search

containers / ansible-podman-collections

Repository for Ansible content that can include playbooks, roles, modules, and plugins for use with the Podman tool
GNU General Public License v3.0
268 stars 147 forks source link

Using slirp4nets options breaks idempotency for pods #367

Closed lolllpop closed 2 years ago

lolllpop commented 2 years ago

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

Using slirp4nets for pods is braking idempotency. This is similar to #184, which was about slirp4nets for containers only.

Steps to reproduce the issue:

  1. Create pod using podman_pod and supply network mode with additional options

  2. Create container belonging to that pod using podman_container

  3. Rerun playbook without changing any parameters

Describe the results you received:

Pod and container are recreated. Ansible-playbook shows result of both tasks as 'changed'. Diff of pod contains the network options. There is no diff for the container.

Describe the results you expected:

Pod and container are not recreated. Ansible-playbook shows both tasks as 'ok'

Additional information you deem important (e.g. issue happens only occasionally):

Version of the containers.podman collection:

containers.podman 1.9.1

Output of ansible --version:

ansible [core 2.11.6]
  config file = /home/xxx/.ansible.cfg
  configured module search path = ['/home/xxx/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python3.9/site-packages/ansible
  ansible collection location = /home/xxx/.ansible/collections:/usr/share/ansible/collections
  executable location = /usr/lib/python-exec/python3.9/ansible
  python version = 3.9.9 (main, Dec 26 2021, 14:11:00) [GCC 11.2.0]
  jinja version = 3.0.3
  libyaml = True

Output of podman version:

Version:      3.4.4
API Version:  3.4.4
Go Version:   go1.17.5
Built:        Sun Dec 26 15:45:44 2021
OS/Arch:      linux/amd64

Output of podman info --debug:

host:
  arch: amd64
  buildahVersion: 1.23.1
  cgroupControllers:
  - memory
  - pids
  cgroupManager: cgroupfs
  cgroupVersion: v2
  conmon:
    package: app-containers/conmon-2.0.31
    path: /usr/libexec/podman/conmon
    version: 'conmon version 2.0.31, commit: v2.0.31'
  cpus: 2
  distribution:
    distribution: gentoo
    version: unknown
  eventLogger: file
  hostname: hactar
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 100
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    - container_id: 65537
      host_id: 100000001
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1000
      size: 1
    - container_id: 1
      host_id: 100000
      size: 65536
    - container_id: 65537
      host_id: 100000001
      size: 65536
  kernel: 5.15.11-gentoo
  linkmode: dynamic
  logDriver: k8s-file
  memFree: 452833280
  memTotal: 1547505664
  ociRuntime:
    name: crun
    package: app-containers/crun-1.3
    path: /usr/bin/crun
    version: |-
      crun version 1.3
      commit: 4f6c8e0583c679bfee6a899c05ac6b916022561b
      spec: 1.0.0
      +SYSTEMD +SELINUX +APPARMOR +CAP +SECCOMP +EBPF +YAJL
  os: linux
  remoteSocket:
    path: /run/user/1000/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_AUDIT_WRITE,CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_MKNOD,CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,C
AP_SETUID,CAP_SYS_CHROOT
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: false
  serviceIsRemote: false
  slirp4netns:
    executable: /usr/bin/slirp4netns
    package: app-containers/slirp4netns-1.1.12
    version: |-
      slirp4netns version 1.1.12
      commit: 7a104a101aa3278a2152351a082a6df71f57c9a3
      libslirp: 4.6.1
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.1
  swapFree: 921694208
  swapTotal: 921694208
  uptime: 245h 53m 5.09s (Approximately 10.21 days)
plugins:
  log:
  - k8s-file
  - none
  network:
  - bridge
  - macvlan
  volume:
  - local
registries:
  search:
  - docker.io
  - quay.io
  - registry.fedoraproject.org
store:
  configFile: /home/xxx/.config/containers/storage.conf
  containerStore:
    number: 1
    paused: 0
    running: 0
    stopped: 1
  graphDriverName: overlay
  graphOptions:
    overlay.mount_program:
      Executable: /usr/bin/fuse-overlayfs
      Package: sys-fs/fuse-overlayfs-1.8
      Version: |-
        fusermount3 version: 3.10.5
        fuse-overlayfs: version 1.8
        FUSE library version 3.10.5
        using FUSE kernel interface version 7.31
  graphRoot: /home/xxx/.local/share/containers/storage
  graphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "false"
    Supports d_type: "true"
    Using metacopy: "false"
  imageStore:
    number: 2
  runRoot: /run/user/1000/containers
  volumePath: /home/xxx/.local/share/containers/storage/volumes
version:
  APIVersion: 3.4.4
  Built: 1640529944
  BuiltTime: Sun Dec 26 15:45:44 2021
  GitCommit: ""
  GoVersion: go1.17.5
  OsArch: linux/amd64
  Version: 3.4.4

Package info (e.g. output of rpm -q podman or apt list podman):

[I] app-containers/podman
     Available versions:  3.4.1^st{tbz2} 3.4.4^st{tbz2} {apparmor btrfs +fuse +rootless selinux}
     Installed versions:  3.4.4^st{tbz2}(03:47:09 PM 12/26/2021)(fuse rootless -apparmor -btrfs -selinux)

Playbok you run with ansible (e.g. content of playbook.yaml):

---
- hosts: zaphod
  tasks:
    - name: Create pod
      containers.podman.podman_pod:
        name: network-pod
        network: slirp4netns:outbound_addr=10.10.10.46
      diff: true
    - name: Create container
      containers.podman.podman_container:
        pod: network-pod
        name: network-test
        image: alpine
        command: sleep 3600
      diff: true

Command line and output of ansible run with high verbosity

TASK [Create pod] *********************************************************************************************************************************************************
task path: /home/xxx/ansible/test_p.yml:5
--- before
+++ after
@@ -1 +1 @@
-network - []
+network - ['slirp4netns:outbound_addr=10.10.10.46']

changed: [zaphod] => {"actions": ["recreated network-pod"], "changed": true, "pod": {"CgroupParent": "/libpod_parent", "CgroupPath": "/libpod_parent/f4cd9c23dbdfd58c9e9b2c7fa35eb73a2dbfb6e2ab1197cdd903ece611317c24", "Containers": [{"Id": "d23be0ca76e8be4bb3d3b969a814e6080c83531b9a32a323164d03ebd9f149a1", "Name": "f4cd9c23dbdf-infra", "State": "configured"}], "CreateCgroup": true, "CreateCommand": ["podman", "pod", "create", "--name", "network-pod", "--network", "slirp4netns:outbound_addr=10.10.10.46"], "CreateInfra": true, "Created": "2022-01-14T17:47:06.385328683+01:00", "Hostname": "", "Id": "f4cd9c23dbdfd58c9e9b2c7fa35eb73a2dbfb6e2ab1197cdd903ece611317c24", "InfraConfig": {"DNSOption": null, "DNSSearch": null, "DNSServer": null, "HostAdd": null, "HostNetwork": true, "NetworkOptions": {"slirp4netns": ["outbound_addr=10.10.10.46"]}, "Networks": null, "NoManageHosts": false, "NoManageResolvConf": false, "PortBindings": {}, "StaticIP": "", "StaticMAC": "", "pid_ns": "private", "userns": "host"}, "InfraContainerID": "d23be0ca76e8be4bb3d3b969a814e6080c83531b9a32a323164d03ebd9f149a1", "Name": "network-pod", "NumContainers": 1, "SharedNamespaces": ["ipc", "net", "uts"], "State": "Created"}, "podman_actions": ["podman pod rm -f network-pod", "podman pod create --name network-pod --network slirp4netns:outbound_addr=10.10.10.46"], "podman_systemd": {"pod-network-pod": "# pod-network-pod.service\n# autogenerated by Podman 3.4.4\n# Fri Jan 14 17:47:06 CET 2022\n\n[Unit]\nDescription=Podman pod-network-pod.service\nDocumentation=man:podman-generate-systemd(1)\nWants=network-online.target\nAfter=network-online.target\nRequiresMountsFor=\nRequires=\nBefore=\n\n[Service]\nEnvironment=PODMAN_SYSTEMD_UNIT=%n\nRestart=on-failure\nTimeoutStopSec=70\nExecStart=/usr/bin/podman start f4cd9c23dbdf-infra\nExecStop=/usr/bin/podman stop -t 10 f4cd9c23dbdf-infra\nExecStopPost=/usr/bin/podman stop -t 10 f4cd9c23dbdf-infra\nPIDFile=/var/run/containers/storage/overlay-containers/d23be0ca76e8be4bb3d3b969a814e6080c83531b9a32a323164d03ebd9f149a1/userdata/conmon.pid\nType=forking\n\n[Install]\nWantedBy=default.target\n"}, "stderr": "", "stderr_lines": [], "stdout": "f4cd9c23dbdfd58c9e9b2c7fa35eb73a2dbfb6e2ab1197cdd903ece611317c24\n", "stdout_lines": ["f4cd9c23dbdfd58c9e9b2c7fa35eb73a2dbfb6e2ab1197cdd903ece611317c24"]}

TASK [Create container] ***************************************************************************************************************************************************
task path: /home/xxx/ansible/test_p.yml:10
changed: [zaphod] => {"actions": ["started network-test"], "changed": true, "container": {"AppArmorProfile": "", "Args": ["3600"], "BoundingCaps": ["CAP_AUDIT_WRITE", "CAP_CHOWN", "CAP_DAC_OVERRIDE", "CAP_FOWNER", "CAP_FSETID", "CAP_KILL", "CAP_MKNOD", "CAP_NET_BIND_SERVICE", "CAP_NET_RAW", "CAP_SETFCAP", "CAP_SETGID", "CAP_SETPCAP", "CAP_SETUID", "CAP_SYS_CHROOT"], "Config": {"Annotations": {"io.container.manager": "libpod", "io.kubernetes.cri-o.ContainerType": "container", "io.kubernetes.cri-o.Created": "2022-01-14T17:47:07.711766034+01:00", "io.kubernetes.cri-o.SandboxID": "network-pod", "io.kubernetes.cri-o.TTY": "false", "io.podman.annotations.autoremove": "FALSE", "io.podman.annotations.init": "FALSE", "io.podman.annotations.privileged": "FALSE", "io.podman.annotations.publish-all": "FALSE", "org.opencontainers.image.stopSignal": "15"}, "AttachStderr": false, "AttachStdin": false, "AttachStdout": false, "Cmd": ["sleep", "3600"], "CreateCommand": ["podman", "container", "run", "--name", "network-test", "--pod", "network-pod", "--detach=True", "alpine", "sleep", "3600"], "Domainname": "", "Entrypoint": "", "Env": ["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "TERM=xterm", "container=podman", "HOME=/root", "HOSTNAME=network-pod"], "Hostname": "74c80a6607bc", "Image": "docker.io/library/alpine:latest", "Labels": null, "OnBuild": null, "OpenStdin": false, "StdinOnce": false, "StopSignal": 15, "StopTimeout": 10, "Timeout": 0, "Tty": false, "Umask": "0022", "User": "", "Volumes": null, "WorkingDir": "/"}, "ConmonPidFile": "/var/run/containers/storage/overlay-containers/74c80a6607bc28b33e681c3019001b3b2b98f2e31ead68add8a4e755077bf379/userdata/conmon.pid", "Created": "2022-01-14T17:47:07.711766034+01:00", "Dependencies": ["d23be0ca76e8be4bb3d3b969a814e6080c83531b9a32a323164d03ebd9f149a1"], "Driver": "overlay", "EffectiveCaps": ["CAP_AUDIT_WRITE", "CAP_CHOWN", "CAP_DAC_OVERRIDE", "CAP_FOWNER", "CAP_FSETID", "CAP_KILL", "CAP_MKNOD", "CAP_NET_BIND_SERVICE", "CAP_NET_RAW", "CAP_SETFCAP", "CAP_SETGID", "CAP_SETPCAP", "CAP_SETUID", "CAP_SYS_CHROOT"], "ExecIDs": [], "ExitCommand": ["/usr/bin/podman", "--root", "/var/lib/containers/storage", "--runroot", "/var/run/containers/storage", "--log-level", "warning", "--cgroup-manager", "cgroupfs", "--tmpdir", "/var/run/libpod", "--runtime", "crun", "--events-backend", "file", "container", "cleanup", "74c80a6607bc28b33e681c3019001b3b2b98f2e31ead68add8a4e755077bf379"], "GraphDriver": {"Data": {"LowerDir": "/var/lib/containers/storage/overlay/e2eb06d8af8218cfec8210147357a68b7e13f7c485b991c288c2d01dc228bb68/diff", "MergedDir": "/var/lib/containers/storage/overlay/07459c2b84c2b27956e022e6b71a1a412c9881aa77159c686be9d9eedbacb9de/merged", "UpperDir": "/var/lib/containers/storage/overlay/07459c2b84c2b27956e022e6b71a1a412c9881aa77159c686be9d9eedbacb9de/diff", "WorkDir": "/var/lib/containers/storage/overlay/07459c2b84c2b27956e022e6b71a1a412c9881aa77159c686be9d9eedbacb9de/work"}, "Name": "overlay"}, "HostConfig": {"AutoRemove": false, "Binds": [], "BlkioDeviceReadBps": null, "BlkioDeviceReadIOps": null, "BlkioDeviceWriteBps": null, "BlkioDeviceWriteIOps": null, "BlkioWeight": 0, "BlkioWeightDevice": null, "CapAdd": [], "CapDrop": [], "Cgroup": "", "CgroupConf": null, "CgroupManager": "cgroupfs", "CgroupMode": "private", "CgroupParent": "/libpod_parent/f4cd9c23dbdfd58c9e9b2c7fa35eb73a2dbfb6e2ab1197cdd903ece611317c24", "Cgroups": "default", "ConsoleSize": [0, 0], "ContainerIDFile": "", "CpuCount": 0, "CpuPercent": 0, "CpuPeriod": 0, "CpuQuota": 0, "CpuRealtimePeriod": 0, "CpuRealtimeRuntime": 0, "CpuShares": 0, "CpusetCpus": "", "CpusetMems": "", "Devices": [], "DiskQuota": 0, "Dns": [], "DnsOptions": [], "DnsSearch": [], "ExtraHosts": [], "GroupAdd": [], "IOMaximumBandwidth": 0, "IOMaximumIOps": 0, "IpcMode": "container:d23be0ca76e8be4bb3d3b969a814e6080c83531b9a32a323164d03ebd9f149a1", "Isolation": "", "KernelMemory": 0, "Links": null, "LogConfig": {"Config": null, "Path": "/var/lib/containers/storage/overlay-containers/74c80a6607bc28b33e681c3019001b3b2b98f2e31ead68add8a4e755077bf379/userdata/ctr.log", "Size": "0B", "Tag": "", "Type": "k8s-file"}, "Memory": 0, "MemoryReservation": 0, "MemorySwap": 0, "MemorySwappiness": 0, "NanoCpus": 0, "NetworkMode": "container:d23be0ca76e8be4bb3d3b969a814e6080c83531b9a32a323164d03ebd9f149a1", "OomKillDisable": false, "OomScoreAdj": 0, "PidMode": "private", "PidsLimit": 2048, "PortBindings": {}, "Privileged": false, "PublishAllPorts": false, "ReadonlyRootfs": false, "RestartPolicy": {"MaximumRetryCount": 0, "Name": ""}, "Runtime": "oci", "SecurityOpt": [], "ShmSize": 65536000, "Tmpfs": {}, "UTSMode": "container:d23be0ca76e8be4bb3d3b969a814e6080c83531b9a32a323164d03ebd9f149a1", "Ulimits": [{"Hard": 1048576, "Name": "RLIMIT_NOFILE", "Soft": 1048576}, {"Hard": 4194304, "Name": "RLIMIT_NPROC", "Soft": 4194304}], "UsernsMode": "", "VolumeDriver": "", "VolumesFrom": null}, "HostnamePath": "/var/run/containers/storage/overlay-containers/74c80a6607bc28b33e681c3019001b3b2b98f2e31ead68add8a4e755077bf379/userdata/hostname", "HostsPath": "/var/run/containers/storage/overlay-containers/d23be0ca76e8be4bb3d3b969a814e6080c83531b9a32a323164d03ebd9f149a1/userdata/hosts", "Id": "74c80a6607bc28b33e681c3019001b3b2b98f2e31ead68add8a4e755077bf379", "Image": "14119a10abf4669e8cdbdff324a9f9605d99697215a0d21c360fe8dfa8471bab", "ImageName": "docker.io/library/alpine:latest", "IsInfra": false, "MountLabel": "", "Mounts": [], "Name": "network-test", "Namespace": "", "NetworkSettings": {"Bridge": "", "EndpointID": "", "Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "HairpinMode": false, "IPAddress": "", "IPPrefixLen": 0, "IPv6Gateway": "", "LinkLocalIPv6Address": "", "LinkLocalIPv6PrefixLen": 0, "MacAddress": "", "Ports": {}, "SandboxID": "", "SandboxKey": "/run/netns/cni-6e04f6ec-693b-9b7a-e4c3-a346d685c7c0"}, "OCIConfigPath": "/var/lib/containers/storage/overlay-containers/74c80a6607bc28b33e681c3019001b3b2b98f2e31ead68add8a4e755077bf379/userdata/config.json", "OCIRuntime": "crun", "Path": "sleep", "PidFile": "/var/run/containers/storage/overlay-containers/74c80a6607bc28b33e681c3019001b3b2b98f2e31ead68add8a4e755077bf379/userdata/pidfile", "Pod": "f4cd9c23dbdfd58c9e9b2c7fa35eb73a2dbfb6e2ab1197cdd903ece611317c24", "ProcessLabel": "", "ResolvConfPath": "/var/run/containers/storage/overlay-containers/d23be0ca76e8be4bb3d3b969a814e6080c83531b9a32a323164d03ebd9f149a1/userdata/resolv.conf", "RestartCount": 0, "Rootfs": "", "State": {"CgroupPath": "/libpod_parent/f4cd9c23dbdfd58c9e9b2c7fa35eb73a2dbfb6e2ab1197cdd903ece611317c24/libpod-74c80a6607bc28b33e681c3019001b3b2b98f2e31ead68add8a4e755077bf379", "ConmonPid": 213126, "Dead": false, "Error": "", "ExitCode": 0, "FinishedAt": "0001-01-01T00:00:00Z", "Healthcheck": {"FailingStreak": 0, "Log": null, "Status": ""}, "OOMKilled": false, "OciVersion": "1.0.2-dev", "Paused": false, "Pid": 213129, "Restarting": false, "Running": true, "StartedAt": "2022-01-14T17:47:08.240229626+01:00", "Status": "running"}, "StaticDir": "/var/lib/containers/storage/overlay-containers/74c80a6607bc28b33e681c3019001b3b2b98f2e31ead68add8a4e755077bf379/userdata"}, "podman_actions": ["podman run --name network-test --pod network-pod --detach=True alpine sleep 3600"], "podman_systemd": {"container-network-test": "# container-network-test.service\n# autogenerated by Podman 3.4.4\n# Fri Jan 14 17:47:08 CET 2022\n\n[Unit]\nDescription=Podman container-network-test.service\nDocumentation=man:podman-generate-systemd(1)\nWants=network-online.target\nAfter=network-online.target\nRequiresMountsFor=/var/run/containers/storage\n\n[Service]\nEnvironment=PODMAN_SYSTEMD_UNIT=%n\nRestart=on-failure\nTimeoutStopSec=70\nExecStart=/usr/bin/podman start network-test\nExecStop=/usr/bin/podman stop -t 10 network-test\nExecStopPost=/usr/bin/podman stop -t 10 network-test\nPIDFile=/var/run/containers/storage/overlay-containers/74c80a6607bc28b33e681c3019001b3b2b98f2e31ead68add8a4e755077bf379/userdata/conmon.pid\nType=forking\n\n[Install]\nWantedBy=default.target\n"}, "stderr": "", "stderr_lines": [], "stdout": "74c80a6607bc28b33e681c3019001b3b2b98f2e31ead68add8a4e755077bf379\n", "stdout_lines": ["74c80a6607bc28b33e681c3019001b3b2b98f2e31ead68add8a4e755077bf379"]}

Additional environment details (AWS, VirtualBox, physical, etc.):

Keeping the playbook simple, it creates the containers as root. However, same results for rootless mode.

lolllpop commented 2 years ago

Many thanks for this quick fix!