search

containers / ansible-podman-collections

Repository for Ansible content that can include playbooks, roles, modules, and plugins for use with the Podman tool
GNU General Public License v3.0
260 stars 141 forks source link

Error: list index out of range in diffparam_healthcheck #598

Closed car51901 closed 1 year ago

car51901 commented 1 year ago

Is this a BUG REPORT or FEATURE REQUEST? (leave only one on its own line)

/kind bug

Description

exception thrown trying to process state of running container, when playbook trying to determine if the container needs to be created. Verified that this happens when the image declares "HEALTHCHECK none" in the dockerfile. Appears the module expects that there's a health check command.

Steps to reproduce the issue:

  1. Create an image, that declares "HEALTHCHECK none" in the docker file, and create image.

  2. Create playbook that uses the podman_container module, don't create/configure any healthcheck properties in the playook

  3. Run the playbook to create container, then run playbook again with running container.

Describe the results you received:

playbook fails, Exception, list index out of range

Describe the results you expected:

expected on 2nd run, no configuration changes made, playbook doesn't change container, completes successfully

Additional information you deem important (e.g. issue happens only occasionally):

Happens when image defined with "healthcheck none". note podman doesn't seem to recognize this either, it creates a systemd healtcheck entry, even though there's actually no healthcheck.

Version of the containers.podman collection: Either git commit if installed from git: git show --summary Or version from ansible-galaxy if installed from galaxy: ansible-galaxy collection list | grep containers.podman

can't run from ansible tower, should be 1.10.1

(paste your output here)

Output of ansible --version:

From Ansible Tower about page
<  Ansible Automation Platform Controller 4.3.6  >

Output of podman version:

podman version 4.4.1

Output of podman info --debug:


host:
  arch: amd64
  buildahVersion: 1.29.0
  cgroupControllers: []
  cgroupManager: cgroupfs
  cgroupVersion: v1
  conmon:
    package: conmon-2.1.6-1.module+el8.8.0+18098+9b44df5f.x86_64
    path: /usr/bin/conmon
    version: 'conmon version 2.1.6, commit: 8c4ab5a095127ecc96ef8a9c885e0e1b14aeb11b'
  cpuUtilization:
    idlePercent: 98.94
    systemPercent: 0.6
    userPercent: 0.46
  cpus: 
  distribution:
    distribution: '"rhel"'
    version: "8.8"
  eventLogger: file
  hostname: s377423dalv
  idMappings:
    gidmap:
    - container_id: 0
      host_id: 1001
      size: 1
    - container_id: 1
      host_id: 165536
      size: 65536
    uidmap:
    - container_id: 0
      host_id: 1001
      size: 1
    - container_id: 1
      host_id: 165536
      size: 65536
  kernel: 4.18.0-477.10.1.el8_8.x86_64
  linkmode: dynamic
  logDriver: k8s-file
  memFree: 30669975552
  memTotal: 33405476864
  networkBackend: cni
  ociRuntime:
    name: runc
    package: runc-1.1.4-1.module+el8.7.0+17824+66a0202b.x86_64
    path: /usr/bin/runc
    version: |-
      runc version 1.1.4
      spec: 1.0.2-dev
      go: go1.18.4
      libseccomp: 2.5.2
  os: linux
  remoteSocket:
    path: /tmp/podman-run-1001/podman/podman.sock
  security:
    apparmorEnabled: false
    capabilities: CAP_SYS_CHROOT,CAP_NET_RAW,CAP_CHOWN,CAP_DAC_OVERRIDE,CAP_FOWNER,CAP_FSETID,CAP_KILL,CAP_NET_BIND_SERVICE,CAP_SETFCAP,CAP_SETGID,CAP_SETPCAP,CAP_SETUID
    rootless: true
    seccompEnabled: true
    seccompProfilePath: /usr/share/containers/seccomp.json
    selinuxEnabled: false
  serviceIsRemote: false
  slirp4netns:
    executable: /bin/slirp4netns
    package: slirp4netns-1.2.0-2.module+el8.8.0+18060+3f21f2cc.x86_64
    version: |-
      slirp4netns version 1.2.0
      commit: 656041d45cfca7a4176f6b7eed9e4fe6c11e8383
      libslirp: 4.4.0
      SLIRP_CONFIG_VERSION_MAX: 3
      libseccomp: 2.5.2
  swapFree: 2147479552
  swapTotal: 2147479552
  uptime: 12h 14m 27.00s (Approximately 0.50 days)
plugins:
  authorization: null
  log:
  - k8s-file
  - none
  - passthrough
  - journald
  network:
  - bridge
  - macvlan
  - ipvlan
  volume:
  - local
registries:
  search:
  - [registry.access.redhat.com](http://registry.access.redhat.com/)
  - [registry.redhat.io](http://registry.redhat.io/)
  - [docker.io](http://docker.io/)
store:
  configFile: /home/appuser/.config/containers/storage.conf
  containerStore:
    number: 1
    paused: 0
    running: 0
    stopped: 1
  graphDriverName: overlay
  graphOptions: {}
  graphRoot: /home/appuser/.local/share/containers/storage
  graphRootAllocated: 10726932480
  graphRootUsed: 817885184
  graphStatus:
    Backing Filesystem: xfs
    Native Overlay Diff: "true"
    Supports d_type: "true"
    Using metacopy: "false"
  imageCopyTmpDir: /var/tmp
  imageStore
    number: 2
  runRoot: /tmp/containers-user-1001/containers
  transientStore: false
  volumePath: /home/appuser/.local/share/containers/storage/volume
version
  APIVersion: 4.4.1
  Built: 1682529191
  BuiltTime: Wed Apr 26 12:13:11 2023
  GitCommit: ""
  GoVersion: go1.19.6
  Os: linu
  OsArch: linux/amd64
  Version: 4.4.1

Package info (e.g. output of rpm -q podman or apt list podman):


podman-4.4.1-12.module+el8.8.0+18735+a32c1292.x86_64

Playbok you run with ansible (e.g. content of playbook.yaml):

- name: create directory ws container
    containers.podman.podman_container:
      name: ws-8493-container
      image: webservices:2023.04.5-SNAPSHOT
      state: started
      detach: true
      recreate: yes
      publish:
        - 8493:8080
      user: 185:0
      volumes:
        - /secrets:/secrets:ro
        - /var/log:/var/log/:rw
      env:
        JAVA_OPTS: >
          -Xms256m -Xmx2048m -Xss256k
          -XX:+HeapDumpOnOutOfMemoryError -Djava.awt.headless=true
          -Duser.timezone=GMT
          -Dspring.config.import=/secrets/gen.properties
        SPRING_PROFILES_ACTIVE: wsdefaults
        LOGGING_APP_INSTANCE: dev2
        LOGGING_APP_ENVIRONMENT: DEV2
        MANAGEMENT_HEALTH_DISKSPACE_ENABLED: false

Command line and output of ansible run with high verbosity

Please NOTE: if you submit a bug about idempotency, run the playbook with --diff option, like:

ansible-playbook -i inventory --diff -vv playbook.yml

An exception occurred during task execution. To see the full traceback, use -vvv. The error was: IndexError: list index out of range

fatal: []: FAILED! => {"changed": false, "module_stderr": "Shared connection to  closed."
, "module_stdout": "Traceback (most recent call last):
  File \"/home/appuser/.ansible/tmp/ansible-tmp-1685716457.3137357-45-90020169821684/AnsiballZ_podman_container.py\", line 107, in <module>
    _ansiballz_main()
  File \"/home/appuser/.ansible/tmp/ansible-tmp-1685716457.3137357-45-90020169821684/AnsiballZ_podman_container.py\", line 99, in _ansiballz_main
    invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\
  File \"/home/appuser/.ansible/tmp/ansible-tmp-1685716457.3137357-45-90020169821684/AnsiballZ_podman_container.py\", line 48, in invoke_module
    run_name='__main__', alter_sys=True)\r\n  File \"/usr/lib64/python3.6/runpy.py\", line 205, in run_module
    return _run_module_code(code, init_globals, run_name, mod_spec)\
  File \"/usr/lib64/python3.6/runpy.py\", line 96, in _run_module_code\r\n    mod_name, mod_spec, pkg_name, script_name)\r\n  File \"/usr/lib64/python3.6/runpy.py\", line 85, in _run_code
    exec(code, run_globals)\r\n  File \"/tmp/ansible_containers.podman.podman_container_payload_ia7g8v7y/ansible_containers.podman.podman_container_payload.zip/ansible_collections/containers/podman/plugins/modules/podman_container.py\", line 1063, in <module>
  File \"/tmp/ansible_containers.podman.podman_container_payload_ia7g8v7y/ansible_containers.podman.podman_container_payload.zip/ansible_collections/containers/podman/plugins/modules/podman_container.py\", line 1058, in main
  File \"/tmp/ansible_containers.podman.podman_container_payload_ia7g8v7y/ansible_containers.podman.podman_container_payload.zip/ansible_collections/containers/podman/plugins/module_utils/podman/podman_container_lib.py\", line 1695, in execute
 File \"/tmp/ansible_containers.podman.podman_container_payload_ia7g8v7y/ansible_containers.podman.podman_container_payload.zip/ansible_collections/containers/podman/plugins/module_utils/podman/podman_container_lib.py\", line 1604, in make_started
  File \"/tmp/ansible_containers.podman.podman_container_payload_ia7g8v7y/ansible_containers.podman.podman_container_payload.zip/ansible_collections/containers/podman/plugins/module_utils/podman/podman_container_lib.py\", line 1372, in different
  File \"/tmp/ansible_containers.podman.podman_container_payload_ia7g8v7y/ansible_containers.podman.podman_container_payload.zip/ansible_collections/containers/podman/plugins/module_utils/podman/podman_container_lib.py\", line 1293, in is_different
  File \"/tmp/ansible_containers.podman.podman_container_payload_ia7g8v7y/ansible_containers.podman.podman_container_payload.zip/ansible_collections/containers/podman/plugins/module_utils/podman/podman_container_lib.py\", line 937, in diffparam_healthcheck
IndexError: list index out of range"
, "msg": "MODULE FAILURE
See stdout/stderr for the exact error", "rc": 1}

Additional environment details (AWS, VirtualBox, physical, etc.):

Ansible Tower, playbook run from an ansible execution environment, podman host is a rhel8 virtual machine (RHEL 8.5)

sshnaidm commented 1 year ago

Looking

sshnaidm commented 1 year ago

@car51901 Can you please provide a Dockerfile and do podman inspect <container_name>?

car51901 commented 1 year ago

dockerfile, note the base image defines "HEALTHCHECK NONE"

FROM dev.registry/common/ubi8-openjdk-11-runtime:1.0.2-332 COPY target/webservices.jar /app.jar ENTRYPOINT ["sh", "-c", "java $JAVA_OPTS -Djava.security.egd=file:/dev/.urandom -jar /app.jar"]

car51901 commented 1 year ago

from container inspect

[ { "Id": "efd56fd0f344651747aa5aeb6da31ee8a2002dcb6cb3cc14b600981ac4e84428", "Created": "2023-06-12T12:18:28.28906165-05:00", "Path": "sh", "Args": [ "-c", "java $JAVA_OPTS -Djava.security.egd=file:/dev/.urandom -jar /app.jar" ], "State": { "OciVersion": "1.1.0-rc.1", "Status": "running", "Running": true, "Paused": false, "Restarting": false, "OOMKilled": false, "Dead": false, "Pid": 4072175, "ConmonPid": 4072164, "ExitCode": 0, "Error": "", "StartedAt": "2023-06-12T12:18:28.479863184-05:00", "FinishedAt": "0001-01-01T00:00:00Z", "Health": { "Status": "", "FailingStreak": 0, "Log": null }, "CgroupPath": "/user.slice/user-1001.slice/session-27437.scope", "CheckpointedAt": "0001-01-01T00:00:00Z", "RestoredAt": "0001-01-01T00:00:00Z" }, "Image": "1e871d881ea853ad65ca0c68afcc40137083563f01d547e3d4ccd86ba249304f", "ImageDigest": "sha256:d3c3ed047f3a322209803f9c7ae461270b121f7bb211c2e1b33f04cb5a16a139", "ImageName": "webservices:2023.04.5-SNAPSHOT", "Rootfs": "", "Pod": "", "RestartCount": 0, "Driver": "overlay", "MountLabel": "", "ProcessLabel": "", "AppArmorProfile": "", "EffectiveCaps": null, "BoundingCaps": [ "CAP_CHOWN", "CAP_DAC_OVERRIDE", "CAP_FOWNER", "CAP_FSETID", "CAP_KILL", "CAP_NET_BIND_SERVICE", "CAP_NET_RAW", "CAP_SETFCAP", "CAP_SETGID", "CAP_SETPCAP", "CAP_SETUID", "CAP_SYS_CHROOT" ], "ExecIDs": [], "Dependencies": [], "NetworkSettings": { "EndpointID": "", "Gateway": "", "IPAddress": "", "IPPrefixLen": 0, "IPv6Gateway": "", "GlobalIPv6Address": "", "GlobalIPv6PrefixLen": 0, "MacAddress": "", "Bridge": "", "SandboxID": "", "HairpinMode": false, "LinkLocalIPv6Address": "", "LinkLocalIPv6PrefixLen": 0, "Ports": { "8080/tcp": [ { "HostIp": "", "HostPort": "8493" } ], "8443/tcp": null }, }, "Namespace": "", "IsInfra": false, "IsService": false, "Config": { "Hostname": "efd56fd0f344", "Domainname": "", "User": "185:0", "AttachStdin": false, "AttachStdout": false, "AttachStderr": false, "Tty": false, "OpenStdin": false, "StdinOnce": false, "Env": [ "JAVA_DATA_DIR=/deployments/data", "maintainer": "Red Hat OpenJDK openjdk@redhat.com", "name": "ubi8/openjdk-11-runtime", "org.jboss.product": "openjdk", "org.jboss.product.openjdk.version": "11", "org.jboss.product.version": "11", "release": "12.1675788327", "summary": "Image for Red Hat OpenShift providing OpenJDK 11 runtime", "url": "https://access.redhat.com/containers/#/registry.access.redhat.com/ubi8/openjdk-11-runtime/images/1.14-12.1675788327", "vcs-ref": "1d6d54438b510cefbe66061c3cf846f0f071658b", "vcs-type": "git", "vendor": "Red Hat, Inc.", "version": "1.14" }, "Annotations": { "io.container.manager": "libpod", "org.opencontainers.image.stopSignal": "15" }, "StopSignal": 15, "Healthcheck": { "Test": [ "NONE" ], "Timeout": 30000000000, "Retries": 3 }, "HealthcheckOnFailureAction": "none", "CreateCommand": [ "podman", "container", "run", "--name", "container", "--detach=True", "--publish", "8493:8080", "--user", "185:0", "--healthcheck-command", "none", "--healthcheck-interval", "disable", ], "Umask": "0022", "Timeout": 0, "StopTimeout": 10, "Passwd": true, "sdNotifyMode": "container" }, "HostConfig": { "CgroupManager": "cgroupfs", "CgroupMode": "host", "ContainerIDFile": "", "LogConfig": { "Type": "k8s-file", "Config": null, "Tag": "", "Size": "0B" }, "NetworkMode": "slirp4netns", "PortBindings": { "8080/tcp": [ { "HostIp": "", "HostPort": "8493" } ] }, "RestartPolicy": { "Name": "", "MaximumRetryCount": 0 }, "AutoRemove": false, "VolumeDriver": "", "VolumesFrom": null, "CapAdd": [], "CapDrop": [], "Dns": [], "DnsOptions": [], "DnsSearch": [], "ExtraHosts": [], "GroupAdd": [], "IpcMode": "shareable", "Cgroup": "", "Cgroups": "default", "Links": null, "OomScoreAdj": 0, "PidMode": "private", "Privileged": false, "PublishAllPorts": false, "ReadonlyRootfs": false, "SecurityOpt": [], "Tmpfs": {}, "UTSMode": "private", "UsernsMode": "", "ShmSize": 65536000, "Runtime": "oci", "ConsoleSize": [ 0, 0 ], "Isolation": "", "CpuShares": 0, "Memory": 0, "NanoCpus": 0, "CgroupParent": "", "BlkioWeight": 0, "BlkioWeightDevice": null, "BlkioDeviceReadBps": null, "BlkioDeviceWriteBps": null, "BlkioDeviceReadIOps": null, "BlkioDeviceWriteIOps": null, "CpuPeriod": 0, "CpuQuota": 0, "CpuRealtimePeriod": 0, "CpuRealtimeRuntime": 0, "CpusetCpus": "", "CpusetMems": "", "Devices": [], "DiskQuota": 0, "KernelMemory": 0, "MemoryReservation": 0, "MemorySwap": 0, "MemorySwappiness": 0, "OomKillDisable": false, "PidsLimit": 0, "Ulimits": [], "CpuCount": 0, "CpuPercent": 0, "IOMaximumIOps": 0, "IOMaximumBandwidth": 0, "CgroupConf": null } } ]

sshnaidm commented 1 year ago

@car51901 can you check please if #618 helps you?