quadlet: Add a network requirement on .image and .containers units

[jbtrystram]

If a container unit starts on boot with a dependency on default.target
the image unit may start too soon, before network is ready. This cause
the unit to fail to pull the image.
Add a dependency on network-online.target to make sure image pulls
don't fail.

Does this PR introduce a user-facing change?

yes

Image oneshot units generated through quadlet will now have a dependency on `network-online.target`

Fixes #21873

[packit-as-a-service]

Cockpit tests failed for commit aa7b604. @martinpitt, @jelly, @mvollmer please check.

[packit-as-a-service]

Cockpit tests failed for commit d2d5b1e. @martinpitt, @jelly, @mvollmer please check.

[rhatdan]

LGTM
@ygalblum @alexlarsson @mheon PTAL

[ygalblum]

The specific code LGTM. But, it addresses only the .image files. Doesn't the same rational apply for .container and .kube files?

In addition, while the documentation states that setting After= will remove this dependency, there is no test to verify it. In order for it to work, Quadlet needs to make sure the keys set by the user are placed after the ones it sets on its own. While this might be the case now, without a test, there is no guaranty that this behavior does not break in the future.

[jbtrystram]

@ygalblum I am looking at adding another test to verify that After= removes the dependency, but I can't see any assertion helper to use, so I am trying to add one.

I started to add assert-key-is-last which would call UnitFile.LookupLast but then I need the key to have no arguments.
The assertion then would be assert-key-is-last-and-empty but then it becomes awfully specific !
Do you have any other idea ? It's my first contrib to podman so I don't know my way around the codebase :)

[ygalblum]

@jbtrystram how about assert-last-key-is-regex and pass ^$?

[jbtrystram]

@ygalblum neat suggestion, thanks !
I added that. I am having synchronisation issues when running make test locally though, let's see if the CI runs the test !

[packit-as-a-service]

Cockpit tests failed for commit 2b45a19. @martinpitt, @jelly, @mvollmer please check.

[packit-as-a-service]

Cockpit tests failed for commit c26db33. @martinpitt, @jelly, @mvollmer please check.

[dustymabe]

added a comment to the issue but linking it here:

#21873 (comment)

[rhatdan]

@jbtrystram What is going on with this PR?

[jbtrystram]

@rhatdan This is something i am working on my spare time and i hadn't had a lot of that lately, sorry.
I'll follow up soon

[packit-as-a-service]

Ephemeral COPR build failed. @containers/packit-build please check.

[jbtrystram]

@ygalblum I picked that up and fixed it. The quadlet.go code behave as expected, as quadlet --dryrun on unit-after-override.image gives :

---test.service---
## assert-last-key-is-regex "Unit" "After" "^$"

[Unit]
Wants=network-online.target
After=network-online.target
After=
SourcePath=/etc/containers/systemd/test.container
RequiresMountsFor=%t/containers

.....

However the test code with that assert-last-key-is-regex does not work yet. I'll keep working on it but still pushed, if you have some suggestions in the meanwhile i'll take them :)

I tried to add some debug statements in the test code but they're not printed when running make localintegration FOCUS_FILE=quadlet_test.go

[ygalblum]

Another two tests are failing since they already check the After key. The check assert-key-is expects all the values in the correct order. So you need to change the following:
test/e2e/quadlet/mount.container, line 13:

## assert-key-is "Unit" "After" "network-online.target" "vol2-volume.service"

test/e2e/quadlet/network.quadlet.container, line 3:

## assert-key-is "Unit" "After" "network-online.target" "basic-network.service"

[jbtrystram]

Thanks @ygalblum for the help.
I squashed the commits and rebased. The failing tests seem unrelated

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jbtrystram, ygalblum

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [ygalblum]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment