmon version 2.0.22, commit: 9c34a8663b85e479e0c083801e89a2b2835228ed'
  cpus: 16
  distribution:
    distribution: arch
    version: unknown
  eventLogger: journald
  hostname: blackie
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
  kernel: 5.10.4-arch2-1
  linkmode: dynamic
  memFree: 59803045888
  memTotal: 66795577344
  ociRuntime:
    name: crun
    package: Unknown
    path: /usr/bin/crun
    version: |-
      crun version 0.16
      commit: eb0145e5ad4d8207e84a327248af76663d4e50dd
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +YAJL
  os: linux
  remoteSocket:
    path: /run/user/1000/podman/podman.sock
  rootless: true
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: Unknown
    version: |-
      slirp4netns version 1.1.8
      commit: d361001f495417b880f20329121e3aa431a8f90f
      libslirp: 4.4.0
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.1
  swapFree: 0
  swapTotal: 0
  uptime: 3h 17m 32.39s (Approximately 0.12 days)
registries:
  docker.io:
    Blocked: false
    Insecure: false
    Location: docker.io
    MirrorByDigestOnly: false
    Mirrors: null
    Prefix: docker.io
  registry.access.redhat.com:
    Blocked: false
    Insecure: false
    Location: registry.access.redhat.com
    MirrorByDigestOnly: false
    Mirrors: null
    Prefix: registry.access.redhat.com
  registry.fedoraproject.org:
    Blocked: false
    Insecure: false
    Location: registry.fedoraproject.org
    MirrorByDigestOnly: false
    Mirrors: null
    Prefix: registry.fedoraproject.org
store:
  configFile: /home/janis/.config/containers/storage.conf
  containerStore:
    number: 0
    paused: 0
    running: 0
    stopped: 0
  graphDriverName: overlay
  graphOptions:
    overlay.mount_program:
      Executable: /usr/bin/fuse-overlayfs
      Package: Unknown
      Version: |-
        fusermount3 version: 3.10.1
        fuse-overlayfs: version 1.3
        FUSE library version 3.10.1
        using FUSE kernel interface version 7.31
  graphRoot: /home/janis/.local/share/containers/storage
  graphStatus:
    Backing Filesystem: extfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "false"
  imageStore:
    number: 0
  runRoot: /run/user/1000/containers
  volumePath: /home/janis/.local/share/containers/storage/volumes
version:
  APIVersion: 2.1.0
  Built: 1607464103
  BuiltTime: Tue Dec  8 22:48:23 2020
  GitCommit: a0d478edea7f775b7ce32f8eb1a01e75374486cb
  GoVersion: go1.15.6
  OsArch: linux/amd64
  Version: 2.2.1

Package info (e.g. output of rpm -q podman or apt list podman):

# archlinux
$ pacman -Si podman
Repository      : community
Name            : podman
Version         : 2.2.1-1
Description     : Tool and library for running OCI-based containers in pods
Architecture    : x86_64
URL             : https://github.com/containers/libpod
Licenses        : Apache
Groups          : None
Provides        : None
Depends On      : cni-plugins  conmon  containers-common  device-mapper  iptables  libseccomp  runc  slirp4netns  libsystemd  fuse-overlayfs  libgpgme.so=11-64
Optional Deps   : podman-docker: for Docker-compatible CLI
                  btrfs-progs: support btrfs backend devices
                  catatonit: --init flag support
                  crun: support for unified cgroupsv2
Conflicts With  : None
Replaces        : None
Download Size   : 19.57 MiB
Installed Size  : 79.09 MiB
Packager        : Morten Linderud <foxboron@archlinux.org>
Build Date      : Tue Dec 8 22:48:23 2020
Validated By    : MD5 Sum  SHA-256 Sum  Signature

Have you tested with the latest version of Podman and have you checked the Podman Troubleshooting Guide?

Yes

Additional environment details (AWS, VirtualBox, physical, etc.):

Physical machine running latest kernel:

$ uname -a
Linux 5.10.4-arch2-1 #1 SMP PREEMPT Fri, 01 Jan 2021 05:29:53 +0000 x86_64 GNU/Linux

[vrothberg]

Thanks for reaching out!

# /etc/containers/registries.conf
[[registry]]
location = "docker.io"

[[registry]]
location = "registry.fedoraproject.org"

[[registry]]
location = "registry.access.redhat.com"

The upper config isn't correct. You need to set it as follows:

unqualified-search-registries=["registry.access.redhat.com", "registry.fedoraproject.org", "docker.io"]

[SuperFluffy]

Wow, thanks, it works now. But that was not at all obvious to me... I have reread the comments in the default registries.conf, and it's a bit clearer now, but I am still scratching my head a bit..

[vrothberg]

I admit that the config can be quite complex. If you have suggestions to make it easer to digest, feel free to share. Any feedback is helpful :)

[Folaht]

Why 'unqualified-search-registries'?
It sounds like something a user shouldn't do and thus should never do any general search.
Also, if there are unqualified-search-registries, one can conclude there must be qualified-search-registries as well, which are naturally more preferable over unqualified ones, so one would search for them. I did.
And reading the containers-registries.conf(5) manual, it talks about a general podman pull being unsafe.
I get that, but I'm doing a podman search should result in receiving read-only data, not run executable files.
Does podman pull use podman search in it's code or something?

It's also not advertised as such in the podman.io documentation which shows general searches.

https://podman.io/getting-started/
https://docs.podman.io/en/latest/markdown/podman-search.1.html

[nycki93]

Agreed, the examples in the documentation should work with the default config.

[vrothberg]

Agreed, the examples in the documentation should work with the default config.

Which default config (on which distribution) are you referring to?

[vrothberg]

It's also not advertised as such in the podman.io documentation which shows general searches.

The search registries are mentioned in the first paragraph. If you have concrete suggestions to improve the docs, please let me know.

[Archsx]

Hi, I'm the one who is completely new to containers ( https://docs.podman.io/en/latest/ ) , and it gives a link to "https://docs.podman.io/en/latest/Introduction.html" , follow the post and get empty result. why not give a link to tutorials ?

[mheon]

Why are you posting on this issue? Documentation issues with podman.io can be reported against the podmai.io repo: github.com/containers/podman.io

[jcorbin]

Can confirm that this is still frustrating for a new user who's trying to follow the docs:

• tries to podman search (on latest arch linux after installing podman, and verifying I'm otherwise set for "rootless" mode
• gets no output
• googles why no output
• finds this github issue
• still left wandering what to do next... I guess I'll just put a docker.io in there since I wanted to finally try out "docker things" but would rather use podman...

But all I really want is a clear "Here, put THIS in your config to get started" rather than podman search leaving me hanging out of https://docs.podman.io/en/latest/Introduction.html ...

[vrothberg]

Does Arch not set any unqualified-search-registry in /etc/containers/registries.conf?

[jcorbin]

Nope, no lines in the config from containers-common were uncommented, so not just was there no unqaulified-search-registry, there weren't any registries defined at all.

At any rate, I was just trying to get rootless mode up and running, so putting the following into ~/.config/containers/registries.conf got me going:

unqualified-search-registries = ["docker.io"]

[[registry]]
location = "docker.io"

[vrothberg]

Thanks for confirming, @jcorbin!

I suggest reaching out to the Arch maintainers. unqualified-search-registries = ["docker.io"] should be the minimum setting for Podman to behave as Docker. Other distributions add more registries on top.

[TomSweeneyRedHat]

The podman.io repo received a new PR a day or two ago about this discussion/issue. Pasting the comment here for @rkiddy

Text from the Podman.io PR 262 :

Otherwise, to a neophyte user, the 'podman search' command returns nothing and seems broken.

See #8896

But why should it be necessary to find the issue. The suggestion in the bug was good. So, why not just throw a bone to the new user?