Support running inside Toolbx containers #3370
Conversation
|
Please place an 'X' inside each '[]' to confirm you adhere to our Contributor Guidelines
|
|
Congratulations! One of the builds has completed. 🍾 You can install the built RPMs by following these steps:
Please note that the RPMs should be used only in a testing environment. |
|
I made sure that I don't know what to do about that. |
|
Just an initial comment here, not necessarily reflective of the code change in the PR at this point: we can add support for toolbox/toolbx, but it has to conform to two major points:
For reference, on RHEL the recommendation is (or at least what the recommendation was as of June/July) to use the Outside of all this, we can certainly look at renaming the env var we look at, and have a period of transition support before ultimately dropping the use of |
|
The It's what we were asked to check for at the time (for the Red Hat support-tools container). We would have preferred something like If that's changed since and there's some better variable to check for then it'd be fine to update to that, but as @TurboTurtle says we need to maintain compatibility for existing environments. |
|
@TurboTurtle @bmr-cymru Thanks for the review and the historical context.
I didn't get this part. Does it break existing containers? Only Toolbx containers can have
All I know is that people who are trying to use I am just the Toolbx maintainer who is pushing back against requests to have the To me, the best option is to teach I think it will be best if you discuss what the end result should be with folks like @control-d who actually use or want to use |
Currently, if 'sos report' is run inside a rootful Toolbx [1] container
with the HOST environment variable set, it creates the report inside the
host operating system's /var/tmp, which is at $HOST/var/tmp inside the
container:
# toolbox enter
⬢# HOST=/run/host sos report
...
Your sosreport has been generated and saved in:
/run/host/var/tmp/sosreport-toolbox-2023-10-01-trpwqii.tar.xz
...
However, if it's run as 'sudo sos report' inside a rootless Toolbx
container with the HOST environment variable set, it creates the report
inside the container's /var/tmp:
$ toolbox enter
⬢$ sudo su -
⬢# HOST=/run/host sos report
...
Your sosreport has been generated and saved in:
/var/tmp/sosreport-toolbox-2023-10-01-nwjqcff.tar.xz
...
Toolbx [1] containers are ultimately Podman containers that are designed
to be used as interactive command line environments for development and
troubleshooting the host operating system. So, one can replicate the
above with a podman(1) invocation as well.
This happens because the 'container' environment variable isn't set
inside the sudo(8) session. Instead of relying on environment
variables, which often go missing in unexpected ways, it will be better
to check for the /run/.containerenv and /.dockerenv stamp files that
identify Podman and Docker containers respectively.
[1] https://containertoolbx.org/
https://github.com/containers/toolbox
Resolves: sosreport#3370
Signed-off-by: Debarshi Ray <debarshir@gnome.org>
Toolbx [1] containers are Podman containers that are designed to be used as interactive command line environments for development and troubleshooting the host operating system. Currently, those trying to use them for troubleshooting with 'sos report' have been setting the HOST environment variable inside their containers. It will improve the troubleshooting experience if sos(1) could detect that it's running inside a Toolbx container and automatically configure itself to do the right thing. Toolbx containers can be distinguished from other Podman containers by the presence of the /run/.toolboxenv file. [1] https://containertoolbx.org/ https://github.com/containers/toolbox Resolves: sosreport#3370 Signed-off-by: Debarshi Ray <debarshir@gnome.org>
debarshiray
force-pushed
the
wip/rishi/toolbx
branch
from
471e3f5
to
9c91fcc
Compare
|
Updated the branch to fix a single-double quote mix-up. |
|
Ping @control-d @travier |
No, I wasn't saying this patch breaks it - just a general thinking-out-loud that we would want to support both
Ack, and agreed there should be a better-named env var here. But as Bryn mentioned above our hands were a bit tied at the initial implementation.
Ack, sure. Ideally in my mind what we have is a situation where a user does not need to do anything special themselves to get a toolbx container running sos to collect from the host, but can optionally do something to cause sos to collect from within the container. We do that today for support-tools via the RUN label on the image, i.e. |
Toolbx containers are Podman containers that are designed to be used as interactive command line environments for development and troubleshooting the host operating system. Therefore, a well working
sos(1)will improve the troubleshooting experience inside these containers.Currently, those trying to use Toolbx containers for troubleshooting with
sos reporthave been setting theHOSTenvironment variable inside their containers.The problem with doing that is that
HOSTis a very generic name without any namespacing. Not every user is going to usesos report, and it can easily conflict with a variable of the same name being used for a different purpose. This is similar to theNAMEandVERSIONenvironment variables that used to be set inside Toolbx containers due to outdated or wrong information in Fedora's container guidelines. They were a constant source of complaints and were recently fixed. The same logic applies toHOST.Note that there is an ongoing effort to change the implementation of the
toolboxRPM in various Red Hat products from github.com/coreos/toolbox to github.com/containers/toolbox or Toolbx. The latter was inspired by the former, and is the more widely used of the two. eg., Toolbx is installed by default on Fedora CoreOS, Silverblue and Workstation.So far, this change has been made in Red Hat Enterprise Linux 8.5 onwards, but not in other products like Red Hat OpenShift Container Platform.